From 4cbd92abf30aada5dd857bc93e7de948b27813da Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Thu, 28 Nov 2013 10:58:37 +0100
Subject: [PATCH] migrated lib/init.php to new PDO database class, no more  in
 the frontend now, refs #1287

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 lib/ajax.php |   9 ++--
 lib/init.php | 116 +++++++++++++++++++++++++--------------------------
 2 files changed, 60 insertions(+), 65 deletions(-)

diff --git a/lib/ajax.php b/lib/ajax.php
index a42b2f66..4b09eebd 100644
--- a/lib/ajax.php
+++ b/lib/ajax.php
@@ -2,8 +2,7 @@
 
 /**
  * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
- * Copyright (c) 2010 the Froxlor Team (see authors).
+ * Copyright (c) 2013 the Froxlor Team (see authors).
  *
  * For the full copyright and license information, please view the COPYING
  * file that was distributed with this source code. You can also view the
@@ -31,7 +30,7 @@ if ($action == "newsfeed") {
 	if (function_exists("simplexml_load_file") == false) {
 		die();
 	}
-	
+
 	if (ini_get('allow_url_fopen')) {
 		$news = simplexml_load_file($feed, null, LIBXML_NOCDATA);
 	} else {
@@ -50,11 +49,11 @@ if ($action == "newsfeed") {
 	if ($news !== false) {
 		for ($i = 0; $i < 3; $i++) {
 			$item = $news->channel->item[$i];
-			
+
 			$title = (string)$item->title;
 			$link = (string)$item->link;
 			$content = preg_replace("/[\r\n]+/", "", strip_tags($item->description));
-			
+
 			echo "<div class=\"newsitem\"><a href=\"" . $link . "\" target=\"_blank\"><b>" . $title . "</b><br />" . $content . "</a></div>";
 		}
 	} else {
diff --git a/lib/init.php b/lib/init.php
index a8eb06e1..1163d3d0 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -95,7 +95,7 @@ if (!is_readable(FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php')) {
 /**
  * Includes the Usersettings eg. MySQL-Username/Passwort etc.
  */
-require (FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php');
+require FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php';
 
 if (!isset($sql)
    || !is_array($sql)
@@ -104,43 +104,15 @@ if (!isset($sql)
 	die($config_hint);
 }
 
-// Legacy sql-root-information
-if (isset($sql['root_user'])
-	&& isset($sql['root_password'])
-	&& (!isset($sql_root) || !is_array($sql_root))
-) {
-	$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
-	unset($sql['root_user']);
-	unset($sql['root_password']);
-}
-
 /**
  * Includes the Functions
  */
-require (FROXLOR_INSTALL_DIR.'/lib/functions.php');
+require FROXLOR_INSTALL_DIR.'/lib/functions.php';
 
 /**
  * Includes the MySQL-Tabledefinitions etc.
  */
-require (FROXLOR_INSTALL_DIR.'/lib/tables.inc.php');
-
-/**
- * Includes the MySQL-Connection-Class
- */
-$db = new db($sql['host'], $sql['user'], $sql['password'], $sql['db']);
-unset($sql['password']);
-
-// we will try to unset most of the $sql information if they are not needed
-// by the calling script.
-if (!isset($need_db_sql_data) || $need_db_sql_data !== true) {
-	unset($sql);
-	$sql = array();
-}
-
-if (!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true) {
-	unset($sql_root);
-	$sql_root = array();
-}
+require FROXLOR_INSTALL_DIR.'/lib/tables.inc.php';
 
 /**
  * Create a new idna converter
@@ -207,7 +179,11 @@ if (isset($_POST['s'])) {
 }
 
 $timediff = time() - $settings['session']['sessiontimeout'];
-$db->query('DELETE FROM `' . TABLE_PANEL_SESSIONS . '` WHERE `lastactivity` < "' . (int)$timediff . '"');
+$del_stmt = Database::prepare("
+	DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `lastactivity` < :timediff
+");
+Database::pexecute($del_stmt, array('timediff' => $timediff));
+
 $userinfo = array();
 
 if (isset($s)
@@ -219,25 +195,46 @@ if (isset($s)
 	ini_set("session.use_cookies", false);
 	session_id($s);
 	session_start();
-	$query = 'SELECT `s`.*, `u`.* FROM `' . TABLE_PANEL_SESSIONS . '` `s` LEFT JOIN `';
+	$query = "SELECT `s`.*, `u`.* FROM `" . TABLE_PANEL_SESSIONS . "` `s` LEFT JOIN `";
 
 	if (AREA == 'admin') {
-		$query.= TABLE_PANEL_ADMINS . '` `u` ON (`s`.`userid` = `u`.`adminid`)';
+		$query.= TABLE_PANEL_ADMINS . "` `u` ON (`s`.`userid` = `u`.`adminid`)";
 		$adminsession = '1';
 	} else {
-		$query.= TABLE_PANEL_CUSTOMERS . '` `u` ON (`s`.`userid` = `u`.`customerid`)';
+		$query.= TABLE_PANEL_CUSTOMERS . "` `u` ON (`s`.`userid` = `u`.`customerid`)";
 		$adminsession = '0';
 	}
 
-	$query.= 'WHERE `s`.`hash`="' . $db->escape($s) . '" AND `s`.`ipaddress`="' . $db->escape($remote_addr) . '" AND `s`.`useragent`="' . $db->escape($http_user_agent) . '" AND `s`.`lastactivity` > "' . (int)$timediff . '" AND `s`.`adminsession` = "' . $db->escape($adminsession) . '"';
-	$userinfo = $db->query_first($query);
+	$query.= "WHERE `s`.`hash` = :hash AND `s`.`ipaddress` = :ipaddr
+		AND `s`.`useragent` = :ua AND `s`.`lastactivity` > :timediff
+		AND `s`.`adminsession` = :adminsession
+	";
 
-	if ((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid'])))
-	   && (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')
+	$userinfo_data = array(
+		'hash' => $s,
+		'ipaddr' => $remote_addr,
+		'ua' => $http_user_agent,
+		'timediff' => $timediff,
+		'adminsession' => $adminsession
+	);
+	$userinfo_stmt = Database::prepare($query);
+	$userinfo = Database::pexecute_first($userinfo_stmt, $userinfo_data);
+
+	if ((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid']))
+		|| ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid'])))
+		&& (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')
 	) {
-		$userinfo['newformtoken'] = strtolower(md5(uniqid(microtime(), 1)));
-		$query = 'UPDATE `' . TABLE_PANEL_SESSIONS . '` SET `lastactivity`="' . time() . '", `formtoken`="' . $userinfo['newformtoken'] . '" WHERE `hash`="' . $db->escape($s) . '" AND `adminsession` = "' . $db->escape($adminsession) . '"';
-		$db->query($query);
+		$upd_stmt = Database::prepare("
+			UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
+			`lastactivity` = :lastactive, `formtoken` = NULL
+			WHERE `hash` = :hash AND `adminsession` = :adminsession
+		");
+		$upd_data = array(
+			'lastactive' => time(),
+			'hash' => $s,
+			'adminsession' => $adminsession
+		);
+		Database::pexecute($upd_stmt, $upd_data);
 		$nosession = 0;
 	} else {
 		$nosession = 1;
@@ -254,11 +251,10 @@ $languages = array();
 $iso = array();
 
 // query the whole table
-$query = 'SELECT * FROM `' . TABLE_PANEL_LANGUAGE . '` ';
-$result = $db->query($query);
+$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_LANGUAGE . "`");
 
 // presort languages
-while ($row = $db->fetch_array($result)) {
+while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 	$langs[$row['language']][] = $row;
 	// check for row[iso] cause older froxlor
 	// versions didn't have that and it will
@@ -335,7 +331,7 @@ $linker = new linker('index.php', $s);
 /**
  * global Theme-variable
  */
-$theme = isset($settings['panel']['default_theme']) ? $settings['panel']['default_theme'] : 'Froxlor';
+$theme = isset($settings['panel']['default_theme']) ? $settings['panel']['default_theme'] : 'Sparkle';
 
 /**
  * overwrite with customer/admin theme if defined
@@ -347,12 +343,10 @@ if (isset($userinfo['theme']) && $userinfo['theme'] != $theme) {
 // check for existence of the theme
 if (!file_exists('templates/'.$theme.'/index.tpl')) {
 	// Fallback
-	$theme = 'Froxlor';
+	$theme = 'Sparkle';
 }
 
-/*
- * check for custom header-graphic
- */
+// check for custom header-graphic
 $hl_path = 'templates/'.$theme.'/assets/img';
 $header_logo = $hl_path.'/logo.png';
 
@@ -441,11 +435,12 @@ if ($settings['ticket']['enabled'] == '1') {
 	$opentickets = 0;
 
 	if (AREA == 'admin' && isset($userinfo['adminid'])) {
-		$opentickets = $db->query_first('
-			SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-			WHERE `answerto` = "0" AND (`status` = "0" OR `status` = "1")
-			AND `lastreplier`="0" AND `adminid` = "' . $userinfo['adminid'] . '"
-		');
+		$opentickets_stmt = Database::prepare("
+			SELECT COUNT(`id`) as `count` FROM `" . TABLE_PANEL_TICKETS . "`
+			WHERE `answerto` = '0' AND (`status` = '0' OR `status` = '1')
+			AND `lastreplier` = '0' AND `adminid` = :adminid
+		");
+		$opentickets = Database::pexecute_first($opentickets_stmt, array('adminid' => $userinfo['adminid']));
 		$awaitingtickets = $opentickets['count'];
 
 		if ($opentickets > 0) {
@@ -453,11 +448,12 @@ if ($settings['ticket']['enabled'] == '1') {
 		}
 	}
 	elseif (AREA == 'customer' && isset($userinfo['customerid'])) {
-		$opentickets = $db->query_first('
-			SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-			WHERE `answerto` = "0" AND (`status` = "0" OR `status` = "2")
-			AND `lastreplier`="1" AND `customerid` = "' . $userinfo['customerid'] . '"
-		');
+		$opentickets_stmt = Database::prepare("
+			SELECT COUNT(`id`) as `count` FROM `" . TABLE_PANEL_TICKETS . "`
+			WHERE `answerto` = '0' AND (`status` = '0' OR `status` = '2')
+			AND `lastreplier` = '1' AND `customerid` = :customerid
+		");
+		$opentickets = Database::pexecute_first($opentickets_stmt, array('customerid' => $userinfo['customerid']));
 		$awaitingtickets = $opentickets['count'];
 
 		if ($opentickets > 0) {