From 256a714d55ce442d2e14e8c8ebbeb6fd73e5a7f7 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Thu, 31 Oct 2013 15:46:38 +0100
Subject: [PATCH] enhanced pdo database class; migrated admin_logger and
 admin_traffic

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 admin_logger.php                        |  31 ++---
 admin_traffic.php                       | 150 +++++++++++++++---------
 lib/classes/database/class.Database.php |   8 +-
 3 files changed, 115 insertions(+), 74 deletions(-)

diff --git a/admin_logger.php b/admin_logger.php
index ef3280cc..80433107 100644
--- a/admin_logger.php
+++ b/admin_logger.php
@@ -19,9 +19,6 @@
 
 define('AREA', 'admin');
 
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
 require('./lib/init.php');
 
 if ($page == 'log'
@@ -37,26 +34,28 @@ if ($page == 'log'
 		$paging = new paging($userinfo, $db, TABLE_PANEL_LOG, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
 		$paging->sortfield = 'date';
 		$paging->sortorder = 'desc';
-		$result = $db->query('SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit());
-		$paging->setEntries($db->num_rows($result));
+		$result_stmt = Database::query('
+			SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
+		);
+		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
 		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
 		$clog = array();
 
-		while ($row = $db->fetch_array($result)) {
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+
 			if (!isset($clog[$row['action']])
-			   || !is_array($clog[$row['action']])
+				|| !is_array($clog[$row['action']])
 			) {
 				$clog[$row['action']] = array();
 			}
-
 			$clog[$row['action']][$row['logid']] = $row;
 		}
 
 		if ($paging->sortfield == 'date'
-		   && $paging->sortorder == 'desc'
+			&& $paging->sortorder == 'desc'
 		) {
 			krsort($clog);
 		} else {
@@ -135,17 +134,19 @@ if ($page == 'log'
 		}
 
 		eval("echo \"" . getTemplate('logger/logger') . "\";");
+
 	} elseif ($action == 'truncate') {
+
 		if (isset($_POST['send'])
 		   && $_POST['send'] == 'send'
 		) {
-			$yesterday = time() - (60 * 10);
-
-			/* (60*60*24); */
-
-			$db->query("DELETE FROM `" . TABLE_PANEL_LOG . "` WHERE `date` < '" . $yesterday . "'");
+			$truncatedate = time() - (60 * 10);
+			$trunc_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_PANEL_LOG . "` WHERE `date` < :trunc"
+			);
+			Database::pexecute($trunc_stmt, array('trunc' => $truncatedate));
 			$log->logAction(ADM_ACTION, LOG_WARNING, 'truncated the system-log (mysql)');
-			redirectTo($filename, Array('page' => $page, 's' => $s));
+			redirectTo($filename, array('page' => $page, 's' => $s));
 		} else {
 			ask_yesno('logger_reallytruncate', $filename, array('page' => $page, 'action' => $action), TABLE_PANEL_LOG);
 		}
diff --git a/admin_traffic.php b/admin_traffic.php
index e1076b28..99947220 100644
--- a/admin_traffic.php
+++ b/admin_traffic.php
@@ -18,25 +18,22 @@
 
 define('AREA', 'admin');
 
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-
 require ("./lib/init.php");
 
-if($action == 'logout')
-{
-	$db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['adminid'] . "' AND `adminsession` = '1'");
+if ($action == 'logout') {
+	$logout_stmt = Database::prepare("
+		DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
+		WHERE `userid` = :adminid
+		AND `adminsession` = '1'"
+	);
+	Database::pexecute($logout_stmt, array('adminid' => $userinfo['adminid']));
 	redirectTo('index.php');
 	exit;
 }
 
-if(isset($_POST['id']))
-{
+if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
-}
-elseif(isset($_GET['id']))
-{
+} elseif(isset($_GET['id'])) {
 	$id = intval($_GET['id']);
 }
 
@@ -56,59 +53,95 @@ $months = array(
 	'12' => 'dec',
 );
 
-if($page == 'overview' || $page == 'customers') 
-{
-	if($action == 'su' && $id != 0)
-	{
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$id . "' " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' "));
+if ($page == 'overview' || $page == 'customers') {
 
-		if($result['loginname'] != '')
-		{
-			$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid`='" . (int)$userinfo['userid'] . "'");
+	if ($action == 'su' && $id != 0) {
+
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "`
+			WHERE `customerid` = :id" . 
+			($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid")
+		);
+		Database::pexecute($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid']));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
+		if ($result['loginname'] != '') {
+			$result2_stmt = Database::prepare("
+				SELECT * FROM `" . TABLE_PANEL_SESSIONS . "`
+				WHERE `userid` = :id"
+			);
+			Database::pexecute($result2_stmt, array('id' => $userinfo['userid']));
+			$result2 = $result2_stmt->fetch(PDO::FETCH_ASSOC);
 			$s = md5(uniqid(microtime(), 1));
-			$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) VALUES ('" . $db->escape($s) . "', '" . (int)$id . "', '" . $db->escape($result['ipaddress']) . "', '" . $db->escape($result['useragent']) . "', '" . time() . "', '" . $db->escape($result['language']) . "', '0')");
-			redirectTo('customer_traffic.php', Array(
-				's' => $s
-			));
-		}
-		else
-		{
-			redirectTo('index.php', Array(
-				'action' => 'login'
-			));
+			$ins_stmt = Database::prepare("
+				INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET
+					`hash` = :hash,
+					`userid` = :id,
+					`ipaddress` = :ip,
+					`useragent` = :ua,
+					`lastactivity` = :la,
+					`language` = :lang,
+					`adminsession` = '0'
+			");
+			$ins_data = array(
+				'hash' => $s,
+				'id' => $id,
+				'ip' => $result['ipaddress'],
+				'ua' => $result['useragent'],
+				'la' => time(),
+				'lang' => $result['language']
+			);
+			Database::pexecute($ins_stmt, $ins_data);
+
+			redirectTo('customer_traffic.php', array('s' => $s));
+
+		} else {
+			redirectTo('index.php', array('action' => 'login'));
 		}
 	}
+
 	$customerview = 1;
 	$stats_tables = '';
-	$minyear = $db->query_first("SELECT `year` FROM `". TABLE_PANEL_TRAFFIC . "` ORDER BY `year` ASC LIMIT 1");
-	if (!isset($minyear['year']) || $minyear['year'] == 0)
-	{
+	$minyear_stmt = Database::query("SELECT `year` FROM `". TABLE_PANEL_TRAFFIC . "` ORDER BY `year` ASC LIMIT 1");
+	$minyear = $minyear_stmt->fetch(PDO::FETCH_ASSOC);
+
+	if (!isset($minyear['year']) || $minyear['year'] == 0) {
 		$maxyears = 0;
-	}
-	else
-	{
+	} else {
 		$maxyears = date("Y") - $minyear['year'];
 	}
-	for($years = 0; $years<=$maxyears; $years++) {
+
+	for ($years = 0; $years<=$maxyears; $years++) {
+
 		$overview['year'] = date("Y")-$years;
 		$overview['type'] = $lng['traffic']['customer'];
 		$domain_list = '';
-		$customer_name_list = $db->query("SELECT `customerid`,`company`,`name`,`firstname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `deactivated`='0'" . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' ") . " ORDER BY name");
 		$totals = array(
-			'jan' => 0,
-			'feb' => 0,
-			'mar' => 0,
-			'apr' => 0,
-			'may' => 0,
-			'jun' => 0,
-			'jul' => 0,
-			'aug' => 0,
-			'sep' => 0,
-			'oct' => 0,
-			'nov' => 0,
-			'dec' => 0,
+				'jan' => 0,
+				'feb' => 0,
+				'mar' => 0,
+				'apr' => 0,
+				'may' => 0,
+				'jun' => 0,
+				'jul' => 0,
+				'aug' => 0,
+				'sep' => 0,
+				'oct' => 0,
+				'nov' => 0,
+				'dec' => 0,
 		);
-		while($customer_name = $db->fetch_array($customer_name_list)) {
+
+		$customer_name_list_stmt = Database::prepare("
+			SELECT `customerid`,`company`,`name`,`firstname`
+			FROM `" . TABLE_PANEL_CUSTOMERS . "`
+			WHERE `deactivated`='0'" .
+			($userinfo['customers_see_all'] ? '' : " AND `adminid` = :id") . "
+			ORDER BY name"
+		);
+		Database::pexecute($customer_name_list_stmt, array('id' => $userinfo['adminid']));
+
+		while($customer_name = $customer_name_list_stmt->fetch(PDO::FETCH_ASSOC)) {
+
 			$virtual_host = array(
 				'name' => ($customer_name['company'] == '' ? $customer_name['name'] . ", " . $customer_name['firstname'] : $customer_name['company']),
 				'customerid' => $customer_name['customerid'],
@@ -125,9 +158,16 @@ if($page == 'overview' || $page == 'customers')
 				'nov' => '-',
 				'dec' => '-',
 			);
-			
-			$traffic_list = $db->query("SELECT month, SUM(http+ftp_up+ftp_down+mail)*1024 AS traffic FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE year = " . (date("Y")-$years) . " AND `customerid` = '" . $customer_name['customerid'] . "' GROUP BY month ORDER BY month");
-			while($traffic_month = $db->fetch_array($traffic_list)) {
+
+			$traffic_list_stmt = Database::prepare("
+				SELECT month, SUM(http+ftp_up+ftp_down+mail)*1024 AS traffic
+				FROM `" . TABLE_PANEL_TRAFFIC . "`
+				WHERE year = :year AND `customerid` = :id
+				GROUP BY month ORDER BY month"
+			);
+			Database::pexecute($traffic_list_stmt, array('year' => (date("Y")-$years), 'id' => $customer_name['customerid']));
+
+			while ($traffic_month = $traffic_list_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$virtual_host[$months[(int)$traffic_month['month']]] = size_readable($traffic_month['traffic'], 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');
 				$totals[$months[(int)$traffic_month['month']]] += $traffic_month['traffic'];
 			}
@@ -137,7 +177,7 @@ if($page == 'overview' || $page == 'customers')
 		$virtual_host = array(
 			'name' => $lng['traffic']['months']['total'],
 		);
-		foreach($totals as $month => $bytes) {
+		foreach ($totals as $month => $bytes) {
 			$virtual_host[$month] = ($bytes == 0 ? '-' : size_readable($bytes, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'));
 		}
 		$customerview = 0;
diff --git a/lib/classes/database/class.Database.php b/lib/classes/database/class.Database.php
index ee821428..bde4cc81 100644
--- a/lib/classes/database/class.Database.php
+++ b/lib/classes/database/class.Database.php
@@ -109,7 +109,7 @@ class Database {
 	 * @return mixed
 	 */
 	public static function __callStatic($name, $args) {
-		$callback = array(self::getDB(self::$_needroot), $name);
+		$callback = array(self::getDB(), $name);
 		$result = null;
 		try {
 			$result = call_user_func_array($callback, $args );
@@ -127,7 +127,7 @@ class Database {
 	 *
 	 * @return object
 	 */
-	private static function getDB($root = false) {
+	private static function getDB() {
 
 		if (!extension_loaded('pdo') || in_array("mysql", PDO::getAvailableDrivers()) == false) {
 			self::_showerror(new Exception("The php PDO extension or PDO-MySQL driver is not available"));
@@ -143,7 +143,7 @@ class Database {
 		require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
 
 		// le format
-		if ($root = true
+		if (self::$_needroot == true
 				&& isset($sql['root_user'])
 				&& isset($sql['root_password'])
 				&& (!isset($sql_root) || !is_array($sql_root))
@@ -154,7 +154,7 @@ class Database {
 		}
 
 		// either root or unprivileged user
-		if ($root) {
+		if (self::$_needroot) {
 			$user = $sql_root[self::$_dbserver]['user'];
 			$password = $sql_root[self::$_dbserver]['password'];
 			$host = $sql_root[self::$_dbserver]['host'];