diff --git a/app/recordings/app_defaults.php b/app/recordings/app_defaults.php index ab440e6889..800f387a41 100644 --- a/app/recordings/app_defaults.php +++ b/app/recordings/app_defaults.php @@ -36,11 +36,12 @@ if (is_array($_SESSION['recordings']['storage_type']) && $_SESSION['recordings']['storage_type']['text'] == 'base64') { //get recordings without base64 in db $sql = "select recording_uuid, domain_uuid, recording_filename "; - $sql .= "from v_recordings where recording_base64 is null or recording_base64 = '' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (is_array($result)) { + $sql .= "from v_recordings "; + $sql .= "where recording_base64 is null "; + $sql .= "or recording_base64 = '' "; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && @sizeof($result) != 0) { foreach ($result as &$row) { $recording_uuid = $row['recording_uuid']; $recording_domain_uuid = $row['domain_uuid']; @@ -49,30 +50,38 @@ $recording_directory = $_SESSION['switch']['recordings']['dir'].'/'.$domain_name; //encode recording file (if exists) if (file_exists($recording_directory.'/'.$recording_filename)) { - $recording_base64 = base64_encode(file_get_contents($recording_directory.'/'.$recording_filename)); + //build array + $recording_base64 = base64_encode(file_get_contents($recording_directory.'/'.$recording_filename)); + $array['recordings'][0]['recording_uuid'] = $recording_uuid; + $array['recordings'][0]['domain_uuid'] = $recording_domain_uuid; + $array['recordings'][0]['recording_base64'] = $recording_base64; + //grant temporary permissions + $p = new permissions; + $p->add('recording_edit', 'temp'); //update recording record with base64 - $sql = "update v_recordings set "; - $sql .= "recording_base64 = '".$recording_base64."' "; - $sql .= "where domain_uuid = '".$recording_domain_uuid."' "; - $sql .= "and recording_uuid = '".$recording_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $database = new database; + $database->app_name = 'recordings'; + $database->app_uuid = '83913217-c7a2-9e90-925d-a866eb40b60e'; + $database->save($array); + unset($array); + //revoke temporary permissions + $p->delete('recording_edit', 'temp'); //remove local recording file @unlink($recording_directory.'/'.$recording_filename); } } } - unset($sql, $prep_statement, $result, $row); + unset($sql, $result, $row); } //if not base64, decode to local files, remove base64 data from db else if (is_array($_SESSION['recordings']['storage_type']) && $_SESSION['recordings']['storage_type']['text'] != 'base64') { //get recordings with base64 in db $sql = "select recording_uuid, domain_uuid, recording_filename, recording_base64 "; - $sql .= "from v_recordings where recording_base64 is not null "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - if (count($result) > 0) { + $sql .= "from v_recordings "; + $sql .= "where recording_base64 is not null "; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && @sizeof($result) != 0) { foreach ($result as &$row) { $recording_uuid = $row['recording_uuid']; $recording_domain_uuid = $row['domain_uuid']; @@ -87,15 +96,24 @@ //decode base64, save to local file $recording_decoded = base64_decode($recording_base64); file_put_contents($recording_directory.'/'.$recording_filename, $recording_decoded); - $sql = "update v_recordings "; - $sql .= "set recording_base64 = null "; - $sql .= "where domain_uuid = '".$recording_domain_uuid."' "; - $sql .= "and recording_uuid = '".$recording_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + //build array + $array['recordings'][0]['recording_uuid'] = $recording_uuid; + $array['recordings'][0]['domain_uuid'] = $recording_domain_uuid; + $array['recordings'][0]['recording_base64'] = null; + //grant temporary permissions + $p = new permissions; + $p->add('recording_edit', 'temp'); + //update recording record + $database = new database; + $database->app_name = 'recordings'; + $database->app_uuid = '83913217-c7a2-9e90-925d-a866eb40b60e'; + $database->save($array); + unset($array); + //revoke temporary permissions + $p->delete('recording_edit', 'temp'); } } - unset($sql, $prep_statement, $result, $row); + unset($sql, $result, $row); } } diff --git a/app/recordings/recording_delete.php b/app/recordings/recording_delete.php index a4c91e28fc..ad85a809a6 100644 --- a/app/recordings/recording_delete.php +++ b/app/recordings/recording_delete.php @@ -39,40 +39,41 @@ else { $text = $language->get(); //get the id - if (count($_GET) > 0) { - $id = $_GET["id"]; - } + $recording_uuid = $_GET["id"]; -if (strlen($id)>0) { +if (is_uuid($recording_uuid)) { //get filename - $sql = "select * from v_recordings "; - $sql .= "where recording_uuid = '$id' "; - $sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $filename = $row["recording_filename"]; - break; //limit to 1 row - } - unset ($prep_statement); + $sql = "select recording_filename from v_recordings "; + $sql .= "where recording_uuid = :recording_uuid "; + $sql .= "and domain_uuid = :domain_uuid "; + $parameters['recording_uuid'] = $recording_uuid; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $filename = $database->select($sql, $parameters, 'column'); + unset($prep_statement); + + //build array + $array['recordings'][0]['recording_uuid'] = $recording_uuid; + $array['recordings'][0]['domain_uuid'] = $domain_uuid; //delete recording from the database - $sql = "delete from v_recordings "; - $sql .= "where recording_uuid = '$id' "; - $sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + $database = new database; + $database->app_name = 'recordings'; + $database->app_uuid = '83913217-c7a2-9e90-925d-a866eb40b60e'; + $database->delete($array); + unset($array); //delete the recording if (file_exists($_SESSION['switch']['recordings']['dir']."/".$_SESSION['domain_name']."/".$filename)) { @unlink($_SESSION['switch']['recordings']['dir']."/".$_SESSION['domain_name']."/".$filename); } + + //set message + message::add($text['message-delete']); } //redirect the user - message::add($text['message-delete']); header("Location: recordings.php"); - return; + exit; + ?> \ No newline at end of file diff --git a/app/recordings/recording_edit.php b/app/recordings/recording_edit.php index c639ade871..5703619218 100644 --- a/app/recordings/recording_edit.php +++ b/app/recordings/recording_edit.php @@ -40,16 +40,16 @@ else { $text = $language->get(); //get recording id - if (isset($_REQUEST["id"])) { - $recording_uuid = check_str($_REQUEST["id"]); + if (is_uuid($_REQUEST["id"])) { + $recording_uuid = $_REQUEST["id"]; } //get the form value and set to php variables if (count($_POST) > 0) { - $recording_filename = check_str($_POST["recording_filename"]); - $recording_filename_original = check_str($_POST["recording_filename_original"]); - $recording_name = check_str($_POST["recording_name"]); - $recording_description = check_str($_POST["recording_description"]); + $recording_filename = $_POST["recording_filename"]; + $recording_filename_original = $_POST["recording_filename_original"]; + $recording_name = $_POST["recording_name"]; + $recording_description = $_POST["recording_description"]; //clean the recording filename and name $recording_filename = str_replace(" ", "_", $recording_filename); @@ -59,7 +59,7 @@ else { if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //get recording uuid to edit - $recording_uuid = check_str($_POST["recording_uuid"]); + $recording_uuid = $_POST["recording_uuid"]; //check for all required data $msg = ''; @@ -86,40 +86,46 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { rename($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$recording_filename_original, $_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$recording_filename); } - //update the database with the new data - $sql = "update v_recordings set "; - $sql .= "domain_uuid = '".$domain_uuid."', "; - $sql .= "recording_filename = '".$recording_filename."', "; - $sql .= "recording_name = '".$recording_name."', "; - $sql .= "recording_description = '".$recording_description."' "; - $sql .= "where domain_uuid = '".$domain_uuid."'"; - $sql .= "and recording_uuid = '".$recording_uuid."'"; - $db->exec(check_sql($sql)); - unset($sql); + //build array + $array['recordings'][0]['domain_uuid'] = $domain_uuid; + $array['recordings'][0]['recording_filename'] = $recording_filename; + $array['recordings'][0]['recording_name'] = $recording_name; + $array['recordings'][0]['recording_description'] = $recording_description; + $array['recordings'][0]['domain_uuid'] = $domain_uuid; + $array['recordings'][0]['recording_uuid'] = $recording_uuid; - message::add($text['message-update']); - header("Location: recordings.php"); - return; - } //if (permission_exists('recording_edit')) { - } //if ($_POST["persistformvar"] != "true") -} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + //execute update + $database = new database; + $database->app_name = 'recordings'; + $database->app_uuid = '83913217-c7a2-9e90-925d-a866eb40b60e'; + $database->save($array); + unset($array); + // set message + message::add($text['message-update']); + + //redirect + header("Location: recordings.php"); + exit; + } + } +} //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { $recording_uuid = $_GET["id"]; $sql = "select * from v_recordings "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and recording_uuid = '".$recording_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and recording_uuid = :recording_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['recording_uuid'] = $recording_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $recording_filename = $row["recording_filename"]; $recording_name = $row["recording_name"]; $recording_description = $row["recording_description"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header diff --git a/app/recordings/recording_play.php b/app/recordings/recording_play.php index 74fdf107e8..0117dbf265 100644 --- a/app/recordings/recording_play.php +++ b/app/recordings/recording_play.php @@ -65,16 +65,16 @@ if ($file_ext == "wav") { //HTML5 method if ($browser_name == "Google Chrome" || $browser_name == "Mozilla Firefox") { - echo ""; + echo ""; } else { - echo ""; - echo "\n"; + echo ""; + echo "\n"; } } if ($file_ext == "mp3") { - echo "\n"; - echo "\n"; + echo "\n"; + echo "\n"; echo "\n"; echo "\n"; echo "\n"; diff --git a/app/recordings/recordings.php b/app/recordings/recordings.php index 8ad0da2fc7..7e22dd3a4e 100644 --- a/app/recordings/recordings.php +++ b/app/recordings/recordings.php @@ -55,32 +55,32 @@ $path = $_SESSION['switch']['recordings']['dir']."/".$_SESSION['domain_name']; //if from recordings, get recording details from db - $recording_uuid = check_str($_GET['id']); //recordings + $recording_uuid = $_GET['id']; //recordings if ($recording_uuid != '') { - $sql = "select recording_filename, recording_base64 from v_recordings "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and recording_uuid = '".$recording_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - if (count($result) > 0) { - foreach($result as &$row) { - $recording_filename = $row['recording_filename']; - if ($_SESSION['recordings']['storage_type']['text'] == 'base64' && $row['recording_base64'] != '') { - $recording_decoded = base64_decode($row['recording_base64']); - file_put_contents($path.'/'.$recording_filename, $recording_decoded); - } - break; + $sql = "select recording_filename, recording_base64 "; + $sql .= "from v_recordings "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and recording_uuid = :recording_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['recording_uuid'] = $recording_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $recording_filename = $row['recording_filename']; + if ($_SESSION['recordings']['storage_type']['text'] == 'base64' && $row['recording_base64'] != '') { + $recording_decoded = base64_decode($row['recording_base64']); + file_put_contents($path.'/'.$recording_filename, $recording_decoded); } } - unset ($sql, $prep_statement, $result, $recording_decoded); + unset($sql, $parameters, $row, $recording_decoded); } // build full path - if(substr($recording_filename,0,1) == '/'){ - $full_recording_path = $path . $recording_filename; - } else { - $full_recording_path = $path . '/' . $recording_filename; + if (substr($recording_filename,0,1) == '/'){ + $full_recording_path = $path.$recording_filename; + } + else { + $full_recording_path = $path.'/'.$recording_filename; } //send the headers and then the data stream @@ -109,7 +109,7 @@ header('Content-Disposition: attachment; filename="'.$recording_filename.'"'); header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past - // header("Content-Length: " . filesize($full_recording_path)); + // header("Content-Length: ".filesize($full_recording_path)); ob_clean(); fpassthru($fd); } @@ -123,29 +123,32 @@ } //upload the recording - if (permission_exists('recording_upload')) { - if ($_POST['submit'] == $text['button-upload'] && $_POST['type'] == 'rec' && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { + if ( + permission_exists('recording_upload') + && $_POST['submit'] == $text['button-upload'] + && $_POST['type'] == 'rec' + && is_uploaded_file($_FILES['ulfile']['tmp_name']) + ) { - //remove special characters - $recording_filename = str_replace(" ", "_", $_FILES['ulfile']['name']); - $recording_filename = str_replace("'", "", $recording_filename); + //remove special characters + $recording_filename = str_replace(" ", "_", $_FILES['ulfile']['name']); + $recording_filename = str_replace("'", "", $recording_filename); - //make sure the destination directory exists - if (!is_dir($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'])) { - event_socket_mkdir($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name']); - } - - //move the uploaded files - move_uploaded_file($_FILES['ulfile']['tmp_name'], $_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$recording_filename); + //make sure the destination directory exists + if (!is_dir($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'])) { + event_socket_mkdir($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name']); + } - //set the message - message::add($text['message-uploaded'].": ".htmlentities($recording_filename)); + //move the uploaded files + move_uploaded_file($_FILES['ulfile']['tmp_name'], $_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$recording_filename); - //set the file name to be inserted as the recording description - $recording_description = base64_encode($_FILES['ulfile']['name']); - header("Location: recordings.php?rd=".$recording_description); - exit; - } + //set the message + message::add($text['message-uploaded'].": ".htmlentities($recording_filename)); + + //set the file name to be inserted as the recording description + $recording_description = base64_encode($_FILES['ulfile']['name']); + header("Location: recordings.php?rd=".$recording_description); + exit; } //check the permission @@ -158,26 +161,41 @@ } //get existing recordings - $sql = "select recording_uuid, recording_filename, recording_base64 from v_recordings "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $array_recordings[$row['recording_uuid']] = $row['recording_filename']; - $array_base64_exists[$row['recording_uuid']] = ($row['recording_base64'] != '') ? true : false; - //if not base64, convert back to local files and remove base64 from db - if ($_SESSION['recordings']['storage_type']['text'] != 'base64' && $row['recording_base64'] != '') { - if (!file_exists($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$row['recording_filename'])) { - $recording_decoded = base64_decode($row['recording_base64']); - file_put_contents($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$row['recording_filename'], $recording_decoded); - $sql = "update v_recordings set recording_base64 = null where domain_uuid = '".$domain_uuid."' and recording_uuid = '".$row['recording_uuid']."' "; - $db->exec(check_sql($sql)); - unset($sql); + $sql = "select recording_uuid, recording_filename, recording_base64 "; + $sql .= "from v_recordings "; + $sql .= "where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + if (is_array($result) && @sizeof($result) != 0) { + foreach ($result as &$row) { + $array_recordings[$row['recording_uuid']] = $row['recording_filename']; + $array_base64_exists[$row['recording_uuid']] = ($row['recording_base64'] != '') ? true : false; + //if not base64, convert back to local files and remove base64 from db + if ($_SESSION['recordings']['storage_type']['text'] != 'base64' && $row['recording_base64'] != '') { + if (!file_exists($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$row['recording_filename'])) { + $recording_decoded = base64_decode($row['recording_base64']); + file_put_contents($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$row['recording_filename'], $recording_decoded); + //build array + $array['recordings'][0]['recording_uuid'] = $row['recording_uuid']; + $array['recordings'][0]['domain_uuid'] = $domain_uuid; + $array['recordings'][0]['recording_base64'] = null; + //set temporary permissions + $p = new permissions; + $p->add('recording_edit', 'temp'); + //execute update + $database = new database; + $database->app_name = 'recordings'; + $database->app_uuid = '83913217-c7a2-9e90-925d-a866eb40b60e'; + $database->save($array); + unset($array); + //remove temporary permissions + $p->delete('recording_edit', 'temp'); + } } } } - unset ($prep_statement); + unset($sql, $parameters, $result, $row); //add recordings to the database if (is_dir($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/')) { @@ -187,34 +205,30 @@ if (!in_array($recording_filename, $array_recordings)) { //file not found in db, add it - $recording_uuid = uuid(); - $recording_name = ucwords(str_replace('_', ' ', pathinfo($recording_filename, PATHINFO_FILENAME))); - $recording_description = check_str(base64_decode($_GET['rd'])); - $sql = "insert into v_recordings "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "recording_uuid, "; - $sql .= "recording_filename, "; - $sql .= "recording_name, "; - $sql .= "recording_description "; - if ($_SESSION['recordings']['storage_type']['text'] == 'base64') { - $sql .= ", recording_base64 "; - } - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$domain_uuid."', "; - $sql .= "'".$recording_uuid."', "; - $sql .= "'".$recording_filename."', "; - $sql .= "'".$recording_name."', "; - $sql .= "'".$recording_description."' "; - if ($_SESSION['recordings']['storage_type']['text'] == 'base64') { - $recording_base64 = base64_encode(file_get_contents($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$recording_filename)); - $sql .= ", '".$recording_base64."' "; - } - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $recording_uuid = uuid(); + $recording_name = ucwords(str_replace('_', ' ', pathinfo($recording_filename, PATHINFO_FILENAME))); + $recording_description = base64_decode($_GET['rd']); + //build array + $array['recordings'][0]['domain_uuid'] = $domain_uuid; + $array['recordings'][0]['recording_uuid'] = $recording_uuid; + $array['recordings'][0]['recording_filename'] = $recording_filename; + $array['recordings'][0]['recording_name'] = $recording_name; + $array['recordings'][0]['recording_description'] = $recording_description; + if ($_SESSION['recordings']['storage_type']['text'] == 'base64') { + $recording_base64 = base64_encode(file_get_contents($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$recording_filename)); + $array['recordings'][0]['recording_base64'] = $recording_base64; + } + //set temporary permissions + $p = new permissions; + $p->add('recording_add', 'temp'); + //execute insert + $database = new database; + $database->app_name = 'recordings'; + $database->app_uuid = '83913217-c7a2-9e90-925d-a866eb40b60e'; + $database->save($array); + unset($array); + //remove temporary permissions + $p->delete('recording_add', 'temp'); } else { //file found in db, check if base64 present @@ -222,12 +236,21 @@ $found_recording_uuid = array_search($recording_filename, $array_recordings); if (!$array_base64_exists[$found_recording_uuid]) { $recording_base64 = base64_encode(file_get_contents($_SESSION['switch']['recordings']['dir'].'/'.$_SESSION['domain_name'].'/'.$recording_filename)); - $sql = "update v_recordings set "; - $sql .= "recording_base64 = '".$recording_base64."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and recording_uuid = '".$found_recording_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + //build array + $array['recordings'][0]['domain_uuid'] = $domain_uuid; + $array['recordings'][0]['recording_uuid'] = $found_recording_uuid; + $array['recordings'][0]['recording_base64'] = $recording_base64; + //set temporary permissions + $p = new permissions; + $p->add('recording_edit', 'temp'); + //execute update + $database = new database; + $database->app_name = 'recordings'; + $database->app_uuid = '83913217-c7a2-9e90-925d-a866eb40b60e'; + $database->save($array); + unset($array); + //remove temporary permissions + $p->delete('recording_edit', 'temp'); } } } @@ -247,15 +270,11 @@ require_once "resources/paging.php"; //get total recordings from the database - $sql = "select count(recording_uuid) as num_rows from v_recordings \n"; - $sql = "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - $num_rows = $row['num_rows']; - } - unset($prep_statement, $row); + $sql = "select count(*) from v_recordings "; + $sql .= "where domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -266,14 +285,12 @@ $offset = $rows_per_page * $page; //get the recordings from the database - $sql = "select recording_uuid, domain_uuid, recording_filename, recording_name, recording_description from v_recordings "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "order by ".$order_by." ".$order." "; - $sql .= "limit ".$rows_per_page." offset ".$offset." "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $recordings = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql = str_replace('count(*)', 'recording_uuid, domain_uuid, recording_filename, recording_name, recording_description', $sql); + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $recordings = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set alternate row styles $c = 0; @@ -319,11 +336,11 @@ echo "\n"; //calculate colspan for progress bar - $colspan = 5; //max + $colspan = 6; //max if ($_SESSION['recordings']['storage_type']['text'] == 'base64') { $colspan = $colspan - 2; } if (!(permission_exists('recording_edit') || permission_exists('recording_delete'))) { $colspan = $colspan - 1; } - if (is_array($recordings)) { + if (is_array($recordings) && @sizeof($recordings) != 0) { foreach($recordings as $row) { //playback progress bar if (permission_exists('recording_play')) { @@ -381,9 +398,9 @@ echo "\n"; $c = ($c) ? 0 : 1; - } //end foreach - unset($sql, $result, $row_count); - } //end if results + } + } + unset($recordings, $row); echo "\n"; echo "
\n"; @@ -395,7 +412,6 @@ function range_download($file) { - $fp = @fopen($file, 'rb'); $size = filesize($file); // File size @@ -426,7 +442,6 @@ function range_download($file) { list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2); // Make sure the client hasn't sent us a multibyte range if (strpos($range, ',') !== false) { - // (?) Shoud this be issued here, or should the first // range be used? Or should the header be ignored and // we output the whole content? @@ -439,12 +454,10 @@ function range_download($file) { // If not, we forward the file pointer // And make sure to get the end byte if spesified if ($range0 == '-') { - // The n-number of the last bytes is requested $c_start = $size - substr($range, 1); } else { - $range = explode('-', $range); $c_start = $range[0]; $c_end = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size; @@ -488,7 +501,6 @@ function range_download($file) { } fclose($fp); - } -?> +?> \ No newline at end of file