svncommit
2005-10-25 d7cb77414c4cf074269b6812c3dd3571ee29afca

more pear/mdb2 integration


21 files modified
666 ■■■■ changed files
SQL/postgres.initial.sql 8 ●●●● patch | view | raw | blame | history
index.php 8 ●●●●● patch | view | raw | blame | history
program/include/cache.inc 69 ●●●● patch | view | raw | blame | history
program/include/main.inc 50 ●●●● patch | view | raw | blame | history
program/include/rcube_db.inc 53 ●●●● patch | view | raw | blame | history
program/include/rcube_mdb2.inc 42 ●●●●● patch | view | raw | blame | history
program/include/session.inc 87 ●●●●● patch | view | raw | blame | history
program/steps/addressbook/delete.inc 38 ●●●●● patch | view | raw | blame | history
program/steps/addressbook/edit.inc 13 ●●●● patch | view | raw | blame | history
program/steps/addressbook/func.inc 35 ●●●● patch | view | raw | blame | history
program/steps/addressbook/list.inc 26 ●●●● patch | view | raw | blame | history
program/steps/addressbook/save.inc 49 ●●●●● patch | view | raw | blame | history
program/steps/addressbook/show.inc 13 ●●●● patch | view | raw | blame | history
program/steps/mail/addcontact.inc 25 ●●●●● patch | view | raw | blame | history
program/steps/mail/compose.inc 34 ●●●●● patch | view | raw | blame | history
program/steps/mail/sendmail.inc 14 ●●●●● patch | view | raw | blame | history
program/steps/settings/delete_identity.inc 12 ●●●●● patch | view | raw | blame | history
program/steps/settings/edit_identity.inc 13 ●●●● patch | view | raw | blame | history
program/steps/settings/func.inc 18 ●●●●● patch | view | raw | blame | history
program/steps/settings/save_identity.inc 44 ●●●●● patch | view | raw | blame | history
program/steps/settings/save_prefs.inc 15 ●●●● patch | view | raw | blame | history
SQL/postgres.initial.sql
@@ -117,11 +117,11 @@
    del boolean DEFAULT false NOT NULL,
    "default" boolean DEFAULT false NOT NULL,
    name character varying(128) NOT NULL,
    organization character varying(128) NOT NULL,
    organization character varying(128),
    email character varying(128) NOT NULL,
    "reply-to" character varying(128) NOT NULL,
    bcc character varying(128) NOT NULL,
    signature text NOT NULL
    "reply-to" character varying(128),
    bcc character varying(128),
    signature text
);
index.php
@@ -51,16 +51,18 @@
    $CURRENT_PATH.='/';
    
// set environment first
ini_set('include_path', ini_get('include_path').PATH_SEPARATOR.$INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib');
// RC include folders MUST be included FIRST to avoid other
// possible not compatible libraries (i.e PEAR) to be included
// instead the ones provided by RC
ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
ini_set('session.name', 'sessid');
ini_set('session.use_cookies', 1);
ini_set('error_reporting', E_ALL&~E_NOTICE);
// increase maximum execution time for php scripts
// (does not work in safe mode)
@set_time_limit('120');
// include base files
require_once('include/rcube_shared.inc');
program/include/cache.inc
@@ -25,13 +25,12 @@
  global $DB, $CACHE_KEYS;
  
  // query db
  $sql_result = $DB->query(sprintf("SELECT cache_id, data
                                    FROM   %s
                                    WHERE  user_id=%d
                                    AND    cache_key='%s'",
                                   get_table_name('cache'),
                                   $_SESSION['user_id'],
                                   $key));
  $sql_result = $DB->query("SELECT cache_id, data
                            FROM ".get_table_name('cache')."
                            WHERE  user_id=?
                            AND    cache_key=?",
                            $_SESSION['user_id'],
                            $key);
  // get cached data
  if ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -53,13 +52,12 @@
  // check if we already have a cache entry for this key
  if (!isset($CACHE_KEYS[$key]))
    {
    $sql_result = $DB->query(sprintf("SELECT cache_id
                                      FROM   %s
                                      WHERE  user_id=%d
                                      AND    cache_key='%s'",
                                     get_table_name('cache'),
                                     $_SESSION['user_id'],
                                     $key));
    $sql_result = $DB->query("SELECT cache_id
                              FROM ".get_table_name('cache')."
                              WHERE  user_id=?
                              AND    cache_key=?",
                              $_SESSION['user_id'],
                              $key);
                                     
    if ($sql_arr = $DB->fetch_assoc($sql_result))
      $CACHE_KEYS[$key] = $sql_arr['cache_id'];
@@ -70,27 +68,25 @@
  // update existing cache record
  if ($CACHE_KEYS[$key])
    {
    $DB->query(sprintf("UPDATE %s
                        SET    created=NOW(),
                               data='%s'
                        WHERE  user_id=%d
                        AND    cache_key='%s'",
                       get_table_name('cache'),
                       addslashes($data),
                       $_SESSION['user_id'],
                       $key));
    $DB->query("UPDATE ".get_table_name('cache')."
                SET    created=NOW(),
                       data=?
                WHERE  user_id=?
                AND    cache_key=?",
                $data,
                $_SESSION['user_id'],
                $key);
    }
  // add new cache record
  else
    {
    $DB->query(sprintf("INSERT INTO %s
                        (created, user_id, session_id, cache_key, data)
                        VALUES (NOW(), %d, %s, '%s', '%s')",
                       get_table_name('cache'),
                       $_SESSION['user_id'],
                       $session_cache ? "'$sess_id'" : 'NULL',
                       $key,
                       addslashes($data)));
    $DB->query("INSERT INTO ".get_table_name('cache')."
                (created, user_id, session_id, cache_key, data)
                VALUES (NOW(), ?, ?, ?', ?)",
                $_SESSION['user_id'],
                $session_cache ? $sess_id : 'NULL',
                $key,
                $data);
    }
  }
@@ -100,12 +96,11 @@
  {
  global $DB;
  $DB->query(sprintf("DELETE FROM %s
                      WHERE  user_id=%d
                      AND    cache_key='%s'",
                     get_table_name('cache'),
                     $_SESSION['user_id'],
                     $key));
  $DB->query("DELETE FROM ".get_table_name('cache')."
              WHERE  user_id=?
              AND    cache_key=?",
              $_SESSION['user_id'],
              $key);
  }
program/include/main.inc
@@ -263,13 +263,12 @@
    }
  // query if user already registered
  $sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences
                                    FROM   %s
                                    WHERE  mail_host='%s' AND (username='%s' OR alias='%s')",
                                   get_table_name('users'),
                                   addslashes($host),
                                   addslashes($user),
                                   addslashes($user)));
  $sql_result = $DB->query("SELECT user_id, username, language, preferences
                            FROM ".get_table_name('users')."
                            WHERE  mail_host=? AND (username=? OR alias=?)",
                            $host,
                            $user,
                            $user);
  // user already registered -> overwrite username
  if ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -299,11 +298,10 @@
      $sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language'];
      
    // update user's record
    $DB->query(sprintf("UPDATE %s
                        SET    last_login=NOW()
                        WHERE  user_id=%d",
                       get_table_name('users'),
                       $user_id));
    $DB->query("UPDATE ".get_table_name('users')."
                SET    last_login=NOW()
                WHERE  user_id=?",
                $user_id);
    }
  // create new system user
  else if ($CONFIG['auto_create_user'])
@@ -336,27 +334,25 @@
  {
  global $DB, $CONFIG, $IMAP;
  
  $DB->query(sprintf("INSERT INTO %s
                      (created, last_login, username, mail_host, language)
                      VALUES (NOW(), NOW(), '%s', '%s', '%s')",
                     get_table_name('users'),
                     addslashes($user),
                     addslashes($host),
                     $_SESSION['user_lang']));
  $DB->query("INSERT INTO ".get_table_name('users')."
              (created, last_login, username, mail_host, language)
              VALUES (NOW(), NOW(), ?, ?, ?)",
              $user,
              $host,
              $_SESSION['user_lang']);
  if ($user_id = $DB->insert_id())
  if ($user_id = $DB->insert_id('user_ids'))
    {
    $user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host);
    $user_name = $user!=$user_email ? $user : '';
    
    // also create a new identity record
    $DB->query(sprintf("INSERT INTO %s
                        (user_id, `default`, name, email)
                        VALUES (%d, '1', '%s', '%s')",
                       get_table_name('identities'),
                       $user_id,
                       addslashes($user_name),
                       addslashes($user_email)));
    $DB->query("INSERT INTO ".get_table_name('identities')."
                (user_id, `default`, name, email)
                VALUES (?, '1', ?, ?)",
                $user_id,
                $user_name,
                $user_email);
                       
    // get existing mailboxes
    $a_mailboxes = $IMAP->list_mailboxes();
program/include/rcube_db.inc
@@ -101,9 +101,27 @@
        $this->db_connected = true;
    }
    // Query database (read operations)
    // Query database
    
    function query($query, $offset=0, $numrows=0)
    function query()
    {
        $params = func_get_args();
        $query = array_shift($params);
        return $this->_query($query, 0, 0, $params);
    }
    function limitquery()
    {
        $params = func_get_args();
        $query = array_shift($params);
        $offset = array_shift($params);
        $numrows = array_shift($params);
        return $this->_query($query, $offset, $numrows, $params);
    }
    function _query($query, $offset, $numrows, $params)
    {
        // Read or write ?
        if (strtolower(trim(substr($query,0,6)))=='select')
@@ -118,18 +136,21 @@
        
        if ($numrows || $offset)
            {
            $result = $this->db_handle->limitQuery($query,$offset,$numrows);
            $result = $this->db_handle->limitQuery($query,$offset,$numrows,$params);
            }
        else    
            $result = $this->db_handle->query($query);
            $result = $this->db_handle->query($query,$params);
        if (DB::isError($result))
            {
            raise_error(array('code' => 500,
                              'type' => 'db',
                              'line' => __LINE__, 
                              'file' => __FILE__, 
                              'message' => $result->getMessage()), TRUE, FALSE);
             return false;
            }
        return $this->_add_result($result, $query);
    }
    
@@ -196,6 +217,26 @@
        return $result->fetchRow(DB_FETCHMODE_ASSOC);
    }
    function quoteIdentifier ( $str )
    {
        if (!$this->db_handle)
            $this->db_connect('r');
        return $this->db_handle->quoteIdentifier($str);
    }
    function unixtimestamp($field)
    {
        switch($this->db_provider)
            {
            case 'pgsql':
                return "EXTRACT (EPOCH FROM $field)";
                break;
            default:
                return "UNIX_TIMESTAMP($field)";
            }
    }
    function _add_result($res, $query)
    {
        // sql error occured
program/include/rcube_mdb2.inc
@@ -101,9 +101,27 @@
        $this->db_connected = true;
    }
    // Query database (read operations)
    // Query database
    
    function query($query, $offset=0, $numrows=0)
    function query()
    {
        $params = func_get_args();
        $query = array_shift($params);
        return $this->_query($query, 0, 0, $params);
    }
    function limitquery()
    {
        $params = func_get_args();
        $query = array_shift($params);
        $offset = array_shift($params);
        $numrows = array_shift($params);
        return $this->_query($query, $offset, $numrows, $params);
    }
    function _query($query, $offset, $numrows, $params)
    {
        // Read or write ?
        if (strtolower(trim(substr($query,0,6)))=='select')
@@ -175,6 +193,26 @@
        return $result->fetchRow(MDB2_FETCHMODE_ASSOC);
    }
    function quoteIdentifier ( $str )
    {
        if (!$this->db_handle)
            $this->db_connect('r');
        return $this->db_handle->quoteIdentifier($str);
    }
    function unixtimestamp($field)
    {
        switch($this->db_provider)
            {
            case 'pgsql':
                return "EXTRACT (EPOCH FROM $field)";
                break;
            default:
                return "UNIX_TIMESTAMP($field)";
            }
    }
    function _add_result($res, $query)
    {
        // sql error occured
program/include/session.inc
@@ -38,11 +38,10 @@
  {
  global $DB, $SESS_CHANGED;
  
  $sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed
                                    FROM   %s
                                    WHERE  sess_id='%s'",
                                   get_table_name('session'),
                                   $key));
  $sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
                            FROM ".get_table_name('session')."
                            WHERE  sess_id=?",
                            $key);
  if ($sql_arr = $DB->fetch_assoc($sql_result))
    {
@@ -61,32 +60,29 @@
  {
  global $DB;
  
  $sql_result = $DB->query(sprintf("SELECT 1
                                    FROM   %s
                                    WHERE  sess_id='%s'",
                                   get_table_name('session'),
                                   $key));
  $sql_result = $DB->query("SELECT 1
                            FROM ".get_table_name('session')."
                            WHERE  sess_id=?",
                            $key);
  if ($DB->num_rows($sql_result))
    {
    session_decode($vars);
    $DB->query(sprintf("UPDATE %s
                        SET    vars='%s',
                               changed=NOW()
                        WHERE  sess_id='%s'",
                       get_table_name('session'),
                       $vars,
                       $key));
    $DB->query("UPDATE ".get_table_name('session')."
                SET    vars=?,
                       changed=NOW()
                WHERE  sess_id=?",
                $vars,
                $key);
    }
  else
    {
    $DB->query(sprintf("INSERT INTO %s
                        (sess_id, vars, ip, created, changed)
                        VALUES ('%s', '%s', '%s', NOW(), NOW())",
                       get_table_name('session'),
                       $key,
                       $vars,
                       $_SERVER['REMOTE_ADDR']));
    $DB->query("INSERT INTO ".get_table_name('session')."
                (sess_id, vars, ip, created, changed)
                VALUES (?, ?, ?, NOW(), NOW())",
                $key,
                $vars,
                $_SERVER['REMOTE_ADDR']);
    }
  return TRUE;
@@ -98,16 +94,14 @@
  {
  global $DB;
  
  $DB->query(sprintf("DELETE FROM %s
                      WHERE sess_id='%s'",
                     get_table_name('session'),
                     $key));
  // also delete session entries in cache table
  $DB->query(sprintf("DELETE FROM %s
                      WHERE  session_id='%s'",
                     get_table_name('cache'),
                     $key));
  // delete session entries in cache table
  $DB->query("DELETE FROM ".get_table_name('cache')."
              WHERE  session_id=?",
              $key);
  $DB->query("DELETE FROM ".get_table_name('session')."
              WHERE sess_id=?",
              $key);
                     
  return TRUE;
  }
@@ -119,11 +113,10 @@
  global $DB;
  // get all expired sessions  
  $sql_result = $DB->query(sprintf("SELECT sess_id
                                    FROM   %s
                                    WHERE  UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(created) > %d",
                                   get_table_name('session'),
                                   $maxlifetime));
  $sql_result = $DB->query("SELECT sess_id
                            FROM ".get_table_name('session')."
                            WHERE ".$DB->unixtimestamp('NOW()')."-".$DB->unixtimestamp('created')." > ?",
                            $maxlifetime);
                                   
  $a_exp_sessions = array();
  while ($sql_arr = $DB->fetch_assoc($sql_result))
@@ -132,17 +125,13 @@
  
  if (sizeof($a_exp_sessions))
    {
    // delete session cache records
    $DB->query("DELETE FROM ".get_table_name('cache')."
                WHERE  session_id IN ('".join("','", $a_exp_sessions)."')");
    // delete session records
    $DB->query(sprintf("DELETE FROM %s
                        WHERE sess_id IN ('%s')",
                       get_table_name('session'),
                       join("','", $a_exp_sessions)));
    // also delete session cache records
    $DB->query(sprintf("DELETE FROM %s
                        WHERE  session_id IN ('%s')",
                       get_table_name('cache'),
                       join("','", $a_exp_sessions)));
    $DB->query("DELETE FROM ".get_table_name('session')."
                WHERE sess_id IN ('".join("','", $a_exp_sessions)."')");
    }
  return TRUE;
program/steps/addressbook/delete.inc
@@ -23,13 +23,11 @@
if ($_GET['_cid'])
  {
  $DB->query(sprintf("UPDATE %s
                      SET    del='1'
                      WHERE  user_id=%d
                      AND    contact_id IN (%s)",
                     get_table_name('contacts'),
                     $_SESSION['user_id'],
                     $_GET['_cid']));
  $DB->query("UPDATE ".get_table_name('contacts')."
              SET    del='1'
              WHERE  user_id=?
              AND    contact_id IN (".$_GET['_cid'].")",
              $_SESSION['user_id']);
                     
  $count = $DB->affected_rows();
  if (!$count)
@@ -40,12 +38,11 @@
  // count contacts for this user
  $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
                                    FROM   %s
                                    WHERE  del!='1'
                                    AND    user_id=%d",
                                 get_table_name('contacts'),
                                 $_SESSION['user_id']));
  $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
                            FROM ".get_table_name('contacts')."
                            WHERE  del<>'1'
                            AND    user_id=?",
                            $_SESSION['user_id']);
                                   
  $sql_arr = $DB->fetch_assoc($sql_result);
  $rowcount = $sql_arr['rows'];    
@@ -62,14 +59,13 @@
    $start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count;
    // get contacts from DB
    $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                      WHERE  del!='1'
                                      AND    user_id=%d
                                      ORDER BY name",
                                     get_table_name('contacts'),
                                     $_SESSION['user_id']),
                                     $start_row,
                                     $count);
    $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
                                   WHERE  del<>'1'
                                   AND    user_id=?
                                   ORDER BY name",
                                   $start_row,
                                   $count,
                                   $_SESSION['user_id']);
                                     
    $commands .= rcmail_js_contacts_list($sql_result);
program/steps/addressbook/edit.inc
@@ -23,13 +23,12 @@
if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit')
  {
  $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
  $DB->query(sprintf("SELECT * FROM %s
                      WHERE  contact_id=%d
                      AND    user_id=%d
                      AND    del!='1'",
                     get_table_name('contacts'),
                     $cid,
                     $_SESSION['user_id']));
  $DB->query("SELECT * FROM ".get_table_name('contacts')."
             WHERE  contact_id=?
             AND    user_id=?
             AND    del<>'1'",
             $cid,
             $_SESSION['user_id']);
  
  $CONTACT_RECORD = $DB->fetch_assoc();
  
program/steps/addressbook/func.inc
@@ -41,12 +41,11 @@
  //$image_tag = '<img src="%s%s" alt="%s" border="0" />';
  
  // count contacts for this user
  $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
                                    FROM   %s
                                    WHERE  del!='1'
                                    AND    user_id=%d",
                                   get_table_name('contacts'),
                                   $_SESSION['user_id']));
  $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
                            FROM ".get_table_name('contacts')."
                            WHERE  del<>'1'
                            AND    user_id=?",
                            $_SESSION['user_id']);
  $sql_arr = $DB->fetch_assoc($sql_result);
  $rowcount = $sql_arr['rows'];
@@ -56,14 +55,13 @@
    $start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
    // get contacts from DB
    $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                      WHERE  del!='1'
                                      AND    user_id=%d
                                      ORDER BY name",
                                     get_table_name('contacts'),
                                     $_SESSION['user_id']),
                                     $start_row,
                                     $CONFIG['pagesize']);
    $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
                                   WHERE  del<>'1'
                                   AND    user_id= ?
                                   ORDER BY name",
                                   $start_row,
                                   $CONFIG['pagesize'],
                                   $_SESSION['user_id']);
    }
  else
    $sql_result = NULL;
@@ -174,11 +172,10 @@
  // get nr of contacts
  if ($max===NULL)
    {
    $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
                                      WHERE  del!='1'
                                      AND    user_id=%d",
                                     get_table_name('contacts'),
                                     $_SESSION['user_id']));
    $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
                              WHERE  del<>'1'
                              AND    user_id=?",
                              $_SESSION['user_id']);
    $max = $DB->num_rows($sql_result);
    }
program/steps/addressbook/list.inc
@@ -22,12 +22,11 @@
$REMOTE_REQUEST = TRUE;
// count contacts for this user
$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
                                  FROM   %s
                                  WHERE  del!='1'
                                  AND    user_id=%d",
                                 get_table_name('contacts'),
                                 $_SESSION['user_id']));
$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
                          FROM ".get_table_name('contacts')."
                          WHERE  del<>'1'
                          AND    user_id=?",
                          $_SESSION['user_id']);
                                   
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];    
@@ -40,14 +39,13 @@
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s
                                  WHERE  del!='1'
                                  AND    user_id=%d
                                  ORDER BY name",
                                 get_table_name('contacts'),
                                 $_SESSION['user_id']),
                                 $start_row,
                                 $CONFIG['pagesize']);
$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
                               WHERE  del<>'1'
                               AND    user_id=?
                               ORDER BY name",
                               $start_row,
                               $CONFIG['pagesize'],
                               $_SESSION['user_id']);
                                 
$commands .= rcmail_js_contacts_list($sql_result);
  
program/steps/addressbook/save.inc
@@ -39,15 +39,13 @@
  if (sizeof($a_write_sql))
    {
    $DB->query(sprintf("UPDATE %s
                        SET    %s
                        WHERE  contact_id=%d
                        AND    user_id=%d
                        AND    del!='1'",
                       get_table_name('contacts'),
                       join(', ', $a_write_sql),
                       $_POST['_cid'],
                       $_SESSION['user_id']));
    $DB->query("UPDATE ".get_table_name('contacts')."
                SET    ".join(', ', $a_write_sql)."
                WHERE  contact_id=?
                AND    user_id=?
                AND    del<>'1'",
                $_POST['_cid'],
                $_SESSION['user_id']);
                       
    $updated = $DB->affected_rows();
    }
@@ -63,13 +61,12 @@
      $a_show_cols = array('name', 'email');
      $a_js_cols = array();
  
      $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                        WHERE  contact_id=%d
                                        AND    user_id=%d
                                        AND    del!='1'",
                               get_table_name('contacts'),
      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
                                WHERE  contact_id=?
                                AND    user_id=?
                                AND    del<>'1'",
                               $_POST['_cid'],
                               $_SESSION['user_id']));
                               $_SESSION['user_id']);
                         
      $sql_arr = $DB->fetch_assoc($sql_result);
      foreach ($a_show_cols as $col)
@@ -111,13 +108,10 @@
    
  if (sizeof($a_insert_cols))
    {
    $DB->query(sprintf("INSERT INTO %s
                        (user_id, %s)
                        VALUES (%d, %s)",
                       get_table_name('contacts'),
                       join(', ', $a_insert_cols),
                       $_SESSION['user_id'],
                       join(', ', $a_insert_values)));
    $DB->query("INSERT INTO ".get_table_name('contacts')."
                (user_id, ".join(', ', $a_insert_cols).")
                VALUES (?, ".join(', ', $a_insert_values).")",
                $_SESSION['user_id']);
                       
    $insert_id = $DB->insert_id();
    }
@@ -131,12 +125,11 @@
      {
      // add contact row or jump to the page where it should appear
      $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
      $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                        WHERE  contact_id=%d
                                        AND    user_id=%d",
                                       get_table_name('contacts'),
                                       $insert_id,
                                       $_SESSION['user_id']));
      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
                                WHERE  contact_id=?
                                AND    user_id=?",
                                $insert_id,
                                $_SESSION['user_id']);
      $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
      $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
program/steps/addressbook/show.inc
@@ -23,13 +23,12 @@
if ($_GET['_cid'] || $_POST['_cid'])
  {
  $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
  $DB->query(sprintf("SELECT * FROM %s
                      WHERE  contact_id=%d
                      AND    user_id=%d
                      AND    del!='1'",
                     get_table_name('contacts'),
                     $cid,
                     $_SESSION['user_id']));
  $DB->query("SELECT * FROM ".get_table_name('contacts')."
              WHERE  contact_id=?
              AND    user_id=?
              AND    del<>'1'",
              $cid,
              $_SESSION['user_id']);
  
  $CONTACT_RECORD = $DB->fetch_assoc();
  
program/steps/mail/addcontact.inc
@@ -29,13 +29,11 @@
    $contact = $contact_arr[1];
    if ($contact['mailto'])
      $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
                                        WHERE  user_id=%d
                                        AND    email='%s'
                                        AND    del!='1'",
                                       get_table_name('contacts'),
                                       $_SESSION['user_id'],
                                       $contact['mailto']));
      $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
                                WHERE  user_id=?
                                AND    email=?
                                AND    del<>'1'",
                                $_SESSION['user_id'],$contact['mailto']);
    // contact entry with this mail address exists
    if ($sql_result && $DB->num_rows($sql_result))
@@ -43,13 +41,12 @@
    else if ($contact['mailto'])
      {
      $DB->query(sprintf("INSERT INTO %s
                          (user_id, name, email)
                          VALUES (%d, '%s', '%s')",
                         get_table_name('contacts'),
                         $_SESSION['user_id'],
                         $contact['name'],
                         $contact['mailto']));
      $DB->query("INSERT INTO ".get_table_name('contacts')."
                  (user_id, name, email)
                  VALUES (?, ?, ?)",
                  $_SESSION['user_id'],
                  $contact['name'],
                  $contact['mailto']);
      $added = $DB->insert_id();
      }
program/steps/mail/compose.inc
@@ -87,13 +87,11 @@
          $field_attrib[$attr] = $value;
    
      // get this user's identities
      $sql_result = $DB->query(sprintf("SELECT identity_id, name, email
                                        FROM   %s
                                        WHERE  user_id=%d
                                        AND    del!='1'
                                        ORDER BY `default` DESC, name ASC",
                                       get_table_name('identities'),
                                       $_SESSION['user_id']));
      $sql_result = $DB->query("SELECT identity_id, name, email
                                FROM   ".get_table_name('identities')." WHERE  user_id=?
                                AND    del<>'1'
                                ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
                                $_SESSION['user_id']);
                                   
      if ($DB->num_rows($sql_result))
        {        
@@ -123,14 +121,11 @@
      if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
        {
        $a_recipients = array();
        $sql_result = $DB->query(sprintf("SELECT name, email
                                          FROM   %s
                                          WHERE  user_id=%d
                                          AND    del!='1'
                                          AND    contact_id IN (%s)",
                                         get_table_name('contacts'),
                                         $_SESSION['user_id'],
                                         $_GET['_to']));
        $sql_result = $DB->query("SELECT name, email
                                  FROM ".get_table_name('contacts')." WHERE user_id=?
                                  AND    del<>'1'
                                  AND    contact_id IN (".$_GET['_to'].")",
                                  $_SESSION['user_id']);
                                         
        while ($sql_arr = $DB->fetch_assoc($sql_result))
          $a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
@@ -559,12 +554,9 @@
/****** get contacts for this user and add them to client scripts ********/
$sql_result = $DB->query(sprintf("SELECT name, email
                                  FROM   %s
                                  WHERE  user_id=%d
                                  AND    del!='1'",
                                 get_table_name('contacts'),
                                 $_SESSION['user_id']));
$sql_result = $DB->query("SELECT name, email
                          FROM ".get_table_name('contacts')." WHERE  user_id=?
                          AND  del<>'1'",$_SESSION['user_id']);
                                   
if ($DB->num_rows($sql_result))
  {        
program/steps/mail/sendmail.inc
@@ -42,14 +42,12 @@
  global $DB;
  
  // get identity record
  $sql_result = $DB->query(sprintf("SELECT *, email AS mailto
                                    FROM   %s
                                    WHERE  identity_id=%d
                                    AND    user_id=%d
                                    AND    del!='1'",
                                   get_table_name('identities'),
                                   $id,
                                   $_SESSION['user_id']));
  $sql_result = $DB->query("SELECT *, email AS mailto
                            FROM ".get_table_name('identities')."
                            WHERE  identity_id=?
                            AND    user_id=?
                            AND    del<>'1'",
                            $id,$_SESSION['user_id']);
                                   
  if ($DB->num_rows($sql_result))
    {
program/steps/settings/delete_identity.inc
@@ -23,13 +23,11 @@
if ($_GET['_iid'])
  {
  $DB->query(sprintf("UPDATE %s
                      SET    del='1'
                      WHERE  user_id=%d
                      AND    identity_id IN (%s)",
                     get_table_name('identities'),
                     $_SESSION['user_id'],
                     $_GET['_iid']));
  $DB->query("UPDATE ".get_table_name('identities')."
              SET    del='1'
              WHERE  user_id=?
              AND    identity_id IN (".$_GET['_iid'].")",
              $_SESSION['user_id']);
  $count = $DB->affected_rows();
  if ($count)
program/steps/settings/edit_identity.inc
@@ -22,13 +22,12 @@
if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
  {
  $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
  $DB->query(sprintf("SELECT * FROM %s
                      WHERE  identity_id=%d
                      AND    user_id=%d
                      AND    del!='1'",
                     get_table_name('identities'),
                     $id,
                     $_SESSION['user_id']));
  $DB->query("SELECT * FROM ".get_table_name('identities')."
              WHERE  identity_id=?
              AND    user_id=?
              AND    del<>'1'",
              $id,
              $_SESSION['user_id']);
  
  $IDENTITY_RECORD = $DB->fetch_assoc();
  
program/steps/settings/func.inc
@@ -21,10 +21,9 @@
// get user record
$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s
                                  WHERE  user_id=%d",
                                 get_table_name('users'),
                                 $_SESSION['user_id']));
$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
                          WHERE  user_id=?",
                          $_SESSION['user_id']);
                                 
if ($USER_DATA = $DB->fetch_assoc($sql_result))
  $PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
@@ -143,12 +142,11 @@
  // get contacts from DB
  $sql_result = $DB->query(sprintf("SELECT * FROM %s
                                    WHERE  del!='1'
                                    AND    user_id=%d
                                    ORDER BY `default` DESC, name ASC",
                                   get_table_name('identities'),
                                   $_SESSION['user_id']));
  $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
                            WHERE  del<>'1'
                            AND    user_id=?
                            ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
                            $_SESSION['user_id']);
  // add id to message list table if not specified
program/steps/settings/save_identity.inc
@@ -38,15 +38,13 @@
  if (sizeof($a_write_sql))
    {
    $DB->query(sprintf("UPDATE %s
                        SET    %s
                        WHERE  identity_id=%d
                        AND    user_id=%d
                        AND    del!='1'",
                       get_table_name('identities'),
                       join(', ', $a_write_sql),
                       $_POST['_iid'],
                       $_SESSION['user_id']));
    $DB->query("UPDATE ".get_table_name('identities')."
                SET ".join(', ', $a_write_sql)."
                WHERE  identity_id=?
                AND    user_id=?
                AND    del<>'1'",
                $_POST['_iid'],
                $_SESSION['user_id']);
                       
    $updated = $DB->affected_rows();
    }
@@ -56,14 +54,13 @@
    show_message('successfullysaved', 'confirmation');
    // mark all other identities as 'not-default'
    $DB->query(sprintf("UPDATE %s
                        SET    `default`='0'
                        WHERE  identity_id!=%d
                        AND    user_id=%d
                        AND    del!='1'",
                       get_table_name('identities'),
                       $_POST['_iid'],
                       $_SESSION['user_id']));
    $DB->query("UPDATE ".get_table_name('identities')."
                SET ".$DB->quoteIdentifier('default')."='0'
                WHERE  identity_id!=?
                AND    user_id=?
                AND    del<>'1'",
                $_POST['_iid'],
                $_SESSION['user_id']);
    
    if ($_POST['_framed'])
      {
@@ -89,19 +86,16 @@
    if (!isset($_POST[$fname]))
      continue;
    
    $a_insert_cols[] = "`$col`";
    $a_insert_cols[] = $DB->quoteIdentifier($col);
    $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
    }
    
  if (sizeof($a_insert_cols))
    {
    $DB->query(sprintf("INSERT INTO %s
                        (user_id, %s)
                        VALUES (%d, %s)",
                       get_table_name('identities'),
                       join(', ', $a_insert_cols),
                       $_SESSION['user_id'],
                       join(', ', $a_insert_values)));
    $DB->query("INSERT INTO ".get_table_name('identities')."
                (user_id, ".join(', ', $a_insert_cols).")
                VALUES (?, ".join(', ', $a_insert_values).")",
                $_SESSION['user_id']);
                       
    $insert_id = $DB->insert_id();
    }
program/steps/settings/save_prefs.inc
@@ -35,14 +35,13 @@
  $sess_user_lang = $_SESSION['user_lang'] = $_POST['_language'];
$DB->query(sprintf("UPDATE %s
                    SET    preferences='%s',
                           language='%s'
                    WHERE  user_id=%d",
                   get_table_name('users'),
                   addslashes(serialize($a_user_prefs)),
                   $sess_user_lang,
                   $_SESSION['user_id']));
$DB->query("UPDATE ".get_table_name('users')."
            SET    preferences=?,
                   language=?
            WHERE  user_id=?",
            serialize($a_user_prefs),
            $sess_user_lang,
            $_SESSION['user_id']);
if ($DB->affected_rows())
  {