[wip] Passing mysql request params into array arguments for the query method (part 2)
This commit is contained in:
Emmanuel Monbroussou
parent
13ee5ce1dc
commit
3665aabc96
|
|
@ -118,7 +118,7 @@ class m_ftp {
|
|||
// Be sure what is in $status, in case of it was a parameter
|
||||
$status = ($status ? 'true' : 'false');
|
||||
|
||||
if (!$db->query("UPDATE ftpusers SET enabled = $status WHERE uid = '$cuid' AND id = '$id' ;")) {
|
||||
if (!$db->query("UPDATE ftpusers SET enabled = ? WHERE uid = ? AND id = ? ;", array($status, $cuid, $id))) {
|
||||
$err->raise('ftp', _("Error during update"));
|
||||
return false;
|
||||
} else {
|
||||
|
|
@ -140,7 +140,7 @@ class m_ftp {
|
|||
global $db, $err, $cuid;
|
||||
$err->log("ftp", "get_list");
|
||||
$r = array();
|
||||
$db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid='$cuid' ORDER BY name;");
|
||||
$db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid= ? ORDER BY name;", array($cuid));
|
||||
if ($db->num_rows()) {
|
||||
while ($db->next_record()) {
|
||||
$r[] = array(
|
||||
|
|
@ -169,7 +169,7 @@ class m_ftp {
|
|||
global $db, $err, $cuid;
|
||||
$err->log("ftp", "get_ftp_details", $id);
|
||||
$r = array();
|
||||
$db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid='$cuid' AND id='$id';");
|
||||
$db->query("SELECT id, name, homedir, enabled FROM ftpusers WHERE uid= ? AND id= ?;", array($cuid, $id));
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
|
||||
|
|
@ -206,7 +206,7 @@ class m_ftp {
|
|||
global $db, $mem, $cuid;
|
||||
$r = array();
|
||||
$r[] = $mem->user["login"];
|
||||
$db->query("SELECT domaine FROM domaines WHERE compte='$cuid' ORDER BY domaine;");
|
||||
$db->query("SELECT domaine FROM domaines WHERE compte= ? ORDER BY domaine;", array($cuid));
|
||||
while ($db->next_record()) {
|
||||
$r[] = $db->f("domaine");
|
||||
}
|
||||
|
|
@ -274,7 +274,7 @@ class m_ftp {
|
|||
function put_ftp_details($id, $prefixe, $login, $pass, $dir) {
|
||||
global $db, $err, $bro, $cuid, $admin;
|
||||
$err->log("ftp", "put_ftp_details", $id);
|
||||
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE id='$id' and uid='$cuid';");
|
||||
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE id= ? and uid= ?;", array($id, $cuid));
|
||||
$db->next_record();
|
||||
if (!$db->f("cnt")) {
|
||||
$err->raise("ftp", _("This FTP account does not exist"));
|
||||
|
|
@ -297,7 +297,7 @@ class m_ftp {
|
|||
if (!$this->check_login($full_login)) {
|
||||
return false;
|
||||
}
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE id!='$id' AND name='$full_login';");
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE id!= ? AND name= ?;", array($id, $full_login));
|
||||
$db->next_record();
|
||||
if ($db->f("cnt")) {
|
||||
$err->raise("ftp", _("This FTP account already exists"));
|
||||
|
|
@ -320,9 +320,9 @@ class m_ftp {
|
|||
}
|
||||
}
|
||||
$encrypted_password = _md5cr($pass, strrev(microtime(true)));
|
||||
$db->query("UPDATE ftpusers SET name='" . $full_login . "', password='', encrypted_password='$encrypted_password', homedir='$absolute', uid='$cuid' WHERE id='$id';");
|
||||
$db->query("UPDATE ftpusers SET name= ? , password='', encrypted_password= ?, homedir= ?, uid= ? WHERE id= ?;", array($full_login, $encrypted_password, $absolute, $cuid, $id));
|
||||
} else {
|
||||
$db->query("UPDATE ftpusers SET name='" . $full_login . "', homedir='$absolute', uid='$cuid' WHERE id='$id';");
|
||||
$db->query("UPDATE ftpusers SET name= ? , homedir= ? , uid= ? WHERE id= ? ;", array($full_login, $absolute, $cuid, $id));
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
|
@ -336,14 +336,14 @@ class m_ftp {
|
|||
function delete_ftp($id) {
|
||||
global $db, $err, $cuid;
|
||||
$err->log("ftp", "delete_ftp", $id);
|
||||
$db->query("SELECT name FROM ftpusers WHERE id='$id' and uid='$cuid';");
|
||||
$db->query("SELECT name FROM ftpusers WHERE id= ? and uid= ? ;", array($id, $cuid));
|
||||
$db->next_record();
|
||||
$name = $db->f("name");
|
||||
if (!$name) {
|
||||
$err->raise("ftp", _("This FTP account does not exist"));
|
||||
return false;
|
||||
}
|
||||
$db->query("DELETE FROM ftpusers WHERE id='$id'");
|
||||
$db->query("DELETE FROM ftpusers WHERE id= ? ;", array($id));
|
||||
return $name;
|
||||
}
|
||||
|
||||
|
|
@ -380,13 +380,13 @@ class m_ftp {
|
|||
if (!$this->check_login($full_login)) {
|
||||
return false;
|
||||
}
|
||||
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name='" . $full_login . "'");
|
||||
$db->query("SELECT count(*) AS cnt FROM ftpusers WHERE name= ? ;", array($full_login));
|
||||
$db->next_record();
|
||||
if ($db->f("cnt")) {
|
||||
$err->raise("ftp", _("This FTP account already exists"));
|
||||
return false;
|
||||
}
|
||||
$db->query("SELECT login FROM membres WHERE uid='$cuid';");
|
||||
$db->query("SELECT login FROM membres WHERE uid= ? ;", array($cuid));
|
||||
$db->next_record();
|
||||
$absolute = getuserpath() . "/$dir";
|
||||
if (!file_exists($absolute)) {
|
||||
|
|
@ -406,7 +406,7 @@ class m_ftp {
|
|||
|
||||
if ($quota->cancreate("ftp")) {
|
||||
$encrypted_password = _md5cr($pass, strrev(microtime(true)));
|
||||
$db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ('" . $full_login . "', '', '$encrypted_password', '$absolute', '$cuid')");
|
||||
$db->query("INSERT INTO ftpusers (name,password, encrypted_password,homedir,uid) VALUES ( ?, '', ?, ?, ?)", array($full_login, $encrypted_password, $absolute, $cuid));
|
||||
return true;
|
||||
} else {
|
||||
$err->raise("ftp", _("Your FTP account quota is over. You cannot create more ftp accounts"));
|
||||
|
|
@ -426,7 +426,7 @@ class m_ftp {
|
|||
if (substr($dir, 0, 1) == "/") {
|
||||
$dir = substr($dir, 1);
|
||||
}
|
||||
$db->query("SELECT id FROM ftpusers WHERE homedir='" . getuserpath() . "/$dir';");
|
||||
$db->query("SELECT id FROM ftpusers WHERE homedir= ? ;", array( getuserpath() . "/" .$dir ));
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
return $db->f("id");
|
||||
|
|
@ -444,7 +444,7 @@ class m_ftp {
|
|||
function alternc_del_domain($dom) {
|
||||
global $db, $err, $cuid;
|
||||
$err->log("ftp", "alternc_del_domain", $dom);
|
||||
$db->query("DELETE FROM ftpusers WHERE uid='$cuid' AND ( name LIKE '$dom\_%' OR name LIKE '$dom') ");
|
||||
$db->query("DELETE FROM ftpusers WHERE uid= ? AND ( name LIKE ? OR name LIKE ?) ", array($cuid, $dom."\_%", $dom));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -456,7 +456,7 @@ class m_ftp {
|
|||
function alternc_del_member() {
|
||||
global $db, $err, $cuid;
|
||||
$err->log("ftp", "alternc_del_member");
|
||||
$db->query("DELETE FROM ftpusers WHERE uid='$cuid'");
|
||||
$db->query("DELETE FROM ftpusers WHERE uid= ?", array($cuid));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -472,7 +472,7 @@ class m_ftp {
|
|||
global $db, $err, $cuid;
|
||||
$err->log("ftp", "getquota");
|
||||
$q = Array("name" => "ftp", "description" => _("FTP accounts"), "used" => 0);
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE uid='$cuid'");
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM ftpusers WHERE uid= ? ", array($cuid));
|
||||
if ($db->next_record()) {
|
||||
$q['used'] = $db->f("cnt");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ class m_lxc implements vm {
|
|||
function hook_admin_del_member() {
|
||||
global $db, $err, $cuid;
|
||||
$err->log("lxc", "alternc_del_member");
|
||||
$db->query("DELETE FROM vm_history WHERE uid='$cuid'");
|
||||
$db->query("DELETE FROM vm_history WHERE uid= ?", array($cuid));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -153,7 +153,7 @@ class m_lxc implements vm {
|
|||
$err->raise('lxc', _($msg));
|
||||
return FALSE;
|
||||
}
|
||||
$db->query("INSERT INTO vm_history (ip,date_start,uid,serialized_object) VALUES ('$hostname', $date_start, '$uid', '$res')");
|
||||
$db->query("INSERT INTO vm_history (ip,date_start,uid,serialized_object) VALUES (?, ?, ?, ?);", array($hostname, $date_start, $uid, $res));
|
||||
return $res;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -139,7 +139,7 @@ class m_mail {
|
|||
'type' => '',
|
||||
);
|
||||
|
||||
$db->query("select r.recipients as dst, a.id mail_id from address a, recipient r where a.domain_id = $domain_id and r.address_id = a.id and a.address='';");
|
||||
$db->query("select r.recipients as dst, a.id mail_id from address a, recipient r where a.domain_id = ? and r.address_id = a.id and a.address='';", array($domain_id));
|
||||
if ($db->next_record()) {
|
||||
$rr['target'] = $db->f('dst');
|
||||
$rr['mail_id'] = $db->f('mail_id');
|
||||
|
|
@ -204,7 +204,7 @@ class m_mail {
|
|||
global $db, $err, $cuid;
|
||||
$err->log("mail", "getquota");
|
||||
$q = Array("name" => "mail", "description" => _("Email addresses"), "used" => 0);
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM address a, domaines d WHERE a.domain_id=d.id AND d.compte=$cuid AND a.type='';");
|
||||
$db->query("SELECT COUNT(*) AS cnt FROM address a, domaines d WHERE a.domain_id=d.id AND d.compte= ? AND a.type='';", array($cuid));
|
||||
if ($db->next_record()) {
|
||||
$q['used'] = $db->f("cnt");
|
||||
}
|
||||
|
|
@ -239,14 +239,14 @@ SELECT
|
|||
FROM
|
||||
domaines d LEFT JOIN address a ON (d.id=a.domain_id AND a.type='')
|
||||
WHERE
|
||||
d.compte = $uid
|
||||
d.compte = ?
|
||||
and d.gesmx = 1
|
||||
GROUP BY
|
||||
d.id
|
||||
ORDER BY
|
||||
d.domaine
|
||||
;
|
||||
");
|
||||
", array($uid));
|
||||
$this->enum_domains = array();
|
||||
while ($db->next_record()) {
|
||||
$this->enum_domains[] = $db->Record;
|
||||
|
|
@ -275,7 +275,7 @@ ORDER BY
|
|||
return false;
|
||||
}
|
||||
// Check the availability
|
||||
$db->query("SELECT a.id FROM address a WHERE a.domain_id=" . $dom_id . " AND a.address='" . addslashes($login) . "';");
|
||||
$db->query("SELECT a.id FROM address a WHERE a.domain_id= ? AND a.address= ?;", array($dom_id, $login));
|
||||
if ($db->next_record()) {
|
||||
return false;
|
||||
} else {
|
||||
|
|
@ -290,6 +290,7 @@ ORDER BY
|
|||
* @param $offset integer skip THAT much emails in the result.
|
||||
* @param $count integer return no more than THAT much emails. -1 for ALL. Offset is ignored then.
|
||||
* @result an array of each mail hosted under the domain.
|
||||
* @TODO:EM: It has to be escaped
|
||||
*/
|
||||
|
||||
function enum_domain_mails($dom_id = null, $search = "", $offset = 0, $count = 30, $show_systemmails = false) {
|
||||
|
|
@ -381,13 +382,13 @@ ORDER BY
|
|||
return false;
|
||||
}
|
||||
// Already exists?
|
||||
$db->query("SELECT * FROM address WHERE domain_id=" . $dom_id . " AND address='" . addslashes($mail) . "';");
|
||||
$db->query("SELECT * FROM address WHERE domain_id= ? AND address= ? ;", array($dom_id, $mail));
|
||||
if ($db->next_record()) {
|
||||
$err->raise("mail", _("This email address already exists"));
|
||||
return false;
|
||||
}
|
||||
// Create it now
|
||||
$db->query("INSERT INTO address (domain_id, address,type) VALUES ($dom_id, '" . addslashes($mail) . "','$type');");
|
||||
$db->query("INSERT INTO address (domain_id, address,type) VALUES (?, ?, ?);", array($dom_id, $mail, $type));
|
||||
if (!($id = $db->lastid())) {
|
||||
$err->raise("mail", _("An unexpected error occured when creating the email"));
|
||||
return false;
|
||||
|
|
@ -412,7 +413,7 @@ ORDER BY
|
|||
}
|
||||
|
||||
// We fetch all the informations for that email: these will fill the hastable :
|
||||
$db->query("SELECT a.id, a.address, a.password, a.enabled, d.domaine AS domain, m.path, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.mail_action, m.mail_action AS mailbox_action FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d WHERE a.id=" . $mail_id . " AND d.id=a.domain_id;");
|
||||
$db->query("SELECT a.id, a.address, a.password, a.enabled, d.domaine AS domain, m.path, m.quota, m.quota*1024*1024 AS quotabytes, m.bytes AS used, NOT ISNULL(m.id) AS islocal, a.type, r.recipients, m.lastlogin, a.mail_action, m.mail_action AS mailbox_action FROM (address a LEFT JOIN mailbox m ON m.address_id=a.id) LEFT JOIN recipient r ON r.address_id=a.id, domaines d WHERE a.id= ? AND d.id=a.domain_id;", array($mail_id));
|
||||
if (!$db->next_record()) {
|
||||
return false;
|
||||
}
|
||||
|
|
@ -442,7 +443,7 @@ ORDER BY
|
|||
if (isset($this->isitmy_cache[$mail_id])) {
|
||||
return $this->isitmy_cache[$mail_id];
|
||||
}
|
||||
$db->query("SELECT concat(a.address,'@',d.domaine) AS email FROM address a, domaines d WHERE d.id=a.domain_id AND a.id=$mail_id AND d.compte=$cuid;");
|
||||
$db->query("SELECT concat(a.address,'@',d.domaine) AS email FROM address a, domaines d WHERE d.id=a.domain_id AND a.id= ? AND d.compte= ?;", array($mail_id, $cuid));
|
||||
if ($db->next_record()) {
|
||||
return $this->isitmy_cache[$mail_id] = $db->f("email");
|
||||
} else {
|
||||
|
|
@ -467,10 +468,10 @@ ORDER BY
|
|||
$this->delete($one["id"]);
|
||||
}
|
||||
}
|
||||
$db->query("SELECT domaine FROM domaines WHERE id=$domain_id;");
|
||||
$db->query("SELECT domaine FROM domaines WHERE id= ? ;", array($domain_id));
|
||||
if ($db->next_record()) {
|
||||
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine='" . addslashes($db->Record["domaine"]) . "' AND type='txt' AND (sub='' AND valeur LIKE 'v=spf1 %') OR (sub='_dmarc' AND valeur LIKE 'v=dmarc1;%');");
|
||||
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE id=$domain_id;");
|
||||
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine= ? AND type='txt' AND (sub='' AND valeur LIKE 'v=spf1 %') OR (sub='_dmarc' AND valeur LIKE 'v=dmarc1;%');", array($db->Record["domaine"]));
|
||||
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE id= ? ;", array($domain_id));
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
@ -479,7 +480,7 @@ ORDER BY
|
|||
// return the alternc account's ID of the mail_id
|
||||
function get_account_by_mail_id($mail_id) {
|
||||
global $db;
|
||||
$db->query("select compte as uid from domaines d, address a where a.domain_id = d.id and a.id = $mail_id");
|
||||
$db->query("select compte as uid from domaines d, address a where a.domain_id = d.id and a.id = ? ;", array($mail_id));
|
||||
if (!$db->next_record()) {
|
||||
return false;
|
||||
}
|
||||
|
|
@ -514,7 +515,7 @@ ORDER BY
|
|||
$hooks->invoke('hook_mail_delete', array($mail_id, $mailinfos['address'] . '@' . $mailinfos['domain']));
|
||||
|
||||
// Search for that address:
|
||||
$db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id='$mail_id';");
|
||||
$db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id= ? ;", array($mail_id));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise("mail", _("The email %s does not exist, it can't be deleted"), $mail);
|
||||
return false;
|
||||
|
|
@ -527,14 +528,14 @@ ORDER BY
|
|||
|
||||
if ($db->f("islocal")) {
|
||||
// If it's a pop/imap mailbox, mark it for deletion
|
||||
$db->query("UPDATE address SET mail_action='DELETE', enabled=0 WHERE id='$mail_id';");
|
||||
$db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id='$mail_id';");
|
||||
$db->query("UPDATE address SET mail_action='DELETE', enabled=0 WHERE id= ?;", array($mail_id));
|
||||
$db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id= ?;", array($mail_id));
|
||||
$err->raise("mail", _("The email %s has been marked for deletion"), $mail);
|
||||
} else {
|
||||
// If it's only aliases, delete it NOW.
|
||||
$db->query("DELETE FROM address WHERE id='$mail_id';");
|
||||
$db->query("DELETE FROM mailbox WHERE address_id='$mail_id';");
|
||||
$db->query("DELETE FROM recipient WHERE address_id='$mail_id';");
|
||||
$db->query("DELETE FROM address WHERE id= ? ;", array($mail_id));
|
||||
$db->query("DELETE FROM mailbox WHERE address_id= ? ;", array($mail_id));
|
||||
$db->query("DELETE FROM recipient WHERE address_id= ? ;", array($mail_id));
|
||||
$err->raise("mail", _("The email %s has been successfully deleted"), $mail);
|
||||
}
|
||||
return true;
|
||||
|
|
@ -565,7 +566,7 @@ ORDER BY
|
|||
}
|
||||
|
||||
// Search for that address:
|
||||
$db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id='$mail_id';");
|
||||
$db->query("SELECT a.id, a.type, a.mail_action, m.mail_action AS mailbox_action, NOT ISNULL(m.id) AS islocal FROM address a LEFT JOIN mailbox m ON m.address_id=a.id WHERE a.id= ? ;", array($mail_id));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise("mail", _("The email %s does not exist, it can't be undeleted"), $mail);
|
||||
return false;
|
||||
|
|
@ -582,8 +583,8 @@ ORDER BY
|
|||
|
||||
if ($db->f("islocal")) {
|
||||
// If it's a pop/imap mailbox, mark it for deletion
|
||||
$db->query("UPDATE address SET mail_action='OK', `enabled`=1 WHERE id='$mail_id';");
|
||||
$db->query("UPDATE mailbox SET mail_action='OK' WHERE address_id='$mail_id';");
|
||||
$db->query("UPDATE address SET mail_action='OK', `enabled`=1 WHERE id= ?;", array($mail_id));
|
||||
$db->query("UPDATE mailbox SET mail_action='OK' WHERE address_id= ? ;", array($mail_id));
|
||||
$err->raise("mail", _("The email %s has been undeleted"), $mail);
|
||||
return true;
|
||||
} else {
|
||||
|
|
@ -609,7 +610,7 @@ ORDER BY
|
|||
if (!$admin->checkPolicy("pop", $email, $pass)) {
|
||||
return false;
|
||||
}
|
||||
if (!$db->query("UPDATE address SET password='" . _md5cr($pass) . "' where id=$mail_id;")) {
|
||||
if (!$db->query("UPDATE address SET password= ? where id = ? ;", array(_md5cr($pass), $mail_id ))) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
@ -627,7 +628,7 @@ ORDER BY
|
|||
if (!($email = $this->is_it_my_mail($mail_id))) {
|
||||
return false;
|
||||
}
|
||||
if (!$db->query("UPDATE address SET `enabled`=1 where id=$mail_id;")) {
|
||||
if (!$db->query("UPDATE address SET `enabled`=1 where id= ? ;", array($mail_id))) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
@ -645,7 +646,7 @@ ORDER BY
|
|||
if (!($email = $this->is_it_my_mail($mail_id))) {
|
||||
return false;
|
||||
}
|
||||
if (!$db->query("UPDATE address SET `enabled`=0 where id=$mail_id;")) {
|
||||
if (!$db->query("UPDATE address SET `enabled`=0 where id= ? ;", array($mail_id))) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
@ -665,14 +666,13 @@ ORDER BY
|
|||
*/
|
||||
function set_details($mail_id, $islocal, $quotamb, $recipients, $delivery = "dovecot", $dontcheck = false) {
|
||||
global $err, $db;
|
||||
$delivery = mysql_real_escape_string($delivery);
|
||||
$err->log("mail", "set_details");
|
||||
if (!($me = $this->get_details($mail_id))) {
|
||||
return false;
|
||||
}
|
||||
if ($me["islocal"] && !$islocal) {
|
||||
// delete pop
|
||||
$db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id=" . $mail_id . ";");
|
||||
$db->query("UPDATE mailbox SET mail_action='DELETE' WHERE address_id= ? ;", array($mail_id));
|
||||
}
|
||||
if (!$me["islocal"] && $islocal) {
|
||||
// create pop
|
||||
|
|
@ -692,10 +692,10 @@ ORDER BY
|
|||
break;
|
||||
}
|
||||
}
|
||||
$db->query("INSERT INTO mailbox SET address_id=$mail_id, delivery='$delivery', path='" . addslashes($path) . "';");
|
||||
$db->query("INSERT INTO mailbox SET address_id= ? , delivery= ?, path= ? ;", array($mail_id, $delivery, $path));
|
||||
}
|
||||
if ($me["islocal"] && $islocal && $me["mailbox_action"] == "DELETE") {
|
||||
$db->query("UPDATE mailbox SET mail_action='OK' WHERE mail_action='DELETE' AND address_id=" . $mail_id . ";");
|
||||
$db->query("UPDATE mailbox SET mail_action='OK' WHERE mail_action='DELETE' AND address_id= ? ;", array($mail_id));
|
||||
}
|
||||
|
||||
if ($islocal) {
|
||||
|
|
@ -703,7 +703,7 @@ ORDER BY
|
|||
$quotamb = intval($me["used"] / 1024 / 1024) + 1;
|
||||
$err->raise("mail", _("You set a quota smaller than the current mailbox size. Since it's not allowed, we set the quota to the current mailbox size"));
|
||||
}
|
||||
$db->query("UPDATE mailbox SET quota=" . intval($quotamb) . " WHERE address_id=" . $mail_id . ";");
|
||||
$db->query("UPDATE mailbox SET quota= ? WHERE address_id= ? ;", array($quotamb, $mail_id));
|
||||
}
|
||||
|
||||
$recipients = preg_replace('/[\r\t\s]/', "\n", $recipients); // Handle space AND new line
|
||||
|
|
@ -716,9 +716,9 @@ ORDER BY
|
|||
$red.=$m . "\n";
|
||||
}
|
||||
}
|
||||
$db->query("DELETE FROM recipient WHERE address_id=" . $mail_id . ";");
|
||||
$db->query("DELETE FROM recipient WHERE address_id= ? ;", array($mail_id));
|
||||
if (isset($red) && $red) {
|
||||
$db->query("INSERT INTO recipient SET address_id=" . $mail_id . ", recipients='" . addslashes($red) . "';");
|
||||
$db->query("INSERT INTO recipient SET address_id= ?, recipients= ? ;", array($mail_id, $red));
|
||||
}
|
||||
if (!$islocal && !$red) {
|
||||
$err->raise("mail", _("Warning: you created an email which is not an alias, and not a POP/IMAP mailbox. This is certainly NOT what you want to do. To fix this, edit the email address and check 'Yes' in POP/IMAP account, or set some recipients in the redirection field."));
|
||||
|
|
@ -847,9 +847,7 @@ ORDER BY
|
|||
*/
|
||||
function check_slave_account($login, $pass) {
|
||||
global $db;
|
||||
$login = mysql_real_escape_string($login);
|
||||
$pass = mysql_real_escape_string($pass);
|
||||
$db->query("SELECT * FROM mxaccount WHERE login='$login' AND pass='$pass';");
|
||||
$db->query("SELECT * FROM mxaccount WHERE login= ? AND pass= ?;", array($login, $pass));
|
||||
if ($db->next_record()) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -894,14 +892,12 @@ ORDER BY
|
|||
*/
|
||||
function add_slave_account($login, $pass) {
|
||||
global $db, $err;
|
||||
$login = mysql_real_escape_string($login);
|
||||
$pass = mysql_real_escape_string($pass);
|
||||
$db->query("SELECT * FROM mxaccount WHERE login='$login'");
|
||||
$db->query("SELECT * FROM mxaccount WHERE login= ? ;", array($login));
|
||||
if ($db->next_record()) {
|
||||
$err->raise("mail", _("The slave MX account was not found"));
|
||||
return false;
|
||||
}
|
||||
$db->query("INSERT INTO mxaccount (login,pass) VALUES ('$login','$pass')");
|
||||
$db->query("INSERT INTO mxaccount (login,pass) VALUES (?, ?);", array($login, $pass));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -913,8 +909,7 @@ ORDER BY
|
|||
*/
|
||||
function del_slave_account($login) {
|
||||
global $db;
|
||||
$login = mysql_real_escape_string($login);
|
||||
$db->query("DELETE FROM mxaccount WHERE login='$login'");
|
||||
$db->query("DELETE FROM mxaccount WHERE login= ? ;", array($login));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -954,7 +949,7 @@ ORDER BY
|
|||
}
|
||||
$mailname = $db->f("value");
|
||||
// set spf & dmarc for this domain
|
||||
$db->query("SELECT domaine FROM domaines WHERE id=$domain_id;");
|
||||
$db->query("SELECT domaine FROM domaines WHERE id= ?;", array($domain_id));
|
||||
if ($db->next_record()) {
|
||||
if ($spf = variable_get("default_spf_value")) {
|
||||
$this->set_dns_spf($db->Record["domaine"], $spf);
|
||||
|
|
@ -1015,15 +1010,15 @@ ORDER BY
|
|||
$login = $mem->user["login"];
|
||||
}
|
||||
// Search for the record in sub_domaines table
|
||||
$db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='" . addslashes($domain) . "' AND sub='' AND type='txt' AND valeur LIKE 'v=spf1 %' AND web_action!='DELETE';");
|
||||
$db->query("SELECT * FROM sub_domaines WHERE compte= ? AND domaine= ? AND sub='' AND type='txt' AND valeur LIKE 'v=spf1 %' AND web_action!='DELETE';", array($uid, $domain));
|
||||
if ($db->next_record()) {
|
||||
if ($previous !== -1 && $db->Record["valeur"] == "v=spf1 " . $spf) {
|
||||
return; // skip, no change asked.
|
||||
}
|
||||
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='" . $db->Record["id"] . "';");
|
||||
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id= ? ;",array($db->Record["id"]));
|
||||
}
|
||||
$db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='" . addslashes($domain) . "', sub='', type='txt', valeur='" . addslashes("v=spf1 " . $spf) . "', web_action='UPDATE';");
|
||||
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='" . addslashes($domain) . "';");
|
||||
$db->query("INSERT INTO sub_domaines SET compte= ?, domaine= ?, sub='', type='txt', valeur= ? , web_action='UPDATE';", array($uid, $domain, "v=spf1 " . $spf));
|
||||
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine= ?;", array($domain));
|
||||
}
|
||||
|
||||
/* ----------------------------------------------------------------- */
|
||||
|
|
@ -1048,15 +1043,15 @@ ORDER BY
|
|||
$dmarc = str_replace("%%USERMAIL%%", $login . "@" . $L_FQDN, $dmarc);
|
||||
|
||||
// Search for the record in sub_domaines table
|
||||
$db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='" . addslashes($domain) . "' AND sub='_dmarc' AND type='txt' AND valeur LIKE 'v=dmarc1;%' AND web_action!='DELETE';");
|
||||
$db->query("SELECT * FROM sub_domaines WHERE compte= ? AND domaine= ? AND sub='_dmarc' AND type='txt' AND valeur LIKE 'v=dmarc1;%' AND web_action!='DELETE';", array($uid, $domain));
|
||||
if ($db->next_record()) {
|
||||
if ($previous !== -1 && $db->Record["valeur"] == "v=dmarc1;" . $dmarc) {
|
||||
return; // skip, no change asked.
|
||||
}
|
||||
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='" . $db->Record["id"] . "';");
|
||||
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id= ?;", array($db->Record["id"]));
|
||||
}
|
||||
$db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='" . addslashes($domain) . "', sub='_dmarc', type='txt', valeur='" . addslashes("v=dmarc1;" . $dmarc) . "', web_action='UPDATE';");
|
||||
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='" . addslashes($domain) . "';");
|
||||
$db->query("INSERT INTO sub_domaines SET compte= ?, domaine= ?, sub='_dmarc', type='txt', valeur= ?, web_action='UPDATE';", array($uid, $domain, "v=dmarc1;" . $dmarc));
|
||||
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine= ?;", array($domain));
|
||||
}
|
||||
|
||||
/* ----------------------------------------------------------------- */
|
||||
|
|
|
|||
|
|
@ -98,14 +98,14 @@ class m_mem {
|
|||
$err->log("mem", "login", $username);
|
||||
// $username=addslashes($username);
|
||||
// $password=addslashes($password);
|
||||
$db->query("select * from membres where login='$username';");
|
||||
$db->query("select * from membres where login= ? ;", array($username));
|
||||
if ($db->num_rows() == 0) {
|
||||
$err->raise("mem", _("User or password incorrect"));
|
||||
return false;
|
||||
}
|
||||
$db->next_record();
|
||||
if (_md5cr($password, $db->f("pass")) != $db->f("pass")) {
|
||||
$db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid='" . $db->f("uid") . "';");
|
||||
$db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid= ? ;", array($db->f("uid")));
|
||||
$err->raise("mem", _("User or password incorrect"));
|
||||
return false;
|
||||
}
|
||||
|
|
@ -155,11 +155,11 @@ class m_mem {
|
|||
/* Open the session : */
|
||||
$sess = md5(uniqid(mt_rand()));
|
||||
$_REQUEST["session"] = $sess;
|
||||
$db->query("insert into sessions (sid,ip,uid) values ('$sess',$ip,'$cuid');");
|
||||
$db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid));
|
||||
setcookie("session", $sess, 0, "/");
|
||||
$err->error = 0;
|
||||
/* Fill in $local */
|
||||
$db->query("SELECT * FROM local WHERE uid='$cuid';");
|
||||
$db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
$this->local = $db->Record;
|
||||
|
|
@ -180,7 +180,7 @@ class m_mem {
|
|||
function setid($id) {
|
||||
global $db, $err, $cuid, $mysql, $quota;
|
||||
$err->log("mem", "setid", $id);
|
||||
$db->query("select * from membres where uid='$id';");
|
||||
$db->query("select * from membres where uid= ? ;", array($id));
|
||||
if ($db->num_rows() == 0) {
|
||||
$err->raise("mem", _("User or password incorrect"));
|
||||
return false;
|
||||
|
|
@ -194,11 +194,11 @@ class m_mem {
|
|||
$ip = get_remote_ip();
|
||||
$sess = md5(uniqid(mt_rand()));
|
||||
$_REQUEST["session"] = $sess;
|
||||
$db->query("insert into sessions (sid,ip,uid) values ('$sess','$ip','$cuid');");
|
||||
$db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid));
|
||||
setcookie("session", $sess, 0, "/");
|
||||
$err->error = 0;
|
||||
/* Fill in $local */
|
||||
$db->query("SELECT * FROM local WHERE uid='$cuid';");
|
||||
$db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
$this->local = $db->Record;
|
||||
|
|
@ -213,16 +213,16 @@ class m_mem {
|
|||
*/
|
||||
function resetlast() {
|
||||
global $db, $cuid;
|
||||
$ip = addslashes(getenv("REMOTE_HOST"));
|
||||
$ip = getenv("REMOTE_HOST");
|
||||
if (!$ip) {
|
||||
$ip = addslashes(get_remote_ip());
|
||||
$ip = get_remote_ip();
|
||||
}
|
||||
$db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';");
|
||||
$db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip= ? WHERE uid= ?;", array($ip, $cuid));
|
||||
}
|
||||
|
||||
function authip_token($bis = false) {
|
||||
global $db, $cuid;
|
||||
$db->query("select pass from membres where uid='$cuid';");
|
||||
$db->query("select pass from membres where uid= ?;", array($cuid));
|
||||
$db->next_record();
|
||||
$i = intval(time() / 3600);
|
||||
if ($bis) {
|
||||
|
|
@ -272,13 +272,13 @@ class m_mem {
|
|||
return $this->login($_REQUEST["username"], $_REQUEST["password"], (isset($_REQUEST["restrictip"]) ? $_REQUEST["restrictip"] : 0));
|
||||
}
|
||||
} // end isset
|
||||
$_COOKIE["session"] = isset($_COOKIE["session"]) ? addslashes($_COOKIE["session"]) : "";
|
||||
$_COOKIE["session"] = isset($_COOKIE["session"]) ? $_COOKIE["session"] : "";
|
||||
if (strlen($_COOKIE["session"]) != 32) {
|
||||
$err->raise("mem", _("Identity lost or unknown, please login"));
|
||||
return false;
|
||||
}
|
||||
$ip = get_remote_ip();
|
||||
$db->query("select uid,'$ip' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'");
|
||||
$db->query("select uid, ? as me,ip from sessions where sid= ?;", array($ip, $_COOKIE["session"]));
|
||||
if ($db->num_rows() == 0) {
|
||||
$err->raise("mem", _("Session unknown, contact the administrator"));
|
||||
return false;
|
||||
|
|
@ -297,12 +297,12 @@ class m_mem {
|
|||
return false;
|
||||
}
|
||||
|
||||
$db->query("select * from membres where uid='$cuid';");
|
||||
$db->query("select * from membres where uid= ? ;", array($cuid));
|
||||
$db->next_record();
|
||||
$this->user = $db->Record;
|
||||
$err->error = 0;
|
||||
/* Remplissage de $local */
|
||||
$db->query("SELECT * FROM local WHERE uid='$cuid';");
|
||||
$db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
$this->local = $db->Record;
|
||||
|
|
@ -321,7 +321,7 @@ class m_mem {
|
|||
if (!$this->olduid) {
|
||||
$this->olduid = $cuid;
|
||||
}
|
||||
$db->query("select * from membres where uid='$uid';");
|
||||
$db->query("select * from membres where uid= ? ;", array($uid));
|
||||
if ($db->num_rows() == 0) {
|
||||
$err->raise("mem", _("User or password incorrect"));
|
||||
return false;
|
||||
|
|
@ -359,7 +359,7 @@ class m_mem {
|
|||
*/
|
||||
function del_session() {
|
||||
global $db, $user, $err, $cuid, $hooks;
|
||||
$_COOKIE["session"] = addslashes(isset($_COOKIE["session"]) ? $_COOKIE["session"] : '');
|
||||
$_COOKIE["session"] = isset($_COOKIE["session"]) ? $_COOKIE["session"] : '';
|
||||
setcookie("session", "", 0, "/");
|
||||
setcookie("oldid", "", 0, "/");
|
||||
if ($_COOKIE["session"] == "") {
|
||||
|
|
@ -371,7 +371,7 @@ class m_mem {
|
|||
return false;
|
||||
}
|
||||
$ip = get_remote_ip();
|
||||
$db->query("select uid,'$ip' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'");
|
||||
$db->query("select uid, ? as me,ip from sessions where sid= ? ;", array($ip, $_COOKIE["session"]));
|
||||
if ($db->num_rows() == 0) {
|
||||
$err->raise("mem", _("Session unknown, contact the administrator"));
|
||||
return false;
|
||||
|
|
@ -382,7 +382,7 @@ class m_mem {
|
|||
return false;
|
||||
}
|
||||
$cuid = $db->f("uid");
|
||||
$db->query("delete from sessions where sid='" . $_COOKIE["session"] . "';");
|
||||
$db->query("delete from sessions where sid= ? ;", array($_COOKIE["session"]));
|
||||
$err->error = 0;
|
||||
|
||||
# Invoker le logout dans toutes les autres classes
|
||||
|
|
@ -411,9 +411,6 @@ class m_mem {
|
|||
function passwd($oldpass, $newpass, $newpass2) {
|
||||
global $db, $err, $cuid, $admin;
|
||||
$err->log("mem", "passwd");
|
||||
$oldpass = stripslashes($oldpass);
|
||||
$newpass = stripslashes($newpass);
|
||||
$newpass2 = stripslashes($newpass2);
|
||||
if (!$this->user["canpass"]) {
|
||||
$err->raise("mem", _("You are not allowed to change your password."));
|
||||
return false;
|
||||
|
|
@ -426,14 +423,14 @@ class m_mem {
|
|||
$err->raise("mem", _("The new passwords are differents, please retry"));
|
||||
return false;
|
||||
}
|
||||
$db->query("SELECT login FROM membres WHERE uid='$cuid';");
|
||||
$db->query("SELECT login FROM membres WHERE uid= ? ;", array($cuid));
|
||||
$db->next_record();
|
||||
$login = $db->Record["login"];
|
||||
if (!$admin->checkPolicy("mem", $login, $newpass)) {
|
||||
return false; // The error has been raised by checkPolicy()
|
||||
}
|
||||
$newpass = _md5cr($newpass);
|
||||
$db->query("UPDATE membres SET pass='$newpass' WHERE uid='$cuid';");
|
||||
$db->query("UPDATE membres SET pass= ? WHERE uid= ?;", array($newpass, $cuid));
|
||||
$err->error = 0;
|
||||
return true;
|
||||
}
|
||||
|
|
@ -451,7 +448,7 @@ class m_mem {
|
|||
$err->raise("mem", _("You must be a system administrator to do this."));
|
||||
return false;
|
||||
}
|
||||
$db->query("UPDATE membres SET admlist='$admlist' WHERE uid='$cuid';");
|
||||
$db->query("UPDATE membres SET admlist= ? WHERE uid= ?;", array($admlist, $cuid));
|
||||
$err->error = 0;
|
||||
return true;
|
||||
}
|
||||
|
|
@ -467,7 +464,7 @@ class m_mem {
|
|||
function send_pass($login) {
|
||||
global $err, $db, $L_HOSTING, $L_FQDN;
|
||||
$err->log("mem", "send_pass");
|
||||
$db->query("SELECT * FROM membres WHERE login='$login';");
|
||||
$db->query("SELECT * FROM membres WHERE login= ? ;", array($login));
|
||||
if (!$db->num_rows()) {
|
||||
$err->raise("mem", _("This account is locked, contact the administrator."));
|
||||
return false;
|
||||
|
|
@ -497,7 +494,7 @@ If it happens again, please contact your server's Administrator.
|
|||
Cordially.
|
||||
"), $login, $L_HOSTING, $db->f("login"), $db->f("pass"));
|
||||
mail($db->f("mail"), "Your password on $L_HOSTING", $txt, "From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
|
||||
$db->query("UPDATE membres SET lastaskpass=" . time() . " WHERE login='$login';");
|
||||
$db->query("UPDATE membres SET lastaskpass= ? WHERE login= ? ;", array(time(), $login));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -511,7 +508,7 @@ Cordially.
|
|||
function ChangeMail1($newmail) {
|
||||
global $err, $db, $L_HOSTING, $L_FQDN, $cuid;
|
||||
$err->log("mem", "changemail1", $newmail);
|
||||
$db->query("SELECT * FROM membres WHERE uid='$cuid';");
|
||||
$db->query("SELECT * FROM membres WHERE uid= ? ;", array($cuid));
|
||||
if (!$db->num_rows()) {
|
||||
$err->raise("mem", _("This account is locked, contact the administrator."));
|
||||
return false;
|
||||
|
|
@ -544,11 +541,11 @@ Cordially.
|
|||
"), $db->f("login"), $L_HOSTING, $link);
|
||||
mail($newmail, "Email modification request on $L_HOSTING", $txt, "From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
|
||||
// Supprime les demandes pr<70>c<EFBFBD>dentes de ce compte !
|
||||
$db->query("DELETE FROM chgmail WHERE uid='$cuid';");
|
||||
$db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ('$COOKIE','$KEY','$cuid','$newmail'," . time() . ");");
|
||||
$db->query("DELETE FROM chgmail WHERE uid= ? ;", array($cuid));
|
||||
$db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ( ?, ?, ?, ?, ?);", array($COOKIE, $KEY, $cuid, $newmail, time()));
|
||||
// Supprime les cookies de la veille :)
|
||||
$lts = time() - 86400;
|
||||
$db->query("DELETE FROM chgmail WHERE ts<'$lts';");
|
||||
$db->query("DELETE FROM chgmail WHERE ts< ? ;", array($lts));
|
||||
return $KEY;
|
||||
}
|
||||
|
||||
|
|
@ -563,7 +560,7 @@ Cordially.
|
|||
function ChangeMail2($COOKIE, $KEY, $uid) {
|
||||
global $err, $db;
|
||||
$err->log("mem", "changemail2", $uid);
|
||||
$db->query("SELECT * FROM chgmail WHERE cookie='$COOKIE' and ckey='$KEY' and uid='$uid';");
|
||||
$db->query("SELECT * FROM chgmail WHERE cookie= ? and ckey= ? and uid= ?;", array($COOKIE, $KEY, $uid));
|
||||
if (!$db->num_rows()) {
|
||||
$err->raise("mem", _("The information you entered is incorrect."));
|
||||
return false;
|
||||
|
|
@ -571,12 +568,12 @@ Cordially.
|
|||
$db->next_record();
|
||||
|
||||
// met a jour le compte :
|
||||
$db->query("UPDATE membres SET mail='" . $db->f("mail") . "' WHERE uid='$uid';");
|
||||
$db->query("UPDATE membres SET mail= ? WHERE uid = ? ;", array($db->f("mail"), $uid));
|
||||
|
||||
$db->query("DELETE FROM chgmail WHERE uid='$uid';");
|
||||
$db->query("DELETE FROM chgmail WHERE uid= ? ;", array($uid));
|
||||
// Supprime les cookies de la veille :)
|
||||
$lts = time() - 86400;
|
||||
$db->query("DELETE FROM chgmail WHERE ts<'$lts';");
|
||||
$db->query("DELETE FROM chgmail WHERE ts< ? ;", array($lts));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -588,7 +585,7 @@ Cordially.
|
|||
function set_help_param($show) {
|
||||
global $db, $err, $cuid;
|
||||
$err->log("mem", "set_help_param", $show);
|
||||
$db->query("UPDATE membres SET show_help='$show' WHERE uid='$cuid';");
|
||||
$db->query("UPDATE membres SET show_help= ? WHERE uid= ? ;", array($show, $cuid));
|
||||
}
|
||||
|
||||
/* ----------------------------------------------------------------- */
|
||||
|
|
@ -627,8 +624,7 @@ Cordially.
|
|||
function get_creator_by_uid($uid) {
|
||||
global $db, $err;
|
||||
$err->log("dom", "get_creator_by_uid");
|
||||
$uid = mysql_real_escape_string(intval($uid));
|
||||
$db->query("select creator from membres where uid = '$uid';");
|
||||
$db->query("select creator from membres where uid = ? ;", array($uid));
|
||||
if (!$db->next_record()) {
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ class DB_users extends DB_Sql {
|
|||
global $cuid, $db, $err;
|
||||
|
||||
if (!$empty) {
|
||||
$db->query("select db_servers.* from db_servers, membres where membres.uid=$cuid and membres.db_server_id=db_servers.id;");
|
||||
$db->query("select db_servers.* from db_servers, membres where membres.uid= ? and membres.db_server_id=db_servers.id;", array($cuid));
|
||||
if (!$db->next_record()) {
|
||||
$err->raise('db_user', _("There are no databases in db_servers for this user. Please contact your administrator."));
|
||||
die();
|
||||
|
|
@ -156,7 +156,7 @@ class m_mysql {
|
|||
global $db, $err, $bro, $cuid;
|
||||
$err->log("mysql", "get_dblist");
|
||||
$db->free();
|
||||
$db->query("SELECT login,pass,db, bck_mode, bck_dir FROM db WHERE uid='$cuid' ORDER BY db;");
|
||||
$db->query("SELECT login,pass,db, bck_mode, bck_dir FROM db WHERE uid= ? ORDER BY db;", array($cuid));
|
||||
$c = array();
|
||||
while ($db->next_record()) {
|
||||
list($dbu, $dbn) = split_mysql_database_name($db->f("db"));
|
||||
|
|
@ -174,7 +174,7 @@ class m_mysql {
|
|||
function php_myadmin_connect() {
|
||||
global $db, $cuid, $err;
|
||||
$err->log("mysql", "php_myadmin_connect");
|
||||
$db->query("SELECT dbu.name,dbu.password, dbs.host FROM dbusers dbu, db_servers dbs, membres m WHERE dbu.uid='$cuid' and enable='ADMIN' and dbs.id=m.db_server_id and m.uid='$cuid';");
|
||||
$db->query("SELECT dbu.name,dbu.password, dbs.host FROM dbusers dbu, db_servers dbs, membres m WHERE dbu.uid= ? and enable='ADMIN' and dbs.id=m.db_server_id and m.uid= ? ;", array($cuid, $cuid));
|
||||
if (!$db->num_rows()) {
|
||||
$err->raise("mysql", _("Cannot connect to PhpMyAdmin"));
|
||||
return false;
|
||||
|
|
@ -215,7 +215,7 @@ class m_mysql {
|
|||
$dbn = $dbncomp[1];
|
||||
}
|
||||
$size = $this->get_db_size($dbname);
|
||||
$db->query("SELECT login,pass,db, bck_mode, bck_gzip, bck_dir, bck_history FROM db WHERE uid='$cuid' AND db='$dbname';");
|
||||
$db->query("SELECT login,pass,db, bck_mode, bck_gzip, bck_dir, bck_history FROM db WHERE uid= ? AND db= ?;", array($cuid, $dbname));
|
||||
if (!$db->num_rows()) {
|
||||
$err->raise("mysql", _("Database %s not found"), $dbn);
|
||||
return array("enabled" => false);
|
||||
|
|
@ -262,13 +262,13 @@ class m_mysql {
|
|||
$err->raise("mysql", _("Database name cannot exceed %d characters"), $len);
|
||||
return false;
|
||||
}
|
||||
$db->query("SELECT * FROM db WHERE db='$dbname';");
|
||||
$db->query("SELECT * FROM db WHERE db= ? ;", array($dbname));
|
||||
if ($db->num_rows()) {
|
||||
$err->raise("mysql", _("Database %s already exists"), $dbn);
|
||||
return false;
|
||||
}
|
||||
|
||||
$db->query("SELECT name from dbusers where name='" . $dbname . "' and enable='ACTIVATED' ;");
|
||||
$db->query("SELECT name from dbusers where name= ? and enable='ACTIVATED' ;", array($dbname));
|
||||
if (!$db->num_rows()) {
|
||||
$password_user = create_pass(8);
|
||||
if (!$this->add_user($dbn, $password_user, $password_user)) {
|
||||
|
|
@ -277,7 +277,7 @@ class m_mysql {
|
|||
}
|
||||
|
||||
//checking for the phpmyadmin user
|
||||
$db->query("SELECT * FROM dbusers WHERE uid=$cuid AND enable='ADMIN';");
|
||||
$db->query("SELECT * FROM dbusers WHERE uid= ? AND enable='ADMIN';", array($cuid));
|
||||
if ($db->num_rows()) {
|
||||
$db->next_record();
|
||||
$myadm = $db->f("name");
|
||||
|
|
@ -288,10 +288,10 @@ class m_mysql {
|
|||
}
|
||||
|
||||
//Grant the special user every rights.
|
||||
if ($this->dbus->query("CREATE DATABASE `$dbname`;")) {
|
||||
if ($this->dbus->query("CREATE DATABASE ? ;", array($dbname)) {
|
||||
$err->log("mysql", "add_db_succes", $dbn);
|
||||
// Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
|
||||
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$myadm','$password','$dbname',0);");
|
||||
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES (?, ?, ?, ? ,0)", array($cuid, $myadm, $password, $dbname));
|
||||
$dbuser = $dbname;
|
||||
$dbname = str_replace('_', '\_', $dbname);
|
||||
$this->grant($dbname, $myadm, "ALL PRIVILEGES", $password);
|
||||
|
|
@ -317,8 +317,7 @@ class m_mysql {
|
|||
function del_db($dbn) {
|
||||
global $db, $err, $cuid;
|
||||
$err->log("mysql", "del_db", $dbn);
|
||||
$dbname = addslashes($dbn);
|
||||
$db->query("SELECT uid FROM db WHERE db='$dbname';");
|
||||
$db->query("SELECT uid FROM db WHERE db= ?;", array($dbname));
|
||||
if (!$db->num_rows()) {
|
||||
$err->raise("mysql", _("The database was not found. I can't delete it"));
|
||||
return false;
|
||||
|
|
@ -326,15 +325,15 @@ class m_mysql {
|
|||
$db->next_record();
|
||||
|
||||
// Ok, database exists and dbname is compliant. Let's proceed
|
||||
$db->query("DELETE FROM size_db WHERE db='$dbname';");
|
||||
$db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';");
|
||||
$this->dbus->query("DROP DATABASE `$dbname`;");
|
||||
$db->query("DELETE FROM size_db WHERE db ?;", array($dbname));
|
||||
$db->query("DELETE FROM db WHERE uid= ? AND db= ? ;", array($cuid, $dbname));
|
||||
$this->dbus->query("DROP DATABASE ? ;", array($dbname));
|
||||
|
||||
$db_esc = str_replace('_', '\_', $dbname);
|
||||
$this->dbus->query("DELETE FROM mysql.db WHERE Db='$db_esc';");
|
||||
$this->dbus->query("DELETE FROM mysql.db WHERE Db= ? ;", array($db_esc));
|
||||
|
||||
#We test if the user created with the database is associated with more than 1 database.
|
||||
$this->dbus->query("select User from mysql.db where User='" . $dbname . "' and (Select_priv='Y' or Insert_priv='Y' or Update_priv='Y' or Delete_priv='Y' or Create_priv='Y' or Drop_priv='Y' or References_priv='Y' or Index_priv='Y' or Alter_priv='Y' or Create_tmp_table_priv='Y' or Lock_tables_priv='Y');");
|
||||
$this->dbus->query("select User from mysql.db where User= ? and (Select_priv='Y' or Insert_priv='Y' or Update_priv='Y' or Delete_priv='Y' or Create_priv='Y' or Drop_priv='Y' or References_priv='Y' or Index_priv='Y' or Alter_priv='Y' or Create_tmp_table_priv='Y' or Lock_tables_priv='Y');", array($dbname));
|
||||
if (($this->dbus->num_rows()) == 0) {
|
||||
#If not we can delete it.
|
||||
$this->del_user($dbname);
|
||||
|
|
@ -373,7 +372,7 @@ class m_mysql {
|
|||
$err->raise("mysql", _("Database name can contain only letters and numbers"));
|
||||
return false;
|
||||
}
|
||||
$db->query("SELECT * FROM db WHERE uid='$cuid' AND db='$dbname';");
|
||||
$db->query("SELECT * FROM db WHERE uid= ? AND db= ? ;", array($cuid, $dbname));
|
||||
if (!$db->num_rows()) {
|
||||
$err->raise("mysql", _("Database %s not found"), $dbn);
|
||||
return false;
|
||||
|
|
@ -397,7 +396,7 @@ class m_mysql {
|
|||
$err->raise("mysql", _("Directory does not exist"));
|
||||
return false;
|
||||
}
|
||||
$db->query("UPDATE db SET bck_mode='$bck_mode', bck_history='$bck_history', bck_gzip='$bck_gzip', bck_dir='$bck_dir' WHERE uid='$cuid' AND db='$dbname';");
|
||||
$db->query("UPDATE db SET bck_mode= ? , bck_history= ?, bck_gzip= ?, bck_dir= ? WHERE uid= ? AND db= ? ;", array($bck_mode, $bck_history, $bck_gzip, $bck_dir, $cuid, $dbname));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -410,7 +409,7 @@ class m_mysql {
|
|||
function put_mysql_details($password) {
|
||||
global $db, $err, $cuid, $admin;
|
||||
$err->log("mysql", "put_mysql_details");
|
||||
$db->query("SELECT * FROM db WHERE uid='$cuid';");
|
||||
$db->query("SELECT * FROM db WHERE uid= ?;", array($cuid));
|
||||
if (!$db->num_rows()) {
|
||||
$err->raise("mysql", _("Database not found"));
|
||||
return false;
|
||||
|
|
@ -437,8 +436,8 @@ class m_mysql {
|
|||
}
|
||||
|
||||
// Update all the "pass" fields for this user :
|
||||
$db->query("UPDATE db SET pass='$password' WHERE uid='$cuid';");
|
||||
$this->dbus->query("SET PASSWORD FOR " . $login . "@" . $this->dbus->Client . " = PASSWORD('$password');");
|
||||
$db->query("UPDATE db SET pass= ? WHERE uid= ?;", array($password, $cuid));
|
||||
$this->dbus->query("SET PASSWORD FOR ? = PASSWORD(?);", array( $login . "@" . $this->dbus->Client, $password));
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -457,7 +456,7 @@ class m_mysql {
|
|||
if (!preg_match("#^[0-9a-z_\\*\\\\]*$#", $base)) {
|
||||
$err->raise("mysql", _("Database name can contain only letters and numbers"));
|
||||
return false;
|
||||
} elseif (!$this->dbus->query("select db from db where db='$base';")) {
|
||||
} elseif (!$this->dbus->query("select db from db where db= ?;", array($base))) {
|
||||
$err->raise("mysql", _("Database not found"));
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue