diff --git a/app/contacts/contact_phone_delete.php b/app/contacts/contact_phone_delete.php index 5f54438eca..718e7fd2be 100644 --- a/app/contacts/contact_phone_delete.php +++ b/app/contacts/contact_phone_delete.php @@ -39,24 +39,26 @@ else { $text = $language->get(); //get the http values and set as variables - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); - $contact_uuid = check_str($_GET["contact_uuid"]); - } + $contact_phone_uuid = $_GET["id"]; + $contact_uuid = $_GET["contact_uuid"]; //delete the record - if (strlen($id) > 0) { - $sql = "delete from v_contact_phones "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and contact_phone_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + if (is_uuid($contact_phone_uuid) && is_uuid($contact_uuid)) { + $array['contact_phones'][0]['contact_phone_uuid'] = $contact_phone_uuid; + $array['contact_phones'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_phones'][0]['contact_uuid'] = $contact_uuid; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); } -//redirect the browser - message::add($text['message-delete']); +//redirect header("Location: contact_edit.php?id=".$contact_uuid); - return; + exit; ?> \ No newline at end of file diff --git a/app/contacts/contact_phone_edit.php b/app/contacts/contact_phone_edit.php index 89d4434088..61d17860e0 100644 --- a/app/contacts/contact_phone_edit.php +++ b/app/contacts/contact_phone_edit.php @@ -44,32 +44,32 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $contact_phone_uuid = check_str($_REQUEST["id"]); + $contact_phone_uuid = $_REQUEST["id"]; } else { $action = "add"; } //get the uuid - if (strlen($_GET["contact_uuid"]) > 0) { - $contact_uuid = check_str($_GET["contact_uuid"]); + if (is_uuid($_GET["contact_uuid"])) { + $contact_uuid = $_GET["contact_uuid"]; } //get http post variables and set them to php variables - if (count($_POST)>0) { - $phone_type_voice = check_str($_POST["phone_type_voice"]); - $phone_type_fax = check_str($_POST["phone_type_fax"]); - $phone_type_video = check_str($_POST["phone_type_video"]); - $phone_type_text = check_str($_POST["phone_type_text"]); - $phone_label = check_str($_POST["phone_label"]); - $phone_label_custom = check_str($_POST["phone_label_custom"]); - $phone_speed_dial = check_str($_POST["phone_speed_dial"]); - $phone_number = check_str($_POST["phone_number"]); - $phone_extension = check_str($_POST["phone_extension"]); - $phone_primary = check_str($_POST["phone_primary"]); - $phone_description = check_str($_POST["phone_description"]); + if (is_array($_POST) && @sizeof($_POST) != 0) { + $phone_type_voice = $_POST["phone_type_voice"]; + $phone_type_fax = $_POST["phone_type_fax"]; + $phone_type_video = $_POST["phone_type_video"]; + $phone_type_text = $_POST["phone_type_text"]; + $phone_label = $_POST["phone_label"]; + $phone_label_custom = $_POST["phone_label_custom"]; + $phone_speed_dial = $_POST["phone_speed_dial"]; + $phone_number = $_POST["phone_number"]; + $phone_extension = $_POST["phone_extension"]; + $phone_primary = $_POST["phone_primary"]; + $phone_description = $_POST["phone_description"]; //remove any phone number formatting $phone_number = preg_replace('{(?!^\+)[\D]}', '', $phone_number); @@ -79,11 +79,11 @@ } //process the form data - if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { + if (is_array($_POST) && @sizeof($_POST) != 0 && strlen($_POST["persistformvar"]) == 0) { //set thge uuid if ($action == "update") { - $contact_phone_uuid = check_str($_POST["contact_phone_uuid"]); + $contact_phone_uuid = $_POST["contact_phone_uuid"]; } //check for all required data @@ -105,100 +105,89 @@ if ($_POST["persistformvar"] != "true") { //update last modified - $sql = "update v_contacts set "; - $sql .= "last_mod_date = now(), "; - $sql .= "last_mod_user = '".$_SESSION['username']."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][0]['contact_uuid'] = $contact_uuid; + $array['contacts'][0]['domain_uuid'] = $domain_uuid; + $array['contacts'][0]['last_mod_date'] = 'now()'; + $array['contacts'][0]['last_mod_user'] = $_SESSION['username']; + + $p = new permissions; + $p->add('contact_edit', 'temp'); + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_edit', 'temp'); //if primary, unmark other primary numbers - if ($phone_primary) { - $sql = "update v_contact_phones set phone_primary = 0 "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); - } + if ($phone_primary) { + $sql = "update v_contact_phones set phone_primary = 0 "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); + } - if ($action == "add") { - $contact_phone_uuid = uuid(); - $sql = "insert into v_contact_phones "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_phone_uuid, "; - $sql .= "phone_type_voice, "; - $sql .= "phone_type_fax, "; - $sql .= "phone_type_video, "; - $sql .= "phone_type_text, "; - $sql .= "phone_label, "; - $sql .= "phone_speed_dial, "; - $sql .= "phone_number, "; - $sql .= "phone_extension, "; - $sql .= "phone_primary, "; - $sql .= "phone_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$domain_uuid."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$contact_phone_uuid."', "; - $sql .= (($phone_type_voice) ? 1 : 'null').", "; - $sql .= (($phone_type_fax) ? 1 : 'null').", "; - $sql .= (($phone_type_video) ? 1 : 'null').", "; - $sql .= (($phone_type_text) ? 1 : 'null').", "; - $sql .= "'".$phone_label."', "; - $sql .= "'".$phone_speed_dial."', "; - $sql .= "'".$phone_number."', "; - $sql .= "'".$phone_extension."', "; - $sql .= (($phone_primary) ? 1 : 0).", "; - $sql .= "'".$phone_description."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + //add the phone + if ($action == "add" && permission_exists('contact_phone_add')) { + $contact_phone_uuid = uuid(); + $array['contact_phones'][0]['contact_phone_uuid'] = $contact_phone_uuid; - message::add($text['message-add']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "add") + message::add($text['message-add']); + } - if ($action == "update") { - $sql = "update v_contact_phones set "; - $sql .= "contact_uuid = '$contact_uuid', "; - $sql .= "phone_type_voice = ".(($phone_type_voice) ? 1 : 'null').", "; - $sql .= "phone_type_fax = ".(($phone_type_fax) ? 1 : 'null').", "; - $sql .= "phone_type_video = ".(($phone_type_video) ? 1 : 'null').", "; - $sql .= "phone_type_text = ".(($phone_type_text) ? 1 : 'null').", "; - $sql .= "phone_label = '".$phone_label."', "; - $sql .= "phone_speed_dial = '".$phone_speed_dial."', "; - $sql .= "phone_number = '".$phone_number."', "; - $sql .= "phone_extension = '".$phone_extension."', "; - $sql .= "phone_primary = ".(($phone_primary) ? 1 : 0).", "; - $sql .= "phone_description = '".$phone_description."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_phone_uuid = '".$contact_phone_uuid."'"; - $db->exec(check_sql($sql)); - unset($sql); + //update the phone + if ($action == "update" && permission_exists('contact_phone_edit')) { + $array['contact_phones'][0]['contact_phone_uuid'] = $contact_phone_uuid; - message::add($text['message-update']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + message::add($text['message-update']); + } + + //execute + if (is_array($array) && @sizeof($array) != 0) { + $array['contact_phones'][0]['contact_uuid'] = $contact_uuid; + $array['contact_phones'][0]['domain_uuid'] = $domain_uuid; + $array['contact_phones'][0]['phone_type_voice'] = $phone_type_voice ? 1 : null; + $array['contact_phones'][0]['phone_type_fax'] = $phone_type_fax ? 1 : null; + $array['contact_phones'][0]['phone_type_video'] = $phone_type_video ? 1 : null; + $array['contact_phones'][0]['phone_type_text'] = $phone_type_text ? 1 : null; + $array['contact_phones'][0]['phone_label'] = $phone_label; + $array['contact_phones'][0]['phone_speed_dial'] = $phone_speed_dial; + $array['contact_phones'][0]['phone_number'] = $phone_number; + $array['contact_phones'][0]['phone_extension'] = $phone_extension; + $array['contact_phones'][0]['phone_primary'] = $phone_primary ? 1 : 0; + $array['contact_phones'][0]['phone_description'] = $phone_description; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + } + + //redirect + header("Location: contact_edit.php?id=".escape($contact_uuid)); + exit; + + } + } //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { $contact_phone_uuid = $_GET["id"]; $sql = "select * from v_contact_phones "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and contact_phone_uuid = '$contact_phone_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_phone_uuid = :contact_phone_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_phone_uuid'] = $contact_phone_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $phone_type_voice = $row["phone_type_voice"]; $phone_type_fax = $row["phone_type_fax"]; $phone_type_video = $row["phone_type_video"]; @@ -210,7 +199,7 @@ $phone_primary = $row["phone_primary"]; $phone_description = $row["phone_description"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header diff --git a/app/contacts/contact_phones.php b/app/contacts/contact_phones.php index 899f45aaee..8f8727d154 100644 --- a/app/contacts/contact_phones.php +++ b/app/contacts/contact_phones.php @@ -40,13 +40,14 @@ //get the contact list $sql = "select * from v_contact_phones "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and contact_uuid = '$contact_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "order by phone_primary desc, phone_label asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $contact_phones = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $contact_phones = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set the row style $c = 0; @@ -89,7 +90,8 @@ } echo "\n"; echo "\n"; - if (is_array($contact_phones)) { + + if (is_array($contact_phones) && @sizeof($contact_phones) != 0) { foreach($contact_phones as $row) { if (permission_exists('contact_phone_edit')) { $tr_link = "href='contact_phone_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_phone_uuid'])."'"; @@ -129,7 +131,7 @@ echo "\n"; $c = ($c) ? 0 : 1; } //end foreach - unset($sql, $contact_phones); + unset($contact_phones, $row); } //end if results echo ""; diff --git a/app/contacts/contact_relation_edit.php b/app/contacts/contact_relation_edit.php index 80b2febc18..d04b3f70c1 100644 --- a/app/contacts/contact_relation_edit.php +++ b/app/contacts/contact_relation_edit.php @@ -110,7 +110,7 @@ else { $p->delete('contact_edit', 'temp'); - //add the setting + //add the relation if ($action == "add" && permission_exists('contact_relation_add')) { $contact_relation_uuid = uuid(); $array['contact_relations'][0]['contact_relation_uuid'] = $contact_relation_uuid; @@ -127,7 +127,7 @@ else { message::add($text['message-add']); } - //update the setting + //update the relation if ($action == "update" && permission_exists('contact_relation_edit')) { $array['contact_relations'][0]['contact_relation_uuid'] = $contact_relation_uuid; @@ -148,7 +148,7 @@ else { unset($array); } - //redirect the browser + //redirect header("Location: contact_edit.php?id=".escape($contact_uuid)); exit; diff --git a/app/contacts/contact_url_edit.php b/app/contacts/contact_url_edit.php index 9c1162c63f..cfe193de10 100644 --- a/app/contacts/contact_url_edit.php +++ b/app/contacts/contact_url_edit.php @@ -108,7 +108,7 @@ else { $p->delete('contact_edit', 'temp'); - //if primary, unmark other primary numbers + //if primary, unmark other primary urls if ($url_primary) { $sql = "update v_contact_urls set url_primary = 0 "; $sql .= "where domain_uuid = :domain_uuid ";