Misc: Database class integration.

2019-08-28 21:02:08 -06:00 · 2019-08-28 21:02:08 -06:00 · 3d15a1c8b6
parent d89c0f172a
commit 3d15a1c8b6
23 changed files with 403 additions and 396 deletions
--- a/app/access_controls/app_defaults.php
+++ b/app/access_controls/app_defaults.php
@ -120,7 +120,6 @@
 							$p->delete('access_control_node_add', 'temp');
 					}
 				}
 				unset($prep_statement);
 			//rename the file
 				if (file_exists($xml_dir.'/acl.conf.xml')) {
--- a/app/call_broadcast/call_broadcast_edit.php
+++ b/app/call_broadcast/call_broadcast_edit.php
@ -366,18 +366,21 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 	//echo "		<option></option>\n";
 	//$sql = "";
 	//$sql .= "select * from v_recordings ";
-	//$sql .= "where domain_uuid = '$domain_uuid' ";
+	//$sql .= "where domain_uuid = :domain_uuid ";
-	//$prep_statement = $db->prepare(check_sql($sql));
+	//$parameters['domain_uuid'] = $domain_uuid;
-	//$prep_statement->execute();
+	//$database = new database;
-	//while($row = $prep_statement->fetch()) {
+	//$rows = $database->select($sql, $parameters, 'all');
-	//	if ($recording_uuid == $row['recording_uuid']) {
+	//if (is_array($rows) && @sizeof($rows) != 0) {
-	//		echo "		<option value='".$row['recording_uuid']."' selected='yes'>".escape($row['recordingname'])."</option>\n";
+	//	foreach ($rows as $row) {
-	//	}
+	//		if ($recording_uuid == $row['recording_uuid']) {
-	//	else {
+	//			echo "		<option value='".$row['recording_uuid']."' selected='yes'>".escape($row['recordingname'])."</option>\n";
-	//		echo "		<option value='".$row['recording_uuid']."'>".escape($row['recordingname'])."</option>\n";
+	//		}
 	//		else {
 	//			echo "		<option value='".$row['recording_uuid']."'>".escape($row['recordingname'])."</option>\n";
 	//		}
 	//	}
 	//}
-	//unset ($prep_statement);
+	//unset($sql, $parameters, $rows, $row);
 	//echo "		</select>\n";
 	//echo "<br />\n";
 	//echo "Recording to play when the call is answered.<br />\n";
@ -525,22 +528,24 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		echo "		<select name='user_category' class='formfld'>\n";
 		echo "		<option></option>\n";
 		$sql = "";
-		$sql .= "select distinct(user_category) as user_category from v_users ";
+		$sql .= "select distinct user_category as user_category from v_users ";
-		//$sql .= "where domain_uuid = '$domain_uuid' ";
+		//$sql .= "where domain_uuid = :domain_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		//$parameters['domain_uuid'] = $domain_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		while($row = $prep_statement->fetch()) {
+		$rows = $database->select($sql, null, 'all');
-			if ($user_category   == $row['user_category']) {
+		if (is_array($rows) && @sizeof($rows) != 0) {
-				echo "		<option value='".escape($row['user_category'])."' selected='yes'>".escape($row['user_category'])."</option>\n";
+			foreach ($rows as $row) {
-			}
+				if ($user_category   == $row['user_category']) {
-			else {
+					echo "		<option value='".escape($row['user_category'])."' selected='yes'>".escape($row['user_category'])."</option>\n";
-				echo "		<option value='".escape($row['user_category'])."'>".escape($row['user_category'])."</option>\n";
+				}
 				else {
 					echo "		<option value='".escape($row['user_category'])."'>".escape($row['user_category'])."</option>\n";
 				}
 			}
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $rows, $row);
 		echo "		</select>\n";
 		echo "<br />\n";
 		//echo "zzz.<br />\n";
 		echo "\n";
 		echo "</td>\n";
 		echo "</tr>\n";
@ -554,21 +559,23 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		echo "		<option></option>\n";
 		$sql = "";
 		$sql .= "select * from v_groups ";
-		//$sql .= "where domain_uuid = '$domain_uuid' ";
+		//$sql .= "where domain_uuid = :domain_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		//$parameters['domain_uuid'] = $domain_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		while($row = $prep_statement->fetch()) {
+		$rows = $database->select($sql, null, 'all');
-			if ($recording_uuid == $row['group_name']) {
+		if (is_array($rows) && @sizeof($rows) != 0) {
-				echo "		<option value='".escape($row['group_name'])."' selected='yes'>".escape($row['group_name'])."</option>\n";
+			foreach ($rows as $row) {
-			}
+				if ($recording_uuid == $row['group_name']) {
-			else {
+					echo "		<option value='".escape($row['group_name'])."' selected='yes'>".escape($row['group_name'])."</option>\n";
-				echo "		<option value='".escape($row['group_name'])."'>".escape($row['group_name'])."</option>\n";
+				}
 				else {
 					echo "		<option value='".escape($row['group_name'])."'>".escape($row['group_name'])."</option>\n";
 				}
 			}
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $rows, $row);
 		echo "		</select>\n";
 		echo "<br />\n";
 		//echo "zzz.<br />\n";
 		echo "\n";
 		echo "</td>\n";
 		echo "</tr>\n";
@ -583,18 +590,21 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		echo "		<option></option>\n";
 		$sql = "";
 		$sql .= "select * from v_gateways ";
-		//$sql .= "where domain_uuid = '$domain_uuid' ";
+		//$sql .= "where domain_uuid = :domain_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		//$parameters['domain_uuid'] = $domain_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		while($row = $prep_statement->fetch()) {
+		$rows = $database->select($sql, null, 'all');
-			if ($gateway == $row['gateway']) {
+		if (is_array($rows) && @sizeof($rows) != 0) {
-				echo "		<option value='".escape($row['gateway'])."' selected='yes'>".escape($row['gateway'])."</option>\n";
+			foreach ($rows as $row) {
-			}
+				if ($gateway == $row['gateway']) {
-			else {
+					echo "		<option value='".escape($row['gateway'])."' selected='yes'>".escape($row['gateway'])."</option>\n";
-				echo "		<option value='".escape($row['gateway'])."'>".escape($row['gateway'])."</option>\n";
+				}
 				else {
 					echo "		<option value='".escape($row['gateway'])."'>".escape($row['gateway'])."</option>\n";
 				}
 			}
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $rows, $row);
 		echo "		<option value='loopback'>loopback</option>\n";
 		echo "		</select>\n";
 		echo "<br />\n";
@ -617,7 +627,6 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		//echo "		<option value='zzz'>cell</option>\n";
 		echo "		</select>\n";
 		echo "<br />\n";
 		//echo "zzz.<br />\n";
 		echo "\n";
 		echo "</td>\n";
 		echo "</tr>\n";
@ -636,7 +645,6 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		//echo "		<option value='zzz'>cell</option>\n";
 		echo "		</select>\n";
 		echo "<br />\n";
 		//echo "zzz.<br />\n";
 		echo "\n";
 		echo "</td>\n";
 		echo "</tr>\n";
@ -657,4 +665,4 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 //include the footer
 	require_once "resources/footer.php";
-?>
+?>
--- a/app/call_broadcast/call_broadcast_send.php
+++ b/app/call_broadcast/call_broadcast_send.php
@ -275,20 +275,20 @@ require_once "resources/header.php";
 		$sql = " select * from v_users as u, v_user_groups as m ";
 		$sql .= "where u.user_uuid = m.user_uuid ";
 		$sql .= "and u.user_enabled = 'true' ";
-		$sql .= "and m.group_name = '".$group_name."' ";
+		$sql .= "and m.group_name = :group_name ";
-		$sql .= "and u.user_category = '".$user_category."' ";
+		$sql .= "and u.user_category = :user_category ";
-		//echo $sql."<br />";
+		$parameters['group_name'] = $group_name;
 		$parameters['user_category'] = $user_category;
 	}
 	else {
 		$sql = "select * from v_users as u ";
-		$sql .= "where u.user_category = '".$user_category."' ";
+		$sql .= "where u.user_category = :user_category ";
 		$sql .= "and u.user_enabled = 'true' ";
-		//echo $sql."<br />";
+		$parameters['user_category'] = $user_category;
 	}
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	$prep_statement->execute();
+	$result = $database->select($sql, $parameters, 'all');
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql, $parameters);
 	unset ($prep_statement, $sql);
 	$c = 0;
 	$row_style["0"] = "row_style0";
@ -307,8 +307,8 @@ require_once "resources/header.php";
 	echo th_order_by('user_phone_2', 'phone_2', $order_by, $order);
 	echo "<tr>\n";
-	if (is_array($result)) {
+	if (is_array($result) && @sizeof($result) != 0) {
-		foreach($result as $row) {
+		foreach ($result as $row) {
 			echo "<tr >\n";
 			//echo "	<td valign='top' class='".$row_style[$c]."'>".$row[username]."&nbsp;</td>\n";
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$row[user_type]."&nbsp;</td>\n";
@ -355,9 +355,9 @@ require_once "resources/header.php";
 				}
 			if ($c==0) { $c=1; } else { $c=0; }
-		} //end foreach
+		}
-		unset($sql, $result, $row_count);
+	}
-	} //end if results
+	unset($result, $row);
 	echo "</table>";
 	echo "</div>";
@ -378,4 +378,5 @@ unset ($key);
 unset ($val);
 unset ($c);
 */
-?>
+
 ?>
--- a/app/call_center_active/call_center_exec.php
+++ b/app/call_center_active/call_center_exec.php
@ -108,27 +108,25 @@
 		//validate the user status
 			$user_status = $_GET['data'];
 			switch ($user_status) {
-				case "Available" :
+				case "Available":
 				case "Available (On Demand)":
 				case "On Break":
 				case "Do Not Disturb":
 				case "Logged Out":
 					break;
-				case "Available (On Demand)" :
+				default:
 					break;
 				case "On Break" :
 					break;
 				case "Do Not Disturb" :
 					break;
 				case "Logged Out" :
 					break;
 				default :
 					$user_status = null;
 			}
 			$user_status = $data;
-			$sql  = "update v_users set ";
+			$sql = "update v_users set ";
-			$sql .= "user_status = '".trim($user_status, "'")."' ";
+			$sql .= "user_status = :user_status ";
 			$sql .= "where domain_uuid = '$domain_uuid' ";
 			$sql .= "and username = '".$username."' ";
-			$prep_statement = $db->prepare(check_sql($sql));
+			$parameters['user_status'] = trim($user_status, "'");
-			$prep_statement->execute();
+			$database = new database;
 			$database->execute($sql, $parameters);
 			unset($sql, $parameters);
 		}
 		//fs cmd
@ -147,4 +145,4 @@
 	}
 */
-?>
+?>
--- a/app/call_centers/call_center_agent_edit.php
+++ b/app/call_centers/call_center_agent_edit.php
@ -212,16 +212,16 @@
 		//get the users array
 			$sql = "select * from v_users ";
-			$sql .= "where domain_uuid = :domain_uuid'".$_SESSION['domain_uuid']."' ";
+			$sql .= "where domain_uuid = :domain_uuid ";
 			$sql .= "order by username asc ";
-			$prep_statement = $db->prepare(check_sql($sql));
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-			$prep_statement->execute();
+			$database = new database;
-			$users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+			$users = $database->select($sql, $parameters, 'all');
-			unset($prep_statement, $sql);
+			unset($sql, $parameters);
 		//prepare the array
 			$array['call_center_agents'][] = $_POST;
-			if (isset($user_uuid) && strlen($user_uuid) > 0) {
+			if (is_uuid($user_uuid)) {
 				$array['users'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
 				$array['users'][0]['user_uuid'] = $user_uuid;
 				$array['users'][0]['user_status'] = $agent_status;
@ -231,7 +231,7 @@
 			$database = new database;
 			$database->app_name = 'call_center';
 			$database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370';
-			if (strlen($call_center_agent_uuid) > 0) {
+			if (is_uuid($call_center_agent_uuid)) {
 				$database->uuid($call_center_agent_uuid);
 			}
 			$database->save($array);
@ -269,7 +269,7 @@
 		$parameters['call_center_agent_uuid'] = $call_center_agent_uuid;
 		$database = new database;
 		$row = $database->select($sql, $parameters, 'row');
-		if (is_array($row) && sizeof($row) != 0) {
+		if (is_array($row) && @sizeof($row) != 0) {
 			$call_center_agent_uuid = $row["call_center_agent_uuid"];
 			$user_uuid = $row["user_uuid"];
 			$agent_name = $row["agent_name"];
@ -286,7 +286,7 @@
 			$agent_busy_delay_time = $row["agent_busy_delay_time"];
 			//$agent_logout = $row["agent_logout"];
 		}
-		unset($sql, $parameters);
+		unset($sql, $parameters, $row);
 	}
 //set default values
--- a/app/conference_centers/conference_center_edit.php
+++ b/app/conference_centers/conference_center_edit.php
@ -332,7 +332,6 @@
 				echo "	<option value='phrase:".escape($row["phrase_uuid"])."' ".(($selected) ? "selected='selected'" : null).">".escape($row["phrase_name"])."</option>\n";
 				if ($selected) { $tmp_selected = true; }
 			}
 			unset ($prep_statement);
 			echo "</optgroup>\n";
 		}
 	//sounds
--- a/app/conference_centers/conference_room_edit.php
+++ b/app/conference_centers/conference_room_edit.php
@ -552,7 +552,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "<td align='left' valign='top' width='30%' nowrap='nowrap'><b>".$text['title-conference_rooms']."</b></td>\n";
 	echo "<td width='70%' align='right' valign='top'>\n";
 	echo "	<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='conference_rooms.php'\" value='".$text['button-back']."'>\n";
-	if (strlen($meeting_uuid) > 0) {
+	if (is_uuid($meeting_uuid)) {
 		echo "	<input type='button' class='btn' name='' alt='".$text['button-sessions']."' onclick=\"window.location='conference_sessions.php?id=".escape($meeting_uuid)."'\" value='".$text['button-sessions']."'>\n";
 		echo "	<input type='button' class='btn' name='' alt='".$text['button-view']."' onclick=\"window.location='".PROJECT_PATH."/app/conferences_active/conference_interactive.php?c=".escape($meeting_uuid)."'\" value='".$text['button-view']."'>\n";
 	}
@ -574,7 +574,6 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 			echo "		<option value='".escape($row["conference_center_uuid"])."'>".escape($row["conference_center_name"])."</option>\n";
 		}
 	}
 	unset ($prep_statement);
 	echo "	</select>\n";
 	echo "	<br />\n";
 	echo "\n";
--- a/app/contacts/contact_import_google.php
+++ b/app/contacts/contact_import_google.php
@ -574,7 +574,7 @@ function curl_file_get_contents($url) {
 	$curl = curl_init();
 	$userAgent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)';
-	curl_setopt($curl, CURLOPT_URL, $url);	//The URL to fetch. This can also be set when initializing a session with curl_init().
+	curl_setopt($curl, CURLOPT_URL, $url);	//The URL to retrieve. This can also be set when initializing a session with curl_init().
 	curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);	//TRUE to return the transfer as a string of the return value of curl_exec() instead of outputting it out directly.
 	curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);	//The number of seconds to wait while trying to connect.
 	curl_setopt($curl, CURLOPT_USERAGENT, $userAgent);	//The contents of the "User-Agent: " header to be used in a HTTP request.
--- a/app/email_logs/email_log_cron.php
+++ b/app/email_logs/email_log_cron.php
@ -27,33 +27,34 @@
 //process the emails
 	if (is_array($emails) && @sizeof($emails) != 0) {
-		foreach($emails as $index => $row) {
+		foreach($emails as $x => $row) {
 			$email_log_uuid = $row['email_log_uuid'];
 			$msg = $row['email'];
 			require_once "secure/v_mailto.php";
 			if ($mailer_error == '') {
-				//get the message
+				//set the message
-				message::add($text['message-message_resent']);
+					message::add($text['message-message_resent']);
-				//add to array
+				//build delete array
-				$array['email_logs'][$index]['email_log_uuid'] = $email_log_uuid;
+					$array['email_logs'][$x]['email_log_uuid'] = $email_log_uuid;
 			}
 			unset($mailer_error);
 		}
 		if (is_array($array) && @sizeof($array) != 0) {
-			$p = new permissions;
+			//grant temporary permissions
-			$p->add('email_log_delete', 'temp');
+				$p = new permissions;
-
+				$p->add('email_log_delete', 'temp');
-			$database = new database;
+			//execute delete
-			$database->app_name = 'email_logs';
+				$database = new database;
-			$database->app_uuid = 'bd64f590-9a24-468d-951f-6639ac728694';
+				$database->app_name = 'email_logs';
-			$database->delete($array);
+				$database->app_uuid = 'bd64f590-9a24-468d-951f-6639ac728694';
-			unset($array);
+				$database->delete($array);
-
+				unset($array);
-			$p->delete('email_log_delete', 'temp');
+			//revoke temporary permissions
 				$p->delete('email_log_delete', 'temp');
 		}
 	}
-	unset ($prep_statement, $sql, $emails);
+	unset($sql, $emails, $x, $row);
 ?>
--- a/app/email_logs/email_logs.php
+++ b/app/email_logs/email_logs.php
@ -39,26 +39,27 @@
 //download email
 	if ($_REQUEST['a'] == 'download' && permission_exists('email_log_download')) {
-		$email_log_uuid = check_str($_REQUEST["id"]);
+		$email_log_uuid = $_REQUEST["id"];
 		$msg_found = false;
-		if ($email_log_uuid != '') {
+		if (is_uuid($email_log_uuid)) {
-			$sql = "select call_uuid, email from v_email_logs ";
+			$sql = "select ";
-			$sql .= "where email_log_uuid = '".$email_log_uuid."' ";
+			$sql .= "call_uuid, ";
-			$sql .= "and domain_uuid = '".$domain_uuid."' ";
+			$sql .= "email ";
-			$prep_statement = $db->prepare(check_sql($sql));
+			$sql .= "from v_email_logs ";
-			$prep_statement->execute();
+			$sql .= "where email_log_uuid = :email_log_uuid ";
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+			$sql .= "and domain_uuid = :domain_uuid ";
-			if (is_array($result)) {
+			$parameters['email_log_uuid'] = $email_log_uuid;
-				foreach($result as $row) {
+			$parameters['domain_uuid'] = $domain_uuid;
-					$call_uuid = $row['call_uuid'];
+			$database = new database;
-					$email = $row['email'];
+			$row = $database->select($sql, $parameters, 'row');
-					$msg_found = true;
+			if (is_array($row) && @sizeof($row) != 0) {
-					break;
+				$call_uuid = $row['call_uuid'];
-				}
+				$email = $row['email'];
 				$msg_found = true;
 			}
-			unset ($prep_statement, $sql, $result);
+			unset($sql, $parameters, $row);
 		}
 		if ($msg_found) {
@ -74,28 +75,26 @@
 //resend email
 	if ($_REQUEST['a'] == 'resend' && permission_exists('email_log_resend')) {
-		$email_log_uuid = check_str($_REQUEST["id"]);
+		$email_log_uuid = $_REQUEST["id"];
 		$resend = true;
 		$msg_found = false;
-		if ($email_log_uuid != '') {
+		if (is_uuid($email_log_uuid)) {
 			$sql = "select email from v_email_logs ";
-			$sql .= "where email_log_uuid = '".$email_log_uuid."' ";
+			$sql .= "where email_log_uuid = :email_log_uuid ";
 			if (!permission_exists('email_log_all') || $_REQUEST['showall'] != 'true') {
-				$sql .= "and domain_uuid = '".$domain_uuid."' ";
+				$sql .= "and domain_uuid = :domain_uuid ";
 				$parameters['domain_uuid'] = $domain_uuid;
 			}
-			$prep_statement = $db->prepare(check_sql($sql));
+			$parameters['email_log_uuid'] = $email_log_uuid;
-			$prep_statement->execute();
+			$database = new database;
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+			$row = $database->select($sql, $parameters, 'row');
-			if (is_array($result)) {
+			if (is_array($row) && @sizeof($row) != 0) {
-				foreach($result as $row) {
+				$email = $row['email'];
-					$email = $row['email'];
+				$msg_found = true;
 					$msg_found = true;
 					break;
 				}
 			}
-			unset ($prep_statement, $sql, $result);
+			unset($sql, $parameters, $row);
 		}
 		if ($msg_found) {
@ -103,19 +102,11 @@
 			require_once "secure/v_mailto.php";
 			if ($mailer_error == '') {
 				message::add($text['message-message_resent']);
-				if (permission_exists('email_log_all') && $_REQUEST['showall'] == 'true') {
+				header("Location: email_log_delete.php?id=".$email_log_uuid.(permission_exists('email_log_all') && $_REQUEST['showall'] == 'true' ? "&showall=true" : null));
 					header("Location: email_log_delete.php?id=".$email_log_uuid."&showall=true");
 				} else {
 					header("Location: email_log_delete.php?id=".$email_log_uuid);
 				}
 			}
 			else {
 				message::add($text['message-resend_failed'].": ".$mailer_error, 'negative', 4000);
-				if (permission_exists('email_log_all') && $_REQUEST['showall'] == 'true') {
+				header("Location: email_logs.php".(permission_exists('email_log_all') && $_REQUEST['showall'] == 'true' ? "?showall=true" : null));
 					header("Location: email_logs.php?showall=true");
 				} else {
 					header("Location: email_logs.php");
 				}
 			}
 		}
@ -137,7 +128,8 @@
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
 	if (permission_exists('email_log_all') && $_REQUEST['showall'] == 'true') {
 		$param .= "&showall=true";
-	} else {
+	}
 	else {
 		$param = "";
 	}
 	$page = $_GET['page'];
--- a/app/ivr_menus/ivr_menu_edit.php
+++ b/app/ivr_menus/ivr_menu_edit.php
@ -1113,7 +1113,6 @@
 						echo "	<option value='phrase:".escape($row["phrase_uuid"])."'>".escape($row["phrase_name"])."</option>\n";
 					}
 				}
 				unset ($prep_statement);
 				echo "</optgroup>\n";
 			}
 		//sounds
@ -1203,7 +1202,6 @@
 						echo "	<option value='phrase:".escape($row["phrase_uuid"])."'>".escape($row["phrase_name"])."</option>\n";
 					}
 				}
 				unset ($prep_statement);
 				echo "</optgroup>\n";
 			}
 		//sounds
--- a/app/ivr_menus/resources/functions/ivr_menu_xml.php
+++ b/app/ivr_menus/resources/functions/ivr_menu_xml.php
@ -26,7 +26,7 @@
 	if (!function_exists('save_ivr_menu_xml')) {
 		function save_ivr_menu_xml() {
-			global $db, $domain_uuid;
+			global $domain_uuid;
 			//prepare for dialplan .xml files to be written. delete all dialplan files that are prefixed with dialplan_ and have a file extension of .xml
 				if (count($_SESSION["domains"]) > 1) {
@ -53,17 +53,17 @@
 				}
 			$sql = "select * from v_ivr_menus ";
-			$sql .= " where domain_uuid = '$domain_uuid' ";
+			$sql .= " where domain_uuid = :domain_uuid ";
-			$prep_statement = $db->prepare(check_sql($sql));
+			$parameters['domain_uuid'] = $domain_uuid;
-			$prep_statement->execute();
+			$database = new database;
-			$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+			$result = $database->select($sql, $parameters, 'all');
-			$result_count = count($result);
+			unset($sql, $parameters);
-			unset ($prep_statement, $sql);
+
-			if ($result_count > 0) {
+			if (is_array($result) && @sizeof($result) != 0) {
 				foreach($result as $row) {
 					$dialplan_uuid = $row["dialplan_uuid"];
 					$ivr_menu_uuid = $row["ivr_menu_uuid"];
-					$ivr_menu_name = check_str($row["ivr_menu_name"]);
+					$ivr_menu_name = $row["ivr_menu_name"];
 					$ivr_menu_extension = $row["ivr_menu_extension"];
 					$ivr_menu_greet_long = $row["ivr_menu_greet_long"];
 					$ivr_menu_greet_short = $row["ivr_menu_greet_short"];
@ -83,7 +83,7 @@
 					$ivr_menu_digit_len = $row["ivr_menu_digit_len"];
 					$ivr_menu_direct_dial = $row["ivr_menu_direct_dial"];
 					$ivr_menu_enabled = $row["ivr_menu_enabled"];
-					$ivr_menu_description = check_str($row["ivr_menu_description"]);
+					$ivr_menu_description = $row["ivr_menu_description"];
 					//replace space with an underscore
 						$ivr_menu_name = str_replace(" ", "_", $ivr_menu_name);
@ -132,28 +132,31 @@
 						$tmp .= "		digit-len=\"$ivr_menu_digit_len\">\n";
 						$sub_sql = "select * from v_ivr_menu_options ";
-						$sub_sql .= "where ivr_menu_uuid = '$ivr_menu_uuid' ";
+						$sub_sql .= "where ivr_menu_uuid = :ivr_menu_uuid ";
-						$sub_sql .= "and domain_uuid = '$domain_uuid' ";
+						$sub_sql .= "and domain_uuid = :domain_uuid ";
 						$sub_sql .= "order by ivr_menu_option_order asc ";
-						$sub_prep_statement = $db->prepare(check_sql($sub_sql));
+						$parameters['ivr_menu_uuid'] = $ivr_menu_uuid;
-						$sub_prep_statement->execute();
+						$parameters['domain_uuid'] = $domain_uuid;
-						$sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_ASSOC);
+						$database = new database;
-						foreach ($sub_result as &$sub_row) {
+						$sub_result = $database->select($sub_sql, $parameters, 'all');
-							//$ivr_menu_uuid = $sub_row["ivr_menu_uuid"];
+						if (is_array($sub_result) && @sizeof($sub_result) != 0) {
-							$ivr_menu_option_digits = $sub_row["ivr_menu_option_digits"];
+							foreach ($sub_result as &$sub_row) {
-							$ivr_menu_option_action = $sub_row["ivr_menu_option_action"];
+								//$ivr_menu_uuid = $sub_row["ivr_menu_uuid"];
-							$ivr_menu_option_param = $sub_row["ivr_menu_option_param"];
+								$ivr_menu_option_digits = $sub_row["ivr_menu_option_digits"];
-							$ivr_menu_option_description = $sub_row["ivr_menu_option_description"];
+								$ivr_menu_option_action = $sub_row["ivr_menu_option_action"];
 								$ivr_menu_option_param = $sub_row["ivr_menu_option_param"];
 								$ivr_menu_option_description = $sub_row["ivr_menu_option_description"];
-							$tmp .= "		<entry action=\"$ivr_menu_option_action\" digits=\"$ivr_menu_option_digits\" param=\"$ivr_menu_option_param\"/>";
+								$tmp .= "		<entry action=\"$ivr_menu_option_action\" digits=\"$ivr_menu_option_digits\" param=\"$ivr_menu_option_param\"/>";
-							if (strlen($ivr_menu_option_description) == 0) {
+								if (strlen($ivr_menu_option_description) == 0) {
-								$tmp .= "\n";
+									$tmp .= "\n";
-							}
+								}
-							else {
+								else {
-								$tmp .= "	<!-- $ivr_menu_option_description -->\n";
+									$tmp .= "	<!-- $ivr_menu_option_description -->\n";
 								}
 							}
 						}
-						unset ($sub_prep_statement, $sub_row);
+						unset($sub_sql, $sub_result, $sub_row);
 						if ($ivr_menu_direct_dial == "true") {
 							$tmp .= "		<entry action=\"menu-exec-app\" digits=\"/(^\d{3,6}$)/\" param=\"transfer $1 XML ".$_SESSION["context"]."\"/>\n";
@ -176,6 +179,8 @@
 							fclose($fout);
 				}
 			}
 			unset($result, $row);
 			save_dialplan_xml();
 			//apply settings
--- a/app/provision/app_defaults.php
+++ b/app/provision/app_defaults.php
@ -31,56 +31,65 @@ if ($domains_processed == 1) {
 	$sql = "select device_uuid, device_mac_address ";
 	$sql .= "from v_devices ";
 	$sql .= "where (device_mac_address like '%-%' or device_mac_address like '%:%') ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	if ($prep_statement) {
+	$result = $database->select($sql, null, 'all');
-		$prep_statement->execute();
+	if (is_array($result) && @sizeof($result) != 0) {
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		foreach ($result as $row) {
-		if (is_array($result)) {
+			//define update values
 			foreach($result as $row) {
 				$device_uuid = $row["device_uuid"];
 				$device_mac_address = $row["device_mac_address"];
 				$device_mac_address = strtolower($device_mac_address);
 				$device_mac_address = preg_replace('#[^a-fA-F0-9./]#', '', $device_mac_address);
-
+			//build update array
-				$sql = "update v_devices set ";
+				$array['devices'][0]['device_uuid'] = $device_uuid;
-				$sql .= "device_mac_address = '".$device_mac_address."' ";
+				$array['devices'][0]['device_mac_address'] = $device_mac_address;
-				$sql .= "where device_uuid = '".$device_uuid."' ";
+			//grant temporary permissions
-				$db->exec(check_sql($sql));
+				$p = new permissions;
-				unset($sql);
+				$p->add('device_add', 'temp');
-			}
+			//execute update
 				$database = new database;
 				$database->app_name = 'provision';
 				$database->app_uuid = 'abf28ead-92ef-3de6-ebbb-023fbc2b6dd3';
 				$database->save($array);
 				unset($array);
 			//revoke temporary permissions
 				$p->delete('device_add', 'temp');
 		}
 		unset($prep_statement, $result);
 	}
 	unset($sql, $result, $row);
 	//update http_auth_enabled set to true
 	$sql = "select * from v_default_settings ";
 	$sql .= "where default_setting_subcategory = 'http_auth_disable' ";
-	$prep_statement = $db->prepare($sql);
+	$database = new database;
-	$prep_statement->execute();
+	$result = $database->select($sql, null, 'all');
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	if (is_array($result) && @sizeof($result) != 0) {
-	if (is_array($result)) {
+		foreach ($result as $x => $row) {
-		foreach($result as $row) {
+			//determine value
-			if ($row["default_setting_value"] == 'false' && $row["default_setting_enabled"] == 'true') {
+				$default_setting_value = $row["default_setting_value"] == 'false' && $row["default_setting_enabled"] == 'true' ? 'false' : 'true';
-				$sql = "update v_default_settings ";
+			//build update array
-				$sql .= "set default_setting_subcategory = 'http_auth_enabled', ";
+				$array['default_settings'][$x]['default_setting_uuid'] = 'c998c762-6a43-4911-a465-a9653eeb793d';
-				$sql .= "default_setting_value = 'false',  ";
+				$array['default_settings'][$x]['default_setting_subcategory'] = 'http_auth_enabled';
-				$sql .= "default_setting_enabled = 'true' ";
+				$array['default_settings'][$x]['default_setting_value'] = $default_setting_value;
-				$sql .= "where default_setting_uuid = 'c998c762-6a43-4911-a465-a9653eeb793d'; ";
+				$array['default_settings'][$x]['default_setting_enabled'] = 'true';
 				$db->exec(check_sql($sql));
 				unset($sql);
 			}
 			else {
 				$sql = "update v_default_settings ";
 				$sql .= "set default_setting_subcategory = 'http_auth_enabled', ";
 				$sql .= "default_setting_value = 'true',  ";
 				$sql .= "default_setting_enabled = 'true' ";
 				$sql .= "where default_setting_uuid = 'c998c762-6a43-4911-a465-a9653eeb793d'; ";
 				$db->exec(check_sql($sql));
 				unset($sql);
 			}
 		}
-		unset($prep_statement, $result);
+		if (is_array($array) && @sizeof($array) != 0) {
 			//grant temporary permissions
 				$p = new permissions;
 				$p->add('default_setting_add', 'temp');
 			//execute update
 				$database = new database;
 				$database->app_name = 'provision';
 				$database->app_uuid = 'abf28ead-92ef-3de6-ebbb-023fbc2b6dd3';
 				$database->save($array);
 				unset($array);
 			//grant temporary permissions
 				$p = new permissions;
 				$p->delete('default_setting_add', 'temp');
 		}
 	}
 	unset($sql, $result, $row);
 	//update default settings
 	$sql = "update v_default_settings set ";
@ -92,8 +101,8 @@ if ($domains_processed == 1) {
 	$sql .= "and default_setting_name = 'text' ";
 	$sql .= "and default_setting_value = 'false' ";
 	$sql .= "and default_setting_enabled = 'false' ";
-	$db->exec($sql);
+	$database = new database;
-	unset($sql);
+	$database->execute($sql);
 	//update default settings
 	$sql = "update v_default_settings set ";
@ -101,8 +110,8 @@ if ($domains_processed == 1) {
 	$sql .= "where default_setting_category = 'provision' ";
 	$sql .= "and default_setting_subcategory = 'http_auth_password' ";
 	$sql .= "and default_setting_name = 'text' ";
-	$db->exec($sql);
+	$database = new database;
-	unset($sql);
+	$database->execute($sql);
 	//update domain settings
 	$sql = "update v_domain_settings set ";
@ -110,8 +119,8 @@ if ($domains_processed == 1) {
 	$sql .= "where domain_setting_category = 'provision' ";
 	$sql .= "and domain_setting_subcategory = 'http_auth_password' ";
 	$sql .= "and domain_setting_name = 'text' ";
-	$db->exec($sql);
+	$database = new database;
-	unset($sql);
+	$database->execute($sql);
 }
--- a/app/provision/index.php
+++ b/app/provision/index.php
@ -150,9 +150,6 @@
 		//get the domain name
 			$domain_name = $_SESSION['domains'][$domain_uuid]['domain_name'];
 		//set the PDO error mode
 			$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 		//get the default settings
 			$sql = "select * from v_default_settings ";
 			$sql .= "where default_setting_enabled = 'true' ";
--- a/app/recordings/recording_delete.php
+++ b/app/recordings/recording_delete.php
@ -50,7 +50,7 @@ if (is_uuid($recording_uuid)) {
 		$parameters['domain_uuid'] = $domain_uuid;
 		$database = new database;
 		$filename = $database->select($sql, $parameters, 'column');
-		unset($prep_statement);
+		unset($sql, $parameters);
 	//build array
 		$array['recordings'][0]['recording_uuid'] = $recording_uuid;
--- a/app/vars/app_defaults.php
+++ b/app/vars/app_defaults.php
@ -92,7 +92,7 @@ if ($domains_processed == 1) {
 	//set country depend variables as country code and international direct dialing code (exit code)
 		if (!function_exists('set_country_vars')) {
-			function set_country_vars($db, $x) {
+			function set_country_vars($x) {
 				require "resources/countries.php";
 				//$country_iso=$_SESSION['domain']['country']['iso_code'];
--- a/app/voicemail_greetings/voicemail_greeting_delete.php
+++ b/app/voicemail_greetings/voicemail_greeting_delete.php
@ -54,7 +54,7 @@ if (is_uuid($voicemail_greeting_uuid) && $voicemail_id != '') {
 		$parameters['voicemail_id'] = $voicemail_id;
 		$database = new database;
 		$greeting_filename = $database->select($sql, $parameters, 'column');
-		unset($prep_statement);
+		unset($sql, $parameters);
 	//build delete array
 		$array['voicemail_greetings'][0]['voicemail_greeting_uuid'] = $voicemail_greeting_uuid;
--- a/core/domains/domain_delete.php
+++ b/core/domains/domain_delete.php
@ -91,7 +91,7 @@
 			unset($result, $row);
 		//get the $apps array from the installed apps from the core and mod directories
-			$config_list = glob($_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . "/*/*/app_config.php");
+			$config_list = glob($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/*/*/app_config.php");
 			$x=0;
 			if (isset($config_list)) foreach ($config_list as &$config_path) {
 				include($config_path);
@ -99,7 +99,6 @@
 			}
 		//delete the domain data from all tables in the database
 			$db->beginTransaction();
 			if (isset($apps)) foreach ($apps as &$app) {
 				if (isset($app['db'])) foreach ($app['db'] as $row) {
 					if (is_array($row['table']['name'])) {
@ -114,6 +113,7 @@
 					if ($table_name !== "v" && isset($row['fields'])) {
 						foreach ($row['fields'] as $field) {
 							if ($field['name'] == "domain_uuid") {
 								$sql = "delete from ".$table_name." where domain_uuid = :domain_uuid ";
 								$parameters['domain_uuid'] = $id;
 								$database = new database;
@ -126,7 +126,6 @@
 					}
 				}
 			}
 			$db->commit();
 		//delete the directories
 			if (strlen($domain_name) > 0) {
--- a/core/groups/permissions_copy.php
+++ b/core/groups/permissions_copy.php
@ -97,36 +97,37 @@
 			unset($sql, $parameters);
 			if (is_array($result) && sizeof($result) != 0) {
-				foreach ($result as $index => &$row) {
+				foreach ($result as $x => &$row) {
-					$domain_uuid = $row["domain_uuid"];
+					//define group permissions values
-					$permission_name = $row["permission_name"];
+						$domain_uuid = $row["domain_uuid"];
-					$group_name = $row["group_name"];
+						$permission_name = $row["permission_name"];
-
+						$group_name = $row["group_name"];
-					//copy the group permissions
+					//build insert array
-					$array['group_permissions'][$index]['group_permission_uuid'] = uuid();
+						$array['group_permissions'][$x]['group_permission_uuid'] = uuid();
-					if (is_uuid($domain_uuid)) {
+						if (is_uuid($domain_uuid)) {
-						$array['group_permissions'][$index]['domain_uuid'] = $domain_uuid;
+							$array['group_permissions'][$x]['domain_uuid'] = $domain_uuid;
-					}
+						}
-					$array['group_permissions'][$index]['permission_name'] = $permission_name;
+						$array['group_permissions'][$x]['permission_name'] = $permission_name;
-					$array['group_permissions'][$index]['group_name'] = $new_group_name;
+						$array['group_permissions'][$x]['group_name'] = $new_group_name;
-					$array['group_permissions'][$index]['group_uuid'] = $new_group_uuid;
+						$array['group_permissions'][$x]['group_uuid'] = $new_group_uuid;
 				}
 				if (is_array($array) && sizeof($array) != 0) {
-					$p = new permissions;
+					//grant temporary permissions
-					$p->add('group_permission_add', 'temp');
+						$p = new permissions;
-
+						$p->add('group_permission_add', 'temp');
-					$database = new database;
+					//execute insert
-					$database->app_name = 'groups';
+						$database = new database;
-					$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+						$database->app_name = 'groups';
-					$database->save($array);
+						$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
-					unset($array);
+						$database->save($array);
-
+						unset($array);
-					$p->delete('group_permission_add', 'temp');
+					//revoke temporary permissions
-
+						$p->delete('group_permission_add', 'temp');
-					message::add($text['message-copy']);
+					//set message
 						message::add($text['message-copy']);
 				}
 			}
-			unset ($prep_statement);
+			unset($result, $row);
 	}
 //redirect
--- a/core/menu/menu_delete.php
+++ b/core/menu/menu_delete.php
@ -39,46 +39,36 @@ else {
 	$text = $language->get();
 //delete the data
-	if (is_uuid($_GET["id"])) {
+	$menu_uuid = $_GET['id'];
 		$menu_uuid = $_GET["id"];
-		//start the database transaction
+	if (is_uuid($menu_uuid)) {
 			$db->beginTransaction();
-		//delete the menu
+		//build delete array for the menu, menu items, menu permissions, and menu languages
 			$array['menus'][0]['menu_uuid'] = $menu_uuid;
 			$array['menu_items'][0]['menu_uuid'] = $menu_uuid;
 			$array['menu_item_groups'][0]['menu_uuid'] = $menu_uuid;
 			$array['menu_languages'][0]['menu_uuid'] = $menu_uuid;
 		//grant temporary permissions
 			$p = new permissions;
 			$p->add('menu_delete', 'temp');
 			$p->add('menu_item_delete', 'temp');
 			$p->add('menu_item_group_delete', 'temp');
 			$p->add('menu_language_delete', 'temp');
 		//execute delete
 			$database = new database;
 			$database->app_name = 'menu';
 			$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
 			$database->delete($array);
 			unset($array);
-		//delete the items in the menu
+		//revoke temporary permissions
-			$sql = "delete from v_menu_items ";
+			$p = new permissions;
-			$sql .= "where menu_uuid = :menu_uuid ";
+			$p->delete('menu_delete', 'temp');
-			$parameters['menu_uuid'] = $menu_uuid;
+			$p->delete('menu_item_delete', 'temp');
-			$database = new database;
+			$p->delete('menu_item_group_delete', 'temp');
-			$database->execute($sql, $parameters);
+			$p->delete('menu_language_delete', 'temp');
 			unset($sql, $parameters);
 		//delete the menu permissions
 			$sql = "delete from v_menu_item_groups ";
 			$sql .= "where menu_uuid = :menu_uuid ";
 			$parameters['menu_uuid'] = $menu_uuid;
 			$database = new database;
 			$database->execute($sql, $parameters);
 			unset($sql, $parameters);
 		//delete the menu languages
 			$sql = "delete from v_menu_languages ";
 			$sql .= "where menu_uuid = :menu_uuid ";
 			$parameters['menu_uuid'] = $menu_uuid;
 			$database = new database;
 			$database->execute($sql, $parameters);
 			unset($sql, $parameters);
 		//save the changes to the database
 			$db->commit();
 		//set message
 			message::add($text['message-delete']);
--- a/core/notifications/app_defaults.php
+++ b/core/notifications/app_defaults.php
@ -29,27 +29,28 @@ if ($domains_processed == 1) {
 	//update the notifications table
 	if (is_array($_SESSION['switch']['scripts'])) {
-		$sql = "select count(*) as num_rows from v_notifications ";
+		$sql = "select count(*) from v_notifications ";
 		$database = new database;
 		$num_rows = $database->select($sql, null, 'column');
-		if ($row['num_rows'] == 0) {
+		if ($num_rows == 0) {
-			$sql = "insert into v_notifications ";
+			//build insert array
-			$sql .= "(";
+				$array['notifications'][0]['notification_uuid'] = uuid();
-			$sql .= "notification_uuid, ";
+				$array['notifications'][0]['project_notifications'] = 'false';
-			$sql .= "project_notifications ";
+			//grant temporary permissions
-			$sql .= ")";
+				$p = new permissions;
-			$sql .= "values ";
+				$p->add('notification_add', 'temp');
-			$sql .= "(";
+			//execute insert
-			$sql .= "'".uuid()."', ";
+				$database = new database;
-			$sql .= "'false' ";
+				$database->app_name = 'notifications';
-			$sql .= ")";
+				$database->app_uuid = 'e746fbcb-f67f-4e0e-ab64-c414c01fac11';
-			$database = new database;
+				$database->save($array);
-			$database->execute($sql, null);
+				unset($array);
-			unset($sql);
+			//revoke temporary permissions
 				$p->delete('notification_add', 'temp');
 		}
-		unset($prep_statement, $row);
+		unset($sql, $num_rows);
 	}
 }
-?>
+?>
--- a/core/upgrade/app_defaults.php
+++ b/core/upgrade/app_defaults.php
@ -108,27 +108,27 @@ if ($domains_processed == 1) {
 			$database = new database;
 			$result = $database->select($sql, null, 'all');
 			if (is_array($result) && count($result) > 0) {
-					foreach($result as $row) {
+				foreach($result as $row) {
-						$current_default_setting_uuid = $row["default_setting_uuid"];
+					$current_default_setting_uuid = $row["default_setting_uuid"];
-						$current_default_setting_value = $row["default_setting_value"];
+					$current_default_setting_value = $row["default_setting_value"];
-						break;
+					break;
 					}
 					// compare to message in language file, update and enable if different
 					$new_default_setting_value = str_replace("''", "'", $text['login-message_text']);
 					if ($current_default_setting_value != $new_default_setting_value) {
 						$sql = "update v_default_settings set ";
 						$sql .= "default_setting_value = :default_setting_value, ";
 						$sql .= "default_setting_enabled = 'true' ";
 						$sql .= "where default_setting_uuid = :default_setting_uuid ";
 						$parameters['default_setting_value'] = $text['login-message_text'];
 						$parameters['default_setting_uuid'] = $current_default_setting_uuid;
 						$database = new database;
 						$database->execute($sql, $parameters);
 						unset($sql, $parameters);
 					}
 				}
-				unset($prep_statement, $result);
+
 				// compare to message in language file, update and enable if different
 				$new_default_setting_value = str_replace("''", "'", $text['login-message_text']);
 				if ($current_default_setting_value != $new_default_setting_value) {
 					$sql = "update v_default_settings set ";
 					$sql .= "default_setting_value = :default_setting_value, ";
 					$sql .= "default_setting_enabled = 'true' ";
 					$sql .= "where default_setting_uuid = :default_setting_uuid ";
 					$parameters['default_setting_value'] = $text['login-message_text'];
 					$parameters['default_setting_uuid'] = $current_default_setting_uuid;
 					$database = new database;
 					$database->execute($sql, $parameters);
 					unset($sql, $parameters);
 				}
 			}
 			unset($sql, $result, $row);
 		}
 }
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@ -88,10 +88,7 @@
 			else {
 				//debug
 					if ($debug) {
-						echo "<pre>";
+						view_array($result);
 						print_r($result);
 						echo "</pre>";
 						exit;
 					}
 				//log the failed auth attempt to the system, to be available for fail2ban.
@ -107,19 +104,26 @@
 			}
 		//get the groups assigned to the user and then set the groups in $_SESSION["groups"]
-			$sql = "select u.user_group_uuid, u.domain_uuid, u.user_uuid, u.group_uuid, g.group_name, g.group_level ";
+			$sql = "select ";
-			$sql .= "from v_user_groups as u, v_groups as g  ";
+			$sql .= "u.user_group_uuid, ";
 			$sql .= "u.domain_uuid, ";
 			$sql .= "u.user_uuid, ";
 			$sql .= "u.group_uuid, ";
 			$sql .= "g.group_name, ";
 			$sql .= "g.group_level ";
 			$sql .= "from ";
 			$sql .= "v_user_groups as u, ";
 			$sql .= "v_groups as g ";
 			$sql .= "where u.domain_uuid = :domain_uuid ";
 			$sql .= "and u.user_uuid = :user_uuid ";
 			$sql .= "and u.group_uuid = g.group_uuid ";
-			$prep_statement = $db->prepare($sql);
+			$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
-			$prep_statement->bindParam(':domain_uuid', $_SESSION["domain_uuid"] );
+			$parameters['user_uuid'] = $_SESSION["user_uuid"];
-			$prep_statement->bindParam(':user_uuid', $_SESSION["user_uuid"]);
+			$database = new database;
-			$prep_statement->execute();
+			$result = $database->select($sql, $parameters, 'all');
 			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 			$_SESSION["groups"] = $result;
 			$_SESSION["user"]["groups"] = $result;
-			unset($sql, $row_count, $prep_statement);
+			unset($sql, $parameters);
 		//get the users group level
 			$_SESSION["user"]["group_level"] = 0;
@ -130,42 +134,42 @@
 			}
 		//get the permissions assigned to the groups that the user is a member of set the permissions in $_SESSION['permissions']
-			if (count($_SESSION["groups"]) > 0) {
+			if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {
 				$x = 0;
 				$sql = "select distinct(permission_name) from v_group_permissions ";
-				foreach($_SESSION["groups"] as $field) {
+				$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
 				foreach ($_SESSION["groups"] as $field) {
 					if (strlen($field['group_name']) > 0) {
-						if ($x == 0) {
+						$sql_where_or[] = "group_name = :group_name_".$x;
-							$sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' and domain_uuid = null) ";
+						$parameters['group_name_'.$x] = $field['group_name'];
 						}
 						else {
 							$sql .= "or (domain_uuid = '".$_SESSION["domain_uuid"]."' and domain_uuid = null) ";
 						}
 						$sql .= "or group_name = '".$field['group_name']."' ";
 						$x++;
 					}
 				}
-				$prep_statement_sub = $db->prepare($sql);
+				if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
-				$prep_statement_sub->execute();
+					$sql .= "and (".implode(' or ', $sql_where_or).") ";
-				$result = $prep_statement_sub->fetchAll(PDO::FETCH_NAMED);
+				}
-				if (is_array($result)) {
+				$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
 				$database = new database;
 				$result = $database->select($sql, $parameters, 'all');
 				if (is_array($result) && @sizeof($result) != 0) {
 					foreach ($result as $row) {
 						$_SESSION['permissions'][$row["permission_name"]] = true;
 						$_SESSION["user"]["permissions"][$row["permission_name"]] = true;
 					}
 				}
-				unset($sql, $prep_statement_sub);
+				unset($sql, $parameters, $result, $row);
 			}
 		//get the user settings
 			$sql = "select * from v_user_settings ";
-			$sql .= "where domain_uuid = '" . $_SESSION["domain_uuid"] . "' ";
+			$sql .= "where domain_uuid = :domain_uuid ";
-			$sql .= "and user_uuid = '" . $_SESSION["user_uuid"] . "' ";
+			$sql .= "and user_uuid = :user_uuid ";
 			$sql .= "and user_setting_enabled = 'true' ";
-			$prep_statement = $db->prepare($sql);
+			$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
-			if ($prep_statement) {
+			$parameters['user_uuid'] = $_SESSION["user_uuid"];
-				$prep_statement->execute();
+			$database = new database;
-				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+			$result = $database->select($sql, $parameters, 'all');
 			if (is_array($result) && @sizeof($result) != 0) {
 				foreach ($result as $row) {
 					$name = $row['user_setting_name'];
 					$category = $row['user_setting_category'];
@ -179,7 +183,8 @@
 							else {
 								$_SESSION[$category][$name] = $row['user_setting_value'];
 							}
-						} else {
+						}
 						else {
 							//$$category[$subcategory][$name] = $row['domain_setting_value'];
 							if ($name == "array") {
 								$_SESSION[$category][$subcategory][] = $row['user_setting_value'];
@ -191,57 +196,62 @@
 					}
 				}
 			}
 			unset($sql, $parameters, $result, $row);
 		//get the extensions that are assigned to this user
 			if (file_exists($_SERVER["PROJECT_ROOT"]."/app/extensions/app_config.php")) {
-				if (isset($_SESSION["user"]) && isset($_SESSION["user_uuid"]) && $db && strlen($_SESSION["domain_uuid"]) > 0 && strlen($_SESSION["user_uuid"]) > 0 && count($_SESSION['user']['extension']) == 0) {
+				if (
 					isset($_SESSION["user"]) &&
 					is_uuid($_SESSION["user_uuid"]) &&
 					is_uuid($_SESSION["domain_uuid"]) &&
 					count($_SESSION['user']['extension']) == 0
 					) {
 					//get the user extension list
 						$_SESSION['user']['extension'] = null;
 						$sql = "select ";
-						$sql .= "	e.extension_uuid, ";
+						$sql .= "e.extension_uuid, ";
-						$sql .= "	e.extension, ";
+						$sql .= "e.extension, ";
-						$sql .= "	e.number_alias, ";
+						$sql .= "e.number_alias, ";
-						$sql .= "	e.user_context, ";
+						$sql .= "e.user_context, ";
-						$sql .= "	e.outbound_caller_id_name, ";
+						$sql .= "e.outbound_caller_id_name, ";
-						$sql .= "	e.outbound_caller_id_number, ";
+						$sql .= "e.outbound_caller_id_number, ";
-						$sql .= "	e.description ";
+						$sql .= "e.description ";
 						$sql .= "from ";
-						$sql .= "	v_extension_users as u, ";
+						$sql .= "v_extension_users as u, ";
-						$sql .= "	v_extensions as e ";
+						$sql .= "v_extensions as e ";
 						$sql .= "where ";
-						$sql .= "	e.domain_uuid = '".$_SESSION['domain_uuid']."' ";
+						$sql .= "e.domain_uuid = :domain_uuid ";
-						$sql .= "	and e.extension_uuid = u.extension_uuid ";
+						$sql .= "and e.extension_uuid = u.extension_uuid ";
-						$sql .= "	and u.user_uuid = '".$_SESSION['user_uuid']."' ";
+						$sql .= "and u.user_uuid = :user_uuid ";
-						$sql .= "	and e.enabled = 'true' ";
+						$sql .= "and e.enabled = 'true' ";
 						$sql .= "order by ";
-						$sql .= "	e.extension asc ";
+						$sql .= "e.extension asc ";
-						$query = $db->query($sql);
+						$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-						if($query !== false) {
+						$parameters['user_uuid'] = $_SESSION['user_uuid'];
-							$result = $db->query($sql)->fetchAll(PDO::FETCH_ASSOC);
+						$database = new database;
-							$x = 0;
+						$result = $database->select($sql, $parameters, 'all');
-							foreach($result as $row) {
+						if (is_array($result) && @sizeof($result) != 0) {
 							foreach($result as $x => $row) {
 								//set the destination
-								$destination = $row['extension'];
+									$destination = $row['extension'];
-								if (strlen($row['number_alias']) > 0) {
+									if (strlen($row['number_alias']) > 0) {
-									$destination = $row['number_alias'];
+										$destination = $row['number_alias'];
-								}
+									}
-
+								//build the user array
-								//build the uers array
+									$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
-								$_SESSION['user']['extension'][$x]['user'] = $row['extension'];
+									$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
-								$_SESSION['user']['extension'][$x]['number_alias'] = $row['number_alias'];
+									$_SESSION['user']['extension'][$x]['destination'] = $destination;
-								$_SESSION['user']['extension'][$x]['destination'] = $destination;
+									$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
-								$_SESSION['user']['extension'][$x]['extension_uuid'] = $row['extension_uuid'];
+									$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
-								$_SESSION['user']['extension'][$x]['outbound_caller_id_name'] = $row['outbound_caller_id_name'];
+									$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
-								$_SESSION['user']['extension'][$x]['outbound_caller_id_number'] = $row['outbound_caller_id_number'];
+									$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
-								$_SESSION['user']['extension'][$x]['user_context'] = $row['user_context'];
+									$_SESSION['user']['extension'][$x]['description'] = $row['description'];
 								$_SESSION['user']['extension'][$x]['description'] = $row['description'];
 								//set the user context
-								$_SESSION['user']['user_context'] = $row["user_context"];
+									$_SESSION['user']['user_context'] = $row["user_context"];
-								$_SESSION['user_context'] = $row["user_context"];
+									$_SESSION['user_context'] = $row["user_context"];
 								$x++;
 							}
 						}
 						unset($sql, $parameters, $result, $row);
 				}
 			}
@ -281,4 +291,4 @@
 		$v_path_show = false;
 	}
-?>
+?>