Browse code
Umstellung auf PDO-Datenbankverbindung
Bernd Wurst authored on01/02/2014 18:38:23 Showing39 changed files
- certlogin/ajax.php
- certlogin/index.php
- class/customer.php
- class/database.php
- class/domain.php
- class/keksdata.php
- dispatch.php
- inc/base.php
- inc/db_connect.php
- modules/adddomain/include/adddomain.php
- modules/crm/include/crm.php
- modules/dns/include/dnsinclude.php
- modules/domains/include/domains.php
- modules/email/include/hasaccount.php
- modules/email/include/hasdomain.php
- modules/email/include/mailaccounts.php
- modules/email/include/vmail.php
- modules/ftpusers/include/ftpusers.php
- modules/greylisting/include/greylisting.php
- modules/index/include/newpass.php
- modules/index/include/x509.php
- modules/invoice/include/invoice.php
- modules/invoice/sepamandat_copydata.php
- modules/jabber/include/jabberaccounts.php
- modules/mailman/include/mailman.php
- modules/mysql/include/mysql.php
- modules/newsletter/includes/newsletter.php
- modules/register/include/newpass.php
- modules/register/include/register.php
- modules/su/include/su.php
- modules/subusers/include/subuser.php
- modules/systemuser/include/useraccounts.php
- modules/vhosts/include/certs.php
- modules/vhosts/include/vhosts.php
- modules/webapps/freewvs.php
- modules/webapps/include/freewvs.php
- modules/webapps/include/webapp-installer.php
- modules/webmailtotp/include/totp.php
- session/checkuser.php
| ... | ... |
@@ -39,14 +39,14 @@ function prepare_cert($cert) |
| 39 | 39 |
|
| 40 | 40 |
function get_logins_by_cert($cert) |
| 41 | 41 |
{
|
| 42 |
- $cert = mysql_real_escape_string(prepare_cert($cert)); |
|
| 42 |
+ $cert = db_escape_string(prepare_cert($cert)); |
|
| 43 | 43 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
|
| 44 | 44 |
$result = db_query($query); |
| 45 |
- if (mysql_num_rows($result) < 1) |
|
| 45 |
+ if ($result->rowCount() < 1) |
|
| 46 | 46 |
return NULL; |
| 47 | 47 |
else {
|
| 48 | 48 |
$ret = array(); |
| 49 |
- while ($row = mysql_fetch_assoc($result)) {
|
|
| 49 |
+ while ($row = $result->fetch()) {
|
|
| 50 | 50 |
$ret[] = $row; |
| 51 | 51 |
} |
| 52 | 52 |
return $ret; |
| ... | ... |
@@ -39,14 +39,14 @@ function prepare_cert($cert) |
| 39 | 39 |
|
| 40 | 40 |
function get_logins_by_cert($cert) |
| 41 | 41 |
{
|
| 42 |
- $cert = mysql_real_escape_string(prepare_cert($cert)); |
|
| 42 |
+ $cert = db_escape_string(prepare_cert($cert)); |
|
| 43 | 43 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
|
| 44 | 44 |
$result = db_query($query); |
| 45 |
- if (mysql_num_rows($result) < 1) |
|
| 45 |
+ if ($result->rowCount() < 1) |
|
| 46 | 46 |
return NULL; |
| 47 | 47 |
else {
|
| 48 | 48 |
$ret = array(); |
| 49 |
- while ($row = mysql_fetch_assoc($result)) {
|
|
| 49 |
+ while ($row = $result->fetch()) {
|
|
| 50 | 50 |
$ret[] = $row; |
| 51 | 51 |
} |
| 52 | 52 |
return $ret; |
| ... | ... |
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_once('inc/db_connect.php');
|
|
| 18 | 17 |
require_once('inc/base.php');
|
| 19 | 18 |
require_once('inc/debug.php');
|
| 20 | 19 |
|
| 21 | 20 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,119 @@ |
| 1 |
+<?php |
|
| 2 |
+/* |
|
| 3 |
+This file belongs to the Webinterface of schokokeks.org Hosting |
|
| 4 |
+ |
|
| 5 |
+Written 2008-2013 by schokokeks.org Hosting, namely |
|
| 6 |
+ Bernd Wurst <bernd@schokokeks.org> |
|
| 7 |
+ Hanno Böck <hanno@schokokeks.org> |
|
| 8 |
+ |
|
| 9 |
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
| 10 |
+ |
|
| 11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 12 |
+http://creativecommons.org/publicdomain/zero/1.0/ |
|
| 13 |
+ |
|
| 14 |
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
| 15 |
+*/ |
|
| 16 |
+ |
|
| 17 |
+require_once('inc/base.php');
|
|
| 18 |
+require_once('inc/error.php');
|
|
| 19 |
+require_once('inc/debug.php');
|
|
| 20 |
+ |
|
| 21 |
+ |
|
| 22 |
+class DB extends PDO {
|
|
| 23 |
+ function __construct() {
|
|
| 24 |
+ $dsn = "mysql:host=".config('db_host');
|
|
| 25 |
+ if (config('db_port', true)) {
|
|
| 26 |
+ $dsn .= ';port='.config('db_port', true);
|
|
| 27 |
+ } |
|
| 28 |
+ $username = config('db_user', true);
|
|
| 29 |
+ $password = config('db_pass', true);
|
|
| 30 |
+ parent::__construct($dsn, $username, $password); |
|
| 31 |
+ } |
|
| 32 |
+ |
|
| 33 |
+ |
|
| 34 |
+ /* |
|
| 35 |
+ Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen |
|
| 36 |
+ */ |
|
| 37 |
+ function query($stmt, $params = NULL) {
|
|
| 38 |
+ if (is_array($params)) {
|
|
| 39 |
+ $response = parent::prepare($stmt); |
|
| 40 |
+ $response->execute($params); |
|
| 41 |
+ return $response; |
|
| 42 |
+ } else {
|
|
| 43 |
+ return parent::query($stmt); |
|
| 44 |
+ } |
|
| 45 |
+ } |
|
| 46 |
+} |
|
| 47 |
+ |
|
| 48 |
+ |
|
| 49 |
+/* FIXME |
|
| 50 |
+ Das ist etwas unelegant. Soll nur übergangsweise verwendet werden bis alles auf prepared statements umgestellt ist |
|
| 51 |
+*/ |
|
| 52 |
+function db_escape_string($string) |
|
| 53 |
+{
|
|
| 54 |
+ global $db; |
|
| 55 |
+ __ensure_connected(); |
|
| 56 |
+ $quoted = $db->quote($string); |
|
| 57 |
+ // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string() |
|
| 58 |
+ $ret = substr($quoted, 1, -1); |
|
| 59 |
+ return $ret; |
|
| 60 |
+} |
|
| 61 |
+ |
|
| 62 |
+ |
|
| 63 |
+function db_insert_id() |
|
| 64 |
+{
|
|
| 65 |
+ global $db; |
|
| 66 |
+ __ensure_connected(); |
|
| 67 |
+ return $db->lastInsertId(); |
|
| 68 |
+} |
|
| 69 |
+ |
|
| 70 |
+ |
|
| 71 |
+function __ensure_connected() |
|
| 72 |
+{
|
|
| 73 |
+ /* |
|
| 74 |
+ Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton |
|
| 75 |
+ aber es hilft uns in unserem prozeduralen Kontext |
|
| 76 |
+ */ |
|
| 77 |
+ global $db; |
|
| 78 |
+ if (! isset($db)) {
|
|
| 79 |
+ try {
|
|
| 80 |
+ DEBUG("Neue Datenbankverbindung!");
|
|
| 81 |
+ $db = new DB(); |
|
| 82 |
+ $db->query("SET NAMES utf8");
|
|
| 83 |
+ $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); |
|
| 84 |
+ $db->setAttribute(PDO::ATTR_AUTOCOMMIT, true); |
|
| 85 |
+ } catch (PDOException $e) {
|
|
| 86 |
+ global $debugmode; |
|
| 87 |
+ if ($debugmode) {
|
|
| 88 |
+ system_failure("MySQL-Fehler: ".$e->getMessage());
|
|
| 89 |
+ } else {
|
|
| 90 |
+ system_failure("Fehler bei der Datenbankverbindung!");
|
|
| 91 |
+ } |
|
| 92 |
+ } |
|
| 93 |
+ } |
|
| 94 |
+} |
|
| 95 |
+ |
|
| 96 |
+ |
|
| 97 |
+function db_query($stmt, $params = NULL) |
|
| 98 |
+{
|
|
| 99 |
+ global $db; |
|
| 100 |
+ __ensure_connected(); |
|
| 101 |
+ DEBUG($stmt); |
|
| 102 |
+ if ($params) {
|
|
| 103 |
+ DEBUG($params); |
|
| 104 |
+ } |
|
| 105 |
+ try {
|
|
| 106 |
+ $result = $db->query($stmt, $params); |
|
| 107 |
+ DEBUG('=> '.$result->rowCount().' rows');
|
|
| 108 |
+ } catch (PDOException $e) {
|
|
| 109 |
+ global $debugmode; |
|
| 110 |
+ if ($debugmode) {
|
|
| 111 |
+ system_failure("MySQL-Fehler: ".$e->getMessage());
|
|
| 112 |
+ } else {
|
|
| 113 |
+ system_failure("Datenbankfehler");
|
|
| 114 |
+ } |
|
| 115 |
+ } |
|
| 116 |
+ return $result; |
|
| 117 |
+} |
|
| 118 |
+ |
|
| 119 |
+ |
| ... | ... |
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_once('inc/db_connect.php');
|
|
| 18 | 17 |
require_once('inc/base.php');
|
| 19 | 18 |
require_once('inc/debug.php');
|
| 20 | 19 |
|
| ... | ... |
@@ -42,7 +41,7 @@ class Domain extends KeksData |
| 42 | 41 |
|
| 43 | 42 |
function loadByName($name) |
| 44 | 43 |
{
|
| 45 |
- $name = mysql_real_escape_string($name); |
|
| 44 |
+ $name = db_escape_string($name); |
|
| 46 | 45 |
$res = $this->getData("*", "CONCAT_WS('.', domainname, tld)='{$name}' LIMIT 1");
|
| 47 | 46 |
if (count($res) < 1) |
| 48 | 47 |
return false; |
| ... | ... |
@@ -112,9 +111,9 @@ function get_domain_list($customerno, $uid = NULL) |
| 112 | 111 |
$query .= " ORDER BY domainname,tld"; |
| 113 | 112 |
$result = db_query($query); |
| 114 | 113 |
$domains = array(); |
| 115 |
- DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n");
|
|
| 116 |
- if (mysql_num_rows($result) > 0) |
|
| 117 |
- while ($domain = mysql_fetch_object($result)) |
|
| 114 |
+ DEBUG('Result set is '.$result->rowCount()." rows.<br />\n");
|
|
| 115 |
+ if ($result->rowCount() > 0) |
|
| 116 |
+ while ($domain = $result->fetch(PDO::FETCH_OBJ)) |
|
| 118 | 117 |
array_push($domains, new Domain((int) $domain->id)); |
| 119 | 118 |
DEBUG($domains); |
| 120 | 119 |
return $domains; |
| ... | ... |
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_once('inc/db_connect.php');
|
|
| 18 | 17 |
require_once('inc/base.php');
|
| 19 | 18 |
require_once('inc/debug.php');
|
| 20 | 19 |
|
| ... | ... |
@@ -57,7 +56,7 @@ abstract class KeksData |
| 57 | 56 |
{
|
| 58 | 57 |
$fields = array(); |
| 59 | 58 |
$res = db_query("DESCRIBE {$this->default_table}");
|
| 60 |
- while ($f = mysql_fetch_object($res)) |
|
| 59 |
+ while ($f = $res->fetch(PDO::FETCH_OBJ)) |
|
| 61 | 60 |
{
|
| 62 | 61 |
$fields[$f->Field] = $f->Default; |
| 63 | 62 |
} |
| ... | ... |
@@ -80,7 +79,7 @@ abstract class KeksData |
| 80 | 79 |
|
| 81 | 80 |
$res = db_query("SELECT {$fields} FROM {$table} {$where}");
|
| 82 | 81 |
$return = array(); |
| 83 |
- while ($arr = mysql_fetch_assoc($res)) |
|
| 82 |
+ while ($arr = $res->fetch()) |
|
| 84 | 83 |
array_push($return, $arr); |
| 85 | 84 |
return $return; |
| 86 | 85 |
} |
| ... | ... |
@@ -102,7 +101,7 @@ abstract class KeksData |
| 102 | 101 |
$upd = array(); |
| 103 | 102 |
foreach ($this->changes as $key => $value) |
| 104 | 103 |
{
|
| 105 |
- $value = mysql_real_escape_string($value); |
|
| 104 |
+ $value = db_escape_string($value); |
|
| 106 | 105 |
array_push($upd, "`{$key}`='{$value}'");
|
| 107 | 106 |
} |
| 108 | 107 |
db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};");
|
| ... | ... |
@@ -17,7 +17,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 17 | 17 |
|
| 18 | 18 |
require_once('config.php');
|
| 19 | 19 |
require_once('inc/debug.php');
|
| 20 |
-require_once('inc/db_connect.php');
|
|
| 21 | 20 |
require_once("inc/base.php");
|
| 22 | 21 |
require_once("inc/theme.php");
|
| 23 | 22 |
|
| ... | ... |
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_once('inc/db_connect.php');
|
|
| 17 |
+require_once('class/database.php');
|
|
| 18 | 18 |
require_once('inc/debug.php');
|
| 19 | 19 |
|
| 20 | 20 |
function config($key) |
| ... | ... |
@@ -36,9 +36,9 @@ function config($key) |
| 36 | 36 |
return $config[$key]; |
| 37 | 37 |
|
| 38 | 38 |
/* read configuration from database */ |
| 39 |
- $options = db_query( "SELECT `key`, value FROM misc.config" ); |
|
| 39 |
+ $result = db_query( "SELECT `key`, value FROM misc.config" ); |
|
| 40 | 40 |
|
| 41 |
- while( $object = mysql_fetch_assoc( $options ) ) {
|
|
| 41 |
+ while( $object = $result->fetch() ) {
|
|
| 42 | 42 |
if (!array_key_exists($object['key'], $config)) {
|
| 43 | 43 |
$config[$object['key']]=$object['value']; |
| 44 | 44 |
} |
| ... | ... |
@@ -56,8 +56,9 @@ function config($key) |
| 56 | 56 |
|
| 57 | 57 |
function get_server_by_id($id) {
|
| 58 | 58 |
$id = (int) $id; |
| 59 |
- $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'"));
|
|
| 60 |
- return $result['hostname']; |
|
| 59 |
+ $result = db_query("SELECT hostname FROM system.servers WHERE id='{$id}'");
|
|
| 60 |
+ $ret = $result->fetch(); |
|
| 61 |
+ return $ret['hostname']; |
|
| 61 | 62 |
} |
| 62 | 63 |
|
| 63 | 64 |
|
| ... | ... |
@@ -74,7 +75,7 @@ function my_server_id() |
| 74 | 75 |
{
|
| 75 | 76 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 76 | 77 |
$result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
|
| 77 |
- $r = mysql_fetch_assoc($result); |
|
| 78 |
+ $r = $result->fetch(); |
|
| 78 | 79 |
DEBUG($r); |
| 79 | 80 |
return $r['server']; |
| 80 | 81 |
} |
| ... | ... |
@@ -85,7 +86,7 @@ function additional_servers() |
| 85 | 86 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 86 | 87 |
$result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}");
|
| 87 | 88 |
$servers = array(); |
| 88 |
- while ($s = mysql_fetch_assoc($result)) |
|
| 89 |
+ while ($s = $result->fetch()) |
|
| 89 | 90 |
$servers[] = $s['server']; |
| 90 | 91 |
DEBUG($servers); |
| 91 | 92 |
return $servers; |
| ... | ... |
@@ -96,43 +97,27 @@ function server_names() |
| 96 | 97 |
{
|
| 97 | 98 |
$result = db_query("SELECT id, hostname FROM system.servers");
|
| 98 | 99 |
$servers = array(); |
| 99 |
- while ($s = mysql_fetch_assoc($result)) |
|
| 100 |
+ while ($s = $result->fetch()) |
|
| 100 | 101 |
$servers[$s['id']] = $s['hostname']; |
| 101 | 102 |
DEBUG($servers); |
| 102 | 103 |
return $servers; |
| 103 | 104 |
} |
| 104 | 105 |
|
| 105 | 106 |
|
| 106 |
-function db_query($query) |
|
| 107 |
-{
|
|
| 108 |
- DEBUG($query); |
|
| 109 |
- $result = @mysql_query($query); |
|
| 110 |
- if (mysql_error()) |
|
| 111 |
- {
|
|
| 112 |
- $error = mysql_error(); |
|
| 113 |
- logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}");
|
|
| 114 |
- system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.');
|
|
| 115 |
- } |
|
| 116 |
- $count = @mysql_num_rows($result); |
|
| 117 |
- if (! $count) |
|
| 118 |
- $count = 'no'; |
|
| 119 |
- DEBUG("=> {$count} rows");
|
|
| 120 |
- return $result; |
|
| 121 |
-} |
|
| 122 |
- |
|
| 123 |
- |
|
| 124 |
- |
|
| 107 |
+// FIXME |
|
| 108 |
+// Diese Funktion funktioniert nicht für preprared statements |
|
| 125 | 109 |
function maybe_null($value) |
| 126 | 110 |
{
|
| 127 | 111 |
if ($value == NULL) |
| 128 | 112 |
return 'NULL'; |
| 129 | 113 |
|
| 130 | 114 |
if (strlen( (string) $value ) > 0) |
| 131 |
- return "'".mysql_real_escape_string($value)."'"; |
|
| 115 |
+ return "'".db_escape_string($value)."'"; |
|
| 132 | 116 |
else |
| 133 | 117 |
return 'NULL'; |
| 134 | 118 |
} |
| 135 | 119 |
|
| 120 |
+ |
|
| 136 | 121 |
#define('LOG_ERR', 3);
|
| 137 | 122 |
#define('LOG_WARNING', 4);
|
| 138 | 123 |
#define('LOG_INFO', 6);
|
| ... | ... |
@@ -148,11 +133,11 @@ function logger($severity, $scriptname, $scope, $message) |
| 148 | 133 |
elseif ($_SESSION['role'] & ROLE_CUSTOMER) |
| 149 | 134 |
$user = "'{$_SESSION['customerinfo']['customerno']}'";
|
| 150 | 135 |
|
| 151 |
- $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); |
|
| 136 |
+ $remote = db_escape_string($_SERVER['REMOTE_ADDR']); |
|
| 152 | 137 |
|
| 153 |
- $scriptname = mysql_real_escape_string($scriptname); |
|
| 154 |
- $scope = mysql_real_escape_string($scope); |
|
| 155 |
- $message = mysql_real_escape_string($message); |
|
| 138 |
+ $scriptname = db_escape_string($scriptname); |
|
| 139 |
+ $scope = db_escape_string($scope); |
|
| 140 |
+ $message = db_escape_string($message); |
|
| 156 | 141 |
|
| 157 | 142 |
db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
|
| 158 | 143 |
} |
| 159 | 144 |
deleted file mode 100644 |
| ... | ... |
@@ -1,33 +0,0 @@ |
| 1 |
-<?php |
|
| 2 |
-/* |
|
| 3 |
-This file belongs to the Webinterface of schokokeks.org Hosting |
|
| 4 |
- |
|
| 5 |
-Written 2008-2013 by schokokeks.org Hosting, namely |
|
| 6 |
- Bernd Wurst <bernd@schokokeks.org> |
|
| 7 |
- Hanno Böck <hanno@schokokeks.org> |
|
| 8 |
- |
|
| 9 |
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
| 10 |
- |
|
| 11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 12 |
-http://creativecommons.org/publicdomain/zero/1.0/ |
|
| 13 |
- |
|
| 14 |
-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
| 15 |
-*/ |
|
| 16 |
- |
|
| 17 |
-require_once('inc/error.php');
|
|
| 18 |
- |
|
| 19 |
-include("config.php");
|
|
| 20 |
-global $config; |
|
| 21 |
- |
|
| 22 |
-$host = $config['db_host']; |
|
| 23 |
-if ($config['db_port']) {
|
|
| 24 |
- $host .= ":".$config['db_port']; |
|
| 25 |
-} |
|
| 26 |
- |
|
| 27 |
-if (!@mysql_connect($host, $config['db_user'], $config['db_pass'])) |
|
| 28 |
- die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.');
|
|
| 29 |
- |
|
| 30 |
-if (!@mysql_query('SET NAMES utf8'))
|
|
| 31 |
- die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!');
|
|
| 32 |
- |
|
| 33 |
-?> |
| ... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 | 17 |
require_once('inc/debug.php');
|
| 18 |
-require_once('inc/db_connect.php');
|
|
| 19 | 18 |
require_once('inc/base.php');
|
| 20 | 19 |
require_once('inc/security.php');
|
| 21 | 20 |
require_once('inc/error.php');
|
| ... | ... |
@@ -38,14 +37,14 @@ function get_domain_offer($domainname) |
| 38 | 37 |
$data = array("domainname" => $domainname, "basename" => $basename, "tld" => $tld);
|
| 39 | 38 |
|
| 40 | 39 |
$result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise_kunde WHERE kunde={$cid} AND tld='{$tld}' AND ruecksprache='N'");
|
| 41 |
- if (mysql_num_rows($result) != 1) {
|
|
| 40 |
+ if ($result->rowCount() != 1) {
|
|
| 42 | 41 |
$result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise WHERE tld='{$tld}' AND ruecksprache='N'");
|
| 43 | 42 |
} |
| 44 |
- if (mysql_num_rows($result) != 1) {
|
|
| 43 |
+ if ($result->rowCount() != 1) {
|
|
| 45 | 44 |
warning('Die Endung »'.$tld.'« steht zur automatischen Eintragung nicht zur Verfügung.');
|
| 46 | 45 |
return; |
| 47 | 46 |
} |
| 48 |
- $temp = mysql_fetch_assoc($result); |
|
| 47 |
+ $temp = $result->fetch(); |
|
| 49 | 48 |
$data["gebuehr"] = $temp["gebuehr"]; |
| 50 | 49 |
$data["setup"] = ($temp["setup"] ? $temp["setup"] : 0.0); |
| 51 | 50 |
|
| ... | ... |
@@ -93,7 +92,7 @@ function list_useraccounts() |
| 93 | 92 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
| 94 | 93 |
$result = db_query("SELECT uid,username,name FROM system.useraccounts WHERE kunde={$customerno}");
|
| 95 | 94 |
$ret = array(); |
| 96 |
- while ($item = mysql_fetch_assoc($result)) |
|
| 95 |
+ while ($item = $result->fetch()) |
|
| 97 | 96 |
{
|
| 98 | 97 |
$ret[] = $item; |
| 99 | 98 |
} |
| ... | ... |
@@ -19,7 +19,7 @@ require_once('inc/base.php');
|
| 19 | 19 |
|
| 20 | 20 |
function find_customers($string) |
| 21 | 21 |
{
|
| 22 |
- $string = mysql_real_escape_string(chop($string)); |
|
| 22 |
+ $string = db_escape_string(chop($string)); |
|
| 23 | 23 |
$return = array(); |
| 24 | 24 |
$result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ".
|
| 25 | 25 |
"ON (kk.kundennr = k.id) LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ". |
| ... | ... |
@@ -30,7 +30,7 @@ function find_customers($string) |
| 30 | 30 |
"notizen LIKE '%{$string}%' OR kk.name LIKE '%{$string}%' OR ".
|
| 31 | 31 |
"kk.wert LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
|
| 32 | 32 |
"u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
|
| 33 |
- while ($entry = mysql_fetch_assoc($result)) |
|
| 33 |
+ while ($entry = $result->fetch()) |
|
| 34 | 34 |
$return[] = $entry['id']; |
| 35 | 35 |
|
| 36 | 36 |
return $return; |
| ... | ... |
@@ -43,7 +43,7 @@ function find_users_for_customer($id) |
| 43 | 43 |
$return = array(); |
| 44 | 44 |
$result = db_query("SELECT uid, username FROM system.useraccounts WHERE ".
|
| 45 | 45 |
"kunde='{$id}';");
|
| 46 |
- while ($entry = mysql_fetch_assoc($result)) |
|
| 46 |
+ while ($entry = $result->fetch()) |
|
| 47 | 47 |
$return[$entry['uid']] = $entry['username']; |
| 48 | 48 |
|
| 49 | 49 |
return $return; |
| ... | ... |
@@ -56,7 +56,7 @@ function hosting_contracts($cid) |
| 56 | 56 |
$cid = (int) $cid; |
| 57 | 57 |
$result = db_query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid);
|
| 58 | 58 |
$ret = array(); |
| 59 |
- while ($x = mysql_fetch_assoc($result)) |
|
| 59 |
+ while ($x = $result->fetch()) |
|
| 60 | 60 |
array_push($ret, $x); |
| 61 | 61 |
DEBUG($ret); |
| 62 | 62 |
|
| ... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 | 17 |
require_once('inc/debug.php');
|
| 18 |
-require_once('inc/db_connect.php');
|
|
| 19 | 18 |
require_once('inc/base.php');
|
| 20 | 19 |
require_once('inc/security.php');
|
| 21 | 20 |
require_once('inc/error.php');
|
| ... | ... |
@@ -28,7 +27,7 @@ function get_dyndns_accounts() |
| 28 | 27 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 29 | 28 |
$result = db_query("SELECT * FROM dns.dyndns WHERE uid={$uid}");
|
| 30 | 29 |
$list = array(); |
| 31 |
- while ($item = mysql_fetch_assoc($result)) {
|
|
| 30 |
+ while ($item = $result->fetch()) {
|
|
| 32 | 31 |
array_push($list, $item); |
| 33 | 32 |
} |
| 34 | 33 |
DEBUG($list); |
| ... | ... |
@@ -41,11 +40,11 @@ function get_dyndns_account($id) |
| 41 | 40 |
$id = (int) $id; |
| 42 | 41 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 43 | 42 |
$result = db_query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}");
|
| 44 |
- if (mysql_num_rows($result) != 1) {
|
|
| 43 |
+ if ($result->rowCount() != 1) {
|
|
| 45 | 44 |
logger(LOG_WARNING, "modules/dns/include/dnsinclude", "dyndns", "account »{$id}« invalid for uid »{$uid}«.");
|
| 46 | 45 |
system_failure("Account ungültig");
|
| 47 | 46 |
} |
| 48 |
- $item = mysql_fetch_assoc($result); |
|
| 47 |
+ $item = $result->fetch(); |
|
| 49 | 48 |
DEBUG($item); |
| 50 | 49 |
return $item; |
| 51 | 50 |
} |
| ... | ... |
@@ -58,8 +57,8 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
| 58 | 57 |
if ($password_http == '' && $sshkey == '') |
| 59 | 58 |
system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.');
|
| 60 | 59 |
|
| 61 |
- $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle))); |
|
| 62 |
- $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey))); |
|
| 60 |
+ $handle = maybe_null(db_escape_string(filter_input_username($handle))); |
|
| 61 |
+ $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey))); |
|
| 63 | 62 |
|
| 64 | 63 |
$pwhash = 'NULL'; |
| 65 | 64 |
if ($password_http) |
| ... | ... |
@@ -73,8 +72,8 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
| 73 | 72 |
function edit_dyndns_account($id, $handle, $password_http, $sshkey) |
| 74 | 73 |
{
|
| 75 | 74 |
$id = (int) $id; |
| 76 |
- $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle))); |
|
| 77 |
- $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey))); |
|
| 75 |
+ $handle = maybe_null(db_escape_string(filter_input_username($handle))); |
|
| 76 |
+ $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey))); |
|
| 78 | 77 |
|
| 79 | 78 |
$pwhash = 'NULL'; |
| 80 | 79 |
if ($password_http) |
| ... | ... |
@@ -104,7 +103,7 @@ function get_dyndns_records($id) |
| 104 | 103 |
$id = (int) $id; |
| 105 | 104 |
$result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}");
|
| 106 | 105 |
$data = array(); |
| 107 |
- while ($entry = mysql_fetch_assoc($result)) {
|
|
| 106 |
+ while ($entry = $result->fetch()) {
|
|
| 108 | 107 |
$dom = new Domain((int) $entry['domain']); |
| 109 | 108 |
$dom->ensure_userdomain(); |
| 110 | 109 |
$entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn; |
| ... | ... |
@@ -144,9 +143,9 @@ function get_dns_record($id) |
| 144 | 143 |
{
|
| 145 | 144 |
$id = (int) $id; |
| 146 | 145 |
$result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}");
|
| 147 |
- if (mysql_num_rows($result) != 1) |
|
| 146 |
+ if ($result->rowCount() != 1) |
|
| 148 | 147 |
system_failure('illegal ID');
|
| 149 |
- $data = mysql_fetch_assoc($result); |
|
| 148 |
+ $data = $result->fetch(); |
|
| 150 | 149 |
$dom = new Domain( (int) $data['domain']); |
| 151 | 150 |
$dom->ensure_userdomain(); |
| 152 | 151 |
DEBUG($data); |
| ... | ... |
@@ -159,7 +158,7 @@ function get_domain_records($dom) |
| 159 | 158 |
$dom = (int) $dom; |
| 160 | 159 |
$result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}");
|
| 161 | 160 |
$data = array(); |
| 162 |
- while ($entry = mysql_fetch_assoc($result)) {
|
|
| 161 |
+ while ($entry = $result->fetch()) {
|
|
| 163 | 162 |
$dom = new Domain((int) $entry['domain']); |
| 164 | 163 |
$dom->ensure_userdomain(); |
| 165 | 164 |
$entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn; |
| ... | ... |
@@ -173,11 +172,11 @@ function get_domain_records($dom) |
| 173 | 172 |
|
| 174 | 173 |
function get_domain_auto_records($domainname) |
| 175 | 174 |
{
|
| 176 |
- $domainname = mysql_real_escape_string($domainname); |
|
| 175 |
+ $domainname = db_escape_string($domainname); |
|
| 177 | 176 |
//$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'");
|
| 178 | 177 |
$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'");
|
| 179 | 178 |
$data = array(); |
| 180 |
- while ($entry = mysql_fetch_assoc($result)) {
|
|
| 179 |
+ while ($entry = $result->fetch()) {
|
|
| 181 | 180 |
array_push($data, $entry); |
| 182 | 181 |
} |
| 183 | 182 |
DEBUG($data); |
| ... | ... |
@@ -329,7 +328,7 @@ function domain_is_maildomain($domain) |
| 329 | 328 |
{
|
| 330 | 329 |
$domain = (int) $domain; |
| 331 | 330 |
$result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
|
| 332 |
- $dom = mysql_fetch_assoc($result); |
|
| 331 |
+ $dom = $result->fetch(); |
|
| 333 | 332 |
return ($dom['mail'] != 'none'); |
| 334 | 333 |
} |
| 335 | 334 |
|
| ... | ... |
@@ -27,7 +27,7 @@ function mailman_subdomains($domain) |
| 27 | 27 |
$domain = (int) $domain; |
| 28 | 28 |
$result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}");
|
| 29 | 29 |
$ret = array(); |
| 30 |
- while ($line = mysql_fetch_assoc($result)) |
|
| 30 |
+ while ($line = $result->fetch()) |
|
| 31 | 31 |
{
|
| 32 | 32 |
$ret[] = $line; |
| 33 | 33 |
} |
| ... | ... |
@@ -40,7 +40,7 @@ function dns_in_use($domain) |
| 40 | 40 |
return false; |
| 41 | 41 |
$domain = (int) $domain; |
| 42 | 42 |
$result = db_query("SELECT id FROM dns.custom_records WHERE domain={$domain}");
|
| 43 |
- return (mysql_num_rows($result) > 0); |
|
| 43 |
+ return ($result->rowCount() > 0); |
|
| 44 | 44 |
} |
| 45 | 45 |
|
| 46 | 46 |
|
| ... | ... |
@@ -52,16 +52,16 @@ function mail_in_use($domain) |
| 52 | 52 |
} |
| 53 | 53 |
$domain = (int) $domain; |
| 54 | 54 |
$result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
|
| 55 |
- if (mysql_num_rows($result) < 1) |
|
| 55 |
+ if ($result->rowCount() < 1) |
|
| 56 | 56 |
system_failure("Domain not found");
|
| 57 |
- $d = mysql_fetch_assoc($result); |
|
| 57 |
+ $d = $result->fetch(); |
|
| 58 | 58 |
if ($d['mail'] == 'none') |
| 59 | 59 |
return false; // manually disabled |
| 60 | 60 |
$result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}");
|
| 61 |
- if (mysql_num_rows($result) < 1) |
|
| 61 |
+ if ($result->rowCount() < 1) |
|
| 62 | 62 |
return true; // .courier |
| 63 | 63 |
$result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}");
|
| 64 |
- return (mysql_num_rows($result) > 0); |
|
| 64 |
+ return ($result->rowCount() > 0); |
|
| 65 | 65 |
} |
| 66 | 66 |
|
| 67 | 67 |
function web_in_use($domain) |
| ... | ... |
@@ -72,12 +72,12 @@ function web_in_use($domain) |
| 72 | 72 |
$domain = (int) $domain; |
| 73 | 73 |
|
| 74 | 74 |
$result = db_query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1");
|
| 75 |
- if (mysql_num_rows($result) < 1) |
|
| 75 |
+ if ($result->rowCount() < 1) |
|
| 76 | 76 |
return false; |
| 77 | 77 |
|
| 78 | 78 |
$result = db_query("SELECT id FROM vhosts.vhost WHERE domain={$domain}");
|
| 79 | 79 |
$result2 = db_query("SELECT id FROM vhosts.alias WHERE domain={$domain}");
|
| 80 |
- return (mysql_num_rows($result) > 0 || mysql_num_rows($result2) > 0); |
|
| 80 |
+ return ($result->rowCount() > 0 || $result2->rowCount() > 0); |
|
| 81 | 81 |
} |
| 82 | 82 |
|
| 83 | 83 |
|
| ... | ... |
@@ -20,8 +20,8 @@ function user_has_accounts() |
| 20 | 20 |
{
|
| 21 | 21 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 22 | 22 |
$result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid");
|
| 23 |
- DEBUG(mysql_num_rows($result)." accounts"); |
|
| 24 |
- return (mysql_num_rows($result) > 0); |
|
| 23 |
+ DEBUG($result->rowCount()." accounts"); |
|
| 24 |
+ return ($result->rowCount() > 0); |
|
| 25 | 25 |
} |
| 26 | 26 |
|
| 27 | 27 |
if (! function_exists("user_has_vmail_domain"))
|
| ... | ... |
@@ -34,7 +34,7 @@ if (! function_exists("user_has_vmail_domain"))
|
| 34 | 34 |
} |
| 35 | 35 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 36 | 36 |
$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
|
| 37 |
- $row = mysql_fetch_array($result); |
|
| 37 |
+ $row = $result->fetch(); |
|
| 38 | 38 |
$count = $row[0]; |
| 39 | 39 |
DEBUG("User has {$count} vmail-domains");
|
| 40 | 40 |
return ( (int) $count > 0 ); |
| ... | ... |
@@ -24,7 +24,7 @@ if (! function_exists("user_has_vmail_domain"))
|
| 24 | 24 |
} |
| 25 | 25 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 26 | 26 |
$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
|
| 27 |
- $row = mysql_fetch_array($result); |
|
| 27 |
+ $row = $result->fetch(); |
|
| 28 | 28 |
$count = $row[0]; |
| 29 | 29 |
DEBUG("User has {$count} vmail-domains");
|
| 30 | 30 |
return ( (int) $count > 0 ); |
| ... | ... |
@@ -42,7 +42,7 @@ if (! function_exists("user_has_dotcourier_domain"))
|
| 42 | 42 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 43 | 43 |
$result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ".
|
| 44 | 44 |
"SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);");
|
| 45 |
- $ret = (mysql_num_rows($result) > 0); |
|
| 45 |
+ $ret = ($result->rowCount() > 0); |
|
| 46 | 46 |
if ($ret) |
| 47 | 47 |
DEBUG("User {$uid} has dotcourier-domains");
|
| 48 | 48 |
return $ret; |
| ... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 | 17 |
require_once('inc/debug.php');
|
| 18 |
-require_once('inc/db_connect.php');
|
|
| 19 | 18 |
require_once('inc/base.php');
|
| 20 | 19 |
require_once('inc/security.php');
|
| 21 | 20 |
|
| ... | ... |
@@ -27,10 +26,10 @@ function mailaccounts($uid) |
| 27 | 26 |
{
|
| 28 | 27 |
$uid = (int) $uid; |
| 29 | 28 |
$result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local");
|
| 30 |
- DEBUG("Found ".@mysql_num_rows($result)." rows!");
|
|
| 29 |
+ DEBUG("Found ".@$result->rowCount()." rows!");
|
|
| 31 | 30 |
$accounts = array(); |
| 32 |
- if (@mysql_num_rows($result) > 0) |
|
| 33 |
- while ($acc = @mysql_fetch_object($result)) |
|
| 31 |
+ if (@$result->rowCount() > 0) |
|
| 32 |
+ while ($acc = @$result->fetch(PDO::FETCH_OBJ)) |
|
| 34 | 33 |
array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
|
| 35 | 34 |
return $accounts; |
| 36 | 35 |
} |
| ... | ... |
@@ -40,10 +39,10 @@ function get_mailaccount($id) |
| 40 | 39 |
$id = (int) $id; |
| 41 | 40 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 42 | 41 |
$result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
|
| 43 |
- DEBUG("Found ".mysql_num_rows($result)." rows!");
|
|
| 44 |
- if (mysql_num_rows($result) != 1) |
|
| 42 |
+ DEBUG("Found ".$result->rowCount()." rows!");
|
|
| 43 |
+ if ($result->rowCount() != 1) |
|
| 45 | 44 |
system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
|
| 46 |
- $acc = mysql_fetch_object($result); |
|
| 45 |
+ $acc = $result->fetch(PDO::FETCH_OBJ); |
|
| 47 | 46 |
$ret = array('account' => $acc->account, 'mailbox' => $acc->maildir, 'enabled' => ($acc->aktiv == 1));
|
| 48 | 47 |
DEBUG(print_r($ret, true)); |
| 49 | 48 |
return $ret; |
| ... | ... |
@@ -73,13 +72,13 @@ function change_mailaccount($id, $arr) |
| 73 | 72 |
array_push($conditions, "domain={$domain->id}");
|
| 74 | 73 |
} |
| 75 | 74 |
} |
| 76 |
- array_push($conditions, "local='".mysql_real_escape_string($local)."'"); |
|
| 75 |
+ array_push($conditions, "local='".db_escape_string($local)."'"); |
|
| 77 | 76 |
} |
| 78 | 77 |
if (isset($arr['mailbox'])) |
| 79 | 78 |
if ($arr['mailbox'] == '') |
| 80 | 79 |
array_push($conditions, "`maildir`=NULL"); |
| 81 | 80 |
else |
| 82 |
- array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'"); |
|
| 81 |
+ array_push($conditions, "`maildir`='".db_escape_string($arr['mailbox'])."'"); |
|
| 83 | 82 |
|
| 84 | 83 |
if (isset($arr['password'])) |
| 85 | 84 |
{
|
| ... | ... |
@@ -121,13 +120,13 @@ function create_mailaccount($arr) |
| 121 | 120 |
} |
| 122 | 121 |
} |
| 123 | 122 |
|
| 124 |
- $values['local'] = "'".mysql_real_escape_string($local)."'"; |
|
| 123 |
+ $values['local'] = "'".db_escape_string($local)."'"; |
|
| 125 | 124 |
|
| 126 | 125 |
if (isset($arr['mailbox'])) |
| 127 | 126 |
if ($arr['mailbox'] == '') |
| 128 | 127 |
$values['maildir'] = 'NULL'; |
| 129 | 128 |
else |
| 130 |
- $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'"; |
|
| 129 |
+ $values['maildir']= "'".db_escape_string($arr['mailbox'])."'"; |
|
| 131 | 130 |
|
| 132 | 131 |
|
| 133 | 132 |
if (isset($arr['password'])) |
| ... | ... |
@@ -149,13 +148,13 @@ function get_mailaccount_id($accountname) |
| 149 | 148 |
{
|
| 150 | 149 |
list($local, $domain) = explode('@', $accountname, 2);
|
| 151 | 150 |
|
| 152 |
- $local = mysql_real_escape_string($local); |
|
| 153 |
- $domain = mysql_real_escape_string($domain); |
|
| 151 |
+ $local = db_escape_string($local); |
|
| 152 |
+ $domain = db_escape_string($domain); |
|
| 154 | 153 |
|
| 155 | 154 |
$result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
|
| 156 |
- if (mysql_num_rows($result) != 1) |
|
| 155 |
+ if ($result->rowCount() != 1) |
|
| 157 | 156 |
system_failure('account nicht eindeutig');
|
| 158 |
- $acc = mysql_fetch_assoc($result); |
|
| 157 |
+ $acc = $result->fetch(); |
|
| 159 | 158 |
return $acc['id']; |
| 160 | 159 |
} |
| 161 | 160 |
|
| ... | ... |
@@ -214,7 +213,7 @@ function imap_on_vmail_domain() |
| 214 | 213 |
{
|
| 215 | 214 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 216 | 215 |
$result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
|
| 217 |
- if (mysql_num_rows($result) > 0) |
|
| 216 |
+ if ($result->rowCount() > 0) |
|
| 218 | 217 |
return true; |
| 219 | 218 |
return false; |
| 220 | 219 |
} |
| ... | ... |
@@ -224,11 +223,11 @@ function user_has_only_vmail_domains() |
| 224 | 223 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 225 | 224 |
$result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
|
| 226 | 225 |
// User hat keine VMail-Domains |
| 227 |
- if (mysql_num_rows($result) == 0) |
|
| 226 |
+ if ($result->rowCount() == 0) |
|
| 228 | 227 |
return false; |
| 229 | 228 |
$result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
|
| 230 | 229 |
// User hat keine Domains die nicht vmail-Domains sind |
| 231 |
- if (mysql_num_rows($result) == 0) |
|
| 230 |
+ if ($result->rowCount() == 0) |
|
| 232 | 231 |
return true; |
| 233 | 232 |
return false; |
| 234 | 233 |
} |
| ... | ... |
@@ -58,9 +58,9 @@ Ihre E-Mail wird nicht weitergeleitet.', |
| 58 | 58 |
|
| 59 | 59 |
function get_vmail_id_by_emailaddr($emailaddr) |
| 60 | 60 |
{
|
| 61 |
- $emailaddr = mysql_real_escape_string( $emailaddr ); |
|
| 61 |
+ $emailaddr = db_escape_string( $emailaddr ); |
|
| 62 | 62 |
$result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'");
|
| 63 |
- $entry = mysql_fetch_assoc($result); |
|
| 63 |
+ $entry = $result->fetch(); |
|
| 64 | 64 |
return (int) $entry['id']; |
| 65 | 65 |
} |
| 66 | 66 |
|
| ... | ... |
@@ -74,10 +74,10 @@ function get_account_details($id, $checkuid = true) |
| 74 | 74 |
$uid_check = "useraccount='{$uid}' AND ";
|
| 75 | 75 |
} |
| 76 | 76 |
$result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1");
|
| 77 |
- if (mysql_num_rows($result) == 0) |
|
| 77 |
+ if ($result->rowCount() == 0) |
|
| 78 | 78 |
system_failure('Ungültige ID oder kein eigener Account');
|
| 79 | 79 |
$acc = empty_account(); |
| 80 |
- $res = mysql_fetch_assoc($result); |
|
| 80 |
+ $res = $result->fetch(); |
|
| 81 | 81 |
foreach ($res AS $key => $value) {
|
| 82 | 82 |
if ($key == 'forwards') |
| 83 | 83 |
continue; |
| ... | ... |
@@ -85,13 +85,13 @@ function get_account_details($id, $checkuid = true) |
| 85 | 85 |
} |
| 86 | 86 |
if ($acc['forwards'] > 0) {
|
| 87 | 87 |
$result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};");
|
| 88 |
- while ($item = mysql_fetch_assoc($result)){
|
|
| 88 |
+ while ($item = $result->fetch()){
|
|
| 89 | 89 |
array_push($acc['forwards'], array("id" => $item['id'], 'spamfilter' => $item['spamfilter'], 'destination' => $item['destination']));
|
| 90 | 90 |
} |
| 91 | 91 |
} |
| 92 | 92 |
if ($acc['autoresponder'] > 0) {
|
| 93 | 93 |
$result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}");
|
| 94 |
- $item = mysql_fetch_assoc($result); |
|
| 94 |
+ $item = $result->fetch(); |
|
| 95 | 95 |
DEBUG($item); |
| 96 | 96 |
$acc['autoresponder'] = $item; |
| 97 | 97 |
} else {
|
| ... | ... |
@@ -108,7 +108,7 @@ function get_vmail_accounts() |
| 108 | 108 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 109 | 109 |
$result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC");
|
| 110 | 110 |
$ret = array(); |
| 111 |
- while ($line = mysql_fetch_assoc($result)) |
|
| 111 |
+ while ($line = $result->fetch()) |
|
| 112 | 112 |
{
|
| 113 | 113 |
array_push($ret, $line); |
| 114 | 114 |
} |
| ... | ... |
@@ -122,10 +122,10 @@ function get_vmail_domains() |
| 122 | 122 |
{
|
| 123 | 123 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 124 | 124 |
$result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname");
|
| 125 |
- if (mysql_num_rows($result) == 0) |
|
| 125 |
+ if ($result->rowCount() == 0) |
|
| 126 | 126 |
system_failure('Sie haben keine Domains für virtuelle Mail-Verarbeitung');
|
| 127 | 127 |
$ret = array(); |
| 128 |
- while ($tmp = mysql_fetch_assoc($result)) |
|
| 128 |
+ while ($tmp = $result->fetch()) |
|
| 129 | 129 |
array_push($ret, $tmp); |
| 130 | 130 |
return $ret; |
| 131 | 131 |
} |
| ... | ... |
@@ -133,7 +133,7 @@ function get_vmail_domains() |
| 133 | 133 |
|
| 134 | 134 |
function find_account_id($accname) |
| 135 | 135 |
{
|
| 136 |
- $accname = mysql_real_escape_string($accname); |
|
| 136 |
+ $accname = db_escape_string($accname); |
|
| 137 | 137 |
DEBUG($accname); |
| 138 | 138 |
$tmp = explode('@', $accname, 2);
|
| 139 | 139 |
DEBUG($tmp); |
| ... | ... |
@@ -142,9 +142,9 @@ function find_account_id($accname) |
| 142 | 142 |
list( $local, $domainname) = $tmp; |
| 143 | 143 |
|
| 144 | 144 |
$result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1");
|
| 145 |
- if (mysql_num_rows($result) == 0) |
|
| 145 |
+ if ($result->rowCount() == 0) |
|
| 146 | 146 |
system_failure("Der Account konnte nicht gefunden werden");
|
| 147 |
- $tmp = mysql_fetch_array($result); |
|
| 147 |
+ $tmp = $result->fetch(); |
|
| 148 | 148 |
return $tmp[0]; |
| 149 | 149 |
} |
| 150 | 150 |
|
| ... | ... |
@@ -152,7 +152,7 @@ function find_account_id($accname) |
| 152 | 152 |
function change_vmail_password($accname, $newpass) |
| 153 | 153 |
{
|
| 154 | 154 |
$accid = find_account_id($accname); |
| 155 |
- $encpw = mysql_real_escape_string(encrypt_mail_password($newpass)); |
|
| 155 |
+ $encpw = db_escape_string(encrypt_mail_password($newpass)); |
|
| 156 | 156 |
db_query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;");
|
| 157 | 157 |
} |
| 158 | 158 |
|
| ... | ... |
@@ -177,7 +177,7 @@ function get_max_mailboxquota($server, $oldquota) {
|
| 177 | 177 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 178 | 178 |
$server = (int) $server; |
| 179 | 179 |
$result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'");
|
| 180 |
- $item = mysql_fetch_assoc($result); |
|
| 180 |
+ $item = $result->fetch(); |
|
| 181 | 181 |
DEBUG("Free space: ".$item['free']." / Really: ".($item['free'] + ($oldquota - config('vmail_basequota'))));
|
| 182 | 182 |
return $item['free'] + ($oldquota - config('vmail_basequota'));
|
| 183 | 183 |
} |
| ... | ... |
@@ -313,8 +313,8 @@ function save_vmail_account($account) |
| 313 | 313 |
$account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] ); |
| 314 | 314 |
} |
| 315 | 315 |
|
| 316 |
- $account['local'] = mysql_real_escape_string(strtolower($account['local'])); |
|
| 317 |
- $account['password'] = mysql_real_escape_string($account['password']); |
|
| 316 |
+ $account['local'] = db_escape_string(strtolower($account['local'])); |
|
| 317 |
+ $account['password'] = db_escape_string($account['password']); |
|
| 318 | 318 |
$account['spamexpire'] = (int) $account['spamexpire']; |
| 319 | 319 |
|
| 320 | 320 |
$query = ''; |
| ... | ... |
@@ -341,14 +341,14 @@ function save_vmail_account($account) |
| 341 | 341 |
$ar = $account['autoresponder']; |
| 342 | 342 |
$valid_from = maybe_null($ar['valid_from']); |
| 343 | 343 |
$valid_until = maybe_null($ar['valid_until']); |
| 344 |
- $fromname = maybe_null( mysql_real_escape_string($ar['fromname']) ); |
|
| 344 |
+ $fromname = maybe_null( db_escape_string($ar['fromname']) ); |
|
| 345 | 345 |
$fromaddr = NULL; |
| 346 | 346 |
if ($ar['fromaddr']) {
|
| 347 |
- $fromaddr = mysql_real_escape_string(check_emailaddr($ar['fromaddr'])); |
|
| 347 |
+ $fromaddr = db_escape_string(check_emailaddr($ar['fromaddr'])); |
|
| 348 | 348 |
} |
| 349 | 349 |
$fromaddr = maybe_null( $fromaddr ); |
| 350 |
- $subject = maybe_null( mysql_real_escape_string($ar['subject'])); |
|
| 351 |
- $message = mysql_real_escape_string($ar['message']); |
|
| 350 |
+ $subject = maybe_null( db_escape_string($ar['subject'])); |
|
| 351 |
+ $message = db_escape_string($ar['message']); |
|
| 352 | 352 |
$quote = "'inline'"; |
| 353 | 353 |
if ($ar['quote'] == 'attach') |
| 354 | 354 |
$quote = "'attach'"; |
| ... | ... |
@@ -417,7 +417,7 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können? |
| 417 | 417 |
if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
|
| 418 | 418 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 419 | 419 |
$result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server");
|
| 420 |
- while ($line = mysql_fetch_assoc($result)) {
|
|
| 420 |
+ while ($line = $result->fetch()) {
|
|
| 421 | 421 |
if ($line['quota'] !== NULL) {
|
| 422 | 422 |
db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')");
|
| 423 | 423 |
} |
| ... | ... |
@@ -447,7 +447,7 @@ function domainsettings($only_domain=NULL) {
|
| 447 | 447 |
// Domains |
| 448 | 448 |
$result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);");
|
| 449 | 449 |
|
| 450 |
- while ($mydom = mysql_fetch_assoc($result)) {
|
|
| 450 |
+ while ($mydom = $result->fetch()) {
|
|
| 451 | 451 |
if (! array_key_exists($mydom['id'], $domains)) {
|
| 452 | 452 |
if ($mydom['v_id']) |
| 453 | 453 |
$mydom['mail'] = 'virtual'; |
| ... | ... |
@@ -463,7 +463,7 @@ function domainsettings($only_domain=NULL) {
|
| 463 | 463 |
|
| 464 | 464 |
// Subdomains |
| 465 | 465 |
$result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};");
|
| 466 |
- while ($mydom = mysql_fetch_assoc($result)) {
|
|
| 466 |
+ while ($mydom = $result->fetch()) {
|
|
| 467 | 467 |
if (! array_key_exists($mydom['id'], $subdomains)) |
| 468 | 468 |
$subdomains[$mydom['id']] = array(); |
| 469 | 469 |
|
| ... | ... |
@@ -483,14 +483,14 @@ function domain_has_vmail_accounts($domid) |
| 483 | 483 |
{
|
| 484 | 484 |
$domid = (int) $domid; |
| 485 | 485 |
$result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}");
|
| 486 |
- return (mysql_num_rows($result) > 0); |
|
| 486 |
+ return ($result->rowCount() > 0); |
|
| 487 | 487 |
} |
| 488 | 488 |
|
| 489 | 489 |
|
| 490 | 490 |
function change_domain($id, $type) |
| 491 | 491 |
{
|
| 492 | 492 |
$id = (int) $id; |
| 493 |
- $type = mysql_real_escape_string($type); |
|
| 493 |
+ $type = db_escape_string($type); |
|
| 494 | 494 |
if (domain_has_vmail_accounts($id)) |
| 495 | 495 |
system_failure("Sie müssen zuerst alle E-Mail-Konten mit dieser Domain löschen, bevor Sie die Webinterface-Verwaltung für diese Domain abschalten können.");
|
| 496 | 496 |
|
| ... | ... |
@@ -21,7 +21,7 @@ function list_ftpusers() |
| 21 | 21 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 22 | 22 |
$result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
|
| 23 | 23 |
$ftpusers = array(); |
| 24 |
- while ($u = mysql_fetch_assoc($result)) {
|
|
| 24 |
+ while ($u = $result->fetch()) {
|
|
| 25 | 25 |
$ftpusers[] = $u; |
| 26 | 26 |
} |
| 27 | 27 |
return $ftpusers; |
| ... | ... |
@@ -40,9 +40,9 @@ function load_ftpuser($id) |
| 40 | 40 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 41 | 41 |
$id = (int) $id; |
| 42 | 42 |
$result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
|
| 43 |
- if (mysql_num_rows($result) != 1) |
|
| 43 |
+ if ($result->rowCount() != 1) |
|
| 44 | 44 |
system_failure("Fehler beim auslesen des Accounts");
|
| 45 |
- $account = mysql_fetch_assoc($result); |
|
| 45 |
+ $account = $result->fetch(); |
|
| 46 | 46 |
DEBUG($account); |
| 47 | 47 |
return $account; |
| 48 | 48 |
} |
| ... | ... |
@@ -117,11 +117,11 @@ function delete_ftpuser($id) |
| 117 | 117 |
|
| 118 | 118 |
function get_gid($groupname) |
| 119 | 119 |
{
|
| 120 |
- $groupname = mysql_real_escape_string($groupname); |
|
| 120 |
+ $groupname = db_escape_string($groupname); |
|
| 121 | 121 |
$result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
|
| 122 |
- if (mysql_num_rows($result) != 1) |
|
| 122 |
+ if ($result->rowCount() != 1) |
|
| 123 | 123 |
system_failure('cannot determine gid of ftpusers group');
|
| 124 |
- $a = mysql_fetch_assoc($result); |
|
| 124 |
+ $a = $result->fetch(); |
|
| 125 | 125 |
$gid = (int) $a['gid']; |
| 126 | 126 |
if ($gid == 0) |
| 127 | 127 |
system_failure('error on determining gid of ftpusers group');
|
| ... | ... |
@@ -134,7 +134,7 @@ function have_regular_ftp() |
| 134 | 134 |
$gid = get_gid('ftpusers');
|
| 135 | 135 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 136 | 136 |
$result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
|
| 137 |
- return (mysql_num_rows($result) > 0); |
|
| 137 |
+ return ($result->rowCount() > 0); |
|
| 138 | 138 |
} |
| 139 | 139 |
|
| 140 | 140 |
|
| ... | ... |
@@ -19,7 +19,7 @@ function whitelist_entries() |
| 19 | 19 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 20 | 20 |
$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};");
|
| 21 | 21 |
$return = array(); |
| 22 |
- while ($line = mysql_fetch_assoc($res)) |
|
| 22 |
+ while ($line = $res->fetch()) |
|
| 23 | 23 |
array_push($return, $line); |
| 24 | 24 |
return $return; |
| 25 | 25 |
} |
| ... | ... |
@@ -30,9 +30,9 @@ function get_whitelist_details($id) |
| 30 | 30 |
$id = (int) $id; |
| 31 | 31 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 32 | 32 |
$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};");
|
| 33 |
- if (mysql_num_rows($res) != 1) |
|
| 33 |
+ if ($res->rowCount() != 1) |
|
| 34 | 34 |
system_failure('Kann diesen Eintrag nicht finden');
|
| 35 |
- return mysql_fetch_assoc($res); |
|
| 35 |
+ return $res->fetch(); |
|
| 36 | 36 |
} |
| 37 | 37 |
|
| 38 | 38 |
|
| ... | ... |
@@ -55,9 +55,9 @@ function valid_entry($local, $domain) |
| 55 | 55 |
system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!');
|
| 56 | 56 |
return true; |
| 57 | 57 |
} |
| 58 |
- $d = mysql_real_escape_string($domain); |
|
| 58 |
+ $d = db_escape_string($domain); |
|
| 59 | 59 |
$res = db_query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1");
|
| 60 |
- if (mysql_num_rows($res) != 1) |
|
| 60 |
+ if ($res->rowCount() != 1) |
|
| 61 | 61 |
system_failure('Diese domain gehört Ihnen nicht!');
|
| 62 | 62 |
return true; |
| 63 | 63 |
} |
| ... | ... |
@@ -68,7 +68,7 @@ function new_whitelist_entry($local, $domain, $minutes) |
| 68 | 68 |
valid_entry($local, $domain); |
| 69 | 69 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 70 | 70 |
$local = maybe_null($local); |
| 71 |
- $domain = mysql_real_escape_string($domain); |
|
| 71 |
+ $domain = db_escape_string($domain); |
|
| 72 | 72 |
|
| 73 | 73 |
$expire = ''; |
| 74 | 74 |
if ($minutes == 'none') |
| ... | ... |
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_once('inc/db_connect.php');
|
|
| 18 | 17 |
require_once('session/checkuser.php');
|
| 19 | 18 |
|
| 20 | 19 |
function user_customer_match($cust, $user) |
| 21 | 20 |
{
|
| 22 | 21 |
$customerno = (int) $cust; |
| 23 |
- $username = mysql_real_escape_string($user); |
|
| 22 |
+ $username = db_escape_string($user); |
|
| 24 | 23 |
$result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
|
| 25 |
- if (mysql_num_rows($result) > 0) |
|
| 24 |
+ if ($result->rowCount() > 0) |
|
| 26 | 25 |
return true; |
| 27 | 26 |
return false; |
| 28 | 27 |
} |
| ... | ... |
@@ -32,9 +31,9 @@ function user_customer_match($cust, $user) |
| 32 | 31 |
function customer_has_email($customerno, $email) |
| 33 | 32 |
{
|
| 34 | 33 |
$customerno = (int) $customerno; |
| 35 |
- $email = mysql_real_escape_string($email); |
|
| 34 |
+ $email = db_escape_string($email); |
|
| 36 | 35 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
|
| 37 |
- return (mysql_num_rows($result) > 0); |
|
| 36 |
+ return ($result->rowCount() > 0); |
|
| 38 | 37 |
} |
| 39 | 38 |
|
| 40 | 39 |
|
| ... | ... |
@@ -42,21 +41,21 @@ function validate_token($customerno, $token) |
| 42 | 41 |
{
|
| 43 | 42 |
expire_tokens(); |
| 44 | 43 |
$customerno = (int) $customerno; |
| 45 |
- $token = mysql_real_escape_string($token); |
|
| 44 |
+ $token = db_escape_string($token); |
|
| 46 | 45 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
|
| 47 |
- return (mysql_num_rows($result) > 0); |
|
| 46 |
+ return ($result->rowCount() > 0); |
|
| 48 | 47 |
} |
| 49 | 48 |
|
| 50 | 49 |
|
| 51 | 50 |
function get_uid_for_token($token) |
| 52 | 51 |
{
|
| 53 | 52 |
expire_tokens(); |
| 54 |
- $token = mysql_real_escape_string($token); |
|
| 53 |
+ $token = db_escape_string($token); |
|
| 55 | 54 |
$result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
|
| 56 |
- if (mysql_num_rows($result) == 0) {
|
|
| 55 |
+ if ($result->rowCount() == 0) {
|
|
| 57 | 56 |
return NULL; |
| 58 | 57 |
} |
| 59 |
- $data = mysql_fetch_assoc($result); |
|
| 58 |
+ $data = $result->fetch(); |
|
| 60 | 59 |
return $data['uid']; |
| 61 | 60 |
} |
| 62 | 61 |
|
| ... | ... |
@@ -64,10 +63,10 @@ function get_username_for_uid($uid) |
| 64 | 63 |
{
|
| 65 | 64 |
$uid = (int) $uid; |
| 66 | 65 |
$result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
|
| 67 |
- if (mysql_num_rows($result) != 1) {
|
|
| 66 |
+ if ($result->rowCount() != 1) {
|
|
| 68 | 67 |
system_failure("Unexpected number of users with this uid (!= 1)!");
|
| 69 | 68 |
} |
| 70 |
- $item = mysql_fetch_assoc($result); |
|
| 69 |
+ $item = $result->fetch(); |
|
| 71 | 70 |
return $item['username']; |
| 72 | 71 |
} |
| 73 | 72 |
|
| ... | ... |
@@ -75,9 +74,9 @@ function validate_uid_token($uid, $token) |
| 75 | 74 |
{
|
| 76 | 75 |
expire_tokens(); |
| 77 | 76 |
$uid = (int) $uid; |
| 78 |
- $token = mysql_real_escape_string($token); |
|
| 77 |
+ $token = db_escape_string($token); |
|
| 79 | 78 |
$result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
|
| 80 |
- return (mysql_num_rows($result) > 0); |
|
| 79 |
+ return ($result->rowCount() > 0); |
|
| 81 | 80 |
} |
| 82 | 81 |
|
| 83 | 82 |
|
| ... | ... |
@@ -102,13 +101,13 @@ function invalidate_systemuser_token($uid) |
| 102 | 101 |
|
| 103 | 102 |
function create_token($username) |
| 104 | 103 |
{
|
| 105 |
- $username = mysql_real_escape_string($username); |
|
| 104 |
+ $username = db_escape_string($username); |
|
| 106 | 105 |
expire_tokens(); |
| 107 | 106 |
$result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
|
| 108 |
- $uid = (int) mysql_fetch_assoc($result)['uid']; |
|
| 107 |
+ $uid = (int) $result->fetch()['uid']; |
|
| 109 | 108 |
|
| 110 | 109 |
$result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
|
| 111 |
- if (mysql_num_rows($result) > 0) {
|
|
| 110 |
+ if ($result->rowCount() > 0) {
|
|
| 112 | 111 |
system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
|
| 113 | 112 |
} |
| 114 | 113 |
|
| ... | ... |
@@ -120,9 +119,9 @@ function create_token($username) |
| 120 | 119 |
|
| 121 | 120 |
function emailaddress_for_user($username) |
| 122 | 121 |
{
|
| 123 |
- $username = mysql_real_escape_string($username); |
|
| 122 |
+ $username = db_escape_string($username); |
|
| 124 | 123 |
$result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
|
| 125 |
- $data = mysql_fetch_assoc($result); |
|
| 124 |
+ $data = $result->fetch(); |
|
| 126 | 125 |
return $data['email']; |
| 127 | 126 |
} |
| 128 | 127 |
|
| ... | ... |
@@ -132,17 +131,17 @@ function get_customer_token($customerno) |
| 132 | 131 |
$customerno = (int) $customerno; |
| 133 | 132 |
expire_tokens(); |
| 134 | 133 |
$result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
|
| 135 |
- if (mysql_num_rows($result) < 1) |
|
| 134 |
+ if ($result->rowCount() < 1) |
|
| 136 | 135 |
system_failure("Kann das Token nicht auslesen!");
|
| 137 |
- return mysql_fetch_object($result)->token; |
|
| 136 |
+ return $result->fetch(PDO::FETCH_OBJ)->token; |
|
| 138 | 137 |
} |
| 139 | 138 |
|
| 140 | 139 |
|
| 141 | 140 |
function get_user_token($username) |
| 142 | 141 |
{
|
| 143 |
- $username = mysql_real_escape_string($username); |
|
| 142 |
+ $username = db_escape_string($username); |
|
| 144 | 143 |
$result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
|
| 145 |
- $tmp = mysql_fetch_assoc($result); |
|
| 144 |
+ $tmp = $result->fetch(); |
|
| 146 | 145 |
return $tmp['token']; |
| 147 | 146 |
} |
| 148 | 147 |
|
| ... | ... |
@@ -35,14 +35,14 @@ function do_ajax_cert_login() {
|
| 35 | 35 |
|
| 36 | 36 |
function get_logins_by_cert($cert) |
| 37 | 37 |
{
|
| 38 |
- $cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
|
|
| 38 |
+ $cert = db_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
|
|
| 39 | 39 |
$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
|
| 40 | 40 |
$result = db_query($query); |
| 41 |
- if (mysql_num_rows($result) < 1) |
|
| 41 |
+ if ($result->rowCount() < 1) |
|
| 42 | 42 |
return NULL; |
| 43 | 43 |
else {
|
| 44 | 44 |
$ret = array(); |
| 45 |
- while ($row = mysql_fetch_assoc($result)) {
|
|
| 45 |
+ while ($row = $result->fetch()) {
|
|
| 46 | 46 |
$ret[] = $row; |
| 47 | 47 |
} |
| 48 | 48 |
return $ret; |
| ... | ... |
@@ -56,9 +56,9 @@ function get_cert_by_id($id) |
| 56 | 56 |
system_failure('no ID');
|
| 57 | 57 |
$query = "SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`='{$id}' LIMIT 1";
|
| 58 | 58 |
$result = db_query($query); |
| 59 |
- if (mysql_num_rows($result) < 1) |
|
| 59 |
+ if ($result->rowCount() < 1) |
|
| 60 | 60 |
return NULL; |
| 61 |
- $ret = mysql_fetch_assoc($result); |
|
| 61 |
+ $ret = $result->fetch(); |
|
| 62 | 62 |
DEBUG($ret); |
| 63 | 63 |
return $ret; |
| 64 | 64 |
} |
| ... | ... |
@@ -66,14 +66,14 @@ function get_cert_by_id($id) |
| 66 | 66 |
|
| 67 | 67 |
function get_certs_by_username($username) |
| 68 | 68 |
{
|
| 69 |
- $username = mysql_real_escape_string($username); |
|
| 69 |
+ $username = db_escape_string($username); |
|
| 70 | 70 |
if ($username == '') |
| 71 | 71 |
system_failure('empty username');
|
| 72 | 72 |
$query = "SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`='{$username}'";
|
| 73 | 73 |
$result = db_query($query); |
| 74 |
- if (mysql_num_rows($result) < 1) |
|
| 74 |
+ if ($result->rowCount() < 1) |
|
| 75 | 75 |
return NULL; |
| 76 |
- while ($row = mysql_fetch_assoc($result)) {
|
|
| 76 |
+ while ($row = $result->fetch()) {
|
|
| 77 | 77 |
$ret[] = $row; |
| 78 | 78 |
} |
| 79 | 79 |
return $ret; |
| ... | ... |
@@ -86,24 +86,24 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='') |
| 86 | 86 |
$username = NULL; |
| 87 | 87 |
if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
|
| 88 | 88 |
$type = 'user'; |
| 89 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
| 89 |
+ $username = db_escape_string($_SESSION['userinfo']['username']); |
|
| 90 | 90 |
if (isset($_SESSION['subuser'])) {
|
| 91 |
- $username = mysql_real_escape_string($_SESSION['subuser']); |
|
| 91 |
+ $username = db_escape_string($_SESSION['subuser']); |
|
| 92 | 92 |
$type = 'subuser'; |
| 93 | 93 |
} |
| 94 | 94 |
} elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
|
| 95 | 95 |
$type = 'email'; |
| 96 |
- $username = mysql_real_escape_string($_SESSION['mailaccount']); |
|
| 96 |
+ $username = db_escape_string($_SESSION['mailaccount']); |
|
| 97 | 97 |
} |
| 98 | 98 |
if (! $type || ! $username) {
|
| 99 | 99 |
system_failure('cannot get type or username of login');
|
| 100 | 100 |
} |
| 101 |
- $certdata = mysql_real_escape_string($certdata); |
|
| 102 |
- $dn = maybe_null(mysql_real_escape_string($dn)); |
|
| 103 |
- $issuer = maybe_null(mysql_real_escape_string($issuer)); |
|
| 101 |
+ $certdata = db_escape_string($certdata); |
|
| 102 |
+ $dn = maybe_null(db_escape_string($dn)); |
|
| 103 |
+ $issuer = maybe_null(db_escape_string($issuer)); |
|
| 104 | 104 |
if ($startpage && ! check_path($startpage)) |
| 105 | 105 |
system_failure('Startseite kaputt');
|
| 106 |
- $startpage = maybe_null(mysql_real_escape_string($startpage)); |
|
| 106 |
+ $startpage = maybe_null(db_escape_string($startpage)); |
|
| 107 | 107 |
|
| 108 | 108 |
if ($certdata == '') |
| 109 | 109 |
system_failure('Kein Zertifikat');
|
| ... | ... |
@@ -124,14 +124,14 @@ function delete_clientcert($id) |
| 124 | 124 |
$username = NULL; |
| 125 | 125 |
if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
|
| 126 | 126 |
$type = 'user'; |
| 127 |
- $username = mysql_real_escape_string($_SESSION['userinfo']['username']); |
|
| 127 |
+ $username = db_escape_string($_SESSION['userinfo']['username']); |
|
| 128 | 128 |
if (isset($_SESSION['subuser'])) {
|
| 129 |
- $username = mysql_real_escape_string($_SESSION['subuser']); |
|
| 129 |
+ $username = db_escape_string($_SESSION['subuser']); |
|
| 130 | 130 |
$type = 'subuser'; |
| 131 | 131 |
} |
| 132 | 132 |
} elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
|
| 133 | 133 |
$type = 'email'; |
| 134 |
- $username = mysql_real_escape_string($_SESSION['mailaccount']); |
|
| 134 |
+ $username = db_escape_string($_SESSION['mailaccount']); |
|
| 135 | 135 |
} |
| 136 | 136 |
if (! $type || ! $username) {
|
| 137 | 137 |
system_failure('cannot get type or username of login');
|
| ... | ... |
@@ -25,7 +25,7 @@ function my_invoices() |
| 25 | 25 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
| 26 | 26 |
$result = db_query("SELECT id,datum,betrag,bezahlt,abbuchung,sepamandat FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC");
|
| 27 | 27 |
$ret = array(); |
| 28 |
- while($line = mysql_fetch_assoc($result)) |
|
| 28 |
+ while($line = $result->fetch()) |
|
| 29 | 29 |
array_push($ret, $line); |
| 30 | 30 |
return $ret; |
| 31 | 31 |
} |
| ... | ... |
@@ -36,9 +36,9 @@ function get_pdf($id) |
| 36 | 36 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
| 37 | 37 |
$id = (int) $id; |
| 38 | 38 |
$result = db_query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
|
| 39 |
- if (mysql_num_rows($result) == 0) |
|
| 39 |
+ if ($result->rowCount() == 0) |
|
| 40 | 40 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
|
| 41 |
- return mysql_fetch_object($result)->pdfdata; |
|
| 41 |
+ return $result->fetch(PDO::FETCH_OBJ)->pdfdata; |
|
| 42 | 42 |
|
| 43 | 43 |
} |
| 44 | 44 |
|
| ... | ... |
@@ -48,9 +48,9 @@ function invoice_details($id) |
| 48 | 48 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
| 49 | 49 |
$id = (int) $id; |
| 50 | 50 |
$result = db_query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
|
| 51 |
- if (mysql_num_rows($result) == 0) |
|
| 51 |
+ if ($result->rowCount() == 0) |
|
| 52 | 52 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
|
| 53 |
- return mysql_fetch_assoc($result); |
|
| 53 |
+ return $result->fetch(); |
|
| 54 | 54 |
} |
| 55 | 55 |
|
| 56 | 56 |
function invoice_items($id) |
| ... | ... |
@@ -58,10 +58,10 @@ function invoice_items($id) |
| 58 | 58 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
| 59 | 59 |
$id = (int) $id; |
| 60 | 60 |
$result = db_query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}");
|
| 61 |
- if (mysql_num_rows($result) == 0) |
|
| 61 |
+ if ($result->rowCount() == 0) |
|
| 62 | 62 |
system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
|
| 63 | 63 |
$ret = array(); |
| 64 |
- while($line = mysql_fetch_assoc($result)) |
|
| 64 |
+ while($line = $result->fetch()) |
|
| 65 | 65 |
array_push($ret, $line); |
| 66 | 66 |
return $ret; |
| 67 | 67 |
} |
| ... | ... |
@@ -72,7 +72,7 @@ function upcoming_items() |
| 72 | 72 |
$c = (int) $_SESSION['customerinfo']['customerno']; |
| 73 | 73 |
$result = db_query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC");
|
| 74 | 74 |
$ret = array(); |
| 75 |
- while($line = mysql_fetch_assoc($result)) |
|
| 75 |
+ while($line = $result->fetch()) |
|
| 76 | 76 |
array_push($ret, $line); |
| 77 | 77 |
return $ret; |
| 78 | 78 |
} |
| ... | ... |
@@ -166,19 +166,19 @@ function generate_bezahlcode_image($id) |
| 166 | 166 |
function get_lastschrift($rechnungsnummer) {
|
| 167 | 167 |
$rechnungsnummer = (int) $rechnungsnummer; |
| 168 | 168 |
$result = db_query("SELECT rechnungsnummer, rechnungsdatum, sl.betrag, buchungsdatum FROM kundendaten.sepalastschrift sl LEFT JOIN kundendaten.ausgestellte_rechnungen re ON (re.id=sl.rechnungsnummer) WHERE rechnungsnummer='${rechnungsnummer}' AND re.abbuchung=1");
|
| 169 |
- if (mysql_num_rows($result) == 0) {
|
|
| 169 |
+ if ($result->rowCount() == 0) {
|
|
| 170 | 170 |
return NULL; |
| 171 | 171 |
} |
| 172 |
- $item = mysql_fetch_assoc($result); |
|
| 172 |
+ $item = $result->fetch(); |
|
| 173 | 173 |
return $item; |
| 174 | 174 |
} |
| 175 | 175 |
|
| 176 | 176 |
function get_lastschriften($mandatsreferenz) |
| 177 | 177 |
{
|
| 178 |
- $mandatsreferenz = mysql_real_escape_string($mandatsreferenz); |
|
| 178 |
+ $mandatsreferenz = db_escape_string($mandatsreferenz); |
|
| 179 | 179 |
$result = db_query("SELECT rechnungsnummer, rechnungsdatum, betrag, buchungsdatum FROM kundendaten.sepalastschrift WHERE mandatsreferenz='${mandatsreferenz}' ORDER BY buchungsdatum DESC");
|
| 180 | 180 |
$ret = array(); |
| 181 |
- while ($item = mysql_fetch_assoc($result)) {
|
|
| 181 |
+ while ($item = $result->fetch()) {
|
|
| 182 | 182 |
$ret[] = $item; |
| 183 | 183 |
} |
| 184 | 184 |
return $ret; |
| ... | ... |
@@ -189,7 +189,7 @@ function get_sepamandate() |
| 189 | 189 |
$cid = (int) $_SESSION['customerinfo']['customerno']; |
| 190 | 190 |
$result = db_query("SELECT id, mandatsreferenz, glaeubiger_id, erteilt, medium, gueltig_ab, gueltig_bis, erstlastschrift, kontoinhaber, adresse, iban, bic, bankname FROM kundendaten.sepamandat WHERE kunde={$cid}");
|
| 191 | 191 |
$ret = array(); |
| 192 |
- while ($entry = mysql_fetch_assoc($result)) {
|
|
| 192 |
+ while ($entry = $result->fetch()) {
|
|
| 193 | 193 |
array_push($ret, $entry); |
| 194 | 194 |
} |
| 195 | 195 |
return $ret; |
| ... | ... |
@@ -198,9 +198,9 @@ function get_sepamandate() |
| 198 | 198 |
|
| 199 | 199 |
function yesterday($date) |
| 200 | 200 |
{
|
| 201 |
- $date = mysql_real_escape_string($date); |
|
| 201 |
+ $date = db_escape_string($date); |
|
| 202 | 202 |
$result = db_query("SELECT '{$date}' - INTERVAL 1 DAY");
|
| 203 |
- return mysql_fetch_array($result)[0]; |
|
| 203 |
+ return $result->fetch()[0]; |
|
| 204 | 204 |
} |
| 205 | 205 |
|
| 206 | 206 |
|
| ... | ... |
@@ -208,7 +208,7 @@ function invalidate_sepamandat($id, $date) |
| 208 | 208 |
{
|
| 209 | 209 |
$cid = (int) $_SESSION['customerinfo']['customerno']; |
| 210 | 210 |
$id = (int) $id; |
| 211 |
- $date = mysql_real_escape_string($date); |
|
| 211 |
+ $date = db_escape_string($date); |
|
| 212 | 212 |
db_query("UPDATE kundendaten.sepamandat SET gueltig_bis='{$date}' WHERE id={$id} AND kunde={$cid}");
|
| 213 | 213 |
} |
| 214 | 214 |
|
| ... | ... |
@@ -216,12 +216,12 @@ function invalidate_sepamandat($id, $date) |
| 216 | 216 |
function sepamandat($name, $adresse, $iban, $bankname, $bic, $gueltig_ab) |
| 217 | 217 |
{
|
| 218 | 218 |
$cid = (int) $_SESSION['customerinfo']['customerno']; |
| 219 |
- $name = mysql_real_escape_string($name); |
|
| 220 |
- $adresse = mysql_real_escape_string($adresse); |
|
| 221 |
- $iban = mysql_real_escape_string($iban); |
|
| 222 |
- $bankname = mysql_real_escape_string($bankname); |
|
| 223 |
- $bic = mysql_real_escape_string($bic); |
|
| 224 |
- $gueltig_ab = mysql_real_escape_string($gueltig_ab); |
|
| 219 |
+ $name = db_escape_string($name); |
|
| 220 |
+ $adresse = db_escape_string($adresse); |
|
| 221 |
+ $iban = db_escape_string($iban); |
|
| 222 |
+ $bankname = db_escape_string($bankname); |
|
| 223 |
+ $bic = db_escape_string($bic); |
|
| 224 |
+ $gueltig_ab = db_escape_string($gueltig_ab); |
|
| 225 | 225 |
|
| 226 | 226 |
$first_date = date('Y-m-d');
|
| 227 | 227 |
$invoices = my_invoices(); |
| ... | ... |
@@ -22,7 +22,7 @@ require_once('invoice.php');
|
| 22 | 22 |
$kundenname = $_SESSION['customerinfo']['name']; |
| 23 | 23 |
$id = (int) $_SESSION['customerinfo']['customerno']; |
| 24 | 24 |
$result = db_query("SELECT CONCAT(adresse, '\\\\n', plz, ' ', ort) AS adresse FROM kundendaten.kunden WHERE id={$id}");
|
| 25 |
-$r = mysql_fetch_assoc($result); |
|
| 25 |
+$r = $result->fetch(); |
|
| 26 | 26 |
|
| 27 | 27 |
header("Content-Type: text/javascript");
|
| 28 | 28 |
echo ' { "kundenname": "'.$kundenname.'", "adresse": "'.$r["adresse"].'" } ';
|
| ... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 | 17 |
require_once("inc/debug.php");
|
| 18 |
-require_once("inc/db_connect.php");
|
|
| 19 | 18 |
require_once("inc/security.php");
|
| 20 | 19 |
|
| 21 | 20 |
require_once('class/domain.php');
|
| ... | ... |
@@ -25,8 +24,8 @@ function get_jabber_accounts() {
|
| 25 | 24 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
| 26 | 25 |
$result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
|
| 27 | 26 |
$accounts = array(); |
| 28 |
- if (@mysql_num_rows($result) > 0) |
|
| 29 |
- while ($acc = @mysql_fetch_assoc($result)) |
|
| 27 |
+ if (@$result->rowCount() > 0) |
|
| 28 |
+ while ($acc = @$result->fetch()) |
|
| 30 | 29 |
array_push($accounts, $acc); |
| 31 | 30 |
return $accounts; |
| 32 | 31 |
} |
| ... | ... |
@@ -41,9 +40,9 @@ function get_jabberaccount_details($id) |
| 41 | 40 |
$id = (int) $id; |
| 42 | 41 |
|
| 43 | 42 |
$result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
|
| 44 |
- if (mysql_num_rows($result) != 1) |
|
| 43 |
+ if ($result->rowCount() != 1) |
|
| 45 | 44 |
system_failure("Invalid account");
|
| 46 |
- $data = mysql_fetch_assoc($result); |
|
| 45 |
+ $data = $result->fetch(); |
|
| 47 | 46 |
if ($data['domain'] == NULL) |
| 48 | 47 |
$data['domain'] = config('masterdomain');
|
| 49 | 48 |
else |
| ... | ... |
@@ -72,19 +71,19 @@ function create_jabber_account($local, $domain, $password) |
| 72 | 71 |
require_role(ROLE_CUSTOMER); |
| 73 | 72 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
| 74 | 73 |
|
| 75 |
- $local = mysql_real_escape_string( filter_input_username($local) ); |
|
| 74 |
+ $local = db_escape_string( filter_input_username($local) ); |
|
| 76 | 75 |
$domain = (int) $domain; |
| 77 | 76 |
if (! valid_jabber_password($password)) |
| 78 | 77 |
{
|
| 79 | 78 |
input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
|
| 80 | 79 |
return; |
| 81 | 80 |
} |
| 82 |
- $password = mysql_real_escape_string( $password ); |
|
| 81 |
+ $password = db_escape_string( $password ); |
|
| 83 | 82 |
|
| 84 | 83 |
if ($domain > 0) |
| 85 | 84 |
{
|
| 86 | 85 |
$result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
|
| 87 |
- if (mysql_num_rows($result) == 0) |
|
| 86 |
+ if ($result->rowCount() == 0) |
|
| 88 | 87 |
{
|
| 89 | 88 |
logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
|
| 90 | 89 |
system_failure("Invalid domain!");
|
| ... | ... |
@@ -98,7 +97,7 @@ function create_jabber_account($local, $domain, $password) |
| 98 | 97 |
$domainquery = 'domain IS NULL'; |
| 99 | 98 |
} |
| 100 | 99 |
$result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
|
| 101 |
- if (mysql_num_rows($result) > 0) |
|
| 100 |
+ if ($result->rowCount() > 0) |
|
| 102 | 101 |
{
|
| 103 | 102 |
logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
|
| 104 | 103 |
system_failure("Diesen Account gibt es bereits!");
|
| ... | ... |
@@ -120,7 +119,7 @@ function change_jabber_password($id, $password) |
| 120 | 119 |
input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
|
| 121 | 120 |
return; |
| 122 | 121 |
} |
| 123 |
- $password = mysql_real_escape_string( $password ); |
|
| 122 |
+ $password = db_escape_string( $password ); |
|
| 124 | 123 |
|
| 125 | 124 |
db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
|
| 126 | 125 |
logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account »{$id}«");
|
| ... | ... |
@@ -24,7 +24,7 @@ function get_lists() |
| 24 | 24 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 25 | 25 |
$result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid};");
|
| 26 | 26 |
$ret = array(); |
| 27 |
- while ($list = mysql_fetch_assoc($result)) |
|
| 27 |
+ while ($list = $result->fetch()) |
|
| 28 | 28 |
$ret[] = $list; |
| 29 | 29 |
DEBUG($ret); |
| 30 | 30 |
return $ret; |
| ... | ... |
@@ -36,9 +36,9 @@ function get_list($id) |
| 36 | 36 |
$id = (int) $id; |
| 37 | 37 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 38 | 38 |
$result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid} AND id={$id};");
|
| 39 |
- if (mysql_num_rows($result) < 1) |
|
| 39 |
+ if ($result->rowCount() < 1) |
|
| 40 | 40 |
system_failure('Die gewünschte Mailingliste konnte nicht gefunden werden');
|
| 41 |
- $list = mysql_fetch_assoc($result); |
|
| 41 |
+ $list = $result->fetch(); |
|
| 42 | 42 |
DEBUG($list); |
| 43 | 43 |
|
| 44 | 44 |
return $list; |
| ... | ... |
@@ -61,13 +61,13 @@ function create_list($listname, $maildomain, $admin) |
| 61 | 61 |
verify_input_general($admin); |
| 62 | 62 |
if (! check_emailaddr($admin)) |
| 63 | 63 |
system_failure('Der Verwalter muss eine gültige E-Mail-Adresse sein ('.$admin.').');
|
| 64 |
- $admin = mysql_real_escape_string($admin); |
|
| 64 |
+ $admin = db_escape_string($admin); |
|
| 65 | 65 |
$result = db_query("SELECT id FROM mail.mailman_lists WHERE listname='{$listname}'");
|
| 66 |
- if (mysql_num_rows($result) > 0) |
|
| 66 |
+ if ($result->rowCount() > 0) |
|
| 67 | 67 |
system_failure('Eine Liste mit diesem Namen existiert bereits (unter dieser oder einer anderen Domain). Jeder Listenname kann nur einmal verwendet werden.');
|
| 68 | 68 |
|
| 69 | 69 |
db_query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', '{$listname}', {$maildomain}, {$owner}, '{$admin}');");
|
| 70 |
- DEBUG('Neue ID: '.mysql_insert_id());
|
|
| 70 |
+ DEBUG('Neue ID: '.db_insert_id());
|
|
| 71 | 71 |
} |
| 72 | 72 |
|
| 73 | 73 |
|
| ... | ... |
@@ -76,7 +76,7 @@ function get_mailman_domains() |
| 76 | 76 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 77 | 77 |
$result = db_query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user={$uid}");
|
| 78 | 78 |
$ret = array(); |
| 79 |
- while ($dom = mysql_fetch_assoc($result)) |
|
| 79 |
+ while ($dom = $result->fetch()) |
|
| 80 | 80 |
$ret[] = $dom; |
| 81 | 81 |
DEBUG($ret); |
| 82 | 82 |
return $ret; |
| ... | ... |
@@ -18,10 +18,10 @@ function get_mysql_accounts($UID) |
| 18 | 18 |
{
|
| 19 | 19 |
$UID = (int) $UID; |
| 20 | 20 |
$result = db_query("SELECT id, username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username");
|
| 21 |
- if (mysql_num_rows($result) == 0) |
|
| 21 |
+ if ($result->rowCount() == 0) |
|
| 22 | 22 |
return array(); |
| 23 | 23 |
$list = array(); |
| 24 |
- while ($item = mysql_fetch_assoc($result)) |
|
| 24 |
+ while ($item = $result->fetch()) |
|
| 25 | 25 |
{
|
| 26 | 26 |
$list[] = $item; |
| 27 | 27 |
} |
| ... | ... |
@@ -32,10 +32,10 @@ function get_mysql_databases($UID) |
| 32 | 32 |
{
|
| 33 | 33 |
$UID = (int) $UID; |
| 34 | 34 |
$result = db_query("SELECT id, name, description, created FROM misc.mysql_database WHERE useraccount=$UID ORDER BY name");
|
| 35 |
- if (mysql_num_rows($result) == 0) |
|
| 35 |
+ if ($result->rowCount() == 0) |
|
| 36 | 36 |
return array(); |
| 37 | 37 |
$list = array(); |
| 38 |
- while ($item = mysql_fetch_assoc($result)) |
|
| 38 |
+ while ($item = $result->fetch()) |
|
| 39 | 39 |
{
|
| 40 | 40 |
$list[] = $item; |
| 41 | 41 |
} |
| ... | ... |
@@ -80,7 +80,7 @@ function servers_for_databases() |
| 80 | 80 |
|
| 81 | 81 |
$result = db_query("SELECT db.name AS db, hostname FROM misc.mysql_database AS db LEFT JOIN system.useraccounts AS u ON (db.useraccount=u.uid) LEFT JOIN system.servers ON (COALESCE(db.server, u.server) = servers.id) WHERE db.useraccount={$uid}");
|
| 82 | 82 |
$ret = array(); |
| 83 |
- while ($line = mysql_fetch_assoc($result)) {
|
|
| 83 |
+ while ($line = $result->fetch()) {
|
|
| 84 | 84 |
$ret[$line['db']] = $line['hostname']; |
| 85 | 85 |
} |
| 86 | 86 |
DEBUG($ret); |
| ... | ... |
@@ -96,9 +96,9 @@ function get_mysql_access($db, $account) |
| 96 | 96 |
{
|
| 97 | 97 |
$mysql_access = array(); |
| 98 | 98 |
$result = db_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
|
| 99 |
- if (mysql_num_rows($result) == 0) |
|
| 99 |
+ if ($result->rowCount() == 0) |
|
| 100 | 100 |
return false; |
| 101 |
- while ($line = mysql_fetch_object($result)) |
|
| 101 |
+ while ($line = $result->fetch(PDO::FETCH_OBJ)) |
|
| 102 | 102 |
$mysql_access[$line->db][$line->user] = true; |
| 103 | 103 |
} |
| 104 | 104 |
return (array_key_exists($db, $mysql_access) && array_key_exists($account, $mysql_access[$db])); |
| ... | ... |
@@ -108,8 +108,8 @@ function get_mysql_access($db, $account) |
| 108 | 108 |
function set_mysql_access($db, $account, $status) |
| 109 | 109 |
{
|
| 110 | 110 |
$uid = $_SESSION['userinfo']['uid']; |
| 111 |
- $db = mysql_real_escape_string($db); |
|
| 112 |
- $account = mysql_real_escape_string($account); |
|
| 111 |
+ $db = db_escape_string($db); |
|
| 112 |
+ $account = db_escape_string($account); |
|
| 113 | 113 |
DEBUG("User »{$account}« soll ".($status ? "" : "NICHT ")."auf die Datenbank »{$db}« zugreifen");
|
| 114 | 114 |
$query = ''; |
| 115 | 115 |
if ($status) |
| ... | ... |
@@ -117,13 +117,13 @@ function set_mysql_access($db, $account, $status) |
| 117 | 117 |
if (get_mysql_access($db, $account)) |
| 118 | 118 |
return NULL; |
| 119 | 119 |
$result = db_query("SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1");
|
| 120 |
- if (mysql_num_rows($result) != 1) |
|
| 120 |
+ if ($result->rowCount() != 1) |
|
| 121 | 121 |
{
|
| 122 | 122 |
logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find database {$db}");
|
| 123 | 123 |
system_failure("cannot find database »{$db}«");
|
| 124 | 124 |
} |
| 125 | 125 |
$result = db_query("SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid} LIMIT 1");
|
| 126 |
- if (mysql_num_rows($result) != 1) |
|
| 126 |
+ if ($result->rowCount() != 1) |
|
| 127 | 127 |
{
|
| 128 | 128 |
logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find user {$account}");
|
| 129 | 129 |
system_failure("cannot find database user »{$account}«");
|
| ... | ... |
@@ -151,7 +151,7 @@ function create_mysql_account($username, $description = '') |
| 151 | 151 |
return NULL; |
| 152 | 152 |
} |
| 153 | 153 |
$uid = $_SESSION['userinfo']['uid']; |
| 154 |
- $username = mysql_real_escape_string($username); |
|
| 154 |
+ $username = db_escape_string($username); |
|
| 155 | 155 |
$description = maybe_null($description); |
| 156 | 156 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "creating user »{$username}«");
|
| 157 | 157 |
db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);");
|
| ... | ... |
@@ -160,7 +160,7 @@ function create_mysql_account($username, $description = '') |
| 160 | 160 |
|
| 161 | 161 |
function delete_mysql_account($username) |
| 162 | 162 |
{
|
| 163 |
- $username = mysql_real_escape_string($username); |
|
| 163 |
+ $username = db_escape_string($username); |
|
| 164 | 164 |
$uid = $_SESSION['userinfo']['uid']; |
| 165 | 165 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "deleting user »{$username}«");
|
| 166 | 166 |
db_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
|
| ... | ... |
@@ -175,7 +175,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL) |
| 175 | 175 |
input_error("Der eingegebene Datenbankname entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein.");
|
| 176 | 176 |
return NULL; |
| 177 | 177 |
} |
| 178 |
- $dbname = mysql_real_escape_string($dbname); |
|
| 178 |
+ $dbname = db_escape_string($dbname); |
|
| 179 | 179 |
$uid = $_SESSION['userinfo']['uid']; |
| 180 | 180 |
$description = maybe_null($description); |
| 181 | 181 |
$server = (int) $server; |
| ... | ... |
@@ -189,7 +189,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL) |
| 189 | 189 |
|
| 190 | 190 |
function delete_mysql_database($dbname) |
| 191 | 191 |
{
|
| 192 |
- $dbname = mysql_real_escape_string($dbname); |
|
| 192 |
+ $dbname = db_escape_string($dbname); |
|
| 193 | 193 |
$uid = $_SESSION['userinfo']['uid']; |
| 194 | 194 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "removing database »{$dbname}«");
|
| 195 | 195 |
db_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
|
| ... | ... |
@@ -212,8 +212,8 @@ function validate_mysql_username($username) |
| 212 | 212 |
|
| 213 | 213 |
function set_mysql_password($username, $password) |
| 214 | 214 |
{
|
| 215 |
- $username = mysql_real_escape_string($username); |
|
| 216 |
- $password = mysql_real_escape_string($password); |
|
| 215 |
+ $username = db_escape_string($username); |
|
| 216 |
+ $password = db_escape_string($password); |
|
| 217 | 217 |
$uid = $_SESSION['userinfo']['uid']; |
| 218 | 218 |
logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "updating password for »{$username}«");
|
| 219 | 219 |
db_query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;");
|
| ... | ... |
@@ -223,18 +223,18 @@ function set_mysql_password($username, $password) |
| 223 | 223 |
function has_mysql_database($dbname) |
| 224 | 224 |
{
|
| 225 | 225 |
$uid = $_SESSION['userinfo']['uid']; |
| 226 |
- $dbname = mysql_real_escape_string($dbname); |
|
| 226 |
+ $dbname = db_escape_string($dbname); |
|
| 227 | 227 |
$result = db_query("SELECT NULL FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
|
| 228 |
- return (mysql_num_rows($result) == 1); |
|
| 228 |
+ return ($result->rowCount() == 1); |
|
| 229 | 229 |
} |
| 230 | 230 |
|
| 231 | 231 |
|
| 232 | 232 |
function has_mysql_user($username) |
| 233 | 233 |
{
|
| 234 | 234 |
$uid = $_SESSION['userinfo']['uid']; |
| 235 |
- $userame = mysql_real_escape_string($username); |
|
| 235 |
+ $userame = db_escape_string($username); |
|
| 236 | 236 |
$result = db_query("SELECT NULL FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
|
| 237 |
- return (mysql_num_rows($result) == 1); |
|
| 237 |
+ return ($result->rowCount() == 1); |
|
| 238 | 238 |
} |
| 239 | 239 |
|
| 240 | 240 |
|
| ... | ... |
@@ -16,14 +16,14 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 16 | 16 |
|
| 17 | 17 |
function set_newsletter_address($address) {
|
| 18 | 18 |
$cid = $_SESSION['customerinfo']['customerno']; |
| 19 |
- $address = maybe_null(mysql_real_escape_string($address)); |
|
| 19 |
+ $address = maybe_null(db_escape_string($address)); |
|
| 20 | 20 |
db_query("UPDATE kundendaten.kunden SET email_newsletter={$address} WHERE id={$cid}");
|
| 21 | 21 |
} |
| 22 | 22 |
|
| 23 | 23 |
function get_newsletter_address() {
|
| 24 | 24 |
$cid = $_SESSION['customerinfo']['customerno']; |
| 25 | 25 |
$result = db_query("SELECT email_newsletter FROM kundendaten.kunden WHERE id={$cid}");
|
| 26 |
- $r = mysql_fetch_assoc($result); |
|
| 26 |
+ $r = $result->fetch(); |
|
| 27 | 27 |
return $r['email_newsletter']; |
| 28 | 28 |
} |
| 29 | 29 |
|
| ... | ... |
@@ -32,7 +32,7 @@ function get_latest_news() {
|
| 32 | 32 |
$today = strftime('%Y-%m-%d');
|
| 33 | 33 |
$result = db_query("SELECT id, date, subject, content FROM misc.news WHERE date > '{$today}' - INTERVAL 1 YEAR ORDER BY date DESC");
|
| 34 | 34 |
$ret = array(); |
| 35 |
- while ($item = mysql_fetch_assoc($result)) {
|
|
| 35 |
+ while ($item = $result->fetch()) {
|
|
| 36 | 36 |
$ret[] = $item; |
| 37 | 37 |
} |
| 38 | 38 |
DEBUG($ret); |
| ... | ... |
@@ -43,7 +43,7 @@ function get_latest_news() {
|
| 43 | 43 |
function get_news_item($id) {
|
| 44 | 44 |
$id = (int) $id; |
| 45 | 45 |
$result = db_query("SELECT date, subject, content FROM misc.news WHERE id={$id}");
|
| 46 |
- $ret = mysql_fetch_assoc($result); |
|
| 46 |
+ $ret = $result->fetch(); |
|
| 47 | 47 |
DEBUG($ret); |
| 48 | 48 |
return $ret; |
| 49 | 49 |
} |
| ... | ... |
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_once('inc/db_connect.php');
|
|
| 18 | 17 |
require_once('session/checkuser.php');
|
| 19 | 18 |
|
| 20 | 19 |
function customer_has_email($customerno, $email) |
| 21 | 20 |
{
|
| 22 | 21 |
$customerno = (int) $customerno; |
| 23 |
- $email = mysql_real_escape_string($email); |
|
| 22 |
+ $email = db_escape_string($email); |
|
| 24 | 23 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
|
| 25 |
- return (mysql_num_rows($result) > 0); |
|
| 24 |
+ return ($result->rowCount() > 0); |
|
| 26 | 25 |
} |
| 27 | 26 |
|
| 28 | 27 |
|
| ... | ... |
@@ -30,9 +29,9 @@ function validate_token($customerno, $token) |
| 30 | 29 |
{
|
| 31 | 30 |
expire_tokens(); |
| 32 | 31 |
$customerno = (int) $customerno; |
| 33 |
- $token = mysql_real_escape_string($token); |
|
| 32 |
+ $token = db_escape_string($token); |
|
| 34 | 33 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
|
| 35 |
- return (mysql_num_rows($result) > 0); |
|
| 34 |
+ return ($result->rowCount() > 0); |
|
| 36 | 35 |
} |
| 37 | 36 |
|
| 38 | 37 |
|
| ... | ... |
@@ -53,9 +52,9 @@ function create_token($customerno) |
| 53 | 52 |
$customerno = (int) $customerno; |
| 54 | 53 |
expire_tokens(); |
| 55 | 54 |
$result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
|
| 56 |
- if (mysql_num_rows($result) > 0) |
|
| 55 |
+ if ($result->rowCount() > 0) |
|
| 57 | 56 |
{
|
| 58 |
- $res = mysql_fetch_object($result)->token_create; |
|
| 57 |
+ $res = $result->fetch(PDO::FETCH_OBJ)->token_create; |
|
| 59 | 58 |
input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
|
| 60 | 59 |
return false; |
| 61 | 60 |
} |
| ... | ... |
@@ -70,9 +69,9 @@ function get_customer_token($customerno) |
| 70 | 69 |
$customerno = (int) $customerno; |
| 71 | 70 |
expire_tokens(); |
| 72 | 71 |
$result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
|
| 73 |
- if (mysql_num_rows($result) < 1) |
|
| 72 |
+ if ($result->rowCount() < 1) |
|
| 74 | 73 |
system_failure("Kann das Token nicht auslesen!");
|
| 75 |
- return mysql_fetch_object($result)->token; |
|
| 74 |
+ return $result->fetch(PDO::FETCH_OBJ)->token; |
|
| 76 | 75 |
} |
| 77 | 76 |
|
| 78 | 77 |
|
| ... | ... |
@@ -14,17 +14,16 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_once('inc/db_connect.php');
|
|
| 18 | 17 |
require_once('mail.php');
|
| 19 | 18 |
|
| 20 | 19 |
function customer_with_email($email) |
| 21 | 20 |
{
|
| 22 |
- $email = mysql_real_escape_string($email); |
|
| 21 |
+ $email = db_escape_string($email); |
|
| 23 | 22 |
$result = db_query("SELECT id FROM kundendaten.kunden WHERE email='{$email}' OR email_rechnung='{$email}' OR email_extern='{$email}' LIMIT 1;");
|
| 24 |
- if (mysql_num_rows($result) == 0) |
|
| 23 |
+ if ($result->rowCount() == 0) |
|
| 25 | 24 |
return NULL; |
| 26 | 25 |
else |
| 27 |
- return mysql_fetch_object($result)->id; |
|
| 26 |
+ return $result->fetch(PDO::FETCH_OBJ)->id; |
|
| 28 | 27 |
} |
| 29 | 28 |
|
| 30 | 29 |
|
| ... | ... |
@@ -38,11 +37,11 @@ function create_customer($data) |
| 38 | 37 |
return NULL; |
| 39 | 38 |
} |
| 40 | 39 |
|
| 41 |
- $anrede = mysql_escape_string($data['anrede']); |
|
| 42 |
- $firma = mysql_escape_string($data['firma']); |
|
| 43 |
- $vorname = mysql_escape_string($data['vorname']); |
|
| 44 |
- $nachname = mysql_escape_string($data['nachname']); |
|
| 45 |
- $email = mysql_escape_string($data['email']); |
|
| 40 |
+ $anrede = db_escape_string($data['anrede']); |
|
| 41 |
+ $firma = db_escape_string($data['firma']); |
|
| 42 |
+ $vorname = db_escape_string($data['vorname']); |
|
| 43 |
+ $nachname = db_escape_string($data['nachname']); |
|
| 44 |
+ $email = db_escape_string($data['email']); |
|
| 46 | 45 |
|
| 47 | 46 |
logger(LOG_INFO, 'modules/register/include/register', 'register', "Creating new account: {$anrede} / {$firma} / {$vorname} / {$nachname} / {$email}");
|
| 48 | 47 |
|
| ... | ... |
@@ -53,7 +52,7 @@ function create_customer($data) |
| 53 | 52 |
|
| 54 | 53 |
db_query("BEGIN");
|
| 55 | 54 |
db_query("INSERT INTO kundendaten.kunden (firma, nachname, vorname, anrede, email, erstellungsdatum,status) VALUES ({$firma}, {$nachname}, {$vorname}, {$anrede}, {$email}, CURDATE(), 3)");
|
| 56 |
- $customerno = mysql_insert_id(); |
|
| 55 |
+ $customerno = db_insert_id(); |
|
| 57 | 56 |
db_query("COMMIT");
|
| 58 | 57 |
return $customerno; |
| 59 | 58 |
|
| ... | ... |
@@ -24,7 +24,7 @@ function list_system_users() |
| 24 | 24 |
$result = db_query("SELECT uid,username FROM system.v_useraccounts ORDER BY username");
|
| 25 | 25 |
|
| 26 | 26 |
$ret = array(); |
| 27 |
- while ($item = mysql_fetch_object($result)) |
|
| 27 |
+ while ($item = $result->fetch(PDO::FETCH_OBJ)) |
|
| 28 | 28 |
array_push($ret, $item); |
| 29 | 29 |
return $ret; |
| 30 | 30 |
} |
| ... | ... |
@@ -37,7 +37,7 @@ function list_customers() |
| 37 | 37 |
$result = db_query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden");
|
| 38 | 38 |
|
| 39 | 39 |
$ret = array(); |
| 40 |
- while ($item = mysql_fetch_object($result)) |
|
| 40 |
+ while ($item = $result->fetch(PDO::FETCH_OBJ)) |
|
| 41 | 41 |
array_push($ret, $item); |
| 42 | 42 |
return $ret; |
| 43 | 43 |
} |
| ... | ... |
@@ -45,7 +45,7 @@ function list_customers() |
| 45 | 45 |
|
| 46 | 46 |
function find_customers($string) |
| 47 | 47 |
{
|
| 48 |
- $string = mysql_real_escape_string(chop($string)); |
|
| 48 |
+ $string = db_escape_string(chop($string)); |
|
| 49 | 49 |
$return = array(); |
| 50 | 50 |
$result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
|
| 51 | 51 |
"firma LIKE '%{$string}%' OR firma2 LIKE '%{$string}%' OR ".
|
| ... | ... |
@@ -55,14 +55,14 @@ function find_customers($string) |
| 55 | 55 |
"notizen LIKE '%{$string}%' OR email_rechnung LIKE '%{$string}%' OR ".
|
| 56 | 56 |
"email LIKE '%{$string}%' OR email_extern LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
|
| 57 | 57 |
"u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
|
| 58 |
- while ($entry = mysql_fetch_assoc($result)) |
|
| 58 |
+ while ($entry = $result->fetch()) |
|
| 59 | 59 |
$return[] = $entry['id']; |
| 60 | 60 |
|
| 61 | 61 |
$result = db_query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND (
|
| 62 | 62 |
domainname LIKE '%{$string}%' OR CONCAT_WS('.', domainname, tld) LIKE '%{$string}%'
|
| 63 | 63 |
)"); |
| 64 | 64 |
|
| 65 |
- while ($entry = mysql_fetch_assoc($result)) |
|
| 65 |
+ while ($entry = $result->fetch()) |
|
| 66 | 66 |
$return[] = $entry['kunde']; |
| 67 | 67 |
|
| 68 | 68 |
return $return; |
| ... | ... |
@@ -75,7 +75,7 @@ function find_users_for_customer($id) |
| 75 | 75 |
$return = array(); |
| 76 | 76 |
$result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE ".
|
| 77 | 77 |
"kunde='{$id}';");
|
| 78 |
- while ($entry = mysql_fetch_assoc($result)) |
|
| 78 |
+ while ($entry = $result->fetch()) |
|
| 79 | 79 |
$return[] = $entry; |
| 80 | 80 |
|
| 81 | 81 |
return $return; |
| ... | ... |
@@ -25,7 +25,7 @@ function list_subusers() |
| 25 | 25 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 26 | 26 |
$result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
|
| 27 | 27 |
$subusers = array(); |
| 28 |
- while ($item = mysql_fetch_assoc($result)) |
|
| 28 |
+ while ($item = $result->fetch()) |
|
| 29 | 29 |
{
|
| 30 | 30 |
$item['modules'] = explode(',', $item['modules']);
|
| 31 | 31 |
$subusers[] = $item; |
| ... | ... |
@@ -40,7 +40,7 @@ function load_subuser($id) {
|
| 40 | 40 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 41 | 41 |
|
| 42 | 42 |
$result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
|
| 43 |
- $item = mysql_fetch_assoc($result); |
|
| 43 |
+ $item = $result->fetch(); |
|
| 44 | 44 |
$item['modules'] = explode(',', $item['modules']);
|
| 45 | 45 |
return $item; |
| 46 | 46 |
} |
| ... | ... |
@@ -79,7 +79,7 @@ function new_subuser($username, $requested_modules, $password) |
| 79 | 79 |
{
|
| 80 | 80 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 81 | 81 |
|
| 82 |
- $username = mysql_real_escape_string(filter_input_username($username)); |
|
| 82 |
+ $username = db_escape_string(filter_input_username($username)); |
|
| 83 | 83 |
if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
| 84 | 84 |
// Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
| 85 | 85 |
system_failure("Ungültiger Benutzername!");
|
| ... | ... |
@@ -100,7 +100,7 @@ function new_subuser($username, $requested_modules, $password) |
| 100 | 100 |
if (count($modules) == 0) {
|
| 101 | 101 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 102 | 102 |
} |
| 103 |
- $modules = mysql_real_escape_string(implode(',', $modules));
|
|
| 103 |
+ $modules = db_escape_string(implode(',', $modules));
|
|
| 104 | 104 |
|
| 105 | 105 |
$result = strong_password($password); |
| 106 | 106 |
if ($result !== true) {
|
| ... | ... |
@@ -128,7 +128,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 128 | 128 |
system_failure("Kann diesen Account nicht finden!");
|
| 129 | 129 |
} |
| 130 | 130 |
|
| 131 |
- $username = mysql_real_escape_string(filter_input_username($username)); |
|
| 131 |
+ $username = db_escape_string(filter_input_username($username)); |
|
| 132 | 132 |
if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
| 133 | 133 |
// Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
| 134 | 134 |
system_failure("Ungültiger Benutzername!");
|
| ... | ... |
@@ -148,7 +148,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 148 | 148 |
if (count($modules) == 0) {
|
| 149 | 149 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 150 | 150 |
} |
| 151 |
- $modules = mysql_real_escape_string(implode(',', $modules));
|
|
| 151 |
+ $modules = db_escape_string(implode(',', $modules));
|
|
| 152 | 152 |
|
| 153 | 153 |
$pwchange = ''; |
| 154 | 154 |
if ($password) {
|
| ... | ... |
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 | 17 |
require_once("inc/debug.php");
|
| 18 |
-require_once("inc/db_connect.php");
|
|
| 19 | 18 |
|
| 20 | 19 |
|
| 21 | 20 |
|
| ... | ... |
@@ -23,14 +22,14 @@ function customer_may_have_useraccounts() |
| 23 | 22 |
{
|
| 24 | 23 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
| 25 | 24 |
$result = db_query("SELECT COUNT(*) FROM system.useraccounts WHERE kunde={$customerno}");
|
| 26 |
- return (mysql_num_rows($result) > 0); |
|
| 25 |
+ return ($result->rowCount() > 0); |
|
| 27 | 26 |
} |
| 28 | 27 |
|
| 29 | 28 |
function customer_useraccount($uid) {
|
| 30 | 29 |
$uid = (int) $uid; |
| 31 | 30 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
| 32 | 31 |
$result = db_query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1");
|
| 33 |
- return mysql_num_rows($result) > 0; |
|
| 32 |
+ return $result->rowCount() > 0; |
|
| 34 | 33 |
} |
| 35 | 34 |
|
| 36 | 35 |
function primary_useraccount() |
| ... | ... |
@@ -39,7 +38,7 @@ function primary_useraccount() |
| 39 | 38 |
return NULL; |
| 40 | 39 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
| 41 | 40 |
$result = db_query("SELECT MIN(uid) AS uid FROM system.useraccounts WHERE kunde={$customerno}");
|
| 42 |
- $uid = mysql_fetch_object($result)->uid; |
|
| 41 |
+ $uid = $result->fetch(PDO::FETCH_OBJ)->uid; |
|
| 43 | 42 |
DEBUG("primary useraccount: {$uid}");
|
| 44 | 43 |
return $uid; |
| 45 | 44 |
} |
| ... | ... |
@@ -49,7 +48,7 @@ function available_shells() |
| 49 | 48 |
{
|
| 50 | 49 |
$result = db_query("SELECT path, name FROM system.shells WHERE usable=1");
|
| 51 | 50 |
$ret = array(); |
| 52 |
- while ($s = mysql_fetch_assoc($result)) |
|
| 51 |
+ while ($s = $result->fetch()) |
|
| 53 | 52 |
{
|
| 54 | 53 |
$ret[$s['path']] = $s['name']; |
| 55 | 54 |
} |
| ... | ... |
@@ -63,7 +62,7 @@ function list_useraccounts() |
| 63 | 62 |
$customerno = (int) $_SESSION['customerinfo']['customerno']; |
| 64 | 63 |
$result = db_query("SELECT uid,username,name,erstellungsdatum,quota,shell FROM system.useraccounts WHERE kunde={$customerno}");
|
| 65 | 64 |
$ret = array(); |
| 66 |
- while ($item = mysql_fetch_assoc($result)) |
|
| 65 |
+ while ($item = $result->fetch()) |
|
| 67 | 66 |
{
|
| 68 | 67 |
array_push($ret, $item); |
| 69 | 68 |
} |
| ... | ... |
@@ -79,9 +78,9 @@ function get_account_details($uid, $customerno=0) |
| 79 | 78 |
if ($customerno == 0) |
| 80 | 79 |
$customerno = $_SESSION['customerinfo']['customerno']; |
| 81 | 80 |
$result = db_query("SELECT uid,username,name,shell,quota,erstellungsdatum FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid}");
|
| 82 |
- if (mysql_num_rows($result) == 0) |
|
| 81 |
+ if ($result->rowCount() == 0) |
|
| 83 | 82 |
system_failure("Cannot find the requestes useraccount (for this customer).");
|
| 84 |
- return mysql_fetch_assoc($result); |
|
| 83 |
+ return $result->fetch(); |
|
| 85 | 84 |
} |
| 86 | 85 |
|
| 87 | 86 |
function get_used_quota($uid) |
| ... | ... |
@@ -89,7 +88,7 @@ function get_used_quota($uid) |
| 89 | 88 |
$uid = (int) $uid; |
| 90 | 89 |
$result = db_query("SELECT s.hostname AS server, systemquota, systemquota_used, mailquota, mailquota_used FROM system.v_quota AS q LEFT JOIN system.servers AS s ON (s.id=q.server) WHERE uid='{$uid}'");
|
| 91 | 90 |
$ret = array(); |
| 92 |
- while ($line = mysql_fetch_assoc($result)) |
|
| 91 |
+ while ($line = $result->fetch()) |
|
| 93 | 92 |
$ret[] = $line; |
| 94 | 93 |
DEBUG($ret); |
| 95 | 94 |
return $ret; |
| ... | ... |
@@ -105,8 +104,8 @@ function set_account_details($account) |
| 105 | 104 |
else |
| 106 | 105 |
$customerno = (int) $_SESSION['userinfo']['customerno']; |
| 107 | 106 |
|
| 108 |
- $fullname = maybe_null(mysql_real_escape_string(filter_input_general($account['name']))); |
|
| 109 |
- $shell = mysql_real_escape_string(filter_input_general($account['shell'])); |
|
| 107 |
+ $fullname = maybe_null(db_escape_string(filter_input_general($account['name']))); |
|
| 108 |
+ $shell = db_escape_string(filter_input_general($account['shell'])); |
|
| 110 | 109 |
|