gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -29,6 +29,12 @@

			class db extends mysqli
			{
			/**#@+
			* @access private
			*/
			private $_iQueryId;
			private $_iConnId;

			private $dbHost = ''; // hostname of the MySQL server
			private $dbName = ''; // logical database name on that server
			private $dbUser = ''; // database authorized user
			@@ -36,6 +42,12 @@
			private $dbCharset = 'utf8';// Database charset
			private $dbNewLink = false; // Return a new linkID when connect is called again
			private $dbClientFlags = 0; // MySQL Client falgs
			/*#@-/

			public $show_error_messages = false; // false in server, true in interface


			/* old things - unused now ////
			private $linkId = 0; // last result of mysqli_connect()
			private $queryId = 0; // last result of mysqli_query()
			private $record = array(); // last record fetched
			@@ -44,8 +56,9 @@
			private $errorNumber = 0; // last error number
			public $errorMessage = ''; // last error message
			private $errorLocation = '';// last error location
			public $show_error_messages = false; // false in server, true in interface
			private $isConnected = false; // needed to know if we have a valid mysqli object from the constructor
			////
			*/

			// constructor
			public function __construct($prefix = '') {
			@@ -58,154 +71,459 @@
			$this->dbCharset = $conf[$prefix.'db_charset'];
			$this->dbNewLink = $conf[$prefix.'db_new_link'];
			$this->dbClientFlags = $conf[$prefix.'db_client_flags'];
			parent::__construct($conf[$prefix.'db_host'], $conf[$prefix.'db_user'], $conf[$prefix.'db_password'], $conf[$prefix.'db_database']);

			$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
			$try = 0;
			//while(!is_null($this->connect_error) && $try < 5) {
			while(mysqli_connect_error() && $try < 5) {
			while((!is_object($this->_iConnId) \|\| mysqli_connect_error()) && $try < 5) {
			if($try > 0) sleep(1);

			$try++;
			$this->updateError('DB::__construct');

			parent::__construct($conf[$prefix.'db_host'], $conf[$prefix.'db_user'], $conf[$prefix.'db_password'], $conf[$prefix.'db_database']);
			$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
			}

			//if(is_null($this->connect_error)) $this->isConnected = true;
			//else return false;
			if(!mysqli_connect_error()) $this->isConnected = true;
			else return false;
			if(!is_object($this->_iConnId) \|\| mysqli_connect_error()) {
			$this->_iConnId = null;
			$this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
			return false;
			}
			if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {
			$this->close();
			$this->_sqlerror('Datenbank nicht gefunden / Database not found');
			return false;
			}

			$this->setCharacterEncoding();
			$this->_setCharset();
			}

			public function __destruct() {
			$this->close(); // helps avoid memory leaks, and persitent connections that don't go away.
			if($this->_iConnId) mysqli_close($this->_iConnId);
			}

			// error handler
			public function updateError($location) {
			global $app, $conf;
			public function close() {
			if($this->_iConnId) mysqli_close($this->_iConnId);
			$this->_iConnId = null;
			}

			/*
			if(!is_null($this->connect_error)) {
			$this->errorNumber = $this->connect_errno;
			$this->errorMessage = $this->connect_error;
			} else {
			$this->errorNumber = $this->errno;
			$this->errorMessage = $this->error;
			}
			*/
			if(mysqli_connect_error()) {
			$this->errorNumber = mysqli_connect_errno();
			$this->errorMessage = mysqli_connect_error();
			} else {
			$this->errorNumber = mysqli_errno($this);
			$this->errorMessage = mysqli_error($this);
			}
			public function _build_query_string($sQuery = '') {
			$iArgs = func_num_args();
			if($iArgs > 1) {
			$aArgs = func_get_args();

			if($iArgs == 3 && $aArgs[1] === true && is_array($aArgs[2])) {
			$aArgs = $aArgs[2];
			$iArgs = count($aArgs);
			} else {
			array_shift($aArgs); // delete the query string that is the first arg!
			}

			$this->errorLocation = $location;
			if($this->errorNumber) {
			$error_msg = $this->errorLocation .' '. $this->errorMessage;
			// This right here will allow us to use the same file for server & interface
			if($this->show_error_messages && $conf['demo_mode'] === false) {
			echo $error_msg;
			} else if(is_object($app) && method_exists($app, 'log')) {
			$app->log($error_msg, LOGLEVEL_WARN);
			$iPos = 0;
			$iPos2 = 0;
			foreach($aArgs as $sKey => $sValue) {
			$iPos2 = strpos($sQuery, '??', $iPos2);
			$iPos = strpos($sQuery, '?', $iPos);

			if($iPos === false && $iPos2 === false) break;

			if($iPos2 !== false && ($iPos === false \|\| $iPos2 <= $iPos)) {
			$sTxt = $this->escape($sValue);

			$sTxt = str_replace('`', '', $sTxt);
			if(strpos($sTxt, '.') !== false) {
			$sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
			$sTxt = str_replace('.``', '.', $sTxt);
			} else $sTxt = '`' . $sTxt . '`';

			$sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
			$iPos2 += strlen($sTxt);
			$iPos = $iPos2;
			} else {
			if(is_int($sValue) \|\| is_float($sValue)) {
			$sTxt = $sValue;
			} elseif(is_null($sValue) \|\| (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
			$sTxt = 'NULL';
			} elseif(is_array($sValue)) {
			if(isset($sValue['SQL'])) {
			$sTxt = $sValue['SQL'];
			} else {
			$sTxt = '';
			foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
			$sTxt = '(' . substr($sTxt, 1) . ')';
			if($sTxt == '()') $sTxt = '(0)';
			}
			} else {
			$sTxt = '\'' . $this->escape($sValue) . '\'';
			}

			$sQuery = substr_replace($sQuery, $sTxt, $iPos, 1);
			$iPos += strlen($sTxt);
			$iPos2 = $iPos;
			}
			}
			}

			return $sQuery;
			}

			/*#@-/


			/**#@+
			* @access private
			*/
			private function _setCharset() {
			mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
			mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
			}

			private function securityScan($string) {
			global $app, $conf;

			// get security config
			if(isset($app)) {
			$app->uses('getconf');
			$ids_config = $app->getconf->get_security_config('ids');

			if($ids_config['sql_scan_enabled'] == 'yes') {

			// Remove whitespace
			$string = trim($string);
			if(substr($string,-1) == ';') $string = substr($string,0,-1);

			// Save original string
			$string_orig = $string;

			//echo $string;
			$chars = array(';', '#', '/', '/', '--', '\\\'', '\\"');

			$string = str_replace('\\\\', '', $string);
			$string = preg_replace('/(^\|[^\\\])([\'"])\\2/is', '$1', $string);
			$string = preg_replace('/(^\|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string);
			$ok = true;

			if(substr_count($string, "`") % 2 != 0 \|\| substr_count($string, "'") % 2 != 0 \|\| substr_count($string, '"') % 2 != 0) {
			$app->log("SQL injection warning (" . $string_orig . ")",2);
			$ok = false;
			} else {
			foreach($chars as $char) {
			if(strpos($string, $char) !== false) {
			$ok = false;
			$app->log("SQL injection warning (" . $string_orig . ")",2);
			break;
			}
			}
			}
			if($ok == true) {
			return true;
			} else {
			if($ids_config['sql_scan_action'] == 'warn') {
			// we return false in warning level.
			return false;
			} else {
			// if sql action = 'block' or anything else then stop here.
			$app->error('Possible SQL injection. All actions have been logged.');
			}
			}
			}
			}
			}

			private function setCharacterEncoding() {
			if($this->isConnected == false) return false;
			parent::query( 'SET NAMES '.$this->dbCharset);
			parent::query( "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
			}
			private function _query($sQuery = '') {
			global $app;

			public function query($queryString) {
			global $conf;
			if($this->isConnected == false) return false;
			if ($sQuery == '') {
			$this->_sqlerror('Keine Anfrage angegeben / No query given');
			return false;
			}

			$try = 0;
			do {
			$try++;
			$ok = $this->ping();
			$ok = mysqli_ping($this->_iConnId);
			if(!$ok) {
			if(!$this->real_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
			if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
			if($try > 4) {
			$this->updateError('DB::query -> reconnect');
			$this->_sqlerror('DB::query -> reconnect');
			return false;
			} else {
			sleep(1);
			}
			} else {
			$this->setCharacterEncoding();
			$this->_setCharset();
			$ok = true;
			}
			}
			} while($ok == false);
			$this->queryId = parent::query($queryString);
			$this->updateError('DB::query('.$queryString.') -> mysqli_query');
			if($this->errorNumber && $conf['demo_mode'] === false) debug_print_backtrace();
			if(!$this->queryId) {

			$aArgs = func_get_args();
			$sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
			$this->securityScan($sQuery);

			$this->_iQueryId = @mysqli_query($this->_iConnId, $sQuery);
			if (!$this->_iQueryId) {
			$this->_sqlerror('Falsche Anfrage / Wrong Query', false, 'SQL-Query = ' . $sQuery);
			return false;
			}
			$this->currentRow = 0;
			return $this->queryId;

			return is_bool($this->_iQueryId) ? $this->_iQueryId : new db_result($this->_iQueryId, $this->_iConnId);
			}

			// returns all records in an array
			public function queryAllRecords($queryString) {
			if(!$this->query($queryString))
			{
			return false;
			}
			$ret = array();
			while($line = $this->nextRecord())
			{
			$ret[] = $line;
			}
			return $ret;
			/*#@-/





			/**
			* Executes a query
			*
			* Executes a given query string, has a variable amount of parameters:
			* - 1 parameter
			* executes the given query
			* - 2 parameters
			* executes the given query, replaces the first ? in the query with the second parameter
			* - 3 parameters
			* if the 2nd parameter is a boolean true, the 3rd parameter has to be an array containing all the replacements for every occuring ? in the query, otherwise the second parameter replaces the first ?, the third parameter replaces the second ? in the query
			* - 4 or more parameters
			* all ? in the query are replaced from left to right by the parameters 2 to x
			*
			* @access public
			* @param string $sQuery query string
			* @param mixed ... one or more parameters
			* @return db_result the result object of the query
			*/


			public function query($sQuery = '') {
			$aArgs = func_get_args();
			return call_user_func_array(array(&$this, '_query'), $aArgs);
			}

			// returns one record in an array
			public function queryOneRecord($queryString) {
			if(!$this->query($queryString) \|\| $this->numRows() == 0)
			{
			return false;
			}
			return $this->nextRecord();
			/**
			* Execute a query and get first result array
			*
			* Executes a query and returns the first result row as an array
			* This is like calling $result = $db->query(), $result->get(), $result->free()
			* Use of this function @see query
			*
			* @access public
			* @param string $sQuery query to execute
			* @param ... further params (see query())
			* @return array result row or NULL if none found
			*/
			public function queryOneRecord($sQuery = '') {
			if(!preg_match('/limit \d+\s,\s\d+$/i', $sQuery)) $sQuery .= ' LIMIT 0,1';

			$aArgs = func_get_args();
			$oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
			if(!$oResult) return null;

			$aReturn = $oResult->get();
			$oResult->free();

			return $aReturn;
			}

			// returns the next record in an array
			public function nextRecord() {
			$this->record = $this->queryId->fetch_assoc();
			$this->updateError('DB::nextRecord()-> mysql_fetch_array');
			if(!$this->record \|\| !is_array($this->record))
			{
			return false;
			}
			$this->currentRow++;
			return $this->record;
			public function queryOne($sQuery = '') {
			return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
			}

			// returns number of rows returned by the last select query
			public function numRows() {
			return intval($this->queryId->num_rows);
			public function query_one($sQuery = '') {
			return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
			}

			/**
			* Execute a query and return all rows
			*
			* Executes a query and returns all result rows in an array
			* <strong>Use this with extreme care!!!</strong> Uses lots of memory on big result sets.
			*
			* @access public
			* @param string $sQuery query to execute
			* @param ... further params (see query())
			* @return array all the rows in the result set
			*/
			public function queryAllRecords($sQuery = '') {
			$aArgs = func_get_args();
			$oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
			if(!$oResult) return array();

			$aResults = array();
			while($aRow = $oResult->get()) {
			$aResults[] = $aRow;
			}
			$oResult->free();

			return $aResults;
			}

			public function queryAll($sQuery = '') {
			return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
			}

			public function query_all($sQuery = '') {
			return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
			}

			/**
			* Execute a query and return all rows as simple array
			*
			* Executes a query and returns all result rows in an array with elements
			* <strong>Only first column is returned</strong> Uses lots of memory on big result sets.
			*
			* @access public
			* @param string $sQuery query to execute
			* @param ... further params (see query())
			* @return array all the rows in the result set
			*/
			public function queryAllArray($sQuery = '') {
			$aArgs = func_get_args();
			$oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
			if(!$oResult) return array();

			$aResults = array();
			while($aRow = $oResult->get()) {
			$aResults[] = reset($aRow);
			}
			$oResult->free();

			return $aResults;
			}

			public function query_all_array($sQuery = '') {
			return $this->queryAllArray($sQuery);
			}



			/**
			* Get id of last inserted row
			*
			* Gives you the id of the last inserted row in a table with an auto-increment primary key
			*
			* @access public
			* @return int id of last inserted row or 0 if none
			*/
			public function insert_id() {
			$iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
			if(!is_object($iRes)) return false;

			$aReturn = mysqli_fetch_assoc($iRes);
			mysqli_free_result($iRes);

			return $aReturn['newid'];
			}



			/**
			* get affected row count
			*
			* Gets the amount of rows affected by the previous query
			*
			* @access public
			* @return int affected rows
			*/
			public function affected() {
			if(!is_object($this->_iConnId)) return 0;
			$iRows = mysqli_affected_rows($this->_iConnId);
			if(!$iRows) $iRows = 0;
			return $iRows;
			}


			/**
			* check if a utf8 string is valid
			*
			* @access public
			* @param string $string the string to check
			* @return bool true if it is valid utf8, false otherwise
			*/
			private function check_utf8($str) {
			$len = strlen($str);
			for($i = 0; $i < $len; $i++){
			$c = ord($str[$i]);
			if ($c > 128) {
			if (($c > 247)) return false;
			elseif ($c > 239) $bytes = 4;
			elseif ($c > 223) $bytes = 3;
			elseif ($c > 191) $bytes = 2;
			else return false;
			if (($i + $bytes) > $len) return false;
			while ($bytes > 1) {
			$i++;
			$b = ord($str[$i]);
			if ($b < 128 \|\| $b > 191) return false;
			$bytes--;
			}
			}
			}
			return true;
			} // end of check_utf8

			/**
			* Escape a string for usage in a query
			*
			* @access public
			* @param string $sString query string to escape
			* @return string escaped string
			*/
			public function escape($sString) {
			global $app;
			if(!is_string($sString) && !is_numeric($sString)) {
			$app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
			//$sAddMsg = getDebugBacktrace();
			$app->log($sAddMsg, LOGLEVEL_DEBUG);
			$sString = '';
			}

			$cur_encoding = mb_detect_encoding($sString);
			if($cur_encoding != "UTF-8") {
			if($cur_encoding != 'ASCII') {
			$app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
			if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
			else $sString = mb_convert_encoding($sString, 'UTF-8');
			}
			} elseif(!$this->check_utf8($sString)) {
			$sString = utf8_encode($sString);
			}

			if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);
			else return addslashes($sString);
			}

			/**
			*
			*
			* @access private
			*/
			private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
			global $app, $conf;

			$mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
			$mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());

			//$sAddMsg .= getDebugBacktrace();

			if($this->show_error_messages && $conf['demo_mode'] === false) {
			echo $sErrormsg . $sAddMsg;
			} else if(is_object($app) && method_exists($app, 'log')) {
			$app->log($sErrormsg . $sAddMsg . ' -> ' . $mysql_errno . ' (' . $mysql_error . ')', LOGLEVEL_WARN);
			}
			}

			public function affectedRows() {
			return intval($this->queryId->affected_rows);
			return $this->affected();
			}

			// returns mySQL insert id
			public function insertID() {
			return $this->insert_id;
			return $this->insert_id();
			}


			//* Function to quote strings
			public function quote($formfield) {
			return $this->escape_string($formfield);
			return $this->escape($formfield);
			}

			//* Function to unquotae strings
			@@ -222,7 +540,27 @@
			}
			return $out;
			}


			public function insertFromArray($tablename, $data) {
			if(!is_array($data)) return false;

			$k_query = '';
			$v_query = '';

			$params = array($tablename);
			$v_params = array();

			foreach($data as $key => $value) {
			$k_query .= ($k_query != '' ? ', ' : '') . '??';
			$v_query .= ($v_query != '' ? ', ' : '') . '?';
			$params[] = $key;
			$v_params[] = $value;
			}

			$query = 'INSERT INTO ?? (' . $k_query . ') VALUES (' . $v_query . ')';
			return $this->query($query, true, $params + $v_params);
			}

			public function diffrec($record_old, $record_new) {
			$diffrec_full = array();
			$diff_num = 0;
			@@ -266,7 +604,6 @@
			if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
			if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);

			$primary_field = $this->quote($primary_field);
			$primary_id = intval($primary_id);

			if($force_update == true) {
			@@ -284,20 +621,20 @@
			// Insert the server_id, if the record has a server_id
			$server_id = (isset($record_old['server_id']) && $record_old['server_id'] > 0)?$record_old['server_id']:0;
			if(isset($record_new['server_id'])) $server_id = $record_new['server_id'];
			$server_id = intval($server_id);


			if($diff_num > 0) {
			//print_r($diff_num);
			//print_r($diffrec_full);
			$diffstr = $app->db->quote(serialize($diffrec_full));
			$username = $app->db->quote($_SESSION['s']['user']['username']);
			$diffstr = serialize($diffrec_full);
			$username = $_SESSION['s']['user']['username'];
			$dbidx = $primary_field.':'.$primary_id;

			if($action == 'INSERT') $action = 'i';
			if($action == 'UPDATE') $action = 'u';
			if($action == 'DELETE') $action = 'd';
			$sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$db_table."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')";
			$app->db->query($sql);
			$sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES (?, ?, ?, ?, ?, ?, ?)";
			$app->db->query($sql, $db_table, $dbidx, $server_id, $action, time(), $username, $diffstr);
			}

			return true;
			@@ -311,32 +648,32 @@
			if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
			if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);

			if(strpos($tablename, '.') !== false) {
			$tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
			} else {
			$tablename_escaped = '`' . $tablename . '`';
			}

			$index_field = $this->quote($index_field);

			if(is_array($insert_data)) {
			$key_str = '';
			$val_str = '';
			$params = array($tablename);
			$v_params = array();
			foreach($insert_data as $key => $val) {
			$key_str .= "`".$key ."`,";
			$val_str .= "'".$this->quote($val)."',";
			$key_str .= '??,';
			$params[] = $key;

			$val_str .= '?,';
			$v_params[] = $val;
			}
			$key_str = substr($key_str, 0, -1);
			$val_str = substr($val_str, 0, -1);
			$insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
			$this->query("INSERT INTO ?? $insert_data_str", true, $params + $v_params);
			} else {
			/* TODO: deprecate this method! */
			$insert_data_str = $insert_data;
			$this->query("INSERT INTO ?? $insert_data_str", $tablename);
			$app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
			}


			$old_rec = array();
			$this->query("INSERT INTO $tablename_escaped $insert_data_str");
			$index_value = $this->insertID();
			$new_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);
			$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);

			return $index_value;
			@@ -345,34 +682,33 @@
			//** Updates a record and saves the changes into the datalog
			public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
			global $app;


			// Check fields
			if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
			if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);

			if(strpos($tablename, '.') !== false) {
			$tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
			} else {
			$tablename_escaped = '`' . $tablename . '`';
			}

			$index_field = $this->quote($index_field);
			$index_value = $this->quote($index_value);

			$old_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);

			if(is_array($update_data)) {
			$params = array($tablename);
			$update_data_str = '';
			foreach($update_data as $key => $val) {
			$update_data_str .= "`".$key ."` = '".$this->quote($val)."',";
			$update_data_str .= '?? = ?,';
			$params[] = $key;
			$params[] = $val;
			}
			$params[] = $index_field;
			$params[] = $index_value;
			$update_data_str = substr($update_data_str, 0, -1);
			$this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", true, $params);
			} else {
			/* TODO: deprecate this method! */
			$update_data_str = $update_data;
			$this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
			$app->log("deprecated use of passing values to datalogUpdate() - table " . $tablename, 1);
			}

			$this->query("UPDATE $tablename_escaped SET $update_data_str WHERE $index_field = '$index_value'");
			$new_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
			$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);

			return true;
			@@ -381,22 +717,13 @@
			//** Deletes a record and saves the changes into the datalog
			public function datalogDelete($tablename, $index_field, $index_value) {
			global $app;


			// Check fields
			if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$tablename)) $app->error('Invalid table name '.$tablename);
			if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$index_field)) $app->error('Invalid index field '.$index_field.' in table '.$tablename);

			if(strpos($tablename, '.') !== false) {
			$tablename_escaped = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $tablename);
			} else {
			$tablename_escaped = '`' . $tablename . '`';
			}

			$index_field = $this->quote($index_field);
			$index_value = $this->quote($index_value);

			$old_rec = $this->queryOneRecord("SELECT * FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$this->query("DELETE FROM $tablename_escaped WHERE $index_field = '$index_value'");
			$old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
			$this->query("DELETE FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
			$new_rec = array();
			$this->datalogSave($tablename, 'DELETE', $index_field, $index_value, $old_rec, $new_rec);

			@@ -414,7 +741,7 @@
			$login = $_SESSION['s']['user']['username'];
			}

			$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = '" . $this->quote($login) . "' AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action");
			$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action", $login);
			foreach($result as $row) {
			if(!$row['dbtable'] \|\| in_array($row['dbtable'], array('aps_instances', 'aps_instances_settings', 'mail_access', 'mail_content_filter'))) continue; // ignore some entries, maybe more to come
			$return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable']));
			@@ -423,28 +750,6 @@
			unset($result);

			return $return;
			}


			public function freeResult($query)
			{
			if(is_object($query) && (get_class($query) == "mysqli_result")) {
			$query->free();
			return true;
			} else {
			return false;
			}
			}

			/* TODO: Does anything use this? */
			public function delete() {

			}

			/* TODO: Does anything use this? */
			public function Transaction($action) {
			//action = begin, commit oder rollback

			}

			/*
			@@ -463,7 +768,7 @@

			public function createTable($table_name, $columns) {
			$index = '';
			$sql = "CREATE TABLE $table_name (";
			$sql = "CREATE TABLE ?? (";
			foreach($columns as $col){
			$sql .= $col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';

			@@ -483,7 +788,8 @@
			$sql .= $index;
			$sql = substr($sql, 0, -1);
			$sql .= ')';
			$this->query($sql);
			/* TODO: secure parameters */
			$this->query($sql, $table_name);
			return true;
			}

			@@ -502,7 +808,7 @@
			*/
			public function alterTable($table_name, $columns) {
			$index = '';
			$sql = "ALTER TABLE $table_name ";
			$sql = "ALTER TABLE ?? ";
			foreach($columns as $col){
			if($col['action'] == 'add') {
			$sql .= 'ADD '.$col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
			@@ -528,26 +834,23 @@
			}
			$sql .= $index;
			$sql = substr($sql, 0, -1);

			/* TODO: secure parameters */
			//die($sql);
			$this->query($sql);
			$this->query($sql, $table_name);
			return true;
			}

			public function dropTable($table_name) {
			$this->check($table_name);
			$sql = "DROP TABLE '". $table_name."'";
			return $this->query($sql);
			$sql = "DROP TABLE ??";
			return $this->query($sql, $table_name);
			}

			// gibt Array mit Tabellennamen zur�ck
			public function getTables($database_name = '') {
			if($this->isConnected == false) return false;
			if(!is_object($this->_iConnId)) return false;
			if($database_name == '') $database_name = $this->dbName;
			$result = parent::query("SHOW TABLES FROM $database_name");
			for ($i = 0; $i < $result->num_rows; $i++) {
			$tb_names[$i] = (($result->data_seek( $i) && (($___mysqli_tmp = $result->fetch_row()) !== NULL)) ? array_shift($___mysqli_tmp) : false);
			}
			$tb_names = $this->queryAllArray("SHOW TABLES FROM ??", $database_name);
			return $tb_names;
			}

			@@ -571,7 +874,7 @@
			global $go_api, $go_info, $app;
			// Tabellenfelder einlesen

			if($rows = $app->db->queryAllRecords('SHOW FIELDS FROM '.$table_name)){
			if($rows = $app->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
			foreach($rows as $row) {
			/*
			$name = $row[0];
			@@ -699,4 +1002,238 @@

			}

			/**
			* database query result class
			*
			* @package pxFramework
			*
			*/
			class db_result {

			/**
			*
			*
			* @access private
			*/
			private $_iResId = null;
			private $_iConnection = null;



			/**
			*
			*
			* @access private
			*/
			public function db_result($iResId, $iConnection) {
			$this->_iResId = $iResId;
			$this->_iConnection = $iConnection;
			}



			/**
			* get count of result rows
			*
			* Returns the amount of rows in the result set
			*
			* @access public
			* @return int amount of rows
			*/
			public function rows() {
			if(!is_object($this->_iResId)) return 0;
			$iRows = mysqli_num_rows($this->_iResId);
			if(!$iRows) $iRows = 0;
			return $iRows;
			}



			/**
			* Get number of affected rows
			*
			* Returns the amount of rows affected by the previous query
			*
			* @access public
			* @return int amount of affected rows
			*/
			public function affected() {
			if(!is_object($this->_iConnection)) return 0;
			$iRows = mysqli_affected_rows($this->_iConnection);
			if(!$iRows) $iRows = 0;
			return $iRows;
			}



			/**
			* Frees the result set
			*
			* @access public
			*/
			public function free() {
			if(!is_object($this->_iResId)) return;

			mysqli_free_result($this->_iResId);
			return;
			}



			/**
			* Get a result row (associative)
			*
			* Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
			*
			* @access public
			* @return array result row
			*/
			public function get() {
			$aItem = null;

			if(is_object($this->_iResId)) {
			$aItem = mysqli_fetch_assoc($this->_iResId);
			if(!$aItem) $aItem = null;
			}
			return $aItem;
			}



			/**
			* Get a result row (array with numeric index)
			*
			* @access public
			* @return array result row
			*/
			public function getAsRow() {
			$aItem = null;

			if(is_object($this->_iResId)) {
			$aItem = mysqli_fetch_row($this->_iResId);
			if(!$aItem) $aItem = null;
			}
			return $aItem;
			}

			}

			/**
			* database query result class
			*
			* emulates a db result set out of an array so you can use array results and db results the same way
			*
			* @package pxFramework
			* @see db_result
			*
			*
			*/
			class fakedb_result {

			/**
			*
			*
			* @access private
			*/
			private $aResultData = array();

			/**
			*
			*
			* @access private
			*/
			private $aLimitedData = array();



			/**
			*
			*
			* @access private
			*/
			public function fakedb_result($aData) {
			$this->aResultData = $aData;
			$this->aLimitedData = $aData;
			reset($this->aLimitedData);
			}



			/**
			* get count of result rows
			*
			* Returns the amount of rows in the result set
			*
			* @access public
			* @return int amount of rows
			*/
			// Gibt die Anzahl Zeilen zurück
			public function rows() {
			return count($this->aLimitedData);
			}



			/**
			* Frees the result set
			*
			* @access public
			*/
			// Gibt ein Ergebnisset frei
			public function free() {
			$this->aResultData = array();
			$this->aLimitedData = array();
			return;
			}



			/**
			* Get a result row (associative)
			*
			* Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
			*
			* @access public
			* @return array result row
			*/
			// Gibt eine Ergebniszeile zurück
			public function get() {
			$aItem = null;

			if(!is_array($this->aLimitedData)) return $aItem;

			if(list($vKey, $aItem) = each($this->aLimitedData)) {
			if(!$aItem) $aItem = null;
			}
			return $aItem;
			}



			/**
			* Get a result row (array with numeric index)
			*
			* @access public
			* @return array result row
			*/
			public function getAsRow() {
			return $this->get();
			}



			/**
			* Limit the result (like a LIMIT x,y in a SQL query)
			*
			* @access public
			* @param int $iStart offset to start read
			* @param int iLength amount of datasets to read
			*/
			public function limit_result($iStart, $iLength) {
			$this->aLimitedData = array_slice($this->aResultData, $iStart, $iLength, true);
			}

			}


			?>