From 97c6385c36d390c3265865c313f5565f9464d89f Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Sun, 17 Nov 2013 11:01:59 +0100
Subject: [PATCH] migrated admin_settings to PDO database class, refs #1287

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 admin_settings.php | 203 ++++++++++++++++++++++-----------------------
 1 file changed, 100 insertions(+), 103 deletions(-)

diff --git a/admin_settings.php b/admin_settings.php
index 79755ea4..092fc29a 100644
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -23,50 +23,45 @@ $need_db_sql_data = true;
 $need_root_db_sql_data = true;
 require ("./lib/init.php");
 
-if(($page == 'settings' || $page == 'overview')
-   && $userinfo['change_serversettings'] == '1')
-{
+if (($page == 'settings' || $page == 'overview')
+	&& $userinfo['change_serversettings'] == '1'
+) {
 	$settings_data = loadConfigArrayDir('./actions/admin/settings/');
 	$settings = loadSettings($settings_data);
 
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
-		$_part = isset($_GET['part']) ? $_GET['part'] : '';
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
 
-		if($_part == '')
-		{
+		$_part = isset($_GET['part']) ? $_GET['part'] : '';
+		if ($_part == '') {
 			$_part = isset($_POST['part']) ? $_POST['part'] : '';
 		}
 
-		if($_part != '')
-		{
-			if($_part == 'all')
-			{
+		if ($_part != '') {
+			if ($_part == 'all') {
 				$settings_all = true;
 				$settings_part = false;
-			}
-			else
-			{
+			} else {
 				$settings_all = false;
 				$settings_part = true;
 			}
-
 			$only_enabledisable = false;
-		}
-		else
-		{
+
+		} else {
 			$settings_all = false;
 			$settings_part = false;
 			$only_enabledisable = true;
 		}
 		
 		// check if the session timeout is too low #815
-		if (isset($_POST['session_sessiontimeout']) && $_POST['session_sessiontimeout'] <= 60) {
+		if (isset($_POST['session_sessiontimeout'])
+			&& $_POST['session_sessiontimeout'] <= 60
+		) {
 			standard_error($lng['error']['session_timeout'], $lng['error']['session_timeout_desc']);
 		}
 
-		if(processFormEx(
+		if (processFormEx(
 			$settings_data,
 			$_POST,
 			array('filename' => $filename, 'action' => $action, 'page' => $page),
@@ -83,25 +78,20 @@ if(($page == 'settings' || $page == 'overview')
 
 			standard_success('settingssaved', '', array('filename' => $filename, 'action' => $action, 'page' => $page));
 		}
-	}
-	else
-	{
-		$_part = isset($_GET['part']) ? $_GET['part'] : '';
 
-		if($_part == '')
-		{
+	} else {
+
+		$_part = isset($_GET['part']) ? $_GET['part'] : '';
+		if ($_part == '') {
 			$_part = isset($_POST['part']) ? $_POST['part'] : '';
 		}
 
 		$fields = buildFormEx($settings_data, $_part);
 
 		$settings_page = '';
-		if($_part == '')
-		{
+		if ($_part == '') {
 			eval("\$settings_page .= \"" . getTemplate("settings/settings_overview") . "\";");
-		}
-		else
-		{
+		} else {
 			eval("\$settings_page .= \"" . getTemplate("settings/settings") . "\";");
 		}
 
@@ -110,8 +100,8 @@ if(($page == 'settings' || $page == 'overview')
 		eval("echo \"" . getTemplate("settings/settings_form_end") . "\";");
 
 	}
-}
-elseif($page == 'phpinfo'
+
+} elseif($page == 'phpinfo'
 	&& $userinfo['change_serversettings'] == '1'
 ) {
 		ob_start();
@@ -154,13 +144,14 @@ elseif($page == 'phpinfo'
 		$phpinfo = $phpinfohtml;
 	}
 	eval("echo \"" . getTemplate("settings/phpinfo") . "\";");
-}
-elseif($page == 'rebuildconfigs'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif($page == 'rebuildconfigs'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+
 		$log->logAction(ADM_ACTION, LOG_INFO, "rebuild configfiles");
 		inserttask('1');
 		inserttask('10');
@@ -168,102 +159,108 @@ elseif($page == 'rebuildconfigs'
 		inserttask('4');
 
 		standard_success('rebuildingconfigs', '', array('filename' => 'admin_index.php'));
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_configs_reallyrebuild', $filename, array('page' => $page));
 	}
-}
-elseif($page == 'updatecounters'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif($page == 'updatecounters'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+
 		$log->logAction(ADM_ACTION, LOG_INFO, "updated resource-counters");
 		$updatecounters = updateCounters(true);
 		$customers = '';
-		foreach($updatecounters['customers'] as $customerid => $customer)
-		{
+		foreach ($updatecounters['customers'] as $customerid => $customer) {
 			eval("\$customers.=\"" . getTemplate("settings/updatecounters_row_customer") . "\";");
 		}
 
 		$admins = '';
-		foreach($updatecounters['admins'] as $adminid => $admin)
-		{
+		foreach ($updatecounters['admins'] as $adminid => $admin) {
 			eval("\$admins.=\"" . getTemplate("settings/updatecounters_row_admin") . "\";");
 		}
 
 		eval("echo \"" . getTemplate("settings/updatecounters") . "\";");
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_counters_reallyupdate', $filename, array('page' => $page));
 	}
-}
-elseif($page == 'wipecleartextmailpws'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif ($page == 'wipecleartextmailpws'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+
 		$log->logAction(ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
-		$db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password`='' ");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='0' WHERE `settinggroup`='system' AND `varname`='mailpwcleartext'");
+		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
+		Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
 		redirectTo('admin_settings.php', array('s' => $s));
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_cleartextmailpws_reallywipe', $filename, array('page' => $page));
 	}
-}
-elseif($page == 'wipequotas'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif($page == 'wipequotas'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+
 		$log->logAction(ADM_ACTION, LOG_WARNING, "wiped all mailquotas");
 
 		// Set the quota to 0 which means unlimited
-
-		$db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota`='0' ");
-		$db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota_used` = 0");
+		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = '0';");
+		Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota_used` = '0'");
 		redirectTo('admin_settings.php', array('s' => $s));
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_quotas_reallywipe', $filename, array('page' => $page));
 	}
-}
-elseif($page == 'enforcequotas'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif ($page == 'enforcequotas'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
 		// Fetch all accounts
+		$result_stmt = Database::query("SELECT `quota`, `customerid` FROM `" . TABLE_MAIL_USERS . "`");
 
-		$result = $db->query("SELECT `quota`, `customerid` FROM " . TABLE_MAIL_USERS);
+		if (Database::num_rows() > 0) {
 
-		while($array = $db->fetch_array($result))
-		{
-			$difference = $settings['system']['mail_quota'] - $array['quota'];
-			$db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota_used` = `email_quota_used` + " . (int)$difference . " WHERE `customerid` = '" . $array['customerid'] . "'");
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
+				`email_quota_used` = `email_quota_used` + :diff
+				WHERE `customerid` = :customerid
+			");
+
+			while ($array = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+				$difference = $settings['system']['mail_quota'] - $array['quota'];
+				Database::pexecute($upd_stmt, array('diff' => $difference, 'customerid' => $customerid));
+			}
 		}
 
 		// Set the new quota
-
-		$db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota`='" . $settings['system']['mail_quota'] . "'");
+		$upd_stmt = Database::prepare("
+			UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = :quota
+		");
+		Database::pexecute($upd_stmt, array('quota' => $settings['system']['mail_quota']));
 
 		// Update the Customer, if the used quota is bigger than the allowed quota
-
-		$db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`");
+		Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`");
 		$log->logAction(ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . $settings['system']['mail_quota'] . ' MB');
 		redirectTo('admin_settings.php', array('s' => $s));
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_quotas_reallyenforce', $filename, array('page' => $page));
 	}
 }