html: prepare migration to PDO

html/admin/customers/control-options.php

@@ -84,8 +84,8 @@ print_control_submenu($page_url);
             <?php
             $descr_field = "description." . HTML_LANG;
             $config_sql = "SELECT `config`.`id`,`option_id`,`option_name`,`value`,`type`,`" . $descr_field . "`,`min_value`,`max_value` FROM `config`,`config_options` WHERE `config`.`option_id`=`config_options`.`id` AND `config_options`.`draft`=0 ORDER BY `option_name`";
-            $t_config = mysqli_query($db_link, $config_sql);
-            while ($row = mysqli_fetch_array($t_config)) {
+            $t_config = get_records_sql($db_link, $config_sql);
+            foreach ($t_config as $row) {
                 print "<tr align=center>\n";
                 print "<td class=\"data\" style='padding:0'><input type=checkbox name=f_id[" . $row["option_id"] . "] value='" . $row['id'] . "'></td>\n";
                 print "<td class=\"data\"><input type=\"text\" value='" . $row['option_name'] . "' disabled=true readonly=true></td>\n";

html/admin/customers/devmodels.php

@@ -125,13 +125,12 @@ $v_filter='';
 if (!empty($f_vendor_select)) { $v_filter = "WHERE vendor_id=".$f_vendor_select; }
 
 $countSQL="SELECT Count(*) FROM device_models $v_filter";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 <table class="data">

html/admin/customers/devvendors.php

@@ -73,14 +73,14 @@ print_control_submenu($page_url);
 </table>
 
 <?php
+
 $countSQL="SELECT Count(*) FROM vendors";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 
 ?>
 <table class="data">

html/admin/devices/editdevice.php

@@ -10,8 +10,7 @@ if (isset($_POST["editdevice"]) and isset($id)) {
         $sw_ports = 0;
     }
     $sSQL = "SELECT count(id) from device_ports WHERE device_ports.device_id=$id";
-    $flist = mysqli_query($db_link, $sSQL);
-    list($d_ports) = mysqli_fetch_array($flist);
+    $$d_ports = get_single_field($db_link,$sSQL);
     if ($d_ports != $sw_ports) {
         LOG_DEBUG($db_link, "Device id: $id changed port count!");
         if ($sw_ports > $d_ports) {

html/admin/devices/editport.php

@@ -20,9 +20,8 @@ if (isset($_POST["editport"])) {
 
 unset($_POST);
 
-$device_id = get_record_field($db_link, 'device_ports', 'device_id', "id=" . $id);
 $port = get_record($db_link, 'device_ports', "id=" . $id);
-
+$device_id = $port['device_id'];
 $device = get_record($db_link, 'devices', "id=" . $device_id);
 $user_info = get_record_sql($db_link, "SELECT * FROM User_list WHERE id=" . $device['user_id']);
 

html/admin/devices/index-passive.php

@@ -112,14 +112,12 @@ if ($unknown and $f_vendor_select==0) { $u_filter=' AND V.id<>1 '; } else {
 $countSQL="SELECT Count(*) FROM User_auth A, User_list L, devices D, device_models M, vendors V
 WHERE D.user_id=L.id AND A.ip = D.ip AND D.device_model_id=M.id AND M.vendor_id=V.id AND A.deleted =0
 $u_filter $ip_list_filter $d_filter";
-
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 

html/admin/devices/portmactable.php

@@ -6,17 +6,35 @@ require_once ($_SERVER['DOCUMENT_ROOT']."/inc/idfilter.php");
 $port_id = $id;
 $sSQL = "SELECT DP.device_id, DP.port, DP.snmp_index, D.device_name, D.ip, D.vendor_id FROM `device_ports` AS DP, devices AS D WHERE D.id = DP.device_id AND DP.id=$port_id";
 $port_info = get_record_sql($db_link, $sSQL);
+if (empty($port_info)) {
+    header("Location: /admin/devices/editdevice.php?id=".$device_id);
+    exit;
+}
 
 $device_id = $port_info["device_id"];
 
 $sSQL = "SELECT port, snmp_index FROM `device_ports` WHERE device_id=".$device_id;
 $ports_info = get_records_sql($db_link, $sSQL);
+if (empty($ports_info)) {
+    header("Location: /admin/devices/editdevice.php?id=".$device_id);
+    exit;
+}
+
 $ports_by_snmp_index=NULL;
 foreach ($ports_info as &$row) { $ports_by_snmp_index[$row["snmp_index"]]=$row["port"]; }
 
 $device=get_record($db_link,'devices',"id=".$device_id);
+if (empty($device)) {
+    header("Location: /admin/devices/index.php");
+    exit;
+}
+
 $snmp = getSnmpAccess($device);
 $user_info = get_record_sql($db_link,"SELECT * FROM User_list WHERE id=".$device['user_id']);
+if (empty($user_info)) {
+    header("Location: /admin/devices/index.php");
+    exit;
+}
 
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/header.php");
 
@@ -38,11 +56,12 @@ print "<b>".$port_info['device_name']." [".$port_info['port']."] </b><br>\n";
 
 $sw_auth=NULL;
 $sw_mac=NULL;
-if ($port_info['vendor_id'] == 9) {
-    $sw_auth = get_record_sql($db_link,"SELECT mac FROM User_auth WHERE deleted=0 and ip='".$port_info['ip']."'");
+
+$sw_auth = get_record_sql($db_link,"SELECT mac FROM User_auth WHERE deleted=0 and ip='".$port_info['ip']."'");
+if (!empty($sw_auth)) {
     $sw_mac = mac_simplify($sw_auth['mac']);
     $sw_mac = preg_replace("/.{2}$/","",$sw_mac);
-    }
+}
 
 $snmp_ok = 0;
 if (!empty($device['ip']) and $device['snmp_version'] > 0) {
@@ -55,19 +74,25 @@ if ($snmp_ok and $port_info['snmp_index'] > 0) {
     $fdb = get_fdb_table($port_info['ip'], $snmp);
     $f_port = $port_info['snmp_index'];
     $port_by_snmp = 0;
-    foreach ($fdb as $a_mac => $a_port) {
-        if (!empty($ports_by_snmp_index[$a_port])) { $port_by_snmp=1; break; }
+    if (!empty($fdb)) {
+        foreach ($fdb as $a_mac => $a_port) {
+            if (!empty($ports_by_snmp_index[$a_port])) { $port_by_snmp=1; break; }
+        }
     }
     if (!$port_by_snmp) { $f_port = $port_info['port']; }
-    foreach ($fdb as $a_mac => $a_port) {
-        if ($a_port == $f_port) {
-            $a_mac = dec_to_hex($a_mac);
-            //mikrotik patch
-            if (!empty($sw_mac) and preg_match('/^'.$sw_mac.'/',mac_simplify($a_mac))) { continue; }
-            print "<tr>";
-            $auth = get_auth_by_mac($db_link, $a_mac);
-            print "<td class=\"data\">" .$auth['auth'] . "</td><td class=\"data\">". $auth['mac']."</td>\n";
-            print "</tr>";
+    if (!empty($fdb)) {
+        foreach ($fdb as $a_mac => $a_port) {
+            if ($a_port == $f_port) {
+                $a_mac = dec_to_hex($a_mac);
+                //mikrotik patch
+                if (!empty($sw_mac) and preg_match('/^'.$sw_mac.'/',mac_simplify($a_mac))) { continue; }
+                print "<tr>";
+                $auth = get_auth_by_mac($db_link, $a_mac);
+                if (!empty($auth)) {
+                    print "<td class=\"data\">" .$auth['auth'] . "</td><td class=\"data\">". $auth['mac']."</td>\n";
+                }
+                print "</tr>";
+                }
             }
         }
     print "</table>\n";
@@ -83,26 +108,28 @@ unset_lock_discovery($db_link,$device_id);
 <?php
 print "<b>".WEB_device_port_mac_table_history."</b><br>\n";
 $d_sql = "select A.ip,A.ip_int,A.mac,A.id,A.dns_name,A.last_found from User_auth as A, connections as C where C.port_id=$port_id and A.id=C.auth_id order by A.ip_int";
-$t_device = mysqli_query($db_link, $d_sql);
-while (list ($f_ip, $f_int, $f_mac, $f_auth_id, $f_dns, $f_last) = mysqli_fetch_array($t_device)) {
-    $name = $f_ip;
-    if (isset($f_dns) and $f_dns != '') {
-        $name = $f_dns;
+$t_device = get_records_sql($db_link, $d_sql);
+if (!empty($t_device)) {
+    foreach ($t_device as $row) {
+        $name = $row['ip'];
+        if (!empty($row['dns_name']) and isset($row['dns'])) { $name = $row['dns_name']; }
+        print "<tr>";
+        print "<td class=\"data\">" . expand_mac($db_link,$row['mac']) . "</td>\n";
+        print "<td class=\"data\"><a href=\"/admin/users/editauth.php?id=".$row['id']."\">" . $name . "</a></td>\n";
+        print "<td class=\"data\">".$row['last_found']."</td>\n";
+        print "</tr>";
     }
-    print "<tr>";
-    print "<td class=\"data\">" . expand_mac($db_link,$f_mac) . "</td>\n";
-    print "<td class=\"data\"><a href=\"/admin/users/editauth.php?id=$f_auth_id\">" . $name . "</a></td>\n";
-    print "<td class=\"data\">$f_last</td>\n";
-    print "</tr>";
 }
 
-$maclist = mysqli_query($db_link, "SELECT mac,timestamp from Unknown_mac where port_id=$port_id order by timestamp desc");
-while (list ($fmac, $f_last) = mysqli_fetch_array($maclist)) {
-    print "<tr>";
-    print "<td class=\"data\">" . expand_mac($db_link,$fmac) . "</td>\n";
-    print "<td class=\"data\">Unknown</td>\n";
-    print "<td class=\"data\">$f_last</td>\n";
-    print "</tr>";
+$maclist = get_records_sql($db_link, "SELECT mac,timestamp from Unknown_mac where port_id=$port_id order by timestamp desc");
+if (!empty($maclist)) {
+    foreach ($maclist as $row) {
+        print "<tr>";
+        print "<td class=\"data\">" . expand_mac($db_link,$row['mac']) . "</td>\n";
+        print "<td class=\"data\">Unknown</td>\n";
+        print "<td class=\"data\">".$row['timestamp']."</td>\n";
+        print "</tr>";
+    }
 }
 
 print "</table>\n";

html/admin/devices/portsbyvlan.php

@@ -17,13 +17,12 @@ print_device_submenu($page_url);
 
 <?php
 $countSQL="SELECT Count(*) FROM `device_ports` AS DP, devices AS D WHERE D.id = DP.device_id AND DP.vlan=$id";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 
 <table class="data">
@@ -32,12 +31,12 @@ print_navigation($page_url,$page,$displayed,$count_records[0],$total);
 <td><?php echo WEB_device_port_name; ?></td>
 </tr>
 <?php
-$sSQL = "SELECT DP.id, DP.port, D.id, D.device_name FROM `device_ports` AS DP, devices AS D WHERE D.id = DP.device_id AND DP.vlan=$id";
-$ports_info = mysqli_query($db_link, $sSQL);
-while (list ($f_port_id,$f_port,$f_switch_id,$f_switch) = mysqli_fetch_array($ports_info)) {
+$sSQL = "SELECT DP.id, DP.port, DP.device_id, D.device_name FROM `device_ports` AS DP, devices AS D WHERE D.id = DP.device_id AND DP.vlan=$id";
+$ports_info = get_records_sql($db_link, $sSQL);
+foreach ($ports_info as $row) {
     print "<tr>";
-    print "<td class=\"data\"><a href=\"/admin/devices/editdevice.php?id=$f_switch_id\">" . $f_switch . "</a></td>\n";
-    print "<td class=\"data\"><a href=\"/admin/devices/editport.php?id=$f_port_id\">" . $f_port . "</a></td>\n";
+    print "<td class=\"data\"><a href=\"/admin/devices/editdevice.php?id=".$row['device_id']."\">" . $row['device_name']. "</a></td>\n";
+    print "<td class=\"data\"><a href=\"/admin/devices/editport.php?id=".$row['id']."\">" . $row['port'] . "</a></td>\n";
     print "</tr>";
 }
 ?>

html/admin/devices/switchport.php

@@ -6,12 +6,12 @@ require_once ($_SERVER['DOCUMENT_ROOT']."/inc/idfilter.php");
 if (isset($_POST["regensnmp"])) {
     $snmp_index = $_POST["f_snmp_start"] * 1;
     $sSQL = "SELECT id,port from device_ports WHERE device_ports.device_id=$id order by id";
-    $flist = mysqli_query($db_link, $sSQL);
+    $flist = get_records_sql($db_link, $sSQL);
     LOG_DEBUG($db_link, "Recalc snmp_index for device id: $id with start $snmp_index");
-    while (list ($port_id, $port) = mysqli_fetch_array($flist)) {
-        $snmp = $port + $snmp_index - 1;
+    foreach ($flist as $row) {
+        $snmp = $row['port'] + $snmp_index - 1;
         $new['snmp_index'] = $snmp;
-        update_record($db_link, "device_ports", "id='$port_id'", $new);
+        update_record($db_link, "device_ports", "id=".$row['id'], $new);
     }
     header("Location: " . $_SERVER["REQUEST_URI"]);
     exit;

html/admin/devices/switchstatus.php

@@ -10,12 +10,12 @@ $device_model = get_record($db_link, 'device_models', "id=" . $device['device_mo
 if (isset($_POST["regensnmp"])) {
     $snmp_index = $_POST["f_snmp_start"] * 1;
     $sSQL = "SELECT id,port from device_ports WHERE device_ports.device_id=$id order by id";
-    $flist = mysqli_query($db_link, $sSQL);
+    $flist = get_records_sql($db_link, $sSQL);
     LOG_DEBUG($db_link, "Recalc snmp_index for device id: $id with start $snmp_index");
-    while (list($port_id, $port) = mysqli_fetch_array($flist)) {
-        $snmp = $port + $snmp_index - 1;
+    foreach ($flist as $row) {
+        $snmp = $row['port'] + $snmp_index - 1;
         $new['snmp_index'] = $snmp;
-        update_record($db_link, "device_ports", "id='$port_id'", $new);
+        update_record($db_link, "device_ports", "id=".$row['id'], $new);
     }
     header("Location: " . $_SERVER["REQUEST_URI"]);
     exit;

html/admin/iplist/auto_rules.php

@@ -62,13 +62,12 @@ if (!empty($target_filter) or !empty($type_filter) or !empty($rule_filter)) {
 
 fix_auth_rules($db_link);
 $countSQL="SELECT Count(*) FROM auth_rules $rule_filters";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 
 

html/admin/iplist/deleted.php

@@ -51,13 +51,12 @@ print_ip_submenu($page_url);
 
 <?php
 $countSQL="SELECT Count(*) FROM User_auth WHERE User_auth.deleted = 1 $ip_list_filter";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 

html/admin/iplist/index.php

@@ -188,13 +188,12 @@ LEFT JOIN OU
 ON OU.id=User_list.ou_id
 WHERE User_auth.deleted =0 $ip_list_filter";
 
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 
@@ -283,6 +282,7 @@ print_navigation($page_url,$page,$displayed,$count_records[0],$total);
 <script src="/js/remodal-auth.js"></script>
 
 <script>
+    
 document.getElementById('ou').addEventListener('change', function(event) {
   const buttonApply = document.getElementById('btn_filter');
   buttonApply.click();

html/admin/iplist/nagios.php

@@ -68,13 +68,12 @@ print_ip_submenu($page_url);
 
 <?php
 $countSQL="SELECT Count(*) FROM User_auth, User_list WHERE User_auth.user_id = User_list.id AND User_auth.deleted =0 $ip_list_filter";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 

html/admin/logs/authlog.php

@@ -34,14 +34,12 @@ if (!empty($fcustomer)) { $log_filter = $log_filter." and customer LIKE '%".$fcu
 if (!empty($fmessage)) { $log_filter = $log_filter." and message LIKE '%".$fmessage."%'"; }
 
 $countSQL="SELECT Count(*) FROM worklog WHERE `timestamp`>='$date1' AND `timestamp`<'$date2' $log_filter";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 <table class="data" width="90%">

html/admin/logs/detaillog.php

@@ -60,13 +60,12 @@ $gateway_filter='';
 if (!empty($rgateway) and $rgateway>0) { $gateway_filter="(router_id=$rgateway) AND"; }
 
 $countSQL="SELECT Count(*) FROM Traffic_detail as A WHERE $gateway_filter $ip_where `timestamp`>='$date1' AND `timestamp`<'$date2'";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 $gateway_list = get_gateways($db_link);
 ?>
 
@@ -91,28 +90,28 @@ $gateway_list = get_gateways($db_link);
 $fsql = "SELECT A.id, A.auth_id, A.`timestamp`, A.router_id, A.proto, A.src_ip, A.src_port, A.dst_ip, A.dst_port, A.bytes, A.pkt FROM Traffic_detail as A JOIN (SELECT id FROM Traffic_detail 
         WHERE $gateway_filter $ip_where `timestamp`>='$date1' AND `timestamp`<'$date2'
         ORDER BY `timestamp` ASC LIMIT $start,$displayed) as T ON A.id = T.id ORDER BY $sort_table.$sort_field $order";
-$userdata = mysqli_query($db_link, $fsql);
-while (list ($uid, $auth_id, $udata, $urouter, $uproto, $sip, $sport,$dip, $dport, $ubytes, $upkt) = mysqli_fetch_array($userdata)) {
+$userdata = get_records_sql($db_link, $fsql);
+foreach ($userdata as $row) {
     print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
-    print "<td class=\"data\">$uid</td>\n";
-    print "<td class=\"data\">"; print_auth_simple($db_link,$auth_id); print "</td>\n";
-    print "<td class=\"data\">$udata</td>\n";
-    print "<td class=\"data\">$gateway_list[$urouter]</td>\n";
-    $proto_name = getprotobynumber($uproto);
-    if (!$proto_name) { $proto_name=$uproto; }
+    print "<td class=\"data\">" . $row['id'] . "</td>\n";
+    print "<td class=\"data\">"; print_auth_simple($db_link, $row['auth_id']); print "</td>\n";
+    print "<td class=\"data\">" . $row['timestamp'] . "</td>\n";
+    print "<td class=\"data\">" . $gateway_list[$row['router_id']] . "</td>\n";
+    $proto_name = getprotobynumber($row['proto']);
+    if (!$proto_name) { $proto_name = $row['proto']; }
     print "<td class=\"data\">" . $proto_name . "</td>\n";
-    print "<td class=\"data\" align=left>" . long2ip($sip) . "</td>\n";
+    print "<td class=\"data\" align=left>" . long2ip($row['src_ip']) . "</td>\n";
     $ip_name = '-';
-    if ($rdns) { $ip_name = ResolveIP($db_link,$sip); }
+    if ($rdns) { $ip_name = ResolveIP($db_link, $row['src_ip']); }
     print "<td class=\"data\" align=left>" . $ip_name . "</td>\n";
-    print "<td class=\"data\">" .$sport . "</td>\n";
-    print "<td class=\"data\" align=left>" . long2ip($dip) . "</td>\n";
+    print "<td class=\"data\">" . $row['src_port'] . "</td>\n";
+    print "<td class=\"data\" align=left>" . long2ip($row['dst_ip']) . "</td>\n";
     $ip_name = '-';
-    if ($rdns) { $ip_name = ResolveIP($db_link,$dip); }
+    if ($rdns) { $ip_name = ResolveIP($db_link, $row['dst_ip']); }
     print "<td class=\"data\" align=left>" . $ip_name . "</td>\n";
-    print "<td class=\"data\">" . $dport . "</td>\n";
-    print "<td class=\"data\" align=right>" . fbytes($ubytes) . "</td>\n";
-    print "<td class=\"data\" align=right>" . $upkt . "</td>\n";
+    print "<td class=\"data\">" . $row['dst_port'] . "</td>\n";
+    print "<td class=\"data\" align=right>" . fbytes($row['bytes']) . "</td>\n";
+    print "<td class=\"data\" align=right>" . $row['pkt'] . "</td>\n";
     print "</tr>\n";
 }
 ?>

html/admin/logs/dhcp.php

@@ -57,13 +57,12 @@ print_log_submenu($page_url);
 
 <?php
 $countSQL="SELECT Count(*) FROM dhcp_log WHERE `timestamp`>='$date1' AND `timestamp`<'$date2' $dhcp_where";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 <table class="data" width="900">

html/admin/logs/index.php

@@ -40,14 +40,12 @@ if (!empty($fmessage)) { $log_filter = $log_filter." and message LIKE '".$fmessa
 if (!empty($fuser_ip)) { $log_filter = $log_filter." and ip LIKE '".$fuser_ip."'"; }
 
 $countSQL="SELECT Count(*) FROM worklog WHERE `timestamp`>='$date1' AND `timestamp`<'$date2' $log_filter";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 
 #speedup paging
 $sSQL = "SELECT * FROM (SELECT * FROM worklog WHERE `timestamp`>='$date1' AND `timestamp`<'$date2' $log_filter ) AS W ORDER BY timestamp DESC LIMIT $start,$displayed";

html/admin/logs/ip.php

@@ -32,13 +32,12 @@ if (!empty($f_ip)) {
 
 <?php
 $countSQL="SELECT Count(*) FROM User_auth WHERE `timestamp`>='$date1' AND `timestamp`<'$date2' $ip_where";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 <table class="data">

html/admin/logs/mac.php

@@ -28,14 +28,12 @@ print_log_submenu($page_url);
 
 <?php
 $countSQL="SELECT Count(*) FROM mac_history WHERE `timestamp`>='$date1' AND `timestamp`<'$date2' $mac_where ORDER BY id DESC";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 <table class="data" width="850">

html/admin/logs/syslog.php

@@ -43,14 +43,12 @@ if ($f_id>0) {
 if (!empty($fmessage)) { $log_filter .= " AND `message` LIKE '%" . addslashes($fmessage) . "%'"; }
 
 $countSQL="SELECT Count(*) FROM `remote_syslog` WHERE `date`>='$date1' AND `date`<'$date2' $log_filter";
-
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 #speedup pageing
 $sSQL = "SELECT * FROM (SELECT * FROM `remote_syslog` WHERE `date`>='$date1' AND `date`<'$date2' $log_filter) as R ORDER BY `date` DESC LIMIT $start,$displayed";
 ?>

html/admin/logs/unknown.php

@@ -26,13 +26,12 @@ if ($f_id > 0) { $where_dev = " and D.id=$f_id "; }
 
 <?php
 $countSQL="SELECT Count(*) FROM Unknown_mac AS U, devices AS D, device_ports AS DP  WHERE D.device_type<=2 and U.device_id = D.id  AND U.port_id = DP.id AND U.timestamp>='$date1' AND U.timestamp<'$date2' $where_dev";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed; 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 ?>
 <br>
 <table class="data" width="750">

html/admin/reports/authday.php

@@ -53,29 +53,32 @@ if ($days_shift >1 and $days_shift <=30) { $display_date_format='%Y-%m-%d'; }
 if ($days_shift >30 and $days_shift <=730) { $display_date_format='%Y-%m'; }
 if ($days_shift >730) { $display_date_format='%Y'; }
 
-$sSQL = "SELECT router_id,DATE_FORMAT(`timestamp`,'$display_date_format') as tHour,SUM(`byte_in`),SUM(`byte_out`),MAX(ROUND(`pkt_in`/`step`)),MAX(ROUND(`pkt_out`/`step`))
-FROM User_stats_full WHERE `timestamp`>='$date1' AND `timestamp`<'$date2' AND auth_id=$id";
+$sSQL = "SELECT router_id, DATE_FORMAT(`timestamp`,'$display_date_format') as tHour, 
+         SUM(`byte_in`) as byte_in_sum, SUM(`byte_out`) as byte_out_sum,
+         MAX(ROUND(`pkt_in`/`step`)) as pkt_in_max, MAX(ROUND(`pkt_out`/`step`)) as pkt_out_max
+         FROM User_stats_full WHERE `timestamp`>='$date1' AND `timestamp`<'$date2' AND auth_id=$id";
 if ($rgateway == 0) {
-        $sSQL = $sSQL . " GROUP BY DATE_FORMAT(`timestamp`,'$display_date_format'),router_id ORDER BY tHour,router_id";
-        } else {
-        $sSQL = $sSQL . " AND router_id=$rgateway GROUP BY DATE_FORMAT(`timestamp`,'$display_date_format'),router_id ORDER BY tHour";
-        }
+    $sSQL = $sSQL . " GROUP BY DATE_FORMAT(`timestamp`,'$display_date_format'),router_id ORDER BY tHour,router_id";
+} else {
+    $sSQL = $sSQL . " AND router_id=$rgateway GROUP BY DATE_FORMAT(`timestamp`,'$display_date_format'),router_id ORDER BY tHour";
+}
 
-$userdata = mysqli_query($db_link, $sSQL);
+$userdata = get_records_sql($db_link, $sSQL);
 $sum_in = 0;
 $sum_out = 0;
-while (list ($u_router_id, $udata, $uin, $uout, $pin, $pout) = mysqli_fetch_array($userdata)) {
+foreach ($userdata as $row) {
     print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
-    print "<td class=\"data\">$gateway_list[$u_router_id]</td>\n";
-    print "<td class=\"data\">" . $udata . "</td>\n";
-    print "<td class=\"data\">" . fbytes($uin) . "</td>\n";
-    print "<td class=\"data\">" . fbytes($uout) . "</td>\n";
-    print "<td class=\"data\">" . fpkts($pin) . "</td>\n";
-    print "<td class=\"data\">" . fpkts($pout) . "</td>\n";
+    print "<td class=\"data\">" . $gateway_list[$row['router_id']] . "</td>\n";
+    print "<td class=\"data\">" . $row['tHour'] . "</td>\n";
+    print "<td class=\"data\">" . fbytes($row['byte_in_sum']) . "</td>\n";
+    print "<td class=\"data\">" . fbytes($row['byte_out_sum']) . "</td>\n";
+    print "<td class=\"data\">" . fpkts($row['pkt_in_max']) . "</td>\n";
+    print "<td class=\"data\">" . fpkts($row['pkt_out_max']) . "</td>\n";
     print "</tr>\n";
-    $sum_in += $uin;
-    $sum_out += $uout;
+    $sum_in += $row['byte_in_sum'];
+    $sum_out += $row['byte_out_sum'];
 }
+
 print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
 print "<td class=\"data\"><b>" . WEB_title_itog . "</b></td>\n";
 print "<td class=\"data\"><b> </b></td>\n";

html/admin/reports/index-full.php

@@ -50,10 +50,8 @@ if ($rgateway == 0) {
 }
 
 $countSQL = "SELECT Count(*) FROM ($trafSQL) A";
-
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
@@ -61,7 +59,7 @@ $start = ($page * $displayed) - $displayed;
 #set sort
 $trafSQL=$trafSQL ." $sort_sql LIMIT $start,$displayed";
 
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 
 print "<br><br>\n";
 print "<table class=\"data\" cellspacing=\"1\" cellpadding=\"4\">\n";
@@ -78,25 +76,26 @@ print "</tr>\n";
 $total_in = 0;
 $total_out = 0;
 
-$traf = mysqli_query($db_link, $trafSQL);
+$traf = get_records_sql($db_link, $trafSQL);
 
-while (list ($s_login,$s_ou_id,$u_id,$s_ip,$s_auth_id, $s_router_id, $traf_day_in, $traf_day_out, $p_in, $p_out) = mysqli_fetch_array($traf)) {
-    if ($traf_day_in + $traf_day_out ==0) { continue; }
-    $total_in += $traf_day_in;
-    $total_out += $traf_day_out;
-    if (!empty($gateway_list[$s_router_id])) { $s_router = $gateway_list[$s_router_id]; } else { $s_router=''; }
-    $cl = "data";
-    if ($traf_day_out > 2 * $traf_day_in) { $cl = "nb"; }
+foreach ($traf as $row) {
+    if ($row['tin'] + $row['tout'] == 0) { continue; }
+    $total_in += $row['tin'];
+    $total_out += $row['tout'];
+    $s_router = !empty($gateway_list[$row['router_id']]) ? $gateway_list[$row['router_id']] : '';
+    $cl = $row['tout'] > 2 * $row['tin'] ? "nb" : "data";
+    
     print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
-    print "<td align=left class=\"$cl\">$s_login</td>\n";
-    print "<td align=left class=\"$cl\"><a href=authday.php?id=$s_auth_id&date_start=$date1&date_stop=$date2>$s_ip</a></td>\n";
+    print "<td align=left class=\"$cl\">" . $row['login'] . "</td>\n";
+    print "<td align=left class=\"$cl\"><a href=authday.php?id=" . $row['auth_id'] . "&date_start=$date1&date_stop=$date2>" . $row['ip'] . "</a></td>\n";
     print "<td align=left class=\"$cl\">$s_router</td>\n";
-    print "<td class=\"$cl\">" . fbytes($traf_day_in) . "</td>\n";
-    print "<td class=\"$cl\">" . fbytes($traf_day_out) . "</td>\n";
-    print "<td class=\"$cl\">" . fpkts($p_in) . "</td>\n";
-    print "<td class=\"$cl\">" . fpkts($p_out) . "</td>\n";
+    print "<td class=\"$cl\">" . fbytes($row['tin']) . "</td>\n";
+    print "<td class=\"$cl\">" . fbytes($row['tout']) . "</td>\n";
+    print "<td class=\"$cl\">" . fpkts($row['pin']) . "</td>\n";
+    print "<td class=\"$cl\">" . fpkts($row['pout']) . "</td>\n";
     print "</tr>\n";
 }
+
 print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
 print "<td class=\"data\" colspan=2><b>".WEB_title_itog."</b></td>\n";
 print "<td class=\"data\"><b></b></td>\n";

html/admin/reports/index.php

@@ -61,22 +61,23 @@ $trafSQL=$trafSQL ." $sort_sql";
 $total_in = 0;
 $total_out = 0;
 
-$traf = mysqli_query($db_link, $trafSQL);
+$traf = get_records_sql($db_link, $trafSQL);
 
-while (list ($s_login,$s_ou_id,$u_id,$s_auth_id, $s_router_id, $traf_day_in, $traf_day_out) = mysqli_fetch_array($traf)) {
-    if ($traf_day_in + $traf_day_out ==0) { continue; }
-    $total_in += $traf_day_in;
-    $total_out += $traf_day_out;
-    if (!empty($gateway_list[$s_router_id])) { $s_router = $gateway_list[$s_router_id]; } else { $s_router=''; }
-    $cl = "data";
-    if ($traf_day_out > 2 * $traf_day_in) { $cl = "nb"; }
+foreach ($traf as $row) {
+    if ($row['tin'] + $row['tout'] == 0) { continue; }
+    $total_in += $row['tin'];
+    $total_out += $row['tout'];
+    $s_router = !empty($gateway_list[$row['router_id']]) ? $gateway_list[$row['router_id']] : '';
+    $cl = $row['tout'] > 2 * $row['tin'] ? "nb" : "data";
+    
     print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
-    print "<td align=left class=\"$cl\"><a href=userday.php?id=$u_id&date_start=$date1&date_stop=$date2>$s_login</a></td>\n";
+    print "<td align=left class=\"$cl\"><a href=userday.php?id=" . $row['user_id'] . "&date_start=$date1&date_stop=$date2>" . $row['login'] . "</a></td>\n";
     print "<td align=left class=\"$cl\">$s_router</td>\n";
-    print "<td class=\"$cl\">" . fbytes($traf_day_in) . "</td>\n";
-    print "<td class=\"$cl\">" . fbytes($traf_day_out) . "</td>\n";
+    print "<td class=\"$cl\">" . fbytes($row['tin']) . "</td>\n";
+    print "<td class=\"$cl\">" . fbytes($row['tout']) . "</td>\n";
     print "</tr>\n";
 }
+
 print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
 print "<td class=\"data\" colspan=2><b>".WEB_title_itog."</b></td>\n";
 print "<td class=\"data\"><b>" . fbytes($total_in) . "</b></td>\n";

html/admin/reports/userday.php

@@ -38,14 +38,13 @@ $gateway_filter='';
 if (!empty($rgateway) and $rgateway>0) { $gateway_filter="(User_stats.router_id=$rgateway) AND"; }
 
 $sSQL = "SELECT id,ip,comments FROM User_auth WHERE (User_auth.user_id=$id) Order by IP";
-$usersip = mysqli_query($db_link, $sSQL);
+$usersip = get_records_sql($db_link, $sSQL);
 
 $ipcount = 0;
 $itog_in = 0;
 $itog_out = 0;
 
-while ($row = mysqli_fetch_array($usersip)) {
-
+foreach ($usersip as $row) {
     $fid = $row["id"];
     $fip = $row["ip"];
     $fcomm = $row["comments"];
@@ -57,7 +56,7 @@ while ($row = mysqli_fetch_array($usersip)) {
     if (!empty($day_summary)) { $summ = $day_summary['t_sum']; } else { $summ = 0; }
 
     if ($summ > 0) {
-        $ipcount ++;
+        $ipcount++;
         print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
         print "<td class=\"data\" ><b><a href=/admin/users/editauth.php?id=$fid>$fip</a></b></td>\n";
         print "<td class=\"data\" colspan=2>$fcomm</td>\n";
@@ -65,15 +64,16 @@ while ($row = mysqli_fetch_array($usersip)) {
         print "<td class=\"data\" ><a href=/admin/reports/userdaydetaillog.php?id=$fid&date_start=$date1&date_stop=$date2>".WEB_report_detail."</a></td>\n";
         print "</tr>\n";
 
-	$display_date_format='%Y-%m-%d %H';
-	if ($days_shift <=1) { $display_date_format='%Y-%m-%d %H'; }
-	if ($days_shift >1 and $days_shift <=30) { $display_date_format='%Y-%m-%d'; }
-	if ($days_shift >30 and $days_shift <=730) { $display_date_format='%Y-%m'; }
-	if ($days_shift >730) { $display_date_format='%Y'; }
+        $display_date_format='%Y-%m-%d %H';
+        if ($days_shift <=1) { $display_date_format='%Y-%m-%d %H'; }
+        if ($days_shift >1 and $days_shift <=30) { $display_date_format='%Y-%m-%d'; }
+        if ($days_shift >30 and $days_shift <=730) { $display_date_format='%Y-%m'; }
+        if ($days_shift >730) { $display_date_format='%Y'; }
 
-        $sSQL = "SELECT User_stats.router_id,DATE_FORMAT(User_stats.timestamp,'$display_date_format') as tHour,SUM(byte_in),SUM(byte_out) 
-        FROM User_stats 
-        WHERE User_stats.timestamp>='$date1' AND User_stats.timestamp<'$date2' and auth_id=$fid";
+        $sSQL = "SELECT User_stats.router_id, DATE_FORMAT(User_stats.timestamp,'$display_date_format') as tHour,
+                SUM(byte_in) as byte_in_sum, SUM(byte_out) as byte_out_sum 
+                FROM User_stats 
+                WHERE User_stats.timestamp>='$date1' AND User_stats.timestamp<'$date2' and auth_id=$fid";
         if ($rgateway == 0) {
             $sSQL = $sSQL . " GROUP BY DATE_FORMAT(User_stats.timestamp,'$display_date_format'),User_stats.router_id 
             ORDER BY tHour,User_stats.router_id";
@@ -83,21 +83,21 @@ while ($row = mysqli_fetch_array($usersip)) {
             ORDER BY tHour";
         }
 
-        $userdata = mysqli_query($db_link, $sSQL);
+        $userdata = get_records_sql($db_link, $sSQL);
 
         $sum_in = 0;
         $sum_out = 0;
 
-        while (list ($u_router_id, $udata, $uin, $uout) = mysqli_fetch_array($userdata)) {
+        foreach ($userdata as $userrow) {
             print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
             print "<td class=\"data\"> </td>\n";
-            print "<td class=\"data\">$gateway_list[$u_router_id]</td>\n";
-            print "<td class=\"data\">" . $udata . "</td>\n";
-            print "<td class=\"data\">" . fbytes($uin) . "</td>\n";
-            print "<td class=\"data\">" . fbytes($uout) . "</td>\n";
+            print "<td class=\"data\">" . $gateway_list[$userrow['router_id']] . "</td>\n";
+            print "<td class=\"data\">" . $userrow['tHour'] . "</td>\n";
+            print "<td class=\"data\">" . fbytes($userrow['byte_in_sum']) . "</td>\n";
+            print "<td class=\"data\">" . fbytes($userrow['byte_out_sum']) . "</td>\n";
             print "</tr>\n";
-            $sum_in += $uin;
-            $sum_out += $uout;
+            $sum_in += $userrow['byte_in_sum'];
+            $sum_out += $userrow['byte_out_sum'];
         }
         print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
         print "<td class=\"data\"><b>" . WEB_title_sum . "</b></td>\n";

html/admin/reports/userdaydetail.php

@@ -6,8 +6,15 @@ require_once ($_SERVER['DOCUMENT_ROOT']."/inc/idfilter.php");
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/datetimefilter.php");
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/gatefilter.php");
 
-$usersip = mysqli_query($db_link, "SELECT ip,user_id,comments FROM User_auth WHERE User_auth.id=$id");
-list ($fip, $parent, $fcomm) = mysqli_fetch_array($usersip);
+$usersip = get_record_sql($db_link, "SELECT ip,user_id,comments FROM User_auth WHERE User_auth.id=$id");
+if (empty($usersip)) {
+    header("location: /admin/reports/index-full.php");
+    exit;
+}
+
+$fip = $usersip['ip'];
+$parent = $usersip['user_id'];
+$fcomm = $usersip['comments'];
 
 $rdns = 0;
 if (isset($_POST['dns'])) { $rdns=$_POST['dns']*1; }
@@ -47,20 +54,21 @@ if (!empty($rgateway) and $rgateway>0) { $gateway_filter="(router_id=$rgateway)
 $fsql = "SELECT A.proto, A.src_ip, A.src_port, SUM(A.bytes) as tin FROM Traffic_detail A
             WHERE $gateway_filter (auth_id='$id') and  `timestamp`>='$date1' and `timestamp`<'$date2' and (A.dst_ip='$ip_aton')
             GROUP BY A.src_ip, A.src_port, A.proto ORDER BY tin DESC LIMIT 0,10";
-$userdata = mysqli_query($db_link, $fsql);
-while (list ($uproto, $uip, $uport, $ubytes) = mysqli_fetch_array($userdata)) {
+$userdata = get_records_sql($db_link, $fsql);
+foreach ($userdata as $row) {
     print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
-    $proto_name = getprotobynumber($uproto);
-    if (!$proto_name) { $proto_name=$uproto; }
+    $proto_name = getprotobynumber($row['proto']);
+    if (!$proto_name) { $proto_name = $row['proto']; }
     print "<td class=\"data\">" . $proto_name . "</td>\n";
-    print "<td class=\"data\" align=left>" . long2ip($uip) . "</td>\n";
+    print "<td class=\"data\" align=left>" . long2ip($row['src_ip']) . "</td>\n";
     $ip_name = '-';
-    if ($rdns) { $ip_name = ResolveIP($db_link,$uip); }
+    if ($rdns) { $ip_name = ResolveIP($db_link, $row['src_ip']); }
     print "<td class=\"data\" align=left>" . $ip_name . "</td>\n";
-    print "<td class=\"data\">" . $uport . "</td>\n";
-    print "<td class=\"data\" align=right>" . fbytes($ubytes) . "</td>\n";
+    print "<td class=\"data\">" . $row['src_port'] . "</td>\n";
+    print "<td class=\"data\" align=right>" . fbytes($row['tin']) . "</td>\n";
     print "</tr>\n";
 }
+
 ?>
 </table>
 <b><?php echo WEB_report_top10_out; ?></b>
@@ -76,18 +84,18 @@ while (list ($uproto, $uip, $uport, $ubytes) = mysqli_fetch_array($userdata)) {
 $fsql = "SELECT A.proto, A.dst_ip, A.dst_port, SUM(A.bytes) as tout FROM Traffic_detail A
         WHERE $gateway_filter (auth_id='$id') and  `timestamp`>='$date1' and `timestamp`<'$date2' and (A.src_ip='$ip_aton')
         GROUP BY A.dst_ip, A.dst_port, A.proto ORDER BY tout DESC LIMIT 0,10";
-$userdata = mysqli_query($db_link, $fsql);
-while (list ($uproto, $uip, $uport, $ubytes) = mysqli_fetch_array($userdata)) {
+$userdata = get_records_sql($db_link, $fsql);
+foreach ($userdata as $row) {
     print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
-    $proto_name = getprotobynumber($uproto);
-    if (!$proto_name) { $proto_name=$uproto; }
+    $proto_name = getprotobynumber($row['proto']);
+    if (!$proto_name) { $proto_name = $row['proto']; }
     print "<td class=\"data\">" . $proto_name . "</td>\n";
-    print "<td class=\"data\" align=left>" . long2ip($uip) . "</td>\n";
+    print "<td class=\"data\" align=left>" . long2ip($row['dst_ip']) . "</td>\n";
     $ip_name = '-';
-    if ($rdns) { $ip_name = ResolveIP($db_link,$uip); }
+    if ($rdns) { $ip_name = ResolveIP($db_link, $row['dst_ip']); }
     print "<td class=\"data\" align=left>" . $ip_name . "</td>\n";
-    print "<td class=\"data\">" . $uport . "</td>\n";
-    print "<td class=\"data\" align=right>" . fbytes($ubytes) . "</td>\n";
+    print "<td class=\"data\">" . $row['dst_port'] . "</td>\n";
+    print "<td class=\"data\" align=right>" . fbytes($row['tout']) . "</td>\n";
     print "</tr>\n";
 }
 ?>

html/admin/reports/userdaydetaillog.php

@@ -17,8 +17,15 @@ if ($rdns) { $dns_checked='checked="checked"'; }
 
 $dns_cache=NULL;
 
-$usersip = mysqli_query($db_link, "SELECT ip,user_id,comments FROM User_auth WHERE User_auth.id=$id");
-list ($fip, $parent, $fcomm) = mysqli_fetch_array($usersip);
+$usersip = get_record_sql($db_link, "SELECT ip,user_id,comments FROM User_auth WHERE User_auth.id=$id");
+if (empty($usersip)) {
+    header("location: /admin/reports/index-full.php");
+    exit;
+}
+
+$fip = $usersip['ip'];
+$parent = $usersip['user_id'];
+$fcomm = $usersip['comments'];
 
 print_trafdetail_submenu($page_url,"id=$id&date_start='$date1'&date_stop='$date2'","<b>".WEB_log_detail_for."&nbsp<a href=/admin/users/editauth.php?id=$id>$fip</a></b> ::&nbsp");
 ?>
@@ -45,13 +52,12 @@ if (!empty($rgateway) and $rgateway>0) { $gateway_filter="(router_id=$rgateway)
 if (!empty($search)) { $gateway_filter.=' (src_ip='.ip2long($search).' OR dst_ip='.ip2long($search).') AND'; }
 
 $countSQL="SELECT Count(*) FROM Traffic_detail as A WHERE $gateway_filter (auth_id='$id') and `timestamp`>='$date1' and `timestamp`<'$date2'";
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 $gateway_list = get_gateways($db_link);
 ?>
 
@@ -74,26 +80,26 @@ $gateway_list = get_gateways($db_link);
 $fsql = "SELECT A.id, A.`timestamp`, A.router_id, A.proto, A.src_ip, A.src_port, A.dst_ip, A.dst_port, A.bytes, A.pkt FROM Traffic_detail as A JOIN (SELECT id FROM Traffic_detail 
         WHERE $gateway_filter (auth_id='$id') and  `timestamp`>='$date1' and `timestamp`<'$date2'
         ORDER BY `timestamp` ASC LIMIT $start,$displayed) as T ON A.id = T.id ORDER BY $sort_table.$sort_field $order";
-$userdata = mysqli_query($db_link, $fsql);
-while (list ($uid,$udata, $urouter, $uproto, $sip, $sport,$dip, $dport, $ubytes, $upkt) = mysqli_fetch_array($userdata)) {
+$userdata = get_records_sql($db_link, $fsql);
+foreach ($userdata as $row) {
     print "<tr align=center class=\"tr1\" onmouseover=\"className='tr2'\" onmouseout=\"className='tr1'\">\n";
-    print "<td class=\"data\">$udata</td>\n";
-    print "<td class=\"data\">$gateway_list[$urouter]</td>\n";
-    $proto_name = getprotobynumber($uproto);
-    if (!$proto_name) { $proto_name=$uproto; }
+    print "<td class=\"data\">" . $row['timestamp'] . "</td>\n";
+    print "<td class=\"data\">" . $gateway_list[$row['router_id']] . "</td>\n";
+    $proto_name = getprotobynumber($row['proto']);
+    if (!$proto_name) { $proto_name = $row['proto']; }
     print "<td class=\"data\">" . $proto_name . "</td>\n";
-    print "<td class=\"data\" align=left>" . long2ip($sip) . "</td>\n";
+    print "<td class=\"data\" align=left>" . long2ip($row['src_ip']) . "</td>\n";
     $ip_name = '-';
-    if ($rdns) { $ip_name = ResolveIP($db_link,$sip); }
+    if ($rdns) { $ip_name = ResolveIP($db_link, $row['src_ip']); }
     print "<td class=\"data\" align=left>" . $ip_name . "</td>\n";
-    print "<td class=\"data\">" .$sport . "</td>\n";
-    print "<td class=\"data\" align=left>" . long2ip($dip) . "</td>\n";
+    print "<td class=\"data\">" . $row['src_port'] . "</td>\n";
+    print "<td class=\"data\" align=left>" . long2ip($row['dst_ip']) . "</td>\n";
     $ip_name = '-';
-    if ($rdns) { $ip_name = ResolveIP($db_link,$dip); }
+    if ($rdns) { $ip_name = ResolveIP($db_link, $row['dst_ip']); }
     print "<td class=\"data\" align=left>" . $ip_name . "</td>\n";
-    print "<td class=\"data\">" . $dport . "</td>\n";
-    print "<td class=\"data\" align=right>" . fbytes($ubytes) . "</td>\n";
-    print "<td class=\"data\" align=right>" . $upkt . "</td>\n";
+    print "<td class=\"data\">" . $row['dst_port'] . "</td>\n";
+    print "<td class=\"data\" align=right>" . fbytes($row['bytes']) . "</td>\n";
+    print "<td class=\"data\" align=right>" . $row['pkt'] . "</td>\n";
     print "</tr>\n";
 }
 ?>

html/admin/users/edituser.php

@@ -46,7 +46,7 @@ if (isset($_POST["edituser"])) {
         run_sql($db_link, "UPDATE User_auth SET enabled=0, changed=1 WHERE user_id=" . $id);
     }
     if (!empty($new["fio"])) {
-        run_sql($db_link, "UPDATE User_auth SET `comments`='" . mysqli_real_escape_string($db_link, $new["fio"]) . "' WHERE `user_id`=" . $id . " AND `deleted`=0 AND (`comments` IS NULL or `comments`='' or `comments`='" . $user_info["fio"] . "')");
+        run_sql($db_link, "UPDATE User_auth SET `comments`='" . db_escape($db_link, $new["fio"]) . "' WHERE `user_id`=" . $id . " AND `deleted`=0 AND (`comments` IS NULL or `comments`='' or `comments`='" . $user_info["fio"] . "')");
     }
     run_sql($db_link, "UPDATE User_auth SET ou_id=" . $new["ou_id"] . " WHERE user_id=" . $id);
     run_sql($db_link, "UPDATE devices SET device_name='" . $new["login"] . "' WHERE user_id=" . $id);

html/admin/users/index.php

@@ -3,8 +3,6 @@ $default_displayed = 500;
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/auth.php");
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/languages/" . HTML_LANG . ".php");
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/header.php");
-$default_ou=get_const('default_user_ou_id');
-
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/oufilter.php");
 $default_sort='login';
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/sortfilter.php");
@@ -108,14 +106,12 @@ $sort_url = "<a href=/admin/users/index.php?";
 if ($rou == 0) { $filter = "U.ou_id=O.id and U.deleted=0"; } else { $filter = "U.OU_id=O.id and U.deleted=0 and U.ou_id=$rou"; }
 
 $countSQL = "SELECT Count(*) FROM User_list U, OU O WHERE $filter";
-
-$res = mysqli_query($db_link, $countSQL);
-$count_records = mysqli_fetch_array($res);
-$total=ceil($count_records[0]/$displayed);
+$count_records = get_single_field($db_link,$countSQL);
+$total=ceil($count_records/$displayed);
 if ($page>$total) { $page=$total; }
 if ($page<1) { $page=1; }
 $start = ($page * $displayed) - $displayed;
-print_navigation($page_url,$page,$displayed,$count_records[0],$total);
+print_navigation($page_url,$page,$displayed,$count_records,$total);
 
 $sSQL = "SELECT U.id, U.login, U.fio, O.ou_name, U.enabled, U.day_quota, U.month_quota, U.blocked, U.permanent FROM User_list U, OU O WHERE $filter ORDER BY $sort_table.$sort_field $order LIMIT $start,$displayed";
 

html/inc/auth.utils.php

@@ -75,7 +75,7 @@ function sess_read($sessionId) {
     global $db_link;
     log_session_debug($db_link, "Reading session", ['sessionId' => $sessionId]);
     
-    $sessionId = mysqli_real_escape_string($db_link, $sessionId);
+    $sessionId = db_escape($db_link, $sessionId);
     $result = mysqli_query($db_link, "SELECT data FROM ".SESSION_TABLE." WHERE id = '$sessionId'");
     
     if (!$result) {
@@ -95,8 +95,8 @@ function sess_write($sessionId, $data) {
     global $db_link;
     log_session_debug($db_link, "Writing session", ['sessionId' => $sessionId, 'data_length' => strlen($data)]);
     
-    $sessionId = mysqli_real_escape_string($db_link, $sessionId);
-    $data = mysqli_real_escape_string($db_link, $data);
+    $sessionId = db_escape($db_link, $sessionId);
+    $data = db_escape($db_link, $data);
     $time = time();
     $query = "INSERT INTO ".SESSION_TABLE." (id, data, last_accessed) 
               VALUES ('$sessionId', '$data', $time)
@@ -117,7 +117,7 @@ function sess_destroy($sessionId) {
     global $db_link;
     log_session_debug($db_link, "Destroying session", ['sessionId' => $sessionId]);
     
-    $sessionId = mysqli_real_escape_string($db_link, $sessionId);
+    $sessionId = db_escape($db_link, $sessionId);
     if (!mysqli_query($db_link, "DELETE FROM ".SESSION_TABLE." WHERE id = '$sessionId'")) {
         $error = mysqli_error($db_link);
         LOG_DEBUG($db_link, "Session destroy failed: " . $error);
@@ -222,7 +222,7 @@ function login($db) {
 function authenticate_by_credentials($db,$login,$password) {
     log_session_debug($db, "Authenticating by credentials", ['login' => $login]);
 
-    $login = mysqli_real_escape_string($db, trim($login));
+    $login = db_escape($db, trim($login));
     $query = "SELECT * FROM `Customers` WHERE Login='{$login}'";
     $user = get_record_sql($db, $query);
 
@@ -258,13 +258,13 @@ function authenticate_by_credentials($db,$login,$password) {
     log_session_debug($db, "Session data populated", $_SESSION);
 
     // Запись сессии в БД
-    $sessionId = mysqli_real_escape_string($db, session_id());
-    $ip = mysqli_real_escape_string($db, $_SESSION['ip']);
-    $userAgent = mysqli_real_escape_string($db, $_SESSION['user_agent']);
+    $sessionId = db_escape($db, session_id());
+    $ip = db_escape($db, $_SESSION['ip']);
+    $userAgent = db_escape($db, $_SESSION['user_agent']);
     $time = time();
 
     // Запись в БД
-    $sessionId = mysqli_real_escape_string($db, session_id());
+    $sessionId = db_escape($db, session_id());
     $query = "INSERT INTO ".USER_SESSIONS_TABLE." 
         (session_id, user_id, ip_address, user_agent, created_at, last_activity) 
         VALUES (
@@ -310,7 +310,7 @@ function validate_session($db) {
     }
 
     // Проверка активности сессии в БД
-    $sessionId = mysqli_real_escape_string($db, session_id());
+    $sessionId = db_escape($db, session_id());
     $result = mysqli_query($db, 
         "SELECT 1 
          FROM ".USER_SESSIONS_TABLE." 
@@ -391,8 +391,8 @@ function IsSilentAuthenticated($db) {
     }
 
     // Экранирование и подготовка
-    $login = mysqli_real_escape_string($db, $login);
-    $api_key = mysqli_real_escape_string($db, $api_key);
+    $login = db_escape($db, $login);
+    $api_key = db_escape($db, $api_key);
 
     // Ищем пользователя с таким логином и API-ключом
     $query = "SELECT id, rights FROM Customers 
@@ -442,7 +442,7 @@ function logout($db, $silent = FALSE, $redirect_url = DEFAULT_PAGE) {
         // Деактивация сессии в БД
         $sessionId = session_id();
         if ($sessionId) {
-            $sessionId = mysqli_real_escape_string($db, $sessionId);
+            $sessionId = db_escape($db, $sessionId);
             $result = mysqli_query($db, 
                 "UPDATE ".USER_SESSIONS_TABLE." 
                  SET is_active = 0 

html/inc/oufilter.php

@@ -1,11 +1,31 @@
 <?php
-if (! defined("CONFIG")) die("Not defined");
-
-if (!isset($default_ou)) { $default_ou = 0; }
-if (isset($_GET['ou'])) { $rou = $_GET["ou"] * 1; }
-if (isset($_POST['ou'])) { $rou = $_POST["ou"] * 1; }
-if (! isset($rou)) {
-    if (isset($_SESSION[$page_url]['ou'])) { $rou=$_SESSION[$page_url]['ou']; } else { $rou = $default_ou; }
-    }
-$_SESSION[$page_url]['ou']=$rou;
-?>
+if (!defined("CONFIG")) {
+    die("Not defined");
+}
+
+// значение по умолчанию
+$default_ou = isset($default_ou) ? (int)$default_ou : 0;
+
+// Проверяем источники в порядке приоритета
+$rou = null;
+
+// 1. GET (самый высокий приоритет)
+if (!empty($_GET['ou'])) {
+    $rou = (int)$_GET['ou'];
+}
+// 2. POST (ниже приоритетом)
+elseif (!empty($_POST['ou'])) {
+    $rou = (int)$_POST['ou'];
+}
+// 3. SESSION (если есть)
+elseif (!empty($_SESSION[$page_url]['ou'])) {
+    $rou = (int)$_SESSION[$page_url]['ou'];
+}
+// 4. Значение по умолчанию
+else {
+    $rou = $default_ou;
+}
+
+// Сохраняем в сессию
+$_SESSION[$page_url]['ou'] = $rou;
+?>

html/inc/snmp.php

@@ -6,7 +6,7 @@ require_once($_SERVER['DOCUMENT_ROOT'] . "/inc/consts.php");
 
 function get_ifmib_index_table($ip, $snmp)
 {
-    $ifmib_map = NULL;
+    $ifmib_map = [];
 
     $is_mikrotik = walk_snmp($ip, $snmp, MIKROTIK_DHCP_SERVER);
     $mk_ros_version = 0;
@@ -59,12 +59,14 @@ function get_ifmib_index_table($ip, $snmp)
 //get mac table by selected snmp oid
 function get_mac_table($ip, $snmp, $oid, $index_map)
 {
+    $fdb_table = [];
+
     if (!isset($ip)) {
-        return;
+        return $fdb_table;
     }
 
     if (!isset($oid)) {
-        return;
+        return $fdb_table;
     }
 
     $mac_table = walk_snmp($ip, $snmp, $oid);
@@ -104,14 +106,14 @@ function get_mac_table($ip, $snmp, $oid, $index_map)
 //get ip interfaces
 function getIpAdEntIfIndex($db, $ip, $snmp)
 {
+    $result = [];
     if (!isset($ip)) {
-        return;
+        return $result;
     }
     //oid+ip = index
     $ip_table = walk_snmp($ip, $snmp, ipAdEntIfIndex);
     //oid+index=name
     $int_table = walk_snmp($ip, $snmp, ifDescr);
-    $result = [];
     if (isset($ip_table) and gettype($ip_table) == 'array' and count($ip_table) > 0) {
         foreach ($ip_table as $key => $value) {
             if (empty($value)) {
@@ -147,9 +149,10 @@ function getIpAdEntIfIndex($db, $ip, $snmp)
 //get mac table by analyze all available tables
 function get_fdb_table($ip, $snmp)
 {
+    $fdb_table = [];
 
     if (!isset($ip)) {
-        return;
+        return $fdb_table;
     }
 
     $ifindex_map = get_ifmib_index_table($ip, $snmp);
@@ -166,11 +169,10 @@ function get_fdb_table($ip, $snmp)
     $snmp_cisco = $snmp;
 
     // maybe cisco?!
-    if (!isset($fdb_table) or empty($fdb_table) or count($fdb_table) == 0) {
+    if (empty($fdb_table) or count($fdb_table) == 0) {
         $vlan_table = walk_snmp($ip, $snmp, CISCO_VLAN_OID);
-        if (empty($vlan_table)) {
-            return;
-        }
+        if (!isset($fdb_table) or empty($vlan_table)) { return $fdb_table; }
+
         foreach ($vlan_table as $vlan_oid => $value) {
             if (empty($vlan_oid)) {
                 continue;
@@ -626,7 +628,7 @@ function get_switch_vlans($vendor, $ip, $snmp)
         //all vlan at switch
         $vlan_list = walk_snmp($ip, $snmp, vtpVlanName);
         if (empty($vlan_list)) {
-            return;
+            return $vlan_status;
         }
         foreach ($vlan_list as $key => $value) {
             if (empty($value)) {

html/inc/sql.php

@@ -3,6 +3,23 @@ if (! defined("CONFIG")) die("Not defined");
 
 if (! defined("SQL")) { die("Not defined"); }
 
+function db_escape($connection, $string) {
+    // Определяем тип подключения
+    if ($connection instanceof PDO) {
+        return $connection->quote($string);
+    } elseif ($connection instanceof mysqli) {
+        return mysqli_real_escape_string($connection, $string);
+    } elseif (is_resource($connection) && get_resource_type($connection) === 'mysql link') {
+        // Для устаревшего mysql_*
+        return mysql_real_escape_string($string, $connection);
+    } elseif ($connection instanceof PostgreSQL) {
+        // Для PostgreSQL
+        return pg_escape_string($connection, $string);
+    } else {
+        // Фолбэк
+        return addslashes($string);
+    }
+}
 
 function new_connection ($db_host, $db_user, $db_password, $db_name)
 {
@@ -197,12 +214,20 @@ function get_count_records($db, $table, $filter)
     if (!empty($filter)) {
         $filter = 'where ' . $filter;
     }
-    $t_count = mysqli_query($db, "SELECT count(*) FROM $table $filter");
-    list($count) = mysqli_fetch_array($t_count);
-    if (!isset($count)) {
-        $count = 0;
+    $t_count = get_record_sql($db, "SELECT count(*) as cnt FROM $table $filter");
+    if (!empty($t_count) and isset($t_count['cnt'])) { return $t_count['cnt']; }
+    return 0;
+}
+
+function get_single_field($db, $sql)
+{
+    $t_count = get_record_sql($db, $sql);
+    if (!empty($t_count) && is_array($t_count)) {
+        // Получаем все значения и берем первое
+        $values = array_values($t_count);
+        return !empty($values) ? $values[0] : 0;
     }
-    return $count;
+    return 0;
 }
 
 function get_id_record($db, $table, $filter)
@@ -210,9 +235,9 @@ function get_id_record($db, $table, $filter)
     if (isset($filter)) {
         $filter = 'WHERE ' . $filter;
     }
-    $t_record = mysqli_query($db, "SELECT id FROM $table $filter limit 1");
-    list($id) = mysqli_fetch_array($t_record);
-    return $id;
+    $t_record = get_record_sql($db, "SELECT id FROM $table $filter");
+    if (!empty($t_record) and isset($t_record['id'])) { return $t_record['id']; }
+    return 0;
 }
 
 function set_changed($db, $id)
@@ -292,36 +317,6 @@ function allow_update($table, $action = 'update', $field = '')
     return 0;
 }
 
-function get_record_field($db, $table, $field, $filter)
-{
-    if (!isset($table)) {
-#        LOG_ERROR($db, "Search in unknown table! Skip command.");
-        return;
-    }
-    if (!isset($filter)) {
-#        LOG_ERROR($db, "Search filter is empty! Skip command.");
-        return;
-    }
-    if (!isset($field)) {
-#        LOG_ERROR($db, "Search field is empty! Skip command.");
-        return;
-    }
-    if (preg_match('/=$/', $filter)) {
-        LOG_ERROR($db, "Search record ($table) with illegal filter $filter! Skip command.");
-        return;
-    }
-    $old_sql = "SELECT $field FROM $table WHERE $filter LIMIT 1";
-    $old_record = mysqli_query($db, $old_sql) or LOG_ERROR($db, "SQL: $old_sql :" . mysqli_error($db));
-    $old = mysqli_fetch_array($old_record, MYSQLI_ASSOC);
-    foreach ($old as $key => $value) {
-        if (!isset($value) or $value === 'NULL') {
-            $value = '';
-        }
-        $result[$key] = $value;
-    }
-    return $result[$field];
-}
-
 function get_record($db, $table, $filter)
 {
     if (!isset($table)) {
@@ -372,13 +367,13 @@ function get_record($db, $table, $filter)
 
 function get_records($db, $table, $filter)
 {
+    $result = [];
     if (!isset($table)) {
-#        LOG_ERROR($db, "Search in unknown table! Skip command.");
-        return;
+        return $result;
     }
     if (isset($filter) and preg_match('/=$/', $filter)) {
         LOG_ERROR($db, "Search record ($table) with illegal filter $filter! Skip command.");
-        return;
+        return $result;
     }
     $s_filter = '';
     if (isset($filter)) {
@@ -388,7 +383,7 @@ function get_records($db, $table, $filter)
     $get_record = mysqli_query($db, $get_sql);
     if (!$get_record) {
         LOG_ERROR($db, "SQL: $get_sql :" . mysqli_error($db));
-        return;
+        return $result;
     }
     $fields = [];
     while ($field = mysqli_fetch_field($get_record)) {
@@ -396,7 +391,6 @@ function get_records($db, $table, $filter)
         $f_name = $field->name;
         $fields[$f_table][$f_name] = $field;
     }
-    $result = NULL;
     $index = 0;
     while ($rec = mysqli_fetch_array($get_record, MYSQLI_ASSOC)) {
         foreach ($rec as $key => $value) {
@@ -419,7 +413,7 @@ function get_records($db, $table, $filter)
 
 function get_records_sql($db, $sql)
 {
-    $result = NULL;
+    $result = [];
     if (empty($sql)) {
 #        LOG_ERROR($db, "Empty query! Skip command.");
         return $result;
@@ -596,7 +590,7 @@ function update_record($db, $table, $filter, $newvalue)
         if (!preg_match('/password/i', $key)) {
             $changed_log = $changed_log . " $key => $value (old: $old[$key]),";
         }
-        $run_sql = $run_sql . " `" . $key . "`='" . mysqli_real_escape_string($db, $value) . "',";
+        $run_sql = $run_sql . " `" . $key . "`='" . db_escape($db, $value) . "',";
     }
 
     if ($table === "User_auth" and $dns_changed) {
@@ -856,7 +850,7 @@ function insert_record($db, $table, $newvalue)
         }
         $field_list = $field_list . "`" . $key . "`,";
         $value = trim($value);
-        $value_list = $value_list . "'" . mysqli_real_escape_string($db, $value) . "',";
+        $value_list = $value_list . "'" . db_escape($db, $value) . "',";
     }
     if (empty($value_list)) {
         return;

html/utils/auth_export.php

@@ -23,9 +23,8 @@ if (isset($_POST["ExportAuth"])) {
         if (!empty($_POST["ip-filter"])) { $ip_filter = $_POST['ip-filter']; }
         if (!empty($_POST["ip-sort"])) { $sort = $_POST['ip-sort']; }
         $sSQL = "SELECT User_auth.*, User_list.login, User_list.enabled as UEnabled, User_list.blocked as UBlocked FROM User_auth, User_list WHERE User_auth.user_id = User_list.id AND User_auth.deleted = 0 $ip_filter ORDER BY $sort";
-        $auth_table = mysqli_query($db_link, $sSQL);
-        while ($record = mysqli_fetch_array($auth_table)) {
+        $auth_table = get_records_sql($db_link, $sSQL);
+        foreach ($auth_table as $record) {
             print $record['login'] . ';' . $record['ip'] . ';' . $record['mac'] . ';' . $record['comments'] . ';' . $record['dns_name'] . ';' . $record['last_found'] .';' . get_connection_string($db_link, $record['id']). "\n";
         }
-    }
 }

install-eye.en.sh

@@ -411,7 +411,7 @@ download_additional_scripts() {
     print_info "Downloading jsTree..."
     if wget -q https://github.com/vakata/jstree/archive/3.3.12.tar.gz -O jstree.tar.gz; then
         tar -xzf jstree.tar.gz -C /opt/Eye/html/js/
-        mv /opt/Eye/html/js/jstree-3.3.12/dist /opt/Eye/html/js/jstree
+        mv /opt/Eye/html/js/jstree-3.3.12/dist/* /opt/Eye/html/js/jstree
         rm -rf /opt/Eye/html/js/jstree-3.3.12
         rm -f jstree.tar.gz
     else

install-eye.ru.sh

@@ -410,7 +410,7 @@ download_additional_scripts() {
     print_info "Загрузка jsTree..."
     if wget -q https://github.com/vakata/jstree/archive/3.3.12.tar.gz -O jstree.tar.gz; then
         tar -xzf jstree.tar.gz -C /opt/Eye/html/js/
-        mv /opt/Eye/html/js/jstree-3.3.12/dist /opt/Eye/html/js/jstree
+        mv /opt/Eye/html/js/jstree-3.3.12/dist/* /opt/Eye/html/js/jstree
         rm -rf /opt/Eye/html/js/jstree-3.3.12
         rm -f jstree.tar.gz
     else