diff --git a/app/conference_centers/conference_center_delete.php b/app/conference_centers/conference_center_delete.php
index 7a01c4ed46..042e0ea3c7 100644
--- a/app/conference_centers/conference_center_delete.php
+++ b/app/conference_centers/conference_center_delete.php
@@ -29,10 +29,7 @@
require_once "resources/check_auth.php";
//check permissions
- if (permission_exists('conference_center_delete')) {
- //access granted
- }
- else {
+ if (!permission_exists('conference_center_delete')) {
echo "access denied";
exit;
}
@@ -41,50 +38,43 @@
$language = new text;
$text = $language->get();
-//get the id
- if (isset($_GET["id"]) && is_uuid($_GET["id"])) {
- $id = $_GET["id"];
- }
+ //delete the data
+ if (is_uuid($_GET["id"])) {
-//get the domain_uuid
- $domain_uuid = null;
- if (isset($_SESSION['domain_uuid']) && is_uuid($_SESSION['domain_uuid'])) {
- $domain_uuid = $_SESSION['domain_uuid'];
- }
+ $conference_center_uuid = $_GET["id"];
-//delete the data
- if (isset($id) && is_uuid($id)) {
//get the dialplan uuid
$sql = "select dialplan_uuid from v_conference_centers ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and conference_center_uuid = :conference_center_uuid ";
- $parameters['domain_uuid'] = $domain_uuid;
- $parameters['conference_center_uuid'] = $id;
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['conference_center_uuid'] = $conference_center_uuid;
$database = new database;
$dialplan_uuid = $database->select($sql, $parameters, 'column');
- unset ($parameters);
+ unset($sql, $parameters);
//delete the conference center
- $sql = "delete from v_conference_centers ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and conference_center_uuid = '$id' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
-
- //delete the dialplan entry
- $sql = "delete from v_dialplans ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and dialplan_uuid = '$dialplan_uuid' ";
- $db->query($sql);
- unset($sql);
-
+ $array['conference_centers'][0]['conference_center_uuid'] = $conference_center_uuid;
+ $array['conference_centers'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
//delete the dialplan details
- $sql = "delete from v_dialplan_details ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and dialplan_uuid = '$dialplan_uuid' ";
- $db->query($sql);
- unset($sql);
+ $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid;
+ $array['dialplan_details'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ //delete the dialplan entry
+ $array['dialplans'][0]['dialplan_uuid'] = $dialplan_uuid;
+ $array['dialplans'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+ $p = new permissions;
+ $p->add('dialplan_detail_delete', 'temp');
+ $p->add('dialplan_delete', 'temp');
+
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->delete($array);
+ unset($array);
+
+ $p->delete('dialplan_detail_delete', 'temp');
+ $p->delete('dialplan_delete', 'temp');
//clear the cache
$cache = new cache;
@@ -95,10 +85,12 @@
//apply settings reminder
$_SESSION["reload_xml"] = true;
+
+ //set message
+ message::add($text['message-delete']);
}
//redirect the browser
- message::add($text['message-delete']);
header("Location: conference_centers.php");
return;
diff --git a/app/conference_centers/conference_center_edit.php b/app/conference_centers/conference_center_edit.php
index 56e2842174..d81b4dfee0 100644
--- a/app/conference_centers/conference_center_edit.php
+++ b/app/conference_centers/conference_center_edit.php
@@ -43,7 +43,7 @@
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
$conference_center_uuid = $_REQUEST["id"];
}
@@ -51,25 +51,18 @@
$action = "add";
}
-//get http post variables and set them to php variables
- if (is_array($_POST)) {
- $conference_center_uuid = $_POST["conference_center_uuid"];
- $dialplan_uuid = $_POST["dialplan_uuid"];
- $conference_center_name = $_POST["conference_center_name"];
- $conference_center_extension = $_POST["conference_center_extension"];
- $conference_center_greeting = $_POST["conference_center_greeting"];
- $conference_center_pin_length = $_POST["conference_center_pin_length"];
- $conference_center_enabled = $_POST["conference_center_enabled"];
- $conference_center_description = $_POST["conference_center_description"];
- }
-
//process the user data and save it to the database
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
- //get the uuid from the POST
- if ($action == "update") {
- $conference_center_uuid = $_POST["conference_center_uuid"];
- }
+ //get http post variables and set them to php variables
+ $conference_center_uuid = $_POST["conference_center_uuid"];
+ $dialplan_uuid = $_POST["dialplan_uuid"];
+ $conference_center_name = $_POST["conference_center_name"];
+ $conference_center_extension = $_POST["conference_center_extension"];
+ $conference_center_greeting = $_POST["conference_center_greeting"];
+ $conference_center_pin_length = $_POST["conference_center_pin_length"];
+ $conference_center_enabled = $_POST["conference_center_enabled"];
+ $conference_center_description = $_POST["conference_center_description"];
//check for all required data
$msg = '';
@@ -97,13 +90,13 @@
$_POST["domain_uuid"] = $_SESSION["domain_uuid"];
//add the conference_center_uuid
- if (!isset($_POST["conference_center_uuid"])) {
+ if (!is_uuid($_POST["conference_center_uuid"])) {
$conference_center_uuid = uuid();
$_POST["conference_center_uuid"] = $conference_center_uuid;
}
//add the dialplan_uuid
- if (!isset($_POST["dialplan_uuid"])) {
+ if (!is_uuid($_POST["dialplan_uuid"])) {
$dialplan_uuid = uuid();
$_POST["dialplan_uuid"] = $dialplan_uuid;
}
@@ -150,6 +143,7 @@
$database->app_uuid = "b81412e8-7253-91f4-e48e-42fc2c9a38d9";
$database->save($array);
$message = $database->message;
+ unset($array);
//remove the temporary permission
$p->delete("dialplan_add", "temp");
@@ -193,8 +187,8 @@
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['conference_center_uuid'] = $conference_center_uuid;
$database = new database;
- $result = $database->select($sql, $parameters, 'all');
- foreach ($result as &$row) {
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$conference_center_uuid = $row["conference_center_uuid"];
$dialplan_uuid = $row["dialplan_uuid"];
$conference_center_name = $row["conference_center_name"];
@@ -204,7 +198,7 @@
$conference_center_enabled = $row["conference_center_enabled"];
$conference_center_description = $row["conference_center_description"];
}
- unset ($parameters);
+ unset($sql, $parameters, $row);
}
//set defaults
@@ -218,6 +212,7 @@
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$recordings = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//get the phrases
$sql = "select * from v_phrases ";
@@ -225,15 +220,17 @@
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$phrases = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//get the streams
$sql = "select * from v_streams ";
- $sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' or domain_uuid is null) ";
+ $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
$sql .= "and stream_enabled = 'true' ";
$sql .= "order by stream_name asc ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$streams = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//show the header
require_once "resources/header.php";
diff --git a/app/conference_centers/conference_centers.php b/app/conference_centers/conference_centers.php
index 9e8cd2b4db..ed793ed8ad 100644
--- a/app/conference_centers/conference_centers.php
+++ b/app/conference_centers/conference_centers.php
@@ -46,23 +46,8 @@
$order_by = $_GET["order_by"];
$order = $_GET["order"];
-//validate order by
- if (strlen($order_by) > 0) {
- $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
- }
-
-//validate the order
- switch ($order) {
- case 'asc':
- break;
- case 'desc':
- break;
- default:
- $order = '';
- }
-
//add the search term
- $search = strtolower(check_str($_GET["search"]));
+ $search = strtolower($_GET["search"]);
if (strlen($search) > 0) {
$sql_search = "and ( ";
$sql_search .= "lower(conference_center_name) like :search ";
@@ -70,6 +55,7 @@
$sql_search .= "or lower(conference_center_greeting) like :search ";
$sql_search .= "or lower(conference_center_description) like :search ";
$sql_search .= ") ";
+ $parameters['search'] = '%'.$search.'%';
}
//additional includes
@@ -77,15 +63,13 @@
require_once "resources/paging.php";
//prepare to page the results
- $sql = "select count(conference_center_uuid) as num_rows from v_conference_centers ";
+ $sql = "select count(conference_center_uuid) from v_conference_centers ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= $sql_search;
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
- if (strlen($search) > 0) {
- $parameters['search'] = '%'.$search.'%';
- }
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
+ unset($sql);
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -99,12 +83,11 @@
$sql = "select * from v_conference_centers ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= $sql_search;
- if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
- $sql .= "limit :rows_per_page offset :offset ";
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
$database = new database;
- $parameters['rows_per_page'] = $rows_per_page;
- $parameters['offset'] = $offset;
$result = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//alternate the row style
$c = 0;
@@ -151,7 +134,7 @@
echo "\n";
echo "\n";
- if (is_array($result)) {
+ if (is_array($result) && sizeof($result) != 0) {
foreach($result as $row) {
if (permission_exists('conference_center_edit')) {
$tr_link = "href='conference_center_edit.php?id=".$row['conference_center_uuid']."'";
diff --git a/app/conference_centers/conference_room_delete.php b/app/conference_centers/conference_room_delete.php
index 8c1cb864ae..7062975664 100644
--- a/app/conference_centers/conference_room_delete.php
+++ b/app/conference_centers/conference_room_delete.php
@@ -42,59 +42,50 @@
$language = new text;
$text = $language->get();
-//get the id
- if (isset($_GET["id"]) && is_uuid($_GET["id"])) {
- $id = $_GET["id"];
- }
-
-//get the domain_uuid
- $domain_uuid = null;
- if (isset($_SESSION['domain_uuid']) && is_uuid($_SESSION['domain_uuid'])) {
- $domain_uuid = $_SESSION['domain_uuid'];
- }
-
//delete the data
- if (isset($id) && is_uuid($id)) {
+ if (is_uuid($_GET["id"])) {
+
+ $conference_room_uuid = $_GET["id"];
+
//get the meeting_uuid
- if (["persistformvar"] != "true") {
- $sql = "select * from v_conference_rooms ";
- $sql .= "where domain_uuid = :domain_uuid ";
- $sql .= "and conference_room_uuid = :conference_room_uuid ";
- $parameters['domain_uuid'] = $domain_uuid;
- $parameters['conference_room_uuid'] = $id;
- $database = new database;
- $meeting_uuid = $database->select($sql, $parameters, 'column');
- unset ($parameters);
- }
- //echo "meeting_uuid: ".$meeting_uuid."
\n";
+ $sql = "select meeting_uuid from v_conference_rooms ";
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and conference_room_uuid = :conference_room_uuid ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['conference_room_uuid'] = $conference_room_uuid;
+ $database = new database;
+ $meeting_uuid = $database->select($sql, $parameters, 'column');
+ unset($sql, $parameters);
- //delete the conference session
- $sql = "delete from v_conference_rooms ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and conference_room_uuid = '$id'; ";
- //echo $sql."
\n";
- $db->exec(check_sql($sql));
- unset($sql);
+ //delete conference session
+ $array['conference_rooms'][0]['conference_room_uuid'] = $conference_room_uuid;
+ $array['conference_rooms'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ //delete meeting users
+ $array['meeting_users'][0]['meeting_uuid'] = $meeting_uuid;
+ $array['meeting_users'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ //delete meeting
+ $array['meetings'][0]['meeting_uuid'] = $meeting_uuid;
+ $array['meetings'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
- //delete the meeting users
- $sql = "delete from v_meeting_users ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and meeting_uuid = '$meeting_uuid'; ";
- //echo $sql."
\n";
- $db->exec(check_sql($sql));
- unset($sql);
+ $p = new permissions;
+ $p->add('meeting_user_delete', 'temp');
+ $p->add('meeting_delete', 'temp');
+
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->delete($array);
+ unset($array);
+
+ $p->delete('meeting_user_delete', 'temp');
+ $p->delete('meeting_delete', 'temp');
+
+ //set message
+ message::add($text['message-delete']);
- //delete the meetings
- $sql = "delete from v_meetings ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and meeting_uuid = '$meeting_uuid'; ";
- //echo $sql."
\n";
- $db->exec(check_sql($sql));
- unset($sql);
}
//redirect the user
- message::add($text['message-delete']);
header("Location: conference_rooms.php");
return;
diff --git a/app/conference_centers/conference_room_edit.php b/app/conference_centers/conference_room_edit.php
index 1cc7d03532..c8ded96241 100644
--- a/app/conference_centers/conference_room_edit.php
+++ b/app/conference_centers/conference_room_edit.php
@@ -44,9 +44,9 @@
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $conference_room_uuid = check_str($_REQUEST["id"]);
+ $conference_room_uuid = $_REQUEST["id"];
}
else {
$action = "add";
@@ -54,25 +54,25 @@
//get http post variables and set them to php variables
if (count($_POST) > 0) {
- $conference_center_uuid = check_str($_POST["conference_center_uuid"]);
- $meeting_uuid = check_str($_POST["meeting_uuid"]);
- $conference_room_name = check_str($_POST['conference_room_name']);
- $moderator_pin = check_str($_POST["moderator_pin"]);
- $participant_pin = check_str($_POST["participant_pin"]);
- $profile = check_str($_POST["profile"]);
- $record = check_str($_POST["record"]);
- $user_uuid = check_str($_POST["user_uuid"]);
- $max_members = check_str($_POST["max_members"]);
- $start_datetime = check_str($_POST["start_datetime"]);
- $stop_datetime = check_str($_POST["stop_datetime"]);
- $wait_mod = check_str($_POST["wait_mod"]);
- $announce = check_str($_POST["announce"]);
- $sounds = check_str($_POST["sounds"]);
- $mute = check_str($_POST["mute"]);
- $created = check_str($_POST["created"]);
- $created_by = check_str($_POST["created_by"]);
- $enabled = check_str($_POST["enabled"]);
- $description = check_str($_POST["description"]);
+ $conference_center_uuid = $_POST["conference_center_uuid"];
+ $meeting_uuid = $_POST["meeting_uuid"];
+ $conference_room_name = $_POST['conference_room_name'];
+ $moderator_pin = $_POST["moderator_pin"];
+ $participant_pin = $_POST["participant_pin"];
+ $profile = $_POST["profile"];
+ $record = $_POST["record"];
+ $user_uuid = $_POST["user_uuid"];
+ $max_members = $_POST["max_members"];
+ $start_datetime = $_POST["start_datetime"];
+ $stop_datetime = $_POST["stop_datetime"];
+ $wait_mod = $_POST["wait_mod"];
+ $announce = $_POST["announce"];
+ $sounds = $_POST["sounds"];
+ $mute = $_POST["mute"];
+ $created = $_POST["created"];
+ $created_by = $_POST["created_by"];
+ $enabled = $_POST["enabled"];
+ $description = $_POST["description"];
//remove any pin number formatting
$moderator_pin = preg_replace('{\D}', '', $moderator_pin);
@@ -81,47 +81,47 @@
//get the conference centers array and set a default conference center
$sql = "select * from v_conference_centers ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
+ $sql .= "where domain_uuid = :domain_uuid ";
$sql .= "order by conference_center_name asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $conference_centers = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
- if (strlen($conference_center_uuid) == 0) {
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $conference_centers = $database->select($sql, $parameters, 'all');
+ if (!is_uuid($conference_center_uuid)) {
$conference_center_uuid = $conference_centers[0]["conference_center_uuid"];
}
+ unset($sql, $parameters);
//get the conference profiles
$sql = "select * ";
$sql .= "from v_conference_profiles ";
$sql .= "where profile_enabled = 'true' ";
$sql .= "and profile_name <> 'sla' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $conference_profiles = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset ($prep_statement, $sql);
+ $database = new database;
+ $conference_profiles = $database->select($sql, null, 'all');
+ unset ($sql);
//set the default
if ($profile === "") { $profile = "default"; }
//define fucntion get_meeting_pin - used to find a unique pin number
function get_meeting_pin($length, $meeting_uuid) {
- global $db;
$pin = generate_password($length,1);
- $sql = "select count(*) as num_rows from v_meetings ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- //$sql .= "and meeting_uuid <> '".$meeting_uuid."' ";
- $sql .= "and (moderator_pin = '".$pin."' or participant_pin = '".$pin."') ";
- $prep_statement = $db->prepare(check_sql($sql));
- if ($prep_statement) {
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
- if ($row['num_rows'] == 0) {
- return $pin;
- }
- else {
- get_meeting_pin($length, $uuid);
- }
+ $sql = "select count(*) from v_meetings ";
+ $sql .= "where domain_uuid = :domain_uuid ";
+ //$sql .= "and meeting_uuid <> :meeting_uuid ";
+ $sql .= "and (moderator_pin = :pin or participant_pin = :pin) ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ //$parameters['meeting_uuid'] = $meeting_uuid;
+ $parameters['pin'] = $pin;
+ $database = new database;
+ $num_rows = $database->select($sql, $parameters, 'column');
+ if ($num_rows == 0) {
+ return $pin;
}
+ else {
+ get_meeting_pin($length, $uuid);
+ }
+ unset($sql, $parameters);
}
//record announcment
@@ -139,17 +139,20 @@
}
//generate the pins
- $sql = "select conference_center_pin_length from v_conference_centers ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- if (strlen($conference_center_uuid) > 0) {
- $sql .= "and conference_center_uuid = '".$conference_center_uuid."' ";
+ $sql = "select conference_center_pin_length ";
+ $sql .= "from v_conference_centers ";
+ $sql .= "where domain_uuid = :domain_uuid ";
+ if (is_uuid($conference_center_uuid)) {
+ $sql .= "and conference_center_uuid = :conference_center_uuid ";
+ $parameters['conference_center_uuid'] = $conference_center_uuid;
}
- $prep_statement = $db->prepare(check_sql($sql));
- if ($prep_statement) {
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$pin_length = $row['conference_center_pin_length'];
}
+ unset($sql, $parameters);
if (strlen($moderator_pin) == 0) {
$moderator_pin = get_meeting_pin($pin_length, $meeting_uuid);
}
@@ -161,14 +164,16 @@
if ($_GET["a"] == "delete" && permission_exists('conference_room_delete')) {
if (strlen($_REQUEST["meeting_user_uuid"]) > 0) {
//set the variables
- $meeting_user_uuid = check_str($_REQUEST["meeting_user_uuid"]);
- $conference_room_uuid = check_str($_REQUEST["conference_room_uuid"]);
+ $meeting_user_uuid = $_REQUEST["meeting_user_uuid"];
+ $conference_room_uuid = $_REQUEST["conference_room_uuid"];
//delete the extension from the ring_group
- $sql = "delete from v_meeting_users ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and meeting_user_uuid = '$meeting_user_uuid' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['meeting_users'][0]['meeting_user_uuid'] = $meeting_user_uuid;
+ $array['meeting_users'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->delete($array);
+ unset($array);
}
message::add($text['message-delete']);
@@ -181,42 +186,49 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
$msg = '';
if ($action == "update") {
- $conference_room_uuid = check_str($_POST["conference_room_uuid"]);
+ $conference_room_uuid = $_POST["conference_room_uuid"];
}
//check for a unique pin number and length
if (strlen($moderator_pin) > 0 || strlen($participant_pin) > 0) {
//make sure the moderator pin number is unique
- $sql = "select count(*) as num_rows from v_meetings ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- if (strlen($meeting_uuid) > 0) {
- $sql .= "and meeting_uuid <> '".$meeting_uuid."' ";
+ $sql = "select count(*) from v_meetings ";
+ $sql .= "where domain_uuid = :domain_uuid ";
+ if (is_uuid($meeting_uuid)) {
+ $sql .= "and meeting_uuid <> :meeting_uuid ";
+ $parameters['meeting_uuid'] = $meeting_uuid;
}
- $sql .= "and (moderator_pin = '".$moderator_pin."' or participant_pin = '".$moderator_pin."') ";
- $prep_statement = $db->prepare(check_sql($sql));
- if ($prep_statement) {
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
- if ($row['num_rows'] > 0) {
- $msg .= $text['message-unique_moderator_pin']."
\n";
- }
+ $sql .= "and (";
+ $sql .= "moderator_pin = :moderator_pin ";
+ $sql .= "or participant_pin = :moderator_pin ";
+ $sql .= ") ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['moderator_pin'] = $moderator_pin;
+ $database = new database;
+ $num_rows = $database->select($sql, $parameters, 'column');
+ if ($num_rows > 0) {
+ $msg .= $text['message-unique_moderator_pin']."
\n";
}
+ unset($sql, $parameters);
//make sure the participant pin number is unique
- $sql = "select count(*) as num_rows from v_meetings ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- if (strlen($meeting_uuid) > 0) {
- $sql .= "and meeting_uuid <> '".$meeting_uuid."' ";
+ $sql = "select count(*) from v_meetings ";
+ $sql .= "where domain_uuid = :domain_uuid ";
+ if (is_uuid($meeting_uuid)) {
+ $sql .= "and meeting_uuid <> :meeting_uuid ";
+ $parameters['meeting_uuid'] = $meeting_uuid;
}
- $sql .= "and (moderator_pin = '".$participant_pin."' or participant_pin = '".$participant_pin."') ";
- $prep_statement = $db->prepare(check_sql($sql));
- if ($prep_statement) {
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
- if ($row['num_rows'] > 0) {
- $msg .= $text['message-unique_participant_pin']."
\n";
- }
+ $sql .= "and (";
+ $sql .= "moderator_pin = :participant_pin ";
+ $sql .= "or participant_pin = :participant_pin ";
+ $sql .= ") ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['participant_pin'] = $participant_pin;
+ $num_rows = $database->select($sql, $parameters, 'column');
+ if ($num_rows > 0) {
+ $msg .= $text['message-unique_participant_pin']."
\n";
}
+ unset($sql, $parameters);
//additional checks
if ($moderator_pin == $participant_pin) {
@@ -271,206 +283,193 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
//add a meeting
$meeting_uuid = uuid();
- $sql = "insert into v_meetings ";
- $sql .= "(";
- $sql .= "domain_uuid, ";
- $sql .= "meeting_uuid, ";
- $sql .= "moderator_pin, ";
- $sql .= "participant_pin, ";
- $sql .= "enabled, ";
- $sql .= "description ";
- $sql .= ") ";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'$domain_uuid', ";
- $sql .= "'$meeting_uuid', ";
- $sql .= "'$moderator_pin', ";
- $sql .= "'$participant_pin', ";
- $sql .= "'$enabled', ";
- $sql .= "'$description' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['meetings'][0]['meeting_uuid'] = $meeting_uuid;
+ $array['meetings'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['meetings'][0]['moderator_pin'] = $moderator_pin;
+ $array['meetings'][0]['participant_pin'] = $participant_pin;
+ $array['meetings'][0]['enabled'] = $enabled;
+ $array['meetings'][0]['description'] = $description;
+
+ $p = new permissions;
+ $p->add('meeting_add', 'temp');
+
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('meeting_add', 'temp');
//add a conference room
$conference_room_uuid = uuid();
- $sql = "insert into v_conference_rooms ";
- $sql .= "(";
- $sql .= "domain_uuid, ";
- $sql .= "conference_room_uuid, ";
- $sql .= "conference_center_uuid, ";
- $sql .= "meeting_uuid, ";
- $sql .= "conference_room_name, ";
- $sql .= "profile, ";
- $sql .= "record, ";
- $sql .= "max_members, ";
- $sql .= "start_datetime, ";
- $sql .= "stop_datetime, ";
- $sql .= "wait_mod, ";
- $sql .= "announce, ";
- $sql .= "sounds, ";
- $sql .= "mute, ";
- $sql .= "created, ";
- $sql .= "created_by, ";
- $sql .= "enabled, ";
- $sql .= "description ";
- $sql .= ") ";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'$domain_uuid', ";
- $sql .= "'$conference_room_uuid', ";
- $sql .= "'$conference_center_uuid', ";
- $sql .= "'$meeting_uuid', ";
- $sql .= "'$conference_room_name', ";
- $sql .= "'$profile', ";
- $sql .= "'$record', ";
- $sql .= "'$max_members', ";
- $sql .= "'$start_datetime', ";
- $sql .= "'$stop_datetime', ";
- $sql .= "'$wait_mod', ";
- $sql .= "'$announce', ";
- $sql .= "'$sounds', ";
- $sql .= "'$mute', ";
- $sql .= "now(), ";
- $sql .= "'".$_SESSION['user_uuid']."', ";
- $sql .= "'$enabled', ";
- $sql .= "'$description' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['conference_rooms'][0]['conference_room_uuid'] = $conference_room_uuid;
+ $array['conference_rooms'][0]['conference_center_uuid'] = $conference_center_uuid;
+ $array['conference_rooms'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['conference_rooms'][0]['meeting_uuid'] = $meeting_uuid;
+ $array['conference_rooms'][0]['conference_room_name'] = $conference_room_name;
+ $array['conference_rooms'][0]['profile'] = $profile;
+ $array['conference_rooms'][0]['record'] = $record;
+ $array['conference_rooms'][0]['max_members'] = $max_members;
+ $array['conference_rooms'][0]['start_datetime'] = $start_datetime;
+ $array['conference_rooms'][0]['stop_datetime'] = $stop_datetime;
+ $array['conference_rooms'][0]['wait_mod'] = $wait_mod;
+ $array['conference_rooms'][0]['announce'] = $announce;
+ $array['conference_rooms'][0]['sounds'] = $sounds;
+ $array['conference_rooms'][0]['mute'] = $mute;
+ $array['conference_rooms'][0]['created'] = 'now()';
+ $array['conference_rooms'][0]['created_by'] = $_SESSION['user_uuid'];
+ $array['conference_rooms'][0]['enabled'] = $enabled;
+ $array['conference_rooms'][0]['description'] = $description;
+
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->save($array);
+ unset($array);
//assign the logged in user to the meeting
- if (strlen($_SESSION["user_uuid"]) > 0) {
+ if (is_uuid($_SESSION["user_uuid"])) {
$meeting_user_uuid = uuid();
- $sql = "insert into v_meeting_users ";
- $sql .= "(";
- $sql .= "domain_uuid, ";
- $sql .= "meeting_user_uuid, ";
- $sql .= "meeting_uuid, ";
- $sql .= "user_uuid ";
- $sql .= ") ";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'$domain_uuid', ";
- $sql .= "'$meeting_user_uuid', ";
- $sql .= "'$meeting_uuid', ";
- $sql .= "'".$_SESSION["user_uuid"]."' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['meeting_users'][0]['meeting_user_uuid'] = $meeting_user_uuid;
+ $array['meeting_users'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['meeting_users'][0]['meeting_uuid'] = $meeting_uuid;
+ $array['meeting_users'][0]['user_uuid'] = $_SESSION["user_uuid"];
+
+ $p = new permissions;
+ $p->add('meeting_user_add', 'temp');
+
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('meeting_user_add', 'temp');
}
message::add($text['message-add']);
- } //if ($action == "add")
+ }
if ($action == "update" && permission_exists('conference_room_edit')) {
//get the meeting_uuid
if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
- $conference_room_uuid = check_str($_GET["id"]);
+ $conference_room_uuid = $_GET["id"];
$sql = "select * from v_conference_rooms ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and conference_room_uuid = '$conference_room_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll();
- foreach ($result as &$row) {
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and conference_room_uuid = :conference_room_uuid ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['conference_room_uuid'] = $conference_room_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$meeting_uuid = $row["meeting_uuid"];
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
}
//update conference meetings
- $sql = "update v_meetings set ";
- $sql .= "moderator_pin = '$moderator_pin', ";
- $sql .= "participant_pin = '$participant_pin', ";
- $sql .= "enabled = '$enabled', ";
- $sql .= "description = '$description' ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and meeting_uuid = '$meeting_uuid' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['meetings'][0]['meeting_uuid'] = $meeting_uuid;
+ $array['meetings'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['meetings'][0]['moderator_pin'] = $moderator_pin;
+ $array['meetings'][0]['participant_pin'] = $participant_pin;
+ $array['meetings'][0]['enabled'] = $enabled;
+ $array['meetings'][0]['description'] = $description;
+
+ $p = new permissions;
+ $p->add('meeting_edit', 'temp');
+
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('meeting_edit', 'temp');
//update the conference room
- $sql = "update v_conference_rooms set ";
- $sql .= "conference_center_uuid = '$conference_center_uuid', ";
- //$sql .= "meeting_uuid = '$meeting_uuid', ";
- $sql .= "conference_room_name = '$conference_room_name', ";
+ $array['conference_rooms'][0]['conference_room_uuid'] = $conference_room_uuid;
+ $array['conference_rooms'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['conference_rooms'][0]['conference_center_uuid'] = $conference_center_uuid;
+ $array['conference_rooms'][0]['conference_room_name'] = $conference_room_name;
if (strlen($profile) > 0) {
- $sql .= "profile = '$profile', ";
+ $array['conference_rooms'][0]['profile'] = $profile;
}
if (strlen($record) > 0) {
- $sql .= "record = '$record', ";
+ $array['conference_rooms'][0]['record'] = $record;
}
if (strlen($max_members) > 0) {
- $sql .= "max_members = '$max_members', ";
+ $array['conference_rooms'][0]['max_members'] = $max_members;
}
- $sql .= "start_datetime = '".$start_datetime."', ";
- $sql .= "stop_datetime = '".$stop_datetime."', ";
+ $array['conference_rooms'][0]['start_datetime'] = $start_datetime;
+ $array['conference_rooms'][0]['stop_datetime'] = $stop_datetime;
if (strlen($wait_mod) > 0) {
- $sql .= "wait_mod = '$wait_mod', ";
+ $array['conference_rooms'][0]['wait_mod'] = $wait_mod;
}
if (strlen($announce) > 0) {
- $sql .= "announce = '$announce', ";
+ $array['conference_rooms'][0]['announce'] = $announce;
}
- //$sql .= "enter_sound = '$enter_sound', ";
if (strlen($mute) > 0) {
- $sql .= "mute = '$mute', ";
+ $array['conference_rooms'][0]['mute'] = $mute;
}
- $sql .= "sounds = '$sounds', ";
+ $array['conference_rooms'][0]['sounds'] = $sounds;
if (strlen($enabled) > 0) {
- $sql .= "enabled = '$enabled', ";
+ $array['conference_rooms'][0]['enabled'] = $enabled;
}
- $sql .= "description = '$description' ";
- $sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "and conference_room_uuid = '$conference_room_uuid' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['conference_rooms'][0]['description'] = $description;
- message::add($text['message-update']);
- } //if ($action == "update")
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->save($array);
+ unset($array);
+
+ //set message
+ message::add($text['message-update']);
+ }
//assign the user to the meeting
- if (strlen($user_uuid) > 0 && $_SESSION["user_uuid"] != $user_uuid) {
+ if (is_uuid($user_uuid) && $_SESSION["user_uuid"] != $user_uuid) {
$meeting_user_uuid = uuid();
- $sql = "insert into v_meeting_users ";
- $sql .= "(";
- $sql .= "domain_uuid, ";
- $sql .= "meeting_user_uuid, ";
- $sql .= "meeting_uuid, ";
- $sql .= "user_uuid ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'$domain_uuid', ";
- $sql .= "'$meeting_user_uuid', ";
- $sql .= "'$meeting_uuid', ";
- $sql .= "'$user_uuid' ";
- $sql .= ")";
- //echo $sql; //exit;
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['meeting_users'][0]['meeting_user_uuid'] = $meeting_user_uuid;
+ $array['meeting_users'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['meeting_users'][0]['meeting_uuid'] = $meeting_uuid;
+ $array['meeting_users'][0]['user_uuid'] = $user_uuid;
+
+ $p = new permissions;
+ $p->add('meeting_user_add', 'temp');
+
+ $database = new database;
+ $database->app_name = 'conference_centers';
+ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('meeting_user_add', 'temp');
message::add($text['message-add']);
}
- header("Location: conference_room_edit.php?id=".escape($conference_room_uuid));
- return;
+ //redirect
+ header("Location: conference_room_edit.php?id=".escape($conference_room_uuid));
+ exit;
- } //if ($_POST["persistformvar"] != "true")
-} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+ }
+}
//pre-populate the form
if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
//get the conference room details
- $conference_room_uuid = check_str($_REQUEST["id"]);
+ $conference_room_uuid = $_REQUEST["id"];
$sql = "select * from v_conference_rooms as r, v_meetings as m ";
- $sql .= "where r.domain_uuid = '$domain_uuid' ";
+ $sql .= "where r.domain_uuid = :domain_uuid ";
$sql .= "and r.meeting_uuid = m.meeting_uuid ";
- $sql .= "and r.conference_room_uuid = '$conference_room_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll();
- foreach ($result as &$row) {
+ $sql .= "and r.conference_room_uuid = :conference_room_uuid ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['conference_room_uuid'] = $conference_room_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$conference_center_uuid = $row["conference_center_uuid"];
$meeting_uuid = $row["meeting_uuid"];
$moderator_pin = $row["moderator_pin"];
@@ -490,28 +489,29 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
$enabled = $row["enabled"];
$description = $row["description"];
}
- unset ($prep_statement, $sql);
+ unset($sql, $parameters, $row);
}
//get the users array
- $sql = "SELECT * FROM v_users ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+ $sql = "select * from v_users ";
+ $sql .= "where domain_uuid = :domain_uuid ";
$sql .= "order by username asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset($prep_statement, $sql);
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $users = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//get the users assigned to this meeting
- $sql = "SELECT * FROM v_users as u, v_meeting_users as m ";
+ $sql = "select * from v_users as u, v_meeting_users as m ";
$sql .= "where u.user_uuid = m.user_uuid ";
- $sql .= "and m.domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and m.meeting_uuid = '$meeting_uuid' ";
+ $sql .= "and m.domain_uuid = :domain_uuid ";
+ $sql .= "and m.meeting_uuid = :meeting_uuid ";
$sql .= "order by u.username asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $meeting_users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset($prep_statement, $sql);
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['meeting_uuid'] = $meeting_uuid;
+ $database = new database;
+ $meeting_users = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//set default profile
if (strlen($profile) == 0) { $profile = 'default'; }
diff --git a/app/conference_centers/conference_rooms.php b/app/conference_centers/conference_rooms.php
index 24e0f1a979..215c6041b7 100644
--- a/app/conference_centers/conference_rooms.php
+++ b/app/conference_centers/conference_rooms.php
@@ -47,16 +47,17 @@
require_once "resources/paging.php";
//get the meeting_uuid using the pin number
- $search = $_GET["search"];
- $search = preg_replace('{\D}', '', $search);
+ $search = preg_replace('{\D}', '', $_GET["search"]);
if (strlen($search) > 0) {
- $sql = "select meeting_uuid from v_meetings ";
+ $sql = "select meeting_uuid ";
+ $sql .= "from v_meetings ";
$sql .= "where domain_uuid = :domain_uuid ";
- $sql .= "and (moderator_pin = :search or participant_pin = :search) ";
+ $sql .= "and ( ";
+ $sql .= "moderator_pin = :search ";
+ $sql .= "or participant_pin = :search ";
+ $sql .= ") ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
- if (strlen($search) > 0) {
- $parameters['search'] = '%'.$search.'%';
- }
+ $parameters['search'] = '%'.$search.'%';
$database = new database;
$meeting_uuid = $database->select($sql, $parameters, 'column');
}
@@ -114,6 +115,7 @@
$database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e';
$database->save($array);
$message = $database->message;
+ unset($array);
}
//get conference array
diff --git a/app/conference_centers/conference_session_details.php b/app/conference_centers/conference_session_details.php
index 78ee9ed0f6..92ac658933 100644
--- a/app/conference_centers/conference_session_details.php
+++ b/app/conference_centers/conference_session_details.php
@@ -46,27 +46,12 @@
require_once "resources/paging.php";
//set variables from the http values
- $order_by = $_GET["order_by"];
- $order = $_GET['order'];
+ $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'start_epoch';
+ $order = $_GET['order'] != '' ? $_GET['order'] : 'asc';
$conference_session_uuid = $_GET["uuid"];
-//validate order by
- if (strlen($order_by) > 0) {
- $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
- }
-
-//validate the order
- switch ($order) {
- case 'asc':
- break;
- case 'desc':
- break;
- default:
- $order = '';
- }
-
//add meeting_uuid to a session variable
- if (strlen($conference_session_uuid) > 0 && is_uuid($conference_session_uuid)) {
+ if (is_uuid($conference_session_uuid)) {
$_SESSION['meeting']['session_uuid'] = $conference_session_uuid;
}
@@ -77,15 +62,15 @@
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid'];
$database = new database;
- $conference_sessions = $database->select($sql, $parameters, 'all');
- foreach ($conference_sessions as $row) {
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$meeting_uuid = $row["meeting_uuid"];
$recording = $row["recording"];
$start_epoch = $row["start_epoch"];
$end_epoch = $row["end_epoch"];
$profile = $row["profile"];
}
- unset ($conference_sessions, $parameters);
+ unset($sql, $parameters, $row);
//set the year, month and day based on the session start epoch
$tmp_year = date("Y", $start_epoch);
@@ -131,13 +116,13 @@
echo "\n";
//prepare to page the results
- $sql = "select count(*) as num_rows from v_conference_session_details ";
+ $sql = "select count(*) from v_conference_session_details ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and conference_session_uuid = :conference_session_uuid ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid'];
$num_rows = $database->select($sql, $parameters, 'column');
- unset($parameters);
+ unset($sql, $parameters);
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -151,19 +136,12 @@
$sql = "select * from v_conference_session_details ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and conference_session_uuid = :conference_session_uuid ";
- if (strlen($order_by) == 0) {
- $sql .= "order by start_epoch asc ";
- }
- else {
- $sql .= "order by $order_by $order ";
- }
- $sql .= "limit :rows_per_page offset :offset ";
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid'];
- $parameters['rows_per_page'] = $rows_per_page;
- $parameters['offset'] = $offset;
$conference_session_details = $database->select($sql, $parameters, 'all');
- unset ($parameters);
+ unset($sql, $parameters);
//show the styles
$c = 0;
@@ -189,7 +167,7 @@
}
echo "
\n";
- if (is_array($conference_session_details)) {
+ if (is_array($conference_session_details) && sizeof($conference_session_details) != 0) {
foreach($conference_session_details as $row) {
if (defined('TIME_24HR') && TIME_24HR == 1) {
$start_date = date("j M Y H:i:s", $row['start_epoch']);
@@ -222,7 +200,7 @@
echo "\n";
if ($c==0) { $c=1; } else { $c=0; }
} //end foreach
- unset($sql, $conference_session_details);
+ unset($conference_session_details);
} //end if results
echo "\n";
diff --git a/app/conference_centers/conference_sessions.php b/app/conference_centers/conference_sessions.php
index 2fb50e1889..e50e58e6ae 100644
--- a/app/conference_centers/conference_sessions.php
+++ b/app/conference_centers/conference_sessions.php
@@ -47,26 +47,11 @@
//set variables from the http values
$meeting_uuid = $_GET["id"];
- $order_by = $_GET["order_by"];
- $order = $_GET["order"];
-
-//validate order by
- if (strlen($order_by) > 0) {
- $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
- }
-
-//validate the order
- switch ($order) {
- case 'asc':
- break;
- case 'desc':
- break;
- default:
- $order = '';
- }
+ $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'start_epoch';
+ $order = $_GET["order"] != '' ? $_GET["order"] : 'desc';
//add meeting_uuid to a session variable
- if (strlen($meeting_uuid) > 0 && is_uuid($meeting_uuid)) {
+ if (is_uuid($meeting_uuid)) {
$_SESSION['meeting']['uuid'] = $meeting_uuid;
}
@@ -84,13 +69,14 @@
echo "\n";
//prepare to page the results
- $sql = "select count(*) as num_rows from v_conference_sessions ";
+ $sql = "select count(*) from v_conference_sessions ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and meeting_uuid = :meeting_uuid ";
- $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['meeting_uuid'] = $_SESSION['meeting']['uuid'];
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
+ unset($sql, $parameters);
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -104,17 +90,13 @@
$sql = "select * from v_conference_sessions ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and meeting_uuid = :meeting_uuid ";
- if (strlen($order_by) == 0) {
- $sql .= "order by start_epoch desc ";
- }
- else {
- $sql .= "order by $order_by $order ";
- }
- $sql .= "limit :rows_per_page offset :offset ";
- $parameters['rows_per_page'] = $rows_per_page;
- $parameters['offset'] = $offset;
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['meeting_uuid'] = $_SESSION['meeting']['uuid'];
$database = new database;
$conference_sessions = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//set the row style
$c = 0;
@@ -147,7 +129,7 @@
echo "| | \n";
echo "
\n";
- if (is_array($conference_sessions)) {
+ if (is_array($conference_sessions) && sizeof($conference_sessions) != 0) {
foreach($conference_sessions as $row) {
$tmp_year = date("Y", $row['start_epoch']);
$tmp_month = date("M", $row['start_epoch']);