From f37e6539edc42c4a5c621ab82a74b40eede7a3a4 Mon Sep 17 00:00:00 2001
From: Jonny007-MKD <me@jonny007-mkd.de>
Date: Tue, 16 Feb 2016 09:41:07 +0100
Subject: [PATCH] Fixed bug in INSERT INTO users query

---
 mail_control.php | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/mail_control.php b/mail_control.php
index c5cae5e..f7c674d 100644
--- a/mail_control.php
+++ b/mail_control.php
@@ -168,32 +168,37 @@ if($ndomain <> "") {
 if(($domain <> "") && ($usr <> "") && ($pwd <> "")) {
 	$sql1 = "SELECT domain_id, user, password FROM " . $tbl_users . " WHERE domain_id = $domain AND user = '$usr' AND password = '".pw_encode($pwd)."';";
 	$qr = query($sql1);
-	if(mysql_num_rows($qr) < 1) $sql[6] = "INSERT INTO " . $tbl_users . " (domain_id, user, password) VALUES (NULL,'$domain','$usr','".pw_encode($pwd)."');
+	if(mysql_num_rows($qr) < 1) $sql[6] = "INSERT INTO " . $tbl_users . " (domain_id, user, password) VALUES ('$domain','$usr','".pw_encode($pwd)."');
 ";
 }
 
 ## Delete Query ##
 if(($del <> "") && ($id <> "") && ($ack == retAl('Yes'))) {
-	$sql = "DELETE FROM ".$tbl[$del]." WHERE id = $id;";
-	query($sql);
+	switch ($del) {
+		case 1: $tbl = $tbl_aliases; break;
+		case 2: $tbl = $tbl_domains; break;
+		case 3: $tbl = $tbl_users;   break;
+	}
+	$sql = "DELETE FROM ".$tbl." WHERE id = $id;";
+	$qry = query($sql);
 }
 
 ## Update Alias Query##
 if(($chg == 1) && ($id <> "") && ($domain <> "") && ($dest <> "") && ($ack == retAl('Save'))) {
-	$sql = "UPDATE ".$tbl[$chg]." SET domain_id = '".$domain."', source = '".$source."', destination = '".$dest."', enabled = '".$enabled."' WHERE id = ".$id.";";
-	query($sql);
+	$sql = "UPDATE ".$tbl_aliases." SET domain_id = '".$domain."', source = '".$source."', destination = '".$dest."', enabled = '".$enabled."' WHERE id = ".$id.";";
+	$qry = query($sql);
 }
 
 ## Update Domain Query ##
 if(($chg == 2) && ($id <> "") && ($domain <> "") && ($ack == retAl('Save'))) {
-	$sql = "UPDATE ".$tbl[$chg]." SET name='".$domain."' WHERE id = ".$id.";";
-	query($sql);
+	$sql = "UPDATE ".$tbl_domains." SET name='".$domain."' WHERE id = ".$id.";";
+	$qry = query($sql);
 }
 
 ## Update User Query ##
 if(($chg == 3) && ($id <> "") && ($domain <> "") && ($usr <> "") && ($pwd <> "") && ($ack == retAl('Save'))) {
-	$sql = "UPDATE ".$tbl[$chg]." SET domain_id ='".$domain."', user ='".$usr."', password = '".pw_encode($pwd)."' WHERE id = ".$id.";";
-	query($sql);
+	$sql = "UPDATE ".$tbl_users." SET domain_id ='".$domain."', user ='".$usr."', password = '".pw_encode($pwd)."' WHERE id = ".$id.";";
+	$qry = query($sql);
 }
 if($do) $qry = query($sql[$do]);
 if($qry) $result = true;
@@ -469,8 +474,8 @@ switch($do) {
 			$out .= '<div style="text-align: center;"><a href="?do=1&amp;sel='.$sel.'&amp;orderby='.$orderby.'">'.retAl('Back').'</a></div>';
 			$out .= "<script type=\"text/javascript\"><!--\nsetTimeout(function(){document.location = \"?do=1&sel=".$sel.'&orderby='.$orderby."\"},1000)\n--></script>";
 		} else {
-		$out = '<div style="text-align: center;"><h3>'.retAl('ERROR adding Alias').'</h3></div>';
-		$out .= '<div style="text-align: center;"><a href="?do=1&amp;sel='.$sel.'&amp;orderby='.$orderby.'" onclick="history.back(); return false;">'.retAl('Back').'</a></div>';
+			$out = '<div style="text-align: center;"><h3>'.retAl('ERROR adding Alias').'</h3></div>';
+			$out .= '<div style="text-align: center;"><a href="?do=1&amp;sel='.$sel.'&amp;orderby='.$orderby.'" onclick="history.back(); return false;">'.retAl('Back').'</a></div>';
 		}
 	break;
 	case 5:
@@ -499,7 +504,7 @@ switch($del) {
 	case 1:
 		if($ack == "") {
 			$out = '<div style="text-align: center;"><h3>'.retAl('Delete this alias?').'</h3><form action = "?del='.$del.'&amp;id='.$id.'&amp;sel='.$sel.'&amp;orderby='.$orderby.'" method="post">';
-			$out.= '<div><input type="submit" name="ack" value="'.retAl('No').'"></input> |#448; <input type="submit"name="ack" value="'.retAl('Yes').'"></input></div></form></div>';
+			$out.= '<div><input type="submit" name="ack" value="'.retAl('No').'"></input> &#448; <input type="submit"name="ack" value="'.retAl('Yes').'"></input></div></form></div>';
 		} else if($ack == retAl('Yes')) {
 			$out = '<div style="text-align: center;"><b>'.retAl('Alias').' '.retAl('was deleted...').'</b><br /><a href="?do=1">'.retAl('Back').'</a></div>';
 			$out .= "<script type=\"text/javascript\"><!--\nsetTimeout(function(){document.location = \"?do=1&sel=".$sel.'&orderby='.$orderby."\"},1000)\n--></script>";
@@ -512,7 +517,7 @@ switch($del) {
 	case 2:
 		if($ack == "") {
 			$out = '<div style="text-align: center;"><h3>'.retAl('Delete this domain?').'</h3><form action = "?del='.$del.'&amp;id='.$id.'&amp;sel='.$sel.'&amp;orderby='.$orderby.'" method="post">' . "\n";
-			$out.= '<div><input type="submit" name="ack" value="'.retAl('No').'" /> |#448; <input type="submit" name="ack" value="'.retAl('Yes').'" /></div></form></div>';
+			$out.= '<div><input type="submit" name="ack" value="'.retAl('No').'" /> &#448; <input type="submit" name="ack" value="'.retAl('Yes').'" /></div></form></div>';
 		} else if($ack == retAl('Yes')) {
 			$out = '<div style="text-align: center;"><b>'.retAl('Domain').' '.retAl('was deleted...').'</b><br /><a href="?do=2&amp;sel='.$sel.'&amp;orderby='.$orderby.'">'.retAl('Back').'</a></div>';
 			$out .= "<script type=\"text/javascript\"><!--\nsetTimeout(function(){document.location = \"?do=2&sel=".$sel.'&orderby='.$orderby."\"},1000)\n--></script>";