EHCP Integration Changes

EHCP/addAccount.php

@@ -24,11 +24,12 @@ if (isset($errors)) {
 
 if (file_exists("config.php")) {
     include 'config.php';
-    mysql_select_db($dbName, $connection);
 } else {
     die("config.php must exist within the installation root folder!");
 }
 
+include_once 'db_functions.php';
+
 // Did we properly receive the variables from the OGP agent?
 
 if (isset($ftp_username) && isset($ftp_pass) && isset($rDir)) {
@@ -72,14 +73,14 @@ if (isset($ftp_username) && isset($ftp_pass) && isset($rDir)) {
     if ($errorCount == 0) {
 
         // Security checks
-        $ftp_password_db = mysql_real_escape_string($ftp_pass);
-        $ftp_username_db = mysql_real_escape_string($ftp_username);
-        $rDir = mysql_real_escape_string($rDir);
+        $ftp_password_db = escapeSQLStr($ftp_pass, $connection);
+        $ftp_username_db = escapeSQLStr($ftp_username, $connection);
+        $rDir = escapeSQLStr($rDir, $connection);
         $SQL = "SELECT id FROM ftpaccounts WHERE ftpusername = '$ftp_username_db'";
-        $Result = mysql_query($SQL, $connection);
+        $Result = execSQL($SQL, $connection);
         
         if ($Result !== FALSE) {
-            $count = mysql_num_rows($Result);
+            $count = countSQLResult($Result);
             
             if ($count > 0) {
                 $errorCount++;
@@ -88,24 +89,24 @@ if (isset($ftp_username) && isset($ftp_pass) && isset($rDir)) {
 
                 // Make sure data enter is unique for homedir
                 $SQL = "SELECT id FROM ftpaccounts WHERE homedir = '$rDir'";
-                $Result = mysql_query($SQL, $connection);
+                $Result = execSQL($SQL, $connection);
                 
                 if ($Result !== FALSE) {
-                    $count = mysql_num_rows($Result);
+                    $count = countSQLResult($Result);
 
                     // Insert the data into the
                     $SQL = "INSERT INTO ftpaccounts (ftpusername, password, homedir) VALUES ('$ftp_username_db', password('$ftp_password_db'), '$rDir')";
-                    $Result = mysql_query($SQL, $connection);
+                    $Result = execSQL($SQL, $connection);
                     
                     if ($Result !== FALSE) {
                         $success = 1;
                     } else {
                         $errorCount++;
-                        $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+                        $errors[] = getSQLError($connection);
                     }
                 } else {
                     $errorCount++;
-                    $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+                    $errors[] = getSQLError($connection);
                 }
                 
                 if ($errorCount > 0 && $success == 0) {
@@ -115,7 +116,7 @@ if (isset($ftp_username) && isset($ftp_pass) && isset($rDir)) {
             }
         } else {
             $errorCount++;
-            $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+            $errors[] = getSQLError($connection);
         }
     }
 }

EHCP/config.php

@@ -52,11 +52,16 @@ function addToLog($errors) {
 }
 
 // Create the database connection
-$connection = mysql_connect($server, $login, $dbpass);
+if(function_exists("mysql_connect")){
+	$connection = mysql_connect($server, $login, $dbpass);
+	if ($connection) {
+		mysql_select_db($dbName, $connection);
+	}
+}else{
+	$connection = mysqli_connect($server, $login, $dbpass, $dbName);
+}
 
-if ($connection) {
-    mysql_select_db($dbName, $connection);
-} else {
+if(!$connection){
     $errToLog[] = 'Unable to connect to the EHCP MySQL database using provided credentials! Please update your config.php settings!';
     addToLog($errToLog);
     die('Unable to connect to the EHCP MySQL database using provided credentials! Please update your config.php settings!');

EHCP/db_functions.php

@@ -0,0 +1,45 @@
+<?php
+	function execSQL($SQL, $connection){		
+		if($connection){
+			if(function_exists("mysql_query")){
+				return mysql_query($SQL, $connection);
+			}else{
+				return mysqli_query($connection, $SQL);
+			}
+		}
+		
+		return false;
+	}
+	
+	function countSQLResult($Result){
+		if(function_exists("mysql_num_rows")){
+			return mysql_num_rows($Result);
+		}else{
+			return mysqli_num_rows($Result);
+		}
+	}
+	
+	function getSQLError($connection){
+		if(function_exists("mysql_error")){
+			return "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+		}else{
+			return "Error code " . mysqli_errno($connection) . ": " . mysqli_error($connection);
+		}
+	}
+	
+	function getSQLRow($Result){
+		if(function_exists("mysql_fetch_assoc")){
+			return mysql_fetch_assoc($Result);
+		}else{
+			return mysqli_fetch_assoc($Result);
+		}
+	}
+	
+	function escapeSQLStr($str, $connection){
+		if(function_exists("mysql_real_escape_string")){
+			return mysql_real_escape_string($str);
+		}else{
+			return mysqli_real_escape_string($connection, $str);
+		}
+	}
+?>

EHCP/delAccount.php

@@ -5,6 +5,7 @@ if (file_exists("config.php")) {
 } else {
     die("config.php must exist within the installation root folder!");
 }
+include_once 'db_functions.php';
 
 // Deletes passed in user account from database
 
@@ -25,16 +26,16 @@ if (!isset($userToDelete)) {
     $errors[] = "No username was passed to the form.";
 } else {
     $SQL = "SELECT ftpusername FROM ftpaccounts WHERE ftpusername = '$userToDelete'";
-    $Result = mysql_query($SQL, $connection);
+	$Result = execSQL($SQL, $connection);
     
     if ($Result !== FALSE) {
-        $row = mysql_fetch_row($Result);
+		$row = getSQLRow($Result);
         $unameDeleted = $row[0];
     }
     
     if (isset($unameDeleted)) {
         $SQL = "DELETE FROM ftpaccounts WHERE ftpusername = '$userToDelete'";
-        $Result = mysql_query($SQL, $connection);
+		$Result = execSQL($SQL, $connection);
         
         if ($Result !== FALSE) {
             
@@ -46,7 +47,7 @@ if (!isset($userToDelete)) {
             }
         } else {
             $errorCount++;
-            $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+			$errors[] = getSQLError($connection);			
             $success = 0;
         }
     }

EHCP/listAllUsers.php

@@ -17,28 +17,31 @@ if (!isset($connection)) {
     include "config.php";
 }
 
+include_once 'db_functions.php';
+
 if (!isset($connection)) {
     die("Problem setting up connection!");
 } else {
     $SQL = "SELECT ftpusername, homedir, domainname, status FROM ftpaccounts";
-    $Result = mysql_query($SQL, $connection);
+    $Result = execSQL($SQL, $connection);
     
     if ($Result !== FALSE) {
-        $count = mysql_num_rows($Result);
+		$count = countSQLResult($Result);
         
         if ($count > 0) {
-            while ($row = mysql_fetch_assoc($Result)) {
 
-                // Only show custom entries... do not allow to modify EHCP accounts.
-                // domainname field will be NULL for custom FTP entries
-                
-                if (!empty($row['homedir']) && (empty($row['domainname']) || $row['domainname'] === NULL) && (empty($row['status']) || $row['status'] === NULL)) {
-                    $countNotNull++;
-                    $username = $row['ftpusername'];
-                    $dir = $row['homedir'];
-                    $users_list.= $username . "\t" . $dir . "/./\n";
-                }
-            }
+			while ($row = getSQLRow($Result)) {
+
+				// Only show custom entries... do not allow to modify EHCP accounts.
+				// domainname field will be NULL for custom FTP entries
+					
+				if (!empty($row['homedir']) && (empty($row['domainname']) || $row['domainname'] === NULL) && (empty($row['status']) || $row['status'] === NULL)) {
+					$countNotNull++;
+					$username = $row['ftpusername'];
+					$dir = $row['homedir'];
+					$users_list.= $username . "\t" . $dir . "/./\n";
+				}
+			}
             
             if ($countNotNull == 0) {
                 $errorCount++;
@@ -50,7 +53,8 @@ if (!isset($connection)) {
         }
     } else {
         $errorCount++;
-        $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+        $errors[] = getSQLError($connection);
+		$success = 0;
     }
 
     // Log errors

EHCP/showAccount.php

@@ -17,6 +17,8 @@ if (!isset($connection)) {
     include "config.php";
 }
 
+include_once 'db_functions.php';
+
 if (isset($_GET['username'])) {
     $ftp_account = $_GET['username'];
 }
@@ -26,25 +28,22 @@ if (!isset($connection)) {
 } else
 if (isset($ftp_account)) {
     $SQL = "SELECT ftpusername, homedir FROM ftpaccounts WHERE ftpusername = '$ftp_account'";
-    $Result = mysql_query($SQL, $connection);
+    $Result = execSQL($SQL, $connection);
     
     if ($Result !== FALSE) {
-        $count = mysql_num_rows($Result);
+        $count = countSQLResult($Result);
         
         if ($count == 1) {
-            
-            if ($row = mysql_fetch_assoc($Result)) {
-
-                // Only show custom entries... do not allow to modify EHCP accounts.
-                
-                if (!empty($row['homedir'])) {
-                    $countNotNull++;
-                    $username = $row['ftpusername'];
-                    $dir = $row['homedir'];
-                    $user_details.= "Username" . " : " . $username . "\n";
-                    $user_details.= "Directory" . " : " . $dir . "\n";
-                }
-            }
+			if ($row = getSQLRow($Result)) {
+				// Only show custom entries... do not allow to modify EHCP accounts.
+				if (!empty($row['homedir'])) {
+					$countNotNull++;
+					$username = $row['ftpusername'];
+					$dir = $row['homedir'];
+					$user_details.= "Username" . " : " . $username . "\n";
+					$user_details.= "Directory" . " : " . $dir . "\n";
+				}
+			}
             
             if ($countNotNull == 0) {
                 $errorCount++;
@@ -56,7 +55,8 @@ if (isset($ftp_account)) {
         }
     } else {
         $errorCount++;
-        $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+        $errors[] = getSQLError($connection);
+		$success = 0;
     }
 
     // Log errors

EHCP/updateInfo.php

@@ -6,6 +6,8 @@ if (file_exists("config.php")) {
     die("config.php must exist within the installation root folder!");
 }
 
+include_once 'db_functions.php';
+
 // Updates ftpuser's password
 $success = 0;
 $errorCount = 0;
@@ -93,15 +95,17 @@ if (!isset($ftp_username) || !isset($update_dir)) {
         // Security checks
         
         if (isset($ftp_pass)) {
-            $ftp_password_db = mysql_real_escape_string($ftp_pass);
+			$ftp_password_db = escapeSQLStr($ftp_pass, $connection);
         }
-        $ftp_username_db = mysql_real_escape_string($ftp_username);
+        
+        $ftp_username_db = escapeSQLStr($ftp_username);
+		
         $SQL = "SELECT * FROM ftpaccounts WHERE ftpusername = '$ftp_username_db'";
-        $Result = mysql_query($SQL, $connection);
+        
+		$Result = execSQL($SQL, $connection);
         
         if ($Result !== FALSE) {
-            $count = mysql_num_rows($Result);
-            
+			$count = countSQLResult($Result);
             if ($count != 1) {
                 $errorCount++;
                 $errors[] = "FTP User " . $ftp_username . " does not exist in the database. Account information cannot be updated";
@@ -114,18 +118,18 @@ if (!isset($ftp_username) || !isset($update_dir)) {
                     $SQL.= "password=password('$ftp_password_db'), ";
                 }
                 $SQL.= "homedir='$update_dir' WHERE ftpusername='$ftp_username_db'";
-                $Result = mysql_query($SQL, $connection);
+                $Result = execSQL($SQL, $connection);
                 
                 if ($Result !== FALSE) {
                     $success = 1;
                 } else {
                     $errorCount++;
-                    $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+                    $errors[] = getSQLError($connection);
                 }
             }
         } else {
             $errorCount++;
-            $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+            $errors[] = getSQLError($connection);
         }
     }
 }

EHCP/updatePass.php

@@ -6,6 +6,8 @@ if (file_exists("config.php")) {
     die("config.php must exist within the installation root folder!");
 }
 
+include_once 'db_functions.php';
+
 // Updates ftpuser's password
 $success = 0;
 $errorCount = 0;
@@ -30,37 +32,37 @@ if (!isset($ftp_username) || !isset($ftp_pass)) {
     if ($errorCount == 0) {
 
         // Security checks
-        $ftp_password_db = mysql_real_escape_string($ftp_pass);
-        $ftp_username_db = mysql_real_escape_string($ftp_username);
+        $ftp_password_db = escapeSQLStr($ftp_pass, $connection);
+        $ftp_username_db = escapeSQLStr($ftp_username, $connection);
         $SQL = "SELECT * FROM ftpaccounts WHERE ftpusername = '$ftp_username_db'";
-        $Result = mysql_query($SQL, $connection);
+        $Result = execSQL($SQL, $connection);
         
         if ($Result !== FALSE) {
-            $count = mysql_num_rows($Result);
+            $count = countSQLResult($Result);
             
             if ($count != 1) {
                 $errorCount++;
                 $errors[] = "The account information was not updated because the FTP username $ftp_old_username never existed in the first place and cannot be modified";
             } else {
                 
-                if ($row = mysql_fetch_assoc($Result)) {
+                if ($row = getSQLRow($Result)) {
                     $recordID = $row['id'];
                 }
 
                 // Update user's password data into DB:
                 $SQL = "UPDATE ftpaccounts SET password=password('$ftp_password_db') WHERE ftpusername='$ftp_username_db'";
-                $Result = mysql_query($SQL, $connection);
+                $Result = execSQL($SQL, $connection);
                 
                 if ($Result !== FALSE) {
                     $success = 1;
                 } else {
                     $errorCount++;
-                    $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+                    $errors[] = getSQLError($connection);
                 }
             }
         } else {
             $errorCount++;
-            $errors[] = "Error code " . mysql_errno($connection) . ": " . mysql_error($connection);
+            $errors[] = getSQLError($connection);
         }
     }
 }