156 LEFT JOIN records ON records.domain_id=domains.id |
156 LEFT JOIN records ON records.domain_id=domains.id |
157 WHERE 1=1"; |
157 WHERE 1=1"; |
158 if((!level(5) || !$userid) && !level(10) && !level(5)) |
158 if((!level(5) || !$userid) && !level(10) && !level(5)) |
159 { |
159 { |
160 // First select the zones for which we have ownership on one or more records. |
160 // First select the zones for which we have ownership on one or more records. |
161 $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$_SESSION['userid'].' AND records.id = record_owners.record_id'; |
161 $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id'; |
162 $result = $db->query($query); |
162 $result = $db->query($query); |
163 $zones = array(); |
163 $zones = array(); |
164 if (!PEAR::isError($result)) { |
164 if (!PEAR::isError($result)) { |
165 $zones = $result->fetchCol(); |
165 $zones = $result->fetchCol(); |
166 } |
166 } |
167 |
167 |
168 $sqlq .= " AND (zones.owner=".$_SESSION["userid"]; |
168 $sqlq .= " AND (zones.owner=".$db->quote($_SESSION["userid"]); |
169 if (count($zones) > 0) { |
169 if (count($zones) > 0) { |
170 $sqlq .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; |
170 $sqlq .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; |
171 |
171 |
172 } |
172 } |
173 $sqlq .= ')'; |
173 $sqlq .= ')'; |
174 } |
174 } |
175 $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." '^".$letter."' LIMIT 1"; |
175 $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter); |
|
176 $db->setLimit(1); |
176 $result = $db->query($sqlq); |
177 $result = $db->query($sqlq); |
177 $numrows = $result->numRows(); |
178 $numrows = $result->numRows(); |
178 if ( $numrows == "1" ) |
179 if ( $numrows == "1" ) |
179 { |
180 { |
180 return 1; |
181 return 1; |
281 function xs($zoneid) |
282 function xs($zoneid) |
282 { |
283 { |
283 global $db; |
284 global $db; |
284 if (is_numeric($zoneid) && is_numeric($_SESSION["level"])) |
285 if (is_numeric($zoneid) && is_numeric($_SESSION["level"])) |
285 { |
286 { |
286 $result = $db->query("SELECT id FROM zones WHERE owner=".$_SESSION["userid"]." AND domain_id=$zoneid"); |
287 $result = $db->query("SELECT id FROM zones WHERE owner=".$db->quote($_SESSION["userid"])." AND domain_id=".$db->quote($zoneid)); |
287 $result_extra = $db->query("SELECT record_owners.id FROM record_owners,records WHERE record_owners.user_id=".$_SESSION["userid"]." AND records.domain_id = $zoneid AND records.id = record_owners.record_id LIMIT 1"); |
288 $db->setLimit(1); |
|
289 $result_extra = $db->query("SELECT record_owners.id FROM record_owners,records WHERE record_owners.user_id=".$db->quote($_SESSION["userid"])." AND records.domain_id = ".$db->quote($zoneid)." AND records.id = record_owners.record_id"); |
288 |
290 |
289 if ($result->numRows() == 1 || $_SESSION["level"] >= 5) |
291 if ($result->numRows() == 1 || $_SESSION["level"] >= 5) |
290 { |
292 { |
291 $_SESSION[$zoneid."_ispartial"] = 0; |
293 $_SESSION[$zoneid."_ispartial"] = 0; |
292 return true; |
294 return true; |