Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on01/02/2014 18:38:23
Showing39 changed files
... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = db_escape_string(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44 44
 	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
45
+	if ($result->rowCount() < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
... ...
@@ -39,14 +39,14 @@ function prepare_cert($cert)
39 39
 
40 40
 function get_logins_by_cert($cert) 
41 41
 {
42
-	$cert = mysql_real_escape_string(prepare_cert($cert));
42
+	$cert = db_escape_string(prepare_cert($cert));
43 43
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
44 44
 	$result = db_query($query);
45
-	if (mysql_num_rows($result) < 1)
45
+	if ($result->rowCount() < 1)
46 46
 		return NULL;
47 47
 	else {
48 48
 		$ret = array();
49
-		while ($row = mysql_fetch_assoc($result)) {
49
+		while ($row = $result->fetch()) {
50 50
 			$ret[] = $row;
51 51
 		}
52 52
 		return $ret;
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
21 20
new file mode 100644
... ...
@@ -0,0 +1,119 @@
1
+<?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+
17
+require_once('inc/base.php');
18
+require_once('inc/error.php');
19
+require_once('inc/debug.php');
20
+
21
+
22
+class DB extends PDO {
23
+  function __construct() {
24
+    $dsn = "mysql:host=".config('db_host');
25
+    if (config('db_port', true)) {
26
+      $dsn .= ';port='.config('db_port', true);
27
+    }
28
+    $username = config('db_user', true);
29
+    $password = config('db_pass', true);
30
+    parent::__construct($dsn, $username, $password);
31
+  }
32
+
33
+
34
+  /*
35
+    Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen
36
+  */
37
+  function query($stmt, $params = NULL) {
38
+    if (is_array($params)) {
39
+      $response = parent::prepare($stmt);
40
+      $response->execute($params);
41
+      return $response;
42
+    } else {
43
+      return parent::query($stmt);
44
+    }
45
+  }
46
+}
47
+
48
+
49
+/* FIXME 
50
+   Das ist etwas unelegant. Soll nur übergangsweise verwendet werden bis alles auf prepared statements umgestellt ist
51
+*/
52
+function db_escape_string($string)
53
+{
54
+  global $db;
55
+  __ensure_connected();
56
+  $quoted = $db->quote($string);
57
+  // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string()
58
+  $ret = substr($quoted, 1, -1);
59
+  return $ret;
60
+}
61
+
62
+
63
+function db_insert_id()
64
+{
65
+  global $db;
66
+  __ensure_connected();
67
+  return $db->lastInsertId();
68
+}
69
+
70
+
71
+function __ensure_connected()
72
+{
73
+  /*
74
+    Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton
75
+    aber es hilft uns in unserem prozeduralen Kontext
76
+  */
77
+  global $db;
78
+  if (! isset($db)) {
79
+    try {
80
+      DEBUG("Neue Datenbankverbindung!");
81
+      $db = new DB();
82
+      $db->query("SET NAMES utf8");
83
+      $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
84
+      $db->setAttribute(PDO::ATTR_AUTOCOMMIT, true);
85
+    } catch (PDOException $e) {
86
+      global $debugmode;
87
+      if ($debugmode) {
88
+        system_failure("MySQL-Fehler: ".$e->getMessage());
89
+      } else {
90
+        system_failure("Fehler bei der Datenbankverbindung!");
91
+      }
92
+    }
93
+  }
94
+}
95
+
96
+
97
+function db_query($stmt, $params = NULL)
98
+{
99
+  global $db;
100
+  __ensure_connected();
101
+  DEBUG($stmt);
102
+  if ($params) {
103
+    DEBUG($params);
104
+  }
105
+  try {
106
+    $result = $db->query($stmt, $params);
107
+    DEBUG('=> '.$result->rowCount().' rows');
108
+  } catch (PDOException $e) {
109
+    global $debugmode;
110
+    if ($debugmode) {
111
+      system_failure("MySQL-Fehler: ".$e->getMessage());
112
+    } else {
113
+      system_failure("Datenbankfehler");
114
+    }
115
+  }
116
+  return $result;
117
+}
118
+
119
+
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
... ...
@@ -42,7 +41,7 @@ class Domain extends KeksData
42 41
 
43 42
   function loadByName($name)
44 43
   {
45
-    $name = mysql_real_escape_string($name);
44
+    $name = db_escape_string($name);
46 45
     $res = $this->getData("*", "CONCAT_WS('.', domainname, tld)='{$name}' LIMIT 1");
47 46
     if (count($res) < 1)
48 47
       return false;
... ...
@@ -112,9 +111,9 @@ function get_domain_list($customerno, $uid = NULL)
112 111
   $query .= " ORDER BY domainname,tld";
113 112
   $result = db_query($query);
114 113
   $domains = array();
115
-  DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n");
116
-  if (mysql_num_rows($result) > 0)
117
-    while ($domain = mysql_fetch_object($result))
114
+  DEBUG('Result set is '.$result->rowCount()." rows.<br />\n");
115
+  if ($result->rowCount() > 0)
116
+    while ($domain = $result->fetch(PDO::FETCH_OBJ))
118 117
       array_push($domains, new Domain((int) $domain->id));
119 118
   DEBUG($domains);
120 119
 	return $domains;	
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('inc/base.php');
19 18
 require_once('inc/debug.php');
20 19
 
... ...
@@ -57,7 +56,7 @@ abstract class KeksData
57 56
   {
58 57
     $fields = array();
59 58
     $res = db_query("DESCRIBE {$this->default_table}");
60
-    while ($f = mysql_fetch_object($res))
59
+    while ($f = $res->fetch(PDO::FETCH_OBJ))
61 60
     {
62 61
       $fields[$f->Field] = $f->Default;
63 62
     }
... ...
@@ -80,7 +79,7 @@ abstract class KeksData
80 79
     
81 80
     $res = db_query("SELECT {$fields} FROM {$table} {$where}");
82 81
     $return = array();
83
-    while ($arr = mysql_fetch_assoc($res))
82
+    while ($arr = $res->fetch())
84 83
       array_push($return, $arr);
85 84
     return $return;
86 85
   }
... ...
@@ -102,7 +101,7 @@ abstract class KeksData
102 101
     $upd = array();
103 102
     foreach ($this->changes as $key => $value)
104 103
     {
105
-      $value = mysql_real_escape_string($value);
104
+      $value = db_escape_string($value);
106 105
       array_push($upd, "`{$key}`='{$value}'");
107 106
     }
108 107
     db_query("UPDATE {$this->default_table} SET ".implode(', ', $upd)." WHERE id={$this->data['id']};");
... ...
@@ -17,7 +17,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 
18 18
 require_once('config.php');
19 19
 require_once('inc/debug.php');
20
-require_once('inc/db_connect.php');
21 20
 require_once("inc/base.php");
22 21
 require_once("inc/theme.php");
23 22
 
... ...
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('class/database.php');
18 18
 require_once('inc/debug.php');
19 19
 
20 20
 function config($key)
... ...
@@ -36,9 +36,9 @@ function config($key)
36 36
     return $config[$key];
37 37
   
38 38
   /* read configuration from database */
39
-  $options = db_query( "SELECT `key`, value FROM misc.config" );
39
+  $result = db_query( "SELECT `key`, value FROM misc.config" );
40 40
   
41
-  while( $object = mysql_fetch_assoc( $options ) ) {
41
+  while( $object = $result->fetch() ) {
42 42
     if (!array_key_exists($object['key'], $config)) {
43 43
 	    $config[$object['key']]=$object['value'];
44 44
     }
... ...
@@ -56,8 +56,9 @@ function config($key)
56 56
 
57 57
 function get_server_by_id($id) {
58 58
   $id = (int) $id;
59
-  $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'"));
60
-  return $result['hostname'];
59
+  $result = db_query("SELECT hostname FROM system.servers WHERE id='{$id}'");
60
+  $ret = $result->fetch();
61
+  return $ret['hostname'];
61 62
 }
62 63
 
63 64
 
... ...
@@ -74,7 +75,7 @@ function my_server_id()
74 75
 {
75 76
   $uid = (int) $_SESSION['userinfo']['uid'];
76 77
   $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
77
-  $r = mysql_fetch_assoc($result);
78
+  $r = $result->fetch();
78 79
   DEBUG($r);
79 80
   return $r['server'];
80 81
 }
... ...
@@ -85,7 +86,7 @@ function additional_servers()
85 86
   $uid = (int) $_SESSION['userinfo']['uid'];
86 87
   $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}");
87 88
   $servers = array();
88
-  while ($s = mysql_fetch_assoc($result))
89
+  while ($s = $result->fetch())
89 90
     $servers[] = $s['server'];
90 91
   DEBUG($servers);
91 92
   return $servers;
... ...
@@ -96,43 +97,27 @@ function server_names()
96 97
 {
97 98
   $result = db_query("SELECT id, hostname FROM system.servers");
98 99
   $servers = array();
99
-  while ($s = mysql_fetch_assoc($result))
100
+  while ($s = $result->fetch())
100 101
     $servers[$s['id']] = $s['hostname'];
101 102
   DEBUG($servers);
102 103
   return $servers;
103 104
 }
104 105
 
105 106
 
106
-function db_query($query)
107
-{
108
-  DEBUG($query);
109
-  $result = @mysql_query($query);
110
-  if (mysql_error())
111
-  {
112
-    $error = mysql_error();
113
-    logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}");
114
-    system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.');
115
-  }
116
-  $count = @mysql_num_rows($result);
117
-  if (! $count)
118
-    $count = 'no';
119
-  DEBUG("=> {$count} rows");
120
-  return $result; 
121
-}
122
-
123
-
124
-
107
+// FIXME
108
+// Diese Funktion funktioniert nicht für preprared statements
125 109
 function maybe_null($value)
126 110
 {
127 111
   if ($value == NULL)
128 112
     return 'NULL';
129 113
 
130 114
   if (strlen( (string) $value ) > 0)
131
-    return "'".mysql_real_escape_string($value)."'";
115
+    return "'".db_escape_string($value)."'";
132 116
   else
133 117
     return 'NULL';
134 118
 }
135 119
 
120
+
136 121
 #define('LOG_ERR', 3);
137 122
 #define('LOG_WARNING', 4);
138 123
 #define('LOG_INFO', 6);
... ...
@@ -148,11 +133,11 @@ function logger($severity, $scriptname, $scope, $message)
148 133
   elseif ($_SESSION['role'] & ROLE_CUSTOMER)
149 134
     $user = "'{$_SESSION['customerinfo']['customerno']}'";
150 135
   
151
-  $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
136
+  $remote = db_escape_string($_SERVER['REMOTE_ADDR']);
152 137
 
153
-  $scriptname = mysql_real_escape_string($scriptname);
154
-  $scope = mysql_real_escape_string($scope);
155
-  $message = mysql_real_escape_string($message);
138
+  $scriptname = db_escape_string($scriptname);
139
+  $scope = db_escape_string($scope);
140
+  $message = db_escape_string($message);
156 141
 
157 142
   db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
158 143
 }
159 144
deleted file mode 100644
... ...
@@ -1,33 +0,0 @@
1
-<?php
2
-/*
3
-This file belongs to the Webinterface of schokokeks.org Hosting
4
-
5
-Written 2008-2013 by schokokeks.org Hosting, namely
6
-  Bernd Wurst <bernd@schokokeks.org>
7
-  Hanno Böck <hanno@schokokeks.org>
8
-
9
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
-
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
-http://creativecommons.org/publicdomain/zero/1.0/
13
-
14
-Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
-*/
16
-
17
-require_once('inc/error.php');
18
-
19
-include("config.php");
20
-global $config;
21
-
22
-$host = $config['db_host'];
23
-if ($config['db_port']) {
24
-  $host .= ":".$config['db_port'];
25
-}
26
-
27
-if (!@mysql_connect($host, $config['db_user'], $config['db_pass']))
28
-	die('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.');
29
-	
30
-if (!@mysql_query('SET NAMES utf8'))
31
-	die('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!');
32
-
33
-?>
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 require_once('inc/error.php');
... ...
@@ -38,14 +37,14 @@ function get_domain_offer($domainname)
38 37
   $data = array("domainname" => $domainname, "basename" => $basename, "tld" => $tld);
39 38
 
40 39
   $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise_kunde WHERE kunde={$cid} AND tld='{$tld}' AND ruecksprache='N'");
41
-  if (mysql_num_rows($result) != 1) {
40
+  if ($result->rowCount() != 1) {
42 41
     $result = db_query("SELECT tld, gebuehr, setup FROM misc.domainpreise WHERE tld='{$tld}' AND ruecksprache='N'");
43 42
   }
44
-  if (mysql_num_rows($result) != 1) {
43
+  if ($result->rowCount() != 1) {
45 44
     warning('Die Endung »'.$tld.'« steht zur automatischen Eintragung nicht zur Verfügung.');
46 45
     return;
47 46
   }
48
-  $temp = mysql_fetch_assoc($result);
47
+  $temp = $result->fetch();
49 48
   $data["gebuehr"] = $temp["gebuehr"];
50 49
   $data["setup"] = ($temp["setup"] ? $temp["setup"] : 0.0);
51 50
   
... ...
@@ -93,7 +92,7 @@ function list_useraccounts()
93 92
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
94 93
   $result = db_query("SELECT uid,username,name FROM system.useraccounts WHERE kunde={$customerno}");
95 94
   $ret = array();
96
-  while ($item = mysql_fetch_assoc($result))
95
+  while ($item = $result->fetch())
97 96
   {
98 97
     $ret[] = $item;
99 98
   }
... ...
@@ -19,7 +19,7 @@ require_once('inc/base.php');
19 19
 
20 20
 function find_customers($string) 
21 21
 {
22
-  $string = mysql_real_escape_string(chop($string));
22
+  $string = db_escape_string(chop($string));
23 23
   $return = array();
24 24
   $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN kundendaten.kundenkontakt AS kk ".
25 25
                      "ON (kk.kundennr = k.id) LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
... ...
@@ -30,7 +30,7 @@ function find_customers($string)
30 30
                      "notizen LIKE '%{$string}%' OR kk.name LIKE '%{$string}%' OR ".
31 31
                      "kk.wert LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
32 32
                      "u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
33
-  while ($entry = mysql_fetch_assoc($result))
33
+  while ($entry = $result->fetch())
34 34
     $return[] = $entry['id'];
35 35
 
36 36
   return $return;
... ...
@@ -43,7 +43,7 @@ function find_users_for_customer($id)
43 43
   $return = array();
44 44
   $result = db_query("SELECT uid, username FROM system.useraccounts WHERE ".
45 45
                      "kunde='{$id}';");
46
-  while ($entry = mysql_fetch_assoc($result))
46
+  while ($entry = $result->fetch())
47 47
     $return[$entry['uid']] = $entry['username'];
48 48
 
49 49
   return $return;
... ...
@@ -56,7 +56,7 @@ function hosting_contracts($cid)
56 56
   $cid = (int) $cid;
57 57
   $result = db_query("SELECT u.username, werber, beschreibung, betrag, brutto, monate, anzahl, startdatum, startdatum + INTERVAL laufzeit MONTH - INTERVAL 1 DAY AS mindestlaufzeit, kuendigungsdatum, gesperrt, notizen FROM kundendaten.hosting AS h LEFT JOIN system.useraccounts AS u ON (h.hauptuser=u.uid) WHERE h.kunde=".$cid);
58 58
   $ret = array();
59
-  while ($x = mysql_fetch_assoc($result))
59
+  while ($x = $result->fetch())
60 60
     array_push($ret, $x);
61 61
   DEBUG($ret);
62 62
 
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 require_once('inc/error.php');
... ...
@@ -28,7 +27,7 @@ function get_dyndns_accounts()
28 27
   $uid = (int) $_SESSION['userinfo']['uid'];
29 28
   $result = db_query("SELECT * FROM dns.dyndns WHERE uid={$uid}");
30 29
   $list = array();
31
-  while ($item = mysql_fetch_assoc($result)) {
30
+  while ($item = $result->fetch()) {
32 31
     array_push($list, $item);
33 32
   }
34 33
   DEBUG($list);
... ...
@@ -41,11 +40,11 @@ function get_dyndns_account($id)
41 40
   $id = (int) $id;
42 41
   $uid = (int) $_SESSION['userinfo']['uid'];
43 42
   $result = db_query("SELECT * FROM dns.dyndns WHERE id={$id} AND uid={$uid}");
44
-  if (mysql_num_rows($result) != 1) {
43
+  if ($result->rowCount() != 1) {
45 44
     logger(LOG_WARNING, "modules/dns/include/dnsinclude", "dyndns", "account »{$id}« invalid for uid »{$uid}«.");
46 45
     system_failure("Account ungültig");
47 46
   }
48
-  $item = mysql_fetch_assoc($result);
47
+  $item = $result->fetch();
49 48
   DEBUG($item);
50 49
   return $item;
51 50
 }
... ...
@@ -58,8 +57,8 @@ function create_dyndns_account($handle, $password_http, $sshkey)
58 57
   if ($password_http == '' && $sshkey == '')
59 58
     system_failure('Sie müssen entweder einen SSH-Key oder ein Passwort zum Web-Update eingeben.');  
60 59
 
61
-  $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle)));
62
-  $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey)));
60
+  $handle = maybe_null(db_escape_string(filter_input_username($handle)));
61
+  $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey)));
63 62
 
64 63
   $pwhash = 'NULL';
65 64
   if ($password_http)
... ...
@@ -73,8 +72,8 @@ function create_dyndns_account($handle, $password_http, $sshkey)
73 72
 function edit_dyndns_account($id, $handle, $password_http, $sshkey)
74 73
 {
75 74
   $id = (int) $id;
76
-  $handle = maybe_null(mysql_real_escape_string(filter_input_username($handle)));
77
-  $sshkey = maybe_null(mysql_real_escape_string(filter_input_general($sshkey)));
75
+  $handle = maybe_null(db_escape_string(filter_input_username($handle)));
76
+  $sshkey = maybe_null(db_escape_string(filter_input_general($sshkey)));
78 77
 
79 78
   $pwhash = 'NULL';
80 79
   if ($password_http)
... ...
@@ -104,7 +103,7 @@ function get_dyndns_records($id)
104 103
   $id = (int) $id;
105 104
   $result = db_query("SELECT hostname, domain, type, ttl, lastchange, id FROM dns.custom_records WHERE dyndns={$id}");
106 105
   $data = array();
107
-  while ($entry = mysql_fetch_assoc($result)) {
106
+  while ($entry = $result->fetch()) {
108 107
     $dom = new Domain((int) $entry['domain']);
109 108
     $dom->ensure_userdomain();
110 109
     $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
... ...
@@ -144,9 +143,9 @@ function get_dns_record($id)
144 143
 {
145 144
   $id = (int) $id;
146 145
   $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl FROM dns.custom_records WHERE id={$id}");
147
-  if (mysql_num_rows($result) != 1)
146
+  if ($result->rowCount() != 1)
148 147
     system_failure('illegal ID');
149
-  $data = mysql_fetch_assoc($result);
148
+  $data = $result->fetch();
150 149
   $dom = new Domain( (int) $data['domain']);
151 150
   $dom->ensure_userdomain();
152 151
   DEBUG($data);
... ...
@@ -159,7 +158,7 @@ function get_domain_records($dom)
159 158
   $dom = (int) $dom;
160 159
   $result = db_query("SELECT hostname, domain, type, ip, dyndns, spec, data, ttl, id FROM dns.custom_records WHERE domain={$dom}");
161 160
   $data = array();
162
-  while ($entry = mysql_fetch_assoc($result)) {
161
+  while ($entry = $result->fetch()) {
163 162
     $dom = new Domain((int) $entry['domain']);
164 163
     $dom->ensure_userdomain();
165 164
     $entry['fqdn'] = $entry['hostname'].'.'.$dom->fqdn;
... ...
@@ -173,11 +172,11 @@ function get_domain_records($dom)
173 172
 
174 173
 function get_domain_auto_records($domainname)
175 174
 {
176
-  $domainname = mysql_real_escape_string($domainname);
175
+  $domainname = db_escape_string($domainname);
177 176
   //$result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, TRIM(ttl) FROM dns.v_autogenerated_records WHERE domain='{$domainname}'");
178 177
   $result = db_query("SELECT hostname, domain, CONCAT_WS('.', hostname, domain) AS fqdn, type, ip, spec, data, ttl FROM dns.tmp_autorecords WHERE domain='{$domainname}'");
179 178
   $data = array();
180
-  while ($entry = mysql_fetch_assoc($result)) {
179
+  while ($entry = $result->fetch()) {
181 180
     array_push($data, $entry);
182 181
   }
183 182
   DEBUG($data);
... ...
@@ -329,7 +328,7 @@ function domain_is_maildomain($domain)
329 328
 {
330 329
   $domain = (int) $domain;
331 330
   $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
332
-  $dom = mysql_fetch_assoc($result);
331
+  $dom = $result->fetch();
333 332
   return ($dom['mail'] != 'none');
334 333
 }
335 334
 
... ...
@@ -27,7 +27,7 @@ function mailman_subdomains($domain)
27 27
   $domain = (int) $domain;
28 28
   $result = db_query("SELECT id, hostname FROM mail.mailman_domains WHERE domain={$domain}");
29 29
   $ret = array();
30
-  while ($line = mysql_fetch_assoc($result))
30
+  while ($line = $result->fetch())
31 31
   {
32 32
     $ret[] = $line;
33 33
   }
... ...
@@ -40,7 +40,7 @@ function dns_in_use($domain)
40 40
     return false;
41 41
   $domain = (int) $domain;
42 42
   $result = db_query("SELECT id FROM dns.custom_records WHERE domain={$domain}");
43
-  return (mysql_num_rows($result) > 0);
43
+  return ($result->rowCount() > 0);
44 44
 }
45 45
 
46 46
 
... ...
@@ -52,16 +52,16 @@ function mail_in_use($domain)
52 52
   }
53 53
   $domain = (int) $domain;
54 54
   $result = db_query("SELECT mail FROM kundendaten.domains WHERE id={$domain}");
55
-  if (mysql_num_rows($result) < 1)
55
+  if ($result->rowCount() < 1)
56 56
     system_failure("Domain not found");
57
-  $d = mysql_fetch_assoc($result);
57
+  $d = $result->fetch();
58 58
   if ($d['mail'] == 'none')
59 59
     return false; // manually disabled
60 60
   $result = db_query("SELECT id FROM mail.virtual_mail_domains WHERE domain={$domain}");
61
-  if (mysql_num_rows($result) < 1)
61
+  if ($result->rowCount() < 1)
62 62
     return true; // .courier
63 63
   $result = db_query("SELECT acc.id FROM mail.vmail_accounts acc LEFT JOIN mail.virtual_mail_domains dom ON (acc.domain=dom.id) WHERE dom.domain={$domain}");
64
-  return (mysql_num_rows($result) > 0);
64
+  return ($result->rowCount() > 0);
65 65
 }
66 66
 
67 67
 function web_in_use($domain)
... ...
@@ -72,12 +72,12 @@ function web_in_use($domain)
72 72
   $domain = (int) $domain;
73 73
 
74 74
   $result = db_query("SELECT id FROM kundendaten.domains WHERE id={$domain} AND webserver=1");
75
-  if (mysql_num_rows($result) < 1)
75
+  if ($result->rowCount() < 1)
76 76
     return false;
77 77
 
78 78
   $result = db_query("SELECT id FROM vhosts.vhost WHERE domain={$domain}");
79 79
   $result2 = db_query("SELECT id FROM vhosts.alias WHERE domain={$domain}");
80
-  return (mysql_num_rows($result) > 0 || mysql_num_rows($result2) > 0);
80
+  return ($result->rowCount() > 0 || $result2->rowCount() > 0);
81 81
 }
82 82
 
83 83
 
... ...
@@ -20,8 +20,8 @@ function user_has_accounts()
20 20
 {
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22 22
   $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid");
23
-  DEBUG(mysql_num_rows($result)." accounts");
24
-  return (mysql_num_rows($result) > 0);
23
+  DEBUG($result->rowCount()." accounts");
24
+  return ($result->rowCount() > 0);
25 25
 }
26 26
 
27 27
 if (! function_exists("user_has_vmail_domain"))
... ...
@@ -34,7 +34,7 @@ if (! function_exists("user_has_vmail_domain"))
34 34
         }
35 35
         $uid = (int) $_SESSION['userinfo']['uid'];
36 36
         $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
37
-        $row = mysql_fetch_array($result);
37
+        $row = $result->fetch();
38 38
         $count = $row[0];
39 39
         DEBUG("User has {$count} vmail-domains");
40 40
         return ( (int) $count > 0 );
... ...
@@ -24,7 +24,7 @@ if (! function_exists("user_has_vmail_domain"))
24 24
 	}
25 25
 	$uid = (int) $_SESSION['userinfo']['uid'];
26 26
 	$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
27
-	$row = mysql_fetch_array($result);
27
+	$row = $result->fetch();
28 28
 	$count = $row[0];
29 29
 	DEBUG("User has {$count} vmail-domains");
30 30
 	return ( (int) $count > 0 );
... ...
@@ -42,7 +42,7 @@ if (! function_exists("user_has_dotcourier_domain"))
42 42
 	$uid = (int) $_SESSION['userinfo']['uid'];
43 43
 	$result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". 
44 44
             "SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);");
45
-  $ret = (mysql_num_rows($result) > 0);
45
+  $ret = ($result->rowCount() > 0);
46 46
   if ($ret)
47 47
     DEBUG("User {$uid} has dotcourier-domains");
48 48
   return $ret;
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('inc/debug.php');
18
-require_once('inc/db_connect.php');
19 18
 require_once('inc/base.php');
20 19
 require_once('inc/security.php');
21 20
 
... ...
@@ -27,10 +26,10 @@ function mailaccounts($uid)
27 26
 {
28 27
   $uid = (int) $uid;
29 28
   $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local");
30
-  DEBUG("Found ".@mysql_num_rows($result)." rows!");
29
+  DEBUG("Found ".@$result->rowCount()." rows!");
31 30
   $accounts = array();
32
-  if (@mysql_num_rows($result) > 0)
33
-    while ($acc = @mysql_fetch_object($result))
31
+  if (@$result->rowCount() > 0)
32
+    while ($acc = @$result->fetch(PDO::FETCH_OBJ))
34 33
       array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
35 34
   return $accounts;
36 35
 }
... ...
@@ -40,10 +39,10 @@ function get_mailaccount($id)
40 39
   $id = (int) $id;
41 40
   $uid = (int) $_SESSION['userinfo']['uid'];
42 41
   $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
43
-  DEBUG("Found ".mysql_num_rows($result)." rows!");
44
-  if (mysql_num_rows($result) != 1)
42
+  DEBUG("Found ".$result->rowCount()." rows!");
43
+  if ($result->rowCount() != 1)
45 44
     system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
46
-  $acc = mysql_fetch_object($result);
45
+  $acc = $result->fetch(PDO::FETCH_OBJ);
47 46
   $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
48 47
   DEBUG(print_r($ret, true));
49 48
   return $ret;
... ...
@@ -73,13 +72,13 @@ function change_mailaccount($id, $arr)
73 72
         array_push($conditions, "domain={$domain->id}");
74 73
       }
75 74
     }
76
-    array_push($conditions, "local='".mysql_real_escape_string($local)."'");
75
+    array_push($conditions, "local='".db_escape_string($local)."'");
77 76
   }
78 77
   if (isset($arr['mailbox']))
79 78
     if ($arr['mailbox'] == '')
80 79
       array_push($conditions, "`maildir`=NULL");
81 80
     else
82
-      array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'");
81
+      array_push($conditions, "`maildir`='".db_escape_string($arr['mailbox'])."'");
83 82
 
84 83
   if (isset($arr['password']))
85 84
   {
... ...
@@ -121,13 +120,13 @@ function create_mailaccount($arr)
121 120
     }
122 121
   }
123 122
 
124
-  $values['local'] = "'".mysql_real_escape_string($local)."'";
123
+  $values['local'] = "'".db_escape_string($local)."'";
125 124
 
126 125
   if (isset($arr['mailbox']))
127 126
     if ($arr['mailbox'] == '')
128 127
       $values['maildir'] = 'NULL';
129 128
     else
130
-      $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'";
129
+      $values['maildir']= "'".db_escape_string($arr['mailbox'])."'";
131 130
 
132 131
 
133 132
   if (isset($arr['password']))
... ...
@@ -149,13 +148,13 @@ function get_mailaccount_id($accountname)
149 148
 {
150 149
   list($local, $domain) = explode('@', $accountname, 2);
151 150
 
152
-  $local = mysql_real_escape_string($local);
153
-  $domain = mysql_real_escape_string($domain);
151
+  $local = db_escape_string($local);
152
+  $domain = db_escape_string($domain);
154 153
 
155 154
   $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
156
-  if (mysql_num_rows($result) != 1)
155
+  if ($result->rowCount() != 1)
157 156
     system_failure('account nicht eindeutig');
158
-  $acc = mysql_fetch_assoc($result);
157
+  $acc = $result->fetch();
159 158
   return $acc['id'];
160 159
 }
161 160
     
... ...
@@ -214,7 +213,7 @@ function imap_on_vmail_domain()
214 213
 {
215 214
   $uid = (int) $_SESSION['userinfo']['uid'];
216 215
   $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
217
-  if (mysql_num_rows($result) > 0)
216
+  if ($result->rowCount() > 0)
218 217
     return true;
219 218
   return false;
220 219
 }
... ...
@@ -224,11 +223,11 @@ function user_has_only_vmail_domains()
224 223
   $uid = (int) $_SESSION['userinfo']['uid'];
225 224
   $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
226 225
   // User hat keine VMail-Domains
227
-  if (mysql_num_rows($result) == 0)
226
+  if ($result->rowCount() == 0)
228 227
     return false;
229 228
   $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
230 229
   // User hat keine Domains die nicht vmail-Domains sind
231
-  if (mysql_num_rows($result) == 0)
230
+  if ($result->rowCount() == 0)
232 231
     return true;
233 232
   return false;
234 233
 }
... ...
@@ -58,9 +58,9 @@ Ihre E-Mail wird nicht weitergeleitet.',
58 58
 
59 59
 function get_vmail_id_by_emailaddr($emailaddr) 
60 60
 {
61
-  $emailaddr = mysql_real_escape_string( $emailaddr );
61
+  $emailaddr = db_escape_string( $emailaddr );
62 62
   $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE CONCAT(local, '@', domainname) = '{$emailaddr}'");
63
-  $entry = mysql_fetch_assoc($result);
63
+  $entry = $result->fetch();
64 64
   return (int) $entry['id'];
65 65
 }
66 66
 
... ...
@@ -74,10 +74,10 @@ function get_account_details($id, $checkuid = true)
74 74
     $uid_check = "useraccount='{$uid}' AND ";
75 75
   }
76 76
   $result = db_query("SELECT id, local, domain, password, spamfilter, forwards, autoresponder, server, quota, COALESCE(quota_used, 0) AS quota_used, quota_threshold from mail.v_vmail_accounts WHERE {$uid_check}id={$id} LIMIT 1");
77
-	if (mysql_num_rows($result) == 0)
77
+	if ($result->rowCount() == 0)
78 78
 		system_failure('Ungültige ID oder kein eigener Account');
79 79
 	$acc = empty_account();
80
-	$res = mysql_fetch_assoc($result);
80
+	$res = $result->fetch();
81 81
 	foreach ($res AS $key => $value) {
82 82
 	  if ($key == 'forwards')
83 83
 	    continue;
... ...
@@ -85,13 +85,13 @@ function get_account_details($id, $checkuid = true)
85 85
 	}
86 86
 	if ($acc['forwards'] > 0) {
87 87
 	  $result = db_query("SELECT id, spamfilter, destination FROM mail.vmail_forward WHERE account={$acc['id']};");
88
-	  while ($item = mysql_fetch_assoc($result)){
88
+	  while ($item = $result->fetch()){
89 89
 	    array_push($acc['forwards'], array("id" => $item['id'], 'spamfilter' => $item['spamfilter'], 'destination' => $item['destination']));
90 90
 	  }
91 91
 	}
92 92
   if ($acc['autoresponder'] > 0) {
93 93
     $result = db_query("SELECT id, IF(valid_from IS NULL OR valid_from > NOW() OR valid_until < NOW(), 0, 1) AS active, DATE(valid_from) AS valid_from, DATE(valid_until) AS valid_until, fromname, fromaddr, subject, message, quote FROM mail.vmail_autoresponder WHERE account={$acc['id']}");
94
-    $item = mysql_fetch_assoc($result);
94
+    $item = $result->fetch();
95 95
     DEBUG($item);
96 96
     $acc['autoresponder'] = $item;
97 97
   } else {
... ...
@@ -108,7 +108,7 @@ function get_vmail_accounts()
108 108
 	$uid = (int) $_SESSION['userinfo']['uid'];
109 109
 	$result = db_query("SELECT * from mail.v_vmail_accounts WHERE useraccount='{$uid}' ORDER BY domainname,local ASC");
110 110
 	$ret = array();
111
-	while ($line = mysql_fetch_assoc($result))
111
+	while ($line = $result->fetch())
112 112
 	{
113 113
 		array_push($ret, $line);
114 114
 	}
... ...
@@ -122,10 +122,10 @@ function get_vmail_domains()
122 122
 {
123 123
 	$uid = (int) $_SESSION['userinfo']['uid'];
124 124
 	$result = db_query("SELECT id, domainname, server FROM mail.v_vmail_domains WHERE useraccount='{$uid}' ORDER BY domainname");
125
-	if (mysql_num_rows($result) == 0)
125
+	if ($result->rowCount() == 0)
126 126
 		system_failure('Sie haben keine Domains für virtuelle Mail-Verarbeitung');
127 127
 	$ret = array();
128
-	while ($tmp = mysql_fetch_assoc($result))
128
+	while ($tmp = $result->fetch())
129 129
 		array_push($ret, $tmp);
130 130
 	return $ret;
131 131
 }
... ...
@@ -133,7 +133,7 @@ function get_vmail_domains()
133 133
 
134 134
 function find_account_id($accname)
135 135
 {
136
-  $accname = mysql_real_escape_string($accname);
136
+  $accname = db_escape_string($accname);
137 137
   DEBUG($accname);
138 138
   $tmp = explode('@', $accname, 2);
139 139
   DEBUG($tmp);
... ...
@@ -142,9 +142,9 @@ function find_account_id($accname)
142 142
   list( $local, $domainname) = $tmp;
143 143
 
144 144
   $result = db_query("SELECT id FROM mail.v_vmail_accounts WHERE local='{$local}' AND domainname='{$domainname}' LIMIT 1");
145
-  if (mysql_num_rows($result) == 0)
145
+  if ($result->rowCount() == 0)
146 146
     system_failure("Der Account konnte nicht gefunden werden");
147
-  $tmp = mysql_fetch_array($result);
147
+  $tmp = $result->fetch();
148 148
   return $tmp[0];
149 149
 }
150 150
 
... ...
@@ -152,7 +152,7 @@ function find_account_id($accname)
152 152
 function change_vmail_password($accname, $newpass)
153 153
 {
154 154
   $accid = find_account_id($accname);
155
-  $encpw = mysql_real_escape_string(encrypt_mail_password($newpass));
155
+  $encpw = db_escape_string(encrypt_mail_password($newpass));
156 156
   db_query("UPDATE mail.vmail_accounts SET password='{$encpw}' WHERE id={$accid} LIMIT 1;");
157 157
 }
158 158
 
... ...
@@ -177,7 +177,7 @@ function get_max_mailboxquota($server, $oldquota) {
177 177
   $uid = (int) $_SESSION['userinfo']['uid'];
178 178
   $server = (int) $server;
179 179
   $result = db_query("SELECT systemquota - (COALESCE(systemquota_used,0) + COALESCE(mailquota,0)) AS free FROM system.v_quota WHERE uid='{$uid}' AND server='{$server}'");
180
-  $item = mysql_fetch_assoc($result);
180
+  $item = $result->fetch();
181 181
   DEBUG("Free space: ".$item['free']." / Really: ".($item['free'] + ($oldquota - config('vmail_basequota'))));
182 182
   return $item['free'] + ($oldquota - config('vmail_basequota'));
183 183
 }
... ...
@@ -313,8 +313,8 @@ function save_vmail_account($account)
313 313
     $account['quota_threshold'] = min( (int) $account['quota_threshold'], (int) $account['quota'] );
314 314
   }
315 315
   
316
-  $account['local'] = mysql_real_escape_string(strtolower($account['local']));
317
-  $account['password'] = mysql_real_escape_string($account['password']);
316
+  $account['local'] = db_escape_string(strtolower($account['local']));
317
+  $account['password'] = db_escape_string($account['password']);
318 318
   $account['spamexpire'] = (int) $account['spamexpire'];
319 319
 
320 320
   $query = '';
... ...
@@ -341,14 +341,14 @@ function save_vmail_account($account)
341 341
     $ar = $account['autoresponder'];
342 342
     $valid_from = maybe_null($ar['valid_from']);
343 343
     $valid_until = maybe_null($ar['valid_until']);
344
-    $fromname = maybe_null( mysql_real_escape_string($ar['fromname']) );
344
+    $fromname = maybe_null( db_escape_string($ar['fromname']) );
345 345
     $fromaddr = NULL;
346 346
     if ($ar['fromaddr']) {
347
-      $fromaddr = mysql_real_escape_string(check_emailaddr($ar['fromaddr']));
347
+      $fromaddr = db_escape_string(check_emailaddr($ar['fromaddr']));
348 348
     }
349 349
     $fromaddr = maybe_null( $fromaddr );
350
-    $subject = maybe_null( mysql_real_escape_string($ar['subject']));
351
-    $message = mysql_real_escape_string($ar['message']);
350
+    $subject = maybe_null( db_escape_string($ar['subject']));
351
+    $message = db_escape_string($ar['message']);
352 352
     $quote = "'inline'";
353 353
     if ($ar['quote'] == 'attach')
354 354
       $quote = "'attach'";
... ...
@@ -417,7 +417,7 @@ Wussten Sie schon, dass Sie auf mehrere Arten Ihre E-Mails abrufen können?
417 417
   if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
418 418
     $uid = (int) $_SESSION['userinfo']['uid'];
419 419
     $result = db_query("SELECT useraccount, server, SUM(quota-(SELECT value FROM misc.config WHERE `key`='vmail_basequota')) AS quota, SUM(GREATEST(quota_used-(SELECT value FROM misc.config WHERE `key`='vmail_basequota'), 0)) AS used FROM mail.v_vmail_accounts WHERE useraccount=".$uid." GROUP BY useraccount, server");
420
-    while ($line = mysql_fetch_assoc($result)) {
420
+    while ($line = $result->fetch()) {
421 421
       if ($line['quota'] !== NULL) {
422 422
         db_query("REPLACE INTO mail.vmailquota (uid, server, quota, used) VALUES ('{$line['useraccount']}', '{$line['server']}', '{$line['quota']}', '{$line['used']}')");
423 423
       }
... ...
@@ -447,7 +447,7 @@ function domainsettings($only_domain=NULL) {
447 447
   // Domains
448 448
   $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, d.mailserver_lock, m.id AS m_id, v.id AS v_id FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NULL) WHERE d.useraccount={$uid} OR m.uid={$uid} ORDER BY CONCAT_WS('.',d.domainname,d.tld);");
449 449
 
450
-  while ($mydom = mysql_fetch_assoc($result)) {
450
+  while ($mydom = $result->fetch()) {
451 451
     if (! array_key_exists($mydom['id'], $domains)) {
452 452
       if ($mydom['v_id'])
453 453
         $mydom['mail'] = 'virtual';
... ...
@@ -463,7 +463,7 @@ function domainsettings($only_domain=NULL) {
463 463
 
464 464
   // Subdomains
465 465
   $result = db_query("SELECT d.id, CONCAT_WS('.',d.domainname,d.tld) AS name, d.mail, m.id AS m_id, v.id AS v_id, IF(ISNULL(v.hostname),m.subdomain,v.hostname) AS hostname FROM kundendaten.domains AS d LEFT JOIN mail.virtual_mail_domains AS v ON (d.id=v.domain AND v.hostname IS NOT NULL) LEFT JOIN mail.custom_mappings AS m ON (d.id=m.domain AND m.subdomain IS NOT NULL) WHERE (m.id IS NOT NULL OR v.id IS NOT NULL) AND d.useraccount={$uid} OR m.uid={$uid};");
466
-  while ($mydom = mysql_fetch_assoc($result)) {
466
+  while ($mydom = $result->fetch()) {
467 467
     if (! array_key_exists($mydom['id'], $subdomains))
468 468
       $subdomains[$mydom['id']] = array();
469 469
         
... ...
@@ -483,14 +483,14 @@ function domain_has_vmail_accounts($domid)
483 483
 {
484 484
   $domid = (int) $domid;
485 485
   $result = db_query("SELECT dom.id FROM mail.vmail_accounts AS acc LEFT JOIN mail.virtual_mail_domains AS dom ON (dom.id=acc.domain) WHERE dom.domain={$domid}");
486
-  return (mysql_num_rows($result) > 0);
486
+  return ($result->rowCount() > 0);
487 487
 }
488 488
 
489 489
 
490 490
 function change_domain($id, $type)
491 491
 {
492 492
   $id = (int) $id;
493
-  $type = mysql_real_escape_string($type);
493
+  $type = db_escape_string($type);
494 494
   if (domain_has_vmail_accounts($id))
495 495
     system_failure("Sie müssen zuerst alle E-Mail-Konten mit dieser Domain löschen, bevor Sie die Webinterface-Verwaltung für diese Domain abschalten können.");
496 496
   
... ...
@@ -21,7 +21,7 @@ function list_ftpusers()
21 21
   $uid = (int) $_SESSION['userinfo']['uid'];
22 22
   $result = db_query("SELECT id, username, homedir, active, forcessl FROM system.ftpusers WHERE uid=$uid");
23 23
   $ftpusers = array();
24
-  while ($u = mysql_fetch_assoc($result)) {
24
+  while ($u = $result->fetch()) {
25 25
     $ftpusers[] = $u;
26 26
   }
27 27
   return $ftpusers;
... ...
@@ -40,9 +40,9 @@ function load_ftpuser($id)
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   $id = (int) $id;
42 42
   $result = db_query("SELECT id, username, password, homedir, active, forcessl, server FROM system.ftpusers WHERE uid={$uid} AND id='{$id}' LIMIT 1");
43
-  if (mysql_num_rows($result) != 1)
43
+  if ($result->rowCount() != 1)
44 44
     system_failure("Fehler beim auslesen des Accounts");
45
-  $account = mysql_fetch_assoc($result);
45
+  $account = $result->fetch();
46 46
   DEBUG($account);
47 47
   return $account;
48 48
 }
... ...
@@ -117,11 +117,11 @@ function delete_ftpuser($id)
117 117
 
118 118
 function get_gid($groupname)
119 119
 {
120
-  $groupname = mysql_real_escape_string($groupname);
120
+  $groupname = db_escape_string($groupname);
121 121
   $result = db_query("SELECT gid FROM system.gruppen WHERE name='{$groupname}' LIMIT 1");
122
-  if (mysql_num_rows($result) != 1)
122
+  if ($result->rowCount() != 1)
123 123
     system_failure('cannot determine gid of ftpusers group');
124
-  $a = mysql_fetch_assoc($result);
124
+  $a = $result->fetch();
125 125
   $gid = (int) $a['gid'];
126 126
   if ($gid == 0)
127 127
     system_failure('error on determining gid of ftpusers group');
... ...
@@ -134,7 +134,7 @@ function have_regular_ftp()
134 134
   $gid = get_gid('ftpusers');
135 135
   $uid = (int) $_SESSION['userinfo']['uid'];
136 136
   $result = db_query("SELECT * FROM system.gruppenzugehoerigkeit WHERE gid='$gid' AND uid='$uid'");
137
-  return (mysql_num_rows($result) > 0);
137
+  return ($result->rowCount() > 0);
138 138
 }
139 139
 
140 140
 
... ...
@@ -19,7 +19,7 @@ function whitelist_entries()
19 19
 	$uid = (int) $_SESSION['userinfo']['uid'];
20 20
 	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};");
21 21
 	$return = array();
22
-	while ($line = mysql_fetch_assoc($res))
22
+	while ($line = $res->fetch())
23 23
 		array_push($return, $line);
24 24
 	return $return;
25 25
 }
... ...
@@ -30,9 +30,9 @@ function get_whitelist_details($id)
30 30
 	$id = (int) $id;
31 31
 	$uid = (int) $_SESSION['userinfo']['uid'];
32 32
 	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};");
33
-	if (mysql_num_rows($res) != 1)
33
+	if ($res->rowCount() != 1)
34 34
 		system_failure('Kann diesen Eintrag nicht finden');
35
-	return mysql_fetch_assoc($res);
35
+	return $res->fetch();
36 36
 }
37 37
 
38 38
 
... ...
@@ -55,9 +55,9 @@ function valid_entry($local, $domain)
55 55
 			system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!');
56 56
 		return true;
57 57
 	}
58
-	$d = mysql_real_escape_string($domain);
58
+	$d = db_escape_string($domain);
59 59
 	$res = db_query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1");
60
-	if (mysql_num_rows($res) != 1)
60
+	if ($res->rowCount() != 1)
61 61
 		system_failure('Diese domain gehört Ihnen nicht!');
62 62
 	return true;
63 63
 }
... ...
@@ -68,7 +68,7 @@ function new_whitelist_entry($local, $domain, $minutes)
68 68
 	valid_entry($local, $domain);
69 69
 	$uid = (int) $_SESSION['userinfo']['uid'];
70 70
 	$local = maybe_null($local);
71
-	$domain = mysql_real_escape_string($domain);
71
+	$domain = db_escape_string($domain);
72 72
 	
73 73
 	$expire = '';
74 74
 	if ($minutes == 'none')
... ...
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('session/checkuser.php');
19 18
 
20 19
 function user_customer_match($cust, $user)
21 20
 {
22 21
   $customerno = (int) $cust;
23
-  $username = mysql_real_escape_string($user);
22
+  $username = db_escape_string($user);
24 23
   $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
25
-  if (mysql_num_rows($result) > 0)
24
+  if ($result->rowCount() > 0)
26 25
     return true;
27 26
   return false;
28 27
 }
... ...
@@ -32,9 +31,9 @@ function user_customer_match($cust, $user)
32 31
 function customer_has_email($customerno, $email)
33 32
 {
34 33
   $customerno = (int) $customerno;
35
-  $email = mysql_real_escape_string($email);
34
+  $email = db_escape_string($email);
36 35
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
37
-  return (mysql_num_rows($result) > 0);
36
+  return ($result->rowCount() > 0);
38 37
 }
39 38
 
40 39
 
... ...
@@ -42,21 +41,21 @@ function validate_token($customerno, $token)
42 41
 {
43 42
   expire_tokens();
44 43
   $customerno = (int) $customerno;
45
-  $token = mysql_real_escape_string($token);
44
+  $token = db_escape_string($token);
46 45
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
47
-  return (mysql_num_rows($result) > 0);
46
+  return ($result->rowCount() > 0);
48 47
 }
49 48
 
50 49
 
51 50
 function get_uid_for_token($token) 
52 51
 {
53 52
   expire_tokens();
54
-  $token = mysql_real_escape_string($token);
53
+  $token = db_escape_string($token);
55 54
   $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
56
-  if (mysql_num_rows($result) == 0) {
55
+  if ($result->rowCount() == 0) {
57 56
     return NULL;
58 57
   }
59
-  $data = mysql_fetch_assoc($result);
58
+  $data = $result->fetch();
60 59
   return $data['uid'];  
61 60
 }
62 61
 
... ...
@@ -64,10 +63,10 @@ function get_username_for_uid($uid)
64 63
 {
65 64
   $uid = (int) $uid;
66 65
   $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
67
-  if (mysql_num_rows($result) != 1) {
66
+  if ($result->rowCount() != 1) {
68 67
     system_failure("Unexpected number of users with this uid (!= 1)!");
69 68
   }
70
-  $item = mysql_fetch_assoc($result);
69
+  $item = $result->fetch();
71 70
   return $item['username'];
72 71
 }
73 72
 
... ...
@@ -75,9 +74,9 @@ function validate_uid_token($uid, $token)
75 74
 {
76 75
   expire_tokens();
77 76
   $uid = (int) $uid;
78
-  $token = mysql_real_escape_string($token);
77
+  $token = db_escape_string($token);
79 78
   $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
80
-  return (mysql_num_rows($result) > 0);
79
+  return ($result->rowCount() > 0);
81 80
 }
82 81
 
83 82
 
... ...
@@ -102,13 +101,13 @@ function invalidate_systemuser_token($uid)
102 101
  
103 102
 function create_token($username)
104 103
 {
105
-  $username = mysql_real_escape_string($username);
104
+  $username = db_escape_string($username);
106 105
   expire_tokens();
107 106
   $result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
108
-  $uid = (int) mysql_fetch_assoc($result)['uid'];
107
+  $uid = (int) $result->fetch()['uid'];
109 108
   
110 109
   $result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
111
-  if (mysql_num_rows($result) > 0) {
110
+  if ($result->rowCount() > 0) {
112 111
     system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
113 112
   }
114 113
   
... ...
@@ -120,9 +119,9 @@ function create_token($username)
120 119
 
121 120
 function emailaddress_for_user($username)
122 121
 {
123
-  $username = mysql_real_escape_string($username);
122
+  $username = db_escape_string($username);
124 123
   $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
125
-  $data = mysql_fetch_assoc($result);
124
+  $data = $result->fetch();
126 125
   return $data['email'];
127 126
 }
128 127
 
... ...
@@ -132,17 +131,17 @@ function get_customer_token($customerno)
132 131
   $customerno = (int) $customerno;
133 132
   expire_tokens();
134 133
   $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
135
-  if (mysql_num_rows($result) < 1)
134
+  if ($result->rowCount() < 1)
136 135
     system_failure("Kann das Token nicht auslesen!");
137
-  return mysql_fetch_object($result)->token;
136
+  return $result->fetch(PDO::FETCH_OBJ)->token;
138 137
 }
139 138
 
140 139
 
141 140
 function get_user_token($username) 
142 141
 {
143
-  $username = mysql_real_escape_string($username);
142
+  $username = db_escape_string($username);
144 143
   $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
145
-  $tmp = mysql_fetch_assoc($result);
144
+  $tmp = $result->fetch();
146 145
   return $tmp['token'];
147 146
 }
148 147
 
... ...
@@ -35,14 +35,14 @@ function do_ajax_cert_login() {
35 35
 
36 36
 function get_logins_by_cert($cert) 
37 37
 {
38
-	$cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
38
+	$cert = db_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
39 39
 	$query = "SELECT type,username,startpage FROM system.clientcert WHERE cert='{$cert}'";
40 40
 	$result = db_query($query);
41
-	if (mysql_num_rows($result) < 1)
41
+	if ($result->rowCount() < 1)
42 42
 		return NULL;
43 43
 	else {
44 44
 		$ret = array();
45
-		while ($row = mysql_fetch_assoc($result)) {
45
+		while ($row = $result->fetch()) {
46 46
 			$ret[] = $row;
47 47
 		}
48 48
 		return $ret;
... ...
@@ -56,9 +56,9 @@ function get_cert_by_id($id)
56 56
 	  system_failure('no ID');
57 57
 	$query = "SELECT id,dn,issuer,cert,username,startpage FROM system.clientcert WHERE `id`='{$id}' LIMIT 1";
58 58
 	$result = db_query($query);
59
-	if (mysql_num_rows($result) < 1)
59
+	if ($result->rowCount() < 1)
60 60
 		return NULL;
61
-	$ret = mysql_fetch_assoc($result);
61
+	$ret = $result->fetch();
62 62
   DEBUG($ret);
63 63
   return $ret;
64 64
 }
... ...
@@ -66,14 +66,14 @@ function get_cert_by_id($id)
66 66
 
67 67
 function get_certs_by_username($username) 
68 68
 {
69
-	$username = mysql_real_escape_string($username);
69
+	$username = db_escape_string($username);
70 70
 	if ($username == '')
71 71
 	  system_failure('empty username');
72 72
 	$query = "SELECT id,dn,issuer,cert,startpage FROM system.clientcert WHERE `username`='{$username}'";
73 73
 	$result = db_query($query);
74
-	if (mysql_num_rows($result) < 1)
74
+	if ($result->rowCount() < 1)
75 75
 		return NULL;
76
-	while ($row = mysql_fetch_assoc($result)) {
76
+	while ($row = $result->fetch()) {
77 77
 	  $ret[] = $row;
78 78
 	}
79 79
 	return $ret;
... ...
@@ -86,24 +86,24 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='')
86 86
   $username = NULL;
87 87
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
88 88
     $type = 'user';
89
-    $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
89
+    $username = db_escape_string($_SESSION['userinfo']['username']);
90 90
     if (isset($_SESSION['subuser'])) {
91
-      $username = mysql_real_escape_string($_SESSION['subuser']);
91
+      $username = db_escape_string($_SESSION['subuser']);
92 92
       $type = 'subuser';
93 93
     }
94 94
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
95 95
     $type = 'email';
96
-    $username = mysql_real_escape_string($_SESSION['mailaccount']);
96
+    $username = db_escape_string($_SESSION['mailaccount']);
97 97
   }
98 98
   if (! $type || ! $username) {
99 99
     system_failure('cannot get type or username of login');
100 100
   }
101
-  $certdata = mysql_real_escape_string($certdata);
102
-  $dn = maybe_null(mysql_real_escape_string($dn));
103
-  $issuer = maybe_null(mysql_real_escape_string($issuer));
101
+  $certdata = db_escape_string($certdata);
102
+  $dn = maybe_null(db_escape_string($dn));
103
+  $issuer = maybe_null(db_escape_string($issuer));
104 104
   if ($startpage &&  ! check_path($startpage))
105 105
     system_failure('Startseite kaputt');
106
-  $startpage = maybe_null(mysql_real_escape_string($startpage));
106
+  $startpage = maybe_null(db_escape_string($startpage));
107 107
 
108 108
   if ($certdata == '')
109 109
     system_failure('Kein Zertifikat');
... ...
@@ -124,14 +124,14 @@ function delete_clientcert($id)
124 124
   $username = NULL;
125 125
   if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
126 126
     $type = 'user';
127
-    $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
127
+    $username = db_escape_string($_SESSION['userinfo']['username']);
128 128
     if (isset($_SESSION['subuser'])) {
129
-      $username = mysql_real_escape_string($_SESSION['subuser']);
129
+      $username = db_escape_string($_SESSION['subuser']);
130 130
       $type = 'subuser';
131 131
     }
132 132
   } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
133 133
     $type = 'email';
134
-    $username = mysql_real_escape_string($_SESSION['mailaccount']);
134
+    $username = db_escape_string($_SESSION['mailaccount']);
135 135
   }
136 136
   if (! $type || ! $username) {
137 137
     system_failure('cannot get type or username of login');
... ...
@@ -25,7 +25,7 @@ function my_invoices()
25 25
   $c = (int) $_SESSION['customerinfo']['customerno'];
26 26
   $result = db_query("SELECT id,datum,betrag,bezahlt,abbuchung,sepamandat FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} ORDER BY id DESC");
27 27
   $ret = array();
28
-  while($line = mysql_fetch_assoc($result))
28
+  while($line = $result->fetch())
29 29
   	array_push($ret, $line);
30 30
   return $ret;
31 31
 }
... ...
@@ -36,9 +36,9 @@ function get_pdf($id)
36 36
   $c = (int) $_SESSION['customerinfo']['customerno'];
37 37
   $id = (int) $id;
38 38
   $result = db_query("SELECT pdfdata FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
39
-  if (mysql_num_rows($result) == 0)
39
+  if ($result->rowCount() == 0)
40 40
 	  system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
41
-  return mysql_fetch_object($result)->pdfdata;
41
+  return $result->fetch(PDO::FETCH_OBJ)->pdfdata;
42 42
 
43 43
 }
44 44
 
... ...
@@ -48,9 +48,9 @@ function invoice_details($id)
48 48
   $c = (int) $_SESSION['customerinfo']['customerno'];
49 49
   $id = (int) $id;
50 50
   $result = db_query("SELECT kunde,datum,betrag,bezahlt,abbuchung FROM kundendaten.ausgestellte_rechnungen WHERE kunde={$c} AND id={$id}");
51
-  if (mysql_num_rows($result) == 0)
51
+  if ($result->rowCount() == 0)
52 52
   	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
53
-  return mysql_fetch_assoc($result);
53
+  return $result->fetch();
54 54
 }
55 55
 
56 56
 function invoice_items($id)
... ...
@@ -58,10 +58,10 @@ function invoice_items($id)
58 58
   $c = (int) $_SESSION['customerinfo']['customerno'];
59 59
   $id = (int) $id;
60 60
   $result = db_query("SELECT id, beschreibung, datum, enddatum, betrag, einheit, brutto, mwst, anzahl FROM kundendaten.rechnungsposten WHERE rechnungsnummer={$id} AND kunde={$c}");
61
-  if (mysql_num_rows($result) == 0)
61
+  if ($result->rowCount() == 0)
62 62
   	system_failure('Ungültige Rechnungsnummer oder nicht eingeloggt');
63 63
   $ret = array();
64
-  while($line = mysql_fetch_assoc($result))
64
+  while($line = $result->fetch())
65 65
   array_push($ret, $line);
66 66
   return $ret;
67 67
 }
... ...
@@ -72,7 +72,7 @@ function upcoming_items()
72 72
   $c = (int) $_SESSION['customerinfo']['customerno'];
73 73
   $result = db_query("SELECT anzahl, beschreibung, startdatum, enddatum, betrag, einheit, brutto, mwst FROM kundendaten.upcoming_items WHERE kunde={$c} ORDER BY startdatum ASC");
74 74
   $ret = array();
75
-  while($line = mysql_fetch_assoc($result))
75
+  while($line = $result->fetch())
76 76
 	  array_push($ret, $line);
77 77
   return $ret;
78 78
 }
... ...
@@ -166,19 +166,19 @@ function generate_bezahlcode_image($id)
166 166
 function get_lastschrift($rechnungsnummer) {
167 167
   $rechnungsnummer = (int) $rechnungsnummer;
168 168
   $result = db_query("SELECT rechnungsnummer, rechnungsdatum, sl.betrag, buchungsdatum FROM kundendaten.sepalastschrift sl LEFT JOIN kundendaten.ausgestellte_rechnungen re ON (re.id=sl.rechnungsnummer) WHERE rechnungsnummer='${rechnungsnummer}' AND re.abbuchung=1");
169
-  if (mysql_num_rows($result) == 0) {
169
+  if ($result->rowCount() == 0) {
170 170
     return NULL;
171 171
   }
172
-  $item = mysql_fetch_assoc($result);
172
+  $item = $result->fetch();
173 173
   return $item;
174 174
 }
175 175
 
176 176
 function get_lastschriften($mandatsreferenz)
177 177
 {
178
-  $mandatsreferenz = mysql_real_escape_string($mandatsreferenz);
178
+  $mandatsreferenz = db_escape_string($mandatsreferenz);
179 179
   $result = db_query("SELECT rechnungsnummer, rechnungsdatum, betrag, buchungsdatum FROM kundendaten.sepalastschrift WHERE mandatsreferenz='${mandatsreferenz}' ORDER BY buchungsdatum DESC");
180 180
   $ret = array();
181
-  while ($item = mysql_fetch_assoc($result)) {
181
+  while ($item = $result->fetch()) {
182 182
     $ret[] = $item;
183 183
   }
184 184
   return $ret;
... ...
@@ -189,7 +189,7 @@ function get_sepamandate()
189 189
   $cid = (int) $_SESSION['customerinfo']['customerno'];
190 190
   $result = db_query("SELECT id, mandatsreferenz, glaeubiger_id, erteilt, medium, gueltig_ab, gueltig_bis, erstlastschrift, kontoinhaber, adresse, iban, bic, bankname FROM kundendaten.sepamandat WHERE kunde={$cid}");
191 191
   $ret = array();
192
-  while ($entry = mysql_fetch_assoc($result)) {
192
+  while ($entry = $result->fetch()) {
193 193
     array_push($ret, $entry);
194 194
   }
195 195
   return $ret;
... ...
@@ -198,9 +198,9 @@ function get_sepamandate()
198 198
 
199 199
 function yesterday($date) 
200 200
 {
201
-  $date = mysql_real_escape_string($date);
201
+  $date = db_escape_string($date);
202 202
   $result = db_query("SELECT '{$date}' - INTERVAL 1 DAY");
203
-  return mysql_fetch_array($result)[0];
203
+  return $result->fetch()[0];
204 204
 }
205 205
 
206 206
 
... ...
@@ -208,7 +208,7 @@ function invalidate_sepamandat($id, $date)
208 208
 {
209 209
   $cid = (int) $_SESSION['customerinfo']['customerno'];
210 210
   $id = (int) $id;
211
-  $date = mysql_real_escape_string($date);
211
+  $date = db_escape_string($date);
212 212
   db_query("UPDATE kundendaten.sepamandat SET gueltig_bis='{$date}' WHERE id={$id} AND kunde={$cid}");
213 213
 }
214 214
 
... ...
@@ -216,12 +216,12 @@ function invalidate_sepamandat($id, $date)
216 216
 function sepamandat($name, $adresse, $iban, $bankname, $bic, $gueltig_ab)
217 217
 {
218 218
   $cid = (int) $_SESSION['customerinfo']['customerno'];
219
-  $name = mysql_real_escape_string($name);
220
-  $adresse = mysql_real_escape_string($adresse);
221
-  $iban = mysql_real_escape_string($iban);
222
-  $bankname = mysql_real_escape_string($bankname);
223
-  $bic = mysql_real_escape_string($bic);
224
-  $gueltig_ab = mysql_real_escape_string($gueltig_ab);
219
+  $name = db_escape_string($name);
220
+  $adresse = db_escape_string($adresse);
221
+  $iban = db_escape_string($iban);
222
+  $bankname = db_escape_string($bankname);
223
+  $bic = db_escape_string($bic);
224
+  $gueltig_ab = db_escape_string($gueltig_ab);
225 225
 
226 226
   $first_date = date('Y-m-d');
227 227
   $invoices = my_invoices();
... ...
@@ -22,7 +22,7 @@ require_once('invoice.php');
22 22
 $kundenname = $_SESSION['customerinfo']['name'];
23 23
 $id = (int) $_SESSION['customerinfo']['customerno'];
24 24
 $result = db_query("SELECT CONCAT(adresse, '\\\\n', plz, ' ', ort) AS adresse FROM kundendaten.kunden WHERE id={$id}");
25
-$r = mysql_fetch_assoc($result);
25
+$r = $result->fetch();
26 26
 
27 27
 header("Content-Type: text/javascript");
28 28
 echo ' { "kundenname": "'.$kundenname.'", "adresse": "'.$r["adresse"].'" } ';
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once("inc/debug.php");
18
-require_once("inc/db_connect.php");
19 18
 require_once("inc/security.php");
20 19
 
21 20
 require_once('class/domain.php');
... ...
@@ -25,8 +24,8 @@ function get_jabber_accounts() {
25 24
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
26 25
   $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
27 26
   $accounts = array();
28
-  if (@mysql_num_rows($result) > 0)
29
-    while ($acc = @mysql_fetch_assoc($result))
27
+  if (@$result->rowCount() > 0)
28
+    while ($acc = @$result->fetch())
30 29
       array_push($accounts, $acc);
31 30
   return $accounts;
32 31
 }
... ...
@@ -41,9 +40,9 @@ function get_jabberaccount_details($id)
41 40
   $id = (int) $id;
42 41
 
43 42
   $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
44
-  if (mysql_num_rows($result) != 1)
43
+  if ($result->rowCount() != 1)
45 44
     system_failure("Invalid account");
46
-  $data = mysql_fetch_assoc($result);
45
+  $data = $result->fetch();
47 46
   if ($data['domain'] == NULL)
48 47
     $data['domain'] = config('masterdomain');
49 48
   else
... ...
@@ -72,19 +71,19 @@ function create_jabber_account($local, $domain, $password)
72 71
   require_role(ROLE_CUSTOMER);
73 72
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
74 73
 
75
-  $local = mysql_real_escape_string( filter_input_username($local) );
74
+  $local = db_escape_string( filter_input_username($local) );
76 75
   $domain = (int) $domain;
77 76
   if (! valid_jabber_password($password))
78 77
   {
79 78
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
80 79
     return;
81 80
   }
82
-  $password = mysql_real_escape_string( $password );
81
+  $password = db_escape_string( $password );
83 82
   
84 83
   if ($domain > 0)
85 84
   {
86 85
     $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
87
-    if (mysql_num_rows($result) == 0)
86
+    if ($result->rowCount() == 0)
88 87
     {
89 88
       logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
90 89
       system_failure("Invalid domain!");
... ...
@@ -98,7 +97,7 @@ function create_jabber_account($local, $domain, $password)
98 97
     $domainquery = 'domain IS NULL'; 
99 98
   }
100 99
   $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
101
-  if (mysql_num_rows($result) > 0)
100
+  if ($result->rowCount() > 0)
102 101
   {
103 102
     logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
104 103
     system_failure("Diesen Account gibt es bereits!");
... ...
@@ -120,7 +119,7 @@ function change_jabber_password($id, $password)
120 119
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
121 120
     return;
122 121
   }
123
-  $password = mysql_real_escape_string( $password );
122
+  $password = db_escape_string( $password );
124 123
   
125 124
   db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
126 125
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
... ...
@@ -24,7 +24,7 @@ function get_lists()
24 24
   $uid = (int) $_SESSION['userinfo']['uid'];
25 25
   $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid};");
26 26
   $ret = array();
27
-  while ($list = mysql_fetch_assoc($result))
27
+  while ($list = $result->fetch())
28 28
     $ret[] = $list;
29 29
   DEBUG($ret);
30 30
   return $ret;
... ...
@@ -36,9 +36,9 @@ function get_list($id)
36 36
   $id = (int) $id;
37 37
   $uid = (int) $_SESSION['userinfo']['uid'];
38 38
   $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid} AND id={$id};");
39
-  if (mysql_num_rows($result) < 1)
39
+  if ($result->rowCount() < 1)
40 40
     system_failure('Die gewünschte Mailingliste konnte nicht gefunden werden');
41
-  $list = mysql_fetch_assoc($result);
41
+  $list = $result->fetch();
42 42
   DEBUG($list);
43 43
 
44 44
   return $list;
... ...
@@ -61,13 +61,13 @@ function create_list($listname, $maildomain, $admin)
61 61
   verify_input_general($admin);
62 62
   if (! check_emailaddr($admin))
63 63
     system_failure('Der Verwalter muss eine gültige E-Mail-Adresse sein ('.$admin.').');
64
-  $admin = mysql_real_escape_string($admin);
64
+  $admin = db_escape_string($admin);
65 65
   $result = db_query("SELECT id FROM mail.mailman_lists WHERE listname='{$listname}'");
66
-  if (mysql_num_rows($result) > 0)
66
+  if ($result->rowCount() > 0)
67 67
     system_failure('Eine Liste mit diesem Namen existiert bereits (unter dieser oder einer anderen Domain). Jeder Listenname kann nur einmal verwendet werden.');
68 68
 
69 69
   db_query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', '{$listname}', {$maildomain}, {$owner}, '{$admin}');");
70
-  DEBUG('Neue ID: '.mysql_insert_id());
70
+  DEBUG('Neue ID: '.db_insert_id());
71 71
 }
72 72
 
73 73
 
... ...
@@ -76,7 +76,7 @@ function get_mailman_domains()
76 76
   $uid = (int) $_SESSION['userinfo']['uid'];
77 77
   $result = db_query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user={$uid}");
78 78
   $ret = array();
79
-  while ($dom = mysql_fetch_assoc($result))
79
+  while ($dom = $result->fetch())
80 80
     $ret[] = $dom;
81 81
   DEBUG($ret);
82 82
   return $ret;
... ...
@@ -18,10 +18,10 @@ function get_mysql_accounts($UID)
18 18
 {
19 19
   $UID = (int) $UID;
20 20
   $result = db_query("SELECT id, username, description, created FROM misc.mysql_accounts WHERE useraccount=$UID ORDER BY username");
21
-  if (mysql_num_rows($result) == 0)
21
+  if ($result->rowCount() == 0)
22 22
     return array();
23 23
   $list = array();
24
-  while ($item = mysql_fetch_assoc($result))
24
+  while ($item = $result->fetch())
25 25
   {
26 26
     $list[] = $item;
27 27
   }
... ...
@@ -32,10 +32,10 @@ function get_mysql_databases($UID)
32 32
 {
33 33
   $UID = (int) $UID;
34 34
   $result = db_query("SELECT id, name, description, created FROM misc.mysql_database WHERE useraccount=$UID ORDER BY name");
35
-  if (mysql_num_rows($result) == 0)
35
+  if ($result->rowCount() == 0)
36 36
     return array();
37 37
   $list = array();
38
-  while ($item = mysql_fetch_assoc($result))
38
+  while ($item = $result->fetch())
39 39
   {
40 40
     $list[] = $item;
41 41
   }
... ...
@@ -80,7 +80,7 @@ function servers_for_databases()
80 80
   
81 81
   $result = db_query("SELECT db.name AS db, hostname FROM misc.mysql_database AS db LEFT JOIN system.useraccounts AS u ON (db.useraccount=u.uid) LEFT JOIN system.servers ON (COALESCE(db.server, u.server) = servers.id) WHERE db.useraccount={$uid}");
82 82
   $ret = array();
83
-  while ($line = mysql_fetch_assoc($result)) {
83
+  while ($line = $result->fetch()) {
84 84
     $ret[$line['db']] = $line['hostname'];
85 85
   }
86 86
   DEBUG($ret);
... ...
@@ -96,9 +96,9 @@ function get_mysql_access($db, $account)
96 96
   {
97 97
     $mysql_access = array();
98 98
     $result = db_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};");
99
-    if (mysql_num_rows($result) == 0)
99
+    if ($result->rowCount() == 0)
100 100
       return false;
101
-    while ($line = mysql_fetch_object($result))
101
+    while ($line = $result->fetch(PDO::FETCH_OBJ))
102 102
       $mysql_access[$line->db][$line->user] = true;
103 103
   }
104 104
   return (array_key_exists($db, $mysql_access) && array_key_exists($account, $mysql_access[$db]));
... ...
@@ -108,8 +108,8 @@ function get_mysql_access($db, $account)
108 108
 function set_mysql_access($db, $account, $status)
109 109
 {
110 110
   $uid = $_SESSION['userinfo']['uid'];
111
-  $db = mysql_real_escape_string($db);
112
-  $account = mysql_real_escape_string($account);
111
+  $db = db_escape_string($db);
112
+  $account = db_escape_string($account);
113 113
   DEBUG("User »{$account}« soll ".($status ? "" : "NICHT ")."auf die Datenbank »{$db}« zugreifen");
114 114
   $query = '';
115 115
   if ($status)
... ...
@@ -117,13 +117,13 @@ function set_mysql_access($db, $account, $status)
117 117
     if (get_mysql_access($db, $account))
118 118
       return NULL;
119 119
     $result = db_query("SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1");
120
-    if (mysql_num_rows($result) != 1)
120
+    if ($result->rowCount() != 1)
121 121
     {
122 122
       logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find database {$db}");
123 123
       system_failure("cannot find database »{$db}«");
124 124
     }
125 125
     $result = db_query("SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid} LIMIT 1");
126
-    if (mysql_num_rows($result) != 1)
126
+    if ($result->rowCount() != 1)
127 127
     {
128 128
       logger(LOG_ERR, "modules/mysql/include/mysql", "mysql", "cannot find user {$account}");
129 129
       system_failure("cannot find database user »{$account}«");
... ...
@@ -151,7 +151,7 @@ function create_mysql_account($username, $description = '')
151 151
     return NULL;
152 152
   }
153 153
   $uid = $_SESSION['userinfo']['uid'];
154
-  $username = mysql_real_escape_string($username);
154
+  $username = db_escape_string($username);
155 155
   $description = maybe_null($description);
156 156
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "creating user »{$username}«");
157 157
   db_query("INSERT INTO misc.mysql_accounts (username, password, useraccount, description) VALUES ('$username', '!', $uid, $description);");
... ...
@@ -160,7 +160,7 @@ function create_mysql_account($username, $description = '')
160 160
 
161 161
 function delete_mysql_account($username)
162 162
 {
163
-  $username = mysql_real_escape_string($username);
163
+  $username = db_escape_string($username);
164 164
   $uid = $_SESSION['userinfo']['uid'];
165 165
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "deleting user »{$username}«");
166 166
   db_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
... ...
@@ -175,7 +175,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL)
175 175
     input_error("Der eingegebene Datenbankname entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein.");
176 176
     return NULL;
177 177
   }
178
-  $dbname = mysql_real_escape_string($dbname);
178
+  $dbname = db_escape_string($dbname);
179 179
   $uid = $_SESSION['userinfo']['uid'];
180 180
   $description = maybe_null($description); 
181 181
   $server = (int) $server;
... ...
@@ -189,7 +189,7 @@ function create_mysql_database($dbname, $description = '', $server = NULL)
189 189
 
190 190
 function delete_mysql_database($dbname)
191 191
 {
192
-  $dbname = mysql_real_escape_string($dbname);
192
+  $dbname = db_escape_string($dbname);
193 193
   $uid = $_SESSION['userinfo']['uid'];
194 194
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "removing database »{$dbname}«");
195 195
   db_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
... ...
@@ -212,8 +212,8 @@ function validate_mysql_username($username)
212 212
 
213 213
 function set_mysql_password($username, $password)
214 214
 {
215
-  $username = mysql_real_escape_string($username);
216
-  $password = mysql_real_escape_string($password);
215
+  $username = db_escape_string($username);
216
+  $password = db_escape_string($password);
217 217
   $uid = $_SESSION['userinfo']['uid'];
218 218
   logger(LOG_INFO, "modules/mysql/include/mysql", "mysql", "updating password for »{$username}«");
219 219
   db_query("UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;");
... ...
@@ -223,18 +223,18 @@ function set_mysql_password($username, $password)
223 223
 function has_mysql_database($dbname)
224 224
 {
225 225
   $uid = $_SESSION['userinfo']['uid'];
226
-  $dbname = mysql_real_escape_string($dbname);
226
+  $dbname = db_escape_string($dbname);
227 227
   $result = db_query("SELECT NULL FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;");
228
-  return (mysql_num_rows($result) == 1);
228
+  return ($result->rowCount() == 1);
229 229
 }
230 230
 
231 231
 
232 232
 function has_mysql_user($username)
233 233
 {
234 234
   $uid = $_SESSION['userinfo']['uid'];
235
-  $userame = mysql_real_escape_string($username);
235
+  $userame = db_escape_string($username);
236 236
   $result = db_query("SELECT NULL FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;");
237
-  return (mysql_num_rows($result) == 1);
237
+  return ($result->rowCount() == 1);
238 238
 }
239 239
 
240 240
 
... ...
@@ -16,14 +16,14 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 function set_newsletter_address($address) {
18 18
   $cid = $_SESSION['customerinfo']['customerno'];
19
-  $address = maybe_null(mysql_real_escape_string($address));
19
+  $address = maybe_null(db_escape_string($address));
20 20
   db_query("UPDATE kundendaten.kunden SET email_newsletter={$address} WHERE id={$cid}");
21 21
 }
22 22
 
23 23
 function get_newsletter_address() {
24 24
   $cid = $_SESSION['customerinfo']['customerno'];
25 25
   $result = db_query("SELECT email_newsletter FROM kundendaten.kunden WHERE id={$cid}");
26
-  $r = mysql_fetch_assoc($result);
26
+  $r = $result->fetch();
27 27
   return $r['email_newsletter'];
28 28
 }
29 29
 
... ...
@@ -32,7 +32,7 @@ function get_latest_news() {
32 32
   $today = strftime('%Y-%m-%d');
33 33
   $result = db_query("SELECT id, date, subject, content FROM misc.news WHERE date > '{$today}' - INTERVAL 1 YEAR ORDER BY date DESC");
34 34
   $ret = array();
35
-  while ($item = mysql_fetch_assoc($result)) {
35
+  while ($item = $result->fetch()) {
36 36
     $ret[] = $item;
37 37
   }
38 38
   DEBUG($ret);
... ...
@@ -43,7 +43,7 @@ function get_latest_news() {
43 43
 function get_news_item($id) {
44 44
   $id = (int) $id;
45 45
   $result = db_query("SELECT date, subject, content FROM misc.news WHERE id={$id}");
46
-  $ret = mysql_fetch_assoc($result);
46
+  $ret = $result->fetch();
47 47
   DEBUG($ret);
48 48
   return $ret;
49 49
 }
... ...
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('session/checkuser.php');
19 18
 
20 19
 function customer_has_email($customerno, $email)
21 20
 {
22 21
   $customerno = (int) $customerno;
23
-  $email = mysql_real_escape_string($email);
22
+  $email = db_escape_string($email);
24 23
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
25
-  return (mysql_num_rows($result) > 0);
24
+  return ($result->rowCount() > 0);
26 25
 }
27 26
 
28 27
 
... ...
@@ -30,9 +29,9 @@ function validate_token($customerno, $token)
30 29
 {
31 30
   expire_tokens();
32 31
   $customerno = (int) $customerno;
33
-  $token = mysql_real_escape_string($token);
32
+  $token = db_escape_string($token);
34 33
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
35
-  return (mysql_num_rows($result) > 0);
34
+  return ($result->rowCount() > 0);
36 35
 }
37 36
 
38 37
 
... ...
@@ -53,9 +52,9 @@ function create_token($customerno)
53 52
   $customerno = (int) $customerno;
54 53
   expire_tokens();
55 54
   $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
56
-  if (mysql_num_rows($result) > 0)
55
+  if ($result->rowCount() > 0)
57 56
   {
58
-    $res = mysql_fetch_object($result)->token_create;
57
+    $res = $result->fetch(PDO::FETCH_OBJ)->token_create;
59 58
     input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
60 59
     return false;
61 60
   }
... ...
@@ -70,9 +69,9 @@ function get_customer_token($customerno)
70 69
   $customerno = (int) $customerno;
71 70
   expire_tokens();
72 71
   $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
73
-  if (mysql_num_rows($result) < 1)
72
+  if ($result->rowCount() < 1)
74 73
     system_failure("Kann das Token nicht auslesen!");
75
-  return mysql_fetch_object($result)->token;
74
+  return $result->fetch(PDO::FETCH_OBJ)->token;
76 75
 }
77 76
 
78 77
 
... ...
@@ -14,17 +14,16 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('mail.php');
19 18
 
20 19
 function customer_with_email($email)
21 20
 {
22
-  $email = mysql_real_escape_string($email);
21
+  $email = db_escape_string($email);
23 22
   $result = db_query("SELECT id FROM kundendaten.kunden WHERE email='{$email}' OR email_rechnung='{$email}' OR email_extern='{$email}' LIMIT 1;");
24
-  if (mysql_num_rows($result) == 0)
23
+  if ($result->rowCount() == 0)
25 24
     return NULL;
26 25
   else
27
-    return mysql_fetch_object($result)->id;
26
+    return $result->fetch(PDO::FETCH_OBJ)->id;
28 27
 }
29 28
 
30 29
 
... ...
@@ -38,11 +37,11 @@ function create_customer($data)
38 37
     return NULL;
39 38
   }
40 39
 
41
-  $anrede = mysql_escape_string($data['anrede']);
42
-  $firma = mysql_escape_string($data['firma']);
43
-  $vorname = mysql_escape_string($data['vorname']);
44
-  $nachname = mysql_escape_string($data['nachname']);
45
-  $email = mysql_escape_string($data['email']);
40
+  $anrede = db_escape_string($data['anrede']);
41
+  $firma = db_escape_string($data['firma']);
42
+  $vorname = db_escape_string($data['vorname']);
43
+  $nachname = db_escape_string($data['nachname']);
44
+  $email = db_escape_string($data['email']);
46 45
 
47 46
   logger(LOG_INFO, 'modules/register/include/register', 'register', "Creating new account: {$anrede} / {$firma} / {$vorname} / {$nachname} / {$email}");
48 47
   
... ...
@@ -53,7 +52,7 @@ function create_customer($data)
53 52
 
54 53
   db_query("BEGIN");
55 54
   db_query("INSERT INTO kundendaten.kunden (firma, nachname, vorname, anrede, email, erstellungsdatum,status) VALUES ({$firma}, {$nachname}, {$vorname}, {$anrede}, {$email}, CURDATE(), 3)");
56
-  $customerno = mysql_insert_id();
55
+  $customerno = db_insert_id();
57 56
   db_query("COMMIT");
58 57
   return $customerno;
59 58
 
... ...
@@ -24,7 +24,7 @@ function list_system_users()
24 24
   $result = db_query("SELECT uid,username FROM system.v_useraccounts ORDER BY username");
25 25
   
26 26
   $ret = array();
27
-  while ($item = mysql_fetch_object($result))
27
+  while ($item = $result->fetch(PDO::FETCH_OBJ))
28 28
     array_push($ret, $item);
29 29
   return $ret;
30 30
 }
... ...
@@ -37,7 +37,7 @@ function list_customers()
37 37
   $result = db_query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden");
38 38
   
39 39
   $ret = array();
40
-  while ($item = mysql_fetch_object($result))
40
+  while ($item = $result->fetch(PDO::FETCH_OBJ))
41 41
     array_push($ret, $item);
42 42
   return $ret;
43 43
 }
... ...
@@ -45,7 +45,7 @@ function list_customers()
45 45
 
46 46
 function find_customers($string) 
47 47
 {
48
-  $string = mysql_real_escape_string(chop($string));
48
+  $string = db_escape_string(chop($string));
49 49
   $return = array();
50 50
   $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
51 51
                      "firma LIKE '%{$string}%' OR firma2 LIKE '%{$string}%' OR ".
... ...
@@ -55,14 +55,14 @@ function find_customers($string)
55 55
                      "notizen LIKE '%{$string}%' OR email_rechnung LIKE '%{$string}%' OR ".
56 56
                      "email LIKE '%{$string}%' OR email_extern LIKE '%{$string}%' OR u.name LIKE '%{$string}%' OR ".
57 57
                      "u.username LIKE '%{$string}%' OR k.id='{$string}' OR u.uid='{$string}';");
58
-  while ($entry = mysql_fetch_assoc($result))
58
+  while ($entry = $result->fetch())
59 59
     $return[] = $entry['id'];
60 60
 
61 61
   $result = db_query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND (
62 62
                       domainname LIKE '%{$string}%' OR CONCAT_WS('.', domainname, tld) LIKE '%{$string}%'
63 63
                       )");
64 64
 
65
-  while ($entry = mysql_fetch_assoc($result))
65
+  while ($entry = $result->fetch())
66 66
     $return[] = $entry['kunde'];
67 67
 
68 68
   return $return;
... ...
@@ -75,7 +75,7 @@ function find_users_for_customer($id)
75 75
   $return = array();
76 76
   $result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE ".
77 77
                      "kunde='{$id}';");
78
-  while ($entry = mysql_fetch_assoc($result))
78
+  while ($entry = $result->fetch())
79 79
     $return[] = $entry;
80 80
 
81 81
   return $return;
... ...
@@ -25,7 +25,7 @@ function list_subusers()
25 25
   $uid = (int) $_SESSION['userinfo']['uid'];
26 26
   $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
27 27
   $subusers = array();
28
-  while ($item = mysql_fetch_assoc($result))
28
+  while ($item = $result->fetch())
29 29
   {
30 30
     $item['modules'] = explode(',', $item['modules']);
31 31
     $subusers[] = $item;
... ...
@@ -40,7 +40,7 @@ function load_subuser($id) {
40 40
   $uid = (int) $_SESSION['userinfo']['uid'];
41 41
   
42 42
   $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
43
-  $item = mysql_fetch_assoc($result);
43
+  $item = $result->fetch();
44 44
   $item['modules'] = explode(',', $item['modules']);
45 45
   return $item;
46 46
 }
... ...
@@ -79,7 +79,7 @@ function new_subuser($username, $requested_modules, $password)
79 79
 {
80 80
   $uid = (int) $_SESSION['userinfo']['uid'];
81 81
 
82
-  $username = mysql_real_escape_string(filter_input_username($username));
82
+  $username = db_escape_string(filter_input_username($username));
83 83
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
84 84
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
85 85
     system_failure("Ungültiger Benutzername!");
... ...
@@ -100,7 +100,7 @@ function new_subuser($username, $requested_modules, $password)
100 100
   if (count($modules) == 0) {
101 101
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
102 102
   }
103
-  $modules = mysql_real_escape_string(implode(',', $modules));
103
+  $modules = db_escape_string(implode(',', $modules));
104 104
   
105 105
   $result = strong_password($password);
106 106
   if ($result !== true) {
... ...
@@ -128,7 +128,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
128 128
     system_failure("Kann diesen Account nicht finden!");
129 129
   }
130 130
 
131
-  $username = mysql_real_escape_string(filter_input_username($username));
131
+  $username = db_escape_string(filter_input_username($username));
132 132
   if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
133 133
     // Username nicht enthalten (FALSE) oder nicht am Anfang (>0)
134 134
     system_failure("Ungültiger Benutzername!");
... ...
@@ -148,7 +148,7 @@ function edit_subuser($id, $username, $requested_modules, $password)
148 148
   if (count($modules) == 0) {
149 149
     system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
150 150
   }
151
-  $modules = mysql_real_escape_string(implode(',', $modules));
151
+  $modules = db_escape_string(implode(',', $modules));
152 152
   
153 153
   $pwchange = '';
154 154
   if ($password) {
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once("inc/debug.php");
18
-require_once("inc/db_connect.php");
19 18
 
20 19
 
21 20
 
... ...
@@ -23,14 +22,14 @@ function customer_may_have_useraccounts()
23 22
 {
24 23
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
25 24
   $result = db_query("SELECT COUNT(*) FROM system.useraccounts WHERE kunde={$customerno}");
26
-  return (mysql_num_rows($result) > 0);
25
+  return ($result->rowCount() > 0);
27 26
 }
28 27
 
29 28
 function customer_useraccount($uid) {
30 29
   $uid = (int) $uid;
31 30
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
32 31
   $result = db_query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1");
33
-  return mysql_num_rows($result) > 0;
32
+  return $result->rowCount() > 0;
34 33
 }
35 34
 
36 35
 function primary_useraccount()
... ...
@@ -39,7 +38,7 @@ function primary_useraccount()
39 38
     return NULL;
40 39
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
41 40
   $result = db_query("SELECT MIN(uid) AS uid FROM system.useraccounts WHERE kunde={$customerno}");
42
-  $uid = mysql_fetch_object($result)->uid;
41
+  $uid = $result->fetch(PDO::FETCH_OBJ)->uid;
43 42
   DEBUG("primary useraccount: {$uid}");
44 43
   return $uid;
45 44
 }
... ...
@@ -49,7 +48,7 @@ function available_shells()
49 48
 {
50 49
   $result = db_query("SELECT path, name FROM system.shells WHERE usable=1");
51 50
   $ret = array();
52
-  while ($s = mysql_fetch_assoc($result))
51
+  while ($s = $result->fetch())
53 52
   {
54 53
     $ret[$s['path']] = $s['name'];
55 54
   }
... ...
@@ -63,7 +62,7 @@ function list_useraccounts()
63 62
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
64 63
   $result = db_query("SELECT uid,username,name,erstellungsdatum,quota,shell FROM system.useraccounts WHERE kunde={$customerno}");
65 64
   $ret = array();
66
-  while ($item = mysql_fetch_assoc($result))
65
+  while ($item = $result->fetch())
67 66
   {
68 67
     array_push($ret, $item);
69 68
   }
... ...
@@ -79,9 +78,9 @@ function get_account_details($uid, $customerno=0)
79 78
   if ($customerno == 0)
80 79
     $customerno = $_SESSION['customerinfo']['customerno'];
81 80
   $result = db_query("SELECT uid,username,name,shell,quota,erstellungsdatum FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid}");
82
-  if (mysql_num_rows($result) == 0)
81
+  if ($result->rowCount() == 0)
83 82
     system_failure("Cannot find the requestes useraccount (for this customer).");
84
-  return mysql_fetch_assoc($result);
83
+  return $result->fetch();
85 84
 }
86 85
 
87 86
 function get_used_quota($uid)
... ...
@@ -89,7 +88,7 @@ function get_used_quota($uid)
89 88
   $uid = (int) $uid;
90 89
   $result = db_query("SELECT s.hostname AS server, systemquota, systemquota_used, mailquota, mailquota_used FROM system.v_quota AS q LEFT JOIN system.servers AS s ON (s.id=q.server) WHERE uid='{$uid}'");
91 90
   $ret = array();
92
-  while ($line = mysql_fetch_assoc($result))
91
+  while ($line = $result->fetch())
93 92
     $ret[] = $line;
94 93
   DEBUG($ret);
95 94
   return $ret;
... ...
@@ -105,8 +104,8 @@ function set_account_details($account)
105 104
   else
106 105
     $customerno = (int) $_SESSION['userinfo']['customerno'];
107 106
 
108
-  $fullname = maybe_null(mysql_real_escape_string(filter_input_general($account['name'])));
109
-  $shell = mysql_real_escape_string(filter_input_general($account['shell']));
107
+  $fullname = maybe_null(db_escape_string(filter_input_general($account['name'])));
108
+  $shell = db_escape_string(filter_input_general($account['shell']));
110 109