gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: 938baf07 | patch | commit | ignore whitespace

Till Brehm

2013-11-19 604c0c24ba44720e052b536abb1ae992eb0ee292

Code review.

66 files modified

	interface/lib/classes/aps_crawler.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/aps_guicontroller.inc.php	20 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/auth.inc.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/client_templates.inc.php	12 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/custom_datasource.inc.php	14 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/form.inc.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/lib/classes/plugin_backuplist.inc.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/login_as.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/remote_action_ispcupdate.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/remote_action_osupdate.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/server_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/server_ip_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/server_php_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/software_package_install.php	10 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/software_package_list.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/software_update_list.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/system_config_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/admin/users_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/client/client_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/client/client_message.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/client/reseller_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dashboard/dashlets/limits.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dashboard/dashlets/mailquota.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dashboard/dashlets/quota.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/dns/dns_wizard.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/help/faq_list.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/help/support_message_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/help/support_message_list.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_alias_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_aliasdomain_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_blacklist_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_domain_catchall_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_domain_edit.php	16 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_forward_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_get_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_spamfilter_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_transport_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_user_edit.php	12 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_user_filter_edit.php	158 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_user_stats.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/mail_whitelist_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_blacklist_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_config_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_policy_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_users_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mail/spamfilter_whitelist_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/index.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/mail_user_filter_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/mail_user_filter_list.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/mail_user_password_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/mailuser/mail_user_spamfilter_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/ajax_get_json.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/cron_edit.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/database_edit.php	30 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/database_user_edit.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/ftp_user_edit.php	22 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/shell_user_edit.php	10 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_aliasdomain_edit.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_domain_del.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_domain_edit.php	68 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_sites_stats.php	8 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_subdomain_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_vhost_subdomain_del.php	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_vhost_subdomain_edit.php	20 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/dns_import_tupa.php	22 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/tools/user_settings.php	10 ●●●●● patch \| view \| raw \| blame \| history

 interface/lib/classes/aps_crawler.inc.php

@@ -595,7 +595,7 @@
                foreach($incomplete_pkgs as $incomplete_pkg){
                    $pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
                    if($pkg_url != ''){
                        $app->db->datalogUpdate('aps_packages', "package_url = '".$pkg_url."'", 'id', $incomplete_pkg['id']);
                        $app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);
                    }
                }
            }

 interface/lib/classes/aps_guicontroller.inc.php

@@ -266,18 +266,18 @@
            unset($tmp);

            // get information if the webserver is a db server, too
            $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$websrv['server_id']);
            $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$app->functions->intval($websrv['server_id']));
            if($web_server['db_server'] == 1) {
                // create database on "localhost" (webserver)
                $mysql_db_server_id = $websrv['server_id'];
                $mysql_db_server_id = $app->functions->intval($websrv['server_id']);
                $mysql_db_host = 'localhost';
                $mysql_db_remote_access = 'n';
                $mysql_db_remote_ips = '';
            } else {
                //* get the default database server of the client
                $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$websrv['sys_groupid']);
                $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
                if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
                    $mysql_db_server_id =  $client['default_dbserver'];
                    $mysql_db_server_id =  $app->functions->intval($client['default_dbserver']);
                    $dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
                    $mysql_db_host = $dbserver_config['ip_address'];
                    $mysql_db_remote_access = 'y';
@@ -301,13 +301,13 @@

            //* Find a free db name for the app
            for($n = 1; $n <= 1000; $n++) {
                $mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
                $mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
                $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
                if($tmp['number'] == 0) break;
            }
            //* Find a free db username for the app
            for($n = 1; $n <= 1000; $n++) {
                $mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
                $mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
                $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
                if($tmp['number'] == 0) break;
            }
@@ -316,12 +316,12 @@

            //* Create the mysql database user
            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
                      VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
                      VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
            $mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');

            //* Create the mysql database
            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
                      VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
                      VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
            $app->db->datalogInsert('web_database', $insert_data, 'database_id');

            //* Add db details to package settings
@@ -332,7 +332,7 @@
        }

        //* Insert new package instance
        $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
        $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
        $InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');

        //* Insert all package settings
@@ -404,7 +404,7 @@
        $app->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog);
        */

        $sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
        $sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value =  aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$app->db->quote($instanceid)." LIMIT 0,1";
        $tmp = $app->db->queryOneRecord($sql);
        if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);


 interface/lib/classes/auth.inc.php

@@ -33,7 +33,7 @@

    public function get_user_id()
    {
        return $_SESSION['s']['user']['userid'];
        return $app->functions->intval($_SESSION['s']['user']['userid']);
    }

    public function is_admin() {
@@ -80,7 +80,9 @@
    public function get_client_limit($userid, $limitname)
    {
        global $app;

		
        $userid = $app->functions->intval($userid);
		
        // simple query cache
        if($this->client_limits===null)
            $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");

 interface/lib/classes/client_templates.inc.php

@@ -49,7 +49,7 @@

        if($old_style == true) {
            // we have to take care of this in an other way
            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
            if(is_array($in_db) && count($in_db) > 0) {
                foreach($in_db as $item) {
                    if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
@@ -61,24 +61,24 @@
                if($count > 0) {
                    // add new template to client (includes those from old-style without assigned_template_id)
                    for($i = $count; $i > 0; $i--) {
                        $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $tpl_id . ')');
                        $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
                    }
                } elseif($count < 0) {
                    // remove old ones
                    for($i = $count; $i < 0; $i++) {
                        $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $clientId . ' AND client_template_id = ' . $tpl_id . ' LIMIT 1');
                        $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
                    }
                }
            }
        } else {
            // we have to take care of this in an other way
            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
            if(is_array($in_db) && count($in_db) > 0) {
                // check which templates were removed from this client
                foreach($in_db as $item) {
                    if(in_array($item['assigned_template_id'], $used_assigned) == false) {
                        // delete this one
                        $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $item['assigned_template_id']);
                        $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
                    }
                }
            }
@@ -86,7 +86,7 @@
            if(count($new_tpl) > 0) {
                foreach($new_tpl as $item) {
                    // add new template to client (includes those from old-style without assigned_template_id)
                    $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $item . ')');
                    $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
                }
            }
        }

 interface/lib/classes/custom_datasource.inc.php

@@ -46,9 +46,9 @@

        if($_SESSION["s"]["user"]["typ"] == 'user') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_dnsserver'];
            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
        } else {
            $sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
        }
@@ -68,9 +68,9 @@

        if($_SESSION["s"]["user"]["typ"] == 'user') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_slave_dnsserver'];
            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
        } else {
            $sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
        }
@@ -99,7 +99,7 @@
        }
        if(count($server_ids) == 0) return array();
        $server_ids = implode(',', $server_ids);
        $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$server_ids.") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
        $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");

        $records_new = array();
        if(is_array($records)) {
@@ -146,12 +146,12 @@

        if($_SESSION["s"]["user"]["typ"] == 'user') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
            $client = $app->db->queryOneRecord($sql);
            if($client['server_id'] > 0) {
                //* Select the default server for the client
                $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['server_id'];
                $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
            } else {
                //* Not able to find the clients defaults, use this as fallback and add a warning message to the log
                $app->log('Unable to find default server for client in custom_datasource.inc.php', 1);

 interface/lib/classes/form.inc.php

@@ -1,5 +1,7 @@
<?php

die('Deprecated file: form.inc.php');

/*
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.

 interface/lib/classes/plugin_backuplist.inc.php

@@ -108,8 +108,8 @@
        }

        //* Get the data
        $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$this->form->id);
        $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." AND server_id = ".$web['server_id']." ORDER BY tstamp DESC, backup_type ASC";
        $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
        $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id = ".$app->functions->intval($web['server_id'])." ORDER BY tstamp DESC, backup_type ASC";
        $records = $app->db->queryAllRecords($sql);

        $bgcolor = "#FFFFFF";

 interface/web/admin/login_as.php

@@ -51,7 +51,7 @@
    $client_id = $app->functions->intval($_GET['cid']);
    $tmp_client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
    $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");
    $userId = $tmp_sys_user['userid'];
    $userId = $app->functions->intval($tmp_sys_user['userid']);
    unset($tmp_client);
    unset($tmp_sys_user);
    $backlink = 'client/client_list.php';

 interface/web/admin/remote_action_ispcupdate.php

@@ -81,7 +81,7 @@
    foreach ($servers as $serverId) {
        $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
            "VALUES (".
            (int)$serverId . ", " .
            $app->functions->intval($serverId) . ", " .
            time() . ", " .
            "'ispc_update', " .
            "'', " .

 interface/web/admin/remote_action_osupdate.php

@@ -76,7 +76,7 @@
    foreach ($servers as $serverId) {
        $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
            "VALUES (".
            (int)$serverId . ", " .
            $app->functions->intval($serverId) . ", " .
            time() . ", " .
            "'os_update', " .
            "'', " .

 interface/web/admin/server_edit.php

@@ -54,7 +54,7 @@
        global $app, $conf;

        // Getting Servers
        $sql = "SELECT server_id,server_name FROM server WHERE server_id != $this->id ORDER BY server_name";
        $sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";
        $mirror_servers = $app->db->queryAllRecords($sql);
        $mirror_server_select = '<option value="0">'.$app->tform->lng('- None -').'</option>';
        if(is_array($mirror_servers)) {

 interface/web/admin/server_ip_edit.php

@@ -56,7 +56,7 @@
        //* Check if the server has been changed
        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$this->id);
            $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));
            if($rec['server_id'] != $this->dataRecord["server_id"]) {
                //* Add a error message and switch back to old server
                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');

 interface/web/admin/server_php_edit.php

@@ -56,7 +56,7 @@
        //* Check if the server has been changed
        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
        if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {
            $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$this->id);
            $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$app->functions->intval($this->id));
            if($rec['server_id'] != $this->dataRecord["server_id"]) {
                //* Add a error message and switch back to old server
                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');

 interface/web/admin/software_package_install.php

@@ -50,7 +50,7 @@
//* verify the key
if($package['package_installable'] == 'key' && $install_key != '') {

    $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$package['software_repo_id']);
    $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));

    $client = new SoapClient(null, array('location' => $repo['repo_url'],
            'uri'      => $repo['repo_url']));
@@ -62,7 +62,7 @@
        $message_err = 'Verification of the key failed.';
    } else {
        // Store the verified key into the database
        $app->db->datalogUpdate('software_package', "package_key = '$install_key'", 'package_id', $package['package_id']);
        $app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
    }
} else {
    $message_ok = 'Please enter the software key for the package.';
@@ -70,7 +70,7 @@

//* Install packages, if all requirements are fullfilled.
if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {
    $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
    $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
    $tmp = $app->db->queryOneRecord($sql);
    $software_update_id = $tmp['software_update_id'];

@@ -118,7 +118,7 @@
            $app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);

            $sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
                    (1, 1, 'riud', 'riud', '', '$remote_user', '$remote_password_md5', '$remote_functions');";
                    (1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";

            $app->db->query($sql);

@@ -127,7 +127,7 @@
    }

    //* Add the record to start the install process
    $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$install_server_id', '$software_update_id','installing')";
    $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
    $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
    $message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";


 interface/web/admin/software_package_list.php

@@ -49,7 +49,7 @@
        if(is_array($packages)) {
            foreach($packages as $p) {
                $package_name = $app->db->quote($p['name']);
                $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '$package_name'");
                $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");

                $package_title = $app->db->quote($p['title']);
                $package_description = $app->db->quote($p['description']);
@@ -150,7 +150,7 @@
    foreach($packages as $key => $p) {
        $installed_txt = '';
        foreach($servers as $s) {
            $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".addslashes($p["package_name"])."' AND server_id = '".$s["server_id"]."'");
            $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
            $version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];

            if($inst['status'] == 'installed') {

 interface/web/admin/software_update_list.php

@@ -161,11 +161,11 @@
    foreach($installed_packages as $ip) {

        // Get version number of the latest installed version
        $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$server_id." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
        $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
        $lu = $app->db->queryOneRecord($sql);

        // Get all installable updates
        $sql = "SELECT * FROM software_update WHERE v1 >= $lu[v1] AND v2 >= $lu[v2] AND v3 >= $lu[v3] AND v4 >= $lu[v4] AND package_name = '$ip[package_name]' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
        $sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
        $updates = $app->db->queryAllRecords($sql);
        //die($sql);


 interface/web/admin/system_config_edit.php

@@ -178,7 +178,7 @@
        if($server_config_array['misc']['maintenance_mode'] == 'y'){
            //print_r($_SESSION);
            //echo $_SESSION['s']['id'];
            $app->db->query("DELETE FROM sys_session WHERE session_id != '".$_SESSION['s']['id']."'");
            $app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
        }
    }


 interface/web/admin/users_edit.php

@@ -77,7 +77,7 @@
        global $app, $conf;

        $client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);
        $client_id = $client['client_id'];
        $client_id = $app->functions->intval($client['client_id']);
        $username = $app->db->quote($this->dataRecord["username"]);
        $old_username = $app->db->quote($this->oldDataRecord['username']);


 interface/web/client/client_edit.php

@@ -58,7 +58,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another website.

 interface/web/client/client_message.php

@@ -65,7 +65,7 @@
                $tmp_client_ids = explode(',', $circle['client_ids']);
                $where = array();
                foreach($tmp_client_ids as $tmp_client_id){
                    $where[] = 'client_id = '.$tmp_client_id;
                    $where[] = 'client_id = '.$app->functions->intval($tmp_client_id);
                }
                if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')';
                $sql = "SELECT * FROM client WHERE email != ''".$where_clause;

 interface/web/client/reseller_edit.php

@@ -60,7 +60,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another website.
@@ -83,7 +83,7 @@
        if($_SESSION["s"]["user"]["typ"] == 'user' && $this->id == 0) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another website.
@@ -156,7 +156,7 @@

        $username = $app->db->quote($this->dataRecord["username"]);
        $password = $app->db->quote($this->dataRecord["password"]);
        $modules = $conf['interface_modules_enabled'] . ',client';
        $modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
        $startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';
        $usertheme = $app->db->quote($this->dataRecord["usertheme"]);
        $type = 'user';
@@ -247,7 +247,7 @@

        // reseller status changed
        if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
            $modules = $conf['interface_modules_enabled'] . ',client';
            $modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
            $modules = $app->db->quote($modules);
            $client_id = $this->id;
            $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";

 interface/web/dashboard/dashlets/limits.php

@@ -127,7 +127,7 @@
        $tpl->setVar('is_admin', $user_is_admin);

        if($user_is_admin == false) {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
        }

@@ -157,7 +157,7 @@
    function _get_limit_usage($limit) {
        global $app;

        $sql = "SELECT count(sys_userid) as number FROM ".$limit['db_table']." WHERE ";
        $sql = "SELECT count(sys_userid) as number FROM ".$app->db->quote($limit['db_table'])." WHERE ";
        if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
        $sql .= $app->tform->getAuthSQL('r');
        $rec = $app->db->queryOneRecord($sql);

 interface/web/dashboard/dashlets/mailquota.php

@@ -31,7 +31,7 @@
        }
        //print_r($monitor_data);
        if($_SESSION["s"]["user"]["typ"] != 'admin'){
            $sql_where = " AND sys_groupid = ".$_SESSION['s']['user']['default_group'];
            $sql_where = " AND sys_groupid = ".intval($_SESSION['s']['user']['default_group']);
        }

        $has_mailquota = false;

 interface/web/dashboard/dashlets/quota.php

@@ -25,7 +25,7 @@
        }
        //print_r($monitor_data);
        if($_SESSION["s"]["user"]["typ"] != 'admin'){
            $sql_where = " AND sys_groupid = ".$_SESSION['s']['user']['default_group'];
            $sql_where = " AND sys_groupid = ".$app->functions->intval($_SESSION['s']['user']['default_group']);
        }

        $has_quota = false;

 interface/web/dns/dns_wizard.php

@@ -98,14 +98,14 @@
if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

    // Get the limits of the client
    $client_group_id = $_SESSION["s"]["user"]["default_group"];
    $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
    $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    // load the list of clients
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id']);
    $clients = $app->db->queryAllRecords($sql);
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
    $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
    if(is_array($clients)) {
        foreach( $clients as $client) {
@@ -118,7 +118,7 @@
}


$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");
$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
$fields = explode(',', $template_record['fields']);
if(is_array($fields)) {
    foreach($fields as $field) {

 interface/web/help/faq_list.php

@@ -18,7 +18,7 @@
// Optional limit
$hf_section = 0;
if(isset($_GET['hfs_id']))
    $hf_section = preg_replace("/[^0-9]/", "", $_GET['hfs_id']);
    $hf_section = $app->functions->intval(preg_replace("/[^0-9]/", "", $_GET['hfs_id']));

// if section id is not specified in the url, choose the first existing section
if(!$hf_section)

 interface/web/help/support_message_edit.php

@@ -33,7 +33,7 @@

        //* Get recipient email address
        if($this->dataRecord['recipient_id'] > 1){
            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$this->dataRecord['recipient_id']." AND sys_user.client_id = client.client_id";
            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." AND sys_user.client_id = client.client_id";
            $client = $app->db->queryOneRecord($sql);
            $recipient_email = $client['email'];
        } else {
@@ -44,7 +44,7 @@

        //* Get sender email address
        if($this->dataRecord['sender_id'] > 1){
            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$this->dataRecord['sender_id']." AND sys_user.client_id = client.client_id";
            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['sender_id'])." AND sys_user.client_id = client.client_id";
            $client = $app->db->queryOneRecord($sql);
            $sender_email = $client['email'];
        } else {
@@ -113,7 +113,7 @@
        global $app, $conf;

        if($_SESSION['s']['user']['typ'] == 'admin') {
            $app->db->query("UPDATE support_message SET sys_userid = ".$this->dataRecord['recipient_id']." WHERE support_message_id = ".$this->id);
            $app->db->query("UPDATE support_message SET sys_userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." WHERE support_message_id = ".$this->id);
        }

    }

 interface/web/help/support_message_list.php

@@ -12,7 +12,7 @@
$app->uses('listform_actions');

//* Optional limit
$app->listform_actions->SQLExtWhere = "support_message.recipient_id = ".$_SESSION['s']['user']['userid'];
$app->listform_actions->SQLExtWhere = "support_message.recipient_id = ".$app->functions->intval($_SESSION['s']['user']['userid']);

//* Start the form rendering and action ahndling
$app->listform_actions->onLoad();

 interface/web/mail/mail_alias_edit.php

@@ -107,7 +107,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -124,7 +124,7 @@
        // compose the email field
        $this->dataRecord["source"] = $_POST["email_local_part"]."@".$app->functions->idn_encode($_POST["email_domain"]);
        // Set the server id of the mailbox = server ID of mail domain.
        $this->dataRecord["server_id"] = $domain["server_id"];
        $this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);

        unset($this->dataRecord["email_local_part"]);
        unset($this->dataRecord["email_domain"]);
@@ -150,7 +150,7 @@
        global $app;

        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

    }


 interface/web/mail/mail_aliasdomain_edit.php

@@ -120,7 +120,7 @@
        $this->dataRecord["source"] = "@".$app->db->quote($this->dataRecord["source"]);
        $this->dataRecord["destination"] = "@".$app->db->quote($this->dataRecord["destination"]);
        // Set the server id of the mailbox = server ID of mail domain.
        $this->dataRecord["server_id"] = $domain["server_id"];
        $this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);

        parent::onSubmit();
    }
@@ -129,7 +129,7 @@
        global $app;

        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

    }


 interface/web/mail/mail_blacklist_edit.php

@@ -89,7 +89,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/mail_domain_catchall_edit.php

@@ -100,7 +100,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another catchall
@@ -128,7 +128,7 @@
        global $app;

        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

    }


 interface/web/mail/mail_domain_edit.php

@@ -97,9 +97,9 @@
            unset($tmp);

            // Fill the client select field
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY sys_group.name";
            $clients = $app->db->queryAllRecords($sql);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
            //$tmp_data_record = $app->tform->getDataRecord($this->id);
            if(is_array($clients)) {
@@ -147,7 +147,7 @@


        // Get the spamfilter policys for the user
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '@".$this->dataRecord["domain"]."'");
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->dataRecord["domain"])."'");
        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
        $policys = $app->db->queryAllRecords($sql);
        $policy_select = "<option value='0'>".$app->tform->wordbook["no_policy"]."</option>";
@@ -192,7 +192,7 @@
        if($_SESSION["s"]["user"]["typ"] != 'admin') {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // When the record is updated
@@ -251,7 +251,7 @@
                $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);
                // We create a new record
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$app->functions->intval($tmp_domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($this->dataRecord["server_id"]).", 5, ".$app->functions->intval($policy_id).", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
                unset($tmp_domain);
            }
@@ -315,7 +315,7 @@
                $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);
                // We create a new record
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$this->dataRecord["server_id"].", 5, ".$policy_id.", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$tmp_domain["sys_groupid"].", 'riud', 'riud', '', ".$app->functions->intval($this->dataRecord["server_id"]).", 5, ".$app->functions->intval($policy_id).", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";
                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
                unset($tmp_domain);
            }
@@ -332,9 +332,9 @@

            //* Update the mailboxes
            $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($this->oldDataRecord['domain'])."'");
            $sys_groupid = (isset($this->dataRecord['client_group_id']))?$this->dataRecord['client_group_id']:$this->oldDataRecord['sys_groupid'];
            $sys_groupid = $app->functions->intval((isset($this->dataRecord['client_group_id']))?$this->dataRecord['client_group_id']:$this->oldDataRecord['sys_groupid']);
            $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");
            $client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;
            $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);
            if(is_array($mailusers)) {
                foreach($mailusers as $rec) {
                    // setting Maildir, Homedir, UID and GID

 interface/web/mail/mail_forward_edit.php

@@ -99,7 +99,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailforward FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.
@@ -132,7 +132,7 @@
        global $app;

        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

    }


 interface/web/mail/mail_get_edit.php

@@ -78,7 +78,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_fetchmail FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another transport.
@@ -109,7 +109,7 @@
        global $app;

        $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
        $app->db->query("update mail_get SET sys_groupid = ".$tmp['sys_groupid']." WHERE mailget_id = ".$this->id);
        $app->db->query("update mail_get SET sys_groupid = ".$app->functions->intval($tmp['sys_groupid'])." WHERE mailget_id = ".$this->id);

    }


 interface/web/mail/mail_spamfilter_edit.php

@@ -76,7 +76,7 @@
        }

        // Changing maildir to mailbox_id
        $sql = "SELECT mailbox_id FROM mail_box WHERE maildir = '".$this->dataRecord["spam_redirect_maildir"]."' AND ".$app->tform->getAuthSQL('r');
        $sql = "SELECT mailbox_id FROM mail_box WHERE maildir = '".$app->db->quote($this->dataRecord["spam_redirect_maildir"])."' AND ".$app->tform->getAuthSQL('r');
        $mailbox = $app->db->queryOneRecord($sql);
        $this->dataRecord["spam_redirect_maildir"] = $mailbox["mailbox_id"];


 interface/web/mail/mail_transport_edit.php

@@ -133,7 +133,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailrouting FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another transport.

 interface/web/mail/mail_user_edit.php

@@ -92,7 +92,7 @@
        unset($domain_select);

        // Get the spamfilter policys for the user
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$this->dataRecord["email"]."'");
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
        $policys = $app->db->queryAllRecords($sql);
        $policy_select = "<option value='0'>".$app->tform->lng("no_policy")."</option>";
@@ -152,7 +152,7 @@
        //* Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailbox, limit_mailquota FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


@@ -234,7 +234,7 @@

        // Set the domain owner as mailbox owner
        $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
        $app->db->query("UPDATE mail_user SET sys_groupid = ".$domain["sys_groupid"]." WHERE mailuser_id = ".$this->id);
        $app->db->query("UPDATE mail_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE mailuser_id = ".$this->id);

        // Spamfilter policy
        $policy_id = $app->functions->intval($this->dataRecord["policy"]);
@@ -246,7 +246,7 @@
            } else {
                // We create a new record
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
                        VALUES (".$app->functions->intval($_SESSION["s"]["user"]["userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
            }
        }  // endif spamfilter policy
@@ -270,7 +270,7 @@
        // Set the domain owner as mailbox owner
        if(isset($_POST["email_domain"])) {
            $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
            $app->db->query("UPDATE mail_user SET sys_groupid = ".$domain["sys_groupid"]." WHERE mailuser_id = ".$this->id);
            $app->db->query("UPDATE mail_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE mailuser_id = ".$this->id);

            // Spamfilter policy
            $policy_id = $app->functions->intval($this->dataRecord["policy"]);
@@ -282,7 +282,7 @@
                } else {
                    // We create a new record
                    $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                            VALUES (".$_SESSION["s"]["user"]["userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
                            VALUES (".$app->functions->intval($_SESSION["s"]["user"]["userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";
                    $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
                }
            }else {

 interface/web/mail/mail_user_filter_edit.php

@@ -84,7 +84,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another filter
@@ -99,162 +99,6 @@

        parent::onSubmit();
    }

    /*
    function onAfterInsert() {
        global $app, $conf;

        $this->onAfterUpdate();

        $app->db->query("UPDATE mail_user_filter SET sys_groupid = ".$mailuser['sys_groupid']." WHERE filter_id = ".$this->id);
    }

    function onAfterUpdate() {
        global $app, $conf;

        $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]);
        $skip = false;
        $lines = explode("\n",$mailuser['custom_mailfilter']);
        $out = '';
        $found = false;

        foreach($lines as $line) {
            $line = rtrim($line);
            if($line == '### BEGIN FILTER_ID:'.$this->id) {
                $skip = true;
                $found = true;
            }
            if($skip == false && $line != '') $out .= $line ."\n";
            if($line == '### END FILTER_ID:'.$this->id) {
                $out .= $this->getRule();
                $skip = false;
            }
        }

        // We did not found our rule, so we add it now as first rule.
        if($found == false) {
            $new_rule = $this->getRule();
            $out = $new_rule . $out;
        }

        $out = $app->db->quote($out);
        $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]);

    }

    function getRule() {

        global $app,$conf;

        $app->uses("getconf");
        $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ".$app->functions->intval($this->dataRecord["mailuser_id"]));
        $mail_config = $app->getconf->get_server_config($app->functions->intval($mailuser_rec["server_id"]),'mail');

        if($mail_config['mail_filter_syntax'] == 'sieve') {

            // #######################################################
            // Filter in Sieve Syntax
            // #######################################################

            $content = '';
            $content .= '### BEGIN FILTER_ID:'.$this->id."\n";

            //$content .= 'require ["fileinto", "regex", "vacation"];'."\n";

            $content .= 'if header :regex    ["'.strtolower($this->dataRecord["source"]).'"] ["';

            $searchterm = preg_quote($this->dataRecord["searchterm"]);

            if($this->dataRecord["op"] == 'contains') {
                $content .= ".*".$searchterm;
            } elseif ($this->dataRecord["op"] == 'is') {
                $content .= $searchterm."$";
            } elseif ($this->dataRecord["op"] == 'begins') {
                $content .= " ".$searchterm."";
            } elseif ($this->dataRecord["op"] == 'ends') {
                $content .= ".*".$searchterm."$";
            }

            $content .= '"] {'."\n";

            if($this->dataRecord["action"] == 'move') {
                $content .= '    fileinto "'.$this->dataRecord["target"].'";' . "\n";
            } else {
                $content .= "    discard;\n";
            }

            $content .= "    stop;\n}\n";

            $content .= '### END FILTER_ID:'.$this->id."\n";

        } else {

            // #######################################################
            // Filter in Maildrop Syntax
            // #######################################################
            $content = '';
            $content .= '### BEGIN FILTER_ID:'.$this->id."\n";

            $TargetNoQuotes = $this->dataRecord["target"];
            $TargetQuotes = "\"$TargetNoQuotes\"";

            $TestChDirNoQuotes = '$DEFAULT/.'.$TargetNoQuotes;
            $TestChDirQuotes = "\"$TestChDirNoQuotes\"";

            $MailDirMakeNoQuotes = $TargetQuotes.' $DEFAULT';

            $EchoTargetFinal = $TargetNoQuotes;


            if($this->dataRecord["action"] == 'move') {

            $content .= "
`test -e ".$TestChDirQuotes." && exit 1 || exit 0`
if ( ".'$RETURNCODE'." != 1 )
{
    `maildirmake -f $MailDirMakeNoQuotes`
    `chmod -R 0700 ".$TestChDirQuotes."`
    `echo \"INBOX.$EchoTargetFinal\" >> ".'$DEFAULT'."/courierimapsubscribed`
}
";
            }

            $content .= "if (/^".$this->dataRecord["source"].":";

            $searchterm = preg_quote($this->dataRecord["searchterm"]);

            if($this->dataRecord["op"] == 'contains') {
                $content .= ".*".$searchterm."/:h)\n";
            } elseif ($this->dataRecord["op"] == 'is') {
                $content .= $searchterm."$/:h)\n";
            } elseif ($this->dataRecord["op"] == 'begins') {
                $content .= " ".$searchterm."/:h)\n";
            } elseif ($this->dataRecord["op"] == 'ends') {
                $content .= ".*".$searchterm."$/:h)\n";
            }

            $content .= "{\n";
            $content .= "exception {\n";

            if($this->dataRecord["action"] == 'move') {
                $content .= 'ID' . "$this->id" . 'EndFolder = "$DEFAULT/.' . $this->dataRecord['target'] . '/"' . "\n";
                $content .= "to ". '$ID' . "$this->id" . 'EndFolder' . "\n";
            } else {
                $content .= "to /dev/null\n";
            }

            $content .= "}\n";
            $content .= "}\n";

            //}

            $content .= '### END FILTER_ID:'.$this->id."\n";

        }

        return $content;
    }
    */

}


 interface/web/mail/mail_user_stats.php

@@ -32,22 +32,22 @@
        //* Set the statistics colums
        //** Traffic of the current month
        $tmp_date = date('Y-m');
        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$rec['mailuser_id']." AND month = '$tmp_date'");
        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");
        $rec['this_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');

        //** Traffic of the current year
        $tmp_date = date('Y');
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$rec['mailuser_id']." AND month like '$tmp_date%'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");
        $rec['this_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');

        //** Traffic of the last month
        $tmp_date = date('Y-m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$rec['mailuser_id']." AND month = '$tmp_date'");
        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");
        $rec['last_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');

        //** Traffic of the last year
        $tmp_date = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$rec['mailuser_id']." AND month like '$tmp_date%'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");
        $rec['last_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');

        //* The variable "id" contains always the index variable

 interface/web/mail/mail_whitelist_edit.php

@@ -88,7 +88,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/spamfilter_blacklist_edit.php

@@ -89,7 +89,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/spamfilter_config_edit.php

@@ -83,7 +83,7 @@
        $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
        $server_config_str = $app->ini_parser->get_ini_string($server_config_array);

        $sql = "UPDATE server SET config = '".$app->db->quote($server_config_str)."' WHERE server_id = ".$server_id;
        $sql = "UPDATE server SET config = '".$app->db->quote($server_config_str)."' WHERE server_id = ".$app->functions->intval($server_id);
        $app->db->query($sql);
    }


 interface/web/mail/spamfilter_policy_edit.php

@@ -71,7 +71,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_policy FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/spamfilter_users_edit.php

@@ -87,7 +87,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mail/spamfilter_whitelist_edit.php

@@ -89,7 +89,7 @@
        // Check the client limits, if user is not the admin
        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another mailbox.

 interface/web/mailuser/index.php

@@ -17,7 +17,7 @@
include $lng_file;
$app->tpl->setVar($wb);

$sql = "SELECT * FROM mail_user WHERE mailuser_id = ".$_SESSION['s']['user']['mailuser_id'];
$sql = "SELECT * FROM mail_user WHERE mailuser_id = ".$app->functions->intval($_SESSION['s']['user']['mailuser_id']);
$rec = $app->db->queryOneRecord($sql);

if($rec['quota'] == 0) {
@@ -30,7 +30,7 @@

$app->tpl->setVar($rec);

$sql2 = "SELECT * FROM server WHERE server_id = ".$rec['server_id'];
$sql2 = "SELECT * FROM server WHERE server_id = ".$app->functions->intval($rec['server_id']);
$rec2 = $app->db->queryOneRecord($sql2);

$app->tpl->setVar($rec2);

 interface/web/mailuser/mail_user_filter_edit.php

@@ -83,7 +83,7 @@
        // Check the client limits if the email address is assigned to a client
        if($_SESSION["s"]["user"]["default_group"] > 0) { // if user is not admin
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Check if the user may add another filter

 interface/web/mailuser/mail_user_filter_list.php

@@ -24,7 +24,7 @@

$list = new list_action;

$list->SQLExtWhere = "mail_user_filter.mailuser_id = ".$_SESSION['s']['user']['mailuser_id'];
$list->SQLExtWhere = "mail_user_filter.mailuser_id = ".$app->functions->intval($_SESSION['s']['user']['mailuser_id']);

$list->onLoad();


 interface/web/mailuser/mail_user_password_edit.php

@@ -52,7 +52,7 @@

    function onSubmit() {

        $this->id = $_SESSION['s']['user']['mailuser_id'];
        $this->id = $app->functions->intval($_SESSION['s']['user']['mailuser_id']);

        parent::onSubmit();


 interface/web/mailuser/mail_user_spamfilter_edit.php

@@ -52,7 +52,7 @@

    function onShow() {

        $this->id = $_SESSION['s']['user']['mailuser_id'];
        $this->id = $app->functions->intval($_SESSION['s']['user']['mailuser_id']);

        parent::onShow();

@@ -61,7 +61,7 @@
    function onSubmit() {
        global $app;

        $this->id = $_SESSION['s']['user']['mailuser_id'];
        $this->id = $app->functions->intval($_SESSION['s']['user']['mailuser_id']);

        parent::onSubmit();

@@ -85,7 +85,7 @@
            } else {
                // We create a new record
                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)
                        VALUES (".$domain["sys_userid"].", ".$domain["sys_groupid"].", 'riud', 'riud', '', ".$domain["server_id"].", 10, ".$policy_id.", '".$app->db->quote($rec["email"])."', '".$app->db->quote($rec["email"])."', 'Y')";
                        VALUES (".$app->functions->intval($domain["sys_userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($rec["email"])."', '".$app->db->quote($rec["email"])."', 'Y')";
                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');
            }
        }else {
@@ -103,7 +103,7 @@
        $app->tpl->setVar("email", $rec['email']);

        // Get the spamfilter policys for the user
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$rec['email']."'");
        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($rec['email'])."'");
        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');
        $policys = $app->db->queryAllRecords($sql);
        $policy_select = "<option value='0'>".$app->tform->lng("no_policy")."</option>";

 interface/web/sites/ajax_get_json.php

@@ -74,7 +74,7 @@

    //* Client: If the logged in user is not admin and has no sub clients (no reseller)
    if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
        $sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"] . ")";
        $sql_where = " AND (client_id = 0 OR client_id = ".$app->functions->intval($_SESSION["s"]["user"]["client_id"]) . ")";
        //* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
    } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
        $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");
@@ -158,7 +158,7 @@
    $sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
    $group = $app->db->queryOneRecord($sql);
    if($group) {
        $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = '" . $group['sys_groupid'] . "'";
        $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = '" . $app->functions->intval($group['sys_groupid']) . "'";
        $records = $app->db->queryAllRecords($sql);

        $tmp_array = array();

 interface/web/sites/cron_edit.php

@@ -86,7 +86,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // When the record is updated
@@ -139,7 +139,7 @@
        //* last chance to stop this, so check frequency limit!
        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_cron_frequency FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client["limit_cron_frequency"] > 1) {
@@ -164,7 +164,7 @@
        //* last chance to stop this, so check frequency limit!
        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_cron_frequency FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client["limit_cron_frequency"] > 1) {
@@ -190,7 +190,7 @@
        $server_id = $web["server_id"];

        // The cron shall be owned by the same group then the website
        $sys_groupid = $web['sys_groupid'];
        $sys_groupid = $app->functions->intval($web['sys_groupid']);

        $sql = "UPDATE cron SET server_id = $server_id, sys_groupid = '$sys_groupid' WHERE id = ".$this->id;
        $app->db->query($sql);

 interface/web/sites/database_edit.php

@@ -72,22 +72,22 @@
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Set the webserver to the default server of the client
            $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_dbserver]");
            $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dbserver']));
            $app->tpl->setVar("server_id", "<option value='$client[default_dbserver]'>$tmp[server_name]</option>");
            unset($tmp);

        } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, default_webserver, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Set the webserver to the default server of the client
            $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_webserver]");
            $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_webserver']));
            $app->tpl->setVar("server_id", "<option value='$client[default_webserver]'>$tmp[server_name]</option>");
            unset($tmp);

@@ -141,7 +141,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT default_dbserver, limit_database FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // When the record is updated
@@ -242,11 +242,11 @@
        }

        //* Check for duplicates
        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."' AND database_id != '".$this->id."'");
        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."' AND database_id != '".$this->id."'");
        if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';

        // get the web server ip (parent domain)
        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$this->dataRecord['parent_domain_id']."'");
        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
        if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {
            // we need remote access rights for this server, so get it's ip address
            $server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
@@ -310,11 +310,11 @@
        }

        //* Check for duplicates
        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$this->dataRecord['database_name']."' AND server_id = '".$this->dataRecord["server_id"]."'");
        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."'");
        if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';

        // get the web server ip (parent domain)
        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$this->dataRecord['parent_domain_id']."'");
        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");
        if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {
            // we need remote access rights for this server, so get it's ip address
            $server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');
@@ -380,9 +380,9 @@
            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));

            //* The Database user shall be owned by the same group then the website
            $sys_groupid = $web['sys_groupid'];
            $backup_interval = $web['backup_interval'];
            $backup_copies = $web['backup_copies'];
            $sys_groupid = $app->functions->intval($web['sys_groupid']);
            $backup_interval = $app->functions->intval($web['backup_interval']);
            $backup_copies = $app->functions->intval($web['backup_copies']);

            $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$this->id;
            $app->db->query($sql);
@@ -396,9 +396,9 @@
            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));

            //* The Database user shall be owned by the same group then the website
            $sys_groupid = $web['sys_groupid'];
            $backup_interval = $web['backup_interval'];
            $backup_copies = $web['backup_copies'];
            $sys_groupid = $app->functions->intval($web['sys_groupid']);
            $backup_interval = $app->functions->intval($web['backup_interval']);
            $backup_copies = $app->functions->intval($web['backup_copies']);

            $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$this->id;
            $app->db->query($sql);

 interface/web/sites/database_user_edit.php

@@ -65,13 +65,13 @@

        if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            // Fill the client select field
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY sys_group.name";
            $records = $app->db->queryAllRecords($sql);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';
            //$tmp_data_record = $app->tform->getDataRecord($this->id);
            if(is_array($records)) {

 interface/web/sites/ftp_user_edit.php

@@ -134,13 +134,13 @@
        global $app, $conf;

        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
        $server_id = $web["server_id"];
        $dir = $web["document_root"];
        $uid = $web["system_user"];
        $gid = $web["system_group"];
        $server_id = $app->functions->intval($web["server_id"]);
        $dir = $app->db->quote($web["document_root"]);
        $uid = $app->db->quote($web["system_user"]);
        $gid = $app->db->quote($web["system_group"]);

        // The FTP user shall be owned by the same group then the website
        $sys_groupid = $web['sys_groupid'];
        $sys_groupid = $app->functions->intval($web['sys_groupid']);

        $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;
        $app->db->query($sql);
@@ -173,13 +173,13 @@
        //* When the site of the FTP user has been changed
        if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {
            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
            $server_id = $web["server_id"];
            $dir = $web["document_root"];
            $uid = $web["system_user"];
            $gid = $web["system_group"];
            $server_id = $app->functions->intval($web["server_id"]);
            $dir = $app->db->quote($web["document_root"]);
            $uid = $app->db->quote($web["system_user"]);
            $gid = $app->db->quote($web["system_group"]);

            // The FTP user shall be owned by the same group then the website
            $sys_groupid = $web['sys_groupid'];
            $sys_groupid = $app->functions->intval($web['sys_groupid']);

            $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;
            $app->db->query($sql);
@@ -194,7 +194,7 @@
            if($error_message != '') {
                $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");
                $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($ftp_data["parent_domain_id"]));
                $dir = $web["document_root"];
                $dir = $app->db->quote($web["document_root"]);
                $sql = "UPDATE ftp_user SET dir = '$dir' WHERE ftp_user_id = ".$this->id;
                $app->db->query($sql);
                $app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1);

 interface/web/sites/shell_user_edit.php

@@ -158,13 +158,13 @@
        global $app, $conf;

        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));
        $server_id = $web["server_id"];
        $dir = $web["document_root"];
        $puser = $web["system_user"];
        $pgroup = $web["system_group"];
        $server_id = $app->functions->intval($web["server_id"]);
        $dir = $app->db->quote($web["document_root"]);
        $uid = $app->db->quote($web["system_user"]);
        $gid = $app->db->quote($web["system_group"]);

        // The FTP user shall be owned by the same group then the website
        $sys_groupid = $web['sys_groupid'];
        $sys_groupid = $app->functions->intval($web['sys_groupid']);

        $sql = "UPDATE shell_user SET server_id = $server_id, dir = '$dir', puser = '$puser', pgroup = '$pgroup', sys_groupid = '$sys_groupid' WHERE shell_user_id = ".$this->id;
        $app->db->query($sql);

 interface/web/sites/web_aliasdomain_edit.php

@@ -177,7 +177,7 @@

            //* Update the old website, so that the vhost alias gets removed
            //* We force the update by inserting a transaction record without changes manually.
            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$this->oldDataRecord['domain_id']);
            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$app->functions->intval($this->oldDataRecord['domain_id']));
            $app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $this->oldDataRecord['parent_domain_id'], $old_website, $old_website, true);
        }


 interface/web/sites/web_domain_del.php

@@ -94,7 +94,7 @@
        //* Delete all records that belog to this web.
        $web_domain = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
        if($web_domain['domain'] != ''){
            $aps_instances = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$web_domain['domain']."'");
            $aps_instances = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($web_domain['domain'])."'");
            if(is_array($aps_instances) && !empty($aps_instances)){
                foreach($aps_instances as $aps_instance){
                    if($aps_instance['instance_id'] > 0){
@@ -109,7 +109,7 @@
        $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
        foreach($records as $rec) {
            //* Delete all web folder users
            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$rec['web_folder_id']."'");
            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($rec['web_folder_id'])."'");
            foreach($records2 as $rec2) {
                $app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec2['web_folder_user_id']);
            }

 interface/web/sites/web_domain_edit.php

@@ -76,7 +76,7 @@
            }

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.default_webserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
            $app->tpl->setVar("server_id_value", $client['default_webserver']);
        }
@@ -96,7 +96,7 @@
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.limit_web_domain, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Get global web config
@@ -108,7 +108,7 @@
            unset($tmp);

            //* Fill the IPv4 select field with the IP addresses that are allowed for this client
            $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$client['default_webserver']." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
            $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$app->functions->intval($client['default_webserver'])." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")";
            $ips = $app->db->queryAllRecords($sql);
            $ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";
            //$ip_select = "";
@@ -123,7 +123,7 @@
            unset($ips);

            //* Fill the IPv6 select field with the IP addresses that are allowed for this client
            $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".intval($client['default_webserver'])." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
            $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$app->functions->intval($client['default_webserver'])." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")";
            $ips = $app->db->queryAllRecords($sql);
            $ip_select = "<option value=''></option>";
            //$ip_select = "";
@@ -142,10 +142,10 @@
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $this->dataRecord['server_id'] : intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            if($this->dataRecord['php'] == 'fast-cgi'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $this->dataRecord['server_id'] : intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -170,21 +170,21 @@
        } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_domain, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Get global web config
            $web_config = $app->getconf->get_server_config($client['default_webserver'], 'web');

            // Set the webserver to the default server of the client
            $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".intval($client['default_webserver']));
            $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_webserver']));
            $app->tpl->setVar("server_id", "<option value='$client[default_webserver]'>$tmp[server_name]</option>");
            unset($tmp);

            // Fill the client select field
            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
            $records = $app->db->queryAllRecords($sql);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
            //$tmp_data_record = $app->tform->getDataRecord($this->id);
            if(is_array($records)) {
@@ -199,7 +199,7 @@
            $app->tpl->setVar("client_group_id", $client_select);

            //* Fill the IPv4 select field with the IP addresses that are allowed for this client
            $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".intval($client['default_webserver'])." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
            $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$app->functions->intval($client['default_webserver'])." AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")";
            $ips = $app->db->queryAllRecords($sql);
            $ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";
            //$ip_select = "";
@@ -214,7 +214,7 @@
            unset($ips);

            //* Fill the IPv6 select field with the IP addresses that are allowed for this client
            $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".intval($client['default_webserver'])." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";
            $sql = "SELECT ip_address FROM server_ip WHERE server_id = ".$app->functions->intval($client['default_webserver'])." AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")";
            $ips = $app->db->queryAllRecords($sql);
            $ip_select = "<option value=''></option>";
            //$ip_select = "";
@@ -232,14 +232,14 @@
            $server_type = 'apache';
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $selected_client_group_id");
            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ".$app->functions->intval($selected_client_group_id));
            //$sql_where = " AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id']." OR client_id = ".intval($selected_client['client_id']).")";
            $sql_where = " AND (client_id = 0 OR client_id = ".intval($selected_client['client_id']).")";
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $this->dataRecord['server_id'] : intval($client['default_webserver'])).$sql_where);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver'])).$sql_where);
            }
            if($this->dataRecord['php'] == 'fast-cgi') {
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $this->dataRecord['server_id'] : intval($client['default_webserver'])).$sql_where);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver'])).$sql_where);
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -281,7 +281,7 @@
            $web_config = $app->getconf->get_server_config($server_id, 'web');

            //* Fill the IPv4 select field
            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = $server_id";
            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = ".$app->functions->intval($server_id);
            $ips = $app->db->queryAllRecords($sql);
            $ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";
            //$ip_select = "";
@@ -296,7 +296,7 @@
            unset($ips);

            //* Fill the IPv6 select field
            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = $server_id";
            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = ".$app->functions->intval($server_id);
            $ips = $app->db->queryAllRecords($sql);
            $ip_select = "<option value=''></option>";
            //$ip_select = "";
@@ -331,14 +331,14 @@
            $server_type = 'apache';
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $selected_client_group_id");
            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ".$app->functions->intval($selected_client_group_id));
            //$sql_where = " AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id']." OR client_id = ".intval($selected_client['client_id']).")";
            $sql_where = " AND (client_id = 0 OR client_id = ".intval($selected_client['client_id']).")";
            $sql_where = " AND (client_id = 0 OR client_id = ".$app->functions->intval($selected_client['client_id']).")";
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = $server_id".$sql_where);
            }
            if($this->dataRecord['php'] == 'fast-cgi') {
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = $server_id".$sql_where);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($server_id).$sql_where);
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -462,7 +462,7 @@

        // check for configuration errors in sys_datalog
        if($this->id > 0) {
            $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = 'domain_id:".$this->id."' AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC");
            $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = 'domain_id:".$app->functions->intval($this->id)."' AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC");
            if(is_array($datalog) && !empty($datalog)){
                if(trim($datalog['error']) != ''){
                    $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));
@@ -513,7 +513,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, default_webserver, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = '-';
@@ -567,7 +567,7 @@

            if($client['parent_client_id'] > 0) {
                // Get the limits of the reseller
                $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, default_webserver, limit_web_quota FROM client WHERE client_id = ".$client['parent_client_id']);
                $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, default_webserver, limit_web_quota FROM client WHERE client_id = ".$app->functions->intval($client['parent_client_id']));

                //* Check the website quota of the client
                if(isset($_POST["hd_quota"]) && $reseller["limit_web_quota"] >= 0 && $_POST["hd_quota"] != $old_web_values["hd_quota"]) {
@@ -754,7 +754,7 @@

        // get the ID of the client
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");
            $client_id = $app->functions->intval($client["client_id"]);
        } else {
@@ -855,7 +855,7 @@

        // get the ID of the client
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");
            $client_id = $app->functions->intval($client["client_id"]);
        } elseif (isset($this->dataRecord["client_group_id"])) {
@@ -886,7 +886,7 @@
            // Update the FTP user(s) too
            $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('ftp_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $rec['ftp_user_id']);
                $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));
            }
            unset($records);
            unset($rec);
@@ -894,7 +894,7 @@
            // Update the Shell user(s) too
            $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $rec['shell_user_id']);
                $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id']));
            }
            unset($records);
            unset($rec);
@@ -919,7 +919,7 @@
            //* Update all databases
            $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('web_database', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'", 'database_id', $rec['database_id']);
                $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id']));
            }
            unset($records);
            unset($rec);
@@ -938,10 +938,10 @@
            unset($subdomain);

            // Update APS instances
            $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$this->oldDataRecord["domain"]."'");
            $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($this->oldDataRecord["domain"])."'");
            if(is_array($records) && !empty($records)){
                foreach($records as $rec){
                    $app->db->datalogUpdate('aps_instances_settings', "value = '".$this->dataRecord["domain"]."'", 'id', $rec['id']);
                    $app->db->datalogUpdate('aps_instances_settings', "value = '".$app->db->quote($this->dataRecord["domain"])."'", 'id', $rec['id']);
                    // Reinstall of package needed?
                    //$app->db->datalogUpdate('aps_instances', "instance_status = '1'", 'id', $rec['instance_id']);
                }
@@ -960,7 +960,7 @@
        if(empty($web_rec['php_open_basedir']) ||
            (!empty($this->dataRecord["domain"]) && !empty($this->oldDataRecord["domain"]) && $this->dataRecord["domain"] != $this->oldDataRecord["domain"])) {
            $php_open_basedir = $web_rec['php_open_basedir'];
            $php_open_basedir = str_replace($this->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir);
            $php_open_basedir = $app->db->quote(str_replace($this->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir));
            $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id;
            $app->db->query($sql);
        }
@@ -976,8 +976,8 @@
        //* Change database backup options when web backup options have been changed
        if(isset($this->dataRecord['backup_interval']) && ($this->dataRecord['backup_interval'] != $this->oldDataRecord['backup_interval'] || $this->dataRecord['backup_copies'] != $this->oldDataRecord['backup_copies'])) {
            //* Update all databases
            $backup_interval = $this->dataRecord['backup_interval'];
            $backup_copies = $this->dataRecord['backup_copies'];
            $backup_interval = $app->functions->intval($this->dataRecord['backup_interval']);
            $backup_copies = $app->functions->intval($this->dataRecord['backup_copies']);
            $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('web_database', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'database_id', $rec['database_id']);
@@ -992,7 +992,7 @@
        if(isset($this->dataRecord['ip_address']) && ($this->dataRecord['ip_address'] != $this->oldDataRecord['ip_address'] || $this->dataRecord['ipv6_address'] != $this->oldDataRecord['ipv6_address'])) {
            $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE type = 'vhostsubdomain' AND parent_domain_id = ".$this->id);
            foreach($records as $rec) {
                $app->db->datalogUpdate('web_domain', "ip_address = '".$web_rec['ip_address']."', ipv6_address = '".$web_rec['ipv6_address']."'", 'domain_id', $rec['domain_id']);
                $app->db->datalogUpdate('web_domain', "ip_address = '".$app->db->quote($web_rec['ip_address'])."', ipv6_address = '".$app->db->quote($web_rec['ipv6_address'])."'", 'domain_id', $rec['domain_id']);
            }
            unset($records);
            unset($rec);
@@ -1010,7 +1010,7 @@
                $app->tform->datalogSave('DELETE', $d["domain_id"], $d, array());
            }

            $app->db->query("DELETE FROM web_domain WHERE domain_id = ".$d["domain_id"]." LIMIT 0,1");
            $app->db->query("DELETE FROM web_domain WHERE domain_id = ".$app->functions->intval($d["domain_id"])." LIMIT 0,1");
        }
        unset($child_domains);
        unset($d);

 interface/web/sites/web_sites_stats.php

@@ -38,25 +38,25 @@
        //** Traffic of the current month
        $tmp_year = date('Y');
        $tmp_month = date('m');
        $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$rec['domain']."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
        $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
        $rec['this_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
        $this->sum_this_month += ($tmp_rec['t']/1024/1024);

        //** Traffic of the current year
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$rec['domain']."' AND YEAR(traffic_date) = '$tmp_year'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");
        $rec['this_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
        $this->sum_this_year += ($tmp_rec['t']/1024/1024);

        //** Traffic of the last month
        $tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
        $tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$rec['domain']."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");
        $rec['last_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
        $this->sum_last_month += ($tmp_rec['t']/1024/1024);

        //** Traffic of the last year
        $tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$rec['domain']."' AND YEAR(traffic_date) = '$tmp_year'");
        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");
        $rec['last_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');
        $this->sum_last_year += ($tmp_rec['t']/1024/1024);


 interface/web/sites/web_subdomain_edit.php

@@ -184,8 +184,8 @@

            //* Update the old website, so that the vhost alias gets removed
            //* We force the update by inserting a transaction record without changes manually.
            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$this->oldDataRecord['domain_id']);
            $app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $this->oldDataRecord['parent_domain_id'], $old_website, $old_website, true);
            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$app->functions->intval($this->oldDataRecord['domain_id']));
            $app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $app->functions->intval($this->oldDataRecord['parent_domain_id']), $old_website, $old_website, true);
        }

    }

 interface/web/sites/web_vhost_subdomain_del.php

@@ -56,7 +56,7 @@
        $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");
        foreach($records as $rec) {
            //* Delete all web folder users
            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$rec['web_folder_id']."'");
            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($rec['web_folder_id'])."'");
            foreach($records2 as $rec2) {
                $app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec2['web_folder_user_id']);
            }

 interface/web/sites/web_vhost_subdomain_edit.php

@@ -91,7 +91,7 @@
        if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.limit_web_subdomain, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Get global web config
@@ -102,10 +102,10 @@
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$parent_domain['server_id']." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            if($this->dataRecord['php'] == 'fast-cgi'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$parent_domain['server_id']." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -130,7 +130,7 @@
        } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            //* Get global web config
@@ -141,10 +141,10 @@
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$parent_domain['server_id']." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            if($this->dataRecord['php'] == 'fast-cgi') {
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$parent_domain['server_id']." AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")");
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -176,10 +176,10 @@
            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';
            if($this->dataRecord['php'] == 'php-fpm'){
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = " . $parent_domain['server_id']);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = " . $app->functions->intval($parent_domain['server_id']));
            }
            if($this->dataRecord['php'] == 'fast-cgi') {
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = " . $parent_domain['server_id']);
                $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = " . $app->functions->intval($parent_domain['server_id']));
            }
            $php_select = "<option value=''>Default</option>";
            if(is_array($php_records) && !empty($php_records)) {
@@ -381,7 +381,7 @@

        if($_SESSION["s"]["user"]["typ"] != 'admin') {
            // Get the limits of the client
            $client_group_id = $_SESSION["s"]["user"]["default_group"];
            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
            $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

            if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = '-';
@@ -419,7 +419,7 @@

            if($client['parent_client_id'] > 0) {
                // Get the limits of the reseller
                $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, limit_web_quota FROM client WHERE client_id = ".$client['parent_client_id']);
                $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, limit_web_quota FROM client WHERE client_id = ".$app->functions->intval($client['parent_client_id']));

                //* Check the traffic quota of the client
                if(isset($_POST["traffic_quota"]) && $reseller["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {

 interface/web/tools/dns_import_tupa.php

@@ -89,15 +89,15 @@
                $soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ".$domain['id']);
                if(is_array($soa)) {
                    $parts = explode(' ', $soa['content']);
                    $origin = addot($soa['name']);
                    $ns = addot($parts[0]);
                    $mbox = addot($parts[1]);
                    $serial = $parts[2];
                    $origin = $app->db->quote(addot($soa['name']));
                    $ns = $app->db->quote(addot($parts[0]));
                    $mbox = $app->db->quote(addot($parts[1]));
                    $serial = $app->db->quote($parts[2]);
                    $refresh = 7200;
                    $retry =  540;
                    $expire = 604800;
                    $minimum = 86400;
                    $ttl = $soa['ttl'];
                    $ttl = $app->db->quote($soa['ttl']);

                    $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`) VALUES
                    ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '')";
@@ -111,15 +111,15 @@
                        foreach($records as $rec) {
                            $rr = array();

                            $rr['name'] = addot($rec['name']);
                            $rr['type'] = $rec['type'];
                            $rr['aux'] = $rec['prio'];
                            $rr['ttl'] = $rec['ttl'];
                            $rr['name'] = $app->db->quote(addot($rec['name']));
                            $rr['type'] = $app->db->quote($rec['type']);
                            $rr['aux'] = $app->db->quote($rec['prio']);
                            $rr['ttl'] = $app->db->quote($rec['ttl']);

                            if($rec['type'] == 'NS' || $rec['type'] == 'MX' || $rec['type'] == 'CNAME') {
                                $rr['data'] = addot($rec['content']);
                                $rr['data'] = $app->db->quote(addot($rec['content']));
                            } else {
                                $rr['data'] = $rec['content'];
                                $rr['data'] = $app->db->quote($rec['content']);
                            }

                            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES

 interface/web/tools/user_settings.php

@@ -63,7 +63,7 @@
        $app->tform->loadFormDef($tform_def_file);

        // Importing ID
        $this->id = $_SESSION['s']['user']['userid'];
        $this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
        $_POST['id'] = $_SESSION['s']['user']['userid'];

        if(count($_POST) > 1) {
@@ -86,8 +86,12 @@
        if($_POST['passwort'] != $_POST['repeat_password']) {
            $app->tform->errorMessage = $app->tform->lng('password_mismatch');
        }
        $_SESSION['s']['user']['language'] = $_POST['language'];
        $_SESSION['s']['language'] = $_POST['language'];
        if(preg_match('/[a-z]{2}/',$_POST['language'])) {
            $_SESSION['s']['user']['language'] = $_POST['language'];
            $_SESSION['s']['language'] = $_POST['language'];
        } else {
            $app->error('Invalid language.');
        }
    }

			@@ -595,7 +595,7 @@
			foreach($incomplete_pkgs as $incomplete_pkg){
			$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
			if($pkg_url != ''){
			$app->db->datalogUpdate('aps_packages', "package_url = '".$pkg_url."'", 'id', $incomplete_pkg['id']);
			$app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);
			}
			}
			}

			@@ -266,18 +266,18 @@
			unset($tmp);

			// get information if the webserver is a db server, too
			$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ".$websrv['server_id']);
			$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ".$app->functions->intval($websrv['server_id']));
			if($web_server['db_server'] == 1) {
			// create database on "localhost" (webserver)
			$mysql_db_server_id = $websrv['server_id'];
			$mysql_db_server_id = $app->functions->intval($websrv['server_id']);
			$mysql_db_host = 'localhost';
			$mysql_db_remote_access = 'n';
			$mysql_db_remote_ips = '';
			} else {
			//* get the default database server of the client
			$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$websrv['sys_groupid']);
			$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
			if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
			$mysql_db_server_id = $client['default_dbserver'];
			$mysql_db_server_id = $app->functions->intval($client['default_dbserver']);
			$dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
			$mysql_db_host = $dbserver_config['ip_address'];
			$mysql_db_remote_access = 'y';
			@@ -301,13 +301,13 @@

			//* Find a free db name for the app
			for($n = 1; $n <= 1000; $n++) {
			$mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));
			$mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
			$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
			if($tmp['number'] == 0) break;
			}
			//* Find a free db username for the app
			for($n = 1; $n <= 1000; $n++) {
			$mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));
			$mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
			$tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
			if($tmp['number'] == 0) break;
			}
			@@ -316,12 +316,12 @@

			//* Create the mysql database user
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
			VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
			VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '$mysql_db_user', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('$mysql_db_password'))";
			$mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');

			//* Create the mysql database
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
			VALUES( ".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', $mysql_db_server_id, ".$websrv['domain_id'].", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$websrv['backup_copies'].", 'y', '".$websrv['backup_interval']."')";
			VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '$mysql_db_name', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
			$app->db->datalogInsert('web_database', $insert_data, 'database_id');

			//* Add db details to package settings
			@@ -332,7 +332,7 @@
			}

			//* Insert new package instance
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$websrv['sys_userid'].", ".$websrv['sys_groupid'].", 'riud', '".$websrv['sys_perm_group']."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
			$InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');

			//* Insert all package settings
			@@ -404,7 +404,7 @@
			$app->db->datalogSave('aps', 'INSERT', 'id', $instanceid, array(), $datalog);
			*/

			$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value = aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
			$sql = "SELECT web_database.database_id as database_id FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.value = aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$app->db->quote($instanceid)." LIMIT 0,1";
			$tmp = $app->db->queryOneRecord($sql);
			if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);

			@@ -33,7 +33,7 @@

			public function get_user_id()
			{
			return $_SESSION['s']['user']['userid'];
			return $app->functions->intval($_SESSION['s']['user']['userid']);
			}

			public function is_admin() {
			@@ -80,7 +80,9 @@
			public function get_client_limit($userid, $limitname)
			{
			global $app;


			$userid = $app->functions->intval($userid);

			// simple query cache
			if($this->client_limits===null)
			$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");

			@@ -49,7 +49,7 @@

			if($old_style == true) {
			// we have to take care of this in an other way
			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
			if(is_array($in_db) && count($in_db) > 0) {
			foreach($in_db as $item) {
			if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
			@@ -61,24 +61,24 @@
			if($count > 0) {
			// add new template to client (includes those from old-style without assigned_template_id)
			for($i = $count; $i > 0; $i--) {
			$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $tpl_id . ')');
			$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
			}
			} elseif($count < 0) {
			// remove old ones
			for($i = $count; $i < 0; $i++) {
			$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $clientId . ' AND client_template_id = ' . $tpl_id . ' LIMIT 1');
			$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
			}
			}
			}
			} else {
			// we have to take care of this in an other way
			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $clientId);
			$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
			if(is_array($in_db) && count($in_db) > 0) {
			// check which templates were removed from this client
			foreach($in_db as $item) {
			if(in_array($item['assigned_template_id'], $used_assigned) == false) {
			// delete this one
			$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $item['assigned_template_id']);
			$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
			}
			}
			}
			@@ -86,7 +86,7 @@
			if(count($new_tpl) > 0) {
			foreach($new_tpl as $item) {
			// add new template to client (includes those from old-style without assigned_template_id)
			$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $clientId . ', ' . $item . ')');
			$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
			}
			}
			}

			@@ -46,9 +46,9 @@

			if($_SESSION["s"]["user"]["typ"] == 'user') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_dnsserver'];
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
			} else {
			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
			}
			@@ -68,9 +68,9 @@

			if($_SESSION["s"]["user"]["typ"] == 'user') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_slave_dnsserver'];
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
			} else {
			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
			}
			@@ -99,7 +99,7 @@
			}
			if(count($server_ids) == 0) return array();
			$server_ids = implode(',', $server_ids);
			$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$server_ids.") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
			$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");

			$records_new = array();
			if(is_array($records)) {
			@@ -146,12 +146,12 @@

			if($_SESSION["s"]["user"]["typ"] == 'user') {
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
			$client = $app->db->queryOneRecord($sql);
			if($client['server_id'] > 0) {
			//* Select the default server for the client
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['server_id'];
			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
			} else {
			//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
			$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);

			@@ -1,5 +1,7 @@
			<?php

			die('Deprecated file: form.inc.php');

			/*
			Copyright (c) 2007, Till Brehm, projektfarm Gmbh
			All rights reserved.

			@@ -108,8 +108,8 @@
			}

			//* Get the data
			$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$this->form->id);
			$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$this->form->id." AND server_id = ".$web['server_id']." ORDER BY tstamp DESC, backup_type ASC";
			$web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));
			$sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id = ".$app->functions->intval($web['server_id'])." ORDER BY tstamp DESC, backup_type ASC";
			$records = $app->db->queryAllRecords($sql);

			$bgcolor = "#FFFFFF";

			@@ -51,7 +51,7 @@
			$client_id = $app->functions->intval($_GET['cid']);
			$tmp_client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
			$tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");
			$userId = $tmp_sys_user['userid'];
			$userId = $app->functions->intval($tmp_sys_user['userid']);
			unset($tmp_client);
			unset($tmp_sys_user);
			$backlink = 'client/client_list.php';

			@@ -81,7 +81,7 @@
			foreach ($servers as $serverId) {
			$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
			"VALUES (".
			(int)$serverId . ", " .
			$app->functions->intval($serverId) . ", " .
			time() . ", " .
			"'ispc_update', " .
			"'', " .

			@@ -76,7 +76,7 @@
			foreach ($servers as $serverId) {
			$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
			"VALUES (".
			(int)$serverId . ", " .
			$app->functions->intval($serverId) . ", " .
			time() . ", " .
			"'os_update', " .
			"'', " .

			@@ -54,7 +54,7 @@
			global $app, $conf;

			// Getting Servers
			$sql = "SELECT server_id,server_name FROM server WHERE server_id != $this->id ORDER BY server_name";
			$sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";
			$mirror_servers = $app->db->queryAllRecords($sql);
			$mirror_server_select = '<option value="0">'.$app->tform->lng('- None -').'</option>';
			if(is_array($mirror_servers)) {

			@@ -56,7 +56,7 @@
			//* Check if the server has been changed
			// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
			if($_SESSION["s"]["user"]["typ"] == 'admin' \|\| $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
			$rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$this->id);
			$rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));
			if($rec['server_id'] != $this->dataRecord["server_id"]) {
			//* Add a error message and switch back to old server
			$app->tform->errorMessage .= $app->lng('The Server can not be changed.');

			@@ -50,7 +50,7 @@
			//* verify the key
			if($package['package_installable'] == 'key' && $install_key != '') {

			$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$package['software_repo_id']);
			$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));

			$client = new SoapClient(null, array('location' => $repo['repo_url'],
			'uri' => $repo['repo_url']));
			@@ -62,7 +62,7 @@
			$message_err = 'Verification of the key failed.';
			} else {
			// Store the verified key into the database
			$app->db->datalogUpdate('software_package', "package_key = '$install_key'", 'package_id', $package['package_id']);
			$app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
			}
			} else {
			$message_ok = 'Please enter the software key for the package.';
			@@ -70,7 +70,7 @@

			//* Install packages, if all requirements are fullfilled.
			if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' \|\| $install_key_verified == true)) {
			$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
			$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
			$tmp = $app->db->queryOneRecord($sql);
			$software_update_id = $tmp['software_update_id'];

			@@ -118,7 +118,7 @@
			$app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);

			$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
			(1, 1, 'riud', 'riud', '', '$remote_user', '$remote_password_md5', '$remote_functions');";
			(1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";

			$app->db->query($sql);

			@@ -127,7 +127,7 @@
			}

			//* Add the record to start the install process
			$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$install_server_id', '$software_update_id','installing')";
			$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
			$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
			$message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";

			@@ -49,7 +49,7 @@
			if(is_array($packages)) {
			foreach($packages as $p) {
			$package_name = $app->db->quote($p['name']);
			$tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '$package_name'");
			$tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");

			$package_title = $app->db->quote($p['title']);
			$package_description = $app->db->quote($p['description']);
			@@ -150,7 +150,7 @@
			foreach($packages as $key => $p) {
			$installed_txt = '';
			foreach($servers as $s) {
			$inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".addslashes($p["package_name"])."' AND server_id = '".$s["server_id"]."'");
			$inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
			$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];

			if($inst['status'] == 'installed') {

			@@ -161,11 +161,11 @@
			foreach($installed_packages as $ip) {

			// Get version number of the latest installed version
			$sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$server_id." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
			$sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";
			$lu = $app->db->queryOneRecord($sql);

			// Get all installable updates
			$sql = "SELECT * FROM software_update WHERE v1 >= $lu[v1] AND v2 >= $lu[v2] AND v3 >= $lu[v3] AND v4 >= $lu[v4] AND package_name = '$ip[package_name]' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
			$sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";
			$updates = $app->db->queryAllRecords($sql);
			//die($sql);

			@@ -178,7 +178,7 @@
			if($server_config_array['misc']['maintenance_mode'] == 'y'){
			//print_r($_SESSION);
			//echo $_SESSION['s']['id'];
			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$_SESSION['s']['id']."'");
			$app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");
			}
			}

			@@ -77,7 +77,7 @@
			global $app, $conf;

			$client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);
			$client_id = $client['client_id'];
			$client_id = $app->functions->intval($client['client_id']);
			$username = $app->db->quote($this->dataRecord["username"]);
			$old_username = $app->db->quote($this->oldDataRecord['username']);

			@@ -58,7 +58,7 @@
			if($_SESSION["s"]["user"]["typ"] == 'user') {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another website.

			@@ -65,7 +65,7 @@
			$tmp_client_ids = explode(',', $circle['client_ids']);
			$where = array();
			foreach($tmp_client_ids as $tmp_client_id){
			$where[] = 'client_id = '.$tmp_client_id;
			$where[] = 'client_id = '.$app->functions->intval($tmp_client_id);
			}
			if(!empty($where)) $where_clause = ' AND ('.implode(' OR ', $where).')';
			$sql = "SELECT * FROM client WHERE email != ''".$where_clause;

			@@ -60,7 +60,7 @@
			if($_SESSION["s"]["user"]["typ"] == 'user') {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another website.
			@@ -83,7 +83,7 @@
			if($_SESSION["s"]["user"]["typ"] == 'user' && $this->id == 0) {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another website.
			@@ -156,7 +156,7 @@

			$username = $app->db->quote($this->dataRecord["username"]);
			$password = $app->db->quote($this->dataRecord["password"]);
			$modules = $conf['interface_modules_enabled'] . ',client';
			$modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
			$startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';
			$usertheme = $app->db->quote($this->dataRecord["usertheme"]);
			$type = 'user';
			@@ -247,7 +247,7 @@

			// reseller status changed
			if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
			$modules = $conf['interface_modules_enabled'] . ',client';
			$modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');
			$modules = $app->db->quote($modules);
			$client_id = $this->id;
			$sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";

			@@ -127,7 +127,7 @@
			$tpl->setVar('is_admin', $user_is_admin);

			if($user_is_admin == false) {
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
			}

			@@ -157,7 +157,7 @@
			function _get_limit_usage($limit) {
			global $app;

			$sql = "SELECT count(sys_userid) as number FROM ".$limit['db_table']." WHERE ";
			$sql = "SELECT count(sys_userid) as number FROM ".$app->db->quote($limit['db_table'])." WHERE ";
			if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
			$sql .= $app->tform->getAuthSQL('r');
			$rec = $app->db->queryOneRecord($sql);

			@@ -31,7 +31,7 @@
			}
			//print_r($monitor_data);
			if($_SESSION["s"]["user"]["typ"] != 'admin'){
			$sql_where = " AND sys_groupid = ".$_SESSION['s']['user']['default_group'];
			$sql_where = " AND sys_groupid = ".intval($_SESSION['s']['user']['default_group']);
			}

			$has_mailquota = false;

			@@ -25,7 +25,7 @@
			}
			//print_r($monitor_data);
			if($_SESSION["s"]["user"]["typ"] != 'admin'){
			$sql_where = " AND sys_groupid = ".$_SESSION['s']['user']['default_group'];
			$sql_where = " AND sys_groupid = ".$app->functions->intval($_SESSION['s']['user']['default_group']);
			}

			$has_quota = false;

			@@ -98,14 +98,14 @@
			if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {

			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


			// load the list of clients
			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id'];
			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id']);
			$clients = $app->db->queryAllRecords($sql);
			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));
			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
			$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
			if(is_array($clients)) {
			foreach( $clients as $client) {
			@@ -118,7 +118,7 @@
			}


			$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");
			$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");
			$fields = explode(',', $template_record['fields']);
			if(is_array($fields)) {
			foreach($fields as $field) {

			@@ -18,7 +18,7 @@
			// Optional limit
			$hf_section = 0;
			if(isset($_GET['hfs_id']))
			$hf_section = preg_replace("/[^0-9]/", "", $_GET['hfs_id']);
			$hf_section = $app->functions->intval(preg_replace("/[^0-9]/", "", $_GET['hfs_id']));

			// if section id is not specified in the url, choose the first existing section
			if(!$hf_section)

			@@ -33,7 +33,7 @@

			//* Get recipient email address
			if($this->dataRecord['recipient_id'] > 1){
			$sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$this->dataRecord['recipient_id']." AND sys_user.client_id = client.client_id";
			$sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." AND sys_user.client_id = client.client_id";
			$client = $app->db->queryOneRecord($sql);
			$recipient_email = $client['email'];
			} else {
			@@ -44,7 +44,7 @@

			//* Get sender email address
			if($this->dataRecord['sender_id'] > 1){
			$sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$this->dataRecord['sender_id']." AND sys_user.client_id = client.client_id";
			$sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['sender_id'])." AND sys_user.client_id = client.client_id";
			$client = $app->db->queryOneRecord($sql);
			$sender_email = $client['email'];
			} else {
			@@ -113,7 +113,7 @@
			global $app, $conf;

			if($_SESSION['s']['user']['typ'] == 'admin') {
			$app->db->query("UPDATE support_message SET sys_userid = ".$this->dataRecord['recipient_id']." WHERE support_message_id = ".$this->id);
			$app->db->query("UPDATE support_message SET sys_userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." WHERE support_message_id = ".$this->id);
			}

			}

			@@ -12,7 +12,7 @@
			$app->uses('listform_actions');

			//* Optional limit
			$app->listform_actions->SQLExtWhere = "support_message.recipient_id = ".$_SESSION['s']['user']['userid'];
			$app->listform_actions->SQLExtWhere = "support_message.recipient_id = ".$app->functions->intval($_SESSION['s']['user']['userid']);

			//* Start the form rendering and action ahndling
			$app->listform_actions->onLoad();

			@@ -107,7 +107,7 @@
			// Check the client limits, if user is not the admin
			if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another mailbox.
			@@ -124,7 +124,7 @@
			// compose the email field
			$this->dataRecord["source"] = $_POST["email_local_part"]."@".$app->functions->idn_encode($_POST["email_domain"]);
			// Set the server id of the mailbox = server ID of mail domain.
			$this->dataRecord["server_id"] = $domain["server_id"];
			$this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);

			unset($this->dataRecord["email_local_part"]);
			unset($this->dataRecord["email_domain"]);
			@@ -150,7 +150,7 @@
			global $app;

			$domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));
			$app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
			$app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

			}

			@@ -120,7 +120,7 @@
			$this->dataRecord["source"] = "@".$app->db->quote($this->dataRecord["source"]);
			$this->dataRecord["destination"] = "@".$app->db->quote($this->dataRecord["destination"]);
			// Set the server id of the mailbox = server ID of mail domain.
			$this->dataRecord["server_id"] = $domain["server_id"];
			$this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);

			parent::onSubmit();
			}
			@@ -129,7 +129,7 @@
			global $app;

			$domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
			$app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
			$app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);

			}

			@@ -89,7 +89,7 @@
			// Check the client limits, if user is not the admin
			if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
			// Get the limits of the client
			$client_group_id = $_SESSION["s"]["user"]["default_group"];
			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
			$client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

			// Check if the user may add another mailbox.