From 7fed9bf48f37c369777647ffecb8bc407cc79d6a Mon Sep 17 00:00:00 2001 From: Nate Date: Wed, 7 Aug 2019 18:59:26 -0600 Subject: [PATCH] Fax Server: Database class integration. --- app/fax/app_languages.php | 20 ++ app/fax/fax.php | 71 +++---- app/fax/fax_active.php | 23 +-- app/fax/fax_active_exec.php | 47 ++--- app/fax/fax_active_inc.php | 155 ++++++-------- app/fax/fax_copy.php | 178 +++++++--------- app/fax/fax_delete.php | 73 ++++--- app/fax/fax_edit.php | 387 ++++++++++++++++------------------- app/fax/fax_emails.php | 167 +++++++-------- app/fax/fax_file_delete.php | 37 ++-- app/fax/fax_files.php | 123 +++++------ app/fax/fax_files_remote.php | 49 ++--- app/fax/fax_log_delete.php | 36 ++-- app/fax/fax_log_view.php | 25 +-- app/fax/fax_logs.php | 49 ++--- app/fax/fax_send.php | 336 ++++++++++++++++-------------- 16 files changed, 836 insertions(+), 940 deletions(-) diff --git a/app/fax/app_languages.php b/app/fax/app_languages.php index 53106d599a..687833b144 100644 --- a/app/fax/app_languages.php +++ b/app/fax/app_languages.php @@ -1941,6 +1941,26 @@ $text['label-fax_send_channels']['ru-ru'] = "Количество каналов $text['label-fax_send_channels']['sv-se'] = ""; $text['label-fax_send_channels']['uk-ua'] = ""; +$text['label-copy']['en-us'] = "Copy"; +$text['label-copy']['ar-eg'] = "Copy"; +$text['label-copy']['de-at'] = "Copy"; +$text['label-copy']['de-ch'] = "Copy"; +$text['label-copy']['de-de'] = "Copy"; +$text['label-copy']['es-cl'] = "Copy"; +$text['label-copy']['es-mx'] = "Copy"; +$text['label-copy']['fr-ca'] = "Copy"; +$text['label-copy']['fr-fr'] = "Copy"; +$text['label-copy']['he-il'] = "Copy"; +$text['label-copy']['it-it'] = "Copy"; +$text['label-copy']['nl-nl'] = "Copy"; +$text['label-copy']['pl-pl'] = "Copy"; +$text['label-copy']['pt-br'] = "Copy"; +$text['label-copy']['pt-pt'] = "Copy"; +$text['label-copy']['ro-ro'] = "Copy"; +$text['label-copy']['ru-ru'] = "Copy"; +$text['label-copy']['sv-se'] = "Copy"; +$text['label-copy']['uk-ua'] = "Copy"; + $text['header-sent']['en-us'] = "Sent Faxes"; $text['header-sent']['ar-eg'] = ""; $text['header-sent']['de-at'] = "Gesendete Faxe"; //copied from de-de diff --git a/app/fax/fax.php b/app/fax/fax.php index e823f9f24b..53308f0ff3 100644 --- a/app/fax/fax.php +++ b/app/fax/fax.php @@ -47,35 +47,29 @@ $text = $language->get(); //get the http get values and set them as php variables - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; -//get the fax extensions +//get record counts if (if_group("superadmin") || if_group("admin")) { //show all fax extensions - $sql = "select count(*) as num_rows from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql = "select count(*) from v_fax as f "; + $sql .= "where f.domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; } else { //show only assigned fax extensions - $sql = "select count(*) as num_rows from v_fax as f, v_fax_users as u "; + $sql = "select count(*) from v_fax as f, v_fax_users as u "; $sql .= "where f.fax_uuid = u.fax_uuid "; - $sql .= "and f.domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and u.user_uuid = '".$_SESSION['user_uuid']."' "; + $sql .= "and f.domain_uuid = :domain_uuid "; + $sql .= "and u.user_uuid = :user_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['user_uuid'] = $_SESSION['user_uuid']; } - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - } - unset($prep_statement, $result); + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); +//prepare paging $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; $param = ""; $page = check_str($_GET['page']); @@ -83,28 +77,13 @@ list($paging_controls, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page); $offset = $rows_per_page * $page; - if (if_group("superadmin") || if_group("admin")) { - //show all fax extensions - $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - if (strlen($order_by) == 0) { $sql .= "order by fax_name asc "; } - } - else { - //show only assigned fax extensions - $sql = "select * from v_fax as f, v_fax_users as u "; - $sql .= "where f.fax_uuid = u.fax_uuid "; - $sql .= "and f.domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and u.user_uuid = '".$_SESSION['user_uuid']."' "; - if (strlen($order_by) == 0) { $sql .= "order by f.fax_name asc "; } - } - if (strlen($order_by) > 0) { - $sql .= "order by $order_by $order "; - } - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - unset ($prep_statement, $sql); +//get records + $sql = str_replace('count(*)', '*', $sql); + $sql .= order_by($order_by, $order, 'f.fax_name', 'asc'); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //show the content echo "\n"; @@ -136,7 +115,7 @@ echo "\n"; echo "\n"; - if ($num_rows > 0) { + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { //remove the backslash $fax_email = str_replace("\\", "", $row['fax_email']); @@ -191,9 +170,9 @@ echo "\n"; //alternate the CSS class if ($c==0) { $c=1; } else { $c=0; } - } //end foreach - unset($sql, $result); - } //end if results + } + } + unset($result, $row); echo "\n"; echo ""; - if ($emails) { + if (is_array($emails) && @sizeof($emails) != 0) { rsort($emails); // most recent on top foreach ($emails as $email_id) { $metadata = object_to_array(imap_fetch_overview($connection, $email_id, FT_UID)); @@ -230,9 +235,7 @@ } echo " \n"; $c = ($c) ? 0 : 1; - } - } else { echo "\n"; diff --git a/app/fax/fax_log_delete.php b/app/fax/fax_log_delete.php index 72b224f0bb..5327d5fa95 100755 --- a/app/fax/fax_log_delete.php +++ b/app/fax/fax_log_delete.php @@ -43,24 +43,32 @@ $text = $language->get(); //get the id - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); - $fax_uuid = check_str($_GET["fax_uuid"]); - } + $fax_log_uuid = $_GET["id"]; + $fax_uuid = $_GET["fax_uuid"]; //delete the fax log - if (strlen($id)>0) { - //delete fax_log - $sql = "delete from v_fax_logs "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and fax_log_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + if (is_uuid($fax_log_uuid) && is_uuid($fax_uuid)) { + //build array + $array['fax_logs'][0]['domain_uuid'] = $domain_uuid; + $array['fax_logs'][0]['fax_log_uuid'] = $fax_log_uuid; + + //execute + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); + + //redirect + header('Location: fax_logs.php?id='.$fax_uuid); + exit; } //redirect the user - message::add($text['message-delete']); - header('Location: fax_logs.php?id='.$fax_uuid); + header('Location: fax.php'); + exit; ?> diff --git a/app/fax/fax_log_view.php b/app/fax/fax_log_view.php index 0a56fbef8d..7673b5555d 100644 --- a/app/fax/fax_log_view.php +++ b/app/fax/fax_log_view.php @@ -42,18 +42,20 @@ $language = new text; $text = $language->get(); -//pre-populate the form - if (isset($_REQUEST["id"]) && isset($_REQUEST["fax_uuid"])) { - $fax_log_uuid = check_str($_REQUEST["id"]); - $fax_uuid = check_str($_REQUEST["fax_uuid"]); +//get ids + $fax_log_uuid = $_REQUEST["id"]; + $fax_uuid = $_REQUEST["fax_uuid"]; +//pre-populate the form + if (is_uuid($fax_log_uuid) && is_uuid($fax_uuid)) { $sql = "select * from v_fax_logs "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and fax_log_uuid = '".$fax_log_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_log_uuid = :fax_log_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['fax_log_uuid'] = $fax_log_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $fax_log_uuid = $row["fax_log_uuid"]; $fax_success = $row["fax_success"]; $fax_result_code = $row["fax_result_code"]; @@ -73,9 +75,8 @@ $fax_uri = $row["fax_uri"]; $fax_date = $row["fax_date"]; $fax_epoch = $row["fax_epoch"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header diff --git a/app/fax/fax_logs.php b/app/fax/fax_logs.php index 59aae70d5f..70430212a7 100755 --- a/app/fax/fax_logs.php +++ b/app/fax/fax_logs.php @@ -47,9 +47,7 @@ $order = $_GET["order"]; //get the fax_uuid - if (count($_GET) > 0) { - $fax_uuid = check_str($_GET["id"]); - } + $fax_uuid = $_GET["id"]; //additional includes require_once "resources/header.php"; @@ -73,20 +71,13 @@ echo "
\n"; diff --git a/app/fax/fax_active.php b/app/fax/fax_active.php index 0b176e0e72..077722c7d6 100644 --- a/app/fax/fax_active.php +++ b/app/fax/fax_active.php @@ -39,26 +39,19 @@ else { $text = $language->get(); //get the HTTP values and set as variables - $show = trim($_REQUEST["show"]); - if ($show != "all") { $show = ''; } - -// - $fax_uuid = false; - if(isset($_REQUEST['id'])) { - $fax_uuid = check_str($_REQUEST["id"]); - } + $show = $_REQUEST["show"]; + $fax_uuid = $_REQUEST["id"]; //load gateways into a session variable $sql = "select gateway_uuid, domain_uuid, gateway from v_gateways where enabled = 'true'"; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && @sizeof($result) != 0) { foreach ($result as $row) { $_SESSION['gateways'][$row['gateway_uuid']] = $row['gateway']; } } - unset($sql, $prep_statement, $result, $row); + unset($sql, $result, $row); //show the header $document['title'] = $text['title']; @@ -75,8 +68,8 @@ else { if ($show == 'all') { echo "source_url = source_url + '&show=all';"; } - if ($fax_uuid) { - echo "source_url = source_url + '&id=" . $fax_uuid . "';"; + if (is_uuid($fax_uuid)) { + echo "source_url = source_url + '&id=".$fax_uuid."';"; } if (isset($_REQUEST["debug"])) { echo "source_url = source_url + '&debug';"; diff --git a/app/fax/fax_active_exec.php b/app/fax/fax_active_exec.php index 24b38ac2d0..71038aa7b3 100644 --- a/app/fax/fax_active_exec.php +++ b/app/fax/fax_active_exec.php @@ -38,37 +38,28 @@ else { } //authorized referrer - if(stristr($_SERVER["HTTP_REFERER"], '/fax_active.php') === false) { - echo " access denied"; - exit; - } - -//http get variables set to php variables - if (count($_GET)>0) { - $cmd = trim(check_str($_GET['cmd'])); - $fax_uuid = trim(check_str($_GET['id'])); - } - -//authorized commands - if ($cmd == 'delete') { - //authorized; - } else { - //not found. this command is not authorized + if (stristr($_SERVER["HTTP_REFERER"], '/fax_active.php') === false) { echo "access denied"; exit; } -//Command - if ($cmd == 'delete') { - if($fax_uuid){ - $sql = <<exec($sql); - // if($result === false){ - // var_dump($db->errorInfo()); - // } - } +//http get variables set to php variables + $cmd = trim($_GET['cmd']); + $fax_uuid = trim($_GET['id']); + +//command + if ($cmd == 'delete' && is_uuid($fax_uuid)) { + $array['fax_tasks'][0]['fax_task_uuid'] = $fax_uuid; + + $p = new permissions; + $p->add('fax_task_delete', 'temp'); + + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->delete($array); + unset($array); + + $p->delete('fax_task_delete', 'temp'); } ?> \ No newline at end of file diff --git a/app/fax/fax_active_inc.php b/app/fax/fax_active_inc.php index 54b708397d..62bcbf4b01 100644 --- a/app/fax/fax_active_inc.php +++ b/app/fax/fax_active_inc.php @@ -34,91 +34,65 @@ else { exit; } -if ((!permission_exists('fax_active_all')) && ($show == 'all')) { +if (!permission_exists('fax_active_all') && $show == 'all') { echo "access denied"; exit; } -$fax_uuid = false; -if(isset($_REQUEST['id'])) { - $fax_uuid = check_str($_REQUEST["id"]); -} - //add multi-lingual support $language = new text; $text = $language->get(); -//get the HTTP values and set as variables - $show = trim($_REQUEST["show"]); - if ($show != "all") { $show = ''; } +//get submitted values + $fax_uuid = $_REQUEST["id"]; + $show = $_REQUEST["show"]; //include theme config for button images include_once("themes/".$_SESSION['domain']['template']['name']."/config.php"); -$where = 'where (1 = 1)'; - -if($show !== 'all'){ - $where .= 'and (t3.domain_name = \'' . check_str($_SESSION['domain_name']) . '\')'; -} -else if($fax_uuid){ - if(!permission_exists('fax_active_all')){ - $where .= 'and (t3.domain_name = \'' . check_str($_SESSION['domain_name']) . '\')'; +//construct query + $sql = "select "; + $sql .= "t1.fax_task_uuid as uuid, "; + $sql .= "t1.fax_uuid as fax_uuid, "; + $sql .= "t3.domain_name, "; + $sql .= "t3.domain_uuid, "; + $sql .= "t1.task_next_time as next_time, "; + $sql .= "t1.task_interrupted as interrupted, "; + $sql .= "t1.task_status as status, "; + $sql .= "t1.task_uri as uri, "; + $sql .= "t1.task_dial_string as dial_string, "; + $sql .= "t1.task_dtmf as dtmf, "; + $sql .= "t1.task_fax_file as fax_file, "; + $sql .= "t1.task_wav_file as wav_file, "; + $sql .= "t1.task_reply_address as reply_address, "; + $sql .= "t1.task_no_answer_counter as no_answer_counter, "; + $sql .= "t1.task_no_answer_retry_counter as no_answer_retry_counter, "; + $sql .= "t1.task_retry_counter as retry_counter, "; + $sql .= "t2.fax_send_greeting as greeting, "; + $sql .= "t2.fax_name as fax_server_name "; + $sql .= "from v_fax_tasks t1 "; + $sql .= "inner join v_fax t2 on t2.fax_uuid = t1.fax_uuid "; + $sql .= "inner join v_domains t3 on t2.domain_uuid = t3.domain_uuid "; + $sql .= "where true "; + if ($show !== 'all'){ + $sql .= "and t3.domain_name = :domain_name "; + $parameters['domain_name'] = $_SESSION['domain_name']; } - $where .= 'and (t1.fax_uuid =\'' . check_str($fax_uuid) . '\')'; -} - - $sql = <<prepare(check_sql($sql)); - if ($prep_statement) { - if($prep_statement->execute()) { - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); + else if (is_uuid($fax_uuid)) { + if (!permission_exists('fax_active_all')) { + $sql .= "and t3.domain_name = :domain_name "; + $parameters['domain_name'] = $_SESSION['domain_name']; } + $sql .= "and t1.fax_uuid = :fax_uuid "; + $parameters['fax_uuid'] = $fax_uuid; } - unset($prep_statement, $sql, $where); + $sql .= "order by domain_name, fax_server_name, next_time "; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + $message = $database->message; + unset($sql, $parameters); -//if the connnection is available then run it and return the results - if ($result === false) { - var_dump($db->errorInfo()); - $msg = "
".$text['message-fail']."
"; - echo "
\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "
".$text['label-message']."
$msg
\n"; - echo "
\n"; - } - else { + if (is_array($result) && @sizeof($result) != 0) { //define js function call var $onhover_pause_refresh = " onmouseover='refresh_stop();' onmouseout='refresh_start();'"; @@ -158,12 +132,12 @@ HERE; //show headers echo "\n"; echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; echo "\n"; echo "\n"; @@ -175,8 +149,8 @@ HERE; $task_status = $text['fax-active_status_wait']; $task_next_time = $row['next_time']; - if($row['status'] > 0){ - if($row['status'] <= 3){ + if ($row['status'] > 0) { + if ($row['status'] <= 3) { $task_status = $text['fax-active_status_execute']; } else if($row['status'] == 10){ @@ -189,17 +163,18 @@ HERE; $fax_server = $row['fax_server_name']; if ($show == 'all') { - $fax_server .= '@' . $domain_name; + $fax_server .= '@'.$domain_name; } $task_files = ''; - if(!empty($row['fax_file'])){ - $task_files .= ' ' . basename($row['fax_file']); + if (!empty($row['fax_file'])) { + $task_files .= ' '.basename($row['fax_file']); } - if(!empty($row['wav_file'])){ - $task_files .= '
 ' . basename($row['wav_file']); - } else if(!empty($row['greeting'])){ - $task_files .= '
 ' . basename($row['greeting']); + if (!empty($row['wav_file'])) { + $task_files .= '
 '.basename($row['wav_file']); + } + else if (!empty($row['greeting'])) { + $task_files .= '
 '.basename($row['greeting']); } //replace gateway uuid with name @@ -210,12 +185,12 @@ HERE; } echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; echo "\n"; echo "\n"; diff --git a/app/fax/fax_copy.php b/app/fax/fax_copy.php index 0e3e70684f..8587217796 100644 --- a/app/fax/fax_copy.php +++ b/app/fax/fax_copy.php @@ -40,107 +40,87 @@ else { $text = $language->get(); //set the http get/post variable(s) to a php variable - if (isset($_REQUEST["id"])) { - $fax_uuid = check_str($_REQUEST["id"]); + $fax_uuid = $_REQUEST["id"]; + + if (is_uuid($fax_uuid)) { + + //get the data + $sql = "select * from v_fax "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $fax_extension = $row["fax_extension"]; + $fax_name = $row["fax_name"]; + $fax_email = $row["fax_email"]; + $fax_email_connection_type = $row["fax_email_connection_type"]; + $fax_email_connection_host = $row["fax_email_connection_host"]; + $fax_email_connection_port = $row["fax_email_connection_port"]; + $fax_email_connection_security = $row["fax_email_connection_security"]; + $fax_email_connection_validate = $row["fax_email_connection_validate"]; + $fax_email_connection_username = $row["fax_email_connection_username"]; + $fax_email_connection_password = $row["fax_email_connection_password"]; + $fax_email_connection_mailbox = $row["fax_email_connection_mailbox"]; + $fax_email_inbound_subject_tag = $row["fax_email_inbound_subject_tag"]; + $fax_email_outbound_subject_tag = $row["fax_email_outbound_subject_tag"]; + $fax_email_outbound_authorized_senders = $row["fax_email_outbound_authorized_senders"]; + $fax_pin_number = $row["fax_pin_number"]; + $fax_caller_id_name = $row["fax_caller_id_name"]; + $fax_caller_id_number = $row["fax_caller_id_number"]; + $fax_forward_number = $row["fax_forward_number"]; + $fax_description = $row["fax_description"].' ('.$text['label-copy'].')'; + } + unset($sql, $parameters, $row); + + //build array + $fax_uuid = uuid(); + $dialplan_uuid = uuid(); + $array['fax'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['fax'][0]['fax_uuid'] = $fax_uuid; + $array['fax'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['fax'][0]['fax_extension'] = $fax_extension; + $array['fax'][0]['fax_name'] = $fax_name; + $array['fax'][0]['fax_email'] = $fax_email; + $array['fax'][0]['fax_email_connection_type'] = $fax_email_connection_type; + $array['fax'][0]['fax_email_connection_host'] = $fax_email_connection_host; + $array['fax'][0]['fax_email_connection_port'] = $fax_email_connection_port; + $array['fax'][0]['fax_email_connection_security'] = $fax_email_connection_security; + $array['fax'][0]['fax_email_connection_validate'] = $fax_email_connection_validate; + $array['fax'][0]['fax_email_connection_username'] = $fax_email_connection_username; + $array['fax'][0]['fax_email_connection_password'] = $fax_email_connection_password; + $array['fax'][0]['fax_email_connection_mailbox'] = $fax_email_connection_mailbox; + $array['fax'][0]['fax_email_inbound_subject_tag'] = $fax_email_inbound_subject_tag; + $array['fax'][0]['fax_email_outbound_subject_tag'] = $fax_email_outbound_subject_tag; + $array['fax'][0]['fax_email_outbound_authorized_senders'] = $fax_email_outbound_authorized_senders; + $array['fax'][0]['fax_pin_number'] = $fax_pin_number; + $array['fax'][0]['fax_caller_id_name'] = $fax_caller_id_name; + $array['fax'][0]['fax_caller_id_number'] = $fax_caller_id_number; + if (strlen($fax_forward_number) > 0) { + $array['fax'][0]['fax_forward_number'] = $fax_forward_number; + } + $array['fax'][0]['fax_description'] = $fax_description; + + //execute insert + $p = new permissions; + $p->add('fax_add', 'temp'); + + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->save($array); + unset($array); + + $p->delete('fax_add', 'temp'); + + //set message + message::add($text['confirm-copy']); } -//get the data - $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '$fax_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (count($result) == 0) { - echo "access denied"; - exit; - } - foreach ($result as &$row) { - $fax_extension = $row["fax_extension"]; - $fax_name = $row["fax_name"]; - $fax_email = $row["fax_email"]; - $fax_email_connection_type = $row["fax_email_connection_type"]; - $fax_email_connection_host = $row["fax_email_connection_host"]; - $fax_email_connection_port = $row["fax_email_connection_port"]; - $fax_email_connection_security = $row["fax_email_connection_security"]; - $fax_email_connection_validate = $row["fax_email_connection_validate"]; - $fax_email_connection_username = $row["fax_email_connection_username"]; - $fax_email_connection_password = $row["fax_email_connection_password"]; - $fax_email_connection_mailbox = $row["fax_email_connection_mailbox"]; - $fax_email_inbound_subject_tag = $row["fax_email_inbound_subject_tag"]; - $fax_email_outbound_subject_tag = $row["fax_email_outbound_subject_tag"]; - $fax_email_outbound_authorized_senders = $row["fax_email_outbound_authorized_senders"]; - $fax_pin_number = $row["fax_pin_number"]; - $fax_caller_id_name = $row["fax_caller_id_name"]; - $fax_caller_id_number = $row["fax_caller_id_number"]; - $fax_forward_number = $row["fax_forward_number"]; - $fax_description = 'copy: '.$row["fax_description"]; - } - unset ($prep_statement); - -//copy the fax extension - $fax_uuid = uuid(); - $dialplan_uuid = uuid(); - $sql = "insert into v_fax "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "fax_uuid, "; - $sql .= "dialplan_uuid, "; - $sql .= "fax_extension, "; - $sql .= "fax_name, "; - $sql .= "fax_email, "; - $sql .= "fax_email_connection_type, "; - $sql .= "fax_email_connection_host, "; - $sql .= "fax_email_connection_port, "; - $sql .= "fax_email_connection_security, "; - $sql .= "fax_email_connection_validate, "; - $sql .= "fax_email_connection_username, "; - $sql .= "fax_email_connection_password, "; - $sql .= "fax_email_connection_mailbox, "; - $sql .= "fax_email_inbound_subject_tag, "; - $sql .= "fax_email_outbound_subject_tag, "; - $sql .= "fax_email_outbound_authorized_senders, "; - $sql .= "fax_pin_number, "; - $sql .= "fax_caller_id_name, "; - $sql .= "fax_caller_id_number, "; - if (strlen($fax_forward_number) > 0) { - $sql .= "fax_forward_number, "; - } - $sql .= "fax_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'$fax_uuid', "; - $sql .= "'$dialplan_uuid', "; - $sql .= "'$fax_extension', "; - $sql .= "'$fax_name', "; - $sql .= "'$fax_email', "; - $sql .= "'$fax_email_connection_type', "; - $sql .= "'$fax_email_connection_host', "; - $sql .= "'$fax_email_connection_port', "; - $sql .= "'$fax_email_connection_security', "; - $sql .= "'$fax_email_connection_validate', "; - $sql .= "'$fax_email_connection_username', "; - $sql .= "'$fax_email_connection_password', "; - $sql .= "'$fax_email_connection_mailbox', "; - $sql .= "'$fax_email_inbound_subject_tag', "; - $sql .= "'$fax_email_outbound_subject_tag', "; - $sql .= "'$fax_email_outbound_authorized_senders', "; - $sql .= "'$fax_pin_number', "; - $sql .= "'$fax_caller_id_name', "; - $sql .= "'$fax_caller_id_number', "; - if (strlen($fax_forward_number) > 0) { - $sql .= "'$fax_forward_number', "; - } - $sql .= "'$fax_description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - -//redirect the user - message::add($text['confirm-copy']); +//redirect header("Location: fax.php"); - return; + exit; ?> \ No newline at end of file diff --git a/app/fax/fax_delete.php b/app/fax/fax_delete.php index b4273a95ed..8e4f945f09 100644 --- a/app/fax/fax_delete.php +++ b/app/fax/fax_delete.php @@ -39,45 +39,52 @@ else { $text = $language->get(); //get the http get value and set it as a php variable - if (count($_GET)>0) { - $fax_uuid = check_str($_GET["id"]); - } + $fax_uuid = $_GET["id"]; //delete the fax extension - if (strlen($fax_uuid) > 0) { + if (is_uuid($fax_uuid)) { //get the dialplan uuid - $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '$fax_uuid' "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - while($row = $prep_statement->fetch(PDO::FETCH_ASSOC)) { - $dialplan_uuid = $row['dialplan_uuid']; - } + $sql = "select dialplan_uuid from v_fax "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; + $database = new database; + $dialplan_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //delete the fax entry - $sql = "delete from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '$fax_uuid' "; - $db->query($sql); - unset($sql); + $array['fax'][0]['fax_uuid'] = $fax_uuid; + $array['fax'][0]['domain_uuid'] = $_SESSION['domain_uuid']; - //delete the dialplan entry - $sql = "delete from v_dialplans "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and dialplan_uuid = '$dialplan_uuid' "; - //echo $sql."
\n"; - $db->query($sql); - unset($sql); + if (is_uuid($dialplan_uuid)) { + //delete the dialplan entry + $array['dialplans'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplans'][0]['domain_uuid'] = $_SESSION['domain_uuid']; - //delete the dialplan details - $sql = "delete from v_dialplan_details "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and dialplan_uuid = '$dialplan_uuid' "; - //echo $sql."
\n"; - $db->query($sql); - unset($sql); + //delete the dialplan details + $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplan_details'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + } + + //grant temp permissions + $p = new permissions; + $p->add('fax_delete', 'temp'); + $p->add('dialplan_delete', 'temp'); + $p->add('dialplan_detail_delete', 'temp'); + + //execute delete + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->delete($array); + unset($array); + + //revoke temp permissions + $p->delete('fax_delete', 'temp'); + $p->delete('dialplan_delete', 'temp'); + $p->delete('dialplan_detail_delete', 'temp'); //syncrhonize configuration save_dialplan_xml(); @@ -88,10 +95,12 @@ else { //clear the cache $cache = new cache; $cache->delete("dialplan:".$_SESSION["context"]); + + //set message + message::add($text['message-delete']); } //redirect the user - message::add($text['message-delete']); header("Location: fax.php"); return; diff --git a/app/fax/fax_edit.php b/app/fax/fax_edit.php index 0d5b6a73f7..08c8a7ce8b 100644 --- a/app/fax/fax_edit.php +++ b/app/fax/fax_edit.php @@ -44,7 +44,7 @@ //get the fax_extension and save it as a variable if (strlen($_REQUEST["fax_extension"]) > 0) { - $fax_extension = check_str($_REQUEST["fax_extension"]); + $fax_extension = $_REQUEST["fax_extension"]; } //set the fax directory @@ -76,10 +76,10 @@ } //set the action as an add or an update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $fax_uuid = check_str($_REQUEST["id"]); - $dialplan_uuid = check_str($_REQUEST["dialplan_uuid"]); + $fax_uuid = $_REQUEST["id"]; + $dialplan_uuid = $_REQUEST["dialplan_uuid"]; } else { $action = "add"; @@ -88,26 +88,26 @@ //get the http post values and set them as php variables if (count($_POST) > 0) { //set the variables - $fax_name = check_str($_POST["fax_name"]); - $fax_extension = check_str($_POST["fax_extension"]); - $fax_accountcode = check_str($_POST["accountcode"]); - $fax_destination_number = check_str($_POST["fax_destination_number"]); - $fax_prefix = check_str($_POST["fax_prefix"]); - $fax_email = check_str(implode(',',array_filter($_POST["fax_email"]))); - $fax_email_connection_type = check_str($_POST["fax_email_connection_type"]); - $fax_email_connection_host = check_str($_POST["fax_email_connection_host"]); - $fax_email_connection_port = check_str($_POST["fax_email_connection_port"]); - $fax_email_connection_security = check_str($_POST["fax_email_connection_security"]); - $fax_email_connection_validate = check_str($_POST["fax_email_connection_validate"]); - $fax_email_connection_username = check_str($_POST["fax_email_connection_username"]); - $fax_email_connection_password = check_str($_POST["fax_email_connection_password"]); - $fax_email_connection_mailbox = check_str($_POST["fax_email_connection_mailbox"]); - $fax_email_inbound_subject_tag = check_str($_POST["fax_email_inbound_subject_tag"]); - $fax_email_outbound_subject_tag = check_str($_POST["fax_email_outbound_subject_tag"]); + $fax_name = $_POST["fax_name"]; + $fax_extension = $_POST["fax_extension"]; + $fax_accountcode = $_POST["accountcode"]; + $fax_destination_number = $_POST["fax_destination_number"]; + $fax_prefix = $_POST["fax_prefix"]; + $fax_email = implode(',',array_filter($_POST["fax_email"])); + $fax_email_connection_type = $_POST["fax_email_connection_type"]; + $fax_email_connection_host = $_POST["fax_email_connection_host"]; + $fax_email_connection_port = $_POST["fax_email_connection_port"]; + $fax_email_connection_security = $_POST["fax_email_connection_security"]; + $fax_email_connection_validate = $_POST["fax_email_connection_validate"]; + $fax_email_connection_username = $_POST["fax_email_connection_username"]; + $fax_email_connection_password = $_POST["fax_email_connection_password"]; + $fax_email_connection_mailbox = $_POST["fax_email_connection_mailbox"]; + $fax_email_inbound_subject_tag = $_POST["fax_email_inbound_subject_tag"]; + $fax_email_outbound_subject_tag = $_POST["fax_email_outbound_subject_tag"]; $fax_email_outbound_authorized_senders = $_POST["fax_email_outbound_authorized_senders"]; - $fax_caller_id_name = check_str($_POST["fax_caller_id_name"]); - $fax_caller_id_number = check_str($_POST["fax_caller_id_number"]); - $fax_forward_number = check_str($_POST["fax_forward_number"]); + $fax_caller_id_name = $_POST["fax_caller_id_name"]; + $fax_caller_id_number = $_POST["fax_caller_id_number"]; + $fax_forward_number = $_POST["fax_forward_number"]; if (strlen($fax_destination_number) == 0) { $fax_destination_number = $fax_extension; } @@ -118,13 +118,14 @@ } if (strripos($fax_forward_number, '$1') === false) { $forward_prefix = ''; //not found - } else { + } + else { $forward_prefix = $forward_prefix.$fax_forward_number.'#'; //found } - $fax_local = check_str($_POST["fax_local"]); //! @todo check in database - $fax_description = check_str($_POST["fax_description"]); - $fax_send_greeting = check_str($_POST["fax_send_greeting"]); - $fax_send_channels = check_str($_POST["fax_send_channels"]); + $fax_local = $_POST["fax_local"]; //! @todo check in database + $fax_description = $_POST["fax_description"]; + $fax_send_greeting = $_POST["fax_send_greeting"]; + $fax_send_channels = $_POST["fax_send_channels"]; //restrict size of user data $fax_name = substr($fax_name, 0, 30); @@ -139,15 +140,24 @@ //delete the user from the fax users if ($_GET["a"] == "delete" && permission_exists("fax_extension_delete")) { //set the variables - $user_uuid = check_str($_REQUEST["user_uuid"]); - $fax_uuid = check_str($_REQUEST["id"]); + $user_uuid = $_REQUEST["user_uuid"]; + $fax_uuid = $_REQUEST["id"]; //delete the group from the users - $sql = "delete from v_fax_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '".$fax_uuid."' "; - $sql .= "and user_uuid = '".$user_uuid."' "; - $db->exec(check_sql($sql)); + $array['fax_users'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['fax_users'][0]['fax_uuid'] = $fax_uuid; + $array['fax_users'][0]['user_uuid'] = $user_uuid; + + $p = new permissions; + $p->add('fax_user_delete', 'temp'); + + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->delete($array); + unset($array); + + $p->delete('fax_user_delete', 'temp'); //redirect the browser message::add($text['message-delete']); @@ -156,26 +166,26 @@ } //add the user to the fax users - if (strlen($_REQUEST["user_uuid"]) > 0 && strlen($_REQUEST["id"]) > 0 && $_GET["a"] != "delete") { + if (is_uuid($_REQUEST["user_uuid"]) && is_uuid($_REQUEST["id"]) && $_GET["a"] != "delete") { //set the variables - $user_uuid = check_str($_REQUEST["user_uuid"]); - $fax_uuid = check_str($_REQUEST["id"]); + $user_uuid = $_REQUEST["user_uuid"]; + $fax_uuid = $_REQUEST["id"]; //assign the user to the fax extension - $sql_insert = "insert into v_fax_users "; - $sql_insert .= "("; - $sql_insert .= "fax_user_uuid, "; - $sql_insert .= "domain_uuid, "; - $sql_insert .= "fax_uuid, "; - $sql_insert .= "user_uuid "; - $sql_insert .= ")"; - $sql_insert .= "values "; - $sql_insert .= "("; - $sql_insert .= "'".uuid()."', "; - $sql_insert .= "'".$_SESSION['domain_uuid']."', "; - $sql_insert .= "'".$fax_uuid."', "; - $sql_insert .= "'".$user_uuid."' "; - $sql_insert .= ")"; - $db->exec($sql_insert); + $array['fax_users'][0]['fax_user_uuid'] = uuid(); + $array['fax_users'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['fax_users'][0]['fax_uuid'] = $fax_uuid; + $array['fax_users'][0]['user_uuid'] = $user_uuid; + + $p = new permissions; + $p->add('fax_user_add', 'temp'); + + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->save($array); + unset($array); + + $p->delete('fax_user_add', 'temp'); //redirect the browser message::add($text['confirm-add']); @@ -190,7 +200,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $msg = ''; if ($action == "update" && permission_exists('fax_extension_edit')) { - $fax_uuid = check_str($_POST["fax_uuid"]); + $fax_uuid = $_POST["fax_uuid"]; } //check for all required data @@ -233,7 +243,6 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { //prep authorized senders if (sizeof($fax_email_outbound_authorized_senders) > 0) { foreach ($fax_email_outbound_authorized_senders as $sender_num => $sender) { - $sender = check_str($sender); if ($sender == '' || !valid_email($sender)) { unset($fax_email_outbound_authorized_senders[$sender_num]); } } $fax_email_outbound_authorized_senders = implode(',', $fax_email_outbound_authorized_senders); @@ -244,143 +253,84 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $fax_uuid = uuid(); $dialplan_uuid = uuid(); - //add the fax extension to the database - $sql = "insert into v_fax "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "fax_uuid, "; - $sql .= "dialplan_uuid, "; - $sql .= "fax_extension, "; - $sql .= "accountcode, "; - $sql .= "fax_destination_number, "; - $sql .= "fax_prefix, "; - $sql .= "fax_name, "; - $sql .= "fax_email, "; - if (permission_exists('fax_extension_advanced') && function_exists("imap_open") && file_exists("fax_files_remote.php")) { - $sql .= "fax_email_connection_type, "; - $sql .= "fax_email_connection_host, "; - $sql .= "fax_email_connection_port, "; - $sql .= "fax_email_connection_security, "; - $sql .= "fax_email_connection_validate, "; - $sql .= "fax_email_connection_username, "; - $sql .= "fax_email_connection_password, "; - $sql .= "fax_email_connection_mailbox, "; - $sql .= "fax_email_inbound_subject_tag, "; - $sql .= "fax_email_outbound_subject_tag, "; - $sql .= "fax_email_outbound_authorized_senders, "; - } - $sql .= "fax_caller_id_name, "; - $sql .= "fax_caller_id_number, "; - if (strlen($fax_forward_number) > 0) { - $sql .= "fax_forward_number, "; - } - if (permission_exists('fax_send_greeting')) { - $sql .= "fax_send_greeting,"; - } - $sql .= "fax_send_channels,"; - $sql .= "fax_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'$fax_uuid', "; - $sql .= "'$dialplan_uuid', "; - $sql .= "'$fax_extension', "; - $sql .= "'$fax_accountcode', "; - $sql .= "'$fax_destination_number', "; - $sql .= "'$fax_prefix', "; - $sql .= "'$fax_name', "; - $sql .= "'$fax_email', "; - if (permission_exists('fax_extension_advanced') && function_exists("imap_open") && file_exists("fax_files_remote.php")) { - $sql .= "'$fax_email_connection_type', "; - $sql .= "'$fax_email_connection_host', "; - $sql .= "'$fax_email_connection_port', "; - $sql .= "'$fax_email_connection_security', "; - $sql .= "'$fax_email_connection_validate', "; - $sql .= "'$fax_email_connection_username', "; - $sql .= "'$fax_email_connection_password', "; - $sql .= "'$fax_email_connection_mailbox', "; - $sql .= "'$fax_email_inbound_subject_tag', "; - $sql .= "'$fax_email_outbound_subject_tag', "; - $sql .= "'$fax_email_outbound_authorized_senders', "; - } - $sql .= "'$fax_caller_id_name', "; - $sql .= "'$fax_caller_id_number', "; - if (strlen($fax_forward_number) > 0) { - $sql .= "'$fax_forward_number', "; - } - if (permission_exists('fax_send_greeting')) { - $sql .= (strlen($fax_send_greeting)==0?'NULL':"'$fax_send_greeting'") . ","; - } - $sql .= (strlen($fax_send_channels)==0?'NULL':"'$fax_send_channels'") . ","; + //begin insert array + $array['fax'][0]['fax_uuid'] = $fax_uuid; + $array['fax'][0]['dialplan_uuid'] = $dialplan_uuid; - $sql .= "'$fax_description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + //assign temp permission + $p = new permissions; + $p->add('fax_add', 'temp'); //set the dialplan action $dialplan_type = "add"; } if ($action == "update" && permission_exists('fax_extension_edit')) { - //update the fax extension in the database - $dialplan_type = ""; - $sql = "update v_fax set "; - $sql .= "fax_extension = '$fax_extension', "; - $sql .= "accountcode = '$fax_accountcode', "; - $sql .= "fax_destination_number = '$fax_destination_number', "; - $sql .= "fax_prefix = '$fax_prefix', "; - $sql .= "fax_name = '$fax_name', "; - $sql .= "fax_email = '$fax_email', "; + //begin update array + $array['fax'][0]['fax_uuid'] = $fax_uuid; + + //assign temp permission + $p = new permissions; + $p->add('fax_edit', 'temp'); + } + + if (is_array($array) && @sizeof($array) != 0) { + //add common columns to array + $array['fax'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['fax'][0]['fax_extension'] = $fax_extension; + $array['fax'][0]['accountcode'] = $fax_accountcode; + $array['fax'][0]['fax_destination_number'] = $fax_destination_number; + $array['fax'][0]['fax_prefix'] = $fax_prefix; + $array['fax'][0]['fax_name'] = $fax_name; + $array['fax'][0]['fax_email'] = $fax_email; if (permission_exists('fax_extension_advanced') && function_exists("imap_open") && file_exists("fax_files_remote.php")) { - $sql .= "fax_email_connection_type = '$fax_email_connection_type', "; - $sql .= "fax_email_connection_host = '$fax_email_connection_host', "; - $sql .= "fax_email_connection_port = '$fax_email_connection_port', "; - $sql .= "fax_email_connection_security = '$fax_email_connection_security', "; - $sql .= "fax_email_connection_validate = '$fax_email_connection_validate', "; - $sql .= "fax_email_connection_username = '$fax_email_connection_username', "; - $sql .= "fax_email_connection_password = '$fax_email_connection_password', "; - $sql .= "fax_email_connection_mailbox = '$fax_email_connection_mailbox', "; - $sql .= "fax_email_inbound_subject_tag = '$fax_email_inbound_subject_tag', "; - $sql .= "fax_email_outbound_subject_tag = '$fax_email_outbound_subject_tag', "; - $sql .= "fax_email_outbound_authorized_senders = '$fax_email_outbound_authorized_senders', "; + $array['fax'][0]['fax_email_connection_type'] = $fax_email_connection_type; + $array['fax'][0]['fax_email_connection_host'] = $fax_email_connection_host; + $array['fax'][0]['fax_email_connection_port'] = $fax_email_connection_port; + $array['fax'][0]['fax_email_connection_security'] = $fax_email_connection_security; + $array['fax'][0]['fax_email_connection_validate'] = $fax_email_connection_validate; + $array['fax'][0]['fax_email_connection_username'] = $fax_email_connection_username; + $array['fax'][0]['fax_email_connection_password'] = $fax_email_connection_password; + $array['fax'][0]['fax_email_connection_mailbox'] = $fax_email_connection_mailbox; + $array['fax'][0]['fax_email_inbound_subject_tag'] = $fax_email_inbound_subject_tag; + $array['fax'][0]['fax_email_outbound_subject_tag'] = $fax_email_outbound_subject_tag; + $array['fax'][0]['fax_email_outbound_authorized_senders'] = $fax_email_outbound_authorized_senders; } - $sql .= "fax_caller_id_name = '$fax_caller_id_name', "; - $sql .= "fax_caller_id_number = '$fax_caller_id_number', "; - if (strlen($fax_forward_number) > 0) { - $sql .= "fax_forward_number = '$fax_forward_number', "; + $array['fax'][0]['fax_caller_id_name'] = $fax_caller_id_name; + $array['fax'][0]['fax_caller_id_number'] = $fax_caller_id_number; + if ($action == "add" && strlen($fax_forward_number) > 0) { + $array['fax'][0]['fax_forward_number'] = $fax_forward_number; } - else { - $sql .= "fax_forward_number = null, "; + if ($action == "update") { + $array['fax'][0]['fax_forward_number'] = strlen($fax_forward_number) > 0 ? $fax_forward_number : null; } if (permission_exists('fax_send_greeting')) { - $tmp = strlen($fax_send_greeting)==0?'NULL':"'$fax_send_greeting'"; - $sql .= "fax_send_greeting = $tmp,"; + $array['fax'][0]['fax_send_greeting'] = strlen($fax_send_greeting) != 0 ? $fax_send_greeting : null; } - $tmp = strlen($fax_send_channels)==0?'NULL':"'$fax_send_channels'"; - $sql .= "fax_send_channels = $tmp,"; + $array['fax'][0]['fax_send_channels'] = strlen($fax_send_channels) != 0 ? $fax_send_channels : null; + $array['fax'][0]['fax_description'] = $fax_description; - $sql .= "fax_description = '$fax_description' "; + //execute + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->save($array); + unset($array); - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '$fax_uuid' "; - - $db->exec(check_sql($sql)); - unset($sql); + //revoke temp permissions + $p->delete('fax_add', 'temp'); + $p->delete('fax_edit', 'temp'); } //get the dialplan_uuid - $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '$fax_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $dialplan_uuid = $row["dialplan_uuid"]; - } - unset ($prep_statement); + $sql = "select dialplan_uuid from v_fax "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; + $database = new database; + $dialplan_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //dialplan add or update $c = new fax; @@ -405,23 +355,20 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { header("Location: fax.php"); return; - } //if ($_POST["persistformvar"] != "true") -} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } +} //pre-populate the form - if (strlen($_GET['id']) > 0 && $_POST["persistformvar"] != "true") { - $fax_uuid = check_str($_GET["id"]); + if (is_uuid($_GET['id']) && $_POST["persistformvar"] != "true") { + $fax_uuid = $_GET["id"]; $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '".$fax_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (count($result) == 0) { - echo "access denied"; - exit; - } - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $dialplan_uuid = $row["dialplan_uuid"]; $fax_extension = $row["fax_extension"]; $fax_accountcode = $row["accountcode"]; @@ -447,7 +394,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $fax_send_greeting = $row["fax_send_greeting"]; $fax_send_channels = $row["fax_send_channels"]; } - unset ($prep_statement); + unset($sql, $parameters, $row); } else{ $fax_send_channels = 10; @@ -457,7 +404,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $fax_name = str_replace("-", " ", $fax_name); //set the dialplan_uuid - if (strlen($dialplan_uuid) == 0) { + if (!is_uuid($dialplan_uuid)) { $dialplan_uuid = uuid(); } @@ -636,13 +583,13 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $sql = "select * from v_fax_users as e, v_users as u "; $sql .= "where e.user_uuid = u.user_uuid "; - $sql .= "and e.domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and e.fax_uuid = '".$fax_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - $result_count = count($result); - if ($result_count > 0) { + $sql .= "and e.domain_uuid = :domain_uuid "; + $sql .= "and e.fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { echo "
" . $text['fax-active_title_fax_server'] . "" . $text['fax-active_title_enabled'] . "" . $text['fax-active_title_status'] . "" . $text['fax-active_title_next_time'] . "" . $text['fax-active_title_files'] . "" . $text['fax-active_title_uri'] . "".$text['fax-active_title_fax_server']."".$text['fax-active_title_enabled']."".$text['fax-active_title_status']."".$text['fax-active_title_next_time']."".$text['fax-active_title_files']."".$text['fax-active_title_uri']."
" . $fax_server . " " . $task_enabled . " " . $task_status . " " . $task_next_time . " " . $task_files . " " . $fax_uri . " ".$fax_server." ".$task_enabled." ".$task_status." ".$task_next_time." ".$task_files." ".$fax_uri." ".$v_link_label_delete."
\n"; foreach($result as $field) { echo " \n"; @@ -654,25 +601,33 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $assigned_user_uuids[] = $field['user_uuid']; } echo "
\n"; - echo "
\n"; + echo "
\n"; } + unset($sql, $parameters, $result, $field); $sql = "select * from v_users "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - if (isset($assigned_user_id)) foreach($assigned_user_uuids as $assigned_user_uuid) { - $sql .= "and user_uuid <> '".$assigned_user_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; + if (is_array($assigned_user_uuids) && @sizeof($assigned_user_uuids) != 0) { + foreach($assigned_user_uuids as $index => $assigned_user_uuid) { + if (is_uuid($assigned_user_uuid)) { + $sql .= "and user_uuid <> :user_uuid_".$index; + $parameters['user_uuid_'.$index] = $assigned_user_uuid; + } + } + unset($assigned_user_uuids, $index, $assigned_user_uuid); } - unset($assigned_user_uuids); - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - echo " \n"; + echo " \n"; + if (is_array($result) && @sizeof($result) != 0) { + foreach($result as $field) { + echo " \n"; + } } + unset($sql, $parameters, $result, $field); echo " "; echo " \n"; - unset($sql, $result); echo "
\n"; echo " ".$text['description-user-add']."\n"; echo "
\n"; @@ -738,20 +693,20 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo "\n"; } //phrases - $sql = "select * from v_phrases where domain_uuid = '".$domain_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (count($result) > 0) { + $sql = "select * from v_phrases where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($array) && @sizeof($array) != 0) { echo "\n"; foreach ($result as &$row) { $selected = ($fax_send_greeting == "phrase:".$row["phrase_uuid"]) ? true : false; echo " \n"; if ($selected) { $tmp_selected = true; } } - unset ($prep_statement); echo "\n"; } + unset($sql, $parameters, $result, $row); //sounds $file = new file; $sound_files = $file->sounds(); diff --git a/app/fax/fax_emails.php b/app/fax/fax_emails.php index 0a1967cf60..a3d940d7aa 100644 --- a/app/fax/fax_emails.php +++ b/app/fax/fax_emails.php @@ -35,10 +35,9 @@ require_once "resources/classes/text.php"; $sql = "select * from v_fax "; $sql .= "where fax_email_connection_host <> '' "; $sql .= "and fax_email_connection_host is not null "; -$prep_statement = $db->prepare(check_sql($sql)); -$prep_statement->execute(); -$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); -unset($sql, $prep_statement); +$database = new database; +$result = $database->select($sql, null, 'all'); +unset($sql); function arr_to_map(&$arr){ if(is_array($arr)){ @@ -51,20 +50,19 @@ function arr_to_map(&$arr){ return false; } -if (sizeof($result) != 0) { +if (is_array($array) && @sizeof($array) != 0) { //load default settings $default_settings = load_default_settings(); //get event socket connection parameters $sql = "select event_socket_ip_address, event_socket_port, event_socket_password from v_settings"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $record = $prep_statement->fetch(PDO::FETCH_NAMED); - $event_socket['ip_address'] = $record['event_socket_ip_address']; - $event_socket['port'] = $record['event_socket_port']; - $event_socket['password'] = $record['event_socket_password']; - unset($sql, $prep_statement, $record); + $database = new database; + $row = $database->select($sql, null, 'row'); + $event_socket['ip_address'] = $row['event_socket_ip_address']; + $event_socket['port'] = $row['event_socket_port']; + $event_socket['password'] = $row['event_socket_password']; + unset($sql, $row); $fax_send_mode_default = $_SESSION['fax']['send_mode']['text']; if(strlen($fax_send_mode_default) == 0){ @@ -74,7 +72,7 @@ if (sizeof($result) != 0) { $fax_allowed_extension_default = arr_to_map($_SESSION['fax']['allowed_extension']); if($fax_allowed_extension_default == false){ - $tmp = Array('.pdf', '.tiff', '.tif'); + $tmp = array('.pdf', '.tiff', '.tif'); $fax_allowed_extension_default = arr_to_map($tmp); } @@ -126,14 +124,14 @@ if (sizeof($result) != 0) { $_SESSION['event_socket_password'] = $event_socket['password']; //get domain name, set local and session variables - $sql = "select domain_name from v_domains where domain_uuid = '".$domain_uuid."'"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $record = $prep_statement->fetch(PDO::FETCH_NAMED); - $domain_name = $record['domain_name']; - $_SESSION['domain_name'] = $record['domain_name']; + $sql = "select domain_name from v_domains where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + $domain_name = $row['domain_name']; + $_SESSION['domain_name'] = $row['domain_name']; $_SESSION['domain_uuid'] = $domain_uuid; - unset($sql, $prep_statement, $record); + unset($sql, $parameters, $row); //set needed variables $fax_page_size = $_SESSION['fax']['page_size']['text']; @@ -296,91 +294,82 @@ if (sizeof($result) != 0) { //functions used above function load_default_settings() { - global $db; - $sql = "select * from v_default_settings "; $sql .= "where default_setting_enabled = 'true' "; - try { - $prep_statement = $db->prepare($sql . " order by default_setting_order asc "); - $prep_statement->execute(); - } - catch(PDOException $e) { - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - } - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + $database = new database; + $result = $database->select($sql, null, 'all'); //load the settings into an array - foreach ($result as $row) { - $name = $row['default_setting_name']; - $category = $row['default_setting_category']; - $subcategory = $row['default_setting_subcategory']; - if (strlen($subcategory) == 0) { - if ($name == "array") { - $settings[$category][] = $row['default_setting_value']; + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as $row) { + $name = $row['default_setting_name']; + $category = $row['default_setting_category']; + $subcategory = $row['default_setting_subcategory']; + if (strlen($subcategory) == 0) { + if ($name == "array") { + $settings[$category][] = $row['default_setting_value']; + } + else { + $settings[$category][$name] = $row['default_setting_value']; + } } else { - $settings[$category][$name] = $row['default_setting_value']; - } - } else { - if ($name == "array") { - $settings[$category][$subcategory][] = $row['default_setting_value']; - } - else { - $settings[$category][$subcategory][$name] = $row['default_setting_value']; - $settings[$category][$subcategory][$name] = $row['default_setting_value']; + if ($name == "array") { + $settings[$category][$subcategory][] = $row['default_setting_value']; + } + else { + $settings[$category][$subcategory][$name] = $row['default_setting_value']; + $settings[$category][$subcategory][$name] = $row['default_setting_value']; + } } } } + unset($sql, $parameters, $result, $row); return $settings; } function load_domain_settings($domain_uuid) { - global $db; - - if ($domain_uuid) { + if (is_uuid($domain_uuid)) { $sql = "select * from v_domain_settings "; - $sql .= "where domain_uuid = '" . $domain_uuid . "' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and domain_setting_enabled = 'true' "; - try { - $prep_statement = $db->prepare($sql . " order by domain_setting_order asc "); - $prep_statement->execute(); - } - catch(PDOException $e) { - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - } - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - //unset the arrays that domains are overriding - foreach ($result as $row) { - $name = $row['domain_setting_name']; - $category = $row['domain_setting_category']; - $subcategory = $row['domain_setting_subcategory']; - if ($name == "array") { - unset($_SESSION[$category][$subcategory]); - } - } - //set the settings as a session - foreach ($result as $row) { - $name = $row['domain_setting_name']; - $category = $row['domain_setting_category']; - $subcategory = $row['domain_setting_subcategory']; - if (strlen($subcategory) == 0) { - //$$category[$name] = $row['domain_setting_value']; - if ($name == "array") { - $_SESSION[$category][] = $row['domain_setting_value']; + $sql .= "order by domain_setting_order asc " + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { + //unset the arrays that domains are overriding + foreach ($result as $row) { + $name = $row['domain_setting_name']; + $category = $row['domain_setting_category']; + $subcategory = $row['domain_setting_subcategory']; + if ($name == "array") { + unset($_SESSION[$category][$subcategory]); + } } - else { - $_SESSION[$category][$name] = $row['domain_setting_value']; + //set the settings as a session + foreach ($result as $row) { + $name = $row['domain_setting_name']; + $category = $row['domain_setting_category']; + $subcategory = $row['domain_setting_subcategory']; + if (strlen($subcategory) == 0) { + //$$category[$name] = $row['domain_setting_value']; + if ($name == "array") { + $_SESSION[$category][] = $row['domain_setting_value']; + } + else { + $_SESSION[$category][$name] = $row['domain_setting_value']; + } + } + else { + //$$category[$subcategory][$name] = $row['domain_setting_value']; + if ($name == "array") { + $_SESSION[$category][$subcategory][] = $row['domain_setting_value']; + } + else { + $_SESSION[$category][$subcategory][$name] = $row['domain_setting_value']; + } + } } - } else { - //$$category[$subcategory][$name] = $row['domain_setting_value']; - if ($name == "array") { - $_SESSION[$category][$subcategory][] = $row['domain_setting_value']; - } - else { - $_SESSION[$category][$subcategory][$name] = $row['domain_setting_value']; - } - } } } } diff --git a/app/fax/fax_file_delete.php b/app/fax/fax_file_delete.php index 5c9b948a3b..9f316d2fff 100644 --- a/app/fax/fax_file_delete.php +++ b/app/fax/fax_file_delete.php @@ -45,26 +45,25 @@ } //get the id - if (isset($_REQUEST["id"])) { - $fax_file_uuid = check_str($_REQUEST["id"]); - } + $fax_file_uuid = $_REQUEST["id"]; //validate the id if (is_uuid($fax_file_uuid)) { //get the fax file data $sql = "select * from v_fax_files "; - $sql .= "where fax_file_uuid = '".$fax_file_uuid."' "; - $sql .= "and domain_uuid = '".$_SESSION['domain_uuid']."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where fax_file_uuid = :fax_file_uuid "; + $sql .= "and domain_uuid = :domain_uuid "; + $parameters['fax_file_uuid'] = $fax_file_uuid; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $fax_uuid = $row["fax_uuid"]; $fax_mode = $row["fax_mode"]; $fax_file_path = $row["fax_file_path"]; $fax_file_type = $row["fax_file_type"]; } - unset($prep_statement); + unset($sql, $parameters, $row); //set the type if ($fax_mode == 'rx') { $type = 'inbox'; } @@ -91,17 +90,21 @@ } //delete fax file record - $sql = "delete from v_fax_files "; - $sql .= "where fax_file_uuid = '".$fax_file_uuid."' "; - $sql .= "and domain_uuid = '".$_SESSION['domain_uuid']."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($prep_statement); + $array['fax_files'][0]['fax_file_uuid'] = $fax_file_uuid; + $array['fax_files'][0]['domain_uuid'] = $_SESSION['domain_uuid']; - message::add($text['message-delete']); + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); } //redirect the user header('Location: fax_files.php?id='.$fax_uuid.'&box='.$type); + exit; ?> diff --git a/app/fax/fax_files.php b/app/fax/fax_files.php index 7b5f984abf..29e890b880 100644 --- a/app/fax/fax_files.php +++ b/app/fax/fax_files.php @@ -43,46 +43,45 @@ $text = $language->get(); //get variables used to control the order - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; //get fax extension - if (isset($_GET['id']) && is_uuid($_GET["id"])) { + if (is_uuid($_GET["id"])) { $fax_uuid = $_GET["id"]; if (if_group("superadmin") || if_group("admin")) { //show all fax extensions $sql = "select fax_name, fax_extension from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '$fax_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; } else { //show only assigned fax extensions $sql = "select fax_name, fax_extension from v_fax as f, v_fax_users as u "; $sql .= "where f.fax_uuid = u.fax_uuid "; - $sql .= "and f.domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and f.fax_uuid = '$fax_uuid' "; - $sql .= "and u.user_uuid = '".$_SESSION['user_uuid']."' "; + $sql .= "and f.domain_uuid = :domain_uuid "; + $sql .= "and f.fax_uuid = :fax_uuid "; + $sql .= "and u.user_uuid = :user_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; + $parameters['user_uuid'] = $_SESSION['user_uuid']; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (count($result) == 0) { - if (if_group("superadmin") || if_group("admin")) { - //allow access - } - else { + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + //set database fields as variables + $fax_name = $row["fax_name"]; + $fax_extension = $row["fax_extension"]; + } + else { + if (!if_group("superadmin") && !if_group("admin")) { echo "access denied"; exit; } } - foreach ($result as &$row) { - //set database fields as variables - $fax_name = $row["fax_name"]; - $fax_extension = $row["fax_extension"]; - //limit to one row - break; - } - unset ($prep_statement); + unset($sql, $parameters, $row); } //set the fax directory @@ -93,47 +92,47 @@ session_cache_limiter('public'); //test to see if it is in the inbox or sent directory. if ($_GET['type'] == "fax_inbox") { - if (file_exists($fax_dir.'/'.check_str($_GET['ext']).'/inbox/'.check_str($_GET['filename']))) { - $tmp_faxdownload_file = $fax_dir.'/'.check_str($_GET['ext']).'/inbox/'.check_str($_GET['filename']); + if (file_exists($fax_dir.'/'.$_GET['ext'].'/inbox/'.$_GET['filename'])) { + $tmp_faxdownload_file = $fax_dir.'/'.$_GET['ext'].'/inbox/'.$_GET['filename']; } } else if ($_GET['type'] == "fax_sent") { - if (file_exists($fax_dir.'/'.check_str($_GET['ext']).'/sent/'.check_str($_GET['filename']))) { - $tmp_faxdownload_file = $fax_dir.'/'.check_str($_GET['ext']).'/sent/'.check_str($_GET['filename']); + if (file_exists($fax_dir.'/'.$_GET['ext'].'/sent/'.$_GET['filename'])) { + $tmp_faxdownload_file = $fax_dir.'/'.$_GET['ext'].'/sent/'.$_GET['filename']; } } - //let's see if we found it. + //let's see if we found it if (strlen($tmp_faxdownload_file) > 0) { $fd = fopen($tmp_faxdownload_file, "rb"); if ($_GET['t'] == "bin") { header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Description: File Transfer"); - header('Content-Disposition: attachment; filename="'.check_str($_GET['filename']).'"'); + header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"'); } else { - $file_ext = substr(check_str($_GET['filename']), -3); + $file_ext = substr($_GET['filename'], -3); if ($file_ext == "tif") { - header("Content-Type: image/tiff"); + header("Content-Type: image/tiff"); } else if ($file_ext == "png") { - header("Content-Type: image/png"); + header("Content-Type: image/png"); } else if ($file_ext == "jpg") { - header('Content-Type: image/jpeg'); + header('Content-Type: image/jpeg'); } else if ($file_ext == "pdf") { - header("Content-Type: application/pdf"); + header("Content-Type: application/pdf"); } } header('Accept-Ranges: bytes'); header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // date in the past - header("Content-Length: " . filesize($tmp_faxdownload_file)); + header("Content-Length: ".filesize($tmp_faxdownload_file)); fpassthru($fd); } else { - echo "".$text['label-file'].""; + echo $text['label-file']; } exit; } @@ -168,26 +167,19 @@ require_once "resources/paging.php"; //prepare to page the results - $sql = "select count(*) as num_rows from v_fax_files "; - $sql .= "where fax_uuid = '$fax_uuid' "; - $sql .= "and domain_uuid = '$domain_uuid' "; + $sql = "select count(*) from v_fax_files "; + $sql .= "where fax_uuid = :fax_uuid "; + $sql .= "and domain_uuid = :domain_uuid "; if ($_REQUEST['box'] == 'inbox') { $sql .= "and fax_mode = 'rx' "; } if ($_REQUEST['box'] == 'sent') { $sql .= "and fax_mode = 'tx' "; } - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - } + $parameters['fax_uuid'] = $fax_uuid; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -198,21 +190,12 @@ $offset = $rows_per_page * $page; //get the list - $sql = "select * from v_fax_files "; - $sql .= "where fax_uuid = '$fax_uuid' "; - $sql .= "and domain_uuid = '$domain_uuid' "; - if ($_REQUEST['box'] == 'inbox') { - $sql .= "and fax_mode = 'rx' "; - } - if ($_REQUEST['box'] == 'sent') { - $sql .= "and fax_mode = 'tx' "; - } - $sql .= "order by ".((strlen($order_by) > 0) ? $order_by.' '.$order : "fax_date desc")." "; - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $fax_files = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql = str_replace('count(*)', '*', $sql); + $sql .= order_by($order_by, $order, 'fax_date', 'desc'); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $fax_files = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters, $num_rows); //show the header echo "\n"; @@ -250,7 +233,7 @@ echo th_order_by('fax_date', $text['label-fax_date'], $order_by, $order, "&id=".$_GET['id']."&box=".$_GET['box']."&page=".$_GET['page']); echo "\n"; echo "\n"; - if (is_array($fax_files)) { + if (is_array($fax_files) && @sizeof($fax_files) != 0) { foreach($fax_files as $row) { $file = basename($row['fax_file_path']); if (strtolower(substr($file, -3)) == "tif" || strtolower(substr($file, -3)) == "pdf") { @@ -378,9 +361,9 @@ echo " \n"; echo "\n"; $c = ($c) ? 0 : 1; - } //end foreach - unset($sql, $fax_files); - } //end if results + } + } + unset($fax_files, $row); //show the paging controls echo "
 
"; diff --git a/app/fax/fax_files_remote.php b/app/fax/fax_files_remote.php index 780e86e81b..8fd24acd68 100644 --- a/app/fax/fax_files_remote.php +++ b/app/fax/fax_files_remote.php @@ -45,34 +45,34 @@ $language = new text; $text = $language->get(); +//get submitted id + $fax_uuid = $_GET["id"]; + //get fax server uuid, set connection parameters - if (strlen($_GET['id']) > 0) { - $fax_uuid = check_str($_GET["id"]); + if (is_uuid($fax_uuid)) { if (if_group("superadmin") || if_group("admin")) { //show all fax extensions $sql = "select * from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '$fax_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; } else { //show only assigned fax extensions $sql = "select * from v_fax as f, v_fax_users as u "; $sql .= "where f.fax_uuid = u.fax_uuid "; - $sql .= "and f.domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and f.fax_uuid = '$fax_uuid' "; - $sql .= "and u.user_uuid = '".$_SESSION['user_uuid']."' "; + $sql .= "and f.domain_uuid = :domain_uuid "; + $sql .= "and f.fax_uuid = :fax_uuid "; + $sql .= "and u.user_uuid = :user_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; + $parameters['user_uuid'] = $_SESSION['user_uuid']; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (count($result) == 0) { - if (!if_group("superadmin") && !if_group("admin")) { - echo "access denied"; - exit; - } - } - foreach ($result as &$row) { + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $fax_name = $row["fax_name"]; $fax_extension = $row["fax_extension"]; $fax_email_connection_type = $row["fax_email_connection_type"]; @@ -84,9 +84,14 @@ $fax_email_connection_password = $row["fax_email_connection_password"]; $fax_email_connection_mailbox = $row["fax_email_connection_mailbox"]; $fax_email_inbound_subject_tag = $row["fax_email_inbound_subject_tag"]; - break; } - unset ($prep_statement); + else { + if (!if_group("superadmin") && !if_group("admin")) { + echo "access denied"; + exit; + } + } + unset($sql, $parameters, $row); // make connection $fax_email_connection = "{".$fax_email_connection_host.":".$fax_email_connection_port."/".$fax_email_connection_type; @@ -107,7 +112,7 @@ //message action if ($_GET['email_id'] != '') { - $email_id = check_str($_GET['email_id']); + $email_id = $_GET['email_id']; //download attachment if (isset($_GET['download'])) { @@ -210,7 +215,7 @@ } echo "
\n"; //prepare to page the results - $sql = "select count(*) as num_rows from v_fax_logs "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and fax_uuid = '$fax_uuid' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - } + $sql = "select count(*) from v_fax_logs "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['fax_uuid'] = $fax_uuid; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -97,16 +88,12 @@ $offset = $rows_per_page * $page; //get the list - $sql = "select * from v_fax_logs "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and fax_uuid = '$fax_uuid' "; - $sql .= (strlen($order_by) > 0) ? "order by ".$order_by." ".$order." " : "order by fax_epoch desc "; - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $fax_logs = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); + $sql = str_replace('count(*)', '*', $sql); + $sql .= order_by($order_by, $order, 'fax_epoch', 'desc'); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $fax_logs = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters, $num_rows); //set the row style $c = 0; @@ -139,7 +126,7 @@ echo "\n"; echo "\n"; - if (is_array($fax_logs)) { + if (is_array($fax_logs) && @sizeof($fax_logs) != 0) { foreach($fax_logs as $row) { //$fax_date = date("j M Y", $row['fax_date'].' 00:00:00'); $fax_date = ($_SESSION['domain']['time_format']['text'] == '12h') ? date("j M Y g:i:sa", $row['fax_epoch']) : date("j M Y H:i:s", $row['fax_epoch']); @@ -172,9 +159,9 @@ echo "\n"; echo "\n"; if ($c==0) { $c=1; } else { $c=0; } - } //end foreach - unset($sql, $fax_logs); - } //end if results + } + } + unset($fax_logs, $row); echo ""; echo "

"; diff --git a/app/fax/fax_send.php b/app/fax/fax_send.php index 1d058f7767..fbced59a4e 100644 --- a/app/fax/fax_send.php +++ b/app/fax/fax_send.php @@ -53,19 +53,21 @@ if (!$included) { //get the fax_extension and save it as a variable if (strlen($_REQUEST["fax_extension"]) > 0) { - $fax_extension = check_str($_REQUEST["fax_extension"]); + $fax_extension = $_REQUEST["fax_extension"]; } //pre-populate the form - if (strlen($_REQUEST['id']) > 0 && $_POST["persistformvar"] != "true") { - $fax_uuid = check_str($_REQUEST["id"]); + if (is_uuid($_REQUEST['id']) && $_POST["persistformvar"] != "true") { + $fax_uuid = $_REQUEST["id"]; if (if_group("superadmin") || if_group("admin")) { //show all fax extensions $sql = "select fax_uuid, fax_extension, fax_caller_id_name, fax_caller_id_number, "; $sql .= "accountcode, fax_send_greeting "; $sql .= "from v_fax "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and fax_uuid = '$fax_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and fax_uuid = :fax_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; } else { //show only assigned fax extensions @@ -73,23 +75,16 @@ if (!$included) { $sql .= "f.accountcode, f.fax_send_greeting "; $sql .= "from v_fax as f, v_fax_users as u "; $sql .= "where f.fax_uuid = u.fax_uuid "; - $sql .= "and f.domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and f.fax_uuid = '$fax_uuid' "; - $sql .= "and u.user_uuid = '".$_SESSION['user_uuid']."' "; + $sql .= "and f.domain_uuid = :domain_uuid "; + $sql .= "and f.fax_uuid = :fax_uuid "; + $sql .= "and u.user_uuid = :user_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['fax_uuid'] = $fax_uuid; + $parameters['user_uuid'] = $_SESSION['user_uuid']; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (count($result) == 0) { - if (if_group("superadmin") || if_group("admin")) { - //allow access - } - else { - echo "access denied"; - exit; - } - } - foreach ($result as &$row) { + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { //set database fields as variables $fax_uuid = $row["fax_uuid"]; $fax_extension = $row["fax_extension"]; @@ -97,10 +92,15 @@ if (!$included) { $fax_caller_id_number = $row["fax_caller_id_number"]; $fax_accountcode = $row["accountcode"]; $fax_send_greeting = $row["fax_send_greeting"]; - //limit to one row - break; } - unset ($prep_statement); + else { + if (!if_group("superadmin") && !if_group("admin")) { + echo "access denied"; + exit; + } + } + unset($sql, $parameters, $row); + $fax_send_mode = $_SESSION['fax']['send_mode']['text']; if(strlen($fax_send_mode) == 0){ $fax_send_mode = 'direct'; @@ -139,7 +139,7 @@ if (!function_exists('gs_cmd')) { if (!function_exists('fax_enqueue')) { function fax_enqueue($fax_uuid, $fax_file, $wav_file, $reply_address, $fax_uri, $fax_dtmf, $dial_string){ - global $db, $db_type; + global $db_type; $fax_task_uuid = uuid(); $dial_string .= "fax_task_uuid='" . $fax_task_uuid . "',"; @@ -153,38 +153,49 @@ if (!function_exists('fax_enqueue')) { if ($db_type == "sqlite") { $date_utc_now_sql = "datetime('now')"; } - $sql = <<prepare($sql); - $i = 0; - $stmt->bindValue(++$i, $fax_task_uuid); - $stmt->bindValue(++$i, $fax_uuid); - $stmt->bindValue(++$i, $fax_file); - $stmt->bindValue(++$i, $wav_file); - $stmt->bindValue(++$i, $fax_uri); - $stmt->bindValue(++$i, $dial_string); - $stmt->bindValue(++$i, $fax_dtmf); - $stmt->bindValue(++$i, $reply_address); - $stmt->bindValue(++$i, $description); - if ($stmt->execute()) { + + $array['fax_tasks'][0]['fax_task_uuid'] = $fax_task_uuid; + $array['fax_tasks'][0]['fax_uuid'] = $fax_uuid; + $array['fax_tasks'][0]['task_next_time'] = $date_utc_now_sql; + $array['fax_tasks'][0]['task_lock_time'] = null; + $array['fax_tasks'][0]['task_fax_file'] = $fax_file; + $array['fax_tasks'][0]['task_wav_file'] = $wav_file; + $array['fax_tasks'][0]['task_uri'] = $fax_uri; + $array['fax_tasks'][0]['task_dial_string'] = $dial_string; + $array['fax_tasks'][0]['task_dtmf'] = $fax_dtmf; + $array['fax_tasks'][0]['task_interrupted'] = 'false'; + $array['fax_tasks'][0]['task_status'] = 0; + $array['fax_tasks'][0]['task_no_answer_counter'] = 0; + $array['fax_tasks'][0]['task_no_answer_retry_counter'] = 0; + $array['fax_tasks'][0]['task_retry_counter'] = 0; + $array['fax_tasks'][0]['task_reply_address'] = $reply_address; + $array['fax_tasks'][0]['task_description'] = $description; + + $p = new permissions; + $p->add('fax_task_add', 'temp'); + + $database = new database; + $database->app_name = 'fax'; + $database->app_uuid = '24108154-4ac3-1db6-1551-4731703a4440'; + $database->save($array); + $message = $database->message; + unset($array); + + $p->delete('fax_task_add', 'temp'); + + if ($message['message'] == 'OK' && $message['code'] == 200) { $response = 'Enqueued'; } - else{ - //! @todo log error - $response = 'Fail enqueue'; - var_dump($db->errorInfo()); + else { + $response = 'Fail Enqueue'; + + echo $message['message'].' ['.$message['code']."]
\n"; + if (is_array($message['error']) && @sizeof($message['error']) != 0) { + foreach ($message['error'] as $error) { + echo "
".$error."


\n"; + } + } } - unset($stmt); return $response; } } @@ -239,19 +250,18 @@ if (!function_exists('fax_split_dtmf')) { if (!$included) { if (($_POST['action'] == "send")) { - $fax_numbers = $_POST['fax_numbers']; - $fax_uuid = check_str($_POST["id"]); - $fax_caller_id_name = check_str($_POST['fax_caller_id_name']); - $fax_caller_id_number = check_str($_POST['fax_caller_id_number']); - $fax_header = check_str($_POST['fax_header']); - $fax_sender = check_str($_POST['fax_sender']); - $fax_recipient = check_str($_POST['fax_recipient']); - $fax_subject = check_str($_POST['fax_subject']); - $fax_message = check_str($_POST['fax_message']); - $fax_resolution = check_str($_POST['fax_resolution']); - $fax_page_size = check_str($_POST['fax_page_size']); - $fax_footer = check_str($_POST['fax_footer']); + $fax_uuid = $_POST["id"]; + $fax_caller_id_name = $_POST['fax_caller_id_name']; + $fax_caller_id_number = $_POST['fax_caller_id_number']; + $fax_header = $_POST['fax_header']; + $fax_sender = $_POST['fax_sender']; + $fax_recipient = $_POST['fax_recipient']; + $fax_subject = $_POST['fax_subject']; + $fax_message = $_POST['fax_message']; + $fax_resolution = $_POST['fax_resolution']; + $fax_page_size = $_POST['fax_page_size']; + $fax_footer = $_POST['fax_footer']; $continue = true; } @@ -366,7 +376,7 @@ if (!function_exists('fax_split_dtmf')) { //convert uploaded file to pdf, if necessary if ($fax_file_extension != "pdf" && $fax_file_extension != "tif") { chdir($dir_fax_temp); - if ($IS_WINDOWS) { $command = ''; } else { $command = 'export HOME=/tmp && '; } + $command = $IS_WINDOWS ? '' : 'export HOME=/tmp && '; $command .= 'libreoffice --headless --convert-to pdf --outdir '.$dir_fax_temp.' '.$dir_fax_temp.'/'.$fax_name.'.'.$fax_file_extension; exec($command); @unlink($dir_fax_temp.'/'.$fax_name.'.'.$fax_file_extension); @@ -430,7 +440,7 @@ if (!function_exists('fax_split_dtmf')) { } //add blank page - $pdf -> AddPage('P', array($page_width, $page_height)); + $pdf->AddPage('P', array($page_width, $page_height)); // content offset, if necessary $x = 0; @@ -469,51 +479,51 @@ if (!function_exists('fax_split_dtmf')) { } if ($display_logo) { - $pdf -> Image($logo, 0.5, 0.4, 2.5, 0.9, null, null, 'N', true, 300, null, false, false, 0, true); + $pdf->Image($logo, 0.5, 0.4, 2.5, 0.9, null, null, 'N', true, 300, null, false, false, 0, true); } else { //set position for header text, if enabled - $pdf -> SetXY($x + 0.5, $y + 0.4); + $pdf->SetXY($x + 0.5, $y + 0.4); } //header if ($fax_header != '') { - $pdf -> SetLeftMargin(0.5); - $pdf -> SetFont($pdf_font, "", 10); - $pdf -> Write(0.3, $fax_header); + $pdf->SetLeftMargin(0.5); + $pdf->SetFont($pdf_font, "", 10); + $pdf->Write(0.3, $fax_header); } //fax, cover sheet - $pdf -> SetTextColor(0,0,0); - $pdf -> SetFont($pdf_font, "B", 55); - $pdf -> SetXY($x + 4.55, $y + 0.25); - $pdf -> Cell($x + 3.50, $y + 0.4, $text['label-fax-fax'], 0, 0, 'R', false, null, 0, false, 'T', 'T'); - $pdf -> SetFont($pdf_font, "", 12); - $pdf -> SetFontSpacing(0.0425); - $pdf -> SetXY($x + 4.55, $y + 1.0); - $pdf -> Cell($x + 3.50, $y + 0.4, $text['label-fax-cover-sheet'], 0, 0, 'R', false, null, 0, false, 'T', 'T'); - $pdf -> SetFontSpacing(0); + $pdf->SetTextColor(0,0,0); + $pdf->SetFont($pdf_font, "B", 55); + $pdf->SetXY($x + 4.55, $y + 0.25); + $pdf->Cell($x + 3.50, $y + 0.4, $text['label-fax-fax'], 0, 0, 'R', false, null, 0, false, 'T', 'T'); + $pdf->SetFont($pdf_font, "", 12); + $pdf->SetFontSpacing(0.0425); + $pdf->SetXY($x + 4.55, $y + 1.0); + $pdf->Cell($x + 3.50, $y + 0.4, $text['label-fax-cover-sheet'], 0, 0, 'R', false, null, 0, false, 'T', 'T'); + $pdf->SetFontSpacing(0); //field labels - $pdf -> SetFont($pdf_font, "B", 12); + $pdf->SetFont($pdf_font, "B", 12); if ($fax_recipient != '' || sizeof($fax_numbers) > 0) { - $pdf -> Text($x + 0.5, $y + 2.0, strtoupper($text['label-fax-recipient']).":"); + $pdf->Text($x + 0.5, $y + 2.0, strtoupper($text['label-fax-recipient']).":"); } if ($fax_sender != '' || $fax_caller_id_number != '') { - $pdf -> Text($x + 0.5, $y + 2.3, strtoupper($text['label-fax-sender']).":"); + $pdf->Text($x + 0.5, $y + 2.3, strtoupper($text['label-fax-sender']).":"); } if ($fax_page_count > 0) { - $pdf -> Text($x + 0.5, $y + 2.6, strtoupper($text['label-fax-attached']).":"); + $pdf->Text($x + 0.5, $y + 2.6, strtoupper($text['label-fax-attached']).":"); } if ($fax_subject != '') { - $pdf -> Text($x + 0.5, $y + 2.9, strtoupper($text['label-fax-subject']).":"); + $pdf->Text($x + 0.5, $y + 2.9, strtoupper($text['label-fax-subject']).":"); } //field values - $pdf -> SetFont($pdf_font, "", 12); - $pdf -> SetXY($x + 2.0, $y + 1.95); + $pdf->SetFont($pdf_font, "", 12); + $pdf->SetXY($x + 2.0, $y + 1.95); if ($fax_recipient != '') { - $pdf -> Write(0.3, $fax_recipient); + $pdf->Write(0.3, $fax_recipient); } if (sizeof($fax_numbers) > 0) { $fax_number_string = ($fax_recipient != '') ? ' (' : null; @@ -526,76 +536,76 @@ if (!function_exists('fax_split_dtmf')) { } $fax_number_string .= (sizeof($fax_numbers) > 4) ? ', +'.(sizeof($fax_numbers) - 4) : null; $fax_number_string .= ($fax_recipient != '') ? ')' : null; - $pdf -> Write(0.3, $fax_number_string); + $pdf->Write(0.3, $fax_number_string); } - $pdf -> SetXY($x + 2.0, $y + 2.25); + $pdf->SetXY($x + 2.0, $y + 2.25); if ($fax_sender != '') { - $pdf -> Write(0.3, $fax_sender); + $pdf->Write(0.3, $fax_sender); if ($fax_caller_id_number != '') { - $pdf -> Write(0.3, ' ('.format_phone($fax_caller_id_number).')'); + $pdf->Write(0.3, ' ('.format_phone($fax_caller_id_number).')'); } } else { if ($fax_caller_id_number != '') { - $pdf -> Write(0.3, format_phone($fax_caller_id_number)); + $pdf->Write(0.3, format_phone($fax_caller_id_number)); } } if ($fax_page_count > 0) { - $pdf -> Text($x + 2.0, $y + 2.6, $fax_page_count.' '.$text['label-fax-page'.(($fax_page_count > 1) ? 's' : null)]); + $pdf->Text($x + 2.0, $y + 2.6, $fax_page_count.' '.$text['label-fax-page'.(($fax_page_count > 1) ? 's' : null)]); } if ($fax_subject != '') { - $pdf -> Text($x + 2.0, $y + 2.9, $fax_subject); + $pdf->Text($x + 2.0, $y + 2.9, $fax_subject); } //message if ($fax_message != '') { - $pdf -> SetAutoPageBreak(true, 0.6); - $pdf -> SetTopMargin(0.6); - $pdf -> SetFont($pdf_font, "", 12); - $pdf -> SetXY($x + 0.75, $y + 3.65); - $pdf -> MultiCell(7, 5.40, $fax_message, 0, 'L', false); + $pdf->SetAutoPageBreak(true, 0.6); + $pdf->SetTopMargin(0.6); + $pdf->SetFont($pdf_font, "", 12); + $pdf->SetXY($x + 0.75, $y + 3.65); + $pdf->MultiCell(7, 5.40, $fax_message, 0, 'L', false); } - $pages = $pdf -> getNumPages(); + $pages = $pdf->getNumPages(); - if($pages > 1) { + if ($pages > 1) { # save ynew for last page - $yn = $pdf -> GetY(); + $yn = $pdf->GetY(); # First page - $pdf -> setPage(1, 0); - $pdf -> Rect($x + 0.5, $y + 3.4, 7.5, $page_height - 3.9, 'D'); + $pdf->setPage(1, 0); + $pdf->Rect($x + 0.5, $y + 3.4, 7.5, $page_height - 3.9, 'D'); # 2nd to N-th page for ($n = 2; $n < $pages; $n++) { - $pdf -> setPage($n, 0); - $pdf -> Rect($x + 0.5, $y + 0.5, 7.5, $page_height - 1, 'D'); + $pdf->setPage($n, 0); + $pdf->Rect($x + 0.5, $y + 0.5, 7.5, $page_height - 1, 'D'); } #Last page - $pdf -> setPage($pages, 0); - $pdf -> Rect($x + 0.5, 0.5, 7.5, $yn, 'D'); + $pdf->setPage($pages, 0); + $pdf->Rect($x + 0.5, 0.5, 7.5, $yn, 'D'); $y = $yn; unset($yn); } else { - $pdf -> Rect($x + 0.5, $y + 3.4, 7.5, 6.25, 'D'); - $y = $pdf -> GetY(); + $pdf->Rect($x + 0.5, $y + 3.4, 7.5, 6.25, 'D'); + $y = $pdf->GetY(); } //footer if ($fax_footer != '') { - $pdf -> SetAutoPageBreak(true, 0.6); - $pdf -> SetTopMargin(0.6); - $pdf -> SetFont("helvetica", "", 8); - $pdf -> SetXY($x + 0.5, $y + 0.6); - $pdf -> MultiCell(7.5, 0.75, $fax_footer, 0, 'C', false); + $pdf->SetAutoPageBreak(true, 0.6); + $pdf->SetTopMargin(0.6); + $pdf->SetFont("helvetica", "", 8); + $pdf->SetXY($x + 0.5, $y + 0.6); + $pdf->MultiCell(7.5, 0.75, $fax_footer, 0, 'C', false); } - $pdf -> SetAutoPageBreak(false); - $pdf -> SetTopMargin(0); + $pdf->SetAutoPageBreak(false); + $pdf->SetTopMargin(0); // save cover pdf - $pdf -> Output($dir_fax_temp.'/'.$fax_instance_uuid.'_cover.pdf', "F"); // Display [I]nline, Save to [F]ile, [D]ownload + $pdf->Output($dir_fax_temp.'/'.$fax_instance_uuid.'_cover.pdf', "F"); // Display [I]nline, Save to [F]ile, [D]ownload //convert pdf to tif, add to array of pages, delete pdf if (file_exists($dir_fax_temp.'/'.$fax_instance_uuid.'_cover.pdf')) { @@ -708,24 +718,26 @@ if (!function_exists('fax_split_dtmf')) { //get some more info to send the fax $mailfrom_address = (isset($_SESSION['fax']['smtp_from']['text'])) ? $_SESSION['fax']['smtp_from']['text'] : $_SESSION['email']['smtp_from']['text']; - $sql = "select * from v_fax where fax_uuid = '".$fax_uuid."'; "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - $mailto_address_fax = $result["fax_email"]; - $fax_prefix = $result["fax_prefix"]; + $sql = "select * from v_fax where fax_uuid = :fax_uuid "; + $parameters['fax_uuid'] = $fax_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + $mailto_address_fax = $row["fax_email"]; + $fax_prefix = $row["fax_prefix"]; + unset($sql, $parameters, $row); if (!$included) { - $sql = "select contact_uuid from v_users where user_uuid = '".$_SESSION['user_uuid']."'; "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); + $sql = "select contact_uuid from v_users where user_uuid = :user_uuid "; + $parameters['user_uuid'] = $_SESSION['user_uuid']; + $database = new database; + $contact_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); - $sql = "select email_address from v_contact_emails where contact_uuid = '".$result["contact_uuid"]."' order by email_primary desc;"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - $mailto_address_user = $result["email_address"]; + $sql = "select email_address from v_contact_emails where contact_uuid = :contact_uuid order by email_primary desc;"; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $mailto_address_user = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); } else { //use email-to-fax from address @@ -949,31 +961,39 @@ if (!$included) { $sql .= "v_contacts as c, "; $sql .= "v_contact_phones as cp "; $sql .= "where "; - $sql .= "c.contact_uuid = cp.contact_uuid and "; - $sql .= "c.domain_uuid = '".$_SESSION['domain_uuid']."' and "; - $sql .= "cp.domain_uuid = '".$_SESSION['domain_uuid']."' and "; - $sql .= "cp.phone_type_fax = 1 and "; - $sql .= "cp.phone_number is not null and "; - $sql .= "cp.phone_number <> '' "; - if (sizeof($user_group_uuids) > 0) { + $sql .= "c.contact_uuid = cp.contact_uuid "; + $sql .= "and c.domain_uuid = :domain_uuid "; + $sql .= "and cp.domain_uuid = :domain_uuid "; + $sql .= "and cp.phone_type_fax = 1 "; + $sql .= "and cp.phone_number is not null "; + $sql .= "and cp.phone_number <> '' "; + if (is_array($user_group_uuids) && @sizeof($user_group_uuids) != 0) { //only show contacts assigned to current user's group(s) and those not assigned to any group - $sql .= "and ( \n"; - $sql .= " c.contact_uuid in ( \n"; + $sql .= "and ("; + $sql .= " c.contact_uuid in ( "; $sql .= " select contact_uuid from v_contact_groups "; - $sql .= " where group_uuid in ('".implode("','", $user_group_uuids)."') "; - $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= " ) \n"; - $sql .= " or \n"; - $sql .= " c.contact_uuid not in ( \n"; + $sql .= " where ("; + foreach ($user_group_uuids as $index => $user_group_uuid) { + $sql .= $or; + $sql .= " group_uuid = :group_uuid_".$index." "; + $parameters['group_uuid_'.$index] = $user_group_uuid; + $or = " or "; + } + unset($user_group_uuids, $index, $user_group_uuid, $or); + $sql .= " ) "; + $sql .= " and domain_uuid = :domain_uuid "; + $sql .= " ) "; + $sql .= " or "; + $sql .= " c.contact_uuid not in ( "; $sql .= " select contact_uuid from v_contact_groups "; - $sql .= " where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= " ) \n"; - $sql .= ") \n"; + $sql .= " where domain_uuid = :domain_uuid "; + $sql .= " ) "; + $sql .= ") "; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $contacts = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (is_array($contacts)) { + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $contacts = $database->select($sql, $parameters, 'all'); + if (is_array($contacts) && @sizeof($contacts) != 0) { foreach ($contacts as &$row) { if ($row['contact_organization'] != '') { $contact_option_label = $row['contact_organization']; @@ -1001,7 +1021,7 @@ if (!$included) { } echo " \n"; } - unset($prep_statement); + unset($sql, $parameters, $row); echo " \n"; if (is_array($contacts)) { echo " \n";