banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

more pear/mdb2 integration

Browse Source
release-0.6
svncommit 19 years ago
parent e0ed972884
commit d7cb77414c
21 changed files with 343 additions and 325 deletions
Show Stats Download Patch File Download Diff File

8
SQL/postgres.initial.sql
Unescape Escape View File

@ -117,11 +117,11 @@ CREATE TABLE identities (
del boolean DEFAULT false NOT NULL,
"default" boolean DEFAULT false NOT NULL,
name character varying(128) NOT NULL,
organization character varying(128) NOT NULL,
organization character varying(128),
email character varying(128) NOT NULL,
"reply-to" character varying(128) NOT NULL,
bcc character varying(128) NOT NULL,
signature text NOT NULL
"reply-to" character varying(128),
bcc character varying(128),
signature text
);

8
index.php
Unescape Escape View File

@ -51,17 +51,19 @@ if ($CURRENT_PATH!='')
$CURRENT_PATH.='/';
// set environment first
ini_set('include_path', ini_get('include_path').PATH_SEPARATOR.$INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib');
// RC include folders MUST be included FIRST to avoid other
// possible not compatible libraries (i.e PEAR) to be included
// instead the ones provided by RC
ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
ini_set('session.name', 'sessid');
ini_set('session.use_cookies', 1);
ini_set('error_reporting', E_ALL&~E_NOTICE);
// increase maximum execution time for php scripts
// (does not work in safe mode)
@set_time_limit('120');
// include base files
require_once('include/rcube_shared.inc');
require_once('include/rcube_imap.inc');

69
program/include/cache.inc
Unescape Escape View File

@ -25,13 +25,12 @@ function rcube_read_cache($key)
global $DB, $CACHE_KEYS;
// query db
$sql_result = $DB->query(sprintf("SELECT cache_id, data
FROM %s
WHERE user_id=%d
AND cache_key='%s'",
get_table_name('cache'),
$_SESSION['user_id'],
$key));
$sql_result = $DB->query("SELECT cache_id, data
FROM ".get_table_name('cache')."
WHERE user_id=?
AND cache_key=?",
$_SESSION['user_id'],
$key);
// get cached data
if ($sql_arr = $DB->fetch_assoc($sql_result))
@ -53,13 +52,12 @@ function rcube_write_cache($key, $data, $session_cache=FALSE)
// check if we already have a cache entry for this key
if (!isset($CACHE_KEYS[$key]))
{
$sql_result = $DB->query(sprintf("SELECT cache_id
FROM %s
WHERE user_id=%d
AND cache_key='%s'",
get_table_name('cache'),
$_SESSION['user_id'],
$key));
$sql_result = $DB->query("SELECT cache_id
FROM ".get_table_name('cache')."
WHERE user_id=?
AND cache_key=?",
$_SESSION['user_id'],
$key);
if ($sql_arr = $DB->fetch_assoc($sql_result))
$CACHE_KEYS[$key] = $sql_arr['cache_id'];
@ -70,27 +68,25 @@ function rcube_write_cache($key, $data, $session_cache=FALSE)
// update existing cache record
if ($CACHE_KEYS[$key])
{
$DB->query(sprintf("UPDATE %s
SET created=NOW(),
data='%s'
WHERE user_id=%d
AND cache_key='%s'",
get_table_name('cache'),
addslashes($data),
$_SESSION['user_id'],
$key));
$DB->query("UPDATE ".get_table_name('cache')."
SET created=NOW(),
data=?
WHERE user_id=?
AND cache_key=?",
$data,
$_SESSION['user_id'],
$key);
}
// add new cache record
else
{
$DB->query(sprintf("INSERT INTO %s
(created, user_id, session_id, cache_key, data)
VALUES (NOW(), %d, %s, '%s', '%s')",
get_table_name('cache'),
$_SESSION['user_id'],
$session_cache ? "'$sess_id'" : 'NULL',
$key,
addslashes($data)));
$DB->query("INSERT INTO ".get_table_name('cache')."
(created, user_id, session_id, cache_key, data)
VALUES (NOW(), ?, ?, ?', ?)",
$_SESSION['user_id'],
$session_cache ? $sess_id : 'NULL',
$key,
$data);
}
}
@ -100,12 +96,11 @@ function rcube_clear_cache($key)
{
global $DB;
$DB->query(sprintf("DELETE FROM %s
WHERE user_id=%d
AND cache_key='%s'",
get_table_name('cache'),
$_SESSION['user_id'],
$key));
$DB->query("DELETE FROM ".get_table_name('cache')."
WHERE user_id=?
AND cache_key=?",
$_SESSION['user_id'],
$key);
}

52
program/include/main.inc
Unescape Escape View File

@ -263,13 +263,12 @@ function rcmail_login($user, $pass, $host=NULL)
}
// query if user already registered
$sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences
FROM %s
WHERE mail_host='%s' AND (username='%s' OR alias='%s')",
get_table_name('users'),
addslashes($host),
addslashes($user),
addslashes($user)));
$sql_result = $DB->query("SELECT user_id, username, language, preferences
FROM ".get_table_name('users')."
WHERE mail_host=? AND (username=? OR alias=?)",
$host,
$user,
$user);
// user already registered -> overwrite username
if ($sql_arr = $DB->fetch_assoc($sql_result))
@ -299,11 +298,10 @@ function rcmail_login($user, $pass, $host=NULL)
$sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language'];
// update user's record
$DB->query(sprintf("UPDATE %s
SET last_login=NOW()
WHERE user_id=%d",
get_table_name('users'),
$user_id));
$DB->query("UPDATE ".get_table_name('users')."
SET last_login=NOW()
WHERE user_id=?",
$user_id);
}
// create new system user
else if ($CONFIG['auto_create_user'])
@ -336,27 +334,25 @@ function rcmail_create_user($user, $host)
{
global $DB, $CONFIG, $IMAP;
$DB->query(sprintf("INSERT INTO %s
(created, last_login, username, mail_host, language)
VALUES (NOW(), NOW(), '%s', '%s', '%s')",
get_table_name('users'),
addslashes($user),
addslashes($host),
$_SESSION['user_lang']));
if ($user_id = $DB->insert_id())
$DB->query("INSERT INTO ".get_table_name('users')."
(created, last_login, username, mail_host, language)
VALUES (NOW(), NOW(), ?, ?, ?)",
$user,
$host,
$_SESSION['user_lang']);
if ($user_id = $DB->insert_id('user_ids'))
{
$user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host);
$user_name = $user!=$user_email ? $user : '';
// also create a new identity record
$DB->query(sprintf("INSERT INTO %s
(user_id, `default`, name, email)
VALUES (%d, '1', '%s', '%s')",
get_table_name('identities'),
$user_id,
addslashes($user_name),
addslashes($user_email)));
$DB->query("INSERT INTO ".get_table_name('identities')."
(user_id, `default`, name, email)
VALUES (?, '1', ?, ?)",
$user_id,
$user_name,
$user_email);
// get existing mailboxes
$a_mailboxes = $IMAP->list_mailboxes();

53
program/include/rcube_db.inc
Unescape Escape View File

@ -101,9 +101,27 @@ class rcube_db
$this->db_connected = true;
}
// Query database (read operations)
// Query database
function query($query, $offset=0, $numrows=0)
function query()
{
$params = func_get_args();
$query = array_shift($params);
return $this->_query($query, 0, 0, $params);
}
function limitquery()
{
$params = func_get_args();
$query = array_shift($params);
$offset = array_shift($params);
$numrows = array_shift($params);
return $this->_query($query, $offset, $numrows, $params);
}
function _query($query, $offset, $numrows, $params)
{
// Read or write ?
if (strtolower(trim(substr($query,0,6)))=='select')
@ -118,18 +136,21 @@ class rcube_db
if ($numrows || $offset)
{
$result = $this->db_handle->limitQuery($query,$offset,$numrows);
$result = $this->db_handle->limitQuery($query,$offset,$numrows,$params);
}
else
$result = $this->db_handle->query($query);
$result = $this->db_handle->query($query,$params);
if (DB::isError($result))
{
raise_error(array('code' => 500,
'type' => 'db',
'line' => __LINE__,
'file' => __FILE__,
'message' => $result->getMessage()), TRUE, FALSE);
return false;
}
return $this->_add_result($result, $query);
}
@ -196,6 +217,26 @@ class rcube_db
return $result->fetchRow(DB_FETCHMODE_ASSOC);
}
function quoteIdentifier ( $str )
{
if (!$this->db_handle)
$this->db_connect('r');
return $this->db_handle->quoteIdentifier($str);
}
function unixtimestamp($field)
{
switch($this->db_provider)
{
case 'pgsql':
return "EXTRACT (EPOCH FROM $field)";
break;
default:
return "UNIX_TIMESTAMP($field)";
}
}
function _add_result($res, $query)
{
// sql error occured

42
program/include/rcube_mdb2.inc
Unescape Escape View File

@ -101,9 +101,27 @@ class rcube_db
$this->db_connected = true;
}
// Query database (read operations)
// Query database
function query($query, $offset=0, $numrows=0)
function query()
{
$params = func_get_args();
$query = array_shift($params);
return $this->_query($query, 0, 0, $params);
}
function limitquery()
{
$params = func_get_args();
$query = array_shift($params);
$offset = array_shift($params);
$numrows = array_shift($params);
return $this->_query($query, $offset, $numrows, $params);
}
function _query($query, $offset, $numrows, $params)
{
// Read or write ?
if (strtolower(trim(substr($query,0,6)))=='select')
@ -175,6 +193,26 @@ class rcube_db
return $result->fetchRow(MDB2_FETCHMODE_ASSOC);
}
function quoteIdentifier ( $str )
{
if (!$this->db_handle)
$this->db_connect('r');
return $this->db_handle->quoteIdentifier($str);
}
function unixtimestamp($field)
{
switch($this->db_provider)
{
case 'pgsql':
return "EXTRACT (EPOCH FROM $field)";
break;
default:
return "UNIX_TIMESTAMP($field)";
}
}
function _add_result($res, $query)
{
// sql error occured

87
program/include/session.inc
Unescape Escape View File

@ -38,11 +38,10 @@ function sess_read($key)
{
global $DB, $SESS_CHANGED;
$sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed
FROM %s
WHERE sess_id='%s'",
get_table_name('session'),
$key));
$sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
FROM ".get_table_name('session')."
WHERE sess_id=?",
$key);
if ($sql_arr = $DB->fetch_assoc($sql_result))
{
@ -61,32 +60,29 @@ function sess_write($key, $vars)
{
global $DB;
$sql_result = $DB->query(sprintf("SELECT 1
FROM %s
WHERE sess_id='%s'",
get_table_name('session'),
$key));
$sql_result = $DB->query("SELECT 1
FROM ".get_table_name('session')."
WHERE sess_id=?",
$key);
if ($DB->num_rows($sql_result))
{
session_decode($vars);
$DB->query(sprintf("UPDATE %s
SET vars='%s',
changed=NOW()
WHERE sess_id='%s'",
get_table_name('session'),
$vars,
$key));
$DB->query("UPDATE ".get_table_name('session')."
SET vars=?,
changed=NOW()
WHERE sess_id=?",
$vars,
$key);
}
else
{
$DB->query(sprintf("INSERT INTO %s
(sess_id, vars, ip, created, changed)
VALUES ('%s', '%s', '%s', NOW(), NOW())",
get_table_name('session'),
$key,
$vars,
$_SERVER['REMOTE_ADDR']));
$DB->query("INSERT INTO ".get_table_name('session')."
(sess_id, vars, ip, created, changed)
VALUES (?, ?, ?, NOW(), NOW())",
$key,
$vars,
$_SERVER['REMOTE_ADDR']);
}
return TRUE;
@ -98,16 +94,14 @@ function sess_destroy($key)
{
global $DB;
$DB->query(sprintf("DELETE FROM %s
WHERE sess_id='%s'",
get_table_name('session'),
$key));
// also delete session entries in cache table
$DB->query(sprintf("DELETE FROM %s
WHERE session_id='%s'",
get_table_name('cache'),
$key));
// delete session entries in cache table
$DB->query("DELETE FROM ".get_table_name('cache')."
WHERE session_id=?",
$key);
$DB->query("DELETE FROM ".get_table_name('session')."
WHERE sess_id=?",
$key);
return TRUE;
}
@ -119,11 +113,10 @@ function sess_gc($maxlifetime)
global $DB;
// get all expired sessions
$sql_result = $DB->query(sprintf("SELECT sess_id
FROM %s
WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(created) > %d",
get_table_name('session'),
$maxlifetime));
$sql_result = $DB->query("SELECT sess_id
FROM ".get_table_name('session')."
WHERE ".$DB->unixtimestamp('NOW()')."-".$DB->unixtimestamp('created')." > ?",
$maxlifetime);
$a_exp_sessions = array();
while ($sql_arr = $DB->fetch_assoc($sql_result))
@ -132,17 +125,13 @@ function sess_gc($maxlifetime)
if (sizeof($a_exp_sessions))
{
// delete session cache records
$DB->query("DELETE FROM ".get_table_name('cache')."
WHERE session_id IN ('".join("','", $a_exp_sessions)."')");
// delete session records
$DB->query(sprintf("DELETE FROM %s
WHERE sess_id IN ('%s')",
get_table_name('session'),
join("','", $a_exp_sessions)));
// also delete session cache records
$DB->query(sprintf("DELETE FROM %s
WHERE session_id IN ('%s')",
get_table_name('cache'),
join("','", $a_exp_sessions)));
$DB->query("DELETE FROM ".get_table_name('session')."
WHERE sess_id IN ('".join("','", $a_exp_sessions)."')");
}
return TRUE;

38
program/steps/addressbook/delete.inc
Unescape Escape View File

@ -23,13 +23,11 @@ $REMOTE_REQUEST = TRUE;
if ($_GET['_cid'])
{
$DB->query(sprintf("UPDATE %s
SET del='1'
WHERE user_id=%d
AND contact_id IN (%s)",
get_table_name('contacts'),
$_SESSION['user_id'],
$_GET['_cid']));
$DB->query("UPDATE ".get_table_name('contacts')."
SET del='1'
WHERE user_id=?
AND contact_id IN (".$_GET['_cid'].")",
$_SESSION['user_id']);
$count = $DB->affected_rows();
if (!$count)
@ -40,12 +38,11 @@ if ($_GET['_cid'])
// count contacts for this user
$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
FROM %s
WHERE del!='1'
AND user_id=%d",
get_table_name('contacts'),
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
FROM ".get_table_name('contacts')."
WHERE del<>'1'
AND user_id=?",
$_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@ -62,14 +59,13 @@ if ($_GET['_cid'])
$start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count;
// get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s
WHERE del!='1'
AND user_id=%d
ORDER BY name",
get_table_name('contacts'),
$_SESSION['user_id']),
$start_row,
$count);
$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
WHERE del<>'1'
AND user_id=?
ORDER BY name",
$start_row,
$count,
$_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result);

13
program/steps/addressbook/edit.inc
Unescape Escape View File

@ -23,13 +23,12 @@
if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit')
{
$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
$DB->query(sprintf("SELECT * FROM %s
WHERE contact_id=%d
AND user_id=%d
AND del!='1'",
get_table_name('contacts'),
$cid,
$_SESSION['user_id']));
$DB->query("SELECT * FROM ".get_table_name('contacts')."
WHERE contact_id=?
AND user_id=?
AND del<>'1'",
$cid,
$_SESSION['user_id']);
$CONTACT_RECORD = $DB->fetch_assoc();

35
program/steps/addressbook/func.inc
Unescape Escape View File

@ -41,12 +41,11 @@ function rcmail_contacts_list($attrib)
//$image_tag = '<img src="%s%s" alt="%s" border="0" />';
// count contacts for this user
$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
FROM %s
WHERE del!='1'
AND user_id=%d",
get_table_name('contacts'),
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
FROM ".get_table_name('contacts')."
WHERE del<>'1'
AND user_id=?",
$_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@ -56,14 +55,13 @@ function rcmail_contacts_list($attrib)
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s
WHERE del!='1'
AND user_id=%d
ORDER BY name",
get_table_name('contacts'),
$_SESSION['user_id']),
$start_row,
$CONFIG['pagesize']);
$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
WHERE del<>'1'
AND user_id= ?
ORDER BY name",
$start_row,
$CONFIG['pagesize'],
$_SESSION['user_id']);
}
else
$sql_result = NULL;
@ -174,11 +172,10 @@ function rcmail_get_rowcount_text($max=NULL)
// get nr of contacts
if ($max===NULL)
{
$sql_result = $DB->query(sprintf("SELECT 1 FROM %s
WHERE del!='1'
AND user_id=%d",
get_table_name('contacts'),
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
WHERE del<>'1'
AND user_id=?",
$_SESSION['user_id']);
$max = $DB->num_rows($sql_result);
}

26
program/steps/addressbook/list.inc
Unescape Escape View File

@ -22,12 +22,11 @@
$REMOTE_REQUEST = TRUE;
// count contacts for this user
$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
FROM %s
WHERE del!='1'
AND user_id=%d",
get_table_name('contacts'),
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
FROM ".get_table_name('contacts')."
WHERE del<>'1'
AND user_id=?",
$_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@ -40,14 +39,13 @@ $commands .= sprintf("this.set_env('pagecount', %d);\n", $pages);
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s
WHERE del!='1'
AND user_id=%d
ORDER BY name",
get_table_name('contacts'),
$_SESSION['user_id']),
$start_row,
$CONFIG['pagesize']);
$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
WHERE del<>'1'
AND user_id=?
ORDER BY name",
$start_row,
$CONFIG['pagesize'],
$_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result);

49
program/steps/addressbook/save.inc
Unescape Escape View File

@ -39,15 +39,13 @@ if ($_POST['_cid'])
if (sizeof($a_write_sql))
{
$DB->query(sprintf("UPDATE %s
SET %s
WHERE contact_id=%d
AND user_id=%d
AND del!='1'",
get_table_name('contacts'),
join(', ', $a_write_sql),
$_POST['_cid'],
$_SESSION['user_id']));
$DB->query("UPDATE ".get_table_name('contacts')."
SET ".join(', ', $a_write_sql)."
WHERE contact_id=?
AND user_id=?
AND del<>'1'",
$_POST['_cid'],
$_SESSION['user_id']);
$updated = $DB->affected_rows();
}
@ -63,13 +61,12 @@ if ($_POST['_cid'])
$a_show_cols = array('name', 'email');
$a_js_cols = array();
$sql_result = $DB->query(sprintf("SELECT * FROM %s
WHERE contact_id=%d
AND user_id=%d
AND del!='1'",
get_table_name('contacts'),
$sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
WHERE contact_id=?
AND user_id=?
AND del<>'1'",
$_POST['_cid'],
$_SESSION['user_id']));
$_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
foreach ($a_show_cols as $col)
@ -111,13 +108,10 @@ else
if (sizeof($a_insert_cols))
{
$DB->query(sprintf("INSERT INTO %s
(user_id, %s)
VALUES (%d, %s)",
get_table_name('contacts'),
join(', ', $a_insert_cols),
$_SESSION['user_id'],
join(', ', $a_insert_values)));
$DB->query("INSERT INTO ".get_table_name('contacts')."
(user_id, ".join(', ', $a_insert_cols).")
VALUES (?, ".join(', ', $a_insert_values).")",
$_SESSION['user_id']);
$insert_id = $DB->insert_id();
}
@ -131,12 +125,11 @@ else
{
// add contact row or jump to the page where it should appear
$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
$sql_result = $DB->query(sprintf("SELECT * FROM %s
WHERE contact_id=%d
AND user_id=%d",
get_table_name('contacts'),
$insert_id,
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
WHERE contact_id=?
AND user_id=?",
$insert_id,
$_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
$commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",

13
program/steps/addressbook/show.inc
Unescape Escape View File

@ -23,13 +23,12 @@
if ($_GET['_cid'] || $_POST['_cid'])
{
$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
$DB->query(sprintf("SELECT * FROM %s
WHERE contact_id=%d
AND user_id=%d
AND del!='1'",
get_table_name('contacts'),
$cid,
$_SESSION['user_id']));
$DB->query("SELECT * FROM ".get_table_name('contacts')."
WHERE contact_id=?
AND user_id=?
AND del<>'1'",
$cid,
$_SESSION['user_id']);
$CONTACT_RECORD = $DB->fetch_assoc();

25
program/steps/mail/addcontact.inc
Unescape Escape View File

@ -29,13 +29,11 @@ if ($_GET['_address'])
$contact = $contact_arr[1];
if ($contact['mailto'])
$sql_result = $DB->query(sprintf("SELECT 1 FROM %s
WHERE user_id=%d
AND email='%s'
AND del!='1'",
get_table_name('contacts'),
$_SESSION['user_id'],
$contact['mailto']));
$sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
WHERE user_id=?
AND email=?
AND del<>'1'",
$_SESSION['user_id'],$contact['mailto']);
// contact entry with this mail address exists
if ($sql_result && $DB->num_rows($sql_result))
@ -43,13 +41,12 @@ if ($_GET['_address'])
else if ($contact['mailto'])
{
$DB->query(sprintf("INSERT INTO %s
(user_id, name, email)
VALUES (%d, '%s', '%s')",
get_table_name('contacts'),
$_SESSION['user_id'],
$contact['name'],
$contact['mailto']));
$DB->query("INSERT INTO ".get_table_name('contacts')."
(user_id, name, email)
VALUES (?, ?, ?)",
$_SESSION['user_id'],
$contact['name'],
$contact['mailto']);
$added = $DB->insert_id();
}

34
program/steps/mail/compose.inc
Unescape Escape View File

@ -87,13 +87,11 @@ function rcmail_compose_headers($attrib)
$field_attrib[$attr] = $value;
// get this user's identities
$sql_result = $DB->query(sprintf("SELECT identity_id, name, email
FROM %s
WHERE user_id=%d
AND del!='1'
ORDER BY `default` DESC, name ASC",
get_table_name('identities'),
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT identity_id, name, email
FROM ".get_table_name('identities')." WHERE user_id=?
AND del<>'1'
ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
$_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{
@ -123,14 +121,11 @@ function rcmail_compose_headers($attrib)
if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
{
$a_recipients = array();
$sql_result = $DB->query(sprintf("SELECT name, email
FROM %s
WHERE user_id=%d
AND del!='1'
AND contact_id IN (%s)",
get_table_name('contacts'),
$_SESSION['user_id'],
$_GET['_to']));
$sql_result = $DB->query("SELECT name, email
FROM ".get_table_name('contacts')." WHERE user_id=?
AND del<>'1'
AND contact_id IN (".$_GET['_to'].")",
$_SESSION['user_id']);
while ($sql_arr = $DB->fetch_assoc($sql_result))
$a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
@ -559,12 +554,9 @@ function format_email_recipient($email, $name='')
/****** get contacts for this user and add them to client scripts ********/
$sql_result = $DB->query(sprintf("SELECT name, email
FROM %s
WHERE user_id=%d
AND del!='1'",
get_table_name('contacts'),
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT name, email
FROM ".get_table_name('contacts')." WHERE user_id=?
AND del<>'1'",$_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{

14
program/steps/mail/sendmail.inc
Unescape Escape View File

@ -42,14 +42,12 @@ function rcmail_get_identity($id)
global $DB;
// get identity record
$sql_result = $DB->query(sprintf("SELECT *, email AS mailto
FROM %s
WHERE identity_id=%d
AND user_id=%d
AND del!='1'",
get_table_name('identities'),
$id,
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT *, email AS mailto
FROM ".get_table_name('identities')."
WHERE identity_id=?
AND user_id=?
AND del<>'1'",
$id,$_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{

12
program/steps/settings/delete_identity.inc
Unescape Escape View File

@ -23,13 +23,11 @@ $REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;
if ($_GET['_iid'])
{
$DB->query(sprintf("UPDATE %s
SET del='1'
WHERE user_id=%d
AND identity_id IN (%s)",
get_table_name('identities'),
$_SESSION['user_id'],
$_GET['_iid']));
$DB->query("UPDATE ".get_table_name('identities')."
SET del='1'
WHERE user_id=?
AND identity_id IN (".$_GET['_iid'].")",
$_SESSION['user_id']);
$count = $DB->affected_rows();
if ($count)

13
program/steps/settings/edit_identity.inc
Unescape Escape View File

@ -22,13 +22,12 @@
if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
{
$id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
$DB->query(sprintf("SELECT * FROM %s
WHERE identity_id=%d
AND user_id=%d
AND del!='1'",
get_table_name('identities'),
$id,
$_SESSION['user_id']));
$DB->query("SELECT * FROM ".get_table_name('identities')."
WHERE identity_id=?
AND user_id=?
AND del<>'1'",
$id,
$_SESSION['user_id']);
$IDENTITY_RECORD = $DB->fetch_assoc();

18
program/steps/settings/func.inc
Unescape Escape View File

@ -21,10 +21,9 @@
// get user record
$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s
WHERE user_id=%d",
get_table_name('users'),
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
WHERE user_id=?",
$_SESSION['user_id']);
if ($USER_DATA = $DB->fetch_assoc($sql_result))
$PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
@ -143,12 +142,11 @@ function rcmail_identities_list($attrib)
// get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s
WHERE del!='1'
AND user_id=%d
ORDER BY `default` DESC, name ASC",
get_table_name('identities'),
$_SESSION['user_id']));
$sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
WHERE del<>'1'
AND user_id=?
ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
$_SESSION['user_id']);
// add id to message list table if not specified

44
program/steps/settings/save_identity.inc
Unescape Escape View File

@ -38,15 +38,13 @@ if ($_POST['_iid'])
if (sizeof($a_write_sql))
{
$DB->query(sprintf("UPDATE %s
SET %s
WHERE identity_id=%d
AND user_id=%d
AND del!='1'",
get_table_name('identities'),
join(', ', $a_write_sql),
$_POST['_iid'],
$_SESSION['user_id']));
$DB->query("UPDATE ".get_table_name('identities')."
SET ".join(', ', $a_write_sql)."
WHERE identity_id=?
AND user_id=?
AND del<>'1'",
$_POST['_iid'],
$_SESSION['user_id']);
$updated = $DB->affected_rows();
}
@ -56,14 +54,13 @@ if ($_POST['_iid'])
show_message('successfullysaved', 'confirmation');
// mark all other identities as 'not-default'
$DB->query(sprintf("UPDATE %s
SET `default`='0'
WHERE identity_id!=%d
AND user_id=%d
AND del!='1'",
get_table_name('identities'),
$_POST['_iid'],
$_SESSION['user_id']));
$DB->query("UPDATE ".get_table_name('identities')."
SET ".$DB->quoteIdentifier('default')."='0'
WHERE identity_id!=?
AND user_id=?
AND del<>'1'",
$_POST['_iid'],
$_SESSION['user_id']);
if ($_POST['_framed'])
{
@ -89,19 +86,16 @@ else
if (!isset($_POST[$fname]))
continue;
$a_insert_cols[] = "`$col`";
$a_insert_cols[] = $DB->quoteIdentifier($col);
$a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
}
if (sizeof($a_insert_cols))
{
$DB->query(sprintf("INSERT INTO %s
(user_id, %s)
VALUES (%d, %s)",
get_table_name('identities'),
join(', ', $a_insert_cols),
$_SESSION['user_id'],
join(', ', $a_insert_values)));
$DB->query("INSERT INTO ".get_table_name('identities')."
(user_id, ".join(', ', $a_insert_cols).")
VALUES (?, ".join(', ', $a_insert_values).")",
$_SESSION['user_id']);
$insert_id = $DB->insert_id();
}

15
program/steps/settings/save_prefs.inc
Unescape Escape View File

@ -35,14 +35,13 @@ if (isset($_POST['_language']))
$sess_user_lang = $_SESSION['user_lang'] = $_POST['_language'];
$DB->query(sprintf("UPDATE %s
SET preferences='%s',
language='%s'
WHERE user_id=%d",
get_table_name('users'),
addslashes(serialize($a_user_prefs)),
$sess_user_lang,
$_SESSION['user_id']));
$DB->query("UPDATE ".get_table_name('users')."
SET preferences=?,
language=?
WHERE user_id=?",
serialize($a_user_prefs),
$sess_user_lang,
$_SESSION['user_id']);
if ($DB->affected_rows())
{

Write Preview
Loading…
Cancel
Save