Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on 01/02/2014 18:38:23
Showing 39 changed files
... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = db_escape_string(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44 44
 	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
45
+	if ($result->rowCount() < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = db_escape_string(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44 44
 	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
45
+	if ($result->rowCount() < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
21 20
new file mode 100644
... ...
@@ -0,0 +1,119 @@
1
+<?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+
17
+require_once('inc/base.php');
18
+require_once('inc/error.php');
19
+require_once('inc/debug.php');
20
+
21
+
22
+class DB extends PDO {
23
+  function __construct() {
24
+    $dsn = "mysql:host=".config('db_host');
25
+    if (config('db_port', true)) {
26
+      $dsn .= ';port='.config('db_port', true);
27
+    }
28
+    $username = config('db_user', true);
29
+    $password = config('db_pass', true);
30
+    parent::__construct($dsn, $username, $password);
31
+  }
32
+
33
+
34
+  /*
35
+    Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen
36
+  */
37
+  function query($stmt, $params = NULL) {
38
+    if (is_array($params)) {
39
+      $response = parent::prepare($stmt);
40
+      $response->execute($params);
41
+      return $response;
42
+    } else {
43
+      return parent::query($stmt);
44
+    }
45
+  }
46
+}
47
+
48
+
49
+/* FIXME 
50
+   Das ist etwas unelegant. Soll nur übergangsweise verwendet werden bis alles auf prepared statements umgestellt ist
51
+*/
52
+function db_escape_string($string)
53
+{
54
+  global $db;
55
+  __ensure_connected();
56
+  $quoted = $db->quote($string);
57
+  // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string()
58
+  $ret = substr($quoted, 1, -1);
59
+  return $ret;
60
+}
61
+
62
+
63
+function db_insert_id()
64
+{
65
+  global $db;
66
+  __ensure_connected();
67
+  return $db->lastInsertId();
68
+}
69
+
70
+
71
+function __ensure_connected()
72
+{
73
+  /*
74
+    Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton
75
+    aber es hilft uns in unserem prozeduralen Kontext
76
+  */
77
+  global $db;
78
+  if (! isset($db)) {
79
+    try {
80
+      DEBUG("Neue Datenbankverbindung!");
81
+      $db = new DB();
82
+      $db->query("SET NAMES utf8");
83
+      $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
84
+      $db->setAttribute(PDO::ATTR_AUTOCOMMIT, true);
85
+    } catch (PDOException $e) {
86
+      global $debugmode;
87
+      if ($debugmode) {
88
+        system_failure("MySQL-Fehler: ".$e->getMessage());
89
+      } else {
90
+        system_failure("Fehler bei der Datenbankverbindung!");
91
+      }
92
+    }
93
+  }
94
+}
95
+
96
+
97
+function db_query($stmt, $params = NULL)
98
+{
99
+  global $db;
100
+  __ensure_connected();
101
+  DEBUG($stmt);
102
+  if ($params) {
103
+    DEBUG($params);
104
+  }
105
+  try {
106
+    $result = $db->query($stmt, $params);
107
+    DEBUG('=> '.$result->rowCount().' rows');
108
+  } catch (PDOException $e) {
109
+    global $debugmode;
110
+    if ($debugmode) {
111
+      system_failure("MySQL-Fehler: ".$e->getMessage());
112
+    } else {
113
+      system_failure("Datenbankfehler");
114
+    }
115
+  }
116
+  return $result;
117
+}
118
+
119
+
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
... ...
@@ -42,7 +41,7 @@ class Domain extends KeksData
42 41
 
43 42
   function loadByName($name)
44 43
   {
45
-    $name = mysql_real_escape_string($name);
44
+    $name = db_escape_string($name);
46 45
     $res = $this->getData("*", "CONCAT_WS('.', domainname, tld)='{$name}' LIMIT 1");
47 46
     if (count($res) < 1)
48 47
       return false;
... ...
@@ -112,9 +111,9 @@ function get_domain_list($customerno, $uid = NULL)
112 111
   $query .= " ORDER BY domainname,tld";
113 112
   $result = db_query($query);
114 113
   $domains = array();
115
-  DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n");
116
-  if (mysql_num_rows($result) > 0)
117
-    while ($domain = mysql_fetch_object($result))
114
+  DEBUG('Result set is '.$result->rowCount()." rows.<br />\n");
115
+  if ($result->rowCount() > 0)
116
+    while ($domain = $result->fetch(PDO::FETCH_OBJ))
118 117
       array_push($domains, new Domain((int) $domain->id));
119 118
   DEBUG($domains);
120 119
 	return $domains;	
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
... ...
@@ -57,7 +56,7 @@ abstract class KeksData
57 56
   {
58 57
     $fields = array();
59 58
     $res = db_query("DESCRIBE {$this->default_table}");
60
-    while ($f = mysql_fetch_object($res))
59
+    while ($f = $res->fetch(PDO::FETCH_OBJ))
61 60
     {
62 61
       $fields[$f->Field] = $f->Default;
63 62
     }
... ...
@@ -80,7 +79,7 @@ abstract class KeksData
80 79
     
81 80
     $res = db_query("SELECT {$fields} FROM {$table} {$where}");
82 81
     $return = array();
83
-    while ($arr = mysql_fetch_assoc($res))
82
+    while ($arr = $res->fetch())
84 83
       array_push($return, $arr);
85 84
     return $return;
86 85
   }
... ...
@@ -102,7 +101,7 @@ abstract class KeksData
102 101
     $upd = array();
103 102
     foreach ($this->changes as $key => $value)
104 103
     {
105
-      $value = mysql_real_escape_string($value);
104
+      $value = db_escape_string($value);
106 105
       array_push($upd, "`{$key}`='{$value}'");
107 106
     }
108 107
     db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};");
... ...
@@ -17,7 +17,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 
18 18
 require_once('config.php');
19 19
 require_once('inc/debug.php');
20
-require_once('inc/db_connect.php');
21 20
 require_once("inc/base.php");
22 21
 require_once("inc/theme.php");
23 22
 
... ...
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('class/database.php');
18 18
 require_once('inc/debug.php');
19 19
 
20 20
 function config($key)
... ...
@@ -36,9 +36,9 @@ function config($key)
36 36
     return $config[$key];
37 37
   
38 38
   /* read configuration from database */
39
-  $options = db_query( "SELECT `key`, value FROM misc.config" );
39
+  $result = db_query( "SELECT `key`, value FROM misc.config" );
40 40
   
41
-  while( $object = mysql_fetch_assoc( $options ) ) {
41
+  while( $object = $result->fetch() ) {
42 42
     if (!array_key_exists($object['key'], $config)) {
43 43
 	    $config[$object['key']]=$object['value'];
44 44
     }
... ...
@@ -56,8 +56,9 @@ function config($key)
56 56
 
57 57
 function get_server_by_id($id) {
58 58
   $id = (int) $id;
59
-  $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'"));
60
-  return $result['hostname'];
59
+  $result = db_query("SELECT hostname FROM system.servers WHERE id='{$id}'");
60
+  $ret = $result->fetch();
61
+  return $ret['hostname'];
61 62
 }
62 63
 
63 64
 
... ...
@@ -74,7 +75,7 @@ function my_server_id()
74 75
 {
75 76
   $uid = (int) $_SESSION['userinfo']['uid'];
76 77
   $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
77
-  $r = mysql_fetch_assoc($result);
78
+  $r = $result->fetch();
78 79
   DEBUG($r);
79 80
   return $r['server'];
80 81
 }
... ...
@@ -85,7 +86,7 @@ function additional_servers()
85 86
   $uid = (int) $_SESSION['userinfo']['uid'];
86 87
   $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}");
87 88
   $servers = array();
88
-  while ($s = mysql_fetch_assoc($result))
89
+  while ($s = $result->fetch())
89 90
     $servers[] = $s['server'];
90 91
   DEBUG($servers);
91 92
   return $servers;
... ...
@@ -96,43 +97,27 @@ function server_names()
96 97
 {
97 98
   $result = db_query("SELECT id, hostname FROM system.servers");
98 99
   $servers = array();
99
-  while ($s = mysql_fetch_assoc($result))
100
+  while ($s = $result->fetch())
100 101
     $servers[$s['id']] = $s['hostname'];
101 102
   DEBUG($servers);
102 103
   return $servers;
103 104
 }
104 105
 
105 106
 
106
-function db_query($query)
107
-{
108
-  DEBUG($query);
109
-  $result = @mysql_query($query);
110
-  if (mysql_error())
111
-  {
112
-    $error = mysql_error();
113
-    logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}");
114
-    system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.');
115
-  }
116
-  $count = @mysql_num_rows($result);
117
-  if (! $count)
118
-    $count = 'no';
119
-  DEBUG("=> {$count} rows");
120
-  return $result; 
121
-}
122
-
123
-
124
-
107
+// FIXME
108
+// Diese Funktion funktioniert nicht für preprared statements
125 109
 function maybe_null($value)
126 110
 {
127 111
   if ($value == NULL)
128 112
     return 'NULL';
129 113
 
130 114
   if (strlen( (string) $value ) > 0)
131
-    return "'".mysql_real_escape_string($value)."'";
115
+    return "'".db_escape_string($value)."'";
132 116
   else
133 117
     return 'NULL';
134 118
 }
135 119
 
120
+
136 121
 #define('LOG_ERR', 3);
137 122
 #define('LOG_WARNING', 4);
138 123
 #define('LOG_INFO', 6);
... ...
@@ -148,11 +133,11 @@ function logger($severity, $scriptname, $scope, $message)
148 133
   elseif ($_SESSION['role'] & ROLE_CUSTOMER)
149 134
     $user = "'{$_SESSION['customerinfo']['customerno']}'";
150 135
   
151
-  $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
136
+  $remote = db_escape_string($_SERVER['REMOTE_ADDR']);
152 137
 
153
-  $scriptname = mysql_real_escape_string($scriptname);
154
-  $scope = mysql_real_escape_string($scope);
155
-  $message = mysql_real_escape_string($message);
138
+  $scriptname = db_escape_string($scriptname);
139
+  $scope = db_escape_string($scope);
140
+  $message = db_escape_string($message);
156 141
 
157 142
   db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
158 143
 }
159 144
deleted file mode 100644
... ...
@@ -1,33 +0,0 @@
1
-<?php
2
-/*
3
-This file belongs to the Webinterface of schokokeks.org Hosting
4
-
5
-Written 2008-2013 by schokokeks.org Hosting, namely
6
-  Bernd Wurst <bernd@schokokeks.org>
7
-  Hanno Böck <hanno@schokokeks.org>
8
-
9
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
-
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
-http://creativecommons.org/publicdomain/zero/1.0/
13
-
14
-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
-*/
16
-
17
-require_once('inc/error.php');
18
-
19
-include("config.php");
20
-global $config;
21
-
22
-$host = $config['db_host'];
23
-if ($config['db_port']) {
24
-  $host .= ":".$config['db_port'];
25
-}
26
-
27
-if (!@mysql_connect($host, $config['db_user'], $config['db_pass']))
28
-	die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.');
29
-	
30
-if (!@mysql_query('SET NAMES utf8'))
31
-	die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!');
32
-
33
-?>
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 require_once('inc/error.php');
... ...
@@ -38,14 +37,14 @@ function get_domain_offer($domainname)
38 37
   $data = array("domainname" => $domainname, "basename" => $basename, "tld" => $tld);
39 38
 
40 39
   $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise_kunde WHERE kunde={$cid} AND tld='{$tld}' AND ruecksprache='N'");
41
-  if (mysql_num_rows($result) != 1) {
40
+  if ($result->rowCount() != 1) {
42 41
     $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise WHERE tld='{$tld}' AND ruecksprache='N'");
43 42
   }
44
-  if (mysql_num_rows($result) != 1) {
43
+  if ($result->rowCount() != 1) {
45 44
     warning('Die Endung »'.$tld.'« steht zur automatischen Eintragung nicht zur Verfügung.');
46 45
     return;
47 46
   }
48
-  $temp = mysql_fetch_assoc($result);
47
+  $temp = $result->fetch();
49 48
   $data["gebuehr"] = $temp["gebuehr"];
50 49
   $data["setup"] = ($temp["setup"] ? $temp["setup"] : 0.0);
51 50
   
... ...
@@ -93,7 +92,7 @@ function list_useraccounts()
93 92
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
94 93
   $result = db_query("SELECT uid,username,name FROM system.useraccounts WHERE kunde={$customerno}");
95 94
   $ret = array();
96
-  while ($item = mysql_fetch_assoc($result))
95
+  while ($item = $result->fetch())
97 96
   {
98 97
     $ret[] = $item;
99 98
   }
... ...
@@ -19,7 +19,7 @@ require_once('inc/base.php');
19 19
 
20 20
 function find_customers($string) 
21 21
 {
22
-  $string = mysql_real_escape_string(chop($string));
22
+  $string = db_escape_string(chop($string));
23 23
   $return = array();
24 24
   $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ".
25 25
                      "ON (kk.kundennr = k.id) LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
... ...
@@ -30,7 +30,7 @@ function find_customers($string)
30 30
                      "notizen LIKE '%{$string}%' OR kk.name LIKE '%{$string}%' OR ".
31 31
                      "kk.wert LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
32 32
                      "u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
33
-  while ($entry = mysql_fetch_assoc($result))
33
+  while ($entry = $result->fetch())
34 34
     $return[] = $entry['id'];
35 35
 
36 36
   return $return;
... ...
@@ -43,7 +43,7 @@ function find_users_for_customer($id)
43 43
   $return = array();
44 44
   $result = db_query("SELECT uid, username FROM system.useraccounts WHERE ".
45 45
                      "kunde='{$id}';");
46
-  while ($entry = mysql_fetch_assoc($result))
46
+  while ($entry = $result->fetch())
47 47
     $return[$entry['uid']] = $entry['username'];
48 48
 
49 49
   return $return;
... ...
@@ -56,7 +56,7 @@ function hosting_contracts($cid)
56 56
   $cid = (int) $cid;
57 57
   $result = db_query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid);
58 58
   $ret = array();
59
-  while ($x = mysql_fetch_assoc($result))
59
+  while ($x = $result->fetch())
60 60
     array_push($ret, $x);
61 61
   DEBUG($ret);
62 62
 
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 require_once('inc/error.php');
... ...
@@ -28,7 +27,7 @@ function get_dyndns_accounts()
28 27
   $uid = (int) $_SESSION['userinfo']['uid'];
29 28
   $result = db_query("SELECT * FROM dns.dyndns WHERE uid={$uid}");
30 29
   $list = array();
31
-  while ($item = mysql_fetch_assoc($result)) {
30
+  while ($item = $result->fetch()) {
32 31
     array_push($list, $item);
33 32
   }
34 33
   DEBUG($list);
... ...
@@ -41,11 +40,11 @@ function get_dyndns_account($id)
41 40
   $id = (int) $id;
42 41
   $uid = (int) $_SESSION['userinfo']['uid'];
43 42
   $result = db_query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}");
44
-  if (mysql_num_rows($result) != 1) {
43
+  if ($result->rowCount() != 1) {
45 44
     logger(LOG_WARNING, "modules/dns/include/dnsinclude", "dyndns", "account »{$id}« invalid for uid »{$uid}«.");
46 45
     system_failure("Account ungültig");
47 46
   }
48
-  $item = mysql_fetch_assoc($result);
47
+  $item = $result->fetch();
49 48
   DEBUG($item);
50 49
   return $item;
51 50
 }
... ...
@@ -58,8 +57,8 @@ function create_dyndns_account($handle, $password_http, $sshkey)
58 57
   if ($password_http == '' && $sshkey == '')
59 58
     system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.');  
60 59
 
61
-  $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle)));
62
-  $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey)));
60
+  $handle = maybe_null(db_escape_string(filter_input_username($handle)));
61
+  $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey)));
63 62
 
64 63
   $pwhash = 'NULL';
65 64
   if ($password_http)
... ...
@@ -73,8 +72,8 @@ function create_dyndns_account($handle, $password_http, $sshkey)
73 72
 function edit_dyndns_account($id, $handle, $password_http, $sshkey)
74 73
 {
75 74
   $id = (int) $id;
76
-  $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle)));
77
-  $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey)));
75
+  $handle = maybe_null(db_escape_string(filter_input_username($handle)));
76
+  $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey)));
78 77
 
79 78
   $pwhash = 'NULL';
80 79
   if ($password_http)
... ...
@@ -104,7 +103,7 @@ function get_dyndns_records($id)
104 103
   $id = (int) $id;
105 104
   $result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}");
106 105
   $data = array();
107
-  while ($entry = mysql_fetch_assoc($result)) {
106
+  while ($entry = $result->fetch()) {
108 107
     $dom = new Domain((int) $entry['domain']);
109 108
     $dom->ensure_userdomain();
110 109
     $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
... ...
@@ -144,9 +143,9 @@ function get_dns_record($id)
144 143
 {
145 144
   $id = (int) $id;
146 145
   $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}");
147
-  if (mysql_num_rows($result) != 1)
146
+  if ($result->rowCount() != 1)
148 147
     system_failure('illegal ID');
149
-  $data = mysql_fetch_assoc($result);
148
+  $data = $result->fetch();
150 149
   $dom = new Domain( (int) $data['domain']);
151 150
   $dom->ensure_userdomain();
152 151
   DEBUG($data);
... ...
@@ -159,7 +158,7 @@ function get_domain_records($dom)
159 158
   $dom = (int) $dom;
160 159
   $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}");
161 160
   $data = array();
162
-  while ($entry = mysql_fetch_assoc($result)) {
161
+  while ($entry = $result->fetch()) {
163 162
     $dom = new Domain((int) $entry['domain']);
164 163
     $dom->ensure_userdomain();
165 164
     $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
... ...
@@ -173,11 +172,11 @@ function get_domain_records($dom)
173 172
 
174 173
 function get_domain_auto_records($domainname)
175 174
 {
176
-  $domainname = mysql_real_escape_string($domainname);
175
+  $domainname = db_escape_string($domainname);
177 176
   //$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'");
178 177
   $result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'");
179 178
   $data = array();
180
-  while ($entry = mysql_fetch_assoc($result)) {
179
+  while ($entry = $result->fetch()) {
181 180
     array_push($data, $entry);
182 181
   }
183 182
   DEBUG($data);
... ...
@@ -329,7 +328,7 @@ function domain_is_maildomain($domain)
329 328
 {
330 329
   $domain = (int) $domain;
331 330
   $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
332
-  $dom = mysql_fetch_assoc($result);
331
+  $dom = $result->fetch();
333 332
   return ($dom['mail'] != 'none');
334 333
 }
335 334
 
... ...
@@ -27,7 +27,7 @@ function mailman_subdomains($domain)
27 27
   $domain = (int) $domain;
28 28
   $result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}");
29 29
   $ret = array();
30
-  while ($line = mysql_fetch_assoc($result))
30
+  while ($line = $result->fetch())
31 31
   {
32 32
     $ret[] = $line;
33 33
   }
... ...
@@ -40,7 +40,7 @@ function dns_in_use($domain)
40 40
     return false;
41 41
   $domain = (int) $domain;
42 42
   $result = db_query("SELECT id FROM dns.custom_records WHERE domain={$domain}");
43
-  return (mysql_num_rows($result) > 0);
43
+  return ($result->rowCount() > 0);
44 44
 }
45 45
 
46 46
 
... ...
@@ -52,16 +52,16 @@ function mail_in_use($domain)
52 52
   }
53 53
   $domain = (int) $domain;
54 54
   $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
55
-  if (mysql_num_rows($result) < 1)
55
+  if ($result->rowCount() < 1)
56 56
     system_failure("Domain not found");
57
-  $d = mysql_fetch_assoc($result);
57
+  $d = $result->fetch();
58 58
   if ($d['mail'] == 'none')
59 59
     return false; // manually disabled
60 60
   $result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}");
61
-  if (mysql_num_rows($result) < 1)
61
+  if ($result->rowCount() < 1)
62 62
     return true; // .courier
63 63
   $result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}");
64
-  return (mysql_num_rows($result) > 0);
64
+  return ($result->rowCount() > 0);
65 65
 }
66 66
 
67 67
 function web_in_use($domain)
... ...
@@ -72,12 +72,12 @@ function web_in_use($domain)
72 72
   $domain = (int) $domain;
73 73
 
74 74
   $result = db_query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1");
75
-  if (mysql_num_rows($result) < 1)
75
+  if ($result->rowCount() < 1)
76 76
     return false;
77 77
 
78 78
   $result = db_query("SELECT id FROM vhosts.vhost WHERE domain={$domain}");
79 79
   $result2 = db_query("SELECT id FROM vhosts.alias WHERE domain={$domain}");
80
-  return (mysql_num_rows($result) > 0 || mysql_num_rows($result2) > 0);
80
+  return ($result->rowCount() > 0 || $result2->rowCount() > 0);
81 81
 }
82 82
 
83 83
 
... ...
@@ -20,8 +20,8 @@ function user_has_accounts()
20 20
 {
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22 22
   $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid");
23
-  DEBUG(mysql_num_rows($result)." accounts");
24
-  return (mysql_num_rows($result) > 0);
23
+  DEBUG($result->rowCount()." accounts");
24
+  return ($result->rowCount() > 0);
25 25
 }
26 26
 
27 27
 if (! function_exists("user_has_vmail_domain"))
... ...
@@ -34,7 +34,7 @@ if (! function_exists("user_has_vmail_domain"))
34 34
         }
35 35
         $uid = (int) $_SESSION['userinfo']['uid'];
36 36
         $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
37
-        $row = mysql_fetch_array($result);
37
+        $row = $result->fetch();
38 38
         $count = $row[0];
39 39
         DEBUG("User has {$count} vmail-domains");
40 40
         return ( (int) $count > 0 );
... ...
@@ -24,7 +24,7 @@ if (! function_exists("user_has_vmail_domain"))
24 24
 	}
25 25
 	$uid = (int) $_SESSION['userinfo']['uid'];
26 26
 	$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
27
-	$row = mysql_fetch_array($result);
27
+	$row = $result->fetch();
28 28
 	$count = $row[0];
29 29
 	DEBUG("User has {$count} vmail-domains");
30 30
 	return ( (int) $count > 0 );
... ...
@@ -42,7 +42,7 @@ if (! function_exists("user_has_dotcourier_domain"))
42 42
 	$uid = (int) $_SESSION['userinfo']['uid'];
43 43
 	$result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". 
44 44
             "SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);");
45
-  $ret = (mysql_num_rows($result) > 0);
45
+  $ret = ($result->rowCount() > 0);
46 46
   if ($ret)
47 47
     DEBUG("User {$uid} has dotcourier-domains");
48 48
   return $ret;
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 
... ...
@@ -27,10 +26,10 @@ function mailaccounts($uid)
27 26
 {
28 27
   $uid = (int) $uid;
29 28
   $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local");
30
-  DEBUG("Found ".@mysql_num_rows($result)." rows!");
29
+  DEBUG("Found ".@$result->rowCount()." rows!");
31 30
   $accounts = array();
32
-  if (@mysql_num_rows($result) > 0)
33
-    while ($acc = @mysql_fetch_object($result))
31
+  if (@$result->rowCount() > 0)
32
+    while ($acc = @$result->fetch(PDO::FETCH_OBJ))
34 33
       array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
35 34
   return $accounts;
36 35
 }
... ...
@@ -40,10 +39,10 @@ function get_mailaccount($id)
40 39
   $id = (int) $id;
41 40
   $uid = (int) $_SESSION['userinfo']['uid'];
42 41
   $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
43
-  DEBUG("Found ".mysql_num_rows($result)." rows!");
44
-  if (mysql_num_rows($result) != 1)
42
+  DEBUG("Found ".$result->rowCount()." rows!");
43
+  if ($result->rowCount() != 1)
45 44
     system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
46
-  $acc = mysql_fetch_object($result);
45
+  $acc = $result->fetch(PDO::FETCH_OBJ);
47 46
   $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
48 47
   DEBUG(print_r($ret, true));
49 48
   return $ret;
... ...
@@ -73,13 +72,13 @@ function change_mailaccount($id, $arr)
73 72
         array_push($conditions, "domain={$domain->id}");
74 73
       }
75 74
     }
76
-    array_push($conditions, "local='".mysql_real_escape_string($local)."'");
75
+    array_push($conditions, "local='".db_escape_string($local)."'");
77 76
   }
78 77
   if (isset($arr['mailbox']))
79 78
     if ($arr['mailbox'] == '')
80 79
       array_push($conditions, "`maildir`=NULL");
81 80
     else
82
-      array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'");
81
+      array_push($conditions, "`maildir`='".db_escape_string($arr['mailbox'])."'");
83 82
 
84 83
   if (isset($arr['password']))
85 84
   {
... ...
@@ -121,13 +120,13 @@ function create_mailaccount($arr)
121 120
     }
122 121
   }
123 122
 
124
-  $values['local'] = "'".mysql_real_escape_string($local)."'";
123
+  $values['local'] = "'".db_escape_string($local)."'";
125 124
 
126 125
   if (isset($arr['mailbox']))
127 126
     if ($arr['mailbox'] == '')
128 127
       $values['maildir'] = 'NULL';
129 128
     else
130
-      $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'";
129
+      $values['maildir']= "'".db_escape_string($arr['mailbox'])."'";
131 130
 
132 131
 
133 132
   if (isset($arr['password']))
... ...
@@ -149,13 +148,13 @@ function get_mailaccount_id($accountname)
149 148
 {
150 149
   list($local, $domain) = explode('@', $accountname, 2);
151 150
 
152
-  $local = mysql_real_escape_string($local);
153
-  $domain = mysql_real_escape_string($domain);
151
+  $local = db_escape_string($local);
152
+  $domain = db_escape_string($domain);
154 153
 
155 154
   $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
156
-  if (mysql_num_rows($result) != 1)
155
+  if ($result->rowCount() != 1)
157 156
     system_failure('account nicht eindeutig');
158
-  $acc = mysql_fetch_assoc($result);
157
+  $acc = $result->fetch();
159 158
   return $acc['id'];
160 159
 }
161 160
     
... ...
@@ -214,7 +213,7 @@ function imap_on_vmail_domain()
214 213
 {
215 214
   $uid = (int) $_SESSION['userinfo']['uid'];
216 215
   $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
217
-  if (mysql_num_rows($result) > 0)
216
+  if ($result->rowCount() > 0)
218 217
     return true;
219 218
   return false;
220 219
 }
... ...
@@ -224,11 +223,11 @@ function user_has_only_vmail_domains()
224 223
   $uid = (int) $_SESSION['userinfo']['uid'];
225 224
   $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
226 225
   // User hat keine VMail-Domains
227
-  if (mysql_num_rows($result) == 0)
226
+  if ($result->rowCount() == 0)
228 227
     return false;
229 228
   $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
230 229
   // User hat keine Domains die nicht vmail-Domains sind
231
-  if (mysql_num_rows($result) == 0)
230
+  if ($result->rowCount() == 0)
232 231
     return true;
233 232
   return false;
234 233
 }
... ...
@@ -58,9 +58,9 @@ Ihre E-Mail wird nicht weitergeleitet.',
58 58
 
59 59
 function get_vmail_id_by_emailaddr($emailaddr) 
60 60
 {
61
-  $emailaddr = mysql_real_escape_string( $emailaddr );
61
+  $emailaddr = db_escape_string( $emailaddr );
62 62
   $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'");
63
-  $entry = mysql_fetch_assoc($result);
63
+  $entry = $result->fetch();
64 64
   return (int) $entry['id'];
65 65
 }
66 66
 
... ...
@@ -74,10 +74,10 @@ function get_account_details($id, $checkuid = true)
74 74
     $uid_check = "useraccount='{$uid}' AND ";
75 75
   }
76 76
   $result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1");
77
-	if (mysql_num_rows($result) == 0)
77
+	if ($result->rowCount() == 0)
78 78
 		system_failure('Ungültige ID oder kein eigener Account');
79 79
 	$acc = empty_account();
80
-	$res = mysql_fetch_assoc($result);
80
+	$res = $result->fetch();
81 81
 	foreach ($res AS $key => $value) {
82 82
 	  if ($key == 'forwards')
83 83
 	    continue;
... ...
@@ -85,13 +85,13 @@ function get_account_details($id, $checkuid = true)
85 85
 	}
86 86
 	if ($acc['forwards'] > 0) {
87 87
 	  $result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};");
88
-	  while ($item = mysql_fetch_assoc($result)){
88
+	  while ($item = $result->fetch()){
89 89
 	    array_push($acc['forwards'], array("id" => $item['id'], 'spamfilter' => $item['spamfilter'], 'destination' => $item['destination']));
90 90
 	  }
91 91
 	}
92 92
   if ($acc['autoresponder'] > 0) {
93 93
     $result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}");
94
-    $item = mysql_fetch_assoc($result);
94
+    $item = $result->fetch();
95 95
     DEBUG($item);
96 96
     $acc['autoresponder'] = $item;
97 97
   } else {
... ...
@@ -108,7 +108,7 @@ function get_vmail_accounts()
108 108
 	$uid = (int) $_SESSION['userinfo']['uid'];
109 109
 	$result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC");
110 110
 	$ret = array();
111
-	while ($line = mysql_fetch_assoc($result))
111
+	while ($line = $result->fetch())
112 112
 	{
113 113
 		array_push($ret, $line);
114 114
 	}
... ...
@@ -122,10 +122,10 @@ function get_vmail_domains()
122 122
 {
123 123
 	$uid = (int) $_SESSION['userinfo']['uid'];
124 124
 	$result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname");
125
-	if (mysql_num_rows($result) == 0)
125
+	if ($result->rowCount() == 0)
126 126
 		system_failure('Sie haben keine Domains für virtuelle Mail-Verarbeitung');
127 127
 	$ret = array();
128
-	while ($tmp = mysql_fetch_assoc($result))
128
+	while ($tmp = $result->fetch())
129 129
 		array_push($ret, $tmp);
130 130
 	return $ret;
131 131
 }
... ...
@@ -133,7 +133,7 @@ function get_vmail_domains()
133 133
 
134 134
 function find_account_id($accname)
135 135
 {
136
-  $accname = mysql_real_escape_string($accname);
136
+  $accname = db_escape_string($accname);
137 137
   DEBUG($accname);
138 138
   $tmp = explode('@', $accname, 2);
139 139
   DEBUG($tmp);
... ...
@@ -142,9 +142,9 @@ function find_account_id($accname)
142 142
   list( $local, $domainname) = $tmp;
143 143
 
144 144
   $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1");
145
-  if (mysql_num_rows($result) == 0)
145
+  if ($result->rowCount() == 0)
146 146
     system_failure("Der Account konnte nicht gefunden werden");
147
-  $tmp = mysql_fetch_array($result);
147
+  $tmp = $result->fetch();
148 148
   return $tmp[0];
149 149
 }
150 150
 
... ...
@@ -152,7 +152,7 @@ function find_account_id($accname)
152 152
 function change_vmail_password($accname, $newpass)
153 153
 {
154 154
   $accid = find_account_id($accname);
155
-  $encpw = mysql_real_escape_string(encrypt_mail_password($newpass));
155
+  $encpw = db_escape_string(encrypt_mail_password($newpass));
156 156
   db_query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;");
157 157
 }
158 158
 
... ...
@@ -177,7 +177,7 @@ function get_max_mailboxquota($server, $oldquota) {
177 177
   $uid = (int) $_SESSION['userinfo']['uid'];
178 178
   $server = (int) $server;
179 179
   $result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'");
180
-  $item = mysql_fetch_assoc($result);
180
+  $item = $result->fetch();
181 181
   DEBUG("Free space: ".$item['free']." / Really: ".($item['free'] + ($oldquota - config('vmail_basequota'))));
182 182
   return $item['free'] + ($oldquota - config('vmail_basequota'));
183 183
 }
... ...
@@ -313,8 +313,8 @@ function save_vmail_account($account)
313 313
     $account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] );
314 314
   }
315 315
   
316
-  $account['local'] = mysql_real_escape_string(strtolower($account['local']));
317
-  $account['password'] = mysql_real_escape_string($account['password']);
316
+  $account['local'] = db_escape_string(strtolower($account['local']));
317
+  $account['password'] = db_escape_string($account['password']);
318 318
   $account['spamexpire'] = (int) $account['spamexpire'];
319 319
 
320 320
   $query = '';
... ...
@@ -341,14 +341,14 @@ function save_vmail_account($account)
341 341
     $ar = $account['autoresponder'];
342 342
     $valid_from = maybe_null($ar['valid_from']);
343 343
     $valid_until = maybe_null($ar['valid_until']);
344
-    $fromname = maybe_null( mysql_real_escape_string($ar['fromname']) );
344
+    $fromname = maybe_null( db_escape_string($ar['fromname']) );
345 345
     $fromaddr = NULL;
346 346
     if ($ar['fromaddr']) {
347
-      $fromaddr = mysql_real_escape_string(check_emailaddr($ar['fromaddr']));
347
+      $fromaddr = db_escape_string(check_emailaddr($ar['fromaddr']));
348 348
     }
349 349
     $fromaddr = maybe_null( $fromaddr );
350
-    $subject = maybe_null( mysql_real_escape_string($ar['subject']));
351
-    $message = mysql_real_escape_string($ar['message']);
350
+    $subject = maybe_null( db_escape_string($ar['subject']));
351
+    $message = db_escape_string($ar['message']);
352 352
     $quote = "'inline'";
353 353
     if ($ar['quote'] == 'attach')
354 354
       $quote = "'attach'";
... ...
@@ -417,7 +417,7 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können?
417 417
   if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
418 418
     $uid = (int) $_SESSION['userinfo']['uid'];
419 419
     $result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server");
420
-    while ($line = mysql_fetch_assoc($result)) {
420
+    while ($line = $result->fetch()) {
421 421
       if ($line['quota'] !== NULL) {
422 422
         db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')");
423 423
       }
... ...
@@ -447,7 +447,7 @@ function domainsettings($only_domain=NULL) {
447 447
   // Domains
448 448
   $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);");
449 449
 
450
-  while ($mydom = mysql_fetch_assoc($result)) {
450
+  while ($mydom = $result->fetch()) {
451 451
     if (! array_key_exists($mydom['id'], $domains)) {
452 452
       if ($mydom['v_id'])
453 453
         $mydom['mail'] = 'virtual';
... ...
@@ -463,7 +463,7 @@ function domainsettings($only_domain=NULL) {
463 463
 
464 464
   // Subdomains
465 465
   $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};");
466
-  while ($mydom = mysql_fetch_assoc($result)) {
466
+  while ($mydom = $result->fetch()) {
467 467
     if (! array_key_exists($mydom['id'], $subdomains))
468 468
       $subdomains[$mydom['id']] = array();
469 469
         
... ...
@@ -483,14 +483,14 @@ function domain_has_vmail_accounts($domid)
483 483
 {
484 484
   $domid = (int) $domid;
485 485
   $result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}");
486
-  return (mysql_num_rows($result) > 0);
486
+  return ($result->rowCount() > 0);
487 487
 }
488 488
 
489 489
 
490 490
 function change_domain($id, $type)
491 491
 {
492 492
   $id = (int) $id;
493
-  $type = mysql_real_escape_string($type);
493
+  $type = db_escape_string($type);
494 494
   if (domain_has_vmail_accounts($id))
495 495
     system_failure("Sie müssen zuerst alle E-Mail-Konten mit dieser Domain löschen, bevor Sie die Webinterface-Verwaltung für diese Domain abschalten können.");
496 496
   
... ...
@@ -21,7 +21,7 @@ function list_ftpusers()
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22 22
   $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
23 23
   $ftpusers = array();
24
-  while ($u = mysql_fetch_assoc($result)) {
24
+  while ($u = $result->fetch()) {
25 25
     $ftpusers[] = $u;
26 26
   }
27 27
   return $ftpusers;
... ...
@@ -40,9 +40,9 @@ function load_ftpuser($id)
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   $id = (int) $id;
42 42
   $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
43
-  if (mysql_num_rows($result) != 1)
43
+  if ($result->rowCount() != 1)
44 44
     system_failure("Fehler beim auslesen des Accounts");
45
-  $account = mysql_fetch_assoc($result);
45
+  $account = $result->fetch();
46 46
   DEBUG($account);
47 47
   return $account;
48 48
 }
... ...
@@ -117,11 +117,11 @@ function delete_ftpuser($id)
117 117
 
118 118
 function get_gid($groupname)
119 119
 {
120
-  $groupname = mysql_real_escape_string($groupname);
120
+  $groupname = db_escape_string($groupname);
121 121
   $result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
122
-  if (mysql_num_rows($result) != 1)
122
+  if ($result->rowCount() != 1)
123 123
     system_failure('cannot determine gid of ftpusers group');
124
-  $a = mysql_fetch_assoc($result);
124
+  $a = $result->fetch();
125 125
   $gid = (int) $a['gid'];
126 126
   if ($gid == 0)
127 127
     system_failure('error on determining gid of ftpusers group');
... ...
@@ -134,7 +134,7 @@ function have_regular_ftp()
134 134
   $gid = get_gid('ftpusers');
135 135
   $uid = (int) $_SESSION['userinfo']['uid'];
136 136
   $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
137
-  return (mysql_num_rows($result) > 0);
137
+  return ($result->rowCount() > 0);
138 138
 }
139 139
 
140 140
 
... ...
@@ -19,7 +19,7 @@ function whitelist_entries()
19 19
 	$uid = (int) $_SESSION['userinfo']['uid'];
20 20
 	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};");
21 21
 	$return = array();
22
-	while ($line = mysql_fetch_assoc($res))
22
+	while ($line = $res->fetch())
23 23
 		array_push($return, $line);
24 24
 	return $return;
25 25
 }
... ...
@@ -30,9 +30,9 @@ function get_whitelist_details($id)
30 30
 	$id = (int) $id;
31 31
 	$uid = (int) $_SESSION['userinfo']['uid'];
32 32
 	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};");
33
-	if (mysql_num_rows($res) != 1)
33
+	if ($res->rowCount() != 1)
34 34
 		system_failure('Kann diesen Eintrag nicht finden');
35
-	return mysql_fetch_assoc($res);
35
+	return $res->fetch();
36 36
 }
37 37
 
38 38
 
... ...
@@ -55,9 +55,9 @@ function valid_entry($local, $domain)
55 55
 			system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!');
56 56
 		return true;
57 57
 	}
58
-	$d = mysql_real_escape_string($domain);
58
+	$d = db_escape_string($domain);
59 59
 	$res = db_query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1");
60
-	if (mysql_num_rows($res) != 1)
60
+	if ($res->rowCount() != 1)
61 61
 		system_failure('Diese domain gehört Ihnen nicht!');
62 62
 	return true;
63 63
 }
... ...
@@ -68,7 +68,7 @@ function new_whitelist_entry($local, $domain, $minutes)
68 68
 	valid_entry($local, $domain);
69 69
 	$uid = (int) $_SESSION['userinfo']['uid'];
70 70
 	$local = maybe_null($local);
71
-	$domain = mysql_real_escape_string($domain);
71
+	$domain = db_escape_string($domain);
72 72
 	
73 73
 	$expire = '';
74 74
 	if ($minutes == 'none')
... ...
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('session/checkuser.php');
19 18
 
20 19
 function user_customer_match($cust, $user)
21 20
 {
22 21
   $customerno = (int) $cust;
23
-  $username = mysql_real_escape_string($user);
22
+  $username = db_escape_string($user);
24 23
   $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
25
-  if (mysql_num_rows($result) > 0)
24
+  if ($result->rowCount() > 0)
26 25
     return true;
27 26
   return false;
28 27
 }
... ...
@@ -32,9 +31,9 @@ function user_customer_match($cust, $user)
32 31
 function customer_has_email($customerno, $email)
33 32
 {
34 33
   $customerno = (int) $customerno;
35
-  $email = mysql_real_escape_string($email);
34
+  $email = db_escape_string($email);
36 35
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
37
-  return (mysql_num_rows($result) > 0);
36
+  return ($result->rowCount() > 0);
38 37
 }
39 38
 
40 39
 
... ...
@@ -42,21 +41,21 @@ function validate_token($customerno, $token)
42 41
 {
43 42
   expire_tokens();
44 43
   $customerno = (int) $customerno;
45
-  $token = mysql_real_escape_string($token);
44
+  $token = db_escape_string($token);
46 45
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
47
-  return (mysql_num_rows($result) > 0);
46
+  return ($result->rowCount() > 0);
48 47
 }
49 48
 
50 49
 
51 50
 function get_uid_for_token($token) 
52 51
 {
53 52
   expire_tokens();
54
-  $token = mysql_real_escape_string($token);
53
+  $token = db_escape_string($token);
55 54
   $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
56
-  if (mysql_num_rows($result) == 0) {
55
+  if ($result->rowCount() == 0) {
57 56
     return NULL;
58 57
   }
59
-  $data = mysql_fetch_assoc($result);
58
+  $data = $result->fetch();
60 59
   return $data['uid'];  
61 60
 }
62 61
 
... ...
@@ -64,10 +63,10 @@ function get_username_for_uid($uid)
64 63
 {
65 64
   $uid = (int) $uid;
66 65
   $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
67
-  if (mysql_num_rows($result) != 1) {
66
+  if ($result->rowCount() != 1) {
68 67
     system_failure("Unexpected number of users with this uid (!= 1)!");
69 68
   }
70
-  $item = mysql_fetch_assoc($result);
69
+  $item = $result->fetch();
71 70
   return $item['username'];
72 71
 }
73 72
 
... ...
@@ -75,9 +74,9 @@ function validate_uid_token($uid, $token)
75 74
 {
76 75
   expire_tokens();
77 76
   $uid = (int) $uid;
78
-  $token = mysql_real_escape_string($token);
77
+  $token = db_escape_string($token);
79 78
   $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
80
-  return (mysql_num_rows($result) > 0);
79
+  return ($result->rowCount() > 0);
81 80
 }
82 81
 
83 82
 
... ...
@@ -102,13 +101,13 @@ function invalidate_systemuser_token($uid)
102 101
  
103 102
 function create_token($username)
104 103
 {
105
-  $username = mysql_real_escape_string($username);
104
+  $username = db_escape_string($username);
106 105
   expire_tokens();
107 106
   $result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
108
-  $uid = (int) mysql_fetch_assoc($result)['uid'];
107
+  $uid = (int) $result->fetch()['uid'];
109 108
   
110 109
   $result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
111
-  if (mysql_num_rows($result) > 0) {
110
+  if ($result->rowCount() > 0) {
112 111
     system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
113 112
   }
114 113
   
... ...
@@ -120,9 +119,9 @@ function create_token($username)
120 119
 
121 120
 function emailaddress_for_user($username)
122 121
 {
123
-  $username = mysql_real_escape_string($username);
122
+  $username = db_escape_string($username);
124 123
   $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
125
-  $data = mysql_fetch_assoc($result);
124
+  $data = $result->fetch();
126 125
   return $data['email'];
127 126
 }
128 127
 
... ...
@@ -132,17 +131,17 @@ function get_customer_token($customerno)
132 131
   $customerno = (int) $customerno;
133 132
   expire_tokens();
134 133
   $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
135
-  if (mysql_num_rows($result) < 1)
134
+  if ($result->rowCount() < 1)
136 135
     system_failure("Kann das Token nicht auslesen!");
137
-  return mysql_fetch_object($result)->token;
136
+  return $result->fetch(PDO::FETCH_OBJ)->token;
138 137
 }
139 138
 
140 139
 
141 140
 function get_user_token($username) 
142 141
 {
143
-  $username = mysql_real_escape_string($username);
142
+  $username = db_escape_string($username);
144 143
   $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
145
-  $tmp = mysql_fetch_assoc($result);
144
+  $tmp = $result->fetch();
146 145
   return $tmp['token'];
147 146
 }
148 147
 
... ...
@@ -35,14 +35,14 @@ function do_ajax_cert_login() {
35 35
 
36 36
 function get_logins_by_cert($cert) 
37 37
 {
38
-	$cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
38
+	$cert = db_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
39 39
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
40 40
 	$result = db_query($query);
41
-	if (mysql_num_rows($result) < 1)
41
+	if ($result->rowCount() < 1)
42 42
 		return NULL;
43 43
 	else {
44 44
 		$ret = array();
45
-		while ($row = mysql_fetch_assoc($result)) {
45
+		while ($row = $result->fetch()) {
46 46
 			$ret[] = $row;
47 47
 		}
48 48
 		return $ret;
... ...
@@ -56,9 +56,9 @@ function get_cert_by_id($id)
56 56
 	  system_failure('no ID');
57 57
 	$query = "SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`='{$id}' LIMIT 1";
58 58
 	$result = db_query($query);
59
-	if (mysql_num_rows($result) < 1)
59
+	if ($result->rowCount() < 1)
60 60
 		return NULL;
61
-	$ret = mysql_fetch_assoc($result);
61
+	$ret = $result->fetch();
62 62
   DEBUG($ret);
63 63
   return $ret;
64 64
 }
... ...
@@ -66,14 +66,14 @@ function get_cert_by_id($id)
66 66
 
67 67
 function get_certs_by_username($username) 
68 68
 {
69
-	$username = mysql_real_escape_string($username);
69
+	$username = db_escape_string($username);
70 70
 	if ($username == '')
71 71
 	  system_failure('empty username');
72 72
 	$query = "SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`='{$username}'";
73 73
 	$result = db_query($query);
74
-	if (mysql_num_rows($result) < 1)
74
+	if ($result->rowCount() < 1)
75 75
 		return NULL;
76
-	while ($row = mysql_fetch_assoc($result)) {
76
+	while ($row = $result->fetch()) {
77 77
 	  $ret[] = $row;
78 78
 	}
79 79
 	return $ret;
... ...
@@ -86,24 +86,24 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='')
86 86
   $username = NULL;
87 87
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
88 88
     $type = 'user';
89
-    $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
89
+    $username = db_escape_string($_SESSION['userinfo']['username']);
90 90
     if (isset($_SESSION['subuser'])) {
91
-      $username = mysql_real_escape_string($_SESSION['subuser']);
91
+      $username = db_escape_string($_SESSION['subuser']);
92 92
       $type = 'subuser';
93 93
     }
94 94
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
95 95
     $type = 'email';
96
-    $username = mysql_real_escape_string($_SESSION['mailaccount']);
96
+    $username = db_escape_string($_SESSION['mailaccount']);
97 97
   }
98 98
   if (! $type || ! $username) {
99 99
     system_failure('cannot get type or username of login');
100 100
   }
101
-  $certdata = mysql_real_escape_string($certdata);
102
-  $dn = maybe_null(mysql_real_escape_string($dn));
103
-  $issuer = maybe_null(mysql_real_escape_string($issuer));
101
+  $certdata = db_escape_string($certdata);
102
+  $dn = maybe_null(db_escape_string($dn));
103
+  $issuer = maybe_null(db_escape_string($issuer));
104 104
   if ($startpage &&  ! check_path($startpage))
105 105
     system_failure('Startseite kaputt');
106
-  $startpage = maybe_null(mysql_real_escape_string($startpage));
106
+  $startpage = maybe_null(db_escape_string($startpage));
107 107
 
108 108
   if ($certdata == '')
109 109
     system_failure('Kein Zertifikat');
... ...
@@ -124,14 +124,14 @@ function delete_clientcert($id)
124 124
   $username = NULL;
125 125
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
126 126
     $type = 'user';
127
-    $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
127
+    $username = db_escape_string($_SESSION['userinfo']['username']);
128 128
     if (isset($_SESSION['subuser'])) {
129
-      $username = mysql_real_escape_string($_SESSION['subuser']);
129
+      $username = db_escape_string($_SESSION['subuser']);
130 130
       $type = 'subuser';
131 131
     }
132 132
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
133 133
     $type = 'email';
134
-    $username = mysql_real_escape_string($_SESSION['mailaccount']);
134
+    $username = db_escape_string($_SESSION['mailaccount']);
135 135
   }
136 136
   if (! $type || ! $username) {
137 137
     system_failure('cannot get type or username of login');
... ...
@@ -25,7 +25,7 @@ function my_invoices()
25 25
   $c = (int) $_SESSION['customerinfo']['customerno'];
26 26
   $result = db_query("SELECT id,datum,betrag,bezahlt,abbuchung,sepamandat FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC");
27 27
   $ret = array();
28
-  while($line = mysql_fetch_assoc($result))
28
+  while($line = $result->fetch())
29 29
   	array_push($ret, $line);
30 30
   return $ret;
31 31
 }
... ...
@@ -36,9 +36,9 @@ function get_pdf($id)
36 36
   $c = (int) $_SESSION['customerinfo']['customerno'];
37 37
   $id = (int) $id;
38 38
   $result = db_query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
39
-  if (mysql_num_rows($result) == 0)
39
+  if ($result->rowCount() == 0)
40 40
 	  system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
41
-  return mysql_fetch_object($result)->pdfdata;
41
+  return $result->fetch(PDO::FETCH_OBJ)->pdfdata;
42 42
 
43 43
 }
44 44
 
... ...
@@ -48,9 +48,9 @@ function invoice_details($id)
48 48
   $c = (int) $_SESSION['customerinfo']['customerno'];
49 49
   $id = (int) $id;
50 50
   $result = db_query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
51
-  if (mysql_num_rows($result) == 0)
51
+  if ($result->rowCount() == 0)
52 52
   	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
53
-  return mysql_fetch_assoc($result);
53
+  return $result->fetch();
54 54
 }
55 55
 
56 56
 function invoice_items($id)
... ...
@@ -58,10 +58,10 @@ function invoice_items($id)
58 58
   $c = (int) $_SESSION['customerinfo']['customerno'];
59 59
   $id = (int) $id;
60 60
   $result = db_query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}");
61
-  if (mysql_num_rows($result) == 0)
61
+  if ($result->rowCount() == 0)
62 62
   	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
63 63
   $ret = array();
64
-  while($line = mysql_fetch_assoc($result))
64
+  while($line = $result->fetch())
65 65
   array_push($ret, $line);
66 66
   return $ret;
67 67
 }
... ...
@@ -72,7 +72,7 @@ function upcoming_items()
72 72
   $c = (int) $_SESSION['customerinfo']['customerno'];
73 73
   $result = db_query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC");
74 74
   $ret = array();
75
-  while($line = mysql_fetch_assoc($result))
75
+  while($line = $result->fetch())
76 76
 	  array_push($ret, $line);
77 77
   return $ret;
78 78
 }
... ...
@@ -166,19 +166,19 @@ function generate_bezahlcode_image($id)
166 166
 function get_lastschrift($rechnungsnummer) {
167 167
   $rechnungsnummer = (int) $rechnungsnummer;
168 168
   $result = db_query("SELECT rechnungsnummer, rechnungsdatum, sl.betrag, buchungsdatum FROM kundendaten.sepalastschrift sl LEFT JOIN kundendaten.ausgestellte_rechnungen re ON (re.id=sl.rechnungsnummer) WHERE rechnungsnummer='${rechnungsnummer}' AND re.abbuchung=1");
169
-  if (mysql_num_rows($result) == 0) {
169
+  if ($result->rowCount() == 0) {
170 170
     return NULL;
171 171
   }
172
-  $item = mysql_fetch_assoc($result);
172
+  $item = $result->fetch();
173 173
   return $item;
174 174
 }
175 175
 
176 176
 function get_lastschriften($mandatsreferenz)
177 177
 {
178
-  $mandatsreferenz = mysql_real_escape_string($mandatsreferenz);
178
+  $mandatsreferenz = db_escape_string($mandatsreferenz);
179 179
   $result = db_query("SELECT rechnungsnummer, rechnungsdatum, betrag, buchungsdatum FROM kundendaten.sepalastschrift WHERE mandatsreferenz='${mandatsreferenz}' ORDER BY buchungsdatum DESC");
180 180
   $ret = array();
181
-  while ($item = mysql_fetch_assoc($result)) {
181
+  while ($item = $result->fetch()) {
182 182
     $ret[] = $item;
183 183
   }
184 184
   return $ret;
... ...
@@ -189,7 +189,7 @@ function get_sepamandate()
189 189
   $cid = (int) $_SESSION['customerinfo']['customerno'];
190 190
   $result = db_query("SELECT id, mandatsreferenz, glaeubiger_id, erteilt, medium, gueltig_ab, gueltig_bis, erstlastschrift, kontoinhaber, adresse, iban, bic, bankname FROM kundendaten.sepamandat WHERE kunde={$cid}");
191 191
   $ret = array();
192
-  while ($entry = mysql_fetch_assoc($result)) {
192
+  while ($entry = $result->fetch()) {
193 193
     array_push($ret, $entry);
194 194
   }
195 195
   return $ret;
... ...
@@ -198,9 +198,9 @@ function get_sepamandate()
198 198
 
199 199
 function yesterday($date) 
200 200
 {
201
-  $date = mysql_real_escape_string($date);
201
+  $date = db_escape_string($date);
202 202
   $result = db_query("SELECT '{$date}' - INTERVAL 1 DAY");
203
-  return mysql_fetch_array($result)[0];
203
+  return $result->fetch()[0];
204 204
 }
205 205
 
206 206
 
... ...
@@ -208,7 +208,7 @@ function invalidate_sepamandat($id, $date)
208 208
 {
209 209
   $cid = (int) $_SESSION['customerinfo']['customerno'];
210 210
   $id = (int) $id;
211
-  $date = mysql_real_escape_string($date);
211
+  $date = db_escape_string($date);
212 212
   db_query("UPDATE kundendaten.sepamandat SET gueltig_bis='{$date}' WHERE id={$id} AND kunde={$cid}");
213 213
 }
214 214
 
... ...
@@ -216,12 +216,12 @@ function invalidate_sepamandat($id, $date)
216 216
 function sepamandat($name, $adresse, $iban, $bankname, $bic, $gueltig_ab)
217 217
 {
218 218
   $cid = (int) $_SESSION['customerinfo']['customerno'];
219
-  $name = mysql_real_escape_string($name);
220
-  $adresse = mysql_real_escape_string($adresse);
221
-  $iban = mysql_real_escape_string($iban);
222
-  $bankname = mysql_real_escape_string($bankname);
223
-  $bic = mysql_real_escape_string($bic);
224
-  $gueltig_ab = mysql_real_escape_string($gueltig_ab);
219
+  $name = db_escape_string($name);
220
+  $adresse = db_escape_string($adresse);
221
+  $iban = db_escape_string($iban);
222
+  $bankname = db_escape_string($bankname);
223
+  $bic = db_escape_string($bic);
224
+  $gueltig_ab = db_escape_string($gueltig_ab);
225 225
 
226 226
   $first_date = date('Y-m-d');
227 227
   $invoices = my_invoices();
... ...
@@ -22,7 +22,7 @@ require_once('invoice.php');
22 22
 $kundenname = $_SESSION['customerinfo']['name'];
23 23
 $id = (int) $_SESSION['customerinfo']['customerno'];
24 24
 $result = db_query("SELECT CONCAT(adresse, '\\\\n', plz, ' ', ort) AS adresse FROM kundendaten.kunden WHERE id={$id}");
25
-$r = mysql_fetch_assoc($result);
25
+$r = $result->fetch();
26 26
 
27 27
 header("Content-Type: text/javascript");
28 28
 echo ' { "kundenname": "'.$kundenname.'", "adresse": "'.$r["adresse"].'" } ';
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once("inc/debug.php");
18
-require_once("inc/db_connect.php");
19 18
 require_once("inc/security.php");
20 19
 
21 20
 require_once('class/domain.php');
... ...
@@ -25,8 +24,8 @@ function get_jabber_accounts() {
25 24
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
26 25
   $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
27 26
   $accounts = array();
28
-  if (@mysql_num_rows($result) > 0)
29
-    while ($acc = @mysql_fetch_assoc($result))
27