email-Modul auf prepared-statements umgestellt
Bernd Wurst commited on 2014-02-01 19:30:11
Zeige 1 geänderte Dateien mit 75 Einfügungen und 73 Löschungen.
- modules/email/include/vmail.php c32e2ec..4192782
| ... | ... |
@@ -59,7 +59,7 @@ Ihre E-Mail wird nicht weitergeleitet.', |
| 59 | 59 |
function get_vmail_id_by_emailaddr($emailaddr) |
| 60 | 60 |
{
|
| 61 | 61 |
$emailaddr = db_escape_string( $emailaddr ); |
| 62 |
- $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'");
|
|
| 62 |
+ $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = ?", array($emailaddr));
|
|
| 63 | 63 |
$entry = $result->fetch(); |
| 64 | 64 |
return (int) $entry['id']; |
| 65 | 65 |
} |
| ... | ... |
@@ -69,11 +69,13 @@ function get_account_details($id, $checkuid = true) |
| 69 | 69 |
$id = (int) $id; |
| 70 | 70 |
$uid_check = ''; |
| 71 | 71 |
DEBUG("checkuid: ".$checkuid);
|
| 72 |
+ $args = array(":id" => $id);
|
|
| 72 | 73 |
if ($checkuid) {
|
| 73 | 74 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 74 |
- $uid_check = "useraccount='{$uid}' AND ";
|
|
| 75 |
+ $uid_check = "useraccount=:uid AND "; |
|
| 76 |
+ $args[":uid"] = $uid; |
|
| 75 | 77 |
} |
| 76 |
- $result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1");
|
|
| 78 |
+ $result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id=:id LIMIT 1", $args);
|
|
| 77 | 79 |
if ($result->rowCount() == 0) |
| 78 | 80 |
system_failure('Ungültige ID oder kein eigener Account');
|
| 79 | 81 |
$acc = empty_account(); |
| ... | ... |
@@ -84,13 +86,13 @@ function get_account_details($id, $checkuid = true) |
| 84 | 86 |
$acc[$key] = $value; |
| 85 | 87 |
} |
| 86 | 88 |
if ($acc['forwards'] > 0) {
|
| 87 |
- $result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};");
|
|
| 89 |
+ $result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account=?", array($acc['id']));
|
|
| 88 | 90 |
while ($item = $result->fetch()){
|
| 89 | 91 |
array_push($acc['forwards'], array("id" => $item['id'], 'spamfilter' => $item['spamfilter'], 'destination' => $item['destination']));
|
| 90 | 92 |
} |
| 91 | 93 |
} |
| 92 | 94 |
if ($acc['autoresponder'] > 0) {
|
| 93 |
- $result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}");
|
|
| 95 |
+ $result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account=?", array($acc['id']));
|
|
| 94 | 96 |
$item = $result->fetch(); |
| 95 | 97 |
DEBUG($item); |
| 96 | 98 |
$acc['autoresponder'] = $item; |
| ... | ... |
@@ -106,7 +108,7 @@ function get_account_details($id, $checkuid = true) |
| 106 | 108 |
function get_vmail_accounts() |
| 107 | 109 |
{
|
| 108 | 110 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 109 |
- $result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC");
|
|
| 111 |
+ $result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount=? ORDER BY domainname,local ASC", array($uid));
|
|
| 110 | 112 |
$ret = array(); |
| 111 | 113 |
while ($line = $result->fetch()) |
| 112 | 114 |
{
|
| ... | ... |
@@ -121,7 +123,7 @@ function get_vmail_accounts() |
| 121 | 123 |
function get_vmail_domains() |
| 122 | 124 |
{
|
| 123 | 125 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 124 |
- $result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname");
|
|
| 126 |
+ $result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount=? ORDER BY domainname", array($uid));
|
|
| 125 | 127 |
if ($result->rowCount() == 0) |
| 126 | 128 |
system_failure('Sie haben keine Domains für virtuelle Mail-Verarbeitung');
|
| 127 | 129 |
$ret = array(); |
| ... | ... |
@@ -141,7 +143,7 @@ function find_account_id($accname) |
| 141 | 143 |
system_failure("Der Account hat nicht die korrekte Syntax");
|
| 142 | 144 |
list( $local, $domainname) = $tmp; |
| 143 | 145 |
|
| 144 |
- $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1");
|
|
| 146 |
+ $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local=? AND domainname=? LIMIT 1", array($local, $domainname));
|
|
| 145 | 147 |
if ($result->rowCount() == 0) |
| 146 | 148 |
system_failure("Der Account konnte nicht gefunden werden");
|
| 147 | 149 |
$tmp = $result->fetch(); |
| ... | ... |
@@ -152,8 +154,8 @@ function find_account_id($accname) |
| 152 | 154 |
function change_vmail_password($accname, $newpass) |
| 153 | 155 |
{
|
| 154 | 156 |
$accid = find_account_id($accname); |
| 155 |
- $encpw = db_escape_string(encrypt_mail_password($newpass)); |
|
| 156 |
- db_query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;");
|
|
| 157 |
+ $encpw = encrypt_mail_password($newpass); |
|
| 158 |
+ db_query("UPDATE mail.vmail_accounts SET password=:encpw WHERE id=:accid", array(":encpw" => $encpw, ":accid" => $accid));
|
|
| 157 | 159 |
} |
| 158 | 160 |
|
| 159 | 161 |
|
| ... | ... |
@@ -176,7 +178,7 @@ function domainselect($selected = NULL, $selectattribute = '') |
| 176 | 178 |
function get_max_mailboxquota($server, $oldquota) {
|
| 177 | 179 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 178 | 180 |
$server = (int) $server; |
| 179 |
- $result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'");
|
|
| 181 |
+ $result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid=:uid AND server=:server", array(":uid" => $uid, ":server" => $server));
|
|
| 180 | 182 |
$item = $result->fetch(); |
| 181 | 183 |
DEBUG("Free space: ".$item['free']." / Really: ".($item['free'] + ($oldquota - config('vmail_basequota'))));
|
| 182 | 184 |
return $item['free'] + ($oldquota - config('vmail_basequota'));
|
| ... | ... |
@@ -256,7 +258,7 @@ function save_vmail_account($account) |
| 256 | 258 |
$password = NULL; |
| 257 | 259 |
$set_password = false; |
| 258 | 260 |
} else {
|
| 259 |
- $password='NULL'; |
|
| 261 |
+ $password= NULL; |
|
| 260 | 262 |
if ($account['password'] != '') |
| 261 | 263 |
{
|
| 262 | 264 |
$account['password'] = stripslashes($account['password']); |
| ... | ... |
@@ -266,25 +268,25 @@ function save_vmail_account($account) |
| 266 | 268 |
system_failure('Ihr Passwort ist zu einfach. bitte wählen Sie ein sicheres Passwort!'."\nDie Fehlermeldung lautet: »{$crack}«");
|
| 267 | 269 |
return false; |
| 268 | 270 |
} |
| 269 |
- $password = "'".encrypt_mail_password($account['password'])."'"; |
|
| 271 |
+ $password = encrypt_mail_password($account['password']); |
|
| 270 | 272 |
} |
| 271 |
- $set_password = ($id == NULL || $password != 'NULL'); |
|
| 273 |
+ $set_password = ($id == NULL || $password != NULL); |
|
| 272 | 274 |
if ($account['password'] === NULL) {
|
| 273 | 275 |
$set_password=true; |
| 274 | 276 |
} |
| 275 | 277 |
} |
| 276 | 278 |
|
| 277 |
- $spam = 'NULL'; |
|
| 279 |
+ $spam = NULL; |
|
| 278 | 280 |
switch ($account['spamfilter']) |
| 279 | 281 |
{
|
| 280 | 282 |
case 'folder': |
| 281 |
- $spam = "'folder'"; |
|
| 283 |
+ $spam = "folder"; |
|
| 282 | 284 |
break; |
| 283 | 285 |
case 'tag': |
| 284 |
- $spam = "'tag'"; |
|
| 286 |
+ $spam = "tag"; |
|
| 285 | 287 |
break; |
| 286 | 288 |
case 'delete': |
| 287 |
- $spam = "'delete'"; |
|
| 289 |
+ $spam = "delete"; |
|
| 288 | 290 |
break; |
| 289 | 291 |
} |
| 290 | 292 |
|
| ... | ... |
@@ -313,69 +315,69 @@ function save_vmail_account($account) |
| 313 | 315 |
$account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] ); |
| 314 | 316 |
} |
| 315 | 317 |
|
| 316 |
- $account['local'] = db_escape_string(strtolower($account['local'])); |
|
| 317 |
- $account['password'] = db_escape_string($account['password']); |
|
| 318 |
+ $account['local'] = strtolower($account['local']); |
|
| 318 | 319 |
$account['spamexpire'] = (int) $account['spamexpire']; |
| 319 | 320 |
|
| 321 |
+ $args = array(":local" => $account['local'],
|
|
| 322 |
+ ":domain" => $account['domain'], |
|
| 323 |
+ ":password" => $password, |
|
| 324 |
+ ":spamfilter" => $spam, |
|
| 325 |
+ ":spamexpire" => $account['spamexpire'], |
|
| 326 |
+ ":quota" => $account['quota'], |
|
| 327 |
+ ":quota_threshold" => $account['quota_threshold'], |
|
| 328 |
+ ":id" => $id |
|
| 329 |
+ ); |
|
| 320 | 330 |
$query = ''; |
| 321 | 331 |
if ($newaccount) |
| 322 | 332 |
{
|
| 323 |
- $query = "INSERT INTO mail.vmail_accounts (local, domain, spamfilter, spamexpire, password, quota, quota_threshold) VALUES "; |
|
| 324 |
- $query .= "('{$account['local']}', {$account['domain']}, {$spam}, {$account['spamexpire']}, {$password}, {$account['quota']}, {$account['quota_threshold']});";
|
|
| 325 |
- db_query($query); |
|
| 326 |
- $id = mysql_insert_id(); |
|
| 327 |
- } |
|
| 328 |
- else |
|
| 329 |
- {
|
|
| 333 |
+ unset($args[":id"]); |
|
| 334 |
+ $query = "INSERT INTO mail.vmail_accounts (local, domain, spamfilter, spamexpire, password, quota, quota_threshold) VALUES (:local, :domain, :spamfilter, :spamexpire, :password, :quota, :quota_threshold)"; |
|
| 335 |
+ } else {
|
|
| 330 | 336 |
if ($set_password) |
| 331 |
- $password=", password={$password}";
|
|
| 332 |
- else |
|
| 333 |
- $password=''; |
|
| 334 |
- $query = "UPDATE mail.vmail_accounts SET local='{$account['local']}', domain={$account['domain']}{$password}, ";
|
|
| 335 |
- $query .= "spamfilter={$spam}, spamexpire={$account['spamexpire']}, quota={$account['quota']}, quota_threshold={$account['quota_threshold']} ";
|
|
| 336 |
- $query .= "WHERE id={$id} LIMIT 1;";
|
|
| 337 |
- db_query($query); |
|
| 337 |
+ $pw=", password=:password"; |
|
| 338 |
+ else {
|
|
| 339 |
+ unset($args[":password"]); |
|
| 340 |
+ $pw=''; |
|
| 341 |
+ } |
|
| 342 |
+ $query = "UPDATE mail.vmail_accounts SET local=:local, domain=:domain{$pw}, spamfilter=:spamfilter, spamexpire=:spamexpire, quota=:quota, quota_threshold=:quota_threshold WHERE id=:id";
|
|
| 343 |
+ } |
|
| 344 |
+ db_query($query, $args); |
|
| 345 |
+ if ($newaccount) {
|
|
| 346 |
+ $id = db_insert_id(); |
|
| 338 | 347 |
} |
| 339 | 348 |
|
| 340 | 349 |
if (is_array($account['autoresponder'])) {
|
| 341 | 350 |
$ar = $account['autoresponder']; |
| 342 |
- $valid_from = maybe_null($ar['valid_from']); |
|
| 343 |
- $valid_until = maybe_null($ar['valid_until']); |
|
| 344 |
- $fromname = maybe_null( db_escape_string($ar['fromname']) ); |
|
| 345 |
- $fromaddr = NULL; |
|
| 346 |
- if ($ar['fromaddr']) {
|
|
| 347 |
- $fromaddr = db_escape_string(check_emailaddr($ar['fromaddr'])); |
|
| 348 |
- } |
|
| 349 |
- $fromaddr = maybe_null( $fromaddr ); |
|
| 350 |
- $subject = maybe_null( db_escape_string($ar['subject'])); |
|
| 351 |
- $message = db_escape_string($ar['message']); |
|
| 352 |
- $quote = "'inline'"; |
|
| 351 |
+ $quote = "inline"; |
|
| 353 | 352 |
if ($ar['quote'] == 'attach') |
| 354 |
- $quote = "'attach'"; |
|
| 353 |
+ $quote = "attach"; |
|
| 355 | 354 |
elseif ($ar['quote'] == NULL) |
| 356 |
- $quote = 'NULL'; |
|
| 357 |
- db_query("REPLACE INTO mail.vmail_autoresponder (account, valid_from, valid_until, fromname, fromaddr, subject, message, quote) ".
|
|
| 358 |
- "VALUES ({$id}, {$valid_from}, {$valid_until}, {$fromname}, {$fromaddr}, {$subject}, '{$message}', {$quote})");
|
|
| 355 |
+ $quote = NULL; |
|
| 356 |
+ $query = "REPLACE INTO mail.vmail_autoresponder (account, valid_from, valid_until, fromname, fromaddr, subject, message, quote) ". |
|
| 357 |
+ "VALUES (:id, :valid_from, :valid_until, :fromname, :fromaddr, :subject, :message, :quote)"; |
|
| 358 |
+ $args = array(":id" => $id,
|
|
| 359 |
+ ":valid_from" => $ar['valid_from'], |
|
| 360 |
+ ":valid_until" => $ar['valid_until'], |
|
| 361 |
+ ":fromname" => $ar['fromname'], |
|
| 362 |
+ ":fromaddr" => check_emailaddr($ar['fromaddr']), |
|
| 363 |
+ ":subject" => $ar['subject'], |
|
| 364 |
+ ":message" => $ar['message'], |
|
| 365 |
+ ":quote" => $quote); |
|
| 366 |
+ db_query($query, $args); |
|
| 359 | 367 |
} |
| 360 | 368 |
|
| 361 | 369 |
|
| 362 | 370 |
|
| 363 | 371 |
if (! $newaccount) |
| 364 |
- db_query("DELETE FROM mail.vmail_forward WHERE account={$id}");
|
|
| 372 |
+ db_query("DELETE FROM mail.vmail_forward WHERE account=?", array($id));
|
|
| 365 | 373 |
|
| 366 | 374 |
if (count($account['forwards']) > 0) |
| 367 | 375 |
{
|
| 368 |
- $forward_query = "INSERT INTO mail.vmail_forward (account,spamfilter,destination) VALUES "; |
|
| 369 |
- $first = true; |
|
| 376 |
+ $forward_query = "INSERT INTO mail.vmail_forward (account,spamfilter,destination) VALUES (:account, :spamfilter, :destination)"; |
|
| 370 | 377 |
for ($i=0;$i < count($account['forwards']); $i++) |
| 371 | 378 |
{
|
| 372 |
- if ($first) |
|
| 373 |
- $first = false; |
|
| 374 |
- else |
|
| 375 |
- $forward_query .= ', '; |
|
| 376 |
- $forward_query .= "({$id}, ".maybe_null($account['forwards'][$i]['spamfilter']).", '{$account['forwards'][$i]['destination']}')";
|
|
| 379 |
+ db_query($forward_query, array(":id" => $id, ":spamfilter" => $account['forwards'][$i]['spamfilter'], ":destination" => $account['forwards'][$i]['destination']));
|
|
| 377 | 380 |
} |
| 378 |
- db_query($forward_query); |
|
| 379 | 381 |
} |
| 380 | 382 |
if ($newaccount && $password != 'NULL') |
| 381 | 383 |
{
|
| ... | ... |
@@ -416,10 +418,10 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können? |
| 416 | 418 |
// Update Mail-Quota-Cache |
| 417 | 419 |
if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
|
| 418 | 420 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 419 |
- $result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server");
|
|
| 421 |
+ $result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=? GROUP BY useraccount, server", array($uid));
|
|
| 420 | 422 |
while ($line = $result->fetch()) {
|
| 421 | 423 |
if ($line['quota'] !== NULL) {
|
| 422 |
- db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')");
|
|
| 424 |
+ db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES (:uid, :server, :quota, :used)", array(":uid" => $line['useraccount'], ":server" => $line['server'], ":quota" => $line['quota'], ":used" => $line['used']));
|
|
| 423 | 425 |
} |
| 424 | 426 |
} |
| 425 | 427 |
} |
| ... | ... |
@@ -432,7 +434,7 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können? |
| 432 | 434 |
function delete_account($id) |
| 433 | 435 |
{
|
| 434 | 436 |
$account = get_account_details($id); |
| 435 |
- db_query("DELETE FROM mail.vmail_accounts WHERE id={$account['id']};");
|
|
| 437 |
+ db_query("DELETE FROM mail.vmail_accounts WHERE id=?", array($account['id']));
|
|
| 436 | 438 |
} |
| 437 | 439 |
|
| 438 | 440 |
|
| ... | ... |
@@ -445,7 +447,7 @@ function domainsettings($only_domain=NULL) {
|
| 445 | 447 |
$subdomains = array(); |
| 446 | 448 |
|
| 447 | 449 |
// Domains |
| 448 |
- $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);");
|
|
| 450 |
+ $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount=:uid OR m.uid=:uid ORDER BY CONCAT_WS('.',d.domainname,d.tld);", array(":uid" => $uid));
|
|
| 449 | 451 |
|
| 450 | 452 |
while ($mydom = $result->fetch()) {
|
| 451 | 453 |
if (! array_key_exists($mydom['id'], $domains)) {
|
| ... | ... |
@@ -462,7 +464,7 @@ function domainsettings($only_domain=NULL) {
|
| 462 | 464 |
} |
| 463 | 465 |
|
| 464 | 466 |
// Subdomains |
| 465 |
- $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};");
|
|
| 467 |
+ $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount=:uid OR m.uid=:uid;", array(":uid" => $uid));
|
|
| 466 | 468 |
while ($mydom = $result->fetch()) {
|
| 467 | 469 |
if (! array_key_exists($mydom['id'], $subdomains)) |
| 468 | 470 |
$subdomains[$mydom['id']] = array(); |
| ... | ... |
@@ -482,7 +484,7 @@ function domainsettings($only_domain=NULL) {
|
| 482 | 484 |
function domain_has_vmail_accounts($domid) |
| 483 | 485 |
{
|
| 484 | 486 |
$domid = (int) $domid; |
| 485 |
- $result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}");
|
|
| 487 |
+ $result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain=?", array($domid));
|
|
| 486 | 488 |
return ($result->rowCount() > 0); |
| 487 | 489 |
} |
| 488 | 490 |
|
| ... | ... |
@@ -502,20 +504,20 @@ function change_domain($id, $type) |
| 502 | 504 |
system_failure('Domain ist bereits so konfiguriert');
|
| 503 | 505 |
|
| 504 | 506 |
if ($type == 'none') {
|
| 505 |
- db_query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;");
|
|
| 506 |
- db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
|
|
| 507 |
- db_query("UPDATE kundendaten.domains SET mail='none', lastchange=NOW() WHERE id={$id} LIMIT 1;");
|
|
| 507 |
+ db_query("DELETE FROM mail.virtual_mail_domains WHERE domain=? AND hostname IS NULL", array($id));
|
|
| 508 |
+ db_query("DELETE FROM mail.custom_mappings WHERE domain=? AND subdomain IS NULL", array($id));
|
|
| 509 |
+ db_query("UPDATE kundendaten.domains SET mail='none', lastchange=NOW() WHERE id=?", array($id));
|
|
| 508 | 510 |
} |
| 509 | 511 |
elseif ($type == 'virtual') {
|
| 510 | 512 |
$vmailserver = (int) $_SESSION['userinfo']['server']; |
| 511 |
- db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
|
|
| 512 |
- db_query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;");
|
|
| 513 |
- db_query("INSERT INTO mail.virtual_mail_domains (domain, server) VALUES ({$id}, {$vmailserver});");
|
|
| 513 |
+ db_query("DELETE FROM mail.custom_mappings WHERE domain=? AND subdomain IS NULL", array($id));
|
|
| 514 |
+ db_query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id=?", array($id));
|
|
| 515 |
+ db_query("INSERT INTO mail.virtual_mail_domains (domain, server) VALUES (?, ?)", array($id, $vmailserver));
|
|
| 514 | 516 |
} |
| 515 | 517 |
elseif ($type == 'auto') {
|
| 516 |
- db_query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;");
|
|
| 517 |
- db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
|
|
| 518 |
- db_query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;");
|
|
| 518 |
+ db_query("DELETE FROM mail.virtual_mail_domains WHERE domain=? AND hostname IS NULL LIMIT 1;", array($id));
|
|
| 519 |
+ db_query("DELETE FROM mail.custom_mappings WHERE domain=? AND subdomain IS NULL LIMIT 1;", array($id));
|
|
| 520 |
+ db_query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id=? LIMIT 1;", array($id));
|
|
| 519 | 521 |
} |
| 520 | 522 |
} |
| 521 | 523 |
|
| 522 | 524 |