Migrated customer_mysql, customer_tickets, customer_traffic to new database class

2013-10-31 17:35:57 +01:00
parent 256a714d55
commit b4a2124d1b
3 changed files with 280 additions and 252 deletions
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -44,8 +44,13 @@ if ($page == 'overview') {
 			'description' => $lng['mysql']['databasedescription']
 		);
 		$paging = new paging($userinfo, $db, TABLE_PANEL_DATABASES, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
-		$result = $db->query("SELECT * FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
-		$paging->setEntries($db->num_rows($result));
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
 		$mysqls_count = Database::num_rows();
 		$paging->setEntries($mysqls_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -55,59 +60,81 @@ if ($page == 'overview') {
 		$mysqls = '';
 		// Begin root-session
-		$db_root = new db($sql_root[0]['host'], $sql_root[0]['user'], $sql_root[0]['password'], '');
+		Database::needRoot(true);
-		while ($row = $db->fetch_array($result)) {
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				$row = htmlentities_array($row);
-				$mbdata = $db_root->query_first("SELECT SUM( data_length + index_length) / 1024 / 1024 'MB' FROM information_schema.TABLES WHERE table_schema = '" . $db_root->escape($row['databasename']) . "' GROUP BY table_schema ;");
+				$mbdata_stmt = Database::prepare("SELECT SUM( data_length + index_length) / 1024 / 1024 'MB' FROM information_schema.TABLES
 					WHERE table_schema = :table_schema
 					GROUP BY table_schema"
 				);
 				Database::pexecute($mbdata_stmt, array("table_schema" => $row['databasename']));
 				$mbdata = $mbdata_stmt->fetch(PDO::FETCH_ASSOC);
 				$row['size'] = number_format($mbdata['MB'], 3, '.', '');
 				eval("\$mysqls.=\"" . getTemplate('mysql/mysqls_database') . "\";");
 				$count++;
 			}
 			$i++;
 		}
-		$db_root->close();
+		Database::needRoot(false);
 		// End root-session
 		$mysqls_count = $db->num_rows($result);
 		eval("echo \"" . getTemplate('mysql/mysqls') . "\";");
 	} elseif($action == 'delete' && $id != 0) {
-		$result = $db->query_first('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"');
+		$result_stmt = Database::prepare('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '`
-
+			WHERE `customerid`="' . (int)$userinfo['customerid'] . '"
-		if (isset($result['databasename'])
+			AND `id`="' . (int)$id . '"'
-		   && $result['databasename'] != ''
+		);
-		) {
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 		if (isset($result['databasename']) && $result['databasename'] != '') {
 			if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) {
 				$result['dbserver'] = 0;
 			}
-			if (isset($_POST['send'])
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 			   && $_POST['send'] == 'send'
 			) {
 				// Begin root-session
-				$db_root = new db($sql_root[$result['dbserver']]['host'], $sql_root[$result['dbserver']]['user'], $sql_root[$result['dbserver']]['password'], '');
+				Database::needRoot(true);
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted database '" . $result['databasename'] . "'");
-				if (mysql_get_server_info() < '5.0.2') { 
+				if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') { 
 					// Revoke privileges (only required for MySQL 4.1.2 - 5.0.1)
-					$db_root->query('REVOKE ALL PRIVILEGES, GRANT OPTION FROM \'' . $db_root->escape($result['databasename']) .'\'',false,true);
+					$stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM :databasename");
 					Database::pexecute($stmt, array("databasename" => $result['databasename']));
 				}
-				$host_res = $db_root->query("SELECT `Host` FROM `mysql`.`user` WHERE `User`='" . $db_root->escape($result['databasename']) . "'");
+				$host_res_stmt = Database::prepare("SELECT `Host` FROM `mysql`.`user`
-				while ($host = $db_root->fetch_array($host_res)) {
+					WHERE `User`= :databasename"
 				);
 				Database::pexecute($host_res_stmt, array("databasename" => $result['databasename']));
 				while ($host = $host_res_stmt->fetch(PDO::FETCH_ASSOC)) {
 					// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)
-					$db_root->query('DROP USER \'' . $db_root->escape($result['databasename']). '\'@\'' . $db_root->escape($host['Host']) . '\'', false, true);
+					$stmt = Database::prepare("DROP USER :databasename@:host");
 					Database::pexecute($stmt, array("databasename" => $result['databasename'], "host" => $host['Host']));
 				}
-
+				
-				$db_root->query('DROP DATABASE IF EXISTS `' . $db_root->escape($result['databasename']) . '`');
+				$stmt = Database::prepare("DROP DATABASE IF EXISTS `" . $result['databasename'] . "`");
-				$db_root->query('FLUSH PRIVILEGES');
+				Database::pexecute($stmt);
-				$db_root->close();
+				$stmt = Database::prepare("FLUSH PRIVILEGES");
 				Database::pexecute($stmt);
 				Database::needRoot(false);
 				// End root-session
-				$db->query('DELETE FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"');
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "`
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
 				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
-				$resetaccnumber = ($userinfo['mysqls_used'] == '1') ? " , `mysql_lastaccountnumber`='0' " : '';
+				$resetaccnumber = ($userinfo['mysqls_used'] == '1') ? " , `mysql_lastaccountnumber` = '0' " : '';
-
+				
-				$result = $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`-1 ' . $resetaccnumber . 'WHERE `customerid`="' . (int)$userinfo['customerid'] . '"');
+				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
 					SET `mysqls_used` = `mysqls_used` - 1 " . $resetaccnumber . "
 					WHERE `customerid` = :customerid"
 				);
 				Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			} else {
 				$dbnamedesc = $result['databasename'];
@@ -118,12 +145,8 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'add') {
-		if ($userinfo['mysqls_used'] < $userinfo['mysqls']
+		if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') {
-		   || $userinfo['mysqls'] == '-1'
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		) {
 			if (isset($_POST['send'])
 			   && $_POST['send'] == 'send'
 			) {
 				$password = validate($_POST['mysql_password'], 'password');
 				$password = validatePassword($password);
@@ -147,11 +170,11 @@ if ($page == 'overview') {
 					$databasedescription = validate(trim($_POST['description']), 'description');
 					// Begin root-session
-					$db_root = new db($sql_root[$dbserver]['host'], $sql_root[$dbserver]['user'], $sql_root[$dbserver]['password'], '');
+					Database::needRoot(true);
 					if (strtoupper($settings['customer']['mysqlprefix']) == 'RANDOM') {
-						$result = $db_root->query('SELECT `User` FROM mysql.user');
+						$result_stmt = Database::prepare('SELECT `User` FROM mysql.user');
-						while ($row = $db_root->fetch_array($result)) {
+						Database::pexecute($result_stmt);
 						while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 							$allsqlusers[] = $row[User];
 						}
 						$username = $userinfo['loginname'] . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
@@ -161,22 +184,44 @@ if ($page == 'overview') {
 					} else {
 						$username = $userinfo['loginname'] . $settings['customer']['mysqlprefix'] . (intval($userinfo['mysql_lastaccountnumber']) + 1);
 					}
-
+					
-					$db_root->query('CREATE DATABASE `' . $db_root->escape($username) . '`');
+					$stmt = Database::prepare("CREATE DATABASE `" . $username . "`");
 					Database::pexecute($stmt);
 					$log->logAction(USR_ACTION, LOG_INFO, "created database '" . $username . "'");
 					foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) {
-						$db_root->query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($username)) . '`.* TO `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` IDENTIFIED BY \'password\'');
+						$stmt = Database::prepare("GRANT ALL PRIVILEGES ON `" . $username . "`.*
-						$db_root->query('SET PASSWORD FOR `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` = PASSWORD(\'' . $db_root->escape($password) . '\')');
+							TO :username@:host
 							IDENTIFIED BY 'password'"
 						);
 						Database::pexecute($stmt, array("username" => $username, "host" => $mysql_access_host));
 						$stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
 						Database::pexecute($stmt, array("username" => $username, "host" => $mysql_access_host, "password" => $password));
 						$log->logAction(USR_ACTION, LOG_NOTICE, "grant all privileges for '" . $username . "'@'" . $mysql_access_host . "'");
 					}
-					$db_root->query('FLUSH PRIVILEGES');
+					$stmt = Database::prepare("FLUSH PRIVILEGES");
-					$db_root->close();
+					Database::pexecute($stmt);
 					Database::needRoot(false);
 					// End root-session
 					// Statement modified for Database description -- PH 2004-11-29
-					$result = $db->query('INSERT INTO `' . TABLE_PANEL_DATABASES . '` (`customerid`, `databasename`, `description`, `dbserver`) VALUES ("' . (int)$userinfo['customerid'] . '", "' . $db->escape($username) . '", "' . $db->escape($databasedescription) . '", "' . $db->escape($dbserver) . '")');
+					$stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_DATABASES . '`
-					$result = $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`+1, `mysql_lastaccountnumber`=`mysql_lastaccountnumber`+1 WHERE `customerid`="' . (int)$userinfo['customerid'] . '"');
+						(`customerid`, `databasename`, `description`, `dbserver`)
 						VALUES (:customerid, :databasename, :description, :dbserver)'
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
 						"username" => $username,
 						"description" => $databasedescription,
 						"dbserver" => $dbserver
 					);
 					Database::pexecute($stmt, $params);
 					$stmt = Database::prepare('UPDATE `' . TABLE_PANEL_CUSTOMERS . '`
 						SET `mysqls_used` = `mysqls_used` + 1, `mysql_lastaccountnumber` = `mysql_lastaccountnumber` + 1
 						WHERE `customerid` = :customerid'
 					);
 					Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
 					if ($sendinfomail == 1) {
 						$pma = $lng['admin']['notgiven'];
@@ -195,9 +240,24 @@ if ($page == 'overview') {
 						);
 						$def_language = $userinfo['def_language'];
-						$result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'new_database_by_customer_subject\'');
+						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
 							WHERE `adminid` = :adminid
 							AND `language` = :lang
 							AND `templategroup`='mails'
 							AND `varname`='new_database_by_customer_subject'"
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_subject']), $replace_arr));
-						$result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'new_database_by_customer_mailbody\'');
+						
 						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
 							WHERE `adminid`= :adminid
 							AND `language`= :lang
 							AND `templategroup` = 'mails'
 							AND `varname` = 'new_database_by_customer_mailbody'"
 						);
 						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
 						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_body']['main']), $replace_arr));
 						$_mailerror = false;
@@ -244,18 +304,19 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result = $db->query_first('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . $userinfo['customerid'] . '" AND `id`="' . $id . '"');
+		$result_stmt = Database::prepare("SELECT `id`, `databasename`, `description`, `dbserver` FROM `" . TABLE_PANEL_DATABASES . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
-		if (isset($result['databasename'])
+		if (isset($result['databasename']) && $result['databasename'] != '') {
 		   && $result['databasename'] != ''
 		) {
 			if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) {
 				$result['dbserver'] = 0;
 			}
-			if (isset($_POST['send'])
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 			   && $_POST['send'] == 'send'
 			) {
 				// Only change Password if it is set, do nothing if it is empty! -- PH 2004-11-29
 				$password = validate($_POST['mysql_password'], 'password');
 				if ($password != '') {
@@ -263,20 +324,32 @@ if ($page == 'overview') {
 					$password = validatePassword($password);
 					// Begin root-session
-					$db_root = new db($sql_root[$result['dbserver']]['host'], $sql_root[$result['dbserver']]['user'], $sql_root[$result['dbserver']]['password'], '');
+					Database::needRoot(true);
 					foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) {
-						$db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '` = PASSWORD(\'' . $db_root->escape($password) . '\')');
+						$stmt = Database::prepare("SET PASSWORD FOR :dbname@:host = PASSWORD(:password)");
 						$params = array(
 							"dbname" => $result['databasename'],
 							"host" => $mysql_access_host,
 							"password" => $password
 						);
 						Database::pexecute($stmt, $params);
 					}
-					$db_root->query('FLUSH PRIVILEGES');
+					$stmt = Database::prepare("FLUSH PRIVILEGES");
-					$db_root->close();
+					Database::pexecute($stmt);
 					Database::needRoot(false);
 					// End root-session
 				}
 				// Update the Database description -- PH 2004-11-29
 				$log->logAction(USR_ACTION, LOG_INFO, "edited database '" . $result['databasename'] . "'");
 				$databasedescription = validate($_POST['description'], 'description');
-				$result = $db->query('UPDATE `' . TABLE_PANEL_DATABASES . '` SET `description`="' . $db->escape($databasedescription) . '" WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"');
+				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DATABASES . "`
 					SET `description` = :desc
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
 				Database::pexecute($stmt, array("desc" => $databasedescription, "customerid" => $userinfo['customerid'], "id" => $id));
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			} else {
 				$mysql_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/mysql/formfield.mysql_edit.php';
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -25,35 +25,28 @@ define('AREA', 'customer');
 require ("./lib/init.php");
-if(isset($_POST['id']))
+if(isset($_POST['id'])) {
 {
 	$id = intval($_POST['id']);
 	/*
 	 * Check if the current user is allowed to see the current ticket.
 	 */
-	$sql = "SELECT `id` FROM `panel_tickets` WHERE `id` = '".$id."' AND `customerid` = '".$userinfo['customerid']."'";
+	$stmt = Database::prepare("SELECT `id` FROM `panel_tickets` WHERE `id` = :id AND `customerid` = :customerid");
-	
+	Database::pexecute($stmt, array("id" => $id, "customerid" => $userinfo['customerid']));
-	$result = $db->query_first($sql);
+	$result = $stmt->fetch(PDO::FETCH_ASSOC);
 	if ($result == null) {
 		// no rights to see the requested ticket
 		standard_error(array('ticketnotaccessible'));
 	}
-}
+} elseif(isset($_GET['id'])) {
 elseif(isset($_GET['id']))
 {
 	$id = intval($_GET['id']);
 }
-if($page == 'overview')
+if($page == 'overview') {
 {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets");
 	eval("echo \"" . getTemplate("tickets/ticket") . "\";");
-}
+} elseif($page == 'tickets') {
-elseif($page == 'tickets')
+	if($action == '') {
 {
 	if($action == '')
 	{
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets::tickets");
 		$fields = array(
 			'status' => $lng['ticket']['status'],
@@ -66,8 +59,16 @@ elseif($page == 'tickets')
 		$paging = new paging($userinfo, $db, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
 		$paging->sortfield = 'lastchange';
 		$paging->sortorder = 'desc';
-		$result = $db->query('SELECT `main`.`id`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority` FROM `' . TABLE_PANEL_TICKETS . '` as `main` WHERE `main`.`answerto` = "0" AND `archived` = "0" AND `customerid`="' . (int)$userinfo['customerid'] . '" ' . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		$stmt = Database::prepare('SELECT `main`.`id`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub`
-		$paging->setEntries($db->num_rows($result));
+			WHERE `sub`.`answerto` = `main`.`id`) AS `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority`
 			FROM `' . TABLE_PANEL_TICKETS . '` as `main`
 			WHERE `main`.`answerto` = "0"
 			AND `archived` = "0"
 			AND `customerid`= :customerid ' . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
 		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -77,41 +78,31 @@ elseif($page == 'tickets')
 		$tickets = '';
 		$tickets_count = 0;
-		while($row = $db->fetch_array($result))
+		while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
-		{
+			if($paging->checkDisplay($i)) {
 			if($paging->checkDisplay($i))
 			{
 				$tickets_count++;
 				$row = htmlentities_array($row);
 				$row['lastchange'] = date("d.m.y H:i", $row['lastchange']);
-				if($row['status'] >= 0
+				if($row['status'] >= 0 && $row['status'] <= 2) {
 				   && $row['status'] <= 2)
 				{
 					$reopen = 0;
-				}
+				} else {
 				else
 				{
 					$reopen = 1;
 				}
 				$row['status'] = ticket::getStatusText($lng, $row['status']);
 				$row['priority'] = ticket::getPriorityText($lng, $row['priority']);
-				if($row['lastreplier'] == '1')
+				if($row['lastreplier'] == '1') {
 				{
 					$row['lastreplier'] = $lng['ticket']['staff'];
 					$cananswer = 1;
-				}
+				} else {
 				else
 				{
 					$row['lastreplier'] = $lng['ticket']['customer'];
 					$cananswer = 0;
 				}
 				$row['subject'] = html_entity_decode($row['subject']);
-				if(strlen($row['subject']) > 20)
+				if(strlen($row['subject']) > 20) {
 				{
 					$row['subject'] = substr($row['subject'], 0, 17) . '...';
 				}
@@ -128,56 +119,42 @@ elseif($page == 'tickets')
 		$start = substr($settings['ticket']['worktime_begin'], 0, 2) . substr($settings['ticket']['worktime_begin'], 3, 2);
 		$end = substr($settings['ticket']['worktime_end'], 0, 2) . substr($settings['ticket']['worktime_end'], 3, 2);
-		if($time >= $start
+		if($time >= $start && $time <= $end) {
 		   && $time <= $end)
 		{
 			$supportavailable = 1;
 		}
-		if($settings['ticket']['worktime_sat'] == "0"
+		if($settings['ticket']['worktime_sat'] == "0" && $day == "6") {
 		   && $day == "6")
 		{
 			$supportavailable = 0;
 		}
-		if($settings['ticket']['worktime_sun'] == "0"
+		if($settings['ticket']['worktime_sun'] == "0" && $day == "0") {
 		   && $day == "0")
 		{
 			$supportavailable = 0;
 		}
-		if($settings['ticket']['worktime_all'] == "1")
+		if($settings['ticket']['worktime_all'] == "1") {
 		{
 			$supportavailable = 1;
 		}
 		$ticketsopen = 0;
-		$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
+		$stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-                                         WHERE `customerid` = "' . $userinfo['customerid'] . '"
+			WHERE `customerid` = :customerid
-                                         AND `answerto` = "0"
+			AND `answerto` = "0"
-                                         AND (`status` = "0" OR `status` = "1" OR `status` = "2")');
+			AND (`status` = "0" OR `status` = "1" OR `status` = "2")'
 		);
 		Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
 		$opentickets = $stmt->fetch(PDO::FETCH_ASSOC);
-		if($settings['ticket']['concurrently_open'] != - 1
+		if($settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') {
 		   && $settings['ticket']['concurrently_open'] != '')
 		{
 			$notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open']));
-		}
+		} else {
 		else
 		{
 			$notmorethanxopentickets = '';
 		}
 		$ticketsopen = (int)$opentickets['count'];
 		eval("echo \"" . getTemplate("tickets/tickets") . "\";");
-	}
+	} elseif($action == 'new') {
-	elseif($action == 'new')
+		if($userinfo['tickets_used'] < $userinfo['tickets'] || $userinfo['tickets'] == '-1') {
-	{
+			if(isset($_POST['send']) && $_POST['send'] == 'send') {
 		if($userinfo['tickets_used'] < $userinfo['tickets']
 		   || $userinfo['tickets'] == '-1')
 		{
 			if(isset($_POST['send'])
 			   && $_POST['send'] == 'send')
 			{
 				$newticket = ticket::getInstanceOf($userinfo, $db, $settings, -1);
 				$newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
 				$newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
@@ -186,16 +163,11 @@ elseif($page == 'tickets')
 				$newticket->Set('admin', (int)$userinfo['adminid'], true, false);
 				$newticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
-				if($newticket->Get('subject') == null)
+				if($newticket->Get('subject') == null) {
 				{
 					standard_error(array('stringisempty', 'mysubject'));
-				}
+				} elseif($newticket->Get('message') == null) {
 				elseif($newticket->Get('message') == null)
 				{
 					standard_error(array('stringisempty', 'mymessage'));
-				}
+				} else {
 				else
 				{
 					$now = time();
 					$newticket->Set('dt', $now, true, true);
 					$newticket->Set('lastchange', $now, true, true);
@@ -205,8 +177,12 @@ elseif($page == 'tickets')
 					$newticket->Set('by', '0', true, true);
 					$newticket->Insert();
 					$log->logAction(USR_ACTION, LOG_NOTICE, "opened support-ticket '" . $newticket->Get('subject') . "'");
-					$db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '`
+					
-                          SET `tickets_used`=`tickets_used`+1 WHERE `customerid`="' . (int)$userinfo['customerid'] . '"');
+					$stmt = Database::prepare('UPDATE `' . TABLE_PANEL_CUSTOMERS . '`
 						SET `tickets_used`=`tickets_used` + 1
 						WHERE `customerid`= :customerid'
 					);
 					Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
 					// Customer mail
@@ -217,24 +193,26 @@ elseif($page == 'tickets')
 					$newticket->sendMail(-1, 'new_ticket_by_customer_subject', $lng['mails']['new_ticket_by_customer']['subject'], 'new_ticket_by_customer_mailbody', $lng['mails']['new_ticket_by_customer']['mailbody']);
 					redirectTo($filename, Array('page' => $page, 's' => $s));
 				}
-			}
+			} else {
 			else
 			{
 				$categories = '';
-				$result = $db->query_first('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC');
+				$result_stmt = Database::prepare('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
 					WHERE `adminid` = :adminid
 					ORDER BY `logicalorder`, `name` ASC'
 				);
 				Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid']));
 				$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 				if(isset($result['name']) && $result['name'] != '') {
 					$result2_stmt = Database::prepare('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
 						WHERE `adminid` = :adminid
 						ORDER BY `logicalorder`, `name` ASC'
 					);
 					Database::pexecute($result2_stmt, array("adminid" => $userinfo['adminid']));
-				if(isset($result['name'])
+					while($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) {
 				   && $result['name'] != '')
 				{
 					$result2 = $db->query('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC');
 					while($row = $db->fetch_array($result2))
 					{
 						$categories.= makeoption($row['name'], $row['id']);
 					}
-				}
+				} else {
 				else
 				{
 					$categories = makeoption($lng['ticket']['no_cat'], '0');
 				}
@@ -242,18 +220,17 @@ elseif($page == 'tickets')
 				$priorities.= makeoption($lng['ticket']['normal'], '2', $settings['ticket']['default_priority']);
 				$priorities.= makeoption($lng['ticket']['low'], '3', $settings['ticket']['default_priority']);
 				$ticketsopen = 0;
-				$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
+				$opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-                                           WHERE `customerid` = "' . $userinfo['customerid'] . '"
+					WHERE `customerid` = :customerid
-                                           AND `answerto` = "0"
+					AND `answerto` = "0"
-                                           AND (`status` = "0" OR `status` = "1" OR `status` = "2")');
+					AND (`status` = "0" OR `status` = "1" OR `status` = "2")'
 				);
 				Database::pexecute($opentickets_stmt, array("customerid" => $userinfo['customerid']));					   
 				$opentickets = $opentickets_stmt->fetch(PDO::FETCH_ASSOC);
-				if($settings['ticket']['concurrently_open'] != - 1
+				if($settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') {
 				   && $settings['ticket']['concurrently_open'] != '')
 				{
 					$notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open']));
-				}
+				} else {
 				else
 				{
 					$notmorethanxopentickets = '';
 				}
@@ -267,29 +244,19 @@ elseif($page == 'tickets')
 				eval("echo \"" . getTemplate("tickets/tickets_new") . "\";");
 			}
-		}
+		} else {
 		else
 		{
 			standard_error('nomoreticketsavailable');
 		}
-	}
+	} elseif($action == 'answer' && $id != 0) {
-	elseif($action == 'answer'
+		if(isset($_POST['send']) && $_POST['send'] == 'send') {
 	       && $id != 0)
 	{
 		if(isset($_POST['send'])
 		   && $_POST['send'] == 'send')
 		{
 			$replyticket = ticket::getInstanceOf($userinfo, $db, $settings, -1);
 			$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
 			$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
 			$replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);
-			if($replyticket->Get('message') == null)
+			if($replyticket->Get('message') == null) {
 			{
 				standard_error(array('stringisempty', 'mymessage'));
-			}
+			} else {
 			else
 			{
 				$now = time();
 				$replyticket->Set('customerid', (int)$userinfo['customerid'], true, true);
 				$replyticket->Set('lastchange', $now, true, true);
@@ -303,8 +270,7 @@ elseif($page == 'tickets')
 				$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
-				if($replyticket->Get('priority') != $mainticket->Get('priority'))
+				if($replyticket->Get('priority') != $mainticket->Get('priority')) {
 				{
 					$mainticket->Set('priority', $replyticket->Get('priority'), true);
 				}
@@ -316,35 +282,28 @@ elseif($page == 'tickets')
 				$mainticket->sendMail(-1, 'new_reply_ticket_by_customer_subject', $lng['mails']['new_reply_ticket_by_customer']['subject'], 'new_reply_ticket_by_customer_mailbody', $lng['mails']['new_reply_ticket_by_customer']['mailbody']);
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			}
-		}
+		} else {
 		else
 		{
 			$ticket_replies = '';
 			$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
 			$dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
 			$status = ticket::getStatusText($lng, $mainticket->Get('status'));
-			if($mainticket->Get('status') >= 0
+			if($mainticket->Get('status') >= 0 && $mainticket->Get('status') <= 2) {
 			   && $mainticket->Get('status') <= 2)
 			{
 				$isclosed = 0;
-			}
+			} else {
 			else
 			{
 				$isclosed = 1;
 			}
-			if($mainticket->Get('by') == '1')
+			if($mainticket->Get('by') == '1') {
 			{
 				$by = $lng['ticket']['staff'];
-			}
+			} else {
 			else
 			{
 				$cid = $mainticket->Get('customer');
-				$usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+				$usr_stmt = Database::prepare('SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
-						FROM `' . TABLE_PANEL_CUSTOMERS . '`
+					FROM `' . TABLE_PANEL_CUSTOMERS . '`
-						WHERE `customerid` = "' . (int)$cid . '"'
+					WHERE `customerid` = :customerid '
 				);
 				Database::pexecute($usr_stmt, array("customerid" => $cid));
 				$usr = $usr_stmt->fetch(PDO::FETCH_ASSOC);
 				$by = getCorrectFullUserDetails($usr);
 				//$by = $lng['ticket']['customer'];
 			}
@@ -352,22 +311,25 @@ elseif($page == 'tickets')
 			$subject = $mainticket->Get('subject');
 			$message = $mainticket->Get('message');
 			eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_main") . "\";");
-			$result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
+			$result_stmt = Database::prepare('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
-                                WHERE `id`="' . (int)$mainticket->Get('category') . '"');
+				WHERE `id`= :id '
-			$row = $db->fetch_array($result);
+			);
-			$andere = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto`="' . (int)$id . '" ORDER BY `lastchange` ASC');
+			Database::pexecute($result_stmt, array("id" => $mainticket->Get('category')));
-
+			$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
-			while($row2 = $db->fetch_array($andere))
+			
-			{
+			$andere_stmt = Database::prepare('SELECT * FROM `' . TABLE_PANEL_TICKETS . '`
 				WHERE `answerto`= :answerto
 				ORDER BY `lastchange` ASC'
 			);
 			Database::pexecute($andere_stmt, array("answerto" => $id));
 			while($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$row2['id']);
 				$lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange'));
-				if($subticket->Get('by') == '1')
+				if($subticket->Get('by') == '1') {
 				{
 					$by = $lng['ticket']['staff'];
-				}
+				} else {
 				else
 				{
 					$by = getCorrectFullUserDetails($usr);
 					//$by = $lng['ticket']['customer'];
 				}
@@ -393,13 +355,8 @@ elseif($page == 'tickets')
 			eval("echo \"" . getTemplate("tickets/tickets_reply") . "\";");
 		}
-	}
+	} elseif($action == 'close' && $id != 0) {
-	elseif($action == 'close'
+		if(isset($_POST['send']) && $_POST['send'] == 'send') {
 	       && $id != 0)
 	{
 		if(isset($_POST['send'])
 		   && $_POST['send'] == 'send')
 		{
 			$now = time();
 			$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
 			$mainticket->Set('lastchange', $now, true, true);
@@ -408,27 +365,22 @@ elseif($page == 'tickets')
 			$mainticket->Update();
 			$log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'");
 			redirectTo($filename, Array('page' => $page, 's' => $s));
-		}
+		} else {
 		else
 		{
 			$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
 			ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
 		}
-	}
+	} elseif($action == 'reopen' && $id != 0) {
 	elseif($action == 'reopen'
 	       && $id != 0)
 	{
 		$ticketsopen = 0;
-		$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
+		$opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-                                       WHERE `customerid` = "' . $userinfo['customerid'] . '"
+			WHERE `customerid` = :customerid
-                                       AND `answerto` = "0"
+			AND `answerto` = "0"
-                                       AND (`status` = "0" OR `status` = "1" OR `status` = "2")');
+			AND (`status` = "0" OR `status` = "1" OR `status` = "2")'
 		);
 		Database::pexecute($opentickets_stmt, array("customerid" => $userinfo['customerid']));
 		$opentickets = $opentickets_stmt->fetch(PDO::FETCH_ASSOC);
 		$ticketsopen = (int)$opentickets['count'];
-		if($ticketsopen > $settings['ticket']['concurrently_open']
+		if($ticketsopen > $settings['ticket']['concurrently_open'] && $settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') {
 		   && $settings['ticket']['concurrently_open'] != - 1
 		   && $settings['ticket']['concurrently_open'] != '')
 		{
 			standard_error('notmorethanxopentickets', $settings['ticket']['concurrently_open']);
 		}
--- a/customer_traffic.php
+++ b/customer_traffic.php
@@ -28,23 +28,15 @@ $traffic = '';
 $month = null;
 $year = null;
-if (isset($_POST['month'])
+if (isset($_POST['month']) && isset($_POST['year'])) {
 	&& isset($_POST['year'])
 ) {
 	$month = intval($_POST['month']);
 	$year = intval($_POST['year']);
-} elseif (isset($_GET['month'])
+} elseif (isset($_GET['month']) && isset($_GET['year'])) {
 	&& isset($_GET['year'])
 ) {
 	$month = intval($_GET['month']);
 	$year = intval($_GET['year']);
 }
 //BAM! $_GET???
-
+elseif (isset($_GET['page']) && $_GET['page'] == 'current') {
 elseif (isset($_GET['page'])
 	&& $_GET['page'] == 'current'
 ) {
 	if (date('d') != '01') {
 		$month = date('m');
 		$year = date('Y');
@@ -59,22 +51,28 @@ elseif (isset($_GET['page'])
 	}
 }
-if (!is_null($month)
+if (!is_null($month) && !is_null($year)) {
 	&& !is_null($year)) {
 	$traf['byte'] = 0;
-	$result = $db->query("SELECT
+	$result_stmt = Database::prepare("SELECT SUM(`http`) as 'http', SUM(`ftp_up`) AS 'ftp_up', SUM(`ftp_down`) as 'ftp_down', SUM(`mail`) as 'mail', `day`, `month`, `year`
-                                SUM(`http`) as 'http', SUM(`ftp_up`) AS 'ftp_up', SUM(`ftp_down`) as 'ftp_down', SUM(`mail`) as 'mail',
+		FROM `" . TABLE_PANEL_TRAFFIC . "`
-                                `day`, `month`, `year`
+		WHERE `customerid`= :customerid
-                             FROM `" . TABLE_PANEL_TRAFFIC . "`
+		AND `month` = :month
-	                     WHERE `customerid`='" . $userinfo['customerid'] . "'
+		AND `year` = :year
-	                     AND `month` = '" . $month . "' AND `year` = '" . $year . "'
+		GROUP BY `day`
-	                     GROUP BY `day` ORDER BY `day` ASC");
+		ORDER BY `day` ASC"
 	);
 	$params = array(
 		"customerid" => $userinfo['customerid'],
 		"month" => $month,
 		"year" => $year
 	);
 	Database::pexecute($result_stmt, $params);
 	$traffic_complete['http'] = 0;
 	$traffic_complete['ftp'] = 0;
 	$traffic_complete['mail'] = 0;
 	$show = '';
-	while ($row = $db->fetch_array($result)) {
+	while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 		$http = $row['http'];
 		$ftp = $row['ftp_up'] + $row['ftp_down'];
 		$mail = $row['mail'];
@@ -118,14 +116,19 @@ if (!is_null($month)
 	eval("echo \"" . getTemplate('traffic/traffic_details') . "\";");
 } else {
-	$result = $db->query("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
+	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
-	                     FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = '" . $userinfo['customerid'] . "'
+		FROM `" . TABLE_PANEL_TRAFFIC . "`
-	                     GROUP BY CONCAT(`year`,`month`) ORDER BY CONCAT(`year`,`month`) DESC LIMIT 12");
+		WHERE `customerid` = :customerid
 		GROUP BY CONCAT(`year`,`month`)
 		ORDER BY CONCAT(`year`,`month`) DESC
 		LIMIT 12"
 	);
 	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
 	$traffic_complete['http'] = 0;
 	$traffic_complete['ftp'] = 0;
 	$traffic_complete['mail'] = 0;
-	while ($row = $db->fetch_array($result)) {
+	while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 		$http = $row['http'];
 		$ftp_up = $row['ftp_up'];
 		$ftp_down = $row['ftp_down'];