Umstellung auf mysqli
Bernd Wurst

Bernd Wurst commited on 2013-09-19 06:31:27
Zeige 38 geänderte Dateien mit 703 Einfügungen und 659 Löschungen.

... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = DB::escape(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44
-	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
44
+	$result = DB::query($query);
45
+	if ($result->num_rows < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch_assoc()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = DB::escape(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44
-	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
44
+	$result = DB::query($query);
45
+	if ($result->num_rows < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch_assoc()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
... ...
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('inc/db.php');
18 18
 require_once('inc/base.php');
19 19
 require_once('inc/debug.php');
20 20
 
... ...
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('inc/db.php');
18 18
 require_once('inc/base.php');
19 19
 require_once('inc/debug.php');
20 20
 
... ...
@@ -42,7 +42,7 @@ class Domain extends KeksData
42 42
 
43 43
   function loadByName($name)
44 44
   {
45
-    $name = mysql_real_escape_string($name);
45
+    $name = DB::escape($name);
46 46
     $res = $this->getData("*", "CONCAT_WS('.', domainname, tld)='{$name}' LIMIT 1");
47 47
     if (count($res) < 1)
48 48
       return false;
... ...
@@ -110,11 +110,11 @@ function get_domain_list($customerno, $uid = NULL)
110 110
     $query .= " kunde={$customerno}";
111 111
   }
112 112
   $query .= " ORDER BY domainname,tld";
113
-  $result = db_query($query);
113
+  $result = DB::query($query);
114 114
   $domains = array();
115
-  DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n");
116
-  if (mysql_num_rows($result) > 0)
117
-    while ($domain = mysql_fetch_object($result))
115
+  DEBUG('Result set is '.$result->num_rows." rows.<br />\n");
116
+  if ($result->num_rows > 0)
117
+    while ($domain = $result->fetch_object())
118 118
       array_push($domains, new Domain((int) $domain->id));
119 119
   DEBUG($domains);
120 120
 	return $domains;	
... ...
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('inc/db.php');
18 18
 require_once('inc/base.php');
19 19
 require_once('inc/debug.php');
20 20
 
... ...
@@ -56,8 +56,8 @@ abstract class KeksData
56 56
   protected function setup()
57 57
   {
58 58
     $fields = array();
59
-    $res = db_query("DESCRIBE {$this->default_table}");
60
-    while ($f = mysql_fetch_object($res))
59
+    $result = DB::query("DESCRIBE {$this->default_table}");
60
+    while ($f = $result->fetch_object())
61 61
     {
62 62
       $fields[$f->Field] = $f->Default;
63 63
     }
... ...
@@ -78,9 +78,9 @@ abstract class KeksData
78 78
     if (is_array($fields))
79 79
       $fields = implode(',', $fields);
80 80
     
81
-    $res = db_query("SELECT {$fields} FROM {$table} {$where}");
81
+    $result = DB::query("SELECT {$fields} FROM {$table} {$where}");
82 82
     $return = array();
83
-    while ($arr = mysql_fetch_assoc($res))
83
+    while ($arr = $result->fetch_assoc())
84 84
       array_push($return, $arr);
85 85
     return $return;
86 86
   }
... ...
@@ -102,10 +102,10 @@ abstract class KeksData
102 102
     $upd = array();
103 103
     foreach ($this->changes as $key => $value)
104 104
     {
105
-      $value = mysql_real_escape_string($value);
105
+      $value = DB::escape($value);
106 106
       array_push($upd, "`{$key}`='{$value}'");
107 107
     }
108
-    db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};");
108
+    DB::query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};");
109 109
   }
110 110
 
111 111
   abstract function parse($data);
... ...
@@ -17,7 +17,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 
18 18
 require_once('config.php');
19 19
 require_once('inc/debug.php');
20
-require_once('inc/db_connect.php');
20
+require_once('inc/db.php');
21 21
 require_once("inc/base.php");
22 22
 require_once("inc/theme.php");
23 23
 
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/debug.php');
19 18
 
20 19
 function config($key)
... ...
@@ -36,9 +35,9 @@ function config($key)
36 35
     return $config[$key];
37 36
   
38 37
   /* read configuration from database */
39
-  $options = db_query( "SELECT `key`, value FROM misc.config" );
38
+  $options = DB::query( "SELECT `key`, value FROM misc.config" );
40 39
   
41
-  while( $object = mysql_fetch_assoc( $options ) ) {
40
+  while( $object = $options->fetch_assoc() ) {
42 41
 	  $config[$object['key']]=$object['value'];
43 42
   }
44 43
   // Sonst wird das Passwort des webadmin-Users mit ausgegeben
... ...
@@ -54,8 +53,9 @@ function config($key)
54 53
 
55 54
 function get_server_by_id($id) {
56 55
   $id = (int) $id;
57
-  $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'"));
58
-  return $result['hostname'];
56
+  $result = DB::query("SELECT hostname FROM system.servers WHERE id='{$id}'");
57
+  $server = $result->fetch_assoc();
58
+  return $server['hostname'];
59 59
 }
60 60
 
61 61
 
... ...
@@ -71,8 +71,8 @@ function redirect($target)
71 71
 function my_server_id()
72 72
 {
73 73
   $uid = (int) $_SESSION['userinfo']['uid'];
74
-  $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
75
-  $r = mysql_fetch_assoc($result);
74
+  $result = DB::query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
75
+  $r = $result->fetch_assoc();
76 76
   DEBUG($r);
77 77
   return $r['server'];
78 78
 }
... ...
@@ -81,9 +81,9 @@ function my_server_id()
81 81
 function additional_servers()
82 82
 {
83 83
   $uid = (int) $_SESSION['userinfo']['uid'];
84
-  $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}");
84
+  $result = DB::query("SELECT server FROM system.user_server WHERE uid={$uid}");
85 85
   $servers = array();
86
-  while ($s = mysql_fetch_assoc($result))
86
+  while ($s = $result->fetch_assoc())
87 87
     $servers[] = $s['server'];
88 88
   DEBUG($servers);
89 89
   return $servers;
... ...
@@ -92,41 +92,22 @@ function additional_servers()
92 92
 
93 93
 function server_names()
94 94
 {
95
-  $result = db_query("SELECT id, hostname FROM system.servers");
95
+  $result = DB::query("SELECT id, hostname FROM system.servers");
96 96
   $servers = array();
97
-  while ($s = mysql_fetch_assoc($result))
97
+  while ($s = $result->fetch_assoc())
98 98
     $servers[$s['id']] = $s['hostname'];
99 99
   DEBUG($servers);
100 100
   return $servers;
101 101
 }
102 102
 
103 103
 
104
-function db_query($query)
105
-{
106
-  DEBUG($query);
107
-  $result = @mysql_query($query);
108
-  if (mysql_error())
109
-  {
110
-    $error = mysql_error();
111
-    logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}");
112
-    system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.');
113
-  }
114
-  $count = @mysql_num_rows($result);
115
-  if (! $count)
116
-    $count = 'no';
117
-  DEBUG("=> {$count} rows");
118
-  return $result; 
119
-}
120
-
121
-
122
-
123 104
 function maybe_null($value)
124 105
 {
125 106
   if ($value == NULL)
126 107
     return 'NULL';
127 108
 
128 109
   if (strlen( (string) $value ) > 0)
129
-    return "'".mysql_real_escape_string($value)."'";
110
+    return "'".$db->escape($value)."'";
130 111
   else
131 112
     return 'NULL';
132 113
 }
... ...
@@ -146,13 +127,13 @@ function logger($severity, $scriptname, $scope, $message)
146 127
   elseif ($_SESSION['role'] & ROLE_CUSTOMER)
147 128
     $user = "'{$_SESSION['customerinfo']['customerno']}'";
148 129
   
149
-  $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
130
+  $remote = DB::escape($_SERVER['REMOTE_ADDR']);
150 131
 
151
-  $scriptname = mysql_real_escape_string($scriptname);
152
-  $scope = mysql_real_escape_string($scope);
153
-  $message = mysql_real_escape_string($message);
132
+  $scriptname = DB::escape($scriptname);
133
+  $scope = DB::escape($scope);
134
+  $message = DB::escape($message);
154 135
 
155
-  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
136
+  DB::query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
156 137
 }
157 138
 
158 139
 function html_header($arg)
... ...
@@ -0,0 +1,88 @@
1
+<?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+
17
+require_once('inc/error.php');
18
+require_once('inc/debug.php');
19
+
20
+class DB 
21
+{
22
+  public static $connected = false;
23
+  public static $connection = NULL;
24
+  
25
+  function __construct() 
26
+  {
27
+    return false;
28
+  }
29
+  function __clone()
30
+  {
31
+    return false;
32
+  }
33
+
34
+  static function connect() 
35
+  {
36
+    DB::$connection = new mysqli(config('db_host'), config('db_user'), config('db_pass'), '', config('db_port'));
37
+    if (mysqli_connect_errno())
38
+	    die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.');
39
+    DB::$connection->set_charset('utf8');
40
+    if (DB::$connection->error)
41
+    {
42
+      DEBUG("DB-Fehler: ".DB::$connection->error);
43
+    	die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!');
44
+    }
45
+    DB::$connected = true;
46
+  }
47
+
48
+  static function query($query) 
49
+  {
50
+    if (! DB::$connection) 
51
+    {
52
+      DB::connect();
53
+    }
54
+  
55
+    DEBUG($query);
56
+    $result = DB::$connection->query($query);
57
+    if (DB::$connection->error)
58
+    {
59
+      $error = DB::$connection->error;
60
+      logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}");
61
+      system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.');
62
+    }
63
+    $count = DB::$connection->affected_rows;
64
+    if (! $count)
65
+      $count = 'no';
66
+    DEBUG("=> {$count} rows");
67
+    return $result;
68
+  }
69
+
70
+  static function insert_id()
71
+  {  
72
+    return DB::$connection->insert_id;
73
+  }
74
+
75
+
76
+  static function escape($string)
77
+  {
78
+    return DB::$connection->real_escape_string($string);
79
+  }
80
+
81
+}
82
+
83
+
84
+if (! DB::$connected ) {
85
+  DB::connect();
86
+}
87
+
88
+?>
... ...
@@ -1,25 +0,0 @@
1
-<?php
2
-/*
3
-This file belongs to the Webinterface of schokokeks.org Hosting
4
-
5
-Written 2008-2013 by schokokeks.org Hosting, namely
6
-  Bernd Wurst <bernd@schokokeks.org>
7
-  Hanno Böck <hanno@schokokeks.org>
8
-
9
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
-
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
-http://creativecommons.org/publicdomain/zero/1.0/
13
-
14
-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
-*/
16
-
17
-require_once('inc/error.php');
18
-
19
-if (!@mysql_connect(config('db_host'), config('db_user'), config('db_pass')))
20
-	die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.');
21
-	
22
-if (!@mysql_query('SET NAMES utf8'))
23
-	die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!');
24
-
25
-?>
... ...
@@ -19,9 +19,9 @@ require_once('inc/base.php');
19 19
 
20 20
 function find_customers($string) 
21 21
 {
22
-  $string = mysql_real_escape_string(chop($string));
22
+  $string = DB::escape(chop($string));
23 23
   $return = array();
24
-  $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ".
24
+  $result = DB::query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ".
25 25
                      "ON (kk.kundennr = k.id) LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
26 26
                      "firma LIKE '%{$string}%' OR firma2 LIKE '%{$string}%' OR ".
27 27
                      "nachname LIKE '%{$string}%' OR vorname LIKE '%{$string}%' OR ".
... ...
@@ -30,7 +30,7 @@ function find_customers($string)
30 30
                      "notizen LIKE '%{$string}%' OR kk.name LIKE '%{$string}%' OR ".
31 31
                      "kk.wert LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
32 32
                      "u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
33
-  while ($entry = mysql_fetch_assoc($result))
33
+  while ($entry = $result->fetch_assoc())
34 34
     $return[] = $entry['id'];
35 35
 
36 36
   return $return;
... ...
@@ -41,9 +41,9 @@ function find_users_for_customer($id)
41 41
 {
42 42
   $id = (int) $id;
43 43
   $return = array();
44
-  $result = db_query("SELECT uid, username FROM system.useraccounts WHERE ".
44
+  $result = DB::query("SELECT uid, username FROM system.useraccounts WHERE ".
45 45
                      "kunde='{$id}';");
46
-  while ($entry = mysql_fetch_assoc($result))
46
+  while ($entry = $result->fetch_assoc())
47 47
     $return[$entry['uid']] = $entry['username'];
48 48
 
49 49
   return $return;
... ...
@@ -54,9 +54,9 @@ function find_users_for_customer($id)
54 54
 function hosting_contracts($cid)
55 55
 {
56 56
   $cid = (int) $cid;
57
-  $result = db_query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid);
57
+  $result = DB::query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid);
58 58
   $ret = array();
59
-  while ($x = mysql_fetch_assoc($result))
59
+  while ($x = $result->fetch_assoc())
60 60
     array_push($ret, $x);
61 61
   DEBUG($ret);
62 62
 
... ...
@@ -15,7 +15,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
18
+require_once('inc/db.php');
19 19
 require_once('inc/base.php');
20 20
 require_once('inc/security.php');
21 21
 require_once('inc/error.php');
... ...
@@ -26,9 +26,9 @@ require_once('class/domain.php');
26 26
 function get_dyndns_accounts() 
27 27
 {
28 28
   $uid = (int) $_SESSION['userinfo']['uid'];
29
-  $result = db_query("SELECT * FROM dns.dyndns WHERE uid={$uid}");
29
+  $result = DB::query("SELECT * FROM dns.dyndns WHERE uid={$uid}");
30 30
   $list = array();
31
-  while ($item = mysql_fetch_assoc($result)) {
31
+  while ($item = $result->fetch_assoc()) {
32 32
     array_push($list, $item);
33 33
   }
34 34
   DEBUG($list);
... ...
@@ -40,12 +40,12 @@ function get_dyndns_account($id)
40 40
 {
41 41
   $id = (int) $id;
42 42
   $uid = (int) $_SESSION['userinfo']['uid'];
43
-  $result = db_query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}");
44
-  if (mysql_num_rows($result) != 1) {
43
+  $result = DB::query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}");
44
+  if ($result->num_rows != 1) {
45 45
     logger(LOG_WARNING, "modules/dns/include/dnsinclude", "dyndns", "account »{$id}« invalid for uid »{$uid}«.");
46 46
     system_failure("Account ungültig");
47 47
   }
48
-  $item = mysql_fetch_assoc($result);
48
+  $item = $result->fetch_assoc();
49 49
   DEBUG($item);
50 50
   return $item;
51 51
 }
... ...
@@ -58,14 +58,14 @@ function create_dyndns_account($handle, $password_http, $sshkey)
58 58
   if ($password_http == '' && $sshkey == '')
59 59
     system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.');  
60 60
 
61
-  $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle)));
62
-  $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey)));
61
+  $handle = maybe_null(DB::escape(filter_input_username($handle)));
62
+  $sshkey = maybe_null(DB::escape(filter_input_general($sshkey)));
63 63
 
64 64
   $pwhash = 'NULL';
65 65
   if ($password_http)
66 66
     $pwhash = "'{SHA}".base64_encode(sha1($password_http, true))."'";
67 67
 
68
-  db_query("INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ({$uid}, {$handle}, {$pwhash}, {$sshkey})");
68
+  DB::query("INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ({$uid}, {$handle}, {$pwhash}, {$sshkey})");
69 69
   logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "inserted account");
70 70
 }
71 71
 
... ...
@@ -73,8 +73,8 @@ function create_dyndns_account($handle, $password_http, $sshkey)
73 73
 function edit_dyndns_account($id, $handle, $password_http, $sshkey)
74 74
 {
75 75
   $id = (int) $id;
76
-  $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle)));
77
-  $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey)));
76
+  $handle = maybe_null(DB::escape(filter_input_username($handle)));
77
+  $sshkey = maybe_null(DB::escape(filter_input_general($sshkey)));
78 78
 
79 79
   $pwhash = 'NULL';
80 80
   if ($password_http)
... ...
@@ -85,7 +85,7 @@ function edit_dyndns_account($id, $handle, $password_http, $sshkey)
85 85
       $pwhash = "'{SHA}".base64_encode(sha1($password_http, true))."'";
86 86
   }
87 87
 
88
-  db_query("UPDATE dns.dyndns SET handle={$handle}, password={$pwhash}, sshkey={$sshkey} WHERE id={$id} LIMIT 1");
88
+  DB::query("UPDATE dns.dyndns SET handle={$handle}, password={$pwhash}, sshkey={$sshkey} WHERE id={$id} LIMIT 1");
89 89
   logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "edited account »{$id}«");
90 90
 }
91 91
 
... ...
@@ -94,7 +94,7 @@ function delete_dyndns_account($id)
94 94
 {
95 95
   $id = (int) $id;
96 96
 
97
-  db_query("DELETE FROM dns.dyndns WHERE id={$id} LIMIT 1");
97
+  DB::query("DELETE FROM dns.dyndns WHERE id={$id} LIMIT 1");
98 98
   logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "deleted account »{$id}«");
99 99
 }
100 100
 
... ...
@@ -102,9 +102,9 @@ function delete_dyndns_account($id)
102 102
 function get_dyndns_records($id)
103 103
 {
104 104
   $id = (int) $id;
105
-  $result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}");
105
+  $result = DB::query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}");
106 106
   $data = array();
107
-  while ($entry = mysql_fetch_assoc($result)) {
107
+  while ($entry = $result->fetch_assoc()) {
108 108
     $dom = new Domain((int) $entry['domain']);
109 109
     $dom->ensure_userdomain();
110 110
     $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
... ...
@@ -143,10 +143,10 @@ function blank_dns_record($type)
143 143
 function get_dns_record($id)
144 144
 {
145 145
   $id = (int) $id;
146
-  $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}");
147
-  if (mysql_num_rows($result) != 1)
146
+  $result = DB::query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}");
147
+  if ($result->num_rows != 1)
148 148
     system_failure('illegal ID');
149
-  $data = mysql_fetch_assoc($result);
149
+  $data = $result->fetch_assoc();
150 150
   $dom = new Domain( (int) $data['domain']);
151 151
   $dom->ensure_userdomain();
152 152
   DEBUG($data);
... ...
@@ -157,9 +157,9 @@ function get_dns_record($id)
157 157
 function get_domain_records($dom)
158 158
 {
159 159
   $dom = (int) $dom;
160
-  $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}");
160
+  $result = DB::query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}");
161 161
   $data = array();
162
-  while ($entry = mysql_fetch_assoc($result)) {
162
+  while ($entry = $result->fetch_assoc()) {
163 163
     $dom = new Domain((int) $entry['domain']);
164 164
     $dom->ensure_userdomain();
165 165
     $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
... ...
@@ -173,11 +173,11 @@ function get_domain_records($dom)
173 173
 
174 174
 function get_domain_auto_records($domainname)
175 175
 {
176
-  $domainname = mysql_real_escape_string($domainname);
177
-  //$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'");
178
-  $result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'");
176
+  $domainname = DB::escape($domainname);
177
+  //$result = DB::query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'");
178
+  $result = DB::query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'");
179 179
   $data = array();
180
-  while ($entry = mysql_fetch_assoc($result)) {
180
+  while ($entry = $result->fetch_assoc()) {
181 181
     array_push($data, $entry);
182 182
   }
183 183
   DEBUG($data);
... ...
@@ -276,9 +276,9 @@ function save_dns_record($id, $record)
276 276
   $record['spec'] = maybe_null($record['spec']);
277 277
   $record['dyndns'] = maybe_null($record['dyndns']);
278 278
   if ($id)
279
-    db_query("UPDATE dns.custom_records SET hostname={$record['hostname']}, domain={$dom->id}, type='{$record['type']}', ttl={$record['ttl']}, ip={$record['ip']}, dyndns={$record['dyndns']}, data={$record['data']}, spec={$record['spec']} WHERE id={$id} LIMIT 1");
279
+    DB::query("UPDATE dns.custom_records SET hostname={$record['hostname']}, domain={$dom->id}, type='{$record['type']}', ttl={$record['ttl']}, ip={$record['ip']}, dyndns={$record['dyndns']}, data={$record['data']}, spec={$record['spec']} WHERE id={$id} LIMIT 1");
280 280
   else
281
-    db_query("INSERT INTO dns.custom_records (hostname, domain, type, ttl, ip, dyndns, data, spec) VALUES ({$record['hostname']}, {$dom->id}, '{$record['type']}', {$record['ttl']}, {$record['ip']}, {$record['dyndns']}, {$record['data']}, {$record['spec']})");
281
+    DB::query("INSERT INTO dns.custom_records (hostname, domain, type, ttl, ip, dyndns, data, spec) VALUES ({$record['hostname']}, {$dom->id}, '{$record['type']}', {$record['ttl']}, {$record['ip']}, {$record['dyndns']}, {$record['data']}, {$record['spec']})");
282 282
 
283 283
 }
284 284
 
... ...
@@ -288,7 +288,7 @@ function delete_dns_record($id)
288 288
   $id = (int) $id;
289 289
   // Diese Funktion prüft, ob der Eintrag einer eigenen Domain gehört
290 290
   $record = get_dns_record($id);
291
-  db_query("DELETE FROM dns.custom_records WHERE id={$id} LIMIT 1");
291
+  DB::query("DELETE FROM dns.custom_records WHERE id={$id} LIMIT 1");
292 292
 }
293 293
 
294 294
 
... ...
@@ -298,9 +298,9 @@ function convert_from_autorecords($domainid)
298 298
   $dom->ensure_userdomain();
299 299
   $dom = $dom->id;
300 300
 
301
-  db_query("INSERT IGNORE INTO dns.custom_records SELECT r.id, r.lastchange, type, d.id, hostname, ip, NULL AS dyndns, data, spec, ttl FROM dns.v_tmptable_allrecords AS r INNER JOIN dns.v_domains AS d ON (d.name=r.domain) WHERE d.id={$dom}");
301
+  DB::query("INSERT IGNORE INTO dns.custom_records SELECT r.id, r.lastchange, type, d.id, hostname, ip, NULL AS dyndns, data, spec, ttl FROM dns.v_tmptable_allrecords AS r INNER JOIN dns.v_domains AS d ON (d.name=r.domain) WHERE d.id={$dom}");
302 302
   disable_autorecords($dom);
303
-  db_query("UPDATE dns.dnsstatus SET status='outdated'");
303
+  DB::query("UPDATE dns.dnsstatus SET status='outdated'");
304 304
   warning("Die automatischen Einträge werden in Kürze abgeschaltet, bitte haben Sie einen Moment Geduld.");
305 305
 }
306 306
 
... ...
@@ -311,7 +311,7 @@ function enable_autorecords($domainid)
311 311
   $dom->ensure_userdomain();
312 312
   $dom = $dom->id;
313 313
 
314
-  db_query("UPDATE kundendaten.domains SET autodns=1 WHERE id={$dom} LIMIT 1");
314
+  DB::query("UPDATE kundendaten.domains SET autodns=1 WHERE id={$dom} LIMIT 1");
315 315
   warning("Die automatischen Einträge werden in Kürze aktiviert, bitte haben Sie einen Moment Geduld.");
316 316
 }
317 317
 
... ...
@@ -321,15 +321,15 @@ function disable_autorecords($domainid)
321 321
   $dom->ensure_userdomain();
322 322
   $dom = $dom->id;
323 323
 
324
-  db_query("UPDATE kundendaten.domains SET autodns=0 WHERE id={$dom} LIMIT 1");
324
+  DB::query("UPDATE kundendaten.domains SET autodns=0 WHERE id={$dom} LIMIT 1");
325 325
 }
326 326
 
327 327
 
328 328
 function domain_is_maildomain($domain)
329 329
 {
330 330
   $domain = (int) $domain;
331
-  $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
332
-  $dom = mysql_fetch_assoc($result);
331
+  $result = DB::query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
332
+  $dom = $result->fetch_assoc();
333 333
   return ($dom['mail'] != 'none');
334 334
 }
335 335
 
... ...
@@ -25,9 +25,9 @@ function mailman_subdomains($domain)
25 25
     return array();
26 26
   }
27 27
   $domain = (int) $domain;
28
-  $result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}");
28
+  $result = DB::query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}");
29 29
   $ret = array();
30
-  while ($line = mysql_fetch_assoc($result))
30
+  while ($line = $result->fetch_assoc())
31 31
   {
32 32
     $ret[] = $line;
33 33
   }
... ...
@@ -39,8 +39,8 @@ function dns_in_use($domain)
39 39
   if ( ! in_array('dns', config('modules')))
40 40
     return false;
41 41
   $domain = (int) $domain;
42
-  $result = db_query("SELECT id FROM dns.custom_records WHERE domain={$domain}");
43
-  return (mysql_num_rows($result) > 0);
42
+  $result = DB::query("SELECT id FROM dns.custom_records WHERE domain={$domain}");
43
+  return ($result->num_rows > 0);
44 44
 }
45 45
 
46 46
 
... ...
@@ -51,17 +51,17 @@ function mail_in_use($domain)
51 51
     return false;
52 52
   }
53 53
   $domain = (int) $domain;
54
-  $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
55
-  if (mysql_num_rows($result) < 1)
54
+  $result = DB::query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
55
+  if ($result->num_rows < 1)
56 56
     system_failure("Domain not found");
57
-  $d = mysql_fetch_assoc($result);
57
+  $d = $result->fetch_assoc();
58 58
   if ($d['mail'] == 'none')
59 59
     return false; // manually disabled
60
-  $result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}");
61
-  if (mysql_num_rows($result) < 1)
60
+  $result = DB::query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}");
61
+  if ($result->num_rows < 1)
62 62
     return true; // .courier
63
-  $result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}");
64
-  return (mysql_num_rows($result) > 0);
63
+  $result = DB::query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}");
64
+  return ($result->num_rows > 0);
65 65
 }
66 66
 
67 67
 function web_in_use($domain)
... ...
@@ -71,13 +71,13 @@ function web_in_use($domain)
71 71
 
72 72
   $domain = (int) $domain;
73 73
 
74
-  $result = db_query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1");
75
-  if (mysql_num_rows($result) < 1)
74
+  $result = DB::query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1");
75
+  if ($result->num_rows < 1)
76 76
     return false;
77 77
 
78
-  $result = db_query("SELECT id FROM vhosts.vhost WHERE domain={$domain}");
79
-  $result2 = db_query("SELECT id FROM vhosts.alias WHERE domain={$domain}");
80
-  return (mysql_num_rows($result) > 0 || mysql_num_rows($result2) > 0);
78
+  $result = DB::query("SELECT id FROM vhosts.vhost WHERE domain={$domain}");
79
+  $result2 = DB::query("SELECT id FROM vhosts.alias WHERE domain={$domain}");
80
+  return ($result->num_rows > 0 || $result2->num_rows > 0);
81 81
 }
82 82
 
83 83
 
... ...
@@ -19,9 +19,9 @@ require_once('inc/base.php');
19 19
 function user_has_accounts()
20 20
 {
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22
-  $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid");
23
-  DEBUG(mysql_num_rows($result)." accounts");
24
-  return (mysql_num_rows($result) > 0);
22
+  $result = DB::query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid");
23
+  DEBUG($result->num_rows." accounts");
24
+  return ($result->num_rows > 0);
25 25
 }
26 26
 
27 27
 if (! function_exists("user_has_vmail_domain"))
... ...
@@ -33,8 +33,8 @@ if (! function_exists("user_has_vmail_domain"))
33 33
                 return false;
34 34
         }
35 35
         $uid = (int) $_SESSION['userinfo']['uid'];
36
-        $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
37
-        $row = mysql_fetch_array($result);
36
+        $result = DB::query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
37
+        $row = $result->fetch_array();
38 38
         $count = $row[0];
39 39
         DEBUG("User has {$count} vmail-domains");
40 40
         return ( (int) $count > 0 );
... ...
@@ -23,8 +23,8 @@ if (! function_exists("user_has_vmail_domain"))
23 23
 		return false;
24 24
 	}
25 25
 	$uid = (int) $_SESSION['userinfo']['uid'];
26
-	$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
27
-	$row = mysql_fetch_array($result);
26
+	$result = DB::query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
27
+	$row = $result->fetch_array();
28 28
 	$count = $row[0];
29 29
 	DEBUG("User has {$count} vmail-domains");
30 30
 	return ( (int) $count > 0 );
... ...
@@ -40,9 +40,9 @@ if (! function_exists("user_has_dotcourier_domain"))
40 40
 		return false;
41 41
 	}
42 42
 	$uid = (int) $_SESSION['userinfo']['uid'];
43
-	$result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". 
43
+	$result = DB::query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". 
44 44
             "SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);");
45
-  $ret = (mysql_num_rows($result) > 0);
45
+  $ret = ($result->num_rows > 0);
46 46
   if ($ret)
47 47
     DEBUG("User {$uid} has dotcourier-domains");
48 48
   return $ret;
... ...
@@ -15,7 +15,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
18
+require_once('inc/db.php');
19 19
 require_once('inc/base.php');
20 20
 require_once('inc/security.php');
21 21
 
... ...
@@ -26,11 +26,11 @@ require_once('common.php');
26 26
 function mailaccounts($uid)
27 27
 {
28 28
   $uid = (int) $uid;
29
-  $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local");
30
-  DEBUG("Found ".@mysql_num_rows($result)." rows!");
29
+  $result = DB::query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local");
30
+  DEBUG("Found ".@$result->num_rows." rows!");
31 31
   $accounts = array();
32
-  if (@mysql_num_rows($result) > 0)
33
-    while ($acc = @mysql_fetch_object($result))
32
+  if (@$result->num_rows > 0)
33
+    while ($acc = @$result->fetch_object())
34 34
       array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
35 35
   return $accounts;
36 36
 }
... ...
@@ -39,11 +39,11 @@ function get_mailaccount($id)
39 39
 {
40 40
   $id = (int) $id;
41 41
   $uid = (int) $_SESSION['userinfo']['uid'];
42
-  $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
43
-  DEBUG("Found ".mysql_num_rows($result)." rows!");
44
-  if (mysql_num_rows($result) != 1)
42
+  $result = DB::query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
43
+  DEBUG("Found ".$result->num_rows." rows!");
44
+  if ($result->num_rows != 1)
45 45
     system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
46
-  $acc = mysql_fetch_object($result);
46
+  $acc = $result->fetch_object();
47 47
   $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
48 48
   DEBUG(print_r($ret, true));
49 49
   return $ret;
... ...
@@ -73,13 +73,13 @@ function change_mailaccount($id, $arr)
73 73
         array_push($conditions, "domain={$domain->id}");
74 74
       }
75 75
     }
76
-    array_push($conditions, "local='".mysql_real_escape_string($local)."'");
76
+    array_push($conditions, "local='".DB::escape($local)."'");
77 77
   }
78 78
   if (isset($arr['mailbox']))
79 79
     if ($arr['mailbox'] == '')
80 80
       array_push($conditions, "`maildir`=NULL");
81 81
     else
82
-      array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'");
82
+      array_push($conditions, "`maildir`='".DB::escape($arr['mailbox'])."'");
83 83
 
84 84
   if (isset($arr['password']))
85 85
   {
... ...
@@ -91,7 +91,7 @@ function change_mailaccount($id, $arr)
91 91
     array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
92 92
 
93 93
 
94
-  db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' AND uid={$uid}");
94
+  DB::query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' AND uid={$uid}");
95 95
   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "updated account »{$arr['account']}«");
96 96
 
97 97
 }
... ...
@@ -121,13 +121,13 @@ function create_mailaccount($arr)
121 121
     }
122 122
   }
123 123
 
124
-  $values['local'] = "'".mysql_real_escape_string($local)."'";
124
+  $values['local'] = "'".DB::escape($local)."'";
125 125
 
126 126
   if (isset($arr['mailbox']))
127 127
     if ($arr['mailbox'] == '')
128 128
       $values['maildir'] = 'NULL';
129 129
     else
130
-      $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'";
130
+      $values['maildir']= "'".DB::escape($arr['mailbox'])."'";
131 131
 
132 132
 
133 133
   if (isset($arr['password']))
... ...
@@ -139,7 +139,7 @@ function create_mailaccount($arr)
139 139
     $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
140 140
 
141 141
 
142
-  db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
142
+  DB::query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
143 143
   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "created account »{$arr['account']}«");
144 144
 
145 145
 }
... ...
@@ -149,13 +149,13 @@ function get_mailaccount_id($accountname)
149 149
 {
150 150
   list($local, $domain) = explode('@', $accountname, 2);
151 151
 
152
-  $local = mysql_real_escape_string($local);
153
-  $domain = mysql_real_escape_string($domain);
152
+  $local = DB::escape($local);
153
+  $domain = DB::escape($domain);
154 154
 
155
-  $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
156
-  if (mysql_num_rows($result) != 1)
155
+  $result = DB::query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
156
+  if ($result->num_rows != 1)
157 157
     system_failure('account nicht eindeutig');
158
-  $acc = mysql_fetch_assoc($result);
158
+  $acc = $result->fetch_assoc();
159 159
   return $acc['id'];
160 160
 }
161 161
     
... ...
@@ -163,7 +163,7 @@ function get_mailaccount_id($accountname)
163 163
 function delete_mailaccount($id)
164 164
 {
165 165
   $id = (int) $id;
166
-  db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
166
+  DB::query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
167 167
   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "deleted account »{$id}«");
168 168
 }
169 169
 
... ...
@@ -213,8 +213,8 @@ function check_valid($acc)
213 213
 function imap_on_vmail_domain()
214 214
 {
215 215
   $uid = (int) $_SESSION['userinfo']['uid'];
216
-  $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
217
-  if (mysql_num_rows($result) > 0)
216
+  $result = DB::query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
217
+  if ($result->num_rows > 0)
218 218
     return true;
219 219
   return false;
220 220
 }
... ...
@@ -222,13 +222,13 @@ function imap_on_vmail_domain()
222 222
 function user_has_only_vmail_domains()
223 223
 {
224 224
   $uid = (int) $_SESSION['userinfo']['uid'];
225
-  $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
225
+  $result = DB::query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
226 226
   // User hat keine VMail-Domains
227
-  if (mysql_num_rows($result) == 0)
227
+  if ($result->num_rows == 0)
228 228
     return false;
229
-  $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
229
+  $result = DB::query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
230 230
   // User hat keine Domains die nicht vmail-Domains sind
231
-  if (mysql_num_rows($result) == 0)
231
+  if ($result->num_rows == 0)
232 232
     return true;
233 233
   return false;
234 234
 }
... ...
@@ -58,9 +58,9 @@ Ihre E-Mail wird nicht weitergeleitet.',
58 58
 
59 59
 function get_vmail_id_by_emailaddr($emailaddr) 
60 60
 {
61
-  $emailaddr = mysql_real_escape_string( $emailaddr );
62
-  $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'");
63
-  $entry = mysql_fetch_assoc($result);
61
+  $emailaddr = DB::escape( $emailaddr );
62
+  $result = DB::query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'");
63
+  $entry = $result->fetch_assoc();
64 64
   return (int) $entry['id'];
65 65
 }
66 66
 
... ...
@@ -73,25 +73,25 @@ function get_account_details($id, $checkuid = true)
73 73
     $uid = (int) $_SESSION['userinfo']['uid'];
74 74
     $uid_check = "useraccount='{$uid}' AND ";
75 75
   }
76
-  $result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1");
77
-	if (mysql_num_rows($result) == 0)
76
+  $result = DB::query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1");
77
+	if ($result->num_rows == 0)
78 78
 		system_failure('Ungültige ID oder kein eigener Account');
79 79
 	$acc = empty_account();
80
-	$res = mysql_fetch_assoc($result);
80
+	$res = $result->fetch_assoc();
81 81
 	foreach ($res AS $key => $value) {
82 82
 	  if ($key == 'forwards')
83 83
 	    continue;
84 84
 	  $acc[$key] = $value;
85 85
 	}
86 86
 	if ($acc['forwards'] > 0) {
87
-	  $result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};");
88
-	  while ($item = mysql_fetch_assoc($result)){
87
+	  $result = DB::query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};");
88
+	  while ($item = $result->fetch_assoc()){
89 89
 	    array_push($acc['forwards'], array("id" => $item['id'], 'spamfilter' => $item['spamfilter'], 'destination' => $item['destination']));
90 90
 	  }
91 91
 	}
92 92
   if ($acc['autoresponder'] > 0) {
93
-    $result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}");
94
-    $item = mysql_fetch_assoc($result);
93
+    $result = DB::query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}");
94
+    $item = $result->fetch_assoc();
95 95
     DEBUG($item);
96 96
     $acc['autoresponder'] = $item;
97 97
   } else {
... ...
@@ -106,9 +106,9 @@ function get_account_details($id, $checkuid = true)
106 106
 function get_vmail_accounts()
107 107
 {
108 108
 	$uid = (int) $_SESSION['userinfo']['uid'];
109
-	$result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC");
109
+	$result = DB::query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC");
110 110
 	$ret = array();
111
-	while ($line = mysql_fetch_assoc($result))
111
+	while ($line = $result->fetch_assoc())
112 112
 	{
113 113
 		array_push($ret, $line);
114 114
 	}
... ...
@@ -121,11 +121,11 @@ function get_vmail_accounts()
121 121
 function get_vmail_domains()
122 122
 {
123 123
 	$uid = (int) $_SESSION['userinfo']['uid'];
124
-	$result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname");
125
-	if (mysql_num_rows($result) == 0)
124
+	$result = DB::query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname");
125
+	if ($result->num_rows == 0)
126 126
 		system_failure('Sie haben keine Domains für virtuelle Mail-Verarbeitung');
127 127
 	$ret = array();
128
-	while ($tmp = mysql_fetch_assoc($result))
128
+	while ($tmp = $result->fetch_assoc())
129 129
 		array_push($ret, $tmp);
130 130
 	return $ret;
131 131
 }
... ...
@@ -133,7 +133,7 @@ function get_vmail_domains()
133 133
 
134 134
 function find_account_id($accname)
135 135
 {
136
-  $accname = mysql_real_escape_string($accname);
136
+  $accname = DB::escape($accname);
137 137
   DEBUG($accname);
138 138
   $tmp = explode('@', $accname, 2);
139 139
   DEBUG($tmp);
... ...
@@ -141,10 +141,10 @@ function find_account_id($accname)
141 141
     system_failure("Der Account hat nicht die korrekte Syntax");
142 142
   list( $local, $domainname) = $tmp;
143 143
 
144
-  $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1");
145
-  if (mysql_num_rows($result) == 0)
144
+  $result = DB::query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1");
145
+  if ($result->num_rows == 0)
146 146
     system_failure("Der Account konnte nicht gefunden werden");
147
-  $tmp = mysql_fetch_array($result);
147
+  $tmp = $result->fetch_array();
148 148
   return $tmp[0];
149 149
 }
150 150
 
... ...
@@ -152,8 +152,8 @@ function find_account_id($accname)
152 152
 function change_vmail_password($accname, $newpass)
153 153
 {
154 154
   $accid = find_account_id($accname);
155
-  $encpw = mysql_real_escape_string(encrypt_mail_password($newpass));
156
-  db_query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;");
155
+  $encpw = DB::escape(encrypt_mail_password($newpass));
156
+  DB::query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;");
157 157
 }
158 158
 
159 159
 
... ...
@@ -176,8 +176,8 @@ function domainselect($selected = NULL, $selectattribute = '')
176 176
 function get_max_mailboxquota($server, $oldquota) {
177 177
   $uid = (int) $_SESSION['userinfo']['uid'];
178 178
   $server = (int) $server;
179
-  $result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'");
180
-  $item = mysql_fetch_assoc($result);
179
+  $result = DB::query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'");
180
+  $item = $result->fetch_assoc();
181 181
   DEBUG("Free space: ".$item['free']." / Really: ".($item['free'] + ($oldquota - config('vmail_basequota'))));
182 182
   return $item['free'] + ($oldquota - config('vmail_basequota'));
183 183
 }
... ...
@@ -313,8 +313,8 @@ function save_vmail_account($account)
313 313
     $account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] );
314 314
   }
315 315
   
316
-  $account['local'] = mysql_real_escape_string(strtolower($account['local']));
317
-  $account['password'] = mysql_real_escape_string($account['password']);
316
+  $account['local'] = DB::escape(strtolower($account['local']));
317
+  $account['password'] = DB::escape($account['password']);
318 318
   $account['spamexpire'] = (int) $account['spamexpire'];
319 319
 
320 320
   $query = '';
... ...
@@ -322,8 +322,8 @@ function save_vmail_account($account)
322 322
   {
323 323
     $query = "INSERT INTO mail.vmail_accounts (local, domain, spamfilter, spamexpire, password, quota, quota_threshold) VALUES ";
324 324
     $query .= "('{$account['local']}', {$account['domain']}, {$spam}, {$account['spamexpire']}, {$password}, {$account['quota']}, {$account['quota_threshold']});";
325
-    db_query($query); 
326
-    $id = mysql_insert_id();
325
+    DB::query($query); 
326
+    $id = DB::insert_id();
327 327
   }
328 328
   else
329 329
   {
... ...
@@ -334,34 +334,34 @@ function save_vmail_account($account)
334 334
     $query = "UPDATE mail.vmail_accounts SET local='{$account['local']}', domain={$account['domain']}{$password}, ";
335 335
     $query .= "spamfilter={$spam}, spamexpire={$account['spamexpire']}, quota={$account['quota']}, quota_threshold={$account['quota_threshold']} ";
336 336
     $query .= "WHERE id={$id} LIMIT 1;";
337
-    db_query($query); 
337
+    DB::query($query); 
338 338
   }
339 339
 
340 340
   if (is_array($account['autoresponder'])) {
341 341
     $ar = $account['autoresponder'];
342 342
     $valid_from = maybe_null($ar['valid_from']);
343 343
     $valid_until = maybe_null($ar['valid_until']);
344
-    $fromname = maybe_null( mysql_real_escape_string($ar['fromname']) );
344
+    $fromname = maybe_null( DB::escape($ar['fromname']) );
345 345
     $fromaddr = NULL;
346 346
     if ($ar['fromaddr']) {
347
-      $fromaddr = mysql_real_escape_string(check_emailaddr($ar['fromaddr']));
347
+      $fromaddr = DB::escape(check_emailaddr($ar['fromaddr']));
348 348
     }
349 349
     $fromaddr = maybe_null( $fromaddr );
350
-    $subject = maybe_null( mysql_real_escape_string($ar['subject']));
351
-    $message = mysql_real_escape_string($ar['message']);
350
+    $subject = maybe_null( DB::escape($ar['subject']));
351
+    $message = DB::escape($ar['message']);
352 352
     $quote = "'inline'";
353 353
     if ($ar['quote'] == 'attach')
354 354
       $quote = "'attach'";
355 355
     elseif ($ar['quote'] == NULL)
356 356
       $quote = 'NULL';
357
-    db_query("REPLACE INTO mail.vmail_autoresponder (account, valid_from, valid_until, fromname, fromaddr, subject, message, quote) ".
357
+    DB::query("REPLACE INTO mail.vmail_autoresponder (account, valid_from, valid_until, fromname, fromaddr, subject, message, quote) ".
358 358
              "VALUES ({$id}, {$valid_from}, {$valid_until}, {$fromname}, {$fromaddr}, {$subject}, '{$message}', {$quote})");
359 359
   }
360 360
     
361 361
 
362 362
 
363 363
   if (! $newaccount)
364
-    db_query("DELETE FROM mail.vmail_forward WHERE account={$id}");
364
+    DB::query("DELETE FROM mail.vmail_forward WHERE account={$id}");
365 365
 
366 366
   if (count($account['forwards']) > 0)
367 367
   {
... ...
@@ -375,7 +375,7 @@ function save_vmail_account($account)
375 375
         $forward_query .= ', ';
376 376
       $forward_query .= "({$id}, ".maybe_null($account['forwards'][$i]['spamfilter']).", '{$account['forwards'][$i]['destination']}')";
377 377
     }
378
-    db_query($forward_query);
378
+    DB::query($forward_query);
379 379
   }
380 380
   if ($newaccount && $password != 'NULL')
381 381
   {
... ...
@@ -410,16 +410,16 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können?
410 410
 
411 411
   // Clean up obsolete quota
412 412
   if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
413
-    db_query("UPDATE mail.vmail_accounts SET quota_used=NULL, quota=NULL WHERE password IS NULL");
413
+    DB::query("UPDATE mail.vmail_accounts SET quota_used=NULL, quota=NULL WHERE password IS NULL");
414 414
   }
415 415
 
416 416
   // Update Mail-Quota-Cache
417 417
   if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
418 418
     $uid = (int) $_SESSION['userinfo']['uid'];
419
-    $result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server");
420
-    while ($line = mysql_fetch_assoc($result)) {
419
+    $result = DB::query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server");
420
+    while ($line = $result->fetch_assoc()) {
421 421
       if ($line['quota'] !== NULL) {
422
-        db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')");
422
+        DB::query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')");
423 423
       }
424 424
     }
425 425
   }
... ...
@@ -432,7 +432,7 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können?
432 432
 function delete_account($id)
433 433
 {
434 434
   $account = get_account_details($id);
435
-  db_query("DELETE FROM mail.vmail_accounts WHERE id={$account['id']};");
435
+  DB::query("DELETE FROM mail.vmail_accounts WHERE id={$account['id']};");
436 436
 }
437 437
 
438 438
 
... ...
@@ -445,9 +445,9 @@ function domainsettings($only_domain=NULL) {
445 445
   $subdomains = array();
446 446
 
447 447
   // Domains
448
-  $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);");
448
+  $result = DB::query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);");
449 449
 
450
-  while ($mydom = mysql_fetch_assoc($result)) {
450
+  while ($mydom = $result->fetch_assoc()) {
451 451
     if (! array_key_exists($mydom['id'], $domains)) {
452 452
       if ($mydom['v_id'])
453 453
         $mydom['mail'] = 'virtual';
... ...
@@ -462,8 +462,8 @@ function domainsettings($only_domain=NULL) {
462 462
   }      
463 463
 
464 464
   // Subdomains
465
-  $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};");
466
-  while ($mydom = mysql_fetch_assoc($result)) {
465
+  $result = DB::query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};");
466
+  while ($mydom = $result->fetch_assoc()) {
467 467
     if (! array_key_exists($mydom['id'], $subdomains))
468 468
       $subdomains[$mydom['id']] = array();
469 469
         
... ...
@@ -482,15 +482,15 @@ function domainsettings($only_domain=NULL) {
482 482
 function domain_has_vmail_accounts($domid)
483 483
 {
484 484
   $domid = (int) $domid;
485
-  $result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}");
486
-  return (mysql_num_rows($result) > 0);
485
+  $result = DB::query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}");
486
+  return ($result->num_rows > 0);
487 487
 }
488 488
 
489 489
 
490 490
 function change_domain($id, $type)
491 491
 {
492 492
   $id = (int) $id;
493
-  $type = mysql_real_escape_string($type);
493
+  $type = DB::escape($type);
494 494
   if (domain_has_vmail_accounts($id))
495 495
     system_failure("Sie müssen zuerst alle E-Mail-Konten mit dieser Domain löschen, bevor Sie die Webinterface-Verwaltung für diese Domain abschalten können.");
496 496
   
... ...
@@ -502,20 +502,20 @@ function change_domain($id, $type)
502 502
     system_failure('Domain ist bereits so konfiguriert');
503 503
 
504 504
   if ($type == 'none') {
505
-    db_query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;");
506
-    db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
507
-    db_query("UPDATE kundendaten.domains SET mail='none', lastchange=NOW() WHERE id={$id} LIMIT 1;");
505
+    DB::query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;");
506
+    DB::query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
507
+    DB::query("UPDATE kundendaten.domains SET mail='none', lastchange=NOW() WHERE id={$id} LIMIT 1;");
508 508
   }
509 509
   elseif ($type == 'virtual') {
510 510
     $vmailserver = (int) $_SESSION['userinfo']['server'];
511
-    db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
512
-    db_query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;");
513
-    db_query("INSERT INTO mail.virtual_mail_domains (domain, server) VALUES ({$id}, {$vmailserver});");
511
+    DB::query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
512
+    DB::query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;");
513
+    DB::query("INSERT INTO mail.virtual_mail_domains (domain, server) VALUES ({$id}, {$vmailserver});");
514 514
   }
515 515
   elseif ($type == 'auto') {
516
-    db_query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;");
517
-    db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
518
-    db_query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;");
516
+    DB::query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;");
517
+    DB::query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;");
518
+    DB::query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;");
519 519
   }
520 520
 }
521 521
 
... ...
@@ -19,9 +19,9 @@ require_once('inc/base.php');
19 19
 function list_ftpusers()
20 20
 {
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22
-  $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
22
+  $result = DB::query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
23 23
   $ftpusers = array();
24
-  while ($u = mysql_fetch_assoc($result)) {
24
+  while ($u = $result->fetch_assoc()) {
25 25
     $ftpusers[] = $u;
26 26
   }
27 27
   return $ftpusers;
... ...
@@ -39,10 +39,10 @@ function load_ftpuser($id)
39 39
     return empty_ftpuser();
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   $id = (int) $id;
42
-  $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
43
-  if (mysql_num_rows($result) != 1)
42
+  $result = DB::query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
43
+  if ($result->num_rows != 1)
44 44
     system_failure("Fehler beim auslesen des Accounts");
45
-  $account = mysql_fetch_assoc($result);
45
+  $account = $result->fetch_assoc();
46 46
   DEBUG($account);
47 47
   return $account;
48 48
 }
... ...
@@ -101,9 +101,9 @@ function save_ftpuser($data)
101 101
     
102 102
   
103 103
   if ($id)
104
-    db_query("UPDATE system.ftpusers SET username='{$username}', {$password_query} homedir='{$homedir}', active='{$active}', forcessl='{$forcessl}', server={$server} WHERE id={$id} AND uid={$uid} LIMIT 1");
104
+    DB::query("UPDATE system.ftpusers SET username='{$username}', {$password_query} homedir='{$homedir}', active='{$active}', forcessl='{$forcessl}', server={$server} WHERE id={$id} AND uid={$uid} LIMIT 1");
105 105
   else
106
-    db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES ('{$username}', '{$password_hash}', '{$homedir}', '{$uid}', '{$active}', '{$forcessl}', {$server})");
106
+    DB::query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES ('{$username}', '{$password_hash}', '{$homedir}', '{$uid}', '{$active}', '{$forcessl}', {$server})");
107 107
 }
108 108
 
109 109
 
... ...
@@ -111,17 +111,17 @@ function delete_ftpuser($id)
111 111
 {
112 112
   $uid = (int) $_SESSION['userinfo']['uid'];
113 113
   $id = (int) $id;
114
-  db_query("DELETE FROM system.ftpusers WHERE id='{$id}' AND uid={$uid} LIMIT 1");
114
+  DB::query("DELETE FROM system.ftpusers WHERE id='{$id}' AND uid={$uid} LIMIT 1");
115 115
 }
116 116
 
117 117
 
118 118
 function get_gid($groupname)
119 119
 {
120
-  $groupname = mysql_real_escape_string($groupname);
121
-  $result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
122
-  if (mysql_num_rows($result) != 1)
120
+  $groupname = DB::escape($groupname);
121
+  $result = DB::query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
122
+  if ($result->num_rows != 1)
123 123
     system_failure('cannot determine gid of ftpusers group');
124
-  $a = mysql_fetch_assoc($result);
124
+  $a = $result->fetch_assoc();
125 125
   $gid = (int) $a['gid'];
126 126
   if ($gid == 0)
127 127
     system_failure('error on determining gid of ftpusers group');
... ...
@@ -133,8 +133,8 @@ function have_regular_ftp()
133 133
 {
134 134
   $gid = get_gid('ftpusers');
135 135
   $uid = (int) $_SESSION['userinfo']['uid'];
136
-  $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
137
-  return (mysql_num_rows($result) > 0);
136
+  $result = DB::query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
137
+  return ($result->num_rows > 0);
138 138
 }
139 139
 
140 140
 
... ...
@@ -143,14 +143,14 @@ function enable_regular_ftp()
143 143
   require_role(ROLE_SYSTEMUSER);
144 144
   $gid = get_gid('ftpusers');
145 145
   $uid = (int) $_SESSION['userinfo']['uid'];
146
-  db_query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES ('$gid', '$uid')");
146
+  DB::query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES ('$gid', '$uid')");
147 147
 }
148 148
 
149 149
 function disable_regular_ftp()
150 150
 {
151 151
   $gid = get_gid('ftpusers');
152 152
   $uid = (int) $_SESSION['userinfo']['uid'];
153
-  db_query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
153
+  DB::query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
154 154
 }
155 155
 
156 156
 
... ...
@@ -17,9 +17,9 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 function whitelist_entries() 
18 18
 {
19 19
 	$uid = (int) $_SESSION['userinfo']['uid'];
20
-	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};");
20
+	$result = DB::query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};");
21 21
 	$return = array();
22
-	while ($line = mysql_fetch_assoc($res))
22
+	while ($line = $result->fetch_assoc())
23 23
 		array_push($return, $line);
24 24
 	return $return;
25 25
 }
... ...
@@ -29,10 +29,10 @@ function get_whitelist_details($id)
29 29
 {
30 30
 	$id = (int) $id;
31 31
 	$uid = (int) $_SESSION['userinfo']['uid'];
32
-	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};");
33
-	if (mysql_num_rows($res) != 1)
32
+	$result = DB::query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};");
33
+	if ($res->num_rows != 1)
34 34
 		system_failure('Kann diesen Eintrag nicht finden');
35
-	return mysql_fetch_assoc($res);
35
+	return $result->fetch_assoc();
36 36
 }
37 37
 
38 38
 
... ...
@@ -42,7 +42,7 @@ function delete_from_whitelist($id)
42 42
 	// Check if the ID is valid: This will die if not.
43 43
 	$entry = get_whitelist_details($id);
44 44
 
45
-	db_query("DELETE FROM mail.greylisting_manual_whitelist WHERE id={$id} LIMIT 1;");
45
+	DB::query("DELETE FROM mail.greylisting_manual_whitelist WHERE id={$id} LIMIT 1;");
46 46
 }
47 47
 
48 48
 
... ...
@@ -55,9 +55,9 @@ function valid_entry($local, $domain)
55 55
 			system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!');
56 56
 		return true;
57 57
 	}
58
-	$d = mysql_real_escape_string($domain);
59
-	$res = db_query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1");
60
-	if (mysql_num_rows($res) != 1)
58
+	$d = DB::escape($domain);
59
+	$res = DB::query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1");
60
+	if ($res->num_rows != 1)
61 61
 		system_failure('Diese domain gehört Ihnen nicht!');
62 62
 	return true;
63 63
 }
... ...
@@ -68,14 +68,14 @@ function new_whitelist_entry($local, $domain, $minutes)
68 68
 	valid_entry($local, $domain);
69 69
 	$uid = (int) $_SESSION['userinfo']['uid'];
70 70
 	$local = maybe_null($local);
71
-	$domain = mysql_real_escape_string($domain);
71
+	$domain = DB::escape($domain);
72 72
 	
73 73
 	$expire = '';
74 74
 	if ($minutes == 'none')
75 75
 		$expire = 'NULL';
76 76
 	else
77 77
 		$expire = "NOW() + INTERVAL ". (int) $minutes ." MINUTE";
78
-	db_query("INSERT INTO mail.greylisting_manual_whitelist (local,domain,date,expire,uid) VALUES ".
78
+	DB::query("INSERT INTO mail.greylisting_manual_whitelist (local,domain,date,expire,uid) VALUES ".
79 79
 	         "({$local}, '{$domain}', NOW(), {$expire}, $uid);");
80 80
 }
81 81
 
... ...
@@ -14,15 +14,15 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('inc/db.php');
18 18
 require_once('session/checkuser.php');
19 19
 
20 20
 function customer_has_email($customerno, $email)
21 21
 {
22 22
   $customerno = (int) $customerno;
23
-  $email = mysql_real_escape_string($email);
24
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
25
-  return (mysql_num_rows($result) > 0);
23
+  $email = DB::escape($email);
24
+  $result = DB::query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
25
+  return ($result->num_rows > 0);
26 26
 }
27 27
 
28 28
 
... ...
@@ -30,32 +30,32 @@ function validate_token($customerno, $token)
30 30
 {
31 31
   expire_tokens();
32 32
   $customerno = (int) $customerno;
33
-  $token = mysql_real_escape_string($token);
34
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
35
-  return (mysql_num_rows($result) > 0);
33
+  $token = DB::escape($token);
34
+  $result = DB::query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
35
+  return ($result->num_rows > 0);
36 36
 }
37 37
 
38 38
 
39 39
 function get_uid_for_token($token) 
40 40
 {
41 41
   expire_tokens();
42
-  $token = mysql_real_escape_string($token);
43
-  $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
44
-  if (mysql_num_rows($result) == 0) {
42
+  $token = DB::escape($token);
43
+  $result = DB::query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
44
+  if ($result->num_rows == 0) {
45 45
     return NULL;
46 46
   }
47
-  $data = mysql_fetch_assoc($result);
47
+  $data = $result->fetch_assoc();
48 48
   return $data['uid'];  
49 49
 }
50 50
 
51 51
 function get_username_for_uid($uid) 
52 52
 {
53 53
   $uid = (int) $uid;
54
-  $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
55
-  if (mysql_num_rows($result) != 1) {
54
+  $result = DB::query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
55
+  if ($result->num_rows != 1) {
56 56
     system_failure("Unexpected number of users with this uid (!= 1)!");
57 57
   }
58
-  $item = mysql_fetch_assoc($result);
58
+  $item = $result->fetch_assoc();
59 59
   return $item['username'];
60 60
 }
61 61
 
... ...
@@ -63,44 +63,44 @@ function validate_uid_token($uid, $token)
63 63
 {
64 64
   expire_tokens();
65 65
   $uid = (int) $uid;
66
-  $token = mysql_real_escape_string($token);
67
-  $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
68
-  return (mysql_num_rows($result) > 0);
66
+  $token = DB::escape($token);
67
+  $result = DB::query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
68
+  return ($result->num_rows > 0);
69 69
 }
70 70
 
71 71
 
72 72
 function expire_tokens()
73 73
 {
74 74
   $expire = "1 DAY";
75
-  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
76
-  db_query("DELETE FROM system.usertoken WHERE expire < NOW();");
75
+  DB::query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
76
+  DB::query("DELETE FROM system.usertoken WHERE expire < NOW();");
77 77
 }
78 78
 
79 79
 function invalidate_customer_token($customerno)
80 80
 {
81 81
   $customerno = (int) $customerno;
82
-  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
82
+  DB::query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
83 83
 }
84 84
  
85 85
 function invalidate_systemuser_token($uid)
86 86
 {
87 87
   $uid = (int) $uid;
88
-  db_query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;");
88
+  DB::query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;");
89 89
 }
90 90
  
91 91
 function create_token($customerno)
92 92
 {
93 93
   $customerno = (int) $customerno;
94 94
   expire_tokens();
95
-  $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
96
-  if (mysql_num_rows($result) > 0)
95
+  $result = DB::query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
96
+  if ($result->num_rows > 0)
97 97
   {
98
-    $res = mysql_fetch_object($result)->token_create;
98
+    $res = $result->fetch_object()->token_create;
99 99
     input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
100 100
     return false;
101 101
   }
102 102
   $token = random_string(10);
103
-  db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
103
+  DB::query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
104 104
   return true;
105 105
 }
106 106
 
... ...
@@ -109,10 +109,10 @@ function get_customer_token($customerno)
109 109
 {
110 110
   $customerno = (int) $customerno;
111 111
   expire_tokens();
112
-  $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
113
-  if (mysql_num_rows($result) < 1)
112
+  $result = DB::query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
113
+  if ($result->num_rows < 1)
114 114
     system_failure("Kann das Token nicht auslesen!");
115
-  return mysql_fetch_object($result)->token;
115
+  return $result->fetch_object()->token;
116 116
 }
117 117
 
118 118
 
... ...
@@ -38,14 +38,14 @@ function do_ajax_cert_login() {
38 38
 
39 39
 function get_logins_by_cert($cert) 
40 40
 {
41
-	$cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
41
+	$cert = DB::escape(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
42 42
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
43
-	$result = db_query($query);
44
-	if (mysql_num_rows($result) < 1)
43
+	$result = DB::query($query);
44
+	if ($result->num_rows < 1)
45 45
 		return NULL;
46 46
 	else {
47 47
 		$ret = array();
48
-		while ($row = mysql_fetch_assoc($result)) {
48
+		while ($row = $result->fetch_assoc()) {
49 49
 			$ret[] = $row;
50 50
 		}
51 51
 		return $ret;
... ...
@@ -58,10 +58,10 @@ function get_cert_by_id($id)
58 58
 	if ($id == 0)
59 59
 	  system_failure('no ID');
60 60
 	$query = "SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`='{$id}' LIMIT 1";
61
-	$result = db_query($query);
62
-	if (mysql_num_rows($result) < 1)
61
+	$result = DB::query($query);
62
+	if ($result->num_rows < 1)
63 63
 		return NULL;
64
-	$ret = mysql_fetch_assoc($result);
64
+	$ret = $result->fetch_assoc();
65 65
   DEBUG($ret);
66 66
   return $ret;
67 67
 }
... ...
@@ -69,14 +69,14 @@ function get_cert_by_id($id)
69 69
 
70 70
 function get_certs_by_username($username) 
71 71
 {
72
-	$username = mysql_real_escape_string($username);
72
+	$username = DB::escape($username);
73 73
 	if ($username == '')
74 74
 	  system_failure('empty username');
75 75
 	$query = "SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`='{$username}'";
76
-	$result = db_query($query);
77
-	if (mysql_num_rows($result) < 1)
76
+	$result = DB::query($query);
77
+	if ($result->num_rows < 1)
78 78
 		return NULL;
79
-	while ($row = mysql_fetch_assoc($result)) {
79
+	while ($row = $result->fetch_assoc()) {
80 80
 	  $ret[] = $row;
81 81
 	}
82 82
 	return $ret;
... ...
@@ -89,24 +89,24 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='')
89 89
   $username = NULL;
90 90
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
91 91
     $type = 'user';
92
-    $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
92
+    $username = DB::escape($_SESSION['userinfo']['username']);
93 93
     if (isset($_SESSION['subuser'])) {
94
-      $username = mysql_real_escape_string($_SESSION['subuser']);
94
+      $username = DB::escape($_SESSION['subuser']);
95 95
       $type = 'subuser';
96 96
     }
97 97
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
98 98
     $type = 'email';
99
-    $username = mysql_real_escape_string($_SESSION['mailaccount']);
99
+    $username = DB::escape($_SESSION['mailaccount']);
100 100
   }
101 101
   if (! $type || ! $username) {
102 102
     system_failure('cannot get type or username of login');
103 103
   }
104
-  $certdata = mysql_real_escape_string($certdata);
105
-  $dn = maybe_null(mysql_real_escape_string($dn));
106
-  $issuer = maybe_null(mysql_real_escape_string($issuer));
104
+  $certdata = DB::escape($certdata);
105
+  $dn = maybe_null(DB::escape($dn));
106
+  $issuer = maybe_null(DB::escape($issuer));
107 107
   if ($startpage &&  ! check_path($startpage))
108 108
     system_failure('Startseite kaputt');
109
-  $startpage = maybe_null(mysql_real_escape_string($startpage));
109
+  $startpage = maybe_null(DB::escape($startpage));
110 110
 
111 111
   if ($certdata == '')
112 112
     system_failure('Kein Zertifikat');
... ...
@@ -114,7 +114,7 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='')
114 114
   DEBUG($dn);
115 115
   DEBUG($issuer);
116 116
 
117
-  db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `cert`, `type`, `username`, `startpage`) 
117
+  DB::query("INSERT INTO system.clientcert (`dn`, `issuer`, `cert`, `type`, `username`, `startpage`) 
118 118
 VALUES ({$dn}, {$issuer}, '{$certdata}', '{$type}', '{$username}', {$startpage})");
119 119
 
120 120
 }
... ...
@@ -127,18 +127,18 @@ function delete_clientcert($id)
127 127
   $username = NULL;
128 128
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
129 129
     $type = 'user';
130
-    $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
130
+    $username = DB::escape($_SESSION['userinfo']['username']);
131 131
     if (isset($_SESSION['subuser'])) {
132
-      $username = mysql_real_escape_string($_SESSION['subuser']);
132
+      $username = DB::escape($_SESSION['subuser']);
133 133
       $type = 'subuser';
134 134
     }
135 135
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
136 136
     $type = 'email';
137
-    $username = mysql_real_escape_string($_SESSION['mailaccount']);
137
+    $username = DB::escape($_SESSION['mailaccount']);
138 138
   }
139 139
   if (! $type || ! $username) {
140 140
     system_failure('cannot get type or username of login');
141 141
   }
142
-  db_query("DELETE FROM system.clientcert WHERE id={$id} AND type='{$type}' AND username='{$username}' LIMIT 1");
142
+  DB::query("DELETE FROM system.clientcert WHERE id={$id} AND type='{$type}' AND username='{$username}' LIMIT 1");
143 143
 }
144 144
 
... ...
@@ -20,9 +20,9 @@ require_once('inc/security.php');
20 20
 function my_invoices()
21 21
 {
22 22
   $c = (int) $_SESSION['customerinfo']['customerno'];
23
-  $result = db_query("SELECT id,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC");
23
+  $result = DB::query("SELECT id,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC");
24 24
   $ret = array();
25
-  while($line = mysql_fetch_assoc($result))
25
+  while($line = $result->fetch_assoc())
26 26
   	array_push($ret, $line);
27 27
   return $ret;
28 28
 }
... ...
@@ -32,10 +32,10 @@ function get_pdf($id)
32 32
 {
33 33
   $c = (int) $_SESSION['customerinfo']['customerno'];
34 34
   $id = (int) $id;
35
-  $result = db_query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
36
-  if (mysql_num_rows($result) == 0)
35
+  $result = DB::query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
36
+  if ($result->num_rows == 0)
37 37
 	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
38
-  return mysql_fetch_object($result)->pdfdata;
38
+  return $result->fetch_object()->pdfdata;
39 39
 
40 40
 }
41 41
 
... ...
@@ -44,21 +44,21 @@ function invoice_details($id)
44 44
 {
45 45
   $c = (int) $_SESSION['customerinfo']['customerno'];
46 46
   $id = (int) $id;
47
-  $result = db_query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
48
-  if (mysql_num_rows($result) == 0)
47
+  $result = DB::query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
48
+  if ($result->num_rows == 0)
49 49
 	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
50
-  return mysql_fetch_assoc($result);
50
+  return $result->fetch_assoc();
51 51
 }
52 52
 
53 53
 function invoice_items($id)
54 54
 {
55 55
   $c = (int) $_SESSION['customerinfo']['customerno'];
56 56
   $id = (int) $id;
57
-  $result = db_query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}");
58
-  if (mysql_num_rows($result) == 0)
57
+  $result = DB::query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}");
58
+  if ($result->num_rows == 0)
59 59
 	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
60 60
   $ret = array();
61
-  while($line = mysql_fetch_assoc($result))
61
+  while($line = $result->fetch_assoc())
62 62
   array_push($ret, $line);
63 63
   return $ret;
64 64
 }
... ...
@@ -67,9 +67,9 @@ function invoice_items($id)
67 67
 function upcoming_items()
68 68
 {
69 69
   $c = (int) $_SESSION['customerinfo']['customerno'];
70
-  $result = db_query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC");
70
+  $result = DB::query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC");
71 71
   $ret = array();
72
-  while($line = mysql_fetch_assoc($result))
72
+  while($line = $result->fetch_assoc())
73 73
 	  array_push($ret, $line);
74 74
   return $ret;
75 75
 }
... ...
@@ -23,10 +23,10 @@ require_once('class/domain.php');
23 23
 function get_jabber_accounts() {
24 24
   require_role(ROLE_CUSTOMER);
25 25
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
26
-  $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
26
+  $result = DB::query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
27 27
   $accounts = array();
28
-  if (@mysql_num_rows($result) > 0)
29
-    while ($acc = @mysql_fetch_assoc($result))
28
+  if (@$result->num_rows > 0)
29
+    while ($acc = @$result->fetch_assoc())
30 30
       array_push($accounts, $acc);
31 31
   return $accounts;
32 32
 }
... ...
@@ -40,10 +40,10 @@ function get_jabberaccount_details($id)
40 40
 
41 41
   $id = (int) $id;
42 42
 
43
-  $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
44
-  if (mysql_num_rows($result) != 1)
43
+  $result = DB::query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
44
+  if ($result->num_rows != 1)
45 45
     system_failure("Invalid account");
46
-  $data = mysql_fetch_assoc($result);
46
+  $data = $result->fetch_assoc();
47 47
   if ($data['domain'] == NULL)
48 48
     $data['domain'] = config('masterdomain');
49 49
   else
... ...
@@ -72,19 +72,19 @@ function create_jabber_account($local, $domain, $password)
72 72
   require_role(ROLE_CUSTOMER);
73 73
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
74 74
 
75
-  $local = mysql_real_escape_string( filter_input_username($local) );
75
+  $local = DB::escape( filter_input_username($local) );
76 76
   $domain = (int) $domain;
77 77
   if (! valid_jabber_password($password))
78 78
   {
79 79
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
80 80
     return;
81 81
   }
82
-  $password = mysql_real_escape_string( $password );
82
+  $password = DB::escape( $password );
83 83
   
84 84
   if ($domain > 0)
85 85
   {
86
-    $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
87
-    if (mysql_num_rows($result) == 0)
86
+    $result = DB::query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
87
+    if ($result->num_rows == 0)
88 88
     {
89 89
       logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
90 90
       system_failure("Invalid domain!");
... ...
@@ -97,14 +97,14 @@ function create_jabber_account($local, $domain, $password)
97 97
     $domain = 'NULL';
98 98
     $domainquery = 'domain IS NULL'; 
99 99
   }
100
-  $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
101
-  if (mysql_num_rows($result) > 0)
100
+  $result = DB::query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
101
+  if ($result->num_rows > 0)
102 102
   {
103 103
     logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
104 104
     system_failure("Diesen Account gibt es bereits!");
105 105
   }
106 106
 
107
-  db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
107
+  DB::query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
108 108
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«");
109 109
 }
110 110
 
... ...
@@ -120,9 +120,9 @@ function change_jabber_password($id, $password)
120 120
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
121 121
     return;
122 122
   }
123
-  $password = mysql_real_escape_string( $password );
123
+  $password = DB::escape( $password );
124 124
   
125
-  db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
125
+  DB::query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
126 126
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
127 127
 }
128 128
 
... ...
@@ -135,7 +135,7 @@ function delete_jabber_account($id)
135 135
 
136 136
   $id = (int) $id;
137 137
 
138
-  db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
138
+  DB::query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
139 139
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
140 140
 }
141 141
 
... ...
@@ -144,7 +144,7 @@ function new_jabber_domain($id)
144 144
 {
145 145
   $d = new Domain( (int) $id );
146 146
   $d->ensure_customerdomain();
147
-  db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id={$d->id} LIMIT 1");
147
+  DB::query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id={$d->id} LIMIT 1");
148 148
 }
149 149
 
150 150
 
... ...
@@ -22,9 +22,9 @@ require_once('inc/security.php');
22 22
 function get_lists()
23 23
 {
24 24
   $uid = (int) $_SESSION['userinfo']['uid'];
25
-  $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid};");
25
+  $result = DB::query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid};");
26 26
   $ret = array();
27
-  while ($list = mysql_fetch_assoc($result))
27
+  while ($list = $result->fetch_assoc())
28 28
     $ret[] = $list;
29 29
   DEBUG($ret);
30 30
   return $ret;
... ...
@@ -35,10 +35,10 @@ function get_list($id)
35 35
 {
36 36
   $id = (int) $id;
37 37
   $uid = (int) $_SESSION['userinfo']['uid'];
38
-  $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid} AND id={$id};");
39
-  if (mysql_num_rows($result) < 1)
38
+  $result = DB::query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid} AND id={$id};");
39
+  if ($result->num_rows < 1)
40 40
     system_failure('Die gewünschte Mailingliste konnte nicht gefunden werden');
41
-  $list = mysql_fetch_assoc($result);
41
+  $list = $result->fetch_assoc();
42 42
   DEBUG($list);
43 43
 
44 44
   return $list;
... ...
@@ -49,7 +49,7 @@ function delete_list($id)
49 49
 {
50 50
   $uid = (int) $_SESSION['userinfo']['uid'];
51 51
   $id = (int) $id;
52
-  db_query("UPDATE mail.mailman_lists SET status='delete' WHERE owner={$uid} AND id={$id};");
52
+  DB::query("UPDATE mail.mailman_lists SET status='delete' WHERE owner={$uid} AND id={$id};");
53 53
 }
54 54
 
55 55
 
... ...
@@ -61,22 +61,22 @@ function create_list($listname, $maildomain, $admin)
61 61
   verify_input_general($admin);
62 62
   if (! check_emailaddr($admin))
63 63
     system_failure('Der Verwalter muss eine gültige E-Mail-Adresse sein ('.$admin.').');
64
-  $admin = mysql_real_escape_string($admin);
65
-  $result = db_query("SELECT id FROM mail.mailman_lists WHERE listname='{$listname}'");
66
-  if (mysql_num_rows($result) > 0)
64
+  $admin = DB::escape($admin);
65
+  $result = DB::query("SELECT id FROM mail.mailman_lists WHERE listname='{$listname}'");
66
+  if ($result->num_rows > 0)
67 67
     system_failure('Eine Liste mit diesem Namen existiert bereits (unter dieser oder einer anderen Domain). Jeder Listenname kann nur einmal verwendet werden.');
68 68
 
69
-  db_query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', '{$listname}', {$maildomain}, {$owner}, '{$admin}');");
70
-  DEBUG('Neue ID: '.mysql_insert_id());
69
+  DB::query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', '{$listname}', {$maildomain}, {$owner}, '{$admin}');");
70
+  DEBUG('Neue ID: '.DB::insert_id());
71 71
 }
72 72
 
73 73
 
74 74
 function get_mailman_domains()
75 75
 {
76 76
   $uid = (int) $_SESSION['userinfo']['uid'];
77
-  $result = db_query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user={$uid}");
77
+  $result = DB::query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user={$uid}");
78 78
   $ret = array();
79
-  while ($dom = mysql_fetch_assoc($result))
79
+  while ($dom = $result->fetch_assoc())
80 80
     $ret[] = $dom;
81 81
   DEBUG($ret);
82 82
   return $ret;
... ...
@@ -17,11 +17,11 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 function get_mysql_accounts($UID)
18 18
 {
19 19
   $UID = (int) $UID;
20
-  $result = db_query("SELECT id, username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username");
21
-  if (mysql_num_rows($result) == 0)
20
+  $result = DB::query("SELECT id, username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username");
21
+  if ($result->num_rows == 0)
22 22
     return array();
23 23
   $list = array();
24
-  while ($item = mysql_fetch_assoc($result))
24
+  while ($item = $result->fetch_assoc())
25 25
   {
26 26
     $list[] = $item;
27 27
   }
... ...
@@ -31,11 +31,11 @@ function get_mysql_accounts($UID)
31 31
 function get_mysql_databases($UID)
32 32
 {
33 33
   $UID = (int) $UID;
34
-  $result = db_query("SELECT id, name, description, created FROM misc.mysql_database WHERE useraccount=$UID ORDER BY name");
35
-  if (mysql_num_rows($result) == 0)
34
+  $result = DB::query("SELECT id, name, description, created FROM misc.mysql_database WHERE useraccount=$UID ORDER BY name");
35
+  if ($result->num_rows == 0)
36 36
     return array();
37 37
   $list = array();
38
-  while ($item = mysql_fetch_assoc($result))
38
+  while ($item = $result->fetch_assoc())
39 39
   {
40 40
     $list[] = $item;
41 41
   }
... ...
@@ -55,7 +55,7 @@ function set_database_description($dbname, $description)
55 55
     system_failure('Ungültige Datenbank');
56 56
   }
57 57
   $description = maybe_null(filter_input_general($description));
58
-  db_query("UPDATE misc.mysql_database SET description={$description} WHERE id={$thisdb['id']}");
58
+  DB::query("UPDATE misc.mysql_database SET description={$description} WHERE id={$thisdb['id']}");
59 59
 }
60 60
 
61 61
 function set_dbuser_description($username, $description) 
... ...
@@ -71,16 +71,16 @@ function set_dbuser_description($username, $description)
71 71
     system_failure('Ungültiger Benutzer');
72 72
   }
73 73
   $description = maybe_null(filter_input_general($description));
74
-  db_query("UPDATE misc.mysql_accounts SET description={$description} WHERE id={$thisuser['id']}");
74
+  DB::query("UPDATE misc.mysql_accounts SET description={$description} WHERE id={$thisuser['id']}");
75 75
 }
76 76
 
77 77
 function servers_for_databases()
78 78
 {
79 79
   $uid = (int) $_SESSION['userinfo']['uid'];
80 80
   
81
-  $result = db_query("SELECT db.name AS db, hostname FROM misc.mysql_database AS db LEFT JOIN system.useraccounts AS u ON (db.useraccount=u.uid) LEFT JOIN system.servers ON (COALESCE(db.server, u.server) = servers.id) WHERE db.useraccount={$uid}");
81
+  $result = DB::query("SELECT db.name AS db, hostname FROM misc.mysql_database AS db LEFT JOIN system.useraccounts AS u ON (db.useraccount=u.uid) LEFT JOIN system.servers ON (COALESCE(db.server, u.server) = servers.id) WHERE db.useraccount={$uid}");
82 82
   $ret = array();
83
-  while ($line = mysql_fetch_assoc($result)) {
83
+  while ($line = $result->fetch_assoc()) {
84 84
     $ret[$line['db']] = $line['hostname'];
85 85
   }
86 86
   DEBUG($ret);
... ...
@@ -95,10 +95,10 @@ function get_mysql_access($db, $account)
95 95
   if (!is_array($mysql_access))
96 96
   {
97 97
     $mysql_access = array();
98
-    $result = db_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
99
-    if (mysql_num_rows($result) == 0)
98
+    $result = DB::query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
99
+    if ($result->num_rows == 0)
100 100
       return false;
101
-    while ($line = mysql_fetch_object($result))
101
+    while ($line = $result->fetch_object())
102 102
       $mysql_access[$line->db][$line->user] = true;
103 103
   }
104 104
   return (array_key_exists($db, $mysql_access) && array_key_exists($account, $mysql_access[$db]));
... ...
@@ -108,22 +108,22 @@ function get_mysql_access($db, $account)
108 108
 function set_mysql_access($db, $account, $status)
109 109
 {
110 110
   $uid = $_SESSION['userinfo']['uid'];
111
-  $db = mysql_real_escape_string($db);
112
-  $account = mysql_real_escape_string($account);
111
+  $db = DB::escape($db);
112
+  $account = DB::escape($account);
113 113
   DEBUG("User »{$account}« soll ".($status ? "" : "NICHT ")."auf die Datenbank »{$db}« zugreifen");
114 114
   $query = '';
115 115
   if ($status)
116 116
   {
117 117
     if (get_mysql_access($db, $account))
118 118
       return NULL;
119
-    $result = db_query("SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1");
120
-    if (mysql_num_rows($result) != 1)
119
+    $result = DB::query("SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1");
120
+    if ($result->num_rows != 1)
121 121
     {
122 122
       logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find database {$db}");
123 123
       system_failure("cannot find database »{$db}«");
124 124
     }
125
-    $result = db_query("SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid} LIMIT 1");
126
-    if (mysql_num_rows($result) != 1)
125
+    $result = DB::query("SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid} LIMIT 1");
126
+    if ($result->num_rows != 1)
127 127
     {
128 128
       logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find user {$account}");
129 129
       system_failure("cannot find database user »{$account}«");
... ...
@@ -138,7 +138,7 @@ function set_mysql_access($db, $account, $status)
138 138
     $query = "DELETE FROM misc.mysql_access WHERE `database`=(SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1) AND user=(SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid});";
139 139
     logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "revoking access on »{$db}« from »{$account}«");
140 140
   }
141
-  db_query($query);
141
+  DB::query($query);
142 142
 }
143 143
 
144 144
 
... ...
@@ -151,19 +151,19 @@ function create_mysql_account($username, $description = '')
151 151
     return NULL;
152 152
   }
153 153
   $uid = $_SESSION['userinfo']['uid'];
154
-  $username = mysql_real_escape_string($username);
154
+  $username = DB::escape($username);
155 155
   $description = maybe_null($description);
156 156
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "creating user »{$username}«");
157
-  db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);");
157
+  DB::query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);");
158 158
 }
159 159
 
160 160
 
161 161
 function delete_mysql_account($username)
162 162
 {
163
-  $username = mysql_real_escape_string($username);
163
+  $username = DB::escape($username);
164 164
   $uid = $_SESSION['userinfo']['uid'];
165 165
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "deleting user »{$username}«");
166
-  db_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
166
+  DB::query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
167 167
 }
168 168
 
169 169
 
... ...
@@ -175,7 +175,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL)
175 175
     input_error("Der eingegebene Datenbankname entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein.");
176 176
     return NULL;
177 177
   }
178
-  $dbname = mysql_real_escape_string($dbname);
178
+  $dbname = DB::escape($dbname);
179 179
   $uid = $_SESSION['userinfo']['uid'];
180 180
   $description = maybe_null($description); 
181 181
   $server = (int) $server;
... ...
@@ -183,16 +183,16 @@ function create_mysql_database($dbname, $description = '', $server = NULL)
183 183
     $server = 'NULL';
184 184
   }
185 185
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "creating database »{$dbname}«");
186
-  db_query("INSERT INTO misc.mysql_database (name, useraccount, server, description) VALUES ('$dbname', $uid, $server, $description);");
186
+  DB::query("INSERT INTO misc.mysql_database (name, useraccount, server, description) VALUES ('$dbname', $uid, $server, $description);");
187 187
 }
188 188
 
189 189
 
190 190
 function delete_mysql_database($dbname)
191 191
 {
192
-  $dbname = mysql_real_escape_string($dbname);
192
+  $dbname = DB::escape($dbname);
193 193
   $uid = $_SESSION['userinfo']['uid'];
194 194
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "removing database »{$dbname}«");
195
-  db_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
195
+  DB::query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
196 196
 }
197 197
 
198 198
 
... ...
@@ -212,29 +212,29 @@ function validate_mysql_username($username)
212 212
 
213 213
 function set_mysql_password($username, $password)
214 214
 {
215
-  $username = mysql_real_escape_string($username);
216
-  $password = mysql_real_escape_string($password);
215
+  $username = DB::escape($username);
216
+  $password = DB::escape($password);
217 217
   $uid = $_SESSION['userinfo']['uid'];
218 218
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "updating password for »{$username}«");
219
-  db_query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;");
219
+  DB::query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;");
220 220
 }
221 221
 
222 222
 
223 223
 function has_mysql_database($dbname)
224 224
 {
225 225
   $uid = $_SESSION['userinfo']['uid'];
226
-  $dbname = mysql_real_escape_string($dbname);
227
-  $result = db_query("SELECT NULL FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
228
-  return (mysql_num_rows($result) == 1);
226
+  $dbname = DB::escape($dbname);
227
+  $result = DB::query("SELECT NULL FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
228
+  return ($result->num_rows == 1);
229 229
 }
230 230
 
231 231
 
232 232
 function has_mysql_user($username)
233 233
 {
234 234
   $uid = $_SESSION['userinfo']['uid'];
235
-  $userame = mysql_real_escape_string($username);
236
-  $result = db_query("SELECT NULL FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
237
-  return (mysql_num_rows($result) == 1);
235
+  $userame = DB::escape($username);
236
+  $result = DB::query("SELECT NULL FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
237
+  return ($result->num_rows == 1);
238 238
 }
239 239
 
240 240
 
... ...
@@ -16,23 +16,23 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 function set_newsletter_address($address) {
18 18
   $cid = $_SESSION['customerinfo']['customerno'];
19
-  $address = maybe_null(mysql_real_escape_string($address));
20
-  db_query("UPDATE kundendaten.kunden SET email_newsletter={$address} WHERE id={$cid}");
19
+  $address = maybe_null(DB::escape($address));
20
+  DB::query("UPDATE kundendaten.kunden SET email_newsletter={$address} WHERE id={$cid}");
21 21
 }
22 22
 
23 23
 function get_newsletter_address() {
24 24
   $cid = $_SESSION['customerinfo']['customerno'];
25
-  $result = db_query("SELECT email_newsletter FROM kundendaten.kunden WHERE id={$cid}");
26
-  $r = mysql_fetch_assoc($result);
25
+  $result = DB::query("SELECT email_newsletter FROM kundendaten.kunden WHERE id={$cid}");
26
+  $r = $result->fetch_assoc();
27 27
   return $r['email_newsletter'];
28 28
 }
29 29
 
30 30
 
31 31
 function get_latest_news() {
32 32
   $today = strftime('%Y-%m-%d');
33
-  $result = db_query("SELECT id, date, subject, content FROM misc.news WHERE date > '{$today}' - INTERVAL 1 YEAR ORDER BY date DESC");
33
+  $result = DB::query("SELECT id, date, subject, content FROM misc.news WHERE date > '{$today}' - INTERVAL 1 YEAR ORDER BY date DESC");
34 34
   $ret = array();
35
-  while ($item = mysql_fetch_assoc($result)) {
35
+  while ($item = $result->fetch_assoc()) {
36 36
     $ret[] = $item;
37 37
   }
38 38
   DEBUG($ret);
... ...
@@ -42,8 +42,8 @@ function get_latest_news() {
42 42
 
43 43
 function get_news_item($id) {
44 44
   $id = (int) $id;
45
-  $result = db_query("SELECT date, subject, content FROM misc.news WHERE id={$id}");
46
-  $ret = mysql_fetch_assoc($result);
45
+  $result = DB::query("SELECT date, subject, content FROM misc.news WHERE id={$id}");
46
+  $ret = $result->fetch_assoc();
47 47
   DEBUG($ret);
48 48
   return $ret;
49 49
 }
... ...
@@ -14,15 +14,15 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('inc/db.php');
18 18
 require_once('session/checkuser.php');
19 19
 
20 20
 function customer_has_email($customerno, $email)
21 21
 {
22 22
   $customerno = (int) $customerno;
23
-  $email = mysql_real_escape_string($email);
24
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
25
-  return (mysql_num_rows($result) > 0);
23
+  $email = DB::escape($email);
24
+  $result = DB::query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
25
+  return ($result->num_rows > 0);
26 26
 }
27 27
 
28 28
 
... ...
@@ -30,37 +30,37 @@ function validate_token($customerno, $token)
30 30
 {
31 31
   expire_tokens();
32 32
   $customerno = (int) $customerno;
33
-  $token = mysql_real_escape_string($token);
34
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
35
-  return (mysql_num_rows($result) > 0);
33
+  $token = DB::escape($token);
34
+  $result = DB::query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
35
+  return ($result->num_rows > 0);
36 36
 }
37 37
 
38 38
 
39 39
 function expire_tokens()
40 40
 {
41 41
   $expire = "1 DAY";
42
-  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
42
+  DB::query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
43 43
 }
44 44
 
45 45
 function invalidate_customer_token($customerno)
46 46
 {
47 47
   $customerno = (int) $customerno;
48
-  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
48
+  DB::query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
49 49
 }
50 50
  
51 51
 function create_token($customerno)
52 52
 {
53 53
   $customerno = (int) $customerno;
54 54
   expire_tokens();
55
-  $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
56
-  if (mysql_num_rows($result) > 0)
55
+  $result = DB::query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
56
+  if ($result->num_rows > 0)
57 57
   {
58
-    $res = mysql_fetch_object($result)->token_create;
58
+    $res = $result->fetch_object()->token_create;
59 59
     input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
60 60
     return false;
61 61
   }
62 62
   $token = random_string(10);
63
-  db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
63
+  DB::query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
64 64
   return true;
65 65
 }
66 66
 
... ...
@@ -69,10 +69,10 @@ function get_customer_token($customerno)
69 69
 {
70 70
   $customerno = (int) $customerno;
71 71
   expire_tokens();
72
-  $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
73
-  if (mysql_num_rows($result) < 1)
72
+  $result = DB::query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
73
+  if ($result->num_rows < 1)
74 74
     system_failure("Kann das Token nicht auslesen!");
75
-  return mysql_fetch_object($result)->token;
75
+  return $result->fetch_object()->token;
76 76
 }
77 77
 
78 78
 
... ...
@@ -14,17 +14,17 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('inc/db.php');
18 18
 require_once('mail.php');
19 19
 
20 20
 function customer_with_email($email)
21 21
 {
22
-  $email = mysql_real_escape_string($email);
23
-  $result = db_query("SELECT id FROM kundendaten.kunden WHERE email='{$email}' OR email_rechnung='{$email}' OR email_extern='{$email}' LIMIT 1;");
24
-  if (mysql_num_rows($result) == 0)
22
+  $email = DB::escape($email);
23
+  $result = DB::query("SELECT id FROM kundendaten.kunden WHERE email='{$email}' OR email_rechnung='{$email}' OR email_extern='{$email}' LIMIT 1;");
24
+  if ($result->num_rows == 0)
25 25
     return NULL;
26 26
   else
27
-    return mysql_fetch_object($result)->id;
27
+    return $result->fetch_object()->id;
28 28
 }
29 29
 
30 30
 
... ...
@@ -38,11 +38,11 @@ function create_customer($data)
38 38
     return NULL;
39 39
   }
40 40
 
41
-  $anrede = mysql_escape_string($data['anrede']);
42
-  $firma = mysql_escape_string($data['firma']);
43
-  $vorname = mysql_escape_string($data['vorname']);
44
-  $nachname = mysql_escape_string($data['nachname']);
45
-  $email = mysql_escape_string($data['email']);
41
+  $anrede = DB::escape($data['anrede']);
42
+  $firma = DB::escape($data['firma']);
43
+  $vorname = DB::escape($data['vorname']);
44
+  $nachname = DB::escape($data['nachname']);
45
+  $email = DB::escape($data['email']);
46 46
 
47 47
   logger(LOG_INFO, 'modules/register/include/register', 'register', "Creating new account: {$anrede} / {$firma} / {$vorname} / {$nachname} / {$email}");
48 48
   
... ...
@@ -51,10 +51,10 @@ function create_customer($data)
51 51
   $vorname = maybe_null($vorname);
52 52
   $nachname = maybe_null($nachname);
53 53
 
54
-  db_query("BEGIN");
55
-  db_query("INSERT INTO kundendaten.kunden (firma, nachname, vorname, anrede, email, erstellungsdatum,status) VALUES ({$firma}, {$nachname}, {$vorname}, {$anrede}, {$email}, CURDATE(), 3)");
56
-  $customerno = mysql_insert_id();
57
-  db_query("COMMIT");
54
+  DB::query("BEGIN");
55
+  DB::query("INSERT INTO kundendaten.kunden (firma, nachname, vorname, anrede, email, erstellungsdatum,status) VALUES ({$firma}, {$nachname}, {$vorname}, {$anrede}, {$email}, CURDATE(), 3)");
56
+  $customerno = DB::insert_id();
57
+  DB::query("COMMIT");
58 58
   return $customerno;
59 59
 
60 60
 }
... ...
@@ -21,10 +21,10 @@ function list_system_users()
21 21
 {
22 22
   require_role(ROLE_SYSADMIN);
23 23
 
24
-  $result = db_query("SELECT uid,username FROM system.v_useraccounts ORDER BY username");
24
+  $result = DB::query("SELECT uid,username FROM system.v_useraccounts ORDER BY username");
25 25
   
26 26
   $ret = array();
27
-  while ($item = mysql_fetch_object($result))
27
+  while ($item = $result->fetch_object())
28 28
     array_push($ret, $item);
29 29
   return $ret;
30 30
 }
... ...
@@ -34,10 +34,10 @@ function list_customers()
34 34
 {
35 35
   require_role(ROLE_SYSADMIN);
36 36
 
37
-  $result = db_query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden");
37
+  $result = DB::query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden");
38 38
   
39 39
   $ret = array();
40
-  while ($item = mysql_fetch_object($result))
40
+  while ($item = $result->fetch_object())
41 41
     array_push($ret, $item);
42 42
   return $ret;
43 43
 }
... ...
@@ -45,9 +45,9 @@ function list_customers()
45 45
 
46 46
 function find_customers($string) 
47 47
 {
48
-  $string = mysql_real_escape_string(chop($string));
48
+  $string = DB::escape(chop($string));
49 49
   $return = array();
50
-  $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
50
+  $result = DB::query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
51 51
                      "firma LIKE '%{$string}%' OR firma2 LIKE '%{$string}%' OR ".
52 52
                      "nachname LIKE '%{$string}%' OR vorname LIKE '%{$string}%' OR ".
53 53
                      "adresse LIKE '%{$string}%' OR adresse2 LIKE '%{$string}%' OR ".
... ...
@@ -55,14 +55,14 @@ function find_customers($string)
55 55
                      "notizen LIKE '%{$string}%' OR email_rechnung LIKE '%{$string}%' OR ".
56 56
                      "email LIKE '%{$string}%' OR email_extern LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
57 57
                      "u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
58
-  while ($entry = mysql_fetch_assoc($result))
58
+  while ($entry = $result->fetch_assoc())
59 59
     $return[] = $entry['id'];
60 60
 
61
-  $result = db_query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND (
61
+  $result = DB::query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND (
62 62
                       domainname LIKE '%{$string}%' OR CONCAT_WS('.', domainname, tld) LIKE '%{$string}%'
63 63
                       )");
64 64
 
65
-  while ($entry = mysql_fetch_assoc($result))
65
+  while ($entry = $result->fetch_assoc())
66 66
     $return[] = $entry['kunde'];
67 67
 
68 68
   return $return;
... ...
@@ -73,9 +73,9 @@ function find_users_for_customer($id)
73 73
 {
74 74
   $id = (int) $id;
75 75
   $return = array();
76
-  $result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE ".
76
+  $result = DB::query("SELECT uid, username, name FROM system.useraccounts WHERE ".
77 77
                      "kunde='{$id}';");
78
-  while ($entry = mysql_fetch_assoc($result))
78
+  while ($entry = $result->fetch_assoc())
79 79
     $return[] = $entry;
80 80
 
81 81
   return $return;
... ...
@@ -23,9 +23,9 @@ require_once("inc/debug.php");
23 23
 function list_subusers()
24 24
 {
25 25
   $uid = (int) $_SESSION['userinfo']['uid'];
26
-  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
26
+  $result = DB::query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
27 27
   $subusers = array();
28
-  while ($item = mysql_fetch_assoc($result))
28
+  while ($item = $result->fetch_assoc())
29 29
   {
30 30
     $item['modules'] = explode(',', $item['modules']);
31 31
     $subusers[] = $item;
... ...
@@ -39,8 +39,8 @@ function load_subuser($id) {
39 39
   $id = (int) $id;
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   
42
-  $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
43
-  $item = mysql_fetch_assoc($result);
42
+  $result = DB::query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
43
+  $item = $result->fetch_assoc();
44 44
   $item['modules'] = explode(',', $item['modules']);
45 45
   return $item;
46 46
 }
... ...
@@ -66,7 +66,7 @@ function delete_subuser($id) {
66 66
   $id = (int) $id;
67 67
   $uid = (int) $_SESSION['userinfo']['uid'];
68 68
   
69
-  db_query("DELETE FROM system.subusers WHERE id={$id} AND uid={$uid}");
69
+  DB::query("DELETE FROM system.subusers WHERE id={$id} AND uid={$uid}");
70 70
 }
71 71
 
72 72
 function empty_subuser()
... ...
@@ -79,7 +79,7 @@ function new_subuser($username, $requested_modules, $password)
79 79
 {
80 80
   $uid = (int) $_SESSION['userinfo']['uid'];
81 81
 
82
-  $username = mysql_real_escape_string(filter_input_username($username));
82
+  $username = DB::escape(filter_input_username($username));
83 83
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
84 84
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
85 85
     system_failure("Ungültiger Benutzername!");
... ...
@@ -100,7 +100,7 @@ function new_subuser($username, $requested_modules, $password)
100 100
   if (count($modules) == 0) {
101 101
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
102 102
   }
103
-  $modules = mysql_real_escape_string(implode(',', $modules));
103
+  $modules = DB::escape(implode(',', $modules));
104 104
   
105 105
   $result = strong_password($password);
106 106
   if ($result !== true) {
... ...
@@ -108,7 +108,7 @@ function new_subuser($username, $requested_modules, $password)
108 108
   }
109 109
   $password = hash("sha256", $password);
110 110
 
111
-  db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES ({$uid}, '{$username}', '{$password}', '{$modules}')");
111
+  DB::query("INSERT INTO system.subusers (uid, username, password, modules) VALUES ({$uid}, '{$username}', '{$password}', '{$modules}')");
112 112
 }
113 113
 
114 114
 
... ...
@@ -128,7 +128,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
128 128
     system_failure("Kann diesen Account nicht finden!");
129 129
   }
130 130
 
131
-  $username = mysql_real_escape_string(filter_input_username($username));
131
+  $username = DB::escape(filter_input_username($username));
132 132
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
133 133
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
134 134
     system_failure("Ungültiger Benutzername!");
... ...
@@ -148,7 +148,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
148 148
   if (count($modules) == 0) {
149 149
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
150 150
   }
151
-  $modules = mysql_real_escape_string(implode(',', $modules));
151
+  $modules = DB::escape(implode(',', $modules));
152 152
   
153 153
   $pwchange = '';
154 154
   if ($password) {
... ...
@@ -161,7 +161,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
161 161
   }
162 162
 
163 163
 
164
-  db_query("UPDATE system.subusers SET username='{$username}', modules='{$modules}'{$pwchange} WHERE id={$id} AND uid={$uid}");
164
+  DB::query("UPDATE system.subusers SET username='{$username}', modules='{$modules}'{$pwchange} WHERE id={$id} AND uid={$uid}");
165 165
 }
166 166
 
167 167
 
... ...
@@ -22,15 +22,15 @@ require_once("inc/db_connect.php");
22 22
 function customer_may_have_useraccounts()
23 23
 {
24 24
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
25
-  $result = db_query("SELECT COUNT(*) FROM system.useraccounts WHERE kunde={$customerno}");
26
-  return (mysql_num_rows($result) > 0);
25
+  $result = DB::query("SELECT COUNT(*) FROM system.useraccounts WHERE kunde={$customerno}");
26
+  return ($result->num_rows > 0);
27 27
 }
28 28
 
29 29
 function customer_useraccount($uid) {
30 30
   $uid = (int) $uid;
31 31
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
32
-  $result = db_query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1");
33
-  return mysql_num_rows($result) > 0;
32
+  $result = DB::query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1");
33
+  return $result->num_rows > 0;
34 34
 }
35 35
 
36 36
 function primary_useraccount()
... ...
@@ -38,8 +38,8 @@ function primary_useraccount()
38 38
   if (! ($_SESSION['role'] & ROLE_SYSTEMUSER))
39 39
     return NULL;
40 40
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
41
-  $result = db_query("SELECT MIN(uid) AS uid FROM system.useraccounts WHERE kunde={$customerno}");
42
-  $uid = mysql_fetch_object($result)->uid;
41
+  $result = DB::query("SELECT MIN(uid) AS uid FROM system.useraccounts WHERE kunde={$customerno}");
42
+  $uid = $result->fetch_object()->uid;
43 43
   DEBUG("primary useraccount: {$uid}");
44 44
   return $uid;
45 45
 }
... ...
@@ -47,9 +47,9 @@ function primary_useraccount()
47 47
 
48 48
 function available_shells()
49 49
 {
50
-  $result = db_query("SELECT path, name FROM system.shells WHERE usable=1");
50
+  $result = DB::query("SELECT path, name FROM system.shells WHERE usable=1");
51 51
   $ret = array();
52
-  while ($s = mysql_fetch_assoc($result))
52
+  while ($s = $result->fetch_assoc())
53 53
   {
54 54
     $ret[$s['path']] = $s['name'];
55 55
   }
... ...
@@ -61,9 +61,9 @@ function available_shells()
61 61
 function list_useraccounts()
62 62
 {
63 63
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
64
-  $result = db_query("SELECT uid,username,name,erstellungsdatum,quota,shell FROM system.useraccounts WHERE kunde={$customerno}");
64
+  $result = DB::query("SELECT uid,username,name,erstellungsdatum,quota,shell FROM system.useraccounts WHERE kunde={$customerno}");
65 65
   $ret = array();
66
-  while ($item = mysql_fetch_assoc($result))
66
+  while ($item = $result->fetch_assoc())
67 67
   {
68 68
     array_push($ret, $item);
69 69
   }
... ...
@@ -78,18 +78,18 @@ function get_account_details($uid, $customerno=0)
78 78
   $customerno = (int) $customerno;
79 79
   if ($customerno == 0)
80 80
     $customerno = $_SESSION['customerinfo']['customerno'];
81
-  $result = db_query("SELECT uid,username,name,shell,quota,erstellungsdatum FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid}");
82
-  if (mysql_num_rows($result) == 0)
81
+  $result = DB::query("SELECT uid,username,name,shell,quota,erstellungsdatum FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid}");
82
+  if ($result->num_rows == 0)
83 83
     system_failure("Cannot find the requestes useraccount (for this customer).");
84
-  return mysql_fetch_assoc($result);
84
+  return $result->fetch_assoc();
85 85
 }
86 86
 
87 87
 function get_used_quota($uid)
88 88
 {
89 89
   $uid = (int) $uid;
90
-  $result = db_query("SELECT s.hostname AS server, systemquota, systemquota_used, mailquota, mailquota_used FROM system.v_quota AS q LEFT JOIN system.servers AS s ON (s.id=q.server) WHERE uid='{$uid}'");
90
+  $result = DB::query("SELECT s.hostname AS server, systemquota, systemquota_used, mailquota, mailquota_used FROM system.v_quota AS q LEFT JOIN system.servers AS s ON (s.id=q.server) WHERE uid='{$uid}'");
91 91
   $ret = array();
92
-  while ($line = mysql_fetch_assoc($result))
92
+  while ($line = $result->fetch_assoc())
93 93
     $ret[] = $line;
94 94
   DEBUG($ret);
95 95
   return $ret;
... ...
@@ -105,11 +105,11 @@ function set_account_details($account)
105 105
   else
106 106
     $customerno = (int) $_SESSION['userinfo']['customerno'];
107 107
 
108
-  $fullname = maybe_null(mysql_real_escape_string(filter_input_general($account['name'])));
109
-  $shell = mysql_real_escape_string(filter_input_general($account['shell']));
108
+  $fullname = maybe_null(DB::escape(filter_input_general($account['name'])));
109
+  $shell = DB::escape(filter_input_general($account['shell']));
110 110
   $quota = (int) $account['quota'];
111 111
 
112
-  db_query("UPDATE system.useraccounts SET name={$fullname}, quota={$quota}, shell='{$shell}' WHERE kunde={$customerno} AND uid={$uid}");
112
+  DB::query("UPDATE system.useraccounts SET name={$fullname}, quota={$quota}, shell='{$shell}' WHERE kunde={$customerno} AND uid={$uid}");
113 113
   logger(LOG_INFO, "modules/systemuser/include/useraccounts", "systemuser", "updated details for uid {$uid}");
114 114
 
115 115
 }
... ...
@@ -117,8 +117,8 @@ function set_account_details($account)
117 117
 function get_customer_quota()
118 118
 {
119 119
   $cid = (int) $_SESSION['customerinfo']['customerno'];
120
-  $result = db_query("SELECT SUM(u.quota) AS assigned, cq.quota AS max FROM system.customerquota AS cq INNER JOIN system.useraccounts AS u ON (u.kunde=cq.cid) WHERE cq.cid={$cid}");
121
-  $ret = mysql_fetch_assoc($result);
120
+  $result = DB::query("SELECT SUM(u.quota) AS assigned, cq.quota AS max FROM system.customerquota AS cq INNER JOIN system.useraccounts AS u ON (u.kunde=cq.cid) WHERE cq.cid={$cid}");
121
+  $ret = $result->fetch_assoc();
122 122
   DEBUG($ret);
123 123
   return $ret;
124 124
 }
... ...
@@ -24,9 +24,9 @@ define("CERT_NOCHAIN", 2);
24 24
 function user_certs()
25 25
 {
26 26
   $uid = (int) $_SESSION['userinfo']['uid'];
27
-  $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=${uid} ORDER BY cn");
27
+  $result = DB::query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=${uid} ORDER BY cn");
28 28
   $ret = array();
29
-  while ($i = mysql_fetch_assoc($result))
29
+  while ($i = $result->fetch_assoc())
30 30
     $ret[] = $i;
31 31
   DEBUG($ret);
32 32
   return $ret;
... ...
@@ -35,9 +35,9 @@ function user_certs()
35 35
 function user_csr()
36 36
 {
37 37
   $uid = (int) $_SESSION['userinfo']['uid'];
38
-  $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=${uid} ORDER BY hostname");
38
+  $result = DB::query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=${uid} ORDER BY hostname");
39 39
   $ret = array();
40
-  while ($i = mysql_fetch_assoc($result))
40
+  while ($i = $result->fetch_assoc())
41 41
     $ret[] = $i;
42 42
   DEBUG($ret);
43 43
   return $ret;
... ...
@@ -48,10 +48,10 @@ function cert_details($id)
48 48
   $id = (int) $id;
49 49
   $uid = (int) $_SESSION['userinfo']['uid'];
50 50
   
51
-  $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, cert, `key` FROM vhosts.certs WHERE uid={$uid} AND id={$id}");
52
-  if (mysql_num_rows($result) != 1)
51
+  $result = DB::query("SELECT id, lastchange, valid_from, valid_until, subject, cn, cert, `key` FROM vhosts.certs WHERE uid={$uid} AND id={$id}");
52
+  if ($result->num_rows != 1)
53 53
     system_failure("Ungültiges Zertifikat #{$id}");
54
-  return mysql_fetch_assoc($result);
54
+  return $result->fetch_assoc();
55 55
 }
56 56
 
57 57
 
... ...
@@ -60,10 +60,10 @@ function csr_details($id)
60 60
   $id = (int) $id;
61 61
   $uid = (int) $_SESSION['userinfo']['uid'];
62 62
   
63
-  $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid={$uid} AND id={$id}");
64
-  if (mysql_num_rows($result) != 1)
63
+  $result = DB::query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid={$uid} AND id={$id}");
64
+  if ($result->num_rows != 1)
65 65
     system_failure("Ungültiger CSR");
66
-  return mysql_fetch_assoc($result);
66
+  return $result->fetch_assoc();
67 67
 }
68 68
 
69 69
 
... ...
@@ -87,11 +87,11 @@ function get_chain($cert)
87 87
   if (! isset($certdata['issuer']['CN'])) {
88 88
     return NULL;
89 89
   }
90
-  $issuer = mysql_real_escape_string($certdata['issuer']['CN']);
91
-  $result = db_query("SELECT id FROM vhosts.certchain WHERE cn='{$issuer}'");
92
-  if (mysql_num_rows($result) > 0)
90
+  $issuer = DB::escape($certdata['issuer']['CN']);
91
+  $result = DB::query("SELECT id FROM vhosts.certchain WHERE cn='{$issuer}'");
92
+  if ($result->num_rows > 0)
93 93
   {
94
-    $c = mysql_fetch_assoc($result);
94
+    $c = $result->fetch_assoc();
95 95
     //$chainfile = '/etc/apache2/certs/chains/'.$c['id'].'.pem';
96 96
     DEBUG("identified fitting certificate chain #".$c['id']);
97 97
     return $c['id'];
... ...
@@ -139,8 +139,8 @@ function validate_certificate($cert, $key)
139 139
   $chain = (int) get_chain($cert);
140 140
   if ($chain)
141 141
   {
142
-    $result = db_query("SELECT content FROM vhosts.certchain WHERE id={$chain}");
143
-    $tmp = mysql_fetch_assoc($result);
142
+    $result = DB::query("SELECT content FROM vhosts.certchain WHERE id={$chain}");
143
+    $tmp = $result->fetch_assoc();
144 144
     $chaincert = $tmp['content'];
145 145
     $chainfile = tempnam(sys_get_temp_dir(), 'webinterface');
146 146
     $f = fopen($chainfile, "w");
... ...
@@ -183,16 +183,16 @@ function save_cert($info, $cert, $key)
183 183
 {
184 184
   openssl_pkey_export($key, $key);
185 185
   openssl_x509_export($cert, $cert);
186
-  $subject = mysql_real_escape_string(filter_input_general($info['subject']));
187
-  $cn = mysql_real_escape_string(filter_input_general($info['cn']));
188
-  $valid_from = mysql_real_escape_string($info['valid_from']);
189
-  $valid_until = mysql_real_escape_string($info['valid_until']);
186
+  $subject = DB::escape(filter_input_general($info['subject']));
187
+  $cn = DB::escape(filter_input_general($info['cn']));
188
+  $valid_from = DB::escape($info['valid_from']);
189
+  $valid_until = DB::escape($info['valid_until']);
190 190
   $chain = maybe_null( get_chain($cert) );
191
-  $cert = mysql_real_escape_string($cert);
192
-  $key = mysql_real_escape_string($key);
191
+  $cert = DB::escape($cert);
192
+  $key = DB::escape($key);
193 193
   $uid = (int) $_SESSION['userinfo']['uid'];
194 194
 
195
-  db_query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES ({$uid}, '{$subject}', '{$cn}', '{$valid_from}', '{$valid_until}', {$chain}, '{$cert}', '{$key}')");
195
+  DB::query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES ({$uid}, '{$subject}', '{$cn}', '{$valid_from}', '{$valid_until}', {$chain}, '{$cert}', '{$key}')");
196 196
 }
197 197
 
198 198
 
... ...
@@ -203,19 +203,19 @@ function refresh_cert($id, $info, $cert, $key = NULL)
203 203
 
204 204
   $id = (int) $id;
205 205
   $oldcert = cert_details($id);
206
-  $cert = mysql_real_escape_string($cert);
207
-  $subject = mysql_real_escape_string(filter_input_general($info['subject']));
208
-  $cn = mysql_real_escape_string(filter_input_general($info['cn']));
206
+  $cert = DB::escape($cert);
207
+  $subject = DB::escape(filter_input_general($info['subject']));
208
+  $cn = DB::escape(filter_input_general($info['cn']));
209 209
   
210
-  $valid_from = mysql_real_escape_string($info['valid_from']);
211
-  $valid_until = mysql_real_escape_string($info['valid_until']);
210
+  $valid_from = DB::escape($info['valid_from']);
211
+  $valid_until = DB::escape($info['valid_until']);
212 212
 
213 213
   $keyop = '';
214 214
   if ($key) {
215 215
     openssl_pkey_export($key, $key);
216
-    $keyop = ", `key`='".mysql_real_escape_string($key)."'";
216
+    $keyop = ", `key`='".DB::escape($key)."'";
217 217
   }
218
-  db_query("UPDATE vhosts.certs SET subject='{$subject}', cn='{$cn}', cert='{$cert}'{$keyop}, valid_from='{$valid_from}', valid_until='{$valid_until}', chain={$chain} WHERE id={$id} LIMIT 1");
218
+  DB::query("UPDATE vhosts.certs SET subject='{$subject}', cn='{$cn}', cert='{$cert}'{$keyop}, valid_from='{$valid_from}', valid_until='{$valid_until}', chain={$chain} WHERE id={$id} LIMIT 1");
219 219
 }
220 220
 
221 221
 
... ...
@@ -224,7 +224,7 @@ function delete_cert($id)
224 224
   $uid = (int) $_SESSION['userinfo']['uid'];
225 225
   $id = (int) $id;
226 226
   
227
-  db_query("DELETE FROM vhosts.certs WHERE uid={$uid} AND id={$id} LIMIT 1");
227
+  DB::query("DELETE FROM vhosts.certs WHERE uid={$uid} AND id={$id} LIMIT 1");
228 228
 }
229 229
 
230 230
 function delete_csr($id)
... ...
@@ -232,7 +232,7 @@ function delete_csr($id)
232 232
   $uid = (int) $_SESSION['userinfo']['uid'];
233 233
   $id = (int) $id;
234 234
   
235
-  db_query("DELETE FROM vhosts.csr WHERE uid={$uid} AND id={$id} LIMIT 1");
235
+  DB::query("DELETE FROM vhosts.csr WHERE uid={$uid} AND id={$id} LIMIT 1");
236 236
 }
237 237
 
238 238
 
... ...
@@ -304,13 +304,13 @@ function save_csr($cn, $bits, $replace=NULL)
304 304
   list($csr, $key) = create_csr($cn, $bits);
305 305
   
306 306
   $uid = (int) $_SESSION['userinfo']['uid'];
307
-  $cn = mysql_real_escape_string(filter_input_hostname($cn, true));
307
+  $cn = DB::escape(filter_input_hostname($cn, true));
308 308
   $bits = (int) $bits;
309 309
   $replace = ($replace ? (int) $replace : 'NULL');
310
-  $csr = mysql_real_escape_string($csr);
311
-  $key = mysql_real_escape_string($key);
312
-  db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES ({$uid}, '{$cn}', {$bits}, {$replace}, '{$csr}', '{$key}')");
313
-  $id = mysql_insert_id();
310
+  $csr = DB::escape($csr);
311
+  $key = DB::escape($key);
312
+  DB::query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES ({$uid}, '{$cn}', {$bits}, {$replace}, '{$csr}', '{$key}')");
313
+  $id = DB::insert_id();
314 314
   return $id;  
315 315
 }
316 316
 
... ...
@@ -26,15 +26,15 @@ require_once("certs.php");
26 26
 function traffic_month($vhost_id)
27 27
 {
28 28
   $vhost_id = (int) $vhost_id;
29
-  $result = db_query("SELECT sum(mb_in+mb_out) as mb FROM vhosts.traffic where date > CURDATE() - INTERVAL 1 MONTH AND vhost_id = {$vhost_id}");
30
-  $data = mysql_fetch_assoc($result);
29
+  $result = DB::query("SELECT sum(mb_in+mb_out) as mb FROM vhosts.traffic where date > CURDATE() - INTERVAL 1 MONTH AND vhost_id = {$vhost_id}");
30
+  $data = $result->fetch_assoc();
31 31
   return $data['mb'];
32 32
 }
33 33
 
34 34
 function autoipv6_address($vhost_id, $mode = 1)
35 35
 {
36
-  $result = db_query("SELECT uid, v6_prefix FROM vhosts.v_vhost LEFT JOIN system.servers ON (servers.hostname = server) WHERE v_vhost.id={$vhost_id}");
37
-  $data = mysql_fetch_assoc($result);
36
+  $result = DB::query("SELECT uid, v6_prefix FROM vhosts.v_vhost LEFT JOIN system.servers ON (servers.hostname = server) WHERE v_vhost.id={$vhost_id}");
37
+  $data = $result->fetch_assoc();
38 38
   if (!$data['v6_prefix'])
39 39
   {
40 40
     warning("IPv6-Adresse nicht verfügbar, Server unterstützt kein IPv6");
... ...
@@ -53,9 +53,9 @@ function autoipv6_address($vhost_id, $mode = 1)
53 53
 function list_vhosts()
54 54
 {
55 55
   $uid = (int) $_SESSION['userinfo']['uid'];
56
-  $result = db_query("SELECT vh.id,fqdn,domain,docroot,docroot_is_default,php,cgi,vh.certid AS cert, vh.ssl, vh.options,logtype,errorlog,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp, stats FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} ORDER BY domain,hostname");
56
+  $result = DB::query("SELECT vh.id,fqdn,domain,docroot,docroot_is_default,php,cgi,vh.certid AS cert, vh.ssl, vh.options,logtype,errorlog,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp, stats FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} ORDER BY domain,hostname");
57 57
   $ret = array();
58
-  while ($item = mysql_fetch_assoc($result))
58
+  while ($item = $result->fetch_assoc())
59 59
     array_push($ret, $item);
60 60
   return $ret;
61 61
 }
... ...
@@ -63,9 +63,9 @@ function list_vhosts()
63 63
 function ipv6_possible($server)
64 64
 {
65 65
   $serverid = (int) $server;
66
-  $servername = mysql_real_escape_string($server);
67
-  $result = db_query("SELECT v6_prefix FROM system.servers WHERE id={$serverid} OR hostname='{$servername}'");
68
-  $line = mysql_fetch_assoc($result);
66
+  $servername = DB::escape($server);
67
+  $result = DB::query("SELECT v6_prefix FROM system.servers WHERE id={$serverid} OR hostname='{$servername}'");
68
+  $line = $result->fetch_assoc();
69 69
   DEBUG("Server {$server} is v6-capable: ". ($line['v6_prefix'] != NULL));
70 70
   return ($line['v6_prefix'] != NULL);
71 71
 }
... ...
@@ -141,11 +141,11 @@ function get_vhost_details($id)
141 141
 {
142 142
   $id = (int) $id;
143 143
   $uid = (int) $_SESSION['userinfo']['uid'];
144
-  $result = db_query("SELECT vh.*,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} AND vh.id={$id}");
145
-  if (mysql_num_rows($result) != 1)
144
+  $result = DB::query("SELECT vh.*,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} AND vh.id={$id}");
145
+  if ($result->num_rows != 1)
146 146
     system_failure('Interner Fehler beim Auslesen der Daten');
147 147
 
148
-  $ret = mysql_fetch_assoc($result);
148
+  $ret = $result->fetch_assoc();
149 149
 
150 150
   $ret['server'] = $ret['server_id'];
151 151
   DEBUG($ret);
... ...
@@ -155,9 +155,9 @@ function get_vhost_details($id)
155 155
 
156 156
 function get_aliases($vhost)
157 157
 {
158
-  $result = db_query("SELECT id,fqdn,options FROM vhosts.v_alias WHERE vhost={$vhost}");
158
+  $result = DB::query("SELECT id,fqdn,options FROM vhosts.v_alias WHERE vhost={$vhost}");
159 159
   $ret = array();
160
-  while ($item = mysql_fetch_assoc($result)) {
160
+  while ($item = $result->fetch_assoc()) {
161 161
     array_push($ret, $item);
162 162
   }
163 163
   return $ret;
... ...
@@ -185,9 +185,9 @@ function get_all_aliases($vhost)
185 185
 
186 186
 function list_available_webapps()
187 187
 {
188
-  $result = db_query("SELECT id,displayname FROM vhosts.global_webapps");
188
+  $result = DB::query("SELECT id,displayname FROM vhosts.global_webapps");
189 189
   $ret = array();
190
-  while ($item = mysql_fetch_assoc($result))
190
+  while ($item = $result->fetch_assoc())
191 191
     array_push($ret, $item);
192 192
   return $ret;
193 193
 }
... ...
@@ -200,7 +200,7 @@ function delete_vhost($id)
200 200
     system_failure("id == 0");
201 201
   $vhost = get_vhost_details($id);
202 202
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Removing vhost #'.$id.' ('.$vhost['hostname'].'.'.$vhost['domain'].')');
203
-  db_query("DELETE FROM vhosts.vhost WHERE id={$vhost['id']} LIMIT 1");
203
+  DB::query("DELETE FROM vhosts.vhost WHERE id={$vhost['id']} LIMIT 1");
204 204
 }
205 205
 
206 206
 
... ...
@@ -211,8 +211,8 @@ function make_svn_vhost($id)
211 211
   if ($id == 0)
212 212
     system_failure("id == 0");
213 213
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to SVN');
214
-  db_query("REPLACE INTO vhosts.dav (vhost, type) VALUES ({$id}, 'svn')");
215
-  db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
214
+  DB::query("REPLACE INTO vhosts.dav (vhost, type) VALUES ({$id}, 'svn')");
215
+  DB::query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
216 216
 }
217 217
 
218 218
 function make_dav_vhost($id) 
... ...
@@ -221,8 +221,8 @@ function make_dav_vhost($id)
221 221
   if ($id == 0)
222 222
     system_failure("id == 0");
223 223
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to WebDAV');
224
-  db_query("REPLACE INTO vhosts.dav (vhost, type, options) VALUES ({$id}, 'dav', 'nouserfile')");
225
-  db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
224
+  DB::query("REPLACE INTO vhosts.dav (vhost, type, options) VALUES ({$id}, 'dav', 'nouserfile')");
225
+  DB::query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
226 226
 }
227 227
 
228 228
 function make_regular_vhost($id)
... ...
@@ -231,8 +231,8 @@ function make_regular_vhost($id)
231 231
   if ($id == 0)
232 232
     system_failure("id == 0");
233 233
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to regular');
234
-  db_query("DELETE FROM vhosts.dav WHERE vhost={$id}");
235
-  db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
234
+  DB::query("DELETE FROM vhosts.dav WHERE vhost={$id}");
235
+  DB::query("DELETE FROM vhosts.webapps WHERE vhost={$id}");
236 236
 }
237 237
 
238 238
 
... ...
@@ -242,12 +242,12 @@ function make_webapp_vhost($id, $webapp)
242 242
   $webapp = (int) $webapp;
243 243
   if ($id == 0)
244 244
     system_failure("id == 0");
245
-  $result = db_query("SELECT displayname FROM vhosts.global_webapps WHERE id={$webapp};");
246
-  if (mysql_num_rows($result) == 0)
245
+  $result = DB::query("SELECT displayname FROM vhosts.global_webapps WHERE id={$webapp};");
246
+  if ($result->num_rows == 0)
247 247
     system_failure("webapp-id invalid");
248
-  $webapp_name = mysql_fetch_object($result)->displayname;
248
+  $webapp_name = $result->fetch_object()->displayname;
249 249
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Setting up webapp '.$webapp_name.' on vhost #'.$id);
250
-  db_query("REPLACE INTO vhosts.webapps (vhost, webapp) VALUES ({$id}, {$webapp})");
250
+  DB::query("REPLACE INTO vhosts.webapps (vhost, webapp) VALUES ({$id}, {$webapp})");
251 251
   mail('webapps-setup@schokokeks.org', 'setup', 'setup');
252 252
 }
253 253
 
... ...
@@ -256,7 +256,7 @@ function check_hostname_collision($hostname, $domain)
256 256
 {
257 257
   $uid = (int) $_SESSION['userinfo']['uid'];
258 258
   # Neuer vhost => Prüfe Duplikat
259
-  $hostnamecheck = "hostname='".mysql_real_escape_string($hostname)."'";
259
+  $hostnamecheck = "hostname='".DB::escape($hostname)."'";
260 260
   if (! $hostname) {
261 261
     $hostnamecheck = "hostname IS NULL";
262 262
   }
... ...
@@ -264,16 +264,16 @@ function check_hostname_collision($hostname, $domain)
264 264
   if ($domain == -1) {
265 265
     $domaincheck = "domain IS NULL AND user={$uid}";
266 266
   }
267
-  $result = db_query("SELECT id FROM vhosts.vhost WHERE {$hostnamecheck} AND {$domaincheck}");
268
-  if (mysql_num_rows($result) > 0) {
267
+  $result = DB::query("SELECT id FROM vhosts.vhost WHERE {$hostnamecheck} AND {$domaincheck}");
268
+  if ($result->num_rows > 0) {
269 269
     system_failure('Eine Konfiguration mit diesem Namen gibt es bereits.');
270 270
   }
271 271
   if ($domain == -1) {
272 272
     return ;
273 273
   }
274
-  $result = db_query("SELECT id, vhost FROM vhosts.alias WHERE {$hostnamecheck} AND {$domaincheck}");
275
-  if (mysql_num_rows($result) > 0) {
276
-    $data = mysql_fetch_assoc($result);
274
+  $result = DB::query("SELECT id, vhost FROM vhosts.alias WHERE {$hostnamecheck} AND {$domaincheck}");
275
+  if ($result->num_rows > 0) {
276
+    $data = $result->fetch_assoc();
277 277
     $vh = get_vhost_details($data['vhost']);
278 278
     system_failure('Dieser Hostname ist bereits als Alias für »'.$vh['fqdn'].'« eingerichtet');
279 279
   }
... ...
@@ -319,7 +319,7 @@ function save_vhost($vhost)
319 319
     if (! $vhost['options']) $vhost['options']='nodocroot';
320 320
     else $vhost['options']+=",nodocroot";
321 321
   }
322
-  $options = mysql_real_escape_string( $vhost['options'] );
322
+  $options = DB::escape( $vhost['options'] );
323 323
 
324 324
   $cert = 0;
325 325
   $certs = user_certs();
... ...
@@ -345,12 +345,12 @@ function save_vhost($vhost)
345 345
 
346 346
   if ($id != 0) {
347 347
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Updating vhost #'.$id.' ('.$vhost['hostname'].'.'.$vhost['domain'].')');
348
-    db_query("UPDATE vhosts.vhost SET hostname={$hostname}, domain={$domain}, docroot={$docroot}, php={$php}, cgi={$cgi}, `ssl`={$ssl}, `suexec_user`={$suexec_user}, `server`={$server}, logtype={$logtype}, errorlog={$errorlog}, certid={$cert}, ipv4={$ipv4}, autoipv6={$autoipv6}, options='{$options}', stats={$stats} WHERE id={$id} LIMIT 1");
348
+    DB::query("UPDATE vhosts.vhost SET hostname={$hostname}, domain={$domain}, docroot={$docroot}, php={$php}, cgi={$cgi}, `ssl`={$ssl}, `suexec_user`={$suexec_user}, `server`={$server}, logtype={$logtype}, errorlog={$errorlog}, certid={$cert}, ipv4={$ipv4}, autoipv6={$autoipv6}, options='{$options}', stats={$stats} WHERE id={$id} LIMIT 1");
349 349
   }
350 350
   else {
351 351
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Creating vhost '.$vhost['hostname'].'.'.$vhost['domain'].'');
352
-    $result = db_query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options, stats) VALUES ({$_SESSION['userinfo']['uid']}, {$hostname}, {$domain}, {$docroot}, {$php}, {$cgi}, {$ssl}, {$suexec_user}, {$server}, {$logtype}, {$errorlog}, {$cert}, {$ipv4}, {$autoipv6}, '{$options}', {$stats})");
353
-    $id = mysql_insert_id();
352
+    $result = DB::query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options, stats) VALUES ({$_SESSION['userinfo']['uid']}, {$hostname}, {$domain}, {$docroot}, {$php}, {$cgi}, {$ssl}, {$suexec_user}, {$server}, {$logtype}, {$errorlog}, {$cert}, {$ipv4}, {$autoipv6}, '{$options}', {$stats})");
353
+    $id = DB::insert_id();
354 354
   }
355 355
   $oldvhost = get_vhost_details($id);
356 356
   /*
... ...
@@ -372,12 +372,12 @@ function get_alias_details($id)
372 372
 {
373 373
   $id = (int) $id;
374 374
   $uid = (int) $_SESSION['userinfo']['uid'];
375
-  $result = db_query("SELECT * FROM vhosts.v_alias WHERE id={$id}");
375
+  $result = DB::query("SELECT * FROM vhosts.v_alias WHERE id={$id}");
376 376
   
377
-  if (mysql_num_rows($result) != 1)
377
+  if ($result->num_rows != 1)
378 378
     system_failure('Interner Fehler beim Auslesen der Alias-Daten');
379 379
   
380
-  $alias = mysql_fetch_assoc($result);
380
+  $alias = $result->fetch_assoc();
381 381
   
382 382
   if ($alias['domain_id'] == NULL) {
383 383
     $alias['domain_id'] = -1;
... ...
@@ -396,7 +396,7 @@ function delete_alias($id)
396 396
   $alias = get_alias_details($id);
397 397
 
398 398
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Removing alias #'.$id.' ('.$alias['hostname'].'.'.$alias['domain'].')');
399
-  db_query("DELETE FROM vhosts.alias WHERE id={$id}");
399
+  DB::query("DELETE FROM vhosts.alias WHERE id={$id}");
400 400
 }
401 401
 
402 402
 function save_alias($alias)
... ...
@@ -411,14 +411,14 @@ function save_alias($alias)
411 411
   if ($alias['domain_id'] == -1)
412 412
     $domain = 'NULL';
413 413
   $vhost = get_vhost_details( (int) $alias['vhost']);
414
-  $options = mysql_real_escape_string( $alias['options'] );
414
+  $options = DB::escape( $alias['options'] );
415 415
   if ($id == 0) {
416 416
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Creating alias '.$alias['hostname'].'.'.$alias['domain'].' for VHost '.$vhost['id']);
417
-    db_query("INSERT INTO vhosts.alias (hostname, domain, vhost, options) VALUES ({$hostname}, {$domain}, {$vhost['id']}, '{$options}')");
417
+    DB::query("INSERT INTO vhosts.alias (hostname, domain, vhost, options) VALUES ({$hostname}, {$domain}, {$vhost['id']}, '{$options}')");
418 418
   }
419 419
   else {
420 420
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Updating alias #'.$id.' ('.$alias['hostname'].'.'.$alias['domain'].')');
421
-    db_query("UPDATE vhosts.alias SET hostname={$hostname}, domain={$domain}, options='{$options}' WHERE id={$id} LIMIT 1");
421
+    DB::query("UPDATE vhosts.alias SET hostname={$hostname}, domain={$domain}, options='{$options}' WHERE id={$id} LIMIT 1");
422 422
   }
423 423
 }
424 424
 
... ...
@@ -426,9 +426,9 @@ function save_alias($alias)
426 426
 function available_suexec_users()
427 427
 {
428 428
   $uid = (int) $_SESSION['userinfo']['uid'];
429
-  $result = db_query("SELECT uid, username FROM vhosts.available_users LEFT JOIN vhosts.v_useraccounts ON (uid = suexec_user) WHERE mainuser={$uid}");
429
+  $result = DB::query("SELECT uid, username FROM vhosts.available_users LEFT JOIN vhosts.v_useraccounts ON (uid = suexec_user) WHERE mainuser={$uid}");
430 430
   $ret = array();
431
-  while ($i = mysql_fetch_assoc($result))
431
+  while ($i = $result->fetch_assoc())
432 432
     $ret[] = $i;
433 433
   DEBUG('available suexec-users:');
434 434
   DEBUG($ret);
... ...
@@ -440,9 +440,9 @@ function available_suexec_users()
440 440
 function user_ipaddrs()
441 441
 {
442 442
   $uid = (int) $_SESSION['userinfo']['uid'];
443
-  $result = db_query("SELECT ipaddr FROM vhosts.ipaddr_available WHERE uid={$uid}");
443
+  $result = DB::query("SELECT ipaddr FROM vhosts.ipaddr_available WHERE uid={$uid}");
444 444
   $ret = array();
445
-  while ($i = mysql_fetch_assoc($result))
445
+  while ($i = $result->fetch_assoc())
446 446
   {
447 447
     $ret[] = $i['ipaddr'];
448 448
   }
... ...
@@ -27,13 +27,13 @@ $uid = (int) $_SESSION['userinfo']['uid'];
27 27
 
28 28
 if (isset($_POST['freq']) && in_array($_POST['freq'],array("day","week","month"))) {
29 29
   check_form_token('freewvs_freq'); 
30
-	db_query("REPLACE INTO qatools.freewvs (user,freq) VALUES ({$uid},'{$_POST['freq']}');");
30
+	DB::query("REPLACE INTO qatools.freewvs (user,freq) VALUES ({$uid},'{$_POST['freq']}');");
31 31
 	header("Location: freewvs");
32 32
 	die();
33 33
 }
34 34
 
35
-$result = db_query("SELECT freq FROM qatools.v_freewvs WHERE uid={$uid};");
36
-$result=mysql_fetch_assoc($result);
35
+$result = DB::query("SELECT freq FROM qatools.v_freewvs WHERE uid={$uid};");
36
+$result=$result->fetch_assoc();
37 37
 $freq=$result['freq'];
38 38
 
39 39
 headline('Überprüfung Ihrer Web-Anwendungen auf Sicherheitslücken');
... ...
@@ -20,19 +20,19 @@ require_once('inc/base.php');
20 20
 function load_results()
21 21
 {
22 22
   $uid = (int) $_SESSION['userinfo']['uid'];
23
-  $result = db_query("SELECT directory, docroot, lastcheck, appname, version, state, safeversion, vulninfo FROM qatools.freewvs_results WHERE uid={$uid}");
23
+  $result = DB::query("SELECT directory, docroot, lastcheck, appname, version, state, safeversion, vulninfo FROM qatools.freewvs_results WHERE uid={$uid}");
24 24
   $ret = array();
25
-  while ($line = mysql_fetch_assoc($result)) {
25
+  while ($line = $result->fetch_assoc()) {
26 26
     array_push($ret, $line);
27 27
   }
28 28
   return $ret;
29 29
 }
30 30
 
31 31
 function get_upgradeinstructions($appname) {
32
-  $appname = mysql_real_escape_string($appname);
33
-  $result = db_query("SELECT url FROM qatools.freewvs_upgradeinstructions WHERE appname='{$appname}' LIMIT 1");
34
-  if (mysql_num_rows($result) > 0) {
35
-    $tmp = mysql_fetch_array($result);
32
+  $appname = DB::escape($appname);
33
+  $result = DB::query("SELECT url FROM qatools.freewvs_upgradeinstructions WHERE appname='{$appname}' LIMIT 1");
34
+  if ($result->num_rows > 0) {
35
+    $tmp = $result->fetch_array();
36 36
     return $tmp[0];
37 37
   }
38 38
   return NULL;
... ...
@@ -20,12 +20,12 @@ function create_new_webapp($appname, $directory, $url, $data)
20 20
 {
21 21
   if (directory_in_use($directory))
22 22
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.');
23
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
24
-  $appname = mysql_real_escape_string($appname);
25
-  $directory = mysql_real_escape_string($directory);
26
-  $url = mysql_real_escape_string($url);
27
-  $data = mysql_real_escape_string($data);
28
-  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
23
+  $username = DB::escape($_SESSION['userinfo']['username']);
24
+  $appname = DB::escape($appname);
25
+  $directory = DB::escape($directory);
26
+  $url = DB::escape($url);
27
+  $data = DB::escape($data);
28
+  DB::query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
29 29
 }
30 30
 
31 31
 
... ...
@@ -33,18 +33,18 @@ function request_update($appname, $directory, $url)
33 33
 {
34 34
   if (directory_in_use($directory))
35 35
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.');
36
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
37
-  $appname = mysql_real_escape_string($appname);
38
-  $directory = mysql_real_escape_string($directory);
39
-  $url = maybe_null(mysql_real_escape_string($url));
40
-  db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')");
36
+  $username = DB::escape($_SESSION['userinfo']['username']);
37
+  $appname = DB::escape($appname);
38
+  $directory = DB::escape($directory);
39
+  $url = maybe_null(DB::escape($url));
40
+  DB::query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')");
41 41
 }
42 42
 
43 43
 function directory_in_use($directory)
44 44
 {
45
-  $directory = mysql_real_escape_string($directory);
46
-  $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'");
47
-  if (mysql_num_rows($result) > 0)
45
+  $directory = DB::escape($directory);
46
+  $result = DB::query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'");
47
+  if ($result->num_rows > 0)
48 48
     return true;
49 49
   return false;
50 50
 }
... ...
@@ -101,15 +101,15 @@ function get_url_for_dir($docroot, $cutoff = '')
101 101
 {
102 102
   if (substr($docroot, -1) == '/')
103 103
     $docroot = substr($docroot, 0, -1);
104
-  $docroot = mysql_real_escape_string($docroot);
105
-  $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1");
106
-  if (mysql_num_rows($result) < 1)
104
+  $docroot = DB::escape($docroot);
105
+  $result = DB::query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1");
106
+  if ($result->num_rows < 1)
107 107
   {
108 108
     if (!strstr($docroot, '/'))
109 109
       return NULL;
110 110
     return get_url_for_dir(substr($docroot, 0, strrpos($docroot, '/')), substr($docroot, strrpos($docroot, '/')).$cutoff);
111 111
   } 
112
-  $tmp = mysql_fetch_assoc($result);
112
+  $tmp = $result->fetch_assoc();
113 113
   $prefix = 'http://';
114 114
   if ($tmp['ssl'] == 'forward' || $tmp['ssl'] == 'https')
115 115
     $prefix = 'https://';
... ...
@@ -122,7 +122,7 @@ function create_webapp_mysqldb($application, $sitename)
122 122
   // dependet auf das mysql-modul
123 123
   require_once('modules/mysql/include/mysql.php'); 
124 124
   
125
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
125
+  $username = DB::escape($_SESSION['userinfo']['username']);
126 126
   $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
127 127
   
128 128
   // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
... ...
@@ -16,10 +16,10 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 function account_has_totp($username)
18 18
 {
19
-  $username = mysql_real_escape_string($username);
20
-  $result = db_query("SELECT id FROM mail.webmail_totp WHERE email='{$username}'");
21
-  if (mysql_num_rows($result) > 0) {
22
-    $tmp = mysql_fetch_assoc($result);
19
+  $username = DB::escape($username);
20
+  $result = DB::query("SELECT id FROM mail.webmail_totp WHERE email='{$username}'");
21
+  if ($result->num_rows > 0) {
22
+    $tmp = $result->fetch_assoc();
23 23
     $id = $tmp['id'];
24 24
     return $id;
25 25
   } else {
... ...
@@ -31,13 +31,13 @@ function account_has_totp($username)
31 31
 
32 32
 function validate_password($username, $password) 
33 33
 {
34
-  $username = mysql_real_escape_string($username);
35
-  $result = db_query("SELECT account, cryptpass FROM mail.courier_mailaccounts WHERE account='{$username}' UNION SELECT account, cryptpass FROM mail.courier_virtual_accounts WHERE account='{$username}'");
36
-  if (mysql_num_rows($result) != 1) {
34
+  $username = DB::escape($username);
35
+  $result = DB::query("SELECT account, cryptpass FROM mail.courier_mailaccounts WHERE account='{$username}' UNION SELECT account, cryptpass FROM mail.courier_virtual_accounts WHERE account='{$username}'");
36
+  if ($result->num_rows != 1) {
37 37
     // Kein Account mit dem Namen oder Name nicht eindeutig
38 38
     return false;
39 39
   }
40
-  $account = mysql_fetch_assoc($result);
40
+  $account = $result->fetch_assoc();
41 41
   return (crypt($password, $account['cryptpass']) == $account['cryptpass']);
42 42
 }
43 43
 
... ...
@@ -63,7 +63,7 @@ function store_webmail_password($username, $oldpw, $newpw)
63 63
 
64 64
   $uid = (int) $_SESSION['userinfo']['uid'];
65 65
 
66
-  db_query("REPLACE INTO mail.webmail_totp (useraccount, email, webmailpass) VALUES ({$uid}, '{$username}', '{$code}')");
66
+  DB::query("REPLACE INTO mail.webmail_totp (useraccount, email, webmailpass) VALUES ({$uid}, '{$username}', '{$code}')");
67 67
 }
68 68
 
69 69
 
... ...
@@ -87,9 +87,9 @@ function decode_webmail_password($crypted, $webmailpw)
87 87
 
88 88
 
89 89
 function get_imap_password($username, $webmailpass) {
90
-  $username = mysql_real_escape_string($username);
91
-  $result = db_query("SELECT webmailpass FROM mail.webmail_totp WHERE email='{$username}'");
92
-  $tmp = mysql_fetch_assoc($result);
90
+  $username = DB::escape($username);
91
+  $result = DB::query("SELECT webmailpass FROM mail.webmail_totp WHERE email='{$username}'");
92
+  $tmp = $result->fetch_assoc();
93 93
   
94 94
   $crypted = $tmp['webmailpass'];
95 95
     
... ...
@@ -107,22 +107,22 @@ function check_webmail_password($username, $webmailpass)
107 107
 
108 108
 function generate_secret($username)
109 109
 {
110
-  $username = mysql_real_escape_string($username);
110
+  $username = DB::escape($username);
111 111
   require_once('external/googleauthenticator/GoogleAuthenticator.php');
112 112
   $ga = new PHPGangsta_GoogleAuthenticator();
113 113
   
114 114
   $secret = $ga->createSecret();
115 115
   DEBUG('GA-Secret: '.$secret);
116 116
   DEBUG('QrCode: '.$ga->getQRCodeGoogleUrl('Blog', $secret));
117
-  db_query("UPDATE mail.webmail_totp SET totp_secret='{$secret}' WHERE email='{$username}'");
117
+  DB::query("UPDATE mail.webmail_totp SET totp_secret='{$secret}' WHERE email='{$username}'");
118 118
   return $secret;
119 119
 }
120 120
 
121 121
 function check_locked($username) 
122 122
 {
123
-  $username = mysql_real_escape_string($username);
124
-  $result = db_query("SELECT 1 FROM mail.webmail_totp WHERE unlock_timestamp IS NOT NULL and unlock_timestamp > NOW() AND email='{$username}'");
125
-  return (mysql_num_rows($result) > 0);
123
+  $username = DB::escape($username);
124
+  $result = DB::query("SELECT 1 FROM mail.webmail_totp WHERE unlock_timestamp IS NOT NULL and unlock_timestamp > NOW() AND email='{$username}'");
125
+  return ($result->num_rows > 0);
126 126
 }
127 127
 
128 128
 function check_totp($username, $code) {
... ...
@@ -131,10 +131,10 @@ function check_totp($username, $code) {
131 131
     return false;
132 132
   }
133 133
 
134
-  $username = mysql_real_escape_string($username);
134
+  $username = DB::escape($username);
135 135
 
136
-  $result = db_query("SELECT totp_secret, failures FROM mail.webmail_totp WHERE email='{$username}' AND (unlock_timestamp IS NULL OR unlock_timestamp <= NOW())");
137
-  $tmp = mysql_fetch_assoc($result);
136
+  $result = DB::query("SELECT totp_secret, failures FROM mail.webmail_totp WHERE email='{$username}' AND (unlock_timestamp IS NULL OR unlock_timestamp <= NOW())");
137
+  $tmp = $result->fetch_assoc();
138 138
   $secret = $tmp['totp_secret'];
139 139
 
140 140
   require_once('external/googleauthenticator/GoogleAuthenticator.php');
... ...
@@ -142,14 +142,14 @@ function check_totp($username, $code) {
142 142
   
143 143
   $checkResult = $ga->verifyCode($secret, $code, 2);    // 2 = 2*30sec clock tolerance
144 144
   if ($checkResult) {
145
-    db_query("UPDATE mail.webmail_totp SET failures = 0, unlock_timestamp=NULL WHERE email='{$username}'");
145
+    DB::query("UPDATE mail.webmail_totp SET failures = 0, unlock_timestamp=NULL WHERE email='{$username}'");
146 146
     blacklist_token($username, $code);
147 147
     DEBUG('OK');
148 148
   } else {
149 149
     if ($tmp['failures'] > 0 && $tmp['failures'] % 5 == 0) {
150
-      db_query("UPDATE mail.webmail_totp SET failures = failures+1, unlock_timestamp = NOW() + INTERVAL 5 MINUTE WHERE email='{$username}'");
150
+      DB::query("UPDATE mail.webmail_totp SET failures = failures+1, unlock_timestamp = NOW() + INTERVAL 5 MINUTE WHERE email='{$username}'");
151 151
     } else {
152
-      db_query("UPDATE mail.webmail_totp SET failures = failures+1 WHERE email='{$username}'");
152
+      DB::query("UPDATE mail.webmail_totp SET failures = failures+1 WHERE email='{$username}'");
153 153
     }
154 154
     
155 155
     DEBUG('FAILED');
... ...
@@ -196,8 +196,8 @@ function accountname($id)
196 196
 {
197 197
   $id = (int) $id;
198 198
   $uid = (int) $_SESSION['userinfo']['uid'];
199
-  $result = db_query("SELECT email FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}");
200
-  if ($tmp = mysql_fetch_assoc($result)) {
199
+  $result = DB::query("SELECT email FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}");
200
+  if ($tmp = $result->fetch_assoc()) {
201 201
     return $tmp['email'];
202 202
   }
203 203
 }
... ...
@@ -208,23 +208,23 @@ function delete_totp($id)
208 208
   $id = (int) $id;
209 209
   $uid = (int) $_SESSION['userinfo']['uid'];
210 210
   
211
-  db_query("DELETE FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}");
211
+  DB::query("DELETE FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}");
212 212
 }
213 213
 
214 214
 
215 215
 function blacklist_token($email, $token)
216 216
 {
217
-  $email = mysql_real_escape_string($email);
218
-  $token = mysql_real_escape_string($token);
219
-  db_query("INSERT INTO mail.webmail_totp_blacklist (timestamp, email, token) VALUES (NOW(), '{$email}', '{$token}')");
217
+  $email = DB::escape($email);
218
+  $token = DB::escape($token);
219
+  DB::query("INSERT INTO mail.webmail_totp_blacklist (timestamp, email, token) VALUES (NOW(), '{$email}', '{$token}')");
220 220
 }
221 221
 
222 222
 function check_blacklist($email, $token)
223 223
 {
224
-  $email = mysql_real_escape_string($email);
225
-  $token = mysql_real_escape_string($token);
226
-  db_query("DELETE FROM mail.webmail_totp_blacklist WHERE timestamp < NOW() - INTERVAL 10 MINUTE");
227
-  $result = db_query("SELECT id FROM mail.webmail_totp_blacklist WHERE email='{$email}' AND token='{$token}'");
228
-  return (mysql_num_rows($result) > 0);
224
+  $email = DB::escape($email);
225
+  $token = DB::escape($token);
226
+  DB::query("DELETE FROM mail.webmail_totp_blacklist WHERE timestamp < NOW() - INTERVAL 10 MINUTE");
227
+  $result = DB::query("SELECT id FROM mail.webmail_totp_blacklist WHERE email='{$email}' AND token='{$token}'");
228
+  return ($result->num_rows > 0);
229 229
 }
230 230
 
... ...
@@ -18,7 +18,7 @@ require_once('inc/base.php');
18 18
 require_once('inc/debug.php');
19 19
 require_once('inc/error.php');
20 20
 
21
-require_once('inc/db_connect.php');
21
+require_once('inc/db.php');
22 22
 
23 23
 define('ROLE_ANONYMOUS', 0);
24 24
 define('ROLE_MAILACCOUNT', 1);
... ...
@@ -33,16 +33,16 @@ define('ROLE_SUBUSER', 32);
33 33
 
34 34
 function find_role($login, $password, $i_am_admin = False)
35 35
 {
36
-  $login = mysql_real_escape_string($login);
36
+  $login = DB::escape($login);
37 37
   // Domain-Admin?  <not implemented>
38 38
   // System-User?
39 39
   $uid = (int) $login;
40 40
   if ($uid == 0)
41 41
     $uid = 'NULL';
42
-  $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
43
-  if (@mysql_num_rows($result) > 0)
42
+  $result = DB::query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
43
+  if (@$result->num_rows > 0)
44 44
   {
45
-    $entry = mysql_fetch_object($result);
45
+    $entry = $result->fetch_object();
46 46
     if (strcasecmp($entry->username, $login) == 0 && $entry->username != $login) {
47 47
       // MySQL matched (warum auch immer) ohne Beachtung der Schreibweise. Wir wollen aber case-sensitive sein.
48 48
       logger(LOG_WARNING, "session/checkuser", "login", "denying login to wrong cased username »{$login}«.");
... ...
@@ -69,20 +69,20 @@ function find_role($login, $password, $i_am_admin = False)
69 69
   // Customer?
70 70
   $customerno = (int) $login;
71 71
   $pass = sha1($password);
72
-  $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
72
+  $result = DB::query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
73 73
   if ($i_am_admin)
74
-    $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno}");
75
-  if (@mysql_num_rows($result) > 0)
74
+    $result = DB::query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno}");
75
+  if (@$result->num_rows > 0)
76 76
   {
77 77
     return ROLE_CUSTOMER;
78 78
   }
79 79
 
80 80
   // Sub-User
81 81
 
82
-  $result = db_query("SELECT password FROM system.subusers WHERE username='{$login}'");
83
-  if (@mysql_num_rows($result) > 0)
82
+  $result = DB::query("SELECT password FROM system.subusers WHERE username='{$login}'");
83
+  if (@$result->num_rows > 0)
84 84
   {
85
-    $entry = mysql_fetch_object($result);
85
+    $entry = $result->fetch_object();
86 86
     $db_password = $entry->password;
87 87
     // SHA1 für alte Subuser (kaylee), SHA256 für neue Subuser
88 88
     if (hash("sha1", $password) == $db_password || hash("sha256", $password) == $db_password || $i_am_admin)
... ...
@@ -112,10 +112,10 @@ function find_role($login, $password, $i_am_admin = False)
112 112
       }
113 113
     }
114 114
   }
115
-  $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
116
-  if (@mysql_num_rows($result) > 0)
115
+  $result = DB::query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
116
+  if (@$result->num_rows > 0)
117 117
   {
118
-    $entry = mysql_fetch_object($result);
118
+    $entry = $result->fetch_object();
119 119
     $db_password = $entry->cryptpass;
120 120
     $hash = crypt($password, $db_password);
121 121
     if ($hash == $db_password || $i_am_admin)
... ...
@@ -128,10 +128,10 @@ function find_role($login, $password, $i_am_admin = False)
128 128
   
129 129
   // virtueller Mail-Account
130 130
   $account = $login;
131
-  $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account='{$account}' LIMIT 1;");
132
-  if (@mysql_num_rows($result) > 0)
131
+  $result = DB::query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account='{$account}' LIMIT 1;");
132
+  if (@$result->num_rows > 0)
133 133
   {
134
-    $entry = mysql_fetch_object($result);
134
+    $entry = $result->fetch_object();
135 135
     $db_password = $entry->cryptpass;
136 136
     $hash = crypt($password, $db_password);
137 137
     if ($hash == $db_password || $i_am_admin)
... ...
@@ -158,17 +158,17 @@ function get_customer_info($customer)
158 158
   if ($customerno != 0)
159 159
   {
160 160
     DEBUG('Looking up customerinfo for customer no. '.$customerno);
161
-    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;");
161
+    $result = DB::query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;");
162 162
   }
163 163
   else
164 164
   {
165
-    $username = mysql_real_escape_string($customer);
165
+    $username = DB::escape($customer);
166 166
     DEBUG('looking up customer info for username '.$username);
167
-    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
167
+    $result = DB::query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
168 168
   }
169
-  if (@mysql_num_rows($result) == 0)
169
+  if (@$result->num_rows == 0)
170 170
     system_failure("Konnte Kundendaten nicht auslesen!");
171
-  $data = mysql_fetch_assoc($result);
171
+  $data = $result->fetch_assoc();
172 172
   DEBUG($data);
173 173
   $ret['customerno'] = $data['id'];
174 174
   $ret['title'] = $data['anrede'];
... ...
@@ -182,13 +182,13 @@ function get_customer_info($customer)
182 182
 
183 183
 function get_subuser_info($username)
184 184
 {
185
-  $result = db_query("SELECT uid, modules FROM system.subusers WHERE username='{$username}'");
186
-  if (mysql_num_rows($result) < 1)
185
+  $result = DB::query("SELECT uid, modules FROM system.subusers WHERE username='{$username}'");
186
+  if ($result->num_rows < 1)
187 187
   {
188 188
     logger(LOG_ERR, "session/checkuser", "login", "error reading subuser's data: »{$username}«");
189 189
     system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
190 190
   }
191
-  $data = mysql_fetch_assoc($result);
191
+  $data = $result->fetch_assoc();
192 192
   $userinfo = get_user_info($data['uid']);
193 193
   $userinfo['modules'] = $data['modules'];
194 194
   return $userinfo;
... ...
@@ -197,15 +197,15 @@ function get_subuser_info($username)
197 197
 
198 198
 function get_user_info($username)
199 199
 {
200
-  $username = mysql_real_escape_string($username);
201
-  $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name, server
200
+  $username = DB::escape($username);
201
+  $result = DB::query("SELECT kunde AS customerno, username, uid, homedir, name, server
202 202
                       FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1");
203
-  if (mysql_num_rows($result) < 1)
203
+  if ($result->num_rows < 1)
204 204
   {
205 205
     logger(LOG_ERR, "session/checkuser", "login", "error reading user's data: »{$username}«");
206 206
     system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
207 207
   }
208
-  $val = @mysql_fetch_object($result);
208
+  $val = @$result->fetch_object();
209 209
   return array(
210 210
           'username'      => $val->username,
211 211
           'customerno'    => $val->customerno,
... ...
@@ -219,30 +219,30 @@ function get_user_info($username)
219 219
 function set_customer_verified($customerno)
220 220
 {
221 221
   $customerno = (int) $customerno;
222
-  db_query("UPDATE kundendaten.kunden SET status=0 WHERE id={$customerno};");
222
+  DB::query("UPDATE kundendaten.kunden SET status=0 WHERE id={$customerno};");
223 223
   logger(LOG_INFO, "session/checkuser", "register", "set customer's status to 0.");
224 224
 }
225 225
 
226 226
 function set_customer_lastlogin($customerno)
227 227
 {
228 228
   $customerno = (int) $customerno;
229
-  db_query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id={$customerno};");
229
+  DB::query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id={$customerno};");
230 230
 }
231 231
 
232 232
 function set_customer_password($customerno, $newpass)
233 233
 {
234 234
   $customerno = (int) $customerno;
235 235
   $newpass = sha1($newpass);
236
-  db_query("UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1");
236
+  DB::query("UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1");
237 237
   logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
238 238
 }
239 239
 
240 240
 function set_subuser_password($subuser, $newpass)
241 241
 {
242
-  $subuser = mysql_real_escape_string($subuser);
242
+  $subuser = DB::escape($subuser);
243 243
   $uid = (int) $_SESSION['userinfo']['uid'];
244 244
   $newpass = sha1($newpass);
245
-  db_query("UPDATE system.subusers SET password='$newpass' WHERE username='{$subuser}' AND uid={$uid}");
245
+  DB::query("UPDATE system.subusers SET password='$newpass' WHERE username='{$subuser}' AND uid={$uid}");
246 246
   logger(LOG_INFO, "session/checkuser", "pwchange", "changed subuser's password.");
247 247
 }
248 248
 
... ...
@@ -261,28 +261,28 @@ function set_systemuser_password($uid, $newpass)
261 261
     $salt = random_string(8);
262 262
     $newpass = crypt($newpass, "\$1\${$salt}\$");
263 263
   }
264
-  db_query("UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1");
264
+  DB::query("UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1");
265 265
   logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");
266 266
 }
267 267
 
268 268
 
269 269
 function user_for_mailaccount($account) 
270 270
 {
271
-  $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
272
-  if (mysql_num_rows($result) != 1) {
271
+  $result = DB::query("SELECT uid FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
272
+  if ($result->num_rows != 1) {
273 273
     system_failure('Diese Adresse ist herrenlos?!');
274 274
   }
275
-  $tmp = mysql_fetch_assoc($result);
275
+  $tmp = $result->fetch_assoc();
276 276
   return $tmp['uid'];
277 277
 }
278 278
 
279 279
 function user_for_vmail_account($account)
280 280
 {
281
-  $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)='{$account}' LIMIT 1;");
282
-  if (mysql_num_rows($result) != 1) {
281
+  $result = DB::query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)='{$account}' LIMIT 1;");
282
+  if ($result->num_rows != 1) {
283 283
     system_failure('Diese Adresse ist herrenlos?!');
284 284
   }
285
-  $tmp = mysql_fetch_assoc($result);
285
+  $tmp = $result->fetch_assoc();
286 286
   return $tmp['useraccount'];
287 287
 }
288 288
 
... ...
@@ -8,7 +8,7 @@
8 8
 require_once('session/checkuser.php');
9 9
 require_once('inc/error.php');
10 10
 require_once('inc/debug.php');
11
-
11
+require_once('inc/db.php');
12 12
 require_once('inc/base.php');
13 13
 
14 14
 session_name(config('session_name'));
15 15