diff --git a/admin_domains.php b/admin_domains.php index 5db20584..9e27525c 100644 --- a/admin_domains.php +++ b/admin_domains.php @@ -18,32 +18,30 @@ */ define('AREA', 'admin'); - -/** - * Include our init.php, which manages Sessions, Language etc. - */ - require ("./lib/init.php"); -if(isset($_POST['id'])) -{ +if (isset($_POST['id'])) { $id = intval($_POST['id']); -} -elseif(isset($_GET['id'])) -{ +} elseif(isset($_GET['id'])) { $id = intval($_GET['id']); } -if($page == 'domains' - || $page == 'overview') -{ +if ($page == 'domains' + || $page == 'overview' +) { // Let's see how many customers we have - - $countcustomers = $db->query_first("SELECT COUNT(`customerid`) as `countcustomers` FROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "' ") . ""); + $stmt = Database::prepare(" + SELECT COUNT(`customerid`) as `countcustomers` FROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = :adminid") + ); + $params = array(); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + $countcustomers = Database::pexecute_first($stmt, $params); $countcustomers = (int)$countcustomers['countcustomers']; - if($action == '') - { + if ($action == '') { + $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_domains"); $fields = array( 'd.domain' => $lng['domains']['domainname'], @@ -55,51 +53,64 @@ if($page == 'domains' ); $paging = new paging($userinfo, $db, TABLE_PANEL_DOMAINS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $domains = ''; - $result = $db->query("SELECT `d`.*, `c`.`loginname`, `c`.`name`, `c`.`firstname`, `c`.`company`, `c`.`standardsubdomain`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain` " . "FROM `" . TABLE_PANEL_DOMAINS . "` `d` " . "LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`) " . "LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id` WHERE `d`.`parentdomainid`='0' " . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = '" . (int)$userinfo['adminid'] . "' ") . " " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); - $paging->setEntries($db->num_rows($result)); + $result_stmt = Database::prepare(" + SELECT `d`.*, `c`.`loginname`, `c`.`name`, `c`.`firstname`, `c`.`company`, `c`.`standardsubdomain`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain` + FROM `" . TABLE_PANEL_DOMAINS . "` `d` + LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`) + LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id` + WHERE `d`.`parentdomainid`='0' " . + ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid ") . + " " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() + ); + $params = array(); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + Database::pexecute($result_stmt, $params); + $numrows_domains = Database::num_rows(); + $paging->setEntries($numrows_domains); $sortcode = $paging->getHtmlSortCode($lng); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); $pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s); $domain_array = array(); - while($row = $db->fetch_array($result)) - { + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { + $row['domain'] = $idna_convert->decode($row['domain']); $row['aliasdomain'] = $idna_convert->decode($row['aliasdomain']); - $resultips = $db->query("SELECT `ips`.* FROM `".TABLE_DOMAINTOIP . "` AS `dti`, `".TABLE_PANEL_IPSANDPORTS."` AS `ips` WHERE `dti`.`id_ipandports` = `ips`.`id` AND `dti`.`id_domain` = " . (int)$row['id']); + $resultips_stmt = Database::prepare(" + SELECT `ips`.* FROM `".TABLE_DOMAINTOIP . "` AS `dti`, `".TABLE_PANEL_IPSANDPORTS."` AS `ips` + WHERE `dti`.`id_ipandports` = `ips`.`id` AND `dti`.`id_domain` = :domainid" + ); + Database::pexecute($resultips_stmt, array('domainid' => $row['id'])); $row['ipandport'] = ''; - while ($rowip = $db->fetch_array($resultips)) - { - if(filter_var($rowip['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) - { + while ($rowip = $resultips_stmt->fetch(PDO::FETCH_ASSOC)) { + + if (filter_var($rowip['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $row['ipandport'] .= '[' . $rowip['ip'] . ']:' . $rowip['port'] . "\n"; - } - else - { + } else { $row['ipandport'] .= $rowip['ip'] . ':' . $rowip['port'] . "\n"; } } $row['ipandport'] = substr($row['ipandport'], 0, -1); - if(!isset($domain_array[$row['domain']])) - { + if (!isset($domain_array[$row['domain']])) { $domain_array[$row['domain']] = $row; - } - else - { + } else { $domain_array[$row['domain']] = array_merge($row, $domain_array[$row['domain']]); } - if(isset($row['aliasdomainid']) && $row['aliasdomainid'] != NULL && isset($row['aliasdomain']) && $row['aliasdomain'] != '') - { - if(!isset($domain_array[$row['aliasdomain']])) - { + if (isset($row['aliasdomainid']) + && $row['aliasdomainid'] != null + && isset($row['aliasdomain']) + && $row['aliasdomain'] != '' + ) { + if (!isset($domain_array[$row['aliasdomain']])) { $domain_array[$row['aliasdomain']] = array(); } - $domain_array[$row['aliasdomain']]['domainaliasid'] = $row['id']; $domain_array[$row['aliasdomain']]['domainalias'] = $row['domain']; } @@ -108,24 +119,24 @@ if($page == 'domains' /** * We need ksort/krsort here to make sure idna-domains are also sorted correctly */ - - if($paging->sortfield == 'd.domain' - && $paging->sortorder == 'asc') - { + if ($paging->sortfield == 'd.domain' + && $paging->sortorder == 'asc' + ) { ksort($domain_array); - } - elseif($paging->sortfield == 'd.domain' - && $paging->sortorder == 'desc') - { + } elseif ($paging->sortfield == 'd.domain' + && $paging->sortorder == 'desc' + ) { krsort($domain_array); } $i = 0; $count = 0; - foreach($domain_array as $row) - { - if(isset($row['domain']) && $row['domain'] != '' && $paging->checkDisplay($i)) - { + foreach ($domain_array as $row) { + + if (isset($row['domain']) + && $row['domain'] != '' + && $paging->checkDisplay($i) + ) { $row['customername'] = getCorrectFullUserDetails($row); $row = htmlentities_array($row); // display a nice list of IP's @@ -133,72 +144,119 @@ if($page == 'domains' eval("\$domains.=\"" . getTemplate("domains/domains_domain") . "\";"); $count++; } - $i++; } - $domainscount = $db->num_rows($result); + $domainscount = $numrows_domains; // Display the list - eval("echo \"" . getTemplate("domains/domains") . "\";"); - } - elseif($action == 'delete' - && $id != 0) - { - $result = $db->query_first("SELECT `d`.`id`, `d`.`domain`, `d`.`customerid`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`zonefile` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`id`='" . (int)$id . "' AND `d`.`id` <> `c`.`standardsubdomain`" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = '" . (int)$userinfo['adminid'] . "' ")); - $alias_check = $db->query_first('SELECT COUNT(`id`) AS `count` FROM `' . TABLE_PANEL_DOMAINS . '` WHERE `aliasdomain`=\'' . (int)$id . '\''); + } elseif($action == 'delete' + && $id != 0 + ) { - if($result['domain'] != '' + $result_stmt = Database::prepare(" + SELECT `d`.* FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`id` = :id AND `d`.`id` <> `c`.`standardsubdomain`" . + ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid") + ); + $params = array('id' => $id); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + $result = Database::pexecute_first($result_stmt, $params); + + $alias_check_stmt = Database::prepare(" + SELECT COUNT(`id`) AS `count` FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `aliasdomain`= :id" + ); + $alias_check = Database::pexecute_first($alias_check_stmt, array('id' => $id)); + + if ($result['domain'] != '' && $alias_check['count'] == 0 ) { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - /* - * check for APS packages used with this domain, #110 - */ - if(domainHasApsInstances($id)) - { + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + //check for APS packages used with this domain, #110 + if (domainHasApsInstances($id)) { standard_error('domains_cantdeletedomainwithapsinstances'); } // check for deletion of main-domains which are logically subdomains, #329 $rsd_sql = ''; $remove_subbutmain_domains = isset($_POST['delete_userfiles']) ? 1 : 0; - if($remove_subbutmain_domains == 1) - { - $rsd_sql .= ' OR `ismainbutsubto` = "'.(int)$id.'"'; + if ($remove_subbutmain_domains == 1) { + $rsd_sql .= " OR `ismainbutsubto` = :id"; } - $query = 'SELECT `id` FROM `' . TABLE_PANEL_DOMAINS . '` WHERE (`id`="' . (int)$id . '" OR `parentdomainid`="' . (int)$id . '"'.$rsd_sql.') AND `isemaildomain`="1"'; - $subResult = $db->query($query); + $subresult_stmt = Database::prepare(" + SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE (`id` = :id OR `parentdomainid` = :id ".$rsd_sql.") AND `isemaildomain` = '1'" + ); + $subResult = Database::pexecute($subresult_stmt, array('id' => $id)); $idString = array(); - - while($subRow = $db->fetch_array($subResult)) - { - $idString[] = '`domainid` = "' . (int)$subRow['id'] . '"'; + $paramString = array(); + while ($subRow = $subresult_stmt->fetch(PDO::FETCH_ASSOC)) { + $idString[] = "`domainid` = :domain_" . (int)$subRow['id']; + $paramString['domain_'.$subRow['id']] = $subRow['id']; } $idString = implode(' OR ', $idString); - if($idString != '') - { - $query = 'DELETE FROM `' . TABLE_MAIL_USERS . '` WHERE ' . $idString; - $db->query($query); - $query = 'DELETE FROM `' . TABLE_MAIL_VIRTUAL . '` WHERE ' . $idString; - $db->query($query); + if ($idString != '') { + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE " . $idString + ); + Database::pexecute($del_stmt, $paramString); + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE " . $idString + ); + Database::pexecute($del_stmt, $paramString); $log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain/s from mail-tables"); } - $db->query("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `id`='" . (int)$id . "' OR `parentdomainid`='" . (int)$result['id'] . "'".$rsd_sql); - $deleted_domains = (int)$db->affected_rows(); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `subdomains_used` = `subdomains_used` - " . (int)($deleted_domains - 1) . " WHERE `customerid` = '" . (int)$result['customerid'] . "'"); - $db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` - 1 WHERE `adminid` = '" . (int)$userinfo['adminid'] . "'"); - $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `standardsubdomain`=\'0\' WHERE `standardsubdomain`=\'' . (int)$result['id'] . '\' AND `customerid`=\'' . (int)$result['customerid'] . '\''); - $db->query("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = '" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_PANEL_DOMAINREDIRECTS . "` WHERE `did` = '".(int)$id."'"); + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `id` = :id OR `parentdomainid` = :id ".$rsd_sql + ); + Database::pexecute($del_stmt, array('id' => $id)); + $deleted_domains = Database::rowCount(); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `subdomains_used` = `subdomains_used` - :domaincount + WHERE `customerid` = :customerid" + ); + Database::pexecute($upd_stmt, array('domaincount' => ($deleted_domains -1), 'customerid' => $result['customerid'])); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_ADMINS . "` SET + `domains_used` = `domains_used` - 1 + WHERE `adminid` = :adminid" + ); + Database::pexecute($upd_stmt, array('adminid' => $userinfo['admind'])); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `standardsubdomain` = '0' + WHERE `standardsubdomain` = :id AND `customerid` = :customerid" + ); + Database::pexecute($upd_stmt, array('id' => $result['id'], 'customerid' => $result['customerid'])); + + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_DOMAINTOIP . "` + WHERE `id_domain` = :domaind" + ); + Database::pexecute($del_stmt, array('domainid' => $id)); + + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_DOMAINREDIRECTS . "` + WHERE `did` = :domainid" + ); + Database::pexecute($del_stmt, array('domainid' => $id)); + $log->logAction(ADM_ACTION, LOG_INFO, "deleted domain/subdomains (#" . $result['id'] . ")"); updateCounters(); inserttask('1'); @@ -206,79 +264,94 @@ if($page == 'domains' // Using nameserver, insert a task which rebuilds the server config inserttask('4'); - redirectTo($filename, Array('page' => $page, 's' => $s)); - } - elseif ($alias_check['count'] > 0) { + redirectTo($filename, array('page' => $page, 's' => $s)); + + } elseif ($alias_check['count'] > 0) { standard_error('domains_cantdeletedomainwithaliases'); - } - else - { + + } else { + $showcheck = false; - if(domainHasMainSubDomains($id)) - { + if (domainHasMainSubDomains($id)) { $showcheck = true; } ask_yesno_withcheckbox('admin_domain_reallydelete', 'remove_subbutmain_domains', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $idna_convert->decode($result['domain']), $showcheck); } } - } - elseif($action == 'add') - { - if($userinfo['domains_used'] < $userinfo['domains'] - || $userinfo['domains'] == '-1') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - if($_POST['domain'] == $settings['system']['hostname']) - { + + } elseif($action == 'add') { + + if ($userinfo['domains_used'] < $userinfo['domains'] + || $userinfo['domains'] == '-1' + ) { + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + + if ($_POST['domain'] == $settings['system']['hostname']) { standard_error('admin_domain_emailsystemhostname'); exit; } - $domain = $idna_convert->encode(preg_replace(Array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['domain'], 'domain'))); + $domain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['domain'], 'domain'))); $subcanemaildomain = intval($_POST['subcanemaildomain']); $isemaildomain = 0; - if(isset($_POST['isemaildomain'])) - $isemaildomain = intval($_POST['isemaildomain']); + if (isset($_POST['isemaildomain'])) { + $isemaildomain = intval($_POST['isemaildomain']); + } $email_only = 0; - if(isset($_POST['email_only'])) + if (isset($_POST['email_only'])) { $email_only = intval($_POST['email_only']); + } $serveraliasoption = 0; - if(isset($_POST['selectserveralias'])) + if (isset($_POST['selectserveralias'])) { $serveraliasoption = intval($_POST['selectserveralias']); + } $speciallogfile = 0; - if(isset($_POST['speciallogfile'])) + if (isset($_POST['speciallogfile'])) { $speciallogfile = intval($_POST['speciallogfile']); + } $aliasdomain = intval($_POST['alias']); $issubof = intval($_POST['issubof']); $customerid = intval($_POST['customerid']); - $customer = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$customerid . "' " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' ") . " "); + $customer_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid` = :customerid " . + ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") + ); + $params = array('customerid' => $customerid); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + $customer = Database::pexecute_first($customer_stmt, $params); - if(empty($customer) - || $customer['customerid'] != $customerid) - { + if (empty($customer) + || $customer['customerid'] != $customerid + ) { standard_error('customerdoesntexist'); } - if($userinfo['customers_see_all'] == '1') - { - $adminid = intval($_POST['adminid']); - $admin = $db->query_first("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$adminid . "' AND ( `domains_used` < `domains` OR `domains` = '-1' )"); + if ($userinfo['customers_see_all'] == '1') { - if(empty($admin) - || $admin['adminid'] != $adminid) - { + $adminid = intval($_POST['adminid']); + $admin_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_ADMINS . "` + WHERE `adminid` = :adminid AND (`domains_used` < `domains` OR `domains` = '-1')" + ); + $admin = Database::pexecute_first($admin_stmt, array('adminid' => $adminid)); + + if (empty($admin) + || $admin['adminid'] != $adminid + ) { standard_error('admindoesntexist'); } - } - else - { + + } else { $adminid = $userinfo['adminid']; $admin = $userinfo; } @@ -287,8 +360,8 @@ if($page == 'domains' $registration_date = trim($_POST['registration_date']); $registration_date = validate($registration_date, 'registration_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array('0000-00-00', '0', '')); - if($userinfo['change_serversettings'] == '1') - { + if ($userinfo['change_serversettings'] == '1') { + $caneditdomain = isset($_POST['caneditdomain']) ? intval($_POST['caneditdomain']) : 0; $isbinddomain = '0'; @@ -300,12 +373,9 @@ if($page == 'domains' $zonefile = validate($_POST['zonefile'], 'zonefile'); } - if(isset($_POST['dkim'])) - { + if (isset($_POST['dkim'])) { $dkim = intval($_POST['dkim']); - } - else - { + } else { $dkim = '1'; } @@ -314,28 +384,24 @@ if($page == 'domains' // If path is empty and 'Use domain name as default value for DocumentRoot path' is enabled in settings, // set default path to subdomain or domain name - if(isset($_POST['documentroot']) - && ($_POST['documentroot'] != '')) - { - if(substr($_POST['documentroot'], 0, 1) != '/' - && !preg_match('/^https?\:\/\//', $_POST['documentroot'])) - { + if (isset($_POST['documentroot']) + && $_POST['documentroot'] != '' + ) { + if (substr($_POST['documentroot'], 0, 1) != '/' + && !preg_match('/^https?\:\/\//', $_POST['documentroot']) + ) { $documentroot.= '/' . $_POST['documentroot']; - } - else - { + } else { $documentroot = $_POST['documentroot']; } - } - elseif (isset($_POST['documentroot']) + } elseif (isset($_POST['documentroot']) && ($_POST['documentroot'] == '') - && ($settings['system']['documentroot_use_default_value'] == 1)) - { + && ($settings['system']['documentroot_use_default_value'] == 1) + ) { $documentroot = makeCorrectDir($customer['documentroot'] . '/' . $domain); } - } - else - { + + } else { $isbinddomain = '0'; if ($settings['system']['bind_enable'] == '1') { $isbinddomain = '1'; @@ -346,33 +412,39 @@ if($page == 'domains' $specialsettings = ''; } - if($userinfo['caneditphpsettings'] == '1' - || $userinfo['change_serversettings'] == '1') - { + if ($userinfo['caneditphpsettings'] == '1' + || $userinfo['change_serversettings'] == '1' + ) { + $openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0; - if((int)$settings['system']['mod_fcgid'] == 1 || (int)$settings['phpfpm']['enabled'] == 1) - { + if ((int)$settings['system']['mod_fcgid'] == 1 + || (int)$settings['phpfpm']['enabled'] == 1 + ) { $phpsettingid = (int)$_POST['phpsettingid']; - $phpsettingid_check = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$phpsettingid); + $phpsettingid_check_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` + WHERE `id` = :phpsettingid" + ); + $phpsettingid_check = Database::pexecute_first($phpsettingid_check_stmt, array('phpsettingid' => $phpsettingid)); - if(!isset($phpsettingid_check['id']) - || $phpsettingid_check['id'] == '0' - || $phpsettingid_check['id'] != $phpsettingid) - { + if (!isset($phpsettingid_check['id']) + || $phpsettingid_check['id'] == '0' + || $phpsettingid_check['id'] != $phpsettingid + ) { standard_error('phpsettingidwrong'); } - if( (int)$settings['system']['mod_fcgid'] == 1) { + if ((int)$settings['system']['mod_fcgid'] == 1) { $mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', '')); $mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', '')); } else { $mod_fcgid_starter = '-1'; $mod_fcgid_maxrequests = '-1'; } - } - else - { + + } else { + if ((int)$settings['phpfpm']['enabled'] == 1) { $phpsettingid = $settings['phpfpm']['defaultini']; } else { @@ -381,9 +453,9 @@ if($page == 'domains' $mod_fcgid_starter = '-1'; $mod_fcgid_maxrequests = '-1'; } - } - else - { + + } else { + $openbasedir = '1'; if ((int)$settings['phpfpm']['enabled'] == 1) { $phpsettingid = $settings['phpfpm']['defaultini']; @@ -394,14 +466,17 @@ if($page == 'domains' $mod_fcgid_maxrequests = '-1'; } - if($userinfo['ip'] != "-1") - { - $admin_ip = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id`='" . (int)$userinfo['ip'] . "' ORDER BY `ip`, `port` ASC"); - $additional_ip_condition = ' AND `ip` = \'' . $admin_ip['ip'] . '\' '; - } - else - { + if ($userinfo['ip'] != "-1") { + $admin_ip_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` + WHERE `id` = :ip ORDER BY `ip`, `port` ASC" + ); + $admin_ip = Database::pexecute_first($admin_ip_stmt, array('id' => $userinfo['ip'])); + $additional_ip_condition = " AND `ip` = '" . $admin_ip['ip'] . "' "; + $aip_param = array('adminip' => $admin_ip['ip']); + } else { $additional_ip_condition = ''; + $aip_param = array(); } $ipandports = array(); @@ -412,8 +487,15 @@ if($page == 'domains' if (isset($_POST['ipandport']) && is_array($_POST['ipandport'])) { foreach($_POST['ipandport'] as $ipandport) { $ipandport = intval($ipandport); - $ipandport_check = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = '" . $db->escape($ipandport) . "' " . $additional_ip_condition); - if(!isset($ipandport_check['id']) + $ipandport_check_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` + WHERE `id` = :id " . $additional_ip_condition + ); + $ip_params = null; + $ip_params = array_merge(array('id' => $ipandport), $aip_param); + $ipandport_check = Database::pexecute_first($ipandport_check_stmt, $ip_params); + + if (!isset($ipandport_check['id']) || $ipandport_check['id'] == '0' || $ipandport_check['id'] != $ipandport ) { @@ -444,7 +526,14 @@ if($page == 'domains' // fix if no ssl-ip/port is checked if (trim($ssl_ipandport) < 1) continue; $ssl_ipandport = intval($ssl_ipandport); - $ssl_ipandport_check = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = '" . $db->escape($ssl_ipandport) . "' " . $additional_ip_condition); + $ssl_ipandport_check_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` + WHERE `id` = :id " . $additional_ip_condition + ); + $ip_params = null; + $ip_params = array_merge(array('id' => $ssl_ipandport), $aip_param); + $ssl_ipandport_check = Database::pexecute_first($ssl_ipandport_check_stmt, $ip_params); + if (!isset($ssl_ipandport_check['id']) || $ssl_ipandport_check['id'] == '0' || $ssl_ipandport_check['id'] != $ssl_ipandport @@ -466,22 +555,20 @@ if($page == 'domains' $ssl_ipandports[] = -1; } - if(!preg_match('/^https?\:\/\//', $documentroot)) - { - if(strstr($documentroot, ":") !== FALSE) - { + if (!preg_match('/^https?\:\/\//', $documentroot)) { + if (strstr($documentroot, ":") !== false) { standard_error('pathmaynotcontaincolon'); - } - else - { + } else { $documentroot = makeCorrectDir($documentroot); } } - $domain_check = $db->query_first("SELECT `id`, `domain` - FROM `" . TABLE_PANEL_DOMAINS . "` - WHERE `domain` = '" . $db->escape(strtolower($domain)) . "'" + $domain_check_stmt = Database::prepare(" + SELECT `id`, `domain` FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `domain` = :domain" ); + $domain_check = Database::pexecute_first($domain_check_stmt, array('domain' => strtolower($domain))); + $aliasdomain_check = array( 'id' => 0 ); @@ -489,64 +576,61 @@ if($page == 'domains' if ($aliasdomain != 0) { // Overwrite given ipandports with these of the "main" domain $ipandports = array(); - $origipresult = $db->query("SELECT `id_ipandports` - FROM `" . TABLE_DOMAINTOIP ."` - WHERE `id_domain` = '" . (int)$aliasdomain . "'" + $origipresult_stmt = Database::prepare(" + SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP ."` + WHERE `id_domain` = :id" ); - while ($origip = $db->fetch_array($origipresult)) { + Database::pexecute($origipresult_stmt, array('id' => $aliasdomain)); + + while ($origip = $origipresult_stmt->fetch(PDO::FETCH_ASSOC)) { $ipandports[] = $origip['id_ipandports']; } - $aliasdomain_check = $db->query_first("SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` - WHERE `d`.`customerid`='" . (int)$customerid . "' - AND `d`.`aliasdomain` IS NULL AND - `d`.`id` <> `c`.`standardsubdomain` - AND `c`.`customerid`='" . (int)$customerid . "' - AND `d`.`id`='" . (int)$aliasdomain . "'"); + + $aliasdomain_check_stmt = Database::prepare(" + SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`customerid` = :customerid + AND `d`.`aliasdomain` IS NULL AND `d`.`id` <> `c`.`standardsubdomain` + AND `c`.`customerid` = :customerid + AND `d`.`id` = :aliasdomainid" + ); + $alias_params = array('customerid' => $customerid, 'aliasdomainid' => $aliasdomain); + $aliasdomain_check = Database::pexecute_first($aliasdomain_check_stmt, $alias_params); } - if(count($ipandports) == 0) - { + if (count($ipandports) == 0) { standard_error('noipportgiven'); } - if($openbasedir != '1') - { + if ($openbasedir != '1') { $openbasedir = '0'; } - if($speciallogfile != '1') - { + if ($speciallogfile != '1') { $speciallogfile = '0'; } - if($isbinddomain != '1') - { + if ($isbinddomain != '1') { $isbinddomain = '0'; } - if($isemaildomain != '1') - { + if ($isemaildomain != '1') { $isemaildomain = '0'; } - if($email_only == '1') - { + if ($email_only == '1') { $isemaildomain = '1'; - } - else - { + } else { $email_only = '0'; } - if($subcanemaildomain != '1' - && $subcanemaildomain != '2' - && $subcanemaildomain != '3') - { + if ($subcanemaildomain != '1' + && $subcanemaildomain != '2' + && $subcanemaildomain != '3' + ) { $subcanemaildomain = '0'; } - if($dkim != '1') - { + if ($dkim != '1') { $dkim = '0'; } @@ -554,43 +638,29 @@ if($page == 'domains' $serveraliasoption = '0'; } - if($caneditdomain != '1') - { + if ($caneditdomain != '1') { $caneditdomain = '0'; } - if($issubof <= '0') - { + if ($issubof <= '0') { $issubof = '0'; } - if($domain == '') - { + if ($domain == '') { standard_error(array('stringisempty', 'mydomain')); } - /* Check whether domain validation is enabled and if, validate the domain */ - elseif($settings['system']['validate_domain'] && !validateDomain($domain)) - { + // Check whether domain validation is enabled and if, validate the domain + elseif ($settings['system']['validate_domain'] && !validateDomain($domain)) { standard_error(array('stringiswrong', 'mydomain')); - } - elseif($documentroot == '') - { + } elseif($documentroot == '') { standard_error(array('stringisempty', 'mydocumentroot')); - } - elseif($customerid == 0) - { + } elseif($customerid == 0) { standard_error('adduserfirst'); - } - elseif(strtolower($domain_check['domain']) == strtolower($domain)) - { + } elseif(strtolower($domain_check['domain']) == strtolower($domain)) { standard_error('domainalreadyexists', $idna_convert->decode($domain)); - } - elseif($aliasdomain_check['id'] != $aliasdomain) - { + } elseif($aliasdomain_check['id'] != $aliasdomain) { standard_error('domainisaliasorothercustomer'); - } - else - { + } else { $params = array( 'page' => $page, 'action' => $action, @@ -625,15 +695,13 @@ if($page == 'domains' 'reallydocrootoutofcustomerroot' => (substr($documentroot, 0, strlen($customer['documentroot'])) != $customer['documentroot'] && !preg_match('/^https?\:\/\//', $documentroot)) ); $question_nr = 1; - foreach($security_questions as $question_name => $question_launch) - { - if($question_launch !== false) - { + foreach ($security_questions as $question_name => $question_launch) { + if ($question_launch !== false) { $params[$question_name] = $question_name; - if(!isset($_POST[$question_name]) - || $_POST[$question_name] != $question_name) - { + if (!isset($_POST[$question_name]) + || $_POST[$question_name] != $question_name + ) { ask_yesno('admin_domain_' . $question_name, $filename, $params, $question_nr); exit; } @@ -644,46 +712,94 @@ if($page == 'domains' $wwwserveralias = ($serveraliasoption == '1') ? '1' : '0'; $iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0'; - $db->query("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET - `domain` = '" . $db->escape($domain) . "', - `customerid` = '" . (int)$customerid . "', - `adminid` = '" . (int)$adminid . "', - `documentroot` = '" . $db->escape($documentroot) . "', - `aliasdomain` = " . (($aliasdomain != 0) ? '\'' . $db->escape($aliasdomain) . '\'' : 'NULL') . ", - `zonefile` = '" . $db->escape($zonefile) . "', - `dkim` = '" . $db->escape($dkim) . "', - `wwwserveralias` = '" . $db->escape($wwwserveralias) . "', - `iswildcarddomain` = '" . $db->escape($iswildcarddomain) . "', - `isbinddomain` = '" . $db->escape($isbinddomain) . "', - `isemaildomain` = '" . $db->escape($isemaildomain) . "', - `email_only` = '" . $db->escape($email_only) . "', - `subcanemaildomain` = '" . $db->escape($subcanemaildomain) . "', - `caneditdomain` = '" . $db->escape($caneditdomain) . "', - `openbasedir` = '" . $db->escape($openbasedir) . "', - `speciallogfile` = '" . $db->escape($speciallogfile) . "', - `specialsettings` = '" . $db->escape($specialsettings) . "', - `ssl_redirect` = '" . $ssl_redirect . "', - `add_date` = '" . $db->escape(time()) . "', - `registration_date` = '" . $db->escape($registration_date) . "', - `phpsettingid` = '" . (int)$phpsettingid . "', - `mod_fcgid_starter` = '" . (int)$mod_fcgid_starter . "', - `mod_fcgid_maxrequests` = '" . (int)$mod_fcgid_maxrequests . "', - `ismainbutsubto` = '".(int)$issubof."' + $ins_data = array( + 'domain' => $domain, + 'customerid' => $customerid, + 'adminid' => $adminid, + 'documentroot' => $documentroot, + 'aliasdomain' => ($aliasdomain != 0 ? $aliasdomain : null), + 'zonefile' => $zonefile, + 'dkim' => $dkim, + 'wwwserveralias' => $wwwserveralias, + 'iswildcarddomain' => $iswildcarddomain, + 'isbinddomain' => $isbinddomain, + 'isemaildomain' => $isemaildomain, + 'email_only' => $email_only, + 'subcanemaildomain' => $subcanemaildomain, + 'caneditdomain' => $caneditdomain, + 'openbasedir' => $openbasedir, + 'speciallogfile' => $speciallogfile, + 'specialsettings' => $specialsettings, + 'ssl_redirect' => $ssl_redirect, + 'add_date' => time(), + 'registration_date' => $registration_date, + 'phpsettingid' => $phpsettingid, + 'mod_fcgid_starter' => $mod_fcgid_starter, + 'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests, + 'ismainbutsubto' => $issubof + ); + + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET + `domain` = :domain, + `customerid` = :customerid, + `adminid` = :adminid, + `documentroot` = :documentroot, + `aliasdomain` = :aliasdomain, + `zonefile` = :zonefile, + `dkim` = :dkim, + `wwwserveralias` = :wwwserveralias, + `iswildcarddomain` = :iswildcarddomain, + `isbinddomain` = :isbinddomain, + `isemaildomain` = :isemaildomain, + `email_only` = :email_only, + `subcanemaildomain` = :subcanemaildomain, + `caneditdomain` = :caneditdomain, + `openbasedir` = :openbasedir, + `speciallogfile` = :speciallogfile, + `specialsettings` = :specialsettings, + `ssl_redirect` = :ssl_redirect, + `add_date` = :add_date, + `registration_date` = .registration_date, + `phpsettingid` = :phpsettingid, + `mod_fcgid_starter` = :mod_fcgid_starter, + `mod_fcgid_maxrequests` = .mod_fcgid_maxrequests, + `ismainbutsubto` = :ismainbutsubto "); - $domainid = $db->insert_id(); - $db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1 WHERE `adminid` = '" . (int)$adminid . "'"); + Database::pexecute($ins_stmt, $ins_data); + $domainid = Database::lastInsertId(); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1 + WHERE `adminid` = :adminid" + ); + Database::pexecute($upd_stmt, array('adminid' => $adminid)); + foreach ($ipandports as $ipportid) { - $db->query("INSERT INTO `" . TABLE_DOMAINTOIP . "` SET - `id_domain` = '" . $domainid . "', - `id_ipandports` = '" . (int)$ipportid . "'; + $ins_data = array( + 'domainid' => $domainid, + 'ipandportsid' => $ipportid + ); + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_DOMAINTOIP . "` SET + `id_domain` = :domainid, + `id_ipandports` = :ipandportsid "); + Database::pexecute($ins_stmt, $ins_data); } + foreach ($ssl_ipandports as $ssl_ipportid) { if ($ssl_ipportid > 0) { - $db->query("INSERT INTO `" . TABLE_DOMAINTOIP . "` SET - `id_domain` = '" . $domainid . "', - `id_ipandports` = '" . (int)$ssl_ipportid . "'; + $ins_data = array( + 'domainid' => $domainid, + 'ipandportsid' => $ssl_ipportid + ); + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_DOMAINTOIP . "` SET + `id_domain` = :domainid, + `id_ipandports` = :ipandportsid "); + Database::pexecute($ins_stmt, $ins_data); } } $log->logAction(ADM_ACTION, LOG_INFO, "added domain '" . $domain . "'"); @@ -692,49 +808,71 @@ if($page == 'domains' // Using nameserver, insert a task which rebuilds the server config inserttask('4'); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } - } - else - { - $customers = makeoption($lng['panel']['please_choose'], 0, 0, true); - $result_customers = $db->query("SELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "' ") . " ORDER BY `name` ASC"); - while($row_customer = $db->fetch_array($result_customers)) - { + } else { + + $customers = makeoption($lng['panel']['please_choose'], 0, 0, true); + $result_customers_stmt = Database::prepare(" + SELECT `customerid`, `loginname`, `name`, `firstname`, `company` + FROM `" . TABLE_PANEL_CUSTOMERS . "` " . + ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "' ") . + " ORDER BY `name` ASC" + ); + $params = array(); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + Database::pexecute($result_customers_stmt, $params); + + while ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) { $customers.= makeoption(getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')', $row_customer['customerid']); } $admins = ''; + if ($userinfo['customers_see_all'] == '1') { - if($userinfo['customers_see_all'] == '1') - { - $result_admins = $db->query("SELECT `adminid`, `loginname`, `name` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `domains_used` < `domains` OR `domains` = '-1' ORDER BY `name` ASC"); + $result_admins_stmt = Database::query(" + SELECT `adminid`, `loginname`, `name` + FROM `" . TABLE_PANEL_ADMINS . "` + WHERE `domains_used` < `domains` OR `domains` = '-1' ORDER BY `name` ASC" + ); - while($row_admin = $db->fetch_array($result_admins)) - { + while ($row_admin = $result_admins_stmt->fetch(PDO::FETCH_ASSOC)) { $admins.= makeoption(getCorrectFullUserDetails($row_admin) . ' (' . $row_admin['loginname'] . ')', $row_admin['adminid'], $userinfo['adminid']); } } - if($userinfo['ip'] == "-1") - { - $result_ipsandports = $db->query("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' ORDER BY `ip`, `port` ASC"); - $result_ssl_ipsandports = $db->query("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1' ORDER BY `ip`, `port` ASC"); - } - else - { - $admin_ip = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id`='" . (int)$userinfo['ip'] . "' ORDER BY `ip`, `port` ASC"); - $result_ipsandports = $db->query("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' AND `ip`='" . $admin_ip['ip'] . "' ORDER BY `ip`, `port` ASC"); - $result_ssl_ipsandports = $db->query("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1' AND `ip`='" . $admin_ip['ip'] . "' ORDER BY `ip`, `port` ASC"); + if ($userinfo['ip'] == "-1") { + $result_ipsandports_stmt = Database::query(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' ORDER BY `ip`, `port` ASC + "); + $result_ssl_ipsandports_stmt = Database::query(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1' ORDER BY `ip`, `port` ASC + "); + } else { + $admin_ip_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :ipid ORDER BY `ip`, `port` ASC + "); + $admin_ip = Database::pexecute_first($admin_ip_stmt, array('ipid' => $userinfo['ip'])); + + $result_ipsandports_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' AND `ip` = :ipid ORDER BY `ip`, `port` ASC + "); + Database::pexecute($result_ipsandports_stmt, array('ipid' => $admin_ip['ip'])); + + $result_ssl_ipsandports_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1' AND `ip` = :ipid ORDER BY `ip`, `port` ASC + "); + Database::pexecute($result_ssl_ipsandports_stmt, array('ipid' => $admin_ip['ip'])); } // Build array holding all IPs and Ports available to this admin $ipsandports = array(); - while($row_ipandport = $db->fetch_array($result_ipsandports)) - { - if(filter_var($row_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) - { + while ($row_ipandport = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) { + + if (filter_var($row_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $row_ipandport['ip'] = '[' . $row_ipandport['ip'] . ']'; } @@ -742,10 +880,9 @@ if($page == 'domains' } $ssl_ipsandports = array(); - while($row_ssl_ipandport = $db->fetch_array($result_ssl_ipsandports)) - { - if(filter_var($row_ssl_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) - { + while ($row_ssl_ipandport = $result_ssl_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) { + + if (filter_var($row_ssl_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $row_ssl_ipandport['ip'] = '[' . $row_ssl_ipandport['ip'] . ']'; } @@ -753,43 +890,55 @@ if($page == 'domains' } $standardsubdomains = array(); - $result_standardsubdomains = $db->query('SELECT `id` FROM `' . TABLE_PANEL_DOMAINS . '` `d`, `' . TABLE_PANEL_CUSTOMERS . '` `c` WHERE `d`.`id`=`c`.`standardsubdomain`'); + $result_standardsubdomains_stmt = Database::query(" + SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`id` = `c`.`standardsubdomain` + "); - while($row_standardsubdomain = $db->fetch_array($result_standardsubdomains)) - { - $standardsubdomains[] = $db->escape($row_standardsubdomain['id']); + while ($row_standardsubdomain = $result_standardsubdomains_stmt->fetch(PDO::FETCH_ASSOC)) { + $standardsubdomains[] = $row_standardsubdomain['id']; } - if(count($standardsubdomains) > 0) - { - $standardsubdomains = 'AND `d`.`id` NOT IN (' . join(',', $standardsubdomains) . ') '; - } - else - { + if (count($standardsubdomains) > 0) { + $standardsubdomains = " AND `d`.`id` NOT IN (" . join(',', $standardsubdomains) . ") "; + } else { $standardsubdomains = ''; } $domains = makeoption($lng['domains']['noaliasdomain'], 0, NULL, true); - $result_domains = $db->query("SELECT `d`.`id`, `d`.`domain`, `c`.`loginname` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid`=0 " . $standardsubdomains . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = '" . (int)$userinfo['adminid'] . "'") . " AND `d`.`customerid`=`c`.`customerid` ORDER BY `loginname`, `domain` ASC"); + $result_domains_stmt = Database::prepare(" + SELECT `d`.`id`, `d`.`domain`, `c`.`loginname` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid` = 0" . $standardsubdomains . + ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid") . " + AND `d`.`customerid`=`c`.`customerid` ORDER BY `loginname`, `domain` ASC + "); + $params = array(); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + Database::pexecute($result_domains_stmt, $params); - while($row_domain = $db->fetch_array($result_domains)) - { + while ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) { $domains.= makeoption($idna_convert->decode($row_domain['domain']) . ' (' . $row_domain['loginname'] . ')', $row_domain['id']); } $subtodomains = makeoption($lng['domains']['nosubtomaindomain'], 0, NULL, true); - $result_domains = $db->query("SELECT `d`.`id`, `d`.`domain`, `c`.`loginname` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid`=0 AND `d`.`ismainbutsubto`=0 " . $standardsubdomains . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = '" . (int)$userinfo['adminid'] . "'") . " AND `d`.`customerid`=`c`.`customerid` ORDER BY `loginname`, `domain` ASC"); + $result_domains_stmt = Database::prepare(" + SELECT `d`.`id`, `d`.`domain`, `c`.`loginname` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid` = 0 AND `d`.`ismainbutsubto` = 0 " . $standardsubdomains . + ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid") . " + AND `d`.`customerid`=`c`.`customerid` ORDER BY `loginname`, `domain` ASC + "); + // params from above still valid + Database::pexecute($result_domains_stmt, $params); - while($row_domain = $db->fetch_array($result_domains)) - { + while ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) { $subtodomains.= makeoption($idna_convert->decode($row_domain['domain']) . ' (' . $row_domain['loginname'] . ')', $row_domain['id']); } $phpconfigs = ''; - $configs = $db->query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`"); + $configs = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`"); - while($row = $db->fetch_array($configs)) - { + while ($row = $configs->fetch(PDO::FETCH_ASSOC)) { if ((int)$settings['phpfpm']['enabled'] == 1) { $phpconfigs.= makeoption($row['description'], $row['id'], $settings['phpfpm']['defaultini'], true, true); } else { @@ -803,7 +952,11 @@ if($page == 'domains' $serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_www'], '1', '0', true, true); $serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_none'], '2', '0', true, true); - $subcanemaildomain = makeoption($lng['admin']['subcanemaildomain']['never'], '0', '0', true, true) . makeoption($lng['admin']['subcanemaildomain']['choosableno'], '1', '0', true, true) . makeoption($lng['admin']['subcanemaildomain']['choosableyes'], '2', '0', true, true) . makeoption($lng['admin']['subcanemaildomain']['always'], '3', '0', true, true); + $subcanemaildomain = makeoption($lng['admin']['subcanemaildomain']['never'], '0', '0', true, true); + $subcanemaildomain.= makeoption($lng['admin']['subcanemaildomain']['choosableno'], '1', '0', true, true); + $subcanemaildomain.= makeoption($lng['admin']['subcanemaildomain']['choosableyes'], '2', '0', true, true); + $subcanemaildomain.= makeoption($lng['admin']['subcanemaildomain']['always'], '3', '0', true, true); + $add_date = date('Y-m-d'); $domain_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/domains/formfield.domains_add.php'; @@ -815,94 +968,146 @@ if($page == 'domains' eval("echo \"" . getTemplate("domains/domains_add") . "\";"); } } - } - elseif($action == 'edit' - && $id != 0) - { - $result = $db->query_first("SELECT `d`.*, `c`.`customerid` FROM `" . TABLE_PANEL_DOMAINS . "` `d` - LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`) - WHERE `d`.`parentdomainid`='0' - AND `d`.`id`='" . (int)$id . "'" - . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = '" . (int)$userinfo['adminid'] . "' ")); - if($result['domain'] != '') - { - $subdomains = $db->query_first('SELECT COUNT(`id`) AS count FROM `' . TABLE_PANEL_DOMAINS . '` WHERE `parentdomainid`=\'' . (int)$result['id'] . '\''); + } elseif($action == 'edit' + && $id != 0 + ) { + + $result_stmt = Database::prepare(" + SELECT `d`.*, `c`.`customerid` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`) + WHERE `d`.`parentdomainid` = '0' AND `d`.`id` = :id" . + ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = '" . (int)$userinfo['adminid'] . "' ") + ); + $params = array('id' => $id); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + $result = Database::pexecute_first($result_stmt, $params); + + if ($result['domain'] != '') { + + $subdomains_stmt = Datbase::prepare(" + SELECT COUNT(`id`) AS count FROM `" . TABLE_PANEL_DOMAINS . "` WHERE + `parentdomainid` = :resultid + "); + $subdomains = Database::pexecute_first($subdomains_stmt, array('resultid' => $result['id'])); $subdomains = $subdomains['count']; - $alias_check = $db->query_first('SELECT COUNT(`id`) AS count FROM `' . TABLE_PANEL_DOMAINS . '` WHERE `aliasdomain`=\'' . (int)$result['id'] . '\''); + + $alias_check_stmt = Database::prepare(" + SELECT COUNT(`id`) AS count FROM `" . TABLE_PANEL_DOMAINS . "` WHERE + `aliasdomain` = :resultid + "); + $alias_check = Database::pexecute_first($alias_check_stmt, array('resultid' => $result['id'])); $alias_check = $alias_check['count']; - $domain_emails_result = $db->query('SELECT `email`, `email_full`, `destination`, `popaccountid` AS `number_email_forwarders` FROM `' . TABLE_MAIL_VIRTUAL . '` WHERE `customerid` = "' . (int)$result['customerid'] . '" AND `domainid` = "' . (int)$result['id'] . '" '); - $emails = $db->num_rows($domain_emails_result); + + $domain_emails_result_stmt = Database::prepare(" + SELECT `email`, `email_full`, `destination`, `popaccountid` AS `number_email_forwarders` + FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid` = :cusotmerid AND `domainid` = :id + "); + Database::pexecute($domain_emails_result_stmt, array('customerid' => $result['customerid'], 'id' => $result['id'])); + + $emails = Database::num_rows(); $email_forwarders = 0; $email_accounts = 0; - while($domain_emails_row = $db->fetch_array($domain_emails_result)) - { - if($domain_emails_row['destination'] != '') - { + while ($domain_emails_row = $domain_emails_result_stmt->fetch(PDO::FETCH_ASSOC)) { + + if ($domain_emails_row['destination'] != '') { + $domain_emails_row['destination'] = explode(' ', makeCorrectDestination($domain_emails_row['destination'])); $email_forwarders+= count($domain_emails_row['destination']); - if(in_array($domain_emails_row['email_full'], $domain_emails_row['destination'])) - { + if (in_array($domain_emails_row['email_full'], $domain_emails_row['destination'])) { $email_forwarders-= 1; $email_accounts++; } } } - $ipsresult = $db->query("SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = '" . (int)$result['id'] . "'"); + $ipsresult_stmt = Database::prepare(" + SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :id + "); + Database::pexecute($ipsresult_stmt, array('id' => $result['id'])); + $usedips = array(); - while ($ipsresultrow = $db->fetch_array($ipsresult)) - { + while ($ipsresultrow = $ipsresult_stmt->fetch(PDO::FETCH_ASSOC)) { $usedips[] = $ipsresultrow['id_ipandports']; } - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - $customer = $customer_old = $db->query_first("SELECT * FROM " . TABLE_PANEL_CUSTOMERS . " WHERE `customerid`='" . (int)$result['customerid'] . "'"); + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { - if(isset($_POST['customerid']) - && ($customerid = intval($_POST['customerid'])) != $result['customerid'] - && $settings['panel']['allow_domain_change_customer'] == '1') - { - $customer = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$customerid . "' AND (`subdomains_used` + " . (int)$subdomains . " <= `subdomains` OR `subdomains` = '-1' ) AND (`emails_used` + " . (int)$emails . " <= `emails` OR `emails` = '-1' ) AND (`email_forwarders_used` + " . (int)$email_forwarders . " <= `email_forwarders` OR `email_forwarders` = '-1' ) AND (`email_accounts_used` + " . (int)$email_accounts . " <= `email_accounts` OR `email_accounts` = '-1' ) " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' ") . " "); + $customer_stmt = Database::prepare(" + SELECT * FROM " . TABLE_PANEL_CUSTOMERS . " WHERE `customerid` = :customerid + "); + $customer = $customer_old = Database::pexecute_first($customer_stmt, array('customerid' => $result['customerid'])); - if(empty($customer) - || $customer['customerid'] != $customerid) - { + $customerid = intval($_POST['customerid']); + if (isset($_POST['customerid']) + && $customerid != $result['customerid'] + && $settings['panel']['allow_domain_change_customer'] == '1' + ) { + + $customer_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid` = :customerid + AND (`subdomains_used` + :subdomains <= `subdomains` OR `subdomains` = '-1' ) + AND (`emails_used` + :emails <= `emails` OR `emails` = '-1' ) + AND (`email_forwarders_used` + :forwarders <= `email_forwarders` OR `email_forwarders` = '-1' ) + AND (`email_accounts_used` + :accounts <= `email_accounts` OR `email_accounts` = '-1' ) " . + ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") + ); + + $params = array( + 'customerid' => $customerid, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'forwarders' => $email_forwarders, + 'accounts' => $email_accounts + ); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + + $customer = Database::pexecute_first($customer_stmt, $params); + if (empty($customer) + || $customer['customerid'] != $customerid + ) { standard_error('customerdoesntexist'); } - } - else - { + } else { $customerid = $result['customerid']; } - $admin = $admin_old = $db->query_first("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$result['adminid'] . "' "); + $customer_stmt = Database::prepare(" + SELECT * FROM " . TABLE_PANEL_ADMINS . " WHERE `adminid` = :adminid + "); + $admin = $admin_old = Database::pexecute_first($customer_stmt, array('adminid' => $result['adminid'])); - if($userinfo['customers_see_all'] == '1') - { - if(isset($_POST['adminid']) - && ($adminid = intval($_POST['adminid'])) != $result['adminid'] - && $settings['panel']['allow_domain_change_admin'] == '1') - { - $admin = $db->query_first("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$adminid . "' AND ( `domains_used` < `domains` OR `domains` = '-1' )"); + if ($userinfo['customers_see_all'] == '1') { - if(empty($admin) - || $admin['adminid'] != $adminid) - { + $adminid = intval($_POST['adminid']); + if (isset($_POST['adminid']) + && $adminid != $result['adminid'] + && $settings['panel']['allow_domain_change_admin'] == '1' + ) { + + $admin_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_ADMINS . "` + WHERE `adminid` = :adminid AND ( `domains_used` < `domains` OR `domains` = '-1' ) + "); + $admin = Database::pexecute_first($admin_stmt, array('adminid' => $adminid)); + + if (empty($admin) + || $admin['adminid'] != $adminid + ) { standard_error('admindoesntexist'); } - } - else - { + } else { $adminid = $result['adminid']; } - } - else - { + } else { $adminid = $result['adminid']; } @@ -914,12 +1119,14 @@ if($page == 'domains' $registration_date = validate($registration_date, 'registration_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array('0000-00-00', '0', '')); $isemaildomain = 0; - if(isset($_POST['isemaildomain'])) - $isemaildomain = intval($_POST['isemaildomain']); + if (isset($_POST['isemaildomain'])) { + $isemaildomain = intval($_POST['isemaildomain']); + } $email_only = 0; - if(isset($_POST['email_only'])) + if (isset($_POST['email_only'])) { $email_only = intval($_POST['email_only']); + } $serveraliasoption = '2'; if ($result['iswildcarddomain'] == '1') { @@ -936,8 +1143,7 @@ if($page == 'domains' $speciallogfile = intval($_POST['speciallogfile']); - if($userinfo['change_serversettings'] == '1') - { + if ($userinfo['change_serversettings'] == '1') { $isbinddomain = $result['isbinddomain']; $zonefile = $result['zonefile']; if ($settings['system']['bind_enable'] == '1') { @@ -949,40 +1155,32 @@ if($page == 'domains' $zonefile = validate($_POST['zonefile'], 'zonefile'); } - if($settings['dkim']['use_dkim'] == '1') - { + if ($settings['dkim']['use_dkim'] == '1') { $dkim = isset($_POST['dkim']) ? 1 : 0; - } - else - { + } else { $dkim = $result['dkim']; } $specialsettings = validate(str_replace("\r\n", "\n", $_POST['specialsettings']), 'specialsettings', '/^[^\0]*$/'); $documentroot = validate($_POST['documentroot'], 'documentroot'); - if($documentroot == '') - { + if ($documentroot == '') { // If path is empty and 'Use domain name as default value for DocumentRoot path' is enabled in settings, // set default path to subdomain or domain name - if ($settings['system']['documentroot_use_default_value'] == 1) - { + if ($settings['system']['documentroot_use_default_value'] == 1) { $documentroot = makeCorrectDir($customer['documentroot'] . '/' . $result['domain']); - } - else - { + } else { $documentroot = $customer['documentroot']; } } - if(!preg_match('/^https?\:\/\//', $documentroot) - && strstr($documentroot, ":") !== FALSE + if (!preg_match('/^https?\:\/\//', $documentroot) + && strstr($documentroot, ":") !== false ) { standard_error('pathmaynotcontaincolon'); } - } - else - { + + } else { $isbinddomain = $result['isbinddomain']; $zonefile = $result['zonefile']; $dkim = $result['dkim']; @@ -992,20 +1190,25 @@ if($page == 'domains' $speciallogverified = (isset($_POST['speciallogverified']) ? (int)$_POST['speciallogverified'] : 0); - if($userinfo['caneditphpsettings'] == '1' - || $userinfo['change_serversettings'] == '1') - { + if ($userinfo['caneditphpsettings'] == '1' + || $userinfo['change_serversettings'] == '1' + ) { + $openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0; - if((int)$settings['system']['mod_fcgid'] == 1 || (int)$settings['phpfpm']['enabled'] == 1) - { + if ((int)$settings['system']['mod_fcgid'] == 1 + || (int)$settings['phpfpm']['enabled'] == 1 + ) { $phpsettingid = (int)$_POST['phpsettingid']; - $phpsettingid_check = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$phpsettingid); + $phpsettingid_check_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :phpid + "); + $phpsettingid_check = Database::pexecute_first($phpsettingid_check_stmt, array('phpid' => $phpsettingid)); - if(!isset($phpsettingid_check['id']) - || $phpsettingid_check['id'] == '0' - || $phpsettingid_check['id'] != $phpsettingid) - { + if (!isset($phpsettingid_check['id']) + || $phpsettingid_check['id'] == '0' + || $phpsettingid_check['id'] != $phpsettingid + ) { standard_error('phpsettingidwrong'); } @@ -1016,16 +1219,14 @@ if($page == 'domains' $mod_fcgid_starter = $result['mod_fcgid_starter']; $mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests']; } - } - else - { + + } else { $phpsettingid = $result['phpsettingid']; $mod_fcgid_starter = $result['mod_fcgid_starter']; $mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests']; } - } - else - { + + } else { $openbasedir = $result['openbasedir']; $phpsettingid = $result['phpsettingid']; $mod_fcgid_starter = $result['mod_fcgid_starter']; @@ -1037,10 +1238,14 @@ if($page == 'domains' $_POST['ipandport'] = unserialize($_POST['ipandport']); } if (isset($_POST['ipandport']) && is_array($_POST['ipandport'])) { - foreach($_POST['ipandport'] as $ipandport) { + + $ipandport_check_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :ipandport + "); + foreach ($_POST['ipandport'] as $ipandport) { if (trim($ipandport) == "") continue; $ipandport = intval($ipandport); - $ipandport_check = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = '" . $db->escape($ipandport) . "' "); + $ipandport_check = Database::pexecute_first($ipandport_check_stmt, array('ipandport' => $ipandport)); if (!isset($ipandport_check['id']) || $ipandport_check['id'] == '0' || $ipandport_check['id'] != $ipandport @@ -1052,9 +1257,9 @@ if($page == 'domains' } } - if($settings['system']['use_ssl'] == "1" - && isset($_POST['ssl_ipandport'])) - { + if ($settings['system']['use_ssl'] == '1' + && isset($_POST['ssl_ipandport']) + ) { $ssl = 1; // if ssl is set and != 0, it can only be 1 $ssl_redirect = 0; if (isset($_POST['ssl_redirect'])) { @@ -1066,12 +1271,16 @@ if($page == 'domains' $_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']); } if (isset($_POST['ssl_ipandport']) && is_array($_POST['ssl_ipandport'])) { + + $ssl_ipandport_check_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :ipandport + "); foreach ($_POST['ssl_ipandport'] as $ssl_ipandport) { if (trim($ssl_ipandport) == "") continue; // fix if ip/port got de-checked and it was the last one if (trim($ssl_ipandport) < 1) continue; $ssl_ipandport = intval($ssl_ipandport); - $ssl_ipandport_check = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = '" . $db->escape($ssl_ipandport) . "' "); + $ssl_ipandport_check = Database::pexecute_first($ssl_ipandport_check_stmt, array('ipandport' => $ssl_ipandport)); if (!isset($ssl_ipandport_check['id']) || $ssl_ipandport_check['id'] == '0' || $ssl_ipandport_check['id'] != $ssl_ipandport @@ -1086,58 +1295,47 @@ if($page == 'domains' // if ssl is disabled or no ssl-ip/port exists $ssl_ipandports[] = -1; } - } - else - { + } else { $ssl_redirect = 0; // we need this for the serialize // if ssl is disabled or no ssl-ip/port exists $ssl_ipandports[] = -1; } - if(!preg_match('/^https?\:\/\//', $documentroot)) - { + if (!preg_match('/^https?\:\/\//', $documentroot)) { $documentroot = makeCorrectDir($documentroot); } - if($openbasedir != '1') - { + if ($openbasedir != '1') { $openbasedir = '0'; } - if($isbinddomain != '1') - { + if ($isbinddomain != '1') { $isbinddomain = '0'; } - if($isemaildomain != '1') - { + if ($isemaildomain != '1') { $isemaildomain = '0'; } - if($email_only == '1') - { + if ($email_only == '1') { $isemaildomain = '1'; - } - else - { + } else { $email_only = '0'; } - if($subcanemaildomain != '1' - && $subcanemaildomain != '2' - && $subcanemaildomain != '3') - { + if ($subcanemaildomain != '1' + && $subcanemaildomain != '2' + && $subcanemaildomain != '3' + ) { $subcanemaildomain = '0'; } - if($dkim != '1') - { + if ($dkim != '1') { $dkim = '0'; } - if($caneditdomain != '1') - { + if ($caneditdomain != '1') { $caneditdomain = '0'; } @@ -1148,29 +1346,32 @@ if($page == 'domains' if ($aliasdomain != 0) { // Overwrite given ipandports with these of the "main" domain $ipandports = array(); - $origipresult = $db->query("SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP ."` WHERE `id_domain` = '" . (int)$aliasdomain . "'"); - while ($origip = $db->fetch_array($origipresult)) { + $origipresult_stmt = Database::prepare(" + SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP ."` WHERE `id_domain` = :aliasdomain + "); + Database::pexecute($origipresult_stmt, array('aliasdomain' => $aliasdomain)); + while ($origip = $origipresult_stmt->fetch(PDO::FETCH_ASSOC)) { $ipandports[] = $origip['id_ipandports']; } - $aliasdomain_check = $db->query_first("SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` - WHERE `d`.`customerid`='" . (int)$customerid . "' - AND `d`.`aliasdomain` IS NULL AND - `d`.`id` <> `c`.`standardsubdomain` - AND `c`.`customerid`='" . (int)$customerid . "' - AND `d`.`id`='" . (int)$aliasdomain . "'"); + $aliasdomain_check_stmt = Database::prepare(" + SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`customerid` = :customerid + AND `d`.`aliasdomain` IS NULL AND `d`.`id` <> `c`.`standardsubdomain` + AND `c`.`customerid` = :customerid + AND `d`.`id` = :aliasdomain + "); + $aliasdomain_check = Database::pexecute_first($aliasdomain_check_stmt, array('customerid' => $customerid, 'aliasdomain' => $aliasdomain)); } if (count($ipandports) == 0) { standard_error('noipportgiven'); } - if($aliasdomain_check['id'] != $aliasdomain) - { + if ($aliasdomain_check['id'] != $aliasdomain) { standard_error('domainisaliasorothercustomer'); } - if($issubof <= '0') - { + if ($issubof <= '0') { $issubof = '0'; } @@ -1212,15 +1413,12 @@ if($page == 'domains' 'reallydisablesecuritysetting' => ($openbasedir == '0' && $userinfo['change_serversettings'] == '1'), 'reallydocrootoutofcustomerroot' => (substr($documentroot, 0, strlen($customer['documentroot'])) != $customer['documentroot'] && !preg_match('/^https?\:\/\//', $documentroot)) ); - foreach($security_questions as $question_name => $question_launch) - { - if($question_launch !== false) - { + foreach ($security_questions as $question_name => $question_launch) { + if ($question_launch !== false) { $params[$question_name] = $question_name; - - if(!isset($_POST[$question_name]) - || $_POST[$question_name] != $question_name) - { + if (!isset($_POST[$question_name]) + || $_POST[$question_name] != $question_name + ) { ask_yesno('admin_domain_' . $question_name, $filename, $params); exit; } @@ -1230,20 +1428,20 @@ if($page == 'domains' $wwwserveralias = ($serveraliasoption == '1') ? '1' : '0'; $iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0'; - if($documentroot != $result['documentroot'] - || $ssl_redirect != $result['ssl_redirect'] - || $wwwserveralias != $result['wwwserveralias'] - || $iswildcarddomain != $result['iswildcarddomain'] - || $openbasedir != $result['openbasedir'] - || $phpsettingid != $result['phpsettingid'] - || $mod_fcgid_starter != $result['mod_fcgid_starter'] - || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] - || $specialsettings != $result['specialsettings'] - || $aliasdomain != $result['aliasdomain'] - || $issubof != $result['ismainbutsubto'] - || $email_only != $result['email_only'] - || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1')) - { + if ($documentroot != $result['documentroot'] + || $ssl_redirect != $result['ssl_redirect'] + || $wwwserveralias != $result['wwwserveralias'] + || $iswildcarddomain != $result['iswildcarddomain'] + || $openbasedir != $result['openbasedir'] + || $phpsettingid != $result['phpsettingid'] + || $mod_fcgid_starter != $result['mod_fcgid_starter'] + || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] + || $specialsettings != $result['specialsettings'] + || $aliasdomain != $result['aliasdomain'] + || $issubof != $result['ismainbutsubto'] + || $email_only != $result['email_only'] + || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') + ) { inserttask('1'); } @@ -1251,235 +1449,368 @@ if($page == 'domains' $speciallogfile = $result['speciallogfile']; } - if($isbinddomain != $result['isbinddomain'] - || $zonefile != $result['zonefile'] - || $dkim != $result['dkim']) - { + if ($isbinddomain != $result['isbinddomain'] + || $zonefile != $result['zonefile'] + || $dkim != $result['dkim'] + ) { inserttask('4'); } - if($isemaildomain == '0' - && $result['isemaildomain'] == '1') - { - $db->query("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `domainid`='" . (int)$id . "' "); - $db->query("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `domainid`='" . (int)$id . "' "); + if ($isemaildomain == '0' + && $result['isemaildomain'] == '1' + ) { + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `domainid` = :id + "); + Database::pexecute($del_stmt, array('id' => $id)); + + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `domainid` = :id + "); + Database::pexecute($del_stmt, array('id' => $id)); $log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain #" . $id . " from mail-tables"); } $updatechildren = ''; - if($subcanemaildomain == '0' - && $result['subcanemaildomain'] != '0') - { - $updatechildren = ', `isemaildomain`=\'0\' '; - } - elseif($subcanemaildomain == '3' - && $result['subcanemaildomain'] != '3') - { - $updatechildren = ', `isemaildomain`=\'1\' '; + if ($subcanemaildomain == '0' + && $result['subcanemaildomain'] != '0' + ) { + $updatechildren = ", `isemaildomain` = '0' "; + + } elseif($subcanemaildomain == '3' + && $result['subcanemaildomain'] != '3' + ) { + $updatechildren = ", `isemaildomain` = '1' "; } - if($customerid != $result['customerid'] - && $settings['panel']['allow_domain_change_customer'] == '1') - { - $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `customerid` = '" . (int)$customerid . "' WHERE `domainid` = '" . (int)$result['id'] . "' "); - $db->query("UPDATE `" . TABLE_MAIL_VIRTUAL . "` SET `customerid` = '" . (int)$customerid . "' WHERE `domainid` = '" . (int)$result['id'] . "' "); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `subdomains_used` = `subdomains_used` + '" . (int)$subdomains . "', `emails_used` = `emails_used` + '" . (int)$emails . "', `email_forwarders_used` = `email_forwarders_used` + '" . (int)$email_forwarders . "', `email_accounts_used` = `email_accounts_used` + '" . (int)$email_accounts . "' WHERE `customerid` = '" . (int)$customerid . "' "); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `subdomains_used` = `subdomains_used` - '" . (int)$subdomains . "', `emails_used` = `emails_used` - '" . (int)$emails . "', `email_forwarders_used` = `email_forwarders_used` - '" . (int)$email_forwarders . "', `email_accounts_used` = `email_accounts_used` - '" . (int)$email_accounts . "' WHERE `customerid` = '" . (int)$result['customerid'] . "' "); + if ($customerid != $result['customerid'] + && $settings['panel']['allow_domain_change_customer'] == '1' + ) { + $upd_data = array('customerid' => $customerid, 'domainid' => $result['id']); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_MAIL_USERS . "` SET `customerid` = :customerid WHERE `domainid` = :domainid + "); + Database::pexecute($upd_stmt, $upd_data); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_MAIL_VIRTUAL . "` SET `customerid` = :customerid WHERE `domainid` = :domainid + "); + Database::pexecute($upd_stmt, $upd_data); + $upd_data = array('subdomains' => $subdomains, 'emails' => $emails, 'forwarders' => $email_forwarders, 'accounts' => $email_accounts); + $upd_data['customerid'] = $customerid; + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `subdomains_used` = `subdomains_used` + :subdomains, + `emails_used` = `emails_used` + :emails, + `email_forwarders_used` = `email_forwarders_used` + :forwarders, + `email_accounts_used` = `email_accounts_used` + :accounts + WHERE `customerid` = :customerid + "); + Database::pexecute($upd_stmt, $upd_data); + + $upd_data['customerid'] = $result['customerid']; + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `subdomains_used` = `subdomains_used` - :subdomains, + `emails_used` = `emails_used` - :emails, + `email_forwarders_used` = `email_forwarders_used` - :forwarders, + `email_accounts_used` = `email_accounts_used` - :accounts + WHERE `customerid` = :customerid + "); + Database::pexecute($upd_stmt, $upd_data); } - if($adminid != $result['adminid'] - && $settings['panel']['allow_domain_change_admin'] == '1') - { - $db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1 WHERE `adminid` = '" . (int)$adminid . "' "); - $db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` - 1 WHERE `adminid` = '" . (int)$result['adminid'] . "' "); + if ($adminid != $result['adminid'] + && $settings['panel']['allow_domain_change_admin'] == '1' + ) { + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1 WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, array('adminid' => $adminid)); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` - 1 WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, array('adminid' => $result['adminid'])); } + $_update_data = array(); + $ssfs = isset($_POST['specialsettingsforsubdomains']) ? 1 : 0; - if($ssfs == 1) - { - $upd_specialsettings = ", `specialsettings`='" . $db->escape($specialsettings) . "' "; - } - else - { + if ($ssfs == 1) { + $_update_data['specialsettings'] = $specialsettings; + $upd_specialsettings = ", `specialsettings` = :specialsettings "; + } else { $upd_specialsettings = ''; - $db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `specialsettings`='' WHERE `parentdomainid`='" . (int)$id . "'"); + unset($_update_data['specialsettings']); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `specialsettings`='' WHERE `parentdomainid` = :id + "); + Database::pexecute($upd_stmt, array('id' => $id)); $log->logAction(ADM_ACTION, LOG_INFO, "removed specialsettings on all subdomains of domain #" . $id); } $wwwserveralias = ($serveraliasoption == '1') ? '1' : '0'; $iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0'; - $result = $db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET - `customerid` = '" . (int)$customerid . "', - `adminid` = '" . (int)$adminid . "', - `documentroot`='" . $db->escape($documentroot) . "', - `ssl_redirect`='" . (int)$ssl_redirect . "', - `aliasdomain`=" . (($aliasdomain != 0 && $alias_check == 0) ? '\'' . $db->escape($aliasdomain) . '\'' : 'NULL') . ", - `isbinddomain`='" . $db->escape($isbinddomain) . "', - `isemaildomain`='" . $db->escape($isemaildomain) . "', - `email_only`='" . $db->escape($email_only) . "', - `subcanemaildomain`='" . $db->escape($subcanemaildomain) . "', - `dkim`='" . $db->escape($dkim) . "', - `caneditdomain`='" . $db->escape($caneditdomain) . "', - `zonefile`='" . $db->escape($zonefile) . "', - `wwwserveralias`='" . $db->escape($wwwserveralias) . "', - `iswildcarddomain`='" . $db->escape($iswildcarddomain) . "', - `openbasedir`='" . $db->escape($openbasedir) . "', - `speciallogfile`='" . $db->escape($speciallogfile) . "', - `phpsettingid`='" . $db->escape($phpsettingid) . "', - `mod_fcgid_starter`='" . $db->escape($mod_fcgid_starter) . "', - `mod_fcgid_maxrequests`='" . $db->escape($mod_fcgid_maxrequests) . "', - `specialsettings`='" . $db->escape($specialsettings) . "', - `registration_date`='" . $db->escape($registration_date) . "', - `ismainbutsubto`='" . (int)$issubof . "' WHERE `id`='" . (int)$id . "' + $update_data = array(); + $update_data['customerid'] = $customerid; + $update_data['adminid'] = $adminid; + $update_data['documentroot'] = $documentroot; + $update_data['ssl_redirect'] = $ssl_redirect; + $update_data['aliasdomain'] = ($aliasdomain != 0 && $alias_check == 0) ? $aliasdomain : null; + $update_data['isbinddomain'] = $isbinddomain; + $update_data['isemaildomain'] = $isemaildomain; + $update_data['email_only'] = $email_only; + $update_data['subcanemaildomain'] = $subcanemaildomain; + $update_data['dkim'] = $dkim; + $update_data['caneditdomain'] = $caneditdomain; + $update_data['zonefile'] = $zonefile; + $update_data['wwwserveralias'] = $wwwserveralias; + $update_data['iswildcarddomain'] = $iswildcarddomain; + $update_data['openbasedir'] = $openbasedir; + $update_data['speciallogfile'] = $speciallogfile; + $update_data['phpsettingid'] = $phpsettingid; + $update_data['mod_fcgid_starter'] = $mod_fcgid_starter; + $update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests; + $update_data['specialsettings'] = $specialsettings; + $update_data['registration_date'] = $registration_date; + $update_data['ismainbutsubto'] = $issubof; + $update_data['id'] = $id; + + $update_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_DOMAINS . "` SET + `customerid` = :customerid, + `adminid` = :adminid, + `documentroot` = :documentroot, + `ssl_redirect` = :ssl_redirect, + `aliasdomain` = :aliasdomain, + `isbinddomain` = :isbinddomain, + `isemaildomain` = :isemaildomain, + `email_only` = :email_only, + `subcanemaildomain` = :subcanemaildomain, + `dkim` = :dkim, + `caneditdomain` = :caneditdomain, + `zonefile` = :zonefile, + `wwwserveralias` = :wwwserveralias, + `iswildcarddomain` = :iswildcarddomain, + `openbasedir` = :openbasedir, + `speciallogfile` = :speciallogfile, + `phpsettingid` = :phpsettingid, + `mod_fcgid_starter` = :mod_fcgid_starter, + `mod_fcgid_maxrequests` = :mod_fcgid_maxrequests, + `specialsettings` = :specialsettings, + `registration_date` = :registration_date, + `ismainbutsubto` = :ismainbutsubto + WHERE `id` = :id "); - $result = $db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET - `customerid` = '" . (int)$customerid . "', - `adminid` = '" . (int)$adminid . "', - `openbasedir`='" . $db->escape($openbasedir) . "', - `phpsettingid`='" . $db->escape($phpsettingid) . "', - `mod_fcgid_starter`='" . $db->escape($mod_fcgid_starter) . "', - `mod_fcgid_maxrequests`='" . $db->escape($mod_fcgid_maxrequests) . "' + Database::pexecute($update_stmt, $update_data); + + $_update_data['customerid'] = $customerid; + $_update_data['adminid'] = $adminid; + $_update_data['openbasedir'] = $openbasedir; + $_update_data['phpsettingid'] = $phpsettingid; + $_update_data['mod_fcgid_starter'] = $mod_fcgid_starter; + $_update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests; + $_update_data['parentdomainid'] = $id; + + $_update_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_DOMAINS . "` SET + `customerid` = .customerid, + `adminid` = :adminid, + `openbasedir` = :openbasedir, + `phpsettingid` = :phpsettingid, + `mod_fcgid_starter` = :mod_fcgid_starter, + `mod_fcgid_maxrequests` = :mod_fcgid_maxrequests " . $upd_specialsettings . $updatechildren . " - WHERE `parentdomainid`='" . (int)$id . "' + WHERE `parentdomainid` = parentdomainid "); + Database::pexecute($_update_stmt, $_update_data); // FIXME check how many we got and if the amount of assigned IP's // has changed so we can insert a config-rebuild task if only // the ip's of this domain were changed // Cleanup domain <-> ip mapping - $db->query("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = '" . (int)$id . "'"); + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :id + "); + Database::pexecute($del_stmt, array('id' => $id)); + + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_DOMAINTOIP . "` SET `id_domain` = :domainid, `id_ipandports` = :ipportid + "); foreach ($ipandports as $ipportid) { - $db->query("INSERT INTO `" . TABLE_DOMAINTOIP . "` SET - `id_domain` = '" . (int)$id . "', - `id_ipandports` = '" . (int)$ipportid . "'; - "); + Database::pexecute($ins_stmt, array('domainid' => $id, 'ipportid' => $ipportid)); } foreach ($ssl_ipandports as $ssl_ipportid) { if ($ssl_ipportid > 0) { - $db->query("INSERT INTO `" . TABLE_DOMAINTOIP . "` SET - `id_domain` = '" . (int)$id . "', - `id_ipandports` = '" . (int)$ssl_ipportid . "'; - "); + Database::pexecute($ins_stmt, array('domainid' => $id, 'ipportid' => $ssl_ipportid)); } } // Cleanup domain <-> ip mapping for subdomains - $domainidsresult = $db->query("SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `parentdomainid`='" . (int)$id . "'"); - while ($row = $db->fetch_array($domainidsresult)) { - $db->query("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = '" . (int)$row['id'] . "'"); + $domainidsresult_stmt = Database::prepare(" + SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `parentdomainid` = :id + "); + Database::pexecute($domainidsresult_stmt, array('id' => $id)); + + while ($row = $domainidsresult_stmt->fetch(PDO::FETCH_ASSOC)) { + + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :rowid + "); + Database::pexecute($del_stmt, array('rowid' => $row['id'])); + + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_DOMAINTOIP . "` SET + `id_domain` = :rowid, + `id_ipandports` = :ipportid + "); + foreach ($ipandports as $ipportid) { - $db->query("INSERT INTO `" . TABLE_DOMAINTOIP . "` SET - `id_domain` = '" . (int)$row['id'] . "', - `id_ipandports` = '" . (int)$ipportid . "'; - "); + Database::pexecute($ins_stmt, array('rowid' => $row['id'], 'ipportid' => $ipportid)); } foreach ($ssl_ipandports as $ssl_ipportid) { - if ($ssl_ipportid > 0) { - $db->query("INSERT INTO `" . TABLE_DOMAINTOIP . "` SET - `id_domain` = '" . (int)$row['id'] . "', - `id_ipandports` = '" . (int)$ssl_ipportid . "'; - "); - } + Database::pexecute($ins_stmt, array('rowid' => $row['id'], 'ipportid' => $ssl_ipportid)); } } $log->logAction(ADM_ACTION, LOG_INFO, "edited domain #" . $id); - $redirect_props = Array( - 'page' => $page, - 's' => $s - ); + redirectTo($filename, array('page' => $page, 's' => $s)); - redirectTo($filename, $redirect_props); - } - else - { - if($settings['panel']['allow_domain_change_customer'] == '1') - { + } else { + + + if ($settings['panel']['allow_domain_change_customer'] == '1') { $customers = ''; - $result_customers = $db->query("SELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE ( (`subdomains_used` + " . (int)$subdomains . " <= `subdomains` OR `subdomains` = '-1' ) AND (`emails_used` + " . (int)$emails . " <= `emails` OR `emails` = '-1' ) AND (`email_forwarders_used` + " . (int)$email_forwarders . " <= `email_forwarders` OR `email_forwarders` = '-1' ) AND (`email_accounts_used` + " . (int)$email_accounts . " <= `email_accounts` OR `email_accounts` = '-1' ) " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' ") . ") OR `customerid` = '" . (int)$result['customerid'] . "' ORDER BY `name` ASC"); + $result_customers_stmt = Database::prepare(" + SELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE ( (`subdomains_used` + :subdomains <= `subdomains` OR `subdomains` = '-1' ) + AND (`emails_used` + :emails <= `emails` OR `emails` = '-1' ) + AND (`email_forwarders_used` + :forwarders <= `email_forwarders` OR `email_forwarders` = '-1' ) + AND (`email_accounts_used` + :accounts <= `email_accounts` OR `email_accounts` = '-1' ) " . + ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid ") . ") + OR `customerid` = :customerid ORDER BY `name` ASC + "); + $params = array( + 'subdomains' => $subdomains, + 'emails' => $emails, + 'forwarders' => $email_forwarders, + 'accounts' => $email_accounts, + 'customerid' => $result['customerid'] + ); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + Database::pexecute($result_customers_stmt, $params); - while($row_customer = $db->fetch_array($result_customers)) - { + while ($row_customer = $result_customers_stmt->fetch(PDO::FETCH_ASSOC)) { $customers.= makeoption(getCorrectFullUserDetails($row_customer) . ' (' . $row_customer['loginname'] . ')', $row_customer['customerid'], $result['customerid']); } - } - else - { - $customer = $db->query_first("SELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid` = '" . (int)$result['customerid'] . "'"); + + } else { + $customer_stmt = Database::prepare(" + SELECT `customerid`, `loginname`, `name`, `firstname`, `company` FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid` = :customerid + "); + $customer = Database::pexecute_first($customer_stmt, array('customerid' => $result['customerid'])); $result['customername'] = getCorrectFullUserDetails($customer) . ' (' . $customer['loginname'] . ')'; } - if($userinfo['customers_see_all'] == '1') - { - if($settings['panel']['allow_domain_change_admin'] == '1') - { - $admins = ''; - $result_admins = $db->query("SELECT `adminid`, `loginname`, `name` FROM `" . TABLE_PANEL_ADMINS . "` WHERE (`domains_used` < `domains` OR `domains` = '-1') OR `adminid` = '" . (int)$result['adminid'] . "' ORDER BY `name` ASC"); + if ($userinfo['customers_see_all'] == '1') { + if ($settings['panel']['allow_domain_change_admin'] == '1') { - while($row_admin = $db->fetch_array($result_admins)) - { + $admins = ''; + $result_admins_stmt = Database::prepare(" + SELECT `adminid`, `loginname`, `name` FROM `" . TABLE_PANEL_ADMINS . "` + WHERE (`domains_used` < `domains` OR `domains` = '-1') OR `adminid` = :adminid ORDER BY `name` ASC + "); + Database::pexecute($result_admins_stmt, array('adminid' => $result['adminid'])); + + while ($row_admin = $result_admins_stmt->fetch(PDO::FETCH_ASSOC)) { $admins.= makeoption(getCorrectFullUserDetails($row_admin) . ' (' . $row_admin['loginname'] . ')', $row_admin['adminid'], $result['adminid']); } - } - else - { - $admin = $db->query_first("SELECT `adminid`, `loginname`, `name` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = '" . (int)$result['adminid'] . "'"); + } else { + $admin_stmt = Database::prepare(" + SELECT `adminid`, `loginname`, `name` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid + "); + $admin = Database::pexecute_first($admin_stmt, array('adminid' => $result['adminid'])); $result['adminname'] = getCorrectFullUserDetails($admin) . ' (' . $admin['loginname'] . ')'; } } $result['domain'] = $idna_convert->decode($result['domain']); - $domains = makeoption($lng['domains']['noaliasdomain'], 0, NULL, true); - $result_domains = $db->query("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid`=0 AND `d`.`id`<>'" . (int)$result['id'] . "' AND `c`.`standardsubdomain`<>`d`.`id` AND `d`.`customerid`='" . (int)$result['customerid'] . "' AND `c`.`customerid`=`d`.`customerid` ORDER BY `d`.`domain` ASC"); + $domains = makeoption($lng['domains']['noaliasdomain'], 0, null, true); - while($row_domain = $db->fetch_array($result_domains)) - { + $result_domains_stmt = Database::prepare(" + SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid` = '0' AND `d`.`id` <> :id + AND `c`.`standardsubdomain`<>`d`.`id` AND `d`.`customerid` = :customerid AND `c`.`customerid`=`d`.`customerid` + ORDER BY `d`.`domain` ASC + "); + Database::pexecute($result_domains_stmt, array('id' => $result['id'], 'customerid' => $result['customerid'])); + + while ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) { $domains.= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']); } - $subtodomains = makeoption($lng['domains']['nosubtomaindomain'], 0, NULL, true); - $result_domains = $db->query("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid`=0 AND `d`.`id`<>'" . (int)$result['id'] . "' AND `c`.`standardsubdomain`<>`d`.`id` AND `c`.`customerid`=`d`.`customerid`". ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = '" . (int)$userinfo['adminid'] . "'") . " ORDER BY `d`.`domain` ASC"); + $subtodomains = makeoption($lng['domains']['nosubtomaindomain'], 0, null, true); + $result_domains_stmt = Database::prepare(" + SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid` = '0' AND `d`.`id` <> :id + AND `c`.`standardsubdomain`<>`d`.`id` AND `c`.`customerid`=`d`.`customerid`". + ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid") . " + ORDER BY `d`.`domain` ASC + "); + $params = array('id' => $result['id']); + if ($userinfo['customers_see_all'] == '0') { + $params['adminid'] = $userinfo['adminid']; + } + Database::pexecute($result_domains_stmt, $params); - while($row_domain = $db->fetch_array($result_domains)) - { + while ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) { $subtodomains.= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['ismainbutsubto']); } - if($userinfo['ip'] == "-1") - { - $result_ipsandports = $db->query("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' ORDER BY `ip`, `port` ASC"); - $result_ssl_ipsandports = $db->query("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1' ORDER BY `ip`, `port` ASC"); - } - else - { - $admin_ip = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id`='" . (int)$userinfo['ip'] . "' ORDER BY `ip`, `port` ASC"); - $result_ipsandports = $db->query("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' AND `ip`='" . $admin_ip['ip'] . "' ORDER BY `ip`, `port` ASC"); - $result_ssl_ipsandports = $db->query("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1' AND `ip`='" . $admin_ip['ip'] . "' ORDER BY `ip`, `port` ASC"); + if ($userinfo['ip'] == "-1") { + $result_ipsandports_stmt = Database::query(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' ORDER BY `ip`, `port` ASC + "); + $result_ssl_ipsandports_stmt = Database::query(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1' ORDER BY `ip`, `port` ASC + "); + } else { + $admin_ip_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :ipid ORDER BY `ip`, `port` ASC + "); + $admin_ip = Database::pexecute_first($admin_ip_stmt, array('ipid' => $userinfo['ip'])); + + $result_ipsandports_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' AND `ip` = :ipid ORDER BY `ip`, `port` ASC + "); + Database::pexecute($result_ipsandports_stmt, array('ipid' => $admin_ip['ip'])); + + $result_ssl_ipsandports_stmt = Database::prepare(" + SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='1' AND `ip` = :ipid ORDER BY `ip`, `port` ASC + "); + Database::pexecute($result_ssl_ipsandports_stmt, array('ipid' => $admin_ip['ip'])); } $ipsandports = array(); - while($row_ipandport = $db->fetch_array($result_ipsandports)) - { - if(filter_var($row_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) - { + while ($row_ipandport = $result_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) { + if (filter_var($row_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $row_ipandport['ip'] = '[' . $row_ipandport['ip'] . ']'; } - $ipsandports[] = array('label' => $row_ipandport['ip'] . ':' . $row_ipandport['port'], 'value' => $row_ipandport['id']); } $ssl_ipsandports = array(); - while($row_ssl_ipandport = $db->fetch_array($result_ssl_ipsandports)) - { - if(filter_var($row_ssl_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) - { + while ($row_ssl_ipandport = $result_ssl_ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) { + if (filter_var($row_ssl_ipandport['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $row_ssl_ipandport['ip'] = '[' . $row_ssl_ipandport['ip'] . ']'; } - $ssl_ipsandports[] = array('label' => $row_ssl_ipandport['ip'] . ':' . $row_ssl_ipandport['port'], 'value' => $row_ssl_ipandport['id']); } @@ -1505,9 +1836,9 @@ if($page == 'domains' $result['add_date'] = date('Y-m-d', $result['add_date']); $phpconfigs = ''; - $phpconfigs_result = $db->query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`"); + $phpconfigs_result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`"); - while ($phpconfigs_row = $db->fetch_array($phpconfigs_result)) { + while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) { $phpconfigs.= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true); }