[wip] Passing mysql request params into array arguments for the query method (part 1)
This commit is contained in:
Emmanuel Monbroussou
parent
bc5c8f7e34
commit
262336aadb
|
|
@ -167,7 +167,7 @@ class m_action {
|
|||
return true;
|
||||
}
|
||||
$BACKUP_DIR = $arch;
|
||||
$db->query("select login from membres where uid=$cuid;");
|
||||
$db->query("select login from membres where uid= ?;", array($cuid));
|
||||
$db->next_record();
|
||||
if (!$db->Record["login"]) {
|
||||
$err->raise("action", _("Login corresponding to $cuid not found"));
|
||||
|
|
@ -183,6 +183,7 @@ class m_action {
|
|||
}
|
||||
|
||||
/**
|
||||
* @TODO: This has to be escaped
|
||||
* function inserting the action in the sql table
|
||||
*
|
||||
* @global m_mysql $db
|
||||
|
|
@ -288,7 +289,7 @@ class m_action {
|
|||
*/
|
||||
function begin($id) {
|
||||
global $db, $err;
|
||||
if (!$db->query("update actions set begin=now() where id=$id ;")) {
|
||||
if (!$db->query("update actions set begin=now() where id= ? ;", array($id))) {
|
||||
$err->raise("action", _("Error locking the action : $id"));
|
||||
return false;
|
||||
}
|
||||
|
|
@ -306,7 +307,7 @@ class m_action {
|
|||
*/
|
||||
function finish($id, $return = 0) {
|
||||
global $db, $err;
|
||||
if (!$db->query("update actions set end=now(),status='$return' where id=$id ;")) {
|
||||
if (!$db->query("update actions set end=now(),status=? where id= ?;", array($return, $id))) {
|
||||
$err->raise("action", _("Error unlocking the action : $id"));
|
||||
return false;
|
||||
}
|
||||
|
|
@ -322,7 +323,7 @@ class m_action {
|
|||
*/
|
||||
function reset_job($id) {
|
||||
global $db, $err;
|
||||
if (!$db->query("update actions set end=0,begin=0,status='' where id=$id ;")) {
|
||||
if (!$db->query("update actions set end=0,begin=0,status='' where id= ?;", array($id))) {
|
||||
$err->raise("action", _("Error unlocking the action : $id"));
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ class m_admin {
|
|||
*/
|
||||
function m_admin() {
|
||||
global $db, $cuid;
|
||||
$db->query("SELECT su FROM membres WHERE uid='$cuid';");
|
||||
$db->query("SELECT su FROM membres WHERE uid=?;", array($cuid));
|
||||
$db->next_record();
|
||||
$this->enabled = $db->f("su");
|
||||
|
||||
|
|
@ -161,7 +161,7 @@ class m_admin {
|
|||
*/
|
||||
function get_uid_by_login($login) {
|
||||
global $db;
|
||||
$db->query("SELECT uid FROM membres WHERE login='$login';");
|
||||
$db->query("SELECT uid FROM membres WHERE login= ?;", array($login));
|
||||
if (!$db->next_record()) {
|
||||
return null;
|
||||
}
|
||||
|
|
@ -177,7 +177,7 @@ class m_admin {
|
|||
*/
|
||||
function get_login_by_uid($uid) {
|
||||
global $db;
|
||||
$db->query("SELECT login FROM membres WHERE uid=$uid;");
|
||||
$db->query("SELECT login FROM membres WHERE uid= ?;", array($uid));
|
||||
if (!$db->next_record()) {
|
||||
return null;
|
||||
}
|
||||
|
|
@ -263,7 +263,7 @@ class m_admin {
|
|||
return false;
|
||||
}
|
||||
|
||||
$db->query("SELECT m.*, parent.login as parentlogin FROM membres as m LEFT JOIN membres as parent ON (parent.uid = m.creator) WHERE m.uid='$uid';");
|
||||
$db->query("SELECT m.*, parent.login as parentlogin FROM membres as m LEFT JOIN membres as parent ON (parent.uid = m.creator) WHERE m.uid= ?;", array($uid));
|
||||
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
|
|
@ -273,7 +273,7 @@ class m_admin {
|
|||
return false;
|
||||
}
|
||||
|
||||
$db->query("SELECT * FROM local WHERE uid='$uid';");
|
||||
$db->query("SELECT * FROM local WHERE uid= ?;", array($uid));
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
reset($db->Record);
|
||||
|
|
@ -282,7 +282,7 @@ class m_admin {
|
|||
}
|
||||
}
|
||||
|
||||
$db->query("SELECT count(*) as nbcreated FROM membres WHERE creator='$uid';");
|
||||
$db->query("SELECT count(*) as nbcreated FROM membres WHERE creator= ?;", array($uid));
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
reset($db->Record);
|
||||
|
|
@ -308,6 +308,7 @@ class m_admin {
|
|||
}
|
||||
|
||||
/**
|
||||
* @TODO :EM: those request should have been escaped
|
||||
* Returns the list of the hosted accounts
|
||||
*
|
||||
* Returns all what we know about ALL the accounts (contents of the tables
|
||||
|
|
@ -490,7 +491,7 @@ class m_admin {
|
|||
if ($cuid == 2000) {
|
||||
return true;
|
||||
}
|
||||
$db->query("SELECT creator FROM membres WHERE uid='$uid';");
|
||||
$db->query("SELECT creator FROM membres WHERE uid= ?;", array($uid));
|
||||
$db->next_record();
|
||||
if ($db->Record["creator"] != $cuid) {
|
||||
$err->raise("admin", _("-- Only administrators can access this page! --"));
|
||||
|
|
@ -619,9 +620,8 @@ class m_admin {
|
|||
}
|
||||
$pass = _md5cr($pass);
|
||||
$db = new DB_System();
|
||||
$notes = mysql_real_escape_string($notes);
|
||||
// Already exist?
|
||||
$db->query("SELECT count(*) AS cnt FROM membres WHERE login='$login';");
|
||||
$db->query("SELECT count(*) AS cnt FROM membres WHERE login= ?;", array($login));
|
||||
$db->next_record();
|
||||
if (!$db->f("cnt")) {
|
||||
$db->query("SELECT max(m.uid)+1 as nextid FROM membres m");
|
||||
|
|
@ -633,8 +633,8 @@ class m_admin {
|
|||
$uid = 2000;
|
||||
}
|
||||
}
|
||||
$db->query("INSERT INTO membres (uid,login,pass,mail,creator,canpass,type,created,notes,db_server_id) VALUES ('$uid','$login','$pass','$mail','$cuid','$canpass', '$type', NOW(), '$notes', '$db_server_id');");
|
||||
$db->query("INSERT INTO local(uid,nom,prenom) VALUES('$uid','$nom','$prenom');");
|
||||
$db->query("INSERT INTO membres (uid,login,pass,mail,creator,canpass,type,created,notes,db_server_id) VALUES (?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?);", array($uid, $login, $pass, $mail, $cuid, $canpass, $type, $notes, $db_server_id));
|
||||
$db->query("INSERT INTO local(uid,nom,prenom) VALUES(?, ?, ?);", array($uid, $nom, $prenom));
|
||||
$this->renew_update($uid, $duration);
|
||||
$action->create_dir(getuserpath("$login"));
|
||||
$action->fix_user($uid);
|
||||
|
|
@ -683,7 +683,7 @@ class m_admin {
|
|||
return false;
|
||||
}
|
||||
$db = new DB_System();
|
||||
if (!$db->query("SELECT m.*, parent.login as parentlogin FROM membres m LEFT JOIN membres parent ON parent.uid=m.creator WHERE m.uid='$cuid'")) {
|
||||
if (!$db->query("SELECT m.*, parent.login as parentlogin FROM membres m LEFT JOIN membres parent ON parent.uid=m.creator WHERE m.uid= ?", array($cuid))) {
|
||||
$err->raise("admin", sprintf(_("query failed: %s "), $db->Error));
|
||||
return false;
|
||||
}
|
||||
|
|
@ -760,6 +760,7 @@ EOF;
|
|||
return false;
|
||||
}
|
||||
$db = new DB_System();
|
||||
// @TODO:EM: this has to be escaped
|
||||
if ($pass) {
|
||||
$pass = _md5cr($pass);
|
||||
$ssq = " ,pass='$pass' ";
|
||||
|
|
@ -769,7 +770,14 @@ EOF;
|
|||
|
||||
$old_mem = $this->get($uid);
|
||||
|
||||
if (($db->query("UPDATE local SET nom='$nom', prenom='$prenom' WHERE uid='$uid';")) && ($db->query("UPDATE membres SET mail='$mail', canpass='$canpass', enabled='$enabled', `type`='$type', notes='$notes' $ssq WHERE uid='$uid';"))) {
|
||||
if(
|
||||
($db->query(
|
||||
"UPDATE local SET nom= ?, prenom= ? WHERE uid=?;",
|
||||
array($nom, $prenom, $uid)
|
||||
)) &&
|
||||
($db->query(
|
||||
"UPDATE membres SET mail= ?, canpass= ?, enabled= ?, `type`= ?, notes= ? $ssq WHERE uid= ?;",
|
||||
array($mail, $canpass, $enabled, $type, $notes, $uid)))) {
|
||||
if ($reset_quotas == "on" || $type != $old_mem['type']) {
|
||||
$quota->addquotas();
|
||||
$quota->synchronise_user_profile();
|
||||
|
|
@ -800,7 +808,7 @@ EOF;
|
|||
return false;
|
||||
}
|
||||
$db = new DB_System();
|
||||
if ($db->query("UPDATE membres SET enabled='0' WHERE uid='$uid';")) {
|
||||
if ($db->query("UPDATE membres SET enabled='0' WHERE uid= ?;", array($uid))) {
|
||||
return true;
|
||||
} else {
|
||||
$err->raise("admin", _("Account not found"));
|
||||
|
|
@ -827,7 +835,7 @@ EOF;
|
|||
return false;
|
||||
}
|
||||
$db = new DB_System();
|
||||
if ($db->query("UPDATE membres SET enabled='1' WHERE uid='$uid';")) {
|
||||
if ($db->query("UPDATE membres SET enabled='1' WHERE uid= ?;", array($uid))) {
|
||||
return true;
|
||||
} else {
|
||||
$err->raise("admin", _("Account not found"));
|
||||
|
|
@ -876,11 +884,11 @@ EOF;
|
|||
$hooks->invoke("alternc_del_member");
|
||||
$hooks->invoke("hook_admin_del_member");
|
||||
|
||||
if (($db->query("DELETE FROM membres WHERE uid='$uid';")) &&
|
||||
($db->query("DELETE FROM local WHERE uid='$uid';"))) {
|
||||
if (($db->query("DELETE FROM membres WHERE uid= ?;", array($uid))) &&
|
||||
($db->query("DELETE FROM local WHERE uid= ?;", array($uid)))) {
|
||||
$mem->unsu();
|
||||
// If this user was (one day) an administrator one, he may have a list of his own accounts. Let's associate those accounts to nobody as a creator.
|
||||
$db->query("UPDATE membres SET creator=2000 WHERE creator='$uid';");
|
||||
$db->query("UPDATE membres SET creator=2000 WHERE creator= ?;", array($uid));
|
||||
return true;
|
||||
} else {
|
||||
$err->raise("admin", _("Account not found"));
|
||||
|
|
@ -907,8 +915,7 @@ EOF;
|
|||
if ($periods == 0) {
|
||||
return false;
|
||||
}
|
||||
$query = "UPDATE membres SET renewed = renewed + INTERVAL (duration * $periods) MONTH WHERE uid=${uid};";
|
||||
if ($db->query($query)) {
|
||||
if ($db->query("UPDATE membres SET renewed = renewed + INTERVAL (duration * ?) MONTH WHERE uid= ?;", array($periods, $uid))) {
|
||||
return true;
|
||||
} else {
|
||||
$err->raise("admin", _("Account not found"));
|
||||
|
|
@ -929,12 +936,12 @@ EOF;
|
|||
global $err, $db;
|
||||
|
||||
if ($duration == 0) {
|
||||
if ($db->query("UPDATE membres SET duration = NULL, renewed = NULL WHERE uid=$uid;")) {
|
||||
if ($db->query("UPDATE membres SET duration = NULL, renewed = NULL WHERE uid= ?;", array($uid))) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
if ($db->query("UPDATE membres SET duration = $duration WHERE uid=$uid") &&
|
||||
$db->query("UPDATE membres SET renewed = NOW() WHERE uid=$uid and renewed is null;")) {
|
||||
if ($db->query("UPDATE membres SET duration = ? WHERE uid= ?", array($duration, $uid)) &&
|
||||
$db->query("UPDATE membres SET renewed = NOW() WHERE uid= ? and renewed is null;", array($uid))) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -1015,7 +1022,7 @@ EOF;
|
|||
*/
|
||||
function normal2su($uid) {
|
||||
global $err, $db;
|
||||
$db->query("SELECT su FROM membres WHERE uid='$uid';");
|
||||
$db->query("SELECT su FROM membres WHERE uid= ?;", array($uid));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise("admin", _("Account not found"));
|
||||
return false;
|
||||
|
|
@ -1024,7 +1031,7 @@ EOF;
|
|||
$err->raise("admin", _("This account is ALREADY an administrator account"));
|
||||
return false;
|
||||
}
|
||||
$db->query("UPDATE membres SET su=1 WHERE uid='$uid';");
|
||||
$db->query("UPDATE membres SET su=1 WHERE uid= ?;", array($uid));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1038,7 +1045,7 @@ EOF;
|
|||
*/
|
||||
function su2normal($uid) {
|
||||
global $err, $db;
|
||||
$db->query("SELECT su FROM membres WHERE uid='$uid';");
|
||||
$db->query("SELECT su FROM membres WHERE uid= ?;", array($uid));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise("admin", _("Account not found"));
|
||||
return false;
|
||||
|
|
@ -1047,7 +1054,7 @@ EOF;
|
|||
$err->raise("admin", _("This account is NOT an administrator account!"));
|
||||
return false;
|
||||
}
|
||||
$db->query("UPDATE membres SET su=0 WHERE uid='$uid';");
|
||||
$db->query("UPDATE membres SET su=0 WHERE uid= ?;", array($uid));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1098,6 +1105,7 @@ EOF;
|
|||
}
|
||||
}
|
||||
|
||||
// @TODO:EM: this has to be escaped
|
||||
$filter=($hosting_tld=variable_get("hosting_tld")) ? " WHERE domaine not like '%.$hosting_tld'" : "";
|
||||
$db->query("SELECT m.uid,m.login,d.domaine,d.gesdns,d.gesmx,d.noerase FROM domaines d LEFT JOIN membres m ON m.uid=d.compte $filter ORDER BY domaine;");
|
||||
$c = array();
|
||||
|
|
@ -1126,6 +1134,7 @@ EOF;
|
|||
global $db, $L_NS1, $L_NS2, $L_MX, $L_PUBLIC_IP;
|
||||
$checked = array();
|
||||
|
||||
// @TODO:EM: this has to be escaped
|
||||
$filter=($hosting_tld=variable_get("hosting_tld")) ? " WHERE domaine not like '%.$hosting_tld'" : "";
|
||||
$db->query("SELECT * FROM domaines $filter ORDER BY domaine");
|
||||
$dl = array();
|
||||
|
|
@ -1173,7 +1182,7 @@ EOF;
|
|||
}
|
||||
|
||||
// We list all subdomains and check they are pointing to us.
|
||||
$db->query("SELECT * FROM sub_domaines WHERE domaine='" . addslashes($c["domaine"]) . "' ORDER BY sub;");
|
||||
$db->query("SELECT * FROM sub_domaines WHERE domaine=? ORDER BY sub;", array($c["domaine"]));
|
||||
while ($db->next_record()) {
|
||||
$d = $db->Record;
|
||||
if ($d["type"] == 'VHOST') {
|
||||
|
|
@ -1216,12 +1225,12 @@ EOF;
|
|||
*/
|
||||
function dom_lock($domain) {
|
||||
global $db, $err;
|
||||
$db->query("SELECT compte FROM domaines WHERE domaine='$domain';");
|
||||
$db->query("SELECT compte FROM domaines WHERE domaine= ?;", array($domain));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise("dom", _("Domain '%s' not found."), $domain);
|
||||
return false;
|
||||
}
|
||||
$db->query("UPDATE domaines SET noerase=1-noerase WHERE domaine='$domain';");
|
||||
$db->query("UPDATE domaines SET noerase=1-noerase WHERE domaine= ?;", array($domain));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1235,7 +1244,7 @@ EOF;
|
|||
*/
|
||||
function gettld($tld) {
|
||||
global $db, $err;
|
||||
$db->query("SELECT mode FROM tld WHERE tld='$tld';");
|
||||
$db->query("SELECT mode FROM tld WHERE tld= ?;", array($tld));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise("admin", _("This TLD does not exist"));
|
||||
return false;
|
||||
|
|
@ -1271,12 +1280,12 @@ EOF;
|
|||
*/
|
||||
function deltld($tld) {
|
||||
global $db, $err;
|
||||
$db->query("SELECT tld FROM tld WHERE tld='$tld';");
|
||||
$db->query("SELECT tld FROM tld WHERE tld= ?;", array($tld));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise("admin", _("This TLD does not exist"));
|
||||
return false;
|
||||
}
|
||||
$db->query("DELETE FROM tld WHERE tld='$tld';");
|
||||
$db->query("DELETE FROM tld WHERE tld= ?;", array($tld));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1303,7 +1312,7 @@ EOF;
|
|||
}
|
||||
$tld = trim($tld);
|
||||
|
||||
$db->query("SELECT tld FROM tld WHERE tld='$tld';");
|
||||
$db->query("SELECT tld FROM tld WHERE tld= ?;", array($tld));
|
||||
if ($db->next_record()) {
|
||||
$err->raise("admin", _("This TLD already exist"));
|
||||
return false;
|
||||
|
|
@ -1315,7 +1324,7 @@ EOF;
|
|||
if ($mode == 0) {
|
||||
$mode = "0";
|
||||
}
|
||||
$db->query("INSERT INTO tld (tld,mode) VALUES ('$tld','$mode');");
|
||||
$db->query("INSERT INTO tld (tld,mode) VALUES (?,?);", array($tld, $mode));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1332,7 +1341,7 @@ EOF;
|
|||
*/
|
||||
function edittld($tld, $mode) {
|
||||
global $db, $err;
|
||||
$db->query("SELECT tld FROM tld WHERE tld='$tld';");
|
||||
$db->query("SELECT tld FROM tld WHERE tld= ?;", array($tld));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise("admin", _("This TLD does not exist"));
|
||||
return false;
|
||||
|
|
@ -1341,7 +1350,7 @@ EOF;
|
|||
if ($mode == 0) {
|
||||
$mode = "0";
|
||||
}
|
||||
$db->query("UPDATE tld SET mode='$mode' WHERE tld='$tld';");
|
||||
$db->query("UPDATE tld SET mode= ? WHERE tld= ?;", array($mode, $tld));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1384,7 +1393,7 @@ EOF;
|
|||
foreach ($tmp2 as $k => $v) {
|
||||
if (!isset($tmp1[$k])) {
|
||||
// Default policy :
|
||||
$db->query("INSERT INTO policy SET name='" . addslashes($k) . "', minsize=0, maxsize=64, classcount=0, allowlogin=0;");
|
||||
$db->query("INSERT INTO policy SET name= ?, minsize=0, maxsize=64, classcount=0, allowlogin=0;", array($k));
|
||||
$tmp1[$k] = array(
|
||||
"minsize" => 0, "maxsize" => 64, "classcount" => 0, "allowlogin" => 0
|
||||
);
|
||||
|
|
@ -1395,7 +1404,7 @@ EOF;
|
|||
}
|
||||
foreach ($tmp1 as $k => $v) {
|
||||
// Delete disabled modules :
|
||||
$db->query("DELETE FROM policy WHERE name='" . addslashes($k) . "';");
|
||||
$db->query("DELETE FROM policy WHERE name= ?;", array($k));
|
||||
}
|
||||
return $policies;
|
||||
}
|
||||
|
|
@ -1418,7 +1427,7 @@ EOF;
|
|||
$classcount = intval($classcount);
|
||||
$allowlogin = intval($allowlogin);
|
||||
|
||||
$db->query("SELECT * FROM policy WHERE name='" . addslashes($policy) . "';");
|
||||
$db->query("SELECT * FROM policy WHERE name= ?;", array($policy));
|
||||
if (!$db->next_record()) {
|
||||
return false; // Policy not found
|
||||
}
|
||||
|
|
@ -1426,7 +1435,7 @@ EOF;
|
|||
return false; // Incorrect policy ...
|
||||
}
|
||||
$allowlogin = ($allowlogin) ? 1 : 0;
|
||||
$db->query("UPDATE policy SET minsize=$minsize, maxsize=$maxsize, classcount=$classcount, allowlogin=$allowlogin WHERE name='" . addslashes($policy) . "';");
|
||||
$db->query("UPDATE policy SET minsize= ?, maxsize= ?, classcount= ?, allowlogin= ? WHERE name= ?;", array($minsize, $maxsize, $classcount, $allowlogin, $policy));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ class m_authip {
|
|||
}
|
||||
|
||||
$r = array();
|
||||
$db->query("SELECT * FROM authorised_ip WHERE uid='$cuid' order by ip,subnet;");
|
||||
$db->query("SELECT * FROM authorised_ip WHERE uid= ? order by ip,subnet;", array($cuid));
|
||||
while ($db->next_record()) {
|
||||
$r[$db->f('id')] = $db->Record;
|
||||
if ((checkip($db->f('ip')) && $db->f('subnet') == 32) ||
|
||||
|
|
@ -105,11 +105,11 @@ class m_authip {
|
|||
global $db, $cuid;
|
||||
$id = intval($id);
|
||||
|
||||
$db->query("SELECT id FROM authorised_ip_affected where authorised_ip_id ='$id';");
|
||||
$db->query("SELECT id FROM authorised_ip_affected where authorised_ip_id = ?;", array($id));
|
||||
while ($db->next_record()) {
|
||||
$this->ip_affected_delete($db->f('id'));
|
||||
}
|
||||
if (!$db->query("delete from authorised_ip where id='$id' and ( uid='$cuid' or uid=0) limit 1;")) {
|
||||
if (!$db->query("delete from authorised_ip where id= ? and ( uid= ? or uid=0) limit 1;", array($id, $cuid))) {
|
||||
echo "query failed: " . $db->Error;
|
||||
return false;
|
||||
}
|
||||
|
|
@ -127,7 +127,7 @@ class m_authip {
|
|||
*/
|
||||
function get_allowed($s) {
|
||||
global $db, $cuid;
|
||||
if (!$db->query("select ai.ip, ai.subnet, ai.infos, aia.parameters from authorised_ip ai, authorised_ip_affected aia where aia.protocol='$s' and aia.authorised_ip_id = ai.id and ai.uid='$cuid';")) {
|
||||
if (!$db->query("select ai.ip, ai.subnet, ai.infos, aia.parameters from authorised_ip ai, authorised_ip_affected aia where aia.protocol= ? and aia.authorised_ip_id = ai.id and ai.uid= ?;", array($s, $cuid))) {
|
||||
echo "query failed: " . $db->Error;
|
||||
return false;
|
||||
}
|
||||
|
|
@ -249,7 +249,7 @@ class m_authip {
|
|||
foreach ($list_affected as $k => $v) {
|
||||
$this->call_hooks("authip_on_delete", $k);
|
||||
}
|
||||
if (!$db->query("update authorised_ip set ip='$ip', subnet='$subnet', infos='$infos' where id='$id' and uid='$cuid' ;")) {
|
||||
if (!$db->query("update authorised_ip set ip= ?, subnet= ?, infos= ? where id= ? and uid=? ;", array($id, $subnetn $infos, $id, $cuid)) {
|
||||
echo "query failed: " . $db->Error;
|
||||
return false;
|
||||
}
|
||||
|
|
@ -257,7 +257,7 @@ class m_authip {
|
|||
$this->call_hooks("authip_on_create", $k);
|
||||
}
|
||||
} else { // Insert
|
||||
if (!$db->query("insert into authorised_ip (uid, ip, subnet, infos) values ('$cuid', '$ip', '$subnet', '$infos' );")) {
|
||||
if (!$db->query("insert into authorised_ip (uid, ip, subnet, infos) values (?, ?, ?, ?);", array($cuid, $ip, $subnet, $infos))) {
|
||||
echo "query failed: " . $db->Error;
|
||||
return false;
|
||||
}
|
||||
|
|
@ -274,7 +274,7 @@ class m_authip {
|
|||
*/
|
||||
function alternc_del_member() {
|
||||
global $cuid, $db;
|
||||
$db->query("SELECT id FROM authorised_ip WHERE uid ='$cuid';");
|
||||
$db->query("SELECT id FROM authorised_ip WHERE uid = ?;", array($cuid));
|
||||
while ($db->next_record()) {
|
||||
$this->ip_delete($db->f('id'));
|
||||
}
|
||||
|
|
@ -315,23 +315,21 @@ class m_authip {
|
|||
function ip_affected_save($authorised_ip_id, $protocol, $parameters, $id = null) {
|
||||
global $db;
|
||||
$authorised_ip_id = intval($authorised_ip_id);
|
||||
$protocol = mysql_real_escape_string($protocol);
|
||||
$parameters = mysql_real_escape_string($parameters);
|
||||
|
||||
if ($id) {
|
||||
$id = intval($id);
|
||||
$this->call_hooks("authip_on_delete", $id);
|
||||
if (!$db->query("update authorised_ip_affected set authorised_ip_id='$authorised_ip_id', protocol='$protocol', parameters='$parameters' where id ='$id' limit 1;")) {
|
||||
if (!$db->query("update authorised_ip_affected set authorised_ip_id= ?, protocol= ?, parameters= ? where id = ? limit 1;", array($authorised_ip_id, $protocol, $parameters, $id))) {
|
||||
echo "query failed: " . $db->Error;
|
||||
return false;
|
||||
}
|
||||
$this->call_hooks("authip_on_create", $id);
|
||||
} else {
|
||||
if (!$db->query("insert into authorised_ip_affected (authorised_ip_id, protocol, parameters) values ('$authorised_ip_id', '$protocol', '$parameters');")) {
|
||||
if (!$db->query("insert into authorised_ip_affected (authorised_ip_id, protocol, parameters) values (?, ?, ?);", array($authorised_ip_id, $protocol, $parameters))) {
|
||||
echo "query failed: " . $db->Error;
|
||||
return false;
|
||||
}
|
||||
$this->call_hooks("authip_on_create", mysql_insert_id());
|
||||
$this->call_hooks("authip_on_create", PDO::lastInsertId()); // @TODO:EM: To test
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
|
@ -352,7 +350,7 @@ class m_authip {
|
|||
// Call hooks
|
||||
$this->call_hooks("authip_on_delete", $id);
|
||||
|
||||
if (!$db->query("delete from authorised_ip_affected where id='$id' limit 1;")) {
|
||||
if (!$db->query("delete from authorised_ip_affected where id= ? limit 1;", array($id))) {
|
||||
echo "query failed: " . $db->Error;
|
||||
return false;
|
||||
}
|
||||
|
|
@ -408,9 +406,9 @@ class m_authip {
|
|||
|
||||
$r = array();
|
||||
if (is_null($ip_id)) {
|
||||
$db->query("select aia.* from authorised_ip_affected aia, authorised_ip ai where ai.uid='$cuid' and aia.authorised_ip_id = ai.id order by protocol, parameters;");
|
||||
$db->query("select aia.* from authorised_ip_affected aia, authorised_ip ai where ai.uid= ? and aia.authorised_ip_id = ai.id order by protocol, parameters;", array($cuid));
|
||||
} else {
|
||||
$db->query("select aia.* from authorised_ip_affected aia, authorised_ip ai where ai.uid='$cuid' and aia.authorised_ip_id = '" . intval($ip_id) . "' order by protocol, parameters;");
|
||||
$db->query("select aia.* from authorised_ip_affected aia, authorised_ip ai where ai.uid= ? and aia.authorised_ip_id = ? order by protocol, parameters;", array($cuid, intval($ip_id)));
|
||||
}
|
||||
while ($db->next_record()) {
|
||||
$r[$db->f('id')] = $db->Record;
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ class m_bro {
|
|||
*/
|
||||
function filelist($dir = "", $showdirsize = false) {
|
||||
global $db, $cuid, $err;
|
||||
$db->query("UPDATE browser SET lastdir='$dir' WHERE uid='$cuid';");
|
||||
$db->query("UPDATE browser SET lastdir= ? WHERE uid= ?;", array($dir, $cuid));
|
||||
$absolute = $this->convertabsolute($dir, false);
|
||||
if (!$absolute || !file_exists($absolute)) {
|
||||
$err->raise('bro', _("This directory does not exist."));
|
||||
|
|
@ -235,10 +235,10 @@ class m_bro {
|
|||
*/
|
||||
function GetPrefs() {
|
||||
global $db, $cuid;
|
||||
$db->query("SELECT * FROM browser WHERE uid='$cuid';");
|
||||
$db->query("SELECT * FROM browser WHERE uid= ?;", array($cuid));
|
||||
if ($db->num_rows() == 0) {
|
||||
$db->query("INSERT INTO browser (editsizex, editsizey, listmode, showicons, downfmt, createfile, showtype, uid, editor_font, editor_size) VALUES (70, 21, 0, 0, 0, 0, 0, '$cuid','Arial, Helvetica, Sans-serif','12px');");
|
||||
$db->query("SELECT * FROM browser WHERE uid='$cuid';");
|
||||
$db->query("INSERT INTO browser (editsizex, editsizey, listmode, showicons, downfmt, createfile, showtype, uid, editor_font, editor_size) VALUES (70, 21, 0, 0, 0, 0, 0, ?,'Arial, Helvetica, Sans-serif','12px');", array($cuid));
|
||||
$db->query("SELECT * FROM browser WHERE uid= ?;", array($cuid));
|
||||
}
|
||||
$db->next_record();
|
||||
return $db->Record;
|
||||
|
|
@ -271,11 +271,11 @@ class m_bro {
|
|||
$downfmt = intval($downfmt);
|
||||
$createfile = intval($createfile);
|
||||
$golastdir = intval($golastdir);
|
||||
$db->query("SELECT * FROM browser WHERE uid='" . intval($cuid) . "';");
|
||||
$db->query("SELECT * FROM browser WHERE uid= ?;", array(intval($cuid)));
|
||||
if ($db->num_rows() == 0) {
|
||||
$db->query("INSERT INTO browser (editsizex, editsizey, listmode, showicons, downfmt, createfile, showtype, uid, editor_font, editor_size, golastdir) VALUES (70, 21, 0, 0, 0, 0, 0, '" . intval($cuid) . "','Arial, Helvetica, Sans-serif','12px',1);");
|
||||
$db->query("INSERT INTO browser (editsizex, editsizey, listmode, showicons, downfmt, createfile, showtype, uid, editor_font, editor_size, golastdir) VALUES (70, 21, 0, 0, 0, 0, 0, ?,'Arial, Helvetica, Sans-serif','12px',1);", array(intval($cuid)));
|
||||
}
|
||||
$db->query("UPDATE browser SET editsizex='$editsizex', editsizey='$editsizey', listmode='$listmode', showicons='$showicons', downfmt='$downfmt', createfile='$createfile', showtype='$showtype', editor_font='$editor_font', editor_size='$editor_size', golastdir='$golastdir' WHERE uid='" . intval($cuid) . "';");
|
||||
$db->query("UPDATE browser SET editsizex= ?, editsizey= ?, listmode= ?, showicons= ?, downfmt= ?, createfile= ?, showtype= ?, editor_font= ?, editor_size= e, golastdir= ? WHERE uid= ?;", array($editsizex, $editsizey, $downfmt, $createfile, $showtype, $editor_font, $editor_size, $golastdir, intval($cuid)));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -402,7 +402,7 @@ class m_bro {
|
|||
$err->raise("bro", _("Cannot create the requested directory. Please check the permissions"));
|
||||
return false;
|
||||
}
|
||||
$db->query("UPDATE browser SET crff=1 WHERE uid='$cuid';");
|
||||
$db->query("UPDATE browser SET crff=1 WHERE uid= ?;", array($cuid));
|
||||
return true;
|
||||
} else {
|
||||
$err->raise("bro", _("File or folder name is incorrect"));
|
||||
|
|
@ -434,7 +434,7 @@ class m_bro {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
$db->query("UPDATE browser SET crff=0 WHERE uid='$cuid';");
|
||||
$db->query("UPDATE browser SET crff=0 WHERE uid= ?;", array($cuid));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -839,8 +839,8 @@ class m_bro {
|
|||
$beg = $dir;
|
||||
$tofind = true;
|
||||
while ($tofind) {
|
||||
$db->query("SELECT sub,domaine FROM sub_domaines WHERE compte='$cuid'
|
||||
AND type=0 AND (valeur='/$beg/' or valeur='/$beg');");
|
||||
// @TODO:EM: be careful with this one!
|
||||
$db->query("SELECT sub,domaine FROM sub_domaines WHERE compte= ? AND type=0 AND (valeur= ? or valeur= ?);", array($cuid, "/".$beg."/", "/".$beg));
|
||||
$db->next_record();
|
||||
if ($db->num_rows()) {
|
||||
$tofind = false;
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ class m_cron {
|
|||
function lst_cron() {
|
||||
global $cuid, $db, $err;
|
||||
$err->log("cron", "lst_cron");
|
||||
$db->query("SELECT * FROM cron WHERE uid = $cuid ORDER BY url;");
|
||||
$db->query("SELECT * FROM cron WHERE uid = ? ORDER BY url;", array($cuid));
|
||||
$r = Array();
|
||||
while ($db->next_record()) {
|
||||
$tmp = Array();
|
||||
|
|
@ -114,7 +114,7 @@ class m_cron {
|
|||
function delete_one($id) {
|
||||
global $db, $err, $cuid;
|
||||
$err->log("cron", "delete_one");
|
||||
return $db->query("DELETE FROM cron WHERE id=" . intval($id) . " AND uid=$cuid LIMIT 1;");
|
||||
return $db->query("DELETE FROM cron WHERE id= ? AND uid= ? LIMIT 1;", array(intval($id), $cuid));
|
||||
}
|
||||
|
||||
/* --------------------------------------------------------------------------- */
|
||||
|
|
@ -159,7 +159,7 @@ class m_cron {
|
|||
return false;
|
||||
}
|
||||
} else { // if not a new insert, check the $cuid
|
||||
$db->query("SELECT uid FROM cron WHERE id = $id;");
|
||||
$db->query("SELECT uid FROM cron WHERE id = ? ;", array($id));
|
||||
if (!$db->next_record()) {
|
||||
return "false";
|
||||
} // return false if pb
|
||||
|
|
@ -168,8 +168,7 @@ class m_cron {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
$query = "REPLACE INTO cron (id, uid, url, user, password, schedule, email) VALUES ('$id', '$cuid', '$url', '$user', '$password', '$schedule', '$email') ;";
|
||||
return $db->query("$query");
|
||||
return $db->query("REPLACE INTO cron (id, uid, url, user, password, schedule, email) VALUES (?, ?, ?, ?, ?, ?, ?) ;" , array($id, $cuid, $url, $user, $password, $schedule, $email));
|
||||
}
|
||||
|
||||
/* --------------------------------------------------------------------------- */
|
||||
|
|
@ -200,7 +199,7 @@ class m_cron {
|
|||
global $cuid, $db, $err;
|
||||
$err->log("cron", "alternc_get_quota");
|
||||
$q = Array("name" => "cron", "description" => _("Scheduled tasks"), "used" => 0);
|
||||
$db->query("select count(*) as cnt from cron where uid = $cuid;");
|
||||
$db->query("select count(*) as cnt from cron where uid = ? ;", array($cuid));
|
||||
if ($db->next_record()) {
|
||||
$q['used'] = $db->f('cnt');
|
||||
}
|
||||
|
|
@ -277,7 +276,7 @@ class m_cron {
|
|||
}
|
||||
}
|
||||
// now schedule it for next run:
|
||||
$db->query("UPDATE cron SET next_execution=FROM_UNIXTIME( UNIX_TIMESTAMP(NOW()) + schedule * 60) WHERE id=$id");
|
||||
$db->query("UPDATE cron SET next_execution=FROM_UNIXTIME( UNIX_TIMESTAMP(NOW()) + schedule * 60) WHERE id= ?", array($id));
|
||||
}
|
||||
|
||||
/* --------------------------------------------------------------------------- */
|
||||
|
|
|
|||
|
|
@ -107,8 +107,7 @@ class m_dom {
|
|||
public static function get_sub_domain_id_and_member_by_name($fqdn) {
|
||||
global $db, $err;
|
||||
$err->log("dom", "get_sub_domain_by_name");
|
||||
$fqdn = mysql_real_escape_string($fqdn);
|
||||
$db->query("select sd.* from sub_domaines sd where if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine) = '$fqdn';");
|
||||
$db->query("select sd.* from sub_domaines sd where if(length(sd.sub)>0,concat_ws('.',sd.sub,sd.domaine),sd.domaine) = ?;", array($fqdn));
|
||||
if (!$db->next_record()) {
|
||||
return false;
|
||||
}
|
||||
|
|
@ -199,7 +198,7 @@ class m_dom {
|
|||
}
|
||||
return $r;
|
||||
} else {
|
||||
$db->query("select target from domaines_type where name='$type';");
|
||||
$db->query("select target from domaines_type where name= ? ;", array($type));
|
||||
if (!$db->next_record()) {
|
||||
return false;
|
||||
}
|
||||
|
|
@ -521,24 +520,21 @@ class m_dom {
|
|||
|
||||
function domains_type_regenerate($name) {
|
||||
global $db, $err, $cuid;
|
||||
$name = mysql_real_escape_string($name);
|
||||
$db->query("update sub_domaines set web_action='UPDATE' where lower(type) = lower('$name') ;");
|
||||
$db->query("update domaines d, sub_domaines sd set d.dns_action = 'UPDATE' where lower(sd.type)=lower('$name');");
|
||||
$db->query("update sub_domaines set web_action='UPDATE' where lower(type) = lower(?) ;", array($name));
|
||||
$db->query("update domaines d, sub_domaines sd set d.dns_action = 'UPDATE' where lower(sd.type)=lower(?);", array($name));
|
||||
return true;
|
||||
}
|
||||
|
||||
function domains_type_get($name) {
|
||||
global $db;
|
||||
$name = mysql_real_escape_string($name);
|
||||
$db->query("select * from domaines_type where name='$name' ;");
|
||||
$db->query("select * from domaines_type where name= ?;", array($name));
|
||||
$db->next_record();
|
||||
return $db->Record;
|
||||
}
|
||||
|
||||
function domains_type_del($name) {
|
||||
global $db;
|
||||
$name = mysql_real_escape_string($name);
|
||||
$db->query("delete domaines_type where name='$name';");
|
||||
$db->query("delete domaines_type where name= ? ;", array($name));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -549,18 +545,12 @@ class m_dom {
|
|||
$err->raise("dom", _("The name MUST contain only letter and digits"));
|
||||
return false;
|
||||
}
|
||||
$name = mysql_real_escape_string($name);
|
||||
$description = mysql_real_escape_string($description);
|
||||
$target = mysql_real_escape_string($target);
|
||||
$entry = mysql_real_escape_string($entry);
|
||||
$compatibility = mysql_real_escape_string($compatibility);
|
||||
$enable = mysql_real_escape_string($enable);
|
||||
$only_dns = intval($only_dns);
|
||||
$need_dns = intval($need_dns);
|
||||
$advanced = intval($advanced);
|
||||
$create_tmpdir = intval($create_tmpdir);
|
||||
$create_targetdir = intval($create_targetdir);
|
||||
$db->query("UPDATE domaines_type SET description='$description', target='$target', entry='$entry', compatibility='$compatibility', enable='$enable', need_dns=$need_dns, only_dns=$only_dns, advanced='$advanced',create_tmpdir=$create_tmpdir,create_targetdir=$create_targetdir where name='$name';");
|
||||
$db->query("UPDATE domaines_type SET description= ?, target= ?, entry= ?, compatibility= ?, enable= e, need_dns= ?, only_dns= ?, advanced= ?,create_tmpdir= ?,create_targetdir= ? where name= ?;", array($description, $target, $entry, $compatibility, $enable, $need_dns, $only_dns, $advanced, $create_tmpdir, $create_targetdir, $name));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -581,7 +571,7 @@ class m_dom {
|
|||
}
|
||||
}
|
||||
|
||||
$db->query("update sub_domaines set enable='$status' where id = '" . intval($sub_id) . "';");
|
||||
$db->query("update sub_domaines set enable= ? where id = ? ;", array($status, intval($sub_id)));
|
||||
$this->set_dns_action($jh['domain'], 'UPDATE');
|
||||
|
||||
return true;
|
||||
|
|
@ -603,7 +593,7 @@ class m_dom {
|
|||
if ($uid == -1) {
|
||||
$uid = $cuid;
|
||||
}
|
||||
$db->query("SELECT * FROM domaines WHERE compte='{$uid}' ORDER BY domaine ASC;");
|
||||
$db->query("SELECT * FROM domaines WHERE compte= ? ORDER BY domaine ASC;", array($uid));
|
||||
$this->domains = array();
|
||||
if ($db->num_rows() > 0) {
|
||||
while ($db->next_record()) {
|
||||
|
|
@ -617,7 +607,7 @@ class m_dom {
|
|||
global $db, $err, $classes, $cuid;
|
||||
$err->log("dom", "del_domaini_canl", $dom);
|
||||
$dom = strtolower($dom);
|
||||
$db->query("UPDATE sub_domaines SET web_action='UPDATE' WHERE domaine='$dom';");
|
||||
$db->query("UPDATE sub_domaines SET web_action='UPDATE' WHERE domaine= ?;", array($dom));
|
||||
$this->set_dns_action($dom, 'UPDATE');
|
||||
# TODO : some work with domain sensitive classes
|
||||
return true;
|
||||
|
|
@ -656,7 +646,7 @@ class m_dom {
|
|||
$hooks->invoke("hook_dom_del_mx_domain", array($r["id"]));
|
||||
|
||||
// Now mark the domain for deletion:
|
||||
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine='$dom';");
|
||||
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine= ?;", array($dom));
|
||||
$this->set_dns_action($dom, 'DELETE');
|
||||
|
||||
return true;
|
||||
|
|
@ -704,7 +694,7 @@ class m_dom {
|
|||
return false;
|
||||
}
|
||||
// Interdit les domaines clés (table forbidden_domains) sauf en cas FORCE
|
||||
$db->query("SELECT domain FROM forbidden_domains WHERE domain='$domain'");
|
||||
$db->query("SELECT domain FROM forbidden_domains WHERE domain= ? ;", array($domain));
|
||||
if ($db->num_rows() && !$force) {
|
||||
$err->raise("dom", _("The requested domain is forbidden in this server, please contact the administrator"));
|
||||
return false;
|
||||
|
|
@ -713,12 +703,12 @@ class m_dom {
|
|||
$err->raise("dom", _("This domain is the server's domain! You cannot host it on your account!"));
|
||||
return false;
|
||||
}
|
||||
$db->query("SELECT compte FROM domaines WHERE domaine='$domain';");
|
||||
$db->query("SELECT compte FROM domaines WHERE domaine= ?;", array($domain));
|
||||
if ($db->num_rows()) {
|
||||
$err->raise("dom", _("The domain already exist"));
|
||||
return false;
|
||||
}
|
||||
$db->query("SELECT compte FROM `sub_domaines` WHERE sub != \"\" AND concat( sub, \".\", domaine )='$domain' OR domaine='$domain';");
|
||||
$db->query("SELECT compte FROM `sub_domaines` WHERE sub != \"\" AND concat( sub, \".\", domaine )= ? OR domaine= ?;", array($domain, $domain));
|
||||
if ($db->num_rows()) {
|
||||
$err->raise("dom", _("The domain already exist"));
|
||||
return false;
|
||||
|
|
@ -772,7 +762,7 @@ class m_dom {
|
|||
} else {
|
||||
$gesmx = "0"; // do not host mx by default if not hosting the DNS
|
||||
}
|
||||
$db->query("INSERT INTO domaines (compte,domaine,gesdns,gesmx,noerase,dns_action) VALUES ('$cuid','$domain','$dns','$gesmx','$noerase','UPDATE');");
|
||||
$db->query("INSERT INTO domaines (compte,domaine,gesdns,gesmx,noerase,dns_action) VALUES (?, ?, ?, ?, ?, 'UPDATE');", array($cuid,$domain,$dns,$gesmx,$noerase));
|
||||
if (!($id = $db->lastid())) {
|
||||
$err->raise("dom", _("An unexpected error occured when creating the domain"));
|
||||
return false;
|
||||
|
|
@ -780,7 +770,7 @@ class m_dom {
|
|||
|
||||
if ($isslave) {
|
||||
$isslave = true;
|
||||
$db->query("SELECT domaine FROM domaines WHERE compte='$cuid' AND domaine='$slavedom';");
|
||||
$db->query("SELECT domaine FROM domaines WHERE compte= ? AND domaine= ?;", array($cuid, $slavedom));
|
||||
$db->next_record();
|
||||
if (!$db->Record["domaine"]) {
|
||||
$err->raise("dom", _("Domain '%s' not found"), $slavedom);
|
||||
|
|
@ -891,9 +881,9 @@ class m_dom {
|
|||
$err->log("dom", "update_one_default");
|
||||
|
||||
if ($id == null) {
|
||||
$db->query("INSERT INTO default_subdomains values ('','" . addslashes($sub) . "','" . addslashes($domain_type) . "','" . addslashes($domain_type_parameter) . "','" . addslashes($concerned) . "','" . addslashes($enabled) . "');");
|
||||
$db->query("INSERT INTO default_subdomains values ('', ?, ?, ?, ?, ?);", array($sub, $domain_type, $domain_type_parameter, $concerned, $enabled));
|
||||
} else {
|
||||
$db->query("UPDATE default_subdomains set sub='" . addslashes($sub) . "', domain_type='" . addslashes($domain_type) . "',domain_type_parameter='" . addslashes($domain_type_parameter) . "',concerned='" . addslashes($concerned) . "',enabled='" . addslashes($enabled) . "' where id=" . addslashes($id) . ";");
|
||||
$db->query("UPDATE default_subdomains set sub= ?, domain_type= ?, domain_type_parameter= ?, concerned= ?, enabled= ? where id= ?;", array($sub, $domain_type, $domain_type_parameter, $concerned, $enabled, $id));
|
||||
}
|
||||
return true;
|
||||
//update
|
||||
|
|
@ -903,7 +893,7 @@ class m_dom {
|
|||
global $err, $db;
|
||||
$err->log("dom", "del_default_type");
|
||||
|
||||
if (!$db->query("delete from default_subdomains where id=$id;")) {
|
||||
if (!$db->query("delete from default_subdomains where id= ?;", array($id))) {
|
||||
$err->raise("dom", _("Could not delete default type"));
|
||||
return false;
|
||||
}
|
||||
|
|
@ -1173,7 +1163,7 @@ class m_dom {
|
|||
}
|
||||
$r = array();
|
||||
$r["name"] = $dom;
|
||||
$db->query("SELECT * FROM domaines WHERE compte='$cuid' AND domaine='$dom'");
|
||||
$db->query("SELECT * FROM domaines WHERE compte= ? AND domaine= ?;", array($cuid, $dom));
|
||||
if ($db->num_rows() == 0) {
|
||||
$err->raise("dom", sprintf(_("Domain '%s' not found"), $dom));
|
||||
return false;
|
||||
|
|
@ -1187,12 +1177,12 @@ class m_dom {
|
|||
$r["zonettl"] = $db->Record["zonettl"];
|
||||
$r['noerase'] = $db->Record['noerase'];
|
||||
$db->free();
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM sub_domaines WHERE compte='$cuid' AND domaine='$dom'");
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM sub_domaines WHERE compte= ? AND domaine= ?;", array($cuid, $dom));
|
||||
$db->next_record();
|
||||
$r["nsub"] = $db->Record["cnt"];
|
||||
$db->free();
|
||||
#$db->query("SELECT sd.*, dt.description AS type_desc, dt.only_dns FROM sub_domaines sd, domaines_type dt WHERE compte='$cuid' AND domaine='$dom' AND UPPER(dt.name)=UPPER(sd.type) ORDER BY sd.sub,sd.type");
|
||||
$db->query("SELECT sd.*, dt.description AS type_desc, dt.only_dns, dt.advanced FROM sub_domaines sd LEFT JOIN domaines_type dt on UPPER(dt.name)=UPPER(sd.type) WHERE compte='$cuid' AND domaine='$dom' ORDER BY dt.advanced,sd.sub,sd.type ;");
|
||||
$db->query("SELECT sd.*, dt.description AS type_desc, dt.only_dns, dt.advanced FROM sub_domaines sd LEFT JOIN domaines_type dt on UPPER(dt.name)=UPPER(sd.type) WHERE compte= ? AND domaine= ? ORDER BY dt.advanced,sd.sub,sd.type ;", array($cuid, $dom));
|
||||
// Pas de webmail, on le cochera si on le trouve.
|
||||
$r["sub"] = array();
|
||||
for ($i = 0; $i < $r["nsub"]; $i++) {
|
||||
|
|
@ -1238,7 +1228,7 @@ class m_dom {
|
|||
$err->raise("dom", _("--- Program error --- No lock on the domains!"));
|
||||
return false;
|
||||
}
|
||||
$db->query("select sd.*, dt.description as type_desc, dt.only_dns, dt.advanced from sub_domaines sd, domaines_type dt where compte='$cuid' and sd.id='$sub_domain_id' and upper(dt.name)=upper(sd.type) ORDER BY dt.advanced, sd.sub;");
|
||||
$db->query("select sd.*, dt.description as type_desc, dt.only_dns, dt.advanced from sub_domaines sd, domaines_type dt where compte= ? and sd.id= ? and upper(dt.name)=upper(sd.type) ORDER BY dt.advanced, sd.sub;", array($cuid, $sub_domain_id));
|
||||
if ($db->num_rows() == 0) {
|
||||
$err->raise("dom", _("The sub-domain does not exist"));
|
||||
return false;
|
||||
|
|
@ -1347,14 +1337,14 @@ class m_dom {
|
|||
$err->log("dom", "can_create_subdomain", $dom . "/" . $sub);
|
||||
|
||||
// Get the compatibility list for this domain type
|
||||
$db->query("select upper(compatibility) as compatibility from domaines_type where upper(name)=upper('$type');");
|
||||
$db->query("select upper(compatibility) as compatibility from domaines_type where upper(name)=upper(?);", array($type));
|
||||
if (!$db->next_record()) {
|
||||
return false;
|
||||
}
|
||||
$compatibility_lst = explode(",", $db->f('compatibility'));
|
||||
|
||||
// Get the list of type of subdomains already here who have the same name
|
||||
$db->query("select * from sub_domaines where sub='$sub' and domaine='$dom' and not id = $sub_domain_id and web_action != 'DELETE' and enabled not in ('DISABLED', 'DISABLE') ");
|
||||
$db->query("select * from sub_domaines where sub= ? and domaine= ? and not id = ? and web_action != 'DELETE' and enabled not in ('DISABLED', 'DISABLE') ", array($sub, $dom, $sub_domain_id));
|
||||
#$db->query("select * from sub_domaines where sub='$sub' and domaine='$dom';");
|
||||
while ($db->next_record()) {
|
||||
// And if there is a domain with a incompatible type, return false
|
||||
|
|
@ -1425,7 +1415,7 @@ class m_dom {
|
|||
}
|
||||
|
||||
// Re-create the one we want
|
||||
if (!$db->query("replace into sub_domaines (compte,domaine,sub,valeur,type,web_action) values ('$cuid','$dom','$sub','$dest','$type','UPDATE');")) {
|
||||
if (!$db->query("replace into sub_domaines (compte,domaine,sub,valeur,type,web_action) values (?, ?, ?, ?, ?, 'UPDATE');", array( $cuid , $dom , $sub , $dest , $type ))) {
|
||||
echo "query failed: " . $db->Error;
|
||||
return false;
|
||||
}
|
||||
|
|
@ -1433,7 +1423,7 @@ class m_dom {
|
|||
// Create TMP dir and TARGET dir if needed by the domains_type
|
||||
$dest_root = $bro->get_userid_root($cuid);
|
||||
//$domshort = $this->domshort($dom, $sub);
|
||||
$db->query("select create_tmpdir, create_targetdir from domaines_type where name = '$type';");
|
||||
$db->query("select create_tmpdir, create_targetdir from domaines_type where name = ?;", array($type));
|
||||
$db->next_record();
|
||||
if ($db->f('create_tmpdir')) {
|
||||
if (!is_dir($dest_root . "/tmp")) {
|
||||
|
|
@ -1456,7 +1446,7 @@ class m_dom {
|
|||
}
|
||||
|
||||
// Tell to update the DNS file
|
||||
$db->query("update domaines set dns_action='UPDATE' where domaine='$dom';");
|
||||
$db->query("update domaines set dns_action='UPDATE' where domaine= ?;", array($dom));
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
@ -1481,8 +1471,8 @@ class m_dom {
|
|||
$err->raise("dom", _("The sub-domain does not exist"));
|
||||
return false;
|
||||
} else {
|
||||
$db->query("update sub_domaines set web_action='DELETE' where id='$sub_domain_id'; ");
|
||||
$db->query("update domaines set dns_action='UPDATE' where domaine='" . $r['domain'] . "';");
|
||||
$db->query("update sub_domaines set web_action='DELETE' where id= ?; ", array($sub_domain_id));
|
||||
$db->query("update domaines set dns_action='UPDATE' where domaine= ?;", array($r['domain']));
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
|
@ -1586,7 +1576,7 @@ class m_dom {
|
|||
$hooks->invoke("hook_dom_del_mx_domain", array($r["id"]));
|
||||
}
|
||||
|
||||
$db->query("UPDATE domaines SET gesdns='$dns', gesmx='$gesmx', zonettl='$ttl' WHERE domaine='$dom'");
|
||||
$db->query("UPDATE domaines SET gesdns= ?, gesmx= ?, zonettl= ? WHERE domaine= ?", array($dns, $gesmx, $ttl, $dom));
|
||||
$this->set_dns_action($dom, 'UPDATE');
|
||||
|
||||
return true;
|
||||
|
|
@ -1628,12 +1618,12 @@ class m_dom {
|
|||
if ($class < 8 || $class > 32) {
|
||||
$class = 32;
|
||||
}
|
||||
$db->query("SELECT * FROM slaveip WHERE ip='$ip' AND class='$class';");
|
||||
$db->query("SELECT * FROM slaveip WHERE ip= ? AND class= ?;", array($ip, $class));
|
||||
if ($db->next_record()) {
|
||||
$err->raise("err", _("The requested domain is forbidden in this server, please contact the administrator"));
|
||||
return false;
|
||||
}
|
||||
$db->query("INSERT INTO slaveip (ip,class) VALUES ('$ip','$class');");
|
||||
$db->query("INSERT INTO slaveip (ip,class) VALUES (?, ?);", array($ip, $class));
|
||||
$f = fopen(SLAVE_FLAG, "w");
|
||||
fputs($f, "yopla");
|
||||
fclose($f);
|
||||
|
|
@ -1650,7 +1640,7 @@ class m_dom {
|
|||
$err->raise("dom", _("The IP address you entered is incorrect"));
|
||||
return false;
|
||||
}
|
||||
$db->query("DELETE FROM slaveip WHERE ip='$ip'");
|
||||
$db->query("DELETE FROM slaveip WHERE ip= ?;", array($ip));
|
||||
$f = fopen(SLAVE_FLAG, "w");
|
||||
fputs($f, "yopla");
|
||||
fclose($f);
|
||||
|
|
@ -1663,7 +1653,7 @@ class m_dom {
|
|||
*/
|
||||
function check_slave_account($login, $pass) {
|
||||
global $db;
|
||||
$db->query("SELECT * FROM slaveaccount WHERE login='$login' AND pass='$pass';");
|
||||
$db->query("SELECT * FROM slaveaccount WHERE login= ? AND pass= ?;", array($login, $pass));
|
||||
if ($db->next_record()) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -1692,6 +1682,7 @@ class m_dom {
|
|||
/* ----------------------------------------------------------------- */
|
||||
|
||||
/** Returns the complete hosted domain list :
|
||||
* @TODO:EM: this has to be escaped
|
||||
*/
|
||||
function get_domain_list($uid = -1) {
|
||||
global $db;
|
||||
|
|
@ -1736,7 +1727,7 @@ class m_dom {
|
|||
function get_domain_byid($dom_id) {
|
||||
global $db, $err, $cuid;
|
||||
$dom_id = intval($dom_id);
|
||||
$db->query("SELECT domaine FROM domaines WHERE id=$dom_id AND compte=$cuid;");
|
||||
$db->query("SELECT domaine FROM domaines WHERE id= ? AND compte= ?;", array($dom_id, $cuid));
|
||||
if ($db->next_record()) {
|
||||
$domain = $db->f("domaine");
|
||||
if (!$domain) {
|
||||
|
|
@ -1760,7 +1751,7 @@ class m_dom {
|
|||
function get_domain_byname($domain) {
|
||||
global $db, $err, $cuid;
|
||||
$domain = trim($domain);
|
||||
$db->query("SELECT id FROM domaines WHERE domaine='" . addslashes($domain) . "' AND compte=$cuid;");
|
||||
$db->query("SELECT id FROM domaines WHERE domaine= ? AND compte= ?;", array($domain, $cuid));
|
||||
if ($db->next_record()) {
|
||||
$id = $db->f("id");
|
||||
if (!$id) {
|
||||
|
|
@ -1812,12 +1803,12 @@ class m_dom {
|
|||
*/
|
||||
function add_slave_account($login, $pass) {
|
||||
global $db, $err;
|
||||
$db->query("SELECT * FROM slaveaccount WHERE login='$login'");
|
||||
$db->query("SELECT * FROM slaveaccount WHERE login= ?", array($login));
|
||||
if ($db->next_record()) {
|
||||
$err->raise("dom", _("The specified slave account already exists"));
|
||||
return false;
|
||||
}
|
||||
$db->query("INSERT INTO slaveaccount (login,pass) VALUES ('$login','$pass')");
|
||||
$db->query("INSERT INTO slaveaccount (login,pass) VALUES (?, ?)", array($login, $pass));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1827,7 +1818,7 @@ class m_dom {
|
|||
*/
|
||||
function del_slave_account($login) {
|
||||
global $db, $err;
|
||||
$db->query("DELETE FROM slaveaccount WHERE login='$login'");
|
||||
$db->query("DELETE FROM slaveaccount WHERE login= ?", array($login));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -1912,7 +1903,7 @@ class m_dom {
|
|||
global $db, $err, $cuid;
|
||||
$err->log("dom", "get_quota");
|
||||
$q = Array("name" => "dom", "description" => _("Domain name"), "used" => 0);
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM domaines WHERE compte='$cuid'");
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM domaines WHERE compte= ?", array($cuid));
|
||||
if ($db->next_record()) {
|
||||
$q['used'] = $db->f("cnt");
|
||||
}
|
||||
|
|
@ -1974,6 +1965,7 @@ class m_dom {
|
|||
* If no parameters, return the parameters for ALL the vhost.
|
||||
* Optionnal parameters: id of the sub_domaines
|
||||
*
|
||||
* @TODO:EM: This has to be escaped
|
||||
* */
|
||||
function generation_parameters($id = null, $only_apache = true) {
|
||||
global $db, $err;
|
||||
|
|
@ -2150,13 +2142,13 @@ order by
|
|||
*/
|
||||
function set_dns_action($domain, $dns_action) {
|
||||
global $db;
|
||||
$db->query("UPDATE domaines SET dns_action='" . mysql_escape_string($dns_action) . "' WHERE domaine='" . mysql_escape_string($domain) . "'; ");
|
||||
$db->query("UPDATE domaines SET dns_action= ? WHERE domaine= ?; ", array($dns_action, $domain));
|
||||
return true;
|
||||
}
|
||||
|
||||
function set_dns_result($domain, $dns_result) {
|
||||
global $db;
|
||||
$db->query("UPDATE domaines SET dns_result='" . mysql_escape_string($dns_result) . "' WHERE domaine='" . mysql_escape_string($domain) . "'; ");
|
||||
$db->query("UPDATE domaines SET dns_result= ? WHERE domaine= ?; ", array($dns_result, $domain));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue