set version to 0.9.31.2 for bugfix release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
bugfix squeeze dovecot.conf and correct wheezy dovecot-15-lda.conf, fixes #1334
2013-12-27 16:20:11 +01:00 · 2013-12-27 16:18:51 +01:00 · 2013-12-26 13:34:03 +01:00 · 2013-12-24 14:43:47 +01:00 · 2013-12-24 14:36:11 +01:00 · 2013-12-24 14:34:27 +01:00
428 changed files with 15431 additions and 18017 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ packages/*
 lib/classes/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/*/
 temp/*
 templates/*
+logs/*
 install/update.log
 .buildpath
 .project
--- a/README.md
+++ b/README.md
@@ -0,0 +1,60 @@
+# Froxlor
+
+The server administration software for your needs.
+Developed by experienced server administrators, this panel simplifies the effort of managing your hosting platform.
+
+## Installation
+
+### Fast install
+1. Ensure that your webserver serves /var/www
+2. Extract froxlor into /var/www
+3. Point your browser to http://[ip-of-webserver]/froxlor
+4. Follow the installer
+5. Login as administrator
+6. Adjust "Server > Settings" according to your needs
+7. Choose your distribution under "Server > Configuration"
+8. Follow the steps for your services
+9. Have fun!
+
+### Detailed installation
+http://redmine.froxlor.org/projects/froxlor/wiki/Installationtarball
+
+## Help
+
+You may find help in the following places:
+
+### IRC
+
+froxlor may be found on freenode.net, channel #froxlor:
+irc://chat.freenode.net/froxlor
+
+### Forum
+
+The community is located on http://forum.froxlor.org
+
+### Wiki
+
+More documentation may be found in the froxlor - wiki:
+http://redmine.froxlor.org/projects/froxlor/wiki
+
+## License
+
+May be found in COPYING
+
+## Downloads
+
+### Tarball
+http://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](http://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](http://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)
+
+### Debian repository
+
+[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationdebian)
+
+/etc/apt/sources.list.d/froxlor.list
+> deb http://debian.froxlor.org [squeeze|wheezy] main
+
+### Gentoo repository
+
+[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationgentoo)
+
+http://files.froxlor.org/gentoo/repositories.xml
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -194,6 +194,14 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'admin_show_news_feed' => array(
+					'label' => $lng['admin']['show_news_feed'],
+					'settinggroup' => 'admin',
+					'varname' => 'show_news_feed',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
 				'panel_allow_domain_change_admin' => array(
 					'label' => $lng['serversettings']['panel_allow_domain_change_admin'],
 					'settinggroup' => 'panel',
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -31,6 +31,7 @@ return array(
 					'option_mode' => 'one',
 					'option_options' => array('apache2' => 'Apache 2', 'lighttpd' => 'ligHTTPd', 'nginx' => 'Nginx'),
 					'save_method' => 'storeSettingField',
+					'plausibility_check_method' => 'checkPhpInterfaceSetting',
 					'overview_option' => true
 					),
 				'system_apache_24' => array(
@@ -81,7 +82,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'apacheconf_htpasswddir',
 					'type' => 'string',
-					'string_type' => 'dir',
+					'string_type' => 'confdir',
 					'default' => '/etc/apache2/htpasswd/',
 					'save_method' => 'storeSettingField',
 					),
@@ -99,8 +100,8 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'customer_ssl_path',
 					'type' => 'string',
-					'string_type' => 'dir',
-					'default' => '/etc/apache2/ssl/',
+					'string_type' => 'confdir',
+					'default' => '/etc/ssl/froxlor-custom/',
 					'save_method' => 'storeSettingField',
 					),
 				'system_phpappendopenbasedir' => array(
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -31,6 +31,15 @@ return array(
 									'save_method' => 'storeSettingField',
 									'overview_option' => true
 							),
+							'system_ssl_cipher_list' => array(
+									'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
+									'settinggroup' => 'system',
+									'varname' => 'ssl_cipher_list',
+									'type' => 'string',
+									'string_emptyallowed' => false,
+									'default' => 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
+									'save_method' => 'storeSettingField',
+							),
 							'system_ssl_cert_file' => array(
 									'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
 									'settinggroup' => 'system',
@@ -51,20 +60,20 @@ return array(
 									'default' => '/etc/apache2/apache2.key',
 									'save_method' => 'storeSettingField',
 							),
-							'system_ssl_ca_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
+							'system_ssl_cert_chainfile' => array(
+									'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
 									'settinggroup' => 'system',
-									'varname' => 'ssl_ca_file',
+									'varname' => 'ssl_cert_chainfile',
 									'type' => 'string',
 									'string_type' => 'file',
 									'string_emptyallowed' => true,
 									'default' => '',
 									'save_method' => 'storeSettingField',
 							),
-							'system_ssl_cert_chainfile' => array(
-									'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
+							'system_ssl_ca_file' => array(
+									'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
 									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_chainfile',
+									'varname' => 'ssl_ca_file',
 									'type' => 'string',
 									'string_type' => 'file',
 									'string_emptyallowed' => true,
--- a/actions/admin/settings/135.fcgid.php
+++ b/actions/admin/settings/135.fcgid.php
@@ -36,7 +36,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'mod_fcgid_configdir',
 					'type' => 'string',
-					'string_type' => 'dir',
+					'string_type' => 'confdir',
 					'default' => '/var/www/php-fcgi-scripts/',
 					'plausibility_check_method' => 'checkPathConflicts',
 					'save_method' => 'storeSettingField',
@@ -129,7 +129,7 @@ return array(
 					'settinggroup' => 'system',
 					'varname' => 'mod_fcgid_defaultini_ownvhost',
 					'type' => 'option',
-					'default' => '1',
+					'default' => '2',
 					'option_mode' => 'one',
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -62,35 +62,35 @@ return array(
 					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_defaultini_ownvhost' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
 					'settinggroup' => 'phpfpm',
 					'varname' => 'vhost_defaultini',
 					'type' => 'option',
-					'default' => '1',
+					'default' => '2',
 					'option_mode' => 'one',
 					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_configdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
 					'settinggroup' => 'phpfpm',
 					'varname' => 'configdir',
 					'type' => 'string',
-					'string_type' => 'dir',
+					'string_type' => 'confdir',
 					'default' => '/etc/php-fpm.d/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_aliasconfigdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['aliasconfigdir'],
 					'settinggroup' => 'phpfpm',
 					'varname' => 'aliasconfigdir',
 					'type' => 'string',
-					'string_type' => 'dir',
+					'string_type' => 'confdir',
 					'default' => '/var/www/php-fpm/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_tmpdir' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['tmpdir'],
@@ -99,7 +99,7 @@ return array(
 					'type' => 'string',
 					'string_type' => 'dir',
 					'default' => '/var/customers/tmp/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_peardir' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['peardir'],
@@ -108,7 +108,16 @@ return array(
 					'type' => 'string',
 					'string_type' => 'dir',
 					'default' => '/usr/share/php/:/usr/share/php5/',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
+					),
+				'system_phpfpm_fastcgi_ipcdir' => array(
+					'label' => $lng['serversettings']['phpfpm_settings']['ipcdir'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'fastcgi_ipcdir',
+					'type' => 'string',
+					'string_type' => 'dir',
+					'default' => '/var/lib/apache2/fastcgi/',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_reload' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['reload'],
@@ -116,7 +125,7 @@ return array(
 					'varname' => 'reload',
 					'type' => 'string',
 					'default' => '/etc/init.d/php-fpm restart',
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_pm' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['pm'],
@@ -126,7 +135,7 @@ return array(
 					'default' => 'static',
 					'option_mode' => 'one',
 					'option_options' => array('static' => 'static', 'dynamic' => 'dynamic', 'ondemand' => 'ondemand'),
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_max_children' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['max_children'],
@@ -134,7 +143,7 @@ return array(
 					'varname' => 'max_children',
 					'type' => 'int',
 					'default' => 1,
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_start_servers' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['start_servers'],
@@ -142,7 +151,7 @@ return array(
 					'varname' => 'start_servers',
 					'type' => 'int',
 					'default' => 20,
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_min_spare_servers' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers'],
@@ -150,7 +159,7 @@ return array(
 					'varname' => 'min_spare_servers',
 					'type' => 'int',
 					'default' => 5,
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_max_spare_servers' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers'],
@@ -158,7 +167,7 @@ return array(
 					'varname' => 'max_spare_servers',
 					'type' => 'int',
 					'default' => 35,
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_max_requests' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['max_requests'],
@@ -166,7 +175,7 @@ return array(
 					'varname' => 'max_requests',
 					'type' => 'int',
 					'default' => 0,
-					'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 					),
 				'system_phpfpm_idle_timeout' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout'],
--- a/actions/admin/settings/210.security.php
+++ b/actions/admin/settings/210.security.php
@@ -47,6 +47,22 @@ return array(
 					'option_mode' => 'one',
 					'option_options' => array(0 => $lng['serversettings']['systemdefault'], 1 => 'MD5', 2 => 'BLOWFISH', 3 => 'SHA-256', 4 => 'SHA-512'),
 					'save_method' => 'storeSettingField',
+					),
+				'system_allow_error_report_admin' => array(
+					'label' => $lng['serversettings']['allow_error_report_admin'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_error_report_admin',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_allow_error_report_customer' => array(
+					'label' => $lng['serversettings']['allow_error_report_customer'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_error_report_customer',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)
--- a/admin_admins.php
+++ b/admin_admins.php
--- a/admin_aps.php
+++ b/admin_aps.php
@@ -20,15 +20,14 @@
 // Required code

 define('AREA', 'admin');
-require ("./lib/init.php");
+require './lib/init.php';
 $Id = 0;

 if(isset($_GET['id']))$Id = (int)$_GET['id'];

 if(isset($_POST['id']))$Id = (int)$_POST['id'];
 eval("echo \"" . getTemplate("aps/header") . "\";");
-$Aps = new ApsParser($userinfo, $settings, $db);
+$Aps = new ApsParser($userinfo, $settings);
 $Aps->MainHandler($action);
 eval("echo \"" . getTemplate("aps/footer") . "\";");

-?>
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -18,14 +18,10 @@
 */

 define('AREA', 'admin');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-
 $need_db_sql_data = true;
-require ("./lib/init.php");
-require ("./lib/configfiles_index.inc.php");
+require './lib/init.php';
+require './lib/configfiles_index.inc.php';
+
 $distribution = '';
 $distributions_select = '';
 $service = '';
@@ -100,7 +96,8 @@ if($userinfo['change_serversettings'] == '1')
 			'<BASE_PATH>' => makeCorrectDir(dirname(__FILE__)),
 			'<BIND_CONFIG_PATH>' => makeCorrectDir($settings['system']['bindconf_directory']),
 			'<WEBSERVER_RELOAD_CMD>' => $settings['system']['apachereload_command'],
-			'<CUSTOMER_LOGS>' => makeCorrectDir($settings['system']['logfiles_directory'])
+			'<CUSTOMER_LOGS>' => makeCorrectDir($settings['system']['logfiles_directory']),
+			'<FPM_IPCDIR>' => makeCorrectDir($settings['phpfpm']['fastcgi_ipcdir'])
 		);
 		$files = '';
 		$configpage = '';
--- a/admin_cronjobs.php
+++ b/admin_cronjobs.php
@@ -16,7 +16,7 @@
 */

 define('AREA', 'admin');
-require_once('./lib/init.php');
+require './lib/init.php';

 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -33,14 +33,12 @@ if ($page == 'cronjobs' || $page == 'overview') {
 			'c.interval' => $lng['cron']['interval'],
 			'c.isactive' => $lng['cron']['isactive']
 		);
-		$paging = new paging($userinfo, $db, TABLE_PANEL_CRONRUNS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+		$paging = new paging($userinfo, TABLE_PANEL_CRONRUNS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);

-		/*
-		 * @TODO Fix sorting
-		 */
 		$crons = '';
-		$result = $db->query("SELECT `c`.* FROM `" . TABLE_PANEL_CRONRUNS . "` `c` ORDER BY `cronfile` ASC");
-		$paging->setEntries($db->num_rows($result));
+		$result_stmt = Database::prepare("SELECT `c`.* FROM `" . TABLE_PANEL_CRONRUNS . "` `c` ORDER BY `module` ASC, `cronfile` ASC");
+		Database::pexecute($result_stmt);
+		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -48,8 +46,15 @@ if ($page == 'cronjobs' || $page == 'overview') {

 		$i = 0;
 		$count = 0;
+		$cmod = '';

-		while ($row = $db->fetch_array($result)) {
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			if ($cmod != $row['module']) {
+				$_mod = explode("/", $row['module']);
+				$module = ucfirst($_mod[1]);
+				eval("\$crons.=\"" . getTemplate('cronjobs/cronjobs_cronjobmodule') . "\";");
+				$cmod = $row['module'];
+			}
 			if ($paging->checkDisplay($i)) {
 				$row = htmlentities_array($row);

@@ -72,7 +77,9 @@ if ($page == 'cronjobs' || $page == 'overview') {
 		 * @TODO later
 		 */
 	} elseif ($action == 'edit' && $id != 0) {
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CRONRUNS . "` WHERE `id`='" . (int)$id . "'");
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_CRONRUNS . "` WHERE `id`= :id");
+		Database::pexecute($result_stmt, array('id' => $id));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 		if ($result['cronfile'] != '') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$isactive = isset($_POST['isactive']) ? 1 : 0;
@@ -85,10 +92,12 @@ if ($page == 'cronjobs' || $page == 'overview') {

 				$interval = $interval_value . ' ' . strtoupper($interval_interval);

-				$db->query("UPDATE `" . TABLE_PANEL_CRONRUNS . "` 
-							SET `isactive` = '".(int)$isactive."',
-							`interval` = '".$interval."'
-							WHERE `id` = '" . (int)$id . "'");
+				$upd = Database::prepare("
+					UPDATE `" . TABLE_PANEL_CRONRUNS . "`
+					SET `isactive` = :isactive, `interval` = :int
+					WHERE `id` = :id"
+				);
+				Database::pexecute($upd, array('isactive' => $isactive, 'int' => $interval, 'id' => $id));

 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			} else {
--- a/admin_customers.php
+++ b/admin_customers.php
--- a/admin_domains.php
+++ b/admin_domains.php
--- a/admin_index.php
+++ b/admin_index.php
@@ -18,43 +18,42 @@
 */

 define('AREA', 'admin');
+require './lib/init.php';

-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
+if ($action == 'logout')  {

-require ("./lib/init.php");
-
-if($action == 'logout')
-{
 	$log->logAction(ADM_ACTION, LOG_NOTICE, "logged out");

-	if($settings['session']['allow_multiple_login'] == '1')
-	{
-		$db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['adminid'] . "' AND `adminsession` = '1' AND `hash` = '" . $s . "'");
-	}
-	else
-	{
-		$db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['adminid'] . "' AND `adminsession` = '1'");
+	$params = array('adminid' => (int)$userinfo['adminid']);
+
+	if ($settings['session']['allow_multiple_login'] == '1') {
+		$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
+			WHERE `userid` = :adminid
+			AND `adminsession` = '1'
+			AND `hash` = :hash"
+		);
+		$params['hash'] = $s;
+	} else {
+		$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
+			WHERE `userid` = :adminid
+			AND `adminsession` = '1'"
+		);
 	}
+	Database::pexecute($stmt, $params);

 	redirectTo('index.php');
 	exit;
 }

-if(isset($_POST['id']))
-{
+if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
-}
-elseif(isset($_GET['id']))
-{
+} elseif(isset($_GET['id'])) {
 	$id = intval($_GET['id']);
 }

-if($page == 'overview')
-{
+if ($page == 'overview') {
 	$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_index");
-	$overview = $db->query_first("SELECT COUNT(*) AS `number_customers`,
+	$overview_stmt = Database::prepare("SELECT COUNT(*) AS `number_customers`,
 				SUM(`diskspace_used`) AS `diskspace_used`,
 				SUM(`mysqls_used`) AS `mysqls_used`,
 				SUM(`emails_used`) AS `emails_used`,
@@ -67,39 +66,38 @@ if($page == 'overview')
 				SUM(`subdomains_used`) AS `subdomains_used`,
 				SUM(`traffic_used`) AS `traffic_used`,
 				SUM(`aps_packages_used`) AS `aps_packages_used`
-				FROM `" . TABLE_PANEL_CUSTOMERS . "`" . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = '" . (int)$userinfo['adminid'] . "' "));
+				FROM `" . TABLE_PANEL_CUSTOMERS . "`" . ($userinfo['customers_see_all'] ? '' : " WHERE `adminid` = :adminid "));
+	$overview = Database::pexecute_first($overview_stmt, array('adminid' => $userinfo['adminid']));
+
 	$overview['traffic_used'] = round($overview['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']);
 	$overview['diskspace_used'] = round($overview['diskspace_used'] / 1024, $settings['panel']['decimal_places']);
-	$number_domains = $db->query_first("SELECT COUNT(*) AS `number_domains` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `parentdomainid`='0'" . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' "));
+
+	$number_domains_stmt = Database::prepare("
+		SELECT COUNT(*) AS `number_domains` FROM `" . TABLE_PANEL_DOMAINS . "`
+		WHERE `parentdomainid`='0'" . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid")
+	);
+	$number_domains = Database::pexecute_first($number_domains_stmt, array('adminid' => $userinfo['adminid']));
+
 	$overview['number_domains'] = $number_domains['number_domains'];
+
 	$phpversion = phpversion();
-	$phpmemorylimit = @ini_get("memory_limit");
-
-	if($phpmemorylimit == "")
-	{
-		$phpmemorylimit = $lng['admin']['memorylimitdisabled'];
-	}
-
-	$mysqlserverversion = mysql_get_server_info();
-	$mysqlclientversion = mysql_get_client_info();
+	$mysqlserverversion = Database::getAttribute(PDO::ATTR_SERVER_VERSION);
 	$webserverinterface = strtoupper(@php_sapi_name());

-	if((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes')
-	|| (isset($lookfornewversion) && $lookfornewversion == 'yes'))
-	{
+	if ((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes')
+		|| (isset($lookfornewversion) && $lookfornewversion == 'yes')
+	) {
 		$update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version;

-		if(ini_get('allow_url_fopen'))
-		{
+		if (ini_get('allow_url_fopen')) {
 			$latestversion = @file($update_check_uri);

-			if (isset($latestversion[0]))
-			{
+			if (isset($latestversion[0])) {
 				$latestversion = explode('|', $latestversion[0]);

-				if(is_array($latestversion)
-				&& count($latestversion) >= 1)
-				{
+				if (is_array($latestversion)
+					&& count($latestversion) >= 1
+				) {
 					$_version = $latestversion[0];
 					$_message = isset($latestversion[1]) ? $latestversion[1] : '';
 					$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
@@ -110,29 +108,26 @@ if($page == 'overview')
 					$lookfornewversion_link = $_link;
 					$lookfornewversion_addinfo = $_message;

-					if (version_compare2($version, $_version) == -1) {
+					// not numeric -> error-message
+					if (!is_numeric($_version)) {
+						// check for customized version to not output
+						// "There is a newer version of froxlor" besides the error-message
+						$isnewerversion = 2;
+					} elseif (version_compare2($version, $_version) == -1) {
 						$isnewerversion = 1;
 					} else {
 						$isnewerversion = 0;
 					}
-				}
-				else
-				{
+				} else {
 					redirectTo($update_check_uri.'/pretty', NULL);
 				}
-			}
-			else
-			{
+			} else {
 				redirectTo($update_check_uri.'/pretty', NULL);
 			}
-		}
-		else
-		{
+		} else {
 			redirectTo($update_check_uri.'/pretty', NULL);
 		}
-	}
-	else
-	{
+	} else {
 		$lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere'];
 		$lookfornewversion_link = htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
 		$lookfornewversion_addinfo = '';
@@ -148,56 +143,35 @@ if($page == 'overview')
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();

-	$opentickets = 0;
-	$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-                                   WHERE `answerto` = "0" AND (`status` = "0" OR `status` = "1")
-                                   AND `lastreplier`="0" AND `adminid` = "' . $userinfo['adminid'] . '"');
-	$awaitingtickets = $opentickets['count'];
-	$awaitingtickets_text = '';
-
-	if($opentickets > 0)
-	{
-		$awaitingtickets_text = strtr($lng['ticket']['awaitingticketreply'], array('%s' => '<a href="admin_tickets.php?page=tickets&amp;s=' . $s . '">' . $opentickets['count'] . '</a>'));
-	}
-
-	if(function_exists('sys_getloadavg'))
-	{
+	if (function_exists('sys_getloadavg')) {
 		$loadArray = sys_getloadavg();
 		$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
-	}
-	else
-	{
+	} else {
 		$load = @file_get_contents('/proc/loadavg');

-		if(!$load)
-		{
+		if (!$load) {
 			$load = $lng['admin']['noloadavailable'];
 		}
 	}

-	if(function_exists('posix_uname'))
-	{
+	if (function_exists('posix_uname')) {
 		$showkernel = 1;
 		$kernel_nfo = posix_uname();
 		$kernel = $kernel_nfo['release'] . ' (' . $kernel_nfo['machine'] . ')';
-	}
-	else
-	{
+	} else {
 		$showkernel = 0;
 		$kernel = '';
 	}

 	// Try to get the uptime
 	// First: With exec (let's hope it's enabled for the Froxlor - vHost)
-
 	$uptime_array = explode(" ", @file_get_contents("/proc/uptime"));

-	if(is_array($uptime_array)
-	&& isset($uptime_array[0])
-	&& is_numeric($uptime_array[0]))
-	{
+	if (is_array($uptime_array)
+		&& isset($uptime_array[0])
+		&& is_numeric($uptime_array[0])
+	) {
 		// Some calculatioon to get a nicly formatted display
-
 		$seconds = round($uptime_array[0], 0);
 		$minutes = $seconds / 60;
 		$hours = $minutes / 60;
@@ -208,27 +182,22 @@ if($page == 'overview')
 		$uptime = "{$days}d, {$hours}h, {$minutes}m, {$seconds}s";

 		// Just cleanup
-
 		unset($uptime_array, $seconds, $minutes, $hours, $days);
-	}
-	else
-	{
+	} else {
 		// Nothing of the above worked, show an error :/
-
 		$uptime = '';
 	}

 	eval("echo \"" . getTemplate("index/index") . "\";");
-}
-elseif($page == 'change_password')
-{
-	if(isset($_POST['send'])
-	&& $_POST['send'] == 'send')
-	{
+
+} elseif($page == 'change_password') {
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
 		$old_password = validate($_POST['old_password'], 'old password');

-		if(md5($old_password) != $userinfo['password'])
-		{
+		if (md5($old_password) != $userinfo['password']) {
 			standard_error('oldpasswordnotcorrect');
 			exit;
 		}
@@ -236,95 +205,204 @@ elseif($page == 'change_password')
 		$new_password = validate($_POST['new_password'], 'new password');
 		$new_password_confirm = validate($_POST['new_password_confirm'], 'new password confirm');

-		if($old_password == '')
-		{
+		if ($old_password == '') {
 			standard_error(array('stringisempty', 'oldpassword'));
-		}
-		elseif($new_password == '')
-		{
+		} elseif($new_password == '') {
 			standard_error(array('stringisempty', 'newpassword'));
-		}
-		elseif($new_password_confirm == '')
-		{
+		} elseif($new_password_confirm == '') {
 			standard_error(array('stringisempty', 'newpasswordconfirm'));
-		}
-		elseif($new_password != $new_password_confirm)
-		{
+		} elseif($new_password != $new_password_confirm) {
 			standard_error('newpasswordconfirmerror');
-		}
-		else
-		{
-			$db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `password`='" . md5($new_password) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `password`='" . md5($old_password) . "'");
+		} else {
+			$chgpwd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_ADMINS . "`
+				SET `password`= :newpasswd
+				WHERE `adminid`= :adminid
+				AND `password`= :oldpasswd"
+			);
+			Database::pexecute($chgpwd_stmt, array(
+				'newpasswd' => md5($new_password),
+				'adminid' => (int)$userinfo['adminid'],
+				'oldpasswd' => md5($old_password)
+			));
 			$log->logAction(ADM_ACTION, LOG_NOTICE, 'changed password');
 			redirectTo($filename, Array('s' => $s));
 		}
-	}
-	else
-	{
+	} else {
 		eval("echo \"" . getTemplate("index/change_password") . "\";");
 	}
-}
-elseif($page == 'change_language')
-{
-	if(isset($_POST['send'])
-	&& $_POST['send'] == 'send')
-	{
+
+} elseif($page == 'change_language') {
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
 		$def_language = validate($_POST['def_language'], 'default language');

-		if(isset($languages[$def_language]))
-		{
-			$db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `def_language`='" . $db->escape($def_language) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "'");
-			$db->query("UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `language`='" . $db->escape($def_language) . "' WHERE `hash`='" . $db->escape($s) . "'");
+		if (isset($languages[$def_language])) {
+			$lng_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_ADMINS . "`
+				SET `def_language`= :deflng
+				WHERE `adminid`= :adminid"
+			);
+			Database::pexecute($lng_stmt, array(
+				'deflng' => $def_language,
+				'adminid' => (int)$userinfo['adminid']
+			));
+
+			$lng_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_SESSIONS . "`
+				SET `language`= :lng
+				WHERE `hash`= :hash"
+			);
+			Database::pexecute($lng_stmt, array(
+				'lng' => $def_language,
+				'hash' => $s
+			));
 		}

 		$log->logAction(ADM_ACTION, LOG_NOTICE, "changed his/her default language to '" . $def_language . "'");
-		redirectTo($filename, Array('s' => $s));
-	}
-	else
-	{
+		redirectTo($filename, array('s' => $s));
+
+	} else {
+
 		$language_options = '';

 		$default_lang = $settings['panel']['standardlanguage'];
-		if($userinfo['def_language'] != '') {
+		if ($userinfo['def_language'] != '') {
 			$default_lang = $userinfo['def_language'];
 		}

-		while(list($language_file, $language_name) = each($languages))
-		{
+		while (list($language_file, $language_name) = each($languages)) {
 			$language_options.= makeoption($language_name, $language_file, $default_lang, true);
 		}

 		eval("echo \"" . getTemplate("index/change_language") . "\";");
 	}
-}
-elseif($page == 'change_theme')
-{
-	if(isset($_POST['send'])
+
+} elseif ($page == 'change_theme') {
+
+	if (isset($_POST['send'])
 		&& $_POST['send'] == 'send'
 	) {
 		$theme = validate($_POST['theme'], 'theme');

-		$db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `theme`='" . $db->escape($theme) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "'");
-		$db->query("UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `theme`='" . $db->escape($theme) . "' WHERE `hash`='" . $db->escape($s) . "'");
+		$theme_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_ADMINS . "`
+				SET `theme`= :theme
+				WHERE `adminid`= :adminid"
+		);
+		Database::pexecute($theme_stmt, array(
+			'theme' => $theme,
+			'adminid' => (int)$userinfo['adminid']
+		));
+
+		$theme_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_SESSIONS . "`
+				SET `theme`= :theme
+				WHERE `hash`= :hash"
+		);
+		Database::pexecute($theme_stmt, array(
+			'theme' => $theme,
+			'hash' => $s
+		));

 		$log->logAction(ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
-		redirectTo($filename, Array('s' => $s));
-	}
-	else
-	{
+		redirectTo($filename, array('s' => $s));
+
+	} else {
+
 		$theme_options = '';

 		$default_theme = $settings['panel']['default_theme'];
-		if($userinfo['theme'] != '') {
+		if ($userinfo['theme'] != '') {
 			$default_theme = $userinfo['theme'];
 		}

 		$themes_avail = getThemes();
-		foreach($themes_avail as $t)
-		{
+		foreach ($themes_avail as $t) {
 			$theme_options.= makeoption($t, $t, $default_theme, true);
 		}

 		eval("echo \"" . getTemplate("index/change_theme") . "\";");
 	}
+
+} elseif ($page == 'send_error_report'
+	&& $settings['system']['allow_error_report_admin'] == '1'
+) {
+
+	// only show this if we really have an exception to report
+	if (isset($_GET['errorid'])
+		&& $_GET['errorid'] != ''
+	) {
+
+		$errid = $_GET['errorid'];
+		// read error file
+		$err_dir = makeCorrectDir(FROXLOR_INSTALL_DIR."/logs/");
+		$err_file = makeCorrectFile($err_dir."/".$errid."_sql-error.log");
+
+		if (file_exists($err_file)) {
+
+			$error_content = file_get_contents($err_file);
+			$error = explode("|", $error_content);
+
+			$_error = array(
+				'code' => str_replace("\n", "", substr($error[1], 5)),
+				'message' => str_replace("\n", "", substr($error[2], 4)),
+				'file' => str_replace("\n", "", substr($error[3], 5 + strlen(FROXLOR_INSTALL_DIR))),
+				'line' => str_replace("\n", "", substr($error[4], 5)),
+				'trace' => str_replace(FROXLOR_INSTALL_DIR, "", substr($error[5], 6))
+			);
+
+			// build mail-content
+			$mail_body = "Dear froxlor-team,\n\n";
+			$mail_body .= "the following error has been reported by a user:\n\n";
+			$mail_body .= "-------------------------------------------------------------\n";
+			$mail_body .= $_error['code'].' '.$_error['message']."\n\n";
+			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
+			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
+			$mail_body .= "-------------------------------------------------------------\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "End of report";
+			$mail_html = nl2br($mail_body);
+
+			// send actual report to dev-team
+			if (isset($_POST['send'])
+					&& $_POST['send'] == 'send'
+			) {
+				// send mail and say thanks
+				$_mailerror = false;
+				try {
+					$mail->Subject = '[Froxlor] Error report by user';
+					$mail->AltBody = $mail_body;
+					$mail->MsgHTML($mail_html);
+					$mail->AddAddress('error-reports@froxlor.org', 'Froxlor Developer Team');
+					$mail->Send();
+				} catch(phpmailerException $e) {
+					$mailerr_msg = $e->errorMessage();
+					$_mailerror = true;
+				} catch (Exception $e) {
+					$mailerr_msg = $e->getMessage();
+					$_mailerror = true;
+				}
+
+				if ($_mailerror) {
+					// error when reporting an error...LOLFUQ
+					standard_error('send_report_error', $mailerr_msg);
+				}
+
+				// finally remove error from fs
+				@unlink($err_file);
+				redirectTo($filename, array('s' => $s));
+			}
+			// show a nice summary of the error-report
+			// before actually sending anything
+			eval("echo \"" . getTemplate("index/send_error_report") . "\";");
+
+		} else {
+			redirectTo($filename, array('s' => $s));
+		}
+	} else {
+		redirectTo($filename, array('s' => $s));
+	}
 }
--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -18,36 +18,30 @@
 */

 define('AREA', 'admin');
+require './lib/init.php';

-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-
-require ("./lib/init.php");
-
-if(isset($_POST['id']))
-{
+if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
-}
-elseif(isset($_GET['id']))
-{
+} elseif(isset($_GET['id'])) {
 	$id = intval($_GET['id']);
 }

-if($page == 'ipsandports'
-   || $page == 'overview')
-{
-	if($action == '')
-	{
+if ($page == 'ipsandports'
+	|| $page == 'overview'
+) {
+
+	if ($action == '') {
+
 		$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_ipsandports");
 		$fields = array(
 			'ip' => $lng['admin']['ipsandports']['ip'],
 			'port' => $lng['admin']['ipsandports']['port']
 		);
-		$paging = new paging($userinfo, $db, TABLE_PANEL_IPSANDPORTS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+		$paging = new paging($userinfo, TABLE_PANEL_IPSANDPORTS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
 		$ipsandports = '';
-		$result = $db->query("SELECT `id`, `ip`, `port`, `listen_statement`, `namevirtualhost_statement`, `vhostcontainer`, `vhostcontainer_servername_statement`, `specialsettings`, `ssl` FROM `" . TABLE_PANEL_IPSANDPORTS . "` " . $paging->getSqlWhere(false) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
-		$paging->setEntries($db->num_rows($result));
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` " . $paging->getSqlWhere(false) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+		Database::pexecute($result_stmt);
+		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -55,92 +49,99 @@ if($page == 'ipsandports'
 		$i = 0;
 		$count = 0;

-		while($row = $db->fetch_array($result))
-		{
-			if($paging->checkDisplay($i))
-			{
-				$row = htmlentities_array($row);
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {

-				if(filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
-				{
+			if ($paging->checkDisplay($i)) {
+				$row = htmlentities_array($row);
+				if (filter_var($row['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
 					$row['ip'] = '[' . $row['ip'] . ']';
 				}
-
 				eval("\$ipsandports.=\"" . getTemplate("ipsandports/ipsandports_ipandport") . "\";");
 				$count++;
 			}
-
 			$i++;
 		}

 		eval("echo \"" . getTemplate("ipsandports/ipsandports") . "\";");
-	}
-	elseif($action == 'delete'
-	       && $id != 0)
-	{
-		$result = $db->query_first("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id`='" . (int)$id . "'");

-		if(isset($result['id'])
-		   && $result['id'] == $id)
-		{
-			$result_checkdomain = $db->query_first("SELECT `id_domain` as `id` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_ipandports`='" . (int)$id . "'");
+	} elseif($action == 'delete'
+		&& $id != 0
+	) {
+		$result_stmt = Database::prepare("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array('id' => $id));

-			if($result_checkdomain['id'] == '')
-			{
-				if($result['id'] != $settings['system']['defaultip'])
-				{
-					$result_sameipotherport = $db->query_first("SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ip`='" . $db->escape($result['ip']) . "' AND `id`!='" . (int)$id . "'");
+		if (isset($result['id'])
+			&& $result['id'] == $id
+		) {
+			$result_checkdomain_stmt = Database::prepare("
+				SELECT `id_domain` as `id` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_ipandports` = :id"
+			);
+			$result_checkdomain = Database::pexecute_first($result_checkdomain_stmt, array('id' => $id));

-					if(($result['ip'] != $settings['system']['ipaddress'])
-					   || ($result['ip'] == $settings['system']['ipaddress'] && $result_sameipotherport['id'] != ''))
-					{
-						$result = $db->query_first("SELECT `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id`='" . (int)$id . "'");
+			if ($result_checkdomain['id'] == '') {
+				if ($result['id'] != $settings['system']['defaultip']) {

-						if($result['ip'] != '')
-						{
-							if(isset($_POST['send'])
-							   && $_POST['send'] == 'send')
-							{
-								$db->query("DELETE FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id`='" . (int)$id . "'");
+					$result_sameipotherport_stmt = Database::prepare("
+						SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
+						WHERE `ip` = :ip AND `id` <> :id"
+					);
+					$result_sameipotherport = Database::pexecute_first($result_sameipotherport_stmt, array('id' => $id, 'ip' => $result['ip']));
+
+					if (($result['ip'] != $settings['system']['ipaddress'])
+						|| ($result['ip'] == $settings['system']['ipaddress']
+						&& $result_sameipotherport['id'] != '')
+					) {
+						$result_stmt = Database::prepare("
+							SELECT `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
+							WHERE `id` = :id"
+						);
+						$result = Database::pexecute_first($result_stmt, array('id' => $id));
+
+						if ($result['ip'] != '') {
+
+							if (isset($_POST['send'])
+								&& $_POST['send'] == 'send'
+							) {
+								$del_stmt = Database::prepare("
+									DELETE FROM `" . TABLE_PANEL_IPSANDPORTS . "`
+									WHERE `id` = :id"
+								);
+								Database::pexecute($del_stmt, array('id' => $id));

 								// also, remove connections to domains (multi-stack)
-								$db->query("DELETE FROM `".TABLE_DOMAINTOIP."` WHERE `id_ipandports`='".(int)$id."'");
+								$del_stmt = Database::prepare("
+									DELETE FROM `".TABLE_DOMAINTOIP."` WHERE `id_ipandports` = :id"
+								);
+								Database::pexecute($del_stmt, array('id' => $id));

 								$log->logAction(ADM_ACTION, LOG_WARNING, "deleted IP/port '" . $result['ip'] . ":" . $result['port'] . "'");
 								inserttask('1');
-
 								// Using nameserver, insert a task which rebuilds the server config
 								inserttask('4');

-								redirectTo($filename, Array('page' => $page, 's' => $s));
-							}
-							else
-							{
+								redirectTo($filename, array('page' => $page, 's' => $s));
+
+							} else {
 								ask_yesno('admin_ip_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['ip'] . ':' . $result['port']);
 							}
 						}
-					}
-					else
-					{
+					} else {
 						standard_error('cantdeletesystemip');
 					}
-				}
-				else
-				{
+				} else {
 					standard_error('cantdeletedefaultip');
 				}
-			}
-			else
-			{
+			} else {
 				standard_error('ipstillhasdomains');
 			}
 		}
-	}
-	elseif($action == 'add')
-	{
-		if(isset($_POST['send'])
-		   && $_POST['send'] == 'send')
-		{
+
+	} elseif($action == 'add') {
+
+		if (isset($_POST['send'])
+			&& $_POST['send'] == 'send'
+		) {
+
 			$ip = validate_ip($_POST['ip']);
 			$port = validate($_POST['port'], 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array('stringisempty', 'myport'));
 			$listen_statement = isset($_POST['listen_statement']) ? 1 : 0;
@@ -150,9 +151,9 @@ if($page == 'ipsandports'
 			$vhostcontainer_servername_statement = isset($_POST['vhostcontainer_servername_statement']) ? 1 : 0;
 			$default_vhostconf_domain = validate(str_replace("\r\n", "\n", $_POST['default_vhostconf_domain']), 'default_vhostconf_domain', '/^[^\0]*$/');
 			$docroot = validate($_POST['docroot'], 'docroot');
-			if((int)$settings['system']['use_ssl'] == 1)
-			{
-				$ssl = intval($_POST['ssl']);
+
+			if ((int)$settings['system']['use_ssl'] == 1) {
+				$ssl = isset($_POST['ssl']) ? intval($_POST['ssl']) : 0;
 				$ssl_cert_file = validate($_POST['ssl_cert_file'], 'ssl_cert_file');
 				$ssl_key_file = validate($_POST['ssl_key_file'], 'ssl_key_file');
 				$ssl_ca_file = validate($_POST['ssl_ca_file'], 'ssl_ca_file');
@@ -164,110 +165,99 @@ if($page == 'ipsandports'
 				$ssl_ca_file = '';
 				$ssl_cert_chainfile = '';
 			}
-			
-			if($listen_statement != '1')
-			{
+
+			if ($listen_statement != '1') {
 				$listen_statement = '0';
 			}

-			if($namevirtualhost_statement != '1')
-			{
+			if ($namevirtualhost_statement != '1') {
 				$namevirtualhost_statement = '0';
 			}

-			if($vhostcontainer != '1')
-			{
+			if ($vhostcontainer != '1') {
 				$vhostcontainer = '0';
 			}

-			if($vhostcontainer_servername_statement != '1')
-			{
+			if ($vhostcontainer_servername_statement != '1') {
 				$vhostcontainer_servername_statement = '0';
 			}

-			if($ssl != '1')
-			{
+			if ($ssl != '1') {
 				$ssl = '0';
 			}
-		
-			if($ssl_cert_file != '')
-			{
+
+			if ($ssl_cert_file != '') {
 				$ssl_cert_file = makeCorrectFile($ssl_cert_file);
 			}

-			if($ssl_key_file != '')
-			{
+			if ($ssl_key_file != '') {
 				$ssl_key_file = makeCorrectFile($ssl_key_file);
 			}

-			if($ssl_ca_file != '')
-			{
+			if ($ssl_ca_file != '') {
 				$ssl_ca_file = makeCorrectFile($ssl_ca_file);
 			}

-			if($ssl_cert_chainfile != '')
-			{
+			if ($ssl_cert_chainfile != '') {
 				$ssl_cert_chainfile = makeCorrectFile($ssl_cert_chainfile);
 			}

-			if(strlen(trim($docroot)) > 0)
-			{
+			if (strlen(trim($docroot)) > 0) {
 				$docroot = makeCorrectDir($docroot);
-			}
-			else
-			{
+			} else {
 				$docroot = '';
 			}

-			$result_checkfordouble = $db->query_first("SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ip`='" . $db->escape($ip) . "' AND `port`='" . (int)$port . "'");
+			$result_checkfordouble_stmt = Database::prepare("
+				SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
+				WHERE `ip` = :ip AND `port` = :port"
+			);
+			$result_checkfordouble = Database::pexecute_first($result_checkfordouble_stmt, array('ip' => $ip, 'port' => $port));

-			if($result_checkfordouble['id'] != '')
-			{
+			if ($result_checkfordouble['id'] != '') {
 				standard_error('myipnotdouble');
-			}
-			else
-			{
-				$db->query("INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "`
-					SET 
-						`ip` = '" . $db->escape($ip) . "', 
-						`port` = '" . (int)$port . "', 
-						`listen_statement` = '" . (int)$listen_statement . "', 
-						`namevirtualhost_statement` = '" . (int)$namevirtualhost_statement . "', 
-						`vhostcontainer` = '" . (int)$vhostcontainer . "', 
-						`vhostcontainer_servername_statement` = '" . (int)$vhostcontainer_servername_statement . "', 
-						`specialsettings` = '" . $db->escape($specialsettings) . "', 
-						`ssl` = '" . (int)$ssl . "', 
-						`ssl_cert_file` = '" . $db->escape($ssl_cert_file) . "', 
-						`ssl_key_file` = '" . $db->escape($ssl_key_file) . "', 
-						`ssl_ca_file` = '" . $db->escape($ssl_ca_file) . "',
-						`ssl_cert_chainfile` = '" . $db->escape($ssl_cert_chainfile) . "', 
-						`default_vhostconf_domain` = '" . $db->escape($default_vhostconf_domain) . "',
-						`docroot` = '" . $db->escape($docroot) . "';
-					");
+			} else {
+				$ins_stmt = Database::prepare("
+					INSERT INTO `" . TABLE_PANEL_IPSANDPORTS . "`
+					SET
+						`ip` = :ip, `port` = :port, `listen_statement` = :ls,
+						`namevirtualhost_statement` = :nvhs, `vhostcontainer` = :vhc,
+						`vhostcontainer_servername_statement` = :vhcss,
+						`specialsettings` = :ss, `ssl` = :ssl,
+						`ssl_cert_file` = :ssl_cert, `ssl_key_file` = :ssl_key,
+						`ssl_ca_file` = :ssl_ca, `ssl_cert_chainfile` = :ssl_chain,
+						`default_vhostconf_domain` = :dvhd, `docroot` = :docroot;
+				");
+				$ins_data = array(
+					'ip' => $ip,
+					'port' => $port,
+					'ls' => $listen_statement,
+					'nvhs' => $namevirtualhost_statement,
+					'vhc' => $vhostcontainer,
+					'vhcss' => $vhostcontainer_servername_statement,
+					'ss' => $specialsettings,
+					'ssl' => $ssl,
+					'ssl_cert' => $ssl_cert_file,
+					'ssl_key' => $ssl_key_file,
+					'ssl_ca' => $ssl_ca_file,
+					'ssl_chain' => $ssl_cert_chainfile,
+					'dvhd' => $default_vhostconf_domain,
+					'docroot' => $docroot
+				);
+				Database::pexecute($ins_stmt, $ins_data);

-				if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
-				{
+				if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
 					$ip = '[' . $ip . ']';
 				}

 				$log->logAction(ADM_ACTION, LOG_WARNING, "added IP/port '" . $ip . ":" . $port . "'");
 				inserttask('1');
-
 				// Using nameserver, insert a task which rebuilds the server config
 				inserttask('4');
-
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			}
-		}
-		else
-		{
-			/*
-			$enable_ssl = makeyesno('ssl', '1', '0', '0');
-			$listen_statement = makeyesno('listen_statement', '1', '0', '1');
-			$namevirtualhost_statement = makeyesno('namevirtualhost_statement', '1', '0', '1');
-			$vhostcontainer = makeyesno('vhostcontainer', '1', '0', '1');
-			$vhostcontainer_servername_statement = makeyesno('vhostcontainer_servername_statement', '1', '0', '1');
-			*/
+
+		} else {

 			$ipsandports_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php';
 			$ipsandports_add_form = htmlform::genHTMLForm($ipsandports_add_data);
@@ -277,21 +267,23 @@ if($page == 'ipsandports'

 			eval("echo \"" . getTemplate("ipsandports/ipsandports_add") . "\";");
 		}
-	}
-	elseif($action == 'edit'
-	       && $id != 0)
-	{
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id`='" . (int)$id . "'");

-		if($result['ip'] != '')
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
+	} elseif($action == 'edit'
+		&& $id != 0
+	) {
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :id"
+		);
+		$result = Database::pexecute_first($result_stmt, array('id' => $id));
+
+		if ($result['ip'] != '') {
+
+			if (isset($_POST['send'])
+				&& $_POST['send'] == 'send'
+			) {
+
 				$ip = validate_ip($_POST['ip']);
 				$port = validate($_POST['port'], 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array('stringisempty', 'myport'));
-				$result_checkfordouble = $db->query_first("SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ip`='" . $db->escape($ip) . "' AND `port`='" . (int)$port . "'");
-				$result_sameipotherport = $db->query_first("SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ip`='" . $db->escape($result['ip']) . "' AND `id`!='" . (int)$id . "'");
 				$listen_statement = isset($_POST['listen_statement']) ? 1 : 0;
 				$namevirtualhost_statement = isset($_POST['namevirtualhost_statement']) ? 1 : 0;
 				$vhostcontainer = isset($_POST['vhostcontainer']) ? 1 : 0;
@@ -300,11 +292,19 @@ if($page == 'ipsandports'
 				$default_vhostconf_domain = validate(str_replace("\r\n", "\n", $_POST['default_vhostconf_domain']), 'default_vhostconf_domain', '/^[^\0]*$/');
 				$docroot =  validate($_POST['docroot'], 'docroot');

-				if((int)$settings['system']['use_ssl'] == 1
-					/* 
-					 * check here if ssl is even checked, cause if not, we don't need
-					 * to validate and set all the $ssl_*_file vars
-					 */
+				$result_checkfordouble_stmt = Database::prepare("
+					SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
+					WHERE `ip` = :ip AND `port` = :port"
+				);
+				$result_checkfordouble = Database::pexecute_first($result_checkfordouble_stmt, array('ip' => $ip, 'port' => $port));
+
+				$result_sameipotherport_stmt = Database::prepare("
+					SELECT `id` FROM `" . TABLE_PANEL_IPSANDPORTS . "`
+					WHERE `ip` = :ip AND `id` <> :id"
+				);
+				$result_sameipotherport = Database::pexecute_first($result_sameipotherport_stmt, array('ip' => $ip, 'id' => $id));
+
+				if ((int)$settings['system']['use_ssl'] == 1
 					&& isset($_POST['ssl'])
 					&& $_POST['ssl'] != 0
 				) {
@@ -321,92 +321,91 @@ if($page == 'ipsandports'
 					$ssl_cert_chainfile = '';
 				}
 				
-				if($listen_statement != '1')
-				{
+				if ($listen_statement != '1') {
 					$listen_statement = '0';
 				}

-				if($namevirtualhost_statement != '1')
-				{
+				if ($namevirtualhost_statement != '1') {
 					$namevirtualhost_statement = '0';
 				}

-				if($vhostcontainer != '1')
-				{
+				if ($vhostcontainer != '1') {
 					$vhostcontainer = '0';
 				}

-				if($vhostcontainer_servername_statement != '1')
-				{
+				if ($vhostcontainer_servername_statement != '1') {
 					$vhostcontainer_servername_statement = '0';
 				}

-				if($ssl != '1')
-				{
+				if ($ssl != '1') {
 					$ssl = '0';
 				}
 				
-				if($ssl_cert_file != '')
-				{
+				if ($ssl_cert_file != '') {
 					$ssl_cert_file = makeCorrectFile($ssl_cert_file);
 				}

-				if($ssl_key_file != '')
-				{
+				if ($ssl_key_file != '') {
 					$ssl_key_file = makeCorrectFile($ssl_key_file);
 				}

-				if($ssl_ca_file != '')
-				{
+				if ($ssl_ca_file != '') {
 					$ssl_ca_file = makeCorrectFile($ssl_ca_file);
 				}

-				if($ssl_cert_chainfile != '')
-				{
+				if ($ssl_cert_chainfile != '') {
 					$ssl_cert_chainfile = makeCorrectFile($ssl_cert_chainfile);
 				}

-				if(strlen(trim($docroot)) > 0)
-				{
+				if (strlen(trim($docroot)) > 0) {
 					$docroot = makeCorrectDir($docroot);
-				}
-				else
-				{
+				} else {
 					$docroot = '';
 				}

-				if($result['ip'] != $ip
-				   && $result['ip'] == $settings['system']['ipaddress']
-				   && $result_sameipotherport['id'] == '')
-				{
+				if ($result['ip'] != $ip
+					&& $result['ip'] == $settings['system']['ipaddress']
+					&& $result_sameipotherport['id'] == ''
+				) {
 					standard_error('cantchangesystemip');
-				}
-				elseif($result_checkfordouble['id'] != ''
-				       && $result_checkfordouble['id'] != $id)
-				{
-					standard_error('myipnotdouble');
-				}
-				else
-				{

-					$db->query("UPDATE `" . TABLE_PANEL_IPSANDPORTS . "`
-					SET 
-						`ip` = '" . $db->escape($ip) . "', 
-						`port` = '" . (int)$port . "', 
-						`listen_statement` = '" . (int)$listen_statement . "', 
-						`namevirtualhost_statement` = '" . (int)$namevirtualhost_statement . "', 
-						`vhostcontainer` = '" . (int)$vhostcontainer . "', 
-						`vhostcontainer_servername_statement` = '" . (int)$vhostcontainer_servername_statement . "', 
-						`specialsettings` = '" . $db->escape($specialsettings) . "', 
-						`ssl` = '" . (int)$ssl . "', 
-						`ssl_cert_file` = '" . $db->escape($ssl_cert_file) . "', 
-						`ssl_key_file` = '" . $db->escape($ssl_key_file) . "', 
-						`ssl_ca_file` = '" . $db->escape($ssl_ca_file) . "',
-						`ssl_cert_chainfile` = '" . $db->escape($ssl_cert_chainfile) . "', 
-						`default_vhostconf_domain` = '" . $db->escape($default_vhostconf_domain) . "',
-						`docroot` = '" . $db->escape($docroot) . "' 
-					WHERE `id`='" . (int)$id . "'
+				} elseif($result_checkfordouble['id'] != ''
+					&& $result_checkfordouble['id'] != $id
+				) {
+					standard_error('myipnotdouble');
+
+				} else {
+
+					$upd_stmt = Database::prepare("
+						UPDATE `" . TABLE_PANEL_IPSANDPORTS . "`
+						SET
+							`ip` = :ip, `port` = :port, `listen_statement` = :ls,
+							`namevirtualhost_statement` = :nvhs, `vhostcontainer` = :vhc,
+							`vhostcontainer_servername_statement` = :vhcss,
+							`specialsettings` = :ss, `ssl` = :ssl,
+							`ssl_cert_file` = :ssl_cert, `ssl_key_file` = :ssl_key,
+							`ssl_ca_file` = :ssl_ca, `ssl_cert_chainfile` = :ssl_chain,
+							`default_vhostconf_domain` = :dvhd, `docroot` = :docroot
+						WHERE `id` = :id;
 					");
+					$upd_data = array(
+						'ip' => $ip,
+						'port' => $port,
+						'ls' => $listen_statement,
+						'nvhs' => $namevirtualhost_statement,
+						'vhc' => $vhostcontainer,
+						'vhcss' => $vhostcontainer_servername_statement,
+						'ss' => $specialsettings,
+						'ssl' => $ssl,
+						'ssl_cert' => $ssl_cert_file,
+						'ssl_key' => $ssl_key_file,
+						'ssl_ca' => $ssl_ca_file,
+						'ssl_chain' => $ssl_cert_chainfile,
+						'dvhd' => $default_vhostconf_domain,
+						'docroot' => $docroot,
+						'id' => $id
+					);
+					Database::pexecute($upd_stmt, $upd_data);

 					$log->logAction(ADM_ACTION, LOG_WARNING, "changed IP/port from '" . $result['ip'] . ":" . $result['port'] . "' to '" . $ip . ":" . $port . "'");
 					inserttask('1');
@@ -416,17 +415,10 @@ if($page == 'ipsandports'

 					redirectTo($filename, Array('page' => $page, 's' => $s));
 				}
-			}
-			else
-			{
+
+			} else {
+
 				$result = htmlentities_array($result);
-				/*
-				$enable_ssl = makeyesno('ssl', '1', '0', $result['ssl']);
-				$listen_statement = makeyesno('listen_statement', '1', '0', $result['listen_statement']);
-				$namevirtualhost_statement = makeyesno('namevirtualhost_statement', '1', '0', $result['namevirtualhost_statement']);
-				$vhostcontainer = makeyesno('vhostcontainer', '1', '0', $result['vhostcontainer']);
-				$vhostcontainer_servername_statement = makeyesno('vhostcontainer_servername_statement', '1', '0', $result['vhostcontainer_servername_statement']);
-				*/

 				$ipsandports_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php';
 				$ipsandports_edit_form = htmlform::genHTMLForm($ipsandports_edit_data);
@@ -439,5 +431,3 @@ if($page == 'ipsandports'
 		}
 	}
 }
-
-?>
--- a/admin_logger.php
+++ b/admin_logger.php
@@ -18,11 +18,7 @@
 */

 define('AREA', 'admin');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-require('./lib/init.php');
+require './lib/init.php';

 if ($page == 'log'
   && $userinfo['change_serversettings'] == '1'
@@ -34,29 +30,31 @@ if ($page == 'log'
 			'user' => $lng['logger']['user'],
 			'text' => $lng['logger']['action']
 		);
-		$paging = new paging($userinfo, $db, TABLE_PANEL_LOG, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
 		$paging->sortfield = 'date';
 		$paging->sortorder = 'desc';
-		$result = $db->query('SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit());
-		$paging->setEntries($db->num_rows($result));
+		$result_stmt = Database::query('
+			SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
+		);
+		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
 		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
 		$clog = array();

-		while ($row = $db->fetch_array($result)) {
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+
 			if (!isset($clog[$row['action']])
-			   || !is_array($clog[$row['action']])
+				|| !is_array($clog[$row['action']])
 			) {
 				$clog[$row['action']] = array();
 			}
-
 			$clog[$row['action']][$row['logid']] = $row;
 		}

 		if ($paging->sortfield == 'date'
-		   && $paging->sortorder == 'desc'
+			&& $paging->sortorder == 'desc'
 		) {
 			krsort($clog);
 		} else {
@@ -135,17 +133,19 @@ if ($page == 'log'
 		}

 		eval("echo \"" . getTemplate('logger/logger') . "\";");
+
 	} elseif ($action == 'truncate') {
+
 		if (isset($_POST['send'])
 		   && $_POST['send'] == 'send'
 		) {
-			$yesterday = time() - (60 * 10);
-
-			/* (60*60*24); */
-
-			$db->query("DELETE FROM `" . TABLE_PANEL_LOG . "` WHERE `date` < '" . $yesterday . "'");
+			$truncatedate = time() - (60 * 10);
+			$trunc_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_PANEL_LOG . "` WHERE `date` < :trunc"
+			);
+			Database::pexecute($trunc_stmt, array('trunc' => $truncatedate));
 			$log->logAction(ADM_ACTION, LOG_WARNING, 'truncated the system-log (mysql)');
-			redirectTo($filename, Array('page' => $page, 's' => $s));
+			redirectTo($filename, array('page' => $page, 's' => $s));
 		} else {
 			ask_yesno('logger_reallytruncate', $filename, array('page' => $page, 'action' => $action), TABLE_PANEL_LOG);
 		}
--- a/admin_message.php
+++ b/admin_message.php
@@ -18,11 +18,7 @@
 */

 define('AREA', 'admin');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-require('./lib/init.php');
+require './lib/init.php';

 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -41,14 +37,18 @@ if ($page == 'message') {
 			   && $userinfo['customers_see_all'] == '1'
 			) {
 				$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
-				$result = $db->query('SELECT `name`, `email`  FROM `' . TABLE_PANEL_ADMINS . "`");
+				$result = Database::query('SELECT `name`, `email`  FROM `' . TABLE_PANEL_ADMINS . "`");
 			} elseif ($_POST['receipient'] == 1) {
 				if ($userinfo['customers_see_all'] == '1') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
-					$result = $db->query('SELECT `firstname`, `name`, `email`  FROM `' . TABLE_PANEL_CUSTOMERS . "`");
+					$result = Database::query('SELECT `firstname`, `name`, `company`, `email`  FROM `' . TABLE_PANEL_CUSTOMERS . "`");
 				} else {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to customers');
-					$result = $db->query('SELECT `firstname`, `name`, `email`  FROM `' . TABLE_PANEL_CUSTOMERS . "` WHERE `adminid`='" . $userinfo['adminid'] . "'");
+					$result = Database::prepare('
+						SELECT `firstname`, `name`, `company`, `email`  FROM `' . TABLE_PANEL_CUSTOMERS . "`
+						WHERE `adminid` = :adminid"
+					);
+					Database::pexecute($result, array('adminid' => $userinfo['adminid']));
 				}
 			} else {
 				standard_error('noreceipientsgiven');
@@ -62,8 +62,11 @@ if ($page == 'message') {
 				$mail->Body = $message;
 				$mail->Subject = $subject;

-				while ($row = $db->fetch_array($result)) {
-					$mail->AddAddress($row['email'], (isset($row['firstname']) ? $row['firstname'] . ' ' : '') . $row['name']);
+				while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
+
+					$row['firstname'] = isset($row['firstname']) ? $row['firstname'] : '';
+					$row['company'] = isset($row['company']) ? $row['company'] : '';
+					$mail->AddAddress($row['email'], getCorrectUserSalutation(array('firstname' => $row['firstname'], 'name' => $row['name'], 'company' => $row['company'])));
 					$mail->From = $userinfo['email'];
 					$mail->FromName = (isset($userinfo['firstname']) ? $userinfo['firstname'] . ' ' : '') . $userinfo['name'];

@@ -82,7 +85,7 @@ if ($page == 'message') {
 					$mail->ClearAddresses();
 				}

-				redirectTo($filename, Array('page' => $page, 's' => $s, 'action' => 'showsuccess', 'sentitems' => $mailcounter));
+				redirectTo($filename, array('page' => $page, 's' => $s, 'action' => 'showsuccess', 'sentitems' => $mailcounter));
 			} else {
 				standard_error('nomessagetosend');
 			}
@@ -90,6 +93,7 @@ if ($page == 'message') {
 	}

 	if ($action == 'showsuccess') {
+
 		$success = 1;
 		$sentitems = isset($_GET['sentitems']) ? (int)$_GET['sentitems'] : 0;

@@ -98,13 +102,14 @@ if ($page == 'message') {
 		} else {
 			$successmessage = str_replace('%s', $sentitems, $lng['message']['success']);
 		}
+
 	} else {
 		$success = 0;
 		$sentitems = 0;
 		$successmessage = '';
 	}
-	$action = '';

+	$action = '';
 	$receipients = '';

 	if ($userinfo['customers_see_all'] == '1') {
--- a/admin_phpsettings.php
+++ b/admin_phpsettings.php
@@ -18,12 +18,7 @@
 */

 define('AREA', 'admin');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-
-require ("./lib/init.php");
+require './lib/init.php';

 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -37,27 +32,29 @@ if ($page == 'overview') {

 		$tablecontent = '';
 		$count = 0;
-		$result = $db->query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
+		$result = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");

-		while ($row = $db->fetch_array($result)) {
+		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {

 			$domainresult = false;
+			$query_params = array('id' => $row['id']);

 			$query = "SELECT * FROM `".TABLE_PANEL_DOMAINS."`
-					WHERE `phpsettingid` = '".(int)$row['id']."'
+					WHERE `phpsettingid` = :id
 					AND `parentdomainid` = '0'";

 			if ((int)$userinfo['domains_see_all'] == 0) {
-				$query .= " AND `adminid` = '".(int)$userinfo['userid']."'";
+				$query .= " AND `adminid` = :adminid";
+				$query_params['adminid'] = $userinfo['adminid'];
 			}

 			if ((int)$settings['panel']['phpconfigs_hidestdsubdomain'] == 1) {
-				$query2 = "SELECT DISTINCT `standardsubdomain`
-						FROM `".TABLE_PANEL_CUSTOMERS."`
-						WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;";
-				$ssdids_res = $db->query($query2);
+				$ssdids_res = Database::query("
+					SELECT DISTINCT `standardsubdomain` FROM `".TABLE_PANEL_CUSTOMERS."`
+					WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;"
+				);
 				$ssdids = array();
-				while ($ssd = $db->fetch_array($ssdids_res)) {
+				while ($ssd = $ssdids_res->fetch(PDO::FETCH_ASSOC)) {
 					$ssdids[] = $ssd['standardsubdomain'];
 				}
 				if (count($ssdids) > 0) {
@@ -65,17 +62,17 @@ if ($page == 'overview') {
 				}
 			}

-			$domainresult = $db->query($query);
+			$domainresult_stmt = Database::prepare($query);
+			Database::pexecute($domainresult_stmt, $query_params);

 			$domains = '';
-			if ($db->num_rows($domainresult) > 0) {
-				while ($row2 = $db->fetch_array($domainresult)) {
+			if (Database::num_rows() > 0) {
+				while ($row2 = $domainresult_stmt->fetch(PDO::FETCH_ASSOC)) {
 					$domains.= $row2['domain'] . '<br/>';
 				}
 			} else {
 				$domains = $lng['admin']['phpsettings']['notused'];
 			}
-
 			$count ++;
 			eval("\$tablecontent.=\"" . getTemplate("phpconfig/overview_overview") . "\";");
 		}
@@ -84,34 +81,76 @@ if ($page == 'overview') {
 		eval("echo \"" . getTemplate("phpconfig/overview") . "\";");
 	}

-	if($action == 'add')
-	{
-		if((int)$userinfo['change_serversettings'] == 1)
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
-				$description = validate($_POST['description'], 'description');
-				$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
-				$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
-				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
-				$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
-				$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+	if ($action == 'add') {

-				if(strlen($description) == 0
-				   || strlen($description) > 50)
-				{
+		if ((int)$userinfo['change_serversettings'] == 1) {
+
+			if (isset($_POST['send'])
+				&& $_POST['send'] == 'send'
+			) {
+				$description = validate($_POST['description'], 'description');
+				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
+
+				if ($settings['system']['mod_fcgid'] == 1) {
+					$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
+					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
+					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					// disable fpm stuff
+					$fpm_enableslowlog = 0;
+					$fpm_reqtermtimeout = 0;
+					$fpm_reqslowtimeout = 0;
+				}
+				elseif ($settings['phpfpm']['enabled'] == 1) {
+					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int)$_POST['phpfpm_enable_slowlog'] : 0;
+					$fpm_reqtermtimeout = validate($_POST['phpfpm_reqtermtimeout'], 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					$fpm_reqslowtimeout = validate($_POST['phpfpm_reqslowtimeout'], 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					// disable fcgid stuff
+					$binary = '/usr/bin/php-cgi';
+					$file_extensions = 'php';
+					$mod_fcgid_starter = 0;
+					$mod_fcgid_maxrequests = 0;
+				}
+
+				if (strlen($description) == 0
+					|| strlen($description) > 50
+				) {
 					standard_error('descriptioninvalid');
 				}

-				$db->query("INSERT INTO `" . TABLE_PANEL_PHPCONFIGS . "` SET `description` = '" . $db->escape($description) . "', `binary` = '" . $db->escape($binary) . "', `file_extensions` = '" . $db->escape($file_extensions) . "', `mod_fcgid_starter` = '" . $db->escape($mod_fcgid_starter) . "', `mod_fcgid_maxrequests` = '" . $db->escape($mod_fcgid_maxrequests) . "', `phpsettings` = '" . $db->escape($phpsettings) . "'");
+				$ins_stmt = Database::prepare("
+					INSERT INTO `" . TABLE_PANEL_PHPCONFIGS . "` SET
+						`description` = :desc,
+						`binary` = :binary,
+						`file_extensions` = :fext,
+						`mod_fcgid_starter` = :starter,
+						`mod_fcgid_maxrequests` = :mreq,
+						`fpm_slowlog` = :fpmslow,
+						`fpm_reqterm` = :fpmreqterm,
+						`fpm_reqslow` = :fpmreqslow,
+						`phpsettings` = :phpsettings"
+				);
+				$ins_data = array(
+					'desc' => $description,
+					'binary' => $binary,
+					'fext' => $file_extensions,
+					'starter' => $mod_fcgid_starter,
+					'mreq' => $mod_fcgid_maxrequests,
+					'fpmslow' => $fpm_enableslowlog,
+					'fpmreqterm' => $fpm_reqtermtimeout,
+					'fpmreqslow' => $fpm_reqslowtimeout,
+					'phpsettings' => $phpsettings
+				);
+				Database::pexecute($ins_stmt, $ins_data);
+
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, Array('page' => $page, 's' => $s));
-			}
-			else
-			{
-				$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1");
+				redirectTo($filename, array('page' => $page, 's' => $s));
+
+			} else {
+
+				$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1");
+				$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 				$phpconfig_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';
 				$phpconfig_add_form = htmlform::genHTMLForm($phpconfig_add_data);
@@ -121,73 +160,131 @@ if ($page == 'overview') {

 				eval("echo \"" . getTemplate("phpconfig/overview_add") . "\";");
 			}
-		}
-		else
-		{
+
+		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
 	}

-	if($action == 'delete')
-	{
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id);
+	if ($action == 'delete') {
+
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
+		);
+		$result = Database::pexecute_first($result_stmt, array('id' => $id));
+
+		if ($result['id'] != 0
+			&& $result['id'] == $id
+			&& (int)$userinfo['change_serversettings'] == 1
+			&& $id != 1 // cannot delete the default php.config
+		) {
+
+			if (isset($_POST['send'])
+				&& $_POST['send'] == 'send'
+			) {
+				// set php-config to default for all domains using the
+				// config that is to be deleted
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
+					`phpsettingid` = 1 WHERE `phpsettingid` = :id"
+				);
+				Database::pexecute($upd_stmt, array('id' => $id));
+
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
+				);
+				Database::pexecute($del_stmt, array('id' => $id));

-		if($result['id'] != 0
-		   && $result['id'] == $id
-		   && (int)$userinfo['change_serversettings'] == 1
-		   && $id != 1)
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
-				$db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `phpsettingid` = 1 WHERE `phpsettingid` = " . (int)$id);
-				$db->query("DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id);
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int)$id . " has been deleted by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, Array('page' => $page, 's' => $s));
-			}
-			else
-			{
+				redirectTo($filename, array('page' => $page, 's' => $s));
+
+			} else {
 				ask_yesno('phpsetting_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['description']);
 			}
-		}
-		else
-		{
+		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
 	}

-	if($action == 'edit')
-	{
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id);
+	if ($action == 'edit') {

-		if($result['id'] != 0
-		   && $result['id'] == $id
-		   && (int)$userinfo['change_serversettings'] == 1)
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
+		);
+		$result = Database::pexecute_first($result_stmt, array('id' => $id));
+
+		if ($result['id'] != 0
+			&& $result['id'] == $id
+			&& (int)$userinfo['change_serversettings'] == 1
+		) {
+
+			if (isset($_POST['send'])
+				&& $_POST['send'] == 'send'
+			) {
 				$description = validate($_POST['description'], 'description');
-				$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
-				$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
 				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
-				$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
-				$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));

-				if(strlen($description) == 0
-				   || strlen($description) > 50)
-				{
+				if ($settings['system']['mod_fcgid'] == 1) {
+					$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
+					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
+					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					// disable fpm stuff
+					$fpm_enableslowlog = 0;
+					$fpm_reqtermtimeout = 0;
+					$fpm_reqslowtimeout = 0;
+				}
+				elseif ($settings['phpfpm']['enabled'] == 1) {
+					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int)$_POST['phpfpm_enable_slowlog'] : 0;
+					$fpm_reqtermtimeout = validate($_POST['phpfpm_reqtermtimeout'], 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					$fpm_reqslowtimeout = validate($_POST['phpfpm_reqslowtimeout'], 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					// disable fcgid stuff
+					$binary = '/usr/bin/php-cgi';
+					$file_extensions = 'php';
+					$mod_fcgid_starter = 0;
+					$mod_fcgid_maxrequests = 0;
+				}
+
+				if (strlen($description) == 0
+					|| strlen($description) > 50
+				) {
 					standard_error('descriptioninvalid');
 				}

-				$db->query("UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET `description` = '" . $db->escape($description) . "', `binary` = '" . $db->escape($binary) . "', `file_extensions` = '" . $db->escape($file_extensions) . "', `mod_fcgid_starter` = '" . $db->escape($mod_fcgid_starter) . "', `mod_fcgid_maxrequests` = '" . $db->escape($mod_fcgid_maxrequests) . "', `phpsettings` = '" . $db->escape($phpsettings) . "' WHERE `id` = " . (int)$id);
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
+						`description` = :desc,
+						`binary` = :binary,
+						`file_extensions` = :fext,
+						`mod_fcgid_starter` = :starter,
+						`mod_fcgid_maxrequests` = :mreq,
+						`fpm_slowlog` = :fpmslow,
+						`fpm_reqterm` = :fpmreqterm,
+						`fpm_reqslow` = :fpmreqslow,
+						`phpsettings` = :phpsettings
+					WHERE `id` = :id"
+				);
+				$upd_data = array(
+						'desc' => $description,
+						'binary' => $binary,
+						'fext' => $file_extensions,
+						'starter' => $mod_fcgid_starter,
+						'mreq' => $mod_fcgid_maxrequests,
+						'fpmslow' => $fpm_enableslowlog,
+						'fpmreqterm' => $fpm_reqtermtimeout,
+						'fpmreqslow' => $fpm_reqslowtimeout,
+						'phpsettings' => $phpsettings,
+						'id' => $id
+				);
+				Database::pexecute($upd_stmt, $upd_data);
+
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, Array('page' => $page, 's' => $s));
-			}
-			else
-			{
+				redirectTo($filename, array('page' => $page, 's' => $s));
+
+			} else {
+
 				$phpconfig_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';
 				$phpconfig_edit_form = htmlform::genHTMLForm($phpconfig_edit_data);

@@ -196,12 +293,9 @@ if ($page == 'overview') {

 				eval("echo \"" . getTemplate("phpconfig/overview_edit") . "\";");
 			}
-		}
-		else
-		{
+
+		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
 	}
 }
-
-?>
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -18,59 +18,51 @@
 */

 define('AREA', 'admin');
+require './lib/init.php';

-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
+// get sql-root access data
+Database::needRoot(true);
+Database::needSqlData();
+$sql_root = Database::getSqlData();
+Database::needRoot(false);

-$need_db_sql_data = true;
-$need_root_db_sql_data = true;
-require ("./lib/init.php");
-
-if(($page == 'settings' || $page == 'overview')
-   && $userinfo['change_serversettings'] == '1')
-{
+if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	$settings_data = loadConfigArrayDir('./actions/admin/settings/');
-	$settings = loadSettings($settings_data, $db);
+	$settings = loadSettings($settings_data);
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {

-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
 		$_part = isset($_GET['part']) ? $_GET['part'] : '';
-
-		if($_part == '')
-		{
+		if ($_part == '') {
 			$_part = isset($_POST['part']) ? $_POST['part'] : '';
 		}

-		if($_part != '')
-		{
-			if($_part == 'all')
-			{
+		if ($_part != '') {
+			if ($_part == 'all') {
 				$settings_all = true;
 				$settings_part = false;
-			}
-			else
-			{
+			} else {
 				$settings_all = false;
 				$settings_part = true;
 			}
-
 			$only_enabledisable = false;
-		}
-		else
-		{
+
+		} else {
 			$settings_all = false;
 			$settings_part = false;
 			$only_enabledisable = true;
 		}
 		
 		// check if the session timeout is too low #815
-		if (isset($_POST['session_sessiontimeout']) && $_POST['session_sessiontimeout'] <= 60) {
+		if (isset($_POST['session_sessiontimeout'])
+			&& $_POST['session_sessiontimeout'] <= 60
+		) {
 			standard_error($lng['error']['session_timeout'], $lng['error']['session_timeout_desc']);
 		}

-		if(processFormEx(
+		if (processFormEx(
 			$settings_data,
 			$_POST,
 			array('filename' => $filename, 'action' => $action, 'page' => $page),
@@ -87,25 +79,20 @@ if(($page == 'settings' || $page == 'overview')

 			standard_success('settingssaved', '', array('filename' => $filename, 'action' => $action, 'page' => $page));
 		}
-	}
-	else
-	{
-		$_part = isset($_GET['part']) ? $_GET['part'] : '';

-		if($_part == '')
-		{
+	} else {
+
+		$_part = isset($_GET['part']) ? $_GET['part'] : '';
+		if ($_part == '') {
 			$_part = isset($_POST['part']) ? $_POST['part'] : '';
 		}

 		$fields = buildFormEx($settings_data, $_part);

 		$settings_page = '';
-		if($_part == '')
-		{
+		if ($_part == '') {
 			eval("\$settings_page .= \"" . getTemplate("settings/settings_overview") . "\";");
-		}
-		else
-		{
+		} else {
 			eval("\$settings_page .= \"" . getTemplate("settings/settings") . "\";");
 		}

@@ -114,8 +101,8 @@ if(($page == 'settings' || $page == 'overview')
 		eval("echo \"" . getTemplate("settings/settings_form_end") . "\";");

 	}
-}
-elseif($page == 'phpinfo'
+
+} elseif($page == 'phpinfo'
 	&& $userinfo['change_serversettings'] == '1'
 ) {
 		ob_start();
@@ -158,13 +145,14 @@ elseif($page == 'phpinfo'
 		$phpinfo = $phpinfohtml;
 	}
 	eval("echo \"" . getTemplate("settings/phpinfo") . "\";");
-}
-elseif($page == 'rebuildconfigs'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif($page == 'rebuildconfigs'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+
 		$log->logAction(ADM_ACTION, LOG_INFO, "rebuild configfiles");
 		inserttask('1');
 		inserttask('10');
@@ -172,102 +160,108 @@ elseif($page == 'rebuildconfigs'
 		inserttask('4');

 		standard_success('rebuildingconfigs', '', array('filename' => 'admin_index.php'));
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_configs_reallyrebuild', $filename, array('page' => $page));
 	}
-}
-elseif($page == 'updatecounters'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif($page == 'updatecounters'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+
 		$log->logAction(ADM_ACTION, LOG_INFO, "updated resource-counters");
 		$updatecounters = updateCounters(true);
 		$customers = '';
-		foreach($updatecounters['customers'] as $customerid => $customer)
-		{
+		foreach ($updatecounters['customers'] as $customerid => $customer) {
 			eval("\$customers.=\"" . getTemplate("settings/updatecounters_row_customer") . "\";");
 		}

 		$admins = '';
-		foreach($updatecounters['admins'] as $adminid => $admin)
-		{
+		foreach ($updatecounters['admins'] as $adminid => $admin) {
 			eval("\$admins.=\"" . getTemplate("settings/updatecounters_row_admin") . "\";");
 		}

 		eval("echo \"" . getTemplate("settings/updatecounters") . "\";");
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_counters_reallyupdate', $filename, array('page' => $page));
 	}
-}
-elseif($page == 'wipecleartextmailpws'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif ($page == 'wipecleartextmailpws'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+
 		$log->logAction(ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
-		$db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password`='' ");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='0' WHERE `settinggroup`='system' AND `varname`='mailpwcleartext'");
+		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
+		Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
 		redirectTo('admin_settings.php', array('s' => $s));
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_cleartextmailpws_reallywipe', $filename, array('page' => $page));
 	}
-}
-elseif($page == 'wipequotas'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif($page == 'wipequotas'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+
 		$log->logAction(ADM_ACTION, LOG_WARNING, "wiped all mailquotas");

 		// Set the quota to 0 which means unlimited
-
-		$db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota`='0' ");
-		$db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota_used` = 0");
+		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = '0';");
+		Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota_used` = '0'");
 		redirectTo('admin_settings.php', array('s' => $s));
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_quotas_reallywipe', $filename, array('page' => $page));
 	}
-}
-elseif($page == 'enforcequotas'
-       && $userinfo['change_serversettings'] == '1')
-{
-	if(isset($_POST['send'])
-	   && $_POST['send'] == 'send')
-	{
+
+} elseif ($page == 'enforcequotas'
+	&& $userinfo['change_serversettings'] == '1'
+) {
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
 		// Fetch all accounts
+		$result_stmt = Database::query("SELECT `quota`, `customerid` FROM `" . TABLE_MAIL_USERS . "`");

-		$result = $db->query("SELECT `quota`, `customerid` FROM " . TABLE_MAIL_USERS);
+		if (Database::num_rows() > 0) {

-		while($array = $db->fetch_array($result))
-		{
-			$difference = $settings['system']['mail_quota'] - $array['quota'];
-			$db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota_used` = `email_quota_used` + " . (int)$difference . " WHERE `customerid` = '" . $array['customerid'] . "'");
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
+				`email_quota_used` = `email_quota_used` + :diff
+				WHERE `customerid` = :customerid
+			");
+
+			while ($array = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+				$difference = $settings['system']['mail_quota'] - $array['quota'];
+				Database::pexecute($upd_stmt, array('diff' => $difference, 'customerid' => $customerid));
+			}
 		}

 		// Set the new quota
-
-		$db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET `quota`='" . $settings['system']['mail_quota'] . "'");
+		$upd_stmt = Database::prepare("
+			UPDATE `" . TABLE_MAIL_USERS . "` SET `quota` = :quota
+		");
+		Database::pexecute($upd_stmt, array('quota' => $settings['system']['mail_quota']));

 		// Update the Customer, if the used quota is bigger than the allowed quota
-
-		$db->query("UPDATE " . TABLE_PANEL_CUSTOMERS . " SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`");
+		Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_quota` = `email_quota_used` WHERE `email_quota` < `email_quota_used`");
 		$log->logAction(ADM_ACTION, LOG_WARNING, 'enforcing mailquota to all customers: ' . $settings['system']['mail_quota'] . ' MB');
 		redirectTo('admin_settings.php', array('s' => $s));
-	}
-	else
-	{
+
+	} else {
 		ask_yesno('admin_quotas_reallyenforce', $filename, array('page' => $page));
 	}
 }
--- a/admin_templates.php
+++ b/admin_templates.php
@@ -18,30 +18,21 @@
 */

 define('AREA', 'admin');
+require './lib/init.php';

-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-
-require ("./lib/init.php");
-
-if(isset($_POST['subjectid']))
-{
+if (isset($_POST['subjectid'])) {
 	$subjectid = intval($_POST['subjectid']);
 	$mailbodyid = intval($_POST['mailbodyid']);
-}
-elseif(isset($_GET['subjectid']))
-{
+
+} elseif(isset($_GET['subjectid'])) {
 	$subjectid = intval($_GET['subjectid']);
 	$mailbodyid = intval($_GET['mailbodyid']);
 }

-if(isset($_POST['id']))
-{
+if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
-}
-elseif(isset($_GET['id']))
-{
+
+} elseif(isset($_GET['id'])) {
 	$id = intval($_GET['id']);
 }

@@ -60,6 +51,7 @@ if ((int)$settings['system']['report_enable'] == 1) {
 		'diskmaxpercent'
 	);
 }
+
 if ((int)$settings['ticket']['enabled'] == 1) {
 	array_push($available_templates,
 		'new_ticket_by_customer',
@@ -74,32 +66,31 @@ $file_templates = array(
 	'index_html'
 );

-if($action == '')
-{
+if ($action == '') {
 	//email templates
-
 	$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_templates");

-	if($settings['panel']['sendalternativemail'] == 1)
-	{
+	if ($settings['panel']['sendalternativemail'] == 1) {
 		$available_templates[] = 'pop_success_alternative';
 	}

 	$templates_array = array();
-	$result = $db->query("SELECT `id`, `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='mails' ORDER BY `language`, `varname`");
+	$result_stmt = Database::prepare("
+		SELECT `id`, `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
+		WHERE `adminid` = :adminid AND `templategroup`='mails'
+		ORDER BY `language`, `varname`"
+	);
+	Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));

-	while($row = $db->fetch_array($result))
-	{
+	while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 		$parts = array();
 		preg_match('/^([a-z]([a-z_]+[a-z])*)_(mailbody|subject)$/', $row['varname'], $parts);
 		$templates_array[$row['language']][$parts[1]][$parts[3]] = $row['id'];
 	}

 	$templates = '';
-	foreach($templates_array as $language => $template_defs)
-	{
-		foreach($template_defs as $action => $email)
-		{
+	foreach ($templates_array as $language => $template_defs) {
+		foreach ($template_defs as $action => $email) {
 			$subjectid = $email['subject'];
 			$mailbodyid = $email['mailbody'];
 			$template = $lng['admin']['templates'][$action];
@@ -108,115 +99,137 @@ if($action == '')
 	}

 	$add = false;
+	while (list($language_file, $language_name) = each($languages)) {

-	while(list($language_file, $language_name) = each($languages))
-	{
 		$templates_done = array();
-		$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language_name) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\'');
+		$result_stmt = Database::prepare("
+			SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
+			WHERE `adminid` = :adminid AND `language`= :lang
+			AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
+		);
+		Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language_name));

-		while(($row = $db->fetch_array($result)) != false)
-		{
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$templates_done[] = str_replace('_subject', '', $row['varname']);
 		}

-		if(count(array_diff($available_templates, $templates_done)) > 0)
-		{
+		if (count(array_diff($available_templates, $templates_done)) > 0) {
 			$add = true;
 		}
 	}

 	//filetemplates
-
 	$filetemplates = '';
 	$filetemplateadd = false;
-	$result = $db->query("SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='files'");
+	$result_stmt = Database::prepare("
+		SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
+		WHERE `adminid` = :adminid AND `templategroup`='files'"
+	);
+	Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));

-	if($db->num_rows($result) != count($file_templates))$filetemplateadd = true;
-
-	while($row = $db->fetch_array($result))
-	{
-		eval("\$filetemplates.=\"" . getTemplate("templates/templates_filetemplate") . "\";");
+	if (Database::num_rows() != count($file_templates)) {
+		$filetemplateadd = true;
 	}

+	while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+		eval("\$filetemplates.=\"" . getTemplate("templates/templates_filetemplate") . "\";");
+	}
 	eval("echo \"" . getTemplate("templates/templates") . "\";");
-}
-elseif($action == 'delete'
-       && $subjectid != 0
-       && $mailbodyid != 0)
-{
+
+} elseif($action == 'delete'
+	&& $subjectid != 0
+	&& $mailbodyid != 0
+) {
 	//email templates
+	$result_stmt = Database::prepare("
+		SELECT `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
+		WHERE `adminid` = :adminid AND `id` = :id"
+	);
+	Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $subjectid));
+	$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-	$result = $db->query_first("SELECT `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'");
-
-	if($result['varname'] != '')
-	{
-		if(isset($_POST['send'])
-		   && $_POST['send'] == 'send')
-		{
-			$db->query("DELETE FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND (`id`='" . (int)$subjectid . "' OR `id`='" . (int)$mailbodyid . "')");
+	if ($result['varname'] != '') {
+		if (isset($_POST['send'])
+			&& $_POST['send'] == 'send'
+		) {
+			$del_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
+				WHERE `adminid` = :adminid
+				AND (`id` = :ida OR `id` = :idb)"
+			);
+			Database::pexecute($del_stmt, array(
+				'adminid' => $userinfo['adminid'],
+				'ida' => $subjectid,
+				'idb' => $mailbodyid
+			));
 			$log->logAction(ADM_ACTION, LOG_INFO, "deleted template '" . $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])] . "'");
-			redirectTo($filename, Array('page' => $page, 's' => $s));
-		}
-		else
-		{
+			redirectTo($filename, array('page' => $page, 's' => $s));
+
+		} else {
 			ask_yesno('admin_template_reallydelete', $filename, array('subjectid' => $subjectid, 'mailbodyid' => $mailbodyid, 'page' => $page, 'action' => $action), $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])]);
 		}
 	}
-}
-elseif($action == 'deletef'
-       && $id != 0)
-{
+
+} elseif($action == 'deletef'
+	&& $id != 0
+) {
 	//file templates
+	$result_stmt = Database::prepare("
+		SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "`
+		WHERE `adminid` = :adminid AND `id` = :id"
+	);
+	Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));

-	$result = $db->query("SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'");
+	if (Database::num_rows() > 0) {

-	if($db->num_rows($result) > 0)
-	{
-		$row = $db->fetch_array($result);
+		$row = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(isset($_POST['send'])
-		   && $_POST['send'] == 'send')
-		{
-			$db->query("DELETE FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`=" . (int)$userinfo['adminid'] . " AND `id`=" . (int)$id . "");
+		if (isset($_POST['send'])
+			&& $_POST['send'] == 'send'
+		) {
+			$del_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
+				WHERE `adminid` = :adminid AND `id` = :id"
+			);
+			Database::pexecute($del_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));
 			$log->logAction(ADM_ACTION, LOG_INFO, "deleted template '" . $lng['admin']['templates'][$row['varname']] . "'");
-			redirectTo($filename, Array('page' => $page, 's' => $s));
-		}
-		else
-		{
+			redirectTo($filename, array('page' => $page, 's' => $s));
+
+		} else {
 			ask_yesno('admin_template_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $lng['admin']['templates'][$row['varname']]);
 		}
-	}
-	else
-	{
+
+	} else {
 		standard_error('templatenotfound');
 		exit;
 	}
-}
-elseif($action == 'add')
-{
-	if($settings['panel']['sendalternativemail'] == 1)
-	{
+
+} elseif($action == 'add') {
+
+	if ($settings['panel']['sendalternativemail'] == 1) {
 		$available_templates[] = 'pop_success_alternative';
 	}

-	if(isset($_POST['prepare'])
-	   && $_POST['prepare'] == 'prepare')
-	{
+	if (isset($_POST['prepare'])
+		&& $_POST['prepare'] == 'prepare'
+	) {
 		//email templates
-
 		$language = validate($_POST['language'], 'language');
 		$templates = array();
-		$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\'');
+		$result_stmt = Database::prepare("
+			SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
+			WHERE `adminid`= :adminid AND `language`= :lang
+			AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
+		);
+		Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language));

-		while(($row = $db->fetch_array($result)) != false)
-		{
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$templates[] = str_replace('_subject', '', $row['varname']);
 		}

 		$templates = array_diff($available_templates, $templates);
 		$template_options = '';
-		foreach($templates as $template)
-		{
+		foreach ($templates as $template) {
 			$template_options.= makeoption($lng['admin']['templates'][$template], $template, NULL, true);
 		}

@@ -227,105 +240,143 @@ elseif($action == 'add')
 		$image = $template_add_data['template_add']['image'];

 		eval("echo \"" . getTemplate("templates/templates_add_2") . "\";");
-	}
-	elseif(isset($_POST['send'])
-	       && $_POST['send'] == 'send')
-	{
-		//email templates

+	} elseif(isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
+		//email templates
 		$language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect');
 		$template = validate($_POST['template'], 'template');
 		$subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
 		$mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
 		$templates = array();
-		$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\'');
+		$result_stmt = Database::prepare("
+			SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
+			WHERE `adminid` = :adminid AND `language` = :lang
+			AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
+		);
+		Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language));

-		while(($row = $db->fetch_array($result)) != false)
-		{
+		while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$templates[] = str_replace('_subject', '', $row['varname']);
 		}

 		$templates = array_diff($available_templates, $templates);
-
-		if(array_search($template, $templates) === false)
-		{
+		if (array_search($template, $templates) === false) {
 			standard_error('templatenotfound');
-		}
-		else
-		{
-			$result = $db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
-									VALUES ('" . (int)$userinfo['adminid'] . "', '" . $db->escape($language) . "', 'mails', '" . $db->escape($template) . "_subject','" . $db->escape($subject) . "')");
-			$result = $db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
-									VALUES ('" . (int)$userinfo['adminid'] . "', '" . $db->escape($language) . "', 'mails', '" . $db->escape($template) . "_mailbody','" . $db->escape($mailbody) . "')");
-			$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $language . ' - ' . $template . "'");
-			redirectTo($filename, Array('page' => $page, 's' => $s));
-		}
-	}
-	elseif(isset($_POST['filesend'])
-	       && $_POST['filesend'] == 'filesend')
-	{
-		//file templates

+		} else {
+			$ins_stmt = Database::prepare("
+				INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
+					`adminid` = :adminid,
+					`language` = :lang,
+					`templategroup` = 'mails',
+					`varname` = :var,
+					`value` = :value"
+			);
+
+			// mail-subject
+			$ins_data = array(
+				'adminid' => $userinfo['adminid'],
+				'lang' => $language,
+				'var' =>  $template.'_subject',
+				'value' => $subject
+			);
+			Database::pexecute($ins_stmt, $ins_data);
+
+			// mail-body
+			$ins_data = array(
+				'adminid' => $userinfo['adminid'],
+				'lang' => $language,
+				'var' =>  $template.'_mailbody',
+				'value' => $mailbody
+			);
+			Database::pexecute($ins_stmt, $ins_data);
+
+			$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $language . ' - ' . $template . "'");
+			redirectTo($filename, array('page' => $page, 's' => $s));
+		}
+
+	} elseif(isset($_POST['filesend'])
+		&& $_POST['filesend'] == 'filesend'
+	) {
+		//file templates
 		$template = validate($_POST['template'], 'template');
 		$filecontent = validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
-		$db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
-					VALUES ('" . (int)$userinfo['adminid'] . "', '', 'files', '" . $db->escape($template) . "','" . $db->escape($filecontent) . "')");
-		$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $template . "'");
-		redirectTo($filename, Array('page' => $page, 's' => $s));
-	}
-	elseif(!isset($_GET['files']))
-	{
-		//email templates

+		$ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
+				`adminid` = :adminid,
+				`language` = '',
+				`templategroup` = 'files',
+				`varname` = :var,
+				`value` = :value"
+		);
+
+		$ins_data = array(
+			'adminid' => $userinfo['adminid'],
+			'var' => $template,
+			'value' => $filecontent
+		);
+		Database::pexecute($ins_stmt, $ins_data);
+
+		$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $template . "'");
+		redirectTo($filename, array('page' => $page, 's' => $s));
+
+	} elseif(!isset($_GET['files'])) {
+
+		//email templates
 		$add = false;
 		$language_options = '';

-		while(list($language_file, $language_name) = each($languages))
-		{
+		while (list($language_file, $language_name) = each($languages)) {
 			$templates = array();
-			$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language_name) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\'');
+			$result_stmt = Database::prepare("
+				SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
+				WHERE `adminid` = :adminid AND `language` = :lang
+				AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
+			);
+			Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language_name));

-			while(($row = $db->fetch_array($result)) != false)
-			{
+			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$templates[] = str_replace('_subject', '', $row['varname']);
 			}

-			if(count(array_diff($available_templates, $templates)) > 0)
-			{
+			if (count(array_diff($available_templates, $templates)) > 0) {
 				$add = true;
 				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
 			}
 		}

-		if($add)
-		{
+		if ($add) {
 			eval("echo \"" . getTemplate("templates/templates_add_1") . "\";");
-		}
-		else
-		{
+		} else {
 			standard_error('alltemplatesdefined');
 			exit;
 		}
-	}
-	else
-	{
+
+	} else {
 		//filetemplates
+		$result_stmt = Database::prepare("
+			SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
+			WHERE `adminid` = :adminid AND `templategroup`='files'"
+		);
+		Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));

-		$result = $db->query("SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='files'");
-
-		if($db->num_rows($result) == count($file_templates))
-		{
+		if (Database::num_rows() == count($file_templates)) {
 			standard_error('alltemplatesdefined');
 			exit;
-		}
-		else
-		{
+
+		} else {
+
 			$templatesdefined = array();
 			$free_templates = '';

-			while($row = $db->fetch_array($result))$templatesdefined[] = $row['varname'];
-			foreach(array_diff($file_templates, $templatesdefined) as $template)
-			{
+			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+				$templatesdefined[] = $row['varname'];
+			}
+
+			foreach (array_diff($file_templates, $templatesdefined) as $template) {
 				$free_templates.= makeoption($lng['admin']['templates'][$template], $template, '', true);
 			}

@@ -338,33 +389,61 @@ elseif($action == 'add')
 			eval("echo \"" . getTemplate("templates/filetemplates_add") . "\";");
 		}
 	}
-}
-elseif($action == 'edit'
-       && $subjectid != 0
-       && $mailbodyid != 0)
-{
+
+} elseif($action == 'edit'
+	&& $subjectid != 0
+	&& $mailbodyid != 0
+) {
 	//email templates
+	$result_stmt = Database::prepare("
+		SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
+		WHERE `adminid` = :adminid AND `id` = :subjectid"
+	);
+	Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'subjectid' => $subjectid));
+	$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-	$result = $db->query_first("SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'");
+	if ($result['varname'] != '') {

-	if($result['varname'] != '')
-	{
-		if(isset($_POST['send'])
-		   && $_POST['send'] == 'send')
-		{
+		if (isset($_POST['send'])
+			&& $_POST['send'] == 'send'
+		) {
 			$subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
 			$mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
-			$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($subject) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'");
-			$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($mailbody) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$mailbodyid . "'");
+
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
+					`value` = :value
+				WHERE `adminid` = :adminid AND `id` = :id"
+			);
+			// subject
+			Database::pexecute($upd_stmt, array(
+				'value' => $subject,
+				'adminid' => $userinfo['adminid'],
+				'id' => $subjectid
+			));
+			// same query but mailbody
+			Database::pexecute($upd_stmt, array(
+				'value' => $mailbody,
+				'adminid' => $userinfo['adminid'],
+				'id' => $mailbodyid
+			));
+
 			$log->logAction(ADM_ACTION, LOG_INFO, "edited template '" . $result['varname'] . "'");
-			redirectTo($filename, Array('page' => $page, 's' => $s));
-		}
-		else
-		{
+			redirectTo($filename, array('page' => $page, 's' => $s));
+
+		} else {
+
 			$result = htmlentities_array($result);
 			$template = $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])];
 			$subject = $result['value'];
-			$result = $db->query_first("SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `id`='$mailbodyid'");
+			$result_stmt = Database::prepare("
+				SELECT `language`, `varname`, `value`
+				FROM `" . TABLE_PANEL_TEMPLATES . "`
+				WHERE `id` = :id"
+			);
+			Database::pexecute($result_stmt, array('id' => $mailbodyid));
+			$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
 			$result = htmlentities_array($result);
 			$mailbody = $result['value'];

@@ -377,30 +456,41 @@ elseif($action == 'edit'
 			eval("echo \"" . getTemplate("templates/templates_edit") . "\";");
 		}
 	}
-}
-elseif($action == 'editf'
-       && $id != 0)
-{
+
+} elseif($action == 'editf'
+	&& $id != 0
+) {
 	//file templates
+	$result_stmt = Database::prepare("
+		SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "`
+		WHERE `adminid` = :adminid AND `id` = :id"
+	);
+	Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));

-	$result = $db->query("SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'");
+	if(Database::num_rows() > 0) {

-	if($db->num_rows($result) > 0)
-	{
-		$row = $db->fetch_array($result);
+		$row = $result_stmt->fetch(PDO::FETCH_ASSOC);

 		//filetemplates
-
-		if(isset($_POST['filesend'])
-		   && $_POST['filesend'] == 'filesend')
-		{
+		if (isset($_POST['filesend'])
+			&& $_POST['filesend'] == 'filesend'
+		) {
 			$filecontent = validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
-			$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($filecontent) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'");
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
+					`value` = :value
+				WHERE `adminid` = :adminid AND `id` = :id"
+			);
+			Database::pexecute($upd_stmt, array(
+				'value' => $filecontent,
+				'adminid' => $userinfo['adminid'],
+				'id' => $id
+			));
+
 			$log->logAction(ADM_ACTION, LOG_INFO, "edited template '" . $row['varname'] . "'");
-			redirectTo($filename, Array('page' => $page, 's' => $s));
-		}
-		else
-		{
+			redirectTo($filename, array('page' => $page, 's' => $s));
+
+		} else {
 			$row = htmlentities_array($row);

 			$filetemplate_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/templates/formfield.filetemplate_edit.php';
@@ -411,9 +501,8 @@ elseif($action == 'editf'

 			eval("echo \"" . getTemplate("templates/filetemplates_edit") . "\";");
 		}
-	}
-	else
-	{
+
+	} else {
 		standard_error('templatenotfound');
 		exit;
 	}
--- a/admin_tickets.php
+++ b/admin_tickets.php
--- a/admin_traffic.php
+++ b/admin_traffic.php
@@ -17,26 +17,22 @@
 */

 define('AREA', 'admin');
+require './lib/init.php';

-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-
-require ("./lib/init.php");
-
-if($action == 'logout')
-{
-	$db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['adminid'] . "' AND `adminsession` = '1'");
+if ($action == 'logout') {
+	$logout_stmt = Database::prepare("
+		DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
+		WHERE `userid` = :adminid
+		AND `adminsession` = '1'"
+	);
+	Database::pexecute($logout_stmt, array('adminid' => $userinfo['adminid']));
 	redirectTo('index.php');
 	exit;
 }

-if(isset($_POST['id']))
-{
+if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
-}
-elseif(isset($_GET['id']))
-{
+} elseif(isset($_GET['id'])) {
 	$id = intval($_GET['id']);
 }

@@ -56,59 +52,50 @@ $months = array(
 	'12' => 'dec',
 );

-if($page == 'overview' || $page == 'customers') 
-{
-	if($action == 'su' && $id != 0)
-	{
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$id . "' " . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' "));
+if ($page == 'overview' || $page == 'customers') {

-		if($result['loginname'] != '')
-		{
-			$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid`='" . (int)$userinfo['userid'] . "'");
-			$s = md5(uniqid(microtime(), 1));
-			$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) VALUES ('" . $db->escape($s) . "', '" . (int)$id . "', '" . $db->escape($result['ipaddress']) . "', '" . $db->escape($result['useragent']) . "', '" . time() . "', '" . $db->escape($result['language']) . "', '0')");
-			redirectTo('customer_traffic.php', Array(
-				's' => $s
-			));
-		}
-		else
-		{
-			redirectTo('index.php', Array(
-				'action' => 'login'
-			));
-		}
-	}
 	$customerview = 1;
 	$stats_tables = '';
-	$minyear = $db->query_first("SELECT `year` FROM `". TABLE_PANEL_TRAFFIC . "` ORDER BY `year` ASC LIMIT 1");
-	if (!isset($minyear['year']) || $minyear['year'] == 0)
-	{
+	$minyear_stmt = Database::query("SELECT `year` FROM `". TABLE_PANEL_TRAFFIC . "` ORDER BY `year` ASC LIMIT 1");
+	$minyear = $minyear_stmt->fetch(PDO::FETCH_ASSOC);
+
+	if (!isset($minyear['year']) || $minyear['year'] == 0) {
 		$maxyears = 0;
-	}
-	else
-	{
+	} else {
 		$maxyears = date("Y") - $minyear['year'];
 	}
-	for($years = 0; $years<=$maxyears; $years++) {
+
+	for ($years = 0; $years<=$maxyears; $years++) {
+
 		$overview['year'] = date("Y")-$years;
 		$overview['type'] = $lng['traffic']['customer'];
 		$domain_list = '';
-		$customer_name_list = $db->query("SELECT `customerid`,`company`,`name`,`firstname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `deactivated`='0'" . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = '" . (int)$userinfo['adminid'] . "' ") . " ORDER BY name");
 		$totals = array(
-			'jan' => 0,
-			'feb' => 0,
-			'mar' => 0,
-			'apr' => 0,
-			'may' => 0,
-			'jun' => 0,
-			'jul' => 0,
-			'aug' => 0,
-			'sep' => 0,
-			'oct' => 0,
-			'nov' => 0,
-			'dec' => 0,
+				'jan' => 0,
+				'feb' => 0,
+				'mar' => 0,
+				'apr' => 0,
+				'may' => 0,
+				'jun' => 0,
+				'jul' => 0,
+				'aug' => 0,
+				'sep' => 0,
+				'oct' => 0,
+				'nov' => 0,
+				'dec' => 0,
 		);
-		while($customer_name = $db->fetch_array($customer_name_list)) {
+
+		$customer_name_list_stmt = Database::prepare("
+			SELECT `customerid`,`company`,`name`,`firstname`
+			FROM `" . TABLE_PANEL_CUSTOMERS . "`
+			WHERE `deactivated`='0'" .
+			($userinfo['customers_see_all'] ? '' : " AND `adminid` = :id") . "
+			ORDER BY name"
+		);
+		Database::pexecute($customer_name_list_stmt, array('id' => $userinfo['adminid']));
+
+		while($customer_name = $customer_name_list_stmt->fetch(PDO::FETCH_ASSOC)) {
+
 			$virtual_host = array(
 				'name' => ($customer_name['company'] == '' ? $customer_name['name'] . ", " . $customer_name['firstname'] : $customer_name['company']),
 				'customerid' => $customer_name['customerid'],
@@ -125,9 +112,16 @@ if($page == 'overview' || $page == 'customers')
 				'nov' => '-',
 				'dec' => '-',
 			);
-			
-			$traffic_list = $db->query("SELECT month, SUM(http+ftp_up+ftp_down+mail)*1024 AS traffic FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE year = " . (date("Y")-$years) . " AND `customerid` = '" . $customer_name['customerid'] . "' GROUP BY month ORDER BY month");
-			while($traffic_month = $db->fetch_array($traffic_list)) {
+
+			$traffic_list_stmt = Database::prepare("
+				SELECT month, SUM(http+ftp_up+ftp_down+mail)*1024 AS traffic
+				FROM `" . TABLE_PANEL_TRAFFIC . "`
+				WHERE year = :year AND `customerid` = :id
+				GROUP BY month ORDER BY month"
+			);
+			Database::pexecute($traffic_list_stmt, array('year' => (date("Y")-$years), 'id' => $customer_name['customerid']));
+
+			while ($traffic_month = $traffic_list_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$virtual_host[$months[(int)$traffic_month['month']]] = size_readable($traffic_month['traffic'], 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');
 				$totals[$months[(int)$traffic_month['month']]] += $traffic_month['traffic'];
 			}
@@ -137,7 +131,7 @@ if($page == 'overview' || $page == 'customers')
 		$virtual_host = array(
 			'name' => $lng['traffic']['months']['total'],
 		);
-		foreach($totals as $month => $bytes) {
+		foreach ($totals as $month => $bytes) {
 			$virtual_host[$month] = ($bytes == 0 ? '-' : size_readable($bytes, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s'));
 		}
 		$customerview = 0;
--- a/admin_updates.php
+++ b/admin_updates.php
@@ -16,14 +16,14 @@
 */

 define('AREA', 'admin');
-require('./lib/init.php');
+require './lib/init.php';

 if ($page == 'overview') {
 	$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_updates");

 	/**
 	 * this is a dirty hack but syscp 1.4.2.1 does not
-	 * has any version/dbversion in the database (don't know why)
+	 * have any version/dbversion in the database (don't know why)
 	 * so we have to set them both to run a correct upgrade
 	 */
 	if (!isFroxlor()) {
@@ -31,7 +31,13 @@ if ($page == 'overview') {
 			|| $settings['panel']['version'] == ''
 		) {
 			$settings['panel']['version'] = '1.4.2.1';
-			$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('panel','version','".$settings['panel']['version']."')");
+			$stmt = Database::prepare("
+				INSERT INTO `" . TABLE_PANEL_SETTINGS . "` SET
+					`settinggroup` = 'panel',
+					`varname` = 'version',
+					`value` = :version"
+			);
+			Database::pexecute($stmt, array('version' => $settings['panel']['version']));
 		}
 		if (!isset($settings['system']['dbversion'])
 			|| $settings['system']['dbversion'] == ''
@@ -42,7 +48,10 @@ if ($page == 'overview') {
 			 * and the svn-version has its value in the database
 			 * -> bug #54
 			 */
-			$result = $db->query_first("SELECT `value` FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `varname` = 'dbversion'");
+			$result_stmt = Database::query("
+				SELECT `value` FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `varname` = 'dbversion'"
+			);
+			$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

 			if (isset($result['value'])) {
 				$settings['system']['dbversion'] = (int)$result['value'];
@@ -101,9 +110,6 @@ if ($page == 'overview') {
 			eval("echo \"" . getTemplate('update/index') . "\";");
 		}
 	} else {
-		/*
-		 * @TODO version-webcheck check here
-		 */
 		$success_message = $lng['update']['noupdatesavail'];
 		$redirect_url = 'admin_index.php?s=' . $s;
 		eval("echo \"" . getTemplate('update/noupdatesavail') . "\";");
--- a/customer_aps.php
+++ b/customer_aps.php
@@ -18,7 +18,7 @@
 */

 define('AREA', 'customer');
-require ('./lib/init.php');
+require './lib/init.php';

 $Id = 0;
 if (isset($_GET['id'])) {
@@ -29,6 +29,6 @@ if (isset($_POST['id'])) {
 }

 eval("echo \"" . getTemplate('aps/header') . "\";");
-$Aps = new ApsParser($userinfo, $settings, $db);
+$Aps = new ApsParser($userinfo, $settings);
 $Aps->MainHandler($action);
 eval("echo \"" . getTemplate('aps/footer') . "\";");
--- a/customer_autoresponder.php
+++ b/customer_autoresponder.php
@@ -18,7 +18,7 @@
 */

 define('AREA', 'customer');
-require('./lib/init.php');
+require './lib/init.php';

 if ($action == 'add') {
 	// Create new autoresponder
@@ -53,40 +53,73 @@ if ($action == 'add') {
 		) {
 			standard_error('missingfields');
 		}
-
+		
 		// Does account exist?
-		$result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1");
-		if ($db->num_rows($result) == 0) {
+		$stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_USERS . "`
+			WHERE `customerid` = :customerid
+			AND `email` = :account
+			LIMIT 0,1"
+		);
+		Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid']));
+		if (Database::num_rows() == 0) {
 			standard_error('accountnotexisting');
 		}

 		// Does autoresponder exist?
-		$result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1");
-		if ($db->num_rows($result) == 1) {
+		$stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "`
+			WHERE `customerid` = :customerid
+			AND `email` = :account
+			LIMIT 0,1"
+		);
+		Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid']));
+		if (Database::num_rows() == 1) {
 			standard_error('autoresponderalreadyexists');
 		}
-
-		$db->query("INSERT INTO `" . TABLE_MAIL_AUTORESPONDER . "`
-			SET `email` = '" . $db->escape($account) . "',
-			`message` = '" . $db->escape($message) . "',
-			`enabled` = '" . (int)$_POST['active'] . "',
-			`date_from` = '" . (int)$ts_from . "',
-			`date_until` = '" . (int)$ts_until . "',
-			`subject` = '" . $db->escape($subject) . "',
-			`customerid` = '" . $db->escape((int)$userinfo['customerid']) . "'
-			");
-		$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_autoresponder_used` = `email_autoresponder_used` + 1 WHERE `customerid` = '" . $db->escape((int)$userinfo['customerid']). "'");
+		
+		// Create autoresponder
+		$stmt = Database::prepare("INSERT INTO `" . TABLE_MAIL_AUTORESPONDER . "`
+			SET `email` = :account,
+			`message` = :message,
+			`enabled` = :enabled,
+			`date_from` = :date_from,
+			`date_until` = :date_until,
+			`subject` = :subject,
+			`customerid` = :customerid"
+		);
+		$params = array(
+			"account" => $account,
+			"message" => $message,
+			"enabled" => $_POST['active'],
+			"date_from" => $ts_from,
+			"date_until" => $ts_until,
+			"subject" => $subject,
+			"customerid" => $userinfo['customerid']
+		);
+		Database::pexecute($stmt, $params);
+		
+		// Update email_autoresponder_used count
+		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+			SET `email_autoresponder_used` = `email_autoresponder_used` + 1
+			WHERE `customerid` = :customerid"
+		);
+		Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
 		redirectTo($filename, Array('s' => $s));
 	}

 	// Get accounts
-	$result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` NOT IN (SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "`) ORDER BY email ASC");
-	if ($db->num_rows($result) == 0) {
+	$params = array("customerid" => $userinfo['customerid']);
+	$acc_stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_USERS . "`
+		WHERE `customerid` = :customerid
+		AND `email` NOT IN (SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "`)
+		ORDER BY email ASC"
+	);
+	Database::pexecute($acc_stmt, $params);
+	if (Database::num_rows() == 0) {
 		standard_error('noemailaccount');
 	}

 	$accounts = '';
-	while ($row = $db->fetch_array($result)) {
+	while ($row = $acc_stmt->fetch(PDO::FETCH_ASSOC)) {
 		$accounts .= '<option value="' . $row['email'] . '">' . $row['email'] . '</option>';
 	}

@@ -137,41 +170,64 @@ if ($action == 'add') {
 		}

 		// Does account exist?
-		$result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_USERS . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1");
-		if ($db->num_rows($result) == 0)
-		{
+		$stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_USERS . "`
+			WHERE `customerid` = :customerid
+			AND `email` = :account
+			LIMIT 0,1"
+		);
+		Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid']));
+		if (Database::num_rows() == 0) {
 			standard_error('accountnotexisting');
 		}

 		// Does autoresponder exist?
-		$result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1");
-		if ($db->num_rows($result) == 0) {
+		$stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "`
+			WHERE `customerid` = :customerid
+			AND `email` = :account
+			LIMIT 0,1"
+		);
+		Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid']));
+		if (Database::num_rows() == 0) {
 			standard_error('invalidautoresponder');
 		}

-		$ResponderActive = (isset($_POST['active']) && $_POST['active'] == '1') ? 1 : 0;
-
-		$db->query("UPDATE `" . TABLE_MAIL_AUTORESPONDER . "`
-			SET `message` = '" . $db->escape($message) . "',
-			`enabled` = '" . (int)$ResponderActive . "',
-			`date_from` = '" . (int)$ts_from . "',
-			`date_until` = '" . (int)$ts_until . "',
-			`subject` = '" . $db->escape($subject) . "'
-			WHERE `email` = '" . $db->escape($account) . "'
-			AND `customerid` = '" . $db->escape((int)$userinfo['customerid']) . "'
-			");
+		// Update autoresponder
+		$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_AUTORESPONDER . "`
+			SET `message` = :message,
+			`enabled` = :enabled,
+			`date_from` = :date_from,
+			`date_until` = :date_until,
+			`subject` = :subject
+			WHERE `email` = :account
+			AND `customerid` = :customerid"
+		);
+		$params = array(
+			"account" => $account,
+			"message" => $message,
+			"enabled" => $_POST['active'],
+			"date_from" => $ts_from,
+			"date_until" => $ts_until,
+			"subject" => $subject,
+			"customerid" => $userinfo['customerid']
+		);
+		Database::pexecute($stmt, $params);
 		redirectTo($filename, Array('s' => $s));
 	}

 	$email = trim(htmlspecialchars($_GET['email']));

 	// Get account data
-	$result = $db->query("SELECT * FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($email) . "' LIMIT 0,1");
-	if ($db->num_rows($result) == 0) {
+	$acc_stmt = Database::prepare("SELECT * FROM `" . TABLE_MAIL_AUTORESPONDER . "`
+		WHERE `customerid` = :customerid
+		AND `email` = :account
+		LIMIT 0,1"
+	);
+	Database::pexecute($acc_stmt, array("account" => $email, "customerid" => $userinfo['customerid']));
+	if (Database::num_rows() == 0) {
 		standard_error('invalidautoresponder');
 	}

-	$row = $db->fetch_array($result);
+	$row = $acc_stmt->fetch(PDO::FETCH_ASSOC);
 	$subject = htmlspecialchars($row['subject']);
 	$message = htmlspecialchars($row['message']);

@@ -207,22 +263,33 @@ if ($action == 'add') {
 	eval("echo \"" . getTemplate('autoresponder/autoresponder_edit') . "\";");
 } elseif ($action == 'delete') {
 	// Delete autoresponder
-	if (isset($_POST['send'])
-	   && $_POST['send'] == 'send'
-	) {
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$account = trim($_POST['account']);

 		// Does autoresponder exist?
-		$result = $db->query("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' AND `email` = '" . $db->escape($account) . "' LIMIT 0,1");
-		if ($db->num_rows($result) == 0) {
+		$stmt = Database::prepare("SELECT `email` FROM `" . TABLE_MAIL_AUTORESPONDER . "`
+			WHERE `customerid` = :customerid
+			AND `email` = :account
+			LIMIT 0,1"
+		);
+		Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid']));
+		if (Database::num_rows() == 0) {
 			standard_error('invalidautoresponder');
 		}
-
-		$db->query("DELETE FROM `" . TABLE_MAIL_AUTORESPONDER . "`
-			WHERE `email` = '" . $db->escape($account) . "'
-			AND `customerid` = '" . $db->escape((int)$userinfo['customerid']) . "'
-			");
-		$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `email_autoresponder_used` = `email_autoresponder_used` - 1 WHERE `customerid` = '" . $db->escape((int)$userinfo['customerid']). "'");
+		
+		// Delete autoresponder
+		$stmt = Database::prepare("DELETE FROM `" . TABLE_MAIL_AUTORESPONDER . "`
+			WHERE `email` = :account
+			AND `customerid` = :customerid"
+		);
+		Database::pexecute($stmt, array("account" => $account, "customerid" => $userinfo['customerid']));
+			
+		// Update email_autoresponder_used count
+		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+			SET `email_autoresponder_used` = `email_autoresponder_used` - 1
+			WHERE `customerid` = :customerid"
+		);
+		Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
 		redirectTo($filename, Array('s' => $s));
 	}

@@ -232,9 +299,13 @@ if ($action == 'add') {
 	// List existing autoresponders
 	$autoresponder = '';
 	$count = 0;
-	$result = $db->query("SELECT * FROM `" . TABLE_MAIL_AUTORESPONDER . "` WHERE `customerid` = '" . (int)$userinfo['customerid'] . "' ORDER BY email ASC");
+	$stmt = Database::prepare("SELECT * FROM `" . TABLE_MAIL_AUTORESPONDER . "`
+		WHERE `customerid` = :customerid
+		ORDER BY email ASC"
+	);
+	Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));

-	while ($row = $db->fetch_array($result)) {
+	while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
 		if ($row['date_from'] == -1 && $row['date_until'] == -1) {
 			$activated_date = $lng['panel']['not_activated'];
 		} elseif($row['date_from'] == -1 && $row['date_until'] != -1) {
--- a/customer_domains.php
+++ b/customer_domains.php
--- a/customer_email.php
+++ b/customer_email.php
--- a/customer_extras.php
+++ b/customer_extras.php
@@ -18,40 +18,37 @@
 */

 define('AREA', 'customer');
+require './lib/init.php';

-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-
-require ("./lib/init.php");
-
-if(isset($_POST['id']))
-{
+if(isset($_POST['id'])) {
 	$id = intval($_POST['id']);
-}
-elseif(isset($_GET['id']))
-{
+} elseif(isset($_GET['id'])) {
 	$id = intval($_GET['id']);
 }

-if($page == 'overview')
-{
+if($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
 	eval("echo \"" . getTemplate("extras/extras") . "\";");
-}
-elseif($page == 'backup')
-{
+} elseif($page == 'backup') {
    $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras_backup");

-    $result = $db->query("SELECT `backup_enabled` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");
-    $row = $db->fetch_array($result);
+    $result_stmt = Database::prepare("SELECT `backup_enabled` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+    	WHERE `customerid`= :customerid"
+    );
+    Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+    $row = $result_stmt->fetch(PDO::FETCH_ASSOC);

    $backup_enabled = makeyesno('backup_enabled', '1', '0', $row['backup_enabled']);

-    if(isset($_POST['send']) && $_POST['send'] == 'send'){
+    if(isset($_POST['send']) && $_POST['send'] == 'send') {
 	$backup_enabled = ($_POST['backup_enabled'] == '1' ? '1' : '0');
-	
-        $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `backup_enabled`='" . $backup_enabled . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");
+
+        $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+        	SET `backup_enabled`= :backupenabled
+        	WHERE `customerid`= :customerid"
+        );
+        Database::pexecute($stmt, array("backupenabled" => $backup_enabled, "customerid" => $userinfo['customerid']));
+
 	redirectTo($filename, Array('page' => $page, 's' => $s));
    }

@@ -60,21 +57,21 @@ elseif($page == 'backup')

 	$title = $backup_data['backup']['title'];
 	$image = $backup_data['backup']['image'];
-    
+
    eval("echo \"" . getTemplate("extras/backup") . "\";");
-}
-elseif($page == 'htpasswds')
-{
-	if($action == '')
-	{
+} elseif($page == 'htpasswds') {
+	if($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
 		$fields = array(
 			'username' => $lng['login']['username'],
 			'path' => $lng['panel']['path']
 		);
-		$paging = new paging($userinfo, $db, TABLE_PANEL_HTPASSWDS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
-		$result = $db->query("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
-		$paging->setEntries($db->num_rows($result));
+		$paging = new paging($userinfo, TABLE_PANEL_HTPASSWDS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` 
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -83,12 +80,9 @@ elseif($page == 'htpasswds')
 		$count = 0;
 		$htpasswds = '';

-		while($row = $db->fetch_array($result))
-		{
-			if($paging->checkDisplay($i))
-			{
-				if(strpos($row['path'], $userinfo['documentroot']) === 0)
-				{
+		while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			if($paging->checkDisplay($i)) {
+				if(strpos($row['path'], $userinfo['documentroot']) === 0) {
 					$row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
 				}

@@ -101,90 +95,96 @@ elseif($page == 'htpasswds')
 		}

 		eval("echo \"" . getTemplate("extras/htpasswds") . "\";");
-	}
-	elseif($action == 'delete'
-	       && $id != 0)
-	{
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
+	} elseif($action == 'delete' && $id != 0) {
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
+			WHERE `customerid`= :customerid
+			AND `id`= :id"
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
+		if(isset($result['username']) && $result['username'] != '') {
+			if(isset($_POST['send']) && $_POST['send'] == 'send') {
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "`
+					WHERE `customerid`= :customerid
+					AND `id`= :id"
+				);
+				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));

-		if(isset($result['username'])
-		   && $result['username'] != '')
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
-				$db->query("DELETE FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='$id'");
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 				inserttask('1');
 				redirectTo($filename, Array('page' => $page, 's' => $s));
-			}
-			else
-			{
-				if(strpos($result['path'], $userinfo['documentroot']) === 0)
-				{
+			} else {
+				if(strpos($result['path'], $userinfo['documentroot']) === 0) {
 					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
 				}

 				ask_yesno('extras_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username'] . ' (' . $result['path'] . ')');
 			}
 		}
-	}
-	elseif($action == 'add')
-	{
-		if(isset($_POST['send'])
-		   && $_POST['send'] == 'send')
-		{
+	} elseif($action == 'add') {
+		if(isset($_POST['send']) && $_POST['send'] == 'send') {
 			$path = makeCorrectDir(validate($_POST['path'], 'path'));
 			$userpath = $path;
 			$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 			$username = validate($_POST['username'], 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/');
 			$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');
 			validate($_POST['directory_password'], 'password');
-			$username_path_check = $db->query_first("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `username`='" . $db->escape($username) . "' AND `path`='" . $db->escape($path) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "'");

-			if(CRYPT_STD_DES == 1)
-			{
+			$username_path_check_stmt = Database::prepare("SELECT `id`, `username`, `path` FROM `" . TABLE_PANEL_HTPASSWDS . "`
+				WHERE `username`= :username
+				AND `path`= :path
+				AND `customerid`= :customerid"
+			);
+			$params = array(
+				"username" => $username,
+				"path" => $path,
+				"customerid" => $userinfo['customerid']
+			);
+			Database::pexecute($username_path_check_stmt, $params);
+			$username_path_check = $username_path_check_stmt->fetch(PDO::FETCH_ASSOC);
+
+			if(CRYPT_STD_DES == 1) {
 				$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
 				$password = crypt($_POST['directory_password'], $saltfordescrypt);
-			}
-			else
-			{
+			} else {
 				$password = crypt($_POST['directory_password']);
 			}

-			if(!$_POST['path'])
-			{
+			if(!$_POST['path']) {
 				standard_error('invalidpath');
 			}

-			if($username == '')
-			{
+			if($username == '') {
 				standard_error(array('stringisempty', 'myloginname'));
-			}
-			elseif($username_path_check['username'] == $username
-			       && $username_path_check['path'] == $path)
-			{
+			} elseif($username_path_check['username'] == $username && $username_path_check['path'] == $path) {
 				standard_error('userpathcombinationdupe');
-			}
-			elseif($_POST['directory_password'] == '')
-			{
+			} elseif($_POST['directory_password'] == '') {
 				standard_error(array('stringisempty', 'mypassword'));
-			}
-			elseif($path == '')
-			{
+			} elseif($path == '') {
 				standard_error('patherror');
-			}
-			else
-			{
-				$db->query("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` (`customerid`, `username`, `password`, `path`, `authname`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($password) . "', '" . $db->escape($path) . "', '" . $db->escape($authname) . "')");
+			} else {
+				$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_HTPASSWDS . "` SET
+					`customerid` = :customerid,
+					`username` = :username,
+					`password` = :password,
+					`path` = :path,
+					`authname` = :authname"
+				);
+				$params = array(
+					"customerid" => $userinfo['customerid'],
+					"username" => $username,
+					"password" => $password,
+					"path" => $path,
+					"authname" => $authname
+				);
+				Database::pexecute($stmt, $params);
 				$log->logAction(USR_ACTION, LOG_INFO, "added htpasswd for '" . $username . " (" . $path . ")'");
 				inserttask('1');
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			}
-		}
-		else
-		{
-			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
+		} else {
+			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);

 			$htpasswd_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htpasswd_add.php';
 			$htpasswd_add_form = htmlform::genHTMLForm($htpasswd_add_data);
@@ -194,59 +194,60 @@ elseif($page == 'htpasswds')

 			eval("echo \"" . getTemplate("extras/htpasswds_add") . "\";");
 		}
-	}
-	elseif($action == 'edit'
-	       && $id != 0)
-	{
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
+	} elseif($action == 'edit' && $id != 0) {
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTPASSWDS . "`
+			WHERE `customerid`= :customerid
+			AND `id`= :id"
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(isset($result['username'])
-		   && $result['username'] != '')
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
+		if(isset($result['username']) && $result['username'] != '') {
+			if(isset($_POST['send']) && $_POST['send'] == 'send') {
 				validate($_POST['directory_password'], 'password');
 				$authname = validate($_POST['directory_authname'], 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/');

-				if(CRYPT_STD_DES == 1)
-				{
+				if(CRYPT_STD_DES == 1) {
 					$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
 					$password = crypt($_POST['directory_password'], $saltfordescrypt);
-				}
-				else
-				{
+				} else {
 					$password = crypt($_POST['directory_password']);
 				}

+				$params = array(
+					"customerid" => $userinfo['customerid'],
+					"id" => $id
+				);
+
 				$pwd_sql = '';
-				if($_POST['directory_password'] != '')
-				{
-					$pwd_sql = "`password`='" . $db->escape($password) . "' ";
-				}
-				
-				$auth_sql = '';
-				if($authname != $result['authname'])
-				{
-					$auth_sql = "`authname`='" . $db->escape($authname) . "' ";
+				if($_POST['directory_password'] != '') {
+					$pwd_sql = "`password`= :password ";
+					$params["password"] = $password;
 				}

-				if($pwd_sql != '' || $auth_sql != '')
-				{
+				$auth_sql = '';
+				if($authname != $result['authname']) {
+					$auth_sql = "`authname`= :authname ";
+					$params["authname"] = $authname;
+				}
+
+				if($pwd_sql != '' || $auth_sql != '') {
 					if($pwd_sql !='' && $auth_sql != '') {
 						$pwd_sql.= ', ';
 					}

-					$db->query("UPDATE `" . TABLE_PANEL_HTPASSWDS . "` SET ".$pwd_sql.$auth_sql." WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
+					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
+						SET ".$pwd_sql.$auth_sql."
+						WHERE `customerid`= :customerid
+						AND `id`= :id"
+					);
+					Database::pexecute($stmt, $params);
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 					inserttask('1');
 					redirectTo($filename, Array('page' => $page, 's' => $s));
 				}
-			}
-			else
-			{
-				if(strpos($result['path'], $userinfo['documentroot']) === 0)
-				{
+			} else {
+				if(strpos($result['path'], $userinfo['documentroot']) === 0) {
 					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
 				}

@@ -262,11 +263,8 @@ elseif($page == 'htpasswds')
 			}
 		}
 	}
-}
-elseif($page == 'htaccess')
-{
-	if($action == '')
-	{
+} elseif($page == 'htaccess') {
+	if($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
 		$fields = array(
 			'path' => $lng['panel']['path'],
@@ -276,9 +274,12 @@ elseif($page == 'htaccess')
 			'error500path' => $lng['extras']['error500path'],
 			'options_cgi' => $lng['extras']['execute_perl']
 		);
-		$paging = new paging($userinfo, $db, TABLE_PANEL_HTACCESS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
-		$result = $db->query("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
-		$paging->setEntries($db->num_rows($result));
+		$paging = new paging($userinfo, TABLE_PANEL_HTACCESS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -289,12 +290,9 @@ elseif($page == 'htaccess')

 		$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);

-		while($row = $db->fetch_array($result))
-		{
-			if($paging->checkDisplay($i))
-			{
-				if(strpos($row['path'], $userinfo['documentroot']) === 0)
-				{
+		while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			if($paging->checkDisplay($i)) {
+				if(strpos($row['path'], $userinfo['documentroot']) === 0) {
 					$row['path'] = substr($row['path'], strlen($userinfo['documentroot']));
 					// don't show nothing wehn it's the docroot, show slash
 					if ($row['path'] == '') { $row['path'] = '/'; }
@@ -313,95 +311,96 @@ elseif($page == 'htaccess')
 		}

 		eval("echo \"" . getTemplate("extras/htaccess") . "\";");
-	}
-	elseif($action == 'delete'
-	       && $id != 0)
-	{
-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
+	} elseif($action == 'delete' && $id != 0) {
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
+			WHERE `customerid` = :customerid
+			AND `id` = :id"
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if(isset($result['customerid'])
-		   && $result['customerid'] != ''
-		   && $result['customerid'] == $userinfo['customerid'])
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
-				$db->query("DELETE FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
+		if(isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
+			if(isset($_POST['send']) && $_POST['send'] == 'send') {
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_HTACCESS . "`
+					WHERE `customerid`= :customerid
+					AND `id`= :id"
+				);
+				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'");
 				inserttask('1');
 				redirectTo($filename, Array('page' => $page, 's' => $s));
-			}
-			else
-			{
+			} else {
 				ask_yesno('extras_reallydelete_pathoptions', $filename, array('id' => $id, 'page' => $page, 'action' => $action), str_replace($userinfo['documentroot'], '', $result['path']));
 			}
 		}
-	}
-	elseif($action == 'add')
-	{
-		if(isset($_POST['send'])
-		   && $_POST['send'] == 'send')
-		{
+	} elseif($action == 'add') {
+		if(isset($_POST['send']) && $_POST['send'] == 'send') {
 			$path = makeCorrectDir(validate($_POST['path'], 'path'));
 			$userpath = $path;
 			$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
-			$path_dupe_check = $db->query_first("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "` WHERE `path`='" . $db->escape($path) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "'");
+			$path_dupe_check_stmt = Database::prepare("SELECT `id`, `path` FROM `" . TABLE_PANEL_HTACCESS . "`
+				WHERE `path`= :path
+				AND `customerid`= :customerid"
+			);
+			Database::pexecute($path_dupe_check_stmt, array("path" => $path, "customerid" => $userinfo['customerid']));
+			$path_dupe_check = $path_dupe_check_stmt->fetch(PDO::FETCH_ASSOC);

-			if(!$_POST['path'])
-			{
+			if(!$_POST['path']) {
 				standard_error('invalidpath');
 			}

-			if(isset($_POST['options_cgi'])
-				&& (int)$_POST['options_cgi'] != 0
-			) {
+			if(isset($_POST['options_cgi']) && (int)$_POST['options_cgi'] != 0) {
 				$options_cgi = '1';
-			}
-			else
-			{
+			} else {
 				$options_cgi = '0';
-			} 
+			}

 			$error404path = '';
 			if (isset($_POST['error404path'])) {
 				$error404path = correctErrorDocument($_POST['error404path']);
 			}
+
 			$error403path = '';
 			if (isset($_POST['error403path'])) {
 				$error403path = correctErrorDocument($_POST['error403path']);
 			}
+
 			$error500path = '';
 			if (isset($_POST['error500path'])) {
 				$error500path = correctErrorDocument($_POST['error500path']);
 			}

-			if($path_dupe_check['path'] == $path)
-			{
+			if($path_dupe_check['path'] == $path) {
 				standard_error('errordocpathdupe', $userpath);
-			}
-			elseif($path == '')
-			{
+			} elseif($path == '') {
 				standard_error('patherror');
-			}
-			else
-			{
-				$db->query('INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET
-							`customerid` = "'.(int)$userinfo['customerid'].'",
-							`path` = "'.$db->escape($path).'",
-							`options_indexes` = "'.$db->escape($_POST['options_indexes'] == '1' ? '1' : '0').'",
-							`error404path` = "'.$db->escape($error404path).'",
-							`error403path` = "'.$db->escape($error403path).'",
-							`error500path` = "'.$db->escape($error500path).'",
-							`options_cgi` = "'.$db->escape($options_cgi).'"');
+			} else {
+				$stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_HTACCESS . '` SET
+					`customerid` = :customerid,
+					`path` = :path,
+					`options_indexes` = :options_indexes,
+					`error404path` = :error404path,
+					`error403path` = :error403path,
+					`error500path` = :error500path,
+					`options_cgi` = :options_cgi'
+				);
+				$params = array(
+					"customerid" => $userinfo['customerid'],
+					"path" => $path,
+					"options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0',
+					"error403path" => $error403path,
+					"error404path" => $error404path,
+					"error500path" => $error500path,
+					"options_cgi" => $options_cgi
+				);
+				Database::pexecute($stmt, $params);

 				$log->logAction(USR_ACTION, LOG_INFO, "added htaccess for '" . $path . "'");
 				inserttask('1');
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			}
-		}
-		else
-		{
-			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']);
+		} else {
+			$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
 			$cperlenabled = customerHasPerlEnabled($userinfo['customerid']);
 			/*
 			$options_indexes = makeyesno('options_indexes', '1', '0', '0');
@@ -416,29 +415,24 @@ elseif($page == 'htaccess')

 			eval("echo \"" . getTemplate("extras/htaccess_add") . "\";");
 		}
-	}
-	elseif(($action == 'edit')
-	       && ($id != 0))
-	{
-		$result = $db->query_first('SELECT * FROM `' . TABLE_PANEL_HTACCESS . '` WHERE `customerid` = "' . (int)$userinfo['customerid'] . '"  AND `id`         = "' . (int)$id . '"');
+	} elseif(($action == 'edit') && ($id != 0)) {
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_HTACCESS . "`
+			WHERE `customerid` = :customerid 
+			AND `id` = :id"
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if((isset($result['customerid']))
-		   && ($result['customerid'] != '')
-		   && ($result['customerid'] == $userinfo['customerid']))
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
+		if((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
+			if(isset($_POST['send']) && $_POST['send'] == 'send') {
 				$option_indexes = intval($_POST['options_indexes']);
 				$options_cgi = isset($_POST['options_cgi']) ? intval($_POST['options_cgi']) : 0;

-				if($option_indexes != '1')
-				{
+				if($option_indexes != '1') {
 					$option_indexes = '0';
 				}

-				if($options_cgi != '1')
-				{
+				if($options_cgi != '1') {
 					$options_cgi = '0';
 				}

@@ -447,22 +441,37 @@ elseif($page == 'htaccess')
 				$error500path = correctErrorDocument($_POST['error500path']);

 				if(($option_indexes != $result['options_indexes'])
-				   || ($error404path != $result['error404path'])
-				   || ($error403path != $result['error403path'])
-				   || ($error500path != $result['error500path'])
-				   || ($options_cgi != $result['options_cgi']))
-				{
+					|| ($error404path != $result['error404path'])
+					|| ($error403path != $result['error403path'])
+					|| ($error500path != $result['error500path'])
+					|| ($options_cgi != $result['options_cgi'])
+				) {
 					inserttask('1');
-					$db->query('UPDATE `' . TABLE_PANEL_HTACCESS . '` SET `options_indexes` = "' . $db->escape($option_indexes) . '", `error404path`    = "' . $db->escape($error404path) . '",  `error403path`    = "' . $db->escape($error403path) . '",  `error500path`    = "' . $db->escape($error500path) . '", `options_cgi` = "' . $db->escape($options_cgi) . '" WHERE `customerid` = "' . (int)$userinfo['customerid'] . '"  AND `id` = "' . (int)$id . '"');
+					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTACCESS . "`
+						SET `options_indexes` = :options_indexes,
+						`error404path` = :error404path,
+						`error403path` = :error403path,
+						`error500path` = :error500path,
+						`options_cgi` = :options_cgi
+						WHERE `customerid` = :customerid
+						AND `id` = :id"
+					);
+					$params = array(
+						"customerid" => $userinfo['customerid'],
+						"options_indexes" => $_POST['options_indexes'] == '1' ? '1' : '0',
+						"error403path" => $error403path,
+						"error404path" => $error404path,
+						"error500path" => $error500path,
+						"options_cgi" => $options_cgi,
+						"id" => $id
+					);
+					Database::pexecute($stmt, $params);
 					$log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'");
 				}

 				redirectTo($filename, Array('page' => $page, 's' => $s));
-			}
-			else
-			{
-				if(strpos($result['path'], $userinfo['documentroot']) === 0)
-				{
+			} else {
+				if(strpos($result['path'], $userinfo['documentroot']) === 0) {
 					$result['path'] = substr($result['path'], strlen($userinfo['documentroot']));
 					// don't show nothing wehn it's the docroot, show slash
 					if ($result['path'] == '') { $result['path'] = '/'; }
@@ -480,7 +489,7 @@ elseif($page == 'htaccess')

 				$htaccess_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/extras/formfield.htaccess_edit.php';
 				$htaccess_edit_form = htmlform::genHTMLForm($htaccess_edit_data);
-	
+
 				$title = $htaccess_edit_data['htaccess_edit']['title'];
 				$image = $htaccess_edit_data['htaccess_edit']['image'];

@@ -490,4 +499,3 @@ elseif($page == 'htaccess')
 	}
 }

-?>
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -18,11 +18,7 @@
 */

 define('AREA', 'customer');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-require('./lib/init.php');
+require './lib/init.php';

 $id = 0;
 if (isset($_POST['id'])) {
@@ -41,9 +37,15 @@ if ($page == 'overview') {
 			'username' => $lng['login']['username'],
 			'homedir' => $lng['panel']['path']
 		);
-		$paging = new paging($userinfo, $db, TABLE_FTP_USERS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
-		$result = $db->query("SELECT `id`, `username`, `homedir` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . $userinfo['customerid'] . "'  AND `username` NOT LIKE '%_backup'" . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
-		$paging->setEntries($db->num_rows($result));
+		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+			WHERE `customerid`= :customerid 
+			AND `username` NOT LIKE '%_backup'" . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+		$ftps_count = Database::num_rows();
+		$paging->setEntries($ftps_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -52,7 +54,7 @@ if ($page == 'overview') {
 		$count = 0;
 		$accounts = '';

-		while ($row = $db->fetch_array($result)) {
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				if (strpos($row['homedir'], $userinfo['documentroot']) === 0) {
 					$row['documentroot'] = substr($row['homedir'], strlen($userinfo['documentroot']));
@@ -61,7 +63,7 @@ if ($page == 'overview') {
 				}

 				$row['documentroot'] = makeCorrectDir($row['documentroot']);
-				
+
 				$row = htmlentities_array($row);
 				eval("\$accounts.=\"" . getTemplate('ftp/accounts_account') . "\";");
 				$count++;
@@ -70,35 +72,72 @@ if ($page == 'overview') {
 			$i++;
 		}

-		$ftps_count = $db->num_rows($result);
 		eval("echo \"" . getTemplate('ftp/accounts') . "\";");
 	} elseif ($action == 'delete' && $id != 0) {
-		$result = $db->query_first("SELECT `id`, `username`, `homedir`, `up_count`, `up_bytes`, `down_count`, `down_bytes` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `homedir`, `up_count`, `up_bytes`, `down_count`, `down_bytes` FROM `" . TABLE_FTP_USERS . "`
+			WHERE `customerid` = :customerid
+			AND `id` = :id"
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
+		if (isset($result['username']) && $result['username'] != $userinfo['loginname']) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
+					SET `up_count` = `up_count` + :up_count,
+					`up_bytes` = `up_bytes` + :up_bytes,
+					`down_count` = `down_count` + :down_count,
+					`down_bytes` = `down_bytes` + :down_bytes
+					WHERE `username` = :username"
+				);
+				$params = array(
+					"up_count" => $result['up_count'],
+					"up_bytes" => $result['up_bytes'],
+					"down_count" => $result['down_count'],
+					"down_bytes" => $result['down_bytes'],
+					"username" => $userinfo['loginname']
+				);
+				Database::pexecute($stmt, $params);
+
+				$result_stmt = Database::prepare("SELECT `username`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+					WHERE `customerid` = :customerid
+					AND `id` = :id"
+				);
+				Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+				$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = :name");
+				Database::pexecute($stmt, array("name" => $result['username']));
+
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_FTP_USERS . "`
+					WHERE `customerid` = :customerid
+					AND `id` = :id"
+				);
+				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+
+				$stmt = Database::prepare("
+					UPDATE `" . TABLE_FTP_GROUPS . "` SET
+					`members` = REPLACE(`members`, :username,'')
+					WHERE `customerid` = :customerid
+				");
+				Database::pexecute($stmt, array("username" => ",".$result['username'], "customerid" => $userinfo['customerid']));

-		if (isset($result['username'])
-		   && $result['username'] != $userinfo['loginname']
-		) {
-			if (isset($_POST['send'])
-			   && $_POST['send'] == 'send'
-			) {
-				$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `up_count`=`up_count`+'" . (int)$result['up_count'] . "', `up_bytes`=`up_bytes`+'" . (int)$result['up_bytes'] . "', `down_count`=`down_count`+'" . (int)$result['down_count'] . "', `down_bytes`=`down_bytes`+'" . (int)$result['down_bytes'] . "' WHERE `username`='" . $db->escape($userinfo['loginname']) . "'");
-				$result = $db->query_first("SELECT `username`, `homedir` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
-				$db->query("DELETE FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $db->escape($result['username']) . "'");
-				$db->query("DELETE FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted ftp-account '" . $result['username'] . "'");
-				$db->query("UPDATE `" . TABLE_FTP_GROUPS . "` SET `members`=REPLACE(`members`,'," . $db->escape($result['username']) . "','') WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");

 				$resetaccnumber = ($userinfo['ftps_used'] == '1') ? " , `ftp_lastaccountnumber`='0'" : '';

 				// refs #293
-				if (isset($_POST['delete_userfiles'])
-				  && (int)$_POST['delete_userfiles'] == 1
-				) {
+				if (isset($_POST['delete_userfiles']) && (int)$_POST['delete_userfiles'] == 1) {
 					inserttask('8', $userinfo['loginname'], $result['homedir']);
 				}

-				$result = $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `ftps_used`=`ftps_used`-1 $resetaccnumber WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");
-				redirectTo($filename, Array('page' => $page, 's' => $s));
+				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+					SET `ftps_used` = `ftps_used` - 1 $resetaccnumber
+					WHERE `customerid` = :customerid"
+				);
+				Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
+
+				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
 				ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']);
 			}
@@ -106,12 +145,9 @@ if ($page == 'overview') {
 			standard_error('ftp_cantdeletemainaccount');
 		}
 	} elseif ($action == 'add') {
-		if ($userinfo['ftps_used'] < $userinfo['ftps']
-		   || $userinfo['ftps'] == '-1'
-		) {
+		if ($userinfo['ftps_used'] < $userinfo['ftps'] || $userinfo['ftps'] == '-1') {
 			if (isset($_POST['send'])
-			   && $_POST['send'] == 'send'
-			) {
+			   && $_POST['send'] == 'send') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');
 				$password = validate($_POST['ftp_password'], 'password');
@@ -128,7 +164,13 @@ if ($page == 'overview') {
 						standard_error(array('stringisempty', 'username'));
 					}
 					$ftpdomain = $idna_convert->encode(validate($_POST['ftp_domain'], 'domain'));
-					$ftpdomain_check = $db->query_first("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `domain`='" . $db->escape($ftpdomain) . "' AND `customerid`='" . (int)$userinfo['customerid'] . "'");
+					$ftpdomain_check_stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
+						WHERE `domain` = :domain
+						AND `customerid` = :customerid"
+					);
+					Database::pexecute($ftpdomain_check_stmt, array("domain" => $ftpdomain, "customerid" => $userinfo['customerid']));
+					$ftpdomain_check = $ftpdomain_check_stmt->fetch(PDO::FETCH_ASSOC);
+
 					if ($ftpdomain_check['domain'] != $ftpdomain) {
 						standard_error('maindomainnonexist', $domain);
 					}
@@ -136,9 +178,13 @@ if ($page == 'overview') {
 				} else {
 					$username = $userinfo['loginname'] . $settings['customer']['ftpprefix'] . (intval($userinfo['ftp_lastaccountnumber']) + 1);
 				}
-				
-				$username_check = $db->query_first('SELECT * FROM `' . TABLE_FTP_USERS .'` WHERE `username` = \'' . $db->escape($username) . '\'');
-				
+
+				$username_check_stmt = Database::prepare("SELECT * FROM `" . TABLE_FTP_USERS . "`
+					WHERE `username` = :username"
+				);
+				Database::pexecute($username_check_stmt, array("username" => $username));
+				$username_check = $username_check_stmt->fetch(PDO::FETCH_ASSOC);
+
 				if (!empty($username_check) && $username_check['username'] = $username) {
 					standard_error('usernamealreadyexists', $username);
 				} elseif ($password == '') {
@@ -149,13 +195,51 @@ if ($page == 'overview') {
 					$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);

 					$cryptPassword = makeCryptPassword($password);
-					$db->query("INSERT INTO `" . TABLE_FTP_USERS . "` (`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`) VALUES ('" . (int)$userinfo['customerid'] . "', '" . $db->escape($username) . "', '" . $db->escape($cryptPassword) . "', '" . $db->escape($path) . "', 'y', '" . (int)$userinfo['guid'] . "', '" . (int)$userinfo['guid'] . "')");
-					$result = $db->query("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "` WHERE `name` = '" . $userinfo['loginname'] . "'");
-					while ($row = $db->fetch_array($result)) {
-						$db->query("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` (`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) VALUES ('" . $db->escape($username) . "', 'user', '" . $db->escape($row['bytes_in_used']) . "', '0', '0', '0', '0', '0')");
+
+					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
+						(`customerid`, `username`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
+						VALUES (:customerid, :username, :password, :homedir, 'y', :guid, :guid)"
+					);
+					$params = array(
+						"customerid" => $userinfo['customerid'],
+						"username" => $username,
+						"password" => $cryptPassword,
+						"homedir" => $path,
+						"guid" => $userinfo['guid']
+					);
+					Database::pexecute($stmt, $params);
+
+					$result_stmt = Database::prepare("SELECT `bytes_in_used` FROM `" . TABLE_FTP_QUOTATALLIES . "`
+						WHERE `name` = :name"
+					);
+					Database::pexecute($result_stmt, array("name" => $userinfo['loginname']));
+
+					while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+						$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "`
+							(`name`, `quota_type`, `bytes_in_used`, `bytes_out_used`, `bytes_xfer_used`, `files_in_used`, `files_out_used`, `files_xfer_used`) 
+							VALUES (:name, 'user', :bytes_in_used, '0', '0', '0', '0', '0')"
+						);
+						Database::pexecute($stmt, array("name" => $username, "bytes_in_used" => $row['bytes_in_used']));
 					}
-					$db->query("UPDATE `" . TABLE_FTP_GROUPS . "` SET `members`=CONCAT_WS(',',`members`,'" . $db->escape($username) . "') WHERE `customerid`='" . $userinfo['customerid'] . "' AND `gid`='" . (int)$userinfo['guid'] . "'");
-					$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `ftps_used`=`ftps_used`+1, `ftp_lastaccountnumber`=`ftp_lastaccountnumber`+1 WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");
+
+					$stmt = Database::prepare("UPDATE `" . TABLE_FTP_GROUPS . "`
+						SET `members` = CONCAT_WS(',',`members`, :username)
+						WHERE `customerid`= :customerid
+						AND `gid`= :guid"
+					);
+					$params = array(
+						"username" => $username,
+						"customerid" => $userinfo['customerid'],
+						"guid" => $userinfo['guid']
+					);
+					Database::pexecute($stmt, $params);
+
+					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+						SET `ftps_used` = `ftps_used` + 1,
+						`ftp_lastaccountnumber` = `ftp_lastaccountnumber` + 1
+						WHERE `customerid` = :customerid"
+					);
+					Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));

 					$log->logAction(USR_ACTION, LOG_INFO, "added ftp-account '" . $username . " (" . $path . ")'");
 					inserttask(5);
@@ -168,13 +252,29 @@ if ($page == 'overview') {
 							'USR_PASS' => $password,
 							'USR_PATH' => makeCorrectDir(substr($path, strlen($userinfo['documentroot'])))
 						);
-						
+
 						$def_language = $userinfo['def_language'];
-						$result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'new_ftpaccount_by_customer_subject\'');
+						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
+							WHERE `adminid` = :adminid
+							AND `language` = :lang
+							AND `templategroup`='mails'
+							AND `varname`='new_ftpaccount_by_customer_subject'"
+						);
+						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
+						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_subject']), $replace_arr));
-						$result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'new_ftpaccount_by_customer_mailbody\'');
+
+						$def_language = $userinfo['def_language'];
+						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
+							WHERE `adminid` = :adminid
+							AND `language` = :lang
+							AND `templategroup`='mails'
+							AND `varname`='new_ftpaccount_by_customer_mailbody'"
+						);
+						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
+						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['ftp_add']['infomail_body']['main']), $replace_arr));
-						
+
 						$_mailerror = false;
 						try {
 							$mail->Subject = $mail_subject;
@@ -201,15 +301,18 @@ if ($page == 'overview') {
 					redirectTo($filename, Array('page' => $page, 's' => $s));
 				}
 			} else {
-				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], '/');
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], '/');

 				if ($settings['customer']['ftpatdomain'] == '1') {
 					$domainlist = array();
 					$domains = '';

-					$result_domains = $db->query("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");
+					$result_domains_stmt = Database::prepare("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "`
+						WHERE `customerid`= :customerid"
+					);
+					Database::pexecute($result_domains_stmt, array("customerid" => $userinfo['customerid']));

-					while ($row_domain = $db->fetch_array($result_domains)) {
+					while ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
 						$domainlist[] =  $row_domain['domain'];
 					}

@@ -234,17 +337,18 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result = $db->query_first("SELECT `id`, `username`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "`
+			WHERE `customerid` = :customerid
+			AND `id` = :id"
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if (isset($result['username'])
-		   && $result['username'] != ''
-		) {
-			if (isset($_POST['send'])
-			   && $_POST['send'] == 'send'
-			) {
+		if (isset($result['username']) && $result['username'] != '') {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');
-				
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -259,14 +363,30 @@ if ($page == 'overview') {
 					}
 					$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account password for '" . $result['username'] . "'");
 					$cryptPassword = makeCryptPassword($password);
-					$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");
-						
+
+					$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
+						SET `password` = :password
+						WHERE `customerid` = :customerid
+						AND `id` = :id"
+					);
+					Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id, "password" => $cryptPassword));
+
 					// also update customers backup user password if password of main ftp user is changed
-					if(!preg_match('/' . $settings['customer']['ftpprefix'] . '/', $result['username'])){
-					    $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $result['username'] . "_backup'");
+					if(!preg_match('/' . $settings['customer']['ftpprefix'] . '/', $result['username'])) {
+						$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
+							SET `password` = :password
+							WHERE `customerid` = :customerid
+							AND `username` = :username"
+						);
+						$params = array(
+							"password" => $cryptPassword,
+							"customerid" => $userinfo['customerid'],
+							"username" => $result['username'] . "_backup"
+						);
+						Database::pexecute($stmt, $params);
 					}
 				}
-				
+
 				if ($path != '') {
 					$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);

@@ -278,7 +398,18 @@ if ($page == 'overview') {
 						}

 						$log->logAction(USR_ACTION, LOG_INFO, "updated ftp-account homdir for '" . $result['username'] . "'");
-						$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `homedir`= '" . $db->escape($path) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `id`='" . (int)$id . "'");						
+
+						$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
+							SET `homedir` = :homedir
+							WHERE `customerid` = :customerid
+							AND `id` = :id"
+						);
+						$params = array(
+							"homedir" => $path,
+							"customerid" => $userinfo['customerid'],
+							"id" => $id
+						);
+						Database::pexecute($stmt, $params);
 					}
 				}

@@ -291,14 +422,17 @@ if ($page == 'overview') {
 				}
 				$homedir = makeCorrectDir($homedir);

-				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $homedir);
+				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $homedir);

 				if ($settings['customer']['ftpatdomain'] == '1') {
 					$domains = '';

-					$result_domains = $db->query("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");
+					$result_domains_stmt = Database::prepare("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "`
+						WHERE `customerid` = :customerid"
+					);
+					Database::pexecute($result_domains_stmt, array("customerid" => $userinfo['customerid']));

-					while ($row_domain = $db->fetch_array($result_domains)) {
+					while ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
 						$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['domain']);
 					}
 				}
--- a/customer_index.php
+++ b/customer_index.php
@@ -18,60 +18,81 @@
 */

 define('AREA', 'customer');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-require('./lib/init.php');
+require './lib/init.php';

 if ($action == 'logout') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, 'logged out');

-        $query = "DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['customerid'] . "' AND `adminsession` = '0'";
+    $params = array("customerid" => $userinfo['customerid']);
 	if ($settings['session']['allow_multiple_login'] == '1') {
-		$query .= " AND `hash` = '" . $s . "'";
+		$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
+			WHERE `userid` = :customerid
+			AND `adminsession` = '0'
+			AND `hash` = :hash"
+		);
+		$params["hash"] = $s;
+	} else {
+		$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
+			WHERE `userid` = :customerid
+			AND `adminsession` = '0'"
+		);
 	}
-	$db->query($query);
+	Database::pexecute($stmt, $params);
+	
 	redirectTo('index.php');
 	exit;
 }

 if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_index");
+	
+	$domain_stmt = Database::prepare("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "`
+		WHERE `customerid` = :customerid
+		AND `parentdomainid` = '0'
+		AND `id` <> :standardsubdomain
+	");
+	Database::pexecute($domain_stmt, array("customerid" => $userinfo['customerid'], "standardsubdomain" => $userinfo['standardsubdomain']));
+	
 	$domains = '';
-	$result = $db->query("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `parentdomainid`='0' AND `id` <> '" . (int)$userinfo['standardsubdomain'] . "' ");
 	$domainArray = array();

-	while ($row = $db->fetch_array($result)) {
+	while ($row = $domain_stmt->fetch(PDO::FETCH_ASSOC)) {
 		$domainArray[] = $idna_convert->decode($row['domain']);
 	}

 	natsort($domainArray);
 	$domains = implode(',<br />', $domainArray);
+
+	// standard-subdomain
+	$stdsubdomain = '';
+	if ($userinfo['standardsubdomain'] != '0') {
+		$std_domain_stmt = Database::prepare("
+			SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "`
+			WHERE `customerid` = :customerid
+			AND `id` = :standardsubdomain
+		");
+		$std_domain = Database::pexecute_first($std_domain_stmt, array("customerid" => $userinfo['customerid'], "standardsubdomain" => $userinfo['standardsubdomain']));
+		$stdsubdomain = $std_domain['domain'];
+	}
+
 	$userinfo['email'] = $idna_convert->decode($userinfo['email']);
 	$yesterday = time() - (60 * 60 * 24);
 	$month = date('M Y', $yesterday);

-	/*		$traffic=$db->query_first("SELECT SUM(http) AS http_sum, SUM(ftp_up) AS ftp_up_sum, SUM(ftp_down) AS ftp_down_sum, SUM(mail) AS mail_sum FROM ".TABLE_PANEL_TRAFFIC." WHERE year='".date('Y')."' AND month='".date('m')."' AND day<='".date('d')."' AND customerid='".$userinfo['customerid']."'");
-		$userinfo['traffic_used']=$traffic['http_sum']+$traffic['ftp_up_sum']+$traffic['ftp_down_sum']+$traffic['mail_sum'];*/
-
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, $settings['panel']['decimal_places']);
 	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, $settings['panel']['decimal_places']);
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), $settings['panel']['decimal_places']);
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), $settings['panel']['decimal_places']);
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota email_autoresponder ftps tickets subdomains aps_packages');
-	$opentickets = 0;
-	$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-                                   WHERE `customerid` = "' . $userinfo['customerid'] . '"
-                                   AND `answerto` = "0"
-                                   AND (`status` = "0" OR `status` = "2")
-                                   AND `lastreplier`="1"');
-	$awaitingtickets = $opentickets['count'];
-	$awaitingtickets_text = '';

-	if ($opentickets > 0) {
-		$awaitingtickets_text = strtr($lng['ticket']['awaitingticketreply'], array('%s' => '<a href="customer_tickets.php?page=tickets&amp;s=' . $s . '">' . $opentickets['count'] . '</a>'));
-	}
+	$services_enabled = "";
+	$se = array();
+	if ($userinfo['imap'] == '1') $se[] = "IMAP";
+	if ($userinfo['pop3'] == '1') $se[] = "POP3";
+	if ($userinfo['phpenabled'] == '1') $se[] = "PHP";
+	if ($userinfo['perlenabled'] == '1') $se[] = "Perl/CGI";
+	if ($userinfo['backup_enabled'] == '1' && $userinfo['backup_allowed'] == '1') $se[] = "Backup";
+	$services_enabled = implode(", ", $se);

 	eval("echo \"" . getTemplate('index/index') . "\";");
 } elseif ($page == 'change_password') {
@@ -94,28 +115,57 @@ if ($page == 'overview') {
 		} elseif($new_password != $new_password_confirm) {
 			standard_error('newpasswordconfirmerror');
 		} else {
-			$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `password`='" . md5($new_password) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `password`='" . md5($old_password) . "'");
+			// Update user password
+			$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+				SET `password` = :newpassword
+				WHERE `customerid` = :customerid
+				AND `password` = :oldpassword"
+			);
+			$params = array(
+				"newpassword" => md5($new_password),
+				"customerid" => $userinfo['customerid'],
+				"oldpassword" => md5($old_password)
+			);
+			Database::pexecute($stmt, $params);
 			$log->logAction(USR_ACTION, LOG_NOTICE, 'changed password');

-			if (isset($_POST['change_main_ftp'])
-			   && $_POST['change_main_ftp'] == 'true'
-			) {
+			// Update ftp password
+			if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
 				$cryptPassword = makeCryptPassword($new_password);
-				$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`='" . $db->escape($cryptPassword) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
+				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
+					SET `password` = :password
+					WHERE `customerid` = :customerid
+					AND `username` = :username"
+				);
+				$params = array(
+					"password" => $cryptPassword,
+					"customerid" => $userinfo['customerid'],
+					"username" => $userinfo['loginname']
+				);
+				Database::pexecute($stmt, $params);
 				$log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
 			}

-			if (isset($_POST['change_webalizer'])
-			   && $_POST['change_webalizer'] == 'true'
-			) {
+			// Update webalizer password
+			if (isset($_POST['change_webalizer']) && $_POST['change_webalizer'] == 'true') {
 				if (CRYPT_STD_DES == 1) {
 					$saltfordescrypt = substr(md5(uniqid(microtime(), 1)), 4, 2);
 					$new_webalizer_password = crypt($new_password, $saltfordescrypt);
 				} else {
 					$new_webalizer_password = crypt($new_password);
 				}
-
-				$db->query("UPDATE `" . TABLE_PANEL_HTPASSWDS . "` SET `password`='" . $db->escape($new_webalizer_password) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
+				
+				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
+					SET `password` = :password
+					WHERE `customerid` = :customerid
+					AND `username` = :username"
+				);
+				$params = array(
+					"password" => $new_webalizer_password,
+					"customerid" => $userinfo['customerid'],
+					"username" => $userinfo['loginname']
+				);
+				Database::pexecute($stmt, $params);
 			}

 			redirectTo($filename, Array('s' => $s));
@@ -127,8 +177,18 @@ if ($page == 'overview') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$def_language = validate($_POST['def_language'], 'default language');
 		if (isset($languages[$def_language])) {
-			$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `def_language`='" . $db->escape($def_language) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");
-			$db->query("UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `language`='" . $db->escape($def_language) . "' WHERE `hash`='" . $db->escape($s) . "'");
+			$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+				SET `def_language` = :lang
+				WHERE `customerid` = :customerid"
+			);
+			Database::pexecute($stmt, array("lang" => $def_language, "customerid" => $userinfo['customerid']));
+			
+			$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "`
+				SET `language` = :lang
+				WHERE `hash` = :hash"
+			);
+			Database::pexecute($stmt, array("lang" => $def_language, "hash" => $s));
+			
 			$log->logAction(USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'");
 		}

@@ -150,8 +210,18 @@ if ($page == 'overview') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$theme = validate($_POST['theme'], 'theme');
 
-		$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `theme`='" . $db->escape($theme) . "' WHERE `customerid`='" . (int)$userinfo['customerid'] . "'");
-		$db->query("UPDATE `" . TABLE_PANEL_SESSIONS . "` SET `theme`='" . $db->escape($theme) . "' WHERE `hash`='" . $db->escape($s) . "'");
+		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+			SET `theme` = :theme
+			WHERE `customerid` = :customerid"
+		);
+		Database::pexecute($stmt, array("theme" => $theme, "customerid" => $userinfo['customerid']));
+		
+		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "`
+			SET `theme` = :theme
+			WHERE `hash` = :hash"
+		);
+		Database::pexecute($stmt, array("theme" => $theme, "hash" => $s));
+		
 		$log->logAction(USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
 		redirectTo($filename, Array('s' => $s));
 	} else {
@@ -168,4 +238,83 @@ if ($page == 'overview') {

 		eval("echo \"" . getTemplate('index/change_theme') . "\";");
 	}
+
+} elseif ($page == 'send_error_report'
+	&& $settings['system']['allow_error_report_customer'] == '1'
+) {
+
+	// only show this if we really have an exception to report
+	if (isset($_GET['errorid'])
+			&& $_GET['errorid'] != ''
+	) {
+
+		$errid = $_GET['errorid'];
+		// read error file
+		$err_dir = makeCorrectDir(FROXLOR_INSTALL_DIR."/logs/");
+		$err_file = makeCorrectFile($err_dir."/".$errid."_sql-error.log");
+
+		if (file_exists($err_file)) {
+
+			$error_content = file_get_contents($err_file);
+			$error = explode("|", $error_content);
+
+			$_error = array(
+				'code' => str_replace("\n", "", substr($error[1], 5)),
+				'message' => str_replace("\n", "", substr($error[2], 4)),
+				'file' => str_replace("\n", "", substr($error[3], 5 + strlen(FROXLOR_INSTALL_DIR))),
+				'line' => str_replace("\n", "", substr($error[4], 5)),
+				'trace' => str_replace(FROXLOR_INSTALL_DIR, "", substr($error[5], 6))
+			);
+
+			// build mail-content
+			$mail_body = "Dear froxlor-team,\n\n";
+			$mail_body .= "the following error has been reported by a user:\n\n";
+			$mail_body .= "-------------------------------------------------------------\n";
+			$mail_body .= $_error['code'].' '.$_error['message']."\n\n";
+			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
+			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
+			$mail_body .= "-------------------------------------------------------------\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "End of report";
+			$mail_html = str_replace("\n", "<br />", $mail_body);
+
+			// send actual report to dev-team
+			if (isset($_POST['send'])
+					&& $_POST['send'] == 'send'
+			) {
+				// send mail and say thanks
+				$_mailerror = false;
+				try {
+					$mail->Subject = '[Froxlor] Error report by user';
+					$mail->AltBody = $mail_body;
+					$mail->MsgHTML($mail_html);
+					$mail->AddAddress('error-reports@froxlor.org', 'Froxlor Developer Team');
+					$mail->Send();
+				} catch(phpmailerException $e) {
+					$mailerr_msg = $e->errorMessage();
+					$_mailerror = true;
+				} catch (Exception $e) {
+					$mailerr_msg = $e->getMessage();
+					$_mailerror = true;
+				}
+
+				if ($_mailerror) {
+					// error when reporting an error...LOLFUQ
+					standard_error('send_report_error', $mailerr_msg);
+				}
+
+				// finally remove error from fs
+				@unlink($err_file);
+				redirectTo($filename, array('s' => $s));
+			}
+			// show a nice summary of the error-report
+			// before actually sending anything
+			eval("echo \"" . getTemplate("index/send_error_report") . "\";");
+
+		} else {
+			redirectTo($filename, array('s' => $s));
+		}
+	} else {
+		redirectTo($filename, array('s' => $s));
+	}
 }
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -18,13 +18,13 @@
 */

 define('AREA', 'customer');
+require './lib/init.php';

-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-$need_db_sql_data = true;
-$need_root_db_sql_data = true;
-require('./lib/init.php');
+// get sql-root access data
+Database::needRoot(true);
+Database::needSqlData();
+$sql_root = Database::getSqlData();
+Database::needRoot(false);

 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -34,6 +34,8 @@ if (isset($_POST['id'])) {

 if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_mysql");
+	Database::needSqlData();
+	$sql = Database::getSqlData();
 	$lng['mysql']['description'] = str_replace('<SQL_HOST>', $sql['host'], $lng['mysql']['description']);
 	eval("echo \"" . getTemplate('mysql/mysql') . "\";");
 } elseif($page == 'mysqls') {
@@ -43,9 +45,14 @@ if ($page == 'overview') {
 			'databasename' => $lng['mysql']['databasename'],
 			'description' => $lng['mysql']['databasedescription']
 		);
-		$paging = new paging($userinfo, $db, TABLE_PANEL_DATABASES, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
-		$result = $db->query("SELECT * FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid`='" . (int)$userinfo['customerid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
-		$paging->setEntries($db->num_rows($result));
+		$paging = new paging($userinfo, TABLE_PANEL_DATABASES, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+		$result_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
+			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+		$mysqls_count = Database::num_rows();
+		$paging->setEntries($mysqls_count);
+
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -54,61 +61,75 @@ if ($page == 'overview') {
 		$count = 0;
 		$mysqls = '';

+		$dbservers_stmt = Database::query("SELECT COUNT(DISTINCT `dbserver`) as numservers FROM `".TABLE_PANEL_DATABASES."`");
+		$dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC);
+		$count_mysqlservers = $dbserver['numservers'];
+
 		// Begin root-session
-		$db_root = new db($sql_root[0]['host'], $sql_root[0]['user'], $sql_root[0]['password'], '');
-		while ($row = $db->fetch_array($result)) {
+		Database::needRoot(true);
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($paging->checkDisplay($i)) {
 				$row = htmlentities_array($row);
-				$mbdata = $db_root->query_first("SELECT SUM( data_length + index_length) / 1024 / 1024 'MB' FROM information_schema.TABLES WHERE table_schema = '" . $db_root->escape($row['databasename']) . "' GROUP BY table_schema ;");
-				$row['size'] = number_format($mbdata['MB'], 3, '.', '');
+				$mbdata_stmt = Database::prepare("SELECT SUM(data_length + index_length) as MB FROM information_schema.TABLES
+					WHERE table_schema = :table_schema
+					GROUP BY table_schema"
+				);
+				Database::pexecute($mbdata_stmt, array("table_schema" => $row['databasename']));
+				$mbdata = $mbdata_stmt->fetch(PDO::FETCH_ASSOC);
+				$row['size'] = size_readable($mbdata['MB'], 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');
 				eval("\$mysqls.=\"" . getTemplate('mysql/mysqls_database') . "\";");
 				$count++;
 			}
 			$i++;
 		}
-		$db_root->close();
+		Database::needRoot(false);
 		// End root-session

-		$mysqls_count = $db->num_rows($result);
 		eval("echo \"" . getTemplate('mysql/mysqls') . "\";");
-	} elseif($action == 'delete' && $id != 0) {
-		$result = $db->query_first('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"');

-		if (isset($result['databasename'])
-		   && $result['databasename'] != ''
-		) {
+	} elseif($action == 'delete' && $id != 0) {
+		$result_stmt = Database::prepare('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '`
+			WHERE `customerid`="' . (int)$userinfo['customerid'] . '"
+			AND `id`="' . (int)$id . '"'
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
+		if (isset($result['databasename']) && $result['databasename'] != '') {
+
+			Database::needRoot(true, $result['dbserver']);
+			Database::needSqlData();
+			$sql_root = Database::getSqlData();
+			Database::needRoot(false);
+
 			if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) {
 				$result['dbserver'] = 0;
 			}

-			if (isset($_POST['send'])
-			   && $_POST['send'] == 'send'
-			) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// Begin root-session
-				$db_root = new db($sql_root[$result['dbserver']]['host'], $sql_root[$result['dbserver']]['user'], $sql_root[$result['dbserver']]['password'], '');
+				Database::needRoot(true, $result['dbserver']);
+				$dbm = new DbManager($settings, $log);
+				$dbm->getManager()->deleteDatabase($result['databasename']);
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted database '" . $result['databasename'] . "'");
-				if (mysql_get_server_info() < '5.0.2') { 
-					// Revoke privileges (only required for MySQL 4.1.2 - 5.0.1)
-					$db_root->query('REVOKE ALL PRIVILEGES, GRANT OPTION FROM \'' . $db_root->escape($result['databasename']) .'\'',false,true);
-				}
-
-				$host_res = $db_root->query("SELECT `Host` FROM `mysql`.`user` WHERE `User`='" . $db_root->escape($result['databasename']) . "'");
-				while ($host = $db_root->fetch_array($host_res)) {
-					// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)
-					$db_root->query('DROP USER \'' . $db_root->escape($result['databasename']). '\'@\'' . $db_root->escape($host['Host']) . '\'', false, true);
-				}
-
-				$db_root->query('DROP DATABASE IF EXISTS `' . $db_root->escape($result['databasename']) . '`');
-				$db_root->query('FLUSH PRIVILEGES');
-				$db_root->close();
+				Database::needRoot(false);
 				// End root-session

-				$db->query('DELETE FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"');
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "`
+					WHERE `customerid` = :customerid
+					AND `id` = :id"
+				);
+				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));

-				$resetaccnumber = ($userinfo['mysqls_used'] == '1') ? " , `mysql_lastaccountnumber`='0' " : '';
+				$resetaccnumber = ($userinfo['mysqls_used'] == '1') ? " , `mysql_lastaccountnumber` = '0' " : '';

-				$result = $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`-1 ' . $resetaccnumber . 'WHERE `customerid`="' . (int)$userinfo['customerid'] . '"');
-				redirectTo($filename, Array('page' => $page, 's' => $s));
+				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+					SET `mysqls_used` = `mysqls_used` - 1 " . $resetaccnumber . "
+					WHERE `customerid` = :customerid"
+				);
+				Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
+
+				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
 				$dbnamedesc = $result['databasename'];
 				if (isset($result['description']) && $result['description'] != '') {
@@ -118,12 +139,8 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'add') {
-		if ($userinfo['mysqls_used'] < $userinfo['mysqls']
-		   || $userinfo['mysqls'] == '-1'
-		) {
-			if (isset($_POST['send'])
-			   && $_POST['send'] == 'send'
-			) {
+		if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$password = validate($_POST['mysql_password'], 'password');
 				$password = validatePassword($password);

@@ -136,47 +153,49 @@ if ($page == 'overview') {
 					standard_error(array('stringisempty', 'mypassword'));
 				} else {
 					$dbserver = 0;
-					if (count($sql_root) > 1) {
+					$dbservers_stmt = Database::query("SELECT COUNT(DISTINCT `dbserver`) as numservers FROM `".TABLE_PANEL_DATABASES."`");
+					$_dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC);
+					$count_mysqlservers = $_dbserver['numservers'];
+					if ($count_mysqlservers > 1) {
 						$dbserver = validate($_POST['mysql_server'], html_entity_decode($lng['mysql']['mysql_server']), '', '', 0);
-						if (!isset($sql_root[$dbserver]) || !is_array($sql_root[$dbserver])) {
+						Database::needRoot(true, $dbserver);
+						Database::needSqlData();
+						$sql_root = Database::getSqlData();
+						Database::needRoot(false);
+						if (!isset($sql_root) || !is_array($sql_root)) {
 							$dbserver = 0;
 						}
 					}
-					
+
 					// validate description before actual adding the database, #1052
 					$databasedescription = validate(trim($_POST['description']), 'description');

-					// Begin root-session
-					$db_root = new db($sql_root[$dbserver]['host'], $sql_root[$dbserver]['user'], $sql_root[$dbserver]['password'], '');
-
-					if (strtoupper($settings['customer']['mysqlprefix']) == 'RANDOM') {
-						$result = $db_root->query('SELECT `User` FROM mysql.user');
-						while ($row = $db_root->fetch_array($result)) {
-							$allsqlusers[] = $row[User];
-						}
-						$username = $userinfo['loginname'] . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
-						while (in_array($username , $allsqlusers)) {
-							$username = $userinfo['loginname'] . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
-						}
-					} else {
-						$username = $userinfo['loginname'] . $settings['customer']['mysqlprefix'] . (intval($userinfo['mysql_lastaccountnumber']) + 1);
-					}
-
-					$db_root->query('CREATE DATABASE `' . $db_root->escape($username) . '`');
-					$log->logAction(USR_ACTION, LOG_INFO, "created database '" . $username . "'");
-					foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) {
-						$db_root->query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($username)) . '`.* TO `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` IDENTIFIED BY \'password\'');
-						$db_root->query('SET PASSWORD FOR `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` = PASSWORD(\'' . $db_root->escape($password) . '\')');
-						$log->logAction(USR_ACTION, LOG_NOTICE, "grant all privileges for '" . $username . "'@'" . $mysql_access_host . "'");
-					}
-
-					$db_root->query('FLUSH PRIVILEGES');
-					$db_root->close();
-					// End root-session
+					// create database, user, set permissions, etc.pp.
+					$dbm = new DbManager($settings, $log);
+					$username = $dbm->createDatabase(
+						$userinfo['loginname'],
+						$password,
+						$userinfo['mysql_lastaccountnumber']
+					);

 					// Statement modified for Database description -- PH 2004-11-29
-					$result = $db->query('INSERT INTO `' . TABLE_PANEL_DATABASES . '` (`customerid`, `databasename`, `description`, `dbserver`) VALUES ("' . (int)$userinfo['customerid'] . '", "' . $db->escape($username) . '", "' . $db->escape($databasedescription) . '", "' . $db->escape($dbserver) . '")');
-					$result = $db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`+1, `mysql_lastaccountnumber`=`mysql_lastaccountnumber`+1 WHERE `customerid`="' . (int)$userinfo['customerid'] . '"');
+					$stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_DATABASES . '`
+						(`customerid`, `databasename`, `description`, `dbserver`)
+						VALUES (:customerid, :databasename, :description, :dbserver)'
+					);
+					$params = array(
+						"customerid" => $userinfo['customerid'],
+						"databasename" => $username,
+						"description" => $databasedescription,
+						"dbserver" => $dbserver
+					);
+					Database::pexecute($stmt, $params);
+
+					$stmt = Database::prepare('UPDATE `' . TABLE_PANEL_CUSTOMERS . '`
+						SET `mysqls_used` = `mysqls_used` + 1, `mysql_lastaccountnumber` = `mysql_lastaccountnumber` + 1
+						WHERE `customerid` = :customerid'
+					);
+					Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));

 					if ($sendinfomail == 1) {
 						$pma = $lng['admin']['notgiven'];
@@ -184,20 +203,40 @@ if ($page == 'overview') {
 							$pma = $settings['panel']['phpmyadmin_url'];
 						}

+						Database::needRoot(true, $dbserver);
+						Database::needSqlData();
+						$sql_root = Database::getSqlData();
+						Database::needRoot(false);
+
 						$replace_arr = array(
 							'SALUTATION' => getCorrectUserSalutation($userinfo),
 							'CUST_NAME' => getCorrectUserSalutation($userinfo), // < keep this for compatibility
 							'DB_NAME' => $username,
 							'DB_PASS' => $password,
 							'DB_DESC' => $databasedescription,
-							'DB_SRV' => $sql_root[$dbserver]['host'],
-							'PMA_URI' => $pma 
+							'DB_SRV' => $sql_root['caption'],
+							'PMA_URI' => $pma
 						);
-						
+
 						$def_language = $userinfo['def_language'];
-						$result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'new_database_by_customer_subject\'');
+						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
+							WHERE `adminid` = :adminid
+							AND `language` = :lang
+							AND `templategroup`='mails'
+							AND `varname`='new_database_by_customer_subject'"
+						);
+						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
+						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 						$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_subject']), $replace_arr));
-						$result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'new_database_by_customer_mailbody\'');
+
+						$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
+							WHERE `adminid`= :adminid
+							AND `language`= :lang
+							AND `templategroup` = 'mails'
+							AND `varname` = 'new_database_by_customer_mailbody'"
+						);
+						Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
+						$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 						$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['customer']['mysql_add']['infomail_body']['main']), $replace_arr));

 						$_mailerror = false;
@@ -226,13 +265,18 @@ if ($page == 'overview') {
 					redirectTo($filename, Array('page' => $page, 's' => $s));
 				}
 			} else {
+
+				$dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `".TABLE_PANEL_DATABASES."`");
 				$mysql_servers = '';
-
-				foreach ($sql_root as $mysql_server => $mysql_server_details) {
-					$mysql_servers .= makeoption($mysql_server_details['caption'], $mysql_server);
+				$count_mysqlservers = 0;
+				while ($dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC)) {
+					Database::needRoot(true, $dbserver['dbserver']);
+					Database::needSqlData();
+					$sql_root = Database::getSqlData();
+					$mysql_servers .= makeoption($sql_root['caption'], $dbserver['dbserver']);
+					$count_mysqlservers++;
 				}
-
-				//$sendinfomail = makeyesno('sendinfomail', '1', '0', '0');
+				Database::needRoot(false);

 				$mysql_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/mysql/formfield.mysql_add.php';
 				$mysql_add_form = htmlform::genHTMLForm($mysql_add_data);
@@ -244,18 +288,19 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result = $db->query_first('SELECT `id`, `databasename`, `description`, `dbserver` FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . $userinfo['customerid'] . '" AND `id`="' . $id . '"');
+		$result_stmt = Database::prepare("SELECT `id`, `databasename`, `description`, `dbserver` FROM `" . TABLE_PANEL_DATABASES . "`
+			WHERE `customerid` = :customerid
+			AND `id` = :id"
+		);
+		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);

-		if (isset($result['databasename'])
-		   && $result['databasename'] != ''
-		) {
+		if (isset($result['databasename']) && $result['databasename'] != '') {
 			if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) {
 				$result['dbserver'] = 0;
 			}

-			if (isset($_POST['send'])
-			   && $_POST['send'] == 'send'
-			) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// Only change Password if it is set, do nothing if it is empty! -- PH 2004-11-29
 				$password = validate($_POST['mysql_password'], 'password');
 				if ($password != '') {
@@ -263,22 +308,44 @@ if ($page == 'overview') {
 					$password = validatePassword($password);

 					// Begin root-session
-					$db_root = new db($sql_root[$result['dbserver']]['host'], $sql_root[$result['dbserver']]['user'], $sql_root[$result['dbserver']]['password'], '');
+					Database::needRoot(true);
 					foreach (array_map('trim', explode(',', $settings['system']['mysql_access_host'])) as $mysql_access_host) {
-						$db_root->query('SET PASSWORD FOR `' . $db_root->escape($result['databasename']) . '`@`' . $db_root->escape($mysql_access_host) . '` = PASSWORD(\'' . $db_root->escape($password) . '\')');
+						$stmt = Database::prepare("SET PASSWORD FOR :dbname@:host = PASSWORD(:password)");
+						$params = array(
+							"dbname" => $result['databasename'],
+							"host" => $mysql_access_host,
+							"password" => $password
+						);
+						Database::pexecute($stmt, $params);
 					}

-					$db_root->query('FLUSH PRIVILEGES');
-					$db_root->close();
+					$stmt = Database::prepare("FLUSH PRIVILEGES");
+					Database::pexecute($stmt);
+					Database::needRoot(false);
 					// End root-session
 				}

 				// Update the Database description -- PH 2004-11-29
 				$log->logAction(USR_ACTION, LOG_INFO, "edited database '" . $result['databasename'] . "'");
 				$databasedescription = validate($_POST['description'], 'description');
-				$result = $db->query('UPDATE `' . TABLE_PANEL_DATABASES . '` SET `description`="' . $db->escape($databasedescription) . '" WHERE `customerid`="' . (int)$userinfo['customerid'] . '" AND `id`="' . (int)$id . '"');
+				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DATABASES . "`
+					SET `description` = :desc
+					WHERE `customerid` = :customerid
+					AND `id` = :id"
+				);
+				Database::pexecute($stmt, array("desc" => $databasedescription, "customerid" => $userinfo['customerid'], "id" => $id));
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			} else {
+
+				$dbservers_stmt = Database::query("SELECT COUNT(DISTINCT `dbserver`) as numservers FROM `".TABLE_PANEL_DATABASES."`");
+				$dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC);
+				$count_mysqlservers = $dbserver['numservers'];
+
+				Database::needRoot(true, $result['dbserver']);
+				Database::needSqlData();
+				$sql_root = Database::getSqlData();
+				Database::needRoot(false);
+
 				$mysql_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/mysql/formfield.mysql_edit.php';
 				$mysql_edit_form = htmlform::genHTMLForm($mysql_edit_data);

--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -18,56 +18,47 @@
 */

 define('AREA', 'customer');
+require './lib/init.php';

-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
+if (isset($_POST['id'])) {

-require ("./lib/init.php");
-
-if(isset($_POST['id']))
-{
 	$id = intval($_POST['id']);
-	
-	/*
-	 * Check if the current user is allowed to see the current ticket.
-	 */
-	$sql = "SELECT `id` FROM `panel_tickets` WHERE `id` = '".$id."' AND `customerid` = '".$userinfo['customerid']."'";
-	
-	$result = $db->query_first($sql);
+
+	//Check if the current user is allowed to see the current ticket.
+	$stmt = Database::prepare("SELECT `id` FROM `panel_tickets` WHERE `id` = :id AND `customerid` = :customerid");
+	$result = Database::pexecute_first($stmt, array("id" => $id, "customerid" => $userinfo['customerid']));
+
 	if ($result == null) {
 		// no rights to see the requested ticket
 		standard_error(array('ticketnotaccessible'));
 	}
-}
-elseif(isset($_GET['id']))
-{
+} elseif(isset($_GET['id'])) {
 	$id = intval($_GET['id']);
 }

-if($page == 'overview')
-{
+if($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets");
 	eval("echo \"" . getTemplate("tickets/ticket") . "\";");
-}
-elseif($page == 'tickets')
-{
-	if($action == '')
-	{
+} elseif($page == 'tickets') {
+	if($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_tickets::tickets");
 		$fields = array(
 			'status' => $lng['ticket']['status'],
-			'priority' => $lng['ticket']['priority'],
 			'lastchange' => $lng['ticket']['lastchange'],
-			'ticket_answers' => $lng['ticket']['ticket_answers'],
 			'subject' => $lng['ticket']['subject'],
 			'lastreplier' => $lng['ticket']['lastreplier']
 		);
-		$paging = new paging($userinfo, $db, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
-		$paging->sortfield = 'lastchange';
-		$paging->sortorder = 'desc';
-		$result = $db->query('SELECT `main`.`id`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority` FROM `' . TABLE_PANEL_TICKETS . '` as `main` WHERE `main`.`answerto` = "0" AND `archived` = "0" AND `customerid`="' . (int)$userinfo['customerid'] . '" ' . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
-		$paging->setEntries($db->num_rows($result));
+		$paging = new paging($userinfo, TABLE_PANEL_TICKETS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
+		$stmt = Database::prepare('SELECT `main`.`id`, (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub`
+			WHERE `sub`.`answerto` = `main`.`id`) AS `ticket_answers`, `main`.`lastchange`, `main`.`subject`, `main`.`status`, `main`.`lastreplier`, `main`.`priority`
+			FROM `' . TABLE_PANEL_TICKETS . '` as `main`
+			WHERE `main`.`answerto` = "0"
+			AND `archived` = "0"
+			AND `customerid`= :customerid ' . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
+		);
+		Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
+
+		$paging->setEntries(Database::num_rows());
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
@@ -77,41 +68,31 @@ elseif($page == 'tickets')
 		$tickets = '';
 		$tickets_count = 0;

-		while($row = $db->fetch_array($result))
-		{
-			if($paging->checkDisplay($i))
-			{
+		while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+			if($paging->checkDisplay($i)) {
 				$tickets_count++;
 				$row = htmlentities_array($row);
 				$row['lastchange'] = date("d.m.y H:i", $row['lastchange']);

-				if($row['status'] >= 0
-				   && $row['status'] <= 2)
-				{
+				if($row['status'] >= 0 && $row['status'] <= 2) {
 					$reopen = 0;
-				}
-				else
-				{
+				} else {
 					$reopen = 1;
 				}

 				$row['status'] = ticket::getStatusText($lng, $row['status']);
 				$row['priority'] = ticket::getPriorityText($lng, $row['priority']);

-				if($row['lastreplier'] == '1')
-				{
+				if($row['lastreplier'] == '1') {
 					$row['lastreplier'] = $lng['ticket']['staff'];
 					$cananswer = 1;
-				}
-				else
-				{
+				} else {
 					$row['lastreplier'] = $lng['ticket']['customer'];
 					$cananswer = 0;
 				}

 				$row['subject'] = html_entity_decode($row['subject']);
-				if(strlen($row['subject']) > 20)
-				{
+				if(strlen($row['subject']) > 20) {
 					$row['subject'] = substr($row['subject'], 0, 17) . '...';
 				}

@@ -128,57 +109,43 @@ elseif($page == 'tickets')
 		$start = substr($settings['ticket']['worktime_begin'], 0, 2) . substr($settings['ticket']['worktime_begin'], 3, 2);
 		$end = substr($settings['ticket']['worktime_end'], 0, 2) . substr($settings['ticket']['worktime_end'], 3, 2);

-		if($time >= $start
-		   && $time <= $end)
-		{
+		if($time >= $start && $time <= $end) {
 			$supportavailable = 1;
 		}

-		if($settings['ticket']['worktime_sat'] == "0"
-		   && $day == "6")
-		{
+		if($settings['ticket']['worktime_sat'] == "0" && $day == "6") {
 			$supportavailable = 0;
 		}

-		if($settings['ticket']['worktime_sun'] == "0"
-		   && $day == "0")
-		{
+		if($settings['ticket']['worktime_sun'] == "0" && $day == "0") {
 			$supportavailable = 0;
 		}

-		if($settings['ticket']['worktime_all'] == "1")
-		{
+		if($settings['ticket']['worktime_all'] == "1") {
 			$supportavailable = 1;
 		}

 		$ticketsopen = 0;
-		$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-                                         WHERE `customerid` = "' . $userinfo['customerid'] . '"
-                                         AND `answerto` = "0"
-                                         AND (`status` = "0" OR `status` = "1" OR `status` = "2")');
+		$stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
+			WHERE `customerid` = :customerid
+			AND `answerto` = "0"
+			AND (`status` = "0" OR `status` = "1" OR `status` = "2")'
+		);
+		$opentickets = Database::pexecute_first($stmt, array("customerid" => $userinfo['customerid']));

-		if($settings['ticket']['concurrently_open'] != - 1
-		   && $settings['ticket']['concurrently_open'] != '')
-		{
+		if($settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') {
 			$notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open']));
-		}
-		else
-		{
+		} else {
 			$notmorethanxopentickets = '';
 		}

 		$ticketsopen = (int)$opentickets['count'];
 		eval("echo \"" . getTemplate("tickets/tickets") . "\";");
-	}
-	elseif($action == 'new')
-	{
-		if($userinfo['tickets_used'] < $userinfo['tickets']
-		   || $userinfo['tickets'] == '-1')
-		{
-			if(isset($_POST['send'])
-			   && $_POST['send'] == 'send')
-			{
-				$newticket = ticket::getInstanceOf($userinfo, $db, $settings, -1);
+
+	} elseif($action == 'new') {
+		if($userinfo['tickets_used'] < $userinfo['tickets'] || $userinfo['tickets'] == '-1') {
+			if(isset($_POST['send']) && $_POST['send'] == 'send') {
+				$newticket = ticket::getInstanceOf($userinfo, $settings, -1);
 				$newticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
 				$newticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
 				$newticket->Set('category', validate($_POST['category'], 'category'), true, false);
@@ -186,16 +153,11 @@ elseif($page == 'tickets')
 				$newticket->Set('admin', (int)$userinfo['adminid'], true, false);
 				$newticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);

-				if($newticket->Get('subject') == null)
-				{
+				if($newticket->Get('subject') == null) {
 					standard_error(array('stringisempty', 'mysubject'));
-				}
-				elseif($newticket->Get('message') == null)
-				{
+				} elseif($newticket->Get('message') == null) {
 					standard_error(array('stringisempty', 'mymessage'));
-				}
-				else
-				{
+				} else {
 					$now = time();
 					$newticket->Set('dt', $now, true, true);
 					$newticket->Set('lastchange', $now, true, true);
@@ -205,36 +167,39 @@ elseif($page == 'tickets')
 					$newticket->Set('by', '0', true, true);
 					$newticket->Insert();
 					$log->logAction(USR_ACTION, LOG_NOTICE, "opened support-ticket '" . $newticket->Get('subject') . "'");
-					$db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '`
-                          SET `tickets_used`=`tickets_used`+1 WHERE `customerid`="' . (int)$userinfo['customerid'] . '"');
+
+					$stmt = Database::prepare('UPDATE `' . TABLE_PANEL_CUSTOMERS . '`
+						SET `tickets_used`=`tickets_used` + 1
+						WHERE `customerid`= :customerid'
+					);
+					Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));

 					// Customer mail
-
 					$newticket->sendMail((int)$userinfo['customerid'], 'new_ticket_for_customer_subject', $lng['mails']['new_ticket_for_customer']['subject'], 'new_ticket_for_customer_mailbody', $lng['mails']['new_ticket_for_customer']['mailbody']);

 					// Admin mail
-
 					$newticket->sendMail(-1, 'new_ticket_by_customer_subject', $lng['mails']['new_ticket_by_customer']['subject'], 'new_ticket_by_customer_mailbody', $lng['mails']['new_ticket_by_customer']['mailbody']);
-					redirectTo($filename, Array('page' => $page, 's' => $s));
+					redirectTo($filename, array('page' => $page, 's' => $s));
 				}
-			}
-			else
-			{
+			} else {
 				$categories = '';
-				$result = $db->query_first('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC');
+				$result_stmt = Database::prepare('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
+					WHERE `adminid` = :adminid
+					ORDER BY `logicalorder`, `name` ASC'
+				);
+				$result = Database::pexecute_first($result_stmt, array("adminid" => $userinfo['adminid']));

-				if(isset($result['name'])
-				   && $result['name'] != '')
-				{
-					$result2 = $db->query('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC');
+				if (isset($result['name']) && $result['name'] != '') {
+					$result2_stmt = Database::prepare('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
+						WHERE `adminid` = :adminid
+						ORDER BY `logicalorder`, `name` ASC'
+					);
+					Database::pexecute($result2_stmt, array("adminid" => $userinfo['adminid']));

-					while($row = $db->fetch_array($result2))
-					{
+					while($row = $result2_stmt->fetch(PDO::FETCH_ASSOC)) {
 						$categories.= makeoption($row['name'], $row['id']);
 					}
-				}
-				else
-				{
+				} else {
 					$categories = makeoption($lng['ticket']['no_cat'], '0');
 				}

@@ -242,18 +207,18 @@ elseif($page == 'tickets')
 				$priorities.= makeoption($lng['ticket']['normal'], '2', $settings['ticket']['default_priority']);
 				$priorities.= makeoption($lng['ticket']['low'], '3', $settings['ticket']['default_priority']);
 				$ticketsopen = 0;
-				$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-                                           WHERE `customerid` = "' . $userinfo['customerid'] . '"
-                                           AND `answerto` = "0"
-                                           AND (`status` = "0" OR `status` = "1" OR `status` = "2")');
+				$opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
+					WHERE `customerid` = :customerid
+					AND `answerto` = "0"
+					AND (`status` = "0" OR `status` = "1" OR `status` = "2")'
+				);
+				$opentickets = Database::pexecute_first($opentickets_stmt, array("customerid" => $userinfo['customerid']));

-				if($settings['ticket']['concurrently_open'] != - 1
-				   && $settings['ticket']['concurrently_open'] != '')
-				{
+				if ($settings['ticket']['concurrently_open'] != - 1
+					&& $settings['ticket']['concurrently_open'] != ''
+				) {
 					$notmorethanxopentickets = strtr($lng['ticket']['notmorethanxopentickets'], array('%s' => $settings['ticket']['concurrently_open']));
-				}
-				else
-				{
+				} else {
 					$notmorethanxopentickets = '';
 				}

@@ -267,31 +232,21 @@ elseif($page == 'tickets')

 				eval("echo \"" . getTemplate("tickets/tickets_new") . "\";");
 			}
-		}
-		else
-		{
+		} else {
 			standard_error('nomoreticketsavailable');
 		}
-	}
-	elseif($action == 'answer'
-	       && $id != 0)
-	{
-		if(isset($_POST['send'])
-		   && $_POST['send'] == 'send')
-		{
-			$replyticket = ticket::getInstanceOf($userinfo, $db, $settings, -1);
+	} elseif($action == 'answer' && $id != 0) {
+		if(isset($_POST['send']) && $_POST['send'] == 'send') {
+			$replyticket = ticket::getInstanceOf($userinfo, $settings, -1);
 			$replyticket->Set('subject', validate($_POST['subject'], 'subject'), true, false);
 			$replyticket->Set('priority', validate($_POST['priority'], 'priority'), true, false);
 			$replyticket->Set('message', validate(str_replace("\r\n", "\n", $_POST['message']), 'message', '/^[^\0]*$/'), true, false);

-			if($replyticket->Get('message') == null)
-			{
+			if($replyticket->Get('message') == null) {
 				standard_error(array('stringisempty', 'mymessage'));
-			}
-			else
-			{
+			} else {
 				$now = time();
-				$replyticket->Set('customerid', (int)$userinfo['customerid'], true, true);
+				$replyticket->Set('customer', (int)$userinfo['customerid'], true, true);
 				$replyticket->Set('lastchange', $now, true, true);
 				$replyticket->Set('ip', $_SERVER['REMOTE_ADDR'], true, true);
 				$replyticket->Set('status', '1', true, true);
@@ -300,11 +255,9 @@ elseif($page == 'tickets')
 				$replyticket->Insert();

 				// Update priority if changed
+				$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id);

-				$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
-
-				if($replyticket->Get('priority') != $mainticket->Get('priority'))
-				{
+				if($replyticket->Get('priority') != $mainticket->Get('priority')) {
 					$mainticket->Set('priority', $replyticket->Get('priority'), true);
 				}

@@ -316,60 +269,53 @@ elseif($page == 'tickets')
 				$mainticket->sendMail(-1, 'new_reply_ticket_by_customer_subject', $lng['mails']['new_reply_ticket_by_customer']['subject'], 'new_reply_ticket_by_customer_mailbody', $lng['mails']['new_reply_ticket_by_customer']['mailbody']);
 				redirectTo($filename, Array('page' => $page, 's' => $s));
 			}
-		}
-		else
-		{
+		} else {
 			$ticket_replies = '';
-			$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
+			$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id);
 			$dt = date("d.m.Y H:i\h", $mainticket->Get('dt'));
 			$status = ticket::getStatusText($lng, $mainticket->Get('status'));

-			if($mainticket->Get('status') >= 0
-			   && $mainticket->Get('status') <= 2)
-			{
+			if($mainticket->Get('status') >= 0 && $mainticket->Get('status') <= 2) {
 				$isclosed = 0;
-			}
-			else
-			{
+			} else {
 				$isclosed = 1;
 			}

-			if($mainticket->Get('by') == '1')
-			{
+			if($mainticket->Get('by') == '1') {
 				$by = $lng['ticket']['staff'];
-			}
-			else
-			{
+			} else {
 				$cid = $mainticket->Get('customer');
-				$usr = $db->query_first('SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
-						FROM `' . TABLE_PANEL_CUSTOMERS . '`
-						WHERE `customerid` = "' . (int)$cid . '"'
+				$usr_stmt = Database::prepare('SELECT `customerid`, `firstname`, `name`, `company`, `loginname`
+					FROM `' . TABLE_PANEL_CUSTOMERS . '`
+					WHERE `customerid` = :customerid '
 				);
+				$usr = Database::pexecute_first($usr_stmt, array("customerid" => $cid));
 				$by = getCorrectFullUserDetails($usr);
-				//$by = $lng['ticket']['customer'];
 			}

 			$subject = $mainticket->Get('subject');
 			$message = $mainticket->Get('message');
 			eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_main") . "\";");
-			$result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
-                                WHERE `id`="' . (int)$mainticket->Get('category') . '"');
-			$row = $db->fetch_array($result);
-			$andere = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto`="' . (int)$id . '" ORDER BY `lastchange` ASC');
+			$result_stmt = Database::prepare('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
+				WHERE `id`= :id '
+			);
+			$row = Database::pexecute_first($result_stmt, array("id" => $mainticket->Get('category')));

-			while($row2 = $db->fetch_array($andere))
-			{
-				$subticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$row2['id']);
+			$andere_stmt = Database::prepare('SELECT * FROM `' . TABLE_PANEL_TICKETS . '`
+				WHERE `answerto`= :answerto
+				ORDER BY `lastchange` ASC'
+			);
+			Database::pexecute($andere_stmt, array("answerto" => $id));
+			$numrows_andere = Database::num_rows();
+
+			while($row2 = $andere_stmt->fetch(PDO::FETCH_ASSOC)) {
+				$subticket = ticket::getInstanceOf($userinfo, $settings, (int)$row2['id']);
 				$lastchange = date("d.m.Y H:i\h", $subticket->Get('lastchange'));

-				if($subticket->Get('by') == '1')
-				{
+				if($subticket->Get('by') == '1') {
 					$by = $lng['ticket']['staff'];
-				}
-				else
-				{
+				} else {
 					$by = getCorrectFullUserDetails($usr);
-					//$by = $lng['ticket']['customer'];
 				}

 				$subject = $subticket->Get('subject');
@@ -380,11 +326,10 @@ elseif($page == 'tickets')
 			$priorities = makeoption($lng['ticket']['high'], '1', $mainticket->Get('priority'), true, true);
 			$priorities.= makeoption($lng['ticket']['normal'], '2', $mainticket->Get('priority'), true, true);
 			$priorities.= makeoption($lng['ticket']['low'], '3', $mainticket->Get('priority'), true, true);
-			$subject = $mainticket->Get('subject');
-			$ticket_replies_count = $db->num_rows($andere) + 1;
+			$subject = htmlentities($mainticket->Get('subject'));
+			$ticket_replies_count = $numrows_andere + 1;

 			// don't forget the main-ticket!
-
 			$ticket_reply_data = include_once dirname(__FILE__).'/lib/formfields/customer/tickets/formfield.ticket_reply.php';
 			$ticket_reply_form = htmlform::genHTMLForm($ticket_reply_data);

@@ -393,54 +338,41 @@ elseif($page == 'tickets')

 			eval("echo \"" . getTemplate("tickets/tickets_reply") . "\";");
 		}
-	}
-	elseif($action == 'close'
-	       && $id != 0)
-	{
-		if(isset($_POST['send'])
-		   && $_POST['send'] == 'send')
-		{
+	} elseif($action == 'close' && $id != 0) {
+		if(isset($_POST['send']) && $_POST['send'] == 'send') {
 			$now = time();
-			$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
+			$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id);
 			$mainticket->Set('lastchange', $now, true, true);
 			$mainticket->Set('lastreplier', '0', true, true);
 			$mainticket->Set('status', '3', true, true);
 			$mainticket->Update();
 			$log->logAction(USR_ACTION, LOG_NOTICE, "closed support-ticket '" . $mainticket->Get('subject') . "'");
 			redirectTo($filename, Array('page' => $page, 's' => $s));
-		}
-		else
-		{
-			$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
+		} else {
+			$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id);
 			ask_yesno('ticket_reallyclose', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $mainticket->Get('subject'));
 		}
-	}
-	elseif($action == 'reopen'
-	       && $id != 0)
-	{
+	} elseif($action == 'reopen' && $id != 0) {
 		$ticketsopen = 0;
-		$opentickets = $db->query_first('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
-                                       WHERE `customerid` = "' . $userinfo['customerid'] . '"
-                                       AND `answerto` = "0"
-                                       AND (`status` = "0" OR `status` = "1" OR `status` = "2")');
+		$opentickets_stmt = Database::prepare('SELECT COUNT(`id`) as `count` FROM `' . TABLE_PANEL_TICKETS . '`
+			WHERE `customerid` = :customerid
+			AND `answerto` = "0"
+			AND (`status` = "0" OR `status` = "1" OR `status` = "2")'
+		);
+		$opentickets = Database::pexecute_first($opentickets_stmt, array("customerid" => $userinfo['customerid']));
 		$ticketsopen = (int)$opentickets['count'];

-		if($ticketsopen > $settings['ticket']['concurrently_open']
-		   && $settings['ticket']['concurrently_open'] != - 1
-		   && $settings['ticket']['concurrently_open'] != '')
-		{
+		if($ticketsopen > $settings['ticket']['concurrently_open'] && $settings['ticket']['concurrently_open'] != - 1 && $settings['ticket']['concurrently_open'] != '') {
 			standard_error('notmorethanxopentickets', $settings['ticket']['concurrently_open']);
 		}

 		$now = time();
-		$mainticket = ticket::getInstanceOf($userinfo, $db, $settings, (int)$id);
+		$mainticket = ticket::getInstanceOf($userinfo, $settings, (int)$id);
 		$mainticket->Set('lastchange', $now, true, true);
 		$mainticket->Set('lastreplier', '0', true, true);
 		$mainticket->Set('status', '0', true, true);
 		$mainticket->Update();
 		$log->logAction(USR_ACTION, LOG_NOTICE, "reopened support-ticket '" . $mainticket->Get('subject') . "'");
-		redirectTo($filename, Array('page' => $page, 's' => $s));
+		redirectTo($filename, array('page' => $page, 's' => $s));
 	}
 }
-
-?>
--- a/customer_traffic.php
+++ b/customer_traffic.php
@@ -18,33 +18,21 @@
 */

 define('AREA', 'customer');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
 $intrafficpage = 1;
-require('./lib/init.php');
+require './lib/init.php';
 $traffic = '';
 $month = null;
 $year = null;

-if (isset($_POST['month'])
-	&& isset($_POST['year'])
-) {
+if (isset($_POST['month']) && isset($_POST['year'])) {
 	$month = intval($_POST['month']);
 	$year = intval($_POST['year']);
-} elseif (isset($_GET['month'])
-	&& isset($_GET['year'])
-) {
+} elseif (isset($_GET['month']) && isset($_GET['year'])) {
 	$month = intval($_GET['month']);
 	$year = intval($_GET['year']);
 }
-
 //BAM! $_GET???
-
-elseif (isset($_GET['page'])
-	&& $_GET['page'] == 'current'
-) {
+elseif (isset($_GET['page']) && $_GET['page'] == 'current') {
 	if (date('d') != '01') {
 		$month = date('m');
 		$year = date('Y');
@@ -59,22 +47,28 @@ elseif (isset($_GET['page'])
 	}
 }

-if (!is_null($month)
-	&& !is_null($year)) {
+if (!is_null($month) && !is_null($year)) {
 	$traf['byte'] = 0;
-	$result = $db->query("SELECT
-                                SUM(`http`) as 'http', SUM(`ftp_up`) AS 'ftp_up', SUM(`ftp_down`) as 'ftp_down', SUM(`mail`) as 'mail',
-                                `day`, `month`, `year`
-                             FROM `" . TABLE_PANEL_TRAFFIC . "`
-	                     WHERE `customerid`='" . $userinfo['customerid'] . "'
-	                     AND `month` = '" . $month . "' AND `year` = '" . $year . "'
-	                     GROUP BY `day` ORDER BY `day` ASC");
+	$result_stmt = Database::prepare("SELECT SUM(`http`) as 'http', SUM(`ftp_up`) AS 'ftp_up', SUM(`ftp_down`) as 'ftp_down', SUM(`mail`) as 'mail', `day`, `month`, `year`
+		FROM `" . TABLE_PANEL_TRAFFIC . "`
+		WHERE `customerid`= :customerid
+		AND `month` = :month
+		AND `year` = :year
+		GROUP BY `day`
+		ORDER BY `day` ASC"
+	);
+	$params = array(
+		"customerid" => $userinfo['customerid'],
+		"month" => $month,
+		"year" => $year
+	);
+	Database::pexecute($result_stmt, $params);
 	$traffic_complete['http'] = 0;
 	$traffic_complete['ftp'] = 0;
 	$traffic_complete['mail'] = 0;
 	$show = '';

-	while ($row = $db->fetch_array($result)) {
+	while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 		$http = $row['http'];
 		$ftp = $row['ftp_up'] + $row['ftp_down'];
 		$mail = $row['mail'];
@@ -85,17 +79,17 @@ if (!is_null($month)
 		$traf['day'] = $row['day'] . '.';

 		if (extension_loaded('bcmath')) {
-			$traf['ftptext'] = bcdiv($row['ftp_up'], 1024, $settings['panel']['decimal_places']) . " MB up/ " . bcdiv($row['ftp_down'], 1024, $settings['panel']['decimal_places']) . " MB down (FTP)";
-			$traf['httptext'] = bcdiv($http, 1024, $settings['panel']['decimal_places']) . " MB (HTTP)";
-			$traf['mailtext'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']) . " MB (Mail)";
+			$traf['ftptext'] = bcdiv($row['ftp_up'], 1024, $settings['panel']['decimal_places']) . " MiB up/ " . bcdiv($row['ftp_down'], 1024, $settings['panel']['decimal_places']) . " MiB down (FTP)";
+			$traf['httptext'] = bcdiv($http, 1024, $settings['panel']['decimal_places']) . " MiB (HTTP)";
+			$traf['mailtext'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']) . " MiB (Mail)";
 			$traf['ftp'] = bcdiv($ftp, 1024, $settings['panel']['decimal_places']);
 			$traf['http'] = bcdiv($http, 1024, $settings['panel']['decimal_places']);
 			$traf['mail'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']);
 			$traf['byte'] = bcdiv($traf['byte'], 1024, $settings['panel']['decimal_places']);
 		} else {
-			$traf['ftptext'] = round($row['ftp_up'] / 1024, $settings['panel']['decimal_places']) . " MB up/ " . round($row['ftp_down'] / 1024, $settings['panel']['decimal_places']) . " MB down (FTP)";
-			$traf['httptext'] = round($http / 1024, $settings['panel']['decimal_places']) . " MB (HTTP)";
-			$traf['mailtext'] = round($mail / 1024, $settings['panel']['decimal_places']) . " MB (Mail)";
+			$traf['ftptext'] = round($row['ftp_up'] / 1024, $settings['panel']['decimal_places']) . " MiB up/ " . round($row['ftp_down'] / 1024, $settings['panel']['decimal_places']) . " MiB down (FTP)";
+			$traf['httptext'] = round($http / 1024, $settings['panel']['decimal_places']) . " MiB (HTTP)";
+			$traf['mailtext'] = round($mail / 1024, $settings['panel']['decimal_places']) . " MiB (Mail)";
 			$traf['http'] = round($http, $settings['panel']['decimal_places']);
 			$traf['ftp'] = round($ftp, $settings['panel']['decimal_places']);
 			$traf['mail'] = round($mail, $settings['panel']['decimal_places']);
@@ -105,27 +99,26 @@ if (!is_null($month)
 		eval("\$traffic.=\"" . getTemplate('traffic/traffic_month') . "\";");
 		$show = $lng['traffic']['months'][intval($row['month'])] . ' ' . $row['year'];
 	}
-
-	if (extension_loaded('bcmath')) {
-		$traffic_complete['http'] = bcdiv($traffic_complete['http'], 1024, $settings['panel']['decimal_places']);
-		$traffic_complete['ftp'] = bcdiv($traffic_complete['ftp'], 1024, $settings['panel']['decimal_places']);
-		$traffic_complete['mail'] = bcdiv($traffic_complete['mail'], 1024, $settings['panel']['decimal_places']);
-	} else {
-		$traffic_complete['http'] = round($traffic_complete['http'] / 1024, $settings['panel']['decimal_places']);
-		$traffic_complete['ftp'] = round($traffic_complete['ftp'] / 1024, $settings['panel']['decimal_places']);
-		$traffic_complete['mail'] = round($traffic_complete['mail'] / 1024, $settings['panel']['decimal_places']);
-	}
+	
+	$traffic_complete['http'] = size_readable($traffic_complete['http'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');
+	$traffic_complete['ftp'] = size_readable($traffic_complete['ftp'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');
+	$traffic_complete['mail'] = size_readable($traffic_complete['mail'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');

 	eval("echo \"" . getTemplate('traffic/traffic_details') . "\";");
 } else {
-	$result = $db->query("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
-	                     FROM `" . TABLE_PANEL_TRAFFIC . "` WHERE `customerid` = '" . $userinfo['customerid'] . "'
-	                     GROUP BY CONCAT(`year`,`month`) ORDER BY CONCAT(`year`,`month`) DESC LIMIT 12");
+	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
+		FROM `" . TABLE_PANEL_TRAFFIC . "`
+		WHERE `customerid` = :customerid
+		GROUP BY CONCAT(`year`,`month`)
+		ORDER BY CONCAT(`year`,`month`) DESC
+		LIMIT 12"
+	);
+	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
 	$traffic_complete['http'] = 0;
 	$traffic_complete['ftp'] = 0;
 	$traffic_complete['mail'] = 0;

-	while ($row = $db->fetch_array($result)) {
+	while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 		$http = $row['http'];
 		$ftp_up = $row['ftp_up'];
 		$ftp_down = $row['ftp_down'];
@@ -139,17 +132,17 @@ if (!is_null($month)
 		$traf['byte'] = $http + $ftp_up + $ftp_down + $mail;

 		if (extension_loaded('bcmath')) {
-			$traf['ftptext'] = bcdiv($ftp_up, 1024, $settings['panel']['decimal_places']) . " MB up/ " . bcdiv($ftp_down, 1024, $settings['panel']['decimal_places']) . " MB down (FTP)";
-			$traf['httptext'] = bcdiv($http, 1024, $settings['panel']['decimal_places']) . " MB (HTTP)";
-			$traf['mailtext'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']) . " MB (Mail)";
+			$traf['ftptext'] = bcdiv($ftp_up, 1024, $settings['panel']['decimal_places']) . " MiB up/ " . bcdiv($ftp_down, 1024, $settings['panel']['decimal_places']) . " MiB down (FTP)";
+			$traf['httptext'] = bcdiv($http, 1024, $settings['panel']['decimal_places']) . " MiB (HTTP)";
+			$traf['mailtext'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']) . " MiB (Mail)";
 			$traf['ftp'] = bcdiv(($ftp_up + $ftp_down), 1024, $settings['panel']['decimal_places']);
 			$traf['http'] = bcdiv($http, 1024, $settings['panel']['decimal_places']);
 			$traf['mail'] = bcdiv($mail, 1024, $settings['panel']['decimal_places']);
 			$traf['byte'] = bcdiv($traf['byte'], 1024 * 1024, $settings['panel']['decimal_places']);
 		} else {
-			$traf['ftptext'] = round($ftp_up / 1024, $settings['panel']['decimal_places']) . " MB up/ " . round($ftp_down / 1024, $settings['panel']['decimal_places']) . " MB down (FTP)";
-			$traf['httptext'] = round($http / 1024, $settings['panel']['decimal_places']) . " MB (HTTP)";
-			$traf['mailtext'] = round($mail / 1024, $settings['panel']['decimal_places']) . " MB (Mail)";
+			$traf['ftptext'] = round($ftp_up / 1024, $settings['panel']['decimal_places']) . " MiB up/ " . round($ftp_down / 1024, $settings['panel']['decimal_places']) . " MiB down (FTP)";
+			$traf['httptext'] = round($http / 1024, $settings['panel']['decimal_places']) . " MiB (HTTP)";
+			$traf['mailtext'] = round($mail / 1024, $settings['panel']['decimal_places']) . " MiB (Mail)";
 			$traf['ftp'] = round(($ftp_up + $ftp_down) / 1024, $settings['panel']['decimal_places']);
 			$traf['http'] = round($http / 1024, $settings['panel']['decimal_places']);
 			$traf['mail'] = round($mail / 1024, $settings['panel']['decimal_places']);
@@ -159,15 +152,9 @@ if (!is_null($month)
 		eval("\$traffic.=\"" . getTemplate('traffic/traffic_traffic') . "\";");
 	}

-	if (extension_loaded('bcmath')) {
-		$traffic_complete['http'] = bcdiv($traffic_complete['http'], 1024 * 1024, $settings['panel']['decimal_places']);
-		$traffic_complete['ftp'] = bcdiv($traffic_complete['ftp'], 1024 * 1024, $settings['panel']['decimal_places']);
-		$traffic_complete['mail'] = bcdiv($traffic_complete['mail'], 1024 * 1024, $settings['panel']['decimal_places']);
-	} else {
-		$traffic_complete['http'] = round($traffic_complete['http'] / (1024 * 1024), $settings['panel']['decimal_places']);
-		$traffic_complete['ftp'] = round($traffic_complete['ftp'] / (1024 * 1024), $settings['panel']['decimal_places']);
-		$traffic_complete['mail'] = round($traffic_complete['mail'] / (1024 * 1024), $settings['panel']['decimal_places']);
-	}
+	$traffic_complete['http'] = size_readable($traffic_complete['http'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');
+	$traffic_complete['ftp'] = size_readable($traffic_complete['ftp'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');
+	$traffic_complete['mail'] = size_readable($traffic_complete['mail'] * 1024, 'GiB', 'bi', '%01.'.(int)$settings['panel']['decimal_places'].'f %s');

 	eval("echo \"" . getTemplate('traffic/traffic') . "\";");
 }
--- a/index.php
+++ b/index.php
@@ -18,24 +18,22 @@
 */

 define('AREA', 'login');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-require ('./lib/init.php');
+require './lib/init.php';

 if ($action == '') {
 	$action = 'login';
 }

 if ($action == 'login') {
-	if (isset($_POST['send'])
-		&& $_POST['send'] == 'send'
-	) {
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$loginname = validate($_POST['loginname'], 'loginname');
 		$password = validate($_POST['password'], 'password');

-		$row = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
+		$stmt = Database::prepare("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+			WHERE `loginname`= :loginname"
+		);
+		Database::pexecute($stmt, array("loginname" => $loginname));
+		$row = $stmt->fetch(PDO::FETCH_ASSOC);

 		if ($row['customer'] == $loginname) {
 			$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
@@ -45,16 +43,21 @@ if ($action == 'login') {
 		} else {
 			$is_admin = true;
 			if ((int)$settings['login']['domain_login'] == 1) {
-				/**
-				 * check if the customer tries to login with a domain, #374
-				 */
 				$domainname = $idna_convert->encode(preg_replace(Array('/\:(\d)+$/', '/^https?\:\/\//'), '', $loginname));
-				$row2 = $db->query_first("SELECT `customerid` FROM `".TABLE_PANEL_DOMAINS."` WHERE `domain` = '".$db->escape($domainname)."'");
-	
+				$stmt = Database::prepare("SELECT `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
+					WHERE `domain` = :domain"
+				);
+				Database::pexecute($stmt, array("domain" => $domainname));
+				$row2 = $stmt->fetch(PDO::FETCH_ASSOC);
+
 				if (isset($row2['customerid']) && $row2['customerid'] > 0) {
 					$loginname = getCustomerDetail($row2['customerid'], 'loginname');
 					if ($loginname !== false) {
-						$row3 = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
+						$stmt = Database::prepare("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+							WHERE `loginname`= :loginname"
+						);
+						Database::pexecute($stmt, array("loginname" => $loginname));
+						$row3 = $stmt->fetch(PDO::FETCH_ASSOC);
 						if ($row3['customer'] == $loginname) {
 							$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
 							$uid = 'customerid';
@@ -73,16 +76,23 @@ if ($action == 'login') {

 		if ($is_admin) {
 			if (hasUpdates($version)) {
-				$row = $db->query_first("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`='" . $db->escape($loginname) . "' AND `change_serversettings` = '1'");
-				/*
-				 * not an admin who can see updates
-				 */
+				$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
+					WHERE `loginname`= :loginname
+					AND `change_serversettings` = '1'"
+				);
+				Database::pexecute($stmt, array("loginname" => $loginname));
+				$row = $stmt->fetch(PDO::FETCH_ASSOC);
 				if (!isset($row['admin'])) {
+					// not an admin who can see updates
 					redirectTo('index.php');
 					exit;
 				}
 			} else {
-				$row = $db->query_first("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
+				$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
+					WHERE `loginname`= :loginname"
+				);
+				Database::pexecute($stmt, array("loginname" => $loginname));
+				$row = $stmt->fetch(PDO::FETCH_ASSOC);
 			}

 			if ($row['admin'] == $loginname) {
@@ -95,30 +105,38 @@ if ($action == 'login') {
 			}
 		}

-		$userinfo = $db->query_first("SELECT * FROM $table WHERE `loginname`='" . $db->escape($loginname) . "'");
+		$userinfo_stmt = Database::prepare("SELECT * FROM $table
+			WHERE `loginname`= :loginname"
+		);
+		Database::pexecute($userinfo_stmt, array("loginname" => $loginname));
+		$userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC);

-		if ($userinfo['loginfail_count'] >= $settings['login']['maxloginattempts']
-			&& $userinfo['lastlogin_fail'] > (time() - $settings['login']['deactivatetime'])
-		) {
+		if ($userinfo['loginfail_count'] >= $settings['login']['maxloginattempts'] && $userinfo['lastlogin_fail'] > (time() - $settings['login']['deactivatetime'])) {
 			redirectTo('index.php', Array('showmessage' => '3'), true);
 			exit;
 		} elseif($userinfo['password'] == md5($password)) {
 			// login correct
 			// reset loginfail_counter, set lastlogin_succ
-			$db->query("UPDATE $table SET `lastlogin_succ`='" . time() . "', `loginfail_count`='0' WHERE `$uid`='" . (int)$userinfo[$uid] . "'");
+			$stmt = Database::prepare("UPDATE $table
+				SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
+				WHERE `$uid`= :uid"
+			);
+			Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
 			$userinfo['userid'] = $userinfo[$uid];
 			$userinfo['adminsession'] = $adminsession;
 		} else {
 			// login incorrect
-			$db->query("UPDATE $table SET `lastlogin_fail`='" . time() . "', `loginfail_count`=`loginfail_count`+1 WHERE `$uid`='" . (int)$userinfo[$uid] . "'");
+			$stmt = Database::prepare("UPDATE $table
+				SET `lastlogin_fail`= :lastlogin_fail, `loginfail_count`=`loginfail_count`+1
+				WHERE `$uid`= :uid"
+			);
+			Database::pexecute($stmt, array("lastlogin_fail" => time(), "uid" => $userinfo[$uid]));
 			unset($userinfo);
 			redirectTo('index.php', Array('showmessage' => '2'), true);
 			exit;
 		}

-		if (isset($userinfo['userid'])
-			&& $userinfo['userid'] != ''
-		) {
+		if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
 			$s = md5(uniqid(microtime(), 1));

 			if (isset($_POST['language'])) {
@@ -139,22 +157,46 @@ if ($action == 'login') {
 			}

 			if ($settings['session']['allow_multiple_login'] != '1') {
-				$db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['userid'] . "' AND `adminsession` = '" . $db->escape($userinfo['adminsession']) . "'");
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_SESSIONS . "`
+					WHERE `userid` = :uid
+					AND `adminsession` = :adminsession"
+				);
+				Database::pexecute($stmt, array("uid" => $userinfo['userid'], "adminsession" => $userinfo['adminsession']));
 			}

 			// check for field 'theme' in session-table, refs #607
-			$fields = mysql_list_fields($db->getDbName(), TABLE_PANEL_SESSIONS);
-			$columns = mysql_num_fields($fields);
-			$field_array = array();
-			for ($i = 0; $i < $columns; $i++) {
-				$field_array[] = mysql_field_name($fields, $i);
+			// Changed with #1287 to new method
+			$theme_field = false;
+			$stmt = Database::query("SHOW COLUMNS FROM panel_sessions LIKE 'theme'");
+			while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+				if ($row['Field'] == "theme") {
+					$has_theme = true;
+				}
 			}

-			if (!in_array('theme', $field_array)) {
-				$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) VALUES ('" . $db->escape($s) . "', '" . (int)$userinfo['userid'] . "', '" . $db->escape($remote_addr) . "', '" . $db->escape($http_user_agent) . "', '" . time() . "', '" . $db->escape($language) . "', '" . $db->escape($userinfo['adminsession']) . "')");
-    			} else {
-    				$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`) VALUES ('" . $db->escape($s) . "', '" . (int)$userinfo['userid'] . "', '" . $db->escape($remote_addr) . "', '" . $db->escape($http_user_agent) . "', '" . time() . "', '" . $db->escape($language) . "', '" . $db->escape($userinfo['adminsession']) . "', '" . $db->escape($theme) . "')");
-    			}
+			$params = array(
+				"hash" => $s,
+				"userid" => $userinfo['userid'],
+				"ipaddress" => $remote_addr,
+				"useragent" => $http_user_agent,
+				"lastactivity" => time(),
+				"language" => $language,
+				"adminsession" => $userinfo['adminsession']
+			);
+
+			if ($has_theme) {
+				$params["theme"] = $theme;
+				$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "`
+					(`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`)
+					VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession, :theme)"
+				);
+    		} else {
+    			$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_SESSIONS . "`
+					(`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`)
+					VALUES (:hash, :userid, :ipaddress, :useragent, :lastactivity, :language, :adminsession)"
+				);
+    		}
+    		Database::pexecute($stmt, $params);

 			if ($userinfo['adminsession'] == '1') {
 				if (hasUpdates($version)) {
@@ -198,6 +240,12 @@ if ($action == 'login') {
 			case 5:
 				$message = $lng['error']['user_banned'];
 				break;
+			case 6:
+				$successmessage = $lng['pwdreminder']['changed'];
+				break;
+			case 7:
+				$message = $lng['pwdreminder']['wrongcode'];
+				break;
 		}

 		$update_in_progress = '';
@@ -213,76 +261,109 @@ if ($action == 'forgotpwd') {
 	$adminchecked = false;
 	$message = '';

-	if (isset($_POST['send'])
-		&& $_POST['send'] == 'send'
-	) {
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$loginname = validate($_POST['loginname'], 'loginname');
 		$email = validateEmail($_POST['loginemail'], 'email');
-		$sql = "SELECT `adminid`, `customerid`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
-				WHERE `loginname`='" . $db->escape($loginname) . "'
-				AND `email`='" . $db->escape($email) . "'";
-		$result = $db->query($sql);
+		$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
+			WHERE `loginname`= :loginname
+			AND `email`= :email"
+		);
+		Database::pexecute($result_stmt, array("loginname" => $loginname, "email" => $email));

-		if ($db->num_rows() == 0) {
-			$sql = "SELECT `adminid`, `name`, `email`, `loginname`, `def_language` FROM `" . TABLE_PANEL_ADMINS . "`
-				WHERE `loginname`='" . $db->escape($loginname) . "'
-				AND `email`='" . $db->escape($email) . "'";
-			$result = $db->query($sql);
-				
-			if ($db->num_rows() > 0) {
+		if (Database::num_rows() == 0) {
+			$result_stmt = Database::prepare("SELECT `adminid`, `name`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_ADMINS . "`
+				WHERE `loginname`= :loginname
+				AND `email`= :email"
+			);
+			Database::pexecute($result_stmt, array("loginname" => $loginname, "email" => $email));
+
+			if (Database::num_rows() > 0) {
 				$adminchecked = true;
 			} else {
-				$result = null;
+				$result_stmt = null;
 			}
 		}

-		if ($result !== null) {
-			$user = $db->fetch_array($result);
-			
+		if ($result_stmt !== null) {
+			$user = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
 			/* Check whether user is banned */
 			if ($user['deactivated']) {
 				$message = $lng['pwdreminder']['notallowed'];
 				redirectTo('index.php', Array('showmessage' => '5'), true);
 			}

-			if (($adminchecked && $settings['panel']['allow_preset_admin'] == '1')
-				|| $adminchecked == false
-			) {
+			if (($adminchecked && $settings['panel']['allow_preset_admin'] == '1') || $adminchecked == false) {
 				if ($user !== false) {
-					if ($settings['panel']['password_min_length'] <= 6) {
-						$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
-					} else {
-						// make it two times larger than password_min_length
-						$rnd = '';
-						$minlength = $settings['panel']['password_min_length'];
-						while (strlen($rnd) < ($minlength * 2)) {
-							$rnd .= md5(uniqid(microtime(), 1));
-						}
-						$password = substr($rnd, (int)($minlength / 2), $minlength);
-					}
-
-					$passwordTable = $adminchecked ? TABLE_PANEL_ADMINS : TABLE_PANEL_CUSTOMERS;
-					$db->query("UPDATE `" . $passwordTable . "` SET `password`='" . md5($password) . "'
-							WHERE `loginname`='" . $user['loginname'] . "'
-							AND `email`='" . $user['email'] . "'");
-
-					$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $db, $settings);
-					$rstlog->logAction(USR_ACTION, LOG_WARNING, "Password for user '" . $user['loginname'] . "' has been reset!");
+					// build a activation code
+					$timestamp = time();
+					$first = substr(md5($user['loginname'] . $timestamp . rand(0, $timestamp)), 0, 15);
+					$third = substr(md5($user['email'] . $timestamp . rand(0, $timestamp)), -15);
+					$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
+					
+					// Drop all existing activation codes for this user
+					$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
+						WHERE `userid` = :userid
+						AND `admin` = :admin"
+					);
+					$params = array(
+						"userid" => $adminchecked ? $user['adminid'] : $user['customerid'],
+						"admin" => $adminchecked ? 1 : 0
+					);
+					Database::pexecute($stmt, $params);
+					
+					// Add new activation code to database
+					$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_ACTIVATION . "`
+						(userid, admin, creation, activationcode)
+						VALUES (:userid, :admin, :creation, :activationcode)"
+					);
+					$params = array(
+						"userid" => $adminchecked ? $user['adminid'] : $user['customerid'],
+						"admin" => $adminchecked ? 1 : 0,
+						"creation" => $timestamp,
+						"activationcode" => $activationcode
+					);
+					Database::pexecute($stmt, $params);

+					$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $settings);
+					$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password.");
+					
+					// Set together our activation link
+					$protocol = strpos(strtolower($_SERVER['SERVER_PROTOCOL']),'https') === FALSE ? 'http' : 'https';
+					$host = $_SERVER['HTTP_HOST'];
+					$port = $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT'] : '';
+					$script = $_SERVER['SCRIPT_NAME'];
+					$activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode;
+					
 					$replace_arr = array(
 						'SALUTATION' => getCorrectUserSalutation($user),
 						'USERNAME' => $user['loginname'],
-						'PASSWORD' => $password
+						'LINK' => $activationlink
 					);

-					$body = strtr($lng['pwdreminder']['body'], array('%s' => $user['firstname'] . ' ' . $user['name'], '%p' => $password));
+					$body = strtr($lng['pwdreminder']['body'], array('%s' => $user['firstname'] . ' ' . $user['name'], '%a' => $activationlink));

 					$def_language = ($user['def_language'] != '') ? $user['def_language'] : $settings['panel']['standardlanguage'];
-					$result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$user['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'password_reset_subject\'');
+					$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
+						WHERE `adminid`= :adminid
+						AND `language`= :lang
+						AND `templategroup`=\'mails\'
+						AND `varname`=\'password_reset_subject\''
+					);
+					Database::pexecute($result_stmt, array("adminid" => $user['adminid'], "lang" => $def_language));
+					$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 					$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['pwdreminder']['subject']), $replace_arr));
-					$result = $db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$user['adminid'] . '\' AND `language`=\'' . $db->escape($def_language) . '\' AND `templategroup`=\'mails\' AND `varname`=\'password_reset_mailbody\'');
+
+					$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
+						WHERE `adminid`= :adminid
+						AND `language`= :lang
+						AND `templategroup`=\'mails\'
+						AND `varname`=\'password_reset_mailbody\''
+					);
+					Database::pexecute($result_stmt, array("adminid" => $user['adminid'], "lang" => $def_language));
+					$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 					$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $body), $replace_arr));
-						
+
 					$_mailerror = false;
 					try {
 						$mail->Subject = $mail_subject;
@@ -299,18 +380,18 @@ if ($action == 'forgotpwd') {
 					}

 					if ($_mailerror) {
-						$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $db, $settings);
+						$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $settings);
 						$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
-						redirectTo('index.php', Array('showmessage' => '4', 'customermail' => $user['email']), true);
+						redirectTo('index.php', array('showmessage' => '4', 'customermail' => $user['email']), true);
 						exit;
 					}

 					$mail->ClearAddresses();
-					redirectTo('index.php', Array('showmessage' => '1'), true);
+					redirectTo('index.php', array('showmessage' => '1'), true);
 					exit;
 				} else {
-					$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $db, $settings);
-					$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to reset pwd but wasn't found in database!");
+					$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $settings);
+					$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $loginname . "' requested to set a new password, but was not found in database!");
 					$message = $lng['login']['combination_not_found'];
 				}

@@ -334,3 +415,83 @@ if ($action == 'forgotpwd') {

 	eval("echo \"" . getTemplate('fpwd') . "\";");
 }
+
+if ($action == 'resetpwd') {
+	$message = '';
+	
+	// Remove old activation codes
+	$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
+		WHERE creation < :oldest"
+	);
+	Database::pexecute($stmt, array("oldest" => time() - 86400));
+	
+	if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) {
+		// Check if activation code is valid
+		$activationcode = $_GET['resetcode'];
+		$timestamp = substr($activationcode, 15, 10);
+		$third = substr($activationcode, 25, 15);
+		$check = substr($activationcode, 40, 10);
+		
+		if (substr(md5($third . $timestamp), 0, 10) == $check && $timestamp >= time() - 86400) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				$stmt = Database::prepare("SELECT `userid`, `admin` FROM `" . TABLE_PANEL_ACTIVATION . "`
+					WHERE `activationcode` = :activationcode"
+				);
+				$result = Database::pexecute_first($stmt, array("activationcode" => $activationcode));
+				
+				if ($result !== false) {
+					if ($result['admin'] == 1) {
+						$new_password = validate($_POST['new_password'], 'new password');
+						$new_password_confirm = validate($_POST['new_password_confirm'], 'new password confirm');
+					} else {
+						$new_password = validatePassword($_POST['new_password'], 'new password');
+						$new_password_confirm = validatePassword($_POST['new_password_confirm'], 'new password confirm');
+					}
+					
+					if ($new_password == '') {
+						$message = $new_password;
+					} elseif($new_password_confirm == '') {
+						$message = $new_password_confirm;
+					} elseif($new_password != $new_password_confirm) {
+						$message = $new_password . " != " . $new_password_confirm;
+					} else {
+						// Update user password
+						if ($result['admin'] == 1) {
+							$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_ADMINS . "`
+								SET `password` = :newpassword
+								WHERE `adminid` = :userid"
+							);
+						} else {
+							$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+								SET `password` = :newpassword
+								WHERE `customerid` = :userid"
+							);
+						}
+						Database::pexecute($stmt, array("newpassword" => md5($new_password), "userid" => $result['userid']));
+						
+						$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $settings);
+						$rstlog->logAction(USR_ACTION, LOG_NOTICE, "changed password using password reset.");
+						
+						// Remove activation code from DB
+						$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
+							WHERE `activationcode` = :activationcode
+							AND `userid` = :userid"
+						);
+						Database::pexecute($stmt, array("activationcode" => $activationcode, "userid" => $result['userid']));
+						redirectTo('index.php', array("showmessage" => '6'), true);
+					}
+				} else {
+					redirectTo('index.php', array("showmessage" => '7'), true);
+				}
+			}
+			
+			eval("echo \"" . getTemplate('rpwd') . "\";");
+			
+		} else {
+			redirectTo('index.php', array("showmessage" => '7'), true);
+		}
+		
+	} else {
+		redirectTo('index.php');
+	}
+}
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -74,6 +74,16 @@ CREATE TABLE `mail_virtual` (
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


+DROP TABLE IF EXISTS `panel_activation`;
+CREATE TABLE `panel_activation` (
+  `id` int(11) unsigned NOT NULL auto_increment,
+  `userid` int(11) unsigned NOT NULL default '0',
+  `admin` tinyint(1) unsigned NOT NULL default '0',
+  `creation` int(11) unsigned NOT NULL default '0',
+  `activationcode` varchar(50) default NULL,
+  PRIMARY KEY (id)
+) ENGINE=MyISAM  CHARSET=utf8 COLLATE=utf8_general_ci;
+

 DROP TABLE IF EXISTS `panel_admins`;
 CREATE TABLE `panel_admins` (
@@ -366,6 +376,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('dkim', 'dkimrestart_command', '/etc/init.d/dkim-filter restart'),
 	('autoresponder', 'autoresponder_active', '0'),
 	('autoresponder', 'last_autoresponder_run', '0'),
+	('admin', 'show_news_feed', '1'),
 	('admin', 'show_version_login', '0'),
 	('admin', 'show_version_footer', '0'),
 	('aps', 'items_per_page', '20'),
@@ -415,13 +426,14 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'aliasconfigdir', '/var/www/php-fpm/'),
 	('phpfpm', 'defaultini', '1'),
 	('phpfpm', 'vhost_defaultini', '1'),
+	('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),
 	('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'),
 	('system', 'lastaccountnumber', '0'),
 	('system', 'lastguid', '9999'),
 	('system', 'documentroot_prefix', '/var/customers/webs/'),
 	('system', 'logfiles_directory', '/var/customers/logs/'),
 	('system', 'ipaddress', 'SERVERIP'),
-	('system', 'apachereload_command', '/etc/init.d/apache reload'),
+	('system', 'apachereload_command', '/etc/init.d/apache2 reload'),
 	('system', 'last_traffic_run', '000000'),
 	('system', 'vmail_uid', '2000'),
 	('system', 'vmail_gid', '2000'),
@@ -441,9 +453,9 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'nameservers', ''),
 	('system', 'mxservers', ''),
 	('system', 'mod_fcgid', '0'),
-	('system', 'apacheconf_vhost', '/etc/apache/vhosts.conf'),
-	('system', 'apacheconf_diroptions', '/etc/apache/diroptions.conf'),
-	('system', 'apacheconf_htpasswddir', '/etc/apache/htpasswd/'),
+	('system', 'apacheconf_vhost', '/etc/apache2/sites-enabled/'),
+	('system', 'apacheconf_diroptions', '/etc/apache2/sites-enabled/'),
+	('system', 'apacheconf_htpasswddir', '/etc/apache2/htpasswd/'),
 	('system', 'webalizer_quiet', '2'),
 	('system', 'last_archive_run', '000000'),
 	('system', 'mod_fcgid_configdir', '/var/www/php-fcgi-scripts'),
@@ -503,6 +515,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'mod_fcgid_defaultini_ownvhost', '1'),
 	('system', 'awstats_icons', '/usr/share/awstats/icon/'),
 	('system', 'ssl_cert_chainfile', ''),
+	('system', 'ssl_cipher_list', 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH'),
 	('system', 'nginx_php_backend', '127.0.0.1:8888'),
 	('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
 	('system', 'phpreload_command', ''),
@@ -510,7 +523,9 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'documentroot_use_default_value', '0'),
 	('system', 'passwordcryptfunc', '1'),
 	('system', 'axfrservers', ''),
-	('system', 'customer_ssl_path', '/etc/apache2/ssl/'),
+	('system', 'customer_ssl_path', '/etc/ssl/froxlor-custom/'),
+	('system', 'allow_error_report_admin', '1'),
+	('system', 'allow_error_report_customer', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -538,7 +553,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'phpconfigs_hidestdsubdomain', '0'),
 	('panel', 'allow_theme_change_admin', '1'),
 	('panel', 'allow_theme_change_customer', '1'),
-	('panel', 'version', '0.9.30-rc1');
+	('panel', 'version', '0.9.31.2');


 DROP TABLE IF EXISTS `panel_tasks`;
@@ -738,6 +753,9 @@ CREATE TABLE `panel_phpconfigs` (
  `file_extensions` varchar(255) NOT NULL,
  `mod_fcgid_starter` int(4) NOT NULL DEFAULT '-1',
  `mod_fcgid_maxrequests` int(4) NOT NULL DEFAULT '-1',
+  `fpm_slowlog` tinyint(1) NOT NULL default '0',
+  `fpm_reqterm` varchar(15) NOT NULL default '60s',
+  `fpm_reqslow` varchar(15) NOT NULL default '5s',
  `phpsettings` text NOT NULL,
  PRIMARY KEY  (`id`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -745,7 +763,8 @@ CREATE TABLE `panel_phpconfigs` (


 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
-	(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n');
+(1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n'),
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 16M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n');


 DROP TABLE IF EXISTS `aps_instances`;
@@ -896,25 +915,6 @@ CREATE TABLE IF NOT EXISTS `domain_redirect_codes` (
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


-
-DROP TABLE IF EXISTS `ipsandports_docrootsettings`;
-CREATE TABLE IF NOT EXISTS `ipsandports_docrootsettings` (
-  `id` int(5) NOT NULL auto_increment,
-  `fid` int(11) NOT NULL,
-  `docrootsettings` text NOT NULL,
-  PRIMARY KEY  (`id`)
-) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
-
-
-DROP TABLE IF EXISTS `domain_docrootsettings`;
-CREATE TABLE IF NOT EXISTS `domain_docrootsettings` (
-  `id` int(5) NOT NULL auto_increment,
-  `fid` int(11) NOT NULL,
-  `docrootsettings` text NOT NULL,
-  PRIMARY KEY  (`id`)
-) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
-
-
 DROP TABLE IF EXISTS `domain_ssl_settings`;
 CREATE TABLE IF NOT EXISTS `domain_ssl_settings` (
  `id` int(5) NOT NULL auto_increment,
--- a/install/lib/class.FroxlorInstall.php
+++ b/install/lib/class.FroxlorInstall.php
@@ -207,43 +207,84 @@ class FroxlorInstall {
 		// check for mysql-root-connection
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_mysql']);

-		$db_root = new db(
-				$this->_data['mysql_host'],
-				$this->_data['mysql_root_user'],
-				$this->_data['mysql_root_pass'],
-				''
-		);
-		// ok, if we are here, the database class is build up
-		// (otherwise it would have already die'd this script)
-		$content .= $this->_status_message('green', "OK");
-		// check for existing db
-		$content .= $this->_backupExistingDatabase($db_root);
-		// create unprivileged user and the database itself
-		$content .= $this->_createDatabaseAndUser($db_root);
-		// importing data to new database
-		$content .= $this->_importDatabaseData();
-		// create DB object for new database
-		$db = new db(
-				$this->_data['mysql_host'],
-				$this->_data['mysql_unpriv_user'],
-				$this->_data['mysql_unpriv_pass'],
-				$this->_data['mysql_database']
-		);
-		// change settings accordingly
-		$content .= $this->_doSettings($db);
-		// create entries
-		$content .= $this->_doDataEntries($db);
-		// create config-file
-		$content .= $this->_createUserdataConf($db);
+		$options = array('PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8');
+		$dsn = "mysql:host=".$this->_data['mysql_host'].";";
+		$fatal_fail = false;
+		try {
+			$db_root = new PDO(
+					$dsn, $this->_data['mysql_root_user'], $this->_data['mysql_root_pass'], $options
+			);
+		} catch (PDOException $e) {
+			// possibly without passwd?
+			try {
+				$db_root = new PDO(
+						$dsn, $this->_data['mysql_root_user'], '', $options
+				);
+				// set the given password
+				$passwd_stmt = $db_root->prepare("
+						SET PASSWORD = PASSWORD(:passwd)
+						");
+				$passwd_stmt->execute(array('passwd' => $this->_data['mysql_root_pass']));
+			} catch (PDOException $e) {
+				// nope
+				$content .= $this->_status_message('red', $e->getMessage());
+				$fatal_fail = true;
+			}
+		}
+
+		if (!$fatal_fail) {
+
+			// ok, if we are here, the database connection is up and running
+			$content .= $this->_status_message('green', "OK");
+			// check for existing db and create backup if so
+			$content .= $this->_backupExistingDatabase($db_root);
+			// create unprivileged user and the database itself
+			$content .= $this->_createDatabaseAndUser($db_root);
+			// importing data to new database
+			$content .= $this->_importDatabaseData();
+			// create DB object for new database
+			$options = array('PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8');
+			$dsn = "mysql:host=".$this->_data['mysql_host'].";dbname=".$this->_data['mysql_database'].";";
+			$another_fail = false;
+			try {
+				$db = new PDO(
+						$dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options
+				);
+			} catch (PDOException $e) {
+				// dafuq? this should have happened in _importDatabaseData()
+				$content .= $this->_status_message('red', $e->getMessage());
+				$another_fail = true;
+			};
+
+			if (!$another_fail) {
+				// change settings accordingly
+				$content .= $this->_doSettings($db);
+				// create entries
+				$content .= $this->_doDataEntries($db);
+				$db = null;
+				// create config-file
+				$content .= $this->_createUserdataConf();
+			}
+		}

 		$content .= "</table>";

 		// check if we have unrecoverable errors
-		$navigation = '';
-		$msgcolor = 'green';
-		$message = $this->_lng['install']['froxlor_succ_installed'];
-		$link = '../index.php';
-		$linktext = $this->_lng['click_here_to_login'];
+		if ($fatal_fail || $another_fail) {
+			// D'oh
+			$navigation = '';
+			$msgcolor = 'red';
+			$message = $this->_lng['install']['testing_mysql_fail'];
+			$link = 'install.php';
+			$linktext = $this->_lng['click_here_to_goback'];
+		} else {
+			// all good
+			$navigation = '';
+			$msgcolor = 'green';
+			$message = $this->_lng['install']['froxlor_succ_installed'];
+			$link = '../index.php';
+			$linktext = $this->_lng['click_here_to_login'];
+		}

 		eval("\$navigation .= \"" . $this->_getTemplate("pagebottom") . "\";");

@@ -305,31 +346,42 @@ class FroxlorInstall {
 		$content .= $this->_status_message('begin', $this->_lng['install']['creating_entries']);

 		// and lets insert the default ip and port
-		$query = "INSERT INTO `".TABLE_PANEL_IPSANDPORTS."`
-				SET `ip`= '".$db->escape($this->_data['serverip'])."',
-						`port` = '80',
-						`namevirtualhost_statement` = '1',
-						`vhostcontainer` = '1',
-						`vhostcontainer_servername_statement` = '1'";
-		$db->query($query);
-		$defaultip = $db->insert_id();
+		$stmt = $db->prepare("
+				INSERT INTO `".TABLE_PANEL_IPSANDPORTS."` SET
+				`ip`= :serverip,
+				`port` = '80',
+				`namevirtualhost_statement` = '1',
+				`vhostcontainer` = '1',
+				`vhostcontainer_servername_statement` = '1'
+				");
+		$stmt->execute(array('serverip' => $this->_data['serverip']));
+		$defaultip = $db->lastInsertId();

 		// insert the defaultip
-		$query = "UPDATE `".TABLE_PANEL_SETTINGS."`
-				SET `value` = '".$defaultip."'
-						WHERE `settinggroup` = 'system' AND `varname` = 'defaultip'";
-		$db->query($query);
+		$upd_stmt = $db->prepare("
+				UPDATE `".TABLE_PANEL_SETTINGS."` SET
+				`value` = :defaultip
+				WHERE `settinggroup` = 'system' AND `varname` = 'defaultip'
+				");
+		$upd_stmt->execute(array('defaultip' => $defaultip));

 		$content .= $this->_status_message('green', 'OK');

 		//last but not least create the main admin
 		$content .= $this->_status_message('begin', $this->_lng['install']['adding_admin_user']);
-		$db->query("INSERT INTO `" . TABLE_PANEL_ADMINS . "` SET
-				`loginname` = '" . $db->escape($this->_data['admin_user']) . "',
-				`password` = '" . md5($this->_data['admin_pass1']) . "',
+		$ins_data = array(
+				'loginname' => $this->_data['admin_user'],
+				'password' => md5($this->_data['admin_pass1']),
+				'email' => 'admin@' . $this->_data['servername'],
+				'deflang' => $this->_languages[$this->_activelng]
+		);
+		$ins_stmt = $db->prepare("
+				INSERT INTO `" . TABLE_PANEL_ADMINS . "` SET
+				`loginname` = :loginname,
+				`password` = :password,
 				`name` = 'Froxlor-Administrator',
-				`email` = 'admin@" . $db->escape($this->_data['servername']) . "',
-				`def_language` = '". $db->escape($this->_languages[$this->_activelng]) . "',
+				`email` = :email,
+				`def_language` = :deflang,
 				`customers` = -1,
 				`customers_see_all` = 1,
 				`caneditphpsettings` = 1,
@@ -352,11 +404,29 @@ class FroxlorInstall {
 				`email_autoresponder` = -1
 				");

+		$ins_stmt->execute($ins_data);
+
 		$content .= $this->_status_message('green', 'OK');

 		return $content;
 	}

+	/**
+	 * execute prepared statement to update settings
+	 *
+	 * @param PDOStatement $stmt
+	 * @param string $group
+	 * @param string $varname
+	 * @param string $value
+	 */
+	private function _updateSetting(&$stmt = null, $value = null, $group = null, $varname = null) {
+		$stmt->execute(array(
+				'group' => $group,
+				'varname' => $varname,
+				'value' => $value
+		));
+	}
+
 	/**
 	 * change settings according to users input
 	 *
@@ -369,34 +439,40 @@ class FroxlorInstall {
 		$content = "";

 		$content .= $this->_status_message('begin', $this->_lng['install']['changing_data']);
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = 'admin@" . $db->escape($this->_data['servername']) . "' WHERE `settinggroup` = 'panel' AND `varname` = 'adminmail'");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($this->_data['serverip']) . "' WHERE `settinggroup` = 'system' AND `varname` = 'ipaddress'");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($this->_data['servername']) . "' WHERE `settinggroup` = 'system' AND `varname` = 'hostname'");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($this->_languages[$this->_activelng]) . "' WHERE `settinggroup` = 'panel' AND `varname` = 'standardlanguage'");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($this->_data['mysql_access_host']) . "' WHERE `settinggroup` = 'system' AND `varname` = 'mysql_access_host'");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($this->_data['webserver']) . "' WHERE `settinggroup` = 'system' AND `varname` = 'webserver'");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($this->_data['httpuser']) . "' WHERE `settinggroup` = 'system' AND `varname` = 'httpuser'");
-		$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '" . $db->escape($this->_data['httpgroup']) . "' WHERE `settinggroup` = 'system' AND `varname` = 'httpgroup'");
+		$upd_stmt = $db->prepare("
+				UPDATE `" . TABLE_PANEL_SETTINGS . "` SET
+				`value` = :value
+				WHERE `settinggroup` = :group AND `varname` = :varname
+				");
+
+		$this->_updateSetting($upd_stmt, 'admin@' . $this->_data['servername'], 'panel', 'adminmail');
+		$this->_updateSetting($upd_stmt, $this->_data['serverip'], 'system', 'ipaddress');
+		$this->_updateSetting($upd_stmt, $this->_data['servername'], 'system', 'hostname');
+		$this->_updateSetting($upd_stmt, $this->_languages[$this->_activelng], 'panel', 'standardlanguage');
+		$this->_updateSetting($upd_stmt, $this->_data['mysql_access_host'], 'system', 'mysql_access_host');
+		$this->_updateSetting($upd_stmt, $this->_data['webserver'], 'system', 'webserver');
+		$this->_updateSetting($upd_stmt, $this->_data['httpuser'], 'system', 'httpuser');
+		$this->_updateSetting($upd_stmt, $this->_data['httpgroup'], 'system', 'httpgroup');

 		// necessary changes for webservers != apache2
 		if ($this->_data['webserver'] == "lighttpd") {
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/lighttpd/conf-enabled/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_vhost'");
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/lighttpd/froxlor-diroptions/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_diroptions'");
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/lighttpd/froxlor-htpasswd/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_htpasswddir'");
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/init.d/lighttpd reload' WHERE `settinggroup` = 'system' AND `varname` = 'apachereload_command'");
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/lighttpd/lighttpd.pem' WHERE `settinggroup` = 'system' AND `varname` = 'ssl_cert_file'");
+			$this->_updateSetting($upd_stmt, '/etc/lighttpd/conf-enabled/', 'system', 'apacheconf_vhost');
+			$this->_updateSetting($upd_stmt, '/etc/lighttpd/froxlor-diroptions/', 'system', 'apacheconf_diroptions');
+			$this->_updateSetting($upd_stmt, '/etc/lighttpd/froxlor-htpasswd/', 'system', 'apacheconf_htpasswddir');
+			$this->_updateSetting($upd_stmt, '/etc/init.d/lighttpd reload', 'system', 'apachereload_command');
+			$this->_updateSetting($upd_stmt, '/etc/lighttpd/lighttpd.pem', 'system', 'ssl_cert_file');
+			$this->_updateSetting($upd_stmt, '/var/run/lighttpd/', 'phpfpm', 'fastcgi_ipcdir');
 		} elseif ($this->_data['webserver'] == "nginx") {
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/nginx/sites-enabled/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_vhost'");
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/nginx/sites-enabled/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_diroptions'");
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/nginx/froxlor-htpasswd/' WHERE `settinggroup` = 'system' AND `varname` = 'apacheconf_htpasswddir'");
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/init.d/nginx reload' WHERE `settinggroup` = 'system' AND `varname` = 'apachereload_command'");
-			$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '/etc/nginx/nginx.pem' WHERE `settinggroup` = 'system' AND `varname` = 'ssl_cert_file'");
+			$this->_updateSetting($upd_stmt, '/etc/nginx/sites-enabled/', 'system', 'apacheconf_vhost');
+			$this->_updateSetting($upd_stmt, '/etc/nginx/sites-enabled/', 'system', 'apacheconf_diroptions');
+			$this->_updateSetting($upd_stmt, '/etc/nginx/froxlor-htpasswd/', 'system', 'apacheconf_htpasswddir');
+			$this->_updateSetting($upd_stmt, '/etc/init.d/nginx reload', 'system', 'apachereload_command');
+			$this->_updateSetting($upd_stmt, '/etc/nginx/nginx.pem', 'system', 'ssl_cert_file');
+			$this->_updateSetting($upd_stmt, '/var/run/nginx/', 'phpfpm', 'fastcgi_ipcdir');
 		}

 		// insert the lastcronrun to be the installation date
-		$query = "UPDATE `".TABLE_PANEL_SETTINGS."` SET `value` = UNIX_TIMESTAMP()
-				WHERE `settinggroup` = 'system'  AND `varname` = 'lastcronrun'";
-		$db->query($query);
+		$this->_updateSetting($upd_stmt, time(), 'system', 'lastcronrun');

 		// set specific times for some crons (traffic only at night, etc.)
 		$ts = mktime(0, 0, 0, date('m', time()), date('d', time()), date('Y', time()));
@@ -418,30 +494,41 @@ class FroxlorInstall {
 	 * @return string status messages
 	 */
 	private function _importDatabaseData() {
+
 		$content = "";
-
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_new_db']);
-		$db = new db(
-				$this->_data['mysql_host'],
-				$this->_data['mysql_unpriv_user'],
-				$this->_data['mysql_unpriv_pass'],
-				$this->_data['mysql_database']
-		);
-		$content .= $this->_status_message('green', 'OK');
+		$options = array('PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8');
+		$dsn = "mysql:host=".$this->_data['mysql_host'].";dbname=".$this->_data['mysql_database'].";";
+		$fatal_fail = false;
+		try {
+			$db = new PDO(
+					$dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options
+			);
+		} catch (PDOException $e) {
+			$content .= $this->_status_message('red', $e->getMessage());
+			$fatal_fail = true;
+		};

-		$content .= $this->_status_message('begin', $this->_lng['install']['importing_data']);
-		$db_schema = dirname(dirname(__FILE__)).'/froxlor.sql';
-		$sql_query = @file_get_contents($db_schema);
-		$sql_query = $this->_remove_remarks($sql_query);
-		$sql_query = $this->_split_sql_file($sql_query, ';');
-		for ($i = 0; $i < sizeof($sql_query); $i++) {
-			if (trim($sql_query[$i]) != '') {
-				$result = $db->query($sql_query[$i]);
+		if (!$fatal_fail) {
+
+			$content .= $this->_status_message('green', 'OK');
+
+			$content .= $this->_status_message('begin', $this->_lng['install']['importing_data']);
+			$db_schema = dirname(dirname(__FILE__)).'/froxlor.sql';
+			$sql_query = @file_get_contents($db_schema);
+			$sql_query = $this->_remove_remarks($sql_query);
+			$sql_query = $this->_split_sql_file($sql_query, ';');
+			for ($i = 0; $i < sizeof($sql_query); $i++) {
+				if (trim($sql_query[$i]) != '') {
+					$result = $db->query($sql_query[$i]);
+				}
 			}
-		}
-		$db->close();
+			$db = null;

-		$content .= $this->_status_message('green', 'OK');
+			$content .= $this->_status_message('green', 'OK');
+		}
+
+		return $content;
 	}

 	/**
@@ -458,17 +545,30 @@ class FroxlorInstall {
 		// so first we have to delete the database and
 		// the user given for the unpriv-user if they exit
 		$content .= $this->_status_message('begin', $this->_lng['install']['prepare_db']);
-		$db_root->query("DELETE FROM `mysql`.`user` WHERE `User` = '" . $db_root->escape($this->_data['mysql_unpriv_user']) . "' AND `Host` = '" . $db_root->escape($this->_data['mysql_access_host']) . "'");
-		$db_root->query("DELETE FROM `mysql`.`db` WHERE `User` = '" . $db_root->escape($this->_data['mysql_unpriv_user']) . "' AND `Host` = '" . $db_root->escape($this->_data['mysql_access_host']) . "'");
-		$db_root->query("DELETE FROM `mysql`.`tables_priv` WHERE `User` = '" . $db_root->escape($this->_data['mysql_unpriv_user']) . "' AND `Host` = '" . $db_root->escape($this->_data['mysql_access_host']) . "'");
-		$db_root->query("DELETE FROM `mysql`.`columns_priv` WHERE `User` = '" . $db_root->escape($this->_data['mysql_unpriv_user']) . "' AND `Host` = '" . $db_root->escape($this->_data['mysql_access_host']) . "'");
-		$db_root->query("DROP DATABASE IF EXISTS `" . $db_root->escape(str_replace('`', '', $this->_data['mysql_database'])) . "` ;");
+
+		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`user` WHERE `User` = :user AND `Host` = :accesshost");
+		$del_stmt->execute(array('user' => $this->_data['mysql_unpriv_user'], 'accesshost' => $this->_data['mysql_access_host']));
+
+		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`db` WHERE `User` = :user AND `Host` = :accesshost");
+		$del_stmt->execute(array('user' => $this->_data['mysql_unpriv_user'], 'accesshost' => $this->_data['mysql_access_host']));
+
+		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`tables_priv` WHERE `User` = :user AND `Host` =:accesshost");
+		$del_stmt->execute(array('user' => $this->_data['mysql_unpriv_user'], 'accesshost' => $this->_data['mysql_access_host']));
+
+		$del_stmt = $db_root->prepare("DELETE FROM `mysql`.`columns_priv` WHERE `User` = :user AND `Host` = :accesshost");
+		$del_stmt->execute(array('user' => $this->_data['mysql_unpriv_user'], 'accesshost' => $this->_data['mysql_access_host']));
+
+		$del_stmt = $db_root->prepare("DROP DATABASE IF EXISTS `".str_replace('`', '', $this->_data['mysql_database'])."`;");
+		$del_stmt->execute();
+
 		$db_root->query("FLUSH PRIVILEGES;");
 		$content .= $this->_status_message('green', 'OK');

 		// we have to create a new user and database for the froxlor unprivileged mysql access
 		$content .= $this->_status_message('begin', $this->_lng['install']['create_mysqluser_and_db']);
-		$db_root->query("CREATE DATABASE `" . $db_root->escape(str_replace('`', '', $this->_data['mysql_database'])) . "`");
+		$ins_stmt = $db_root->prepare("CREATE DATABASE `".str_replace('`', '', $this->_data['mysql_database'])."`");
+		$ins_stmt->execute();
+
 		$mysql_access_host_array = array_map('trim', explode(',', $this->_data['mysql_access_host']));

 		if (in_array('127.0.0.1', $mysql_access_host_array)
@@ -485,8 +585,15 @@ class FroxlorInstall {

 		$mysql_access_host_array[] = $this->_data['serverip'];
 		foreach ($mysql_access_host_array as $mysql_access_host) {
-			$db_root->query("GRANT ALL PRIVILEGES ON `" . $db_root->escape(str_replace('`', '', $this->_data['mysql_database'])) . "`.* TO '" . $db_root->escape($this->_data['mysql_unpriv_user']) . "'@'" . $db_root->escape($mysql_access_host) . "' IDENTIFIED BY 'password'");
-			$db_root->query("SET PASSWORD FOR '" . $db_root->escape($this->_data['mysql_unpriv_user']) . "'@'" . $db_root->escape($mysql_access_host) . "' = PASSWORD('" . $db_root->escape($this->_data['mysql_unpriv_pass']) . "')");
+			$_db = str_replace('`', '', $this->_data['mysql_database']);
+			$stmt = $db_root->prepare("
+					GRANT ALL PRIVILEGES ON `" . $_db . "`.*
+					TO :username@:host
+					IDENTIFIED BY 'password'"
+			);
+			$stmt->execute(array("username" => $this->_data['mysql_unpriv_user'], "host" => $mysql_access_host));
+			$stmt = $db_root->prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
+			$stmt->execute(array("username" => $this->_data['mysql_unpriv_user'], "host" => $mysql_access_host, "password" => $this->_data['mysql_unpriv_pass']));
 		}

 		$db_root->query("FLUSH PRIVILEGES;");
@@ -509,11 +616,13 @@ class FroxlorInstall {

 		// check for existing of former database
 		$tables_exist = false;
-		$sql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '".$this->_data['mysql_database']."'";
-		$result = $db_root->query($sql);
+		$sql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = :database";
+		$result_stmt = $db_root->prepare($sql);
+		$result_stmt->execute(array('database' => $this->_data['mysql_database']));
+		$rows = $db_root->query("SELECT FOUND_ROWS()")->fetchColumn();

 		// check result
-		if ($result !== false && $db_root->num_rows($result) > 0) {
+		if ($result_stmt !== false && $rows > 0) {
 			$tables_exist = true;
 		}

@@ -535,7 +644,7 @@ class FroxlorInstall {
 			}

 			if ($do_backup) {
-				$command = $mysql_dump." ".$this->_data['mysql_database']." -u " . $this->_data['mysql_root_user'] . " -password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
+				$command = $mysql_dump." ".$this->_data['mysql_database']." -u " . $this->_data['mysql_root_user'] . " --password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
 				$output = exec($command);
 				if (stristr($output, "error")) {
 					$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
@@ -733,7 +842,7 @@ class FroxlorInstall {
 		// check for correct php version
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpversion']);

-		if (version_compare("5.2.0", PHP_VERSION, ">=")) {
+		if (version_compare("5.3.0", PHP_VERSION, ">=")) {
 			$content .= $this->_status_message('red', $this->_lng['requirements']['notfound'].' ('.PHP_VERSION.')');
 			$_die = true;
 		} else {
@@ -750,11 +859,10 @@ class FroxlorInstall {
 			$content .= $this->_status_message('green', 'off');
 		}

-		// check for mysql-extension
-		// @FIXME mysql extension will soon be deprecated and removed!!!
-		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpmysql']);
+		// check for php_pdo and pdo_mysql
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['phppdo']);

-		if (!extension_loaded('mysql') && !extension_loaded('mysqlnd')) {
+		if (!extension_loaded('pdo') || in_array("mysql", PDO::getAvailableDrivers()) == false) {
 			$content .= $this->_status_message('red', $this->_lng['requirements']['notinstalled']);
 			$_die = true;
 		} else {
@@ -800,6 +908,16 @@ class FroxlorInstall {
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}

+                // check for curl extension
+                $content .= $this->_status_message('begin', $this->_lng['requirements']['phpcurl']);
+
+                if (!extension_loaded('curl')) {
+                        $content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['curldescription']);
+                } else {
+                        $content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+                }
+
+
 		// check for open_basedir
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['openbasedir']);
 		$php_ob = @ini_get("open_basedir");
--- a/install/lng/english.lng.php
+++ b/install/lng/english.lng.php
@@ -23,21 +23,23 @@ $lng['requirements']['not_true'] = 'no';
 $lng['requirements']['notfound'] = 'not found';
 $lng['requirements']['notinstalled'] = 'not installed';
 $lng['requirements']['activated'] = 'enabled';
-$lng['requirements']['phpversion'] = 'PHP version >= 5.2';
+$lng['requirements']['phpversion'] = 'PHP version >= 5.3';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime...';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'PHP setting "magic_quotes_runtime" must be set to "Off". We have disabled it temporary for now please fix the coresponding php.ini.';
-$lng['requirements']['phpmysql'] = 'MySQL-extension...';
+$lng['requirements']['phppdo'] = 'PHP PDO extension and PDO-MySQL driver...';
 $lng['requirements']['phpxml'] = 'PHP XML-extension...';
 $lng['requirements']['phpfilter'] = 'PHP filter-extension...';
 $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
+$lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
+$lng['requirements']['curldescription'] = 'Version-check and news-feed may not work correctly!';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
 $lng['requirements']['froxlor_succ_checks'] = 'All requirements are satisfied';

-$lng['install']['title'] = 'Froxlor install - chose language';
+$lng['install']['lngtitle'] = 'Froxlor install - choose language';
 $lng['install']['language'] = 'Installation language';
 $lng['install']['lngbtn_go'] = 'Change language';
 $lng['install']['title'] = 'Froxlor install - setup';
@@ -64,6 +66,7 @@ $lng['install']['httpuser'] = 'HTTP username';
 $lng['install']['httpgroup'] = 'HTTP groupname';

 $lng['install']['testing_mysql'] = 'Checking MySQL-root access...';
+$lng['install']['testing_mysql_fail'] = 'There seems to be a problem with the database-connection. Cannot continue. Please go back and check your credentials.';
 $lng['install']['backup_old_db'] = 'Creating backup of old database...';
 $lng['install']['backup_binary_missing'] = 'Could not find mysqldump';
 $lng['install']['backup_failed'] = 'Could not backup database';
@@ -80,5 +83,6 @@ $lng['install']['creating_configfile_failed'] = 'Could not create lib/userdata.i
 $lng['install']['froxlor_succ_installed'] = 'Froxlor was installed successfully.';

 $lng['click_here_to_refresh'] = 'Click here to check again';
+$lng['click_here_to_goback'] = 'Click here to go back';
 $lng['click_here_to_continue'] = 'Click here to continue';
 $lng['click_here_to_login'] = 'Click here to login.';
--- a/install/lng/german.lng.php
+++ b/install/lng/german.lng.php
@@ -23,18 +23,20 @@ $lng['requirements']['not_true'] = 'nein';
 $lng['requirements']['notfound'] = 'nicht gefunden';
 $lng['requirements']['notinstalled'] = 'nicht installiert';
 $lng['requirements']['activated'] = 'ist aktiviert.';
-$lng['requirements']['phpversion'] = 'PHP Version >= 5.2';
+$lng['requirements']['phpversion'] = 'PHP Version >= 5.3';
 $lng['requirements']['phpmagic_quotes_runtime'] = 'magic_quotes_runtime';
 $lng['requirements']['phpmagic_quotes_runtime_description'] = 'Die PHP Einstellung "magic_quotes_runtime" muss deaktiviert sein ("Off"). Die Einstellung wurde temporär deaktiviert, bitte ändern Sie diese in der entsprechenden php.ini.';
-$lng['requirements']['phpmysql'] = 'PHP MySQL-Erweiterung...';
+$lng['requirements']['phppdo'] = 'PHP PDO Erweiterung und PDO-MySQL Treiber...';
 $lng['requirements']['phpxml'] = 'PHP XML-Erweiterung...';
 $lng['requirements']['phpfilter'] = 'PHP filter-Erweiterung...';
 $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
+$lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['curldescription'] = 'Versions-Prüfung und News-Feed stehen nicht vollständig zur Verfügung!';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
-$lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Versuchen Sie die angezeigten Problem zu beheben und versuchen Sie es erneut.';
+$lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';
 $lng['requirements']['froxlor_succ_checks'] = 'Alle Vorraussetzungen sind erfüllt';

 $lng['install']['lngtitle'] = 'Froxlor Installation - Sprache auswählen';
@@ -64,6 +66,7 @@ $lng['install']['httpuser'] = 'HTTP Username';
 $lng['install']['httpgroup'] = 'HTTP Gruppenname';

 $lng['install']['testing_mysql'] = 'Teste MySQL-Root Zugang...';
+$lng['install']['testing_mysql_fail'] = 'Bei der Verwendung der Datenbank gibt es scheinbar Probleme. Installation kann nicht fortgesetzt werden. Bitte Zugangsdaten prüfen und erneut versuchen.';
 $lng['install']['backup_old_db'] = 'Sicherung vorheriger Datenbank...';
 $lng['install']['backup_binary_missing'] = 'Konnte mysqldump nicht finden';
 $lng['install']['backup_failed'] = 'Sicherung fehlgeschlagen';
@@ -80,5 +83,6 @@ $lng['install']['creating_configfile_failed'] = 'Konnte lib/userdata.inc.php nic
 $lng['install']['froxlor_succ_installed'] = 'Froxlor wurde erfolgreich installiert.';

 $lng['click_here_to_refresh'] = 'Hier klicken, um erneut zu prüfen';
+$lng['click_here_to_goback'] = 'Einen Schritt zurück';
 $lng['click_here_to_continue'] = 'Installation fortführen';
 $lng['click_here_to_login'] = 'Hier geht es weiter zum Login-Fenster.';
--- a/install/scripts/htpasswd-htaccess-remover.php
+++ b/install/scripts/htpasswd-htaccess-remover.php
@@ -1,106 +0,0 @@
-<?php
-
-/**
- * This file is part of the SysCP project.
- * Copyright (c) 2003-2007 the SysCP Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.syscp.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Michael Duergner <michael@duergner.com>
- * @license    GPLv2 http://files.syscp.org/misc/COPYING.txt
- * @package    System
- *
- */
-
-if(@php_sapi_name() != 'cli'
-   && @php_sapi_name() != 'cgi'
-   && @php_sapi_name() != 'cgi-fcgi')
-{
-	die('This script will only work in the shell.');
-}
-
-$pathtophpfiles = '/var/www/syscp';
-$filename = 'htpasswd-htaccess-remover.php';
-
-/**
- * Includes the Usersettings eg. MySQL-Username/Passwort etc.
- */
-
-require ("$pathtophpfiles/lib/userdata.inc.php");
-
-/**
- * Includes the MySQL-Tabledefinitions etc.
- */
-
-require ("$pathtophpfiles/lib/tables.inc.php");
-
-/**
- * Includes the MySQL-Connection-Class
- */
-
-require ("$pathtophpfiles/lib/class_mysqldb.php");
-$debugMsg[] = 'Database Class has been loaded';
-$db = new db($sql['host'], $sql['user'], $sql['password'], $sql['db']);
-$db_root = new db($sql['host'], $sql['root_user'], $sql['root_password'], '');
-
-if($db->link_id == 0
-   || $db_root->link_id == 0)
-{
-	/**
-	 * Do not proceed further if no database connection could be established (either normal or root)
-	 */
-
-	die('Cant connect to mysqlserver. Please check userdata.inc.php! Exiting...');
-}
-
-unset($sql['password']);
-unset($db->password);
-$result = $db->query("SELECT `settingid`, `settinggroup`, `varname`, `value` FROM `" . TABLE_PANEL_SETTINGS . "`");
-
-while($row = $db->fetch_array($result))
-{
-	$settings["$row[settinggroup]"]["$row[varname]"] = $row['value'];
-}
-
-unset($row);
-unset($result);
-
-if(!isset($settings['panel']['version'])
-   || $settings['panel']['version'] != $version)
-{
-	/**
-	 * Do not proceed further if the Database version is not the same as the script version
-	 */
-
-	die('Version of File doesnt match Version of Database. Exiting...');
-}
-
-/**
- * Includes the Functions
- */
-
-require ("$pathtophpfiles/lib/functions.php");
-$result = $db->query('SELECT * FROM `' . TABLE_PANEL_HTACCESS . '` ');
-
-while($row = $db->fetch_array($result))
-{
-	if(file_exists($row['path'] . '.htaccess'))
-	{
-		unlink($row['path'] . '.htaccess');
-	}
-}
-
-$result = $db->query('SELECT * FROM `' . TABLE_PANEL_HTPASSWDS . '` ');
-
-while($row = $db->fetch_array($result))
-{
-	if(file_exists($row['path'] . '.htpasswd'))
-	{
-		unlink($row['path'] . '.htpasswd');
-	}
-}
-
-?>
--- a/install/scripts/language-check.php
+++ b/install/scripts/language-check.php
@@ -16,46 +16,39 @@
 */

 // some configs
-
 $baseLanguage = 'english.lng.php';

 // Check if we're in the CLI
-
-if(@php_sapi_name() != 'cli')
-{
+if(@php_sapi_name() != 'cli'
+   && @php_sapi_name() != 'cgi'
+   && @php_sapi_name() != 'cgi-fcgi'
+) {
 	die('This script will only work in the shell.');
 }

 // Check argument count
-
-if(sizeof($argv) != 2)
-{
+if (sizeof($argv) != 2) {
 	print_help($argv);
 	exit;
 }

 // Load the contents of the given path
-
 $path = $argv[1];
 $files = array();

-if($dh = opendir($path))
-{
-	while(false !== ($file = readdir($dh)))
-	{
-		if($file != "."
+if ($dh = opendir($path)) {
+	while (false !== ($file = readdir($dh))) {
+		if ($file != "."
 		   && $file != ".."
 		   && !is_dir($file)
-		   && preg_match('/(.+)\.lng\.php/i', $file))
-		{
+		   && preg_match('/(.+)\.lng\.php/i', $file)
+		) {
 			$files[$file] = str_replace('//', '/', $path . '/' . $file);
 		}
 	}

 	closedir($dh);
-}
-else
-{
+} else {
 	print "ERROR: The path you requested cannot be read! \n ";
 	print "\n";
 	print_help();
@@ -63,9 +56,7 @@ else
 }

 // check if there is the default language defined
-
-if(!isset($files[$baseLanguage]))
-{
+if (!isset($files[$baseLanguage])) {
 	print "ERROR: The baselanguage cannot be found! \n";
 	print "\n";
 	print_help();
@@ -73,49 +64,40 @@ if(!isset($files[$baseLanguage]))
 }

 // import the baselanguage
-
 $base = import($files[$baseLanguage]);

 // and unset it in the files, because we don't need to compare base to base
-
 unset($files[$baseLanguage]);

 // compare each language with the baselanguage
-
-foreach($files as $key => $file)
-{
+foreach ($files as $key => $file) {
 	$comp = import($file);
+
 	print "\n\nComparing " . $baseLanguage . " to " . $key . "\n";
 	$result = compare($base, $comp);

-	if(is_array($result)
-	   && sizeof($result) > 0)
-	{
+	if (is_array($result)
+	   && sizeof($result) > 0
+	) {
 		print "  found missing strings: \n";
-		foreach($result as $value)
-		{
+		foreach ($result as $value) {
 			print "    " . $value . "\n";
 		}
-	}
-	else
-	{
+	} else {
 		print "   no missing strings found! \n ";
 	}

 	print "\nReverse Checking " . $key . " to " . $baseLanguage . "\n";
 	$result = compare($comp, $base);

-	if(is_array($result)
-	   && sizeof($result) > 0)
-	{
+	if (is_array($result)
+	   && sizeof($result) > 0
+	) {
 		print "  found strings not in basefile: \n";
-		foreach($result as $key => $value)
-		{
+		foreach ($result as $key => $value) {
 			print "    " . $value . "\n";
 		}
-	}
-	else
-	{
+	} else {
 		print "   There are no strings which are not in the basefile! \n ";
 	}
 }
@@ -129,56 +111,45 @@ foreach($files as $key => $file)
 *
 * @param  array  $argv
 */
-
-function print_help($argv)
-{
+function print_help($argv) {
 	print "Usage: php " . $argv[0] . " /PATH/TO/LNG \n";
 	print " \n ";
 }

-function import($file)
-{
+function import($file) {
+
 	$input = file($file);
 	$return = array();
-	foreach($input as $key => $value)
-	{
-		if(!preg_match('/^\$/', $value))
-		{
-			unset($input[$key]);
-		}
-		else
-		{
-			// generate the key

+	foreach ($input as $key => $value) {
+
+		if (!preg_match('/^\$/', $value)) {
+			unset($input[$key]);
+		} else {
+			// generate the key
 			$key = preg_replace('/^\$lng\[\'(.*)=(.*)$/U', '\\1', $value);
 			$key = str_replace('[\'', '/', $key);
 			$key = trim(str_replace('\']', '', $key));

 			//generate the value
-
 			$value = trim($value);

 			// set the result
-
 			$return[$key] = $value;
 		}
 	}
-
 	return $return;
 }

-function compare($array1, $array2)
-{
+function compare($array1, $array2) {
+
 	$result = array();
-	foreach($array1 as $key => $value)
-	{
-		if(!isset($array2[$key]))
-		{
+
+	foreach ($array1 as $key => $value) {
+
+		if (!isset($array2[$key])) {
 			$result[$key] = $value;
 		}
 	}
-
 	return $result;
 }
-
-?>
--- a/install/templates/assets/css/install.css
+++ b/install/templates/assets/css/install.css
@@ -131,9 +131,8 @@ p {

 .installsec label {
 	float:left;
-	width:26em;
-	margin-right:1em;
-	margin-top:6px;
+	margin-right:0;
+	margin-top:8px;
 	text-align:left;
 }

@@ -420,6 +419,7 @@ input {
 	height:22px;
 	border: 1px solid #d9d9d9;
 	margin-bottom: 5px;
+	border-radius: 3px;
 }

 textarea {
@@ -427,70 +427,73 @@ textarea {
 	padding:4px 4px 2px 24px;
 	border:1px solid #d9d9d9;
 	margin-bottom: 5px;
+	border-radius: 3px;
 }

 input[type="password"] {
 	background:#fff url(../img/password.png) no-repeat 5px 4px;
 }

+/*
+ *  BUTTONS
+ */
 input[type="button"],input[type="submit"],input[type="reset"] {
-	background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #79bbff), color-stop(1, #378de5) );
-	background:-moz-linear-gradient( center top, #79bbff 5%, #378de5 100% );
-	filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#79bbff', endColorstr='#378de5');
-	background-color:#79bbff;
-	-moz-border-radius:5px;
-	-webkit-border-radius:5px;
-	border-radius:5px;
-	display:inline-block;
-	color:#ffffff;
-	padding:2px 24px 2px 24px;
-	text-decoration:none;
-	text-shadow:1px 1px 0px #528ecc;
+	margin: 0 5px;
+	padding: 5px 14px;
+	outline: 0;
+	border: 0;
+	background-color: #eee;
+	min-width: 80px;
 	height: 26px;
-	margin: 0 3px 0 3px;
+	background-image: none;
+	border-width: 0px;
+}
+.loginsec input[type="button"], .loginsec input[type="submit"], .loginsec input[type="reset"] {
+	margin: 0 1px;
 }
 input[type="button"]:hover,input[type="submit"]:hover,input[type="reset"]:hover {
-	background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #378de5), color-stop(1, #79bbff) );
-	background:-moz-linear-gradient( center top, #378de5 5%, #79bbff 100% );
-	filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#378de5', endColorstr='#79bbff');
-	background-color:#378de5;
+    color: #333;
+    background-color: #dcdcdc;
+}
+input[type="button"]:active,input[type="submit"]:active,input[type="reset"]:active {
+    -webkit-box-shadow: inset 0 1px 8px rgba(0, 0, 0, 0.25);
+    -moz-box-shadow: inset 0 1px 8px rgba(0, 0, 0, 0.25);
+    box-shadow: inset 0 1px 8px rgba(0, 0, 0, 0.25);
+    color: white !important;
 }
-
 input[type="submit"],input[class="yesbutton"] {
-	background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #9dce2c), color-stop(1, #8cb82b) );
-	background:-moz-linear-gradient( center top, #9dce2c 5%, #8cb82b 100% );
-	filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#9dce2c', endColorstr='#8cb82b');
-	background-color:#9dce2c;
-	text-shadow:1px 1px 0px #aade7c;
+    color: white;
+    background-color: #35aa47;
 }
 input[type="submit"]:hover,input[class="yesbutton"]:hover {
-	background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #8cb82b), color-stop(1, #9dce2c) );
-	background:-moz-linear-gradient( center top, #8cb82b 5%, #9dce2c 100% );
-	filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#8cb82b', endColorstr='#9dce2c');
-	background-color:#8cb82b;
+	color: white;
+    background-color: #1d943b;
+}
+input[class="submit"]:active,input[class="yesbutton"]:active {
+	background-color: #35aa47;
 }
-
 input[class="nobutton"],input[type="reset"] {
-	background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #fe1a00), color-stop(1, #ce0100) );
-	background:-moz-linear-gradient( center top, #fe1a00 5%, #ce0100 100% );
-	filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fe1a00', endColorstr='#ce0100');
-	background-color:#fe1a00;
-	text-shadow:1px 1px 0px #b23e35;
+    color: white;
+    background-color: #d84a38;
 }
 input[class="nobutton"]:hover,input[type="reset"]:hover {
-	background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #ce0100), color-stop(1, #fe1a00) );
-	background:-moz-linear-gradient( center top, #ce0100 5%, #fe1a00 100% );
-	filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ce0100', endColorstr='#fe1a00');
-	background-color:#ce0100;
+	color: white;
+    background-color: #c53727;
 }
+input[class="nobutton"]:active,input[type="reset"]:active {
+    background-color: #dd4b39;
+}
+

 input[type="checkbox"] {
 	background:#dae7ee;
 	padding: 0;
-	margin: 0 20px 0 0;
+	margin: 0 5px 0 0;
+	vertical-align: middle;
+	height: 26px;
 }

-input[type="radio"] { /*the span element that immediately follow the radio button */
+input[type="radio"] {
 	margin: 0 10px 0 10px;
 	height:22px;
 }
@@ -500,6 +503,18 @@ select {
 	padding:4px;
 	border:1px solid #d9d9d9;
 	margin-bottom: 5px;
+	min-width: 100px;
+}
+select.dropdown {
+	padding: 2px 4px 2px 24px;
+	height: 26px;
+	border: 1px solid #d9d9d9;
+	margin-bottom: 5px;
+	border-radius: 3px;
+	background: url(../../../../templates/Sparkle/assets/img/icons/down.png) no-repeat 9px;
+	-webkit-appearance: none;
+    -moz-appearance: none;
+    appearance: none;
 }

 .maintable {
@@ -528,4 +543,14 @@ select {
 	display:block;
 	margin-bottom:.5em;
 	font-size:120%;
+}
+.installprogress {
+	width: 100%;
+	background-color:#e4e4e4;
+	height:5px;
+	border-bottom:1px solid #d1d5d8;
+}
+.installprogress .bar {
+	background-color: #35aa47;
+	height:5px;
 }
--- a/install/templates/lngform.tpl
+++ b/install/templates/lngform.tpl
@@ -1,14 +1,20 @@
 		<form action="{$formaction}" method="get">
 			<fieldset>
 				<legend>{$this->_lng['install']['lngtitle']}</legend>
-				<p>
-					<label for="language">{$this->_lng['install']['language']}:</label>&nbsp;
-					<select name="language" id="language">
-						{$language_options}
-					</select>
-					<input type="hidden" name="check" value="1" />
-					<input type="submit" name="chooselang" value="{$this->_lng['install']['lngbtn_go']}" />
-				</p>
+				<table class="noborder">
+					<tr>
+						<td>
+							<label for="language">{$this->_lng['install']['language']}:</label>
+						</td>
+						<td align="right">
+							<select name="language" id="language" class="dropdown">
+								{$language_options}
+							</select>
+							<input type="hidden" name="check" value="1" />
+							<input type="submit" name="chooselang" value="{$this->_lng['install']['lngbtn_go']}" />
+						</td>
+					</tr>
+				</table>
 			</fieldset>
 		</form>
 		<hr class="line">
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
--- a/install/updates/froxlor/upgrade_syscp.inc.php
+++ b/install/updates/froxlor/upgrade_syscp.inc.php
@@ -22,7 +22,9 @@ showUpdateStep("Upgrading SysCP ".$settings['panel']['version']." to Froxlor ".
 updateToVersion($updateto);

 // add field frontend
-$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('panel','frontend','".$frontend."')");
+Database::query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` SET
+	`settinggroup` = 'panel',
+	`varname` = 'frontend',
+	`value` = 'froxlor'"
+);
 $settings['panel']['frontend'] = $frontend;
-
-?>
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -26,7 +26,7 @@
 */
 function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 {
-	global $settings, $lng, $db, $theme;
+	global $settings, $lng;

 	if(versionInUpdate($current_version, '0.9.4-svn2'))
 	{
@@ -127,10 +127,9 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)

 	if(versionInUpdate($current_version, '0.9.7-svn2'))
 	{
-		$result = $db->query("SELECT `domain` FROM " . TABLE_PANEL_DOMAINS . " WHERE `documentroot` LIKE '%:%' AND `documentroot` NOT LIKE 'http://%' AND `openbasedir_path` = '0' AND `openbasedir` = '1'");
+		$result = Database::query("SELECT `domain` FROM " . TABLE_PANEL_DOMAINS . " WHERE `documentroot` LIKE '%:%' AND `documentroot` NOT LIKE 'http://%' AND `openbasedir_path` = '0' AND `openbasedir` = '1'");
 		$wrongOpenBasedirDomain = array();
-		while($row = $db->fetch_array($result))
-		{
+		while($row = $result->fetch(PDO::FETCH_ASSOC)) {
 			$wrongOpenBasedirDomain[] = $row['domain'];
 		}

@@ -164,7 +163,9 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 		$has_nouser = false;
 		$has_nogroup = false;

-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpuser'");
+		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpuser'");
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
 		if(!isset($result) || !isset($result['value']))
 		{
 			$has_preconfig = true;
@@ -178,7 +179,9 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 			}
 		}

-		$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpgroup'");
+		$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'system' AND `varname` = 'httpgroup'");
+		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
 		if(!isset($result) || !isset($result['value']))
 		{
 			$has_preconfig = true;
@@ -538,7 +541,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 		$has_preconfig = true;
 		$description  = 'As customers can now specify ssl-certificate data for their domains, you need to specify where the generated files are stored<br />';
 		$question = '<strong>Specify the directory for customer ssl-certificates:</strong>&nbsp;';
-		$question.= '<input type="text" class="text" name="system_customersslpath" value="/etc/apache2/ssl/" />';
+		$question.= '<input type="text" class="text" name="system_customersslpath" value="/etc/ssl/froxlor-custom/" />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}

@@ -558,7 +561,7 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 			$has_preconfig = true;
 			$description  = 'The PHP-FPM implementation for apache2 has changed. Please look for the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) within /etc/apache2/ and change it as shown below:<br /><br />';
 			$description .= '<pre style="width:500px;border:1px solid #ccc;padding:4px;">&lt;IfModule mod_fastcgi.c&gt;
-    FastCgiIpcDir /var/run/apache2/
+    FastCgiIpcDir /var/lib/apache2/fastcgi/
    &lt;Location "/fastcgiphp"&gt;
        Order Deny,Allow
        Deny from All
@@ -570,4 +573,41 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version)
 			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 		}
 	}
+
+	if (versionInUpdate($current_version, '0.9.31-dev2')) {
+		if ($settings['system']['webserver'] == 'apache2'
+				&& $settings['phpfpm']['enabled'] == '1'
+		) {
+			$has_preconfig = true;
+			$description  = 'The FPM socket directory is now a setting in froxlor. Its default is <b>/var/lib/apache2/fastcgi/</b>.<br/>If you are using <b>/var/run/apache2</b> in the "<b>fastcgi.conf</b>" (Debian/Ubuntu) or "<b>70_fastcgi.conf</b>" (Gentoo) please correct this path accordingly<br />';
+			$question = '';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_version, '0.9.31-dev4')) {
+		$has_preconfig = true;
+		$description  = 'The template-variable {PASSWORD} has been replaced with {LINK}. Please update your password reset templates!<br />';
+		$question = '';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_version, '0.9.31-dev5')) {
+		$has_preconfig = true;
+		$description  = 'You can enable/disable error-reporting for admins and customers!<br /><br />';
+		$question = '<strong>Do you want to enable error-reporting for admins? (default: yes):</strong>&nbsp;';
+		$question.= makeyesno('update_error_report_admin', '1', '0', '1').'<br />';
+		$question.= '<strong>Do you want to enable error-reporting for customers? (default: no):</strong>&nbsp;';
+		$question.= makeyesno('update_error_report_customer', '1', '0', '0');
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_version, '0.9.31-rc2')) {
+		$has_preconfig = true;
+		$description  = 'You can enable/disable the display/usage of the news-feed for admins<br /><br />';
+		$question = '<strong>Do you want to enable the news-feed for admins? (default: yes):</strong>&nbsp;';
+		$question.= makeyesno('update_admin_news_feed', '1', '0', '1').'<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
 }
--- a/install/updates/syscp/1.0/update_1.0.10_1.2-beta1.inc.php
+++ b/install/updates/syscp/1.0/update_1.0.10_1.2-beta1.inc.php
@@ -1,82 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Florian Lippert <flo@syscp.org> (2003-2009)
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Install
- *
- */
-
-/**
- * We need those defines, because the tables.inc.php doesn't have them.
- */
-
-define('TABLE_POSTFIX_TRANSPORT', 'postfix_transport');
-define('TABLE_POSTFIX_USERS', 'postfix_users');
-define('TABLE_POSTFIX_VIRTUAL', 'postfix_virtual');
-define('TABLE_PROFTPD_GROUPS', 'proftpd_groups');
-define('TABLE_PROFTPD_USERS', 'proftpd_users');
-
-if($settings['panel']['version'] == '1.0.10')
-{
-	// Drop/Rename postfix_ tables
-
-	$db->query("DROP TABLE IF EXISTS `" . TABLE_POSTFIX_TRANSPORT . "`");
-	$db->query("ALTER TABLE `" . TABLE_POSTFIX_USERS . "` RENAME `" . TABLE_MAIL_USERS . "` ");
-	$db->query("ALTER TABLE `" . TABLE_POSTFIX_VIRTUAL . "` RENAME `" . TABLE_MAIL_VIRTUAL . "` ");
-
-	// Rename proftpd_ tables
-
-	$db->query("ALTER TABLE `" . TABLE_PROFTPD_USERS . "` RENAME `" . TABLE_FTP_USERS . "` ");
-	$db->query("ALTER TABLE `" . TABLE_PROFTPD_GROUPS . "` RENAME `" . TABLE_FTP_GROUPS . "` ");
-
-	// Adding tables
-
-	$db->query("DROP TABLE IF EXISTS `" . TABLE_PANEL_HTACCESS . "`;");
-	$db->query("CREATE TABLE `" . TABLE_PANEL_HTACCESS . "` (" . "  `id` int(11) unsigned NOT NULL auto_increment," . "  `customerid` int(11) unsigned NOT NULL default '0'," . "  `path` varchar(255) NOT NULL default ''," . "  `options_indexes` tinyint(1) NOT NULL default '0'," . "  PRIMARY KEY  (`id`)" . ") ENGINE=MyISAM ;");
-	$db->query("DROP TABLE IF EXISTS `" . TABLE_PANEL_ADMINS . "`;");
-	$db->query("CREATE TABLE `" . TABLE_PANEL_ADMINS . "` (" . "  `adminid` int(11) unsigned NOT NULL auto_increment," . "  `loginname` varchar(50) NOT NULL default ''," . "  `password` varchar(50) NOT NULL default ''," . "  `name` varchar(255) NOT NULL default ''," . "  `email` varchar(255) NOT NULL default ''," . "  `customers` int(15) NOT NULL default '0'," . "  `customers_used` int(15) NOT NULL default '0'," . "  `customers_see_all` tinyint(1) NOT NULL default '0'," . "  `domains` int(15) NOT NULL default '0'," . "  `domains_used` int(15) NOT NULL default '0'," . "  `domains_see_all` tinyint(1) NOT NULL default '0'," . "  `change_serversettings` tinyint(1) NOT NULL default '0'," . "  `diskspace` int(15) NOT NULL default '0'," . "  `diskspace_used` int(15) NOT NULL default '0'," . "  `mysqls` int(15) NOT NULL default '0'," . "  `mysqls_used` int(15) NOT NULL default '0'," . "  `emails` int(15) NOT NULL default '0'," . "  `emails_used` int(15) NOT NULL default '0'," . "  `email_forwarders` int(15) NOT NULL default '0'," . "  `email_forwarders_used` int(15) NOT NULL default '0'," . "  `ftps` int(15) NOT NULL default '0'," . "  `ftps_used` int(15) NOT NULL default '0'," . "  `subdomains` int(15) NOT NULL default '0'," . "  `subdomains_used` int(15) NOT NULL default '0'," . "  `traffic` int(15) NOT NULL default '0'," . "  `traffic_used` int(15) NOT NULL default '0'," . "  `deactivated` tinyint(1) NOT NULL default '0'," . "  `lastlogin_succ` int(11) unsigned NOT NULL default '0'," . "  `lastlogin_fail` int(11) unsigned NOT NULL default '0'," . "  `loginfail_count` int(11) unsigned NOT NULL default '0'," . "   PRIMARY KEY  (`adminid`)" . ") ENGINE=MyISAM ;");
-
-	// Insert Admin user
-
-	if(!isset($adminusername)
-	   || $adminusername == '')
-	{
-		$adminusername = 'admin';
-		$adminpassword = 'admin';
-	}
-
-	$db->query("INSERT INTO `" . TABLE_PANEL_ADMINS . "` (`loginname`, `password`, `name`, `email`, `customers`, `customers_used`, `customers_see_all`, `domains`, `domains_used`, `domains_see_all`, `change_serversettings`, `diskspace`, `diskspace_used`, `mysqls`, `mysqls_used`, `emails`, `emails_used`, `email_forwarders`, `email_forwarders_used`, `ftps`, `ftps_used`, `subdomains`, `subdomains_used`, `traffic`, `traffic_used`, `deactivated`) VALUES ('" . $db->escape($adminusername) . "', '" . md5($adminpassword) . "', 'Siteadmin', 'admin@servername', -1, 0, 1, -1, 0, 1, 1, -1024, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1048576, 0, 0);");
-
-	// Alter Tables
-
-	$db->query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `adminid` INT( 11 ) UNSIGNED NOT NULL ," . "ADD `lastlogin_succ` INT( 11 ) UNSIGNED NOT NULL ," . "ADD `lastlogin_fail` INT( 11 ) UNSIGNED NOT NULL ," . "ADD `loginfail_count` INT( 11 ) UNSIGNED NOT NULL ;");
-	$db->query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD INDEX ( `adminid` ) ;");
-	$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `adminid` = '1'");
-	$db->query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `adminid` INT( 11 ) UNSIGNED NOT NULL ," . "ADD `iswildcarddomain` TINYINT( 1 ) NOT NULL ," . "ADD `speciallogfile` TINYINT( 1 ) NOT NULL ;");
-	$db->query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD INDEX ( `adminid` ) ;");
-	$db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `adminid` = '1'");
-	$db->query("ALTER TABLE `" . TABLE_PANEL_SESSIONS . "` CHANGE `customerid` `userid` INT( 11 ) UNSIGNED DEFAULT '0' NOT NULL ");
-	$db->query("ALTER TABLE `" . TABLE_MAIL_USERS . "` CHANGE `password` `password_enc` VARCHAR( 128 ) NOT NULL ");
-	$db->query("ALTER TABLE `" . TABLE_MAIL_USERS . "` ADD `password` VARCHAR( 128 ) NOT NULL AFTER `email` ;");
-	$db->query("INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (24, 'login', 'maxloginattempts', '3');");
-	$db->query("INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (25, 'login', 'deactivatetime', '900');");
-	$db->query("INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (26, 'panel', 'webmail_url', '');");
-	$db->query("INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (27, 'panel', 'webftp_url', '');");
-	$db->query("INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (28, 'panel', 'standardlanguage', 'german');");
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `varname`='ipaddress' WHERE `settinggroup`='system' AND `varname`='ipadress'");
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.2.0' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.2.0';
-}
-
-?>
--- a/install/updates/syscp/1.0/update_1.0_1.0.10.inc.php
+++ b/install/updates/syscp/1.0/update_1.0_1.0.10.inc.php
@@ -1,132 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Florian Lippert <flo@syscp.org> (2003-2009)
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Install
- *
- */
-
-define('TABLE_POSTFIX_TRANSPORT', 'postfix_transport');
-define('TABLE_POSTFIX_USERS', 'postfix_users');
-define('TABLE_POSTFIX_VIRTUAL', 'postfix_virtual');
-define('TABLE_PROFTPD_GROUPS', 'proftpd_groups');
-define('TABLE_PROFTPD_USERS', 'proftpd_users');
-
-if(!isset($settings['panel']['version']))
-{
-	$settings['panel']['version'] = '1.0.0';
-}
-
-if($settings['panel']['version'] == '1.0.0')
-{
-	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '1.0.1')");
-	$db->query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `openbasedir` TINYINT( 1 ) NOT NULL , ADD `safemode` TINYINT( 1 ) NOT NULL");
-	$db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `openbasedir`='1', `safemode`='1'");
-	$settings['panel']['version'] = '1.0.1';
-}
-
-if($settings['panel']['version'] == '1.0.1')
-{
-	$db->query("ALTER TABLE `" . TABLE_POSTFIX_USERS . "` ADD `domainid` INT( 11 ) NOT NULL AFTER `postfix`");
-	$db->query("ALTER TABLE `" . TABLE_POSTFIX_VIRTUAL . "` ADD `domainid` INT( 11 ) NOT NULL AFTER `destination`");
-	$result = $db->query("SELECT `id`, `domain` FROM `" . TABLE_PANEL_DOMAINS . "`");
-
-	while($row = $db->fetch_array($result))
-	{
-		$db->query("UPDATE `" . TABLE_POSTFIX_USERS . "` SET `domainid`='" . (int)$row['id'] . "' WHERE `email` LIKE '%@" . $db->escape($row['domain']) . "'");
-		$db->query("UPDATE `" . TABLE_POSTFIX_VIRTUAL . "` SET `domainid`='" . (int)$row['id'] . "' WHERE `email` LIKE '%@" . $db->escape($row['domain']) . "'");
-	}
-
-	$db->query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `createstdsubdomain` TINYINT( 1 ) NOT NULL AFTER `documentroot`");
-	inserttask('1');
-	inserttask('4');
-	$hostname = explode('@', $settings['panel']['adminmail']);
-	$hostname = $hostname[1];
-	$db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (23, 'system', 'hostname', '" . $db->escape($hostname) . "')");
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.2' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.2';
-}
-
-if($settings['panel']['version'] == '1.0.2')
-{
-	$db->query("ALTER TABLE `" . TABLE_PANEL_SESSIONS . "` ADD `language` VARCHAR( 64 ) NOT NULL AFTER `lastactivity` ;");
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.3' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.3';
-}
-
-if($settings['panel']['version'] == '1.0.3')
-{
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.4' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.4';
-}
-
-if($settings['panel']['version'] == '1.0.4')
-{
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.5' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.5';
-}
-
-if($settings['panel']['version'] == '1.0.5')
-{
-	$db->query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `deactivated` TINYINT( 1 ) NOT NULL ;");
-	$db->query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `deactivated` TINYINT( 1 ) NOT NULL ;");
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.6' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.6';
-}
-
-if($settings['panel']['version'] == '1.0.6')
-{
-	$db->query("ALTER TABLE `" . TABLE_POSTFIX_VIRTUAL . "` ADD `popaccountid` INT( 11 ) NOT NULL ;");
-	$result = $db->query("SELECT `id`, `email` FROM `" . TABLE_POSTFIX_USERS . "`");
-
-	while($row = $db->fetch_array($result))
-	{
-		$db->query("UPDATE `" . TABLE_POSTFIX_VIRTUAL . "` SET `popaccountid`='" . (int)$row['id'] . "' WHERE `email` = '" . $db->escape(str_replace($settings['email']['catchallkeyword'], '', $row['email'])) . "' AND `destination` = '" . $db->escape($row['email']) . "'");
-	}
-
-	$result = $db->query("SELECT `id`, `email`, `destination` FROM `" . TABLE_POSTFIX_VIRTUAL . "` WHERE `popaccountid` = '0'");
-
-	while($row = $db->fetch_array($result))
-	{
-		if(str_replace($settings['email']['catchallkeyword'], '', $row['email']) != $row['email'])
-		{
-			$db->query("UPDATE `" . TABLE_POSTFIX_VIRTUAL . "` SET `email` = '" . $db->escape(str_replace($settings['email']['catchallkeyword'], '', $row['email'])) . "' WHERE `id` = '" . (int)$row['id'] . "'");
-		}
-	}
-
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.7' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.7';
-}
-
-if($settings['panel']['version'] == '1.0.7')
-{
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.8' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.8';
-}
-
-if($settings['panel']['version'] == '1.0.8')
-{
-	$db->query("ALTER TABLE `" . TABLE_PANEL_DATABASES . "` DROP `password` ;");
-	$db->query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `specialsettings` TEXT NOT NULL AFTER `safemode` ;");
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.9' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.9';
-}
-
-if($settings['panel']['version'] == '1.0.9')
-{
-	$db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value`='1.0.10' WHERE `settinggroup`='panel' AND `varname`='version'");
-	$settings['panel']['version'] = '1.0.10';
-}
-
-?>
--- a/install/updates/syscp/1.2/update_1.2-beta1_1.2.19.inc.php
+++ b/install/updates/syscp/1.2/update_1.2-beta1_1.2.19.inc.php
--- a/install/updates/syscp/1.2/update_1.2.19_1.4.inc.php
+++ b/install/updates/syscp/1.2/update_1.2.19_1.4.inc.php
--- a/install/updates/syscp/1.4/update_1.4.inc.php
+++ b/install/updates/syscp/1.4/update_1.4.inc.php
@@ -1,120 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Florian Lippert <flo@syscp.org> (2003-2009)
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Install
- *
- */
-
-if($settings['panel']['version'] == '1.4')
-{
-	$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from 1.4 to 1.4-svn1");
-
-	// Going to fix the stuff the update 1.2.19-svn42 to 1.2.19-svn43 broke
-
-	$result = $db->query("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `documentroot` LIKE 'http%';");
-
-	while($row = $db->fetch_array($result))
-	{
-		if(preg_match("#(https?)://?(.*)#i", $row['documentroot'], $matches))
-		{
-			$row['documentroot'] = $matches[1] . "://" . $matches[2];
-			$db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `documentroot` = '" . $db->escape($row['documentroot']) . "' WHERE `id` = '" . $row['id'] . "';");
-		}
-	}
-
-	// set new version
-
-	$query = 'UPDATE `%s` SET `value` = \'1.4-svn1\' WHERE `settinggroup` = \'panel\' AND `varname` = \'version\'';
-	$query = sprintf($query, TABLE_PANEL_SETTINGS);
-	$db->query($query);
-	$settings['panel']['version'] = '1.4-svn1';
-}
-
-if($settings['panel']['version'] == '1.4-svn1')
-{
-	$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from 1.4-svn1 to 1.4.1");
-
-	// set new version
-
-	$query = 'UPDATE `%s` SET `value` = \'1.4.1\' WHERE `settinggroup` = \'panel\' AND `varname` = \'version\'';
-	$query = sprintf($query, TABLE_PANEL_SETTINGS);
-	$db->query($query);
-	$settings['panel']['version'] = '1.4.1';
-}
-
-if($settings['panel']['version'] == '1.4.1')
-{
-	$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from 1.4.1 to 1.4.1-svn1");
-
-	// give at least ONE admin the permission to edit phpsettings, bug #1031
-
-	$cntCanEditPHP = $db->query_first("SELECT COUNT(`caneditphpsettings`) as `cnt` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `caneditphpsettings` = '1'");
-
-	if($cntCanEditPHP['cnt'] <= 0)
-	{
-		// none of the admins can edit php-settings,
-		//so we give those who can edit serversettings the right to edit php-settings
-
-		$db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `caneditphpsettings` = '1' WHERE `change_serversettings` = '1'");
-	}
-
-	// set new version
-
-	$query = 'UPDATE `%s` SET `value` = \'1.4.1-svn1\' WHERE `settinggroup` = \'panel\' AND `varname` = \'version\'';
-	$query = sprintf($query, TABLE_PANEL_SETTINGS);
-	$db->query($query);
-	$settings['panel']['version'] = '1.4.1-svn1';
-}
-
-if($settings['panel']['version'] == '1.4.1-svn1')
-{
-	$updateto = '1.4.1-svn2';
-	$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from " . $settings['panel']['version'] . " to " . $updateto);
-
-	// set new version
-
-	$query = 'UPDATE `%s` SET `value` = \'' . $updateto . '\' WHERE `settinggroup` = \'panel\' AND `varname` = \'version\'';
-	$query = sprintf($query, TABLE_PANEL_SETTINGS);
-	$db->query($query);
-	$settings['panel']['version'] = $updateto;
-}
-
-if($settings['panel']['version'] == '1.4.1-svn2')
-{
-	$updateto = '1.4.1-svn3';
-	$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from " . $settings['panel']['version'] . " to " . $updateto);
-
-	// set new version
-
-	$query = 'UPDATE `%s` SET `value` = \'' . $updateto . '\' WHERE `settinggroup` = \'panel\' AND `varname` = \'version\'';
-	$query = sprintf($query, TABLE_PANEL_SETTINGS);
-	$db->query($query);
-	$settings['panel']['version'] = $updateto;
-}
-
-if($settings['panel']['version'] == '1.4.1-svn3')
-{
-	$updateto = '1.4.2';
-	$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from " . $settings['panel']['version'] . " to " . $updateto);
-
-	// set new version
-
-	$query = 'UPDATE `%s` SET `value` = \'' . $updateto . '\' WHERE `settinggroup` = \'panel\' AND `varname` = \'version\'';
-	$query = sprintf($query, TABLE_PANEL_SETTINGS);
-	$db->query($query);
-	$settings['panel']['version'] = $updateto;
-}
-
-?>
--- a/install/updatesql.php
+++ b/install/updatesql.php
@@ -17,7 +17,7 @@
 *
 */

-$updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'), $db, $settings);
+$updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'), $settings);

 $updatelogfile = validateUpdateLogFile(makeCorrectFile(dirname(__FILE__).'/update.log'));
 $filelog = FileLogger::getInstanceOf(array('loginname' => 'updater'), $settings);
@@ -35,72 +35,14 @@ try {
 * since froxlor, we have to check if there's still someone
 * out there using syscp and needs to upgrade
 */
-if(!isFroxlor())
-{
-	/**
-	 * First case: We are updating from a version < 1.0.10
-	 */
-
-	if(!isset($settings['panel']['version'])
-	|| (substr($settings['panel']['version'], 0, 3) == '1.0' && $settings['panel']['version'] != '1.0.10'))
-	{
-		$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from 1.0 to 1.0.10");
-		include_once (makeCorrectFile(dirname(__FILE__).'/updates/syscp/1.0/update_1.0_1.0.10.inc.php'));
-	}
-
-	/**
-	 * Second case: We are updating from version = 1.0.10
-	 */
-
-	if($settings['panel']['version'] == '1.0.10')
-	{
-		$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from 1.0.10 to 1.2-beta1");
-		include_once (makeCorrectFile(dirname(__FILE__).'/updates/syscp/1.0/update_1.0.10_1.2-beta1.inc.php'));
-	}
-
-	/**
-	 * Third case: We are updating from a version > 1.2-beta1
-	 */
-
-	if(substr($settings['panel']['version'], 0, 3) == '1.2')
-	{
-		$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from 1.2-beta1 to 1.2.19");
-		include_once (makeCorrectFile(dirname(__FILE__).'/updates/syscp/1.2/update_1.2-beta1_1.2.19.inc.php'));
-	}
-
-	/**
-	 * 4th case: We are updating from 1.2.19 to 1.2.20 (prolly the last from the 1.2.x series)
-	 */
-
-	if(substr($settings['panel']['version'], 0, 6) == '1.2.19')
-	{
-		$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from 1.2.19 to 1.4");
-		include_once (makeCorrectFile(dirname(__FILE__).'/updates/syscp/1.2/update_1.2.19_1.4.inc.php'));
-	}
-
-	/**
-	 * 5th case: We are updating from a version >= 1.4
-	 */
-
-	if(substr($settings['panel']['version'], 0, 3) == '1.4')
-	{
-		$updatelog->logAction(ADM_ACTION, LOG_WARNING, "Updating from 1.4");
-		include_once (makeCorrectFile(dirname(__FILE__).'/updates/syscp/1.4/update_1.4.inc.php'));
-	}
-
+if(!isFroxlor()) {
 	/**
 	 * Upgrading SysCP to Froxlor-0.9
-	 *
-	 * when we reach this part, all necessary updates
-	 * should have been installes automatically by the
-	 * update scripts.
 	 */
 	include_once (makeCorrectFile(dirname(__FILE__).'/updates/froxlor/upgrade_syscp.inc.php'));
-
 }

-if(isFroxlor())
-{
+if (isFroxlor()) {
 	include_once (makeCorrectFile(dirname(__FILE__).'/updates/froxlor/0.9/update_0.9.inc.php'));
 	$filelog->logAction(ADM_ACTION, LOG_WARNING, '--------------- END LOG ---------------');
 	unset($filelog);
--- a/js/jquery.tablesorter.min.js
+++ b/js/jquery.tablesorter.min.js
@@ -1,145 +1,132 @@
 /*!
-* TableSorter 2.10.8 min - Client-side table sorting with ease!
+* TableSorter 2.13.3 min - Client-side table sorting with ease!
 * Copyright (c) 2007 Christian Bach
 */
-!function(f){f.extend({tablesorter:new function(){function c(d){"undefined"!==typeof console&&"undefined"!==typeof console.log?console.log(d):alert(d)}function t(d,b){c(d+" ("+((new 
-Date).getTime()-b.getTime())+"ms)")}function r(d,b,a){if(!b)return"";var e=d.config,c=e.textExtraction,l="",l="simple"===c?e.supportsTextContent?b.textContent:f(b).text():"function"===typeof 
-c?c(b,d,a):"object"===typeof c&&c.hasOwnProperty(a)?c[a](b,d,a):e.supportsTextContent?b.textContent:f(b).text();return f.trim(l)} function j(d){var 
-b=d.config,a=b.$tbodies=b.$table.children("tbody:not(."+b.cssInfoBlock+")"),e,u,l,p,n,k,h="";if(0===a.length)return b.debug?c("*Empty table!* Not building a parser 
-cache"):"";a=a[0].rows;if(a[0]){e=[];u=a[0].cells.length;for(l=0;l<u;l++){p=b.$headers.filter(":not([colspan])");p=p.add(b.$headers.filter('[colspan="1"]')).filter('[data-column="'+l+'"]:last');n=b.headers[l];k=g.getParserById(g.getData(p,n,"sorter"));b.empties[l]=g.getData(p,n,"empty")||b.emptyTo||(b.emptyToBottom?"bottom": 
-"top");b.strings[l]=g.getData(p,n,"string")||b.stringTo||"max";if(!k)a:{p=d;n=a;k=-1;for(var f=l,m=void 
-0,t=g.parsers.length,F=!1,D="",m=!0;""===D&&m;)k++,n[k]?(F=n[k].cells[f],D=r(p,F,f),p.config.debug&&c("Checking if value was empty on row "+k+", column: "+f+': 
-"'+D+'"')):m=!1;for(;0<=--t;)if((m=g.parsers[t])&&"text"!==m.id&&m.is&&m.is(D,p,F)){k=m;break a}k=g.getParserById("text")}b.debug&&(h+="column:"+l+"; parser:"+k.id+"; 
-string:"+b.strings[l]+"; empty: "+b.empties[l]+"\n");e.push(k)}}b.debug&& c(h);b.parsers=e}function v(d){var b=d.tBodies,a=d.config,e,u,l=a.parsers,p,n,k,h,q,m,H,j=[];a.cache={};if(!l)return 
-a.debug?c("*Empty table!* Not building a cache"):"";a.debug&&(H=new 
-Date);a.showProcessing&&g.isProcessing(d,!0);for(h=0;h<b.length;h++)if(a.cache[h]={row:[],normalized:[]},!f(b[h]).hasClass(a.cssInfoBlock)){e=b[h]&&b[h].rows.length||0;u=b[h].rows[0]&&b[h].rows[0].cells.length||0;for(n=0;n<e;++n)if(q=f(b[h].rows[n]),m=[],q.hasClass(a.cssChildRow))a.cache[h].row[a.cache[h].row.length- 
-1]=a.cache[h].row[a.cache[h].row.length-1].add(q);else{a.cache[h].row.push(q);for(k=0;k<u;++k)if(p=r(d,q[0].cells[k],k),p=l[k].format(p,d,q[0].cells[k],k),m.push(p),"numeric"===(l[k].type||"").toLowerCase())j[k]=Math.max(Math.abs(p)||0,j[k]||0);m.push(a.cache[h].normalized.length);a.cache[h].normalized.push(m)}a.cache[h].colMax=j}a.showProcessing&&g.isProcessing(d);a.debug&&t("Building 
-cache for "+e+" rows",H)}function x(d,b){var a=d.config,e=d.tBodies,c=[],l=a.cache,p,n,k,h,q,m,r,j,D,s,v;if(l[0]){a.debug&& (v=new 
-Date);for(j=0;j<e.length;j++)if(p=f(e[j]),p.length&&!p.hasClass(a.cssInfoBlock)){q=g.processTbody(d,p,!0);p=l[j].row;n=l[j].normalized;h=(k=n.length)?n[0].length-1:0;for(m=0;m<k;m++)if(s=n[m][h],c.push(p[s]),!a.appender||!a.removeRows){D=p[s].length;for(r=0;r<D;r++)q.append(p[s][r])}g.processTbody(d,q,!1)}a.appender&&a.appender(d,c);a.debug&&t("Rebuilt 
-table",v);b||g.applyWidget(d);f(d).trigger("sortEnd",d)}}function A(d){var b=[],a={},e=0,u=f(d).find("thead:eq(0), tfoot").children("tr"),l, 
-p,n,k,h,q,m,j,r,s;for(l=0;l<u.length;l++){h=u[l].cells;for(p=0;p<h.length;p++){k=h[p];q=k.parentNode.rowIndex;m=q+"-"+k.cellIndex;j=k.rowSpan||1;r=k.colSpan||1;"undefined"===typeof 
-b[q]&&(b[q]=[]);for(n=0;n<b[q].length+1;n++)if("undefined"===typeof b[q][n]){s=n;break}a[m]=s;e=Math.max(s,e);f(k).attr({"data-column":s});for(n=q;n<q+j;n++){"undefined"===typeof 
-b[n]&&(b[n]=[]);m=b[n];for(k=s;k<s+r;k++)m[k]="x"}}}d.config.columns=e;var v,B,x,A,z,y,C,w=d.config;w.headerList=[];w.headerContent=[];w.debug&& (C=new Date);A=w.cssIcon?'<i 
-class="'+w.cssIcon+'"></i>':"";w.$headers=f(d).find(w.selectorHeaders).each(function(d){B=f(this);v=w.headers[d];w.headerContent[d]=this.innerHTML;z=w.headerTemplate.replace(/\{content\}/g,this.innerHTML).replace(/\{icon\}/g,A);w.onRenderTemplate&&(x=w.onRenderTemplate.apply(B,[d,z]))&&"string"===typeof 
-x&&(z=x);this.innerHTML='<div class="tablesorter-header-inner">'+z+"</div>";w.onRenderHeader&&w.onRenderHeader.apply(B,[d]);this.column=a[this.parentNode.rowIndex+"-"+ this.cellIndex];var 
-b=g.getData(B,v,"sortInitialOrder")||w.sortInitialOrder;this.order=/^d/i.test(b)||1===b?[1,0,2]:[0,1,2];this.count=-1;this.lockedOrder=!1;y=g.getData(B,v,"lockedOrder")||!1;"undefined"!==typeof 
-y&&!1!==y&&(this.order=this.lockedOrder=/^d/i.test(y)||1===y?[1,1,1]:[0,0,0]);B.addClass(w.cssHeader);w.headerList[d]=this;B.parent().addClass(w.cssHeaderRow);B.attr("tabindex",0)});E(d);w.debug&&(t("Built 
-headers:",C),c(w.$headers))}function y(d,b,a){var e=d.config;e.$table.find(e.selectorRemove).remove(); j(d);v(d);G(e.$table,b,a)}function E(d){var 
-b,a=d.config;a.$headers.each(function(d,c){b="false"===g.getData(c,a.headers[d],"sorter");c.sortDisabled=b;f(c)[b?"addClass":"removeClass"]("sorter-false")})}function C(d){var 
-b,a,e,c=d.config,l=c.sortList,p=[c.cssAsc,c.cssDesc],g=f(d).find("tfoot tr").children().removeClass(p.join(" "));c.$headers.removeClass(p.join(" 
-"));e=l.length;for(b=0;b<e;b++)if(2!==l[b][1]&&(d=c.$headers.not(".sorter-false").filter('[data-column="'+l[b][0]+'"]'+(1===e?":last":"")), 
-d.length))for(a=0;a<d.length;a++)d[a].sortDisabled||(d.eq(a).addClass(p[l[b][1]]),g.length&&g.filter('[data-column="'+l[b][0]+'"]').eq(a).addClass(p[l[b][1]]))}function z(d){var 
-b=0,a=d.config,e=a.sortList,c=e.length,l=d.tBodies.length,p,g,k,h,q,m,j,r,s;if(!a.serverSideSorting&&a.cache[0]){a.debug&&(p=new 
-Date);for(k=0;k<l;k++)q=a.cache[k].colMax,s=(m=a.cache[k].normalized)&&m[0]?m[0].length-1:0,m.sort(function(l,p){for(g=0;g<c;g++){h=e[g][0];r=e[g][1];j=/n/i.test(a.parsers&&a.parsers[h]?a.parsers[h].type|| 
-"":"")?"Numeric":"Text";j+=0===r?"":"Desc";/Numeric/.test(j)&&a.strings[h]&&(b="boolean"===typeof 
-a.string[a.strings[h]]?(0===r?1:-1)*(a.string[a.strings[h]]?-1:1):a.strings[h]?a.string[a.strings[h]]||0:0);var k=f.tablesorter["sort"+j](d,l[h],p[h],h,q[h],b);if(k)return k}return 
-l[s]-p[s]});a.debug&&t("Sorting on "+e.toString()+" and dir "+r+" time",p)}}function I(d,b){d.trigger("updateComplete");"function"===typeof b&&b(d[0])}function 
-G(d,b,a){!1!==b&&!d[0].isProcessing?d.trigger("sorton",[d[0].config.sortList, function(){I(d,a)}]):I(d,a)}function J(d){var 
-b=d.config,a=b.$table,e,c;b.$headers.find(b.selectorSort).add(b.$headers.filter(b.selectorSort)).unbind("mousedown.tablesorter mouseup.tablesorter sort.tablesorter 
-keypress.tablesorter").bind("mousedown.tablesorter mouseup.tablesorter sort.tablesorter 
-keypress.tablesorter",function(a,e){if(1!==(a.which||a.button)&&!/sort|keypress/.test(a.type)||"keypress"===a.type&&13!==a.which||"mouseup"===a.type&&!0!==e&&250<(new 
-Date).getTime()-c)return!1;if("mousedown"=== a.type)return c=(new Date).getTime(),"INPUT"===a.target.tagName?"":!b.cancelSelection;b.delayInit&&!b.cache&&v(d);var 
-n=(/TH|TD/.test(this.tagName)?f(this):f(this).parents("th, td").filter(":first"))[0];if(!n.sortDisabled){var 
-k,h,q,m=d.config,j=!a[m.sortMultiSortKey],r=f(d);r.trigger("sortStart",d);n.count=a[m.sortResetKey]?2:(n.count+1)%(m.sortReset?3:2);m.sortRestart&&(h=n,m.$headers.each(function(){if(this!==h&&(j||!f(this).is("."+m.cssDesc+",."+m.cssAsc)))this.count=-1}));h=n.column;if(j){m.sortList= 
-[];if(null!==m.sortForce){k=m.sortForce;for(q=0;q<k.length;q++)k[q][0]!==h&&m.sortList.push(k[q])}k=n.order[n.count];if(2>k&&(m.sortList.push([h,k]),1<n.colSpan))for(q=1;q<n.colSpan;q++)m.sortList.push([h+q,k])}else 
-if(m.sortAppend&&1<m.sortList.length&&g.isValueInArray(m.sortAppend[0][0],m.sortList)&&m.sortList.pop(),g.isValueInArray(h,m.sortList))for(q=0;q<m.sortList.length;q++)n=m.sortList[q],k=m.headerList[n[0]],n[0]===h&&(n[1]=k.order[k.count],2===n[1]&&(m.sortList.splice(q,1),k.count=-1));else 
-if(k= 
-n.order[n.count],2>k&&(m.sortList.push([h,k]),1<n.colSpan))for(q=1;q<n.colSpan;q++)m.sortList.push([h+q,k]);if(null!==m.sortAppend){k=m.sortAppend;for(q=0;q<k.length;q++)k[q][0]!==h&&m.sortList.push(k[q])}r.trigger("sortBegin",d);setTimeout(function(){C(d);z(d);x(d)},1)}});b.cancelSelection&&b.$headers.attr("unselectable","on").bind("selectstart",!1).css({"user-select":"none",MozUserSelect:"none"});a.unbind("sortReset 
-update updateRows updateCell updateAll addRows sorton appendCache applyWidgetId applyWidgets refreshWidgets destroy mouseup mouseleave ".split(" ").join(".tablesorter 
-")).bind("sortReset.tablesorter", 
-function(a){a.stopPropagation();b.sortList=[];C(d);z(d);x(d)}).bind("updateAll.tablesorter",function(a,b,e){a.stopPropagation();g.refreshWidgets(d,!0,!0);g.restoreHeaders(d);A(d);J(d);y(d,b,e)}).bind("update.tablesorter 
-updateRows.tablesorter",function(a,b,e){a.stopPropagation();E(d);y(d,b,e)}).bind("updateCell.tablesorter",function(e,c,g,k){e.stopPropagation();a.find(b.selectorRemove).remove();var 
-h,q,m;h=a.find("tbody");e=h.index(f(c).parents("tbody").filter(":first"));var u=f(c).parents("tr").filter(":first"); 
-c=f(c)[0];h.length&&0<=e&&(q=h.eq(e).find("tr").index(u),m=c.cellIndex,h=b.cache[e].normalized[q].length-1,b.cache[e].row[d.config.cache[e].normalized[q][h]]=u,b.cache[e].normalized[q][m]=b.parsers[m].format(r(d,c,m),d,c,m),G(a,g,k))}).bind("addRows.tablesorter",function(c,g,f,k){c.stopPropagation();var 
-h=g.filter("tr").length,u=[],m=g[0].cells.length,t=a.find("tbody").index(g.parents("tbody").filter(":first"));b.parsers||j(d);for(c=0;c<h;c++){for(e=0;e<m;e++)u[e]=b.parsers[e].format(r(d,g[c].cells[e], 
-e),d,g[c].cells[e],e);u.push(b.cache[t].row.length);b.cache[t].row.push([g[c]]);b.cache[t].normalized.push(u);u=[]}G(a,f,k)}).bind("sorton.tablesorter",function(b,e,c,g){b.stopPropagation();a.trigger("sortStart",this);var 
-h,u,m,j=d.config;b=e||j.sortList;j.sortList=[];f.each(b,function(a,b){h=[parseInt(b[0],10),parseInt(b[1],10)];if(m=j.headerList[h[0]])j.sortList.push(h),u=f.inArray(h[1],m.order),m.count=0<=u?u:h[1]%(j.sortReset?3:2)});C(d);a.trigger("sortBegin",this);z(d);x(d,g);"function"===typeof 
-c&& c(d)}).bind("appendCache.tablesorter",function(a,b,e){a.stopPropagation();x(d,e);"function"===typeof 
-b&&b(d)}).bind("applyWidgetId.tablesorter",function(a,e){a.stopPropagation();g.getWidgetById(e).format(d,b,b.widgetOptions)}).bind("applyWidgets.tablesorter",function(a,b){a.stopPropagation();g.applyWidget(d,b)}).bind("refreshWidgets.tablesorter",function(a,b,e){a.stopPropagation();g.refreshWidgets(d,b,e)}).bind("destroy.tablesorter",function(a,b,e){a.stopPropagation();g.destroy(d,b,e)})}var 
-g=this; 
-g.version="2.10.8";g.parsers=[];g.widgets=[];g.defaults={theme:"default",widthFixed:!1,showProcessing:!1,headerTemplate:"{content}",onRenderTemplate:null,onRenderHeader:null,cancelSelection:!0,dateFormat:"mmddyyyy",sortMultiSortKey:"shiftKey",sortResetKey:"ctrlKey",usNumberFormat:!0,delayInit:!1,serverSideSorting:!1,headers:{},ignoreCase:!0,sortForce:null,sortList:[],sortAppend:null,sortInitialOrder:"asc",sortLocaleCompare:!1,sortReset:!1,sortRestart:!1,emptyTo:"bottom",stringTo:"max",textExtraction:"simple", 
-textSorter:null,widgets:[],widgetOptions:{zebra:["even","odd"]},initWidgets:!0,initialized:null,tableClass:"tablesorter",cssAsc:"tablesorter-headerAsc",cssChildRow:"tablesorter-childRow",cssDesc:"tablesorter-headerDesc",cssHeader:"tablesorter-header",cssHeaderRow:"tablesorter-headerRow",cssIcon:"tablesorter-icon",cssInfoBlock:"tablesorter-infoOnly",cssProcessing:"tablesorter-processing",selectorHeaders:"> 
-thead th, > thead td",selectorSort:"th, td",selectorRemove:".remove-me",debug:!1,headerList:[], empties:{},strings:{},parsers:[]};g.log=c;g.benchmark=t;g.construct=function(d){return 
-this.each(function(){if(!this.tHead||0===this.tBodies.length||!0===this.hasInitialized)return this.config&&this.config.debug?c("stopping initialization! No thead, tbody or tablesorter has 
-already been initialized"):"";var 
-b=f(this),a=this,e,u="",l=f.metadata;a.hasInitialized=!1;a.isProcessing=!0;a.config={};e=f.extend(!0,a.config,g.defaults,d);f.data(a,"tablesorter",e);e.debug&&f.data(a,"startoveralltimer",new 
-Date); 
-e.supportsTextContent="x"===f("<span>x</span>")[0].textContent;e.supportsDataObject=1.4<=parseFloat(f.fn.jquery);e.string={max:1,min:-1,"max+":1,"max-":-1,zero:0,none:0,"null":0,top:!0,bottom:!1};/tablesorter\-/.test(b.attr("class"))||(u=""!==e.theme?" 
-tablesorter-"+e.theme:"");e.$table=b.addClass(e.tableClass+u);e.$tbodies=b.children("tbody:not(."+e.cssInfoBlock+")");A(a);if(a.config.widthFixed&&0===f(a).find("colgroup").length){var 
-p=f("<colgroup>"),n=f(a).width();f(a.tBodies[0]).find("tr:first").children("td").each(function(){p.append(f("<col>").css("width", 
-parseInt(1E3*(f(this).width()/n),10)/10+"%"))});f(a).prepend(p)}j(a);e.delayInit||v(a);J(a);e.supportsDataObject&&"undefined"!==typeof 
-b.data().sortlist?e.sortList=b.data().sortlist:l&&(b.metadata()&&b.metadata().sortlist)&&(e.sortList=b.metadata().sortlist);g.applyWidget(a,!0);0<e.sortList.length?b.trigger("sorton",[e.sortList,{},!e.initWidgets]):e.initWidgets&&g.applyWidget(a);e.showProcessing&&b.unbind("sortBegin.tablesorter 
-sortEnd.tablesorter").bind("sortBegin.tablesorter sortEnd.tablesorter", 
-function(b){g.isProcessing(a,"sortBegin"===b.type)});a.hasInitialized=!0;a.isProcessing=!1;e.debug&&g.benchmark("Overall initialization 
-time",f.data(a,"startoveralltimer"));b.trigger("tablesorter-initialized",a);"function"===typeof e.initialized&&e.initialized(a)})};g.isProcessing=function(d,b,a){d=f(d);var 
-e=d[0].config;d=a||d.find("."+e.cssHeader);b?(0<e.sortList.length&&(d=d.filter(function(){return 
-this.sortDisabled?!1:g.isValueInArray(parseFloat(f(this).attr("data-column")),e.sortList)})),d.addClass(e.cssProcessing)): 
-d.removeClass(e.cssProcessing)};g.processTbody=function(d,b,a){if(a)return d.isProcessing=!0,b.before('<span 
-class="tablesorter-savemyplace"/>'),a=f.fn.detach?b.detach():b.remove();a=f(d).find("span.tablesorter-savemyplace");b.insertAfter(a);a.remove();d.isProcessing=!1};g.clearTableBody=function(d){f(d)[0].config.$tbodies.empty()};g.restoreHeaders=function(d){var 
-b=d.config;b.$table.find(b.selectorHeaders).each(function(a){f(this).find(".tablesorter-header-inner").length&&f(this).html(b.headerContent[a])})}; 
-g.destroy=function(d,b,a){d=f(d)[0];if(d.hasInitialized){g.refreshWidgets(d,!0,!0);var 
-e=f(d),c=d.config,l=e.find("thead:first"),p=l.find("tr."+c.cssHeaderRow).removeClass(c.cssHeaderRow),n=e.find("tfoot:first > tr").children("th, 
-td");l.find("tr").not(p).remove();e.removeData("tablesorter").unbind("sortReset update updateAll updateRows updateCell addRows sorton appendCache applyWidgetId applyWidgets refreshWidgets 
-destroy mouseup mouseleave keypress sortBegin sortEnd ".split(" ").join(".tablesorter ")); c.$headers.add(n).removeClass(c.cssHeader+" "+c.cssAsc+" 
-"+c.cssDesc).removeAttr("data-column");p.find(c.selectorSort).unbind("mousedown.tablesorter mouseup.tablesorter 
-keypress.tablesorter");g.restoreHeaders(d);!1!==b&&e.removeClass(c.tableClass+" tablesorter-"+c.theme);d.hasInitialized=!1;"function"===typeof 
-a&&a(d)}};g.regex=[/(^([+\-]?(?:0|[1-9]\d*)(?:\.\d*)?(?:[eE][+\-]?\d+)?)?$|^0x[0-9a-f]+$|\d+)/gi,/(^([\w ]+,?[\w ]+)?[\w ]+,?[\w ]+\d+:\d+(:\d+)?[\w 
-]?|^\d{1,4}[\/\-]\d{1,4}[\/\-]\d{1,4}|^\w+, \w+ \d+, \d{4})/, /^0x[0-9a-f]+$/i];g.sortText=function(d,b,a,e){if(b===a)return 0;var 
-c=d.config,l=c.string[c.empties[e]||c.emptyTo],f=g.regex;if(""===b&&0!==l)return"boolean"===typeof l?l?-1:1:-l||-1;if(""===a&&0!==l)return"boolean"===typeof 
-l?l?1:-1:l||1;if("function"===typeof c.textSorter)return 
-c.textSorter(b,a,d,e);d=b.replace(f[0],"\\0$1\\0").replace(/\\0$/,"").replace(/^\\0/,"").split("\\0");e=a.replace(f[0],"\\0$1\\0").replace(/\\0$/,"").replace(/^\\0/,"").split("\\0");b=parseInt(b.match(f[2]),16)||1!==d.length&& 
-b.match(f[1])&&Date.parse(b);if(a=parseInt(a.match(f[2]),16)||b&&a.match(f[1])&&Date.parse(a)||null){if(b<a)return-1;if(b>a)return 
-1}c=Math.max(d.length,e.length);for(b=0;b<c;b++){a=isNaN(d[b])?d[b]||0:parseFloat(d[b])||0;f=isNaN(e[b])?e[b]||0:parseFloat(e[b])||0;if(isNaN(a)!==isNaN(f))return isNaN(a)?1:-1;typeof 
-a!==typeof f&&(a+="",f+="");if(a<f)return-1;if(a>f)return 1}return 0};g.sortTextDesc=function(d,b,a,e){if(b===a)return 0;var c=d.config,f=c.string[c.empties[e]||c.emptyTo];return""===b&& 
-0!==f?"boolean"===typeof f?f?-1:1:f||1:""===a&&0!==f?"boolean"===typeof f?f?1:-1:-f||-1:"function"===typeof 
-c.textSorter?c.textSorter(a,b,d,e):g.sortText(d,a,b)};g.getTextValue=function(d,b,a){if(b){var c=d?d.length:0,g=b+a;for(b=0;b<c;b++)g+=d.charCodeAt(b);return a*g}return 
-0};g.sortNumeric=function(d,b,a,c,f,l){if(b===a)return 0;d=d.config;c=d.string[d.empties[c]||d.emptyTo];if(""===b&&0!==c)return"boolean"===typeof 
-c?c?-1:1:-c||-1;if(""===a&&0!==c)return"boolean"===typeof c?c?1:-1:c||1;isNaN(b)&& (b=g.getTextValue(b,f,l));isNaN(a)&&(a=g.getTextValue(a,f,l));return 
-b-a};g.sortNumericDesc=function(d,b,a,c,f,l){if(b===a)return 0;d=d.config;c=d.string[d.empties[c]||d.emptyTo];if(""===b&&0!==c)return"boolean"===typeof 
-c?c?-1:1:c||1;if(""===a&&0!==c)return"boolean"===typeof c?c?1:-1:-c||-1;isNaN(b)&&(b=g.getTextValue(b,f,l));isNaN(a)&&(a=g.getTextValue(a,f,l));return 
-a-b};g.characterEquivalents={a:"\u00e1\u00e0\u00e2\u00e3\u00e4\u0105\u00e5",A:"\u00c1\u00c0\u00c2\u00c3\u00c4\u0104\u00c5",c:"\u00e7\u0107\u010d", 
-C:"\u00c7\u0106\u010c",e:"\u00e9\u00e8\u00ea\u00eb\u011b\u0119",E:"\u00c9\u00c8\u00ca\u00cb\u011a\u0118",i:"\u00ed\u00ec\u0130\u00ee\u00ef\u0131",I:"\u00cd\u00cc\u0130\u00ce\u00cf",o:"\u00f3\u00f2\u00f4\u00f5\u00f6",O:"\u00d3\u00d2\u00d4\u00d5\u00d6",ss:"\u00df",SS:"\u1e9e",u:"\u00fa\u00f9\u00fb\u00fc\u016f",U:"\u00da\u00d9\u00db\u00dc\u016e"};g.replaceAccents=function(d){var 
-b,a="[",c=g.characterEquivalents;if(!g.characterRegex){g.characterRegexArray={};for(b in c)"string"===typeof b&&(a+=c[b],g.characterRegexArray[b]= 
-RegExp("["+c[b]+"]","g"));g.characterRegex=RegExp(a+"]")}if(g.characterRegex.test(d))for(b in c)"string"===typeof b&&(d=d.replace(g.characterRegexArray[b],b));return 
-d};g.isValueInArray=function(d,b){var a,c=b.length;for(a=0;a<c;a++)if(b[a][0]===d)return!0;return!1};g.addParser=function(d){var 
-b,a=g.parsers.length,c=!0;for(b=0;b<a;b++)g.parsers[b].id.toLowerCase()===d.id.toLowerCase()&&(c=!1);c&&g.parsers.push(d)};g.getParserById=function(d){var 
-b,a=g.parsers.length;for(b=0;b<a;b++)if(g.parsers[b].id.toLowerCase()=== d.toString().toLowerCase())return 
-g.parsers[b];return!1};g.addWidget=function(d){g.widgets.push(d)};g.getWidgetById=function(d){var 
-b,a,c=g.widgets.length;for(b=0;b<c;b++)if((a=g.widgets[b])&&a.hasOwnProperty("id")&&a.id.toLowerCase()===d.toLowerCase())return a};g.applyWidget=function(d,b){d=f(d)[0];var 
-a=d.config,c=a.widgetOptions,j=[],l,p,n;a.debug&&(l=new Date);a.widgets.length&&(a.widgets=f.grep(a.widgets,function(b,d){return 
-f.inArray(b,a.widgets)===d}),f.each(a.widgets||[],function(a,b){if((n= g.getWidgetById(b))&&n.id)n.priority||(n.priority=10),j[a]=n}),j.sort(function(a,b){return 
-a.priority<b.priority?-1:a.priority===b.priority?0:1}),f.each(j,function(g,h){h&&(b?(h.hasOwnProperty("options")&&(c=d.config.widgetOptions=f.extend(!0,{},h.options,c)),h.hasOwnProperty("init")&&h.init(d,h,a,c)):!b&&h.hasOwnProperty("format")&&h.format(d,a,c,!1))}));a.debug&&(p=a.widgets.length,t("Completed 
-"+(!0===b?"initializing ":"applying ")+p+" widget"+(1!==p?"s":""),l))};g.refreshWidgets=function(d,b, a){d=f(d)[0];var 
-e,j=d.config,l=j.widgets,p=g.widgets,n=p.length;for(e=0;e<n;e++)if(p[e]&&p[e].id&&(b||0>f.inArray(p[e].id,l)))j.debug&&c("Refeshing widgets: Removing 
-"+p[e].id),p[e].hasOwnProperty("remove")&&p[e].remove(d,j,j.widgetOptions);!0!==a&&g.applyWidget(d,b)};g.getData=function(d,b,a){var c="";d=f(d);var 
-g,l;if(!d.length)return"";g=f.metadata?d.metadata():!1;l=" "+(d.attr("class")||"");"undefined"!==typeof d.data(a)||"undefined"!==typeof 
-d.data(a.toLowerCase())?c+=d.data(a)||d.data(a.toLowerCase()): g&&"undefined"!==typeof g[a]?c+=g[a]:b&&"undefined"!==typeof b[a]?c+=b[a]:" "!==l&&l.match(" 
-"+a+"-")&&(c=l.match(RegExp("\\s"+a+"-([\\w-]+)"))[1]||"");return f.trim(c)};g.formatFloat=function(c,b){if("string"!==typeof c||""===c)return c;var 
-a;c=(b&&b.config?!1!==b.config.usNumberFormat:"undefined"!==typeof 
-b?b:1)?c.replace(/,/g,""):c.replace(/[\s|\.]/g,"").replace(/,/g,".");/^\s*\([.\d]+\)/.test(c)&&(c=c.replace(/^\s*\(/,"-").replace(/\)/,""));a=parseFloat(c);return 
-isNaN(a)?f.trim(c):a};g.isDigit= function(c){return isNaN(c)?/^[\-+(]?\d+[)]?$/.test(c.toString().replace(/[,.'"\s]/g,"")):!0}}});var 
-j=f.tablesorter;f.fn.extend({tablesorter:j.construct});j.addParser({id:"text",is:function(){return!0},format:function(c,t){var 
-r=t.config;c&&(c=f.trim(r.ignoreCase?c.toLocaleLowerCase():c),c=r.sortLocaleCompare?j.replaceAccents(c):c);return c},type:"text"});j.addParser({id:"digit",is:function(c){return 
-j.isDigit(c)},format:function(c,t){var r=j.formatFloat((c||"").replace(/[^\w,. \-()]/g,""),t);return c&& "number"===typeof 
-r?r:c?f.trim(c&&t.config.ignoreCase?c.toLocaleLowerCase():c):c},type:"numeric"});j.addParser({id:"currency",is:function(c){return/^\(?\d+[\u00a3$\u20ac\u00a4\u00a5\u00a2?.]|[\u00a3$\u20ac\u00a4\u00a5\u00a2?.]\d+\)?$/.test((c||"").replace(/[,. 
-]/g,""))},format:function(c,t){var r=j.formatFloat((c||"").replace(/[^\w,. \-()]/g,""),t);return c&&"number"===typeof 
-r?r:c?f.trim(c&&t.config.ignoreCase?c.toLocaleLowerCase():c):c},type:"numeric"});j.addParser({id:"ipAddress",is:function(c){return/^\d{1,3}[\.]\d{1,3}[\.]\d{1,3}[\.]\d{1,3}$/.test(c)}, 
-format:function(c,f){var r,s=c?c.split("."):"",v="",x=s.length;for(r=0;r<x;r++)v+=("00"+s[r]).slice(-3);return 
-c?j.formatFloat(v,f):c},type:"numeric"});j.addParser({id:"url",is:function(c){return/^(https?|ftp|file):\/\//.test(c)},format:function(c){return 
-c?f.trim(c.replace(/(https?|ftp|file):\/\//,"")):c},type:"text"});j.addParser({id:"isoDate",is:function(c){return/^\d{4}[\/\-]\d{1,2}[\/\-]\d{1,2}/.test(c)},format:function(c,f){return 
-c?j.formatFloat(""!==c?(new Date(c.replace(/-/g,"/"))).getTime()|| 
-"":"",f):c},type:"numeric"});j.addParser({id:"percent",is:function(c){return/(\d\s*?%|%\s*?\d)/.test(c)&&15>c.length},format:function(c,f){return 
-c?j.formatFloat(c.replace(/%/g,""),f):c},type:"numeric"});j.addParser({id:"usLongDate",is:function(c){return/^[A-Z]{3,10}\.?\s+\d{1,2},?\s+(\d{4})(\s+\d{1,2}:\d{2}(:\d{2})?(\s+[AP]M)?)?$/i.test(c)||/^\d{1,2}\s+[A-Z]{3,10}\s+\d{4}/i.test(c)},format:function(c,f){return 
-c?j.formatFloat((new Date(c.replace(/(\S)([AP]M)$/i,"$1 $2"))).getTime()||"",f):c},type:"numeric"}); 
-j.addParser({id:"shortDate",is:function(c){return/(^\d{1,2}[\/\s]\d{1,2}[\/\s]\d{4})|(^\d{4}[\/\s]\d{1,2}[\/\s]\d{1,2})/.test((c||"").replace(/\s+/g," 
-").replace(/[\-.,]/g,"/"))},format:function(c,f,r,s){if(c){r=f.config;var v=r.headerList[s];s=v.dateFormat||j.getData(v,r.headers[s],"dateFormat")||r.dateFormat;c=c.replace(/\s+/g," 
-").replace(/[\-.,]/g,"/");"mmddyyyy"===s?c=c.replace(/(\d{1,2})[\/\s](\d{1,2})[\/\s](\d{4})/,"$3/$1/$2"):"ddmmyyyy"===s?c=c.replace(/(\d{1,2})[\/\s](\d{1,2})[\/\s](\d{4})/, 
-"$3/$2/$1"):"yyyymmdd"===s&&(c=c.replace(/(\d{4})[\/\s](\d{1,2})[\/\s](\d{1,2})/,"$1/$2/$3"))}return c?j.formatFloat((new 
-Date(c)).getTime()||"",f):c},type:"numeric"});j.addParser({id:"time",is:function(c){return/^(([0-2]?\d:[0-5]\d)|([0-1]?\d:[0-5]\d\s?([AP]M)))$/i.test(c)},format:function(c,f){return 
-c?j.formatFloat((new Date("2000/01/01 "+c.replace(/(\S)([AP]M)$/i,"$1 
-$2"))).getTime()||"",f):c},type:"numeric"});j.addParser({id:"metadata",is:function(){return!1},format:function(c,j,r){c=j.config; 
-c=!c.parserMetadataName?"sortValue":c.parserMetadataName;return f(r).metadata()[c]},type:"numeric"});j.addWidget({id:"zebra",priority:90,format:function(c,t,r){var 
-s,v,x,A,y,E,C=RegExp(t.cssChildRow,"i"),z=t.$tbodies;t.debug&&(y=new 
-Date);for(c=0;c<z.length;c++)s=z.eq(c),E=s.children("tr").length,1<E&&(x=0,s=s.children("tr:visible"),s.each(function(){v=f(this);C.test(this.className)||x++;A=0===x%2;v.removeClass(r.zebra[A?1:0]).addClass(r.zebra[A?0:1])}));t.debug&&j.benchmark("Applying 
-Zebra widget", y)},remove:function(c,j,r){var s;j=j.$tbodies;var v=(r.zebra||["even","odd"]).join(" 
-");for(r=0;r<j.length;r++)s=f.tablesorter.processTbody(c,j.eq(r),!0),s.children().removeClass(v),f.tablesorter.processTbody(c,s,!1)}})}(jQuery);
+!(function($){"use strict";$.extend({tablesorter:new function(){var ts=this;ts.version="2.13.3";ts.parsers=[];ts.widgets=[];ts.defaults={theme:'default',widthFixed:false,showProcessing:false,headerTemplate:'{content}',onRenderTemplate:null,onRenderHeader:null,cancelSelection:true,dateFormat:'mmddyyyy',sortMultiSortKey:'shiftKey',sortResetKey:'ctrlKey',usNumberFormat:true,delayInit:false,serverSideSorting:false,headers:{},ignoreCase:true,sortForce:null,sortList:[],sortAppend:null,sortInitialOrder:'asc',sortLocaleCompare:false,sortReset:false,sortRestart:false,emptyTo:'bottom',stringTo:'max',textExtraction:'simple',textSorter:null,numberSorter:null,widgets:[],widgetOptions:{zebra:['even','odd']},initWidgets:true,initialized:null,tableClass:'',cssAsc:'',cssDesc:'',cssHeader:'',cssHeaderRow:'',cssProcessing:'',cssChildRow:'tablesorter-childRow',cssIcon:'tablesorter-icon',cssInfoBlock:'tablesorter-infoOnly',selectorHeaders:'> thead th, > thead td',selectorSort:'th, td',selectorRemove:'.remove-me',debug:false,headerList:[],empties:{},strings:{},parsers:[]};ts.css={table:'tablesorter',childRow:'tablesorter-childRow',header:'tablesorter-header',headerRow:'tablesorter-headerRow',icon:'tablesorter-icon',info:'tablesorter-infoOnly',processing:'tablesorter-processing',sortAsc:'tablesorter-headerAsc',sortDesc:'tablesorter-headerDesc'};function log(){var s=arguments.length>1?Array.prototype.slice.call(arguments):arguments[0];if(typeof console!=="undefined"&&typeof console.log!=="undefined"){console.log(s);}else{alert(s);}}
+function benchmark(s,d){log(s+" ("+(new Date().getTime()-d.getTime())+"ms)");}
+ts.log=log;ts.benchmark=benchmark;function isEmptyObject(obj){for(var name in obj){return false;}
+return true;}
+function getElementText(table,node,cellIndex){if(!node){return"";}
+var c=table.config,t=c.textExtraction,text="";if(t==="simple"){if(c.supportsTextContent){text=node.textContent;}else{text=$(node).text();}}else{if(typeof t==="function"){text=t(node,table,cellIndex);}else if(typeof t==="object"&&t.hasOwnProperty(cellIndex)){text=t[cellIndex](node,table,cellIndex);}else{text=c.supportsTextContent?node.textContent:$(node).text();}}
+return $.trim(text);}
+function detectParserForColumn(table,rows,rowIndex,cellIndex){var cur,i=ts.parsers.length,node=false,nodeValue='',keepLooking=true;while(nodeValue===''&&keepLooking){rowIndex++;if(rows[rowIndex]){node=rows[rowIndex].cells[cellIndex];nodeValue=getElementText(table,node,cellIndex);if(table.config.debug){log('Checking if value was empty on row '+rowIndex+', column: '+cellIndex+': "'+nodeValue+'"');}}else{keepLooking=false;}}
+while(--i>=0){cur=ts.parsers[i];if(cur&&cur.id!=='text'&&cur.is&&cur.is(nodeValue,table,node)){return cur;}}
+return ts.getParserById('text');}
+function buildParserCache(table){var c=table.config,tb=c.$tbodies=c.$table.children('tbody:not(.'+c.cssInfoBlock+')'),rows,list,l,i,h,ch,p,time,parsersDebug="";if(tb.length===0){return c.debug?log('*Empty table!* Not building a parser cache'):'';}else if(c.debug){time=new Date();log('Detecting parsers for each column');}
+rows=tb[0].rows;if(rows[0]){list=[];l=rows[0].cells.length;for(i=0;i<l;i++){h=c.$headers.filter(':not([colspan])');h=h.add(c.$headers.filter('[colspan="1"]')).filter('[data-column="'+i+'"]:last');ch=c.headers[i];p=ts.getParserById(ts.getData(h,ch,'sorter'));c.empties[i]=ts.getData(h,ch,'empty')||c.emptyTo||(c.emptyToBottom?'bottom':'top');c.strings[i]=ts.getData(h,ch,'string')||c.stringTo||'max';if(!p){p=detectParserForColumn(table,rows,-1,i);}
+if(c.debug){parsersDebug+="column:"+i+"; parser:"+p.id+"; string:"+c.strings[i]+'; empty: '+c.empties[i]+"\n";}
+list.push(p);}}
+if(c.debug){log(parsersDebug);benchmark("Completed detecting parsers",time);}
+c.parsers=list;}
+function buildCache(table){var b=table.tBodies,tc=table.config,totalRows,totalCells,parsers=tc.parsers,t,v,i,j,k,c,cols,cacheTime,colMax=[];tc.cache={};if(!parsers){return tc.debug?log('*Empty table!* Not building a cache'):'';}
+if(tc.debug){cacheTime=new Date();}
+if(tc.showProcessing){ts.isProcessing(table,true);}
+for(k=0;k<b.length;k++){tc.cache[k]={row:[],normalized:[]};if(!$(b[k]).hasClass(tc.cssInfoBlock)){totalRows=(b[k]&&b[k].rows.length)||0;totalCells=(b[k].rows[0]&&b[k].rows[0].cells.length)||0;for(i=0;i<totalRows;++i){c=$(b[k].rows[i]);cols=[];if(c.hasClass(tc.cssChildRow)){tc.cache[k].row[tc.cache[k].row.length-1]=tc.cache[k].row[tc.cache[k].row.length-1].add(c);continue;}
+tc.cache[k].row.push(c);for(j=0;j<totalCells;++j){t=getElementText(table,c[0].cells[j],j);v=parsers[j].format(t,table,c[0].cells[j],j);cols.push(v);if((parsers[j].type||'').toLowerCase()==="numeric"){colMax[j]=Math.max(Math.abs(v)||0,colMax[j]||0);}}
+cols.push(tc.cache[k].normalized.length);tc.cache[k].normalized.push(cols);}
+tc.cache[k].colMax=colMax;}}
+if(tc.showProcessing){ts.isProcessing(table);}
+if(tc.debug){benchmark("Building cache for "+totalRows+" rows",cacheTime);}}
+function appendToTable(table,init){var c=table.config,wo=c.widgetOptions,b=table.tBodies,rows=[],c2=c.cache,r,n,totalRows,checkCell,$bk,$tb,i,j,k,l,pos,appendTime;if(isEmptyObject(c2)){return;}
+if(c.debug){appendTime=new Date();}
+for(k=0;k<b.length;k++){$bk=$(b[k]);if($bk.length&&!$bk.hasClass(c.cssInfoBlock)){$tb=ts.processTbody(table,$bk,true);r=c2[k].row;n=c2[k].normalized;totalRows=n.length;checkCell=totalRows?(n[0].length-1):0;for(i=0;i<totalRows;i++){pos=n[i][checkCell];rows.push(r[pos]);if(!c.appender||(c.pager&&(!c.pager.removeRows||!wo.pager_removeRows)&&!c.pager.ajax)){l=r[pos].length;for(j=0;j<l;j++){$tb.append(r[pos][j]);}}}
+ts.processTbody(table,$tb,false);}}
+if(c.appender){c.appender(table,rows);}
+if(c.debug){benchmark("Rebuilt table",appendTime);}
+if(!init&&!c.appender){ts.applyWidget(table);}
+$(table).trigger("sortEnd",table);$(table).trigger("updateComplete",table);}
+function computeThIndexes(t){var matrix=[],lookup={},cols=0,trs=$(t).find('thead:eq(0), tfoot').children('tr'),i,j,k,l,c,cells,rowIndex,cellId,rowSpan,colSpan,firstAvailCol,matrixrow;for(i=0;i<trs.length;i++){cells=trs[i].cells;for(j=0;j<cells.length;j++){c=cells[j];rowIndex=c.parentNode.rowIndex;cellId=rowIndex+"-"+c.cellIndex;rowSpan=c.rowSpan||1;colSpan=c.colSpan||1;if(typeof(matrix[rowIndex])==="undefined"){matrix[rowIndex]=[];}
+for(k=0;k<matrix[rowIndex].length+1;k++){if(typeof(matrix[rowIndex][k])==="undefined"){firstAvailCol=k;break;}}
+lookup[cellId]=firstAvailCol;cols=Math.max(firstAvailCol,cols);$(c).attr({'data-column':firstAvailCol});for(k=rowIndex;k<rowIndex+rowSpan;k++){if(typeof(matrix[k])==="undefined"){matrix[k]=[];}
+matrixrow=matrix[k];for(l=firstAvailCol;l<firstAvailCol+colSpan;l++){matrixrow[l]="x";}}}}
+t.config.columns=cols+1;return lookup;}
+function formatSortingOrder(v){return(/^d/i.test(v)||v===1);}
+function buildHeaders(table){var header_index=computeThIndexes(table),ch,$t,h,i,t,lock,time,c=table.config;c.headerList=[];c.headerContent=[];if(c.debug){time=new Date();}
+i=c.cssIcon?'<i class="'+c.cssIcon+' '+ts.css.icon+'"></i>':'';c.$headers=$(table).find(c.selectorHeaders).each(function(index){$t=$(this);ch=c.headers[index];c.headerContent[index]=$(this).html();t=c.headerTemplate.replace(/\{content\}/g,$(this).html()).replace(/\{icon\}/g,i);if(c.onRenderTemplate){h=c.onRenderTemplate.apply($t,[index,t]);if(h&&typeof h==='string'){t=h;}}
+$(this).html('<div class="tablesorter-header-inner">'+t+'</div>');if(c.onRenderHeader){c.onRenderHeader.apply($t,[index]);}
+this.column=header_index[this.parentNode.rowIndex+"-"+this.cellIndex];this.order=formatSortingOrder(ts.getData($t,ch,'sortInitialOrder')||c.sortInitialOrder)?[1,0,2]:[0,1,2];this.count=-1;this.lockedOrder=false;lock=ts.getData($t,ch,'lockedOrder')||false;if(typeof lock!=='undefined'&&lock!==false){this.order=this.lockedOrder=formatSortingOrder(lock)?[1,1,1]:[0,0,0];}
+$t.addClass(ts.css.header+' '+c.cssHeader);c.headerList[index]=this;$t.parent().addClass(ts.css.headerRow+' '+c.cssHeaderRow);$t.attr("tabindex",0);});updateHeader(table);if(c.debug){benchmark("Built headers:",time);log(c.$headers);}}
+function commonUpdate(table,resort,callback){var c=table.config;c.$table.find(c.selectorRemove).remove();buildParserCache(table);buildCache(table);checkResort(c.$table,resort,callback);}
+function updateHeader(table){var s,c=table.config;c.$headers.each(function(index,th){s=ts.getData(th,c.headers[index],'sorter')==='false';th.sortDisabled=s;$(th)[s?'addClass':'removeClass']('sorter-false');});}
+function setHeadersCss(table){var f,i,j,l,c=table.config,list=c.sortList,css=[ts.css.sortAsc+' '+c.cssAsc,ts.css.sortDesc+' '+c.cssDesc],$t=$(table).find('tfoot tr').children().removeClass(css.join(' '));c.$headers.removeClass(css.join(' '));l=list.length;for(i=0;i<l;i++){if(list[i][1]!==2){f=c.$headers.not('.sorter-false').filter('[data-column="'+list[i][0]+'"]'+(l===1?':last':''));if(f.length){for(j=0;j<f.length;j++){if(!f[j].sortDisabled){f.eq(j).addClass(css[list[i][1]]);if($t.length){$t.filter('[data-column="'+list[i][0]+'"]').eq(j).addClass(css[list[i][1]]);}}}}}}}
+function fixColumnWidth(table){if(table.config.widthFixed&&$(table).find('colgroup').length===0){var colgroup=$('<colgroup>'),overallWidth=$(table).width();$(table.tBodies[0]).find("tr:first").children("td:visible").each(function(){colgroup.append($('<col>').css('width',parseInt(($(this).width()/overallWidth)*1000,10)/10+'%'));});$(table).prepend(colgroup);}}
+function updateHeaderSortCount(table,list){var s,t,o,c=table.config,sl=list||c.sortList;c.sortList=[];$.each(sl,function(i,v){s=[parseInt(v[0],10),parseInt(v[1],10)];o=c.$headers[s[0]];if(o){c.sortList.push(s);t=$.inArray(s[1],o.order);o.count=t>=0?t:s[1]%(c.sortReset?3:2);}});}
+function getCachedSortType(parsers,i){return(parsers&&parsers[i])?parsers[i].type||'':'';}
+function initSort(table,cell,e){var a,i,j,o,s,c=table.config,k=!e[c.sortMultiSortKey],$this=$(table);$this.trigger("sortStart",table);cell.count=e[c.sortResetKey]?2:(cell.count+1)%(c.sortReset?3:2);if(c.sortRestart){i=cell;c.$headers.each(function(){if(this!==i&&(k||!$(this).is('.'+ts.css.sortDesc+',.'+ts.css.sortAsc))){this.count=-1;}});}
+i=cell.column;if(k){c.sortList=[];if(c.sortForce!==null){a=c.sortForce;for(j=0;j<a.length;j++){if(a[j][0]!==i){c.sortList.push(a[j]);}}}
+o=cell.order[cell.count];if(o<2){c.sortList.push([i,o]);if(cell.colSpan>1){for(j=1;j<cell.colSpan;j++){c.sortList.push([i+j,o]);}}}}else{if(c.sortAppend&&c.sortList.length>1){if(ts.isValueInArray(c.sortAppend[0][0],c.sortList)){c.sortList.pop();}}
+if(ts.isValueInArray(i,c.sortList)){for(j=0;j<c.sortList.length;j++){s=c.sortList[j];o=c.$headers[s[0]];if(s[0]===i){s[1]=o.order[cell.count];if(s[1]===2){c.sortList.splice(j,1);o.count=-1;}}}}else{o=cell.order[cell.count];if(o<2){c.sortList.push([i,o]);if(cell.colSpan>1){for(j=1;j<cell.colSpan;j++){c.sortList.push([i+j,o]);}}}}}
+if(c.sortAppend!==null){a=c.sortAppend;for(j=0;j<a.length;j++){if(a[j][0]!==i){c.sortList.push(a[j]);}}}
+$this.trigger("sortBegin",table);setTimeout(function(){setHeadersCss(table);multisort(table);appendToTable(table);},1);}
+function multisort(table){var i,k,e,num,col,colMax,cache,lc,order,orgOrderCol,sortTime,sort,x,y,dir=0,c=table.config,cts=c.textSorter||'',sortList=c.sortList,l=sortList.length,bl=table.tBodies.length;if(c.serverSideSorting||isEmptyObject(c.cache)){return;}
+if(c.debug){sortTime=new Date();}
+for(k=0;k<bl;k++){colMax=c.cache[k].colMax;cache=c.cache[k].normalized;lc=cache.length;orgOrderCol=(cache&&cache[0])?cache[0].length-1:0;cache.sort(function(a,b){for(i=0;i<l;i++){col=sortList[i][0];order=sortList[i][1];dir=order===0;x=dir?a:b;y=dir?b:a;e=c.string[(c.empties[col]||c.emptyTo)];if(x[col]===''&&e!==0){return((typeof(e)==='boolean')?(e?-1:1):(e||1))*(dir?1:-1);}
+if(y[col]===''&&e!==0){return((typeof(e)==='boolean')?(e?1:-1):(-e||-1))*(dir?1:-1);}
+num=/n/i.test(getCachedSortType(c.parsers,col));if(num&&c.strings[col]){if(typeof(c.string[c.strings[col]])==='boolean'){num=(dir?1:-1)*(c.string[c.strings[col]]?-1:1);}else{num=(c.strings[col])?c.string[c.strings[col]]||0:0;}
+sort=c.numberSorter?c.numberSorter(x[col],y[col],dir,colMax[col],table):ts.sortNumeric(x[col],y[col],num,colMax[col]);}else{if(typeof(cts)==='function'){sort=cts(x[col],y[col],dir,col,table);}else if(typeof(cts)==='object'&&cts.hasOwnProperty(col)){sort=cts[col](x[col],y[col],dir,col,table);}else{sort=ts.sortNatural(x[col],y[col]);}}
+if(sort){return sort;}}
+return a[orgOrderCol]-b[orgOrderCol];});}
+if(c.debug){benchmark("Sorting on "+sortList.toString()+" and dir "+order+" time",sortTime);}}
+function resortComplete($table,callback){var c=$table[0].config;if(c.pager&&!c.pager.ajax){$table.trigger('updateComplete');}
+if(typeof callback==="function"){callback($table[0]);}}
+function checkResort($table,flag,callback){if(flag!==false&&!$table[0].isProcessing){$table.trigger("sorton",[$table[0].config.sortList,function(){resortComplete($table,callback);}]);}else{resortComplete($table,callback);}}
+function bindEvents(table){var c=table.config,$this=c.$table,j,downTime;c.$headers.find(c.selectorSort).add(c.$headers.filter(c.selectorSort)).unbind('mousedown.tablesorter mouseup.tablesorter sort.tablesorter keypress.tablesorter').bind('mousedown.tablesorter mouseup.tablesorter sort.tablesorter keypress.tablesorter',function(e,external){if(((e.which||e.button)!==1&&!/sort|keypress/.test(e.type))||(e.type==='keypress'&&e.which!==13)){return;}
+if(e.type==='mouseup'&&external!==true&&(new Date().getTime()-downTime>250)){return;}
+if(e.type==='mousedown'){downTime=new Date().getTime();return e.target.tagName==="INPUT"?'':!c.cancelSelection;}
+if(c.delayInit&&isEmptyObject(c.cache)){buildCache(table);}
+var $cell=/TH|TD/.test(this.tagName)?$(this):$(this).parents('th, td').filter(':first'),cell=$cell[0];if(!cell.sortDisabled){initSort(table,cell,e);}});if(c.cancelSelection){c.$headers.attr('unselectable','on').bind('selectstart',false).css({'user-select':'none','MozUserSelect':'none'});}
+$this.unbind('sortReset update updateRows updateCell updateAll addRows sorton appendCache applyWidgetId applyWidgets refreshWidgets destroy mouseup mouseleave '.split(' ').join('.tablesorter ')).bind("sortReset.tablesorter",function(e){e.stopPropagation();c.sortList=[];setHeadersCss(table);multisort(table);appendToTable(table);}).bind("updateAll.tablesorter",function(e,resort,callback){e.stopPropagation();ts.refreshWidgets(table,true,true);ts.restoreHeaders(table);buildHeaders(table);bindEvents(table);commonUpdate(table,resort,callback);}).bind("update.tablesorter updateRows.tablesorter",function(e,resort,callback){e.stopPropagation();updateHeader(table);commonUpdate(table,resort,callback);}).bind("updateCell.tablesorter",function(e,cell,resort,callback){e.stopPropagation();$this.find(c.selectorRemove).remove();var l,row,icell,$tb=$this.find('tbody'),tbdy=$tb.index($(cell).parents('tbody').filter(':first')),$row=$(cell).parents('tr').filter(':first');cell=$(cell)[0];if($tb.length&&tbdy>=0){row=$tb.eq(tbdy).find('tr').index($row);icell=cell.cellIndex;l=c.cache[tbdy].normalized[row].length-1;c.cache[tbdy].row[table.config.cache[tbdy].normalized[row][l]]=$row;c.cache[tbdy].normalized[row][icell]=c.parsers[icell].format(getElementText(table,cell,icell),table,cell,icell);checkResort($this,resort,callback);}}).bind("addRows.tablesorter",function(e,$row,resort,callback){e.stopPropagation();var i,rows=$row.filter('tr').length,dat=[],l=$row[0].cells.length,tbdy=$this.find('tbody').index($row.parents('tbody').filter(':first'));if(!c.parsers){buildParserCache(table);}
+for(i=0;i<rows;i++){for(j=0;j<l;j++){dat[j]=c.parsers[j].format(getElementText(table,$row[i].cells[j],j),table,$row[i].cells[j],j);}
+dat.push(c.cache[tbdy].row.length);c.cache[tbdy].row.push([$row[i]]);c.cache[tbdy].normalized.push(dat);dat=[];}
+checkResort($this,resort,callback);}).bind("sorton.tablesorter",function(e,list,callback,init){var c=table.config;e.stopPropagation();$this.trigger("sortStart",this);updateHeaderSortCount(table,list);setHeadersCss(table);if(c.delayInit&&isEmptyObject(c.cache)){buildCache(table);}
+$this.trigger("sortBegin",this);multisort(table);appendToTable(table,init);if(typeof callback==="function"){callback(table);}}).bind("appendCache.tablesorter",function(e,callback,init){e.stopPropagation();appendToTable(table,init);if(typeof callback==="function"){callback(table);}}).bind("applyWidgetId.tablesorter",function(e,id){e.stopPropagation();ts.getWidgetById(id).format(table,c,c.widgetOptions);}).bind("applyWidgets.tablesorter",function(e,init){e.stopPropagation();ts.applyWidget(table,init);}).bind("refreshWidgets.tablesorter",function(e,all,dontapply){e.stopPropagation();ts.refreshWidgets(table,all,dontapply);}).bind("destroy.tablesorter",function(e,c,cb){e.stopPropagation();ts.destroy(table,c,cb);});}
+ts.construct=function(settings){return this.each(function(){var table=this,c=$.extend(true,{},ts.defaults,settings);if(!table.hasInitialized&&ts.buildTable&&this.tagName!=='TABLE'){ts.buildTable(table,c);}
+ts.setup(table,c);});};ts.setup=function(table,c){if(!table||!table.tHead||table.tBodies.length===0||table.hasInitialized===true){return c.debug?log('stopping initialization! No table, thead, tbody or tablesorter has already been initialized'):'';}
+var k='',$this=$(table),m=$.metadata;table.hasInitialized=false;table.isProcessing=true;table.config=c;$.data(table,"tablesorter",c);if(c.debug){$.data(table,'startoveralltimer',new Date());}
+c.supportsTextContent=$('<span>x</span>')[0].textContent==='x';c.supportsDataObject=(function(version){version[0]=parseInt(version[0],10);return(version[0]>1)||(version[0]===1&&parseInt(version[1],10)>=4);})($.fn.jquery.split("."));c.string={'max':1,'min':-1,'max+':1,'max-':-1,'zero':0,'none':0,'null':0,'top':true,'bottom':false};if(!/tablesorter\-/.test($this.attr('class'))){k=(c.theme!==''?' tablesorter-'+c.theme:'');}
+c.$table=$this.addClass(ts.css.table+' '+c.tableClass+k);c.$tbodies=$this.children('tbody:not(.'+c.cssInfoBlock+')');c.widgetInit={};buildHeaders(table);fixColumnWidth(table);buildParserCache(table);if(!c.delayInit){buildCache(table);}
+bindEvents(table);if(c.supportsDataObject&&typeof $this.data().sortlist!=='undefined'){c.sortList=$this.data().sortlist;}else if(m&&($this.metadata()&&$this.metadata().sortlist)){c.sortList=$this.metadata().sortlist;}
+ts.applyWidget(table,true);if(c.sortList.length>0){$this.trigger("sorton",[c.sortList,{},!c.initWidgets]);}else if(c.initWidgets){ts.applyWidget(table);}
+if(c.showProcessing){$this.unbind('sortBegin.tablesorter sortEnd.tablesorter').bind('sortBegin.tablesorter sortEnd.tablesorter',function(e){ts.isProcessing(table,e.type==='sortBegin');});}
+table.hasInitialized=true;table.isProcessing=false;if(c.debug){ts.benchmark("Overall initialization time",$.data(table,'startoveralltimer'));}
+$this.trigger('tablesorter-initialized',table);if(typeof c.initialized==='function'){c.initialized(table);}};ts.isProcessing=function(table,toggle,$ths){table=$(table);var c=table[0].config,$h=$ths||table.find('.'+ts.css.header);if(toggle){if(c.sortList.length>0){$h=$h.filter(function(){return this.sortDisabled?false:ts.isValueInArray(parseFloat($(this).attr('data-column')),c.sortList);});}
+$h.addClass(ts.css.processing+' '+c.cssProcessing);}else{$h.removeClass(ts.css.processing+' '+c.cssProcessing);}};ts.processTbody=function(table,$tb,getIt){var holdr;if(getIt){table.isProcessing=true;$tb.before('<span class="tablesorter-savemyplace"/>');holdr=($.fn.detach)?$tb.detach():$tb.remove();return holdr;}
+holdr=$(table).find('span.tablesorter-savemyplace');$tb.insertAfter(holdr);holdr.remove();table.isProcessing=false;};ts.clearTableBody=function(table){$(table)[0].config.$tbodies.empty();};ts.restoreHeaders=function(table){var c=table.config;c.$table.find(c.selectorHeaders).each(function(i){if($(this).find('.tablesorter-header-inner').length){$(this).html(c.headerContent[i]);}});};ts.destroy=function(table,removeClasses,callback){table=$(table)[0];if(!table.hasInitialized){return;}
+ts.refreshWidgets(table,true,true);var $t=$(table),c=table.config,$h=$t.find('thead:first'),$r=$h.find('tr.'+ts.css.headerRow).removeClass(ts.css.headerRow+' '+c.cssHeaderRow),$f=$t.find('tfoot:first > tr').children('th, td');$h.find('tr').not($r).remove();$t.removeData('tablesorter').unbind('sortReset update updateAll updateRows updateCell addRows sorton appendCache applyWidgetId applyWidgets refreshWidgets destroy mouseup mouseleave keypress sortBegin sortEnd '.split(' ').join('.tablesorter '));c.$headers.add($f).removeClass([ts.css.header,c.cssHeader,c.cssAsc,c.cssDesc,ts.css.sortAsc,ts.css.sortDesc].join(' ')).removeAttr('data-column');$r.find(c.selectorSort).unbind('mousedown.tablesorter mouseup.tablesorter keypress.tablesorter');ts.restoreHeaders(table);if(removeClasses!==false){$t.removeClass(ts.css.table+' '+c.tableClass+' tablesorter-'+c.theme);}
+table.hasInitialized=false;if(typeof callback==='function'){callback(table);}};ts.regex={chunk:/(^([+\-]?(?:0|[1-9]\d*)(?:\.\d*)?(?:[eE][+\-]?\d+)?)?$|^0x[0-9a-f]+$|\d+)/gi,hex:/^0x[0-9a-f]+$/i};ts.sortNatural=function(a,b){if(a===b){return 0;}
+var xN,xD,yN,yD,xF,yF,i,mx,r=ts.regex;if(r.hex.test(b)){xD=parseInt(a.match(r.hex),16);yD=parseInt(b.match(r.hex),16);if(xD<yD){return-1;}
+if(xD>yD){return 1;}}
+xN=a.replace(r.chunk,'\\0$1\\0').replace(/\\0$/,'').replace(/^\\0/,'').split('\\0');yN=b.replace(r.chunk,'\\0$1\\0').replace(/\\0$/,'').replace(/^\\0/,'').split('\\0');mx=Math.max(xN.length,yN.length);for(i=0;i<mx;i++){xF=isNaN(xN[i])?xN[i]||0:parseFloat(xN[i])||0;yF=isNaN(yN[i])?yN[i]||0:parseFloat(yN[i])||0;if(isNaN(xF)!==isNaN(yF)){return(isNaN(xF))?1:-1;}
+if(typeof xF!==typeof yF){xF+='';yF+='';}
+if(xF<yF){return-1;}
+if(xF>yF){return 1;}}
+return 0;};ts.sortText=function(a,b){return a>b?1:(a<b?-1:0);};ts.getTextValue=function(a,d,mx){if(mx){var i,l=a?a.length:0,n=mx+d;for(i=0;i<l;i++){n+=a.charCodeAt(i);}
+return d*n;}
+return 0;};ts.sortNumeric=function(a,b,dir,mx){if(a===b){return 0;}
+if(isNaN(a)){a=ts.getTextValue(a,dir,mx);}
+if(isNaN(b)){b=ts.getTextValue(b,dir,mx);}
+return a-b;};ts.characterEquivalents={"a":"\u00e1\u00e0\u00e2\u00e3\u00e4\u0105\u00e5","A":"\u00c1\u00c0\u00c2\u00c3\u00c4\u0104\u00c5","c":"\u00e7\u0107\u010d","C":"\u00c7\u0106\u010c","e":"\u00e9\u00e8\u00ea\u00eb\u011b\u0119","E":"\u00c9\u00c8\u00ca\u00cb\u011a\u0118","i":"\u00ed\u00ec\u0130\u00ee\u00ef\u0131","I":"\u00cd\u00cc\u0130\u00ce\u00cf","o":"\u00f3\u00f2\u00f4\u00f5\u00f6","O":"\u00d3\u00d2\u00d4\u00d5\u00d6","ss":"\u00df","SS":"\u1e9e","u":"\u00fa\u00f9\u00fb\u00fc\u016f","U":"\u00da\u00d9\u00db\u00dc\u016e"};ts.replaceAccents=function(s){var a,acc='[',eq=ts.characterEquivalents;if(!ts.characterRegex){ts.characterRegexArray={};for(a in eq){if(typeof a==='string'){acc+=eq[a];ts.characterRegexArray[a]=new RegExp('['+eq[a]+']','g');}}
+ts.characterRegex=new RegExp(acc+']');}
+if(ts.characterRegex.test(s)){for(a in eq){if(typeof a==='string'){s=s.replace(ts.characterRegexArray[a],a);}}}
+return s;};ts.isValueInArray=function(v,a){var i,l=a.length;for(i=0;i<l;i++){if(a[i][0]===v){return true;}}
+return false;};ts.addParser=function(parser){var i,l=ts.parsers.length,a=true;for(i=0;i<l;i++){if(ts.parsers[i].id.toLowerCase()===parser.id.toLowerCase()){a=false;}}
+if(a){ts.parsers.push(parser);}};ts.getParserById=function(name){var i,l=ts.parsers.length;for(i=0;i<l;i++){if(ts.parsers[i].id.toLowerCase()===(name.toString()).toLowerCase()){return ts.parsers[i];}}
+return false;};ts.addWidget=function(widget){ts.widgets.push(widget);};ts.getWidgetById=function(name){var i,w,l=ts.widgets.length;for(i=0;i<l;i++){w=ts.widgets[i];if(w&&w.hasOwnProperty('id')&&w.id.toLowerCase()===name.toLowerCase()){return w;}}};ts.applyWidget=function(table,init){table=$(table)[0];var c=table.config,wo=c.widgetOptions,widgets=[],time,w,wd;if(c.debug){time=new Date();}
+if(c.widgets.length){c.widgets=$.grep(c.widgets,function(v,k){return $.inArray(v,c.widgets)===k;});$.each(c.widgets||[],function(i,n){wd=ts.getWidgetById(n);if(wd&&wd.id){if(!wd.priority){wd.priority=10;}
+widgets[i]=wd;}});widgets.sort(function(a,b){return a.priority<b.priority?-1:a.priority===b.priority?0:1;});$.each(widgets,function(i,w){if(w){if(init||!(c.widgetInit[w.id])){if(w.hasOwnProperty('options')){wo=table.config.widgetOptions=$.extend(true,{},w.options,wo);c.widgetInit[w.id]=true;}
+if(w.hasOwnProperty('init')){w.init(table,w,c,wo);}}
+if(!init&&w.hasOwnProperty('format')){w.format(table,c,wo,false);}}});}
+if(c.debug){w=c.widgets.length;benchmark("Completed "+(init===true?"initializing ":"applying ")+w+" widget"+(w!==1?"s":""),time);}};ts.refreshWidgets=function(table,doAll,dontapply){table=$(table)[0];var i,c=table.config,cw=c.widgets,w=ts.widgets,l=w.length;for(i=0;i<l;i++){if(w[i]&&w[i].id&&(doAll||$.inArray(w[i].id,cw)<0)){if(c.debug){log('Refeshing widgets: Removing '+w[i].id);}
+if(w[i].hasOwnProperty('remove')){w[i].remove(table,c,c.widgetOptions);c.widgetInit[w[i].id]=false;}}}
+if(dontapply!==true){ts.applyWidget(table,doAll);}};ts.getData=function(h,ch,key){var val='',$h=$(h),m,cl;if(!$h.length){return'';}
+m=$.metadata?$h.metadata():false;cl=' '+($h.attr('class')||'');if(typeof $h.data(key)!=='undefined'||typeof $h.data(key.toLowerCase())!=='undefined'){val+=$h.data(key)||$h.data(key.toLowerCase());}else if(m&&typeof m[key]!=='undefined'){val+=m[key];}else if(ch&&typeof ch[key]!=='undefined'){val+=ch[key];}else if(cl!==' '&&cl.match(' '+key+'-')){val=cl.match(new RegExp('\\s'+key+'-([\\w-]+)'))[1]||'';}
+return $.trim(val);};ts.formatFloat=function(s,table){if(typeof s!=='string'||s===''){return s;}
+var i,t=table&&table.config?table.config.usNumberFormat!==false:typeof table!=="undefined"?table:true;if(t){s=s.replace(/,/g,'');}else{s=s.replace(/[\s|\.]/g,'').replace(/,/g,'.');}
+if(/^\s*\([.\d]+\)/.test(s)){s=s.replace(/^\s*\(([.\d]+)\)/,'-$1');}
+i=parseFloat(s);return isNaN(i)?$.trim(s):i;};ts.isDigit=function(s){return isNaN(s)?(/^[\-+(]?\d+[)]?$/).test(s.toString().replace(/[,.'"\s]/g,'')):true;};}()});var ts=$.tablesorter;$.fn.extend({tablesorter:ts.construct});ts.addParser({id:"text",is:function(){return true;},format:function(s,table){var c=table.config;if(s){s=$.trim(c.ignoreCase?s.toLocaleLowerCase():s);s=c.sortLocaleCompare?ts.replaceAccents(s):s;}
+return s;},type:"text"});ts.addParser({id:"digit",is:function(s){return ts.isDigit(s);},format:function(s,table){var n=ts.formatFloat((s||'').replace(/[^\w,. \-()]/g,""),table);return s&&typeof n==='number'?n:s?$.trim(s&&table.config.ignoreCase?s.toLocaleLowerCase():s):s;},type:"numeric"});ts.addParser({id:"currency",is:function(s){return(/^\(?\d+[\u00a3$\u20ac\u00a4\u00a5\u00a2?.]|[\u00a3$\u20ac\u00a4\u00a5\u00a2?.]\d+\)?$/).test((s||'').replace(/[,. ]/g,''));},format:function(s,table){var n=ts.formatFloat((s||'').replace(/[^\w,. \-()]/g,""),table);return s&&typeof n==='number'?n:s?$.trim(s&&table.config.ignoreCase?s.toLocaleLowerCase():s):s;},type:"numeric"});ts.addParser({id:"ipAddress",is:function(s){return(/^\d{1,3}[\.]\d{1,3}[\.]\d{1,3}[\.]\d{1,3}$/).test(s);},format:function(s,table){var i,a=s?s.split("."):'',r="",l=a.length;for(i=0;i<l;i++){r+=("00"+a[i]).slice(-3);}
+return s?ts.formatFloat(r,table):s;},type:"numeric"});ts.addParser({id:"url",is:function(s){return(/^(https?|ftp|file):\/\//).test(s);},format:function(s){return s?$.trim(s.replace(/(https?|ftp|file):\/\//,'')):s;},type:"text"});ts.addParser({id:"isoDate",is:function(s){return(/^\d{4}[\/\-]\d{1,2}[\/\-]\d{1,2}/).test(s);},format:function(s,table){return s?ts.formatFloat((s!=="")?(new Date(s.replace(/-/g,"/")).getTime()||""):"",table):s;},type:"numeric"});ts.addParser({id:"percent",is:function(s){return(/(\d\s*?%|%\s*?\d)/).test(s)&&s.length<15;},format:function(s,table){return s?ts.formatFloat(s.replace(/%/g,""),table):s;},type:"numeric"});ts.addParser({id:"usLongDate",is:function(s){return(/^[A-Z]{3,10}\.?\s+\d{1,2},?\s+(\d{4})(\s+\d{1,2}:\d{2}(:\d{2})?(\s+[AP]M)?)?$/i).test(s)||(/^\d{1,2}\s+[A-Z]{3,10}\s+\d{4}/i).test(s);},format:function(s,table){return s?ts.formatFloat((new Date(s.replace(/(\S)([AP]M)$/i,"$1 $2")).getTime()||''),table):s;},type:"numeric"});ts.addParser({id:"shortDate",is:function(s){return(/(^\d{1,2}[\/\s]\d{1,2}[\/\s]\d{4})|(^\d{4}[\/\s]\d{1,2}[\/\s]\d{1,2})/).test((s||'').replace(/\s+/g," ").replace(/[\-.,]/g,"/"));},format:function(s,table,cell,cellIndex){if(s){var c=table.config,ci=c.headerList[cellIndex],format=ci.dateFormat||ts.getData(ci,c.headers[cellIndex],'dateFormat')||c.dateFormat;s=s.replace(/\s+/g," ").replace(/[\-.,]/g,"/");if(format==="mmddyyyy"){s=s.replace(/(\d{1,2})[\/\s](\d{1,2})[\/\s](\d{4})/,"$3/$1/$2");}else if(format==="ddmmyyyy"){s=s.replace(/(\d{1,2})[\/\s](\d{1,2})[\/\s](\d{4})/,"$3/$2/$1");}else if(format==="yyyymmdd"){s=s.replace(/(\d{4})[\/\s](\d{1,2})[\/\s](\d{1,2})/,"$1/$2/$3");}}
+return s?ts.formatFloat((new Date(s).getTime()||''),table):s;},type:"numeric"});ts.addParser({id:"time",is:function(s){return(/^(([0-2]?\d:[0-5]\d)|([0-1]?\d:[0-5]\d\s?([AP]M)))$/i).test(s);},format:function(s,table){return s?ts.formatFloat((new Date("2000/01/01 "+s.replace(/(\S)([AP]M)$/i,"$1 $2")).getTime()||""),table):s;},type:"numeric"});ts.addParser({id:"metadata",is:function(){return false;},format:function(s,table,cell){var c=table.config,p=(!c.parserMetadataName)?'sortValue':c.parserMetadataName;return $(cell).metadata()[p];},type:"numeric"});ts.addWidget({id:"zebra",priority:90,format:function(table,c,wo){var $tb,$tv,$tr,row,even,time,k,l,child=new RegExp(c.cssChildRow,'i'),b=c.$tbodies;if(c.debug){time=new Date();}
+for(k=0;k<b.length;k++){$tb=b.eq(k);l=$tb.children('tr').length;if(l>1){row=0;$tv=$tb.children('tr:visible');$tv.each(function(){$tr=$(this);if(!child.test(this.className)){row++;}
+even=(row%2===0);$tr.removeClass(wo.zebra[even?1:0]).addClass(wo.zebra[even?0:1]);});}}
+if(c.debug){ts.benchmark("Applying Zebra widget",time);}},remove:function(table,c,wo){var k,$tb,b=c.$tbodies,rmv=(wo.zebra||["even","odd"]).join(' ');for(k=0;k<b.length;k++){$tb=$.tablesorter.processTbody(table,b.eq(k),true);$tb.children().removeClass(rmv);$.tablesorter.processTbody(table,$tb,false);}}});})(jQuery);
--- a/lib/ajax.php
+++ b/lib/ajax.php
@@ -0,0 +1,70 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2013 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Roman Schmerold <bnoize@froxlor.org>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    AJAX
+ *
+ */
+
+if(isset($_POST['action'])) {
+	$action = $_POST['action'];
+} elseif(isset($_GET['action'])) {
+	$action = $_GET['action'];
+} else {
+	$action = "";
+}
+
+if ($action == "newsfeed") {
+	$feed = "http://inside.froxlor.org/news/";
+
+	if (function_exists("simplexml_load_file") == false) {
+		die();
+	}
+
+	// get version
+	require './tables.inc.php';
+
+	if (function_exists('curl_version')) {
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL, $feed);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/'.$version);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		$output = curl_exec($ch);
+		curl_close($ch);
+		$news = simplexml_load_string(trim($output));
+	} else {
+		if (ini_get('allow_url_fopen')) {
+			ini_set('user_agent', 'Froxlor/'.$version);
+			$news = simplexml_load_file($feed, null, LIBXML_NOCDATA);
+		} else {
+			$news = false;
+		}
+	}
+
+	if ($news !== false) {
+		for ($i = 0; $i < 3; $i++) {
+			$item = $news->channel->item[$i];
+
+			$title = (string)$item->title;
+			$link = (string)$item->link;
+			$date = date("Y-m-d G:i", strtotime($item->pubDate));
+			$content = preg_replace("/[\r\n]+/", "", strip_tags($item->description));
+
+			echo "<div class=\"newsitem\"><small>" . $date . "</small><br /><a href=\"" . $link . "\" target=\"_blank\"><b>" . $title . "</b><br />" . $content . "</a></div>";
+		}
+	} else {
+		echo "";
+	}
+} else {
+	echo "No action set.";
+}
--- a/lib/classes/aps/class.ApsInstaller.php
+++ b/lib/classes/aps/class.ApsInstaller.php
@@ -23,10 +23,8 @@
 *				folder truncation/tar all files
 */

-class ApsInstaller extends ApsParser
-{
-	private $db = false;
-	private $db_root = false;
+class ApsInstaller extends ApsParser {
+
 	private $DomainPath = '';
 	private $Domain = '';
 	private $RealPath = '';
@@ -37,15 +35,10 @@ class ApsInstaller extends ApsParser
 	/**
 	 * constructor of class. setup some basic variables
 	 *
-	 * @param	settings	array with the global settings from syscp
-	 * @param	db			instance of the database class from syscp
-	 * @param	db_root		instance of the database class from syscp with root permissions
+	 * @param	settings	array with the global settings from froxlor
 	 */
+	public function __construct($settings) {

-	public function __construct($settings, $db, $db_root)
-	{
-		$this->db = $db;
-		$this->db_root = $db_root;
 		$this->RootDir = dirname(dirname(dirname(dirname(__FILE__)))) . '/';
 		$this->Hosts = $settings['system']['mysql_access_host'];
 	}
@@ -53,34 +46,39 @@ class ApsInstaller extends ApsParser
 	/**
 	 * main function of class which handles all
 	 */
+	public function InstallHandler() {

-	public function InstallHandler()
-	{
 		chdir($this->RootDir);
-		$result = $this->db->query('SELECT * FROM `' . TABLE_APS_TASKS . '` AS `t` INNER JOIN `' . TABLE_APS_INSTANCES . '` AS `i` ON `t`.`InstanceID` = `i`.`ID` INNER JOIN `' . TABLE_APS_PACKAGES . '` AS `p` ON `i`.`PackageID` = `p`.`ID` INNER JOIN `' . TABLE_PANEL_CUSTOMERS . '` AS `c` ON `i`.`CustomerID` = `c`.`customerid` WHERE `TASK` NOT IN (' . TASK_SYSTEM_UPDATE . ', ' . TASK_SYSTEM_DOWNLOAD . ')');
+		$result_stmt = Database::query("
+			SELECT * FROM `" . TABLE_APS_TASKS . "` AS `t`
+			INNER JOIN `" . TABLE_APS_INSTANCES . "` AS `i` ON `t`.`InstanceID` = `i`.`ID`
+			INNER JOIN `" . TABLE_APS_PACKAGES . "` AS `p` ON `i`.`PackageID` = `p`.`ID`
+			INNER JOIN `" . TABLE_PANEL_CUSTOMERS . "` AS `c` ON `i`.`CustomerID` = `c`.`customerid`
+			WHERE `TASK` NOT IN (" . TASK_SYSTEM_UPDATE . ", " . TASK_SYSTEM_DOWNLOAD . ")
+		");

-		while($Row = $this->db->fetch_array($result))
-		{
+		while ($Row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			//check for existing aps xml file
-
-			if(!file_exists($this->RootDir . 'packages/' . $Row['Path'] . '/APP-META.xml'))
-			{
-				$this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_ERROR . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID']));
+			if (!file_exists($this->RootDir . 'packages/' . $Row['Path'] . '/APP-META.xml')) {
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_APS_INSTANCES . "` SET `Status` = " . INSTANCE_ERROR . " WHERE `ID` = :id
+				");
+				Database::pexecute($upd_stmt, array('id' => $Row['InstanceID']));
 				continue;
 			}

 			//get contents and parse them
-
 			$XmlContent = file_get_contents($this->RootDir . 'packages/' . $Row['Path'] . '/APP-META.xml');
 			$Xml = new SimpleXMLElement($XmlContent);
 			
 			$this->aps_version = isset($Xml->attributes()->version) ? (string)$Xml->attributes()->version : '1.0';

 			//check for unparseable xml data
-
-			if($Xml == false)
-			{
-				$this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_ERROR . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID']));
+			if ($Xml == false) {
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_APS_INSTANCES . "` SET `Status` = " . INSTANCE_ERROR . " WHERE `ID` = :id
+				");
+				Database::pexecute($upd_stmt, array('id' => $Row['InstanceID']));
 				continue;
 			}

@@ -90,32 +88,26 @@ class ApsInstaller extends ApsParser
 			$this->RealPath = '';

 			//lock instance so installation cannot be canceled from the panel
-
-			$this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_TASK_ACTIVE . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID']));
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_APS_INSTANCES . "` SET `Status` = " . INSTANCE_TASK_ACTIVE . " WHERE `ID` = :id
+			");
+			Database::pexecute($upd_stmt, array('id' => $Row['InstanceID']));

 			//setup environment with data for domain/installation location
-
 			self::PrepareBasics($Row);

 			//create database if necessary and setup environment variables
-
 			self::PrepareDatabase($Xml, $Row, $Task);

 			//unpack installation scripts and package files if necessary
-
-			if(self::PrepareFiles($Xml, $Row, $Task))
-			{
+			if (self::PrepareFiles($Xml, $Row, $Task)) {
 				//setup environment variables fetched from installation wizard
-
 				self::PrepareWizardData($Xml, $Row, $Task);
-
 				//run installation scripts from packages
-
 				self::RunInstaller($Xml, $Row, $Task);
 			}

 			//remove installation scripts
-
 			self::CleanupData($Xml, $Row, $Task);
 			unset($Xml);
 		}
@@ -129,17 +121,12 @@ class ApsInstaller extends ApsParser
 	 * @param	task		numeric code to specify what to do
 	 * @return	success true/error false
 	 */
-
-	private function RunInstaller($Xml, $Row, $Task)
-	{
+	private function RunInstaller($Xml, $Row, $Task) {
 		//installation

-		if($Task == TASK_INSTALL)
-		{
+		if ($Task == TASK_INSTALL) {
 			//setup right path and run installation script
-
-			if(!is_dir($this->RealPath . $this->DomainPath . '/install_scripts/'))
-			{
+			if (!is_dir($this->RealPath . $this->DomainPath . '/install_scripts/')) {
 				echo 'Directory: '. $this->RealPath . $this->DomainPath . '/install_scripts/ does not exist';
 				return;
 			}
@@ -147,15 +134,14 @@ class ApsInstaller extends ApsParser
 			chdir($this->RealPath . $this->DomainPath . '/install_scripts/');

 			// make configure-script executable
-			if($this->aps_version != '1.0')
-			{
+			if ($this->aps_version != '1.0') {
 				$scriptname = (string)$Xml->service->provision->{'configuration-script'}['name'];
 			} else {
 				$scriptname = 'configure';
 			}

 			chmod($this->RealPath . $this->DomainPath . '/install_scripts/'.$scriptname, 0755);
-			
+
 			$Return = array();
 			
 			// first 'true' to indicate that we want the return-status from exec.
@@ -165,36 +151,36 @@ class ApsInstaller extends ApsParser

 			$Return = safe_exec('php ' . escapeshellarg($this->RealPath . $this->DomainPath . '/install_scripts/'.$scriptname) . ' install', $ReturnStatus);

-			if($ReturnStatus != 0)
-			{
+			if ($ReturnStatus != 0) {
 				//write output of script on error into database for admin
-
 				$Buffer = '';
 				$Count = 0;
-				foreach($Return as $Line)
-				{
+				foreach ($Return as $Line) {
 					$Count+= 1;
 					$Buffer.= $Line;
-
-					if($Count != count($Return))$Buffer.= "\n";
+					if ($Count != count($Return)) {
+						$Buffer.= "\n";
+					}
 				}

 				//FIXME error logging
-
 				echo ("error : installer\n" . $Buffer . "\n");
-				$this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_ERROR . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID']));
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_APS_INSTANCES . "` SET `Status` = " . INSTANCE_ERROR . " WHERE `ID` = :id
+				");
+				Database::pexecute($upd_stmt, array('id' => $Row['InstanceID']));
 				return false;
-			}
-			else
-			{
+
+			} else {
 				//installation succeeded
 				//chown all files if installtion script has created some new files. otherwise customers cannot edit the files via ftp
-
 				safe_exec('chown -R ' . (int)$Row['guid'] . ':' . (int)$Row['guid'] . ' ' . escapeshellarg($this->RealPath . $this->DomainPath . '/'));

 				//update database
-
-				$this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_SUCCESS . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID']));
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_APS_INSTANCES . "` SET `Status` = " . INSTANCE_SUCCESS . " WHERE `ID` = :id
+				");
+				Database::pexecute($upd_stmt, array('id' => $Row['InstanceID']));
 				return true;
 			}
 		}
@@ -207,31 +193,26 @@ class ApsInstaller extends ApsParser
 	 * @param	row			current entry from the database for app to handle
 	 * @param	task		numeric code to specify what to do
 	 */
+	private function CleanupData($Xml, $Row, $Task) {

-	private function CleanupData($Xml, $Row, $Task)
-	{
 		chdir($this->RootDir);

-		if($Task == TASK_INSTALL)
-		{
+		if ($Task == TASK_INSTALL) {
 			//cleanup installation
-
 			self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/install_scripts/');
-
 			//remove task
+			$del_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_APS_TASKS . "` WHERE `Task` = " . TASK_INSTALL . " AND `InstanceID` = :id
+			");
+			Database::pexecute($del_stmt, array('id' => $Row['InstanceID']));
+
+		} elseif($Task == TASK_REMOVE) {

-			$this->db->query('DELETE FROM `' . TABLE_APS_TASKS . '` WHERE `Task` = ' . TASK_INSTALL . ' AND `InstanceID` = ' . $this->db->escape($Row['InstanceID']));
-		}
-		elseif($Task == TASK_REMOVE)
-		{
 			// check for database
-			if ($this->aps_version == '1.0')
-			{
+			if ($this->aps_version == '1.0') {
 				// the good ole way
 				$XmlDb = $Xml->requirements->children('http://apstandard.com/ns/1/db');
-			} 
-			else 
-			{
+			} else {
 				// since 1.1
 				$Xml->registerXPathNamespace('db', 'http://apstandard.com/ns/1/db');
 	
@@ -240,47 +221,88 @@ class ApsInstaller extends ApsParser
 				$XmlDb->db->id = getXPathValue($Xml, '//db:id');
 			}

-			if($XmlDb->db->id)
-			{
+			if ($XmlDb->db->id) {
 				//drop database permissions
-
+				Database::needRoot(true);
+// FIXME ### here
 				$Database = 'web' . $Row['CustomerID'] . 'aps' . $Row['InstanceID'];
-				foreach(array_map('trim', explode(',', $this->Hosts)) as $DatabaseHost)
-				{
-					$this->db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $this->db->escape($Database) . '`@`' . $this->db->escape($DatabaseHost) . '`');
-					$this->db_root->query('REVOKE ALL PRIVILEGES ON `' . $this->db->escape($Database) . '` . * FROM `' . $this->db->escape($Database) . '`@`' . $this->db->escape($DatabaseHost) . '`');
-					$this->db_root->query('DELETE FROM `mysql`.`user` WHERE `User` = "' . $this->db->escape($Database) . '" AND `Host` = "' . $this->db->escape($DatabaseHost) . '"');
+				foreach (array_map('trim', explode(',', $this->Hosts)) as $DatabaseHost) {
+
+					if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') {
+						// Revoke privileges (only required for MySQL 4.1.2 - 5.0.1)
+						$stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM :databasename");
+						Database::pexecute($stmt, array("databasename" => $DatabaseHost));
+					}
+
+					$host_res_stmt = Database::prepare("
+						SELECT `Host` FROM `mysql`.`user`
+						WHERE `User`= :databasename
+					");
+					Database::pexecute($host_res_stmt, array("databasename" => $DatabaseHost));
+
+					while ($host = $host_res_stmt->fetch(PDO::FETCH_ASSOC)) {
+						// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)
+						$stmt = Database::prepare("DROP USER :databasename@:host");
+						Database::pexecute($stmt, array("databasename" => $DatabaseHost, "host" => $host['Host']));
+					}
 				}

-				//drop database
-				$this->db_root->query('DROP DATABASE IF EXISTS `' . $this->db->escape($Database) . '`');
-				$this->db_root->query('FLUSH PRIVILEGES');
+				// drop database
+				$stmt = Database::prepare("DROP DATABASE IF EXISTS `" . $DatabaseHost . "`");
+				Database::pexecute($stmt, array(), false);
+				$stmt = Database::prepare("FLUSH PRIVILEGES");
+				Database::pexecute($stmt);
+				Database::needRoot(false);

-				/*
-				 * remove database from customer-mysql overview, #272
-				 */
-				$this->db->query('DELETE FROM `' . TABLE_PANEL_DATABASES . '` WHERE `customerid`="' . (int)$Row['CustomerID'] . '" AND `databasename`="' . $this->db->escape($Database) . '" AND `apsdb`="1"');
-				$result = $this->db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`-1 WHERE `customerid`="' . (int)$Row['CustomerID'] . '"');
+				// remove database from customer-mysql overview, #272
+				$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DATABASES . "`
+					WHERE `customerid` = :customerid
+					AND `databasename` = :databasename
+					AND `apsdb` = '1'
+				");
+				Database::pexecute($stmt, array("customerid" => $Row['CustomerID'], "databasename" => $Database));
+
+				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
+					SET `mysqls_used` = `mysqls_used` - 1
+					WHERE `customerid` = :customerid"
+				);
+				Database::pexecute($stmt, array("customerid" => $Row['CustomerID']));
 			}

-			//remove task & delete package instance + settings
+			// remove task & delete package instance + settings
+			$del_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_APS_TASKS . "` WHERE `Task` = '" . TASK_REMOVE . "'
+				AND `InstanceID` = :instanceid
+			");
+			Database::pexecute($del_stmt, array('instanceid' => $Row['InstanceID']));

-			$this->db->query('DELETE FROM `' . TABLE_APS_TASKS . '` WHERE `Task` = ' . TASK_REMOVE . ' AND `InstanceID` = ' . $this->db->escape($Row['InstanceID']));
-			$this->db->query('DELETE FROM `' . TABLE_APS_INSTANCES . '` WHERE `ID` = ' . $this->db->escape($Row['InstanceID']));
-			$this->db->query('DELETE FROM `' . TABLE_APS_SETTINGS . '` WHERE `InstanceID` = ' . $this->db->escape($Row['InstanceID']));
+			$del_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_APS_INSTANCES . "` WHERE `ID` = :instanceid
+			");
+			Database::pexecute($del_stmt, array('instanceid' => $Row['InstanceID']));

-			//remove data,  #273
-			if($this->DomainPath != '' && $this->DomainPath != '/') {
-				self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/');
-			} else {
-				// save awstats/webalizer folder if it's the docroot
-				self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/', true);
-				// place standard-index file
-				$loginname = getLoginNameByUid($Row['CustomerID']);
-				if($loginname !== false)
-				{
-					storeDefaultIndex($loginname, $this->RealPath . $this->DomainPath . '/');
-				}
+			$del_stmt = Database::prepare("
+				DELETE FROM `" . TABLE_APS_SETTINGS . "` WHERE `InstanceID` = :instanceid
+			");
+			Database::pexecute($del_stmt, array('instanceid' => $Row['InstanceID']));
+
+			if ($this->RealPath != ''
+				&& checkDisallowedPaths($this->RealPath)
+			) {
+				//remove data,  #273
+				if ($this->DomainPath != ''
+					&& $this->DomainPath != '/'
+				) {
+					self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/');
+				} else {
+					// save awstats/webalizer folder if it's the docroot
+					self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/', true);
+					// place standard-index file
+					$loginname = getLoginNameByUid($Row['CustomerID']);
+					if ($loginname !== false) {
+						storeDefaultIndex($loginname, $this->RealPath . $this->DomainPath . '/');
+					}
+				}				
 			}
 		}
 	}
@@ -292,22 +314,24 @@ class ApsInstaller extends ApsParser
 	 * @param	row			current entry from the database for app to handle
 	 * @param	task		numeric code to specify what to do
 	 */
+	private function PrepareWizardData($Xml, $Row, $Task) {

-	private function PrepareWizardData($Xml, $Row, $Task)
-	{
 		//data collected by wizard
 		//FIXME install_only parameter/reconfigure
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_APS_SETTINGS . "` WHERE `InstanceID` = :instanceid
+		");
+		Database::pexecute($result_stmt, array('instanceid' => $Row['InstanceID']));

-		$result = $this->db->query('SELECT * FROM `' . TABLE_APS_SETTINGS . '` WHERE `InstanceID` = ' . $this->db->escape($Row['InstanceID']));
-
-		while($Row2 = $this->db->fetch_array($result))
-		{
+		while ($Row2 = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			//skip APS internal data
-
-			if($Row2['Name'] == 'main_location'
-			|| $Row2['Name'] == 'main_domain'
-			|| $Row2['Name'] == 'main_database_password'
-			|| $Row2['Name'] == 'license')continue;
+			if ($Row2['Name'] == 'main_location'
+				|| $Row2['Name'] == 'main_domain'
+				|| $Row2['Name'] == 'main_database_password'
+				|| $Row2['Name'] == 'license'
+			) {
+				continue;
+			}
 			putenv('SETTINGS_' . $Row2['Name'] . '=' . $Row2['Value']);
 		}
 	}
@@ -320,63 +344,68 @@ class ApsInstaller extends ApsParser
 	 * @param	task		numeric code to specify what to do
 	 * @return	success true/error false
 	 */
+	private function PrepareFiles($Xml, $Row, $Task) {

-	private function PrepareFiles($Xml, $Row, $Task)
-	{
-		if($this->aps_version != '1.0')
-		{
+		if ($this->aps_version != '1.0') {
 			$mapping = $Xml->service->provision->{'url-mapping'}->mapping;
 			$mapping_path = $Xml->service->provision->{'url-mapping'}->mapping['path'];
 			$mapping_url = $Xml->service->provision->{'url-mapping'}->mapping['url'];
-		}
-		else 
-		{
+		} else {
 			$mapping = $Xml->mapping;
 			$mapping_path = $Xml->mapping['path'];
 			$mapping_url = $Xml->mapping['url'];
 		}
-		
-		if($Task == TASK_INSTALL)
-		{
+
+		if ($this->RealPath == '' || !checkDisallowedPaths($this->RealPath)) {
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_APS_INSTANCES . "` SET `Status` = " . INSTANCE_ERROR . " WHERE `ID` = :id
+			");
+			Database::pexecute($upd_stmt, array('id' => $Row['InstanceID']));
+			return false;
+		}
+
+		if ($Task == TASK_INSTALL) {
 			//FIXME truncate customer directory
 			//remove files from: $this->RealPath . $this->DomainPath . '/*'
-
-			if(!file_exists($this->RealPath . $this->DomainPath . '/'))mkdir($this->RealPath . $this->DomainPath . '/', 0777, true);
+			if (!file_exists($this->RealPath . $this->DomainPath . '/')) {
+				mkdir($this->RealPath . $this->DomainPath . '/', 0777, true);
+			}

 			//extract all files and chown them to the customer guid
-
-			if(self::ExtractZip($this->RootDir . 'packages/' . $Row['Path'] . '/' . $Row['Path'], $mapping_path, $this->RealPath . $this->DomainPath . '/') == false
-			|| self::ExtractZip($this->RootDir . 'packages/' . $Row['Path'] . '/' . $Row['Path'], 'scripts', $this->RealPath . $this->DomainPath . '/install_scripts/') == false)
-			{
-				$this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_ERROR . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID']));
+			if (self::ExtractZip($this->RootDir . 'packages/' . $Row['Path'] . '/' . $Row['Path'], $mapping_path, $this->RealPath . $this->DomainPath . '/') == false
+				|| self::ExtractZip($this->RootDir . 'packages/' . $Row['Path'] . '/' . $Row['Path'], 'scripts', $this->RealPath . $this->DomainPath . '/install_scripts/') == false
+			) {
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_APS_INSTANCES . "` SET `Status` = " . INSTANCE_ERROR . " WHERE `ID` = :id
+				");
+				Database::pexecute($upd_stmt, array('id' => $Row['InstanceID']));

 				//FIXME clean up already installed data
 				//remove files from: $this->RealPath . $this->DomainPath . '/*'
-
 				return false;
 			}

 			safe_exec('chown -R ' . (int)$Row['guid'] . ':' . (int)$Row['guid'] . ' ' . escapeshellarg($this->RealPath . $this->DomainPath . '/'));
-		}
-		else
-		{
-			if(self::ExtractZip($this->RootDir . 'packages/' . $Row['Path'] . '/' . $Row['Path'], 'scripts', $this->RealPath . $this->DomainPath . '/install_scripts/') == false)
-			{
-				$this->db->query('UPDATE `' . TABLE_APS_INSTANCES . '` SET `Status` = ' . INSTANCE_ERROR . ' WHERE `ID` = ' . $this->db->escape($Row['InstanceID']));
+
+		} else {
+
+			if (self::ExtractZip($this->RootDir . 'packages/' . $Row['Path'] . '/' . $Row['Path'], 'scripts', $this->RealPath . $this->DomainPath . '/install_scripts/') == false) {
+
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_APS_INSTANCES . "` SET `Status` = " . INSTANCE_ERROR . " WHERE `ID` = :id
+				");
+				Database::pexecute($upd_stmt, array('id' => $Row['InstanceID']));

 				//clean up already installed data
-
 				self::UnlinkRecursive($this->RealPath . $this->DomainPath . '/install_scripts/');
 				return false;
 			}

 			//set right file owner
-
 			safe_exec('chown -R ' . (int)$Row['guid'] . ':' . (int)$Row['guid'] . ' ' . escapeshellarg($this->RealPath . $this->DomainPath . '/'));
 		}

 		//recursive mappings
-
 		self::PrepareMappings($mapping, $mapping_url, $this->RealPath . $this->DomainPath . '/');
 		return true;
 	}
@@ -388,9 +417,8 @@ class ApsInstaller extends ApsParser
 	 * @param	url				relative path for application specifying the current path within the mapping tree
 	 * @param	path			absolute path for application specifying the current path within the mapping tree
 	 */
+	private function PrepareMappings($ParentMapping, $Url, $Path) {

-	private function PrepareMappings($ParentMapping, $Url, $Path)
-	{
 		//check for special PHP permissions
 		//must be done with xpath otherwise check not possible (XML parser problem with attributes)

@@ -399,8 +427,13 @@ class ApsInstaller extends ApsParser
 			$ParentMapping->registerXPathNamespace('p', 'http://apstandard.com/ns/1/php');
 			$Result = $ParentMapping->xpath('p:permissions');

-			if (is_array($Result) && isset($Result[0]) && is_array($Result[0])) {
-				if	(isset($Result[0]['writable']) && $Result[0]['writable'] == 'true') {
+			if (is_array($Result)
+				&& isset($Result[0])
+				&& is_array($Result[0])
+			) {
+				if (isset($Result[0]['writable'])
+					&& $Result[0]['writable'] == 'true'
+				) {
 					// fixing file permissions to writeable
 					if (is_dir($Path)) {
 						chmod($Path, 0775);
@@ -409,7 +442,9 @@ class ApsInstaller extends ApsParser
 					}
 				}

-				if (isset($Result[0]['readable']) && $Result[0]['readable'] == 'false') {
+				if (isset($Result[0]['readable'])
+					&& $Result[0]['readable'] == 'false'
+				) {
 					//fixing file permissions to non readable	
 					if (is_dir($Path)) {
 						chmod($Path, 0333);
@@ -421,23 +456,16 @@ class ApsInstaller extends ApsParser
 		}

 		//set environment variables
-
 		$EnvVariable = str_replace("/", "_", $Url);
 		putenv('WEB_' . $EnvVariable . '_DIR=' . $Path);

 		//resolve deeper mappings
-		if($ParentMapping && $ParentMapping !== null)
-		{
-			foreach($ParentMapping->mapping as $Mapping)
-			{
+		if ($ParentMapping && $ParentMapping !== null) {
+			foreach ($ParentMapping->mapping as $Mapping) {
 				//recursive check of other mappings
-	
-				if($Url == '/')
-				{
+				if ($Url == '/') {
 					self::PrepareMappings($Mapping, $Url . $Mapping['url'], $Path . $Mapping['url']);
-				}
-				else
-				{
+				} else {
 					self::PrepareMappings($Mapping, $Url . '/' . $Mapping['url'], $Path . '/' . $Mapping['url']);
 				}
 			}
@@ -449,30 +477,33 @@ class ApsInstaller extends ApsParser
 	 *
 	 * @param	xml			instance of a valid xml object with a parsed APP-META.xml file
 	 */
-
-	private function PrepareBasics($Row)
-	{
+	private function PrepareBasics($Row) {
 		//domain
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_APS_SETTINGS . "` WHERE `InstanceID` = :instanceid AND `Name` = 'main_domain'
+		");
+		$Row3 = Database::pexecute_first($result_stmt, array('instanceid' => $Row['InstanceID']));

-		$result = $this->db->query('SELECT * FROM `' . TABLE_APS_SETTINGS . '` WHERE `InstanceID` = ' . $this->db->escape($Row['InstanceID']) . ' AND `Name` = "main_domain"');
-		$Row3 = $this->db->fetch_array($result);
-		$result2 = $this->db->query('SELECT * FROM `' . TABLE_PANEL_DOMAINS . '` WHERE `id` = ' . $this->db->escape($Row3['Value']));
-		$Row3 = $this->db->fetch_array($result2);
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `id` = :domainid
+		");
+		$Row3 = Database::pexecute_first($result_stmt, array('instanceid' => $Row3['Value']));
 		$this->Domain = $Row3['domain'];
 		$this->RealPath = $Row3['documentroot'];

 		//location
-
-		$result3 = $this->db->query('SELECT * FROM `' . TABLE_APS_SETTINGS . '` WHERE `InstanceID` = ' . $this->db->escape($Row['InstanceID']) . ' AND `Name` = "main_location"');
-		$Row3 = $this->db->fetch_array($result3);
+		$result3_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_APS_SETTINGS . "` WHERE `InstanceID` = :instanceid AND `Name` = 'main_location'
+		");
+		$Row3 = Database::pexecute_first($result_stmt, array('instanceid' => $Row['InstanceID']));
 		$this->DomainPath = $Row3['Value'];

 		//if application is directly installed on domain remove / at the end
-
-		if($this->DomainPath == '')$this->RealPath = substr($this->RealPath, 0, strlen($this->RealPath) - 1);
+		if ($this->DomainPath == '') {
+			$this->RealPath = substr($this->RealPath, 0, strlen($this->RealPath) - 1);
+		}

 		//url environment variables
-
 		putenv('BASE_URL_HOST=' . $this->Domain);
 		putenv('BASE_URL_PATH=' . $this->DomainPath . '/');
 		putenv('BASE_URL_SCHEME=http');
@@ -485,18 +516,14 @@ class ApsInstaller extends ApsParser
 	 * @param	row			current entry from the database for app to handle
 	 * @param	task		numeric code to specify what to do
 	 */
+	private function PrepareDatabase($Xml, $Row, $Task) {

-	private function PrepareDatabase($Xml, $Row, $Task)
-	{
 		$XmlDb = $Xml->requirements->children('http://apstandard.com/ns/1/db');

-		if ($this->aps_version == '1.0')
-		{
+		if ($this->aps_version == '1.0') {
 			// the good ole way
 			$XmlDb = $Xml->requirements->children('http://apstandard.com/ns/1/db');
-		} 
-		else
-		{
+		} else {
 			// since 1.1
 			$Xml->registerXPathNamespace('db', 'http://apstandard.com/ns/1/db');

@@ -505,48 +532,67 @@ class ApsInstaller extends ApsParser
 			$XmlDb->db->id = getXPathValue($Xml, '//db:id');
 		}

-		if($XmlDb->db->id)
-		{
+		if ($XmlDb->db->id) {
 			//database management
-
 			$NewDatabase = 'web' . $Row['CustomerID'] . 'aps' . $Row['InstanceID'];
-			$result = $this->db->query('SELECT * FROM `' . TABLE_APS_SETTINGS . '` WHERE `InstanceID` = ' . $this->db->escape($Row['InstanceID']) . ' AND `Name` = "main_database_password"');
-			$Row3 = $this->db->fetch_array($result);
+			$result_stmt = Database::prepare("
+				SELECT * FROM `" . TABLE_APS_SETTINGS . "` WHERE `InstanceID` = :instanceid AND `Name` = 'main_database_password'
+			");
+			$Row3 = Database::pexecute_first($result_stmt, array('instanceid' => $Row['InstanceID']));
 			$DbPassword = $Row3['Value'];

-			if($Task == TASK_INSTALL)
-			{
-				$this->db_root->query('DROP DATABASE IF EXISTS `' . $this->db->escape($NewDatabase) . '`');
-				$this->db_root->query('CREATE DATABASE IF NOT EXISTS `' . $this->db->escape($NewDatabase) . '`');
-				foreach(array_map('trim', explode(',', $this->Hosts)) as $DatabaseHost)
-				{
-					$this->db_root->query('GRANT ALL PRIVILEGES ON `' . $this->db->escape($NewDatabase) . '`.* TO `' . $this->db->escape($NewDatabase) . '`@`' . $this->db->escape($DatabaseHost) . '` IDENTIFIED BY \'password\'');
-					$this->db_root->query('SET PASSWORD FOR `' . $this->db->escape($NewDatabase) . '`@`' . $this->db->escape($DatabaseHost) . '` = PASSWORD(\'' . $DbPassword . '\')');
+			if ($Task == TASK_INSTALL) {
+				Database::needRoot(true);
+				$drp_stmt = Database::prepare("DROP DATABASE IF EXISTS :newdb");
+				Database::pexecute($drp_stmt, array('newdb' => $NewDatabase));
+				$crt_stmt = Database::prepare("CREATE DATABASE IF NOT EXISTS :newdb");
+				Database::pexecute($crt_stmt, array('newdb' => $NewDatabase));
+
+				foreach (array_map('trim', explode(',', $this->Hosts)) as $DatabaseHost) {
+					$stmt = Database::prepare("GRANT ALL PRIVILEGES ON `" . $NewDatabase . "`.*
+							TO :username@:host
+							IDENTIFIED BY 'password'"
+					);
+					Database::pexecute($stmt, array("username" => $NewDatabase, "host" => $DatabaseHost));
+					$stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
+					Database::pexecute($stmt, array("username" => $NewDatabase, "host" => $DatabaseHost, "password" => $DbPassword));
 				}
+				Database::query('FLUSH PRIVILEGES');
+				Database::needRoot(false);

-				$this->db_root->query('FLUSH PRIVILEGES');
-
-				/*
-				 * add database to customers databases, #272
-				 */
+				// add database to customers databases, #272
 				$databasedescription = $Xml->name.' '.$Xml->version.' (Release ' . $Xml->release . ')'; 
-				$result = $this->db->query('INSERT INTO `' . TABLE_PANEL_DATABASES . '` (`customerid`, `databasename`, `description`, `dbserver`, `apsdb`) VALUES ("' . (int)$Row['CustomerID'] . '", "' . $this->db->escape($NewDatabase) . '", "' . $this->db->escape($databasedescription) . '", "0", "1")');
-				$result = $this->db->query('UPDATE `' . TABLE_PANEL_CUSTOMERS . '` SET `mysqls_used`=`mysqls_used`+1 WHERE `customerid`="' . (int)$Row['CustomerID'] . '"');	
+				$ins_stmt = Database::prepare("
+					INSERT INTO `" . TABLE_PANEL_DATABASES . "`
+					(`customerid`, `databasename`, `description`, `dbserver`, `apsdb`)
+					VALUES
+					(:customerid, :databasename, :desc, '0', '1')
+				");
+				$ins_data = array(
+					'customerid' => $Row['CustomerID'],
+					'databasename' => $NewDatabase,
+					'desc' => $databasedescription
+				);
+				Database::pexecute($ins_stmt, $ins_data);
+
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
+					`mysqls_used`=`mysqls_used`+1 WHERE `customerid` = :customerid
+				");
+				Database::pexecute($upd_stmt, array('customerid' => $Row['CustomerID']));
 			}

 			//get first mysql access host
-
 			$AccessHosts = array_map('trim', explode(',', $this->Hosts));

 			//environment variables
-
 			putenv('DB_' . $XmlDb->db->id . '_TYPE=mysql');
 			putenv('DB_' . $XmlDb->db->id . '_NAME=' . $NewDatabase);
 			putenv('DB_' . $XmlDb->db->id . '_LOGIN=' . $NewDatabase);
 			putenv('DB_' . $XmlDb->db->id . '_PASSWORD=' . $DbPassword);
 			putenv('DB_' . $XmlDb->db->id . '_HOST=' . $AccessHosts[0]);
 			putenv('DB_' . $XmlDb->db->id . '_PORT=3306');
-			putenv('DB_' . $XmlDb->db->id . '_VERSION=' . mysql_get_server_info());
+			putenv('DB_' . $XmlDb->db->id . '_VERSION=' . Database::getAttribute(PDO::ATTR_SERVER_VERSION));
 		}
 	}

@@ -558,44 +604,39 @@ class ApsInstaller extends ApsParser
 	 * @param	destination		destination directory for files to extract
 	 * @return	success true/error false
 	 */
+	private function ExtractZip($Filename, $Directory, $Destination) {

-	private function ExtractZip($Filename, $Directory, $Destination)
-	{
-		if(!file_exists($Filename))return false;
+		if (!file_exists($Filename)) {
+			return false;
+		}

-		//fix slash notation for correct paths
+		// fix slash notation for correct paths
+		if (substr($Directory, -1, 1) == '/') {
+			$Directory = substr($Directory, 0, strlen($Directory) - 1);
+		}

-		if(substr($Directory, -1, 1) == '/')$Directory = substr($Directory, 0, strlen($Directory) - 1);
-
-		if(substr($Destination, -1, 1) != '/')$Destination.= '/';
+		if (substr($Destination, -1, 1) != '/') {
+			$Destination.= '/';
+		}

 		//open zipfile to read its contents
-
 		$ZipHandle = zip_open(realpath($Filename));

-		if(is_resource($ZipHandle))
-		{
-			while($ZipEntry = zip_read($ZipHandle))
-			{
-				if(substr(zip_entry_name($ZipEntry), 0, strlen($Directory)) == $Directory)
-				{
-					//fix relative path from zipfile
+		if (is_resource($ZipHandle)) {

+			while ($ZipEntry = zip_read($ZipHandle)) {
+
+				if (substr(zip_entry_name($ZipEntry), 0, strlen($Directory)) == $Directory) {
+					//fix relative path from zipfile
 					$NewPath = zip_entry_name($ZipEntry);
 					$NewPath = substr($NewPath, strlen($Directory));

 					//directory
-
-					if(substr($NewPath, -1, 1) == '/')
-					{
+					if (substr($NewPath, -1, 1) == '/') {
 						if(!file_exists($Destination . $NewPath))mkdir($Destination . $NewPath, 0777, true);
-					}
-					else
-					{
+					} else {
 						//files
-
-						if(zip_entry_open($ZipHandle, $ZipEntry))
-						{
+						if (zip_entry_open($ZipHandle, $ZipEntry)) {
 							// handle new directory
 							$dir = dirname($Destination.$NewPath);
 							if (!file_exists($dir)) {
@@ -604,17 +645,12 @@ class ApsInstaller extends ApsParser

 							$File = fopen($Destination . $NewPath, "wb");

-							if($File)
-							{
-								while($Line = zip_entry_read($ZipEntry))
-								{
+							if ($File) {
+								while ($Line = zip_entry_read($ZipEntry)) {
 									fwrite($File, $Line);
 								}
-
 								fclose($File);
-							}
-							else
-							{
+							} else {
 								return false;
 							}
 						}
@@ -624,9 +660,9 @@ class ApsInstaller extends ApsParser

 			zip_close($ZipHandle);
 			return true;
-		}
-		else
-		{
+
+		} else {
+
 			$ReturnLines = array();
 			
 			// first 'true' to indicate that we want the return-status from exec.
@@ -636,24 +672,20 @@ class ApsInstaller extends ApsParser


 			//on 64 bit systems the zip functions can fail -> use exec to extract the files
-
 			$ReturnLines = safe_exec('unzip -o -qq ' . escapeshellarg(realpath($Filename)) . ' ' . escapeshellarg($Directory . '/*') . ' -d ' . escapeshellarg(sys_get_temp_dir()), $ReturnVal);

-			if($ReturnVal == 0)
-			{
+			if ($ReturnVal == 0) {
 				//fix absolute structure of extracted data
-
-				if(!file_exists($Destination))mkdir($Destination, 0777, true);
+				if (!file_exists($Destination)) {
+					mkdir($Destination, 0777, true);
+				}
 				safe_exec('cp -Rf ' . sys_get_temp_dir() . '/' . $Directory . '/*' . ' ' . escapeshellarg($Destination));
 				self::UnlinkRecursive(sys_get_temp_dir() . '/' . $Directory . '/');
 				return true;
-			}
-			else
-			{
+			} else {
 				return false;
 			}
 		}
-
 		return false;
 	}
 }
--- a/lib/classes/aps/class.ApsParser.php
+++ b/lib/classes/aps/class.ApsParser.php
--- a/lib/classes/aps/class.ApsUpdater.php
+++ b/lib/classes/aps/class.ApsUpdater.php
@@ -24,10 +24,9 @@
 *				move url for distributionserver into panel
 */

-class ApsUpdater extends ApsParser
-{
+class ApsUpdater extends ApsParser {
+
 	private $settings = array();
-	private $db = false;
 	private $RequestDomain = '';
 	private $RootUrl = '';
 	private $RootDir = '';
@@ -41,13 +40,10 @@ class ApsUpdater extends ApsParser
 	/**
 	 * constructor of class. setup some basic variables needed by class
 	 *
-	 * @param	db			instance of the database class
 	 * @param	cronlog		instance of the froxlor logger
 	 */
+	public function __construct($cronlog) {

-	public function __construct($db, $cronlog)
-	{
-		$this->db = $db;
 		$this->RequestDomain = 'apscatalog.com';
 		$this->RootUrl = '/1/';
 		$this->RootDir = dirname(dirname(dirname(dirname(__FILE__)))) . '/';
@@ -57,126 +53,114 @@ class ApsUpdater extends ApsParser
 	/**
 	 * Main function of class which handles all around the update mechanism
 	 */
+	public function UpdateHandler() {

-	public function UpdateHandler()
-	{
 		$this->_cronlog->logAction(CRON_ACTION, LOG_NOTICE, "Changing directory to '" . $this->RootDir . "'");
 		chdir($this->RootDir);

 		//return if allow_url_fopen is disabled
-
-		if(!ini_get('allow_url_fopen'))
-		{
+		if (!ini_get('allow_url_fopen')) {
 			$this->_cronlog->logAction(CRON_ACTION, LOG_ERROR, "The APS updater cronjob requires that allow_url_fopen is enabled for the PHP CLI binary!");
 			echo "The APS updater cronjob requires that allow_url_fopen is enabled for the PHP CLI binary!\n";
 			return;
 		}

 		//return if no task exists
+		$Result_stmt = Database::query("SELECT * FROM `" . TABLE_APS_TASKS . "` WHERE `Task` IN (" . TASK_SYSTEM_UPDATE . ", " . TASK_SYSTEM_DOWNLOAD . ")");

-		$Result = $this->db->query('SELECT * FROM `' . TABLE_APS_TASKS . '` WHERE `Task` IN (' . TASK_SYSTEM_UPDATE . ', ' . TASK_SYSTEM_DOWNLOAD . ')');
-
-		if($this->db->num_rows($Result) == 0)
-		{
+		if (Database::num_rows() == 0) {
 			$this->_cronlog->logAction(CRON_ACTION, LOG_NOTICE, "No tasks for ApsUpdater");
 			return;
 		}

 		//query first task -> updater can only do one job within a run
-
-		$Task = $this->db->fetch_array($Result);
-		$this->db->query('DELETE FROM `' . TABLE_APS_TASKS . '` WHERE `Task` = ' . $Task['Task']);
+		$Task = $Result_stmt->fetch(PDO::FETCH_ASSOC);
+		$del_stmt = Database::prepare("
+			DELETE FROM `" . TABLE_APS_TASKS . "` WHERE `Task` = :task
+		");
+		Database::pexecute($del_stmt, array('task' => $Task['Task']));

 		//fetch all vendors
 		$this->_cronlog->logAction(CRON_ACTION, LOG_NOTICE, "Fetching all Vendors from '" . $this->RootUrl . "'");
 		$Vendors = self::FetchSubUrls($this->RootUrl);
-		if($Vendors !== false)
-		{
-			foreach($Vendors as $Vendor)
-			{
+
+		if ($Vendors !== false) {
+
+			foreach ($Vendors as $Vendor) {
+
 				//fetch all applications from vendors
 				$this->_cronlog->logAction(CRON_ACTION, LOG_NOTICE, "Fetching all from Vendor '" . $Vendor. "'");
 				$Applications = self::FetchSubUrls($this->RootUrl . $Vendor);
-				if($Applications !== false)
-				{
-					foreach($Applications as $Application)
-					{
+
+				if ($Applications !== false) {
+
+					foreach ($Applications as $Application) {
+
 						//get newest version of package which is already installed
 						$this->_cronlog->logAction(CRON_ACTION, LOG_NOTICE, "Checking application '" . substr($Application, 0, -1) . "'");

 						$CurrentVersion = '';
-						$Result = $this->db->query('SELECT * FROM `' . TABLE_APS_PACKAGES . '` WHERE `Name` = "' . $this->db->escape(substr($Application, 0, -1)) . '"');
+						$Result_stmt = Database::prepare("
+							SELECT * FROM `" . TABLE_APS_PACKAGES . "` WHERE `Name` = :name
+						");
+						Database::pexecute($Result_stmt, array('name' => substr($Application, 0, -1)));
+						$numrows_result = Database::num_rows();

-						while($Row = $this->db->fetch_array($Result))
-						{
-							if(version_compare($Row['Version'] . '-' . $Row['Release'], $CurrentVersion) == 1)
-							{
+						while ($Row = $Result_stmt->fetch(PDO::FETCH_ASSOC)) {
+							if (version_compare($Row['Version'] . '-' . $Row['Release'], $CurrentVersion) == 1) {
 								$CurrentVersion = $Row['Version'] . '-' . $Row['Release'];
 							}
 						}

-						if($this->db->num_rows($Result) != 0)
-						{
+						if ($numrows_result!= 0) {
 							//package already installed in system, search for newer version
-
-							if($Task['Task'] != TASK_SYSTEM_UPDATE)continue;
+							if ($Task['Task'] != TASK_SYSTEM_UPDATE) {
+								continue;
+							}

 							//fetch different versions of application from distribution server
-
 							$NewerVersion = '';
 							$Versions = self::FetchSubUrls($this->RootUrl . $Vendor . $Application);
-							if($Versions !== false)
-							{
-								foreach($Versions as $Version)
-								{
+
+							if ($Versions !== false) {
+								foreach ($Versions as $Version) {
 									$OnlineVersion = substr($Version, 0, -1);
-
 									//is package newer than current version?
-
-									if(version_compare($OnlineVersion, $CurrentVersion) == 1)
-									{
+									if (version_compare($OnlineVersion, $CurrentVersion) == 1) {
 										//is new package newer than another one found before?
-
-										if(version_compare($OnlineVersion, $NewerVersion) == 1)
-										{
+										if (version_compare($OnlineVersion, $NewerVersion) == 1) {
 											$NewerVersion = $OnlineVersion;
 										}
 									}
 								}

-								if($NewerVersion != '')
-								{
+								if ($NewerVersion != '') {
 									//download package as an update
-
 									self::DownloadPackage($this->RootUrl . $Vendor . $Application . $NewerVersion, substr($Application, 0, -1), $NewerVersion);
 									continue;
 								}
 							}
-						}
-						else
-						{
-							if($Task['Task'] != TASK_SYSTEM_DOWNLOAD)continue;
+
+						} else {
+
+							if ($Task['Task'] != TASK_SYSTEM_DOWNLOAD) {
+								continue;
+							}

 							//new packages
-
 							$NewVersion = '';
 							$Versions = self::FetchSubUrls($this->RootUrl . $Vendor . $Application);
-							foreach($Versions as $Version)
-							{
+
+							foreach ($Versions as $Version) {
 								$OnlineVersion = substr($Version, 0, -1);
-
 								//is package newer than another one found before?
-
-								if(version_compare($OnlineVersion, $NewVersion) == 1)
-								{
+								if (version_compare($OnlineVersion, $NewVersion) == 1) {
 									$NewVersion = $OnlineVersion;
 								}
 							}

-							if($NewVersion != '')
-							{
+							if ($NewVersion != '') {
 								//download package as a new one
-
 								self::DownloadPackage($this->RootUrl . $Vendor . $Application . $NewVersion, substr($Application, 0, -1), $NewVersion);
 								continue;
 							}
@@ -195,13 +179,11 @@ class ApsUpdater extends ApsParser
 	 * @param	version			string identifying the application version
 	 * @return	success true/error false
 	 */
+	private function DownloadPackage($Url, $Application, $Version) {

-	private function DownloadPackage($Url, $Application, $Version)
-	{
 		$Downloads = self::FetchSubUrls($Url . '/');

 		//make url valid
-
 		$path = dirname($Url);
 		$file = urlencode(basename($Url));
 		$file_url = 'http://' . $this->RequestDomain . $path . '/' . $file . '.aps' . $Downloads[0];
@@ -210,31 +192,23 @@ class ApsUpdater extends ApsParser
 		$this->_cronlog->logAction(CRON_ACTION, LOG_NOTICE, "Downloading '" . $file_url . "'");
 		$Content = @file_get_contents($file_url);

-		if($Content != false)
-		{
+		if ($Content != false) {
 			//open file to write contents on disk
-
 			$FileHandle = fopen($this->RootDir . 'temp/' . $Application . '-' . $Version . '.app.zip', 'wb');

-			if($FileHandle == true)
-			{
+			if ($FileHandle == true) {
 				//write results to disk
-
 				fwrite($FileHandle, $Content);
 				fclose($FileHandle);

 				//set right permissions
-
 				chmod($this->RootDir . 'temp/' . $Application . '-' . $Version . '.app.zip', 0664);
 				return true;
-			}
-			else
-			{
+
+			} else {
 				return false;
 			}
-		}
-		else
-		{
+		} else {
 			return false;
 		}
 	}
@@ -246,51 +220,40 @@ class ApsUpdater extends ApsParser
 	 * @param	url				url to fetch sub links from
 	 * @return	error false/success array with relative sub links
 	 */
+	private function FetchSubUrls($Url) {

-	private function FetchSubUrls($Url)
-	{
 		$Return = array();

 		//make url valid
-
 		$Url = str_replace(' ', '%20', $Url);
 		$file_url = 'http://' . $this->RequestDomain . $Url;

 		//get content from website url
-
 		$Content = @file($file_url);

-		if($Content !== false)
-		{
-			foreach($Content as $Temp)
-			{
+		if ($Content !== false) {
+
+			foreach ($Content as $Temp) {
 				//skip empty lines
-
-				if($Temp != "\r\n"
-				&& $Temp != "\r"
-				&& $Temp != "\n"
-				&& $Temp != "")
-				{
+				if ($Temp != "\r\n"
+					&& $Temp != "\r"
+					&& $Temp != "\n"
+					&& $Temp != ""
+				) {
 					//remove unwanted characters
-
 					$Temp = trim($Temp);

 					//grep URLs which match defined format
-
-					if(preg_match("/^<a href=\"(.+)\".+class=\"(vendor|application|version|packager)\"/", $Temp, $Matches))
-					{
-						if(!in_array(urldecode($Matches[1]), $Return))$Return[] = urldecode($Matches[1]);
+					if (preg_match("/^<a href=\"(.+)\".+class=\"(vendor|application|version|packager)\"/", $Temp, $Matches)) {
+						if (!in_array(urldecode($Matches[1]), $Return)) {
+							$Return[] = urldecode($Matches[1]);
+						}
 					}
 				}
 			}
-
 			return $Return;
-		}
-		else
-		{
+		} else {
 			return false;
 		}
 	}
 }
-
-?>
--- a/lib/classes/database/class.Database.php
+++ b/lib/classes/database/class.Database.php
@@ -0,0 +1,385 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ *
+ * @since      0.9.31
+ *
+ */
+
+/**
+ * Class Database
+ *
+ * Wrapper-class for PHP-PDO
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ */
+class Database {
+
+	/**
+	 * current database link
+	 *
+	 * @var object
+	 */
+	private static $_link = null ;
+
+	/**
+	 * indicator whether to use root-connection or not
+	 */
+	private static $_needroot = false;
+
+	/**
+	 * indicator which database-server we're on (not really used)
+	 */
+	private static $_dbserver = 0;
+
+	/**
+	 * used database-name
+	 */
+	private static $_dbname = null;
+
+	/**
+	 * sql-access data
+	 */
+	private static $_needsqldata = false;
+	private static $_sqldata = null;
+
+	/**
+	 * Wrapper for PDOStatement::execute so we can catch the PDOException
+	 * and display the error nicely on the panel
+	 *
+	 * @param PDOStatement $stmt
+	 * @param array $params (optional)
+	 * @param bool $showerror suppress errordisplay (default true)
+	 */
+	public static function pexecute(&$stmt, $params = null, $showerror = true) {
+		try {
+			$stmt->execute($params);
+		} catch (PDOException $e) {
+			self::_showerror($e, $showerror);
+		}
+	}
+
+	/**
+	 * Wrapper for PDOStatement::execute so we can catch the PDOException
+	 * and display the error nicely on the panel - also fetches the
+	 * result from the statement and returns the resulting array
+	 *
+	 * @param PDOStatement $stmt
+	 * @param array $params (optional)
+	 * @param bool $showerror suppress errordisplay (default true)
+	 *
+	 * @return array
+	 */
+	public static function pexecute_first(&$stmt, $params = null, $showerror = true) {
+		self::pexecute($stmt, $params, $showerror);
+		return $stmt->fetch(PDO::FETCH_ASSOC);
+	}
+
+	/**
+	 * returns the number of found rows of the last select query
+	 *
+	 * @return int
+	 */
+	public static function num_rows() {
+		return Database::query("SELECT FOUND_ROWS()")->fetchColumn();
+	}
+
+	/**
+	 * returns the database-name which is used
+	 *
+	 * @return string
+	 */
+	public static function getDbName() {
+		return self::$_dbname;
+	}
+
+	/**
+	 * enabled the usage of a root-connection to the database
+	 * Note: must be called *before* any prepare/query/etc.
+	 * and should be called again with 'false'-parameter to resume
+	 * the 'normal' database-connection
+	 *
+	 * @param bool $needroot
+	 * @param int $dbserver optional
+	 */
+	public static function needRoot($needroot = false, $dbserver = 0) {
+		// force re-connecting to the db with corresponding user
+		// and set the $dbserver (mostly to 0 = default)
+		self::_setServer($dbserver);
+		self::$_needroot = $needroot;
+	}
+
+	/**
+	 * enable the temporary access to sql-access data
+	 * note: if you want root-sqldata you need to
+	 * call needRoot(true) first. Also, this will
+	 * only give you the data ONCE as it disable itself
+	 * after the first access to the data
+	 *
+	 */
+	public static function needSqlData() {
+		self::$_needsqldata = true;
+		self::$_sqldata = array();
+		self::$_link = null;
+		// we need a connection here because
+		// if getSqlData() is called RIGHT after
+		// this function and no "real" PDO
+		// function was called, getDB() wasn't
+		// involved and no data collected
+		self::getDB();
+	}
+
+	/**
+	 * returns the sql-access data as array using indeces
+	 * 'user', 'passwd' and 'host'. Returns false if not enabled
+	 *
+	 * @return array|bool
+	 */
+	public static function getSqlData() {
+		$return = false;
+		if (self::$_sqldata !== null
+				&& is_array(self::$_sqldata)
+				&& isset(self::$_sqldata['user'])
+		) {
+			$return = self::$_sqldata;
+			// automatically disable sql-data
+			self::$_sqldata = null;
+			self::$_needsqldata = false;
+		}
+		return $return;
+	}
+
+	/**
+	 * let's us interact with the PDO-Object by using static
+	 * call like "Database::function()"
+	 *
+	 * @param string $name
+	 * @param mixed $args
+	 *
+	 * @return mixed
+	 */
+	public static function __callStatic($name, $args) {
+		$callback = array(self::getDB(), $name);
+		$result = null;
+		try {
+			$result = call_user_func_array($callback, $args );
+		} catch (PDOException $e) {
+			self::_showerror($e);
+		}
+		return $result;
+	}
+
+	/**
+	 * set the database-server (relevant for root-connection)
+	 *
+	 * @param int $dbserver
+	 */
+	private static function _setServer($dbserver = 0) {
+		self::$_dbserver = $dbserver;
+		self::$_link = null;
+	}
+
+	/**
+	 * function that will be called on every static call
+	 * which connects to the database if necessary
+	 *
+	 * @param bool $root
+	 *
+	 * @return object
+	 */
+	private static function getDB() {
+
+		if (!extension_loaded('pdo') || in_array("mysql", PDO::getAvailableDrivers()) == false) {
+			self::_showerror(new Exception("The php PDO extension or PDO-MySQL driver is not available"));
+		}
+
+		// do we got a connection already?
+		if (self::$_link) {
+			// return it
+			return self::$_link;
+		}
+
+		// include userdata.inc.php
+		require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
+
+		// le format
+		if (self::$_needroot == true
+				&& isset($sql['root_user'])
+				&& isset($sql['root_password'])
+				&& (!isset($sql_root) || !is_array($sql_root))
+		) {
+			$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
+			unset($sql['root_user']);
+			unset($sql['root_password']);
+		}
+
+		// either root or unprivileged user
+		if (self::$_needroot) {
+			$caption = $sql_root[self::$_dbserver]['caption'];
+			$user = $sql_root[self::$_dbserver]['user'];
+			$password = $sql_root[self::$_dbserver]['password'];
+			$host = $sql_root[self::$_dbserver]['host'];
+		} else {
+			$caption = 'localhost';
+			$user = $sql["user"];
+			$password = $sql["password"];
+			$host = $sql["host"];
+		}
+
+		// save sql-access-data if needed
+		if (self::$_needsqldata) {
+			self::$_sqldata = array(
+					'user' => $user,
+					'passwd' => $password,
+					'host' => $host,
+					'db' => $sql["db"],
+					'caption' => $caption
+			);
+		}
+
+		// build up connection string
+		$driver = 'mysql';
+		$dsn = $driver.":";
+		$options = array('PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8');
+		$attributes = array('ATTR_ERRMODE' => 'ERRMODE_EXCEPTION');
+
+		$dbconf["dsn"] = array(
+				'host' => $host,
+				'dbname' => $sql["db"]
+		);
+
+		self::$_dbname = $sql["db"];
+
+		// add options to dsn-string
+		foreach ($dbconf["dsn"] as $k => $v) {
+			$dsn .= $k."=".$v.";";
+		}
+
+		// clean up
+		unset($dbconf);
+
+		// try to connect
+		try {
+			self::$_link = new PDO($dsn, $user, $password, $options);
+		} catch (PDOException $e) {
+			self::_showerror($e);
+		}
+
+		// set attributes
+		foreach ($attributes as $k => $v) {
+			self::$_link->setAttribute(constant("PDO::".$k), constant("PDO::".$v));
+		}
+
+		// return PDO instance
+		return self::$_link;
+	}
+
+	/**
+	 * display a nice error if it occurs and log everything
+	 *
+	 * @param PDOException $error
+	 * @param bool $showerror if set to false, the error will be logged but we go on
+	 */
+	private static function _showerror($error, $showerror = true) {
+		global $userinfo, $settings, $theme, $linker;
+
+		/**
+		 * log to a file, so we can actually ask people for the error
+		 * (no one seems to find the stuff in the syslog)
+		 */
+		$sl_dir = makeCorrectDir(FROXLOR_INSTALL_DIR."/logs/");
+		if (!file_exists($sl_dir)) {
+			@mkdir($sl_dir, 0755);
+		}
+		$sl_file = makeCorrectFile($sl_dir."/sql-error.log");
+		$sqllog = @fopen($sl_file, 'a');
+		@fwrite($sqllog, date('d.m.Y H:i', time())." --- ".str_replace("\n", " ", $error->getMessage())."\n");
+		@fwrite($sqllog, date('d.m.Y H:i', time())." --- DEBUG: \n".$error->getTraceAsString()."\n");
+		@fclose($sqllog);
+
+		/**
+		 * log error for reporting
+		*/
+		$errid = substr(md5(microtime()), 5, 5);
+		$err_file = makeCorrectFile($sl_dir."/".$errid."_sql-error.log");
+		$errlog = @fopen($err_file, 'w');
+		@fwrite($errlog, "|CODE ".$error->getCode()."\n");
+		@fwrite($errlog, "|MSG ".$error->getMessage()."\n");
+		@fwrite($errlog, "|FILE ".$error->getFile()."\n");
+		@fwrite($errlog, "|LINE ".$error->getLine()."\n");
+		@fwrite($errlog, "|TRACE\n".$error->getTraceAsString()."\n");
+		@fclose($errlog);
+
+		if ($showerror) {
+
+			// include userdata.inc.php
+			require FROXLOR_INSTALL_DIR."/lib/userdata.inc.php";
+
+			// le format
+			if (self::$_needroot == true
+				&& isset($sql['root_user'])
+				&& isset($sql['root_password'])
+				&& (!isset($sql_root) || !is_array($sql_root))
+			) {
+				$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
+			}
+
+			// hide username/password in messages
+			$error_message = $error->getMessage();
+			$error_trace = $error->getTraceAsString();
+			// error-message
+			$error_message = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_message);
+			$error_message = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_message);
+			// error-trace
+			$error_trace = str_replace($sql['password'], 'DB_UNPRIV_PWD', $error_trace);
+			$error_trace = str_replace($sql_root[0]['password'], 'DB_ROOT_PWD', $error_trace);
+
+			// clean up sensitive data
+			unset($sql);
+			unset($sql_root);
+
+			if ((isset($theme) && $theme != '')
+				&& !isset($_SERVER['SHELL']) || (isset($_SERVER['SHELL']) && $_SERVER['SHELL'] == '')
+			) {
+				// if we're not on the shell, output a nice error
+				$_errtpl = dirname($sl_dir).'/templates/'.$theme.'/misc/dberrornice.tpl';
+				if (file_exists($_errtpl)) {
+					$err_hint = file_get_contents($_errtpl);
+					// replace values
+					$err_hint = str_replace("<TEXT>", $error_message, $err_hint);
+					$err_hint = str_replace("<DEBUG>", $error_trace, $err_hint);
+
+					$err_report_html = '';
+					if (is_array($userinfo) && (
+						($userinfo['adminsession'] == '1' && $settings['system']['allow_error_report_admin'] == '1')
+						|| ($userinfo['adminsession'] == '0' && $settings['system']['allow_error_report_customer'] == '1'))
+					) {
+						$err_report_html = '<a href="<LINK>" title="Click here to report error">Report error</a>';
+						$err_report_html = str_replace("<LINK>", $linker->getLink(array('section' => 'index', 'page' => 'send_error_report', 'errorid' => $errid)), $err_report_html);
+					}
+					$err_hint = str_replace("<REPORT>", $err_report_html, $err_hint);
+
+					// show
+					die($err_hint);
+				}
+			}
+			die("We are sorry, but a MySQL - error occurred. The administrator may find more information in in the sql-error.log in the logs/ directory");
+		}
+	}
+}
--- a/lib/classes/database/class.DbManager.php
+++ b/lib/classes/database/class.DbManager.php
@@ -0,0 +1,130 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ *
+ * @since      0.9.31
+ *
+ */
+
+/**
+ * Class DbManager
+ *
+ * Wrapper-class for database-management like creating
+ * and removing databases, users and permissions
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ */
+class DbManager {
+
+	/**
+	 * Settings array
+	 * @var array
+	 */
+	private $_settings = null;
+
+	/**
+	 * FroxlorLogger object
+	 * @var object
+	 */
+	private $_log = null;
+
+	/**
+	 * Manager object
+	 * @var object
+	 */
+	private $_manager = null;
+
+	/**
+	 * main constructor
+	 *
+	 * @param array $settings
+	 * @param FroxlorLogger $log
+	 */
+	public function __construct($settings, &$log = null) {
+		$this->_settings = $settings;
+		$this->_log = $log;
+		$this->_setManager();
+	}
+
+	/**
+	 * creates a new database and a user with the
+	 * same name with all privileges granted on the db.
+	 * DB-name and user-name are being generated and
+	 * the password for the user will be set
+	 *
+	 * @param string $loginname
+	 * @param string $password
+	 * @param int $last_accnumber
+	 *
+	 * @return string $username
+	 */
+	public function createDatabase($loginname = null, $password = null, $last_accnumber = 0) {
+
+		Database::needRoot(true);
+
+		// check whether we shall create a random username
+		if (strtoupper($this->_settings['customer']['mysqlprefix']) == 'RANDOM') {
+			// get all usernames from db-manager
+			$allsqlusers = $this->getManager()->getAllSqlUsers();
+			// generate random username
+			$username = $loginname . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
+			// check whether it exists on the DBMS
+			while (in_array($username , $allsqlusers)) {
+				$username = $loginname . '-' . substr(md5(uniqid(microtime(), 1)), 20, 3);
+			}
+		} else {
+			$username = $loginname . $this->_settings['customer']['mysqlprefix'] . (intval($last_accnumber) + 1);
+		}
+
+		// now create the database itself
+		$this->getManager()->createDatabase($username);
+		$this->_log->logAction(USR_ACTION, LOG_INFO, "created database '" . $username . "'");
+
+		// and give permission to the user on every access-host we have
+		foreach (array_map('trim', explode(',', $this->_settings['system']['mysql_access_host'])) as $mysql_access_host) {
+			$this->getManager()->grantPrivilegesTo($username, $password, $mysql_access_host);
+			$this->_log->logAction(USR_ACTION, LOG_NOTICE, "grant all privileges for '" . $username . "'@'" . $mysql_access_host . "'");
+		}
+
+		$this->getManager()->flushPrivileges();
+
+		Database::needRoot(false);
+
+		return $username;
+	}
+
+	/**
+	 * returns the manager-object
+	 * from where we can control it
+	 */
+	public function getManager() {
+		return $this->_manager;
+	}
+
+	/**
+	 * set manager-object by type of
+	 * dbms: mysql only for now
+	 *
+	 * sets private $_manager variable
+	 */
+	private function _setManager() {
+		// TODO read different dbms from settings later
+		$this->_manager = new DbManagerMySQL($this->_settings, $this->_log);
+	}
+}
--- a/lib/classes/database/class.db.php
+++ b/lib/classes/database/class.db.php
@@ -1,321 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Florian Lippert <flo@syscp.org> (2003-2009)
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Classes
- *
- */
-
-/**
- * Class to manage the connection to the Database
- * @package Functions
- */
-class db {
-
-	/**
-	 * Link ID for every connection
-	 * @var int
-	 */
-	public $link_id = 0;
-
-	/**
-	 * Query ID for every query
-	 * @var int
-	 */
-	private $query_id = 0;
-
-	/**
-	 * Errordescription, if an error occures
-	 * @var string
-	 */
-	public $errdesc = '';
-
-	/**
-	 * Errornumber, if an error occures
-	 * @var int
-	 */
-	public $errno = 0;
-
-	/**
-	 * Servername
-	 * @var string
-	 */
-	private $server = '';
-
-	/**
-	 * Username
-	 * @var string
-	 */
-	private $user = '';
-
-	/**
-	 * Password
-	 * @var string
-	 */
-	private $password = '';
-
-	/**
-	 * Database
-	 * @var string
-	 */
-	private $database = '';
-
-	/**
-	 * Class constructor. Connects to Databaseserver and selects Database
-	 *
-	 * @param string Servername
-	 * @param string Username
-	 * @param string Password
-	 * @param string Database
-	 */
-	public function __construct($server, $user, $password, $database = '') {
-
-		// check for mysql extension
-		if (!extension_loaded('mysql')) {
-			$this->_showerror('You should install the PHP MySQL extension!', false);
-		}
-
-		$this->server = $server;
-		$this->user = $user;
-		$this->password = $password;
-		$this->database = $database;
-		$this->link_id = @mysql_connect($this->server, $this->user, $this->password, 1);
-
-		if (!$this->link_id) {
-
-			//try to connect with no password and change it afterwards. only for root user
-			if ($this->user == 'root') {
-				$this->link_id = @mysql_connect($this->server, $this->user, '', 1);
-
-				if ($this->link_id) {
-					$this->query("SET PASSWORD = PASSWORD('" . $this->escape($this->password) . "')");
-				} else {
-					$this->_showerror('Establishing connection failed, exiting');
-				}
-			} else {
-				$this->_showerror('Establishing connection failed, exiting');
-			}
-		}
-
-		if ($this->database != '') {
-			if (!@mysql_select_db($this->database, $this->link_id)) {
-				$this->_showerror('Trying to use database ' . $this->database . ' failed, exiting');
-			}
-		}
-
-		mysql_set_charset('utf8', $this->link_id);
-	}
-
-	/**
-	 * Closes connection to Databaseserver
-	 */
-	public function close() {
-		return @mysql_close($this->link_id);
-	}
-
-	public function getDbName() {
-		return $this->database;
-	}
-
-	/**
-	 * Escapes user input to be used in mysql queries
-	 *
-	 * @param string $input
-	 * @return string escaped string
-	 */
-	public function escape($input) {
-		if (is_int($input)) {
-			return (int)$input;
-		} elseif(is_float($input)) {
-			return (float)$input;
-		} else {
-			return mysql_real_escape_string($input, $this->link_id);
-		}
-	}
-
-	/**
-	 * Query the Database
-	 *
-	 * @param string Querystring
-	 * @param bool Unbuffered query?
-	 * @return string RessourceId
-	 */
-	public function query($query_str, $unbuffered = false, $suppress_error = false) {
-
-		global $numbqueries, $theme;
-
-		// check if connection is still alive
-		if (!mysql_ping($this->link_id)) {
-			$this->link_id = mysql_connect($this->server,$this->user,$this->password);
-			if (!$this->database) {
-				return false;
-			}
-			mysql_select_db($this->database);
-		}
-
-		if (!$unbuffered) {
-			if ($suppress_error) {
-				$this->query_id = @mysql_query($query_str, $this->link_id);
-			} else {
-				$this->query_id = mysql_query($query_str, $this->link_id);
-			}
-		} else {
-			if ($suppress_error) {
-				$this->query_id = @mysql_unbuffered_query($query_str, $this->link_id);
-			} else {
-				$this->query_id = mysql_unbuffered_query($query_str, $this->link_id);
-			}
-		}
-
-		if (!$this->query_id && !$suppress_error) {
-			$this->_showerror('Invalid SQL: ' . $query_str);
-		} elseif(!$this->query_id && $suppress_error) {
-			return false;
-		}
-
-		$numbqueries++;
-		return $this->query_id;
-	}
-
-	/**
-	 * Fetches Row from Query and returns it as array
-	 *
-	 * @param string RessourceId
-	 * @param string Datatype, num or assoc
-	 * @return array The row
-	 */
-	public function fetch_array($query_id = - 1, $_datatype = 'assoc') {
-		if ($query_id != - 1) {
-			$this->query_id = $query_id;
-		}
-
-		$datatype = MYSQL_ASSOC;
-		if ($_datatype == 'num') {
-			$datatype = MYSQL_NUM;
-		}
-
-		$this->record = mysql_fetch_array($this->query_id, $datatype);
-		return $this->record;
-	}
-
-	/**
-	 * Query Database and fetche the first row from Query and returns it as array
-	 *
-	 * @param string Querystring
-	 * @param string Datatype, num or assoc
-	 * @return array The first row
-	 */
-	public function query_first($query_string, $datatype = 'assoc') {
-		$this->query($query_string);
-		return $this->fetch_array($this->query_id, $datatype);
-	}
-
-	/**
-	 * Returns how many rows have been selected
-	 *
-	 * @param string RessourceId
-	 * @return int Number of rows
-	 */
-	public function num_rows($query_id = - 1) {
-		if ($query_id != - 1) {
-			$this->query_id = $query_id;
-		}
-		return mysql_num_rows($this->query_id);
-	}
-
-	/**
-	 * Returns the auto_incremental-Value of the inserted row
-	 *
-	 * @return int auto_incremental-Value
-	 */
-	public function insert_id() {
-		return mysql_insert_id($this->link_id);
-	}
-
-	/**
-	 * Returns the number of rows affected by last query
-	 *
-	 * @return int affected rows
-	 */
-	public function affected_rows() {
-		return mysql_affected_rows($this->link_id);
-	}
-
-	/**
-	 * Returns errordescription and errornumber if an error occured.
-	 *
-	 * @return int Errornumber
-	 */
-	private function _geterrdescno() {
-		if ($this->link_id != 0) {
-			$this->errdesc = mysql_error($this->link_id);
-			$this->errno = mysql_errno($this->link_id);
-		} else {
-			// Maybe we don't have any linkid so let's try to catch at least anything
-			$this->errdesc = mysql_error();
-			$this->errno = mysql_errno();
-		}
-		return $this->errno;
-	}
-
-	/**
-	 * Dies with an errormessage
-	 *
-	 * @param string Errormessage
-	 */
-	private function _showerror($errormsg, $mysqlActive = true) {
-		global $filename, $theme;
-
-		$text = 'MySQL - Error: ' . str_replace("\n", "\t", $errormsg);
-
-		if ($mysqlActive) {
-			$this->_geterrdescno();
-			$text .= "; ErrNo: " . $this->errno . "; Desc: " . $this->errdesc;
-		}
-
-		if ($filename != 'froxlor_master_cronjob.php') {
-			$text .= "; Script: " . getenv('REQUEST_URI') . "; Ref: " . getenv('HTTP_REFERER');
-		} else {
-			$text .= "; Script: cronscript";
-		}
-		$md5 = md5($text . time());
-		openlog("Froxlor", LOG_NDELAY, LOG_USER);
-		syslog(LOG_ERR, $text . "; $md5");
-		closelog();
-
-		/**
-		 * log to a file, so we can actually ask people for the error
-		 * (no one seems to find the stuff in the syslog)
-		 */
-		$sl_dir = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__))))."/logs/");
-		if (!file_exists($sl_dir)) {
-			@mkdir($sl_dir, 0755);
-		}
-		$sl_file = makeCorrectFile($sl_dir."/sql-error.log");
-		$sqllog = @fopen($sl_file, 'a');
-		@fwrite($sqllog, date('d.m.Y H:i', time())." --- ".$text."\n");
-		@fclose($sqllog);
-
-		if (isset($_SERVER['SHELL']) && $_SERVER['SHELL'] != '') {
-			// if we're not on the shell, output a nicer error-message
-			$err_hint = file_get_contents(dirname($sl_dir).'/templates/'.$theme.'/misc/dberrornice.tpl');
-			// replace values
-			$err_hint = str_replace("<TEXT>", $errormsg, $err_hint);
-			$err_hint = str_replace("<DEBUG>", $text, $err_hint);
-			// show
-			die($err_hint);
-		}
-		die("We are sorry, but a MySQL - error occurred. The administrator may find more information in syslog with the ID ".$md5." or in the sql-error.log in the logs/ directory");
-	}
-}
--- a/lib/classes/database/manager/class.DbManagerMySQL.php
+++ b/lib/classes/database/manager/class.DbManagerMySQL.php
@@ -0,0 +1,196 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ *
+ * @since      0.9.31
+ *
+ */
+
+/**
+ * Class DbManagerMySQL
+ *
+ * Explicit class for database-management like creating
+ * and removing databases, users and permissions for MySQL
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ */
+class DbManagerMySQL {
+
+	/**
+	 * Settings array
+	 * @var array
+	 */
+	private $_settings = null;
+
+	/**
+	 * FroxlorLogger object
+	 * @var object
+	 */
+	private $_log = null;
+
+	/**
+	 * main constructor
+	 *
+	 * @param array $settings
+	 * @param FroxlorLogger $log
+	 */
+	public function __construct($settings, &$log = null) {
+		$this->_settings = $settings;
+		$this->_log = $log;
+	}
+
+	/**
+	 * creates a database
+	 *
+	 * @param string $dbname
+	 */
+	public function createDatabase($dbname = null) {
+		Database::query("CREATE DATABASE `" . $dbname . "`");
+	}
+
+	/**
+	 * grants access privileges on a database with the same
+	 * username and sets the password for that user the given access_host
+	 *
+	 * @param string $username
+	 * @param string $password
+	 * @param string $access_host
+	 */
+	public function grantPrivilegesTo($username = null, $password = null, $access_host = null) {
+		// grant privileges
+		$stmt = Database::prepare("
+				GRANT ALL PRIVILEGES ON `" . $username . "`.*
+				TO :username@:host IDENTIFIED BY 'password'
+				");
+		Database::pexecute($stmt, array("username" => $username, "host" => $access_host));
+		// set passoword
+		$stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
+		Database::pexecute($stmt, array("username" => $username, "host" => $access_host, "password" => $password));
+	}
+
+	/**
+	 * removes the given database from the dbms and also
+	 * takes away any privileges from a user to that db
+	 *
+	 * @param string $dbname
+	 */
+	public function deleteDatabase($dbname = null) {
+
+		if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') {
+			// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
+			$stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM `".$dbname."`");
+			Database::pexecute($stmt, array(), false);
+		}
+
+		$host_res_stmt = Database::prepare("
+			SELECT `Host` FROM `mysql`.`user` WHERE `User` = :dbname"
+		);
+		Database::pexecute($host_res_stmt, array('dbname' => $dbname));
+
+		while ($host = $host_res_stmt->fetch(PDO::FETCH_ASSOC)) {
+			// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)
+			$drop_stmt = Database::prepare("DROP USER :dbname@:host");
+			Database::pexecute($drop_stmt, array('dbname' => $dbname, 'host' => $host['Host']), false);
+		}
+
+		$drop_stmt = Database::prepare("DROP DATABASE IF EXISTS `".$dbname."`");
+		Database::pexecute($drop_stmt);
+	}
+
+	/**
+	 * removes a user from the dbms and revokes all privileges
+	 *
+	 * @param string $username
+	 * @param string $host
+	 */
+	public function deleteUser($username = null, $host = null) {
+		if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') {
+			// Revoke privileges (only required for MySQL 4.1.2 - 5.0.1)
+			$stmt = Database::prepare("REVOKE ALL PRIVILEGES ON * . * FROM `". $username . "`@`".$host."`");
+			Database::pexecute($stmt);
+		}
+		// as of MySQL 5.0.2 this also revokes privileges. (requires MySQL 4.1.2+)
+		$stmt = Database::prepare("DROP USER :username@:host");
+		Database::pexecute($stmt, array("username" => $username, "host" => $host));
+	}
+
+	/**
+	 * removes permissions from a user
+	 *
+	 * @param string $username
+	 * @param string $host (unused in mysql)
+	 */
+	public function disableUser($username = null, $host = null) {
+		$stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM `".$row_database['databasename']."`");
+		Database::pexecute($stmt, array(), false);
+	}
+
+	/**
+	 * re-grant permissions to a user
+	 *
+	 * @param string $username
+	 * @param string $host
+	 */
+	public function enableUser($username = null, $host = null) {
+		Database::query('GRANT ALL PRIVILEGES ON `' . $username .'`.* TO `' . $username . '`@`' . $host . '`');
+		Database::query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $username) . '` . * TO `' . $username . '`@`' . $host . '`');
+	}
+
+	/**
+	 * flushes the privileges...pretty obvious eh?
+	 */
+	public function flushPrivileges() {
+		Database::query("FLUSH PRIVILEGES");
+	}
+
+	/**
+	 * return an array of all usernames used in that DBMS
+	 *
+	 * @param bool $user_only if false, * will be selected from mysql.user and slightly different array will be generated
+	 *
+	 * @return array
+	 */
+	public function getAllSqlUsers($user_only = true) {
+
+		if ($user_only == false) {
+			$result_stmt = Database::prepare('SELECT * FROM mysql.user');
+		} else {
+			$result_stmt = Database::prepare('SELECT `User` FROM mysql.user');
+		}
+		Database::pexecute($result_stmt);
+		$allsqlusers = array();
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			if ($user_only == false) {
+				if (!isset($allsqlusers[$row['User']])
+						|| !is_array($allsqlusers[$row['User']])
+				) {
+					$allsqlusers[$row['User']] = array(
+							'password' => $row['Password'],
+							'hosts' => array()
+					);
+				}
+				$allsqlusers[$row['User']]['hosts'][] = $row['Host'];
+			} else {
+				$allsqlusers[] = $row['User'];
+			}
+		}
+		return $allsqlusers;
+	}
+
+}
--- a/lib/classes/domains/class.docrootsettings.php
+++ b/lib/classes/domains/class.docrootsettings.php
@@ -1,198 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Michael Kaufmann <mkaufmann@nutime.de>
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Classes
- *
- * @link       http://www.nutime.de/
- * @since      0.9.17-svn2
- *
- */
-
-class docrootsettings
-{
-	/**
-	 * Database handler
-	 * @var object
-	 */
-	private $_db = false;
-
-	/**
-	 * Settings array
-	 * @var array
-	 */
-	private $_settings = array();
-
-	/**
-	 * main constructor
-	 */
-	public function __construct($db, $settings)
-	{
-		$this->_db = $db;
-		$this->_settings = $settings;
-	}
-
-	/**
-	 * this function lets you add docroot-settings for a given domain (by ID)
-	 * 
-	 * @param int    $domainid  id of the domain to add the settings for
-	 * @param string $ssettings docrootsettings to add for the domain
-	 * 
-	 * @return boolean
-	 */
-	public function addDomainDocrootsettings($domainid = 0, $ssettings = '')
-	{
-		return $this->_addDocrootSetting(TABLE_PANEL_DOMDOCROOTSETTINGS, $domainid, $ssettings);
-	}
-
-	/**
-	 * this function lets you update docroot-settings for a given domain (by ID)
-	 * 
-	 * @param int    $domainid  id of the domain to update the settings from
-	 * @param string $ssettings docrootsettings to update for the domain
-	 * 
-	 * @return boolean
-	 */
-	public function updateDomainDocrootsettings($domainid = 0, $ssettings = '')
-	{
-		return $this->_updateDocrootSetting(TABLE_PANEL_DOMDOCROOTSETTINGS, $domainid, $ssettings);
-	}
-
-	/**
-	 * this function lets you add docroot-settings for a given ip/port combo (by ID)
-	 * 
-	 * @param int    $ipandportid id of the domain to add the settings for
-	 * @param string $ssettings   docrootsettings to add for the domain
-	 * 
-	 * @return boolean
-	 */
-	public function addIpsAndPortsDocrootsettings($ipandportid = 0, $ssettings = '')
-	{
-		return $this->_addDocrootSetting(TABLE_PANEL_IPDOCROOTSETTINGS, $ipandportid, $ssettings);
-	}
-
-	/**
-	 * this function lets you update docroot-settings for a given ip/port combo (by ID)
-	 * 
-	 * @param int    $ipandportid id of the domain to update the settings from
-	 * @param string $ssettings   docrootsettings to update for the domain
-	 * 
-	 * @return boolean
-	 */
-	public function updateIpsAndPortsDocrootsettings($ipandportid = 0, $ssettings = '')
-	{
-		return $this->_updateDocrootSetting(TABLE_PANEL_IPDOCROOTSETTINGS, $ipandportid, $ssettings);
-	}
-
-	/**
-	 * returns the docroot-setting
-	 * for a given domain (by ID)
-	 * 
-	 * @param int $domainid the id of the domain
-	 * 
-	 * @return string the settings or empty if not set
-	 */
-	public function getDomainDocrootsettings($domainid = 0)
-	{
-		return $this->_getDocrootSettingById(TABLE_PANEL_DOMDOCROOTSETTINGS, $domainid);
-	}
-
-	/**
-	 * returns the docroot-setting
-	 * for a given ip/port combination (by ID)
-	 * 
-	 * @param int $ipandportid the id of the ip/port combo
-	 * 
-	 * @return string the settings or empty if not set
-	 */
-	public function getIpsAndPortsDocrootsettings($ipandportid = 0)
-	{
-		return $this->_getDocrootSettingById(TABLE_PANEL_IPDOCROOTSETTINGS, $ipandportid);
-	}
-
-	/**
-	 * this function is called by addDomainDocrootsettings() and
-	 * addIpsAndPortsDocrootsettings() to add docroot settings for an object
-	 * 
-	 * @param string $table     table to add the settings to
-	 * @param int    $fid       foreign id / object id
-	 * @param string $ssettings docroot-settings
-	 * 
-	 * @return boolean
-	 */
-	private function _addDocrootSetting($table, $fid, $ssettings)
-	{
-		$query = "INSERT INTO `".$table."` SET
-			`fid` = '".(int)$fid."',
-			`docrootsettings` = '".$db->escape($ssettings)."';";
-		$this->_db->query($query);
-		return true;
-	}
-
-	/**
-	 * this function is called by updateDomainDocrootsettings() and
-	 * updateIpsAndPortsDocrootsettings() to update docroot settings for an object
-	 * 
-	 * if new value is an empty string, entry is being removed
-	 * 
-	 * @param string $table     table to update the settings from
-	 * @param int    $fid       foreign id / object id
-	 * @param string $ssettings docroot-settings
-	 * 
-	 * @return boolean
-	 */
-	private function _updateDocrootSetting($table, $fid, $ssettings)
-	{
-		// check if this object has an entry for docrootsettings
-		if($this->_getDocrootSettingById($table, $fid) != '')
-		{
-			if($ssettings != '')
-			{
-				// update if new value has been set
-				$query = "UPDATE `".$table."` SET
-					`docrootsettings` = '".$db->escape($ssettings)."' 
-					WHERE `fid` = '".(int)$fid."';";
-			}
-			else
-			{
-				// remove if new value is empty
-				$query = "DELETE FROM `".$table."` WHERE `fid` = '".(int)$fid."';";
-			}
-			// run query
-			$this->_db->query($query);
-			return true;
-		}
-		// this object has no entry for docrootsettings yet
-		return false;
-	}
-
-	/**
-	 * read the docrootsetting field of given table
-	 * for given id
-	 * 
-	 * @param string $table table where to read from
-	 * @param int    $id    id of the object
-	 * 
-	 * @return string string the settings or empty if not set
-	 */
-	private function _getDocrootSettingById($table = null, $id = 0)
-	{
-		$query = "SELECT `docrootsettings` FROM `".$table."` WHERE `fid`='".(int)$id."';";
-		$result = $this->_db->query_first($query);
-		if($result !== false && isset($result['docrootsettings']))
-		{
-			return $result['docrootsettings'];
-		}
-		return '';
-	}
-}
--- a/lib/classes/froxlorclient/class.froxlorclient.php
+++ b/lib/classes/froxlorclient/class.froxlorclient.php
@@ -1,369 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Michael Kaufmann <mkaufmann@nutime.de>
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Multiserver
- *
- * @link       http://www.nutime.de/
- * @since      0.9.14-svn8
- *
- * Multiserver - FroxlorClient-Class
- */
-
-class froxlorclient
-{
-	/**
-	 * Userinfo
-	 * @var array
-	 */
-	private $userinfo = array();
-
-	/**
-	 * Database handler
-	 * @var db
-	 */
-	private $db = false;
-
-	/**
-	 * Client ID
-	 * @var cid
-	 */
-	private $cid = -1;
-
-	/**
-	 * Client Data Array
-	 * @var c_data
-	 */
-	private $c_data = array();
-
-	/**
-	 * Client Settings_Data Array
-	 * @var s_data
-	 */
-	private $s_data = array();
-
-	/**
-	 * Client-Object-Array
-	 * @var clients
-	 */
-	static private $clients = array();
-
-	/**
-	 * Class constructor.
-	 *
-	 * @param array    $userinfo userdetails array of logged in user
-	 * @param resource $db       database-object
-	 * @param int      $cid      client-id
-	 */
-	private function __construct($userinfo, $db, $cid = -1)
-	{
-		$this->userinfo = $userinfo;
-		$this->db = $db;
-		$this->cid = $cid;
-
-		// read data from database
-		$this->_readData();
-	}
-
-	/**
-	 * static function to initialize the class using
-	 * singleton design pattern
-	 * 
-	 * @param array    $_usernfo  userdetails array of logged in user
-	 * @param resource $_db       database-object
-	 * @param int      $_cid      client-id
-	 */
-	static public function getInstance($_usernfo, $_db, $_cid)
-	{
-		if(!isset(self::$clients[$_cid]))
-		{
-			self::$clients[$_cid] = new froxlorclient($_usernfo, $_db, $_cid);
-		}
-
-		return self::$clients[$_cid];
-	}
-
-	/**
-	 * return an array of enabled froxlor-client ids
-	 * 
-	 * @param resource mysql-object
-	 * 
-	 * @return array
-	 */
-	static public function getFroxlorClients($_db = null)
-	{
-		$sql = "SELECT `id` FROM `".TABLE_FROXLOR_CLIENTS."` WHERE `enabled` = '1';";
-		$res = $_db->query($sql);
-		$result = array();
-		while($_r = mysql_fetch_array($res))
-		{
-			$result[] = $_r['id'];
-		}
-		return $result;
-	}
-
-	/**
-	 * Insert new client to database
-	 */
-	public function Insert()
-	{
-		$this->db->query("INSERT INTO  
-			`" . TABLE_FROXLOR_CLIENTS . "` 
-		SET
-			`name` = '" . $this->db->escape($this->Get('name')) . "',  
-			`desc` = '" . $this->db->escape($this->Get('desc')) . "', 
-			`enabled` = '" . (int)$this->Get('enabled') . "';
-		");
-		$this->cid = $this->db->insert_id();
-		return $this->cid;
-	}
-
-	/**
-	 * Update data in database
-	 */
-	public function Update()
-	{
-		$this->db->query("UPDATE 
-			`" . TABLE_FROXLOR_CLIENTS . "` 
-		SET
-			`name` = '" . $this->db->escape($this->Get('name')) . "',  
-			`desc` = '" . $this->db->escape($this->Get('desc')) . "', 
-			`enabled` = '" . (int)$this->Get('enabled') . "'
-		WHERE 
-			`id` = '" . (int)$this->cid . "';
-		");
-		return true;
-	}
-
-	/**
-	 * This function removes a Froxlor-Client and its settings
-	 * from the database. Optionally the Froxlor-Client data
-	 * can be removed by setting the $delete_me parameter
-	 * 
-	 * @param bool $delete_me removes client-data (not customer data) on the client
-	 * 
-	 * @return bool
-	 * 
-	 * @TODO 
-	 * - remove client settings in panel_settings (sid = client-id)
-	 * - implement $delete_me parameter
-	 */
-	public function Delete($delete_me = false)
-	{
-		// delete froxlor-client from the database
-		$this->db->query('DELETE FROM 
-			`' . TABLE_FROXLOR_CLIENTS . '` 
-		WHERE 
-			`id` = "' . (int)$this->cid . '";
-		');
-
-		// Delete settings from panel_settings
-		$this->db->query('DELETE FROM 
-			`' . TABLE_PANEL_SETTINGS . '` 
-		WHERE 
-			`sid` = "' . (int)$this->cid . '";
-		');
-
-		return true;
-	}
-
-	/**
-	 * return the complete client-settings array
-	 * for the settings page
-	 */
-	public function getSettingsArray()
-	{
-		return $this->Get('settings');
-	}
-
-	/**
-	 * get a value from the internal data array
-	 * 
-	 * @param string $_var
-	 * @param string $_vartrusted
-	 * 
-	 * @return mixed or null if not found
-	 */
-	public function Get($_var = '', $_vartrusted = false)
-	{
-		if($_var != '')
-		{
-			if(!$_vartrusted)
-			{
-				$_var = htmlspecialchars($_var);
-			}
-
-			if(isset($this->c_data[$_var]))
-			{
-				return $this->c_data[$_var];
-			}
-			else
-			{
-				return null;
-			}
-		}
-	}
-
-	/**
-	 * set a value in the internal data array
-	 * 
-	 * @param string $_var
-	 * @param string $_value
-	 * @param bool   $_vartrusted
-	 * @param bool   $_valuetrusted
-	 */
-	public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false)
-	{
-		if($_var != ''
-			&& $_value != ''
-		) {
-			if(!$_vartrusted)
-			{
-				$_var = htmlspecialchars($_var);
-			}
-
-			if(!$_valuetrusted)
-			{
-				$_value = htmlspecialchars($_value);
-			}
-
-			$this->c_data[$_var] = $_value;
-		}
-	}
-
-	/**
-	 * get a value from the internal settings array
-	 *
-	 * @param string $_grp
-	 * @param string $_var
-	 * @param bool   $_grptrusted
-	 * @param bool   $_vartrusted
-	 * 
-	 * @return mixed or null if not found
-	 */
-	public function getSetting($_grp = '', $_var = '', $_grptrusted = false, $_vartrusted = false)
-	{
-		if($_grp != ''
-			&& $_var != ''
-		) {
-
-			if(!$_grptrusted)
-			{
-				$_grp = htmlspecialchars($_grp);
-			}
-
-			if(!$_vartrusted)
-			{
-				$_var = htmlspecialchars($_var);
-			}
-
-			if(isset($this->c_data['settings'][$_grp][$_var]))
-			{
-				return $this->c_data['settings'][$_grp][$_var];
-			}
-			else
-			{
-				return null;
-			}
-		}
-	}
-
-	/**
-	 * set a value in the internal settings array
-	 *
-	 * @param string $_grp
-	 * @param string $_var
-	 * @param string $_value
-	 * @param bool   $_grptrusted
-	 * @param bool   $_vartrusted
-	 * @param bool   $_valuetrusted
-	 */
-	public function setSetting($_grp = '', $_var = '', $_value = '', $_grptrusted = false, $_vartrusted = false, $_valuetrusted = false)
-	{
-		if($_grp != ''
-			&& $_var != ''
-			&& $_value != ''
-		) {
-			if(!$_grptrusted)
-			{
-				$_grp = htmlspecialchars($_grp);
-			}
-
-			if(!$_vartrusted)
-			{
-				$_var = htmlspecialchars($_var);
-			}
-
-			if(!$_valuetrusted)
-			{
-				$_value = htmlspecialchars($_value);
-			}
-
-			if(!isset($this->c_data['settings']) || !is_array($this->c_data['settings'])) {
-				$this->c_data['settings'] = array();
-			}
-
-			if(!isset($this->c_data['settings'][$_grp]) || !is_array($this->c_data['settings'][$_grp])) {
-				$this->c_data['settings'][$_grp] = array();
-			}
-
-			$this->c_data['settings'][$_grp][$_var] = $_value;
-		}
-	}
-
-	/**
-	 * read client settings from database
-	 */
-	private function _readSettings()
-	{
-		if(isset($this->cid)
-			&& $this->cid != - 1
-		) {
-			$spath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
-			$this->s_data = loadConfigArrayDir(
-								makeCorrectDir($spath.'/actions/admin/settings/'),
-								makeCorrectDir($spath.'/actions/multiserver/clientsettings/')
-							);
-			$settings = loadSettings($this->s_data, $this->db, $this->cid);
-
-			foreach($settings as $group => $fv)
-			{
-				foreach($fv as $field => $value)
-				{
-					$this->setSetting($group, $field, $value, true, true, true);					
-				}
-			}
-		}
-	}
-
-	/**
-	 * Read client data from database.
-	 */
-	private function _readData()
-	{
-		if(isset($this->cid)
-			&& $this->cid != - 1
-		) {
-			$_client = $this->db->query_first('SELECT * FROM `' . TABLE_FROXLOR_CLIENTS . '` WHERE `id` = "' . $this->cid . '"');
-
-			foreach($_client as $field => $value)
-			{
-				$this->Set($field, $value, true, true);
-			}
-
-			// after we have details about the client, 
-			// we need its settings too
-			$this->_readSettings();
-		}
-	}
-}
--- a/lib/classes/logger/class.FileLogger.php
+++ b/lib/classes/logger/class.FileLogger.php
@@ -137,7 +137,7 @@ class FileLogger extends AbstractLogger
 			}
 			else
 			{
-				$name = " (" . $this->userinfo['loginname'] . ")";
+				$name = $this->userinfo['loginname'];
 			}

 			$fp = @fopen($this->logfile, 'a');
@@ -184,5 +184,3 @@ class FileLogger extends AbstractLogger
 		return false;
 	}
 }
-
-?>
--- a/lib/classes/logger/class.FroxlorLogger.php
+++ b/lib/classes/logger/class.FroxlorLogger.php
@@ -26,35 +26,24 @@ class FroxlorLogger
 	 * Userinfo
 	 * @var array
 	 */
-
 	private $userinfo = array();

-	/**
-	 * Database handler
-	 * @var db
-	 */
-
-	private $db = false;
-
 	/**
 	 * Settings array
 	 * @var settings
 	 */
-
 	private $settings = array();

 	/**
 	 * LogTypes Array
 	 * @var logtypes
 	 */
-
 	static private $logtypes = null;

 	/**
 	 * Logger-Object-Array
 	 * @var loggers
 	 */
-
 	static private $loggers = null;

 	/**
@@ -63,31 +52,24 @@ class FroxlorLogger
 	 * @param array userinfo
 	 * @param array settings
 	 */
-
-	protected function __construct($userinfo, $db, $settings)
-	{
+	protected function __construct($userinfo, $settings) {
 		$this->userinfo = $userinfo;
-		$this->db = $db;
 		$this->settings = $settings;
 		self::$logtypes = array();

-		if(!isset($this->settings['logger']['logtypes'])
+		if (!isset($this->settings['logger']['logtypes'])
 		   && (!isset($this->settings['logger']['logtypes']) || $this->settings['logger']['logtypes'] == '')
 		   && isset($this->settings['logger']['enabled'])
-		   && $this->settings['logger']['enabled'])
-		{
+		   && $this->settings['logger']['enabled']
+		) {
 			self::$logtypes[0] = 'syslog';
 			self::$logtypes[1] = 'mysql';
-		}
-		else
-		{
-			if(isset($this->settings['logger']['logtypes'])
-			   && $this->settings['logger']['logtypes'] != '')
-			{
+		}  else {
+			if (isset($this->settings['logger']['logtypes'])
+			   && $this->settings['logger']['logtypes'] != ''
+			) {
 				self::$logtypes = explode(',', $this->settings['logger']['logtypes']);
-			}
-			else
-			{
+			} else {
 				self::$logtypes = null;
 			}
 		}
@@ -97,40 +79,37 @@ class FroxlorLogger
 	 * Singleton ftw ;-)
 	 *
 	 */
-
-	static public function getInstanceOf($_usernfo, $_db, $_settings)
+	static public function getInstanceOf($_usernfo, $_settings)
 	{
-		if(!isset($_usernfo)
-		   || $_usernfo == null)
-		{
+		if (!isset($_usernfo)
+		   || $_usernfo == null
+		) {
 			$_usernfo = array();
 			$_usernfo['loginname'] = 'unknown';
 		}

-		if(!isset(self::$loggers[$_usernfo['loginname']]))
-		{
-			self::$loggers[$_usernfo['loginname']] = new FroxlorLogger($_usernfo, $_db, $_settings);
+		if (!isset(self::$loggers[$_usernfo['loginname']])) {
+			self::$loggers[$_usernfo['loginname']] = new FroxlorLogger($_usernfo, $_settings);
 		}

 		return self::$loggers[$_usernfo['loginname']];
 	}

-	public function logAction($action = USR_ACTION, $type = LOG_NOTICE, $text = null)
-	{
-		if(self::$logtypes == null)
-		{
+	public function logAction ($action = USR_ACTION, $type = LOG_NOTICE, $text = null) {
+
+		if (self::$logtypes == null) {
 			return;
 		}

-		if($this->settings['logger']['log_cron'] == '0'
-		   && $action == CRON_ACTION)
-		{
+		if ($this->settings['logger']['log_cron'] == '0'
+		   && $action == CRON_ACTION
+		) {
 			return;
 		}

-		foreach(self::$logtypes as $logger)
-		{
-			switch($logger)
+		foreach (self::$logtypes as $logger) {
+
+			switch ($logger)
 			{
 				case 'syslog':
 					$_log = SysLogger::getInstanceOf($this->userinfo, $this->settings);
@@ -140,43 +119,30 @@ class FroxlorLogger
 					{
 						$_log = FileLogger::getInstanceOf($this->userinfo, $this->settings);
 					}
-
 					catch(Exception $e)
 					{
-						if($action != CRON_ACTION)
-						{
+						if ($action != CRON_ACTION) {
 							standard_error('logerror', $e->getMessage());
-						}
-						else
-						{
+						} else {
 							echo "Log-Error: " . $e->getMessage();
 						}
 					}
-
 					break;
 				case 'mysql':
-					$_log = MysqlLogger::getInstanceOf($this->userinfo, $this->settings, $this->db);
+					$_log = MysqlLogger::getInstanceOf($this->userinfo, $this->settings);
 					break;
 				default:
 					$_log = null;
 					break;
 			}

-			if($_log != null)
-			{
-				try
-				{
+			if ($_log != null) {
+				try {
 					$_log->logAction($action, $type, $text);
-				}
-
-				catch(Exception $e)
-				{
-					if($action != CRON_ACTION)
-					{
+				} catch(Exception $e) {
+					if ($action != CRON_ACTION) {
 						standard_error('logerror', $e->getMessage());
-					}
-					else
-					{
+					} else {
 						echo "Log-Error: " . $e->getMessage();
 					}
 				}
@@ -184,22 +150,22 @@ class FroxlorLogger
 		}
 	}

-	public function setCronLog($_cronlog = 0)
-	{
+	public function setCronLog($_cronlog = 0) {
+
 		$_cronlog = (int)$_cronlog;

-		if($_cronlog != 0
-		   && $_cronlog != 1)
-		{
+		if ($_cronlog != 0
+		   && $_cronlog != 1
+		) {
 			$_cronlog = 0;
 		}

-		$this->db->query("UPDATE `" . TABLE_PANEL_SETTINGS . "` 
-				  SET `value`='" . $this->db->escape($_cronlog) . "' 
-				  WHERE `settinggroup`='logger' 
-				  AND `varname`='log_cron'");
+		$stmt = Database::prepare("
+			UPDATE `" . TABLE_PANEL_SETTINGS . "` SET
+			`value` = :value
+			WHERE `settinggroup`='logger' AND `varname`='log_cron'"
+		);
+		Database::pexecute($stmt, array('value' => $_cronlog));
 		return true;
 	}
 }
-
-?>
--- a/lib/classes/logger/class.MysqlLogger.php
+++ b/lib/classes/logger/class.MysqlLogger.php
@@ -20,27 +20,18 @@
 * Logger - MySQL-Logger-Class
 */

-class MysqlLogger extends AbstractLogger
-{
+class MysqlLogger extends AbstractLogger {
+
 	/**
 	 * Userinfo
 	 * @var array
 	 */
-
 	private $userinfo = array();

-	/**
-	 * Database handler
-	 * @var db
-	 */
-
-	private $db = false;
-
 	/**
 	 * Syslogger Objects Array
 	 * @var loggers
 	 */
-
 	static private $loggers = array();

 	/**
@@ -48,66 +39,69 @@ class MysqlLogger extends AbstractLogger
 	 *
 	 * @param array userinfo
 	 * @param array settings
-	 * @param resource database
 	 */
-
-	protected function __construct($userinfo, $settings, $db)
-	{
+	protected function __construct($userinfo, $settings) {
 		parent::setupLogger($settings);
 		$this->userinfo = $userinfo;
-		$this->db = $db;
 	}

 	/**
 	 * Singleton ftw ;-)
 	 *
 	 */
+	static public function getInstanceOf($_usernfo, $_settings) {

-	static public function getInstanceOf($_usernfo, $_settings, $_db)
-	{
-		if(!isset(self::$loggers[$_usernfo['loginname']]))
-		{
-			self::$loggers[$_usernfo['loginname']] = new MysqlLogger($_usernfo, $_settings, $_db);
+		if (!isset(self::$loggers[$_usernfo['loginname']])) {
+			self::$loggers[$_usernfo['loginname']] = new MysqlLogger($_usernfo, $_settings);
 		}
-
 		return self::$loggers[$_usernfo['loginname']];
 	}

-	public function logAction($action = USR_ACTION, $type = LOG_NOTICE, $text = null)
-	{
-		if(parent::isEnabled())
-		{
-			if(parent::getSeverity() <= 1
-			   && $type == LOG_NOTICE)
-			{
+	public function logAction($action = USR_ACTION, $type = LOG_NOTICE, $text = null) {
+
+		if (parent::isEnabled()) {
+
+			if (parent::getSeverity() <= 1
+			   && $type == LOG_NOTICE
+			) {
 				return;
 			}

-			if(!isset($this->userinfo['loginname'])
-			   || $this->userinfo['loginname'] == '')
-			{
+			if (!isset($this->userinfo['loginname'])
+			   || $this->userinfo['loginname'] == ''
+			) {
 				$name = 'unknown';
-			}
-			else
-			{
-				$name = " (" . $this->userinfo['loginname'] . ")";
+			} else {
+				$name = $this->userinfo['loginname'];
 			}

 			$now = time();

-			if($text != null
-			   && $text != '')
-			{
-				$this->db->query("INSERT INTO `panel_syslog` (`type`, `date`, `action`, `user`, `text`)
-                          VALUES ('" . (int)$type . "', '" . $now . "', '" . (int)$action . "', '" . $this->db->escape($name) . "', '" . $this->db->escape($text) . "')");
-			}
-			else
-			{
-				$this->db->query("INSERT INTO `panel_syslog` (`type`, `date`, `action`, `userid`, `text`)
-                          VALUES ('" . (int)$type . "', '" . $now . "', '" . (int)$action . "', '" . $this->db->escape($name) . "', 'No text given!!! Check scripts!')");
+			$stmt = Database::prepare("
+					INSERT INTO `panel_syslog` SET
+					`type` = :type,
+					`date` = :now,
+					`action` = :action,
+					`user` = :user,
+					`text` = :text"
+			);
+
+			$ins_data = array(
+					'type' => $type,
+					'now' => $now,
+					'action' => $action,
+					'user' => $name
+			);
+
+			if ($text != null
+			   && $text != ''
+			) {
+				$ins_data['text'] = $text;
+				Database::pexecute($stmt, $ins_data);
+			} else {
+				$ins_data['text'] = 'No text given!!! Check scripts!';
+				Database::pexecute($stmt, $ins_data);
 			}
 		}
 	}
 }
-
-?>
--- a/lib/classes/logger/class.SysLogger.php
+++ b/lib/classes/logger/class.SysLogger.php
@@ -105,7 +105,7 @@ class SysLogger extends AbstractLogger
 			}
 			else
 			{
-				$name = " (" . $this->userinfo['loginname'] . ")";
+				$name = $this->userinfo['loginname'];
 			}

 			openlog("Froxlor", LOG_NDELAY, LOG_USER);
@@ -124,5 +124,3 @@ class SysLogger extends AbstractLogger
 		}
 	}
 }
-
-?>
--- a/lib/classes/output/class.paging.php
+++ b/lib/classes/output/class.paging.php
@@ -21,91 +21,72 @@
 * Class to manage paging system
 * @package Functions
 */
+class paging {

-class paging
-{
 	/**
 	 * Userinfo
 	 * @var array
 	 */
-
 	var $userinfo = array();

-	/**
-	 * Database handler
-	 * @var db
-	 */
-
-	var $db = false;
-
 	/**
 	 * MySQL-Table
 	 * @var string
 	 */
-
 	var $table = '';

 	/**
 	 * Fields with description which should be selectable
 	 * @var array
 	 */
-
 	var $fields = array();

 	/**
 	 * Entries per page
 	 * @var int
 	 */
-
 	var $entriesperpage = 0;

 	/**
 	 * Number of entries of table
 	 * @var int
 	 */
-
 	var $entries = 0;

 	/**
 	 * Sortorder, asc or desc
 	 * @var string
 	 */
-
 	var $sortorder = 'asc';

 	/**
 	 * Sortfield
 	 * @var string
 	 */
-
 	var $sortfield = '';

 	/**
 	 * Searchfield
 	 * @var string
 	 */
-
 	var $searchfield = '';

 	/**
 	 * Searchtext
 	 * @var string
 	 */
-
 	var $searchtext = '';

 	/**
 	 * Pagenumber
 	 * @var int
 	 */
-
 	var $pageno = 0;

 	/**
 	 * Switch natsorting on/off
 	 * @var bool
 	 */
-
 	var $natSorting = false;

 	/**
@@ -117,17 +98,14 @@ class paging
 	 * @param int entries per page
 	 * @param bool Switch natsorting on/off (global, affects all calls of sort)
 	 */
+	function paging($userinfo, $table, $fields, $entriesperpage, $natSorting = false) {

-	function paging($userinfo, $db, $table, $fields, $entriesperpage, $natSorting = false)
-	{
 		$this->userinfo = $userinfo;

-		if(!is_array($this->userinfo['lastpaging']))
-		{
+		if (!is_array($this->userinfo['lastpaging'])) {
 			$this->userinfo['lastpaging'] = unserialize($this->userinfo['lastpaging']);
 		}

-		$this->db = $db;
 		$this->table = $table;
 		$this->fields = $fields;
 		$this->entriesperpage = $entriesperpage;
@@ -135,42 +113,39 @@ class paging
 		$checklastpaging = (isset($this->userinfo['lastpaging']['table']) && $this->userinfo['lastpaging']['table'] == $this->table);
 		$this->userinfo['lastpaging']['table'] = $this->table;

-		if(isset($_REQUEST['sortorder'])
-		   && (strtolower($_REQUEST['sortorder']) == 'desc' || strtolower($_REQUEST['sortorder']) == 'asc'))
-		{
+		if (isset($_REQUEST['sortorder'])
+			&& (strtolower($_REQUEST['sortorder']) == 'desc'
+			|| strtolower($_REQUEST['sortorder']) == 'asc')
+		) {
 			$this->sortorder = strtolower($_REQUEST['sortorder']);
-		}
-		else
-		{
-			if($checklastpaging
-			   && isset($this->userinfo['lastpaging']['sortorder'])
-			   && (strtolower($this->userinfo['lastpaging']['sortorder']) == 'desc' || strtolower($this->userinfo['lastpaging']['sortorder']) == 'asc'))
-			{
+
+		} else {
+
+			if ($checklastpaging
+				&& isset($this->userinfo['lastpaging']['sortorder'])
+				&& (strtolower($this->userinfo['lastpaging']['sortorder']) == 'desc'
+				|| strtolower($this->userinfo['lastpaging']['sortorder']) == 'asc')
+			) {
 				$this->sortorder = strtolower($this->userinfo['lastpaging']['sortorder']);
-			}
-			else
-			{
+
+			} else {
 				$this->sortorder = 'asc';
 			}
 		}

 		$this->userinfo['lastpaging']['sortorder'] = $this->sortorder;

-		if(isset($_REQUEST['sortfield'])
-		   && isset($fields[$_REQUEST['sortfield']]))
-		{
+		if (isset($_REQUEST['sortfield'])
+			&& isset($fields[$_REQUEST['sortfield']])
+		) {
 			$this->sortfield = $_REQUEST['sortfield'];
-		}
-		else
-		{
-			if($checklastpaging
-			   && isset($this->userinfo['lastpaging']['sortfield'])
-			   && isset($fields[$this->userinfo['lastpaging']['sortfield']]))
-			{
+		} else {
+			if ($checklastpaging
+				&& isset($this->userinfo['lastpaging']['sortfield'])
+				&& isset($fields[$this->userinfo['lastpaging']['sortfield']])
+			) {
 				$this->sortfield = $this->userinfo['lastpaging']['sortfield'];
-			}
-			else
-			{
+			} else {
 				$fieldnames = array_keys($fields);
 				$this->sortfield = $fieldnames[0];
 			}
@@ -178,21 +153,17 @@ class paging

 		$this->userinfo['lastpaging']['sortfield'] = $this->sortfield;

-		if(isset($_REQUEST['searchfield'])
-		   && isset($fields[$_REQUEST['searchfield']]))
-		{
+		if (isset($_REQUEST['searchfield'])
+			&& isset($fields[$_REQUEST['searchfield']])
+		) {
 			$this->searchfield = $_REQUEST['searchfield'];
-		}
-		else
-		{
-			if($checklastpaging
-			   && isset($this->userinfo['lastpaging']['searchfield'])
-			   && isset($fields[$this->userinfo['lastpaging']['searchfield']]))
-			{
+		} else {
+			if ($checklastpaging
+				&& isset($this->userinfo['lastpaging']['searchfield'])
+				&& isset($fields[$this->userinfo['lastpaging']['searchfield']])
+			) {
 				$this->searchfield = $this->userinfo['lastpaging']['searchfield'];
-			}
-			else
-			{
+			} else {
 				$fieldnames = array_keys($fields);
 				$this->searchfield = $fieldnames[0];
 			}
@@ -200,49 +171,56 @@ class paging

 		$this->userinfo['lastpaging']['searchfield'] = $this->searchfield;

-		if(isset($_REQUEST['searchtext'])
-		   && (preg_match('/[-_@\p{L}\p{N}*.]+$/u', $_REQUEST['searchtext']) || $_REQUEST['searchtext'] === ''))
-		{
-			$this->searchtext = $_REQUEST['searchtext'];
-		}
-		else
-		{
-			if($checklastpaging
-			   && isset($this->userinfo['lastpaging']['searchtext'])
-			   && preg_match('/[-_@\p{L}\p{N}*.]+$/u', $this->userinfo['lastpaging']['searchtext']))
-			{
+		if (isset($_REQUEST['searchtext'])
+			&& (preg_match('/[-_@\p{L}\p{N}*.]+$/u', $_REQUEST['searchtext'])
+			|| $_REQUEST['searchtext'] === '')
+		) {
+			$this->searchtext = trim($_REQUEST['searchtext']);
+		} else {
+			if ($checklastpaging
+				&& isset($this->userinfo['lastpaging']['searchtext'])
+				&& preg_match('/[-_@\p{L}\p{N}*.]+$/u', $this->userinfo['lastpaging']['searchtext'])
+			) {
 				$this->searchtext = $this->userinfo['lastpaging']['searchtext'];
-			}
-			else
-			{
+			} else {
 				$this->searchtext = '';
 			}
 		}

 		$this->userinfo['lastpaging']['searchtext'] = $this->searchtext;

-		if(isset($_REQUEST['pageno'])
-		   && intval($_REQUEST['pageno']) != 0)
-		{
+		if (isset($_REQUEST['pageno'])
+			&& intval($_REQUEST['pageno']) != 0
+		) {
 			$this->pageno = intval($_REQUEST['pageno']);
-		}
-		else
-		{
-			if($checklastpaging
-			   && isset($this->userinfo['lastpaging']['pageno'])
-			   && intval($this->userinfo['lastpaging']['pageno']) != 0)
-			{
+		} else {
+			if ($checklastpaging
+				&& isset($this->userinfo['lastpaging']['pageno'])
+				&& intval($this->userinfo['lastpaging']['pageno']) != 0
+			) {
 				$this->pageno = intval($this->userinfo['lastpaging']['pageno']);
-			}
-			else
-			{
+			} else {
 				$this->pageno = 1;
 			}
 		}

 		$this->userinfo['lastpaging']['pageno'] = $this->pageno;
-		$query = 'UPDATE `' . TABLE_PANEL_SESSIONS . '` SET `lastpaging`="' . $this->db->escape(serialize($this->userinfo['lastpaging'])) . '" WHERE `hash`="' . $this->db->escape($userinfo['hash']) . '"  AND `userid` = "' . $this->db->escape($userinfo['userid']) . '"  AND `ipaddress` = "' . $this->db->escape($userinfo['ipaddress']) . '"  AND `useragent` = "' . $this->db->escape($userinfo['useragent']) . '"  AND `adminsession` = "' . $this->db->escape($userinfo['adminsession']) . '" ';
-		$this->db->query($query);
+		$upd_stmt = Database::prepare("
+			UPDATE `" . TABLE_PANEL_SESSIONS . "` SET
+			`lastpaging` = :lastpaging
+			WHERE `hash` = :hash  AND `userid` = :userid
+			AND `ipaddress` = :ipaddr AND `useragent` = :ua
+			AND `adminsession` = :adminsession
+		");
+		$upd_data = array(
+			'lastpaging' => serialize($this->userinfo['lastpaging']),
+			'hash' => $userinfo['hash'],
+			'userid' => $userinfo['userid'],
+			'ipaddr' => $userinfo['ipaddress'],
+			'ua' => $userinfo['useragent'],
+			'adminsession' => $userinfo['adminsession']
+		);
+		Database::pexecute($upd_stmt, $upd_data);
 	}

 	/**
@@ -250,13 +228,11 @@ class paging
 	 *
 	 * @param int entries
 	 */
+	function setEntries($entries) {

-	function setEntries($entries)
-	{
 		$this->entries = $entries;

-		if(($this->pageno - 1) * $this->entriesperpage > $this->entries)
-		{
+		if (($this->pageno - 1) * $this->entriesperpage > $this->entries) {
 			$this->pageno = 1;
 		}

@@ -269,9 +245,7 @@ class paging
 	 * @param int number of row
 	 * @return bool to display or not to display, that's the question
 	 */
-
-	function checkDisplay($count)
-	{
+	function checkDisplay($count) {
 		$begin = (intval($this->pageno) - 1) * intval($this->entriesperpage);
 		$end = (intval($this->pageno) * intval($this->entriesperpage));
 		return (($count >= $begin && $count < $end) || $this->entriesperpage == 0);
@@ -283,30 +257,21 @@ class paging
 	 * @param bool should returned condition code start with WHERE (false) or AND (true)?
 	 * @return string the condition code
 	 */
-
-	function getSqlWhere($append = false)
-	{
-		if($this->searchtext != '')
-		{
-			if($append == true)
-			{
+	function getSqlWhere($append = false) {
+		if ($this->searchtext != '') {
+			if ($append == true) {
 				$condition = ' AND ';
-			}
-			else
-			{
+			} else {
 				$condition = ' WHERE ';
 			}

 			$searchfield = explode('.', $this->searchfield);
-			foreach($searchfield as $id => $field)
-			{
-				if(substr($field, -1, 1) != '`')
-				{
+			foreach ($searchfield as $id => $field) {
+				if (substr($field, -1, 1) != '`') {
 					$field.= '`';
 				}

-				if($field{0} != '`')
-				{
+				if ($field{0} != '`') {
 					$field = '`' . $field;
 				}

@@ -314,11 +279,41 @@ class paging
 			}

 			$searchfield = implode('.', $searchfield);
-			$searchtext = str_replace('*', '%', $this->searchtext);
-			$condition.= $searchfield . ' LIKE "' . $this->db->escape($searchtext) . '" ';
-		}
-		else
-		{
+			
+			$ops = array('<', '>', '=');
+			
+			// check if we use an operator or not
+			$useOper = 0;
+			$oper = "=";
+			if (in_array(substr($this->searchtext, 0, 1), $ops)) {
+				$useOper = 1;
+				$oper = substr($this->searchtext, 0, 1);
+			}
+			
+			// check for diskspace and whether searchtext is a number
+			// in any other case the logical-operators would make no sense
+			if (strpos($searchfield, 'diskspace') > 0 && is_numeric(substr($this->searchtext, $useOper))) {
+				// anything with diskspace is *1024
+				$searchtext = ((int)substr($this->searchtext, $useOper))*1024;
+				$useOper = 1;
+			} elseif (strpos($searchfield, 'traffic') > 0 && is_numeric(substr($this->searchtext, $useOper))) {
+				// anything with traffic is *1024*1024
+				$searchtext = ((int)substr($this->searchtext, $useOper))*1024*1024;
+				$useOper = 1;
+			} else {
+				// any other field
+				$searchtext = substr($this->searchtext, $useOper);
+			}
+			
+			if ($useOper == 1 && is_numeric(substr($this->searchtext, $useOper))) {
+				// now as we use >, < or = we use the given operator and not LIKE
+				$condition.= $searchfield . " ".$oper." " . Database::quote($searchtext);
+			} else {
+				$searchtext = str_replace('*', '%', $this->searchtext);
+				$condition.= $searchfield . " LIKE " . Database::quote($searchtext);
+			}
+			
+		} else {
 			$condition = '';
 		}

@@ -331,19 +326,15 @@ class paging
 	 * @param bool Switch natsorting on/off (local, affects just this call)
 	 * @return string the "order by"-code
 	 */
+	function getSqlOrderBy($natSorting = null) {

-	function getSqlOrderBy($natSorting = null)
-	{
 		$sortfield = explode('.', $this->sortfield);
-		foreach($sortfield as $id => $field)
-		{
-			if(substr($field, -1, 1) != '`')
-			{
+		foreach ($sortfield as $id => $field) {
+			if (substr($field, -1, 1) != '`') {
 				$field.= '`';
 			}

-			if($field{0} != '`')
-			{
+			if ($field{0} != '`') {
 				$field = '`' . $field;
 			}

@@ -353,15 +344,17 @@ class paging
 		$sortfield = implode('.', $sortfield);
 		$sortorder = strtoupper($this->sortorder);

-		if($natSorting == true
-		   || ($natSorting === null && $this->natSorting == true))
-		{
+		if ($natSorting == true
+			|| ($natSorting === null && $this->natSorting == true)
+		) {
 			// Acts similar to php's natsort(), found in one comment at http://my.opera.com/cpr/blog/show.dml/160556
-
-			$sortcode = 'ORDER BY CONCAT( IF( ASCII( LEFT( ' . $sortfield . ', 5 ) ) > 57, LEFT( ' . $sortfield . ', 1 ), \'0\' ), IF( ASCII( RIGHT( ' . $sortfield . ', 1 ) ) > 57, LPAD( ' . $sortfield . ', 255, \'0\' ), LPAD( CONCAT( ' . $sortfield . ', \'-\' ), 255, \'0\' ) ) ) ' . $sortorder;
-		}
-		else
-		{
+			$sortcode = "ORDER BY CONCAT( IF( ASCII( LEFT( " . $sortfield . ", 5 ) ) > 57,
+				LEFT( " . $sortfield . ", 1 ), 0 ),
+				IF( ASCII( RIGHT( " . $sortfield . ", 1 ) ) > 57,
+					LPAD( " . $sortfield . ", 255, '0' ),
+					LPAD( CONCAT( " . $sortfield . ", '-' ), 255, '0' )
+				)) " . $sortorder;
+		} else {
 			$sortcode = 'ORDER BY ' . $sortfield . ' ' . $sortorder;
 		}

@@ -373,13 +366,10 @@ class paging
 	 *
 	 * @return string always empty
 	 */
-
-	function getSqlLimit()
-	{
+	function getSqlLimit() {
 		/**
 		 * currently not in use
 		 */
-
 		return '';
 	}

@@ -389,21 +379,18 @@ class paging
 	 * @param array Language array
 	 * @return string the html sortcode
 	 */
+	function getHtmlSortCode($lng, $break = false) {

-	function getHtmlSortCode($lng, $break = false)
-	{
 		$sortcode = '';
 		$fieldoptions = '';
 		$orderoptions = '';

-		foreach($this->fields as $fieldname => $fieldcaption)
-		{
+		foreach ($this->fields as $fieldname => $fieldcaption) {
 			$fieldoptions.= makeoption($fieldcaption, $fieldname, $this->sortfield, true, true);
 		}

 		$breakorws = ($break ? '<br />' : '&nbsp;');
-		foreach(array('asc' => $lng['panel']['ascending'], 'desc' => $lng['panel']['decending']) as $sortordertype => $sortorderdescription)
-		{
+		foreach (array('asc' => $lng['panel']['ascending'], 'desc' => $lng['panel']['decending']) as $sortordertype => $sortorderdescription) {
 			$orderoptions.= makeoption($sortorderdescription, $sortordertype, $this->sortorder, true, true);
 		}

@@ -418,24 +405,20 @@ class paging
 	 * @param string If set, only this field will be returned
 	 * @return mixed An array or a string (if field is set) of html code of arrows
 	 */
+	function getHtmlArrowCode($baseurl, $field = '') {

-	function getHtmlArrowCode($baseurl, $field = '')
-	{
 		global $theme;

-		if($field != ''
-		   && isset($this->fields[$field]))
-		{
+		if ($field != ''
+			&& isset($this->fields[$field])
+		) {
 			$baseurl = htmlspecialchars($baseurl);
 			$fieldname = htmlspecialchars($field);
 			eval("\$arrowcode =\"" . getTemplate("misc/htmlarrowcode", '1') . "\";");
-		}
-		else
-		{
+		} else {
 			$baseurl = htmlspecialchars($baseurl);
 			$arrowcode = array();
-			foreach($this->fields as $fieldname => $fieldcaption)
-			{
+			foreach ($this->fields as $fieldname => $fieldcaption) {
 				$fieldname = htmlspecialchars($fieldname);
 				eval("\$arrowcode[\$fieldname] =\"" . getTemplate("misc/htmlarrowcode", '1') . "\";");
 			}
@@ -450,14 +433,12 @@ class paging
 	 * @param array Language array
 	 * @return string the html searchcode
 	 */
+	function getHtmlSearchCode($lng) {

-	function getHtmlSearchCode($lng)
-	{
 		$searchcode = '';
 		$fieldoptions = '';
 		$searchtext = htmlspecialchars($this->searchtext);
-		foreach($this->fields as $fieldname => $fieldcaption)
-		{
+		foreach ($this->fields as $fieldname => $fieldcaption) {
 			$fieldoptions.= makeoption($fieldcaption, $fieldname, $this->searchfield, true, true);
 		}
 		eval("\$searchcode =\"" . getTemplate("misc/htmlsearchcode", '1') . "\";");
@@ -470,61 +451,42 @@ class paging
 	 * @param string URL to use as base for links
 	 * @return string the html pagingcode
 	 */
-
-	function getHtmlPagingCode($baseurl)
-	{
-		if($this->entriesperpage == 0)
-		{
+	function getHtmlPagingCode($baseurl) {
+		if ($this->entriesperpage == 0) {
 			return '';
-		}
-		else
-		{
+		} else {
 			$pages = intval($this->entries / $this->entriesperpage);
 		}

-		if($this->entries % $this->entriesperpage != 0)
-		{
+		if ($this->entries % $this->entriesperpage != 0) {
 			$pages++;
 		}

-		if($pages > 1)
-		{
-			$start = $this->pageno - 4;
+		if ($pages > 1) {

-			if($start < 1)
-			{
+			$start = $this->pageno - 4;
+			if ($start < 1) {
 				$start = 1;
 			}

 			$stop = $this->pageno + 4;
-
-			if($stop > $pages)
-			{
+			if ($stop > $pages) {
 				$stop = $pages;
 			}

 			$pagingcode = '<a href="' . htmlspecialchars($baseurl) . '&amp;pageno=1">&laquo;</a> <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . ((intval($this->pageno) - 1) == 0 ? '1' : intval($this->pageno) - 1) . '">&lt;</a>&nbsp;';
-			for ($i = $start;$i <= $stop;$i++)
-			{
-				if($i != $this->pageno)
-				{
+			for ($i = $start;$i <= $stop;$i++) {
+				if ($i != $this->pageno) {
 					$pagingcode.= ' <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . $i . '">' . $i . '</a>&nbsp;';
-				}
-				else
-				{
+				} else {
 					$pagingcode.= ' <strong>' . $i . '</strong>&nbsp;';
 				}
 			}
-
 			$pagingcode.= ' <a href="' . htmlspecialchars($baseurl) . '&amp;pageno=' . ((intval($this->pageno) + 1) > $pages ? $pages : intval($this->pageno) + 1) . '">&gt;</a> <a href="' . $baseurl . '&amp;pageno=' . $pages . '">&raquo;</a>';
-		}
-		else
-		{
+		} else {
 			$pagingcode = '';
 		}

 		return $pagingcode;
 	}
 }
-
-?>
--- a/lib/classes/phpinterface/class.phpinterface.php
+++ b/lib/classes/phpinterface/class.phpinterface.php
@@ -19,13 +19,7 @@
 *
 */

-class phpinterface
-{
-	/**
-	 * Database handler
-	 * @var object
-	 */
-	private $_db = false;
+class phpinterface {

 	/**
 	 * Settings array
@@ -54,9 +48,7 @@ class phpinterface
 	/**
 	 * main constructor
 	 */
-	public function __construct($db, $settings, $domain)
-	{
-		$this->_db = $db;
+	public function __construct($settings, $domain) {
 		$this->_settings = $settings;
 		$this->_domain = $domain;
 		$this->_setInterface();
@@ -66,8 +58,7 @@ class phpinterface
 	 * returns the interface-object
 	 * from where we can control it
 	 */
-	public function getInterface()
-	{
+	public function getInterface() {
 		return $this->_interface;
 	}
 	
@@ -76,16 +67,13 @@ class phpinterface
 	 * php-interface: fcgid or php-fpm
 	 * sets private $_interface variable
 	 */
-	private function _setInterface()
-	{
+	private function _setInterface() {
 		// php-fpm
-		if((int)$this->_settings['phpfpm']['enabled'] == 1)
-		{
-			$this->_interface = new phpinterface_fpm($this->_db, $this->_settings, $this->_domain);
-		}
-		elseif((int)$this->_settings['system']['mod_fcgid'] == 1)
-		{
-			$this->_interface = new phpinterface_fcgid($this->_db, $this->_settings, $this->_domain);
+		if ((int)$this->_settings['phpfpm']['enabled'] == 1) {
+			$this->_interface = new phpinterface_fpm($this->_settings, $this->_domain);
+
+		} elseif ((int)$this->_settings['system']['mod_fcgid'] == 1) {
+			$this->_interface = new phpinterface_fcgid($this->_settings, $this->_domain);
 		}
 	}

@@ -96,23 +84,20 @@ class phpinterface
 	 * 
 	 * @return array
 	 */
-	public function getPhpConfig($php_config_id)
-	{
+	public function getPhpConfig($php_config_id) {
+
 		$php_config_id = intval($php_config_id);

 		// If domain has no config, we will use the default one.
-
-		if($php_config_id == 0)
-		{
+		if ($php_config_id == 0) {
 			$php_config_id = 1;
 		}

-		if(!isset($this->php_configs_cache[$php_config_id]))
-		{
-			$this->_php_configs_cache[$php_config_id] = $this->_db->query_first(
-				"SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` 
-				WHERE `id` = " . (int)$php_config_id
+		if (!isset($this->php_configs_cache[$php_config_id])) {
+			$stmt = Database::prepare("
+					SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
 			);
+			$this->_php_configs_cache[$php_config_id] = Database::pexecute_first($stmt, array('id' => $php_config_id));
 		}

 		return $this->_php_configs_cache[$php_config_id];
--- a/lib/classes/phpinterface/class.phpinterface_fcgid.php
+++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php
@@ -19,13 +19,7 @@
 *
 */

-class phpinterface_fcgid
-{
-	/**
-	 * Database handler
-	 * @var object
-	 */
-	private $_db = false;
+class phpinterface_fcgid {

 	/**
 	 * Settings array
@@ -36,27 +30,25 @@ class phpinterface_fcgid
 	/**
 	 * Domain-Data array
 	 * @var array
-	 */
+	*/
 	private $_domain = array();

 	/**
 	 * Admin-Date cache array
 	 * @var array
-	 */
+	*/
 	private $_admin_cache = array();

 	/**
 	 * main constructor
-	 */
-	public function __construct($db, $settings, $domain)
-	{
-		$this->_db = $db;
+	*/
+	public function __construct($settings, $domain) {
 		$this->_settings = $settings;
 		$this->_domain = $domain;
 	}

-	public function createConfig($phpconfig)
-	{
+	public function createConfig($phpconfig) {
+
 		// create starter
 		$starter_file = "#!/bin/sh\n\n";
 		$starter_file.= "#\n";
@@ -68,18 +60,13 @@ class phpinterface_fcgid
 		$starter_file.= "export PHPRC\n";

 		// set number of processes for one domain
-		if((int)$this->_domain['mod_fcgid_starter'] != - 1)
-		{
+		if ((int)$this->_domain['mod_fcgid_starter'] != - 1) {
 			$starter_file.= "PHP_FCGI_CHILDREN=" . (int)$this->_domain['mod_fcgid_starter'] . "\n";
-		}
-		else
-		{
-			if((int)$phpconfig['mod_fcgid_starter'] != - 1)
-			{
+
+		} else {
+			if ((int)$phpconfig['mod_fcgid_starter'] != - 1) {
 				$starter_file.= "PHP_FCGI_CHILDREN=" . (int)$phpconfig['mod_fcgid_starter'] . "\n";
-			}
-			else
-			{
+			} else {
 				$starter_file.= "PHP_FCGI_CHILDREN=" . (int)$this->_settings['system']['mod_fcgid_starter'] . "\n";
 			}
 		}
@@ -87,18 +74,12 @@ class phpinterface_fcgid
 		$starter_file.= "export PHP_FCGI_CHILDREN\n";

 		// set number of maximum requests for one domain
-		if((int)$this->_domain['mod_fcgid_maxrequests'] != - 1)
-		{
+		if ((int)$this->_domain['mod_fcgid_maxrequests'] != - 1) {
 			$starter_file.= "PHP_FCGI_MAX_REQUESTS=" . (int)$this->_domain['mod_fcgid_maxrequests'] . "\n";
-		}
-		else
-		{
-			if((int)$phpconfig['mod_fcgid_maxrequests'] != - 1)
-			{
+		} else {
+			if ((int)$phpconfig['mod_fcgid_maxrequests'] != - 1) {
 				$starter_file.= "PHP_FCGI_MAX_REQUESTS=" . (int)$phpconfig['mod_fcgid_maxrequests'] . "\n";
-			}
-			else
-			{
+			} else {
 				$starter_file.= "PHP_FCGI_MAX_REQUESTS=" . (int)$this->_settings['system']['mod_fcgid_maxrequests'] . "\n";
 			}
 		}
@@ -109,8 +90,7 @@ class phpinterface_fcgid
 		$starter_file.= "exec " . $phpconfig['binary'] . " -c " . escapeshellarg($this->getConfigDir()) . "\n";

 		//remove +i attibute, so starter can be overwritten
-		if(file_exists($this->getStarterFile()))
-		{
+		if (file_exists($this->getStarterFile())) {
 			removeImmutable($this->getStarterFile());
 		}

@@ -122,34 +102,36 @@ class phpinterface_fcgid
 		setImmutable($this->getStarterFile());
 	}

-	public function createIniFile($phpconfig)
-	{
+	/**
+	 * create customized php.ini
+	 *
+	 * @param array $phpconfig
+	 */
+	public function createIniFile($phpconfig) {
+
 		$openbasedir = '';
 		$openbasedirc = ';';

-		if($this->_domain['openbasedir'] == '1')
-		{
+		if ($this->_domain['openbasedir'] == '1') {
+
 			$openbasedirc = '';
 			$_phpappendopenbasedir = '';

 			$_custom_openbasedir = explode(':', $this->_settings['system']['mod_fcgid_peardir']);
-			foreach($_custom_openbasedir as $cobd)
-			{
+			foreach ($_custom_openbasedir as $cobd) {
 				$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 			}

 			$_custom_openbasedir = explode(':', $this->_settings['system']['phpappendopenbasedir']);
-			foreach($_custom_openbasedir as $cobd)
-			{
+			foreach ($_custom_openbasedir as $cobd) {
 				$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 			}

-			if($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false)
-			{
+			if ($this->_domain['openbasedir_path'] == '0'
+					&& strstr($this->_domain['documentroot'], ":") === false
+			) {
 				$openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true);
-			}
-			else
-			{
+			} else {
 				$openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true);
 			}

@@ -158,34 +140,31 @@ class phpinterface_fcgid

 			$openbasedir = explode(':', $openbasedir);
 			$clean_openbasedir = array();
-			foreach($openbasedir as $number => $path)
-			{
-				if(trim($path) != '/')
-				{
+			foreach ($openbasedir as $number => $path) {
+				if (trim($path) != '/') {
 					$clean_openbasedir[] = makeCorrectDir($path);
 				}
 			}
 			$openbasedir = implode(':', $clean_openbasedir);
-		}
-		else
-		{
+
+		} else {
 			$openbasedir = 'none';
 			$openbasedirc = ';';
 		}

 		$admin = $this->_getAdminData($this->_domain['adminid']);
 		$php_ini_variables = array(
-			'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
-			'PEAR_DIR' => $this->_settings['system']['mod_fcgid_peardir'],
-			'OPEN_BASEDIR' => $openbasedir,
-			'OPEN_BASEDIR_C' => $openbasedirc,
-			'OPEN_BASEDIR_GLOBAL' => $this->_settings['system']['phpappendopenbasedir'],
-			'TMP_DIR' => $this->getTempDir(),
-			'CUSTOMER_EMAIL' => $this->_domain['email'],
-			'ADMIN_EMAIL' => $admin['email'],
-			'DOMAIN' => $this->_domain['domain'],
-			'CUSTOMER' => $this->_domain['loginname'],
-			'ADMIN' => $admin['loginname']
+				'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
+				'PEAR_DIR' => $this->_settings['system']['mod_fcgid_peardir'],
+				'OPEN_BASEDIR' => $openbasedir,
+				'OPEN_BASEDIR_C' => $openbasedirc,
+				'OPEN_BASEDIR_GLOBAL' => $this->_settings['system']['phpappendopenbasedir'],
+				'TMP_DIR' => $this->getTempDir(),
+				'CUSTOMER_EMAIL' => $this->_domain['email'],
+				'ADMIN_EMAIL' => $admin['email'],
+				'DOMAIN' => $this->_domain['domain'],
+				'CUSTOMER' => $this->_domain['loginname'],
+				'ADMIN' => $admin['loginname']
 		);

 		//insert a small header for the file
@@ -206,17 +185,16 @@ class phpinterface_fcgid

 	/**
 	 * fcgid-config directory
-	 * 
+	 *
 	 * @param boolean $createifnotexists create the directory if it does not exist
-	 * 
+	 *
 	 * @return string the directory
 	 */
-	public function getConfigDir($createifnotexists = true)
-	{
+	public function getConfigDir($createifnotexists = true) {
+
 		$configdir = makeCorrectDir($this->_settings['system']['mod_fcgid_configdir'] . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');

-		if(!is_dir($configdir) && $createifnotexists)
-		{
+		if (!is_dir($configdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($configdir));
 			safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
 		}
@@ -226,66 +204,61 @@ class phpinterface_fcgid

 	/**
 	 * fcgid-temp directory
-	 * 
+	 *
 	 * @param boolean $createifnotexists create the directory if it does not exist
-	 * 
+	 *
 	 * @return string the directory
 	 */
-	public function getTempDir($createifnotexists = true)
-	{
+	public function getTempDir($createifnotexists = true) {
+
 		$tmpdir = makeCorrectDir($this->_settings['system']['mod_fcgid_tmpdir'] . '/' . $this->_domain['loginname'] . '/');

-		if(!is_dir($tmpdir) && $createifnotexists)
-		{
+		if (!is_dir($tmpdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
 			safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
 			safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
 		}
-		
+
 		return $tmpdir;
 	}

 	/**
 	 * return path of php-starter file
-	 * 
+	 *
 	 * @return string the directory
 	 */
-	public function getStarterFile()
-	{
+	public function getStarterFile() {
 		$starter_filename = makeCorrectFile($this->getConfigDir() . '/php-fcgi-starter');
 		return $starter_filename;
 	}

 	/**
 	 * return path of php.ini file
-	 * 
+	 *
 	 * @return string full with path file-name
 	 */
-	public function getIniFile()
-	{
+	public function getIniFile() {
 		$phpini_filename = makeCorrectFile($this->getConfigDir() . '/php.ini');
 		return $phpini_filename;
 	}

 	/**
 	 * return the admin-data of a specific admin
-	 * 
+	 *
 	 * @param int $adminid id of the admin-user
-	 * 
+	 *
 	 * @return array
 	 */
-	private function _getAdminData($adminid)
-	{
+	private function _getAdminData($adminid) {
+
 		$adminid = intval($adminid);

-		if(!isset($this->_admin_cache[$adminid]))
-		{
-			$this->_admin_cache[$adminid] = $this->_db->query_first(
-				"SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` 
-				WHERE `adminid` = " . (int)$adminid
+		if (!isset($this->_admin_cache[$adminid])) {
+			$stmt = Database::prepare("
+					SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id"
 			);
+			$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array('id' => $adminid));
 		}
-
 		return $this->_admin_cache[$adminid];
 	}
 }
--- a/lib/classes/phpinterface/class.phpinterface_fpm.php
+++ b/lib/classes/phpinterface/class.phpinterface_fpm.php
@@ -19,13 +19,7 @@
 *
 */

-class phpinterface_fpm
-{
-	/**
-	 * Database handler
-	 * @var object
-	 */
-	private $_db = false;
+class phpinterface_fpm {

 	/**
 	 * Settings array
@@ -36,80 +30,87 @@ class phpinterface_fpm
 	/**
 	 * Domain-Data array
 	 * @var array
-	 */
+	*/
 	private $_domain = array();

 	/**
 	 * Admin-Date cache array
 	 * @var array
-	 */
+	*/
 	private $_admin_cache = array();

 	/**
 	 * defines what can be used for pool-config from php.ini
 	 * @var array
-	 */
+	*/
 	private $_ini = array(
-		'php_value' => array(
-			'error_reporting',
-			'max_execution_time',
-			'include_path',
-			'upload_max_filesize',
-			'log_errors_max_len'
-		),
-		'php_flag' => array(
-			'short_open_tag',
-			'asp_tags',
-			'display_errors',
-			'display_startup_errors',
-			'log_errors',
-			'track_errors',
-			'html_errors',
-			'magic_quotes_gpc',
-			'magic_quotes_runtime',
-			'magic_quotes_sybase'
-		),
-		'php_admin_value' => array(
-			'precision',
-			'output_buffering',
-			'disable_functions',
-			'max_input_time',
-			'memory_limit',
-			'post_max_size',
-			'variables_order',
-			'gpc_order',
-			'date.timezone'
-		),
-		'php_admin_flag' => array(
-			'allow_call_time_pass_reference',
-			'allow_url_fopen',
-			'cgi.force_redirect',
-			'enable_dl',
-			'expose_php',
-			'ignore_repeated_errors',
-			'ignore_repeated_source',
-			'report_memleaks',
-			'register_argc_argv',
-			'file_uploads',
-			'allow_url_fopen'
-		)
+			'php_value' => array(
+					'error_reporting',
+					'max_execution_time',
+					'include_path',
+					'upload_max_filesize',
+					'log_errors_max_len'
+			),
+			'php_flag' => array(
+					'short_open_tag',
+					'asp_tags',
+					'display_errors',
+					'display_startup_errors',
+					'log_errors',
+					'track_errors',
+					'html_errors',
+					'magic_quotes_gpc',
+					'magic_quotes_runtime',
+					'magic_quotes_sybase'
+			),
+			'php_admin_value' => array(
+					'open_basedir',
+					'precision',
+					'output_buffering',
+					'disable_functions',
+					'max_input_time',
+					'memory_limit',
+					'post_max_size',
+					'variables_order',
+					'gpc_order',
+					'date.timezone',
+					'sendmail_path',
+					'session.gc_divisor',
+					'session.gc_probability'
+			),
+			'php_admin_flag' => array(
+					'allow_call_time_pass_reference',
+					'allow_url_fopen',
+					'cgi.force_redirect',
+					'enable_dl',
+					'expose_php',
+					'ignore_repeated_errors',
+					'ignore_repeated_source',
+					'report_memleaks',
+					'register_argc_argv',
+					'file_uploads',
+					'allow_url_fopen'
+			)
 	);

 	/**
 	 * main constructor
-	 */
-	public function __construct($db, $settings, $domain)
-	{
-		$this->_db = $db;
+	*/
+	public function __construct($settings, $domain) {
 		$this->_settings = $settings;
 		$this->_domain = $domain;
 	}

-	public function createConfig($phpconfig)
-	{
+	/**
+	 * create fpm-pool config
+	 *
+	 * @param array $phpconfig
+	 */
+	public function createConfig($phpconfig) {
+
 		$fh = @fopen($this->getConfigFile(), 'w');
-		if($fh)
-		{
+
+		if ($fh) {
 			$fpm_pm = $this->_settings['phpfpm']['pm'];
 			$fpm_children = (int)$this->_settings['phpfpm']['max_children'];
 			$fpm_start_servers = (int)$this->_settings['phpfpm']['start_servers'];
@@ -118,39 +119,34 @@ class phpinterface_fpm
 			$fpm_requests = (int)$this->_settings['phpfpm']['max_requests'];
 			$fpm_process_idle_timeout = (int)$this->_settings['phpfpm']['idle_timeout'];

-			if($fpm_children == 0) {
+			if ($fpm_children == 0) {
 				$fpm_children = 1;
 			}

 			$fpm_config = ';PHP-FPM configuration for "'.$this->_domain['domain'].'" created on ' . date("Y.m.d H:i:s") . "\n";
 			$fpm_config.= '['.$this->_domain['domain'].']'."\n";
 			$fpm_config.= 'listen = '.$this->getSocketFile()."\n";
-			if($this->_domain['loginname'] == 'froxlor.panel')
-			{
+			if ($this->_domain['loginname'] == 'froxlor.panel') {
 				$fpm_config.= 'listen.owner = '.$this->_domain['guid']."\n";
 				$fpm_config.= 'listen.group = '.$this->_domain['guid']."\n";
-			}
-			else
-			{
+			} else {
 				$fpm_config.= 'listen.owner = '.$this->_domain['loginname']."\n";
 				$fpm_config.= 'listen.group = '.$this->_domain['loginname']."\n";
 			}
 			$fpm_config.= 'listen.mode = 0666'."\n";

-			if($this->_domain['loginname'] == 'froxlor.panel')
-			{
+			if ($this->_domain['loginname'] == 'froxlor.panel') {
 				$fpm_config.= 'user = '.$this->_domain['guid']."\n";
 				$fpm_config.= 'group = '.$this->_domain['guid']."\n";
-			}
-			else
-			{
+			} else {
 				$fpm_config.= 'user = '.$this->_domain['loginname']."\n";
 				$fpm_config.= 'group = '.$this->_domain['loginname']."\n";
 			}

 			$fpm_config.= 'pm = '.$fpm_pm."\n";
 			$fpm_config.= 'pm.max_children = '.$fpm_children."\n";
-			if($fpm_pm == 'dynamic') {
+
+			if ($fpm_pm == 'dynamic') {
 				// failsafe, refs #955
 				if ($fpm_start_servers < $fpm_min_spare_servers) {
 					$fpm_start_servers = $fpm_min_spare_servers;
@@ -168,44 +164,45 @@ class phpinterface_fpm

 			$fpm_config.= 'pm.max_requests = '.$fpm_requests."\n";

+			// possible slowlog configs
+			if ($phpconfig['fpm_slowlog'] == '1') {
+				$fpm_config.= 'request_terminate_timeout = ' . $phpconfig['fpm_reqterm'] . "\n";
+				$fpm_config.= 'request_slowlog_timeout = ' . $phpconfig['fpm_reqslow'] . "\n";
+				$slowlog = makeCorrectFile($this->_settings['system']['logfiles_directory'] . '/' . $this->_domain['loginname'] . '-php-slow.log');
+				$fpm_config.= 'slowlog = ' . $slowlog . "\n";
+				$fpm_config.= 'catch_workers_output = yes' . "\n";
+			}
+
 			$fpm_config.= ';chroot = '.makeCorrectDir($this->_domain['documentroot'])."\n";

 			$tmpdir = makeCorrectDir($this->_settings['phpfpm']['tmpdir'] . '/' . $this->_domain['loginname'] . '/');
-			if(!is_dir($tmpdir))
-			{
+			if (!is_dir($tmpdir)) {
 				$this->getTempDir();
 			}
-			//$slowlog = makeCorrectFile($this->_settings['system']['logfiles_directory'] . $this->_domain['loginname'] . '/php-fpm_slow.log');

 			$fpm_config.= 'env[TMP] = '.$tmpdir."\n";
 			$fpm_config.= 'env[TMPDIR] = '.$tmpdir."\n";
 			$fpm_config.= 'env[TEMP] = '.$tmpdir."\n";

-			$fpm_config.= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f '.$this->_domain['email']."\n";
-			if($this->_domain['loginname'] != 'froxlor.panel')
-			{
-				if($this->_domain['openbasedir'] == '1')
-				{
-					$openbasedir = '';
+			$openbasedir = '';
+			if ($this->_domain['loginname'] != 'froxlor.panel') {
+				if ($this->_domain['openbasedir'] == '1') {
 					$_phpappendopenbasedir = '';
 					$_custom_openbasedir = explode(':', $this->_settings['phpfpm']['peardir']);
-					foreach($_custom_openbasedir as $cobd)
-					{
+					foreach ($_custom_openbasedir as $cobd) {
 						$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 					}

 					$_custom_openbasedir = explode(':', $this->_settings['system']['phpappendopenbasedir']);
-					foreach($_custom_openbasedir as $cobd)
-					{
+					foreach ($_custom_openbasedir as $cobd) {
 						$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 					}

-					if($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false)
-					{
+					if ($this->_domain['openbasedir_path'] == '0'
+							&& strstr($this->_domain['documentroot'], ":") === false
+					) {
 						$openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true);
-					}
-					else
-					{
+					} else {
 						$openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true);
 					}

@@ -214,22 +211,19 @@ class phpinterface_fpm

 					$openbasedir = explode(':', $openbasedir);
 					$clean_openbasedir = array();
-					foreach($openbasedir as $number => $path)
-					{
-						if(trim($path) != '/')
-						{
+					foreach ($openbasedir as $number => $path) {
+						if (trim($path) != '/') {
 							$clean_openbasedir[] = makeCorrectDir($path);
 						}
 					}
 					$openbasedir = implode(':', $clean_openbasedir);
-
-					$fpm_config.= 'php_admin_value[open_basedir] = ' . $openbasedir . "\n";
 				}
 			}
 			$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir($this->_settings['phpfpm']['tmpdir'] . '/' . $this->_domain['loginname'] . '/') . "\n";
 			$fpm_config.= 'php_admin_value[upload_tmp_dir] = ' . makeCorrectDir($this->_settings['phpfpm']['tmpdir'] . '/' . $this->_domain['loginname'] . '/') . "\n";

 			$admin = $this->_getAdminData($this->_domain['adminid']);
+
 			$php_ini_variables = array(
 					'SAFE_MODE' => 'Off', // keep this for compatibility, just in case
 					'PEAR_DIR' => $this->_settings['system']['mod_fcgid_peardir'],
@@ -238,7 +232,9 @@ class phpinterface_fpm
 					'ADMIN_EMAIL' => $admin['email'],
 					'DOMAIN' => $this->_domain['domain'],
 					'CUSTOMER' => $this->_domain['loginname'],
-					'ADMIN' => $admin['loginname']
+					'ADMIN' => $admin['loginname'],
+					'OPEN_BASEDIR' => $openbasedir,
+					'OPEN_BASEDIR_C' => ''
 			);

 			$phpini = replace_variables($phpconfig['phpsettings'], $php_ini_variables);
@@ -249,11 +245,21 @@ class phpinterface_fpm
 				$is = explode("=", $inisection);
 				foreach ($this->_ini as $sec => $possibles) {
 					if (in_array(trim($is[0]), $possibles)) {
+						// check explictly for open_basedir
+						if (trim($is[0]) == 'open_basedir' && $openbasedir == '') {
+							continue;
+						}
 						$fpm_config.= $sec.'['.trim($is[0]).'] = ' . trim($is[1]) . "\n";
 					}
 				}
 			}

+			// now check if 'sendmail_path' has not beed set in the custom-php.ini
+			// if not we use our fallback-default as usual
+			if (strpos($fpm_config, 'php_admin_value[sendmail_path]') === false) {
+				$fpm_config.= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f '.$this->_domain['email']."\n";
+			}
+
 			fwrite($fh, $fpm_config, strlen($fpm_config));
 			fclose($fh);
 		}
@@ -265,8 +271,7 @@ class phpinterface_fpm
 	 *
 	 * @param string $phpconfig
 	 */
-	public function createIniFile($phpconfig)
-	{
+	public function createIniFile($phpconfig) {
 		return;
 	}

@@ -277,13 +282,12 @@ class phpinterface_fpm
 	 *
 	 * @return string the full path to the file
 	 */
-	public function getConfigFile($createifnotexists = true)
-	{
+	public function getConfigFile($createifnotexists = true) {
+
 		$configdir = makeCorrectDir($this->_settings['phpfpm']['configdir']);
 		$config = makeCorrectFile($configdir.'/'.$this->_domain['domain'].'.conf');

-		if(!is_dir($configdir) && $createifnotexists)
-		{
+		if (!is_dir($configdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($configdir));
 		}

@@ -297,13 +301,14 @@ class phpinterface_fpm
 	 *
 	 * @return string the full path to the socket
 	 */
-	public function getSocketFile($createifnotexists = true)
-	{
-		$socketdir = makeCorrectDir('/var/run/'.$this->_settings['system']['webserver'].'/');
+	public function getSocketFile($createifnotexists = true) {
+
+		// see #1300 why this has changed
+		//$socketdir = makeCorrectDir('/var/run/'.$this->_settings['system']['webserver'].'/');
+		$socketdir = makeCorrectDir($this->_settings['phpfpm']['fastcgi_ipcdir']);
 		$socket = makeCorrectFile($socketdir.'/'.$this->_domain['loginname'].'-'.$this->_domain['domain'].'-php-fpm.socket');

-		if(!is_dir($socketdir) && $createifnotexists)
-		{
+		if (!is_dir($socketdir) && $createifnotexists) {
 			safe_exec('mkdir -p '.escapeshellarg($socketdir));
 			safe_exec('chown -R '.$this->_settings['system']['httpuser'].':'.$this->_settings['system']['httpgroup'].' '.escapeshellarg($socketdir));
 		}
@@ -318,12 +323,11 @@ class phpinterface_fpm
 	 *
 	 * @return string the directory
 	 */
-	public function getTempDir($createifnotexists = true)
-	{
+	public function getTempDir($createifnotexists = true) {
+
 		$tmpdir = makeCorrectDir($this->_settings['phpfpm']['tmpdir'] . '/' . $this->_domain['loginname'] . '/');

-		if(!is_dir($tmpdir) && $createifnotexists)
-		{
+		if (!is_dir($tmpdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
 			safe_exec('chown -R ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($tmpdir));
 			safe_exec('chmod 0750 ' . escapeshellarg($tmpdir));
@@ -333,28 +337,27 @@ class phpinterface_fpm
 	}

 	/**
- 	 * fastcgi-fakedirectory directory
- 	 *
- 	 * @param boolean $createifnotexists create the directory if it does not exist
- 	 *
- 	 * @return string the directory
- 	 */
- 	public function getAliasConfigDir($createifnotexists = true)
- 	{
-	    // ensure default...
-	    if (!isset($this->_settings['phpfpm']['aliasconfigdir'])) {
-	      $this->_settings['phpfpm']['aliasconfigdir'] = '/var/www/php-fpm';
-	    }
+	 * fastcgi-fakedirectory directory
+	 *
+	 * @param boolean $createifnotexists create the directory if it does not exist
+	 *
+	 * @return string the directory
+	 */
+	public function getAliasConfigDir($createifnotexists = true) {

- 		$configdir = makeCorrectDir($this->_settings['phpfpm']['aliasconfigdir'] . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');
- 		if(!is_dir($configdir) && $createifnotexists)
- 		{
- 			safe_exec('mkdir -p ' . escapeshellarg($configdir));
- 			safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
- 		}
+		// ensure default...
+		if (!isset($this->_settings['phpfpm']['aliasconfigdir'])) {
+			$this->_settings['phpfpm']['aliasconfigdir'] = '/var/www/php-fpm';
+		}

- 		return $configdir;
- 	}
+		$configdir = makeCorrectDir($this->_settings['phpfpm']['aliasconfigdir'] . '/' . $this->_domain['loginname'] . '/' . $this->_domain['domain'] . '/');
+		if (!is_dir($configdir) && $createifnotexists) {
+			safe_exec('mkdir -p ' . escapeshellarg($configdir));
+			safe_exec('chown ' . $this->_domain['guid'] . ':' . $this->_domain['guid'] . ' ' . escapeshellarg($configdir));
+		}
+
+		return $configdir;
+	}

 	/**
 	 * return the admin-data of a specific admin
@@ -364,15 +367,15 @@ class phpinterface_fpm
 	 * @return array
 	 */
 	private function _getAdminData($adminid) {
+
 		$adminid = intval($adminid);

 		if (!isset($this->_admin_cache[$adminid])) {
-			$this->_admin_cache[$adminid] = $this->_db->query_first(
-				"SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "`
-				WHERE `adminid` = " . (int)$adminid
+			$stmt = Database::prepare("
+					SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id"
 			);
+			$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array('id' => $adminid));
 		}
-
 		return $this->_admin_cache[$adminid];
 	}
 }
--- a/lib/classes/ticket/class.ticket.php
+++ b/lib/classes/ticket/class.ticket.php
@@ -20,48 +20,36 @@
 * Support Tickets - Tickets-Class
 */

-class ticket
-{
+class ticket {
+
 	/**
 	 * Userinfo
 	 * @var array
 	 */
-
 	private $userinfo = array();

-	/**
-	 * Database handler
-	 * @var db
-	 */
-
-	private $db = false;
-
 	/**
 	 * Settings array
 	 * @var settings
 	 */
-
 	private $settings = array();

 	/**
 	 * Ticket ID
 	 * @var tid
 	 */
-
 	private $tid = - 1;

 	/**
 	 * Ticket Data Array
 	 * @var t_data
 	 */
-
 	private $t_data = array();

 	/**
 	 * Ticket-Object-Array
 	 * @var tickets
 	 */
-
 	static private $tickets = array();

 	/**
@@ -74,15 +62,11 @@ class ticket
 	 * Class constructor.
 	 *
 	 * @param array userinfo
-	 * @param resource database
 	 * @param array settings
 	 * @param int ticket id
 	 */
-
-	private function __construct($userinfo, $db, $settings, $tid = - 1)
-	{
+	private function __construct($userinfo, $settings, $tid = - 1) {
 		$this->userinfo = $userinfo;
-		$this->db = $db;
 		$this->settings = $settings;
 		$this->tid = $tid;

@@ -94,36 +78,31 @@ class ticket
 		$this->_purifier = new HTMLPurifier($config);

 		// initialize data array
-
 		$this->initData();

 		// read data from database
-
 		$this->readData();
 	}

 	/**
 	 * Singleton ftw ;-)
 	 *
+	 * @param array userinfo
+	 * @param array settings
 	 * @param int ticket id
 	 */
-
-	static public function getInstanceOf($_usernfo, $_db, $_settings, $_tid)
-	{
-		if(!isset(self::$tickets[$_tid]))
-		{
-			self::$tickets[$_tid] = new ticket($_usernfo, $_db, $_settings, $_tid);
+	static public function getInstanceOf($_usernfo, $_settings, $_tid) {
+		if (!isset(self::$tickets[$_tid])) {
+			self::$tickets[$_tid] = new ticket($_usernfo, $_settings, $_tid);
 		}
-
 		return self::$tickets[$_tid];
 	}

 	/**
 	 * Initialize data-array
 	 */
+	private function initData() {

-	private function initData()
-	{
 		$this->Set('customer', 0, true, true);
 		$this->Set('admin', 1, true, true);
 		$this->Set('subject', '', true, true);
@@ -143,13 +122,16 @@ class ticket
 	/**
 	 * Read ticket data from database.
 	 */
+	private function readData() {
+
+		if (isset($this->tid)
+			&& $this->tid != - 1
+		) {
+			$_ticket_stmt = Database::prepare('
+				SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid'
+			);
+			$_ticket = Database::pexecute_first($_ticket_stmt, array('tid' => $this->tid));

-	private function readData()
-	{
-		if(isset($this->tid)
-		&& $this->tid != - 1)
-		{
-			$_ticket = $this->db->query_first('SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = "' . $this->tid . '"');
 			$this->Set('customer', $_ticket['customerid'], true, false);
 			$this->Set('admin', $_ticket['adminid'], true, false);
 			$this->Set('subject', $_ticket['subject'], true, false);
@@ -170,107 +152,123 @@ class ticket
 	/**
 	 * Insert data to database
 	 */
+	public function Insert() {

-	public function Insert()
-	{
-		$this->db->query("INSERT INTO `" . TABLE_PANEL_TICKETS . "`
-                (`customerid`,  
-                 `adminid`,
-                 `category`, 
-                 `priority`, 
-                 `subject`, 
-                 `message`, 
-                 `dt`, 
-                 `lastchange`, 
-                 `ip`, 
-                 `status`, 
-                 `lastreplier`, 
-                 `by`,
-                 `answerto`) 
-                  VALUES 
-                  ('" . (int)$this->Get('customer') . "', 
-                   '" . (int)$this->Get('admin') . "',
-                   '" . (int)$this->Get('category') . "', 
-                   '" . (int)$this->Get('priority') . "', 
-                   '" . $this->db->escape($this->Get('subject')) . "', 
-                   '" . $this->db->escape($this->Get('message')) . "', 
-                   '" . (int)$this->Get('dt') . "', 
-                   '" . (int)$this->Get('lastchange') . "', 
-                   '" . $this->db->escape($this->Get('ip')) . "', 
-                   '" . (int)$this->Get('status') . "',
-                   '" . (int)$this->Get('lastreplier') . "',
-                   '" . (int)$this->Get('by') . "',
-                   '" . (int)$this->Get('answerto') . "');");
-		$this->tid = $this->db->insert_id();
+		$ins_stmt = Database::prepare("
+			INSERT INTO `" . TABLE_PANEL_TICKETS . "` SET
+                `customerid` = :customerid,
+                `adminid` = :adminid,
+                `category` = :category,
+                `priority` = :priority,
+                `subject` = :subject,
+                `message` = :message,
+                `dt` = :dt,
+                `lastchange` = :lastchange,
+                `ip` = :ip,
+                `status` = :status,
+                `lastreplier` = :lastreplier,
+                `by` = :by,
+                `answerto` = :answerto"
+		);
+		$ins_data = array(
+			'customerid' => $this->Get('customer'),
+			'adminid' => $this->Get('admin'),
+			'category' => $this->Get('category'),
+			'priority' => $this->Get('priority'),
+			'subject' => $this->Get('subject'),
+			'message' => $this->Get('message'),
+			'dt' => time(),
+			'lastchange' => time(),
+			'ip' => $this->Get('ip'),
+			'status' => $this->Get('status'),
+			'lastreplier' => $this->Get('lastreplier'),
+			'by' => $this->Get('by'),
+			'answerto' => $this->Get('answerto')
+		);
+		Database::pexecute($ins_stmt, $ins_data);
+		$this->tid = Database::lastInsertId();
 		return true;
 	}

 	/**
 	 * Update data in database
 	 */
+	public function Update() {

-	public function Update()
-	{
 		// Update "main" ticket
-
-		$this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET
-                `priority` = "' . (int)$this->Get('priority') . '",  
-                `lastchange` = "' . (int)$this->Get('lastchange') . '", 
-                `status` = "' . (int)$this->Get('status') . '", 
-                `lastreplier` = "' . (int)$this->Get('lastreplier') . '"
-                WHERE `id` = "' . (int)$this->tid . '";');
+		$upd_stmt = Database::prepare('
+			UPDATE `' . TABLE_PANEL_TICKETS . '` SET
+                `priority` = :priority,
+                `lastchange` = :lastchange,
+                `status` = :status,
+                `lastreplier` = :lastreplier
+                WHERE `id` = :tid'
+		);
+		$upd_data = array(
+			'priority' => $this->Get('priority'),
+			'lastchange' => $this->Get('lastchange'),
+			'status' => $this->Get('status'),
+			'lastreplier' => $this->Get('lastreplier'),
+			'tid' => $this->tid
+		);
+		Database::pexecute($upd_stmt, $upd_data);
 		return true;
 	}

 	/**
 	 * Moves a ticket to the archive
 	 */
+	public function Archive() {

-	public function Archive()
-	{
 		// Update "main" ticket
-
-		$this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = "' . (int)$this->tid . '";');
+		$upd_stmt = Database::prepare('
+			UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `id` = :tid'
+		);
+		Database::pexecute($upd_stmt, array('tid' => $this->tid));

 		// Update "answers" to ticket
-
-		$this->db->query('UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = "' . (int)$this->tid . '";');
+		$upd_stmt = Database::prepare('
+			UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = "1" WHERE `answerto` = :tid'
+		);
+		Database::pexecute($upd_stmt, array('tid' => $this->tid));
 		return true;
 	}

 	/**
 	 * Remove ticket from database
 	 */
+	public function Delete() {

-	public function Delete()
-	{
 		// Delete "main" ticket
-
-		$this->db->query('DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = "' . (int)$this->tid . '";');
+		$del_stmt = Database::prepare('
+			DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid'
+		);
+		Database::pexecute($del_stmt, array('tid' => $this->tid));

 		// Delete "answers" to ticket"
-
-		$this->db->query('DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = "' . (int)$this->tid . '";');
+		$del_stmt = Database::prepare('
+			DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid'
+		);
+		Database::pexecute($del_stmt, array('tid' => $this->tid));
 		return true;
 	}

 	/**
 	 * Mail notifications
 	 */
-
 	public function sendMail($customerid = - 1, $template_subject = null, $default_subject = null, $template_body = null, $default_body = null)
 	{
 		global $mail, $theme;

 		// Some checks are to be made here in the future
-
-		if($customerid != - 1)
-		{
+		if ($customerid != - 1) {
 			// Get e-mail message for customer
+			$usr_stmt = Database::prepare('
+				SELECT `name`, `firstname`, `company`, `email`
+				FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid'
+			);
+			$usr = Database::pexecute_first($usr_stmt, array('customerid' => $customerid));

-			$usr = $this->db->query_first('SELECT `name`, `firstname`, `company`, `email`
-                               FROM `' . TABLE_PANEL_CUSTOMERS . '` 
-                               WHERE `customerid` = "' . (int)$customerid . '"');
 			$replace_arr = array(
 				'FIRSTNAME' => $usr['firstname'],
 				'NAME' => $usr['name'],
@@ -278,29 +276,38 @@ class ticket
 				'SALUTATION' => getCorrectUserSalutation($usr),
 				'SUBJECT' => $this->Get('subject', true)
 			);
-		}
-		else
-		{
+		} else {
 			$replace_arr = array(
 				'SUBJECT' => $this->Get('subject', true)
 			);
 		}
-
-		$result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
-                                WHERE `adminid`=\'' . (int)$this->userinfo['adminid'] . '\' 
-                                AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\' 
-                                AND `templategroup`=\'mails\' 
-                                AND `varname`=\'' . $template_subject . '\'');
+		$tpl_seldata = array(
+			'adminid' => $this->userinfo['adminid'],
+			'lang' => $this->userinfo['def_language'],
+			'tplsubject' => $template_subject
+		);
+		$result_stmt = Database::prepare("
+			SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
+			WHERE `adminid`= :adminid
+			AND `language`= :lang
+			AND `templategroup`= 'mails' AND `varname`= :tplsubject"
+		);
+		$result = Database::pexecute_first($result_stmt, $tpl_seldata);
 		$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_subject), $replace_arr));
-		$result = $this->db->query_first('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
-                                WHERE `adminid`=\'' . (int)$this->userinfo['adminid'] . '\' 
-                                AND `language`=\'' . $this->db->escape($this->userinfo['def_language']) . '\' 
-                                AND `templategroup`=\'mails\' 
-                                AND `varname`=\'' . $template_body . '\'');
+
+		unset($tpl_seldata['tplsubject']);
+		$tpl_seldata['tplmailbody'] = $template_body;
+
+		$result_stmt = Database::prepare("
+			SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
+			WHERE `adminid`= :adminid
+			AND `language`= :lang
+			AND `templategroup`= 'mails' AND `varname`= :tplmailbody"
+		);
+		$result = Database::pexecute_first($result_stmt, $tpl_seldata);
 		$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_body), $replace_arr));

-		if($customerid != - 1)
-		{
+		if ($customerid != - 1) {
 			$_mailerror = false;
 			try {
 				$mail->SetFrom($this->settings['ticket']['noreply_email'], $this->settings['ticket']['noreply_name']);
@@ -318,17 +325,19 @@ class ticket
 			}

 			if ($_mailerror) {
-				$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class'), $this->db, $this->settings);
+				$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class'), $this->settings);
 				$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
 				standard_error('errorsendingmail', $usr['email']);
 			}
-
 			$mail->ClearAddresses();
-		}
-		else
-		{
-			$admin = $this->db->query_first("SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid`='" . (int)$this->userinfo['adminid'] . "'");

+		} else {
+
+			$admin_stmt = Database::prepare("
+				SELECT `name`, `email` FROM `" . TABLE_PANEL_ADMINS . "`
+				WHERE `adminid` = :adminid"
+			);
+			$admin = Database::pexecute_first($admin_stmt, array('adminid' => $this->userinfo['adminid']));
 			$_mailerror = false;
 			try {
 				$mail->SetFrom($this->settings['ticket']['noreply_email'], $this->settings['ticket']['noreply_name']);
@@ -346,7 +355,7 @@ class ticket
 			}

 			if ($_mailerror) {
-				$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class'), $this->db, $this->settings);
+				$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class'), $this->settings);
 				$rstlog->logAction(ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
 				standard_error('errorsendingmail', $admin['email']);
 			}
@@ -358,68 +367,77 @@ class ticket
 	/**
 	 * Add a support-categories
 	 */
+	static public function addCategory($_category = null, $_admin = 1, $_order = 1) {

-	static public function addCategory($_db, $_category = null, $_admin = 1, $_order = 1)
-	{
-		if($_category != null
-		&& $_category != '')
-		{
-			if($_order < 1) {
+		if ($_category != null
+			&& $_category != ''
+		) {
+			if ($_order < 1) {
 				$_order = 1;
 			}

-			$_db->query('INSERT INTO `' . TABLE_PANEL_TICKET_CATS . '` SET
-						`name` = "' . $_db->escape($_category) . '", 
-						`adminid` = "' . (int)$_admin . '", 
-						`logicalorder` = "' . (int)$_order . '"');
+			$ins_stmt = Database::prepare("
+				INSERT INTO `" . TABLE_PANEL_TICKET_CATS . "` SET
+					`name` = :name,
+					`adminid` = :adminid,
+					`logicalorder` = :lo"
+			);
+			$ins_data = array(
+				'name' => $_category,
+				'adminid' => $_admin,
+				'lo' => $_order
+			);
+			Database::pexecute($ins_stmt, $ins_data);
 			return true;
 		}
-
 		return false;
 	}

 	/**
 	 * Edit a support-categories
 	 */
+	static public function editCategory($_category = null, $_id = 0, $_order = 1) {

-	static public function editCategory($_db, $_category = null, $_id = 0, $_order = 1)
-	{
-		if($_category != null
-		&& $_category != ''
-		&& $_id != 0)
-		{
-			if($_order < 1) {
+		if ($_category != null
+			&& $_category != ''
+			&& $_id != 0
+		) {
+			if ($_order < 1) {
 				$_order = 1;
 			}

-			$_db->query('UPDATE `' . TABLE_PANEL_TICKET_CATS . '` SET
-					`name` = "' . $_db->escape($_category) . '",
-					`logicalorder` = "' . (int)$_order . '"
-                   WHERE `id` = "' . (int)$_id . '"');
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_TICKET_CATS . "` SET
+					`name` = :name,
+					`logicalorder` = :lo
+                  WHERE `id` = :id
+			");
+			Database::pexecute($upd_stmt, array('name' => $_category, 'lo' => $_order, 'id' => $_id));
 			return true;
 		}
-
 		return false;
 	}

 	/**
 	 * Delete a support-categories
 	 */
+	static public function deleteCategory($_id = 0) {

-	static public function deleteCategory($_db, $_id = 0)
-	{
-		if($_id != 0)
-		{
-			$result = $_db->query_first('SELECT COUNT(`id`) as `numtickets` FROM `' . TABLE_PANEL_TICKETS . '`
-                                   WHERE `category` = "' . (int)$_id . '"');
+		if ($_id != 0) {

-			if($result['numtickets'] == "0")
-			{
-				$_db->query('DELETE FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = "' . (int)$_id . '"');
+			$result_stmt = Database::prepare("
+				SELECT COUNT(`id`) as `numtickets` FROM `" . TABLE_PANEL_TICKETS . "`
+				WHERE `category` = :cat"
+			);
+			$result = Database::pexecute_first($result_stmt, array('cat' => $_id));
+
+			if ($result['numtickets'] == "0") {
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id"
+				);
+				Database::pexecute($del_stmt, array('id' => $_id));
 				return true;
-			}
-			else
-			{
+			} else {
 				return false;
 			}
 		}
@@ -430,57 +448,63 @@ class ticket
 	/**
 	 * Return a support-category-name
 	 */
+	static public function getCategoryName($_id = 0) {

-	static public function getCategoryName($_db, $_id = 0)
-	{
-		if($_id != 0)
-		{
-			$category = $_db->query_first('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = "' . (int)$_id . '"');
+		if ($_id != 0) {
+			$stmt = Database::prepare("
+				SELECT `name` FROM `" . TABLE_PANEL_TICKET_CATS . "` WHERE `id` = :id"
+			);
+			$category = Database::pexecute_first($stmt, array('id' => $_id));
 			return $category['name'];
 		}
-
 		return null;
 	}

 	/**
 	 * get the highest order number
 	 * 
-	 * @param object $_db database-object
+	 * @param object $_uid admin-id (optional)
 	 * 
 	 * @return int highest order number
 	 */
-	static public function getHighestOrderNumber($_db = null, $_uid = 0)
-	{
+	static public function getHighestOrderNumber($_uid = 0) {
+
 		$where = '';
+		$sel_data = array();
 		if ($_uid > 0) {
-			$where = ' WHERE `adminid` = "'.(int)$_uid.'"';
+			$where = " WHERE `adminid` = :adminid";
+			$sel_data['adminid'] = $_uid;
 		}
 		$sql = "SELECT MAX(`logicalorder`) as `highestorder` FROM `" . TABLE_PANEL_TICKET_CATS . "`".$where.";";
-		$result = $_db->query_first($sql);
+		$result_stmt = Database::prepare($sql);
+		$result = Database::pexecute_first($result_stmt, $sel_data);
 		return (isset($result['highestorder']) ? (int)$result['highestorder'] : 0);
 	}

 	/**
 	 * returns the last x archived tickets
 	 */
+	static public function getLastArchived($_num = 10, $_admin = 1) {
+
+		if ($_num > 0) {

-	static public function getLastArchived($_db, $_num = 10, $_admin = 1)
-	{
-		if($_num > 0)
-		{
 			$archived = array();
 			$counter = 0;
-			$result = $_db->query('SELECT *,
-                              (SELECT COUNT(`sub`.`id`) 
-                                FROM `' . TABLE_PANEL_TICKETS . '` `sub` 
-                                WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers`  
-                             FROM `' . TABLE_PANEL_TICKETS . '` `main` 
-                             WHERE `main`.`answerto` = "0" 
-                             AND `main`.`archived` = "1" AND `main`.`adminid` = "' . (int)$_admin . '" 
-                             ORDER BY `main`.`lastchange` DESC LIMIT 0, ' . (int)$_num);
+			$result_stmt = Database::prepare("
+				SELECT *, (
+					SELECT COUNT(`sub`.`id`)
+					FROM `" . TABLE_PANEL_TICKETS . "` `sub`
+					WHERE `sub`.`answerto` = `main`.`id`
+				) as `ticket_answers`
+				FROM `" . TABLE_PANEL_TICKETS . "` `main`
+				WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1'
+				AND `main`.`adminid` = :adminid
+				ORDER BY `main`.`lastchange` DESC LIMIT 0, ".(int)$_num
+			);
+			Database::pexecute($result_stmt, array('adminid' => $_admin));
+
+			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {

-			while($row = $_db->fetch_array($result))
-			{
 				$archived[$counter]['id'] = $row['id'];
 				$archived[$counter]['customerid'] = $row['customerid'];
 				$archived[$counter]['adminid'] = $row['adminid'];
@@ -497,12 +521,9 @@ class ticket
 				$counter++;
 			}

-			if(isset($archived[0]['id']))
-			{
+			if (isset($archived[0]['id'])) {
 				return $archived;
-			}
-			else
-			{
+			} else {
 				return false;
 			}
 		}
@@ -510,138 +531,141 @@ class ticket

 	/**
 	 * Returns a sql-statement to search the archive
+	 * including necessary parameter-array for PDO
+	 *
+	 * @return array 0 = query, 1 = params-array
 	 */
-
-	static public function getArchiveSearchStatement($db, $subject = NULL, $priority = NULL, $fromdate = NULL, $todate = NULL, $message = NULL, $customer = - 1, $admin = 1, $categories = NULL)
+	static public function getArchiveSearchStatement($subject = null, $priority = null, $fromdate = null, $todate = null, $message = null, $customer = - 1, $admin = 1, $categories = null)
 	{
-		$query = 'SELECT `main`.*,
-                (SELECT COUNT(`sub`.`id`) FROM `' . TABLE_PANEL_TICKETS . '` `sub` 
-                 WHERE `sub`.`answerto` = `main`.`id`) as `ticket_answers` 
-              FROM `' . TABLE_PANEL_TICKETS . '` `main` 
-              WHERE `main`.`archived` = "1" AND `main`.`adminid` = "' . (int)$admin . '" ';
+		$search_params = array();

-		if($subject != NULL
-		&& $subject != '')
-		{
-			$query.= 'AND `main`.`subject` LIKE "' . $db->escape("%$subject%") . '" ';
+		$query = "
+			SELECT `main`.*, (
+				SELECT COUNT(`sub`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub`
+				WHERE `sub`.`answerto` = `main`.`id`
+			) as `ticket_answers`
+			FROM `" . TABLE_PANEL_TICKETS . "` `main`
+			WHERE `main`.`archived` = '1' AND `main`.`adminid` = :admin"
+		;
+
+		$search_params['admin'] = $admin;
+
+		if ($subject != NULL
+			&& $subject != ''
+		) {
+			$query .= " AND `main`.`subject` LIKE :subject";
+			$search_params['subject'] = "%".$subject."%";
 		}

-		if($priority != NULL
-		&& isset($priority[0])
-		&& $priority[0] != '')
-		{
-			if(isset($priority[1])
-			&& $priority[1] != '')
-			{
-				if(isset($priority[2])
-				&& $priority[2] != '')
-				{
-					$query.= 'AND (`main`.`priority` = "1"
-                     OR `main`.`priority` = "2" 
-                     OR `main`.`priority` = "3") ';
-				}
-				else
-				{
-					$query.= 'AND (`main`.`priority` = "1"
-                     OR `main`.`priority` = "2") ';
+		if ($priority != null
+			&& isset($priority[0])
+			&& $priority[0] != ''
+		) {
+
+			if (isset($priority[1])
+				&& $priority[1] != ''
+			) {
+
+				if (isset($priority[2])
+					&& $priority[2] != ''
+				) {
+
+					$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '2' OR `main`.`priority` = '3')";
+
+				} else {
+
+					$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '1')";
 				}
+
+			} elseif (isset($priority[2])
+				&& $priority[2] != ''
+			) {
+
+				$query .= " AND (`main`.`priority` = '1' OR `main`.`priority` = '3')";
+
+			} else {
+				$query .= " AND `main`.`priority` = '1'";
 			}
-			elseif(isset($priority[2])
-			&& $priority[2] != '')
-			{
-				$query.= 'AND (`main`.`priority` = "1"
-                     OR `main`.`priority` = "3") ';
+
+		} elseif($priority != null
+			&& isset($priority[1])
+			&& $priority[1] != ''
+		) {
+			if (isset($priority[2])
+				&& $priority[2] != ''
+			) {
+				$query .= " AND (`main`.`priority` = '2' OR `main`.`priority` = '3')";
+			} else {
+				$query .= " AND `main`.`priority` = '2'";
 			}
-			else
-			{
-				$query.= 'AND `main`.`priority` = "1" ';
-			}
-		}
-		elseif($priority != NULL
-		&& isset($priority[1])
-		&& $priority[1] != '')
-		{
-			if(isset($priority[2])
-			&& $priority[2] != '')
-			{
-				$query.= 'AND (`main`.`priority` = "2" OR `main`.`priority` = "3") ';
-			}
-			else
-			{
-				$query.= 'AND `main`.`priority` = "2" ';
-			}
-		}
-		elseif($priority != NULL)
-		{
-			if(isset($priority[3])
-			&& $priority[3] != '')
-			{
-				$query.= 'AND `main`.`priority` = "3" ';
+
+		} elseif($priority != null) {
+
+			if (isset($priority[3])
+				&& $priority[3] != ''
+			) {
+				$query .= " AND `main`.`priority` = '3'";
 			}
 		}

-		if($fromdate != NULL
-		&& $fromdate > 0)
-		{
-			$query.= 'AND `main`.`lastchange` > "' . $db->escape(strtotime($fromdate)) . '" ';
+		if ($fromdate != null
+			&& $fromdate > 0
+		) {
+			$query .= " AND `main`.`lastchange` > :fromdate";
+			$search_params['fromdate'] = strtotime($fromdate);
 		}

-		if($todate != NULL
-		&& $todate > 0)
-		{
-			$query.= 'AND `main`.`lastchange` < "' . $db->escape(strtotime($todate)) . '" ';
+		if ($todate != null
+			&& $todate > 0
+		) {
+			$query .= " AND `main`.`lastchange` < :todate";
+			$search_params['todate'] = strtotime($todate);
 		}

-		if($message != NULL
-		&& $message != '')
-		{
-			$query.= 'AND `main`.`message` LIKE "' . $db->escape("%$message%") . '" ';
+		if ($message != null
+			&& $message != ''
+		) {
+			$query .= " AND `main`.`message` LIKE :message";
+			$search_params['message'] = "%".$message."%";
 		}

-		if($customer != - 1)
-		{
-			$query.= 'AND `main`.`customerid` = "' . (int)$customer . '" ';
+		if ($customer != - 1) {
+			$query .= " AND `main`.`customerid` = :customer";
+			$search_params['customer'] = $customer;
 		}

-		if($categories != NULL)
-		{
+		if ($categories != null) {
+
 			$cats = array();
-			foreach($categories as $index => $catid)
-			{
-				if ($catid != "")
-				{
+			foreach ($categories as $index => $catid) {
+				if ($catid != "") {
 					$cats[] = $catid;
 				}
 			}

-			if (count($cats) > 0)
-			{
-				$query.= 'AND (';
+			if (count($cats) > 0) {
+				$query .= " AND (";
 			}

-			foreach($cats as $catid)
-			{
-				if(isset($catid)
-				&& $catid > 0)
-				{
-					$query.= '`main`.`category` = "' . (int)$catid . '" OR ';
+			foreach ($cats as $catid) {
+				if (isset($catid) && $catid > 0) {
+					$query .= "`main`.`category` = :catid_".$catid." OR ";
+					$search_params['catid_'.$catid] = $catid;
 				}
 			}

-			if (count($cats) > 0)
-			{
+			if (count($cats) > 0) {
 				$query = substr($query, 0, strlen($query) - 3);
-				$query.= ') ';
+				$query .= ") ";
 			}
 		}

-		return $query;
+		return array('0' => $query, '1' => $search_params);
 	}

 	/**
 	 * Get statustext by status-no
 	 */
-
 	static public function getStatusText($_lng, $_status = 0)
 	{
 		switch($_status)
@@ -664,7 +688,6 @@ class ticket
 	/**
 	 * Get prioritytext by priority-no
 	 */
-
 	static public function getPriorityText($_lng, $_priority = 0)
 	{
 		switch($_priority)
@@ -702,23 +725,23 @@ class ticket
 		return $str;
 	}

-	/*
+	/**
 	 * function customerHasTickets
 	 *
-	 * @param	object	mysql-db-object
 	 * @param	int		customer-id
 	 *
 	 * @return	array/bool	array of ticket-ids if customer has any, else false
 	 */
-	static public function customerHasTickets($_db = null, $_cid = 0)
-	{
-		if($_cid != 0)
-		{
-			$result = $_db->query('SELECT `id` FROM `' . TABLE_PANEL_TICKETS . '` WHERE `customerid` ="'.(int)$_cid.'"');
+	static public function customerHasTickets($_cid = 0) {
+
+		if ($_cid != 0) {
+			$result_stmt = Database::prepare("
+				SELECT `id` FROM `" . TABLE_PANEL_TICKETS . "` WHERE `customerid` = :cid"
+			);
+			Database::pexecute($result_stmt, array('cid' => $_cid));

 			$tickets = array();
-			while($row = $_db->fetch_array($result))
-			{
+			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$tickets[] = $row['id'];
 			}

@@ -731,33 +754,22 @@ class ticket
 	/**
 	 * Get a data-var
 	 */
+	public function Get($_var = '', $_vartrusted = false) {

-	public function Get($_var = '', $_vartrusted = false)
-	{
-		if($_var != '')
-		{
-			if(!$_vartrusted)
-			{
+		if ($_var != '') {
+			if (!$_vartrusted) {
 				$_var = htmlspecialchars($_var);
 			}

-			if(isset($this->t_data[$_var]))
-			{
-				if(strtolower($_var) == 'message')
-				{
+			if (isset($this->t_data[$_var])) {
+				if (strtolower($_var) == 'message') {
 					return nl2br($this->t_data[$_var]);
-				}
-				elseif(strtolower($_var) == 'subject')
-				{
+				} elseif(strtolower($_var) == 'subject') {
 					return nl2br($this->t_data[$_var]);
-				}
-				else
-				{
+				} else {
 					return $this->t_data[$_var];
 				}
-			}
-			else
-			{
+			} else {
 				return null;
 			}
 		}
@@ -766,24 +778,22 @@ class ticket
 	/**
 	 * Set a data-var
 	 */
+	public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false) {

-	public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false)
-	{
-		if($_var != ''
-		&& $_value != '')
-		{
-			if(!$_vartrusted)
-			{
+		if ($_var != ''
+			&& $_value != ''
+		) {
+			if (!$_vartrusted) {
 				$_var = $this->_purifier->purify($_var);
 			}

-			if(!$_valuetrusted)
-			{
+			if (!$_valuetrusted) {
 				$_value = $this->_purifier->purify($_value);
 			}

-			if(strtolower($_var) == 'message' || strtolower($_var) == 'subject')
-			{
+			if (strtolower($_var) == 'message'
+				|| strtolower($_var) == 'subject'
+			) {
 				$_value = $this->convertLatin1ToHtml($_value);
 			}

@@ -791,5 +801,3 @@ class ticket
 		}
 	}
 }
-
-?>
--- a/lib/classes/webserver/class.ConfigIO.php
+++ b/lib/classes/webserver/class.ConfigIO.php
@@ -70,17 +70,22 @@ class ConfigIO {
 	 */
 	private function _cleanCustomerSslCerts() {

-		// get correct directory
-		$configdir = $this->_getFile('system', 'customer_ssl_path');
-		if ($configdir !== false) {
+		/*
+		 * only clean up if we're actually using SSL
+		 */
+		if ($this->_settings['system']['use_ssl'] == '1') {
+			// get correct directory
+			$configdir = $this->_getFile('system', 'customer_ssl_path');
+			if ($configdir !== false) {

-			$configdir = makeCorrectDir($configdir);
+				$configdir = makeCorrectDir($configdir);

-			if (@is_dir($configdir)) {
-				// now get rid of old stuff
-				//(but append /* so we don't delete the directory)
-				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				if (@is_dir($configdir)) {
+					// now get rid of old stuff
+					//(but append /* so we don't delete the directory)
+					$configdir.='/*';
+					safe_exec('rm -rf '. makeCorrectFile($configdir));
+				}
 			}
 		}
 	}
--- a/lib/classes/webserver/class.DomainSSL.php
+++ b/lib/classes/webserver/class.DomainSSL.php
@@ -27,20 +27,11 @@ class DomainSSL {
 	 */
 	private $_settings = null;

-	/**
-	 * internal database object
-	 *
-	 * @var db
-	 */
-	private $_db = null;
-
 	/**
 	 * constructor gets the froxlor settings as array
-	 * and the initialized database object
 	 */
-	public function __construct(array $settings = null, $db = null) {
+	public function __construct(array $settings = null) {
 		$this->_settings = $settings;
-		$this->_db = $db;
 	}

 	/**
@@ -54,14 +45,18 @@ class DomainSSL {
 	 */
 	public function setDomainSSLFilesArray(array &$domain = null) {
 		// check if the domain itself has a certificate defined
-		$dom_certs = $this->_db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` ='".$domain['id']."'");
+		$dom_certs_stmt = Database::prepare("
+			SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` = :domid
+		");
+		$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['id']));
+
 		if (!is_array($dom_certs)
 				|| !isset($dom_certs['ssl_cert_file'])
 				|| $dom_certs['ssl_cert_file'] == ''
 		) {
 			// maybe its parent?
 			if ($domain['parentdomainid'] != 0) {
-				$dom_certs = $this->_db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAIN_SSL_SETTINGS."` WHERE `domainid` ='".$domain['parentdomainid']."'");
+				$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
 			}
 		}

@@ -84,7 +79,7 @@ class DomainSSL {

 			if ($this->_settings['system']['webserver'] == 'lighttpd') {
 				// put my.crt and my.key together for lighty.
-				$dom_certs['ssl_cert_file'] .= $dom_certs['ssl_key_file'];
+				$dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file'])."\n".trim($dom_certs['ssl_key_file'])."\n";
 				$ssl_files['ssl_key_file'] = '';
 			}

@@ -98,7 +93,7 @@ class DomainSSL {
 			if ($dom_certs['ssl_cert_chainfile'] != '') {
 				if ($this->_settings['system']['webserver'] == 'nginx') {
 					// put ca.crt in my.crt, as nginx does not support a separate chain file.
-					$dom_certs['ssl_cert_file'] .= $dom_certs['ssl_cert_chainfile'];
+					$dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file'])."\n".trim($dom_certs['ssl_cert_chainfile'])."\n";
 				} else {
 					$ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_chain.pem');
 				}
--- a/lib/classes/webserver/class.WebserverBase.php
+++ b/lib/classes/webserver/class.WebserverBase.php
@@ -0,0 +1,85 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <mkaufmann@nutime.de>
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ * @since      0.9.31
+ *
+ */
+
+class WebserverBase {
+
+	/**
+	 * returns an array with all entries required for all
+	 * webserver-vhost-configs
+	 *
+	 * @return array
+	 */
+	public static function getVhostsToCreate() {
+
+		$query = "SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,
+				`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,
+				`c`.`documentroot` AS `customerroot`, `c`.`deactivated`,
+				`c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`,
+				`d`.`mod_fcgid_maxrequests`
+				FROM `".TABLE_PANEL_DOMAINS."` `d`
+
+				LEFT JOIN `".TABLE_PANEL_CUSTOMERS."` `c` USING(`customerid`)
+				LEFT JOIN `".TABLE_PANEL_DOMAINS."` `pd` ON (`pd`.`id` = `d`.`parentdomainid`)
+
+				WHERE `d`.`aliasdomain` IS NULL AND `d`.`email_only` <> '1'
+				ORDER BY `d`.`parentdomainid` DESC, `d`.`iswildcarddomain`, `d`.`domain` ASC;
+		";
+
+		$result_domains_stmt = Database::query($query);
+
+		$domains = array();
+		while ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
+
+			// set whole domain
+			$domains[$domain['domain']] = $domain;
+			// set empty-defaults for non-ssl
+			$domains[$domain['domain']]['ssl'] = '';
+			$domains[$domain['domain']]['ssl_cert_file'] = '';
+			$domains[$domain['domain']]['ssl_key_file'] = '';
+			$domains[$domain['domain']]['ssl_ca_file'] = '';
+			$domains[$domain['domain']]['ssl_cert_chainfile'] = '';
+
+			// now, if the domain has an ssl ip/port assigned, get
+			// the corresponding information from the db
+			if (domainHasSslIpPort($domain['id'])) {
+
+				$ip_stmt = Database::prepare("
+						SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
+						FROM `".TABLE_DOMAINTOIP."` `di`, `".TABLE_PANEL_IPSANDPORTS."` `p`
+						WHERE `p`.`id` = `di`.`id_ipandports`
+						AND `di`.`id_domain` = :domainid
+						AND `p`.`ssl` = '1'
+						");
+				$ssl_ip = Database::pexecute_first($ip_stmt, array('domainid' => $domain['id']));
+
+				// set ssl info for domain
+				$domains[$domain['domain']]['ssl'] = '1';
+				$domains[$domain['domain']]['ssl_cert_file'] = $ssl_ip['ssl_cert_file'];
+				$domains[$domain['domain']]['ssl_key_file'] = $ssl_ip['ssl_key_file'];
+				$domains[$domain['domain']]['ssl_ca_file'] = $ssl_ip['ssl_ca_file'];
+				$domains[$domain['domain']]['ssl_cert_chainfile'] = $ssl_ip['ssl_cert_chainfile'];
+
+			}
+		}
+
+		return $domains;
+	}
+
+}
--- a/lib/configfiles/wheezy.inc.php
+++ b/lib/configfiles/wheezy.inc.php
@@ -420,7 +420,7 @@ return Array(
 							'a2enmod suexec fcgid',
 							($settings['system']['mod_fcgid_ownvhost'] == '1') ? 'groupadd -f '.$settings['system']['mod_fcgid_httpgroup'] : null,
 							($settings['system']['mod_fcgid_ownvhost'] == '1') ? 'useradd -s /bin/false -g '.$settings['system']['mod_fcgid_httpgroup'].' '.$settings['system']['mod_fcgid_httpuser'] : null,
-							($settings['system']['mod_fcgid_ownvhost'] == '1') ? 'chown -R '.$settings['system']['mod_fcgid_httpuser'].':'.$settings['system']['mod_fcgid_httpgroup'].' '.$pathtophpfiles : null,
+							($settings['system']['mod_fcgid_ownvhost'] == '1') ? 'chown -R '.$settings['system']['mod_fcgid_httpuser'].':'.$settings['system']['mod_fcgid_httpgroup'].' '.FROXLOR_INSTALL_DIR : null,
 							($settings['system']['mod_fcgid_ownvhost'] == '1') ? 'mkdir -p '.makeCorrectDir($settings['system']['mod_fcgid_configdir']) : null,
 							($settings['system']['mod_fcgid_ownvhost'] == '1') ? 'mkdir -p '.makeCorrectDir($settings['system']['mod_fcgid_tmpdir']) : null,
 							($settings['system']['mod_fcgid_ownvhost'] == '1') ? 'a2dismod php5' : null
@@ -439,7 +439,7 @@ return Array(
 							'a2enmod suexec fastcgi actions',
 							($settings['phpfpm']['enabled_ownvhost'] == '1') ? 'groupadd -f '.$settings['phpfpm']['vhost_httpgroup'] : null,
 							($settings['phpfpm']['enabled_ownvhost'] == '1') ? 'useradd -s /bin/false -g '.$settings['phpfpm']['vhost_httpgroup'].' '.$settings['phpfpm']['vhost_httpuser'] : null,
-							($settings['phpfpm']['enabled_ownvhost'] == '1') ? 'chown -R '.$settings['phpfpm']['vhost_httpuser'].':'.$settings['phpfpm']['vhost_httpgroup'].' '.$pathtophpfiles : null,
+							($settings['phpfpm']['enabled_ownvhost'] == '1') ? 'chown -R '.$settings['phpfpm']['vhost_httpuser'].':'.$settings['phpfpm']['vhost_httpgroup'].' '.FROXLOR_INSTALL_DIR : null,
 							($settings['phpfpm']['enabled_ownvhost'] == '1') ? 'a2dismod php5' : null
 						)
 					)
--- a/lib/cron_init.php
+++ b/lib/cron_init.php
@@ -1,4 +1,4 @@
-<?php
+<?php if (!defined('MASTER_CRONJOB')) die('You cannot access this file directly!');

 /**
 * This file is part of the Froxlor project.
@@ -17,16 +17,17 @@
 *
 */

-if(@php_sapi_name() != 'cli'
-   && @php_sapi_name() != 'cgi'
-   && @php_sapi_name() != 'cgi-fcgi')
-{
+if (@php_sapi_name() != 'cli'
+	&& @php_sapi_name() != 'cgi'
+	&& @php_sapi_name() != 'cgi-fcgi'
+) {
 	die('This script will only work in the shell.');
 }

 // ensure that default timezone is set
-if(function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get"))
-{
+if (function_exists("date_default_timezone_set")
+	&& function_exists("date_default_timezone_get")
+) {
 	@date_default_timezone_set(@date_default_timezone_get());
 }

@@ -38,142 +39,115 @@ $lockfile = $lockdir . $lockfName;
 // guess the froxlor installation path
 // normally you should not need to modify this script anymore, if your
 // froxlor installation isn't in /var/www/froxlor
+define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));

-$pathtophpfiles = dirname(dirname(__FILE__));
-
-// should the froxlor installation guessing not work correctly,
-// uncomment the following line, and put your path in there!
-//$pathtophpfiles = '/var/www/froxlor/';
 // create and open the lockfile!
-
 $keepLockFile = false;
 $debugHandler = fopen($lockfile, 'w');
 fwrite($debugHandler, 'Setting Lockfile to ' . $lockfile . "\n");
-fwrite($debugHandler, 'Setting Froxlor installation path to ' . $pathtophpfiles . "\n");
+fwrite($debugHandler, 'Setting Froxlor installation path to ' . FROXLOR_INSTALL_DIR . "\n");

 // open the lockfile directory and scan for existing lockfiles
-
 $lockDirHandle = opendir($lockdir);

-while($fName = readdir($lockDirHandle))
-{
-	if($lockFilename == substr($fName, 0, strlen($lockFilename))
-	   && $lockfName != $fName)
-	{
-		// Check if last run jailed out with an exception
+while ($fName = readdir($lockDirHandle)) {

+	if ($lockFilename == substr($fName, 0, strlen($lockFilename))
+	   && $lockfName != $fName
+	) {
+		// Check if last run jailed out with an exception
 		$croncontent = file($lockdir . $fName);
 		$lastline = $croncontent[(count($croncontent) - 1)];

-		if($lastline == '=== Keep lockfile because of exception ===')
-		{
+		if ($lastline == '=== Keep lockfile because of exception ===') {
 			fclose($debugHandler);
 			unlink($lockfile);
 			die('Last cron jailed out with an exception. Exiting...' . "\n" . 'Take a look into the contents of ' . $lockdir . $fName . '* for more information!' . "\n");
 		}

 		// Check if cron is running or has died.
-
 		$check_pid = substr(strstr($fName, "-"), 1);
 		system("kill -CHLD " . (int)$check_pid . " 1> /dev/null 2> /dev/null", $check_pid_return);

-		if($check_pid_return == 1)
-		{
+		if ($check_pid_return == 1) {
 			// Result:      Existing lockfile/pid isnt running
 			//              Most likely it has died
 			//
 			// Action:      Remove it and continue
 			//
-
 			fwrite($debugHandler, 'Previous cronjob didn\'t exit clean. PID: ' . $check_pid . "\n");
 			fwrite($debugHandler, 'Removing lockfile: ' . $lockdir . $fName . "\n");
 			unlink($lockdir . $fName);
-		}
-		else
-		{
+
+		} else {
 			// Result:      A Cronscript with this pid
 			//              is still running
 			// Action:      remove my own Lock and die
 			//
 			// close the current lockfile
-
 			fclose($debugHandler);

 			// ... and delete it
-
 			unlink($lockfile);
 			die('There is already a Cronjob in progress. Exiting...' . "\n" . 'Take a look into the contents of ' . $lockdir . $lockFilename . '* for more information!' . "\n");
 		}
 	}
 }

-/**
- * Includes the Usersettings eg. MySQL-Username/Passwort etc.
- */
-
-require ($pathtophpfiles . '/lib/userdata.inc.php');
+// Includes the Usersettings eg. MySQL-Username/Passwort etc.
+require FROXLOR_INSTALL_DIR . '/lib/userdata.inc.php';
 fwrite($debugHandler, 'Userdatas included' . "\n");

 // Legacy sql-root-information
-if(isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root)))
-{
+if (isset($sql['root_user'])
+	&& isset($sql['root_password'])
+	&& (!isset($sql_root) || !is_array($sql_root))
+) {
 	$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
 	unset($sql['root_user']);
 	unset($sql['root_password']);
 }

-/**
- * Includes the Functions
- */
+// Includes the Functions
+require FROXLOR_INSTALL_DIR . '/lib/functions.php';

-require ($pathtophpfiles . '/lib/functions.php');
-
-/**
- * Includes the MySQL-Tabledefinitions etc.
- */
-
-require ($pathtophpfiles . '/lib/tables.inc.php');
+//Includes the MySQL-Tabledefinitions etc.
+require FROXLOR_INSTALL_DIR . '/lib/tables.inc.php';
 fwrite($debugHandler, 'Table definitions included' . "\n");

-/**
- * Includes the MySQL-Connection-Class
- */
-
-fwrite($debugHandler, 'Database Class has been loaded' . "\n");
-$db = new db($sql['host'], $sql['user'], $sql['password'], $sql['db']);
-
-if($db->link_id == 0)
-{
-	/**
-	 * Do not proceed further if no database connection could be established
-	 */
-
+// try database connection, it will throw
+// and exception itself if failed
+try {
+	Database::query("SELECT 1");
+} catch (Exception $e) {
+	// Do not proceed further if no database connection could be established
 	fclose($debugHandler);
 	unlink($lockfile);
-	die('Froxlor can\'t connect to mysqlserver. Please check userdata.inc.php! Exiting...');
+	die($e->getMessage());
 }

 fwrite($debugHandler, 'Database-connection established' . "\n");
-unset($sql);
-$result = $db->query("SELECT `settingid`, `settinggroup`, `varname`, `value` FROM `" . TABLE_PANEL_SETTINGS . "`");
+$result_stmt = Database::query("
+	SELECT `settingid`, `settinggroup`, `varname`, `value`
+	FROM `" . TABLE_PANEL_SETTINGS . "`
+");

-while($row = $db->fetch_array($result))
-{
+while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 	$settings[$row['settinggroup']][$row['varname']] = $row['value'];
 }

 unset($row);
-unset($result);
 fwrite($debugHandler, 'Froxlor settings have been loaded from the database' . "\n");

 /**
 * if settings['system']['mod_fcgid_ownvhost'] is set, we have to check
 * whether the permission of the files are still correct
 */
-if((int)$settings['system']['mod_fcgid'] == 1 && (int)$settings['system']['mod_fcgid_ownvhost'] == 1)
-{
+if ((int)$settings['system']['mod_fcgid'] == 1
+	&& (int)$settings['system']['mod_fcgid_ownvhost'] == 1
+) {
 	fwrite($debugHandler, 'Checking froxlor file permissions');
-	$mypath = makeCorrectDir(dirname(dirname(__FILE__))); // /var/www/froxlor, needed for chown
+	$mypath = makeCorrectDir(FROXLOR_INSTALL_DIR);
 	$user = $settings['system']['mod_fcgid_httpuser'];
 	$group = $settings['system']['mod_fcgid_httpgroup'];
 	// all the files and folders have to belong to the local user
@@ -181,17 +155,12 @@ if((int)$settings['system']['mod_fcgid'] == 1 && (int)$settings['system']['mod_f
 	safe_exec('chown -R ' . $user . ':' . $group . ' ' . escapeshellarg($mypath));
 }

-/**
- * be sure HTMLPurifier's cache folder is writable
- */
+// be sure HTMLPurifier's cache folder is writable
 safe_exec('chmod -R 0755 '.escapeshellarg(dirname(__FILE__).'/classes/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer'));
-/**
- * end of HTMLPurifier check
- */

-if(!isset($settings['panel']['version'])
-   || $settings['panel']['version'] != $version)
-{
+if (!isset($settings['panel']['version'])
+   || $settings['panel']['version'] != $version
+) {
 	/**
 	 * Do not proceed further if the Database version is not the same as the script version
 	 */
@@ -208,17 +177,9 @@ fwrite($debugHandler, 'Froxlor version and database version are correct' . "\n")

 $cronscriptDebug = ($settings['system']['debug_cron'] == '1') ? true : false;

-/**
- * Create a new idna converter
- */
-
+// Create a new idna converter
 $idna_convert = new idna_convert_wrapper();

-/**
- * Initialize logging
- */
-
-$cronlog = FroxlorLogger::getInstanceOf(array('loginname' => 'cronjob'), $db, $settings);
+// Initialize logging
+$cronlog = FroxlorLogger::getInstanceOf(array('loginname' => 'cronjob'), $settings);
 fwrite($debugHandler, 'Logger has been included' . "\n");
-
-?>
--- a/lib/cron_shutdown.php
+++ b/lib/cron_shutdown.php
@@ -17,31 +17,19 @@
 *
 */

-if($settings['logger']['log_cron'] == '1')
-{
+if ($settings['logger']['log_cron'] == '1') {
 	$cronlog->setCronLog(0);
 	fwrite($debugHandler, 'Logging for cron has been shutdown' . "\n");
 }

-$db->close();
-fwrite($debugHandler, 'Closing database connection' . "\n");
-
-if(isset($db_root))
-{
-	$db_root->close();
-	fwrite($debugHandler, 'Closing database rootconnection' . "\n");
-}
-
-if($keepLockFile === true)
-{
+if ($keepLockFile === true) {
 	fwrite($debugHandler, '=== Keep lockfile because of exception ===');
 }

 fclose($debugHandler);

-if($keepLockFile === false
-   && $cronscriptDebug === false)
-{
+if ($keepLockFile === false
+	&& $cronscriptDebug === false
+) {
 	unlink($lockfile);
 }
-
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
@@ -126,7 +126,8 @@ return array(
 						'type' => 'text'
 					),
 					'ssl_cert_chainfile' => array(
-						'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
+						'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile']['title'],
+						'desc' => $lng['admin']['ipsandports']['ssl_cert_chainfile']['description'],
 						'type' => 'text'
 					)
 				)
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
@@ -134,7 +134,8 @@ return array(
 						'value' => $result['ssl_ca_file']
 					),
 					'ssl_cert_chainfile' => array(
-						'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
+						'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile']['title'],
+						'desc' => $lng['admin']['ipsandports']['ssl_cert_chainfile']['description'],
 						'type' => 'text',
 						'value' => $result['ssl_cert_chainfile']
 					)
--- a/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php
+++ b/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php
@@ -30,12 +30,14 @@ return array(
 						'maxlength' => 50
 					),
 					'binary' => array(
+						'visible' => ($settings['system']['mod_fcgid'] == 1 ? true : false),
 						'label' => $lng['admin']['phpsettings']['binary'],
 						'type' => 'text',
 						'maxlength' => 255,
 						'value' => '/usr/bin/php-cgi'
 					),
 					'file_extensions' => array(
+						'visible' => ($settings['system']['mod_fcgid'] == 1 ? true : false),
 						'label' => $lng['admin']['phpsettings']['file_extensions'],
 						'desc' => $lng['admin']['phpsettings']['file_extensions_note'],
 						'type' => 'text',
@@ -43,13 +45,38 @@ return array(
 						'value' => 'php'
 					),
 					'mod_fcgid_starter' => array(
+						'visible' => ($settings['system']['mod_fcgid'] == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
 						'type' => 'text'
 					),
 					'mod_fcgid_maxrequests' => array(
+						'visible' => ($settings['system']['mod_fcgid'] == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_maxrequests']['title'],
 						'type' => 'text'
 					),
+					'phpfpm_enable_slowlog' => array(
+						'visible' => ($settings['phpfpm']['enabled'] == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['enable_slowlog'],
+						'type' => 'checkbox',
+						'values' => array(
+										array ('label' => $lng['panel']['yes'], 'value' => '1')
+									),
+						'value' => array()
+					),
+					'phpfpm_reqtermtimeout' => array(
+						'visible' => ($settings['phpfpm']['enabled'] == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['request_terminate_timeout'],
+						'type' => 'text',
+						'maxlength' => 10,
+						'value' => '60s'
+					),
+					'phpfpm_reqslowtimeout' => array(
+						'visible' => ($settings['phpfpm']['enabled'] == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['request_slowlog_timeout'],
+						'type' => 'text',
+						'maxlength' => 10,
+						'value' => '5s'
+					),
 					'phpsettings' => array(
 						'style' => 'vertical-align:top;',
 						'label' => $lng['admin']['phpsettings']['phpinisettings'],
--- a/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php
+++ b/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php
@@ -31,12 +31,14 @@ return array(
 						'value' => $result['description']
 					),
 					'binary' => array(
+						'visible' => ($settings['system']['mod_fcgid'] == 1 ? true : false),
 						'label' => $lng['admin']['phpsettings']['binary'],
 						'type' => 'text',
 						'maxlength' => 255,
 						'value' => $result['binary']
 					),
 					'file_extensions' => array(
+						'visible' => ($settings['system']['mod_fcgid'] == 1 ? true : false),
 						'label' => $lng['admin']['phpsettings']['file_extensions'],
 						'desc' => $lng['admin']['phpsettings']['file_extensions_note'],
 						'type' => 'text',
@@ -44,15 +46,40 @@ return array(
 						'value' => $result['file_extensions']
 					),
 					'mod_fcgid_starter' => array(
+						'visible' => ($settings['system']['mod_fcgid'] == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
 						'type' => 'text',
 						'value' => ((int)$result['mod_fcgid_starter'] != - 1 ? $result['mod_fcgid_starter'] : '')
 					),
 					'mod_fcgid_maxrequests' => array(
+						'visible' => ($settings['system']['mod_fcgid'] == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_maxrequests']['title'],
 						'type' => 'text',
 						'value' => ((int)$result['mod_fcgid_maxrequests'] != - 1 ? $result['mod_fcgid_maxrequests'] : '')
 					),
+					'phpfpm_enable_slowlog' => array(
+						'visible' => ($settings['phpfpm']['enabled'] == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['enable_slowlog'],
+						'type' => 'checkbox',
+						'values' => array(
+								array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['fpm_slowlog'])
+					),
+					'phpfpm_reqtermtimeout' => array(
+						'visible' => ($settings['phpfpm']['enabled'] == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['request_terminate_timeout'],
+						'type' => 'text',
+						'maxlength' => 10,
+						'value' => $result['fpm_reqterm']
+					),
+					'phpfpm_reqslowtimeout' => array(
+						'visible' => ($settings['phpfpm']['enabled'] == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['request_slowlog_timeout'],
+						'type' => 'text',
+						'maxlength' => 10,
+						'value' => $result['fpm_reqslow']
+					),
 					'phpsettings' => array(
 						'style' => 'vertical-align:top;',
 						'label' => $lng['admin']['phpsettings']['phpinisettings'],
--- a/lib/formfields/customer/domains/formfield.domains_add.php
+++ b/lib/formfields/customer/domains/formfield.domains_add.php
@@ -62,7 +62,8 @@ return array(
 					),
 					'ssl_redirect' => array(
 						'visible' => ($settings['system']['use_ssl'] == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => 'SSL Redirect',
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
 						'type' => 'checkbox',
 						'values' => array(
 										array ('label' => $lng['panel']['yes'], 'value' => '1')
--- a/lib/formfields/customer/domains/formfield.domains_edit.php
+++ b/lib/formfields/customer/domains/formfield.domains_edit.php
@@ -77,8 +77,9 @@ return array(
 						'value' => array($result['isemaildomain'])
 					),
 					'ssl_redirect' => array(
-						'visible' => ($settings['system']['use_ssl'] == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => 'SSL Redirect',
+						'visible' => ($settings['system']['use_ssl'] == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
 						'type' => 'checkbox',
 						'values' => array(
 										array ('label' => $lng['panel']['yes'], 'value' => '1')
--- a/lib/formfields/customer/mysql/formfield.mysql_add.php
+++ b/lib/formfields/customer/mysql/formfield.mysql_add.php
@@ -28,7 +28,7 @@ return array(
 						'type' => 'text',
 					),
 					'mysql_server' => array(
-						'visible' => (1 < count($sql_root) ? true : false),
+						'visible' => (1 < $count_mysqlservers ? true : false),
 						'label' => $lng['mysql']['mysql_server'],
 						'type' => 'select',
 						'select_var' => $mysql_servers,
--- a/lib/formfields/customer/mysql/formfield.mysql_edit.php
+++ b/lib/formfields/customer/mysql/formfield.mysql_edit.php
@@ -34,10 +34,10 @@ return array(
 						'value' => $result['description'],
 					),
 					'mysql_server' => array(
-						'visible' => (1 < count($sql_root) ? true : false),
+						'visible' => (1 < $count_mysqlservers ? true : false),
 						'label' => $lng['mysql']['mysql_server'],
 						'type' => 'label',
-						'value' => $sql_root[$result['dbserver']]['caption']
+						'value' => $sql_root['caption']
 					),
 					'mysql_password' => array(
 						'label' => $lng['changepassword']['new_password_ifnotempty'],
--- a/lib/functions/aps/function.domainHasApsInstances.php
+++ b/lib/functions/aps/function.domainHasApsInstances.php
@@ -26,17 +26,19 @@
 *
 * @return boolean
 */
-function domainHasApsInstances($domainid = 0)
-{
-	global $db, $settings, $theme;
+function domainHasApsInstances($domainid = 0) {
+
+	global $settings, $theme;
 	
-	if($settings['aps']['aps_active'] == '1')
-	{
-		if($domainid > 0)
-		{
-			$instances = $db->query_first("SELECT COUNT(`ID`) AS `count` FROM `" . TABLE_APS_SETTINGS . "` WHERE `Name`='main_domain' AND `Value`='" . (int)$domainid . "'");
-			if((int)$instances['count'] != 0)
-			{
+	if ($settings['aps']['aps_active'] == '1') {
+		if ($domainid > 0) {
+			$instances_stmt = Database::prepare("
+				SELECT COUNT(`ID`) AS `count` FROM `" . TABLE_APS_SETTINGS . "`
+				WHERE `Name` = 'main_domain' AND `Value` = :domainid"
+			);
+			$instances = Database::pexecute_first($instances_stmt, array('domainid' => $domainid));
+
+			if ((int)$instances['count'] != 0) {
 				return true;
 			}
 		}
--- a/lib/functions/database/function.correctMysqlUsers.php
+++ b/lib/functions/database/function.correctMysqlUsers.php
@@ -17,75 +17,70 @@
 *
 */

-function correctMysqlUsers($mysql_access_host_array)
-{
-	global $db, $settings, $sql, $sql_root, $theme;
-	
-	foreach($sql_root as $mysql_server => $mysql_server_details)
-	{
-		$db_root = new db($mysql_server_details['host'], $mysql_server_details['user'], $mysql_server_details['password'], '');
-		unset($mysql_server_details['password']);
+function correctMysqlUsers($mysql_access_host_array) {

-		$users = array();
-		$users_result = $db_root->query('SELECT * FROM `mysql`.`user`');
+	global $settings, $log;

-		while($users_row = $db_root->fetch_array($users_result))
-		{
-			if(!isset($users[$users_row['User']])
-			   || !is_array($users[$users_row['User']]))
-			{
-				$users[$users_row['User']] = array(
-					'password' => $users_row['Password'],
-					'hosts' => array()
-				);
-			}
+	// get sql-root access data
+	Database::needRoot(true);
+	Database::needSqlData();
+	$sql_root = Database::getSqlData();
+	Database::needRoot(false);

-			$users[$users_row['User']]['hosts'][] = $users_row['Host'];
-		}
+	$dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `".TABLE_PANEL_DATABASES."`");
+	$mysql_servers = '';
+
+	while ($dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC)) {
+
+		Database::needRoot(true, $dbserver['dbserver']);
+		Database::needSqlData();
+		$sql_root = Database::getSqlData();
+
+		$dbm = new DbManager($settings, $log);
+		$users = $dbm->getManager()->getAllSqlUsers(false);

 		$databases = array(
-			$sql['db']
+				$sql_root['db']
 		);
-		$databases_result = $db->query('SELECT * FROM `' . TABLE_PANEL_DATABASES . '` WHERE `dbserver` = \'' . $mysql_server . '\'');
+		$databases_result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
+			WHERE `dbserver` = :mysqlserver
+		");
+		Database::pexecute($databases_result_stmt, array('mysqlserver' => $dbserver['dbserver']));

-		while($databases_row = $db->fetch_array($databases_result))
-		{
+		while ($databases_row = $databases_result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$databases[] = $databases_row['databasename'];
 		}

-		foreach($databases as $username)
-		{
-			if(isset($users[$username])
-			   && is_array($users[$username])
-			   && isset($users[$username]['hosts'])
-			   && is_array($users[$username]['hosts']))
-			{
+		foreach ($databases as $username) {
+
+			if (isset($users[$username])
+					&& is_array($users[$username])
+					&& isset($users[$username]['hosts'])
+					&& is_array($users[$username]['hosts'])
+			) {
+
 				$password = $users[$username]['password'];
-				foreach($mysql_access_host_array as $mysql_access_host)
-				{
+
+				foreach ($mysql_access_host_array as $mysql_access_host) {
+
 					$mysql_access_host = trim($mysql_access_host);

-					if(!in_array($mysql_access_host, $users[$username]['hosts']))
-					{
-						$db_root->query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($username)) . '`.* TO `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` IDENTIFIED BY \'password\'');
-						$db_root->query('SET PASSWORD FOR `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '` = \'' . $db_root->escape($password) . '\'');
+					if (!in_array($mysql_access_host, $users[$username]['hosts'])) {
+						$dbm->getManager()->grantPrivilegesTo($username, $password, $mysql_access_host);
 					}
 				}

-				foreach($users[$username]['hosts'] as $mysql_access_host)
-				{
-					if(!in_array($mysql_access_host, $mysql_access_host_array))
-					{
-						$db_root->query('REVOKE ALL PRIVILEGES ON * . * FROM `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '`');
-						$db_root->query('REVOKE ALL PRIVILEGES ON `' . str_replace('_', '\_', $db_root->escape($username)) . '` . * FROM `' . $db_root->escape($username) . '`@`' . $db_root->escape($mysql_access_host) . '`');
-						$db_root->query('DELETE FROM `mysql`.`user` WHERE `User` = "' . $db_root->escape($username) . '" AND `Host` = "' . $db_root->escape($mysql_access_host) . '"');
+				foreach ($users[$username]['hosts'] as $mysql_access_host) {
+
+					if (!in_array($mysql_access_host, $mysql_access_host_array)) {
+						$dbm->getManager()->deleteUser($username, $mysql_access_host);
 					}
 				}
 			}
 		}

-		$db_root->query('FLUSH PRIVILEGES');
-		$db_root->close();
-		unset($db_root);
+		$dbm->flushPrivileges();
+		Database::needRoot(false);
 	}
 }
--- a/lib/functions/database/function.getTables.php
+++ b/lib/functions/database/function.getTables.php
@@ -1,122 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2003-2009 the SysCP Team (see authors).
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Florian Lippert <flo@syscp.org> (2003-2009)
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Functions
- *
- */
-
-/**
- * Returns an array with all tables with keys which are in the currently selected database
- *
- * @param  db    A valid DB-object
- * @return array Array with tables and keys
- *
- * @author Florian Lippert <flo@syscp.org>
- */
-
-function getTables(&$db)
-{
-	// This variable is our return-value
-
-	$tables = array();
-
-	// The fieldname in the associative array which we get by fetch_array()
-
-	$tablefieldname = 'Tables_in_' . $db->database;
-
-	// Query for a list of tables in the currently selected database
-
-	$tables_result = $db->query('SHOW TABLES');
-
-	while($tables_row = $db->fetch_array($tables_result))
-	{
-		// Extract tablename
-
-		$tablename = $tables_row[$tablefieldname];
-
-		// Create sub-array with key tablename
-
-		$tables[$tablename] = array();
-
-		// Query for a list of indexes of the currently selected table
-
-		$keys_result = $db->query('SHOW INDEX FROM ' . $tablename);
-
-		while($keys_row = $db->fetch_array($keys_result))
-		{
-			// Extract keyname
-
-			$keyname = $keys_row['Key_name'];
-
-			// If there is aleady a key in our tablename-sub-array with has the same name as our key
-			// OR if the sequence is not one
-			// then we have more then index-columns for our keyname
-
-			if((isset($tables[$tablename][$keyname]) && $tables[$tablename][$keyname] != '')
-			   || $keys_row['Seq_in_index'] != '1')
-			{
-				// If there is no keyname in the tablename-sub-array set ...
-
-				if(!isset($tables[$tablename][$keyname]))
-				{
-					// ... then create one
-
-					$tables[$tablename][$keyname] = array();
-				}
-
-				// If the keyname-sub-array isn't an array ...
-
-				elseif (!is_array($tables[$tablename][$keyname]))
-				{
-					// temporary move columname
-
-					$tmpkeyvalue = $tables[$tablename][$keyname];
-
-					// unset keyname-key
-
-					unset($tables[$tablename][$keyname]);
-
-					// create new array for keyname-key
-
-					$tables[$tablename][$keyname] = array();
-
-					// keyindex will be 1 by default, if seq is also 1 we'd better use 0 (this case shouldn't ever occur)
-
-					$keyindex = ($keys_row['Seq_in_index'] == '1') ? '0' : '1';
-
-					// then move back our tmp columname from above
-
-					$tables[$tablename][$keyname][$keyindex] = $tmpkeyvalue;
-
-					// end unset the variable afterwards
-
-					unset($tmpkeyvalue);
-				}
-
-				// set columname
-
-				$tables[$tablename][$keyname][$keys_row['Seq_in_index']] = $keys_row['Column_name'];
-			}
-			else
-			{
-				// set columname
-
-				$tables[$tablename][$keyname] = $keys_row['Column_name'];
-			}
-		}
-	}
-
-	return $tables;
-}
--- a/lib/functions/filedir/function.maildirExists.php
+++ b/lib/functions/filedir/function.maildirExists.php
@@ -1,49 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * For the full copyright and license information, please view the COPYING
- * file that was distributed with this source code. You can also view the
- * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  (c) the authors
- * @author     Froxlor team <team@froxlor.org> (2010-)
- * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
- * @package    Functions
- *
- */
-
-/**
- * check whether a maildir exists on the filesystem
- * 
- * @param array $result all mail-info of customer
- * 
- * @return boolean 
- */
-function maildirExists($result = null)
-{
-	global $settings, $theme;
-
-	if(is_array($result))
-	{
-		$loginname = getCustomerDetail($result['customerid'], 'loginname');
-		if($loginname !== false) {
-			$email_user=substr($result['email_full'],0,strrpos($result['email_full'],"@"));
-			$email_domain=substr($result['email_full'],strrpos($result['email_full'],"@")+1);
-			$maildirname=trim($settings['system']['vmail_maildirname']);
-			$maildir = makeCorrectDir($settings['system']['vmail_homedir'] .'/'. $loginname .'/'. $email_domain .'/'. $email_user . (!empty($maildirname)?'/'.$maildirname:''));
-			if(@file_exists($maildir)) {
-				return true;
-			} else {
-				// backward-compatibility for old folder-structure
-				$maildir_old = makeCorrectDir($settings['system']['vmail_homedir'] .'/'. $loginname .'/'. $email_user);
-				if (@file_exists($maildir_old)) {
-					return true;
-				}
-			}
-		}
-	}
-	return false;
-}
--- a/lib/functions/filedir/function.makeChownWithNewStats.php
+++ b/lib/functions/filedir/function.makeChownWithNewStats.php
@@ -26,7 +26,7 @@
 */
 function makeChownWithNewStats($row)
 {
-	global $settings, $theme;
+	global $settings;

 	// get correct user
 	if($settings['system']['mod_fcgid'] == '1' && isset($row['deactivated']) && $row['deactivated'] == '0')
--- a/lib/functions/filedir/function.makeCorrectDir.php
+++ b/lib/functions/filedir/function.makeCorrectDir.php
@@ -24,7 +24,6 @@
 * @return string The corrected dirname
 * @author Florian Lippert <flo@syscp.org>
 */
-
 function makeCorrectDir($dir) {

 	$dir = trim($dir);
--- a/lib/functions/filedir/function.makePathfield.php
+++ b/lib/functions/filedir/function.makePathfield.php
@@ -23,18 +23,16 @@
 * @param string  path      The path to start searching in
 * @param integer uid       The uid which must match the found directories
 * @param integer gid       The gid which must match the found direcotries
- * @param string  fieldType Either "Manual" or "Dropdown"
 * @param string  value     the value for the input-field
- * 
+ *
 * @return string   The html tag for the choosen $fieldType
 *
 * @author Martin Burchert  <martin.burchert@syscp.de>
 * @author Manuel Bernhardt <manuel.bernhardt@syscp.de>
 */
+function makePathfield($path, $uid, $gid, $value = '', $dom = false) {

-function makePathfield($path, $uid, $gid, $fieldType, $value = '', $dom = false)
-{
-	global $lng, $theme;
+	global $lng, $settings;

 	$value = str_replace($path, '', $value);
 	$field = array();
@@ -47,41 +45,34 @@ function makePathfield($path, $uid, $gid, $fieldType, $value = '', $dom = false)
 		$value = '/'.$value;
 	}

-	if($fieldType == 'Manual')
-	{
+	$fieldType = $settings['panel']['pathedit'];
+
+	if ($fieldType == 'Manual') {
+
 		$field = array(
 			'type' => 'text',
 			'value' => htmlspecialchars($value)
 		);
-		
-	}
-	elseif($fieldType == 'Dropdown')
-	{
+
+	} elseif($fieldType == 'Dropdown') {
+
 		$dirList = findDirs($path, $uid, $gid);
-		
 		natcasesort($dirList);

-		if(sizeof($dirList) > 0)
-		{
-			if(sizeof($dirList) <= 100)
-			{
+		if (sizeof($dirList) > 0) {
+			if (sizeof($dirList) <= 100) {
 				$_field = '';
-				foreach($dirList as $key => $dir)
-				{
-					if(strpos($dir, $path) === 0)
-					{
+				foreach ($dirList as $key => $dir) {
+					if (strpos($dir, $path) === 0) {
 						$dir = makeCorrectDir(substr($dir, strlen($path)));
 					}
-	
 					$_field.= makeoption($dir, $dir, $value);
 				}
 				$field = array(
 					'type' => 'select',
 					'value' => $_field
 				);
-			}
-			else
-			{
+			} else {
 				// remove starting slash we added
 				// for the Dropdown, #225
 				$value = substr($value, 1);
@@ -92,9 +83,7 @@ function makePathfield($path, $uid, $gid, $fieldType, $value = '', $dom = false)
 					'note' => $lng['panel']['toomanydirs']
 				);
 			}
-		}
-		else
-		{
+		} else {
 			//$field = $lng['panel']['dirsmissing'];
 			//$field = '<input type="hidden" name="path" value="/" />';
 			$field = array(
--- a/lib/functions/filedir/function.makeSecurePath.php
+++ b/lib/functions/filedir/function.makeSecurePath.php
@@ -26,12 +26,12 @@
 */
 function makeSecurePath($path) {

-	$search = Array(
+	$search = array(
 		'#/+#',
 		'#\.+#',
 		'#\0+#'
 	);
-	$replace = Array(
+	$replace = array(
 		'/',
 		'.',
 		''
@@ -41,5 +41,14 @@ function makeSecurePath($path) {
 	// it might be escaped already
 	$path = str_replace("\ ", " ", $path);
 	$path = str_replace(" ", "\ ", $path);
+
+	// check for bad characters, some are allowed with escaping
+	// but we generally don't want them in our directory-names,
+	// thx to aaronmueller for this snipped
+	$badchars = array(':', ';', '|', '&', '>', '<', '`', '$', '~', '?');
+	foreach ($badchars as $bc) {
+		str_replace($bc, "", $path);
+	}
+
 	return $path;
 }
--- a/lib/functions/filedir/function.safe_exec.php
+++ b/lib/functions/filedir/function.safe_exec.php
@@ -20,101 +20,33 @@
 /**
 * Wrapper around the exec command.
 *
- * @author Martin Burchert <eremit@adm1n.de>
- * @version 1.2
 * @param string exec_string String to be executed
+ * 
 * @return string The result of the exec()
- *
- * History:
- * 1.0 : Initial Version
- * 1.1 : Added |,&,>,<,`,*,$,~,? as security breaks.
- * 1.2 : Removed * as security break
 */
+function safe_exec($exec_string, &$return_value = false) {

-function safe_exec($exec_string, &$return_value = false)
-{
-	global $settings, $theme;
-
-	//
-	// define allowed system commands
-	//
-
-	$allowed_commands = array(
-		'touch',
-		'chown',
-		'mkdir',
-		'webalizer',
-		'cp',
-		'du',
-		'chmod',
-		'chattr',
-		'chflags', /* freebsd equivalent to linux' chattr */
-		$settings['system']['apachereload_command'],
-		$settings['system']['bindreload_command'],
-		$settings['dkim']['dkimrestart_command'],
-		'openssl',
-		'unzip',
-		'php',
-		'rm',
-		'awstats_buildstaticpages.pl',
-		'ln'
-	);
-
-	//
-	// check for ; in execute command
-	//
-
-	if((stristr($exec_string, ';'))
-	   or (stristr($exec_string, '|'))
-	   or (stristr($exec_string, '&'))
-	   or (stristr($exec_string, '>'))
-	   or (stristr($exec_string, '<'))
-	   or (stristr($exec_string, '`'))
-	   or (stristr($exec_string, '$'))
-	   or (stristr($exec_string, '~'))
-	   or (stristr($exec_string, '?')))
-	{
+	// check for bad signs in execute command
+	if ((stristr($exec_string, ';'))
+	   || (stristr($exec_string, '|'))
+	   || (stristr($exec_string, '&'))
+	   || (stristr($exec_string, '>'))
+	   || (stristr($exec_string, '<'))
+	   || (stristr($exec_string, '`'))
+	   || (stristr($exec_string, '$'))
+	   || (stristr($exec_string, '~'))
+	   || (stristr($exec_string, '?'))
+	) {
 		die('SECURITY CHECK FAILED!' . "\n" . 'The execute string "' . htmlspecialchars($exec_string) . '" is a possible security risk!' . "\n" . 'Please check your whole server for security problems by hand!' . "\n");
 	}

-	/*
-	 * This is not needed anymore, we allow all commands and just check for pipes and stuff
-	//
-	// check if command is allowed here
-	//
-
-	$ok = false;
-	foreach($allowed_commands as $allowed_command)
-	{
-		if(strpos($exec_string, $allowed_command) === 0
-		   && (strlen($exec_string) === ($allowed_command_pos = strlen($allowed_command)) || substr($exec_string, $allowed_command_pos, 1) === ' '))
-		{
-			$ok = true;
-		}
-	}
-
-	if(!$ok)
-	{
-		die('SECURITY CHECK FAILED!' . "\n" . 'Your command "' . htmlspecialchars($exec_string) . '" is not allowed!' . "\n" . 'Please check your whole server for security problems by hand!' . "\n");
-	}
-	*/
-
-	//
 	// execute the command and return output
-	//
-	// --- martin @ 08.08.2005 -------------------------------------------------------
-	// fixing usage of uninitialised variable
-
 	$return = '';

 	// -------------------------------------------------------------------------------
-
-	if($return_value == false)
-	{
+	if ($return_value == false) {
 		exec($exec_string, $return);
-	}
-	else
-	{
+	} else {
 		exec($exec_string, $return, $return_value);
 	}

--- a/lib/functions/filedir/function.storeDefaultIndex.php
+++ b/lib/functions/filedir/function.storeDefaultIndex.php
@@ -25,18 +25,26 @@
 * 
 * @return null
 */
-function storeDefaultIndex($loginname = null, $destination = null, $logger = null, $force = false)
-{
-	global $db, $settings, $pathtophpfiles, $theme;
+function storeDefaultIndex($loginname = null, $destination = null, $logger = null, $force = false) {
+
+	global $settings;

 	if ($force
 		|| (int)$settings['system']['store_index_file_subs'] == 1
 	) {
-		$result = $db->query("SELECT `t`.`value`, `c`.`email` AS `customer_email`, `a`.`email` AS `admin_email`, `c`.`loginname` AS `customer_login`, `a`.`loginname` AS `admin_login` FROM `" . TABLE_PANEL_CUSTOMERS . "` AS `c` INNER JOIN `" . TABLE_PANEL_ADMINS . "` AS `a` ON `c`.`adminid` = `a`.`adminid` INNER JOIN `" . TABLE_PANEL_TEMPLATES . "` AS `t` ON `a`.`adminid` = `t`.`adminid` WHERE `varname` = 'index_html' AND `c`.`loginname` = '" . $db->escape($loginname) . "'");
-	
-		if($db->num_rows($result) > 0)
-		{
-			$template = $db->fetch_array($result);
+		$result_stmt = Database::prepare("
+			SELECT `t`.`value`, `c`.`email` AS `customer_email`, `a`.`email` AS `admin_email`, `c`.`loginname` AS `customer_login`, `a`.`loginname` AS `admin_login`
+			FROM `" . TABLE_PANEL_CUSTOMERS . "` AS `c` INNER JOIN `" . TABLE_PANEL_ADMINS . "` AS `a`
+			ON `c`.`adminid` = `a`.`adminid`
+			INNER JOIN `" . TABLE_PANEL_TEMPLATES . "` AS `t`
+			ON `a`.`adminid` = `t`.`adminid`
+			WHERE `varname` = 'index_html' AND `c`.`loginname` = :loginname");
+		Database::pexecute($result_stmt, array('loginname' => $loginname));
+
+		if (Database::num_rows() > 0) {
+
+			$template = $result_stmt->fetch(PDO::FETCH_ASSOC);
+
 			$replace_arr = array(
 				'SERVERNAME' => $settings['system']['hostname'],
 				'CUSTOMER' => $template['customer_login'],
@@ -44,6 +52,7 @@ function storeDefaultIndex($loginname = null, $destination = null, $logger = nul
 				'CUSTOMER_EMAIL' => $template['customer_email'],
 				'ADMIN_EMAIL' => $template['admin_email']
 			);
+
 			$htmlcontent = replace_variables($template['value'], $replace_arr);
 			$indexhtmlpath = makeCorrectFile($destination . '/index.' . $settings['system']['index_file_extension']);
 			$index_html_handler = fopen($indexhtmlpath, 'w');
@@ -52,14 +61,13 @@ function storeDefaultIndex($loginname = null, $destination = null, $logger = nul
 			if ($logger !== null) {
 				$logger->logAction(CRON_ACTION, LOG_NOTICE, 'Creating \'index.' . $settings['system']['index_file_extension'] . '\' for Customer \'' . $template['customer_login'] . '\' based on template in directory ' . escapeshellarg($indexhtmlpath));
 			}
-		}
-		else
-		{
+
+		} else {
 			$destination = makeCorrectDir($destination);
 			if ($logger !== null) {
-				$logger->logAction(CRON_ACTION, LOG_NOTICE, 'Running: cp -a ' . $pathtophpfiles . '/templates/misc/standardcustomer/* ' . escapeshellarg($destination));
+				$logger->logAction(CRON_ACTION, LOG_NOTICE, 'Running: cp -a ' . FROXLOR_INSTALL_DIR . '/templates/misc/standardcustomer/* ' . escapeshellarg($destination));
 			}
-			safe_exec('cp -a ' . $pathtophpfiles . '/templates/misc/standardcustomer/* ' . escapeshellarg($destination));
+			safe_exec('cp -a ' . FROXLOR_INSTALL_DIR . '/templates/misc/standardcustomer/* ' . escapeshellarg($destination));
 		}
 	}
 	return;
--- a/lib/functions/formfields/string/function.validateFormFieldString.php
+++ b/lib/functions/formfields/string/function.validateFormFieldString.php
@@ -68,6 +68,26 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
 				$returnvalue = ($newfieldvalue == makeCorrectDir($newfieldvalue));
 			}
 		}
+		elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'confdir') {
+			// check for empty value (it might be allowed)
+			if (trim($newfieldvalue) == '') {
+				$newfieldvalue = '';
+				$returnvalue = 'stringmustntbeempty';
+			} else {
+				// add trailing slash to validate path if needed
+				// refs #331
+				if (substr($newfieldvalue, -1) != '/') {
+					$newfieldvalue.= '/';
+				}
+				// if this is a configuration directory, check for stupidity of admins :p
+				if (checkDisallowedPaths($newfieldvalue) !== true) {
+					$newfieldvalue = '';
+					$returnvalue = 'givendirnotallowed';
+				} else {
+					$returnvalue = ($newfieldvalue == makeCorrectDir($newfieldvalue));
+				}
+			}
+		}
 		elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'file') {
 			// check for empty value (it might be allowed)
 			if (trim($newfieldvalue) == '') {
--- a/lib/functions/froxlor/function.CorrectErrorDocument.php
+++ b/lib/functions/froxlor/function.CorrectErrorDocument.php
@@ -15,56 +15,48 @@
 *
 */

-/*
+/**
 * this functions validates a given value as ErrorDocument
 * refs #267
- * 
+ *
 * @param string error-document-string
- * 
+ *
 * @return string error-document-string
- * 
+ *
 */
- function correctErrorDocument($errdoc = null)
- {
- 	global $settings, $idna_convert, $theme;
+function correctErrorDocument($errdoc = null) {

- 	if($errdoc !== null && $errdoc != '')
- 	{
- 		// not a URL
- 		if((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' 
- 			&& strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:')
- 			|| !validateUrl($idna_convert->encode($errdoc)))
- 		{
- 			// a file
- 			if(substr($errdoc, 0, 1) != '"')
- 			{
- 				$errdoc = makeCorrectFile($errdoc);
- 				// apache needs a starting-slash (starting at the domains-docroot)
- 				if(!substr($errdoc, 0, 1) == '/') {
- 					$errdoc = '/'.$errdoc;
- 				}
- 			}
- 			// a string (check for ending ")
- 			else
- 			{
- 				// string won't work for lighty
- 				if($settings['system']['webserver'] == 'lighttpd')
- 				{
- 					standard_error('stringerrordocumentnotvalidforlighty');
- 				}
- 				elseif(substr($errdoc, -1) != '"')
- 				{
- 					$errdoc .= '"';
- 				}
- 			}
- 		}
- 		else
- 		{
- 		 	if($settings['system']['webserver'] == 'lighttpd')
- 			{
- 				standard_error('urlerrordocumentnotvalidforlighty');
- 			}
- 		}
- 	}
- 	return $errdoc;
- }
+	global $settings, $idna_convert;
+
+	if ($errdoc !== null && $errdoc != '') {
+		// not a URL
+		if ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:'
+				&& strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:')
+				|| !validateUrl($idna_convert->encode($errdoc))
+		) {
+			// a file
+			if (substr($errdoc, 0, 1) != '"') {
+				$errdoc = makeCorrectFile($errdoc);
+				// apache needs a starting-slash (starting at the domains-docroot)
+				if (!substr($errdoc, 0, 1) == '/') {
+					$errdoc = '/'.$errdoc;
+				}
+			}
+			// a string (check for ending ")
+			else {
+				// string won't work for lighty
+				if ($settings['system']['webserver'] == 'lighttpd') {
+					standard_error('stringerrordocumentnotvalidforlighty');
+
+				} elseif(substr($errdoc, -1) != '"') {
+					$errdoc .= '"';
+				}
+			}
+		} else {
+			if ($settings['system']['webserver'] == 'lighttpd') {
+				standard_error('urlerrordocumentnotvalidforlighty');
+			}
+		}
+	}
+	return $errdoc;
+}
--- a/lib/functions/froxlor/function.CronjobFunctions.php
+++ b/lib/functions/froxlor/function.CronjobFunctions.php
@@ -22,59 +22,61 @@
 *
 * @return	array	array of cron-files which are to be executed
 */
-function getNextCronjobs()
-{
-	global $db, $theme;
+function getNextCronjobs() {

 	$query = "SELECT `id`, `cronfile` FROM `".TABLE_PANEL_CRONRUNS."` WHERE `interval` <> '0' AND `isactive` = '1' AND (";

 	$intervals = getIntervalOptions();
-
 	$x = 0;
-	foreach($intervals as $name => $ival)
-	{
+
+	foreach($intervals as $name => $ival) {
+
 		if($name == '0') continue;

 		if($x == 0) {
-			$query.= '(UNIX_TIMESTAMP(DATE_ADD(FROM_UNIXTIME(`lastrun`), INTERVAL '.$ival.')) <= UNIX_TIMESTAMP() AND `interval`=\''.$ival.'\')';
+			$query.= "(UNIX_TIMESTAMP(DATE_ADD(FROM_UNIXTIME(`lastrun`), INTERVAL ".$ival.")) <= UNIX_TIMESTAMP() AND `interval` = '".$ival."')";
 		} else {
-			$query.= ' OR (UNIX_TIMESTAMP(DATE_ADD(FROM_UNIXTIME(`lastrun`), INTERVAL '.$ival.')) <= UNIX_TIMESTAMP() AND `interval`=\''.$ival.'\')';
+			$query.= " OR (UNIX_TIMESTAMP(DATE_ADD(FROM_UNIXTIME(`lastrun`), INTERVAL ".$ival.")) <= UNIX_TIMESTAMP() AND `interval` = '".$ival."')";
 		}
 		$x++;
 	}
-
 	$query.= ');';

-	$result = $db->query($query);
+	$result = Database::query($query);

 	$cron_files = array();
-	while($row = $db->fetch_array($result))
-	{
+	// Update lastrun-timestamp
+	while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
 		$cron_files[] = $row['cronfile'];
-		$db->query("UPDATE `".TABLE_PANEL_CRONRUNS."` SET `lastrun` = UNIX_TIMESTAMP() WHERE `id` ='".(int)$row['id']."';");
+		$upd_stmt = Database::prepare("
+			UPDATE `".TABLE_PANEL_CRONRUNS."` SET `lastrun` = UNIX_TIMESTAMP() WHERE `id` = :id;"
+		);
+		Database::pexecute($upd_stmt, array('id' => $row['id']));
 	}

 	return $cron_files;
 }

+function includeCronjobs($debugHandler) {

-function includeCronjobs($debugHandler, $pathtophpfiles)
-{
-	global $settings, $theme;
+	global $cronlog;

 	$cronjobs = getNextCronjobs();

 	$jobs_to_run = array();
-	$cron_path = makeCorrectDir($pathtophpfiles.'/scripts/jobs/');
+	$cron_path = makeCorrectDir(FROXLOR_INSTALL_DIR.'/scripts/jobs/');

-	if($cronjobs !== false
-	&& is_array($cronjobs)
-	&& isset($cronjobs[0]))
-	{
-		foreach($cronjobs as $cronjob)
-		{
+	if ($cronjobs !== false
+		&& is_array($cronjobs)
+		&& isset($cronjobs[0])
+	) {
+		foreach ($cronjobs as $cronjob) {
 			$cron_file = makeCorrectFile($cron_path.$cronjob);
-			$jobs_to_run[] = $cron_file;
+			if (!file_exists($cron_file)) {
+				$cronlog->logAction(CRON_ACTION, LOG_ERROR, 'Wanted to include cronfile "'.$cron_file.'" but this file does not exist!!!');
+			} else {
+				$jobs_to_run[] = $cron_file;
+			}
 		}
 	}

@@ -82,24 +84,21 @@ function includeCronjobs($debugHandler, $pathtophpfiles)
 }


-function getIntervalOptions()
-{
-	global $db, $lng, $cronlog, $theme;
+function getIntervalOptions() {
+
+	global $lng, $cronlog;

 	$query = "SELECT DISTINCT `interval` FROM `" . TABLE_PANEL_CRONRUNS . "` ORDER BY `interval` ASC;";
-	$result = $db->query($query);
-	$cron_intervals = array();
+	$result = Database::query($query);

+	$cron_intervals = array();
 	$cron_intervals['0'] = $lng['panel']['off'];

-	while($row = $db->fetch_array($result))
-	{
-		if(validateSqlInterval($row['interval']))
-		{
+	while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
+
+		if (validateSqlInterval($row['interval'])) {
 			$cron_intervals[$row['interval']] = $row['interval'];
-		}
-		else
-		{
+		} else {
 			$cronlog->logAction(CRON_ACTION, LOG_ERROR, "Invalid SQL-Interval ".$row['interval']." detected. Please fix this in the database.");
 		}
 	}
@@ -108,19 +107,18 @@ function getIntervalOptions()
 }


-function getCronjobsLastRun()
-{
-	global $db, $lng, $theme;
+function getCronjobsLastRun() {
+
+	global $lng;

 	$query = "SELECT `lastrun`, `desc_lng_key` FROM `".TABLE_PANEL_CRONRUNS."` WHERE `isactive` = '1' ORDER BY `cronfile` ASC";
-	$result = $db->query($query);
+	$result = Database::query($query);

 	$cronjobs_last_run = '';
+	while ($row = $result->fetch(PDO::FETCH_ASSOC)) {

-	while($row = $db->fetch_array($result))
-	{
 		$lastrun = $lng['cronjobs']['notyetrun'];
-		if($row['lastrun'] > 0) {
+		if ($row['lastrun'] > 0) {
 			$lastrun = date('d.m.Y H:i:s', $row['lastrun']);
 		}

@@ -133,97 +131,74 @@ function getCronjobsLastRun()
 	return $cronjobs_last_run;
 }

-function toggleCronStatus($module = null, $isactive = 0)
-{
-	global $db, $theme;
+function toggleCronStatus($module = null, $isactive = 0) {

 	if($isactive != 1) {
 		$isactive = 0;
 	}

-	$query = "UPDATE `".TABLE_PANEL_CRONRUNS."` SET `isactive` = '".(int)$isactive."' WHERE `module` = '".$module."'";
-	$db->query($query);
-
+	$upd_stmt = Database::prepare("
+		UPDATE `".TABLE_PANEL_CRONRUNS."` SET `isactive` = :active WHERE `module` = :module"
+	);
+	Database::pexecute($upd_stmt, array('active' => $isactive, 'module' => $module));
 }

-function getOutstandingTasks()
-{
-	global $db, $lng, $theme;
+function getOutstandingTasks() {
+
+	global $lng;

 	$query = "SELECT * FROM `".TABLE_PANEL_TASKS."` ORDER BY `type` ASC";
-	$result = $db->query($query);
+	$result = Database::query($query);

 	$value = '<ul class="cronjobtask">';
 	$tasks = '';
-	while($row = $db->fetch_array($result))
-	{
-		if($row['data'] != '')
-		{
+	while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
+
+		if ($row['data'] != '') {
 			$row['data'] = unserialize($row['data']);
 		}

-		/*
-		 * rebuilding webserver-configuration
-		 */
-		if($row['type'] == '1')
-		{
+		// rebuilding webserver-configuration
+		if ($row['type'] == '1') {
 			$task_desc = $lng['tasks']['rebuild_webserverconfig'];
 		}
-		/*
-		 * adding new user
-		 */
-		elseif($row['type'] == '2')
-		{
+		// adding new user/
+		elseif ($row['type'] == '2') {
 			$loginname = '';
-			if(is_array($row['data']))
-			{
+			if (is_array($row['data'])) {
 				$loginname = $row['data']['loginname'];
 			}
 			$task_desc = $lng['tasks']['adding_customer'];
 			$task_desc = str_replace('%loginname%', $loginname, $task_desc);
 		}
-		/*
-		 * rebuilding bind-configuration
-		 */
-		elseif($row['type'] == '4')
-		{
+		// rebuilding bind-configuration
+		elseif ($row['type'] == '4') {
 			$task_desc = $lng['tasks']['rebuild_bindconfig'];
 		}
-		/*
-		 * creating ftp-user directory
-		 */
-		elseif($row['type'] == '5')
-		{
+		// creating ftp-user directory
+		elseif ($row['type'] == '5') {
 			$task_desc = $lng['tasks']['creating_ftpdir'];
 		}
-		/*
-		 * deleting user-files
-		 */
-		elseif($row['type'] == '6')
-		{
+		// deleting user-files
+		elseif ($row['type'] == '6') {
 			$loginname = '';
-			if(is_array($row['data']))
-			{
+			if (is_array($row['data'])) {
 				$loginname = $row['data']['loginname'];
 			}
 			$task_desc = $lng['tasks']['deleting_customerfiles'];
 			$task_desc = str_replace('%loginname%', $loginname, $task_desc);
 		}
-		elseif($row['type'] == '7')
-		{
+		// deleteing email-account
+		elseif ($row['type'] == '7') {
 			$task_desc = $lng['tasks']['remove_emailacc_files'];
 		}
-		/*
-		 * Set FS - quota
-		 */
-		elseif($row['type'] == '10')
-		{
+		// Set FS - quota
+		elseif ($row['type'] == '10') {
 			$task_desc = $lng['tasks']['diskspace_set_quota'];
 		}
-		else
-		{
-			$task_desc = "ERROR: Unknown task type '".$row['type'].
-			             "'";
+		// unknown
+		else {
+			$task_desc = "ERROR: Unknown task type '".$row['type']."'";
 		}

 		if($task_desc != '') {
@@ -232,50 +207,31 @@ function getOutstandingTasks()
 	}

 	$query2 = "SELECT DISTINCT `Task` FROM `".TABLE_APS_TASKS."` ORDER BY `Task` ASC";
-	$result2 = $db->query($query2);
+	$result2 = Database::query($query2);

-	while($row2 = $db->fetch_array($result2))
-	{
-		/*
-		 * install
-		 */
-		if($row2['Task'] == '1')
-		{
+	while ($row2 = $result2->fetch(PDO::FETCH_ASSOC)) {
+		// install
+		if ($row2['Task'] == '1') {
 			$task_desc = $lng['tasks']['aps_task_install'];
 		}
-		/*
-		 * remove
-		 */
-		elseif($row2['Task'] == '2')
-		{
+		// remove
+		elseif ($row2['Task'] == '2') {
 			$task_desc = $lng['tasks']['aps_task_remove'];
 		}
-		/*
-		 * reconfigure
-		 */
-		elseif($row2['Task'] == '3')
-		{
+		// reconfigure
+		elseif ($row2['Task'] == '3') {
 			$task_desc = $lng['tasks']['aps_task_reconfigure'];
 		}
-		/*
-		 * upgrade
-		 */
-		elseif($row2['Task'] == '4')
-		{
+		// upgrade
+		elseif ($row2['Task'] == '4') {
 			$task_desc = $lng['tasks']['aps_task_upgrade'];
 		}
-		/*
-		 * system update
-		 */
-		elseif($row2['Task'] == '5')
-		{
+		// system update
+		elseif ($row2['Task'] == '5') {
 			$task_desc = $lng['tasks']['aps_task_sysupdate'];
 		}
-		/*
-		 * system download
-		 */
-		elseif($row2['Task'] == '6')
-		{
+		// system download
+		elseif ($row2['Task'] == '6') {
 			$task_desc = $lng['tasks']['aps_task_sysdownload'];
 		}

@@ -284,7 +240,7 @@ function getOutstandingTasks()
 		}
 	}

-	if(trim($tasks) == '') {
+	if (trim($tasks) == '') {
 		$value .= '<li>'.$lng['tasks']['noneoutstanding'].'</li>';
 	} else {
 		$value .= $tasks;
--- a/lib/functions/froxlor/function.createAWStatsConf.php
+++ b/lib/functions/froxlor/function.createAWStatsConf.php
@@ -26,13 +26,11 @@
 * @param hostAliases
 * @return null
 */
+function createAWStatsConf($logFile, $siteDomain, $hostAliases, $customerDocroot, $awstats_params = array()) {

-function createAWStatsConf($logFile, $siteDomain, $hostAliases, $customerDocroot, $awstats_params = array())
-{
-	global $pathtophpfiles, $settings, $theme;
+	global $settings;

 	// Generation header
-
 	$header = "## GENERATED BY FROXLOR\n";
 	$header2 = "## Do not remove the line above! This tells Froxlor to update this configuration\n## If you wish to manually change this configuration file, remove the first line to make sure Froxlor won't rebuild this file\n## Generated for domain {SITE_DOMAIN} on " . date('l dS \of F Y h:i:s A') . "\n";

@@ -49,7 +47,6 @@ function createAWStatsConf($logFile, $siteDomain, $hostAliases, $customerDocroot
 	}

 	// These are the variables we will replace
-
 	$regex = array(
 		'/\{LOG_FILE\}/',
 		'/\{SITE_DOMAIN\}/',
@@ -67,9 +64,7 @@ function createAWStatsConf($logFile, $siteDomain, $hostAliases, $customerDocroot

 	// File names
 	$domain_file = makeCorrectFile($settings['system']['awstats_conf'].'/awstats.' . $siteDomain . '.conf');
-	$model_file = dirname(dirname(dirname(dirname(__FILE__))));
-	$model_file.= '/templates/misc/awstatsmodel/awstats.froxlor.model.conf';
-
+	$model_file = FROXLOR_INSTALL_DIR.'/templates/misc/awstatsmodel/awstats.froxlor.model.conf';
 	$model_file = makeCorrectFile($model_file);
 	
 	// Test if the file exists
--- a/Show More
+++ b/Show More