diff --git a/customer_mysql.php b/customer_mysql.php index ccdbc326..3c349281 100644 --- a/customer_mysql.php +++ b/customer_mysql.php @@ -44,8 +44,13 @@ if ($page == 'overview') { 'description' => $lng['mysql']['databasedescription'] ); $paging = new paging($userinfo, $db, TABLE_PANEL_DATABASES, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); - $result = $db->query("SELECT * FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); - $paging->setEntries($db->num_rows($result)); + $result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DATABASES . "` + WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'])); + $mysqls_count = Database::num_rows(); + $paging->setEntries($mysqls_count); + $sortcode = $paging->getHtmlSortCode($lng); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); @@ -55,59 +60,81 @@ if ($page == 'overview') { $mysqls = ''; // Begin root-session - $db_root = new db($sql_root[0]['host'], $sql_root[0]['user'], $sql_root[0]['password'], ''); - while ($row = $db->fetch_array($result)) { + Database::needRoot(true); + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if ($paging->checkDisplay($i)) { $row = htmlentities_array($row); - $mbdata = $db_root->query_first("SELECT SUM( data_length + index_length) / 1024 / 1024 'MB' FROM information_schema.TABLES WHERE table_schema = '" . $db_root->escape($row['databasename']) . "' GROUP BY table_schema ;"); + $mbdata_stmt = Database::prepare("SELECT SUM( data_length + index_length) / 1024 / 1024 'MB' FROM information_schema.TABLES + WHERE table_schema = :table_schema + GROUP BY table_schema" + ); + Database::pexecute($mbdata_stmt, array("table_schema" => $row['databasename'])); + $mbdata = $mbdata_stmt->fetch(PDO::FETCH_ASSOC); $row['size'] = number_format($mbdata['MB'], 3, '.', ''); eval("\$mysqls.=\"" . getTemplate('mysql/mysqls_database') . "\";"); $count++; } $i++; } - $db_root->close(); + Database::needRoot(false); // End root-session - $mysqls_count = $db->num_rows($result); eval("echo \"" . getTemplate('mysql/mysqls') . "\";"); } elseif($action == 'delete' && $id != 0) { - $result = $db->query_first('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"'); - - if (isset($result['databasename']) - && $result['databasename'] != '' - ) { + $result_stmt = Database::prepare('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '` + WHERE `customerid`="' . (int)$userinfo['customerid'] . '" + AND `id`="' . (int)$id . '"' + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'])); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + + if (isset($result['databasename']) && $result['databasename'] != '') { if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) { $result['dbserver'] = 0; } - if (isset($_POST['send']) - && $_POST['send'] == 'send' - ) { + if (isset($_POST['send']) && $_POST['send'] == 'send') { // Begin root-session - $db_root = new db($sql_root[$result['dbserver']]['host'], $sql_root[$result['dbserver']]['user'], $sql_root[$result['dbserver']]['password'], ''); + Database::needRoot(true); $log->logAction(USR_ACTION, LOG_INFO, "deleted database '" . $result['databasename'] . "'"); - if (mysql_get_server_info() < '5.0.2') { + if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') { // Revoke privileges (only required for MySQL 4.1.2 - 5.0.1) - $db_root->query('REVOKE ALL PRIVILEGES, GRANT OPTION FROM \'' . $db_root->escape($result['databasename']) .'\'',false,true); + $stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM :databasename"); + Database::pexecute($stmt, array("databasename" => $result['databasename'])); } - $host_res = $db_root->query("SELECT `Host` FROM `mysql`.`user` WHERE `User`='" . $db_root->escape($result['databasename']) . "'"); - while ($host = $db_root->fetch_array($host_res)) { + $host_res_stmt = Database::prepare("SELECT `Host` FROM `mysql`.`user` + WHERE `User`= :databasename" + ); + Database::pexecute($host_res_stmt, array("databasename" => $result['databasename'])); + + while ($host = $host_res_stmt->fetch(PDO::FETCH_ASSOC)) { // as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+) - $db_root->query('DROP USER \'' . $db_root->escape($result['databasename']). '\'@\'' . $db_root->escape($host['Host']) . '\'', false, true); + $stmt = Database::prepare("DROP USER :databasename@:host"); + Database::pexecute($stmt, array("databasename" => $result['databasename'], "host" => $host['Host'])); } - - $db_root->query('DROP DATABASE IF EXISTS `' . $db_root->escape($result['databasename']) . '`'); - $db_root->query('FLUSH PRIVILEGES'); - $db_root->close(); + + $stmt = Database::prepare("DROP DATABASE IF EXISTS `" . $result['databasename'] . "`"); + Database::pexecute($stmt); + $stmt = Database::prepare("FLUSH PRIVILEGES"); + Database::pexecute($stmt); + Database::needRoot(false); // End root-session - $db->query('DELETE FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"'); + $stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "` + WHERE `customerid` = :customerid + AND `id` = :id" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); - $resetaccnumber = ($userinfo['mysqls_used'] == '1') ? " , `mysql_lastaccountnumber`='0' " : ''; - - $result = $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`-1 ' . $resetaccnumber . 'WHERE `customerid`="' . (int)$userinfo['customerid'] . '"'); + $resetaccnumber = ($userinfo['mysqls_used'] == '1') ? " , `mysql_lastaccountnumber` = '0' " : ''; + + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` + SET `mysqls_used` = `mysqls_used` - 1 " . $resetaccnumber . " + WHERE `customerid` = :customerid" + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); + redirectTo($filename, Array('page' => $page, 's' => $s)); } else { $dbnamedesc = $result['databasename']; @@ -118,12 +145,8 @@ if ($page == 'overview') { } } } elseif ($action == 'add') { - if ($userinfo['mysqls_used'] < $userinfo['mysqls'] - || $userinfo['mysqls'] == '-1' - ) { - if (isset($_POST['send']) - && $_POST['send'] == 'send' - ) { + if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') { + if (isset($_POST['send']) && $_POST['send'] == 'send') { $password = validate($_POST['mysql_password'], 'password'); $password = validatePassword($password); @@ -147,11 +170,11 @@ if ($page == 'overview') { $databasedescription = validate(trim($_POST['description']), 'description'); // Begin root-session - $db_root = new db($sql_root[$dbserver]['host'], $sql_root[$dbserver]['user'], $sql_root[$dbserver]['password'], ''); - + Database::needRoot(true); if (strtoupper($settings['customer']['mysqlprefix']) == 'RANDOM') { - $result = $db_root->query('SELECT `User` FROM mysql.user'); - while ($row = $db_root->fetch_array($result)) { + $result_stmt = Database::prepare('SELECT `User` FROM mysql.user'); + Database::pexecute($result_stmt); + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $allsqlusers[] = $row[User]; } $username = $userinfo['loginname'] . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3); @@ -161,22 +184,44 @@ if ($page == 'overview') { } else { $username = $userinfo['loginname'] . $settings['customer']['mysqlprefix'] . (intval($userinfo['mysql_lastaccountnumber']) + 1); } - - $db_root->query('CREATE DATABASE `' . $db_root->escape($username) . '`'); + + $stmt = Database::prepare("CREATE DATABASE `" . $username . "`"); + Database::pexecute($stmt); $log->logAction(USR_ACTION, LOG_INFO, "created database '" . $username . "'"); foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) { - $db_root->query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($username)) . '`.* TO `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` IDENTIFIED BY \'password\''); - $db_root->query('SET PASSWORD FOR `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` = PASSWORD(\'' . $db_root->escape($password) . '\')'); + $stmt = Database::prepare("GRANT ALL PRIVILEGES ON `" . $username . "`.* + TO :username@:host + IDENTIFIED BY 'password'" + ); + Database::pexecute($stmt, array("username" => $username, "host" => $mysql_access_host)); + $stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)"); + Database::pexecute($stmt, array("username" => $username, "host" => $mysql_access_host, "password" => $password)); $log->logAction(USR_ACTION, LOG_NOTICE, "grant all privileges for '" . $username . "'@'" . $mysql_access_host . "'"); } - $db_root->query('FLUSH PRIVILEGES'); - $db_root->close(); + $stmt = Database::prepare("FLUSH PRIVILEGES"); + Database::pexecute($stmt); + Database::needRoot(false); // End root-session // Statement modified for Database description -- PH 2004-11-29 - $result = $db->query('INSERT INTO `' . TABLE_PANEL_DATABASES . '` (`customerid`, `databasename`, `description`, `dbserver`) VALUES ("' . (int)$userinfo['customerid'] . '", "' . $db->escape($username) . '", "' . $db->escape($databasedescription) . '", "' . $db->escape($dbserver) . '")'); - $result = $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`+1, `mysql_lastaccountnumber`=`mysql_lastaccountnumber`+1 WHERE `customerid`="' . (int)$userinfo['customerid'] . '"'); + $stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_DATABASES . '` + (`customerid`, `databasename`, `description`, `dbserver`) + VALUES (:customerid, :databasename, :description, :dbserver)' + ); + $params = array( + "customerid" => $userinfo['customerid'], + "username" => $username, + "description" => $databasedescription, + "dbserver" => $dbserver + ); + Database::pexecute($stmt, $params); + + $stmt = Database::prepare('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` + SET `mysqls_used` = `mysqls_used` + 1, `mysql_lastaccountnumber` = `mysql_lastaccountnumber` + 1 + WHERE `customerid` = :customerid' + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); if ($sendinfomail == 1) { $pma = $lng['admin']['notgiven']; @@ -195,9 +240,24 @@ if ($page == 'overview') { ); $def_language = $userinfo['def_language']; - $result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'new_database_by_customer_subject\''); + $result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` + WHERE `adminid` = :adminid + AND `language` = :lang + AND `templategroup`='mails' + AND `varname`='new_database_by_customer_subject'" + ); + Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_subject']), $replace_arr)); - $result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'new_database_by_customer_mailbody\''); + + $result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "` + WHERE `adminid`= :adminid + AND `language`= :lang + AND `templategroup` = 'mails' + AND `varname` = 'new_database_by_customer_mailbody'" + ); + Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_body']['main']), $replace_arr)); $_mailerror = false; @@ -244,18 +304,19 @@ if ($page == 'overview') { } } } elseif ($action == 'edit' && $id != 0) { - $result = $db->query_first('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . $userinfo['customerid'] . '" AND `id`="' . $id . '"'); + $result_stmt = Database::prepare("SELECT `id`, `databasename`, `description`, `dbserver` FROM `" . TABLE_PANEL_DATABASES . "` + WHERE `customerid` = :customerid + AND `id` = :id" + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); - if (isset($result['databasename']) - && $result['databasename'] != '' - ) { + if (isset($result['databasename']) && $result['databasename'] != '') { if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) { $result['dbserver'] = 0; } - if (isset($_POST['send']) - && $_POST['send'] == 'send' - ) { + if (isset($_POST['send']) && $_POST['send'] == 'send') { // Only change Password if it is set, do nothing if it is empty! -- PH 2004-11-29 $password = validate($_POST['mysql_password'], 'password'); if ($password != '') { @@ -263,20 +324,32 @@ if ($page == 'overview') { $password = validatePassword($password); // Begin root-session - $db_root = new db($sql_root[$result['dbserver']]['host'], $sql_root[$result['dbserver']]['user'], $sql_root[$result['dbserver']]['password'], ''); + Database::needRoot(true); foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) { - $db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '` = PASSWORD(\'' . $db_root->escape($password) . '\')'); + $stmt = Database::prepare("SET PASSWORD FOR :dbname@:host = PASSWORD(:password)"); + $params = array( + "dbname" => $result['databasename'], + "host" => $mysql_access_host, + "password" => $password + ); + Database::pexecute($stmt, $params); } - $db_root->query('FLUSH PRIVILEGES'); - $db_root->close(); + $stmt = Database::prepare("FLUSH PRIVILEGES"); + Database::pexecute($stmt); + Database::needRoot(false); // End root-session } // Update the Database description -- PH 2004-11-29 $log->logAction(USR_ACTION, LOG_INFO, "edited database '" . $result['databasename'] . "'"); $databasedescription = validate($_POST['description'], 'description'); - $result = $db->query('UPDATE `' . TABLE_PANEL_DATABASES . '` SET `description`="' . $db->escape($databasedescription) . '" WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"'); + $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DATABASES . "` + SET `description` = :desc + WHERE `customerid` = :customerid + AND `id` = :id" + ); + Database::pexecute($stmt, array("desc" => $databasedescription, "customerid" => $userinfo['customerid'], "id" => $id)); redirectTo($filename, Array('page' => $page, 's' => $s)); } else { $mysql_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/mysql/formfield.mysql_edit.php'; diff --git a/customer_tickets.php b/customer_tickets.php index 9ae92718..780a9b8a 100644 --- a/customer_tickets.php +++ b/customer_tickets.php @@ -25,35 +25,28 @@ define('AREA', 'customer'); require ("./lib/init.php"); -if(isset($_POST['id'])) -{ +if(isset($_POST['id'])) { $id = intval($_POST['id']); /* * Check if the current user is allowed to see the current ticket. */ - $sql = "SELECT `id` FROM `panel_tickets` WHERE `id` = '".$id."' AND `customerid` = '".$userinfo['customerid']."'"; - - $result = $db->query_first($sql); + $stmt = Database::prepare("SELECT `id` FROM `panel_tickets` WHERE `id` = :id AND `customerid` = :customerid"); + Database::pexecute($stmt, array("id" => $id, "customerid" => $userinfo['customerid'])); + $result = $stmt->fetch(PDO::FETCH_ASSOC); if ($result == null) { // no rights to see the requested ticket standard_error(array('ticketnotaccessible')); } -} -elseif(isset($_GET['id'])) -{ +} elseif(isset($_GET['id'])) { $id = intval($_GET['id']); } -if($page == 'overview') -{ +if($page == 'overview') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets"); eval("echo \"" . getTemplate("tickets/ticket") . "\";"); -} -elseif($page == 'tickets') -{ - if($action == '') - { +} elseif($page == 'tickets') { + if($action == '') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets::tickets"); $fields = array( 'status' => $lng['ticket']['status'], @@ -66,8 +59,16 @@ elseif($page == 'tickets') $paging = new paging($userinfo, $db, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); $paging->sortfield = 'lastchange'; $paging->sortorder = 'desc'; - $result = $db->query('SELECT `main`.`id`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority` FROM `' . TABLE_PANEL_TICKETS . '` as `main` WHERE `main`.`answerto` = "0" AND `archived` = "0" AND `customerid`="' . (int)$userinfo['customerid'] . '" ' . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()); - $paging->setEntries($db->num_rows($result)); + $stmt = Database::prepare('SELECT `main`.`id`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` + WHERE `sub`.`answerto` = `main`.`id`) AS `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority` + FROM `' . TABLE_PANEL_TICKETS . '` as `main` + WHERE `main`.`answerto` = "0" + AND `archived` = "0" + AND `customerid`= :customerid ' . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit() + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); + + $paging->setEntries(Database::num_rows()); $sortcode = $paging->getHtmlSortCode($lng); $arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s); $searchcode = $paging->getHtmlSearchCode($lng); @@ -77,41 +78,31 @@ elseif($page == 'tickets') $tickets = ''; $tickets_count = 0; - while($row = $db->fetch_array($result)) - { - if($paging->checkDisplay($i)) - { + while($row = $stmt->fetch(PDO::FETCH_ASSOC)) { + if($paging->checkDisplay($i)) { $tickets_count++; $row = htmlentities_array($row); $row['lastchange'] = date("d.m.y H:i", $row['lastchange']); - if($row['status'] >= 0 - && $row['status'] <= 2) - { + if($row['status'] >= 0 && $row['status'] <= 2) { $reopen = 0; - } - else - { + } else { $reopen = 1; } $row['status'] = ticket::getStatusText($lng, $row['status']); $row['priority'] = ticket::getPriorityText($lng, $row['priority']); - if($row['lastreplier'] == '1') - { + if($row['lastreplier'] == '1') { $row['lastreplier'] = $lng['ticket']['staff']; $cananswer = 1; - } - else - { + } else { $row['lastreplier'] = $lng['ticket']['customer']; $cananswer = 0; } $row['subject'] = html_entity_decode($row['subject']); - if(strlen($row['subject']) > 20) - { + if(strlen($row['subject']) > 20) { $row['subject'] = substr($row['subject'], 0, 17) . '...'; } @@ -128,56 +119,42 @@ elseif($page == 'tickets') $start = substr($settings['ticket']['worktime_begin'], 0, 2) . substr($settings['ticket']['worktime_begin'], 3, 2); $end = substr($settings['ticket']['worktime_end'], 0, 2) . substr($settings['ticket']['worktime_end'], 3, 2); - if($time >= $start - && $time <= $end) - { + if($time >= $start && $time <= $end) { $supportavailable = 1; } - if($settings['ticket']['worktime_sat'] == "0" - && $day == "6") - { + if($settings['ticket']['worktime_sat'] == "0" && $day == "6") { $supportavailable = 0; } - if($settings['ticket']['worktime_sun'] == "0" - && $day == "0") - { + if($settings['ticket']['worktime_sun'] == "0" && $day == "0") { $supportavailable = 0; } - if($settings['ticket']['worktime_all'] == "1") - { + if($settings['ticket']['worktime_all'] == "1") { $supportavailable = 1; } $ticketsopen = 0; - $opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '` - WHERE `customerid` = "' . $userinfo['customerid'] . '" - AND `answerto` = "0" - AND (`status` = "0" OR `status` = "1" OR `status` = "2")'); + $stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '` + WHERE `customerid` = :customerid + AND `answerto` = "0" + AND (`status` = "0" OR `status` = "1" OR `status` = "2")' + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); + $opentickets = $stmt->fetch(PDO::FETCH_ASSOC); - if($settings['ticket']['concurrently_open'] != - 1 - && $settings['ticket']['concurrently_open'] != '') - { + if($settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') { $notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open'])); - } - else - { + } else { $notmorethanxopentickets = ''; } $ticketsopen = (int)$opentickets['count']; eval("echo \"" . getTemplate("tickets/tickets") . "\";"); - } - elseif($action == 'new') - { - if($userinfo['tickets_used'] < $userinfo['tickets'] - || $userinfo['tickets'] == '-1') - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif($action == 'new') { + if($userinfo['tickets_used'] < $userinfo['tickets'] || $userinfo['tickets'] == '-1') { + if(isset($_POST['send']) && $_POST['send'] == 'send') { $newticket = ticket::getInstanceOf($userinfo, $db, $settings, -1); $newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); @@ -186,16 +163,11 @@ elseif($page == 'tickets') $newticket->Set('admin', (int)$userinfo['adminid'], true, false); $newticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false); - if($newticket->Get('subject') == null) - { + if($newticket->Get('subject') == null) { standard_error(array('stringisempty', 'mysubject')); - } - elseif($newticket->Get('message') == null) - { + } elseif($newticket->Get('message') == null) { standard_error(array('stringisempty', 'mymessage')); - } - else - { + } else { $now = time(); $newticket->Set('dt', $now, true, true); $newticket->Set('lastchange', $now, true, true); @@ -205,8 +177,12 @@ elseif($page == 'tickets') $newticket->Set('by', '0', true, true); $newticket->Insert(); $log->logAction(USR_ACTION, LOG_NOTICE, "opened support-ticket '" . $newticket->Get('subject') . "'"); - $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` - SET `tickets_used`=`tickets_used`+1 WHERE `customerid`="' . (int)$userinfo['customerid'] . '"'); + + $stmt = Database::prepare('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` + SET `tickets_used`=`tickets_used` + 1 + WHERE `customerid`= :customerid' + ); + Database::pexecute($stmt, array("customerid" => $userinfo['customerid'])); // Customer mail @@ -217,24 +193,26 @@ elseif($page == 'tickets') $newticket->sendMail(-1, 'new_ticket_by_customer_subject', $lng['mails']['new_ticket_by_customer']['subject'], 'new_ticket_by_customer_mailbody', $lng['mails']['new_ticket_by_customer']['mailbody']); redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { + } else { $categories = ''; - $result = $db->query_first('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC'); + $result_stmt = Database::prepare('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` + WHERE `adminid` = :adminid + ORDER BY `logicalorder`, `name` ASC' + ); + Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'])); + $result = $result_stmt->fetch(PDO::FETCH_ASSOC); + + if(isset($result['name']) && $result['name'] != '') { + $result2_stmt = Database::prepare('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` + WHERE `adminid` = :adminid + ORDER BY `logicalorder`, `name` ASC' + ); + Database::pexecute($result2_stmt, array("adminid" => $userinfo['adminid'])); - if(isset($result['name']) - && $result['name'] != '') - { - $result2 = $db->query('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC'); - - while($row = $db->fetch_array($result2)) - { + while($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) { $categories.= makeoption($row['name'], $row['id']); } - } - else - { + } else { $categories = makeoption($lng['ticket']['no_cat'], '0'); } @@ -242,18 +220,17 @@ elseif($page == 'tickets') $priorities.= makeoption($lng['ticket']['normal'], '2', $settings['ticket']['default_priority']); $priorities.= makeoption($lng['ticket']['low'], '3', $settings['ticket']['default_priority']); $ticketsopen = 0; - $opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '` - WHERE `customerid` = "' . $userinfo['customerid'] . '" - AND `answerto` = "0" - AND (`status` = "0" OR `status` = "1" OR `status` = "2")'); + $opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '` + WHERE `customerid` = :customerid + AND `answerto` = "0" + AND (`status` = "0" OR `status` = "1" OR `status` = "2")' + ); + Database::pexecute($opentickets_stmt, array("customerid" => $userinfo['customerid'])); + $opentickets = $opentickets_stmt->fetch(PDO::FETCH_ASSOC); - if($settings['ticket']['concurrently_open'] != - 1 - && $settings['ticket']['concurrently_open'] != '') - { + if($settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') { $notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open'])); - } - else - { + } else { $notmorethanxopentickets = ''; } @@ -267,29 +244,19 @@ elseif($page == 'tickets') eval("echo \"" . getTemplate("tickets/tickets_new") . "\";"); } - } - else - { + } else { standard_error('nomoreticketsavailable'); } - } - elseif($action == 'answer' - && $id != 0) - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif($action == 'answer' && $id != 0) { + if(isset($_POST['send']) && $_POST['send'] == 'send') { $replyticket = ticket::getInstanceOf($userinfo, $db, $settings, -1); $replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false); $replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false); $replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false); - if($replyticket->Get('message') == null) - { + if($replyticket->Get('message') == null) { standard_error(array('stringisempty', 'mymessage')); - } - else - { + } else { $now = time(); $replyticket->Set('customerid', (int)$userinfo['customerid'], true, true); $replyticket->Set('lastchange', $now, true, true); @@ -303,8 +270,7 @@ elseif($page == 'tickets') $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); - if($replyticket->Get('priority') != $mainticket->Get('priority')) - { + if($replyticket->Get('priority') != $mainticket->Get('priority')) { $mainticket->Set('priority', $replyticket->Get('priority'), true); } @@ -316,35 +282,28 @@ elseif($page == 'tickets') $mainticket->sendMail(-1, 'new_reply_ticket_by_customer_subject', $lng['mails']['new_reply_ticket_by_customer']['subject'], 'new_reply_ticket_by_customer_mailbody', $lng['mails']['new_reply_ticket_by_customer']['mailbody']); redirectTo($filename, Array('page' => $page, 's' => $s)); } - } - else - { + } else { $ticket_replies = ''; $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); $dt = date("d.m.Y H:i\h", $mainticket->Get('dt')); $status = ticket::getStatusText($lng, $mainticket->Get('status')); - if($mainticket->Get('status') >= 0 - && $mainticket->Get('status') <= 2) - { + if($mainticket->Get('status') >= 0 && $mainticket->Get('status') <= 2) { $isclosed = 0; - } - else - { + } else { $isclosed = 1; } - if($mainticket->Get('by') == '1') - { + if($mainticket->Get('by') == '1') { $by = $lng['ticket']['staff']; - } - else - { + } else { $cid = $mainticket->Get('customer'); - $usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname` - FROM `' . TABLE_PANEL_CUSTOMERS . '` - WHERE `customerid` = "' . (int)$cid . '"' + $usr_stmt = Database::prepare('SELECT `customerid`, `firstname`, `name`, `company`, `loginname` + FROM `' . TABLE_PANEL_CUSTOMERS . '` + WHERE `customerid` = :customerid ' ); + Database::pexecute($usr_stmt, array("customerid" => $cid)); + $usr = $usr_stmt->fetch(PDO::FETCH_ASSOC); $by = getCorrectFullUserDetails($usr); //$by = $lng['ticket']['customer']; } @@ -352,22 +311,25 @@ elseif($page == 'tickets') $subject = $mainticket->Get('subject'); $message = $mainticket->Get('message'); eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_main") . "\";"); - $result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` - WHERE `id`="' . (int)$mainticket->Get('category') . '"'); - $row = $db->fetch_array($result); - $andere = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto`="' . (int)$id . '" ORDER BY `lastchange` ASC'); - - while($row2 = $db->fetch_array($andere)) - { + $result_stmt = Database::prepare('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` + WHERE `id`= :id ' + ); + Database::pexecute($result_stmt, array("id" => $mainticket->Get('category'))); + $row = $result_stmt->fetch(PDO::FETCH_ASSOC); + + $andere_stmt = Database::prepare('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` + WHERE `answerto`= :answerto + ORDER BY `lastchange` ASC' + ); + Database::pexecute($andere_stmt, array("answerto" => $id)); + + while($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) { $subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$row2['id']); $lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange')); - if($subticket->Get('by') == '1') - { + if($subticket->Get('by') == '1') { $by = $lng['ticket']['staff']; - } - else - { + } else { $by = getCorrectFullUserDetails($usr); //$by = $lng['ticket']['customer']; } @@ -393,13 +355,8 @@ elseif($page == 'tickets') eval("echo \"" . getTemplate("tickets/tickets_reply") . "\";"); } - } - elseif($action == 'close' - && $id != 0) - { - if(isset($_POST['send']) - && $_POST['send'] == 'send') - { + } elseif($action == 'close' && $id != 0) { + if(isset($_POST['send']) && $_POST['send'] == 'send') { $now = time(); $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); $mainticket->Set('lastchange', $now, true, true); @@ -408,27 +365,22 @@ elseif($page == 'tickets') $mainticket->Update(); $log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'"); redirectTo($filename, Array('page' => $page, 's' => $s)); - } - else - { + } else { $mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id); ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject')); } - } - elseif($action == 'reopen' - && $id != 0) - { + } elseif($action == 'reopen' && $id != 0) { $ticketsopen = 0; - $opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '` - WHERE `customerid` = "' . $userinfo['customerid'] . '" - AND `answerto` = "0" - AND (`status` = "0" OR `status` = "1" OR `status` = "2")'); + $opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '` + WHERE `customerid` = :customerid + AND `answerto` = "0" + AND (`status` = "0" OR `status` = "1" OR `status` = "2")' + ); + Database::pexecute($opentickets_stmt, array("customerid" => $userinfo['customerid'])); + $opentickets = $opentickets_stmt->fetch(PDO::FETCH_ASSOC); $ticketsopen = (int)$opentickets['count']; - if($ticketsopen > $settings['ticket']['concurrently_open'] - && $settings['ticket']['concurrently_open'] != - 1 - && $settings['ticket']['concurrently_open'] != '') - { + if($ticketsopen > $settings['ticket']['concurrently_open'] && $settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') { standard_error('notmorethanxopentickets', $settings['ticket']['concurrently_open']); } diff --git a/customer_traffic.php b/customer_traffic.php index 05cc74f0..4836100d 100644 --- a/customer_traffic.php +++ b/customer_traffic.php @@ -28,23 +28,15 @@ $traffic = ''; $month = null; $year = null; -if (isset($_POST['month']) - && isset($_POST['year']) -) { +if (isset($_POST['month']) && isset($_POST['year'])) { $month = intval($_POST['month']); $year = intval($_POST['year']); -} elseif (isset($_GET['month']) - && isset($_GET['year']) -) { +} elseif (isset($_GET['month']) && isset($_GET['year'])) { $month = intval($_GET['month']); $year = intval($_GET['year']); } - //BAM! $_GET??? - -elseif (isset($_GET['page']) - && $_GET['page'] == 'current' -) { +elseif (isset($_GET['page']) && $_GET['page'] == 'current') { if (date('d') != '01') { $month = date('m'); $year = date('Y'); @@ -59,22 +51,28 @@ elseif (isset($_GET['page']) } } -if (!is_null($month) - && !is_null($year)) { +if (!is_null($month) && !is_null($year)) { $traf['byte'] = 0; - $result = $db->query("SELECT - SUM(`http`) as 'http', SUM(`ftp_up`) AS 'ftp_up', SUM(`ftp_down`) as 'ftp_down', SUM(`mail`) as 'mail', - `day`, `month`, `year` - FROM `" . TABLE_PANEL_TRAFFIC . "` - WHERE `customerid`='" . $userinfo['customerid'] . "' - AND `month` = '" . $month . "' AND `year` = '" . $year . "' - GROUP BY `day` ORDER BY `day` ASC"); + $result_stmt = Database::prepare("SELECT SUM(`http`) as 'http', SUM(`ftp_up`) AS 'ftp_up', SUM(`ftp_down`) as 'ftp_down', SUM(`mail`) as 'mail', `day`, `month`, `year` + FROM `" . TABLE_PANEL_TRAFFIC . "` + WHERE `customerid`= :customerid + AND `month` = :month + AND `year` = :year + GROUP BY `day` + ORDER BY `day` ASC" + ); + $params = array( + "customerid" => $userinfo['customerid'], + "month" => $month, + "year" => $year + ); + Database::pexecute($result_stmt, $params); $traffic_complete['http'] = 0; $traffic_complete['ftp'] = 0; $traffic_complete['mail'] = 0; $show = ''; - while ($row = $db->fetch_array($result)) { + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $http = $row['http']; $ftp = $row['ftp_up'] + $row['ftp_down']; $mail = $row['mail']; @@ -118,14 +116,19 @@ if (!is_null($month) eval("echo \"" . getTemplate('traffic/traffic_details') . "\";"); } else { - $result = $db->query("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail - FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = '" . $userinfo['customerid'] . "' - GROUP BY CONCAT(`year`,`month`) ORDER BY CONCAT(`year`,`month`) DESC LIMIT 12"); + $result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail + FROM `" . TABLE_PANEL_TRAFFIC . "` + WHERE `customerid` = :customerid + GROUP BY CONCAT(`year`,`month`) + ORDER BY CONCAT(`year`,`month`) DESC + LIMIT 12" + ); + Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'])); $traffic_complete['http'] = 0; $traffic_complete['ftp'] = 0; $traffic_complete['mail'] = 0; - while ($row = $db->fetch_array($result)) { + while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $http = $row['http']; $ftp_up = $row['ftp_up']; $ftp_down = $row['ftp_down'];