githubFork/roundcubemail.git

parent: e0ed9728 | patch | commit | ignore whitespace

svncommit

2005-10-25 d7cb77414c4cf074269b6812c3dd3571ee29afca


more pear/mdb2 integration

21 files modified

	SQL/postgres.initial.sql	8 ●●●●● patch \| view \| raw \| blame \| history
	index.php	8 ●●●●● patch \| view \| raw \| blame \| history
	program/include/cache.inc	69 ●●●●● patch \| view \| raw \| blame \| history
	program/include/main.inc	50 ●●●●● patch \| view \| raw \| blame \| history
	program/include/rcube_db.inc	53 ●●●●● patch \| view \| raw \| blame \| history
	program/include/rcube_mdb2.inc	42 ●●●●● patch \| view \| raw \| blame \| history
	program/include/session.inc	87 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/delete.inc	38 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/edit.inc	13 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/func.inc	35 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/list.inc	26 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/save.inc	49 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/show.inc	13 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/addcontact.inc	25 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/compose.inc	34 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/sendmail.inc	14 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/delete_identity.inc	12 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/edit_identity.inc	13 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/func.inc	18 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/save_identity.inc	44 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/save_prefs.inc	15 ●●●●● patch \| view \| raw \| blame \| history

 SQL/postgres.initial.sql

@@ -117,11 +117,11 @@
    del boolean DEFAULT false NOT NULL,
    "default" boolean DEFAULT false NOT NULL,
    name character varying(128) NOT NULL,
    organization character varying(128) NOT NULL,
    organization character varying(128),
    email character varying(128) NOT NULL,
    "reply-to" character varying(128) NOT NULL,
    bcc character varying(128) NOT NULL,
    signature text NOT NULL
    "reply-to" character varying(128),
    bcc character varying(128),
    signature text
);



 index.php

@@ -51,16 +51,18 @@
    $CURRENT_PATH.='/';
    
// set environment first
ini_set('include_path', ini_get('include_path').PATH_SEPARATOR.$INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib');
// RC include folders MUST be included FIRST to avoid other
// possible not compatible libraries (i.e PEAR) to be included
// instead the ones provided by RC
ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));

ini_set('session.name', 'sessid');
ini_set('session.use_cookies', 1);
ini_set('error_reporting', E_ALL&~E_NOTICE);


// increase maximum execution time for php scripts
// (does not work in safe mode)
@set_time_limit('120');


// include base files
require_once('include/rcube_shared.inc');

 program/include/cache.inc

@@ -25,13 +25,12 @@
  global $DB, $CACHE_KEYS;
  
  // query db
  $sql_result = $DB->query(sprintf("SELECT cache_id, data
                                    FROM   %s
                                    WHERE  user_id=%d
                                    AND    cache_key='%s'",
                                   get_table_name('cache'),
                                   $_SESSION['user_id'],
                                   $key));
  $sql_result = $DB->query("SELECT cache_id, data
                            FROM ".get_table_name('cache')."
                            WHERE  user_id=?
                            AND    cache_key=?",
                            $_SESSION['user_id'],
                            $key);

  // get cached data
  if ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -53,13 +52,12 @@
  // check if we already have a cache entry for this key
  if (!isset($CACHE_KEYS[$key]))
    {
    $sql_result = $DB->query(sprintf("SELECT cache_id
                                      FROM   %s
                                      WHERE  user_id=%d
                                      AND    cache_key='%s'",
                                     get_table_name('cache'),
                                     $_SESSION['user_id'],
                                     $key));
    $sql_result = $DB->query("SELECT cache_id
                              FROM ".get_table_name('cache')."
                              WHERE  user_id=?
                              AND    cache_key=?",
                              $_SESSION['user_id'],
                              $key);
                                     
    if ($sql_arr = $DB->fetch_assoc($sql_result))
      $CACHE_KEYS[$key] = $sql_arr['cache_id'];
@@ -70,27 +68,25 @@
  // update existing cache record
  if ($CACHE_KEYS[$key])
    {
    $DB->query(sprintf("UPDATE %s
                        SET    created=NOW(),
                               data='%s'
                        WHERE  user_id=%d
                        AND    cache_key='%s'",
                       get_table_name('cache'),
                       addslashes($data),
                       $_SESSION['user_id'],
                       $key));
    $DB->query("UPDATE ".get_table_name('cache')."
                SET    created=NOW(),
                       data=?
                WHERE  user_id=?
                AND    cache_key=?",
                $data,
                $_SESSION['user_id'],
                $key);
    }
  // add new cache record
  else
    {
    $DB->query(sprintf("INSERT INTO %s
                        (created, user_id, session_id, cache_key, data)
                        VALUES (NOW(), %d, %s, '%s', '%s')",
                       get_table_name('cache'),
                       $_SESSION['user_id'],
                       $session_cache ? "'$sess_id'" : 'NULL',
                       $key,
                       addslashes($data)));
    $DB->query("INSERT INTO ".get_table_name('cache')."
                (created, user_id, session_id, cache_key, data)
                VALUES (NOW(), ?, ?, ?', ?)",
                $_SESSION['user_id'],
                $session_cache ? $sess_id : 'NULL',
                $key,
                $data);
    }
  }

@@ -100,12 +96,11 @@
  {
  global $DB;

  $DB->query(sprintf("DELETE FROM %s
                      WHERE  user_id=%d
                      AND    cache_key='%s'",
                     get_table_name('cache'),
                     $_SESSION['user_id'],
                     $key));
  $DB->query("DELETE FROM ".get_table_name('cache')."
              WHERE  user_id=?
              AND    cache_key=?",
              $_SESSION['user_id'],
              $key);
  }



 program/include/main.inc

@@ -263,13 +263,12 @@
    }

  // query if user already registered
  $sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences
                                    FROM   %s
                                    WHERE  mail_host='%s' AND (username='%s' OR alias='%s')",
                                   get_table_name('users'),
                                   addslashes($host),
                                   addslashes($user),
                                   addslashes($user)));
  $sql_result = $DB->query("SELECT user_id, username, language, preferences
                            FROM ".get_table_name('users')."
                            WHERE  mail_host=? AND (username=? OR alias=?)",
                            $host,
                            $user,
                            $user);

  // user already registered -> overwrite username
  if ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -299,11 +298,10 @@
      $sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language'];
      
    // update user's record
    $DB->query(sprintf("UPDATE %s
                        SET    last_login=NOW()
                        WHERE  user_id=%d",
                       get_table_name('users'),
                       $user_id));
    $DB->query("UPDATE ".get_table_name('users')."
                SET    last_login=NOW()
                WHERE  user_id=?",
                $user_id);
    }
  // create new system user
  else if ($CONFIG['auto_create_user'])
@@ -336,27 +334,25 @@
  {
  global $DB, $CONFIG, $IMAP;
  
  $DB->query(sprintf("INSERT INTO %s
                      (created, last_login, username, mail_host, language)
                      VALUES (NOW(), NOW(), '%s', '%s', '%s')",
                     get_table_name('users'),
                     addslashes($user),
                     addslashes($host),
                     $_SESSION['user_lang']));
  $DB->query("INSERT INTO ".get_table_name('users')."
              (created, last_login, username, mail_host, language)
              VALUES (NOW(), NOW(), ?, ?, ?)",
              $user,
              $host,
              $_SESSION['user_lang']);

  if ($user_id = $DB->insert_id())
  if ($user_id = $DB->insert_id('user_ids'))
    {
    $user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host);
    $user_name = $user!=$user_email ? $user : '';
    
    // also create a new identity record
    $DB->query(sprintf("INSERT INTO %s
                        (user_id, `default`, name, email)
                        VALUES (%d, '1', '%s', '%s')",
                       get_table_name('identities'),
                       $user_id,
                       addslashes($user_name),
                       addslashes($user_email)));
    $DB->query("INSERT INTO ".get_table_name('identities')."
                (user_id, `default`, name, email)
                VALUES (?, '1', ?, ?)",
                $user_id,
                $user_name,
                $user_email);
                       
    // get existing mailboxes
    $a_mailboxes = $IMAP->list_mailboxes();

 program/include/rcube_db.inc

@@ -101,9 +101,27 @@
        $this->db_connected = true;
    }

    // Query database (read operations)
    // Query database
    
    function query($query, $offset=0, $numrows=0)
    function query()
    {
        $params = func_get_args();
        $query = array_shift($params);
		
        return $this->_query($query, 0, 0, $params);
    }
   
    function limitquery()
    {
        $params = func_get_args();
        $query = array_shift($params);
        $offset = array_shift($params);
        $numrows = array_shift($params);
		
        return $this->_query($query, $offset, $numrows, $params);
    }
    
    function _query($query, $offset, $numrows, $params)
    {
        // Read or write ?
        if (strtolower(trim(substr($query,0,6)))=='select')
@@ -118,18 +136,21 @@
        
        if ($numrows || $offset)
            {
            $result = $this->db_handle->limitQuery($query,$offset,$numrows);
            $result = $this->db_handle->limitQuery($query,$offset,$numrows,$params);
            }
        else    
            $result = $this->db_handle->query($query);
        
            $result = $this->db_handle->query($query,$params);

        if (DB::isError($result))
            {
            raise_error(array('code' => 500,
                              'type' => 'db',
                              'line' => __LINE__, 
                              'file' => __FILE__, 
                              'message' => $result->getMessage()), TRUE, FALSE);
        
             return false;
            }

        return $this->_add_result($result, $query);
    }
    
@@ -196,6 +217,26 @@
        return $result->fetchRow(DB_FETCHMODE_ASSOC);
    }

    function quoteIdentifier ( $str )
    {
        if (!$this->db_handle)
            $this->db_connect('r');
			
        return $this->db_handle->quoteIdentifier($str);
    }
	
    function unixtimestamp($field)
    {
        switch($this->db_provider)
            {
            case 'pgsql':
                return "EXTRACT (EPOCH FROM $field)";
                break;
            default:
                return "UNIX_TIMESTAMP($field)";
            }
    }
	
    function _add_result($res, $query)
    {
        // sql error occured

 program/include/rcube_mdb2.inc

@@ -101,9 +101,27 @@
        $this->db_connected = true;
    }

    // Query database (read operations)
    // Query database
    
    function query($query, $offset=0, $numrows=0)
    function query()
    {
        $params = func_get_args();
        $query = array_shift($params);
		
        return $this->_query($query, 0, 0, $params);
    }
   
    function limitquery()
    {
        $params = func_get_args();
        $query = array_shift($params);
        $offset = array_shift($params);
        $numrows = array_shift($params);
		
        return $this->_query($query, $offset, $numrows, $params);
    }
    
    function _query($query, $offset, $numrows, $params)
    {
        // Read or write ?
        if (strtolower(trim(substr($query,0,6)))=='select')
@@ -175,6 +193,26 @@
        return $result->fetchRow(MDB2_FETCHMODE_ASSOC);
    }

    function quoteIdentifier ( $str )
    {
        if (!$this->db_handle)
            $this->db_connect('r');
			
        return $this->db_handle->quoteIdentifier($str);
    }
	
    function unixtimestamp($field)
    {
        switch($this->db_provider)
            {
            case 'pgsql':
                return "EXTRACT (EPOCH FROM $field)";
                break;
            default:
                return "UNIX_TIMESTAMP($field)";
            }
    }
	
    function _add_result($res, $query)
    {
        // sql error occured

 program/include/session.inc

@@ -38,11 +38,10 @@
  {
  global $DB, $SESS_CHANGED;
  
  $sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed
                                    FROM   %s
                                    WHERE  sess_id='%s'",
                                   get_table_name('session'),
                                   $key));
  $sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
                            FROM ".get_table_name('session')."
                            WHERE  sess_id=?",
                            $key);

  if ($sql_arr = $DB->fetch_assoc($sql_result))
    {
@@ -61,32 +60,29 @@
  {
  global $DB;
  
  $sql_result = $DB->query(sprintf("SELECT 1
                                    FROM   %s
                                    WHERE  sess_id='%s'",
                                   get_table_name('session'),
                                   $key));
  $sql_result = $DB->query("SELECT 1
                            FROM ".get_table_name('session')."
                            WHERE  sess_id=?",
                            $key);

  if ($DB->num_rows($sql_result))
    {
    session_decode($vars);
    $DB->query(sprintf("UPDATE %s
                        SET    vars='%s',
                               changed=NOW()
                        WHERE  sess_id='%s'",
                       get_table_name('session'),
                       $vars,
                       $key));
    $DB->query("UPDATE ".get_table_name('session')."
                SET    vars=?,
                       changed=NOW()
                WHERE  sess_id=?",
                $vars,
                $key);
    }
  else
    {
    $DB->query(sprintf("INSERT INTO %s
                        (sess_id, vars, ip, created, changed)
                        VALUES ('%s', '%s', '%s', NOW(), NOW())",
                       get_table_name('session'),
                       $key,
                       $vars,
                       $_SERVER['REMOTE_ADDR']));
    $DB->query("INSERT INTO ".get_table_name('session')."
                (sess_id, vars, ip, created, changed)
                VALUES (?, ?, ?, NOW(), NOW())",
                $key,
                $vars,
                $_SERVER['REMOTE_ADDR']);
    }

  return TRUE;
@@ -98,16 +94,14 @@
  {
  global $DB;
  
  $DB->query(sprintf("DELETE FROM %s
                      WHERE sess_id='%s'",
                     get_table_name('session'),
                     $key));

  // also delete session entries in cache table
  $DB->query(sprintf("DELETE FROM %s
                      WHERE  session_id='%s'",
                     get_table_name('cache'),
                     $key));
  // delete session entries in cache table
  $DB->query("DELETE FROM ".get_table_name('cache')."
              WHERE  session_id=?",
              $key);
              
  $DB->query("DELETE FROM ".get_table_name('session')."
              WHERE sess_id=?",
              $key);
                     
  return TRUE;
  }
@@ -119,11 +113,10 @@
  global $DB;

  // get all expired sessions  
  $sql_result = $DB->query(sprintf("SELECT sess_id
                                    FROM   %s
                                    WHERE  UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(created) > %d",
                                   get_table_name('session'),
                                   $maxlifetime));
  $sql_result = $DB->query("SELECT sess_id
                            FROM ".get_table_name('session')."
                            WHERE ".$DB->unixtimestamp('NOW()')."-".$DB->unixtimestamp('created')." > ?",
                            $maxlifetime);
                                   
  $a_exp_sessions = array();
  while ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -132,17 +125,13 @@
  
  if (sizeof($a_exp_sessions))
    {
    // delete session cache records
    $DB->query("DELETE FROM ".get_table_name('cache')."
                WHERE  session_id IN ('".join("','", $a_exp_sessions)."')");
                
    // delete session records
    $DB->query(sprintf("DELETE FROM %s
                        WHERE sess_id IN ('%s')",
                       get_table_name('session'),
                       join("','", $a_exp_sessions)));

    // also delete session cache records
    $DB->query(sprintf("DELETE FROM %s
                        WHERE  session_id IN ('%s')",
                       get_table_name('cache'),
                       join("','", $a_exp_sessions)));
    $DB->query("DELETE FROM ".get_table_name('session')."
                WHERE sess_id IN ('".join("','", $a_exp_sessions)."')");
    }

  return TRUE;

 program/steps/addressbook/delete.inc

@@ -23,13 +23,11 @@

if ($_GET['_cid'])
  {
  $DB->query(sprintf("UPDATE %s
                      SET    del='1'
                      WHERE  user_id=%d
                      AND    contact_id IN (%s)",
                     get_table_name('contacts'),
                     $_SESSION['user_id'],
                     $_GET['_cid']));
  $DB->query("UPDATE ".get_table_name('contacts')."
              SET    del='1'
              WHERE  user_id=?
              AND    contact_id IN (".$_GET['_cid'].")",
              $_SESSION['user_id']);
                     
  $count = $DB->affected_rows();
  if (!$count)
@@ -40,12 +38,11 @@


  // count contacts for this user
  $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
                                    FROM   %s
                                    WHERE  del!='1'
                                    AND    user_id=%d",
                                 get_table_name('contacts'),
                                 $_SESSION['user_id']));
  $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
                            FROM ".get_table_name('contacts')."
                            WHERE  del<>'1'
                            AND    user_id=?",
                            $_SESSION['user_id']);
                                   
  $sql_arr = $DB->fetch_assoc($sql_result);
  $rowcount = $sql_arr['rows'];    
@@ -62,14 +59,13 @@
    $start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count;

    // get contacts from DB
    $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                      WHERE  del!='1'
                                      AND    user_id=%d
                                      ORDER BY name",
                                     get_table_name('contacts'),
                                     $_SESSION['user_id']),
                                     $start_row,
                                     $count);
    $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
                                   WHERE  del<>'1'
                                   AND    user_id=?
                                   ORDER BY name",
                                   $start_row,
                                   $count,
                                   $_SESSION['user_id']);
                                     
    $commands .= rcmail_js_contacts_list($sql_result);


 program/steps/addressbook/edit.inc

@@ -23,13 +23,12 @@
if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit')
  {
  $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
  $DB->query(sprintf("SELECT * FROM %s
                      WHERE  contact_id=%d
                      AND    user_id=%d
                      AND    del!='1'",
                     get_table_name('contacts'),
                     $cid,
                     $_SESSION['user_id']));
  $DB->query("SELECT * FROM ".get_table_name('contacts')."
             WHERE  contact_id=?
             AND    user_id=?
             AND    del<>'1'",
             $cid,
             $_SESSION['user_id']);
  
  $CONTACT_RECORD = $DB->fetch_assoc();
  

 program/steps/addressbook/func.inc

@@ -41,12 +41,11 @@
  //$image_tag = '<img src="%s%s" alt="%s" border="0" />';
  
  // count contacts for this user
  $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
                                    FROM   %s
                                    WHERE  del!='1'
                                    AND    user_id=%d",
                                   get_table_name('contacts'),
                                   $_SESSION['user_id']));
  $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
                            FROM ".get_table_name('contacts')."
                            WHERE  del<>'1'
                            AND    user_id=?",
                            $_SESSION['user_id']);

  $sql_arr = $DB->fetch_assoc($sql_result);
  $rowcount = $sql_arr['rows'];
@@ -56,14 +55,13 @@
    $start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];

    // get contacts from DB
    $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                      WHERE  del!='1'
                                      AND    user_id=%d
                                      ORDER BY name",
                                     get_table_name('contacts'),
                                     $_SESSION['user_id']),
                                     $start_row,
                                     $CONFIG['pagesize']);
    $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
                                   WHERE  del<>'1'
                                   AND    user_id= ?
                                   ORDER BY name",
                                   $start_row,
                                   $CONFIG['pagesize'],
                                   $_SESSION['user_id']);
    }
  else
    $sql_result = NULL;
@@ -174,11 +172,10 @@
  // get nr of contacts
  if ($max===NULL)
    {
    $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
                                      WHERE  del!='1'
                                      AND    user_id=%d",
                                     get_table_name('contacts'),
                                     $_SESSION['user_id']));
    $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
                              WHERE  del<>'1'
                              AND    user_id=?",
                              $_SESSION['user_id']);

    $max = $DB->num_rows($sql_result);
    }

 program/steps/addressbook/list.inc

@@ -22,12 +22,11 @@
$REMOTE_REQUEST = TRUE;

// count contacts for this user
$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
                                  FROM   %s
                                  WHERE  del!='1'
                                  AND    user_id=%d",
                                 get_table_name('contacts'),
                                 $_SESSION['user_id']));
$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
                          FROM ".get_table_name('contacts')."
                          WHERE  del<>'1'
                          AND    user_id=?",
                          $_SESSION['user_id']);
                                   
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];    
@@ -40,14 +39,13 @@
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];

// get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s
                                  WHERE  del!='1'
                                  AND    user_id=%d
                                  ORDER BY name",
                                 get_table_name('contacts'),
                                 $_SESSION['user_id']),
                                 $start_row,
                                 $CONFIG['pagesize']);
$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
                               WHERE  del<>'1'
                               AND    user_id=?
                               ORDER BY name",
                               $start_row,
                               $CONFIG['pagesize'],
                               $_SESSION['user_id']);
                                 
$commands .= rcmail_js_contacts_list($sql_result);
  

 program/steps/addressbook/save.inc

@@ -39,15 +39,13 @@

  if (sizeof($a_write_sql))
    {
    $DB->query(sprintf("UPDATE %s
                        SET    %s
                        WHERE  contact_id=%d
                        AND    user_id=%d
                        AND    del!='1'",
                       get_table_name('contacts'),
                       join(', ', $a_write_sql),
                       $_POST['_cid'],
                       $_SESSION['user_id']));
    $DB->query("UPDATE ".get_table_name('contacts')."
                SET    ".join(', ', $a_write_sql)."
                WHERE  contact_id=?
                AND    user_id=?
                AND    del<>'1'",
                $_POST['_cid'],
                $_SESSION['user_id']);
                       
    $updated = $DB->affected_rows();
    }
@@ -63,13 +61,12 @@
      $a_show_cols = array('name', 'email');
      $a_js_cols = array();
  
      $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                        WHERE  contact_id=%d
                                        AND    user_id=%d
                                        AND    del!='1'",
                               get_table_name('contacts'),
      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
                                WHERE  contact_id=?
                                AND    user_id=?
                                AND    del<>'1'",
                               $_POST['_cid'],
                               $_SESSION['user_id']));
                               $_SESSION['user_id']);
                         
      $sql_arr = $DB->fetch_assoc($sql_result);
      foreach ($a_show_cols as $col)
@@ -111,13 +108,10 @@
    
  if (sizeof($a_insert_cols))
    {
    $DB->query(sprintf("INSERT INTO %s
                        (user_id, %s)
                        VALUES (%d, %s)",
                       get_table_name('contacts'),
                       join(', ', $a_insert_cols),
                       $_SESSION['user_id'],
                       join(', ', $a_insert_values)));
    $DB->query("INSERT INTO ".get_table_name('contacts')."
                (user_id, ".join(', ', $a_insert_cols).")
                VALUES (?, ".join(', ', $a_insert_values).")",
                $_SESSION['user_id']);
                       
    $insert_id = $DB->insert_id();
    }
@@ -131,12 +125,11 @@
      {
      // add contact row or jump to the page where it should appear
      $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
      $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                        WHERE  contact_id=%d
                                        AND    user_id=%d",
                                       get_table_name('contacts'),
                                       $insert_id,
                                       $_SESSION['user_id']));
      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
                                WHERE  contact_id=?
                                AND    user_id=?",
                                $insert_id,
                                $_SESSION['user_id']);
      $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);

      $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",

 program/steps/addressbook/show.inc

@@ -23,13 +23,12 @@
if ($_GET['_cid'] || $_POST['_cid'])
  {
  $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
  $DB->query(sprintf("SELECT * FROM %s
                      WHERE  contact_id=%d
                      AND    user_id=%d
                      AND    del!='1'",
                     get_table_name('contacts'),
                     $cid,
                     $_SESSION['user_id']));
  $DB->query("SELECT * FROM ".get_table_name('contacts')."
              WHERE  contact_id=?
              AND    user_id=?
              AND    del<>'1'",
              $cid,
              $_SESSION['user_id']);
  
  $CONTACT_RECORD = $DB->fetch_assoc();
  

 program/steps/mail/addcontact.inc

@@ -29,13 +29,11 @@
    $contact = $contact_arr[1];

    if ($contact['mailto'])
      $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
                                        WHERE  user_id=%d
                                        AND    email='%s'
                                        AND    del!='1'",
                                       get_table_name('contacts'),
                                       $_SESSION['user_id'],
                                       $contact['mailto']));
      $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
                                WHERE  user_id=?
                                AND    email=?
                                AND    del<>'1'",
                                $_SESSION['user_id'],$contact['mailto']);

    // contact entry with this mail address exists
    if ($sql_result && $DB->num_rows($sql_result))
@@ -43,13 +41,12 @@

    else if ($contact['mailto'])
      {
      $DB->query(sprintf("INSERT INTO %s
                          (user_id, name, email)
                          VALUES (%d, '%s', '%s')",
                         get_table_name('contacts'),
                         $_SESSION['user_id'],
                         $contact['name'],
                         $contact['mailto']));
      $DB->query("INSERT INTO ".get_table_name('contacts')."
                  (user_id, name, email)
                  VALUES (?, ?, ?)",
                  $_SESSION['user_id'],
                  $contact['name'],
                  $contact['mailto']);

      $added = $DB->insert_id();
      }

 program/steps/mail/compose.inc

@@ -87,13 +87,11 @@
          $field_attrib[$attr] = $value;
    
      // get this user's identities
      $sql_result = $DB->query(sprintf("SELECT identity_id, name, email
                                        FROM   %s
                                        WHERE  user_id=%d
                                        AND    del!='1'
                                        ORDER BY `default` DESC, name ASC",
                                       get_table_name('identities'),
                                       $_SESSION['user_id']));
      $sql_result = $DB->query("SELECT identity_id, name, email
                                FROM   ".get_table_name('identities')." WHERE  user_id=?
                                AND    del<>'1'
                                ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
                                $_SESSION['user_id']);
                                   
      if ($DB->num_rows($sql_result))
        {        
@@ -123,14 +121,11 @@
      if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
        {
        $a_recipients = array();
        $sql_result = $DB->query(sprintf("SELECT name, email
                                          FROM   %s
                                          WHERE  user_id=%d
                                          AND    del!='1'
                                          AND    contact_id IN (%s)",
                                         get_table_name('contacts'),
                                         $_SESSION['user_id'],
                                         $_GET['_to']));
        $sql_result = $DB->query("SELECT name, email
                                  FROM ".get_table_name('contacts')." WHERE user_id=?
                                  AND    del<>'1'
                                  AND    contact_id IN (".$_GET['_to'].")",
                                  $_SESSION['user_id']);
                                         
        while ($sql_arr = $DB->fetch_assoc($sql_result))
          $a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
@@ -559,12 +554,9 @@

/****** get contacts for this user and add them to client scripts ********/

$sql_result = $DB->query(sprintf("SELECT name, email
                                  FROM   %s
                                  WHERE  user_id=%d
                                  AND    del!='1'",
                                 get_table_name('contacts'),
                                 $_SESSION['user_id']));
$sql_result = $DB->query("SELECT name, email
                          FROM ".get_table_name('contacts')." WHERE  user_id=?
                          AND  del<>'1'",$_SESSION['user_id']);
                                   
if ($DB->num_rows($sql_result))
  {        

 program/steps/mail/sendmail.inc

@@ -42,14 +42,12 @@
  global $DB;
  
  // get identity record
  $sql_result = $DB->query(sprintf("SELECT *, email AS mailto
                                    FROM   %s
                                    WHERE  identity_id=%d
                                    AND    user_id=%d
                                    AND    del!='1'",
                                   get_table_name('identities'),
                                   $id,
                                   $_SESSION['user_id']));
  $sql_result = $DB->query("SELECT *, email AS mailto
                            FROM ".get_table_name('identities')."
                            WHERE  identity_id=?
                            AND    user_id=?
                            AND    del<>'1'",
                            $id,$_SESSION['user_id']);
                                   
  if ($DB->num_rows($sql_result))
    {

 program/steps/settings/delete_identity.inc

@@ -23,13 +23,11 @@

if ($_GET['_iid'])
  {
  $DB->query(sprintf("UPDATE %s
                      SET    del='1'
                      WHERE  user_id=%d
                      AND    identity_id IN (%s)",
                     get_table_name('identities'),
                     $_SESSION['user_id'],
                     $_GET['_iid']));
  $DB->query("UPDATE ".get_table_name('identities')."
              SET    del='1'
              WHERE  user_id=?
              AND    identity_id IN (".$_GET['_iid'].")",
              $_SESSION['user_id']);

  $count = $DB->affected_rows();
  if ($count)

 program/steps/settings/edit_identity.inc

@@ -22,13 +22,12 @@
if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
  {
  $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
  $DB->query(sprintf("SELECT * FROM %s
                      WHERE  identity_id=%d
                      AND    user_id=%d
                      AND    del!='1'",
                     get_table_name('identities'),
                     $id,
                     $_SESSION['user_id']));
  $DB->query("SELECT * FROM ".get_table_name('identities')."
              WHERE  identity_id=?
              AND    user_id=?
              AND    del<>'1'",
              $id,
              $_SESSION['user_id']);
  
  $IDENTITY_RECORD = $DB->fetch_assoc();
  

 program/steps/settings/func.inc

@@ -21,10 +21,9 @@


// get user record
$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s
                                  WHERE  user_id=%d",
                                 get_table_name('users'),
                                 $_SESSION['user_id']));
$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
                          WHERE  user_id=?",
                          $_SESSION['user_id']);
                                 
if ($USER_DATA = $DB->fetch_assoc($sql_result))
  $PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
@@ -143,12 +142,11 @@


  // get contacts from DB
  $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                    WHERE  del!='1'
                                    AND    user_id=%d
                                    ORDER BY `default` DESC, name ASC",
                                   get_table_name('identities'),
                                   $_SESSION['user_id']));
  $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
                            WHERE  del<>'1'
                            AND    user_id=?
                            ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
                            $_SESSION['user_id']);


  // add id to message list table if not specified

 program/steps/settings/save_identity.inc

@@ -38,15 +38,13 @@

  if (sizeof($a_write_sql))
    {
    $DB->query(sprintf("UPDATE %s
                        SET    %s
                        WHERE  identity_id=%d
                        AND    user_id=%d
                        AND    del!='1'",
                       get_table_name('identities'),
                       join(', ', $a_write_sql),
                       $_POST['_iid'],
                       $_SESSION['user_id']));
    $DB->query("UPDATE ".get_table_name('identities')."
                SET ".join(', ', $a_write_sql)."
                WHERE  identity_id=?
                AND    user_id=?
                AND    del<>'1'",
                $_POST['_iid'],
                $_SESSION['user_id']);
                       
    $updated = $DB->affected_rows();
    }
@@ -56,14 +54,13 @@
    show_message('successfullysaved', 'confirmation');

    // mark all other identities as 'not-default'
    $DB->query(sprintf("UPDATE %s
                        SET    `default`='0'
                        WHERE  identity_id!=%d
                        AND    user_id=%d
                        AND    del!='1'",
                       get_table_name('identities'),
                       $_POST['_iid'],
                       $_SESSION['user_id']));
    $DB->query("UPDATE ".get_table_name('identities')."
                SET ".$DB->quoteIdentifier('default')."='0'
                WHERE  identity_id!=?
                AND    user_id=?
                AND    del<>'1'",
                $_POST['_iid'],
                $_SESSION['user_id']);
    
    if ($_POST['_framed'])
      {
@@ -89,19 +86,16 @@
    if (!isset($_POST[$fname]))
      continue;
    
    $a_insert_cols[] = "`$col`";
    $a_insert_cols[] = $DB->quoteIdentifier($col);
    $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
    }
    
  if (sizeof($a_insert_cols))
    {
    $DB->query(sprintf("INSERT INTO %s
                        (user_id, %s)
                        VALUES (%d, %s)",
                       get_table_name('identities'),
                       join(', ', $a_insert_cols),
                       $_SESSION['user_id'],
                       join(', ', $a_insert_values)));
    $DB->query("INSERT INTO ".get_table_name('identities')."
                (user_id, ".join(', ', $a_insert_cols).")
                VALUES (?, ".join(', ', $a_insert_values).")",
                $_SESSION['user_id']);
                       
    $insert_id = $DB->insert_id();
    }

 program/steps/settings/save_prefs.inc

@@ -35,14 +35,13 @@
  $sess_user_lang = $_SESSION['user_lang'] = $_POST['_language'];


$DB->query(sprintf("UPDATE %s
                    SET    preferences='%s',
                           language='%s'
                    WHERE  user_id=%d",
                   get_table_name('users'),
                   addslashes(serialize($a_user_prefs)),
                   $sess_user_lang,
                   $_SESSION['user_id']));
$DB->query("UPDATE ".get_table_name('users')."
            SET    preferences=?,
                   language=?
            WHERE  user_id=?",
            serialize($a_user_prefs),
            $sess_user_lang,
            $_SESSION['user_id']);

if ($DB->affected_rows())
  {

			@@ -117,11 +117,11 @@
			del boolean DEFAULT false NOT NULL,
			"default" boolean DEFAULT false NOT NULL,
			name character varying(128) NOT NULL,
			organization character varying(128) NOT NULL,
			organization character varying(128),
			email character varying(128) NOT NULL,
			"reply-to" character varying(128) NOT NULL,
			bcc character varying(128) NOT NULL,
			signature text NOT NULL
			"reply-to" character varying(128),
			bcc character varying(128),
			signature text
			);

			@@ -51,16 +51,18 @@
			$CURRENT_PATH.='/';

			// set environment first
			ini_set('include_path', ini_get('include_path').PATH_SEPARATOR.$INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib');
			// RC include folders MUST be included FIRST to avoid other
			// possible not compatible libraries (i.e PEAR) to be included
			// instead the ones provided by RC
			ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));

			ini_set('session.name', 'sessid');
			ini_set('session.use_cookies', 1);
			ini_set('error_reporting', E_ALL&~E_NOTICE);


			// increase maximum execution time for php scripts
			// (does not work in safe mode)
			@set_time_limit('120');


			// include base files
			require_once('include/rcube_shared.inc');

			@@ -25,13 +25,12 @@
			global $DB, $CACHE_KEYS;

			// query db
			$sql_result = $DB->query(sprintf("SELECT cache_id, data
			FROM %s
			WHERE user_id=%d
			AND cache_key='%s'",
			get_table_name('cache'),
			$_SESSION['user_id'],
			$key));
			$sql_result = $DB->query("SELECT cache_id, data
			FROM ".get_table_name('cache')."
			WHERE user_id=?
			AND cache_key=?",
			$_SESSION['user_id'],
			$key);

			// get cached data
			if ($sql_arr = $DB->fetch_assoc($sql_result))
			@@ -53,13 +52,12 @@
			// check if we already have a cache entry for this key
			if (!isset($CACHE_KEYS[$key]))
			{
			$sql_result = $DB->query(sprintf("SELECT cache_id
			FROM %s
			WHERE user_id=%d
			AND cache_key='%s'",
			get_table_name('cache'),
			$_SESSION['user_id'],
			$key));
			$sql_result = $DB->query("SELECT cache_id
			FROM ".get_table_name('cache')."
			WHERE user_id=?
			AND cache_key=?",
			$_SESSION['user_id'],
			$key);

			if ($sql_arr = $DB->fetch_assoc($sql_result))
			$CACHE_KEYS[$key] = $sql_arr['cache_id'];
			@@ -70,27 +68,25 @@
			// update existing cache record
			if ($CACHE_KEYS[$key])
			{
			$DB->query(sprintf("UPDATE %s
			SET created=NOW(),
			data='%s'
			WHERE user_id=%d
			AND cache_key='%s'",
			get_table_name('cache'),
			addslashes($data),
			$_SESSION['user_id'],
			$key));
			$DB->query("UPDATE ".get_table_name('cache')."
			SET created=NOW(),
			data=?
			WHERE user_id=?
			AND cache_key=?",
			$data,
			$_SESSION['user_id'],
			$key);
			}
			// add new cache record
			else
			{
			$DB->query(sprintf("INSERT INTO %s
			(created, user_id, session_id, cache_key, data)
			VALUES (NOW(), %d, %s, '%s', '%s')",
			get_table_name('cache'),
			$_SESSION['user_id'],
			$session_cache ? "'$sess_id'" : 'NULL',
			$key,
			addslashes($data)));
			$DB->query("INSERT INTO ".get_table_name('cache')."
			(created, user_id, session_id, cache_key, data)
			VALUES (NOW(), ?, ?, ?', ?)",
			$_SESSION['user_id'],
			$session_cache ? $sess_id : 'NULL',
			$key,
			$data);
			}
			}

			@@ -100,12 +96,11 @@
			{
			global $DB;

			$DB->query(sprintf("DELETE FROM %s
			WHERE user_id=%d
			AND cache_key='%s'",
			get_table_name('cache'),
			$_SESSION['user_id'],
			$key));
			$DB->query("DELETE FROM ".get_table_name('cache')."
			WHERE user_id=?
			AND cache_key=?",
			$_SESSION['user_id'],
			$key);
			}

			@@ -263,13 +263,12 @@
			}

			// query if user already registered
			$sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences
			FROM %s
			WHERE mail_host='%s' AND (username='%s' OR alias='%s')",
			get_table_name('users'),
			addslashes($host),
			addslashes($user),
			addslashes($user)));
			$sql_result = $DB->query("SELECT user_id, username, language, preferences
			FROM ".get_table_name('users')."
			WHERE mail_host=? AND (username=? OR alias=?)",
			$host,
			$user,
			$user);

			// user already registered -> overwrite username
			if ($sql_arr = $DB->fetch_assoc($sql_result))
			@@ -299,11 +298,10 @@
			$sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language'];

			// update user's record
			$DB->query(sprintf("UPDATE %s
			SET last_login=NOW()
			WHERE user_id=%d",
			get_table_name('users'),
			$user_id));
			$DB->query("UPDATE ".get_table_name('users')."
			SET last_login=NOW()
			WHERE user_id=?",
			$user_id);
			}
			// create new system user
			else if ($CONFIG['auto_create_user'])
			@@ -336,27 +334,25 @@
			{
			global $DB, $CONFIG, $IMAP;

			$DB->query(sprintf("INSERT INTO %s
			(created, last_login, username, mail_host, language)
			VALUES (NOW(), NOW(), '%s', '%s', '%s')",
			get_table_name('users'),
			addslashes($user),
			addslashes($host),
			$_SESSION['user_lang']));
			$DB->query("INSERT INTO ".get_table_name('users')."
			(created, last_login, username, mail_host, language)
			VALUES (NOW(), NOW(), ?, ?, ?)",
			$user,
			$host,
			$_SESSION['user_lang']);

			if ($user_id = $DB->insert_id())
			if ($user_id = $DB->insert_id('user_ids'))
			{
			$user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host);
			$user_name = $user!=$user_email ? $user : '';

			// also create a new identity record
			$DB->query(sprintf("INSERT INTO %s
			(user_id, `default`, name, email)
			VALUES (%d, '1', '%s', '%s')",
			get_table_name('identities'),
			$user_id,
			addslashes($user_name),
			addslashes($user_email)));
			$DB->query("INSERT INTO ".get_table_name('identities')."
			(user_id, `default`, name, email)
			VALUES (?, '1', ?, ?)",
			$user_id,
			$user_name,
			$user_email);

			// get existing mailboxes
			$a_mailboxes = $IMAP->list_mailboxes();

			@@ -101,9 +101,27 @@
			$this->db_connected = true;
			}

			// Query database (read operations)
			// Query database

			function query($query, $offset=0, $numrows=0)
			function query()
			{
			$params = func_get_args();
			$query = array_shift($params);

			return $this->_query($query, 0, 0, $params);
			}

			function limitquery()
			{
			$params = func_get_args();
			$query = array_shift($params);
			$offset = array_shift($params);
			$numrows = array_shift($params);

			return $this->_query($query, $offset, $numrows, $params);
			}

			function _query($query, $offset, $numrows, $params)
			{
			// Read or write ?
			if (strtolower(trim(substr($query,0,6)))=='select')
			@@ -118,18 +136,21 @@

			if ($numrows \|\| $offset)
			{
			$result = $this->db_handle->limitQuery($query,$offset,$numrows);
			$result = $this->db_handle->limitQuery($query,$offset,$numrows,$params);
			}
			else
			$result = $this->db_handle->query($query);

			$result = $this->db_handle->query($query,$params);

			if (DB::isError($result))
			{
			raise_error(array('code' => 500,
			'type' => 'db',
			'line' => __LINE__,
			'file' => __FILE__,
			'message' => $result->getMessage()), TRUE, FALSE);

			return false;
			}

			return $this->_add_result($result, $query);
			}

			@@ -196,6 +217,26 @@
			return $result->fetchRow(DB_FETCHMODE_ASSOC);
			}

			function quoteIdentifier ( $str )
			{
			if (!$this->db_handle)
			$this->db_connect('r');

			return $this->db_handle->quoteIdentifier($str);
			}

			function unixtimestamp($field)
			{
			switch($this->db_provider)
			{
			case 'pgsql':
			return "EXTRACT (EPOCH FROM $field)";
			break;
			default:
			return "UNIX_TIMESTAMP($field)";
			}
			}

			function _add_result($res, $query)
			{
			// sql error occured

			@@ -38,11 +38,10 @@
			{
			global $DB, $SESS_CHANGED;

			$sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed
			FROM %s
			WHERE sess_id='%s'",
			get_table_name('session'),
			$key));
			$sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
			FROM ".get_table_name('session')."
			WHERE sess_id=?",
			$key);

			if ($sql_arr = $DB->fetch_assoc($sql_result))
			{
			@@ -61,32 +60,29 @@
			{
			global $DB;

			$sql_result = $DB->query(sprintf("SELECT 1
			FROM %s
			WHERE sess_id='%s'",
			get_table_name('session'),
			$key));
			$sql_result = $DB->query("SELECT 1
			FROM ".get_table_name('session')."
			WHERE sess_id=?",
			$key);

			if ($DB->num_rows($sql_result))
			{
			session_decode($vars);
			$DB->query(sprintf("UPDATE %s
			SET vars='%s',
			changed=NOW()
			WHERE sess_id='%s'",
			get_table_name('session'),
			$vars,
			$key));
			$DB->query("UPDATE ".get_table_name('session')."
			SET vars=?,
			changed=NOW()
			WHERE sess_id=?",
			$vars,
			$key);
			}
			else
			{
			$DB->query(sprintf("INSERT INTO %s
			(sess_id, vars, ip, created, changed)
			VALUES ('%s', '%s', '%s', NOW(), NOW())",
			get_table_name('session'),
			$key,
			$vars,
			$_SERVER['REMOTE_ADDR']));
			$DB->query("INSERT INTO ".get_table_name('session')."
			(sess_id, vars, ip, created, changed)
			VALUES (?, ?, ?, NOW(), NOW())",
			$key,
			$vars,
			$_SERVER['REMOTE_ADDR']);
			}

			return TRUE;
			@@ -98,16 +94,14 @@
			{
			global $DB;

			$DB->query(sprintf("DELETE FROM %s
			WHERE sess_id='%s'",
			get_table_name('session'),
			$key));

			// also delete session entries in cache table
			$DB->query(sprintf("DELETE FROM %s
			WHERE session_id='%s'",
			get_table_name('cache'),
			$key));
			// delete session entries in cache table
			$DB->query("DELETE FROM ".get_table_name('cache')."
			WHERE session_id=?",
			$key);

			$DB->query("DELETE FROM ".get_table_name('session')."
			WHERE sess_id=?",
			$key);

			return TRUE;
			}
			@@ -119,11 +113,10 @@
			global $DB;

			// get all expired sessions
			$sql_result = $DB->query(sprintf("SELECT sess_id
			FROM %s
			WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(created) > %d",
			get_table_name('session'),
			$maxlifetime));
			$sql_result = $DB->query("SELECT sess_id
			FROM ".get_table_name('session')."
			WHERE ".$DB->unixtimestamp('NOW()')."-".$DB->unixtimestamp('created')." > ?",
			$maxlifetime);

			$a_exp_sessions = array();
			while ($sql_arr = $DB->fetch_assoc($sql_result))
			@@ -132,17 +125,13 @@

			if (sizeof($a_exp_sessions))
			{
			// delete session cache records
			$DB->query("DELETE FROM ".get_table_name('cache')."
			WHERE session_id IN ('".join("','", $a_exp_sessions)."')");

			// delete session records
			$DB->query(sprintf("DELETE FROM %s
			WHERE sess_id IN ('%s')",
			get_table_name('session'),
			join("','", $a_exp_sessions)));

			// also delete session cache records
			$DB->query(sprintf("DELETE FROM %s
			WHERE session_id IN ('%s')",
			get_table_name('cache'),
			join("','", $a_exp_sessions)));
			$DB->query("DELETE FROM ".get_table_name('session')."
			WHERE sess_id IN ('".join("','", $a_exp_sessions)."')");
			}

			return TRUE;

			@@ -23,13 +23,11 @@

			if ($_GET['_cid'])
			{
			$DB->query(sprintf("UPDATE %s
			SET del='1'
			WHERE user_id=%d
			AND contact_id IN (%s)",
			get_table_name('contacts'),
			$_SESSION['user_id'],
			$_GET['_cid']));
			$DB->query("UPDATE ".get_table_name('contacts')."
			SET del='1'
			WHERE user_id=?
			AND contact_id IN (".$_GET['_cid'].")",
			$_SESSION['user_id']);

			$count = $DB->affected_rows();
			if (!$count)
			@@ -40,12 +38,11 @@


			// count contacts for this user
			$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
			FROM %s
			WHERE del!='1'
			AND user_id=%d",
			get_table_name('contacts'),
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
			FROM ".get_table_name('contacts')."
			WHERE del<>'1'
			AND user_id=?",
			$_SESSION['user_id']);

			$sql_arr = $DB->fetch_assoc($sql_result);
			$rowcount = $sql_arr['rows'];
			@@ -62,14 +59,13 @@
			$start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count;

			// get contacts from DB
			$sql_result = $DB->query(sprintf("SELECT * FROM %s
			WHERE del!='1'
			AND user_id=%d
			ORDER BY name",
			get_table_name('contacts'),
			$_SESSION['user_id']),
			$start_row,
			$count);
			$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
			WHERE del<>'1'
			AND user_id=?
			ORDER BY name",
			$start_row,
			$count,
			$_SESSION['user_id']);

			$commands .= rcmail_js_contacts_list($sql_result);

			@@ -23,13 +23,12 @@
			if (($_GET['_cid'] \|\| $_POST['_cid']) && $_action=='edit')
			{
			$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
			$DB->query(sprintf("SELECT * FROM %s
			WHERE contact_id=%d
			AND user_id=%d
			AND del!='1'",
			get_table_name('contacts'),
			$cid,
			$_SESSION['user_id']));
			$DB->query("SELECT * FROM ".get_table_name('contacts')."
			WHERE contact_id=?
			AND user_id=?
			AND del<>'1'",
			$cid,
			$_SESSION['user_id']);

			$CONTACT_RECORD = $DB->fetch_assoc();

			@@ -41,12 +41,11 @@
			//$image_tag = '<img src="%s%s" alt="%s" border="0" />';

			// count contacts for this user
			$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
			FROM %s
			WHERE del!='1'
			AND user_id=%d",
			get_table_name('contacts'),
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
			FROM ".get_table_name('contacts')."
			WHERE del<>'1'
			AND user_id=?",
			$_SESSION['user_id']);

			$sql_arr = $DB->fetch_assoc($sql_result);
			$rowcount = $sql_arr['rows'];
			@@ -56,14 +55,13 @@
			$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];

			// get contacts from DB
			$sql_result = $DB->query(sprintf("SELECT * FROM %s
			WHERE del!='1'
			AND user_id=%d
			ORDER BY name",
			get_table_name('contacts'),
			$_SESSION['user_id']),
			$start_row,
			$CONFIG['pagesize']);
			$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
			WHERE del<>'1'
			AND user_id= ?
			ORDER BY name",
			$start_row,
			$CONFIG['pagesize'],
			$_SESSION['user_id']);
			}
			else
			$sql_result = NULL;
			@@ -174,11 +172,10 @@
			// get nr of contacts
			if ($max===NULL)
			{
			$sql_result = $DB->query(sprintf("SELECT 1 FROM %s
			WHERE del!='1'
			AND user_id=%d",
			get_table_name('contacts'),
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
			WHERE del<>'1'
			AND user_id=?",
			$_SESSION['user_id']);

			$max = $DB->num_rows($sql_result);
			}

			@@ -22,12 +22,11 @@
			$REMOTE_REQUEST = TRUE;

			// count contacts for this user
			$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
			FROM %s
			WHERE del!='1'
			AND user_id=%d",
			get_table_name('contacts'),
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
			FROM ".get_table_name('contacts')."
			WHERE del<>'1'
			AND user_id=?",
			$_SESSION['user_id']);

			$sql_arr = $DB->fetch_assoc($sql_result);
			$rowcount = $sql_arr['rows'];
			@@ -40,14 +39,13 @@
			$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];

			// get contacts from DB
			$sql_result = $DB->query(sprintf("SELECT * FROM %s
			WHERE del!='1'
			AND user_id=%d
			ORDER BY name",
			get_table_name('contacts'),
			$_SESSION['user_id']),
			$start_row,
			$CONFIG['pagesize']);
			$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
			WHERE del<>'1'
			AND user_id=?
			ORDER BY name",
			$start_row,
			$CONFIG['pagesize'],
			$_SESSION['user_id']);

			$commands .= rcmail_js_contacts_list($sql_result);

			@@ -39,15 +39,13 @@

			if (sizeof($a_write_sql))
			{
			$DB->query(sprintf("UPDATE %s
			SET %s
			WHERE contact_id=%d
			AND user_id=%d
			AND del!='1'",
			get_table_name('contacts'),
			join(', ', $a_write_sql),
			$_POST['_cid'],
			$_SESSION['user_id']));
			$DB->query("UPDATE ".get_table_name('contacts')."
			SET ".join(', ', $a_write_sql)."
			WHERE contact_id=?
			AND user_id=?
			AND del<>'1'",
			$_POST['_cid'],
			$_SESSION['user_id']);

			$updated = $DB->affected_rows();
			}
			@@ -63,13 +61,12 @@
			$a_show_cols = array('name', 'email');
			$a_js_cols = array();

			$sql_result = $DB->query(sprintf("SELECT * FROM %s
			WHERE contact_id=%d
			AND user_id=%d
			AND del!='1'",
			get_table_name('contacts'),
			$sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
			WHERE contact_id=?
			AND user_id=?
			AND del<>'1'",
			$_POST['_cid'],
			$_SESSION['user_id']));
			$_SESSION['user_id']);

			$sql_arr = $DB->fetch_assoc($sql_result);
			foreach ($a_show_cols as $col)
			@@ -111,13 +108,10 @@

			if (sizeof($a_insert_cols))
			{
			$DB->query(sprintf("INSERT INTO %s
			(user_id, %s)
			VALUES (%d, %s)",
			get_table_name('contacts'),
			join(', ', $a_insert_cols),
			$_SESSION['user_id'],
			join(', ', $a_insert_values)));
			$DB->query("INSERT INTO ".get_table_name('contacts')."
			(user_id, ".join(', ', $a_insert_cols).")
			VALUES (?, ".join(', ', $a_insert_values).")",
			$_SESSION['user_id']);

			$insert_id = $DB->insert_id();
			}
			@@ -131,12 +125,11 @@
			{
			// add contact row or jump to the page where it should appear
			$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
			$sql_result = $DB->query(sprintf("SELECT * FROM %s
			WHERE contact_id=%d
			AND user_id=%d",
			get_table_name('contacts'),
			$insert_id,
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
			WHERE contact_id=?
			AND user_id=?",
			$insert_id,
			$_SESSION['user_id']);
			$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);

			$commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",

			@@ -23,13 +23,12 @@
			if ($_GET['_cid'] \|\| $_POST['_cid'])
			{
			$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
			$DB->query(sprintf("SELECT * FROM %s
			WHERE contact_id=%d
			AND user_id=%d
			AND del!='1'",
			get_table_name('contacts'),
			$cid,
			$_SESSION['user_id']));
			$DB->query("SELECT * FROM ".get_table_name('contacts')."
			WHERE contact_id=?
			AND user_id=?
			AND del<>'1'",
			$cid,
			$_SESSION['user_id']);

			$CONTACT_RECORD = $DB->fetch_assoc();

			@@ -29,13 +29,11 @@
			$contact = $contact_arr[1];

			if ($contact['mailto'])
			$sql_result = $DB->query(sprintf("SELECT 1 FROM %s
			WHERE user_id=%d
			AND email='%s'
			AND del!='1'",
			get_table_name('contacts'),
			$_SESSION['user_id'],
			$contact['mailto']));
			$sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
			WHERE user_id=?
			AND email=?
			AND del<>'1'",
			$_SESSION['user_id'],$contact['mailto']);

			// contact entry with this mail address exists
			if ($sql_result && $DB->num_rows($sql_result))
			@@ -43,13 +41,12 @@

			else if ($contact['mailto'])
			{
			$DB->query(sprintf("INSERT INTO %s
			(user_id, name, email)
			VALUES (%d, '%s', '%s')",
			get_table_name('contacts'),
			$_SESSION['user_id'],
			$contact['name'],
			$contact['mailto']));
			$DB->query("INSERT INTO ".get_table_name('contacts')."
			(user_id, name, email)
			VALUES (?, ?, ?)",
			$_SESSION['user_id'],
			$contact['name'],
			$contact['mailto']);

			$added = $DB->insert_id();
			}

			@@ -87,13 +87,11 @@
			$field_attrib[$attr] = $value;

			// get this user's identities
			$sql_result = $DB->query(sprintf("SELECT identity_id, name, email
			FROM %s
			WHERE user_id=%d
			AND del!='1'
			ORDER BY `default` DESC, name ASC",
			get_table_name('identities'),
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT identity_id, name, email
			FROM ".get_table_name('identities')." WHERE user_id=?
			AND del<>'1'
			ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
			$_SESSION['user_id']);

			if ($DB->num_rows($sql_result))
			{
			@@ -123,14 +121,11 @@
			if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
			{
			$a_recipients = array();
			$sql_result = $DB->query(sprintf("SELECT name, email
			FROM %s
			WHERE user_id=%d
			AND del!='1'
			AND contact_id IN (%s)",
			get_table_name('contacts'),
			$_SESSION['user_id'],
			$_GET['_to']));
			$sql_result = $DB->query("SELECT name, email
			FROM ".get_table_name('contacts')." WHERE user_id=?
			AND del<>'1'
			AND contact_id IN (".$_GET['_to'].")",
			$_SESSION['user_id']);

			while ($sql_arr = $DB->fetch_assoc($sql_result))
			$a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
			@@ -559,12 +554,9 @@

			/**** get contacts for this user and add them to client scripts ******/

			$sql_result = $DB->query(sprintf("SELECT name, email
			FROM %s
			WHERE user_id=%d
			AND del!='1'",
			get_table_name('contacts'),
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT name, email
			FROM ".get_table_name('contacts')." WHERE user_id=?
			AND del<>'1'",$_SESSION['user_id']);

			if ($DB->num_rows($sql_result))
			{

			@@ -42,14 +42,12 @@
			global $DB;

			// get identity record
			$sql_result = $DB->query(sprintf("SELECT *, email AS mailto
			FROM %s
			WHERE identity_id=%d
			AND user_id=%d
			AND del!='1'",
			get_table_name('identities'),
			$id,
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT *, email AS mailto
			FROM ".get_table_name('identities')."
			WHERE identity_id=?
			AND user_id=?
			AND del<>'1'",
			$id,$_SESSION['user_id']);

			if ($DB->num_rows($sql_result))
			{

			@@ -23,13 +23,11 @@

			if ($_GET['_iid'])
			{
			$DB->query(sprintf("UPDATE %s
			SET del='1'
			WHERE user_id=%d
			AND identity_id IN (%s)",
			get_table_name('identities'),
			$_SESSION['user_id'],
			$_GET['_iid']));
			$DB->query("UPDATE ".get_table_name('identities')."
			SET del='1'
			WHERE user_id=?
			AND identity_id IN (".$_GET['_iid'].")",
			$_SESSION['user_id']);

			$count = $DB->affected_rows();
			if ($count)

			@@ -22,13 +22,12 @@
			if (($_GET['_iid'] \|\| $_POST['_iid']) && $_action=='edit-identity')
			{
			$id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
			$DB->query(sprintf("SELECT * FROM %s
			WHERE identity_id=%d
			AND user_id=%d
			AND del!='1'",
			get_table_name('identities'),
			$id,
			$_SESSION['user_id']));
			$DB->query("SELECT * FROM ".get_table_name('identities')."
			WHERE identity_id=?
			AND user_id=?
			AND del<>'1'",
			$id,
			$_SESSION['user_id']);

			$IDENTITY_RECORD = $DB->fetch_assoc();

			@@ -21,10 +21,9 @@


			// get user record
			$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s
			WHERE user_id=%d",
			get_table_name('users'),
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
			WHERE user_id=?",
			$_SESSION['user_id']);

			if ($USER_DATA = $DB->fetch_assoc($sql_result))
			$PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
			@@ -143,12 +142,11 @@


			// get contacts from DB
			$sql_result = $DB->query(sprintf("SELECT * FROM %s
			WHERE del!='1'
			AND user_id=%d
			ORDER BY `default` DESC, name ASC",
			get_table_name('identities'),
			$_SESSION['user_id']));
			$sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
			WHERE del<>'1'
			AND user_id=?
			ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
			$_SESSION['user_id']);


			// add id to message list table if not specified

			@@ -38,15 +38,13 @@

			if (sizeof($a_write_sql))
			{
			$DB->query(sprintf("UPDATE %s
			SET %s
			WHERE identity_id=%d
			AND user_id=%d
			AND del!='1'",
			get_table_name('identities'),
			join(', ', $a_write_sql),
			$_POST['_iid'],
			$_SESSION['user_id']));
			$DB->query("UPDATE ".get_table_name('identities')."
			SET ".join(', ', $a_write_sql)."
			WHERE identity_id=?
			AND user_id=?
			AND del<>'1'",
			$_POST['_iid'],
			$_SESSION['user_id']);

			$updated = $DB->affected_rows();
			}
			@@ -56,14 +54,13 @@
			show_message('successfullysaved', 'confirmation');

			// mark all other identities as 'not-default'
			$DB->query(sprintf("UPDATE %s
			SET `default`='0'
			WHERE identity_id!=%d
			AND user_id=%d
			AND del!='1'",
			get_table_name('identities'),
			$_POST['_iid'],
			$_SESSION['user_id']));
			$DB->query("UPDATE ".get_table_name('identities')."
			SET ".$DB->quoteIdentifier('default')."='0'
			WHERE identity_id!=?
			AND user_id=?
			AND del<>'1'",
			$_POST['_iid'],
			$_SESSION['user_id']);

			if ($_POST['_framed'])
			{
			@@ -89,19 +86,16 @@
			if (!isset($_POST[$fname]))
			continue;

			$a_insert_cols[] = "`$col`";
			$a_insert_cols[] = $DB->quoteIdentifier($col);
			$a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
			}

			if (sizeof($a_insert_cols))
			{
			$DB->query(sprintf("INSERT INTO %s
			(user_id, %s)
			VALUES (%d, %s)",
			get_table_name('identities'),
			join(', ', $a_insert_cols),
			$_SESSION['user_id'],
			join(', ', $a_insert_values)));
			$DB->query("INSERT INTO ".get_table_name('identities')."
			(user_id, ".join(', ', $a_insert_cols).")
			VALUES (?, ".join(', ', $a_insert_values).")",
			$_SESSION['user_id']);

			$insert_id = $DB->insert_id();
			}

			@@ -35,14 +35,13 @@
			$sess_user_lang = $_SESSION['user_lang'] = $_POST['_language'];


			$DB->query(sprintf("UPDATE %s
			SET preferences='%s',
			language='%s'
			WHERE user_id=%d",
			get_table_name('users'),
			addslashes(serialize($a_user_prefs)),
			$sess_user_lang,
			$_SESSION['user_id']));
			$DB->query("UPDATE ".get_table_name('users')."
			SET preferences=?,
			language=?
			WHERE user_id=?",
			serialize($a_user_prefs),
			$sess_user_lang,
			$_SESSION['user_id']);

			if ($DB->affected_rows())
			{