Merge branch 'reject_sender_login_mismatch' into mdbox-format

Author: Dominik

helper_scripts/recreate_webalizer_stats.php

@@ -5,8 +5,8 @@
 //######################################################################################################
 
 
-$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
-$records = $app->db->queryAllRecords($sql);
+$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
+$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
 foreach($records as $rec) {
 	$domain = escapeshellcmd($rec["domain"]);
 	$logdir = escapeshellcmd($rec["document_root"].'/log');

install/apps/metronome_libs/mod_auth_external/db_auth.php

@@ -17,7 +17,7 @@
 
     // check for existing user
     $dbmail = $db->real_escape_string($arg_email);
-    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
     result_false($result->num_rows != 1);
 
     $user = $result->fetch_object();

install/apps/metronome_libs/mod_auth_external/db_isuser.php

@@ -15,7 +15,7 @@
 
     // check for existing user
     $dbmail = $db->real_escape_string($arg_email);
-    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
     result_false($result->num_rows != 1);
     result_true();
 

install/dist/lib/debian60.lib.php

@@ -38,7 +38,7 @@ public function configure_dovecot()
 
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
-			$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
 
@@ -154,10 +154,6 @@ public function configure_fail2ban() {
 	*/
 	}
 
-    public function configure_xmpp() {
-        parent::configure_xmpp();
-    }
-
 }
 
 ?>

install/dist/lib/fedora.lib.php

@@ -185,7 +185,7 @@ function configure_postfix($options = '')
 		if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* These postconf commands will be executed on installation and update
-		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
 		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
 		unset($server_ini_rec);
 
@@ -404,7 +404,7 @@ public function configure_dovecot()
 
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
-			$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
 
@@ -713,7 +713,7 @@ public function configure_apache()
 		$tpl = new tpl('apache_ispconfig.conf.master');
 		$tpl->setVar('apache_version',getapacheversion());
 
-		$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
 		$ip_addresses = array();
 
 		if(is_array($records) && count($records) > 0) {
@@ -799,7 +799,7 @@ public function configure_nginx(){
 		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 	}
 
-	public function configure_firewall()
+	public function configure_bastille_firewall()
 	{
 		global $conf;
 
@@ -821,7 +821,7 @@ public function configure_firewall()
 		$tcp_public_services = '';
 		$udp_public_services = '';
 
-		$row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
+		$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
 
 		if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
 			$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
@@ -832,7 +832,7 @@ public function configure_firewall()
 		}
 		if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
 			$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
-			if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
+			if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
 		}
 
 		$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
@@ -1032,13 +1032,11 @@ public function install_ispconfig()
 		$file_server_enabled = ($conf['services']['file'])?1:0;
 		$db_server_enabled = ($conf['services']['db'])?1:0;
 		$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
-		$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+		$sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
 
+		$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
 		if($conf['mysql']['master_slave_setup'] == 'y') {
-			$this->dbmaster->query($sql);
-			$this->db->query($sql);
-		} else {
-			$this->db->query($sql);
+			$this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
 		}
 
 		// chown install dir to root and chmod 755

install/dist/lib/gentoo.lib.php

@@ -258,7 +258,7 @@ public function configure_dovecot()
 
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
-			$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
 
@@ -450,13 +450,13 @@ public function configure_powerdns()
 		global $conf;
 
 		//* Create the database
-		if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+		if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
 			$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
 		}
 
 		//* Create the ISPConfig database user in the local database
-		$query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';
-		if(!$this->db->query($query)) {
+		$query = 'GRANT ALL ON ??.* TO ?@?';
+		if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {
 			$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
 		}
 
@@ -566,25 +566,10 @@ public function configure_apache()
 
 
 		//* Copy the ISPConfig configuration include
-		/*
-		$content = $this->get_template_file('apache_ispconfig.conf', true);
-
-		$records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
-		if(is_array($records) && count($records) > 0)
-		{
-			foreach($records as $rec) {
-				$content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
-				$content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
-			}
-		}
-
-		$this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
-		*/
-		
 		$tpl = new tpl('apache_ispconfig.conf.master');
 		$tpl->setVar('apache_version',getapacheversion());
 
-		$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
 		$ip_addresses = array();
 
 		if(is_array($records) && count($records) > 0) {
@@ -933,13 +918,11 @@ public function install_ispconfig()
 		$db_server_enabled = ($conf['services']['db'])?1:0;
 		$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
 
-		$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+		$sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
 
+		$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
 		if($conf['mysql']['master_slave_setup'] == 'y') {
-			$this->dbmaster->query($sql);
-			$this->db->query($sql);
-		} else {
-			$this->db->query($sql);
+			$this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
 		}
 
 		// chown install dir to root and chmod 755

install/dist/lib/opensuse.lib.php

@@ -215,7 +215,7 @@ function configure_postfix($options = '')
 		if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
 
 		//* These postconf commands will be executed on installation and update
-		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);
+		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);
 		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
 		unset($server_ini_rec);
 
@@ -459,7 +459,7 @@ public function configure_dovecot()
 
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
-			$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
 
@@ -745,7 +745,7 @@ public function configure_apache()
 		$tpl = new tpl('apache_ispconfig.conf.master');
 		$tpl->setVar('apache_version',getapacheversion());
 
-		$records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
 		$ip_addresses = array();
 
 		if(is_array($records) && count($records) > 0) {
@@ -873,7 +873,7 @@ public function configure_nginx(){
 		if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 	}
 
-	public function configure_firewall()
+	public function configure_bastille_firewall()
 	{
 		global $conf;
 
@@ -895,7 +895,7 @@ public function configure_firewall()
 		$tcp_public_services = '';
 		$udp_public_services = '';
 
-		$row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
+		$row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);
 
 		if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
 			$tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));
@@ -907,7 +907,7 @@ public function configure_firewall()
 
 		if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {
 			$tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);
-			if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));
+			if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);
 		}
 
 		$content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);
@@ -1105,13 +1105,11 @@ public function install_ispconfig()
 		$file_server_enabled = ($conf['services']['file'])?1:0;
 		$db_server_enabled = ($conf['services']['db'])?1:0;
 		$vserver_server_enabled = ($conf['services']['vserver'])?1:0;
-		$sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);
+		$sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";
 
+		$this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
 		if($conf['mysql']['master_slave_setup'] == 'y') {
-			$this->dbmaster->query($sql);
-			$this->db->query($sql);
-		} else {
-			$this->db->query($sql);
+			$this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);
 		}
 
 		// chown install dir to root and chmod 755

install/install.php

@@ -449,10 +449,8 @@
 		// initialize the connection to the master database
 		$inst->dbmaster = new db();
 		if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();
-		$inst->dbmaster->dbHost = $conf['mysql']["master_host"];
-		$inst->dbmaster->dbName = $conf['mysql']["master_database"];
-		$inst->dbmaster->dbUser = $conf['mysql']["master_admin_user"];
-		$inst->dbmaster->dbPass = $conf['mysql']["master_admin_password"];
+		$inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"]);
+		$inst->dbmaster->setDBName($conf['mysql']["master_database"]);
 
 	} else {
 		// the master DB is the same then the slave DB
@@ -623,23 +621,17 @@
 
 	//** Configure Firewall
 	if(strtolower($inst->simple_query('Configure Firewall Server', array('y', 'n'), 'y','configure_firewall')) == 'y') {
-		//if($conf['bastille']['installed'] == true) {
-		//* Configure Bastille Firewall
-		$conf['services']['firewall'] = true;
-		swriteln('Configuring Bastille Firewall');
-		$inst->configure_firewall();
-		/*} elseif($conf['ufw']['installed'] == true) {
-			//* Configure Ubuntu Firewall
-			$conf['services']['firewall'] = true;
-			swriteln('Configuring Ubuntu Firewall');
-			$inst->configure_ufw_firewall();
-		} else {
-			//* Configure Bastille Firewall
-			$conf['services']['firewall'] = true;
-			swriteln('Configuring Bastille Firewall');
-			$inst->configure_bastille_firewall();
-		}
-		*/
+	   if($conf['ufw']['installed'] == true) {
+		   //* Configure Ubuntu Firewall
+		   $conf['services']['firewall'] = true;
+		   swriteln('Configuring Ubuntu Firewall');
+		   $inst->configure_ufw_firewall();
+	   } else {
+		   //* Configure Bastille Firewall
+		   $conf['services']['firewall'] = true;
+		   swriteln('Configuring Bastille Firewall');
+		   $inst->configure_bastille_firewall();
+	   }
 	}
 
 	//** Configure Firewall
@@ -713,6 +705,8 @@
 
 } //* << $install_mode / 'Standard' or Genius
 
+$inst->create_mount_script();
+
 //* Create md5 filelist
 $md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5';
 exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename);