[wip] Passing mysql request params into array arguments for the query method (part 3)
This commit is contained in:
Emmanuel Monbroussou
parent
86e7bfb6b8
commit
61b07a257d
|
|
@ -288,7 +288,7 @@ class m_mysql {
|
||||||
}
|
}
|
||||||
|
|
||||||
//Grant the special user every rights.
|
//Grant the special user every rights.
|
||||||
if ($this->dbus->query("CREATE DATABASE ? ;", array($dbname)) {
|
if ($this->dbus->query("CREATE DATABASE ? ;", array($dbname))) {
|
||||||
$err->log("mysql", "add_db_succes", $dbn);
|
$err->log("mysql", "add_db_succes", $dbn);
|
||||||
// Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
|
// Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
|
||||||
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES (?, ?, ?, ? ,0)", array($cuid, $myadm, $password, $dbname));
|
$db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES (?, ?, ?, ? ,0)", array($cuid, $myadm, $password, $dbname));
|
||||||
|
|
@ -437,7 +437,7 @@ class m_mysql {
|
||||||
|
|
||||||
// Update all the "pass" fields for this user :
|
// Update all the "pass" fields for this user :
|
||||||
$db->query("UPDATE db SET pass= ? WHERE uid= ?;", array($password, $cuid));
|
$db->query("UPDATE db SET pass= ? WHERE uid= ?;", array($password, $cuid));
|
||||||
$this->dbus->query("SET PASSWORD FOR ? = PASSWORD(?);", array( $login . "@" . $this->dbus->Client, $password));
|
$this->dbus->query("SET PASSWORD FOR " .$login . "@" . $this->dbus->Client . " = PASSWORD(?);", array($password));
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -472,13 +472,14 @@ class m_mysql {
|
||||||
$err->raise("mysql", _("The username can contain only letters and numbers."));
|
$err->raise("mysql", _("The username can contain only letters and numbers."));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$db->query("select name from dbusers where name='" . $user . "' ;");
|
$db->query("select name from dbusers where name= ? ;", array($user));
|
||||||
|
|
||||||
if (!$db->num_rows()) {
|
if (!$db->num_rows()) {
|
||||||
$err->raise("mysql", _("Database user not found"));
|
$err->raise("mysql", _("Database user not found"));
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// @TODO:EM: does this part have to be escaped?
|
||||||
# Protect database name if not wildcard
|
# Protect database name if not wildcard
|
||||||
if ($base != '*') {
|
if ($base != '*') {
|
||||||
$base = "`" . $base . "`";
|
$base = "`" . $base . "`";
|
||||||
|
|
@ -555,6 +556,7 @@ class m_mysql {
|
||||||
* @access private
|
* @access private
|
||||||
*/
|
*/
|
||||||
function get_db_size($dbname) {
|
function get_db_size($dbname) {
|
||||||
|
// @TODO:EM: does this part have to be escaped?
|
||||||
$this->dbus->query("SHOW TABLE STATUS FROM `$dbname`;");
|
$this->dbus->query("SHOW TABLE STATUS FROM `$dbname`;");
|
||||||
$size = 0;
|
$size = 0;
|
||||||
while ($this->dbus->next_record()) {
|
while ($this->dbus->next_record()) {
|
||||||
|
|
@ -576,9 +578,9 @@ class m_mysql {
|
||||||
$err->log("mysql", "get_userslist");
|
$err->log("mysql", "get_userslist");
|
||||||
$c = array();
|
$c = array();
|
||||||
if (!$all) {
|
if (!$all) {
|
||||||
$db->query("SELECT name FROM dbusers WHERE uid='$cuid' and enable not in ('ADMIN','HIDDEN') ORDER BY name;");
|
$db->query("SELECT name FROM dbusers WHERE uid= ? and enable not in ('ADMIN','HIDDEN') ORDER BY name;", array($cuid));
|
||||||
} else {
|
} else {
|
||||||
$db->query("SELECT name FROM dbusers WHERE uid='$cuid' ORDER BY name;");
|
$db->query("SELECT name FROM dbusers WHERE uid= ? ORDER BY name;", array($cuid));
|
||||||
}
|
}
|
||||||
while ($db->next_record()) {
|
while ($db->next_record()) {
|
||||||
$pos = strpos($db->f("name"), "_");
|
$pos = strpos($db->f("name"), "_");
|
||||||
|
|
@ -600,7 +602,7 @@ class m_mysql {
|
||||||
$dbu = $dbn;
|
$dbu = $dbn;
|
||||||
$r = array();
|
$r = array();
|
||||||
$dbn = str_replace('_', '\_', $dbn);
|
$dbn = str_replace('_', '\_', $dbn);
|
||||||
$this->dbus->query("Select * from mysql.db where Db='" . $dbn . "' and User!='" . $cuid . "_myadm';");
|
$this->dbus->query("Select * from mysql.db where Db= ? and User!= ? ;", array($dbn, $cuid."_myadm"));
|
||||||
|
|
||||||
if (!$db->num_rows()) {
|
if (!$db->num_rows()) {
|
||||||
return $r;
|
return $r;
|
||||||
|
|
@ -666,7 +668,7 @@ class m_mysql {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} //endwhile
|
} //endwhile
|
||||||
if (!$db->query("SELECT name,password from dbusers where name='" . $dbu . "';")) {
|
if (!$db->query("SELECT name,password from dbusers where name= ? ;", array($dbu))) {
|
||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -699,7 +701,6 @@ class m_mysql {
|
||||||
} else {
|
} else {
|
||||||
$user = $usern;
|
$user = $usern;
|
||||||
}
|
}
|
||||||
$pass = addslashes($password);
|
|
||||||
|
|
||||||
if (!$usern) {
|
if (!$usern) {
|
||||||
$err->raise("mysql", _("The username is mandatory"));
|
$err->raise("mysql", _("The username is mandatory"));
|
||||||
|
|
@ -720,7 +721,7 @@ class m_mysql {
|
||||||
$err->raise("mysql", _("MySQL username cannot exceed %d characters"), $len);
|
$err->raise("mysql", _("MySQL username cannot exceed %d characters"), $len);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$db->query("SELECT * FROM dbusers WHERE name='$user';");
|
$db->query("SELECT * FROM dbusers WHERE name= ? ;", array($user));
|
||||||
if ($db->num_rows()) {
|
if ($db->num_rows()) {
|
||||||
$err->raise("mysql", _("The database user already exists"));
|
$err->raise("mysql", _("The database user already exists"));
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -738,7 +739,7 @@ class m_mysql {
|
||||||
}
|
}
|
||||||
|
|
||||||
// We add him to the user table
|
// We add him to the user table
|
||||||
$db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES($cuid,'$user','$password','ACTIVATED');");
|
$db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES( ?, ?, ?, 'ACTIVATED');", array($cuid, $user, $password));
|
||||||
|
|
||||||
$this->grant("*", $user, "USAGE", $pass);
|
$this->grant("*", $user, "USAGE", $pass);
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -752,14 +753,13 @@ class m_mysql {
|
||||||
* @param $password The password for this username
|
* @param $password The password for this username
|
||||||
* @param $passconf The password confirmation
|
* @param $passconf The password confirmation
|
||||||
* @return boolean if the password has been changed in MySQL or FALSE if an error occurred
|
* @return boolean if the password has been changed in MySQL or FALSE if an error occurred
|
||||||
|
* @TODO:EM: is this correctly escaped ?
|
||||||
* */
|
* */
|
||||||
function change_user_password($usern, $password, $passconf) {
|
function change_user_password($usern, $password, $passconf) {
|
||||||
global $db, $err, $cuid, $admin;
|
global $db, $err, $cuid, $admin;
|
||||||
$err->log("mysql", "change_user_pass", $usern);
|
$err->log("mysql", "change_user_pass", $usern);
|
||||||
|
|
||||||
$usern = trim($usern);
|
$usern = trim($usern);
|
||||||
$user = addslashes($usern);
|
|
||||||
$pass = addslashes($password);
|
|
||||||
if ($password != $passconf || !$password) {
|
if ($password != $passconf || !$password) {
|
||||||
$err->raise("mysql", _("The passwords do not match"));
|
$err->raise("mysql", _("The passwords do not match"));
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -771,8 +771,8 @@ class m_mysql {
|
||||||
return false; // The error has been raised by checkPolicy()
|
return false; // The error has been raised by checkPolicy()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->dbus->query("SET PASSWORD FOR '" . $user . "'@'" . $this->dbus->Client . "' = PASSWORD('" . $pass . "');");
|
$this->dbus->query("SET PASSWORD FOR '" . addslashes($usern) . "'@'" . $this->dbus->Client . "' = PASSWORD(?);", array($pass));
|
||||||
$db->query("UPDATE dbusers set password='" . $pass . "' where name='" . $usern . "' and uid=$cuid ;");
|
$db->query("UPDATE dbusers set password= ? where name= ? and uid= ? ;", array($pass, $usern, $cuid));
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -792,9 +792,9 @@ class m_mysql {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (!$all) {
|
if (!$all) {
|
||||||
$db->query("SELECT name FROM dbusers WHERE name='" . $user . "' and enable not in ('ADMIN','HIDDEN');");
|
$db->query("SELECT name FROM dbusers WHERE name= ? and enable not in ('ADMIN','HIDDEN');", array($user));
|
||||||
} else {
|
} else {
|
||||||
$db->query("SELECT name FROM dbusers WHERE uid='" . $cuid . "' ;");
|
$db->query("SELECT name FROM dbusers WHERE uid= ? ;", array($cuid));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$db->num_rows()) {
|
if (!$db->num_rows()) {
|
||||||
|
|
@ -805,12 +805,13 @@ class m_mysql {
|
||||||
$login = $db->f("name");
|
$login = $db->f("name");
|
||||||
|
|
||||||
// Ok, database exists and dbname is compliant. Let's proceed
|
// Ok, database exists and dbname is compliant. Let's proceed
|
||||||
|
// @TODO:EM: is this correctly escaped ?
|
||||||
$this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM '" . $user . "'@'" . $this->dbus->Client . "';");
|
$this->dbus->query("REVOKE ALL PRIVILEGES ON *.* FROM '" . $user . "'@'" . $this->dbus->Client . "';");
|
||||||
$this->dbus->query("DELETE FROM mysql.db WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "';");
|
$this->dbus->query("DELETE FROM mysql.db WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client));
|
||||||
$this->dbus->query("DELETE FROM mysql.user WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "';");
|
$this->dbus->query("DELETE FROM mysql.user WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client));
|
||||||
$this->dbus->query("FLUSH PRIVILEGES");
|
$this->dbus->query("FLUSH PRIVILEGES");
|
||||||
|
|
||||||
$db->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='" . $user . "';");
|
$db->query("DELETE FROM dbusers WHERE uid= ? AND name= ? ;", array($cuid, $user));
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -824,7 +825,7 @@ class m_mysql {
|
||||||
function get_user_dblist($user) {
|
function get_user_dblist($user) {
|
||||||
global $db, $err;
|
global $db, $err;
|
||||||
|
|
||||||
$this->dbus->query("SELECT * FROM mysql.user WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "';");
|
$this->dbus->query("SELECT * FROM mysql.user WHERE User= ? AND Host= ? ;", array($user, $this->dbus->Client));
|
||||||
if (!$this->dbus->next_record()) {
|
if (!$this->dbus->next_record()) {
|
||||||
$err->raise('mysql', _("This user does not exist in the MySQL/User database"));
|
$err->raise('mysql', _("This user does not exist in the MySQL/User database"));
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -836,10 +837,10 @@ class m_mysql {
|
||||||
foreach ($dblist as $tab) {
|
foreach ($dblist as $tab) {
|
||||||
$pos = strpos($tab['db'], "_");
|
$pos = strpos($tab['db'], "_");
|
||||||
if ($pos === false) {
|
if ($pos === false) {
|
||||||
$this->dbus->query("SELECT * FROM mysql.db WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "' AND Db='" . $tab["db"] . "';");
|
$this->dbus->query("SELECT * FROM mysql.db WHERE User= ? AND Host= ? AND Db= ? ;", array($user, $this->dbus->Client, $tab["db"]));
|
||||||
} else {
|
} else {
|
||||||
$dbname = str_replace('_', '\_', $tab['db']);
|
$dbname = str_replace('_', '\_', $tab['db']);
|
||||||
$this->dbus->query("SELECT * FROM mysql.db WHERE User='" . $user . "' AND Host='" . $this->dbus->Client . "' AND Db='" . $dbname . "';");
|
$this->dbus->query("SELECT * FROM mysql.db WHERE User= ? AND Host= ? AND Db= ? ;", array($user, $this->dbus->Client, $dbname) );
|
||||||
}
|
}
|
||||||
if ($this->dbus->next_record()) {
|
if ($this->dbus->next_record()) {
|
||||||
$r[] = array("db" => $tab["db"], "select" => $this->dbus->f("Select_priv"), "insert" => $this->dbus->f("Insert_priv"), "update" => $this->dbus->f("Update_priv"), "delete" => $this->dbus->f("Delete_priv"), "create" => $this->dbus->f("Create_priv"), "drop" => $this->dbus->f("Drop_priv"), "references" => $this->dbus->f("References_priv"), "index" => $this->dbus->f("Index_priv"), "alter" => $this->dbus->f("Alter_priv"), "create_tmp" => $this->dbus->f("Create_tmp_table_priv"), "lock" => $this->dbus->f("Lock_tables_priv"),
|
$r[] = array("db" => $tab["db"], "select" => $this->dbus->f("Select_priv"), "insert" => $this->dbus->f("Insert_priv"), "update" => $this->dbus->f("Update_priv"), "delete" => $this->dbus->f("Delete_priv"), "create" => $this->dbus->f("Create_priv"), "drop" => $this->dbus->f("Drop_priv"), "references" => $this->dbus->f("References_priv"), "index" => $this->dbus->f("Index_priv"), "alter" => $this->dbus->f("Alter_priv"), "create_tmp" => $this->dbus->f("Create_tmp_table_priv"), "lock" => $this->dbus->f("Lock_tables_priv"),
|
||||||
|
|
@ -872,9 +873,7 @@ class m_mysql {
|
||||||
global $err;
|
global $err;
|
||||||
$err->log("mysql", "set_user_rights");
|
$err->log("mysql", "set_user_rights");
|
||||||
|
|
||||||
$usern = addslashes($user);
|
$dbname = str_replace('_', '\_', $dbname);
|
||||||
$dbname = addslashes($dbn);
|
|
||||||
$dbname = str_replace('_', '\_', $dbname);
|
|
||||||
// On genere les droits en fonction du tableau de droits
|
// On genere les droits en fonction du tableau de droits
|
||||||
$strrights = "";
|
$strrights = "";
|
||||||
for ($i = 0; $i < count($rights); $i++) {
|
for ($i = 0; $i < count($rights); $i++) {
|
||||||
|
|
@ -937,7 +936,12 @@ class m_mysql {
|
||||||
}
|
}
|
||||||
|
|
||||||
// We reset all user rights on this DB :
|
// We reset all user rights on this DB :
|
||||||
$this->dbus->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';");
|
$this->dbus->query("SELECT * FROM mysql.db WHERE User = ? AND Db = ?;", array($usern, $dbname));
|
||||||
|
|
||||||
|
// @TODO:EM: This has to be verified, and maybe we should use another way to escape those requests
|
||||||
|
$usern = addslashes($user);
|
||||||
|
$dbname = addslashes($dbn);
|
||||||
|
|
||||||
if ($this->dbus->num_rows()) {
|
if ($this->dbus->num_rows()) {
|
||||||
$this->dbus->query("REVOKE ALL PRIVILEGES ON `$dbname`.* FROM '$usern'@'" . $this->dbus->Client . "';");
|
$this->dbus->query("REVOKE ALL PRIVILEGES ON `$dbname`.* FROM '$usern'@'" . $this->dbus->Client . "';");
|
||||||
}
|
}
|
||||||
|
|
@ -999,7 +1003,7 @@ class m_mysql {
|
||||||
global $db, $err, $cuid, $mem;
|
global $db, $err, $cuid, $mem;
|
||||||
$err->log("mysql", "alternc_add_member");
|
$err->log("mysql", "alternc_add_member");
|
||||||
//checking for the phpmyadmin user
|
//checking for the phpmyadmin user
|
||||||
$db->query("SELECT name,password FROM dbusers WHERE uid=$cuid AND Type='ADMIN';");
|
$db->query("SELECT name,password FROM dbusers WHERE uid= ? AND Type='ADMIN';", array($cuid));
|
||||||
if ($db->num_rows()) {
|
if ($db->num_rows()) {
|
||||||
$myadm = $db->f("name");
|
$myadm = $db->f("name");
|
||||||
$password = $db->f("password");
|
$password = $db->f("password");
|
||||||
|
|
@ -1009,7 +1013,7 @@ class m_mysql {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES ('$cuid','$myadm','$password','ADMIN');");
|
$db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES (?, ?, ?, 'ADMIN');", array($cuid, $myadm, $password));
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -1061,7 +1065,7 @@ class m_mysql {
|
||||||
//TODO don't work with separated sql server for dbusers
|
//TODO don't work with separated sql server for dbusers
|
||||||
global $db, $err, $cuid;
|
global $db, $err, $cuid;
|
||||||
$err->log("mysql", "export");
|
$err->log("mysql", "export");
|
||||||
$db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid='$cuid';");
|
$db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid= ? ;", array($cuid));
|
||||||
$str = "";
|
$str = "";
|
||||||
if ($db->next_record()) {
|
if ($db->next_record()) {
|
||||||
$str.=" <sql>\n";
|
$str.=" <sql>\n";
|
||||||
|
|
@ -1093,7 +1097,7 @@ class m_mysql {
|
||||||
function alternc_export_data($dir) {
|
function alternc_export_data($dir) {
|
||||||
global $db, $err, $cuid;
|
global $db, $err, $cuid;
|
||||||
$err->log("mysql", "export_data");
|
$err->log("mysql", "export_data");
|
||||||
$db->query("SELECT db.login, db.pass, db.db, dbusers.name FROM db,dbusers WHERE db.uid='$cuid' AND dbusers.uid=db.uid;");
|
$db->query("SELECT db.login, db.pass, db.db, dbusers.name FROM db,dbusers WHERE db.uid= ? AND dbusers.uid=db.uid;", array($cuid));
|
||||||
$dir.="sql/";
|
$dir.="sql/";
|
||||||
if (!is_dir($dir)) {
|
if (!is_dir($dir)) {
|
||||||
if (!mkdir($dir)) {
|
if (!mkdir($dir)) {
|
||||||
|
|
@ -1133,6 +1137,7 @@ class m_mysql {
|
||||||
|
|
||||||
$this->dbus->query("show databases;");
|
$this->dbus->query("show databases;");
|
||||||
$res = array();
|
$res = array();
|
||||||
|
//@TODO: this has to be done in another way
|
||||||
while ($this->dbus->next_record()) {
|
while ($this->dbus->next_record()) {
|
||||||
$dbname = $this->dbus->f("Database");
|
$dbname = $this->dbus->f("Database");
|
||||||
$c = mysql_query("SHOW TABLE STATUS FROM $dbname;");
|
$c = mysql_query("SHOW TABLE STATUS FROM $dbname;");
|
||||||
|
|
|
||||||
|
|
@ -77,7 +77,7 @@ class m_piwik {
|
||||||
*/
|
*/
|
||||||
function hook_quota_get() {
|
function hook_quota_get() {
|
||||||
global $db, $cuid;
|
global $db, $cuid;
|
||||||
$db->query("SELECT COUNT(id) AS nb FROM piwik_users WHERE uid='$cuid'");
|
$db->query("SELECT COUNT(id) AS nb FROM piwik_users WHERE uid= ? ;", array($cuid));
|
||||||
$q=Array("name"=>"piwik", "description"=>_("Statistics through Piwik accounts"), "used"=>0);
|
$q=Array("name"=>"piwik", "description"=>_("Statistics through Piwik accounts"), "used"=>0);
|
||||||
if ($db->next_record()) {
|
if ($db->next_record()) {
|
||||||
$q['used']=$db->f('nb');
|
$q['used']=$db->f('nb');
|
||||||
|
|
@ -110,7 +110,7 @@ class m_piwik {
|
||||||
if ($api_data->result === 'success') {
|
if ($api_data->result === 'success') {
|
||||||
$user = $this->get_user($user_login);
|
$user = $this->get_user($user_login);
|
||||||
$user_creation_date = $user->date_registered;
|
$user_creation_date = $user->date_registered;
|
||||||
return $db->query("INSERT INTO piwik_users (uid, login, created_date) VALUES ('$cuid', '$user_login', '$user_creation_date')");
|
return $db->query("INSERT INTO piwik_users (uid, login, created_date) VALUES ( ?, ?, ?,);", array($cuid, $user_login, $user_creation_date));
|
||||||
}
|
}
|
||||||
} else { // api_data = false -> error is already filled
|
} else { // api_data = false -> error is already filled
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
@ -169,7 +169,7 @@ class m_piwik {
|
||||||
global $db, $cuid;
|
global $db, $cuid;
|
||||||
|
|
||||||
static $alternc_users = array();
|
static $alternc_users = array();
|
||||||
$db->query("SELECT login FROM piwik_users WHERE uid='$cuid'");
|
$db->query("SELECT login FROM piwik_users WHERE uid= ?;", array($cuid));
|
||||||
while ($db->next_record())
|
while ($db->next_record())
|
||||||
array_push($alternc_users, $db->f('login'));
|
array_push($alternc_users, $db->f('login'));
|
||||||
|
|
||||||
|
|
@ -180,13 +180,13 @@ class m_piwik {
|
||||||
function user_delete($piwik_user_login) {
|
function user_delete($piwik_user_login) {
|
||||||
global $db, $cuid, $err;
|
global $db, $cuid, $err;
|
||||||
|
|
||||||
$db->query("SELECT created_date, COUNT(id) AS cnt FROM piwik_users WHERE uid='$cuid' AND login='$piwik_user_login'");
|
$db->query("SELECT created_date, COUNT(id) AS cnt FROM piwik_users WHERE uid= ? AND login= ? ", array($cuid, $piwik_user_login));
|
||||||
$db->next_record();
|
$db->next_record();
|
||||||
|
|
||||||
if ($db->f('cnt') == 1) {
|
if ($db->f('cnt') == 1) {
|
||||||
$api_data = $this->call_privileged_page('API', 'UsersManager.deleteUser', array('userLogin' => $piwik_user_login));
|
$api_data = $this->call_privileged_page('API', 'UsersManager.deleteUser', array('userLogin' => $piwik_user_login));
|
||||||
if ($api_data->result == 'success') {
|
if ($api_data->result == 'success') {
|
||||||
return $db->query("DELETE FROM piwik_users WHERE uid='$cuid' AND login='$piwik_user_login'");
|
return $db->query("DELETE FROM piwik_users WHERE uid= ? AND login= ? ;", array($cuid, $piwik_user_login));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
@ -200,7 +200,7 @@ class m_piwik {
|
||||||
|
|
||||||
function users_list() {
|
function users_list() {
|
||||||
global $db, $cuid;
|
global $db, $cuid;
|
||||||
$db->query("SELECT login FROM piwik_users WHERE uid = '$cuid'");
|
$db->query("SELECT login FROM piwik_users WHERE uid = ?;", array($cuid));
|
||||||
if ($db->num_rows() == 0)
|
if ($db->num_rows() == 0)
|
||||||
return array();
|
return array();
|
||||||
$users = '';
|
$users = '';
|
||||||
|
|
@ -277,7 +277,7 @@ class m_piwik {
|
||||||
global $db, $cuid;
|
global $db, $cuid;
|
||||||
|
|
||||||
static $alternc_sites = array();
|
static $alternc_sites = array();
|
||||||
$db->query("SELECT piwik_id AS site_id FROM piwik_sites WHERE uid='$cuid'");
|
$db->query("SELECT piwik_id AS site_id FROM piwik_sites WHERE uid= ? ;", array($cuid));
|
||||||
while ($db->next_record())
|
while ($db->next_record())
|
||||||
array_push($alternc_sites, $db->f('site_id'));
|
array_push($alternc_sites, $db->f('site_id'));
|
||||||
|
|
||||||
|
|
@ -294,7 +294,7 @@ class m_piwik {
|
||||||
global $db, $cuid;
|
global $db, $cuid;
|
||||||
$urls = is_array($urls) ? implode(',', $urls) : $urls;
|
$urls = is_array($urls) ? implode(',', $urls) : $urls;
|
||||||
$api_data = $this->call_privileged_page('API', 'SitesManager.addSite', array('siteName' => $siteName, 'urls' => $urls));
|
$api_data = $this->call_privileged_page('API', 'SitesManager.addSite', array('siteName' => $siteName, 'urls' => $urls));
|
||||||
$db->query("INSERT INTO piwik_sites set uid='$cuid', piwik_id='{$api_data->value}'");
|
$db->query("INSERT INTO piwik_sites set uid= ? , piwik_id= ? ", array($cuid, $api_data->value));
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -304,13 +304,13 @@ class m_piwik {
|
||||||
function site_delete($site_id) {
|
function site_delete($site_id) {
|
||||||
global $db, $cuid, $err;
|
global $db, $cuid, $err;
|
||||||
|
|
||||||
$db->query("SELECT COUNT(id) AS cnt FROM piwik_sites WHERE uid='$cuid' AND piwik_id='$site_id'");
|
$db->query("SELECT COUNT(id) AS cnt FROM piwik_sites WHERE uid= ? AND piwik_id= ? ;", array($cuid, $site_id));
|
||||||
$db->next_record();
|
$db->next_record();
|
||||||
|
|
||||||
if ($db->f('cnt') == 1) {
|
if ($db->f('cnt') == 1) {
|
||||||
$api_data = $this->call_privileged_page('API', 'SitesManager.deleteSite', array('idSite' => $site_id));
|
$api_data = $this->call_privileged_page('API', 'SitesManager.deleteSite', array('idSite' => $site_id));
|
||||||
if ($api_data->result == 'success') {
|
if ($api_data->result == 'success') {
|
||||||
return $db->query("DELETE FROM piwik_sites where uid='$cuid' AND piwik_id='$site_id' LIMIT 1");
|
return $db->query("DELETE FROM piwik_sites where uid= ? AND piwik_id= ? LIMIT 1", array($cuid, $site_id));
|
||||||
} else {
|
} else {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -157,7 +157,7 @@ class m_quota {
|
||||||
$type = $quota->listtype();
|
$type = $quota->listtype();
|
||||||
foreach ($type as $t) {
|
foreach ($type as $t) {
|
||||||
foreach ($qt as $q => $vv) {
|
foreach ($qt as $q => $vv) {
|
||||||
$db->query("INSERT IGNORE defquotas (value,quota,type) VALUES (0,'$q','$t');");
|
$db->query("INSERT IGNORE defquotas (value,quota,type) VALUES (0, ?, ?);", array($q, $t));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -212,7 +212,7 @@ class m_quota {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the allowed quota from database.
|
// Get the allowed quota from database.
|
||||||
$db->query("select name, total from quotas where uid='$cuid';");
|
$db->query("select name, total from quotas where uid= ? ;", array($cuid));
|
||||||
while ($db->next_record()) {
|
while ($db->next_record()) {
|
||||||
$this->quotas[$db->f('name')]['t'] = $db->f('total');
|
$this->quotas[$db->f('name')]['t'] = $db->f('total');
|
||||||
}
|
}
|
||||||
|
|
@ -255,11 +255,11 @@ class m_quota {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// We check that this ressource exists for this client :
|
// We check that this ressource exists for this client :
|
||||||
$db->query("SELECT * FROM quotas WHERE uid='$cuid' AND name='$ressource'");
|
$db->query("SELECT * FROM quotas WHERE uid= ? AND name= ? ", array($cuid, $ressource));
|
||||||
if ($db->num_rows()) {
|
if ($db->num_rows()) {
|
||||||
$db->query("UPDATE quotas SET total='$size' WHERE uid='$cuid' AND name='$ressource';");
|
$db->query("UPDATE quotas SET total= e WHERE uid= ? AND name= ?;", array($size, $cuid, $ressource));
|
||||||
} else {
|
} else {
|
||||||
$db->query("INSERT INTO quotas (uid,name,total) VALUES ('$cuid','$ressource','$size');");
|
$db->query("INSERT INTO quotas (uid,name,total) VALUES (?, ?, ?);", array($cuid, $ressource, $size));
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -272,7 +272,7 @@ class m_quota {
|
||||||
function delquotas() {
|
function delquotas() {
|
||||||
global $db, $err, $cuid;
|
global $db, $err, $cuid;
|
||||||
$err->log("quota", "delquota");
|
$err->log("quota", "delquota");
|
||||||
$db->query("DELETE FROM quotas WHERE uid='$cuid';");
|
$db->query("DELETE FROM quotas WHERE uid= ?;", array($cuid));
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -309,7 +309,7 @@ class m_quota {
|
||||||
foreach ($newq as $type => $quotas) {
|
foreach ($newq as $type => $quotas) {
|
||||||
foreach ($quotas as $qname => $value) {
|
foreach ($quotas as $qname => $value) {
|
||||||
if (array_key_exists($qname, $qlist)) {
|
if (array_key_exists($qname, $qlist)) {
|
||||||
if (!$db->query("REPLACE INTO defquotas (value,quota,type) VALUES ($value,'$qname','$type');")) {
|
if (!$db->query("REPLACE INTO defquotas (value,quota,type) VALUES ( ?, ?, ?); ", array($value, $qname, $type))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -336,7 +336,7 @@ class m_quota {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
while (list($key, $val) = each($qlist)) {
|
while (list($key, $val) = each($qlist)) {
|
||||||
if (!$db->query("INSERT IGNORE INTO defquotas (quota,type) VALUES('$key', '$type');") || $db->affected_rows() == 0) {
|
if (!$db->query("INSERT IGNORE INTO defquotas (quota,type) VALUES(?, ?);", array($key, $type)) || $db->affected_rows() == 0) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -367,8 +367,8 @@ class m_quota {
|
||||||
function deltype($type) {
|
function deltype($type) {
|
||||||
global $db;
|
global $db;
|
||||||
|
|
||||||
if ($db->query("UPDATE membres SET type='default' WHERE type='$type'") &&
|
if ($db->query("UPDATE membres SET type='default' WHERE type= ? ;", array($type)) &&
|
||||||
$db->query("DELETE FROM defquotas WHERE type='$type'")) {
|
$db->query("DELETE FROM defquotas WHERE type= ?;", array($type))) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -390,12 +390,12 @@ class m_quota {
|
||||||
if (!$db->next_record()) {
|
if (!$db->next_record()) {
|
||||||
$this->addtype('default');
|
$this->addtype('default');
|
||||||
}
|
}
|
||||||
$db->query("SELECT type FROM membres WHERE uid='$cuid'");
|
$db->query("SELECT type FROM membres WHERE uid= ?;", array($cuid));
|
||||||
$db->next_record();
|
$db->next_record();
|
||||||
$t = $db->f("type");
|
$t = $db->f("type");
|
||||||
|
|
||||||
foreach ($ql as $res => $val) {
|
foreach ($ql as $res => $val) {
|
||||||
$db->query("SELECT value FROM defquotas WHERE quota='$res' AND type='$t'");
|
$db->query("SELECT value FROM defquotas WHERE quota= ? AND type= ? ;", array($res, $t));
|
||||||
$q = $db->next_record() ? $db->f("value") : 0;
|
$q = $db->next_record() ? $db->f("value") : 0;
|
||||||
$this->setquota($res, $q);
|
$this->setquota($res, $q);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -128,11 +128,14 @@ function variable_set($name, $value, $comment = null) {
|
||||||
if (!array_key_exists($name, $conf) || $value != $conf[$name]) {
|
if (!array_key_exists($name, $conf) || $value != $conf[$name]) {
|
||||||
$conf[$name] = $value;
|
$conf[$name] = $value;
|
||||||
if (empty($comment)) {
|
if (empty($comment)) {
|
||||||
$query = "INSERT INTO variable (name, value) values ('" . $name . "', '" . addslashes($value2) . "') on duplicate key update name='" . $name . "', value='" . addslashes($value2) . "';";
|
$query = "INSERT INTO variable (name, value) values ( ?, ?) on duplicate key update name= ?, value= ? ;";
|
||||||
|
$query_args = array($name, $value2, $name, $value2);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
$query = "INSERT INTO variable (name, value, comment) values ('" . $name . "', '" . addslashes($value2) . "', '$comment') on duplicate key update name='" . $name . "', value='" . addslashes($value2) . "', comment='" . addslashes($comment) . "';";
|
$query = "INSERT INTO variable (name, value, comment) values ( ?, ?, ?) on duplicate key update name= ?, value= ?, comment= ? ;";
|
||||||
|
$query_args = array($name, $value2, $comment, $name, $value2, $comment);
|
||||||
}
|
}
|
||||||
$db->query($query);
|
$db->query($query, $query_args);
|
||||||
$hooks->invoke("hook_variable_set", array("name" => $name, "old" => $previous, "new" => $value));
|
$hooks->invoke("hook_variable_set", array("name" => $name, "old" => $previous, "new" => $value));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -145,7 +148,7 @@ function variable_set($name, $value, $comment = null) {
|
||||||
*/
|
*/
|
||||||
function variable_del($name) {
|
function variable_del($name) {
|
||||||
global $conf, $db;
|
global $conf, $db;
|
||||||
$db->query("DELETE FROM `variable` WHERE name = '" . $name . "'");
|
$db->query("DELETE FROM `variable` WHERE name = ?;", array($name));
|
||||||
unset($conf[$name]);
|
unset($conf[$name]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue