... | ... |
@@ -39,14 +39,14 @@ function prepare_cert($cert) |
39 | 39 |
|
40 | 40 |
function get_logins_by_cert($cert) |
41 | 41 |
{ |
42 |
- $cert = mysql_real_escape_string(prepare_cert($cert)); |
|
42 |
+ $cert = db_escape_string(prepare_cert($cert)); |
|
43 | 43 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'"; |
44 | 44 |
$result = db_query($query); |
45 |
- if (mysql_num_rows($result) < 1) |
|
45 |
+ if ($result->rowCount() < 1) |
|
46 | 46 |
return NULL; |
47 | 47 |
else { |
48 | 48 |
$ret = array(); |
49 |
- while ($row = mysql_fetch_assoc($result)) { |
|
49 |
+ while ($row = $result->fetch()) { |
|
50 | 50 |
$ret[] = $row; |
51 | 51 |
} |
52 | 52 |
return $ret; |
... | ... |
@@ -39,14 +39,14 @@ function prepare_cert($cert) |
39 | 39 |
|
40 | 40 |
function get_logins_by_cert($cert) |
41 | 41 |
{ |
42 |
- $cert = mysql_real_escape_string(prepare_cert($cert)); |
|
42 |
+ $cert = db_escape_string(prepare_cert($cert)); |
|
43 | 43 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'"; |
44 | 44 |
$result = db_query($query); |
45 |
- if (mysql_num_rows($result) < 1) |
|
45 |
+ if ($result->rowCount() < 1) |
|
46 | 46 |
return NULL; |
47 | 47 |
else { |
48 | 48 |
$ret = array(); |
49 |
- while ($row = mysql_fetch_assoc($result)) { |
|
49 |
+ while ($row = $result->fetch()) { |
|
50 | 50 |
$ret[] = $row; |
51 | 51 |
} |
52 | 52 |
return $ret; |
... | ... |
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
18 | 17 |
require_once('inc/base.php'); |
19 | 18 |
require_once('inc/debug.php'); |
20 | 19 |
|
21 | 20 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,119 @@ |
1 |
+<?php |
|
2 |
+/* |
|
3 |
+This file belongs to the Webinterface of schokokeks.org Hosting |
|
4 |
+ |
|
5 |
+Written 2008-2013 by schokokeks.org Hosting, namely |
|
6 |
+ Bernd Wurst <bernd@schokokeks.org> |
|
7 |
+ Hanno Böck <hanno@schokokeks.org> |
|
8 |
+ |
|
9 |
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
10 |
+ |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 |
+http://creativecommons.org/publicdomain/zero/1.0/ |
|
13 |
+ |
|
14 |
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
15 |
+*/ |
|
16 |
+ |
|
17 |
+require_once('inc/base.php'); |
|
18 |
+require_once('inc/error.php'); |
|
19 |
+require_once('inc/debug.php'); |
|
20 |
+ |
|
21 |
+ |
|
22 |
+class DB extends PDO { |
|
23 |
+ function __construct() { |
|
24 |
+ $dsn = "mysql:host=".config('db_host'); |
|
25 |
+ if (config('db_port', true)) { |
|
26 |
+ $dsn .= ';port='.config('db_port', true); |
|
27 |
+ } |
|
28 |
+ $username = config('db_user', true); |
|
29 |
+ $password = config('db_pass', true); |
|
30 |
+ parent::__construct($dsn, $username, $password); |
|
31 |
+ } |
|
32 |
+ |
|
33 |
+ |
|
34 |
+ /* |
|
35 |
+ Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen |
|
36 |
+ */ |
|
37 |
+ function query($stmt, $params = NULL) { |
|
38 |
+ if (is_array($params)) { |
|
39 |
+ $response = parent::prepare($stmt); |
|
40 |
+ $response->execute($params); |
|
41 |
+ return $response; |
|
42 |
+ } else { |
|
43 |
+ return parent::query($stmt); |
|
44 |
+ } |
|
45 |
+ } |
|
46 |
+} |
|
47 |
+ |
|
48 |
+ |
|
49 |
+/* FIXME |
|
50 |
+ Das ist etwas unelegant. Soll nur übergangsweise verwendet werden bis alles auf prepared statements umgestellt ist |
|
51 |
+*/ |
|
52 |
+function db_escape_string($string) |
|
53 |
+{ |
|
54 |
+ global $db; |
|
55 |
+ __ensure_connected(); |
|
56 |
+ $quoted = $db->quote($string); |
|
57 |
+ // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string() |
|
58 |
+ $ret = substr($quoted, 1, -1); |
|
59 |
+ return $ret; |
|
60 |
+} |
|
61 |
+ |
|
62 |
+ |
|
63 |
+function db_insert_id() |
|
64 |
+{ |
|
65 |
+ global $db; |
|
66 |
+ __ensure_connected(); |
|
67 |
+ return $db->lastInsertId(); |
|
68 |
+} |
|
69 |
+ |
|
70 |
+ |
|
71 |
+function __ensure_connected() |
|
72 |
+{ |
|
73 |
+ /* |
|
74 |
+ Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton |
|
75 |
+ aber es hilft uns in unserem prozeduralen Kontext |
|
76 |
+ */ |
|
77 |
+ global $db; |
|
78 |
+ if (! isset($db)) { |
|
79 |
+ try { |
|
80 |
+ DEBUG("Neue Datenbankverbindung!"); |
|
81 |
+ $db = new DB(); |
|
82 |
+ $db->query("SET NAMES utf8"); |
|
83 |
+ $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); |
|
84 |
+ $db->setAttribute(PDO::ATTR_AUTOCOMMIT, true); |
|
85 |
+ } catch (PDOException $e) { |
|
86 |
+ global $debugmode; |
|
87 |
+ if ($debugmode) { |
|
88 |
+ system_failure("MySQL-Fehler: ".$e->getMessage()); |
|
89 |
+ } else { |
|
90 |
+ system_failure("Fehler bei der Datenbankverbindung!"); |
|
91 |
+ } |
|
92 |
+ } |
|
93 |
+ } |
|
94 |
+} |
|
95 |
+ |
|
96 |
+ |
|
97 |
+function db_query($stmt, $params = NULL) |
|
98 |
+{ |
|
99 |
+ global $db; |
|
100 |
+ __ensure_connected(); |
|
101 |
+ DEBUG($stmt); |
|
102 |
+ if ($params) { |
|
103 |
+ DEBUG($params); |
|
104 |
+ } |
|
105 |
+ try { |
|
106 |
+ $result = $db->query($stmt, $params); |
|
107 |
+ DEBUG('=> '.$result->rowCount().' rows'); |
|
108 |
+ } catch (PDOException $e) { |
|
109 |
+ global $debugmode; |
|
110 |
+ if ($debugmode) { |
|
111 |
+ system_failure("MySQL-Fehler: ".$e->getMessage()); |
|
112 |
+ } else { |
|
113 |
+ system_failure("Datenbankfehler"); |
|
114 |
+ } |
|
115 |
+ } |
|
116 |
+ return $result; |
|
117 |
+} |
|
118 |
+ |
|
119 |
+ |
... | ... |
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
18 | 17 |
require_once('inc/base.php'); |
19 | 18 |
require_once('inc/debug.php'); |
20 | 19 |
|
... | ... |
@@ -42,7 +41,7 @@ class Domain extends KeksData |
42 | 41 |
|
43 | 42 |
function loadByName($name) |
44 | 43 |
{ |
45 |
- $name = mysql_real_escape_string($name); |
|
44 |
+ $name = db_escape_string($name); |
|
46 | 45 |
$res = $this->getData("*", "CONCAT_WS('.', domainname, tld)='{$name}' LIMIT 1"); |
47 | 46 |
if (count($res) < 1) |
48 | 47 |
return false; |
... | ... |
@@ -112,9 +111,9 @@ function get_domain_list($customerno, $uid = NULL) |
112 | 111 |
$query .= " ORDER BY domainname,tld"; |
113 | 112 |
$result = db_query($query); |
114 | 113 |
$domains = array(); |
115 |
- DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n"); |
|
116 |
- if (mysql_num_rows($result) > 0) |
|
117 |
- while ($domain = mysql_fetch_object($result)) |
|
114 |
+ DEBUG('Result set is '.$result->rowCount()." rows.<br />\n"); |
|
115 |
+ if ($result->rowCount() > 0) |
|
116 |
+ while ($domain = $result->fetch(PDO::FETCH_OBJ)) |
|
118 | 117 |
array_push($domains, new Domain((int) $domain->id)); |
119 | 118 |
DEBUG($domains); |
120 | 119 |
return $domains; |
... | ... |
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
18 | 17 |
require_once('inc/base.php'); |
19 | 18 |
require_once('inc/debug.php'); |
20 | 19 |
|
... | ... |
@@ -57,7 +56,7 @@ abstract class KeksData |
57 | 56 |
{ |
58 | 57 |
$fields = array(); |
59 | 58 |
$res = db_query("DESCRIBE {$this->default_table}"); |
60 |
- while ($f = mysql_fetch_object($res)) |
|
59 |
+ while ($f = $res->fetch(PDO::FETCH_OBJ)) |
|
61 | 60 |
{ |
62 | 61 |
$fields[$f->Field] = $f->Default; |
63 | 62 |
} |
... | ... |
@@ -80,7 +79,7 @@ abstract class KeksData |
80 | 79 |
|
81 | 80 |
$res = db_query("SELECT {$fields} FROM {$table} {$where}"); |
82 | 81 |
$return = array(); |
83 |
- while ($arr = mysql_fetch_assoc($res)) |
|
82 |
+ while ($arr = $res->fetch()) |
|
84 | 83 |
array_push($return, $arr); |
85 | 84 |
return $return; |
86 | 85 |
} |
... | ... |
@@ -102,7 +101,7 @@ abstract class KeksData |
102 | 101 |
$upd = array(); |
103 | 102 |
foreach ($this->changes as $key => $value) |
104 | 103 |
{ |
105 |
- $value = mysql_real_escape_string($value); |
|
104 |
+ $value = db_escape_string($value); |
|
106 | 105 |
array_push($upd, "`{$key}`='{$value}'"); |
107 | 106 |
} |
108 | 107 |
db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};"); |
... | ... |
@@ -17,7 +17,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
17 | 17 |
|
18 | 18 |
require_once('config.php'); |
19 | 19 |
require_once('inc/debug.php'); |
20 |
-require_once('inc/db_connect.php'); |
|
21 | 20 |
require_once("inc/base.php"); |
22 | 21 |
require_once("inc/theme.php"); |
23 | 22 |
|
... | ... |
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
17 |
+require_once('class/database.php'); |
|
18 | 18 |
require_once('inc/debug.php'); |
19 | 19 |
|
20 | 20 |
function config($key) |
... | ... |
@@ -36,9 +36,9 @@ function config($key) |
36 | 36 |
return $config[$key]; |
37 | 37 |
|
38 | 38 |
/* read configuration from database */ |
39 |
- $options = db_query( "SELECT `key`, value FROM misc.config" ); |
|
39 |
+ $result = db_query( "SELECT `key`, value FROM misc.config" ); |
|
40 | 40 |
|
41 |
- while( $object = mysql_fetch_assoc( $options ) ) { |
|
41 |
+ while( $object = $result->fetch() ) { |
|
42 | 42 |
if (!array_key_exists($object['key'], $config)) { |
43 | 43 |
$config[$object['key']]=$object['value']; |
44 | 44 |
} |
... | ... |
@@ -56,8 +56,9 @@ function config($key) |
56 | 56 |
|
57 | 57 |
function get_server_by_id($id) { |
58 | 58 |
$id = (int) $id; |
59 |
- $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'")); |
|
60 |
- return $result['hostname']; |
|
59 |
+ $result = db_query("SELECT hostname FROM system.servers WHERE id='{$id}'"); |
|
60 |
+ $ret = $result->fetch(); |
|
61 |
+ return $ret['hostname']; |
|
61 | 62 |
} |
62 | 63 |
|
63 | 64 |
|
... | ... |
@@ -74,7 +75,7 @@ function my_server_id() |
74 | 75 |
{ |
75 | 76 |
$uid = (int) $_SESSION['userinfo']['uid']; |
76 | 77 |
$result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}"); |
77 |
- $r = mysql_fetch_assoc($result); |
|
78 |
+ $r = $result->fetch(); |
|
78 | 79 |
DEBUG($r); |
79 | 80 |
return $r['server']; |
80 | 81 |
} |
... | ... |
@@ -85,7 +86,7 @@ function additional_servers() |
85 | 86 |
$uid = (int) $_SESSION['userinfo']['uid']; |
86 | 87 |
$result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}"); |
87 | 88 |
$servers = array(); |
88 |
- while ($s = mysql_fetch_assoc($result)) |
|
89 |
+ while ($s = $result->fetch()) |
|
89 | 90 |
$servers[] = $s['server']; |
90 | 91 |
DEBUG($servers); |
91 | 92 |
return $servers; |
... | ... |
@@ -96,43 +97,27 @@ function server_names() |
96 | 97 |
{ |
97 | 98 |
$result = db_query("SELECT id, hostname FROM system.servers"); |
98 | 99 |
$servers = array(); |
99 |
- while ($s = mysql_fetch_assoc($result)) |
|
100 |
+ while ($s = $result->fetch()) |
|
100 | 101 |
$servers[$s['id']] = $s['hostname']; |
101 | 102 |
DEBUG($servers); |
102 | 103 |
return $servers; |
103 | 104 |
} |
104 | 105 |
|
105 | 106 |
|
106 |
-function db_query($query) |
|
107 |
-{ |
|
108 |
- DEBUG($query); |
|
109 |
- $result = @mysql_query($query); |
|
110 |
- if (mysql_error()) |
|
111 |
- { |
|
112 |
- $error = mysql_error(); |
|
113 |
- logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}"); |
|
114 |
- system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.'); |
|
115 |
- } |
|
116 |
- $count = @mysql_num_rows($result); |
|
117 |
- if (! $count) |
|
118 |
- $count = 'no'; |
|
119 |
- DEBUG("=> {$count} rows"); |
|
120 |
- return $result; |
|
121 |
-} |
|
122 |
- |
|
123 |
- |
|
124 |
- |
|
107 |
+// FIXME |
|
108 |
+// Diese Funktion funktioniert nicht für preprared statements |
|
125 | 109 |
function maybe_null($value) |
126 | 110 |
{ |
127 | 111 |
if ($value == NULL) |
128 | 112 |
return 'NULL'; |
129 | 113 |
|
130 | 114 |
if (strlen( (string) $value ) > 0) |
131 |
- return "'".mysql_real_escape_string($value)."'"; |
|
115 |
+ return "'".db_escape_string($value)."'"; |
|
132 | 116 |
else |
133 | 117 |
return 'NULL'; |
134 | 118 |
} |
135 | 119 |
|
120 |
+ |
|
136 | 121 |
#define('LOG_ERR', 3); |
137 | 122 |
#define('LOG_WARNING', 4); |
138 | 123 |
#define('LOG_INFO', 6); |
... | ... |
@@ -148,11 +133,11 @@ function logger($severity, $scriptname, $scope, $message) |
148 | 133 |
elseif ($_SESSION['role'] & ROLE_CUSTOMER) |
149 | 134 |
$user = "'{$_SESSION['customerinfo']['customerno']}'"; |
150 | 135 |
|
151 |
- $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); |
|
136 |
+ $remote = db_escape_string($_SERVER['REMOTE_ADDR']); |
|
152 | 137 |
|
153 |
- $scriptname = mysql_real_escape_string($scriptname); |
|
154 |
- $scope = mysql_real_escape_string($scope); |
|
155 |
- $message = mysql_real_escape_string($message); |
|
138 |
+ $scriptname = db_escape_string($scriptname); |
|
139 |
+ $scope = db_escape_string($scope); |
|
140 |
+ $message = db_escape_string($message); |
|
156 | 141 |
|
157 | 142 |
db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');"); |
158 | 143 |
} |
159 | 144 |
deleted file mode 100644 |
... | ... |
@@ -1,33 +0,0 @@ |
1 |
-<?php |
|
2 |
-/* |
|
3 |
-This file belongs to the Webinterface of schokokeks.org Hosting |
|
4 |
- |
|
5 |
-Written 2008-2013 by schokokeks.org Hosting, namely |
|
6 |
- Bernd Wurst <bernd@schokokeks.org> |
|
7 |
- Hanno Böck <hanno@schokokeks.org> |
|
8 |
- |
|
9 |
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
10 |
- |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 |
-http://creativecommons.org/publicdomain/zero/1.0/ |
|
13 |
- |
|
14 |
-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
15 |
-*/ |
|
16 |
- |
|
17 |
-require_once('inc/error.php'); |
|
18 |
- |
|
19 |
-include("config.php"); |
|
20 |
-global $config; |
|
21 |
- |
|
22 |
-$host = $config['db_host']; |
|
23 |
-if ($config['db_port']) { |
|
24 |
- $host .= ":".$config['db_port']; |
|
25 |
-} |
|
26 |
- |
|
27 |
-if (!@mysql_connect($host, $config['db_user'], $config['db_pass'])) |
|
28 |
- die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.'); |
|
29 |
- |
|
30 |
-if (!@mysql_query('SET NAMES utf8')) |
|
31 |
- die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!'); |
|
32 |
- |
|
33 |
-?> |
... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
15 | 15 |
*/ |
16 | 16 |
|
17 | 17 |
require_once('inc/debug.php'); |
18 |
-require_once('inc/db_connect.php'); |
|
19 | 18 |
require_once('inc/base.php'); |
20 | 19 |
require_once('inc/security.php'); |
21 | 20 |
require_once('inc/error.php'); |
... | ... |
@@ -38,14 +37,14 @@ function get_domain_offer($domainname) |
38 | 37 |
$data = array("domainname" => $domainname, "basename" => $basename, "tld" => $tld); |
39 | 38 |
|
40 | 39 |
$result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise_kunde WHERE kunde={$cid} AND tld='{$tld}' AND ruecksprache='N'"); |
41 |
- if (mysql_num_rows($result) != 1) { |
|
40 |
+ if ($result->rowCount() != 1) { |
|
42 | 41 |
$result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise WHERE tld='{$tld}' AND ruecksprache='N'"); |
43 | 42 |
} |
44 |
- if (mysql_num_rows($result) != 1) { |
|
43 |
+ if ($result->rowCount() != 1) { |
|
45 | 44 |
warning('Die Endung »'.$tld.'« steht zur automatischen Eintragung nicht zur Verfügung.'); |
46 | 45 |
return; |
47 | 46 |
} |
48 |
- $temp = mysql_fetch_assoc($result); |
|
47 |
+ $temp = $result->fetch(); |
|
49 | 48 |
$data["gebuehr"] = $temp["gebuehr"]; |
50 | 49 |
$data["setup"] = ($temp["setup"] ? $temp["setup"] : 0.0); |
51 | 50 |
|
... | ... |
@@ -93,7 +92,7 @@ function list_useraccounts() |
93 | 92 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
94 | 93 |
$result = db_query("SELECT uid,username,name FROM system.useraccounts WHERE kunde={$customerno}"); |
95 | 94 |
$ret = array(); |
96 |
- while ($item = mysql_fetch_assoc($result)) |
|
95 |
+ while ($item = $result->fetch()) |
|
97 | 96 |
{ |
98 | 97 |
$ret[] = $item; |
99 | 98 |
} |
... | ... |
@@ -19,7 +19,7 @@ require_once('inc/base.php'); |
19 | 19 |
|
20 | 20 |
function find_customers($string) |
21 | 21 |
{ |
22 |
- $string = mysql_real_escape_string(chop($string)); |
|
22 |
+ $string = db_escape_string(chop($string)); |
|
23 | 23 |
$return = array(); |
24 | 24 |
$result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ". |
25 | 25 |
"ON (kk.kundennr = k.id) LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ". |
... | ... |
@@ -30,7 +30,7 @@ function find_customers($string) |
30 | 30 |
"notizen LIKE '%{$string}%' OR kk.name LIKE '%{$string}%' OR ". |
31 | 31 |
"kk.wert LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ". |
32 | 32 |
"u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';"); |
33 |
- while ($entry = mysql_fetch_assoc($result)) |
|
33 |
+ while ($entry = $result->fetch()) |
|
34 | 34 |
$return[] = $entry['id']; |
35 | 35 |
|
36 | 36 |
return $return; |
... | ... |
@@ -43,7 +43,7 @@ function find_users_for_customer($id) |
43 | 43 |
$return = array(); |
44 | 44 |
$result = db_query("SELECT uid, username FROM system.useraccounts WHERE ". |
45 | 45 |
"kunde='{$id}';"); |
46 |
- while ($entry = mysql_fetch_assoc($result)) |
|
46 |
+ while ($entry = $result->fetch()) |
|
47 | 47 |
$return[$entry['uid']] = $entry['username']; |
48 | 48 |
|
49 | 49 |
return $return; |
... | ... |
@@ -56,7 +56,7 @@ function hosting_contracts($cid) |
56 | 56 |
$cid = (int) $cid; |
57 | 57 |
$result = db_query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid); |
58 | 58 |
$ret = array(); |
59 |
- while ($x = mysql_fetch_assoc($result)) |
|
59 |
+ while ($x = $result->fetch()) |
|
60 | 60 |
array_push($ret, $x); |
61 | 61 |
DEBUG($ret); |
62 | 62 |
|
... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
15 | 15 |
*/ |
16 | 16 |
|
17 | 17 |
require_once('inc/debug.php'); |
18 |
-require_once('inc/db_connect.php'); |
|
19 | 18 |
require_once('inc/base.php'); |
20 | 19 |
require_once('inc/security.php'); |
21 | 20 |
require_once('inc/error.php'); |
... | ... |
@@ -28,7 +27,7 @@ function get_dyndns_accounts() |
28 | 27 |
$uid = (int) $_SESSION['userinfo']['uid']; |
29 | 28 |
$result = db_query("SELECT * FROM dns.dyndns WHERE uid={$uid}"); |
30 | 29 |
$list = array(); |
31 |
- while ($item = mysql_fetch_assoc($result)) { |
|
30 |
+ while ($item = $result->fetch()) { |
|
32 | 31 |
array_push($list, $item); |
33 | 32 |
} |
34 | 33 |
DEBUG($list); |
... | ... |
@@ -41,11 +40,11 @@ function get_dyndns_account($id) |
41 | 40 |
$id = (int) $id; |
42 | 41 |
$uid = (int) $_SESSION['userinfo']['uid']; |
43 | 42 |
$result = db_query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}"); |
44 |
- if (mysql_num_rows($result) != 1) { |
|
43 |
+ if ($result->rowCount() != 1) { |
|
45 | 44 |
logger(LOG_WARNING, "modules/dns/include/dnsinclude", "dyndns", "account »{$id}« invalid for uid »{$uid}«."); |
46 | 45 |
system_failure("Account ungültig"); |
47 | 46 |
} |
48 |
- $item = mysql_fetch_assoc($result); |
|
47 |
+ $item = $result->fetch(); |
|
49 | 48 |
DEBUG($item); |
50 | 49 |
return $item; |
51 | 50 |
} |
... | ... |
@@ -58,8 +57,8 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
58 | 57 |
if ($password_http == '' && $sshkey == '') |
59 | 58 |
system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.'); |
60 | 59 |
|
61 |
- $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle))); |
|
62 |
- $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey))); |
|
60 |
+ $handle = maybe_null(db_escape_string(filter_input_username($handle))); |
|
61 |
+ $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey))); |
|
63 | 62 |
|
64 | 63 |
$pwhash = 'NULL'; |
65 | 64 |
if ($password_http) |
... | ... |
@@ -73,8 +72,8 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
73 | 72 |
function edit_dyndns_account($id, $handle, $password_http, $sshkey) |
74 | 73 |
{ |
75 | 74 |
$id = (int) $id; |
76 |
- $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle))); |
|
77 |
- $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey))); |
|
75 |
+ $handle = maybe_null(db_escape_string(filter_input_username($handle))); |
|
76 |
+ $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey))); |
|
78 | 77 |
|
79 | 78 |
$pwhash = 'NULL'; |
80 | 79 |
if ($password_http) |
... | ... |
@@ -104,7 +103,7 @@ function get_dyndns_records($id) |
104 | 103 |
$id = (int) $id; |
105 | 104 |
$result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}"); |
106 | 105 |
$data = array(); |
107 |
- while ($entry = mysql_fetch_assoc($result)) { |
|
106 |
+ while ($entry = $result->fetch()) { |
|
108 | 107 |
$dom = new Domain((int) $entry['domain']); |
109 | 108 |
$dom->ensure_userdomain(); |
110 | 109 |
$entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn; |
... | ... |
@@ -144,9 +143,9 @@ function get_dns_record($id) |
144 | 143 |
{ |
145 | 144 |
$id = (int) $id; |
146 | 145 |
$result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}"); |
147 |
- if (mysql_num_rows($result) != 1) |
|
146 |
+ if ($result->rowCount() != 1) |
|
148 | 147 |
system_failure('illegal ID'); |
149 |
- $data = mysql_fetch_assoc($result); |
|
148 |
+ $data = $result->fetch(); |
|
150 | 149 |
$dom = new Domain( (int) $data['domain']); |
151 | 150 |
$dom->ensure_userdomain(); |
152 | 151 |
DEBUG($data); |
... | ... |
@@ -159,7 +158,7 @@ function get_domain_records($dom) |
159 | 158 |
$dom = (int) $dom; |
160 | 159 |
$result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}"); |
161 | 160 |
$data = array(); |
162 |
- while ($entry = mysql_fetch_assoc($result)) { |
|
161 |
+ while ($entry = $result->fetch()) { |
|
163 | 162 |
$dom = new Domain((int) $entry['domain']); |
164 | 163 |
$dom->ensure_userdomain(); |
165 | 164 |
$entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn; |
... | ... |
@@ -173,11 +172,11 @@ function get_domain_records($dom) |
173 | 172 |
|
174 | 173 |
function get_domain_auto_records($domainname) |
175 | 174 |
{ |
176 |
- $domainname = mysql_real_escape_string($domainname); |
|
175 |
+ $domainname = db_escape_string($domainname); |
|
177 | 176 |
//$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'"); |
178 | 177 |
$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'"); |
179 | 178 |
$data = array(); |
180 |
- while ($entry = mysql_fetch_assoc($result)) { |
|
179 |
+ while ($entry = $result->fetch()) { |
|
181 | 180 |
array_push($data, $entry); |
182 | 181 |
} |
183 | 182 |
DEBUG($data); |
... | ... |
@@ -329,7 +328,7 @@ function domain_is_maildomain($domain) |
329 | 328 |
{ |
330 | 329 |
$domain = (int) $domain; |
331 | 330 |
$result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}"); |
332 |
- $dom = mysql_fetch_assoc($result); |
|
331 |
+ $dom = $result->fetch(); |
|
333 | 332 |
return ($dom['mail'] != 'none'); |
334 | 333 |
} |
335 | 334 |
|
... | ... |
@@ -27,7 +27,7 @@ function mailman_subdomains($domain) |
27 | 27 |
$domain = (int) $domain; |
28 | 28 |
$result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}"); |
29 | 29 |
$ret = array(); |
30 |
- while ($line = mysql_fetch_assoc($result)) |
|
30 |
+ while ($line = $result->fetch()) |
|
31 | 31 |
{ |
32 | 32 |
$ret[] = $line; |
33 | 33 |
} |
... | ... |
@@ -40,7 +40,7 @@ function dns_in_use($domain) |
40 | 40 |
return false; |
41 | 41 |
$domain = (int) $domain; |
42 | 42 |
$result = db_query("SELECT id FROM dns.custom_records WHERE domain={$domain}"); |
43 |
- return (mysql_num_rows($result) > 0); |
|
43 |
+ return ($result->rowCount() > 0); |
|
44 | 44 |
} |
45 | 45 |
|
46 | 46 |
|
... | ... |
@@ -52,16 +52,16 @@ function mail_in_use($domain) |
52 | 52 |
} |
53 | 53 |
$domain = (int) $domain; |
54 | 54 |
$result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}"); |
55 |
- if (mysql_num_rows($result) < 1) |
|
55 |
+ if ($result->rowCount() < 1) |
|
56 | 56 |
system_failure("Domain not found"); |
57 |
- $d = mysql_fetch_assoc($result); |
|
57 |
+ $d = $result->fetch(); |
|
58 | 58 |
if ($d['mail'] == 'none') |
59 | 59 |
return false; // manually disabled |
60 | 60 |
$result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}"); |
61 |
- if (mysql_num_rows($result) < 1) |
|
61 |
+ if ($result->rowCount() < 1) |
|
62 | 62 |
return true; // .courier |
63 | 63 |
$result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}"); |
64 |
- return (mysql_num_rows($result) > 0); |
|
64 |
+ return ($result->rowCount() > 0); |
|
65 | 65 |
} |
66 | 66 |
|
67 | 67 |
function web_in_use($domain) |
... | ... |
@@ -72,12 +72,12 @@ function web_in_use($domain) |
72 | 72 |
$domain = (int) $domain; |
73 | 73 |
|
74 | 74 |
$result = db_query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1"); |
75 |
- if (mysql_num_rows($result) < 1) |
|
75 |
+ if ($result->rowCount() < 1) |
|
76 | 76 |
return false; |
77 | 77 |
|
78 | 78 |
$result = db_query("SELECT id FROM vhosts.vhost WHERE domain={$domain}"); |
79 | 79 |
$result2 = db_query("SELECT id FROM vhosts.alias WHERE domain={$domain}"); |
80 |
- return (mysql_num_rows($result) > 0 || mysql_num_rows($result2) > 0); |
|
80 |
+ return ($result->rowCount() > 0 || $result2->rowCount() > 0); |
|
81 | 81 |
} |
82 | 82 |
|
83 | 83 |
|
... | ... |
@@ -20,8 +20,8 @@ function user_has_accounts() |
20 | 20 |
{ |
21 | 21 |
$uid = (int) $_SESSION['userinfo']['uid']; |
22 | 22 |
$result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid"); |
23 |
- DEBUG(mysql_num_rows($result)." accounts"); |
|
24 |
- return (mysql_num_rows($result) > 0); |
|
23 |
+ DEBUG($result->rowCount()." accounts"); |
|
24 |
+ return ($result->rowCount() > 0); |
|
25 | 25 |
} |
26 | 26 |
|
27 | 27 |
if (! function_exists("user_has_vmail_domain")) |
... | ... |
@@ -34,7 +34,7 @@ if (! function_exists("user_has_vmail_domain")) |
34 | 34 |
} |
35 | 35 |
$uid = (int) $_SESSION['userinfo']['uid']; |
36 | 36 |
$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'"); |
37 |
- $row = mysql_fetch_array($result); |
|
37 |
+ $row = $result->fetch(); |
|
38 | 38 |
$count = $row[0]; |
39 | 39 |
DEBUG("User has {$count} vmail-domains"); |
40 | 40 |
return ( (int) $count > 0 ); |
... | ... |
@@ -24,7 +24,7 @@ if (! function_exists("user_has_vmail_domain")) |
24 | 24 |
} |
25 | 25 |
$uid = (int) $_SESSION['userinfo']['uid']; |
26 | 26 |
$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'"); |
27 |
- $row = mysql_fetch_array($result); |
|
27 |
+ $row = $result->fetch(); |
|
28 | 28 |
$count = $row[0]; |
29 | 29 |
DEBUG("User has {$count} vmail-domains"); |
30 | 30 |
return ( (int) $count > 0 ); |
... | ... |
@@ -42,7 +42,7 @@ if (! function_exists("user_has_dotcourier_domain")) |
42 | 42 |
$uid = (int) $_SESSION['userinfo']['uid']; |
43 | 43 |
$result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". |
44 | 44 |
"SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);"); |
45 |
- $ret = (mysql_num_rows($result) > 0); |
|
45 |
+ $ret = ($result->rowCount() > 0); |
|
46 | 46 |
if ($ret) |
47 | 47 |
DEBUG("User {$uid} has dotcourier-domains"); |
48 | 48 |
return $ret; |
... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
15 | 15 |
*/ |
16 | 16 |
|
17 | 17 |
require_once('inc/debug.php'); |
18 |
-require_once('inc/db_connect.php'); |
|
19 | 18 |
require_once('inc/base.php'); |
20 | 19 |
require_once('inc/security.php'); |
21 | 20 |
|
... | ... |
@@ -27,10 +26,10 @@ function mailaccounts($uid) |
27 | 26 |
{ |
28 | 27 |
$uid = (int) $uid; |
29 | 28 |
$result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local"); |
30 |
- DEBUG("Found ".@mysql_num_rows($result)." rows!"); |
|
29 |
+ DEBUG("Found ".@$result->rowCount()." rows!"); |
|
31 | 30 |
$accounts = array(); |
32 |
- if (@mysql_num_rows($result) > 0) |
|
33 |
- while ($acc = @mysql_fetch_object($result)) |
|
31 |
+ if (@$result->rowCount() > 0) |
|
32 |
+ while ($acc = @$result->fetch(PDO::FETCH_OBJ)) |
|
34 | 33 |
array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1))); |
35 | 34 |
return $accounts; |
36 | 35 |
} |
... | ... |
@@ -40,10 +39,10 @@ function get_mailaccount($id) |
40 | 39 |
$id = (int) $id; |
41 | 40 |
$uid = (int) $_SESSION['userinfo']['uid']; |
42 | 41 |
$result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}"); |
43 |
- DEBUG("Found ".mysql_num_rows($result)." rows!"); |
|
44 |
- if (mysql_num_rows($result) != 1) |
|
42 |
+ DEBUG("Found ".$result->rowCount()." rows!"); |
|
43 |
+ if ($result->rowCount() != 1) |
|
45 | 44 |
system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht'); |
46 |
- $acc = mysql_fetch_object($result); |
|
45 |
+ $acc = $result->fetch(PDO::FETCH_OBJ); |
|
47 | 46 |
$ret = array('account' => $acc->account, 'mailbox' => $acc->maildir, 'enabled' => ($acc->aktiv == 1)); |
48 | 47 |
DEBUG(print_r($ret, true)); |
49 | 48 |
return $ret; |
... | ... |
@@ -73,13 +72,13 @@ function change_mailaccount($id, $arr) |
73 | 72 |
array_push($conditions, "domain={$domain->id}"); |
74 | 73 |
} |
75 | 74 |
} |
76 |
- array_push($conditions, "local='".mysql_real_escape_string($local)."'"); |
|
75 |
+ array_push($conditions, "local='".db_escape_string($local)."'"); |
|
77 | 76 |
} |
78 | 77 |
if (isset($arr['mailbox'])) |
79 | 78 |
if ($arr['mailbox'] == '') |
80 | 79 |
array_push($conditions, "`maildir`=NULL"); |
81 | 80 |
else |
82 |
- array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'"); |
|
81 |
+ array_push($conditions, "`maildir`='".db_escape_string($arr['mailbox'])."'"); |
|
83 | 82 |
|
84 | 83 |
if (isset($arr['password'])) |
85 | 84 |
{ |
... | ... |
@@ -121,13 +120,13 @@ function create_mailaccount($arr) |
121 | 120 |
} |
122 | 121 |
} |
123 | 122 |
|
124 |
- $values['local'] = "'".mysql_real_escape_string($local)."'"; |
|
123 |
+ $values['local'] = "'".db_escape_string($local)."'"; |
|
125 | 124 |
|
126 | 125 |
if (isset($arr['mailbox'])) |
127 | 126 |
if ($arr['mailbox'] == '') |
128 | 127 |
$values['maildir'] = 'NULL'; |
129 | 128 |
else |
130 |
- $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'"; |
|
129 |
+ $values['maildir']= "'".db_escape_string($arr['mailbox'])."'"; |
|
131 | 130 |
|
132 | 131 |
|
133 | 132 |
if (isset($arr['password'])) |
... | ... |
@@ -149,13 +148,13 @@ function get_mailaccount_id($accountname) |
149 | 148 |
{ |
150 | 149 |
list($local, $domain) = explode('@', $accountname, 2); |
151 | 150 |
|
152 |
- $local = mysql_real_escape_string($local); |
|
153 |
- $domain = mysql_real_escape_string($domain); |
|
151 |
+ $local = db_escape_string($local); |
|
152 |
+ $domain = db_escape_string($domain); |
|
154 | 153 |
|
155 | 154 |
$result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'"); |
156 |
- if (mysql_num_rows($result) != 1) |
|
155 |
+ if ($result->rowCount() != 1) |
|
157 | 156 |
system_failure('account nicht eindeutig'); |
158 |
- $acc = mysql_fetch_assoc($result); |
|
157 |
+ $acc = $result->fetch(); |
|
159 | 158 |
return $acc['id']; |
160 | 159 |
} |
161 | 160 |
|
... | ... |
@@ -214,7 +213,7 @@ function imap_on_vmail_domain() |
214 | 213 |
{ |
215 | 214 |
$uid = (int) $_SESSION['userinfo']['uid']; |
216 | 215 |
$result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}"); |
217 |
- if (mysql_num_rows($result) > 0) |
|
216 |
+ if ($result->rowCount() > 0) |
|
218 | 217 |
return true; |
219 | 218 |
return false; |
220 | 219 |
} |
... | ... |
@@ -224,11 +223,11 @@ function user_has_only_vmail_domains() |
224 | 223 |
$uid = (int) $_SESSION['userinfo']['uid']; |
225 | 224 |
$result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}"); |
226 | 225 |
// User hat keine VMail-Domains |
227 |
- if (mysql_num_rows($result) == 0) |
|
226 |
+ if ($result->rowCount() == 0) |
|
228 | 227 |
return false; |
229 | 228 |
$result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}"); |
230 | 229 |
// User hat keine Domains die nicht vmail-Domains sind |
231 |
- if (mysql_num_rows($result) == 0) |
|
230 |
+ if ($result->rowCount() == 0) |
|
232 | 231 |
return true; |
233 | 232 |
return false; |
234 | 233 |
} |
... | ... |
@@ -58,9 +58,9 @@ Ihre E-Mail wird nicht weitergeleitet.', |
58 | 58 |
|
59 | 59 |
function get_vmail_id_by_emailaddr($emailaddr) |
60 | 60 |
{ |
61 |
- $emailaddr = mysql_real_escape_string( $emailaddr ); |
|
61 |
+ $emailaddr = db_escape_string( $emailaddr ); |
|
62 | 62 |
$result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'"); |
63 |
- $entry = mysql_fetch_assoc($result); |
|
63 |
+ $entry = $result->fetch(); |
|
64 | 64 |
return (int) $entry['id']; |
65 | 65 |
} |
66 | 66 |
|
... | ... |
@@ -74,10 +74,10 @@ function get_account_details($id, $checkuid = true) |
74 | 74 |
$uid_check = "useraccount='{$uid}' AND "; |
75 | 75 |
} |
76 | 76 |
$result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1"); |
77 |
- if (mysql_num_rows($result) == 0) |
|
77 |
+ if ($result->rowCount() == 0) |
|
78 | 78 |
system_failure('Ungültige ID oder kein eigener Account'); |
79 | 79 |
$acc = empty_account(); |
80 |
- $res = mysql_fetch_assoc($result); |
|
80 |
+ $res = $result->fetch(); |
|
81 | 81 |
foreach ($res AS $key => $value) { |
82 | 82 |
if ($key == 'forwards') |
83 | 83 |
continue; |
... | ... |
@@ -85,13 +85,13 @@ function get_account_details($id, $checkuid = true) |
85 | 85 |
} |
86 | 86 |
if ($acc['forwards'] > 0) { |
87 | 87 |
$result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};"); |
88 |
- while ($item = mysql_fetch_assoc($result)){ |
|
88 |
+ while ($item = $result->fetch()){ |
|
89 | 89 |
array_push($acc['forwards'], array("id" => $item['id'], 'spamfilter' => $item['spamfilter'], 'destination' => $item['destination'])); |
90 | 90 |
} |
91 | 91 |
} |
92 | 92 |
if ($acc['autoresponder'] > 0) { |
93 | 93 |
$result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}"); |
94 |
- $item = mysql_fetch_assoc($result); |
|
94 |
+ $item = $result->fetch(); |
|
95 | 95 |
DEBUG($item); |
96 | 96 |
$acc['autoresponder'] = $item; |
97 | 97 |
} else { |
... | ... |
@@ -108,7 +108,7 @@ function get_vmail_accounts() |
108 | 108 |
$uid = (int) $_SESSION['userinfo']['uid']; |
109 | 109 |
$result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC"); |
110 | 110 |
$ret = array(); |
111 |
- while ($line = mysql_fetch_assoc($result)) |
|
111 |
+ while ($line = $result->fetch()) |
|
112 | 112 |
{ |
113 | 113 |
array_push($ret, $line); |
114 | 114 |
} |
... | ... |
@@ -122,10 +122,10 @@ function get_vmail_domains() |
122 | 122 |
{ |
123 | 123 |
$uid = (int) $_SESSION['userinfo']['uid']; |
124 | 124 |
$result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname"); |
125 |
- if (mysql_num_rows($result) == 0) |
|
125 |
+ if ($result->rowCount() == 0) |
|
126 | 126 |
system_failure('Sie haben keine Domains für virtuelle Mail-Verarbeitung'); |
127 | 127 |
$ret = array(); |
128 |
- while ($tmp = mysql_fetch_assoc($result)) |
|
128 |
+ while ($tmp = $result->fetch()) |
|
129 | 129 |
array_push($ret, $tmp); |
130 | 130 |
return $ret; |
131 | 131 |
} |
... | ... |
@@ -133,7 +133,7 @@ function get_vmail_domains() |
133 | 133 |
|
134 | 134 |
function find_account_id($accname) |
135 | 135 |
{ |
136 |
- $accname = mysql_real_escape_string($accname); |
|
136 |
+ $accname = db_escape_string($accname); |
|
137 | 137 |
DEBUG($accname); |
138 | 138 |
$tmp = explode('@', $accname, 2); |
139 | 139 |
DEBUG($tmp); |
... | ... |
@@ -142,9 +142,9 @@ function find_account_id($accname) |
142 | 142 |
list( $local, $domainname) = $tmp; |
143 | 143 |
|
144 | 144 |
$result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1"); |
145 |
- if (mysql_num_rows($result) == 0) |
|
145 |
+ if ($result->rowCount() == 0) |
|
146 | 146 |
system_failure("Der Account konnte nicht gefunden werden"); |
147 |
- $tmp = mysql_fetch_array($result); |
|
147 |
+ $tmp = $result->fetch(); |
|
148 | 148 |
return $tmp[0]; |
149 | 149 |
} |
150 | 150 |
|
... | ... |
@@ -152,7 +152,7 @@ function find_account_id($accname) |
152 | 152 |
function change_vmail_password($accname, $newpass) |
153 | 153 |
{ |
154 | 154 |
$accid = find_account_id($accname); |
155 |
- $encpw = mysql_real_escape_string(encrypt_mail_password($newpass)); |
|
155 |
+ $encpw = db_escape_string(encrypt_mail_password($newpass)); |
|
156 | 156 |
db_query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;"); |
157 | 157 |
} |
158 | 158 |
|
... | ... |
@@ -177,7 +177,7 @@ function get_max_mailboxquota($server, $oldquota) { |
177 | 177 |
$uid = (int) $_SESSION['userinfo']['uid']; |
178 | 178 |
$server = (int) $server; |
179 | 179 |
$result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'"); |
180 |
- $item = mysql_fetch_assoc($result); |
|
180 |
+ $item = $result->fetch(); |
|
181 | 181 |
DEBUG("Free space: ".$item['free']." / Really: ".($item['free'] + ($oldquota - config('vmail_basequota')))); |
182 | 182 |
return $item['free'] + ($oldquota - config('vmail_basequota')); |
183 | 183 |
} |
... | ... |
@@ -313,8 +313,8 @@ function save_vmail_account($account) |
313 | 313 |
$account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] ); |
314 | 314 |
} |
315 | 315 |
|
316 |
- $account['local'] = mysql_real_escape_string(strtolower($account['local'])); |
|
317 |
- $account['password'] = mysql_real_escape_string($account['password']); |
|
316 |
+ $account['local'] = db_escape_string(strtolower($account['local'])); |
|
317 |
+ $account['password'] = db_escape_string($account['password']); |
|
318 | 318 |
$account['spamexpire'] = (int) $account['spamexpire']; |
319 | 319 |
|
320 | 320 |
$query = ''; |
... | ... |
@@ -341,14 +341,14 @@ function save_vmail_account($account) |
341 | 341 |
$ar = $account['autoresponder']; |
342 | 342 |
$valid_from = maybe_null($ar['valid_from']); |
343 | 343 |
$valid_until = maybe_null($ar['valid_until']); |
344 |
- $fromname = maybe_null( mysql_real_escape_string($ar['fromname']) ); |
|
344 |
+ $fromname = maybe_null( db_escape_string($ar['fromname']) ); |
|
345 | 345 |
$fromaddr = NULL; |
346 | 346 |
if ($ar['fromaddr']) { |
347 |
- $fromaddr = mysql_real_escape_string(check_emailaddr($ar['fromaddr'])); |
|
347 |
+ $fromaddr = db_escape_string(check_emailaddr($ar['fromaddr'])); |
|
348 | 348 |
} |
349 | 349 |
$fromaddr = maybe_null( $fromaddr ); |
350 |
- $subject = maybe_null( mysql_real_escape_string($ar['subject'])); |
|
351 |
- $message = mysql_real_escape_string($ar['message']); |
|
350 |
+ $subject = maybe_null( db_escape_string($ar['subject'])); |
|
351 |
+ $message = db_escape_string($ar['message']); |
|
352 | 352 |
$quote = "'inline'"; |
353 | 353 |
if ($ar['quote'] == 'attach') |
354 | 354 |
$quote = "'attach'"; |
... | ... |
@@ -417,7 +417,7 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können? |
417 | 417 |
if ($_SESSION['role'] == ROLE_SYSTEMUSER) { |
418 | 418 |
$uid = (int) $_SESSION['userinfo']['uid']; |
419 | 419 |
$result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server"); |
420 |
- while ($line = mysql_fetch_assoc($result)) { |
|
420 |
+ while ($line = $result->fetch()) { |
|
421 | 421 |
if ($line['quota'] !== NULL) { |
422 | 422 |
db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')"); |
423 | 423 |
} |
... | ... |
@@ -447,7 +447,7 @@ function domainsettings($only_domain=NULL) { |
447 | 447 |
// Domains |
448 | 448 |
$result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);"); |
449 | 449 |
|
450 |
- while ($mydom = mysql_fetch_assoc($result)) { |
|
450 |
+ while ($mydom = $result->fetch()) { |
|
451 | 451 |
if (! array_key_exists($mydom['id'], $domains)) { |
452 | 452 |
if ($mydom['v_id']) |
453 | 453 |
$mydom['mail'] = 'virtual'; |
... | ... |
@@ -463,7 +463,7 @@ function domainsettings($only_domain=NULL) { |
463 | 463 |
|
464 | 464 |
// Subdomains |
465 | 465 |
$result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};"); |
466 |
- while ($mydom = mysql_fetch_assoc($result)) { |
|
466 |
+ while ($mydom = $result->fetch()) { |
|
467 | 467 |
if (! array_key_exists($mydom['id'], $subdomains)) |
468 | 468 |
$subdomains[$mydom['id']] = array(); |
469 | 469 |
|
... | ... |
@@ -483,14 +483,14 @@ function domain_has_vmail_accounts($domid) |
483 | 483 |
{ |
484 | 484 |
$domid = (int) $domid; |
485 | 485 |
$result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}"); |
486 |
- return (mysql_num_rows($result) > 0); |
|
486 |
+ return ($result->rowCount() > 0); |
|
487 | 487 |
} |
488 | 488 |
|
489 | 489 |
|
490 | 490 |
function change_domain($id, $type) |
491 | 491 |
{ |
492 | 492 |
$id = (int) $id; |
493 |
- $type = mysql_real_escape_string($type); |
|
493 |
+ $type = db_escape_string($type); |
|
494 | 494 |
if (domain_has_vmail_accounts($id)) |
495 | 495 |
system_failure("Sie müssen zuerst alle E-Mail-Konten mit dieser Domain löschen, bevor Sie die Webinterface-Verwaltung für diese Domain abschalten können."); |
496 | 496 |
|
... | ... |
@@ -21,7 +21,7 @@ function list_ftpusers() |
21 | 21 |
$uid = (int) $_SESSION['userinfo']['uid']; |
22 | 22 |
$result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid"); |
23 | 23 |
$ftpusers = array(); |
24 |
- while ($u = mysql_fetch_assoc($result)) { |
|
24 |
+ while ($u = $result->fetch()) { |
|
25 | 25 |
$ftpusers[] = $u; |
26 | 26 |
} |
27 | 27 |
return $ftpusers; |
... | ... |
@@ -40,9 +40,9 @@ function load_ftpuser($id) |
40 | 40 |
$uid = (int) $_SESSION['userinfo']['uid']; |
41 | 41 |
$id = (int) $id; |
42 | 42 |
$result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1"); |
43 |
- if (mysql_num_rows($result) != 1) |
|
43 |
+ if ($result->rowCount() != 1) |
|
44 | 44 |
system_failure("Fehler beim auslesen des Accounts"); |
45 |
- $account = mysql_fetch_assoc($result); |
|
45 |
+ $account = $result->fetch(); |
|
46 | 46 |
DEBUG($account); |
47 | 47 |
return $account; |
48 | 48 |
} |
... | ... |
@@ -117,11 +117,11 @@ function delete_ftpuser($id) |
117 | 117 |
|
118 | 118 |
function get_gid($groupname) |
119 | 119 |
{ |
120 |
- $groupname = mysql_real_escape_string($groupname); |
|
120 |
+ $groupname = db_escape_string($groupname); |
|
121 | 121 |
$result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1"); |
122 |
- if (mysql_num_rows($result) != 1) |
|
122 |
+ if ($result->rowCount() != 1) |
|
123 | 123 |
system_failure('cannot determine gid of ftpusers group'); |
124 |
- $a = mysql_fetch_assoc($result); |
|
124 |
+ $a = $result->fetch(); |
|
125 | 125 |
$gid = (int) $a['gid']; |
126 | 126 |
if ($gid == 0) |
127 | 127 |
system_failure('error on determining gid of ftpusers group'); |
... | ... |
@@ -134,7 +134,7 @@ function have_regular_ftp() |
134 | 134 |
$gid = get_gid('ftpusers'); |
135 | 135 |
$uid = (int) $_SESSION['userinfo']['uid']; |
136 | 136 |
$result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'"); |
137 |
- return (mysql_num_rows($result) > 0); |
|
137 |
+ return ($result->rowCount() > 0); |
|
138 | 138 |
} |
139 | 139 |
|
140 | 140 |
|
... | ... |
@@ -19,7 +19,7 @@ function whitelist_entries() |
19 | 19 |
$uid = (int) $_SESSION['userinfo']['uid']; |
20 | 20 |
$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};"); |
21 | 21 |
$return = array(); |
22 |
- while ($line = mysql_fetch_assoc($res)) |
|
22 |
+ while ($line = $res->fetch()) |
|
23 | 23 |
array_push($return, $line); |
24 | 24 |
return $return; |
25 | 25 |
} |
... | ... |
@@ -30,9 +30,9 @@ function get_whitelist_details($id) |
30 | 30 |
$id = (int) $id; |
31 | 31 |
$uid = (int) $_SESSION['userinfo']['uid']; |
32 | 32 |
$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};"); |
33 |
- if (mysql_num_rows($res) != 1) |
|
33 |
+ if ($res->rowCount() != 1) |
|
34 | 34 |
system_failure('Kann diesen Eintrag nicht finden'); |
35 |
- return mysql_fetch_assoc($res); |
|
35 |
+ return $res->fetch(); |
|
36 | 36 |
} |
37 | 37 |
|
38 | 38 |
|
... | ... |
@@ -55,9 +55,9 @@ function valid_entry($local, $domain) |
55 | 55 |
system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!'); |
56 | 56 |
return true; |
57 | 57 |
} |
58 |
- $d = mysql_real_escape_string($domain); |
|
58 |
+ $d = db_escape_string($domain); |
|
59 | 59 |
$res = db_query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1"); |
60 |
- if (mysql_num_rows($res) != 1) |
|
60 |
+ if ($res->rowCount() != 1) |
|
61 | 61 |
system_failure('Diese domain gehört Ihnen nicht!'); |
62 | 62 |
return true; |
63 | 63 |
} |
... | ... |
@@ -68,7 +68,7 @@ function new_whitelist_entry($local, $domain, $minutes) |
68 | 68 |
valid_entry($local, $domain); |
69 | 69 |
$uid = (int) $_SESSION['userinfo']['uid']; |
70 | 70 |
$local = maybe_null($local); |
71 |
- $domain = mysql_real_escape_string($domain); |
|
71 |
+ $domain = db_escape_string($domain); |
|
72 | 72 |
|
73 | 73 |
$expire = ''; |
74 | 74 |
if ($minutes == 'none') |
... | ... |
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
15 | 15 |
*/ |
16 | 16 |
|
17 |
-require_once('inc/db_connect.php'); |
|
18 | 17 |
require_once('session/checkuser.php'); |
19 | 18 |
|
20 | 19 |
function user_customer_match($cust, $user) |
21 | 20 |
{ |
22 | 21 |
$customerno = (int) $cust; |
23 |
- $username = mysql_real_escape_string($user); |
|
22 |
+ $username = db_escape_string($user); |
|
24 | 23 |
$result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;"); |
25 |
- if (mysql_num_rows($result) > 0) |
|
24 |
+ if ($result->rowCount() > 0) |
|
26 | 25 |
return true; |
27 | 26 |
return false; |
28 | 27 |
} |
... | ... |
@@ -32,9 +31,9 @@ function user_customer_match($cust, $user) |
32 | 31 |
function customer_has_email($customerno, $email) |
33 | 32 |
{ |
34 | 33 |
$customerno = (int) $customerno; |
35 |
- $email = mysql_real_escape_string($email); |
|
34 |
+ $email = db_escape_string($email); |
|
36 | 35 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');"); |
37 |
- return (mysql_num_rows($result) > 0); |
|
36 |
+ return ($result->rowCount() > 0); |
|
38 | 37 |
} |
39 | 38 |
|
40 | 39 |
|
... | ... |
@@ -42,21 +41,21 @@ function validate_token($customerno, $token) |
42 | 41 |
{ |
43 | 42 |
expire_tokens(); |
44 | 43 |
$customerno = (int) $customerno; |
45 |
- $token = mysql_real_escape_string($token); |
|
44 |
+ $token = db_escape_string($token); |
|
46 | 45 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';"); |
47 |
- return (mysql_num_rows($result) > 0); |
|
46 |
+ return ($result->rowCount() > 0); |
|
48 | 47 |
} |
49 | 48 |
|
50 | 49 |
|
51 | 50 |
function get_uid_for_token($token) |
52 | 51 |
{ |
53 | 52 |
expire_tokens(); |
54 |
- $token = mysql_real_escape_string($token); |
|
53 |
+ $token = db_escape_string($token); |
|
55 | 54 |
$result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';"); |
56 |
- if (mysql_num_rows($result) == 0) { |
|
55 |
+ if ($result->rowCount() == 0) { |
|
57 | 56 |
return NULL; |
58 | 57 |
} |
59 |
- $data = mysql_fetch_assoc($result); |
|
58 |
+ $data = $result->fetch(); |
|
60 | 59 |
return $data['uid']; |
61 | 60 |
} |
62 | 61 |
|
... | ... |
@@ -64,10 +63,10 @@ function get_username_for_uid($uid) |
64 | 63 |
{ |
65 | 64 |
$uid = (int) $uid; |
66 | 65 |
$result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}"); |
67 |
- if (mysql_num_rows($result) != 1) { |
|
66 |
+ if ($result->rowCount() != 1) { |
|
68 | 67 |
system_failure("Unexpected number of users with this uid (!= 1)!"); |
69 | 68 |
} |
70 |
- $item = mysql_fetch_assoc($result); |
|
69 |
+ $item = $result->fetch(); |
|
71 | 70 |
return $item['username']; |
72 | 71 |
} |
73 | 72 |
|
... | ... |
@@ -75,9 +74,9 @@ function validate_uid_token($uid, $token) |
75 | 74 |
{ |
76 | 75 |
expire_tokens(); |
77 | 76 |
$uid = (int) $uid; |
78 |
- $token = mysql_real_escape_string($token); |
|
77 |
+ $token = db_escape_string($token); |
|
79 | 78 |
$result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';"); |
80 |
- return (mysql_num_rows($result) > 0); |
|
79 |
+ return ($result->rowCount() > 0); |
|
81 | 80 |
} |
82 | 81 |
|
83 | 82 |
|
... | ... |
@@ -102,13 +101,13 @@ function invalidate_systemuser_token($uid) |
102 | 101 |
|
103 | 102 |
function create_token($username) |
104 | 103 |
{ |
105 |
- $username = mysql_real_escape_string($username); |
|
104 |
+ $username = db_escape_string($username); |
|
106 | 105 |
expire_tokens(); |
107 | 106 |
$result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'"); |
108 |
- $uid = (int) mysql_fetch_assoc($result)['uid']; |
|
107 |
+ $uid = (int) $result->fetch()['uid']; |
|
109 | 108 |
|
110 | 109 |
$result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}"); |
111 |
- if (mysql_num_rows($result) > 0) { |
|
110 |
+ if ($result->rowCount() > 0) { |
|
112 | 111 |
system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben."); |
113 | 112 |
} |
114 | 113 |
|
... | ... |
@@ -120,9 +119,9 @@ function create_token($username) |
120 | 119 |
|
121 | 120 |
function emailaddress_for_user($username) |
122 | 121 |
{ |
123 |
- $username = mysql_real_escape_string($username); |
|
122 |
+ $username = db_escape_string($username); |
|
124 | 123 |
$result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'"); |
125 |
- $data = mysql_fetch_assoc($result); |
|
124 |
+ $data = $result->fetch(); |
|
126 | 125 |
return $data['email']; |
127 | 126 |
} |
128 | 127 |
|
... | ... |
@@ -132,17 +131,17 @@ function get_customer_token($customerno) |
132 | 131 |
$customerno = (int) $customerno; |
133 | 132 |
expire_tokens(); |
134 | 133 |
$result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;"); |
135 |
- if (mysql_num_rows($result) < 1) |
|
134 |
+ if ($result->rowCount() < 1) |
|
136 | 135 |
system_failure("Kann das Token nicht auslesen!"); |
137 |
- return mysql_fetch_object($result)->token; |
|
136 |
+ return $result->fetch(PDO::FETCH_OBJ)->token; |
|
138 | 137 |
} |
139 | 138 |
|
140 | 139 |
|
141 | 140 |
function get_user_token($username) |
142 | 141 |
{ |
143 |
- $username = mysql_real_escape_string($username); |
|
142 |
+ $username = db_escape_string($username); |
|
144 | 143 |
$result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'"); |
145 |
- $tmp = mysql_fetch_assoc($result); |
|
144 |
+ $tmp = $result->fetch(); |
|
146 | 145 |
return $tmp['token']; |
147 | 146 |
} |
148 | 147 |
|
... | ... |
@@ -35,14 +35,14 @@ function do_ajax_cert_login() { |
35 | 35 |
|
36 | 36 |
function get_logins_by_cert($cert) |
37 | 37 |
{ |
38 |
- $cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert)); |
|
38 |
+ $cert = db_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert)); |
|
39 | 39 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'"; |
40 | 40 |
$result = db_query($query); |
41 |
- if (mysql_num_rows($result) < 1) |
|
41 |
+ if ($result->rowCount() < 1) |
|
42 | 42 |
return NULL; |
43 | 43 |
else { |
44 | 44 |
$ret = array(); |
45 |
- while ($row = mysql_fetch_assoc($result)) { |
|
45 |
+ while ($row = $result->fetch()) { |
|
46 | 46 |
$ret[] = $row; |
47 | 47 |
} |
48 | 48 |
return $ret; |
... | ... |
@@ -56,9 +56,9 @@ function get_cert_by_id($id) |
56 | 56 |
system_failure('no ID'); |
57 | 57 |
$query = "SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`='{$id}' LIMIT 1"; |
58 | 58 |
$result = db_query($query); |
59 |
- if (mysql_num_rows($result) < 1) |
|
59 |
+ if ($result->rowCount() < 1) |
|
60 | 60 |
return NULL; |
61 |
- $ret = mysql_fetch_assoc($result); |
|
61 |
+ $ret = $result->fetch(); |
|
62 | 62 |
DEBUG($ret); |
63 | 63 |
return $ret; |
64 | 64 |
} |
... | ... |
@@ -66,14 +66,14 @@ function get_cert_by_id($id) |
66 | 66 |
|
67 | 67 |
function get_certs_by_username($username) |
68 | 68 |
{ |
69 |
- $username = mysql_real_escape_string($username); |
|
69 |
+ $username = db_escape_string($username); |
|
70 | 70 |
if ($username == '') |
71 | 71 |
system_failure('empty username'); |
72 | 72 |
$query = "SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`='{$username}'"; |
73 | 73 |
$result = db_query($query); |
74 |
- if (mysql_num_rows($result) < 1) |
|
74 |
+ if ($result->rowCount() < 1) |
|
75 | 75 |
return NULL; |
76 |
- while ($row = mysql_fetch_assoc($result)) { |
|
76 |
+ while ($row = $result->fetch()) { |
|
77 | 77 |
$ret[] = $row; |
78 | 78 |
} |
79 | 79 |
return $ret; |
... | ... |
@@ -86,24 +86,24 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='') |
86 | 86 |
$username = NULL; |
87 | 87 |
if ($_SESSION['role'] & ROLE_SYSTEMUSER) { |
88 | 88 |
$type = 'user'; |
89 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
89 |
+ $username = db_escape_string($_SESSION['userinfo']['username']); |
|
90 | 90 |
if (isset($_SESSION['subuser'])) { |
91 |
- $username = mysql_real_escape_string($_SESSION['subuser']); |
|
91 |
+ $username = db_escape_string($_SESSION['subuser']); |
|
92 | 92 |
$type = 'subuser'; |
93 | 93 |
} |
94 | 94 |
} elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) { |
95 | 95 |
$type = 'email'; |
96 |
- $username = mysql_real_escape_string($_SESSION['mailaccount']); |
|
96 |
+ $username = db_escape_string($_SESSION['mailaccount']); |
|
97 | 97 |
} |
98 | 98 |
if (! $type || ! $username) { |
99 | 99 |
system_failure('cannot get type or username of login'); |
100 | 100 |
} |
101 |
- $certdata = mysql_real_escape_string($certdata); |
|
102 |
- $dn = maybe_null(mysql_real_escape_string($dn)); |
|
103 |
- $issuer = maybe_null(mysql_real_escape_string($issuer)); |
|
101 |
+ $certdata = db_escape_string($certdata); |
|
102 |
+ $dn = maybe_null(db_escape_string($dn)); |
|
103 |
+ $issuer = maybe_null(db_escape_string($issuer)); |
|
104 | 104 |
if ($startpage && ! check_path($startpage)) |
105 | 105 |
system_failure('Startseite kaputt'); |
106 |
- $startpage = maybe_null(mysql_real_escape_string($startpage)); |
|
106 |
+ $startpage = maybe_null(db_escape_string($startpage)); |
|
107 | 107 |
|
108 | 108 |
if ($certdata == '') |
109 | 109 |
system_failure('Kein Zertifikat'); |
... | ... |
@@ -124,14 +124,14 @@ function delete_clientcert($id) |
124 | 124 |
$username = NULL; |
125 | 125 |
if ($_SESSION['role'] & ROLE_SYSTEMUSER) { |
126 | 126 |
$type = 'user'; |
127 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
127 |
+ $username = db_escape_string($_SESSION['userinfo']['username']); |
|
128 | 128 |
if (isset($_SESSION['subuser'])) { |
129 |
- $username = mysql_real_escape_string($_SESSION['subuser']); |
|
129 |
+ $username = db_escape_string($_SESSION['subuser']); |
|
130 | 130 |
$type = 'subuser'; |
131 | 131 |
} |
132 | 132 |
} elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) { |
133 | 133 |
$type = 'email'; |
134 |
- $username = mysql_real_escape_string($_SESSION['mailaccount']); |
|
134 |
+ $username = db_escape_string($_SESSION['mailaccount']); |
|
135 | 135 |
} |
136 | 136 |
if (! $type || ! $username) { |
137 | 137 |
system_failure('cannot get type or username of login'); |
... | ... |
@@ -25,7 +25,7 @@ function my_invoices() |
25 | 25 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
26 | 26 |
$result = db_query("SELECT id,datum,betrag,bezahlt,abbuchung,sepamandat FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC"); |
27 | 27 |
$ret = array(); |
28 |
- while($line = mysql_fetch_assoc($result)) |
|
28 |
+ while($line = $result->fetch()) |
|
29 | 29 |
array_push($ret, $line); |
30 | 30 |
return $ret; |
31 | 31 |
} |
... | ... |
@@ -36,9 +36,9 @@ function get_pdf($id) |
36 | 36 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
37 | 37 |
$id = (int) $id; |
38 | 38 |
$result = db_query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}"); |
39 |
- if (mysql_num_rows($result) == 0) |
|
39 |
+ if ($result->rowCount() == 0) |
|
40 | 40 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt'); |
41 |
- return mysql_fetch_object($result)->pdfdata; |
|
41 |
+ return $result->fetch(PDO::FETCH_OBJ)->pdfdata; |
|
42 | 42 |
|
43 | 43 |
} |
44 | 44 |
|
... | ... |
@@ -48,9 +48,9 @@ function invoice_details($id) |
48 | 48 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
49 | 49 |
$id = (int) $id; |
50 | 50 |
$result = db_query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}"); |
51 |
- if (mysql_num_rows($result) == 0) |
|
51 |
+ if ($result->rowCount() == 0) |
|
52 | 52 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt'); |
53 |
- return mysql_fetch_assoc($result); |
|
53 |
+ return $result->fetch(); |
|
54 | 54 |
} |
55 | 55 |
|
56 | 56 |
function invoice_items($id) |
... | ... |
@@ -58,10 +58,10 @@ function invoice_items($id) |
58 | 58 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
59 | 59 |
$id = (int) $id; |
60 | 60 |
$result = db_query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}"); |
61 |
- if (mysql_num_rows($result) == 0) |
|
61 |
+ if ($result->rowCount() == 0) |
|
62 | 62 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt'); |
63 | 63 |
$ret = array(); |
64 |
- while($line = mysql_fetch_assoc($result)) |
|
64 |
+ while($line = $result->fetch()) |
|
65 | 65 |
array_push($ret, $line); |
66 | 66 |
return $ret; |
67 | 67 |
} |
... | ... |
@@ -72,7 +72,7 @@ function upcoming_items() |
72 | 72 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
73 | 73 |
$result = db_query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC"); |
74 | 74 |
$ret = array(); |
75 |
- while($line = mysql_fetch_assoc($result)) |
|
75 |
+ while($line = $result->fetch()) |
|
76 | 76 |
array_push($ret, $line); |
77 | 77 |
return $ret; |
78 | 78 |
} |
... | ... |
@@ -166,19 +166,19 @@ function generate_bezahlcode_image($id) |
166 | 166 |
function get_lastschrift($rechnungsnummer) { |
167 | 167 |
$rechnungsnummer = (int) $rechnungsnummer; |
168 | 168 |
$result = db_query("SELECT rechnungsnummer, rechnungsdatum, sl.betrag, buchungsdatum FROM kundendaten.sepalastschrift sl LEFT JOIN kundendaten.ausgestellte_rechnungen re ON (re.id=sl.rechnungsnummer) WHERE rechnungsnummer='${rechnungsnummer}' AND re.abbuchung=1"); |
169 |
- if (mysql_num_rows($result) == 0) { |
|
169 |
+ if ($result->rowCount() == 0) { |
|
170 | 170 |
return NULL; |
171 | 171 |
} |
172 |
- $item = mysql_fetch_assoc($result); |
|
172 |
+ $item = $result->fetch(); |
|
173 | 173 |
return $item; |
174 | 174 |
} |
175 | 175 |
|
176 | 176 |
function get_lastschriften($mandatsreferenz) |
177 | 177 |
{ |
178 |
- $mandatsreferenz = mysql_real_escape_string($mandatsreferenz); |
|
178 |
+ $mandatsreferenz = db_escape_string($mandatsreferenz); |
|
179 | 179 |
$result = db_query("SELECT rechnungsnummer, rechnungsdatum, betrag, buchungsdatum FROM kundendaten.sepalastschrift WHERE mandatsreferenz='${mandatsreferenz}' ORDER BY buchungsdatum DESC"); |
180 | 180 |
$ret = array(); |
181 |
- while ($item = mysql_fetch_assoc($result)) { |
|
181 |
+ while ($item = $result->fetch()) { |
|
182 | 182 |
$ret[] = $item; |
183 | 183 |
} |
184 | 184 |
return $ret; |
... | ... |
@@ -189,7 +189,7 @@ function get_sepamandate() |
189 | 189 |
$cid = (int) $_SESSION['customerinfo']['customerno']; |
190 | 190 |
$result = db_query("SELECT id, mandatsreferenz, glaeubiger_id, erteilt, medium, gueltig_ab, gueltig_bis, erstlastschrift, kontoinhaber, adresse, iban, bic, bankname FROM kundendaten.sepamandat WHERE kunde={$cid}"); |
191 | 191 |
$ret = array(); |
192 |
- while ($entry = mysql_fetch_assoc($result)) { |
|
192 |
+ while ($entry = $result->fetch()) { |
|
193 | 193 |
array_push($ret, $entry); |
194 | 194 |
} |
195 | 195 |
return $ret; |
... | ... |
@@ -198,9 +198,9 @@ function get_sepamandate() |
198 | 198 |
|
199 | 199 |
function yesterday($date) |
200 | 200 |
{ |
201 |
- $date = mysql_real_escape_string($date); |
|
201 |
+ $date = db_escape_string($date); |
|
202 | 202 |
$result = db_query("SELECT '{$date}' - INTERVAL 1 DAY"); |
203 |
- return mysql_fetch_array($result)[0]; |
|
203 |
+ return $result->fetch()[0]; |
|
204 | 204 |
} |
205 | 205 |
|
206 | 206 |
|
... | ... |
@@ -208,7 +208,7 @@ function invalidate_sepamandat($id, $date) |
208 | 208 |
{ |
209 | 209 |
$cid = (int) $_SESSION['customerinfo']['customerno']; |
210 | 210 |
$id = (int) $id; |
211 |
- $date = mysql_real_escape_string($date); |
|
211 |
+ $date = db_escape_string($date); |
|
212 | 212 |
db_query("UPDATE kundendaten.sepamandat SET gueltig_bis='{$date}' WHERE id={$id} AND kunde={$cid}"); |
213 | 213 |
} |
214 | 214 |
|
... | ... |
@@ -216,12 +216,12 @@ function invalidate_sepamandat($id, $date) |
216 | 216 |
function sepamandat($name, $adresse, $iban, $bankname, $bic, $gueltig_ab) |
217 | 217 |
{ |
218 | 218 |
$cid = (int) $_SESSION['customerinfo']['customerno']; |
219 |
- $name = mysql_real_escape_string($name); |
|
220 |
- $adresse = mysql_real_escape_string($adresse); |
|
221 |
- $iban = mysql_real_escape_string($iban); |
|
222 |
- $bankname = mysql_real_escape_string($bankname); |
|
223 |
- $bic = mysql_real_escape_string($bic); |
|
224 |
- $gueltig_ab = mysql_real_escape_string($gueltig_ab); |
|
219 |
+ $name = db_escape_string($name); |
|
220 |
+ $adresse = db_escape_string($adresse); |
|
221 |
+ $iban = db_escape_string($iban); |
|
222 |
+ $bankname = db_escape_string($bankname); |
|
223 |
+ $bic = db_escape_string($bic); |
|
224 |
+ $gueltig_ab = db_escape_string($gueltig_ab); |
|
225 | 225 |
|
226 | 226 |
$first_date = date('Y-m-d'); |
227 | 227 |
$invoices = my_invoices(); |
... | ... |
@@ -22,7 +22,7 @@ require_once('invoice.php'); |
22 | 22 |
$kundenname = $_SESSION['customerinfo']['name']; |
23 | 23 |
$id = (int) $_SESSION['customerinfo']['customerno']; |
24 | 24 |
$result = db_query("SELECT CONCAT(adresse, '\\\\n', plz, ' ', ort) AS adresse FROM kundendaten.kunden WHERE id={$id}"); |
25 |
-$r = mysql_fetch_assoc($result); |
|
25 |
+$r = $result->fetch(); |
|
26 | 26 |
|
27 | 27 |
header("Content-Type: text/javascript"); |
28 | 28 |
echo ' { "kundenname": "'.$kundenname.'", "adresse": "'.$r["adresse"].'" } '; |
... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
15 | 15 |
*/ |
16 | 16 |
|
17 | 17 |
require_once("inc/debug.php"); |
18 |
-require_once("inc/db_connect.php"); |
|
19 | 18 |
require_once("inc/security.php"); |
20 | 19 |
|
21 | 20 |
require_once('class/domain.php'); |
... | ... |
@@ -25,8 +24,8 @@ function get_jabber_accounts() { |
25 | 24 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
26 | 25 |
$result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;"); |
27 | 26 |
$accounts = array(); |
28 |
- if (@mysql_num_rows($result) > 0) |
|
29 |
- while ($acc = @mysql_fetch_assoc($result)) |
|
27 |