inc/toolkit.inc.php
changeset 65 ce1c4d5e1576
parent 55 a885f557678f
child 71 e1b918eaf69a
equal deleted inserted replaced
64:dab0e9deeb67 65:ce1c4d5e1576
   156         LEFT JOIN records ON records.domain_id=domains.id
   156         LEFT JOIN records ON records.domain_id=domains.id
   157         WHERE 1=1";
   157         WHERE 1=1";
   158         if((!level(5) || !$userid) && !level(10) && !level(5))
   158         if((!level(5) || !$userid) && !level(10) && !level(5))
   159         {
   159         {
   160 		// First select the zones for which we have ownership on one or more records.
   160 		// First select the zones for which we have ownership on one or more records.
   161 		$query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$_SESSION['userid'].' AND records.id = record_owners.record_id';
   161 		$query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id';
   162 		$result = $db->query($query);
   162 		$result = $db->query($query);
   163 		$zones = array();
   163 		$zones = array();
   164 		if (!PEAR::isError($result)) {
   164 		if (!PEAR::isError($result)) {
   165 			$zones = $result->fetchCol();
   165 			$zones = $result->fetchCol();
   166 		}
   166 		}
   167 	
   167 	
   168                 $sqlq .= " AND (zones.owner=".$_SESSION["userid"];
   168                 $sqlq .= " AND (zones.owner=".$db->quote($_SESSION["userid"]);
   169 		if (count($zones) > 0) {
   169 		if (count($zones) > 0) {
   170 			$sqlq .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; 
   170 			$sqlq .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; 
   171 
   171 
   172 		}
   172 		}
   173 		$sqlq .= ')';
   173 		$sqlq .= ')';
   174         }
   174         }
   175         $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." '^".$letter."' LIMIT 1";
   175         $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter);
       
   176 		$db->setLimit(1);
   176         $result = $db->query($sqlq);
   177         $result = $db->query($sqlq);
   177         $numrows = $result->numRows();
   178         $numrows = $result->numRows();
   178         if ( $numrows == "1" ) 
   179         if ( $numrows == "1" ) 
   179         {
   180         {
   180                 return 1;
   181                 return 1;
   281 function xs($zoneid)
   282 function xs($zoneid)
   282 {
   283 {
   283 	global $db;
   284 	global $db;
   284 	if (is_numeric($zoneid) && is_numeric($_SESSION["level"]))
   285 	if (is_numeric($zoneid) && is_numeric($_SESSION["level"]))
   285 	{
   286 	{
   286 		$result = $db->query("SELECT id FROM zones WHERE owner=".$_SESSION["userid"]." AND domain_id=$zoneid");
   287 		$result = $db->query("SELECT id FROM zones WHERE owner=".$db->quote($_SESSION["userid"])." AND domain_id=".$db->quote($zoneid));
   287 		$result_extra = $db->query("SELECT record_owners.id FROM record_owners,records WHERE record_owners.user_id=".$_SESSION["userid"]." AND records.domain_id = $zoneid AND records.id = record_owners.record_id LIMIT 1");
   288 		$db->setLimit(1);
       
   289 		$result_extra = $db->query("SELECT record_owners.id FROM record_owners,records WHERE record_owners.user_id=".$db->quote($_SESSION["userid"])." AND records.domain_id = ".$db->quote($zoneid)." AND records.id = record_owners.record_id");
   288 
   290 
   289                 if ($result->numRows() == 1 || $_SESSION["level"] >= 5)
   291                 if ($result->numRows() == 1 || $_SESSION["level"] >= 5)
   290                 {
   292                 {
   291 			$_SESSION[$zoneid."_ispartial"] = 0;
   293 			$_SESSION[$zoneid."_ispartial"] = 0;
   292 			return true;
   294 			return true;