Author: Gunnar Wolf <gwolf@debian.org>
Forwarded: http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=12888 and https://github.com/philippK-de/Collabtive/pull/44
Last-update: 2014-09-30
Description: Makes sure a query has items before iterating over it
 If a query yields no results and we proceed to iterate over it, the
 returned object will be empty and PHP will die with an error such as
 this one:
 .
 PHP Fatal error:  Call to a member function fetch() on a non-object in /usr/share/collabtive/www/include/class.milestone.php on line 527, referer: http://localhost/collabtive/index.php
 .
 This patch ensures there are items to iterate before beginning to do so.

Index: collabtive/include/class.settings.php
===================================================================
--- collabtive.orig/include/class.settings.php
+++ collabtive/include/class.settings.php
@@ -31,7 +31,7 @@ class settings {
         $sel = $selStmt->execute(array());
 
         $settings = array();
-        while ($selSettings = $selStmt->fetch()) {
+        while ($selStmt and $selSettings = $selStmt->fetch()) {
             // Create a key/value array
             $settings[$selSettings["settingsKey"]] = $selSettings["settingsValue"];
         }
Index: collabtive/include/initfunctions.php
===================================================================
--- collabtive.orig/include/initfunctions.php
+++ collabtive/include/initfunctions.php
@@ -16,7 +16,10 @@ function chkproject($user, $project)
     global $conn;
     $user = (int) $user;
     $project = (int) $project;
-    $chk = @$conn->query("SELECT ID FROM projekte_assigned WHERE projekt = $project AND user = $user")->fetch();
+    $qry = @$conn->query("SELECT ID FROM projekte_assigned WHERE projekt = $project AND user = $user");
+    if ($qry) {
+        $chk = $qry->fetch();
+    }
 
     $chk = $chk[0];
 
Index: collabtive/managetimetracker.php
===================================================================
--- collabtive.orig/managetimetracker.php
+++ collabtive/managetimetracker.php
@@ -234,7 +234,9 @@ if ($action == "add") {
 
 	$id = (int) $id;
     $pname = $conn->query("SELECT name FROM projekte WHERE ID = $id");
-    $pname = $pname->fetchColumn();
+    if ($pname) {
+      $pname = $pname->fetchColumn();
+    }
 
     $pdf = new MYPDF("P", PDF_UNIT, "A4", true);
     $headstr = $langfile["timetable"] . " " . $pname;
@@ -297,8 +299,11 @@ if ($action == "add") {
 
     $totaltime = $tracker->getTotalTrackTime($track);
     $totaltime = str_replace(".", ",", $totaltime);
-    $uname = $conn->query("SELECT name FROM user WHERE ID = {$conn->quote($id)}")->fetch();
-    $uname = $uname[0];
+    $res = $conn->query("SELECT name FROM user WHERE ID = {$conn->quote($id)}");
+    if ($res) {
+        $uname = $res->fetch();
+	$uname = $uname[0];
+    }
 
     $pdf = new MYPDF("P", PDF_UNIT, "A4", true);
     $pdf->setup($langfile["timetable"] . " " . $uname, array(239, 232, 229));
Index: collabtive/include/class.search.php
===================================================================
--- collabtive.orig/include/class.search.php
+++ collabtive/include/class.search.php
@@ -61,7 +61,7 @@ class search {
         $selStmt->execute(array("%{$query}%", "%{$query}%", $query));
 
         $projects = array();
-        while ($result = $selStmt->fetch()) {
+        while ($selStmt and $result = $selStmt->fetch()) {
             if (!empty($result)) {
                 $result["type"] = "project";
                 $result["icon"] = "projects.png";
@@ -93,12 +93,15 @@ class search {
         }
 
         $milestones = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		    $result["pname"] = $project;
+		}
 
-                $result["pname"] = $project;
                 $result["type"] = "milestone";
                 $result["icon"] = "miles.png";
                 $result["name"] = stripslashes($result["name"]);
@@ -129,12 +132,15 @@ class search {
         }
 
         $messages = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		    $result["pname"] = $project;
+		}
 
-                $result["pname"] = $project;
                 $result["type"] = "message";
                 $result["icon"] = "msgs.png";
                 $result["title"] = stripslashes($result["title"]);
@@ -168,12 +174,15 @@ class search {
         }
 
         $tasks = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		    $result["pname"] = $project;
+		}
 
-                $result["pname"] = $project;
                 $result["type"] = "task";
                 $result["icon"] = "task.png";
                 $result["title"] = stripslashes($result["title"]);
@@ -204,12 +213,15 @@ class search {
         }
 
         $files = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		    $result["pname"] = $project;
+		}
 
-                $result["pname"] = $project;
                 $result["ftype"] = str_replace("/", "-", $result["type"]);
                 $set = new settings();
                 $settings = $set->getSettings();
@@ -249,7 +261,7 @@ class search {
         $sel = $conn->query("SELECT `ID`,`email`,`name`,`avatar`,`lastlogin`, `gender` FROM user WHERE name LIKE " . $conn->quote("%{$query}%"));
 
         $user = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
                 $result["type"] = "user";
                 $result["name"] = stripslashes($result["name"]);
Index: collabtive/include/class.mylog.php
===================================================================
--- collabtive.orig/include/class.mylog.php
+++ collabtive/include/class.mylog.php
@@ -82,7 +82,9 @@ class mylog {
         $lim = (int) $lim;
 
         $sel = $conn->query("SELECT COUNT(*) FROM log WHERE project = $project ");
-        $num = $sel->fetch();
+        if ($sel) {
+	    $num = $sel->fetch();
+	}
         $num = $num[0];
         if ($num > 200) {
             $num = 200;
@@ -98,13 +100,15 @@ class mylog {
         $sel2 = $conn->query($sql);
 
         $mylog = array();
-        while ($log = $sel2->fetch()) {
+        while ($sel2 and $log = $sel2->fetch()) {
             if (!empty($log)) {
                 $sel3 = $conn->query("SELECT name FROM projekte WHERE ID = $log[project]");
-                $proname = $sel3->fetch();
-                $proname = $proname[0];
-                $log["proname"] = $proname;
-                $log["proname"] = stripslashes($log["proname"]);
+		if ($sel3) {
+		    $proname = $sel3->fetch();
+		    $proname = $proname[0];
+		    $log["proname"] = $proname;
+		    $log["proname"] = stripslashes($log["proname"]);
+		}
                 $log["username"] = stripslashes($log["username"]);
                 $log["name"] = stripslashes($log["name"]);
                 array_push($mylog, $log);
@@ -134,7 +138,7 @@ class mylog {
         $sel = $conn->query("SELECT * FROM log WHERE user = $user ORDER BY ID DESC LIMIT $limit");
 
         $mylog = array();
-        while ($log = $sel->fetch()) {
+        while ($sel and $log = $sel->fetch()) {
             $log["username"] = stripslashes($log["username"]);
             $log["name"] = stripslashes($log["name"]);
             array_push($mylog, $log);
@@ -162,7 +166,7 @@ class mylog {
         $mylog = array();
         $sel3 = $conn->query("SELECT projekt FROM projekte_assigned WHERE user = $userid");
         $prstring = "";
-        while ($upro = $sel3->fetch()) {
+        while ($sel3 and $upro = $sel3->fetch()) {
             $projekt = $upro[0];
             $prstring .= $projekt . ",";
         }
@@ -172,12 +176,14 @@ class mylog {
         if ($prstring) {
             $sel = $conn->query("SELECT * FROM log  WHERE project IN($prstring) OR project = 0 ORDER BY ID DESC LIMIT $limit");
 
-            while ($log = $sel->fetch()) {
+            while ($sel and $log = $sel->fetch()) {
                 $sel2 = $conn->query("SELECT name FROM projekte WHERE ID = $log[project]");
-                $proname = $sel2->fetch();
-                $proname = $proname[0];
-                $log["proname"] = $proname;
-                $log["proname"] = stripslashes($log["proname"]);
+                if ($sel2) {
+		    $proname = $sel2->fetch();
+		    $proname = $proname[0];
+		    $log["proname"] = $proname;
+		    $log["proname"] = stripslashes($log["proname"]);
+		}
                 $log["username"] = stripslashes($log["username"]);
                 $log["name"] = stripslashes($log["name"]);
                 array_push($mylog, $log);
Index: collabtive/include/class.tasklist.php
===================================================================
--- collabtive.orig/include/class.tasklist.php
+++ collabtive/include/class.tasklist.php
@@ -64,8 +64,11 @@ class tasklist {
         $updStmt = $conn->prepare("UPDATE tasklist SET `name` = ?, `desc` = ?, `milestone` = ? WHERE ID = ?");
         $upd = $updStmt->execute(array($name, $desc, $milestone, $id));
         if ($upd) {
-            $proj = $conn->query("SELECT project FROM tasklist WHERE ID = $id")->fetch();
-            $proj = $proj[0];
+  	    $qry = $conn->query("SELECT project FROM tasklist WHERE ID = $id");
+	    if ($qry) {
+	        $proj = $qry->fetch();
+		$proj = $proj[0];
+	    }
 
             $this->mylog->add($name, 'tasklist', 2, $proj);
             return true;
@@ -101,9 +104,11 @@ class tasklist {
                     $taskobj->del($task["ID"]);
                 }
             }
-            $sel1 = $sel->fetch();
-            $proj = $sel1[0];
-            $name = $sel1[1];
+            if ($sel) {
+	        $sel1 = $sel->fetch();
+		$proj = $sel1[0];
+		$name = $sel1[1];
+	    }
             $this->mylog->add($name, 'tasklist', 3, $proj);
             return true;
         } else {
@@ -125,9 +130,12 @@ class tasklist {
         $upd = $conn->query("UPDATE tasklist SET status = 1 WHERE ID = $id");
 
         if ($upd) {
-            $nam = $conn->query("SELECT project, name FROM tasklist WHERE ID = $id")->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    $qry = $conn->query("SELECT project, name FROM tasklist WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'tasklist', 4, $project);
             return true;
@@ -153,9 +161,15 @@ class tasklist {
 
         if ($closeMilestones) {
             // Close assigned milestone too, if no other open tasklists are assigned to it
-            $milestone = $conn->query("SELECT milestone FROM tasklist WHERE ID = $id")->fetch();
+	    $qry = $conn->query("SELECT milestone FROM tasklist WHERE ID = $id");
+	    if ($qry) {
+	        $milestone = $qry->fetch();
+	    }
             if ($milestone[0] > 0) {
-                $cou = $conn->query("SELECT count(*) FROM tasklist WHERE milestone = $milestone[0] AND status = 1")->fetch();
+	        $qry = $conn->query("SELECT count(*) FROM tasklist WHERE milestone = $milestone[0] AND status = 1");
+		if ($qry) {
+		    $cou = $qry->fetch();
+		}
 
                 if ($cou[0] == 0) {
                     $miles = new milestone();
@@ -173,9 +187,12 @@ class tasklist {
         }
         // Log entry
         if ($upd) {
-            $nam = $conn->query("SELECT project, name FROM tasklist WHERE ID = $id")->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    $qry = $conn->query("SELECT project, name FROM tasklist WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'tasklist', 5, $project);
             return true;
@@ -202,16 +219,16 @@ class tasklist {
         $tasklists = array();
 
         $taskobj = new task();
-        while ($list = $sel->fetch()) {
+        while ($sel and $list = $sel->fetch()) {
             $sel2 = $conn->query("SELECT ID FROM tasks WHERE liste = $list[ID] AND status=1 ORDER BY `end`,`title` ASC");
             $list['tasks'] = array();
-            while ($tasks = $sel2->fetch()) {
+            while ($sel2 and $tasks = $sel2->fetch()) {
                 array_push($list['tasks'], $taskobj->getTask($tasks["ID"]));
             }
 
             $sel3 = $conn->query("SELECT ID FROM tasks WHERE liste = $list[ID] AND status=0 ORDER BY `end` ASC");
             $list['oldtasks'] = array();
-            while ($oldtasks = $sel3->fetch()) {
+            while ($sel3 and $oldtasks = $sel3->fetch()) {
                 array_push($list['oldtasks'], $taskobj->getTask($oldtasks["ID"]));
             }
 
@@ -236,9 +253,11 @@ class tasklist {
         global $conn;
 
         $selStmt = $conn->prepare("SELECT * FROM `tasklist` WHERE ID = ?");
-        $sel = $selStmt->execute(array($id));
-        // $sel = $conn->query("SELECT * FROM tasklist WHERE ID = $id");
-        $tasklist = $selStmt->fetch();
+        if ($selStmt) {
+	    $sel = $selStmt->execute(array($id));
+	    // $sel = $conn->query("SELECT * FROM tasklist WHERE ID = $id");
+	    $tasklist = $selStmt->fetch();
+	}
 
         if (!empty($tasklist)) {
             $startstring = date(CL_DATEFORMAT, $tasklist["start"]);
@@ -270,7 +289,7 @@ class tasklist {
 
         $sel = $conn->query("SELECT ID FROM tasks WHERE `liste` = $id AND `status` = $status ORDER BY `end`,`title` ASC");
         $tasks = array();
-        while ($task = $sel->fetch()) {
+        while ($sel and $task = $sel->fetch()) {
             array_push($tasks, $taskobj->getTask($task["ID"]));
         }
 
Index: collabtive/include/class.tags.php
===================================================================
--- collabtive.orig/include/class.tags.php
+++ collabtive/include/class.tags.php
@@ -118,13 +118,13 @@ class tags {
         $tags1 = array();
         $worktags = "";
 
-        while ($dat = $sel1->fetch()) {
+        while ($sel1 and $dat = $sel1->fetch()) {
             $tag = $dat[0];
             $tag = ucfirst($tag);
             if ($tag != "" and $tag != ",") {
                 $worktags .= $tag . ",";
             }
-        } while ($dat = $sel2->fetch()) {
+        } while ($sel2 and $dat = $sel2->fetch()) {
             $tag = $dat[0];
             $tag = ucfirst($tag);
             if ($tag != "" and $tag != ",") {
@@ -170,10 +170,13 @@ class tags {
         }
 
         $files = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+  	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		}
 
                 $result["pname"] = $project;
                 $result["ftype"] = str_replace("/", "-", $result["type"]);
@@ -223,10 +226,13 @@ class tags {
         }
 
         $messages = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
-                $project = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]")->fetch();
-                $project = $project[0];
+	        $qry = $conn->query("SELECT name FROM projekte WHERE ID = $result[project]");
+		if ($qry) {
+		    $project = $qry->fetch();
+		    $project = $project[0];
+		}
 
                 $result["pname"] = $project;
                 $result["type"] = "message";
@@ -259,7 +265,7 @@ class tags {
         $sel = $conn->query("SELECT `ID`,`email`,`name`,`avatar`,`lastlogin`,`tags`, `gender` FROM user WHERE tags LIKE " . $conn->quote("%{$query}%"));
 
         $user = array();
-        while ($result = $sel->fetch()) {
+        while ($sel and $result = $sel->fetch()) {
             if (!empty($result)) {
                 $result["type"] = "user";
                 $result["name"] = stripslashes($result["name"]);
Index: collabtive/include/class.user.php
===================================================================
--- collabtive.orig/include/class.user.php
+++ collabtive/include/class.user.php
@@ -102,7 +102,10 @@ class user {
     {
         global $conn;
 
-        $user = $conn->query("SELECT ID, email, locale FROM user WHERE email={$conn->quote($email)} LIMIT 1")->fetch();
+        $qry = $conn->query("SELECT ID, email, locale FROM user WHERE email={$conn->quote($email)} LIMIT 1");
+	if ($qry) {
+	    $user = $qry->fetch();
+	}
 
         if ($user["email"] == $email) {
             $id = $user["ID"];
@@ -153,9 +156,12 @@ class user {
         $newpass = sha1($newpass);
 
         $oldpass = sha1($oldpass);
-        $chk = $conn->query("SELECT ID, name FROM user WHERE ID = $id AND pass = {$conn->quote($oldpass)}")->fetch();
-        $chk = $chk[0];
-        $name = $chk[1];
+        $qry = $conn->query("SELECT ID, name FROM user WHERE ID = $id AND pass = {$conn->quote($oldpass)}");
+	if ($qry) {
+	    $chk = $qry->fetch();
+	    $chk = $chk[0];
+	    $name = $chk[1];
+	}
         if (!$chk) {
             return false;
         }
@@ -205,8 +211,11 @@ class user {
         global $conn;
         $id = (int) $id;
 
-        $chk = $conn->query("SELECT name FROM user WHERE ID = $id")->fetch();
-        $name = $chk[0];
+        $qry = $conn->query("SELECT name FROM user WHERE ID = $id");
+	if ($qry) {
+	    $chk = $qry->fetch();
+	    $name = $chk[0];
+	}
 
         $del = $conn->query("DELETE FROM user WHERE ID = $id");
         $del2 = $conn->query("DELETE FROM projekte_assigned WHERE user = $id");
@@ -235,7 +244,9 @@ class user {
         $id = (int) $id;
 
         $sel = $conn->query("SELECT * FROM user WHERE ID = $id");
-        $profile = $sel->fetch();
+        if ($sel) {
+	    $profile = $sel->fetch();
+	}
         if (!empty($profile)) {
             $profile["name"] = stripslashes($profile["name"]);
             if (isset($profile["company"])) {
@@ -276,8 +287,10 @@ class user {
         $id = (int) $id;
         global $conn;
         $sel = $conn->query("SELECT avatar FROM user WHERE ID = $id");
-        $profile = $sel->fetch();
-        $profile = $profile[0];
+	if ($sel) {
+	    $profile = $sel->fetch();
+	    $profile = $profile[0];
+	}
 
         if (!empty($profile)) {
             return $profile;
@@ -304,7 +317,9 @@ class user {
         $pass = sha1($pass);
 
         $sel1 = $conn->query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE (name = $user OR email = $user) AND pass = '$pass'");
-        $chk = $sel1->fetch();
+	if ($sel1) {
+  	    $chk = $sel1->fetch();
+	}
         if ($chk["ID"] != "") {
             $rolesobj = new roles();
             $now = time();
@@ -351,12 +366,14 @@ class user {
                 $identity = $openid->data['openid_identity'];
 
                 $sel1 = $conn->query("SELECT ID from openids WHERE identity='$identity'");
-                if ($row = $sel1->fetch()) {
+                if ($sel1 and $row = $sel1->fetch()) {
                     $id = $row['ID'];
                 } else return false;
                 // die("SELECT ID,name,locale,lastlogin,gender FROM user WHERE ID=$id");
                 $sel1 = $conn->query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE ID=$id");
-                $chk = $sel1->fetch();
+		if ($sel1) {
+		    $chk = $sel1->fetch();
+		}
                 if ($chk["ID"] != "") {
                     $rolesobj = new roles();
                     $now = time();
@@ -412,8 +429,11 @@ class user {
 
         $lim = (int) $lim;
 
-        $num = $conn->query("SELECT COUNT(*) FROM `user`")->fetch();
-        $num = $num[0];
+        $qry = $conn->query("SELECT COUNT(*) FROM `user`");
+	if ($qry) {
+	    $num = $qry->fetch();
+	    $num = $num[0];
+	}
         SmartyPaginate::connect();
         // set items per page
         SmartyPaginate::setLimit($lim);
@@ -425,7 +445,7 @@ class user {
         $sel2 = $conn->query("SELECT ID FROM `user` ORDER BY ID DESC LIMIT $start,$lim");
 
         $users = array();
-        while ($user = $sel2->fetch()) {
+        while ($sel2 and $user = $sel2->fetch()) {
             array_push($users, $this->getProfile($user["ID"]));
         }
 
@@ -454,7 +474,7 @@ class user {
 
         $users = array();
 
-        while ($user = $sel->fetch()) {
+        while ($sel and $user = $sel->fetch()) {
             $user["name"] = stripslashes($user["name"]);
             $user["company"] = stripslashes($user["company"]);
             $user["adress"] = stripslashes($user["adress"]);
@@ -489,7 +509,9 @@ class user {
         $now = $time - $offset;
 
         $sel = $conn->query("SELECT ID FROM user WHERE lastlogin >= $now AND ID = $user");
-        $user = $sel->fetch();
+        if ($sel) {
+	    $user = $sel->fetch();
+	}
 
         if (!empty($user)) {
             return true;
@@ -509,8 +531,10 @@ class user {
         global $conn;
 
         $sel = $conn->query("SELECT ID FROM user WHERE name = {$conn->quote($user)}");
-        $id = $sel->fetch();
-        $id = $id[0];
+	if ($sel) {
+  	    $id = $sel->fetch();
+	    $id = $id[0];
+	}
 
         $theid = array();
 
Index: collabtive/include/class.roles.php
===================================================================
--- collabtive.orig/include/class.roles.php
+++ collabtive/include/class.roles.php
@@ -130,8 +130,11 @@ class roles {
         $role = (int) $role;
         $user = (int) $user;
         // get the number of roles already assigned to $user
-        $chk = $conn->query("SELECT COUNT(*) FROM roles_assigned WHERE user = $user")->fetch();
-        $chk = $chk[0];
+        $qry = $conn->query("SELECT COUNT(*) FROM roles_assigned WHERE user = $user");
+	if ($qry) {
+	    $chk = $qry->fetch();
+	    $chk = $chk[0];
+	}
         // If there already is a role assigned to the user, just update this entry
         // Otherwise create a new entry
         if ($chk > 0) {
@@ -185,7 +188,7 @@ class roles {
             $sel = $conn->query("SELECT ID FROM roles ORDER BY ID DESC");
         } else {
             $sel = $conn->query("SELECT ID FROM roles ORDER BY ID DESC LIMIT $limit");
-        } while ($role = $sel->fetch()) {
+        } while ($sel and $role = $sel->fetch()) {
             /**
              * $role["projects"] = unserialize($role["projects"]);
              * $role["tasks"] = unserialize($role["tasks"]);
@@ -232,8 +235,11 @@ class roles {
         global $conn;
         $user = (int) $user;
 
-        $usr = $conn->query("SELECT role FROM roles_assigned WHERE user = $user")->fetch();
-        $usr = $usr[0];
+        $qry = $conn->query("SELECT role FROM roles_assigned WHERE user = $user");
+	if ($qry) {
+	    $usr = $qry->fetch();
+	    $usr = $usr[0];
+	}
         if ($usr) {
             $role = $this->getRole($usr);
         } else {
@@ -293,7 +299,9 @@ class roles {
         $role = (int) $role;
         // Get the serialized strings from the db
         $sel2 = $conn->query("SELECT * FROM roles WHERE ID = $role");
-        $therole = $sel2->fetch();
+	if ($sel2) {
+	    $therole = $sel2->fetch();
+	}
         // Unserialize to an array
         $therole["projects"] = unserialize($therole["projects"]);
         $therole["tasks"] = unserialize($therole["tasks"]);
Index: collabtive/include/class.project.php
===================================================================
--- collabtive.orig/include/class.project.php
+++ collabtive/include/class.project.php
@@ -149,8 +149,11 @@ class project {
 
         $upd = $conn->query("UPDATE projekte SET status=1 WHERE ID = $id");
         if ($upd) {
-            $nam = $conn->query("SELECT name FROM projekte WHERE ID = $id")->fetch();
-            $nam = $nam[0];
+	    $qry = $conn->query("SELECT name FROM projekte WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$nam = $nam[0];
+	    }
             $this->mylog->add($nam, 'projekt', 4, $id);
             return true;
         } else {
@@ -195,8 +198,11 @@ class project {
 
         $upd = $conn->query("UPDATE projekte SET status=0 WHERE ID = $id");
         if ($upd) {
-            $nam = $conn->query("SELECT name FROM projekte WHERE ID = $id")->fetch();
-            $nam = $nam[0];
+	    $qry = $conn->query("SELECT name FROM projekte WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$nam = $nam[0];
+	    }
             $this->mylog->add($nam, 'projekt', 5, $id);
             return true;
         } else {
@@ -292,10 +298,10 @@ class project {
         $id = (int) $id;
 
         $sel = $conn->prepare("SELECT * FROM projekte WHERE ID = ?");
-        $selStmt = $sel->execute(array($id));
-
-        $project = $sel->fetch();
-
+	if ($sel) {
+	    $selStmt = $sel->execute(array($id));
+	    $project = $sel->fetch();
+	}
         if (!empty($project)) {
             if ($project["end"]) {
                 $daysleft = $this->getDaysLeft($project["end"]);
@@ -341,7 +347,7 @@ class project {
         $sel = $conn->prepare("SELECT `ID` FROM projekte WHERE `status`= ? ORDER BY `end` ASC LIMIT $lim");
         $selStmt = $sel->execute(array($status));
 
-        while ($projekt = $sel->fetch()) {
+        while ($sel and $projekt = $sel->fetch()) {
             $project = $this->getProject($projekt["ID"]);
             array_push($projekte, $project);
         }
@@ -370,8 +376,11 @@ class project {
         $sel = $conn->prepare("SELECT projekt FROM projekte_assigned WHERE user = ? ORDER BY ID ASC");
         $selStmt = $sel->execute(array($user));
 
-        while ($projs = $sel->fetch()) {
-            $projekt = $conn->query("SELECT ID FROM projekte WHERE ID = " . $projs[0] . " AND status={$conn->quote((int) $status)}")->fetch();
+        while ($sel and $projs = $sel->fetch()) {
+	    $qry = $conn->query("SELECT ID FROM projekte WHERE ID = " . $projs[0] . " AND status={$conn->quote((int) $status)}");
+	    if ($qry) {
+	        $projekt = $qry->fetch();
+	    }
             if ($projekt) {
                 $project = $this->getProject($projekt["ID"]);
                 array_push($myprojekte, $project);
@@ -407,9 +416,11 @@ class project {
         $selStmt = $sel->execute(array($user));
 
         if ($sel) {
-            while ($projs = $sel->fetch()) {
+            while ($sel and $projs = $sel->fetch()) {
                 $sel2 = $conn->query("SELECT ID FROM projekte WHERE ID = " . $projs[0]);
-                $projekt = $sel2->fetch();
+                if ($sel2) {
+		    $projekt = $sel2->fetch();
+		}
                 if ($projekt) {
                     array_push($myprojekte, $projekt);
                 }
@@ -440,8 +451,11 @@ class project {
         $members = array();
 
         if ($paginate) {
-            $num = $conn->query("SELECT COUNT(*) FROM projekte_assigned WHERE projekt = $project")->fetch();
-            $num = $num[0];
+	    $qry = $conn->query("SELECT COUNT(*) FROM projekte_assigned WHERE projekt = $project");
+	    if ($qry) {
+	        $num = $qry->fetch();
+		$num = $num[0];
+	    }
             $lim = (int)$lim;
             SmartyPaginate::connect();
             // set items per page
@@ -456,7 +470,7 @@ class project {
         $sel1 = $conn->query("SELECT user FROM projekte_assigned WHERE projekt = $project LIMIT $start,$lim");
 
         $usr = new user();
-        while ($user = $sel1->fetch()) {
+        while ($sel1 and $user = $sel1->fetch()) {
             $theuser = $usr->getProfile($user[0]);
             array_push($members, $theuser);
         }
@@ -478,7 +492,10 @@ class project {
     {
         global $conn;
         $project = (int) $project;
-        $num = $conn->query("SELECT COUNT(*) FROM projekte_assigned WHERE projekt = $project")->fetch();
+        $qry = $conn->query("SELECT COUNT(*) FROM projekte_assigned WHERE projekt = $project");
+	if ($qry) {
+	    $num = $qry->fetch();
+	}
         return $num[0];
     }
 
@@ -493,11 +510,17 @@ class project {
         global $conn;
         $project = (int) $project;
 
-        $otasks = $conn->query("SELECT COUNT(*) FROM tasks WHERE project = $project AND status = 1")->fetch();
-        $otasks = $otasks[0];
-
-        $clotasks = $conn->query("SELECT COUNT(*) FROM tasks WHERE project = $project AND status = 0")->fetch();
-        $clotasks = $clotasks[0];
+        $qry = $conn->query("SELECT COUNT(*) FROM tasks WHERE project = $project AND status = 1");
+	if ($qry) {
+	    $otasks = $qry->fetch();
+	    $otasks = $otasks[0];
+	}
+
+        $qry = $conn->query("SELECT COUNT(*) FROM tasks WHERE project = $project AND status = 0");
+	if ($qry) {
+	    $clotasks = $qry->fetch();
+	    $clotasks = $clotasks[0];
+	}
 
         $totaltasks = $otasks + $clotasks;
         if ($totaltasks > 0 and $clotasks > 0) {
@@ -524,7 +547,7 @@ class project {
         $selStmt = $sel->execute(array($project));
 
         $folders = array();
-        while ($folder = $sel->fetch()) {
+        while ($sel and $folder = $sel->fetch()) {
             array_push($folders, $folder);
         }
 
Index: collabtive/include/class.company.php
===================================================================
--- collabtive.orig/include/class.company.php
+++ collabtive/include/class.company.php
@@ -146,9 +146,11 @@ class company {
         $id = (int) $id;
 
         $sel = $conn->prepare("SELECT * FROM company WHERE ID = ?");
-        $selStmt = $sel->execute(array($id));
+        if ($sel) {
+	    $selStmt = $sel->execute(array($id));
 
-        $company = $sel->fetch();
+	    $company = $sel->fetch();
+	}
 
         if (!empty($company)) {
             return $company;
@@ -188,9 +190,11 @@ class company {
         $lim = (int) $lim;
 
         $sel = $conn->prepare("SELECT * FROM company ORDER BY `company` ASC LIMIT $lim");
-        $selStmt = $sel->execute();
+	if ($sel) {
+	    $selStmt = $sel->execute();
 
-        $companies = $sel->fetchAll();
+	    $companies = $sel->fetchAll();
+	}
 
         if (!empty($companies)) {
             return $companies;
@@ -211,7 +215,7 @@ class company {
         $sel = $conn->query("SELECT * FROM company");
         $companies = array();
 
-        while ($company = $sel->fetch()) {
+        while ($sel and $company = $sel->fetch()) {
             array_push($companies, $company);
         }
 
@@ -240,7 +244,7 @@ class company {
         $userobj = (object) new user();
         $company = $this->getProfile($member[1]);
 
-        while ($member = $sel->fetch()) {
+        while ($sel and $member = $sel->fetch()) {
             $user = $userobj->getProfile($member[0]);
             array_push($staff, $user);
         }
Index: collabtive/include/class.datei.php
===================================================================
--- collabtive.orig/include/class.datei.php
+++ collabtive/include/class.datei.php
@@ -138,13 +138,16 @@ class datei {
 
         $id = (int) $id;
 
-        $folder = $conn->query("SELECT * FROM projectfolders WHERE ID = $id LIMIT 1")->fetch();
+        $qry = $conn->query("SELECT * FROM projectfolders WHERE ID = $id LIMIT 1");
+	if ($qry) {
+ 	    $folder = $qry->fetch();
 		if(!$folder)
 		{
 			return false;
 		}
-        $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
-        $folder["abspath"] = $this->getAbsolutePathName($folder);
+		$folder["subfolders"] = $this->getSubFolders($folder["ID"]);
+		$folder["abspath"] = $this->getAbsolutePathName($folder);
+	}
 
         return $folder;
     }
@@ -165,7 +168,7 @@ class datei {
 
         $folders = array();
 
-        while ($folder = $sel->fetch()) {
+        while ($sel and $folder = $sel->fetch()) {
             $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
             $folder["abspath"] = $this->getAbsolutePathName($folder);
 
@@ -196,7 +199,7 @@ class datei {
 
         $folders = array();
 
-        while ($folder = $sel->fetch()) {
+        while ($sel and $folder = $sel->fetch()) {
             $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
             $folder["abspath"] = $this->getAbsolutePathName($folder);
 
@@ -226,7 +229,7 @@ class datei {
 
         $folders = array();
 
-        while ($folder = $sel->fetch()) {
+        while ($sel and $folder = $sel->fetch()) {
             $folder["subfolders"] = $this->getSubFolders($folder["ID"]);
             $folder["abspath"] = $this->getAbsolutePathName($folder);
 
@@ -254,8 +257,9 @@ class datei {
             return "/" . $folder['name'];
         } else {
             $sel = $conn->query("SELECT * FROM projectfolders WHERE ID = " . $folder['parent']);
-            $parent = $sel->fetch();
-
+	    if ($sel) {
+  	        $parent = $sel->fetch();
+	    }
             return $this->getAbsolutePathName($parent) . "/" . $folder['name'];
         }
     }
@@ -486,9 +490,11 @@ class datei {
         $id = (int) $id;
 
         // Get project for logging
-        $proj = $conn->query("SELECT project FROM files WHERE ID = $id")->fetch();
-
-        $project = $proj[0];
+        $qry = $conn->query("SELECT project FROM files WHERE ID = $id");
+	if ($qry) {
+	    $project = $qry->fetch();
+	    $project = $proj[0];
+	}
 
         $sql = $conn->prepare("UPDATE files SET `title` = ?, `desc` = ?, `tags` = ? WHERE id = ?");
         $upd = $sql->execute(array($title, $desc, $tags, $id));
@@ -512,7 +518,10 @@ class datei {
         global $conn;
         $datei = (int) $datei;
 
-        $thisfile = $conn->query("SELECT datei, name, project, title FROM files WHERE ID = $datei")->fetch();
+        $qry = $conn->query("SELECT datei, name, project, title FROM files WHERE ID = $datei");
+	if ($qry) {
+  	    $thisfile = $qry->fetch();
+	}
 
         if (!empty($thisfile)) {
             $fname = $thisfile[1];
@@ -562,8 +571,10 @@ class datei {
         $id = (int) $id;
 
         // Get the file from the database
-        $file = $conn->query("SELECT * FROM files WHERE ID=$id")->fetch();
-
+        $qry = $conn->query("SELECT * FROM files WHERE ID=$id");
+	if ($qry) {
+	    $file = $qry->fetch();
+	}
         if (!empty($file)) {
             // Determine if there is a MIME-type icon corresponding to the file's MIME-type. If not, set 'none'
             $file['type'] = str_replace("/", "-", $file["type"]);
@@ -664,8 +675,10 @@ class datei {
         } else {
             $sel = $conn->query("SELECT COUNT(*) FROM files WHERE project = $id AND folder = 0 ORDER BY ID DESC");
         }
-        $num = $sel->fetch();
-        $num = $num[0];
+        if ($sel) {
+	    $num = $sel->fetch();
+	    $num = $num[0];
+	}
 
         // Set items per page
         SmartyPaginate::connect();
@@ -681,7 +694,7 @@ class datei {
             $sel2 = $conn->query($sql);
         } else {
             $sel2 = $conn->query("SELECT ID FROM files WHERE project = $id AND folder = 0 ORDER BY  ID DESC LIMIT $start,$lim");
-        } while ($file = $sel2->fetch()) {
+        } while ($sel2 and $file = $sel2->fetch()) {
             if (!empty($file)) {
                 array_push($files, $this->getFile($file["ID"]));
             }
@@ -710,7 +723,7 @@ class datei {
 
         $sel2 = $conn->query("SELECT ID FROM files WHERE project = $id  ORDER BY  ID DESC");
 
-        while ($file = $sel2->fetch()) {
+        while ($sel2 and $file = $sel2->fetch()) {
             if (!empty($file)) {
                 array_push($files, $this->getFile($file["ID"]));
             }
Index: collabtive/include/class.message.php
===================================================================
--- collabtive.orig/include/class.message.php
+++ collabtive/include/class.message.php
@@ -68,8 +68,11 @@ class message {
         $upd = $updStmt->execute(array($title, $text, (int) $id));
 
         if ($upd) {
-            $proj = $conn->query("SELECT project FROM messages WHERE ID = $id")->fetch();
-            $proj = $proj[0];
+	    $qry = $conn->query("SELECT project FROM messages WHERE ID = $id");
+	    if ($qry) {
+	        $proj = $qry->fetch();
+		$proj = $proj[0];
+	    }
             $this->mylog->add($title, 'message', 2, $proj);
             return true;
         } else {
@@ -88,7 +91,10 @@ class message {
         global $conn;
         $id = (int) $id;
 
-        $msg = $conn->query("SELECT title,project FROM messages WHERE ID = $id")->fetch();
+        $qry = $conn->query("SELECT title,project FROM messages WHERE ID = $id");
+	if ($qry) {
+	    $msg = $qry->fetch();
+	}
 
         $del = $conn->query("DELETE FROM messages WHERE ID = $id LIMIT 1");
         $del2 = $conn->query("DELETE FROM messages WHERE replyto = $id");
@@ -112,23 +118,34 @@ class message {
         global $conn;
         $id = (int) $id;
 
-        $message = $conn->query("SELECT * FROM messages WHERE ID = $id LIMIT 1")->fetch();
-
+        $qry = $conn->query("SELECT * FROM messages WHERE ID = $id LIMIT 1");
+	if ($qry) {
+	    $message = $qry->fetch();
+	}
 
         $milesobj = new milestone();
         if (!empty($message)) {
-            $replies = $conn->query("SELECT COUNT(*) FROM messages WHERE replyto = $id")->fetch();
-            $replies = $replies[0];
+	    $qry = $conn->query("SELECT COUNT(*) FROM messages WHERE replyto = $id");
+	    if ($qry) {
+	        $replies = $qry->fetch();
+		$replies = $replies[0];
+	    }
 
             $user = new user();
             $avatar = $user->getAvatar($message["user"]);
 
-            $ds = $conn->query("SELECT gender FROM user WHERE ID = $message[user]")->fetch();
-            $gender = $ds[0];
-            $message["gender"] = $gender;
-
-            $project = $conn->query("SELECT name FROM projekte WHERE ID = $message[project]")->fetch();
-            $message["pname"] = $project[0];
+	    $qry = $conn->query("SELECT gender FROM user WHERE ID = $message[user]");
+	    if ($qry) {
+	        $ds = $qry->fetch();
+		$gender = $ds[0];
+		$message["gender"] = $gender;
+	    }
+
+            $qry = $conn->query("SELECT name FROM projekte WHERE ID = $message[project]");
+	    if ($qry) {
+	        $project = $qry->fetch();
+		$message["pname"] = $project[0];
+	    }
             $posted = date(CL_DATEFORMAT . " - H:i", $message["posted"]);
             $message["postdate"] = $posted;
             $message["endstring"] = $posted;
@@ -170,7 +187,7 @@ class message {
 
         $milesobj = new milestone();
         $user = new user();
-        while ($reply = $sel->fetch()) {
+        while ($sel and $reply = $sel->fetch()) {
             if (!empty($reply)) {
                 $thereply = $this->getMessage($reply["ID"]);
                 array_push($replies, $thereply);
@@ -198,7 +215,7 @@ class message {
         $sel3 = $conn->query("SELECT projekt FROM projekte_assigned WHERE user = $userid");
         // Assemble a string of project IDs the user belongs to for IN() query.
         $prstring = "";
-        while ($upro = $sel3->fetch()) {
+        while ($sel3 and $upro = $sel3->fetch()) {
             $projekt = $upro[0];
             $prstring .= $projekt . ",";
         }
@@ -209,7 +226,7 @@ class message {
             $messages = array();
 
             $milesobj = new milestone();
-            while ($message = $sel1->fetch()) {
+            while ($sel1 and $message = $sel1->fetch()) {
                 $themessage = $this->getMessage($message["ID"]);
                 array_push($messages, $themessage);
             }
@@ -237,7 +254,7 @@ class message {
 
         $milesobj = new milestone();
 
-        while ($message = $sel1->fetch()) {
+        while ($sel1 and $message = $sel1->fetch()) {
             $themessage = $this->getMessage($message["ID"]);
             array_push($messages, $themessage);
         }
@@ -299,11 +316,13 @@ class message {
 
         $files = array();
         $sel = $conn->query("SELECT file FROM files_attached WHERE message = $msg");
-        while ($file = $sel->fetch()) {
+        while ($sel and $file = $sel->fetch()) {
             $sel2 = $conn->query("SELECT * FROM files WHERE ID = $file[0]");
-            $thisfile = $sel2->fetch();
-            $thisfile["type"] = str_replace("/", "-", $thisfile["type"]);
-
+	    $thisfile = array();
+	    if ($sel2) {
+	        $thisfile = $sel2->fetch();
+		$thisfile["type"] = str_replace("/", "-", $thisfile["type"]);
+	    }
             $set = new settings();
             $settings = $set->getSettings();
         	// Construct the path to the MIME-type icon
Index: collabtive/include/class.task.php
===================================================================
--- collabtive.orig/include/class.task.php
+++ collabtive/include/class.task.php
@@ -221,7 +221,10 @@ class task {
         global $conn;
         $id = (int) $id;
 
-        $task = $conn->query("SELECT * FROM tasks WHERE ID = $id")->fetch();
+        $qry = $conn->query("SELECT * FROM tasks WHERE ID = $id");
+	if ($qry) {
+	    $task = $qry->fetch();
+	}
         if (!empty($task)) {
             // format datestring according to dateformat option
             if (is_numeric($task['start'])) {
@@ -244,7 +247,7 @@ class task {
             // Get the user(s) assigned to the task from the db
             $usel = $conn->query("SELECT user FROM tasks_assigned WHERE task = $task[ID]");
             $users = array();
-            while ($usr = $usel->fetch()) {
+            while ($usel and $usr = $usel->fetch()) {
                 // push the assigned users to an array
                 array_push($users, $usr[0]);
                 $task["user"] = "All";
@@ -303,7 +306,7 @@ class task {
             $sel2 = $conn->query("SELECT ID FROM tasks WHERE project = $project AND status=$status");
         } else {
             $sel2 = $conn->query("SELECT ID FROM tasks WHERE project = $project");
-        } while ($tasks = $sel2->fetch()) {
+        } while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -334,9 +337,12 @@ class task {
 
         $sel2 = $conn->query("SELECT ID FROM tasks WHERE project = $project AND status=1 AND end > $now ORDER BY `end` ASC LIMIT $limit");
 
-        while ($tasks = $sel2->fetch()) {
-            $chk = $conn->query("SELECT ID FROM tasks_assigned WHERE user = $user AND task = $tasks[ID]")->fetch();
-            $chk = $chk[0];
+        while ($sel2 and $tasks = $sel2->fetch()) {
+	    $qry = $conn->query("SELECT ID FROM tasks_assigned WHERE user = $user AND task = $tasks[ID]");
+	    if ($qry) {
+	        $chk = $qry->fetch();
+		$chk = $chk[0];
+	    }
             if ($chk) {
                 $task = $this->getTask($tasks["ID"]);
                 array_push($lists, $task);
@@ -373,7 +379,7 @@ class task {
 
         $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project AND status=1 ORDER BY `end` ASC ");
 
-        while ($tasks = $sel2->fetch()) {
+        while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -404,7 +410,7 @@ class task {
         $now = strtotime($tod);
 
         $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project  AND status=1 AND end < $now ORDER BY `end` ASC LIMIT $limit");
-        while ($tasks = $sel2->fetch()) {
+        while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -436,7 +442,7 @@ class task {
 
         $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project  AND status=1 AND end = '$now' ORDER BY `end` ASC LIMIT $limit");
 
-        while ($tasks = $sel2->fetch()) {
+        while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -467,7 +473,7 @@ class task {
 
         $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project AND status=0 ORDER BY `end` ASC LIMIT $limit");
 
-        while ($tasks = $sel2->fetch()) {
+        while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
         }
@@ -511,7 +517,7 @@ class task {
         }
         $sel1 = $conn->query($sql);
 
-        while ($stone = $sel1->fetch()) {
+        while ($sel1 and $stone = $sel1->fetch()) {
             $stone["daysleft"] = $this->getDaysLeft($stone["end"]);
             array_push($timeline, $stone);
         }
@@ -534,12 +540,18 @@ class task {
         global $conn;
         $id = (int) $id;
 
-        $user = $conn->query("SELECT user FROM tasks_assigned WHERE task = $id")->fetch();
+        $qry = $conn->query("SELECT user FROM tasks_assigned WHERE task = $id");
+	if ($qry) {
+	    $user = $qry->fetch();
+	}
 
         if (!empty($user)) {
-            $uname = $conn->query("SELECT name FROM user WHERE ID = $user[0]")->fetch();
-            $uname = $uname[0];
-            $user[1] = stripslashes($uname);
+	    $qry = $conn->query("SELECT name FROM user WHERE ID = $user[0]");
+	    if ($qry) {
+	        $uname = $qry->fetch();
+		$uname = $uname[0];
+		$user[1] = stripslashes($uname);
+	    }
 
             return $user;
         } else {
@@ -561,11 +573,13 @@ class task {
         $sql = $conn->query("SELECT user FROM tasks_assigned WHERE task = $id");
 
         $result = array();
-        while ($user = $sql->fetch()) {
+        while ($sql and $user = $sql->fetch()) {
             $sel2 = $conn->query("SELECT name FROM user WHERE ID = $user[0]");
-            $uname = $sel2->fetch();
-            $uname = $uname[0];
-            $user[1] = stripslashes($uname);
+            if ($sel2) {
+	        $uname = $sel2->fetch();
+		$uname = $uname[0];
+		$user[1] = stripslashes($uname);
+	    }
 
             $result[] = $user;
         }
@@ -665,11 +679,16 @@ class task {
     {
         global $conn;
         $psel = $conn->query("SELECT name FROM projekte WHERE ID = $task[project]");
-        $pname = $psel->fetch();
-        $pname = stripslashes($pname[0]);
-
-        $list = $conn->query("SELECT name FROM tasklist WHERE ID = $task[liste]")->fetch();
-        $list = stripslashes($list[0]);
+        if ($psel) {
+	    $pname = $psel->fetch();
+	    $pname = stripslashes($pname[0]);
+	}
+
+        $qry = $conn->query("SELECT name FROM tasklist WHERE ID = $task[liste]");
+	if ($qry) {
+	    $list = $qry->fetch();
+	    $list = stripslashes($list[0]);
+	}
 
         if (isset($list) or isset($pname)) {
             $details = array("list" => $list, "pname" => $pname);
@@ -708,11 +727,17 @@ class task {
         global $conn;
         $id = (int) $id;
 
-        $nam = $conn->query("SELECT text,liste,title FROM tasks WHERE ID = $id")->fetch();
-        $text = stripslashes($nam[2]);
-        $list = $nam[1];
-        $project = $conn->query("SELECT project FROM tasklist WHERE ID = $list")->fetch();
-        $project = $project[0];
+        $qry = $conn->query("SELECT text,liste,title FROM tasks WHERE ID = $id");
+	if ($qry) {
+	    $nam = $qry->fetch();
+	    $text = stripslashes($nam[2]);
+	    $list = $nam[1];
+	}
+        $qry = $conn->query("SELECT project FROM tasklist WHERE ID = $list");
+	if ($qry) {
+	    $project = $qry->fetch();
+	    $project = $project[0];
+	}
         $nameproject = array($text, $project);
 
         if (!empty($nameproject)) {
Index: collabtive/include/class.timetracker.php
===================================================================
--- collabtive.orig/include/class.timetracker.php
+++ collabtive/include/class.timetracker.php
@@ -149,7 +149,9 @@ class timetracker {
 
         $sel = $conn->query("SELECT * FROM timetracker WHERE ID = $id");
         $track = array();
-        $track = $sel->fetch();
+        if ($sel) {
+	    $track = $sel->fetch();
+	}
 
         if (!empty($track)) {
             if (isset($track["started"]) and isset($track["ended"])) {
@@ -209,9 +211,9 @@ class timetracker {
             $num .= " AND ended >=$start AND ended<=$end ";
         }
 
-        if ($num) {
-            $num = $conn->query($num)->fetch();
-            $num = $num[0];
+        if ($num and $qry = $conn->query($num)) {
+	    $num = $qry->fetch();
+	    $num = $num[0];
         } else {
             $num = 0;
         }
@@ -234,7 +236,7 @@ class timetracker {
         $ttask = new task();
 
         if (isset($sel)) {
-            while ($data = @$sel->fetch()) {
+            while ($sel and $data = @$sel->fetch()) {
                 $endstring = date("H:i", $data["ended"]);
                 $startstring = date("H:i", $data["started"]);
                 $daystring = date("d.m.y", $data["ended"]);
@@ -245,11 +247,17 @@ class timetracker {
                     $data["tname"] = $tasks;
                 }
 
-                $pname = $conn->query("SELECT name FROM projekte WHERE ID = $data[project]")->fetch();
-                $pname = stripslashes($pname[0]);
-
-                $uname = $conn->query("SELECT name FROM user WHERE ID = $data[user]")->fetch();
-                $uname = stripslashes($uname[0]);
+                $qry = $conn->query("SELECT name FROM projekte WHERE ID = $data[project]");
+		if ($qry) {
+		    $pname = $qry->fetch();
+		    $pname = stripslashes($pname[0]);
+		}
+
+                $qry = $conn->query("SELECT name FROM user WHERE ID = $data[user]");
+		if ($qry) {
+		    $uname = $qry->fetch();
+		    $uname = stripslashes($uname[0]);
+		}
 
                 $data["endstring"] = $endstring;
                 $data["startstring"] = $startstring;
@@ -309,9 +317,9 @@ class timetracker {
             $num .= " AND ended >=$start AND ended<=$end ";
         }
 
-        if ($num) {
-            $num = $conn->query($num)->fetch();
-            $num = $num[0];
+        if ($num and $qry = $conn->query($num)) {
+	    $num = $qry->fetch();
+	    $num = $num[0];
         } else {
             $num = 0;
         }
@@ -335,7 +343,7 @@ class timetracker {
         $ttask = new task();
 
         if (isset($sel)) {
-            while ($data = @$sel->fetch()) {
+	  while ($sel and $data = @$sel->fetch()) {
                 $endstring = date("H:i", $data["ended"]);
                 $startstring = date("H:i", $data["started"]);
                 $daystring = date(CL_DATEFORMAT, $data["ended"]);
@@ -346,11 +354,17 @@ class timetracker {
                     $data["tname"] = $tasks;
                 }
 
-                $pname = $conn->query("SELECT name FROM projekte WHERE ID = $data[project]")->fetch();
-                $pname = stripslashes($pname[0]);
-
-                $uname = $conn->query("SELECT name FROM user WHERE ID = $data[user]")->fetch();
-                $uname = stripslashes($uname[0]);
+                $qry = $conn->query("SELECT name FROM projekte WHERE ID = $data[project]");
+		if ($qry) {
+		    $pname = $qry->fetch();
+		    $pname = stripslashes($pname[0]);
+		}
+
+                $qry = $conn->query("SELECT name FROM user WHERE ID = $data[user]");
+		if ($qry) {
+		    $uname = $qry->fetch();
+		    $uname = stripslashes($uname[0]);
+		}
 
                 $data["endstring"] = $endstring;
                 $data["startstring"] = $startstring;
Index: collabtive/include/class.milestone.php
===================================================================
--- collabtive.orig/include/class.milestone.php
+++ collabtive/include/class.milestone.php
@@ -72,9 +72,12 @@ class milestone {
         $updStmt = $conn->prepare("UPDATE milestones SET `name`=?, `desc`=?, `start`=?, `end`=? WHERE ID=?");
         $upd = $updStmt->execute(array($name, $desc, $start, $end, $id));
         if ($upd) {
-            $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id")->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    $qry = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
+	    if ($qry) {
+	        $nam = $qry->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone' , 2, $project);
             return true;
@@ -98,9 +101,11 @@ class milestone {
         $del = $conn->query("DELETE FROM milestones WHERE ID = $id");
         $del1 = $conn->query("DELETE FROM milestones_assigned WHERE milestone = $id");
         if ($del) {
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone', 3, $project);
             return true;
@@ -124,9 +129,11 @@ class milestone {
 
         if ($upd) {
             $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone', 4, $project);
             return true;
@@ -159,11 +166,12 @@ class milestone {
         }
 
         if ($upd) {
-            $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
-
+	    $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
+	    if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
             $this->mylog->add($name, 'milestone', 5, $project);
             return true;
         } else {
@@ -186,10 +194,12 @@ class milestone {
 
         $upd = $conn->query("INSERT INTO milestones_assigned (NULL,$user,$milestone)");
         if ($upd) {
-            $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+	    $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
+	    if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone', 6, $project);
             return true;
@@ -214,9 +224,11 @@ class milestone {
         $upd = $conn->query("DELETE FROM milestones_assigned WHERE user = $user AND milestone = $milestone");
         if ($upd) {
             $nam = $conn->query("SELECT project,name FROM milestones WHERE ID = $id");
-            $nam = $nam->fetch();
-            $project = $nam[0];
-            $name = $nam[1];
+            if ($nam) {
+	        $nam = $nam->fetch();
+		$project = $nam[0];
+		$name = $nam[1];
+	    }
 
             $this->mylog->add($name, 'milestone', 7, $project);
             return true;
@@ -237,7 +249,9 @@ class milestone {
         $id = (int) $id;
 
         $sel = $conn->query("SELECT * FROM milestones WHERE ID = $id");
-        $milestone = $sel->fetch();
+	if ($sel) {
+	    $milestone = $sel->fetch();
+	}
 
         if (!empty($milestone)) {
             // Format start and end date for display
@@ -252,10 +266,12 @@ class milestone {
             $milestone["desc"] = stripslashes($milestone["desc"]);
             // Get the name of the project where the message was posted for display
             $psel = $conn->query("SELECT name FROM projekte WHERE ID = $milestone[project]");
-            $pname = $psel->fetch();
-            $pname = $pname[0];
-            $milestone["pname"] = $pname;
-            $milestone["pname"] = stripslashes($milestone["pname"]);
+	    if ($psel) {
+	        $pname = $psel->fetch();
+		$pname = $pname[0];
+		$milestone["pname"] = $pname;
+		$milestone["pname"] = stripslashes($milestone["pname"]);
+	    }
             // Daysleft contains a signed number, dayslate an unsigned one that only applies if the milestone is late
             $dayslate = $this->getDaysLeft($milestone["end"]);
             $milestone["daysleft"] = $dayslate;
@@ -290,7 +306,7 @@ class milestone {
 
         $sel = $conn->query("SELECT ID FROM milestones WHERE `status`=$status  ORDER BY `end` ASC LIMIT $lim");
 
-        while ($milestone = $sel->fetch()) {
+        while ($sel and $milestone = $sel->fetch()) {
             $themilestone = $this->getMilestone($milestone["ID"]);
             array_push($milestones, $themilestone);
         }
@@ -316,7 +332,7 @@ class milestone {
         $sel = $conn->query("SELECT ID FROM milestones WHERE project = $project AND status = 0 ORDER BY `end` ASC");
         $stones = array();
 
-        while ($milestone = $sel->fetch()) {
+        while ($sel and $milestone = $sel->fetch()) {
             $themilestone = $this->getMilestone($milestone["ID"]);
             array_push($stones, $themilestone);
         }
@@ -348,7 +364,7 @@ class milestone {
         $sql = "SELECT ID FROM milestones WHERE project = $project AND end < $now AND status = 1 ORDER BY end ASC LIMIT $lim";
 
         $sel1 = $conn->query($sql);
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             if (!empty($milestone)) {
                 $themilestone = $this->getMilestone($milestone["ID"]);
                 array_push($milestones, $themilestone);
@@ -382,7 +398,7 @@ class milestone {
         $sql = "SELECT ID FROM milestones WHERE project = $project  AND start > $now AND status = 1 ORDER BY end ASC LIMIT $lim";
 
         $sel1 = $conn->query($sql);
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             if (!empty($milestone)) {
                 $themilestone = $this->getMilestone($milestone["ID"]);
                 array_push($milestones, $themilestone);
@@ -415,7 +431,7 @@ class milestone {
         $sql = "SELECT ID FROM milestones WHERE project = $project AND status = 1 ORDER BY end ASC LIMIT $lim";
 
         $sel1 = $conn->query($sql);
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             if (!empty($milestone)) {
                 $themilestone = $this->getMilestone($milestone["ID"]);
                 array_push($milestones, $themilestone);
@@ -451,7 +467,7 @@ class milestone {
         }
 
         $sel1 = $conn->query($sql);
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             $themilestone = $this->getMilestone($milestone["ID"]);
             array_push($milestones, $themilestone);
         }
@@ -482,7 +498,7 @@ class milestone {
         $milestones = array();
 
         $sel1 = $conn->query("SELECT * FROM milestones WHERE project = $project AND end = '$now' AND status = 1 ORDER BY end ASC LIMIT $lim");
-        while ($milestone = $sel1->fetch()) {
+        while ($sel1 and $milestone = $sel1->fetch()) {
             $themilestone = $this->getMilestone($milestone["ID"]);
             array_push($milestones, $themilestone);
         }
@@ -524,7 +540,7 @@ class milestone {
             $sel1 = $conn->query("SELECT * FROM milestones WHERE project =  $project AND status=1 AND end = '$starttime' ORDER BY `end` ASC");
         } else {
         	$sel1 = $conn->query("SELECT milestones.*,projekte_assigned.user,projekte.name AS pname,projekte.status AS pstatus FROM milestones,projekte_assigned,projekte WHERE milestones.project = projekte_assigned.projekt AND milestones.project = projekte.ID HAVING projekte_assigned.user = $user AND status=1 AND pstatus != 2 AND end = '$starttime'");
-        } while ($stone = $sel1->fetch()) {
+        } while ($sel1 and $stone = $sel1->fetch()) {
             $stone["daysleft"] = $this->getDaysLeft($stone["end"]);
             array_push($timeline, $stone);
         }
@@ -552,7 +568,7 @@ class milestone {
         $sel = $conn->query("SELECT ID FROM tasklist WHERE milestone = $milestone AND status = 1 ORDER BY ID ASC");
         $lists = array();
         if ($milestone) {
-            while ($listId = $sel->fetch()) {
+            while ($sel and $listId = $sel->fetch()) {
                 array_push($lists, $objtasklist->getTasklist($listId["ID"]));
             }
         }
@@ -571,7 +587,7 @@ class milestone {
 
         $sel = $conn->query("SELECT title,ID,milestone FROM messages WHERE milestone = $milestone");
         $msgs = array();
-        while ($msg = $sel->fetch()) {
+        while ($sel and $msg = $sel->fetch()) {
             array_push($msgs, $msg);
         }
         if (!empty($msgs)) {
