diff --git a/app/modules/module_edit.php b/app/modules/module_edit.php index a9aac9abf8..74f268f68f 100644 --- a/app/modules/module_edit.php +++ b/app/modules/module_edit.php @@ -216,8 +216,11 @@ echo " ".$text['label-module_category']."\n"; echo "\n"; echo "\n"; - $table_name = 'v_modules'; $field_name = 'module_category'; $sql_where_optional = ''; $field_current_value = $module_category; - echo html_select_other($db, $table_name, $field_name, $sql_where_optional, $field_current_value); + $table_name = 'v_modules'; + $field_name = 'module_category'; + $sql_where_optional = ''; + $field_current_value = $module_category; + echo html_select_other($table_name, $field_name, $sql_where_optional, $field_current_value); echo "
\n"; echo "\n"; echo "\n"; diff --git a/app/vars/var_edit.php b/app/vars/var_edit.php index 657371a7b6..68e1ab5585 100644 --- a/app/vars/var_edit.php +++ b/app/vars/var_edit.php @@ -198,9 +198,11 @@ echo " ".$text['label-category']."\n"; echo "\n"; echo "\n"; - $table_name = 'v_vars';$field_name = 'var_category';$sql_where_optional = "";$field_current_value = $var_category; - echo html_select_other($db, $table_name, $field_name, $sql_where_optional, $field_current_value); - //echo "
\n"; + $table_name = 'v_vars'; + $field_name = 'var_category'; + $sql_where_optional = ""; + $field_current_value = $var_category; + echo html_select_other($table_name, $field_name, $sql_where_optional, $field_current_value); echo $text['description-category']."\n"; echo "\n"; echo "\n"; diff --git a/core/users/user_delete.php b/core/users/user_delete.php index 97b8fc5f2b..22e0eadbd0 100644 --- a/core/users/user_delete.php +++ b/core/users/user_delete.php @@ -61,7 +61,7 @@ } //required to be a superadmin to delete a member of the superadmin group - $superadmin_list = superadmin_list($db); + $superadmin_list = superadmin_list(); if (if_superadmin($superadmin_list, $user_uuid)) { if (!if_group("superadmin")) { //access denied - do not delete the user diff --git a/core/users/user_edit.php b/core/users/user_edit.php index 11c2e30f8e..a9113cd4ea 100644 --- a/core/users/user_edit.php +++ b/core/users/user_edit.php @@ -68,7 +68,7 @@ //required to be a superadmin to update an account that is a member of the superadmin group if (permission_exists('user_edit') && $action == 'edit') { - $superadmins = superadmin_list($db); + $superadmins = superadmin_list(); if (if_superadmin($superadmins, $user_uuid)) { if (!if_group("superadmin")) { echo "access denied"; diff --git a/logout.php b/logout.php index 8b826547ff..eb874de7c1 100644 --- a/logout.php +++ b/logout.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2015 + Portions created by the Initial Developer are Copyright (C) 2008-2019 the Initial Developer. All Rights Reserved. Contributor(s): @@ -39,59 +39,60 @@ //convert to relative path $referrer = substr($_SERVER['HTTP_REFERER'], strpos($_SERVER['HTTP_REFERER'], $_SERVER["HTTP_HOST"]) + strlen($_SERVER["HTTP_HOST"])); //check if destination url already exists - $sql = "select count(*) as num_rows from v_user_settings "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' "; + $sql = "select count(*) from v_user_settings "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and user_uuid = :user_uuid "; $sql .= "and user_setting_category = 'login' "; $sql .= "and user_setting_subcategory = 'destination' "; $sql .= "and user_setting_name = 'url' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - $exists = ($row['num_rows'] > 0) ? true : false; - } - unset($sql, $prep_statement, $row); + $paramters['domain_uuid'] = $_SESSION['domain_uuid']; + $paramters['user_uuid'] = $_SESSION['user_uuid']; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + $exists = ($num_rows > 0) ? true : false; + unset($sql, $parameters, $num_rows); //if exists, update if ($exists) { $sql = "update v_user_settings set "; - $sql .= "user_setting_value = '".$referrer."', "; + $sql .= "user_setting_value = :user_setting_value "; $sql .= "user_setting_enabled = 'true' "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and user_uuid = '".$_SESSION["user_uuid"]."' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and user_uuid = :user_uuid "; $sql .= "and user_setting_category = 'login' "; $sql .= "and user_setting_subcategory = 'destination' "; $sql .= "and user_setting_name = 'url' "; - $db->exec(check_sql($sql)); - unset($sql); + $parameters['user_setting_value'] = $referrer; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['user_uuid'] = $_SESSION["user_uuid"]; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); } //otherwise, insert else { - $sql = "insert into v_user_settings "; - $sql .= "( "; - $sql .= "user_setting_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "user_uuid, "; - $sql .= "user_setting_category, "; - $sql .= "user_setting_subcategory, "; - $sql .= "user_setting_name, "; - $sql .= "user_setting_value, "; - $sql .= "user_setting_enabled "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".uuid()."', "; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$_SESSION["user_uuid"]."', "; - $sql .= "'login', "; - $sql .= "'destination', "; - $sql .= "'url', "; - $sql .= "'".$referrer."', "; - $sql .= "'true' "; - $sql .= ") "; - $db->exec(check_sql($sql)); - unset($sql); + //build insert array + $user_setting_uuid = uuid(); + $array['user_settings'][0]['user_setting_uuid'] = $user_setting_uuid; + $array['user_settings'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['user_settings'][0]['user_uuid'] = $_SESSION["user_uuid"]; + $array['user_settings'][0]['user_setting_category'] = 'login'; + $array['user_settings'][0]['user_setting_subcategory'] = 'destination'; + $array['user_settings'][0]['user_setting_name'] = 'url'; + $array['user_settings'][0]['user_setting_value'] = $referrer; + $array['user_settings'][0]['user_setting_enabled'] = 'true'; + //grant temporary permissions + $p = new permissions; + $p->add('user_setting_add', 'temp'); + //execute insert + $database = new database; + $database->app_name = 'logout'; + $database->app_uuid = 'e9f24006-5da2-417f-94fb-7458348bae29'; + $database->save($array); + unset($array); + //revoke temporary permissions + $p = new permissions; + $p->delete('user_setting_add', 'temp'); } } } @@ -99,6 +100,6 @@ //redirect the user to the index page header("Location: ".PROJECT_PATH."/login.php"); - return; + exit; -?> +?> \ No newline at end of file diff --git a/resources/functions.php b/resources/functions.php index 8e31679d70..2931e0839c 100644 --- a/resources/functions.php +++ b/resources/functions.php @@ -261,26 +261,6 @@ } } - if (!function_exists('group_members')) { - function group_members($db, $user_uuid) { - global $domain_uuid; - $sql = "select * from v_user_groups "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and user_uuid = '".$user_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - $group_members = "||"; - foreach($result as $field) { - //get the list of groups - $group_members .= $field['group_name']."||"; - } - unset($sql, $result, $row_count); - return $group_members; - } - } - if (!function_exists('if_group_member')) { function if_group_member($group_members, $group) { if (stripos($group_members, "||".$group."||") === false) { @@ -293,24 +273,23 @@ } if (!function_exists('superadmin_list')) { - function superadmin_list($db) { + function superadmin_list() { global $domain_uuid; $sql = "select * from v_user_groups "; $sql .= "where group_name = 'superadmin' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); + $database = new database; + $result = $database->select($sql, null, 'all'); $superadmin_list = "||"; - foreach($result as $field) { - //get the list of superadmins - $superadmin_list .= $field['user_uuid']."||"; + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as $field) { + //get the list of superadmins + $superadmin_list .= $field['user_uuid']."||"; + } } - unset($sql, $result, $row_count); + unset($sql, $result, $field); return $superadmin_list; } } - //superadmin_list($db); if (!function_exists('if_superadmin')) { function if_superadmin($superadmin_list, $user_uuid) { @@ -324,36 +303,29 @@ } if (!function_exists('html_select_other')) { - function html_select_other($db, $table_name, $field_name, $sql_where_optional, $field_current_value) { - //html select other : build a select box from distinct items in db with option for other + function html_select_other($table_name, $field_name, $sql_where_optional, $field_current_value) { + //html select other: build a select box from distinct items in db with option for other global $domain_uuid; - $html = "\n"; + $html = "
\n"; $html .= "\n"; $html .= "\n"; $html .= "
\n"; $html .= "\n"; $html .= "\n"; @@ -364,103 +336,41 @@ $html .= "
"; - return $html; + return $html; } } if (!function_exists('html_select')) { - function html_select($db, $table_name, $field_name, $sql_where_optional, $field_current_value, $field_value = '', $style = '') { - //html select other : build a select box from distinct items in db with option for other + function html_select($table_name, $field_name, $sql_where_optional, $field_current_value, $field_value = '', $style = '', $onchange = '') { + //html select: build a select box from distinct items in db global $domain_uuid; if (strlen($field_value) > 0) { - $html .= "\n"; + $html .= " \n"; + $sql = "select distinct(".$field_name.") as ".$field_name.", ".$field_value." from ".$table_name." ".$sql_where_optional." order by ".$field_name." asc "; } else { - $html .= "\n"; + $html .= " \n"; + $sql = "select distinct(".$field_name.") as ".$field_name." from ".$table_name." ".$sql_where_optional." "; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - if ($result_count > 0) { //if user account exists then show login + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $field) { if (strlen($field[$field_name]) > 0) { - if ($field_current_value == $field[$field_name]) { - if (strlen($field_value) > 0) { - $html .= "\n"; - } - else { - $html .= "\n"; - } - } - else { - if (strlen($field_value) > 0) { - $html .= "\n"; - } - else { - $html .= "\n"; - } - } + $selected = $field_current_value == $field[$field_name] ? "selected='selected'" : null; + $array_key = strlen($field_value) > 0 ? $field_value : $field_name; + $html .= "\n"; } } } - unset($sql, $result, $result_count); + unset($sql, $result, $field); $html .= "\n"; - return $html; - } - } - //$table_name = 'v_templates'; $field_name = 'templatename'; $sql_where_optional = "where domain_uuid = '$domain_uuid' "; $field_current_value = ''; - //echo html_select($db, $table_name, $field_name, $sql_where_optional, $field_current_value); - - if (!function_exists('html_select_on_change')) { - function html_select_on_change($db, $table_name, $field_name, $sql_where_optional, $field_current_value, $onchange, $field_value = '') { - //html select other : build a select box from distinct items in db with option for other - global $domain_uuid; - - $html .= "\n"; - - return $html; + return $html; } } @@ -485,43 +395,6 @@ return $html; } } - ////example usage - //$table_name = 'tblcontacts'; $field_name = 'contactcategory'; $sql_where_optional = "", $field_current_value =''; - //echo html_select_other($db, $table_name, $field_name, $sql_where_optional, $field_current_value); - //// On the page that recieves the POST - //if (check_str($_POST["contactcategory"]) == "Other") { //echo "found: ".$contactcategory; - // $contactcategory = check_str($_POST["contactcategoryother"]); - //} - - if (!function_exists('log_add')) { - function log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $log_add_user_ip) { - return; //this disables the function - global $domain_uuid; - - $sql = "insert into logs "; - $sql .= "("; - $sql .= "log_type, "; - $sql .= "log_status, "; - $sql .= "log_desc, "; - $sql .= "log_add_user, "; - $sql .= "log_add_user_ip, "; - $sql .= "log_add_date "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'$log_type', "; - $sql .= "'$log_status', "; - $sql .= "'$log_desc', "; - $sql .= "'$log_add_user', "; - $sql .= "'$log_add_user_ip', "; - $sql .= "now() "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - } - } - //$log_type = ''; $log_status=''; $log_add_user=''; $log_desc=''; - //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]); if (!function_exists('get_ext')) { function get_ext($filename) { @@ -546,108 +419,94 @@ } if (!function_exists('file_upload')) { - function file_upload($field = '', $file_type = '', $dest_dir = '') { + function file_upload($field = '', $file_type = '', $dest_dir = '') { - $uploadtempdir = $_ENV["TEMP"]."\\"; - ini_set('upload_tmp_dir', $uploadtempdir); + $uploadtempdir = $_ENV["TEMP"]."\\"; + ini_set('upload_tmp_dir', $uploadtempdir); - $tmp_name = $_FILES[$field]["tmp_name"]; - $file_name = $_FILES[$field]["name"]; - $file_type = $_FILES[$field]["type"]; - $file_size = $_FILES[$field]["size"]; - $file_ext = get_ext($file_name); - $file_name_orig = $file_name; - $file_name_base = substr($file_name, 0, (strlen($file_name) - (strlen($file_ext)+1))); - //$dest_dir = '/tmp'; + $tmp_name = $_FILES[$field]["tmp_name"]; + $file_name = $_FILES[$field]["name"]; + $file_type = $_FILES[$field]["type"]; + $file_size = $_FILES[$field]["size"]; + $file_ext = get_ext($file_name); + $file_name_orig = $file_name; + $file_name_base = substr($file_name, 0, (strlen($file_name) - (strlen($file_ext)+1))); + //$dest_dir = '/tmp'; - if ($file_size == 0){ - return; + if ($file_size == 0) { + return; + } + + if (!is_dir($dest_dir)) { + echo "dest_dir not found
\n"; + return; + } + + //check if allowed file type + if ($file_type == "img") { + switch (strtolower($file_ext)) { + case "jpg": + case "png": + case "gif": + case "bmp": + case "psd": + case "tif": break; + default: return false; + } + } + if ($file_type == "file") { + switch (strtolower($file_ext)) { + case "doc": + case "pdf": + case "ppt": + case "xls": + case "zip": + case "exe": break; + default: return false; + } + } + + //find unique filename: check if file exists if it does then increment the filename + $i = 1; + while( file_exists($dest_dir.'/'.$file_name)) { + if (strlen($file_ext)> 0) { + $file_name = $file_name_base . $i .'.'. $file_ext; } - - if (!is_dir($dest_dir)) { - echo "dest_dir not found
\n"; - return; + else { + $file_name = $file_name_orig . $i; } + $i++; + } - //check if allowed file type - if ($file_type == "img") { - switch (strtolower($file_ext)) { - case "jpg": - break; - case "png": - break; - case "gif": - break; - case "bmp": - break; - case "psd": - break; - case "tif": - break; - default: - return false; - } - } - if ($file_type == "file") { - switch (strtolower($file_ext)) { - case "doc": - break; - case "pdf": - break; - case "ppt": - break; - case "xls": - break; - case "zip": - break; - case "exe": - break; - default: - return false; - } - } + //echo "file_type: ".$file_type."
\n"; + //echo "tmp_name: ".$tmp_name."
\n"; + //echo "file_name: ".$file_name."
\n"; + //echo "file_ext: ".$file_ext."
\n"; + //echo "file_name_orig: ".$file_name_orig."
\n"; + //echo "file_name_base: ".$file_name_base."
\n"; + //echo "dest_dir: ".$dest_dir."
\n"; - //find unique filename: check if file exists if it does then increment the filename - $i = 1; - while( file_exists($dest_dir.'/'.$file_name)) { - if (strlen($file_ext)> 0) { - $file_name = $file_name_base . $i .'.'. $file_ext; - } - else { - $file_name = $file_name_orig . $i; - } - $i++; - } + //move the file to upload directory + //bool move_uploaded_file ( string $filename, string $destination ) - //echo "file_type: ".$file_type."
\n"; - //echo "tmp_name: ".$tmp_name."
\n"; - //echo "file_name: ".$file_name."
\n"; - //echo "file_ext: ".$file_ext."
\n"; - //echo "file_name_orig: ".$file_name_orig."
\n"; - //echo "file_name_base: ".$file_name_base."
\n"; - //echo "dest_dir: ".$dest_dir."
\n"; + if (move_uploaded_file($tmp_name, $dest_dir.'/'.$file_name)) { + return $file_name; + } + else { + echo "File upload failed! Here's some debugging info:\n"; + return false; + } + exit; - //move the file to upload directory - //bool move_uploaded_file ( string $filename, string $destination ) - - if (move_uploaded_file($tmp_name, $dest_dir.'/'.$file_name)){ - return $file_name; - } - else { - echo "File upload failed! Here's some debugging info:\n"; - return false; - } - exit; - - } //end function + } } - if ( !function_exists('sys_get_temp_dir')) { + if (!function_exists('sys_get_temp_dir')) { function sys_get_temp_dir() { - if( $temp=getenv('TMP') ) return $temp; - if( $temp=getenv('TEMP') ) return $temp; - if( $temp=getenv('TMPDIR') ) return $temp; - $temp=tempnam(__FILE__,''); + if ($temp = getenv('TMP')) { return $temp; } + if ($temp = getenv('TEMP')) { return $temp; } + if ($temp = getenv('TMPDIR')) { return $temp; } + $temp = tempnam(__FILE__,''); if (file_exists($temp)) { unlink($temp); return dirname($temp); @@ -657,14 +516,14 @@ } //echo realpath(sys_get_temp_dir()); - if ( !function_exists('normalize_path')) { + if (!function_exists('normalize_path')) { //don't use DIRECTORY_SEPARATOR as it will change on a per platform basis and we need consistency function normalize_path($path) { return str_replace(array('/','\\'), '/', $path); } } - if ( !function_exists('normalize_path_to_os')) { + if (!function_exists('normalize_path_to_os')) { function normalize_path_to_os($path) { return str_replace(array('/','\\'), DIRECTORY_SEPARATOR, $path); } @@ -672,125 +531,109 @@ if (!function_exists('username_exists')) { function username_exists($username) { - global $db, $domain_uuid; - $sql = "select * from v_users "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and username = '".$username."' "; - //$sql .= "and user_enabled = 'true' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - if ($result_count > 0) { - return true; - } - else { - return false; - } + global $domain_uuid; + $sql = "select count(*) from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and username = :username "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['username'] = $username; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + return $num_rows > 0 ? true : false; } } if (!function_exists('add_extension_user')) { function add_extension_user($extension_uuid, $username) { - global $db, $domain_uuid; + global $domain_uuid; //get the user_uuid by using the username - $sql = "select * from v_users "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and username = '$username' "; - //$sql .= "and user_enabled = 'true' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($prep_statement); - foreach ($result as &$row) { + $sql = "select user_uuid from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and username = :username "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['username'] = $username; + $database = new database; + $user_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); + + if (is_uuid($user_uuid)) { //check if the user_uuid exists in v_extension_users - $sql = "select * from v_extension_users "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and user_uuid = '".$row["user_uuid"]."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $extension_users_result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($prep_statement); + $sql = "select count(*) from v_extension_users "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and user_uuid = :user_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['user_uuid'] = $user_uuid; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); + //assign the extension to the user - if (count($extension_users_result) == 0) { - $sql = "insert into v_extension_users "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "extension_uuid, "; - $sql .= "user_uuid "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'$extension_uuid', "; - $sql .= "'".$row["user_uuid"]."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + if ($num_rows == 0) { + //build insert array + $extension_user_uuid = uuid(); + $array['extension_users'][$x]['extension_user_uuid'] = $extension_user_uuid; + $array['extension_users'][$x]['domain_uuid'] = $domain_uuid; + $array['extension_users'][$x]['extension_uuid'] = $extension_uuid; + $array['extension_users'][$x]['user_uuid'] = $row["user_uuid"]; + //grant temporary permissions + $p = new permissions; + $p->add('extension_user_add', 'temp'); + //execute insert + $database = new database; + $database->app_name = 'function-add_extension_user'; + $database->app_uuid = 'e68d9689-2769-e013-28fa-6214bf47fca3'; + $database->save($array); + unset($array); + //revoke temporary permissions + $p->delete('extension_user_add', 'temp'); } } - unset ($result); } } if (!function_exists('user_add')) { - function user_add($username, $password, $user_email='') { - global $db, $domain_uuid, $v_salt; - $user_uuid = uuid(); + function user_add($username, $password, $user_email = '') { + global $domain_uuid; if (strlen($username) == 0) { return false; } if (strlen($password) == 0) { return false; } if (!username_exists($username)) { - //salt used with the password to create a one way hash + //build user insert array + $user_uuid = uuid(); $salt = generate_password('20', '4'); - //add the user account - $user_type = 'Individual'; - $user_category = 'user'; - $sql = "insert into v_users "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "user_uuid, "; - $sql .= "username, "; - $sql .= "password, "; - $sql .= "salt, "; - if (strlen($user_email) > 0) { $sql .= "user_email, "; } - $sql .= "add_date, "; - $sql .= "add_user "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'$user_uuid', "; - $sql .= "'$username', "; - $sql .= "'".md5($salt.$password)."', "; - $sql .= "'$salt', "; - if (strlen($user_email) > 0) { $sql .= "'$user_email', "; } - $sql .= "now(), "; - $sql .= "'".$_SESSION["username"]."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['users'][0]['user_uuid'] = $user_uuid; + $array['users'][0]['domain_uuid'] = $domain_uuid; + $array['users'][0]['username'] = $username; + $array['users'][0]['password'] = md5($salt.$password); + $array['users'][0]['salt'] = $salt; + if (valid_email($user_email)) { + $array['users'][0]['user_email'] = $user_email; + } + $array['users'][0]['add_date'] = now(); + $array['users'][0]['add_user'] = $_SESSION["username"]; - //add the user to the member group - $group_name = 'user'; - $sql = "insert into v_user_groups "; - $sql .= "("; - $sql .= "user_group_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "group_name, "; - $sql .= "user_uuid "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".uuid()."', "; - $sql .= "'$domain_uuid', "; - $sql .= "'$group_name', "; - $sql .= "'$user_uuid' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - } //end if !username_exists - } //end function definition - } //end function_exists + //build user group insert array + $user_group_uuid = uuid(); + $array['user_groups'][0]['user_group_uuid'] = $user_group_uuid; + $array['user_groups'][0]['domain_uuid'] = $domain_uuid; + $array['user_groups'][0]['group_name'] = 'user'; + $array['user_groups'][0]['user_uuid'] = $user_uuid; + + //grant temporary permissions + $p = new permissions; + $p->add('user_add', 'temp'); + $p->add('user_group_add', 'temp'); + //execute insert + $database = new database; + $database->app_name = 'function-user_add'; + $database->app_uuid = '15a8d74b-ac7e-4468-add4-3e6ebdcb8e22'; + $database->save($array); + unset($array); + //revoke temporary permissions + $p->delete('user_add', 'temp'); + $p->delete('user_group_add', 'temp'); + } + } + } function switch_module_is_running($fp, $mod) { if (!$fp) { @@ -2002,14 +1845,13 @@ function number_pad($number,$n) { //retrieve array of countries if (!function_exists('get_countries')) { - function get_countries($db) { + function get_countries() { $sql = "select * from v_countries order by country asc"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - return ($result_count > 0) ? $result : false; - unset ($prep_statement, $sql); + $database = new database; + $result = $database->select($sql, null, 'all'); + unset($sql); + + return is_array($result) && @sizeof($result) != 0 ? $result : false; } } diff --git a/resources/header.php b/resources/header.php index e9f02e06ac..692b67792f 100644 --- a/resources/header.php +++ b/resources/header.php @@ -69,57 +69,53 @@ require_once "resources/require.php"; } //get the parent id - $sql = "select * from v_menu_items "; - $sql .= "where menu_uuid = '".$_SESSION['domain']['menu']['uuid']."' "; - $sql .= "and menu_item_link = '".$_SERVER["SCRIPT_NAME"]."' "; - $menu_prep_statement = $db->prepare(check_sql($sql)); - $menu_prep_statement->execute(); - $menu_result = $menu_prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($menu_result as &$menu_row) { - $_SESSION["menu_item_parent_uuid"] = $menu_row["menu_item_parent_uuid"]; - break; - } - unset($menu_prep_statement, $menu_result, $menu_row); + $sql = "select menu_item_parent_uuid from v_menu_items "; + $sql .= "where menu_uuid = :menu_uuid "; + $sql .= "and menu_item_link = :menu_item_link "; + $parameters['menu_uuid'] = $_SESSION['domain']['menu']['uuid']; + $parameters['menu_item_link'] = $_SERVER["SCRIPT_NAME"]; + $database = new database; + $menu_item_parent_uuid = $database->select($sql, $parameters, 'column'); + $_SESSION["menu_item_parent_uuid"] = $menu_item_parent_uuid; + unset($sql, $parameters, $menu_item_parent_uuid); //get the content if (file_exists($_SERVER["PROJECT_ROOT"]."/app/content/app_config.php")) { $sql = "select * from v_rss "; - $sql .= "where domain_uuid =:domain_uuid "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and rss_category = 'content' "; - $sql .= "and rss_link =:content "; - $sql .= "and (length(rss_del_date) = 0 "; - $sql .= "or rss_del_date is null) "; + $sql .= "and rss_link = :content "; + $sql .= "and ( "; + $sql .= "length(rss_del_date) = 0 "; + $sql .= "or rss_del_date is null "; + $sql .= ") "; $sql .= "order by rss_order asc "; - $content_prep_statement = $db->prepare(check_sql($sql)); - $content_prep_statement->bindParam(':domain_uuid', $_SESSION['domain_uuid']); - if (strlen($content) == 0) { - $content_prep_statement->bindParam(':content', $_SERVER["PHP_SELF"]); - } - else { - $content_prep_statement->bindParam(':content', $content); - } - $content_prep_statement->execute(); - $content_result = $content_prep_statement->fetchAll(PDO::FETCH_NAMED); - $page["title"] = ''; - foreach($content_result as $content_row) { - $template_rss_sub_category = $content_row['rss_sub_category']; - if (strlen($content_row['rss_group']) == 0) { - //content is public - $content_from_db = &$content_row['rss_description']; - if (strlen($content_row['rss_title']) > 0) { - $page["title"] = $content_row['rss_title']; - } - } - else { - if (if_group($content_row[rss_group])) { //viewable only to designated group - $content_from_db = &$content_row[rss_description]; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['content'] = strlen($content) == 0 ? $_SERVER["PHP_SELF"] : $content; + $database = new database; + $content_result = $database->select($sql, $parameters, 'all'); + $page['title'] = ''; + if (is_array($content_result) && @sizeof($content_result) != 0) { + foreach($content_result as $content_row) { + $template_rss_sub_category = $content_row['rss_sub_category']; + if (strlen($content_row['rss_group']) == 0) { + //content is public + $content_from_db = &$content_row['rss_description']; if (strlen($content_row['rss_title']) > 0) { $page["title"] = $content_row['rss_title']; } } + else { + if (if_group($content_row[rss_group])) { //viewable only to designated group + $content_from_db = &$content_row[rss_description]; + if (strlen($content_row['rss_title']) > 0) { + $page["title"] = $content_row['rss_title']; + } + } + } } - } //end foreach - unset($sql, $content_result, $content_row); + } + unset($sql, $parameters, $content_result, $content_row); } //start the output buffer diff --git a/resources/login.php b/resources/login.php index 395582814a..03731dbd71 100644 --- a/resources/login.php +++ b/resources/login.php @@ -41,14 +41,14 @@ $domain_uuid = $key_part[1]; $password_submitted = $key_part[2]; //get current salt, see if same as submitted salt - $sql = "select password from v_users where domain_uuid = :domain_uuid and username = :username "; - $prep_statement = $db->prepare($sql); - $prep_statement->bindParam(':domain_uuid', $domain_uuid); - $prep_statement->bindParam(':username', $username); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - $password_current = $result['password']; - unset($prep_statement, $result); + $sql = "select password from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and username = :username "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['username'] = $username; + $database = new database; + $password_current = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //set flag if ($username != '' && $domain_uuid == $_SESSION['domain_uuid'] && $password_submitted == $password_current) { @@ -77,12 +77,11 @@ $sql .= "and e.contact_uuid = u.contact_uuid "; $sql .= "and u.email_address = :email "; $sql .= "and e.domain_uuid = :domain_uuid "; - $prep_statement = $db->prepare($sql); - $prep_statement->bindParam(':domain_uuid', $_SESSION['domain_uuid']); - $prep_statement->bindParam(':email', $email); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - unset($prep_statement); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['email'] = $email; + $database = new database; + $result = $database->select($sql, $parameters, 'row'); + unset($sql, $parameters); if ($result['username'] != '') { @@ -96,18 +95,19 @@ //get email template from db $sql = "select template_subject, template_body from v_email_templates "; - $sql .= "where template_language = '".$_SESSION['domain']['language']['code']."' "; - $sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) "; + $sql .= "where template_language = :template_language "; + $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; $sql .= "and template_category = 'password_reset' "; $sql .= "and template_subcategory = 'default' "; $sql .= "and template_type = 'html' "; $sql .= "and template_enabled = 'true' "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); + $parameters['template_language'] = $_SESSION['domain']['language']['code']; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); $email_subject = $row['template_subject']; $email_body = $row['template_body']; - unset($prep_statement, $row); + unset($sql, $parameters, $row); //replace variables in email body $email_body = str_replace('${reset_link}', $reset_link, $email_body); @@ -161,13 +161,13 @@ $sql .= "salt = :salt "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and username = :username "; - $prep_statement = $db->prepare($sql); - $prep_statement->bindParam(':domain_uuid', $_SESSION['domain_uuid']); - $prep_statement->bindParam(':password', md5($salt.$password_new)); - $prep_statement->bindParam(':salt', $salt); - $prep_statement->bindParam(':username', $username); - $prep_statement->execute(); - unset($prep_statement); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['password'] = md5($salt.$password_new); + $parameters['salt'] = $salt; + $parameters['username'] = $username; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); message::add($text['message-password_reset'], 'positive', 2500); unset($_SESSION['valid_username']); @@ -403,4 +403,4 @@ $default_login = true; include "resources/footer.php"; -?> +?> \ No newline at end of file diff --git a/resources/switch.php b/resources/switch.php index 2e8b37ba58..f1493009c2 100644 --- a/resources/switch.php +++ b/resources/switch.php @@ -34,17 +34,14 @@ if (file_exists($_SERVER["PROJECT_ROOT"]."/app/settings/app_config.php")) { if ((! isset($_SESSION['event_socket_ip_address'])) or strlen($_SESSION['event_socket_ip_address']) == 0) { $sql = "select * from v_settings "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - foreach ($result as &$row) { - $_SESSION['event_socket_ip_address'] = $row["event_socket_ip_address"]; - $_SESSION['event_socket_port'] = $row["event_socket_port"]; - $_SESSION['event_socket_password'] = $row["event_socket_password"]; - break; //limit to 1 row - } + $database = new database; + $row = $database->select($sql, null, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $_SESSION['event_socket_ip_address'] = $row["event_socket_ip_address"]; + $_SESSION['event_socket_port'] = $row["event_socket_port"]; + $_SESSION['event_socket_password'] = $row["event_socket_password"]; } + unset($sql, $row); } } @@ -72,16 +69,14 @@ function event_socket_request_cmd($cmd) { if (file_exists($_SERVER["PROJECT_ROOT"]."/app/settings/app_config.php")) { $sql = "select * from v_settings "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - foreach ($result as &$row) { + $database = new database; + $row = $database->select($sql, null, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $event_socket_ip_address = $row["event_socket_ip_address"]; $event_socket_port = $row["event_socket_port"]; $event_socket_password = $row["event_socket_password"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $row); } $esl = new event_socket; @@ -137,85 +132,74 @@ function ListFiles($dir) { function save_setting_xml() { global $domain_uuid, $host, $config; - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - $sql = "select * from v_settings "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - foreach ($result as &$row) { - $fout = fopen($_SESSION['switch']['conf']['dir']."/directory/default/default.xml","w"); - $xml = "\n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= "\n"; - fwrite($fout, $xml); - unset($xml); - fclose($fout); + $database = new database; + $row = $database->select($sql, null, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $fout = fopen($_SESSION['switch']['conf']['dir']."/directory/default/default.xml","w"); + $xml = "\n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= "\n"; + fwrite($fout, $xml); + unset($xml); + fclose($fout); - $event_socket_ip_address = $row['event_socket_ip_address']; - if (strlen($event_socket_ip_address) == 0) { $event_socket_ip_address = '127.0.0.1'; } + $event_socket_ip_address = $row['event_socket_ip_address']; + if (strlen($event_socket_ip_address) == 0) { $event_socket_ip_address = '127.0.0.1'; } - $fout = fopen($_SESSION['switch']['conf']['dir']."/autoload_configs/event_socket.conf.xml","w"); - $xml = "\n"; + $fout = fopen($_SESSION['switch']['conf']['dir']."/autoload_configs/event_socket.conf.xml","w"); + $xml = "\n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + if (strlen($row['event_socket_acl']) > 0) { + $xml .= " \n"; + } + $xml .= " \n"; + $xml .= ""; + fwrite($fout, $xml); + unset($xml, $event_socket_password); + fclose($fout); + + $fout = fopen($_SESSION['switch']['conf']['dir']."/autoload_configs/xml_rpc.conf.xml","w"); + $xml = "\n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= "\n"; + fwrite($fout, $xml); + unset($xml); + fclose($fout); + + //shout.conf.xml + $fout = fopen($_SESSION['switch']['conf']['dir']."/autoload_configs/shout.conf.xml","w"); + $xml = "\n"; $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - if (strlen($row['event_socket_acl']) > 0) { - $xml .= " \n"; - } + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; + $xml .= " \n"; $xml .= " \n"; $xml .= ""; fwrite($fout, $xml); - unset($xml, $event_socket_password); - fclose($fout); - - $fout = fopen($_SESSION['switch']['conf']['dir']."/autoload_configs/xml_rpc.conf.xml","w"); - $xml = "\n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= "\n"; - fwrite($fout, $xml); unset($xml); fclose($fout); - - //shout.conf.xml - $fout = fopen($_SESSION['switch']['conf']['dir']."/autoload_configs/shout.conf.xml","w"); - $xml = "\n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= " \n"; - $xml .= ""; - fwrite($fout, $xml); - unset($xml); - fclose($fout); - - break; //limit to 1 row - } - unset ($prep_statement); } + unset($sql, $row); //apply settings $_SESSION["reload_xml"] = true; @@ -226,13 +210,13 @@ function save_setting_xml() { } function filename_safe($filename) { - // lower case + //lower case $filename = strtolower($filename); - // replace spaces with a '_' + //replace spaces with a '_' $filename = str_replace(" ", "_", $filename); - // loop through string + //loop through string $result = ''; for ($i=0; $iconnect(); - $db = $database->db; - //delete all old gateways to prepare for new ones if (count($_SESSION["domains"]) > 1) { $v_needle = 'v_'.$_SESSION['domain_name'].'-'; @@ -274,112 +252,114 @@ function save_gateway_xml() { //get the list of gateways and write the xml $sql = "select * from v_gateways "; - $sql .= "where (domain_uuid = '$domain_uuid' or domain_uuid is null) "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - foreach ($result as &$row) { - if ($row['enabled'] != "false") { - //set the default profile as external - $profile = $row['profile']; - if (strlen($profile) == 0) { - $profile = "external"; - } - //open the xml file - $fout = fopen($_SESSION['switch']['sip_profiles']['dir']."/".$profile."/v_".strtolower($row['gateway_uuid']).".xml","w"); - //build the xml - $xml .= "\n"; - $xml .= " \n"; - if (strlen($row['username']) > 0) { - $xml .= " \n"; - } - if (strlen($row['distinct_to']) > 0) { - $xml .= " \n"; - } - if (strlen($row['auth_username']) > 0) { - $xml .= " \n"; - } - if (strlen($row['password']) > 0) { - $xml .= " \n"; - } - if (strlen($row['realm']) > 0) { - $xml .= " \n"; - } - if (strlen($row['from_user']) > 0) { - $xml .= " \n"; - } - if (strlen($row['from_domain']) > 0) { - $xml .= " \n"; - } - if (strlen($row['proxy']) > 0) { - $xml .= " \n"; - } - if (strlen($row['register_proxy']) > 0) { - $xml .= " \n"; - } - if (strlen($row['outbound_proxy']) > 0) { - $xml .= " \n"; - } - if (strlen($row['expire_seconds']) > 0) { - $xml .= " \n"; - } - if (strlen($row['register']) > 0) { - $xml .= " \n"; - } - - if (strlen($row['register_transport']) > 0) { - switch ($row['register_transport']) { - case "udp": - $xml .= " \n"; - break; - case "tcp": - $xml .= " \n"; - break; - case "tls": - $xml .= " \n"; - $xml .= " \n"; - break; - default: - $xml .= " \n"; + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as &$row) { + if ($row['enabled'] != "false") { + //set the default profile as external + $profile = $row['profile']; + if (strlen($profile) == 0) { + $profile = "external"; + } + //open the xml file + $fout = fopen($_SESSION['switch']['sip_profiles']['dir']."/".$profile."/v_".strtolower($row['gateway_uuid']).".xml","w"); + //build the xml + $xml .= "\n"; + $xml .= " \n"; + if (strlen($row['username']) > 0) { + $xml .= " \n"; + } + if (strlen($row['distinct_to']) > 0) { + $xml .= " \n"; + } + if (strlen($row['auth_username']) > 0) { + $xml .= " \n"; + } + if (strlen($row['password']) > 0) { + $xml .= " \n"; + } + if (strlen($row['realm']) > 0) { + $xml .= " \n"; + } + if (strlen($row['from_user']) > 0) { + $xml .= " \n"; + } + if (strlen($row['from_domain']) > 0) { + $xml .= " \n"; + } + if (strlen($row['proxy']) > 0) { + $xml .= " \n"; + } + if (strlen($row['register_proxy']) > 0) { + $xml .= " \n"; + } + if (strlen($row['outbound_proxy']) > 0) { + $xml .= " \n"; + } + if (strlen($row['expire_seconds']) > 0) { + $xml .= " \n"; + } + if (strlen($row['register']) > 0) { + $xml .= " \n"; } - } - if (strlen($row['retry_seconds']) > 0) { - $xml .= " \n"; - } - if (strlen($row['extension']) > 0) { - $xml .= " \n"; - } - if (strlen($row['ping']) > 0) { - $xml .= " \n"; - } - if (strlen($row['context']) > 0) { - $xml .= " \n"; - } - if (strlen($row['caller_id_in_from']) > 0) { - $xml .= " \n"; - } - if (strlen($row['supress_cng']) > 0) { - $xml .= " \n"; - } - if (strlen($row['sip_cid_type']) > 0) { - $xml .= " \n"; - } - if (strlen($row['extension_in_contact']) > 0) { - $xml .= " \n"; - } + if (strlen($row['register_transport']) > 0) { + switch ($row['register_transport']) { + case "udp": + $xml .= " \n"; + break; + case "tcp": + $xml .= " \n"; + break; + case "tls": + $xml .= " \n"; + $xml .= " \n"; + break; + default: + $xml .= " \n"; + } + } - $xml .= " \n"; - $xml .= ""; + if (strlen($row['retry_seconds']) > 0) { + $xml .= " \n"; + } + if (strlen($row['extension']) > 0) { + $xml .= " \n"; + } + if (strlen($row['ping']) > 0) { + $xml .= " \n"; + } + if (strlen($row['context']) > 0) { + $xml .= " \n"; + } + if (strlen($row['caller_id_in_from']) > 0) { + $xml .= " \n"; + } + if (strlen($row['supress_cng']) > 0) { + $xml .= " \n"; + } + if (strlen($row['sip_cid_type']) > 0) { + $xml .= " \n"; + } + if (strlen($row['extension_in_contact']) > 0) { + $xml .= " \n"; + } + + $xml .= " \n"; + $xml .= ""; + + //write the xml + fwrite($fout, $xml); + unset($xml); + fclose($fout); + } - //write the xml - fwrite($fout, $xml); - unset($xml); - fclose($fout); } - - } //end foreach - unset($prep_statement); + } + unset($sql, $parameters, $result, $row); //apply settings $_SESSION["reload_xml"] = true; @@ -390,12 +370,6 @@ function save_var_xml() { if (is_array($_SESSION['switch']['conf'])) { global $config, $domain_uuid; - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - //open the vars.xml file $fout = fopen($_SESSION['switch']['conf']['dir']."/vars.xml","w"); @@ -412,32 +386,33 @@ function save_var_xml() { $sql = "select * from v_vars "; $sql .= "where var_enabled = 'true' "; $sql .= "order by var_category, var_order asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $variables = $prep_statement->fetchAll(PDO::FETCH_ASSOC); + $database = new database; + $variables = $database->select($sql, $parameters, 'all'); $prev_var_category = ''; $xml = ''; - foreach ($variables as &$row) { - if ($row['var_category'] != 'Provision') { - if ($prev_var_category != $row['var_category']) { - $xml .= "\n\n"; - if (strlen($row["var_description"]) > 0) { - $xml .= "\n"; + if (is_array($variables) && @sizeof($variables) != 0) { + foreach ($variables as &$row) { + if ($row['var_category'] != 'Provision') { + if ($prev_var_category != $row['var_category']) { + $xml .= "\n\n"; + if (strlen($row["var_description"]) > 0) { + $xml .= "\n"; + } + } + if (strlen($row['var_command']) == 0) { $row['var_command'] = 'set'; } + if ($row['var_category'] == 'Exec-Set') { $row['var_command'] = 'exec-set'; } + if (strlen($row['var_hostname']) == 0) { + $xml .= "\n"; + } elseif ($row['var_hostname'] == $hostname) { + $xml .= "\n"; } } - if (strlen($row['var_command']) == 0) { $row['var_command'] = 'set'; } - if ($row['var_category'] == 'Exec-Set') { $row['var_command'] = 'exec-set'; } - if (strlen($row['var_hostname']) == 0) { - $xml .= "\n"; - } elseif ($row['var_hostname'] == $hostname) { - $xml .= "\n"; - } + $prev_var_category = $row['var_category']; } - $prev_var_category = $row['var_category']; } $xml .= "\n"; fwrite($fout, $xml); - unset($prep_statement, $variables, $xml); + unset($sql, $variables, $xml); fclose($fout); //apply settings @@ -449,12 +424,7 @@ function save_var_xml() { } } -function outbound_route_to_bridge ($domain_uuid, $destination_number) { - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; +function outbound_route_to_bridge($domain_uuid, $destination_number) { $destination_number = trim($destination_number); preg_match('/^[\*\+0-9]*$/', $destination_number, $matches, PREG_OFFSET_CAPTURE); @@ -471,70 +441,83 @@ function outbound_route_to_bridge ($domain_uuid, $destination_number) { $hostname = trim(event_socket_request_cmd('api switchname')); $sql = "select * from v_dialplans "; - $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; - $sql .= "and (hostname = '".$hostname."' or hostname is null) "; + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + $sql .= "and (hostname = :hostname or hostname is null) "; $sql .= "and app_uuid = '8c914ec3-9fc0-8ab5-4cda-6c9288bdc9a3' "; $sql .= "and dialplan_enabled = 'true' "; $sql .= "order by dialplan_order asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - $x = 0; - foreach ($result as &$row) { - //set as variables - $dialplan_uuid = $row['dialplan_uuid']; - $dialplan_detail_tag = $row["dialplan_detail_tag"]; - $dialplan_detail_type = $row['dialplan_detail_type']; - $dialplan_continue = $row['dialplan_continue']; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['hostname'] = $hostname; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); - //get the extension number using the dialplan_uuid - $sql = "select * "; - $sql .= "from v_dialplan_details "; - $sql .= "where dialplan_uuid = '$dialplan_uuid' "; - $sql .= "order by dialplan_detail_order asc "; - $sub_result = $db->query($sql)->fetchAll(PDO::FETCH_ASSOC); - $regex_match = false; - foreach ($sub_result as &$sub_row) { - if ($sub_row['dialplan_detail_tag'] == "condition") { - if ($sub_row['dialplan_detail_type'] == "destination_number") { - $dialplan_detail_data = $sub_row['dialplan_detail_data']; - $pattern = '/'.$dialplan_detail_data.'/'; - preg_match($pattern, $destination_number, $matches, PREG_OFFSET_CAPTURE); - if (count($matches) == 0) { - $regex_match = false; + if (is_array($result) && @sizeof($result) != 0) { + $x = 0; + foreach ($result as &$row) { + //set as variables + $dialplan_uuid = $row['dialplan_uuid']; + $dialplan_detail_tag = $row["dialplan_detail_tag"]; + $dialplan_detail_type = $row['dialplan_detail_type']; + $dialplan_continue = $row['dialplan_continue']; + + //get the extension number using the dialplan_uuid + $sql = "select * "; + $sql .= "from v_dialplan_details "; + $sql .= "where dialplan_uuid = :dialplan_uuid "; + $sql .= "order by dialplan_detail_order asc "; + $parameters['dialplan_uuid'] = $dialplan_uuid; + $database = new database; + $sub_result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + + $regex_match = false; + if (is_array($sub_result) && @sizeof($sub_result) != 0) { + foreach ($sub_result as &$sub_row) { + if ($sub_row['dialplan_detail_tag'] == "condition") { + if ($sub_row['dialplan_detail_type'] == "destination_number") { + $dialplan_detail_data = $sub_row['dialplan_detail_data']; + $pattern = '/'.$dialplan_detail_data.'/'; + preg_match($pattern, $destination_number, $matches, PREG_OFFSET_CAPTURE); + if (count($matches) == 0) { + $regex_match = false; + } + else { + $regex_match = true; + $regex_match_1 = $matches[1][0]; + $regex_match_2 = $matches[2][0]; + $regex_match_3 = $matches[3][0]; + $regex_match_4 = $matches[4][0]; + $regex_match_5 = $matches[5][0]; + } } - else { - $regex_match = true; - $regex_match_1 = $matches[1][0]; - $regex_match_2 = $matches[2][0]; - $regex_match_3 = $matches[3][0]; - $regex_match_4 = $matches[4][0]; - $regex_match_5 = $matches[5][0]; - } - } - } - } - if ($regex_match) { - foreach ($sub_result as &$sub_row) { - $dialplan_detail_data = $sub_row['dialplan_detail_data']; - if ($sub_row['dialplan_detail_tag'] == "action" && $sub_row['dialplan_detail_type'] == "bridge" && $dialplan_detail_data != "\${enum_auto_route}") { - $dialplan_detail_data = str_replace("\$1", $regex_match_1, $dialplan_detail_data); - $dialplan_detail_data = str_replace("\$2", $regex_match_2, $dialplan_detail_data); - $dialplan_detail_data = str_replace("\$3", $regex_match_3, $dialplan_detail_data); - $dialplan_detail_data = str_replace("\$4", $regex_match_4, $dialplan_detail_data); - $dialplan_detail_data = str_replace("\$5", $regex_match_5, $dialplan_detail_data); - //echo "dialplan_detail_data: $dialplan_detail_data"; - $bridge_array[$x] = $dialplan_detail_data; - $x++; - if ($dialplan_continue == "false") { - break 2; } } } - } + unset($sub_result, $sub_result); + + if ($regex_match) { + foreach ($sub_result as &$sub_row) { + $dialplan_detail_data = $sub_row['dialplan_detail_data']; + if ($sub_row['dialplan_detail_tag'] == "action" && $sub_row['dialplan_detail_type'] == "bridge" && $dialplan_detail_data != "\${enum_auto_route}") { + $dialplan_detail_data = str_replace("\$1", $regex_match_1, $dialplan_detail_data); + $dialplan_detail_data = str_replace("\$2", $regex_match_2, $dialplan_detail_data); + $dialplan_detail_data = str_replace("\$3", $regex_match_3, $dialplan_detail_data); + $dialplan_detail_data = str_replace("\$4", $regex_match_4, $dialplan_detail_data); + $dialplan_detail_data = str_replace("\$5", $regex_match_5, $dialplan_detail_data); + $bridge_array[$x] = $dialplan_detail_data; + $x++; + if ($dialplan_continue == "false") { + break 2; + } + } + } + } + } } + unset($result, $row); + return $bridge_array; - unset ($prep_statement); } //$destination_number = '1231234'; //$bridge_array = outbound_route_to_bridge ($domain_uuid, $destination_number); @@ -545,53 +528,47 @@ function outbound_route_to_bridge ($domain_uuid, $destination_number) { function extension_exists($extension) { global $domain_uuid; - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - - $sql = "select 1 from v_extensions "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and (extension = '$extension' "; - $sql .= "or number_alias = '$extension') "; + $sql = "select count(*) from v_extensions "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and ( "; + $sql .= "extension = :extension "; + $sql .= "or number_alias = :extension "; + $sql .= ") "; $sql .= "and enabled = 'true' "; - $result = $db->query($sql)->fetchAll(PDO::FETCH_ASSOC); - if (count($result) > 0) { - return true; - } - else { - return false; - } + $parameters['domain_uuid'] = $domain_uuid; + $parameters['extension'] = $extension; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + return $num_rows > 0 ? true : false; + unset($sql, $parameters, $num_rows); } function extension_presence_id($extension, $number_alias = false) { global $domain_uuid; - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - if ($number_alias === false) { $sql = "select extension, number_alias from v_extensions "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and (extension = '$extension' "; - $sql .= "or number_alias = '$extension') "; - $result = $db->query($sql)->fetchAll(PDO::FETCH_ASSOC); - if (count($result) == 0) { - return false; - } - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and ( "; + $sql .= "extension = :extension "; + $sql .= "or number_alias = :extension "; + $sql .= ") "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['extension'] = $extension; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $extension = $row['extension']; $number_alias = $row['number_alias']; - break; } + else { + return false; + } + unset($sql, $parameters, $row); } - if(strlen($number_alias) > 0) { - if($_SESSION['provision']['number_as_presence_id']['text'] === 'true') { + if (strlen($number_alias) > 0) { + if ($_SESSION['provision']['number_as_presence_id']['text'] === 'true') { return $number_alias; } } @@ -599,114 +576,75 @@ function extension_presence_id($extension, $number_alias = false) { } function get_recording_filename($id) { - global $domain_uuid, $db; + global $domain_uuid; + $sql = "select * from v_recordings "; - $sql .= "where recording_uuid = '$id' "; - $sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - foreach ($result as &$row) { + $sql .= "where recording_uuid = :recording_uuid "; + $sql .= "and domain_uuid = :domain_uuid "; + $parameters['recording_uuid'] = $id; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { //$filename = $row["filename"]; //$recording_name = $row["recording_name"]; //$recording_uuid = $row["recording_uuid"]; return $row["filename"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } function dialplan_add($domain_uuid, $dialplan_uuid, $dialplan_name, $dialplan_order, $dialplan_context, $dialplan_enabled, $dialplan_description, $app_uuid) { - global $db_type; - - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - - $sql = "insert into v_dialplans "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "dialplan_uuid, "; - if (strlen($app_uuid) > 0) { - $sql .= "app_uuid, "; - } - $sql .= "dialplan_name, "; - $sql .= "dialplan_order, "; - $sql .= "dialplan_context, "; - $sql .= "dialplan_enabled, "; - $sql .= "dialplan_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'$dialplan_uuid', "; - if (strlen($app_uuid) > 0) { - $sql .= "'$app_uuid', "; - } - $sql .= "'$dialplan_name', "; - $sql .= "'$dialplan_order', "; - $sql .= "'$dialplan_context', "; - $sql .= "'$dialplan_enabled', "; - $sql .= "'$dialplan_description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + //build insert array + $array['dialplans'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplans'][0]['domain_uuid'] = $domain_uuid; + if (is_uuid($app_uuid)) { + $array['dialplans'][0]['app_uuid'] = $app_uuid; + } + $array['dialplans'][0]['dialplan_name'] = $dialplan_name; + $array['dialplans'][0]['dialplan_order'] = $dialplan_order; + $array['dialplans'][0]['dialplan_context'] = $dialplan_context; + $array['dialplans'][0]['dialplan_enabled'] = $dialplan_enabled; + $array['dialplans'][0]['dialplan_description'] = $dialplan_description; + //grant temporary permissions + $p = new permissions; + $p->add('dialplan_add', 'temp'); + //execute insert + $database = new database; + $database->app_name = 'switch-function-dialplan_add'; + $database->app_uuid = '2fa2243c-47a1-41a0-b144-eb2b609219e0'; + $database->save($array); + unset($array); + //revoke temporary permissions + $p = new permissions; + $p->delete('dialplan_add', 'temp'); } function dialplan_detail_add($domain_uuid, $dialplan_uuid, $dialplan_detail_tag, $dialplan_detail_order, $dialplan_detail_group, $dialplan_detail_type, $dialplan_detail_data, $dialplan_detail_break = null, $dialplan_detail_inline = null) { - - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - - $dialplan_detail_uuid = uuid(); - $sql = "insert into v_dialplan_details "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "dialplan_uuid, "; - $sql .= "dialplan_detail_uuid, "; - $sql .= "dialplan_detail_tag, "; - $sql .= "dialplan_detail_group, "; - $sql .= "dialplan_detail_order, "; - $sql .= "dialplan_detail_type, "; - $sql .= "dialplan_detail_data, "; - $sql .= "dialplan_detail_break, "; - $sql .= "dialplan_detail_inline "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'".check_str($dialplan_uuid)."', "; - $sql .= "'".check_str($dialplan_detail_uuid)."', "; - $sql .= "'".check_str($dialplan_detail_tag)."', "; - if (strlen($dialplan_detail_group) == 0) { - $sql .= "null, "; - } - else { - $sql .= "'".check_str($dialplan_detail_group)."', "; - } - $sql .= "'".check_str($dialplan_detail_order)."', "; - $sql .= "'".check_str($dialplan_detail_type)."', "; - $sql .= "'".check_str($dialplan_detail_data)."', "; - if (strlen($dialplan_detail_break) == 0) { - $sql .= "null, "; - } - else { - $sql .= "'".check_str($dialplan_detail_break)."', "; - } - if (strlen($dialplan_detail_inline) == 0) { - $sql .= "null "; - } - else { - $sql .= "'".check_str($dialplan_detail_inline)."' "; - } - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + //build insert array + $dialplan_detail_uuid = uuid(); + $array['dialplan_details'][0]['dialplan_detail_uuid'] = $dialplan_detail_uuid; + $array['dialplan_details'][0]['domain_uuid'] = $domain_uuid; + $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplan_details'][0]['dialplan_detail_tag'] = $dialplan_detail_tag; + $array['dialplan_details'][0]['dialplan_detail_group'] = strlen($dialplan_detail_group) != 0 ? $dialplan_detail_group : null; + $array['dialplan_details'][0]['dialplan_detail_order'] = $dialplan_detail_order; + $array['dialplan_details'][0]['dialplan_detail_type'] = $dialplan_detail_type; + $array['dialplan_details'][0]['dialplan_detail_data'] = $dialplan_detail_data; + $array['dialplan_details'][0]['dialplan_detail_break'] = strlen($dialplan_detail_break) != 0 ? $dialplan_detail_break : null; + $array['dialplan_details'][0]['dialplan_detail_inline'] = strlen($dialplan_detail_inline) != 0 ? $dialplan_detail_inline : null; + //grant temporary permissions + $p = new permissions; + $p->add('dialplan_detail_add', 'temp'); + //execute insert + $database = new database; + $database->app_name = 'switch-function-dialplan_detail_add'; + $database->app_uuid = '53ea51fc-a7ef-4726-9482-383984dc7747'; + $database->save($array); + unset($array); + //revoke temporary permissions + $p = new permissions; + $p->delete('dialplan_detail_add', 'temp'); } function save_dialplan_xml() { @@ -739,13 +677,11 @@ function save_dialplan_xml() { if (is_dir($_SESSION['switch']['dialplan']['dir'])) { $sql = "select * from v_dialplans "; $sql .= "where dialplan_enabled = 'true' "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && @sizeof($result) != 0) { foreach ($result as &$row) { - $tmp = ""; - $tmp .= "\n"; + $tmp = "\n"; $first_action = true; $dialplan_continue = ''; @@ -755,94 +691,94 @@ function save_dialplan_xml() { $tmp = "\n"; - $sql = " select * from v_dialplan_details "; - $sql .= " where dialplan_uuid = '".$row['dialplan_uuid']."' "; - $sql .= " order by dialplan_detail_group asc, dialplan_detail_order asc "; - $prep_statement_2 = $db->prepare($sql); - if ($prep_statement_2) { - $prep_statement_2->execute(); - $result2 = $prep_statement_2->fetchAll(PDO::FETCH_NAMED); - $result_count2 = count($result2); - unset ($prep_statement_2, $sql); + $sql = "select * from v_dialplan_details "; + $sql .= "where dialplan_uuid = :dialplan_uuid "; + $sql .= "order by dialplan_detail_group asc, dialplan_detail_order asc "; + $parameters['dialplan_uuid'] = $row['dialplan_uuid']; + $database = new database; + $result_2 = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + if (sizeof($result_2) && @sizeof($result_2) != 0) { //create a new array that is sorted into groups and put the tags in order conditions, actions, anti-actions $details = array(); $previous_tag = ''; $details[$group]['condition_count'] = ''; - //conditions - $x = 0; - $y = 0; - foreach($result2 as $row2) { - if ($row2['dialplan_detail_tag'] == "condition") { - //get the group - $group = $row2['dialplan_detail_group']; - //get the generic type - switch ($row2['dialplan_detail_type']) { - case "hour": - case "minute": - case "minute-of-day": - case "time-of-day": - case "mday": - case "mweek": - case "mon": - case "yday": - case "year": - case "wday": - case "week": - $type = 'time'; - break; - default: - $type = 'default'; - } - - //add the conditions to the details array - $details[$group]['condition-'.$x]['dialplan_detail_tag'] = $row2['dialplan_detail_tag']; - $details[$group]['condition-'.$x]['dialplan_detail_type'] = $row2['dialplan_detail_type']; - $details[$group]['condition-'.$x]['dialplan_uuid'] = $row2['dialplan_uuid']; - $details[$group]['condition-'.$x]['dialplan_detail_order'] = $row2['dialplan_detail_order']; - $details[$group]['condition-'.$x]['field'][$y]['type'] = $row2['dialplan_detail_type']; - $details[$group]['condition-'.$x]['field'][$y]['data'] = $row2['dialplan_detail_data']; - $details[$group]['condition-'.$x]['dialplan_detail_break'] = $row2['dialplan_detail_break']; - $details[$group]['condition-'.$x]['dialplan_detail_group'] = $row2['dialplan_detail_group']; - $details[$group]['condition-'.$x]['dialplan_detail_inline'] = $row2['dialplan_detail_inline']; - if ($type == "time") { - $y++; - } - } - if ($type == "default") { - $x++; - $y = 0; - } - } - - //actions - $x = 0; - foreach($result2 as $row2) { - if ($row2['dialplan_detail_tag'] == "action") { - $group = $row2['dialplan_detail_group']; - foreach ($row2 as $key => $val) { - $details[$group]['action-'.$x][$key] = $val; + //conditions + $x = 0; + $y = 0; + foreach ($result_2 as $row_2) { + if ($row_2['dialplan_detail_tag'] == "condition") { + //get the group + $group = $row_2['dialplan_detail_group']; + //get the generic type + switch ($row_2['dialplan_detail_type']) { + case "hour": + case "minute": + case "minute-of-day": + case "time-of-day": + case "mday": + case "mweek": + case "mon": + case "yday": + case "year": + case "wday": + case "week": + $type = 'time'; + break; + default: + $type = 'default'; } - } - $x++; - } - //anti-actions - $x = 0; - foreach($result2 as $row2) { - if ($row2['dialplan_detail_tag'] == "anti-action") { - $group = $row2['dialplan_detail_group']; - foreach ($row2 as $key => $val) { - $details[$group]['anti-action-'.$x][$key] = $val; + + //add the conditions to the details array + $details[$group]['condition-'.$x]['dialplan_detail_tag'] = $row_2['dialplan_detail_tag']; + $details[$group]['condition-'.$x]['dialplan_detail_type'] = $row_2['dialplan_detail_type']; + $details[$group]['condition-'.$x]['dialplan_uuid'] = $row_2['dialplan_uuid']; + $details[$group]['condition-'.$x]['dialplan_detail_order'] = $row_2['dialplan_detail_order']; + $details[$group]['condition-'.$x]['field'][$y]['type'] = $row_2['dialplan_detail_type']; + $details[$group]['condition-'.$x]['field'][$y]['data'] = $row_2['dialplan_detail_data']; + $details[$group]['condition-'.$x]['dialplan_detail_break'] = $row_2['dialplan_detail_break']; + $details[$group]['condition-'.$x]['dialplan_detail_group'] = $row_2['dialplan_detail_group']; + $details[$group]['condition-'.$x]['dialplan_detail_inline'] = $row_2['dialplan_detail_inline']; + if ($type == "time") { + $y++; } - } - $x++; } - unset($result2); + if ($type == "default") { + $x++; + $y = 0; + } + } + + //actions + $x = 0; + foreach($result_2 as $row_2) { + if ($row_2['dialplan_detail_tag'] == "action") { + $group = $row_2['dialplan_detail_group']; + foreach ($row_2 as $key => $val) { + $details[$group]['action-'.$x][$key] = $val; + } + } + $x++; + } + + //anti-actions + $x = 0; + foreach($result_2 as $row_2) { + if ($row_2['dialplan_detail_tag'] == "anti-action") { + $group = $row_2['dialplan_detail_group']; + foreach ($row_2 as $key => $val) { + $details[$group]['anti-action-'.$x][$key] = $val; + } + } + $x++; + } + + unset($result_2, $row_2); } - $i=1; - if ($result_count2 > 0) { - foreach($details as $group) { + if (is_array($details) && @sizeof($details) != 0) { + foreach ($details as $group) { $current_count = 0; $x = 0; foreach($group as $ent) { @@ -901,13 +837,14 @@ function save_dialplan_xml() { //get the count $count = 0; - foreach($details as $group2) { - foreach($group2 as $ent2) { - if ($ent2['dialplan_detail_group'] == $ent['dialplan_detail_group'] && $ent2['dialplan_detail_tag'] == "condition") { + foreach($details as $group_2) { + foreach($group_2 as $ent_2) { + if ($ent_2['dialplan_detail_group'] == $ent['dialplan_detail_group'] && $ent_2['dialplan_detail_tag'] == "condition") { $count++; } } } + unset($group_2, $ent_2); //use the correct type of dialplan_detail_tag open or self closed if ($count == 1) { //single condition @@ -966,18 +903,15 @@ function save_dialplan_xml() { } //set the previous dialplan_detail_tag $previous_tag = $ent['dialplan_detail_tag']; - $i++; - } //end foreach + + } if ($close_condition_tag == true) { $tmp .= " \n"; } $x++; } - if ($condition_count > 0) { - $condition_count = $result_count2; - } - unset($sql, $result_count2, $result2, $row_count2); - } //end if results + unset($sql, $result_2, $row_count2); + } $tmp .= "\n"; $dialplan_order = $row['dialplan_order']; @@ -1017,12 +951,12 @@ function save_dialplan_xml() { } unset($dialplan_filename); unset($tmp); - } //end while + } //apply settings $_SESSION["reload_xml"] = true; } - } //end if (is_dir($_SESSION['switch']['dialplan']['dir'])) + } } if (!function_exists('phone_letter_to_number')) { @@ -1043,22 +977,15 @@ if (!function_exists('save_call_center_xml')) { function save_call_center_xml() { global $domain_uuid; - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - if (strlen($_SESSION['switch']['call_center']['dir']) > 0) { //get the call center queue array $sql = "select * from v_call_center_queues "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $call_center_queues = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - $result_count = count($call_center_queues); - unset ($prep_statement, $sql); - if ($result_count > 0) { + $database = new database; + $call_center_queues = $database->select($sql, null, 'all'); + unset($sql); + + if (is_array($call_center_queues) && @sizeof($call_center_queues) != 0) { //prepare Queue XML string $x=0; @@ -1088,7 +1015,7 @@ if (!function_exists('save_call_center_xml')) { $v_queues .= "\n"; $v_queues .= " "; } - $v_queues .= "\n"; + $v_queues .= " \n"; $v_queues .= " \n"; if (strlen($queue_moh_sound) == 0) { $v_queues .= " \n"; @@ -1122,114 +1049,120 @@ if (!function_exists('save_call_center_xml')) { $v_queues .= " "; $x++; } - unset ($prep_statement); //prepare Agent XML string $v_agents = ''; $sql = "select * from v_call_center_agents "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - $x=0; - foreach ($result as &$row) { - //get the values from the db and set as php variables - $agent_name = $row["agent_name"]; - $agent_type = $row["agent_type"]; - $agent_call_timeout = $row["agent_call_timeout"]; - $agent_contact = $row["agent_contact"]; - $agent_status = $row["agent_status"]; - $agent_no_answer_delay_time = $row["agent_no_answer_delay_time"]; - $agent_max_no_answer = $row["agent_max_no_answer"]; - $agent_wrap_up_time = $row["agent_wrap_up_time"]; - $agent_reject_delay_time = $row["agent_reject_delay_time"]; - $agent_busy_delay_time = $row["agent_busy_delay_time"]; - if ($x > 0) { - $v_agents .= "\n"; - $v_agents .= " "; - } + $database = new database; + $result = $database->select($sql, null, 'all'); + unset($sql); - //get and then set the complete agent_contact with the call_timeout and when necessary confirm - //$tmp_confirm = "group_confirm_file=custom/press_1_to_accept_this_call.wav,group_confirm_key=1"; - //if you change this variable also change app/call_center/call_center_agent_edit.php - $tmp_confirm = "group_confirm_file=custom/press_1_to_accept_this_call.wav,group_confirm_key=1,group_confirm_read_timeout=2000,leg_timeout=".$agent_call_timeout; - if(strstr($agent_contact, '}') === FALSE) { - //not found - if(stristr($agent_contact, 'sofia/gateway') === FALSE) { - //add the call_timeout - $tmp_agent_contact = "{call_timeout=".$agent_call_timeout."}".$agent_contact; + $x=0; + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as &$row) { + //get the values from the db and set as php variables + $agent_name = $row["agent_name"]; + $agent_type = $row["agent_type"]; + $agent_call_timeout = $row["agent_call_timeout"]; + $agent_contact = $row["agent_contact"]; + $agent_status = $row["agent_status"]; + $agent_no_answer_delay_time = $row["agent_no_answer_delay_time"]; + $agent_max_no_answer = $row["agent_max_no_answer"]; + $agent_wrap_up_time = $row["agent_wrap_up_time"]; + $agent_reject_delay_time = $row["agent_reject_delay_time"]; + $agent_busy_delay_time = $row["agent_busy_delay_time"]; + if ($x > 0) { + $v_agents .= "\n"; + $v_agents .= " "; } - else { - //add the call_timeout and confirm - $tmp_agent_contact = $tmp_first.',call_timeout='.$agent_call_timeout.$tmp_last; - $tmp_agent_contact = "{".$tmp_confirm.",call_timeout=".$agent_call_timeout."}".$agent_contact; - } - } - else { - //found - if(stristr($agent_contact, 'sofia/gateway') === FALSE) { + + //get and then set the complete agent_contact with the call_timeout and when necessary confirm + //$tmp_confirm = "group_confirm_file=custom/press_1_to_accept_this_call.wav,group_confirm_key=1"; + //if you change this variable also change app/call_center/call_center_agent_edit.php + $tmp_confirm = "group_confirm_file=custom/press_1_to_accept_this_call.wav,group_confirm_key=1,group_confirm_read_timeout=2000,leg_timeout=".$agent_call_timeout; + if(strstr($agent_contact, '}') === FALSE) { //not found - if(stristr($agent_contact, 'call_timeout') === FALSE) { + if(stristr($agent_contact, 'sofia/gateway') === FALSE) { //add the call_timeout - $tmp_pos = strrpos($agent_contact, "}"); - $tmp_first = substr($agent_contact, 0, $tmp_pos); - $tmp_last = substr($agent_contact, $tmp_pos); - $tmp_agent_contact = $tmp_first.',call_timeout='.$agent_call_timeout.$tmp_last; + $tmp_agent_contact = "{call_timeout=".$agent_call_timeout."}".$agent_contact; } else { - //the string has the call timeout - $tmp_agent_contact = $agent_contact; + //add the call_timeout and confirm + $tmp_agent_contact = $tmp_first.',call_timeout='.$agent_call_timeout.$tmp_last; + $tmp_agent_contact = "{".$tmp_confirm.",call_timeout=".$agent_call_timeout."}".$agent_contact; } } else { //found - $tmp_pos = strrpos($agent_contact, "}"); - $tmp_first = substr($agent_contact, 0, $tmp_pos); - $tmp_last = substr($agent_contact, $tmp_pos); - if(stristr($agent_contact, 'call_timeout') === FALSE) { - //add the call_timeout and confirm - $tmp_agent_contact = $tmp_first.','.$tmp_confirm.',call_timeout='.$agent_call_timeout.$tmp_last; + if(stristr($agent_contact, 'sofia/gateway') === FALSE) { + //not found + if(stristr($agent_contact, 'call_timeout') === FALSE) { + //add the call_timeout + $tmp_pos = strrpos($agent_contact, "}"); + $tmp_first = substr($agent_contact, 0, $tmp_pos); + $tmp_last = substr($agent_contact, $tmp_pos); + $tmp_agent_contact = $tmp_first.',call_timeout='.$agent_call_timeout.$tmp_last; + } + else { + //the string has the call timeout + $tmp_agent_contact = $agent_contact; + } } else { - //add confirm - $tmp_agent_contact = $tmp_first.','.$tmp_confirm.$tmp_last; + //found + $tmp_pos = strrpos($agent_contact, "}"); + $tmp_first = substr($agent_contact, 0, $tmp_pos); + $tmp_last = substr($agent_contact, $tmp_pos); + if(stristr($agent_contact, 'call_timeout') === FALSE) { + //add the call_timeout and confirm + $tmp_agent_contact = $tmp_first.','.$tmp_confirm.',call_timeout='.$agent_call_timeout.$tmp_last; + } + else { + //add confirm + $tmp_agent_contact = $tmp_first.','.$tmp_confirm.$tmp_last; + } } } - } - $v_agents .= "prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); + $database = new database; + $result = $database->select($sql, null, 'all'); + unset($sql); + $x=0; - foreach ($result as &$row) { - $agent_name = $row["agent_name"]; - $queue_name = $row["queue_name"]; - $tier_level = $row["tier_level"]; - $tier_position = $row["tier_position"]; - if ($x > 0) { - $v_tiers .= "\n"; - $v_tiers .= " "; + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as &$row) { + $agent_name = $row["agent_name"]; + $queue_name = $row["queue_name"]; + $tier_level = $row["tier_level"]; + $tier_position = $row["tier_position"]; + if ($x > 0) { + $v_tiers .= "\n"; + $v_tiers .= " "; + } + $v_tiers .= ""; + $x++; } - $v_tiers .= ""; - $x++; } + unset($result, $row); //set the path if (file_exists('/usr/share/examples/fusionpbx/resources/templates/conf')) { @@ -1244,13 +1177,13 @@ if (!function_exists('save_call_center_xml')) { //add the Call Center Queues, Agents and Tiers to the XML config $file_contents = str_replace("{v_queues}", $v_queues, $file_contents); - unset ($v_queues); + unset($v_queues); $file_contents = str_replace("{v_agents}", $v_agents, $file_contents); - unset ($v_agents); + unset($v_agents); $file_contents = str_replace("{v_tiers}", $v_tiers, $file_contents); - unset ($v_tiers); + unset($v_tiers); //write the XML config file $fout = fopen($_SESSION['switch']['conf']['dir']."/autoload_configs/callcenter.conf.xml","w"); @@ -1262,22 +1195,15 @@ if (!function_exists('save_call_center_xml')) { //apply settings $_SESSION["reload_xml"] = true; + } + unset($call_center_queues); } } } if (!function_exists('switch_conf_xml')) { function switch_conf_xml() { - //get the global variables - global $domain_uuid; - - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - //get the contents of the template if (file_exists('/usr/share/examples/fusionpbx/resources/templates/conf')) { $path = "/usr/share/examples/fusionpbx/resources/templates/conf"; @@ -1335,16 +1261,6 @@ if (!function_exists('switch_conf_xml')) { if (!function_exists('xml_cdr_conf_xml')) { function xml_cdr_conf_xml() { - - //get the global variables - global $domain_uuid; - - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - //get the contents of the template if (file_exists('/usr/share/examples/fusionpbx/resources/templates/conf')) { $path = "/usr/share/examples/fusionpbx/resources/templates/conf"; @@ -1379,7 +1295,6 @@ if (!function_exists('xml_cdr_conf_xml')) { if (!function_exists('save_sip_profile_xml')) { function save_sip_profile_xml() { - //skip saving the sip profile xml if the directory is not set if (strlen($_SESSION['switch']['sip_profiles']['dir']) == 0) { return; @@ -1389,26 +1304,16 @@ if (!function_exists('save_sip_profile_xml')) { $profile_dir = $_SESSION['switch']['conf']['dir']."/sip_profiles"; if (!is_readable($profile_dir)) { event_socket_mkdir($profile_dir); } - //get the global variables - global $domain_uuid; - - //get the database connection - require_once "resources/classes/database.php"; - $database = new database; - $database->connect(); - $db = $database->db; - //get the sip profiles from the database $sql = "select * from v_sip_profiles"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(); - $result_count = count($result); - unset ($prep_statement, $sql); - if ($result_count > 0) { + $database = new database; + $result = $database->select($sql, null, 'all'); + unset($sql); + + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { - $sip_profile_uuid = $row['sip_profile_uuid']; - $sip_profile_name = $row['sip_profile_name']; + $sip_profile_uuid = $row['sip_profile_uuid']; + $sip_profile_name = $row['sip_profile_name']; $sip_profile_enabled = $row['sip_profile_enabled']; if ($sip_profile_enabled == 'false') { @@ -1429,16 +1334,18 @@ if (!function_exists('save_sip_profile_xml')) { //get the sip profile settings $sql = "select * from v_sip_profile_settings "; - $sql .= "where sip_profile_uuid = '$sip_profile_uuid' "; + $sql .= "where sip_profile_uuid = :sip_profile_uuid "; $sql .= "and sip_profile_setting_enabled = 'true' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(); - $sip_profile_settings = ''; - foreach ($result as &$row) { - $sip_profile_settings .= " \n"; + $parameters['sip_profile_uuid'] = $sip_profile_uuid; + $database = new database; + $result_2 = $database->select($sql, $parameters, 'all'); + if (is_array($result_2) && @sizeof($result_2) != 0) { + $sip_profile_settings = ''; + foreach ($result_2 as &$row_2) { + $sip_profile_settings .= " \n"; + } } - unset ($prep_statement); + unset($sql, $parameters, $result_2, $row_2); //replace the values in the template $file_contents = str_replace("{v_sip_profile_name}", $sip_profile_name, $file_contents); @@ -1454,9 +1361,9 @@ if (!function_exists('save_sip_profile_xml')) { //if the directory does not exist then create it if (!is_readable($profile_dir.'/'.$sip_profile_name)) { event_socket_mkdir($profile_dir.'/'.$sip_profile_name); } - } //end foreach - unset($sql, $result, $row_count); - } //end if results + } + unset($result, $row); + } //apply settings $_SESSION["reload_xml"] = true; @@ -1604,4 +1511,4 @@ if(!function_exists('win_find_php')) { } } -?> +?> \ No newline at end of file diff --git a/secure/fax_to_email.php b/secure/fax_to_email.php index 6ad73757aa..354dfe7935 100755 --- a/secure/fax_to_email.php +++ b/secure/fax_to_email.php @@ -39,7 +39,7 @@ if (defined('STDIN')) { //echo "$document_root is document_root\n"; } -if (stristr(PHP_OS, 'WIN')) { $IS_WINDOWS = true; } else { $IS_WINDOWS = false; } +$IS_WINDOWS = stristr(PHP_OS, 'WIN') ? true : false; if (!function_exists('exec_in_dir')) { function exec_in_dir($dir, $cmd, &$ok){ @@ -119,7 +119,7 @@ if (!function_exists('tiff2pdf')) { } if (!file_exists($dir_fax_temp)){ - echo"can not create temporary directory"; + echo "can not create temporary directory"; return false; // } @@ -127,7 +127,7 @@ if (!function_exists('tiff2pdf')) { $ok = false; $resp = exec_in_dir($dir_fax, $cmd, $ok); if (!$ok){ - echo"can not find fax resoulution"; + echo "can not find fax resoulution"; return false; // "can not find fax resoulution" } @@ -142,7 +142,7 @@ if (!function_exists('tiff2pdf')) { $cmd = "tiffinfo " . $tiff_file_name . ' | grep "Image Width:"'; $resp = exec_in_dir($dir_fax, $cmd, $ok); if (!$ok){ - echo"can not find fax size"; + echo "can not find fax size"; return false; // "can not find fax size" } @@ -193,11 +193,11 @@ if (!function_exists('tiff2pdf')) { } if (!function_exists('fax_enqueue')) { - function fax_enqueue($fax_uuid, $fax_file, $wav_file, $reply_address, $fax_uri, $fax_dtmf, $dial_string){ - global $db, $db_type; + function fax_enqueue($fax_uuid, $fax_file, $wav_file, $reply_address, $fax_uri, $fax_dtmf, $dial_string) { + global $db_type; $fax_task_uuid = uuid(); - $dial_string .= "fax_task_uuid='" . $fax_task_uuid . "',"; + $dial_string .= "fax_task_uuid='".$fax_task_uuid."',"; $description = ''; //! @todo add description if ($db_type == "pgsql") { $date_utc_now_sql = "NOW() at time zone 'utc'"; @@ -209,38 +209,64 @@ if (!function_exists('fax_enqueue')) { $date_utc_now_sql = "datetime('now')"; } - $sql = "INSERT INTO v_fax_tasks (fax_task_uuid, fax_uuid, "; - $sql .= " task_next_time, task_lock_time, "; - $sql .= " task_fax_file, task_wav_file, task_uri, task_dial_string, task_dtmf, "; - $sql .= " task_interrupted, task_status, task_no_answer_counter, task_no_answer_retry_counter, task_retry_counter, "; - $sql .= " task_reply_address, task_description) "; - $sql .= "VALUES ( "; - $sql .= " :fax_task_uuid, :fax_uuid, "; - $sql .= " ".$date_utc_now_sql.", NULL, "; - $sql .= " :fax_file, :wav_file, :fax_uri, :dial_string, :fax_dtmf, "; - $sql .= " 'false', 0, 0, 0, 0, "; - $sql .= " :reply_address, :description, "; - $sql .= "); "; - $statement = $db->prepare($sql); - $statement->bindParam(':fax_task_uuid', $fax_task_uuid); - $statement->bindParam(':fax_uuid', $fax_uuid); - $statement->bindParam(':fax_file', $fax_file); - $statement->bindParam(':wav_file', $wav_file); - $statement->bindParam(':fax_uri', $fax_uri); - $statement->bindParam(':dial_string', $dial_string); - $statement->bindParam(':fax_dtmf', $fax_dtmf); - $statement->bindParam(':reply_address', $reply_address); - $statement->bindParam(':description', $description); - if ($statement->execute()) { - $response = 'Success'; + $sql = "insert into v_fax_tasks"; + $sql .= "( "; + $sql .= "fax_task_uuid, "; + $sql .= "fax_uuid, "; + $sql .= "task_next_time, "; + $sql .= "task_lock_time, "; + $sql .= "task_fax_file, "; + $sql .= "task_wav_file, "; + $sql .= "task_uri, "; + $sql .= "task_dial_string, "; + $sql .= "task_dtmf, "; + $sql .= "task_interrupted, "; + $sql .= "task_status, "; + $sql .= "task_no_answer_counter, "; + $sql .= "task_no_answer_retry_counter,"; + $sql .= "task_retry_counter, "; + $sql .= "task_reply_address, "; + $sql .= "task_description "; + $sql .= ") "; + $sql .= "values ( "; + $sql .= ":fax_task_uuid, "; + $sql .= ":fax_uuid, "; + $sql .= $date_utc_now_sql.", "; + $sql .= "null, "; + $sql .= ":fax_file, "; + $sql .= ":wav_file, "; + $sql .= ":fax_uri, "; + $sql .= ":dial_string, "; + $sql .= ":fax_dtmf, "; + $sql .= "'false', "; + $sql .= "0, "; + $sql .= "0, "; + $sql .= "0, "; + $sql .= "0, "; + $sql .= ":reply_address, "; + $sql .= ":description "; + $sql .= ") "; + $parameters['fax_task_uuid'] = $fax_task_uuid; + $parameters['fax_uuid'] = $fax_uuid; + $parameters['fax_file'] = $fax_file; + $parameters['wav_file'] = $wav_file; + $parameters['fax_uri'] = $fax_uri; + $parameters['dial_string'] = $dial_string; + $parameters['fax_dtmf'] = $fax_dtmf; + $parameters['reply_address'] = $reply_address; + $parameters['description'] = $description; + $database = new database; + $database->execute($sql, $parameters); + $response = $database->message(); + if ($response['message'] == 'OK' && $response['code'] == '200') { + return 'Success'; } else{ //! @todo log error - $response = 'Failed'; - var_dump($db->errorInfo()); + view_array($response); + return 'Failed'; } - unset($statement); - return $response; + unset($sql, $parameters, $response); } } @@ -336,41 +362,44 @@ if (!function_exists('fax_split_dtmf')) { $mailto_address = $fax_email; //get the fax file name (only) if a full path - $fax_path = pathinfo($fax_file); + $fax_path = pathinfo($fax_file); $fax_file_only = $fax_path['basename']; $fax_file_name = $fax_path['filename']; - $dir_fax = $fax_path['dirname']; + $dir_fax = $fax_path['dirname']; //get the domain_uuid from the database $sql = "select * from v_domains "; - $sql .= "where domain_name = '".$domain_name."' "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - foreach ($result as &$row) { - //set the domain variables - $domain_uuid = $row["domain_uuid"]; - $_SESSION["domain_uuid"] = $row["domain_uuid"]; - $_SESSION["domain_name"] = $domain_name; - //set the setting arrays - $domain = new domains(); - $domain->db = $db; - $domain->set(); + $sql .= "where domain_name = :domain_name "; + $parameters['domain_name'] = $domain_name; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as &$row) { + //set the domain variables + $domain_uuid = $row["domain_uuid"]; + $_SESSION["domain_uuid"] = $row["domain_uuid"]; + $_SESSION["domain_name"] = $domain_name; + //set the setting arrays + $domain = new domains(); + $domain->db = $db; + $domain->set(); + } } - unset ($prep_statement); + unset($sql, $parameters, $result); //prepare smtp server settings // load default smtp settings - $smtp['method'] = $_SESSION['email']['smtp_method']['text']; - $smtp['host'] = (strlen($_SESSION['email']['smtp_host']['text'])?$_SESSION['email']['smtp_host']['text']:'127.0.0.1'); + $smtp['method'] = $_SESSION['email']['smtp_method']['text']; + $smtp['host'] = (strlen($_SESSION['email']['smtp_host']['text'])?$_SESSION['email']['smtp_host']['text']:'127.0.0.1'); if (isset($_SESSION['email']['smtp_port'])) { $smtp['port'] = (int)$_SESSION['email']['smtp_port']['numeric']; - } else { + } + else { $smtp['port'] = 0; } - $smtp['secure'] = $_SESSION['email']['smtp_secure']['text']; - $smtp['auth'] = $_SESSION['email']['smtp_auth']['text']; + $smtp['secure'] = $_SESSION['email']['smtp_secure']['text']; + $smtp['auth'] = $_SESSION['email']['smtp_auth']['text']; $smtp['username'] = $_SESSION['email']['smtp_username']['text']; $smtp['password'] = $_SESSION['email']['smtp_password']['text']; $smtp['from'] = $_SESSION['email']['smtp_from']['text']; @@ -384,55 +413,59 @@ if (!function_exists('fax_split_dtmf')) { } // overwrite with domain-specific smtp server settings, if any - if ($domain_uuid != '') { - $sql = "select domain_setting_subcategory, domain_setting_value "; + if (is_uuid($domain_uuid)) { + $sql = "select "; + $sql .= "domain_setting_subcategory, "; + $sql .= "domain_setting_value "; $sql .= "from v_domain_settings "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and (domain_setting_category = 'email' "; - $sql .= "or domain_setting_category = 'fax') "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and ( "; + $sql .= "domain_setting_category = 'email' "; + $sql .= "or domain_setting_category = 'fax' "; + $sql .= ") "; $sql .= "and domain_setting_name = 'text' "; $sql .= "and domain_setting_enabled = 'true' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $parameters['domain_name'] = $domain_name; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { foreach ($result as $row) { if ($row['domain_setting_value'] != '') { $smtp[str_replace('smtp_','',$row["domain_setting_subcategory"])] = $row['domain_setting_value']; } } } - unset($sql, $prep_statement); + unset($sql, $parameters, $result, $row); } // value adjustments - $smtp['method'] = ($smtp['method'] == '') ? 'smtp' : $smtp['method']; - $smtp['auth'] = ($smtp['auth'] == "true") ? true : false; - $smtp['password'] = ($smtp['password'] != '') ? $smtp['password'] : null; - $smtp['secure'] = ($smtp['secure'] != "none") ? $smtp['secure'] : null; - $smtp['username'] = ($smtp['username'] != '') ? $smtp['username'] : null; + $smtp['method'] = ($smtp['method'] == '') ? 'smtp' : $smtp['method']; + $smtp['auth'] = ($smtp['auth'] == "true") ? true : false; + $smtp['password'] = ($smtp['password'] != '') ? $smtp['password'] : null; + $smtp['secure'] = ($smtp['secure'] != "none") ? $smtp['secure'] : null; + $smtp['username'] = ($smtp['username'] != '') ? $smtp['username'] : null; //get the fax details from the database $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION["domain_uuid"]."' "; - $sql .= "and fax_extension = '$fax_extension' "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - foreach ($result as &$row) { - //set database fields as variables - //$fax_email = $row["fax_email"]; - $fax_uuid = $row["fax_uuid"]; - $fax_accountcode = $row["fax_accountcode"]; - $fax_prefix = $row["fax_prefix"]; - $fax_pin_number = $row["fax_pin_number"]; - $fax_caller_id_name = $row["fax_caller_id_name"]; - $fax_caller_id_number = $row["fax_caller_id_number"]; - $fax_forward_number = $row["fax_forward_number"]; - $fax_description = $row["fax_description"]; - $fax_email_inbound_subject_tag = $row['fax_email_inbound_subject_tag']; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_extension = :fax_extension "; + $parameters['domain_uuid'] = $_SESSION["domain_uuid"]; + $parameters['fax_extension'] = $fax_extension; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + //$fax_email = $row["fax_email"]; + $fax_uuid = $row["fax_uuid"]; + $fax_accountcode = $row["fax_accountcode"]; + $fax_prefix = $row["fax_prefix"]; + $fax_pin_number = $row["fax_pin_number"]; + $fax_caller_id_name = $row["fax_caller_id_name"]; + $fax_caller_id_number = $row["fax_caller_id_number"]; + $fax_forward_number = $row["fax_forward_number"]; + $fax_description = $row["fax_description"]; + $fax_email_inbound_subject_tag = $row['fax_email_inbound_subject_tag']; } - unset ($prep_statement); + unset($sql, $parameters, $row); //set the fax directory if (!file_exists($dir_fax) || !file_exists(path_join($dir_fax, $fax_file_only))) { @@ -461,7 +494,6 @@ if (!function_exists('fax_split_dtmf')) { $fax_file_warning = ''; } -//used for debug echo "pdf file: $pdf_file\n"; //forward the fax @@ -495,7 +527,7 @@ if (!function_exists('fax_split_dtmf')) { } } - $dial_string = "absolute_codec_string='PCMU,PCMA',"; + $dial_string = "absolute_codec_string='PCMU,PCMA',"; $dial_string .= "accountcode='" . $fax_accountcode . "',"; $dial_string .= "sip_h_X-accountcode='" . $fax_accountcode . "',"; $dial_string .= "domain_uuid=" . $_SESSION["domain_uuid"] . ","; @@ -517,19 +549,18 @@ if (!function_exists('fax_split_dtmf')) { $dial_string .= "fax_verbose=true" . ","; $dial_string .= "fax_use_ecm=off" . ","; $dial_string .= "api_hangup_hook='lua fax_retry.lua'"; - $dial_string = "{" . $dial_string . "}" . $fax_uri." &txfax('".$fax_file."')"; + $dial_string = "{" . $dial_string . "}" . $fax_uri." &txfax('".$fax_file."')"; //get the event socket information $sql = "select * from v_settings "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - foreach ($result as &$row) { + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $event_socket_ip_address = $row["event_socket_ip_address"]; $event_socket_port = $row["event_socket_port"]; $event_socket_password = $row["event_socket_password"]; - break; } + unset($sql); //create the event socket connection $fp = event_socket_create($event_socket_ip_address, $event_socket_port, $event_socket_password); @@ -537,7 +568,7 @@ if (!function_exists('fax_split_dtmf')) { //send the command with event socket if ($fp) { //prepare the fax originate command - $cmd = "api originate " . $dial_string; + $cmd = "api originate ".$dial_string; //send info to the log echo "fax forward\n"; echo $cmd."\n"; @@ -683,16 +714,17 @@ if (!function_exists('fax_split_dtmf')) { else { $fax_to_email_queue_dir = $_SESSION['switch']['storage']['dir']."/fax"; if ($email_status == 'ok') { - // log the success + //log the success $fp = fopen($fax_to_email_queue_dir."/emailed_faxes.log", "a"); fwrite($fp, $fax_file_name." received on ".$fax_extension." emailed to ".$fax_email." ".$fax_messages."\n"); fclose($fp); - } else { - // create an instruction log to email messages once the connection to the mail server has been restored + } + else { + //create an instruction log to email messages once the connection to the mail server has been restored $fp = fopen($fax_to_email_queue_dir."/failed_fax_emails.log", "a"); fwrite($fp, PHP_BINDIR."/php ".$_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/secure/fax_to_email.php email='".$fax_email."' extension=".$fax_extension." name='".$fax_file."' messages='".$fax_messages."' domain=".$domain_name." caller_id_name='".$caller_id_name."' caller_id_number=".$caller_id_number." retry=true\n"); fclose($fp); - // create a script to do the delayed mailing + //create a script to do the delayed mailing $fp = fopen($_SESSION['server']['temp']['dir']."/failed_fax_emails.sh", "w"); fwrite($fp, "rm ".$_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n"); fwrite($fp, "mv ".$fax_to_email_queue_dir."/failed_fax_emails.log ".$_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n"); @@ -700,7 +732,7 @@ if (!function_exists('fax_split_dtmf')) { fwrite($fp, $_SESSION['server']['temp']['dir']."/fax_email_retry.sh\n"); fclose($fp); $tmp_response = exec("chmod 777 ".$_SESSION['server']['temp']['dir']."/failed_fax_emails.sh"); - // note we use batch in order to execute when system load is low. Alternatively this could be replaced with AT. + //note we use batch in order to execute when system load is low. Alternatively this could be replaced with AT. $tmp_response = exec("at -f ".$_SESSION['server']['temp']['dir']."/failed_fax_emails.sh now + 3 minutes"); } } @@ -719,4 +751,4 @@ if (!function_exists('fax_split_dtmf')) { fclose($fp); } -?> +?> \ No newline at end of file diff --git a/secure/v_mailto.php b/secure/v_mailto.php index b4efb28429..52dae20e6e 100755 --- a/secure/v_mailto.php +++ b/secure/v_mailto.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2018 + Portions created by the Initial Developer are Copyright (C) 2008-2019 the Initial Developer. All Rights Reserved. Contributor(s): @@ -82,23 +82,23 @@ } //parse the email message - $mime=new mime_parser_class; + $mime = new mime_parser_class; $mime->decode_bodies = 1; - $parameters=array( + $parameters = array( //'File'=>$message_file, // Read a message from a string instead of a file - 'Data'=>$msg, + 'Data' => $msg, // Save the message body parts to a directory - // 'SaveBody'=>'/tmp', + // 'SaveBody' => '/tmp', // Do not retrieve or save message body parts - // 'SkipBody'=>1, + // 'SkipBody' => 1, ); - $success=$mime->Decode($parameters, $decoded); + $success = $mime->Decode($parameters, $decoded); - if(!$success) { + if (!$success) { echo "MIME message decoding error: ".HtmlSpecialChars($mime->error)."\n"; } else { @@ -118,7 +118,7 @@ $body = ''; $content_type = $decoded[0]['Headers']['content-type:']; if (substr($content_type, 0, 15) == "multipart/mixed" || substr($content_type, 0, 21) == "multipart/alternative") { - foreach($decoded[0]["Parts"] as $row) { + foreach ($decoded[0]["Parts"] as $row) { $body_content_type = $row["Headers"]["content-type:"]; if (substr($body_content_type, 0, 9) == "text/html") { $body = $row["Body"]; } if (substr($body_content_type, 0, 10) == "text/plain") { $body_plain = $row["Body"]; $body = $body_plain; } @@ -141,7 +141,8 @@ $smtp['host'] = (strlen($_SESSION['email']['smtp_host']['text'])?$_SESSION['email']['smtp_host']['text']:'127.0.0.1'); if (isset($_SESSION['email']['smtp_port'])) { $smtp['port'] = (int)$_SESSION['email']['smtp_port']['numeric']; - } else { + } + else { $smtp['port'] = 0; } $smtp['secure'] = $_SESSION['email']['smtp_secure']['text']; @@ -162,21 +163,21 @@ if ($headers["X-FusionPBX-Domain-UUID"] != '') { $sql = "select domain_setting_subcategory, domain_setting_value "; $sql .= "from v_domain_settings "; - $sql .= "where domain_uuid = '".$headers["X-FusionPBX-Domain-UUID"]."' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and (domain_setting_category = 'email' or domain_setting_category = 'voicemail') "; $sql .= "and domain_setting_name = 'text' "; $sql .= "and domain_setting_enabled = 'true' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $parameters['domain_uuid'] = $headers["X-FusionPBX-Domain-UUID"]; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { foreach ($result as $row) { if ($row['domain_setting_value'] != '') { $smtp[str_replace('smtp_','',$row["domain_setting_subcategory"])] = $row['domain_setting_value']; } } } - unset($sql, $prep_statement); + unset($sql, $parameters, $result, $row); } // value adjustments $smtp['auth'] = ($smtp['auth'] == "true") ? true : false; @@ -195,7 +196,10 @@ case 'mail': $mail->IsMail(); break; default: $mail->IsSMTP(); break; } - } else $mail->IsSMTP(); + } + else { + $mail->IsSMTP(); + } // optional bypass TLS certificate check e.g. for self-signed certificates if (isset($_SESSION['email']['smtp_validate_certificate'])) { @@ -257,7 +261,7 @@ $mail->AddAddress($to); } else { - foreach($to_array as $to_row) { + foreach ($to_array as $to_row) { if (strlen($to_row) > 0) { echo "Add Address: $to_row\n"; $mail->AddAddress(trim($to_row)); @@ -266,7 +270,7 @@ } //get the attachments and add to the email - if($success) { + if ($success) { foreach ($decoded[0][Parts] as &$parts_array) { $content_type = $parts_array["Parts"][0]["Headers"]["content-type:"]; //image/tiff;name="testfax.tif" @@ -325,7 +329,7 @@ //add the body to the email $body_plain = remove_tags($body); //echo "body_plain = $body_plain\n"; - if ((substr($body, 0, 5) == "ContentType = "text/html"; $mail->Body = $body."

".nl2br($transcription); $mail->AltBody = $body_plain."\n\n$transcription"; @@ -340,40 +344,40 @@ $mail->CharSet = "utf-8"; //send the email - if(!$mail->Send()) { + if (!$mail->Send()) { $mailer_error = $mail->ErrorInfo; echo "Mailer Error: ".$mailer_error."\n\n"; $call_uuid = $headers["X-FusionPBX-Call-UUID"]; if ($resend == true) { echo "Retained in v_email_logs \n"; - } else { + } + else { // log/store message in database for review if (!isset($email_log_uuid)) { - $email_log_uuid = uuid(); - $sql = "insert into v_email_logs ( "; - $sql .= "email_log_uuid, "; - if ($call_uuid) { - $sql .= "call_uuid, "; - } - $sql .= "domain_uuid, "; - $sql .= "sent_date, "; - $sql .= "type, "; - $sql .= "status, "; - $sql .= "email "; - $sql .= ") values ( "; - $sql .= "'".$email_log_uuid."', "; - if ($call_uuid) { - $sql .= "'".$call_uuid."', "; - } - $sql .= "'".$headers["X-FusionPBX-Domain-UUID"]."', "; - $sql .= "now(),"; - $sql .= "'".$headers["X-FusionPBX-Email-Type"]."', "; - $sql .= "'failed', "; - $sql .= "'".str_replace("'", "''", $msg)."' "; - $sql .= ") "; - $db->exec(check_sql($sql)); - unset($sql); + //build insert array + $email_log_uuid = uuid(); + $array['email_logs'][0]['email_log_uuid'] = $email_log_uuid; + if (is_uuid($call_uuid)) { + $array['email_logs'][0]['call_uuid'] = $call_uuid; + } + $array['email_logs'][0]['domain_uuid'] = $headers["X-FusionPBX-Domain-UUID"]; + $array['email_logs'][0]['sent_date'] = 'now()'; + $array['email_logs'][0]['type'] = $headers["X-FusionPBX-Email-Type"]; + $array['email_logs'][0]['status'] = 'failed'; + $array['email_logs'][0]['email'] = str_replace("'", "''", $msg); + //grant temporary permissions + $p = new permissions; + $p->add('email_log_add', 'temp'); + //execute insert + $database = new database; + $database->app_name = 'v_mailto'; + $database->app_uuid = 'ba41954e-9d21-4b10-bbc2-fa5ceabeb184'; + $database->save($array); + unset($array); + //revoke temporary permissions + $p = new permissions; + $p->delete('email_log_add', 'temp'); } echo "Retained in v_email_logs as email_log_uuid = ".$email_log_uuid."\n"; @@ -394,31 +398,25 @@ fclose($fp); /* -// save in /tmp as eml file +//save in /tmp as eml file + $fp = fopen(sys_get_temp_dir()."/email.eml", "w"); + ob_end_clean(); + ob_start(); -$fp = fopen(sys_get_temp_dir()."/email.eml", "w"); -ob_end_clean(); -ob_start(); + $sql = "select email from v_email_logs where email_log_uuid = :email_log_uuid "; + $parameters['email_log_uuid'] = $email_log_uuid; + $database = new database; + $email = $database->select($sql, $parameters, 'column'); + echo $email; + unset($sql, $parameters, $email); -$sql = "select email from v_email_logs where email_log_uuid = '".$email_log_uuid."'"; -$prep_statement = $db->prepare($sql); -if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - echo $row["email"]; - break; - } -} -unset($sql, $prep_statement, $result); + $content = ob_get_contents(); //get the output from the buffer + $content = str_replace("
", "", $content); -$content = ob_get_contents(); //get the output from the buffer -$content = str_replace("
", "", $content); - -ob_end_clean(); //clean the buffer - -fwrite($fp, $content); -fclose($fp); + ob_end_clean(); //clean the buffer + fwrite($fp, $content); + fclose($fp); */ -?> + +?> \ No newline at end of file diff --git a/themes/default/app_defaults.php b/themes/default/app_defaults.php index aea43ac5d1..124c1b60e8 100644 --- a/themes/default/app_defaults.php +++ b/themes/default/app_defaults.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2016 + Portions created by the Initial Developer are Copyright (C) 2008-2019 the Initial Developer. All Rights Reserved. Contributor(s): @@ -59,19 +59,17 @@ $sql .= "set default_setting_value = '#fafafa' "; $sql .= "where default_setting_subcategory = 'message_default_color' "; $sql .= "and default_setting_value = '#ccffcc' "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - } + $database = new database; + $database->execute($sql); + unset($sql); + $sql = "update v_default_settings "; $sql .= "set default_setting_value = '#666' "; $sql .= "where default_setting_subcategory = 'message_default_background_color' "; $sql .= "and default_setting_value = '#004200' "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - } - unset($prep_statement, $sql); + $database = new database; + $database->execute($sql); + unset($sql); //replace glyphicon icon with fontawesome icon for default main menu items $queries[] = "update v_menu_items set menu_item_icon = 'fa-home' where menu_item_icon = 'glyphicon-home' "; @@ -91,4 +89,4 @@ } -?> +?> \ No newline at end of file