diff --git a/admin_admins.php b/admin_admins.php index ad6ec656..d436cf21 100644 --- a/admin_admins.php +++ b/admin_admins.php @@ -18,27 +18,20 @@ */ define('AREA', 'admin'); - -/** - * Include our init.php, which manages Sessions, Language etc. - */ - require ("./lib/init.php"); -if(isset($_POST['id'])) -{ +if (isset($_POST['id'])) { $id = intval($_POST['id']); -} -elseif(isset($_GET['id'])) -{ +} elseif(isset($_GET['id'])) { $id = intval($_GET['id']); } -if($page == 'admins' - && $userinfo['change_serversettings'] == '1') -{ - if($action == '') - { +if ($page == 'admins' + && $userinfo['change_serversettings'] == '1' +) { + + if ($action == '') { + $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_admins"); $fields = array( 'loginname' => $lng['login']['username'], @@ -51,8 +44,9 @@ if($page == 'admins' ); $paging = new paging($userinfo, $db, TABLE_PANEL_ADMINS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $admins = ''; - $result = $db->query("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` " . $paging->getSqlWhere(false) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); - $paging->setEntries($db->num_rows($result)); + $result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` " . $paging->getSqlWhere(false) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); + $numrows_admins = Database::num_rows(); + $paging->setEntries($numrows_admins); $sortcode = $paging->getHtmlSortCode($lng, true); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); @@ -60,103 +54,137 @@ if($page == 'admins' $i = 0; $count = 0; - while($row = $db->fetch_array($result)) - { - if($paging->checkDisplay($i)) - { + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { + + if ($paging->checkDisplay($i)) { + $row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']); $row['traffic'] = round($row['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']); $row['diskspace_used'] = round($row['diskspace_used'] / 1024, $settings['panel']['decimal_places']); $row['diskspace'] = round($row['diskspace'] / 1024, $settings['panel']['decimal_places']); - /** - * percent-values for progressbar - */ - //For Disk usage - if ($row['diskspace'] > 0) { - $disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 2); - $disk_doublepercent = round($disk_percent*2, 2); - } else { - $disk_percent = 0; - $disk_doublepercent = 0; - } - - //For Traffic usage - if ($row['traffic'] > 0) { - $traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 2); - $traffic_doublepercent = round($traffic_percent*2, 2); - } else { - $traffic_percent = 0; - $traffic_doublepercent = 0; - } - /* */ + // percent-values for progressbar + // For Disk usage + if ($row['diskspace'] > 0) { + $disk_percent = round(($row['diskspace_used']*100)/$row['diskspace'], 2); + $disk_doublepercent = round($disk_percent*2, 2); + } else { + $disk_percent = 0; + $disk_doublepercent = 0; + } + // For Traffic usage + if ($row['traffic'] > 0) { + $traffic_percent = round(($row['traffic_used']*100)/$row['traffic'], 2); + $traffic_doublepercent = round($traffic_percent*2, 2); + } else { + $traffic_percent = 0; + $traffic_doublepercent = 0; + } $row = str_replace_array('-1', 'UL', $row, 'customers domains diskspace traffic mysqls emails email_accounts email_forwarders email_quota email_autoresponder ftps subdomains tickets'); $row = htmlentities_array($row); eval("\$admins.=\"" . getTemplate("admins/admins_admin") . "\";"); $count++; } - $i++; } - $admincount = $db->num_rows($result); + $admincount = $numrows_admins; eval("echo \"" . getTemplate("admins/admins") . "\";"); - } - elseif($action == 'su') - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = '" . (int)$id . "'"); + + } elseif($action == 'su') { + + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid + "); + $result = Database::pexecute_first($result_stmt, array('adminid' => $id)); $destination_admin = $result['loginname']; - if($destination_admin != '' - && $result['adminid'] != $userinfo['userid']) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid`='" . (int)$userinfo['userid'] . "'"); - $s = md5(uniqid(microtime(), 1)); - $db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) VALUES ('" . $db->escape($s) . "', '" . (int)$id . "', '" . $db->escape($result['ipaddress']) . "', '" . $db->escape($result['useragent']) . "', '" . time() . "', '" . $db->escape($result['language']) . "', '1')"); - $log->logAction(ADM_ACTION, LOG_INFO, "switched adminuser and is now '" . $destination_admin . "'"); - redirectTo('admin_index.php', Array('s' => $s)); - } - else - { - redirectTo('index.php', Array('action' => 'login')); - } - } - elseif($action == 'delete' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$id . "'"); + if ($destination_admin != '' + && $result['adminid'] != $userinfo['userid'] + ) { + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = :userid + "); + $result = Database::pexecute_first($result_stmt, array('userid' => $userinfo['userid'])); - if($result['loginname'] != '') - { - if($result['adminid'] == $userinfo['userid']) - { + $s = md5(uniqid(microtime(), 1)); + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_SESSIONS . "` SET + `hash` = :hash, `userid` = :userid, `ipaddress` = :ip, + `useragent` = :ua, `lastactivity` = :la, + `language` = :lang, `adminsession` = '1' + "); + $ins_data = array( + 'hash' => $s, + 'userid' => $id, + 'ip' => $result['ipaddress'], + 'ua' => $result['useragent'], + 'la' => time(), + 'lang' => $result['language'] + ); + Database::pexecute($ins_stmt, $ins_data); + $log->logAction(ADM_ACTION, LOG_INFO, "switched adminuser and is now '" . $destination_admin . "'"); + redirectTo('admin_index.php', array('s' => $s)); + + } else { + redirectTo('index.php', array('action' => 'login')); + } + + } elseif ($action == 'delete' + && $id != 0 + ) { + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid + "); + $result = Database::pexecute_first($result_stmt, array('adminid' => $id)); + + if ($result['loginname'] != '') { + if ($result['adminid'] == $userinfo['userid']) { standard_error('youcantdeleteyourself'); exit; } - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - $db->query("DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$id . "'"); - $db->query("DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid`='" . (int)$id . "'"); - $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `adminid` = '" . (int)$userinfo['userid'] . "' WHERE `adminid` = '" . (int)$id . "'"); - $db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `adminid` = '" . (int)$userinfo['userid'] . "' WHERE `adminid` = '" . (int)$id . "'"); + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid + "); + Database::pexecute($del_stmt, array('adminid' => $id)); + + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid + "); + Database::pexecute($del_stmt, array('adminid' => $id)); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `adminid` = :userid WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, array('userid' => $userinfo['userid'], 'adminid' => $id)); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_DOMAINS . "` SET + `adminid` = :userid WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, array('userid' => $userinfo['userid'], 'adminid' => $id)); + $log->logAction(ADM_ACTION, LOG_INFO, "deleted admin '" . $result['loginname'] . "'"); updateCounters(); - redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { + redirectTo($filename, array('page' => $page, 's' => $s)); + + } else { ask_yesno('admin_admin_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']); } } - } - elseif($action == 'add') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + + } elseif($action == 'add') { + + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $name = validate($_POST['name'], 'name'); $email = $idna_convert->encode(validate($_POST['email'], 'email')); @@ -164,219 +192,182 @@ if($page == 'admins' $password = validate($_POST['admin_password'], 'password'); $password = validatePassword($password); $def_language = validate($_POST['def_language'], 'default language'); - $customers = intval_ressource($_POST['customers']); - if(isset($_POST['customers_ul'])) - { + $customers = intval_ressource($_POST['customers']); + if (isset($_POST['customers_ul'])) { $customers = - 1; } $domains = intval_ressource($_POST['domains']); - - if(isset($_POST['domains_ul'])) - { + if (isset($_POST['domains_ul'])) { $domains = - 1; } $subdomains = intval_ressource($_POST['subdomains']); - - if(isset($_POST['subdomains_ul'])) - { + if (isset($_POST['subdomains_ul'])) { $subdomains = - 1; } $emails = intval_ressource($_POST['emails']); - - if(isset($_POST['emails_ul'])) - { + if (isset($_POST['emails_ul'])) { $emails = - 1; } $email_accounts = intval_ressource($_POST['email_accounts']); - - if(isset($_POST['email_accounts_ul'])) - { + if (isset($_POST['email_accounts_ul'])) { $email_accounts = - 1; } $email_forwarders = intval_ressource($_POST['email_forwarders']); - - if(isset($_POST['email_forwarders_ul'])) - { + if (isset($_POST['email_forwarders_ul'])) { $email_forwarders = - 1; } - if($settings['system']['mail_quota_enabled'] == '1') - { - $email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', '')); + if ($settings['system']['mail_quota_enabled'] == '1') { - if(isset($_POST['email_quota_ul'])) - { + $email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', '')); + if (isset($_POST['email_quota_ul'])) { $email_quota = - 1; } - } - else - { + } else { $email_quota = - 1; } - if($settings['autoresponder']['autoresponder_active'] == '1') - { - $email_autoresponder = intval_ressource($_POST['email_autoresponder']); + if ($settings['autoresponder']['autoresponder_active'] == '1') { - if(isset($_POST['email_autoresponder_ul'])) - { + $email_autoresponder = intval_ressource($_POST['email_autoresponder']); + if (isset($_POST['email_autoresponder_ul'])) { $email_autoresponder = - 1; } - } - else - { + } else { $email_autoresponder = 0; } $ftps = intval_ressource($_POST['ftps']); - - if(isset($_POST['ftps_ul'])) - { + if (isset($_POST['ftps_ul'])) { $ftps = - 1; } - if($settings['ticket']['enabled'] == 1) - { - $tickets = intval_ressource($_POST['tickets']); + if ($settings['ticket']['enabled'] == 1) { - if(isset($_POST['tickets_ul'])) - { + $tickets = intval_ressource($_POST['tickets']); + if (isset($_POST['tickets_ul'])) { $tickets = - 1; } - } - else - { + } else { $tickets = 0; } $mysqls = intval_ressource($_POST['mysqls']); - - if(isset($_POST['mysqls_ul'])) - { + if (isset($_POST['mysqls_ul'])) { $mysqls = - 1; } - if($settings['aps']['aps_active'] == '1') - { - $number_of_aps_packages = intval_ressource($_POST['number_of_aps_packages']); + if ($settings['aps']['aps_active'] == '1') { - if(isset($_POST['number_of_aps_packages_ul'])) - { + $number_of_aps_packages = intval_ressource($_POST['number_of_aps_packages']); + if (isset($_POST['number_of_aps_packages_ul'])) { $number_of_aps_packages = - 1; } - $can_manage_aps_packages = isset($_POST['can_manage_aps_packages']) ? 1 : 0; - } - else - { + + } else { $number_of_aps_packages = 0; $can_manage_aps_packages = 0; } $customers_see_all = 0; - if(isset($_POST['customers_see_all'])) + if (isset($_POST['customers_see_all'])) { $customers_see_all = intval($_POST['customers_see_all']); - + } + $domains_see_all = 0; - if(isset($_POST['domains_see_all'])) + if (isset($_POST['domains_see_all'])) { $domains_see_all = intval($_POST['domains_see_all']); - + } + $caneditphpsettings = 0; - if(isset($_POST['caneditphpsettings'])) + if (isset($_POST['caneditphpsettings'])) { $caneditphpsettings = intval($_POST['caneditphpsettings']); - + } + $change_serversettings = 0; - if(isset($_POST['change_serversettings'])) + if (isset($_POST['change_serversettings'])) { $change_serversettings = intval($_POST['change_serversettings']); + } $diskspace = intval_ressource($_POST['diskspace']); - - if(isset($_POST['diskspace_ul'])) - { + if (isset($_POST['diskspace_ul'])) { $diskspace = - 1; } $traffic = doubleval_ressource($_POST['traffic']); - - if(isset($_POST['traffic_ul'])) - { + if (isset($_POST['traffic_ul'])) { $traffic = - 1; } $tickets_see_all = 0; - if(isset($_POST['tickets_see_all'])) + if (isset($_POST['tickets_see_all'])) { $tickets_see_all = intval($_POST['tickets_see_all']); + } $diskspace = $diskspace * 1024; $traffic = $traffic * 1024 * 1024; $ipaddress = intval_ressource($_POST['ipaddress']); // Check if the account already exists + $loginname_check_stmt = Database::prepare(" + SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login + "); + $loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname)); - $loginname_check = $db->query_first("SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = '" . $db->escape($loginname) . "'"); - $loginname_check_admin = $db->query_first("SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = '" . $db->escape($loginname) . "'"); + $loginname_check_admin_stmt = Database::prepare(" + SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login + "); + $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname)); - if($loginname == '') - { + if ($loginname == '') { standard_error(array('stringisempty', 'myloginname')); } - elseif(strtolower($loginname_check['loginname']) == strtolower($loginname) - || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) - { + elseif (strtolower($loginname_check['loginname']) == strtolower($loginname) + || strtolower($loginname_check_admin['loginname']) == strtolower($loginname) + ) { standard_error('loginnameexists', $loginname); } - // Accounts which match systemaccounts are not allowed, filtering them - - elseif (preg_match('/^' . preg_quote($settings['customer']['accountprefix'], '/') . '([0-9]+)/', $loginname)) - { + elseif (preg_match('/^' . preg_quote($settings['customer']['accountprefix'], '/') . '([0-9]+)/', $loginname)) { standard_error('loginnameissystemaccount', $settings['customer']['accountprefix']); } - elseif(!validateUsername($loginname)) - { + elseif (!validateUsername($loginname)) { standard_error('loginnameiswrong', $loginname); } - elseif($name == '') - { + elseif ($name == '') { standard_error(array('stringisempty', 'myname')); } - elseif($email == '') - { + elseif ($email == '') { standard_error(array('stringisempty', 'emailadd')); } - elseif($password == '') - { + elseif ($password == '') { standard_error(array('stringisempty', 'mypassword')); } - elseif(!validateEmail($email)) - { + elseif (!validateEmail($email)) { standard_error('emailiswrong', $email); - } - else - { - if($customers_see_all != '1') - { + + } else { + + if ($customers_see_all != '1') { $customers_see_all = '0'; } - if($domains_see_all != '1') - { + if ($domains_see_all != '1') { $domains_see_all = '0'; } - if($caneditphpsettings != '1') - { + if ($caneditphpsettings != '1') { $caneditphpsettings = '0'; } - if($change_serversettings != '1') - { + if ($change_serversettings != '1') { $change_serversettings = '0'; } @@ -386,64 +377,91 @@ if($page == 'admins' $_theme = $settings['panel']['default_theme']; - $result = $db->query("INSERT INTO - `" . TABLE_PANEL_ADMINS . "` - SET - `loginname` = '" . $db->escape($loginname) . "', - `password` = '" . md5($password) . "', - `name` = '" . $db->escape($name) . "', - `email` = '" . $db->escape($email) . "', - `def_language` = '" . $db->escape($def_language) . "', - `change_serversettings` = '" . $db->escape($change_serversettings) . "', - `customers` = '" . $db->escape($customers) . "', - `customers_see_all` = '" . $db->escape($customers_see_all) . "', - `domains` = '" . $db->escape($domains) . "', - `domains_see_all` = '" . $db->escape($domains_see_all) . "', - `caneditphpsettings` = '" . (int)$caneditphpsettings . "', - `diskspace` = '" . $db->escape($diskspace) . "', - `traffic` = '" . $db->escape($traffic) . "', - `subdomains` = '" . $db->escape($subdomains) . "', - `emails` = '" . $db->escape($emails) . "', - `email_accounts` = '" . $db->escape($email_accounts) . "', - `email_forwarders` = '" . $db->escape($email_forwarders) . "', - `email_quota` = '" . $db->escape($email_quota) . "', - `ftps` = '" . $db->escape($ftps) . "', - `tickets` = '" . $db->escape($tickets) . "', - `tickets_see_all` = '" . $db->escape($tickets_see_all) . "', - `mysqls` = '" . $db->escape($mysqls) . "', - `ip` = '" . (int)$ipaddress . "', - `can_manage_aps_packages` = '" . (int)$can_manage_aps_packages . "', - `aps_packages` = '" . (int)$number_of_aps_packages . "', - `email_autoresponder` = '" . $db->escape($email_autoresponder) . "', - `theme` = '".$db->escape($_theme)."'; - "); - $adminid = $db->insert_id(); - $log->logAction(ADM_ACTION, LOG_INFO, "added admin '" . $loginname . "'"); - redirectTo($filename, Array('page' => $page, 's' => $s)); - } - } - else - { - $language_options = ''; + $ins_data = array( + 'loginname' => $loginname, + 'password' => md5($password), + 'name' => $name, + 'email' => $email, + 'lang' => $def_language, + 'change_serversettings' => $change_serversettings, + 'customers' => $customers, + 'customers_see_all' => $customers_see_all, + 'domains' => $domains, + 'domains_see_all' => $domains_see_all, + 'caneditphpsettings' => $caneditphpsettings, + 'diskspace' => $diskspace, + 'traffic' => $traffic, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'accounts' => $email_accounts, + 'forwarders' => $email_forwarders, + 'quota' => $email_quota, + 'ftps' => $ftps, + 'tickets' => $tickets, + 'tickets_see_all' => $tickets_see_all, + 'mysqls' => $mysqls, + 'ip' => $ipaddress, + 'can_manage_aps_packages' => $can_manage_aps_packages, + 'aps_packages' => $number_of_aps_packages, + 'autoresponder' => $email_autoresponder, + 'theme' => $_theme + ); - while(list($language_file, $language_name) = each($languages)) - { + $ins_stmt = Database::prepare(" + INSERT INTO `" . TABLE_PANEL_ADMINS . "` SET + `loginname` = :loginname, + `password` = :password, + `name` = :name, + `email` = :email, + `def_language` = :lang, + `change_serversettings` = :change_serversettings, + `customers` = :customers, + `customers_see_all` = :customers_see_all, + `domains` = :domains, + `domains_see_all` = :domains_see_all, + `caneditphpsettings` = :caneditphpsettings, + `diskspace` = :diskspace, + `traffic` = :traffic, + `subdomains` = :subdomains, + `emails` = :emails, + `email_accounts` = :accounts, + `email_forwarders` = :forwarders, + `email_quota` = :quota, + `ftps` = :ftps, + `tickets` = :tickets, + `tickets_see_all` = :tickets_see_all, + `mysqls` = :mysqls, + `ip` = :ip, + `can_manage_aps_packages` = :can_manage_aps_packages, + `aps_packages` = :aps_packages, + `email_autoresponder` = :autoresponder, + `theme` = :theme + "); + Database::pexecute($ins_stmt, $ins_data); + + $adminid = Database::lastInsertId(); + $log->logAction(ADM_ACTION, LOG_INFO, "added admin '" . $loginname . "'"); + redirectTo($filename, array('page' => $page, 's' => $s)); + } + + } else { + + $language_options = ''; + while (list($language_file, $language_name) = each($languages)) { $language_options.= makeoption($language_name, $language_file, $userinfo['language'], true); } $ipaddress = makeoption($lng['admin']['allips'], "-1"); $ips = array(); - $ipsandports = $db->query('SELECT `id`, `ip` FROM `' . TABLE_PANEL_IPSANDPORTS . '` ORDER BY `ip`, `port` ASC'); + $ipsandports_stmt = Database::query(" + SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip`, `port` ASC + "); - while($row = $db->fetch_array($ipsandports)) - { - if(filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) - { + while ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) { + if (filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $row['ip'] = '[' . $row['ip'] . ']'; } - - if(!in_array($row['ip'], $ips)) - { + if (!in_array($row['ip'], $ips)) { $ipaddress.= makeoption($row['ip'], $row['id']); $ips[] = $row['ip']; } @@ -462,13 +480,6 @@ if($page == 'admins' $ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true); $tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true); $mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true); - /* - $change_serversettings = makeyesno('change_serversettings', '1', '0', '0'); - $customers_see_all = makeyesno('customers_see_all', '1', '0', '0'); - $domains_see_all = makeyesno('domains_see_all', '1', '0', '0'); - $caneditphpsettings = makeyesno('caneditphpsettings', '1', '0', '0'); - $can_manage_aps_packages = makeyesno('can_manage_aps_packages', '1', '0', '0'); - */ $number_of_aps_packages_ul = makecheckbox('number_of_aps_packages_ul', $lng['customer']['unlimited'], '-1', false, '0', true, true); $admin_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/admin/formfield.admin_add.php'; @@ -479,22 +490,26 @@ if($page == 'admins' eval("echo \"" . getTemplate("admins/admins_add") . "\";"); } - } - elseif($action == 'edit' - && $id != 0) - { - $result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$id . "'"); - if($result['loginname'] != '') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif($action == 'edit' + && $id != 0 + ) { + + $result_stmt = Database::prepare(" + SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid + "); + $result = Database::pexecute_first($result_stmt, array('adminid' => $id)); + + if ($result['loginname'] != '') { + + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { $name = validate($_POST['name'], 'name'); $email = $idna_convert->encode(validate($_POST['email'], 'email')); - if($result['adminid'] == $userinfo['userid']) - { + if ($result['adminid'] == $userinfo['userid']) { + $password = ''; $def_language = $result['def_language']; $deactivated = $result['deactivated']; @@ -519,9 +534,9 @@ if($page == 'admins' $ipaddress = $result['ip']; $can_manage_aps_packages = $result['can_manage_aps_packages']; $number_of_aps_packages = $result['aps_packages']; - } - else - { + + } else { + $password = validate($_POST['admin_password'], 'new password'); $def_language = validate($_POST['def_language'], 'default language'); $deactivated = isset($_POST['deactivated']) ? 1 : 0; @@ -604,24 +619,29 @@ if($page == 'admins' } $customers_see_all = 0; - if(isset($_POST['customers_see_all'])) + if (isset($_POST['customers_see_all'])) { $customers_see_all = intval($_POST['customers_see_all']); - + } + $domains_see_all = 0; - if(isset($_POST['domains_see_all'])) + if (isset($_POST['domains_see_all'])) { $domains_see_all = intval($_POST['domains_see_all']); - + } + $caneditphpsettings = 0; - if(isset($_POST['caneditphpsettings'])) + if (isset($_POST['caneditphpsettings'])) { $caneditphpsettings = intval($_POST['caneditphpsettings']); + } $change_serversettings = 0; - if(isset($_POST['change_serversettings'])) + if (isset($_POST['change_serversettings'])) { $change_serversettings = isset($_POST['change_serversettings']) ? 1 : 0; + } $tickets_see_all = 0; - if (isset($_POST['tickets_see_all'])) + if (isset($_POST['tickets_see_all'])) { $tickets_see_all = intval($_POST['tickets_see_all']); + } $diskspace = intval($_POST['diskspace']); if (isset($_POST['diskspace_ul'])) { @@ -638,52 +658,37 @@ if($page == 'admins' $ipaddress = intval_ressource($_POST['ipaddress']); } - if($name == '') - { + if ($name == '') { standard_error(array('stringisempty', 'myname')); - } - elseif($email == '') - { + } elseif($email == '') { standard_error(array('stringisempty', 'emailadd')); - } - elseif(!validateEmail($email)) - { + } elseif(!validateEmail($email)) { standard_error('emailiswrong', $email); - } - else - { - if($password != '') - { + } else { + if ($password != '') { $password = validatePassword($password); $password = md5($password); - } - else - { + } else { $password = $result['password']; } - if($deactivated != '1') - { + if ($deactivated != '1') { $deactivated = '0'; } - if($customers_see_all != '1') - { + if ($customers_see_all != '1') { $customers_see_all = '0'; } - if($domains_see_all != '1') - { + if ($domains_see_all != '1') { $domains_see_all = '0'; } - if($caneditphpsettings != '1') - { + if ($caneditphpsettings != '1') { $caneditphpsettings = '0'; } - if($change_serversettings != '1') - { + if ($change_serversettings != '1') { $change_serversettings = '0'; } @@ -741,179 +746,169 @@ if($page == 'admins' exit; } - $db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET - `name`='" . $db->escape($name) . "', - `email`='" . $db->escape($email) . "', - `def_language`='" . $db->escape($def_language) . "', - `change_serversettings` = '" . $db->escape($change_serversettings) . "', - `customers` = '" . $db->escape($customers) . "', - `customers_see_all` = '" . $db->escape($customers_see_all) . "', - `domains` = '" . $db->escape($domains) . "', - `domains_see_all` = '" . $db->escape($domains_see_all) . "', - `caneditphpsettings` = '" . (int)$caneditphpsettings . "', - `password` = '" . $password . "', - `diskspace`='" . $db->escape($diskspace) . "', - `traffic`='" . $db->escape($traffic) . "', - `subdomains`='" . $db->escape($subdomains) . "', - `emails`='" . $db->escape($emails) . "', - `email_accounts` = '" . $db->escape($email_accounts) . "', - `email_forwarders`='" . $db->escape($email_forwarders) . "', - `email_quota`='" . $db->escape($email_quota) . "', - `email_autoresponder`='" . $db->escape($email_autoresponder) . "', - `ftps`='" . $db->escape($ftps) . "', - `tickets`='" . $db->escape($tickets) . "', - `tickets_see_all`='".$db->escape($tickets_see_all) . "', - `mysqls`='" . $db->escape($mysqls) . "', - `ip`='" . (int)$ipaddress . "', - `deactivated`='" . $db->escape($deactivated) . "', - `can_manage_aps_packages`=" . (int)$can_manage_aps_packages . ", - `aps_packages`=" . (int)$number_of_aps_packages . " - WHERE `adminid`='" . $db->escape($id) . "'"); - $log->logAction(ADM_ACTION, LOG_INFO, "edited admin '#" . $id . "'"); - $redirect_props = Array( - 'page' => $page, - 's' => $s + $upd_data = array( + 'password' => $password, + 'name' => $name, + 'email' => $email, + 'lang' => $def_language, + 'change_serversettings' => $change_serversettings, + 'customers' => $customers, + 'customers_see_all' => $customers_see_all, + 'domains' => $domains, + 'domains_see_all' => $domains_see_all, + 'caneditphpsettings' => $caneditphpsettings, + 'diskspace' => $diskspace, + 'traffic' => $traffic, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'accounts' => $email_accounts, + 'forwarders' => $email_forwarders, + 'quota' => $email_quota, + 'ftps' => $ftps, + 'tickets' => $tickets, + 'tickets_see_all' => $tickets_see_all, + 'mysqls' => $mysqls, + 'ip' => $ipaddress, + 'deactivated' => $deactivated, + 'can_manage_aps_packages' => $can_manage_aps_packages, + 'aps_packages' => $number_of_aps_packages, + 'autoresponder' => $email_autoresponder, + 'adminid' => $id ); - redirectTo($filename, $redirect_props); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_ADMINS . "` SET + `password` = :password, + `name` = :name, + `email` = :email, + `def_language` = :lang, + `change_serversettings` = :change_serversettings, + `customers` = :customers, + `customers_see_all` = :customers_see_all, + `domains` = :domains, + `domains_see_all` = :domains_see_all, + `caneditphpsettings` = :caneditphpsettings, + `diskspace` = :diskspace, + `traffic` = :traffic, + `subdomains` = :subdomains, + `emails` = :emails, + `email_accounts` = :accounts, + `email_forwarders` = :forwarders, + `email_quota` = :quota, + `ftps` = :ftps, + `tickets` = :tickets, + `tickets_see_all` = :tickets_see_all, + `mysqls` = :mysqls, + `ip` = :ip, + `deactivated` = :deactivated, + `can_manage_aps_packages` = :can_manage_aps_packages, + `aps_packages` = :aps_packages, + `email_autoresponder` = :autoresponder, + WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, $upd_data); + + $log->logAction(ADM_ACTION, LOG_INFO, "edited admin '#" . $id . "'"); + redirectTo($filename, array('page' => $page, 's' => $s)); } - } - else - { + + } else { + $result['traffic'] = round($result['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']); $result['diskspace'] = round($result['diskspace'] / 1024, $settings['panel']['decimal_places']); $result['email'] = $idna_convert->decode($result['email']); - $customers_ul = makecheckbox('customers_ul', $lng['customer']['unlimited'], '-1', false, $result['customers'], true, true); - if($result['customers'] == '-1') - { + $customers_ul = makecheckbox('customers_ul', $lng['customer']['unlimited'], '-1', false, $result['customers'], true, true); + if ($result['customers'] == '-1') { $result['customers'] = ''; } $diskspace_ul = makecheckbox('diskspace_ul', $lng['customer']['unlimited'], '-1', false, $result['diskspace'], true, true); - - if($result['diskspace'] == '-1') - { + if ($result['diskspace'] == '-1') { $result['diskspace'] = ''; } $traffic_ul = makecheckbox('traffic_ul', $lng['customer']['unlimited'], '-1', false, $result['traffic'], true, true); - - if($result['traffic'] == '-1') - { + if ($result['traffic'] == '-1') { $result['traffic'] = ''; } $domains_ul = makecheckbox('domains_ul', $lng['customer']['unlimited'], '-1', false, $result['domains'], true, true); - - if($result['domains'] == '-1') - { + if ($result['domains'] == '-1') { $result['domains'] = ''; } $subdomains_ul = makecheckbox('subdomains_ul', $lng['customer']['unlimited'], '-1', false, $result['subdomains'], true, true); - - if($result['subdomains'] == '-1') - { + if ($result['subdomains'] == '-1') { $result['subdomains'] = ''; } $emails_ul = makecheckbox('emails_ul', $lng['customer']['unlimited'], '-1', false, $result['emails'], true, true); - - if($result['emails'] == '-1') - { + if ($result['emails'] == '-1') { $result['emails'] = ''; } $email_accounts_ul = makecheckbox('email_accounts_ul', $lng['customer']['unlimited'], '-1', false, $result['email_accounts'], true, true); - - if($result['email_accounts'] == '-1') - { + if ($result['email_accounts'] == '-1') { $result['email_accounts'] = ''; } $email_forwarders_ul = makecheckbox('email_forwarders_ul', $lng['customer']['unlimited'], '-1', false, $result['email_forwarders'], true, true); - - if($result['email_forwarders'] == '-1') - { + if ($result['email_forwarders'] == '-1') { $result['email_forwarders'] = ''; } $email_quota_ul = makecheckbox('email_quota_ul', $lng['customer']['unlimited'], '-1', false, $result['email_quota'], true, true); - - if($result['email_quota'] == '-1') - { + if ($result['email_quota'] == '-1') { $result['email_quota'] = ''; } $email_autoresponder_ul = makecheckbox('email_autoresponder_ul', $lng['customer']['unlimited'], '-1', false, $result['email_autoresponder'], true, true); - - if($result['email_autoresponder'] == '-1') - { + if ($result['email_autoresponder'] == '-1') { $result['email_autoresponder'] = ''; } $ftps_ul = makecheckbox('ftps_ul', $lng['customer']['unlimited'], '-1', false, $result['ftps'], true, true); - - if($result['ftps'] == '-1') - { + if ($result['ftps'] == '-1') { $result['ftps'] = ''; } $tickets_ul = makecheckbox('tickets_ul', $lng['customer']['unlimited'], '-1', false, $result['tickets'], true, true); - - if($result['tickets'] == '-1') - { + if ($result['tickets'] == '-1') { $result['tickets'] = ''; } $mysqls_ul = makecheckbox('mysqls_ul', $lng['customer']['unlimited'], '-1', false, $result['mysqls'], true, true); - - if($result['mysqls'] == '-1') - { + if ($result['mysqls'] == '-1') { $result['mysqls'] = ''; } $number_of_aps_packages_ul = makecheckbox('number_of_aps_packages_ul', $lng['customer']['unlimited'], '-1', false, $result['aps_packages'], true, true); - - if($result['aps_packages'] == '-1') - { + if ($result['aps_packages'] == '-1') { $result['aps_packages'] = ''; } $language_options = ''; - - while(list($language_file, $language_name) = each($languages)) - { + while (list($language_file, $language_name) = each($languages)) { $language_options.= makeoption($language_name, $language_file, $result['def_language'], true); } $ipaddress = makeoption($lng['admin']['allips'], "-1", $result['ip']); $ips = array(); - $ipsandports = $db->query('SELECT `id`, `ip` FROM `' . TABLE_PANEL_IPSANDPORTS . '` ORDER BY `ip`, `port` ASC'); + $ipsandports_stmt = Database::query(" + SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip`, `port` ASC + "); - while($row = $db->fetch_array($ipsandports)) - { - if(filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) - { + while ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) { + if (filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { $row['ip'] = '[' . $row['ip'] . ']'; } - - if(!in_array($row['ip'], $ips)) - { + if (!in_array($row['ip'], $ips)) { $ipaddress.= makeoption($row['ip'], $row['id'], $result['ip']); $ips[] = $row['ip']; } } - /* - $change_serversettings = makeyesno('change_serversettings', '1', '0', $result['change_serversettings']); - $customers_see_all = makeyesno('customers_see_all', '1', '0', $result['customers_see_all']); - $domains_see_all = makeyesno('domains_see_all', '1', '0', $result['domains_see_all']); - $caneditphpsettings = makeyesno('caneditphpsettings', '1', '0', $result['caneditphpsettings']); - $deactivated = makeyesno('deactivated', '1', '0', $result['deactivated']); - $can_manage_aps_packages = makeyesno('can_manage_aps_packages', '1', '0', $result['can_manage_aps_packages']); - */ $result = htmlentities_array($result); $admin_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/admin/formfield.admin_edit.php'; @@ -927,5 +922,3 @@ if($page == 'admins' } } } - -?> diff --git a/admin_index.php b/admin_index.php index 20f1bc9e..1a0c539d 100644 --- a/admin_index.php +++ b/admin_index.php @@ -81,14 +81,7 @@ if ($page == 'overview') { $overview['number_domains'] = $number_domains['number_domains']; $phpversion = phpversion(); - $phpmemorylimit = @ini_get("memory_limit"); - - if ($phpmemorylimit == "") { - $phpmemorylimit = $lng['admin']['memorylimitdisabled']; - } - - $mysqlserverversion = mysql_get_server_info(); - $mysqlclientversion = mysql_get_client_info(); + $mysqlserverversion = Database::getAttribute(PDO::ATTR_SERVER_VERSION); $webserverinterface = strtoupper(@php_sapi_name()); if ((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes') diff --git a/admin_ipsandports.php b/admin_ipsandports.php index 12f4537f..66a4e9eb 100644 --- a/admin_ipsandports.php +++ b/admin_ipsandports.php @@ -376,7 +376,7 @@ if ($page == 'ipsandports' } else { - $upd_stmt = Datbase::prepare(" + $upd_stmt = Database::prepare(" UPDATE `" . TABLE_PANEL_IPSANDPORTS . "` SET `ip` = :ip, `port` = :port, `listen_statement` = :ls, diff --git a/admin_settings.php b/admin_settings.php index 79755ea4..092fc29a 100644 --- a/admin_settings.php +++ b/admin_settings.php @@ -23,50 +23,45 @@ $need_db_sql_data = true; $need_root_db_sql_data = true; require ("./lib/init.php"); -if(($page == 'settings' || $page == 'overview') - && $userinfo['change_serversettings'] == '1') -{ +if (($page == 'settings' || $page == 'overview') + && $userinfo['change_serversettings'] == '1' +) { $settings_data = loadConfigArrayDir('./actions/admin/settings/'); $settings = loadSettings($settings_data); - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { - $_part = isset($_GET['part']) ? $_GET['part'] : ''; + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { - if($_part == '') - { + $_part = isset($_GET['part']) ? $_GET['part'] : ''; + if ($_part == '') { $_part = isset($_POST['part']) ? $_POST['part'] : ''; } - if($_part != '') - { - if($_part == 'all') - { + if ($_part != '') { + if ($_part == 'all') { $settings_all = true; $settings_part = false; - } - else - { + } else { $settings_all = false; $settings_part = true; } - $only_enabledisable = false; - } - else - { + + } else { $settings_all = false; $settings_part = false; $only_enabledisable = true; } // check if the session timeout is too low #815 - if (isset($_POST['session_sessiontimeout']) && $_POST['session_sessiontimeout'] <= 60) { + if (isset($_POST['session_sessiontimeout']) + && $_POST['session_sessiontimeout'] <= 60 + ) { standard_error($lng['error']['session_timeout'], $lng['error']['session_timeout_desc']); } - if(processFormEx( + if (processFormEx( $settings_data, $_POST, array('filename' => $filename, 'action' => $action, 'page' => $page), @@ -83,25 +78,20 @@ if(($page == 'settings' || $page == 'overview') standard_success('settingssaved', '', array('filename' => $filename, 'action' => $action, 'page' => $page)); } - } - else - { - $_part = isset($_GET['part']) ? $_GET['part'] : ''; - if($_part == '') - { + } else { + + $_part = isset($_GET['part']) ? $_GET['part'] : ''; + if ($_part == '') { $_part = isset($_POST['part']) ? $_POST['part'] : ''; } $fields = buildFormEx($settings_data, $_part); $settings_page = ''; - if($_part == '') - { + if ($_part == '') { eval("\$settings_page .= \"" . getTemplate("settings/settings_overview") . "\";"); - } - else - { + } else { eval("\$settings_page .= \"" . getTemplate("settings/settings") . "\";"); } @@ -110,8 +100,8 @@ if(($page == 'settings' || $page == 'overview') eval("echo \"" . getTemplate("settings/settings_form_end") . "\";"); } -} -elseif($page == 'phpinfo' + +} elseif($page == 'phpinfo' && $userinfo['change_serversettings'] == '1' ) { ob_start(); @@ -154,13 +144,14 @@ elseif($page == 'phpinfo' $phpinfo = $phpinfohtml; } eval("echo \"" . getTemplate("settings/phpinfo") . "\";"); -} -elseif($page == 'rebuildconfigs' - && $userinfo['change_serversettings'] == '1') -{ - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + +} elseif($page == 'rebuildconfigs' + && $userinfo['change_serversettings'] == '1' +) { + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $log->logAction(ADM_ACTION, LOG_INFO, "rebuild configfiles"); inserttask('1'); inserttask('10'); @@ -168,102 +159,108 @@ elseif($page == 'rebuildconfigs' inserttask('4'); standard_success('rebuildingconfigs', '', array('filename' => 'admin_index.php')); - } - else - { + + } else { ask_yesno('admin_configs_reallyrebuild', $filename, array('page' => $page)); } -} -elseif($page == 'updatecounters' - && $userinfo['change_serversettings'] == '1') -{ - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + +} elseif($page == 'updatecounters' + && $userinfo['change_serversettings'] == '1' +) { + + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $log->logAction(ADM_ACTION, LOG_INFO, "updated resource-counters"); $updatecounters = updateCounters(true); $customers = ''; - foreach($updatecounters['customers'] as $customerid => $customer) - { + foreach ($updatecounters['customers'] as $customerid => $customer) { eval("\$customers.=\"" . getTemplate("settings/updatecounters_row_customer") . "\";"); } $admins = ''; - foreach($updatecounters['admins'] as $adminid => $admin) - { + foreach ($updatecounters['admins'] as $adminid => $admin) { eval("\$admins.=\"" . getTemplate("settings/updatecounters_row_admin") . "\";"); } eval("echo \"" . getTemplate("settings/updatecounters") . "\";"); - } - else - { + + } else { ask_yesno('admin_counters_reallyupdate', $filename, array('page' => $page)); } -} -elseif($page == 'wipecleartextmailpws' - && $userinfo['change_serversettings'] == '1') -{ - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + +} elseif ($page == 'wipecleartextmailpws' + && $userinfo['change_serversettings'] == '1' +) { + + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $log->logAction(ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords"); - $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password`='' "); - $db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='0' WHERE `settinggroup`='system' AND `varname`='mailpwcleartext'"); + Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';"); + Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'"); redirectTo('admin_settings.php', array('s' => $s)); - } - else - { + + } else { ask_yesno('admin_cleartextmailpws_reallywipe', $filename, array('page' => $page)); } -} -elseif($page == 'wipequotas' - && $userinfo['change_serversettings'] == '1') -{ - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + +} elseif($page == 'wipequotas' + && $userinfo['change_serversettings'] == '1' +) { + + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { + $log->logAction(ADM_ACTION, LOG_WARNING, "wiped all mailquotas"); // Set the quota to 0 which means unlimited - - $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota`='0' "); - $db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota_used` = 0"); + Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = '0';"); + Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota_used` = '0'"); redirectTo('admin_settings.php', array('s' => $s)); - } - else - { + + } else { ask_yesno('admin_quotas_reallywipe', $filename, array('page' => $page)); } -} -elseif($page == 'enforcequotas' - && $userinfo['change_serversettings'] == '1') -{ - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + +} elseif ($page == 'enforcequotas' + && $userinfo['change_serversettings'] == '1' +) { + if (isset($_POST['send']) + && $_POST['send'] == 'send' + ) { // Fetch all accounts + $result_stmt = Database::query("SELECT `quota`, `customerid` FROM `" . TABLE_MAIL_USERS . "`"); - $result = $db->query("SELECT `quota`, `customerid` FROM " . TABLE_MAIL_USERS); + if (Database::num_rows() > 0) { - while($array = $db->fetch_array($result)) - { - $difference = $settings['system']['mail_quota'] - $array['quota']; - $db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota_used` = `email_quota_used` + " . (int)$difference . " WHERE `customerid` = '" . $array['customerid'] . "'"); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `email_quota_used` = `email_quota_used` + :diff + WHERE `customerid` = :customerid + "); + + while ($array = $result_stmt->fetch(PDO::FETCH_ASSOC)) { + $difference = $settings['system']['mail_quota'] - $array['quota']; + Database::pexecute($upd_stmt, array('diff' => $difference, 'customerid' => $customerid)); + } } // Set the new quota - - $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota`='" . $settings['system']['mail_quota'] . "'"); + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = :quota + "); + Database::pexecute($upd_stmt, array('quota' => $settings['system']['mail_quota'])); // Update the Customer, if the used quota is bigger than the allowed quota - - $db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`"); + Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`"); $log->logAction(ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . $settings['system']['mail_quota'] . ' MB'); redirectTo('admin_settings.php', array('s' => $s)); - } - else - { + + } else { ask_yesno('admin_quotas_reallyenforce', $filename, array('page' => $page)); } } diff --git a/customer_domains.php b/customer_domains.php index 9fe579d9..302e80b2 100644 --- a/customer_domains.php +++ b/customer_domains.php @@ -18,11 +18,6 @@ */ define('AREA', 'customer'); - -/** - * Include our init.php, which manages Sessions, Language etc. - */ - require ("./lib/init.php"); if(isset($_POST['id'])) { @@ -717,14 +712,6 @@ if($page == 'overview') { $cert_content = openssl_x509_parse($ssl_cert_file); if (is_array($cert_content) && isset($cert_content['subject']) && isset($cert_content['subject']['CN'])) { - // TODO self-signed certs might differ and don't need/want this - /* - $domain = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAINS."` WHERE `id`='".(int)$id."'"); - if (strtolower($cert_content['subject']['CN']) != strtolower($idna_convert->decode($domain['domain']))) { - standard_error('sslcertificatewrongdomain'); - } - */ - // bool openssl_x509_check_private_key ( mixed $cert , mixed $key ) // Checks whether the given key is the private key that corresponds to cert. if (openssl_x509_check_private_key($ssl_cert_file, $ssl_key_file) === false) { diff --git a/customer_ftp.php b/customer_ftp.php index 054cd171..5ae58af7 100644 --- a/customer_ftp.php +++ b/customer_ftp.php @@ -119,11 +119,12 @@ if ($page == 'overview') { ); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); - $stmt = Database::prepare("UPDATE `" . TABLE_FTP_GROUPS . "` - SET `members`=REPLACE(`members`,'," . $db->escape($result['username']) . "','') - WHERE `customerid`='" . (int)$userinfo['customerid'] . "'" - ); - Database::pexecute($stmt, array("username" => $result['username'], "customerid" => $userinfo['customerid'])); + $stmt = Database::prepare(" + UPDATE `" . TABLE_FTP_GROUPS . "` SET + `members` = REPLACE(`members`, :username,'') + WHERE `customerid` = :customerid + "); + Database::pexecute($stmt, array("username" => ",".$result['username'], "customerid" => $userinfo['customerid'])); $log->logAction(USR_ACTION, LOG_INFO, "deleted ftp-account '" . $result['username'] . "'"); @@ -140,7 +141,7 @@ if ($page == 'overview') { ); Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); - redirectTo($filename, Array('page' => $page, 's' => $s)); + redirectTo($filename, array('page' => $page, 's' => $s)); } else { ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']); } @@ -167,7 +168,7 @@ if ($page == 'overview') { standard_error(array('stringisempty', 'username')); } $ftpdomain = $idna_convert->encode(validate($_POST['ftp_domain'], 'domain')); - $ftpdomain_check_stmt = Datbase::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "` + $ftpdomain_check_stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `domain` = :domain AND `customerid` = :customerid" ); diff --git a/lib/functions/output/function.ask_yesno.php b/lib/functions/output/function.ask_yesno.php index 876953ea..16abf515 100644 --- a/lib/functions/output/function.ask_yesno.php +++ b/lib/functions/output/function.ask_yesno.php @@ -25,29 +25,25 @@ * @param array $params Values which will be given to $yesfile. Format: array(variable1=>value1, variable2=>value2, variable3=>value3) * @param string $targetname Name of the target eg Domain or eMail address etc. * @param int $back_nr Number of steps to go back when "No" is pressed - * + * * @author Florian Lippert * @author Froxlor team (2010-) - * + * * @return string outputs parsed question_yesno template */ +function ask_yesno($text, $yesfile, $params = array(), $targetname = '', $back_nr = 1) { -function ask_yesno($text, $yesfile, $params = array(), $targetname = '', $back_nr = 1) -{ - global $userinfo, $db, $s, $header, $footer, $lng, $theme; + global $userinfo, $s, $header, $footer, $lng, $theme; $hiddenparams = ''; - if(is_array($params)) - { - foreach($params as $field => $value) - { + if (is_array($params)) { + foreach ($params as $field => $value) { $hiddenparams.= '' . "\n"; } } - if(isset($lng['question'][$text])) - { + if (isset($lng['question'][$text])) { $text = $lng['question'][$text]; } @@ -56,27 +52,23 @@ function ask_yesno($text, $yesfile, $params = array(), $targetname = '', $back_n exit; } -function ask_yesno_withcheckbox($text, $chk_text, $yesfile, $params = array(), $targetname = '', $show_checkbox = true) -{ - global $userinfo, $db, $s, $header, $footer, $lng, $theme; +function ask_yesno_withcheckbox($text, $chk_text, $yesfile, $params = array(), $targetname = '', $show_checkbox = true) { + + global $userinfo, $s, $header, $footer, $lng, $theme; $hiddenparams = ''; - if(is_array($params)) - { - foreach($params as $field => $value) - { + if (is_array($params)) { + foreach ($params as $field => $value) { $hiddenparams.= '' . "\n"; } } - if(isset($lng['question'][$text])) - { + if (isset($lng['question'][$text])) { $text = $lng['question'][$text]; } - - if(isset($lng['question'][$chk_text])) - { + + if (isset($lng['question'][$chk_text])) { $chk_text = $lng['question'][$chk_text]; } @@ -90,4 +82,3 @@ function ask_yesno_withcheckbox($text, $chk_text, $yesfile, $params = array(), $ eval("echo \"" . getTemplate('misc/question_yesno_checkbox', '1') . "\";"); exit; } - diff --git a/lib/functions/output/function.standard_error.php b/lib/functions/output/function.standard_error.php index 7733bf3b..d202a2c4 100644 --- a/lib/functions/output/function.standard_error.php +++ b/lib/functions/output/function.standard_error.php @@ -25,15 +25,14 @@ * @author Florian Lippert * @author Ron Brand */ +function standard_error($errors = '', $replacer = '') { + + global $userinfo, $s, $header, $footer, $lng, $theme; -function standard_error($errors = '', $replacer = '') -{ - global $db, $userinfo, $s, $header, $footer, $lng, $theme; $_SESSION['requestData'] = $_POST; $replacer = htmlentities($replacer); - if(!is_array($errors)) - { + if (!is_array($errors)) { $errors = array( $errors ); @@ -45,25 +44,18 @@ function standard_error($errors = '', $replacer = '') } $error = ''; - foreach($errors as $single_error) - { - if(isset($lng['error'][$single_error])) - { + foreach ($errors as $single_error) { + if (isset($lng['error'][$single_error])) { $single_error = $lng['error'][$single_error]; $single_error = strtr($single_error, array('%s' => $replacer)); - } - else - { + } else { $error = 'Unknown Error (' . $single_error . '): ' . $replacer; break; } - if(empty($error)) - { + if (empty($error)) { $error = $single_error; - } - else - { + } else { $error.= ' ' . $single_error; } } diff --git a/lng/english.lng.php b/lng/english.lng.php index 54d78550..c4b6edd4 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -456,10 +456,8 @@ $lng['error']['stringformaterror'] = 'The value for the field "%s" is not in the $lng['admin']['serversoftware'] = 'Serversoftware'; $lng['admin']['phpversion'] = 'PHP-Version'; -$lng['admin']['phpmemorylimit'] = 'PHP-Memory-Limit'; -$lng['admin']['mysqlserverversion'] = 'MySQL Server Version'; -$lng['admin']['mysqlclientversion'] = 'MySQL Client Version'; -$lng['admin']['webserverinterface'] = 'Webserver Interface'; +$lng['admin']['mysqlserverversion'] = 'MySQL server version'; +$lng['admin']['webserverinterface'] = 'Webserver interface'; $lng['domains']['isassigneddomain'] = 'Is assigned domain'; $lng['serversettings']['phpappendopenbasedir']['title'] = 'Paths to append to OpenBasedir'; $lng['serversettings']['phpappendopenbasedir']['description'] = 'These paths (separated by colons) will be added to the OpenBasedir-statement in every vHost-container.'; diff --git a/lng/german.lng.php b/lng/german.lng.php index 5b3e853f..1b2925a2 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -455,9 +455,7 @@ $lng['error']['stringformaterror'] = 'Der Wert des Feldes "%s" ist nicht im erwa $lng['admin']['serversoftware'] = 'Webserver'; $lng['admin']['phpversion'] = 'PHP-Version'; -$lng['admin']['phpmemorylimit'] = 'PHP-Memory-Limit'; $lng['admin']['mysqlserverversion'] = 'MySQL Server Version'; -$lng['admin']['mysqlclientversion'] = 'MySQL Client Version'; $lng['admin']['webserverinterface'] = 'Webserver-Interface'; $lng['domains']['isassigneddomain'] = 'Ist zugewiesene Domain'; $lng['serversettings']['phpappendopenbasedir']['title'] = 'An OpenBasedir anzuhängende Pfade'; diff --git a/scripts/jobs/cron_mailboxsize.php b/scripts/jobs/cron_mailboxsize.php index c3ffc963..cf3cbd41 100644 --- a/scripts/jobs/cron_mailboxsize.php +++ b/scripts/jobs/cron_mailboxsize.php @@ -20,9 +20,15 @@ fwrite($debugHandler, "calculating mailspace usage\n"); -$maildirs = $db->query("SELECT `id`, CONCAT(`homedir`, `maildir`) AS `maildirpath` FROM `".TABLE_MAIL_USERS."` ORDER BY `id`"); +$maildirs_stmt = Database::query(" + SELECT `id`, CONCAT(`homedir`, `maildir`) AS `maildirpath` FROM `".TABLE_MAIL_USERS."` ORDER BY `id` +"); -while ($maildir = $db->fetch_array($maildirs)) { +$upd_stmt = Database::prepare(" + UPDATE `".TABLE_MAIL_USERS."` SET `mboxsize` = :size WHERE `id` = :id +"); + +while ($maildir = $maildirs_stmt->fetch(PDO::FETCH_ASSOC)) { $_maildir = makeCorrectDir($maildir['maildirpath']); @@ -35,7 +41,7 @@ while ($maildir = $db->fetch_array($maildirs)) { } $emailusage = floatval($emailusage['0']); unset($back); - $db->query("UPDATE `".TABLE_MAIL_USERS."` SET `mboxsize` = '".(int)$emailusage."' WHERE `id` ='".(int)$maildir['id']."'"); + Database::pexecute($upd_stmt, array('size' => $emailusage, 'id' => $maildir['id'])); } else { fwrite($debugHandler, 'maildir ' . $_maildir . ' does not exist' . "\n"); } diff --git a/templates/Froxlor/admin/index/index.tpl b/templates/Froxlor/admin/index/index.tpl index 16607aa6..a75ce883 100644 --- a/templates/Froxlor/admin/index/index.tpl +++ b/templates/Froxlor/admin/index/index.tpl @@ -93,20 +93,12 @@ $header {$lng['admin']['phpversion']}: - $phpversion - - - {$lng['admin']['phpmemorylimit']}: - $phpmemorylimit + $phpversion {$lng['admin']['mysqlserverversion']}: $mysqlserverversion - - {$lng['admin']['mysqlclientversion']}: - $mysqlclientversion - {$lng['admin']['webserverinterface']}: $webserverinterface diff --git a/templates/Sparkle/admin/index/index.tpl b/templates/Sparkle/admin/index/index.tpl index 6abdc0a6..1886f487 100644 --- a/templates/Sparkle/admin/index/index.tpl +++ b/templates/Sparkle/admin/index/index.tpl @@ -209,20 +209,12 @@ $header {$lng['admin']['phpversion']}: - $phpversion - - - {$lng['admin']['phpmemorylimit']}: - $phpmemorylimit + $phpversion {$lng['admin']['mysqlserverversion']}: $mysqlserverversion - - {$lng['admin']['mysqlclientversion']}: - $mysqlclientversion - {$lng['admin']['webserverinterface']}: $webserverinterface