diff --git a/app/contacts/app_defaults.php b/app/contacts/app_defaults.php index 16d0eb5fcd..4d87492e89 100644 --- a/app/contacts/app_defaults.php +++ b/app/contacts/app_defaults.php @@ -21,34 +21,41 @@ if ($domains_processed == 1) { $sql .= "or phone_type = 'voicemail' "; $sql .= "or phone_type = 'cell' "; $sql .= "or phone_type = 'pcs' "; - $db->exec(check_sql($sql)); + $database = new database; + $database->execute($sql); unset($sql); $sql = "update v_contact_phones set phone_type_fax = '1' where phone_type = 'fax'"; - $db->exec(check_sql($sql)); + $database = new database; + $database->execute($sql); unset($sql); $sql = "update v_contact_phones set phone_type_video = '1' where phone_type = 'video'"; - $db->exec(check_sql($sql)); + $database = new database; + $database->execute($sql); unset($sql); $sql = "update v_contact_phones set phone_type_text = '1' where phone_type = 'cell' or phone_type = 'pager'"; - $db->exec(check_sql($sql)); + $database = new database; + $database->execute($sql); unset($sql); // migrate phone_type values to phone_label, correct case and make multilingual where appropriate $default_phone_types = array('home','work','pref','voice','fax','msg','cell','pager','modem','car','isdn','video','pcs'); $default_phone_labels = array($text['option-home'],$text['option-work'],'Pref','Voice',$text['option-fax'],$text['option-voicemail'],$text['option-mobile'],$text['option-pager'],'Modem','Car','ISDN','Video','PCS'); foreach ($default_phone_types as $index => $old) { - $new = $default_phone_labels[$index]; - $sql = "update v_contact_phones set phone_label = '".$new."' where phone_type = '".$old."'"; - $db->exec(check_sql($sql)); - unset($sql); + $sql = "update v_contact_phones set phone_label = :phone_label where phone_type = :phone_type "; + $parameters['phone_label'] = $default_phone_labels[$index]; //new + $parameters['phone_type'] = $old; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); } // empty phone_type field to prevent confusion in the future - $sql = "update v_contact_phones set phone_type = null"; - $db->exec(check_sql($sql)); + $sql = "update v_contact_phones set phone_type is null"; + $database = new database; + $database->execute($sql); unset($sql); } unset($obj); @@ -61,53 +68,56 @@ if ($domains_processed == 1) { $field_exists = $obj->column_exists($db_name, 'v_contacts', 'contact_email'); //check if field exists if ($field_exists) { // get email records - $sql = "select * from v_contacts where contact_email is not null and contact_email != ''"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); - if ($result_count > 0) { + $sql = "select * from v_contacts where contact_email is not null and contact_email != '' "; + $database = new database; + $result = $database->select($sql); + unset($sql); + + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { - $sql = "insert into v_contact_emails "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_email_uuid, "; - $sql .= "email_primary, "; - $sql .= "email_address"; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$row['domain_uuid']."', "; - $sql .= "'".$row['contact_uuid']."', "; - $sql .= "'".uuid()."', "; - $sql .= "1, "; - $sql .= "'".$row['contact_email']."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_emails'][0]['contact_email_uuid'] = uuid(); + $array['contact_emails'][0]['domain_uuid'] = $row['domain_uuid']; + $array['contact_emails'][0]['contact_uuid'] = $row['contact_uuid']; + $array['contact_emails'][0]['email_primary'] = 1; + $array['contact_emails'][0]['email_address'] = $row['contact_email']; + + $p = new permissions; + $p->add('contact_email_add', 'temp'); + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_email_add', 'temp'); //verify and remove value from old field - $sql2 = "select email_address from v_contact_emails "; - $sql2 .= "where domain_uuid = '".$row['domain_uuid']."' "; - $sql2 .= "and contact_uuid = '".$row['contact_uuid']."' "; - $sql2 .= "and email_address = '".$row['contact_email']."' "; - $prep_statement2 = $db->prepare(check_sql($sql2)); - $prep_statement2->execute(); - $result2 = $prep_statement2->fetchAll(PDO::FETCH_NAMED); - $result_count2 = count($result2); - if ($result_count2 > 0) { - $sql3 = "update v_contacts set contact_email = '' "; - $sql3 .= "where domain_uuid = '".$row['domain_uuid']."' "; - $sql3 .= "and contact_uuid = '".$row['contact_uuid']."' "; - $prep_statement3 = $db->prepare(check_sql($sql3)); - $prep_statement3->execute(); - unset($sql3, $prep_statement3); + $sql = "select email_address from v_contact_emails "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $sql .= "and email_address = :email_address "; + $parameters['domain_uuid'] = $row['domain_uuid']; + $parameters['contact_uuid'] = $row['contact_uuid']; + $parameters['email_address'] = $row['contact_email']; + $database = new database; + $result_2 = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + + if (is_array($result_2) && @sizeof($result_2) != 0) { + $sql = "update v_contacts set contact_email = null "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $parameters['domain_uuid'] = $row['domain_uuid']; + $parameters['contact_uuid'] = $row['contact_uuid']; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); } - unset($sql2, $result2, $prep_statement2); + unset($result_2); } } + unset($result, $row); } unset($obj); @@ -120,52 +130,55 @@ if ($domains_processed == 1) { if ($field_exists) { // get email records $sql = "select * from v_contacts where contact_url is not null and contact_url != ''"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); - if ($result_count > 0) { + $database = new database; + $result = $database->select($sql); + unset($sql); + + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { - $sql = "insert into v_contact_urls "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_url_uuid, "; - $sql .= "url_primary, "; - $sql .= "url_address"; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$row['domain_uuid']."', "; - $sql .= "'".$row['contact_uuid']."', "; - $sql .= "'".uuid()."', "; - $sql .= "1, "; - $sql .= "'".$row['contact_url']."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_urls'][0]['contact_url_uuid'] = uuid(); + $array['contact_urls'][0]['domain_uuid'] = $row['domain_uuid']; + $array['contact_urls'][0]['contact_uuid'] = $row['contact_uuid']; + $array['contact_urls'][0]['url_primary'] = 1; + $array['contact_urls'][0]['url_address'] = $row['contact_url']; + + $p = new permissions; + $p->add('contact_url_add', 'temp'); + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_url_add', 'temp'); //verify and remove value from old field - $sql2 = "select url_address from v_contact_urls "; - $sql2 .= "where domain_uuid = '".$row['domain_uuid']."' "; - $sql2 .= "and contact_uuid = '".$row['contact_uuid']."' "; - $sql2 .= "and url_address = '".$row['contact_url']."' "; - $prep_statement2 = $db->prepare(check_sql($sql2)); - $prep_statement2->execute(); - $result2 = $prep_statement2->fetchAll(PDO::FETCH_NAMED); - $result_count2 = count($result2); - if ($result_count2 > 0) { - $sql3 = "update v_contacts set contact_url = '' "; - $sql3 .= "where domain_uuid = '".$row['domain_uuid']."' "; - $sql3 .= "and contact_uuid = '".$row['contact_uuid']."' "; - $prep_statement3 = $db->prepare(check_sql($sql3)); - $prep_statement3->execute(); - unset($sql3, $prep_statement3); + $sql = "select url_address from v_contact_urls "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $sql .= "and url_address = :url_address "; + $parameters['domain_uuid'] = $row['domain_uuid']; + $parameters['contact_uuid'] = $row['contact_uuid']; + $parameters['url_address'] = $row['contact_url']; + $database = new database; + $result_2 = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + + if (is_array($result_2) && @sizeof($result_2) != 0) { + $sql = "update v_contacts set contact_url = '' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $parameters['domain_uuid'] = $row['domain_uuid']; + $parameters['contact_uuid'] = $row['contact_uuid']; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); } - unset($sql2, $result2, $prep_statement2); + unset($result_2); } } + unset($result, $row); } unset($obj); @@ -175,44 +188,48 @@ if ($domains_processed == 1) { foreach ($name_tables as $name_index => $name_table) { $sql = "update v_contact_".$name_table." set ".$name_fields[$name_index]."_primary = 0 "; $sql .= "where ".$name_fields[$name_index]."_primary is null "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql, $prep_statement); + $database = new database; + $database->execute($sql); + unset($sql); } - unset($name_tables, $name_fields); + unset($name_tables, $name_fields, $name_index, $name_table); //move the users from the contact groups table into the contact users table $sql = "select * from v_contact_groups "; $sql .= "where group_uuid in (select user_uuid from v_users) "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $sql = "insert into v_contact_users "; - $sql .= "( "; - $sql .= "contact_user_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "user_uuid "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".uuid()."', "; - $sql .= "'".$row["domain_uuid"]."', "; - $sql .= "'".$row["contact_uuid"]."', "; - $sql .= "'".$row["group_uuid"]."' "; - $sql .= ");"; - //echo $sql."\n"; - $db->exec($sql); - unset($sql); + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as &$row) { + $p = new permissions; + $p->add('contact_user_add', 'temp'); + $p->add('contact_group_delete', 'temp'); + + $array['contact_users'][0]['contact_user_uuid'] = uuid(); + $array['contact_users'][0]['domain_uuid'] = $row["domain_uuid"]; + $array['contact_users'][0]['contact_uuid'] = $row["contact_uuid"]; + $array['contact_users'][0]['user_uuid'] = $row["group_uuid"]; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $array['contact_groups'][0]['contact_group_uuid'] = $row["contact_group_uuid"]; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + $p->delete('contact_user_add', 'temp'); + $p->delete('contact_group_delete', 'temp'); + } - $sql = "delete from v_contact_groups "; - $sql .= "where contact_group_uuid = '".$row["contact_group_uuid"]."';"; - //echo $sql."\n"; - $db->exec($sql); - unset($sql); } - unset ($prep_statement); + unset($sql, $result, $row); } diff --git a/app/contacts/contact_address_delete.php b/app/contacts/contact_address_delete.php index f5ca8161ea..8ad868d530 100644 --- a/app/contacts/contact_address_delete.php +++ b/app/contacts/contact_address_delete.php @@ -39,23 +39,24 @@ else { $text = $language->get(); //get the http values and set as variables - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); - $contact_uuid = check_str($_GET["contact_uuid"]); - } + $contact_address_uuid = $_GET["id"]; + $contact_uuid = $_GET["contact_uuid"]; //delete the record - if (strlen($id) > 0) { - $sql = "delete from v_contact_addresses "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_address_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + if (is_uuid($contact_address_uuid) && is_uuid($contact_uuid)) { + $array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid; + $array['contact_addresses'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); } //redirect the browser - message::add($text['message-delete']); header("Location: contact_edit.php?id=".$contact_uuid); return; diff --git a/app/contacts/contact_address_edit.php b/app/contacts/contact_address_edit.php index 66bba572e9..ca539b8c59 100644 --- a/app/contacts/contact_address_edit.php +++ b/app/contacts/contact_address_edit.php @@ -40,38 +40,38 @@ else { $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $contact_address_uuid = check_str($_REQUEST["id"]); + $contact_address_uuid = $_REQUEST["id"]; } else { $action = "add"; } //get the contact uuid - if (strlen($_GET["contact_uuid"]) > 0) { - $contact_uuid = check_str($_GET["contact_uuid"]); + if (is_uuid($_GET["contact_uuid"])) { + $contact_uuid = $_GET["contact_uuid"]; } //get http post variables and set them to php variables if (count($_POST)>0) { - $address_type = check_str($_POST["address_type"]); - $address_label = check_str($_POST["address_label"]); - $address_label_custom = check_str($_POST["address_label_custom"]); - $address_street = check_str($_POST["address_street"]); - $address_extended = check_str($_POST["address_extended"]); - $address_community = check_str($_POST["address_community"]); - $address_locality = check_str($_POST["address_locality"]); - $address_region = check_str($_POST["address_region"]); - $address_postal_code = check_str($_POST["address_postal_code"]); - $address_country = check_str($_POST["address_country"]); - $address_latitude = check_str($_POST["address_latitude"]); - $address_longitude = check_str($_POST["address_longitude"]); - $address_primary = check_str($_POST["address_primary"]); - $address_description = check_str($_POST["address_description"]); + $address_type = $_POST["address_type"]; + $address_label = $_POST["address_label"]; + $address_label_custom = $_POST["address_label_custom"]; + $address_street = $_POST["address_street"]; + $address_extended = $_POST["address_extended"]; + $address_community = $_POST["address_community"]; + $address_locality = $_POST["address_locality"]; + $address_region = $_POST["address_region"]; + $address_postal_code = $_POST["address_postal_code"]; + $address_country = $_POST["address_country"]; + $address_latitude = $_POST["address_latitude"]; + $address_longitude = $_POST["address_longitude"]; + $address_primary = $_POST["address_primary"]; + $address_description = $_POST["address_description"]; //use custom label if set - $address_label = ($address_label_custom != '') ? $address_label_custom : $address_label; + $address_label = $address_label_custom != '' ? $address_label_custom : $address_label; } //process the form data @@ -79,7 +79,7 @@ else { //set the uuid if ($action == "update") { - $contact_address_uuid = check_str($_POST["contact_address_uuid"]); + $contact_address_uuid = $_POST["contact_address_uuid"]; } //check for all required data @@ -101,109 +101,88 @@ else { if ($_POST["persistformvar"] != "true") { //update last modified - $sql = "update v_contacts set "; - $sql .= "last_mod_date = now(), "; - $sql .= "last_mod_user = '".$_SESSION['username']."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][0]['contact_uuid'] = $contact_uuid; + $array['contacts'][0]['domain_uuid'] = $domain_uuid; + $array['contacts'][0]['last_mod_date'] = 'now()'; + $array['contacts'][0]['last_mod_user'] = $_SESSION['username']; - //if primary, unmark other primary numbers - if ($address_primary) { - $sql = "update v_contact_addresses set address_primary = 0 "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); - } + $p = new permissions; + $p->add('contact_edit', 'temp'); - if ($action == "add") { + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_edit', 'temp'); + + //if primary, unmark other primary addresses + if ($email_primary) { + $sql = "update v_contact_addresses set address_primary = 0 "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); + } + + if ($action == "add" && permission_exists('contact_address_add')) { $contact_address_uuid = uuid(); - $sql = "insert into v_contact_addresses "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_address_uuid, "; - $sql .= "address_type, "; - $sql .= "address_label, "; - $sql .= "address_street, "; - $sql .= "address_extended, "; - $sql .= "address_community, "; - $sql .= "address_locality, "; - $sql .= "address_region, "; - $sql .= "address_postal_code, "; - $sql .= "address_country, "; - $sql .= "address_latitude, "; - $sql .= "address_longitude, "; - $sql .= "address_primary, "; - $sql .= "address_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$contact_address_uuid."', "; - $sql .= "'".$address_type."', "; - $sql .= "'".$address_label."', "; - $sql .= "'".$address_street."', "; - $sql .= "'".$address_extended."', "; - $sql .= "'".$address_community."', "; - $sql .= "'".$address_locality."', "; - $sql .= "'".$address_region."', "; - $sql .= "'".$address_postal_code."', "; - $sql .= "'".$address_country."', "; - $sql .= "'".$address_latitude."', "; - $sql .= "'".$address_longitude."', "; - $sql .= (($address_primary) ? 1 : 0).", "; - $sql .= "'".$address_description."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid; message::add($text['message-add']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "add") + } - if ($action == "update") { - $sql = "update v_contact_addresses set "; - $sql .= "contact_uuid = '".$contact_uuid."', "; - $sql .= "address_type = '".$address_type."', "; - $sql .= "address_label = '".$address_label."', "; - $sql .= "address_street = '".$address_street."', "; - $sql .= "address_extended = '".$address_extended."', "; - $sql .= "address_community = '".$address_community."', "; - $sql .= "address_locality = '".$address_locality."', "; - $sql .= "address_region = '".$address_region."', "; - $sql .= "address_postal_code = '".$address_postal_code."', "; - $sql .= "address_country = '".$address_country."', "; - $sql .= "address_latitude = '".$address_latitude."', "; - $sql .= "address_longitude = '".$address_longitude."', "; - $sql .= "address_primary = ".(($address_primary) ? 1 : 0).", "; - $sql .= "address_description = '".$address_description."' "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_address_uuid = '".$contact_address_uuid."'"; - $db->exec(check_sql($sql)); - unset($sql); + if ($action == "update" && permission_exists('contact_address_edit')) { + $array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid; message::add($text['message-update']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } + + if (is_array($array) && @sizeof($array) != 0) { + $array['contact_addresses'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_addresses'][0]['contact_uuid'] = $contact_uuid; + $array['contact_addresses'][0]['address_type'] = $address_type; + $array['contact_addresses'][0]['address_label'] = $address_label; + $array['contact_addresses'][0]['address_street'] = $address_street; + $array['contact_addresses'][0]['address_extended'] = $address_extended; + $array['contact_addresses'][0]['address_community'] = $address_community; + $array['contact_addresses'][0]['address_locality'] = $address_locality; + $array['contact_addresses'][0]['address_region'] = $address_region; + $array['contact_addresses'][0]['address_postal_code'] = $address_postal_code; + $array['contact_addresses'][0]['address_country'] = $address_country; + $array['contact_addresses'][0]['address_latitude'] = $address_latitude; + $array['contact_addresses'][0]['address_longitude'] = $address_longitude; + $array['contact_addresses'][0]['address_primary'] = $address_primary ? 1 : 0; + $array['contact_addresses'][0]['address_description'] = $address_description; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + } + + header("Location: contact_edit.php?id=".$contact_uuid); + exit; + + } + } //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { $contact_address_uuid = $_GET["id"]; $sql = "select * from v_contact_addresses "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_address_uuid = '$contact_address_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_address_uuid = :contact_address_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_address_uuid'] = $contact_address_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $address_type = $row["address_type"]; $address_label = $row["address_label"]; $address_street = $row["address_street"]; @@ -217,9 +196,8 @@ else { $address_longitude = $row["address_longitude"]; $address_primary = $row["address_primary"]; $address_description = $row["address_description"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header @@ -404,7 +382,7 @@ else { echo " ".$text['label-address_latitude']."\n"; echo "\n"; echo "\n"; - echo " \n"; + echo " \n"; echo "
\n"; echo $text['description-address_latitude']."\n"; echo "\n"; @@ -415,7 +393,7 @@ else { echo " ".$text['label-address_longitude']."\n"; echo "\n"; echo "\n"; - echo " \n"; + echo " \n"; echo "
\n"; echo $text['description-address_longitude']."\n"; echo "\n"; diff --git a/app/contacts/contact_addresses.php b/app/contacts/contact_addresses.php index 48bc5ab0b6..c66b5ff76e 100644 --- a/app/contacts/contact_addresses.php +++ b/app/contacts/contact_addresses.php @@ -48,14 +48,14 @@ //get the contact list $sql = "select * from v_contact_addresses "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '$contact_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "order by address_primary desc, address_label asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); $c = 0; $row_style["0"] = "row_style0"; @@ -77,7 +77,7 @@ echo "\n"; echo "\n"; - if ($result_count > 0) { + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { $map_query = escape($row['address_street'])." ".escape($row['address_extended']).", ".escape($row['address_locality']).", ".escape($row['address_region']).", ".escape($row['address_region']).", ".escape($row['address_postal_code']); if (permission_exists('contact_address_edit')) { @@ -102,9 +102,9 @@ echo " \n"; echo "\n"; $c = ($c) ? 0 : 1; - } //end foreach - unset($sql, $result, $row_count); - } //end if results + } + unset($result, $row); + } echo ""; diff --git a/app/contacts/contact_attachment.php b/app/contacts/contact_attachment.php index 739f0a2086..573974595f 100644 --- a/app/contacts/contact_attachment.php +++ b/app/contacts/contact_attachment.php @@ -40,12 +40,13 @@ if (is_uuid($contact_attachment_uuid)) { $sql = "select attachment_filename, attachment_content from v_contact_attachments "; - $sql .= "where contact_attachment_uuid = '".$contact_attachment_uuid."' "; - $sql .= "and (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $attachment = $prep_statement->fetch(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql .= "where contact_attachment_uuid = :contact_attachment_uuid "; + $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) "; + $parameters['contact_attachment_uuid'] = $contact_attachment_uuid; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $attachment = $database->select($sql, $parameters, 'row'); + unset($sql, $parameters); $attachment_type = strtolower(pathinfo($attachment['attachment_filename'], PATHINFO_EXTENSION)); diff --git a/app/contacts/contact_attachment_delete.php b/app/contacts/contact_attachment_delete.php index eae65c5550..30048eab45 100644 --- a/app/contacts/contact_attachment_delete.php +++ b/app/contacts/contact_attachment_delete.php @@ -39,25 +39,26 @@ $text = $language->get(); //get the http values and set as variables - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); - $contact_uuid = check_str($_GET["contact_uuid"]); - } + $contact_attachment_uuid = $_GET["id"]; + $contact_uuid = $_GET["contact_uuid"]; //delete the record - if (is_uuid($id)) { - $sql = "delete from v_contact_attachments "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and contact_attachment_uuid = :contact_attachment_uuid "; - $bind[':contact_attachment_uuid'] = $id; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(is_array($bind) ? $bind : null); - unset($sql); + if (is_uuid($contact_attachment_uuid) && is_uuid($contact_uuid)) { + $array['contact_attachments'][0]['contact_attachment_uuid'] = $contact_attachment_uuid; + $array['contact_attachments'][0]['domain_uuid'] = $domain_uuid; + $array['contact_attachments'][0]['contact_uuid'] = $contact_uuid; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); } -//redirect the browser - message::add($text['message-delete']); +//redirect header("Location: contact_edit.php?id=".$contact_uuid); - return; + exit; ?> \ No newline at end of file diff --git a/app/contacts/contact_attachment_edit.php b/app/contacts/contact_attachment_edit.php index 1c57963412..3b076cd6ed 100644 --- a/app/contacts/contact_attachment_edit.php +++ b/app/contacts/contact_attachment_edit.php @@ -57,8 +57,8 @@ if (is_array($_POST) && sizeof($_POST) != 0) { $attachment = $_FILES['attachment']; - $attachment_primary = check_str($_POST['attachment_primary']); - $attachment_description = check_str($_POST['attachment_description']); + $attachment_primary = $_POST['attachment_primary']; + $attachment_description = $_POST['attachment_description']; if (!is_array($attachment) || sizeof($attachment) == 0) { $attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION)); @@ -68,12 +68,18 @@ } //unflag others as primary + $allowed_primary_attachment = false; if ($attachment_primary && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) { $sql = "update v_contact_attachments set attachment_primary = 0 "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); + + $allowed_primary_attachment = true; } //format array @@ -81,7 +87,7 @@ $array['contact_attachments'][$index]['contact_attachment_uuid'] = $action == 'update' ? $contact_attachment_uuid : uuid(); $array['contact_attachments'][$index]['domain_uuid'] = $_SESSION['domain_uuid']; $array['contact_attachments'][$index]['contact_uuid'] = $contact_uuid; - $array['contact_attachments'][$index]['attachment_primary'] = $attachment_primary == '1' && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') ? 1 : 0; + $array['contact_attachments'][$index]['attachment_primary'] = $allowed_primary_attachment ? 1 : 0; if ($attachment['error'] == '0' && in_array(strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)), $allowed_extensions)) { $array['contact_attachments'][$index]['attachment_filename'] = $attachment['name']; $array['contact_attachments'][$index]['attachment_content'] = base64_encode(file_get_contents($attachment['tmp_name'])); @@ -96,8 +102,8 @@ $database = new database; $database->app_name = 'contacts'; $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; - $database->uuid($contact_attachment_uuid); $database->save($array); + unset($array); //redirect message::add($text['message-message_'.($action == 'update' ? 'updated' : 'added')]); @@ -109,17 +115,19 @@ //get form data if (is_array($_GET) && sizeof($_GET) != 0) { $sql = "select * from v_contact_attachments "; - $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and contact_attachment_uuid = :contact_attachment_uuid "; - $bind[':contact_attachment_uuid'] = $contact_attachment_uuid; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(is_array($bind) ? $bind : null); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); - $attachment_primary = $row["attachment_primary"]; - $attachment_filename = $row["attachment_filename"]; - $attachment_content = $row["attachment_content"]; - $attachment_description = $row["attachment_description"]; - unset($sql, $bind, $prep_statement, $row); + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_attachment_uuid'] = $contact_attachment_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $attachment_primary = $row["attachment_primary"]; + $attachment_filename = $row["attachment_filename"]; + $attachment_content = $row["attachment_content"]; + $attachment_description = $row["attachment_description"]; + } + unset($sql, $parameters, $row); } //show the header diff --git a/app/contacts/contact_attachments.php b/app/contacts/contact_attachments.php index 3a6329732e..be3517cf11 100644 --- a/app/contacts/contact_attachments.php +++ b/app/contacts/contact_attachments.php @@ -36,13 +36,14 @@ //get the contact attachment list $sql = "select *, length(decode(attachment_content,'base64')) as attachment_size from v_contact_attachments "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and contact_uuid = '$contact_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "order by attachment_primary desc, attachment_filename asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $contact_attachments = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $contact_attachments = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set the row style $c = 0; @@ -82,7 +83,7 @@ } echo "\n"; echo "\n"; - if (is_array($contact_attachments)) { + if (is_array($contact_attachments) && @sizeof($contact_attachments) != 0) { foreach($contact_attachments as $row) { if (permission_exists('contact_attachment_edit')) { $tr_link = "href='contact_attachment_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_attachment_uuid'])."'"; @@ -110,8 +111,8 @@ echo "\n"; $c = $c ?: 1; } - unset($sql, $contact_attachments); } + unset($contact_attachments, $row); echo ""; diff --git a/app/contacts/contact_auth.php b/app/contacts/contact_auth.php index 629c32500e..c40e41a69e 100644 --- a/app/contacts/contact_auth.php +++ b/app/contacts/contact_auth.php @@ -110,6 +110,7 @@ if ($_SESSION['contact_auth']['source'] == 'google') { } else { + message::add($text['message-access_denied'], 'negative'); header("Location: ".$_SESSION['contact_auth']['referer']); unset($_SESSION['contact_auth']); diff --git a/app/contacts/contact_delete.php b/app/contacts/contact_delete.php index c58a78052d..c8dc001c10 100644 --- a/app/contacts/contact_delete.php +++ b/app/contacts/contact_delete.php @@ -40,109 +40,61 @@ if (!$included) { $language = new text; $text = $language->get(); - if (count($_GET)>0) { - $contact_uuid = check_str($_GET["id"]); - } + $contact_uuid = $_GET["id"]; } if (is_uuid($contact_uuid)) { - //delete addresses - $sql = "delete from v_contact_addresses "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = :contact_uuid "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); - //delete phones - $sql = "delete from v_contact_phones "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); + //specify tables + $tables[] = 'contact_addresses'; + $tables[] = 'contact_attachments'; + $tables[] = 'contact_emails'; + $tables[] = 'contact_groups'; + $tables[] = 'contact_notes'; + $tables[] = 'contact_phones'; + $tables[] = 'contact_relations'; + $tables[] = 'contact_settings'; + $tables[] = 'contact_times'; + $tables[] = 'contact_urls'; + $tables[] = 'contact_users'; + $tables[] = 'contacts'; - //delete emails - $sql = "delete from v_contact_emails "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); + //create array from tables + foreach ($tables as $table) { + $array[$table][0]['contact_uuid'] = $contact_uuid; + $array[$table][0]['domain_uuid'] = $_SESSION['domain_uuid']; + } - //delete urls - $sql = "delete from v_contact_urls "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); + //include reciprocal relationships + $array['contact_relations'][1]['relation_contact_uuid'] = $contact_uuid; + $array['contact_relations'][1]['domain_uuid'] = $_SESSION['domain_uuid']; - //delete notes - $sql = "delete from v_contact_notes "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); + //grant temp permissions + $p = new permissions; + $database = new database; + foreach ($tables as $table) { + $p->add($database->singular($table).'_delete', 'temp'); + } - //delete relations - $sql = "delete from v_contact_relations "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and "; - $sql .= "( "; - $sql .= " contact_uuid = '".$contact_uuid."' "; - $sql .= " or relation_contact_uuid = '".$contact_uuid."' "; - $sql .= ") "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); + //execute + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); - //delete settings - $sql = "delete from v_contact_settings "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); + //revoke temp permissions + foreach ($tables as $table) { + $p->delete($database->singular($table).'_delete', 'temp'); + } - //delete attachments - $sql = "delete from v_contact_attachments "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); - - //delete contact users - $sql = "delete from v_contact_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); - - //delete contact groups - $sql = "delete from v_contact_groups "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); - - //delete a contact - $sql = "delete from v_contacts "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement, $sql); + //set message + message::add($text['message-delete']); } if (!$included) { - message::add($text['message-delete']); header("Location: contacts.php"); - return; + exit; } ?> diff --git a/app/contacts/contact_edit.php b/app/contacts/contact_edit.php index 2526c79b0c..3f9a094106 100644 --- a/app/contacts/contact_edit.php +++ b/app/contacts/contact_edit.php @@ -43,9 +43,9 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $contact_uuid = check_str($_REQUEST["id"]); + $contact_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -53,21 +53,21 @@ //get http post variables and set them to php variables if (count($_POST) > 0) { - $user_uuid = check_str($_POST["user_uuid"]); + $user_uuid = $_POST["user_uuid"]; $group_uuid = $_POST['group_uuid']; - $contact_type = check_str($_POST["contact_type"]); - $contact_organization = check_str($_POST["contact_organization"]); - $contact_name_prefix = check_str($_POST["contact_name_prefix"]); - $contact_name_given = check_str($_POST["contact_name_given"]); - $contact_name_middle = check_str($_POST["contact_name_middle"]); - $contact_name_family = check_str($_POST["contact_name_family"]); - $contact_name_suffix = check_str($_POST["contact_name_suffix"]); - $contact_nickname = check_str($_POST["contact_nickname"]); - $contact_title = check_str($_POST["contact_title"]); - $contact_category = check_str($_POST["contact_category"]); - $contact_role = check_str($_POST["contact_role"]); - $contact_time_zone = check_str($_POST["contact_time_zone"]); - $contact_note = check_str($_POST["contact_note"]); + $contact_type = $_POST["contact_type"]; + $contact_organization = $_POST["contact_organization"]; + $contact_name_prefix = $_POST["contact_name_prefix"]; + $contact_name_given = $_POST["contact_name_given"]; + $contact_name_middle = $_POST["contact_name_middle"]; + $contact_name_family = $_POST["contact_name_family"]; + $contact_name_suffix = $_POST["contact_name_suffix"]; + $contact_nickname = $_POST["contact_nickname"]; + $contact_title = $_POST["contact_title"]; + $contact_category = $_POST["contact_category"]; + $contact_role = $_POST["contact_role"]; + $contact_time_zone = $_POST["contact_time_zone"]; + $contact_note = $_POST["contact_note"]; } //process the form data @@ -75,7 +75,7 @@ //set the uuid if ($action == "update") { - $contact_uuid = check_str($_POST["contact_uuid"]); + $contact_uuid = $_POST["contact_uuid"]; } //check for all required data @@ -111,79 +111,41 @@ //add the contact if ($action == "add" && permission_exists('contact_add')) { $contact_uuid = uuid(); - $sql = "insert into v_contacts "; - $sql .= "( "; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_type, "; - $sql .= "contact_organization, "; - $sql .= "contact_name_prefix, "; - $sql .= "contact_name_given, "; - $sql .= "contact_name_middle, "; - $sql .= "contact_name_family, "; - $sql .= "contact_name_suffix, "; - $sql .= "contact_nickname, "; - $sql .= "contact_title, "; - $sql .= "contact_category, "; - $sql .= "contact_role, "; - $sql .= "contact_time_zone, "; - $sql .= "contact_note, "; - $sql .= "last_mod_date, "; - $sql .= "last_mod_user "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$contact_type."', "; - $sql .= "'".$contact_organization."', "; - $sql .= "'".$contact_name_prefix."', "; - $sql .= "'".$contact_name_given."', "; - $sql .= "'".$contact_name_middle."', "; - $sql .= "'".$contact_name_family."', "; - $sql .= "'".$contact_name_suffix."', "; - $sql .= "'".$contact_nickname."', "; - $sql .= "'".$contact_title."', "; - $sql .= "'".$contact_category."', "; - $sql .= "'".$contact_role."', "; - $sql .= "'".$contact_time_zone."', "; - $sql .= "'".$contact_note."', "; - $sql .= "now(), "; - $sql .= "'".$_SESSION['username']."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][0]['contact_uuid'] = $contact_uuid; message::add($text['message-add']); $location = "contact_edit.php?id=".$contact_uuid; - } //if ($action == "add") + } //update the contact if ($action == "update" && permission_exists('contact_edit')) { - $sql = "update v_contacts set "; - $sql .= "contact_type = '".$contact_type."', "; - $sql .= "contact_organization = '".$contact_organization."', "; - $sql .= "contact_name_prefix = '".$contact_name_prefix."', "; - $sql .= "contact_name_given = '".$contact_name_given."', "; - $sql .= "contact_name_middle = '".$contact_name_middle."', "; - $sql .= "contact_name_family = '".$contact_name_family."', "; - $sql .= "contact_name_suffix = '".$contact_name_suffix."', "; - $sql .= "contact_nickname = '".$contact_nickname."', "; - $sql .= "contact_title = '".$contact_title."', "; - $sql .= "contact_category = '".$contact_category."', "; - $sql .= "contact_role = '".$contact_role."', "; - $sql .= "contact_time_zone = '".$contact_time_zone."', "; - $sql .= "contact_note = '".$contact_note."', "; - $sql .= "last_mod_date = now(), "; - $sql .= "last_mod_user = '".$_SESSION['username']."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][0]['contact_uuid'] = $contact_uuid; message::add($text['message-update']); $location = "contact_edit.php?id=".escape($contact_uuid); - } //if ($action == "update") + } + + //create array + if (is_array($array) && @sizeof($array) != 0) { + $array['contacts'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contacts'][0]['contact_type'] = $contact_type; + $array['contacts'][0]['contact_organization'] = $contact_organization; + $array['contacts'][0]['contact_name_prefix'] = $contact_name_prefix; + $array['contacts'][0]['contact_name_given'] = $contact_name_given; + $array['contacts'][0]['contact_name_middle'] = $contact_name_middle; + $array['contacts'][0]['contact_name_family'] = $contact_name_family; + $array['contacts'][0]['contact_name_suffix'] = $contact_name_suffix; + $array['contacts'][0]['contact_nickname'] = $contact_nickname; + $array['contacts'][0]['contact_title'] = $contact_title; + $array['contacts'][0]['contact_category'] = $contact_category; + $array['contacts'][0]['contact_role'] = $contact_role; + $array['contacts'][0]['contact_time_zone'] = $contact_time_zone; + $array['contacts'][0]['contact_note'] = $contact_note; + $array['contacts'][0]['last_mod_date'] = 'now()'; + $array['contacts'][0]['last_mod_user'] = $_SESSION['username']; + + $p = new permissions; + } //assign the contact to the user that added the contact if ($action == "add" && !permission_exists('contact_user_add')) { @@ -191,50 +153,37 @@ } //add user to contact users table - if ($user_uuid != '') { + if (is_uuid($user_uuid) && (permission_exists('contact_user_add') || $action == "add")) { $contact_user_uuid = uuid(); - $sql = "insert into v_contact_users "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_user_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "user_uuid "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'$contact_user_uuid', "; - $sql .= "'$contact_uuid', "; - $sql .= "'$user_uuid' "; - $sql .= ")"; - if (permission_exists('contact_user_add')) { - $db->exec(check_sql($sql)); - } - elseif ($action == "add") { - //add the contact to the user that created it - $db->exec(check_sql($sql)); - } - unset($sql); + $array['contact_users'][0]['domain_uuid'] = $domain_uuid; + $array['contact_users'][0]['contact_user_uuid'] = $contact_user_uuid; + $array['contact_users'][0]['contact_uuid'] = $contact_uuid; + $array['contact_users'][0]['user_uuid'] = $user_uuid; + + $p->add('contact_user_add', 'temp'); } //assign the contact to the group - if ($group_uuid != '' && permission_exists('contact_group_add')) { - $sql = "insert into v_contact_groups "; - $sql .= "( "; - $sql .= "contact_group_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "group_uuid "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".uuid()."', "; - $sql .= "'".$domain_uuid."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$group_uuid."' "; - $sql .= ") "; - $db->exec(check_sql($sql)); - unset($sql); + if (is_uuid($group_uuid) && permission_exists('contact_group_add')) { + $contact_group_uuid = uuid(); + $array['contact_group'][0]['contact_group_uuid'] = $contact_group_uuid; + $array['contact_group'][0]['domain_uuid'] = $domain_uuid; + $array['contact_group'][0]['contact_uuid'] = $contact_uuid; + $array['contact_group'][0]['group_uuid'] = $group_uuid; + + $p->add('contact_group_add', 'temp'); + } + + //execute + if (is_array($array) && @sizeof($array) != 0) { + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_user_add', 'temp'); + $p->delete('contact_group_add', 'temp'); } //handle redirect @@ -244,21 +193,22 @@ //redirect the browser header("Location: ".$location); - return; + exit; - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } + } //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { $contact_uuid = $_GET["id"]; $sql = "select * from v_contacts "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '$contact_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $contact_type = $row["contact_type"]; $contact_organization = $row["contact_organization"]; $contact_name_prefix = $row["contact_name_prefix"]; @@ -273,17 +223,17 @@ $contact_time_zone = $row["contact_time_zone"]; $contact_note = $row["contact_note"]; } - unset ($prep_statement, $sql); + unset($sql, $parameters, $row); } //get the users array - $sql = "SELECT * FROM v_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql = "select * from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "order by username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $users = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $users = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //determine if contact assigned to a user if (is_array($users) && sizeof($users) != 0) { @@ -296,16 +246,17 @@ } //get the users assigned to this contact - $sql = "SELECT u.username, u.user_uuid, a.contact_user_uuid FROM v_contacts as c, v_users as u, v_contact_users as a "; - $sql .= "where c.contact_uuid = '".$contact_uuid."' "; - $sql .= "and c.domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql = "select u.username, u.user_uuid, a.contact_user_uuid from v_contacts as c, v_users as u, v_contact_users as a "; + $sql .= "where c.contact_uuid = :contact_uuid "; + $sql .= "and c.domain_uuid = :domain_uuid "; $sql .= "and u.user_uuid = a.user_uuid "; $sql .= "and c.contact_uuid = a.contact_uuid "; $sql .= "order by u.username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $contact_users = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($prep_statement, $sql); + $parameters['contact_uuid'] = $contact_uuid; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $contact_users = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //show the header require_once "resources/header.php"; @@ -390,8 +341,8 @@ echo "\n"; echo ""; switch ($action) { - case "add" : echo $text['header-contact-add']; break; - case "update" : echo $text['header-contact-edit']; break; + case "add": echo $text['header-contact-add']; break; + case "update": echo $text['header-contact-edit']; break; } echo "\n"; echo "\n"; @@ -402,20 +353,19 @@ $sql = "select "; $sql .= "time_start "; $sql .= "from v_contact_times "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and user_uuid = '".$_SESSION['user']['user_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and user_uuid = :user_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "and time_start is not null "; $sql .= "and time_stop is null "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - if ($result['time_start'] != '') { - $time_start = $result['time_start']; - $btn_mod = "style='background-color: #3693df; background-image: none;'"; - } - unset ($sql, $prep_statement, $result); - echo " \n"; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['user_uuid'] = $_SESSION['user']['user_uuid']; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $time_start = $database->select($sql, $parameters, 'column'); + $btn_mod = $time_start != '' ? "style='background-color: #3693df; background-image: none;'" : null; + unset($sql, $parameters); + echo " \n"; } echo " \n"; echo " \n"; @@ -686,15 +636,16 @@ $sql .= "v_contact_groups as cg "; $sql .= "where "; $sql .= "cg.group_uuid = g.group_uuid "; - $sql .= "and cg.domain_uuid = '".$domain_uuid."' "; - $sql .= "and cg.contact_uuid = '".$contact_uuid."' "; - $sql .= "and cg.group_uuid <> '".$_SESSION["user_uuid"]."' "; + $sql .= "and cg.domain_uuid = :domain_uuid "; + $sql .= "and cg.contact_uuid = :contact_uuid "; + $sql .= "and cg.group_uuid <> :group_uuid "; $sql .= "order by g.group_name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - if ($result_count > 0) { + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $parameters['group_uuid'] = $_SESSION["user_uuid"]; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { echo " \n"; foreach($result as $field) { if (strlen($field['group_name']) > 0) { @@ -712,21 +663,28 @@ echo "
\n"; echo "
\n"; } - unset($sql, $prep_statement, $result, $field); + unset($sql, $parameters, $result, $field); if (permission_exists('contact_group_add') || if_group("superadmin")) { $sql = "select * from v_groups "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "or domain_uuid is null "; - if (sizeof($assigned_groups) > 0) { - $sql .= "and group_uuid not in ('".implode("','",$assigned_groups)."') "; + if (is_array($assigned_groups) && @sizeof($assigned_groups) != 0) { + foreach ($assigned_groups as $index => $assigned_group) { + $sql_where_and[] = "group_uuid <> :group_uuid_".$index." "; + $parameters['group_uuid_'.$index] = $assigned_group; + } + if (is_array($sql_where_and) && @sizeof($sql_where_and) != 0) { + $sql .= "and ".implode(' and ', $sql_where_and)." "; + } } $sql .= "order by group_name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - if ($result_count > 0) { + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $sql_where_and, $index, $parameters, $assigned_groups, $assigned_group); + + if (is_array($result) && @sizeof($result) != 0) { echo "