Author: Gunnar Wolf <gwolf@debian.org>
Forwarded: http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=12888 and https://github.com/philippK-de/Collabtive/pull/44
Last-update: 2014-05-23
Description: Makes sure a query has items before iterating over it
 If a query yields no results and we proceed to iterate over it, the
 returned object will be empty and PHP will die with an error such as
 this one:
 .
 PHP Fatal error:  Call to a member function fetch() on a non-object in /usr/share/collabtive/www/include/class.milestone.php on line 527, referer: http://localhost/collabtive/index.php
 .
 This patch ensures there are items to iterate before beginning to do so.

Index: collabtive/include/class.settings.php
===================================================================
--- collabtive.orig/include/class.settings.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.settings.php	2014-05-23 13:33:17.000000000 -0500
@@ -31,7 +31,7 @@
         $sel = $selStmt->execute(array());
 
         $settings = array();
-        while ($selSettings = $selStmt->fetch()) {
+        while ($selStmt and $selSettings = $selStmt->fetch()) {
             // Create a key/value array
             $settings[$selSettings["settingsKey"]] = $selSettings["settingsValue"];
         }
@@ -117,7 +117,7 @@
         while (false !== ($file = readdir($handle))) {
             $type = filetype(CL_ROOT . "/templates/" . $file);
 
-            if (($type == "dir" or $type == "link") and $file != "." and $file != "..") {
+            if ($type == "dir" and $file != "." and $file != "..") {
                 $template = $file;
                 array_push($templates, $template);
             }
Index: collabtive/include/initfunctions.php
===================================================================
--- collabtive.orig/include/initfunctions.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/initfunctions.php	2014-05-23 13:33:17.000000000 -0500
@@ -14,21 +14,16 @@
 	global $conn;
     $user = (int) $user;
     $project = (int) $project;
-    $chk = @$conn->query("SELECT ID FROM projekte_assigned WHERE projekt = $project AND user = $user")->fetch();
+    $qry = @$conn->query("SELECT ID FROM projekte_assigned WHERE projekt = $project AND user = $user");
+    if ($qry) {
+        $chk = $qry->fetch();
+    }
 
     $chk = $chk[0];
 
     if ($chk != "") {
         return true;
     } else {
-        $role = (int) $user;
-        $sel = @mysql_query("SELECT admin FROM roles WHERE ID = $role");
-        $chk = @mysql_fetch_row($sel);
-        $adm = unserialize($chk[0]);
-        if ($adm["add"])
-        {
-            return true;
-        }
         return false;
     }
 }
Index: collabtive/managetimetracker.php
===================================================================
--- collabtive.orig/managetimetracker.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/managetimetracker.php	2014-05-23 13:33:17.000000000 -0500
@@ -234,7 +234,9 @@
 
 	$id = (int) $id;
     $pname = $conn->query("SELECT name FROM projekte WHERE ID = $id");
-    $pname = $pname->fetchColumn();
+    if ($pname) {
+      $pname = $pname->fetchColumn();
+    }
 
     $pdf = new MYPDF("P", PDF_UNIT, "A4", true);
     $headstr = $langfile["timetable"] . " " . $pname;
@@ -297,8 +299,11 @@
 
     $totaltime = $tracker->getTotalTrackTime($track);
     $totaltime = str_replace(".", ",", $totaltime);
-    $uname = $conn->query("SELECT name FROM user WHERE ID = {$conn->quote($id)}")->fetch();
-    $uname = $uname[0];
+    $res = $conn->query("SELECT name FROM user WHERE ID = {$conn->quote($id)}");
+    if ($res) {
+        $uname = $res->fetch();
+	$uname = $uname[0];
+    }
 
     $pdf = new MYPDF("P", PDF_UNIT, "A4", true);
     $pdf->setup($langfile["timetable"] . " " . $uname, array(239, 232, 229));
Index: collabtive/include/class.search.php
===================================================================
--- collabtive.orig/include/class.search.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.search.php	2014-05-23 13:33:17.000000000 -0500
@@ -61,7 +61,7 @@
         $selStmt->execute(array("%{$query}%", "%{$query}%", $query));
 
         $projects = array();
-        while ($result = $selStmt->fetch()) {
+        while ($selStmt and $result = $selStmt->fetch()) {
             if (!empty($result)) {
                 $result["type"] = "project";
                 $result["icon"] = "projects.png";
@@ -93,12 +93,15 @@
         }
 
         $milestones = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		    $result["pname"] = $project;
+		}
 
-                $result["pname"] = $project;
                 $result["type"] = "milestone";
                 $result["icon"] = "miles.png";
                 $result["name"] = stripslashes($result["name"]);
@@ -129,12 +132,15 @@
         }
 
         $messages = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		    $result["pname"] = $project;
+		}
 
-                $result["pname"] = $project;
                 $result["type"] = "message";
                 $result["icon"] = "msgs.png";
                 $result["title"] = stripslashes($result["title"]);
@@ -168,12 +174,15 @@
         }
 
         $tasks = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		    $result["pname"] = $project;
+		}
 
-                $result["pname"] = $project;
                 $result["type"] = "task";
                 $result["icon"] = "task.png";
                 $result["title"] = stripslashes($result["title"]);
@@ -204,12 +213,15 @@
         }
 
         $files = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		    $result["pname"] = $project;
+		}
 
-                $result["pname"] = $project;
                 $result["ftype"] = str_replace("/", "-", $result["type"]);
                 $set = new settings();
                 $settings = $set->getSettings();
@@ -249,7 +261,7 @@
         $sel = $conn->query("SELECT `ID`,`email`,`name`,`avatar`,`lastlogin`, `gender` FROM user WHERE name LIKE " . $conn->quote("%{$query}%"));
 
         $user = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
                 $result["type"] = "user";
                 $result["name"] = stripslashes($result["name"]);
Index: collabtive/include/class.chat.php
===================================================================
--- collabtive.orig/include/class.chat.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.chat.php	2014-05-23 13:33:17.000000000 -0500
@@ -74,7 +74,7 @@
 
         $sel = $conn->query("SELECT * FROM chat WHERE ufrom_id IN($userid,$userto_id) AND userto_id IN($userid,$userto_id) AND time > $start ORDER by time ASC");
 
-        while ($chat = $sel->fetch())
+        while ($sel and $chat = $sel->fetch())
 		{
 			$date = date("H:i", $chat["time"]);
 			echo "[$date] <b>$chat[ufrom]:</b> $chat[text]";
@@ -93,7 +93,7 @@
 
         $sel = $conn->query("SELECT ufrom_id, ufrom FROM chat WHERE userto_id  = $userid AND time > $now");
 
-        while ($chk = $sel->fetch())
+        while ($sel and $chk = $sel->fetch())
 		{
 			$cook = "chatwin" . $chk[0];
 			if (!$_COOKIE[$cook])
Index: collabtive/include/class.mylog.php
===================================================================
--- collabtive.orig/include/class.mylog.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.mylog.php	2014-05-23 13:33:17.000000000 -0500
@@ -82,7 +82,9 @@
         $lim = (int) $lim;
 
         $sel = $conn->query("SELECT COUNT(*) FROM log WHERE project = $project ");
-        $num = $sel->fetch();
+        if ($sel) {
+	    $num = $sel->fetch();
+	}
         $num = $num[0];
         if ($num > 200) {
             $num = 200;
@@ -98,13 +100,15 @@
         $sel2 = $conn->query($sql);
 
         $mylog = array();
-        while ($log = $sel2->fetch()) {
+        while ($sel2 and $log = $sel2->fetch()) {
             if (!empty($log)) {
                 $sel3 = $conn->query("SELECT name FROM projekte WHERE ID = $log[project]");
-                $proname = $sel3->fetch();
-                $proname = $proname[0];
-                $log["proname"] = $proname;
-                $log["proname"] = stripslashes($log["proname"]);
+		if ($sel3) {
+		    $proname = $sel3->fetch();
+		    $proname = $proname[0];
+		    $log["proname"] = $proname;
+		    $log["proname"] = stripslashes($log["proname"]);
+		}
                 $log["username"] = stripslashes($log["username"]);
                 $log["name"] = stripslashes($log["name"]);
                 array_push($mylog, $log);
@@ -134,7 +138,7 @@
         $sel = $conn->query("SELECT * FROM log WHERE user = $user ORDER BY ID DESC LIMIT $limit");
 
         $mylog = array();
-        while ($log = $sel->fetch()) {
+        while ($sel and $log = $sel->fetch()) {
             $log["username"] = stripslashes($log["username"]);
             $log["name"] = stripslashes($log["name"]);
             array_push($mylog, $log);
@@ -162,7 +166,7 @@
         $mylog = array();
         $sel3 = $conn->query("SELECT projekt FROM projekte_assigned WHERE user = $userid");
         $prstring = "";
-        while ($upro = $sel3->fetch()) {
+        while ($sel3 and $upro = $sel3->fetch()) {
             $projekt = $upro[0];
             $prstring .= $projekt . ",";
         }
@@ -172,12 +176,14 @@
         if ($prstring) {
             $sel = $conn->query("SELECT * FROM log  WHERE project IN($prstring) OR project = 0 ORDER BY ID DESC LIMIT $limit");
 
-            while ($log = $sel->fetch()) {
+            while ($sel and $log = $sel->fetch()) {
                 $sel2 = $conn->query("SELECT name FROM projekte WHERE ID = $log[project]");
-                $proname = $sel2->fetch();
-                $proname = $proname[0];
-                $log["proname"] = $proname;
-                $log["proname"] = stripslashes($log["proname"]);
+                if ($sel2) {
+		    $proname = $sel2->fetch();
+		    $proname = $proname[0];
+		    $log["proname"] = $proname;
+		    $log["proname"] = stripslashes($log["proname"]);
+		}
                 $log["username"] = stripslashes($log["username"]);
                 $log["name"] = stripslashes($log["name"]);
                 array_push($mylog, $log);
Index: collabtive/include/class.tasklist.php
===================================================================
--- collabtive.orig/include/class.tasklist.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.tasklist.php	2014-05-23 13:33:17.000000000 -0500
@@ -64,8 +64,11 @@
         $updStmt = $conn->prepare("UPDATE tasklist SET `name` = ?, `desc` = ?, `milestone` = ? WHERE ID = ?");
         $upd = $updStmt->execute(array($name, $desc, $milestone, $id));
         if ($upd) {
-            $proj = $conn->query("SELECT project FROM tasklist WHERE ID = $id")->fetch();
-            $proj = $proj[0];
+  	    $qry = $conn->query("SELECT project FROM tasklist WHERE ID = $id");
+	    if ($qry) {
+	        $proj = $qry->fetch();
+		$proj = $proj[0];
+	    }
 
             $this->mylog->add($name, 'tasklist', 2, $proj);
             return true;
@@ -101,9 +104,11 @@
                     $taskobj->del($task["ID"]);
                 }
             }
-            $sel1 = $sel->fetch();
-            $proj = $sel1[0];
-            $name = $sel1[1];
+            if ($sel) {
+	        $sel1 = $sel->fetch();
+		$proj = $sel1[0];
+		$name = $sel1[1];
+	    }
             $this->mylog->add($name, 'tasklist', 3, $proj);
             return true;
         } else {
@@ -125,9 +130,12 @@
         $upd = $conn->query("UPDATE tasklist SET status = 1 WHERE ID = $id");
 
         if ($upd) {
-            $nam = $conn->query("SELECT project, name FROM tasklist WHERE ID = $id")->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    $qry = $conn->query("SELECT project, name FROM tasklist WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'tasklist', 4, $project);
             return true;
@@ -153,9 +161,15 @@
 
         if ($closeMilestones) {
             // Close assigned milestone too, if no other open tasklists are assigned to it
-            $milestone = $conn->query("SELECT milestone FROM tasklist WHERE ID = $id")->fetch();
+	    $qry = $conn->query("SELECT milestone FROM tasklist WHERE ID = $id");
+	    if ($qry) {
+	        $milestone = $qry->fetch();
+	    }
             if ($milestone[0] > 0) {
-                $cou = $conn->query("SELECT count(*) FROM tasklist WHERE milestone = $milestone[0] AND status = 1")->fetch();
+	        $qry = $conn->query("SELECT count(*) FROM tasklist WHERE milestone = $milestone[0] AND status = 1");
+		if ($qry) {
+		    $cou = $qry->fetch();
+		}
 
                 if ($cou[0] == 0) {
                     $miles = new milestone();
@@ -173,9 +187,12 @@
         }
         // Log entry
         if ($upd) {
-            $nam = $conn->query("SELECT project, name FROM tasklist WHERE ID = $id")->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    $qry = $conn->query("SELECT project, name FROM tasklist WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'tasklist', 5, $project);
             return true;
@@ -202,16 +219,16 @@
         $tasklists = array();
 
         $taskobj = new task();
-        while ($list = $sel->fetch()) {
+        while ($sel and $list = $sel->fetch()) {
             $sel2 = $conn->query("SELECT ID FROM tasks WHERE liste = $list[ID] AND status=1 ORDER BY `end`,`title` ASC");
             $list['tasks'] = array();
-            while ($tasks = $sel2->fetch()) {
+            while ($sel2 and $tasks = $sel2->fetch()) {
                 array_push($list['tasks'], $taskobj->getTask($tasks["ID"]));
             }
 
             $sel3 = $conn->query("SELECT ID FROM tasks WHERE liste = $list[ID] AND status=0 ORDER BY `end` ASC");
             $list['oldtasks'] = array();
-            while ($oldtasks = $sel3->fetch()) {
+            while ($sel3 and $oldtasks = $sel3->fetch()) {
                 array_push($list['oldtasks'], $taskobj->getTask($oldtasks["ID"]));
             }
 
@@ -236,9 +253,11 @@
         global $conn;
 
         $selStmt = $conn->prepare("SELECT * FROM `tasklist` WHERE ID = ?");
-        $sel = $selStmt->execute(array($id));
-        // $sel = $conn->query("SELECT * FROM tasklist WHERE ID = $id");
-        $tasklist = $selStmt->fetch();
+        if ($selStmt) {
+	    $sel = $selStmt->execute(array($id));
+	    // $sel = $conn->query("SELECT * FROM tasklist WHERE ID = $id");
+	    $tasklist = $selStmt->fetch();
+	}
 
         if (!empty($tasklist)) {
             $startstring = date(CL_DATEFORMAT, $tasklist["start"]);
@@ -270,7 +289,7 @@
 
         $sel = $conn->query("SELECT ID FROM tasks WHERE `liste` = $id AND `status` = $status ORDER BY `end`,`title` ASC");
         $tasks = array();
-        while ($task = $sel->fetch()) {
+        while ($sel and $task = $sel->fetch()) {
             array_push($tasks, $taskobj->getTask($task["ID"]));
         }
 
Index: collabtive/include/class.tags.php
===================================================================
--- collabtive.orig/include/class.tags.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.tags.php	2014-05-23 13:33:17.000000000 -0500
@@ -118,13 +118,13 @@
         $tags1 = array();
         $worktags = "";
 
-        while ($dat = $sel1->fetch()) {
+        while ($sel1 and $dat = $sel1->fetch()) {
             $tag = $dat[0];
             $tag = ucfirst($tag);
             if ($tag != "" and $tag != ",") {
                 $worktags .= $tag . ",";
             }
-        } while ($dat = $sel2->fetch()) {
+        } while ($sel2 and $dat = $sel2->fetch()) {
             $tag = $dat[0];
             $tag = ucfirst($tag);
             if ($tag != "" and $tag != ",") {
@@ -170,10 +170,13 @@
         }
 
         $files = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+  	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		}
 
                 $result["pname"] = $project;
                 $result["ftype"] = str_replace("/", "-", $result["type"]);
@@ -223,10 +226,13 @@
         }
 
         $messages = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		}
 
                 $result["pname"] = $project;
                 $result["type"] = "message";
@@ -259,7 +265,7 @@
         $sel = $conn->query("SELECT `ID`,`email`,`name`,`avatar`,`lastlogin`,`tags`, `gender` FROM user WHERE tags LIKE " . $conn->quote("%{$query}%"));
 
         $user = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
                 $result["type"] = "user";
                 $result["name"] = stripslashes($result["name"]);
Index: collabtive/include/class.user.php
===================================================================
--- collabtive.orig/include/class.user.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.user.php	2014-05-23 13:33:17.000000000 -0500
@@ -102,7 +102,10 @@
     {
         global $conn;
 
-        $user = $conn->query("SELECT ID, email, locale FROM user WHERE email={$conn->quote($email)} LIMIT 1")->fetch();
+        $qry = $conn->query("SELECT ID, email, locale FROM user WHERE email={$conn->quote($email)} LIMIT 1");
+	if ($qry) {
+	    $user = $qry->fetch();
+	}
 
         if ($user["email"] == $email) {
             $id = $user["ID"];
@@ -153,9 +156,12 @@
         $newpass = sha1($newpass);
 
         $oldpass = sha1($oldpass);
-        $chk = $conn->query("SELECT ID, name FROM user WHERE ID = $id AND pass = {$conn->quote($oldpass)}")->fetch();
-        $chk = $chk[0];
-        $name = $chk[1];
+        $qry = $conn->query("SELECT ID, name FROM user WHERE ID = $id AND pass = {$conn->quote($oldpass)}");
+	if ($qry) {
+	    $chk = $qry->fetch();
+	    $chk = $chk[0];
+	    $name = $chk[1];
+	}
         if (!$chk) {
             return false;
         }
@@ -205,8 +211,11 @@
         global $conn;
         $id = (int) $id;
 
-        $chk = $conn->query("SELECT name FROM user WHERE ID = $id")->fetch();
-        $name = $chk[0];
+        $qry = $conn->query("SELECT name FROM user WHERE ID = $id");
+	if ($qry) {
+	    $chk = $qry->fetch();
+	    $name = $chk[0];
+	}
 
         $del = $conn->query("DELETE FROM user WHERE ID = $id");
         $del2 = $conn->query("DELETE FROM projekte_assigned WHERE user = $id");
@@ -235,7 +244,9 @@
         $id = (int) $id;
 
         $sel = $conn->query("SELECT * FROM user WHERE ID = $id");
-        $profile = $sel->fetch();
+        if ($sel) {
+	    $profile = $sel->fetch();
+	}
         if (!empty($profile)) {
             $profile["name"] = stripslashes($profile["name"]);
             if (isset($profile["company"])) {
@@ -276,8 +287,10 @@
         $id = (int) $id;
         global $conn;
         $sel = $conn->query("SELECT avatar FROM user WHERE ID = $id");
-        $profile = $sel->fetch();
-        $profile = $profile[0];
+	if ($sel) {
+	    $profile = $sel->fetch();
+	    $profile = $profile[0];
+	}
 
         if (!empty($profile)) {
             return $profile;
@@ -304,7 +317,9 @@
         $pass = sha1($pass);
 
         $sel1 = $conn->query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE (name = $user OR email = $user) AND pass = '$pass'");
-        $chk = $sel1->fetch();
+	if ($sel1) {
+  	    $chk = $sel1->fetch();
+	}
         if ($chk["ID"] != "") {
             $rolesobj = new roles();
             $now = time();
@@ -351,12 +366,14 @@
                 $identity = $openid->data['openid_identity'];
 
                 $sel1 = $conn->query("SELECT ID from openids WHERE identity='$identity'");
-                if ($row = $sel1->fetch()) {
+                if ($sel1 and $row = $sel1->fetch()) {
                     $id = $row['ID'];
                 } else return false;
                 // die("SELECT ID,name,locale,lastlogin,gender FROM user WHERE ID=$id");
                 $sel1 = $conn->query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE ID=$id");
-                $chk = $sel1->fetch();
+		if ($sel1) {
+		    $chk = $sel1->fetch();
+		}
                 if ($chk["ID"] != "") {
                     $rolesobj = new roles();
                     $now = time();
@@ -412,8 +429,11 @@
 
         $lim = (int) $lim;
 
-        $num = $conn->query("SELECT COUNT(*) FROM `user`")->fetch();
-        $num = $num[0];
+        $qry = $conn->query("SELECT COUNT(*) FROM `user`");
+	if ($qry) {
+	    $num = $qry->fetch();
+	    $num = $num[0];
+	}
         SmartyPaginate::connect();
         // set items per page
         SmartyPaginate::setLimit($lim);
@@ -425,7 +445,7 @@
         $sel2 = $conn->query("SELECT ID FROM `user` ORDER BY ID DESC LIMIT $start,$lim");
 
         $users = array();
-        while ($user = $sel2->fetch()) {
+        while ($sel2 and $user = $sel2->fetch()) {
             array_push($users, $this->getProfile($user["ID"]));
         }
 
@@ -454,7 +474,7 @@
 
         $users = array();
 
-        while ($user = $sel->fetch()) {
+        while ($sel and $user = $sel->fetch()) {
             $user["name"] = stripslashes($user["name"]);
             $user["company"] = stripslashes($user["company"]);
             $user["adress"] = stripslashes($user["adress"]);
@@ -489,7 +509,9 @@
         $now = $time - $offset;
 
         $sel = $conn->query("SELECT ID FROM user WHERE lastlogin >= $now AND ID = $user");
-        $user = $sel->fetch();
+        if ($sel) {
+	    $user = $sel->fetch();
+	}
 
         if (!empty($user)) {
             return true;
@@ -509,8 +531,10 @@
         global $conn;
 
         $sel = $conn->query("SELECT ID FROM user WHERE name = {$conn->quote($user)}");
-        $id = $sel->fetch();
-        $id = $id[0];
+	if ($sel) {
+  	    $id = $sel->fetch();
+	    $id = $id[0];
+	}
 
         $theid = array();
 
Index: collabtive/include/class.roles.php
===================================================================
--- collabtive.orig/include/class.roles.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.roles.php	2014-05-23 13:33:17.000000000 -0500
@@ -130,8 +130,11 @@
         $role = (int) $role;
         $user = (int) $user;
         // get the number of roles already assigned to $user
-        $chk = $conn->query("SELECT COUNT(*) FROM roles_assigned WHERE user = $user")->fetch();
-        $chk = $chk[0];
+        $qry = $conn->query("SELECT COUNT(*) FROM roles_assigned WHERE user = $user");
+	if ($qry) {
+	    $chk = $qry->fetch();
+	    $chk = $chk[0];
+	}
         // If there already is a role assigned to the user, just update this entry
         // Otherwise create a new entry
         if ($chk > 0) {
@@ -185,7 +188,7 @@
             $sel = $conn->query("SELECT ID FROM roles ORDER BY ID DESC");
         } else {
             $sel = $conn->query("SELECT ID FROM roles ORDER BY ID DESC LIMIT $limit");
-        } while ($role = $sel->fetch()) {
+        } while ($sel and $role = $sel->fetch()) {
             /**
              * $role["projects"] = unserialize($role["projects"]);
              * $role["tasks"] = unserialize($role["tasks"]);
@@ -232,8 +235,11 @@
         global $conn;
         $user = (int) $user;
 
-        $usr = $conn->query("SELECT role FROM roles_assigned WHERE user = $user")->fetch();
-        $usr = $usr[0];
+        $qry = $conn->query("SELECT role FROM roles_assigned WHERE user = $user");
+	if ($qry) {
+	    $usr = $qry->fetch();
+	    $usr = $usr[0];
+	}
         if ($usr) {
             $role = $this->getRole($usr);
         } else {
@@ -293,7 +299,9 @@
         $role = (int) $role;
         // Get the serialized strings from the db
         $sel2 = $conn->query("SELECT * FROM roles WHERE ID = $role");
-        $therole = $sel2->fetch();
+	if ($sel2) {
+	    $therole = $sel2->fetch();
+	}
         // Unserialize to an array
         $therole["projects"] = unserialize($therole["projects"]);
         $therole["tasks"] = unserialize($therole["tasks"]);
Index: collabtive/include/class.project.php
===================================================================
--- collabtive.orig/include/class.project.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.project.php	2014-05-23 13:33:17.000000000 -0500
@@ -181,8 +181,11 @@
 
         $upd = $conn->query("UPDATE projekte SET status=1 WHERE ID = $id");
         if ($upd) {
-            $nam = $conn->query("SELECT name FROM projekte WHERE ID = $id")->fetch();
-            $nam = $nam[0];
+	    $qry = $conn->query("SELECT name FROM projekte WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$nam = $nam[0];
+	    }
             $this->mylog->add($nam, 'projekt', 4, $id);
             return true;
         } else {
@@ -227,8 +230,11 @@
 
         $upd = $conn->query("UPDATE projekte SET status=0 WHERE ID = $id");
         if ($upd) {
-            $nam = $conn->query("SELECT name FROM projekte WHERE ID = $id")->fetch();
-            $nam = $nam[0];
+	    $qry = $conn->query("SELECT name FROM projekte WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$nam = $nam[0];
+	    }
             $this->mylog->add($nam, 'projekt', 5, $id);
             return true;
         } else {
@@ -324,10 +330,10 @@
         $id = (int) $id;
 
         $sel = $conn->prepare("SELECT * FROM projekte WHERE ID = ?");
-        $selStmt = $sel->execute(array($id));
-
-        $project = $sel->fetch();
-
+	if ($sel) {
+	    $selStmt = $sel->execute(array($id));
+	    $project = $sel->fetch();
+	}
         if (!empty($project)) {
             if ($project["end"]) {
                 $daysleft = $this->getDaysLeft($project["end"]);
@@ -370,7 +376,7 @@
         $sel = $conn->prepare("SELECT `ID` FROM projekte WHERE `status`= ? ORDER BY `end` ASC LIMIT $lim");
         $selStmt = $sel->execute(array($status));
 
-        while ($projekt = $sel->fetch()) {
+        while ($sel and $projekt = $sel->fetch()) {
             $project = $this->getProject($projekt["ID"]);
             array_push($projekte, $project);
         }
@@ -399,8 +405,11 @@
         $sel = $conn->prepare("SELECT projekt FROM projekte_assigned WHERE user = ? ORDER BY ID ASC");
         $selStmt = $sel->execute(array($user));
 
-        while ($projs = $sel->fetch()) {
-            $projekt = $conn->query("SELECT ID FROM projekte WHERE ID = " . $projs[0] . " AND status={$conn->quote((int) $status)}")->fetch();
+        while ($sel and $projs = $sel->fetch()) {
+	    $qry = $conn->query("SELECT ID FROM projekte WHERE ID = " . $projs[0] . " AND status={$conn->quote((int) $status)}");
+	    if ($qry) {
+	        $projekt = $qry->fetch();
+	    }
             if ($projekt) {
                 $project = $this->getProject($projekt["ID"]);
                 array_push($myprojekte, $project);
@@ -436,9 +445,11 @@
         $selStmt = $sel->execute(array($user));
 
         if ($sel) {
-            while ($projs = $sel->fetch()) {
+            while ($sel and $projs = $sel->fetch()) {
                 $sel2 = $conn->query("SELECT ID FROM projekte WHERE ID = " . $projs[0]);
-                $projekt = $sel2->fetch();
+                if ($sel2) {
+		    $projekt = $sel2->fetch();
+		}
                 if ($projekt) {
                     array_push($myprojekte, $projekt);
                 }
@@ -469,8 +480,11 @@
         $members = array();
 
         if ($paginate) {
-            $num = $conn->query("SELECT COUNT(*) FROM projekte_assigned WHERE projekt = $project")->fetch();
-            $num = $num[0];
+	    $qry = $conn->query("SELECT COUNT(*) FROM projekte_assigned WHERE projekt = $project");
+	    if ($qry) {
+	        $num = $qry->fetch();
+		$num = $num[0];
+	    }
             $lim = (int)$lim;
             SmartyPaginate::connect();
             // set items per page
@@ -485,7 +499,7 @@
         $sel1 = $conn->query("SELECT user FROM projekte_assigned WHERE projekt = $project LIMIT $start,$lim");
 
         $usr = new user();
-        while ($user = $sel1->fetch()) {
+        while ($sel1 and $user = $sel1->fetch()) {
             $theuser = $usr->getProfile($user[0]);
             array_push($members, $theuser);
         }
@@ -507,7 +521,10 @@
     {
         global $conn;
         $project = (int) $project;
-        $num = $conn->query("SELECT COUNT(*) FROM projekte_assigned WHERE projekt = $project")->fetch();
+        $qry = $conn->query("SELECT COUNT(*) FROM projekte_assigned WHERE projekt = $project");
+	if ($qry) {
+	    $num = $qry->fetch();
+	}
         return $num[0];
     }
 
@@ -522,11 +539,17 @@
         global $conn;
         $project = (int) $project;
 
-        $otasks = $conn->query("SELECT COUNT(*) FROM tasks WHERE project = $project AND status = 1")->fetch();
-        $otasks = $otasks[0];
-
-        $clotasks = $conn->query("SELECT COUNT(*) FROM tasks WHERE project = $project AND status = 0")->fetch();
-        $clotasks = $clotasks[0];
+        $qry = $conn->query("SELECT COUNT(*) FROM tasks WHERE project = $project AND status = 1");
+	if ($qry) {
+	    $otasks = $qry->fetch();
+	    $otasks = $otasks[0];
+	}
+
+        $qry = $conn->query("SELECT COUNT(*) FROM tasks WHERE project = $project AND status = 0");
+	if ($qry) {
+	    $clotasks = $qry->fetch();
+	    $clotasks = $clotasks[0];
+	}
 
         $totaltasks = $otasks + $clotasks;
         if ($totaltasks > 0 and $clotasks > 0) {
@@ -553,7 +576,7 @@
         $selStmt = $sel->execute(array($project));
 
         $folders = array();
-        while ($folder = $sel->fetch()) {
+        while ($sel and $folder = $sel->fetch()) {
             array_push($folders, $folder);
         }
 
Index: collabtive/managechat.php
===================================================================
--- collabtive.orig/managechat.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/managechat.php	2014-05-23 13:33:17.000000000 -0500
@@ -62,7 +62,7 @@
     }
 
     $sel = $conn->query("SELECT * FROM chat WHERE ufrom_id IN($userid,$userto_id) AND userto_id IN($userid,$userto_id) AND time > $start ORDER by time ASC");
-    while ($chat = $sel->fetch())
+    while ($sel and $chat = $sel->fetch())
     {
         $date = date("H:i", $chat["time"]);
         echo "[$date] <b>$chat[ufrom]:</b> $chat[text]";
@@ -75,7 +75,7 @@
 
     $sel = $conn->query("SELECT ufrom_id,ufrom FROM chat WHERE userto_id  = $userid AND time > $now");
 
-    while ($chk = $sel->fetch())
+    while ($sel and $chk = $sel->fetch())
     {
         $cook = "chatwin" . $chk[0];
         if (!$_COOKIE[$cook])
Index: collabtive/include/class.company.php
===================================================================
--- collabtive.orig/include/class.company.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.company.php	2014-05-23 13:33:17.000000000 -0500
@@ -141,9 +141,11 @@
         $id = (int) $id;
 
         $sel = $conn->prepare("SELECT * FROM company WHERE ID = ?");
-        $selStmt = $sel->execute(array($id));
+        if ($sel) {
+	    $selStmt = $sel->execute(array($id));
 
-        $company = $sel->fetch();
+	    $company = $sel->fetch();
+	}
 
         if (!empty($company)) {
             return $company;
@@ -165,10 +167,11 @@
         $lim = (int) $lim;
 
         $sel = $conn->prepare("SELECT * FROM company ORDER BY `company` ASC LIMIT $lim");
-        $selStmt = $sel->execute();
-
-        $customers = $sel->fetchAll();
+        if ($sel) {
+	    $selStmt = $sel->execute();
 
+	    $customers = $sel->fetchAll();
+	}
 
         if (!empty($customers)) {
             return $customers;
@@ -188,7 +191,7 @@
 		$sel = $conn->query("SELECT * FROM company");
 		$companies = array();
 
-		while($company = $sel->fetch())
+		while($sel and $company = $sel->fetch())
 		{
 
 			array_push($companies,$company);
@@ -218,7 +221,7 @@
 		$staff = array();
 		$userobj = (object) new user();
 		$company = $this->getProfile($member[1]);
-        while($member = $sel->fetch())
+        while($sel and $member = $sel->fetch())
 		{
 			$user = $userobj->getProfile($member[0]);
 			array_push($staff,$user);
Index: collabtive/include/class.datei.php
===================================================================
--- collabtive.orig/include/class.datei.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.datei.php	2014-05-23 13:33:17.000000000 -0500
@@ -114,9 +114,12 @@
     {
         global $conn;
         $id = (int) $id;
-        $folder = $conn->query("SELECT * FROM projectfolders WHERE ID = $id LIMIT 1")->fetch();
-        $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
-        $folder["abspath"] = $this->getAbsolutePathName($folder);
+        $qry = $conn->query("SELECT * FROM projectfolders WHERE ID = $id LIMIT 1");
+	if ($qry) {
+	    $folder = $qry->fetch();
+	    $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
+	    $folder["abspath"] = $this->getAbsolutePathName($folder);
+	}
 
         return $folder;
     }
@@ -135,7 +138,7 @@
 
         $folders = array();
 
-        while ($folder = $sel->fetch()) {
+        while ($sel and $folder = $sel->fetch()) {
             $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
             $folder["abspath"] = $this->getAbsolutePathName($folder);
             array_push($folders, $folder);
@@ -163,7 +166,7 @@
         $sel = $conn->query("SELECT * FROM projectfolders WHERE project = $project AND parent = $parent ORDER BY ID ASC");
         $folders = array();
 
-        while ($folder = $sel->fetch()) {
+        while ($sel and $folder = $sel->fetch()) {
             $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
             $folder["abspath"] = $this->getAbsolutePathName($folder);
             array_push($folders, $folder);
@@ -190,7 +193,7 @@
         $sel = $conn->query("SELECT * FROM projectfolders WHERE project = $project ORDER BY ID ASC");
         $folders = array();
 
-        while ($folder = $sel->fetch()) {
+        while ($sel and $folder = $sel->fetch()) {
             $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
             $folder["abspath"] = $this->getAbsolutePathName($folder);
             array_push($folders, $folder);
@@ -217,8 +220,9 @@
             return "/" . $folder['name'];
         } else {
             $sel = $conn->query("SELECT * FROM projectfolders WHERE ID = " . $folder['parent']);
-            $parent = $sel->fetch();
-
+	    if ($sel) {
+  	        $parent = $sel->fetch();
+	    }
             return $this->getAbsolutePathName($parent) . "/" . $folder['name'];
         }
     }
@@ -432,8 +436,11 @@
         global $conn;
         $id = (int) $id;
         // get project for logging
-        $proj = $conn->query("SELECT project FROM files WHERE ID = $id")->fetch();
-        $project = $proj[0];
+        $qry = $conn->query("SELECT project FROM files WHERE ID = $id");
+	if ($qry) {
+	    $proj = $qry->fetch();
+	    $project = $proj[0];
+	}
 
         $sql = $conn->prepare("UPDATE files SET `title` = ?, `desc` = ?, `tags` = ? WHERE id = ?");
         $upd = $sql->execute(array($title, $desc, $tags, $id));
@@ -457,7 +464,10 @@
         global $conn;
         $datei = (int) $datei;
 
-        $thisfile = $conn->query("SELECT datei,name,project,title FROM files WHERE ID = $datei")->fetch();
+        $qry = $conn->query("SELECT datei,name,project,title FROM files WHERE ID = $datei");
+	if ($qry) {
+	    $thisfile = $qry->fetch();
+	}
         if (!empty($thisfile)) {
             $fname = $thisfile[1];
             $project = $thisfile[2];
@@ -502,7 +512,10 @@
         global $conn;
         $id = (int) $id;
         // get the file from MySQL
-        $file = $conn->query("SELECT * FROM files WHERE ID=$id")->fetch();
+        $qry = $conn->query("SELECT * FROM files WHERE ID=$id");
+	if ($qry) {
+	    $file = $qry->fetch();
+	}
 
         if (!empty($file)) {
             // determine if there is an mimetype icon corresponding to the files mimetype. If not set 'none'
@@ -592,8 +605,10 @@
         } else {
             $sel = $conn->query("SELECT COUNT(*) FROM files WHERE project = $id AND folder = 0 ORDER BY ID DESC");
         }
-        $num = $sel->fetch();
-        $num = $num[0];
+	if ($sel) {
+	    $num = $sel->fetch();
+	    $num = $num[0];
+	}
         SmartyPaginate::connect();
         // set items per page
         SmartyPaginate::setLimit($lim);
@@ -609,7 +624,7 @@
             $sel2 = $conn->query($sql);
         } else {
             $sel2 = $conn->query("SELECT ID FROM files WHERE project = $id AND folder = 0 ORDER BY  ID DESC LIMIT $start,$lim");
-        } while ($file = $sel2->fetch()) {
+        } while ($sel2 and $file = $sel2->fetch()) {
             if (!empty($file)) {
                 array_push($files, $this->getFile($file["ID"]));
             }
@@ -639,7 +654,7 @@
 
         $sel2 = $conn->query("SELECT ID FROM files WHERE project = $id  ORDER BY  ID DESC");
 
-        while ($file = $sel2->fetch()) {
+        while ($sel2 and $file = $sel2->fetch()) {
             if (!empty($file)) {
                 array_push($files, $this->getFile($file["ID"]));
             }
Index: collabtive/include/class.message.php
===================================================================
--- collabtive.orig/include/class.message.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.message.php	2014-05-23 13:33:17.000000000 -0500
@@ -68,8 +68,11 @@
         $upd = $updStmt->execute(array($title, $text, $tags, (int) $id));
 
         if ($upd) {
-            $proj = $conn->query("SELECT project FROM messages WHERE ID = $id")->fetch();
-            $proj = $proj[0];
+	    $qry = $conn->query("SELECT project FROM messages WHERE ID = $id");
+	    if ($qry) {
+	        $proj = $qry->fetch();
+		$proj = $proj[0];
+	    }
             $this->mylog->add($title, 'message', 2, $proj);
             return true;
         } else {
@@ -88,7 +91,10 @@
         global $conn;
         $id = (int) $id;
 
-        $msg = $conn->query("SELECT title,project FROM messages WHERE ID = $id")->fetch();
+        $qry = $conn->query("SELECT title,project FROM messages WHERE ID = $id");
+	if ($qry) {
+	    $msg = $qry->fetch();
+	}
 
         $del = $conn->query("DELETE FROM messages WHERE ID = $id LIMIT 1");
         $del2 = $conn->query("DELETE FROM messages WHERE replyto = $id");
@@ -112,23 +118,35 @@
         global $conn;
         $id = (int) $id;
 
-        $message = $conn->query("SELECT * FROM messages WHERE ID = $id LIMIT 1")->fetch();
+        $qry = $conn->query("SELECT * FROM messages WHERE ID = $id LIMIT 1");
+	if ($qry) {
+	    $message = $qry->fetch();
+	}
 
         $tagobj = new tags();
         $milesobj = new milestone();
         if (!empty($message)) {
-            $replies = $conn->query("SELECT COUNT(*) FROM messages WHERE replyto = $id")->fetch();
-            $replies = $replies[0];
+	    $qry = $conn->query("SELECT COUNT(*) FROM messages WHERE replyto = $id");
+	    if ($qry) {
+	        $replies = $qry->fetch();
+		$replies = $replies[0];
+	    }
 
             $user = new user();
             $avatar = $user->getAvatar($message["user"]);
 
-            $ds = $conn->query("SELECT gender FROM user WHERE ID = $message[user]")->fetch();
-            $gender = $ds[0];
-            $message["gender"] = $gender;
-
-            $project = $conn->query("SELECT name FROM projekte WHERE ID = $message[project]")->fetch();
-            $message["pname"] = $project[0];
+            $qry = $conn->query("SELECT gender FROM user WHERE ID = $message[user]");
+	    if ($qry) {
+	        $ds = $qry->fetch();
+		$gender = $ds[0];
+		$message["gender"] = $gender;
+	    }
+
+            $qry = $conn->query("SELECT name FROM projekte WHERE ID = $message[project]");
+	    if ($qry) {
+	        $project = $qry->fetch();
+		$message["pname"] = $project[0];
+	    }
             $posted = date(CL_DATEFORMAT . " - H:i", $message["posted"]);
             $message["postdate"] = $posted;
             $message["endstring"] = $posted;
@@ -173,7 +191,7 @@
         $tagobj = new tags();
         $milesobj = new milestone();
         $user = new user();
-        while ($reply = $sel->fetch()) {
+        while ($sel and $reply = $sel->fetch()) {
             if (!empty($reply)) {
                 $thereply = $this->getMessage($reply["ID"]);
                 array_push($replies, $thereply);
@@ -201,7 +219,7 @@
         $sel3 = $conn->query("SELECT projekt FROM projekte_assigned WHERE user = $userid");
         // Assemble a string of project IDs the user belongs to for IN() query.
         $prstring = "";
-        while ($upro = $sel3->fetch()) {
+        while ($sel3 and $upro = $sel3->fetch()) {
             $projekt = $upro[0];
             $prstring .= $projekt . ",";
         }
@@ -213,7 +231,7 @@
 
             $tagobj = new tags();
             $milesobj = new milestone();
-            while ($message = $sel1->fetch()) {
+            while ($sel1 and $message = $sel1->fetch()) {
                 $themessage = $this->getMessage($message["ID"]);
                 array_push($messages, $themessage);
             }
@@ -242,7 +260,7 @@
         $tagobj = new tags();
         $milesobj = new milestone();
 
-        while ($message = $sel1->fetch()) {
+        while ($sel1 and $message = $sel1->fetch()) {
             $themessage = $this->getMessage($message["ID"]);
             array_push($messages, $themessage);
         }
@@ -304,19 +322,21 @@
 
         $files = array();
         $sel = $conn->query("SELECT file FROM files_attached WHERE message = $msg");
-        while ($file = $sel->fetch()) {
+        while ($sel and $file = $sel->fetch()) {
             $sel2 = $conn->query("SELECT * FROM files WHERE ID = $file[0]");
-            $thisfile = $sel2->fetch();
-            $thisfile["type"] = str_replace("/", "-", $thisfile["type"]);
-            if (isset($thisfile["desc"])) {
-                $thisfile["desc"] = stripslashes($thisfile["desc"]);
-            }
-            if (isset($thisfile["tags"])) {
-                $thisfile["tags"] = stripslashes($thisfile["tags"]);
-            }
-            if (isset($thisfile["title"])) {
-                $thisfile["title"] = stripslashes($thisfile["title"]);
-            }
+            if ($sel2) {
+	        $thisfile = $sel2->fetch();
+		$thisfile["type"] = str_replace("/", "-", $thisfile["type"]);
+		if (isset($thisfile["desc"])) {
+		    $thisfile["desc"] = stripslashes($thisfile["desc"]);
+		}
+		if (isset($thisfile["tags"])) {
+		    $thisfile["tags"] = stripslashes($thisfile["tags"]);
+		}
+		if (isset($thisfile["title"])) {
+		    $thisfile["title"] = stripslashes($thisfile["title"]);
+		}
+	    }
             $set = new settings();
             $settings = $set->getSettings();
             $myfile = "./templates/" . $settings["template"] . "/images/files/" . $thisfile["type"] . ".png";
Index: collabtive/include/class.task.php
===================================================================
--- collabtive.orig/include/class.task.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.task.php	2014-05-23 13:33:17.000000000 -0500
@@ -227,7 +227,10 @@
         global $conn;
         $id = (int) $id;
 
-        $task = $conn->query("SELECT * FROM tasks WHERE ID = $id")->fetch();
+        $qry = $conn->query("SELECT * FROM tasks WHERE ID = $id");
+	if ($qry) {
+	    $task = $qry->fetch();
+	}
         if (!empty($task)) {
             // format datestring according to dateformat option
             if (is_numeric($task['end'])) {
@@ -244,7 +247,7 @@
             // Get the user(s) assigned to the task from the db
             $usel = $conn->query("SELECT user FROM tasks_assigned WHERE task = $task[ID]");
             $users = array();
-            while ($usr = $usel->fetch()) {
+            while ($use1 and $usr = $usel->fetch()) {
                 // push the assigned users to an array
                 array_push($users, $usr[0]);
                 $task["user"] = "All";
@@ -302,7 +305,7 @@
             $sel2 = $conn->query("SELECT ID FROM tasks WHERE project = $project AND status=$status");
         } else {
             $sel2 = $conn->query("SELECT ID FROM tasks WHERE project = $project");
-        } while ($tasks = $sel2->fetch()) {
+        } while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -333,9 +336,12 @@
 
         $sel2 = $conn->query("SELECT ID FROM tasks WHERE project = $project AND status=1 AND end > $now ORDER BY `end` ASC LIMIT $limit");
 
-        while ($tasks = $sel2->fetch()) {
-            $chk = $conn->query("SELECT ID FROM tasks_assigned WHERE user = $user AND task = $tasks[ID]")->fetch();
-            $chk = $chk[0];
+        while ($sel2 and $tasks = $sel2->fetch()) {
+	    $qry = $conn->query("SELECT ID FROM tasks_assigned WHERE user = $user AND task = $tasks[ID]");
+	    if ($qry) {
+	        $chk = $qry->fetch();
+		$chk = $chk[0];
+	    }
             if ($chk) {
                 $task = $this->getTask($tasks["ID"]);
                 array_push($lists, $task);
@@ -372,7 +378,7 @@
 
         $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project AND status=1 ORDER BY `end` ASC ");
 
-        while ($tasks = $sel2->fetch()) {
+        while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -403,7 +409,7 @@
         $now = strtotime($tod);
 
         $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project  AND status=1 AND end < $now ORDER BY `end` ASC LIMIT $limit");
-        while ($tasks = $sel2->fetch()) {
+        while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -435,7 +441,7 @@
 
         $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project  AND status=1 AND end = '$now' ORDER BY `end` ASC LIMIT $limit");
 
-        while ($tasks = $sel2->fetch()) {
+        while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -466,7 +472,7 @@
 
         $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project AND status=0 ORDER BY `end` ASC LIMIT $limit");
 
-        while ($tasks = $sel2->fetch()) {
+        while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -510,7 +516,7 @@
         }
         $sel1 = $conn->query($sql);
 
-        while ($stone = $sel1->fetch()) {
+        while ($sel1 and $stone = $sel1->fetch()) {
             $stone["daysleft"] = $this->getDaysLeft($stone["end"]);
             array_push($timeline, $stone);
         }
@@ -533,12 +539,18 @@
         global $conn;
         $id = (int) $id;
 
-        $user = $conn->query("SELECT user FROM tasks_assigned WHERE task = $id")->fetch();
+        $qry = $conn->query("SELECT user FROM tasks_assigned WHERE task = $id");
+	if ($qry) {
+	    $user = $qry->fetch();
+	}
 
         if (!empty($user)) {
-            $uname = $conn->query("SELECT name FROM user WHERE ID = $user[0]")->fetch();
-            $uname = $uname[0];
-            $user[1] = stripslashes($uname);
+	    $qry = $conn->query("SELECT name FROM user WHERE ID = $user[0]");
+	    if ($qry) {
+	        $uname = $qry->fetch();
+		$uname = $uname[0];
+		$user[1] = stripslashes($uname);
+	    }
 
             return $user;
         } else {
@@ -560,11 +572,13 @@
         $sql = $conn->query("SELECT user FROM tasks_assigned WHERE task = $id");
 
         $result = array();
-        while ($user = $sql->fetch()) {
+        while ($sql and $user = $sql->fetch()) {
             $sel2 = $conn->query("SELECT name FROM user WHERE ID = $user[0]");
-            $uname = $sel2->fetch();
-            $uname = $uname[0];
-            $user[1] = stripslashes($uname);
+            if ($sel2) {
+	        $uname = $sel2->fetch();
+		$uname = $uname[0];
+		$user[1] = stripslashes($uname);
+	    }
 
             $result[] = $user;
         }
@@ -664,11 +678,16 @@
     {
         global $conn;
         $psel = $conn->query("SELECT name FROM projekte WHERE ID = $task[project]");
-        $pname = $psel->fetch();
-        $pname = stripslashes($pname[0]);
-
-        $list = $conn->query("SELECT name FROM tasklist WHERE ID = $task[liste]")->fetch();
-        $list = stripslashes($list[0]);
+        if ($psel) {
+	    $pname = $psel->fetch();
+	    $pname = stripslashes($pname[0]);
+	}
+
+        $qry = $conn->query("SELECT name FROM tasklist WHERE ID = $task[liste]");
+	if ($qry) {
+	    $list = $qry->fetch();
+	    $list = stripslashes($list[0]);
+	}
 
         if (isset($list) or isset($pname)) {
             $details = array("list" => $list, "pname" => $pname);
@@ -707,11 +726,17 @@
         global $conn;
         $id = (int) $id;
 
-        $nam = $conn->query("SELECT text,liste,title FROM tasks WHERE ID = $id")->fetch();
-        $text = stripslashes($nam[2]);
-        $list = $nam[1];
-        $project = $conn->query("SELECT project FROM tasklist WHERE ID = $list")->fetch();
-        $project = $project[0];
+        $qry = $conn->query("SELECT text,liste,title FROM tasks WHERE ID = $id");
+	if ($qry) {
+	    $nam = $qry->fetch();
+	    $text = stripslashes($nam[2]);
+	    $list = $nam[1];
+	}
+        $qry = $conn->query("SELECT project FROM tasklist WHERE ID = $list");
+	if ($qry) {
+	    $project = $qry->fetch();
+	    $project = $project[0];
+	}
         $nameproject = array($text, $project);
 
         if (!empty($nameproject)) {
Index: collabtive/include/class.timetracker.php
===================================================================
--- collabtive.orig/include/class.timetracker.php	2014-05-23 13:33:17.000000000 -0500
+++ collabtive/include/class.timetracker.php	2014-05-23 13:33:17.000000000 -0500
@@ -149,7 +149,9 @@
 
         $sel = $conn->query("SELECT * FROM timetracker WHERE ID = $id");
         $track = array();
-        $track = $sel->fetch();
+        if ($sel) {
+	    $track = $sel->fetch();
+	}
 
         if (!empty($track)) {
             if (isset($track["started"]) and isset($track["ended"])) {
@@ -209,9 +211,9 @@
             $num .= " AND ended >=$start AND ended<=$end ";
         }
 
-        if ($num) {
-            $num = $conn->query($num)->fetch();
-            $num = $num[0];
+        if ($num and $qry = $conn->query($num)) {
+	    $num = $qry->fetch();
+	    $num = $num[0];
         } else {
             $num = 0;
         }
@@ -234,7 +236,7 @@
         $ttask = new task();
 
         if (isset($sel)) {
-            while ($data = @$sel->fetch()) {
+            while ($sel and $data = @$sel->fetch()) {
                 $endstring = date("H:i", $data["ended"]);
                 $startstring = date("H:i", $data["started"]);
                 $daystring = date("d.m.y", $data["ended"]);
@@ -245,11 +247,17 @@
                     $data["tname"] = $tasks;
                 }
 
-                $pname = $conn->query("SELECT name FROM projekte WHERE ID = $data[project]")->fetch();
-                $pname = stripslashes($pname[0]);
-
-                $uname = $conn->query("SELECT name FROM user WHERE ID = $data[user]")->fetch();
-                $uname = stripslashes($uname[0]);
+                $qry = $conn->query("SELECT name FROM projekte WHERE ID = $data[project]");
+		if ($qry) {
+		    $pname = $qry->fetch();
+		    $pname = stripslashes($pname[0]);
+		}
+
+                $qry = $conn->query("SELECT name FROM user WHERE ID = $data[user]");
+		if ($qry) {
+		    $uname = $qry->fetch();
+		    $uname = stripslashes($uname[0]);
+		}
 
                 $data["endstring"] = $endstring;
                 $data["startstring"] = $startstring;
@@ -309,8 +317,9 @@
             $num .= " AND ended >=$start AND ended<=$end ";
         }
 
-        if ($num) {
-            $num = $conn->query($num)->fetch();
+        if ($num and $qry = $conn->query($num)) {
+	      $num = $qry->fetch();
+	  }
             $num = $num[0];
         } else {
             $num = 0;
@@ -335,7 +344,7 @@
         $ttask = new task();
 
         if (isset($sel)) {
-            while ($data = @$sel->fetch()) {
+	  while ($sel and $data = @$sel->fetch()) {
                 $endstring = date("H:i", $data["ended"]);
                 $startstring = date("H:i", $data["started"]);
                 $daystring = date(CL_DATEFORMAT, $data["ended"]);
@@ -346,11 +355,17 @@
                     $data["tname"] = $tasks;
                 }
 
-                $pname = $conn->query("SELECT name FROM projekte WHERE ID = $data[project]")->fetch();
-                $pname = stripslashes($pname[0]);
-
-                $uname = $conn->query("SELECT name FROM user WHERE ID = $data[user]")->fetch();
-                $uname = stripslashes($uname[0]);
+                $qry = $conn->query("SELECT name FROM projekte WHERE ID = $data[project]");
+		if ($qry) {
+		    $pname = $qry->fetch();
+		    $pname = stripslashes($pname[0]);
+		}
+
+                $qry = $conn->query("SELECT name FROM user WHERE ID = $data[user]");
+		if ($qry) {
+		    $uname = $qry->fetch();
+		    $uname = stripslashes($uname[0]);
+		}
 
                 $data["endstring"] = $endstring;
                 $data["startstring"] = $startstring;
Index: collabtive/include/class.milestone.php
===================================================================
--- collabtive.orig/include/class.milestone.php	2014-05-23 12:52:07.000000000 -0500
+++ collabtive/include/class.milestone.php	2014-05-23 13:37:47.000000000 -0500
@@ -72,9 +72,12 @@
         $updStmt = $conn->prepare("UPDATE milestones SET `name`=?, `desc`=?, `start`=?, `end`=? WHERE ID=?");
         $upd = $updStmt->execute(array($name, $desc, $start, $end, $id));
         if ($upd) {
-            $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id")->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    $qry = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone' , 2, $project);
             return true;
@@ -98,9 +101,11 @@
         $del = $conn->query("DELETE FROM milestones WHERE ID = $id");
         $del1 = $conn->query("DELETE FROM milestones_assigned WHERE milestone = $id");
         if ($del) {
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone', 3, $project);
             return true;
@@ -124,9 +129,11 @@
 
         if ($upd) {
             $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone', 4, $project);
             return true;
@@ -159,11 +166,12 @@
         }
 
         if ($upd) {
-            $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
-
+	    $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
+	    if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
             $this->mylog->add($name, 'milestone', 5, $project);
             return true;
         } else {
@@ -186,10 +194,12 @@
 
         $upd = $conn->query("INSERT INTO milestones_assigned (NULL,$user,$milestone)");
         if ($upd) {
-            $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
+	    if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone', 6, $project);
             return true;
@@ -214,9 +224,11 @@
         $upd = $conn->query("DELETE FROM milestones_assigned WHERE user = $user AND milestone = $milestone");
         if ($upd) {
             $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+            if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone', 7, $project);
             return true;
@@ -237,7 +249,9 @@
         $id = (int) $id;
 
         $sel = $conn->query("SELECT * FROM milestones WHERE ID = $id");
-        $milestone = $sel->fetch();
+	if ($sel) {
+	    $milestone = $sel->fetch();
+	}
 
         if (!empty($milestone)) {
             // Format start and end date for display
@@ -252,10 +266,12 @@
             $milestone["desc"] = stripslashes($milestone["desc"]);
             // Get the name of the project where the message was posted for display
             $psel = $conn->query("SELECT name FROM projekte WHERE ID = $milestone[project]");
-            $pname = $psel->fetch();
-            $pname = $pname[0];
-            $milestone["pname"] = $pname;
-            $milestone["pname"] = stripslashes($milestone["pname"]);
+	    if ($psel) {
+	        $pname = $psel->fetch();
+		$pname = $pname[0];
+		$milestone["pname"] = $pname;
+		$milestone["pname"] = stripslashes($milestone["pname"]);
+	    }
             // Daysleft contains a signed number, dayslate an unsigned one that only applies if the milestone is late
             $dayslate = $this->getDaysLeft($milestone["end"]);
             $milestone["daysleft"] = $dayslate;
@@ -290,7 +306,7 @@
 
         $sel = $conn->query("SELECT ID FROM milestones WHERE `status`=$status  ORDER BY `end` ASC LIMIT $lim");
 
-        while ($milestone = $sel->fetch()) {
+        while ($sel and $milestone = $sel->fetch()) {
             $themilestone = $this->getMilestone($milestone["ID"]);
             array_push($milestones, $themilestone);
         }
@@ -316,7 +332,7 @@
         $sel = $conn->query("SELECT ID FROM milestones WHERE project = $project AND status = 0 ORDER BY `end` ASC");
         $stones = array();
 
-        while ($milestone = $sel->fetch()) {
+        while ($sel and $milestone = $sel->fetch()) {
             $themilestone = $this->getMilestone($milestone["ID"]);
             array_push($stones, $themilestone);
         }
@@ -348,7 +364,7 @@
         $sql = "SELECT ID FROM milestones WHERE project = $project AND end < $now AND status = 1 ORDER BY end ASC LIMIT $lim";
 
         $sel1 = $conn->query($sql);
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             if (!empty($milestone)) {
                 $themilestone = $this->getMilestone($milestone["ID"]);
                 array_push($milestones, $themilestone);
@@ -382,7 +398,7 @@
         $sql = "SELECT ID FROM milestones WHERE project = $project  AND start > $now AND status = 1 ORDER BY end ASC LIMIT $lim";
 
         $sel1 = $conn->query($sql);
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             if (!empty($milestone)) {
                 $themilestone = $this->getMilestone($milestone["ID"]);
                 array_push($milestones, $themilestone);
@@ -415,7 +431,7 @@
         $sql = "SELECT ID FROM milestones WHERE project = $project AND status = 1 ORDER BY end ASC LIMIT $lim";
 
         $sel1 = $conn->query($sql);
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             if (!empty($milestone)) {
                 $themilestone = $this->getMilestone($milestone["ID"]);
                 array_push($milestones, $themilestone);
@@ -451,7 +467,7 @@
         }
 
         $sel1 = $conn->query($sql);
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             $themilestone = $this->getMilestone($milestone["ID"]);
             array_push($milestones, $themilestone);
         }
@@ -482,7 +498,7 @@
         $milestones = array();
 
         $sel1 = $conn->query("SELECT * FROM milestones WHERE project = $project AND end = '$now' AND status = 1 ORDER BY end ASC LIMIT $lim");
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             $themilestone = $this->getMilestone($milestone["ID"]);
             array_push($milestones, $themilestone);
         }
@@ -524,7 +540,7 @@
             $sel1 = $conn->query("SELECT * FROM milestones WHERE project =  $project AND status=1 AND end = '$starttime' ORDER BY `end` ASC");
         } else {
         	$sel1 = $conn->query("SELECT milestones.*,projekte_assigned.user,projekte.name AS pname,projekte.status AS pstatus FROM milestones,projekte_assigned,projekte WHERE milestones.project = projekte_assigned.projekt AND milestones.project = projekte.ID HAVING projekte_assigned.user = $user AND status=1 AND pstatus != 2 AND end = '$starttime'");
-        } while ($stone = $sel1->fetch()) {
+        } while ($sel1 and $stone = $sel1->fetch()) {
             $stone["daysleft"] = $this->getDaysLeft($stone["end"]);
             array_push($timeline, $stone);
         }
@@ -552,7 +568,7 @@
         $sel = $conn->query("SELECT ID FROM tasklist WHERE milestone = $milestone AND status = 1 ORDER BY ID ASC");
         $lists = array();
         if ($milestone) {
-            while ($listId = $sel->fetch()) {
+            while ($sel and $listId = $sel->fetch()) {
                 array_push($lists, $objtasklist->getTasklist($listId["ID"]));
             }
         }
@@ -571,7 +587,7 @@
 
         $sel = $conn->query("SELECT title,ID,milestone FROM messages WHERE milestone = $milestone");
         $msgs = array();
-        while ($msg = $sel->fetch()) {
+        while ($sel and $msg = $sel->fetch()) {
             array_push($msgs, $msg);
         }
         if (!empty($msgs)) {
