You've already forked postfixadmin
mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2025-08-06 06:42:37 +03:00
try migrating to pdo
This commit is contained in:
David Goodwin
@@ -268,11 +268,13 @@ function check_domain($domain) {
|
||||
*/
|
||||
function get_password_expiration_value($domain) {
|
||||
$table_domain = table_by_key('domain');
|
||||
$domain = escape_string($domain);
|
||||
$query = "SELECT password_expiry FROM $table_domain WHERE domain='$domain'";
|
||||
$result = db_query($query);
|
||||
$password_expiration_value = db_assoc($result['result']);
|
||||
return $password_expiration_value['password_expiry'];
|
||||
$query = "SELECT password_expiry FROM $table_domain WHERE domain= :domain";
|
||||
|
||||
$result = db_prepared_fetch_one($query, array('domain' => $domain));
|
||||
if(is_array($result) && isset($result['password_expiry'])) {
|
||||
return $result['password_expiry'];
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -531,12 +533,10 @@ function create_page_browser($idxfield, $querypart) {
|
||||
|
||||
# get number of rows
|
||||
$query = "SELECT count(*) as counter FROM (SELECT $idxfield $querypart) AS tmp";
|
||||
$result = db_query($query);
|
||||
if ($result['rows'] > 0) {
|
||||
$row = db_assoc($result['result']);
|
||||
$count_results = $row['counter'] -1; # we start counting at 0, not 1
|
||||
$result = db_prepared_fetch_one($query);
|
||||
if ($result && isset($result['counter'])) {
|
||||
$count_results = $result['counter'] -1; # we start counting at 0, not 1
|
||||
}
|
||||
# echo "<p>rows: " . ($count_results +1) . " --- $query";
|
||||
|
||||
if ($count_results < $page_size) {
|
||||
return array(); # only one page - no pagebrowser required
|
||||
@@ -583,16 +583,17 @@ function create_page_browser($idxfield, $querypart) {
|
||||
# afterwards: DROP SEQUENCE foo
|
||||
|
||||
$result = db_query($query);
|
||||
if ($result['rows'] > 0) {
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
if ($row2 = db_assoc($result['result'])) {
|
||||
$result = db_prepared_fetch_all($query);
|
||||
foreach($result as $k => $row) {
|
||||
if(isset($result[$k + 1])) {
|
||||
$row2 = $result[$k + 1];
|
||||
$label = substr($row['label'], 0, $label_len) . '-' . substr($row2['label'], 0, $label_len);
|
||||
$pagebrowser[] = $label;
|
||||
} else { # only one row remaining
|
||||
}
|
||||
else {
|
||||
$label = substr($row['label'], 0, $label_len);
|
||||
}
|
||||
$pagebrowser[] = $label;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (db_pgsql()) {
|
||||
@@ -625,15 +626,17 @@ function divide_quota($quota) {
|
||||
*/
|
||||
function check_owner($username, $domain) {
|
||||
$table_domain_admins = table_by_key('domain_admins');
|
||||
$E_username = escape_string($username);
|
||||
$E_domain = escape_string($domain);
|
||||
$result = db_query("SELECT 1 FROM $table_domain_admins WHERE username='$E_username' AND (domain='$E_domain' OR domain='ALL') AND active='1'");
|
||||
|
||||
if ($result['rows'] == 1 || $result['rows'] == 2) { # "ALL" + specific domain permissions is possible
|
||||
$result = db_prepared_fetch_all(
|
||||
"SELECT 1 FROM $table_domain_admins WHERE username= ? AND (domain = ? OR domain = 'ALL') AND active = ?" ,
|
||||
array($username, $domain, db_get_boolean(true))
|
||||
);
|
||||
|
||||
if(sizeof($result) == 1 || sizeof($result) == 2) { # "ALL" + specific domain permissions is possible
|
||||
# TODO: if superadmin, check if given domain exists in the database
|
||||
return true;
|
||||
} else {
|
||||
if ($result['rows'] > 2) { # more than 2 results means something really strange happened...
|
||||
if (sizeof($result) > 2) { # more than 2 results means something really strange happened...
|
||||
flash_error("Permission check returned multiple results. Please go to 'edit admin' for your username and press the save "
|
||||
. "button once to fix the database. If this doesn't help, open a bugreport.");
|
||||
}
|
||||
@@ -649,6 +652,7 @@ function check_owner($username, $domain) {
|
||||
* @return array of domain names.
|
||||
*/
|
||||
function list_domains_for_admin($username) {
|
||||
|
||||
$table_domain = table_by_key('domain');
|
||||
$table_domain_admins = table_by_key('domain_admins');
|
||||
|
||||
@@ -659,30 +663,40 @@ function list_domains_for_admin($username) {
|
||||
$query = "SELECT $table_domain.domain FROM $table_domain ";
|
||||
$condition[] = "$table_domain.domain != 'ALL'";
|
||||
|
||||
$result = db_query("SELECT username FROM $table_domain_admins WHERE username='$E_username' AND domain='ALL'");
|
||||
if ($result['rows'] < 1) { # not a superadmin
|
||||
$pvalues = array();
|
||||
|
||||
$result = db_prepared_fetch_one("SELECT username FROM $table_domain_admins WHERE username= :username AND domain='ALL'", array('username' => $username));
|
||||
if (empty($result)) { # not a superadmin
|
||||
$pvalues['username'] = $username;
|
||||
$pvalues['active'] = db_get_boolean(true);
|
||||
$pvalues['backupmx'] = db_get_boolean(false);
|
||||
|
||||
$query .= " LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain ";
|
||||
$condition[] = "$table_domain_admins.username='$E_username' ";
|
||||
$condition[] = "$table_domain.active='" . db_get_boolean(true) . "'"; # TODO: does it really make sense to exclude inactive...
|
||||
$condition[] = "$table_domain.backupmx='" . db_get_boolean(false) . "'"; # TODO: ... and backupmx domains for non-superadmins?
|
||||
$condition[] = "$table_domain_admins.username = :username ";
|
||||
$condition[] = "$table_domain.active = :active "; # TODO: does it really make sense to exclude inactive...
|
||||
$condition[] = "$table_domain.backupmx = :backupmx" ; # TODO: ... and backupmx domains for non-superadmins?
|
||||
}
|
||||
|
||||
$query .= " WHERE " . join(' AND ', $condition);
|
||||
$query .= " ORDER BY $table_domain.domain";
|
||||
|
||||
$list = array();
|
||||
$result = db_query($query);
|
||||
if ($result['rows'] > 0) {
|
||||
$i = 0;
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
$list[$i] = $row['domain'];
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
return $list;
|
||||
$result = db_prepared_fetch_all($query, $pvalues);
|
||||
|
||||
return array_column($result, 'domain');
|
||||
|
||||
}
|
||||
|
||||
|
||||
if(!function_exists('array_column')) {
|
||||
function array_column(array $array, $column) {
|
||||
$retval = array();
|
||||
foreach($array as $row) {
|
||||
$retval[] = $row[$column];
|
||||
}
|
||||
return $retval;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* List all available domains.
|
||||
*
|
||||
@@ -692,16 +706,12 @@ function list_domains() {
|
||||
$list = array();
|
||||
|
||||
$table_domain = table_by_key('domain');
|
||||
$result = db_query("SELECT domain FROM $table_domain WHERE domain!='ALL' ORDER BY domain");
|
||||
if ($result['rows'] > 0) {
|
||||
$result = db_prepared_fetch_all("SELECT domain FROM $table_domain WHERE domain!='ALL' ORDER BY domain");
|
||||
$i = 0;
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
if (is_array($row)) {
|
||||
foreach($result as $row) {
|
||||
$list[$i] = $row['domain'];
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $list;
|
||||
}
|
||||
|
||||
@@ -929,14 +939,13 @@ function _pacrypt_mysql_encrypt($pw, $pw_db) {
|
||||
// this is apparently useful for pam_mysql etc.
|
||||
$pw = escape_string($pw);
|
||||
if ($pw_db!="") {
|
||||
$salt=escape_string(substr($pw_db, 0, 2));
|
||||
$res=db_query("SELECT ENCRYPT('".$pw."','".$salt."');");
|
||||
$values = array('pw' => $pw_db, 'salt' => substr($pw_db, 0, 2));
|
||||
$res = db_prepared_fetch_one("SELECT ENCRYPT(:pw,:salt) as result", $values);
|
||||
} else {
|
||||
$res=db_query("SELECT ENCRYPT('".$pw."');");
|
||||
$res= db_prepared_fetch_one("SELECT ENCRYPT(:pw) as result", array('pw' => $pw));
|
||||
}
|
||||
$l = db_row($res["result"]);
|
||||
$password = $l[0];
|
||||
return $password;
|
||||
|
||||
return $res['result'];
|
||||
}
|
||||
|
||||
function _pacrypt_authlib($pw, $pw_db) {
|
||||
@@ -1460,7 +1469,7 @@ EOF;
|
||||
* array($link, $error_text);
|
||||
*
|
||||
* @param bool $ignore_errors
|
||||
* @return resource|mysqli|SQLite3 connection to db
|
||||
* @return PDO
|
||||
*/
|
||||
function db_connect() {
|
||||
list($link, $_) = db_connect_with_errors();
|
||||
@@ -1485,70 +1494,42 @@ function db_connect_with_errors() {
|
||||
}
|
||||
$link = 0;
|
||||
|
||||
if ($CONF['database_type'] == "mysql") {
|
||||
if (function_exists("mysql_connect")) {
|
||||
$link = @mysql_connect($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or $error_text .= ("<p />DEBUG INFORMATION:<br />Connect: " . mysql_error() . "$DEBUG_TEXT");
|
||||
if ($link) {
|
||||
@mysql_query("SET CHARACTER SET utf8", $link);
|
||||
@mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'", $link);
|
||||
@mysql_select_db($CONF['database_name'], $link) or $error_text .= ("<p />DEBUG INFORMATION:<br />MySQL Select Database: " . mysql_error() . "$DEBUG_TEXT");
|
||||
$options = [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
];
|
||||
$username_password = true;
|
||||
|
||||
if (db_mysql()) {
|
||||
$dsn = "mysql:host={$CONF['database_host']};dbname={$CONF['database_name']};charset=UTF8";
|
||||
if (Config::bool('database_use_ssl')) {
|
||||
$options[PDO::MYSQL_ATTR_SSL_CA] = Config::read_string('database_ssl_ca');
|
||||
$options[PDO::MYSQL_ATTR_SSL_CAPATH] = Config::read_string('database_ssl_ca_path');
|
||||
$options[PDO::MYSQL_ATTR_SSL_CERT] = Config::read_string('database_ssl_cert');
|
||||
$options[PDO::MYSQL_ATTR_SSL_CIPHER] = Config::read_string('database_ssl_cipher');
|
||||
}
|
||||
} else {
|
||||
$error_text .= "<p>DEBUG INFORMATION:<br />MySQL 3.x / 4.0 functions not available! (php5-mysql installed?)<br />database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT";
|
||||
}
|
||||
} elseif ($CONF['database_type'] == "mysqli") {
|
||||
$is_connected = false;
|
||||
if ($CONF['database_use_ssl']) {
|
||||
if (function_exists("mysqli_real_connect")) {
|
||||
$link = mysqli_init();
|
||||
$link->ssl_set($CONF['database_ssl_key'], $CONF['database_ssl_cert'], $CONF['database_ssl_ca'], $CONF['database_ssl_ca_path'], $CONF['database_ssl_cipher']);
|
||||
$connected = mysqli_real_connect($link, $CONF['database_host'], $CONF['database_user'], $CONF['database_password'], $CONF['database_name'], $CONF['database_port']);
|
||||
$is_connected = $connected;
|
||||
} else {
|
||||
$error_text .= "<p>DEBUG INFORMATION:<br />MySQLi 5 functions not available! (php5-mysqli installed?)<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT";
|
||||
}
|
||||
} else {
|
||||
if (function_exists("mysqli_connect")) {
|
||||
$link = @mysqli_connect($CONF['database_host'], $CONF['database_user'], $CONF['database_password'], $CONF['database_name'], $CONF['database_port'], $CONF['database_socket']) or $error_text .= ("<p />DEBUG INFORMATION:<br />Connect: " . mysqli_connect_error() . "$DEBUG_TEXT");
|
||||
$is_connected = $link;
|
||||
} else {
|
||||
$error_text .= "<p>DEBUG INFORMATION:<br />MySQL 4.1 functions not available! (php5-mysqli installed?)<br />database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT";
|
||||
}
|
||||
}
|
||||
if ($is_connected && $link instanceof mysqli) {
|
||||
@mysqli_query($link, "SET CHARACTER SET utf8");
|
||||
@mysqli_query($link, "SET COLLATION_CONNECTION='utf8_general_ci'");
|
||||
}
|
||||
} elseif (db_sqlite()) {
|
||||
if (class_exists("SQLite3")) {
|
||||
if ($CONF['database_name'] == '' || !is_dir(dirname($CONF['database_name'])) || !is_writable(dirname($CONF['database_name']))) {
|
||||
$error_text .= ("<p>DEBUG INFORMATION<br />Connect: given database path does not exist, is not writable, or \$CONF['database_name'] is empty.");
|
||||
} else {
|
||||
$link = new SQLite3($CONF['database_name']) or $error_text .= ("<p />DEBUG INFORMATION<br />Connect: failed to connect to database. $DEBUG_TEXT");
|
||||
if ($link instanceof SQLite3) {
|
||||
$link->createFunction('base64_decode', 'base64_decode');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$error_text .= "<p>DEBUG INFORMATION:<br />SQLite functions not available! (php5-sqlite installed?)<br />database_type = 'sqlite' in config.inc.php, are you using a different database? $DEBUG_TEXT";
|
||||
$queries[] = 'SET CHARACTER SET utf8';
|
||||
$queries[] = "SET COLLATION_CONNECTION='utf8_general_ci'";
|
||||
}
|
||||
elseif (db_sqlite()) {
|
||||
$dsn = "sqlite:{$CONF['database_name']}";
|
||||
$username_password = false;
|
||||
} elseif (db_pgsql()) {
|
||||
if (function_exists("pg_pconnect")) {
|
||||
if (!isset($CONF['database_port'])) {
|
||||
$CONF['database_port'] = '5432';
|
||||
}
|
||||
$connect_string = "host=" . $CONF['database_host'] . " port=" . $CONF['database_port'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password'];
|
||||
$link = @pg_pconnect($connect_string) or $error_text .= ("<p>DEBUG INFORMATION:<br />Connect: failed to connect to database. $DEBUG_TEXT");
|
||||
if ($link) {
|
||||
pg_set_client_encoding($link, 'UNICODE');
|
||||
}
|
||||
} else {
|
||||
$error_text .= "<p>DEBUG INFORMATION:<br />PostgreSQL functions not available! (php5-pgsql installed?)<br />database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT";
|
||||
}
|
||||
$dsn = "pgsql:host={$CONF['database_host']};port={$CONF['database_port']};dbname={$CONF['database_name']};charset=UTF8";
|
||||
} else {
|
||||
$error_text = "<p>DEBUG INFORMATION:<br />Invalid \$CONF['database_type']! Please fix your config.inc.php! $DEBUG_TEXT";
|
||||
}
|
||||
|
||||
if($username_password) {
|
||||
$link = new PDO($dsn, Config::read_string('database_user'), Config::read_string('database_pass'), $options);
|
||||
}
|
||||
else {
|
||||
$link = new PDO($dsn, null, null, $options);
|
||||
}
|
||||
|
||||
|
||||
return array($link, $error_text);
|
||||
}
|
||||
|
||||
@@ -1649,148 +1630,98 @@ function db_sqlite() {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sql
|
||||
* @param array $values
|
||||
* @return array
|
||||
*/
|
||||
function db_prepared_fetch_all($sql, array $values = array()) {
|
||||
$r = db_prepared_query($sql, $values);
|
||||
return $r['result']->fetchAll(PDO::FETCH_ASSOC);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sql
|
||||
* @param array $values
|
||||
* @return array
|
||||
*/
|
||||
function db_prepared_fetch_one($sql, array $values = array()) {
|
||||
$r = db_prepared_query($sql, $values);
|
||||
return $r['result']->fetch(PDO::FETCH_ASSOC);
|
||||
}
|
||||
|
||||
|
||||
function db_prepared_insert($sql, array $values = array()) {
|
||||
$link = db_connect();
|
||||
$error_text = '';
|
||||
|
||||
try {
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->execute($values);
|
||||
}
|
||||
catch(PDOException $e) {
|
||||
$error_text = "Invalid query: " . $e->getMessage() . " caused by " . $sql ;
|
||||
error_log($error_text);
|
||||
}
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sql
|
||||
* @param array $values
|
||||
* @param bool $ignore_errors - set to true to ignore errors.
|
||||
* @return array e.g. ['result' => PDOStatement, 'error' => string ]
|
||||
*/
|
||||
function db_prepared_query($sql, array $values = array(), $ignore_errors = false) {
|
||||
|
||||
$link = db_connect();
|
||||
$error_text = '';
|
||||
|
||||
try {
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->execute($values);
|
||||
}
|
||||
catch(PDOException $e) {
|
||||
$error_text = "Invalid query: " . $e->getMessage() . " caused by " . $sql ;
|
||||
error_log($error_text);
|
||||
if(!$ignore_errors) {
|
||||
die("DEBUG INFORMATION: " . $e->getMessage() . "<br/> Check your error_log for the failed query");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return array(
|
||||
"result" => $stmt,
|
||||
"error" => $error_text,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $query SQL to execute
|
||||
* @param int $ignore_errors (default 0 aka do not ignore errors)
|
||||
* @return array ['result' => resource, 'rows' => int ,'error' => string]
|
||||
*/
|
||||
function db_query($query, $ignore_errors = 0) {
|
||||
global $CONF;
|
||||
global $DEBUG_TEXT;
|
||||
$result = "";
|
||||
$number_rows = "";
|
||||
$link = db_connect();
|
||||
$error_text = "";
|
||||
if ($ignore_errors) {
|
||||
$DEBUG_TEXT = "";
|
||||
}
|
||||
|
||||
if ($CONF['database_type'] == "mysql" && is_resource($link)) {
|
||||
$result = @mysql_query($query, $link) or $error_text = "Invalid query: " . mysql_error($link);
|
||||
}
|
||||
if ($CONF['database_type'] == "mysqli" && $link instanceof mysqli) {
|
||||
$result = @mysqli_query($link, $query) or $error_text = "Invalid query: " . mysqli_error($link);
|
||||
}
|
||||
if (db_sqlite() && $link instanceof SQLite3) {
|
||||
$result = @$link->query($query) or $error_text = "Invalid query: " . $link->lastErrorMsg();
|
||||
}
|
||||
if (db_pgsql() && is_resource($link)) {
|
||||
/* @var resource $link */
|
||||
$result = @pg_query($link, $query) or $error_text = "Invalid query: " . pg_last_error();
|
||||
}
|
||||
if ($error_text != "" && $ignore_errors == 0) {
|
||||
error_log($error_text);
|
||||
error_log("caused by query: $query");
|
||||
die("<p>DEBUG INFORMATION:<br />$error_text <p>Check your error_log for the failed query. $DEBUG_TEXT");
|
||||
}
|
||||
|
||||
if ($error_text == "") {
|
||||
if (db_sqlite() && $result instanceof SQLite3Result && $link instanceof SQLite3) {
|
||||
/* @var SQLite3Result $result */
|
||||
/* @var SQLite3 $link */
|
||||
if ($result->numColumns()) {
|
||||
// Query returned something
|
||||
$num_rows = 0;
|
||||
while (@$result->fetchArray(SQLITE3_ASSOC)) {
|
||||
$num_rows++;
|
||||
}
|
||||
$result->reset();
|
||||
$number_rows = $num_rows;
|
||||
} else {
|
||||
// Query was UPDATE, DELETE or INSERT
|
||||
$number_rows = $link->changes();
|
||||
}
|
||||
} elseif (preg_match("/^SELECT/i", trim($query))) {
|
||||
/* @var resource $result */
|
||||
// if $query was a SELECT statement check the number of rows with [database_type]_num_rows ().
|
||||
if ($CONF['database_type'] == "mysql" && is_resource($result)) {
|
||||
$number_rows = mysql_num_rows($result);
|
||||
}
|
||||
if ($CONF['database_type'] == "mysqli" && $result instanceof mysqli_result) {
|
||||
$number_rows = mysqli_num_rows($result);
|
||||
}
|
||||
if (db_pgsql() && is_resource($result)) {
|
||||
$number_rows = pg_num_rows($result);
|
||||
}
|
||||
} else {
|
||||
/* @var resource $result */
|
||||
// if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
|
||||
// [database_type]_affected_rows ().
|
||||
if ($CONF['database_type'] == "mysql" && is_resource($link)) {
|
||||
$number_rows = mysql_affected_rows($link);
|
||||
}
|
||||
if ($CONF['database_type'] == "mysqli" && $link instanceof mysqli) {
|
||||
$number_rows = mysqli_affected_rows($link);
|
||||
}
|
||||
if (db_pgsql() && is_resource($result)) {
|
||||
$number_rows = pg_affected_rows($result);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$return = array(
|
||||
"result" => $result,
|
||||
"rows" => $number_rows,
|
||||
"error" => $error_text
|
||||
);
|
||||
return $return;
|
||||
function db_query($query, $ignore_errors = 0)
|
||||
{
|
||||
return db_prepared_query($query, array(), $ignore_errors == 0);
|
||||
}
|
||||
|
||||
|
||||
|
||||
// db_row
|
||||
// Action: Returns a row from a table
|
||||
// Call: db_row (int result)
|
||||
|
||||
/**
|
||||
* Returns numerically indexed array.
|
||||
*
|
||||
* @param resource|mysqli_result|SQLite3Result $result
|
||||
* @return array
|
||||
*/
|
||||
function db_row($result) {
|
||||
global $CONF;
|
||||
$row = "";
|
||||
if ($CONF['database_type'] == "mysql" && is_resource($result)) {
|
||||
$row = mysql_fetch_row($result);
|
||||
}
|
||||
if ($CONF['database_type'] == "mysqli" && $result instanceof mysqli_result) {
|
||||
$row = mysqli_fetch_row($result);
|
||||
}
|
||||
if (db_sqlite() && $result instanceof SQLite3Result) {
|
||||
$row = $result->fetchArray(SQLITE3_NUM);
|
||||
}
|
||||
if (db_pgsql() && is_resource($result)) {
|
||||
$row = pg_fetch_row($result);
|
||||
}
|
||||
if (!is_array($row)) {
|
||||
return array();
|
||||
}
|
||||
return $row;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get an associative array from a DB query resource.
|
||||
*
|
||||
* @param mixed $result - either resource or SQLite3Result depending on DB type chosen.
|
||||
* @param PDOStatement $result
|
||||
* @return array
|
||||
*/
|
||||
function db_assoc($result) {
|
||||
global $CONF;
|
||||
$row = [];
|
||||
if ($CONF['database_type'] == "mysql" && is_resource($result)) {
|
||||
$row = mysql_fetch_assoc($result);
|
||||
}
|
||||
if ($CONF['database_type'] == "mysqli" && $result instanceof mysqli_result) {
|
||||
$row = mysqli_fetch_assoc($result);
|
||||
}
|
||||
if (db_sqlite() && $result instanceof SQLite3Result) {
|
||||
$row = $result->fetchArray(SQLITE3_ASSOC);
|
||||
}
|
||||
if (db_pgsql() && is_resource($result)) {
|
||||
$row = pg_fetch_assoc($result);
|
||||
}
|
||||
function db_assoc(PDOStatement $result) {
|
||||
|
||||
$row = $result->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (!is_array($row)) {
|
||||
$row = [];
|
||||
}
|
||||
@@ -1812,17 +1743,14 @@ function db_assoc($result) {
|
||||
function db_delete($table, $where, $delete, $additionalwhere='') {
|
||||
$table = table_by_key($table);
|
||||
|
||||
$query = "DELETE FROM $table WHERE $where ='" . escape_string($delete) . "' " . $additionalwhere;
|
||||
$result = db_query($query);
|
||||
$query = "DELETE FROM $table WHERE $where = ? $additionalwhere";
|
||||
|
||||
return db_prepared_insert($query, [$delete]);
|
||||
|
||||
if ($result['rows'] >= 1) {
|
||||
return $result['rows'];
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* db_insert
|
||||
* Action: Inserts a row from a specified table
|
||||
@@ -1836,10 +1764,6 @@ function db_delete($table, $where, $delete, $additionalwhere='') {
|
||||
function db_insert($table, array $values, $timestamp = array('created', 'modified')) {
|
||||
$table = table_by_key($table);
|
||||
|
||||
foreach (array_keys($values) as $key) {
|
||||
$values[$key] = "'" . escape_string($values[$key]) . "'";
|
||||
}
|
||||
|
||||
foreach ($timestamp as $key) {
|
||||
if (db_sqlite()) {
|
||||
$values[$key] = "datetime('now')";
|
||||
@@ -1866,9 +1790,27 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
|
||||
}
|
||||
}
|
||||
|
||||
$sql_values = "(" . implode(",", array_keys($values)) .") VALUES (". implode(",", $values).")";
|
||||
$result = db_query("INSERT INTO $table $sql_values");
|
||||
return $result['rows'];
|
||||
|
||||
$value_string = '';
|
||||
$comma = '';
|
||||
$prepared_statment_values = $values;
|
||||
|
||||
foreach($values as $field => $value) {
|
||||
if(in_array($field, $timestamp)) {
|
||||
$value_string .= $comma . $value; // see above.
|
||||
unset($prepared_statment_values[$field]);
|
||||
}
|
||||
else {
|
||||
$value_string .= $comma . ":{$field}";
|
||||
}
|
||||
$comma = ',';
|
||||
}
|
||||
|
||||
|
||||
return db_prepared_insert(
|
||||
"INSERT INTO $table (" . implode(",", array_keys($values)) .") VALUES ($value_string)",
|
||||
$prepared_statment_values);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -1884,57 +1826,48 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
|
||||
* @return int - number of updated rows
|
||||
*/
|
||||
function db_update($table, $where_col, $where_value, $values, $timestamp = array('modified')) {
|
||||
$where = $where_col . " = '" . escape_string($where_value) . "'";
|
||||
return db_update_q($table, $where, $values, $timestamp);
|
||||
}
|
||||
|
||||
/**
|
||||
* db_update_q
|
||||
* Action: Updates a specified table
|
||||
* Call: db_update_q (string table, string where, array values [, array timestamp])
|
||||
* @param string $table - table name
|
||||
* @param string $where - WHERE condition (as SQL)
|
||||
* @param array $values - key/value map of data to insert into the table.
|
||||
* @param array $timestamp (optional) - array of fields to set to now() - default: array('modified')
|
||||
* @return int - number of updated rows
|
||||
*/
|
||||
function db_update_q($table, $where, $values, $timestamp = array('modified')) {
|
||||
global $CONF;
|
||||
|
||||
$table_key = table_by_key($table);
|
||||
$sql_values = array();
|
||||
|
||||
$sql = "UPDATE $table_key SET ";
|
||||
|
||||
$set = array();
|
||||
foreach ($values as $key => $value) {
|
||||
$sql_values[$key] = $key . "='" . escape_string($value) . "'";
|
||||
if(in_array($key, $timestamp)) {
|
||||
if(db_sqlite()) {
|
||||
$set[] = " $key = datetime('now') ";
|
||||
}
|
||||
else {
|
||||
$set[] = " $key = now() ";
|
||||
}
|
||||
}
|
||||
else {
|
||||
$set[] = " $key = :$key ";
|
||||
$pvalues[$key] = $value;
|
||||
}
|
||||
|
||||
foreach ($timestamp as $key) {
|
||||
if (db_sqlite()) {
|
||||
$sql_values[$key] = escape_string($key) . "=datetime('now')";
|
||||
} else {
|
||||
$sql_values[$key] = escape_string($key) . "=now()";
|
||||
}
|
||||
}
|
||||
|
||||
/* @todo this needs refactoring/moving out from here */
|
||||
if (Config::bool('password_expiration')) {
|
||||
if ($table == 'mailbox' && preg_match('/@/', $where)) {
|
||||
$where_type = explode('=', $where);
|
||||
$email = ($where_type[1]);
|
||||
if ($table == 'mailbox' && preg_match('/@/', $where_value)) {
|
||||
$email = $where_value;
|
||||
$domain_dirty = explode('@',$email)[1];
|
||||
$domain = substr($domain_dirty, 0, -1);
|
||||
$password_expiration_value = get_password_expiration_value($domain);
|
||||
$key = 'password_expiry';
|
||||
$sql_values[$key] = $key . " = now() + interval " . $password_expiration_value . " day";
|
||||
$set[] = " $key = now() + interval {$password_expiration_value} day";
|
||||
}
|
||||
}
|
||||
|
||||
$sql="UPDATE $table_key SET " . implode(",", $sql_values) . " WHERE $where";
|
||||
$result = db_query($sql);
|
||||
if (array_key_exists('rows', $result)) {
|
||||
return $result['rows'];
|
||||
}
|
||||
return 0;
|
||||
$pvalues['where'] = $where_value;
|
||||
|
||||
|
||||
$sql="UPDATE $table_key SET " . implode(",", $set) . " WHERE $where_col = :where";
|
||||
|
||||
return db_prepared_insert($sql, $pvalues);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -2105,16 +2038,12 @@ function check_db_version($error_out = true) {
|
||||
$table = table_by_key('config');
|
||||
|
||||
$sql = "SELECT value FROM $table WHERE name = 'version'";
|
||||
$r = db_query($sql);
|
||||
$row = db_prepared_fetch_one($sql);
|
||||
|
||||
$dbversion = 0;
|
||||
|
||||
if ($r['rows'] == 1) {
|
||||
$row = db_assoc($r['result']);
|
||||
if (isset($row['value'])) {
|
||||
$dbversion = (int) $row['value'];
|
||||
}
|
||||
} else {
|
||||
else {
|
||||
db_query("INSERT INTO $table (name, value) VALUES ('version', '0')", 0);
|
||||
}
|
||||
|
||||
@@ -2141,13 +2070,11 @@ function gen_show_status($show_alias) {
|
||||
$table_alias = table_by_key('alias');
|
||||
$stat_string = "";
|
||||
|
||||
$show_alias = escape_string($show_alias);
|
||||
|
||||
$stat_goto = "";
|
||||
$stat_result = db_query("SELECT goto FROM $table_alias WHERE address='$show_alias'");
|
||||
if ($stat_result['rows'] > 0) {
|
||||
$row = db_row($stat_result['result']);
|
||||
$stat_goto = $row[0];
|
||||
$stat_result = db_prepared_fetch_all("SELECT goto FROM $table_alias WHERE address=?", [$show_alias]);
|
||||
|
||||
if (sizeof($stat_result) > 0) {
|
||||
$stat_goto = $stat_result[0]['goto'];
|
||||
}
|
||||
|
||||
$delimiter_regex = null;
|
||||
@@ -2175,11 +2102,21 @@ function gen_show_status($show_alias) {
|
||||
|
||||
list($local_part, $stat_domain) = explode('@', $g);
|
||||
|
||||
$v = array();
|
||||
|
||||
$stat_delimiter = "";
|
||||
|
||||
$sql = "SELECT address FROM $table_alias WHERE address = ? OR address = ?";
|
||||
$v[] = $g;
|
||||
$v[] = '@' . $stat_domain;
|
||||
|
||||
if (!empty($CONF['recipient_delimiter']) && isset($delimiter_regex)) {
|
||||
$stat_delimiter = "OR address = '" . escape_string(preg_replace($delimiter_regex, "@", $g)) . "'";
|
||||
$v[] = preg_replace($delimiter_regex, "@", $g);
|
||||
$sql .= " OR address = ? ";
|
||||
}
|
||||
$stat_result = db_query("SELECT address FROM $table_alias WHERE address = '" . escape_string($g) . "' OR address = '@" . escape_string($stat_domain) . "' $stat_delimiter");
|
||||
|
||||
$stat_result = db_prepared_query($sql, $v);
|
||||
|
||||
if (array_key_exists('rows', $stat_result) && $stat_result['rows'] == 0) {
|
||||
$stat_ok = 0;
|
||||
}
|
||||
@@ -2198,7 +2135,7 @@ function gen_show_status($show_alias) {
|
||||
|
||||
// Vacation CHECK
|
||||
if ( $CONF['show_vacation'] == 'YES' ) {
|
||||
$stat_result = db_query("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = '" . $show_alias . "' AND active = '" . db_get_boolean(true) . "'") ;
|
||||
$stat_result = db_prepared_query("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = ? AND active = ? ", array($show_alias, db_get_boolean(true) )) ;
|
||||
if ($stat_result['rows'] == 1) {
|
||||
$stat_string .= "<span style='background-color:" . $CONF['show_vacation_color'] . "'>" . $CONF['show_status_text'] . "</span> ";
|
||||
} else {
|
||||
@@ -2208,7 +2145,10 @@ function gen_show_status($show_alias) {
|
||||
|
||||
// Disabled CHECK
|
||||
if ( $CONF['show_disabled'] == 'YES' ) {
|
||||
$stat_result = db_query("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = '" . $show_alias . "' AND active = '" . db_get_boolean(false) . "'");
|
||||
$stat_result = db_prepared_query(
|
||||
"SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND active = ?",
|
||||
array($show_alias, db_get_boolean(false))
|
||||
);
|
||||
if ($stat_result['rows'] == 1) {
|
||||
$stat_string .= "<span style='background-color:" . $CONF['show_disabled_color'] . "'>" . $CONF['show_status_text'] . "</span> ";
|
||||
} else {
|
||||
@@ -2223,7 +2163,7 @@ function gen_show_status($show_alias) {
|
||||
$now = "datetime('now')";
|
||||
}
|
||||
|
||||
$stat_result = db_query("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = '" . $show_alias . "' AND password_expiry <= $now AND active = '" . db_get_boolean(true) . "'");
|
||||
$stat_result = db_prepared_query("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND password_expiry <= ? AND active = ?", array( $show_alias , $now , db_get_boolean(true) ));
|
||||
|
||||
if ($stat_result['rows'] == 1) {
|
||||
$stat_string .= "<span style='background-color:" . $CONF['show_expired_color'] . "'>" . $CONF['show_status_text'] . "</span> ";
|
||||
|
||||
@@ -479,11 +479,11 @@ class MailboxHandler extends PFAHandler {
|
||||
return false;
|
||||
} else {
|
||||
$table_mailbox = table_by_key('mailbox');
|
||||
$query = "SELECT SUM(quota) FROM $table_mailbox WHERE domain = '" . escape_string($domain) . "'";
|
||||
$query .= " AND username != '" . escape_string($this->id) . "'";
|
||||
$result = db_query($query);
|
||||
$row = db_row($result['result']);
|
||||
$cur_quota_total = divide_quota($row[0]); # convert to MB
|
||||
$query = "SELECT SUM(quota) as sum FROM $table_mailbox WHERE domain = ? AND username != ?";
|
||||
|
||||
$rows = db_prepared_fetch_all($query, array($domain, $this->id));
|
||||
|
||||
$cur_quota_total = divide_quota($rows[0]['sum']); # convert to MB
|
||||
if (($quota + $cur_quota_total) > $limit['quota']) {
|
||||
$rval = false;
|
||||
} else {
|
||||
|
||||
@@ -725,16 +725,12 @@ abstract class PFAHandler {
|
||||
$query .= " LIMIT $limit OFFSET $offset ";
|
||||
}
|
||||
|
||||
$result = db_query($query);
|
||||
|
||||
$db_result = array();
|
||||
if ($result['rows'] != 0) {
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
if (is_array($row)) {
|
||||
|
||||
$result = db_prepared_fetch_all($query);
|
||||
foreach($result as $row) {
|
||||
$db_result[$row[$this->id_field]] = $row;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$db_result = $this->read_from_db_postprocess($db_result);
|
||||
return $db_result;
|
||||
@@ -818,18 +814,17 @@ abstract class PFAHandler {
|
||||
* @return boolean true on successful login (i.e. password matches etc)
|
||||
*/
|
||||
public function login($username, $password) {
|
||||
$username = escape_string($username);
|
||||
|
||||
$table = table_by_key($this->db_table);
|
||||
$active = db_get_boolean(true);
|
||||
$query = "SELECT password FROM $table WHERE " . $this->id_field . "='$username' AND active='$active'";
|
||||
$query = "SELECT password FROM $table WHERE {$this->id_field} = :username AND active = :active";
|
||||
|
||||
$values = array('username' => $username, 'active' => $active);
|
||||
|
||||
$result = db_prepared_fetch_all($query,$values);
|
||||
if (sizeof($result) == 1) {
|
||||
$row = $result[0];
|
||||
|
||||
$result = db_query($query);
|
||||
if ($result['rows'] == 1) {
|
||||
$row = db_assoc($result['result']);
|
||||
if (!is_array($row)) {
|
||||
return false;
|
||||
}
|
||||
$crypt_password = pacrypt($password, $row['password']);
|
||||
|
||||
if ($row['password'] == $crypt_password) {
|
||||
@@ -866,19 +861,17 @@ abstract class PFAHandler {
|
||||
* @return boolean true on success (i.e. code matches etc)
|
||||
*/
|
||||
public function checkPasswordRecoveryCode($username, $token) {
|
||||
$username = escape_string($username);
|
||||
|
||||
$table = table_by_key($this->db_table);
|
||||
$active = db_get_boolean(true);
|
||||
$query = "SELECT token FROM $table WHERE " . $this->id_field . "='$username' AND token <> '' AND active='$active' AND NOW() < token_validity";
|
||||
|
||||
$result = db_query($query);
|
||||
if ($result['rows'] == 1) {
|
||||
$row = db_assoc($result['result']);
|
||||
$query = "SELECT token FROM $table WHERE {$this->id_field} = :username AND token <> '' AND active = :active AND NOW() < token_validity";
|
||||
$values = array('username' => $username, 'active' => $active);
|
||||
|
||||
$result = db_prepared_fetch_all($query, $values);
|
||||
if(sizeof($result) == 1) {
|
||||
$row = $result[0];
|
||||
|
||||
if (!is_array($row)) {
|
||||
return false;
|
||||
}
|
||||
$crypt_token = pacrypt($token, $row['token']);
|
||||
|
||||
if ($row['token'] == $crypt_token) {
|
||||
|
||||
@@ -186,16 +186,16 @@ class VacationHandler extends PFAHandler {
|
||||
* will return false if no existing data
|
||||
*/
|
||||
public function get_details() {
|
||||
$table_vacation = table_by_key('vacation');
|
||||
$E_username = escape_string($this->username);
|
||||
|
||||
$sql = "SELECT * FROM $table_vacation WHERE email = '$E_username'";
|
||||
$result = db_query($sql);
|
||||
if ($result['rows'] != 1) {
|
||||
$table_vacation = table_by_key('vacation');
|
||||
|
||||
$sql = "SELECT * FROM $table_vacation WHERE email = :username";
|
||||
$result = db_prepared_fetch_all($sql, array('username' => $this->username));
|
||||
if(sizeof($result) != 1) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$row = db_assoc($result['result']);
|
||||
$row = $result[0];
|
||||
|
||||
if (!is_array($row)) {
|
||||
return false;
|
||||
|
||||
@@ -65,8 +65,11 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
|
||||
umask(077);
|
||||
$path = (ini_get('upload_tmp_dir') != '') ? ini_get('upload_tmp_dir') : '/tmp';
|
||||
date_default_timezone_set(@date_default_timezone_get()); # Suppress date.timezone warnings
|
||||
$filename = "postfixadmin-" . date("Ymd") . "-" . getmypid() . ".sql";
|
||||
$backup = $path . DIRECTORY_SEPARATOR . $filename;
|
||||
|
||||
// Should use mktemp() or similar.
|
||||
$backup = tempnam($path, 'postfixadmin-' . date('Ymd'));
|
||||
|
||||
$filename = basename($backup) . '.sql';
|
||||
|
||||
$header = "#\n# Postfix Admin $version\n# Date: " . date("D M j G:i:s T Y") . "\n#\n";
|
||||
|
||||
@@ -94,18 +97,19 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
|
||||
);
|
||||
|
||||
for ($i = 0 ; $i < sizeof($tables) ; ++$i) {
|
||||
$result = db_query("SHOW CREATE TABLE " . table_by_key($tables[$i]));
|
||||
if ($result['rows'] > 0) {
|
||||
while ($row = db_row($result['result'])) {
|
||||
fwrite($fh, "{$row[1]};\n\n");
|
||||
}
|
||||
$result = db_prepared_fetch_all("SHOW CREATE TABLE " . table_by_key($tables[$i]));
|
||||
foreach($result as $row) {
|
||||
fwrite($fh, array_pop($row));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
for ($i = 0 ; $i < sizeof($tables) ; ++$i) {
|
||||
$result = db_query("SELECT * FROM " . table_by_key($tables[$i]));
|
||||
if ($result['rows'] > 0) {
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
// may be a large resultset?
|
||||
$pdo = db_connect();
|
||||
$stmt = $pdo->prepare('SELECT * FROM ' . table_by_key($tables[$i]));
|
||||
$stmt->execute();
|
||||
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
$fields = array_keys($row);
|
||||
$values = array_values($row);
|
||||
$values = array_map(function ($str) {
|
||||
@@ -116,16 +120,16 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
|
||||
$fields = "";
|
||||
$values = "";
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
header("Content-Type: text/plain");
|
||||
header("Content-Disposition: attachment; filename=\"$filename\"");
|
||||
header("Content-Transfer-Encoding: binary");
|
||||
header("Content-Length: " . filesize("$backup"));
|
||||
header("Content-Length: " . filesize($backup));
|
||||
header("Content-Description: Postfix Admin");
|
||||
$download_backup = fopen("$backup", "r");
|
||||
unlink("$backup");
|
||||
$download_backup = fopen($backup, "r");
|
||||
unlink($backup);
|
||||
fpassthru($download_backup);
|
||||
}
|
||||
/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */
|
||||
|
||||
@@ -63,14 +63,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
if (intval(safepost('mailboxes_only')) == 0) {
|
||||
$q .= " UNION SELECT goto FROM $table_alias WHERE active='" . db_get_boolean(true) . "' AND ".db_in_clause("domain", $wanted_domains)."AND goto NOT IN ($q)";
|
||||
}
|
||||
$result = db_query($q);
|
||||
if ($result['rows'] > 0) {
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
if (is_array($row)) {
|
||||
$recipients[] = $row['username'];
|
||||
}
|
||||
}
|
||||
}
|
||||
$result = db_prepared_fetch_all($q);
|
||||
$recipients = array_column($result, 'username');
|
||||
|
||||
$recipients = array_unique($recipients);
|
||||
|
||||
|
||||
@@ -220,18 +220,16 @@ if (Config::bool('used_quotas') && (! Config::bool('new_quota_table'))) {
|
||||
$mailbox_pagebrowser_query = "$sql_from\n$sql_join\n$sql_where\n$sql_order" ;
|
||||
$query = "$sql_select\n$mailbox_pagebrowser_query\n$sql_limit";
|
||||
|
||||
$result = db_query($query);
|
||||
$result = db_prepared_fetch_all($query);
|
||||
|
||||
$tMailbox = array();
|
||||
|
||||
if ($result['rows'] > 0) {
|
||||
$delimiter = preg_quote($CONF['recipient_delimiter'], "/");
|
||||
$goto_single_rec_del = "";
|
||||
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
if (!is_array($row)) {
|
||||
continue;
|
||||
}
|
||||
$delimiter = preg_quote($CONF['recipient_delimiter'], "/");
|
||||
$goto_single_rec_del = "";
|
||||
|
||||
foreach($result as $row) {
|
||||
|
||||
if ($display_mailbox_aliases) {
|
||||
$goto_split = explode(",", $row['goto']);
|
||||
$row['goto_mailbox'] = 0;
|
||||
@@ -265,9 +263,9 @@ if ($result['rows'] > 0) {
|
||||
}
|
||||
}
|
||||
$tMailbox[] = $row;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$alias_data['msg']['can_create'] = false;
|
||||
$tCanAddMailbox = false;
|
||||
|
||||
|
||||
@@ -41,6 +41,7 @@ $f_mysql_connect = function_exists("mysql_connect");
|
||||
$f_mysqli_connect = function_exists("mysqli_connect");
|
||||
$f_pg_connect = function_exists("pg_connect");
|
||||
$f_sqlite_open = class_exists("SQLite3");
|
||||
$f_pdo = class_exists('PDO');
|
||||
$f_session_start = function_exists("session_start");
|
||||
$f_preg_match = function_exists("preg_match");
|
||||
$f_mb_encode_mimeheader = function_exists("mb_encode_mimeheader");
|
||||
@@ -302,8 +303,8 @@ if ($error != 0) {
|
||||
if ($error == 0 && $pw_check_result == 'pass_OK') {
|
||||
// XXX need to ensure domains table includes an 'ALL' entry.
|
||||
$table_domain = table_by_key('domain');
|
||||
$r = db_query("SELECT * FROM $table_domain WHERE domain = 'ALL'");
|
||||
if ($r['rows'] == 0) {
|
||||
$rows = db_prepared_fetch_all("SELECT * FROM $table_domain WHERE domain = 'ALL'");
|
||||
if(empty($rows)) {
|
||||
db_insert('domain', array('domain' => 'ALL', 'description' => '', 'transport' => '')); // all other fields should default through the schema.
|
||||
}
|
||||
|
||||
|
||||
@@ -13,18 +13,15 @@ if (!isset($CONF) || !is_array($CONF)) {
|
||||
|
||||
|
||||
/**
|
||||
* Use this to check whether an object (Table, index etc) exists within a
|
||||
* Use this to check whether an object (table, index etc) exists within a
|
||||
* PostgreSQL database.
|
||||
* @param string the object name
|
||||
* @return boolean true if it exists
|
||||
*/
|
||||
function _pgsql_object_exists($name) {
|
||||
$sql = "select relname from pg_class where relname = '$name'";
|
||||
$r = db_query($sql);
|
||||
if ($r['rows'] == 1) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
$r = db_prepared_fetch_one($sql);
|
||||
return !empty($r);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -51,30 +48,24 @@ function _pgsql_field_exists($table, $field) {
|
||||
AND pg_catalog.pg_table_is_visible(c.oid)
|
||||
)
|
||||
AND a.attname = '$field' ";
|
||||
$r = db_query($sql);
|
||||
$row = db_row($r['result']);
|
||||
if ($row) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
$r = db_prepared_fetch_all($sql);
|
||||
|
||||
return !empty($r);
|
||||
}
|
||||
|
||||
function _mysql_field_exists($table, $field) {
|
||||
# $table = table_by_key($table); # _mysql_field_exists is always called with the expanded table name - don't expand it twice
|
||||
$sql = "SHOW COLUMNS FROM $table LIKE '$field'";
|
||||
$r = db_query($sql);
|
||||
$row = db_row($r['result']);
|
||||
$sql = "SHOW COLUMNS FROM $table LIKE ?";
|
||||
$r = db_prepared_fetch_all($sql, array( $field));
|
||||
|
||||
if ($row) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
return !empty($r);
|
||||
}
|
||||
|
||||
function _sqlite_field_exists($table, $field) {
|
||||
$sql = "PRAGMA table_info($table)";
|
||||
$r = db_query($sql);
|
||||
while ($row = db_row($r['result'])) {
|
||||
$r = db_prepared_fetch_all($sql);
|
||||
|
||||
foreach($r as $row) {
|
||||
if ($row[1] == $field) {
|
||||
return true;
|
||||
}
|
||||
@@ -128,8 +119,7 @@ function printdebug($text) {
|
||||
$table = table_by_key('config');
|
||||
if ($CONF['database_type'] == 'pgsql') {
|
||||
// check if table already exists, if so, don't recreate it
|
||||
$r = db_query("SELECT relname FROM pg_class WHERE relname = '$table'");
|
||||
if ($r['rows'] == 0) {
|
||||
if(!_pgsql_object_exists($table)) {
|
||||
$pgsql = "
|
||||
CREATE TABLE $table (
|
||||
id SERIAL,
|
||||
@@ -1420,18 +1410,13 @@ function upgrade_1284_mysql_pgsql() {
|
||||
# migrate the ALL domain to the superadmin column
|
||||
# Note: The ALL domain is not (yet) deleted to stay backwards-compatible for now (will be done in a later upgrade function)
|
||||
|
||||
$result = db_query("SELECT username FROM " . table_by_key('domain_admins') . " where domain='ALL'");
|
||||
|
||||
if ($result['rows'] > 0) {
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
if (!is_array($row)) {
|
||||
break;
|
||||
}
|
||||
$result = db_prepared_fetch_all("SELECT username FROM " . table_by_key('domain_admins') . " where domain='ALL'");
|
||||
|
||||
foreach($result as $row) {
|
||||
printdebug("Setting superadmin flag for " . $row['username']);
|
||||
db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true)));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function upgrade_1345_mysql() {
|
||||
|
||||
@@ -57,18 +57,22 @@ function sendCodebySMS($to, $username, $code) {
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === "POST") {
|
||||
$start_time = microtime(true);
|
||||
$tUsername = escape_string(safepost('fUsername'));
|
||||
|
||||
if (empty($tUsername) || !is_string($tUsername)) {
|
||||
$username = safepost('fUsername', null);
|
||||
if (empty($sername) || !is_string($username)) {
|
||||
die("fUsername field required");
|
||||
}
|
||||
|
||||
$tUsername = escape_string($username);
|
||||
|
||||
|
||||
$handler = $context === 'admin' ? new AdminHandler : new MailboxHandler;
|
||||
$token = $handler->getPasswordRecoveryCode($tUsername);
|
||||
if ($token !== false) {
|
||||
$table = table_by_key($context === 'users' ? 'mailbox' : 'admin');
|
||||
$result = db_query("SELECT * FROM $table WHERE username='$tUsername'");
|
||||
$row = db_assoc($result['result']);
|
||||
$row = db_prepared_fetch_one("SELECT * FROM $table WHERE username= :username", array('username' => $username));
|
||||
|
||||
// $row must exist unless there's a race condition?
|
||||
|
||||
$email_other = isset($row['email_other']) ? trim($row['email_other']) : null;
|
||||
$phone = isset($row['phone']) ? trim($row['phone']) : null;
|
||||
|
||||
@@ -61,19 +61,18 @@ if ($error != 1) {
|
||||
$table_log = table_by_key('log');
|
||||
$page_size = isset($CONF['page_size']) ? intval($CONF['page_size']) : 35;
|
||||
|
||||
$query = "SELECT timestamp,username,domain,action,data FROM $table_log WHERE domain='$fDomain' ORDER BY timestamp DESC LIMIT $page_size";
|
||||
$query = "SELECT timestamp,username,domain,action,data FROM $table_log WHERE domain= :domain ORDER BY timestamp DESC LIMIT $page_size";
|
||||
|
||||
if (db_pgsql()) {
|
||||
$query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log WHERE domain='$fDomain' ORDER BY timestamp DESC LIMIT $page_size";
|
||||
$query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log WHERE domain= :domain ORDER BY timestamp DESC LIMIT $page_size";
|
||||
}
|
||||
$result = db_query($query);
|
||||
if ($result['rows'] > 0) {
|
||||
while ($row = db_assoc($result['result'])) {
|
||||
$result = db_prepared_fetch_all($query, array('domain' => $fDomain));
|
||||
foreach($result as $row) {
|
||||
if (is_array($row) && db_pgsql()) {
|
||||
$row['timestamp'] = gmstrftime('%c %Z', $row['timestamp']);
|
||||
}
|
||||
$tLog[] = $row;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($tLog as $k => $v) {
|
||||
|
||||
@@ -5,8 +5,7 @@ require_once('common.php');
|
||||
class CheckOwnerTest extends \PHPUnit\Framework\TestCase {
|
||||
public function testBasic() {
|
||||
$check = check_owner('random@example.com', 'test.com');
|
||||
|
||||
$this->assertFalse($check);
|
||||
$this->assertFalse($check, "there should be no entries in test.com as it's an invalid/non-existant domain");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -3,8 +3,20 @@
|
||||
require_once('common.php');
|
||||
|
||||
class DbBasicTest extends \PHPUnit\Framework\TestCase {
|
||||
|
||||
private $test_domain;
|
||||
|
||||
public function setUp() {
|
||||
$db = db_connect();
|
||||
$test_domain = 'test' . uniqid() . '.com';
|
||||
$this->test_domain = $test_domain;
|
||||
|
||||
$db->exec("DELETE FROM domain WHERE domain = '$test_domain'");
|
||||
|
||||
}
|
||||
public function testInsertDeleteDomain() {
|
||||
$domain = "test". uniqid() . '.com';
|
||||
|
||||
$domain = $this->test_domain;
|
||||
|
||||
$username = 'testusername' . uniqid();
|
||||
|
||||
@@ -12,7 +24,7 @@ class DbBasicTest extends \PHPUnit\Framework\TestCase {
|
||||
1,
|
||||
db_insert(
|
||||
'domain',
|
||||
array('domain' => $domain, 'description' => '', 'transport' => '', 'password_expiry' => 99)
|
||||
array('domain' => $domain, 'description' => 'test', 'transport' => '', 'password_expiry' => 99)
|
||||
)
|
||||
);
|
||||
|
||||
@@ -33,12 +45,16 @@ class DbBasicTest extends \PHPUnit\Framework\TestCase {
|
||||
)
|
||||
);
|
||||
|
||||
$ret = db_query("SELECT * FROM mailbox WHERE username = '$username'");
|
||||
$ret = db_prepared_fetch_one("SELECT * FROM mailbox WHERE username = :username", array('username' => $username));
|
||||
|
||||
$this->assertEquals(1, $ret['rows']);
|
||||
$data = db_assoc($ret['result']);
|
||||
|
||||
$this->assertEquals($data['name'], 'blah updated');
|
||||
$this->assertTrue(!empty($ret));
|
||||
$this->assertTrue(is_array($ret));
|
||||
|
||||
|
||||
$this->assertEquals($ret['name'], 'blah updated');
|
||||
|
||||
$this->assertEquals(0, db_delete('mailbox', 'username', 'blahblahinvalid'));
|
||||
|
||||
$this->assertEquals(1, db_delete('mailbox', 'username', $username));
|
||||
$this->assertEquals(1, db_delete('domain', 'domain', $domain));
|
||||
|
||||
@@ -10,7 +10,7 @@ require_once(dirname(__FILE__) . '/../common.php');
|
||||
$CONF['default_language'] = 'en';
|
||||
$CONF['language_hook'] = '';
|
||||
|
||||
$db_file = '/tmp/postfixadmin.sqlite.test';
|
||||
$db_file = dirname(__FILE__) . '/postfixadmin.sqlite.test';
|
||||
$CONF['database_type'] = 'sqlite';
|
||||
$CONF['database_name'] = $db_file;
|
||||
|
||||
@@ -18,9 +18,9 @@ Config::write('database_type', 'sqlite');
|
||||
Config::write('database_name', $db_file);
|
||||
|
||||
clearstatcache();
|
||||
if (file_exists($db_file)) {
|
||||
unlink($db_file);
|
||||
}
|
||||
//if (file_exists($db_file)) {
|
||||
// unlink($db_file);
|
||||
//}
|
||||
|
||||
|
||||
require_once(dirname(__FILE__) . '/../public/upgrade.php');
|
||||
|
||||
Reference in New Issue
Block a user