Bernd Wurst commited on 2013-09-19 06:31:27
Zeige 38 geänderte Dateien mit 703 Einfügungen und 659 Löschungen.
... | ... |
@@ -39,14 +39,14 @@ function prepare_cert($cert) |
39 | 39 |
|
40 | 40 |
function get_logins_by_cert($cert) |
41 | 41 |
{ |
42 |
- $cert = mysql_real_escape_string(prepare_cert($cert)); |
|
42 |
+ $cert = DB::escape(prepare_cert($cert)); |
|
43 | 43 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'"; |
44 |
- $result = db_query($query); |
|
45 |
- if (mysql_num_rows($result) < 1) |
|
44 |
+ $result = DB::query($query); |
|
45 |
+ if ($result->num_rows < 1) |
|
46 | 46 |
return NULL; |
47 | 47 |
else { |
48 | 48 |
$ret = array(); |
49 |
- while ($row = mysql_fetch_assoc($result)) { |
|
49 |
+ while ($row = $result->fetch_assoc()) { |
|
50 | 50 |
$ret[] = $row; |
51 | 51 |
} |
52 | 52 |
return $ret; |
... | ... |
@@ -39,14 +39,14 @@ function prepare_cert($cert) |
39 | 39 |
|
40 | 40 |
function get_logins_by_cert($cert) |
41 | 41 |
{ |
42 |
- $cert = mysql_real_escape_string(prepare_cert($cert)); |
|
42 |
+ $cert = DB::escape(prepare_cert($cert)); |
|
43 | 43 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'"; |
44 |
- $result = db_query($query); |
|
45 |
- if (mysql_num_rows($result) < 1) |
|
44 |
+ $result = DB::query($query); |
|
45 |
+ if ($result->num_rows < 1) |
|
46 | 46 |
return NULL; |
47 | 47 |
else { |
48 | 48 |
$ret = array(); |
49 |
- while ($row = mysql_fetch_assoc($result)) { |
|
49 |
+ while ($row = $result->fetch_assoc()) { |
|
50 | 50 |
$ret[] = $row; |
51 | 51 |
} |
52 | 52 |
return $ret; |
... | ... |
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
17 |
+require_once('inc/db.php'); |
|
18 | 18 |
require_once('inc/base.php'); |
19 | 19 |
require_once('inc/debug.php'); |
20 | 20 |
|
... | ... |
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
17 |
+require_once('inc/db.php'); |
|
18 | 18 |
require_once('inc/base.php'); |
19 | 19 |
require_once('inc/debug.php'); |
20 | 20 |
|
... | ... |
@@ -42,7 +42,7 @@ class Domain extends KeksData |
42 | 42 |
|
43 | 43 |
function loadByName($name) |
44 | 44 |
{ |
45 |
- $name = mysql_real_escape_string($name); |
|
45 |
+ $name = DB::escape($name); |
|
46 | 46 |
$res = $this->getData("*", "CONCAT_WS('.', domainname, tld)='{$name}' LIMIT 1"); |
47 | 47 |
if (count($res) < 1) |
48 | 48 |
return false; |
... | ... |
@@ -110,11 +110,11 @@ function get_domain_list($customerno, $uid = NULL) |
110 | 110 |
$query .= " kunde={$customerno}"; |
111 | 111 |
} |
112 | 112 |
$query .= " ORDER BY domainname,tld"; |
113 |
- $result = db_query($query); |
|
113 |
+ $result = DB::query($query); |
|
114 | 114 |
$domains = array(); |
115 |
- DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n"); |
|
116 |
- if (mysql_num_rows($result) > 0) |
|
117 |
- while ($domain = mysql_fetch_object($result)) |
|
115 |
+ DEBUG('Result set is '.$result->num_rows." rows.<br />\n"); |
|
116 |
+ if ($result->num_rows > 0) |
|
117 |
+ while ($domain = $result->fetch_object()) |
|
118 | 118 |
array_push($domains, new Domain((int) $domain->id)); |
119 | 119 |
DEBUG($domains); |
120 | 120 |
return $domains; |
... | ... |
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
17 |
+require_once('inc/db.php'); |
|
18 | 18 |
require_once('inc/base.php'); |
19 | 19 |
require_once('inc/debug.php'); |
20 | 20 |
|
... | ... |
@@ -56,8 +56,8 @@ abstract class KeksData |
56 | 56 |
protected function setup() |
57 | 57 |
{ |
58 | 58 |
$fields = array(); |
59 |
- $res = db_query("DESCRIBE {$this->default_table}"); |
|
60 |
- while ($f = mysql_fetch_object($res)) |
|
59 |
+ $result = DB::query("DESCRIBE {$this->default_table}"); |
|
60 |
+ while ($f = $result->fetch_object()) |
|
61 | 61 |
{ |
62 | 62 |
$fields[$f->Field] = $f->Default; |
63 | 63 |
} |
... | ... |
@@ -78,9 +78,9 @@ abstract class KeksData |
78 | 78 |
if (is_array($fields)) |
79 | 79 |
$fields = implode(',', $fields); |
80 | 80 |
|
81 |
- $res = db_query("SELECT {$fields} FROM {$table} {$where}"); |
|
81 |
+ $result = DB::query("SELECT {$fields} FROM {$table} {$where}"); |
|
82 | 82 |
$return = array(); |
83 |
- while ($arr = mysql_fetch_assoc($res)) |
|
83 |
+ while ($arr = $result->fetch_assoc()) |
|
84 | 84 |
array_push($return, $arr); |
85 | 85 |
return $return; |
86 | 86 |
} |
... | ... |
@@ -102,10 +102,10 @@ abstract class KeksData |
102 | 102 |
$upd = array(); |
103 | 103 |
foreach ($this->changes as $key => $value) |
104 | 104 |
{ |
105 |
- $value = mysql_real_escape_string($value); |
|
105 |
+ $value = DB::escape($value); |
|
106 | 106 |
array_push($upd, "`{$key}`='{$value}'"); |
107 | 107 |
} |
108 |
- db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};"); |
|
108 |
+ DB::query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};"); |
|
109 | 109 |
} |
110 | 110 |
|
111 | 111 |
abstract function parse($data); |
... | ... |
@@ -17,7 +17,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
17 | 17 |
|
18 | 18 |
require_once('config.php'); |
19 | 19 |
require_once('inc/debug.php'); |
20 |
-require_once('inc/db_connect.php'); |
|
20 |
+require_once('inc/db.php'); |
|
21 | 21 |
require_once("inc/base.php"); |
22 | 22 |
require_once("inc/theme.php"); |
23 | 23 |
|
... | ... |
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
18 | 17 |
require_once('inc/debug.php'); |
19 | 18 |
|
20 | 19 |
function config($key) |
... | ... |
@@ -36,9 +35,9 @@ function config($key) |
36 | 35 |
return $config[$key]; |
37 | 36 |
|
38 | 37 |
/* read configuration from database */ |
39 |
- $options = db_query( "SELECT `key`, value FROM misc.config" ); |
|
38 |
+ $options = DB::query( "SELECT `key`, value FROM misc.config" ); |
|
40 | 39 |
|
41 |
- while( $object = mysql_fetch_assoc( $options ) ) { |
|
40 |
+ while( $object = $options->fetch_assoc() ) { |
|
42 | 41 |
$config[$object['key']]=$object['value']; |
43 | 42 |
} |
44 | 43 |
// Sonst wird das Passwort des webadmin-Users mit ausgegeben |
... | ... |
@@ -54,8 +53,9 @@ function config($key) |
54 | 53 |
|
55 | 54 |
function get_server_by_id($id) { |
56 | 55 |
$id = (int) $id; |
57 |
- $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'")); |
|
58 |
- return $result['hostname']; |
|
56 |
+ $result = DB::query("SELECT hostname FROM system.servers WHERE id='{$id}'"); |
|
57 |
+ $server = $result->fetch_assoc(); |
|
58 |
+ return $server['hostname']; |
|
59 | 59 |
} |
60 | 60 |
|
61 | 61 |
|
... | ... |
@@ -71,8 +71,8 @@ function redirect($target) |
71 | 71 |
function my_server_id() |
72 | 72 |
{ |
73 | 73 |
$uid = (int) $_SESSION['userinfo']['uid']; |
74 |
- $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}"); |
|
75 |
- $r = mysql_fetch_assoc($result); |
|
74 |
+ $result = DB::query("SELECT server FROM system.useraccounts WHERE uid={$uid}"); |
|
75 |
+ $r = $result->fetch_assoc(); |
|
76 | 76 |
DEBUG($r); |
77 | 77 |
return $r['server']; |
78 | 78 |
} |
... | ... |
@@ -81,9 +81,9 @@ function my_server_id() |
81 | 81 |
function additional_servers() |
82 | 82 |
{ |
83 | 83 |
$uid = (int) $_SESSION['userinfo']['uid']; |
84 |
- $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}"); |
|
84 |
+ $result = DB::query("SELECT server FROM system.user_server WHERE uid={$uid}"); |
|
85 | 85 |
$servers = array(); |
86 |
- while ($s = mysql_fetch_assoc($result)) |
|
86 |
+ while ($s = $result->fetch_assoc()) |
|
87 | 87 |
$servers[] = $s['server']; |
88 | 88 |
DEBUG($servers); |
89 | 89 |
return $servers; |
... | ... |
@@ -92,41 +92,22 @@ function additional_servers() |
92 | 92 |
|
93 | 93 |
function server_names() |
94 | 94 |
{ |
95 |
- $result = db_query("SELECT id, hostname FROM system.servers"); |
|
95 |
+ $result = DB::query("SELECT id, hostname FROM system.servers"); |
|
96 | 96 |
$servers = array(); |
97 |
- while ($s = mysql_fetch_assoc($result)) |
|
97 |
+ while ($s = $result->fetch_assoc()) |
|
98 | 98 |
$servers[$s['id']] = $s['hostname']; |
99 | 99 |
DEBUG($servers); |
100 | 100 |
return $servers; |
101 | 101 |
} |
102 | 102 |
|
103 | 103 |
|
104 |
-function db_query($query) |
|
105 |
-{ |
|
106 |
- DEBUG($query); |
|
107 |
- $result = @mysql_query($query); |
|
108 |
- if (mysql_error()) |
|
109 |
- { |
|
110 |
- $error = mysql_error(); |
|
111 |
- logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}"); |
|
112 |
- system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.'); |
|
113 |
- } |
|
114 |
- $count = @mysql_num_rows($result); |
|
115 |
- if (! $count) |
|
116 |
- $count = 'no'; |
|
117 |
- DEBUG("=> {$count} rows"); |
|
118 |
- return $result; |
|
119 |
-} |
|
120 |
- |
|
121 |
- |
|
122 |
- |
|
123 | 104 |
function maybe_null($value) |
124 | 105 |
{ |
125 | 106 |
if ($value == NULL) |
126 | 107 |
return 'NULL'; |
127 | 108 |
|
128 | 109 |
if (strlen( (string) $value ) > 0) |
129 |
- return "'".mysql_real_escape_string($value)."'"; |
|
110 |
+ return "'".$db->escape($value)."'"; |
|
130 | 111 |
else |
131 | 112 |
return 'NULL'; |
132 | 113 |
} |
... | ... |
@@ -146,13 +127,13 @@ function logger($severity, $scriptname, $scope, $message) |
146 | 127 |
elseif ($_SESSION['role'] & ROLE_CUSTOMER) |
147 | 128 |
$user = "'{$_SESSION['customerinfo']['customerno']}'"; |
148 | 129 |
|
149 |
- $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); |
|
130 |
+ $remote = DB::escape($_SERVER['REMOTE_ADDR']); |
|
150 | 131 |
|
151 |
- $scriptname = mysql_real_escape_string($scriptname); |
|
152 |
- $scope = mysql_real_escape_string($scope); |
|
153 |
- $message = mysql_real_escape_string($message); |
|
132 |
+ $scriptname = DB::escape($scriptname); |
|
133 |
+ $scope = DB::escape($scope); |
|
134 |
+ $message = DB::escape($message); |
|
154 | 135 |
|
155 |
- db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');"); |
|
136 |
+ DB::query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');"); |
|
156 | 137 |
} |
157 | 138 |
|
158 | 139 |
function html_header($arg) |
... | ... |
@@ -0,0 +1,88 @@ |
1 |
+<?php |
|
2 |
+/* |
|
3 |
+This file belongs to the Webinterface of schokokeks.org Hosting |
|
4 |
+ |
|
5 |
+Written 2008-2013 by schokokeks.org Hosting, namely |
|
6 |
+ Bernd Wurst <bernd@schokokeks.org> |
|
7 |
+ Hanno Böck <hanno@schokokeks.org> |
|
8 |
+ |
|
9 |
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
10 |
+ |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 |
+http://creativecommons.org/publicdomain/zero/1.0/ |
|
13 |
+ |
|
14 |
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
15 |
+*/ |
|
16 |
+ |
|
17 |
+require_once('inc/error.php'); |
|
18 |
+require_once('inc/debug.php'); |
|
19 |
+ |
|
20 |
+class DB |
|
21 |
+{ |
|
22 |
+ public static $connected = false; |
|
23 |
+ public static $connection = NULL; |
|
24 |
+ |
|
25 |
+ function __construct() |
|
26 |
+ { |
|
27 |
+ return false; |
|
28 |
+ } |
|
29 |
+ function __clone() |
|
30 |
+ { |
|
31 |
+ return false; |
|
32 |
+ } |
|
33 |
+ |
|
34 |
+ static function connect() |
|
35 |
+ { |
|
36 |
+ DB::$connection = new mysqli(config('db_host'), config('db_user'), config('db_pass'), '', config('db_port')); |
|
37 |
+ if (mysqli_connect_errno()) |
|
38 |
+ die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.'); |
|
39 |
+ DB::$connection->set_charset('utf8'); |
|
40 |
+ if (DB::$connection->error) |
|
41 |
+ { |
|
42 |
+ DEBUG("DB-Fehler: ".DB::$connection->error); |
|
43 |
+ die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!'); |
|
44 |
+ } |
|
45 |
+ DB::$connected = true; |
|
46 |
+ } |
|
47 |
+ |
|
48 |
+ static function query($query) |
|
49 |
+ { |
|
50 |
+ if (! DB::$connection) |
|
51 |
+ { |
|
52 |
+ DB::connect(); |
|
53 |
+ } |
|
54 |
+ |
|
55 |
+ DEBUG($query); |
|
56 |
+ $result = DB::$connection->query($query); |
|
57 |
+ if (DB::$connection->error) |
|
58 |
+ { |
|
59 |
+ $error = DB::$connection->error; |
|
60 |
+ logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}"); |
|
61 |
+ system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.'); |
|
62 |
+ } |
|
63 |
+ $count = DB::$connection->affected_rows; |
|
64 |
+ if (! $count) |
|
65 |
+ $count = 'no'; |
|
66 |
+ DEBUG("=> {$count} rows"); |
|
67 |
+ return $result; |
|
68 |
+ } |
|
69 |
+ |
|
70 |
+ static function insert_id() |
|
71 |
+ { |
|
72 |
+ return DB::$connection->insert_id; |
|
73 |
+ } |
|
74 |
+ |
|
75 |
+ |
|
76 |
+ static function escape($string) |
|
77 |
+ { |
|
78 |
+ return DB::$connection->real_escape_string($string); |
|
79 |
+ } |
|
80 |
+ |
|
81 |
+} |
|
82 |
+ |
|
83 |
+ |
|
84 |
+if (! DB::$connected ) { |
|
85 |
+ DB::connect(); |
|
86 |
+} |
|
87 |
+ |
|
88 |
+?> |
... | ... |
@@ -1,25 +0,0 @@ |
1 |
-<?php |
|
2 |
-/* |
|
3 |
-This file belongs to the Webinterface of schokokeks.org Hosting |
|
4 |
- |
|
5 |
-Written 2008-2013 by schokokeks.org Hosting, namely |
|
6 |
- Bernd Wurst <bernd@schokokeks.org> |
|
7 |
- Hanno Böck <hanno@schokokeks.org> |
|
8 |
- |
|
9 |
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
10 |
- |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 |
-http://creativecommons.org/publicdomain/zero/1.0/ |
|
13 |
- |
|
14 |
-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
15 |
-*/ |
|
16 |
- |
|
17 |
-require_once('inc/error.php'); |
|
18 |
- |
|
19 |
-if (!@mysql_connect(config('db_host'), config('db_user'), config('db_pass'))) |
|
20 |
- die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.'); |
|
21 |
- |
|
22 |
-if (!@mysql_query('SET NAMES utf8')) |
|
23 |
- die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!'); |
|
24 |
- |
|
25 |
-?> |
... | ... |
@@ -19,9 +19,9 @@ require_once('inc/base.php'); |
19 | 19 |
|
20 | 20 |
function find_customers($string) |
21 | 21 |
{ |
22 |
- $string = mysql_real_escape_string(chop($string)); |
|
22 |
+ $string = DB::escape(chop($string)); |
|
23 | 23 |
$return = array(); |
24 |
- $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ". |
|
24 |
+ $result = DB::query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ". |
|
25 | 25 |
"ON (kk.kundennr = k.id) LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ". |
26 | 26 |
"firma LIKE '%{$string}%' OR firma2 LIKE '%{$string}%' OR ". |
27 | 27 |
"nachname LIKE '%{$string}%' OR vorname LIKE '%{$string}%' OR ". |
... | ... |
@@ -30,7 +30,7 @@ function find_customers($string) |
30 | 30 |
"notizen LIKE '%{$string}%' OR kk.name LIKE '%{$string}%' OR ". |
31 | 31 |
"kk.wert LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ". |
32 | 32 |
"u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';"); |
33 |
- while ($entry = mysql_fetch_assoc($result)) |
|
33 |
+ while ($entry = $result->fetch_assoc()) |
|
34 | 34 |
$return[] = $entry['id']; |
35 | 35 |
|
36 | 36 |
return $return; |
... | ... |
@@ -41,9 +41,9 @@ function find_users_for_customer($id) |
41 | 41 |
{ |
42 | 42 |
$id = (int) $id; |
43 | 43 |
$return = array(); |
44 |
- $result = db_query("SELECT uid, username FROM system.useraccounts WHERE ". |
|
44 |
+ $result = DB::query("SELECT uid, username FROM system.useraccounts WHERE ". |
|
45 | 45 |
"kunde='{$id}';"); |
46 |
- while ($entry = mysql_fetch_assoc($result)) |
|
46 |
+ while ($entry = $result->fetch_assoc()) |
|
47 | 47 |
$return[$entry['uid']] = $entry['username']; |
48 | 48 |
|
49 | 49 |
return $return; |
... | ... |
@@ -54,9 +54,9 @@ function find_users_for_customer($id) |
54 | 54 |
function hosting_contracts($cid) |
55 | 55 |
{ |
56 | 56 |
$cid = (int) $cid; |
57 |
- $result = db_query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid); |
|
57 |
+ $result = DB::query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid); |
|
58 | 58 |
$ret = array(); |
59 |
- while ($x = mysql_fetch_assoc($result)) |
|
59 |
+ while ($x = $result->fetch_assoc()) |
|
60 | 60 |
array_push($ret, $x); |
61 | 61 |
DEBUG($ret); |
62 | 62 |
|
... | ... |
@@ -15,7 +15,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
15 | 15 |
*/ |
16 | 16 |
|
17 | 17 |
require_once('inc/debug.php'); |
18 |
-require_once('inc/db_connect.php'); |
|
18 |
+require_once('inc/db.php'); |
|
19 | 19 |
require_once('inc/base.php'); |
20 | 20 |
require_once('inc/security.php'); |
21 | 21 |
require_once('inc/error.php'); |
... | ... |
@@ -26,9 +26,9 @@ require_once('class/domain.php'); |
26 | 26 |
function get_dyndns_accounts() |
27 | 27 |
{ |
28 | 28 |
$uid = (int) $_SESSION['userinfo']['uid']; |
29 |
- $result = db_query("SELECT * FROM dns.dyndns WHERE uid={$uid}"); |
|
29 |
+ $result = DB::query("SELECT * FROM dns.dyndns WHERE uid={$uid}"); |
|
30 | 30 |
$list = array(); |
31 |
- while ($item = mysql_fetch_assoc($result)) { |
|
31 |
+ while ($item = $result->fetch_assoc()) { |
|
32 | 32 |
array_push($list, $item); |
33 | 33 |
} |
34 | 34 |
DEBUG($list); |
... | ... |
@@ -40,12 +40,12 @@ function get_dyndns_account($id) |
40 | 40 |
{ |
41 | 41 |
$id = (int) $id; |
42 | 42 |
$uid = (int) $_SESSION['userinfo']['uid']; |
43 |
- $result = db_query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}"); |
|
44 |
- if (mysql_num_rows($result) != 1) { |
|
43 |
+ $result = DB::query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}"); |
|
44 |
+ if ($result->num_rows != 1) { |
|
45 | 45 |
logger(LOG_WARNING, "modules/dns/include/dnsinclude", "dyndns", "account »{$id}« invalid for uid »{$uid}«."); |
46 | 46 |
system_failure("Account ungültig"); |
47 | 47 |
} |
48 |
- $item = mysql_fetch_assoc($result); |
|
48 |
+ $item = $result->fetch_assoc(); |
|
49 | 49 |
DEBUG($item); |
50 | 50 |
return $item; |
51 | 51 |
} |
... | ... |
@@ -58,14 +58,14 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
58 | 58 |
if ($password_http == '' && $sshkey == '') |
59 | 59 |
system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.'); |
60 | 60 |
|
61 |
- $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle))); |
|
62 |
- $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey))); |
|
61 |
+ $handle = maybe_null(DB::escape(filter_input_username($handle))); |
|
62 |
+ $sshkey = maybe_null(DB::escape(filter_input_general($sshkey))); |
|
63 | 63 |
|
64 | 64 |
$pwhash = 'NULL'; |
65 | 65 |
if ($password_http) |
66 | 66 |
$pwhash = "'{SHA}".base64_encode(sha1($password_http, true))."'"; |
67 | 67 |
|
68 |
- db_query("INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ({$uid}, {$handle}, {$pwhash}, {$sshkey})"); |
|
68 |
+ DB::query("INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES ({$uid}, {$handle}, {$pwhash}, {$sshkey})"); |
|
69 | 69 |
logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "inserted account"); |
70 | 70 |
} |
71 | 71 |
|
... | ... |
@@ -73,8 +73,8 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
73 | 73 |
function edit_dyndns_account($id, $handle, $password_http, $sshkey) |
74 | 74 |
{ |
75 | 75 |
$id = (int) $id; |
76 |
- $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle))); |
|
77 |
- $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey))); |
|
76 |
+ $handle = maybe_null(DB::escape(filter_input_username($handle))); |
|
77 |
+ $sshkey = maybe_null(DB::escape(filter_input_general($sshkey))); |
|
78 | 78 |
|
79 | 79 |
$pwhash = 'NULL'; |
80 | 80 |
if ($password_http) |
... | ... |
@@ -85,7 +85,7 @@ function edit_dyndns_account($id, $handle, $password_http, $sshkey) |
85 | 85 |
$pwhash = "'{SHA}".base64_encode(sha1($password_http, true))."'"; |
86 | 86 |
} |
87 | 87 |
|
88 |
- db_query("UPDATE dns.dyndns SET handle={$handle}, password={$pwhash}, sshkey={$sshkey} WHERE id={$id} LIMIT 1"); |
|
88 |
+ DB::query("UPDATE dns.dyndns SET handle={$handle}, password={$pwhash}, sshkey={$sshkey} WHERE id={$id} LIMIT 1"); |
|
89 | 89 |
logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "edited account »{$id}«"); |
90 | 90 |
} |
91 | 91 |
|
... | ... |
@@ -94,7 +94,7 @@ function delete_dyndns_account($id) |
94 | 94 |
{ |
95 | 95 |
$id = (int) $id; |
96 | 96 |
|
97 |
- db_query("DELETE FROM dns.dyndns WHERE id={$id} LIMIT 1"); |
|
97 |
+ DB::query("DELETE FROM dns.dyndns WHERE id={$id} LIMIT 1"); |
|
98 | 98 |
logger(LOG_INFO, "modules/dns/include/dnsinclude", "dyndns", "deleted account »{$id}«"); |
99 | 99 |
} |
100 | 100 |
|
... | ... |
@@ -102,9 +102,9 @@ function delete_dyndns_account($id) |
102 | 102 |
function get_dyndns_records($id) |
103 | 103 |
{ |
104 | 104 |
$id = (int) $id; |
105 |
- $result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}"); |
|
105 |
+ $result = DB::query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}"); |
|
106 | 106 |
$data = array(); |
107 |
- while ($entry = mysql_fetch_assoc($result)) { |
|
107 |
+ while ($entry = $result->fetch_assoc()) { |
|
108 | 108 |
$dom = new Domain((int) $entry['domain']); |
109 | 109 |
$dom->ensure_userdomain(); |
110 | 110 |
$entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn; |
... | ... |
@@ -143,10 +143,10 @@ function blank_dns_record($type) |
143 | 143 |
function get_dns_record($id) |
144 | 144 |
{ |
145 | 145 |
$id = (int) $id; |
146 |
- $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}"); |
|
147 |
- if (mysql_num_rows($result) != 1) |
|
146 |
+ $result = DB::query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}"); |
|
147 |
+ if ($result->num_rows != 1) |
|
148 | 148 |
system_failure('illegal ID'); |
149 |
- $data = mysql_fetch_assoc($result); |
|
149 |
+ $data = $result->fetch_assoc(); |
|
150 | 150 |
$dom = new Domain( (int) $data['domain']); |
151 | 151 |
$dom->ensure_userdomain(); |
152 | 152 |
DEBUG($data); |
... | ... |
@@ -157,9 +157,9 @@ function get_dns_record($id) |
157 | 157 |
function get_domain_records($dom) |
158 | 158 |
{ |
159 | 159 |
$dom = (int) $dom; |
160 |
- $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}"); |
|
160 |
+ $result = DB::query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}"); |
|
161 | 161 |
$data = array(); |
162 |
- while ($entry = mysql_fetch_assoc($result)) { |
|
162 |
+ while ($entry = $result->fetch_assoc()) { |
|
163 | 163 |
$dom = new Domain((int) $entry['domain']); |
164 | 164 |
$dom->ensure_userdomain(); |
165 | 165 |
$entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn; |
... | ... |
@@ -173,11 +173,11 @@ function get_domain_records($dom) |
173 | 173 |
|
174 | 174 |
function get_domain_auto_records($domainname) |
175 | 175 |
{ |
176 |
- $domainname = mysql_real_escape_string($domainname); |
|
177 |
- //$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'"); |
|
178 |
- $result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'"); |
|
176 |
+ $domainname = DB::escape($domainname); |
|
177 |
+ //$result = DB::query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'"); |
|
178 |
+ $result = DB::query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'"); |
|
179 | 179 |
$data = array(); |
180 |
- while ($entry = mysql_fetch_assoc($result)) { |
|
180 |
+ while ($entry = $result->fetch_assoc()) { |
|
181 | 181 |
array_push($data, $entry); |
182 | 182 |
} |
183 | 183 |
DEBUG($data); |
... | ... |
@@ -276,9 +276,9 @@ function save_dns_record($id, $record) |
276 | 276 |
$record['spec'] = maybe_null($record['spec']); |
277 | 277 |
$record['dyndns'] = maybe_null($record['dyndns']); |
278 | 278 |
if ($id) |
279 |
- db_query("UPDATE dns.custom_records SET hostname={$record['hostname']}, domain={$dom->id}, type='{$record['type']}', ttl={$record['ttl']}, ip={$record['ip']}, dyndns={$record['dyndns']}, data={$record['data']}, spec={$record['spec']} WHERE id={$id} LIMIT 1"); |
|
279 |
+ DB::query("UPDATE dns.custom_records SET hostname={$record['hostname']}, domain={$dom->id}, type='{$record['type']}', ttl={$record['ttl']}, ip={$record['ip']}, dyndns={$record['dyndns']}, data={$record['data']}, spec={$record['spec']} WHERE id={$id} LIMIT 1"); |
|
280 | 280 |
else |
281 |
- db_query("INSERT INTO dns.custom_records (hostname, domain, type, ttl, ip, dyndns, data, spec) VALUES ({$record['hostname']}, {$dom->id}, '{$record['type']}', {$record['ttl']}, {$record['ip']}, {$record['dyndns']}, {$record['data']}, {$record['spec']})"); |
|
281 |
+ DB::query("INSERT INTO dns.custom_records (hostname, domain, type, ttl, ip, dyndns, data, spec) VALUES ({$record['hostname']}, {$dom->id}, '{$record['type']}', {$record['ttl']}, {$record['ip']}, {$record['dyndns']}, {$record['data']}, {$record['spec']})"); |
|
282 | 282 |
|
283 | 283 |
} |
284 | 284 |
|
... | ... |
@@ -288,7 +288,7 @@ function delete_dns_record($id) |
288 | 288 |
$id = (int) $id; |
289 | 289 |
// Diese Funktion prüft, ob der Eintrag einer eigenen Domain gehört |
290 | 290 |
$record = get_dns_record($id); |
291 |
- db_query("DELETE FROM dns.custom_records WHERE id={$id} LIMIT 1"); |
|
291 |
+ DB::query("DELETE FROM dns.custom_records WHERE id={$id} LIMIT 1"); |
|
292 | 292 |
} |
293 | 293 |
|
294 | 294 |
|
... | ... |
@@ -298,9 +298,9 @@ function convert_from_autorecords($domainid) |
298 | 298 |
$dom->ensure_userdomain(); |
299 | 299 |
$dom = $dom->id; |
300 | 300 |
|
301 |
- db_query("INSERT IGNORE INTO dns.custom_records SELECT r.id, r.lastchange, type, d.id, hostname, ip, NULL AS dyndns, data, spec, ttl FROM dns.v_tmptable_allrecords AS r INNER JOIN dns.v_domains AS d ON (d.name=r.domain) WHERE d.id={$dom}"); |
|
301 |
+ DB::query("INSERT IGNORE INTO dns.custom_records SELECT r.id, r.lastchange, type, d.id, hostname, ip, NULL AS dyndns, data, spec, ttl FROM dns.v_tmptable_allrecords AS r INNER JOIN dns.v_domains AS d ON (d.name=r.domain) WHERE d.id={$dom}"); |
|
302 | 302 |
disable_autorecords($dom); |
303 |
- db_query("UPDATE dns.dnsstatus SET status='outdated'"); |
|
303 |
+ DB::query("UPDATE dns.dnsstatus SET status='outdated'"); |
|
304 | 304 |
warning("Die automatischen Einträge werden in Kürze abgeschaltet, bitte haben Sie einen Moment Geduld."); |
305 | 305 |
} |
306 | 306 |
|
... | ... |
@@ -311,7 +311,7 @@ function enable_autorecords($domainid) |
311 | 311 |
$dom->ensure_userdomain(); |
312 | 312 |
$dom = $dom->id; |
313 | 313 |
|
314 |
- db_query("UPDATE kundendaten.domains SET autodns=1 WHERE id={$dom} LIMIT 1"); |
|
314 |
+ DB::query("UPDATE kundendaten.domains SET autodns=1 WHERE id={$dom} LIMIT 1"); |
|
315 | 315 |
warning("Die automatischen Einträge werden in Kürze aktiviert, bitte haben Sie einen Moment Geduld."); |
316 | 316 |
} |
317 | 317 |
|
... | ... |
@@ -321,15 +321,15 @@ function disable_autorecords($domainid) |
321 | 321 |
$dom->ensure_userdomain(); |
322 | 322 |
$dom = $dom->id; |
323 | 323 |
|
324 |
- db_query("UPDATE kundendaten.domains SET autodns=0 WHERE id={$dom} LIMIT 1"); |
|
324 |
+ DB::query("UPDATE kundendaten.domains SET autodns=0 WHERE id={$dom} LIMIT 1"); |
|
325 | 325 |
} |
326 | 326 |
|
327 | 327 |
|
328 | 328 |
function domain_is_maildomain($domain) |
329 | 329 |
{ |
330 | 330 |
$domain = (int) $domain; |
331 |
- $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}"); |
|
332 |
- $dom = mysql_fetch_assoc($result); |
|
331 |
+ $result = DB::query("SELECT mail FROM kundendaten.domains WHERE id={$domain}"); |
|
332 |
+ $dom = $result->fetch_assoc(); |
|
333 | 333 |
return ($dom['mail'] != 'none'); |
334 | 334 |
} |
335 | 335 |
|
... | ... |
@@ -25,9 +25,9 @@ function mailman_subdomains($domain) |
25 | 25 |
return array(); |
26 | 26 |
} |
27 | 27 |
$domain = (int) $domain; |
28 |
- $result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}"); |
|
28 |
+ $result = DB::query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}"); |
|
29 | 29 |
$ret = array(); |
30 |
- while ($line = mysql_fetch_assoc($result)) |
|
30 |
+ while ($line = $result->fetch_assoc()) |
|
31 | 31 |
{ |
32 | 32 |
$ret[] = $line; |
33 | 33 |
} |
... | ... |
@@ -39,8 +39,8 @@ function dns_in_use($domain) |
39 | 39 |
if ( ! in_array('dns', config('modules'))) |
40 | 40 |
return false; |
41 | 41 |
$domain = (int) $domain; |
42 |
- $result = db_query("SELECT id FROM dns.custom_records WHERE domain={$domain}"); |
|
43 |
- return (mysql_num_rows($result) > 0); |
|
42 |
+ $result = DB::query("SELECT id FROM dns.custom_records WHERE domain={$domain}"); |
|
43 |
+ return ($result->num_rows > 0); |
|
44 | 44 |
} |
45 | 45 |
|
46 | 46 |
|
... | ... |
@@ -51,17 +51,17 @@ function mail_in_use($domain) |
51 | 51 |
return false; |
52 | 52 |
} |
53 | 53 |
$domain = (int) $domain; |
54 |
- $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}"); |
|
55 |
- if (mysql_num_rows($result) < 1) |
|
54 |
+ $result = DB::query("SELECT mail FROM kundendaten.domains WHERE id={$domain}"); |
|
55 |
+ if ($result->num_rows < 1) |
|
56 | 56 |
system_failure("Domain not found"); |
57 |
- $d = mysql_fetch_assoc($result); |
|
57 |
+ $d = $result->fetch_assoc(); |
|
58 | 58 |
if ($d['mail'] == 'none') |
59 | 59 |
return false; // manually disabled |
60 |
- $result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}"); |
|
61 |
- if (mysql_num_rows($result) < 1) |
|
60 |
+ $result = DB::query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}"); |
|
61 |
+ if ($result->num_rows < 1) |
|
62 | 62 |
return true; // .courier |
63 |
- $result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}"); |
|
64 |
- return (mysql_num_rows($result) > 0); |
|
63 |
+ $result = DB::query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}"); |
|
64 |
+ return ($result->num_rows > 0); |
|
65 | 65 |
} |
66 | 66 |
|
67 | 67 |
function web_in_use($domain) |
... | ... |
@@ -71,13 +71,13 @@ function web_in_use($domain) |
71 | 71 |
|
72 | 72 |
$domain = (int) $domain; |
73 | 73 |
|
74 |
- $result = db_query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1"); |
|
75 |
- if (mysql_num_rows($result) < 1) |
|
74 |
+ $result = DB::query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1"); |
|
75 |
+ if ($result->num_rows < 1) |
|
76 | 76 |
return false; |
77 | 77 |
|
78 |
- $result = db_query("SELECT id FROM vhosts.vhost WHERE domain={$domain}"); |
|
79 |
- $result2 = db_query("SELECT id FROM vhosts.alias WHERE domain={$domain}"); |
|
80 |
- return (mysql_num_rows($result) > 0 || mysql_num_rows($result2) > 0); |
|
78 |
+ $result = DB::query("SELECT id FROM vhosts.vhost WHERE domain={$domain}"); |
|
79 |
+ $result2 = DB::query("SELECT id FROM vhosts.alias WHERE domain={$domain}"); |
|
80 |
+ return ($result->num_rows > 0 || $result2->num_rows > 0); |
|
81 | 81 |
} |
82 | 82 |
|
83 | 83 |
|
... | ... |
@@ -19,9 +19,9 @@ require_once('inc/base.php'); |
19 | 19 |
function user_has_accounts() |
20 | 20 |
{ |
21 | 21 |
$uid = (int) $_SESSION['userinfo']['uid']; |
22 |
- $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid"); |
|
23 |
- DEBUG(mysql_num_rows($result)." accounts"); |
|
24 |
- return (mysql_num_rows($result) > 0); |
|
22 |
+ $result = DB::query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid"); |
|
23 |
+ DEBUG($result->num_rows." accounts"); |
|
24 |
+ return ($result->num_rows > 0); |
|
25 | 25 |
} |
26 | 26 |
|
27 | 27 |
if (! function_exists("user_has_vmail_domain")) |
... | ... |
@@ -33,8 +33,8 @@ if (! function_exists("user_has_vmail_domain")) |
33 | 33 |
return false; |
34 | 34 |
} |
35 | 35 |
$uid = (int) $_SESSION['userinfo']['uid']; |
36 |
- $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'"); |
|
37 |
- $row = mysql_fetch_array($result); |
|
36 |
+ $result = DB::query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'"); |
|
37 |
+ $row = $result->fetch_array(); |
|
38 | 38 |
$count = $row[0]; |
39 | 39 |
DEBUG("User has {$count} vmail-domains"); |
40 | 40 |
return ( (int) $count > 0 ); |
... | ... |
@@ -23,8 +23,8 @@ if (! function_exists("user_has_vmail_domain")) |
23 | 23 |
return false; |
24 | 24 |
} |
25 | 25 |
$uid = (int) $_SESSION['userinfo']['uid']; |
26 |
- $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'"); |
|
27 |
- $row = mysql_fetch_array($result); |
|
26 |
+ $result = DB::query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'"); |
|
27 |
+ $row = $result->fetch_array(); |
|
28 | 28 |
$count = $row[0]; |
29 | 29 |
DEBUG("User has {$count} vmail-domains"); |
30 | 30 |
return ( (int) $count > 0 ); |
... | ... |
@@ -40,9 +40,9 @@ if (! function_exists("user_has_dotcourier_domain")) |
40 | 40 |
return false; |
41 | 41 |
} |
42 | 42 |
$uid = (int) $_SESSION['userinfo']['uid']; |
43 |
- $result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". |
|
43 |
+ $result = DB::query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". |
|
44 | 44 |
"SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);"); |
45 |
- $ret = (mysql_num_rows($result) > 0); |
|
45 |
+ $ret = ($result->num_rows > 0); |
|
46 | 46 |
if ($ret) |
47 | 47 |
DEBUG("User {$uid} has dotcourier-domains"); |
48 | 48 |
return $ret; |
... | ... |
@@ -15,7 +15,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
15 | 15 |
*/ |
16 | 16 |
|
17 | 17 |
require_once('inc/debug.php'); |
18 |
-require_once('inc/db_connect.php'); |
|
18 |
+require_once('inc/db.php'); |
|
19 | 19 |
require_once('inc/base.php'); |
20 | 20 |
require_once('inc/security.php'); |
21 | 21 |
|
... | ... |
@@ -26,11 +26,11 @@ require_once('common.php'); |
26 | 26 |
function mailaccounts($uid) |
27 | 27 |
{ |
28 | 28 |
$uid = (int) $uid; |
29 |
- $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local"); |
|
30 |
- DEBUG("Found ".@mysql_num_rows($result)." rows!"); |
|
29 |
+ $result = DB::query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local"); |
|
30 |
+ DEBUG("Found ".@$result->num_rows." rows!"); |
|
31 | 31 |
$accounts = array(); |
32 |
- if (@mysql_num_rows($result) > 0) |
|
33 |
- while ($acc = @mysql_fetch_object($result)) |
|
32 |
+ if (@$result->num_rows > 0) |
|
33 |
+ while ($acc = @$result->fetch_object()) |
|
34 | 34 |
array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1))); |
35 | 35 |
return $accounts; |
36 | 36 |
} |
... | ... |
@@ -39,11 +39,11 @@ function get_mailaccount($id) |
39 | 39 |
{ |
40 | 40 |
$id = (int) $id; |
41 | 41 |
$uid = (int) $_SESSION['userinfo']['uid']; |
42 |
- $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}"); |
|
43 |
- DEBUG("Found ".mysql_num_rows($result)." rows!"); |
|
44 |
- if (mysql_num_rows($result) != 1) |
|
42 |
+ $result = DB::query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}"); |
|
43 |
+ DEBUG("Found ".$result->num_rows." rows!"); |
|
44 |
+ if ($result->num_rows != 1) |
|
45 | 45 |
system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht'); |
46 |
- $acc = mysql_fetch_object($result); |
|
46 |
+ $acc = $result->fetch_object(); |
|
47 | 47 |
$ret = array('account' => $acc->account, 'mailbox' => $acc->maildir, 'enabled' => ($acc->aktiv == 1)); |
48 | 48 |
DEBUG(print_r($ret, true)); |
49 | 49 |
return $ret; |
... | ... |
@@ -73,13 +73,13 @@ function change_mailaccount($id, $arr) |
73 | 73 |
array_push($conditions, "domain={$domain->id}"); |
74 | 74 |
} |
75 | 75 |
} |
76 |
- array_push($conditions, "local='".mysql_real_escape_string($local)."'"); |
|
76 |
+ array_push($conditions, "local='".DB::escape($local)."'"); |
|
77 | 77 |
} |
78 | 78 |
if (isset($arr['mailbox'])) |
79 | 79 |
if ($arr['mailbox'] == '') |
80 | 80 |
array_push($conditions, "`maildir`=NULL"); |
81 | 81 |
else |
82 |
- array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'"); |
|
82 |
+ array_push($conditions, "`maildir`='".DB::escape($arr['mailbox'])."'"); |
|
83 | 83 |
|
84 | 84 |
if (isset($arr['password'])) |
85 | 85 |
{ |
... | ... |
@@ -91,7 +91,7 @@ function change_mailaccount($id, $arr) |
91 | 91 |
array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0")); |
92 | 92 |
|
93 | 93 |
|
94 |
- db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' AND uid={$uid}"); |
|
94 |
+ DB::query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' AND uid={$uid}"); |
|
95 | 95 |
logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "updated account »{$arr['account']}«"); |
96 | 96 |
|
97 | 97 |
} |
... | ... |
@@ -121,13 +121,13 @@ function create_mailaccount($arr) |
121 | 121 |
} |
122 | 122 |
} |
123 | 123 |
|
124 |
- $values['local'] = "'".mysql_real_escape_string($local)."'"; |
|
124 |
+ $values['local'] = "'".DB::escape($local)."'"; |
|
125 | 125 |
|
126 | 126 |
if (isset($arr['mailbox'])) |
127 | 127 |
if ($arr['mailbox'] == '') |
128 | 128 |
$values['maildir'] = 'NULL'; |
129 | 129 |
else |
130 |
- $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'"; |
|
130 |
+ $values['maildir']= "'".DB::escape($arr['mailbox'])."'"; |
|
131 | 131 |
|
132 | 132 |
|
133 | 133 |
if (isset($arr['password'])) |
... | ... |
@@ -139,7 +139,7 @@ function create_mailaccount($arr) |
139 | 139 |
$values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" ); |
140 | 140 |
|
141 | 141 |
|
142 |
- db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")"); |
|
142 |
+ DB::query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")"); |
|
143 | 143 |
logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "created account »{$arr['account']}«"); |
144 | 144 |
|
145 | 145 |
} |
... | ... |
@@ -149,13 +149,13 @@ function get_mailaccount_id($accountname) |
149 | 149 |
{ |
150 | 150 |
list($local, $domain) = explode('@', $accountname, 2); |
151 | 151 |
|
152 |
- $local = mysql_real_escape_string($local); |
|
153 |
- $domain = mysql_real_escape_string($domain); |
|
152 |
+ $local = DB::escape($local); |
|
153 |
+ $domain = DB::escape($domain); |
|
154 | 154 |
|
155 |
- $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'"); |
|
156 |
- if (mysql_num_rows($result) != 1) |
|
155 |
+ $result = DB::query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'"); |
|
156 |
+ if ($result->num_rows != 1) |
|
157 | 157 |
system_failure('account nicht eindeutig'); |
158 |
- $acc = mysql_fetch_assoc($result); |
|
158 |
+ $acc = $result->fetch_assoc(); |
|
159 | 159 |
return $acc['id']; |
160 | 160 |
} |
161 | 161 |
|
... | ... |
@@ -163,7 +163,7 @@ function get_mailaccount_id($accountname) |
163 | 163 |
function delete_mailaccount($id) |
164 | 164 |
{ |
165 | 165 |
$id = (int) $id; |
166 |
- db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1"); |
|
166 |
+ DB::query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1"); |
|
167 | 167 |
logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "deleted account »{$id}«"); |
168 | 168 |
} |
169 | 169 |
|
... | ... |
@@ -213,8 +213,8 @@ function check_valid($acc) |
213 | 213 |
function imap_on_vmail_domain() |
214 | 214 |
{ |
215 | 215 |
$uid = (int) $_SESSION['userinfo']['uid']; |
216 |
- $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}"); |
|
217 |
- if (mysql_num_rows($result) > 0) |
|
216 |
+ $result = DB::query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}"); |
|
217 |
+ if ($result->num_rows > 0) |
|
218 | 218 |
return true; |
219 | 219 |
return false; |
220 | 220 |
} |
... | ... |
@@ -222,13 +222,13 @@ function imap_on_vmail_domain() |
222 | 222 |
function user_has_only_vmail_domains() |
223 | 223 |
{ |
224 | 224 |
$uid = (int) $_SESSION['userinfo']['uid']; |
225 |
- $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}"); |
|
225 |
+ $result = DB::query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}"); |
|
226 | 226 |
// User hat keine VMail-Domains |
227 |
- if (mysql_num_rows($result) == 0) |
|
227 |
+ if ($result->num_rows == 0) |
|
228 | 228 |
return false; |
229 |
- $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}"); |
|
229 |
+ $result = DB::query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}"); |
|
230 | 230 |
// User hat keine Domains die nicht vmail-Domains sind |
231 |
- if (mysql_num_rows($result) == 0) |
|
231 |
+ if ($result->num_rows == 0) |
|
232 | 232 |
return true; |
233 | 233 |
return false; |
234 | 234 |
} |
... | ... |
@@ -58,9 +58,9 @@ Ihre E-Mail wird nicht weitergeleitet.', |
58 | 58 |
|
59 | 59 |
function get_vmail_id_by_emailaddr($emailaddr) |
60 | 60 |
{ |
61 |
- $emailaddr = mysql_real_escape_string( $emailaddr ); |
|
62 |
- $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'"); |
|
63 |
- $entry = mysql_fetch_assoc($result); |
|
61 |
+ $emailaddr = DB::escape( $emailaddr ); |
|
62 |
+ $result = DB::query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'"); |
|
63 |
+ $entry = $result->fetch_assoc(); |
|
64 | 64 |
return (int) $entry['id']; |
65 | 65 |
} |
66 | 66 |
|
... | ... |
@@ -73,25 +73,25 @@ function get_account_details($id, $checkuid = true) |
73 | 73 |
$uid = (int) $_SESSION['userinfo']['uid']; |
74 | 74 |
$uid_check = "useraccount='{$uid}' AND "; |
75 | 75 |
} |
76 |
- $result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1"); |
|
77 |
- if (mysql_num_rows($result) == 0) |
|
76 |
+ $result = DB::query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1"); |
|
77 |
+ if ($result->num_rows == 0) |
|
78 | 78 |
system_failure('Ungültige ID oder kein eigener Account'); |
79 | 79 |
$acc = empty_account(); |
80 |
- $res = mysql_fetch_assoc($result); |
|
80 |
+ $res = $result->fetch_assoc(); |
|
81 | 81 |
foreach ($res AS $key => $value) { |
82 | 82 |
if ($key == 'forwards') |
83 | 83 |
continue; |
84 | 84 |
$acc[$key] = $value; |
85 | 85 |
} |
86 | 86 |
if ($acc['forwards'] > 0) { |
87 |
- $result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};"); |
|
88 |
- while ($item = mysql_fetch_assoc($result)){ |
|
87 |
+ $result = DB::query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};"); |
|
88 |
+ while ($item = $result->fetch_assoc()){ |
|
89 | 89 |
array_push($acc['forwards'], array("id" => $item['id'], 'spamfilter' => $item['spamfilter'], 'destination' => $item['destination'])); |
90 | 90 |
} |
91 | 91 |
} |
92 | 92 |
if ($acc['autoresponder'] > 0) { |
93 |
- $result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}"); |
|
94 |
- $item = mysql_fetch_assoc($result); |
|
93 |
+ $result = DB::query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}"); |
|
94 |
+ $item = $result->fetch_assoc(); |
|
95 | 95 |
DEBUG($item); |
96 | 96 |
$acc['autoresponder'] = $item; |
97 | 97 |
} else { |
... | ... |
@@ -106,9 +106,9 @@ function get_account_details($id, $checkuid = true) |
106 | 106 |
function get_vmail_accounts() |
107 | 107 |
{ |
108 | 108 |
$uid = (int) $_SESSION['userinfo']['uid']; |
109 |
- $result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC"); |
|
109 |
+ $result = DB::query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC"); |
|
110 | 110 |
$ret = array(); |
111 |
- while ($line = mysql_fetch_assoc($result)) |
|
111 |
+ while ($line = $result->fetch_assoc()) |
|
112 | 112 |
{ |
113 | 113 |
array_push($ret, $line); |
114 | 114 |
} |
... | ... |
@@ -121,11 +121,11 @@ function get_vmail_accounts() |
121 | 121 |
function get_vmail_domains() |
122 | 122 |
{ |
123 | 123 |
$uid = (int) $_SESSION['userinfo']['uid']; |
124 |
- $result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname"); |
|
125 |
- if (mysql_num_rows($result) == 0) |
|
124 |
+ $result = DB::query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname"); |
|
125 |
+ if ($result->num_rows == 0) |
|
126 | 126 |
system_failure('Sie haben keine Domains für virtuelle Mail-Verarbeitung'); |
127 | 127 |
$ret = array(); |
128 |
- while ($tmp = mysql_fetch_assoc($result)) |
|
128 |
+ while ($tmp = $result->fetch_assoc()) |
|
129 | 129 |
array_push($ret, $tmp); |
130 | 130 |
return $ret; |
131 | 131 |
} |
... | ... |
@@ -133,7 +133,7 @@ function get_vmail_domains() |
133 | 133 |
|
134 | 134 |
function find_account_id($accname) |
135 | 135 |
{ |
136 |
- $accname = mysql_real_escape_string($accname); |
|
136 |
+ $accname = DB::escape($accname); |
|
137 | 137 |
DEBUG($accname); |
138 | 138 |
$tmp = explode('@', $accname, 2); |
139 | 139 |
DEBUG($tmp); |
... | ... |
@@ -141,10 +141,10 @@ function find_account_id($accname) |
141 | 141 |
system_failure("Der Account hat nicht die korrekte Syntax"); |
142 | 142 |
list( $local, $domainname) = $tmp; |
143 | 143 |
|
144 |
- $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1"); |
|
145 |
- if (mysql_num_rows($result) == 0) |
|
144 |
+ $result = DB::query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1"); |
|
145 |
+ if ($result->num_rows == 0) |
|
146 | 146 |
system_failure("Der Account konnte nicht gefunden werden"); |
147 |
- $tmp = mysql_fetch_array($result); |
|
147 |
+ $tmp = $result->fetch_array(); |
|
148 | 148 |
return $tmp[0]; |
149 | 149 |
} |
150 | 150 |
|
... | ... |
@@ -152,8 +152,8 @@ function find_account_id($accname) |
152 | 152 |
function change_vmail_password($accname, $newpass) |
153 | 153 |
{ |
154 | 154 |
$accid = find_account_id($accname); |
155 |
- $encpw = mysql_real_escape_string(encrypt_mail_password($newpass)); |
|
156 |
- db_query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;"); |
|
155 |
+ $encpw = DB::escape(encrypt_mail_password($newpass)); |
|
156 |
+ DB::query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;"); |
|
157 | 157 |
} |
158 | 158 |
|
159 | 159 |
|
... | ... |
@@ -176,8 +176,8 @@ function domainselect($selected = NULL, $selectattribute = '') |
176 | 176 |
function get_max_mailboxquota($server, $oldquota) { |
177 | 177 |
$uid = (int) $_SESSION['userinfo']['uid']; |
178 | 178 |
$server = (int) $server; |
179 |
- $result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'"); |
|
180 |
- $item = mysql_fetch_assoc($result); |
|
179 |
+ $result = DB::query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'"); |
|
180 |
+ $item = $result->fetch_assoc(); |
|
181 | 181 |
DEBUG("Free space: ".$item['free']." / Really: ".($item['free'] + ($oldquota - config('vmail_basequota')))); |
182 | 182 |
return $item['free'] + ($oldquota - config('vmail_basequota')); |
183 | 183 |
} |
... | ... |
@@ -313,8 +313,8 @@ function save_vmail_account($account) |
313 | 313 |
$account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] ); |
314 | 314 |
} |
315 | 315 |
|
316 |
- $account['local'] = mysql_real_escape_string(strtolower($account['local'])); |
|
317 |
- $account['password'] = mysql_real_escape_string($account['password']); |
|
316 |
+ $account['local'] = DB::escape(strtolower($account['local'])); |
|
317 |
+ $account['password'] = DB::escape($account['password']); |
|
318 | 318 |
$account['spamexpire'] = (int) $account['spamexpire']; |
319 | 319 |
|
320 | 320 |
$query = ''; |
... | ... |
@@ -322,8 +322,8 @@ function save_vmail_account($account) |
322 | 322 |
{ |
323 | 323 |
$query = "INSERT INTO mail.vmail_accounts (local, domain, spamfilter, spamexpire, password, quota, quota_threshold) VALUES "; |
324 | 324 |
$query .= "('{$account['local']}', {$account['domain']}, {$spam}, {$account['spamexpire']}, {$password}, {$account['quota']}, {$account['quota_threshold']});"; |
325 |
- db_query($query); |
|
326 |
- $id = mysql_insert_id(); |
|
325 |
+ DB::query($query); |
|
326 |
+ $id = DB::insert_id(); |
|
327 | 327 |
} |
328 | 328 |
else |
329 | 329 |
{ |
... | ... |
@@ -334,34 +334,34 @@ function save_vmail_account($account) |
334 | 334 |
$query = "UPDATE mail.vmail_accounts SET local='{$account['local']}', domain={$account['domain']}{$password}, "; |
335 | 335 |
$query .= "spamfilter={$spam}, spamexpire={$account['spamexpire']}, quota={$account['quota']}, quota_threshold={$account['quota_threshold']} "; |
336 | 336 |
$query .= "WHERE id={$id} LIMIT 1;"; |
337 |
- db_query($query); |
|
337 |
+ DB::query($query); |
|
338 | 338 |
} |
339 | 339 |
|
340 | 340 |
if (is_array($account['autoresponder'])) { |
341 | 341 |
$ar = $account['autoresponder']; |
342 | 342 |
$valid_from = maybe_null($ar['valid_from']); |
343 | 343 |
$valid_until = maybe_null($ar['valid_until']); |
344 |
- $fromname = maybe_null( mysql_real_escape_string($ar['fromname']) ); |
|
344 |
+ $fromname = maybe_null( DB::escape($ar['fromname']) ); |
|
345 | 345 |
$fromaddr = NULL; |
346 | 346 |
if ($ar['fromaddr']) { |
347 |
- $fromaddr = mysql_real_escape_string(check_emailaddr($ar['fromaddr'])); |
|
347 |
+ $fromaddr = DB::escape(check_emailaddr($ar['fromaddr'])); |
|
348 | 348 |
} |
349 | 349 |
$fromaddr = maybe_null( $fromaddr ); |
350 |
- $subject = maybe_null( mysql_real_escape_string($ar['subject'])); |
|
351 |
- $message = mysql_real_escape_string($ar['message']); |
|
350 |
+ $subject = maybe_null( DB::escape($ar['subject'])); |
|
351 |
+ $message = DB::escape($ar['message']); |
|
352 | 352 |
$quote = "'inline'"; |
353 | 353 |
if ($ar['quote'] == 'attach') |
354 | 354 |
$quote = "'attach'"; |
355 | 355 |
elseif ($ar['quote'] == NULL) |
356 | 356 |
$quote = 'NULL'; |
357 |
- db_query("REPLACE INTO mail.vmail_autoresponder (account, valid_from, valid_until, fromname, fromaddr, subject, message, quote) ". |
|
357 |
+ DB::query("REPLACE INTO mail.vmail_autoresponder (account, valid_from, valid_until, fromname, fromaddr, subject, message, quote) ". |
|
358 | 358 |
"VALUES ({$id}, {$valid_from}, {$valid_until}, {$fromname}, {$fromaddr}, {$subject}, '{$message}', {$quote})"); |
359 | 359 |
} |
360 | 360 |
|
361 | 361 |
|
362 | 362 |
|
363 | 363 |
if (! $newaccount) |
364 |
- db_query("DELETE FROM mail.vmail_forward WHERE account={$id}"); |
|
364 |
+ DB::query("DELETE FROM mail.vmail_forward WHERE account={$id}"); |
|
365 | 365 |
|
366 | 366 |
if (count($account['forwards']) > 0) |
367 | 367 |
{ |
... | ... |
@@ -375,7 +375,7 @@ function save_vmail_account($account) |
375 | 375 |
$forward_query .= ', '; |
376 | 376 |
$forward_query .= "({$id}, ".maybe_null($account['forwards'][$i]['spamfilter']).", '{$account['forwards'][$i]['destination']}')"; |
377 | 377 |
} |
378 |
- db_query($forward_query); |
|
378 |
+ DB::query($forward_query); |
|
379 | 379 |
} |
380 | 380 |
if ($newaccount && $password != 'NULL') |
381 | 381 |
{ |
... | ... |
@@ -410,16 +410,16 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können? |
410 | 410 |
|
411 | 411 |
// Clean up obsolete quota |
412 | 412 |
if ($_SESSION['role'] == ROLE_SYSTEMUSER) { |
413 |
- db_query("UPDATE mail.vmail_accounts SET quota_used=NULL, quota=NULL WHERE password IS NULL"); |
|
413 |
+ DB::query("UPDATE mail.vmail_accounts SET quota_used=NULL, quota=NULL WHERE password IS NULL"); |
|
414 | 414 |
} |
415 | 415 |
|
416 | 416 |
// Update Mail-Quota-Cache |
417 | 417 |
if ($_SESSION['role'] == ROLE_SYSTEMUSER) { |
418 | 418 |
$uid = (int) $_SESSION['userinfo']['uid']; |
419 |
- $result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server"); |
|
420 |
- while ($line = mysql_fetch_assoc($result)) { |
|
419 |
+ $result = DB::query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server"); |
|
420 |
+ while ($line = $result->fetch_assoc()) { |
|
421 | 421 |
if ($line['quota'] !== NULL) { |
422 |
- db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')"); |
|
422 |
+ DB::query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')"); |
|
423 | 423 |
} |
424 | 424 |
} |
425 | 425 |
} |
... | ... |
@@ -432,7 +432,7 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können? |
432 | 432 |
function delete_account($id) |
433 | 433 |
{ |
434 | 434 |
$account = get_account_details($id); |
435 |
- db_query("DELETE FROM mail.vmail_accounts WHERE id={$account['id']};"); |
|
435 |
+ DB::query("DELETE FROM mail.vmail_accounts WHERE id={$account['id']};"); |
|
436 | 436 |
} |
437 | 437 |
|
438 | 438 |
|
... | ... |
@@ -445,9 +445,9 @@ function domainsettings($only_domain=NULL) { |
445 | 445 |
$subdomains = array(); |
446 | 446 |
|
447 | 447 |
// Domains |
448 |
- $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);"); |
|
448 |
+ $result = DB::query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);"); |
|
449 | 449 |
|
450 |
- while ($mydom = mysql_fetch_assoc($result)) { |
|
450 |
+ while ($mydom = $result->fetch_assoc()) { |
|
451 | 451 |
if (! array_key_exists($mydom['id'], $domains)) { |
452 | 452 |
if ($mydom['v_id']) |
453 | 453 |
$mydom['mail'] = 'virtual'; |
... | ... |
@@ -462,8 +462,8 @@ function domainsettings($only_domain=NULL) { |
462 | 462 |
} |
463 | 463 |
|
464 | 464 |
// Subdomains |
465 |
- $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};"); |
|
466 |
- while ($mydom = mysql_fetch_assoc($result)) { |
|
465 |
+ $result = DB::query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};"); |
|
466 |
+ while ($mydom = $result->fetch_assoc()) { |
|
467 | 467 |
if (! array_key_exists($mydom['id'], $subdomains)) |
468 | 468 |
$subdomains[$mydom['id']] = array(); |
469 | 469 |
|
... | ... |
@@ -482,15 +482,15 @@ function domainsettings($only_domain=NULL) { |
482 | 482 |
function domain_has_vmail_accounts($domid) |
483 | 483 |
{ |
484 | 484 |
$domid = (int) $domid; |
485 |
- $result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}"); |
|
486 |
- return (mysql_num_rows($result) > 0); |
|
485 |
+ $result = DB::query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}"); |
|
486 |
+ return ($result->num_rows > 0); |
|
487 | 487 |
} |
488 | 488 |
|
489 | 489 |
|
490 | 490 |
function change_domain($id, $type) |
491 | 491 |
{ |
492 | 492 |
$id = (int) $id; |
493 |
- $type = mysql_real_escape_string($type); |
|
493 |
+ $type = DB::escape($type); |
|
494 | 494 |
if (domain_has_vmail_accounts($id)) |
495 | 495 |
system_failure("Sie müssen zuerst alle E-Mail-Konten mit dieser Domain löschen, bevor Sie die Webinterface-Verwaltung für diese Domain abschalten können."); |
496 | 496 |
|
... | ... |
@@ -502,20 +502,20 @@ function change_domain($id, $type) |
502 | 502 |
system_failure('Domain ist bereits so konfiguriert'); |
503 | 503 |
|
504 | 504 |
if ($type == 'none') { |
505 |
- db_query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;"); |
|
506 |
- db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;"); |
|
507 |
- db_query("UPDATE kundendaten.domains SET mail='none', lastchange=NOW() WHERE id={$id} LIMIT 1;"); |
|
505 |
+ DB::query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;"); |
|
506 |
+ DB::query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;"); |
|
507 |
+ DB::query("UPDATE kundendaten.domains SET mail='none', lastchange=NOW() WHERE id={$id} LIMIT 1;"); |
|
508 | 508 |
} |
509 | 509 |
elseif ($type == 'virtual') { |
510 | 510 |
$vmailserver = (int) $_SESSION['userinfo']['server']; |
511 |
- db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;"); |
|
512 |
- db_query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;"); |
|
513 |
- db_query("INSERT INTO mail.virtual_mail_domains (domain, server) VALUES ({$id}, {$vmailserver});"); |
|
511 |
+ DB::query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;"); |
|
512 |
+ DB::query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;"); |
|
513 |
+ DB::query("INSERT INTO mail.virtual_mail_domains (domain, server) VALUES ({$id}, {$vmailserver});"); |
|
514 | 514 |
} |
515 | 515 |
elseif ($type == 'auto') { |
516 |
- db_query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;"); |
|
517 |
- db_query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;"); |
|
518 |
- db_query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;"); |
|
516 |
+ DB::query("DELETE FROM mail.virtual_mail_domains WHERE domain={$id} AND hostname IS NULL LIMIT 1;"); |
|
517 |
+ DB::query("DELETE FROM mail.custom_mappings WHERE domain={$id} AND subdomain IS NULL LIMIT 1;"); |
|
518 |
+ DB::query("UPDATE kundendaten.domains SET mail='auto', lastchange=NOW() WHERE id={$id} LIMIT 1;"); |
|
519 | 519 |
} |
520 | 520 |
} |
521 | 521 |
|
... | ... |
@@ -19,9 +19,9 @@ require_once('inc/base.php'); |
19 | 19 |
function list_ftpusers() |
20 | 20 |
{ |
21 | 21 |
$uid = (int) $_SESSION['userinfo']['uid']; |
22 |
- $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid"); |
|
22 |
+ $result = DB::query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid"); |
|
23 | 23 |
$ftpusers = array(); |
24 |
- while ($u = mysql_fetch_assoc($result)) { |
|
24 |
+ while ($u = $result->fetch_assoc()) { |
|
25 | 25 |
$ftpusers[] = $u; |
26 | 26 |
} |
27 | 27 |
return $ftpusers; |
... | ... |
@@ -39,10 +39,10 @@ function load_ftpuser($id) |
39 | 39 |
return empty_ftpuser(); |
40 | 40 |
$uid = (int) $_SESSION['userinfo']['uid']; |
41 | 41 |
$id = (int) $id; |
42 |
- $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1"); |
|
43 |
- if (mysql_num_rows($result) != 1) |
|
42 |
+ $result = DB::query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1"); |
|
43 |
+ if ($result->num_rows != 1) |
|
44 | 44 |
system_failure("Fehler beim auslesen des Accounts"); |
45 |
- $account = mysql_fetch_assoc($result); |
|
45 |
+ $account = $result->fetch_assoc(); |
|
46 | 46 |
DEBUG($account); |
47 | 47 |
return $account; |
48 | 48 |
} |
... | ... |
@@ -101,9 +101,9 @@ function save_ftpuser($data) |
101 | 101 |
|
102 | 102 |
|
103 | 103 |
if ($id) |
104 |
- db_query("UPDATE system.ftpusers SET username='{$username}', {$password_query} homedir='{$homedir}', active='{$active}', forcessl='{$forcessl}', server={$server} WHERE id={$id} AND uid={$uid} LIMIT 1"); |
|
104 |
+ DB::query("UPDATE system.ftpusers SET username='{$username}', {$password_query} homedir='{$homedir}', active='{$active}', forcessl='{$forcessl}', server={$server} WHERE id={$id} AND uid={$uid} LIMIT 1"); |
|
105 | 105 |
else |
106 |
- db_query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES ('{$username}', '{$password_hash}', '{$homedir}', '{$uid}', '{$active}', '{$forcessl}', {$server})"); |
|
106 |
+ DB::query("INSERT INTO system.ftpusers (username, password, homedir, uid, active, forcessl, server) VALUES ('{$username}', '{$password_hash}', '{$homedir}', '{$uid}', '{$active}', '{$forcessl}', {$server})"); |
|
107 | 107 |
} |
108 | 108 |
|
109 | 109 |
|
... | ... |
@@ -111,17 +111,17 @@ function delete_ftpuser($id) |
111 | 111 |
{ |
112 | 112 |
$uid = (int) $_SESSION['userinfo']['uid']; |
113 | 113 |
$id = (int) $id; |
114 |
- db_query("DELETE FROM system.ftpusers WHERE id='{$id}' AND uid={$uid} LIMIT 1"); |
|
114 |
+ DB::query("DELETE FROM system.ftpusers WHERE id='{$id}' AND uid={$uid} LIMIT 1"); |
|
115 | 115 |
} |
116 | 116 |
|
117 | 117 |
|
118 | 118 |
function get_gid($groupname) |
119 | 119 |
{ |
120 |
- $groupname = mysql_real_escape_string($groupname); |
|
121 |
- $result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1"); |
|
122 |
- if (mysql_num_rows($result) != 1) |
|
120 |
+ $groupname = DB::escape($groupname); |
|
121 |
+ $result = DB::query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1"); |
|
122 |
+ if ($result->num_rows != 1) |
|
123 | 123 |
system_failure('cannot determine gid of ftpusers group'); |
124 |
- $a = mysql_fetch_assoc($result); |
|
124 |
+ $a = $result->fetch_assoc(); |
|
125 | 125 |
$gid = (int) $a['gid']; |
126 | 126 |
if ($gid == 0) |
127 | 127 |
system_failure('error on determining gid of ftpusers group'); |
... | ... |
@@ -133,8 +133,8 @@ function have_regular_ftp() |
133 | 133 |
{ |
134 | 134 |
$gid = get_gid('ftpusers'); |
135 | 135 |
$uid = (int) $_SESSION['userinfo']['uid']; |
136 |
- $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'"); |
|
137 |
- return (mysql_num_rows($result) > 0); |
|
136 |
+ $result = DB::query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'"); |
|
137 |
+ return ($result->num_rows > 0); |
|
138 | 138 |
} |
139 | 139 |
|
140 | 140 |
|
... | ... |
@@ -143,14 +143,14 @@ function enable_regular_ftp() |
143 | 143 |
require_role(ROLE_SYSTEMUSER); |
144 | 144 |
$gid = get_gid('ftpusers'); |
145 | 145 |
$uid = (int) $_SESSION['userinfo']['uid']; |
146 |
- db_query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES ('$gid', '$uid')"); |
|
146 |
+ DB::query("REPLACE INTO system.gruppenzugehoerigkeit (gid, uid) VALUES ('$gid', '$uid')"); |
|
147 | 147 |
} |
148 | 148 |
|
149 | 149 |
function disable_regular_ftp() |
150 | 150 |
{ |
151 | 151 |
$gid = get_gid('ftpusers'); |
152 | 152 |
$uid = (int) $_SESSION['userinfo']['uid']; |
153 |
- db_query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'"); |
|
153 |
+ DB::query("DELETE FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'"); |
|
154 | 154 |
} |
155 | 155 |
|
156 | 156 |
|
... | ... |
@@ -17,9 +17,9 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
17 | 17 |
function whitelist_entries() |
18 | 18 |
{ |
19 | 19 |
$uid = (int) $_SESSION['userinfo']['uid']; |
20 |
- $res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};"); |
|
20 |
+ $result = DB::query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};"); |
|
21 | 21 |
$return = array(); |
22 |
- while ($line = mysql_fetch_assoc($res)) |
|
22 |
+ while ($line = $result->fetch_assoc()) |
|
23 | 23 |
array_push($return, $line); |
24 | 24 |
return $return; |
25 | 25 |
} |
... | ... |
@@ -29,10 +29,10 @@ function get_whitelist_details($id) |
29 | 29 |
{ |
30 | 30 |
$id = (int) $id; |
31 | 31 |
$uid = (int) $_SESSION['userinfo']['uid']; |
32 |
- $res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};"); |
|
33 |
- if (mysql_num_rows($res) != 1) |
|
32 |
+ $result = DB::query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};"); |
|
33 |
+ if ($res->num_rows != 1) |
|
34 | 34 |
system_failure('Kann diesen Eintrag nicht finden'); |
35 |
- return mysql_fetch_assoc($res); |
|
35 |
+ return $result->fetch_assoc(); |
|
36 | 36 |
} |
37 | 37 |
|
38 | 38 |
|
... | ... |
@@ -42,7 +42,7 @@ function delete_from_whitelist($id) |
42 | 42 |
// Check if the ID is valid: This will die if not. |
43 | 43 |
$entry = get_whitelist_details($id); |
44 | 44 |
|
45 |
- db_query("DELETE FROM mail.greylisting_manual_whitelist WHERE id={$id} LIMIT 1;"); |
|
45 |
+ DB::query("DELETE FROM mail.greylisting_manual_whitelist WHERE id={$id} LIMIT 1;"); |
|
46 | 46 |
} |
47 | 47 |
|
48 | 48 |
|
... | ... |
@@ -55,9 +55,9 @@ function valid_entry($local, $domain) |
55 | 55 |
system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!'); |
56 | 56 |
return true; |
57 | 57 |
} |
58 |
- $d = mysql_real_escape_string($domain); |
|
59 |
- $res = db_query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1"); |
|
60 |
- if (mysql_num_rows($res) != 1) |
|
58 |
+ $d = DB::escape($domain); |
|
59 |
+ $res = DB::query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1"); |
|
60 |
+ if ($res->num_rows != 1) |
|
61 | 61 |
system_failure('Diese domain gehört Ihnen nicht!'); |
62 | 62 |
return true; |
63 | 63 |
} |
... | ... |
@@ -68,14 +68,14 @@ function new_whitelist_entry($local, $domain, $minutes) |
68 | 68 |
valid_entry($local, $domain); |
69 | 69 |
$uid = (int) $_SESSION['userinfo']['uid']; |
70 | 70 |
$local = maybe_null($local); |
71 |
- $domain = mysql_real_escape_string($domain); |
|
71 |
+ $domain = DB::escape($domain); |
|
72 | 72 |
|
73 | 73 |
$expire = ''; |
74 | 74 |
if ($minutes == 'none') |
75 | 75 |
$expire = 'NULL'; |
76 | 76 |
else |
77 | 77 |
$expire = "NOW() + INTERVAL ". (int) $minutes ." MINUTE"; |
78 |
- db_query("INSERT INTO mail.greylisting_manual_whitelist (local,domain,date,expire,uid) VALUES ". |
|
78 |
+ DB::query("INSERT INTO mail.greylisting_manual_whitelist (local,domain,date,expire,uid) VALUES ". |
|
79 | 79 |
"({$local}, '{$domain}', NOW(), {$expire}, $uid);"); |
80 | 80 |
} |
81 | 81 |
|
... | ... |
@@ -14,15 +14,15 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
17 |
+require_once('inc/db.php'); |
|
18 | 18 |
require_once('session/checkuser.php'); |
19 | 19 |
|
20 | 20 |
function customer_has_email($customerno, $email) |
21 | 21 |
{ |
22 | 22 |
$customerno = (int) $customerno; |
23 |
- $email = mysql_real_escape_string($email); |
|
24 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');"); |
|
25 |
- return (mysql_num_rows($result) > 0); |
|
23 |
+ $email = DB::escape($email); |
|
24 |
+ $result = DB::query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');"); |
|
25 |
+ return ($result->num_rows > 0); |
|
26 | 26 |
} |
27 | 27 |
|
28 | 28 |
|
... | ... |
@@ -30,32 +30,32 @@ function validate_token($customerno, $token) |
30 | 30 |
{ |
31 | 31 |
expire_tokens(); |
32 | 32 |
$customerno = (int) $customerno; |
33 |
- $token = mysql_real_escape_string($token); |
|
34 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';"); |
|
35 |
- return (mysql_num_rows($result) > 0); |
|
33 |
+ $token = DB::escape($token); |
|
34 |
+ $result = DB::query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';"); |
|
35 |
+ return ($result->num_rows > 0); |
|
36 | 36 |
} |
37 | 37 |
|
38 | 38 |
|
39 | 39 |
function get_uid_for_token($token) |
40 | 40 |
{ |
41 | 41 |
expire_tokens(); |
42 |
- $token = mysql_real_escape_string($token); |
|
43 |
- $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';"); |
|
44 |
- if (mysql_num_rows($result) == 0) { |
|
42 |
+ $token = DB::escape($token); |
|
43 |
+ $result = DB::query("SELECT uid FROM system.usertoken WHERE token='{$token}';"); |
|
44 |
+ if ($result->num_rows == 0) { |
|
45 | 45 |
return NULL; |
46 | 46 |
} |
47 |
- $data = mysql_fetch_assoc($result); |
|
47 |
+ $data = $result->fetch_assoc(); |
|
48 | 48 |
return $data['uid']; |
49 | 49 |
} |
50 | 50 |
|
51 | 51 |
function get_username_for_uid($uid) |
52 | 52 |
{ |
53 | 53 |
$uid = (int) $uid; |
54 |
- $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}"); |
|
55 |
- if (mysql_num_rows($result) != 1) { |
|
54 |
+ $result = DB::query("SELECT username FROM system.useraccounts WHERE uid={$uid}"); |
|
55 |
+ if ($result->num_rows != 1) { |
|
56 | 56 |
system_failure("Unexpected number of users with this uid (!= 1)!"); |
57 | 57 |
} |
58 |
- $item = mysql_fetch_assoc($result); |
|
58 |
+ $item = $result->fetch_assoc(); |
|
59 | 59 |
return $item['username']; |
60 | 60 |
} |
61 | 61 |
|
... | ... |
@@ -63,44 +63,44 @@ function validate_uid_token($uid, $token) |
63 | 63 |
{ |
64 | 64 |
expire_tokens(); |
65 | 65 |
$uid = (int) $uid; |
66 |
- $token = mysql_real_escape_string($token); |
|
67 |
- $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';"); |
|
68 |
- return (mysql_num_rows($result) > 0); |
|
66 |
+ $token = DB::escape($token); |
|
67 |
+ $result = DB::query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';"); |
|
68 |
+ return ($result->num_rows > 0); |
|
69 | 69 |
} |
70 | 70 |
|
71 | 71 |
|
72 | 72 |
function expire_tokens() |
73 | 73 |
{ |
74 | 74 |
$expire = "1 DAY"; |
75 |
- db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};"); |
|
76 |
- db_query("DELETE FROM system.usertoken WHERE expire < NOW();"); |
|
75 |
+ DB::query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};"); |
|
76 |
+ DB::query("DELETE FROM system.usertoken WHERE expire < NOW();"); |
|
77 | 77 |
} |
78 | 78 |
|
79 | 79 |
function invalidate_customer_token($customerno) |
80 | 80 |
{ |
81 | 81 |
$customerno = (int) $customerno; |
82 |
- db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;"); |
|
82 |
+ DB::query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;"); |
|
83 | 83 |
} |
84 | 84 |
|
85 | 85 |
function invalidate_systemuser_token($uid) |
86 | 86 |
{ |
87 | 87 |
$uid = (int) $uid; |
88 |
- db_query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;"); |
|
88 |
+ DB::query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;"); |
|
89 | 89 |
} |
90 | 90 |
|
91 | 91 |
function create_token($customerno) |
92 | 92 |
{ |
93 | 93 |
$customerno = (int) $customerno; |
94 | 94 |
expire_tokens(); |
95 |
- $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;"); |
|
96 |
- if (mysql_num_rows($result) > 0) |
|
95 |
+ $result = DB::query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;"); |
|
96 |
+ if ($result->num_rows > 0) |
|
97 | 97 |
{ |
98 |
- $res = mysql_fetch_object($result)->token_create; |
|
98 |
+ $res = $result->fetch_object()->token_create; |
|
99 | 99 |
input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen."); |
100 | 100 |
return false; |
101 | 101 |
} |
102 | 102 |
$token = random_string(10); |
103 |
- db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;"); |
|
103 |
+ DB::query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;"); |
|
104 | 104 |
return true; |
105 | 105 |
} |
106 | 106 |
|
... | ... |
@@ -109,10 +109,10 @@ function get_customer_token($customerno) |
109 | 109 |
{ |
110 | 110 |
$customerno = (int) $customerno; |
111 | 111 |
expire_tokens(); |
112 |
- $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;"); |
|
113 |
- if (mysql_num_rows($result) < 1) |
|
112 |
+ $result = DB::query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;"); |
|
113 |
+ if ($result->num_rows < 1) |
|
114 | 114 |
system_failure("Kann das Token nicht auslesen!"); |
115 |
- return mysql_fetch_object($result)->token; |
|
115 |
+ return $result->fetch_object()->token; |
|
116 | 116 |
} |
117 | 117 |
|
118 | 118 |
|
... | ... |
@@ -38,14 +38,14 @@ function do_ajax_cert_login() { |
38 | 38 |
|
39 | 39 |
function get_logins_by_cert($cert) |
40 | 40 |
{ |
41 |
- $cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert)); |
|
41 |
+ $cert = DB::escape(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert)); |
|
42 | 42 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'"; |
43 |
- $result = db_query($query); |
|
44 |
- if (mysql_num_rows($result) < 1) |
|
43 |
+ $result = DB::query($query); |
|
44 |
+ if ($result->num_rows < 1) |
|
45 | 45 |
return NULL; |
46 | 46 |
else { |
47 | 47 |
$ret = array(); |
48 |
- while ($row = mysql_fetch_assoc($result)) { |
|
48 |
+ while ($row = $result->fetch_assoc()) { |
|
49 | 49 |
$ret[] = $row; |
50 | 50 |
} |
51 | 51 |
return $ret; |
... | ... |
@@ -58,10 +58,10 @@ function get_cert_by_id($id) |
58 | 58 |
if ($id == 0) |
59 | 59 |
system_failure('no ID'); |
60 | 60 |
$query = "SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`='{$id}' LIMIT 1"; |
61 |
- $result = db_query($query); |
|
62 |
- if (mysql_num_rows($result) < 1) |
|
61 |
+ $result = DB::query($query); |
|
62 |
+ if ($result->num_rows < 1) |
|
63 | 63 |
return NULL; |
64 |
- $ret = mysql_fetch_assoc($result); |
|
64 |
+ $ret = $result->fetch_assoc(); |
|
65 | 65 |
DEBUG($ret); |
66 | 66 |
return $ret; |
67 | 67 |
} |
... | ... |
@@ -69,14 +69,14 @@ function get_cert_by_id($id) |
69 | 69 |
|
70 | 70 |
function get_certs_by_username($username) |
71 | 71 |
{ |
72 |
- $username = mysql_real_escape_string($username); |
|
72 |
+ $username = DB::escape($username); |
|
73 | 73 |
if ($username == '') |
74 | 74 |
system_failure('empty username'); |
75 | 75 |
$query = "SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`='{$username}'"; |
76 |
- $result = db_query($query); |
|
77 |
- if (mysql_num_rows($result) < 1) |
|
76 |
+ $result = DB::query($query); |
|
77 |
+ if ($result->num_rows < 1) |
|
78 | 78 |
return NULL; |
79 |
- while ($row = mysql_fetch_assoc($result)) { |
|
79 |
+ while ($row = $result->fetch_assoc()) { |
|
80 | 80 |
$ret[] = $row; |
81 | 81 |
} |
82 | 82 |
return $ret; |
... | ... |
@@ -89,24 +89,24 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='') |
89 | 89 |
$username = NULL; |
90 | 90 |
if ($_SESSION['role'] & ROLE_SYSTEMUSER) { |
91 | 91 |
$type = 'user'; |
92 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
92 |
+ $username = DB::escape($_SESSION['userinfo']['username']); |
|
93 | 93 |
if (isset($_SESSION['subuser'])) { |
94 |
- $username = mysql_real_escape_string($_SESSION['subuser']); |
|
94 |
+ $username = DB::escape($_SESSION['subuser']); |
|
95 | 95 |
$type = 'subuser'; |
96 | 96 |
} |
97 | 97 |
} elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) { |
98 | 98 |
$type = 'email'; |
99 |
- $username = mysql_real_escape_string($_SESSION['mailaccount']); |
|
99 |
+ $username = DB::escape($_SESSION['mailaccount']); |
|
100 | 100 |
} |
101 | 101 |
if (! $type || ! $username) { |
102 | 102 |
system_failure('cannot get type or username of login'); |
103 | 103 |
} |
104 |
- $certdata = mysql_real_escape_string($certdata); |
|
105 |
- $dn = maybe_null(mysql_real_escape_string($dn)); |
|
106 |
- $issuer = maybe_null(mysql_real_escape_string($issuer)); |
|
104 |
+ $certdata = DB::escape($certdata); |
|
105 |
+ $dn = maybe_null(DB::escape($dn)); |
|
106 |
+ $issuer = maybe_null(DB::escape($issuer)); |
|
107 | 107 |
if ($startpage && ! check_path($startpage)) |
108 | 108 |
system_failure('Startseite kaputt'); |
109 |
- $startpage = maybe_null(mysql_real_escape_string($startpage)); |
|
109 |
+ $startpage = maybe_null(DB::escape($startpage)); |
|
110 | 110 |
|
111 | 111 |
if ($certdata == '') |
112 | 112 |
system_failure('Kein Zertifikat'); |
... | ... |
@@ -114,7 +114,7 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='') |
114 | 114 |
DEBUG($dn); |
115 | 115 |
DEBUG($issuer); |
116 | 116 |
|
117 |
- db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `cert`, `type`, `username`, `startpage`) |
|
117 |
+ DB::query("INSERT INTO system.clientcert (`dn`, `issuer`, `cert`, `type`, `username`, `startpage`) |
|
118 | 118 |
VALUES ({$dn}, {$issuer}, '{$certdata}', '{$type}', '{$username}', {$startpage})"); |
119 | 119 |
|
120 | 120 |
} |
... | ... |
@@ -127,18 +127,18 @@ function delete_clientcert($id) |
127 | 127 |
$username = NULL; |
128 | 128 |
if ($_SESSION['role'] & ROLE_SYSTEMUSER) { |
129 | 129 |
$type = 'user'; |
130 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
130 |
+ $username = DB::escape($_SESSION['userinfo']['username']); |
|
131 | 131 |
if (isset($_SESSION['subuser'])) { |
132 |
- $username = mysql_real_escape_string($_SESSION['subuser']); |
|
132 |
+ $username = DB::escape($_SESSION['subuser']); |
|
133 | 133 |
$type = 'subuser'; |
134 | 134 |
} |
135 | 135 |
} elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) { |
136 | 136 |
$type = 'email'; |
137 |
- $username = mysql_real_escape_string($_SESSION['mailaccount']); |
|
137 |
+ $username = DB::escape($_SESSION['mailaccount']); |
|
138 | 138 |
} |
139 | 139 |
if (! $type || ! $username) { |
140 | 140 |
system_failure('cannot get type or username of login'); |
141 | 141 |
} |
142 |
- db_query("DELETE FROM system.clientcert WHERE id={$id} AND type='{$type}' AND username='{$username}' LIMIT 1"); |
|
142 |
+ DB::query("DELETE FROM system.clientcert WHERE id={$id} AND type='{$type}' AND username='{$username}' LIMIT 1"); |
|
143 | 143 |
} |
144 | 144 |
|
... | ... |
@@ -20,9 +20,9 @@ require_once('inc/security.php'); |
20 | 20 |
function my_invoices() |
21 | 21 |
{ |
22 | 22 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
23 |
- $result = db_query("SELECT id,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC"); |
|
23 |
+ $result = DB::query("SELECT id,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC"); |
|
24 | 24 |
$ret = array(); |
25 |
- while($line = mysql_fetch_assoc($result)) |
|
25 |
+ while($line = $result->fetch_assoc()) |
|
26 | 26 |
array_push($ret, $line); |
27 | 27 |
return $ret; |
28 | 28 |
} |
... | ... |
@@ -32,10 +32,10 @@ function get_pdf($id) |
32 | 32 |
{ |
33 | 33 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
34 | 34 |
$id = (int) $id; |
35 |
- $result = db_query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}"); |
|
36 |
- if (mysql_num_rows($result) == 0) |
|
35 |
+ $result = DB::query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}"); |
|
36 |
+ if ($result->num_rows == 0) |
|
37 | 37 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt'); |
38 |
- return mysql_fetch_object($result)->pdfdata; |
|
38 |
+ return $result->fetch_object()->pdfdata; |
|
39 | 39 |
|
40 | 40 |
} |
41 | 41 |
|
... | ... |
@@ -44,21 +44,21 @@ function invoice_details($id) |
44 | 44 |
{ |
45 | 45 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
46 | 46 |
$id = (int) $id; |
47 |
- $result = db_query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}"); |
|
48 |
- if (mysql_num_rows($result) == 0) |
|
47 |
+ $result = DB::query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}"); |
|
48 |
+ if ($result->num_rows == 0) |
|
49 | 49 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt'); |
50 |
- return mysql_fetch_assoc($result); |
|
50 |
+ return $result->fetch_assoc(); |
|
51 | 51 |
} |
52 | 52 |
|
53 | 53 |
function invoice_items($id) |
54 | 54 |
{ |
55 | 55 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
56 | 56 |
$id = (int) $id; |
57 |
- $result = db_query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}"); |
|
58 |
- if (mysql_num_rows($result) == 0) |
|
57 |
+ $result = DB::query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}"); |
|
58 |
+ if ($result->num_rows == 0) |
|
59 | 59 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt'); |
60 | 60 |
$ret = array(); |
61 |
- while($line = mysql_fetch_assoc($result)) |
|
61 |
+ while($line = $result->fetch_assoc()) |
|
62 | 62 |
array_push($ret, $line); |
63 | 63 |
return $ret; |
64 | 64 |
} |
... | ... |
@@ -67,9 +67,9 @@ function invoice_items($id) |
67 | 67 |
function upcoming_items() |
68 | 68 |
{ |
69 | 69 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
70 |
- $result = db_query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC"); |
|
70 |
+ $result = DB::query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC"); |
|
71 | 71 |
$ret = array(); |
72 |
- while($line = mysql_fetch_assoc($result)) |
|
72 |
+ while($line = $result->fetch_assoc()) |
|
73 | 73 |
array_push($ret, $line); |
74 | 74 |
return $ret; |
75 | 75 |
} |
... | ... |
@@ -23,10 +23,10 @@ require_once('class/domain.php'); |
23 | 23 |
function get_jabber_accounts() { |
24 | 24 |
require_role(ROLE_CUSTOMER); |
25 | 25 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
26 |
- $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;"); |
|
26 |
+ $result = DB::query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;"); |
|
27 | 27 |
$accounts = array(); |
28 |
- if (@mysql_num_rows($result) > 0) |
|
29 |
- while ($acc = @mysql_fetch_assoc($result)) |
|
28 |
+ if (@$result->num_rows > 0) |
|
29 |
+ while ($acc = @$result->fetch_assoc()) |
|
30 | 30 |
array_push($accounts, $acc); |
31 | 31 |
return $accounts; |
32 | 32 |
} |
... | ... |
@@ -40,10 +40,10 @@ function get_jabberaccount_details($id) |
40 | 40 |
|
41 | 41 |
$id = (int) $id; |
42 | 42 |
|
43 |
- $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1"); |
|
44 |
- if (mysql_num_rows($result) != 1) |
|
43 |
+ $result = DB::query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1"); |
|
44 |
+ if ($result->num_rows != 1) |
|
45 | 45 |
system_failure("Invalid account"); |
46 |
- $data = mysql_fetch_assoc($result); |
|
46 |
+ $data = $result->fetch_assoc(); |
|
47 | 47 |
if ($data['domain'] == NULL) |
48 | 48 |
$data['domain'] = config('masterdomain'); |
49 | 49 |
else |
... | ... |
@@ -72,19 +72,19 @@ function create_jabber_account($local, $domain, $password) |
72 | 72 |
require_role(ROLE_CUSTOMER); |
73 | 73 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
74 | 74 |
|
75 |
- $local = mysql_real_escape_string( filter_input_username($local) ); |
|
75 |
+ $local = DB::escape( filter_input_username($local) ); |
|
76 | 76 |
$domain = (int) $domain; |
77 | 77 |
if (! valid_jabber_password($password)) |
78 | 78 |
{ |
79 | 79 |
input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.'); |
80 | 80 |
return; |
81 | 81 |
} |
82 |
- $password = mysql_real_escape_string( $password ); |
|
82 |
+ $password = DB::escape( $password ); |
|
83 | 83 |
|
84 | 84 |
if ($domain > 0) |
85 | 85 |
{ |
86 |
- $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};"); |
|
87 |
- if (mysql_num_rows($result) == 0) |
|
86 |
+ $result = DB::query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};"); |
|
87 |
+ if ($result->num_rows == 0) |
|
88 | 88 |
{ |
89 | 89 |
logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«"); |
90 | 90 |
system_failure("Invalid domain!"); |
... | ... |
@@ -97,14 +97,14 @@ function create_jabber_account($local, $domain, $password) |
97 | 97 |
$domain = 'NULL'; |
98 | 98 |
$domainquery = 'domain IS NULL'; |
99 | 99 |
} |
100 |
- $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}"); |
|
101 |
- if (mysql_num_rows($result) > 0) |
|
100 |
+ $result = DB::query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}"); |
|
101 |
+ if ($result->num_rows > 0) |
|
102 | 102 |
{ |
103 | 103 |
logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«"); |
104 | 104 |
system_failure("Diesen Account gibt es bereits!"); |
105 | 105 |
} |
106 | 106 |
|
107 |
- db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');"); |
|
107 |
+ DB::query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');"); |
|
108 | 108 |
logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«"); |
109 | 109 |
} |
110 | 110 |
|
... | ... |
@@ -120,9 +120,9 @@ function change_jabber_password($id, $password) |
120 | 120 |
input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.'); |
121 | 121 |
return; |
122 | 122 |
} |
123 |
- $password = mysql_real_escape_string( $password ); |
|
123 |
+ $password = DB::escape( $password ); |
|
124 | 124 |
|
125 |
- db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1"); |
|
125 |
+ DB::query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1"); |
|
126 | 126 |
logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account »{$id}«"); |
127 | 127 |
} |
128 | 128 |
|
... | ... |
@@ -135,7 +135,7 @@ function delete_jabber_account($id) |
135 | 135 |
|
136 | 136 |
$id = (int) $id; |
137 | 137 |
|
138 |
- db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1"); |
|
138 |
+ DB::query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1"); |
|
139 | 139 |
logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«"); |
140 | 140 |
} |
141 | 141 |
|
... | ... |
@@ -144,7 +144,7 @@ function new_jabber_domain($id) |
144 | 144 |
{ |
145 | 145 |
$d = new Domain( (int) $id ); |
146 | 146 |
$d->ensure_customerdomain(); |
147 |
- db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id={$d->id} LIMIT 1"); |
|
147 |
+ DB::query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id={$d->id} LIMIT 1"); |
|
148 | 148 |
} |
149 | 149 |
|
150 | 150 |
|
... | ... |
@@ -22,9 +22,9 @@ require_once('inc/security.php'); |
22 | 22 |
function get_lists() |
23 | 23 |
{ |
24 | 24 |
$uid = (int) $_SESSION['userinfo']['uid']; |
25 |
- $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid};"); |
|
25 |
+ $result = DB::query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid};"); |
|
26 | 26 |
$ret = array(); |
27 |
- while ($list = mysql_fetch_assoc($result)) |
|
27 |
+ while ($list = $result->fetch_assoc()) |
|
28 | 28 |
$ret[] = $list; |
29 | 29 |
DEBUG($ret); |
30 | 30 |
return $ret; |
... | ... |
@@ -35,10 +35,10 @@ function get_list($id) |
35 | 35 |
{ |
36 | 36 |
$id = (int) $id; |
37 | 37 |
$uid = (int) $_SESSION['userinfo']['uid']; |
38 |
- $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid} AND id={$id};"); |
|
39 |
- if (mysql_num_rows($result) < 1) |
|
38 |
+ $result = DB::query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid} AND id={$id};"); |
|
39 |
+ if ($result->num_rows < 1) |
|
40 | 40 |
system_failure('Die gewünschte Mailingliste konnte nicht gefunden werden'); |
41 |
- $list = mysql_fetch_assoc($result); |
|
41 |
+ $list = $result->fetch_assoc(); |
|
42 | 42 |
DEBUG($list); |
43 | 43 |
|
44 | 44 |
return $list; |
... | ... |
@@ -49,7 +49,7 @@ function delete_list($id) |
49 | 49 |
{ |
50 | 50 |
$uid = (int) $_SESSION['userinfo']['uid']; |
51 | 51 |
$id = (int) $id; |
52 |
- db_query("UPDATE mail.mailman_lists SET status='delete' WHERE owner={$uid} AND id={$id};"); |
|
52 |
+ DB::query("UPDATE mail.mailman_lists SET status='delete' WHERE owner={$uid} AND id={$id};"); |
|
53 | 53 |
} |
54 | 54 |
|
55 | 55 |
|
... | ... |
@@ -61,22 +61,22 @@ function create_list($listname, $maildomain, $admin) |
61 | 61 |
verify_input_general($admin); |
62 | 62 |
if (! check_emailaddr($admin)) |
63 | 63 |
system_failure('Der Verwalter muss eine gültige E-Mail-Adresse sein ('.$admin.').'); |
64 |
- $admin = mysql_real_escape_string($admin); |
|
65 |
- $result = db_query("SELECT id FROM mail.mailman_lists WHERE listname='{$listname}'"); |
|
66 |
- if (mysql_num_rows($result) > 0) |
|
64 |
+ $admin = DB::escape($admin); |
|
65 |
+ $result = DB::query("SELECT id FROM mail.mailman_lists WHERE listname='{$listname}'"); |
|
66 |
+ if ($result->num_rows > 0) |
|
67 | 67 |
system_failure('Eine Liste mit diesem Namen existiert bereits (unter dieser oder einer anderen Domain). Jeder Listenname kann nur einmal verwendet werden.'); |
68 | 68 |
|
69 |
- db_query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', '{$listname}', {$maildomain}, {$owner}, '{$admin}');"); |
|
70 |
- DEBUG('Neue ID: '.mysql_insert_id()); |
|
69 |
+ DB::query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', '{$listname}', {$maildomain}, {$owner}, '{$admin}');"); |
|
70 |
+ DEBUG('Neue ID: '.DB::insert_id()); |
|
71 | 71 |
} |
72 | 72 |
|
73 | 73 |
|
74 | 74 |
function get_mailman_domains() |
75 | 75 |
{ |
76 | 76 |
$uid = (int) $_SESSION['userinfo']['uid']; |
77 |
- $result = db_query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user={$uid}"); |
|
77 |
+ $result = DB::query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user={$uid}"); |
|
78 | 78 |
$ret = array(); |
79 |
- while ($dom = mysql_fetch_assoc($result)) |
|
79 |
+ while ($dom = $result->fetch_assoc()) |
|
80 | 80 |
$ret[] = $dom; |
81 | 81 |
DEBUG($ret); |
82 | 82 |
return $ret; |
... | ... |
@@ -17,11 +17,11 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
17 | 17 |
function get_mysql_accounts($UID) |
18 | 18 |
{ |
19 | 19 |
$UID = (int) $UID; |
20 |
- $result = db_query("SELECT id, username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username"); |
|
21 |
- if (mysql_num_rows($result) == 0) |
|
20 |
+ $result = DB::query("SELECT id, username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username"); |
|
21 |
+ if ($result->num_rows == 0) |
|
22 | 22 |
return array(); |
23 | 23 |
$list = array(); |
24 |
- while ($item = mysql_fetch_assoc($result)) |
|
24 |
+ while ($item = $result->fetch_assoc()) |
|
25 | 25 |
{ |
26 | 26 |
$list[] = $item; |
27 | 27 |
} |
... | ... |
@@ -31,11 +31,11 @@ function get_mysql_accounts($UID) |
31 | 31 |
function get_mysql_databases($UID) |
32 | 32 |
{ |
33 | 33 |
$UID = (int) $UID; |
34 |
- $result = db_query("SELECT id, name, description, created FROM misc.mysql_database WHERE useraccount=$UID ORDER BY name"); |
|
35 |
- if (mysql_num_rows($result) == 0) |
|
34 |
+ $result = DB::query("SELECT id, name, description, created FROM misc.mysql_database WHERE useraccount=$UID ORDER BY name"); |
|
35 |
+ if ($result->num_rows == 0) |
|
36 | 36 |
return array(); |
37 | 37 |
$list = array(); |
38 |
- while ($item = mysql_fetch_assoc($result)) |
|
38 |
+ while ($item = $result->fetch_assoc()) |
|
39 | 39 |
{ |
40 | 40 |
$list[] = $item; |
41 | 41 |
} |
... | ... |
@@ -55,7 +55,7 @@ function set_database_description($dbname, $description) |
55 | 55 |
system_failure('Ungültige Datenbank'); |
56 | 56 |
} |
57 | 57 |
$description = maybe_null(filter_input_general($description)); |
58 |
- db_query("UPDATE misc.mysql_database SET description={$description} WHERE id={$thisdb['id']}"); |
|
58 |
+ DB::query("UPDATE misc.mysql_database SET description={$description} WHERE id={$thisdb['id']}"); |
|
59 | 59 |
} |
60 | 60 |
|
61 | 61 |
function set_dbuser_description($username, $description) |
... | ... |
@@ -71,16 +71,16 @@ function set_dbuser_description($username, $description) |
71 | 71 |
system_failure('Ungültiger Benutzer'); |
72 | 72 |
} |
73 | 73 |
$description = maybe_null(filter_input_general($description)); |
74 |
- db_query("UPDATE misc.mysql_accounts SET description={$description} WHERE id={$thisuser['id']}"); |
|
74 |
+ DB::query("UPDATE misc.mysql_accounts SET description={$description} WHERE id={$thisuser['id']}"); |
|
75 | 75 |
} |
76 | 76 |
|
77 | 77 |
function servers_for_databases() |
78 | 78 |
{ |
79 | 79 |
$uid = (int) $_SESSION['userinfo']['uid']; |
80 | 80 |
|
81 |
- $result = db_query("SELECT db.name AS db, hostname FROM misc.mysql_database AS db LEFT JOIN system.useraccounts AS u ON (db.useraccount=u.uid) LEFT JOIN system.servers ON (COALESCE(db.server, u.server) = servers.id) WHERE db.useraccount={$uid}"); |
|
81 |
+ $result = DB::query("SELECT db.name AS db, hostname FROM misc.mysql_database AS db LEFT JOIN system.useraccounts AS u ON (db.useraccount=u.uid) LEFT JOIN system.servers ON (COALESCE(db.server, u.server) = servers.id) WHERE db.useraccount={$uid}"); |
|
82 | 82 |
$ret = array(); |
83 |
- while ($line = mysql_fetch_assoc($result)) { |
|
83 |
+ while ($line = $result->fetch_assoc()) { |
|
84 | 84 |
$ret[$line['db']] = $line['hostname']; |
85 | 85 |
} |
86 | 86 |
DEBUG($ret); |
... | ... |
@@ -95,10 +95,10 @@ function get_mysql_access($db, $account) |
95 | 95 |
if (!is_array($mysql_access)) |
96 | 96 |
{ |
97 | 97 |
$mysql_access = array(); |
98 |
- $result = db_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};"); |
|
99 |
- if (mysql_num_rows($result) == 0) |
|
98 |
+ $result = DB::query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};"); |
|
99 |
+ if ($result->num_rows == 0) |
|
100 | 100 |
return false; |
101 |
- while ($line = mysql_fetch_object($result)) |
|
101 |
+ while ($line = $result->fetch_object()) |
|
102 | 102 |
$mysql_access[$line->db][$line->user] = true; |
103 | 103 |
} |
104 | 104 |
return (array_key_exists($db, $mysql_access) && array_key_exists($account, $mysql_access[$db])); |
... | ... |
@@ -108,22 +108,22 @@ function get_mysql_access($db, $account) |
108 | 108 |
function set_mysql_access($db, $account, $status) |
109 | 109 |
{ |
110 | 110 |
$uid = $_SESSION['userinfo']['uid']; |
111 |
- $db = mysql_real_escape_string($db); |
|
112 |
- $account = mysql_real_escape_string($account); |
|
111 |
+ $db = DB::escape($db); |
|
112 |
+ $account = DB::escape($account); |
|
113 | 113 |
DEBUG("User »{$account}« soll ".($status ? "" : "NICHT ")."auf die Datenbank »{$db}« zugreifen"); |
114 | 114 |
$query = ''; |
115 | 115 |
if ($status) |
116 | 116 |
{ |
117 | 117 |
if (get_mysql_access($db, $account)) |
118 | 118 |
return NULL; |
119 |
- $result = db_query("SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1"); |
|
120 |
- if (mysql_num_rows($result) != 1) |
|
119 |
+ $result = DB::query("SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1"); |
|
120 |
+ if ($result->num_rows != 1) |
|
121 | 121 |
{ |
122 | 122 |
logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find database {$db}"); |
123 | 123 |
system_failure("cannot find database »{$db}«"); |
124 | 124 |
} |
125 |
- $result = db_query("SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid} LIMIT 1"); |
|
126 |
- if (mysql_num_rows($result) != 1) |
|
125 |
+ $result = DB::query("SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid} LIMIT 1"); |
|
126 |
+ if ($result->num_rows != 1) |
|
127 | 127 |
{ |
128 | 128 |
logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find user {$account}"); |
129 | 129 |
system_failure("cannot find database user »{$account}«"); |
... | ... |
@@ -138,7 +138,7 @@ function set_mysql_access($db, $account, $status) |
138 | 138 |
$query = "DELETE FROM misc.mysql_access WHERE `database`=(SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1) AND user=(SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid});"; |
139 | 139 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "revoking access on »{$db}« from »{$account}«"); |
140 | 140 |
} |
141 |
- db_query($query); |
|
141 |
+ DB::query($query); |
|
142 | 142 |
} |
143 | 143 |
|
144 | 144 |
|
... | ... |
@@ -151,19 +151,19 @@ function create_mysql_account($username, $description = '') |
151 | 151 |
return NULL; |
152 | 152 |
} |
153 | 153 |
$uid = $_SESSION['userinfo']['uid']; |
154 |
- $username = mysql_real_escape_string($username); |
|
154 |
+ $username = DB::escape($username); |
|
155 | 155 |
$description = maybe_null($description); |
156 | 156 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "creating user »{$username}«"); |
157 |
- db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);"); |
|
157 |
+ DB::query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);"); |
|
158 | 158 |
} |
159 | 159 |
|
160 | 160 |
|
161 | 161 |
function delete_mysql_account($username) |
162 | 162 |
{ |
163 |
- $username = mysql_real_escape_string($username); |
|
163 |
+ $username = DB::escape($username); |
|
164 | 164 |
$uid = $_SESSION['userinfo']['uid']; |
165 | 165 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "deleting user »{$username}«"); |
166 |
- db_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;"); |
|
166 |
+ DB::query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;"); |
|
167 | 167 |
} |
168 | 168 |
|
169 | 169 |
|
... | ... |
@@ -175,7 +175,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL) |
175 | 175 |
input_error("Der eingegebene Datenbankname entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein."); |
176 | 176 |
return NULL; |
177 | 177 |
} |
178 |
- $dbname = mysql_real_escape_string($dbname); |
|
178 |
+ $dbname = DB::escape($dbname); |
|
179 | 179 |
$uid = $_SESSION['userinfo']['uid']; |
180 | 180 |
$description = maybe_null($description); |
181 | 181 |
$server = (int) $server; |
... | ... |
@@ -183,16 +183,16 @@ function create_mysql_database($dbname, $description = '', $server = NULL) |
183 | 183 |
$server = 'NULL'; |
184 | 184 |
} |
185 | 185 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "creating database »{$dbname}«"); |
186 |
- db_query("INSERT INTO misc.mysql_database (name, useraccount, server, description) VALUES ('$dbname', $uid, $server, $description);"); |
|
186 |
+ DB::query("INSERT INTO misc.mysql_database (name, useraccount, server, description) VALUES ('$dbname', $uid, $server, $description);"); |
|
187 | 187 |
} |
188 | 188 |
|
189 | 189 |
|
190 | 190 |
function delete_mysql_database($dbname) |
191 | 191 |
{ |
192 |
- $dbname = mysql_real_escape_string($dbname); |
|
192 |
+ $dbname = DB::escape($dbname); |
|
193 | 193 |
$uid = $_SESSION['userinfo']['uid']; |
194 | 194 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "removing database »{$dbname}«"); |
195 |
- db_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;"); |
|
195 |
+ DB::query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;"); |
|
196 | 196 |
} |
197 | 197 |
|
198 | 198 |
|
... | ... |
@@ -212,29 +212,29 @@ function validate_mysql_username($username) |
212 | 212 |
|
213 | 213 |
function set_mysql_password($username, $password) |
214 | 214 |
{ |
215 |
- $username = mysql_real_escape_string($username); |
|
216 |
- $password = mysql_real_escape_string($password); |
|
215 |
+ $username = DB::escape($username); |
|
216 |
+ $password = DB::escape($password); |
|
217 | 217 |
$uid = $_SESSION['userinfo']['uid']; |
218 | 218 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "updating password for »{$username}«"); |
219 |
- db_query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;"); |
|
219 |
+ DB::query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;"); |
|
220 | 220 |
} |
221 | 221 |
|
222 | 222 |
|
223 | 223 |
function has_mysql_database($dbname) |
224 | 224 |
{ |
225 | 225 |
$uid = $_SESSION['userinfo']['uid']; |
226 |
- $dbname = mysql_real_escape_string($dbname); |
|
227 |
- $result = db_query("SELECT NULL FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;"); |
|
228 |
- return (mysql_num_rows($result) == 1); |
|
226 |
+ $dbname = DB::escape($dbname); |
|
227 |
+ $result = DB::query("SELECT NULL FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;"); |
|
228 |
+ return ($result->num_rows == 1); |
|
229 | 229 |
} |
230 | 230 |
|
231 | 231 |
|
232 | 232 |
function has_mysql_user($username) |
233 | 233 |
{ |
234 | 234 |
$uid = $_SESSION['userinfo']['uid']; |
235 |
- $userame = mysql_real_escape_string($username); |
|
236 |
- $result = db_query("SELECT NULL FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;"); |
|
237 |
- return (mysql_num_rows($result) == 1); |
|
235 |
+ $userame = DB::escape($username); |
|
236 |
+ $result = DB::query("SELECT NULL FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;"); |
|
237 |
+ return ($result->num_rows == 1); |
|
238 | 238 |
} |
239 | 239 |
|
240 | 240 |
|
... | ... |
@@ -16,23 +16,23 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
16 | 16 |
|
17 | 17 |
function set_newsletter_address($address) { |
18 | 18 |
$cid = $_SESSION['customerinfo']['customerno']; |
19 |
- $address = maybe_null(mysql_real_escape_string($address)); |
|
20 |
- db_query("UPDATE kundendaten.kunden SET email_newsletter={$address} WHERE id={$cid}"); |
|
19 |
+ $address = maybe_null(DB::escape($address)); |
|
20 |
+ DB::query("UPDATE kundendaten.kunden SET email_newsletter={$address} WHERE id={$cid}"); |
|
21 | 21 |
} |
22 | 22 |
|
23 | 23 |
function get_newsletter_address() { |
24 | 24 |
$cid = $_SESSION['customerinfo']['customerno']; |
25 |
- $result = db_query("SELECT email_newsletter FROM kundendaten.kunden WHERE id={$cid}"); |
|
26 |
- $r = mysql_fetch_assoc($result); |
|
25 |
+ $result = DB::query("SELECT email_newsletter FROM kundendaten.kunden WHERE id={$cid}"); |
|
26 |
+ $r = $result->fetch_assoc(); |
|
27 | 27 |
return $r['email_newsletter']; |
28 | 28 |
} |
29 | 29 |
|
30 | 30 |
|
31 | 31 |
function get_latest_news() { |
32 | 32 |
$today = strftime('%Y-%m-%d'); |
33 |
- $result = db_query("SELECT id, date, subject, content FROM misc.news WHERE date > '{$today}' - INTERVAL 1 YEAR ORDER BY date DESC"); |
|
33 |
+ $result = DB::query("SELECT id, date, subject, content FROM misc.news WHERE date > '{$today}' - INTERVAL 1 YEAR ORDER BY date DESC"); |
|
34 | 34 |
$ret = array(); |
35 |
- while ($item = mysql_fetch_assoc($result)) { |
|
35 |
+ while ($item = $result->fetch_assoc()) { |
|
36 | 36 |
$ret[] = $item; |
37 | 37 |
} |
38 | 38 |
DEBUG($ret); |
... | ... |
@@ -42,8 +42,8 @@ function get_latest_news() { |
42 | 42 |
|
43 | 43 |
function get_news_item($id) { |
44 | 44 |
$id = (int) $id; |
45 |
- $result = db_query("SELECT date, subject, content FROM misc.news WHERE id={$id}"); |
|
46 |
- $ret = mysql_fetch_assoc($result); |
|
45 |
+ $result = DB::query("SELECT date, subject, content FROM misc.news WHERE id={$id}"); |
|
46 |
+ $ret = $result->fetch_assoc(); |
|
47 | 47 |
DEBUG($ret); |
48 | 48 |
return $ret; |
49 | 49 |
} |
... | ... |
@@ -14,15 +14,15 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
17 |
+require_once('inc/db.php'); |
|
18 | 18 |
require_once('session/checkuser.php'); |
19 | 19 |
|
20 | 20 |
function customer_has_email($customerno, $email) |
21 | 21 |
{ |
22 | 22 |
$customerno = (int) $customerno; |
23 |
- $email = mysql_real_escape_string($email); |
|
24 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');"); |
|
25 |
- return (mysql_num_rows($result) > 0); |
|
23 |
+ $email = DB::escape($email); |
|
24 |
+ $result = DB::query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');"); |
|
25 |
+ return ($result->num_rows > 0); |
|
26 | 26 |
} |
27 | 27 |
|
28 | 28 |
|
... | ... |
@@ -30,37 +30,37 @@ function validate_token($customerno, $token) |
30 | 30 |
{ |
31 | 31 |
expire_tokens(); |
32 | 32 |
$customerno = (int) $customerno; |
33 |
- $token = mysql_real_escape_string($token); |
|
34 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';"); |
|
35 |
- return (mysql_num_rows($result) > 0); |
|
33 |
+ $token = DB::escape($token); |
|
34 |
+ $result = DB::query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';"); |
|
35 |
+ return ($result->num_rows > 0); |
|
36 | 36 |
} |
37 | 37 |
|
38 | 38 |
|
39 | 39 |
function expire_tokens() |
40 | 40 |
{ |
41 | 41 |
$expire = "1 DAY"; |
42 |
- db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};"); |
|
42 |
+ DB::query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};"); |
|
43 | 43 |
} |
44 | 44 |
|
45 | 45 |
function invalidate_customer_token($customerno) |
46 | 46 |
{ |
47 | 47 |
$customerno = (int) $customerno; |
48 |
- db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;"); |
|
48 |
+ DB::query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;"); |
|
49 | 49 |
} |
50 | 50 |
|
51 | 51 |
function create_token($customerno) |
52 | 52 |
{ |
53 | 53 |
$customerno = (int) $customerno; |
54 | 54 |
expire_tokens(); |
55 |
- $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;"); |
|
56 |
- if (mysql_num_rows($result) > 0) |
|
55 |
+ $result = DB::query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;"); |
|
56 |
+ if ($result->num_rows > 0) |
|
57 | 57 |
{ |
58 |
- $res = mysql_fetch_object($result)->token_create; |
|
58 |
+ $res = $result->fetch_object()->token_create; |
|
59 | 59 |
input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen."); |
60 | 60 |
return false; |
61 | 61 |
} |
62 | 62 |
$token = random_string(10); |
63 |
- db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;"); |
|
63 |
+ DB::query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;"); |
|
64 | 64 |
return true; |
65 | 65 |
} |
66 | 66 |
|
... | ... |
@@ -69,10 +69,10 @@ function get_customer_token($customerno) |
69 | 69 |
{ |
70 | 70 |
$customerno = (int) $customerno; |
71 | 71 |
expire_tokens(); |
72 |
- $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;"); |
|
73 |
- if (mysql_num_rows($result) < 1) |
|
72 |
+ $result = DB::query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;"); |
|
73 |
+ if ($result->num_rows < 1) |
|
74 | 74 |
system_failure("Kann das Token nicht auslesen!"); |
75 |
- return mysql_fetch_object($result)->token; |
|
75 |
+ return $result->fetch_object()->token; |
|
76 | 76 |
} |
77 | 77 |
|
78 | 78 |
|
... | ... |
@@ -14,17 +14,17 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
17 |
+require_once('inc/db.php'); |
|
18 | 18 |
require_once('mail.php'); |
19 | 19 |
|
20 | 20 |
function customer_with_email($email) |
21 | 21 |
{ |
22 |
- $email = mysql_real_escape_string($email); |
|
23 |
- $result = db_query("SELECT id FROM kundendaten.kunden WHERE email='{$email}' OR email_rechnung='{$email}' OR email_extern='{$email}' LIMIT 1;"); |
|
24 |
- if (mysql_num_rows($result) == 0) |
|
22 |
+ $email = DB::escape($email); |
|
23 |
+ $result = DB::query("SELECT id FROM kundendaten.kunden WHERE email='{$email}' OR email_rechnung='{$email}' OR email_extern='{$email}' LIMIT 1;"); |
|
24 |
+ if ($result->num_rows == 0) |
|
25 | 25 |
return NULL; |
26 | 26 |
else |
27 |
- return mysql_fetch_object($result)->id; |
|
27 |
+ return $result->fetch_object()->id; |
|
28 | 28 |
} |
29 | 29 |
|
30 | 30 |
|
... | ... |
@@ -38,11 +38,11 @@ function create_customer($data) |
38 | 38 |
return NULL; |
39 | 39 |
} |
40 | 40 |
|
41 |
- $anrede = mysql_escape_string($data['anrede']); |
|
42 |
- $firma = mysql_escape_string($data['firma']); |
|
43 |
- $vorname = mysql_escape_string($data['vorname']); |
|
44 |
- $nachname = mysql_escape_string($data['nachname']); |
|
45 |
- $email = mysql_escape_string($data['email']); |
|
41 |
+ $anrede = DB::escape($data['anrede']); |
|
42 |
+ $firma = DB::escape($data['firma']); |
|
43 |
+ $vorname = DB::escape($data['vorname']); |
|
44 |
+ $nachname = DB::escape($data['nachname']); |
|
45 |
+ $email = DB::escape($data['email']); |
|
46 | 46 |
|
47 | 47 |
logger(LOG_INFO, 'modules/register/include/register', 'register', "Creating new account: {$anrede} / {$firma} / {$vorname} / {$nachname} / {$email}"); |
48 | 48 |
|
... | ... |
@@ -51,10 +51,10 @@ function create_customer($data) |
51 | 51 |
$vorname = maybe_null($vorname); |
52 | 52 |
$nachname = maybe_null($nachname); |
53 | 53 |
|
54 |
- db_query("BEGIN"); |
|
55 |
- db_query("INSERT INTO kundendaten.kunden (firma, nachname, vorname, anrede, email, erstellungsdatum,status) VALUES ({$firma}, {$nachname}, {$vorname}, {$anrede}, {$email}, CURDATE(), 3)"); |
|
56 |
- $customerno = mysql_insert_id(); |
|
57 |
- db_query("COMMIT"); |
|
54 |
+ DB::query("BEGIN"); |
|
55 |
+ DB::query("INSERT INTO kundendaten.kunden (firma, nachname, vorname, anrede, email, erstellungsdatum,status) VALUES ({$firma}, {$nachname}, {$vorname}, {$anrede}, {$email}, CURDATE(), 3)"); |
|
56 |
+ $customerno = DB::insert_id(); |
|
57 |
+ DB::query("COMMIT"); |
|
58 | 58 |
return $customerno; |
59 | 59 |
|
60 | 60 |
} |
... | ... |
@@ -21,10 +21,10 @@ function list_system_users() |
21 | 21 |
{ |
22 | 22 |
require_role(ROLE_SYSADMIN); |
23 | 23 |
|
24 |
- $result = db_query("SELECT uid,username FROM system.v_useraccounts ORDER BY username"); |
|
24 |
+ $result = DB::query("SELECT uid,username FROM system.v_useraccounts ORDER BY username"); |
|
25 | 25 |
|
26 | 26 |
$ret = array(); |
27 |
- while ($item = mysql_fetch_object($result)) |
|
27 |
+ while ($item = $result->fetch_object()) |
|
28 | 28 |
array_push($ret, $item); |
29 | 29 |
return $ret; |
30 | 30 |
} |
... | ... |
@@ -34,10 +34,10 @@ function list_customers() |
34 | 34 |
{ |
35 | 35 |
require_role(ROLE_SYSADMIN); |
36 | 36 |
|
37 |
- $result = db_query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden"); |
|
37 |
+ $result = DB::query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden"); |
|
38 | 38 |
|
39 | 39 |
$ret = array(); |
40 |
- while ($item = mysql_fetch_object($result)) |
|
40 |
+ while ($item = $result->fetch_object()) |
|
41 | 41 |
array_push($ret, $item); |
42 | 42 |
return $ret; |
43 | 43 |
} |
... | ... |
@@ -45,9 +45,9 @@ function list_customers() |
45 | 45 |
|
46 | 46 |
function find_customers($string) |
47 | 47 |
{ |
48 |
- $string = mysql_real_escape_string(chop($string)); |
|
48 |
+ $string = DB::escape(chop($string)); |
|
49 | 49 |
$return = array(); |
50 |
- $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ". |
|
50 |
+ $result = DB::query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ". |
|
51 | 51 |
"firma LIKE '%{$string}%' OR firma2 LIKE '%{$string}%' OR ". |
52 | 52 |
"nachname LIKE '%{$string}%' OR vorname LIKE '%{$string}%' OR ". |
53 | 53 |
"adresse LIKE '%{$string}%' OR adresse2 LIKE '%{$string}%' OR ". |
... | ... |
@@ -55,14 +55,14 @@ function find_customers($string) |
55 | 55 |
"notizen LIKE '%{$string}%' OR email_rechnung LIKE '%{$string}%' OR ". |
56 | 56 |
"email LIKE '%{$string}%' OR email_extern LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ". |
57 | 57 |
"u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';"); |
58 |
- while ($entry = mysql_fetch_assoc($result)) |
|
58 |
+ while ($entry = $result->fetch_assoc()) |
|
59 | 59 |
$return[] = $entry['id']; |
60 | 60 |
|
61 |
- $result = db_query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND ( |
|
61 |
+ $result = DB::query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND ( |
|
62 | 62 |
domainname LIKE '%{$string}%' OR CONCAT_WS('.', domainname, tld) LIKE '%{$string}%' |
63 | 63 |
)"); |
64 | 64 |
|
65 |
- while ($entry = mysql_fetch_assoc($result)) |
|
65 |
+ while ($entry = $result->fetch_assoc()) |
|
66 | 66 |
$return[] = $entry['kunde']; |
67 | 67 |
|
68 | 68 |
return $return; |
... | ... |
@@ -73,9 +73,9 @@ function find_users_for_customer($id) |
73 | 73 |
{ |
74 | 74 |
$id = (int) $id; |
75 | 75 |
$return = array(); |
76 |
- $result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE ". |
|
76 |
+ $result = DB::query("SELECT uid, username, name FROM system.useraccounts WHERE ". |
|
77 | 77 |
"kunde='{$id}';"); |
78 |
- while ($entry = mysql_fetch_assoc($result)) |
|
78 |
+ while ($entry = $result->fetch_assoc()) |
|
79 | 79 |
$return[] = $entry; |
80 | 80 |
|
81 | 81 |
return $return; |
... | ... |
@@ -23,9 +23,9 @@ require_once("inc/debug.php"); |
23 | 23 |
function list_subusers() |
24 | 24 |
{ |
25 | 25 |
$uid = (int) $_SESSION['userinfo']['uid']; |
26 |
- $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}"); |
|
26 |
+ $result = DB::query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}"); |
|
27 | 27 |
$subusers = array(); |
28 |
- while ($item = mysql_fetch_assoc($result)) |
|
28 |
+ while ($item = $result->fetch_assoc()) |
|
29 | 29 |
{ |
30 | 30 |
$item['modules'] = explode(',', $item['modules']); |
31 | 31 |
$subusers[] = $item; |
... | ... |
@@ -39,8 +39,8 @@ function load_subuser($id) { |
39 | 39 |
$id = (int) $id; |
40 | 40 |
$uid = (int) $_SESSION['userinfo']['uid']; |
41 | 41 |
|
42 |
- $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}"); |
|
43 |
- $item = mysql_fetch_assoc($result); |
|
42 |
+ $result = DB::query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}"); |
|
43 |
+ $item = $result->fetch_assoc(); |
|
44 | 44 |
$item['modules'] = explode(',', $item['modules']); |
45 | 45 |
return $item; |
46 | 46 |
} |
... | ... |
@@ -66,7 +66,7 @@ function delete_subuser($id) { |
66 | 66 |
$id = (int) $id; |
67 | 67 |
$uid = (int) $_SESSION['userinfo']['uid']; |
68 | 68 |
|
69 |
- db_query("DELETE FROM system.subusers WHERE id={$id} AND uid={$uid}"); |
|
69 |
+ DB::query("DELETE FROM system.subusers WHERE id={$id} AND uid={$uid}"); |
|
70 | 70 |
} |
71 | 71 |
|
72 | 72 |
function empty_subuser() |
... | ... |
@@ -79,7 +79,7 @@ function new_subuser($username, $requested_modules, $password) |
79 | 79 |
{ |
80 | 80 |
$uid = (int) $_SESSION['userinfo']['uid']; |
81 | 81 |
|
82 |
- $username = mysql_real_escape_string(filter_input_username($username)); |
|
82 |
+ $username = DB::escape(filter_input_username($username)); |
|
83 | 83 |
if (strpos($username, $_SESSION['userinfo']['username']) !== 0) { |
84 | 84 |
// Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
85 | 85 |
system_failure("Ungültiger Benutzername!"); |
... | ... |
@@ -100,7 +100,7 @@ function new_subuser($username, $requested_modules, $password) |
100 | 100 |
if (count($modules) == 0) { |
101 | 101 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!"); |
102 | 102 |
} |
103 |
- $modules = mysql_real_escape_string(implode(',', $modules)); |
|
103 |
+ $modules = DB::escape(implode(',', $modules)); |
|
104 | 104 |
|
105 | 105 |
$result = strong_password($password); |
106 | 106 |
if ($result !== true) { |
... | ... |
@@ -108,7 +108,7 @@ function new_subuser($username, $requested_modules, $password) |
108 | 108 |
} |
109 | 109 |
$password = hash("sha256", $password); |
110 | 110 |
|
111 |
- db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES ({$uid}, '{$username}', '{$password}', '{$modules}')"); |
|
111 |
+ DB::query("INSERT INTO system.subusers (uid, username, password, modules) VALUES ({$uid}, '{$username}', '{$password}', '{$modules}')"); |
|
112 | 112 |
} |
113 | 113 |
|
114 | 114 |
|
... | ... |
@@ -128,7 +128,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
128 | 128 |
system_failure("Kann diesen Account nicht finden!"); |
129 | 129 |
} |
130 | 130 |
|
131 |
- $username = mysql_real_escape_string(filter_input_username($username)); |
|
131 |
+ $username = DB::escape(filter_input_username($username)); |
|
132 | 132 |
if (strpos($username, $_SESSION['userinfo']['username']) !== 0) { |
133 | 133 |
// Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
134 | 134 |
system_failure("Ungültiger Benutzername!"); |
... | ... |
@@ -148,7 +148,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
148 | 148 |
if (count($modules) == 0) { |
149 | 149 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!"); |
150 | 150 |
} |
151 |
- $modules = mysql_real_escape_string(implode(',', $modules)); |
|
151 |
+ $modules = DB::escape(implode(',', $modules)); |
|
152 | 152 |
|
153 | 153 |
$pwchange = ''; |
154 | 154 |
if ($password) { |
... | ... |
@@ -161,7 +161,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
161 | 161 |
} |
162 | 162 |
|
163 | 163 |
|
164 |
- db_query("UPDATE system.subusers SET username='{$username}', modules='{$modules}'{$pwchange} WHERE id={$id} AND uid={$uid}"); |
|
164 |
+ DB::query("UPDATE system.subusers SET username='{$username}', modules='{$modules}'{$pwchange} WHERE id={$id} AND uid={$uid}"); |
|
165 | 165 |
} |
166 | 166 |
|
167 | 167 |
|
... | ... |
@@ -22,15 +22,15 @@ require_once("inc/db_connect.php"); |
22 | 22 |
function customer_may_have_useraccounts() |
23 | 23 |
{ |
24 | 24 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
25 |
- $result = db_query("SELECT COUNT(*) FROM system.useraccounts WHERE kunde={$customerno}"); |
|
26 |
- return (mysql_num_rows($result) > 0); |
|
25 |
+ $result = DB::query("SELECT COUNT(*) FROM system.useraccounts WHERE kunde={$customerno}"); |
|
26 |
+ return ($result->num_rows > 0); |
|
27 | 27 |
} |
28 | 28 |
|
29 | 29 |
function customer_useraccount($uid) { |
30 | 30 |
$uid = (int) $uid; |
31 | 31 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
32 |
- $result = db_query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1"); |
|
33 |
- return mysql_num_rows($result) > 0; |
|
32 |
+ $result = DB::query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1"); |
|
33 |
+ return $result->num_rows > 0; |
|
34 | 34 |
} |
35 | 35 |
|
36 | 36 |
function primary_useraccount() |
... | ... |
@@ -38,8 +38,8 @@ function primary_useraccount() |
38 | 38 |
if (! ($_SESSION['role'] & ROLE_SYSTEMUSER)) |
39 | 39 |
return NULL; |
40 | 40 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
41 |
- $result = db_query("SELECT MIN(uid) AS uid FROM system.useraccounts WHERE kunde={$customerno}"); |
|
42 |
- $uid = mysql_fetch_object($result)->uid; |
|
41 |
+ $result = DB::query("SELECT MIN(uid) AS uid FROM system.useraccounts WHERE kunde={$customerno}"); |
|
42 |
+ $uid = $result->fetch_object()->uid; |
|
43 | 43 |
DEBUG("primary useraccount: {$uid}"); |
44 | 44 |
return $uid; |
45 | 45 |
} |
... | ... |
@@ -47,9 +47,9 @@ function primary_useraccount() |
47 | 47 |
|
48 | 48 |
function available_shells() |
49 | 49 |
{ |
50 |
- $result = db_query("SELECT path, name FROM system.shells WHERE usable=1"); |
|
50 |
+ $result = DB::query("SELECT path, name FROM system.shells WHERE usable=1"); |
|
51 | 51 |
$ret = array(); |
52 |
- while ($s = mysql_fetch_assoc($result)) |
|
52 |
+ while ($s = $result->fetch_assoc()) |
|
53 | 53 |
{ |
54 | 54 |
$ret[$s['path']] = $s['name']; |
55 | 55 |
} |
... | ... |
@@ -61,9 +61,9 @@ function available_shells() |
61 | 61 |
function list_useraccounts() |
62 | 62 |
{ |
63 | 63 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
64 |
- $result = db_query("SELECT uid,username,name,erstellungsdatum,quota,shell FROM system.useraccounts WHERE kunde={$customerno}"); |
|
64 |
+ $result = DB::query("SELECT uid,username,name,erstellungsdatum,quota,shell FROM system.useraccounts WHERE kunde={$customerno}"); |
|
65 | 65 |
$ret = array(); |
66 |
- while ($item = mysql_fetch_assoc($result)) |
|
66 |
+ while ($item = $result->fetch_assoc()) |
|
67 | 67 |
{ |
68 | 68 |
array_push($ret, $item); |
69 | 69 |
} |
... | ... |
@@ -78,18 +78,18 @@ function get_account_details($uid, $customerno=0) |
78 | 78 |
$customerno = (int) $customerno; |
79 | 79 |
if ($customerno == 0) |
80 | 80 |
$customerno = $_SESSION['customerinfo']['customerno']; |
81 |
- $result = db_query("SELECT uid,username,name,shell,quota,erstellungsdatum FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid}"); |
|
82 |
- if (mysql_num_rows($result) == 0) |
|
81 |
+ $result = DB::query("SELECT uid,username,name,shell,quota,erstellungsdatum FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid}"); |
|
82 |
+ if ($result->num_rows == 0) |
|
83 | 83 |
system_failure("Cannot find the requestes useraccount (for this customer)."); |
84 |
- return mysql_fetch_assoc($result); |
|
84 |
+ return $result->fetch_assoc(); |
|
85 | 85 |
} |
86 | 86 |
|
87 | 87 |
function get_used_quota($uid) |
88 | 88 |
{ |
89 | 89 |
$uid = (int) $uid; |
90 |
- $result = db_query("SELECT s.hostname AS server, systemquota, systemquota_used, mailquota, mailquota_used FROM system.v_quota AS q LEFT JOIN system.servers AS s ON (s.id=q.server) WHERE uid='{$uid}'"); |
|
90 |
+ $result = DB::query("SELECT s.hostname AS server, systemquota, systemquota_used, mailquota, mailquota_used FROM system.v_quota AS q LEFT JOIN system.servers AS s ON (s.id=q.server) WHERE uid='{$uid}'"); |
|
91 | 91 |
$ret = array(); |
92 |
- while ($line = mysql_fetch_assoc($result)) |
|
92 |
+ while ($line = $result->fetch_assoc()) |
|
93 | 93 |
$ret[] = $line; |
94 | 94 |
DEBUG($ret); |
95 | 95 |
return $ret; |
... | ... |
@@ -105,11 +105,11 @@ function set_account_details($account) |
105 | 105 |
else |
106 | 106 |
$customerno = (int) $_SESSION['userinfo']['customerno']; |
107 | 107 |
|
108 |
- $fullname = maybe_null(mysql_real_escape_string(filter_input_general($account['name']))); |
|
109 |
- $shell = mysql_real_escape_string(filter_input_general($account['shell'])); |
|
108 |
+ $fullname = maybe_null(DB::escape(filter_input_general($account['name']))); |
|
109 |
+ $shell = DB::escape(filter_input_general($account['shell'])); |
|
110 | 110 |
$quota = (int) $account['quota']; |
111 | 111 |
|
112 |
- db_query("UPDATE system.useraccounts SET name={$fullname}, quota={$quota}, shell='{$shell}' WHERE kunde={$customerno} AND uid={$uid}"); |
|
112 |
+ DB::query("UPDATE system.useraccounts SET name={$fullname}, quota={$quota}, shell='{$shell}' WHERE kunde={$customerno} AND uid={$uid}"); |
|
113 | 113 |
logger(LOG_INFO, "modules/systemuser/include/useraccounts", "systemuser", "updated details for uid {$uid}"); |
114 | 114 |
|
115 | 115 |
} |
... | ... |
@@ -117,8 +117,8 @@ function set_account_details($account) |
117 | 117 |
function get_customer_quota() |
118 | 118 |
{ |
119 | 119 |
$cid = (int) $_SESSION['customerinfo']['customerno']; |
120 |
- $result = db_query("SELECT SUM(u.quota) AS assigned, cq.quota AS max FROM system.customerquota AS cq INNER JOIN system.useraccounts AS u ON (u.kunde=cq.cid) WHERE cq.cid={$cid}"); |
|
121 |
- $ret = mysql_fetch_assoc($result); |
|
120 |
+ $result = DB::query("SELECT SUM(u.quota) AS assigned, cq.quota AS max FROM system.customerquota AS cq INNER JOIN system.useraccounts AS u ON (u.kunde=cq.cid) WHERE cq.cid={$cid}"); |
|
121 |
+ $ret = $result->fetch_assoc(); |
|
122 | 122 |
DEBUG($ret); |
123 | 123 |
return $ret; |
124 | 124 |
} |
... | ... |
@@ -24,9 +24,9 @@ define("CERT_NOCHAIN", 2); |
24 | 24 |
function user_certs() |
25 | 25 |
{ |
26 | 26 |
$uid = (int) $_SESSION['userinfo']['uid']; |
27 |
- $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=${uid} ORDER BY cn"); |
|
27 |
+ $result = DB::query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=${uid} ORDER BY cn"); |
|
28 | 28 |
$ret = array(); |
29 |
- while ($i = mysql_fetch_assoc($result)) |
|
29 |
+ while ($i = $result->fetch_assoc()) |
|
30 | 30 |
$ret[] = $i; |
31 | 31 |
DEBUG($ret); |
32 | 32 |
return $ret; |
... | ... |
@@ -35,9 +35,9 @@ function user_certs() |
35 | 35 |
function user_csr() |
36 | 36 |
{ |
37 | 37 |
$uid = (int) $_SESSION['userinfo']['uid']; |
38 |
- $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=${uid} ORDER BY hostname"); |
|
38 |
+ $result = DB::query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=${uid} ORDER BY hostname"); |
|
39 | 39 |
$ret = array(); |
40 |
- while ($i = mysql_fetch_assoc($result)) |
|
40 |
+ while ($i = $result->fetch_assoc()) |
|
41 | 41 |
$ret[] = $i; |
42 | 42 |
DEBUG($ret); |
43 | 43 |
return $ret; |
... | ... |
@@ -48,10 +48,10 @@ function cert_details($id) |
48 | 48 |
$id = (int) $id; |
49 | 49 |
$uid = (int) $_SESSION['userinfo']['uid']; |
50 | 50 |
|
51 |
- $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, cert, `key` FROM vhosts.certs WHERE uid={$uid} AND id={$id}"); |
|
52 |
- if (mysql_num_rows($result) != 1) |
|
51 |
+ $result = DB::query("SELECT id, lastchange, valid_from, valid_until, subject, cn, cert, `key` FROM vhosts.certs WHERE uid={$uid} AND id={$id}"); |
|
52 |
+ if ($result->num_rows != 1) |
|
53 | 53 |
system_failure("Ungültiges Zertifikat #{$id}"); |
54 |
- return mysql_fetch_assoc($result); |
|
54 |
+ return $result->fetch_assoc(); |
|
55 | 55 |
} |
56 | 56 |
|
57 | 57 |
|
... | ... |
@@ -60,10 +60,10 @@ function csr_details($id) |
60 | 60 |
$id = (int) $id; |
61 | 61 |
$uid = (int) $_SESSION['userinfo']['uid']; |
62 | 62 |
|
63 |
- $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid={$uid} AND id={$id}"); |
|
64 |
- if (mysql_num_rows($result) != 1) |
|
63 |
+ $result = DB::query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid={$uid} AND id={$id}"); |
|
64 |
+ if ($result->num_rows != 1) |
|
65 | 65 |
system_failure("Ungültiger CSR"); |
66 |
- return mysql_fetch_assoc($result); |
|
66 |
+ return $result->fetch_assoc(); |
|
67 | 67 |
} |
68 | 68 |
|
69 | 69 |
|
... | ... |
@@ -87,11 +87,11 @@ function get_chain($cert) |
87 | 87 |
if (! isset($certdata['issuer']['CN'])) { |
88 | 88 |
return NULL; |
89 | 89 |
} |
90 |
- $issuer = mysql_real_escape_string($certdata['issuer']['CN']); |
|
91 |
- $result = db_query("SELECT id FROM vhosts.certchain WHERE cn='{$issuer}'"); |
|
92 |
- if (mysql_num_rows($result) > 0) |
|
90 |
+ $issuer = DB::escape($certdata['issuer']['CN']); |
|
91 |
+ $result = DB::query("SELECT id FROM vhosts.certchain WHERE cn='{$issuer}'"); |
|
92 |
+ if ($result->num_rows > 0) |
|
93 | 93 |
{ |
94 |
- $c = mysql_fetch_assoc($result); |
|
94 |
+ $c = $result->fetch_assoc(); |
|
95 | 95 |
//$chainfile = '/etc/apache2/certs/chains/'.$c['id'].'.pem'; |
96 | 96 |
DEBUG("identified fitting certificate chain #".$c['id']); |
97 | 97 |
return $c['id']; |
... | ... |
@@ -139,8 +139,8 @@ function validate_certificate($cert, $key) |
139 | 139 |
$chain = (int) get_chain($cert); |
140 | 140 |
if ($chain) |
141 | 141 |
{ |
142 |
- $result = db_query("SELECT content FROM vhosts.certchain WHERE id={$chain}"); |
|
143 |
- $tmp = mysql_fetch_assoc($result); |
|
142 |
+ $result = DB::query("SELECT content FROM vhosts.certchain WHERE id={$chain}"); |
|
143 |
+ $tmp = $result->fetch_assoc(); |
|
144 | 144 |
$chaincert = $tmp['content']; |
145 | 145 |
$chainfile = tempnam(sys_get_temp_dir(), 'webinterface'); |
146 | 146 |
$f = fopen($chainfile, "w"); |
... | ... |
@@ -183,16 +183,16 @@ function save_cert($info, $cert, $key) |
183 | 183 |
{ |
184 | 184 |
openssl_pkey_export($key, $key); |
185 | 185 |
openssl_x509_export($cert, $cert); |
186 |
- $subject = mysql_real_escape_string(filter_input_general($info['subject'])); |
|
187 |
- $cn = mysql_real_escape_string(filter_input_general($info['cn'])); |
|
188 |
- $valid_from = mysql_real_escape_string($info['valid_from']); |
|
189 |
- $valid_until = mysql_real_escape_string($info['valid_until']); |
|
186 |
+ $subject = DB::escape(filter_input_general($info['subject'])); |
|
187 |
+ $cn = DB::escape(filter_input_general($info['cn'])); |
|
188 |
+ $valid_from = DB::escape($info['valid_from']); |
|
189 |
+ $valid_until = DB::escape($info['valid_until']); |
|
190 | 190 |
$chain = maybe_null( get_chain($cert) ); |
191 |
- $cert = mysql_real_escape_string($cert); |
|
192 |
- $key = mysql_real_escape_string($key); |
|
191 |
+ $cert = DB::escape($cert); |
|
192 |
+ $key = DB::escape($key); |
|
193 | 193 |
$uid = (int) $_SESSION['userinfo']['uid']; |
194 | 194 |
|
195 |
- db_query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES ({$uid}, '{$subject}', '{$cn}', '{$valid_from}', '{$valid_until}', {$chain}, '{$cert}', '{$key}')"); |
|
195 |
+ DB::query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES ({$uid}, '{$subject}', '{$cn}', '{$valid_from}', '{$valid_until}', {$chain}, '{$cert}', '{$key}')"); |
|
196 | 196 |
} |
197 | 197 |
|
198 | 198 |
|
... | ... |
@@ -203,19 +203,19 @@ function refresh_cert($id, $info, $cert, $key = NULL) |
203 | 203 |
|
204 | 204 |
$id = (int) $id; |
205 | 205 |
$oldcert = cert_details($id); |
206 |
- $cert = mysql_real_escape_string($cert); |
|
207 |
- $subject = mysql_real_escape_string(filter_input_general($info['subject'])); |
|
208 |
- $cn = mysql_real_escape_string(filter_input_general($info['cn'])); |
|
206 |
+ $cert = DB::escape($cert); |
|
207 |
+ $subject = DB::escape(filter_input_general($info['subject'])); |
|
208 |
+ $cn = DB::escape(filter_input_general($info['cn'])); |
|
209 | 209 |
|
210 |
- $valid_from = mysql_real_escape_string($info['valid_from']); |
|
211 |
- $valid_until = mysql_real_escape_string($info['valid_until']); |
|
210 |
+ $valid_from = DB::escape($info['valid_from']); |
|
211 |
+ $valid_until = DB::escape($info['valid_until']); |
|
212 | 212 |
|
213 | 213 |
$keyop = ''; |
214 | 214 |
if ($key) { |
215 | 215 |
openssl_pkey_export($key, $key); |
216 |
- $keyop = ", `key`='".mysql_real_escape_string($key)."'"; |
|
216 |
+ $keyop = ", `key`='".DB::escape($key)."'"; |
|
217 | 217 |
} |
218 |
- db_query("UPDATE vhosts.certs SET subject='{$subject}', cn='{$cn}', cert='{$cert}'{$keyop}, valid_from='{$valid_from}', valid_until='{$valid_until}', chain={$chain} WHERE id={$id} LIMIT 1"); |
|
218 |
+ DB::query("UPDATE vhosts.certs SET subject='{$subject}', cn='{$cn}', cert='{$cert}'{$keyop}, valid_from='{$valid_from}', valid_until='{$valid_until}', chain={$chain} WHERE id={$id} LIMIT 1"); |
|
219 | 219 |
} |
220 | 220 |
|
221 | 221 |
|
... | ... |
@@ -224,7 +224,7 @@ function delete_cert($id) |
224 | 224 |
$uid = (int) $_SESSION['userinfo']['uid']; |
225 | 225 |
$id = (int) $id; |
226 | 226 |
|
227 |
- db_query("DELETE FROM vhosts.certs WHERE uid={$uid} AND id={$id} LIMIT 1"); |
|
227 |
+ DB::query("DELETE FROM vhosts.certs WHERE uid={$uid} AND id={$id} LIMIT 1"); |
|
228 | 228 |
} |
229 | 229 |
|
230 | 230 |
function delete_csr($id) |
... | ... |
@@ -232,7 +232,7 @@ function delete_csr($id) |
232 | 232 |
$uid = (int) $_SESSION['userinfo']['uid']; |
233 | 233 |
$id = (int) $id; |
234 | 234 |
|
235 |
- db_query("DELETE FROM vhosts.csr WHERE uid={$uid} AND id={$id} LIMIT 1"); |
|
235 |
+ DB::query("DELETE FROM vhosts.csr WHERE uid={$uid} AND id={$id} LIMIT 1"); |
|
236 | 236 |
} |
237 | 237 |
|
238 | 238 |
|
... | ... |
@@ -304,13 +304,13 @@ function save_csr($cn, $bits, $replace=NULL) |
304 | 304 |
list($csr, $key) = create_csr($cn, $bits); |
305 | 305 |
|
306 | 306 |
$uid = (int) $_SESSION['userinfo']['uid']; |
307 |
- $cn = mysql_real_escape_string(filter_input_hostname($cn, true)); |
|
307 |
+ $cn = DB::escape(filter_input_hostname($cn, true)); |
|
308 | 308 |
$bits = (int) $bits; |
309 | 309 |
$replace = ($replace ? (int) $replace : 'NULL'); |
310 |
- $csr = mysql_real_escape_string($csr); |
|
311 |
- $key = mysql_real_escape_string($key); |
|
312 |
- db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES ({$uid}, '{$cn}', {$bits}, {$replace}, '{$csr}', '{$key}')"); |
|
313 |
- $id = mysql_insert_id(); |
|
310 |
+ $csr = DB::escape($csr); |
|
311 |
+ $key = DB::escape($key); |
|
312 |
+ DB::query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES ({$uid}, '{$cn}', {$bits}, {$replace}, '{$csr}', '{$key}')"); |
|
313 |
+ $id = DB::insert_id(); |
|
314 | 314 |
return $id; |
315 | 315 |
} |
316 | 316 |
|
... | ... |
@@ -26,15 +26,15 @@ require_once("certs.php"); |
26 | 26 |
function traffic_month($vhost_id) |
27 | 27 |
{ |
28 | 28 |
$vhost_id = (int) $vhost_id; |
29 |
- $result = db_query("SELECT sum(mb_in+mb_out) as mb FROM vhosts.traffic where date > CURDATE() - INTERVAL 1 MONTH AND vhost_id = {$vhost_id}"); |
|
30 |
- $data = mysql_fetch_assoc($result); |
|
29 |
+ $result = DB::query("SELECT sum(mb_in+mb_out) as mb FROM vhosts.traffic where date > CURDATE() - INTERVAL 1 MONTH AND vhost_id = {$vhost_id}"); |
|
30 |
+ $data = $result->fetch_assoc(); |
|
31 | 31 |
return $data['mb']; |
32 | 32 |
} |
33 | 33 |
|
34 | 34 |
function autoipv6_address($vhost_id, $mode = 1) |
35 | 35 |
{ |
36 |
- $result = db_query("SELECT uid, v6_prefix FROM vhosts.v_vhost LEFT JOIN system.servers ON (servers.hostname = server) WHERE v_vhost.id={$vhost_id}"); |
|
37 |
- $data = mysql_fetch_assoc($result); |
|
36 |
+ $result = DB::query("SELECT uid, v6_prefix FROM vhosts.v_vhost LEFT JOIN system.servers ON (servers.hostname = server) WHERE v_vhost.id={$vhost_id}"); |
|
37 |
+ $data = $result->fetch_assoc(); |
|
38 | 38 |
if (!$data['v6_prefix']) |
39 | 39 |
{ |
40 | 40 |
warning("IPv6-Adresse nicht verfügbar, Server unterstützt kein IPv6"); |
... | ... |
@@ -53,9 +53,9 @@ function autoipv6_address($vhost_id, $mode = 1) |
53 | 53 |
function list_vhosts() |
54 | 54 |
{ |
55 | 55 |
$uid = (int) $_SESSION['userinfo']['uid']; |
56 |
- $result = db_query("SELECT vh.id,fqdn,domain,docroot,docroot_is_default,php,cgi,vh.certid AS cert, vh.ssl, vh.options,logtype,errorlog,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp, stats FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} ORDER BY domain,hostname"); |
|
56 |
+ $result = DB::query("SELECT vh.id,fqdn,domain,docroot,docroot_is_default,php,cgi,vh.certid AS cert, vh.ssl, vh.options,logtype,errorlog,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp, stats FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} ORDER BY domain,hostname"); |
|
57 | 57 |
$ret = array(); |
58 |
- while ($item = mysql_fetch_assoc($result)) |
|
58 |
+ while ($item = $result->fetch_assoc()) |
|
59 | 59 |
array_push($ret, $item); |
60 | 60 |
return $ret; |
61 | 61 |
} |
... | ... |
@@ -63,9 +63,9 @@ function list_vhosts() |
63 | 63 |
function ipv6_possible($server) |
64 | 64 |
{ |
65 | 65 |
$serverid = (int) $server; |
66 |
- $servername = mysql_real_escape_string($server); |
|
67 |
- $result = db_query("SELECT v6_prefix FROM system.servers WHERE id={$serverid} OR hostname='{$servername}'"); |
|
68 |
- $line = mysql_fetch_assoc($result); |
|
66 |
+ $servername = DB::escape($server); |
|
67 |
+ $result = DB::query("SELECT v6_prefix FROM system.servers WHERE id={$serverid} OR hostname='{$servername}'"); |
|
68 |
+ $line = $result->fetch_assoc(); |
|
69 | 69 |
DEBUG("Server {$server} is v6-capable: ". ($line['v6_prefix'] != NULL)); |
70 | 70 |
return ($line['v6_prefix'] != NULL); |
71 | 71 |
} |
... | ... |
@@ -141,11 +141,11 @@ function get_vhost_details($id) |
141 | 141 |
{ |
142 | 142 |
$id = (int) $id; |
143 | 143 |
$uid = (int) $_SESSION['userinfo']['uid']; |
144 |
- $result = db_query("SELECT vh.*,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} AND vh.id={$id}"); |
|
145 |
- if (mysql_num_rows($result) != 1) |
|
144 |
+ $result = DB::query("SELECT vh.*,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} AND vh.id={$id}"); |
|
145 |
+ if ($result->num_rows != 1) |
|
146 | 146 |
system_failure('Interner Fehler beim Auslesen der Daten'); |
147 | 147 |
|
148 |
- $ret = mysql_fetch_assoc($result); |
|
148 |
+ $ret = $result->fetch_assoc(); |
|
149 | 149 |
|
150 | 150 |
$ret['server'] = $ret['server_id']; |
151 | 151 |
DEBUG($ret); |
... | ... |
@@ -155,9 +155,9 @@ function get_vhost_details($id) |
155 | 155 |
|
156 | 156 |
function get_aliases($vhost) |
157 | 157 |
{ |
158 |
- $result = db_query("SELECT id,fqdn,options FROM vhosts.v_alias WHERE vhost={$vhost}"); |
|
158 |
+ $result = DB::query("SELECT id,fqdn,options FROM vhosts.v_alias WHERE vhost={$vhost}"); |
|
159 | 159 |
$ret = array(); |
160 |
- while ($item = mysql_fetch_assoc($result)) { |
|
160 |
+ while ($item = $result->fetch_assoc()) { |
|
161 | 161 |
array_push($ret, $item); |
162 | 162 |
} |
163 | 163 |
return $ret; |
... | ... |
@@ -185,9 +185,9 @@ function get_all_aliases($vhost) |
185 | 185 |
|
186 | 186 |
function list_available_webapps() |
187 | 187 |
{ |
188 |
- $result = db_query("SELECT id,displayname FROM vhosts.global_webapps"); |
|
188 |
+ $result = DB::query("SELECT id,displayname FROM vhosts.global_webapps"); |
|
189 | 189 |
$ret = array(); |
190 |
- while ($item = mysql_fetch_assoc($result)) |
|
190 |
+ while ($item = $result->fetch_assoc()) |
|
191 | 191 |
array_push($ret, $item); |
192 | 192 |
return $ret; |
193 | 193 |
} |
... | ... |
@@ -200,7 +200,7 @@ function delete_vhost($id) |
200 | 200 |
system_failure("id == 0"); |
201 | 201 |
$vhost = get_vhost_details($id); |
202 | 202 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Removing vhost #'.$id.' ('.$vhost['hostname'].'.'.$vhost['domain'].')'); |
203 |
- db_query("DELETE FROM vhosts.vhost WHERE id={$vhost['id']} LIMIT 1"); |
|
203 |
+ DB::query("DELETE FROM vhosts.vhost WHERE id={$vhost['id']} LIMIT 1"); |
|
204 | 204 |
} |
205 | 205 |
|
206 | 206 |
|
... | ... |
@@ -211,8 +211,8 @@ function make_svn_vhost($id) |
211 | 211 |
if ($id == 0) |
212 | 212 |
system_failure("id == 0"); |
213 | 213 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to SVN'); |
214 |
- db_query("REPLACE INTO vhosts.dav (vhost, type) VALUES ({$id}, 'svn')"); |
|
215 |
- db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}"); |
|
214 |
+ DB::query("REPLACE INTO vhosts.dav (vhost, type) VALUES ({$id}, 'svn')"); |
|
215 |
+ DB::query("DELETE FROM vhosts.webapps WHERE vhost={$id}"); |
|
216 | 216 |
} |
217 | 217 |
|
218 | 218 |
function make_dav_vhost($id) |
... | ... |
@@ -221,8 +221,8 @@ function make_dav_vhost($id) |
221 | 221 |
if ($id == 0) |
222 | 222 |
system_failure("id == 0"); |
223 | 223 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to WebDAV'); |
224 |
- db_query("REPLACE INTO vhosts.dav (vhost, type, options) VALUES ({$id}, 'dav', 'nouserfile')"); |
|
225 |
- db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}"); |
|
224 |
+ DB::query("REPLACE INTO vhosts.dav (vhost, type, options) VALUES ({$id}, 'dav', 'nouserfile')"); |
|
225 |
+ DB::query("DELETE FROM vhosts.webapps WHERE vhost={$id}"); |
|
226 | 226 |
} |
227 | 227 |
|
228 | 228 |
function make_regular_vhost($id) |
... | ... |
@@ -231,8 +231,8 @@ function make_regular_vhost($id) |
231 | 231 |
if ($id == 0) |
232 | 232 |
system_failure("id == 0"); |
233 | 233 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Converting vhost #'.$id.' to regular'); |
234 |
- db_query("DELETE FROM vhosts.dav WHERE vhost={$id}"); |
|
235 |
- db_query("DELETE FROM vhosts.webapps WHERE vhost={$id}"); |
|
234 |
+ DB::query("DELETE FROM vhosts.dav WHERE vhost={$id}"); |
|
235 |
+ DB::query("DELETE FROM vhosts.webapps WHERE vhost={$id}"); |
|
236 | 236 |
} |
237 | 237 |
|
238 | 238 |
|
... | ... |
@@ -242,12 +242,12 @@ function make_webapp_vhost($id, $webapp) |
242 | 242 |
$webapp = (int) $webapp; |
243 | 243 |
if ($id == 0) |
244 | 244 |
system_failure("id == 0"); |
245 |
- $result = db_query("SELECT displayname FROM vhosts.global_webapps WHERE id={$webapp};"); |
|
246 |
- if (mysql_num_rows($result) == 0) |
|
245 |
+ $result = DB::query("SELECT displayname FROM vhosts.global_webapps WHERE id={$webapp};"); |
|
246 |
+ if ($result->num_rows == 0) |
|
247 | 247 |
system_failure("webapp-id invalid"); |
248 |
- $webapp_name = mysql_fetch_object($result)->displayname; |
|
248 |
+ $webapp_name = $result->fetch_object()->displayname; |
|
249 | 249 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Setting up webapp '.$webapp_name.' on vhost #'.$id); |
250 |
- db_query("REPLACE INTO vhosts.webapps (vhost, webapp) VALUES ({$id}, {$webapp})"); |
|
250 |
+ DB::query("REPLACE INTO vhosts.webapps (vhost, webapp) VALUES ({$id}, {$webapp})"); |
|
251 | 251 |
mail('webapps-setup@schokokeks.org', 'setup', 'setup'); |
252 | 252 |
} |
253 | 253 |
|
... | ... |
@@ -256,7 +256,7 @@ function check_hostname_collision($hostname, $domain) |
256 | 256 |
{ |
257 | 257 |
$uid = (int) $_SESSION['userinfo']['uid']; |
258 | 258 |
# Neuer vhost => Prüfe Duplikat |
259 |
- $hostnamecheck = "hostname='".mysql_real_escape_string($hostname)."'"; |
|
259 |
+ $hostnamecheck = "hostname='".DB::escape($hostname)."'"; |
|
260 | 260 |
if (! $hostname) { |
261 | 261 |
$hostnamecheck = "hostname IS NULL"; |
262 | 262 |
} |
... | ... |
@@ -264,16 +264,16 @@ function check_hostname_collision($hostname, $domain) |
264 | 264 |
if ($domain == -1) { |
265 | 265 |
$domaincheck = "domain IS NULL AND user={$uid}"; |
266 | 266 |
} |
267 |
- $result = db_query("SELECT id FROM vhosts.vhost WHERE {$hostnamecheck} AND {$domaincheck}"); |
|
268 |
- if (mysql_num_rows($result) > 0) { |
|
267 |
+ $result = DB::query("SELECT id FROM vhosts.vhost WHERE {$hostnamecheck} AND {$domaincheck}"); |
|
268 |
+ if ($result->num_rows > 0) { |
|
269 | 269 |
system_failure('Eine Konfiguration mit diesem Namen gibt es bereits.'); |
270 | 270 |
} |
271 | 271 |
if ($domain == -1) { |
272 | 272 |
return ; |
273 | 273 |
} |
274 |
- $result = db_query("SELECT id, vhost FROM vhosts.alias WHERE {$hostnamecheck} AND {$domaincheck}"); |
|
275 |
- if (mysql_num_rows($result) > 0) { |
|
276 |
- $data = mysql_fetch_assoc($result); |
|
274 |
+ $result = DB::query("SELECT id, vhost FROM vhosts.alias WHERE {$hostnamecheck} AND {$domaincheck}"); |
|
275 |
+ if ($result->num_rows > 0) { |
|
276 |
+ $data = $result->fetch_assoc(); |
|
277 | 277 |
$vh = get_vhost_details($data['vhost']); |
278 | 278 |
system_failure('Dieser Hostname ist bereits als Alias für »'.$vh['fqdn'].'« eingerichtet'); |
279 | 279 |
} |
... | ... |
@@ -319,7 +319,7 @@ function save_vhost($vhost) |
319 | 319 |
if (! $vhost['options']) $vhost['options']='nodocroot'; |
320 | 320 |
else $vhost['options']+=",nodocroot"; |
321 | 321 |
} |
322 |
- $options = mysql_real_escape_string( $vhost['options'] ); |
|
322 |
+ $options = DB::escape( $vhost['options'] ); |
|
323 | 323 |
|
324 | 324 |
$cert = 0; |
325 | 325 |
$certs = user_certs(); |
... | ... |
@@ -345,12 +345,12 @@ function save_vhost($vhost) |
345 | 345 |
|
346 | 346 |
if ($id != 0) { |
347 | 347 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Updating vhost #'.$id.' ('.$vhost['hostname'].'.'.$vhost['domain'].')'); |
348 |
- db_query("UPDATE vhosts.vhost SET hostname={$hostname}, domain={$domain}, docroot={$docroot}, php={$php}, cgi={$cgi}, `ssl`={$ssl}, `suexec_user`={$suexec_user}, `server`={$server}, logtype={$logtype}, errorlog={$errorlog}, certid={$cert}, ipv4={$ipv4}, autoipv6={$autoipv6}, options='{$options}', stats={$stats} WHERE id={$id} LIMIT 1"); |
|
348 |
+ DB::query("UPDATE vhosts.vhost SET hostname={$hostname}, domain={$domain}, docroot={$docroot}, php={$php}, cgi={$cgi}, `ssl`={$ssl}, `suexec_user`={$suexec_user}, `server`={$server}, logtype={$logtype}, errorlog={$errorlog}, certid={$cert}, ipv4={$ipv4}, autoipv6={$autoipv6}, options='{$options}', stats={$stats} WHERE id={$id} LIMIT 1"); |
|
349 | 349 |
} |
350 | 350 |
else { |
351 | 351 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Creating vhost '.$vhost['hostname'].'.'.$vhost['domain'].''); |
352 |
- $result = db_query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options, stats) VALUES ({$_SESSION['userinfo']['uid']}, {$hostname}, {$domain}, {$docroot}, {$php}, {$cgi}, {$ssl}, {$suexec_user}, {$server}, {$logtype}, {$errorlog}, {$cert}, {$ipv4}, {$autoipv6}, '{$options}', {$stats})"); |
|
353 |
- $id = mysql_insert_id(); |
|
352 |
+ $result = DB::query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options, stats) VALUES ({$_SESSION['userinfo']['uid']}, {$hostname}, {$domain}, {$docroot}, {$php}, {$cgi}, {$ssl}, {$suexec_user}, {$server}, {$logtype}, {$errorlog}, {$cert}, {$ipv4}, {$autoipv6}, '{$options}', {$stats})"); |
|
353 |
+ $id = DB::insert_id(); |
|
354 | 354 |
} |
355 | 355 |
$oldvhost = get_vhost_details($id); |
356 | 356 |
/* |
... | ... |
@@ -372,12 +372,12 @@ function get_alias_details($id) |
372 | 372 |
{ |
373 | 373 |
$id = (int) $id; |
374 | 374 |
$uid = (int) $_SESSION['userinfo']['uid']; |
375 |
- $result = db_query("SELECT * FROM vhosts.v_alias WHERE id={$id}"); |
|
375 |
+ $result = DB::query("SELECT * FROM vhosts.v_alias WHERE id={$id}"); |
|
376 | 376 |
|
377 |
- if (mysql_num_rows($result) != 1) |
|
377 |
+ if ($result->num_rows != 1) |
|
378 | 378 |
system_failure('Interner Fehler beim Auslesen der Alias-Daten'); |
379 | 379 |
|
380 |
- $alias = mysql_fetch_assoc($result); |
|
380 |
+ $alias = $result->fetch_assoc(); |
|
381 | 381 |
|
382 | 382 |
if ($alias['domain_id'] == NULL) { |
383 | 383 |
$alias['domain_id'] = -1; |
... | ... |
@@ -396,7 +396,7 @@ function delete_alias($id) |
396 | 396 |
$alias = get_alias_details($id); |
397 | 397 |
|
398 | 398 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Removing alias #'.$id.' ('.$alias['hostname'].'.'.$alias['domain'].')'); |
399 |
- db_query("DELETE FROM vhosts.alias WHERE id={$id}"); |
|
399 |
+ DB::query("DELETE FROM vhosts.alias WHERE id={$id}"); |
|
400 | 400 |
} |
401 | 401 |
|
402 | 402 |
function save_alias($alias) |
... | ... |
@@ -411,14 +411,14 @@ function save_alias($alias) |
411 | 411 |
if ($alias['domain_id'] == -1) |
412 | 412 |
$domain = 'NULL'; |
413 | 413 |
$vhost = get_vhost_details( (int) $alias['vhost']); |
414 |
- $options = mysql_real_escape_string( $alias['options'] ); |
|
414 |
+ $options = DB::escape( $alias['options'] ); |
|
415 | 415 |
if ($id == 0) { |
416 | 416 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Creating alias '.$alias['hostname'].'.'.$alias['domain'].' for VHost '.$vhost['id']); |
417 |
- db_query("INSERT INTO vhosts.alias (hostname, domain, vhost, options) VALUES ({$hostname}, {$domain}, {$vhost['id']}, '{$options}')"); |
|
417 |
+ DB::query("INSERT INTO vhosts.alias (hostname, domain, vhost, options) VALUES ({$hostname}, {$domain}, {$vhost['id']}, '{$options}')"); |
|
418 | 418 |
} |
419 | 419 |
else { |
420 | 420 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Updating alias #'.$id.' ('.$alias['hostname'].'.'.$alias['domain'].')'); |
421 |
- db_query("UPDATE vhosts.alias SET hostname={$hostname}, domain={$domain}, options='{$options}' WHERE id={$id} LIMIT 1"); |
|
421 |
+ DB::query("UPDATE vhosts.alias SET hostname={$hostname}, domain={$domain}, options='{$options}' WHERE id={$id} LIMIT 1"); |
|
422 | 422 |
} |
423 | 423 |
} |
424 | 424 |
|
... | ... |
@@ -426,9 +426,9 @@ function save_alias($alias) |
426 | 426 |
function available_suexec_users() |
427 | 427 |
{ |
428 | 428 |
$uid = (int) $_SESSION['userinfo']['uid']; |
429 |
- $result = db_query("SELECT uid, username FROM vhosts.available_users LEFT JOIN vhosts.v_useraccounts ON (uid = suexec_user) WHERE mainuser={$uid}"); |
|
429 |
+ $result = DB::query("SELECT uid, username FROM vhosts.available_users LEFT JOIN vhosts.v_useraccounts ON (uid = suexec_user) WHERE mainuser={$uid}"); |
|
430 | 430 |
$ret = array(); |
431 |
- while ($i = mysql_fetch_assoc($result)) |
|
431 |
+ while ($i = $result->fetch_assoc()) |
|
432 | 432 |
$ret[] = $i; |
433 | 433 |
DEBUG('available suexec-users:'); |
434 | 434 |
DEBUG($ret); |
... | ... |
@@ -440,9 +440,9 @@ function available_suexec_users() |
440 | 440 |
function user_ipaddrs() |
441 | 441 |
{ |
442 | 442 |
$uid = (int) $_SESSION['userinfo']['uid']; |
443 |
- $result = db_query("SELECT ipaddr FROM vhosts.ipaddr_available WHERE uid={$uid}"); |
|
443 |
+ $result = DB::query("SELECT ipaddr FROM vhosts.ipaddr_available WHERE uid={$uid}"); |
|
444 | 444 |
$ret = array(); |
445 |
- while ($i = mysql_fetch_assoc($result)) |
|
445 |
+ while ($i = $result->fetch_assoc()) |
|
446 | 446 |
{ |
447 | 447 |
$ret[] = $i['ipaddr']; |
448 | 448 |
} |
... | ... |
@@ -27,13 +27,13 @@ $uid = (int) $_SESSION['userinfo']['uid']; |
27 | 27 |
|
28 | 28 |
if (isset($_POST['freq']) && in_array($_POST['freq'],array("day","week","month"))) { |
29 | 29 |
check_form_token('freewvs_freq'); |
30 |
- db_query("REPLACE INTO qatools.freewvs (user,freq) VALUES ({$uid},'{$_POST['freq']}');"); |
|
30 |
+ DB::query("REPLACE INTO qatools.freewvs (user,freq) VALUES ({$uid},'{$_POST['freq']}');"); |
|
31 | 31 |
header("Location: freewvs"); |
32 | 32 |
die(); |
33 | 33 |
} |
34 | 34 |
|
35 |
-$result = db_query("SELECT freq FROM qatools.v_freewvs WHERE uid={$uid};"); |
|
36 |
-$result=mysql_fetch_assoc($result); |
|
35 |
+$result = DB::query("SELECT freq FROM qatools.v_freewvs WHERE uid={$uid};"); |
|
36 |
+$result=$result->fetch_assoc(); |
|
37 | 37 |
$freq=$result['freq']; |
38 | 38 |
|
39 | 39 |
headline('Überprüfung Ihrer Web-Anwendungen auf Sicherheitslücken'); |
... | ... |
@@ -20,19 +20,19 @@ require_once('inc/base.php'); |
20 | 20 |
function load_results() |
21 | 21 |
{ |
22 | 22 |
$uid = (int) $_SESSION['userinfo']['uid']; |
23 |
- $result = db_query("SELECT directory, docroot, lastcheck, appname, version, state, safeversion, vulninfo FROM qatools.freewvs_results WHERE uid={$uid}"); |
|
23 |
+ $result = DB::query("SELECT directory, docroot, lastcheck, appname, version, state, safeversion, vulninfo FROM qatools.freewvs_results WHERE uid={$uid}"); |
|
24 | 24 |
$ret = array(); |
25 |
- while ($line = mysql_fetch_assoc($result)) { |
|
25 |
+ while ($line = $result->fetch_assoc()) { |
|
26 | 26 |
array_push($ret, $line); |
27 | 27 |
} |
28 | 28 |
return $ret; |
29 | 29 |
} |
30 | 30 |
|
31 | 31 |
function get_upgradeinstructions($appname) { |
32 |
- $appname = mysql_real_escape_string($appname); |
|
33 |
- $result = db_query("SELECT url FROM qatools.freewvs_upgradeinstructions WHERE appname='{$appname}' LIMIT 1"); |
|
34 |
- if (mysql_num_rows($result) > 0) { |
|
35 |
- $tmp = mysql_fetch_array($result); |
|
32 |
+ $appname = DB::escape($appname); |
|
33 |
+ $result = DB::query("SELECT url FROM qatools.freewvs_upgradeinstructions WHERE appname='{$appname}' LIMIT 1"); |
|
34 |
+ if ($result->num_rows > 0) { |
|
35 |
+ $tmp = $result->fetch_array(); |
|
36 | 36 |
return $tmp[0]; |
37 | 37 |
} |
38 | 38 |
return NULL; |
... | ... |
@@ -20,12 +20,12 @@ function create_new_webapp($appname, $directory, $url, $data) |
20 | 20 |
{ |
21 | 21 |
if (directory_in_use($directory)) |
22 | 22 |
system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.'); |
23 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
24 |
- $appname = mysql_real_escape_string($appname); |
|
25 |
- $directory = mysql_real_escape_string($directory); |
|
26 |
- $url = mysql_real_escape_string($url); |
|
27 |
- $data = mysql_real_escape_string($data); |
|
28 |
- db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')"); |
|
23 |
+ $username = DB::escape($_SESSION['userinfo']['username']); |
|
24 |
+ $appname = DB::escape($appname); |
|
25 |
+ $directory = DB::escape($directory); |
|
26 |
+ $url = DB::escape($url); |
|
27 |
+ $data = DB::escape($data); |
|
28 |
+ DB::query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')"); |
|
29 | 29 |
} |
30 | 30 |
|
31 | 31 |
|
... | ... |
@@ -33,18 +33,18 @@ function request_update($appname, $directory, $url) |
33 | 33 |
{ |
34 | 34 |
if (directory_in_use($directory)) |
35 | 35 |
system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.'); |
36 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
37 |
- $appname = mysql_real_escape_string($appname); |
|
38 |
- $directory = mysql_real_escape_string($directory); |
|
39 |
- $url = maybe_null(mysql_real_escape_string($url)); |
|
40 |
- db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')"); |
|
36 |
+ $username = DB::escape($_SESSION['userinfo']['username']); |
|
37 |
+ $appname = DB::escape($appname); |
|
38 |
+ $directory = DB::escape($directory); |
|
39 |
+ $url = maybe_null(DB::escape($url)); |
|
40 |
+ DB::query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')"); |
|
41 | 41 |
} |
42 | 42 |
|
43 | 43 |
function directory_in_use($directory) |
44 | 44 |
{ |
45 |
- $directory = mysql_real_escape_string($directory); |
|
46 |
- $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'"); |
|
47 |
- if (mysql_num_rows($result) > 0) |
|
45 |
+ $directory = DB::escape($directory); |
|
46 |
+ $result = DB::query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'"); |
|
47 |
+ if ($result->num_rows > 0) |
|
48 | 48 |
return true; |
49 | 49 |
return false; |
50 | 50 |
} |
... | ... |
@@ -101,15 +101,15 @@ function get_url_for_dir($docroot, $cutoff = '') |
101 | 101 |
{ |
102 | 102 |
if (substr($docroot, -1) == '/') |
103 | 103 |
$docroot = substr($docroot, 0, -1); |
104 |
- $docroot = mysql_real_escape_string($docroot); |
|
105 |
- $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1"); |
|
106 |
- if (mysql_num_rows($result) < 1) |
|
104 |
+ $docroot = DB::escape($docroot); |
|
105 |
+ $result = DB::query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1"); |
|
106 |
+ if ($result->num_rows < 1) |
|
107 | 107 |
{ |
108 | 108 |
if (!strstr($docroot, '/')) |
109 | 109 |
return NULL; |
110 | 110 |
return get_url_for_dir(substr($docroot, 0, strrpos($docroot, '/')), substr($docroot, strrpos($docroot, '/')).$cutoff); |
111 | 111 |
} |
112 |
- $tmp = mysql_fetch_assoc($result); |
|
112 |
+ $tmp = $result->fetch_assoc(); |
|
113 | 113 |
$prefix = 'http://'; |
114 | 114 |
if ($tmp['ssl'] == 'forward' || $tmp['ssl'] == 'https') |
115 | 115 |
$prefix = 'https://'; |
... | ... |
@@ -122,7 +122,7 @@ function create_webapp_mysqldb($application, $sitename) |
122 | 122 |
// dependet auf das mysql-modul |
123 | 123 |
require_once('modules/mysql/include/mysql.php'); |
124 | 124 |
|
125 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
125 |
+ $username = DB::escape($_SESSION['userinfo']['username']); |
|
126 | 126 |
$description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})"; |
127 | 127 |
|
128 | 128 |
// zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt |
... | ... |
@@ -16,10 +16,10 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
16 | 16 |
|
17 | 17 |
function account_has_totp($username) |
18 | 18 |
{ |
19 |
- $username = mysql_real_escape_string($username); |
|
20 |
- $result = db_query("SELECT id FROM mail.webmail_totp WHERE email='{$username}'"); |
|
21 |
- if (mysql_num_rows($result) > 0) { |
|
22 |
- $tmp = mysql_fetch_assoc($result); |
|
19 |
+ $username = DB::escape($username); |
|
20 |
+ $result = DB::query("SELECT id FROM mail.webmail_totp WHERE email='{$username}'"); |
|
21 |
+ if ($result->num_rows > 0) { |
|
22 |
+ $tmp = $result->fetch_assoc(); |
|
23 | 23 |
$id = $tmp['id']; |
24 | 24 |
return $id; |
25 | 25 |
} else { |
... | ... |
@@ -31,13 +31,13 @@ function account_has_totp($username) |
31 | 31 |
|
32 | 32 |
function validate_password($username, $password) |
33 | 33 |
{ |
34 |
- $username = mysql_real_escape_string($username); |
|
35 |
- $result = db_query("SELECT account, cryptpass FROM mail.courier_mailaccounts WHERE account='{$username}' UNION SELECT account, cryptpass FROM mail.courier_virtual_accounts WHERE account='{$username}'"); |
|
36 |
- if (mysql_num_rows($result) != 1) { |
|
34 |
+ $username = DB::escape($username); |
|
35 |
+ $result = DB::query("SELECT account, cryptpass FROM mail.courier_mailaccounts WHERE account='{$username}' UNION SELECT account, cryptpass FROM mail.courier_virtual_accounts WHERE account='{$username}'"); |
|
36 |
+ if ($result->num_rows != 1) { |
|
37 | 37 |
// Kein Account mit dem Namen oder Name nicht eindeutig |
38 | 38 |
return false; |
39 | 39 |
} |
40 |
- $account = mysql_fetch_assoc($result); |
|
40 |
+ $account = $result->fetch_assoc(); |
|
41 | 41 |
return (crypt($password, $account['cryptpass']) == $account['cryptpass']); |
42 | 42 |
} |
43 | 43 |
|
... | ... |
@@ -63,7 +63,7 @@ function store_webmail_password($username, $oldpw, $newpw) |
63 | 63 |
|
64 | 64 |
$uid = (int) $_SESSION['userinfo']['uid']; |
65 | 65 |
|
66 |
- db_query("REPLACE INTO mail.webmail_totp (useraccount, email, webmailpass) VALUES ({$uid}, '{$username}', '{$code}')"); |
|
66 |
+ DB::query("REPLACE INTO mail.webmail_totp (useraccount, email, webmailpass) VALUES ({$uid}, '{$username}', '{$code}')"); |
|
67 | 67 |
} |
68 | 68 |
|
69 | 69 |
|
... | ... |
@@ -87,9 +87,9 @@ function decode_webmail_password($crypted, $webmailpw) |
87 | 87 |
|
88 | 88 |
|
89 | 89 |
function get_imap_password($username, $webmailpass) { |
90 |
- $username = mysql_real_escape_string($username); |
|
91 |
- $result = db_query("SELECT webmailpass FROM mail.webmail_totp WHERE email='{$username}'"); |
|
92 |
- $tmp = mysql_fetch_assoc($result); |
|
90 |
+ $username = DB::escape($username); |
|
91 |
+ $result = DB::query("SELECT webmailpass FROM mail.webmail_totp WHERE email='{$username}'"); |
|
92 |
+ $tmp = $result->fetch_assoc(); |
|
93 | 93 |
|
94 | 94 |
$crypted = $tmp['webmailpass']; |
95 | 95 |
|
... | ... |
@@ -107,22 +107,22 @@ function check_webmail_password($username, $webmailpass) |
107 | 107 |
|
108 | 108 |
function generate_secret($username) |
109 | 109 |
{ |
110 |
- $username = mysql_real_escape_string($username); |
|
110 |
+ $username = DB::escape($username); |
|
111 | 111 |
require_once('external/googleauthenticator/GoogleAuthenticator.php'); |
112 | 112 |
$ga = new PHPGangsta_GoogleAuthenticator(); |
113 | 113 |
|
114 | 114 |
$secret = $ga->createSecret(); |
115 | 115 |
DEBUG('GA-Secret: '.$secret); |
116 | 116 |
DEBUG('QrCode: '.$ga->getQRCodeGoogleUrl('Blog', $secret)); |
117 |
- db_query("UPDATE mail.webmail_totp SET totp_secret='{$secret}' WHERE email='{$username}'"); |
|
117 |
+ DB::query("UPDATE mail.webmail_totp SET totp_secret='{$secret}' WHERE email='{$username}'"); |
|
118 | 118 |
return $secret; |
119 | 119 |
} |
120 | 120 |
|
121 | 121 |
function check_locked($username) |
122 | 122 |
{ |
123 |
- $username = mysql_real_escape_string($username); |
|
124 |
- $result = db_query("SELECT 1 FROM mail.webmail_totp WHERE unlock_timestamp IS NOT NULL and unlock_timestamp > NOW() AND email='{$username}'"); |
|
125 |
- return (mysql_num_rows($result) > 0); |
|
123 |
+ $username = DB::escape($username); |
|
124 |
+ $result = DB::query("SELECT 1 FROM mail.webmail_totp WHERE unlock_timestamp IS NOT NULL and unlock_timestamp > NOW() AND email='{$username}'"); |
|
125 |
+ return ($result->num_rows > 0); |
|
126 | 126 |
} |
127 | 127 |
|
128 | 128 |
function check_totp($username, $code) { |
... | ... |
@@ -131,10 +131,10 @@ function check_totp($username, $code) { |
131 | 131 |
return false; |
132 | 132 |
} |
133 | 133 |
|
134 |
- $username = mysql_real_escape_string($username); |
|
134 |
+ $username = DB::escape($username); |
|
135 | 135 |
|
136 |
- $result = db_query("SELECT totp_secret, failures FROM mail.webmail_totp WHERE email='{$username}' AND (unlock_timestamp IS NULL OR unlock_timestamp <= NOW())"); |
|
137 |
- $tmp = mysql_fetch_assoc($result); |
|
136 |
+ $result = DB::query("SELECT totp_secret, failures FROM mail.webmail_totp WHERE email='{$username}' AND (unlock_timestamp IS NULL OR unlock_timestamp <= NOW())"); |
|
137 |
+ $tmp = $result->fetch_assoc(); |
|
138 | 138 |
$secret = $tmp['totp_secret']; |
139 | 139 |
|
140 | 140 |
require_once('external/googleauthenticator/GoogleAuthenticator.php'); |
... | ... |
@@ -142,14 +142,14 @@ function check_totp($username, $code) { |
142 | 142 |
|
143 | 143 |
$checkResult = $ga->verifyCode($secret, $code, 2); // 2 = 2*30sec clock tolerance |
144 | 144 |
if ($checkResult) { |
145 |
- db_query("UPDATE mail.webmail_totp SET failures = 0, unlock_timestamp=NULL WHERE email='{$username}'"); |
|
145 |
+ DB::query("UPDATE mail.webmail_totp SET failures = 0, unlock_timestamp=NULL WHERE email='{$username}'"); |
|
146 | 146 |
blacklist_token($username, $code); |
147 | 147 |
DEBUG('OK'); |
148 | 148 |
} else { |
149 | 149 |
if ($tmp['failures'] > 0 && $tmp['failures'] % 5 == 0) { |
150 |
- db_query("UPDATE mail.webmail_totp SET failures = failures+1, unlock_timestamp = NOW() + INTERVAL 5 MINUTE WHERE email='{$username}'"); |
|
150 |
+ DB::query("UPDATE mail.webmail_totp SET failures = failures+1, unlock_timestamp = NOW() + INTERVAL 5 MINUTE WHERE email='{$username}'"); |
|
151 | 151 |
} else { |
152 |
- db_query("UPDATE mail.webmail_totp SET failures = failures+1 WHERE email='{$username}'"); |
|
152 |
+ DB::query("UPDATE mail.webmail_totp SET failures = failures+1 WHERE email='{$username}'"); |
|
153 | 153 |
} |
154 | 154 |
|
155 | 155 |
DEBUG('FAILED'); |
... | ... |
@@ -196,8 +196,8 @@ function accountname($id) |
196 | 196 |
{ |
197 | 197 |
$id = (int) $id; |
198 | 198 |
$uid = (int) $_SESSION['userinfo']['uid']; |
199 |
- $result = db_query("SELECT email FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}"); |
|
200 |
- if ($tmp = mysql_fetch_assoc($result)) { |
|
199 |
+ $result = DB::query("SELECT email FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}"); |
|
200 |
+ if ($tmp = $result->fetch_assoc()) { |
|
201 | 201 |
return $tmp['email']; |
202 | 202 |
} |
203 | 203 |
} |
... | ... |
@@ -208,23 +208,23 @@ function delete_totp($id) |
208 | 208 |
$id = (int) $id; |
209 | 209 |
$uid = (int) $_SESSION['userinfo']['uid']; |
210 | 210 |
|
211 |
- db_query("DELETE FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}"); |
|
211 |
+ DB::query("DELETE FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}"); |
|
212 | 212 |
} |
213 | 213 |
|
214 | 214 |
|
215 | 215 |
function blacklist_token($email, $token) |
216 | 216 |
{ |
217 |
- $email = mysql_real_escape_string($email); |
|
218 |
- $token = mysql_real_escape_string($token); |
|
219 |
- db_query("INSERT INTO mail.webmail_totp_blacklist (timestamp, email, token) VALUES (NOW(), '{$email}', '{$token}')"); |
|
217 |
+ $email = DB::escape($email); |
|
218 |
+ $token = DB::escape($token); |
|
219 |
+ DB::query("INSERT INTO mail.webmail_totp_blacklist (timestamp, email, token) VALUES (NOW(), '{$email}', '{$token}')"); |
|
220 | 220 |
} |
221 | 221 |
|
222 | 222 |
function check_blacklist($email, $token) |
223 | 223 |
{ |
224 |
- $email = mysql_real_escape_string($email); |
|
225 |
- $token = mysql_real_escape_string($token); |
|
226 |
- db_query("DELETE FROM mail.webmail_totp_blacklist WHERE timestamp < NOW() - INTERVAL 10 MINUTE"); |
|
227 |
- $result = db_query("SELECT id FROM mail.webmail_totp_blacklist WHERE email='{$email}' AND token='{$token}'"); |
|
228 |
- return (mysql_num_rows($result) > 0); |
|
224 |
+ $email = DB::escape($email); |
|
225 |
+ $token = DB::escape($token); |
|
226 |
+ DB::query("DELETE FROM mail.webmail_totp_blacklist WHERE timestamp < NOW() - INTERVAL 10 MINUTE"); |
|
227 |
+ $result = DB::query("SELECT id FROM mail.webmail_totp_blacklist WHERE email='{$email}' AND token='{$token}'"); |
|
228 |
+ return ($result->num_rows > 0); |
|
229 | 229 |
} |
230 | 230 |
|
... | ... |
@@ -18,7 +18,7 @@ require_once('inc/base.php'); |
18 | 18 |
require_once('inc/debug.php'); |
19 | 19 |
require_once('inc/error.php'); |
20 | 20 |
|
21 |
-require_once('inc/db_connect.php'); |
|
21 |
+require_once('inc/db.php'); |
|
22 | 22 |
|
23 | 23 |
define('ROLE_ANONYMOUS', 0); |
24 | 24 |
define('ROLE_MAILACCOUNT', 1); |
... | ... |
@@ -33,16 +33,16 @@ define('ROLE_SUBUSER', 32); |
33 | 33 |
|
34 | 34 |
function find_role($login, $password, $i_am_admin = False) |
35 | 35 |
{ |
36 |
- $login = mysql_real_escape_string($login); |
|
36 |
+ $login = DB::escape($login); |
|
37 | 37 |
// Domain-Admin? <not implemented> |
38 | 38 |
// System-User? |
39 | 39 |
$uid = (int) $login; |
40 | 40 |
if ($uid == 0) |
41 | 41 |
$uid = 'NULL'; |
42 |
- $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;"); |
|
43 |
- if (@mysql_num_rows($result) > 0) |
|
42 |
+ $result = DB::query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;"); |
|
43 |
+ if (@$result->num_rows > 0) |
|
44 | 44 |
{ |
45 |
- $entry = mysql_fetch_object($result); |
|
45 |
+ $entry = $result->fetch_object(); |
|
46 | 46 |
if (strcasecmp($entry->username, $login) == 0 && $entry->username != $login) { |
47 | 47 |
// MySQL matched (warum auch immer) ohne Beachtung der Schreibweise. Wir wollen aber case-sensitive sein. |
48 | 48 |
logger(LOG_WARNING, "session/checkuser", "login", "denying login to wrong cased username »{$login}«."); |
... | ... |
@@ -69,20 +69,20 @@ function find_role($login, $password, $i_am_admin = False) |
69 | 69 |
// Customer? |
70 | 70 |
$customerno = (int) $login; |
71 | 71 |
$pass = sha1($password); |
72 |
- $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';"); |
|
72 |
+ $result = DB::query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';"); |
|
73 | 73 |
if ($i_am_admin) |
74 |
- $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno}"); |
|
75 |
- if (@mysql_num_rows($result) > 0) |
|
74 |
+ $result = DB::query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno}"); |
|
75 |
+ if (@$result->num_rows > 0) |
|
76 | 76 |
{ |
77 | 77 |
return ROLE_CUSTOMER; |
78 | 78 |
} |
79 | 79 |
|
80 | 80 |
// Sub-User |
81 | 81 |
|
82 |
- $result = db_query("SELECT password FROM system.subusers WHERE username='{$login}'"); |
|
83 |
- if (@mysql_num_rows($result) > 0) |
|
82 |
+ $result = DB::query("SELECT password FROM system.subusers WHERE username='{$login}'"); |
|
83 |
+ if (@$result->num_rows > 0) |
|
84 | 84 |
{ |
85 |
- $entry = mysql_fetch_object($result); |
|
85 |
+ $entry = $result->fetch_object(); |
|
86 | 86 |
$db_password = $entry->password; |
87 | 87 |
// SHA1 für alte Subuser (kaylee), SHA256 für neue Subuser |
88 | 88 |
if (hash("sha1", $password) == $db_password || hash("sha256", $password) == $db_password || $i_am_admin) |
... | ... |
@@ -112,10 +112,10 @@ function find_role($login, $password, $i_am_admin = False) |
112 | 112 |
} |
113 | 113 |
} |
114 | 114 |
} |
115 |
- $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;"); |
|
116 |
- if (@mysql_num_rows($result) > 0) |
|
115 |
+ $result = DB::query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;"); |
|
116 |
+ if (@$result->num_rows > 0) |
|
117 | 117 |
{ |
118 |
- $entry = mysql_fetch_object($result); |
|
118 |
+ $entry = $result->fetch_object(); |
|
119 | 119 |
$db_password = $entry->cryptpass; |
120 | 120 |
$hash = crypt($password, $db_password); |
121 | 121 |
if ($hash == $db_password || $i_am_admin) |
... | ... |
@@ -128,10 +128,10 @@ function find_role($login, $password, $i_am_admin = False) |
128 | 128 |
|
129 | 129 |
// virtueller Mail-Account |
130 | 130 |
$account = $login; |
131 |
- $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account='{$account}' LIMIT 1;"); |
|
132 |
- if (@mysql_num_rows($result) > 0) |
|
131 |
+ $result = DB::query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account='{$account}' LIMIT 1;"); |
|
132 |
+ if (@$result->num_rows > 0) |
|
133 | 133 |
{ |
134 |
- $entry = mysql_fetch_object($result); |
|
134 |
+ $entry = $result->fetch_object(); |
|
135 | 135 |
$db_password = $entry->cryptpass; |
136 | 136 |
$hash = crypt($password, $db_password); |
137 | 137 |
if ($hash == $db_password || $i_am_admin) |
... | ... |
@@ -158,17 +158,17 @@ function get_customer_info($customer) |
158 | 158 |
if ($customerno != 0) |
159 | 159 |
{ |
160 | 160 |
DEBUG('Looking up customerinfo for customer no. '.$customerno); |
161 |
- $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;"); |
|
161 |
+ $result = DB::query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;"); |
|
162 | 162 |
} |
163 | 163 |
else |
164 | 164 |
{ |
165 |
- $username = mysql_real_escape_string($customer); |
|
165 |
+ $username = DB::escape($customer); |
|
166 | 166 |
DEBUG('looking up customer info for username '.$username); |
167 |
- $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'"); |
|
167 |
+ $result = DB::query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'"); |
|
168 | 168 |
} |
169 |
- if (@mysql_num_rows($result) == 0) |
|
169 |
+ if (@$result->num_rows == 0) |
|
170 | 170 |
system_failure("Konnte Kundendaten nicht auslesen!"); |
171 |
- $data = mysql_fetch_assoc($result); |
|
171 |
+ $data = $result->fetch_assoc(); |
|
172 | 172 |
DEBUG($data); |
173 | 173 |
$ret['customerno'] = $data['id']; |
174 | 174 |
$ret['title'] = $data['anrede']; |
... | ... |
@@ -182,13 +182,13 @@ function get_customer_info($customer) |
182 | 182 |
|
183 | 183 |
function get_subuser_info($username) |
184 | 184 |
{ |
185 |
- $result = db_query("SELECT uid, modules FROM system.subusers WHERE username='{$username}'"); |
|
186 |
- if (mysql_num_rows($result) < 1) |
|
185 |
+ $result = DB::query("SELECT uid, modules FROM system.subusers WHERE username='{$username}'"); |
|
186 |
+ if ($result->num_rows < 1) |
|
187 | 187 |
{ |
188 | 188 |
logger(LOG_ERR, "session/checkuser", "login", "error reading subuser's data: »{$username}«"); |
189 | 189 |
system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator'); |
190 | 190 |
} |
191 |
- $data = mysql_fetch_assoc($result); |
|
191 |
+ $data = $result->fetch_assoc(); |
|
192 | 192 |
$userinfo = get_user_info($data['uid']); |
193 | 193 |
$userinfo['modules'] = $data['modules']; |
194 | 194 |
return $userinfo; |
... | ... |
@@ -197,15 +197,15 @@ function get_subuser_info($username) |
197 | 197 |
|
198 | 198 |
function get_user_info($username) |
199 | 199 |
{ |
200 |
- $username = mysql_real_escape_string($username); |
|
201 |
- $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name, server |
|
200 |
+ $username = DB::escape($username); |
|
201 |
+ $result = DB::query("SELECT kunde AS customerno, username, uid, homedir, name, server |
|
202 | 202 |
FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1"); |
203 |
- if (mysql_num_rows($result) < 1) |
|
203 |
+ if ($result->num_rows < 1) |
|
204 | 204 |
{ |
205 | 205 |
logger(LOG_ERR, "session/checkuser", "login", "error reading user's data: »{$username}«"); |
206 | 206 |
system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator'); |
207 | 207 |
} |
208 |
- $val = @mysql_fetch_object($result); |
|
208 |
+ $val = @$result->fetch_object(); |
|
209 | 209 |
return array( |
210 | 210 |
'username' => $val->username, |
211 | 211 |
'customerno' => $val->customerno, |
... | ... |
@@ -219,30 +219,30 @@ function get_user_info($username) |
219 | 219 |
function set_customer_verified($customerno) |
220 | 220 |
{ |
221 | 221 |
$customerno = (int) $customerno; |
222 |
- db_query("UPDATE kundendaten.kunden SET status=0 WHERE id={$customerno};"); |
|
222 |
+ DB::query("UPDATE kundendaten.kunden SET status=0 WHERE id={$customerno};"); |
|
223 | 223 |
logger(LOG_INFO, "session/checkuser", "register", "set customer's status to 0."); |
224 | 224 |
} |
225 | 225 |
|
226 | 226 |
function set_customer_lastlogin($customerno) |
227 | 227 |
{ |
228 | 228 |
$customerno = (int) $customerno; |
229 |
- db_query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id={$customerno};"); |
|
229 |
+ DB::query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id={$customerno};"); |
|
230 | 230 |
} |
231 | 231 |
|
232 | 232 |
function set_customer_password($customerno, $newpass) |
233 | 233 |
{ |
234 | 234 |
$customerno = (int) $customerno; |
235 | 235 |
$newpass = sha1($newpass); |
236 |
- db_query("UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1"); |
|
236 |
+ DB::query("UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1"); |
|
237 | 237 |
logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password."); |
238 | 238 |
} |
239 | 239 |
|
240 | 240 |
function set_subuser_password($subuser, $newpass) |
241 | 241 |
{ |
242 |
- $subuser = mysql_real_escape_string($subuser); |
|
242 |
+ $subuser = DB::escape($subuser); |
|
243 | 243 |
$uid = (int) $_SESSION['userinfo']['uid']; |
244 | 244 |
$newpass = sha1($newpass); |
245 |
- db_query("UPDATE system.subusers SET password='$newpass' WHERE username='{$subuser}' AND uid={$uid}"); |
|
245 |
+ DB::query("UPDATE system.subusers SET password='$newpass' WHERE username='{$subuser}' AND uid={$uid}"); |
|
246 | 246 |
logger(LOG_INFO, "session/checkuser", "pwchange", "changed subuser's password."); |
247 | 247 |
} |
248 | 248 |
|
... | ... |
@@ -261,28 +261,28 @@ function set_systemuser_password($uid, $newpass) |
261 | 261 |
$salt = random_string(8); |
262 | 262 |
$newpass = crypt($newpass, "\$1\${$salt}\$"); |
263 | 263 |
} |
264 |
- db_query("UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1"); |
|
264 |
+ DB::query("UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1"); |
|
265 | 265 |
logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password."); |
266 | 266 |
} |
267 | 267 |
|
268 | 268 |
|
269 | 269 |
function user_for_mailaccount($account) |
270 | 270 |
{ |
271 |
- $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;"); |
|
272 |
- if (mysql_num_rows($result) != 1) { |
|
271 |
+ $result = DB::query("SELECT uid FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;"); |
|
272 |
+ if ($result->num_rows != 1) { |
|
273 | 273 |
system_failure('Diese Adresse ist herrenlos?!'); |
274 | 274 |
} |
275 |
- $tmp = mysql_fetch_assoc($result); |
|
275 |
+ $tmp = $result->fetch_assoc(); |
|
276 | 276 |
return $tmp['uid']; |
277 | 277 |
} |
278 | 278 |
|
279 | 279 |
function user_for_vmail_account($account) |
280 | 280 |
{ |
281 |
- $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)='{$account}' LIMIT 1;"); |
|
282 |
- if (mysql_num_rows($result) != 1) { |
|
281 |
+ $result = DB::query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)='{$account}' LIMIT 1;"); |
|
282 |
+ if ($result->num_rows != 1) { |
|
283 | 283 |
system_failure('Diese Adresse ist herrenlos?!'); |
284 | 284 |
} |
285 |
- $tmp = mysql_fetch_assoc($result); |
|
285 |
+ $tmp = $result->fetch_assoc(); |
|
286 | 286 |
return $tmp['useraccount']; |
287 | 287 |
} |
288 | 288 |
|