kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[wip] Passing mysql request params into array arguments for the query method (part 2)

This commit is contained in:
Emmanuel Monbroussou 2016-05-17 18:57:01 +02:00
parent 13ee5ce1dc
commit 3665aabc96
5 changed files with 119 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
bureau/class/m_ftp.php
View File

@ -118,7 +118,7 @@ class m_ftp {
// Be sure what is in $status, in case of it was a parameter
$status = ($status ? 'true' : 'false');
if (!$db->query("UPDATE ftpusers SET enabled = $status WHERE uid = '$cuid' AND id = '$id' ;")) {
if (!$db->query("UPDATE ftpusers SET enabled = ? WHERE uid = ? AND id = ? ;", array($status, $cuid, $id))) {
$err->raise('ftp', _("Error during update"));
return false;
} else {
@ -140,7 +140,7 @@ class m_ftp {
global $db, $err, $cuid;
$err->log("ftp", "get_list");
$r = array();
$db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid='$cuid' ORDER BY name;");
$db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid= ? ORDER BY name;", array($cuid));
if ($db->num_rows()) {
while ($db->next_record()) {
$r[] = array(
@ -169,7 +169,7 @@ class m_ftp {
global $db, $err, $cuid;
$err->log("ftp", "get_ftp_details", $id);
$r = array();
$db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid='$cuid' AND id='$id';");
$db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid= ? AND id= ?;", array($cuid, $id));
if ($db->num_rows()) {
$db->next_record();
@ -206,7 +206,7 @@ class m_ftp {
global $db, $mem, $cuid;
$r = array();
$r[] = $mem->user["login"];
$db->query("SELECT domaine FROM domaines WHERE compte='$cuid' ORDER BY domaine;");
$db->query("SELECT domaine FROM domaines WHERE compte= ? ORDER BY domaine;", array($cuid));
while ($db->next_record()) {
$r[] = $db->f("domaine");
}
@ -274,7 +274,7 @@ class m_ftp {
function put_ftp_details($id, $prefixe, $login, $pass, $dir) {
global $db, $err, $bro, $cuid, $admin;
$err->log("ftp", "put_ftp_details", $id);
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE id='$id' and uid='$cuid';");
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE id= ? and uid= ?;", array($id, $cuid));
$db->next_record();
if (!$db->f("cnt")) {
$err->raise("ftp", _("This FTP account does not exist"));
@ -297,7 +297,7 @@ class m_ftp {
if (!$this->check_login($full_login)) {
return false;
}
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE id!='$id' AND name='$full_login';");
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE id!= ? AND name= ?;", array($id, $full_login));
$db->next_record();
if ($db->f("cnt")) {
$err->raise("ftp", _("This FTP account already exists"));
@ -320,9 +320,9 @@ class m_ftp {
}
}
$encrypted_password = _md5cr($pass, strrev(microtime(true)));
$db->query("UPDATE ftpusers SET name='" . $full_login . "', password='', encrypted_password='$encrypted_password', homedir='$absolute', uid='$cuid' WHERE id='$id';");
$db->query("UPDATE ftpusers SET name= ? , password='', encrypted_password= ?, homedir= ?, uid= ? WHERE id= ?;", array($full_login, $encrypted_password, $absolute, $cuid, $id));
} else {
$db->query("UPDATE ftpusers SET name='" . $full_login . "', homedir='$absolute', uid='$cuid' WHERE id='$id';");
$db->query("UPDATE ftpusers SET name= ? , homedir= ? , uid= ? WHERE id= ? ;", array($full_login, $absolute, $cuid, $id));
}
return true;
}
@ -336,14 +336,14 @@ class m_ftp {
function delete_ftp($id) {
global $db, $err, $cuid;
$err->log("ftp", "delete_ftp", $id);
$db->query("SELECT name FROM ftpusers WHERE id='$id' and uid='$cuid';");
$db->query("SELECT name FROM ftpusers WHERE id= ? and uid= ? ;", array($id, $cuid));
$db->next_record();
$name = $db->f("name");
if (!$name) {
$err->raise("ftp", _("This FTP account does not exist"));
return false;
}
$db->query("DELETE FROM ftpusers WHERE id='$id'");
$db->query("DELETE FROM ftpusers WHERE id= ? ;", array($id));
return $name;
}
@ -380,13 +380,13 @@ class m_ftp {
if (!$this->check_login($full_login)) {
return false;
}
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name='" . $full_login . "'");
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name= ? ;", array($full_login));
$db->next_record();
if ($db->f("cnt")) {
$err->raise("ftp", _("This FTP account already exists"));
return false;
}
$db->query("SELECT login FROM membres WHERE uid='$cuid';");
$db->query("SELECT login FROM membres WHERE uid= ? ;", array($cuid));
$db->next_record();
$absolute = getuserpath() . "/$dir";
if (!file_exists($absolute)) {
@ -406,7 +406,7 @@ class m_ftp {
if ($quota->cancreate("ftp")) {
$encrypted_password = _md5cr($pass, strrev(microtime(true)));
$db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('" . $full_login . "', '', '$encrypted_password', '$absolute', '$cuid')");
$db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ( ?, '', ?, ?, ?)", array($full_login, $encrypted_password, $absolute, $cuid));
return true;
} else {
$err->raise("ftp", _("Your FTP account quota is over. You cannot create more ftp accounts"));
@ -426,7 +426,7 @@ class m_ftp {
if (substr($dir, 0, 1) == "/") {
$dir = substr($dir, 1);
}
$db->query("SELECT id FROM ftpusers WHERE homedir='" . getuserpath() . "/$dir';");
$db->query("SELECT id FROM ftpusers WHERE homedir= ? ;", array( getuserpath() . "/" .$dir ));
if ($db->num_rows()) {
$db->next_record();
return $db->f("id");
@ -444,7 +444,7 @@ class m_ftp {
function alternc_del_domain($dom) {
global $db, $err, $cuid;
$err->log("ftp", "alternc_del_domain", $dom);
$db->query("DELETE FROM ftpusers WHERE uid='$cuid' AND ( name LIKE '$dom\_%' OR name LIKE '$dom') ");
$db->query("DELETE FROM ftpusers WHERE uid= ? AND ( name LIKE ? OR name LIKE ?) ", array($cuid, $dom."\_%", $dom));
return true;
}
@ -456,7 +456,7 @@ class m_ftp {
function alternc_del_member() {
global $db, $err, $cuid;
$err->log("ftp", "alternc_del_member");
$db->query("DELETE FROM ftpusers WHERE uid='$cuid'");
$db->query("DELETE FROM ftpusers WHERE uid= ?", array($cuid));
return true;
}
@ -472,7 +472,7 @@ class m_ftp {
global $db, $err, $cuid;
$err->log("ftp", "getquota");
$q = Array("name" => "ftp", "description" => _("FTP accounts"), "used" => 0);
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE uid='$cuid'");
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE uid= ? ", array($cuid));
if ($db->next_record()) {
$q['used'] = $db->f("cnt");
}

4
bureau/class/m_lxc.php
View File

@ -71,7 +71,7 @@ class m_lxc implements vm {
function hook_admin_del_member() {
global $db, $err, $cuid;
$err->log("lxc", "alternc_del_member");
$db->query("DELETE FROM vm_history WHERE uid='$cuid'");
$db->query("DELETE FROM vm_history WHERE uid= ?", array($cuid));
return true;
}
@ -153,7 +153,7 @@ class m_lxc implements vm {
$err->raise('lxc', _($msg));
return FALSE;
}
$db->query("INSERT INTO vm_history (ip,date_start,uid,serialized_object) VALUES ('$hostname', $date_start, '$uid', '$res')");
$db->query("INSERT INTO vm_history (ip,date_start,uid,serialized_object) VALUES (?, ?, ?, ?);", array($hostname, $date_start, $uid, $res));
return $res;
}
}

95
bureau/class/m_mail.php
View File

@ -139,7 +139,7 @@ class m_mail {
'type' => '',
);
$db->query("select r.recipients as dst, a.id mail_id from address a, recipient r where a.domain_id = $domain_id and r.address_id = a.id and a.address='';");
$db->query("select r.recipients as dst, a.id mail_id from address a, recipient r where a.domain_id = ? and r.address_id = a.id and a.address='';", array($domain_id));
if ($db->next_record()) {
$rr['target'] = $db->f('dst');
$rr['mail_id'] = $db->f('mail_id');
@ -204,7 +204,7 @@ class m_mail {
global $db, $err, $cuid;
$err->log("mail", "getquota");
$q = Array("name" => "mail", "description" => _("Email addresses"), "used" => 0);
$db->query("SELECT COUNT(*) AS cnt FROM address a, domaines d WHERE a.domain_id=d.id AND d.compte=$cuid AND a.type='';");
$db->query("SELECT COUNT(*) AS cnt FROM address a, domaines d WHERE a.domain_id=d.id AND d.compte= ? AND a.type='';", array($cuid));
if ($db->next_record()) {
$q['used'] = $db->f("cnt");
}
@ -239,14 +239,14 @@ SELECT
FROM
domaines d LEFT JOIN address a ON (d.id=a.domain_id AND a.type='')
WHERE
d.compte = $uid
d.compte = ?
and d.gesmx = 1
GROUP BY
d.id
ORDER BY
d.domaine
;
");
", array($uid));
$this->enum_domains = array();
while ($db->next_record()) {
$this->enum_domains[] = $db->Record;
@ -275,7 +275,7 @@ ORDER BY
return false;
}
// Check the availability
$db->query("SELECT a.id FROM address a WHERE a.domain_id=" . $dom_id . " AND a.address='" . addslashes($login) . "';");
$db->query("SELECT a.id FROM address a WHERE a.domain_id= ? AND a.address= ?;", array($dom_id, $login));
if ($db->next_record()) {
return false;
} else {
@ -290,6 +290,7 @@ ORDER BY
* @param $offset integer skip THAT much emails in the result.
* @param $count integer return no more than THAT much emails. -1 for ALL. Offset is ignored then.
* @result an array of each mail hosted under the domain.
* @TODO:EM: It has to be escaped
*/
function enum_domain_mails($dom_id = null, $search = "", $offset = 0, $count = 30, $show_systemmails = false) {
@ -381,13 +382,13 @@ ORDER BY
return false;
}
// Already exists?
$db->query("SELECT * FROM address WHERE domain_id=" . $dom_id . " AND address='" . addslashes($mail) . "';");
$db->query("SELECT * FROM address WHERE domain_id= ? AND address= ? ;", array($dom_id, $mail));
if ($db->next_record()) {
$err->raise("mail", _("This email address already exists"));
return false;
}
// Create it now
$db->query("INSERT INTO address (domain_id, address,type) VALUES ($dom_id, '" . addslashes($mail) . "','$type');");
$db->query("INSERT INTO address (domain_id, address,type) VALUES (?, ?, ?);", array($dom_id, $mail, $type));
if (!($id = $db->lastid())) {
$err->raise("mail", _("An unexpected error occured when creating the email"));
return false;
@ -412,7 +413,7 @@ ORDER BY
}
// We fetch all the informations for that email: these will fill the hastable :
$db->query("SELECT a.id, a.address, a.password, a.enabled, d.domaine AS domain, m.path, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.mail_action, m.mail_action AS mailbox_action FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d WHERE a.id=" . $mail_id . " AND d.id=a.domain_id;");
$db->query("SELECT a.id, a.address, a.password, a.enabled, d.domaine AS domain, m.path, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.mail_action, m.mail_action AS mailbox_action FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d WHERE a.id= ? AND d.id=a.domain_id;", array($mail_id));
if (!$db->next_record()) {
return false;
}
@ -442,7 +443,7 @@ ORDER BY
if (isset($this->isitmy_cache[$mail_id])) {
return $this->isitmy_cache[$mail_id];
}
$db->query("SELECT concat(a.address,'@',d.domaine) AS email FROM address a, domaines d WHERE d.id=a.domain_id AND a.id=$mail_id AND d.compte=$cuid;");
$db->query("SELECT concat(a.address,'@',d.domaine) AS email FROM address a, domaines d WHERE d.id=a.domain_id AND a.id= ? AND d.compte= ?;", array($mail_id, $cuid));
if ($db->next_record()) {
return $this->isitmy_cache[$mail_id] = $db->f("email");
} else {
@ -467,10 +468,10 @@ ORDER BY
$this->delete($one["id"]);
}
}
$db->query("SELECT domaine FROM domaines WHERE id=$domain_id;");
$db->query("SELECT domaine FROM domaines WHERE id= ? ;", array($domain_id));
if ($db->next_record()) {
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine='" . addslashes($db->Record["domaine"]) . "' AND type='txt' AND (sub='' AND valeur LIKE 'v=spf1 %') OR (sub='_dmarc' AND valeur LIKE 'v=dmarc1;%');");
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE id=$domain_id;");
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine= ? AND type='txt' AND (sub='' AND valeur LIKE 'v=spf1 %') OR (sub='_dmarc' AND valeur LIKE 'v=dmarc1;%');", array($db->Record["domaine"]));
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE id= ? ;", array($domain_id));
}
return true;
@ -479,7 +480,7 @@ ORDER BY
// return the alternc account's ID of the mail_id
function get_account_by_mail_id($mail_id) {
global $db;
$db->query("select compte as uid from domaines d, address a where a.domain_id = d.id and a.id = $mail_id");
$db->query("select compte as uid from domaines d, address a where a.domain_id = d.id and a.id = ? ;", array($mail_id));
if (!$db->next_record()) {
return false;
}
@ -514,7 +515,7 @@ ORDER BY
$hooks->invoke('hook_mail_delete', array($mail_id, $mailinfos['address'] . '@' . $mailinfos['domain']));
// Search for that address:
$db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id='$mail_id';");
$db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id= ? ;", array($mail_id));
if (!$db->next_record()) {
$err->raise("mail", _("The email %s does not exist, it can't be deleted"), $mail);
return false;
@ -527,14 +528,14 @@ ORDER BY
if ($db->f("islocal")) {
// If it's a pop/imap mailbox, mark it for deletion
$db->query("UPDATE address SET mail_action='DELETE', enabled=0 WHERE id='$mail_id';");
$db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id='$mail_id';");
$db->query("UPDATE address SET mail_action='DELETE', enabled=0 WHERE id= ?;", array($mail_id));
$db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id= ?;", array($mail_id));
$err->raise("mail", _("The email %s has been marked for deletion"), $mail);
} else {
// If it's only aliases, delete it NOW.
$db->query("DELETE FROM address WHERE id='$mail_id';");
$db->query("DELETE FROM mailbox WHERE address_id='$mail_id';");
$db->query("DELETE FROM recipient WHERE address_id='$mail_id';");
$db->query("DELETE FROM address WHERE id= ? ;", array($mail_id));
$db->query("DELETE FROM mailbox WHERE address_id= ? ;", array($mail_id));
$db->query("DELETE FROM recipient WHERE address_id= ? ;", array($mail_id));
$err->raise("mail", _("The email %s has been successfully deleted"), $mail);
}
return true;
@ -565,7 +566,7 @@ ORDER BY
}
// Search for that address:
$db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id='$mail_id';");
$db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id= ? ;", array($mail_id));
if (!$db->next_record()) {
$err->raise("mail", _("The email %s does not exist, it can't be undeleted"), $mail);
return false;
@ -582,8 +583,8 @@ ORDER BY
if ($db->f("islocal")) {
// If it's a pop/imap mailbox, mark it for deletion
$db->query("UPDATE address SET mail_action='OK', `enabled`=1 WHERE id='$mail_id';");
$db->query("UPDATE mailbox SET mail_action='OK' WHERE address_id='$mail_id';");
$db->query("UPDATE address SET mail_action='OK', `enabled`=1 WHERE id= ?;", array($mail_id));
$db->query("UPDATE mailbox SET mail_action='OK' WHERE address_id= ? ;", array($mail_id));
$err->raise("mail", _("The email %s has been undeleted"), $mail);
return true;
} else {
@ -609,7 +610,7 @@ ORDER BY
if (!$admin->checkPolicy("pop", $email, $pass)) {
return false;
}
if (!$db->query("UPDATE address SET password='" . _md5cr($pass) . "' where id=$mail_id;")) {
if (!$db->query("UPDATE address SET password= ? where id = ? ;", array(_md5cr($pass), $mail_id ))) {
return false;
}
return true;
@ -627,7 +628,7 @@ ORDER BY
if (!($email = $this->is_it_my_mail($mail_id))) {
return false;
}
if (!$db->query("UPDATE address SET `enabled`=1 where id=$mail_id;")) {
if (!$db->query("UPDATE address SET `enabled`=1 where id= ? ;", array($mail_id))) {
return false;
}
return true;
@ -645,7 +646,7 @@ ORDER BY
if (!($email = $this->is_it_my_mail($mail_id))) {
return false;
}
if (!$db->query("UPDATE address SET `enabled`=0 where id=$mail_id;")) {
if (!$db->query("UPDATE address SET `enabled`=0 where id= ? ;", array($mail_id))) {
return false;
}
return true;
@ -665,14 +666,13 @@ ORDER BY
*/
function set_details($mail_id, $islocal, $quotamb, $recipients, $delivery = "dovecot", $dontcheck = false) {
global $err, $db;
$delivery = mysql_real_escape_string($delivery);
$err->log("mail", "set_details");
if (!($me = $this->get_details($mail_id))) {
return false;
}
if ($me["islocal"] && !$islocal) {
// delete pop
$db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id=" . $mail_id . ";");
$db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id= ? ;", array($mail_id));
}
if (!$me["islocal"] && $islocal) {
// create pop
@ -692,10 +692,10 @@ ORDER BY
break;
}
}
$db->query("INSERT INTO mailbox SET address_id=$mail_id, delivery='$delivery', path='" . addslashes($path) . "';");
$db->query("INSERT INTO mailbox SET address_id= ? , delivery= ?, path= ? ;", array($mail_id, $delivery, $path));
}
if ($me["islocal"] && $islocal && $me["mailbox_action"] == "DELETE") {
$db->query("UPDATE mailbox SET mail_action='OK' WHERE mail_action='DELETE' AND address_id=" . $mail_id . ";");
$db->query("UPDATE mailbox SET mail_action='OK' WHERE mail_action='DELETE' AND address_id= ? ;", array($mail_id));
}
if ($islocal) {
@ -703,7 +703,7 @@ ORDER BY
$quotamb = intval($me["used"] / 1024 / 1024) + 1;
$err->raise("mail", _("You set a quota smaller than the current mailbox size. Since it's not allowed, we set the quota to the current mailbox size"));
}
$db->query("UPDATE mailbox SET quota=" . intval($quotamb) . " WHERE address_id=" . $mail_id . ";");
$db->query("UPDATE mailbox SET quota= ? WHERE address_id= ? ;", array($quotamb, $mail_id));
}
$recipients = preg_replace('/[\r\t\s]/', "\n", $recipients); // Handle space AND new line
@ -716,9 +716,9 @@ ORDER BY
$red.=$m . "\n";
}
}
$db->query("DELETE FROM recipient WHERE address_id=" . $mail_id . ";");
$db->query("DELETE FROM recipient WHERE address_id= ? ;", array($mail_id));
if (isset($red) && $red) {
$db->query("INSERT INTO recipient SET address_id=" . $mail_id . ", recipients='" . addslashes($red) . "';");
$db->query("INSERT INTO recipient SET address_id= ?, recipients= ? ;", array($mail_id, $red));
}
if (!$islocal && !$red) {
$err->raise("mail", _("Warning: you created an email which is not an alias, and not a POP/IMAP mailbox. This is certainly NOT what you want to do. To fix this, edit the email address and check 'Yes' in POP/IMAP account, or set some recipients in the redirection field."));
@ -847,9 +847,7 @@ ORDER BY
*/
function check_slave_account($login, $pass) {
global $db;
$login = mysql_real_escape_string($login);
$pass = mysql_real_escape_string($pass);
$db->query("SELECT * FROM mxaccount WHERE login='$login' AND pass='$pass';");
$db->query("SELECT * FROM mxaccount WHERE login= ? AND pass= ?;", array($login, $pass));
if ($db->next_record()) {
return true;
}
@ -894,14 +892,12 @@ ORDER BY
*/
function add_slave_account($login, $pass) {
global $db, $err;
$login = mysql_real_escape_string($login);
$pass = mysql_real_escape_string($pass);
$db->query("SELECT * FROM mxaccount WHERE login='$login'");
$db->query("SELECT * FROM mxaccount WHERE login= ? ;", array($login));
if ($db->next_record()) {
$err->raise("mail", _("The slave MX account was not found"));
return false;
}
$db->query("INSERT INTO mxaccount (login,pass) VALUES ('$login','$pass')");
$db->query("INSERT INTO mxaccount (login,pass) VALUES (?, ?);", array($login, $pass));
return true;
}
@ -913,8 +909,7 @@ ORDER BY
*/
function del_slave_account($login) {
global $db;
$login = mysql_real_escape_string($login);
$db->query("DELETE FROM mxaccount WHERE login='$login'");
$db->query("DELETE FROM mxaccount WHERE login= ? ;", array($login));
return true;
}
@ -954,7 +949,7 @@ ORDER BY
}
$mailname = $db->f("value");
// set spf & dmarc for this domain
$db->query("SELECT domaine FROM domaines WHERE id=$domain_id;");
$db->query("SELECT domaine FROM domaines WHERE id= ?;", array($domain_id));
if ($db->next_record()) {
if ($spf = variable_get("default_spf_value")) {
$this->set_dns_spf($db->Record["domaine"], $spf);
@ -1015,15 +1010,15 @@ ORDER BY
$login = $mem->user["login"];
}
// Search for the record in sub_domaines table
$db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='" . addslashes($domain) . "' AND sub='' AND type='txt' AND valeur LIKE 'v=spf1 %' AND web_action!='DELETE';");
$db->query("SELECT * FROM sub_domaines WHERE compte= ? AND domaine= ? AND sub='' AND type='txt' AND valeur LIKE 'v=spf1 %' AND web_action!='DELETE';", array($uid, $domain));
if ($db->next_record()) {
if ($previous !== -1 && $db->Record["valeur"] == "v=spf1 " . $spf) {
return; // skip, no change asked.
}
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='" . $db->Record["id"] . "';");
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id= ? ;",array($db->Record["id"]));
}
$db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='" . addslashes($domain) . "', sub='', type='txt', valeur='" . addslashes("v=spf1 " . $spf) . "', web_action='UPDATE';");
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='" . addslashes($domain) . "';");
$db->query("INSERT INTO sub_domaines SET compte= ?, domaine= ?, sub='', type='txt', valeur= ? , web_action='UPDATE';", array($uid, $domain, "v=spf1 " . $spf));
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine= ?;", array($domain));
}
/* ----------------------------------------------------------------- */
@ -1048,15 +1043,15 @@ ORDER BY
$dmarc = str_replace("%%USERMAIL%%", $login . "@" . $L_FQDN, $dmarc);
// Search for the record in sub_domaines table
$db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='" . addslashes($domain) . "' AND sub='_dmarc' AND type='txt' AND valeur LIKE 'v=dmarc1;%' AND web_action!='DELETE';");
$db->query("SELECT * FROM sub_domaines WHERE compte= ? AND domaine= ? AND sub='_dmarc' AND type='txt' AND valeur LIKE 'v=dmarc1;%' AND web_action!='DELETE';", array($uid, $domain));
if ($db->next_record()) {
if ($previous !== -1 && $db->Record["valeur"] == "v=dmarc1;" . $dmarc) {
return; // skip, no change asked.
}
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='" . $db->Record["id"] . "';");
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id= ?;", array($db->Record["id"]));
}
$db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='" . addslashes($domain) . "', sub='_dmarc', type='txt', valeur='" . addslashes("v=dmarc1;" . $dmarc) . "', web_action='UPDATE';");
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='" . addslashes($domain) . "';");
$db->query("INSERT INTO sub_domaines SET compte= ?, domaine= ?, sub='_dmarc', type='txt', valeur= ?, web_action='UPDATE';", array($uid, $domain, "v=dmarc1;" . $dmarc));
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine= ?;", array($domain));
}
/* ----------------------------------------------------------------- */

72
bureau/class/m_mem.php
View File

@ -98,14 +98,14 @@ class m_mem {
$err->log("mem", "login", $username);
// $username=addslashes($username);
// $password=addslashes($password);
$db->query("select * from membres where login='$username';");
$db->query("select * from membres where login= ? ;", array($username));
if ($db->num_rows() == 0) {
$err->raise("mem", _("User or password incorrect"));
return false;
}
$db->next_record();
if (_md5cr($password, $db->f("pass")) != $db->f("pass")) {
$db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid='" . $db->f("uid") . "';");
$db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid= ? ;", array($db->f("uid")));
$err->raise("mem", _("User or password incorrect"));
return false;
}
@ -155,11 +155,11 @@ class m_mem {
/* Open the session : */
$sess = md5(uniqid(mt_rand()));
$_REQUEST["session"] = $sess;
$db->query("insert into sessions (sid,ip,uid) values ('$sess',$ip,'$cuid');");
$db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid));
setcookie("session", $sess, 0, "/");
$err->error = 0;
/* Fill in $local */
$db->query("SELECT * FROM local WHERE uid='$cuid';");
$db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
if ($db->num_rows()) {
$db->next_record();
$this->local = $db->Record;
@ -180,7 +180,7 @@ class m_mem {
function setid($id) {
global $db, $err, $cuid, $mysql, $quota;
$err->log("mem", "setid", $id);
$db->query("select * from membres where uid='$id';");
$db->query("select * from membres where uid= ? ;", array($id));
if ($db->num_rows() == 0) {
$err->raise("mem", _("User or password incorrect"));
return false;
@ -194,11 +194,11 @@ class m_mem {
$ip = get_remote_ip();
$sess = md5(uniqid(mt_rand()));
$_REQUEST["session"] = $sess;
$db->query("insert into sessions (sid,ip,uid) values ('$sess','$ip','$cuid');");
$db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid));
setcookie("session", $sess, 0, "/");
$err->error = 0;
/* Fill in $local */
$db->query("SELECT * FROM local WHERE uid='$cuid';");
$db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
if ($db->num_rows()) {
$db->next_record();
$this->local = $db->Record;
@ -213,16 +213,16 @@ class m_mem {
*/
function resetlast() {
global $db, $cuid;
$ip = addslashes(getenv("REMOTE_HOST"));
$ip = getenv("REMOTE_HOST");
if (!$ip) {
$ip = addslashes(get_remote_ip());
$ip = get_remote_ip();
}
$db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';");
$db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip= ? WHERE uid= ?;", array($ip, $cuid));
}
function authip_token($bis = false) {
global $db, $cuid;
$db->query("select pass from membres where uid='$cuid';");
$db->query("select pass from membres where uid= ?;", array($cuid));
$db->next_record();
$i = intval(time() / 3600);
if ($bis) {
@ -272,13 +272,13 @@ class m_mem {
return $this->login($_REQUEST["username"], $_REQUEST["password"], (isset($_REQUEST["restrictip"]) ? $_REQUEST["restrictip"] : 0));
}
} // end isset
$_COOKIE["session"] = isset($_COOKIE["session"]) ? addslashes($_COOKIE["session"]) : "";
$_COOKIE["session"] = isset($_COOKIE["session"]) ? $_COOKIE["session"] : "";
if (strlen($_COOKIE["session"]) != 32) {
$err->raise("mem", _("Identity lost or unknown, please login"));
return false;
}
$ip = get_remote_ip();
$db->query("select uid,'$ip' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'");
$db->query("select uid, ? as me,ip from sessions where sid= ?;", array($ip, $_COOKIE["session"]));
if ($db->num_rows() == 0) {
$err->raise("mem", _("Session unknown, contact the administrator"));
return false;
@ -297,12 +297,12 @@ class m_mem {
return false;
}
$db->query("select * from membres where uid='$cuid';");
$db->query("select * from membres where uid= ? ;", array($cuid));
$db->next_record();
$this->user = $db->Record;
$err->error = 0;
/* Remplissage de $local */
$db->query("SELECT * FROM local WHERE uid='$cuid';");
$db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
if ($db->num_rows()) {
$db->next_record();
$this->local = $db->Record;
@ -321,7 +321,7 @@ class m_mem {
if (!$this->olduid) {
$this->olduid = $cuid;
}
$db->query("select * from membres where uid='$uid';");
$db->query("select * from membres where uid= ? ;", array($uid));
if ($db->num_rows() == 0) {
$err->raise("mem", _("User or password incorrect"));
return false;
@ -359,7 +359,7 @@ class m_mem {
*/
function del_session() {
global $db, $user, $err, $cuid, $hooks;
$_COOKIE["session"] = addslashes(isset($_COOKIE["session"]) ? $_COOKIE["session"] : '');
$_COOKIE["session"] = isset($_COOKIE["session"]) ? $_COOKIE["session"] : '';
setcookie("session", "", 0, "/");
setcookie("oldid", "", 0, "/");
if ($_COOKIE["session"] == "") {
@ -371,7 +371,7 @@ class m_mem {
return false;
}
$ip = get_remote_ip();
$db->query("select uid,'$ip' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'");
$db->query("select uid, ? as me,ip from sessions where sid= ? ;", array($ip, $_COOKIE["session"]));
if ($db->num_rows() == 0) {
$err->raise("mem", _("Session unknown, contact the administrator"));
return false;
@ -382,7 +382,7 @@ class m_mem {
return false;
}
$cuid = $db->f("uid");
$db->query("delete from sessions where sid='" . $_COOKIE["session"] . "';");
$db->query("delete from sessions where sid= ? ;", array($_COOKIE["session"]));
$err->error = 0;
# Invoker le logout dans toutes les autres classes
@ -411,9 +411,6 @@ class m_mem {
function passwd($oldpass, $newpass, $newpass2) {
global $db, $err, $cuid, $admin;
$err->log("mem", "passwd");
$oldpass = stripslashes($oldpass);
$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass2);
if (!$this->user["canpass"]) {
$err->raise("mem", _("You are not allowed to change your password."));
return false;
@ -426,14 +423,14 @@ class m_mem {
$err->raise("mem", _("The new passwords are differents, please retry"));
return false;
}
$db->query("SELECT login FROM membres WHERE uid='$cuid';");
$db->query("SELECT login FROM membres WHERE uid= ? ;", array($cuid));
$db->next_record();
$login = $db->Record["login"];
if (!$admin->checkPolicy("mem", $login, $newpass)) {
return false; // The error has been raised by checkPolicy()
}
$newpass = _md5cr($newpass);
$db->query("UPDATE membres SET pass='$newpass' WHERE uid='$cuid';");
$db->query("UPDATE membres SET pass= ? WHERE uid= ?;", array($newpass, $cuid));
$err->error = 0;
return true;
}
@ -451,7 +448,7 @@ class m_mem {
$err->raise("mem", _("You must be a system administrator to do this."));
return false;
}
$db->query("UPDATE membres SET admlist='$admlist' WHERE uid='$cuid';");
$db->query("UPDATE membres SET admlist= ? WHERE uid= ?;", array($admlist, $cuid));
$err->error = 0;
return true;
}
@ -467,7 +464,7 @@ class m_mem {
function send_pass($login) {
global $err, $db, $L_HOSTING, $L_FQDN;
$err->log("mem", "send_pass");
$db->query("SELECT * FROM membres WHERE login='$login';");
$db->query("SELECT * FROM membres WHERE login= ? ;", array($login));
if (!$db->num_rows()) {
$err->raise("mem", _("This account is locked, contact the administrator."));
return false;
@ -497,7 +494,7 @@ If it happens again, please contact your server's Administrator.
Cordially.
"), $login, $L_HOSTING, $db->f("login"), $db->f("pass"));
mail($db->f("mail"), "Your password on $L_HOSTING", $txt, "From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
$db->query("UPDATE membres SET lastaskpass=" . time() . " WHERE login='$login';");
$db->query("UPDATE membres SET lastaskpass= ? WHERE login= ? ;", array(time(), $login));
return true;
}
@ -511,7 +508,7 @@ Cordially.
function ChangeMail1($newmail) {
global $err, $db, $L_HOSTING, $L_FQDN, $cuid;
$err->log("mem", "changemail1", $newmail);
$db->query("SELECT * FROM membres WHERE uid='$cuid';");
$db->query("SELECT * FROM membres WHERE uid= ? ;", array($cuid));
if (!$db->num_rows()) {
$err->raise("mem", _("This account is locked, contact the administrator."));
return false;
@ -544,11 +541,11 @@ Cordially.
"), $db->f("login"), $L_HOSTING, $link);
mail($newmail, "Email modification request on $L_HOSTING", $txt, "From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
// Supprime les demandes pr<70>c<EFBFBD>dentes de ce compte !
$db->query("DELETE FROM chgmail WHERE uid='$cuid';");
$db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ('$COOKIE','$KEY','$cuid','$newmail'," . time() . ");");
$db->query("DELETE FROM chgmail WHERE uid= ? ;", array($cuid));
$db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ( ?, ?, ?, ?, ?);", array($COOKIE, $KEY, $cuid, $newmail, time()));
// Supprime les cookies de la veille :)
$lts = time() - 86400;
$db->query("DELETE FROM chgmail WHERE ts<'$lts';");
$db->query("DELETE FROM chgmail WHERE ts< ? ;", array($lts));
return $KEY;
}
@ -563,7 +560,7 @@ Cordially.
function ChangeMail2($COOKIE, $KEY, $uid) {
global $err, $db;
$err->log("mem", "changemail2", $uid);
$db->query("SELECT * FROM chgmail WHERE cookie='$COOKIE' and ckey='$KEY' and uid='$uid';");
$db->query("SELECT * FROM chgmail WHERE cookie= ? and ckey= ? and uid= ?;", array($COOKIE, $KEY, $uid));
if (!$db->num_rows()) {
$err->raise("mem", _("The information you entered is incorrect."));
return false;
@ -571,12 +568,12 @@ Cordially.
$db->next_record();
// met a jour le compte :
$db->query("UPDATE membres SET mail='" . $db->f("mail") . "' WHERE uid='$uid';");
$db->query("UPDATE membres SET mail= ? WHERE uid = ? ;", array($db->f("mail"), $uid));
$db->query("DELETE FROM chgmail WHERE uid='$uid';");
$db->query("DELETE FROM chgmail WHERE uid= ? ;", array($uid));
// Supprime les cookies de la veille :)
$lts = time() - 86400;
$db->query("DELETE FROM chgmail WHERE ts<'$lts';");
$db->query("DELETE FROM chgmail WHERE ts< ? ;", array($lts));
return true;
}
@ -588,7 +585,7 @@ Cordially.
function set_help_param($show) {
global $db, $err, $cuid;
$err->log("mem", "set_help_param", $show);
$db->query("UPDATE membres SET show_help='$show' WHERE uid='$cuid';");
$db->query("UPDATE membres SET show_help= ? WHERE uid= ? ;", array($show, $cuid));
}
/* ----------------------------------------------------------------- */
@ -627,8 +624,7 @@ Cordially.
function get_creator_by_uid($uid) {
global $db, $err;
$err->log("dom", "get_creator_by_uid");
$uid = mysql_real_escape_string(intval($uid));
$db->query("select creator from membres where uid = '$uid';");
$db->query("select creator from membres where uid = ? ;", array($uid));
if (!$db->next_record()) {
return false;
}

43
bureau/class/m_mysql.php
View File

@ -46,7 +46,7 @@ class DB_users extends DB_Sql {
global $cuid, $db, $err;
if (!$empty) {
$db->query("select db_servers.* from db_servers, membres where membres.uid=$cuid and membres.db_server_id=db_servers.id;");
$db->query("select db_servers.* from db_servers, membres where membres.uid= ? and membres.db_server_id=db_servers.id;", array($cuid));
if (!$db->next_record()) {
$err->raise('db_user', _("There are no databases in db_servers for this user. Please contact your administrator."));
die();
@ -156,7 +156,7 @@ class m_mysql {
global $db, $err, $bro, $cuid;
$err->log("mysql", "get_dblist");
$db->free();
$db->query("SELECT login,pass,db, bck_mode, bck_dir FROM db WHERE uid='$cuid' ORDER BY db;");
$db->query("SELECT login,pass,db, bck_mode, bck_dir FROM db WHERE uid= ? ORDER BY db;", array($cuid));
$c = array();
while ($db->next_record()) {
list($dbu, $dbn) = split_mysql_database_name($db->f("db"));
@ -174,7 +174,7 @@ class m_mysql {
function php_myadmin_connect() {
global $db, $cuid, $err;
$err->log("mysql", "php_myadmin_connect");
$db->query("SELECT dbu.name,dbu.password, dbs.host FROM dbusers dbu, db_servers dbs, membres m WHERE dbu.uid='$cuid' and enable='ADMIN' and dbs.id=m.db_server_id and m.uid='$cuid';");
$db->query("SELECT dbu.name,dbu.password, dbs.host FROM dbusers dbu, db_servers dbs, membres m WHERE dbu.uid= ? and enable='ADMIN' and dbs.id=m.db_server_id and m.uid= ? ;", array($cuid, $cuid));
if (!$db->num_rows()) {
$err->raise("mysql", _("Cannot connect to PhpMyAdmin"));
return false;
@ -215,7 +215,7 @@ class m_mysql {
$dbn = $dbncomp[1];
}
$size = $this->get_db_size($dbname);
$db->query("SELECT login,pass,db, bck_mode, bck_gzip, bck_dir, bck_history FROM db WHERE uid='$cuid' AND db='$dbname';");
$db->query("SELECT login,pass,db, bck_mode, bck_gzip, bck_dir, bck_history FROM db WHERE uid= ? AND db= ?;", array($cuid, $dbname));
if (!$db->num_rows()) {
$err->raise("mysql", _("Database %s not found"), $dbn);
return array("enabled" => false);
@ -262,13 +262,13 @@ class m_mysql {
$err->raise("mysql", _("Database name cannot exceed %d characters"), $len);
return false;
}
$db->query("SELECT * FROM db WHERE db='$dbname';");
$db->query("SELECT * FROM db WHERE db= ? ;", array($dbname));
if ($db->num_rows()) {
$err->raise("mysql", _("Database %s already exists"), $dbn);
return false;
}
$db->query("SELECT name from dbusers where name='" . $dbname . "' and enable='ACTIVATED' ;");
$db->query("SELECT name from dbusers where name= ? and enable='ACTIVATED' ;", array($dbname));
if (!$db->num_rows()) {
$password_user = create_pass(8);
if (!$this->add_user($dbn, $password_user, $password_user)) {
@ -277,7 +277,7 @@ class m_mysql {
}
//checking for the phpmyadmin user
$db->query("SELECT * FROM dbusers WHERE uid=$cuid AND enable='ADMIN';");
$db->query("SELECT * FROM dbusers WHERE uid= ? AND enable='ADMIN';", array($cuid));
if ($db->num_rows()) {
$db->next_record();
$myadm = $db->f("name");
@ -288,10 +288,10 @@ class m_mysql {
}
//Grant the special user every rights.
if ($this->dbus->query("CREATE DATABASE `$dbname`;")) {
if ($this->dbus->query("CREATE DATABASE ? ;", array($dbname)) {
$err->log("mysql", "add_db_succes", $dbn);
// Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$myadm','$password','$dbname',0);");
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES (?, ?, ?, ? ,0)", array($cuid, $myadm, $password, $dbname));
$dbuser = $dbname;
$dbname = str_replace('_', '\_', $dbname);
$this->grant($dbname, $myadm, "ALL PRIVILEGES", $password);
@ -317,8 +317,7 @@ class m_mysql {
function del_db($dbn) {
global $db, $err, $cuid;
$err->log("mysql", "del_db", $dbn);
$dbname = addslashes($dbn);
$db->query("SELECT uid FROM db WHERE db='$dbname';");
$db->query("SELECT uid FROM db WHERE db= ?;", array($dbname));
if (!$db->num_rows()) {
$err->raise("mysql", _("The database was not found. I can't delete it"));
return false;
@ -326,15 +325,15 @@ class m_mysql {
$db->next_record();
// Ok, database exists and dbname is compliant. Let's proceed
$db->query("DELETE FROM size_db WHERE db='$dbname';");
$db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';");
$this->dbus->query("DROP DATABASE `$dbname`;");
$db->query("DELETE FROM size_db WHERE db ?;", array($dbname));
$db->query("DELETE FROM db WHERE uid= ? AND db= ? ;", array($cuid, $dbname));
$this->dbus->query("DROP DATABASE ? ;", array($dbname));
$db_esc = str_replace('_', '\_', $dbname);
$this->dbus->query("DELETE FROM mysql.db WHERE Db='$db_esc';");
$this->dbus->query("DELETE FROM mysql.db WHERE Db= ? ;", array($db_esc));
#We test if the user created with the database is associated with more than 1 database.
$this->dbus->query("select User from mysql.db where User='" . $dbname . "' and (Select_priv='Y' or Insert_priv='Y' or Update_priv='Y' or Delete_priv='Y' or Create_priv='Y' or Drop_priv='Y' or References_priv='Y' or Index_priv='Y' or Alter_priv='Y' or Create_tmp_table_priv='Y' or Lock_tables_priv='Y');");
$this->dbus->query("select User from mysql.db where User= ? and (Select_priv='Y' or Insert_priv='Y' or Update_priv='Y' or Delete_priv='Y' or Create_priv='Y' or Drop_priv='Y' or References_priv='Y' or Index_priv='Y' or Alter_priv='Y' or Create_tmp_table_priv='Y' or Lock_tables_priv='Y');", array($dbname));
if (($this->dbus->num_rows()) == 0) {
#If not we can delete it.
$this->del_user($dbname);
@ -373,7 +372,7 @@ class m_mysql {
$err->raise("mysql", _("Database name can contain only letters and numbers"));
return false;
}
$db->query("SELECT * FROM db WHERE uid='$cuid' AND db='$dbname';");
$db->query("SELECT * FROM db WHERE uid= ? AND db= ? ;", array($cuid, $dbname));
if (!$db->num_rows()) {
$err->raise("mysql", _("Database %s not found"), $dbn);
return false;
@ -397,7 +396,7 @@ class m_mysql {
$err->raise("mysql", _("Directory does not exist"));
return false;
}
$db->query("UPDATE db SET bck_mode='$bck_mode', bck_history='$bck_history', bck_gzip='$bck_gzip', bck_dir='$bck_dir' WHERE uid='$cuid' AND db='$dbname';");
$db->query("UPDATE db SET bck_mode= ? , bck_history= ?, bck_gzip= ?, bck_dir= ? WHERE uid= ? AND db= ? ;", array($bck_mode, $bck_history, $bck_gzip, $bck_dir, $cuid, $dbname));
return true;
}
@ -410,7 +409,7 @@ class m_mysql {
function put_mysql_details($password) {
global $db, $err, $cuid, $admin;
$err->log("mysql", "put_mysql_details");
$db->query("SELECT * FROM db WHERE uid='$cuid';");
$db->query("SELECT * FROM db WHERE uid= ?;", array($cuid));
if (!$db->num_rows()) {
$err->raise("mysql", _("Database not found"));
return false;
@ -437,8 +436,8 @@ class m_mysql {
}
// Update all the "pass" fields for this user :
$db->query("UPDATE db SET pass='$password' WHERE uid='$cuid';");
$this->dbus->query("SET PASSWORD FOR " . $login . "@" . $this->dbus->Client . " = PASSWORD('$password');");
$db->query("UPDATE db SET pass= ? WHERE uid= ?;", array($password, $cuid));
$this->dbus->query("SET PASSWORD FOR ? = PASSWORD(?);", array( $login . "@" . $this->dbus->Client, $password));
return true;
}
@ -457,7 +456,7 @@ class m_mysql {
if (!preg_match("#^[0-9a-z_\\*\\\\]*$#", $base)) {
$err->raise("mysql", _("Database name can contain only letters and numbers"));
return false;
} elseif (!$this->dbus->query("select db from db where db='$base';")) {
} elseif (!$this->dbus->query("select db from db where db= ?;", array($base))) {
$err->raise("mysql", _("Database not found"));
return false;
}