commit 6322a7e71343e788838b53c9846bf851ec8b7580
from: mischa <mischa@rx.high5.nl>
date: Sun Sep 04 17:17:50 2022 UTC

more users things done

commit - 16de74e22032c2da7ebb1cdfde38066f54158df0
commit + 6322a7e71343e788838b53c9846bf851ec8b7580
blob - 6254bf4042eadd963878f716a34cb59dea2eab67
blob + 2758930ca64abedd3ff91f7148634ceb7cb9b391
--- functions.inc.php
+++ functions.inc.php
@@ -35,24 +35,13 @@ if (DEBUG == 'true') {
 // Action: Check if a session already exists, if not redirect to login.php
 // Call: check_session() -or- check_user_session()
 //
-function check_session() {
+function check_session($session = "sessid") {
 	session_start();
-	if (empty($_SESSION['sessid']['username'])) {
-		header("Location: login.php");
-		exit;
-	}
-	$SESSID_USERNAME = $_SESSION['sessid']['username'];
-	return $SESSID_USERNAME;
-}
-
-function check_user_session() {
-	session_start();
-	if (empty($_SESSION['userid']['username'])) {
+	if (empty($_SESSION[$session]['username'])) {
 		header("Location: login.php");
 		exit;
 	}
-	$USERID_USERNAME = $_SESSION['userid']['username'];
-	return $USERID_USERNAME;
+	return $_SESSION[$session]['username'];
 }
 
 //
blob - 24f6678cc54413086a89b50229da50af037cf40c
blob + f2b6b763acd8ff27408619732061774039f73f58
--- languages/en.lang
+++ languages/en.lang
@@ -254,6 +254,8 @@ $LANG['Logging_alias_delete'] = 'delete alias';
 $LANG['Logging_mailbox_add'] = 'add mailbox';
 $LANG['Logging_mailbox_edit'] = 'edit mailbox';
 $LANG['Logging_mailbox_delete'] = 'delete mailbox';
+
+$LANG['Logging_password_change'] = 'change password';
 
 $LANG['Search_welcome'] = 'Searching for: ';
 ?>
blob - 9c79c8f92f1c6f71e1b97a1c72ce8f626405a914
blob + cc9fc8943fc4f9d9c33254351015a84609b6cd61
--- list-virtual.php
+++ list-virtual.php
@@ -35,7 +35,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
 		$list_mailbox = list_mailboxes($domain, $offset, $limit);
 	}
 }
-
 include './templates/header.tpl';
 include './templates/menu.tpl';
 include './templates/list-virtual.tpl';
blob - e7d90844402520ce7e16dc8a761c09fb9d6f5111
blob + 8a716cbfe48f58176ebb91852b32a3b5081e1296
--- login.php
+++ login.php
@@ -33,6 +33,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 		$sth->execute();
 		$row = $sth->fetch(PDO::FETCH_COLUMN);
 	}
+
 	if (!empty($row)) {
 		if (!password_verify($password, $row)) {
 			$message = $LANG['Login_incorrect'];
@@ -41,6 +42,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 		$message = $LANG['Login_incorrect'];
 	}
 
+
 	if (empty($message)) {
 		session_start();
 		$_SESSION['sessid']['username'] = $username;
blob - 550fccf1c997f6cdad8f81523503fbb0d05be909
blob + 2d6569d9dc8e552dbfef37ff840d4a9711b4934c
--- logout.php
+++ logout.php
@@ -17,8 +17,7 @@
 //
 // -none-
 //
-require("./config.inc.php");
-require("./functions.inc.php");
+require_once './functions.inc.php';
 
 $SESSID_USERNAME = check_session();
 
blob - d03a0e01955cfc3ca8563002e735a3675076c5fe
blob + fff4275a3a1d9230a72030ea72ac9905e162127d
--- password.php
+++ password.php
@@ -11,56 +11,56 @@
 //
 // Template Variables:
 //
-// tMessage
+// message
 //
 // Form POST \ GET Variables:
 //
-// fPassword_current
-// fPassword
-// fPassword2
+// password_current
+// password1
+// password2
 //
-require("./functions.inc.php");
-include("./languages/" . check_language() . ".lang");
+require_once './functions.inc.php';
+include './languages/' . check_language() . '.lang';
 
 $SESSID_USERNAME = check_session();
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	$fPassword_current = escape_string($_POST['fPassword_current']);
-	$fPassword = escape_string($_POST['fPassword']);
-	$fPassword2 = escape_string($_POST['fPassword2']);
-
 	$username = $SESSID_USERNAME;
+	$password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
+	$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
+	$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
 	  
-  	$result = db_query("SELECT * FROM admin WHERE username='$username'");
-	if ($result['rows'] == 1) {
-		$row = db_array($result['result']);
-		if (!password_verify($fPassword_current, $row['assword'])) {
-			$error = 1;
-			$pPassword_password_current_text = $LANG['Password_password_current_text_error'];
-		}
-	} else {
-		$error = 1;
-		$pPassword_email_text = $LANG['Password_email_text_error']; 
+	if (empty($password_current) || empty($password1) || $password1 != $password2) {
+		$message = $LANG['Password_password_text_error'];
 	}
 
-	if (empty($fPassword) or ($fPassword != $fPassword2))
-	{
-		$error = 1;
-		$pPassword_password_text = $LANG['Password_password_text_error'];
-	}
-
-	if ($error != 1) {
-		$password = pacrypt($fPassword);
-		$result = db_query("UPDATE admin SET password='$password',modified=NOW() WHERE username='$username'");
-		if ($result['rows'] == 1) {
-			$tMessage = $LANG['Password_result_succes'];
-		} else {
-			$tMessage = $LANG['Password_result_error'];
+	if (empty($message) && !empty($password_current)) {
+		$dbh = connect_db();
+		$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
+		$sth->bindParam(1, $username, PDO::PARAM_STR);
+		$sth->execute();
+		$row = $sth->fetch(PDO::FETCH_COLUMN);
+		if (!password_verify($password_current, $row)) {
+			$message = $LANG['Password_password_current_text_error'];
 		}
+	}      
+
+	if (empty($message) && !empty($password1)) {
+		$hashed = bcrypt($password1);
+		try {
+			$dbh = connect_db();
+			$sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
+			$sth->bindParam(1, $hashed, PDO::PARAM_STR);
+			$sth->bindParam(2, $username, PDO::PARAM_STR);
+			$sth->execute();
+			$message = $LANG['Password_result_succes'];
+		} catch(PDOException $e) {
+			$message = $LANG['Password_result_error'];
+		}	
 	}
 }
-include("./templates/header.tpl");
-include("./templates/menu.tpl");
-include("./templates/password.tpl");
-include("./templates/footer.tpl");
+include './templates/header.tpl';
+include './templates/menu.tpl';
+include './templates/password.tpl';
+include './templates/footer.tpl';
 ?>
blob - 495b4818506eed6c4223155e73cd314181cc0185
blob + 16dadfac6d7f870f850a51b3ae3dce19fe95eb70
--- sendmail.php
+++ sendmail.php
@@ -47,7 +47,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
 		}
 	}
 }
-
 include './templates/header.tpl';
 include './templates/menu.tpl';
 include './templates/sendmail.tpl';
blob - 5672e748579583fe75d5f3889bd8e679a64ca605
blob + d0fc38fc870a687e4099af672aa6deefb92b659c
--- templates/password.tpl
+++ templates/password.tpl
@@ -2,33 +2,29 @@
 <form name="password" method="post">
 <table>
 	<tr>
-		<td colspan="3"><h3><?php echo $LANG['Password_welcome']; ?></h3></td>
+		<td colspan="2"><h3><?php echo $LANG['Password_welcome']; ?></h3></td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['Password_admin'] . ":"; ?></td>
 		<td><?php echo $SESSID_USERNAME; ?></td>
-		<td><?php echo $pPassword_admin_text; ?></td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['Password_password_current']; ?></td>
-		<td><input class="flat" type="password" name="fPassword_current" /></td>
-		<td><?php echo $pPassword_password_current_text; ?></td>
+		<td><input class="flat" type="password" name="password_current" /></td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['Password_password'] . ":"; ?></td>
-		<td><input class="flat" type="password" name="fPassword" /></td>
-		<td><?php echo $pPassword_password_text; ?></td>
+		<td><input class="flat" type="password" name="password1" /></td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['Password_password2'] . ":"; ?></td>
-		<td><input class="flat" type="password" name="fPassword2" /></td>
-		<td>&nbsp;</td>
+		<td><input class="flat" type="password" name="password2" /></td>
 	</tr>
 	<tr>
-		<td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
+		<td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
 	</tr>
 	<tr>
-		<td colspan="3" class="standout"><?php echo $tMessage; ?></td>
+		<td colspan="2" class="standout"><?php echo $message ?? '&nbsp;'; ?></td>
 	</tr>
 </table>
 </form>
blob - 520ceb49f6a58415bf58635444287264bea1cdfe
blob + 8338af54250359c3953da0080dadac73a6af2a5f
--- templates/users_login.tpl
+++ templates/users_login.tpl
@@ -6,17 +6,17 @@
 	</tr>
 	<tr>
 		<td><?php echo $LANG['UsersLogin_username'] . ":"; ?></td>
-		<td><input class="flat" type="text" name="fUsername" value="<?php echo $tUsername; ?>" /></td>
+		<td><input class="flat" type="text" name="username" value="<?php echo $username ?? ''; ?>" /></td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['UsersLogin_password'] . ":"; ?></td>
-		<td><input class="flat" type="password" name="fPassword" /></td>
+		<td><input class="flat" type="password" name="password" /></td>
 	</tr>
 	<tr>
 		<td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php echo $LANG['UsersLogin_button']; ?>" /></td>
 	</tr>
 	<tr>
-		<td colspan="2" class="standout"><?php echo $tMessage; ?></td>
+		<td colspan="2" class="standout"><?php echo $message ?? '&nbsp;'; ?></td>
 	</tr>
 </table>
 </form>
blob - bbaae9a20988537b821c23cf5e830887fadeacea
blob + 12742ac69e056a606facfd1ffac1cfcd1e95e1aa
--- templates/users_password.tpl
+++ templates/users_password.tpl
@@ -7,28 +7,24 @@
 	<tr>
 		<td><?php echo $LANG['Password_admin'] . ":"; ?></td>
 		<td><?php echo $USERID_USERNAME; ?></td>
-		<td><?php echo $pPassword_admin_text; ?></td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['Password_password_current'] . ":"; ?></td>
 		<td><input class="flat" type="password" name="fPassword_current" ></td>
-		<td><?php echo $pPassword_password_current_text; ?></td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['Password_password'] . ":"; ?></td>
 		<td><input class="flat" type="password" name="fPassword" ></td>
-		<td><?php echo $pPassword_password_text; ?></td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['Password_password2'].":" ?></td>
 		<td><input class="flat" type="password" name="fPassword2" /></td>
-		<td>&nbsp;</td>
 	</tr>
 	<tr>
-		<td colspan="3" class="hlp_center"><input type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
+		<td colspan="2" class="hlp_center"><input type="submit" name="submit" value="<?php echo $LANG['Password_button']; ?>" /></td>
 	</tr>
 	<tr>
-		<td colspan="3" class="standout"><?php echo $tMessage; ?></td>
+		<td colspan="2" class="standout"><?php echo $message; ?></td>
 	</tr>
 </table>
 </form>
blob - f537d5f01cc65a0bd166be843224bfdc79ba7516 (mode 644)
blob + /dev/null
--- templates/users_vacation-get.tpl
+++ /dev/null
@@ -1,9 +0,0 @@
-<div id="edit_form">
-<form name="vacation" method="post">
-<table>
-	<tr>
-		<td class="hlp_center"><input class="button" type="submit" name="fBack" value="<?php echo $LANG['UsersVacation_button_back']; ?>" /></td>
-	</tr>
-</table>
-</form>
-</div>
blob - 809242364d5d79f2608ca3295f280cf00c5803f1
blob + 2c090613d844fd5c12a008b5f7d44f8372c655fb
--- templates/users_vacation.tpl
+++ templates/users_vacation.tpl
@@ -4,25 +4,29 @@
 	<tr>
 		<td colspan="3"><h3><?php echo $LANG['UsersVacation_welcome']; ?></h3></td>
 	</tr>
+	<?php if ($action == 'away') { ?>
 	<tr>
 		<td><?php echo $LANG['UsersVacation_subject'] . ":"; ?></td>
-		<td><input type="text" name="fSubject" value="<?php echo $LANG['UsersVacation_subject_text']; ?>" /></td>
+		<td><input type="text" name="subject" value="<?php echo $LANG['UsersVacation_subject_text']; ?>" /></td>
 		<td>&nbsp;</td>
 	</tr>
 	<tr>
 		<td><?php echo $LANG['UsersVacation_body'] . ":"; ?></td>
 		<td>
-<textarea rows="10" cols="80" name="fBody">
+<textarea rows="10" cols="80" name="body">
 <?php echo $LANG['UsersVacation_body_text']; ?>
 </textarea>
 		</td>
 		<td>&nbsp;</td>
 	</tr>
 	<tr>
-		<td colspan="3" class="hlp_center"><input class="button" type="submit" name="fAway" value="<?php echo $LANG['UsersVacation_button_away']; ?>" /></td>
+		<td colspan="3" class="hlp_center"><input class="button" type="submit" name="away" value="<?php echo $LANG['UsersVacation_button_away']; ?>" /></td>
+		<?php } else { ?>
+		<td colspan="3" class="hlp_center"><input class="button" type="submit" name="back" value="<?php echo $LANG['UsersVacation_button_back']; ?>" /></td>
+		<?php } ?>
 	</tr>
 	<tr>
-		<td colspan="3" class="standout"><?php echo $tMessage; ?></td>
+		<td colspan="3" class="standout"><?php echo $message ?? '&nbsp;'; ?></td>
 	</tr>
 </table>
 </form>
blob - 9d6faa1b9e49649461c92201bef096a03e5004bb
blob + 215653d1c937a2530caaa2d10c3045f03fdd4874
--- users/edit-alias.php
+++ users/edit-alias.php
@@ -20,12 +20,10 @@
 // fDomain
 // fGoto
 //
-require("../variables.inc.php");
-require("../config.inc.php");
 require("../functions.inc.php");
 include("../languages/" . check_language() . ".lang");
 
-$USERID_USERNAME = check_user_session();
+$USERID_USERNAME = check_session('userid');
 $USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
 
 if ($_SERVER['REQUEST_METHOD'] == "GET") {
blob - 687252b87ba5fa10786c855dd29e12bfafc09258
blob + b63e0496eb962b6425f0ba813981bf255dfafc96
--- users/login.php
+++ users/login.php
@@ -9,46 +9,47 @@
 //
 // Template File: login.tpl
 //
-// Template Variables:
+// Template variables:
 //
-//  tMessage
-//  tUsername
+//  message
+//  username
 //
-// Form POST \ GET Variables:  
+// GET / POST variables:  
 //
-//  fUsername
-//  fPassword
+//  username
+//  password
 //
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language () . '.lang';
  
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	$fUsername = escape_string($_POST['fUsername']);
-	$fPassword = escape_string($_POST['fPassword']);
+	$username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
+	$password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
 
-	$result = db_query("SELECT password FROM mailbox WHERE username='$fUsername' AND active='1'");
-	if ($result['rows'] == 1) {
-		$row = db_array($result['result']);
-		if (!password_verify($fPassword, $row['assword'])) {
-			$error = 1;
-			$tMessage = $LANG['Login_password_incorrect'];
-			$tUsername = $fUsername;
+	if (!empty($username) && !empty($password)) {
+		$dbh = connect_db();
+		$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
+		$sth->bindParam(1, $username, PDO::PARAM_STR);
+		$sth->execute();
+		$row = $sth->fetch(PDO::FETCH_COLUMN);
+	}
+
+	if (!empty($row)) {
+		if (!password_verify($password, $row)) {
+			$message = $LANG['Login_incorrect'];
 		}
 	} else {
-		$error = 1;
-		$tMessage = $LANG['Login_username_incorrect'];
+		$message = $LANG['Login_incorrect'];
 	}
 
-	if ($error != 1) {
+	if (empty($message)) {
 		session_start();
-		$_SESSION['userid']['username'] = $fUsername;
+		$_SESSION['userid']['username'] = $username;
 		header("Location: main.php");
 		exit;
 	}
 } 
-include("../templates/header.tpl");
-include("../templates/users_login.tpl");
-include("../templates/footer.tpl");
+include '../templates/header.tpl';
+include '../templates/users_login.tpl';
+include '../templates/footer.tpl';
 ?>
blob - 2f7ebf8240839b62d9674d44c44e9170a58c9ad7
blob + 3eebb1983205af9e010f7d61a22fe0359b5ff1dc
--- users/logout.php
+++ users/logout.php
@@ -17,10 +17,9 @@
 //
 // -none-
 //
-require("../config.inc.php");
-require("../functions.inc.php");
+require_once '../functions.inc.php';
 
-$USERID_USERNAME = check_user_session();
+$USERID_USERNAME = check_session('userid');
 
 session_unset();
 session_destroy();
blob - f40bd2c77b1f5cf88b96d9d3ef333a45ee7ffb41
blob + 4d5166deea9de3e0a4bd3e449c74ab00a7b577ec
--- users/main.php
+++ users/main.php
@@ -17,13 +17,13 @@
 //
 // -none-
 //
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
 
-$USERID_USERNAME = check_user_session();
+include '../languages/' . check_language() . '.lang';
 
-include("../templates/header.tpl");
-include("../templates/users_menu.tpl");
-include("../templates/users_main.tpl");
-include("../templates/footer.tpl");
+$SESSID_USERNAME = check_session('userid');
+
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/users_main.tpl';
+include '../templates/footer.tpl';
blob - 3fa050316a337a0e31aa3f3fc022b19ed040d5b6
blob + 044ff3d26c3b6ea691dbc9ce3a59b695d4730c3c
--- users/password.php
+++ users/password.php
@@ -7,64 +7,62 @@
 //
 // File: password.php
 //
-// Template File: users_password.tpl
+// Template File: password.tpl
 //
 // Template Variables:
 //
-// tMessage
+// message
 //
 // Form POST \ GET Variables:
 //
-// fPassword_current
-// fPassword
-// fPassword2
+// password_current
+// password1
+// password2
 //
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language() . '.lang';
 
-$USERID_USERNAME = check_user_session();
-$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
+$SESSID_USERNAME = check_session('userid');
+$admin = $SESSID_USERNAME ?? ADMIN_EMAIL;
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	$fPassword_current = escape_string($_POST['fPassword_current']);
-	$fPassword = escape_string($_POST['fPassword']);
-	$fPassword2 = escape_string($_POST['fPassword2']);
-
-	$username = $USERID_USERNAME;
+	$username = $SESSID_USERNAME;
+	$password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
+	$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
+	$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
 	  
-  	$result = db_query("SELECT * FROM mailbox WHERE username='$username'");
-	if ($result['rows'] == 1) {
-		$row = db_array($result['result']);
-		if (!password_verify($fPassword_current, $row['assword'])) {
-			$error = 1;
-			$pPassword_password_current_text = $LANG['Password_password_current_text_error'];
-		}
-	} else {
-		$error = 1;
-		$pPassword_email_text = $LANG['Password_email_text_error']; 
+	if (empty($password_current) || empty($password1) || $password1 != $password2) {
+		$message = $LANG['Password_password_text_error'];
 	}
 
-	if (empty($fPassword) or ($fPassword != $fPassword2))
-	{
-		$error = 1;
-		$pPassword_password_text = $LANG['Password_password_text_error'];
-	}
-
-	if ($error != 1) {
-		$password = pacrypt($fPassword);
-		$result = db_query("UPDATE mailbox SET password='$password',modified=NOW(),scheme='' WHERE username='$username'");
-		if ($result['rows'] == 1) {
-			$tMessage = $LANG['Password_result_succes'];
-			db_log($USERID_USERNAME, $USERID_DOMAIN, "change password", "$USERID_USERNAME");
-		} else {
-			$tMessage = $LANG['Password_result_error'];
+	if (empty($message) && !empty($password_current)) {
+		$dbh = connect_db();
+		$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
+		$sth->bindParam(1, $username, PDO::PARAM_STR);
+		$sth->execute();
+		$row = $sth->fetch(PDO::FETCH_COLUMN);
+		if (!password_verify($password_current, $row)) {
+			$message = $LANG['Password_password_current_text_error'];
 		}
+	}      
+
+	if (empty($message) && !empty($password1)) {
+		$hashed = bcrypt($password1);
+		try {
+			$dbh = connect_db();
+			$sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?");
+			$sth->bindParam(1, $hashed, PDO::PARAM_STR);
+			$sth->bindParam(2, $username, PDO::PARAM_STR);
+			$sth->execute();
+			logging($admin, substr(strrchr($SESSID_USERNAME, "@"), 1), $LANG['Logging_password_change'], $admin);
+			$message = $LANG['Password_result_succes'];
+		} catch(PDOException $e) {
+			$message = $LANG['Password_result_error'];
+		}	
 	}
 }
-include("../templates/header.tpl");
-include("../templates/users_menu.tpl");
-include("../templates/users_password.tpl");
-include("../templates/footer.tpl");
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/password.tpl';
+include '../templates/footer.tpl';
 ?>
blob - 3200ad36273956baf770cc585036d704215bb41b
blob + bece1138e1f7a11b551473e293f0564363a09c27
--- users/vacation.php
+++ users/vacation.php
@@ -20,58 +20,62 @@
 // fSubject
 // fBody
 //
-require("../variables.inc.php");
-require("../config.inc.php");
-require("../functions.inc.php");
-include("../languages/" . check_language() . ".lang");
+require_once '../functions.inc.php';
+include '../languages/' . check_language() . '.lang';
 
-$USERID_USERNAME = check_user_session();
-$USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1);
+$SESSID_USERNAME = check_session('userid');
+$USERID_DOMAIN = substr(strrchr($SESSID_USERNAME, "@"), 1);
 
 if ($_SERVER['REQUEST_METHOD'] == "GET") {
-	$result = db_query("SELECT * FROM vacation WHERE email='$USERID_USERNAME'");
-	if ($result['rows'] == 1) {
-		$row = db_array($result['result']);
-		$tMessage = $LANG['UsersVacation_welcome_text'];
-		$template = "users_vacation-get.tpl";
+	$dbh = connect_db();
+	$sth = $dbh->prepare("SELECT COUNT(*) FROM vacation WHERE email=?");
+	$sth->execute(array($SESSID_USERNAME));
+
+	if ($sth->fetchColumn() == 1) {
+		$action = 'back';
+		$message = $LANG['UsersVacation_welcome_text'];
 	} else {
-		$template = "users_vacation.tpl";
+		$action = 'away';
 	}
-	
-	include("../templates/header.tpl");
-	include("../templates/users_menu.tpl");
-	include("../templates/$template");
-	include("../templates/footer.tpl");
 }
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
-	if (isset($_POST['fSubject'])) $fSubject = escape_string($_POST['fSubject']);
-	if (isset($_POST['fBody'])) $fBody = escape_string($_POST['fBody']);
+        $subject = filter_input(INPUT_POST, 'subject', FILTER_DEFAULT);
+	$body = filter_input(INPUT_POST, 'body', FILTER_DEFAULT);
 
-	if (!empty($_POST['fBack'])) {
-		$result = db_query("DELETE FROM vacation WHERE email='$USERID_USERNAME'");
-		if ($result['rows'] != 1) {
-			$error = 1;
-			$tMessage = $LANG['UsersVacation_result_error'];
+	if (!empty($_POST['back'])) {
+		$action = 'back';
+		$dbh = connect_db();
+		$sth = $dbh->prepare("DELETE FROM vacation WHERE email=?");
+		$sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
+		$sth->execute();
+		if ($sth->rowCount() != 1) {
+			$message = $LANG['UsersVacation_result_error'];
 		} else {
-			$tMessage = $LANG['UsersVacation_result_succes'];
+			$action = 'away';
+			$essage = $LANG['UsersVacation_result_succes'];
 		}
 	}
 
-	if (!empty($_POST['fAway'])) {
-		$result = db_query("INSERT INTO vacation (email,subject,body,cache,domain,created,active) VALUES ('$USERID_USERNAME','$fSubject','$fBody','','$USERID_DOMAIN',NOW(),'1')");
-		if ($result['rows'] != 1) {
-			$error = 1;
-			$tMessage = $LANG['UsersVacation_result_error'];
-		} else {
+	if (!empty($_POST['away'])) {
+		$action = 'away';
+		try {
+			$dbh = connect_db();
+			$sth = $dbh->prepare("INSERT INTO vacation (email,subject,body,cache,domain,created) VALUES (?,?,?,'',?,NOW())");
+			$sth->bindParam(1, $SESSID_USERNAME, PDO::PARAM_STR);
+			$sth->bindParam(2, $subject, PDO::PARAM_STR);
+			$sth->bindParam(3, $body, PDO::PARAM_STR);
+			$sth->bindParam(4, $USERID_DOMAIN, PDO::PARAM_STR);
+			$sth->execute();
 			header("Location: main.php");
-			exit;
+		} catch(PDOException $e) {
+			$message = $LANG['UsersVacation_result_error'] . " " . $e->getMessage();
 		}
 	}
 	
-	include("../templates/header.tpl");
-	include("../templates/users_menu.tpl");
-	include("../templates/users_vacation.tpl");
-	include("../templates/footer.tpl");
 }
+include '../templates/header.tpl';
+include '../templates/users_menu.tpl';
+include '../templates/users_vacation.tpl';
+include '../templates/footer.tpl';
 ?>