From 47106e5baa2c0bfc72bc31cbf15e44a8dd8eb9c2 Mon Sep 17 00:00:00 2001 From: Nate Date: Thu, 4 Jul 2019 15:57:04 -0600 Subject: [PATCH] Database class integration. --- .../conference_center_delete.php | 68 ++- .../conference_center_edit.php | 43 +- app/conference_centers/conference_centers.php | 33 +- .../conference_room_delete.php | 81 ++- .../conference_room_edit.php | 498 +++++++++--------- app/conference_centers/conference_rooms.php | 16 +- .../conference_session_details.php | 48 +- .../conference_sessions.php | 42 +- 8 files changed, 377 insertions(+), 452 deletions(-) diff --git a/app/conference_centers/conference_center_delete.php b/app/conference_centers/conference_center_delete.php index 7a01c4ed46..042e0ea3c7 100644 --- a/app/conference_centers/conference_center_delete.php +++ b/app/conference_centers/conference_center_delete.php @@ -29,10 +29,7 @@ require_once "resources/check_auth.php"; //check permissions - if (permission_exists('conference_center_delete')) { - //access granted - } - else { + if (!permission_exists('conference_center_delete')) { echo "access denied"; exit; } @@ -41,50 +38,43 @@ $language = new text; $text = $language->get(); -//get the id - if (isset($_GET["id"]) && is_uuid($_GET["id"])) { - $id = $_GET["id"]; - } + //delete the data + if (is_uuid($_GET["id"])) { -//get the domain_uuid - $domain_uuid = null; - if (isset($_SESSION['domain_uuid']) && is_uuid($_SESSION['domain_uuid'])) { - $domain_uuid = $_SESSION['domain_uuid']; - } + $conference_center_uuid = $_GET["id"]; -//delete the data - if (isset($id) && is_uuid($id)) { //get the dialplan uuid $sql = "select dialplan_uuid from v_conference_centers "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and conference_center_uuid = :conference_center_uuid "; - $parameters['domain_uuid'] = $domain_uuid; - $parameters['conference_center_uuid'] = $id; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['conference_center_uuid'] = $conference_center_uuid; $database = new database; $dialplan_uuid = $database->select($sql, $parameters, 'column'); - unset ($parameters); + unset($sql, $parameters); //delete the conference center - $sql = "delete from v_conference_centers "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and conference_center_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); - - //delete the dialplan entry - $sql = "delete from v_dialplans "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and dialplan_uuid = '$dialplan_uuid' "; - $db->query($sql); - unset($sql); - + $array['conference_centers'][0]['conference_center_uuid'] = $conference_center_uuid; + $array['conference_centers'][0]['domain_uuid'] = $_SESSION['domain_uuid']; //delete the dialplan details - $sql = "delete from v_dialplan_details "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and dialplan_uuid = '$dialplan_uuid' "; - $db->query($sql); - unset($sql); + $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplan_details'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + //delete the dialplan entry + $array['dialplans'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplans'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + + $p = new permissions; + $p->add('dialplan_detail_delete', 'temp'); + $p->add('dialplan_delete', 'temp'); + + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->delete($array); + unset($array); + + $p->delete('dialplan_detail_delete', 'temp'); + $p->delete('dialplan_delete', 'temp'); //clear the cache $cache = new cache; @@ -95,10 +85,12 @@ //apply settings reminder $_SESSION["reload_xml"] = true; + + //set message + message::add($text['message-delete']); } //redirect the browser - message::add($text['message-delete']); header("Location: conference_centers.php"); return; diff --git a/app/conference_centers/conference_center_edit.php b/app/conference_centers/conference_center_edit.php index 56e2842174..d81b4dfee0 100644 --- a/app/conference_centers/conference_center_edit.php +++ b/app/conference_centers/conference_center_edit.php @@ -43,7 +43,7 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; $conference_center_uuid = $_REQUEST["id"]; } @@ -51,25 +51,18 @@ $action = "add"; } -//get http post variables and set them to php variables - if (is_array($_POST)) { - $conference_center_uuid = $_POST["conference_center_uuid"]; - $dialplan_uuid = $_POST["dialplan_uuid"]; - $conference_center_name = $_POST["conference_center_name"]; - $conference_center_extension = $_POST["conference_center_extension"]; - $conference_center_greeting = $_POST["conference_center_greeting"]; - $conference_center_pin_length = $_POST["conference_center_pin_length"]; - $conference_center_enabled = $_POST["conference_center_enabled"]; - $conference_center_description = $_POST["conference_center_description"]; - } - //process the user data and save it to the database if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { - //get the uuid from the POST - if ($action == "update") { - $conference_center_uuid = $_POST["conference_center_uuid"]; - } + //get http post variables and set them to php variables + $conference_center_uuid = $_POST["conference_center_uuid"]; + $dialplan_uuid = $_POST["dialplan_uuid"]; + $conference_center_name = $_POST["conference_center_name"]; + $conference_center_extension = $_POST["conference_center_extension"]; + $conference_center_greeting = $_POST["conference_center_greeting"]; + $conference_center_pin_length = $_POST["conference_center_pin_length"]; + $conference_center_enabled = $_POST["conference_center_enabled"]; + $conference_center_description = $_POST["conference_center_description"]; //check for all required data $msg = ''; @@ -97,13 +90,13 @@ $_POST["domain_uuid"] = $_SESSION["domain_uuid"]; //add the conference_center_uuid - if (!isset($_POST["conference_center_uuid"])) { + if (!is_uuid($_POST["conference_center_uuid"])) { $conference_center_uuid = uuid(); $_POST["conference_center_uuid"] = $conference_center_uuid; } //add the dialplan_uuid - if (!isset($_POST["dialplan_uuid"])) { + if (!is_uuid($_POST["dialplan_uuid"])) { $dialplan_uuid = uuid(); $_POST["dialplan_uuid"] = $dialplan_uuid; } @@ -150,6 +143,7 @@ $database->app_uuid = "b81412e8-7253-91f4-e48e-42fc2c9a38d9"; $database->save($array); $message = $database->message; + unset($array); //remove the temporary permission $p->delete("dialplan_add", "temp"); @@ -193,8 +187,8 @@ $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['conference_center_uuid'] = $conference_center_uuid; $database = new database; - $result = $database->select($sql, $parameters, 'all'); - foreach ($result as &$row) { + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $conference_center_uuid = $row["conference_center_uuid"]; $dialplan_uuid = $row["dialplan_uuid"]; $conference_center_name = $row["conference_center_name"]; @@ -204,7 +198,7 @@ $conference_center_enabled = $row["conference_center_enabled"]; $conference_center_description = $row["conference_center_description"]; } - unset ($parameters); + unset($sql, $parameters, $row); } //set defaults @@ -218,6 +212,7 @@ $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; $recordings = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get the phrases $sql = "select * from v_phrases "; @@ -225,15 +220,17 @@ $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; $phrases = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get the streams $sql = "select * from v_streams "; - $sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' or domain_uuid is null) "; + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; $sql .= "and stream_enabled = 'true' "; $sql .= "order by stream_name asc "; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; $streams = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //show the header require_once "resources/header.php"; diff --git a/app/conference_centers/conference_centers.php b/app/conference_centers/conference_centers.php index 9e8cd2b4db..ed793ed8ad 100644 --- a/app/conference_centers/conference_centers.php +++ b/app/conference_centers/conference_centers.php @@ -46,23 +46,8 @@ $order_by = $_GET["order_by"]; $order = $_GET["order"]; -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } - //add the search term - $search = strtolower(check_str($_GET["search"])); + $search = strtolower($_GET["search"]); if (strlen($search) > 0) { $sql_search = "and ( "; $sql_search .= "lower(conference_center_name) like :search "; @@ -70,6 +55,7 @@ $sql_search .= "or lower(conference_center_greeting) like :search "; $sql_search .= "or lower(conference_center_description) like :search "; $sql_search .= ") "; + $parameters['search'] = '%'.$search.'%'; } //additional includes @@ -77,15 +63,13 @@ require_once "resources/paging.php"; //prepare to page the results - $sql = "select count(conference_center_uuid) as num_rows from v_conference_centers "; + $sql = "select count(conference_center_uuid) from v_conference_centers "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= $sql_search; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - if (strlen($search) > 0) { - $parameters['search'] = '%'.$search.'%'; - } $database = new database; $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -99,12 +83,11 @@ $sql = "select * from v_conference_centers "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= $sql_search; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $sql .= "limit :rows_per_page offset :offset "; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); $database = new database; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //alternate the row style $c = 0; @@ -151,7 +134,7 @@ echo "\n"; echo "\n"; - if (is_array($result)) { + if (is_array($result) && sizeof($result) != 0) { foreach($result as $row) { if (permission_exists('conference_center_edit')) { $tr_link = "href='conference_center_edit.php?id=".$row['conference_center_uuid']."'"; diff --git a/app/conference_centers/conference_room_delete.php b/app/conference_centers/conference_room_delete.php index 8c1cb864ae..7062975664 100644 --- a/app/conference_centers/conference_room_delete.php +++ b/app/conference_centers/conference_room_delete.php @@ -42,59 +42,50 @@ $language = new text; $text = $language->get(); -//get the id - if (isset($_GET["id"]) && is_uuid($_GET["id"])) { - $id = $_GET["id"]; - } - -//get the domain_uuid - $domain_uuid = null; - if (isset($_SESSION['domain_uuid']) && is_uuid($_SESSION['domain_uuid'])) { - $domain_uuid = $_SESSION['domain_uuid']; - } - //delete the data - if (isset($id) && is_uuid($id)) { + if (is_uuid($_GET["id"])) { + + $conference_room_uuid = $_GET["id"]; + //get the meeting_uuid - if (["persistformvar"] != "true") { - $sql = "select * from v_conference_rooms "; - $sql .= "where domain_uuid = :domain_uuid "; - $sql .= "and conference_room_uuid = :conference_room_uuid "; - $parameters['domain_uuid'] = $domain_uuid; - $parameters['conference_room_uuid'] = $id; - $database = new database; - $meeting_uuid = $database->select($sql, $parameters, 'column'); - unset ($parameters); - } - //echo "meeting_uuid: ".$meeting_uuid."
\n"; + $sql = "select meeting_uuid from v_conference_rooms "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and conference_room_uuid = :conference_room_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['conference_room_uuid'] = $conference_room_uuid; + $database = new database; + $meeting_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); - //delete the conference session - $sql = "delete from v_conference_rooms "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and conference_room_uuid = '$id'; "; - //echo $sql."
\n"; - $db->exec(check_sql($sql)); - unset($sql); + //delete conference session + $array['conference_rooms'][0]['conference_room_uuid'] = $conference_room_uuid; + $array['conference_rooms'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + //delete meeting users + $array['meeting_users'][0]['meeting_uuid'] = $meeting_uuid; + $array['meeting_users'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + //delete meeting + $array['meetings'][0]['meeting_uuid'] = $meeting_uuid; + $array['meetings'][0]['domain_uuid'] = $_SESSION['domain_uuid']; - //delete the meeting users - $sql = "delete from v_meeting_users "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and meeting_uuid = '$meeting_uuid'; "; - //echo $sql."
\n"; - $db->exec(check_sql($sql)); - unset($sql); + $p = new permissions; + $p->add('meeting_user_delete', 'temp'); + $p->add('meeting_delete', 'temp'); + + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->delete($array); + unset($array); + + $p->delete('meeting_user_delete', 'temp'); + $p->delete('meeting_delete', 'temp'); + + //set message + message::add($text['message-delete']); - //delete the meetings - $sql = "delete from v_meetings "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and meeting_uuid = '$meeting_uuid'; "; - //echo $sql."
\n"; - $db->exec(check_sql($sql)); - unset($sql); } //redirect the user - message::add($text['message-delete']); header("Location: conference_rooms.php"); return; diff --git a/app/conference_centers/conference_room_edit.php b/app/conference_centers/conference_room_edit.php index 1cc7d03532..c8ded96241 100644 --- a/app/conference_centers/conference_room_edit.php +++ b/app/conference_centers/conference_room_edit.php @@ -44,9 +44,9 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $conference_room_uuid = check_str($_REQUEST["id"]); + $conference_room_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -54,25 +54,25 @@ //get http post variables and set them to php variables if (count($_POST) > 0) { - $conference_center_uuid = check_str($_POST["conference_center_uuid"]); - $meeting_uuid = check_str($_POST["meeting_uuid"]); - $conference_room_name = check_str($_POST['conference_room_name']); - $moderator_pin = check_str($_POST["moderator_pin"]); - $participant_pin = check_str($_POST["participant_pin"]); - $profile = check_str($_POST["profile"]); - $record = check_str($_POST["record"]); - $user_uuid = check_str($_POST["user_uuid"]); - $max_members = check_str($_POST["max_members"]); - $start_datetime = check_str($_POST["start_datetime"]); - $stop_datetime = check_str($_POST["stop_datetime"]); - $wait_mod = check_str($_POST["wait_mod"]); - $announce = check_str($_POST["announce"]); - $sounds = check_str($_POST["sounds"]); - $mute = check_str($_POST["mute"]); - $created = check_str($_POST["created"]); - $created_by = check_str($_POST["created_by"]); - $enabled = check_str($_POST["enabled"]); - $description = check_str($_POST["description"]); + $conference_center_uuid = $_POST["conference_center_uuid"]; + $meeting_uuid = $_POST["meeting_uuid"]; + $conference_room_name = $_POST['conference_room_name']; + $moderator_pin = $_POST["moderator_pin"]; + $participant_pin = $_POST["participant_pin"]; + $profile = $_POST["profile"]; + $record = $_POST["record"]; + $user_uuid = $_POST["user_uuid"]; + $max_members = $_POST["max_members"]; + $start_datetime = $_POST["start_datetime"]; + $stop_datetime = $_POST["stop_datetime"]; + $wait_mod = $_POST["wait_mod"]; + $announce = $_POST["announce"]; + $sounds = $_POST["sounds"]; + $mute = $_POST["mute"]; + $created = $_POST["created"]; + $created_by = $_POST["created_by"]; + $enabled = $_POST["enabled"]; + $description = $_POST["description"]; //remove any pin number formatting $moderator_pin = preg_replace('{\D}', '', $moderator_pin); @@ -81,47 +81,47 @@ //get the conference centers array and set a default conference center $sql = "select * from v_conference_centers "; - $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "order by conference_center_name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $conference_centers = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - if (strlen($conference_center_uuid) == 0) { + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $conference_centers = $database->select($sql, $parameters, 'all'); + if (!is_uuid($conference_center_uuid)) { $conference_center_uuid = $conference_centers[0]["conference_center_uuid"]; } + unset($sql, $parameters); //get the conference profiles $sql = "select * "; $sql .= "from v_conference_profiles "; $sql .= "where profile_enabled = 'true' "; $sql .= "and profile_name <> 'sla' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $conference_profiles = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $database = new database; + $conference_profiles = $database->select($sql, null, 'all'); + unset ($sql); //set the default if ($profile === "") { $profile = "default"; } //define fucntion get_meeting_pin - used to find a unique pin number function get_meeting_pin($length, $meeting_uuid) { - global $db; $pin = generate_password($length,1); - $sql = "select count(*) as num_rows from v_meetings "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - //$sql .= "and meeting_uuid <> '".$meeting_uuid."' "; - $sql .= "and (moderator_pin = '".$pin."' or participant_pin = '".$pin."') "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] == 0) { - return $pin; - } - else { - get_meeting_pin($length, $uuid); - } + $sql = "select count(*) from v_meetings "; + $sql .= "where domain_uuid = :domain_uuid "; + //$sql .= "and meeting_uuid <> :meeting_uuid "; + $sql .= "and (moderator_pin = :pin or participant_pin = :pin) "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + //$parameters['meeting_uuid'] = $meeting_uuid; + $parameters['pin'] = $pin; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + if ($num_rows == 0) { + return $pin; } + else { + get_meeting_pin($length, $uuid); + } + unset($sql, $parameters); } //record announcment @@ -139,17 +139,20 @@ } //generate the pins - $sql = "select conference_center_pin_length from v_conference_centers "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - if (strlen($conference_center_uuid) > 0) { - $sql .= "and conference_center_uuid = '".$conference_center_uuid."' "; + $sql = "select conference_center_pin_length "; + $sql .= "from v_conference_centers "; + $sql .= "where domain_uuid = :domain_uuid "; + if (is_uuid($conference_center_uuid)) { + $sql .= "and conference_center_uuid = :conference_center_uuid "; + $parameters['conference_center_uuid'] = $conference_center_uuid; } - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $pin_length = $row['conference_center_pin_length']; } + unset($sql, $parameters); if (strlen($moderator_pin) == 0) { $moderator_pin = get_meeting_pin($pin_length, $meeting_uuid); } @@ -161,14 +164,16 @@ if ($_GET["a"] == "delete" && permission_exists('conference_room_delete')) { if (strlen($_REQUEST["meeting_user_uuid"]) > 0) { //set the variables - $meeting_user_uuid = check_str($_REQUEST["meeting_user_uuid"]); - $conference_room_uuid = check_str($_REQUEST["conference_room_uuid"]); + $meeting_user_uuid = $_REQUEST["meeting_user_uuid"]; + $conference_room_uuid = $_REQUEST["conference_room_uuid"]; //delete the extension from the ring_group - $sql = "delete from v_meeting_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and meeting_user_uuid = '$meeting_user_uuid' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['meeting_users'][0]['meeting_user_uuid'] = $meeting_user_uuid; + $array['meeting_users'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->delete($array); + unset($array); } message::add($text['message-delete']); @@ -181,42 +186,49 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { $msg = ''; if ($action == "update") { - $conference_room_uuid = check_str($_POST["conference_room_uuid"]); + $conference_room_uuid = $_POST["conference_room_uuid"]; } //check for a unique pin number and length if (strlen($moderator_pin) > 0 || strlen($participant_pin) > 0) { //make sure the moderator pin number is unique - $sql = "select count(*) as num_rows from v_meetings "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - if (strlen($meeting_uuid) > 0) { - $sql .= "and meeting_uuid <> '".$meeting_uuid."' "; + $sql = "select count(*) from v_meetings "; + $sql .= "where domain_uuid = :domain_uuid "; + if (is_uuid($meeting_uuid)) { + $sql .= "and meeting_uuid <> :meeting_uuid "; + $parameters['meeting_uuid'] = $meeting_uuid; } - $sql .= "and (moderator_pin = '".$moderator_pin."' or participant_pin = '".$moderator_pin."') "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $msg .= $text['message-unique_moderator_pin']."
\n"; - } + $sql .= "and ("; + $sql .= "moderator_pin = :moderator_pin "; + $sql .= "or participant_pin = :moderator_pin "; + $sql .= ") "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['moderator_pin'] = $moderator_pin; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + if ($num_rows > 0) { + $msg .= $text['message-unique_moderator_pin']."
\n"; } + unset($sql, $parameters); //make sure the participant pin number is unique - $sql = "select count(*) as num_rows from v_meetings "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - if (strlen($meeting_uuid) > 0) { - $sql .= "and meeting_uuid <> '".$meeting_uuid."' "; + $sql = "select count(*) from v_meetings "; + $sql .= "where domain_uuid = :domain_uuid "; + if (is_uuid($meeting_uuid)) { + $sql .= "and meeting_uuid <> :meeting_uuid "; + $parameters['meeting_uuid'] = $meeting_uuid; } - $sql .= "and (moderator_pin = '".$participant_pin."' or participant_pin = '".$participant_pin."') "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $msg .= $text['message-unique_participant_pin']."
\n"; - } + $sql .= "and ("; + $sql .= "moderator_pin = :participant_pin "; + $sql .= "or participant_pin = :participant_pin "; + $sql .= ") "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['participant_pin'] = $participant_pin; + $num_rows = $database->select($sql, $parameters, 'column'); + if ($num_rows > 0) { + $msg .= $text['message-unique_participant_pin']."
\n"; } + unset($sql, $parameters); //additional checks if ($moderator_pin == $participant_pin) { @@ -271,206 +283,193 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //add a meeting $meeting_uuid = uuid(); - $sql = "insert into v_meetings "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "meeting_uuid, "; - $sql .= "moderator_pin, "; - $sql .= "participant_pin, "; - $sql .= "enabled, "; - $sql .= "description "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'$meeting_uuid', "; - $sql .= "'$moderator_pin', "; - $sql .= "'$participant_pin', "; - $sql .= "'$enabled', "; - $sql .= "'$description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['meetings'][0]['meeting_uuid'] = $meeting_uuid; + $array['meetings'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['meetings'][0]['moderator_pin'] = $moderator_pin; + $array['meetings'][0]['participant_pin'] = $participant_pin; + $array['meetings'][0]['enabled'] = $enabled; + $array['meetings'][0]['description'] = $description; + + $p = new permissions; + $p->add('meeting_add', 'temp'); + + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->save($array); + unset($array); + + $p->delete('meeting_add', 'temp'); //add a conference room $conference_room_uuid = uuid(); - $sql = "insert into v_conference_rooms "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "conference_room_uuid, "; - $sql .= "conference_center_uuid, "; - $sql .= "meeting_uuid, "; - $sql .= "conference_room_name, "; - $sql .= "profile, "; - $sql .= "record, "; - $sql .= "max_members, "; - $sql .= "start_datetime, "; - $sql .= "stop_datetime, "; - $sql .= "wait_mod, "; - $sql .= "announce, "; - $sql .= "sounds, "; - $sql .= "mute, "; - $sql .= "created, "; - $sql .= "created_by, "; - $sql .= "enabled, "; - $sql .= "description "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'$conference_room_uuid', "; - $sql .= "'$conference_center_uuid', "; - $sql .= "'$meeting_uuid', "; - $sql .= "'$conference_room_name', "; - $sql .= "'$profile', "; - $sql .= "'$record', "; - $sql .= "'$max_members', "; - $sql .= "'$start_datetime', "; - $sql .= "'$stop_datetime', "; - $sql .= "'$wait_mod', "; - $sql .= "'$announce', "; - $sql .= "'$sounds', "; - $sql .= "'$mute', "; - $sql .= "now(), "; - $sql .= "'".$_SESSION['user_uuid']."', "; - $sql .= "'$enabled', "; - $sql .= "'$description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['conference_rooms'][0]['conference_room_uuid'] = $conference_room_uuid; + $array['conference_rooms'][0]['conference_center_uuid'] = $conference_center_uuid; + $array['conference_rooms'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['conference_rooms'][0]['meeting_uuid'] = $meeting_uuid; + $array['conference_rooms'][0]['conference_room_name'] = $conference_room_name; + $array['conference_rooms'][0]['profile'] = $profile; + $array['conference_rooms'][0]['record'] = $record; + $array['conference_rooms'][0]['max_members'] = $max_members; + $array['conference_rooms'][0]['start_datetime'] = $start_datetime; + $array['conference_rooms'][0]['stop_datetime'] = $stop_datetime; + $array['conference_rooms'][0]['wait_mod'] = $wait_mod; + $array['conference_rooms'][0]['announce'] = $announce; + $array['conference_rooms'][0]['sounds'] = $sounds; + $array['conference_rooms'][0]['mute'] = $mute; + $array['conference_rooms'][0]['created'] = 'now()'; + $array['conference_rooms'][0]['created_by'] = $_SESSION['user_uuid']; + $array['conference_rooms'][0]['enabled'] = $enabled; + $array['conference_rooms'][0]['description'] = $description; + + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->save($array); + unset($array); //assign the logged in user to the meeting - if (strlen($_SESSION["user_uuid"]) > 0) { + if (is_uuid($_SESSION["user_uuid"])) { $meeting_user_uuid = uuid(); - $sql = "insert into v_meeting_users "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "meeting_user_uuid, "; - $sql .= "meeting_uuid, "; - $sql .= "user_uuid "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'$meeting_user_uuid', "; - $sql .= "'$meeting_uuid', "; - $sql .= "'".$_SESSION["user_uuid"]."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['meeting_users'][0]['meeting_user_uuid'] = $meeting_user_uuid; + $array['meeting_users'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['meeting_users'][0]['meeting_uuid'] = $meeting_uuid; + $array['meeting_users'][0]['user_uuid'] = $_SESSION["user_uuid"]; + + $p = new permissions; + $p->add('meeting_user_add', 'temp'); + + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->save($array); + unset($array); + + $p->delete('meeting_user_add', 'temp'); } message::add($text['message-add']); - } //if ($action == "add") + } if ($action == "update" && permission_exists('conference_room_edit')) { //get the meeting_uuid if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { - $conference_room_uuid = check_str($_GET["id"]); + $conference_room_uuid = $_GET["id"]; $sql = "select * from v_conference_rooms "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and conference_room_uuid = '$conference_room_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and conference_room_uuid = :conference_room_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['conference_room_uuid'] = $conference_room_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $meeting_uuid = $row["meeting_uuid"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } //update conference meetings - $sql = "update v_meetings set "; - $sql .= "moderator_pin = '$moderator_pin', "; - $sql .= "participant_pin = '$participant_pin', "; - $sql .= "enabled = '$enabled', "; - $sql .= "description = '$description' "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and meeting_uuid = '$meeting_uuid' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['meetings'][0]['meeting_uuid'] = $meeting_uuid; + $array['meetings'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['meetings'][0]['moderator_pin'] = $moderator_pin; + $array['meetings'][0]['participant_pin'] = $participant_pin; + $array['meetings'][0]['enabled'] = $enabled; + $array['meetings'][0]['description'] = $description; + + $p = new permissions; + $p->add('meeting_edit', 'temp'); + + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->save($array); + unset($array); + + $p->delete('meeting_edit', 'temp'); //update the conference room - $sql = "update v_conference_rooms set "; - $sql .= "conference_center_uuid = '$conference_center_uuid', "; - //$sql .= "meeting_uuid = '$meeting_uuid', "; - $sql .= "conference_room_name = '$conference_room_name', "; + $array['conference_rooms'][0]['conference_room_uuid'] = $conference_room_uuid; + $array['conference_rooms'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['conference_rooms'][0]['conference_center_uuid'] = $conference_center_uuid; + $array['conference_rooms'][0]['conference_room_name'] = $conference_room_name; if (strlen($profile) > 0) { - $sql .= "profile = '$profile', "; + $array['conference_rooms'][0]['profile'] = $profile; } if (strlen($record) > 0) { - $sql .= "record = '$record', "; + $array['conference_rooms'][0]['record'] = $record; } if (strlen($max_members) > 0) { - $sql .= "max_members = '$max_members', "; + $array['conference_rooms'][0]['max_members'] = $max_members; } - $sql .= "start_datetime = '".$start_datetime."', "; - $sql .= "stop_datetime = '".$stop_datetime."', "; + $array['conference_rooms'][0]['start_datetime'] = $start_datetime; + $array['conference_rooms'][0]['stop_datetime'] = $stop_datetime; if (strlen($wait_mod) > 0) { - $sql .= "wait_mod = '$wait_mod', "; + $array['conference_rooms'][0]['wait_mod'] = $wait_mod; } if (strlen($announce) > 0) { - $sql .= "announce = '$announce', "; + $array['conference_rooms'][0]['announce'] = $announce; } - //$sql .= "enter_sound = '$enter_sound', "; if (strlen($mute) > 0) { - $sql .= "mute = '$mute', "; + $array['conference_rooms'][0]['mute'] = $mute; } - $sql .= "sounds = '$sounds', "; + $array['conference_rooms'][0]['sounds'] = $sounds; if (strlen($enabled) > 0) { - $sql .= "enabled = '$enabled', "; + $array['conference_rooms'][0]['enabled'] = $enabled; } - $sql .= "description = '$description' "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and conference_room_uuid = '$conference_room_uuid' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['conference_rooms'][0]['description'] = $description; - message::add($text['message-update']); - } //if ($action == "update") + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->save($array); + unset($array); + + //set message + message::add($text['message-update']); + } //assign the user to the meeting - if (strlen($user_uuid) > 0 && $_SESSION["user_uuid"] != $user_uuid) { + if (is_uuid($user_uuid) && $_SESSION["user_uuid"] != $user_uuid) { $meeting_user_uuid = uuid(); - $sql = "insert into v_meeting_users "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "meeting_user_uuid, "; - $sql .= "meeting_uuid, "; - $sql .= "user_uuid "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'$meeting_user_uuid', "; - $sql .= "'$meeting_uuid', "; - $sql .= "'$user_uuid' "; - $sql .= ")"; - //echo $sql; //exit; - $db->exec(check_sql($sql)); - unset($sql); + $array['meeting_users'][0]['meeting_user_uuid'] = $meeting_user_uuid; + $array['meeting_users'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['meeting_users'][0]['meeting_uuid'] = $meeting_uuid; + $array['meeting_users'][0]['user_uuid'] = $user_uuid; + + $p = new permissions; + $p->add('meeting_user_add', 'temp'); + + $database = new database; + $database->app_name = 'conference_centers'; + $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; + $database->save($array); + unset($array); + + $p->delete('meeting_user_add', 'temp'); message::add($text['message-add']); } - header("Location: conference_room_edit.php?id=".escape($conference_room_uuid)); - return; + //redirect + header("Location: conference_room_edit.php?id=".escape($conference_room_uuid)); + exit; - } //if ($_POST["persistformvar"] != "true") -} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } +} //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { //get the conference room details - $conference_room_uuid = check_str($_REQUEST["id"]); + $conference_room_uuid = $_REQUEST["id"]; $sql = "select * from v_conference_rooms as r, v_meetings as m "; - $sql .= "where r.domain_uuid = '$domain_uuid' "; + $sql .= "where r.domain_uuid = :domain_uuid "; $sql .= "and r.meeting_uuid = m.meeting_uuid "; - $sql .= "and r.conference_room_uuid = '$conference_room_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(); - foreach ($result as &$row) { + $sql .= "and r.conference_room_uuid = :conference_room_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['conference_room_uuid'] = $conference_room_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $conference_center_uuid = $row["conference_center_uuid"]; $meeting_uuid = $row["meeting_uuid"]; $moderator_pin = $row["moderator_pin"]; @@ -490,28 +489,29 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { $enabled = $row["enabled"]; $description = $row["description"]; } - unset ($prep_statement, $sql); + unset($sql, $parameters, $row); } //get the users array - $sql = "SELECT * FROM v_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql = "select * from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "order by username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $users = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $users = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get the users assigned to this meeting - $sql = "SELECT * FROM v_users as u, v_meeting_users as m "; + $sql = "select * from v_users as u, v_meeting_users as m "; $sql .= "where u.user_uuid = m.user_uuid "; - $sql .= "and m.domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and m.meeting_uuid = '$meeting_uuid' "; + $sql .= "and m.domain_uuid = :domain_uuid "; + $sql .= "and m.meeting_uuid = :meeting_uuid "; $sql .= "order by u.username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $meeting_users = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['meeting_uuid'] = $meeting_uuid; + $database = new database; + $meeting_users = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set default profile if (strlen($profile) == 0) { $profile = 'default'; } diff --git a/app/conference_centers/conference_rooms.php b/app/conference_centers/conference_rooms.php index 24e0f1a979..215c6041b7 100644 --- a/app/conference_centers/conference_rooms.php +++ b/app/conference_centers/conference_rooms.php @@ -47,16 +47,17 @@ require_once "resources/paging.php"; //get the meeting_uuid using the pin number - $search = $_GET["search"]; - $search = preg_replace('{\D}', '', $search); + $search = preg_replace('{\D}', '', $_GET["search"]); if (strlen($search) > 0) { - $sql = "select meeting_uuid from v_meetings "; + $sql = "select meeting_uuid "; + $sql .= "from v_meetings "; $sql .= "where domain_uuid = :domain_uuid "; - $sql .= "and (moderator_pin = :search or participant_pin = :search) "; + $sql .= "and ( "; + $sql .= "moderator_pin = :search "; + $sql .= "or participant_pin = :search "; + $sql .= ") "; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - if (strlen($search) > 0) { - $parameters['search'] = '%'.$search.'%'; - } + $parameters['search'] = '%'.$search.'%'; $database = new database; $meeting_uuid = $database->select($sql, $parameters, 'column'); } @@ -114,6 +115,7 @@ $database->app_uuid = '8d083f5a-f726-42a8-9ffa-8d28f848f10e'; $database->save($array); $message = $database->message; + unset($array); } //get conference array diff --git a/app/conference_centers/conference_session_details.php b/app/conference_centers/conference_session_details.php index 78ee9ed0f6..92ac658933 100644 --- a/app/conference_centers/conference_session_details.php +++ b/app/conference_centers/conference_session_details.php @@ -46,27 +46,12 @@ require_once "resources/paging.php"; //set variables from the http values - $order_by = $_GET["order_by"]; - $order = $_GET['order']; + $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'start_epoch'; + $order = $_GET['order'] != '' ? $_GET['order'] : 'asc'; $conference_session_uuid = $_GET["uuid"]; -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } - //add meeting_uuid to a session variable - if (strlen($conference_session_uuid) > 0 && is_uuid($conference_session_uuid)) { + if (is_uuid($conference_session_uuid)) { $_SESSION['meeting']['session_uuid'] = $conference_session_uuid; } @@ -77,15 +62,15 @@ $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid']; $database = new database; - $conference_sessions = $database->select($sql, $parameters, 'all'); - foreach ($conference_sessions as $row) { + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $meeting_uuid = $row["meeting_uuid"]; $recording = $row["recording"]; $start_epoch = $row["start_epoch"]; $end_epoch = $row["end_epoch"]; $profile = $row["profile"]; } - unset ($conference_sessions, $parameters); + unset($sql, $parameters, $row); //set the year, month and day based on the session start epoch $tmp_year = date("Y", $start_epoch); @@ -131,13 +116,13 @@ echo "\n"; //prepare to page the results - $sql = "select count(*) as num_rows from v_conference_session_details "; + $sql = "select count(*) from v_conference_session_details "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and conference_session_uuid = :conference_session_uuid "; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid']; $num_rows = $database->select($sql, $parameters, 'column'); - unset($parameters); + unset($sql, $parameters); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -151,19 +136,12 @@ $sql = "select * from v_conference_session_details "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and conference_session_uuid = :conference_session_uuid "; - if (strlen($order_by) == 0) { - $sql .= "order by start_epoch asc "; - } - else { - $sql .= "order by $order_by $order "; - } - $sql .= "limit :rows_per_page offset :offset "; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['conference_session_uuid'] = $_SESSION['meeting']['session_uuid']; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; $conference_session_details = $database->select($sql, $parameters, 'all'); - unset ($parameters); + unset($sql, $parameters); //show the styles $c = 0; @@ -189,7 +167,7 @@ } echo "\n"; - if (is_array($conference_session_details)) { + if (is_array($conference_session_details) && sizeof($conference_session_details) != 0) { foreach($conference_session_details as $row) { if (defined('TIME_24HR') && TIME_24HR == 1) { $start_date = date("j M Y H:i:s", $row['start_epoch']); @@ -222,7 +200,7 @@ echo "\n"; if ($c==0) { $c=1; } else { $c=0; } } //end foreach - unset($sql, $conference_session_details); + unset($conference_session_details); } //end if results echo "\n"; diff --git a/app/conference_centers/conference_sessions.php b/app/conference_centers/conference_sessions.php index 2fb50e1889..e50e58e6ae 100644 --- a/app/conference_centers/conference_sessions.php +++ b/app/conference_centers/conference_sessions.php @@ -47,26 +47,11 @@ //set variables from the http values $meeting_uuid = $_GET["id"]; - $order_by = $_GET["order_by"]; - $order = $_GET["order"]; - -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } + $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'start_epoch'; + $order = $_GET["order"] != '' ? $_GET["order"] : 'desc'; //add meeting_uuid to a session variable - if (strlen($meeting_uuid) > 0 && is_uuid($meeting_uuid)) { + if (is_uuid($meeting_uuid)) { $_SESSION['meeting']['uuid'] = $meeting_uuid; } @@ -84,13 +69,14 @@ echo "\n"; //prepare to page the results - $sql = "select count(*) as num_rows from v_conference_sessions "; + $sql = "select count(*) from v_conference_sessions "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and meeting_uuid = :meeting_uuid "; - $parameters['domain_uuid'] = $domain_uuid; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['meeting_uuid'] = $_SESSION['meeting']['uuid']; $database = new database; $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -104,17 +90,13 @@ $sql = "select * from v_conference_sessions "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and meeting_uuid = :meeting_uuid "; - if (strlen($order_by) == 0) { - $sql .= "order by start_epoch desc "; - } - else { - $sql .= "order by $order_by $order "; - } - $sql .= "limit :rows_per_page offset :offset "; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['meeting_uuid'] = $_SESSION['meeting']['uuid']; $database = new database; $conference_sessions = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set the row style $c = 0; @@ -147,7 +129,7 @@ echo " \n"; echo "\n"; - if (is_array($conference_sessions)) { + if (is_array($conference_sessions) && sizeof($conference_sessions) != 0) { foreach($conference_sessions as $row) { $tmp_year = date("Y", $row['start_epoch']); $tmp_month = date("M", $row['start_epoch']);