From 96525584e23fb40b723705a960b05240f63f1509 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Tue, 5 Nov 2013 13:51:05 +0100 Subject: [PATCH 01/11] fix typo in prepared-statement-replacer, refs #1287 Signed-off-by: Michael Kaufmann (d00p) --- customer_mysql.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/customer_mysql.php b/customer_mysql.php index 3c349281..ecce920b 100644 --- a/customer_mysql.php +++ b/customer_mysql.php @@ -211,7 +211,7 @@ if ($page == 'overview') { ); $params = array( "customerid" => $userinfo['customerid'], - "username" => $username, + "databasename" => $username, "description" => $databasedescription, "dbserver" => $dbserver ); From 388156b7b8d066d6a4128b6e53eb214cab894a21 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 08:46:45 +0100 Subject: [PATCH 02/11] migrated admin-customers to PDO database class, refs #1287 Signed-off-by: Michael Kaufmann (d00p) --- admin_customers.php | 1511 +++++++++++++++++++++++-------------------- admin_tickets.php | 5 - 2 files changed, 811 insertions(+), 705 deletions(-) diff --git a/admin_customers.php b/admin_customers.php index 075b9365..58dbd5b7 100644 --- a/admin_customers.php +++ b/admin_customers.php @@ -18,28 +18,18 @@ */ define('AREA', 'admin'); - -/** - * Include our init.php, which manages Sessions, Language etc. - */ - -$need_root_db_sql_data = true; require ("./lib/init.php"); -if(isset($_POST['id'])) -{ +if (isset($_POST['id'])) { $id = intval($_POST['id']); -} -elseif(isset($_GET['id'])) -{ +} elseif(isset($_GET['id'])) { $id = intval($_GET['id']); } -if($page == 'customers' - && $userinfo['customers'] != '0') -{ - if($action == '') - { +if ($page == 'customers' + && $userinfo['customers'] != '0' +) { + if ($action == '') { // clear request data unset($_SESSION['requestData']); @@ -63,8 +53,19 @@ if($page == 'customers' $paging = new paging($userinfo, $db, TABLE_PANEL_CUSTOMERS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $customers = ''; - $result = $db->query("SELECT `c`.*, `a`.`loginname` AS `adminname` " . "FROM `" . TABLE_PANEL_CUSTOMERS . "` `c`, `" . TABLE_PANEL_ADMINS . "` `a` " . "WHERE " . ($userinfo['customers_see_all'] ? '' : " `c`.`adminid` = '" . (int)$userinfo['adminid'] . "' AND ") . "`c`.`adminid`=`a`.`adminid` " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy($settings['panel']['natsorting']) . " " . $paging->getSqlLimit()); - $paging->setEntries($db->num_rows($result)); + $result_stmt = Database::prepare(" + SELECT `c`.*, `a`.`loginname` AS `adminname` + FROM `" . TABLE_PANEL_CUSTOMERS . "` `c`, `" . TABLE_PANEL_ADMINS . "` `a` + WHERE " . + ($userinfo['customers_see_all'] ? '' : " `c`.`adminid` = :adminid AND ") . " + `c`.`adminid` = `a`.`adminid` " . + $paging->getSqlWhere(true) . " " . + $paging->getSqlOrderBy($settings['panel']['natsorting']) . " " . + $paging->getSqlLimit() + ); + Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'])); + $num_rows = Database::num_rows(); + $paging->setEntries($num_rows); $sortcode = $paging->getHtmlSortCode($lng, true); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); @@ -72,11 +73,19 @@ if($page == 'customers' $i = 0; $count = 0; - while($row = $db->fetch_array($result)) - { - if($paging->checkDisplay($i)) - { - $domains = $db->query_first("SELECT COUNT(`id`) AS `domains` " . "FROM `" . TABLE_PANEL_DOMAINS . "` " . "WHERE `customerid`='" . (int)$row['customerid'] . "' AND `parentdomainid`='0' AND `id`<> '" . (int)$row['standardsubdomain'] . "'"); + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { + + if ($paging->checkDisplay($i)) { + + $domains_stmt = Database::prepare(" + SELECT COUNT(`id`) AS `domains` + FROM `" . TABLE_PANEL_DOMAINS . "` + WHERE `customerid` = :cid + AND `parentdomainid` = '0' + AND `id`<> :stdd" + ); + Database::pexecute($domains_stmt, array('cid' => $row['customerid'], 'stdd' => $row['standardsubdomain'])); + $domains = $domains_stmt->fetch(PDO::FETCH_ASSOC); $row['domains'] = intval($domains['domains']); $row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']); $row['traffic'] = round($row['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']); @@ -105,7 +114,7 @@ if($page == 'customers' } $islocked = 0; - if($row['loginfail_count'] >= $settings['login']['maxloginattempts'] + if ($row['loginfail_count'] >= $settings['login']['maxloginattempts'] && $row['lastlogin_fail'] > (time() - $settings['login']['deactivatetime']) ) { $islocked = 1; @@ -120,196 +129,253 @@ if($page == 'customers' $i++; } - $customercount = $db->num_rows($result); + $customercount = $num_rows; eval("echo \"" . getTemplate("customers/customers") . "\";"); - } - elseif($action == 'su' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$id . "' " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' ")); + + } elseif($action == 'su' + && $id != 0 + ) { + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid` = :id" . + ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") + ); + Database::pexecute($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid'])); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + $destination_user = $result['loginname']; - if($destination_user != '') - { + if ($destination_user != '') { + if ($result['deactivated'] == '1') { standard_error("usercurrentlydeactivated", $destination_user); } - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid`='" . (int)$userinfo['userid'] . "' AND `hash`='" . $db->escape($s) . "'"); + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_SESSIONS . "` + WHERE `userid` = :id + AND `hash` = :hash" + ); + Database::pexecute($result_stmt, array('id' => $userinfo['userid'], 'hash' => $s)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); $s = md5(uniqid(microtime(), 1)); - $db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) VALUES ('" . $db->escape($s) . "', '" . (int)$id . "', '" . $db->escape($result['ipaddress']) . "', '" . $db->escape($result['useragent']) . "', '" . time() . "', '" . $db->escape($result['language']) . "', '0')"); - $log->logAction(ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'"); - redirectTo('customer_index.php', Array('s' => $s), true); - } - else - { - redirectTo('index.php', Array('action' => 'login')); - } - } - elseif($action == 'unlock' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$id . "' " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . $db->escape($userinfo['adminid']) . "' ")); - - if($result['loginname'] != '') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - $result = $db->query("UPDATE - `" . TABLE_PANEL_CUSTOMERS . "` - SET - `loginfail_count` = '0' - WHERE - `customerid`= '" . (int)$id . "'" + $insert = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET + `hash` = :hash, + `userid` = :id, + `ipaddress` = :ip, + `useragent` = :ua, + `lastactivity` = :lastact, + `language` = :lang, + `adminsession` = '0'" ); - redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { + Database::pexecute($stmt, array( + 'hash' => $s, + 'id' => $id, + 'ip' => $result['ipaddress'], + 'ua' => $result['useragent'], + 'lastact' => time(), + 'lang' => $result['language'] + )); + $log->logAction(ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'"); + redirectTo('customer_index.php', array('s' => $s), true); + + } else { + redirectTo('index.php', array('action' => 'login')); + } + + } elseif($action == 'unlock' + && $id != 0 + ) { + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid` = :id" . + ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") + ); + Database::pexecute($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid'])); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + + if ($result['loginname'] != '') { + + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $result_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `loginfail_count` = '0' + WHERE `customerid`= :id" + ); + Database::pexecute($result_stmt, array('id' => $id)); + redirectTo($filename, array('page' => $page, 's' => $s)); + + } else { ask_yesno('customer_reallyunlock', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']); } } - } - elseif($action == 'delete' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$id . "' " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . $db->escape($userinfo['adminid']) . "' ")); - if($result['loginname'] != '') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - $databases = $db->query("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid='" . (int)$id . "' ORDER BY `dbserver`"); - $db_root = new db($sql_root[0]['host'], $sql_root[0]['user'], $sql_root[0]['password'], ''); + } elseif ($action == 'delete' + && $id != 0 + ) { + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid` = :id" . + ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") + ); + Database::pexecute($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid'])); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + + if ($result['loginname'] != '') { + + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $databases_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_DATABASES . "` + WHERE `customerid` = :id ORDER BY `dbserver`" + ); + Database::pexecute($databases_stmt, array('id' => $id)); + Database::needRoot(true); $last_dbserver = 0; - while($row_database = $db->fetch_array($databases)) - { - if($last_dbserver != $row_database['dbserver']) - { - $db_root->query('FLUSH PRIVILEGES;'); - $db_root->close(); - $db_root = new db($sql_root[$row_database['dbserver']]['host'], $sql_root[$row_database['dbserver']]['user'], $sql_root[$row_database['dbserver']]['password'], ''); + while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) { + + if ($last_dbserver != $row_database['dbserver']) { + Database::needRoot(true, $row_database['dbserver']); + Database::query('FLUSH PRIVILEGES;'); $last_dbserver = $row_database['dbserver']; } - if(mysql_get_server_info() < '5.0.2') { + if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') { // failsafe if user has been deleted manually (requires MySQL 4.1.2+) - $db_root->query('REVOKE ALL PRIVILEGES, GRANT OPTION FROM \'' . $db_root->escape($row_database['databasename']) .'\'',false,true); + $stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM `".$row_database['databasename']."`"); + Database::pexecute($stmt, array(), false); } - $host_res = $db_root->query("SELECT `Host` FROM `mysql`.`user` WHERE `User`='" . $db_root->escape($row_database['databasename']) . "'"); - while($host = $db_root->fetch_array($host_res)) - { + $host_res_stmt = Database::prepare(" + SELECT `Host` FROM `mysql`.`user` + WHERE `User` = :dbname" + ); + Database::pexecute($host_res_stmt, array('dbname' => $row_database['databasename'])); + while ($host = $host_res_stmt->fetch(PDO::FETCH_ASSOC)) { // as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+) - $db_root->query('DROP USER \'' . $db_root->escape($row_database['databasename']). '\'@\'' . $db_root->escape($host['Host']) . '\'', false, true); - + $drop_stmt = Database::prepare("DROP USER :dbname@:host"); + Database::pexecute($drop_stmt, array(':dbname' => $row_database['databasename'], ':host' => $host['Host']), false); } - $db_root->query('DROP DATABASE IF EXISTS `' . $db_root->escape($row_database['databasename']) . '`'); + $drop_stmt = Database::prepare("DROP DATABASE IF EXISTS `".$row_database['databasename']."`"); + Database::pexecute($drop_stmt); } - $db_root->query('FLUSH PRIVILEGES;'); - $db_root->close(); - $db->query("DELETE FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$id . "'"); - $domains_deleted = $db->affected_rows(); - $db->query("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid`='" . (int)$id . "' AND `adminsession` = '0'"); - $db->query("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid`='" . (int)$id . "'"); - $result2 = $db->query("SELECT `username` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$id . "'"); - while($row = $db->fetch_array($result2)) - { - $db->query("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name`='" . $row['username'] . "'"); + Database::query('FLUSH PRIVILEGES;'); + Database::needRoot(false); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $domains_deleted = $stmt->rowCount(); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` WHERE` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `customerid` = :id AND `adminsession` = '0'"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $result2_stmt = Database::prepare("SELECT `username` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid` = :id"); + Database::pexecute($result2_stmt, array('id' => $id)); + while ($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) { + $stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = :name"); + Database::pexecute($stmt, array('name' => $row['username'])); } - $db->query("DELETE FROM `" . TABLE_FTP_GROUPS . "` WHERE `customerid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid`='" . (int)$id . "'"); + $stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_GROUPS . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_USERS . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); + $stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = :id"); + Database::pexecute($stmt, array('id' => $id)); // Delete all waiting "create user" -tasks for this user, #276 // Note: the WHERE selects part of a serialized array, but it should be safe this way - $db->query("DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` = '2' AND `data` LIKE '%:\"" . $db->escape($result['loginname']) . "\";%';"); + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_TASKS . "` + WHERE `type` = '2' AND `data` LIKE :loginname" + ); + Database::pexecute($del_stmt, array(':loginname' => "%:{$result['loginname']};%")); // remove everything APS-related, #216 - $apsresult = $db->query("SELECT `ID` FROM `".TABLE_APS_INSTANCES."` WHERE `CustomerID`='".(int)$id."'"); - while($apsrow = $db->fetch_array($apsresult)) - { + $apsresult_stmt = Database::prepare("SELECT `ID` FROM `".TABLE_APS_INSTANCES."` WHERE `CustomerID` = :id"); + Database::pexecute($apsresult_stmt, array('id' => $id)); + + while ($apsrow = $apsresult_stmt->fetch(PDO::FETCH_ASSOC)) { // remove all package related settings - $db->query("DELETE FROM `".TABLE_APS_SETTINGS."` WHERE `InstanceID` = '".(int)$apsrow['ID']."'"); + $del_stmt = Database::prepare("DELETE FROM `".TABLE_APS_SETTINGS."` WHERE `InstanceID` = :iid"); + Database::pexecute($del_stmt, array('iid' => $apsrow['ID'])); // maybe some leftovers in the tasks - $db->query("DELETE FROM `".TABLE_APS_TASKS."` WHERE `InstanceID` = '".(int)$apsrow['ID']."'"); + $del_stmt = Database::prepare("DELETE FROM `".TABLE_APS_TASKS."` WHERE `InstanceID` = :iid"); + Database::pexecute($del_stmt, array('iid' => $apsrow['ID'])); } // now remove all user instances - $db->query("DELETE FROM `".TABLE_APS_INSTANCES."` WHERE `CustomerID`='".(int)$id."'"); + $stmt = Database::prepare("DELETE FROM `".TABLE_APS_INSTANCES."` WHERE `CustomerID` = :id'"); + Database::pexecute($stmt, array('id' => $id)); // eventually some temp-setting-leftovers - $db->query("DELETE FROM `".TABLE_APS_TEMP_SETTINGS."` WHERE `CustomerID`='".(int)$id."'"); + $stmt = Database::prepare("DELETE FROM `".TABLE_APS_TEMP_SETTINGS."` WHERE `CustomerID` = :id"); + Database::pexecute($stmt, array('id' => $id)); // eof APS-related removings, #216 $admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` - 1 "; $admin_update_query.= ", `domains_used` = `domains_used` - 0" . (int)($domains_deleted - $result['subdomains_used']); - if($result['mysqls'] != '-1') - { + if ($result['mysqls'] != '-1') { $admin_update_query.= ", `mysqls_used` = `mysqls_used` - 0" . (int)$result['mysqls']; } - if($result['emails'] != '-1') - { + if ($result['emails'] != '-1') { $admin_update_query.= ", `emails_used` = `emails_used` - 0" . (int)$result['emails']; } - if($result['email_accounts'] != '-1') - { + if ($result['email_accounts'] != '-1') { $admin_update_query.= ", `email_accounts_used` = `email_accounts_used` - 0" . (int)$result['email_accounts']; } - if($result['email_forwarders'] != '-1') - { + if ($result['email_forwarders'] != '-1') { $admin_update_query.= ", `email_forwarders_used` = `email_forwarders_used` - 0" . (int)$result['email_forwarders']; } - if($result['email_quota'] != '-1') - { + if ($result['email_quota'] != '-1') { $admin_update_query.= ", `email_quota_used` = `email_quota_used` - 0" . (int)$result['email_quota']; } - if($result['email_autoresponder'] != '-1') - { + if ($result['email_autoresponder'] != '-1') { $admin_update_query.= ", `email_autoresponder_used` = `email_autoresponder_used` - 0" . (int)$result['email_autoresponder']; } - if($result['subdomains'] != '-1') - { + if ($result['subdomains'] != '-1') { $admin_update_query.= ", `subdomains_used` = `subdomains_used` - 0" . (int)$result['subdomains']; } - if($result['ftps'] != '-1') - { + if ($result['ftps'] != '-1') { $admin_update_query.= ", `ftps_used` = `ftps_used` - 0" . (int)$result['ftps']; } - if($result['tickets'] != '-1') - { + if ($result['tickets'] != '-1') { $admin_update_query.= ", `tickets_used` = `tickets_used` - 0" . (int)$result['tickets']; } - if($result['aps_packages'] != '-1') - { + if ($result['aps_packages'] != '-1') { $admin_update_query.= ", `aps_packages_used` = `aps_packages_used` - 0" . (int)$result['aps_packages']; } - if(($result['diskspace'] / 1024) != '-1') - { + if (($result['diskspace'] / 1024) != '-1') { $admin_update_query.= ", `diskspace_used` = `diskspace_used` - 0" . (int)$result['diskspace']; } $admin_update_query.= " WHERE `adminid` = '" . (int)$result['adminid'] . "'"; - $db->query($admin_update_query); + Database::query($admin_update_query); $log->logAction(ADM_ACTION, LOG_INFO, "deleted user '" . $result['loginname'] . "'"); inserttask('1'); @@ -329,10 +395,8 @@ if($page == 'customers' * move old tickets to archive */ $tickets = ticket::customerHasTickets($db, $id); - if($tickets !== false && isset($tickets[0])) - { - foreach($tickets as $ticket) - { + if ($tickets !== false && isset($tickets[0])) { + foreach ($tickets as $ticket) { $now = time(); $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$ticket); $mainticket->Set('lastchange', $now, true, true); @@ -343,23 +407,21 @@ if($page == 'customers' $log->logAction(ADM_ACTION, LOG_NOTICE, "archived ticket '" . $mainticket->Get('subject') . "'"); } } + redirectTo($filename, array('page' => $page, 's' => $s)); - redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { + } else { ask_yesno_withcheckbox('admin_customer_reallydelete', 'admin_customer_alsoremovefiles', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']); } } - } - elseif($action == 'add') - { - if($userinfo['customers_used'] < $userinfo['customers'] - || $userinfo['customers'] == '-1') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + + } elseif($action == 'add') { + + if ($userinfo['customers_used'] < $userinfo['customers'] + || $userinfo['customers'] == '-1' + ) { + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { $name = validate($_POST['name'], 'name'); $firstname = validate($_POST['firstname'], 'first name'); $company = validate($_POST['company'], 'company'); @@ -371,140 +433,113 @@ if($page == 'customers' $email = $idna_convert->encode(validate($_POST['email'], 'email')); $customernumber = validate($_POST['customernumber'], 'customer number', '/^[A-Za-z0-9 \-]*$/Di'); $def_language = validate($_POST['def_language'], 'default language'); - $diskspace = intval_ressource($_POST['diskspace']); $gender = intval_ressource($_POST['gender']); - if(isset($_POST['diskspace_ul'])) - { + $diskspace = intval_ressource($_POST['diskspace']); + if (isset($_POST['diskspace_ul'])) { $diskspace = - 1; } $traffic = doubleval_ressource($_POST['traffic']); - - if(isset($_POST['traffic_ul'])) - { + if (isset($_POST['traffic_ul'])) { $traffic = - 1; } $subdomains = intval_ressource($_POST['subdomains']); - - if(isset($_POST['subdomains_ul'])) - { + if (isset($_POST['subdomains_ul'])) { $subdomains = - 1; } $emails = intval_ressource($_POST['emails']); - - if(isset($_POST['emails_ul'])) - { + if (isset($_POST['emails_ul'])) { $emails = - 1; } $email_accounts = intval_ressource($_POST['email_accounts']); - - if(isset($_POST['email_accounts_ul'])) - { + if (isset($_POST['email_accounts_ul'])) { $email_accounts = - 1; } $email_forwarders = intval_ressource($_POST['email_forwarders']); - - if(isset($_POST['email_forwarders_ul'])) - { + if (isset($_POST['email_forwarders_ul'])) { $email_forwarders = - 1; } - if($settings['system']['mail_quota_enabled'] == '1') - { + if ($settings['system']['mail_quota_enabled'] == '1') { $email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', '')); - - if(isset($_POST['email_quota_ul'])) - { + if (isset($_POST['email_quota_ul'])) { $email_quota = - 1; } - } - else - { + } else { $email_quota = - 1; } - if($settings['autoresponder']['autoresponder_active'] == '1') - { + if ($settings['autoresponder']['autoresponder_active'] == '1') { $email_autoresponder = intval_ressource($_POST['email_autoresponder']); - - if(isset($_POST['email_autoresponder_ul'])) - { + if (isset($_POST['email_autoresponder_ul'])) { $email_autoresponder = - 1; } - } - else - { + } else { $email_autoresponder = 0; } $email_imap = 0; - if(isset($_POST['email_imap'])) + if (isset($_POST['email_imap'])) { $email_imap = intval_ressource($_POST['email_imap']); + } $email_pop3 = 0; - if(isset($_POST['email_pop3'])) + if (isset($_POST['email_pop3'])) { $email_pop3 = intval_ressource($_POST['email_pop3']); + } $ftps = 0; - if(isset($_POST['ftps'])) + if (isset($_POST['ftps'])) { $ftps = intval_ressource($_POST['ftps']); - - if(isset($_POST['ftps_ul'])) - { + } + if (isset($_POST['ftps_ul'])) { $ftps = - 1; } $tickets = ($settings['ticket']['enabled'] == 1 ? intval_ressource($_POST['tickets']) : 0); - - if(isset($_POST['tickets_ul']) - && $settings['ticket']['enabled'] == '1') - { + if (isset($_POST['tickets_ul']) + && $settings['ticket']['enabled'] == '1' + ) { $tickets = - 1; } $mysqls = intval_ressource($_POST['mysqls']); - - if(isset($_POST['mysqls_ul'])) - { + if (isset($_POST['mysqls_ul'])) { $mysqls = - 1; } - if($settings['aps']['aps_active'] == '1') - { + if ($settings['aps']['aps_active'] == '1') { $number_of_aps_packages = intval_ressource($_POST['number_of_aps_packages']); - - if(isset($_POST['number_of_aps_packages_ul'])) - { + if (isset($_POST['number_of_aps_packages_ul'])) { $number_of_aps_packages = - 1; } - } - else - { + } else { $number_of_aps_packages = 0; } $createstdsubdomain = 0; - if(isset($_POST['createstdsubdomain'])) + if(isset($_POST['createstdsubdomain'])) { $createstdsubdomain = intval($_POST['createstdsubdomain']); + } + $password = validate($_POST['new_customer_password'], 'password'); // only check if not empty, // cause empty == generate password automatically - if($password != '') - { + if ($password != '') { $password = validatePassword($password); } $backup_allowed = 0; - if(isset($_POST['backup_allowed'])) + if (isset($_POST['backup_allowed'])) { $backup_allowed = intval($_POST['backup_allowed']); + } - if ($backup_allowed != 0) - { + if ($backup_allowed != 0) { $backup_allowed = 1; } @@ -514,25 +549,29 @@ if($page == 'customers' } $sendpassword = 0; - if(isset($_POST['sendpassword'])) + if (isset($_POST['sendpassword'])) { $sendpassword = intval($_POST['sendpassword']); + } $phpenabled = 0; - if(isset($_POST['phpenabled'])) + if (isset($_POST['phpenabled'])) { $phpenabled = intval($_POST['phpenabled']); + } $perlenabled = 0; - if(isset($_POST['perlenabled'])) + if (isset($_POST['perlenabled'])) { $perlenabled = intval($_POST['perlenabled']); + } $store_defaultindex = 0; - if(isset($_POST['store_defaultindex'])) + if (isset($_POST['store_defaultindex'])) { $store_defaultindex = intval($_POST['store_defaultindex']); + } $diskspace = $diskspace * 1024; $traffic = $traffic * 1024 * 1024; - if(((($userinfo['diskspace_used'] + $diskspace) > $userinfo['diskspace']) && ($userinfo['diskspace'] / 1024) != '-1') + if (((($userinfo['diskspace_used'] + $diskspace) > $userinfo['diskspace']) && ($userinfo['diskspace'] / 1024) != '-1') || ((($userinfo['mysqls_used'] + $mysqls) > $userinfo['mysqls']) && $userinfo['mysqls'] != '-1') || ((($userinfo['emails_used'] + $emails) > $userinfo['emails']) && $userinfo['emails'] != '-1') || ((($userinfo['email_accounts_used'] + $email_accounts) > $userinfo['email_accounts']) && $userinfo['email_accounts'] != '-1') @@ -553,209 +592,246 @@ if($page == 'customers' || ($ftps == '-1' && $userinfo['ftps'] != '-1') || ($tickets == '-1' && $userinfo['tickets'] != '-1') || ($subdomains == '-1' && $userinfo['subdomains'] != '-1') - || ($number_of_aps_packages == '-1' && $userinfo['aps_packages'] != '-1')) - { + || ($number_of_aps_packages == '-1' && $userinfo['aps_packages'] != '-1') + ) { standard_error('youcantallocatemorethanyouhave'); exit; } // Either $name and $firstname or the $company must be inserted - - if($name == '' - && $company == '') - { + if ($name == '' && $company == '') { standard_error(array('stringisempty', 'myname')); - } - elseif($firstname == '' - && $company == '') - { + + } elseif($firstname == '' && $company == '') { standard_error(array('stringisempty', 'myfirstname')); - } - elseif($email == '') - { + + } elseif($email == '') { standard_error(array('stringisempty', 'emailadd')); - } - elseif(!validateEmail($email)) - { + + } elseif(!validateEmail($email)) { standard_error('emailiswrong', $email); - } - else - { - if(isset($_POST['new_loginname']) - && $_POST['new_loginname'] != '') - { + + } else { + + if (isset($_POST['new_loginname']) + && $_POST['new_loginname'] != '' + ) { $accountnumber = intval($settings['system']['lastaccountnumber']); $loginname = validate($_POST['new_loginname'], 'loginname', '/^[a-z0-9\-_]+$/i'); // Accounts which match systemaccounts are not allowed, filtering them + if (preg_match('/^' . preg_quote($settings['customer']['accountprefix'], '/') . '([0-9]+)/', $loginname)) { + standard_error('loginnameissystemaccount', $settings['customer']['accountprefix']); + } - if(preg_match('/^' . preg_quote($settings['customer']['accountprefix'], '/') . '([0-9]+)/', $loginname)) - { + // Additional filtering for Bug #962 + if (function_exists('posix_getpwnam') + && !in_array("posix_getpwnam", explode(",", ini_get('disable_functions'))) + && posix_getpwnam($loginname) + ) { standard_error('loginnameissystemaccount', $settings['customer']['accountprefix']); } - - //Additional filtering for Bug #962 - if(function_exists('posix_getpwnam') && !in_array("posix_getpwnam",explode(",",ini_get('disable_functions'))) && posix_getpwnam($loginname)) { - standard_error('loginnameissystemaccount', $settings['customer']['accountprefix']); - } - } - else - { + + } else { $accountnumber = intval($settings['system']['lastaccountnumber']) + 1; $loginname = $settings['customer']['accountprefix'] . $accountnumber; } // Check if the account already exists + $loginname_check_stmt = Database::prepare(" + SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :loginname" + ); + Database::pexecute($loginname_check_stmt, array('loginname' => $loginname)); + $loginname_check = $loginname_check_stmt->fetch(PDO::FETCH_ASSOC); - $loginname_check = $db->query_first("SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = '" . $db->escape($loginname) . "'"); - $loginname_check_admin = $db->query_first("SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = '" . $db->escape($loginname) . "'"); + $loginname_check_admin_stmt = Database::prepare(" + SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :loginname" + ); + Database::pexecute($loginname_check_admin_stmt, array('loginname' => $loginname)); + $loginname_check_admin = $loginname_check_admin_stmt->fetch(PDO::FETCH_ASSOC); - if(strtolower($loginname_check['loginname']) == strtolower($loginname) - || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) - { + if (strtolower($loginname_check['loginname']) == strtolower($loginname) + || strtolower($loginname_check_admin['loginname']) == strtolower($loginname) + ) { standard_error('loginnameexists', $loginname); - } - elseif(!validateUsername($loginname, $settings['panel']['unix_names'], 14 - strlen($settings['customer']['mysqlprefix']))) - { + + } elseif (!validateUsername($loginname, $settings['panel']['unix_names'], 14 - strlen($settings['customer']['mysqlprefix']))) { standard_error('loginnameiswrong', $loginname); } $guid = intval($settings['system']['lastguid']) + 1; $documentroot = makeCorrectDir($settings['system']['documentroot_prefix'] . '/' . $loginname); - if(file_exists($documentroot)) - { + if (file_exists($documentroot)) { standard_error('documentrootexists', $documentroot); } - if($createstdsubdomain != '1') - { + if ($createstdsubdomain != '1') { $createstdsubdomain = '0'; } - if($phpenabled != '0') - { + if ($phpenabled != '0') { $phpenabled = '1'; } - if($perlenabled != '0') - { + if ($perlenabled != '0') { $perlenabled = '1'; } - if($password == '') - { + if ($password == '') { $password = substr(md5(uniqid(microtime(), 1)), 12, 6); } $_theme = $settings['panel']['default_theme']; - $result = $db->query( - "INSERT INTO `" . TABLE_PANEL_CUSTOMERS . "` SET - `adminid` = '" . (int)$userinfo['adminid'] . "', - `loginname` = '" . $db->escape($loginname) . "', - `password` = '" . md5($password) . "', - `name` = '" . $db->escape($name) . "', - `firstname` = '" . $db->escape($firstname) . "', - `gender` = '" . (int)$gender . "', - `company` = '" . $db->escape($company) . "', - `street` = '" . $db->escape($street) . "', - `zipcode` = '" . $db->escape($zipcode) . "', - `city` = '" . $db->escape($city) . "', - `phone` = '" . $db->escape($phone) . "', - `fax` = '" . $db->escape($fax) . "', - `email` = '" . $db->escape($email) . "', - `customernumber` = '" . $db->escape($customernumber) . "', - `def_language` = '" . $db->escape($def_language) . "', - `documentroot` = '" . $db->escape($documentroot) . "', - `guid` = '" . $db->escape($guid) . "', - `diskspace` = '" . $db->escape($diskspace) . "', - `traffic` = '" . $db->escape($traffic) . "', - `subdomains` = '" . $db->escape($subdomains) . "', - `emails` = '" . $db->escape($emails) . "', - `email_accounts` = '" . $db->escape($email_accounts) . "', - `email_forwarders` = '" . $db->escape($email_forwarders) . "', - `email_quota` = '" . $db->escape($email_quota) . "', - `ftps` = '" . $db->escape($ftps) . "', - `tickets` = '" . $db->escape($tickets) . "', - `mysqls` = '" . $db->escape($mysqls) . "', - `standardsubdomain` = '0', - `phpenabled` = '" . $db->escape($phpenabled) . "', - `imap` = '" . $db->escape($email_imap) . "', - `pop3` = '" . $db->escape($email_pop3) . "', - `aps_packages` = '" . (int)$number_of_aps_packages . "', - `perlenabled` = '" . $db->escape($perlenabled) . "', - `email_autoresponder` = '" . $db->escape($email_autoresponder) . "', - `backup_allowed` = '" . $db->escape($backup_allowed) . "', - `theme` = '" . $db->escape($_theme) . "'" + $ins_data = array( + 'adminid' => $userinfo['adminid'], + 'loginname' => $loginname, + 'passwd' => md5($password), + 'name' => $name, + 'firstname' => $firstname, + 'gender' => $gender, + 'company' => $company, + 'street' => $street, + 'zipcode' => $zipcode, + 'city' => $city, + 'phone' => $phone, + 'fax' => $fax, + 'email' => $email, + 'customerno' => $customernumber, + 'lang' => $def_language, + 'docroot' => $documentroot, + 'guid' => $guid, + 'diskspace' => $diskspace, + 'traffic' => $traffic, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'email_accounts' => $email_accounts, + 'email_forwarders' => $email_forwarders, + 'email_quota' => $email_quota, + 'ftps' => $ftps, + 'tickets' => $tickets, + 'mysqls' => $mysqls, + 'phpenabled' => $phpenabled, + 'imap' => $email_imap, + 'pop3' => $email_pop3, + 'aps' => $number_of_aps_packages, + 'perlenabled' => $perlenabled, + 'email_autoresponder' => $email_autoresponder, + 'backup_allowed' => $backup_allowed, + 'theme' => $theme ); - $customerid = $db->insert_id(); + + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_CUSTOMERS . "` SET + `adminid` = :adminid, + `loginname` = :loginname, + `password` = :passwd, + `name` = :name, + `firstname` = :firstname, + `gender` = :gender, + `company` = :company, + `street` = :street, + `zipcode` = :zipcode, + `city` = :city, + `phone` = :phone, + `fax` = :fax, + `email` = :email, + `customernumber` = :customerno, + `def_language` = :lang, + `documentroot` = :docroot, + `guid` = :guid, + `diskspace` = :diskspace, + `traffic` = :traffic, + `subdomains` = :subdomains, + `emails` = :emails, + `email_accounts` = :email_accounts, + `email_forwarders` = :email_forwarders, + `email_quota` = :email_quota, + `ftps` = :ftps, + `tickets` = :tickets, + `mysqls` = :mysql, + `standardsubdomain` = '0', + `phpenabled` = :phpenabled, + `imap` = :imap, + `pop3` = :pop3, + `aps_packages` = :aps, + `perlenabled` = :perlenabled, + `email_autoresponder` = :email_autoresponder, + `backup_allowed` = :backup_allowed, + `theme` = :theme" + ); + Database::pexecute($ins_stmt, $ins_data); + + $customerid = Database::lastInsertId(); + $admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` + 1"; - if($mysqls != '-1') - { + if ($mysqls != '-1') { $admin_update_query.= ", `mysqls_used` = `mysqls_used` + 0" . (int)$mysqls; } - if($emails != '-1') - { + if ($emails != '-1') { $admin_update_query.= ", `emails_used` = `emails_used` + 0" . (int)$emails; } - if($email_accounts != '-1') - { + if ($email_accounts != '-1') { $admin_update_query.= ", `email_accounts_used` = `email_accounts_used` + 0" . (int)$email_accounts; } - if($email_forwarders != '-1') - { + if ($email_forwarders != '-1') { $admin_update_query.= ", `email_forwarders_used` = `email_forwarders_used` + 0" . (int)$email_forwarders; } - if($email_quota != '-1') - { + if ($email_quota != '-1') { $admin_update_query.= ", `email_quota_used` = `email_quota_used` + 0" . (int)$email_quota; } - if($email_autoresponder != '-1' - && $settings['autoresponder']['autoresponder_active'] == 1) - { + if ($email_autoresponder != '-1' + && $settings['autoresponder']['autoresponder_active'] == 1 + ) { $admin_update_query.= ", `email_autoresponder_used` = `email_autoresponder_used` + 0" . (int)$email_autoresponder; } - if($subdomains != '-1') - { + if ($subdomains != '-1') { $admin_update_query.= ", `subdomains_used` = `subdomains_used` + 0" . (int)$subdomains; } - if($ftps != '-1') - { + if ($ftps != '-1') { $admin_update_query.= ", `ftps_used` = `ftps_used` + 0" . (int)$ftps; } - if($tickets != '-1' - && $settings['ticket']['enabled'] == 1) - { + if ($tickets != '-1' + && $settings['ticket']['enabled'] == 1 + ) { $admin_update_query.= ", `tickets_used` = `tickets_used` + 0" . (int)$tickets; } - if(($diskspace / 1024) != '-1') - { + if (($diskspace / 1024) != '-1') { $admin_update_query.= ", `diskspace_used` = `diskspace_used` + 0" . (int)$diskspace; } - if($number_of_aps_packages != '-1') - { + if ($number_of_aps_packages != '-1') { $admin_update_query.= ", `aps_packages_used` = `aps_packages_used` + 0" . (int)$number_of_aps_packages; } $admin_update_query.= " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "'"; - $db->query($admin_update_query); - $db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` " . "SET `value`='" . $db->escape($guid) . "' " . "WHERE `settinggroup`='system' AND `varname`='lastguid'"); + Database::query($admin_update_query); - if($accountnumber != intval($settings['system']['lastaccountnumber'])) - { - $db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` " . "SET `value`='" . $db->escape($accountnumber) . "' " . "WHERE `settinggroup`='system' AND `varname`='lastaccountnumber'"); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_SETTINGS . "` SET + `value` = :guid + WHERE `settinggroup` = 'system' AND `varname` = 'lastguid'" + ); + Database::pexecute($upd_stmt, array('guid' => $guid)); + + if ($accountnumber != intval($settings['system']['lastaccountnumber'])) { + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_SETTINGS . "` SET + `value` = :accno + WHERE `settinggroup` = 'system' AND `varname` = 'lastaccountnumber'" + ); + Database::pexecute($upd_stmt, array('accno' => $accountnumber)); } $log->logAction(ADM_ACTION, LOG_INFO, "added user '" . $loginname . "'"); @@ -765,73 +841,120 @@ if($page == 'customers' inserttask('10'); // Add htpasswd for the webalizer stats - if(CRYPT_STD_DES == 1) - { + if (CRYPT_STD_DES == 1) { $saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2); $htpasswdPassword = crypt($password, $saltfordescrypt); - } - else - { + } else { $htpasswdPassword = crypt($password); } - if($settings['system']['awstats_enabled'] == '1') - { - $db->query("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` " . "(`customerid`, `username`, `password`, `path`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($htpasswdPassword) . "', '" . $db->escape(makeCorrectDir($documentroot . '/awstats/')) . "')"); + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET + `customerid` = :customerid, + `username` = :username, + `password` = :passwd, + `path` = :path" + ); + $ins_data = array( + 'customerid' => $customerid, + 'username' => $loginname, + 'passwd' => $htpasswdPassword + ); + + if ($settings['system']['awstats_enabled'] == '1') { + $ins_data['path'] = makeCorrectDir($documentroot . '/awstats/'); $log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added awstats htpasswd for user '" . $loginname . "'"); - } - else - { - $db->query("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` " . "(`customerid`, `username`, `password`, `path`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($htpasswdPassword) . "', '" . $db->escape(makeCorrectDir($documentroot . '/webalizer/')) . "')"); + } else { + $ins_data['path'] = makeCorrectDir($documentroot . '/webalizer/'); $log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added webalizer htpasswd for user '" . $loginname . "'"); } + Database::pexecute($ins_stmt, $ins_data); inserttask('1'); $cryptPassword = makeCryptPassword($password); - $result = $db->query("INSERT INTO `" . TABLE_FTP_USERS . "` " . "(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($documentroot) . "', 'y', '" . (int)$guid . "', '" . (int)$guid . "')"); - $result = $db->query("INSERT INTO `" . TABLE_FTP_GROUPS . "` " . "(`customerid`, `groupname`, `gid`, `members`) " . "VALUES ('" . (int)$customerid . "', '" . $db->escape($loginname) . "', '" . $db->escape($guid) . "', '" . $db->escape($loginname) . "')"); - $result = $db->query("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) VALUES ('" . $db->escape($loginname) . "', 'user', '0', '0', '0', '0', '0', '0')"); + // FTP-User + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_FTP_USERS . "` SET `customerid` = :customerid, `username` = :username, + `password` = :passwd, `homedir` = :homedir, `login_enabled` = 'y', `uid` = :guid, `gid` = :guid" + ); + $ins_data = array( + 'customerid' => $customerid, + 'username' => $loginname, + 'passwd' => $cryptPassword, + 'homedir' => $documentroot, + 'guid' => $guid + ); + Database::pexecute($ins_stmt, $ins_data); + // FTP-Group + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_FTP_GROUPS . "` SET `customerid` = :customerid, `groupname` = :groupname, `gid` = :guid, `members` = :members" + ); + $ins_data = array( + 'customerid' => $customerid, + 'groupname' => $loginname, + 'guid' => $guid, + 'members' => $loginname + ); + Database::pexecute($ins_stmt, $ins_data); + // FTP-Quotatallies + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` SET `name` = :name, `quota_type` = 'user', `bytes_in_used` = '0', + `bytes_out_used` = '0', `bytes_xfer_used` = '0', `files_in_used` = '0', `files_out_used` = '0', `files_xfer_used` = '0'" + ); + Database::pexecute($ins_stmt, array('name' => $loginname)); $log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added ftp-account for user '" . $loginname . "'"); - if($createstdsubdomain == '1') - { + if ($createstdsubdomain == '1') { + if (isset($settings['system']['stdsubdomain']) && $settings['system']['stdsubdomain'] != '' ) { $_stdsubdomain = $loginname . '.' . $settings['system']['stdsubdomain']; - } - else - { + } else { $_stdsubdomain = $loginname . '.' . $settings['system']['hostname']; } - $db->query("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET " . - "`domain` = '". $db->escape($_stdsubdomain) . "', " . - "`customerid` = '" . (int)$customerid . "', " . - "`adminid` = '" . (int)$userinfo['adminid'] . "', " . - "`parentdomainid` = '-1', " . - "`documentroot` = '" . $db->escape($documentroot) . "', " . - "`zonefile` = '', " . - "`isemaildomain` = '0', " . - "`caneditdomain` = '0', " . - "`openbasedir` = '1', " . - "`speciallogfile` = '0', " . - "`specialsettings` = '', " . - "`add_date` = '".date('Y-m-d')."'"); - $domainid = $db->insert_id(); - // set ip <-> domain connection - $db->query("INSERT INTO `".TABLE_DOMAINTOIP."` SET - `id_domain` = '".$domainid."', - `id_ipandports` = '".(int)$settings['system']['defaultip']."'" + $ins_data = array( + 'domain' => $_stdsubdomain, + 'customerid' => $customerid, + 'adminid' => $userinfo['adminid'], + 'docroot' => $documentroot, + 'adddate' => date('Y-m-d') ); + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET + `domain` = :domain, + `customerid` = :customerid, + `adminid` = :adminid, + `parentdomainid` = '-1', + `documentroot` = :docroot, + `zonefile` = '', + `isemaildomain` = '0', + `caneditdomain` = '0', + `openbasedir` = '1', + `speciallogfile` = '0', + `specialsettings` = '' + `add_date` = :adddate" + ); + Database::pexecute($ins_stmt, $ins_data); + $domainid = Database::lastInsertId(); - $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `standardsubdomain`=\'' . (int)$domainid . '\' WHERE `customerid`=\'' . (int)$customerid . '\''); + // set ip <-> domain connection + $ins_stmt = Database::prepare(" + INSERT INTO `".TABLE_DOMAINTOIP."` SET `id_domain` = :domainid, `id_ipandports` = :ipid'" + ); + Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $settings['system']['defaultip'])); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid" + ); + Database::pexecute($upd_stmt, array('domainid' => $domainid, 'customerid' => $customerid)); $log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added standardsubdomain for user '" . $loginname . "'"); inserttask('1'); } - if($sendpassword == '1') - { + if ($sendpassword == '1') { + $replace_arr = array( 'FIRSTNAME' => $firstname, 'NAME' => $name, @@ -842,10 +965,20 @@ if($page == 'customers' ); // Get mail templates from database; the ones from 'admin' are fetched for fallback - - $result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'createcustomer_subject\''); + $result_stmt = Database::prepare(" + SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` + WHERE `adminid` = :adminid AND `language` = :deflang AND `templategroup` = 'mails' AND `varname` = 'createcustomer_subject'" + ); + Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'deflang' => $def_language)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['createcustomer']['subject']), $replace_arr)); - $result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'createcustomer_mailbody\''); + + $result_stmt = Database::prepare(" + SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` + WHERE `adminid` = :adminid AND `language` = :deflang AND `templategroup` = 'mails' AND `varname` = 'createcustomer_mailbody'" + ); + Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'deflang' => $def_language)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['createcustomer']['mailbody']), $replace_arr)); $_mailerror = false; @@ -871,16 +1004,13 @@ if($page == 'customers' $mail->ClearAddresses(); $log->logAction(ADM_ACTION, LOG_NOTICE, "automatically sent password to user '" . $loginname . "'"); } - redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { + + } else { $language_options = ''; - while(list($language_file, $language_name) = each($languages)) - { + while (list($language_file, $language_name) = each($languages)) { $language_options.= makeoption($language_name, $language_file, $settings['panel']['standardlanguage'], true); } @@ -910,17 +1040,24 @@ if($page == 'customers' eval("echo \"" . getTemplate("customers/customers_add") . "\";"); } } - } - elseif($action == 'edit' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$id . "' " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' ")); - if($result['loginname'] != '') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif($action == 'edit' + && $id != 0 + ) { + + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `customerid`= :id " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") + ); + Database::pexecute($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid'])); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + + if ($result['loginname'] != '') { + + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $name = validate($_POST['name'], 'name'); $firstname = validate($_POST['firstname'], 'first name'); $company = validate($_POST['company'], 'company'); @@ -933,107 +1070,86 @@ if($page == 'customers' $customernumber = validate($_POST['customernumber'], 'customer number', '/^[A-Za-z0-9 \-]*$/Di'); $def_language = validate($_POST['def_language'], 'default language'); $password = validate($_POST['new_customer_password'], 'new password'); - $diskspace = intval_ressource($_POST['diskspace']); $gender = intval_ressource($_POST['gender']); - if(isset($_POST['diskspace_ul'])) - { + $diskspace = intval_ressource($_POST['diskspace']); + if (isset($_POST['diskspace_ul'])) { $diskspace = - 1; } $traffic = doubleval_ressource($_POST['traffic']); - - if(isset($_POST['traffic_ul'])) - { + if (isset($_POST['traffic_ul'])) { $traffic = - 1; } $subdomains = intval_ressource($_POST['subdomains']); - - if(isset($_POST['subdomains_ul'])) - { + if (isset($_POST['subdomains_ul'])) { $subdomains = - 1; } $emails = intval_ressource($_POST['emails']); - - if(isset($_POST['emails_ul'])) - { + if (isset($_POST['emails_ul'])) { $emails = - 1; } $email_accounts = intval_ressource($_POST['email_accounts']); - - if(isset($_POST['email_accounts_ul'])) - { + if (isset($_POST['email_accounts_ul'])) { $email_accounts = - 1; } $email_forwarders = intval_ressource($_POST['email_forwarders']); - - if(isset($_POST['email_forwarders_ul'])) - { + if (isset($_POST['email_forwarders_ul'])) { $email_forwarders = - 1; } - if($settings['system']['mail_quota_enabled'] == '1') - { + if ($settings['system']['mail_quota_enabled'] == '1') { $email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', '')); - - if(isset($_POST['email_quota_ul'])) - { + if (isset($_POST['email_quota_ul'])) { $email_quota = - 1; } - } - else - { + } else { $email_quota = - 1; } - if($settings['autoresponder']['autoresponder_active'] == '1') - { + if ($settings['autoresponder']['autoresponder_active'] == '1') { $email_autoresponder = intval_ressource($_POST['email_autoresponder']); - - if(isset($_POST['email_autoresponder_ul'])) - { + if (isset($_POST['email_autoresponder_ul'])) { $email_autoresponder = - 1; } - } - else - { + } else { $email_autoresponder = 0; } $email_imap = 0; - if(isset($_POST['email_imap'])) + if (isset($_POST['email_imap'])) { $email_imap = intval_ressource($_POST['email_imap']); + } $email_pop3 = 0; - if(isset($_POST['email_pop3'])) + if (isset($_POST['email_pop3'])) { $email_pop3 = intval_ressource($_POST['email_pop3']); + } $ftps = 0; - if(isset($_POST['ftps'])) + if (isset($_POST['ftps'])) { $ftps = intval_ressource($_POST['ftps']); - - if(isset($_POST['ftps_ul'])) - { + } + if (isset($_POST['ftps_ul'])) { $ftps = - 1; } $tickets = ($settings['ticket']['enabled'] == 1 ? intval_ressource($_POST['tickets']) : 0); - - if(isset($_POST['tickets_ul']) - && $settings['ticket']['enabled'] == '1') - { + if (isset($_POST['tickets_ul']) + && $settings['ticket']['enabled'] == '1' + ) { $tickets = - 1; } $backup_allowed = 0; - if (isset($_POST['backup_allowed'])) + if (isset($_POST['backup_allowed'])) { $backup_allowed = intval($_POST['backup_allowed']); - - if($backup_allowed != '0'){ + } + if ($backup_allowed != '0') { $backup_allowed = 1; } @@ -1043,47 +1159,46 @@ if($page == 'customers' } $mysqls = 0; - if(isset($_POST['mysqls'])) + if (isset($_POST['mysqls'])) { $mysqls = intval_ressource($_POST['mysqls']); - - if(isset($_POST['mysqls_ul'])) - { + } + if (isset($_POST['mysqls_ul'])) { $mysqls = - 1; } - if($settings['aps']['aps_active'] == '1') - { + if ($settings['aps']['aps_active'] == '1') { $number_of_aps_packages = intval_ressource($_POST['number_of_aps_packages']); - - if(isset($_POST['number_of_aps_packages_ul'])) - { + if (isset($_POST['number_of_aps_packages_ul'])) { $number_of_aps_packages = - 1; } - } - else - { + } else { $number_of_aps_packages = 0; } $createstdsubdomain = 0; - if(isset($_POST['createstdsubdomain'])) + if (isset($_POST['createstdsubdomain'])) { $createstdsubdomain = intval($_POST['createstdsubdomain']); + } $deactivated = 0; - if(isset($_POST['deactivated'])) + if (isset($_POST['deactivated'])) { $deactivated = intval($_POST['deactivated']); + } $phpenabled = 0; - if(isset($_POST['phpenabled'])) + if (isset($_POST['phpenabled'])) { $phpenabled = intval($_POST['phpenabled']); + } $perlenabled = 0; - if(isset($_POST['perlenabled'])) + if (isset($_POST['perlenabled'])) { $perlenabled = intval($_POST['perlenabled']); + } + $diskspace = $diskspace * 1024; $traffic = $traffic * 1024 * 1024; - if(((($userinfo['diskspace_used'] + $diskspace - $result['diskspace']) > $userinfo['diskspace']) && ($userinfo['diskspace'] / 1024) != '-1') + if (((($userinfo['diskspace_used'] + $diskspace - $result['diskspace']) > $userinfo['diskspace']) && ($userinfo['diskspace'] / 1024) != '-1') || ((($userinfo['mysqls_used'] + $mysqls - $result['mysqls']) > $userinfo['mysqls']) && $userinfo['mysqls'] != '-1') || ((($userinfo['emails_used'] + $emails - $result['emails']) > $userinfo['emails']) && $userinfo['emails'] != '-1') || ((($userinfo['email_accounts_used'] + $email_accounts - $result['email_accounts']) > $userinfo['email_accounts']) && $userinfo['email_accounts'] != '-1') @@ -1104,371 +1219,394 @@ if($page == 'customers' || ($ftps == '-1' && $userinfo['ftps'] != '-1') || ($tickets == '-1' && $userinfo['tickets'] != '-1') || ($subdomains == '-1' && $userinfo['subdomains'] != '-1') - || ($number_of_aps_packages == '-1' && $userinfo['aps_packages'] != '-1')) - { + || ($number_of_aps_packages == '-1' && $userinfo['aps_packages'] != '-1') + ) { standard_error('youcantallocatemorethanyouhave'); exit; } // Either $name and $firstname or the $company must be inserted - - if($name == '' - && $company == '') - { + if ($name == '' && $company == '') { standard_error(array('stringisempty', 'myname')); - } - elseif($firstname == '' - && $company == '') - { + + } elseif($firstname == '' && $company == '') { standard_error(array('stringisempty', 'myfirstname')); - } - elseif($email == '') - { + + } elseif($email == '') { standard_error(array('stringisempty', 'emailadd')); - } - elseif(!validateEmail($email)) - { + + } elseif(!validateEmail($email)) { standard_error('emailiswrong', $email); - } - else - { - if($password != '') - { + + } else { + + if ($password != '') { $password = validatePassword($password); $password = md5($password); - } - else - { + } else { $password = $result['password']; } - if($createstdsubdomain != '1') - { + if ($createstdsubdomain != '1') { $createstdsubdomain = '0'; } - if($createstdsubdomain == '1' - && $result['standardsubdomain'] == '0') - { + if ($createstdsubdomain == '1' + && $result['standardsubdomain'] == '0' + ) { + if (isset($settings['system']['stdsubdomain']) && $settings['system']['stdsubdomain'] != '' ) { $_stdsubdomain = $result['loginname'] . '.' . $settings['system']['stdsubdomain']; - } - else - { + } else { $_stdsubdomain = $result['loginname'] . '.' . $settings['system']['hostname']; } - $db->query("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET - `domain` = '" . $db->escape($_stdsubdomain) . "', - `customerid` = '" . (int)$result['customerid'] . "', - `adminid` = '" . (int)$userinfo['adminid'] . "', + $ins_data = array( + 'domain' => $_stdsubdomain, + 'customerid' => $result['customerid'], + 'adminid' => $userinfo['adminid'], + 'docroot' => $result['documentroot'], + 'adddate' => date('Y-m-d') + ); + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET + `domain` = :domain, + `customerid` = :customerid, + `adminid` = :adminid, `parentdomainid` = '-1', - `documentroot` = '" . $db->escape($result['documentroot']) . "', + `documentroot` = :docroot, `zonefile` = '', `isemaildomain` = '0', `caneditdomain` = '0', `openbasedir` = '1', `speciallogfile` = '0', - `specialsettings` = '', - `add_date` = '".date('Y-m-d')."'" + `specialsettings` = '' + `add_date` = :adddate" ); - $domainid = $db->insert_id(); + Database::pexecute($ins_stmt, $ins_data); + $domainid = Database::lastInsertId(); + // set ip <-> domain connection - $db->query("INSERT INTO `".TABLE_DOMAINTOIP."` SET - `id_domain` = '".$domainid."', - `id_ipandports` = '".(int)$settings['system']['defaultip']."'" + $ins_stmt = Database::prepare(" + INSERT INTO `".TABLE_DOMAINTOIP."` SET `id_domain` = :domainid, `id_ipandports` = :ipid'" ); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET - `standardsubdomain`='" . (int)$domainid . "' - WHERE `customerid`='" . (int)$result['customerid'] . "'" + Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipid' => $settings['system']['defaultip'])); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid" ); + Database::pexecute($upd_stmt, array('domainid' => $domainid, 'customerid' => $result['customerid'])); $log->logAction(ADM_ACTION, LOG_NOTICE, "automatically added standardsubdomain for user '" . $result['loginname'] . "'"); inserttask('1'); } - if($createstdsubdomain == '0' - && $result['standardsubdomain'] != '0') - { - $db->query("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` - WHERE `id`='" . (int)$result['standardsubdomain'] . "'"); - $db->query("DELETE FROM `" . TABLE_DOMAINTOIP . "` - WHERE `id_domain`='" . (int)$result['standardsubdomain'] . "'"); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET - `standardsubdomain`= '0' WHERE `customerid`= '" . (int)$result['customerid'] . "'"); + if ($createstdsubdomain == '0' + && $result['standardsubdomain'] != '0' + ) { + + $del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `id` = :stdsub"); + Database::pexecute($del_stmt, array('stdsub' => $result['standardsubdomain'])); + $del_stmt = Database::prepare("DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :stdsub"); + Database::pexecute($del_stmt, array('stdsub' => $result['standardsubdomain'])); + $del_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain`= '0' WHERE `customerid` = :customerid"); + Database::pexecute($del_stmt, array('customerid' => $result['customerid'])); $log->logAction(ADM_ACTION, LOG_NOTICE, "automatically deleted standardsubdomain for user '" . $result['loginname'] . "'"); inserttask('1'); } - if($deactivated != '1') - { + if ($deactivated != '1') { $deactivated = '0'; } - if($phpenabled != '0') - { + if ($phpenabled != '0') { $phpenabled = '1'; } - if($perlenabled != '0') - { + if ($perlenabled != '0') { $perlenabled = '1'; } - if($phpenabled != $result['phpenabled'] - || $perlenabled != $result['perlenabled']) - { + if ($phpenabled != $result['phpenabled'] + || $perlenabled != $result['perlenabled'] + ) { inserttask('1'); } - if($deactivated != $result['deactivated']) - { - $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`='" . (($deactivated) ? 'N' : 'Y') . "', `pop3`='" . (($deactivated) ? '0' : (int)$result['pop3']) . "', `imap`='" . (($deactivated) ? '0' : (int)$result['imap']) . "' WHERE `customerid`='" . (int)$id . "'"); - $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled`='" . (($deactivated) ? 'N' : 'Y') . "' WHERE `customerid`='" . (int)$id . "'"); - $db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`='" . (int)$deactivated . "' WHERE `customerid`='" . (int)$id . "'"); + // activate/deactivate customer services + if ($deactivated != $result['deactivated']) { - /* Retrieve customer's databases */ - $databases = $db->query("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid='" . (int)$id . "' ORDER BY `dbserver`"); - $db_root = new db($sql_root[0]['host'], $sql_root[0]['user'], $sql_root[0]['password'], ''); + $yesno = (($deactivated) ? 'N' : 'Y'); + $pop3 = (($deactivated) ? '0' : (int)$result['pop3']); + $imap = (($deactivated) ? '0' : (int)$result['imap']); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid" + ); + Database::pexecute($upd_stmt, array('yesno' => $yesno, 'pop3' => $pop3, 'imap' => $imap, 'customerid' => $id)); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled` = :yesno WHERE `customerid` = :customerid" + ); + Database::pexecute($upd_stmt, array('yesno' => $yesno, 'customerid' => $id)); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`= :deactivated WHERE `customerid` = :customerid" + ); + Database::pexecute($upd_stmt, array('deactivated' => $deactivated, 'customerid' => $id)); + + // Retrieve customer's databases + $databases_stmt = Database::prepare("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid = :customerid ORDER BY `dbserver`"); + Database::pexecute($databases_stmt, array('customerid' => $id)); + + Database::needRoot(true); $last_dbserver = 0; + // For each of them + while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) { - /* For each of them */ - while($row_database = $db->fetch_array($databases)) - { - if($last_dbserver != $row_database['dbserver']) - { - $db_root->query('FLUSH PRIVILEGES;'); - $db_root->close(); - $db_root = new db($sql_root[$row_database['dbserver']]['host'], $sql_root[$row_database['dbserver']]['user'], $sql_root[$row_database['dbserver']]['password'], ''); + if ($last_dbserver != $row_database['dbserver']) { + Database::query('FLUSH PRIVILEGES;'); + Database::needRoot(true, $row_database['dbserver']); $last_dbserver = $row_database['dbserver']; } - foreach(array_unique(explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) - { + foreach (array_unique(explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) { $mysql_access_host = trim($mysql_access_host); - /* Prevent access, if deactivated */ - if($deactivated) - { + // Prevent access, if deactivated + if ($deactivated) { // failsafe if user has been deleted manually (requires MySQL 4.1.2+) - $db_root->query('REVOKE ALL PRIVILEGES, GRANT OPTION FROM \'' . $db_root->escape($row_database['databasename']) .'\'',false,true); - } - else /* Otherwise grant access */ - { - $db_root->query('GRANT ALL PRIVILEGES ON `' . $db_root->escape($row_database['databasename']) .'`.* TO `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`'); - $db_root->query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($row_database['databasename'])) . '` . * TO `' . $db_root->escape($row_database['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '`'); + $stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM `".$row_database['databasename']."`"); + Database::pexecute($stmt, array(), false); + + } else { + // Otherwise grant access + Database::query('GRANT ALL PRIVILEGES ON `' . $row_database['databasename'] .'`.* TO `' . $row_database['databasename'] . '`@`' . $mysql_access_host . '`'); + Database::query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $row_database['databasename']) . '` . * TO `' . $row_database['databasename'] . '`@`' . $mysql_access_host . '`'); } } } /* At last flush the new privileges */ - $db_root->query('FLUSH PRIVILEGES;'); - $db_root->close(); + Database::query('FLUSH PRIVILEGES;'); + Database::needRoot(false); $log->logAction(ADM_ACTION, LOG_INFO, "deactivated user '" . $result['loginname'] . "'"); inserttask('1'); } // Disable or enable POP3 Login for customers Mail Accounts - - if($email_pop3 != $result['pop3']) - { - $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `pop3`='" . (int)$email_pop3 . "' WHERE `customerid`='" . (int)$id . "'"); + if ($email_pop3 != $result['pop3']) { + $upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `pop3` = :pop3 WHERE `customerid` = :customerid"); + Database::pexecute($upd_stmt, array('pop3' => $email_pop3, 'customerid' => $id)); } // Disable or enable IMAP Login for customers Mail Accounts - - if($email_imap != $result['imap']) - { - $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `imap`='" . (int)$email_imap . "' WHERE `customerid`='" . (int)$id . "'"); + if ($email_imap != $result['imap']) { + $upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `imap` = :imap WHERE `customerid` = :customerid"); + Database::pexecute($upd_stmt, array('pop3' => $email_imap, 'customerid' => $id)); } - // $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `name`='" . $db->escape($name) . "', `firstname`='" . $db->escape($firstname) . "', `company`='" . $db->escape($company) . "', `street`='" . $db->escape($street) . "', `zipcode`='" . $db->escape($zipcode) . "', `city`='" . $db->escape($city) . "', `phone`='" . $db->escape($phone) . "', `fax`='" . $db->escape($fax) . "', `email`='" . $db->escape($email) . "', `customernumber`='" . $db->escape($customernumber) . "', `def_language`='" . $db->escape($def_language) . "', `password` = '" . $password . "', `diskspace`='" . $db->escape($diskspace) . "', `traffic`='" . $db->escape($traffic) . "', `subdomains`='" . $db->escape($subdomains) . "', `emails`='" . $db->escape($emails) . "', `email_accounts` = '" . $db->escape($email_accounts) . "', `email_forwarders`='" . $db->escape($email_forwarders) . "', `ftps`='" . $db->escape($ftps) . "', `tickets`='" . $db->escape($tickets) . "', `mysqls`='" . $db->escape($mysqls) . "', `deactivated`='" . $db->escape($deactivated) . "', `phpenabled`='" . $db->escape($phpenabled) . "', `email_quota`='" . $db->escape($email_quota) . "', `imap`='" . $db->escape($email_imap) . "', `pop3`='" . $db->escape($email_pop3) . "', `aps_packages`='" . (int)$number_of_aps_packages . "', `perlenabled`='" . $db->escape($perlenabled) . "', `email_autoresponder`='" . $db->escape($email_autoresponder) . "' WHERE `customerid`='" . (int)$id . "'"); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `name`='" . $db->escape($name) . "', `firstname`='" . $db->escape($firstname) . "', `gender`='" . $db->escape($gender) . "', `company`='" . $db->escape($company) . "', `street`='" . $db->escape($street) . "', `zipcode`='" . $db->escape($zipcode) . "', `city`='" . $db->escape($city) . "', `phone`='" . $db->escape($phone) . "', `fax`='" . $db->escape($fax) . "', `email`='" . $db->escape($email) . "', `customernumber`='" . $db->escape($customernumber) . "', `def_language`='" . $db->escape($def_language) . "', `password` = '" . $password . "', `diskspace`='" . $db->escape($diskspace) . "', `traffic`='" . $db->escape($traffic) . "', `subdomains`='" . $db->escape($subdomains) . "', `emails`='" . $db->escape($emails) . "', `email_accounts` = '" . $db->escape($email_accounts) . "', `email_forwarders`='" . $db->escape($email_forwarders) . "', `ftps`='" . $db->escape($ftps) . "', `tickets`='" . $db->escape($tickets) . "', `mysqls`='" . $db->escape($mysqls) . "', `deactivated`='" . $db->escape($deactivated) . "', `phpenabled`='" . $db->escape($phpenabled) . "', `email_quota`='" . $db->escape($email_quota) . "', `imap`='" . $db->escape($email_imap) . "', `pop3`='" . $db->escape($email_pop3) . "', `aps_packages`='" . (int)$number_of_aps_packages . "', `perlenabled`='" . $db->escape($perlenabled) . "', `email_autoresponder`='" . $db->escape($email_autoresponder) . "', `backup_allowed`='" . $db->escape($backup_allowed) . "' WHERE `customerid`='" . (int)$id . "'"); - $admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` "; + $upd_data = array( + 'customerid' => $id, + 'passwd' => $password, + 'name' => $name, + 'firstname' => $firstname, + 'gender' => $gender, + 'company' => $company, + 'street' => $street, + 'zipcode' => $zipcode, + 'city' => $city, + 'phone' => $phone, + 'fax' => $fax, + 'email' => $email, + 'customerno' => $customernumber, + 'lang' => $def_language, + 'diskspace' => $diskspace, + 'traffic' => $traffic, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'email_accounts' => $email_accounts, + 'email_forwarders' => $email_forwarders, + 'email_quota' => $email_quota, + 'ftps' => $ftps, + 'tickets' => $tickets, + 'mysqls' => $mysqls, + 'deactivated' => $deactivated, + 'phpenabled' => $phpenabled, + 'imap' => $email_imap, + 'pop3' => $email_pop3, + 'aps' => $number_of_aps_packages, + 'perlenabled' => $perlenabled, + 'email_autoresponder' => $email_autoresponder, + 'backup_allowed' => $backup_allowed + ); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `name` = :name, + `firstname` = :firstname, + `gender` = :gender, + `company` = :company, + `street` = :street, + `zipcode` = :zipcode, + `city` = :city, + `phone` = :phone, + `fax` = :fax, + `email` = :email, + `customernumber` = :customerno, + `def_language` = :lang, + `password` = :passwd, + `diskspace` = :diskspace, + `traffic` = :traffic, + `subdomains` = :subdomains, + `emails` = :emails, + `email_accounts` = :email_accounts, + `email_forwarders` = :email_forwarders, + `ftps` = :ftps, + `tickets` = :tickets, + `mysqls` = :mysql, + `deactivated` = :deactivated, + `phpenabled` = :phpenabled, + `email_quota` = :email_quota, + `imap` = :imap, + `pop3` = :pop3, + `aps_packages` = :aps, + `perlenabled` = :perlenabled, + `email_autoresponder` = :email_autoresponder, + `backup_allowed` = :backup_allowed + WHERE `customerid` = :customerid" + ); + Database::pexecute($upd_stmt, $upd_data); // Using filesystem - quota, insert a task which cleans the filesystem - quota inserttask('10'); - if($mysqls != '-1' - || $result['mysqls'] != '-1') - { + $admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` "; + + if ($mysqls != '-1' || $result['mysqls'] != '-1') { $admin_update_query.= ", `mysqls_used` = `mysqls_used` "; - if($mysqls != '-1') - { + if ($mysqls != '-1') { $admin_update_query.= " + 0" . (int)$mysqls . " "; } - - if($result['mysqls'] != '-1') - { + if ($result['mysqls'] != '-1') { $admin_update_query.= " - 0" . (int)$result['mysqls'] . " "; } } - if($emails != '-1' - || $result['emails'] != '-1') - { + if($emails != '-1' || $result['emails'] != '-1') { $admin_update_query.= ", `emails_used` = `emails_used` "; - if($emails != '-1') - { + if ($emails != '-1') { $admin_update_query.= " + 0" . (int)$emails . " "; } - - if($result['emails'] != '-1') - { + if ($result['emails'] != '-1') { $admin_update_query.= " - 0" . (int)$result['emails'] . " "; } } - if($email_accounts != '-1' - || $result['email_accounts'] != '-1') - { + if ($email_accounts != '-1' || $result['email_accounts'] != '-1') { $admin_update_query.= ", `email_accounts_used` = `email_accounts_used` "; - if($email_accounts != '-1') - { + if ($email_accounts != '-1') { $admin_update_query.= " + 0" . (int)$email_accounts . " "; } - - if($result['email_accounts'] != '-1') - { + if ($result['email_accounts'] != '-1') { $admin_update_query.= " - 0" . (int)$result['email_accounts'] . " "; } } - if($email_forwarders != '-1' - || $result['email_forwarders'] != '-1') - { + if ($email_forwarders != '-1' || $result['email_forwarders'] != '-1') { $admin_update_query.= ", `email_forwarders_used` = `email_forwarders_used` "; - if($email_forwarders != '-1') - { + if ($email_forwarders != '-1') { $admin_update_query.= " + 0" . (int)$email_forwarders . " "; } - - if($result['email_forwarders'] != '-1') - { + if ($result['email_forwarders'] != '-1') { $admin_update_query.= " - 0" . (int)$result['email_forwarders'] . " "; } } - if($email_quota != '-1' - || $result['email_quota'] != '-1') - { + if ($email_quota != '-1' || $result['email_quota'] != '-1') { $admin_update_query.= ", `email_quota_used` = `email_quota_used` "; - if($email_quota != '-1') - { + if ($email_quota != '-1') { $admin_update_query.= " + 0" . (int)$email_quota . " "; } - - if($result['email_quota'] != '-1') - { + if ($result['email_quota'] != '-1') { $admin_update_query.= " - 0" . (int)$result['email_quota'] . " "; } } - if($email_autoresponder != '-1' - || $result['email_autoresponder'] != '-1') - { + if ($email_autoresponder != '-1' || $result['email_autoresponder'] != '-1') { $admin_update_query.= ", `email_autoresponder_used` = `email_autoresponder_used` "; - if($email_autoresponder != '-1') - { + if ($email_autoresponder != '-1') { $admin_update_query.= " + 0" . (int)$email_autoresponder . " "; } - - if($result['email_autoresponder'] != '-1') - { + if ($result['email_autoresponder'] != '-1') { $admin_update_query.= " - 0" . (int)$result['email_autoresponder'] . " "; } } - if($subdomains != '-1' - || $result['subdomains'] != '-1') - { + if ($subdomains != '-1' || $result['subdomains'] != '-1') { $admin_update_query.= ", `subdomains_used` = `subdomains_used` "; - if($subdomains != '-1') - { + if ($subdomains != '-1') { $admin_update_query.= " + 0" . (int)$subdomains . " "; } - - if($result['subdomains'] != '-1') - { + if ($result['subdomains'] != '-1') { $admin_update_query.= " - 0" . (int)$result['subdomains'] . " "; } } - if($ftps != '-1' - || $result['ftps'] != '-1') - { + if ($ftps != '-1' || $result['ftps'] != '-1') { $admin_update_query.= ", `ftps_used` = `ftps_used` "; - if($ftps != '-1') - { + if ($ftps != '-1') { $admin_update_query.= " + 0" . (int)$ftps . " "; } - - if($result['ftps'] != '-1') - { + if ($result['ftps'] != '-1') { $admin_update_query.= " - 0" . (int)$result['ftps'] . " "; } } - if($tickets != '-1' - || $result['tickets'] != '-1') - { + if ($tickets != '-1' || $result['tickets'] != '-1') { $admin_update_query.= ", `tickets_used` = `tickets_used` "; - if($tickets != '-1') - { + if ($tickets != '-1') { $admin_update_query.= " + 0" . (int)$tickets . " "; } - - if($result['tickets'] != '-1') - { + if ($result['tickets'] != '-1') { $admin_update_query.= " - 0" . (int)$result['tickets'] . " "; } } - if(($diskspace / 1024) != '-1' - || ($result['diskspace'] / 1024) != '-1') - { + if (($diskspace / 1024) != '-1' || ($result['diskspace'] / 1024) != '-1') { $admin_update_query.= ", `diskspace_used` = `diskspace_used` "; - if(($diskspace / 1024) != '-1') - { + if (($diskspace / 1024) != '-1') { $admin_update_query.= " + 0" . (int)$diskspace . " "; } - - if(($result['diskspace'] / 1024) != '-1') - { + if (($result['diskspace'] / 1024) != '-1') { $admin_update_query.= " - 0" . (int)$result['diskspace'] . " "; } } - if($number_of_aps_packages != '-1' - || $result['aps_packages'] != '-1') - { + if ($number_of_aps_packages != '-1' || $result['aps_packages'] != '-1') { $admin_update_query.= ", `aps_packages_used` = `aps_packages_used` "; - if($number_of_aps_packages != '-1') - { + if ($number_of_aps_packages != '-1') { $admin_update_query.= " + 0" . (int)$number_of_aps_packages . " "; } - - if($result['aps_packages'] != '-1') - { + if ($result['aps_packages'] != '-1') { $admin_update_query.= " - 0" . (int)$result['aps_packages'] . " "; } } $admin_update_query.= " WHERE `adminid` = '" . (int)$result['adminid'] . "'"; - $db->query($admin_update_query); + Database::query($admin_update_query); $log->logAction(ADM_ACTION, LOG_INFO, "edited user '" . $result['loginname'] . "'"); $redirect_props = Array( 'page' => $page, @@ -1477,100 +1615,75 @@ if($page == 'customers' redirectTo($filename, $redirect_props); } - } - else - { + + } else { $language_options = ''; - while(list($language_file, $language_name) = each($languages)) - { + while (list($language_file, $language_name) = each($languages)) { $language_options.= makeoption($language_name, $language_file, $result['def_language'], true); } $result['traffic'] = round($result['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']); $result['diskspace'] = round($result['diskspace'] / 1024, $settings['panel']['decimal_places']); $result['email'] = $idna_convert->decode($result['email']); - $diskspace_ul = makecheckbox('diskspace_ul', $lng['customer']['unlimited'], '-1', false, $result['diskspace'], true, true); - if($result['diskspace'] == '-1') - { + $diskspace_ul = makecheckbox('diskspace_ul', $lng['customer']['unlimited'], '-1', false, $result['diskspace'], true, true); + if ($result['diskspace'] == '-1') { $result['diskspace'] = ''; } $traffic_ul = makecheckbox('traffic_ul', $lng['customer']['unlimited'], '-1', false, $result['traffic'], true, true); - - if($result['traffic'] == '-1') - { + if ($result['traffic'] == '-1') { $result['traffic'] = ''; } $subdomains_ul = makecheckbox('subdomains_ul', $lng['customer']['unlimited'], '-1', false, $result['subdomains'], true, true); - - if($result['subdomains'] == '-1') - { + if ($result['subdomains'] == '-1') { $result['subdomains'] = ''; } $emails_ul = makecheckbox('emails_ul', $lng['customer']['unlimited'], '-1', false, $result['emails'], true, true); - - if($result['emails'] == '-1') - { + if ($result['emails'] == '-1') { $result['emails'] = ''; } $email_accounts_ul = makecheckbox('email_accounts_ul', $lng['customer']['unlimited'], '-1', false, $result['email_accounts'], true, true); - - if($result['email_accounts'] == '-1') - { + if ($result['email_accounts'] == '-1') { $result['email_accounts'] = ''; } $email_forwarders_ul = makecheckbox('email_forwarders_ul', $lng['customer']['unlimited'], '-1', false, $result['email_forwarders'], true, true); - - if($result['email_forwarders'] == '-1') - { + if ($result['email_forwarders'] == '-1') { $result['email_forwarders'] = ''; } $email_quota_ul = makecheckbox('email_quota_ul', $lng['customer']['unlimited'], '-1', false, $result['email_quota'], true, true); - - if($result['email_quota'] == '-1') - { + if ($result['email_quota'] == '-1') { $result['email_quota'] = ''; } $email_autoresponder_ul = makecheckbox('email_autoresponder_ul', $lng['customer']['unlimited'], '-1', false, $result['email_autoresponder'], true, true); - - if($result['email_autoresponder'] == '-1') - { + if ($result['email_autoresponder'] == '-1') { $result['email_autoresponder'] = ''; } $ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, $result['ftps'], true, true); - - if($result['ftps'] == '-1') - { + if ($result['ftps'] == '-1') { $result['ftps'] = ''; } $tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, $result['tickets'], true, true); - - if($result['tickets'] == '-1') - { + if ($result['tickets'] == '-1') { $result['tickets'] = ''; } $mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, $result['mysqls'], true, true); - - if($result['mysqls'] == '-1') - { + if ($result['mysqls'] == '-1') { $result['mysqls'] = ''; } $number_of_aps_packages_ul = makecheckbox('number_of_aps_packages_ul', $lng['customer']['unlimited'], '-1', false, $result['aps_packages'], true, true); - - if($result['aps_packages'] == '-1') - { + if ($result['aps_packages'] == '-1') { $result['aps_packages'] = ''; } @@ -1591,5 +1704,3 @@ if($page == 'customers' } } } - -?> diff --git a/admin_tickets.php b/admin_tickets.php index db8f598e..fc284888 100644 --- a/admin_tickets.php +++ b/admin_tickets.php @@ -18,11 +18,6 @@ */ define('AREA', 'admin'); - -/** - * Include our init.php, which manages Sessions, Language etc. - */ - require ("./lib/init.php"); if (isset($_POST['id'])) { From 849da2a4237f094450356c87e295f5d348f7e788 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 09:11:26 +0100 Subject: [PATCH 03/11] migrate phpinterface-classes to PDO database class, refs #1287 Signed-off-by: Michael Kaufmann (d00p) --- .../phpinterface/class.phpinterface.php | 48 ++-- .../phpinterface/class.phpinterface_fcgid.php | 168 +++++------- .../phpinterface/class.phpinterface_fpm.php | 243 ++++++++---------- .../jobs/cron_tasks.inc.http.10.apache.php | 4 +- .../cron_tasks.inc.http.15.apache_fcgid.php | 12 +- .../jobs/cron_tasks.inc.http.20.lighttpd.php | 2 +- .../cron_tasks.inc.http.25.lighttpd_fcgid.php | 16 +- scripts/jobs/cron_tasks.inc.http.30.nginx.php | 2 +- .../cron_tasks.inc.http.35.nginx_phpfpm.php | 16 +- 9 files changed, 222 insertions(+), 289 deletions(-) diff --git a/lib/classes/phpinterface/class.phpinterface.php b/lib/classes/phpinterface/class.phpinterface.php index 01ff1e4c..b4474ea2 100644 --- a/lib/classes/phpinterface/class.phpinterface.php +++ b/lib/classes/phpinterface/class.phpinterface.php @@ -19,13 +19,7 @@ * */ -class phpinterface -{ - /** - * Database handler - * @var object - */ - private $_db = false; +class phpinterface { /** * Settings array @@ -54,9 +48,7 @@ class phpinterface /** * main constructor */ - public function __construct($db, $settings, $domain) - { - $this->_db = $db; + public function __construct($settings, $domain) { $this->_settings = $settings; $this->_domain = $domain; $this->_setInterface(); @@ -66,8 +58,7 @@ class phpinterface * returns the interface-object * from where we can control it */ - public function getInterface() - { + public function getInterface() { return $this->_interface; } @@ -76,16 +67,13 @@ class phpinterface * php-interface: fcgid or php-fpm * sets private $_interface variable */ - private function _setInterface() - { + private function _setInterface() { // php-fpm - if((int)$this->_settings['phpfpm']['enabled'] == 1) - { - $this->_interface = new phpinterface_fpm($this->_db, $this->_settings, $this->_domain); - } - elseif((int)$this->_settings['system']['mod_fcgid'] == 1) - { - $this->_interface = new phpinterface_fcgid($this->_db, $this->_settings, $this->_domain); + if ((int)$this->_settings['phpfpm']['enabled'] == 1) { + $this->_interface = new phpinterface_fpm($this->_settings, $this->_domain); + + } elseif ((int)$this->_settings['system']['mod_fcgid'] == 1) { + $this->_interface = new phpinterface_fcgid($this->_settings, $this->_domain); } } @@ -96,23 +84,21 @@ class phpinterface * * @return array */ - public function getPhpConfig($php_config_id) - { + public function getPhpConfig($php_config_id) { + $php_config_id = intval($php_config_id); // If domain has no config, we will use the default one. - - if($php_config_id == 0) - { + if ($php_config_id == 0) { $php_config_id = 1; } - if(!isset($this->php_configs_cache[$php_config_id])) - { - $this->_php_configs_cache[$php_config_id] = $this->_db->query_first( - "SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` - WHERE `id` = " . (int)$php_config_id + if (!isset($this->php_configs_cache[$php_config_id])) { + $stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id" ); + Database::pexecute($stmt, array('id' => $php_config_id)); + $this->_php_configs_cache[$php_config_id] = $stmt->fetch(PDO::FETCH_ASSOC); } return $this->_php_configs_cache[$php_config_id]; diff --git a/lib/classes/phpinterface/class.phpinterface_fcgid.php b/lib/classes/phpinterface/class.phpinterface_fcgid.php index 690f4da4..622e4e08 100644 --- a/lib/classes/phpinterface/class.phpinterface_fcgid.php +++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php @@ -19,13 +19,7 @@ * */ -class phpinterface_fcgid -{ - /** - * Database handler - * @var object - */ - private $_db = false; +class phpinterface_fcgid { /** * Settings array @@ -36,27 +30,25 @@ class phpinterface_fcgid /** * Domain-Data array * @var array - */ + */ private $_domain = array(); /** * Admin-Date cache array * @var array - */ + */ private $_admin_cache = array(); /** * main constructor - */ - public function __construct($db, $settings, $domain) - { - $this->_db = $db; + */ + public function __construct($settings, $domain) { $this->_settings = $settings; $this->_domain = $domain; } - public function createConfig($phpconfig) - { + public function createConfig($phpconfig) { + // create starter $starter_file = "#!/bin/sh\n\n"; $starter_file.= "#\n"; @@ -68,18 +60,13 @@ class phpinterface_fcgid $starter_file.= "export PHPRC\n"; // set number of processes for one domain - if((int)$this->_domain['mod_fcgid_starter'] != - 1) - { + if ((int)$this->_domain['mod_fcgid_starter'] != - 1) { $starter_file.= "PHP_FCGI_CHILDREN=" . (int)$this->_domain['mod_fcgid_starter'] . "\n"; - } - else - { - if((int)$phpconfig['mod_fcgid_starter'] != - 1) - { + + } else { + if ((int)$phpconfig['mod_fcgid_starter'] != - 1) { $starter_file.= "PHP_FCGI_CHILDREN=" . (int)$phpconfig['mod_fcgid_starter'] . "\n"; - } - else - { + } else { $starter_file.= "PHP_FCGI_CHILDREN=" . (int)$this->_settings['system']['mod_fcgid_starter'] . "\n"; } } @@ -87,18 +74,12 @@ class phpinterface_fcgid $starter_file.= "export PHP_FCGI_CHILDREN\n"; // set number of maximum requests for one domain - if((int)$this->_domain['mod_fcgid_maxrequests'] != - 1) - { + if ((int)$this->_domain['mod_fcgid_maxrequests'] != - 1) { $starter_file.= "PHP_FCGI_MAX_REQUESTS=" . (int)$this->_domain['mod_fcgid_maxrequests'] . "\n"; - } - else - { - if((int)$phpconfig['mod_fcgid_maxrequests'] != - 1) - { + } else { + if ((int)$phpconfig['mod_fcgid_maxrequests'] != - 1) { $starter_file.= "PHP_FCGI_MAX_REQUESTS=" . (int)$phpconfig['mod_fcgid_maxrequests'] . "\n"; - } - else - { + } else { $starter_file.= "PHP_FCGI_MAX_REQUESTS=" . (int)$this->_settings['system']['mod_fcgid_maxrequests'] . "\n"; } } @@ -109,8 +90,7 @@ class phpinterface_fcgid $starter_file.= "exec " . $phpconfig['binary'] . " -c " . escapeshellarg($this->getConfigDir()) . "\n"; //remove +i attibute, so starter can be overwritten - if(file_exists($this->getStarterFile())) - { + if (file_exists($this->getStarterFile())) { removeImmutable($this->getStarterFile()); } @@ -122,34 +102,36 @@ class phpinterface_fcgid setImmutable($this->getStarterFile()); } - public function createIniFile($phpconfig) - { + /** + * create customized php.ini + * + * @param array $phpconfig + */ + public function createIniFile($phpconfig) { + $openbasedir = ''; $openbasedirc = ';'; - if($this->_domain['openbasedir'] == '1') - { + if ($this->_domain['openbasedir'] == '1') { + $openbasedirc = ''; $_phpappendopenbasedir = ''; $_custom_openbasedir = explode(':', $this->_settings['system']['mod_fcgid_peardir']); - foreach($_custom_openbasedir as $cobd) - { + foreach ($_custom_openbasedir as $cobd) { $_phpappendopenbasedir .= appendOpenBasedirPath($cobd); } $_custom_openbasedir = explode(':', $this->_settings['system']['phpappendopenbasedir']); - foreach($_custom_openbasedir as $cobd) - { + foreach ($_custom_openbasedir as $cobd) { $_phpappendopenbasedir .= appendOpenBasedirPath($cobd); } - if($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false) - { + if ($this->_domain['openbasedir_path'] == '0' + && strstr($this->_domain['documentroot'], ":") === false + ) { $openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true); - } - else - { + } else { $openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true); } @@ -158,34 +140,31 @@ class phpinterface_fcgid $openbasedir = explode(':', $openbasedir); $clean_openbasedir = array(); - foreach($openbasedir as $number => $path) - { - if(trim($path) != '/') - { + foreach ($openbasedir as $number => $path) { + if (trim($path) != '/') { $clean_openbasedir[] = makeCorrectDir($path); } } $openbasedir = implode(':', $clean_openbasedir); - } - else - { + + } else { $openbasedir = 'none'; $openbasedirc = ';'; } $admin = $this->_getAdminData($this->_domain['adminid']); $php_ini_variables = array( - 'SAFE_MODE' => 'Off', // keep this for compatibility, just in case - 'PEAR_DIR' => $this->_settings['system']['mod_fcgid_peardir'], - 'OPEN_BASEDIR' => $openbasedir, - 'OPEN_BASEDIR_C' => $openbasedirc, - 'OPEN_BASEDIR_GLOBAL' => $this->_settings['system']['phpappendopenbasedir'], - 'TMP_DIR' => $this->getTempDir(), - 'CUSTOMER_EMAIL' => $this->_domain['email'], - 'ADMIN_EMAIL' => $admin['email'], - 'DOMAIN' => $this->_domain['domain'], - 'CUSTOMER' => $this->_domain['loginname'], - 'ADMIN' => $admin['loginname'] + 'SAFE_MODE' => 'Off', // keep this for compatibility, just in case + 'PEAR_DIR' => $this->_settings['system']['mod_fcgid_peardir'], + 'OPEN_BASEDIR' => $openbasedir, + 'OPEN_BASEDIR_C' => $openbasedirc, + 'OPEN_BASEDIR_GLOBAL' => $this->_settings['system']['phpappendopenbasedir'], + 'TMP_DIR' => $this->getTempDir(), + 'CUSTOMER_EMAIL' => $this->_domain['email'], + 'ADMIN_EMAIL' => $admin['email'], + 'DOMAIN' => $this->_domain['domain'], + 'CUSTOMER' => $this->_domain['loginname'], + 'ADMIN' => $admin['loginname'] ); //insert a small header for the file @@ -206,17 +185,16 @@ class phpinterface_fcgid /** * fcgid-config directory - * + * * @param boolean $createifnotexists create the directory if it does not exist - * + * * @return string the directory */ - public function getConfigDir($createifnotexists = true) - { + public function getConfigDir($createifnotexists = true) { + $configdir = makeCorrectDir($this->_settings['system']['mod_fcgid_configdir'] . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/'); - if(!is_dir($configdir) && $createifnotexists) - { + if (!is_dir($configdir) && $createifnotexists) { safe_exec('mkdir -p ' . escapeshellarg($configdir)); safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir)); } @@ -226,66 +204,62 @@ class phpinterface_fcgid /** * fcgid-temp directory - * + * * @param boolean $createifnotexists create the directory if it does not exist - * + * * @return string the directory */ - public function getTempDir($createifnotexists = true) - { + public function getTempDir($createifnotexists = true) { + $tmpdir = makeCorrectDir($this->_settings['system']['mod_fcgid_tmpdir'] . '/' . $this->_domain['loginname'] . '/'); - if(!is_dir($tmpdir) && $createifnotexists) - { + if (!is_dir($tmpdir) && $createifnotexists) { safe_exec('mkdir -p ' . escapeshellarg($tmpdir)); safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir)); safe_exec('chmod 0750 ' . escapeshellarg($tmpdir)); } - + return $tmpdir; } /** * return path of php-starter file - * + * * @return string the directory */ - public function getStarterFile() - { + public function getStarterFile() { $starter_filename = makeCorrectFile($this->getConfigDir() . '/php-fcgi-starter'); return $starter_filename; } /** * return path of php.ini file - * + * * @return string full with path file-name */ - public function getIniFile() - { + public function getIniFile() { $phpini_filename = makeCorrectFile($this->getConfigDir() . '/php.ini'); return $phpini_filename; } /** * return the admin-data of a specific admin - * + * * @param int $adminid id of the admin-user - * + * * @return array */ - private function _getAdminData($adminid) - { + private function _getAdminData($adminid) { + $adminid = intval($adminid); - if(!isset($this->_admin_cache[$adminid])) - { - $this->_admin_cache[$adminid] = $this->_db->query_first( - "SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` - WHERE `adminid` = " . (int)$adminid + if (!isset($this->_admin_cache[$adminid])) { + $stmt = Database::prepare("TABLE_PANEL_ADMINS + SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id" ); + Database::pexecute($stmt, array('id' => $adminid)); + $this->_admin_cache[$adminid] = $stmt->fetch(PDO::FETCH_ASSOC); } - return $this->_admin_cache[$adminid]; } } diff --git a/lib/classes/phpinterface/class.phpinterface_fpm.php b/lib/classes/phpinterface/class.phpinterface_fpm.php index 00017f29..a364b19c 100644 --- a/lib/classes/phpinterface/class.phpinterface_fpm.php +++ b/lib/classes/phpinterface/class.phpinterface_fpm.php @@ -19,13 +19,7 @@ * */ -class phpinterface_fpm -{ - /** - * Database handler - * @var object - */ - private $_db = false; +class phpinterface_fpm { /** * Settings array @@ -36,80 +30,83 @@ class phpinterface_fpm /** * Domain-Data array * @var array - */ + */ private $_domain = array(); /** * Admin-Date cache array * @var array - */ + */ private $_admin_cache = array(); /** * defines what can be used for pool-config from php.ini * @var array - */ + */ private $_ini = array( - 'php_value' => array( - 'error_reporting', - 'max_execution_time', - 'include_path', - 'upload_max_filesize', - 'log_errors_max_len' - ), - 'php_flag' => array( - 'short_open_tag', - 'asp_tags', - 'display_errors', - 'display_startup_errors', - 'log_errors', - 'track_errors', - 'html_errors', - 'magic_quotes_gpc', - 'magic_quotes_runtime', - 'magic_quotes_sybase' - ), - 'php_admin_value' => array( - 'precision', - 'output_buffering', - 'disable_functions', - 'max_input_time', - 'memory_limit', - 'post_max_size', - 'variables_order', - 'gpc_order', - 'date.timezone' - ), - 'php_admin_flag' => array( - 'allow_call_time_pass_reference', - 'allow_url_fopen', - 'cgi.force_redirect', - 'enable_dl', - 'expose_php', - 'ignore_repeated_errors', - 'ignore_repeated_source', - 'report_memleaks', - 'register_argc_argv', - 'file_uploads', - 'allow_url_fopen' - ) + 'php_value' => array( + 'error_reporting', + 'max_execution_time', + 'include_path', + 'upload_max_filesize', + 'log_errors_max_len' + ), + 'php_flag' => array( + 'short_open_tag', + 'asp_tags', + 'display_errors', + 'display_startup_errors', + 'log_errors', + 'track_errors', + 'html_errors', + 'magic_quotes_gpc', + 'magic_quotes_runtime', + 'magic_quotes_sybase' + ), + 'php_admin_value' => array( + 'precision', + 'output_buffering', + 'disable_functions', + 'max_input_time', + 'memory_limit', + 'post_max_size', + 'variables_order', + 'gpc_order', + 'date.timezone' + ), + 'php_admin_flag' => array( + 'allow_call_time_pass_reference', + 'allow_url_fopen', + 'cgi.force_redirect', + 'enable_dl', + 'expose_php', + 'ignore_repeated_errors', + 'ignore_repeated_source', + 'report_memleaks', + 'register_argc_argv', + 'file_uploads', + 'allow_url_fopen' + ) ); /** * main constructor - */ - public function __construct($db, $settings, $domain) - { - $this->_db = $db; + */ + public function __construct($settings, $domain) { $this->_settings = $settings; $this->_domain = $domain; } - public function createConfig($phpconfig) - { + /** + * create fpm-pool config + * + * @param array $phpconfig + */ + public function createConfig($phpconfig) { + $fh = @fopen($this->getConfigFile(), 'w'); - if($fh) - { + + if ($fh) { $fpm_pm = $this->_settings['phpfpm']['pm']; $fpm_children = (int)$this->_settings['phpfpm']['max_children']; $fpm_start_servers = (int)$this->_settings['phpfpm']['start_servers']; @@ -118,39 +115,34 @@ class phpinterface_fpm $fpm_requests = (int)$this->_settings['phpfpm']['max_requests']; $fpm_process_idle_timeout = (int)$this->_settings['phpfpm']['idle_timeout']; - if($fpm_children == 0) { + if ($fpm_children == 0) { $fpm_children = 1; } $fpm_config = ';PHP-FPM configuration for "'.$this->_domain['domain'].'" created on ' . date("Y.m.d H:i:s") . "\n"; $fpm_config.= '['.$this->_domain['domain'].']'."\n"; $fpm_config.= 'listen = '.$this->getSocketFile()."\n"; - if($this->_domain['loginname'] == 'froxlor.panel') - { + if ($this->_domain['loginname'] == 'froxlor.panel') { $fpm_config.= 'listen.owner = '.$this->_domain['guid']."\n"; $fpm_config.= 'listen.group = '.$this->_domain['guid']."\n"; - } - else - { + } else { $fpm_config.= 'listen.owner = '.$this->_domain['loginname']."\n"; $fpm_config.= 'listen.group = '.$this->_domain['loginname']."\n"; } $fpm_config.= 'listen.mode = 0666'."\n"; - if($this->_domain['loginname'] == 'froxlor.panel') - { + if ($this->_domain['loginname'] == 'froxlor.panel') { $fpm_config.= 'user = '.$this->_domain['guid']."\n"; $fpm_config.= 'group = '.$this->_domain['guid']."\n"; - } - else - { + } else { $fpm_config.= 'user = '.$this->_domain['loginname']."\n"; $fpm_config.= 'group = '.$this->_domain['loginname']."\n"; } $fpm_config.= 'pm = '.$fpm_pm."\n"; $fpm_config.= 'pm.max_children = '.$fpm_children."\n"; - if($fpm_pm == 'dynamic') { + + if ($fpm_pm == 'dynamic') { // failsafe, refs #955 if ($fpm_start_servers < $fpm_min_spare_servers) { $fpm_start_servers = $fpm_min_spare_servers; @@ -167,12 +159,10 @@ class phpinterface_fpm } $fpm_config.= 'pm.max_requests = '.$fpm_requests."\n"; - $fpm_config.= ';chroot = '.makeCorrectDir($this->_domain['documentroot'])."\n"; $tmpdir = makeCorrectDir($this->_settings['phpfpm']['tmpdir'] . '/' . $this->_domain['loginname'] . '/'); - if(!is_dir($tmpdir)) - { + if (!is_dir($tmpdir)) { $this->getTempDir(); } //$slowlog = makeCorrectFile($this->_settings['system']['logfiles_directory'] . $this->_domain['loginname'] . '/php-fpm_slow.log'); @@ -182,30 +172,26 @@ class phpinterface_fpm $fpm_config.= 'env[TEMP] = '.$tmpdir."\n"; $fpm_config.= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f '.$this->_domain['email']."\n"; - if($this->_domain['loginname'] != 'froxlor.panel') - { - if($this->_domain['openbasedir'] == '1') - { + + if ($this->_domain['loginname'] != 'froxlor.panel') { + if ($this->_domain['openbasedir'] == '1') { $openbasedir = ''; $_phpappendopenbasedir = ''; $_custom_openbasedir = explode(':', $this->_settings['phpfpm']['peardir']); - foreach($_custom_openbasedir as $cobd) - { + foreach ($_custom_openbasedir as $cobd) { $_phpappendopenbasedir .= appendOpenBasedirPath($cobd); } $_custom_openbasedir = explode(':', $this->_settings['system']['phpappendopenbasedir']); - foreach($_custom_openbasedir as $cobd) - { + foreach ($_custom_openbasedir as $cobd) { $_phpappendopenbasedir .= appendOpenBasedirPath($cobd); } - if($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false) - { + if ($this->_domain['openbasedir_path'] == '0' + && strstr($this->_domain['documentroot'], ":") === false + ) { $openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true); - } - else - { + } else { $openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true); } @@ -214,10 +200,8 @@ class phpinterface_fpm $openbasedir = explode(':', $openbasedir); $clean_openbasedir = array(); - foreach($openbasedir as $number => $path) - { - if(trim($path) != '/') - { + foreach ($openbasedir as $number => $path) { + if (trim($path) != '/') { $clean_openbasedir[] = makeCorrectDir($path); } } @@ -230,6 +214,7 @@ class phpinterface_fpm $fpm_config.= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir($this->_settings['phpfpm']['tmpdir'] . '/' . $this->_domain['loginname'] . '/') . "\n"; $admin = $this->_getAdminData($this->_domain['adminid']); + $php_ini_variables = array( 'SAFE_MODE' => 'Off', // keep this for compatibility, just in case 'PEAR_DIR' => $this->_settings['system']['mod_fcgid_peardir'], @@ -265,8 +250,7 @@ class phpinterface_fpm * * @param string $phpconfig */ - public function createIniFile($phpconfig) - { + public function createIniFile($phpconfig) { return; } @@ -277,13 +261,12 @@ class phpinterface_fpm * * @return string the full path to the file */ - public function getConfigFile($createifnotexists = true) - { + public function getConfigFile($createifnotexists = true) { + $configdir = makeCorrectDir($this->_settings['phpfpm']['configdir']); $config = makeCorrectFile($configdir.'/'.$this->_domain['domain'].'.conf'); - if(!is_dir($configdir) && $createifnotexists) - { + if (!is_dir($configdir) && $createifnotexists) { safe_exec('mkdir -p ' . escapeshellarg($configdir)); } @@ -297,13 +280,12 @@ class phpinterface_fpm * * @return string the full path to the socket */ - public function getSocketFile($createifnotexists = true) - { + public function getSocketFile($createifnotexists = true) { + $socketdir = makeCorrectDir('/var/run/'.$this->_settings['system']['webserver'].'/'); $socket = makeCorrectFile($socketdir.'/'.$this->_domain['loginname'].'-'.$this->_domain['domain'].'-php-fpm.socket'); - if(!is_dir($socketdir) && $createifnotexists) - { + if (!is_dir($socketdir) && $createifnotexists) { safe_exec('mkdir -p '.escapeshellarg($socketdir)); safe_exec('chown -R '.$this->_settings['system']['httpuser'].':'.$this->_settings['system']['httpgroup'].' '.escapeshellarg($socketdir)); } @@ -318,12 +300,11 @@ class phpinterface_fpm * * @return string the directory */ - public function getTempDir($createifnotexists = true) - { + public function getTempDir($createifnotexists = true) { + $tmpdir = makeCorrectDir($this->_settings['phpfpm']['tmpdir'] . '/' . $this->_domain['loginname'] . '/'); - if(!is_dir($tmpdir) && $createifnotexists) - { + if (!is_dir($tmpdir) && $createifnotexists) { safe_exec('mkdir -p ' . escapeshellarg($tmpdir)); safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir)); safe_exec('chmod 0750 ' . escapeshellarg($tmpdir)); @@ -333,28 +314,27 @@ class phpinterface_fpm } /** - * fastcgi-fakedirectory directory - * - * @param boolean $createifnotexists create the directory if it does not exist - * - * @return string the directory - */ - public function getAliasConfigDir($createifnotexists = true) - { - // ensure default... - if (!isset($this->_settings['phpfpm']['aliasconfigdir'])) { - $this->_settings['phpfpm']['aliasconfigdir'] = '/var/www/php-fpm'; - } + * fastcgi-fakedirectory directory + * + * @param boolean $createifnotexists create the directory if it does not exist + * + * @return string the directory + */ + public function getAliasConfigDir($createifnotexists = true) { - $configdir = makeCorrectDir($this->_settings['phpfpm']['aliasconfigdir'] . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/'); - if(!is_dir($configdir) && $createifnotexists) - { - safe_exec('mkdir -p ' . escapeshellarg($configdir)); - safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir)); - } + // ensure default... + if (!isset($this->_settings['phpfpm']['aliasconfigdir'])) { + $this->_settings['phpfpm']['aliasconfigdir'] = '/var/www/php-fpm'; + } - return $configdir; - } + $configdir = makeCorrectDir($this->_settings['phpfpm']['aliasconfigdir'] . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/'); + if (!is_dir($configdir) && $createifnotexists) { + safe_exec('mkdir -p ' . escapeshellarg($configdir)); + safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir)); + } + + return $configdir; + } /** * return the admin-data of a specific admin @@ -364,15 +344,16 @@ class phpinterface_fpm * @return array */ private function _getAdminData($adminid) { + $adminid = intval($adminid); if (!isset($this->_admin_cache[$adminid])) { - $this->_admin_cache[$adminid] = $this->_db->query_first( - "SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` - WHERE `adminid` = " . (int)$adminid + $stmt = Database::prepare("TABLE_PANEL_ADMINS + SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id" ); + Database::pexecute($stmt, array('id' => $adminid)); + $this->_admin_cache[$adminid] = $stmt->fetch(PDO::FETCH_ASSOC); } - return $this->_admin_cache[$adminid]; } } diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index 8f36388d..abec451c 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -234,7 +234,7 @@ class apache 'loginname' => 'froxlor.panel', 'documentroot' => $mypath ); - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); $phpconfig = $php->getPhpConfig($this->settings['system']['mod_fcgid_defaultini_ownvhost']); $starter_filename = makeCorrectFile($configdir . '/php-fcgi-starter'); @@ -273,7 +273,7 @@ class apache 'documentroot' => $mypath, ); - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); $phpconfig = $php->getPhpConfig($this->settings['phpfpm']['vhost_defaultini']); $srvName = substr(md5($ipport),0,4).'.fpm.external'; if ($row_ipsandports['ssl']) { diff --git a/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php b/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php index 8caa27c5..215769fc 100644 --- a/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php +++ b/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php @@ -32,7 +32,7 @@ class apache_fcgid extends apache if($domain['phpenabled'] == '1') { - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); $phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']); if((int)$this->settings['phpfpm']['enabled'] == 1) @@ -93,8 +93,8 @@ class apache_fcgid extends apache // create starter-file | config-file $php->getInterface()->createConfig($phpconfig); - // create php.ini - // @TODO make php-fpm support this + // create php.ini (fpm does nothing here, as it + // defines ini-settings in its pool config) $php->getInterface()->createIniFile($phpconfig); } else @@ -143,7 +143,7 @@ class apache_fcgid extends apache safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath)); // get php.ini for our own vhost - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); // get php-config if ($this->settings['phpfpm']['enabled'] == '1') { @@ -157,8 +157,8 @@ class apache_fcgid extends apache // create starter-file | config-file $php->getInterface()->createConfig($phpconfig); - // create php.ini - // @TODO make php-fpm support this + // create php.ini (fpm does nothing here, as it + // defines ini-settings in its pool config) $php->getInterface()->createIniFile($phpconfig); } } diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php index ed9544bc..e4f7bd09 100644 --- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php +++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php @@ -151,7 +151,7 @@ class lighttpd 'documentroot' => $mypath ); - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); $this->lighttpd_data[$vhost_filename].= ' fastcgi.server = ( '."\n"; $this->lighttpd_data[$vhost_filename].= "\t".'".php" => ('."\n"; diff --git a/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php b/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php index 160d4ef7..5b56175e 100644 --- a/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php +++ b/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php @@ -15,10 +15,6 @@ * */ -/* - * This script creates the php.ini's used by mod_suPHP+php-cgi - */ - if(@php_sapi_name() != 'cli' && @php_sapi_name() != 'cgi' && @php_sapi_name() != 'cgi-fcgi') @@ -34,7 +30,7 @@ class lighttpd_fcgid extends lighttpd if($domain['phpenabled'] == '1') { - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); $phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']); // vhost data for php-fpm @@ -105,8 +101,8 @@ class lighttpd_fcgid extends lighttpd // create starter-file | config-file $php->getInterface()->createConfig($phpconfig); - // create php.ini - // @TODO make php-fpm support this + // create php.ini (fpm does nothing here, as it + // defines ini-settings in its pool config) $php->getInterface()->createIniFile($phpconfig); } else @@ -145,7 +141,7 @@ class lighttpd_fcgid extends lighttpd safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath)); // get php.ini for our own vhost - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); // get php-config if ($this->settings['phpfpm']['enabled'] == '1') { @@ -159,8 +155,8 @@ class lighttpd_fcgid extends lighttpd // create starter-file | config-file $php->getInterface()->createConfig($phpconfig); - // create php.ini - // @TODO make php-fpm support this + // create php.ini (fpm does nothing here, as it + // defines ini-settings in its pool config) $php->getInterface()->createIniFile($phpconfig); } } diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index 1fe93709..2c45e543 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -242,7 +242,7 @@ class nginx 'documentroot' => $mypath, ); - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); $this->nginx_data[$vhost_filename] .= "\t\t".'fastcgi_pass unix:' . $php->getInterface()->getSocketFile() . ';' . "\n"; } else { $this->nginx_data[$vhost_filename] .= "\t\t".'fastcgi_pass ' . $this->settings['system']['nginx_php_backend'] . ';' . "\n"; diff --git a/scripts/jobs/cron_tasks.inc.http.35.nginx_phpfpm.php b/scripts/jobs/cron_tasks.inc.http.35.nginx_phpfpm.php index 391c7b10..93e10410 100644 --- a/scripts/jobs/cron_tasks.inc.http.35.nginx_phpfpm.php +++ b/scripts/jobs/cron_tasks.inc.http.35.nginx_phpfpm.php @@ -15,10 +15,6 @@ * */ -/* - * This script creates the php.ini's used by mod_suPHP+php-cgi - */ - if(@php_sapi_name() != 'cli' && @php_sapi_name() != 'cgi' && @php_sapi_name() != 'cgi-fcgi') @@ -34,7 +30,7 @@ class nginx_phpfpm extends nginx if($domain['phpenabled'] == '1') { - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); $phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']); $php_options_text = "\t".'location ~ \.php$ {'."\n"; @@ -52,8 +48,8 @@ class nginx_phpfpm extends nginx // create starter-file | config-file $php->getInterface()->createConfig($phpconfig); - // create php.ini - // @TODO make php-fpm support this + // create php.ini (fpm does nothing here, as it + // defines ini-settings in its pool config) $php->getInterface()->createIniFile($phpconfig); } else @@ -92,7 +88,7 @@ class nginx_phpfpm extends nginx safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath)); // get php.ini for our own vhost - $php = new phpinterface($this->getDB(), $this->settings, $domain); + $php = new phpinterface($this->settings, $domain); // get php-config if ($this->settings['phpfpm']['enabled'] == '1') { @@ -106,8 +102,8 @@ class nginx_phpfpm extends nginx // create starter-file | config-file $php->getInterface()->createConfig($phpconfig); - // create php.ini - // @TODO make php-fpm support this + // create php.ini (fpm does nothing here, as it + // defines ini-settings in its pool config) $php->getInterface()->createIniFile($phpconfig); } } From 2e42ef2043d0ff2c68406320a84c60590b74d2d1 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 09:41:01 +0100 Subject: [PATCH 04/11] fix creation of vhosts-config if email_only==1 (means, don't create a config) Signed-off-by: Michael Kaufmann (d00p) --- scripts/jobs/cron_tasks.inc.http.10.apache.php | 2 +- scripts/jobs/cron_tasks.inc.http.20.lighttpd.php | 2 +- scripts/jobs/cron_tasks.inc.http.30.nginx.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index abec451c..f4afc5fe 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -809,7 +809,7 @@ class apache GROUP BY `id_domain` ) AS p ON p.`id_domain` = `d`.`id` - WHERE `d`.`aliasdomain` IS NULL + WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` = '0' ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;"; $result_domains = $this->db->query($query); diff --git a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php index e4f7bd09..a5c9dc9a 100644 --- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php +++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php @@ -324,7 +324,7 @@ class lighttpd GROUP BY `id_domain` ) AS p ON p.`id_domain` = `d`.`id` - WHERE `d`.`aliasdomain` IS NULL + WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` = '0' ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;"; $included_vhosts = array(); diff --git a/scripts/jobs/cron_tasks.inc.http.30.nginx.php b/scripts/jobs/cron_tasks.inc.http.30.nginx.php index 2c45e543..10187b1b 100644 --- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php +++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php @@ -284,7 +284,7 @@ class nginx GROUP BY `id_domain` ) AS p ON p.`id_domain` = `d`.`id` - WHERE `d`.`aliasdomain` IS NULL + WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` = '0' ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;"; $result_domains = $this->db->query($query); From 94a5edc1eb0ace85fdead478327b57e4a35d78cd Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 10:51:50 +0100 Subject: [PATCH 05/11] implement pexecute_first to PDO database class to return a result right away Signed-off-by: Michael Kaufmann (d00p) --- lib/classes/database/class.Database.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/classes/database/class.Database.php b/lib/classes/database/class.Database.php index 29ef2066..bf554058 100644 --- a/lib/classes/database/class.Database.php +++ b/lib/classes/database/class.Database.php @@ -69,6 +69,22 @@ class Database { } } + /** + * Wrapper for PDOStatement::execute so we can catch the PDOException + * and display the error nicely on the panel - also fetches the + * result from the statement and returns the resulting array + * + * @param PDOStatement $stmt + * @param array $params (optional) + * @param bool $showerror suppress errordisplay (default true) + * + * @return array + */ + public static function pexecute_first(&$stmt, $params = null, $showerror = true) { + self::pexecute($stmt, $params, $showerror); + return $stmt->fetch(PDO::FETCH_ASSOC); + } + /** * returns the number of found rows of the last select query * From 8a9ed3d9f10a9096c21dc8ede100f06f45b4a886 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 10:52:20 +0100 Subject: [PATCH 06/11] change pexecute tp pexecute_first in phpinterface-classes Signed-off-by: Michael Kaufmann (d00p) --- lib/classes/phpinterface/class.phpinterface.php | 3 +-- lib/classes/phpinterface/class.phpinterface_fcgid.php | 3 +-- lib/classes/phpinterface/class.phpinterface_fpm.php | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/classes/phpinterface/class.phpinterface.php b/lib/classes/phpinterface/class.phpinterface.php index b4474ea2..579bdc80 100644 --- a/lib/classes/phpinterface/class.phpinterface.php +++ b/lib/classes/phpinterface/class.phpinterface.php @@ -97,8 +97,7 @@ class phpinterface { $stmt = Database::prepare(" SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id" ); - Database::pexecute($stmt, array('id' => $php_config_id)); - $this->_php_configs_cache[$php_config_id] = $stmt->fetch(PDO::FETCH_ASSOC); + $this->_php_configs_cache[$php_config_id] = Database::pexecute_first($stmt, array('id' => $php_config_id)); } return $this->_php_configs_cache[$php_config_id]; diff --git a/lib/classes/phpinterface/class.phpinterface_fcgid.php b/lib/classes/phpinterface/class.phpinterface_fcgid.php index 622e4e08..aedd20b1 100644 --- a/lib/classes/phpinterface/class.phpinterface_fcgid.php +++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php @@ -257,8 +257,7 @@ class phpinterface_fcgid { $stmt = Database::prepare("TABLE_PANEL_ADMINS SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id" ); - Database::pexecute($stmt, array('id' => $adminid)); - $this->_admin_cache[$adminid] = $stmt->fetch(PDO::FETCH_ASSOC); + $this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array('id' => $adminid)); } return $this->_admin_cache[$adminid]; } diff --git a/lib/classes/phpinterface/class.phpinterface_fpm.php b/lib/classes/phpinterface/class.phpinterface_fpm.php index a364b19c..a458a03a 100644 --- a/lib/classes/phpinterface/class.phpinterface_fpm.php +++ b/lib/classes/phpinterface/class.phpinterface_fpm.php @@ -351,8 +351,7 @@ class phpinterface_fpm { $stmt = Database::prepare("TABLE_PANEL_ADMINS SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id" ); - Database::pexecute($stmt, array('id' => $adminid)); - $this->_admin_cache[$adminid] = $stmt->fetch(PDO::FETCH_ASSOC); + $this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array('id' => $adminid)); } return $this->_admin_cache[$adminid]; } From 74bb3ccb7eae2a2ec16a4ea88976e559d46ee12a Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 11:06:03 +0100 Subject: [PATCH 07/11] migrate ticket-system to PDO database class, refs #1287 Signed-off-by: Michael Kaufmann (d00p) --- admin_tickets.php | 107 +++--- customer_tickets.php | 68 ++-- lib/classes/ticket/class.ticket.php | 446 ++++++++++++----------- scripts/jobs/cron_ticketarchive.php | 24 +- scripts/jobs/cron_used_tickets_reset.php | 3 +- 5 files changed, 329 insertions(+), 319 deletions(-) diff --git a/admin_tickets.php b/admin_tickets.php index fc284888..5d7713de 100644 --- a/admin_tickets.php +++ b/admin_tickets.php @@ -37,8 +37,7 @@ if (isset($_POST['id'])) { SELECT `id` FROM `panel_tickets` WHERE `id` = :id AND `adminid` = :adminid "); - Database::pexecute($stmt, array('id' => $id, 'adminid' => $userinfo['adminid'])); - $result = $stmt->fetch(PDO::FETCH_ASSOC); + $result = Database::pexecute_first($stmt, array('id' => $id, 'adminid' => $userinfo['adminid'])); if ($result == null) { // no rights to see the requested ticket @@ -57,8 +56,7 @@ if ($page == 'tickets' FROM `" . TABLE_PANEL_CUSTOMERS . "` " . ($userinfo['customers_see_all'] ? '' : "WHERE `adminid` = :adminid") ); - Database::pexecute($countcustomers_stmt, array('adminid' => $userinfo['adminid'])); - $countcustomers = $countcustomers_stmt->fetch(PDO::FETCH_ASSOC); + $countcustomers = Database::pexecute_first($countcustomers_stmt, array('adminid' => $userinfo['adminid'])); $countcustomers = (int)$countcustomers['countcustomers']; if ($action == '') { @@ -130,8 +128,7 @@ if ($page == 'tickets' FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :cid' ); - Database::pexecute($usr_stmt, array('cid' => $cid)); - $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC); + $usr = Database::pexecute_first($usr_stmt, array('cid' => $cid)); if (isset($usr['loginname'])) { $customer = getCorrectFullUserDetails($usr); @@ -186,7 +183,7 @@ if ($page == 'tickets' if (isset($_POST['send']) && $_POST['send'] == 'send' ) { - $newticket = ticket::getInstanceOf($userinfo, $db, $settings, -1); + $newticket = ticket::getInstanceOf($userinfo, $settings, -1); $newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); $newticket->Set('category', validate($_POST['category'], 'category'), true, false); @@ -221,8 +218,7 @@ if ($page == 'tickets' SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` '.$where.' ORDER BY `logicalorder`, `name` ASC' ); - Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'])); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + $result = Database::pexecute_first($result_stmt, array('adminid' => $userinfo['adminid'])); if (isset($result['name']) && $result['name'] != '' @@ -278,7 +274,7 @@ if ($page == 'tickets' && $_POST['send'] == 'send' ) { - $replyticket = ticket::getInstanceOf($userinfo, $db, $settings, -1); + $replyticket = ticket::getInstanceOf($userinfo, $settings, -1); $replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); $replyticket->Set('message', validate(htmlentities(str_replace("\r\n", "\n", $_POST['message'])), 'message', '/^[^\0]*$/'), true, false); @@ -287,7 +283,7 @@ if ($page == 'tickets' standard_error(array('stringisempty', 'mymessage')); } else { $now = time(); - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $replyticket->Set('customerid', $mainticket->Get('customer'), true, true); $replyticket->Set('lastchange', $now, true, true); $replyticket->Set('ip', $_SERVER['REMOTE_ADDR'], true, true); @@ -313,7 +309,7 @@ if ($page == 'tickets' } else { $ticket_replies = ''; - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $dt = date("d.m.Y H:i\h", $mainticket->Get('dt')); $status = ticket::getStatusText($lng, $mainticket->Get('status')); @@ -334,8 +330,7 @@ if ($page == 'tickets' FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :cid' ); - Database::pexecute($usr_stmt, array('cid' => $cid)); - $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC); + $usr = Database::pexecute_first($usr_stmt, array('cid' => $cid)); $by = ''; $by .= getCorrectFullUserDetails($usr).''; } @@ -347,8 +342,7 @@ if ($page == 'tickets' $result_stmt = Database::prepare(' SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :cid' ); - Database::pexecute($result_stmt, array('cid' => $mainticket->Get('category'))); - $row = $result_stmt->fetch(PDO::FETCH_ASSOC); + $row = Database::pexecute_first($result_stmt, array('cid' => $mainticket->Get('category'))); $andere_stmt = Database::prepare(' SELECT * FROM `' . TABLE_PANEL_TICKETS . '` @@ -359,7 +353,7 @@ if ($page == 'tickets' while ($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) { - $subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$row2['id']); + $subticket = ticket::getInstanceOf($userinfo, $settings, (int)$row2['id']); $lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange')); if ($subticket->Get('by') == '1') { @@ -371,8 +365,7 @@ if ($page == 'tickets' FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :cid' ); - Database::pexecute($usr_stmt, array('cid' => $cid)); - $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC); + $usr = Database::pexecute_first($usr_stmt, array('cid' => $cid)); $by = ''; $by .= getCorrectFullUserDetails($usr).''; } @@ -405,15 +398,15 @@ if ($page == 'tickets' && $_POST['send'] == 'send' ) { $now = time(); - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastreplier', '1', true, true); $mainticket->Set('status', '3', true, true); $mainticket->Update(); $log->logAction(ADM_ACTION, LOG_NOTICE, "closed ticket '" . $mainticket->Get('subject') . "'"); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } else { - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject')); } @@ -421,13 +414,13 @@ if ($page == 'tickets' && $id != 0 ) { $now = time(); - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastreplier', '1', true, true); $mainticket->Set('status', '0', true, true); $mainticket->Update(); $log->logAction(ADM_ACTION, LOG_NOTICE, "reopened ticket '" . $mainticket->Get('subject') . "'"); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } elseif($action == 'archive' && $id != 0 @@ -436,16 +429,16 @@ if ($page == 'tickets' && $_POST['send'] == 'send' ) { $now = time(); - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastreplier', '1', true, true); $mainticket->Set('status', '3', true, true); $mainticket->Update(); $mainticket->Archive(); $log->logAction(ADM_ACTION, LOG_NOTICE, "archived ticket '" . $mainticket->Get('subject') . "'"); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } else { - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); ask_yesno('ticket_reallyarchive', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject')); } @@ -455,12 +448,12 @@ if ($page == 'tickets' if (isset($_POST['send']) && $_POST['send'] == 'send' ) { - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $log->logAction(ADM_ACTION, LOG_INFO, "deleted ticket '" . $mainticket->Get('subject') . "'"); $mainticket->Delete(); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } else { - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); ask_yesno('ticket_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject')); } } @@ -533,18 +526,18 @@ if ($page == 'tickets' if ($order < 1 || $order >= 1000) { // use the latest available - $order = ticket::getHighestOrderNumber($db, $userinfo['adminid']) + 1; + $order = ticket::getHighestOrderNumber($userinfo['adminid']) + 1; } if ($category == '') { standard_error(array('stringisempty', 'mycategory')); } else { - ticket::addCategory($db, $category, $userinfo['adminid'], $order); + ticket::addCategory($category, $userinfo['adminid'], $order); $log->logAction(ADM_ACTION, LOG_INFO, "added ticket-category '" . $category . "'"); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } } else { - $order = ticket::getHighestOrderNumber($db, $userinfo['adminid']) + 1; + $order = ticket::getHighestOrderNumber($userinfo['adminid']) + 1; $category_new_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.category_new.php'; $category_new_form = htmlform::genHTMLForm($category_new_data); @@ -572,16 +565,15 @@ if ($page == 'tickets' if ($category == '') { standard_error(array('stringisempty', 'mycategory')); } else { - ticket::editCategory($db, $category, $id, $order); + ticket::editCategory($category, $id, $order); $log->logAction(ADM_ACTION, LOG_INFO, "edited ticket-category '" . $category . "'"); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } } else { $row_stmt = Database::prepare(' SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :id' ); - Database::pexecute($row_stmt, array('id' => $id)); - $row = $row_stmt->fetch(PDO::FETCH_ASSOC); + $row = Database::pexecute_first($row_stmt, array('id' => $id)); $category_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.category_edit.php'; $category_edit_form = htmlform::genHTMLForm($category_edit_data); @@ -597,15 +589,15 @@ if ($page == 'tickets' if (isset($_POST['send']) && $_POST['send'] == 'send' ) { - if (ticket::deleteCategory($db, $id) == false) { + if (ticket::deleteCategory($id) == false) { standard_error('categoryhastickets'); } $log->logAction(ADM_ACTION, LOG_INFO, "deleted ticket-category #" . $id); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } else { - $name = ticket::getCategoryName($db, $id); + $name = ticket::getCategoryName($id); ask_yesno('ticket_reallydeletecat', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $name); } } @@ -697,8 +689,7 @@ if ($page == 'tickets' FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :cid' ); - Database::pexecute($usr_stmt, array('cid' => $cid)); - $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC); + $usr = Database::pexecute_first($usr_stmt, array('cid' => $cid)); if (isset($usr['loginname'])) { $customer = getCorrectFullUserDetails($usr); @@ -745,7 +736,7 @@ if ($page == 'tickets' } else { $archived = array(); - $archived = ticket::getLastArchived($db, 6, $userinfo['adminid']); + $archived = ticket::getLastArchived(6, $userinfo['adminid']); $tickets = ''; if ($archived !== false) { @@ -800,27 +791,22 @@ if ($page == 'tickets' ) { $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed archived-ticket #" . $id); $ticket_replies = ''; - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $lastchange = date("d.m.Y H:i\h", $mainticket->Get('lastchange')); $dt = date("d.m.Y H:i\h", $mainticket->Get('dt')); $status = ticket::getStatusText($lng, $mainticket->Get('status')); $isclosed = 1; - if($mainticket->Get('by') == '1') - { + if ($mainticket->Get('by') == '1') { $by = $lng['ticket']['staff']; - } - else - { + } else { $cid = $mainticket->Get('customer'); $usr_stmt = Database::prepare(' SELECT `customerid`, `firstname`, `name`, `company`, `loginname` FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :cid' ); - Database::pexecute($usr_stmt, array('cid' => $cid)); - $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC); - + $usr = Database::pexecute_first($usr_stmt, array('cid' => $cid)); $by = ''; $by .= getCorrectFullUserDetails($usr).''; } @@ -832,8 +818,7 @@ if ($page == 'tickets' $result_stmt = Database::prepare(' SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :cid' ); - Database::pexecute($result_stmt, array('cid' => $mainticket->Get('category'))); - $row = $result_stmt->fetch(PDO::FETCH_ASSOC); + $row = Database::pexecute_first($result_stmt, array('cid' => $mainticket->Get('category'))); $andere_stmt = Database::prepare(' SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :id' @@ -843,7 +828,7 @@ if ($page == 'tickets' while ($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) { - $subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$row2['id']); + $subticket = ticket::getInstanceOf($userinfo, $settings, (int)$row2['id']); $lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange')); if ($subticket->Get('by') == '1') { @@ -855,9 +840,7 @@ if ($page == 'tickets' FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :cid' ); - Database::pexecute($usr_stmt, array('cid' => $cid)); - $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC); - + $usr = Database::pexecute_first($usr_stmt, array('cid' => $cid)); $by = ''; $by .= getCorrectFullUserDetails($usr).''; } @@ -882,12 +865,12 @@ if ($page == 'tickets' if (isset($_POST['send']) && $_POST['send'] == 'send' ) { - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $log->logAction(ADM_ACTION, LOG_INFO, "deleted archived ticket '" . $mainticket->Get('subject') . "'"); $mainticket->Delete(); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } else { - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); ask_yesno('ticket_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject')); } } diff --git a/customer_tickets.php b/customer_tickets.php index 780a9b8a..d3f0d31a 100644 --- a/customer_tickets.php +++ b/customer_tickets.php @@ -18,22 +18,18 @@ */ define('AREA', 'customer'); - -/** - * Include our init.php, which manages Sessions, Language etc. - */ - require ("./lib/init.php"); -if(isset($_POST['id'])) { +if (isset($_POST['id'])) { + $id = intval($_POST['id']); /* * Check if the current user is allowed to see the current ticket. */ $stmt = Database::prepare("SELECT `id` FROM `panel_tickets` WHERE `id` = :id AND `customerid` = :customerid"); - Database::pexecute($stmt, array("id" => $id, "customerid" => $userinfo['customerid'])); - $result = $stmt->fetch(PDO::FETCH_ASSOC); + $result = Database::pexecute_first($stmt, array("id" => $id, "customerid" => $userinfo['customerid'])); + if ($result == null) { // no rights to see the requested ticket standard_error(array('ticketnotaccessible')); @@ -141,8 +137,7 @@ if($page == 'overview') { AND `answerto` = "0" AND (`status` = "0" OR `status` = "1" OR `status` = "2")' ); - Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); - $opentickets = $stmt->fetch(PDO::FETCH_ASSOC); + $opentickets = Database::pexecute_first($stmt, array("customerid" => $userinfo['customerid'])); if($settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') { $notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open'])); @@ -152,10 +147,11 @@ if($page == 'overview') { $ticketsopen = (int)$opentickets['count']; eval("echo \"" . getTemplate("tickets/tickets") . "\";"); + } elseif($action == 'new') { if($userinfo['tickets_used'] < $userinfo['tickets'] || $userinfo['tickets'] == '-1') { if(isset($_POST['send']) && $_POST['send'] == 'send') { - $newticket = ticket::getInstanceOf($userinfo, $db, $settings, -1); + $newticket = ticket::getInstanceOf($userinfo, $settings, -1); $newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); $newticket->Set('category', validate($_POST['category'], 'category'), true, false); @@ -185,11 +181,9 @@ if($page == 'overview') { Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); // Customer mail - $newticket->sendMail((int)$userinfo['customerid'], 'new_ticket_for_customer_subject', $lng['mails']['new_ticket_for_customer']['subject'], 'new_ticket_for_customer_mailbody', $lng['mails']['new_ticket_for_customer']['mailbody']); // Admin mail - $newticket->sendMail(-1, 'new_ticket_by_customer_subject', $lng['mails']['new_ticket_by_customer']['subject'], 'new_ticket_by_customer_mailbody', $lng['mails']['new_ticket_by_customer']['mailbody']); redirectTo($filename, Array('page' => $page, 's' => $s)); } @@ -199,10 +193,9 @@ if($page == 'overview') { WHERE `adminid` = :adminid ORDER BY `logicalorder`, `name` ASC' ); - Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'])); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + $result = Database::pexecute_first($result_stmt, array("adminid" => $userinfo['adminid'])); - if(isset($result['name']) && $result['name'] != '') { + if (isset($result['name']) && $result['name'] != '') { $result2_stmt = Database::prepare('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = :adminid ORDER BY `logicalorder`, `name` ASC' @@ -225,10 +218,11 @@ if($page == 'overview') { AND `answerto` = "0" AND (`status` = "0" OR `status` = "1" OR `status` = "2")' ); - Database::pexecute($opentickets_stmt, array("customerid" => $userinfo['customerid'])); - $opentickets = $opentickets_stmt->fetch(PDO::FETCH_ASSOC); + $opentickets = Database::pexecute_first($opentickets_stmt, array("customerid" => $userinfo['customerid'])); - if($settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') { + if ($settings['ticket']['concurrently_open'] != - 1 + && $settings['ticket']['concurrently_open'] != '' + ) { $notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open'])); } else { $notmorethanxopentickets = ''; @@ -249,7 +243,7 @@ if($page == 'overview') { } } elseif($action == 'answer' && $id != 0) { if(isset($_POST['send']) && $_POST['send'] == 'send') { - $replyticket = ticket::getInstanceOf($userinfo, $db, $settings, -1); + $replyticket = ticket::getInstanceOf($userinfo, $settings, -1); $replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); $replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false); @@ -267,8 +261,7 @@ if($page == 'overview') { $replyticket->Insert(); // Update priority if changed - - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); if($replyticket->Get('priority') != $mainticket->Get('priority')) { $mainticket->Set('priority', $replyticket->Get('priority'), true); @@ -284,7 +277,7 @@ if($page == 'overview') { } } else { $ticket_replies = ''; - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $dt = date("d.m.Y H:i\h", $mainticket->Get('dt')); $status = ticket::getStatusText($lng, $mainticket->Get('status')); @@ -302,10 +295,8 @@ if($page == 'overview') { FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid ' ); - Database::pexecute($usr_stmt, array("customerid" => $cid)); - $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC); + $usr = Database::pexecute_first($usr_stmt, array("customerid" => $cid)); $by = getCorrectFullUserDetails($usr); - //$by = $lng['ticket']['customer']; } $subject = $mainticket->Get('subject'); @@ -314,24 +305,23 @@ if($page == 'overview') { $result_stmt = Database::prepare('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id`= :id ' ); - Database::pexecute($result_stmt, array("id" => $mainticket->Get('category'))); - $row = $result_stmt->fetch(PDO::FETCH_ASSOC); + $row = Database::pexecute_first($result_stmt, array("id" => $mainticket->Get('category'))); $andere_stmt = Database::prepare('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto`= :answerto ORDER BY `lastchange` ASC' ); Database::pexecute($andere_stmt, array("answerto" => $id)); - + $numrows_andere = Database::num_rows(); + while($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) { - $subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$row2['id']); + $subticket = ticket::getInstanceOf($userinfo, $settings, (int)$row2['id']); $lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange')); if($subticket->Get('by') == '1') { $by = $lng['ticket']['staff']; } else { $by = getCorrectFullUserDetails($usr); - //$by = $lng['ticket']['customer']; } $subject = $subticket->Get('subject'); @@ -343,10 +333,9 @@ if($page == 'overview') { $priorities.= makeoption($lng['ticket']['normal'], '2', $mainticket->Get('priority'), true, true); $priorities.= makeoption($lng['ticket']['low'], '3', $mainticket->Get('priority'), true, true); $subject = $mainticket->Get('subject'); - $ticket_replies_count = $db->num_rows($andere) + 1; + $ticket_replies_count = $numrows_andere + 1; // don't forget the main-ticket! - $ticket_reply_data = include_once dirname(__FILE__).'/lib/formfields/customer/tickets/formfield.ticket_reply.php'; $ticket_reply_form = htmlform::genHTMLForm($ticket_reply_data); @@ -358,7 +347,7 @@ if($page == 'overview') { } elseif($action == 'close' && $id != 0) { if(isset($_POST['send']) && $_POST['send'] == 'send') { $now = time(); - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastreplier', '0', true, true); $mainticket->Set('status', '3', true, true); @@ -366,7 +355,7 @@ if($page == 'overview') { $log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'"); redirectTo($filename, Array('page' => $page, 's' => $s)); } else { - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject')); } } elseif($action == 'reopen' && $id != 0) { @@ -376,8 +365,7 @@ if($page == 'overview') { AND `answerto` = "0" AND (`status` = "0" OR `status` = "1" OR `status` = "2")' ); - Database::pexecute($opentickets_stmt, array("customerid" => $userinfo['customerid'])); - $opentickets = $opentickets_stmt->fetch(PDO::FETCH_ASSOC); + $opentickets = Database::pexecute_first($opentickets_stmt, array("customerid" => $userinfo['customerid'])); $ticketsopen = (int)$opentickets['count']; if($ticketsopen > $settings['ticket']['concurrently_open'] && $settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') { @@ -385,14 +373,12 @@ if($page == 'overview') { } $now = time(); - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id); $mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastreplier', '0', true, true); $mainticket->Set('status', '0', true, true); $mainticket->Update(); $log->logAction(USR_ACTION, LOG_NOTICE, "reopened support-ticket '" . $mainticket->Get('subject') . "'"); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } } - -?> diff --git a/lib/classes/ticket/class.ticket.php b/lib/classes/ticket/class.ticket.php index e6e2aefe..ce8fef15 100644 --- a/lib/classes/ticket/class.ticket.php +++ b/lib/classes/ticket/class.ticket.php @@ -20,20 +20,14 @@ * Support Tickets - Tickets-Class */ -class ticket -{ +class ticket { + /** * Userinfo * @var array */ private $userinfo = array(); - /** - * Database handler - * @var db - */ - private $db = false; - /** * Settings array * @var settings @@ -68,14 +62,11 @@ class ticket * Class constructor. * * @param array userinfo - * @param resource database * @param array settings * @param int ticket id */ - private function __construct($userinfo, $db, $settings, $tid = - 1) - { + private function __construct($userinfo, $settings, $tid = - 1) { $this->userinfo = $userinfo; - $this->db = $db; $this->settings = $settings; $this->tid = $tid; @@ -96,23 +87,22 @@ class ticket /** * Singleton ftw ;-) * + * @param array userinfo + * @param array settings * @param int ticket id */ - static public function getInstanceOf($_usernfo, $_db, $_settings, $_tid) - { - if(!isset(self::$tickets[$_tid])) - { - self::$tickets[$_tid] = new ticket($_usernfo, $_db, $_settings, $_tid); + static public function getInstanceOf($_usernfo, $_settings, $_tid) { + if (!isset(self::$tickets[$_tid])) { + self::$tickets[$_tid] = new ticket($_usernfo, $_settings, $_tid); } - return self::$tickets[$_tid]; } /** * Initialize data-array */ - private function initData() - { + private function initData() { + $this->Set('customer', 0, true, true); $this->Set('admin', 1, true, true); $this->Set('subject', '', true, true); @@ -132,12 +122,16 @@ class ticket /** * Read ticket data from database. */ - private function readData() - { - if(isset($this->tid) - && $this->tid != - 1) - { - $_ticket = $this->db->query_first('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = "' . $this->tid . '"'); + private function readData() { + + if (isset($this->tid) + && $this->tid != - 1 + ) { + $_ticket_stmt = Database::prepare(' + SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' + ); + $_ticket = Database::pexecute_first($_ticket_stmt, array('tid' => $this->tid)); + $this->Set('customer', $_ticket['customerid'], true, false); $this->Set('admin', $_ticket['adminid'], true, false); $this->Set('subject', $_ticket['subject'], true, false); @@ -158,79 +152,104 @@ class ticket /** * Insert data to database */ - public function Insert() - { - $this->db->query("INSERT INTO `" . TABLE_PANEL_TICKETS . "` - (`customerid`, - `adminid`, - `category`, - `priority`, - `subject`, - `message`, - `dt`, - `lastchange`, - `ip`, - `status`, - `lastreplier`, - `by`, - `answerto`) - VALUES - ('" . (int)$this->Get('customer') . "', - '" . (int)$this->Get('admin') . "', - '" . (int)$this->Get('category') . "', - '" . (int)$this->Get('priority') . "', - '" . $this->db->escape($this->Get('subject')) . "', - '" . $this->db->escape($this->Get('message')) . "', - '" . (int)$this->Get('dt') . "', - '" . (int)$this->Get('lastchange') . "', - '" . $this->db->escape($this->Get('ip')) . "', - '" . (int)$this->Get('status') . "', - '" . (int)$this->Get('lastreplier') . "', - '" . (int)$this->Get('by') . "', - '" . (int)$this->Get('answerto') . "');"); - $this->tid = $this->db->insert_id(); + public function Insert() { + + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_TICKETS . "` SET + `customerid` = :customerid, + `adminid` = :adminid, + `category` = :category, + `priority` = :priority, + `subject` = :subject, + `message` = :message, + `dt` = :dt, + `lastchange` = :lastchange, + `ip` = :ip, + `status` = :status, + `lastreplier` = :lastreplier, + `by` = :by, + `answerto` = :answerto" + ); + $ins_data = array( + 'customerid' => $this->Get('customer'), + 'adminid' => $this->Get('admin'), + 'category' => $this->Get('category'), + 'priority' => $this->Get('priority'), + 'subject' => $this->Get('subject'), + 'message' => $this->Get('message'), + 'dt' => $this->Get('dt'), + 'lastchange' => $this->Get('lastchange'), + 'ip' => $this->Get('ip'), + 'status' => $this->Get('status'), + 'lastreplier' => $this->Get('lastreplier'), + 'by' => $this->Get('by'), + 'answerto' => $this->Get('answerto') + ); + Database::pexecute($ins_stmt, $ins_data); + $this->tid = Database::lastInsertId(); return true; } /** * Update data in database */ - public function Update() - { - // Update "main" ticket + public function Update() { - $this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET - `priority` = "' . (int)$this->Get('priority') . '", - `lastchange` = "' . (int)$this->Get('lastchange') . '", - `status` = "' . (int)$this->Get('status') . '", - `lastreplier` = "' . (int)$this->Get('lastreplier') . '" - WHERE `id` = "' . (int)$this->tid . '";'); + // Update "main" ticket + $upd_stmt = Database::prepare(' + UPDATE `' . TABLE_PANEL_TICKETS . '` SET + `priority` = :priority, + `lastchange` = :lastchange, + `status` = :status, + `lastreplier` = :lastreplier + WHERE `id` = :tid' + ); + $upd_data = array( + 'priority' => $this->Get('priority'), + 'lastchange' => $this->Get('lastchange'), + 'status' => $this->Get('status'), + 'lastreplier' => $this->Get('lastreplier'), + 'tid' => $this->tid + ); + Database::pexecute($upd_stmt, $upd_data); return true; } /** * Moves a ticket to the archive */ - public function Archive() - { + public function Archive() { + // Update "main" ticket - $this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = "' . (int)$this->tid . '";'); + $upd_stmt = Database::prepare(' + UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = :tid' + ); + Database::pexecute($upd_stmt, array('tid' => $this->tid)); // Update "answers" to ticket - $this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = "' . (int)$this->tid . '";'); + $upd_stmt = Database::prepare(' + UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = :tid' + ); + Database::pexecute($upd_stmt, array('tid' => $this->tid)); return true; } /** * Remove ticket from database */ - public function Delete() - { + public function Delete() { + // Delete "main" ticket - $this->db->query('DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = "' . (int)$this->tid . '";'); + $del_stmt = Database::prepare(' + DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' + ); + Database::pexecute($del_stmt, array('tid' => $this->tid)); // Delete "answers" to ticket" - $this->db->query('DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = "' . (int)$this->tid . '";'); + $del_stmt = Database::prepare(' + DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid' + ); + Database::pexecute($del_stmt, array('tid' => $this->tid)); return true; } @@ -242,12 +261,14 @@ class ticket global $mail, $theme; // Some checks are to be made here in the future - if($customerid != - 1) - { + if ($customerid != - 1) { // Get e-mail message for customer - $usr = $this->db->query_first('SELECT `name`, `firstname`, `company`, `email` - FROM `' . TABLE_PANEL_CUSTOMERS . '` - WHERE `customerid` = "' . (int)$customerid . '"'); + $usr_stmt = Database::prepare(' + SELECT `name`, `firstname`, `company`, `email` + FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid' + ); + $usr = Database::pexecute_first($usr_stmt, array('customerid' => $customerid)); + $replace_arr = array( 'FIRSTNAME' => $usr['firstname'], 'NAME' => $usr['name'], @@ -255,29 +276,38 @@ class ticket 'SALUTATION' => getCorrectUserSalutation($usr), 'SUBJECT' => $this->Get('subject', true) ); - } - else - { + } else { $replace_arr = array( 'SUBJECT' => $this->Get('subject', true) ); } - - $result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` - WHERE `adminid`=\'' . (int)$this->userinfo['adminid'] . '\' - AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\' - AND `templategroup`=\'mails\' - AND `varname`=\'' . $template_subject . '\''); + $tpl_seldata = array( + 'adminid' => $this->userinfo['adminid'], + 'lang' => $this->userinfo['def_language'], + 'tplsubject' => $template_subject + ); + $result_stmt = Database::prepare(" + SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` + WHERE `adminid`= :adminid + AND `language`= :lang + AND `templategroup`= 'mails' AND `varname`= :tplsubject" + ); + $result = Database::pexecute_first($result_stmt, $tpl_seldata); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_subject), $replace_arr)); - $result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` - WHERE `adminid`=\'' . (int)$this->userinfo['adminid'] . '\' - AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\' - AND `templategroup`=\'mails\' - AND `varname`=\'' . $template_body . '\''); + + unset($tpl_seldata['tplsubject']); + $tpl_seldata['tplbody'] = $template_body; + + $result_stmt = Database::prepare(" + SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` + WHERE `adminid`= :adminid + AND `language`= :lang + AND `templategroup`= 'mails' AND `varname`= :tplmailbody" + ); + $result = Database::pexecute_first($result_stmt, $tpl_seldata); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_body), $replace_arr)); - if($customerid != - 1) - { + if ($customerid != - 1) { $_mailerror = false; try { $mail->SetFrom($this->settings['ticket']['noreply_email'], $this->settings['ticket']['noreply_name']); @@ -299,13 +329,15 @@ class ticket $rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg); standard_error('errorsendingmail', $usr['email']); } - $mail->ClearAddresses(); - } - else - { - $admin = $this->db->query_first("SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$this->userinfo['adminid'] . "'"); + } else { + + $admin_stmt = Database::prepare(" + SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "` + WHERE `adminid` = :adminid" + ); + $admin = Database::pexecute_first($admin_stmt, array('adminid' => $userinfo['adminid'])); $_mailerror = false; try { $mail->SetFrom($this->settings['ticket']['noreply_email'], $this->settings['ticket']['noreply_name']); @@ -335,65 +367,77 @@ class ticket /** * Add a support-categories */ - static public function addCategory($_db, $_category = null, $_admin = 1, $_order = 1) - { - if($_category != null - && $_category != '') - { - if($_order < 1) { + static public function addCategory($_category = null, $_admin = 1, $_order = 1) { + + if ($_category != null + && $_category != '' + ) { + if ($_order < 1) { $_order = 1; } - $_db->query('INSERT INTO `' . TABLE_PANEL_TICKET_CATS . '` SET - `name` = "' . $_db->escape($_category) . '", - `adminid` = "' . (int)$_admin . '", - `logicalorder` = "' . (int)$_order . '"'); + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_TICKET_CATS . "` SET + `name` = :name, + `adminid` = :adminid, + `logicalorder` = :lo" + ); + $ins_data = array( + 'name' => $_category, + 'adminid' => $_admin, + 'lo' => $_order + ); + Database::pexecute($ins_stmt, $ins_data); return true; } - return false; } /** * Edit a support-categories */ - static public function editCategory($_db, $_category = null, $_id = 0, $_order = 1) - { - if($_category != null - && $_category != '' - && $_id != 0) - { - if($_order < 1) { + static public function editCategory($_category = null, $_id = 0, $_order = 1) { + + if ($_category != null + && $_category != '' + && $_id != 0 + ) { + if ($_order < 1) { $_order = 1; } - $_db->query('UPDATE `' . TABLE_PANEL_TICKET_CATS . '` SET - `name` = "' . $_db->escape($_category) . '", - `logicalorder` = "' . (int)$_order . '" - WHERE `id` = "' . (int)$_id . '"'); + $upd_stmt = Database::prepare(" + UPDATE `' . TABLE_PANEL_TICKET_CATS . '` SET + `name` = :name, + `logicalorder` = :lo + WHERE `id` = :id" + ); + Database::pexecute($upd_stmt, array('name' => $_category, 'lo' => $_order, 'id' => $_id)); return true; } - return false; } /** * Delete a support-categories */ - static public function deleteCategory($_db, $_id = 0) - { - if($_id != 0) - { - $result = $_db->query_first('SELECT COUNT(`id`) as `numtickets` FROM `' . TABLE_PANEL_TICKETS . '` - WHERE `category` = "' . (int)$_id . '"'); + static public function deleteCategory($_id = 0) { - if($result['numtickets'] == "0") - { - $_db->query('DELETE FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = "' . (int)$_id . '"'); + if ($_id != 0) { + + $result_stmt = Database::prepare(" + SELECT COUNT(`id`) as `numtickets` FROM `" . TABLE_PANEL_TICKETS . "` + WHERE `category` = :cat" + ); + $result = Database::pexecute_first($result_stmt, array('cat' => $_id)); + + if ($result['numtickets'] == "0") { + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id" + ); + Database::pexecute($del_stmt, array('id' => $_id)); return true; - } - else - { + } else { return false; } } @@ -404,55 +448,63 @@ class ticket /** * Return a support-category-name */ - static public function getCategoryName($_db, $_id = 0) - { - if($_id != 0) - { - $category = $_db->query_first('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = "' . (int)$_id . '"'); + static public function getCategoryName($_id = 0) { + + if ($_id != 0) { + $stmt = Database::prepare(" + SELECT `name` FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id" + ); + $category = Database::pexecute_first($stmt, array('id' => $_id)); return $category['name']; } - return null; } /** * get the highest order number * - * @param object $_db database-object + * @param object $_uid admin-id (optional) * * @return int highest order number */ - static public function getHighestOrderNumber($_db = null, $_uid = 0) - { + static public function getHighestOrderNumber($_uid = 0) { + $where = ''; + $sel_data = array(); if ($_uid > 0) { - $where = ' WHERE `adminid` = "'.(int)$_uid.'"'; + $where = " WHERE `adminid` = :adminid"; + $sel_data['adminid'] = $_uid; } $sql = "SELECT MAX(`logicalorder`) as `highestorder` FROM `" . TABLE_PANEL_TICKET_CATS . "`".$where.";"; - $result = $_db->query_first($sql); + $result_stmt = Database::prepare($sql); + $result = Database::pexecute_first($result_stmt, $sel_data); return (isset($result['highestorder']) ? (int)$result['highestorder'] : 0); } /** * returns the last x archived tickets */ - static public function getLastArchived($_db, $_num = 10, $_admin = 1) - { - if($_num > 0) - { + static public function getLastArchived($_num = 10, $_admin = 1) { + + if ($_num > 0) { + $archived = array(); $counter = 0; - $result = $_db->query('SELECT *, - (SELECT COUNT(`sub`.`id`) - FROM `' . TABLE_PANEL_TICKETS . '` `sub` - WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers` - FROM `' . TABLE_PANEL_TICKETS . '` `main` - WHERE `main`.`answerto` = "0" - AND `main`.`archived` = "1" AND `main`.`adminid` = "' . (int)$_admin . '" - ORDER BY `main`.`lastchange` DESC LIMIT 0, ' . (int)$_num); + $result_stmt = Database::prepare(" + SELECT *, ( + SELECT COUNT(`sub`.`id`) + FROM `" . TABLE_PANEL_TICKETS . "` `sub` + WHERE `sub`.`answerto` = `main`.`id` + ) as `ticket_answers` + FROM `" . TABLE_PANEL_TICKETS . "` `main` + WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1' + AND `main`.`adminid` = :adminid + ORDER BY `main`.`lastchange` DESC LIMIT 0, :limit" + ); + Database::pexecute($result_stmt, array('adminid' => $_admin, 'limit' => $_num)); + + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { - while($row = $_db->fetch_array($result)) - { $archived[$counter]['id'] = $row['id']; $archived[$counter]['customerid'] = $row['customerid']; $archived[$counter]['adminid'] = $row['adminid']; @@ -469,12 +521,9 @@ class ticket $counter++; } - if(isset($archived[0]['id'])) - { + if (isset($archived[0]['id'])) { return $archived; - } - else - { + } else { return false; } } @@ -482,6 +531,8 @@ class ticket /** * Returns a sql-statement to search the archive + * + * @FIXME migrate to PDO */ static public function getArchiveSearchStatement($db, $subject = NULL, $priority = NULL, $fromdate = NULL, $todate = NULL, $message = NULL, $customer = - 1, $admin = 1, $categories = NULL) { @@ -674,20 +725,20 @@ class ticket /** * function customerHasTickets * - * @param object mysql-db-object * @param int customer-id * * @return array/bool array of ticket-ids if customer has any, else false */ - static public function customerHasTickets($_db = null, $_cid = 0) - { - if($_cid != 0) - { - $result = $_db->query('SELECT `id` FROM `' . TABLE_PANEL_TICKETS . '` WHERE `customerid` ="'.(int)$_cid.'"'); + static public function customerHasTickets($_cid = 0) { + + if ($_cid != 0) { + $result_stmt = Database::prepare(" + SELECT `id` FROM `" . TABLE_PANEL_TICKETS . "` WHERE `customerid` = :cid" + ); + Database::pexecute($result_stmt, array('cid' => $_cid)); $tickets = array(); - while($row = $_db->fetch_array($result)) - { + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $tickets[] = $row['id']; } @@ -700,32 +751,22 @@ class ticket /** * Get a data-var */ - public function Get($_var = '', $_vartrusted = false) - { - if($_var != '') - { - if(!$_vartrusted) - { + public function Get($_var = '', $_vartrusted = false) { + + if ($_var != '') { + if (!$_vartrusted) { $_var = htmlspecialchars($_var); } - if(isset($this->t_data[$_var])) - { - if(strtolower($_var) == 'message') - { + if (isset($this->t_data[$_var])) { + if (strtolower($_var) == 'message') { return nl2br($this->t_data[$_var]); - } - elseif(strtolower($_var) == 'subject') - { + } elseif(strtolower($_var) == 'subject') { return nl2br($this->t_data[$_var]); - } - else - { + } else { return $this->t_data[$_var]; } - } - else - { + } else { return null; } } @@ -734,23 +775,22 @@ class ticket /** * Set a data-var */ - public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false) - { - if($_var != '' - && $_value != '') - { - if(!$_vartrusted) - { + public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false) { + + if ($_var != '' + && $_value != '' + ) { + if (!$_vartrusted) { $_var = $this->_purifier->purify($_var); } - if(!$_valuetrusted) - { + if (!$_valuetrusted) { $_value = $this->_purifier->purify($_value); } - if(strtolower($_var) == 'message' || strtolower($_var) == 'subject') - { + if (strtolower($_var) == 'message' + || strtolower($_var) == 'subject' + ) { $_value = $this->convertLatin1ToHtml($_value); } diff --git a/scripts/jobs/cron_ticketarchive.php b/scripts/jobs/cron_ticketarchive.php index a85b4f0c..6a2a8a58 100644 --- a/scripts/jobs/cron_ticketarchive.php +++ b/scripts/jobs/cron_ticketarchive.php @@ -20,22 +20,23 @@ /** * ARCHIVING CLOSED TICKETS */ - fwrite($debugHandler, 'Ticket-archiving run started...' . "\n"); -$result_tickets = $db->query("SELECT `id`, `lastchange`, `subject` FROM `" . TABLE_PANEL_TICKETS . "` - WHERE `status` = '3' AND `answerto` = '0';"); +$result_tickets_stmt = Database::query(" + SELECT `id`, `lastchange`, `subject` FROM `" . TABLE_PANEL_TICKETS . "` + WHERE `status` = '3' AND `answerto` = '0';" +); $archiving_count = 0; -while($row_ticket = $db->fetch_array($result_tickets)) -{ +while($row_ticket = $result_tickets_stmt->fetch(PDO::FETCH_ASSOC)) { + $lastchange = $row_ticket['lastchange']; $now = time(); $days = (int)(($now - $lastchange) / 86400); - if($days >= $settings['ticket']['archiving_days']) - { + if ($days >= $settings['ticket']['archiving_days']) { + fwrite($debugHandler, 'archiving ticket "' . $row_ticket['subject'] . '" (ID #' . $row_ticket['id'] . ')' . "\n"); - $mainticket = ticket::getInstanceOf(null, $db, $settings, (int)$row_ticket['id']); + $mainticket = ticket::getInstanceOf(null, $settings, (int)$row_ticket['id']); $mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastreplier', '1', true, true); $mainticket->Set('status', '3', true, true); @@ -46,6 +47,7 @@ while($row_ticket = $db->fetch_array($result_tickets)) } fwrite($debugHandler, 'Archived ' . $archiving_count . ' tickets' . "\n"); -$db->query('UPDATE `' . TABLE_PANEL_SETTINGS . '` SET `value` = UNIX_TIMESTAMP() WHERE `settinggroup` = \'system\' AND `varname` = \'last_archive_run\' '); - -?> \ No newline at end of file +Database::query(" + UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = UNIX_TIMESTAMP() + WHERE `settinggroup` = 'system' AND `varname` = 'last_archive_run'" +); diff --git a/scripts/jobs/cron_used_tickets_reset.php b/scripts/jobs/cron_used_tickets_reset.php index c4470cd6..83e28278 100644 --- a/scripts/jobs/cron_used_tickets_reset.php +++ b/scripts/jobs/cron_used_tickets_reset.php @@ -20,7 +20,6 @@ /** * RESET USED TICKETS COUNTER */ - fwrite($debugHandler, 'Resetting customers used ticket counter' . "\n"); $cronlog->logAction(CRON_ACTION, LOG_INFO, "Resetting customers used ticket counter"); -$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `tickets_used` = '0'"); +Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `tickets_used` = '0'"); From 04012e5fff40974391d48625249f0454c4bc2df3 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 11:08:48 +0100 Subject: [PATCH 08/11] more fixes for migration to PDO, refs #1287 Signed-off-by: Michael Kaufmann (d00p) --- admin_customers.php | 4 ++-- admin_index.php | 11 +++-------- admin_phpsettings.php | 6 ++---- 3 files changed, 7 insertions(+), 14 deletions(-) diff --git a/admin_customers.php b/admin_customers.php index 58dbd5b7..5636e2fc 100644 --- a/admin_customers.php +++ b/admin_customers.php @@ -394,11 +394,11 @@ if ($page == 'customers' /* * move old tickets to archive */ - $tickets = ticket::customerHasTickets($db, $id); + $tickets = ticket::customerHasTickets($id); if ($tickets !== false && isset($tickets[0])) { foreach ($tickets as $ticket) { $now = time(); - $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$ticket); + $mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$ticket); $mainticket->Set('lastchange', $now, true, true); $mainticket->Set('lastreplier', '1', true, true); $mainticket->Set('status', '3', true, true); diff --git a/admin_index.php b/admin_index.php index 1ece7ed7..20f1bc9e 100644 --- a/admin_index.php +++ b/admin_index.php @@ -18,10 +18,6 @@ */ define('AREA', 'admin'); - -/** - * Include our init.php, which manages Sessions, Language etc. - */ require ("./lib/init.php"); if ($action == 'logout') { @@ -71,8 +67,7 @@ if ($page == 'overview') { SUM(`traffic_used`) AS `traffic_used`, SUM(`aps_packages_used`) AS `aps_packages_used` FROM `" . TABLE_PANEL_CUSTOMERS . "`" . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = :adminid ")); - Database::pexecute($overview_stmt, array('adminid' => $userinfo['adminid'])); - $overview = $overview_stmt->fetch(PDO::FETCH_ASSOC); + $overview = Database::pexecute_first($overview_stmt, array('adminid' => $userinfo['adminid'])); $overview['traffic_used'] = round($overview['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']); $overview['diskspace_used'] = round($overview['diskspace_used'] / 1024, $settings['panel']['decimal_places']); @@ -81,8 +76,8 @@ if ($page == 'overview') { SELECT COUNT(*) AS `number_domains` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `parentdomainid`='0'" . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") ); - Database::pexecute($number_domains_stmt, array('adminid' => $userinfo['adminid'])); - $number_domains = $number_domains_stmt->fetch(PDO::FETCH_ASSOC); + $number_domains = Database::pexecute_first($number_domains_stmt, array('adminid' => $userinfo['adminid'])); + $overview['number_domains'] = $number_domains['number_domains']; $phpversion = phpversion(); diff --git a/admin_phpsettings.php b/admin_phpsettings.php index 5aa6527e..a3f1949f 100644 --- a/admin_phpsettings.php +++ b/admin_phpsettings.php @@ -148,8 +148,7 @@ if ($page == 'overview') { $result_stmt = Database::prepare(" SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id" ); - Database::pexecute($result_stmt, array('id' => $id)); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + $result = Database::pexecute_first($result_stmt, array('id' => $id)); if ($result['id'] != 0 && $result['id'] == $id @@ -190,8 +189,7 @@ if ($page == 'overview') { $result_stmt = Database::prepare(" SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id" ); - Database::pexecute($result_stmt, array('id' => $id)); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + $result = Database::pexecute_first($result_stmt, array('id' => $id)); if ($result['id'] != 0 && $result['id'] == $id From 941a391c0e8eedd5e952c63dc6ae0c8a29dc5b57 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 11:29:40 +0100 Subject: [PATCH 09/11] bugfixing admin_customers, damn typos Signed-off-by: Michael Kaufmann (d00p) --- admin_customers.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/admin_customers.php b/admin_customers.php index 5636e2fc..39468b91 100644 --- a/admin_customers.php +++ b/admin_customers.php @@ -750,7 +750,7 @@ if ($page == 'customers' `email_quota` = :email_quota, `ftps` = :ftps, `tickets` = :tickets, - `mysqls` = :mysql, + `mysqls` = :mysqls, `standardsubdomain` = '0', `phpenabled` = :phpenabled, `imap` = :imap, @@ -1045,12 +1045,15 @@ if ($page == 'customers' && $id != 0 ) { + $result_data = array('id' => $id); $result_stmt = Database::prepare(" SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` - WHERE `customerid`= :id " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") + WHERE `customerid` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") ); - Database::pexecute($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid'])); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + if ($userinfo['customers_see_all'] == '0') { + $result_data['adminid'] = $userinfo['adminid']; + } + $result = Database::pexecute_first($result_stmt, $result_data); if ($result['loginname'] != '') { @@ -1465,7 +1468,7 @@ if ($page == 'customers' `email_forwarders` = :email_forwarders, `ftps` = :ftps, `tickets` = :tickets, - `mysqls` = :mysql, + `mysqls` = :mysqls, `deactivated` = :deactivated, `phpenabled` = :phpenabled, `email_quota` = :email_quota, From f2643103b30c9bccebf259dc904c637f586be056 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 15:24:39 +0100 Subject: [PATCH 10/11] completed migration of ticket-class to PDO database class and bugfixing admin-tickets, refs #1287 Signed-off-by: Michael Kaufmann (d00p) --- admin_tickets.php | 17 ++- lib/classes/database/class.Database.php | 2 +- lib/classes/ticket/class.ticket.php | 193 ++++++++++++------------ 3 files changed, 110 insertions(+), 102 deletions(-) diff --git a/admin_tickets.php b/admin_tickets.php index 5d7713de..92d34424 100644 --- a/admin_tickets.php +++ b/admin_tickets.php @@ -630,8 +630,11 @@ if ($page == 'tickets' $categories[$x] = isset($_POST['category' . $x]) ? $_POST['category' . $x] : ''; } - // FIXME migrate to PDO - $query = ticket::getArchiveSearchStatement($db, $subject, $priority, $fromdate, $todate, $message, $customer, $userinfo['adminid'], $categories); + $archive_search = ticket::getArchiveSearchStatement($subject, $priority, $fromdate, $todate, $message, $customer, $userinfo['adminid'], $categories); + + $query = $archive_search[0]; + $archive_params = $archive_search[1]; + $fields = array( 'lastchange' => $lng['ticket']['lastchange'], 'ticket_answers' => $lng['ticket']['ticket_answers'], @@ -640,15 +643,15 @@ if ($page == 'tickets' 'priority' => $lng['ticket']['priority'] ); $paging = new paging($userinfo, $db, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); - // FIXME migrate (the above) to PDO - $result = $db->query($query . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); + $result_stmt = Database::prepare($query . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); + Database::pexecute($result_stmt, $archive_params); $sortcode = $paging->getHtmlSortCode($lng); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); $pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s); $ctickets = array(); - while ($row = $db->fetch_array($result)) { + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if (!isset($ctickets[$row['customerid']]) || !is_array($ctickets[$row['customerid']]) ) { @@ -678,7 +681,7 @@ if ($page == 'tickets' ksort($ticketrows); } - $_cid = 0; + $_cid = -1; foreach ($ticketrows as $ticket) { if ($paging->checkDisplay($i)) { $ticket['lastchange'] = date("d.m.y H:i", $ticket['lastchange']); @@ -697,6 +700,8 @@ if ($page == 'tickets' $customerid = $usr['customerid']; } else { $customer = $lng['ticket']['nonexistingcustomer']; + $customerid = 0; + $customerloginname = ''; } eval("\$tickets.=\"" . getTemplate("tickets/tickets_customer") . "\";"); } diff --git a/lib/classes/database/class.Database.php b/lib/classes/database/class.Database.php index bf554058..8af62a3b 100644 --- a/lib/classes/database/class.Database.php +++ b/lib/classes/database/class.Database.php @@ -266,4 +266,4 @@ class Database { die("We are sorry, but a MySQL - error occurred. The administrator may find more information in in the sql-error.log in the logs/ directory"); } } -} \ No newline at end of file +} diff --git a/lib/classes/ticket/class.ticket.php b/lib/classes/ticket/class.ticket.php index ce8fef15..ff107d15 100644 --- a/lib/classes/ticket/class.ticket.php +++ b/lib/classes/ticket/class.ticket.php @@ -499,9 +499,9 @@ class ticket { FROM `" . TABLE_PANEL_TICKETS . "` `main` WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1' AND `main`.`adminid` = :adminid - ORDER BY `main`.`lastchange` DESC LIMIT 0, :limit" + ORDER BY `main`.`lastchange` DESC LIMIT 0, ".(int)$_num ); - Database::pexecute($result_stmt, array('adminid' => $_admin, 'limit' => $_num)); + Database::pexecute($result_stmt, array('adminid' => $_admin)); while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { @@ -531,133 +531,136 @@ class ticket { /** * Returns a sql-statement to search the archive + * including necessary parameter-array for PDO * - * @FIXME migrate to PDO + * @return array 0 = query, 1 = params-array */ - static public function getArchiveSearchStatement($db, $subject = NULL, $priority = NULL, $fromdate = NULL, $todate = NULL, $message = NULL, $customer = - 1, $admin = 1, $categories = NULL) + static public function getArchiveSearchStatement($subject = null, $priority = null, $fromdate = null, $todate = null, $message = null, $customer = - 1, $admin = 1, $categories = null) { - $query = 'SELECT `main`.*, - (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` - WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers` - FROM `' . TABLE_PANEL_TICKETS . '` `main` - WHERE `main`.`archived` = "1" AND `main`.`adminid` = "' . (int)$admin . '" '; + $search_params = array(); - if($subject != NULL - && $subject != '') - { - $query.= 'AND `main`.`subject` LIKE "' . $db->escape("%$subject%") . '" '; + $query = " + SELECT `main`.*, ( + SELECT COUNT(`sub`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub` + WHERE `sub`.`answerto` = `main`.`id` + ) as `ticket_answers` + FROM `" . TABLE_PANEL_TICKETS . "` `main` + WHERE `main`.`archived` = '1' AND `main`.`adminid` = :admin" + ; + + $search_params['admin'] = $admin; + + if ($subject != NULL + && $subject != '' + ) { + $query .= " AND `main`.`subject` LIKE :subject"; + $search_params['subject'] = "%".$subject."%"; } - if($priority != NULL - && isset($priority[0]) - && $priority[0] != '') - { - if(isset($priority[1]) - && $priority[1] != '') - { - if(isset($priority[2]) - && $priority[2] != '') - { - $query.= 'AND (`main`.`priority` = "1" - OR `main`.`priority` = "2" - OR `main`.`priority` = "3") '; - } - else - { - $query.= 'AND (`main`.`priority` = "1" - OR `main`.`priority` = "2") '; + if ($priority != null + && isset($priority[0]) + && $priority[0] != '' + ) { + + if (isset($priority[1]) + && $priority[1] != '' + ) { + + if (isset($priority[2]) + && $priority[2] != '' + ) { + + $query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '2' OR `main`.`priority` = '3')"; + + } else { + + $query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '1')"; } + + } elseif (isset($priority[2]) + && $priority[2] != '' + ) { + + $query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '3')"; + + } else { + $query .= " AND `main`.`priority` = '1'"; } - elseif(isset($priority[2]) - && $priority[2] != '') - { - $query.= 'AND (`main`.`priority` = "1" - OR `main`.`priority` = "3") '; + + } elseif($priority != null + && isset($priority[1]) + && $priority[1] != '' + ) { + if (isset($priority[2]) + && $priority[2] != '' + ) { + $query .= " AND (`main`.`priority` = '2' OR `main`.`priority` = '3')"; + } else { + $query .= " AND `main`.`priority` = '2'"; } - else - { - $query.= 'AND `main`.`priority` = "1" '; - } - } - elseif($priority != NULL - && isset($priority[1]) - && $priority[1] != '') - { - if(isset($priority[2]) - && $priority[2] != '') - { - $query.= 'AND (`main`.`priority` = "2" OR `main`.`priority` = "3") '; - } - else - { - $query.= 'AND `main`.`priority` = "2" '; - } - } - elseif($priority != NULL) - { - if(isset($priority[3]) - && $priority[3] != '') - { - $query.= 'AND `main`.`priority` = "3" '; + + } elseif($priority != null) { + + if (isset($priority[3]) + && $priority[3] != '' + ) { + $query .= " AND `main`.`priority` = '3'"; } } - if($fromdate != NULL - && $fromdate > 0) - { - $query.= 'AND `main`.`lastchange` > "' . $db->escape(strtotime($fromdate)) . '" '; + if ($fromdate != null + && $fromdate > 0 + ) { + $query .= " AND `main`.`lastchange` > :fromdate"; + $search_params['fromdate'] = strtotime($fromdate); } - if($todate != NULL - && $todate > 0) - { - $query.= 'AND `main`.`lastchange` < "' . $db->escape(strtotime($todate)) . '" '; + if ($todate != null + && $todate > 0 + ) { + $query .= " AND `main`.`lastchange` < :todate"; + $search_params['todate'] = strtotime($todate); } - if($message != NULL - && $message != '') - { - $query.= 'AND `main`.`message` LIKE "' . $db->escape("%$message%") . '" '; + if ($message != null + && $message != '' + ) { + $query .= " AND `main`.`message` LIKE :message"; + $search_params['message'] = "%".$message."%"; } - if($customer != - 1) - { - $query.= 'AND `main`.`customerid` = "' . (int)$customer . '" '; + if ($customer != - 1) { + $query .= " AND `main`.`customerid` = :customer"; + $search_params['customer'] = $customer; } - if($categories != NULL) - { + if ($categories != null) { + $cats = array(); - foreach($categories as $index => $catid) - { - if ($catid != "") - { + foreach ($categories as $index => $catid) { + if ($catid != "") { $cats[] = $catid; } } - if (count($cats) > 0) - { - $query.= 'AND ('; + if (count($cats) > 0) { + $query .= " AND ("; } - foreach($cats as $catid) - { - if(isset($catid) - && $catid > 0) - { - $query.= '`main`.`category` = "' . (int)$catid . '" OR '; + foreach ($cats as $catid) { + if (isset($catid) && $catid > 0) { + $query .= "`main`.`category` = :catid_".$catid." OR "; + $search_params['catid_'.$catid] = $catid; } } - if (count($cats) > 0) - { + if (count($cats) > 0) { $query = substr($query, 0, strlen($query) - 3); - $query.= ') '; + $query .= ") "; } } - return $query; + return array('0' => $query, '1' => $search_params); } /** From 3e4697eb51ae1b5a9662db3d9eea273e7664408d Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Wed, 6 Nov 2013 17:21:56 +0100 Subject: [PATCH 11/11] migrated and improved two functions regarding PDO stuff, refs #1287 Signed-off-by: Michael Kaufmann (d00p) --- .../aps/function.domainHasApsInstances.php | 22 ++++++++++--------- .../function.domainHasMainSubDomains.php | 3 +-- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/lib/functions/aps/function.domainHasApsInstances.php b/lib/functions/aps/function.domainHasApsInstances.php index 4d20de6e..dd0e0bab 100644 --- a/lib/functions/aps/function.domainHasApsInstances.php +++ b/lib/functions/aps/function.domainHasApsInstances.php @@ -26,17 +26,19 @@ * * @return boolean */ -function domainHasApsInstances($domainid = 0) -{ - global $db, $settings, $theme; +function domainHasApsInstances($domainid = 0) { + + global $settings, $theme; - if($settings['aps']['aps_active'] == '1') - { - if($domainid > 0) - { - $instances = $db->query_first("SELECT COUNT(`ID`) AS `count` FROM `" . TABLE_APS_SETTINGS . "` WHERE `Name`='main_domain' AND `Value`='" . (int)$domainid . "'"); - if((int)$instances['count'] != 0) - { + if ($settings['aps']['aps_active'] == '1') { + if ($domainid > 0) { + $instances_stmt = Database::prepare(" + SELECT COUNT(`ID`) AS `count` FROM `" . TABLE_APS_SETTINGS . "` + WHERE `Name` = 'main_domain' AND `Value` = :domainid" + ); + $instances = Database::pexecute_first($instances_stmt, array('domainid' => $domainid)); + + if ((int)$instances['count'] != 0) { return true; } } diff --git a/lib/functions/froxlor/function.domainHasMainSubDomains.php b/lib/functions/froxlor/function.domainHasMainSubDomains.php index 62295a43..d6d162ae 100644 --- a/lib/functions/froxlor/function.domainHasMainSubDomains.php +++ b/lib/functions/froxlor/function.domainHasMainSubDomains.php @@ -29,8 +29,7 @@ function domainHasMainSubDomains($id = 0) { SELECT COUNT(`id`) as `mainsubs` FROM `".TABLE_PANEL_DOMAINS."` WHERE `ismainbutsubto` = :id" ); - Database::pexecute($result_stmt, array('id' => $id)); - $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + $result = Database::pexecute_first($result_stmt, array('id' => $id)); if (isset($result['mainsubs']) && $result['mainsubs'] > 0