From 54396d3fe95457f253efc1f5acf1e1149d76237d Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Sat, 3 Aug 2019 16:16:30 -0600 Subject: [PATCH] Update database.php --- resources/classes/database.php | 444 +++++++++++++++++---------------- 1 file changed, 227 insertions(+), 217 deletions(-) diff --git a/resources/classes/database.php b/resources/classes/database.php index 8bb0e8d887..9766670f14 100644 --- a/resources/classes/database.php +++ b/resources/classes/database.php @@ -1192,9 +1192,11 @@ include "root.php"; //get the parent field names $parent_field_names = array(); - if (is_array($array)) foreach ($array as $key => $value) { - if (!is_array($value)) { - $parent_field_names[] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $key); + if (is_array($array)) { + foreach ($array as $key => $value) { + if (!is_array($value)) { + $parent_field_names[] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $key); + } } } @@ -1245,10 +1247,12 @@ include "root.php"; //foreach ($parent_field_names as $field_name) { // $sql .= check_str($field_name).", "; //} - if (is_array($array)) foreach ($array as $array_key => $array_value) { - if (!is_array($array_value)) { - $array_key = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array_key); - $sql .= $array_key.", "; + if (is_array($array)) { + foreach ($array as $array_key => $array_value) { + if (!is_array($array_value)) { + $array_key = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array_key); + $sql .= $array_key.", "; + } } } $sql .= ") "; @@ -1257,18 +1261,20 @@ include "root.php"; if (!$parent_key_exists) { $sql .= "'".$parent_key_value."', "; } - if (is_array($array)) foreach ($array as $array_key => $array_value) { - if (!is_array($array_value)) { - if (strlen($array_value) == 0) { - $sql .= "null, "; - } - elseif ($array_value === "now()") { - $sql .= "now(), "; - } - else { - //$sql .= "'".check_str($array_value)."', "; - $sql .= ':'.$array_key.", "; - $params[$array_key] = $array_value; + if (is_array($array)) { + foreach ($array as $array_key => $array_value) { + if (!is_array($array_value)) { + if (strlen($array_value) == 0) { + $sql .= "null, "; + } + elseif ($array_value === "now()") { + $sql .= "now(), "; + } + else { + //$sql .= "'".check_str($array_value)."', "; + $sql .= ':'.$array_key.", "; + $params[$array_key] = $array_value; + } } } } @@ -1409,105 +1415,224 @@ include "root.php"; unset($sql, $action); //child data - if (is_array($array)) foreach ($array as $key => $value) { + if (is_array($array)) { + foreach ($array as $key => $value) { - if (is_array($value)) { - $table_name = "v_".$key; - $table_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $table_name); - foreach ($value as $id => $row) { - //prepare the variables - $child_name = $this->singular($key); - $child_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $child_name); - $child_key_name = $child_name."_uuid"; + if (is_array($value)) { + $table_name = "v_".$key; + $table_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $table_name); + foreach ($value as $id => $row) { + //prepare the variables + $child_name = $this->singular($key); + $child_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $child_name); + $child_key_name = $child_name."_uuid"; - //determine if the parent key exists in the child array - $parent_key_exists = false; - if (!isset($array[$parent_key_name])) { - $parent_key_exists = true; - } + //determine if the parent key exists in the child array + $parent_key_exists = false; + if (!isset($array[$parent_key_name])) { + $parent_key_exists = true; + } - //determine if the uuid exists - $uuid_exists = false; - if (is_array($row)) foreach ($row as $k => $v) { - if ($child_key_name == $k) { - if (strlen($v) > 0) { - $child_key_value = $v; - $uuid_exists = true; - break; + //determine if the uuid exists + $uuid_exists = false; + if (is_array($row)) foreach ($row as $k => $v) { + if ($child_key_name == $k) { + if (strlen($v) > 0) { + $child_key_value = $v; + $uuid_exists = true; + break; + } + } + else { + $uuid_exists = false; } } + + //allow characters found in the uuid only. + $child_key_value = preg_replace('#[^a-zA-Z0-9_\-]#', '', $child_key_value); + + //get the child field names + $child_field_names = array(); + if (is_array($row)) { + foreach ($row as $k => $v) { + if (!is_array($v)) { + $child_field_names[] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k); + } + } + } + + //determine sql update or delete and get the original data + if ($uuid_exists) { + $sql = "SELECT ". implode(", ", $child_field_names)." FROM ".$table_name." "; + $sql .= "WHERE ".$child_key_name." = '".$child_key_value."' "; + $prep_statement = $this->db->prepare($sql); + if ($prep_statement) { + //get the data + $prep_statement->execute(); + $child_array = $prep_statement->fetch(PDO::FETCH_ASSOC); + //set the action + if (is_array($child_array)) { + $action = "update"; + } + else { + $action = "add"; + } + //add to the parent array + if (is_array($child_array)) { + $old_array[$schema_name][$schema_id][$key][] = $child_array; + } + } + unset($prep_statement); + } else { - $uuid_exists = false; + $action = "add"; } - } - //allow characters found in the uuid only. - $child_key_value = preg_replace('#[^a-zA-Z0-9_\-]#', '', $child_key_value); - - //get the child field names - $child_field_names = array(); - if (is_array($row)) foreach ($row as $k => $v) { - if (!is_array($v)) { - $child_field_names[] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k); - } - } - - //determine sql update or delete and get the original data - if ($uuid_exists) { - $sql = "SELECT ". implode(", ", $child_field_names)." FROM ".$table_name." "; - $sql .= "WHERE ".$child_key_name." = '".$child_key_value."' "; - $prep_statement = $this->db->prepare($sql); - if ($prep_statement) { - //get the data - $prep_statement->execute(); - $child_array = $prep_statement->fetch(PDO::FETCH_ASSOC); - //set the action - if (is_array($child_array)) { - $action = "update"; + //update the child data + if ($action == "update") { + if (permission_exists($child_name.'_edit')) { + $sql = "UPDATE ".$table_name." SET "; + if (is_array($row)) { + foreach ($row as $k => $v) { + if (!is_array($v) && ($k != $parent_key_name || $k != $child_key_name)) { + $k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k); + if (strlen($v) == 0) { + $sql .= $k." = null, "; + } + elseif ($v === "now()") { + $sql .= $k." = now(), "; + } + else { + //$sql .= "$k = '".check_str($v)."', "; + $sql .= $k." = :".$k.", "; + $params[$k] = $v; + } + } + } } - else { - $action = "add"; - } - //add to the parent array - if (is_array($child_array)) { - $old_array[$schema_name][$schema_id][$key][] = $child_array; - } - } - unset($prep_statement); - } - else { - $action = "add"; - } + $sql .= "WHERE ".$parent_key_name." = '".$parent_key_value."' "; + $sql .= "AND ".$child_key_name." = '".$child_key_value."' "; + $sql = str_replace(", WHERE", " WHERE", $sql); + $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - //update the data - if ($action == "update") { - if (permission_exists($child_name.'_edit')) { - $sql = "UPDATE ".$table_name." SET "; + //$prep_statement->bindParam(':domain_uuid', $this->domain_uuid ); + + try { + //$this->db->query(check_sql($sql)); + $prep_statement = $this->db->prepare($sql); + $prep_statement->execute($params); + unset($prep_statement); + $message["details"][$m]["name"] = $key; + $message["details"][$m]["message"] = "OK"; + $message["details"][$m]["code"] = "200"; + $message["details"][$m]["uuid"] = $child_key_value; + if ($this->debug["sql"]) { + $message["details"][$m]["sql"] = $sql; + if (is_array($params)) { + $message["details"][$m]["params"] = $params; + unset($params); + } + } + $this->message = $message; + $m++; + } + catch(PDOException $e) { + if ($message["code"] = "200") { + $message["message"] = "Bad Request"; + $message["code"] = "400"; + } + $message["details"][$m]["name"] = $key; + $message["details"][$m]["message"] = $e->getMessage(); + $message["details"][$m]["code"] = "400"; + if ($this->debug["sql"]) { + $message["details"][$m]["sql"] = $sql; + if (is_array($params)) { + $message["details"][$m]["params"] = $params; + unset($params); + } + } + $this->message = $message; + $m++; + } + } + else { + $message["name"] = $child_name; + $message["message"] = "Forbidden, does not have '${child_name}_edit'"; + $message["code"] = "403"; + $message["line"] = __line__; + $this->message = $message; + $m++; + } + } //action update + + //add the child data + if ($action == "add") { + if (permission_exists($child_name.'_add')) { + //determine if child or parent key exists + $child_key_name = $child_name.'_uuid'; + $parent_key_exists = false; + $child_key_exists = false; if (is_array($row)) { foreach ($row as $k => $v) { - if (!is_array($v) && ($k != $parent_key_name || $k != $child_key_name)) { + if ($k == $parent_key_name) { + $parent_key_exists = true; + } + if ($k == $child_key_name) { + $child_key_exists = true; + $child_key_value = $v; + } + } + } + if (!$child_key_value) { + $child_key_value = uuid(); + } + //build the insert + $sql = "INSERT INTO ".$table_name." "; + $sql .= "("; + if (!$parent_key_exists) { + $sql .= $this->singular($parent_key_name).", "; + } + if (!$child_key_exists) { + $sql .= $this->singular($child_key_name).", "; + } + if (is_array($row)) { + foreach ($row as $k => $v) { + if (!is_array($v)) { $k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k); + $sql .= $k.", "; + } + } + } + $sql .= ") "; + $sql .= "VALUES "; + $sql .= "("; + if (!$parent_key_exists) { + $sql .= "'".$parent_key_value."', "; + } + if (!$child_key_exists) { + $sql .= "'".$child_key_value."', "; + } + if (is_array($row)) { + foreach ($row as $k => $v) { + if (!is_array($v)) { if (strlen($v) == 0) { - $sql .= $k." = null, "; + $sql .= "null, "; } elseif ($v === "now()") { - $sql .= $k." = now(), "; + $sql .= "now(), "; } else { - //$sql .= "$k = '".check_str($v)."', "; - $sql .= $k." = :".$k.", "; + $k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k); + //$sql .= "'".check_str($v)."', "; + $sql .= ':'.$k.", "; $params[$k] = $v; } } } } - $sql .= "WHERE ".$parent_key_name." = '".$parent_key_value."' "; - $sql .= "AND ".$child_key_name." = '".$child_key_value."' "; - $sql = str_replace(", WHERE", " WHERE", $sql); + $sql .= ");"; + $sql = str_replace(", )", ")", $sql); $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - - //$prep_statement->bindParam(':domain_uuid', $this->domain_uuid ); - try { //$this->db->query(check_sql($sql)); $prep_statement = $this->db->prepare($sql); @@ -1548,136 +1673,21 @@ include "root.php"; } else { $message["name"] = $child_name; - $message["message"] = "Forbidden, does not have '${child_name}_edit'"; + $message["message"] = "Forbidden, does not have '${child_name}_add'"; $message["code"] = "403"; $message["line"] = __line__; $this->message = $message; $m++; } - } //action update + } //action add - //add the data - if ($action == "add") { - if (permission_exists($child_name.'_add')) { - //determine if child or parent key exists - $child_key_name = $child_name.'_uuid'; - $parent_key_exists = false; - $child_key_exists = false; - if (is_array($row)) { - foreach ($row as $k => $v) { - if ($k == $parent_key_name) { - $parent_key_exists = true; - } - if ($k == $child_key_name) { - $child_key_exists = true; - $child_key_value = $v; - } - } - } - if (!$child_key_value) { - $child_key_value = uuid(); - } - //build the insert - $sql = "INSERT INTO ".$table_name." "; - $sql .= "("; - if (!$parent_key_exists) { - $sql .= $this->singular($parent_key_name).", "; - } - if (!$child_key_exists) { - $sql .= $this->singular($child_key_name).", "; - } - if (is_array($row)) { - foreach ($row as $k => $v) { - if (!is_array($v)) { - $k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k); - $sql .= $k.", "; - } - } - } - $sql .= ") "; - $sql .= "VALUES "; - $sql .= "("; - if (!$parent_key_exists) { - $sql .= "'".$parent_key_value."', "; - } - if (!$child_key_exists) { - $sql .= "'".$child_key_value."', "; - } - if (is_array($row)) { - foreach ($row as $k => $v) { - if (!is_array($v)) { - if (strlen($v) == 0) { - $sql .= "null, "; - } - elseif ($v === "now()") { - $sql .= "now(), "; - } - else { - $k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k); - //$sql .= "'".check_str($v)."', "; - $sql .= ':'.$k.", "; - $params[$k] = $v; - } - } - } - } - $sql .= ");"; - $sql = str_replace(", )", ")", $sql); - $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - try { - //$this->db->query(check_sql($sql)); - $prep_statement = $this->db->prepare($sql); - $prep_statement->execute($params); - unset($prep_statement); - $message["details"][$m]["name"] = $key; - $message["details"][$m]["message"] = "OK"; - $message["details"][$m]["code"] = "200"; - $message["details"][$m]["uuid"] = $child_key_value; - if ($this->debug["sql"]) { - $message["details"][$m]["sql"] = $sql; - if (is_array($params)) { - $message["details"][$m]["params"] = $params; - unset($params); - } - } - $this->message = $message; - $m++; - } - catch(PDOException $e) { - if ($message["code"] = "200") { - $message["message"] = "Bad Request"; - $message["code"] = "400"; - } - $message["details"][$m]["name"] = $key; - $message["details"][$m]["message"] = $e->getMessage(); - $message["details"][$m]["code"] = "400"; - if ($this->debug["sql"]) { - $message["details"][$m]["sql"] = $sql; - if (is_array($params)) { - $message["details"][$m]["params"] = $params; - unset($params); - } - } - $this->message = $message; - $m++; - } - } - else { - $message["name"] = $child_name; - $message["message"] = "Forbidden, does not have '${child_name}_add'"; - $message["code"] = "403"; - $message["line"] = __line__; - $this->message = $message; - $m++; - } - } //action add + //unset the variables + unset($sql, $action, $child_key_name, $child_key_value); + } // foreach value - //unset the variables - unset($sql, $action, $child_key_name, $child_key_value); - } // foreach value - - } //is array - } //foreach array + } //is array + } //foreach array + } } // foreach schema_array } // foreach main array