From 6bd051ad105afb0c27aad09ab1a5c812bd91afeb Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Mon, 1 Jul 2019 21:10:31 -0600
Subject: [PATCH] Database class integration.

---
 app/access_controls/access_control_nodes.php |   1 -
 app/access_controls/access_controls.php      |   1 -
 app/call_block/call_block.php                |  86 ++-----
 app/call_block/call_block_cdr_add.php        | 112 ++++-----
 app/call_block/call_block_delete.php         |  63 ++---
 app/call_block/call_block_edit.php           | 247 ++++++++++---------
 6 files changed, 237 insertions(+), 273 deletions(-)

diff --git a/app/access_controls/access_control_nodes.php b/app/access_controls/access_control_nodes.php
index 12a9190b22..659668a051 100644
--- a/app/access_controls/access_control_nodes.php
+++ b/app/access_controls/access_control_nodes.php
@@ -119,7 +119,6 @@
 		unset($sql, $result, $row_count);
 	} //end if results
 
-	echo "<tr>\n";
 	echo "</table>\n";
 	if (permission_exists('access_control_node_add')) {
 		echo "<div style='float: right;'>\n";
diff --git a/app/access_controls/access_controls.php b/app/access_controls/access_controls.php
index a178ff97e8..fc66111294 100644
--- a/app/access_controls/access_controls.php
+++ b/app/access_controls/access_controls.php
@@ -115,7 +115,6 @@
 		unset($sql, $access_controls);
 	} //end if results
 
-	echo "<tr>\n";
 	echo "</table>\n";
 	if (permission_exists('access_control_add')) {
 		echo "<div style='float: right;'>\n";
diff --git a/app/call_block/call_block.php b/app/call_block/call_block.php
index 27d33795c9..8ae0a70360 100644
--- a/app/call_block/call_block.php
+++ b/app/call_block/call_block.php
@@ -30,12 +30,8 @@ require_once "resources/require.php";
 
 //check permissions
 	require_once "resources/check_auth.php";
-	if (permission_exists('call_block_view')) {
-		//access granted
-	}
-	else {
-		echo "access denied";
-		exit;
+	if (!permission_exists('call_block_view')) {
+		echo "access denied"; exit;
 	}
 
 //add multi-lingual support
@@ -47,44 +43,22 @@ require_once "resources/require.php";
 	require_once "resources/paging.php";
 
 //get variables used to control the order
-	$order_by = $_GET["order_by"];
+	$order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'call_block_number';
 	$order = $_GET["order"];
 
-//validate order by
-	if (strlen($order_by) > 0) {
-		$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
-	}
-
-//validate the order
-	switch ($order) {
-		case 'asc':
-			break;
-		case 'desc':
-			break;
-		default:
-			$order = '';
-	}
-
 //show the content
-	echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
-	echo "	<tr>\n";
-	echo "		<td width='50%' align='left' nowrap='nowrap'><b>".$text['title-call-block']."</b></td>\n";
-	echo "		<td width='50%' align='right'>&nbsp;</td>\n";
-	echo "	</tr>\n";
-	echo "	<tr>\n";
-	echo "		<td align='left' colspan='2'>\n";
-	echo "			".$text['description-call-block']."<br /><br />\n";
-	echo "		</td>\n";
-	echo "	</tr>\n";
-	echo "</table>\n";
+	echo "<b>".$text['title-call-block']."</b>\n";
+	echo "<br /><br />\n";
+	echo $text['description-call-block']."\n";
+	echo "<br /><br />\n";
 
 //prepare to page the results
-	$sql = "select count(*) as num_rows from v_call_block ";
+	$sql = "select count(*) from v_call_block ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	$database = new database;
 	$num_rows = $database->select($sql, $parameters, 'column');
-	//unset($parameters);
+	unset($parameters);
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -97,16 +71,12 @@ require_once "resources/require.php";
 //get the  list
 	$sql = "select * from v_call_block ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	if (strlen($order_by) > 0) { 
-		$sql .= "order by $order_by $order ";
-	} else {
-		$sql .= "order by call_block_number asc "; 
-	}
-	$sql .= "limit :rows_per_page offset :offset ";
+	$sql .= order_by($order_by, $order);
+	$sql .= limit_offset($rows_per_page, $offset);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	$database = new database;
-	$parameters['rows_per_page'] = $rows_per_page;
-	$parameters['offset'] = $offset;
 	$result = $database->select($sql, $parameters, 'all');
+	unset($parameters);
 
 //table headers
 	$c = 0;
@@ -130,11 +100,11 @@ require_once "resources/require.php";
 //show the results
 	if (is_array($result)) {
 		foreach($result as $row) {
-			$tr_link = (permission_exists('call_block_edit')) ? "href='call_block_edit.php?id=".$row['call_block_uuid']."'" : null;
+			$tr_link = (permission_exists('call_block_edit')) ? "href='call_block_edit.php?id=".escape($row['call_block_uuid'])."'" : null;
 			echo "<tr ".$tr_link.">\n";
 			echo "	<td valign='top' class='".$row_style[$c]."'>";
 			if (permission_exists('call_block_edit')) {
-				echo "<a href='call_block_edit.php?id=".escape($row['call_block_uuid'])."'>".escape($row['call_block_number'])."</a>";
+				echo "<a ".$tr_link."'>".escape($row['call_block_number'])."</a>";
 			}
 			else {
 				echo escape($row['call_block_number']);
@@ -159,30 +129,20 @@ require_once "resources/require.php";
 			};
 			echo "  </td>";
 			echo "</tr>\n";
-			if ($c==0) { $c=1; } else { $c=0; }
+			$c = $c == 1 ? 0 : 1;
 		} //end foreach
 		unset($sql, $result, $row_count);
 	} //end if results
 
 //complete the content
-	echo "<tr>\n";
-	echo "<td colspan='11' align='left'>\n";
-	echo "	<table width='100%' cellpadding='0' cellspacing='0'>\n";
-	echo "	<tr>\n";
-	echo "		<td width='33.3%' nowrap>&nbsp;</td>\n";
-	echo "		<td width='33.3%' align='center' nowrap>$paging_controls</td>\n";
-	echo "		<td class='list_control_icons'>";
+	echo "</table>\n";
 	if (permission_exists('call_block_add')) {
-		echo "<a href='call_block_edit.php' alt='".$text['button-add']."'>$v_link_label_add</a>";
+		echo "<div style='float: right;'>\n";
+		echo "	<a href='call_block_edit.php' alt=\"".$text['button-add']."\">".$v_link_label_add."</a>";
+		echo "</div>\n";
 	}
-	echo "		</td>\n";
-	echo "	</tr>\n";
- 	echo "	</table>\n";
-	echo "</td>\n";
-	echo "</tr>\n";
-
-	echo "</table>";
-	echo "<br /><br />";
+	echo "<br />\n";
+	echo "<div align='center'>".$paging_controls."</div>\n";
 
 //include the footer
 	require_once "resources/footer.php";
diff --git a/app/call_block/call_block_cdr_add.php b/app/call_block/call_block_cdr_add.php
index be38fbc8f3..eb82e7d0b9 100644
--- a/app/call_block/call_block_cdr_add.php
+++ b/app/call_block/call_block_cdr_add.php
@@ -32,12 +32,8 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (permission_exists('call_block_edit') || permission_exists('call_block_add')) {
-		//access granted
-	}
-	else {
-		echo "access denied";
-		exit;
+	if (!permission_exists('call_block_edit') && !permission_exists('call_block_add')) {
+		echo "access denied"; exit;
 	}
 
 //add multi-lingual support
@@ -45,68 +41,68 @@
 	$text = $language->get();
 
 //action add from cdr
-	if (isset($_REQUEST["cdr_id"])) {
+	if (is_uuid($_REQUEST["cdr_id"])) {
 
 		$action = "cdr_add";
-		$xml_cdr_uuid = check_str($_REQUEST["cdr_id"]);
-		$call_block_name = check_str($_REQUEST["name"]);
+		$xml_cdr_uuid = $_REQUEST["cdr_id"];
+		$call_block_name = $_REQUEST["name"];
 
-		// get the caller id info from cdr that user chose
-		$sql = "select ";
-		if ($call_block_name == '') {
-			$sql .= "caller_id_name, ";
-		}
-		$sql .= "caller_id_number ";
-		$sql .= "from v_xml_cdr ";
-		$sql .= "where xml_cdr_uuid = '".$xml_cdr_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetch();
-		unset ($prep_statement);
+		// get the caller id info from cdr the user chose
+			$sql = "select caller_id_name, caller_id_number ";
+			$sql .= "from v_xml_cdr ";
+			$sql .= "where xml_cdr_uuid = :xml_cdr_uuid ";
+			$parameters['xml_cdr_uuid'] = $xml_cdr_uuid;
+			$database = new database;
+			$result = $database->select($sql, $parameters, 'row');
+			unset ($sql, $parameters);
 
-		$call_block_name = ($call_block_name == '') ? $result["caller_id_name"] : $call_block_name;
-		$call_block_number = $result["caller_id_number"];
-		$call_block_enabled = "true";
-		$block_call_action = "Reject";
+		//create data array
+			$array['call_block'][0]['call_block_uuid'] = uuid();
+			$array['call_block'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+			$array['call_block'][0]['call_block_name'] = $call_block_name == '' ? $result["caller_id_name"] : $call_block_name;
+			$array['call_block'][0]['call_block_number'] = $result["caller_id_number"];
+			$array['call_block'][0]['call_block_count'] = 0;
+			$array['call_block'][0]['call_block_action'] = 'Reject';
+			$array['call_block'][0]['call_block_enabled'] = 'true';
+			$array['call_block'][0]['date_added'] = time();
 
 		//ensure call block is enabled in the dialplan
-		$sql = "update v_dialplans set ";
-		$sql .= "dialplan_enabled = 'true' ";
-		$sql .= "where ";
-		$sql .= "app_uuid = 'b1b31930-d0ee-4395-a891-04df94599f1f' and ";
-		$sql .= "domain_uuid = '".$domain_uuid."' and ";
-		$sql .= "dialplan_enabled <> 'true' ";
-		$db->exec(check_sql($sql));
-		unset($sql);
+			if ($action == "add" || $action == "update") {
+				$sql = "select dialplan_uuid from v_dialplans where true ";
+				$sql .= "and domain_uuid = :domain_uuid ";
+				$sql .= "and app_uuid = 'b1b31930-d0ee-4395-a891-04df94599f1f' ";
+				$sql .= "and dialplan_enabled <> 'true' ";
+				$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+				$database = new database;
+				$rows = $database->select($sql, $parameters);
+
+				if (is_array($rows) && sizeof($rows) != 0) {
+					foreach ($rows as $index => $row) {
+						$array['dialplans'][$index]['dialplan_uuid'] = $row['dialplan_uuid'];
+						$array['dialplans'][$index]['dialplan_enabled'] = 'true';
+					}
+
+					$p = new permissions;
+					$p->add('dialplan_edit', 'temp');
+
+					$database = new database;
+					$database->save($array);
+					unset($array);
+
+					$p->delete('dialplan_edit', 'temp');
+				}
+			}
 
 		//insert call block record
-		$sql = "insert into v_call_block ";
-		$sql .= "(";
-		$sql .= "domain_uuid, ";
-		$sql .= "call_block_uuid, ";
-		$sql .= "call_block_name, ";
-		$sql .= "call_block_number, ";
-		$sql .= "call_block_count, ";
-		$sql .= "call_block_action, ";
-		$sql .= "call_block_enabled, ";
-		$sql .= "date_added ";
-		$sql .= ") ";
-		$sql .= "values ";
-		$sql .= "(";
-		$sql .= "'".$_SESSION['domain_uuid']."', ";
-		$sql .= "'".uuid()."', ";
-		$sql .= "'".$call_block_name."', ";
-		$sql .= "'".$call_block_number."', ";
-		$sql .= "0, ";
-		$sql .= "'".$block_call_action."', ";
-		$sql .= "'".$call_block_enabled."', ";
-		$sql .= "'".time()."' ";
-		$sql .= ")";
-		$db->exec(check_sql($sql));
-		unset($sql);
+			$database = new database;
+			$database->app_name = 'call_block';
+			$database->app_uuid = '9ed63276-e085-4897-839c-4f2e36d92d6c';
+			$database->save($array);
+			$response = $database->message;
+			unset($array);
 
 		//add a message
-		message::add($text['label-add-complete']);
+			message::add($text['label-add-complete']);
 	}
 
 //redirect the browser
diff --git a/app/call_block/call_block_delete.php b/app/call_block/call_block_delete.php
index 8cc459374b..d16329186f 100644
--- a/app/call_block/call_block_delete.php
+++ b/app/call_block/call_block_delete.php
@@ -31,55 +31,56 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (permission_exists('call_block_delete')) {
-		//access granted
-	}
-	else {
-		echo "access denied";
-		exit;
+	if (!permission_exists('call_block_delete')) {
+		echo "access denied"; exit;
 	}
 
 //add multi-lingual support
 	$language = new text;
 	$text = $language->get();
 
-//set the variable
-	if (count($_GET)>0) {
-		$id = $_GET["id"];
-	}
-
 //delete the extension
-	if (strlen($id)>0) {
+	if (is_uuid($_GET["id"])) {
+		$call_block_uuid = $_GET["id"];
+
 		//read the call_block_number
-			$sql = " select c.call_block_number, d.domain_name from v_call_block as c ";
-			$sql .= "JOIN v_domains as d ON c.domain_uuid=d.domain_uuid ";
-			$sql .= "where c.domain_uuid = '".$_SESSION['domain_uuid']."' ";
-			$sql .= "and c.call_block_uuid = '$id' ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$result = $prep_statement->fetchAll();
-			$result_count = count($result);
-			if ($result_count > 0) {
-				$call_block_number = $result[0]["call_block_number"];
-				$domain_name = $result[0]["domain_name"];
+			$sql = "select c.call_block_number, d.domain_name ";
+			$sql .= "from v_call_block as c ";
+			$sql .= "join v_domains as d on c.domain_uuid = d.domain_uuid ";
+			$sql .= "where c.domain_uuid = :domain_uuid ";
+			$sql .= "and c.call_block_uuid = :call_block_uuid ";
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$parameters['call_block_uuid'] = $call_block_uuid;
+			$database = new database;
+			$result = $database->select($sql, $parameters, 'row');
+
+			if (is_array($result) && sizeof($result) != 0) {
+				$call_block_number = $result["call_block_number"];
+				$domain_name = $result["domain_name"];
 
 				//clear the cache
 				$cache = new cache;
 				$cache->delete("app:call_block:".$domain_name.":".$call_block_number);
 			}
-			unset ($prep_statement, $sql);
+
+			unset($sql, $parameters, $result);
 
 		//delete the call block
-			$sql = "delete from v_call_block ";
-			$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-			$sql .= "and call_block_uuid = '$id' ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($prep_statement, $sql);
+			$array['call_block'][0]['call_block_uuid'] = $call_block_uuid;
+			$array['call_block'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+			$database = new database;
+			$database->app_name = 'call_block';
+			$database->app_uuid = '9ed63276-e085-4897-839c-4f2e36d92d6c';
+			$database->delete($array);
+			$response = $database->message;
+			unset($array);
+
+		//message
+			message::add($text['label-delete-complete']);
 	}
 
 	//redirect the browser
-		message::add($text['label-delete-complete']);
 		header("Location: call_block.php");
 		return;
 
diff --git a/app/call_block/call_block_edit.php b/app/call_block/call_block_edit.php
index 17e71fa1ad..d4543e1cd1 100644
--- a/app/call_block/call_block_edit.php
+++ b/app/call_block/call_block_edit.php
@@ -32,12 +32,8 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (permission_exists('call_block_edit') || permission_exists('call_block_add')) {
-		//access granted
-	}
-	else {
-		echo "access denied";
-		exit;
+	if (!permission_exists('call_block_edit') && !permission_exists('call_block_add')) {
+		echo "access denied"; exit;
 	}
 
 //add multi-lingual support
@@ -46,33 +42,34 @@
 
 //define the call_block_get_extensions function
 	function call_block_get_extensions($select_extension) {
-		global $db, $text;
+		global $text;
 
 		//list voicemail
 		$sql = "select extension, user_context, description from v_extensions ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
 		$sql .= "and enabled = 'true' ";
 		$sql .= "order by extension asc ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$database = new database;
+		$result = $database->select($sql, $parameters);
 
-		echo "<optgroup label='".$text['label-voicemail']."'>\n";
-		foreach ($result as &$row) {
-			$extension = $row["extension"];
-			$context = $row["user_context"];
-			$description = $row["description"];
-			if ($extension == $select_extension) $selected = "selected='selected'";
-			echo "		<option value='Voicemail $context $extension' $selected>".$extension." ".$description."</option>\n";
-			$selected = "";
+		if (is_array($result) && sizeof($result) != 0) {
+			echo "<optgroup label='".$text['label-voicemail']."'>\n";
+			foreach ($result as &$row) {
+				$extension = $row["extension"];
+				$context = $row["user_context"];
+				$description = $row["description"];
+				$selected = $extension == $select_extension ? "selected='selected'" : null;
+				echo "<option value='Voicemail ".$context." ".$extension."' ".$selected.">".$extension." ".$description."</option>\n";
+			}
+			echo "</optgroup>\n";
 		}
-		echo "</optgroup>\n";
 	}
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$call_block_uuid = check_str($_REQUEST["id"]);
+		$call_block_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -80,10 +77,10 @@
 
 //get http post variables and set them to php variables
 	if (count($_POST) > 0) {
-		$call_block_name = check_str($_POST["call_block_name"]);
-		$call_block_number = check_str($_POST["call_block_number"]);
-		$call_block_action = check_str($_POST["call_block_action"]);
-		$call_block_enabled = check_str($_POST["call_block_enabled"]);
+		$call_block_name = $_POST["call_block_name"];
+		$call_block_number = $_POST["call_block_number"];
+		$call_block_action = $_POST["call_block_action"];
+		$call_block_enabled = $_POST["call_block_enabled"];
 	}
 
 //handle the http post
@@ -114,62 +111,68 @@
 			}
 	
 		//add or update the database
-			if (($_POST["persistformvar"] != "true")>0) {
+			if (is_array($_POST) && sizeof($_POST) != 0 && $_POST["persistformvar"] != "true") {
 	
-				if ($action == "add" || $action == "update") {
-					//ensure call block is enabled in the dialplan
-					$sql = "update v_dialplans set ";
-					$sql .= "dialplan_enabled = 'true' ";
-					$sql .= "where ";
-					$sql .= "app_uuid = 'b1b31930-d0ee-4395-a891-04df94599f1f' and ";
-					$sql .= "domain_uuid = '".$domain_uuid."' and ";
-					$sql .= "dialplan_enabled <> 'true' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
-				}
+				//ensure call block is enabled in the dialplan
+					if ($action == "add" || $action == "update") {
+						$sql = "select dialplan_uuid from v_dialplans where true ";
+						$sql .= "and domain_uuid = :domain_uuid ";
+						$sql .= "and app_uuid = 'b1b31930-d0ee-4395-a891-04df94599f1f' ";
+						$sql .= "and dialplan_enabled <> 'true' ";
+						$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+						$database = new database;
+						$rows = $database->select($sql, $parameters);
+
+						if (is_array($rows) && sizeof($rows) != 0) {
+							foreach ($rows as $index => $row) {
+								$array['dialplans'][$index]['dialplan_uuid'] = $row['dialplan_uuid'];
+								$array['dialplans'][$index]['dialplan_enabled'] = 'true';
+							}
+
+							$p = new permissions;
+							$p->add('dialplan_edit', 'temp');
+
+							$database = new database;
+							$database->save($array);
+							unset($array);
+
+							$p->delete('dialplan_edit', 'temp');
+						}
+					}
 	
 				if ($action == "add") {
-					$sql = "insert into v_call_block ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "call_block_uuid, ";
-					$sql .= "call_block_name, ";
-					$sql .= "call_block_number, ";
-					$sql .= "call_block_count, ";
-					$sql .= "call_block_action, ";
-					$sql .= "call_block_enabled, ";
-					$sql .= "date_added ";
-					$sql .= ") ";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$_SESSION['domain_uuid']."', ";
-					$sql .= "'".uuid()."', ";
-					$sql .= "'$call_block_name', ";
-					$sql .= "'$call_block_number', ";
-					$sql .= "0, ";
-					$sql .= "'$call_block_action', ";
-					$sql .= "'$call_block_enabled', ";
-					$sql .= "'".time()."' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['call_block'][0]['call_block_uuid'] = uuid();
+					$array['call_block'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+					$array['call_block'][0]['call_block_name'] = $call_block_name;
+					$array['call_block'][0]['call_block_number'] = $call_block_number;
+					$array['call_block'][0]['call_block_count'] = 0;
+					$array['call_block'][0]['call_block_action'] = $call_block_action;
+					$array['call_block'][0]['call_block_enabled'] = $call_block_enabled;
+					$array['call_block'][0]['date_added'] = time();
+
+					$database = new database;
+					$database->app_name = 'call_block';
+					$database->app_uuid = '9ed63276-e085-4897-839c-4f2e36d92d6c';
+					$database->save($array);
+					$response = $database->message;
+					unset($array);
 	
 					message::add($text['label-add-complete']);
 					header("Location: call_block.php");
 					return;
-				} //if ($action == "add")
+				}
 	
 				if ($action == "update") {
-					$sql = " select c.call_block_number, d.domain_name from v_call_block as c ";
-					$sql  .= "JOIN v_domains as d ON c.domain_uuid=d.domain_uuid ";
-					$sql .= "where c.domain_uuid = '".$_SESSION['domain_uuid']."' ";
-					$sql .= "and c.call_block_uuid = '$call_block_uuid'";
-	
-					$prep_statement = $db->prepare(check_sql($sql));
-					$prep_statement->execute();
-					$result = $prep_statement->fetchAll();
-					$result_count = count($result);
-					if ($result_count > 0) {
+					$sql = "select c.call_block_number, d.domain_name ";
+					$sql .= "from v_call_block as c ";
+					$sql .= "join v_domains as d on c.domain_uuid = d.domain_uuid ";
+					$sql .= "where c.domain_uuid = :domain_uuid ";
+					$sql .= "and c.call_block_uuid = :call_block_uuid ";
+					$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+					$parameters['call_block_uuid'] = $call_block_uuid;
+					$database = new database;
+					$result = $database->select($sql, $parameters);
+					if (is_array($result) && sizeof($result) != 0) {
 						//set the domain_name
 						$domain_name = $result[0]["domain_name"];
 	
@@ -177,40 +180,50 @@
 						$cache = new cache;
 						$cache->delete("app:call_block:".$domain_name.":".$call_block_number);
 					}
-					unset ($prep_statement, $sql);
+					unset($sql, $parameters);
 	
-					$sql = "update v_call_block set ";
-					$sql .= "call_block_name = '$call_block_name', ";
-					$sql .= "call_block_number = '$call_block_number', ";
-					$sql .= "call_block_action = '$call_block_action', ";
-					$sql .= "call_block_enabled = '$call_block_enabled' ";
-					$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-					$sql .= "and call_block_uuid = '$call_block_uuid'";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['call_block'][0]['call_block_uuid'] = $call_block_uuid;
+					$array['call_block'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+					$array['call_block'][0]['call_block_name'] = $call_block_name;
+					$array['call_block'][0]['call_block_number'] = $call_block_number;
+					$array['call_block'][0]['call_block_action'] = $call_block_action;
+					$array['call_block'][0]['call_block_enabled'] = $call_block_enabled;
+					$array['call_block'][0]['date_added'] = time();
+
+					$database = new database;
+					$database->app_name = 'call_block';
+					$database->app_uuid = '9ed63276-e085-4897-839c-4f2e36d92d6c';
+					$database->save($array);
+					$response = $database->message;
+					unset($array);
 	
 					message::add($text['label-update-complete']);
 					header("Location: call_block.php");
 					return;
-				} //if ($action == "update")
-			} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+				}
+
+			}
+
+	}
 
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
 		$call_block_uuid = $_GET["id"];
 		$sql = "select * from v_call_block ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and call_block_uuid = '$call_block_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$row = $prep_statement->fetch();
-		$call_block_name = $row["call_block_name"];
-		$call_block_number = $row["call_block_number"];
-		$call_block_action = $row["call_block_action"];
-		$blocked_call_destination = $row["blocked_call_destination"];
-		$call_block_enabled = $row["call_block_enabled"];
-		unset ($prep_statement, $sql);
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and call_block_uuid = :call_block_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['call_block_uuid'] = $call_block_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && sizeof($row) != 0) {
+			$call_block_name = $row["call_block_name"];
+			$call_block_number = $row["call_block_number"];
+			$call_block_action = $row["call_block_action"];
+			$blocked_call_destination = $row["blocked_call_destination"];
+			$call_block_enabled = $row["call_block_enabled"];
+		}
+		unset($sql, $parameters, $row);
 	}
 
 //show the header
@@ -342,16 +355,18 @@
 
 
 //get recent calls from the db (if not editing an existing call block record)
-	if (!isset($_REQUEST["id"])) {
-		$sql = "select caller_id_number, caller_id_name, start_epoch, direction, hangup_cause, duration, billsec, xml_cdr_uuid from v_xml_cdr ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	if (!is_uuid($_REQUEST["id"])) {
+		$sql = "select caller_id_number, caller_id_name, start_epoch, direction, hangup_cause, duration, billsec, xml_cdr_uuid ";
+		$sql .= "from v_xml_cdr where true ";
+		$sql .= "and domain_uuid = :domain_uuid ";
 		$sql .= "and direction != 'outbound' ";
-		$sql .= "order by start_stamp DESC ";
-		$sql .= "limit '".$_SESSION['call_block']['recent_call_limit']['text']."'";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll();
-		unset ($prep_statement);
+		$sql .= "order by start_stamp desc ";
+		$sql .= limit_offset($_SESSION['call_block']['recent_call_limit']['text']);
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$database = new database;
+		$database = new database;
+		$result = $database->select($sql, $parameters);
+		unset($sql, $parameters);
 
 		echo "<b>".$text['label-edit-add-recent']."</b>";
 		echo "<br><br>";
@@ -367,7 +382,7 @@
 		$row_style["0"] = "row_style0";
 		$row_style["1"] = "row_style1";
 
-		if (is_array($result)) {
+		if (is_array($result) && sizeof($result) != 0) {
 			foreach($result as $row) {
 				$tr_onclick = " onclick=\"call_block_recent('".escape($row['xml_cdr_uuid'])."','".urlencode(escape($row['caller_id_name']))."');\" ";
 				if (strlen($row['caller_id_number']) >= 7) {
@@ -424,23 +439,17 @@
 					echo 		"<a href='javascript:void(0);' onclick=\"call_block_recent('".escape($row['xml_cdr_uuid'])."','".urlencode(escape($row['caller_id_name']))."');\" alt='".$text['button-add']."'>".$v_link_label_add."</a>";
 					echo "  </td>";
 					echo "</tr>\n";
-					if ($c==0) { $c=1; } else { $c=0; }
+					$c = $c == 1 ? 0 : 1;
 				}
-			} //end foreach
-			unset($sql, $result, $row_count);
+			}
+			unset($result);
 
-			echo "</table>";
-			echo "<br><br>";
-
-		} //end if results
-		else {
-			echo "</table>";
-			echo "<br><br>";
-			echo "<br><br>";
 		}
 
+		echo "</table>";
+		echo "<br>";
+
 	}
-	// end of Display Last 5-10 Calls
 
 //include the footer
 	require_once "resources/footer.php";