From 1e0e0dbc4e7244180f4e9d488dc544e298cb639b Mon Sep 17 00:00:00 2001 From: Nate Date: Fri, 9 Aug 2019 09:57:13 -0600 Subject: [PATCH] Messages: Database class integration. --- app/messages/app_defaults.php | 6 +- app/messages/index.php | 96 ++++++++++++++---------------- app/messages/message_delete.php | 42 ++++++++----- app/messages/message_edit.php | 87 +++++++++++---------------- app/messages/message_media.php | 19 +++--- app/messages/message_send.php | 57 ++++++++---------- app/messages/messages.php | 30 +++++----- app/messages/messages_contacts.php | 86 +++++++++++++------------- app/messages/messages_log.php | 93 ++++++++++++----------------- app/messages/messages_thread.php | 75 +++++++++++++---------- 10 files changed, 290 insertions(+), 301 deletions(-) diff --git a/app/messages/app_defaults.php b/app/messages/app_defaults.php index 8031dafca1..178a83add5 100644 --- a/app/messages/app_defaults.php +++ b/app/messages/app_defaults.php @@ -33,7 +33,8 @@ if ($domains_processed == 1) { $sql .= "where default_setting_category = 'message' "; $sql .= "and default_setting_subcategory = 'http_auth_password' "; $sql .= "and default_setting_name = 'array' "; - $db->exec($sql); + $database = new database; + $database->execute($sql); unset($sql); //update domain settings @@ -42,7 +43,8 @@ if ($domains_processed == 1) { $sql .= "where domain_setting_category = 'message' "; $sql .= "and domain_setting_subcategory = 'http_auth_password' "; $sql .= "and domain_setting_name = 'array' "; - $db->exec($sql); + $database = new database; + $database->execute($sql); unset($sql); } diff --git a/app/messages/index.php b/app/messages/index.php index abf8768396..c5f6ae24b8 100644 --- a/app/messages/index.php +++ b/app/messages/index.php @@ -29,43 +29,40 @@ require_once "resources/require.php"; //default authorized to false - $authorized = 'false'; + $authorized = false; //get the user settings $sql = "select user_uuid, domain_uuid from v_user_settings "; $sql .= "where user_setting_category = 'message' "; $sql .= "and user_setting_subcategory = 'key' "; - $sql .= "and user_setting_value = :key "; + $sql .= "and user_setting_value = :user_setting_value "; $sql .= "and user_setting_enabled = 'true' "; - $prep_statement = $db->prepare($sql); - $prep_statement->bindParam(':key', $_GET['key']); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); - if (is_uuid($row['user_uuid'])) { - $domain_uuid = $row['domain_uuid']; - $user_uuid = $row['user_uuid']; - $authorized = 'true'; - } + $parameters['user_setting_value'] = $_GET['key']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0 && is_uuid($row['user_uuid'])) { + $domain_uuid = $row['domain_uuid']; + $user_uuid = $row['user_uuid']; + $authorized = true; } //authorization failed - if ($authorized == 'false') { + if (!$authorized) { //log the failed auth attempt to the system, to be available for fail2ban. - openlog('FusionPBX', LOG_NDELAY, LOG_AUTH); - syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$_GET['key']); - closelog(); + openlog('FusionPBX', LOG_NDELAY, LOG_AUTH); + syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] authentication failed for ".$_GET['key']); + closelog(); //send http 404 - header("HTTP/1.0 404 Not Found"); - echo "\n"; - echo "404 Not Found\n"; - echo "\n"; - echo "

404 Not Found

\n"; - echo "
nginx/1.12.1
\n"; - echo "\n"; - echo "\n"; - exit(); + header("HTTP/1.0 404 Not Found"); + echo "\n"; + echo "404 Not Found\n"; + echo "\n"; + echo "

404 Not Found

\n"; + echo "
nginx/1.12.1
\n"; + echo "\n"; + echo "\n"; + exit(); } //get the raw input data @@ -81,18 +78,13 @@ $sql = "select c.contact_uuid "; $sql .= "from v_contacts as c, v_contact_phones as p "; $sql .= "where p.contact_uuid = c.contact_uuid "; - //$sql .= "and p.phone_number = :phone_number "; - $sql .= "and p.phone_number = '".$phone_number."' "; - $sql .= "and c.domain_uuid = '".$domain_uuid."' "; - $prep_statement = $db->prepare($sql); - //$prep_statement->bindParam(':phone_number', $phone_number); - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); - $contact_uuid = $row['contact_uuid']; - //$contact_name_given = $row['contact_name_given']; - //$contact_name_family = $row['contact_name_family']; - //$contact_organization = $row['contact_organization']; - + $sql .= "and p.phone_number = :phone_number "; + $sql .= "and c.domain_uuid = :domain_uuid "; + $parameters['phone_number'] = $phone_number; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $contact_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //build message array $message_uuid = uuid(); @@ -109,6 +101,10 @@ $array['messages'][0]['message_text'] = $message['text']; $array['messages'][0]['message_json'] = $json; +//add the required permission + $p = new permissions; + $p->add("message_add", "temp"); + //build message media array (if necessary) if (is_array($message['media'])) { foreach($message['media'] as $index => $media_url) { @@ -123,18 +119,14 @@ $array['message_media'][$index]['message_media_content'] = base64_encode(file_get_contents($media_url)); } } - } -//add the required permission - $p = new permissions; - $p->add("message_add", "temp"); - $p->add("message_media_add", "temp"); + $p->add("message_media_add", "temp"); + } //save message to the database $database = new database; $database->app_name = 'messages'; $database->app_uuid = '4a20815d-042c-47c8-85df-085333e79b87'; - $database->uuid($message_uuid); $database->save($array); $result = $database->message; @@ -147,14 +139,17 @@ //get the list of extensions using the user_uuid $sql = "select * from v_domains as d, v_extensions as e "; - $sql .= "where extension_uuid in (select extension_uuid from v_extension_users where user_uuid = '".$user_uuid."') "; + $sql .= "where extension_uuid in ( "; + $sql .= " select extension_uuid "; + $sql .= " from v_extension_users "; + $sql .= " where user_uuid = :user_uuid "; + $sql .= ") "; $sql .= "and e.domain_uuid = d.domain_uuid "; $sql .= "and e.enabled = 'true' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $extensions = $prep_statement->fetchall(PDO::FETCH_NAMED); - } + $parameters['user_uuid'] = $user_uuid; + $database = new database; + $extensions = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //create the event socket connection if (is_array($extensions)) { @@ -162,7 +157,7 @@ } //send the sip message - if (is_array($extensions)) { + if (is_array($extensions) && @sizeof($extensions) != 0) { foreach ($extensions as $row) { $domain_name = $row['domain_name']; $extension = $row['extension']; @@ -176,6 +171,7 @@ $response = event_socket_request($fp, "api log notice ".$command); } } + unset($extensions, $row); //set the file //$file = '/tmp/sms.txt'; diff --git a/app/messages/message_delete.php b/app/messages/message_delete.php index c92efc11bd..5b74951270 100644 --- a/app/messages/message_delete.php +++ b/app/messages/message_delete.php @@ -27,31 +27,43 @@ //includes require_once "root.php"; require_once "resources/require.php"; + require_once "resources/check_auth.php"; + +//check permissions + if (!permission_exists('message_delete')) { + echo "access denied"; + exit; + } //add multi-lingual support $language = new text; $text = $language->get(); +//get the id + $message_uuids = $_REQUEST['messages']; + //delete the message - message::add($text['message-delete']); - -//delete the data - if (isset($_GET["id"]) && is_uuid($_GET["id"]) && permission_exists('message_delete')) { - - //get the id - $id = check_str($_GET["id"]); + if (is_array($message_uuids) && @sizeof($message_uuids) != 0) { //delete message - $sql = "delete from v_messages "; - $sql .= "where message_uuid = '$id' "; - $sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + foreach ($message_uuids as $index => $message_uuid) { + $array['messages'][$index]['message_uuid'] = $message_uuid; + $array['messages'][$index]['domain_uuid'] = $domain_uuid; + } + + $database = new database; + $database->app_name = 'messages'; + $database->app_uuid = '4a20815d-042c-47c8-85df-085333e79b87'; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); - //redirect the user - header('Location: messages_log.php'); } +//redirect the user + header('Location: messages_log.php'); + exit; ?> \ No newline at end of file diff --git a/app/messages/message_edit.php b/app/messages/message_edit.php index 20ff959360..5b50b523a2 100644 --- a/app/messages/message_edit.php +++ b/app/messages/message_edit.php @@ -43,10 +43,9 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $message_uuid = check_str($_REQUEST["id"]); - $id = check_str($_REQUEST["id"]); + $message_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -54,18 +53,18 @@ //get http post variables and set them to php variables if (is_array($_POST)) { - $message_uuid = check_str($_POST["message_uuid"]); - //$user_uuid = check_str($_POST["user_uuid"]); - $message_type = check_str($_POST["message_type"]); - $message_direction = check_str($_POST["message_direction"]); - $message_date = check_str($_POST["message_date"]); - $message_from = check_str($_POST["message_from"]); - $message_to = check_str($_POST["message_to"]); - $message_text = check_str($_POST["message_text"]); - $message_media_type = check_str($_POST["message_media_type"]); - $message_media_url = check_str($_POST["message_media_url"]); - $message_media_content = check_str($_POST["message_media_content"]); - $message_json = check_str($_POST["message_json"]); + $message_uuid = $_POST["message_uuid"]; + //$user_uuid = $_POST["user_uuid"]; + $message_type = $_POST["message_type"]; + $message_direction = $_POST["message_direction"]; + $message_date = $_POST["message_date"]; + $message_from = $_POST["message_from"]; + $message_to = $_POST["message_to"]; + $message_text = $_POST["message_text"]; + $message_media_type = $_POST["message_media_type"]; + $message_media_url = $_POST["message_media_url"]; + $message_media_content = $_POST["message_media_content"]; + $message_json = $_POST["message_json"]; } //process the user data and save it to the database @@ -73,7 +72,7 @@ //get the uuid from the POST if ($action == "update") { - $message_uuid = check_str($_POST["message_uuid"]); + $message_uuid = $_POST["message_uuid"]; } //check for all required data @@ -106,7 +105,7 @@ $_POST["domain_uuid"] = $_SESSION["domain_uuid"]; //add the message_uuid - if (strlen($_POST["message_uuid"]) == 0) { + if (!is_uuid($_POST["message_uuid"])) { $message_uuid = uuid(); $_POST["message_uuid"] = $message_uuid; } @@ -117,18 +116,8 @@ //save to the data $database = new database; $database->app_name = 'messages'; - $database->app_uuid = null; - if (strlen($message_uuid) > 0) { - $database->uuid($message_uuid); - } + $database->app_uuid = '4a20815d-042c-47c8-85df-085333e79b87'; $database->save($array); - $message = $database->message; - - //debug info - //echo "
";
-			//print_r($message);
-			//echo "
"; - //exit; //redirect the user if (isset($action)) { @@ -139,20 +128,19 @@ message::add($text['message-update']); } header('Location: message_edit.php?id='.$message_uuid); - return; + exit; } - } //(is_array($_POST) && strlen($_POST["persistformvar"]) == 0) + } //pre-populate the form if (is_array($_GET) && $_POST["persistformvar"] != "true") { - $message_uuid = check_str($_GET["id"]); + $message_uuid = $_GET["id"]; $sql = "select * from v_messages "; - $sql .= "where message_uuid = '$message_uuid' "; - //$sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where message_uuid = :message_uuid "; + $parameters['message_uuid'] = $message_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $user_uuid = $row["user_uuid"]; $message_type = $row["message_type"]; $message_direction = $row["message_direction"]; @@ -165,28 +153,21 @@ $message_media_content = $row["message_media_content"]; $message_json = $row["message_json"]; } - unset ($prep_statement); + unset($sql, $parameters); } //show the header require_once "resources/header.php"; -//get the extensions - $sql = "select * from v_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and user_enabled = 'true' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $users = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); - //get the users - $sql = "SELECT user_uuid, username FROM v_users "; - $sql .= "WHERE domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "ORDER by username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $users = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql = "select user_uuid, username from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and user_enabled = 'true' "; + $sql .= "order by username asc "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $users = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //show the content echo "
\n"; diff --git a/app/messages/message_media.php b/app/messages/message_media.php index c41b4076e0..2304eb3595 100644 --- a/app/messages/message_media.php +++ b/app/messages/message_media.php @@ -40,16 +40,19 @@ //get media if (is_uuid($message_media_uuid)) { - $sql = "select message_media_type, message_media_url, message_media_content from v_message_media "; - $sql .= "where message_media_uuid = '".$message_media_uuid."' "; + $sql = "select message_media_type, message_media_url, message_media_content "; + $sql .= "from v_message_media "; + $sql .= "where message_media_uuid = :message_media_uuid "; if (is_uuid($_SESSION['user_uuid'])) { - $sql .= "and user_uuid = '".$_SESSION['user_uuid']."' "; + $sql .= "and user_uuid = :user_uuid "; + $parameters['user_uuid'] = $_SESSION['user_uuid']; } - $sql .= "and (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $media = $prep_statement->fetch(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; + $parameters['message_media_uuid'] = $message_media_uuid; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $media = $database->select($sql, $parameters, 'row'); + unset($sql, $parameters); switch (strtolower($media['message_media_type'])) { case 'jpg': diff --git a/app/messages/message_send.php b/app/messages/message_send.php index 02a7476b17..d3e8d2f1e6 100644 --- a/app/messages/message_send.php +++ b/app/messages/message_send.php @@ -57,9 +57,9 @@ //get http post variables and set them to php variables if (is_array($_POST)) { - $message_from = check_str($_POST["message_from"]); - $message_to = check_str($_POST["message_to"]); - $message_text = check_str($_POST["message_text"]); + $message_from = $_POST["message_from"]; + $message_to = $_POST["message_to"]; + $message_text = $_POST["message_text"]; $message_media = $_FILES["message_media"]; } @@ -77,10 +77,8 @@ exit; } - - // handle media (if any) - if (is_array($message_media) && sizeof($message_media) != 0) { + if (is_array($message_media) && @sizeof($message_media) != 0) { // reorganize media array, ignore errored files $f = 0; foreach ($message_media['error'] as $index => $error) { @@ -96,22 +94,19 @@ $message_media = $tmp_media; unset($tmp_media, $f); } - $message_type = is_array($message_media) && sizeof($message_media) != 0 ? 'mms' : 'sms'; - + $message_type = is_array($message_media) && @sizeof($message_media) != 0 ? 'mms' : 'sms'; //get the contact uuid - //$sql = "SELECT trim(c.contact_name_given || ' ' || c.contact_name_family || ' (' || c.contact_organization || ')') AS name, p.phone_number AS number "; - $sql = "SELECT c.contact_uuid "; - $sql .= "FROM v_contacts as c, v_contact_phones as p "; - $sql .= "WHERE p.contact_uuid = c.contact_uuid "; - //$sql .= "and p.phone_number = :phone_number "; - $sql .= "and p.phone_number like '%".$phone_number."%' "; - $sql .= "and c.domain_uuid = '".$domain_uuid."' "; - $prep_statement = $db->prepare($sql); - //$prep_statement->bindParam(':phone_number', $phone_number); - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); - $contact_uuid = $row['contact_uuid']; + $sql = "select c.contact_uuid "; + $sql .= "from v_contacts as c, v_contact_phones as p "; + $sql .= "where p.contact_uuid = c.contact_uuid "; + $sql .= "and p.phone_number like :phone_number "; + $sql .= "and c.domain_uuid = :domain_uuid "; + $parameters['phone_number'] = '%'.$phone_number.'%'; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $contact_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //build the message array $message_uuid = uuid(); @@ -127,7 +122,8 @@ $array['messages'][0]['message_text'] = $message_text; //build message media array (if necessary) - if (is_array($message_media)) { + $p = new permissions; + if (is_array($message_media) && @sizeof($message_media) != 0) { foreach($message_media as $index => $media) { $array['message_media'][$index]['message_media_uuid'] = $media['uuid']; $array['message_media'][$index]['message_uuid'] = $message_uuid; @@ -137,19 +133,19 @@ $array['message_media'][$index]['message_media_url'] = $media['name']; $array['message_media'][$index]['message_media_content'] = base64_encode(file_get_contents($media['tmp_name'])); } + + $p->add('message_media_add', 'temp'); } //save to the data $database = new database; $database->app_name = 'messages'; - $database->app_uuid = null; - $database->uuid($message_uuid); + $database->app_uuid = '4a20815d-042c-47c8-85df-085333e79b87'; $database->save($array); - $message = $database->message; - unset($array, $message); + unset($array); - //debug info - //echo "
".print_r($message, true)."
"; exit; + //remove any temporary permissions + $p->delete('message_media_add', 'temp'); //santize the from $message_from = preg_replace('{[\D]}', '', $message_from); @@ -157,12 +153,11 @@ //prepare message to send $message['to'] = $message_to; $message['text'] = $message_text; - if (is_array($message_media) && sizeof($message_media) != 0) { + if (is_array($message_media) && @sizeof($message_media) != 0) { $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? 'https://' : 'http://'; foreach ($message_media as $index => $media) { $path = $protocol.$_SERVER['HTTP_HOST'].'/app/messages/message_media.php?id='.$media['uuid'].'&action=download&.'.strtolower(pathinfo($media['name'], PATHINFO_EXTENSION)); $message['media'][] = $path; - //echo $path."

"; } } $http_content = json_encode($message); @@ -185,11 +180,9 @@ $headers[] = "Authorization: Basic ".base64_encode($http_auth_user.':'.$http_auth_password); } $response = http_request($http_destination, $http_method, $headers, $http_content); - //echo $http_content."

".$response; //redirect the user - //$_SESSION["message"] = $text['message-sent']; return true; - } //(is_array($_POST) && strlen($_POST["persistformvar"]) == 0) + } ?> \ No newline at end of file diff --git a/app/messages/messages.php b/app/messages/messages.php index c90e5e9f84..b6d80535c0 100644 --- a/app/messages/messages.php +++ b/app/messages/messages.php @@ -41,31 +41,33 @@ //get (from) destinations $sql = "select destination_number from v_destinations "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and destination_type_text = 1 "; $sql .= "and destination_enabled = 'true' "; $sql .= "order by destination_number asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $rows = $prep_statement->fetchAll(PDO::FETCH_NAMED); - //view_array($rows); - if (is_array($rows) && sizeof($rows)) { + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $rows = $database->select($sql, $parameters, 'all'); + if (is_array($rows) && @sizeof($rows)) { foreach ($rows as $row) { $destinations[] = $row['destination_number']; } } - unset ($prep_statement, $sql, $row, $record); + unset($sql, $parameters, $rows, $row); //get self (primary contact attachment) image if (!is_array($_SESSION['tmp']['messages']['contact_me'])) { - $sql = "select attachment_filename as filename, attachment_content as image from v_contact_attachments "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$_SESSION['user']['contact_uuid']."' "; + $sql = "select attachment_filename as filename, attachment_content as image "; + $sql .= "from v_contact_attachments "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "and attachment_primary = 1 "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $_SESSION['tmp']['messages']['contact_me'] = $prep_statement->fetch(PDO::FETCH_NAMED); - unset ($sql, $bind, $prep_statement); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_uuid'] = $_SESSION['user']['contact_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + $_SESSION['tmp']['messages']['contact_me'] = $row; + unset($sql, $parameters, $row); } //additional includes diff --git a/app/messages/messages_contacts.php b/app/messages/messages_contacts.php index 0327aef302..04dd6118bc 100644 --- a/app/messages/messages_contacts.php +++ b/app/messages/messages_contacts.php @@ -47,27 +47,30 @@ $array = explode(' ',$_SESSION['message']['display_last']['text']); if (is_array($array) && is_numeric($array[0]) && $array[0] > 0) { if ($array[1] == 'messages') { - $limit = "limit ".$array[0]." offset 0 "; + $limit = limit_offset($array[0], 0); } else { - $since = "and message_date >= '".date("Y-m-d H:i:s", strtotime('-'.$_SESSION['message']['display_last']['text']))."' "; + $since = "and message_date >= :message_date "; + $parameters['message_date'] = date("Y-m-d H:i:s", strtotime('-'.$_SESSION['message']['display_last']['text'])); } } } - if ($limit == '' && $since == '') { $limit = "limit 25 offset 0"; } //default (message count) - $sql = "select message_direction, message_from, message_to, contact_uuid from v_messages "; - $sql .= "where user_uuid = '".$_SESSION['user_uuid']."' "; - $sql .= "and (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; + if ($limit == '' && $since == '') { $limit = limit_offset(25, 0); } //default (message count) + $sql = "select message_direction, message_from, message_to, contact_uuid "; + $sql .= "from v_messages "; + $sql .= "where user_uuid = :user_uuid "; + $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; $sql .= $since; $sql .= "order by message_date desc "; $sql .= $limit; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $messages = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $parameters['user_uuid'] = $_SESSION['user_uuid']; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $messages = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //parse out numbers - if (is_array($messages) && sizeof($messages) != 0) { + if (is_array($messages) && @sizeof($messages) != 0) { $numbers = []; foreach($messages as $message) { $number_from = preg_replace('{[\D]}', '', $message['message_from']); @@ -85,6 +88,7 @@ unset($number_from, $number_to); } } + unset($messages, $message); //get contact details, if uuid available if (is_array($contact) && sizeof($contact) != 0) { @@ -93,18 +97,19 @@ $sql = "select c.contact_name_given, c.contact_name_family, "; $sql .= "(select ce.email_address from v_contact_emails as ce where ce.contact_uuid = c.contact_uuid and ce.email_primary = 1) as contact_email "; $sql .= "from v_contacts as c "; - $sql .= "where c.contact_uuid = '".$field['contact_uuid']."' "; - $sql .= "and (c.domain_uuid = '".$domain_uuid."' or c.domain_uuid is null) "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); - if (is_array($row) && sizeof($row) != 0) { + $sql .= "where c.contact_uuid = :contact_uuid "; + $sql .= "and (c.domain_uuid = :domain_uuid or c.domain_uuid is null) "; + $parameters['contact_uuid'] = $field['contact_uuid']; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $contact[$number]['contact_uuid'] = $field['contact_uuid']; $contact[$number]['contact_name_given'] = $row['contact_name_given']; $contact[$number]['contact_name_family'] = $row['contact_name_family']; $contact[$number]['contact_email'] = $row['contact_email']; } - unset($prep_statement, $sql); + unset($sql, $parameters, $row); } else { unset($contact[$number]); @@ -114,51 +119,52 @@ //get destinations and remove from numbers array $sql = "select destination_number from v_destinations "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and destination_enabled = 'true' "; $sql .= "order by destination_number asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $rows = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (is_array($rows) && sizeof($rows)) { + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $rows = $database->select($sql, $parameters, 'all'); + if (is_array($rows) && @sizeof($rows)) { foreach ($rows as $row) { $destinations[] = $row['destination_number']; } } - unset ($prep_statement, $sql, $row, $record); + unset($sql, $parameters, $rows, $row); $numbers = array_diff($numbers, $destinations); //get contact (primary attachment) images and cache them - if (is_array($numbers) && sizeof($numbers) != 0) { + if (is_array($numbers) && @sizeof($numbers) != 0) { foreach ($numbers as $number) { $contact_uuids[] = $contact[$number]['contact_uuid']; } - if (is_array($contact_uuids) && sizeof($contact_uuids) != 0) { - $sql = "select contact_uuid as uuid, attachment_filename as filename, attachment_content as image from v_contact_attachments "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and ( 0 = 1 "; - foreach ($contact_uuids as $contact_uuid) { - $sql .= "or contact_uuid = '".$contact_uuid."' "; + if (is_array($contact_uuids) && @sizeof($contact_uuids) != 0) { + $sql = "select contact_uuid as uuid, attachment_filename as filename, attachment_content as image "; + $sql .= "from v_contact_attachments "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and ("; + foreach ($contact_uuids as $index => $contact_uuid) { + $sql_where[] = "contact_uuid = :contact_uuid_".$index; + $parameters['contact_uuid_'.$index] = $contact_uuid; } + $sql .= implode(' or ', $sql_where); $sql .= ") "; $sql .= "and attachment_primary = 1 "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $contact_ems = $prep_statement->fetchAll(PDO::FETCH_NAMED); - - if (is_array($contact_ems) && sizeof($contact_ems) != 0) { + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $contact_ems = $database->select($sql, $parameters, 'all'); + if (is_array($contact_ems) && @sizeof($contact_ems) != 0) { foreach ($contact_ems as $contact_em) { $_SESSION['tmp']['messages']['contact_em'][$contact_em['uuid']]['filename'] = $contact_em['filename']; $_SESSION['tmp']['messages']['contact_em'][$contact_em['uuid']]['image'] = $contact_em['image']; } } - } - unset($sql, $prep_statement, $contact_uuids, $contact_ems, $contact_em); + unset($sql, $sql_where, $parameters, $contact_uuids, $contact_ems, $contact_em); } //contacts list - if (is_array($numbers) && sizeof($numbers) != 0) { + if (is_array($numbers) && @sizeof($numbers) != 0) { echo "\n"; foreach($numbers as $number) { if ($current_contact != '' && $number == $current_contact) { @@ -206,7 +212,7 @@ echo "