summaryrefslogtreecommitdiff
path: root/program/include
diff options
context:
space:
mode:
Diffstat (limited to 'program/include')
-rw-r--r--program/include/cache.inc69
-rw-r--r--program/include/main.inc52
-rwxr-xr-xprogram/include/rcube_db.inc53
-rwxr-xr-xprogram/include/rcube_mdb2.inc42
-rw-r--r--program/include/session.inc87
5 files changed, 181 insertions, 122 deletions
diff --git a/program/include/cache.inc b/program/include/cache.inc
index b1e6b9317..ec8d7c046 100644
--- a/program/include/cache.inc
+++ b/program/include/cache.inc
@@ -25,13 +25,12 @@ function rcube_read_cache($key)
global $DB, $CACHE_KEYS;
// query db
- $sql_result = $DB->query(sprintf("SELECT cache_id, data
- FROM %s
- WHERE user_id=%d
- AND cache_key='%s'",
- get_table_name('cache'),
- $_SESSION['user_id'],
- $key));
+ $sql_result = $DB->query("SELECT cache_id, data
+ FROM ".get_table_name('cache')."
+ WHERE user_id=?
+ AND cache_key=?",
+ $_SESSION['user_id'],
+ $key);
// get cached data
if ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -53,13 +52,12 @@ function rcube_write_cache($key, $data, $session_cache=FALSE)
// check if we already have a cache entry for this key
if (!isset($CACHE_KEYS[$key]))
{
- $sql_result = $DB->query(sprintf("SELECT cache_id
- FROM %s
- WHERE user_id=%d
- AND cache_key='%s'",
- get_table_name('cache'),
- $_SESSION['user_id'],
- $key));
+ $sql_result = $DB->query("SELECT cache_id
+ FROM ".get_table_name('cache')."
+ WHERE user_id=?
+ AND cache_key=?",
+ $_SESSION['user_id'],
+ $key);
if ($sql_arr = $DB->fetch_assoc($sql_result))
$CACHE_KEYS[$key] = $sql_arr['cache_id'];
@@ -70,27 +68,25 @@ function rcube_write_cache($key, $data, $session_cache=FALSE)
// update existing cache record
if ($CACHE_KEYS[$key])
{
- $DB->query(sprintf("UPDATE %s
- SET created=NOW(),
- data='%s'
- WHERE user_id=%d
- AND cache_key='%s'",
- get_table_name('cache'),
- addslashes($data),
- $_SESSION['user_id'],
- $key));
+ $DB->query("UPDATE ".get_table_name('cache')."
+ SET created=NOW(),
+ data=?
+ WHERE user_id=?
+ AND cache_key=?",
+ $data,
+ $_SESSION['user_id'],
+ $key);
}
// add new cache record
else
{
- $DB->query(sprintf("INSERT INTO %s
- (created, user_id, session_id, cache_key, data)
- VALUES (NOW(), %d, %s, '%s', '%s')",
- get_table_name('cache'),
- $_SESSION['user_id'],
- $session_cache ? "'$sess_id'" : 'NULL',
- $key,
- addslashes($data)));
+ $DB->query("INSERT INTO ".get_table_name('cache')."
+ (created, user_id, session_id, cache_key, data)
+ VALUES (NOW(), ?, ?, ?', ?)",
+ $_SESSION['user_id'],
+ $session_cache ? $sess_id : 'NULL',
+ $key,
+ $data);
}
}
@@ -100,12 +96,11 @@ function rcube_clear_cache($key)
{
global $DB;
- $DB->query(sprintf("DELETE FROM %s
- WHERE user_id=%d
- AND cache_key='%s'",
- get_table_name('cache'),
- $_SESSION['user_id'],
- $key));
+ $DB->query("DELETE FROM ".get_table_name('cache')."
+ WHERE user_id=?
+ AND cache_key=?",
+ $_SESSION['user_id'],
+ $key);
}
diff --git a/program/include/main.inc b/program/include/main.inc
index a7020c75f..0e206166e 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -263,13 +263,12 @@ function rcmail_login($user, $pass, $host=NULL)
}
// query if user already registered
- $sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences
- FROM %s
- WHERE mail_host='%s' AND (username='%s' OR alias='%s')",
- get_table_name('users'),
- addslashes($host),
- addslashes($user),
- addslashes($user)));
+ $sql_result = $DB->query("SELECT user_id, username, language, preferences
+ FROM ".get_table_name('users')."
+ WHERE mail_host=? AND (username=? OR alias=?)",
+ $host,
+ $user,
+ $user);
// user already registered -> overwrite username
if ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -299,11 +298,10 @@ function rcmail_login($user, $pass, $host=NULL)
$sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language'];
// update user's record
- $DB->query(sprintf("UPDATE %s
- SET last_login=NOW()
- WHERE user_id=%d",
- get_table_name('users'),
- $user_id));
+ $DB->query("UPDATE ".get_table_name('users')."
+ SET last_login=NOW()
+ WHERE user_id=?",
+ $user_id);
}
// create new system user
else if ($CONFIG['auto_create_user'])
@@ -336,27 +334,25 @@ function rcmail_create_user($user, $host)
{
global $DB, $CONFIG, $IMAP;
- $DB->query(sprintf("INSERT INTO %s
- (created, last_login, username, mail_host, language)
- VALUES (NOW(), NOW(), '%s', '%s', '%s')",
- get_table_name('users'),
- addslashes($user),
- addslashes($host),
- $_SESSION['user_lang']));
-
- if ($user_id = $DB->insert_id())
+ $DB->query("INSERT INTO ".get_table_name('users')."
+ (created, last_login, username, mail_host, language)
+ VALUES (NOW(), NOW(), ?, ?, ?)",
+ $user,
+ $host,
+ $_SESSION['user_lang']);
+
+ if ($user_id = $DB->insert_id('user_ids'))
{
$user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host);
$user_name = $user!=$user_email ? $user : '';
// also create a new identity record
- $DB->query(sprintf("INSERT INTO %s
- (user_id, `default`, name, email)
- VALUES (%d, '1', '%s', '%s')",
- get_table_name('identities'),
- $user_id,
- addslashes($user_name),
- addslashes($user_email)));
+ $DB->query("INSERT INTO ".get_table_name('identities')."
+ (user_id, `default`, name, email)
+ VALUES (?, '1', ?, ?)",
+ $user_id,
+ $user_name,
+ $user_email);
// get existing mailboxes
$a_mailboxes = $IMAP->list_mailboxes();
diff --git a/program/include/rcube_db.inc b/program/include/rcube_db.inc
index f732da298..e83565843 100755
--- a/program/include/rcube_db.inc
+++ b/program/include/rcube_db.inc
@@ -101,9 +101,27 @@ class rcube_db
$this->db_connected = true;
}
- // Query database (read operations)
+ // Query database
- function query($query, $offset=0, $numrows=0)
+ function query()
+ {
+ $params = func_get_args();
+ $query = array_shift($params);
+
+ return $this->_query($query, 0, 0, $params);
+ }
+
+ function limitquery()
+ {
+ $params = func_get_args();
+ $query = array_shift($params);
+ $offset = array_shift($params);
+ $numrows = array_shift($params);
+
+ return $this->_query($query, $offset, $numrows, $params);
+ }
+
+ function _query($query, $offset, $numrows, $params)
{
// Read or write ?
if (strtolower(trim(substr($query,0,6)))=='select')
@@ -118,18 +136,21 @@ class rcube_db
if ($numrows || $offset)
{
- $result = $this->db_handle->limitQuery($query,$offset,$numrows);
+ $result = $this->db_handle->limitQuery($query,$offset,$numrows,$params);
}
else
- $result = $this->db_handle->query($query);
-
+ $result = $this->db_handle->query($query,$params);
+
if (DB::isError($result))
+ {
raise_error(array('code' => 500,
'type' => 'db',
'line' => __LINE__,
'file' => __FILE__,
'message' => $result->getMessage()), TRUE, FALSE);
-
+ return false;
+ }
+
return $this->_add_result($result, $query);
}
@@ -196,6 +217,26 @@ class rcube_db
return $result->fetchRow(DB_FETCHMODE_ASSOC);
}
+ function quoteIdentifier ( $str )
+ {
+ if (!$this->db_handle)
+ $this->db_connect('r');
+
+ return $this->db_handle->quoteIdentifier($str);
+ }
+
+ function unixtimestamp($field)
+ {
+ switch($this->db_provider)
+ {
+ case 'pgsql':
+ return "EXTRACT (EPOCH FROM $field)";
+ break;
+ default:
+ return "UNIX_TIMESTAMP($field)";
+ }
+ }
+
function _add_result($res, $query)
{
// sql error occured
diff --git a/program/include/rcube_mdb2.inc b/program/include/rcube_mdb2.inc
index cd394a878..a61f0b899 100755
--- a/program/include/rcube_mdb2.inc
+++ b/program/include/rcube_mdb2.inc
@@ -101,9 +101,27 @@ class rcube_db
$this->db_connected = true;
}
- // Query database (read operations)
+ // Query database
- function query($query, $offset=0, $numrows=0)
+ function query()
+ {
+ $params = func_get_args();
+ $query = array_shift($params);
+
+ return $this->_query($query, 0, 0, $params);
+ }
+
+ function limitquery()
+ {
+ $params = func_get_args();
+ $query = array_shift($params);
+ $offset = array_shift($params);
+ $numrows = array_shift($params);
+
+ return $this->_query($query, $offset, $numrows, $params);
+ }
+
+ function _query($query, $offset, $numrows, $params)
{
// Read or write ?
if (strtolower(trim(substr($query,0,6)))=='select')
@@ -175,6 +193,26 @@ class rcube_db
return $result->fetchRow(MDB2_FETCHMODE_ASSOC);
}
+ function quoteIdentifier ( $str )
+ {
+ if (!$this->db_handle)
+ $this->db_connect('r');
+
+ return $this->db_handle->quoteIdentifier($str);
+ }
+
+ function unixtimestamp($field)
+ {
+ switch($this->db_provider)
+ {
+ case 'pgsql':
+ return "EXTRACT (EPOCH FROM $field)";
+ break;
+ default:
+ return "UNIX_TIMESTAMP($field)";
+ }
+ }
+
function _add_result($res, $query)
{
// sql error occured
diff --git a/program/include/session.inc b/program/include/session.inc
index ca2b0b4ce..ccca0a920 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -38,11 +38,10 @@ function sess_read($key)
{
global $DB, $SESS_CHANGED;
- $sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed
- FROM %s
- WHERE sess_id='%s'",
- get_table_name('session'),
- $key));
+ $sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
+ FROM ".get_table_name('session')."
+ WHERE sess_id=?",
+ $key);
if ($sql_arr = $DB->fetch_assoc($sql_result))
{
@@ -61,32 +60,29 @@ function sess_write($key, $vars)
{
global $DB;
- $sql_result = $DB->query(sprintf("SELECT 1
- FROM %s
- WHERE sess_id='%s'",
- get_table_name('session'),
- $key));
+ $sql_result = $DB->query("SELECT 1
+ FROM ".get_table_name('session')."
+ WHERE sess_id=?",
+ $key);
if ($DB->num_rows($sql_result))
{
session_decode($vars);
- $DB->query(sprintf("UPDATE %s
- SET vars='%s',
- changed=NOW()
- WHERE sess_id='%s'",
- get_table_name('session'),
- $vars,
- $key));
+ $DB->query("UPDATE ".get_table_name('session')."
+ SET vars=?,
+ changed=NOW()
+ WHERE sess_id=?",
+ $vars,
+ $key);
}
else
{
- $DB->query(sprintf("INSERT INTO %s
- (sess_id, vars, ip, created, changed)
- VALUES ('%s', '%s', '%s', NOW(), NOW())",
- get_table_name('session'),
- $key,
- $vars,
- $_SERVER['REMOTE_ADDR']));
+ $DB->query("INSERT INTO ".get_table_name('session')."
+ (sess_id, vars, ip, created, changed)
+ VALUES (?, ?, ?, NOW(), NOW())",
+ $key,
+ $vars,
+ $_SERVER['REMOTE_ADDR']);
}
return TRUE;
@@ -98,16 +94,14 @@ function sess_destroy($key)
{
global $DB;
- $DB->query(sprintf("DELETE FROM %s
- WHERE sess_id='%s'",
- get_table_name('session'),
- $key));
-
- // also delete session entries in cache table
- $DB->query(sprintf("DELETE FROM %s
- WHERE session_id='%s'",
- get_table_name('cache'),
- $key));
+ // delete session entries in cache table
+ $DB->query("DELETE FROM ".get_table_name('cache')."
+ WHERE session_id=?",
+ $key);
+
+ $DB->query("DELETE FROM ".get_table_name('session')."
+ WHERE sess_id=?",
+ $key);
return TRUE;
}
@@ -119,11 +113,10 @@ function sess_gc($maxlifetime)
global $DB;
// get all expired sessions
- $sql_result = $DB->query(sprintf("SELECT sess_id
- FROM %s
- WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(created) > %d",
- get_table_name('session'),
- $maxlifetime));
+ $sql_result = $DB->query("SELECT sess_id
+ FROM ".get_table_name('session')."
+ WHERE ".$DB->unixtimestamp('NOW()')."-".$DB->unixtimestamp('created')." > ?",
+ $maxlifetime);
$a_exp_sessions = array();
while ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -132,17 +125,13 @@ function sess_gc($maxlifetime)
if (sizeof($a_exp_sessions))
{
+ // delete session cache records
+ $DB->query("DELETE FROM ".get_table_name('cache')."
+ WHERE session_id IN ('".join("','", $a_exp_sessions)."')");
+
// delete session records
- $DB->query(sprintf("DELETE FROM %s
- WHERE sess_id IN ('%s')",
- get_table_name('session'),
- join("','", $a_exp_sessions)));
-
- // also delete session cache records
- $DB->query(sprintf("DELETE FROM %s
- WHERE session_id IN ('%s')",
- get_table_name('cache'),
- join("','", $a_exp_sessions)));
+ $DB->query("DELETE FROM ".get_table_name('session')."
+ WHERE sess_id IN ('".join("','", $a_exp_sessions)."')");
}
return TRUE;
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 07:14:20 +0000