diff --git a/app/devices/app_defaults.php b/app/devices/app_defaults.php index 4abcd569ef..eda27503a6 100644 --- a/app/devices/app_defaults.php +++ b/app/devices/app_defaults.php @@ -30,7 +30,8 @@ if ($domains_processed == 1) { $sql .= "enabled = 'true' "; $sql .= "where enabled is null "; $sql .= "or enabled = '' "; - $db->exec(check_sql($sql)); + $database = new database; + $database->execute($sql); unset($sql); //set the device key vendor @@ -38,117 +39,108 @@ if ($domains_processed == 1) { $sql .= "where d.device_uuid = k.device_uuid "; $sql .= "and k.device_uuid is not null "; $sql .= "and k.device_key_vendor is null "; - $s = $db->prepare($sql); - $s->execute(); - $device_keys = $s->fetchAll(PDO::FETCH_ASSOC); - foreach ($device_keys as &$row) { - $sql = "update v_device_keys "; - $sql .= "set device_key_vendor = '".$row["device_vendor"]."' "; - $sql .= "where device_key_uuid = '".$row["device_key_uuid"]."';\n "; - $db->exec(check_sql($sql)); + $database = new database; + $device_keys = $database->select($sql, null, 'all'); + if (is_array($device_keys) && @sizeof($device_keys)) { + foreach ($device_keys as $index => &$row) { + $array['device_keys'][$index]['device_key_uuid'] = $row["device_key_uuid"]; + $array['device_keys'][$index]['device_key_vendor'] = $row["device_vendor"]; + } + if (is_array($array) && @sizeof($array)) { + $p = new permissions; + $p->add('device_key_edit', 'temp'); + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + $response = $database->message; + unset($array); + + $p->delete('device_key_edit', 'temp'); + } } - unset($device_keys, $sql); + unset($sql, $device_keys); //add device vendor functions to the database - $sql = "select count(*) as num_rows from v_device_vendors; "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] == 0) { + $sql = "select count(*) from v_device_vendors; "; + $database = new database; + $num_rows = $database->select($sql, null, 'column'); + unset($sql); - //get the vendor array - require_once $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH.'/app/devices/app_config.php'; + if ($num_rows == 0) { - //get the groups and create an array to use the name to get the uuid - $sql = "select * from v_groups; "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $groups = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - unset($prep_statement); - foreach ($groups as $row) { - if ($row['domain_uuid'] == '') { - $group_uuids[$row['group_name']] = $row['group_uuid']; - } + //get the vendor array + require_once $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH.'/app/devices/app_config.php'; + + //get the groups and create an array to use the name to get the uuid + $sql = "select * from v_groups "; + $database = new database; + $groups = $database->select($sql, null, 'all'); + foreach ($groups as $row) { + if ($row['domain_uuid'] == '') { + $group_uuids[$row['group_name']] = $row['group_uuid']; } + } + unset($sql, $groups, $row); - //process the array - foreach ($vendors as $vendor) { + //build the array + if (is_array($vendors) && @sizeof($vendors) != 0) { + foreach ($vendors as $index_1 => $vendor) { //insert the data into the database $device_vendor_uuid = uuid(); - $sql = "insert into v_device_vendors "; - $sql .= "("; - $sql .= "device_vendor_uuid, "; - $sql .= "name, "; - $sql .= "enabled "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".$device_vendor_uuid."', "; - $sql .= "'".$vendor['name']."', "; - $sql .= "'true' "; - $sql .= ");"; - //echo $sql."\n"; - $db->exec(check_sql($sql)); - unset($sql); + $array['device_vendors'][$index_1]['device_vendor_uuid'] = $device_vendor_uuid; + $array['device_vendors'][$index_1]['name'] = $vendor['name']; + $array['device_vendors'][$index_1]['enabled'] = 'true'; //add the vendor functions - foreach ($vendor['functions'] as $function) { - //get the id - $device_vendor_function_uuid = uuid(); - //add the device vendor function - $sql = "insert into v_device_vendor_functions "; - $sql .= "("; - $sql .= "device_vendor_uuid, "; - $sql .= "device_vendor_function_uuid, "; - //$sql .= "label, "; - $sql .= "name, "; - $sql .= "value, "; - $sql .= "enabled, "; - $sql .= "description "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".$device_vendor_uuid."', "; - $sql .= "'".$device_vendor_function_uuid."', "; - //$sql .= "'".$function['label']."', "; - $sql .= "'".$function['name']."', "; - $sql .= "'".$function['value']."', "; - $sql .= "'true', "; - $sql .= "'".$function['description']."' "; - $sql .= ");"; - //echo $sql."\n"; - $db->exec(check_sql($sql)); - unset($sql); + if (is_array($vendor['functions']) && @sizeof($vendor['functions']) != 0) { + foreach ($vendor['functions'] as $index_2 => $function) { + //add the device vendor function + $device_vendor_function_uuid = uuid(); + $array['device_vendor_functions'][$index_2]['device_vendor_uuid'] = $device_vendor_uuid; + $array['device_vendor_functions'][$index_2]['device_vendor_function_uuid'] = $device_vendor_function_uuid; + $array['device_vendor_functions'][$index_2]['name'] = $function['name']; + $array['device_vendor_functions'][$index_2]['value'] = $function['value']; + $array['device_vendor_functions'][$index_2]['enabled'] = 'true'; + $array['device_vendor_functions'][$index_2]['description'] = $function['description']; - //add the device vendor function groups - if (is_array($function['groups'])) { - $sql = "insert into v_device_vendor_function_groups "; - $sql .= "("; - $sql .= "device_vendor_function_group_uuid, "; - $sql .= "device_vendor_function_uuid, "; - $sql .= "device_vendor_uuid, "; - $sql .= "group_name, "; - $sql .= "group_uuid "; - $sql .= ") "; - $sql .= "values "; - $i = 0; - foreach ($function['groups'] as $group_name) { - if ($i == 0) { $sql .= "("; } else { $sql .= ",("; } - $sql .= "'".uuid()."', "; - $sql .= "'".$device_vendor_function_uuid."', "; - $sql .= "'".$device_vendor_uuid."', "; - $sql .= "'$group_name', "; - $sql .= "'".$group_uuids[$group_name]."' "; - $sql .= ")"; - $i++; + //add the device vendor function groups + if (is_array($function['groups']) && @sizeof($function['groups']) != 0) { + foreach ($function['groups'] as $index_3 => $group_name) { + $device_vendor_function_group_uuid = uuid(); + $array['device_vendor_function_groups'][$index_3]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid; + $array['device_vendor_function_groups'][$index_3]['device_vendor_function_uuid'] = $device_vendor_function_uuid; + $array['device_vendor_function_groups'][$index_3]['device_vendor_uuid'] = $device_vendor_uuid; + $array['device_vendor_function_groups'][$index_3]['group_name'] = $group_name; + $array['device_vendor_function_groups'][$index_3]['group_uuid'] = $group_uuids[$group_name]; + } } - $db->exec($sql); - } + } } } + } + + //execute + if (is_array($array) && @sizeof($array) != 0) { + $p = new permissions; + $p->add('device_vendor_add', 'temp'); + $p->add('device_vendor_function_add', 'temp'); + $p->add('device_vendor_function_group_add', 'temp'); + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + unset($array); + + $p->delete('device_vendor_add', 'temp'); + $p->delete('device_vendor_function_add', 'temp'); + $p->delete('device_vendor_function_group_add', 'temp'); + } + + } + unset($num_rows); - } //if num_rows - } // if prep_statement } -?> +?> \ No newline at end of file diff --git a/app/devices/device_copy.php b/app/devices/device_copy.php index 70d3f3a0be..5d870537f7 100644 --- a/app/devices/device_copy.php +++ b/app/devices/device_copy.php @@ -43,9 +43,9 @@ $text = $language->get(); //set the http get/post variable(s) to a php variable - if (isset($_REQUEST["id"]) && isset($_REQUEST["mac"])) { - $device_uuid = check_str($_REQUEST["id"]); - $mac_address_new = check_str($_REQUEST["mac"]); + if (is_array($_REQUEST["id"]) && isset($_REQUEST["mac"])) { + $device_uuid = $_REQUEST["id"]; + $mac_address_new = $_REQUEST["mac"]; $mac_address_new = preg_replace('#[^a-fA-F0-9./]#', '', $mac_address_new); } @@ -57,60 +57,62 @@ //allow duplicates to be used as templaes } else { - $sql = "SELECT count(*) AS num_rows FROM v_devices "; - $sql .= "WHERE device_mac_address = '".$mac_address_new."' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] == "0") { - $save = true; - } - else { - $save = false; - message::add($text['message-duplicate']); - } + $sql = "select count(*) from v_devices "; + $sql .= "where device_mac_address = :device_mac_address "; + $parameters['device_mac_address'] = $mac_address_new; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + if ($num_rows == 0) { + $save = true; } - unset($prep_statement); + else { + $save = false; + message::add($text['message-duplicate']); + } + unset($sql, $parameters, $num_rows); } //get the device - $sql = "SELECT * FROM v_devices "; - $sql .= "where device_uuid = '".$device_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $devices = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql = "select * from v_devices "; + $sql .= "where device_uuid = :device_uuid "; + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $devices = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get device lines - $sql = "SELECT * FROM v_device_lines "; - $sql .= "where device_uuid = '".$device_uuid."' "; + $sql = "select * from v_device_lines "; + $sql .= "where device_uuid = :device_uuid "; $sql .= "order by line_number asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_lines = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $device_lines = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get device keys - $sql = "SELECT * FROM v_device_keys "; - $sql .= "WHERE device_uuid = '".$device_uuid."' "; - $sql .= "ORDER by "; - $sql .= "CASE device_key_category "; - $sql .= "WHEN 'line' THEN 1 "; - $sql .= "WHEN 'memort' THEN 2 "; - $sql .= "WHEN 'programmable' THEN 3 "; - $sql .= "WHEN 'expansion' THEN 4 "; - $sql .= "ELSE 100 END, "; + $sql = "select * from v_device_keys "; + $sql .= "where device_uuid = :device_uuid "; + $sql .= "order by "; + $sql .= "case device_key_category "; + $sql .= "when 'line' then 1 "; + $sql .= "when 'memort' then 2 "; + $sql .= "when 'programmable' then 3 "; + $sql .= "when 'expansion' then 4 "; + $sql .= "else 100 END, "; $sql .= "cast(device_key_id as numeric) asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $device_keys = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get device settings - $sql = "SELECT * FROM v_device_settings "; - $sql .= "WHERE device_uuid = '".$device_uuid."' "; - $sql .= "ORDER by device_setting_subcategory asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_settings = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql = "select * from v_device_settings "; + $sql .= "where device_uuid = :device_uuid "; + $sql .= "order by device_setting_subcategory asc "; + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $device_settings = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //prepare the devices array unset($devices[0]["device_uuid"]); diff --git a/app/devices/device_dashboard.php b/app/devices/device_dashboard.php index 369ace80a6..6a07b5fc77 100644 --- a/app/devices/device_dashboard.php +++ b/app/devices/device_dashboard.php @@ -43,34 +43,31 @@ //require_once "app/devices/resources/classes/device.php"; //get the vendor functions - $sql = "SELECT v.name as vendor_name, f.name, f.value "; - $sql .= "FROM v_device_vendors as v, v_device_vendor_functions as f "; - $sql .= "WHERE v.device_vendor_uuid = f.device_vendor_uuid "; - $sql .= "AND f.device_vendor_function_uuid in "; + $sql = "select v.name as vendor_name, f.name, f.value "; + $sql .= "from v_device_vendors as v, v_device_vendor_functions as f "; + $sql .= "where v.device_vendor_uuid = f.device_vendor_uuid "; + $sql .= "and f.device_vendor_function_uuid in "; $sql .= "("; - $sql .= " SELECT device_vendor_function_uuid FROM v_device_vendor_function_groups "; - $sql .= " WHERE device_vendor_function_uuid = f.device_vendor_function_uuid "; - $sql .= " AND ( "; + $sql .= " select device_vendor_function_uuid from v_device_vendor_function_groups "; + $sql .= " where device_vendor_function_uuid = f.device_vendor_function_uuid "; + $sql .= " and ( "; if (is_array($_SESSION['groups'])) { - $x = 0; - foreach($_SESSION['groups'] as $row) { - if ($x == 0) { - $sql .= " group_name = '".$row['group_name']."' "; - } - else { - $sql .= " or group_name = '".$row['group_name']."' "; - } - $x++; + foreach($_SESSION['groups'] as $index => $row) { + $sql_where_or[] = "group_name = :group_name_".$index; + $parameters['group_name_'.$index] = $row['group_name']; + } + if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) { + $sql .= implode(' or ', $sql_where_or); } } $sql .= " ) "; $sql .= ") "; - $sql .= "AND v.enabled = 'true' "; - $sql .= "AND f.enabled = 'true' "; - $sql .= "ORDER BY v.name ASC, f.name ASC "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql .= "and v.enabled = 'true' "; + $sql .= "and f.enabled = 'true' "; + $sql .= "order by v.name asc, f.name asc "; + $database = new database; + $vendor_functions = $database->select($sql, (is_array($parameters) ? $parameters : null), 'all'); + unset($sql, $sql_where_or, $parameters); //add or update the database if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { @@ -79,37 +76,39 @@ if ($_POST["persistformvar"] != "true") { //get device - $sql = "SELECT device_uuid, device_profile_uuid FROM v_devices "; - $sql .= "WHERE device_user_uuid = '".$_SESSION['user_uuid']."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); - $device_uuid = $row['device_uuid']; - $device_profile_uuid = $row['device_profile_uuid']; - unset($row); + $sql = "select device_uuid, device_profile_uuid from v_devices "; + $sql .= "where device_user_uuid = :device_user_uuid "; + $parameters['device_user_uuid'] = $_SESSION['user_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $device_uuid = $row['device_uuid']; + $device_profile_uuid = $row['device_profile_uuid']; + } + unset($sql, $parameters, $row); //get device profile keys - if (isset($device_profile_uuid)) { - $sql = "SELECT * FROM v_device_keys "; - $sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_profile_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($sql,$prep_statement); + if (is_uuid($device_profile_uuid)) { + $sql = "select * from v_device_keys "; + $sql .= "where device_profile_uuid = :device_profile_uuid "; + $parameters['device_profile_uuid'] = $device_profile_uuid; + $database = new database; + $device_profile_keys = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); } //get device keys - if (isset($device_uuid)) { - $sql = "SELECT * FROM v_device_keys "; - $sql .= "WHERE device_uuid = '".$device_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($sql,$prep_statement); + if (is_uuid($device_uuid)) { + $sql = "select * from v_device_keys "; + $sql .= "where device_uuid = :device_uuid "; + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $device_keys = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); } //create a list of protected keys - device keys - if (is_array($device_keys)) { + if (is_array($device_keys) && @sizeof($device_keys) != 0) { foreach($device_keys as $row) { //determine if the key is allowed $device_key_authorized = false; @@ -176,16 +175,16 @@ if (strlen($row["device_key_icon"]) > 25) { $save = false; echo "icon "; } //escape characters in the string - $device_uuid = check_str($row["device_uuid"]); - $device_key_uuid = check_str($row["device_key_uuid"]); - $device_key_id = check_str($row["device_key_id"]); - $device_key_type = check_str($row["device_key_type"]); - $device_key_line = check_str($row["device_key_line"]); - $device_key_value = check_str($row["device_key_value"]); - $device_key_label = check_str($row["device_key_label"]); - $device_key_icon = check_str($row["device_key_icon"]); - $device_key_category = check_str($row["device_key_category"]); - $device_key_vendor = check_str($row["device_key_vendor"]); + $device_uuid = $row["device_uuid"]; + $device_key_uuid = $row["device_key_uuid"]; + $device_key_id = $row["device_key_id"]; + $device_key_type = $row["device_key_type"]; + $device_key_line = $row["device_key_line"]; + $device_key_value = $row["device_key_value"]; + $device_key_label = $row["device_key_label"]; + $device_key_icon = $row["device_key_icon"]; + $device_key_category = $row["device_key_category"]; + $device_key_vendor = $row["device_key_vendor"]; //process the profile keys if (strlen($row["device_profile_uuid"]) > 0) { @@ -211,51 +210,32 @@ } //sql add or update - if (strlen($device_key_uuid) == 0) { + if (!is_uuid($device_key_uuid)) { if (permission_exists('device_key_add') && strlen($device_key_type) > 0 && strlen($device_key_value) > 0) { - //create the primary keys - $device_key_uuid = uuid(); - //if the device_uuid is not in the array then get the device_uuid from the database if (strlen($device_uuid) == 0) { - $sql = "SELECT device_uuid, device_profile_uuid FROM v_devices "; - $sql .= "WHERE device_user_uuid = '".$_SESSION['user_uuid']."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); - $device_uuid = $row['device_uuid']; - unset($row); + $sql = "select device_uuid from v_devices "; + $sql .= "where device_user_uuid = :device_user_uuid "; + $parameters['device_user_uuid'] = $_SESSION['user_uuid']; + $database = new database; + $device_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); } //insert the keys - $sql = "insert into v_device_keys "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "device_key_uuid, "; - $sql .= "device_uuid, "; - $sql .= "device_key_id, "; - $sql .= "device_key_type, "; - $sql .= "device_key_line, "; - $sql .= "device_key_value, "; - $sql .= "device_key_label, "; - $sql .= "device_key_icon, "; - $sql .= "device_key_category, "; - $sql .= "device_key_vendor "; - $sql .= ") "; - $sql .= "VALUES ("; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$device_key_uuid."', "; - $sql .= "'".$device_uuid."', "; - $sql .= "'".$device_key_id."', "; - $sql .= "'".$device_key_type."', "; - $sql .= "'".$device_key_line."', "; - $sql .= "'".$device_key_value."', "; - $sql .= "'".$device_key_label."', "; - $sql .= "'".$device_key_icon."', "; - $sql .= "'".$device_key_category."', "; - $sql .= "'".$device_key_vendor."' "; - $sql .= ");"; + $device_key_uuid = uuid(); + $array['device_keys'][0]['device_key_uuid'] = $device_key_uuid; + $array['device_keys'][0]['device_uuid'] = $device_uuid; + $array['device_keys'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['device_keys'][0]['device_key_id'] = $device_key_id; + $array['device_keys'][0]['device_key_type'] = $device_key_type; + $array['device_keys'][0]['device_key_line'] = $device_key_line; + $array['device_keys'][0]['device_key_value'] = $device_key_value; + $array['device_keys'][0]['device_key_label'] = $device_key_label; + $array['device_keys'][0]['device_key_icon'] = $device_key_icon; + $array['device_keys'][0]['device_key_category'] = $device_key_category; + $array['device_keys'][0]['device_key_vendor'] = $device_key_vendor; //action add or update $action = "add"; @@ -266,24 +246,23 @@ $action = "update"; //update the device keys - $sql = "update v_device_keys set "; + $array['device_keys'][0]['device_key_uuid'] = $device_key_uuid; + $array['device_keys'][0]['domain_uuid'] = $_SESSION['domain_uuid']; if (permission_exists('device_key_id')) { - $sql .= "device_key_id = '".$device_key_id."', "; + $array['device_keys'][0]['device_key_id'] = $device_key_id; } - $sql .= "device_key_type = '".$device_key_type."', "; - $sql .= "device_key_value = '".$device_key_value."', "; - $sql .= "device_key_label = '".$device_key_label."', "; - $sql .= "device_key_icon = '".$device_key_icon."' "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and device_key_uuid = '".$device_key_uuid."'; "; + $array['device_keys'][0]['device_key_type'] = $device_key_type; + $array['device_keys'][0]['device_key_value'] = $device_key_value; + $array['device_keys'][0]['device_key_label'] = $device_key_label; + $array['device_keys'][0]['device_key_icon'] = $device_key_icon; } if ($save) { - $db->exec(check_sql($sql)); - //echo "valid: ".$sql."\n"; - } - else { - //echo "invalid: ".$sql."\n"; + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); } + unset($array); } } @@ -301,29 +280,32 @@ header("Location: /core/user_settings/user_dashboard.php"); exit; - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) + } + } //set the sub array index $x = "999"; //get device - $sql = "SELECT device_uuid, device_profile_uuid FROM v_devices "; - $sql .= "WHERE device_user_uuid = '".$_SESSION['user_uuid']."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_NAMED); - $device_uuid = $row['device_uuid']; - $device_profile_uuid = $row['device_profile_uuid']; - unset($row); + $sql = "select device_uuid, device_profile_uuid from v_devices "; + $sql .= "where device_user_uuid = :device_user_uuid "; + $parameters['device_user_uuid'] = $_SESSION['user_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $device_uuid = $row['device_uuid']; + $device_profile_uuid = $row['device_profile_uuid']; + } + unset($sql, $parameters, $row); //get device lines - if (isset($device_uuid)) { - $sql = "SELECT * from v_device_lines "; - $sql .= "WHERE device_uuid = '".$device_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_lines = $prep_statement->fetchAll(PDO::FETCH_NAMED); + if (is_uuid($device_uuid)) { + $sql = "select * from v_device_lines "; + $sql .= "where device_uuid = :device_uuid "; + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $device_lines = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); } //get the user @@ -341,37 +323,31 @@ $sip_profile_name = 'internal'; //get device keys in the right order where device keys are listed after the profile keys - if (isset($device_uuid)) { - $sql = "SELECT * FROM v_device_keys "; - $sql .= "WHERE ("; - $sql .= "device_uuid = '".$device_uuid."' "; - if (strlen($device_profile_uuid) > 0) { - $sql .= "or device_profile_uuid = '".$device_profile_uuid."' "; - } + if (is_uuid($device_uuid)) { + $sql = "select * from v_device_keys "; + $sql .= "where ("; + $sql .= "device_uuid = :device_uuid "; + $sql .= is_uuid($device_profile_uuid) ? "or device_profile_uuid = :device_profile_uuid " : null; $sql .= ") "; - $sql .= "ORDER BY "; - $sql .= "device_key_vendor ASC, "; - $sql .= "CASE device_key_category "; - $sql .= "WHEN 'line' THEN 1 "; - $sql .= "WHEN 'memory' THEN 2 "; - $sql .= "WHEN 'programmable' THEN 3 "; - $sql .= "WHEN 'expansion' THEN 4 "; - $sql .= "ELSE 100 END, "; - if ($db_type == "mysql") { - $sql .= "device_key_id ASC "; - } - else { - $sql .= "CAST(device_key_id as numeric) ASC, "; - } - $sql .= "CASE WHEN device_uuid IS NULL THEN 0 ELSE 1 END ASC "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $keys = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($sql,$prep_statement); + $sql .= "order by "; + $sql .= "device_key_vendor asc, "; + $sql .= "case device_key_category "; + $sql .= "when 'line' then 1 "; + $sql .= "when 'memory' then 2 "; + $sql .= "when 'programmable' then 3 "; + $sql .= "when 'expansion' then 4 "; + $sql .= "else 100 end, "; + $sql .= $db_type == "mysql" ? "device_key_id asc " : "cast(device_key_id as numeric) asc, "; + $sql .= "case when device_uuid is null then 0 else 1 end asc "; + $parameters['device_uuid'] = $device_uuid; + $parameters['device_profile_uuid'] = $device_profile_uuid; + $database = new database; + $keys = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); } //override profile keys with device keys - if (is_array($device_keys)) { + if (is_array($device_keys) && @sizeof($device_keys) != 0) { foreach($keys as $row) { $id = $row['device_key_id']; $device_keys[$id] = $row; @@ -386,7 +362,7 @@ } //get the vendor count and last and device information - if (is_array($device_keys)) { + if (is_array($device_keys) && @sizeof($device_keys) != 0) { $vendor_count = 0; foreach($device_keys as $row) { if ($previous_vendor != $row['device_key_vendor']) { @@ -416,7 +392,7 @@ } //remove the keys the user is not allowed to edit based on the authorized vendor keys - if (is_array($device_keys)) { + if (is_array($device_keys) && @sizeof($device_keys) != 0) { foreach($device_keys as $row) { //loop through the authorized vendor functions $device_key_authorized = false; @@ -468,7 +444,7 @@ if (permission_exists('device_key_edit')) { echo " \n"; $x = 0; - if (is_array($device_keys)) { + if (is_array($device_keys) && @sizeof($device_keys) != 0) { foreach($device_keys as $row) { //set the variables $device_key_vendor = $row['device_key_vendor']; diff --git a/app/devices/device_delete.php b/app/devices/device_delete.php index 6d29cd7be7..e9a1fdcc86 100644 --- a/app/devices/device_delete.php +++ b/app/devices/device_delete.php @@ -42,48 +42,45 @@ $text = $language->get(); //get the id - if (isset($_GET["id"])) { - $id = $_GET["id"]; - } + $device_uuid = $_GET["id"]; //delete the data and sub-data - if (is_uuid($id)) { + if (is_uuid($device_uuid)) { //delete device_lines - $sql = "delete from v_device_lines "; - $sql .= "where device_uuid = '$id' "; - $db->exec($sql); - unset($sql); + $array['device_lines'][0]['device_uuid'] = $device_uuid; //delete device_keys - $sql = "delete from v_device_keys "; - $sql .= "where device_uuid = '$id' "; - $db->exec($sql); - unset($sql); + $array['device_keys'][0]['device_uuid'] = $device_uuid; //delete device_settings - $sql = "delete from v_device_settings "; - $sql .= "where device_uuid = '$id' "; - $db->exec($sql); - unset($sql); + $array['device_settings'][0]['device_uuid'] = $device_uuid; //delete the device - $sql = "delete from v_devices "; - $sql .= "where device_uuid = '$id' "; - $db->exec($sql); - unset($sql); + $array['devices'][0]['device_uuid'] = $device_uuid; + + //execute + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->delete($array); + $response = $database->message; + unset($array); + + //write the provision files + if (strlen($_SESSION['provision']['path']['text']) > 0) { + $prov = new provision; + $prov->domain_uuid = $domain_uuid; + $response = $prov->write(); + } + + //set message + message::add($text['message-delete']); + } -//write the provision files - if (strlen($_SESSION['provision']['path']['text']) > 0) { - $prov = new provision; - $prov->domain_uuid = $domain_uuid; - $response = $prov->write(); - } - -//set the message and redirect the user - message::add($text['message-delete']); +//redirect the user header("Location: devices.php"); - return; + exit; ?> diff --git a/app/devices/device_download.php b/app/devices/device_download.php index b5e8d2b960..e0e492a1da 100644 --- a/app/devices/device_download.php +++ b/app/devices/device_download.php @@ -76,30 +76,44 @@ header("Content-Transfer-Encoding: binary"); } + +//define possible columns in the array + $allowed_columns[] = 'device_uuid'; + $allowed_columns[] = 'domain_uuid'; + $allowed_columns[] = 'device_mac_address'; + $allowed_columns[] = 'device_label'; + $allowed_columns[] = 'device_template'; + $allowed_columns[] = 'device_description'; + //get the devices and send them as output - if (isset($_REQUEST["column_group"])) { - $columns = implode(",",$_REQUEST["column_group"]); - $sql = "select " . $columns . " from v_devices "; - $sql .= " where domain_uuid = '".$domain_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $devices = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - unset ($sql, $prep_statement); - //print_r($extensions); + $column_group = $_REQUEST["column_group"]; + if (is_array($column_group) && @sizeof($column_group) != 0) { + //validate columns + foreach ($column_group as $index => $column_name) { + if (!in_array($column_name, $allowed_columns)) { + unset($column_group[$index]); + } + } + //iterate columns + if (is_array($column_group) && @sizeof($column_group) != 0) { + $column_names = implode(", ", $column_group); + $sql = "select ".$column_names." from v_devices "; + $sql .= " where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $devices = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters, $column_names); + //print_r($extensions); - download_send_headers("data_export_" . date("Y-m-d") . ".csv"); - echo array2csv($devices); - die(); + if (is_array($devices) && @sizeof($devices) != 0) { + download_send_headers("data_export_".date("Y-m-d").".csv"); + echo array2csv($devices); + exit(); + } + } + unset($column_group); } -//define the columns in the array - $columns[] = 'device_uuid'; - $columns[] = 'domain_uuid'; - $columns[] = 'device_mac_address'; - $columns[] = 'device_label'; - $columns[] = 'device_template'; - $columns[] = 'device_description'; - //set the row style $c = 0; $row_style["0"] = "row_style0"; @@ -121,12 +135,12 @@ echo " \n"; echo "\n"; - foreach ($columns as $value) { + foreach ($allowed_columns as $column_name) { echo "\n"; echo " \n"; - echo " "; + echo " "; echo " "; echo ""; if ($c==0) { $c=1; } else { $c=0; } diff --git a/app/devices/device_edit.php b/app/devices/device_edit.php index 1e85e24f50..0f118fab8b 100644 --- a/app/devices/device_edit.php +++ b/app/devices/device_edit.php @@ -50,19 +50,18 @@ $sql .= "v_domains as d2 "; $sql .= "where "; $sql .= "d1.domain_uuid = d2.domain_uuid and "; - $sql .= "d1.device_mac_address = '".check_str($_GET["mac"])."' "; - if ($_GET["device_uuid"] != '') { - $sql .= " and d1.device_uuid <> '".check_str($_GET["device_uuid"])."' "; + $sql .= "d1.device_mac_address = :device_mac_address "; + if (is_uuid($_GET["device_uuid"])) { + $sql .= " and d1.device_uuid <> :device_uuid "; } - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['domain_name'] != '') { - echo $text['message-duplicate'].((if_group("superadmin") && $_SESSION["domain_name"] != $row["domain_name"]) ? ": ".$row["domain_name"] : null); - } + $parameters['device_mac_address'] = $_GET["mac"]; + $parameters['device_uuid'] = $_GET["device_uuid"]; + $database = new database; + $domain_name = $database->select($sql, $parameters, 'column'); + if ($domain_name != '') { + echo $text['message-duplicate'].(if_group("superadmin") && $_SESSION["domain_name"] != $domain_name ? ": ".$domain_name : null); } - unset($prep_statement); + unset($sql, $parameters, $domain_name); } //username @@ -75,22 +74,22 @@ $sql .= "v_domains as d2 "; $sql .= "where "; $sql .= "d1.domain_uuid = d2.domain_uuid and "; - $sql .= "d1.device_username = '".check_str($_GET["username"])."' "; - if ($_GET['domain_uuid'] != '') { - $sql .= "and d2.domain_uuid = '".check_str($_GET['domain_uuid'])."' "; + $sql .= "d1.device_username = :device_username "; + if (is_uuid($_GET['domain_uuid'])) { + $sql .= "and d2.domain_uuid = :domain_uuid "; } - if ($_GET['device_uuid'] != '') { - $sql .= "and d1.device_uuid <> '".check_str($_GET["device_uuid"])."' "; + if (is_uuid($_GET['device_uuid'])) { + $sql .= "and d1.device_uuid <> :device_uuid "; } - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['domain_name'] != '') { - echo $text['message-duplicate_username'].((if_group("superadmin")) ? ": ".format_mac($row['device_mac_address']).(($_SESSION["domain_name"] != $row["domain_name"]) ? " (".$row["domain_name"].")" : null) : null); - } + $parameters['device_username'] = $_GET["username"]; + $parameters['domain_uuid'] = $_GET["domain_uuid"]; + $parameters['device_uuid'] = $_GET["device_uuid"]; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0 && $row['domain_name'] != '') { + echo $text['message-duplicate_username'].(if_group("superadmin") ? ": ".format_mac($row['device_mac_address']).($_SESSION["domain_name"] != $row["domain_name"] ? " (".$row["domain_name"].")" : null) : null); } - unset($prep_statement); + unset($sql, $parameters, $row); } exit; @@ -100,9 +99,9 @@ require_once "app/devices/resources/classes/device.php"; //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $device_uuid = check_str($_REQUEST["id"]); + $device_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -111,19 +110,16 @@ //get total device count from the database, check limit, if defined if ($action == 'add') { if ($_SESSION['limit']['devices']['numeric'] != '') { - $sql = "select count(*) as num_rows from v_devices where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - $total_devices = $row['num_rows']; - } - unset($prep_statement, $row); + $sql = "select count(*) from v_devices where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $total_devices = $database->select($sql, $parameters, 'column'); if ($total_devices >= $_SESSION['limit']['devices']['numeric']) { message::add($text['message-maximum_devices'].' '.$_SESSION['limit']['devices']['numeric'], 'negative'); header('Location: devices.php'); - return; + exit; } + unset($sql, $parameters, $total_devices); } } @@ -131,60 +127,60 @@ if (count($_POST) > 0) { //device mac address if (permission_exists('device_mac_address')) { - $device_mac_address = check_str($_POST["device_mac_address"]); + $device_mac_address = $_POST["device_mac_address"]; $device_mac_address = strtolower(preg_replace('#[^a-fA-F0-9./]#', '', $device_mac_address)); $_POST["device_mac_address"] = $device_mac_address; } else { $sql = "select * from v_devices "; - $sql .= "where device_uuid = '$device_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where device_uuid = :device_uuid "; + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $device_mac_address = $row["device_mac_address"]; $_POST["device_mac_address"] = $device_mac_address; } - unset ($prep_statement); + unset($sql, $parameters, $row); } //get assigned user - $device_user_uuid = check_str($_POST["device_user_uuid"]); + $device_user_uuid = $_POST["device_user_uuid"]; //devices - $device_label = check_str($_POST["device_label"]); - $device_vendor = check_str($_POST["device_vendor"]); - $device_uuid_alternate = check_str($_POST["device_uuid_alternate"]); - $device_model = check_str($_POST["device_model"]); - $device_firmware_version = check_str($_POST["device_firmware_version"]); - $device_enabled = check_str($_POST["device_enabled"]); - $device_template = check_str($_POST["device_template"]); - $device_description = check_str($_POST["device_description"]); + $device_label = $_POST["device_label"]; + $device_vendor = $_POST["device_vendor"]; + $device_uuid_alternate = $_POST["device_uuid_alternate"]; + $device_model = $_POST["device_model"]; + $device_firmware_version = $_POST["device_firmware_version"]; + $device_enabled = $_POST["device_enabled"]; + $device_template = $_POST["device_template"]; + $device_description = $_POST["device_description"]; //lines - $line_number = check_str($_POST["line_number"]); - $server_address = check_str($_POST["server_address"]); - $outbound_proxy_primary = check_str($_POST["outbound_proxy_primary"]); - $outbound_proxy_secondary = check_str($_POST["outbound_proxy_secondary"]); - $display_name = check_str($_POST["display_name"]); - $user_id = check_str($_POST["user_id"]); - $auth_id = check_str($_POST["auth_id"]); - $password = check_str($_POST["password"]); + $line_number = $_POST["line_number"]; + $server_address = $_POST["server_address"]; + $outbound_proxy_primary = $_POST["outbound_proxy_primary"]; + $outbound_proxy_secondary = $_POST["outbound_proxy_secondary"]; + $display_name = $_POST["display_name"]; + $user_id = $_POST["user_id"]; + $auth_id = $_POST["auth_id"]; + $password = $_POST["password"]; //profile - $device_profile_uuid = check_str($_POST["device_profile_uuid"]); + $device_profile_uuid = $_POST["device_profile_uuid"]; //keys - $device_key_category = check_str($_POST["device_key_category"]); - $device_key_id = check_str($_POST["device_key_id"]); - $device_key_type = check_str($_POST["device_key_type"]); - $device_key_line = check_str($_POST["device_key_line"]); - $device_key_value = check_str($_POST["device_key_value"]); - $device_key_extension = check_str($_POST["device_key_extension"]); - $device_key_label = check_str($_POST["device_key_label"]); - $device_key_icon = check_str($_POST["device_key_icon"]); + $device_key_category = $_POST["device_key_category"]; + $device_key_id = $_POST["device_key_id"]; + $device_key_type = $_POST["device_key_type"]; + $device_key_line = $_POST["device_key_line"]; + $device_key_value = $_POST["device_key_value"]; + $device_key_extension = $_POST["device_key_extension"]; + $device_key_label = $_POST["device_key_label"]; + $device_key_icon = $_POST["device_key_icon"]; //settings - //$device_setting_category = check_str($_POST["device_setting_category"]); - $device_setting_subcategory = check_str($_POST["device_setting_subcategory"]); - //$device_setting_name = check_str($_POST["device_setting_name"]); - $device_setting_value = check_str($_POST["device_setting_value"]); - $device_setting_enabled = check_str($_POST["device_setting_enabled"]); - $device_setting_description = check_str($_POST["device_setting_description"]); + //$device_setting_category = $_POST["device_setting_category"]); + $device_setting_subcategory = $_POST["device_setting_subcategory"]; + //$device_setting_name = $_POST["device_setting_name"]; + $device_setting_value = $_POST["device_setting_value"]; + $device_setting_enabled = $_POST["device_setting_enabled"]; + $device_setting_description = $_POST["device_setting_description"]; } //use the mac address to get the vendor @@ -259,7 +255,7 @@ unset($_POST["device_keys"][$x]); } //unset device_detail_uuid if the field has no value - if (strlen($row["device_key_uuid"]) == 0) { + if (!is_uuid($row["device_key_uuid"])) { unset($_POST["device_keys"][$x]["device_key_uuid"]); } //increment the row @@ -272,7 +268,7 @@ unset($_POST["device_settings"][$x]); } //unset device_detail_uuid if the field has no value - if (strlen($row["device_setting_uuid"]) == 0) { + if (!is_uuid($row["device_setting_uuid"])) { unset($_POST["device_settings"][$x]["device_setting_uuid"]); } //increment the row @@ -308,12 +304,12 @@ $database = new database; $database->app_name = 'devices'; $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; - if (strlen($device_uuid) > 0) { + if (is_uuid($device_uuid)) { $database->uuid($device_uuid); } $database->save($array); $response = $database->message; - if (strlen($response['uuid']) > 0) { + if (is_uuid($response['uuid'])) { $device_uuid = $response['uuid']; } } @@ -348,11 +344,11 @@ //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { $sql = "select * from v_devices "; - $sql .= "where device_uuid = '$device_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where device_uuid = :device_uuid "; + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $device_mac_address = $row["device_mac_address"]; $device_provisioned_ip = $row["device_provisioned_ip"]; $domain_uuid = $row["domain_uuid"]; @@ -371,7 +367,7 @@ $device_profile_uuid = $row["device_profile_uuid"]; $device_description = $row["device_description"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } //use the mac address to get the vendor @@ -384,23 +380,26 @@ $x = "999"; //alternate device settings - if (strlen($device_uuid_alternate) > 0) { + if (is_uuid($device_uuid_alternate)) { $sql = "select * from v_devices "; - $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; - $sql .= "and device_uuid = '$device_uuid_alternate' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_alternate = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + $sql .= "and device_uuid = :device_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['device_uuid'] = $device_uuid_alternate; + $database = new database; + $device_alternate = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); } //get device lines - $sql = "SELECT * FROM v_device_lines "; - $sql .= "where device_uuid = '".$device_uuid."' "; + $sql = "select * from v_device_lines "; + $sql .= "where device_uuid = :device_uuid "; $sql .= "order by cast(line_number as int) asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_lines = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $device_lines = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + $device_lines[$x]['line_number'] = ''; $device_lines[$x]['server_address'] = ''; $device_lines[$x]['outbound_proxy_primary'] = $_SESSION['provision']['outbound_proxy_primary']['text']; @@ -418,31 +417,28 @@ $device_lines[$x]['register_expires'] = $_SESSION['provision']['line_register_expires']['numeric']; //get device keys - $sql = "SELECT * FROM v_device_keys "; - $sql .= "WHERE device_uuid = '".$device_uuid."' "; - $sql .= "ORDER by "; + $sql = "select * from v_device_keys "; + $sql .= "where device_uuid = :device_uuid "; + $sql .= "order by "; $sql .= "device_key_vendor asc, "; - $sql .= "CASE device_key_category "; - $sql .= "WHEN 'line' THEN 1 "; - $sql .= "WHEN 'memory' THEN 2 "; - $sql .= "WHEN 'programmable' THEN 3 "; - $sql .= "WHEN 'expansion' THEN 4 "; - $sql .= "WHEN 'expansion-1' THEN 5 "; - $sql .= "WHEN 'expansion-2' THEN 6 "; - $sql .= "WHEN 'expansion-3' THEN 7 "; - $sql .= "WHEN 'expansion-4' THEN 8 "; - $sql .= "WHEN 'expansion-5' THEN 9 "; - $sql .= "WHEN 'expansion-6' THEN 10 "; - $sql .= "ELSE 100 END, "; - if ($db_type == "mysql") { - $sql .= "device_key_id asc "; - } - else { - $sql .= "cast(device_key_id as numeric) asc "; - } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql .= "case device_key_category "; + $sql .= "when 'line' then 1 "; + $sql .= "when 'memory' then 2 "; + $sql .= "when 'programmable' then 3 "; + $sql .= "when 'expansion' then 4 "; + $sql .= "when 'expansion-1' then 5 "; + $sql .= "when 'expansion-2' then 6 "; + $sql .= "when 'expansion-3' then 7 "; + $sql .= "when 'expansion-4' then 8 "; + $sql .= "when 'expansion-5' then 9 "; + $sql .= "when 'expansion-6' then 10 "; + $sql .= "else 100 end, "; + $sql .= $db_type == "mysql" ? "device_key_id asc " : "cast(device_key_id as numeric) asc "; + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $device_keys = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + $device_keys[$x]['device_key_category'] = ''; $device_keys[$x]['device_key_id'] = ''; $device_keys[$x]['device_key_type'] = ''; @@ -453,45 +449,48 @@ $device_keys[$x]['device_key_icon'] = ''; //get the device vendors - $sql = "SELECT name "; - $sql .= "FROM v_device_vendors "; - $sql .= "WHERE enabled = 'true' "; - $sql .= "ORDER BY name ASC "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_vendors = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql = "select name "; + $sql .= "from v_device_vendors "; + $sql .= "where enabled = 'true' "; + $sql .= "order by name asc "; + $database = new database; + $device_vendors = $database->select($sql, null, 'all'); + unset($sql); //get the vendor functions - $sql = "SELECT v.name as vendor_name, f.name, f.value "; - $sql .= "FROM v_device_vendors as v, v_device_vendor_functions as f "; - $sql .= "WHERE v.device_vendor_uuid = f.device_vendor_uuid "; + $sql = "select v.name as vendor_name, f.name, f.value "; + $sql .= "from v_device_vendors as v, v_device_vendor_functions as f "; + $sql .= "where v.device_vendor_uuid = f.device_vendor_uuid "; $sql .= "and v.enabled = 'true' "; $sql .= "and f.enabled = 'true' "; $sql .= "order by v.name asc, f.name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $database = new database; + $vendor_functions = $database->select($sql, null, 'all'); + unset($sql); //get device settings - $sql = "SELECT * FROM v_device_settings "; - $sql .= "WHERE device_uuid = '".$device_uuid."' "; - $sql .= "ORDER by device_setting_subcategory asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_settings = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql = "select * from v_device_settings "; + $sql .= "where device_uuid = :device_uuid "; + $sql .= "order by device_setting_subcategory asc "; + $parameters['device_uuid'] = $device_uuid; + $database = new database; + $device_settings = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + $device_settings[$x]['device_setting_name'] = ''; $device_settings[$x]['device_setting_value'] = ''; $device_settings[$x]['enabled'] = ''; $device_settings[$x]['device_setting_description'] = ''; //get the users - $sql = "SELECT * FROM v_users "; - $sql .= "WHERE domain_uuid = '".$domain_uuid."' "; - $sql .= "AND user_enabled = 'true' "; - $sql .= "ORDER by username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $users = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql = "select * from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and user_enabled = 'true' "; + $sql .= "order by username asc "; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $users = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //use the mac address to get the vendor if (strlen($device_vendor) == 0) { @@ -901,7 +900,7 @@ if (strlen($row['register_expires']) == 0) { $row['register_expires'] = $_SESSION['provision']['line_register_expires']['numeric']; } //determine whether to hide the element - if (strlen($device_line_uuid) == 0) { + if (!is_uuid($device_line_uuid)) { $element['hidden'] = false; $element['visibility'] = "visibility:visible;"; } @@ -910,7 +909,7 @@ $element['visibility'] = "visibility:hidden;"; } //add the primary key uuid - if (strlen($row['device_line_uuid']) > 0) { + if (is_uuid($row['device_line_uuid'])) { echo " \n"; } //show each row in the array @@ -1027,7 +1026,7 @@ echo " \n"; echo " "; echo " "; echo " "; echo " "; } + unset($sql, $parameters, $result); } if (permission_exists('device_key_edit')) { @@ -1124,7 +1122,7 @@ echo " \n"; } //determine whether to hide the element - if (strlen($device_key_uuid) == 0) { + if (!is_uuid($device_key_uuid)) { $element['hidden'] = false; $element['visibility'] = "visibility:visible;"; } @@ -1133,7 +1131,7 @@ $element['visibility'] = "visibility:hidden;"; } //add the primary key uuid - if (strlen($row['device_key_uuid']) > 0) { + if (is_uuid($row['device_key_uuid'])) { echo " \n"; } //show all the rows in the array @@ -1307,7 +1305,7 @@ //echo " \n"; //echo " \n"; echo " "; echo " \n"; } - if (permission_exists('device_alternate') && strlen($device_uuid_alternate) > 0) { + if (permission_exists('device_alternate') && is_uuid($device_uuid_alternate)) { echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; @@ -548,7 +344,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo $text['description-device_key_label']."\n"; echo "\n"; echo "\n"; - + echo "\n"; echo "\n"; echo "\n"; diff --git a/app/devices/device_profile_copy.php b/app/devices/device_profile_copy.php index 6cbbd39dc5..1593c4aae3 100644 --- a/app/devices/device_profile_copy.php +++ b/app/devices/device_profile_copy.php @@ -43,39 +43,42 @@ $text = $language->get(); //set the http get/post variable(s) to a php variable - if (isset($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $device_profile_uuid = $_REQUEST["id"]; } -//set the default - $save = true; - //get the device - $sql = "SELECT * FROM v_device_profiles "; - $sql .= "where device_profile_uuid = '".$device_profile_uuid."' "; + $sql = "select * from v_device_profiles "; + $sql .= "where device_profile_uuid = :device_profile_uuid "; + $parameters['device_profile_uuid'] = $device_profile_uuid; $database = new database; - $device_profiles = $database->select($sql); + $device_profiles = $database->select($sql, $parameters); + unset($sql, $parameters); //get device keys - $sql = "SELECT * FROM v_device_keys "; - $sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' "; - $sql .= "ORDER by "; - $sql .= "CASE device_key_category "; - $sql .= "WHEN 'line' THEN 1 "; - $sql .= "WHEN 'memort' THEN 2 "; - $sql .= "WHEN 'programmable' THEN 3 "; - $sql .= "WHEN 'expansion' THEN 4 "; - $sql .= "ELSE 100 END, "; + $sql = "select * from v_device_keys "; + $sql .= "where device_profile_uuid = :device_profile_uuid "; + $sql .= "order by "; + $sql .= "case device_key_category "; + $sql .= "when 'line' then 1 "; + $sql .= "when 'memort' then 2 "; + $sql .= "when 'programmable' then 3 "; + $sql .= "when 'expansion' then 4 "; + $sql .= "else 100 end, "; $sql .= "cast(device_key_id as numeric) asc "; + $parameters['device_profile_uuid'] = $device_profile_uuid; $database = new database; - $device_keys = $database->select($sql); + $device_keys = $database->select($sql, $parameters); + unset($sql, $parameters); //get device settings - $sql = "SELECT * FROM v_device_settings "; - $sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' "; - $sql .= "ORDER by device_setting_subcategory asc "; + $sql = "select * from v_device_settings "; + $sql .= "where device_profile_uuid = :device_profile_uuid "; + $sql .= "order by device_setting_subcategory asc "; + $parameters['device_profile_uuid'] = $device_profile_uuid; $database = new database; - $device_settings = $database->select($sql); + $device_settings = $database->select($sql, $parameters); + unset($sql, $parameters); //prepare the devices array unset($device_profiles[0]["device_profile_uuid"]); @@ -106,14 +109,13 @@ $array["device_profiles"][0]["device_settings"] = $device_settings; //copy the device - if ($save) { - $database = new database; - $database->app_name = 'devices'; - $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; - $database->save($array); - $response = $database->message; - message::add($text['message-copy']); - } + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + unset($array); + + message::add($text['message-copy']); //redirect header("Location: device_profiles.php"); diff --git a/app/devices/device_profile_delete.php b/app/devices/device_profile_delete.php index f629a03447..b51a95af42 100644 --- a/app/devices/device_profile_delete.php +++ b/app/devices/device_profile_delete.php @@ -42,42 +42,53 @@ $text = $language->get(); //get the id - if (isset($_GET["id"])) { - $id = $_GET["id"]; - } + $device_profile_uuid = $_GET["id"]; //delete the data and subdata - if (is_uuid($id)) { + if (is_uuid($device_profile_uuid)) { - //delete device profile keys - $sql = "delete from v_device_keys "; - $sql .= "where device_profile_uuid = '".$id."' "; - $db->exec($sql); - unset($sql); + //add temp permissions + $p = new permissions; + $p->add('device_key_delete', 'temp'); + $p->add('device_edit', 'temp'); - //delete device profile - $sql = "delete from v_device_profiles "; - $sql .= "where device_profile_uuid = '".$id."' "; - $db->exec($sql); - unset($sql); + //create array + $array['device_keys'][0]['device_profile_uuid'] = $device_profile_uuid; + $array['device_profiles'][0]['device_profile_uuid'] = $device_profile_uuid; + + //delete + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->delete($array); + unset($array); //remove device profile uuid from any assigned devices $sql = "update v_devices set "; $sql .= "device_profile_uuid = null "; - $sql .= "where device_profile_uuid = '".$id."' "; - $db->exec($sql); - unset($sql); + $sql .= "where device_profile_uuid = :device_profile_uuid "; + $parameters['device_profile_uuid'] = $device_profile_uuid; + $database = new database; + $database->execute($sql); + unset($sql, $parameters); + + //remove temp permissions + $p->delete('device_key_delete', 'temp'); + $p->delete('device_edit', 'temp'); + + //write the provision files + if ($_SESSION['provision']['path']['text'] != '') { + $prov = new provision; + $prov->domain_uuid = $domain_uuid; + $response = $prov->write(); + } + + //set message + message::add($text['message-delete']); + } -//write the provision files - if (strlen($_SESSION['provision']['path']['text']) > 0) { - $prov = new provision; - $prov->domain_uuid = $domain_uuid; - $response = $prov->write(); - } - -//set the message and redirect the user - message::add($text['message-delete']); +//redirect the user header("Location: device_profiles.php"); return; diff --git a/app/devices/device_profile_edit.php b/app/devices/device_profile_edit.php index e27168067a..2aa4bbd820 100644 --- a/app/devices/device_profile_edit.php +++ b/app/devices/device_profile_edit.php @@ -42,9 +42,9 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $device_profile_uuid = check_str($_REQUEST["id"]); + $device_profile_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -53,28 +53,28 @@ //get http post variables and set them to php variables if (count($_POST) > 0) { //echo ""; exit; - $device_profile_name = check_str($_POST["device_profile_name"]); - $device_profile_enabled = check_str($_POST["device_profile_enabled"]); - $device_profile_description = check_str($_POST["device_profile_description"]); - $device_key_category = check_str($_POST["device_key_category"]); - $device_key_id = check_str($_POST["device_key_id"]); - $device_key_type = check_str($_POST["device_key_type"]); - $device_key_line = check_str($_POST["device_key_line"]); - $device_key_value = check_str($_POST["device_key_value"]); - $device_key_extension = check_str($_POST["device_key_extension"]); - $device_key_label = check_str($_POST["device_key_label"]); - $device_key_icon = check_str($_POST["device_key_icon"]); + $device_profile_name = $_POST["device_profile_name"]; + $device_profile_enabled = $_POST["device_profile_enabled"]; + $device_profile_description = $_POST["device_profile_description"]; + $device_key_category = $_POST["device_key_category"]; + $device_key_id = $_POST["device_key_id"]; + $device_key_type = $_POST["device_key_type"]; + $device_key_line = $_POST["device_key_line"]; + $device_key_value = $_POST["device_key_value"]; + $device_key_extension = $_POST["device_key_extension"]; + $device_key_label = $_POST["device_key_label"]; + $device_key_icon = $_POST["device_key_icon"]; - //$device_setting_category = check_str($_POST["device_setting_category"]); - $device_setting_subcategory = check_str($_POST["device_setting_subcategory"]); - //$device_setting_name = check_str($_POST["device_setting_name"]); - $device_setting_value = check_str($_POST["device_setting_value"]); - $device_setting_enabled = check_str($_POST["device_setting_enabled"]); - $device_setting_description = check_str($_POST["device_setting_description"]); + //$device_setting_category = $_POST["device_setting_category"]; + $device_setting_subcategory = $_POST["device_setting_subcategory"]; + //$device_setting_name = $_POST["device_setting_name"]; + $device_setting_value = $_POST["device_setting_value"]; + $device_setting_enabled = $_POST["device_setting_enabled"]; + $device_setting_description = $_POST["device_setting_description"]; //allow the domain_uuid to be changed only with the device_profile_domain permission if (permission_exists('device_profile_domain')) { - $domain_uuid = check_str($_POST["domain_uuid"]); + $domain_uuid = $_POST["domain_uuid"]; } else { $_POST["domain_uuid"] = $_SESSION['domain_uuid']; @@ -163,6 +163,7 @@ if (strlen($response['uuid']) > 0) { $device_profile_uuid = $response['uuid']; } + unset($array); } //write the provision files @@ -196,44 +197,41 @@ //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { $sql = "select * from v_device_profiles "; - $sql .= "where device_profile_uuid = '$device_profile_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where device_profile_uuid = :device_profile_uuid "; + $parameters['device_profile_uuid'] = $device_profile_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $device_profile_name = $row["device_profile_name"]; $device_profile_domain_uuid = $row["domain_uuid"]; $device_profile_enabled = $row["device_profile_enabled"]; $device_profile_description = $row["device_profile_description"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } //set the sub array index $x = "999"; //get device keys - $sql = "SELECT * FROM v_device_keys "; - $sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' "; - $sql .= "ORDER by "; + $sql = "select * from v_device_keys "; + $sql .= "where device_profile_uuid = :device_profile_uuid "; + $sql .= "order by "; $sql .= "device_key_vendor asc, "; - $sql .= "CASE device_key_category "; - $sql .= "WHEN 'line' THEN 1 "; - $sql .= "WHEN 'memory' THEN 2 "; - $sql .= "WHEN 'programmable' THEN 3 "; - $sql .= "WHEN 'expansion' THEN 4 "; - $sql .= "WHEN 'expansion-1' THEN 5 "; - $sql .= "WHEN 'expansion-2' THEN 6 "; - $sql .= "ELSE 100 END, "; - if ($db_type == "mysql") { - $sql .= "device_key_id asc "; - } - else { - $sql .= "cast(device_key_id as numeric) asc "; - } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql .= "case device_key_category "; + $sql .= "when 'line' then 1 "; + $sql .= "when 'memory' then 2 "; + $sql .= "when 'programmable' then 3 "; + $sql .= "when 'expansion' then 4 "; + $sql .= "when 'expansion-1' then 5 "; + $sql .= "when 'expansion-2' then 6 "; + $sql .= "else 100 end, "; + $sql .= $db_type == "mysql" ? "device_key_id asc " : "cast(device_key_id as numeric) asc "; + $parameters['device_profile_uuid'] = $device_profile_uuid; + $database = new database; + $device_keys = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + $device_keys[$x]['device_key_category'] = ''; $device_keys[$x]['device_key_id'] = ''; $device_keys[$x]['device_key_type'] = ''; @@ -242,27 +240,27 @@ $device_keys[$x]['device_key_extension'] = ''; $device_keys[$x]['device_key_protected'] = ''; $device_keys[$x]['device_key_label'] = ''; - $device_keys[$x]['device_key_icon'] = ''; + $device_keys[$x]['device_key_icon'] = ''; //get the vendors - $sql = "SELECT * "; - $sql .= "FROM v_device_vendors as v "; + $sql = "select * "; + $sql .= "from v_device_vendors as v "; $sql .= "where enabled = 'true' "; $sql .= "order by name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $vendors = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $database = new database; + $vendors = $database->select($sql, null, 'all'); + unset($sql); //get the vendor functions - $sql = "SELECT v.name as vendor_name, f.name, f.value "; - $sql .= "FROM v_device_vendors as v, v_device_vendor_functions as f "; + $sql = "select v.name as vendor_name, f.name, f.value "; + $sql .= "from v_device_vendors as v, v_device_vendor_functions as f "; $sql .= "where v.device_vendor_uuid = f.device_vendor_uuid "; $sql .= "and v.enabled = 'true' "; $sql .= "and f.enabled = 'true' "; $sql .= "order by v.name asc, f.name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $database = new database; + $vendor_functions = $database->select($sql, null, 'all'); + unset($sql); //get the vendor count $vendor_count = 0; @@ -274,12 +272,14 @@ } //get device settings - $sql = "SELECT * FROM v_device_settings "; - $sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' "; - $sql .= "ORDER by device_setting_subcategory asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_settings = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql = "select * from v_device_settings "; + $sql .= "where device_profile_uuid = :device_profile_uuid "; + $sql .= "order by device_setting_subcategory asc "; + $parameters['device_profile_uuid'] = $device_profile_uuid; + $database = new database; + $device_settings = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + $device_settings[$x]['device_setting_name'] = ''; $device_settings[$x]['device_setting_value'] = ''; $device_settings[$x]['enabled'] = ''; @@ -408,7 +408,7 @@ echo " \n"; } //determine whether to hide the element - if (strlen($device_key_uuid) == 0) { + if (!is_uuid($device_key_uuid)) { $element['hidden'] = false; $element['visibility'] = "visibility:visible;"; } @@ -417,7 +417,7 @@ $element['visibility'] = "visibility:hidden;"; } //add the primary key uuid - if (strlen($row['device_key_uuid']) > 0) { + if (is_uuid($row['device_key_uuid'])) { echo " \n"; } else { @@ -584,7 +584,7 @@ echo "\n"; echo ""; echo " \n"; @@ -693,7 +693,7 @@ echo "\n"; echo "\n"; - if (is_array($device_profiles)) { + if (is_array($device_profiles) && @sizeof($device_profiles) != 0) { foreach($device_profiles as $row) { $tr_link = (permission_exists('device_profile_edit')) ? "href='device_profile_edit.php?id=".escape($row['device_profile_uuid'])."'" : null; echo "\n"; echo " \n"; echo " \n"; echo " \n"; @@ -154,9 +140,9 @@ echo " \n"; echo "\n"; $c = ($c == 0) ? 1 : 0; - } //end foreach - unset($sql, $device_profiles, $row_count); - } //end if results + } + } + unset($device_profiles); echo "\n"; echo "
Description
\n"; - echo " "; + echo " "; echo " $value".$column_name."
\n"; - if (strlen($row['device_line_uuid']) > 0) { + if (is_uuid($row['device_line_uuid'])) { if (permission_exists('device_delete')) { echo " $v_link_label_delete\n"; } @@ -1047,14 +1046,12 @@ if (permission_exists('device_profile_edit')) { //device profile $sql = "select * from v_device_profiles "; - $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; $sql .= "order by device_profile_name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); - if ($result_count > 0) { + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { echo "
".$text['label-profile'].""; @@ -1070,6 +1067,7 @@ echo "
\n"; - if (strlen($row['device_key_uuid']) > 0) { + if (is_uuid($row['device_key_uuid'])) { if (permission_exists('device_key_delete')) { echo " $v_link_label_delete\n"; } @@ -1344,7 +1342,7 @@ $x = 0; foreach($device_settings as $row) { //determine whether to hide the element - if (strlen($device_setting_uuid) == 0) { + if (!is_uuid($device_setting_uuid)) { $element['hidden'] = false; $element['visibility'] = "visibility:visible;"; } @@ -1353,7 +1351,7 @@ $element['visibility'] = "visibility:hidden;"; } //add the primary key uuid - if (strlen($row['device_setting_uuid']) > 0) { + if (is_uuid($row['device_setting_uuid'])) { echo " \n"; } @@ -1395,7 +1393,7 @@ echo " \n"; - if (strlen($row['device_setting_uuid']) > 0) { + if (is_uuid($row['device_setting_uuid'])) { if (permission_exists('device_edit')) { echo " $v_link_label_edit\n"; } @@ -1449,7 +1447,7 @@ echo "
\n"; echo " ".$text['label-device_uuid_alternate']."\n"; @@ -1516,7 +1514,7 @@ echo "\n"; echo " \n"; echo " \n"; echo "
\n"; echo $text['description-device_key_category']."\n"; @@ -230,115 +192,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo "		\n"; echo " \n"; echo "
\n"; echo $text['description-device_key_id']."\n"; @@ -351,85 +212,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo "		\n"; echo " \n"; echo "
\n"; echo $text['description-device_key_line']."\n"; @@ -441,76 +231,82 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo " ".$text['label-device_key_type']."\n"; echo "		\n"; -?> - - - \n"; + echo " \n"; + foreach ($device_key_types as $vendor => $types) { + echo "\n"; + foreach ($types as $value => $label) { + echo "\n"; + } + if ($vendor == 'Other' && $device_key_type != '' && !$found) { echo "\n"; } - ?> - - + echo "\n"; + } + echo "\n"; + unset($selected); -\n"; echo $text['description-device_key_type']."\n"; echo "
\n"; echo " ".$text['label-device_key_icon']."\n"; @@ -575,4 +371,4 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { //include the footer require_once "resources/footer.php"; -?> +?> \ No newline at end of file diff --git a/app/devices/device_line_delete.php b/app/devices/device_line_delete.php index 028fd22eba..1d270bed7b 100644 --- a/app/devices/device_line_delete.php +++ b/app/devices/device_line_delete.php @@ -25,7 +25,7 @@ require_once "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; -if (permission_exists('device_delete')) { +if (permission_exists('device_line_delete')) { //access granted } else { @@ -38,23 +38,24 @@ else { $text = $language->get(); //get the id - if (isset($_GET["id"])) { - $id = $_GET["id"]; - $device_uuid = $_GET["device_uuid"]; - } + $device_line_uuid = $_GET["id"]; + $device_uuid = $_GET["device_uuid"]; //delete device_line - if (is_uuid($id)) { - $sql = "delete from v_device_lines "; - $sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' or domain_uuid is null) "; - $sql .= "and device_line_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + if (is_uuid($device_line_uuid) && is_uuid($device_uuid)) { + + $array['device_lines'][0]['device_line_uuid'] = $device_line_uuid; + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); } -//send a redirect - message::add($text['message-delete']); +//redirect header("Location: device_edit.php?id=".$device_uuid); return; diff --git a/app/devices/device_line_edit.php b/app/devices/device_line_edit.php index ff57e18d82..fdb1cee1c0 100644 --- a/app/devices/device_line_edit.php +++ b/app/devices/device_line_edit.php @@ -38,38 +38,38 @@ else { $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $device_line_uuid = check_str($_REQUEST["id"]); + $device_line_uuid = $_REQUEST["id"]; } else { $action = "add"; } //set the parent uuid - if (strlen($_GET["device_uuid"]) > 0) { - $device_uuid = check_str($_GET["device_uuid"]); + if (is_uuid($_GET["device_uuid"])) { + $device_uuid = $_GET["device_uuid"]; } //get http post variables and set them to php variables if (count($_POST)>0) { - $line_number = check_str($_POST["line_number"]); - $server_address = check_str($_POST["server_address"]); - $outbound_proxy = check_str($_POST["outbound_proxy"]); - $sip_port = check_str($_POST["sip_port"]); - $sip_transport = check_str($_POST["sip_transport"]); - $register_expires = check_str($_POST["register_expires"]); - $display_name = check_str($_POST["display_name"]); - $user_id = check_str($_POST["user_id"]); - $auth_id = check_str($_POST["auth_id"]); - $password = check_str($_POST["password"]); + $line_number = $_POST["line_number"]; + $server_address = $_POST["server_address"]; + $outbound_proxy = $_POST["outbound_proxy"]; + $sip_port = $_POST["sip_port"]; + $sip_transport = $_POST["sip_transport"]; + $register_expires = $_POST["register_expires"]; + $display_name = $_POST["display_name"]; + $user_id = $_POST["user_id"]; + $auth_id = $_POST["auth_id"]; + $password = $_POST["password"]; } if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $msg = ''; if ($action == "update") { - $device_line_uuid = check_str($_POST["device_line_uuid"]); + $device_line_uuid = $_POST["device_line_uuid"]; } //check for all required data @@ -97,94 +97,58 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { if ($_POST["persistformvar"] != "true") { //add the line if ($action == "add" && permission_exists('device_add')) { - $sql = "insert into v_device_lines "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "device_line_uuid, "; - $sql .= "device_uuid, "; - $sql .= "line_number, "; - $sql .= "server_address, "; - $sql .= "outbound_proxy, "; - $sql .= "sip_port, "; - $sql .= "sip_transport, "; - $sql .= "register_expires, "; - $sql .= "display_name, "; - $sql .= "user_id, "; - $sql .= "auth_id, "; - $sql .= "password "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'$domain_uuid', "; - $sql .= "'".uuid()."', "; - $sql .= "'$device_uuid', "; - $sql .= "'$line_number', "; - $sql .= "'$server_address', "; - $sql .= "'$outbound_proxy', "; - $sql .= "'$sip_port', "; - $sql .= "'$sip_transport', "; - $sql .= "'$register_expires', "; - $sql .= "'$display_name', "; - $sql .= "'$user_id', "; - $sql .= "'$auth_id', "; - $sql .= "'$password' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - } //if ($action == "add") + $array['device_lines'][0]['device_line_uuid'] = uuid(); + $array['device_lines'][0]['sip_port'] = $sip_port; + $array['device_lines'][0]['register_expires'] = $register_expires; + + message::add($text['message-add']); + } //update the line if ($action == "update" && permission_exists('device_edit')) { - $sql = "update v_device_lines set "; - $sql .= "device_uuid = '$device_uuid', "; - $sql .= "line_number = '$line_number', "; - $sql .= "server_address = '$server_address', "; - $sql .= "outbound_proxy = '$outbound_proxy', "; - if (strlen($sip_port) > 0) { - $sql .= "sip_port = '$sip_port', "; - } - else { - $sql .= "sip_port = null, "; - } - $sql .= "sip_transport = '$sip_transport', "; - if (strlen($register_expires) > 0) { - $sql .= "register_expires = '$register_expires', "; - } - else { - $sql .= "register_expires = null, "; - } - $sql .= "display_name = '$display_name', "; - $sql .= "user_id = '$user_id', "; - $sql .= "auth_id = '$auth_id', "; - $sql .= "password = '$password' "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and device_line_uuid = '$device_line_uuid' "; - $db->exec(check_sql($sql)); - unset($sql); - } //if ($action == "update") + $array['device_lines'][0]['device_line_uuid'] = $device_line_uuid; + $array['device_lines'][0]['sip_port'] = $sip_port != '' ? $sip_port : null; + $array['device_lines'][0]['register_expires'] = $register_expires != '' ? $register_expires : null; + message::add($text['message-update']); + } + + //execute + if (is_array($array) && @sizeof($array) != 0) { + $array['device_lines'][0]['domain_uuid'] = $domain_uuid; + $array['device_lines'][0]['device_uuid'] = $device_uuid; + $array['device_lines'][0]['line_number'] = $line_number; + $array['device_lines'][0]['server_address'] = $server_address; + $array['device_lines'][0]['outbound_proxy'] = $outbound_proxy; + $array['device_lines'][0]['sip_transport'] = $sip_transport; + $array['device_lines'][0]['display_name'] = $display_name; + $array['device_lines'][0]['user_id'] = $user_id; + $array['device_lines'][0]['auth_id'] = $auth_id; + $array['device_lines'][0]['password'] = $password; + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + unset($array); + } - if ($action == "add") { - message::add($text['message-add']); - } - if ($action == "update") { - message::add($text['message-update']); - } header("Location: device_edit.php?id=".$device_uuid); - return; - } //if ($_POST["persistformvar"] != "true") -} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + exit; + } +} //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { - $device_line_uuid = check_str($_GET["id"]); + $device_line_uuid = $_GET["id"]; $sql = "select * from v_device_lines "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and device_line_uuid = '$device_line_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and device_line_uuid = :device_line_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['device_line_uuid'] = $device_line_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $line_number = $row["line_number"]; $server_address = $row["server_address"]; $outbound_proxy = $row["outbound_proxy"]; @@ -196,7 +160,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $auth_id = $row["auth_id"]; $password = $row["password"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header @@ -215,42 +179,15 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo " ".$text['label-line_number']."\n"; echo "\n"; - echo " \n"; + echo " \n"; echo "
\n"; echo $text['description-line_number']."\n"; echo "
\n"; - if (strlen($row['device_key_uuid']) > 0) { + if (is_uuid($row['device_key_uuid'])) { if (permission_exists('device_key_delete')) { echo " $v_link_label_delete\n"; } @@ -619,7 +619,7 @@ $x = 0; foreach($device_settings as $row) { //determine whether to hide the element - if (strlen($device_setting_uuid) == 0) { + if (!is_uuid($device_setting_uuid)) { $element['hidden'] = false; $element['visibility'] = "visibility:visible;"; } @@ -628,7 +628,7 @@ $element['visibility'] = "visibility:hidden;"; } //add the primary key uuid - if (strlen($row['device_setting_uuid']) > 0) { + if (is_uuid($row['device_setting_uuid'])) { echo " \n"; } @@ -670,7 +670,7 @@ echo " \n"; - if (strlen($row['device_setting_uuid']) > 0) { + if (is_uuid($row['device_setting_uuid'])) { echo " $v_link_label_delete\n"; } echo " \n"; echo "
"; echo (permission_exists('device_profile_edit')) ? "".escape($row['device_profile_name'])."" : escape($row['device_profile_name']); - echo ($row['domain_uuid'] == '') ? "    ".$text['select-global']."" : null; + echo !is_uuid($row['domain_uuid']) ? "    ".$text['select-global']."" : null; echo " ".$text['label-'.escape($row['device_profile_enabled'])]." ".escape($row['device_profile_description'])." 
\n"; diff --git a/app/devices/device_setting_delete.php b/app/devices/device_setting_delete.php index 4615b7deac..c59f29fc96 100644 --- a/app/devices/device_setting_delete.php +++ b/app/devices/device_setting_delete.php @@ -39,42 +39,45 @@ else { $text = $language->get(); //get the id - if (isset($_GET["id"])) { - $id = $_GET["id"]; - $device_uuid = $_GET["device_uuid"]; - $device_profile_uuid = $_GET["device_profile_uuid"]; - } + $device_setting_uuid = $_GET["id"]; + $device_uuid = $_GET["device_uuid"]; + $device_profile_uuid = $_GET["device_profile_uuid"]; -//delete device settings - if (is_uuid($id)) { - $sql = "delete from v_device_settings "; - $sql .= "where device_uuid = '$device_uuid' "; - $sql .= "and device_setting_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); - } - -//delete profile device settings - if (is_uuid($id) and is_uuid($device_profile_uuid)) { - $sql = "delete from v_device_settings "; - $sql .= "where device_profile_uuid = '$device_profile_uuid' "; - $sql .= "and device_setting_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); - } +//default location + $location = 'devices.php'; -//redirect to device profile - if (is_uuid($device_profile_uuid)) { +if (is_uuid($device_setting_uuid)) { + + //delete device settings + if (is_uuid($device_uuid)) { + $array['device_settings'][0]['device_setting_uuid'] = $device_setting_uuid; + $array['device_settings'][0]['device_uuid'] = $device_uuid; + + $location = "device_edit.php?id=".$device_uuid; + } + + //delete profile device settings + if (is_uuid($device_profile_uuid)) { + $array['device_settings'][1]['device_setting_uuid'] = $device_setting_uuid; + $array['device_settings'][1]['device_profile_uuid'] = $device_profile_uuid; + + $location = "device_profile_edit.php?id=".$device_profile_uuid; + } + + //execute + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->delete($array); + unset($array); + + //set message message::add($text['message-delete']); - header("Location: device_profile_edit.php?id=".$device_profile_uuid); - return; - } - -//send a redirect - message::add($text['message-delete']); - header("Location: device_edit.php?id=".$device_uuid); - return; + +} + +//redirect + header("Location: ".$location); + exit; ?> diff --git a/app/devices/device_setting_edit.php b/app/devices/device_setting_edit.php index 68015ef2ec..7e667016ec 100644 --- a/app/devices/device_setting_edit.php +++ b/app/devices/device_setting_edit.php @@ -39,7 +39,7 @@ else { $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; $device_setting_uuid = check_str($_REQUEST["id"]); } @@ -47,25 +47,25 @@ else { $action = "add"; } -if (strlen($_GET["device_uuid"]) > 0) { - $device_uuid = check_str($_GET["device_uuid"]); +if (is_uuid($_GET["device_uuid"])) { + $device_uuid = $_GET["device_uuid"]; } //get http post variables and set them to php variables if (count($_POST)>0) { - $device_setting_category = check_str($_POST["device_setting_category"]); - $device_setting_subcategory = check_str($_POST["device_setting_subcategory"]); - $device_setting_name = check_str($_POST["device_setting_name"]); - $device_setting_value = check_str($_POST["device_setting_value"]); - $device_setting_enabled = check_str($_POST["device_setting_enabled"]); - $device_setting_description = check_str($_POST["device_setting_description"]); + $device_setting_category = $_POST["device_setting_category"]; + $device_setting_subcategory = $_POST["device_setting_subcategory"]; + $device_setting_name = $_POST["device_setting_name"]; + $device_setting_value = $_POST["device_setting_value"]; + $device_setting_enabled = $_POST["device_setting_enabled"]; + $device_setting_description = $_POST["device_setting_description"]; } if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $msg = ''; if ($action == "update" && permission_exists('device_setting_edit')) { - $device_setting_uuid = check_str($_POST["device_setting_uuid"]); + $device_setting_uuid = $_POST["device_setting_uuid"]; } if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { require_once "resources/header.php"; @@ -84,77 +84,57 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { if ($_POST["persistformvar"] != "true") { //add the device if ($action == "add" && permission_exists('device_setting_add')) { - $sql = "insert into v_device_settings "; - $sql .= "("; - $sql .= "device_uuid, "; - $sql .= "device_setting_uuid, "; - $sql .= "device_setting_category, "; - $sql .= "device_setting_subcategory, "; - $sql .= "device_setting_name, "; - $sql .= "device_setting_value, "; - $sql .= "device_setting_enabled, "; - $sql .= "device_setting_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'$device_uuid', "; - $sql .= "'".uuid()."', "; - $sql .= "'$device_setting_category', "; - $sql .= "'$device_setting_subcategory', "; - $sql .= "'$device_setting_name', "; - $sql .= "'$device_setting_value', "; - $sql .= "'$device_setting_enabled', "; - $sql .= "'$device_setting_description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - } //if ($action == "add") + $array['device_settings'][0]['device_setting_uuid'] = uuid(); + message::add($text['message-add']); + } //update the device if ($action == "update" && permission_exists('device_setting_edit')) { - $sql = "update v_device_settings set "; - $sql .= "device_setting_category = '$device_setting_category', "; - $sql .= "device_setting_subcategory = '$device_setting_subcategory', "; - $sql .= "device_setting_name = '$device_setting_name', "; - $sql .= "device_setting_value = '$device_setting_value', "; - $sql .= "device_setting_enabled = '$device_setting_enabled', "; - $sql .= "device_setting_description = '$device_setting_description' "; - $sql .= "where device_uuid = '$device_uuid' "; - $sql .= "and device_setting_uuid = '$device_setting_uuid'"; - $db->exec(check_sql($sql)); - unset($sql); - } //if ($action == "update") + $array['device_settings'][0]['device_setting_uuid'] = $device_setting_uuid; + message::add($text['message-update']); + } - if ($action == "add") { - message::add($text['message-add']); - } - if ($action == "update") { - message::add($text['message-update']); + //execute + if (is_array($array) && @sizeof($array) != 0) { + $array['device_settings'][0]['device_uuid'] = $device_uuid; + $array['device_settings'][0]['device_setting_category'] = $device_setting_category; + $array['device_settings'][0]['device_setting_subcategory'] = $device_setting_subcategory; + $array['device_settings'][0]['device_setting_name'] = $device_setting_name; + $array['device_settings'][0]['device_setting_value'] = $device_setting_value; + $array['device_settings'][0]['device_setting_enabled'] = $device_setting_enabled; + $array['device_settings'][0]['device_setting_description'] = $device_setting_description; + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + unset($array); } + header("Location: device_edit.php?id=".$device_uuid); - return; - } //if ($_POST["persistformvar"] != "true") -} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + exit; + } +} //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { - $device_setting_uuid = check_str($_GET["id"]); + $device_setting_uuid = $_GET["id"]; $sql = "select * from v_device_settings "; - $sql .= "where device_uuid = '$device_uuid' "; - $sql .= "and device_setting_uuid = '$device_setting_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where device_uuid = :device_uuid "; + $sql .= "and device_setting_uuid = :device_setting_uuid "; + $parameters['device_uuid'] = $device_uuid; + $parameters['device_setting_uuid'] = $device_setting_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $device_setting_category = $row["device_setting_category"]; $device_setting_subcategory = $row["device_setting_subcategory"]; $device_setting_name = $row["device_setting_name"]; $device_setting_value = $row["device_setting_value"]; $device_setting_enabled = $row["device_setting_enabled"]; $device_setting_description = $row["device_setting_description"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header diff --git a/app/devices/device_settings.php b/app/devices/device_settings.php index 3848734134..c83237e50a 100644 --- a/app/devices/device_settings.php +++ b/app/devices/device_settings.php @@ -44,7 +44,7 @@ require_once "resources/paging.php"; //get variables used to control the order $order_by = $_GET["order_by"]; $order = $_GET["order"]; - $device_uuid = check_str($_GET["id"]); + $device_uuid = $_GET["id"]; //show the content echo "\n"; @@ -60,21 +60,14 @@ require_once "resources/paging.php"; echo "
\n"; //prepare to page the results - $sql = "select count(*) as num_rows from v_devices_settings "; - $sql .= "where device_uuid = '$device_uuid' "; - $sql .= "and domain_uuid = '$domain_uuid' "; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - } + $sql = "select count(*) from v_devices_settings "; + $sql .= "where device_uuid = :device_uuid "; + $sql .= "and domain_uuid = :domain_uuid "; + $parameters['device_uuid'] = $device_uuid; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -85,22 +78,20 @@ require_once "resources/paging.php"; $offset = $rows_per_page * $page; //get the list - $sql = "select * from v_device_settings "; - $sql .= "where device_uuid = '$device_uuid' "; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); + $sql = str_replace('count(*)', '*', $sql); + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + $c = 0; $row_style["0"] = "row_style0"; $row_style["1"] = "row_style1"; echo "\n"; - if ($result_count > 0) { + if (is_array($result) && @sizeof($result) != 0) { $previous_category = ''; foreach($result as $row) { if ($previous_category != $row['device_setting_category']) { @@ -142,9 +133,9 @@ require_once "resources/paging.php"; echo "\n"; $previous_category = $row['device_setting_category']; if ($c==0) { $c=1; } else { $c=0; } - } //end foreach - unset($sql, $result, $row_count); - } //end if results + } + } + unset($result, $row); echo "\n"; echo "\n"; echo "\n"; - //echo "
\n";
-	//print_r($function_groups);
-	//echo "
\n"; echo " "; echo " "; echo "
\n"; diff --git a/app/devices/device_vendor_delete.php b/app/devices/device_vendor_delete.php index b69858ffdd..38bad7a33a 100644 --- a/app/devices/device_vendor_delete.php +++ b/app/devices/device_vendor_delete.php @@ -43,22 +43,26 @@ $text = $language->get(); //get the id - if (count($_GET)>0) { - $id = check_str($_GET["id"]); - } + $device_vendor_uuid = $_GET["id"]; //delete the data - if (strlen($id)>0) { - //delete device_vendor - $sql = "delete from v_device_vendors "; - $sql .= "where device_vendor_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + if (is_uuid($device_vendor_uuid)) { + //create array + $array['device_vendors'][0]['device_vendor_uuid'] = $device_vendor_uuid; + + //execute + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); } //redirect the user - message::add($text['message-delete']); header('Location: device_vendors.php'); + exit; ?> \ No newline at end of file diff --git a/app/devices/device_vendor_edit.php b/app/devices/device_vendor_edit.php index 610905bbc7..f101813149 100644 --- a/app/devices/device_vendor_edit.php +++ b/app/devices/device_vendor_edit.php @@ -43,9 +43,9 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $device_vendor_uuid = check_str($_REQUEST["id"]); + $device_vendor_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -53,9 +53,9 @@ //get http post variables and set them to php variables if (count($_POST)>0) { - $name = check_str($_POST["name"]); - $enabled = check_str($_POST["enabled"]); - $description = check_str($_POST["description"]); + $name = $_POST["name"]; + $enabled = $_POST["enabled"]; + $description = $_POST["description"]; } //process the data @@ -63,7 +63,7 @@ //get the uuid if ($action == "update") { - $device_vendor_uuid = check_str($_POST["device_vendor_uuid"]); + $device_vendor_uuid = $_POST["device_vendor_uuid"]; } //check for all required data @@ -87,59 +87,46 @@ //add or update the database if ($_POST["persistformvar"] != "true") { if ($action == "add" && permission_exists('device_vendor_add')) { - $sql = "insert into v_device_vendors "; - $sql .= "("; - $sql .= "device_vendor_uuid, "; - $sql .= "name, "; - $sql .= "enabled, "; - $sql .= "description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".uuid()."', "; - $sql .= "'$name', "; - $sql .= "'$enabled', "; - $sql .= "'$description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - + $array['device_vendors'][0]['device_vendor_uuid'] = uuid(); message::add($text['message-add']); - header("Location: device_vendors.php"); - return; - - } //if ($action == "add") + } if ($action == "update" && permission_exists('device_vendor_edit')) { - $sql = "update v_device_vendors set "; - $sql .= "name = '$name', "; - $sql .= "enabled = '$enabled', "; - $sql .= "description = '$description' "; - $sql .= "where device_vendor_uuid = '$device_vendor_uuid'"; - $db->exec(check_sql($sql)); - unset($sql); - + $array['device_vendors'][0]['device_vendor_uuid'] = $device_vendor_uuid; message::add($text['message-update']); + } + + if (is_array($array) && @sizeof($array) != 0) { + $array['device_vendors'][0]['name'] = $name; + $array['device_vendors'][0]['enabled'] = $enabled; + $array['device_vendors'][0]['description'] = $description; + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + unset($array); + header("Location: device_vendors.php"); - return; - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + exit; + } + } + } //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { - $device_vendor_uuid = check_str($_GET["id"]); + $device_vendor_uuid = $_GET["id"]; $sql = "select * from v_device_vendors "; - $sql .= "where device_vendor_uuid = '".$device_vendor_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where device_vendor_uuid = :device_vendor_uuid "; + $parameters['device_vendor_uuid'] = $device_vendor_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $name = $row["name"]; $enabled = $row["enabled"]; $description = $row["description"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header diff --git a/app/devices/device_vendor_function_delete.php b/app/devices/device_vendor_function_delete.php index c0afd53965..8f7fdefbc1 100644 --- a/app/devices/device_vendor_function_delete.php +++ b/app/devices/device_vendor_function_delete.php @@ -43,23 +43,31 @@ $text = $language->get(); //get the id - if (count($_GET)>0) { - $id = check_str($_GET["id"]); - $device_vendor_uuid = check_str($_GET["device_vendor_uuid"]); - } + $device_vendor_function_uuid = $_GET["id"]; + $device_vendor_uuid = $_GET["device_vendor_uuid"]; //delete the data - if (strlen($id)>0) { - //delete device_vendor_function - $sql = "delete from v_device_vendor_functions "; - $sql .= "where device_vendor_function_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + if (is_uuid($device_vendor_function_uuid) && is_uuid($device_vendor_uuid)) { + //create array + $array['device_vendor_functions'][0]['device_vendor_function_uuid'] = $device_vendor_function_uuid; + + //execute delete + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); + + //redirect the user + header('Location: device_vendor_edit.php?id='.$device_vendor_uuid); + exit; } -//redirect the user - message::add($text['message-delete']); - header('Location: device_vendor_function_edit.php?id='.$device_vendor_uuid); +//default redirect + header('Location: device_vendors.php'); + exit; ?> \ No newline at end of file diff --git a/app/devices/device_vendor_function_edit.php b/app/devices/device_vendor_function_edit.php index 01e03c9bdf..f6d52743a6 100644 --- a/app/devices/device_vendor_function_edit.php +++ b/app/devices/device_vendor_function_edit.php @@ -31,17 +31,28 @@ //delete the group from the menu item if ($_REQUEST["a"] == "delete" && permission_exists("device_vendor_function_delete") && $_REQUEST["id"] != '') { //get the id - $device_vendor_function_group_uuid = check_str($_REQUEST["id"]); - $device_vendor_function_uuid = check_str($_REQUEST["device_vendor_function_uuid"]); - $device_vendor_uuid = check_str($_REQUEST["device_vendor_uuid"]); - //delete the group from the users - $sql = "delete from v_device_vendor_function_groups "; - $sql .= "where device_vendor_function_group_uuid = '".$device_vendor_function_group_uuid."' "; - $db->exec(check_sql($sql)); + $device_vendor_function_group_uuid = $_REQUEST["id"]; + $device_vendor_function_uuid = $_REQUEST["device_vendor_function_uuid"]; + $device_vendor_uuid = $_REQUEST["device_vendor_uuid"]; + + //delete the device vendor function group + $array['device_vendor_function_groups'][0]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid; + + $p = new permissions; + $p->add('device_vendor_function_group_delete', 'temp'); + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->delete($array); + unset($array); + + $p->delete('device_vendor_function_group_delete', 'temp'); + //redirect the browser message::add($text['message-delete']); header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid)); - return; + exit; } //check permissions @@ -55,9 +66,9 @@ } //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $device_vendor_function_uuid = check_str($_REQUEST["id"]); + $device_vendor_function_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -68,17 +79,17 @@ $text = $language->get(); //set the parent uuid - if (strlen($_GET["device_vendor_uuid"]) > 0) { - $device_vendor_uuid = check_str($_GET["device_vendor_uuid"]); + if (is_uuid($_GET["device_vendor_uuid"])) { + $device_vendor_uuid = $_GET["device_vendor_uuid"]; } //get http post variables and set them to php variables if (count($_POST)>0) { - //$label = check_str($_POST["label"]); - $name = check_str($_POST["name"]); - $value = check_str($_POST["value"]); - $enabled = check_str($_POST["enabled"]); - $description = check_str($_POST["description"]); + //$label = $_POST["label"]; + $name = $_POST["name"]; + $value = $_POST["value"]; + $enabled = $_POST["enabled"]; + $description = $_POST["description"]; } //process the http variables @@ -86,7 +97,7 @@ //get the uuid if ($action == "update") { - $device_vendor_function_uuid = check_str($_POST["device_vendor_function_uuid"]); + $device_vendor_function_uuid = $_POST["device_vendor_function_uuid"]; } //check for all required data @@ -115,125 +126,107 @@ //add vendor functions if ($action == "add" && permission_exists('device_vendor_function_add')) { $device_vendor_function_uuid = uuid(); - $sql = "insert into v_device_vendor_functions "; - $sql .= "("; - $sql .= "device_vendor_function_uuid, "; - $sql .= "device_vendor_uuid, "; - //$sql .= "label, "; - $sql .= "name, "; - $sql .= "value, "; - $sql .= "enabled, "; - $sql .= "description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$device_vendor_function_uuid."', "; - $sql .= "'$device_vendor_uuid', "; - //$sql .= "'$label', "; - $sql .= "'$name', "; - $sql .= "'$value', "; - $sql .= "'$enabled', "; - $sql .= "'$description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - } //if ($action == "add") + $array['device_vendor_functions'][0]['device_vendor_function_uuid'] = $device_vendor_function_uuid; + } //update vendor functions if ($action == "update" && permission_exists('device_vendor_function_edit')) { - $sql = "update v_device_vendor_functions set "; - $sql .= "device_vendor_uuid = '$device_vendor_uuid', "; - //$sql .= "label = '$label', "; - $sql .= "name = '$name', "; - $sql .= "value = '$value', "; - $sql .= "enabled = '$enabled', "; - $sql .= "description = '$description' "; - $sql .= "where device_vendor_function_uuid = '$device_vendor_function_uuid'"; - $db->exec(check_sql($sql)); - unset($sql); - } //if ($action == "update") + $array['device_vendor_functions'][0]['device_vendor_function_uuid'] = $device_vendor_function_uuid; + } + + //execute + if (is_array($array) && @sizeof($array) != 0) { + $array['device_vendor_functions'][0]['device_vendor_uuid'] = $device_vendor_uuid; + //$array['device_vendor_functions'][0]['label'] = $label; + $array['device_vendor_functions'][0]['name'] = $name; + $array['device_vendor_functions'][0]['value'] = $value; + $array['device_vendor_functions'][0]['enabled'] = $enabled; + $array['device_vendor_functions'][0]['description'] = $description; + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + unset($array); + } //add a group to the menu if (permission_exists('device_vendor_function_add') && $_REQUEST["group_uuid_name"] != '') { //get the group uuid and group_name - $group_data = explode('|', check_str($_REQUEST["group_uuid_name"])); + $group_data = explode('|', $_REQUEST["group_uuid_name"]); $group_uuid = $group_data[0]; $group_name = $group_data[1]; //add the group to the menu - if (strlen($device_vendor_function_uuid) > 0) { + if (is_uuid($device_vendor_function_uuid)) { $device_vendor_function_group_uuid = uuid(); - $sql = "insert into v_device_vendor_function_groups "; - $sql .= "("; - $sql .= "device_vendor_function_group_uuid, "; - $sql .= "device_vendor_function_uuid, "; - $sql .= "device_vendor_uuid, "; - $sql .= "group_name, "; - $sql .= "group_uuid "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$device_vendor_function_group_uuid."', "; - $sql .= "'".$device_vendor_function_uuid."', "; - $sql .= "'".$device_vendor_uuid."', "; - $sql .= "'".$group_name."', "; - $sql .= "'".$group_uuid."' "; - $sql .= ")"; - $db->exec($sql); + $array['device_vendor_function_groups'][0]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid; + $array['device_vendor_function_groups'][0]['device_vendor_function_uuid'] = $device_vendor_function_uuid; + $array['device_vendor_function_groups'][0]['device_vendor_uuid'] = $device_vendor_uuid; + $array['device_vendor_function_groups'][0]['group_name'] = $group_name; + $array['device_vendor_function_groups'][0]['group_uuid'] = $group_uuid; + + $p = new permissions; + $p->add('device_vendor_function_group_add', 'temp'); + + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + unset($array); + + $p->delete('device_vendor_function_group_add', 'temp'); } } //redirect the user $_SESSION["message"] = $text['message-'.$action]; header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid)); - return; - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + exit; + } + } //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { - $device_vendor_function_uuid = check_str($_GET["id"]); + $device_vendor_function_uuid = $_GET["id"]; $sql = "select * from v_device_vendor_functions "; - $sql .= "where device_vendor_function_uuid = '$device_vendor_function_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $device_vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($device_vendor_functions as &$row) { + $sql .= "where device_vendor_function_uuid = :device_vendor_function_uuid "; + $parameters['device_vendor_function_uuid'] = $device_vendor_function_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { //$label = $row["label"]; $name = $row["name"]; $value = $row["value"]; $enabled = $row["enabled"]; $description = $row["description"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } -//group groups assigned +//get function groups assigned $sql = "select "; - $sql .= " fg.*, g.domain_uuid as group_domain_uuid "; + $sql .= "fg.*, g.domain_uuid as group_domain_uuid "; $sql .= "from "; - $sql .= " v_device_vendor_function_groups as fg, "; - $sql .= " v_groups as g "; + $sql .= "v_device_vendor_function_groups as fg, "; + $sql .= "v_groups as g "; $sql .= "where "; - $sql .= " fg.group_uuid = g.group_uuid "; - $sql .= " and fg.device_vendor_uuid = :device_vendor_uuid "; - //$sql .= " and fg.device_vendor_uuid = '$device_vendor_uuid' "; - $sql .= " and fg.device_vendor_function_uuid = :device_vendor_function_uuid "; - //$sql .= " and fg.device_vendor_function_uuid = '$device_vendor_function_uuid' "; + $sql .= "fg.group_uuid = g.group_uuid "; + $sql .= "and fg.device_vendor_uuid = :device_vendor_uuid "; + $sql .= "and fg.device_vendor_function_uuid = :device_vendor_function_uuid "; $sql .= "order by "; - $sql .= " g.domain_uuid desc, "; - $sql .= " g.group_name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->bindParam(':device_vendor_uuid', $device_vendor_uuid); - $prep_statement->bindParam(':device_vendor_function_uuid', $device_vendor_function_uuid); - $prep_statement->execute(); - $function_groups = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($sql, $prep_statement); + $sql .= "g.domain_uuid desc, "; + $sql .= "g.group_name asc "; + $parameters['device_vendor_uuid'] = $device_vendor_uuid; + $parameters['device_vendor_function_uuid'] = $device_vendor_function_uuid; + $database = new database; + $function_groups = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set the assigned_groups array - if (is_array($menu_item_groups)) { - foreach($menu_item_groups as $field) { + if (is_array($function_groups) && @sizeof($function_groups) != 0) { + foreach($function_groups as $field) { if (strlen($field['group_name']) > 0) { $assigned_groups[] = $field['group_uuid']; } @@ -242,14 +235,20 @@ //get the groups $sql = "select * from v_groups "; - if (sizeof($assigned_groups) > 0) { - $sql .= "where group_uuid not in ('".implode("','",$assigned_groups)."') "; + if (is_array($assigned_groups) && @sizeof($assigned_groups) != 0) { + $sql .= "where "; + foreach ($assigned_groups as $index => $group_uuid) { + $sql_where[] = 'group_uuid <> :group_uuid_'.$index; + $parameters['group_uuid_'.$index] = $group_uuid; + } + if (is_array($sql_where) && @sizeof($sql_where) != 0) { + $sql .= implode(' and ', $sql_where); + } } $sql .= "order by domain_uuid desc, group_name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $groups = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($sql, $prep_statement); + $database = new database; + $groups = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters, $sql_where, $index); //show the header require_once "resources/header.php"; @@ -298,13 +297,10 @@ echo "
".$text['label-groups'].""; - if (is_array($function_groups)) { + if (is_array($function_groups) && @sizeof($function_groups) != 0) { echo "\n"; foreach($function_groups as $field) { if (strlen($field['group_name']) > 0) { @@ -322,7 +318,7 @@ } echo "
\n"; } - if (is_array($groups)) { + if (is_array($groups) && @sizeof($groups) != 0) { echo "
\n"; echo "\n"; echo "\n"; - echo "\n"; + //echo "\n"; echo th_order_by('name', $text['label-name'], $order_by, $order); echo th_order_by('value', $text['label-value'], $order_by, $order); echo "\n"; @@ -134,30 +123,27 @@ echo "\n"; echo "\n"; - if (is_array($vendor_functions)) { + if (is_array($vendor_functions) && @sizeof($vendor_functions) != 0) { foreach($vendor_functions as $row) { //get the groups that have been assigned to the vendor functions $sql = "select "; - $sql .= " fg.*, g.domain_uuid as group_domain_uuid "; + $sql .= "fg.*, g.domain_uuid as group_domain_uuid "; $sql .= "from "; - $sql .= " v_device_vendor_function_groups as fg, "; - $sql .= " v_groups as g "; + $sql .= "v_device_vendor_function_groups as fg, "; + $sql .= "v_groups as g "; $sql .= "where "; - $sql .= " fg.group_uuid = g.group_uuid "; - $sql .= " and fg.device_vendor_uuid = :device_vendor_uuid "; - //$sql .= " and fg.device_vendor_uuid = '$device_vendor_uuid' "; - $sql .= " and fg.device_vendor_function_uuid = :device_vendor_function_uuid "; - //$sql .= " and fg.device_vendor_function_uuid = '".$row['device_vendor_function_uuid']."' "; + $sql .= "fg.group_uuid = g.group_uuid "; + $sql .= "and fg.device_vendor_uuid = :device_vendor_uuid "; + $sql .= "and fg.device_vendor_function_uuid = :device_vendor_function_uuid "; $sql .= "order by "; - $sql .= " g.domain_uuid desc, "; - $sql .= " g.group_name asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->bindParam(':device_vendor_uuid', $device_vendor_uuid); - $prep_statement->bindParam(':device_vendor_function_uuid', $row['device_vendor_function_uuid']); - $prep_statement->execute(); - $vendor_function_groups = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($sql, $prep_statement); + $sql .= "g.domain_uuid desc, "; + $sql .= "g.group_name asc "; + $parameters['device_vendor_uuid'] = $device_vendor_uuid; + $parameters['device_vendor_function_uuid'] = $row['device_vendor_function_uuid']; + $database = new database; + $vendor_function_groups = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); unset($group_list); foreach ($vendor_function_groups as &$sub_row) { $group_list[] = escape($sub_row["group_name"]).(($sub_row['group_domain_uuid'] != '') ? "@".escape($_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name']) : null); @@ -170,7 +156,7 @@ } //show the row of data echo "\n"; - echo " \n"; + //echo " \n"; echo " \n"; echo " \n"; echo " \n"; @@ -187,9 +173,9 @@ echo "\n"; //toggle the value of the c variable if ($c==0) { $c=1; } else { $c=0; } - } //end foreach - unset($sql, $result, $row_count); - } //end if results + } + unset($vendor_functions, $row); + } echo "\n"; echo "\n"; echo "\n"; - if (is_array($result)) { + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { if (permission_exists('device_vendor_edit')) { $tr_link = "href='device_vendor_edit.php?id=".escape($row['device_vendor_uuid'])."'"; @@ -154,9 +144,9 @@ echo " \n"; echo "\n"; if ($c==0) { $c=1; } else { $c=0; } - } //end foreach - unset($sql, $result, $row_count); - } //end if results + } + } + unset($result, $row); echo "\n"; echo "\n"; echo "\n"; - if (is_array($devices)) { + if (is_array($devices) && @sizeof($devices) != 0) { foreach($devices as $row) { $device_profile_name = ''; @@ -291,9 +281,9 @@ echo " \n"; echo "\n"; if ($c==0) { $c=1; } else { $c=0; } - } //end foreach - unset($sql, $devices, $row_count); - } //end if results + } + } + unset($devices, $row); echo "\n"; echo "
".$text['label-label']."".$text['label-label']."".$text['label-groups']."
".$text['label-'.escape($row['name'])]." ".$text['label-'.escape($row['name'])]." ".escape($row['name'])."  ".escape($row['value'])." ".escape($group_list)." 
\n"; diff --git a/app/devices/device_vendor_restore.php b/app/devices/device_vendor_restore.php index e64482ec34..fa94fccd05 100644 --- a/app/devices/device_vendor_restore.php +++ b/app/devices/device_vendor_restore.php @@ -1,165 +1,147 @@ - Portions created by the Initial Developer are Copyright (C) 2016 - the Initial Developer. All Rights Reserved. + The Initial Developer of the Original Code is + Mark J Crane + Portions created by the Initial Developer are Copyright (C) 2016 + the Initial Developer. All Rights Reserved. - Contributor(s): - Mark J Crane - Luis Daniel Lucio Quiroz + Contributor(s): + Mark J Crane + Luis Daniel Lucio Quiroz */ //includes - require_once "root.php"; - require_once "resources/require.php"; + require_once "root.php"; + require_once "resources/require.php"; //check permissions - require_once "resources/check_auth.php"; - if (permission_exists('device_vendor_restore')) { - //access granted - } - else { - echo "access denied"; - exit; - } + require_once "resources/check_auth.php"; + if (permission_exists('device_vendor_restore')) { + //access granted + } + else { + echo "access denied"; + exit; + } //add multi-lingual support - $language = new text; - $text = $language->get(); - + $language = new text; + $text = $language->get(); //flush everything - $sql = "delete from v_device_vendors"; - $db->exec(check_sql($sql)); - unset($sql); + $sql = "delete from v_device_vendors"; + $database = new database; + $database->execute($sql); + unset($sql); - $sql = "delete from v_device_vendor_functions"; - $db->exec(check_sql($sql)); - unset($sql); + $sql = "delete from v_device_vendor_functions"; + $database = new database; + $database->execute($sql); + unset($sql); - $sql = "delete from v_device_vendor_function_groups"; - $db->exec(check_sql($sql)); - unset($sql); + $sql = "delete from v_device_vendor_function_groups"; + $database = new database; + $database->execute($sql); + unset($sql); //add device vendor functions to the database - $sql = "select count(*) as num_rows from v_device_vendors; "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] == 0) { + $sql = "select count(*) from v_device_vendors; "; + $database = new database; + $num_rows = $database->select($sql, null, 'column'); + unset($sql); - //get the vendor array - require_once $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH.'/app/devices/app_config.php'; + if ($num_rows == 0) { - //get the groups and create an array to use the name to get the uuid - $sql = "select * from v_groups; "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $groups = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - unset($prep_statement); - foreach ($groups as $row) { - if ($row['domain_uuid'] == '') { - $group_uuids[$row['group_name']] = $row['group_uuid']; - } - } + //get the vendor array + require_once $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH.'/app/devices/app_config.php'; - //process the array - foreach ($vendors as $vendor) { - //insert the data into the database - $device_vendor_uuid = uuid(); - $sql = "insert into v_device_vendors "; - $sql .= "("; - $sql .= "device_vendor_uuid, "; - $sql .= "name, "; - $sql .= "enabled "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".$device_vendor_uuid."', "; - $sql .= "'".$vendor['name']."', "; - $sql .= "'true' "; - $sql .= ");"; - //echo $sql."\n"; - $db->exec(check_sql($sql)); - unset($sql); + //get the groups and create an array to use the name to get the uuid + $sql = "select * from v_groups "; + $database = new database; + $groups = $database->select($sql, null, 'all'); + if (is_array($groups) && @sizeof($groups) != 0) { + foreach ($groups as $row) { + if (!is_uuid($row['domain_uuid'])) { + $group_uuids[$row['group_name']] = $row['group_uuid']; + } + } + } + unset($sql); - //add the vendor functions - foreach ($vendor['functions'] as $function) { - //get the id - $device_vendor_function_uuid = uuid(); - //add the device vendor funtction - $sql = "insert into v_device_vendor_functions "; - $sql .= "("; - $sql .= "device_vendor_uuid, "; - $sql .= "device_vendor_function_uuid, "; - //$sql .= "label, "; - $sql .= "name, "; - $sql .= "value, "; - $sql .= "enabled, "; - $sql .= "description "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".$device_vendor_uuid."', "; - $sql .= "'".$device_vendor_function_uuid."', "; - //$sql .= "'".$function['label']."', "; - $sql .= "'".$function['name']."', "; - $sql .= "'".$function['value']."', "; - $sql .= "'true', "; - $sql .= "'".$function['description']."' "; - $sql .= ");"; - //echo $sql."\n"; - $db->exec(check_sql($sql)); - unset($sql); + //create insert array + foreach ($vendors as $index_1 => $vendor) { + //insert the data into the database + $device_vendor_uuid = uuid(); + $array['device_vendors'][$index_1]['device_vendor_uuid'] = $device_vendor_uuid; + $array['device_vendors'][$index_1]['name'] = $vendor['name']; + $array['device_vendors'][$index_1]['enabled'] = 'true'; - //add the device vendor function groups - if (is_array($function['groups'])) { - $sql = "insert into v_device_vendor_function_groups "; - $sql .= "("; - $sql .= "device_vendor_function_group_uuid, "; - $sql .= "device_vendor_function_uuid, "; - $sql .= "device_vendor_uuid, "; - $sql .= "group_name, "; - $sql .= "group_uuid "; - $sql .= ") "; - $sql .= "values "; - $i = 0; - foreach ($function['groups'] as $group_name) { - if ($i == 0) { $sql .= "("; } else { $sql .= ",("; } - $sql .= "'".uuid()."', "; - $sql .= "'".$device_vendor_function_uuid."', "; - $sql .= "'".$device_vendor_uuid."', "; - $sql .= "'$group_name', "; - $sql .= "'".$group_uuids[$group_name]."' "; - $sql .= ")"; - $i++; - } - $db->exec($sql); - } - } - } + //add the vendor functions + foreach ($vendor['functions'] as $index_2 => $function) { + $device_vendor_function_uuid = uuid(); + $array['device_vendor_functions'][$index_2]['device_vendor_uuid'] = $device_vendor_uuid; + $array['device_vendor_functions'][$index_2]['device_vendor_function_uuid'] = $device_vendor_function_uuid; + //$array['device_vendor_functions'][$index_2]['label'] = $function['label']; + $array['device_vendor_functions'][$index_2]['name'] = $function['name']; + $array['device_vendor_functions'][$index_2]['value'] = $function['value']; + $array['device_vendor_functions'][$index_2]['enabled'] = 'true'; + $array['device_vendor_functions'][$index_2]['description'] = $function['description']; - } //if num_rows - } // if prep_statement + //add the device vendor function groups + if (is_array($function['groups']) && @sizeof($function['groups']) != 0) { + foreach ($function['groups'] as $index_3 => $group_name) { + $device_vendor_function_group_uuid = uuid(); + $array['device_vendor_function_groups'][$index_3]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid; + $array['device_vendor_function_groups'][$index_3]['device_vendor_function_uuid'] = $device_vendor_function_uuid; + $array['device_vendor_function_groups'][$index_3]['device_vendor_uuid'] = $device_vendor_uuid; + $array['device_vendor_function_groups'][$index_3]['group_name'] = $group_name; + $array['device_vendor_function_groups'][$index_3]['group_uuid'] = $group_uuids[$group_name]; + } + } + } + } - message::add($text['message-restore']); - header('Location: device_vendors.php'); + //assign temp permissions + $p = new permissions; + $p->add('device_vendor_add', 'temp'); + $p->add('device_vendor_function_add', 'temp'); + $p->add('device_vendor_function_group_add', 'temp'); + + //process array + $database = new database; + $database->app_name = 'devices'; + $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; + $database->save($array); + unset($array); + + //remove temp permissions + $p->delete('device_vendor_add', 'temp'); + $p->delete('device_vendor_function_add', 'temp'); + $p->delete('device_vendor_function_group_add', 'temp'); + + //set message + message::add($text['message-restore']); + + } + unset($num_rows); + +//redirect + header('Location: device_vendors.php'); + exit; ?> diff --git a/app/devices/device_vendors.php b/app/devices/device_vendors.php index a6efcdbdcb..67ce593fea 100644 --- a/app/devices/device_vendors.php +++ b/app/devices/device_vendors.php @@ -43,37 +43,29 @@ $text = $language->get(); //get variables used to control the order - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; //add the search term - $search = check_str($_GET["search"]); - if (strlen($search) > 0) { - $sql_search = "where ("; - $sql_search .= "name like '%".$search."%'"; - $sql_search .= "or enabled like '%".$search."%'"; - $sql_search .= "or description like '%".$search."%'"; - $sql_search .= ")"; + $search = $_GET["search"]; + if ($search != '') { + $sql_where = "where ("; + $sql_where .= "name like :search "; + $sql_where .= "or enabled like :search "; + $sql_where .= "or description like :search "; + $sql_where .= ")"; + $parameters['search'] = '%'.$search.'%'; } + //additional includes require_once "resources/header.php"; require_once "resources/paging.php"; //prepare to page the results - $sql = "select count(*) as num_rows from v_device_vendors "; - $sql .= $sql_search; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - } + $sql = "select count(*) from v_device_vendors "; + $sql .= $sql_where; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -84,14 +76,12 @@ $offset = $rows_per_page * $page; //get the list - $sql = "select * from v_device_vendors "; - $sql .= $sql_search; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql = str_replace('count(*)', '*', $sql); + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //alternate the row style $c = 0; @@ -135,7 +125,7 @@ echo "
\n"; diff --git a/app/devices/devices.php b/app/devices/devices.php index cdcb57cec9..08fcebacd6 100644 --- a/app/devices/devices.php +++ b/app/devices/devices.php @@ -46,42 +46,36 @@ $text = $language->get(); //get the http values and set them as variables - $search = check_str($_GET["search"]); - if (isset($_GET["order_by"])) { - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); - } + $search = $_GET["search"]; + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; //get total devices count from the database - $sql = "select count(*) as num_rows from v_devices "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - $total_devices = $row['num_rows']; - } - unset($sql, $prep_statement, $row); + $sql = "select count(*) from v_devices "; + $sql .= "where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $total_devices = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //get the devices profiles $sql = "select * from v_device_profiles "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $device_profiles = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - } - unset($sql, $prep_statement, $row); + $sql .= "where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $device_profiles = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //prepare to page the results - $sql = "select count(*) as num_rows from v_devices as d "; + $sql = "select count(*) from v_devices as d "; if ($_GET['show'] == "all" && permission_exists('device_all')) { if (strlen($search) > 0) { $sql .= "where "; } - } else { + } + else { $sql .= "where ("; - $sql .= " d.domain_uuid = '$domain_uuid' "; + $sql .= " d.domain_uuid = :domain_uuid "; if (permission_exists('device_all')) { $sql .= " or d.domain_uuid is null "; } @@ -89,30 +83,24 @@ if (strlen($search) > 0) { $sql .= "and "; } + $parameters['domain_uuid'] = $domain_uuid; } if (strlen($search) > 0) { $sql .= "("; - $sql .= " lower(d.device_mac_address) like '%".strtolower($search)."%' "; - $sql .= " or d.device_label like '%".$search."%' "; - $sql .= " or d.device_vendor like '%".$search."%' "; - $sql .= " or d.device_enabled like '%".$search."%' "; - $sql .= " or d.device_template like '%".$search."%' "; - $sql .= " or d.device_description like '%".$search."%' "; - $sql .= " or d.device_provisioned_method like '%".$search."%' "; - $sql .= " or d.device_provisioned_ip like '%".$search."%' "; + $sql .= " lower(d.device_mac_address) like :search "; + $sql .= " or lower(d.device_label) like :search "; + $sql .= " or lower(d.device_vendor) like :search "; + $sql .= " or lower(d.device_enabled) like :search "; + $sql .= " or lower(d.device_template) like :search "; + $sql .= " or lower(d.device_description) like :search "; + $sql .= " or lower(d.device_provisioned_method) like :search "; + $sql .= " or lower(d.device_provisioned_ip) like :search "; $sql .= ") "; + $parameters['search'] = '%'.strtolower($search).'%'; } - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - } + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -135,25 +123,28 @@ $sql .= ") "; if ($_GET['show'] == "all" && permission_exists('device_all')) { //echo __line__."
\n"; - } else { + } + else { $sql .= "and ("; - $sql .= " d.domain_uuid = '$domain_uuid' "; + $sql .= " d.domain_uuid = :domain_uuid "; if (permission_exists('device_all')) { $sql .= " or d.domain_uuid is null "; } $sql .= ") "; + $parameters['domain_uuid'] = $domain_uuid; } if (strlen($search) > 0) { $sql .= "and ("; - $sql .= " lower(d.device_mac_address) like '%".strtolower($search)."%' "; - $sql .= " or d.device_label like '%".$search."%' "; - $sql .= " or d.device_vendor like '%".$search."%' "; - $sql .= " or d.device_enabled like '%".$search."%' "; - $sql .= " or d.device_template like '%".$search."%' "; - $sql .= " or d.device_description like '%".$search."%' "; - $sql .= " or d.device_provisioned_method like '%".$search."%' "; - $sql .= " or d.device_provisioned_ip like '%".$search."%' "; + $sql .= " lower(d.device_mac_address) like :search "; + $sql .= " or lower(d.device_label) like :search "; + $sql .= " or lower(d.device_vendor) like :search "; + $sql .= " or lower(d.device_enabled) like :search "; + $sql .= " or lower(d.device_template) like :search "; + $sql .= " or lower(d.device_description) like :search "; + $sql .= " or lower(d.device_provisioned_method) like :search "; + $sql .= " or lower(d.device_provisioned_ip) like :search "; $sql .= ") "; + $parameters['search'] = '%'.strtolower($search).'%'; } if (strlen($order_by) == 0) { $sql .= "order by d.device_label, d.device_description asc "; @@ -161,16 +152,15 @@ else { $sql .= "order by $order_by $order "; } - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $devices = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $devices = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //alternate_found $device_alternate = false; foreach($devices as $row) { - if (strlen($row['device_uuid_alternate']) > 0) { + if (is_uuid($row['device_uuid_alternate'])) { $device_alternate = true; break; } @@ -249,7 +239,7 @@ echo "
\n";