Merge branch 'master' into 'master'

Master

Author: Marius Cramer

interface/web/dns/dns_dkim_edit.php

@@ -58,11 +58,11 @@ function onShowNew() {
 
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 			// Check if the user may add another record.
 			if($client["limit_dns_record"] >= 0) {
-				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
 				if($tmp["number"] >= $client["limit_dns_record"]) {
 					$app->error($app->tform->wordbook["limit_dns_record_txt"]);
 				}
@@ -75,18 +75,18 @@ function onShowNew() {
 	function onSubmit() {
 		global $app, $conf;
 		// Get the parent soa record of the domain
-		$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+		$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->intval($_POST["zone"]));
 		// Check if Domain belongs to user
 		if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];
 
 		// Check the client limits, if user is not the admin
 		if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			$client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 			// Check if the user may add another record.
 			if($this->id == 0 && $client["limit_dns_record"] >= 0) {
-				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");
+				$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);
 				if($tmp["number"] >= $client["limit_dns_record"]) {
 					$app->error($app->tform->wordbook["limit_dns_record_txt"]);
 				}
@@ -101,12 +101,12 @@ function onSubmit() {
 		$this->dataRecord['name']='default._domainkey.'.$this->dataRecord['name'];
 
 		// Update the serial number  and timestamp of the RR record
-		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);
 		$this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
 		$this->dataRecord["stamp"] = date('Y-m-d H:i:s');
 
 		// check for duplicate entry
-		$check=$app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$this->dataRecord["zone"]." AND type = '".$this->dataRecord["type"]."' AND data ='".$this->dataRecord["data"]."' AND name = '".$this->dataRecord['name']."'");
+		$check=$app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND type = ? AND data = ? AND name = ?", $this->dataRecord['zone'], $this->dataRecord['type'], $this->dataRecord['data'], $this->dataRecord['name']);
 		if ($check!='') $app->tform->errorMessage .= $app->tform->wordbook["record_exists_txt"];
 		if (empty($this->dataRecord['data'])) $app->tform->errorMessage .= $app->tform->wordbook["dkim_disabled_txt"];
 		parent::onSubmit();
@@ -116,7 +116,7 @@ function onAfterInsert() {
 		global $app, $conf;
 
 		//* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record
-		$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+		$soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord['zone']));
 		$app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);
 
 		//* Update the serial number of the SOA record
@@ -129,7 +129,7 @@ function onAfterUpdate() {
 		global $app, $conf;
 
 		//* Update the serial number of the SOA record
-		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));
+		$soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));
 		$soa_id = $app->functions->intval($_POST["zone"]);
 		$serial = $app->validate_dns->increase_serial($soa["serial"]);
 		$app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);

interface/web/dns/dns_dkim_get.php

@@ -82,9 +82,9 @@ function pub_key($pubkey) {
 
 if (ctype_digit($_POST['zone'])) {
 	// Get the parent soa record of the domain
-	$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->db->quote($_POST['zone'])."' AND ".$app->tform->getAuthSQL('r'));
+	$soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ".$app->tform->getAuthSQL('r'), $_POST['zone']);
 
-	$public_key=$app->db->queryOneRecord("SELECT dkim_public FROM mail_domain WHERE domain = '".substr_replace($soa['origin'],'',-1)."' AND dkim = 'Y' AND ".$app->tform->getAuthSQL('r'));		
+	$public_key=$app->db->queryOneRecord("SELECT dkim_public FROM mail_domain WHERE domain = ? AND dkim = 'Y' AND ".$app->tform->getAuthSQL('r'), substr_replace($soa['origin'],'',-1));
 
 	$public_key=pub_key($public_key);
 

interface/web/dns/dns_wizard.php

@@ -248,7 +248,7 @@
 		$public_key=$app->db->queryOneRecord("SELECT dkim_public FROM mail_domain WHERE domain = '".$app->db->quote($_POST['domain'])."' AND dkim = 'y' AND ".$app->tform->getAuthSQL('r'));
 		if ($public_key!='') {
 			$dns_record=str_replace(array("\r\n", "\n", "\r", "-----BEGIN PUBLIC KEY-----", "-----END PUBLIC KEY-----"), '', $public_key['dkim_public']);
-			$tpl_content = str_replace('TXT|'.$_POST['domain'].'.|{DKIM}', 'TXT|default._domainkey.'.$_POST['domain'].'.|v=DKIM1; t=s; p='.$dns_record, $tpl_content);
+			$tpl_content = str_replace('TXT|'.$_POST['domain'].'|{DKIM}', 'TXT|default._domainkey.'.$_POST['domain'].'.|v=DKIM1; t=s; p='.$dns_record, $tpl_content);
 		}
 	}
 

interface/web/mail/mail_user_edit.php

@@ -323,8 +323,8 @@ function onAfterUpdate() {
 
 		//* Change backup options when user mail backup options have been changed
 		if(isset($this->dataRecord['backup_interval']) && ($this->dataRecord['backup_interval'] != $this->oldDataRecord['backup_interval'] || $this->dataRecord['backup_copies'] != $this->oldDataRecord['backup_copies'])) {
-			$backup_interval = $this->dataRecord['backup_interval'];
-			$backup_copies = $this->dataRecord['backup_copies'];
+			$backup_interval = $app->db->quote($this->dataRecord['backup_interval']);
+			$backup_copies = $app->functions->intval($this->dataRecord['backup_copies']);
 			$app->db->datalogUpdate('mail_user', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'mailuser_id', $rec['mailuser_id']);
 			unset($backup_copies);
 			unset($backup_interval);

interface/web/sites/database_edit.php

@@ -73,7 +73,7 @@ function onShowEnd() {
 
 			// Get the limits of the client
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-			$client = $app->db->queryOneRecord("SELECT db_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			$client = $app->db->queryOneRecord("SELECT db_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 			// Set the webserver to the default server of the client
 			$tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ($client[db_servers])");
@@ -96,7 +96,7 @@ function onShowEnd() {
 
 			// Get the limits of the client
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-			$client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, db_servers, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			$client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, db_servers, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 			// Set the webserver to the default server of the client
 			$tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ($client[db_servers])");
@@ -150,6 +150,7 @@ function onShowEnd() {
 			$app->tpl->setVar("edit_disabled", 1);
 			$app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
 			$app->tpl->setVar("database_charset_value", $this->dataRecord["database_charset"]);
+			$app->tpl->setVar("limit_database_quota", $this->dataRecord["database_quota"]);
 		} else {
 			$app->tpl->setVar("edit_disabled", 0);
 		}
@@ -171,9 +172,31 @@ function onSubmit() {
 			// When the record is updated
 			if($this->id > 0) {
 				// restore the server ID if the user is not admin and record is edited
-				$tmp = $app->db->queryOneRecord("SELECT server_id FROM web_database WHERE database_id = ".$app->functions->intval($this->id));
+				$tmp = $app->db->queryOneRecord("SELECT server_id FROM web_database WHERE database_id = ?", $app->functions->intval($this->id));
 				$this->dataRecord["server_id"] = $tmp["server_id"];
 				unset($tmp);
+				//* Check client quota
+				if ($client['limit_database_quota'] >= 0) {
+					//* get the database prefix
+					$app->uses('getconf,tools_sites');
+					$global_config = $app->getconf->get_global_config('sites');
+					$dbname_prefix = $app->tools_sites->replacePrefix($global_config['dbname_prefix'], $this->dataRecord);
+					//* get quota from other databases
+					$tmp = $app->db->queryOneRecord("SELECT sum(database_quota) as db_quota FROM web_database WHERE sys_groupid = ? AND database_name <> ?", $client_group_id, $dbname_prefix.$this->dataRecord['database_name']);
+					$used_quota = $app->functions->intval($tmp['db_quota']);
+					$new_db_quota = $app->functions->intval($this->dataRecord["database_quota"]);
+					if(($used_quota + $new_db_quota > $client['limit_database_quota']) || ($new_db_quota < 0 && $client['limit_database_quota'] >= 0)) {
+						$max_free_quota = floor($client['limit_database_quota'] - $used_quota);
+						if($max_free_quota < 0) {
+							$max_free_quota = 0;
+						}
+						$app->tform->errorMessage .= $app->tform->lng("limit_database_quota_free_txt").": ".$max_free_quota." MB<br>";
+						$this->dataRecord['database_quota'] = $max_free_quota;
+					}
+					unset($tmp);
+					unset($global_config);
+					unset($dbname_prefix);
+				}
 				// When the record is inserted
 			} else {
 				$client['db_servers_ids'] = explode(',', $client['db_servers']);
@@ -185,15 +208,15 @@ function onSubmit() {
 
 				// Check if the user may add another database
 				if($client["limit_database"] >= 0) {
-					$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id");
+					$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = ?", $client_group_id);
 					if($tmp["number"] >= $client["limit_database"]) {
 						$app->error($app->tform->wordbook["limit_database_txt"]);
 					}
 				}
 
-				// Check client quota
-				 if ($client['limit_database_quota'] >= 0) {
-					$tmp = $app->db->queryOneRecord("SELECT sum(database_quota) as db_quota FROM web_database WHERE sys_groupid = $client_group_id");
+				//* Check client quota
+				if ($client['limit_database_quota'] >= 0) {
+					$tmp = $app->db->queryOneRecord("SELECT sum(database_quota) as db_quota FROM web_database WHERE sys_groupid = ?", $client_group_id);
 					$db_quota = $tmp['db_quota'];
 					$new_db_quota = $app->functions->intval($this->dataRecord["database_quota"]);
 					if(($db_quota + $new_db_quota > $client['limit_database_quota']) || ($new_db_quota < 0 && $client['limit_database_quota'] >= 0)) {
@@ -300,7 +323,7 @@ function onBeforeUpdate() {
                 }
 				*/
 
-				if($this->dataRecord['remote_access'] != 'y'){
+				if(isset($this->dataRecord['remote_access']) && $this->dataRecord['remote_access'] != 'y'){
 					$this->dataRecord['remote_ips'] = $server_config['ip_address'];
 					$this->dataRecord['remote_access'] = 'y';
 				} else {
@@ -387,7 +410,7 @@ function onBeforeInsert() {
                 }
 				*/
 
-				if($this->dataRecord['remote_access'] != 'y'){
+				if(isset($this->dataRecord['remote_access']) && $this->dataRecord['remote_access'] != 'y'){
 					$this->dataRecord['remote_ips'] = $server_config['ip_address'];
 					$this->dataRecord['remote_access'] = 'y';
 				} else {

interface/web/sites/database_quota_stats.php

@@ -0,0 +1,79 @@
+<?php
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
+
+/******************************************
+* Begin Form configuration
+******************************************/
+
+$list_def_file = "list/database_quota_stats.list.php";
+
+/******************************************
+* End Form configuration
+******************************************/
+
+//* Check permissions for module
+$app->auth->check_module_permissions('mail');
+
+$app->load('listform_actions','functions');
+
+$tmp_rec =  $app->db->queryOneRecord("SELECT data from monitor_data WHERE type = 'database_size' ORDER BY created DESC");
+$monitor_data = array();
+$tmp_array = unserialize($tmp_rec['data']);
+
+foreach($tmp_array as $database_name => $data) {
+	$db_name = $data['database_name'];
+
+	$temp = $app->db->queryOneRecord("SELECT client.username, web_database.database_quota FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name = ?'", $db_name);
+
+	$monitor_data[$db_name]['database_name'] = $data['database_name'];
+	$monitor_data[$db_name]['client']=$temp['username'];
+	$monitor_data[$db_name]['used'] = $data['size'];
+	$monitor_data[$db_name]['quota']=$temp['database_quota'];
+
+	unset($temp);
+}
+
+class list_action extends listform_actions {
+
+	function prepareDataRow($rec) {
+		global $app, $monitor_data;
+
+		$rec = $app->listform->decode($rec);
+
+		//* Alternating datarow colors
+		$this->DataRowColor = ($this->DataRowColor == '#FFFFFF') ? '#EEEEEE' : '#FFFFFF';
+		$rec['bgcolor'] = $this->DataRowColor;
+
+		$database_name = $rec['database_name'];
+
+		$rec['database'] = isset($monitor_data[$database_name]['database_name']) ? $monitor_data[$database_name]['database_name'] : array(1 => 0);
+		$rec['client'] = isset($monitor_data[$database_name]['client']) ? $monitor_data[$database_name]['client'] : array(1 => 0);
+		$rec['used'] = isset($monitor_data[$database_name]['used']) ? $monitor_data[$database_name]['used'] : array(1 => 0);
+		$rec['quota'] = isset($monitor_data[$database_name]['quota']) ? $monitor_data[$database_name]['quota'] : array(1 => 0);
+
+		if (!is_numeric($rec['used'])) $rec['used']=$rec['used'][1];
+
+		if($rec['quota'] == 0){
+			$rec['quota'] = $app->lng('unlimited');
+			$rec['percentage'] = '';
+		} else {
+			$rec['percentage'] = round(100 * $rec['used'] / ( $rec['quota']*1024*1024) ).'%';
+			$rec['quota'] .= ' MB';
+		}
+
+		if ($rec['used'] > 0) $rec['used'] = $app->functions->formatBytes($rec['used']);
+
+		$rec['id'] = $rec[$this->idx_key];
+		return $rec;
+
+	}
+
+}
+
+$list = new list_action;
+$list->SQLExtWhere = "";
+
+$list->onLoad();
+
+?>

interface/web/sites/lib/lang/en_database_quota_stats_list.lng

@@ -0,0 +1,7 @@
+<?php
+$wb["database_txt"] = 'Database';
+$wb["client_txt"] = 'Client';
+$wb["used_txt"] = 'Used space';
+$wb["quota_txt"] = 'Quota';
+$wb["percentage_txt"] = 'Used in %';
+?>

interface/web/sites/lib/module.conf.php

@@ -184,6 +184,11 @@
 	'link'    => 'sites/user_quota_stats.php',
 	'html_id' => 'user_quota_stats');
 
+$items[] = array(   'title'   => 'Database quota',
+	'target'  => 'content',
+	'link'    => 'sites/database_quota_stats.php',
+	'html_id' => 'databse_quota_stats');
+
 $module['nav'][] = array(   'title' => 'Statistics',
 	'open'  => 1,
 	'items' => $items);

interface/web/sites/list/database_quota_stats.list.php

@@ -0,0 +1,52 @@
+<?php
+
+// Name of the list
+$liste["name"]     = "database_quota_stats";
+
+// Database table
+$liste["table"]    = "web_database";
+
+// Index index field of the database table
+$liste["table_idx"]   = "database_id";
+
+// Search Field Prefix
+$liste["search_prefix"]  = "search_";
+
+// Records per page
+$liste["records_per_page"]  = "15";
+
+// Script File of the list
+$liste["file"]    = "database_quota_stats.php";
+
+// Script file of the edit form
+$liste["edit_file"]   = "database_edit.php";
+
+// Paging Template
+$liste["paging_tpl"]  = "templates/paging.tpl.htm";
+
+// Enable auth
+$liste["auth"]    = "yes";
+
+// mark columns for php sorting (no real mySQL columns)
+$liste["phpsort"] = array('used_sort', 'files');
+
+
+/*****************************************************
+* Suchfelder
+*****************************************************/
+
+//$liste["item"][] = array( 'field'  => "domain",
+$liste["item"][] = array( 'field'  => "database_name",
+	'datatype' => "VARCHAR",
+	'filters'   => array( 0 => array( 'event' => 'SHOW',
+			'type' => 'IDNTOUTF8')
+	),
+	'formtype' => "TEXT",
+	'op'  => "like",
+	'prefix' => "%",
+	'suffix' => "%",
+	'width'  => "",
+	'value'  => ""
+);
+
+?>