Umstellung auf PDO-Datenbankverbindung
Bernd Wurst

Bernd Wurst commited on 2014-02-01 18:38:23
Zeige 39 geänderte Dateien mit 491 Einfügungen und 434 Löschungen.

... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = db_escape_string(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44 44
 	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
45
+	if ($result->rowCount() < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = db_escape_string(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44 44
 	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
45
+	if ($result->rowCount() < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
... ...
@@ -0,0 +1,119 @@
1
+<?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+
17
+require_once('inc/base.php');
18
+require_once('inc/error.php');
19
+require_once('inc/debug.php');
20
+
21
+
22
+class DB extends PDO {
23
+  function __construct() {
24
+    $dsn = "mysql:host=".config('db_host');
25
+    if (config('db_port', true)) {
26
+      $dsn .= ';port='.config('db_port', true);
27
+    }
28
+    $username = config('db_user', true);
29
+    $password = config('db_pass', true);
30
+    parent::__construct($dsn, $username, $password);
31
+  }
32
+
33
+
34
+  /*
35
+    Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen
36
+  */
37
+  function query($stmt, $params = NULL) {
38
+    if (is_array($params)) {
39
+      $response = parent::prepare($stmt);
40
+      $response->execute($params);
41
+      return $response;
42
+    } else {
43
+      return parent::query($stmt);
44
+    }
45
+  }
46
+}
47
+
48
+
49
+/* FIXME 
50
+   Das ist etwas unelegant. Soll nur übergangsweise verwendet werden bis alles auf prepared statements umgestellt ist
51
+*/
52
+function db_escape_string($string)
53
+{
54
+  global $db;
55
+  __ensure_connected();
56
+  $quoted = $db->quote($string);
57
+  // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string()
58
+  $ret = substr($quoted, 1, -1);
59
+  return $ret;
60
+}
61
+
62
+
63
+function db_insert_id()
64
+{
65
+  global $db;
66
+  __ensure_connected();
67
+  return $db->lastInsertId();
68
+}
69
+
70
+
71
+function __ensure_connected()
72
+{
73
+  /*
74
+    Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton
75
+    aber es hilft uns in unserem prozeduralen Kontext
76
+  */
77
+  global $db;
78
+  if (! isset($db)) {
79
+    try {
80
+      DEBUG("Neue Datenbankverbindung!");
81
+      $db = new DB();
82
+      $db->query("SET NAMES utf8");
83
+      $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
84
+      $db->setAttribute(PDO::ATTR_AUTOCOMMIT, true);
85
+    } catch (PDOException $e) {
86
+      global $debugmode;
87
+      if ($debugmode) {
88
+        system_failure("MySQL-Fehler: ".$e->getMessage());
89
+      } else {
90
+        system_failure("Fehler bei der Datenbankverbindung!");
91
+      }
92
+    }
93
+  }
94
+}
95
+
96
+
97
+function db_query($stmt, $params = NULL)
98
+{
99
+  global $db;
100
+  __ensure_connected();
101
+  DEBUG($stmt);
102
+  if ($params) {
103
+    DEBUG($params);
104
+  }
105
+  try {
106
+    $result = $db->query($stmt, $params);
107
+    DEBUG('=> '.$result->rowCount().' rows');
108
+  } catch (PDOException $e) {
109
+    global $debugmode;
110
+    if ($debugmode) {
111
+      system_failure("MySQL-Fehler: ".$e->getMessage());
112
+    } else {
113
+      system_failure("Datenbankfehler");
114
+    }
115
+  }
116
+  return $result;
117
+}
118
+
119
+
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
... ...
@@ -42,7 +41,7 @@ class Domain extends KeksData
42 41
 
43 42
   function loadByName($name)
44 43
   {
45
-    $name = mysql_real_escape_string($name);
44
+    $name = db_escape_string($name);
46 45
     $res = $this->getData("*", "CONCAT_WS('.', domainname, tld)='{$name}' LIMIT 1");
47 46
     if (count($res) < 1)
48 47
       return false;
... ...
@@ -112,9 +111,9 @@ function get_domain_list($customerno, $uid = NULL)
112 111
   $query .= " ORDER BY domainname,tld";
113 112
   $result = db_query($query);
114 113
   $domains = array();
115
-  DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n");
116
-  if (mysql_num_rows($result) > 0)
117
-    while ($domain = mysql_fetch_object($result))
114
+  DEBUG('Result set is '.$result->rowCount()." rows.<br />\n");
115
+  if ($result->rowCount() > 0)
116
+    while ($domain = $result->fetch(PDO::FETCH_OBJ))
118 117
       array_push($domains, new Domain((int) $domain->id));
119 118
   DEBUG($domains);
120 119
 	return $domains;	
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
... ...
@@ -57,7 +56,7 @@ abstract class KeksData
57 56
   {
58 57
     $fields = array();
59 58
     $res = db_query("DESCRIBE {$this->default_table}");
60
-    while ($f = mysql_fetch_object($res))
59
+    while ($f = $res->fetch(PDO::FETCH_OBJ))
61 60
     {
62 61
       $fields[$f->Field] = $f->Default;
63 62
     }
... ...
@@ -80,7 +79,7 @@ abstract class KeksData
80 79
     
81 80
     $res = db_query("SELECT {$fields} FROM {$table} {$where}");
82 81
     $return = array();
83
-    while ($arr = mysql_fetch_assoc($res))
82
+    while ($arr = $res->fetch())
84 83
       array_push($return, $arr);
85 84
     return $return;
86 85
   }
... ...
@@ -102,7 +101,7 @@ abstract class KeksData
102 101
     $upd = array();
103 102
     foreach ($this->changes as $key => $value)
104 103
     {
105
-      $value = mysql_real_escape_string($value);
104
+      $value = db_escape_string($value);
106 105
       array_push($upd, "`{$key}`='{$value}'");
107 106
     }
108 107
     db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};");
... ...
@@ -17,7 +17,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 
18 18
 require_once('config.php');
19 19
 require_once('inc/debug.php');
20
-require_once('inc/db_connect.php');
21 20
 require_once("inc/base.php");
22 21
 require_once("inc/theme.php");
23 22
 
... ...
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('class/database.php');
18 18
 require_once('inc/debug.php');
19 19
 
20 20
 function config($key)
... ...
@@ -36,9 +36,9 @@ function config($key)
36 36
     return $config[$key];
37 37
   
38 38
   /* read configuration from database */
39
-  $options = db_query( "SELECT `key`, value FROM misc.config" );
39
+  $result = db_query( "SELECT `key`, value FROM misc.config" );
40 40
   
41
-  while( $object = mysql_fetch_assoc( $options ) ) {
41
+  while( $object = $result->fetch() ) {
42 42
     if (!array_key_exists($object['key'], $config)) {
43 43
 	    $config[$object['key']]=$object['value'];
44 44
     }
... ...
@@ -56,8 +56,9 @@ function config($key)
56 56
 
57 57
 function get_server_by_id($id) {
58 58
   $id = (int) $id;
59
-  $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'"));
60
-  return $result['hostname'];
59
+  $result = db_query("SELECT hostname FROM system.servers WHERE id='{$id}'");
60
+  $ret = $result->fetch();
61
+  return $ret['hostname'];
61 62
 }
62 63
 
63 64
 
... ...
@@ -74,7 +75,7 @@ function my_server_id()
74 75
 {
75 76
   $uid = (int) $_SESSION['userinfo']['uid'];
76 77
   $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
77
-  $r = mysql_fetch_assoc($result);
78
+  $r = $result->fetch();
78 79
   DEBUG($r);
79 80
   return $r['server'];
80 81
 }
... ...
@@ -85,7 +86,7 @@ function additional_servers()
85 86
   $uid = (int) $_SESSION['userinfo']['uid'];
86 87
   $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}");
87 88
   $servers = array();
88
-  while ($s = mysql_fetch_assoc($result))
89
+  while ($s = $result->fetch())
89 90
     $servers[] = $s['server'];
90 91
   DEBUG($servers);
91 92
   return $servers;
... ...
@@ -96,39 +97,22 @@ function server_names()
96 97
 {
97 98
   $result = db_query("SELECT id, hostname FROM system.servers");
98 99
   $servers = array();
99
-  while ($s = mysql_fetch_assoc($result))
100
+  while ($s = $result->fetch())
100 101
     $servers[$s['id']] = $s['hostname'];
101 102
   DEBUG($servers);
102 103
   return $servers;
103 104
 }
104 105
 
105 106
 
106
-function db_query($query)
107
-{
108
-  DEBUG($query);
109
-  $result = @mysql_query($query);
110
-  if (mysql_error())
111
-  {
112
-    $error = mysql_error();
113
-    logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}");
114
-    system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.');
115
-  }
116
-  $count = @mysql_num_rows($result);
117
-  if (! $count)
118
-    $count = 'no';
119
-  DEBUG("=> {$count} rows");
120
-  return $result; 
121
-}
122
-
123
-
124
-
107
+// FIXME
108
+// Diese Funktion funktioniert nicht für preprared statements
125 109
 function maybe_null($value)
126 110
 {
127 111
   if ($value == NULL)
128 112
     return 'NULL';
129 113
 
130 114
   if (strlen( (string) $value ) > 0)
131
-    return "'".mysql_real_escape_string($value)."'";
115
+    return "'".db_escape_string($value)."'";
132 116
   else
133 117
     return 'NULL';
134 118
 }
... ...
@@ -148,11 +133,11 @@ function logger($severity, $scriptname, $scope, $message)
148 133
   elseif ($_SESSION['role'] & ROLE_CUSTOMER)
149 134
     $user = "'{$_SESSION['customerinfo']['customerno']}'";
150 135
   
151
-  $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
136
+  $remote = db_escape_string($_SERVER['REMOTE_ADDR']);
152 137
 
153
-  $scriptname = mysql_real_escape_string($scriptname);
154
-  $scope = mysql_real_escape_string($scope);
155
-  $message = mysql_real_escape_string($message);
138
+  $scriptname = db_escape_string($scriptname);
139
+  $scope = db_escape_string($scope);
140
+  $message = db_escape_string($message);
156 141
 
157 142
   db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
158 143
 }
... ...
@@ -1,33 +0,0 @@
1
-<?php
2
-/*
3
-This file belongs to the Webinterface of schokokeks.org Hosting
4
-
5
-Written 2008-2013 by schokokeks.org Hosting, namely
6
-  Bernd Wurst <bernd@schokokeks.org>
7
-  Hanno Böck <hanno@schokokeks.org>
8
-
9
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
-
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
-http://creativecommons.org/publicdomain/zero/1.0/
13
-
14
-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
-*/
16
-
17
-require_once('inc/error.php');
18
-
19
-include("config.php");
20
-global $config;
21
-
22
-$host = $config['db_host'];
23
-if ($config['db_port']) {
24
-  $host .= ":".$config['db_port'];
25
-}
26
-
27
-if (!@mysql_connect($host, $config['db_user'], $config['db_pass']))
28
-	die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.');
29
-	
30
-if (!@mysql_query('SET NAMES utf8'))
31
-	die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!');
32
-
33
-?>
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 require_once('inc/error.php');
... ...
@@ -38,14 +37,14 @@ function get_domain_offer($domainname)
38 37
   $data = array("domainname" => $domainname, "basename" => $basename, "tld" => $tld);
39 38
 
40 39
   $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise_kunde WHERE kunde={$cid} AND tld='{$tld}' AND ruecksprache='N'");
41
-  if (mysql_num_rows($result) != 1) {
40
+  if ($result->rowCount() != 1) {
42 41
     $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise WHERE tld='{$tld}' AND ruecksprache='N'");
43 42
   }
44
-  if (mysql_num_rows($result) != 1) {
43
+  if ($result->rowCount() != 1) {
45 44
     warning('Die Endung »'.$tld.'« steht zur automatischen Eintragung nicht zur Verfügung.');
46 45
     return;
47 46
   }
48
-  $temp = mysql_fetch_assoc($result);
47
+  $temp = $result->fetch();
49 48
   $data["gebuehr"] = $temp["gebuehr"];
50 49
   $data["setup"] = ($temp["setup"] ? $temp["setup"] : 0.0);
51 50
   
... ...
@@ -93,7 +92,7 @@ function list_useraccounts()
93 92
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
94 93
   $result = db_query("SELECT uid,username,name FROM system.useraccounts WHERE kunde={$customerno}");
95 94
   $ret = array();
96
-  while ($item = mysql_fetch_assoc($result))
95
+  while ($item = $result->fetch())
97 96
   {
98 97
     $ret[] = $item;
99 98
   }
... ...
@@ -19,7 +19,7 @@ require_once('inc/base.php');
19 19
 
20 20
 function find_customers($string) 
21 21
 {
22
-  $string = mysql_real_escape_string(chop($string));
22
+  $string = db_escape_string(chop($string));
23 23
   $return = array();
24 24
   $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ".
25 25
                      "ON (kk.kundennr = k.id) LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
... ...
@@ -30,7 +30,7 @@ function find_customers($string)
30 30
                      "notizen LIKE '%{$string}%' OR kk.name LIKE '%{$string}%' OR ".
31 31
                      "kk.wert LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
32 32
                      "u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
33
-  while ($entry = mysql_fetch_assoc($result))
33
+  while ($entry = $result->fetch())
34 34
     $return[] = $entry['id'];
35 35
 
36 36
   return $return;
... ...
@@ -43,7 +43,7 @@ function find_users_for_customer($id)
43 43
   $return = array();
44 44
   $result = db_query("SELECT uid, username FROM system.useraccounts WHERE ".
45 45
                      "kunde='{$id}';");
46
-  while ($entry = mysql_fetch_assoc($result))
46
+  while ($entry = $result->fetch())
47 47
     $return[$entry['uid']] = $entry['username'];
48 48
 
49 49
   return $return;
... ...
@@ -56,7 +56,7 @@ function hosting_contracts($cid)
56 56
   $cid = (int) $cid;
57 57
   $result = db_query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid);
58 58
   $ret = array();
59
-  while ($x = mysql_fetch_assoc($result))
59
+  while ($x = $result->fetch())
60 60
     array_push($ret, $x);
61 61
   DEBUG($ret);
62 62
 
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 require_once('inc/error.php');
... ...
@@ -28,7 +27,7 @@ function get_dyndns_accounts()
28 27
   $uid = (int) $_SESSION['userinfo']['uid'];
29 28
   $result = db_query("SELECT * FROM dns.dyndns WHERE uid={$uid}");
30 29
   $list = array();
31
-  while ($item = mysql_fetch_assoc($result)) {
30
+  while ($item = $result->fetch()) {
32 31
     array_push($list, $item);
33 32
   }
34 33
   DEBUG($list);
... ...
@@ -41,11 +40,11 @@ function get_dyndns_account($id)
41 40
   $id = (int) $id;
42 41
   $uid = (int) $_SESSION['userinfo']['uid'];
43 42
   $result = db_query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}");
44
-  if (mysql_num_rows($result) != 1) {
43
+  if ($result->rowCount() != 1) {
45 44
     logger(LOG_WARNING, "modules/dns/include/dnsinclude", "dyndns", "account »{$id}« invalid for uid »{$uid}«.");
46 45
     system_failure("Account ungültig");
47 46
   }
48
-  $item = mysql_fetch_assoc($result);
47
+  $item = $result->fetch();
49 48
   DEBUG($item);
50 49
   return $item;
51 50
 }
... ...
@@ -58,8 +57,8 @@ function create_dyndns_account($handle, $password_http, $sshkey)
58 57
   if ($password_http == '' && $sshkey == '')
59 58
     system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.');  
60 59
 
61
-  $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle)));
62
-  $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey)));
60
+  $handle = maybe_null(db_escape_string(filter_input_username($handle)));
61
+  $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey)));
63 62
 
64 63
   $pwhash = 'NULL';
65 64
   if ($password_http)
... ...
@@ -73,8 +72,8 @@ function create_dyndns_account($handle, $password_http, $sshkey)
73 72
 function edit_dyndns_account($id, $handle, $password_http, $sshkey)
74 73
 {
75 74
   $id = (int) $id;
76
-  $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle)));
77
-  $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey)));
75
+  $handle = maybe_null(db_escape_string(filter_input_username($handle)));
76
+  $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey)));
78 77
 
79 78
   $pwhash = 'NULL';
80 79
   if ($password_http)
... ...
@@ -104,7 +103,7 @@ function get_dyndns_records($id)
104 103
   $id = (int) $id;
105 104
   $result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}");
106 105
   $data = array();
107
-  while ($entry = mysql_fetch_assoc($result)) {
106
+  while ($entry = $result->fetch()) {
108 107
     $dom = new Domain((int) $entry['domain']);
109 108
     $dom->ensure_userdomain();
110 109
     $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
... ...
@@ -144,9 +143,9 @@ function get_dns_record($id)
144 143
 {
145 144
   $id = (int) $id;
146 145
   $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}");
147
-  if (mysql_num_rows($result) != 1)
146
+  if ($result->rowCount() != 1)
148 147
     system_failure('illegal ID');
149
-  $data = mysql_fetch_assoc($result);
148
+  $data = $result->fetch();
150 149
   $dom = new Domain( (int) $data['domain']);
151 150
   $dom->ensure_userdomain();
152 151
   DEBUG($data);
... ...
@@ -159,7 +158,7 @@ function get_domain_records($dom)
159 158
   $dom = (int) $dom;
160 159
   $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}");
161 160
   $data = array();
162
-  while ($entry = mysql_fetch_assoc($result)) {
161
+  while ($entry = $result->fetch()) {
163 162
     $dom = new Domain((int) $entry['domain']);
164 163
     $dom->ensure_userdomain();
165 164
     $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
... ...
@@ -173,11 +172,11 @@ function get_domain_records($dom)
173 172
 
174 173
 function get_domain_auto_records($domainname)
175 174
 {
176
-  $domainname = mysql_real_escape_string($domainname);
175
+  $domainname = db_escape_string($domainname);
177 176
   //$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'");
178 177
   $result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'");
179 178
   $data = array();
180
-  while ($entry = mysql_fetch_assoc($result)) {
179
+  while ($entry = $result->fetch()) {
181 180
     array_push($data, $entry);
182 181
   }
183 182
   DEBUG($data);
... ...
@@ -329,7 +328,7 @@ function domain_is_maildomain($domain)
329 328
 {
330 329
   $domain = (int) $domain;
331 330
   $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
332
-  $dom = mysql_fetch_assoc($result);
331
+  $dom = $result->fetch();
333 332
   return ($dom['mail'] != 'none');
334 333
 }
335 334
 
... ...
@@ -27,7 +27,7 @@ function mailman_subdomains($domain)
27 27
   $domain = (int) $domain;
28 28
   $result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}");
29 29
   $ret = array();
30
-  while ($line = mysql_fetch_assoc($result))
30
+  while ($line = $result->fetch())
31 31
   {
32 32
     $ret[] = $line;
33 33
   }
... ...
@@ -40,7 +40,7 @@ function dns_in_use($domain)
40 40
     return false;
41 41
   $domain = (int) $domain;
42 42
   $result = db_query("SELECT id FROM dns.custom_records WHERE domain={$domain}");
43
-  return (mysql_num_rows($result) > 0);
43
+  return ($result->rowCount() > 0);
44 44
 }
45 45
 
46 46
 
... ...
@@ -52,16 +52,16 @@ function mail_in_use($domain)
52 52
   }
53 53
   $domain = (int) $domain;
54 54
   $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
55
-  if (mysql_num_rows($result) < 1)
55
+  if ($result->rowCount() < 1)
56 56
     system_failure("Domain not found");
57
-  $d = mysql_fetch_assoc($result);
57
+  $d = $result->fetch();
58 58
   if ($d['mail'] == 'none')
59 59
     return false; // manually disabled
60 60
   $result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}");
61
-  if (mysql_num_rows($result) < 1)
61
+  if ($result->rowCount() < 1)
62 62
     return true; // .courier
63 63
   $result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}");
64
-  return (mysql_num_rows($result) > 0);
64
+  return ($result->rowCount() > 0);
65 65
 }
66 66
 
67 67
 function web_in_use($domain)
... ...
@@ -72,12 +72,12 @@ function web_in_use($domain)
72 72
   $domain = (int) $domain;
73 73
 
74 74
   $result = db_query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1");
75
-  if (mysql_num_rows($result) < 1)
75
+  if ($result->rowCount() < 1)
76 76
     return false;
77 77
 
78 78
   $result = db_query("SELECT id FROM vhosts.vhost WHERE domain={$domain}");
79 79
   $result2 = db_query("SELECT id FROM vhosts.alias WHERE domain={$domain}");
80
-  return (mysql_num_rows($result) > 0 || mysql_num_rows($result2) > 0);
80
+  return ($result->rowCount() > 0 || $result2->rowCount() > 0);
81 81
 }
82 82
 
83 83
 
... ...
@@ -20,8 +20,8 @@ function user_has_accounts()
20 20
 {
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22 22
   $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid");
23
-  DEBUG(mysql_num_rows($result)." accounts");
24
-  return (mysql_num_rows($result) > 0);
23
+  DEBUG($result->rowCount()." accounts");
24
+  return ($result->rowCount() > 0);
25 25
 }
26 26
 
27 27
 if (! function_exists("user_has_vmail_domain"))
... ...
@@ -34,7 +34,7 @@ if (! function_exists("user_has_vmail_domain"))
34 34
         }
35 35
         $uid = (int) $_SESSION['userinfo']['uid'];
36 36
         $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
37
-        $row = mysql_fetch_array($result);
37
+        $row = $result->fetch();
38 38
         $count = $row[0];
39 39
         DEBUG("User has {$count} vmail-domains");
40 40
         return ( (int) $count > 0 );
... ...
@@ -24,7 +24,7 @@ if (! function_exists("user_has_vmail_domain"))
24 24
 	}
25 25
 	$uid = (int) $_SESSION['userinfo']['uid'];
26 26
 	$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
27
-	$row = mysql_fetch_array($result);
27
+	$row = $result->fetch();
28 28
 	$count = $row[0];
29 29
 	DEBUG("User has {$count} vmail-domains");
30 30
 	return ( (int) $count > 0 );
... ...
@@ -42,7 +42,7 @@ if (! function_exists("user_has_dotcourier_domain"))
42 42
 	$uid = (int) $_SESSION['userinfo']['uid'];
43 43
 	$result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". 
44 44
             "SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);");
45
-  $ret = (mysql_num_rows($result) > 0);
45
+  $ret = ($result->rowCount() > 0);
46 46
   if ($ret)
47 47
     DEBUG("User {$uid} has dotcourier-domains");
48 48
   return $ret;
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 
... ...
@@ -27,10 +26,10 @@ function mailaccounts($uid)
27 26
 {
28 27
   $uid = (int) $uid;
29 28
   $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local");
30
-  DEBUG("Found ".@mysql_num_rows($result)." rows!");
29
+  DEBUG("Found ".@$result->rowCount()." rows!");
31 30
   $accounts = array();
32
-  if (@mysql_num_rows($result) > 0)
33
-    while ($acc = @mysql_fetch_object($result))
31
+  if (@$result->rowCount() > 0)
32
+    while ($acc = @$result->fetch(PDO::FETCH_OBJ))
34 33
       array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
35 34
   return $accounts;
36 35
 }
... ...
@@ -40,10 +39,10 @@ function get_mailaccount($id)
40 39
   $id = (int) $id;
41 40
   $uid = (int) $_SESSION['userinfo']['uid'];
42 41
   $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
43
-  DEBUG("Found ".mysql_num_rows($result)." rows!");
44
-  if (mysql_num_rows($result) != 1)
42
+  DEBUG("Found ".$result->rowCount()." rows!");
43
+  if ($result->rowCount() != 1)
45 44
     system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
46
-  $acc = mysql_fetch_object($result);
45
+  $acc = $result->fetch(PDO::FETCH_OBJ);
47 46
   $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
48 47
   DEBUG(print_r($ret, true));
49 48
   return $ret;
... ...
@@ -73,13 +72,13 @@ function change_mailaccount($id, $arr)
73 72
         array_push($conditions, "domain={$domain->id}");
74 73
       }
75 74
     }
76
-    array_push($conditions, "local='".mysql_real_escape_string($local)."'");
75
+    array_push($conditions, "local='".db_escape_string($local)."'");
77 76
   }
78 77
   if (isset($arr['mailbox']))
79 78
     if ($arr['mailbox'] == '')
80 79
       array_push($conditions, "`maildir`=NULL");
81 80
     else
82
-      array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'");
81
+      array_push($conditions, "`maildir`='".db_escape_string($arr['mailbox'])."'");
83 82
 
84 83
   if (isset($arr['password']))
85 84
   {
... ...
@@ -121,13 +120,13 @@ function create_mailaccount($arr)
121 120
     }
122 121
   }
123 122
 
124
-  $values['local'] = "'".mysql_real_escape_string($local)."'";
123
+  $values['local'] = "'".db_escape_string($local)."'";
125 124
 
126 125
   if (isset($arr['mailbox']))
127 126
     if ($arr['mailbox'] == '')
128 127
       $values['maildir'] = 'NULL';
129 128
     else
130
-      $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'";
129
+      $values['maildir']= "'".db_escape_string($arr['mailbox'])."'";
131 130
 
132 131
 
133 132
   if (isset($arr['password']))
... ...
@@ -149,13 +148,13 @@ function get_mailaccount_id($accountname)
149 148
 {
150 149
   list($local, $domain) = explode('@', $accountname, 2);
151 150
 
152
-  $local = mysql_real_escape_string($local);
153
-  $domain = mysql_real_escape_string($domain);
151
+  $local = db_escape_string($local);
152
+  $domain = db_escape_string($domain);
154 153
 
155 154
   $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
156
-  if (mysql_num_rows($result) != 1)
155
+  if ($result->rowCount() != 1)
157 156
     system_failure('account nicht eindeutig');
158
-  $acc = mysql_fetch_assoc($result);
157
+  $acc = $result->fetch();
159 158
   return $acc['id'];
160 159
 }
161 160
     
... ...
@@ -214,7 +213,7 @@ function imap_on_vmail_domain()
214 213
 {
215 214
   $uid = (int) $_SESSION['userinfo']['uid'];
216 215
   $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
217
-  if (mysql_num_rows($result) > 0)
216
+  if ($result->rowCount() > 0)
218 217
     return true;
219 218
   return false;
220 219
 }
... ...
@@ -224,11 +223,11 @@ function user_has_only_vmail_domains()
224 223
   $uid = (int) $_SESSION['userinfo']['uid'];
225 224
   $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
226 225
   // User hat keine VMail-Domains
227
-  if (mysql_num_rows($result) == 0)
226
+  if ($result->rowCount() == 0)
228 227
     return false;
229 228
   $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
230 229
   // User hat keine Domains die nicht vmail-Domains sind
231
-  if (mysql_num_rows($result) == 0)
230
+  if ($result->rowCount() == 0)
232 231
     return true;
233 232
   return false;
234 233
 }
... ...
@@ -58,9 +58,9 @@ Ihre E-Mail wird nicht weitergeleitet.',
58 58
 
59 59
 function get_vmail_id_by_emailaddr($emailaddr) 
60 60
 {
61
-  $emailaddr = mysql_real_escape_string( $emailaddr );
61
+  $emailaddr = db_escape_string( $emailaddr );
62 62
   $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'");
63
-  $entry = mysql_fetch_assoc($result);
63
+  $entry = $result->fetch();
64 64
   return (int) $entry['id'];
65 65
 }
66 66
 
... ...
@@ -74,10 +74,10 @@ function get_account_details($id, $checkuid = true)
74 74
     $uid_check = "useraccount='{$uid}' AND ";
75 75
   }
76 76
   $result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1");
77
-	if (mysql_num_rows($result) == 0)
77
+	if ($result->rowCount() == 0)
78 78
 		system_failure('Ungültige ID oder kein eigener Account');
79 79
 	$acc = empty_account();
80
-	$res = mysql_fetch_assoc($result);
80
+	$res = $result->fetch();
81 81
 	foreach ($res AS $key => $value) {
82 82
 	  if ($key == 'forwards')
83 83
 	    continue;
... ...
@@ -85,13 +85,13 @@ function get_account_details($id, $checkuid = true)
85 85
 	}
86 86
 	if ($acc['forwards'] > 0) {
87 87
 	  $result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};");
88
-	  while ($item = mysql_fetch_assoc($result)){
88
+	  while ($item = $result->fetch()){
89 89
 	    array_push($acc['forwards'], array("id" => $item['id'], 'spamfilter' => $item['spamfilter'], 'destination' => $item['destination']));
90 90
 	  }
91 91
 	}
92 92
   if ($acc['autoresponder'] > 0) {
93 93
     $result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}");
94
-    $item = mysql_fetch_assoc($result);
94
+    $item = $result->fetch();
95 95
     DEBUG($item);
96 96
     $acc['autoresponder'] = $item;
97 97
   } else {
... ...
@@ -108,7 +108,7 @@ function get_vmail_accounts()
108 108
 	$uid = (int) $_SESSION['userinfo']['uid'];
109 109
 	$result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC");
110 110
 	$ret = array();
111
-	while ($line = mysql_fetch_assoc($result))
111
+	while ($line = $result->fetch())
112 112
 	{
113 113
 		array_push($ret, $line);
114 114
 	}
... ...
@@ -122,10 +122,10 @@ function get_vmail_domains()
122 122
 {
123 123
 	$uid = (int) $_SESSION['userinfo']['uid'];
124 124
 	$result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname");
125
-	if (mysql_num_rows($result) == 0)
125
+	if ($result->rowCount() == 0)
126 126
 		system_failure('Sie haben keine Domains für virtuelle Mail-Verarbeitung');
127 127
 	$ret = array();
128
-	while ($tmp = mysql_fetch_assoc($result))
128
+	while ($tmp = $result->fetch())
129 129
 		array_push($ret, $tmp);
130 130
 	return $ret;
131 131
 }
... ...
@@ -133,7 +133,7 @@ function get_vmail_domains()
133 133
 
134 134
 function find_account_id($accname)
135 135
 {
136
-  $accname = mysql_real_escape_string($accname);
136
+  $accname = db_escape_string($accname);
137 137
   DEBUG($accname);
138 138
   $tmp = explode('@', $accname, 2);
139 139
   DEBUG($tmp);
... ...
@@ -142,9 +142,9 @@ function find_account_id($accname)
142 142
   list( $local, $domainname) = $tmp;
143 143
 
144 144
   $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1");
145
-  if (mysql_num_rows($result) == 0)
145
+  if ($result->rowCount() == 0)
146 146
     system_failure("Der Account konnte nicht gefunden werden");
147
-  $tmp = mysql_fetch_array($result);
147
+  $tmp = $result->fetch();
148 148
   return $tmp[0];
149 149
 }
150 150
 
... ...
@@ -152,7 +152,7 @@ function find_account_id($accname)
152 152
 function change_vmail_password($accname, $newpass)
153 153
 {
154 154
   $accid = find_account_id($accname);
155
-  $encpw = mysql_real_escape_string(encrypt_mail_password($newpass));
155
+  $encpw = db_escape_string(encrypt_mail_password($newpass));
156 156
   db_query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;");
157 157
 }
158 158
 
... ...
@@ -177,7 +177,7 @@ function get_max_mailboxquota($server, $oldquota) {
177 177
   $uid = (int) $_SESSION['userinfo']['uid'];
178 178
   $server = (int) $server;
179 179
   $result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'");
180
-  $item = mysql_fetch_assoc($result);
180
+  $item = $result->fetch();
181 181
   DEBUG("Free space: ".$item['free']." / Really: ".($item['free'] + ($oldquota - config('vmail_basequota'))));
182 182
   return $item['free'] + ($oldquota - config('vmail_basequota'));
183 183
 }
... ...
@@ -313,8 +313,8 @@ function save_vmail_account($account)
313 313
     $account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] );
314 314
   }
315 315
   
316
-  $account['local'] = mysql_real_escape_string(strtolower($account['local']));
317
-  $account['password'] = mysql_real_escape_string($account['password']);
316
+  $account['local'] = db_escape_string(strtolower($account['local']));
317
+  $account['password'] = db_escape_string($account['password']);
318 318
   $account['spamexpire'] = (int) $account['spamexpire'];
319 319
 
320 320
   $query = '';
... ...
@@ -341,14 +341,14 @@ function save_vmail_account($account)
341 341
     $ar = $account['autoresponder'];
342 342
     $valid_from = maybe_null($ar['valid_from']);
343 343
     $valid_until = maybe_null($ar['valid_until']);
344
-    $fromname = maybe_null( mysql_real_escape_string($ar['fromname']) );
344
+    $fromname = maybe_null( db_escape_string($ar['fromname']) );
345 345
     $fromaddr = NULL;
346 346
     if ($ar['fromaddr']) {
347
-      $fromaddr = mysql_real_escape_string(check_emailaddr($ar['fromaddr']));
347
+      $fromaddr = db_escape_string(check_emailaddr($ar['fromaddr']));
348 348
     }
349 349
     $fromaddr = maybe_null( $fromaddr );
350
-    $subject = maybe_null( mysql_real_escape_string($ar['subject']));
351
-    $message = mysql_real_escape_string($ar['message']);
350
+    $subject = maybe_null( db_escape_string($ar['subject']));
351
+    $message = db_escape_string($ar['message']);
352 352
     $quote = "'inline'";
353 353
     if ($ar['quote'] == 'attach')
354 354
       $quote = "'attach'";
... ...
@@ -417,7 +417,7 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können?
417 417
   if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
418 418
     $uid = (int) $_SESSION['userinfo']['uid'];
419 419
     $result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server");
420
-    while ($line = mysql_fetch_assoc($result)) {
420
+    while ($line = $result->fetch()) {
421 421
       if ($line['quota'] !== NULL) {
422 422
         db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')");
423 423
       }
... ...
@@ -447,7 +447,7 @@ function domainsettings($only_domain=NULL) {
447 447
   // Domains
448 448
   $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);");
449 449
 
450
-  while ($mydom = mysql_fetch_assoc($result)) {
450
+  while ($mydom = $result->fetch()) {
451 451
     if (! array_key_exists($mydom['id'], $domains)) {
452 452
       if ($mydom['v_id'])
453 453
         $mydom['mail'] = 'virtual';
... ...
@@ -463,7 +463,7 @@ function domainsettings($only_domain=NULL) {
463 463
 
464 464
   // Subdomains
465 465
   $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};");
466
-  while ($mydom = mysql_fetch_assoc($result)) {
466
+  while ($mydom = $result->fetch()) {
467 467
     if (! array_key_exists($mydom['id'], $subdomains))
468 468
       $subdomains[$mydom['id']] = array();
469 469
         
... ...
@@ -483,14 +483,14 @@ function domain_has_vmail_accounts($domid)
483 483
 {
484 484
   $domid = (int) $domid;
485 485
   $result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}");
486
-  return (mysql_num_rows($result) > 0);
486
+  return ($result->rowCount() > 0);
487 487
 }
488 488
 
489 489
 
490 490
 function change_domain($id, $type)
491 491
 {
492 492
   $id = (int) $id;
493
-  $type = mysql_real_escape_string($type);
493
+  $type = db_escape_string($type);
494 494
   if (domain_has_vmail_accounts($id))
495 495
     system_failure("Sie müssen zuerst alle E-Mail-Konten mit dieser Domain löschen, bevor Sie die Webinterface-Verwaltung für diese Domain abschalten können.");
496 496
   
... ...
@@ -21,7 +21,7 @@ function list_ftpusers()
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22 22
   $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
23 23
   $ftpusers = array();
24
-  while ($u = mysql_fetch_assoc($result)) {
24
+  while ($u = $result->fetch()) {
25 25
     $ftpusers[] = $u;
26 26
   }
27 27
   return $ftpusers;
... ...
@@ -40,9 +40,9 @@ function load_ftpuser($id)
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   $id = (int) $id;
42 42
   $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
43
-  if (mysql_num_rows($result) != 1)
43
+  if ($result->rowCount() != 1)
44 44
     system_failure("Fehler beim auslesen des Accounts");
45
-  $account = mysql_fetch_assoc($result);
45
+  $account = $result->fetch();
46 46
   DEBUG($account);
47 47
   return $account;
48 48
 }
... ...
@@ -117,11 +117,11 @@ function delete_ftpuser($id)
117 117
 
118 118
 function get_gid($groupname)
119 119
 {
120
-  $groupname = mysql_real_escape_string($groupname);
120
+  $groupname = db_escape_string($groupname);
121 121
   $result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
122
-  if (mysql_num_rows($result) != 1)
122
+  if ($result->rowCount() != 1)
123 123
     system_failure('cannot determine gid of ftpusers group');
124
-  $a = mysql_fetch_assoc($result);
124
+  $a = $result->fetch();
125 125
   $gid = (int) $a['gid'];
126 126
   if ($gid == 0)
127 127
     system_failure('error on determining gid of ftpusers group');
... ...
@@ -134,7 +134,7 @@ function have_regular_ftp()
134 134
   $gid = get_gid('ftpusers');
135 135
   $uid = (int) $_SESSION['userinfo']['uid'];
136 136
   $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
137
-  return (mysql_num_rows($result) > 0);
137
+  return ($result->rowCount() > 0);
138 138
 }
139 139
 
140 140
 
... ...
@@ -19,7 +19,7 @@ function whitelist_entries()
19 19
 	$uid = (int) $_SESSION['userinfo']['uid'];
20 20
 	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};");
21 21
 	$return = array();
22
-	while ($line = mysql_fetch_assoc($res))
22
+	while ($line = $res->fetch())
23 23
 		array_push($return, $line);
24 24
 	return $return;
25 25
 }
... ...
@@ -30,9 +30,9 @@ function get_whitelist_details($id)
30 30
 	$id = (int) $id;
31 31
 	$uid = (int) $_SESSION['userinfo']['uid'];
32 32
 	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};");
33
-	if (mysql_num_rows($res) != 1)
33
+	if ($res->rowCount() != 1)
34 34
 		system_failure('Kann diesen Eintrag nicht finden');
35
-	return mysql_fetch_assoc($res);
35
+	return $res->fetch();
36 36
 }
37 37
 
38 38
 
... ...
@@ -55,9 +55,9 @@ function valid_entry($local, $domain)
55 55
 			system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!');
56 56
 		return true;
57 57
 	}
58
-	$d = mysql_real_escape_string($domain);
58
+	$d = db_escape_string($domain);
59 59
 	$res = db_query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1");
60
-	if (mysql_num_rows($res) != 1)
60
+	if ($res->rowCount() != 1)
61 61
 		system_failure('Diese domain gehört Ihnen nicht!');
62 62
 	return true;
63 63
 }
... ...
@@ -68,7 +68,7 @@ function new_whitelist_entry($local, $domain, $minutes)
68 68
 	valid_entry($local, $domain);
69 69
 	$uid = (int) $_SESSION['userinfo']['uid'];
70 70
 	$local = maybe_null($local);
71
-	$domain = mysql_real_escape_string($domain);
71
+	$domain = db_escape_string($domain);
72 72
 	
73 73
 	$expire = '';
74 74
 	if ($minutes == 'none')
... ...
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('session/checkuser.php');
19 18
 
20 19
 function user_customer_match($cust, $user)
21 20
 {
22 21
   $customerno = (int) $cust;
23
-  $username = mysql_real_escape_string($user);
22
+  $username = db_escape_string($user);
24 23
   $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
25
-  if (mysql_num_rows($result) > 0)
24
+  if ($result->rowCount() > 0)
26 25
     return true;
27 26
   return false;
28 27
 }
... ...
@@ -32,9 +31,9 @@ function user_customer_match($cust, $user)
32 31
 function customer_has_email($customerno, $email)
33 32
 {
34 33
   $customerno = (int) $customerno;
35
-  $email = mysql_real_escape_string($email);
34
+  $email = db_escape_string($email);
36 35
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
37
-  return (mysql_num_rows($result) > 0);
36
+  return ($result->rowCount() > 0);
38 37
 }
39 38
 
40 39
 
... ...
@@ -42,21 +41,21 @@ function validate_token($customerno, $token)
42 41
 {
43 42
   expire_tokens();
44 43
   $customerno = (int) $customerno;
45
-  $token = mysql_real_escape_string($token);
44
+  $token = db_escape_string($token);
46 45
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
47
-  return (mysql_num_rows($result) > 0);
46
+  return ($result->rowCount() > 0);
48 47
 }
49 48
 
50 49
 
51 50
 function get_uid_for_token($token) 
52 51
 {
53 52
   expire_tokens();
54
-  $token = mysql_real_escape_string($token);
53
+  $token = db_escape_string($token);
55 54
   $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
56
-  if (mysql_num_rows($result) == 0) {
55
+  if ($result->rowCount() == 0) {
57 56
     return NULL;
58 57
   }
59
-  $data = mysql_fetch_assoc($result);
58
+  $data = $result->fetch();
60 59
   return $data['uid'];  
61 60
 }
62 61
 
... ...
@@ -64,10 +63,10 @@ function get_username_for_uid($uid)
64 63
 {
65 64
   $uid = (int) $uid;
66 65
   $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
67
-  if (mysql_num_rows($result) != 1) {
66
+  if ($result->rowCount() != 1) {
68 67
     system_failure("Unexpected number of users with this uid (!= 1)!");
69 68
   }
70
-  $item = mysql_fetch_assoc($result);
69
+  $item = $result->fetch();
71 70
   return $item['username'];
72 71
 }
73 72
 
... ...
@@ -75,9 +74,9 @@ function validate_uid_token($uid, $token)
75 74
 {
76 75
   expire_tokens();
77 76
   $uid = (int) $uid;
78
-  $token = mysql_real_escape_string($token);
77
+  $token = db_escape_string($token);
79 78
   $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
80
-  return (mysql_num_rows($result) > 0);
79
+  return ($result->rowCount() > 0);
81 80
 }
82 81
 
83 82
 
... ...
@@ -102,13 +101,13 @@ function invalidate_systemuser_token($uid)
102 101
  
103 102
 function create_token($username)
104 103
 {
105
-  $username = mysql_real_escape_string($username);
104
+  $username = db_escape_string($username);
106 105
   expire_tokens();
107 106
   $result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
108
-  $uid = (int) mysql_fetch_assoc($result)['uid'];
107
+  $uid = (int) $result->fetch()['uid'];
109 108
   
110 109
   $result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
111
-  if (mysql_num_rows($result) > 0) {
110
+  if ($result->rowCount() > 0) {
112 111
     system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
113 112
   }
114 113
   
... ...
@@ -120,9 +119,9 @@ function create_token($username)
120 119
 
121 120
 function emailaddress_for_user($username)
122 121
 {
123
-  $username = mysql_real_escape_string($username);
122
+  $username = db_escape_string($username);
124 123
   $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
125
-  $data = mysql_fetch_assoc($result);
124
+  $data = $result->fetch();
126 125
   return $data['email'];
127 126
 }
128 127
 
... ...
@@ -132,17 +131,17 @@ function get_customer_token($customerno)
132 131
   $customerno = (int) $customerno;
133 132
   expire_tokens();
134 133
   $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
135
-  if (mysql_num_rows($result) < 1)
134
+  if ($result->rowCount() < 1)
136 135
     system_failure("Kann das Token nicht auslesen!");
137
-  return mysql_fetch_object($result)->token;
136
+  return $result->fetch(PDO::FETCH_OBJ)->token;
138 137
 }
139 138
 
140 139
 
141 140
 function get_user_token($username) 
142 141
 {
143
-  $username = mysql_real_escape_string($username);
142
+  $username = db_escape_string($username);
144 143
   $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
145
-  $tmp = mysql_fetch_assoc($result);
144
+  $tmp = $result->fetch();
146 145
   return $tmp['token'];
147 146
 }
148 147
 
... ...
@@ -35,14 +35,14 @@ function do_ajax_cert_login() {
35 35
 
36 36
 function get_logins_by_cert($cert) 
37 37
 {
38
-	$cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
38
+	$cert = db_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
39 39
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
40 40
 	$result = db_query($query);
41
-	if (mysql_num_rows($result) < 1)
41
+	if ($result->rowCount() < 1)
42 42
 		return NULL;
43 43
 	else {
44 44
 		$ret = array();
45
-		while ($row = mysql_fetch_assoc($result)) {
45
+		while ($row = $result->fetch()) {
46 46
 			$ret[] = $row;
47 47
 		}
48 48
 		return $ret;
... ...
@@ -56,9 +56,9 @@ function get_cert_by_id($id)
56 56
 	  system_failure('no ID');
57 57
 	$query = "SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`='{$id}' LIMIT 1";
58 58
 	$result = db_query($query);
59
-	if (mysql_num_rows($result) < 1)
59
+	if ($result->rowCount() < 1)
60 60
 		return NULL;
61
-	$ret = mysql_fetch_assoc($result);
61
+	$ret = $result->fetch();
62 62
   DEBUG($ret);
63 63
   return $ret;
64 64
 }
... ...
@@ -66,14 +66,14 @@ function get_cert_by_id($id)
66 66
 
67 67
 function get_certs_by_username($username) 
68 68
 {
69
-	$username = mysql_real_escape_string($username);
69
+	$username = db_escape_string($username);
70 70
 	if ($username == '')
71 71
 	  system_failure('empty username');
72 72
 	$query = "SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`='{$username}'";
73 73
 	$result = db_query($query);
74
-	if (mysql_num_rows($result) < 1)
74
+	if ($result->rowCount() < 1)
75 75
 		return NULL;
76
-	while ($row = mysql_fetch_assoc($result)) {
76
+	while ($row = $result->fetch()) {
77 77
 	  $ret[] = $row;
78 78
 	}
79 79
 	return $ret;
... ...
@@ -86,24 +86,24 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='')
86 86
   $username = NULL;
87 87
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
88 88
     $type = 'user';
89
-    $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
89
+    $username = db_escape_string($_SESSION['userinfo']['username']);
90 90
     if (isset($_SESSION['subuser'])) {
91
-      $username = mysql_real_escape_string($_SESSION['subuser']);
91
+      $username = db_escape_string($_SESSION['subuser']);
92 92
       $type = 'subuser';
93 93
     }
94 94
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
95 95
     $type = 'email';
96
-    $username = mysql_real_escape_string($_SESSION['mailaccount']);
96
+    $username = db_escape_string($_SESSION['mailaccount']);
97 97
   }
98 98
   if (! $type || ! $username) {
99 99
     system_failure('cannot get type or username of login');
100 100
   }
101
-  $certdata = mysql_real_escape_string($certdata);
102
-  $dn = maybe_null(mysql_real_escape_string($dn));
103
-  $issuer = maybe_null(mysql_real_escape_string($issuer));
101
+  $certdata = db_escape_string($certdata);
102
+  $dn = maybe_null(db_escape_string($dn));
103
+  $issuer = maybe_null(db_escape_string($issuer));
104 104
   if ($startpage &&  ! check_path($startpage))
105 105
     system_failure('Startseite kaputt');
106
-  $startpage = maybe_null(mysql_real_escape_string($startpage));
106
+  $startpage = maybe_null(db_escape_string($startpage));
107 107
 
108 108
   if ($certdata == '')
109 109
     system_failure('Kein Zertifikat');
... ...
@@ -124,14 +124,14 @@ function delete_clientcert($id)
124 124
   $username = NULL;
125 125
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
126 126
     $type = 'user';
127
-    $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
127
+    $username = db_escape_string($_SESSION['userinfo']['username']);
128 128
     if (isset($_SESSION['subuser'])) {
129
-      $username = mysql_real_escape_string($_SESSION['subuser']);
129
+      $username = db_escape_string($_SESSION['subuser']);
130 130
       $type = 'subuser';
131 131
     }
132 132
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
133 133
     $type = 'email';
134
-    $username = mysql_real_escape_string($_SESSION['mailaccount']);
134
+    $username = db_escape_string($_SESSION['mailaccount']);
135 135
   }
136 136
   if (! $type || ! $username) {
137 137
     system_failure('cannot get type or username of login');
... ...
@@ -25,7 +25,7 @@ function my_invoices()
25 25
   $c = (int) $_SESSION['customerinfo']['customerno'];
26 26
   $result = db_query("SELECT id,datum,betrag,bezahlt,abbuchung,sepamandat FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC");
27 27
   $ret = array();
28
-  while($line = mysql_fetch_assoc($result))
28
+  while($line = $result->fetch())
29 29
   	array_push($ret, $line);
30 30
   return $ret;
31 31
 }
... ...
@@ -36,9 +36,9 @@ function get_pdf($id)
36 36
   $c = (int) $_SESSION['customerinfo']['customerno'];
37 37
   $id = (int) $id;
38 38
   $result = db_query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
39
-  if (mysql_num_rows($result) == 0)
39
+  if ($result->rowCount() == 0)
40 40
 	  system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
41
-  return mysql_fetch_object($result)->pdfdata;
41
+  return $result->fetch(PDO::FETCH_OBJ)->pdfdata;
42 42
 
43 43
 }
44 44
 
... ...
@@ -48,9 +48,9 @@ function invoice_details($id)
48 48
   $c = (int) $_SESSION['customerinfo']['customerno'];
49 49
   $id = (int) $id;
50 50
   $result = db_query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
51
-  if (mysql_num_rows($result) == 0)
51
+  if ($result->rowCount() == 0)
52 52
   	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
53
-  return mysql_fetch_assoc($result);
53
+  return $result->fetch();
54 54
 }
55 55
 
56 56
 function invoice_items($id)
... ...
@@ -58,10 +58,10 @@ function invoice_items($id)
58 58
   $c = (int) $_SESSION['customerinfo']['customerno'];
59 59
   $id = (int) $id;
60 60
   $result = db_query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}");
61
-  if (mysql_num_rows($result) == 0)
61
+  if ($result->rowCount() == 0)
62 62
   	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
63 63
   $ret = array();
64
-  while($line = mysql_fetch_assoc($result))
64
+  while($line = $result->fetch())
65 65
   array_push($ret, $line);
66 66
   return $ret;
67 67
 }
... ...
@@ -72,7 +72,7 @@ function upcoming_items()
72 72
   $c = (int) $_SESSION['customerinfo']['customerno'];
73 73
   $result = db_query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC");
74 74
   $ret = array();
75
-  while($line = mysql_fetch_assoc($result))
75
+  while($line = $result->fetch())
76 76
 	  array_push($ret, $line);
77 77
   return $ret;
78 78
 }
... ...
@@ -166,19 +166,19 @@ function generate_bezahlcode_image($id)
166 166
 function get_lastschrift($rechnungsnummer) {
167 167
   $rechnungsnummer = (int) $rechnungsnummer;
168 168
   $result = db_query("SELECT rechnungsnummer, rechnungsdatum, sl.betrag, buchungsdatum FROM kundendaten.sepalastschrift sl LEFT JOIN kundendaten.ausgestellte_rechnungen re ON (re.id=sl.rechnungsnummer) WHERE rechnungsnummer='${rechnungsnummer}' AND re.abbuchung=1");
169
-  if (mysql_num_rows($result) == 0) {
169
+  if ($result->rowCount() == 0) {
170 170
     return NULL;
171 171
   }
172
-  $item = mysql_fetch_assoc($result);
172
+  $item = $result->fetch();
173 173
   return $item;
174 174
 }
175 175
 
176 176
 function get_lastschriften($mandatsreferenz)
177 177
 {
178
-  $mandatsreferenz = mysql_real_escape_string($mandatsreferenz);
178
+  $mandatsreferenz = db_escape_string($mandatsreferenz);
179 179
   $result = db_query("SELECT rechnungsnummer, rechnungsdatum, betrag, buchungsdatum FROM kundendaten.sepalastschrift WHERE mandatsreferenz='${mandatsreferenz}' ORDER BY buchungsdatum DESC");
180 180
   $ret = array();
181
-  while ($item = mysql_fetch_assoc($result)) {
181
+  while ($item = $result->fetch()) {
182 182
     $ret[] = $item;
183 183
   }
184 184
   return $ret;
... ...
@@ -189,7 +189,7 @@ function get_sepamandate()
189 189
   $cid = (int) $_SESSION['customerinfo']['customerno'];
190 190
   $result = db_query("SELECT id, mandatsreferenz, glaeubiger_id, erteilt, medium, gueltig_ab, gueltig_bis, erstlastschrift, kontoinhaber, adresse, iban, bic, bankname FROM kundendaten.sepamandat WHERE kunde={$cid}");
191 191
   $ret = array();
192
-  while ($entry = mysql_fetch_assoc($result)) {
192
+  while ($entry = $result->fetch()) {
193 193
     array_push($ret, $entry);
194 194
   }
195 195
   return $ret;
... ...
@@ -198,9 +198,9 @@ function get_sepamandate()
198 198
 
199 199
 function yesterday($date) 
200 200
 {
201
-  $date = mysql_real_escape_string($date);
201
+  $date = db_escape_string($date);
202 202
   $result = db_query("SELECT '{$date}' - INTERVAL 1 DAY");
203
-  return mysql_fetch_array($result)[0];
203
+  return $result->fetch()[0];
204 204
 }
205 205
 
206 206
 
... ...
@@ -208,7 +208,7 @@ function invalidate_sepamandat($id, $date)
208 208
 {
209 209
   $cid = (int) $_SESSION['customerinfo']['customerno'];
210 210
   $id = (int) $id;
211
-  $date = mysql_real_escape_string($date);
211
+  $date = db_escape_string($date);
212 212
   db_query("UPDATE kundendaten.sepamandat SET gueltig_bis='{$date}' WHERE id={$id} AND kunde={$cid}");
213 213
 }
214 214
 
... ...
@@ -216,12 +216,12 @@ function invalidate_sepamandat($id, $date)
216 216
 function sepamandat($name, $adresse, $iban, $bankname, $bic, $gueltig_ab)
217 217
 {
218 218
   $cid = (int) $_SESSION['customerinfo']['customerno'];
219
-  $name = mysql_real_escape_string($name);
220
-  $adresse = mysql_real_escape_string($adresse);
221
-  $iban = mysql_real_escape_string($iban);
222
-  $bankname = mysql_real_escape_string($bankname);
223
-  $bic = mysql_real_escape_string($bic);
224
-  $gueltig_ab = mysql_real_escape_string($gueltig_ab);
219
+  $name = db_escape_string($name);
220
+  $adresse = db_escape_string($adresse);
221
+  $iban = db_escape_string($iban);
222
+  $bankname = db_escape_string($bankname);
223
+  $bic = db_escape_string($bic);
224
+  $gueltig_ab = db_escape_string($gueltig_ab);
225 225
 
226 226
   $first_date = date('Y-m-d');
227 227
   $invoices = my_invoices();
... ...
@@ -22,7 +22,7 @@ require_once('invoice.php');
22 22
 $kundenname = $_SESSION['customerinfo']['name'];
23 23
 $id = (int) $_SESSION['customerinfo']['customerno'];
24 24
 $result = db_query("SELECT CONCAT(adresse, '\\\\n', plz, ' ', ort) AS adresse FROM kundendaten.kunden WHERE id={$id}");
25
-$r = mysql_fetch_assoc($result);
25
+$r = $result->fetch();
26 26
 
27 27
 header("Content-Type: text/javascript");
28 28
 echo ' { "kundenname": "'.$kundenname.'", "adresse": "'.$r["adresse"].'" } ';
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once("inc/debug.php");
18
-require_once("inc/db_connect.php");
19 18
 require_once("inc/security.php");
20 19
 
21 20
 require_once('class/domain.php');
... ...
@@ -25,8 +24,8 @@ function get_jabber_accounts() {
25 24
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
26 25
   $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
27 26
   $accounts = array();
28
-  if (@mysql_num_rows($result) > 0)
29
-    while ($acc = @mysql_fetch_assoc($result))
27
+  if (@$result->rowCount() > 0)
28
+    while ($acc = @$result->fetch())
30 29
       array_push($accounts, $acc);
31 30
   return $accounts;
32 31
 }
... ...
@@ -41,9 +40,9 @@ function get_jabberaccount_details($id)
41 40
   $id = (int) $id;
42 41
 
43 42
   $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
44
-  if (mysql_num_rows($result) != 1)
43
+  if ($result->rowCount() != 1)
45 44
     system_failure("Invalid account");
46
-  $data = mysql_fetch_assoc($result);
45
+  $data = $result->fetch();
47 46
   if ($data['domain'] == NULL)
48 47
     $data['domain'] = config('masterdomain');
49 48
   else
... ...
@@ -72,19 +71,19 @@ function create_jabber_account($local, $domain, $password)
72 71
   require_role(ROLE_CUSTOMER);
73 72
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
74 73
 
75
-  $local = mysql_real_escape_string( filter_input_username($local) );
74
+  $local = db_escape_string( filter_input_username($local) );
76 75
   $domain = (int) $domain;
77 76
   if (! valid_jabber_password($password))
78 77
   {
79 78
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
80 79
     return;
81 80
   }
82
-  $password = mysql_real_escape_string( $password );
81
+  $password = db_escape_string( $password );
83 82
   
84 83
   if ($domain > 0)
85 84
   {
86 85
     $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
87
-    if (mysql_num_rows($result) == 0)
86
+    if ($result->rowCount() == 0)
88 87
     {
89 88
       logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
90 89
       system_failure("Invalid domain!");
... ...
@@ -98,7 +97,7 @@ function create_jabber_account($local, $domain, $password)
98 97
     $domainquery = 'domain IS NULL'; 
99 98
   }
100 99
   $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
101
-  if (mysql_num_rows($result) > 0)
100
+  if ($result->rowCount() > 0)
102 101
   {
103 102
     logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
104 103
     system_failure("Diesen Account gibt es bereits!");
... ...
@@ -120,7 +119,7 @@ function change_jabber_password($id, $password)
120 119
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
121 120
     return;
122 121
   }
123
-  $password = mysql_real_escape_string( $password );
122
+  $password = db_escape_string( $password );
124 123
   
125 124
   db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
126 125
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
... ...
@@ -24,7 +24,7 @@ function get_lists()
24 24
   $uid = (int) $_SESSION['userinfo']['uid'];
25 25
   $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid};");
26 26
   $ret = array();
27
-  while ($list = mysql_fetch_assoc($result))
27
+  while ($list = $result->fetch())
28 28
     $ret[] = $list;
29 29
   DEBUG($ret);
30 30
   return $ret;
... ...
@@ -36,9 +36,9 @@ function get_list($id)
36 36
   $id = (int) $id;
37 37
   $uid = (int) $_SESSION['userinfo']['uid'];
38 38
   $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid} AND id={$id};");
39
-  if (mysql_num_rows($result) < 1)
39
+  if ($result->rowCount() < 1)
40 40
     system_failure('Die gewünschte Mailingliste konnte nicht gefunden werden');
41
-  $list = mysql_fetch_assoc($result);
41
+  $list = $result->fetch();
42 42
   DEBUG($list);
43 43
 
44 44
   return $list;
... ...
@@ -61,13 +61,13 @@ function create_list($listname, $maildomain, $admin)
61 61
   verify_input_general($admin);
62 62
   if (! check_emailaddr($admin))
63 63
     system_failure('Der Verwalter muss eine gültige E-Mail-Adresse sein ('.$admin.').');
64
-  $admin = mysql_real_escape_string($admin);
64
+  $admin = db_escape_string($admin);
65 65
   $result = db_query("SELECT id FROM mail.mailman_lists WHERE listname='{$listname}'");
66
-  if (mysql_num_rows($result) > 0)
66
+  if ($result->rowCount() > 0)
67 67
     system_failure('Eine Liste mit diesem Namen existiert bereits (unter dieser oder einer anderen Domain). Jeder Listenname kann nur einmal verwendet werden.');
68 68
 
69 69
   db_query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', '{$listname}', {$maildomain}, {$owner}, '{$admin}');");
70
-  DEBUG('Neue ID: '.mysql_insert_id());
70
+  DEBUG('Neue ID: '.db_insert_id());
71 71
 }
72 72
 
73 73
 
... ...
@@ -76,7 +76,7 @@ function get_mailman_domains()
76 76
   $uid = (int) $_SESSION['userinfo']['uid'];
77 77
   $result = db_query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user={$uid}");
78 78
   $ret = array();
79
-  while ($dom = mysql_fetch_assoc($result))
79
+  while ($dom = $result->fetch())
80 80
     $ret[] = $dom;
81 81
   DEBUG($ret);
82 82
   return $ret;
... ...
@@ -18,10 +18,10 @@ function get_mysql_accounts($UID)
18 18
 {
19 19
   $UID = (int) $UID;
20 20
   $result = db_query("SELECT id, username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username");
21
-  if (mysql_num_rows($result) == 0)
21
+  if ($result->rowCount() == 0)
22 22
     return array();
23 23
   $list = array();
24
-  while ($item = mysql_fetch_assoc($result))
24
+  while ($item = $result->fetch())
25 25
   {
26 26
     $list[] = $item;
27 27
   }
... ...
@@ -32,10 +32,10 @@ function get_mysql_databases($UID)
32 32
 {
33 33
   $UID = (int) $UID;
34 34
   $result = db_query("SELECT id, name, description, created FROM misc.mysql_database WHERE useraccount=$UID ORDER BY name");
35
-  if (mysql_num_rows($result) == 0)
35
+  if ($result->rowCount() == 0)
36 36
     return array();
37 37
   $list = array();
38
-  while ($item = mysql_fetch_assoc($result))
38
+  while ($item = $result->fetch())
39 39
   {
40 40
     $list[] = $item;
41 41
   }
... ...
@@ -80,7 +80,7 @@ function servers_for_databases()
80 80
   
81 81
   $result = db_query("SELECT db.name AS db, hostname FROM misc.mysql_database AS db LEFT JOIN system.useraccounts AS u ON (db.useraccount=u.uid) LEFT JOIN system.servers ON (COALESCE(db.server, u.server) = servers.id) WHERE db.useraccount={$uid}");
82 82
   $ret = array();
83
-  while ($line = mysql_fetch_assoc($result)) {
83
+  while ($line = $result->fetch()) {
84 84
     $ret[$line['db']] = $line['hostname'];
85 85
   }
86 86
   DEBUG($ret);
... ...
@@ -96,9 +96,9 @@ function get_mysql_access($db, $account)
96 96
   {
97 97
     $mysql_access = array();
98 98
     $result = db_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
99
-    if (mysql_num_rows($result) == 0)
99
+    if ($result->rowCount() == 0)
100 100
       return false;
101
-    while ($line = mysql_fetch_object($result))
101
+    while ($line = $result->fetch(PDO::FETCH_OBJ))
102 102
       $mysql_access[$line->db][$line->user] = true;
103 103
   }
104 104
   return (array_key_exists($db, $mysql_access) && array_key_exists($account, $mysql_access[$db]));
... ...
@@ -108,8 +108,8 @@ function get_mysql_access($db, $account)
108 108
 function set_mysql_access($db, $account, $status)
109 109
 {
110 110
   $uid = $_SESSION['userinfo']['uid'];
111
-  $db = mysql_real_escape_string($db);
112
-  $account = mysql_real_escape_string($account);
111
+  $db = db_escape_string($db);
112
+  $account = db_escape_string($account);
113 113
   DEBUG("User »{$account}« soll ".($status ? "" : "NICHT ")."auf die Datenbank »{$db}« zugreifen");
114 114
   $query = '';
115 115
   if ($status)
... ...
@@ -117,13 +117,13 @@ function set_mysql_access($db, $account, $status)
117 117
     if (get_mysql_access($db, $account))
118 118
       return NULL;
119 119
     $result = db_query("SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1");
120
-    if (mysql_num_rows($result) != 1)
120
+    if ($result->rowCount() != 1)
121 121
     {
122 122
       logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find database {$db}");
123 123
       system_failure("cannot find database »{$db}«");
124 124
     }
125 125
     $result = db_query("SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid} LIMIT 1");
126
-    if (mysql_num_rows($result) != 1)
126
+    if ($result->rowCount() != 1)
127 127
     {
128 128
       logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find user {$account}");
129 129
       system_failure("cannot find database user »{$account}«");
... ...
@@ -151,7 +151,7 @@ function create_mysql_account($username, $description = '')
151 151
     return NULL;
152 152
   }
153 153
   $uid = $_SESSION['userinfo']['uid'];
154
-  $username = mysql_real_escape_string($username);
154
+  $username = db_escape_string($username);
155 155
   $description = maybe_null($description);
156 156
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "creating user »{$username}«");
157 157
   db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);");
... ...
@@ -160,7 +160,7 @@ function create_mysql_account($username, $description = '')
160 160
 
161 161
 function delete_mysql_account($username)
162 162
 {
163
-  $username = mysql_real_escape_string($username);
163
+  $username = db_escape_string($username);
164 164
   $uid = $_SESSION['userinfo']['uid'];
165 165
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "deleting user »{$username}«");
166 166
   db_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
... ...
@@ -175,7 +175,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL)
175 175
     input_error("Der eingegebene Datenbankname entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein.");
176 176
     return NULL;
177 177
   }
178
-  $dbname = mysql_real_escape_string($dbname);
178
+  $dbname = db_escape_string($dbname);
179 179
   $uid = $_SESSION['userinfo']['uid'];
180 180
   $description = maybe_null($description); 
181 181
   $server = (int) $server;
... ...
@@ -189,7 +189,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL)
189 189
 
190 190
 function delete_mysql_database($dbname)
191 191
 {
192
-  $dbname = mysql_real_escape_string($dbname);
192
+  $dbname = db_escape_string($dbname);
193 193
   $uid = $_SESSION['userinfo']['uid'];
194 194
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "removing database »{$dbname}«");
195 195
   db_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
... ...
@@ -212,8 +212,8 @@ function validate_mysql_username($username)
212 212
 
213 213
 function set_mysql_password($username, $password)
214 214
 {
215
-  $username = mysql_real_escape_string($username);
216
-  $password = mysql_real_escape_string($password);
215
+  $username = db_escape_string($username);
216
+  $password = db_escape_string($password);
217 217
   $uid = $_SESSION['userinfo']['uid'];
218 218
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "updating password for »{$username}«");
219 219
   db_query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;");
... ...
@@ -223,18 +223,18 @@ function set_mysql_password($username, $password)
223 223
 function has_mysql_database($dbname)
224 224
 {
225 225
   $uid = $_SESSION['userinfo']['uid'];
226
-  $dbname = mysql_real_escape_string($dbname);
226
+  $dbname = db_escape_string($dbname);
227 227
   $result = db_query("SELECT NULL FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
228
-  return (mysql_num_rows($result) == 1);
228
+  return ($result->rowCount() == 1);
229 229
 }
230 230
 
231 231
 
232 232
 function has_mysql_user($username)
233 233
 {
234 234
   $uid = $_SESSION['userinfo']['uid'];
235
-  $userame = mysql_real_escape_string($username);
235
+  $userame = db_escape_string($username);
236 236
   $result = db_query("SELECT NULL FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
237
-  return (mysql_num_rows($result) == 1);
237
+  return ($result->rowCount() == 1);
238 238
 }
239 239
 
240 240
 
... ...
@@ -16,14 +16,14 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 function set_newsletter_address($address) {
18 18
   $cid = $_SESSION['customerinfo']['customerno'];
19
-  $address = maybe_null(mysql_real_escape_string($address));
19
+  $address = maybe_null(db_escape_string($address));
20 20
   db_query("UPDATE kundendaten.kunden SET email_newsletter={$address} WHERE id={$cid}");
21 21
 }
22 22
 
23 23
 function get_newsletter_address() {
24 24
   $cid = $_SESSION['customerinfo']['customerno'];
25 25
   $result = db_query("SELECT email_newsletter FROM kundendaten.kunden WHERE id={$cid}");
26
-  $r = mysql_fetch_assoc($result);
26
+  $r = $result->fetch();
27 27
   return $r['email_newsletter'];
28 28
 }
29 29
 
... ...
@@ -32,7 +32,7 @@ function get_latest_news() {
32 32
   $today = strftime('%Y-%m-%d');
33 33
   $result = db_query("SELECT id, date, subject, content FROM misc.news WHERE date > '{$today}' - INTERVAL 1 YEAR ORDER BY date DESC");
34 34
   $ret = array();
35
-  while ($item = mysql_fetch_assoc($result)) {
35
+  while ($item = $result->fetch()) {
36 36
     $ret[] = $item;
37 37
   }
38 38
   DEBUG($ret);
... ...
@@ -43,7 +43,7 @@ function get_latest_news() {
43 43
 function get_news_item($id) {
44 44
   $id = (int) $id;
45 45
   $result = db_query("SELECT date, subject, content FROM misc.news WHERE id={$id}");
46
-  $ret = mysql_fetch_assoc($result);
46
+  $ret = $result->fetch();
47 47
   DEBUG($ret);
48 48
   return $ret;
49 49
 }
... ...
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('session/checkuser.php');
19 18
 
20 19
 function customer_has_email($customerno, $email)
21 20
 {
22 21
   $customerno = (int) $customerno;
23
-  $email = mysql_real_escape_string($email);
22
+  $email = db_escape_string($email);
24 23
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
25
-  return (mysql_num_rows($result) > 0);
24
+  return ($result->rowCount() > 0);
26 25
 }
27 26
 
28 27
 
... ...
@@ -30,9 +29,9 @@ function validate_token($customerno, $token)
30 29
 {
31 30
   expire_tokens();
32 31
   $customerno = (int) $customerno;
33
-  $token = mysql_real_escape_string($token);
32
+  $token = db_escape_string($token);
34 33
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
35
-  return (mysql_num_rows($result) > 0);
34
+  return ($result->rowCount() > 0);
36 35
 }
37 36
 
38 37
 
... ...
@@ -53,9 +52,9 @@ function create_token($customerno)
53 52
   $customerno = (int) $customerno;
54 53
   expire_tokens();
55 54
   $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
56
-  if (mysql_num_rows($result) > 0)
55
+  if ($result->rowCount() > 0)
57 56
   {
58
-    $res = mysql_fetch_object($result)->token_create;
57
+    $res = $result->fetch(PDO::FETCH_OBJ)->token_create;
59 58
     input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
60 59
     return false;
61 60
   }
... ...
@@ -70,9 +69,9 @@ function get_customer_token($customerno)
70 69
   $customerno = (int) $customerno;
71 70
   expire_tokens();
72 71
   $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
73
-  if (mysql_num_rows($result) < 1)
72
+  if ($result->rowCount() < 1)
74 73
     system_failure("Kann das Token nicht auslesen!");
75
-  return mysql_fetch_object($result)->token;
74
+  return $result->fetch(PDO::FETCH_OBJ)->token;
76 75
 }
77 76
 
78 77
 
... ...
@@ -14,17 +14,16 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('mail.php');
19 18
 
20 19
 function customer_with_email($email)
21 20
 {
22
-  $email = mysql_real_escape_string($email);
21
+  $email = db_escape_string($email);
23 22
   $result = db_query("SELECT id FROM kundendaten.kunden WHERE email='{$email}' OR email_rechnung='{$email}' OR email_extern='{$email}' LIMIT 1;");
24
-  if (mysql_num_rows($result) == 0)
23
+  if ($result->rowCount() == 0)
25 24
     return NULL;
26 25
   else
27
-    return mysql_fetch_object($result)->id;
26
+    return $result->fetch(PDO::FETCH_OBJ)->id;
28 27
 }
29 28
 
30 29
 
... ...
@@ -38,11 +37,11 @@ function create_customer($data)
38 37
     return NULL;
39 38
   }
40 39
 
41
-  $anrede = mysql_escape_string($data['anrede']);
42
-  $firma = mysql_escape_string($data['firma']);
43
-  $vorname = mysql_escape_string($data['vorname']);
44
-  $nachname = mysql_escape_string($data['nachname']);
45
-  $email = mysql_escape_string($data['email']);
40
+  $anrede = db_escape_string($data['anrede']);
41
+  $firma = db_escape_string($data['firma']);
42
+  $vorname = db_escape_string($data['vorname']);
43
+  $nachname = db_escape_string($data['nachname']);
44
+  $email = db_escape_string($data['email']);
46 45
 
47 46
   logger(LOG_INFO, 'modules/register/include/register', 'register', "Creating new account: {$anrede} / {$firma} / {$vorname} / {$nachname} / {$email}");
48 47
   
... ...
@@ -53,7 +52,7 @@ function create_customer($data)
53 52
 
54 53
   db_query("BEGIN");
55 54
   db_query("INSERT INTO kundendaten.kunden (firma, nachname, vorname, anrede, email, erstellungsdatum,status) VALUES ({$firma}, {$nachname}, {$vorname}, {$anrede}, {$email}, CURDATE(), 3)");
56
-  $customerno = mysql_insert_id();
55
+  $customerno = db_insert_id();
57 56
   db_query("COMMIT");
58 57
   return $customerno;
59 58
 
... ...
@@ -24,7 +24,7 @@ function list_system_users()
24 24
   $result = db_query("SELECT uid,username FROM system.v_useraccounts ORDER BY username");
25 25
   
26 26
   $ret = array();
27
-  while ($item = mysql_fetch_object($result))
27
+  while ($item = $result->fetch(PDO::FETCH_OBJ))
28 28
     array_push($ret, $item);
29 29
   return $ret;
30 30
 }
... ...
@@ -37,7 +37,7 @@ function list_customers()
37 37
   $result = db_query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden");
38 38
   
39 39
   $ret = array();
40
-  while ($item = mysql_fetch_object($result))
40
+  while ($item = $result->fetch(PDO::FETCH_OBJ))
41 41
     array_push($ret, $item);
42 42
   return $ret;
43 43
 }
... ...
@@ -45,7 +45,7 @@ function list_customers()
45 45
 
46 46
 function find_customers($string) 
47 47
 {
48
-  $string = mysql_real_escape_string(chop($string));
48
+  $string = db_escape_string(chop($string));
49 49
   $return = array();
50 50
   $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
51 51
                      "firma LIKE '%{$string}%' OR firma2 LIKE '%{$string}%' OR ".
... ...
@@ -55,14 +55,14 @@ function find_customers($string)
55 55
                      "notizen LIKE '%{$string}%' OR email_rechnung LIKE '%{$string}%' OR ".
56 56
                      "email LIKE '%{$string}%' OR email_extern LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
57 57
                      "u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
58
-  while ($entry = mysql_fetch_assoc($result))
58
+  while ($entry = $result->fetch())
59 59
     $return[] = $entry['id'];
60 60
 
61 61
   $result = db_query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND (
62 62
                       domainname LIKE '%{$string}%' OR CONCAT_WS('.', domainname, tld) LIKE '%{$string}%'
63 63
                       )");
64 64
 
65
-  while ($entry = mysql_fetch_assoc($result))
65
+  while ($entry = $result->fetch())
66 66
     $return[] = $entry['kunde'];
67 67
 
68 68
   return $return;
... ...
@@ -75,7 +75,7 @@ function find_users_for_customer($id)
75 75
   $return = array();
76 76
   $result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE ".
77 77
                      "kunde='{$id}';");
78
-  while ($entry = mysql_fetch_assoc($result))
78
+  while ($entry = $result->fetch())
79 79
     $return[] = $entry;
80 80
 
81 81
   return $return;
... ...
@@ -25,7 +25,7 @@ function list_subusers()
25 25
   $uid = (int) $_SESSION['userinfo']['uid'];
26 26
   $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
27 27
   $subusers = array();
28
-  while ($item = mysql_fetch_assoc($result))
28
+  while ($item = $result->fetch())
29 29
   {
30 30
     $item['modules'] = explode(',', $item['modules']);
31 31
     $subusers[] = $item;
... ...
@@ -40,7 +40,7 @@ function load_subuser($id) {
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   
42 42
   $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
43
-  $item = mysql_fetch_assoc($result);
43
+  $item = $result->fetch();
44 44
   $item['modules'] = explode(',', $item['modules']);
45 45
   return $item;
46 46
 }
... ...
@@ -79,7 +79,7 @@ function new_subuser($username, $requested_modules, $password)
79 79
 {
80 80
   $uid = (int) $_SESSION['userinfo']['uid'];
81 81
 
82
-  $username = mysql_real_escape_string(filter_input_username($username));
82
+  $username = db_escape_string(filter_input_username($username));
83 83
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
84 84
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
85 85
     system_failure("Ungültiger Benutzername!");
... ...
@@ -100,7 +100,7 @@ function new_subuser($username, $requested_modules, $password)
100 100
   if (count($modules) == 0) {
101 101
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
102 102
   }
103
-  $modules = mysql_real_escape_string(implode(',', $modules));
103
+  $modules = db_escape_string(implode(',', $modules));
104 104
   
105 105
   $result = strong_password($password);
106 106
   if ($result !== true) {
... ...
@@ -128,7 +128,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
128 128
     system_failure("Kann diesen Account nicht finden!");
129 129
   }
130 130
 
131
-  $username = mysql_real_escape_string(filter_input_username($username));
131
+  $username = db_escape_string(filter_input_username($username));
132 132
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
133 133
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
134 134
     system_failure("Ungültiger Benutzername!");
... ...
@@ -148,7 +148,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
148 148
   if (count($modules) == 0) {
149 149
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
150 150
   }
151
-  $modules = mysql_real_escape_string(implode(',', $modules));
151
+  $modules = db_escape_string(implode(',', $modules));
152 152
   
153 153
   $pwchange = '';
154 154
   if ($password) {
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once("inc/debug.php");
18
-require_once("inc/db_connect.php");
19 18
 
20 19
 
21 20
 
... ...
@@ -23,14 +22,14 @@ function customer_may_have_useraccounts()
23 22
 {
24 23
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
25 24
   $result = db_query("SELECT COUNT(*) FROM system.useraccounts WHERE kunde={$customerno}");
26
-  return (mysql_num_rows($result) > 0);
25
+  return ($result->rowCount() > 0);
27 26
 }
28 27
 
29 28
 function customer_useraccount($uid) {
30 29
   $uid = (int) $uid;
31 30
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
32 31
   $result = db_query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1");
33
-  return mysql_num_rows($result) > 0;
32
+  return $result->rowCount() > 0;
34 33
 }
35 34
 
36 35
 function primary_useraccount()
... ...
@@ -39,7 +38,7 @@ function primary_useraccount()
39 38
     return NULL;
40 39
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
41 40
   $result = db_query("SELECT MIN(uid) AS uid FROM system.useraccounts WHERE kunde={$customerno}");
42
-  $uid = mysql_fetch_object($result)->uid;
41
+  $uid = $result->fetch(PDO::FETCH_OBJ)->uid;
43 42
   DEBUG("primary useraccount: {$uid}");
44 43
   return $uid;
45 44
 }
... ...
@@ -49,7 +48,7 @@ function available_shells()
49 48
 {
50 49
   $result = db_query("SELECT path, name FROM system.shells WHERE usable=1");
51 50
   $ret = array();
52
-  while ($s = mysql_fetch_assoc($result))
51
+  while ($s = $result->fetch())
53 52
   {
54 53
     $ret[$s['path']] = $s['name'];
55 54
   }
... ...
@@ -63,7 +62,7 @@ function list_useraccounts()
63 62
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
64 63
   $result = db_query("SELECT uid,username,name,erstellungsdatum,quota,shell FROM system.useraccounts WHERE kunde={$customerno}");
65 64
   $ret = array();
66
-  while ($item = mysql_fetch_assoc($result))
65
+  while ($item = $result->fetch())
67 66
   {
68 67
     array_push($ret, $item);
69 68
   }
... ...
@@ -79,9 +78,9 @@ function get_account_details($uid, $customerno=0)
79 78
   if ($customerno == 0)
80 79
     $customerno = $_SESSION['customerinfo']['customerno'];
81 80
   $result = db_query("SELECT uid,username,name,shell,quota,erstellungsdatum FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid}");
82
-  if (mysql_num_rows($result) == 0)
81
+  if ($result->rowCount() == 0)
83 82
     system_failure("Cannot find the requestes useraccount (for this customer).");
84
-  return mysql_fetch_assoc($result);
83
+  return $result->fetch();
85 84
 }
86 85
 
87 86
 function get_used_quota($uid)
... ...
@@ -89,7 +88,7 @@ function get_used_quota($uid)
89 88
   $uid = (int) $uid;
90 89
   $result = db_query("SELECT s.hostname AS server, systemquota, systemquota_used, mailquota, mailquota_used FROM system.v_quota AS q LEFT JOIN system.servers AS s ON (s.id=q.server) WHERE uid='{$uid}'");
91 90
   $ret = array();
92
-  while ($line = mysql_fetch_assoc($result))
91
+  while ($line = $result->fetch())
93 92
     $ret[] = $line;
94 93
   DEBUG($ret);
95 94
   return $ret;
... ...
@@ -105,8 +104,8 @@ function set_account_details($account)
105 104
   else
106 105
     $customerno = (int) $_SESSION['userinfo']['customerno'];
107 106
 
108
-  $fullname = maybe_null(mysql_real_escape_string(filter_input_general($account['name'])));
109
-  $shell = mysql_real_escape_string(filter_input_general($account['shell']));
107
+  $fullname = maybe_null(db_escape_string(filter_input_general($account['name'])));
108
+  $shell = db_escape_string(filter_input_general($account['shell']));
110 109
   $quota = (int) $account['quota'];
111 110
 
112 111
   db_query("UPDATE system.useraccounts SET name={$fullname}, quota={$quota}, shell='{$shell}' WHERE kunde={$customerno} AND uid={$uid}");
... ...
@@ -118,7 +117,7 @@ function get_customer_quota()
118 117
 {
119 118
   $cid = (int) $_SESSION['customerinfo']['customerno'];
120 119
   $result = db_query("SELECT SUM(u.quota) AS assigned, cq.quota AS max FROM system.customerquota AS cq INNER JOIN system.useraccounts AS u ON (u.kunde=cq.cid) WHERE cq.cid={$cid}");
121
-  $ret = mysql_fetch_assoc($result);
120
+  $ret = $result->fetch();
122 121
   DEBUG($ret);
123 122
   return $ret;
124 123
 }
... ...
@@ -26,7 +26,7 @@ function user_certs()
26 26
   $uid = (int) $_SESSION['userinfo']['uid'];
27 27
   $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=${uid} ORDER BY cn");
28 28
   $ret = array();
29
-  while ($i = mysql_fetch_assoc($result))
29
+  while ($i = $result->fetch())
30 30
     $ret[] = $i;
31 31
   DEBUG($ret);
32 32
   return $ret;
... ...
@@ -37,7 +37,7 @@ function user_csr()
37 37
   $uid = (int) $_SESSION['userinfo']['uid'];
38 38
   $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=${uid} ORDER BY hostname");
39 39
   $ret = array();
40
-  while ($i = mysql_fetch_assoc($result))
40
+  while ($i = $result->fetch())
41 41
     $ret[] = $i;
42 42
   DEBUG($ret);
43 43
   return $ret;
... ...
@@ -49,9 +49,9 @@ function cert_details($id)
49 49
   $uid = (int) $_SESSION['userinfo']['uid'];
50 50
   
51 51
   $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, cert, `key` FROM vhosts.certs WHERE uid={$uid} AND id={$id}");
52
-  if (mysql_num_rows($result) != 1)
52
+  if ($result->rowCount() != 1)
53 53
     system_failure("Ungültiges Zertifikat #{$id}");
54
-  return mysql_fetch_assoc($result);
54
+  return $result->fetch();
55 55
 }
56 56
 
57 57
 
... ...
@@ -61,9 +61,9 @@ function csr_details($id)
61 61
   $uid = (int) $_SESSION['userinfo']['uid'];
62 62
   
63 63
   $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid={$uid} AND id={$id}");
64
-  if (mysql_num_rows($result) != 1)
64
+  if ($result->rowCount() != 1)
65 65
     system_failure("Ungültiger CSR");
66
-  return mysql_fetch_assoc($result);
66
+  return $result->fetch();
67 67
 }
68 68
 
69 69
 
... ...
@@ -87,11 +87,11 @@ function get_chain($cert)
87 87
   if (! isset($certdata['issuer']['CN'])) {
88 88
     return NULL;
89 89
   }
90
-  $issuer = mysql_real_escape_string($certdata['issuer']['CN']);
90
+  $issuer = db_escape_string($certdata['issuer']['CN']);
91 91
   $result = db_query("SELECT id FROM vhosts.certchain WHERE cn='{$issuer}'");
92
-  if (mysql_num_rows($result) > 0)
92
+  if ($result->rowCount() > 0)
93 93
   {
94
-    $c = mysql_fetch_assoc($result);
94
+    $c = $result->fetch();
95 95
     //$chainfile = '/etc/apache2/certs/chains/'.$c['id'].'.pem';
96 96
     DEBUG("identified fitting certificate chain #".$c['id']);
97 97
     return $c['id'];
... ...
@@ -140,7 +140,7 @@ function validate_certificate($cert, $key)
140 140
   if ($chain)
141 141
   {
142 142
     $result = db_query("SELECT content FROM vhosts.certchain WHERE id={$chain}");
143
-    $tmp = mysql_fetch_assoc($result);
143
+    $tmp = $result->fetch();
144 144
     $chaincert = $tmp['content'];
145 145
     $chainfile = tempnam(sys_get_temp_dir(), 'webinterface');
146 146
     $f = fopen($chainfile, "w");
... ...
@@ -183,13 +183,13 @@ function save_cert($info, $cert, $key)
183 183
 {
184 184
   openssl_pkey_export($key, $key);
185 185
   openssl_x509_export($cert, $cert);
186
-  $subject = mysql_real_escape_string(filter_input_general($info['subject']));
187
-  $cn = mysql_real_escape_string(filter_input_general($info['cn']));
188
-  $valid_from = mysql_real_escape_string($info['valid_from']);
189
-  $valid_until = mysql_real_escape_string($info['valid_until']);
186
+  $subject = db_escape_string(filter_input_general($info['subject']));
187
+  $cn = db_escape_string(filter_input_general($info['cn']));
188
+  $valid_from = db_escape_string($info['valid_from']);
189
+  $valid_until = db_escape_string($info['valid_until']);
190 190
   $chain = maybe_null( get_chain($cert) );
191
-  $cert = mysql_real_escape_string($cert);
192
-  $key = mysql_real_escape_string($key);
191
+  $cert = db_escape_string($cert);
192
+  $key = db_escape_string($key);
193 193
   $uid = (int) $_SESSION['userinfo']['uid'];
194 194
 
195 195
   db_query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES ({$uid}, '{$subject}', '{$cn}', '{$valid_from}', '{$valid_until}', {$chain}, '{$cert}', '{$key}')");
... ...
@@ -203,17 +203,17 @@ function refresh_cert($id, $info, $cert, $key = NULL)
203 203
 
204 204
   $id = (int) $id;
205 205
   $oldcert = cert_details($id);
206
-  $cert = mysql_real_escape_string($cert);
207
-  $subject = mysql_real_escape_string(filter_input_general($info['subject']));
208
-  $cn = mysql_real_escape_string(filter_input_general($info['cn']));
206
+  $cert = db_escape_string($cert);
207
+  $subject = db_escape_string(filter_input_general($info['subject']));
208
+  $cn = db_escape_string(filter_input_general($info['cn']));
209 209
   
210
-  $valid_from = mysql_real_escape_string($info['valid_from']);
211
-  $valid_until = mysql_real_escape_string($info['valid_until']);
210
+  $valid_from = db_escape_string($info['valid_from']);
211
+  $valid_until = db_escape_string($info['valid_until']);
212 212
 
213 213
   $keyop = '';
214 214
   if ($key) {
215 215
     openssl_pkey_export($key, $key);
216
-    $keyop = ", `key`='".mysql_real_escape_string($key)."'";
216
+    $keyop = ", `key`='".db_escape_string($key)."'";
217 217
   }
218 218
   db_query("UPDATE vhosts.certs SET subject='{$subject}', cn='{$cn}', cert='{$cert}'{$keyop}, valid_from='{$valid_from}', valid_until='{$valid_until}', chain={$chain} WHERE id={$id} LIMIT 1");
219 219
 }
... ...
@@ -304,11 +304,11 @@ function save_csr($cn, $bits, $replace=NULL)
304 304
   list($csr, $key) = create_csr($cn, $bits);
305 305
   
306 306
   $uid = (int) $_SESSION['userinfo']['uid'];
307
-  $cn = mysql_real_escape_string(filter_input_hostname($cn, true));
307
+  $cn = db_escape_string(filter_input_hostname($cn, true));
308 308
   $bits = (int) $bits;
309 309
   $replace = ($replace ? (int) $replace : 'NULL');
310
-  $csr = mysql_real_escape_string($csr);
311
-  $key = mysql_real_escape_string($key);
310
+  $csr = db_escape_string($csr);
311
+  $key = db_escape_string($key);
312 312
   db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES ({$uid}, '{$cn}', {$bits}, {$replace}, '{$csr}', '{$key}')");
313 313
   $id = mysql_insert_id();
314 314
   return $id;  
... ...
@@ -27,14 +27,14 @@ function traffic_month($vhost_id)
27 27
 {
28 28
   $vhost_id = (int) $vhost_id;
29 29
   $result = db_query("SELECT sum(mb_in+mb_out) as mb FROM vhosts.traffic where date > CURDATE() - INTERVAL 1 MONTH AND vhost_id = {$vhost_id}");
30
-  $data = mysql_fetch_assoc($result);
30
+  $data = $result->fetch();
31 31
   return $data['mb'];
32 32
 }
33 33
 
34 34
 function autoipv6_address($vhost_id, $mode = 1)
35 35
 {
36 36
   $result = db_query("SELECT uid, v6_prefix FROM vhosts.v_vhost LEFT JOIN system.servers ON (servers.hostname = server) WHERE v_vhost.id={$vhost_id}");
37
-  $data = mysql_fetch_assoc($result);
37
+  $data = $result->fetch();
38 38
   if (!$data['v6_prefix'])
39 39
   {
40 40
     warning("IPv6-Adresse nicht verfügbar, Server unterstützt kein IPv6");
... ...
@@ -55,7 +55,7 @@ function list_vhosts()
55 55
   $uid = (int) $_SESSION['userinfo']['uid'];
56 56
   $result = db_query("SELECT vh.id,fqdn,domain,docroot,docroot_is_default,php,cgi,vh.certid AS cert, vh.ssl, vh.options,logtype,errorlog,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp, stats FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} ORDER BY domain,hostname");
57 57
   $ret = array();
58
-  while ($item = mysql_fetch_assoc($result))
58
+  while ($item = $result->fetch())
59 59
     array_push($ret, $item);
60 60
   return $ret;
61 61
 }
... ...
@@ -63,9 +63,9 @@ function list_vhosts()
63 63
 function ipv6_possible($server)
64 64
 {
65 65
   $serverid = (int) $server;
66
-  $servername = mysql_real_escape_string($server);
66
+  $servername = db_escape_string($server);
67 67
   $result = db_query("SELECT v6_prefix FROM system.servers WHERE id={$serverid} OR hostname='{$servername}'");
68
-  $line = mysql_fetch_assoc($result);
68
+  $line = $result->fetch();
69 69
   DEBUG("Server {$server} is v6-capable: ". ($line['v6_prefix'] != NULL));
70 70
   return ($line['v6_prefix'] != NULL);
71 71
 }
... ...
@@ -143,10 +143,10 @@ function get_vhost_details($id)
143 143
   $id = (int) $id;
144 144
   $uid = (int) $_SESSION['userinfo']['uid'];
145 145
   $result = db_query("SELECT vh.*,IF(dav.id IS NULL OR dav.type='svn', 0, 1) AS is_dav,IF(dav.id IS NULL OR dav.type='dav', 0, 1) AS is_svn, IF(webapps.id IS NULL, 0, 1) AS is_webapp FROM vhosts.v_vhost AS vh LEFT JOIN vhosts.dav ON (dav.vhost=vh.id) LEFT JOIN vhosts.webapps ON (webapps.vhost = vh.id) WHERE uid={$uid} AND vh.id={$id}");
146
-  if (mysql_num_rows($result) != 1)
146
+  if ($result->rowCount() != 1)
147 147
     system_failure('Interner Fehler beim Auslesen der Daten');
148 148
 
149
-  $ret = mysql_fetch_assoc($result);
149
+  $ret = $result->fetch();
150 150
 
151 151
   if ($ret['hsts'] === NULL) {
152 152
     DEBUG('HSTS: '.$ret['hsts']);
... ...
@@ -162,7 +162,7 @@ function get_aliases($vhost)
162 162
 {
163 163
   $result = db_query("SELECT id,fqdn,options FROM vhosts.v_alias WHERE vhost={$vhost}");
164 164
   $ret = array();
165
-  while ($item = mysql_fetch_assoc($result)) {
165
+  while ($item = $result->fetch()) {
166 166
     array_push($ret, $item);
167 167
   }
168 168
   return $ret;
... ...
@@ -192,7 +192,7 @@ function list_available_webapps()
192 192
 {
193 193
   $result = db_query("SELECT id,displayname FROM vhosts.global_webapps");
194 194
   $ret = array();
195
-  while ($item = mysql_fetch_assoc($result))
195
+  while ($item = $result->fetch())
196 196
     array_push($ret, $item);
197 197
   return $ret;
198 198
 }
... ...
@@ -248,9 +248,9 @@ function make_webapp_vhost($id, $webapp)
248 248
   if ($id == 0)
249 249
     system_failure("id == 0");
250 250
   $result = db_query("SELECT displayname FROM vhosts.global_webapps WHERE id={$webapp};");
251
-  if (mysql_num_rows($result) == 0)
251
+  if ($result->rowCount() == 0)
252 252
     system_failure("webapp-id invalid");
253
-  $webapp_name = mysql_fetch_object($result)->displayname;
253
+  $webapp_name = $result->fetch(PDO::FETCH_OBJ)->displayname;
254 254
   logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Setting up webapp '.$webapp_name.' on vhost #'.$id);
255 255
   db_query("REPLACE INTO vhosts.webapps (vhost, webapp) VALUES ({$id}, {$webapp})");
256 256
   mail('webapps-setup@schokokeks.org', 'setup', 'setup');
... ...
@@ -261,7 +261,7 @@ function check_hostname_collision($hostname, $domain)
261 261
 {
262 262
   $uid = (int) $_SESSION['userinfo']['uid'];
263 263
   # Neuer vhost => Prüfe Duplikat
264
-  $hostnamecheck = "hostname='".mysql_real_escape_string($hostname)."'";
264
+  $hostnamecheck = "hostname='".db_escape_string($hostname)."'";
265 265
   if (! $hostname) {
266 266
     $hostnamecheck = "hostname IS NULL";
267 267
   }
... ...
@@ -270,15 +270,15 @@ function check_hostname_collision($hostname, $domain)
270 270
     $domaincheck = "domain IS NULL AND user={$uid}";
271 271
   }
272 272
   $result = db_query("SELECT id FROM vhosts.vhost WHERE {$hostnamecheck} AND {$domaincheck}");
273
-  if (mysql_num_rows($result) > 0) {
273
+  if ($result->rowCount() > 0) {
274 274
     system_failure('Eine Konfiguration mit diesem Namen gibt es bereits.');
275 275
   }
276 276
   if ($domain == -1) {
277 277
     return ;
278 278
   }
279 279
   $result = db_query("SELECT id, vhost FROM vhosts.alias WHERE {$hostnamecheck} AND {$domaincheck}");
280
-  if (mysql_num_rows($result) > 0) {
281
-    $data = mysql_fetch_assoc($result);
280
+  if ($result->rowCount() > 0) {
281
+    $data = $result->fetch();
282 282
     $vh = get_vhost_details($data['vhost']);
283 283
     system_failure('Dieser Hostname ist bereits als Alias für »'.$vh['fqdn'].'« eingerichtet');
284 284
   }
... ...
@@ -328,7 +328,7 @@ function save_vhost($vhost)
328 328
     if (! $vhost['options']) $vhost['options']='nodocroot';
329 329
     else $vhost['options']+=",nodocroot";
330 330
   }
331
-  $options = mysql_real_escape_string( $vhost['options'] );
331
+  $options = db_escape_string( $vhost['options'] );
332 332
 
333 333
   $cert = 0;
334 334
   $certs = user_certs();
... ...
@@ -383,10 +383,10 @@ function get_alias_details($id)
383 383
   $uid = (int) $_SESSION['userinfo']['uid'];
384 384
   $result = db_query("SELECT * FROM vhosts.v_alias WHERE id={$id}");
385 385
   
386
-  if (mysql_num_rows($result) != 1)
386
+  if ($result->rowCount() != 1)
387 387
     system_failure('Interner Fehler beim Auslesen der Alias-Daten');
388 388
   
389
-  $alias = mysql_fetch_assoc($result);
389
+  $alias = $result->fetch();
390 390
   
391 391
   if ($alias['domain_id'] == NULL) {
392 392
     $alias['domain_id'] = -1;
... ...
@@ -420,7 +420,7 @@ function save_alias($alias)
420 420
   if ($alias['domain_id'] == -1)
421 421
     $domain = 'NULL';
422 422
   $vhost = get_vhost_details( (int) $alias['vhost']);
423
-  $options = mysql_real_escape_string( $alias['options'] );
423
+  $options = db_escape_string( $alias['options'] );
424 424
   if ($id == 0) {
425 425
     logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'aliases', 'Creating alias '.$alias['hostname'].'.'.$alias['domain'].' for VHost '.$vhost['id']);
426 426
     db_query("INSERT INTO vhosts.alias (hostname, domain, vhost, options) VALUES ({$hostname}, {$domain}, {$vhost['id']}, '{$options}')");
... ...
@@ -437,7 +437,7 @@ function available_suexec_users()
437 437
   $uid = (int) $_SESSION['userinfo']['uid'];
438 438
   $result = db_query("SELECT uid, username FROM vhosts.available_users LEFT JOIN vhosts.v_useraccounts ON (uid = suexec_user) WHERE mainuser={$uid}");
439 439
   $ret = array();
440
-  while ($i = mysql_fetch_assoc($result))
440
+  while ($i = $result->fetch())
441 441
     $ret[] = $i;
442 442
   DEBUG('available suexec-users:');
443 443
   DEBUG($ret);
... ...
@@ -451,7 +451,7 @@ function user_ipaddrs()
451 451
   $uid = (int) $_SESSION['userinfo']['uid'];
452 452
   $result = db_query("SELECT ipaddr FROM vhosts.ipaddr_available WHERE uid={$uid}");
453 453
   $ret = array();
454
-  while ($i = mysql_fetch_assoc($result))
454
+  while ($i = $result->fetch())
455 455
   {
456 456
     $ret[] = $i['ipaddr'];
457 457
   }
... ...
@@ -33,7 +33,7 @@ if (isset($_POST['freq']) && in_array($_POST['freq'],array("day","week","month")
33 33
 }
34 34
 
35 35
 $result = db_query("SELECT freq FROM qatools.v_freewvs WHERE uid={$uid};");
36
-$result=mysql_fetch_assoc($result);
36
+$result=$result->fetch();
37 37
 $freq=$result['freq'];
38 38
 
39 39
 headline('Überprüfung Ihrer Web-Anwendungen auf Sicherheitslücken');
... ...
@@ -22,17 +22,17 @@ function load_results()
22 22
   $uid = (int) $_SESSION['userinfo']['uid'];
23 23
   $result = db_query("SELECT directory, docroot, lastcheck, appname, version, state, safeversion, vulninfo FROM qatools.freewvs_results WHERE uid={$uid}");
24 24
   $ret = array();
25
-  while ($line = mysql_fetch_assoc($result)) {
25
+  while ($line = $result->fetch()) {
26 26
     array_push($ret, $line);
27 27
   }
28 28
   return $ret;
29 29
 }
30 30
 
31 31
 function get_upgradeinstructions($appname) {
32
-  $appname = mysql_real_escape_string($appname);
32
+  $appname = db_escape_string($appname);
33 33
   $result = db_query("SELECT url FROM qatools.freewvs_upgradeinstructions WHERE appname='{$appname}' LIMIT 1");
34
-  if (mysql_num_rows($result) > 0) {
35
-    $tmp = mysql_fetch_array($result);
34
+  if ($result->rowCount() > 0) {
35
+    $tmp = $result->fetch();
36 36
     return $tmp[0];
37 37
   }
38 38
   return NULL;
... ...
@@ -20,11 +20,11 @@ function create_new_webapp($appname, $directory, $url, $data)
20 20
 {
21 21
   if (directory_in_use($directory))
22 22
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen. Aus Sicherheitsgründen können Sie in diesem Verzeichnis am selben Tag nicht schon wieder eine Anwendung installieren.');
23
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
24
-  $appname = mysql_real_escape_string($appname);
25
-  $directory = mysql_real_escape_string($directory);
26
-  $url = mysql_real_escape_string($url);
27
-  $data = mysql_real_escape_string($data);
23
+  $username = db_escape_string($_SESSION['userinfo']['username']);
24
+  $appname = db_escape_string($appname);
25
+  $directory = db_escape_string($directory);
26
+  $url = db_escape_string($url);
27
+  $data = db_escape_string($data);
28 28
   db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username, data) VALUES ('{$appname}', '{$directory}', '{$url}', 'new', '{$username}', '{$data}')");
29 29
 }
30 30
 
... ...
@@ -33,18 +33,18 @@ function request_update($appname, $directory, $url)
33 33
 {
34 34
   if (directory_in_use($directory))
35 35
     system_failure('Sie haben erst kürzlich eine Anwendung in diesem Verzeichnis installieren lassen oder ein Update in diesem Verzeichnis angefordert. Bitte warten Sie bis diese Aktion durchgeführt wurde.');
36
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
37
-  $appname = mysql_real_escape_string($appname);
38
-  $directory = mysql_real_escape_string($directory);
39
-  $url = maybe_null(mysql_real_escape_string($url));
36
+  $username = db_escape_string($_SESSION['userinfo']['username']);
37
+  $appname = db_escape_string($appname);
38
+  $directory = db_escape_string($directory);
39
+  $url = maybe_null(db_escape_string($url));
40 40
   db_query("INSERT INTO vhosts.webapp_installer (appname, directory, url, state, username) VALUES ('{$appname}', '{$directory}', {$url}, 'old', '{$username}')");
41 41
 }
42 42
 
43 43
 function directory_in_use($directory)
44 44
 {
45
-  $directory = mysql_real_escape_string($directory);
45
+  $directory = db_escape_string($directory);
46 46
   $result = db_query("SELECT id FROM vhosts.webapp_installer WHERE (state IN ('new','old') OR DATE(lastchange)=CURDATE()) AND directory='{$directory}'");
47
-  if (mysql_num_rows($result) > 0)
47
+  if ($result->rowCount() > 0)
48 48
     return true;
49 49
   return false;
50 50
 }
... ...
@@ -101,15 +101,15 @@ function get_url_for_dir($docroot, $cutoff = '')
101 101
 {
102 102
   if (substr($docroot, -1) == '/')
103 103
     $docroot = substr($docroot, 0, -1);
104
-  $docroot = mysql_real_escape_string($docroot);
104
+  $docroot = db_escape_string($docroot);
105 105
   $result = db_query("SELECT `ssl`, IF(FIND_IN_SET('aliaswww', options), CONCAT('www.',fqdn), fqdn) AS fqdn FROM vhosts.v_vhost WHERE docroot IN ('{$docroot}', '{$docroot}/') LIMIT 1");
106
-  if (mysql_num_rows($result) < 1)
106
+  if ($result->rowCount() < 1)
107 107
   {
108 108
     if (!strstr($docroot, '/'))
109 109
       return NULL;
110 110
     return get_url_for_dir(substr($docroot, 0, strrpos($docroot, '/')), substr($docroot, strrpos($docroot, '/')).$cutoff);
111 111
   } 
112
-  $tmp = mysql_fetch_assoc($result);
112
+  $tmp = $result->fetch();
113 113
   $prefix = 'http://';
114 114
   if ($tmp['ssl'] == 'forward' || $tmp['ssl'] == 'https')
115 115
     $prefix = 'https://';
... ...
@@ -122,7 +122,7 @@ function create_webapp_mysqldb($application, $sitename)
122 122
   // dependet auf das mysql-modul
123 123
   require_once('modules/mysql/include/mysql.php'); 
124 124
   
125
-  $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
125
+  $username = db_escape_string($_SESSION['userinfo']['username']);
126 126
   $description = "Automatisch erzeugte Datenbank für {$application} ({$sitename})";
127 127
   
128 128
   // zuerst versuchen wir username_webappname. Wenn das nicht klappt, dann wird hochgezählt
... ...
@@ -16,10 +16,10 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 function account_has_totp($username)
18 18
 {
19
-  $username = mysql_real_escape_string($username);
19
+  $username = db_escape_string($username);
20 20
   $result = db_query("SELECT id FROM mail.webmail_totp WHERE email='{$username}'");
21
-  if (mysql_num_rows($result) > 0) {
22
-    $tmp = mysql_fetch_assoc($result);
21
+  if ($result->rowCount() > 0) {
22
+    $tmp = $result->fetch();
23 23
     $id = $tmp['id'];
24 24
     return $id;
25 25
   } else {
... ...
@@ -31,13 +31,13 @@ function account_has_totp($username)
31 31
 
32 32
 function validate_password($username, $password) 
33 33
 {
34
-  $username = mysql_real_escape_string($username);
34
+  $username = db_escape_string($username);
35 35
   $result = db_query("SELECT account, cryptpass FROM mail.courier_mailaccounts WHERE account='{$username}' UNION SELECT account, cryptpass FROM mail.courier_virtual_accounts WHERE account='{$username}'");
36
-  if (mysql_num_rows($result) != 1) {
36
+  if ($result->rowCount() != 1) {
37 37
     // Kein Account mit dem Namen oder Name nicht eindeutig
38 38
     return false;
39 39
   }
40
-  $account = mysql_fetch_assoc($result);
40
+  $account = $result->fetch();
41 41
   return (crypt($password, $account['cryptpass']) == $account['cryptpass']);
42 42
 }
43 43
 
... ...
@@ -87,9 +87,9 @@ function decode_webmail_password($crypted, $webmailpw)
87 87
 
88 88
 
89 89
 function get_imap_password($username, $webmailpass) {
90
-  $username = mysql_real_escape_string($username);
90
+  $username = db_escape_string($username);
91 91
   $result = db_query("SELECT webmailpass FROM mail.webmail_totp WHERE email='{$username}'");
92
-  $tmp = mysql_fetch_assoc($result);
92
+  $tmp = $result->fetch();
93 93
   
94 94
   $crypted = $tmp['webmailpass'];
95 95
     
... ...
@@ -107,7 +107,7 @@ function check_webmail_password($username, $webmailpass)
107 107
 
108 108
 function generate_secret($username)
109 109
 {
110
-  $username = mysql_real_escape_string($username);
110
+  $username = db_escape_string($username);
111 111
   require_once('external/googleauthenticator/GoogleAuthenticator.php');
112 112
   $ga = new PHPGangsta_GoogleAuthenticator();
113 113
   
... ...
@@ -120,9 +120,9 @@ function generate_secret($username)
120 120
 
121 121
 function check_locked($username) 
122 122
 {
123
-  $username = mysql_real_escape_string($username);
123
+  $username = db_escape_string($username);
124 124
   $result = db_query("SELECT 1 FROM mail.webmail_totp WHERE unlock_timestamp IS NOT NULL and unlock_timestamp > NOW() AND email='{$username}'");
125
-  return (mysql_num_rows($result) > 0);
125
+  return ($result->rowCount() > 0);
126 126
 }
127 127
 
128 128
 function check_totp($username, $code) {
... ...
@@ -131,10 +131,10 @@ function check_totp($username, $code) {
131 131
     return false;
132 132
   }
133 133
 
134
-  $username = mysql_real_escape_string($username);
134
+  $username = db_escape_string($username);
135 135
 
136 136
   $result = db_query("SELECT totp_secret, failures FROM mail.webmail_totp WHERE email='{$username}' AND (unlock_timestamp IS NULL OR unlock_timestamp <= NOW())");
137
-  $tmp = mysql_fetch_assoc($result);
137
+  $tmp = $result->fetch();
138 138
   $secret = $tmp['totp_secret'];
139 139
 
140 140
   require_once('external/googleauthenticator/GoogleAuthenticator.php');
... ...
@@ -197,7 +197,7 @@ function accountname($id)
197 197
   $id = (int) $id;
198 198
   $uid = (int) $_SESSION['userinfo']['uid'];
199 199
   $result = db_query("SELECT email FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}");
200
-  if ($tmp = mysql_fetch_assoc($result)) {
200
+  if ($tmp = $result->fetch()) {
201 201
     return $tmp['email'];
202 202
   }
203 203
 }
... ...
@@ -214,17 +214,17 @@ function delete_totp($id)
214 214
 
215 215
 function blacklist_token($email, $token)
216 216
 {
217
-  $email = mysql_real_escape_string($email);
218
-  $token = mysql_real_escape_string($token);
217
+  $email = db_escape_string($email);
218
+  $token = db_escape_string($token);
219 219
   db_query("INSERT INTO mail.webmail_totp_blacklist (timestamp, email, token) VALUES (NOW(), '{$email}', '{$token}')");
220 220
 }
221 221
 
222 222
 function check_blacklist($email, $token)
223 223
 {
224
-  $email = mysql_real_escape_string($email);
225
-  $token = mysql_real_escape_string($token);
224
+  $email = db_escape_string($email);
225
+  $token = db_escape_string($token);
226 226
   db_query("DELETE FROM mail.webmail_totp_blacklist WHERE timestamp < NOW() - INTERVAL 10 MINUTE");
227 227
   $result = db_query("SELECT id FROM mail.webmail_totp_blacklist WHERE email='{$email}' AND token='{$token}'");
228
-  return (mysql_num_rows($result) > 0);
228
+  return ($result->rowCount() > 0);
229 229
 }
230 230
 
... ...
@@ -18,7 +18,6 @@ require_once('inc/base.php');
18 18
 require_once('inc/debug.php');
19 19
 require_once('inc/error.php');
20 20
 
21
-require_once('inc/db_connect.php');
22 21
 
23 22
 define('ROLE_ANONYMOUS', 0);
24 23
 define('ROLE_MAILACCOUNT', 1);
... ...
@@ -33,16 +32,16 @@ define('ROLE_SUBUSER', 32);
33 32
 
34 33
 function find_role($login, $password, $i_am_admin = False)
35 34
 {
36
-  $login = mysql_real_escape_string($login);
35
+  $login = db_escape_string($login);
37 36
   // Domain-Admin?  <not implemented>
38 37
   // System-User?
39 38
   $uid = (int) $login;
40 39
   if ($uid == 0)
41 40
     $uid = 'NULL';
42 41
   $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
43
-  if (@mysql_num_rows($result) > 0)
42
+  if (@$result->rowCount() > 0)
44 43
   {
45
-    $entry = mysql_fetch_object($result);
44
+    $entry = $result->fetch(PDO::FETCH_OBJ);
46 45
     if (strcasecmp($entry->username, $login) == 0 && $entry->username != $login) {
47 46
       // MySQL matched (warum auch immer) ohne Beachtung der Schreibweise. Wir wollen aber case-sensitive sein.
48 47
       logger(LOG_WARNING, "session/checkuser", "login", "denying login to wrong cased username »{$login}«.");
... ...
@@ -72,7 +71,7 @@ function find_role($login, $password, $i_am_admin = False)
72 71
   $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
73 72
   if ($i_am_admin)
74 73
     $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno}");
75
-  if (@mysql_num_rows($result) > 0)
74
+  if (@$result->rowCount() > 0)
76 75
   {
77 76
     return ROLE_CUSTOMER;
78 77
   }
... ...
@@ -80,9 +79,9 @@ function find_role($login, $password, $i_am_admin = False)
80 79
   // Sub-User
81 80
 
82 81
   $result = db_query("SELECT password FROM system.subusers WHERE username='{$login}'");
83
-  if (@mysql_num_rows($result) > 0)
82
+  if (@$result->rowCount() > 0)
84 83
   {
85
-    $entry = mysql_fetch_object($result);
84
+    $entry = $result->fetch(PDO::FETCH_OBJ);
86 85
     $db_password = $entry->password;
87 86
     // SHA1 für alte Subuser (kaylee), SHA256 für neue Subuser
88 87
     if (hash("sha1", $password) == $db_password || hash("sha256", $password) == $db_password || $i_am_admin)
... ...
@@ -113,9 +112,9 @@ function find_role($login, $password, $i_am_admin = False)
113 112
     }
114 113
   }
115 114
   $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
116
-  if (@mysql_num_rows($result) > 0)
115
+  if (@$result->rowCount() > 0)
117 116
   {
118
-    $entry = mysql_fetch_object($result);
117
+    $entry = $result->fetch(PDO::FETCH_OBJ);
119 118
     $db_password = $entry->cryptpass;
120 119
     $hash = crypt($password, $db_password);
121 120
     if ($hash == $db_password || $i_am_admin)
... ...
@@ -129,9 +128,9 @@ function find_role($login, $password, $i_am_admin = False)
129 128
   // virtueller Mail-Account
130 129
   $account = $login;
131 130
   $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account='{$account}' LIMIT 1;");
132
-  if (@mysql_num_rows($result) > 0)
131
+  if (@$result->rowCount() > 0)
133 132
   {
134
-    $entry = mysql_fetch_object($result);
133
+    $entry = $result->fetch(PDO::FETCH_OBJ);
135 134
     $db_password = $entry->cryptpass;
136 135
     $hash = crypt($password, $db_password);
137 136
     if ($hash == $db_password || $i_am_admin)
... ...
@@ -162,13 +161,13 @@ function get_customer_info($customer)
162 161
   }
163 162
   else
164 163
   {
165
-    $username = mysql_real_escape_string($customer);
164
+    $username = db_escape_string($customer);
166 165
     DEBUG('looking up customer info for username '.$username);
167 166
     $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
168 167
   }
169
-  if (@mysql_num_rows($result) == 0)
168
+  if (@$result->rowCount() == 0)
170 169
     system_failure("Konnte Kundendaten nicht auslesen!");
171
-  $data = mysql_fetch_assoc($result);
170
+  $data = $result->fetch();
172 171
   DEBUG($data);
173 172
   $ret['customerno'] = $data['id'];
174 173
   $ret['title'] = $data['anrede'];
... ...
@@ -183,12 +182,12 @@ function get_customer_info($customer)
183 182
 function get_subuser_info($username)
184 183
 {
185 184
   $result = db_query("SELECT uid, modules FROM system.subusers WHERE username='{$username}'");
186
-  if (mysql_num_rows($result) < 1)
185
+  if ($result->rowCount() < 1)
187 186
   {
188 187
     logger(LOG_ERR, "session/checkuser", "login", "error reading subuser's data: »{$username}«");
189 188
     system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
190 189
   }
191
-  $data = mysql_fetch_assoc($result);
190
+  $data = $result->fetch();
192 191
   $userinfo = get_user_info($data['uid']);
193 192
   $userinfo['modules'] = $data['modules'];
194 193
   return $userinfo;
... ...
@@ -197,15 +196,15 @@ function get_subuser_info($username)
197 196
 
198 197
 function get_user_info($username)
199 198
 {
200
-  $username = mysql_real_escape_string($username);
199
+  $username = db_escape_string($username);
201 200
   $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name, server
202 201
                       FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1");
203
-  if (mysql_num_rows($result) < 1)
202
+  if ($result->rowCount() < 1)
204 203
   {
205 204
     logger(LOG_ERR, "session/checkuser", "login", "error reading user's data: »{$username}«");
206 205
     system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
207 206
   }
208
-  $val = @mysql_fetch_object($result);
207
+  $val = @$result->fetch(PDO::FETCH_OBJ);
209 208
   return array(
210 209
           'username'      => $val->username,
211 210
           'customerno'    => $val->customerno,
... ...
@@ -239,7 +238,7 @@ function set_customer_password($customerno, $newpass)
239 238
 
240 239
 function set_subuser_password($subuser, $newpass)
241 240
 {
242
-  $subuser = mysql_real_escape_string($subuser);
241
+  $subuser = db_escape_string($subuser);
243 242
   $uid = (int) $_SESSION['userinfo']['uid'];
244 243
   $newpass = sha1($newpass);
245 244
   db_query("UPDATE system.subusers SET password='$newpass' WHERE username='{$subuser}' AND uid={$uid}");
... ...
@@ -269,20 +268,20 @@ function set_systemuser_password($uid, $newpass)
269 268
 function user_for_mailaccount($account) 
270 269
 {
271 270
   $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
272
-  if (mysql_num_rows($result) != 1) {
271
+  if ($result->rowCount() != 1) {
273 272
     system_failure('Diese Adresse ist herrenlos?!');
274 273
   }
275
-  $tmp = mysql_fetch_assoc($result);
274
+  $tmp = $result->fetch();
276 275
   return $tmp['uid'];
277 276
 }
278 277
 
279 278
 function user_for_vmail_account($account)
280 279
 {
281 280
   $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)='{$account}' LIMIT 1;");
282
-  if (mysql_num_rows($result) != 1) {
281
+  if ($result->rowCount() != 1) {
283 282
     system_failure('Diese Adresse ist herrenlos?!');
284 283
   }
285
-  $tmp = mysql_fetch_assoc($result);
284
+  $tmp = $result->fetch();
286 285
   return $tmp['useraccount'];
287 286
 }
288 287
 
... ...
@@ -300,7 +299,7 @@ function setup_session($role, $useridentity)
300 299
     $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
301 300
     $_SESSION['subuser'] = $useridentity;
302 301
     $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username='{$info['username']}'");
303
-    if ($entry = mysql_fetch_assoc($data)) {
302
+    if ($entry = $data->fetch) {
304 303
       if ($entry['kundenaccount'] == 1) {
305 304
         $customer = get_customer_info($_SESSION['userinfo']['username']);
306 305
         $_SESSION['customerinfo'] = $customer;
307 306