diff --git a/app/call_center_active/call_center_active_inc.php b/app/call_center_active/call_center_active_inc.php index c05bb304a2..fd6d40b398 100644 --- a/app/call_center_active/call_center_active_inc.php +++ b/app/call_center_active/call_center_active_inc.php @@ -49,11 +49,11 @@ //get the queues from the database if (!is_array($_SESSION['queues'])) { $sql = "select * from v_call_center_queues "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "order by queue_name ASC "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $_SESSION['queues'] = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "order by queue_name asc "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $_SESSION['queues'] = $database->select($sql, $parameters, 'all'); } //get the queue name @@ -150,11 +150,11 @@ //get the agents from the database if (!is_array($_SESSION['agents'])) { $sql = "select * from v_call_center_agents "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "order by agent_name ASC "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $_SESSION['agents'] = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "order by agent_name asc "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $_SESSION['agents'] = $database->select($sql, $parameters, 'all'); } //list the agents diff --git a/app/call_center_active/call_center_queue.php b/app/call_center_active/call_center_queue.php index 9770be4910..d064525c5d 100644 --- a/app/call_center_active/call_center_queue.php +++ b/app/call_center_active/call_center_queue.php @@ -50,21 +50,6 @@ $order_by = $_GET["order_by"]; $order = $_GET["order"]; -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } - //show the content echo "\n"; echo "\n"; @@ -82,7 +67,6 @@ //get the call center queue count $sql = "select count(*) from v_call_center_queues "; $sql .= "where domain_uuid = :domain_uuid "; - if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; } $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; $num_rows = $database->select($sql, $parameters, 'column'); @@ -98,12 +82,10 @@ //get the call center queues $sql = "select * from v_call_center_queues "; $sql .= "where domain_uuid = :domain_uuid "; - if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; } - $sql .= " limit :rows_per_page offset :offset "; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); $database = new database; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; $call_center_queues = $database->select($sql, $parameters, 'all'); $c = 0; diff --git a/app/call_centers/call_center_agent_dashboard.php b/app/call_centers/call_center_agent_dashboard.php index 4c5e2fcc24..3ace616485 100644 --- a/app/call_centers/call_center_agent_dashboard.php +++ b/app/call_centers/call_center_agent_dashboard.php @@ -51,21 +51,6 @@ $order_by = $_GET["order_by"]; $order = $_GET["order"]; -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } - //setup the event socket connection $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); @@ -81,12 +66,15 @@ if ($fp) { //set the user_status $sql = "update v_users set "; - $sql .= "user_status = '".$row['agent_status']."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and username = '".$row['agent_name']."' "; - //echo $sql."\n"; - //$prep_statement = $db->prepare(check_sql($sql)); - //$prep_statement->execute(); + $sql .= "user_status = :user_status "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and username = :username "; + $parameters['user_status'] = $row['agent_status']; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['username'] = $row['agent_name']; + //$database = new database; + //$database->execute($sql, $parameters); + //unset($sql, $parameters); //set the agent status to available and assign the agent to the queue with the tier if ($row['agent_status'] == 'Available') { @@ -124,18 +112,21 @@ $sql = "select * from v_call_center_queues "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "order by queue_name asc "; - $database = new database; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; $call_center_queues = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get the agents from the database $sql = "select * from v_call_center_agents "; $sql .= "where user_uuid = :user_uuid "; $sql .= "and domain_uuid = :domain_uuid "; //$sql .= "ORDER BY agent_name ASC "; - $database = new database; $parameters['user_uuid'] = $_SESSION['user_uuid']; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; $agent = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //echo "
\n";
 	//print_r($agent);
 	//echo "
\n"; diff --git a/app/call_centers/call_center_agent_delete.php b/app/call_centers/call_center_agent_delete.php index f6d07dd55f..591d15b2f6 100644 --- a/app/call_centers/call_center_agent_delete.php +++ b/app/call_centers/call_center_agent_delete.php @@ -30,10 +30,7 @@ require_once "resources/check_auth.php"; //check the permissions - if (permission_exists('call_center_agent_delete')) { - //access granted - } - else { + if (!permission_exists('call_center_agent_delete')) { echo "access denied"; exit; } @@ -43,47 +40,50 @@ $text = $language->get(); //get the primary key - if (isset($_GET["id"]) && is_uuid($_GET["id"])) { - $id = check_str($_GET["id"]); - } - else { - exit; + if (is_uuid($_GET["id"])) { + $agent_uuid = $_GET["id"]; + + //delete the agent from the freeswitch + //setup the event socket connection + $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); + //delete the agent over event socket + if ($fp) { + $cmd = "api callcenter_config agent del ".$agent_uuid; + $response = event_socket_request($fp, $cmd); + } + + //delete the agent from db + //tiers table + $sql = "delete from v_call_center_tiers "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and agent_name = :agent_name "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['agent_name'] = $agent_uuid; + $database = new database; + $database->execute($sql, $parameters); + unset($sql, $parameters); + + //agents table + $array['call_center_agents'][0]['call_center_agent_uuid'] = $agent_uuid; + $array['call_center_agents'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $database->app_name = 'call_centers'; + $database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370'; + $database->delete($array); + $response = $database->message; + unset($array); + + //synchronize configuration + save_call_center_xml(); + remove_config_from_cache('configuration:callcenter.conf'); + + //set message + message::add($text['message-delete']); + } -//delete the agent from the freeswitch - //setup the event socket connection - $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); - //delete the agent over event socket - if ($fp) { - $cmd = "api callcenter_config agent del ".$id; - $response = event_socket_request($fp, $cmd); - } - -//delete the agent from db - if (strlen($id)>0) { - //tiers table - $sql = "delete from v_call_center_tiers "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and agent_name = '$agent_name' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); - - //agents table - $sql = "delete from v_call_center_agents "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and call_center_agent_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); - } - -//synchronize configuration - save_call_center_xml(); - remove_config_from_cache('configuration:callcenter.conf'); //redirect the browser - message::add($text['message-delete']); header("Location: call_center_agents.php"); return; diff --git a/app/call_centers/call_center_agent_edit.php b/app/call_centers/call_center_agent_edit.php index 9221507832..a2023068ef 100644 --- a/app/call_centers/call_center_agent_edit.php +++ b/app/call_centers/call_center_agent_edit.php @@ -47,34 +47,31 @@ if ($_GET["check"] == 'duplicate') { //agent id if ($_GET["agent_id"] != '') { - $sql = "select "; - $sql .= "agent_name "; - $sql .= "from "; - $sql .= "v_call_center_agents "; - $sql .= "where "; - $sql .= "agent_id = '".check_str($_GET["agent_id"])."' "; - $sql .= "and domain_uuid = '".$domain_uuid."' "; - if ($_GET["agent_uuid"] != '') { - $sql .= " and call_center_agent_uuid <> '".check_str($_GET["agent_uuid"])."' "; + $sql = "select agent_name "; + $sql .= "from v_call_center_agents "; + $sql .= "where agent_id = :agent_id "; + $sql .= "and domain_uuid = :domain_uuid "; + if (is_uuid($_GET["agent_uuid"])) { + $sql .= " and call_center_agent_uuid <> :call_center_agent_uuid "; + $parameters['call_center_agent_uuid'] = $_GET["agent_uuid"]; } - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['agent_name'] != '') { - echo $text['message-duplicate_agent_id'].((if_group("superadmin")) ? ": ".$row["agent_name"] : null); - } + $parameters['agent_id'] = $_GET["agent_id"]; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0 && $row['agent_name'] != '') { + echo $text['message-duplicate_agent_id'].(if_group("superadmin") ? ": ".$row["agent_name"] : null); } - unset($prep_statement); + unset($sql, $parameters); } exit; } //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $call_center_agent_uuid = check_str($_REQUEST["id"]); + $call_center_agent_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -82,21 +79,21 @@ //get http post variables and set them to php variables if (is_array($_POST)) { - $call_center_agent_uuid = check_str($_POST["call_center_agent_uuid"]); - $user_uuid = check_str($_POST["user_uuid"]); - $agent_name = check_str($_POST["agent_name"]); - $agent_type = check_str($_POST["agent_type"]); - $agent_call_timeout = check_str($_POST["agent_call_timeout"]); - $agent_id = check_str($_POST["agent_id"]); - $agent_password = check_str($_POST["agent_password"]); - $agent_status = check_str($_POST["agent_status"]); - $agent_contact = check_str($_POST["agent_contact"]); - $agent_no_answer_delay_time = check_str($_POST["agent_no_answer_delay_time"]); - $agent_max_no_answer = check_str($_POST["agent_max_no_answer"]); - $agent_wrap_up_time = check_str($_POST["agent_wrap_up_time"]); - $agent_reject_delay_time = check_str($_POST["agent_reject_delay_time"]); - $agent_busy_delay_time = check_str($_POST["agent_busy_delay_time"]); - //$agent_logout = check_str($_POST["agent_logout"]); + $call_center_agent_uuid = $_POST["call_center_agent_uuid"]; + $user_uuid = $_POST["user_uuid"]; + $agent_name = $_POST["agent_name"]; + $agent_type = $_POST["agent_type"]; + $agent_call_timeout = $_POST["agent_call_timeout"]; + $agent_id = $_POST["agent_id"]; + $agent_password = $_POST["agent_password"]; + $agent_status = $_POST["agent_status"]; + $agent_contact = $_POST["agent_contact"]; + $agent_no_answer_delay_time = $_POST["agent_no_answer_delay_time"]; + $agent_max_no_answer = $_POST["agent_max_no_answer"]; + $agent_wrap_up_time = $_POST["agent_wrap_up_time"]; + $agent_reject_delay_time = $_POST["agent_reject_delay_time"]; + $agent_busy_delay_time = $_POST["agent_busy_delay_time"]; + //$agent_logout = $_POST["agent_logout"]; } //process the user data and save it to the database @@ -104,7 +101,7 @@ //get the uuid from the POST if ($action == "update") { - $call_center_agent_uuid = check_str($_POST["call_center_agent_uuid"]); + $call_center_agent_uuid = $_POST["call_center_agent_uuid"]; } //check for all required data @@ -214,8 +211,8 @@ } //get the users array - $sql = "SELECT * FROM v_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql = "select * from v_users "; + $sql .= "where domain_uuid = :domain_uuid'".$_SESSION['domain_uuid']."' "; $sql .= "order by username asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); @@ -264,14 +261,15 @@ //pre-populate the form if (is_array($_GET) && $_POST["persistformvar"] != "true") { - $call_center_agent_uuid = check_str($_GET["id"]); + $call_center_agent_uuid = $_GET["id"]; $sql = "select * from v_call_center_agents "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and call_center_agent_uuid = '$call_center_agent_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and call_center_agent_uuid = :call_center_agent_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['call_center_agent_uuid'] = $call_center_agent_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $call_center_agent_uuid = $row["call_center_agent_uuid"]; $user_uuid = $row["user_uuid"]; $agent_name = $row["agent_name"]; @@ -288,7 +286,7 @@ $agent_busy_delay_time = $row["agent_busy_delay_time"]; //$agent_logout = $row["agent_logout"]; } - unset ($prep_statement); + unset($sql, $parameters); } //set default values @@ -310,14 +308,14 @@ } //get the list of users for this domain - $sql = "SELECT * FROM v_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql = "select * from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and user_enabled = 'true' "; $sql .= "order by username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $users = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset($sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $users = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //javascript to check for duplicates ?> diff --git a/app/call_centers/call_center_agent_status.php b/app/call_centers/call_center_agent_status.php index 2fae4e20d0..96745e4b9f 100644 --- a/app/call_centers/call_center_agent_status.php +++ b/app/call_centers/call_center_agent_status.php @@ -50,8 +50,8 @@ //get the agents from the database $sql = "select * from v_call_center_tiers "; $sql .= "where domain_uuid = :domain_uuid "; - $database = new database; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; $tiers = $database->select($sql, $parameters, 'all'); if (count($tiers) == 0) { $per_queue_login = true; @@ -59,6 +59,7 @@ else { $per_queue_login = false; } + unset($sql, $parameters); //setup the event socket connection $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); @@ -77,15 +78,21 @@ if ($fp) { //set the user_status if (!isset($row['queue_name'])) { - $sql = "update v_users set "; - $sql .= "user_status = :row['agent_status'] "; - $sql .= "where domain_uuid = :domain_uuid "; - $sql .= "and user_uuid = :row['user_uuid'] "; - $parameters['agent_uuid'] = $row['agent_uuid']; - $parameters['agent_status'] = $row['agent_status']; + $array['users'][0]['user_uuid'] = $row['user_uuid']; + $array['users'][0]['user_status'] = $row['agent_status']; + $array['users'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + + $p = new permissions; + $p->add('user_edit', 'temp'); + $database = new database; - $database->select($sql, $parameters); - unset($parameters); + $database->app_name = 'call_centers'; + $database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370'; + $database->save($array); + $response = $database->message; + unset($array); + + $p->delete('user_edit', 'temp'); } //validate the agent status @@ -153,11 +160,12 @@ //get the agents from the database $sql = "select agent_name from v_call_center_agents "; $sql .= "where domain_uuid = :domain_uuid "; - $sql .= "and call_center_agent_uuid = :row['agent_uuid'] "; + $sql .= "and call_center_agent_uuid = :call_center_agent_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['call_center_agent_uuid'] = $row['agent_uuid']; $database = new database; - $parameters['agent_uuid'] = $row['agent_uuid']; $agent_name = $database->select($sql, $parameters, 'all'); - unset($parameters); + unset($sql, $parameters); if ($row['agent_status'] == 'Available') { $answer_state = 'confirmed'; @@ -187,8 +195,10 @@ $sql = "select * from v_call_center_agents "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "order by agent_name asc "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; $agents = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //get the agent list from event socket $switch_cmd = 'callcenter_config agent list'; @@ -204,8 +214,10 @@ $sql = "select * from v_call_center_queues "; $sql .= "where domain_uuid = :domain_uuid "; $sql .= "order by queue_name asc "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; $call_center_queues = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //add the status to the call_center_queues array $x = 0; diff --git a/app/call_centers/call_center_agents.php b/app/call_centers/call_center_agents.php index 3213866f97..a118c05cc5 100644 --- a/app/call_centers/call_center_agents.php +++ b/app/call_centers/call_center_agents.php @@ -48,24 +48,9 @@ require_once "resources/paging.php"; //get http values and set them to php variables - $order_by = $_GET["order_by"]; + $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'agent_name'; $order = $_GET["order"]; -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } - //show content echo "
\n"; echo "\n"; @@ -82,20 +67,12 @@ echo "\n"; echo "
\n"; - $sql = "select * from v_call_center_agents "; + $sql = "select count(*) from v_call_center_agents "; $sql .= "where domain_uuid = :domain_uuid "; - if (strlen($order_by) == 0) { - $order_by = 'agent_name'; - $order = 'asc'; - } - else { - $sql .= "order by $order_by $order "; - } - $database = new database; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; - $result = $database->select($sql, $parameters, 'all'); + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; $param = ""; @@ -106,18 +83,12 @@ $sql = "select * from v_call_center_agents "; $sql .= "where domain_uuid = :domain_uuid "; - if (strlen($order_by) == 0) { - $order_by = 'agent_name'; - $order = 'asc'; - } - else { - $sql .= "order by $order_by $order "; - } - $sql .= " limit :rows_per_page offset :offset "; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); $c = 0; $row_style["0"] = "row_style0"; @@ -164,15 +135,16 @@ $bridge_statement = explode('/', $row['agent_contact']); if ($bridge_statement[0] == 'sofia' && $bridge_statement[1] == 'gateway' && is_uuid($bridge_statement[2])) { // retrieve gateway name from db - $sql = "select gateway from v_gateways where gateway_uuid = '".$bridge_statement[2]."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql = "select gateway from v_gateways "; + $sql .= "where gateway_uuid = :gateway_uuid "; + $parameters['gateway_uuid'] = $bridge_statement[2]; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); if (count($result) > 0) { $gateway_name = $result[0]['gateway']; $agent_contact = str_replace($bridge_statement[2], $gateway_name, $agent_contact); } - unset ($prep_statement, $sql, $bridge_statement); + unset($sql, $parameters, $bridge_statement); } echo " ".$agent_contact." \n"; echo " ".escape($row['agent_max_no_answer'])." \n"; @@ -193,7 +165,7 @@ echo "\n"; if ($c==0) { $c=1; } else { $c=0; } } //end foreach - unset($sql, $result, $row_count); + unset($result); } //end if results echo "\n"; diff --git a/app/call_centers/call_center_queue_delete.php b/app/call_centers/call_center_queue_delete.php index f5a2fb3ea0..27237b2a30 100644 --- a/app/call_centers/call_center_queue_delete.php +++ b/app/call_centers/call_center_queue_delete.php @@ -42,52 +42,58 @@ $language = new text; $text = $language->get(); -//get the id - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); - } - //delete the data - if (strlen($id) > 0) { + if (is_uuid($_GET["id"])) { + $call_center_queue_uuid = $_GET["id"]; //get the dialplan uuid $sql = "select * from v_call_center_queues "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and call_center_queue_uuid = '$id' "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - while($row = $prep_statement->fetch(PDO::FETCH_ASSOC)) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and call_center_queue_uuid = :call_center_queue_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['call_center_queue_uuid'] = $call_center_queue_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $queue_name = $row['queue_name']; $dialplan_uuid = $row['dialplan_uuid']; } + unset($sql, $parameters, $row); //delete the tier from the database - $sql = "delete from v_call_center_tiers "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and (call_center_queue_uuid = '$id' or queue_name = '".$queue_name."@".$_SESSION['domain_name']."') "; - $db->query($sql); - unset($sql); + $array['call_center_tiers'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['call_center_tiers'][0]['call_center_queue_uuid'] = $call_center_queue_uuid; + $array['call_center_tiers'][1]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['call_center_tiers'][1]['queue_name'] = $queue_name."@".$_SESSION['domain_name']; //delete the call center queue - $sql = "delete from v_call_center_queues "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and call_center_queue_uuid = '$id' "; - $db->query($sql); - unset($sql); + $array['call_center_queues'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['call_center_queues'][0]['call_center_queue_uuid'] = $call_center_queue_uuid; //delete the dialplan entry - $sql = "delete from v_dialplans "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and dialplan_uuid = '$dialplan_uuid' "; - $db->query($sql); - unset($sql); + $array['dialplans'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['dialplans'][0]['dialplan_uuid'] = $dialplan_uuid; //delete the dialplan details - $sql = "delete from v_dialplan_details "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and dialplan_uuid = '$dialplan_uuid' "; - $db->query($sql); - unset($sql); + $array['dialplan_details'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid; + + //execute + $p = new permissions; + $p->add('call_center_tier_delete', 'temp'); + $p->add('dialplan_delete', 'temp'); + $p->add('dialplan_detail_delete', 'temp'); + + $database = new database; + $database->app_name = 'call_centers'; + $database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370'; + $database->delete($array); + $response = $database->message; + unset($array); + + $p->delete('call_center_tier_delete', 'temp'); + $p->delete('dialplan_delete', 'temp'); + $p->delete('dialplan_detail_delete', 'temp'); //clear the cache $cache = new cache; @@ -100,10 +106,12 @@ //apply settings reminder $_SESSION["reload_xml"] = true; + + //set message + message::add($text['message-delete']); } //redirect the browser - message::add($text['message-delete']); header("Location: call_center_queues.php"); return; diff --git a/app/call_centers/call_center_queue_edit.php b/app/call_centers/call_center_queue_edit.php index 8588c50666..090acb2caf 100644 --- a/app/call_centers/call_center_queue_edit.php +++ b/app/call_centers/call_center_queue_edit.php @@ -44,9 +44,9 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $call_center_queue_uuid = check_str($_REQUEST["id"]); + $call_center_queue_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -55,15 +55,13 @@ //get total call center queues count from the database, check limit, if defined if ($action == 'add') { if ($_SESSION['limit']['call_center_queues']['numeric'] != '') { - $sql = "select count(*) as num_rows from v_call_center_queues "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - $total_call_center_queues = $row['num_rows']; - } - unset($prep_statement, $row); + $sql = "select count(*) from v_call_center_queues "; + $sql .= "where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $total_call_center_queues = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); + if ($total_call_center_queues >= $_SESSION['limit']['call_center_queues']['numeric']) { message::add($text['message-maximum_queues'].' '.$_SESSION['limit']['call_center_queues']['numeric'], 'negative'); header('Location: call_center_queues.php'); @@ -75,30 +73,30 @@ //get http post variables and set them to php variables if (is_array($_POST)) { //get the post variables a run a security chack on them - //$domain_uuid = check_str($_POST["domain_uuid"]); - $dialplan_uuid = check_str($_POST["dialplan_uuid"]); - $queue_name = check_str($_POST["queue_name"]); - $queue_extension = check_str($_POST["queue_extension"]); - $queue_greeting = check_str($_POST["queue_greeting"]); - $queue_strategy = check_str($_POST["queue_strategy"]); - $queue_moh_sound = check_str($_POST["queue_moh_sound"]); - $queue_record_template = check_str($_POST["queue_record_template"]); - $queue_time_base_score = check_str($_POST["queue_time_base_score"]); - $queue_max_wait_time = check_str($_POST["queue_max_wait_time"]); - $queue_max_wait_time_with_no_agent = check_str($_POST["queue_max_wait_time_with_no_agent"]); - $queue_max_wait_time_with_no_agent_time_reached = check_str($_POST["queue_max_wait_time_with_no_agent_time_reached"]); - $queue_tier_rules_apply = check_str($_POST["queue_tier_rules_apply"]); - $queue_tier_rule_wait_second = check_str($_POST["queue_tier_rule_wait_second"]); - $queue_tier_rule_wait_multiply_level = check_str($_POST["queue_tier_rule_wait_multiply_level"]); - $queue_tier_rule_no_agent_no_wait = check_str($_POST["queue_tier_rule_no_agent_no_wait"]); - $queue_timeout_action = check_str($_POST["queue_timeout_action"]); - $queue_discard_abandoned_after = check_str($_POST["queue_discard_abandoned_after"]); - $queue_abandoned_resume_allowed = check_str($_POST["queue_abandoned_resume_allowed"]); - $queue_cid_prefix = check_str($_POST["queue_cid_prefix"]); - $queue_announce_sound = check_str($_POST["queue_announce_sound"]); - $queue_announce_frequency = check_str($_POST["queue_announce_frequency"]); - $queue_cc_exit_keys = check_str($_POST["queue_cc_exit_keys"]); - $queue_description = check_str($_POST["queue_description"]); + //$domain_uuid = $_POST["domain_uuid"]; + $dialplan_uuid = $_POST["dialplan_uuid"]; + $queue_name = $_POST["queue_name"]; + $queue_extension = $_POST["queue_extension"]; + $queue_greeting = $_POST["queue_greeting"]; + $queue_strategy = $_POST["queue_strategy"]; + $queue_moh_sound = $_POST["queue_moh_sound"]; + $queue_record_template = $_POST["queue_record_template"]; + $queue_time_base_score = $_POST["queue_time_base_score"]; + $queue_max_wait_time = $_POST["queue_max_wait_time"]; + $queue_max_wait_time_with_no_agent = $_POST["queue_max_wait_time_with_no_agent"]; + $queue_max_wait_time_with_no_agent_time_reached = $_POST["queue_max_wait_time_with_no_agent_time_reached"]; + $queue_tier_rules_apply = $_POST["queue_tier_rules_apply"]; + $queue_tier_rule_wait_second = $_POST["queue_tier_rule_wait_second"]; + $queue_tier_rule_wait_multiply_level = $_POST["queue_tier_rule_wait_multiply_level"]; + $queue_tier_rule_no_agent_no_wait = $_POST["queue_tier_rule_no_agent_no_wait"]; + $queue_timeout_action = $_POST["queue_timeout_action"]; + $queue_discard_abandoned_after = $_POST["queue_discard_abandoned_after"]; + $queue_abandoned_resume_allowed = $_POST["queue_abandoned_resume_allowed"]; + $queue_cid_prefix = $_POST["queue_cid_prefix"]; + $queue_announce_sound = $_POST["queue_announce_sound"]; + $queue_announce_frequency = $_POST["queue_announce_frequency"]; + $queue_cc_exit_keys = $_POST["queue_cc_exit_keys"]; + $queue_description = $_POST["queue_description"]; //remove invalid characters $queue_cid_prefix = str_replace(":", "-", $queue_cid_prefix); @@ -111,23 +109,25 @@ //delete the tier (agent from the queue) if ($_REQUEST["a"] == "delete" && strlen($_REQUEST["id"]) > 0 && permission_exists("call_center_tier_delete")) { //set the variables - $call_center_queue_uuid = check_str($_REQUEST["id"]); - $call_center_tier_uuid = check_str($_REQUEST["call_center_tier_uuid"]); + $call_center_queue_uuid = $_REQUEST["id"]; + $call_center_tier_uuid = $_REQUEST["call_center_tier_uuid"]; //get the agent details $sql = "select agent_name, queue_name, call_center_agent_uuid, call_center_queue_uuid "; $sql .= "from v_call_center_tiers "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and call_center_tier_uuid = '".$call_center_tier_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $tiers = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (is_array($tiers)) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and call_center_tier_uuid = :call_center_tier_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['call_center_tier_uuid'] = $call_center_tier_uuid; + $database = new database; + $tiers = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + + if (is_array($tiers) && sizeof($tiers) != 0) { foreach ($tiers as &$row) { $call_center_agent_uuid = $row["call_center_agent_uuid"]; $call_center_queue_uuid = $row["call_center_queue_uuid"]; } } - unset ($prep_statement); //delete the agent from freeswitch //setup the event socket connection $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); @@ -139,10 +139,19 @@ } //delete the tier from the database if (strlen($call_center_tier_uuid) > 0) { - $sql = "delete from v_call_center_tiers where domain_uuid = '".$_SESSION['domain_uuid']."' and call_center_tier_uuid = '".$call_center_tier_uuid."'"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + $array['call_center_tiers'][0]['call_center_tier_uuid'] = $call_center_tier_uuid; + $array['call_center_tiers'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + + $p = new permissions; + $p->add('call_center_tier_delete', 'temp'); + + $database = new database; + $database->app_name = 'call_centers'; + $database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370'; + $database->delete($array); + unset($array); + + $p->delete('call_center_tier_delete', 'temp'); } } @@ -151,7 +160,7 @@ //get the uuid from the POST if ($action == "update") { - $call_center_queue_uuid = check_str($_POST["call_center_queue_uuid"]); + $call_center_queue_uuid = $_POST["call_center_queue_uuid"]; } //check for all required data @@ -313,9 +322,9 @@ remove_config_from_cache('configuration:callcenter.conf'); //add agent/tier to queue - $agent_name = check_str($_POST["agent_name"]); - $tier_level = check_str($_POST["tier_level"]); - $tier_position = check_str($_POST["tier_position"]); + $agent_name = $_POST["agent_name"]; + $tier_level = $_POST["tier_level"]; + $tier_position = $_POST["tier_position"]; if ($agent_name != '') { //setup the event socket connection @@ -362,11 +371,14 @@ if (is_array($_GET) && is_uuid($_GET["id"]) && $_POST["persistformvar"] != "true") { $call_center_queue_uuid = $_GET["id"]; $sql = "select * from v_call_center_queues "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and call_center_queue_uuid = '$call_center_queue_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $call_center_queues = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and call_center_queue_uuid = :call_center_queue_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['call_center_queue_uuid'] = $call_center_queue_uuid; + $database = new database; + $call_center_queues = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); + if (is_array($call_center_queues)) { foreach ($call_center_queues as &$row) { $queue_name = $row["queue_name"]; @@ -395,19 +407,20 @@ $queue_description = $row["queue_description"]; } } - unset ($prep_statement); } //get the tiers $sql = "select t.call_center_tier_uuid, t.call_center_agent_uuid, t.call_center_queue_uuid, t.tier_level, t.tier_position, a.agent_name "; $sql .= "from v_call_center_tiers as t, v_call_center_agents as a "; - $sql .= "where t.call_center_queue_uuid = '".$call_center_queue_uuid."' "; + $sql .= "where t.call_center_queue_uuid = :call_center_queue_uuid "; $sql .= "and t.call_center_agent_uuid = a.call_center_agent_uuid "; - $sql .= "and t.domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "and t.domain_uuid = :domain_uuid "; $sql .= "order by tier_level asc, tier_position asc, a.agent_name asc"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $tiers = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['call_center_queue_uuid'] = $call_center_queue_uuid; + $database = new database; + $tiers = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //add an empty row to the tiers array if (count($tiers) == 0) { @@ -430,13 +443,14 @@ //get the agents $sql = "select call_center_agent_uuid, agent_name from v_call_center_agents "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "order by agent_name asc"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $agents = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $agents = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); -//get the sounds + //get the sounds $sounds = new sounds; $sounds = $sounds->get(); @@ -674,7 +688,7 @@ $assigned_agents[] = $field['agent_name']; $x++; } - unset ($prep_statement, $sql, $tiers); + unset ($tiers); echo " \n"; echo "
\n"; echo " ".$text['description-tiers']."\n"; diff --git a/app/call_centers/call_center_queues.php b/app/call_centers/call_center_queues.php index b24e041bff..d1743a0bfd 100644 --- a/app/call_centers/call_center_queues.php +++ b/app/call_centers/call_center_queues.php @@ -48,24 +48,9 @@ require_once "resources/paging.php"; //get http variables and set as php variables - $order_by = $_GET["order_by"]; + $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'queue_name'; $order = $_GET["order"]; -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } - //show the content echo "\n"; echo "\n"; @@ -85,24 +70,15 @@ echo "
\n"; //get total call center queues count from the database - $sql = "select count(*) as num_rows from v_call_center_queues where domain_uuid = :domain_uuid "; - $database = new database; + $sql = "select count(*) from v_call_center_queues "; + $sql .= "where domain_uuid = :domain_uuid "; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - $row = $database->select($sql, $parameters, 'all'); - $total_call_center_queues = $row['num_rows']; - - //prepare to page the results (reuse $sql from above) - if (strlen($order_by) == 0) { - $order_by = 'queue_name'; - $order = 'asc'; - } - else { - $sql .= "order by $order_by $order "; - } $database = new database; - $result = $database->select($sql, $parameters, 'all'); - $num_rows = $database->select($sql, $parameters, 'column'); - + $total_call_center_queues = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); + + //prepare to page the results + $num_rows = $total_call_center_queues; $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; $param = ""; $page = $_GET['page']; @@ -112,18 +88,12 @@ $sql = "select * from v_call_center_queues "; $sql .= "where domain_uuid = :domain_uuid "; - if (strlen($order_by) == 0) { - $order_by = 'queue_name'; - $order = 'asc'; - } - else { - $sql .= "order by $order_by $order "; - } - $sql .= " limit :rows_per_page offset :offset "; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); $c = 0; $row_style["0"] = "row_style0"; diff --git a/app/call_centers/call_center_tier_edit.php b/app/call_centers/call_center_tier_edit.php index 91bfa0503f..206d56d8db 100644 --- a/app/call_centers/call_center_tier_edit.php +++ b/app/call_centers/call_center_tier_edit.php @@ -39,20 +39,20 @@ else { $text = $language->get(); //set tier uuid - $call_center_tier_uuid = check_str($_REQUEST["id"]); + $call_center_tier_uuid = $_REQUEST["id"]; //get http post variables and set them to php variables if (count($_POST)>0) { - $agent_name = check_str($_POST["agent_name"]); - $queue_name = check_str($_POST["queue_name"]); - $tier_level = check_str($_POST["tier_level"]); - $tier_position = check_str($_POST["tier_position"]); + $agent_name = $_POST["agent_name"]; + $queue_name = $_POST["queue_name"]; + $tier_level = $_POST["tier_level"]; + $tier_position = $_POST["tier_position"]; } if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $msg = ''; - $call_center_tier_uuid = check_str($_POST["call_center_tier_uuid"]); + $call_center_tier_uuid = $_POST["call_center_tier_uuid"]; //check for all required data //if (strlen($domain_uuid) == 0) { $msg .= $text['message-required']."domain_uuid
\n"; } @@ -100,30 +100,35 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { } //update the database - $sql = "update v_call_center_tiers set "; - $sql .= "domain_uuid = '$domain_uuid', "; - $sql .= "agent_name = '$agent_name', "; - $sql .= "queue_name = '$queue_name', "; - $sql .= "tier_level = '$tier_level', "; - $sql .= "tier_position = '$tier_position' "; - $sql .= "where call_center_tier_uuid = '$call_center_tier_uuid'"; - $db->exec(check_sql($sql)); - unset($sql); + $array['call_center_tiers'][0]['call_center_tier_uuid'] = $call_center_tier_uuid; + $array['call_center_tiers'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['call_center_tiers'][0]['agent_name'] = $agent_name; + $array['call_center_tiers'][0]['queue_name'] = $queue_name; + $array['call_center_tiers'][0]['tier_level'] = $tier_level; + $array['call_center_tiers'][0]['tier_position'] = $tier_position; + $database = new database; + $database->app_name = 'call_centers'; + $database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370'; + $database->save($array); + unset($array); //syncrhonize configuration save_call_center_xml(); remove_config_from_cache('configuration:callcenter.conf'); //look up queue uuid by queue name (ugh) - $sql = "select call_center_queue_uuid from v_call_center_queues where queue_name = '".$queue_name."'"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $queue_uuid = $row["call_center_queue_uuid"]; - break; + $sql = "select call_center_queue_uuid from v_call_center_queues "; + $sql .= "where queue_name = :queue_name "; + $parameters['queue_name'] = $queue_name; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && sizeof($result) != 0) { + foreach ($result as &$row) { + $queue_uuid = $row["call_center_queue_uuid"]; + break; + } } - unset($prep_statement); + unset($sql, $parameters, $result, $row); message::add($text['message-update']); header("Location: call_center_queue_edit.php?id=".$queue_uuid); @@ -134,19 +139,22 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { $sql = "select * from v_call_center_tiers "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and call_center_tier_uuid = '$call_center_tier_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $agent_name = $row["agent_name"]; - $queue_name = $row["queue_name"]; - $tier_level = $row["tier_level"]; - $tier_position = $row["tier_position"]; - break; //limit to 1 row + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and call_center_tier_uuid = :call_center_tier_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['call_center_tier_uuid'] = $call_center_tier_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && sizeof($result) != 0) { + foreach ($result as &$row) { + $agent_name = $row["agent_name"]; + $queue_name = $row["queue_name"]; + $tier_level = $row["tier_level"]; + $tier_position = $row["tier_position"]; + break; //limit to 1 row + } } - unset ($prep_statement); + unset($sql, $parameters, $result, $row); } @@ -177,16 +185,17 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo "\n"; //---- Begin Select List -------------------- - $sql = "SELECT * FROM v_users "; - $sql .= "where domain_uuid = '$domain_uuid' "; + $sql = "select * from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and user_enabled = 'true' "; $sql .= "order by username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); echo "\n"; echo "\n"; - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); //$catcount = count($result); foreach($result as $field) { if ($field[queue_name] == $queue_name) {