sql-abfragen abstrahiert (27f758e) - webinterface.git

sql-abfragen abstrahiert

bernd commited on 2007-06-18 08:19:16
Zeige 7 geänderte Dateien mit 56 Einfügungen und 200 Löschungen.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@512 87cf0b9e-d624-0410-a070-f6ee81989793

inc/base.php 8ccd085..a2ae0c1
modules/domains/include/domains.php 524d73d..ccec8fb
modules/imap/include/mailaccounts.php f40a4ff..8594774
modules/index/include/newpass.php 6bc4768..81c8368
modules/jabber/include/jabberaccounts.php cd6c0de..fab172d
modules/mysql/include/mysql.php 27f3b9f..ef5e6c7
session/checkuser.php 866823a..ac82d1b

inc/base.php

Zeige Datei @ 27f758e

@@ -2,6 +2,21 @@
 
 require_once('inc/db_connect.php');
 
+
+function db_query($query)
+{
+  DEBUG($query);
+  $result = @mysql_query($query);
+  if (mysql_error())
+  {
+    $error = mysql_error();
+    logger("inc/base.php", "dberror", "mysql error: {$error}");
+    system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.$error.') an einen Administrator.');
+  }
+  return $result; 
+}
+
+
 function logger($scriptname, $scope, $message)
 {
   $user = 'NULL';
@@ -16,12 +31,7 @@ function logger($scriptname, $scope, $message)
   $scope = mysql_real_escape_string($scope);
   $message = mysql_real_escape_string($message);
 
-  $query = "INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');";
-  DEBUG($query);
-  @mysql_query($query);
-  if (mysql_error())
-    system_failure(mysql_error());
-
+  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
 }
 
 

modules/domains/include/domains.php

Zeige Datei @ 27f758e

@@ -16,12 +16,7 @@ function get_domain_names($customerno, $uid = NULL)
   {
     $query .= " kunde={$customerno};";
   }
-  DEBUG('Datenbank-Query (get_domain_names): '.$query."<br />\n");
-
-  $result = @mysql_query($query);
-  if (@mysql_error())
-    system_failure('Die Domains zu Ihrem Account konnten nicht ermittelt werden. Bitte melden Sie diesen Fehler an einen Administrator. Die Fehlermeldung der Datenbank ist: '.mysql_error());
-
+  $result = db_query($query);
   $domains = array();
   DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n");
   if (mysql_num_rows($result) > 0)
@@ -43,9 +38,7 @@ function get_domain_name($domid)
   $domid = (int) $domid;
   static $domainlist = array();
 
-  $query = "SELECT CONCAT_WS('.', domainname, tld) AS domainname FROM kundendaten.domains WHERE id=$domid;";
-  DEBUG($query);
-  $result = mysql_query($query);
+  $result = db_query("SELECT CONCAT_WS('.', domainname, tld) AS domainname FROM kundendaten.domains WHERE id=$domid;");
   if (@mysql_num_rows($result) > 0)
     return mysql_fetch_object($result)->domainname;
   else
@@ -58,9 +51,7 @@ function get_jabberable_domains()
 {
   require_role(ROLE_CUSTOMER);
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
-  $query = "SELECT id, CONCAT_WS('.', domainname, tld) AS name FROM kundendaten.domains WHERE jabber=1 AND kunde={$customerno}";
-  DEBUG($query);
-  $result = mysql_query($query);
+  $result = db_query("SELECT id, CONCAT_WS('.', domainname, tld) AS name FROM kundendaten.domains WHERE jabber=1 AND kunde={$customerno}");
   
   $domains = array(array('id' => 0, 'name' => 'schokokeks.org'));
   if (mysql_num_rows($result) > 0)
@@ -72,30 +63,4 @@ function get_jabberable_domains()
 
 }
 
-
-
-/*
-function get_mail_virtualdomain($domain)
-{
-	$config = array();
-	$lines = file('/home/webadmin/cache/virtualdomains');
-	foreach ($lines as $line)
-	{
-		$line = chop($line);
-		$fields = explode(':', $line, 3);
-		if ($fields[0] == $domain)
-			array_push($config, array('subdomain' => '', 
-						'user' => $fields[1],
-						'prefix' => $fields[2]));
-		if (ereg('^.*\.'.$domain, $fields[0]))
-			array_push($config, array('subdomain' => ereg_replace('^(.*)\.'.$domain, '\1', $fields[0]),
-						'user' => $fields[1],
-						'prefix' => $fields[2]));
-	}
-	return $config;
-}
-*/
-
-
-
 ?>

modules/imap/include/mailaccounts.php

Zeige Datei @ 27f758e

@@ -7,11 +7,7 @@ require_once('inc/base.php');
 function mailaccounts($uid)
 {
   $uid = (int) $uid;
-  $query = "SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid";
-  DEBUG("SQL-Query: {$query}");
-  $result = @mysql_query($query);
-  if (mysql_error())
-    system_failure(mysql_error());
+  $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid");
   DEBUG("Found ".@mysql_num_rows($result)." rows!");
   $accounts = array();
   if (@mysql_num_rows($result) > 0)
@@ -23,8 +19,7 @@ function mailaccounts($uid)
 function get_mailaccount($id)
 {
   $uid = (int) $uid;
-  $query = "SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id";
-  $result = mysql_query($query);
+  $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id");
   DEBUG("Found ".mysql_num_rows($result)." rows!");
   $acc = mysql_fetch_object($result);
   $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
@@ -46,7 +41,7 @@ function encrypt_mail_password($pw)
 function get_domain_id($domain) 
 {
   $domain = mysql_real_escape_string($domain);
-  $result = mysql_query("SELECT id FROM mail.v_domains WHERE domainname = '{$domain}';");
+  $result = db_query("SELECT id FROM mail.v_domains WHERE domainname = '{$domain}';");
   if (mysql_num_rows($result) == 0)
     return NULL;
   return mysql_fetch_object($result)->id;
@@ -82,12 +77,7 @@ function change_mailaccount($id, $arr)
     array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
 
 
-  $query = "UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1";
-  DEBUG("Query: ".$query);
-
-  mysql_query($query);
-  if (mysql_error())
-    system_failure('Beim &Auml;ndern der Account-Daten ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
+  db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1");
   logger("modules/imap/include/mailaccounts.php", "imap", "updated account »{$arr['account']}«");
 
 }
@@ -124,12 +114,7 @@ function create_mailaccount($arr)
     $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
 
 
-  $query = "INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")";
-  DEBUG("Query: ".$query);
-
-  mysql_query($query);
-  if (mysql_error())
-    system_failure('Beim Anlegen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
+  db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
   logger("modules/imap/include/mailaccounts.php", "imap", "created account »{$arr['account']}«");
 
 }
@@ -138,10 +123,7 @@ function create_mailaccount($arr)
 function delete_mailaccount($id)
 {
   $id = (int) $id;
-  $query = "DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1";
-  mysql_query($query);
-  if (mysql_error())
-    system_failure('Beim L&ouml;schen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
+  db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
   logger("modules/imap/include/mailaccounts.php", "imap", "deleted account »{$id}«");
 }
 

modules/index/include/newpass.php

Zeige Datei @ 27f758e

@@ -7,10 +7,7 @@ function customer_has_email($customerno, $email)
 {
   $customerno = (int) $customerno;
   $email = mysql_real_escape_string($email);
-  $query = "SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';";
-  $result = @mysql_query($query);
-  if (mysql_error())
-    system_failure(mysql_error());
+  $result = db_query("SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';");
   return (mysql_num_rows($result) > 0);
 }
 
@@ -20,9 +17,7 @@ function validate_token($customerno, $token)
   expire_tokens();
   $customerno = (int) $customerno;
   $token = mysql_real_escape_string($token);
-  $result = @mysql_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
-  if (mysql_error())
-    system_failure(mysql_error());
+  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
   return (mysql_num_rows($result) > 0);
 }
 
@@ -30,20 +25,20 @@ function validate_token($customerno, $token)
 function expire_tokens()
 {
   $expire = "1 DAY";
-  @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
+  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
 }
 
 function invalidate_customer_token($customerno)
 {
   $customerno = (int) $customerno;
-  @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
+  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
 }
  
 function create_token($customerno)
 {
   $customerno = (int) $customerno;
   expire_tokens();
-  $result = @mysql_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
+  $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
   if (mysql_num_rows($result) > 0)
   {
     $res = mysql_fetch_object($result)->token_create;
@@ -51,10 +46,7 @@ function create_token($customerno)
     return false;
   }
   $token = random_string(10);
-  $query = "UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;";
-  @mysql_query($query);
-  if (mysql_error())
-    system_failure(mysql_error());
+  db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
   return true;
 }
 
@@ -63,9 +55,7 @@ function get_customer_token($customerno)
 {
   $customerno = (int) $customerno;
   expire_tokens();
-  $result = @mysql_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
-  if (mysql_error())
-    system_failure(mysql_error());
+  $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
   if (mysql_num_rows($result) < 1)
     system_failure("Kann das Token nicht auslesen!");
   return mysql_fetch_object($result)->token;

modules/jabber/include/jabberaccounts.php

Zeige Datei @ 27f758e

@@ -8,9 +8,7 @@ require_once("inc/security.php");
 function get_jabber_accounts() {
   require_role(ROLE_CUSTOMER);
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
-  $query = "SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;";
-  DEBUG($query);
-  $result = mysql_query($query);
+  $result = db_query("SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
   $accounts = array();
   if (@mysql_num_rows($result) > 0)
     while ($acc = @mysql_fetch_object($result))
@@ -27,9 +25,7 @@ function get_jabberaccount_details($id)
 
   $id = (int) $id;
 
-  $query = "SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1";
-  DEBUG($query);
-  $result = mysql_query($query);
+  $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
   if (mysql_num_rows($result) != 1)
     system_failure("Invalid account");
   $data = mysql_fetch_assoc($result);
@@ -50,9 +46,7 @@ function create_jabber_account($local, $domain, $password)
   
   if ($domain > 0)
   {
-    $query = "SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};";
-    DEBUG($query);
-    $result = mysql_query($query);
+    $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
     if (mysql_num_rows($result) == 0)
     {
       logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create account for invalid domain »{$domain}«");
@@ -66,18 +60,14 @@ function create_jabber_account($local, $domain, $password)
     $domain = 'NULL';
     $domainquery = 'domain IS NULL'; 
   }
-  $query = "SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}";
-  DEBUG($query);
-  $result = mysql_query($query);
+  $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
   if (mysql_num_rows($result) > 0)
   {
     logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
     system_failure("Diesen Account gibt es bereits!");
   }
 
-  $query = "INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');";
-  DEBUG($query);
-  mysql_query($query);
+  db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
   logger("modules/jabber/include/jabberaccounts.php", "jabber", "created account »{$local}@{$domain}«");
 }
 
@@ -90,9 +80,7 @@ function change_jabber_password($id, $newpass)
   $id = (int) $id;
   $newpass = mysql_real_escape_string( filter_shell( $newpass ) );
   
-  $query = "UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1";
-  DEBUG($query);
-  mysql_query($query);
+  db_query("UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
   logger("modules/jabber/include/jabberaccounts.php", "jabber", "changed password for account  »{$id}«");
 }
 
@@ -105,9 +93,7 @@ function delete_jabber_account($id)
 
   $id = (int) $id;
 
-  $query = "UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1";
-  DEBUG($query);
-  mysql_query($query);
+  db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
   logger("modules/jabber/include/jabberaccounts.php", "jabber", "deleted account »{$id}«");
 }
 

modules/mysql/include/mysql.php

Zeige Datei @ 27f758e

@@ -3,7 +3,7 @@
 function get_mysql_accounts($UID)
 {
   $UID = (int) $UID;
-  $result = mysql_query("SELECT username FROM misc.mysql_accounts WHERE useraccount=$UID");
+  $result = db_query("SELECT username FROM misc.mysql_accounts WHERE useraccount=$UID");
   if (mysql_num_rows($result) == 0)
     return array();
   $list = array();
@@ -17,7 +17,7 @@ function get_mysql_accounts($UID)
 function get_mysql_databases($UID)
 {
   $UID = (int) $UID;
-  $result = mysql_query("SELECT name FROM misc.mysql_database WHERE useraccount=$UID");
+  $result = db_query("SELECT name FROM misc.mysql_database WHERE useraccount=$UID");
   if (mysql_num_rows($result) == 0)
     return array();
   $list = array();
@@ -36,7 +36,7 @@ function get_mysql_access($db, $account)
   if (!is_array($mysql_access))
   {
     $mysql_access = array();
-    $result = mysql_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
+    $result = db_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
     if (mysql_num_rows($result) == 0)
       return false;
     while ($line = mysql_fetch_object($result))
@@ -66,10 +66,7 @@ function set_mysql_access($db, $account, $status)
     $query = "DELETE FROM misc.mysql_access WHERE `database`=(SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1) AND user=(SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid});";
     logger("modules/mysql/include/mysql.php", "mysql", "revoking access on »{$db}« from »{$account}«");
   }
-  DEBUG($query);
-  mysql_query($query);
-  if (mysql_error())
-    system_failure(mysql_error());
+  db_query($query);
 }
 
 
@@ -84,9 +81,7 @@ function create_mysql_account($username)
   $uid = $_SESSION['userinfo']['uid'];
   $username = mysql_real_escape_string($username);
   logger("modules/mysql/include/mysql.php", "mysql", "creating user »{$username}«");
-  mysql_query("INSERT INTO misc.mysql_accounts (username, password, useraccount) VALUES ('$username', '!', $uid);");
-  if (mysql_error())
-    system_failure(mysql_error());
+  db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount) VALUES ('$username', '!', $uid);");
 }
 
 
@@ -95,9 +90,7 @@ function delete_mysql_account($username)
   $username = mysql_real_escape_string($username);
   $uid = $_SESSION['userinfo']['uid'];
   logger("modules/mysql/include/mysql.php", "mysql", "deleting user »{$username}«");
-  mysql_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
-  if (mysql_error())
-    system_failure(mysql_error());
+  db_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
 }
 
 
@@ -112,9 +105,7 @@ function create_mysql_database($dbname)
   $dbname = mysql_real_escape_string($dbname);
   $uid = $_SESSION['userinfo']['uid'];
   logger("modules/mysql/include/mysql.php", "mysql", "creating database »{$dbname}«");
-  mysql_query("INSERT INTO misc.mysql_database (name, useraccount) VALUES ('$dbname', $uid);");
-  if (mysql_error())
-    system_failure(mysql_error());
+  db_query("INSERT INTO misc.mysql_database (name, useraccount) VALUES ('$dbname', $uid);");
 }
 
 
@@ -123,9 +114,7 @@ function delete_mysql_database($dbname)
   $dbname = mysql_real_escape_string($dbname);
   $uid = $_SESSION['userinfo']['uid'];
   logger("modules/mysql/include/mysql.php", "mysql", "removing database »{$dbname}«");
-  mysql_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
-  if (mysql_error())
-    system_failure(mysql_error());
+  db_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
 }
 
 
@@ -150,12 +139,7 @@ function set_mysql_password($username, $password)
   $password = mysql_real_escape_string($password);
   $uid = $_SESSION['userinfo']['uid'];
   logger("modules/mysql/include/mysql.php", "mysql", "updating password for »{$username}«");
-  $query = "UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;";
-  DEBUG($query);
-  mysql_query($query);
-  if (mysql_error())
-    system_failure(mysql_error());
-  
+  db_query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;");
 }
 
 

session/checkuser.php

Zeige Datei @ 27f758e

@@ -23,9 +23,7 @@ function find_role($login, $password)
   $uid = (int) $login;
   if ($uid == 0)
     $uid = 'NULL';
-  $result = @mysql_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;");
-  if (mysql_error())
-    system_failure(mysql_error());
+  $result = db_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;");
   if (@mysql_num_rows($result) > 0)
   {
     $db_password = mysql_fetch_object($result)->password;
@@ -37,9 +35,7 @@ function find_role($login, $password)
   // Customer?
   $customerno = (int) $login;
   $pass = sha1($password);
-  $result = @mysql_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
-  if (mysql_error())
-    system_failure(mysql_error());
+  $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
   if (@mysql_num_rows($result) > 0)
   {
     return ROLE_CUSTOMER;
@@ -54,10 +50,7 @@ function get_customer_info($customerno)
 {
   $ret = array();
   $customerno = (int) $customerno;
-  $query = "SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;";
-  $result = @mysql_query($query);
-  if (mysql_error())
-    system_failure(mysql_error());
+  $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;");
   if (@mysql_num_rows($result) == 0)
     system_failure("Konnte Kundendaten nicht auslesen!");
   $data = mysql_fetch_object($result);
@@ -74,10 +67,7 @@ function get_customer_info($customerno)
 function get_customer_email($customerno)
 {
   $customerno = (int) $customerno;
-  $query = "SELECT wert FROM kundendaten.kundenkontakt WHERE kundennr={$customerno} AND typ='email' LIMIT 1;";
-  $result = @mysql_query($query);
-  if (mysql_error())
-    system_failure(mysql_error());
+  $result = db_query("SELECT wert FROM kundendaten.kundenkontakt WHERE kundennr={$customerno} AND typ='email' LIMIT 1;");
   if (@mysql_num_rows($result) == 0)
     system_failure("Konnte keine E-Mail-Adresse finden!");
   return mysql_fetch_object($result)->wert;
@@ -88,11 +78,8 @@ function get_customer_email($customerno)
 function get_user_info($username)
 {
   $username = mysql_real_escape_string($username);
-  $query = "SELECT kunde AS customerno, username, uid, homedir, name
-            FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1";
-  $result = @mysql_query($query);
-  if (mysql_error())
-    system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
+  $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name
+                      FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1");
   if (mysql_num_rows($result) < 1)
     system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
   $val = @mysql_fetch_object($result);
@@ -109,13 +96,7 @@ function set_customer_password($customerno, $newpass)
 {
   $customerno = (int) $customerno;
   $newpass = sha1($newpass);
-  $query = "UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1";
-  @mysql_query($query);
-  if (mysql_error())
-  {
-    logger("session/checkuser.php", "dberror", "error while changing customer's password. Query was: »$query«");
-    system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
-  }
+  db_query("UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1");
   logger("session/checkuser.php", "pwchange", "changed customer's password.");
 }
 
@@ -126,50 +107,8 @@ function set_systemuser_password($uid, $newpass)
   require_once('inc/base.php');
   $salt = random_string(8);
   $newpass = crypt($newpass, "\$1\${$salt}\$");
-  $query = "UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1";
-  @mysql_query($query);
-  if (mysql_error())
-  {
-    logger("session/checkuser.php", "dberror", "error while changing user's password. Query was: »$query«");
-    system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
-  }
+  db_query("UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1");
   logger("session/checkuser.php", "pwchange", "changed user's password.");
 }
 
-
-/*
-function save_userdata($arr)
-{
-  global $user;
-
-  $rules = array();
-
-  if (isset($arr['email'])) {
-    if (!preg_match('/[a-zA-Z0-9=+._%@-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}/', $arr['email'])) {
-      input_error('Ihre eMail-Adresse enth&auml;lt Syntax-Fehler!');
-      return false;
-    }
-    array_push($rules, "`email`='".$arr['email']."'");
-  }
-
-  if (isset($arr['emergency_email'])) {
-    if ($arr['emergency_email'] == '') {
-      warning("Sie k&ouml;nnen zwar Ihre Notfall-eMail-Adresse l&ouml;schen, allerdings werden Sie dann bei St&ouml;rungen <strong>nicht</strong> mehr benachrichtigt!");
-    }
-    elseif (!preg_match('/[a-zA-Z0-9=+._%@-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}/', $arr['emergency_email'])) {
-      input_error('Ihre eMail-Adresse enth&auml;lt Syntax-Fehler!');
-      return false;
-    }
-    array_push($rules, "`emergency_email`='".$arr['emergency_email']."'");
-  }
-
-  $query = "UPDATE customers SET ".implode(',', $rules)." WHERE id='".$user['customerno']."'";
-  mysql_query($query);
-  if (mysql_error())
-    system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
-  return true;
-}
-
-*/
-
 ?>


...	...	@@ -2,6 +2,21 @@
2	2
3	3	require_once('inc/db_connect.php');
4	4
	5	+
	6	+function db_query($query)
	7	+{
	8	+ DEBUG($query);
	9	+ $result = @mysql_query($query);
	10	+ if (mysql_error())
	11	+ {
	12	+ $error = mysql_error();
	13	+ logger("inc/base.php", "dberror", "mysql error: {$error}");
	14	+ system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.$error.') an einen Administrator.');
	15	+ }
	16	+ return $result;
	17	+}
	18	+
	19	+
5	20	function logger($scriptname, $scope, $message)
6	21	{
7	22	$user = 'NULL';
...	...	@@ -16,12 +31,7 @@ function logger($scriptname, $scope, $message)
16	31	$scope = mysql_real_escape_string($scope);
17	32	$message = mysql_real_escape_string($message);
18	33
19		- $query = "INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');";
20		- DEBUG($query);
21		- @mysql_query($query);
22		- if (mysql_error())
23		- system_failure(mysql_error());
24		-
	34	+ db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
25	35	}
26	36
27	37

...	...	@@ -16,12 +16,7 @@ function get_domain_names($customerno, $uid = NULL)
16	16	{
17	17	$query .= " kunde={$customerno};";
18	18	}
19		- DEBUG('Datenbank-Query (get_domain_names): '.$query."<br />\n");
20		-
21		- $result = @mysql_query($query);
22		- if (@mysql_error())
23		- system_failure('Die Domains zu Ihrem Account konnten nicht ermittelt werden. Bitte melden Sie diesen Fehler an einen Administrator. Die Fehlermeldung der Datenbank ist: '.mysql_error());
24		-
	19	+ $result = db_query($query);
25	20	$domains = array();
26	21	DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n");
27	22	if (mysql_num_rows($result) > 0)
...	...	@@ -43,9 +38,7 @@ function get_domain_name($domid)
43	38	$domid = (int) $domid;
44	39	static $domainlist = array();
45	40
46		- $query = "SELECT CONCAT_WS('.', domainname, tld) AS domainname FROM kundendaten.domains WHERE id=$domid;";
47		- DEBUG($query);
48		- $result = mysql_query($query);
	41	+ $result = db_query("SELECT CONCAT_WS('.', domainname, tld) AS domainname FROM kundendaten.domains WHERE id=$domid;");
49	42	if (@mysql_num_rows($result) > 0)
50	43	return mysql_fetch_object($result)->domainname;
51	44	else
...	...	@@ -58,9 +51,7 @@ function get_jabberable_domains()
58	51	{
59	52	require_role(ROLE_CUSTOMER);
60	53	$customerno = (int) $_SESSION['customerinfo']['customerno'];
61		- $query = "SELECT id, CONCAT_WS('.', domainname, tld) AS name FROM kundendaten.domains WHERE jabber=1 AND kunde={$customerno}";
62		- DEBUG($query);
63		- $result = mysql_query($query);
	54	+ $result = db_query("SELECT id, CONCAT_WS('.', domainname, tld) AS name FROM kundendaten.domains WHERE jabber=1 AND kunde={$customerno}");
64	55
65	56	$domains = array(array('id' => 0, 'name' => 'schokokeks.org'));
66	57	if (mysql_num_rows($result) > 0)
...	...	@@ -72,30 +63,4 @@ function get_jabberable_domains()
72	63
73	64	}
74	65
75		-
76		-
77		-/*
78		-function get_mail_virtualdomain($domain)
79		-{
80		- $config = array();
81		- $lines = file('/home/webadmin/cache/virtualdomains');
82		- foreach ($lines as $line)
83		- {
84		- $line = chop($line);
85		- $fields = explode(':', $line, 3);
86		- if ($fields[0] == $domain)
87		- array_push($config, array('subdomain' => '',
88		- 'user' => $fields[1],
89		- 'prefix' => $fields[2]));
90		- if (ereg('^.*\.'.$domain, $fields[0]))
91		- array_push($config, array('subdomain' => ereg_replace('^(.*)\.'.$domain, '\1', $fields[0]),
92		- 'user' => $fields[1],
93		- 'prefix' => $fields[2]));
94		- }
95		- return $config;
96		-}
97		-*/
98		-
99		-
100		-
101	66	?>

...	...	@@ -7,11 +7,7 @@ require_once('inc/base.php');
7	7	function mailaccounts($uid)
8	8	{
9	9	$uid = (int) $uid;
10		- $query = "SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid";
11		- DEBUG("SQL-Query: {$query}");
12		- $result = @mysql_query($query);
13		- if (mysql_error())
14		- system_failure(mysql_error());
	10	+ $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid");
15	11	DEBUG("Found ".@mysql_num_rows($result)." rows!");
16	12	$accounts = array();
17	13	if (@mysql_num_rows($result) > 0)
...	...	@@ -23,8 +19,7 @@ function mailaccounts($uid)
23	19	function get_mailaccount($id)
24	20	{
25	21	$uid = (int) $uid;
26		- $query = "SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id";
27		- $result = mysql_query($query);
	22	+ $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id");
28	23	DEBUG("Found ".mysql_num_rows($result)." rows!");
29	24	$acc = mysql_fetch_object($result);
30	25	$ret = array('account' => $acc->account, 'mailbox' => $acc->maildir, 'enabled' => ($acc->aktiv == 1));
...	...	@@ -46,7 +41,7 @@ function encrypt_mail_password($pw)
46	41	function get_domain_id($domain)
47	42	{
48	43	$domain = mysql_real_escape_string($domain);
49		- $result = mysql_query("SELECT id FROM mail.v_domains WHERE domainname = '{$domain}';");
	44	+ $result = db_query("SELECT id FROM mail.v_domains WHERE domainname = '{$domain}';");
50	45	if (mysql_num_rows($result) == 0)
51	46	return NULL;
52	47	return mysql_fetch_object($result)->id;
...	...	@@ -82,12 +77,7 @@ function change_mailaccount($id, $arr)
82	77	array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
83	78
84	79
85		- $query = "UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1";
86		- DEBUG("Query: ".$query);
87		-
88		- mysql_query($query);
89		- if (mysql_error())
90		- system_failure('Beim Ändern der Account-Daten ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
	80	+ db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1");
91	81	logger("modules/imap/include/mailaccounts.php", "imap", "updated account »{$arr['account']}«");
92	82
93	83	}
...	...	@@ -124,12 +114,7 @@ function create_mailaccount($arr)
124	114	$values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
125	115
126	116
127		- $query = "INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")";
128		- DEBUG("Query: ".$query);
129		-
130		- mysql_query($query);
131		- if (mysql_error())
132		- system_failure('Beim Anlegen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
	117	+ db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
133	118	logger("modules/imap/include/mailaccounts.php", "imap", "created account »{$arr['account']}«");
134	119
135	120	}
...	...	@@ -138,10 +123,7 @@ function create_mailaccount($arr)
138	123	function delete_mailaccount($id)
139	124	{
140	125	$id = (int) $id;
141		- $query = "DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1";
142		- mysql_query($query);
143		- if (mysql_error())
144		- system_failure('Beim Löschen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
	126	+ db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
145	127	logger("modules/imap/include/mailaccounts.php", "imap", "deleted account »{$id}«");
146	128	}
147	129

...	...	@@ -7,10 +7,7 @@ function customer_has_email($customerno, $email)
7	7	{
8	8	$customerno = (int) $customerno;
9	9	$email = mysql_real_escape_string($email);
10		- $query = "SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';";
11		- $result = @mysql_query($query);
12		- if (mysql_error())
13		- system_failure(mysql_error());
	10	+ $result = db_query("SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';");
14	11	return (mysql_num_rows($result) > 0);
15	12	}
16	13
...	...	@@ -20,9 +17,7 @@ function validate_token($customerno, $token)
20	17	expire_tokens();
21	18	$customerno = (int) $customerno;
22	19	$token = mysql_real_escape_string($token);
23		- $result = @mysql_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
24		- if (mysql_error())
25		- system_failure(mysql_error());
	20	+ $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
26	21	return (mysql_num_rows($result) > 0);
27	22	}
28	23
...	...	@@ -30,20 +25,20 @@ function validate_token($customerno, $token)
30	25	function expire_tokens()
31	26	{
32	27	$expire = "1 DAY";
33		- @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
	28	+ db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
34	29	}
35	30
36	31	function invalidate_customer_token($customerno)
37	32	{
38	33	$customerno = (int) $customerno;
39		- @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
	34	+ db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
40	35	}
41	36
42	37	function create_token($customerno)
43	38	{
44	39	$customerno = (int) $customerno;
45	40	expire_tokens();
46		- $result = @mysql_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
	41	+ $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
47	42	if (mysql_num_rows($result) > 0)
48	43	{
49	44	$res = mysql_fetch_object($result)->token_create;
...	...	@@ -51,10 +46,7 @@ function create_token($customerno)
51	46	return false;
52	47	}
53	48	$token = random_string(10);
54		- $query = "UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;";
55		- @mysql_query($query);
56		- if (mysql_error())
57		- system_failure(mysql_error());
	49	+ db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
58	50	return true;
59	51	}
60	52
...	...	@@ -63,9 +55,7 @@ function get_customer_token($customerno)
63	55	{
64	56	$customerno = (int) $customerno;
65	57	expire_tokens();
66		- $result = @mysql_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
67		- if (mysql_error())
68		- system_failure(mysql_error());
	58	+ $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
69	59	if (mysql_num_rows($result) < 1)
70	60	system_failure("Kann das Token nicht auslesen!");
71	61	return mysql_fetch_object($result)->token;

...	...	@@ -8,9 +8,7 @@ require_once("inc/security.php");
8	8	function get_jabber_accounts() {
9	9	require_role(ROLE_CUSTOMER);
10	10	$customerno = (int) $_SESSION['customerinfo']['customerno'];
11		- $query = "SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;";
12		- DEBUG($query);
13		- $result = mysql_query($query);
	11	+ $result = db_query("SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
14	12	$accounts = array();
15	13	if (@mysql_num_rows($result) > 0)
16	14	while ($acc = @mysql_fetch_object($result))
...	...	@@ -27,9 +25,7 @@ function get_jabberaccount_details($id)
27	25
28	26	$id = (int) $id;
29	27
30		- $query = "SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1";
31		- DEBUG($query);
32		- $result = mysql_query($query);
	28	+ $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
33	29	if (mysql_num_rows($result) != 1)
34	30	system_failure("Invalid account");
35	31	$data = mysql_fetch_assoc($result);
...	...	@@ -50,9 +46,7 @@ function create_jabber_account($local, $domain, $password)
50	46
51	47	if ($domain > 0)
52	48	{
53		- $query = "SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};";
54		- DEBUG($query);
55		- $result = mysql_query($query);
	49	+ $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
56	50	if (mysql_num_rows($result) == 0)
57	51	{
58	52	logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create account for invalid domain »{$domain}«");
...	...	@@ -66,18 +60,14 @@ function create_jabber_account($local, $domain, $password)
66	60	$domain = 'NULL';
67	61	$domainquery = 'domain IS NULL';
68	62	}
69		- $query = "SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}";
70		- DEBUG($query);
71		- $result = mysql_query($query);
	63	+ $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
72	64	if (mysql_num_rows($result) > 0)
73	65	{
74	66	logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
75	67	system_failure("Diesen Account gibt es bereits!");
76	68	}
77	69
78		- $query = "INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');";
79		- DEBUG($query);
80		- mysql_query($query);
	70	+ db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
81	71	logger("modules/jabber/include/jabberaccounts.php", "jabber", "created account »{$local}@{$domain}«");
82	72	}
83	73
...	...	@@ -90,9 +80,7 @@ function change_jabber_password($id, $newpass)
90	80	$id = (int) $id;
91	81	$newpass = mysql_real_escape_string( filter_shell( $newpass ) );
92	82
93		- $query = "UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1";
94		- DEBUG($query);
95		- mysql_query($query);
	83	+ db_query("UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
96	84	logger("modules/jabber/include/jabberaccounts.php", "jabber", "changed password for account »{$id}«");
97	85	}
98	86
...	...	@@ -105,9 +93,7 @@ function delete_jabber_account($id)
105	93
106	94	$id = (int) $id;
107	95
108		- $query = "UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1";
109		- DEBUG($query);
110		- mysql_query($query);
	96	+ db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
111	97	logger("modules/jabber/include/jabberaccounts.php", "jabber", "deleted account »{$id}«");
112	98	}
113	99

...	...	@@ -3,7 +3,7 @@
3	3	function get_mysql_accounts($UID)
4	4	{
5	5	$UID = (int) $UID;
6		- $result = mysql_query("SELECT username FROM misc.mysql_accounts WHERE useraccount=$UID");
	6	+ $result = db_query("SELECT username FROM misc.mysql_accounts WHERE useraccount=$UID");
7	7	if (mysql_num_rows($result) == 0)
8	8	return array();
9	9	$list = array();
...	...	@@ -17,7 +17,7 @@ function get_mysql_accounts($UID)
17	17	function get_mysql_databases($UID)
18	18	{
19	19	$UID = (int) $UID;
20		- $result = mysql_query("SELECT name FROM misc.mysql_database WHERE useraccount=$UID");
	20	+ $result = db_query("SELECT name FROM misc.mysql_database WHERE useraccount=$UID");
21	21	if (mysql_num_rows($result) == 0)
22	22	return array();
23	23	$list = array();
...	...	@@ -36,7 +36,7 @@ function get_mysql_access($db, $account)
36	36	if (!is_array($mysql_access))
37	37	{
38	38	$mysql_access = array();
39		- $result = mysql_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
	39	+ $result = db_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
40	40	if (mysql_num_rows($result) == 0)
41	41	return false;
42	42	while ($line = mysql_fetch_object($result))
...	...	@@ -66,10 +66,7 @@ function set_mysql_access($db, $account, $status)
66	66	$query = "DELETE FROM misc.mysql_access WHERE `database`=(SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1) AND user=(SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid});";
67	67	logger("modules/mysql/include/mysql.php", "mysql", "revoking access on »{$db}« from »{$account}«");
68	68	}
69		- DEBUG($query);
70		- mysql_query($query);
71		- if (mysql_error())
72		- system_failure(mysql_error());
	69	+ db_query($query);
73	70	}
74	71
75	72
...	...	@@ -84,9 +81,7 @@ function create_mysql_account($username)
84	81	$uid = $_SESSION['userinfo']['uid'];
85	82	$username = mysql_real_escape_string($username);
86	83	logger("modules/mysql/include/mysql.php", "mysql", "creating user »{$username}«");
87		- mysql_query("INSERT INTO misc.mysql_accounts (username, password, useraccount) VALUES ('$username', '!', $uid);");
88		- if (mysql_error())
89		- system_failure(mysql_error());
	84	+ db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount) VALUES ('$username', '!', $uid);");
90	85	}
91	86
92	87
...	...	@@ -95,9 +90,7 @@ function delete_mysql_account($username)
95	90	$username = mysql_real_escape_string($username);
96	91	$uid = $_SESSION['userinfo']['uid'];
97	92	logger("modules/mysql/include/mysql.php", "mysql", "deleting user »{$username}«");
98		- mysql_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
99		- if (mysql_error())
100		- system_failure(mysql_error());
	93	+ db_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
101	94	}
102	95
103	96
...	...	@@ -112,9 +105,7 @@ function create_mysql_database($dbname)
112	105	$dbname = mysql_real_escape_string($dbname);
113	106	$uid = $_SESSION['userinfo']['uid'];
114	107	logger("modules/mysql/include/mysql.php", "mysql", "creating database »{$dbname}«");
115		- mysql_query("INSERT INTO misc.mysql_database (name, useraccount) VALUES ('$dbname', $uid);");
116		- if (mysql_error())
117		- system_failure(mysql_error());
	108	+ db_query("INSERT INTO misc.mysql_database (name, useraccount) VALUES ('$dbname', $uid);");
118	109	}
119	110
120	111
...	...	@@ -123,9 +114,7 @@ function delete_mysql_database($dbname)
123	114	$dbname = mysql_real_escape_string($dbname);
124	115	$uid = $_SESSION['userinfo']['uid'];
125	116	logger("modules/mysql/include/mysql.php", "mysql", "removing database »{$dbname}«");
126		- mysql_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
127		- if (mysql_error())
128		- system_failure(mysql_error());
	117	+ db_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
129	118	}
130	119
131	120
...	...	@@ -150,12 +139,7 @@ function set_mysql_password($username, $password)
150	139	$password = mysql_real_escape_string($password);
151	140	$uid = $_SESSION['userinfo']['uid'];
152	141	logger("modules/mysql/include/mysql.php", "mysql", "updating password for »{$username}«");
153		- $query = "UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;";
154		- DEBUG($query);
155		- mysql_query($query);
156		- if (mysql_error())
157		- system_failure(mysql_error());
158		-
	142	+ db_query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;");
159	143	}
160	144
161	145

...	...	@@ -23,9 +23,7 @@ function find_role($login, $password)
23	23	$uid = (int) $login;
24	24	if ($uid == 0)
25	25	$uid = 'NULL';
26		- $result = @mysql_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;");
27		- if (mysql_error())
28		- system_failure(mysql_error());
	26	+ $result = db_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;");
29	27	if (@mysql_num_rows($result) > 0)
30	28	{
31	29	$db_password = mysql_fetch_object($result)->password;
...	...	@@ -37,9 +35,7 @@ function find_role($login, $password)
37	35	// Customer?
38	36	$customerno = (int) $login;
39	37	$pass = sha1($password);
40		- $result = @mysql_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
41		- if (mysql_error())
42		- system_failure(mysql_error());
	38	+ $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
43	39	if (@mysql_num_rows($result) > 0)
44	40	{
45	41	return ROLE_CUSTOMER;
...	...	@@ -54,10 +50,7 @@ function get_customer_info($customerno)
54	50	{
55	51	$ret = array();
56	52	$customerno = (int) $customerno;
57		- $query = "SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;";
58		- $result = @mysql_query($query);
59		- if (mysql_error())
60		- system_failure(mysql_error());
	53	+ $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;");
61	54	if (@mysql_num_rows($result) == 0)
62	55	system_failure("Konnte Kundendaten nicht auslesen!");
63	56	$data = mysql_fetch_object($result);
...	...	@@ -74,10 +67,7 @@ function get_customer_info($customerno)
74	67	function get_customer_email($customerno)
75	68	{
76	69	$customerno = (int) $customerno;
77		- $query = "SELECT wert FROM kundendaten.kundenkontakt WHERE kundennr={$customerno} AND typ='email' LIMIT 1;";
78		- $result = @mysql_query($query);
79		- if (mysql_error())
80		- system_failure(mysql_error());
	70	+ $result = db_query("SELECT wert FROM kundendaten.kundenkontakt WHERE kundennr={$customerno} AND typ='email' LIMIT 1;");
81	71	if (@mysql_num_rows($result) == 0)
82	72	system_failure("Konnte keine E-Mail-Adresse finden!");
83	73	return mysql_fetch_object($result)->wert;
...	...	@@ -88,11 +78,8 @@ function get_customer_email($customerno)
88	78	function get_user_info($username)
89	79	{
90	80	$username = mysql_real_escape_string($username);
91		- $query = "SELECT kunde AS customerno, username, uid, homedir, name
92		- FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1";
93		- $result = @mysql_query($query);
94		- if (mysql_error())
95		- system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
	81	+ $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name
	82	+ FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1");
96	83	if (mysql_num_rows($result) < 1)
97	84	system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
98	85	$val = @mysql_fetch_object($result);
...	...	@@ -109,13 +96,7 @@ function set_customer_password($customerno, $newpass)
109	96	{
110	97	$customerno = (int) $customerno;
111	98	$newpass = sha1($newpass);
112		- $query = "UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1";
113		- @mysql_query($query);
114		- if (mysql_error())
115		- {
116		- logger("session/checkuser.php", "dberror", "error while changing customer's password. Query was: »$query«");
117		- system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
118		- }
	99	+ db_query("UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1");
119	100	logger("session/checkuser.php", "pwchange", "changed customer's password.");
120	101	}
121	102
...	...	@@ -126,50 +107,8 @@ function set_systemuser_password($uid, $newpass)
126	107	require_once('inc/base.php');
127	108	$salt = random_string(8);
128	109	$newpass = crypt($newpass, "\$1\${$salt}\$");
129		- $query = "UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1";
130		- @mysql_query($query);
131		- if (mysql_error())
132		- {
133		- logger("session/checkuser.php", "dberror", "error while changing user's password. Query was: »$query«");
134		- system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
135		- }
	110	+ db_query("UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1");
136	111	logger("session/checkuser.php", "pwchange", "changed user's password.");
137	112	}
138	113
139		-
140		-/*
141		-function save_userdata($arr)
142		-{
143		- global $user;
144		-
145		- $rules = array();
146		-
147		- if (isset($arr['email'])) {
148		- if (!preg_match('/[a-zA-Z0-9=+._%@-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}/', $arr['email'])) {
149		- input_error('Ihre eMail-Adresse enthält Syntax-Fehler!');
150		- return false;
151		- }
152		- array_push($rules, "`email`='".$arr['email']."'");
153		- }
154		-
155		- if (isset($arr['emergency_email'])) {
156		- if ($arr['emergency_email'] == '') {
157		- warning("Sie können zwar Ihre Notfall-eMail-Adresse löschen, allerdings werden Sie dann bei Störungen <strong>nicht</strong> mehr benachrichtigt!");
158		- }
159		- elseif (!preg_match('/[a-zA-Z0-9=+._%@-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}/', $arr['emergency_email'])) {
160		- input_error('Ihre eMail-Adresse enthält Syntax-Fehler!');
161		- return false;
162		- }
163		- array_push($rules, "`emergency_email`='".$arr['emergency_email']."'");
164		- }
165		-
166		- $query = "UPDATE customers SET ".implode(',', $rules)." WHERE id='".$user['customerno']."'";
167		- mysql_query($query);
168		- if (mysql_error())
169		- system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
170		- return true;
171		-}
172		-
173		-*/
174		-
175	114	?>
176	115