diff --git a/frontend/api.local.php b/frontend/api.local.php index 7a7e128..d323008 100644 --- a/frontend/api.local.php +++ b/frontend/api.local.php @@ -24,8 +24,7 @@ if(isset($_GET['key']) && $_GET['key'] == $settings['local_api_key']) switch($_GET['action']) { case "verify_user": - $sUsername = mysql_real_escape_string($_GET['username']); - if($result = mysql_query_cached("SELECT * FROM users WHERE `Username` = '{$sUsername}'")) + if($result = $database->CachedQuery("SELECT * FROM users WHERE `Username` = :Username", array(":Username" => $_GET['username']))) { $sUser = new User($result); @@ -58,15 +57,14 @@ if(isset($_GET['key']) && $_GET['key'] == $settings['local_api_key']) case "list_vps": if(!empty($_GET['userid'])) { - $sUserId = (is_numeric($_GET['userid'])) ? $_GET['userid'] : 0; - $query = "SELECT * FROM containers WHERE `UserId` = '{$sUserId}'"; + $result = $database->CachedQuery("SELECT * FROM containers WHERE `UserId` = :UserId", array(":UserId" => $_GET['userid'])); } else { - $query = "SELECT * FROM containers"; + $result = $database->CachedQuery("SELECT * FROM containers"); } - if($result = mysql_query_cached($query)) + if($result) { $sVpses = array(); diff --git a/frontend/classes/user.php b/frontend/classes/user.php index d5c4f48..9a2f528 100644 --- a/frontend/classes/user.php +++ b/frontend/classes/user.php @@ -52,7 +52,7 @@ class User extends CPHPDatabaseRecordClass public function GetVpsCount() { - if($result = mysql_query_cached("SELECT * FROM containers WHERE `UserId` = '{$this->sId}'")) + if($result = $database->CachedQuery("SELECT * FROM containers WHERE `UserId` = :UserId", array(":UserId" => $this->sId))) { return count($result->data); } diff --git a/frontend/cron.15.php b/frontend/cron.15.php index 0c88dbd..e9db17c 100644 --- a/frontend/cron.15.php +++ b/frontend/cron.15.php @@ -14,7 +14,7 @@ $_CVM = true; require("includes/include.base.php"); -if($result = mysql_query_cached("SELECT * FROM containers")) +if($result = $database->CachedQuery("SELECT * FROM containers")) { foreach($result->data as $row) { diff --git a/frontend/modules/admin/node/list.php b/frontend/modules/admin/node/list.php index 80fca76..5e0324e 100644 --- a/frontend/modules/admin/node/list.php +++ b/frontend/modules/admin/node/list.php @@ -15,7 +15,7 @@ if(!isset($_CVM)) { die("Unauthorized."); } $sNodeList = array(); -if($result = mysql_query_cached("SELECT * FROM nodes")) +if($result = $database->CachedQuery("SELECT * FROM nodes")) { foreach($result->data as $row) { diff --git a/frontend/modules/admin/node/lookup.php b/frontend/modules/admin/node/lookup.php index 1a3c127..7b4e204 100644 --- a/frontend/modules/admin/node/lookup.php +++ b/frontend/modules/admin/node/lookup.php @@ -17,7 +17,7 @@ try { $sNode = new Node($router->uParameters[1]); - if($result = mysql_query_cached("SELECT * FROM containers WHERE `NodeId` = '{$sNode->sId}'")) + if($result = $database->CachedQuery("SELECT * FROM containers WHERE `NodeId` = :NodeId", array(":NodeId" => $sNode->sId))) { foreach($result->data as $row) { diff --git a/frontend/modules/admin/user/list.php b/frontend/modules/admin/user/list.php index 39f79ea..b2e0446 100644 --- a/frontend/modules/admin/user/list.php +++ b/frontend/modules/admin/user/list.php @@ -13,7 +13,7 @@ if(!isset($_CVM)) { die("Unauthorized."); } -$result = mysql_query_cached("SELECT * FROM users ORDER BY `AccessLevel` DESC"); +$result = $database->CachedQuery("SELECT * FROM users ORDER BY `AccessLevel` DESC"); $sUserList = array(); diff --git a/frontend/modules/admin/user/lookup.php b/frontend/modules/admin/user/lookup.php index 4a56656..696bb42 100644 --- a/frontend/modules/admin/user/lookup.php +++ b/frontend/modules/admin/user/lookup.php @@ -21,7 +21,7 @@ try $sVpsList = array(); - if($result = mysql_query_cached("SELECT * FROM containers WHERE `UserId` = '{$sUserEntry->sId}'")) + if($result = $database->CachedQuery("SELECT * FROM containers WHERE `UserId` = :UserId", array(":UserId" => $sUserEntry->sId))) { foreach($result->data as $row) { diff --git a/frontend/modules/admin/vps/list.php b/frontend/modules/admin/vps/list.php index e80d793..7e875a8 100644 --- a/frontend/modules/admin/vps/list.php +++ b/frontend/modules/admin/vps/list.php @@ -15,7 +15,7 @@ if(!isset($_CVM)) { die("Unauthorized."); } $sVpsList = array(); -if($result = mysql_query_cached("SELECT * FROM containers")) +if($result = $database->CachedQuery("SELECT * FROM containers")) { foreach($result->data as $row) { diff --git a/frontend/modules/client/vps/list.php b/frontend/modules/client/vps/list.php index 0653d2b..049b7c5 100644 --- a/frontend/modules/client/vps/list.php +++ b/frontend/modules/client/vps/list.php @@ -15,7 +15,7 @@ if(!isset($_CVM)) { die("Unauthorized."); } if($sLoggedIn === true) { - $result = mysql_query_cached("SELECT * FROM containers WHERE `UserId` = '{$sUser->sId}'"); + $result = $database->CachedQuery("SELECT * FROM containers WHERE `UserId` = :UserId", array(":UserId" => $sUser->sId)); $sVpsList = array(); diff --git a/frontend/modules/client/vps/reinstall.php b/frontend/modules/client/vps/reinstall.php index e91f4df..cf26597 100644 --- a/frontend/modules/client/vps/reinstall.php +++ b/frontend/modules/client/vps/reinstall.php @@ -99,7 +99,7 @@ if(isset($_POST['submit'])) if($display_form === true) { - $result = mysql_query_cached("SELECT * FROM templates WHERE `Available` = '1'"); + $result = $database->CachedQuery("SELECT * FROM templates WHERE `Available` = '1'"); $sTemplateList = array(); diff --git a/frontend/modules/shared/login.php b/frontend/modules/shared/login.php index 01ad5cf..01da306 100644 --- a/frontend/modules/shared/login.php +++ b/frontend/modules/shared/login.php @@ -24,10 +24,9 @@ $render_form = true; if(isset($_POST['submit'])) { - $sUsername = mysql_real_escape_string($_POST['username']); $sFieldUsername = htmlentities($_POST['username']); - if($result = mysql_query_cached("SELECT * FROM users WHERE `Username` = '{$sUsername}'")) + if($result = $database->CachedQuery("SELECT * FROM users WHERE `Username` = :Username", array(":Username" => $_POST['username']))) { $sLoginUser = new User($result);