From ccfbecd91be90cab67ea754ad6efa2c84bdaacd6 Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Tue, 6 Aug 2019 08:23:30 -0600
Subject: [PATCH] Email Templates: Database class integration.

---
 app/email_templates/app_defaults.php          | 39 ++++----
 app/email_templates/email_template_delete.php | 28 +++---
 app/email_templates/email_template_edit.php   | 62 ++++++-------
 app/email_templates/email_templates.php       | 88 +++++++------------
 4 files changed, 98 insertions(+), 119 deletions(-)

diff --git a/app/email_templates/app_defaults.php b/app/email_templates/app_defaults.php
index 086a5395a5..c749eefe68 100644
--- a/app/email_templates/app_defaults.php
+++ b/app/email_templates/app_defaults.php
@@ -308,28 +308,33 @@
 			}
 		}
 
-		//implode the array into a string
-		$string = "'".implode("','", $uuids)."'";
-
 		//add the email templates to the database
-		$sql = "select * from v_email_templates ";
-		$sql .= "where email_template_uuid in (".$string.") ";
-		$database = new database;
-		$email_templates = $database->select($sql, null, 'all');
+		if (is_array($uuids) && @sizeof($uuids) != 0) {
+			$sql = "select * from v_email_templates where ";
+			foreach ($uuids as $index => $uuid) {
+				$sql_where[] = "email_template_uuid = :email_template_uuid_".$index;
+				$parameters['email_template_uuid_'.$index] = $uuid;
+			}
+			$sql .= implode(' or ', $sql_where);
+			$database = new database;
+			$email_templates = $database->select($sql, $parameters, 'all');
+			unset($sql, $sql_where, $parameters);
 
-		//remove templates that already exist from the array
-		$x = 0;
-		foreach ($array['email_templates'] as $row) {
-			foreach($email_templates as $email_template) {
-				if ($row['email_template_uuid'] == $email_template['email_template_uuid']) {
-					unset($array['email_templates'][$x]);
+			//remove templates that already exist from the array
+			foreach ($array['email_templates'] as $index => $row) {
+				if (is_array($email_templates) && @sizeof($email_templates) != 0) {
+					foreach($email_templates as $email_template) {
+						if ($row['email_template_uuid'] == $email_template['email_template_uuid']) {
+							unset($array['email_templates'][$index]);
+						}
+					}
 				}
 			}
-			$x++;
+			unset($email_templates, $index);
 		}
 
 		//add the missing email templates
-		if (is_array($array['email_templates'])) {
+		if (is_array($array['email_templates']) && @sizeof($array['email_templates']) != 0) {
 			//add the temporary permission
 			$p = new permissions;
 			$p->add("email_template_add", 'temp');
@@ -350,6 +355,6 @@
 		//remove the array
 		unset($array);
 
-	} //if ($domains_processed == 1)
+	}
 
-?>
+?>
\ No newline at end of file
diff --git a/app/email_templates/email_template_delete.php b/app/email_templates/email_template_delete.php
index 99ed88eb7c..f9908b73e7 100644
--- a/app/email_templates/email_template_delete.php
+++ b/app/email_templates/email_template_delete.php
@@ -40,23 +40,23 @@
 	$text = $language->get();
 
 //get the id
-	if (count($_GET)>0) {
-		$id = check_str($_GET["id"]);
-	}
+	$email_template_uuid = $_GET["id"];
 
 //delete the data
-	if (strlen($id)>0) {
-		//delete email_template
-			$sql = "delete from v_email_templates ";
-			$sql .= "where email_template_uuid = '$id' ";
-			$sql .= "and domain_uuid = '$domain_uuid' ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($sql);
-	}
+	if (is_uuid($email_template_uuid)) {
+		//create array
+			$array['email_templates'][0]['email_template_uuid'] = $email_template_uuid;
 
-//delete the message
-	message::add($text['message-delete']);
+		//execute
+			$database = new database;
+			$database->app_name = 'email_templates';
+			$database->app_uuid = '8173e738-2523-46d5-8943-13883befd2fd';
+			$database->delete($array);
+			unset($array);
+
+		//set message
+			message::add($text['message-delete']);
+	}
 
 //redirect the user
 	header('Location: email_templates.php');
diff --git a/app/email_templates/email_template_edit.php b/app/email_templates/email_template_edit.php
index 9c7edca777..4174dad847 100644
--- a/app/email_templates/email_template_edit.php
+++ b/app/email_templates/email_template_edit.php
@@ -40,9 +40,9 @@
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$email_template_uuid = check_str($_REQUEST["id"]);
+		$email_template_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -50,15 +50,15 @@
 
 //get http post variables and set them to php variables
 	if (is_array($_POST)) {
-		$domain_uuid = check_str($_POST["domain_uuid"]);
-		$template_language = check_str($_POST["template_language"]);
-		$template_category = check_str($_POST["template_category"]);
-		$template_subcategory = check_str($_POST["template_subcategory"]);
-		$template_subject = check_str($_POST["template_subject"]);
-		$template_body = check_str($_POST["template_body"]);
-		$template_type = check_str($_POST["template_type"]);
-		$template_enabled = check_str($_POST["template_enabled"]);
-		$template_description = check_str($_POST["template_description"]);
+		$domain_uuid = $_POST["domain_uuid"];
+		$template_language = $_POST["template_language"];
+		$template_category = $_POST["template_category"];
+		$template_subcategory = $_POST["template_subcategory"];
+		$template_subject = $_POST["template_subject"];
+		$template_body = $_POST["template_body"];
+		$template_type = $_POST["template_type"];
+		$template_enabled = $_POST["template_enabled"];
+		$template_description = $_POST["template_description"];
 	}
 
 //process the user data and save it to the database
@@ -66,7 +66,7 @@
 
 		//get the uuid from the POST
 			if ($action == "update") {
-				$email_template_uuid = check_str($_POST["email_template_uuid"]);
+				$email_template_uuid = $_POST["email_template_uuid"];
 			}
 
 		//check for all required data
@@ -94,7 +94,7 @@
 			}
 
 		//add the email_template_uuid
-			if (strlen($_POST["email_template_uuid"]) == 0) {
+			if (!is_uuid($_POST["email_template_uuid"])) {
 				$email_template_uuid = uuid();
 				$_POST["email_template_uuid"] = $email_template_uuid;
 			}
@@ -105,42 +105,37 @@
 		//save to the data
 			$database = new database;
 			$database->app_name = 'email_templates';
-			$database->app_uuid = null;
+			$database->app_uuid = '8173e738-2523-46d5-8943-13883befd2fd';
 			if (strlen($email_template_uuid) > 0) {
 				$database->uuid($email_template_uuid);
 			}
 			$database->save($array);
 			$message = $database->message;
 
-		//debug info
-			//echo "<pre>";
-			//print_r($message);
-			//echo "</pre>";
-			//exit;
-
 		//redirect the user
 			if (isset($action)) {
 				if ($action == "add") {
-					$_SESSION["message"] = $text['message-add'];
+					message::add($text['message-add']);
 				}
 				if ($action == "update") {
-					$_SESSION["message"] = $text['message-update'];
+					message::add($text['message-update']);
 				}
 				header('Location: email_template_edit.php?id='.escape($email_template_uuid));
-				return;
+				exit;
 			}
-	} //(is_array($_POST) && strlen($_POST["persistformvar"]) == 0)
+	}
 
 //pre-populate the form
 	if (is_array($_GET) && $_POST["persistformvar"] != "true") {
-		$email_template_uuid = check_str($_GET["id"]);
+		$email_template_uuid = $_GET["id"];
 		$sql = "select * from v_email_templates ";
-		$sql .= "where email_template_uuid = '$email_template_uuid' ";
-		//$sql .= "and domain_uuid = '$domain_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where email_template_uuid = :email_template_uuid ";
+		//$sql .= "and domain_uuid = :domain_uuid ";
+		$parameters['email_template_uuid'] = $email_template_uuid;
+		//$parameters['domain_uuid'] = $domain_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$domain_uuid = $row["domain_uuid"];
 			$template_language = $row["template_language"];
 			$template_category = $row["template_category"];
@@ -151,7 +146,7 @@
 			$template_enabled = $row["template_enabled"];
 			$template_description = $row["template_description"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header
@@ -230,7 +225,7 @@
 	echo "</td>\n";
 	echo "<td class='vtable' style='position: relative;' align='left'>\n";
 	echo "	<select class='formfld' name='domain_uuid'>\n";
-	if (strlen($domain_uuid) == 0) {
+	if (!is_uuid($domain_uuid)) {
 		echo "		<option value='' selected='selected'>".$text['label-global']."</option>\n";
 	}
 	else {
@@ -267,7 +262,6 @@
 	echo "</td>\n";
 	echo "<td class='vtable' style='position: relative;' align='left'>\n";
 	echo "	<select class='formfld' name='template_enabled'>\n";
-	echo "		<option value=''></option>\n";
 	if ($template_enabled == "true") {
 		echo "		<option value='true' selected='selected'>".$text['label-true']."</option>\n";
 	}
diff --git a/app/email_templates/email_templates.php b/app/email_templates/email_templates.php
index 0e755fde44..fc470ac8d3 100644
--- a/app/email_templates/email_templates.php
+++ b/app/email_templates/email_templates.php
@@ -56,28 +56,31 @@
 			//download
 				$obj = new email_templates;
 				$obj->delete($email_templates);
-			//delete message
+			//redirect
 				message::add($text['message-delete']);
+				header('Location: '.$_SERVER['PHP_SELF']);
+				exit;
 		}
 	}
 
 //get variables used to control the order
-	$order_by = check_str($_GET["order_by"]);
-	$order = check_str($_GET["order"]);
+	$order_by = $_GET["order_by"];
+	$order = $_GET["order"];
 
 //add the search term
-	$search = strtolower(check_str($_GET["search"]));
+	$search = strtolower($_GET["search"]);
 	if (strlen($search) > 0) {
 		$sql_search = " (";
-		$sql_search .= " lower(template_language) like '%".$search."%' ";
-		$sql_search .= " or template_category like '%".$search."%' ";
-		$sql_search .= " or template_subcategory like '%".$search."%' ";
-		//$sql_search .= " or template_subject like '%".$search."%' ";
-		//$sql_search .= " or template_body like '%".$search."%' ";
-		$sql_search .= " or template_type like '%".$search."%' ";
-		$sql_search .= " or template_enabled like '%".$search."%' ";
-		$sql_search .= " or lower(template_description) like '%".$search."%' ";
+		$sql_search .= " lower(template_language) like :search ";
+		$sql_search .= " or lower(template_category) like :search ";
+		$sql_search .= " or lower(template_subcategory) like :search ";
+		//$sql_search .= " or lower(template_subject) like :search ";
+		//$sql_search .= " or lower(template_body) like :search ";
+		$sql_search .= " or lower(template_type) like :search ";
+		$sql_search .= " or lower(template_enabled) like :search ";
+		$sql_search .= " or lower(template_description) like :search ";
 		$sql_search .= ") ";
+		$parameters['search'] = '%'.$search.'%';
 	}
 
 //additional includes
@@ -85,28 +88,21 @@
 	require_once "resources/paging.php";
 
 //prepare to page the results
-	$sql = "select count(email_template_uuid) as num_rows from v_email_templates ";
+	$sql = "select count(*) from v_email_templates ";
 	if ($_GET['show'] == "all" && permission_exists('email_template_all')) {
-		if (isset($sql_search)) {
+		if ($sql_search != '') {
 			$sql .= "where ".$sql_search;
 		}
-	} else {
-		$sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
-		if (isset($sql_search)) {
+	}
+	else {
+		$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
+		if ($sql_search != '') {
 			$sql .= "and ".$sql_search;
 		}
+		$parameters['domain_uuid'] = $domain_uuid;
 	}
-	$prep_statement = $db->prepare($sql);
-	if ($prep_statement) {
-		$prep_statement->execute();
-		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-		if ($row['num_rows'] > 0) {
-			$num_rows = $row['num_rows'];
-		}
-		else {
-			$num_rows = '0';
-		}
-	}
+	$database = new database;
+	$num_rows = $database->select($sql, $parameters, 'column');
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -117,28 +113,12 @@
 	$offset = $rows_per_page * $page;
 
 //get the list
-	$sql = "select * from v_email_templates ";
-	if ($_GET['show'] == "all" && permission_exists('email_template_all')) {
-		if (isset($sql_search)) {
-			$sql .= "where ".$sql_search;
-		}
-	} else {
-		$sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
-		if (isset($sql_search)) {
-			$sql .= "and ".$sql_search;
-		}
-	}
-	if (strlen($order_by) == 0) {
-		$sql .= "order by template_language asc ";
-	}
-	else {
-		$sql .= "order by $order_by $order ";
-	}
-	$sql .= "limit $rows_per_page offset $offset ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset ($prep_statement, $sql);
+	$sql = str_replace('count(*)', '*', $sql);
+	$sql .= order_by($order_by, $order, 'template_language', 'asc');
+	$sql .= limit_offset($rows_per_page, $offset);
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //alternate the row style
 	$c = 0;
@@ -209,7 +189,7 @@
 	echo "	</td>\n";
 	echo "<tr>\n";
 
-	if (is_array($result)) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		$x = 0;
 		foreach($result as $row) {
 			if (permission_exists('email_template_edit')) {
@@ -249,9 +229,9 @@
 			echo "</tr>\n";
 			$x++;
 			if ($c==0) { $c=1; } else { $c=0; }
-		} //end foreach
-		unset($sql, $result, $row_count);
-	} //end if results
+		}
+	}
+	unset($result, $row);
 
 	echo "<tr>\n";
 	echo "<td colspan='8' align='left'>\n";