dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Database class integration. Add HTML step attribute to Contact Address lat and lon fields to support decimal values.

This commit is contained in:
Nate 2019-07-27 22:51:01 -06:00
parent 646873287d
commit 30e5310f5e
12 changed files with 489 additions and 572 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

261
app/contacts/app_defaults.php
View File

@ -21,34 +21,41 @@ if ($domains_processed == 1) {
$sql .= "or phone_type = 'voicemail' ";
$sql .= "or phone_type = 'cell' ";
$sql .= "or phone_type = 'pcs' ";
$db->exec(check_sql($sql));
$database = new database;
$database->execute($sql);
unset($sql);
$sql = "update v_contact_phones set phone_type_fax = '1' where phone_type = 'fax'";
$db->exec(check_sql($sql));
$database = new database;
$database->execute($sql);
unset($sql);
$sql = "update v_contact_phones set phone_type_video = '1' where phone_type = 'video'";
$db->exec(check_sql($sql));
$database = new database;
$database->execute($sql);
unset($sql);
$sql = "update v_contact_phones set phone_type_text = '1' where phone_type = 'cell' or phone_type = 'pager'";
$db->exec(check_sql($sql));
$database = new database;
$database->execute($sql);
unset($sql);
// migrate phone_type values to phone_label, correct case and make multilingual where appropriate
$default_phone_types = array('home','work','pref','voice','fax','msg','cell','pager','modem','car','isdn','video','pcs');
$default_phone_labels = array($text['option-home'],$text['option-work'],'Pref','Voice',$text['option-fax'],$text['option-voicemail'],$text['option-mobile'],$text['option-pager'],'Modem','Car','ISDN','Video','PCS');
foreach ($default_phone_types as $index => $old) {
$new = $default_phone_labels[$index];
$sql = "update v_contact_phones set phone_label = '".$new."' where phone_type = '".$old."'";
$db->exec(check_sql($sql));
unset($sql);
$sql = "update v_contact_phones set phone_label = :phone_label where phone_type = :phone_type ";
$parameters['phone_label'] = $default_phone_labels[$index]; //new
$parameters['phone_type'] = $old;
$database = new database;
$database->execute($sql, $parameters);
unset($sql, $parameters);
}
// empty phone_type field to prevent confusion in the future
$sql = "update v_contact_phones set phone_type = null";
$db->exec(check_sql($sql));
$sql = "update v_contact_phones set phone_type is null";
$database = new database;
$database->execute($sql);
unset($sql);
}
unset($obj);
@ -61,53 +68,56 @@ if ($domains_processed == 1) {
$field_exists = $obj->column_exists($db_name, 'v_contacts', 'contact_email'); //check if field exists
if ($field_exists) {
// get email records
$sql = "select * from v_contacts where contact_email is not null and contact_email != ''";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
unset ($prep_statement, $sql);
if ($result_count > 0) {
$sql = "select * from v_contacts where contact_email is not null and contact_email != '' ";
$database = new database;
$result = $database->select($sql);
unset($sql);
if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $row) {
$sql = "insert into v_contact_emails ";
$sql .= "(";
$sql .= "domain_uuid, ";
$sql .= "contact_uuid, ";
$sql .= "contact_email_uuid, ";
$sql .= "email_primary, ";
$sql .= "email_address";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'".$row['domain_uuid']."', ";
$sql .= "'".$row['contact_uuid']."', ";
$sql .= "'".uuid()."', ";
$sql .= "1, ";
$sql .= "'".$row['contact_email']."' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
$array['contact_emails'][0]['contact_email_uuid'] = uuid();
$array['contact_emails'][0]['domain_uuid'] = $row['domain_uuid'];
$array['contact_emails'][0]['contact_uuid'] = $row['contact_uuid'];
$array['contact_emails'][0]['email_primary'] = 1;
$array['contact_emails'][0]['email_address'] = $row['contact_email'];
$p = new permissions;
$p->add('contact_email_add', 'temp');
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->save($array);
unset($array);
$p->delete('contact_email_add', 'temp');
//verify and remove value from old field
$sql2 = "select email_address from v_contact_emails ";
$sql2 .= "where domain_uuid = '".$row['domain_uuid']."' ";
$sql2 .= "and contact_uuid = '".$row['contact_uuid']."' ";
$sql2 .= "and email_address = '".$row['contact_email']."' ";
$prep_statement2 = $db->prepare(check_sql($sql2));
$prep_statement2->execute();
$result2 = $prep_statement2->fetchAll(PDO::FETCH_NAMED);
$result_count2 = count($result2);
if ($result_count2 > 0) {
$sql3 = "update v_contacts set contact_email = '' ";
$sql3 .= "where domain_uuid = '".$row['domain_uuid']."' ";
$sql3 .= "and contact_uuid = '".$row['contact_uuid']."' ";
$prep_statement3 = $db->prepare(check_sql($sql3));
$prep_statement3->execute();
unset($sql3, $prep_statement3);
$sql = "select email_address from v_contact_emails ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$sql .= "and email_address = :email_address ";
$parameters['domain_uuid'] = $row['domain_uuid'];
$parameters['contact_uuid'] = $row['contact_uuid'];
$parameters['email_address'] = $row['contact_email'];
$database = new database;
$result_2 = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
if (is_array($result_2) && @sizeof($result_2) != 0) {
$sql = "update v_contacts set contact_email = null ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$parameters['domain_uuid'] = $row['domain_uuid'];
$parameters['contact_uuid'] = $row['contact_uuid'];
$database = new database;
$database->execute($sql, $parameters);
unset($sql, $parameters);
}
unset($sql2, $result2, $prep_statement2);
unset($result_2);
}
}
unset($result, $row);
}
unset($obj);
@ -120,52 +130,55 @@ if ($domains_processed == 1) {
if ($field_exists) {
// get email records
$sql = "select * from v_contacts where contact_url is not null and contact_url != ''";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
unset ($prep_statement, $sql);
if ($result_count > 0) {
$database = new database;
$result = $database->select($sql);
unset($sql);
if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $row) {
$sql = "insert into v_contact_urls ";
$sql .= "(";
$sql .= "domain_uuid, ";
$sql .= "contact_uuid, ";
$sql .= "contact_url_uuid, ";
$sql .= "url_primary, ";
$sql .= "url_address";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'".$row['domain_uuid']."', ";
$sql .= "'".$row['contact_uuid']."', ";
$sql .= "'".uuid()."', ";
$sql .= "1, ";
$sql .= "'".$row['contact_url']."' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
$array['contact_urls'][0]['contact_url_uuid'] = uuid();
$array['contact_urls'][0]['domain_uuid'] = $row['domain_uuid'];
$array['contact_urls'][0]['contact_uuid'] = $row['contact_uuid'];
$array['contact_urls'][0]['url_primary'] = 1;
$array['contact_urls'][0]['url_address'] = $row['contact_url'];
$p = new permissions;
$p->add('contact_url_add', 'temp');
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->save($array);
unset($array);
$p->delete('contact_url_add', 'temp');
//verify and remove value from old field
$sql2 = "select url_address from v_contact_urls ";
$sql2 .= "where domain_uuid = '".$row['domain_uuid']."' ";
$sql2 .= "and contact_uuid = '".$row['contact_uuid']."' ";
$sql2 .= "and url_address = '".$row['contact_url']."' ";
$prep_statement2 = $db->prepare(check_sql($sql2));
$prep_statement2->execute();
$result2 = $prep_statement2->fetchAll(PDO::FETCH_NAMED);
$result_count2 = count($result2);
if ($result_count2 > 0) {
$sql3 = "update v_contacts set contact_url = '' ";
$sql3 .= "where domain_uuid = '".$row['domain_uuid']."' ";
$sql3 .= "and contact_uuid = '".$row['contact_uuid']."' ";
$prep_statement3 = $db->prepare(check_sql($sql3));
$prep_statement3->execute();
unset($sql3, $prep_statement3);
$sql = "select url_address from v_contact_urls ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$sql .= "and url_address = :url_address ";
$parameters['domain_uuid'] = $row['domain_uuid'];
$parameters['contact_uuid'] = $row['contact_uuid'];
$parameters['url_address'] = $row['contact_url'];
$database = new database;
$result_2 = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
if (is_array($result_2) && @sizeof($result_2) != 0) {
$sql = "update v_contacts set contact_url = '' ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$parameters['domain_uuid'] = $row['domain_uuid'];
$parameters['contact_uuid'] = $row['contact_uuid'];
$database = new database;
$database->execute($sql, $parameters);
unset($sql, $parameters);
}
unset($sql2, $result2, $prep_statement2);
unset($result_2);
}
}
unset($result, $row);
}
unset($obj);
@ -175,44 +188,48 @@ if ($domains_processed == 1) {
foreach ($name_tables as $name_index => $name_table) {
$sql = "update v_contact_".$name_table." set ".$name_fields[$name_index]."_primary = 0 ";
$sql .= "where ".$name_fields[$name_index]."_primary is null ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($sql, $prep_statement);
$database = new database;
$database->execute($sql);
unset($sql);
}
unset($name_tables, $name_fields);
unset($name_tables, $name_fields, $name_index, $name_table);
//move the users from the contact groups table into the contact users table
$sql = "select * from v_contact_groups ";
$sql .= "where group_uuid in (select user_uuid from v_users) ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$sql = "insert into v_contact_users ";
$sql .= "( ";
$sql .= "contact_user_uuid, ";
$sql .= "domain_uuid, ";
$sql .= "contact_uuid, ";
$sql .= "user_uuid ";
$sql .= ") ";
$sql .= "values ";
$sql .= "( ";
$sql .= "'".uuid()."', ";
$sql .= "'".$row["domain_uuid"]."', ";
$sql .= "'".$row["contact_uuid"]."', ";
$sql .= "'".$row["group_uuid"]."' ";
$sql .= ");";
//echo $sql."\n";
$db->exec($sql);
unset($sql);
$database = new database;
$result = $database->select($sql, null, 'all');
if (is_array($result) && @sizeof($result) != 0) {
foreach ($result as &$row) {
$p = new permissions;
$p->add('contact_user_add', 'temp');
$p->add('contact_group_delete', 'temp');
$array['contact_users'][0]['contact_user_uuid'] = uuid();
$array['contact_users'][0]['domain_uuid'] = $row["domain_uuid"];
$array['contact_users'][0]['contact_uuid'] = $row["contact_uuid"];
$array['contact_users'][0]['user_uuid'] = $row["group_uuid"];
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->save($array);
unset($array);
$array['contact_groups'][0]['contact_group_uuid'] = $row["contact_group_uuid"];
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->delete($array);
unset($array);
$p->delete('contact_user_add', 'temp');
$p->delete('contact_group_delete', 'temp');
}
$sql = "delete from v_contact_groups ";
$sql .= "where contact_group_uuid = '".$row["contact_group_uuid"]."';";
//echo $sql."\n";
$db->exec($sql);
unset($sql);
}
unset ($prep_statement);
unset($sql, $result, $row);
}

25
app/contacts/contact_address_delete.php
View File

@ -39,23 +39,24 @@ else {
$text = $language->get();
//get the http values and set as variables
if (count($_GET) > 0) {
$id = check_str($_GET["id"]);
$contact_uuid = check_str($_GET["contact_uuid"]);
}
$contact_address_uuid = $_GET["id"];
$contact_uuid = $_GET["contact_uuid"];
//delete the record
if (strlen($id) > 0) {
$sql = "delete from v_contact_addresses ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_address_uuid = '$id' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($sql);
if (is_uuid($contact_address_uuid) && is_uuid($contact_uuid)) {
$array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid;
$array['contact_addresses'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->delete($array);
unset($array);
message::add($text['message-delete']);
}
//redirect the browser
message::add($text['message-delete']);
header("Location: contact_edit.php?id=".$contact_uuid);
return;

206
app/contacts/contact_address_edit.php
View File

@ -40,38 +40,38 @@ else {
$text = $language->get();
//action add or update
if (isset($_REQUEST["id"])) {
if (is_uuid($_REQUEST["id"])) {
$action = "update";
$contact_address_uuid = check_str($_REQUEST["id"]);
$contact_address_uuid = $_REQUEST["id"];
}
else {
$action = "add";
}
//get the contact uuid
if (strlen($_GET["contact_uuid"]) > 0) {
$contact_uuid = check_str($_GET["contact_uuid"]);
if (is_uuid($_GET["contact_uuid"])) {
$contact_uuid = $_GET["contact_uuid"];
}
//get http post variables and set them to php variables
if (count($_POST)>0) {
$address_type = check_str($_POST["address_type"]);
$address_label = check_str($_POST["address_label"]);
$address_label_custom = check_str($_POST["address_label_custom"]);
$address_street = check_str($_POST["address_street"]);
$address_extended = check_str($_POST["address_extended"]);
$address_community = check_str($_POST["address_community"]);
$address_locality = check_str($_POST["address_locality"]);
$address_region = check_str($_POST["address_region"]);
$address_postal_code = check_str($_POST["address_postal_code"]);
$address_country = check_str($_POST["address_country"]);
$address_latitude = check_str($_POST["address_latitude"]);
$address_longitude = check_str($_POST["address_longitude"]);
$address_primary = check_str($_POST["address_primary"]);
$address_description = check_str($_POST["address_description"]);
$address_type = $_POST["address_type"];
$address_label = $_POST["address_label"];
$address_label_custom = $_POST["address_label_custom"];
$address_street = $_POST["address_street"];
$address_extended = $_POST["address_extended"];
$address_community = $_POST["address_community"];
$address_locality = $_POST["address_locality"];
$address_region = $_POST["address_region"];
$address_postal_code = $_POST["address_postal_code"];
$address_country = $_POST["address_country"];
$address_latitude = $_POST["address_latitude"];
$address_longitude = $_POST["address_longitude"];
$address_primary = $_POST["address_primary"];
$address_description = $_POST["address_description"];
//use custom label if set
$address_label = ($address_label_custom != '') ? $address_label_custom : $address_label;
$address_label = $address_label_custom != '' ? $address_label_custom : $address_label;
}
//process the form data
@ -79,7 +79,7 @@ else {
//set the uuid
if ($action == "update") {
$contact_address_uuid = check_str($_POST["contact_address_uuid"]);
$contact_address_uuid = $_POST["contact_address_uuid"];
}
//check for all required data
@ -101,109 +101,88 @@ else {
if ($_POST["persistformvar"] != "true") {
//update last modified
$sql = "update v_contacts set ";
$sql .= "last_mod_date = now(), ";
$sql .= "last_mod_user = '".$_SESSION['username']."' ";
$sql .= "where domain_uuid = '".$domain_uuid."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$db->exec(check_sql($sql));
unset($sql);
$array['contacts'][0]['contact_uuid'] = $contact_uuid;
$array['contacts'][0]['domain_uuid'] = $domain_uuid;
$array['contacts'][0]['last_mod_date'] = 'now()';
$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
//if primary, unmark other primary numbers
if ($address_primary) {
$sql = "update v_contact_addresses set address_primary = 0 ";
$sql .= "where domain_uuid = '".$domain_uuid."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$db->exec(check_sql($sql));
unset($sql);
}
$p = new permissions;
$p->add('contact_edit', 'temp');
if ($action == "add") {
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->save($array);
unset($array);
$p->delete('contact_edit', 'temp');
//if primary, unmark other primary addresses
if ($email_primary) {
$sql = "update v_contact_addresses set address_primary = 0 ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$parameters['domain_uuid'] = $domain_uuid;
$parameters['contact_uuid'] = $contact_uuid;
$database = new database;
$database->execute($sql, $parameters);
unset($sql, $parameters);
}
if ($action == "add" && permission_exists('contact_address_add')) {
$contact_address_uuid = uuid();
$sql = "insert into v_contact_addresses ";
$sql .= "(";
$sql .= "domain_uuid, ";
$sql .= "contact_uuid, ";
$sql .= "contact_address_uuid, ";
$sql .= "address_type, ";
$sql .= "address_label, ";
$sql .= "address_street, ";
$sql .= "address_extended, ";
$sql .= "address_community, ";
$sql .= "address_locality, ";
$sql .= "address_region, ";
$sql .= "address_postal_code, ";
$sql .= "address_country, ";
$sql .= "address_latitude, ";
$sql .= "address_longitude, ";
$sql .= "address_primary, ";
$sql .= "address_description ";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'".$_SESSION['domain_uuid']."', ";
$sql .= "'".$contact_uuid."', ";
$sql .= "'".$contact_address_uuid."', ";
$sql .= "'".$address_type."', ";
$sql .= "'".$address_label."', ";
$sql .= "'".$address_street."', ";
$sql .= "'".$address_extended."', ";
$sql .= "'".$address_community."', ";
$sql .= "'".$address_locality."', ";
$sql .= "'".$address_region."', ";
$sql .= "'".$address_postal_code."', ";
$sql .= "'".$address_country."', ";
$sql .= "'".$address_latitude."', ";
$sql .= "'".$address_longitude."', ";
$sql .= (($address_primary) ? 1 : 0).", ";
$sql .= "'".$address_description."' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
$array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid;
message::add($text['message-add']);
header("Location: contact_edit.php?id=".$contact_uuid);
return;
} //if ($action == "add")
}
if ($action == "update") {
$sql = "update v_contact_addresses set ";
$sql .= "contact_uuid = '".$contact_uuid."', ";
$sql .= "address_type = '".$address_type."', ";
$sql .= "address_label = '".$address_label."', ";
$sql .= "address_street = '".$address_street."', ";
$sql .= "address_extended = '".$address_extended."', ";
$sql .= "address_community = '".$address_community."', ";
$sql .= "address_locality = '".$address_locality."', ";
$sql .= "address_region = '".$address_region."', ";
$sql .= "address_postal_code = '".$address_postal_code."', ";
$sql .= "address_country = '".$address_country."', ";
$sql .= "address_latitude = '".$address_latitude."', ";
$sql .= "address_longitude = '".$address_longitude."', ";
$sql .= "address_primary = ".(($address_primary) ? 1 : 0).", ";
$sql .= "address_description = '".$address_description."' ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_address_uuid = '".$contact_address_uuid."'";
$db->exec(check_sql($sql));
unset($sql);
if ($action == "update" && permission_exists('contact_address_edit')) {
$array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid;
message::add($text['message-update']);
header("Location: contact_edit.php?id=".$contact_uuid);
return;
} //if ($action == "update")
} //if ($_POST["persistformvar"] != "true")
} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
}
if (is_array($array) && @sizeof($array) != 0) {
$array['contact_addresses'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
$array['contact_addresses'][0]['contact_uuid'] = $contact_uuid;
$array['contact_addresses'][0]['address_type'] = $address_type;
$array['contact_addresses'][0]['address_label'] = $address_label;
$array['contact_addresses'][0]['address_street'] = $address_street;
$array['contact_addresses'][0]['address_extended'] = $address_extended;
$array['contact_addresses'][0]['address_community'] = $address_community;
$array['contact_addresses'][0]['address_locality'] = $address_locality;
$array['contact_addresses'][0]['address_region'] = $address_region;
$array['contact_addresses'][0]['address_postal_code'] = $address_postal_code;
$array['contact_addresses'][0]['address_country'] = $address_country;
$array['contact_addresses'][0]['address_latitude'] = $address_latitude;
$array['contact_addresses'][0]['address_longitude'] = $address_longitude;
$array['contact_addresses'][0]['address_primary'] = $address_primary ? 1 : 0;
$array['contact_addresses'][0]['address_description'] = $address_description;
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->save($array);
unset($array);
}
header("Location: contact_edit.php?id=".$contact_uuid);
exit;
}
}
//pre-populate the form
if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
$contact_address_uuid = $_GET["id"];
$sql = "select * from v_contact_addresses ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_address_uuid = '$contact_address_uuid' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_address_uuid = :contact_address_uuid ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['contact_address_uuid'] = $contact_address_uuid;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && @sizeof($row) != 0) {
$address_type = $row["address_type"];
$address_label = $row["address_label"];
$address_street = $row["address_street"];
@ -217,9 +196,8 @@ else {
$address_longitude = $row["address_longitude"];
$address_primary = $row["address_primary"];
$address_description = $row["address_description"];
break; //limit to 1 row
}
unset ($prep_statement);
unset($sql, $parameters, $row);
}
//show the header
@ -404,7 +382,7 @@ else {
echo " ".$text['label-address_latitude']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='number' name='address_latitude' maxlength='255' min='-90' max='90' value=\"".escape($address_latitude)."\">\n";
echo " <input class='formfld' type='number' name='address_latitude' maxlength='255' min='-90' max='90' step='0.0000001' value=\"".escape($address_latitude)."\">\n";
echo "<br />\n";
echo $text['description-address_latitude']."\n";
echo "</td>\n";
@ -415,7 +393,7 @@ else {
echo " ".$text['label-address_longitude']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <input class='formfld' type='number' name='address_longitude' maxlength='255' min='-180' max='180' value=\"".escape($address_longitude)."\">\n";
echo " <input class='formfld' type='number' name='address_longitude' maxlength='255' min='-180' max='180' step='0.0000001' value=\"".escape($address_longitude)."\">\n";
echo "<br />\n";
echo $text['description-address_longitude']."\n";
echo "</td>\n";

22
app/contacts/contact_addresses.php
View File

@ -48,14 +48,14 @@
//get the contact list
$sql = "select * from v_contact_addresses ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '$contact_uuid' ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$sql .= "order by address_primary desc, address_label asc ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
unset ($prep_statement, $sql);
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['contact_uuid'] = $contact_uuid;
$database = new database;
$result = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
$c = 0;
$row_style["0"] = "row_style0";
@ -77,7 +77,7 @@
echo "</td>\n";
echo "</tr>\n";
if ($result_count > 0) {
if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $row) {
$map_query = escape($row['address_street'])." ".escape($row['address_extended']).", ".escape($row['address_locality']).", ".escape($row['address_region']).", ".escape($row['address_region']).", ".escape($row['address_postal_code']);
if (permission_exists('contact_address_edit')) {
@ -102,9 +102,9 @@
echo " </td>\n";
echo "</tr>\n";
$c = ($c) ? 0 : 1;
} //end foreach
unset($sql, $result, $row_count);
} //end if results
}
unset($result, $row);
}
echo "</table>";

13
app/contacts/contact_attachment.php
View File

@ -40,12 +40,13 @@
if (is_uuid($contact_attachment_uuid)) {
$sql = "select attachment_filename, attachment_content from v_contact_attachments ";
$sql .= "where contact_attachment_uuid = '".$contact_attachment_uuid."' ";
$sql .= "and (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$attachment = $prep_statement->fetch(PDO::FETCH_NAMED);
unset ($prep_statement, $sql);
$sql .= "where contact_attachment_uuid = :contact_attachment_uuid ";
$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
$parameters['contact_attachment_uuid'] = $contact_attachment_uuid;
$parameters['domain_uuid'] = $domain_uuid;
$database = new database;
$attachment = $database->select($sql, $parameters, 'row');
unset($sql, $parameters);
$attachment_type = strtolower(pathinfo($attachment['attachment_filename'], PATHINFO_EXTENSION));

31
app/contacts/contact_attachment_delete.php
View File

@ -39,25 +39,26 @@
$text = $language->get();
//get the http values and set as variables
if (count($_GET) > 0) {
$id = check_str($_GET["id"]);
$contact_uuid = check_str($_GET["contact_uuid"]);
}
$contact_attachment_uuid = $_GET["id"];
$contact_uuid = $_GET["contact_uuid"];
//delete the record
if (is_uuid($id)) {
$sql = "delete from v_contact_attachments ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and contact_attachment_uuid = :contact_attachment_uuid ";
$bind[':contact_attachment_uuid'] = $id;
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute(is_array($bind) ? $bind : null);
unset($sql);
if (is_uuid($contact_attachment_uuid) && is_uuid($contact_uuid)) {
$array['contact_attachments'][0]['contact_attachment_uuid'] = $contact_attachment_uuid;
$array['contact_attachments'][0]['domain_uuid'] = $domain_uuid;
$array['contact_attachments'][0]['contact_uuid'] = $contact_uuid;
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->delete($array);
unset($array);
message::add($text['message-delete']);
}
//redirect the browser
message::add($text['message-delete']);
//redirect
header("Location: contact_edit.php?id=".$contact_uuid);
return;
exit;
?>

44
app/contacts/contact_attachment_edit.php
View File

@ -57,8 +57,8 @@
if (is_array($_POST) && sizeof($_POST) != 0) {
$attachment = $_FILES['attachment'];
$attachment_primary = check_str($_POST['attachment_primary']);
$attachment_description = check_str($_POST['attachment_description']);
$attachment_primary = $_POST['attachment_primary'];
$attachment_description = $_POST['attachment_description'];
if (!is_array($attachment) || sizeof($attachment) == 0) {
$attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION));
@ -68,12 +68,18 @@
}
//unflag others as primary
$allowed_primary_attachment = false;
if ($attachment_primary && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) {
$sql = "update v_contact_attachments set attachment_primary = 0 ";
$sql .= "where domain_uuid = '".$domain_uuid."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$db->exec(check_sql($sql));
unset($sql);
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$parameters['domain_uuid'] = $domain_uuid;
$parameters['contact_uuid'] = $contact_uuid;
$database = new database;
$database->execute($sql, $parameters);
unset($sql, $parameters);
$allowed_primary_attachment = true;
}
//format array
@ -81,7 +87,7 @@
$array['contact_attachments'][$index]['contact_attachment_uuid'] = $action == 'update' ? $contact_attachment_uuid : uuid();
$array['contact_attachments'][$index]['domain_uuid'] = $_SESSION['domain_uuid'];
$array['contact_attachments'][$index]['contact_uuid'] = $contact_uuid;
$array['contact_attachments'][$index]['attachment_primary'] = $attachment_primary == '1' && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') ? 1 : 0;
$array['contact_attachments'][$index]['attachment_primary'] = $allowed_primary_attachment ? 1 : 0;
if ($attachment['error'] == '0' && in_array(strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)), $allowed_extensions)) {
$array['contact_attachments'][$index]['attachment_filename'] = $attachment['name'];
$array['contact_attachments'][$index]['attachment_content'] = base64_encode(file_get_contents($attachment['tmp_name']));
@ -96,8 +102,8 @@
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->uuid($contact_attachment_uuid);
$database->save($array);
unset($array);
//redirect
message::add($text['message-message_'.($action == 'update' ? 'updated' : 'added')]);
@ -109,17 +115,19 @@
//get form data
if (is_array($_GET) && sizeof($_GET) != 0) {
$sql = "select * from v_contact_attachments ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_attachment_uuid = :contact_attachment_uuid ";
$bind[':contact_attachment_uuid'] = $contact_attachment_uuid;
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute(is_array($bind) ? $bind : null);
$row = $prep_statement->fetch(PDO::FETCH_NAMED);
$attachment_primary = $row["attachment_primary"];
$attachment_filename = $row["attachment_filename"];
$attachment_content = $row["attachment_content"];
$attachment_description = $row["attachment_description"];
unset($sql, $bind, $prep_statement, $row);
$parameters['domain_uuid'] = $domain_uuid;
$parameters['contact_attachment_uuid'] = $contact_attachment_uuid;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && @sizeof($row) != 0) {
$attachment_primary = $row["attachment_primary"];
$attachment_filename = $row["attachment_filename"];
$attachment_content = $row["attachment_content"];
$attachment_description = $row["attachment_description"];
}
unset($sql, $parameters, $row);
}
//show the header

17
app/contacts/contact_attachments.php
View File

@ -36,13 +36,14 @@
//get the contact attachment list
$sql = "select *, length(decode(attachment_content,'base64')) as attachment_size from v_contact_attachments ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and contact_uuid = '$contact_uuid' ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$sql .= "order by attachment_primary desc, attachment_filename asc ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$contact_attachments = $prep_statement->fetchAll(PDO::FETCH_NAMED);
unset ($prep_statement, $sql);
$parameters['domain_uuid'] = $domain_uuid;
$parameters['contact_uuid'] = $contact_uuid;
$database = new database;
$contact_attachments = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
//set the row style
$c = 0;
@ -82,7 +83,7 @@
}
echo "</td>\n";
echo "</tr>\n";
if (is_array($contact_attachments)) {
if (is_array($contact_attachments) && @sizeof($contact_attachments) != 0) {
foreach($contact_attachments as $row) {
if (permission_exists('contact_attachment_edit')) {
$tr_link = "href='contact_attachment_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_attachment_uuid'])."'";
@ -110,8 +111,8 @@
echo "</tr>\n";
$c = $c ?: 1;
}
unset($sql, $contact_attachments);
}
unset($contact_attachments, $row);
echo "</table>";

1
app/contacts/contact_auth.php
View File

@ -110,6 +110,7 @@ if ($_SESSION['contact_auth']['source'] == 'google') {
}
else {
message::add($text['message-access_denied'], 'negative');
header("Location: ".$_SESSION['contact_auth']['referer']);
unset($_SESSION['contact_auth']);

130
app/contacts/contact_delete.php
View File

@ -40,109 +40,61 @@ if (!$included) {
$language = new text;
$text = $language->get();
if (count($_GET)>0) {
$contact_uuid = check_str($_GET["id"]);
}
$contact_uuid = $_GET["id"];
}
if (is_uuid($contact_uuid)) {
//delete addresses
$sql = "delete from v_contact_addresses ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = :contact_uuid ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//delete phones
$sql = "delete from v_contact_phones ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//specify tables
$tables[] = 'contact_addresses';
$tables[] = 'contact_attachments';
$tables[] = 'contact_emails';
$tables[] = 'contact_groups';
$tables[] = 'contact_notes';
$tables[] = 'contact_phones';
$tables[] = 'contact_relations';
$tables[] = 'contact_settings';
$tables[] = 'contact_times';
$tables[] = 'contact_urls';
$tables[] = 'contact_users';
$tables[] = 'contacts';
//delete emails
$sql = "delete from v_contact_emails ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//create array from tables
foreach ($tables as $table) {
$array[$table][0]['contact_uuid'] = $contact_uuid;
$array[$table][0]['domain_uuid'] = $_SESSION['domain_uuid'];
}
//delete urls
$sql = "delete from v_contact_urls ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//include reciprocal relationships
$array['contact_relations'][1]['relation_contact_uuid'] = $contact_uuid;
$array['contact_relations'][1]['domain_uuid'] = $_SESSION['domain_uuid'];
//delete notes
$sql = "delete from v_contact_notes ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//grant temp permissions
$p = new permissions;
$database = new database;
foreach ($tables as $table) {
$p->add($database->singular($table).'_delete', 'temp');
}
//delete relations
$sql = "delete from v_contact_relations ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and ";
$sql .= "( ";
$sql .= " contact_uuid = '".$contact_uuid."' ";
$sql .= " or relation_contact_uuid = '".$contact_uuid."' ";
$sql .= ") ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//execute
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->delete($array);
unset($array);
//delete settings
$sql = "delete from v_contact_settings ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//revoke temp permissions
foreach ($tables as $table) {
$p->delete($database->singular($table).'_delete', 'temp');
}
//delete attachments
$sql = "delete from v_contact_attachments ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//delete contact users
$sql = "delete from v_contact_users ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//delete contact groups
$sql = "delete from v_contact_groups ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//delete a contact
$sql = "delete from v_contacts ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
unset($prep_statement, $sql);
//set message
message::add($text['message-delete']);
}
if (!$included) {
message::add($text['message-delete']);
header("Location: contacts.php");
return;
exit;
}
?>

310
app/contacts/contact_edit.php
View File

@ -43,9 +43,9 @@
$text = $language->get();
//action add or update
if (isset($_REQUEST["id"])) {
if (is_uuid($_REQUEST["id"])) {
$action = "update";
$contact_uuid = check_str($_REQUEST["id"]);
$contact_uuid = $_REQUEST["id"];
}
else {
$action = "add";
@ -53,21 +53,21 @@
//get http post variables and set them to php variables
if (count($_POST) > 0) {
$user_uuid = check_str($_POST["user_uuid"]);
$user_uuid = $_POST["user_uuid"];
$group_uuid = $_POST['group_uuid'];
$contact_type = check_str($_POST["contact_type"]);
$contact_organization = check_str($_POST["contact_organization"]);
$contact_name_prefix = check_str($_POST["contact_name_prefix"]);
$contact_name_given = check_str($_POST["contact_name_given"]);
$contact_name_middle = check_str($_POST["contact_name_middle"]);
$contact_name_family = check_str($_POST["contact_name_family"]);
$contact_name_suffix = check_str($_POST["contact_name_suffix"]);
$contact_nickname = check_str($_POST["contact_nickname"]);
$contact_title = check_str($_POST["contact_title"]);
$contact_category = check_str($_POST["contact_category"]);
$contact_role = check_str($_POST["contact_role"]);
$contact_time_zone = check_str($_POST["contact_time_zone"]);
$contact_note = check_str($_POST["contact_note"]);
$contact_type = $_POST["contact_type"];
$contact_organization = $_POST["contact_organization"];
$contact_name_prefix = $_POST["contact_name_prefix"];
$contact_name_given = $_POST["contact_name_given"];
$contact_name_middle = $_POST["contact_name_middle"];
$contact_name_family = $_POST["contact_name_family"];
$contact_name_suffix = $_POST["contact_name_suffix"];
$contact_nickname = $_POST["contact_nickname"];
$contact_title = $_POST["contact_title"];
$contact_category = $_POST["contact_category"];
$contact_role = $_POST["contact_role"];
$contact_time_zone = $_POST["contact_time_zone"];
$contact_note = $_POST["contact_note"];
}
//process the form data
@ -75,7 +75,7 @@
//set the uuid
if ($action == "update") {
$contact_uuid = check_str($_POST["contact_uuid"]);
$contact_uuid = $_POST["contact_uuid"];
}
//check for all required data
@ -111,79 +111,41 @@
//add the contact
if ($action == "add" && permission_exists('contact_add')) {
$contact_uuid = uuid();
$sql = "insert into v_contacts ";
$sql .= "( ";
$sql .= "domain_uuid, ";
$sql .= "contact_uuid, ";
$sql .= "contact_type, ";
$sql .= "contact_organization, ";
$sql .= "contact_name_prefix, ";
$sql .= "contact_name_given, ";
$sql .= "contact_name_middle, ";
$sql .= "contact_name_family, ";
$sql .= "contact_name_suffix, ";
$sql .= "contact_nickname, ";
$sql .= "contact_title, ";
$sql .= "contact_category, ";
$sql .= "contact_role, ";
$sql .= "contact_time_zone, ";
$sql .= "contact_note, ";
$sql .= "last_mod_date, ";
$sql .= "last_mod_user ";
$sql .= ") ";
$sql .= "values ";
$sql .= "( ";
$sql .= "'".$_SESSION['domain_uuid']."', ";
$sql .= "'".$contact_uuid."', ";
$sql .= "'".$contact_type."', ";
$sql .= "'".$contact_organization."', ";
$sql .= "'".$contact_name_prefix."', ";
$sql .= "'".$contact_name_given."', ";
$sql .= "'".$contact_name_middle."', ";
$sql .= "'".$contact_name_family."', ";
$sql .= "'".$contact_name_suffix."', ";
$sql .= "'".$contact_nickname."', ";
$sql .= "'".$contact_title."', ";
$sql .= "'".$contact_category."', ";
$sql .= "'".$contact_role."', ";
$sql .= "'".$contact_time_zone."', ";
$sql .= "'".$contact_note."', ";
$sql .= "now(), ";
$sql .= "'".$_SESSION['username']."' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
$array['contacts'][0]['contact_uuid'] = $contact_uuid;
message::add($text['message-add']);
$location = "contact_edit.php?id=".$contact_uuid;
} //if ($action == "add")
}
//update the contact
if ($action == "update" && permission_exists('contact_edit')) {
$sql = "update v_contacts set ";
$sql .= "contact_type = '".$contact_type."', ";
$sql .= "contact_organization = '".$contact_organization."', ";
$sql .= "contact_name_prefix = '".$contact_name_prefix."', ";
$sql .= "contact_name_given = '".$contact_name_given."', ";
$sql .= "contact_name_middle = '".$contact_name_middle."', ";
$sql .= "contact_name_family = '".$contact_name_family."', ";
$sql .= "contact_name_suffix = '".$contact_name_suffix."', ";
$sql .= "contact_nickname = '".$contact_nickname."', ";
$sql .= "contact_title = '".$contact_title."', ";
$sql .= "contact_category = '".$contact_category."', ";
$sql .= "contact_role = '".$contact_role."', ";
$sql .= "contact_time_zone = '".$contact_time_zone."', ";
$sql .= "contact_note = '".$contact_note."', ";
$sql .= "last_mod_date = now(), ";
$sql .= "last_mod_user = '".$_SESSION['username']."' ";
$sql .= "where domain_uuid = '".$domain_uuid."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$db->exec(check_sql($sql));
unset($sql);
$array['contacts'][0]['contact_uuid'] = $contact_uuid;
message::add($text['message-update']);
$location = "contact_edit.php?id=".escape($contact_uuid);
} //if ($action == "update")
}
//create array
if (is_array($array) && @sizeof($array) != 0) {
$array['contacts'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
$array['contacts'][0]['contact_type'] = $contact_type;
$array['contacts'][0]['contact_organization'] = $contact_organization;
$array['contacts'][0]['contact_name_prefix'] = $contact_name_prefix;
$array['contacts'][0]['contact_name_given'] = $contact_name_given;
$array['contacts'][0]['contact_name_middle'] = $contact_name_middle;
$array['contacts'][0]['contact_name_family'] = $contact_name_family;
$array['contacts'][0]['contact_name_suffix'] = $contact_name_suffix;
$array['contacts'][0]['contact_nickname'] = $contact_nickname;
$array['contacts'][0]['contact_title'] = $contact_title;
$array['contacts'][0]['contact_category'] = $contact_category;
$array['contacts'][0]['contact_role'] = $contact_role;
$array['contacts'][0]['contact_time_zone'] = $contact_time_zone;
$array['contacts'][0]['contact_note'] = $contact_note;
$array['contacts'][0]['last_mod_date'] = 'now()';
$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
$p = new permissions;
}
//assign the contact to the user that added the contact
if ($action == "add" && !permission_exists('contact_user_add')) {
@ -191,50 +153,37 @@
}
//add user to contact users table
if ($user_uuid != '') {
if (is_uuid($user_uuid) && (permission_exists('contact_user_add') || $action == "add")) {
$contact_user_uuid = uuid();
$sql = "insert into v_contact_users ";
$sql .= "(";
$sql .= "domain_uuid, ";
$sql .= "contact_user_uuid, ";
$sql .= "contact_uuid, ";
$sql .= "user_uuid ";
$sql .= ") ";
$sql .= "values ";
$sql .= "(";
$sql .= "'$domain_uuid', ";
$sql .= "'$contact_user_uuid', ";
$sql .= "'$contact_uuid', ";
$sql .= "'$user_uuid' ";
$sql .= ")";
if (permission_exists('contact_user_add')) {
$db->exec(check_sql($sql));
}
elseif ($action == "add") {
//add the contact to the user that created it
$db->exec(check_sql($sql));
}
unset($sql);
$array['contact_users'][0]['domain_uuid'] = $domain_uuid;
$array['contact_users'][0]['contact_user_uuid'] = $contact_user_uuid;
$array['contact_users'][0]['contact_uuid'] = $contact_uuid;
$array['contact_users'][0]['user_uuid'] = $user_uuid;
$p->add('contact_user_add', 'temp');
}
//assign the contact to the group
if ($group_uuid != '' && permission_exists('contact_group_add')) {
$sql = "insert into v_contact_groups ";
$sql .= "( ";
$sql .= "contact_group_uuid, ";
$sql .= "domain_uuid, ";
$sql .= "contact_uuid, ";
$sql .= "group_uuid ";
$sql .= ") ";
$sql .= "values ";
$sql .= "( ";
$sql .= "'".uuid()."', ";
$sql .= "'".$domain_uuid."', ";
$sql .= "'".$contact_uuid."', ";
$sql .= "'".$group_uuid."' ";
$sql .= ") ";
$db->exec(check_sql($sql));
unset($sql);
if (is_uuid($group_uuid) && permission_exists('contact_group_add')) {
$contact_group_uuid = uuid();
$array['contact_group'][0]['contact_group_uuid'] = $contact_group_uuid;
$array['contact_group'][0]['domain_uuid'] = $domain_uuid;
$array['contact_group'][0]['contact_uuid'] = $contact_uuid;
$array['contact_group'][0]['group_uuid'] = $group_uuid;
$p->add('contact_group_add', 'temp');
}
//execute
if (is_array($array) && @sizeof($array) != 0) {
$database = new database;
$database->app_name = 'contacts';
$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
$database->save($array);
unset($array);
$p->delete('contact_user_add', 'temp');
$p->delete('contact_group_add', 'temp');
}
//handle redirect
@ -244,21 +193,22 @@
//redirect the browser
header("Location: ".$location);
return;
exit;
} //if ($_POST["persistformvar"] != "true")
} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
}
}
//pre-populate the form
if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
$contact_uuid = $_GET["id"];
$sql = "select * from v_contacts ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and contact_uuid = '$contact_uuid' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['contact_uuid'] = $contact_uuid;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && @sizeof($row) != 0) {
$contact_type = $row["contact_type"];
$contact_organization = $row["contact_organization"];
$contact_name_prefix = $row["contact_name_prefix"];
@ -273,17 +223,17 @@
$contact_time_zone = $row["contact_time_zone"];
$contact_note = $row["contact_note"];
}
unset ($prep_statement, $sql);
unset($sql, $parameters, $row);
}
//get the users array
$sql = "SELECT * FROM v_users ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql = "select * from v_users ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "order by username asc ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
unset($prep_statement, $sql);
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$users = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
//determine if contact assigned to a user
if (is_array($users) && sizeof($users) != 0) {
@ -296,16 +246,17 @@
}
//get the users assigned to this contact
$sql = "SELECT u.username, u.user_uuid, a.contact_user_uuid FROM v_contacts as c, v_users as u, v_contact_users as a ";
$sql .= "where c.contact_uuid = '".$contact_uuid."' ";
$sql .= "and c.domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql = "select u.username, u.user_uuid, a.contact_user_uuid from v_contacts as c, v_users as u, v_contact_users as a ";
$sql .= "where c.contact_uuid = :contact_uuid ";
$sql .= "and c.domain_uuid = :domain_uuid ";
$sql .= "and u.user_uuid = a.user_uuid ";
$sql .= "and c.contact_uuid = a.contact_uuid ";
$sql .= "order by u.username asc ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$contact_users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
unset($prep_statement, $sql);
$parameters['contact_uuid'] = $contact_uuid;
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$contact_users = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
//show the header
require_once "resources/header.php";
@ -390,8 +341,8 @@
echo "<tr>\n";
echo "<td valign='top' align='left' width='30%' nowrap='nowrap'><b>";
switch ($action) {
case "add" : echo $text['header-contact-add']; break;
case "update" : echo $text['header-contact-edit']; break;
case "add": echo $text['header-contact-add']; break;
case "update": echo $text['header-contact-edit']; break;
}
echo "</b></td>\n";
echo "<td valign='top' width='70%' align='right'>\n";
@ -402,20 +353,19 @@
$sql = "select ";
$sql .= "time_start ";
$sql .= "from v_contact_times ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "and user_uuid = '".$_SESSION['user']['user_uuid']."' ";
$sql .= "and contact_uuid = '".$contact_uuid."' ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and contact_uuid = :contact_uuid ";
$sql .= "and time_start is not null ";
$sql .= "and time_stop is null ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetch(PDO::FETCH_NAMED);
if ($result['time_start'] != '') {
$time_start = $result['time_start'];
$btn_mod = "style='background-color: #3693df; background-image: none;'";
}
unset ($sql, $prep_statement, $result);
echo " <input type='button' class='btn' ".$btn_mod." alt='".$text['button-timer']."' ".(($time_start != '') ? "title='".escape($time_start)."'" : null)." onclick=\"window.open('contact_timer.php?domain_uuid=".escape($domain_uuid)."&contact_uuid=".escape($contact_uuid)."','contact_time_".escape($contact_uuid)."','width=300, height=375, top=30, left='+(screen.width - 350)+', menubar=no, scrollbars=no, status=no, toolbar=no, resizable=no');\" value='".$text['button-timer']."'>\n";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['user_uuid'] = $_SESSION['user']['user_uuid'];
$parameters['contact_uuid'] = $contact_uuid;
$database = new database;
$time_start = $database->select($sql, $parameters, 'column');
$btn_mod = $time_start != '' ? "style='background-color: #3693df; background-image: none;'" : null;
unset($sql, $parameters);
echo " <input type='button' class='btn' ".$btn_mod." alt='".$text['button-timer']."' ".($time_start != '' ? "title='".escape($time_start)."'" : null)." onclick=\"window.open('contact_timer.php?domain_uuid=".escape($domain_uuid)."&contact_uuid=".escape($contact_uuid)."','contact_time_".escape($contact_uuid)."','width=300, height=375, top=30, left='+(screen.width - 350)+', menubar=no, scrollbars=no, status=no, toolbar=no, resizable=no');\" value='".$text['button-timer']."'>\n";
}
echo " <input type='button' class='btn' name='' alt='".$text['button-qr_code']."' onclick=\"$('#qr_code_container').fadeIn(400);\" value='".$text['button-qr_code']."'>\n";
echo " <input type='button' class='btn' name='' alt='".$text['button-vcard']."' onclick=\"window.location='contacts_vcard.php?id=".escape($contact_uuid)."&type=download'\" value='".$text['button-vcard']."'>\n";
@ -686,15 +636,16 @@
$sql .= "v_contact_groups as cg ";
$sql .= "where ";
$sql .= "cg.group_uuid = g.group_uuid ";
$sql .= "and cg.domain_uuid = '".$domain_uuid."' ";
$sql .= "and cg.contact_uuid = '".$contact_uuid."' ";
$sql .= "and cg.group_uuid <> '".$_SESSION["user_uuid"]."' ";
$sql .= "and cg.domain_uuid = :domain_uuid ";
$sql .= "and cg.contact_uuid = :contact_uuid ";
$sql .= "and cg.group_uuid <> :group_uuid ";
$sql .= "order by g.group_name asc ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
if ($result_count > 0) {
$parameters['domain_uuid'] = $domain_uuid;
$parameters['contact_uuid'] = $contact_uuid;
$parameters['group_uuid'] = $_SESSION["user_uuid"];
$database = new database;
$result = $database->select($sql, $parameters, 'all');
if (is_array($result) && @sizeof($result) != 0) {
echo " <table width='52%'>\n";
foreach($result as $field) {
if (strlen($field['group_name']) > 0) {
@ -712,21 +663,28 @@
echo " </table>\n";
echo " <br />\n";
}
unset($sql, $prep_statement, $result, $field);
unset($sql, $parameters, $result, $field);
if (permission_exists('contact_group_add') || if_group("superadmin")) {
$sql = "select * from v_groups ";
$sql .= "where domain_uuid = '".$domain_uuid."' ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "or domain_uuid is null ";
if (sizeof($assigned_groups) > 0) {
$sql .= "and group_uuid not in ('".implode("','",$assigned_groups)."') ";
if (is_array($assigned_groups) && @sizeof($assigned_groups) != 0) {
foreach ($assigned_groups as $index => $assigned_group) {
$sql_where_and[] = "group_uuid <> :group_uuid_".$index." ";
$parameters['group_uuid_'.$index] = $assigned_group;
}
if (is_array($sql_where_and) && @sizeof($sql_where_and) != 0) {
$sql .= "and ".implode(' and ', $sql_where_and)." ";
}
}
$sql .= "order by group_name asc ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
$result_count = count($result);
if ($result_count > 0) {
$parameters['domain_uuid'] = $domain_uuid;
$database = new database;
$result = $database->select($sql, $parameters, 'all');
unset($sql, $sql_where_and, $index, $parameters, $assigned_groups, $assigned_group);
if (is_array($result) && @sizeof($result) != 0) {
echo " <select name='group_uuid' class='formfld' style='width: auto; margin-right: 3px;'>\n";
echo " <option value=''></option>\n";
foreach($result as $field) {
@ -741,7 +699,7 @@
}
echo "<br>";
}
unset($sql, $prep_statement, $result, $field);
unset($result, $field);
}
echo " ".$text['description-groups']."\n";

1
app/contacts/contact_email_delete.php
View File

@ -42,7 +42,6 @@ $contact_email_uuid = $_GET["id"];
$contact_uuid = $_GET["contact_uuid"];
if (is_uuid($contact_email_uuid) && is_uuid($contact_uuid)) {
$array['contact_emails'][0]['contact_email_uuid'] = $contact_email_uuid;
$array['contact_emails'][0]['domain_uuid'] = $_SESSION['domain_uuid'];