From 36d65bf7ac298f406c1f4a156ad2093eedd76c2a Mon Sep 17 00:00:00 2001 From: BNoiZe Date: Sun, 3 Nov 2013 21:48:57 +0100 Subject: [PATCH] Migrated customer_extras to new PDO database class --- customer_extras.php | 413 +++++++++++++++++++++++--------------------- 1 file changed, 212 insertions(+), 201 deletions(-) diff --git a/customer_extras.php b/customer_extras.php index c42feee1..b75a97e6 100644 --- a/customer_extras.php +++ b/customer_extras.php @@ -25,34 +25,36 @@ define('AREA', 'customer'); require ("./lib/init.php"); -if(isset($_POST['id'])) -{ +if(isset($_POST['id'])) { $id = intval($_POST['id']); -} -elseif(isset($_GET['id'])) -{ +} elseif(isset($_GET['id'])) { $id = intval($_GET['id']); } -if($page == 'overview') -{ +if($page == 'overview') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras"); eval("echo \"" . getTemplate("extras/extras") . "\";"); -} -elseif($page == 'backup') -{ +} elseif($page == 'backup') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras_backup"); - $result = $db->query("SELECT `backup_enabled` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); - $row = $db->fetch_array($result); + $result_stmt = Database::prepare("SELECT `backup_enabled` FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid`= :customerid" + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'])); + $row = $result_stmt->fetch(PDO::FETCH_ASSOC); $backup_enabled = makeyesno('backup_enabled', '1', '0', $row['backup_enabled']); - if(isset($_POST['send']) && $_POST['send'] == 'send'){ - $backup_enabled = ($_POST['backup_enabled'] == '1' ? '1' : '0'); + if(isset($_POST['send']) && $_POST['send'] == 'send') { + $backup_enabled = ($_POST['backup_enabled'] == '1' ? '1' : '0'); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `backup_enabled`='" . $backup_enabled . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); - redirectTo($filename, Array('page' => $page, 's' => $s)); + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `backup_enabled`= :backupenabled + WHERE `customerid`= :customerid" + ); + Database::pexecute($stmt, array("backupenabled" => $backup_enabled, "customerid" => $userinfo['customerid'])); + + redirectTo($filename, Array('page' => $page, 's' => $s)); } $backup_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.backup.php'; @@ -62,19 +64,19 @@ elseif($page == 'backup') $image = $backup_data['backup']['image']; eval("echo \"" . getTemplate("extras/backup") . "\";"); -} -elseif($page == 'htpasswds') -{ - if($action == '') - { +} elseif($page == 'htpasswds') { + if($action == '') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds"); $fields = array( 'username' => $lng['login']['username'], 'path' => $lng['panel']['path'] ); $paging = new paging($userinfo, $db, TABLE_PANEL_HTPASSWDS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); - $result = $db->query("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); - $paging->setEntries($db->num_rows($result)); + $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` + WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'])); + $paging->setEntries(Database::num_rows()); $sortcode = $paging->getHtmlSortCode($lng); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); @@ -83,12 +85,9 @@ elseif($page == 'htpasswds') $count = 0; $htpasswds = ''; - while($row = $db->fetch_array($result)) - { - if($paging->checkDisplay($i)) - { - if(strpos($row['path'], $userinfo['documentroot']) === 0) - { + while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { + if($paging->checkDisplay($i)) { + if(strpos($row['path'], $userinfo['documentroot']) === 0) { $row['path'] = substr($row['path'], strlen($userinfo['documentroot'])); } @@ -101,89 +100,92 @@ elseif($page == 'htpasswds') } eval("echo \"" . getTemplate("extras/htpasswds") . "\";"); - } - elseif($action == 'delete' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); + } elseif($action == 'delete' && $id != 0) { + $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` + WHERE `customerid`= :customerid + AND `id`= :id" + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); - if(isset($result['username']) - && $result['username'] != '') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - $db->query("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='$id'"); + if(isset($result['username']) && $result['username'] != '') { + if(isset($_POST['send']) && $_POST['send'] == 'send') { + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` + WHERE `customerid`= :customerid + AND `id`= :id" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + $log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'"); inserttask('1'); redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { - if(strpos($result['path'], $userinfo['documentroot']) === 0) - { + } else { + if(strpos($result['path'], $userinfo['documentroot']) === 0) { $result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); } ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')'); } } - } - elseif($action == 'add') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif($action == 'add') { + if(isset($_POST['send']) && $_POST['send'] == 'send') { $path = makeCorrectDir(validate($_POST['path'], 'path')); $userpath = $path; $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); $username = validate($_POST['username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/'); $authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/'); validate($_POST['directory_password'], 'password'); - $username_path_check = $db->query_first("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `username`='" . $db->escape($username) . "' AND `path`='" . $db->escape($path) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "'"); + + $username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "` + WHERE `username`= :username + AND `path`= :path + AND `customerid`= :customerid" + ); + $params = array( + "username" => $username, + "path" => $path, + "customerid" => $userinfo['customerid'] + ); + Database::pexecute($username_path_check_stmt, $params); + $username_path_check = $username_path_check_stmt->fetch(PDO::FETCH_ASSOC); - if(CRYPT_STD_DES == 1) - { + if(CRYPT_STD_DES == 1) { $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2); $password = crypt($_POST['directory_password'], $saltfordescrypt); - } - else - { + } else { $password = crypt($_POST['directory_password']); } - if(!$_POST['path']) - { + if(!$_POST['path']) { standard_error('invalidpath'); } - if($username == '') - { + if($username == '') { standard_error(array('stringisempty', 'myloginname')); - } - elseif($username_path_check['username'] == $username - && $username_path_check['path'] == $path) - { + } elseif($username_path_check['username'] == $username && $username_path_check['path'] == $path) { standard_error('userpathcombinationdupe'); - } - elseif($_POST['directory_password'] == '') - { + } elseif($_POST['directory_password'] == '') { standard_error(array('stringisempty', 'mypassword')); - } - elseif($path == '') - { + } elseif($path == '') { standard_error('patherror'); - } - else - { - $db->query("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` (`customerid`, `username`, `password`, `path`, `authname`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($password) . "', '" . $db->escape($path) . "', '" . $db->escape($authname) . "')"); + } else { + $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` + (`customerid`, `username`, `password`, `path`, `authname`) + VALUES (:customerid, :username, :password, :path, :authname)" + ); + $params = array( + "customerid" => $userinfo['customerid'], + "username" => $username, + "password" => $password, + "path" => $path, + "autname" => $authname + ); + Database::pexecute($stmt, $params); $log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'"); inserttask('1'); redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { + } else { $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); $htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php'; @@ -194,59 +196,60 @@ elseif($page == 'htpasswds') eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";"); } - } - elseif($action == 'edit' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); + } elseif($action == 'edit' && $id != 0) { + $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` + WHERE `customerid`= :customerid + AND `id`= :id" + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); - if(isset($result['username']) - && $result['username'] != '') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + if(isset($result['username']) && $result['username'] != '') { + if(isset($_POST['send']) && $_POST['send'] == 'send') { validate($_POST['directory_password'], 'password'); $authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/'); - if(CRYPT_STD_DES == 1) - { + if(CRYPT_STD_DES == 1) { $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2); $password = crypt($_POST['directory_password'], $saltfordescrypt); - } - else - { + } else { $password = crypt($_POST['directory_password']); } - + + $params = array( + "customerid" => $userinfo['customerid'], + "id" => $id + ); + $pwd_sql = ''; - if($_POST['directory_password'] != '') - { - $pwd_sql = "`password`='" . $db->escape($password) . "' "; + if($_POST['directory_password'] != '') { + $pwd_sql = "`password`= :password "; + $params["password"] = $password; } $auth_sql = ''; - if($authname != $result['authname']) - { - $auth_sql = "`authname`='" . $db->escape($authname) . "' "; + if($authname != $result['authname']) { + $auth_sql = "`authname`= :authname "; + $params["authname"] = $authname; } - if($pwd_sql != '' || $auth_sql != '') - { + if($pwd_sql != '' || $auth_sql != '') { if($pwd_sql !='' && $auth_sql != '') { $pwd_sql.= ', '; } - $db->query("UPDATE `" . TABLE_PANEL_HTPASSWDS . "` SET ".$pwd_sql.$auth_sql." WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "` + SET ".$pwd_sql.$auth_sql." + WHERE `customerid`= :customerid + AND `id`= :id" + ); + Database::pexecute($stmt, $params); $log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'"); inserttask('1'); redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { - if(strpos($result['path'], $userinfo['documentroot']) === 0) - { + } else { + if(strpos($result['path'], $userinfo['documentroot']) === 0) { $result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); } @@ -262,11 +265,8 @@ elseif($page == 'htpasswds') } } } -} -elseif($page == 'htaccess') -{ - if($action == '') - { +} elseif($page == 'htaccess') { + if($action == '') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess"); $fields = array( 'path' => $lng['panel']['path'], @@ -277,8 +277,11 @@ elseif($page == 'htaccess') 'options_cgi' => $lng['extras']['execute_perl'] ); $paging = new paging($userinfo, $db, TABLE_PANEL_HTACCESS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); - $result = $db->query("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); - $paging->setEntries($db->num_rows($result)); + $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` + WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'])); + $paging->setEntries(Database::num_rows()); $sortcode = $paging->getHtmlSortCode($lng); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); @@ -289,12 +292,9 @@ elseif($page == 'htaccess') $cperlenabled = customerHasPerlEnabled($userinfo['customerid']); - while($row = $db->fetch_array($result)) - { - if($paging->checkDisplay($i)) - { - if(strpos($row['path'], $userinfo['documentroot']) === 0) - { + while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { + if($paging->checkDisplay($i)) { + if(strpos($row['path'], $userinfo['documentroot']) === 0) { $row['path'] = substr($row['path'], strlen($userinfo['documentroot'])); // don't show nothing wehn it's the docroot, show slash if ($row['path'] == '') { $row['path'] = '/'; } @@ -313,52 +313,47 @@ elseif($page == 'htaccess') } eval("echo \"" . getTemplate("extras/htaccess") . "\";"); - } - elseif($action == 'delete' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); + } elseif($action == 'delete' && $id != 0) { + $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` + WHERE `customerid` = :customerid + AND `id` = :id" + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); - if(isset($result['customerid']) - && $result['customerid'] != '' - && $result['customerid'] == $userinfo['customerid']) - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - $db->query("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); + if(isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) { + if(isset($_POST['send']) && $_POST['send'] == 'send') { + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` + WHERE `customerid`= :customerid + AND `id`= :id" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); $log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'"); inserttask('1'); redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { + } else { ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '', $result['path'])); } } - } - elseif($action == 'add') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif($action == 'add') { + if(isset($_POST['send']) && $_POST['send'] == 'send') { $path = makeCorrectDir(validate($_POST['path'], 'path')); $userpath = $path; $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); - $path_dupe_check = $db->query_first("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `path`='" . $db->escape($path) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "'"); - - if(!$_POST['path']) - { + $path_dupe_check_stmt = Database::prepare("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "` + WHERE `path`= :path + AND `customerid`= :customerid" + ); + Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid'])); + $path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC); + + if(!$_POST['path']) { standard_error('invalidpath'); } - if(isset($_POST['options_cgi']) - && (int)$_POST['options_cgi'] != 0 - ) { + if(isset($_POST['options_cgi']) && (int)$_POST['options_cgi'] != 0) { $options_cgi = '1'; - } - else - { + } else { $options_cgi = '0'; } @@ -366,41 +361,47 @@ elseif($page == 'htaccess') if (isset($_POST['error404path'])) { $error404path = correctErrorDocument($_POST['error404path']); } + $error403path = ''; if (isset($_POST['error403path'])) { $error403path = correctErrorDocument($_POST['error403path']); } + $error500path = ''; if (isset($_POST['error500path'])) { $error500path = correctErrorDocument($_POST['error500path']); } - if($path_dupe_check['path'] == $path) - { + if($path_dupe_check['path'] == $path) { standard_error('errordocpathdupe', $userpath); - } - elseif($path == '') - { + } elseif($path == '') { standard_error('patherror'); - } - else - { - $db->query('INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET - `customerid` = "'.(int)$userinfo['customerid'].'", - `path` = "'.$db->escape($path).'", - `options_indexes` = "'.$db->escape($_POST['options_indexes'] == '1' ? '1' : '0').'", - `error404path` = "'.$db->escape($error404path).'", - `error403path` = "'.$db->escape($error403path).'", - `error500path` = "'.$db->escape($error500path).'", - `options_cgi` = "'.$db->escape($options_cgi).'"'); + } else { + $stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET + `customerid` = :customerid, + `path` = :path, + `options_indexes` = :options_indexes, + `error404path` = :error404path, + `error403path` = :error403path, + `error500path` = :error500path, + `options_cgi` = :options_cgi' + ); + $params = array( + "customerid" => $userinfo['customerid'], + "path" => $path, + "options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0', + "error403path" => $error403path, + "error404path" => $error404path, + "error500path" => $error500path, + "options_cgi" => $options_cgi + ); + Database::pexecute($stmt, $params); $log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'"); inserttask('1'); redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { + } else { $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); $cperlenabled = customerHasPerlEnabled($userinfo['customerid']); /* @@ -416,29 +417,24 @@ elseif($page == 'htaccess') eval("echo \"" . getTemplate("extras/htaccess_add") . "\";"); } - } - elseif(($action == 'edit') - && ($id != 0)) - { - $result = $db->query_first('SELECT * FROM `' . TABLE_PANEL_HTACCESS . '` WHERE `customerid` = "' . (int)$userinfo['customerid'] . '" AND `id` = "' . (int)$id . '"'); + } elseif(($action == 'edit') && ($id != 0)) { + $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` + WHERE `customerid` = :customerid + AND `id` = :id" + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); - if((isset($result['customerid'])) - && ($result['customerid'] != '') - && ($result['customerid'] == $userinfo['customerid'])) - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + if((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) { + if(isset($_POST['send']) && $_POST['send'] == 'send') { $option_indexes = intval($_POST['options_indexes']); $options_cgi = isset($_POST['options_cgi']) ? intval($_POST['options_cgi']) : 0; - if($option_indexes != '1') - { + if($option_indexes != '1') { $option_indexes = '0'; } - if($options_cgi != '1') - { + if($options_cgi != '1') { $options_cgi = '0'; } @@ -447,22 +443,37 @@ elseif($page == 'htaccess') $error500path = correctErrorDocument($_POST['error500path']); if(($option_indexes != $result['options_indexes']) - || ($error404path != $result['error404path']) - || ($error403path != $result['error403path']) - || ($error500path != $result['error500path']) - || ($options_cgi != $result['options_cgi'])) - { + || ($error404path != $result['error404path']) + || ($error403path != $result['error403path']) + || ($error500path != $result['error500path']) + || ($options_cgi != $result['options_cgi'])) { + inserttask('1'); - $db->query('UPDATE `' . TABLE_PANEL_HTACCESS . '` SET `options_indexes` = "' . $db->escape($option_indexes) . '", `error404path` = "' . $db->escape($error404path) . '", `error403path` = "' . $db->escape($error403path) . '", `error500path` = "' . $db->escape($error500path) . '", `options_cgi` = "' . $db->escape($options_cgi) . '" WHERE `customerid` = "' . (int)$userinfo['customerid'] . '" AND `id` = "' . (int)$id . '"'); + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTACCESS . "` + SET `options_indexes` = :options_indexes, + `error404path` = :error404path, + `error403path` = :error403path, + `error500path` = :error500path, + `options_cgi` = :options_cgi + WHERE `customerid` = :customerid + AND `id` = :id" + ); + $params = array( + "customerid" => $userinfo['customerid'], + "options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0', + "error403path" => $error403path, + "error404path" => $error404path, + "error500path" => $error500path, + "options_cgi" => $options_cgi, + "id" => $id + ); + Database::pexecute($stmt, $params); $log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'"); } redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { - if(strpos($result['path'], $userinfo['documentroot']) === 0) - { + } else { + if(strpos($result['path'], $userinfo['documentroot']) === 0) { $result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); // don't show nothing wehn it's the docroot, show slash if ($result['path'] == '') { $result['path'] = '/'; }