From 4735d92a0f589e447b3a37187f6ac23d71431857 Mon Sep 17 00:00:00 2001 From: BNoiZe Date: Thu, 31 Oct 2013 11:51:01 +0100 Subject: [PATCH] Converted to new PDO database class --- customer_autoresponder.php | 173 +++++++--- customer_domains.php | 691 +++++++++++++++++++------------------ customer_index.php | 108 ++++-- 3 files changed, 557 insertions(+), 415 deletions(-) diff --git a/customer_autoresponder.php b/customer_autoresponder.php index b1006b35..1b3bee3f 100644 --- a/customer_autoresponder.php +++ b/customer_autoresponder.php @@ -53,40 +53,73 @@ if ($action == 'add') { ) { standard_error('missingfields'); } - + // Does account exist? - $result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1"); - if ($db->num_rows($result) == 0) { + $stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` + WHERE `customerid` = :customerid + AND `email` = :account + LIMIT 0,1" + ); + Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid'])); + if (Database::num_rows() == 0) { standard_error('accountnotexisting'); } // Does autoresponder exist? - $result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1"); - if ($db->num_rows($result) == 1) { + $stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` + WHERE `customerid` = :customerid + AND `email` = :account + LIMIT 0,1" + ); + Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid'])); + if (Database::num_rows() == 1) { standard_error('autoresponderalreadyexists'); } - - $db->query("INSERT INTO `" . TABLE_MAIL_AUTORESPONDER . "` - SET `email` = '" . $db->escape($account) . "', - `message` = '" . $db->escape($message) . "', - `enabled` = '" . (int)$_POST['active'] . "', - `date_from` = '" . (int)$ts_from . "', - `date_until` = '" . (int)$ts_until . "', - `subject` = '" . $db->escape($subject) . "', - `customerid` = '" . $db->escape((int)$userinfo['customerid']) . "' - "); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_autoresponder_used` = `email_autoresponder_used` + 1 WHERE `customerid` = '" . $db->escape((int)$userinfo['customerid']). "'"); + + // Create autoresponder + $stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_AUTORESPONDER . "` + SET `email` = :account, + `message` = :message, + `enabled` = :enabled, + `date_from` = :date_from, + `date_until` = :date_until, + `subject` = :subject, + `customerid` = :customerid" + ); + $params = array( + "account" => $account, + "message" => $message, + "enabled" => $_POST['active'], + "date_from" => $ts_from, + "date_until" => $ts_until, + "subject" => $subject, + "customerid" => $userinfo['customerid'] + ); + Database::pexecute($stmt, $params); + + // Update email_autoresponder_used count + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `email_autoresponder_used` = `email_autoresponder_used` + 1 + WHERE `customerid` = :customerid" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); redirectTo($filename, Array('s' => $s)); } // Get accounts - $result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` NOT IN (SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "`) ORDER BY email ASC"); - if ($db->num_rows($result) == 0) { + $params = array("customerid" => $userinfo['customerid']); + $acc_stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` + WHERE `customerid` = :customerid + AND `email` NOT IN (SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "`) + ORDER BY email ASC" + ); + Database::pexecute($acc_stmt, $params); + if (Database::num_rows() == 0) { standard_error('noemailaccount'); } $accounts = ''; - while ($row = $db->fetch_array($result)) { + while ($row = $acc_stmt->fetch(PDO::FETCH_ASSOC)) { $accounts .= ''; } @@ -137,41 +170,64 @@ if ($action == 'add') { } // Does account exist? - $result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1"); - if ($db->num_rows($result) == 0) - { + $stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` + WHERE `customerid` = :customerid + AND `email` = :account + LIMIT 0,1" + ); + Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid'])); + if (Database::num_rows() == 0) { standard_error('accountnotexisting'); } // Does autoresponder exist? - $result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1"); - if ($db->num_rows($result) == 0) { + $stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` + WHERE `customerid` = :customerid + AND `email` = :account + LIMIT 0,1" + ); + Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid'])); + if (Database::num_rows() == 0) { standard_error('invalidautoresponder'); } - $ResponderActive = (isset($_POST['active']) && $_POST['active'] == '1') ? 1 : 0; - - $db->query("UPDATE `" . TABLE_MAIL_AUTORESPONDER . "` - SET `message` = '" . $db->escape($message) . "', - `enabled` = '" . (int)$ResponderActive . "', - `date_from` = '" . (int)$ts_from . "', - `date_until` = '" . (int)$ts_until . "', - `subject` = '" . $db->escape($subject) . "' - WHERE `email` = '" . $db->escape($account) . "' - AND `customerid` = '" . $db->escape((int)$userinfo['customerid']) . "' - "); + // Update autoresponder + $stmt = Database::prepare("UPDATE `" . TABLE_MAIL_AUTORESPONDER . "` + SET `message` = :message, + `enabled` = :enabled, + `date_from` = :date_from, + `date_until` = :date_until, + `subject` = :subject + WHERE `email` = :account + AND `customerid` = :customerid" + ); + $params = array( + "account" => $account, + "message" => $message, + "enabled" => $_POST['active'], + "date_from" => $ts_from, + "date_until" => $ts_until, + "subject" => $subject, + "customerid" => $userinfo['customerid'] + ); + Database::pexecute($stmt, $params); redirectTo($filename, Array('s' => $s)); } $email = trim(htmlspecialchars($_GET['email'])); // Get account data - $result = $db->query("SELECT * FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($email) . "' LIMIT 0,1"); - if ($db->num_rows($result) == 0) { + $acc_stmt = Database::prepare("SELECT * FROM `" . TABLE_MAIL_AUTORESPONDER . "` + WHERE `customerid` = :customerid + AND `email` = :account + LIMIT 0,1" + ); + Database::pexecute($acc_stmt, array("account" => $email, "customerid" => $userinfo['customerid'])); + if (Database::num_rows() == 0) { standard_error('invalidautoresponder'); } - $row = $db->fetch_array($result); + $row = $acc_stmt->fetch(PDO::FETCH_ASSOC); $subject = htmlspecialchars($row['subject']); $message = htmlspecialchars($row['message']); @@ -207,22 +263,33 @@ if ($action == 'add') { eval("echo \"" . getTemplate('autoresponder/autoresponder_edit') . "\";"); } elseif ($action == 'delete') { // Delete autoresponder - if (isset($_POST['send']) - && $_POST['send'] == 'send' - ) { + if (isset($_POST['send']) && $_POST['send'] == 'send') { $account = trim($_POST['account']); // Does autoresponder exist? - $result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1"); - if ($db->num_rows($result) == 0) { + $stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` + WHERE `customerid` = :customerid + AND `email` = :account + LIMIT 0,1" + ); + Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid'])); + if (Database::num_rows() == 0) { standard_error('invalidautoresponder'); } - - $db->query("DELETE FROM `" . TABLE_MAIL_AUTORESPONDER . "` - WHERE `email` = '" . $db->escape($account) . "' - AND `customerid` = '" . $db->escape((int)$userinfo['customerid']) . "' - "); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_autoresponder_used` = `email_autoresponder_used` - 1 WHERE `customerid` = '" . $db->escape((int)$userinfo['customerid']). "'"); + + // Delete autoresponder + $stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_AUTORESPONDER . "` + WHERE `email` = :account + AND `customerid` = :customerid" + ); + Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid'])); + + // Update email_autoresponder_used count + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `email_autoresponder_used` = `email_autoresponder_used` - 1 + WHERE `customerid` = :customerid" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); redirectTo($filename, Array('s' => $s)); } @@ -232,9 +299,13 @@ if ($action == 'add') { // List existing autoresponders $autoresponder = ''; $count = 0; - $result = $db->query("SELECT * FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' ORDER BY email ASC"); + $stmt = Database::prepare("SELECT * FROM `" . TABLE_MAIL_AUTORESPONDER . "` + WHERE `customerid` = :customerid + ORDER BY email ASC" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); - while ($row = $db->fetch_array($result)) { + while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { if ($row['date_from'] == -1 && $row['date_until'] == -1) { $activated_date = $lng['panel']['not_activated']; } elseif($row['date_from'] == -1 && $row['date_until'] != -1) { diff --git a/customer_domains.php b/customer_domains.php index 6c9b7fc8..7bee8e3d 100644 --- a/customer_domains.php +++ b/customer_domains.php @@ -25,31 +25,31 @@ define('AREA', 'customer'); require ("./lib/init.php"); -if(isset($_POST['id'])) -{ +if(isset($_POST['id'])) { $id = intval($_POST['id']); -} -elseif(isset($_GET['id'])) -{ +} elseif(isset($_GET['id'])) { $id = intval($_GET['id']); } -if($page == 'overview') -{ +if($page == 'overview') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_domains"); eval("echo \"" . getTemplate("domains/domains") . "\";"); -} -elseif($page == 'domains') -{ - if($action == '') - { +} elseif($page == 'domains') { + if($action == '') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_domains::domains"); $fields = array( 'd.domain' => $lng['domains']['domainname'] ); $paging = new paging($userinfo, $db, TABLE_PANEL_DOMAINS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); - $result = $db->query("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id` LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id` WHERE `d`.`customerid`='" . (int)$userinfo['customerid'] . "' AND `d`.`email_only`='0' AND `d`.`id` <> " . (int)$userinfo['standardsubdomain'] . " " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); - $paging->setEntries($db->num_rows($result)); + $domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d` + LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id` + LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id` + WHERE `d`.`customerid`= :customerid' + AND `d`.`email_only`='0' + AND `d`.`id` <> :standardsubdomain " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() + ); + Database::pexecute($domains_stmt, array("customerid" => $userinfo['customerid'], "standardsubdomain" => $userinfo['standardsubdomain'])); + $paging->setEntries(Database::num_rows()); $sortcode = $paging->getHtmlSortCode($lng); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); @@ -59,15 +59,12 @@ elseif($page == 'domains') $domains_count = 0; $domain_array = array(); - while($row = $db->fetch_array($result)) - { + while($row = $domains_stmt->fetch(PDO::FETCH_ASSOC)) { $row['domain'] = $idna_convert->decode($row['domain']); $row['aliasdomain'] = $idna_convert->decode($row['aliasdomain']); $row['domainalias'] = $idna_convert->decode($row['domainalias']); - if($row['parentdomainid'] == '0' - && $row['caneditdomain'] == '1') - { + if($row['parentdomainid'] == '0' && $row['caneditdomain'] == '1') { $parentdomains_count++; } @@ -76,21 +73,19 @@ elseif($page == 'domains') */ // nothing (ssl_global) $row['domain_hascert'] = 0; - $ssl_result = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid`='".(int)$row['id']."';"); - if (is_array($ssl_result) - && isset($ssl_result['ssl_cert_file']) - && $ssl_result['ssl_cert_file'] != '' - ) { + $ssl_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = :domainid"); + Database::pexecute($ssl_stmt, array("domainid" => $row['id'])); + $ssl_result = $ssl_stmt->fetch(PDO::FETCH_ASSOC); + if (is_array($ssl_result) && isset($ssl_result['ssl_cert_file']) && $ssl_result['ssl_cert_file'] != '') { // own certificate (ssl_customer_green) $row['domain_hascert'] = 1; } else { // check if it's parent has one set (shared) if ($row['parentdomainid'] != 0) { - $ssl_result = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid`='".(int)$row['parentdomainid']."';"); - if (is_array($ssl_result) - && isset($ssl_result['ssl_cert_file']) - && $ssl_result['ssl_cert_file'] != '' - ) { + $ssl_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = :domainid"); + Database::pexecute($ssl_stmt, array("domainid" => $row['parentdomainid'])); + $ssl_result = $ssl_stmt->fetch(PDO::FETCH_ASSOC); + if (is_array($ssl_result) && isset($ssl_result['ssl_cert_file']) && $ssl_result['ssl_cert_file'] != '') { // parent has a certificate (ssl_shared) $row['domain_hascert'] = 2; } @@ -103,42 +98,30 @@ elseif($page == 'domains') ksort($domain_array); $domain_id_array = array(); - foreach($domain_array as $sortkey => $row) - { + foreach($domain_array as $sortkey => $row) { $domain_id_array[$row['id']] = $sortkey; } $domain_sort_array = array(); - foreach($domain_array as $sortkey => $row) - { - if($row['parentdomainid'] == 0) - { + foreach($domain_array as $sortkey => $row) { + if($row['parentdomainid'] == 0) { $domain_sort_array[$sortkey][$sortkey] = $row; - } - else - { + } else { $domain_sort_array[$domain_id_array[$row['parentdomainid']]][$sortkey] = $row; } } $domain_array = array(); - if($paging->sortfield == 'd.domain' - && $paging->sortorder == 'asc') - { + if($paging->sortfield == 'd.domain' && $paging->sortorder == 'asc') { ksort($domain_sort_array); - } - elseif($paging->sortfield == 'd.domain' - && $paging->sortorder == 'desc') - { + } elseif($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') { krsort($domain_sort_array); } $i = 0; - foreach($domain_sort_array as $sortkey => $domain_array) - { - if($paging->checkDisplay($i)) - { + foreach($domain_sort_array as $sortkey => $domain_array) { + if($paging->checkDisplay($i)) { $row = htmlentities_array($domain_array[$sortkey]); if($settings['system']['awstats_enabled'] == '1') { $statsapp = 'awstats'; @@ -147,30 +130,20 @@ elseif($page == 'domains') } eval("\$domains.=\"" . getTemplate("domains/domains_delimiter") . "\";"); - if($paging->sortfield == 'd.domain' - && $paging->sortorder == 'asc') - { + if($paging->sortfield == 'd.domain' && $paging->sortorder == 'asc') { ksort($domain_array); - } - elseif($paging->sortfield == 'd.domain' - && $paging->sortorder == 'desc') - { + } elseif($paging->sortfield == 'd.domain' && $paging->sortorder == 'desc') { krsort($domain_array); } - foreach($domain_array as $row) - { - if(strpos($row['documentroot'], $userinfo['documentroot']) === 0) - { + foreach($domain_array as $row) { + if(strpos($row['documentroot'], $userinfo['documentroot']) === 0) { $row['documentroot'] = makeCorrectDir(substr($row['documentroot'], strlen($userinfo['documentroot']))); } // get ssl-ips if activated $show_ssledit = false; - if ($settings['system']['use_ssl'] == '1' - && domainHasSslIpPort($row['id']) - && $row['caneditdomain'] == '1' - ) { + if ($settings['system']['use_ssl'] == '1' && domainHasSslIpPort($row['id']) && $row['caneditdomain'] == '1') { $show_ssledit = true; } $row = htmlentities_array($row); @@ -182,26 +155,29 @@ elseif($page == 'domains') } eval("echo \"" . getTemplate("domains/domainlist") . "\";"); - } - elseif($action == 'delete' - && $id != 0) - { - $result = $db->query_first("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); - $alias_check = $db->query_first('SELECT COUNT(`id`) AS `count` FROM `' . TABLE_PANEL_DOMAINS . '` WHERE `aliasdomain`=\'' . (int)$id . '\''); - - if(isset($result['parentdomainid']) - && $result['parentdomainid'] != '0' - && $alias_check['count'] == 0) - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - if($result['isemaildomain'] == '1') - { - $emails = $db->query_first('SELECT COUNT(`id`) AS `count` FROM `' . TABLE_MAIL_VIRTUAL . '` WHERE `customerid`=\'' . (int)$userinfo['customerid'] . '\' AND `domainid`=\'' . (int)$id . '\''); - - if($emails['count'] != '0') - { + } elseif($action == 'delete' && $id != 0) { + $stmt = Database::prepare("SELECT `id`, `customerid`, `domain`, `documentroot`, `isemaildomain`, `parentdomainid` FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `customerid` = :customerid + AND `id` = :id" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + $result = $stmt->fetch(PDO::FETCH_ASSOC); + + $alias_stmt = Database::prepare("SELECT COUNT(`id`) AS `count` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `aliasdomain` = :aliasdomain"); + Database::pexecute($alias_stmt, array("aliasdomain" => $id)); + $alias_check = $alias_stmt->fetch(PDO::FETCH_ASSOC); + + if(isset($result['parentdomainid']) && $result['parentdomainid'] != '0' && $alias_check['count'] == 0) { + if(isset($_POST['send']) && $_POST['send'] == 'send') { + if($result['isemaildomain'] == '1') { + $emails_stmt = Database::prepare("SELECT COUNT(`id`) AS `count` FROM `" . TABLE_MAIL_VIRTUAL . "` + WHERE `customerid` = :customerid + AND `domainid` = :domainid" + ); + Database::pexecute($emails_stmt, array("customerid" => $userinfo['customerid'], "domainid" => $id)); + $emails = $emails_stmt->fetch(PDO::FETCH_ASSOC); + + if($emails['count'] != '0') { standard_error('domains_cantdeletedomainwithemail'); } } @@ -209,175 +185,194 @@ elseif($page == 'domains') /* * check for APS packages used with this domain, #110 */ - if(domainHasApsInstances($id)) - { + if(domainHasApsInstances($id)) { standard_error('domains_cantdeletedomainwithapsinstances'); } $log->logAction(USR_ACTION, LOG_INFO, "deleted subdomain '" . $idna_convert->decode($result['domain']) . "'"); - $result = $db->query("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'"); - $result = $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `subdomains_used`=`subdomains_used`-1 WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE + `customerid` = :customerid + AND `id` = :id" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `subdomains_used` = `subdomains_used` - 1 + WHERE `customerid` = :customerid" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); + inserttask('1'); // Using nameserver, insert a task which rebuilds the server config inserttask('4'); redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { + } else { ask_yesno('domains_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $idna_convert->decode($result['domain'])); } - } - else - { + } else { standard_error('domains_cantdeletemaindomain'); } - } - elseif($action == 'add') - { - if($userinfo['subdomains_used'] < $userinfo['subdomains'] - || $userinfo['subdomains'] == '-1') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif($action == 'add') { + if($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') { + if(isset($_POST['send']) && $_POST['send'] == 'send') { $subdomain = $idna_convert->encode(preg_replace(Array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong'))); $domain = $idna_convert->encode($_POST['domain']); - $domain_check = $db->query_first("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `domain`='" . $db->escape($domain) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "' AND `parentdomainid`='0' AND `email_only`='0' AND `caneditdomain`='1' "); - $completedomain = $subdomain . '.' . $domain; - $completedomain_check = $db->query_first("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `domain`='" . $db->escape($completedomain) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "' AND `email_only`='0' AND `caneditdomain` = '1'"); - $aliasdomain = intval($_POST['alias']); - $aliasdomain_check = array( - 'id' => 0 + $domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `domain` = :domain + AND `customerid` = :customerid + AND `parentdomainid` = '0' + AND `email_only` = '0' + AND `caneditdomain` = '1'" ); + Database::pexecute($domain_stmt, array("domain" => $domain, "customerid" => $userinfo['customerid'])); + $domain_check = $domain_stmt->fetch(PDO::FETCH_ASSOC); + + $completedomain = $subdomain . '.' . $domain; + $completedomain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `domain` = :domain + AND `customerid` = :customerid + AND `email_only` = '0' + AND `caneditdomain` = '1'" + ); + Database::pexecute($completedomain_stmt, array("domain" => $completedomain, "customerid" => $userinfo['customerid'])); + $completedomain_check = $completedomain_stmt->fetch(PDO::FETCH_ASSOC); + + $aliasdomain = intval($_POST['alias']); + $aliasdomain_check = array('id' => 0); $_doredirect = false; - if($aliasdomain != 0) - { + if($aliasdomain != 0) { // also check ip/port combination to be the same, #176 - $aliasdomain_check = $db->query_first("SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `".TABLE_DOMAINTOIP."` `dip` WHERE `d`.`aliasdomain` IS NULL AND `d`.`id` = '".(int)$aliasdomain."' AND `c`.`standardsubdomain` <> `d`.`id` AND `d`.`customerid` = '" . (int)$userinfo['customerid'] . "' AND `c`.`customerid` = `d`.`customerid` AND `d`.`id` = `dip`.`id_domain` AND `dip`.`id_ipandports` IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."` WHERE `id_domain` = '".(int)$aliasdomain."') GROUP BY `d`.`domain` ORDER BY `d`.`domain` ASC;"); + $aliasdomain_stmt = Database::prepare("SELECT `d`.`id` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `".TABLE_DOMAINTOIP."` `dip` + WHERE `d`.`aliasdomain` IS NULL + AND `d`.`id` = :id + AND `c`.`standardsubdomain` <> `d`.`id` + AND `d`.`customerid` = :customerid + AND `c`.`customerid` = `d`.`customerid` + AND `d`.`id` = `dip`.`id_domain` + AND `dip`.`id_ipandports` + IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."` + WHERE `id_domain` = :id ) + GROUP BY `d`.`domain + ORDER BY `d`.`domain` ASC;" + ); + Database::pexecute($aliasdomain_stmt, array("id" => $aliasdomain, "customerid" => $userinfo['customerid'])); + $aliasdomain_check = $aliasdomain_stmt->fetch(PDO::FETCH_ASSOC); } - if(isset($_POST['url']) - && $_POST['url'] != '' - && validateUrl($idna_convert->encode($_POST['url']))) - { + if(isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) { $path = $_POST['url']; $_doredirect = true; - } - else - { + } else { $path = validate($_POST['path'], 'path'); } - if(!preg_match('/^https?\:\/\//', $path) - || !validateUrl($idna_convert->encode($path))) - { + if(!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) { // If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings, // set default path to subdomain or domain name - if((($path == '') || ($path == '/')) - && $settings['system']['documentroot_use_default_value'] == 1) - { + if((($path == '') || ($path == '/')) && $settings['system']['documentroot_use_default_value'] == 1) { $path = makeCorrectDir($userinfo['documentroot'] . '/' . $completedomain); - } - else - { + } else { $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); } - if (strstr($path, ":") !== FALSE) - { + if (strstr($path, ":") !== FALSE) { standard_error('pathmaynotcontaincolon'); } - } - else - { + } else { $_doredirect = true; } - if(isset($_POST['openbasedir_path']) - && $_POST['openbasedir_path'] == '1') - { + if(isset($_POST['openbasedir_path']) && $_POST['openbasedir_path'] == '1') { $openbasedir_path = '1'; - } - else - { + } else { $openbasedir_path = '0'; } - if(isset($_POST['ssl_redirect']) - && $_POST['ssl_redirect'] == '1') - { + if(isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') { $ssl_redirect = '1'; - } - else - { + } else { $ssl_redirect = '0'; } - if($path == '') - { + if($path == '') { standard_error('patherror'); - } - elseif($subdomain == '') - { + } elseif($subdomain == '') { standard_error(array('stringisempty', 'domainname')); - } - elseif($subdomain == 'www' && $domain_check['wwwserveralias'] == '1') - { + } elseif($subdomain == 'www' && $domain_check['wwwserveralias'] == '1') { standard_error('wwwnotallowed'); - } - elseif($domain == '') - { + } elseif($domain == '') { standard_error('domaincantbeempty'); - } - elseif(strtolower($completedomain_check['domain']) == strtolower($completedomain)) - { + } elseif(strtolower($completedomain_check['domain']) == strtolower($completedomain)) { standard_error('domainexistalready', $completedomain); - } - elseif(strtolower($domain_check['domain']) != strtolower($domain)) - { + } elseif(strtolower($domain_check['domain']) != strtolower($domain)) { standard_error('maindomainnonexist', $domain); - } - elseif($aliasdomain_check['id'] != $aliasdomain) - { + } elseif($aliasdomain_check['id'] != $aliasdomain) { standard_error('domainisaliasorothercustomer'); - } - else - { + } else { // get the phpsettingid from parentdomain, #107 - $phpsid_result = $db->query_first("SELECT `phpsettingid` FROM `".TABLE_PANEL_DOMAINS."` WHERE `id` = '".(int)$domain_check['id']."'"); - if(!isset($phpsid_result['phpsettingid']) - || (int)$phpsid_result['phpsettingid'] <= 0 - ) { + $phpsid_stmt = Database::prepare("SELECT `phpsettingid` FROM `".TABLE_PANEL_DOMAINS."` + WHERE `id` = :id" + ); + Database::pexecute($phpsid_stmt, array("id" => $domain_check['id'])); + $phpsid_result = $phpsid_stmt->fetch(PDO::FETCH_ASSOC); + + if(!isset($phpsid_result['phpsettingid']) || (int)$phpsid_result['phpsettingid'] <= 0) { // assign default config $phpsid_result['phpsettingid'] = 1; } - $result = $db->query("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET - `customerid` = '" . (int)$userinfo['customerid'] . "', - `domain` = '" . $db->escape($completedomain) . "', - `documentroot` = '" . $db->escape($path) . "', - `aliasdomain` = ".(($aliasdomain != 0) ? "'" . $db->escape($aliasdomain) . "'" : "NULL") .", - `parentdomainid` = '" . (int)$domain_check['id'] . "', - `isemaildomain` = '" . ($domain_check['subcanemaildomain'] == '3' ? '1' : '0') . "', - `openbasedir` = '" . $db->escape($domain_check['openbasedir']) . "', - `openbasedir_path` = '" . $db->escape($openbasedir_path) . "', - `speciallogfile` = '" . $db->escape($domain_check['speciallogfile']) . "', - `specialsettings` = '" . $db->escape($domain_check['specialsettings']) . "', - `ssl_redirect` = '" . $ssl_redirect . "', - `phpsettingid` = '" . $phpsid_result['phpsettingid'] . "'"); + $stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET + `customerid` = :customerid, + `domain` = :domain, + `documentroot` = :documentroot, + `aliasdomain` = :aliasdomain, + `parentdomainid` = :parentdomainid, + `isemaildomain` = :isemaildomain, + `openbasedir` = :openbasedir, + `openbasedir_path` = :openbasedir_path, + `speciallogfile` = :speciallogfile, + `specialsettings` = :specialsettings, + `ssl_redirect` = :ssl_redirect, + `phpsettingid` = :phpsettingid" + ); + $params = array( + "customerid" => $userinfo['customerid'], + "domain" => $completedomain, + "documentroot" => $path, + "aliasdomain" => $aliasdomain != 0 ? $aliasdomain : "NULL", + "parentdomainid" => $domain_check['id'], + "isemaildomain" => $domain_check['subcanemaildomain'] == '3' ? '1' : '0', + "openbasedir" => $domain_check['openbasedir'], + "openbasedir_path" => $openbasedir_path, + "speciallogfile" => $domain_check['speciallogfile'], + "specialsettings" => $domain_check['specialsettings'], + "ssl_redirect" => $ssl_redirect, + "phpsettingid" => $phpsid_result['phpsettingid'] + ); + Database::pexecute($stmt, $params); - $result = $db->query("INSERT INTO `".TABLE_DOMAINTOIP."` (`id_domain`, `id_ipandports`) SELECT LAST_INSERT_ID(), `id_ipandports` FROM `".TABLE_DOMAINTOIP."` WHERE `id_domain` = '" . (int)$domain_check['id'] . "';"); - - if($_doredirect) - { - $did = $db->insert_id(); + if($_doredirect) { + $did = Database::lastInsertId(); $redirect = isset($_POST['redirectcode']) ? (int)$_POST['redirectcode'] : $settings['customredirect']['default']; addRedirectToDomain($did, $redirect); } + + $stmt = Database::prepare("INSERT INTO `".TABLE_DOMAINTOIP."` + (`id_domain`, `id_ipandports`) + SELECT LAST_INSERT_ID(), `id_ipandports` + FROM `".TABLE_DOMAINTOIP."` + WHERE `id_domain` = :id_domain" + ); + Database::pexecute($stmt, array("id_domain" => $domain_check['id'])); - $result = $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `subdomains_used`=`subdomains_used`+1 WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `subdomains_used` = `subdomains_used` + 1 + WHERE `customerid` = :customerid" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); + $log->logAction(USR_ACTION, LOG_INFO, "added subdomain '" . $completedomain . "'"); inserttask('1'); @@ -386,38 +381,49 @@ elseif($page == 'domains') redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { - $result = $db->query("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `parentdomainid`='0' AND `email_only`='0' AND `caneditdomain`='1' ORDER BY `domain` ASC"); + } else { + $stmt = Database::prepare("SELECT `id`, `domain`, `documentroot`, `ssl_redirect`,`isemaildomain` FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `customerid` = :customerid + AND `parentdomainid` = '0' + AND `email_only` = '0' + AND `caneditdomain` = '1' + ORDER BY `domain` ASC" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); $domains = ''; - while($row = $db->fetch_array($result)) - { - $domains.= makeoption($idna_convert->decode($row['domain']), $row['domain']); + while($row = $stmt->fetch(PDO::FETCH_ASSOC)) { + $domains .= makeoption($idna_convert->decode($row['domain']), $row['domain']); } $aliasdomains = makeoption($lng['domains']['noaliasdomain'], 0, NULL, true); - $result_domains = $db->query("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`aliasdomain` IS NULL AND `d`.`id` <> `c`.`standardsubdomain` AND `d`.`customerid`=`c`.`customerid` AND `d`.`email_only`='0' AND `d`.`customerid`=" . (int)$userinfo['customerid'] . " ORDER BY `d`.`domain` ASC"); + $domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`aliasdomain` IS NULL + AND `d`.`id` <> `c`.`standardsubdomain` + AND `d`.`customerid`=`c`.`customerid` + AND `d`.`email_only`='0' + AND `d`.`customerid`= :customerid + ORDER BY `d`.`domain` ASC" + ); + Database::pexecute($domains_stmt, array("customerid" => $userinfo['customerid'])); - while($row_domain = $db->fetch_array($result_domains)) - { - $aliasdomains.= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id']); + while($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) { + $aliasdomains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id']); } $redirectcode = ''; - if($settings['customredirect']['enabled'] == '1') - { + if($settings['customredirect']['enabled'] == '1') { $codes = getRedirectCodesArray(); - foreach($codes as $rc) - { + foreach($codes as $rc) { $redirectcode .= makeoption($rc['code']. ' ('.$lng['redirect_desc'][$rc['desc']].')', $rc['id'], $settings['customredirect']['default']); } } // check if we at least have one ssl-ip/port, #1179 $ssl_ipsandports = ''; - $resultX = $db->query_first("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'"); + $ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'"); + Database::pexecute($ssl_ip_stmt); + $resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC); if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) { $ssl_ipsandports = 'notempty'; } @@ -434,62 +440,53 @@ elseif($page == 'domains') eval("echo \"" . getTemplate("domains/domains_add") . "\";"); } } - } - elseif($action == 'edit' - && $id != 0) - { - $result = $db->query_first("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `pd`.`subcanemaildomain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd` WHERE `d`.`customerid`='" . (int)$userinfo['customerid'] . "' AND `d`.`id`='" . (int)$id . "' AND ((`d`.`parentdomainid`!='0' AND `pd`.`id`=`d`.`parentdomainid`) OR (`d`.`parentdomainid`='0' AND `pd`.`id`=`d`.`id`)) AND `d`.`caneditdomain`='1'"); - $alias_check = $db->query_first('SELECT COUNT(`id`) AS count FROM `' . TABLE_PANEL_DOMAINS . '` WHERE `aliasdomain`=\'' . (int)$result['id'] . '\''); + } elseif($action == 'edit' && $id != 0) { + $stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`, + `d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `pd`.`subcanemaildomain` + FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd` + WHERE `d`.`customerid` = :customerid + AND `d`.`id` = :id + AND ((`d`.`parentdomainid`!='0' + AND `pd`.`id` = `d`.`parentdomainid`) + OR (`d`.`parentdomainid`='0' + AND `pd`.`id` = `d`.`id`)) + AND `d`.`caneditdomain`='1'"); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + $result = $stmt->fetch(PDO::FETCH_ASSOC); + + $alias_stmt = Database::prepare("SELECT COUNT(`id`) AS count FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `aliasdomain`= :aliasdomain"); + Database::pexecute($alias_stmt, array("aliasdomain" => $result['id'])); + $alias_check = $alias_stmt->fetch(PDO::FETCH_ASSOC); $alias_check = $alias_check['count']; $_doredirect = false; - if(isset($result['customerid']) - && $result['customerid'] == $userinfo['customerid']) - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - if(isset($_POST['url']) - && $_POST['url'] != '' - && validateUrl($idna_convert->encode($_POST['url']))) - { + if(isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) { + if(isset($_POST['send']) && $_POST['send'] == 'send') { + if(isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) { $path = $_POST['url']; $_doredirect = true; - } - else - { + } else { $path = validate($_POST['path'], 'path'); } - if(!preg_match('/^https?\:\/\//', $path) - || !validateUrl($idna_convert->encode($path))) - { + if(!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) { // If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings, // set default path to subdomain or domain name - if((($path == '') || ($path == '/')) - && $settings['system']['documentroot_use_default_value'] == 1) - { + if((($path == '') || ($path == '/')) && $settings['system']['documentroot_use_default_value'] == 1) { $path = makeCorrectDir($userinfo['documentroot'] . '/' . $result['domain']); - } - else - { + } else { $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); } - if (strstr($path, ":") !== FALSE) - { + if (strstr($path, ":") !== FALSE) { standard_error('pathmaynotcontaincolon'); } - } - else - { + } else { $_doredirect = true; } $aliasdomain = intval($_POST['alias']); - if(isset($_POST['selectserveralias']) - && $result['parentdomainid'] == '0' - ) { + if(isset($_POST['selectserveralias']) && $result['parentdomainid'] == '0' ) { $iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0'; $wwwserveralias = ($_POST['selectserveralias'] == '1') ? '1' : '0'; } else { @@ -497,67 +494,55 @@ elseif($page == 'domains') $wwwserveralias = '0'; } - if($result['parentdomainid'] != '0' - && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2') - && isset($_POST['isemaildomain'])) - { + if($result['parentdomainid'] != '0' && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2') && isset($_POST['isemaildomain'])) { $isemaildomain = intval($_POST['isemaildomain']); - } - else - { + } else { $isemaildomain = $result['isemaildomain']; } - $aliasdomain_check = array( - 'id' => 0 - ); + $aliasdomain_check = array('id' => 0); - if($aliasdomain != 0) - { - $aliasdomain_check = $db->query_first('SELECT `id` FROM `' . TABLE_PANEL_DOMAINS . '` `d`,`' . TABLE_PANEL_CUSTOMERS . '` `c` WHERE `d`.`customerid`=\'' . (int)$result['customerid'] . '\' AND `d`.`aliasdomain` IS NULL AND `d`.`id`<>`c`.`standardsubdomain` AND `c`.`customerid`=\'' . (int)$result['customerid'] . '\' AND `d`.`id`=\'' . (int)$aliasdomain . '\''); + if($aliasdomain != 0) { + $aliasdomain_stmt = Database::prepare("SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` `d`,`" . TABLE_PANEL_CUSTOMERS . "` `c` + WHERE `d`.`customerid`= :customerid + AND `d`.`aliasdomain` IS NULL + AND `d`.`id`<>`c`.`standardsubdomain` + AND `c`.`customerid`= :customerid + AND `d`.`id`= :id" + ); + Database::pexecute($aliasdomain_stmt, array("customerid" => $result['customerid'], "id" => $aliasdomain)); + $aliasdomain_check = $aliasdomain_stmt->fetch(PDO::FETCH_ASSOC); } - if($aliasdomain_check['id'] != $aliasdomain) - { + if($aliasdomain_check['id'] != $aliasdomain) { standard_error('domainisaliasorothercustomer'); } - if(isset($_POST['openbasedir_path']) - && $_POST['openbasedir_path'] == '1') - { + if(isset($_POST['openbasedir_path']) && $_POST['openbasedir_path'] == '1') { $openbasedir_path = '1'; - } - else - { + } else { $openbasedir_path = '0'; } - if(isset($_POST['ssl_redirect']) - && $_POST['ssl_redirect'] == '1') - { + if(isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') { $ssl_redirect = '1'; - } - else - { + } else { $ssl_redirect = '0'; } - if($path == '') - { + if($path == '') { standard_error('patherror'); - } - else - { - if(($result['isemaildomain'] == '1') - && ($isemaildomain == '0')) - { - $db->query("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `domainid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `domainid`='" . (int)$id . "'"); + } else { + if(($result['isemaildomain'] == '1') && ($isemaildomain == '0')) { + $params = array("customerid" => $userinfo['customerid'], "domainid" => $id); + $stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid`= :customerid AND `domainid`= :domainid"); + Database::pexecute($stmt, $params); + $stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid`= :customerid AND `domainid`= :domainid"); + Database::pexecute($stmt, $params); $log->logAction(USR_ACTION, LOG_NOTICE, "automatically deleted mail-table entries for '" . $idna_convert->decode($result['domain']) . "'"); } - if($_doredirect) - { + if($_doredirect) { $redirect = isset($_POST['redirectcode']) ? (int)$_POST['redirectcode'] : false; updateRedirectOfDomain($id, $redirect); } @@ -568,19 +553,32 @@ elseif($page == 'domains') || $iswildcarddomain != $result['iswildcarddomain'] || $aliasdomain != $result['aliasdomain'] || $openbasedir_path != $result['openbasedir_path'] - || $ssl_redirect != $result['ssl_redirect']) - { + || $ssl_redirect != $result['ssl_redirect']) { $log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'"); - $result = $db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET - `documentroot`='" . $db->escape($path) . "', - `isemaildomain`='" . (int)$isemaildomain . "', - `wwwserveralias`='" . (int)$wwwserveralias . "', - `iswildcarddomain`='" . (int)$iswildcarddomain . "', - `aliasdomain`=" . (($aliasdomain != 0 && $alias_check == 0) ? '\'' . $db->escape($aliasdomain) . '\'' : 'NULL') . ", - `openbasedir_path`='" . $db->escape($openbasedir_path) . "', - `ssl_redirect`='" . $ssl_redirect . "' - WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'" + + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET + `documentroot`= :documentroot, + `isemaildomain`= :isemaildomain, + `wwwserveralias`= :wwwserveralias, + `iswildcarddomain`= :iswildcarddomain, + `aliasdomain`= :aliasdomain, + `openbasedir_path`= :openbasedir_path, + `ssl_redirect`= :ssl_redirect + WHERE `customerid`= :customerid + AND `id`= :id" ); + $params = array( + "documentroot" => $path, + "isemaildomain" => $isemaildomain, + "wwwserveralias" => $wwwserveralias, + "iswildcarddomain" => $iswildcarddomain, + "aliasdomain" => ($aliasdomain != 0 && $alias_check == 0) ? $aliasdomain : 'NULL', + "openbasedir_path" => $openbasedir_path, + "ssl_redirect" => $ssl_redirect, + "customerid" => $userinfo['customerid'], + "id" => $id + ); + Database::pexecute($stmt, $params); inserttask('1'); // Using nameserver, insert a task which rebuilds the server config @@ -590,54 +588,57 @@ elseif($page == 'domains') redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { + } else { $result['domain'] = $idna_convert->decode($result['domain']); $domains = makeoption($lng['domains']['noaliasdomain'], 0, $result['aliasdomain'], true); // also check ip/port combination to be the same, #176 - $result_domains = $db->query("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `".TABLE_DOMAINTOIP."` `dip` WHERE `d`.`aliasdomain` IS NULL AND `d`.`id` <> '".(int)$result['id']."' AND `c`.`standardsubdomain` <> `d`.`id` AND `d`.`customerid` = '" . (int)$userinfo['customerid'] . "' AND `c`.`customerid` = `d`.`customerid` AND `d`.`id` = `dip`.`id_domain` AND `dip`.`id_ipandports` IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."` WHERE `id_domain` = '".(int)$result['id']."') GROUP BY `d`.`domain` ORDER BY `d`.`domain` ASC"); + $domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `".TABLE_DOMAINTOIP."` `dip` + WHERE `d`.`aliasdomain` IS NULL + AND `d`.`id` <> :id + AND `c`.`standardsubdomain` <> `d`.`id` + AND `d`.`customerid` = :customerid + AND `c`.`customerid` = `d`.`customerid` + AND `d`.`id` = `dip`.`id_domain` + AND `dip`.`id_ipandports` + IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."` + WHERE `id_domain` = :id) + GROUP BY `d`.`domain` + ORDER BY `d`.`domain` ASC" + ); + Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid'])); - while($row_domain = $db->fetch_array($result_domains)) - { - $domains.= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']); + while($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) { + $domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']); } - if(preg_match('/^https?\:\/\//', $result['documentroot']) - && validateUrl($idna_convert->encode($result['documentroot'])) - ) { - if($settings['panel']['pathedit'] == 'Dropdown') - { + if(preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) { + if($settings['panel']['pathedit'] == 'Dropdown') { $urlvalue = $result['documentroot']; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); - } - else - { + } else { $urlvalue = ''; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot'], true); } - } - else - { + } else { $urlvalue = ''; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot']); } $redirectcode = ''; - if($settings['customredirect']['enabled'] == '1') - { + if($settings['customredirect']['enabled'] == '1') { $def_code = getDomainRedirectId($id); $codes = getRedirectCodesArray(); - foreach($codes as $rc) - { + foreach($codes as $rc) { $redirectcode .= makeoption($rc['code']. ' ('.$lng['redirect_desc'][$rc['desc']].')', $rc['id'], $def_code); } } // check if we at least have one ssl-ip/port, #1179 $ssl_ipsandports = ''; - $resultX = $db->query_first("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'"); + $ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'"); + Database::pexecute($ssl_ip_stmt); + $resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC); if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) { $ssl_ipsandports = 'notempty'; } @@ -655,10 +656,16 @@ elseif($page == 'domains') $serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_wildcard'], '0', $_value, true, true); $serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_www'], '1', $_value, true, true); $serveraliasoptions .= makeoption($lng['domains']['serveraliasoption_none'], '2', $_value, true, true); - - $resultips = $db->query("SELECT `p`.`ip` AS `ip` FROM `".TABLE_PANEL_IPSANDPORTS."` `p` LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` ON ( `dip`.`id_ipandports` = `p`.`id` ) WHERE `dip`.`id_domain` = '".(int)$result['id']."' GROUP BY `p`.`ip`"); + + $ips_stmt = Database::prepare("SELECT `p`.`ip` AS `ip` FROM `".TABLE_PANEL_IPSANDPORTS."` `p` + LEFT JOIN `".TABLE_DOMAINTOIP."` `dip` + ON ( `dip`.`id_ipandports` = `p`.`id` ) + WHERE `dip`.`id_domain` = :id_domain + GROUP BY `p`.`ip`" + ); + Database::pexecute($ips_stmt, array("id_domain" => $result['id'])); $result_ipandport['ip'] = ''; - while ($rowip = $db->fetch_array($resultips)) { + while ($rowip = $ips_stmt->fetch(PDO::FETCH_ASSOC)) { $result_ipandport['ip'] .= $rowip['ip'] . "
"; } @@ -673,21 +680,14 @@ elseif($page == 'domains') eval("echo \"" . getTemplate("domains/domains_edit") . "\";"); } - } - else - { + } else { standard_error('domains_canteditdomain'); } } -} -elseif ($page == 'domainssleditor') { +} elseif ($page == 'domainssleditor') { - if ($action == '' - || $action == 'view' - ) { - if (isset($_POST['send']) - && $_POST['send'] == 'send' - ) { + if ($action == '' || $action == 'view') { + if (isset($_POST['send']) && $_POST['send'] == 'send') { $ssl_cert_file = isset($_POST['ssl_cert_file']) ? $_POST['ssl_cert_file'] : ''; $ssl_key_file = isset($_POST['ssl_key_file']) ? $_POST['ssl_key_file'] : ''; @@ -716,10 +716,7 @@ elseif ($page == 'domainssleditor') { // subject name, issuer name, purposes, valid from and valid to dates etc. $cert_content = openssl_x509_parse($ssl_cert_file); - if (is_array($cert_content) - && isset($cert_content['subject']) - && isset($cert_content['subject']['CN']) - ) { + if (is_array($cert_content) && isset($cert_content['subject']) && isset($cert_content['subject']['CN'])) { // TODO self-signed certs might differ and don't need/want this /* $domain = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAINS."` WHERE `id`='".(int)$id."'"); @@ -761,13 +758,21 @@ elseif ($page == 'domainssleditor') { $qrystart = "INSERT INTO "; $qrywhere = ", "; } - $db->query($qrystart." `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` SET - `ssl_cert_file` = '".$db->escape($ssl_cert_file)."', - `ssl_key_file` = '".$db->escape($ssl_key_file)."', - `ssl_ca_file` = '".$db->escape($ssl_ca_file)."', - `ssl_cert_chainfile` = '".$db->escape($ssl_cert_chainfile)."' - ".$qrywhere." `domainid`='".(int)$id."';" + $stmt = Database::prepare($qrystart." `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` SET + `ssl_cert_file` = :ssl_cert_file, + `ssl_key_file` = :ssl_key_file, + `ssl_ca_file` = :ssl_ca_file, + `ssl_cert_chainfile` = :ssl_cert_chainfile + ".$qrywhere." `domainid`= :domainid" ); + $params = array( + "ssl_cert_file" => $ssl_cert_file, + "ssl_key_file" => $ssl_key_file, + "ssl_ca_file" => $ssl_ca_file, + "ssl_cert_chainfile" => $ssl_cert_chainfile, + "domainid" => $id + ); + Database::pexecute($stmt, $params); // insert task to re-generate webserver-configs (#1260) inserttask('1'); @@ -776,9 +781,11 @@ elseif ($page == 'domainssleditor') { redirectTo($filename, array('page' => 'domains', 's' => $s)); } - $result = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` - WHERE `domainid`='".(int)$id."';" + $stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` + WHERE `domainid`= :domainid" ); + Database::pexecute($stmt, array("domainid" => $id)); + $result = $stmt->fetch(PDO::FETCH_ASSOC); $do_insert = false; // if no entry can be found, behave like we have empty values diff --git a/customer_index.php b/customer_index.php index 2e2cc872..c4871568 100644 --- a/customer_index.php +++ b/customer_index.php @@ -27,22 +27,40 @@ require('./lib/init.php'); if ($action == 'logout') { $log->logAction(USR_ACTION, LOG_NOTICE, 'logged out'); - $query = "DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['customerid'] . "' AND `adminsession` = '0'"; + $params = array("customerid" => $userinfo['customerid']); if ($settings['session']['allow_multiple_login'] == '1') { - $query .= " AND `hash` = '" . $s . "'"; + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` + WHERE `userid` = :customerid + AND `adminsession` = '0' + AND `hash` = :hash" + ); + $params["hash"] = $s; + } else { + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` + WHERE `userid` = :customerid + AND `adminsession` = '0'" + ); } - $db->query($query); + Database::pexecute($stmt, $params); + redirectTo('index.php'); exit; } if ($page == 'overview') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_index"); + + $domain_stmt = Database::prepare("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `customerid` = :customerid + AND `parentdomainid` = '0' + AND `id` <> :standardsubdomain" + ); + Database::pexecute($domain_stmt, array("customerid" => $userinfo['customerid'], "standardsubdomain" => $userinfo['standardsubdomain'])); + $domains = ''; - $result = $db->query("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `parentdomainid`='0' AND `id` <> '" . (int)$userinfo['standardsubdomain'] . "' "); $domainArray = array(); - while ($row = $db->fetch_array($result)) { + while ($row = $domain_stmt->fetch(PDO::FETCH_ASSOC)) { $domainArray[] = $idna_convert->decode($row['domain']); } @@ -52,9 +70,6 @@ if ($page == 'overview') { $yesterday = time() - (60 * 60 * 24); $month = date('M Y', $yesterday); - /* $traffic=$db->query_first("SELECT SUM(http) AS http_sum, SUM(ftp_up) AS ftp_up_sum, SUM(ftp_down) AS ftp_down_sum, SUM(mail) AS mail_sum FROM ".TABLE_PANEL_TRAFFIC." WHERE year='".date('Y')."' AND month='".date('m')."' AND day<='".date('d')."' AND customerid='".$userinfo['customerid']."'"); - $userinfo['traffic_used']=$traffic['http_sum']+$traffic['ftp_up_sum']+$traffic['ftp_down_sum']+$traffic['mail_sum'];*/ - $userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, $settings['panel']['decimal_places']); $userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, $settings['panel']['decimal_places']); $userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']); @@ -91,28 +106,57 @@ if ($page == 'overview') { } elseif($new_password != $new_password_confirm) { standard_error('newpasswordconfirmerror'); } else { - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `password`='" . md5($new_password) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `password`='" . md5($old_password) . "'"); + // Update user password + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `password` = :newpassword + WHERE `customerid` = :customerid + AND `password` = :oldpassword" + ); + $params = array( + "newpassword" => md5($new_password), + "customerid" => $userinfo['customerid'], + "oldpassword" => md5($old_password) + ); + Database::pexecute($stmt, $params); $log->logAction(USR_ACTION, LOG_NOTICE, 'changed password'); - if (isset($_POST['change_main_ftp']) - && $_POST['change_main_ftp'] == 'true' - ) { + // Update ftp password + if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') { $cryptPassword = makeCryptPassword($new_password); - $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'"); + $stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "` + SET `password` = :password + WHERE `customerid` = :customerid + AND `username` = :username" + ); + $params = array( + "password" => $cryptPassword, + "customerid" => $userinfo['customerid'], + "username" => $userinfo['loginname'] + ); + Database::pexecute($stmt, $params); $log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password'); } - if (isset($_POST['change_webalizer']) - && $_POST['change_webalizer'] == 'true' - ) { + // Update webalizer password + if (isset($_POST['change_webalizer']) && $_POST['change_webalizer'] == 'true') { if (CRYPT_STD_DES == 1) { $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2); $new_webalizer_password = crypt($new_password, $saltfordescrypt); } else { $new_webalizer_password = crypt($new_password); } - - $db->query("UPDATE `" . TABLE_PANEL_HTPASSWDS . "` SET `password`='" . $db->escape($new_webalizer_password) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'"); + + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "` + SET `password` = :password + WHERE `customerid` = :customerid + AND `username` = :username" + ); + $params = array( + "password" => $new_webalizer_password, + "customerid" => $userinfo['customerid'], + "username" => $userinfo['loginname'] + ); + Database::pexecute($stmt, $params); } redirectTo($filename, Array('s' => $s)); @@ -124,8 +168,18 @@ if ($page == 'overview') { if (isset($_POST['send']) && $_POST['send'] == 'send') { $def_language = validate($_POST['def_language'], 'default language'); if (isset($languages[$def_language])) { - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `def_language`='" . $db->escape($def_language) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); - $db->query("UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `language`='" . $db->escape($def_language) . "' WHERE `hash`='" . $db->escape($s) . "'"); + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `def_language` = :lang + WHERE `customerid` = :customerid" + ); + Database::pexecute($stmt, array("lang" => $def_language, "customerid" => $userinfo['customerid'])); + + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "` + SET `language` = :lang + WHERE `hash` = :hash" + ); + Database::pexecute($stmt, array("lang" => $def_language, "hash" => $s)); + $log->logAction(USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'"); } @@ -147,8 +201,18 @@ if ($page == 'overview') { if (isset($_POST['send']) && $_POST['send'] == 'send') { $theme = validate($_POST['theme'], 'theme'); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `theme`='" . $db->escape($theme) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"); - $db->query("UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `theme`='" . $db->escape($theme) . "' WHERE `hash`='" . $db->escape($s) . "'"); + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `theme` = :theme + WHERE `customerid` = :customerid" + ); + Database::pexecute($stmt, array("theme" => $theme, "customerid" => $userinfo['customerid'])); + + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "` + SET `theme` = :theme + WHERE `hash` = :hash" + ); + Database::pexecute($stmt, array("theme" => $theme, "hash" => $s)); + $log->logAction(USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'"); redirectTo($filename, Array('s' => $s)); } else {