diff --git a/app/contacts/contact_extensions.php b/app/contacts/contact_extensions.php index 03dcd88de6..5d3bbabe1e 100644 --- a/app/contacts/contact_extensions.php +++ b/app/contacts/contact_extensions.php @@ -63,17 +63,17 @@ //get the extension list $sql = "select e.extension_uuid, e.extension, e.enabled, e.description "; - $sql .= " from v_extensions e, v_extension_users eu, v_users u "; - $sql .= " where e.extension_uuid = eu.extension_uuid "; - $sql .= " and u.user_uuid = eu.user_uuid "; - $sql .= " and e.domain_uuid = '$domain_uuid' "; - $sql .= " and u.contact_uuid = '$contact_uuid' "; + $sql .= "from v_extensions e, v_extension_users eu, v_users u "; + $sql .= "where e.extension_uuid = eu.extension_uuid "; + $sql .= "and u.user_uuid = eu.user_uuid "; + $sql .= "and e.domain_uuid = :domain_uuid "; + $sql .= "and u.contact_uuid = :contact_uuid "; $sql .= "order by e.extension asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); $c = 0; $row_style["0"] = "row_style0"; @@ -90,7 +90,7 @@ } echo "\n"; echo "\n"; - if ($result_count > 0) { + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { $tr_link = (permission_exists('extension_edit')) ? "href='/app/extensions/extension_edit.php?id=".escape($row['extension_uuid'])."'" : null; echo "\n"; @@ -114,9 +114,9 @@ echo " \n"; echo "\n"; $c = ($c) ? 0 : 1; - } //end foreach - unset($sql, $result, $row_count); - } //end if results + } + } + unset($result, $row); echo ""; diff --git a/app/contacts/contact_group_delete.php b/app/contacts/contact_group_delete.php index d722e8a8fe..56db828995 100644 --- a/app/contacts/contact_group_delete.php +++ b/app/contacts/contact_group_delete.php @@ -40,26 +40,28 @@ else { $language = new text; $text = $language->get(); - if (count($_REQUEST) > 0) { - $contact_uuid = check_str($_REQUEST["contact_uuid"]); - $contact_group_uuid = $_REQUEST["id"]; - } + $contact_uuid = $_REQUEST["contact_uuid"]; + $contact_group_uuid = $_REQUEST["id"]; } //delete the group if (is_uuid($contact_uuid) && is_uuid($contact_group_uuid)) { - $sql = "delete from v_contact_groups "; - $sql .= "where contact_uuid = '".$contact_uuid."' "; - $sql .= "and contact_group_uuid = '".$contact_group_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_groups'][0]['contact_uuid'] = $contact_uuid; + $array['contact_groups'][0]['contact_group_uuid'] = $contact_group_uuid; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); } -//redirect the browser +//redirect if (!$included) { - message::add($text['message-delete']); header("Location: contact_edit.php?id=".$contact_uuid); - return; + exit; } ?> \ No newline at end of file diff --git a/app/contacts/contact_import.php b/app/contacts/contact_import.php index 507a8d1339..287071303f 100644 --- a/app/contacts/contact_import.php +++ b/app/contacts/contact_import.php @@ -252,16 +252,16 @@ //get the groups $sql = "select * from v_groups where domain_uuid is null "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $groups = $prep_statement->fetchAll(PDO::FETCH_ASSOC); + $database = new database; + $groups = $database->select($sql, null, 'all'); + unset($sql); //get the users - $sql = "select * from v_users where domain_uuid = '".$domain_uuid."' "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $users = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - + $sql = "select * from v_users where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $users = $database->select($sql, $parameters, 'all'); + unset($sql); //get the contents of the csv file and convert them into an array $handle = @fopen($_SESSION['file'], "r"); @@ -340,9 +340,6 @@ $database->app_name = 'contacts'; $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; $database->save($array); - //$message = $database->message; - - //clear the array unset($array); //set the row id back to 0 @@ -368,12 +365,12 @@ $database->app_name = 'contacts'; $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; $database->save($array); - //$message = $database->message; + unset($array); } //send the redirect header header("Location: contacts.php"); - return; + exit; } //show the header @@ -422,8 +419,6 @@ //include the footer require_once "resources/footer.php"; - - //end the script exit; } diff --git a/app/contacts/contact_import_google.php b/app/contacts/contact_import_google.php index c874019ce1..37d656e8f9 100644 --- a/app/contacts/contact_import_google.php +++ b/app/contacts/contact_import_google.php @@ -70,26 +70,27 @@ if ($_POST['a'] == 'import') { if (sizeof($import_ids) > 0) { $import_ids = array_unique($import_ids); - foreach ($import_ids as $contact_id) { + foreach ($import_ids as $index_1 => $contact_id) { //check for duplicate contact (already exists, previously imported, etc) $sql = "select contact_uuid from v_contact_settings "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and contact_setting_category = 'google' "; $sql .= "and contact_setting_subcategory = 'id' "; - $sql .= "and contact_setting_value = '".$contact_id."' "; + $sql .= "and contact_setting_value = :contact_setting_value "; $sql .= "and contact_setting_enabled = 'true' "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($result['contact_uuid'] != '') { + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_setting_value'] = $contact_id; + $database = new database; + $result = $database->select($sql, $parameters, 'row'); + if (is_uuid($result['contact_uuid'])) { $duplicate_exists = true; $duplicate_contact_uuid = $result['contact_uuid']; } else { $duplicate_exists = false; } - unset($sql, $prep_statement, $result); + unset($sql, $parameters, $result); //skip importing contact if ($duplicate_exists && $_POST['import_duplicates'] == 'skip') { @@ -110,214 +111,127 @@ if ($_POST['a'] == 'import') { //insert contact $contact_uuid = uuid(); - $sql = "insert into v_contacts "; - $sql .= "( "; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_type, "; - $sql .= "contact_organization, "; - $sql .= "contact_name_prefix, "; - $sql .= "contact_name_given, "; - $sql .= "contact_name_middle, "; - $sql .= "contact_name_family, "; - $sql .= "contact_name_suffix, "; - $sql .= "contact_nickname, "; - $sql .= "contact_title, "; - $sql .= "contact_category, "; - $sql .= "contact_note "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".check_str($_POST['import_type'])."', "; - $sql .= "'".check_str($contact['organization'])."', "; - $sql .= "'".check_str($contact['name_prefix'])."', "; - $sql .= "'".check_str($contact['name_given'])."', "; - $sql .= "'".check_str($contact['name_middle'])."', "; - $sql .= "'".check_str($contact['name_family'])."', "; - $sql .= "'".check_str($contact['name_suffix'])."', "; - $sql .= "'".check_str($contact['nickname'])."', "; - $sql .= "'".check_str($contact['title'])."', "; - $sql .= "'".check_str($_POST['import_category'])."', "; - $sql .= "'".check_str($contact['notes'])."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][$index_1]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contacts'][$index_1]['contact_uuid'] = $contact_uuid; + $array['contacts'][$index_1]['contact_type'] = $_POST['import_type']; + $array['contacts'][$index_1]['contact_organization'] = $contact['organization']; + $array['contacts'][$index_1]['contact_name_prefix'] = $contact['name_prefix']; + $array['contacts'][$index_1]['contact_name_given'] = $contact['name_given']; + $array['contacts'][$index_1]['contact_name_middle'] = $contact['name_middle']; + $array['contacts'][$index_1]['contact_name_family'] = $contact['name_family']; + $array['contacts'][$index_1]['contact_name_suffix'] = $contact['name_suffix']; + $array['contacts'][$index_1]['contact_nickname'] = $contact['nickname']; + $array['contacts'][$index_1]['contact_title'] = $contact['title']; + $array['contacts'][$index_1]['contact_category'] = $_POST['import_category']; + $array['contacts'][$index_1]['contact_note'] = $contact['notes']; //set sharing if ($_POST['import_shared'] != 'true') { - $sql = "insert into v_contact_groups "; - $sql .= "( "; - $sql .= "contact_group_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "group_uuid "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".uuid()."', "; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$_SESSION["user_uuid"]."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $contact_group_uuid = uuid(); + $array['contact_groups'][$index_1]['contact_group_uuid'] = $contact_group_uuid; + $array['contact_groups'][$index_1]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_groups'][$index_1]['contact_uuid'] = $contact_uuid; + $array['contact_groups'][$index_1]['group_uuid'] = $_SESSION["user_uuid"]; } //insert emails - if ($_POST['import_fields']['email'] && sizeof($contact['emails']) > 0) { - foreach ($contact['emails'] as $contact_email) { - $sql = "insert into v_contact_emails "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_email_uuid, "; - $sql .= "email_label, "; - $sql .= "email_address, "; - $sql .= "email_primary "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".uuid()."', "; - $sql .= "'".check_str($contact_email['label'])."', "; - $sql .= "'".check_str($contact_email['address'])."', "; - $sql .= (($contact_email['primary']) ? 1 : 0)." "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + if ($_POST['import_fields']['email'] && is_array($contact['emails']) && @sizeof($contact['emails']) != 0) { + foreach ($contact['emails'] as $index_2 => $contact_email) { + $contact_email_uuid = uuid(); + $array['contact_emails'][$index_2]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_emails'][$index_2]['contact_uuid'] = $contact_uuid; + $array['contact_emails'][$index_2]['contact_email_uuid'] = $contact_email_uuid; + $array['contact_emails'][$index_2]['email_label'] = $contact_email['label']; + $array['contact_emails'][$index_2]['email_address'] = $contact_email['address']; + $array['contact_emails'][$index_2]['email_primary'] = $contact_email['primary'] ? 1 : 0; } } //insert numbers - if ($_POST['import_fields']['number'] && sizeof($contact['numbers']) > 0) { - foreach ($contact['numbers'] as $contact_number) { - $sql = "insert into v_contact_phones "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_phone_uuid, "; - $sql .= "phone_type_voice, "; - $sql .= "phone_type_fax, "; - $sql .= "phone_label, "; - $sql .= "phone_number, "; - $sql .= "phone_primary "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$domain_uuid."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".uuid()."', "; - $sql .= ((substr_count(strtoupper($contact_number['label']), strtoupper($text['label-fax'])) == 0) ? 1 : 'null').", "; - $sql .= ((substr_count(strtoupper($contact_number['label']), strtoupper($text['label-fax'])) != 0) ? 1 : 'null').", "; - $sql .= "'".check_str($contact_number['label'])."', "; - $sql .= "'".check_str($contact_number['number'])."', "; - $sql .= ((sizeof($contact['numbers']) == 1) ? 1 : 0)." "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + if ($_POST['import_fields']['number'] && is_array($contact['numbers']) && @sizeof($contact['numbers']) != 0) { + foreach ($contact['numbers'] as $index_3 => $contact_number) { + $contact_phone_uuid = uuid(); + $array['contact_phones'][$index_3]['domain_uuid'] = $domain_uuid; + $array['contact_phones'][$index_3]['contact_uuid'] = $contact_uuid; + $array['contact_phones'][$index_3]['contact_phone_uuid'] = $contact_phone_uuid; + $array['contact_phones'][$index_3]['phone_type_voice'] = substr_count(strtoupper($contact_number['label']), strtoupper($text['label-fax'])) == 0 ? 1 : null; + $array['contact_phones'][$index_3]['phone_type_fax'] = substr_count(strtoupper($contact_number['label']), strtoupper($text['label-fax'])) != 0 ? 1 : null; + $array['contact_phones'][$index_3]['phone_label'] = $contact_number['label']; + $array['contact_phones'][$index_3]['phone_number'] = $contact_number['number']; + $array['contact_phones'][$index_3]['phone_primary'] = @sizeof($contact['numbers']) == 1 ? 1 : 0; } } //insert urls - if ($_POST['import_fields']['url'] && sizeof($contact['urls']) > 0) { - foreach ($contact['urls'] as $contact_url) { - $sql = "insert into v_contact_urls "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_url_uuid, "; - $sql .= "url_label, "; - $sql .= "url_address, "; - $sql .= "url_primary "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".uuid()."', "; - $sql .= "'".check_str($contact_url['label'])."', "; - $sql .= "'".check_str($contact_url['url'])."', "; - $sql .= ((sizeof($contact['urls']) == 1) ? 1 : 0)." "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + if ($_POST['import_fields']['url'] && is_array($contact['urls']) && @sizeof($contact['urls']) != 0) { + foreach ($contact['urls'] as $index_4 => $contact_url) { + $contact_url_uuid = uuid(); + $array['contact_urls'][$index_4]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_urls'][$index_4]['contact_uuid'] = $contact_uuid; + $array['contact_urls'][$index_4]['contact_url_uuid'] = $contact_url_uuid; + $array['contact_urls'][$index_4]['url_label'] = $contact_url['label']; + $array['contact_urls'][$index_4]['url_address'] = $contact_url['url']; + $array['contact_urls'][$index_4]['url_primary'] = @sizeof($contact['urls']) == 1 ? 1 : 0; } } //insert addresses - if ($_POST['import_fields']['address'] && sizeof($contact['addresses']) > 0) { - foreach ($contact['addresses'] as $contact_address) { - $sql = "insert into v_contact_addresses "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_address_uuid, "; - $sql .= "address_type, "; - $sql .= "address_label, "; - $sql .= "address_street, "; - $sql .= "address_extended, "; - $sql .= "address_community, "; - $sql .= "address_locality, "; - $sql .= "address_region, "; - $sql .= "address_postal_code, "; - $sql .= "address_country, "; - $sql .= "address_primary "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".uuid()."', "; + if ($_POST['import_fields']['address'] && is_array($contact['addresses']) && @sizeof($contact['addresses']) != 0) { + foreach ($contact['addresses'] as $index_5 => $contact_address) { + $contact_address_uuid = uuid(); + $array['contact_addresses'][$index_5]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_addresses'][$index_5]['contact_uuid'] = $contact_uuid; + $array['contact_addresses'][$index_5]['contact_address_uuid'] = $contact_address_uuid; if (substr_count(strtoupper($contact_address['label']), strtoupper($text['option-home'])) != 0) { - $sql .= "'home', "; // vcard address type + $array['contact_addresses'][$index_5]['address_type'] = 'home'; } else if (substr_count(strtoupper($contact_address['label']), strtoupper($text['option-work'])) != 0) { - $sql .= "'work', "; // vcard address type + $array['contact_addresses'][$index_5]['address_type'] = 'work'; } else { - $sql .= "'', "; + $array['contact_addresses'][$index_5]['address_type'] = null; } - $sql .= "'".check_str($contact_address['label'])."', "; - $sql .= "'".check_str($contact_address['street'])."', "; - $sql .= "'".check_str($contact_address['extended'])."', "; - $sql .= "'".check_str($contact_address['community'])."', "; - $sql .= "'".check_str($contact_address['locality'])."', "; - $sql .= "'".check_str($contact_address['region'])."', "; - $sql .= "'".check_str($contact_address['postal_code'])."', "; - $sql .= "'".check_str($contact_address['country'])."', "; - $sql .= ((sizeof($contact['addresses']) == 1) ? 1 : 0)." "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_addresses'][$index_5]['address_label'] = $contact_address['label']; + $array['contact_addresses'][$index_5]['address_street'] = $contact_address['street']; + $array['contact_addresses'][$index_5]['address_extended'] = $contact_address['extended']; + $array['contact_addresses'][$index_5]['address_community'] = $contact_address['community']; + $array['contact_addresses'][$index_5]['address_locality'] = $contact_address['locality']; + $array['contact_addresses'][$index_5]['address_region'] = $contact_address['region']; + $array['contact_addresses'][$index_5]['address_postal_code'] = $contact_address['postal_code']; + $array['contact_addresses'][$index_5]['address_country'] = $contact_address['country']; + $array['contact_addresses'][$index_5]['address_primary'] = @sizeof($contact['addresses']) == 1 ? 1 : 0; } } //add google contact id, etag and updated date to contact settings $contact['updated'] = str_replace('T', ' ', $contact['updated']); $contact['updated'] = str_replace('Z', '', $contact['updated']); - $sql = "insert into v_contact_settings "; - $sql .= "("; - $sql .= "contact_setting_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "contact_setting_category, "; - $sql .= "contact_setting_subcategory, "; - $sql .= "contact_setting_name, "; - $sql .= "contact_setting_value, "; - $sql .= "contact_setting_order, "; - $sql .= "contact_setting_enabled "; - $sql .= ") "; - $sql .= "values "; - $sql .= "('".uuid()."', '".$contact_uuid."', '".$_SESSION['domain_uuid']."', 'sync', 'source', 'array', 'google', 0, 'true' )"; - $sql .= ",('".uuid()."', '".$contact_uuid."', '".$_SESSION['domain_uuid']."', 'google', 'id', 'text', '".check_str($contact_id)."', 0, 'true' )"; - $sql .= ",('".uuid()."', '".$contact_uuid."', '".$_SESSION['domain_uuid']."', 'google', 'updated', 'date', '".check_str($contact['updated'])."', 0, 'true' )"; - $sql .= ",('".uuid()."', '".$contact_uuid."', '".$_SESSION['domain_uuid']."', 'google', 'etag', 'text', '".check_str($contact['etag'])."', 0, 'true' )"; - $db->exec(check_sql($sql)); - unset($sql); + $contact_setting_columns = array('contact_setting_category', 'contact_setting_subcategory', 'contact_setting_name', 'contact_setting_value', 'contact_setting_order', 'contact_setting_enabled'); + $contact_setting_array[] = array('sync', 'source', 'array', 'google', 0, 'true'); + $contact_setting_array[] = array('google', 'id', 'text', $contact_id, 0, 'true'); + $contact_setting_array[] = array('google', 'updated', 'date', $contact['updated'], 0, 'true'); + $contact_setting_array[] = array('google', 'etag', 'text', $contact['etag'], 0, 'true'); + foreach ($contact_setting_array as $index_6 => $values) { + $contact_setting_uuid = uuid(); + $array['contact_settings'][$index_6]['contact_setting_uuid'] = $contact_setting_uuid; + $array['contact_settings'][$index_6]['contact_uuid'] = $contact_uuid; + $array['contact_settings'][$index_6]['domain_uuid'] = $_SESSION['domain_uuid']; + foreach ($values as $index_7 => $value) { + foreach ($contact_setting_columns as $column) { + $array['contact_settings'][$index_6][$contact_setting_columns[$index_7]] = $value; + } + } + } + unset($contact_setting_columns, $contact_setting_array); + //insert records + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + //increment counter $contacts_imported++; } @@ -325,7 +239,7 @@ if ($_POST['a'] == 'import') { $message = $text['message-contacts_imported']." ".$contacts_imported; if ($contacts_replaced > 0) { $message .= " (".$text['message_contacts_imported_replaced']." ".$contacts_replaced.")"; } if ($contacts_skipped > 0) { $message .= ", ".$text['message_contacts_imported_skipped']." ".$contacts_skipped; } - $_SESSION["message"] = $message; + message::add($message); header("Location: contacts.php"); exit; diff --git a/app/contacts/contact_note_delete.php b/app/contacts/contact_note_delete.php index 4c2f72f538..04f9be7b4b 100644 --- a/app/contacts/contact_note_delete.php +++ b/app/contacts/contact_note_delete.php @@ -38,22 +38,27 @@ else { $language = new text; $text = $language->get(); -if (count($_GET)>0) { - $id = check_str($_GET["id"]); - $contact_uuid = check_str($_GET["contact_uuid"]); -} +//get the http values and set as variables + $contact_note_uuid = $_GET["id"]; + $contact_uuid = $_GET["contact_uuid"]; -if (strlen($id)>0) { - $sql = "delete from v_contact_notes "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and contact_note_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); -} +//delete the record + if (is_uuid($contact_note_uuid) && is_uuid($contact_uuid)) { + $array['contact_notes'][0]['contact_note_uuid'] = $contact_note_uuid; + $array['contact_notes'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_notes'][0]['contact_uuid'] = $contact_uuid; -message::add($text['message-delete']); -header("Location: contact_edit.php?id=".$contact_uuid); -return; + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); + } + +//redirect + header("Location: contact_edit.php?id=".$contact_uuid); + exit; ?> \ No newline at end of file diff --git a/app/contacts/contact_note_edit.php b/app/contacts/contact_note_edit.php index 51a855b68c..abbc5e2028 100644 --- a/app/contacts/contact_note_edit.php +++ b/app/contacts/contact_note_edit.php @@ -39,24 +39,24 @@ else { $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $contact_note_uuid = check_str($_REQUEST["id"]); + $contact_note_uuid = $_REQUEST["id"]; } else { $action = "add"; } //get the primary id for the contact - if (strlen($_GET["contact_uuid"]) > 0) { - $contact_uuid = check_str($_GET["contact_uuid"]); + if (is_uuid($_GET["contact_uuid"])) { + $contact_uuid = $_GET["contact_uuid"]; } //get http post variables and set them to php variables if (count($_POST)>0) { - $contact_note = check_str($_POST["contact_note"]); - $last_mod_date = check_str($_POST["last_mod_date"]); - $last_mod_user = check_str($_POST["last_mod_user"]); + $contact_note = $_POST["contact_note"]; + $last_mod_date = $_POST["last_mod_date"]; + $last_mod_user = $_POST["last_mod_user"]; } //process the form data @@ -64,7 +64,7 @@ else { //get the primary id for the contact note if ($action == "update") { - $contact_note_uuid = check_str($_POST["contact_note_uuid"]); + $contact_note_uuid = $_POST["contact_note_uuid"]; } //check for all required data @@ -84,80 +84,77 @@ else { //add or update the database if ($_POST["persistformvar"] != "true") { + //update last modified - $sql = "update v_contacts set "; - $sql .= "last_mod_date = now(), "; - $sql .= "last_mod_user = '".$_SESSION['username']."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][0]['contact_uuid'] = $contact_uuid; + $array['contacts'][0]['domain_uuid'] = $domain_uuid; + $array['contacts'][0]['last_mod_date'] = 'now()'; + $array['contacts'][0]['last_mod_user'] = $_SESSION['username']; + + $p = new permissions; + $p->add('contact_edit', 'temp'); + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_edit', 'temp'); //add the note - if ($action == "add") { + if ($action == "add" && permission_exists('contact_note_add')) { $contact_note_uuid = uuid(); - $sql = "insert into v_contact_notes "; - $sql .= "("; - $sql .= "contact_note_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "contact_note, "; - $sql .= "domain_uuid, "; - $sql .= "last_mod_date, "; - $sql .= "last_mod_user "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'$contact_note_uuid', "; - $sql .= "'$contact_uuid', "; - $sql .= "'$contact_note', "; - $sql .= "'$domain_uuid', "; - $sql .= "now(), "; - $sql .= "'".$_SESSION['username']."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_notes'][0]['contact_note_uuid'] = $contact_note_uuid; message::add($text['message-add']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "add") + } //update the note - if ($action == "update") { - $sql = "update v_contact_notes set "; - $sql .= "contact_uuid = '$contact_uuid', "; - $sql .= "contact_note = '$contact_note', "; - $sql .= "last_mod_date = now(), "; - $sql .= "last_mod_user = '".$_SESSION['username']."' "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and contact_note_uuid = '$contact_note_uuid'"; - $db->exec(check_sql($sql)); - unset($sql); + if ($action == "update" && permission_exists('contact_note_edit')) { + $array['contact_notes'][0]['contact_note_uuid'] = $contact_note_uuid; message::add($text['message-update']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } + + //execute + if (is_array($array) && @sizeof($array) != 0) { + $array['contact_notes'][0]['contact_uuid'] = $contact_uuid; + $array['contact_notes'][0]['domain_uuid'] = $domain_uuid; + $array['contact_notes'][0]['contact_note'] = $contact_note; + $array['contact_notes'][0]['last_mod_date'] = 'now()'; + $array['contact_notes'][0]['last_mod_user'] = $_SESSION['username']; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + } + + //redirect + header("Location: contact_edit.php?id=".escape($contact_uuid)); + exit; + + } + } //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { $contact_note_uuid = $_GET["id"]; - $sql = ""; - $sql .= "select * from v_contact_notes "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and contact_note_uuid = '$contact_note_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql = "select * from v_contact_notes "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_note_uuid = :contact_note_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_note_uuid'] = $contact_note_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $contact_note = $row["contact_note"]; $last_mod_date = $row["last_mod_date"]; $last_mod_user = $row["last_mod_user"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header diff --git a/app/contacts/contact_notes.php b/app/contacts/contact_notes.php index 98476ad73a..20a03fbdcf 100644 --- a/app/contacts/contact_notes.php +++ b/app/contacts/contact_notes.php @@ -48,15 +48,14 @@ //get the contact list $sql = "select * from v_contact_notes "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '$contact_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "order by last_mod_date desc "; - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $contact_notes = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); - } + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $contact_notes = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set the row style array $c = 0; @@ -79,7 +78,7 @@ echo "
"; echo "\n"; - if (is_array($contact_notes)) { + if (is_array($contact_notes) && @sizeof($contact_notes) != 0) { foreach($contact_notes as $row) { $contact_note = $row['contact_note']; $contact_note = escape($contact_note); @@ -102,9 +101,9 @@ echo " \n"; echo "\n"; $c = ($c) ? 0 : 1; - } //end foreach - unset($sql, $contact_notes); - } //end if results + } + } + unset($contact_notes, $row); echo "
"; echo "
\n";