diff --git a/src/include/functions_common.php b/src/include/functions_common.php index 4b495da..4c8305e 100644 --- a/src/include/functions_common.php +++ b/src/include/functions_common.php @@ -819,7 +819,7 @@ function InitConfigurationValues() if ( GetConfigSetting("UserDBEnabled", false) ) { // Get configuration variables - $result = DB_Query("SELECT * FROM " . DB_CONFIG . " WHERE is_global = true"); + $result = DB_Query("SELECT * FROM `" . DB_CONFIG . "` WHERE is_global = true"); if ( $result ) { diff --git a/src/include/functions_config.php b/src/include/functions_config.php index be4f7f5..7844f7f 100644 --- a/src/include/functions_config.php +++ b/src/include/functions_config.php @@ -404,9 +404,9 @@ function InitReportModules($szRootPath = "") DB_SAVEDREPORTS . ".outputTarget, " . DB_SAVEDREPORTS . ".outputTargetDetails, " . DB_SAVEDREPORTS . ".scheduleSettings " . - " FROM " . DB_SAVEDREPORTS . - " WHERE " . DB_SAVEDREPORTS . ".reportid = '" . $myReportID . "' " . - " ORDER BY " . DB_SAVEDREPORTS . ".customTitle"; + " FROM `" . DB_SAVEDREPORTS . "`" . + " WHERE `" . DB_SAVEDREPORTS . ".reportid` = '" . $myReportID . "' " . + " ORDER BY `" . DB_SAVEDREPORTS . ".customTitle`"; // Get Views from DB now! $result = DB_Query($sqlquery); @@ -682,8 +682,8 @@ function LoadDBMappingsFromDatabase() DB_MAPPINGS . ".ID, " . DB_MAPPINGS . ".DisplayName, " . DB_MAPPINGS . ".Mappings " . - " FROM " . DB_MAPPINGS . - " ORDER BY " . DB_MAPPINGS . ".DisplayName"; + " FROM `" . DB_MAPPINGS . "`" . + " ORDER BY `" . DB_MAPPINGS . ".DisplayName`"; // Get Views from DB now! $result = DB_Query($sqlquery); @@ -764,8 +764,8 @@ function LoadFieldsFromDatabase() DB_FIELDS . ".SearchOnline, " . DB_FIELDS . ".Trunscate, " . DB_FIELDS . ".Sortable " . - " FROM " . DB_FIELDS . - " ORDER BY " . DB_FIELDS . ".FieldCaption"; + " FROM `" . DB_FIELDS . "`" . + " ORDER BY `" . DB_FIELDS . ".FieldCaption`"; // --- // Get Searches from DB now! @@ -818,12 +818,12 @@ function LoadSearchesFromDatabase() // --- Create SQL Query // Create Where for USERID if ( isset($content['SESSION_LOGGEDIN']) && $content['SESSION_LOGGEDIN'] ) - $szWhereUser = " OR " . DB_SEARCHES . ".userid = " . $content['SESSION_USERID'] . " "; + $szWhereUser = " OR `" . DB_SEARCHES . ".userid` = " . $content['SESSION_USERID'] . " "; else $szWhereUser = ""; if ( isset($content['SESSION_GROUPIDS']) ) - $szGroupWhere = " OR " . DB_SEARCHES . ".groupid IN (" . $content['SESSION_GROUPIDS'] . ")"; + $szGroupWhere = " OR `" . DB_SEARCHES . ".groupid` IN (" . $content['SESSION_GROUPIDS'] . ")"; else $szGroupWhere = ""; $sqlquery = " SELECT " . @@ -834,13 +834,13 @@ function LoadSearchesFromDatabase() DB_SEARCHES . ".groupid, " . DB_USERS . ".username, " . DB_GROUPS . ".groupname " . - " FROM " . DB_SEARCHES . - " LEFT OUTER JOIN (" . DB_USERS . ") ON (" . DB_SEARCHES . ".userid=" . DB_USERS . ".ID ) " . - " LEFT OUTER JOIN (" . DB_GROUPS . ") ON (" . DB_SEARCHES . ".groupid=" . DB_GROUPS . ".ID ) " . - " WHERE (" . DB_SEARCHES . ".userid IS NULL AND " . DB_SEARCHES . ".groupid IS NULL) " . + " FROM `" . DB_SEARCHES . "`" . + " LEFT OUTER JOIN (`" . DB_USERS . "`) ON (`" . DB_SEARCHES . ".userid`=`" . DB_USERS . ".ID` ) " . + " LEFT OUTER JOIN (`" . DB_GROUPS . "`) ON (`" . DB_SEARCHES . ".groupid`=`" . DB_GROUPS . ".ID` ) " . + " WHERE (`" . DB_SEARCHES . ".userid` IS NULL AND `" . DB_SEARCHES . ".groupid` IS NULL) " . $szWhereUser . $szGroupWhere . - " ORDER BY " . DB_SEARCHES . ".userid, " . DB_SEARCHES . ".groupid, " . DB_SEARCHES . ".DisplayName"; + " ORDER BY `" . DB_SEARCHES . ".userid`, `" . DB_SEARCHES . ".groupid`, `" . DB_SEARCHES . ".DisplayName`"; // --- // Get Searches from DB now! @@ -884,12 +884,12 @@ function LoadChartsFromDatabase() // --- Create SQL Query // Create Where for USERID if ( isset($content['SESSION_LOGGEDIN']) && $content['SESSION_LOGGEDIN'] ) - $szWhereUser = " OR " . DB_CHARTS . ".userid = " . $content['SESSION_USERID'] . " "; + $szWhereUser = " OR `" . DB_CHARTS . ".userid` = " . $content['SESSION_USERID'] . " "; else $szWhereUser = ""; if ( isset($content['SESSION_GROUPIDS']) ) - $szGroupWhere = " OR " . DB_CHARTS . ".groupid IN (" . $content['SESSION_GROUPIDS'] . ")"; + $szGroupWhere = " OR `" . DB_CHARTS . ".groupid` IN (" . $content['SESSION_GROUPIDS'] . ")"; else $szGroupWhere = ""; $sqlquery = " SELECT " . @@ -906,13 +906,13 @@ function LoadChartsFromDatabase() DB_CHARTS . ".groupid, " . DB_USERS . ".username, " . DB_GROUPS . ".groupname " . - " FROM " . DB_CHARTS . - " LEFT OUTER JOIN (" . DB_USERS . ") ON (" . DB_CHARTS . ".userid=" . DB_USERS . ".ID ) " . - " LEFT OUTER JOIN (" . DB_GROUPS . ") ON (" . DB_CHARTS . ".groupid=" . DB_GROUPS . ".ID ) " . - " WHERE (" . DB_CHARTS . ".userid IS NULL AND " . DB_CHARTS . ".groupid IS NULL) " . + " FROM `" . DB_CHARTS . "`" . + " LEFT OUTER JOIN (`" . DB_USERS . "`) ON (`" . DB_CHARTS . ".userid`=`" . DB_USERS . ".ID` ) " . + " LEFT OUTER JOIN (`" . DB_GROUPS . "`) ON (`" . DB_CHARTS . ".groupid`=`" . DB_GROUPS . ".ID` ) " . + " WHERE (`" . DB_CHARTS . ".userid` IS NULL AND `" . DB_CHARTS . ".groupid` IS NULL) " . $szWhereUser . $szGroupWhere . - " ORDER BY " . DB_CHARTS . ".userid, " . DB_CHARTS . ".groupid, " . DB_CHARTS . ".DisplayName"; + " ORDER BY `" . DB_CHARTS . ".userid`, `" . DB_CHARTS . ".groupid`, `" . DB_CHARTS . ".DisplayName`"; // --- // Get Searches from DB now! @@ -944,12 +944,12 @@ function LoadViewsFromDatabase() // --- Create SQL Query // Create Where for USERID if ( isset($content['SESSION_LOGGEDIN']) && $content['SESSION_LOGGEDIN'] ) - $szWhereUser = " OR " . DB_VIEWS . ".userid = " . $content['SESSION_USERID'] . " "; + $szWhereUser = " OR `" . DB_VIEWS . ".userid` = " . $content['SESSION_USERID'] . " "; else $szWhereUser = ""; if ( isset($content['SESSION_GROUPIDS']) ) - $szGroupWhere = " OR " . DB_VIEWS . ".groupid IN (" . $content['SESSION_GROUPIDS'] . ")"; + $szGroupWhere = " OR `" . DB_VIEWS . ".groupid` IN (" . $content['SESSION_GROUPIDS'] . ")"; else $szGroupWhere = ""; $sqlquery = " SELECT " . @@ -960,13 +960,13 @@ function LoadViewsFromDatabase() DB_VIEWS . ".groupid, " . DB_USERS . ".username, " . DB_GROUPS . ".groupname " . - " FROM " . DB_VIEWS . - " LEFT OUTER JOIN (" . DB_USERS . ") ON (" . DB_VIEWS . ".userid=" . DB_USERS . ".ID ) " . - " LEFT OUTER JOIN (" . DB_GROUPS . ") ON (" . DB_VIEWS . ".groupid=" . DB_GROUPS . ".ID ) " . - " WHERE (" . DB_VIEWS . ".userid IS NULL AND " . DB_VIEWS . ".groupid IS NULL) " . + " FROM `" . DB_VIEWS . + " LEFT OUTER JOIN (`" . DB_USERS . "`) ON (`" . DB_VIEWS . ".userid`=`" . DB_USERS . ".ID` ) " . + " LEFT OUTER JOIN (`" . DB_GROUPS . "`) ON (`" . DB_VIEWS . ".groupid`=`" . DB_GROUPS . ".ID` ) " . + " WHERE (`" . DB_VIEWS . ".userid` IS NULL AND `" . DB_VIEWS . ".groupid` IS NULL) " . $szWhereUser . $szGroupWhere . - " ORDER BY " . DB_VIEWS . ".userid, " . DB_VIEWS . ".groupid, " . DB_VIEWS . ".DisplayName"; + " ORDER BY `" . DB_VIEWS . ".userid`, `" . DB_VIEWS . ".groupid`, `" . DB_VIEWS . ".DisplayName`"; // --- // Get Views from DB now! @@ -1008,25 +1008,25 @@ function LoadSourcesFromDatabase() // --- Create SQL Query // Create Where for USERID if ( isset($content['SESSION_LOGGEDIN']) && $content['SESSION_LOGGEDIN'] ) - $szWhereUser = " OR " . DB_SOURCES . ".userid = " . $content['SESSION_USERID'] . " "; + $szWhereUser = " OR `" . DB_SOURCES . ".userid` = " . $content['SESSION_USERID'] . " "; else $szWhereUser = ""; if ( isset($content['SESSION_GROUPIDS']) ) - $szGroupWhere = " OR " . DB_SOURCES . ".groupid IN (" . $content['SESSION_GROUPIDS'] . ")"; + $szGroupWhere = " OR `" . DB_SOURCES . ".groupid` IN (" . $content['SESSION_GROUPIDS'] . ")"; else $szGroupWhere = ""; $sqlquery = " SELECT " . DB_SOURCES . ".*, " . DB_USERS . ".username, " . DB_GROUPS . ".groupname " . - " FROM " . DB_SOURCES . - " LEFT OUTER JOIN (" . DB_USERS . ") ON (" . DB_SOURCES . ".userid=" . DB_USERS . ".ID ) " . - " LEFT OUTER JOIN (" . DB_GROUPS . ") ON (" . DB_SOURCES . ".groupid=" . DB_GROUPS . ".ID ) " . - " WHERE (" . DB_SOURCES . ".userid IS NULL AND " . DB_SOURCES . ".groupid IS NULL) " . + " FROM `" . DB_SOURCES . "`" . + " LEFT OUTER JOIN (`" . DB_USERS . "`) ON (`" . DB_SOURCES . ".userid`=`" . DB_USERS . ".ID` ) " . + " LEFT OUTER JOIN (`" . DB_GROUPS . "`) ON (`" . DB_SOURCES . ".groupid`=`" . DB_GROUPS . ".ID` ) " . + " WHERE (`" . DB_SOURCES . ".userid` IS NULL AND `" . DB_SOURCES . ".groupid` IS NULL) " . $szWhereUser . $szGroupWhere . - " ORDER BY " . DB_SOURCES . ".userid, " . DB_SOURCES . ".groupid, " . DB_SOURCES . ".Name"; + " ORDER BY `" . DB_SOURCES . ".userid`, `" . DB_SOURCES . ".groupid`, `" . DB_SOURCES . ".Name`"; // --- // Get Sources from DB now! $result = DB_Query($sqlquery); diff --git a/src/include/functions_installhelpers.php b/src/include/functions_installhelpers.php index 4ae6c2c..74ccdbd 100644 --- a/src/include/functions_installhelpers.php +++ b/src/include/functions_installhelpers.php @@ -102,7 +102,7 @@ function ConvertCustomSearches() foreach($CFG['Search'] as $searchid => &$mySearch) { // New Entry - $result = DB_Query("INSERT INTO " . DB_SEARCHES . " (DisplayName, SearchQuery) VALUES ( '" . PrepareValueForDB($mySearch['DisplayName']) . "', '" . PrepareValueForDB($mySearch['SearchQuery']) . "')"); + $result = DB_Query("INSERT INTO `" . DB_SEARCHES . "` (DisplayName, SearchQuery) VALUES ( '" . PrepareValueForDB($mySearch['DisplayName']) . "', '" . PrepareValueForDB($mySearch['SearchQuery']) . "')"); $mySearch['DBID'] = DB_ReturnLastInsertID($result); DB_FreeQuery($result); @@ -120,7 +120,7 @@ function ConvertCustomCharts() foreach($CFG['Charts'] as $chartid => &$myChart) { // New Entry - $result = DB_Query("INSERT INTO " . DB_CHARTS . " (DisplayName, chart_enabled, chart_type, chart_width, chart_field, maxrecords, showpercent) + $result = DB_Query("INSERT INTO `" . DB_CHARTS . "` (DisplayName, chart_enabled, chart_type, chart_width, chart_field, maxrecords, showpercent) VALUES ( '" . PrepareValueForDB($myChart['DisplayName']) . "', " . intval($myChart['chart_enabled']) . ", @@ -157,7 +157,7 @@ function ConvertCustomViews() } // New Entry - $result = DB_Query("INSERT INTO " . DB_VIEWS . " (DisplayName, Columns) VALUES ( '" . PrepareValueForDB($myView['DisplayName']) . "', '" . PrepareValueForDB($myView['ColumnsAsString']) . "')"); + $result = DB_Query("INSERT INTO `" . DB_VIEWS . "` (DisplayName, Columns) VALUES ( '" . PrepareValueForDB($myView['DisplayName']) . "', '" . PrepareValueForDB($myView['ColumnsAsString']) . "')"); $myView['DBID'] = DB_ReturnLastInsertID($result); DB_FreeQuery($result); } @@ -196,7 +196,7 @@ function ConvertCustomSources() // Add New Entry if ( $mySource['SourceType'] == SOURCE_DISK ) { - $result = DB_Query("INSERT INTO " . DB_SOURCES . " (Name, Description, SourceType, MsgParserList, MsgNormalize, ViewID, LogLineType, DiskFile) VALUES ( " . + $result = DB_Query("INSERT INTO `" . DB_SOURCES . "` (Name, Description, SourceType, MsgParserList, MsgNormalize, ViewID, LogLineType, DiskFile) VALUES ( " . "'" . PrepareValueForDB($mySource['Name']) . "', " . "'" . PrepareValueForDB($mySource['Description']) . "', " . " " . PrepareValueForDB($mySource['SourceType']) . " , " . @@ -218,7 +218,7 @@ function ConvertCustomSources() $mySource['DBType'] = DB_MYSQL; // Perform the insert - $result = DB_Query("INSERT INTO " . DB_SOURCES . " (Name, Description, SourceType, MsgParserList, MsgNormalize, ViewID, DBTableType, DBType, DBServer, DBName, DBUser, DBPassword, DBTableName, DBEnableRowCounting) VALUES ( " . + $result = DB_Query("INSERT INTO `" . DB_SOURCES . "` (Name, Description, SourceType, MsgParserList, MsgNormalize, ViewID, DBTableType, DBType, DBServer, DBName, DBUser, DBPassword, DBTableName, DBEnableRowCounting) VALUES ( " . "'" . PrepareValueForDB($mySource['Name']) . "', " . "'" . PrepareValueForDB($mySource['Description']) . "', " . " " . PrepareValueForDB($mySource['SourceType']) . " , " . diff --git a/src/include/functions_users.php b/src/include/functions_users.php index 480965d..24cf5a5 100644 --- a/src/include/functions_users.php +++ b/src/include/functions_users.php @@ -86,7 +86,7 @@ function InitUserSession() $content['SESSION_GROUPIDS'] = $_SESSION['SESSION_GROUPIDS']; // --- Now we obtain user specific general settings from the DB for the user! - $result = DB_Query("SELECT * FROM " . DB_CONFIG . " WHERE userid = " . $content['SESSION_USERID']); + $result = DB_Query("SELECT * FROM `" . DB_CONFIG . "` WHERE userid = " . $content['SESSION_USERID']); if ( $result ) { $rows = DB_GetAllRows($result, true); @@ -138,7 +138,7 @@ function InitUserSession() function CreateUserName( $username, $password, $is_admin ) { $md5pass = md5($password); - $result = DB_Query("SELECT username FROM " . DB_USERS . " WHERE username = '" . $username . "'"); + $result = DB_Query("SELECT username FROM `" . DB_USERS . "` WHERE username = '" . $username . "'"); $rows = DB_GetAllRows($result, true); if ( isset($rows) ) @@ -151,7 +151,7 @@ function CreateUserName( $username, $password, $is_admin ) else { // Create User - $result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin) VALUES ('$username', '$md5pass', $is_admin)"); + $result = DB_Query("INSERT INTO `" . DB_USERS . "` (username, password, is_admin) VALUES ('$username', '$md5pass', $is_admin)"); DB_FreeQuery($result); // Success @@ -173,7 +173,7 @@ function CheckUserLogin( $username, $password ) { // TODO: SessionTime and AccessLevel check $md5pass = md5($password); - $sqlquery = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "' and password = '" . $md5pass . "'"; + $sqlquery = "SELECT * FROM `" . DB_USERS . "` WHERE username = '" . $username . "' and password = '" . $md5pass . "'"; $result = DB_Query($sqlquery); $myrow = DB_GetSingleRow($result, true); } @@ -201,7 +201,7 @@ function CheckUserLogin( $username, $password ) $sqlquery = "SELECT " . DB_GROUPMEMBERS . ".groupid, " . DB_GROUPMEMBERS . ".is_member " . - "FROM " . DB_GROUPMEMBERS . " WHERE userid = " . $content['SESSION_USERID'] . " AND " . DB_GROUPMEMBERS . ".is_member = 1"; + "FROM `" . DB_GROUPMEMBERS . "` WHERE userid = " . $content['SESSION_USERID'] . " AND `" . DB_GROUPMEMBERS . ".is_member` = 1"; $result = DB_Query($sqlquery); $myrows = DB_GetAllRows($result, true); if ( isset($myrows ) && count($myrows) > 0 ) @@ -220,7 +220,7 @@ function CheckUserLogin( $username, $password ) // --- // ---Set LASTLOGIN Time! - $result = DB_Query("UPDATE " . DB_USERS . " SET last_login = " . time() . " WHERE ID = " . $content['SESSION_USERID']); + $result = DB_Query("UPDATE `" . DB_USERS . "` SET last_login = " . time() . " WHERE ID = " . $content['SESSION_USERID']); DB_FreeQuery($result); // --- @@ -385,13 +385,13 @@ function CheckLDAPUserLogin( $username, $password ) // then the prefs and group management is done in the DB and we don't rewrite the whole Loganalyzer code… // check if the user already exist - $sqlquery = "SELECT * FROM " . DB_USERS . " WHERE username = '" . $username . "'"; + $sqlquery = "SELECT * FROM `" . DB_USERS . "` WHERE username = '" . $username . "'"; $result = DB_Query($sqlquery); $myrow = DB_GetSingleRow($result, true); if (!isset($myrow['is_admin']) ) { // Create User | use password to create MD5 Hash, so technically the user could login without LDAP as well - $sqlcmd = "INSERT INTO " . DB_USERS . " (username, password, is_admin, is_readonly) VALUES ('" . $username . "', '" . md5($password) . "', 0, 1)"; + $sqlcmd = "INSERT INTO `" . DB_USERS . "` (username, password, is_admin, is_readonly) VALUES ('" . $username . "', '" . md5($password) . "', 0, 1)"; $result = DB_Query($sqlcmd); DB_FreeQuery($result); @@ -487,8 +487,8 @@ function GetGroupsForSelectfield() $sqlquery = "SELECT " . DB_GROUPS . ".ID as mygroupid, " . DB_GROUPS . ".groupname " . - "FROM " . DB_GROUPS . - " ORDER BY " . DB_GROUPS . ".groupname"; + "FROM `" . DB_GROUPS . "`" . + " ORDER BY `" . DB_GROUPS . ".groupname`"; $result = DB_Query($sqlquery); $mygroups = DB_GetAllRows($result, true); if ( isset($mygroups) && count($mygroups) > 0 )