diff --git a/core/notifications/notification_edit.php b/core/notifications/notification_edit.php index a3688a604b..b24b2423a5 100644 --- a/core/notifications/notification_edit.php +++ b/core/notifications/notification_edit.php @@ -41,18 +41,14 @@ else { // retrieve software uuid $sql = "select software_uuid, software_url, software_version from v_software"; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $software_uuid = $row["software_uuid"]; - $software_url = $row["software_url"]; - $software_version = $row["software_version"]; - break; // limit to 1 row - } + $database = new database; + $row = $database->select($sql, null, 'row'); + if (is_array($row) && sizeof($row) != 0) { + $software_uuid = $row["software_uuid"]; + $software_url = $row["software_url"]; + $software_version = $row["software_version"]; } - unset($sql, $prep_statement); + unset($sql, $row); if (count($_REQUEST) > 0) { @@ -76,21 +72,13 @@ else { // database name & version switch ($db_type) { - case "pgsql" : $db_ver_query = "select version() as db_ver;"; break; - case "mysql" : $db_ver_query = "select version() as db_ver;"; break; - case "sqlite" : $db_ver_query = "select sqlite_version() as db_ver;"; break; + case "pgsql" : $sql = "select version();"; break; + case "mysql" : $sql = "select version();"; break; + case "sqlite" : $sql = "select sqlite_version();"; break; } - $prep_statement = $db->prepare($db_ver_query); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $database_version = $row["db_ver"]; - break; // limit to 1 row - } - } - unset($db_ver_query, $prep_statement); - $db_ver = $database_version; + $database = new database; + $db_ver = $database->select($sql, null, 'column'); + unset($sql); // operating system name & version $os_platform = PHP_OS; @@ -157,16 +145,9 @@ else { // get local project notification participation flag $sql = "select project_notifications from v_notifications"; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $current_project_notifications = $row["project_notifications"]; - break; // limit to 1 row - } - } - unset($sql, $prep_statement); + $database = new database; + $current_project_notifications = $database->select($sql, null, 'row'); + unset($sql); // check if remote record should be removed if ($project_notifications == 'false') { @@ -191,7 +172,8 @@ else { if ($response['result'] == 'deleted') { // set local project notification participation flag to false $sql = "update v_notifications set project_notifications = 'false'"; - $db->exec(check_sql($sql)); + $database = new database; + $database->execute($sql); unset($sql); } } @@ -250,7 +232,8 @@ else { if ($response['result'] == 'updated' || $response['result'] == 'inserted') { // set local project notification participation flag to true $sql = "update v_notifications set project_notifications = 'true'"; - $db->exec(check_sql($sql)); + $database = new database; + $database->execute($sql); unset($sql); // set message if ( @@ -276,16 +259,12 @@ else { // check local project notification participation flag $sql = "select project_notifications from v_notifications"; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $setting["project_notifications"] = $row["project_notifications"]; - break; // limit to 1 row - } + $database = new database; + $row = $database->select($sql, null, 'row'); + if (is_array($row) && sizeof($row) != 0) { + $setting["project_notifications"] = $row["project_notifications"]; } - unset($sql, $prep_statement); + unset($sql, $row); // if participation enabled if ($setting["project_notifications"] == 'true') { diff --git a/core/upgrade/index.php b/core/upgrade/index.php index f5480e2f9c..be0a5c91ce 100644 --- a/core/upgrade/index.php +++ b/core/upgrade/index.php @@ -214,13 +214,14 @@ echo ""; echo ""; echo "  ".$text['description-upgrade_menu']; echo " \n"; diff --git a/core/user_settings/user_dashboard.php b/core/user_settings/user_dashboard.php index b2321574ff..07f5122523 100644 --- a/core/user_settings/user_dashboard.php +++ b/core/user_settings/user_dashboard.php @@ -54,7 +54,8 @@ $sql .= "default_setting_category = 'login' "; $sql .= "and default_setting_subcategory = 'message' "; $sql .= "and default_setting_name = 'text' "; - $db->exec(check_sql($sql)); + $database = new database; + $database->execute($sql); unset($sql); } @@ -127,18 +128,19 @@ $stats['domain']['devices']['total'] = 0; $stats['domain']['devices']['disabled'] = 0; $sql = "select domain_uuid, device_enabled from v_devices"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['devices']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['devices']['disabled'] += ($row['device_enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['devices']['total']++; - $stats['domain']['devices']['disabled'] += ($row['device_enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['devices']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['devices']['disabled'] += ($row['device_enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['devices']['total']++; + $stats['domain']['devices']['disabled'] += ($row['device_enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //extensions @@ -148,18 +150,19 @@ $stats['domain']['extensions']['total'] = 0; $stats['domain']['extensions']['disabled'] = 0; $sql = "select domain_uuid, enabled from v_extensions"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['extensions']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['extensions']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['extensions']['total']++; - $stats['domain']['extensions']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['extensions']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['extensions']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['extensions']['total']++; + $stats['domain']['extensions']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //gateways @@ -169,18 +172,19 @@ $stats['domain']['gateways']['total'] = 0; $stats['domain']['gateways']['disabled'] = 0; $sql = "select domain_uuid, enabled from v_gateways"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['gateways']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['gateways']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['gateways']['total']++; - $stats['domain']['gateways']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['gateways']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['gateways']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['gateways']['total']++; + $stats['domain']['gateways']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //users @@ -190,18 +194,19 @@ $stats['domain']['users']['total'] = 0; $stats['domain']['users']['disabled'] = 0; $sql = "select domain_uuid, user_enabled from v_users"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['users']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['users']['disabled'] += ($row['user_enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['users']['total']++; - $stats['domain']['users']['disabled'] += ($row['user_enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['users']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['users']['disabled'] += ($row['user_enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['users']['total']++; + $stats['domain']['users']['disabled'] += ($row['user_enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //destinations @@ -211,18 +216,19 @@ $stats['domain']['destinations']['total'] = 0; $stats['domain']['destinations']['disabled'] = 0; $sql = "select domain_uuid, destination_enabled from v_destinations"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['destinations']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['destinations']['disabled'] += ($row['destination_enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['destinations']['total']++; - $stats['domain']['destinations']['disabled'] += ($row['destination_enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['destinations']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['destinations']['disabled'] += ($row['destination_enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['destinations']['total']++; + $stats['domain']['destinations']['disabled'] += ($row['destination_enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //call center queues @@ -232,18 +238,19 @@ $stats['domain']['call_center_queues']['total'] = 0; $stats['domain']['call_center_queues']['disabled'] = 0; $sql = "select domain_uuid from v_call_center_queues"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['call_center_queues']['total'] = count($result); - foreach ($result as $row) { - //$stats['system']['call_center_queues']['disabled'] += ($row['queue_enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['call_center_queues']['total']++; - //$stats['domain']['call_center_queues']['disabled'] += ($row['queue_enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['call_center_queues']['total'] = sizeof($result); + foreach ($result as $row) { + //$stats['system']['call_center_queues']['disabled'] += ($row['queue_enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['call_center_queues']['total']++; + //$stats['domain']['call_center_queues']['disabled'] += ($row['queue_enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //ivr menus @@ -253,18 +260,19 @@ $stats['domain']['ivr_menus']['total'] = 0; $stats['domain']['ivr_menus']['disabled'] = 0; $sql = "select domain_uuid, ivr_menu_enabled from v_ivr_menus"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['ivr_menus']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['ivr_menus']['disabled'] += ($row['ivr_menu_enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['ivr_menus']['total']++; - $stats['domain']['ivr_menus']['disabled'] += ($row['ivr_menu_enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['ivr_menus']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['ivr_menus']['disabled'] += ($row['ivr_menu_enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['ivr_menus']['total']++; + $stats['domain']['ivr_menus']['disabled'] += ($row['ivr_menu_enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //ring groups @@ -274,18 +282,19 @@ $stats['domain']['ring_groups']['total'] = 0; $stats['domain']['ring_groups']['disabled'] = 0; $sql = "select domain_uuid, ring_group_enabled from v_ring_groups"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['ring_groups']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['ring_groups']['disabled'] += ($row['ring_group_enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['ring_groups']['total']++; - $stats['domain']['ring_groups']['disabled'] += ($row['ring_group_enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['ring_groups']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['ring_groups']['disabled'] += ($row['ring_group_enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['ring_groups']['total']++; + $stats['domain']['ring_groups']['disabled'] += ($row['ring_group_enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //voicemails @@ -295,18 +304,19 @@ $stats['domain']['voicemails']['total'] = 0; $stats['domain']['voicemails']['disabled'] = 0; $sql = "select domain_uuid, voicemail_enabled from v_voicemails"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['voicemails']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['voicemails']['disabled'] += ($row['voicemail_enabled'] != 'true') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['voicemails']['total']++; - $stats['domain']['voicemails']['disabled'] += ($row['voicemail_enabled'] != 'true') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['voicemails']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['voicemails']['disabled'] += ($row['voicemail_enabled'] != 'true') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['voicemails']['total']++; + $stats['domain']['voicemails']['disabled'] += ($row['voicemail_enabled'] != 'true') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } //voicemail messages @@ -316,18 +326,19 @@ $stats['domain']['messages']['total'] = 0; $stats['domain']['messages']['new'] = 0; $sql = "select domain_uuid, message_status from v_voicemail_messages"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $stats['system']['messages']['total'] = count($result); - foreach ($result as $row) { - $stats['system']['messages']['new'] += ($row['message_status'] != 'saved') ? 1 : 0; - if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { - $stats['domain']['messages']['total']++; - $stats['domain']['messages']['new'] += ($row['message_status'] != 'saved') ? 1 : 0; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + $stats['system']['messages']['total'] = sizeof($result); + foreach ($result as $row) { + $stats['system']['messages']['new'] += ($row['message_status'] != 'saved') ? 1 : 0; + if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { + $stats['domain']['messages']['total']++; + $stats['domain']['messages']['new'] += ($row['message_status'] != 'saved') ? 1 : 0; + } } } - unset ($sql, $prep_statement, $result); + unset($sql, $result); } } @@ -410,6 +421,7 @@ foreach ($_SESSION['user']['extension'] as $assigned_extension) { $assigned_extensions[$assigned_extension['extension_uuid']] = $assigned_extension['user']; } + unset($assigned_extension); //if also viewing system status, show more recent calls (more room avaialble) $missed_limit = (is_array($selected_blocks) && in_array('counts', $selected_blocks)) ? 10 : 5; @@ -425,30 +437,34 @@ from v_xml_cdr where - domain_uuid = '".$_SESSION['domain_uuid']."' + domain_uuid = :domain_uuid and ( direction = 'inbound' or direction = 'local' ) - and (missed_call = true or bridge_uuid is null) - and destination_number in ('".implode("','",$assigned_extensions)."') - and ("; - $x = 0; - foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) { - $sql .= "extension_uuid = '".$assigned_extension_uuid."' "; - $sql .= "or destination_number = '".$assigned_extension."' "; - if (++$x < sizeof($assigned_extensions)) { $sql .= "or "; } + and (missed_call = true or bridge_uuid is null) "; + if (is_array($assigned_extensions) && sizeof($assigned_extensions) != 0) { + $x = 0; + foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) { + $sql_where_array[] = "extension_uuid = :assigned_extension_uuid_".$x; + $sql_where_array[] = "destination_number = :destination_number_".$x; + $parameters['assigned_extension_uuid_'.$x] = $assigned_extension_uuid; + $parameters['destination_number_'.$x] = $assigned_extension; + $x++; + } + if (is_array($sql_where_array) && sizeof($sql_where_array) != 0) { + $sql .= "and (".implode(' or ', $sql_where_array).") "; + } + unset($sql_where_array); } $sql .= " - ) and start_epoch > ".(time() - 86400)." order by start_epoch desc"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - $result_count = count($result); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + $num_rows = is_array($result) ? sizeof($result) : 0; $c = 0; $row_style["0"] = "row_style0"; @@ -456,20 +472,20 @@ $hud[$n]['html'] .= "".$text['label-missed_calls'].""; - $hud[$n]['html'] .= "".$result_count.""; + $hud[$n]['html'] .= "".$num_rows.""; $hud[$n]['html'] .= "".$text['label-last_24_hours']."\n"; $hud[$n]['html'] .= "
"; $hud[$n]['html'] .= "\n"; $hud[$n]['html'] .= "\n"; - if ($result_count > 0) { + if ($num_rows > 0) { $hud[$n]['html'] .= "\n"; } $hud[$n]['html'] .= "\n"; $hud[$n]['html'] .= "\n"; $hud[$n]['html'] .= "\n"; - if ($result_count > 0) { + if ($num_rows > 0) { $theme_cdr_images_exist = ( file_exists($theme_image_path."icon_cdr_inbound_voicemail.png") && file_exists($theme_image_path."icon_cdr_inbound_cancelled.png") && @@ -512,8 +528,8 @@ $hud[$n]['html'] .= "\n"; $c = ($c) ? 0 : 1; } - unset($sql, $result, $row_count); } + unset($sql, $parameters, $result, $num_rows, $index, $row); $hud[$n]['html'] .= "
 ".$text['label-cid_number']."".$text['label-missed']."
\n"; $hud[$n]['html'] .= "".$text['label-view_all']."\n"; @@ -544,26 +560,33 @@ from v_xml_cdr where - domain_uuid = '".$_SESSION['domain_uuid']."' - and ("; - $x = 0; - foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) { - $sql .= "extension_uuid = '".$assigned_extension_uuid."' "; - $sql .= "or caller_id_number = '".$assigned_extension."' "; - $sql .= "or destination_number = '".$assigned_extension."' "; - $sql .= "or destination_number = '*99".$assigned_extension."' "; - if (++$x < sizeof($assigned_extensions)) { $sql .= "or "; } + domain_uuid = :domain_uuid "; + if (is_array($assigned_extensions) && sizeof($assigned_extensions) != 0) { + $x = 0; + foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) { + $sql_where_array[] = "extension_uuid = extension_uuid_".$x; + $sql_where_array[] = "caller_id_number = caller_id_number_".$x; + $sql_where_array[] = "destination_number = destination_number_1_".$x; + $sql_where_array[] = "destination_number = destination_number_2_".$x; + $parameters['extension_uuid_'.$x] = $assigned_extension_uuid; + $parameters['caller_id_number_'.$x] = $assigned_extension; + $parameters['destination_number_1_'.$x] = $assigned_extension; + $parameters['destination_number_2_'.$x] = '*99'.$assigned_extension; + $x++; + } + if (is_array($sql_where_array) && sizeof($sql_where_array) != 0) { + $sql .= "and (".implode(' or ', $sql_where_array).") "; + } + unset($sql_where_array); } $sql .= " - ) and start_epoch > ".(time() - 86400)." order by start_epoch desc"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - $result_count = count($result); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + $num_rows = is_array($result) ? sizeof($result) : 0; $c = 0; $row_style["0"] = "row_style0"; @@ -571,20 +594,20 @@ $hud[$n]['html'] .= "".$text['label-recent_calls'].""; - $hud[$n]['html'] .= "".$result_count.""; + $hud[$n]['html'] .= "".$num_rows.""; $hud[$n]['html'] .= "".$text['label-last_24_hours']."\n"; $hud[$n]['html'] .= "
"; $hud[$n]['html'] .= "\n"; $hud[$n]['html'] .= "\n"; - if ($result_count > 0) { + if ($num_rows > 0) { $hud[$n]['html'] .= "\n"; } $hud[$n]['html'] .= "\n"; $hud[$n]['html'] .= "\n"; $hud[$n]['html'] .= "\n"; - if ($result_count > 0) { + if ($num_rows > 0) { $theme_cdr_images_exist = ( file_exists($theme_image_path."icon_cdr_inbound_answered.png") && file_exists($theme_image_path."icon_cdr_inbound_voicemail.png") && @@ -659,8 +682,8 @@ unset($cdr_name, $cdr_number); $c = ($c) ? 0 : 1; } - unset($sql, $result, $row_count); } + unset($sql, $parameters, $result, $num_rows, $index, $row); $hud[$n]['html'] .= "
 ".$text['label-cid_number']."".$text['label-date_time']."
\n"; $hud[$n]['html'] .= "".$text['label-view_all']."\n"; @@ -1076,7 +1099,7 @@ //db connections switch ($db_type) { case 'pgsql': - $sql = "select count(*) as connections from pg_stat_activity"; + $sql = "select count(*) from pg_stat_activity"; break; case 'mysql': $sql = "show status where `variable_name` = 'Threads_connected'"; @@ -1090,11 +1113,9 @@ } } if ($sql != '') { - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - $connections = $result['connections']; - unset ($sql, $prep_statement, $result); + $database = new database; + $connections = $database->select($sql, null, 'column'); + unset($sql); } if ($connections != '') { $hud[$n]['html'] .= "\n"; diff --git a/core/user_settings/user_setting_delete.php b/core/user_settings/user_setting_delete.php index e009b17c24..e831e3d6d3 100644 --- a/core/user_settings/user_setting_delete.php +++ b/core/user_settings/user_setting_delete.php @@ -44,26 +44,32 @@ //delete user settings $user_setting_uuids = $_REQUEST["id"]; - $user_uuid = check_str($_REQUEST["user_uuid"]); + $user_uuid = $_REQUEST["user_uuid"]; - if (sizeof($user_setting_uuids) > 0) { - foreach ($user_setting_uuids as $user_setting_uuid) { - $sql = "delete from v_user_settings "; - $sql .= "where user_uuid = '".$user_uuid."' "; - $sql .= "and user_setting_uuid = '".$user_setting_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset ($prep_statement, $sql); + if (is_uuid($user_uuid) && is_array($user_setting_uuids) && sizeof($user_setting_uuids) != 0) { + foreach ($user_setting_uuids as $index => $user_setting_uuid) { + if (is_uuid($user_setting_uuid)) { + $array['user_settings'][$index]['user_setting_uuid'] = $user_setting_uuid; + $array['user_settings'][$index]['user_uuid'] = $user_uuid; + } + } + if (is_array($array) && sizeof($array) != 0) { + $database = new database; + $database->app_name = 'user_settings'; + $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97'; + $database->delete($array); + $user_settings_deleted = sizeof($array['user_settings']); + unset($array); } // set message - $_SESSION["message"] = $text['message-delete'].": ".sizeof($user_setting_uuids); + message::add($text['message-delete'].": ".$user_settings_deleted); } else { // set message message::add($text['message-delete_failed'], 'negative'); } - header("Location: /core/users/user_edit.php?id=".check_str($_REQUEST["user_uuid"])); + header("Location: /core/users/user_edit.php?id=".$user_uuid); exit; ?> diff --git a/core/user_settings/user_setting_edit.php b/core/user_settings/user_setting_edit.php index c6663eea0e..010a056155 100644 --- a/core/user_settings/user_setting_edit.php +++ b/core/user_settings/user_setting_edit.php @@ -62,35 +62,35 @@ } //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $user_setting_uuid = check_str($_REQUEST["id"]); + $user_setting_uuid = $_REQUEST["id"]; } else { $action = "add"; } //set the user_uuid - if (strlen($_GET["user_uuid"]) > 0) { - $user_uuid = check_str($_GET["user_uuid"]); + if (is_uuid($_GET["user_uuid"])) { + $user_uuid = $_GET["user_uuid"]; } //get http post variables and set them to php variables if (count($_REQUEST) > 0) { - $user_setting_category = strtolower(check_str($_REQUEST["user_setting_category"])); - $user_setting_subcategory = strtolower(check_str($_POST["user_setting_subcategory"])); - $user_setting_name = strtolower(check_str($_POST["user_setting_name"])); - $user_setting_value = check_str($_POST["user_setting_value"]); - $user_setting_order = check_str($_POST["user_setting_order"]); - $user_setting_enabled = strtolower(check_str($_POST["user_setting_enabled"])); - $user_setting_description = check_str($_POST["user_setting_description"]); + $user_setting_category = strtolower($_REQUEST["user_setting_category"]); + $user_setting_subcategory = strtolower($_POST["user_setting_subcategory"]); + $user_setting_name = strtolower($_POST["user_setting_name"]); + $user_setting_value = $_POST["user_setting_value"]; + $user_setting_order = $_POST["user_setting_order"]; + $user_setting_enabled = strtolower($_POST["user_setting_enabled"]); + $user_setting_description = $_POST["user_setting_description"]; } if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { $msg = ''; if ($action == "update") { - $user_setting_uuid = check_str($_POST["user_setting_uuid"]); + $user_setting_uuid = $_POST["user_setting_uuid"]; } //check for all required/authorized data @@ -122,198 +122,177 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //update switch timezone variables if ($user_setting_category == "domain" && $user_setting_subcategory == "time_zone" && $user_setting_name == "name" ) { //get the dialplan_uuid - $sql = "select * from v_dialplans "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; + $sql = "select dialplan_uuid from v_dialplans "; + $sql .= "where domain_uuid = :domain_uuid "; $sql .= "and app_uuid = '9f356fe7-8cf8-4c14-8fe2-6daf89304458' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as $row) { - $dialplan_uuid = $row["dialplan_uuid"]; - } - unset ($prep_statement); + $parameters['domain_uuid'] = $domain_uuid; + $database = new database; + $dialplan_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); //get the action - $sql = "select * from v_dialplan_details "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and dialplan_uuid = '".$dialplan_uuid."' "; + $sql = "select dialplan_detail_uuid from v_dialplan_details "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and dialplan_uuid = :dialplan_uuid "; $sql .= "and dialplan_detail_tag = 'action' "; $sql .= "and dialplan_detail_type = 'set' "; $sql .= "and dialplan_detail_data like 'timezone=%' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $detail_action = "add"; - foreach ($result as $row) { - $dialplan_detail_uuid = $row["dialplan_detail_uuid"]; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['dialplan_uuid'] = $dialplan_uuid; + $database = new database; + $dialplan_detail_uuid = $database->select($sql, $parameters, 'column'); + if (is_uuid($dialplan_detail_uuid)) { $detail_action = "update"; } - unset ($prep_statement); + unset($sql, $parameters); //update the timezone if ($detail_action == "update") { - $sql = "update v_dialplan_details "; - $sql .= "set dialplan_detail_data = 'timezone=".$user_setting_value."' "; - $sql .= "where dialplan_detail_uuid = '".$dialplan_detail_uuid."' "; + $p = new permissions; + $p->add('dialplan_detail_edit', 'temp'); + + $array['dialplan_details'][0]['dialplan_detail_uuid'] = $dialplan_detail_uuid; + $array['dialplan_details'][0]['dialplan_detail_data'] = 'timezone='.$user_setting_value; } else { - $dialplan_detail_uuid = uuid(); - $dialplan_detail_group = 0; - $sql = "insert into v_dialplan_details "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "dialplan_detail_uuid, "; - $sql .= "dialplan_uuid, "; - $sql .= "dialplan_detail_tag, "; - $sql .= "dialplan_detail_type, "; - $sql .= "dialplan_detail_data, "; - $sql .= "dialplan_detail_inline, "; - $sql .= "dialplan_detail_group "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$domain_uuid."', "; - $sql .= "'".$dialplan_detail_uuid."', "; - $sql .= "'".$dialplan_uuid."', "; - $sql .= "'action', "; - $sql .= "'set', "; - $sql .= "'timezone=".$user_setting_value."', "; - $sql .= "'true', "; - $sql .= "'".$dialplan_detail_group."' "; - $sql .= "); "; + $p = new permissions; + $p->add('dialplan_detail_add', 'temp'); + + $array['dialplan_details'][0]['domain_uuid'] = $domain_uuid; + $array['dialplan_details'][0]['dialplan_detail_uuid'] = uuid(); + $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplan_details'][0]['dialplan_detail_tag'] = 'action'; + $array['dialplan_details'][0]['dialplan_detail_type'] = 'set'; + $array['dialplan_details'][0]['dialplan_detail_data'] = 'timezone='.$user_setting_value; + $array['dialplan_details'][0]['dialplan_detail_inline'] = 'true'; + $array['dialplan_details'][0]['dialplan_detail_group'] = 0; + } + if (is_array($array) && sizeof($array) != 0) { + $database = new database; + $database->app_name = 'user_settings'; + $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97'; + $database->save($array); + unset($array); + + $p->delete('dialplan_detail_edit', 'temp'); + $p->delete('dialplan_detail_add', 'temp'); } - $db->query($sql); - unset($sql); } //add the user setting if ($action == "add" && permission_exists('user_setting_add')) { - $sql = "insert into v_user_settings "; - $sql .= "("; - $sql .= "user_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "user_setting_uuid, "; - $sql .= "user_setting_category, "; - $sql .= "user_setting_subcategory, "; - $sql .= "user_setting_name, "; - $sql .= "user_setting_value, "; - $sql .= "user_setting_order, "; - $sql .= "user_setting_enabled, "; - $sql .= "user_setting_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'$user_uuid', "; - $sql .= "'$domain_uuid', "; - $sql .= "'".uuid()."', "; - $sql .= "'$user_setting_category', "; - $sql .= "'$user_setting_subcategory', "; - $sql .= "'$user_setting_name', "; - $sql .= "'$user_setting_value', "; - $sql .= "$user_setting_order, "; - $sql .= "'$user_setting_enabled', "; - $sql .= "'$user_setting_description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - } //if ($action == "add") + $array['user_settings'][0]['user_setting_uuid'] = uuid(); + } //update the user setting if ($action == "update" && permission_exists('user_setting_edit')) { - $sql = "update v_user_settings set "; - $sql .= "user_setting_category = '$user_setting_category', "; - $sql .= "user_setting_subcategory = '$user_setting_subcategory', "; - $sql .= "user_setting_name = '$user_setting_name', "; - $sql .= "user_setting_value = '$user_setting_value', "; - $sql .= "user_setting_order = $user_setting_order, "; - $sql .= "user_setting_enabled = '$user_setting_enabled', "; - $sql .= "user_setting_description = '$user_setting_description' "; - $sql .= "where user_uuid = '$user_uuid' "; - $sql .= "and user_setting_uuid = '$user_setting_uuid'"; - $db->exec(check_sql($sql)); - unset($sql); - } //if ($action == "update") + $array['user_settings'][0]['user_setting_uuid'] = $user_setting_uuid; + } + + //execute add or update + if (is_array($array) && sizeof($array) != 0) { + $array['user_settings'][0]['user_uuid'] = $user_uuid; + $array['user_settings'][0]['domain_uuid'] = $domain_uuid; + $array['user_settings'][0]['user_setting_category'] = $user_setting_category; + $array['user_settings'][0]['user_setting_subcategory'] = $user_setting_subcategory; + $array['user_settings'][0]['user_setting_name'] = $user_setting_name; + $array['user_settings'][0]['user_setting_value'] = $user_setting_value; + $array['user_settings'][0]['user_setting_order'] = $user_setting_order; + $array['user_settings'][0]['user_setting_enabled'] = $user_setting_enabled; + $array['user_settings'][0]['user_setting_description'] = $user_setting_description; + + $database = new database; + $database->app_name = 'user_settings'; + $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97'; + $database->save($array); + unset($array); + } //update time zone if ($user_setting_category == "domain" && $user_setting_subcategory == "time_zone" && $user_setting_name == "name" && strlen($user_setting_value) > 0 ) { $sql = "select * from v_dialplans "; $sql .= "where app_uuid = '34dd307b-fffe-4ead-990c-3d070e288126' "; - $sql .= "and domain_uuid = '".$_SESSION["domain_uuid"]."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $time_zone_found = false; - foreach ($result as &$row) { - //get the dialplan_uuid - $dialplan_uuid = $row["dialplan_uuid"]; + $sql .= "and domain_uuid = :domain_uuid "; + $parameters['domain_uuid'] = $_SESSION["domain_uuid"]; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); - //get the dialplan details - $sql = "select * from v_dialplan_details "; - $sql .= "where dialplan_uuid = '".$dialplan_uuid."' "; - $sql .= "and domain_uuid = '".$_SESSION["domain_uuid"]."' "; - $sub_prep_statement = $db->prepare(check_sql($sql)); - $sub_prep_statement->execute(); - $sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($sub_result as $field) { - $dialplan_detail_uuid = $field["dialplan_detail_uuid"]; - $dialplan_detail_tag = $field["dialplan_detail_tag"]; //action //condition - $dialplan_detail_type = $field["dialplan_detail_type"]; //set - $dialplan_detail_data = $field["dialplan_detail_data"]; - $dialplan_detail_group = $field["dialplan_detail_group"]; - if ($dialplan_detail_tag == "action" && $dialplan_detail_type == "set") { - $data_array = explode("=", $dialplan_detail_data); - if ($data_array[0] == "timezone") { - $time_zone_found = true; - break; + $time_zone_found = false; + if (is_array($result) && sizeof($result) != 0) { + foreach ($result as &$row) { + //get the dialplan_uuid + $dialplan_uuid = $row["dialplan_uuid"]; + + //get the dialplan details + $sql = "select * from v_dialplan_details "; + $sql .= "where dialplan_uuid = :dialplan_uuid "; + $sql .= "and domain_uuid = :domain_uuid "; + $parameters['dialplan_uuid'] = $dialplan_uuid; + $parameters['domain_uuid'] = $_SESSION["domain_uuid"]; + $database = new database; + $sub_result = $database->select($sql, $parameters, 'all'); + if (is_array($sub_result) && sizeof($sub_result) != 0) { + foreach ($sub_result as $sub_row) { + $dialplan_detail_uuid = $sub_row["dialplan_detail_uuid"]; + $dialplan_detail_tag = $sub_row["dialplan_detail_tag"]; //action //condition + $dialplan_detail_type = $sub_row["dialplan_detail_type"]; //set + $dialplan_detail_data = $sub_row["dialplan_detail_data"]; + $dialplan_detail_group = $sub_row["dialplan_detail_group"]; + if ($dialplan_detail_tag == "action" && $dialplan_detail_type == "set") { + $data_array = explode("=", $dialplan_detail_data); + if ($data_array[0] == "timezone") { + $time_zone_found = true; + break; + } + } } } - } + unset($sql, $parameters, $sub_result, $sub_row); - //add the time zone - if (!$time_zone_found) { - //$dialplan_detail_uuid = uuid(); - $dialplan_detail_uuid = "eb3b3a4e-88ea-4306-b2a8-9f52d3c95f2f"; - $sql = "insert into v_dialplan_details "; - $sql .= "("; - $sql .= "domain_uuid, "; - $sql .= "dialplan_uuid, "; - $sql .= "dialplan_detail_uuid, "; - $sql .= "dialplan_detail_tag, "; - $sql .= "dialplan_detail_type, "; - $sql .= "dialplan_detail_data, "; - $sql .= "dialplan_detail_group, "; - $sql .= "dialplan_detail_order "; - $sql .= ") "; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$_SESSION["domain_uuid"]."', "; //8cfd9525-6ccf-4c2c-813a-bca5809067cd - $sql .= "'$dialplan_uuid', "; //807b4aa6-4478-4663-a661-779397c1d542 - $sql .= "'$dialplan_detail_uuid', "; - $sql .= "'action', "; - $sql .= "'set', "; - $sql .= "'timezone=$user_setting_value', "; - if (strlen($dialplan_detail_group) > 0) { - $sql .= "'$dialplan_detail_group', "; - } - else { - $sql .= "null, "; - } - $sql .= "'15' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - } + //add the time zone + if (!$time_zone_found) { + $dialplan_detail_uuid = "eb3b3a4e-88ea-4306-b2a8-9f52d3c95f2f"; + $array['dialplan_details'][0]['domain_uuid'] = $_SESSION["domain_uuid"]; + $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid; + $array['dialplan_details'][0]['dialplan_detail_uuid'] = $dialplan_detail_uuid; + $array['dialplan_details'][0]['dialplan_detail_tag'] = 'action'; + $array['dialplan_details'][0]['dialplan_detail_type'] = 'set'; + $array['dialplan_details'][0]['dialplan_detail_data'] = 'timezone='.$user_setting_value; + $array['dialplan_details'][0]['dialplan_detail_group'] = strlen($dialplan_detail_group) > 0 ? $dialplan_detail_group : 'null'; + $array['dialplan_details'][0]['dialplan_detail_order'] = '15'; - //update the time zone - if ($time_zone_found) { - $sql = "update v_dialplan_details set "; - $sql .= "dialplan_detail_data = 'timezone=".$user_setting_value."' "; - $sql .= "where domain_uuid = '".$_SESSION["domain_uuid"]."' "; - $sql .= "and dialplan_uuid = '$dialplan_uuid' "; - $sql .= "and dialplan_detail_uuid = '$dialplan_detail_uuid' "; - $db->exec(check_sql($sql)); - unset($sql); - } + $p = new permissions; + $p->add('dialplan_detail_add', 'temp'); + + $database = new database; + $database->app_name = 'user_settings'; + $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97'; + $database->save($array); + unset($array); + + $p->delete('dialplan_detail_add', 'temp'); + } + + //update the time zone + if ($time_zone_found) { + $array['dialplan_details'][0]['dialplan_detail_uuid'] = $dialplan_detail_uuid; + $array['dialplan_details'][0]['dialplan_detail_data'] = 'timezone='.$user_setting_value; + $array['dialplan_details'][0]['domain_uuid'] = $_SESSION["domain_uuid"]; + $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid; + + $p = new permissions; + $p->add('dialplan_detail_edit', 'temp'); + + $database = new database; + $database->app_name = 'user_settings'; + $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97'; + $database->save($array); + unset($array); + + $p->delete('dialplan_detail_edit', 'temp'); + } + } } } @@ -326,19 +305,20 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { } header("Location: /core/users/user_edit.php?id=".$user_uuid); return; - } //if ($_POST["persistformvar"] != "true") -} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } +} //pre-populate the form - if (count($_GET)>0 && $_POST["persistformvar"] != "true") { - $user_setting_uuid = check_str($_GET["id"]); + if (is_uuid($_GET["id"]) && count($_GET)>0 && $_POST["persistformvar"] != "true") { + $user_setting_uuid = $_GET["id"]; $sql = "select * from v_user_settings "; - $sql .= "where user_uuid = '$user_uuid' "; - $sql .= "and user_setting_uuid = '$user_setting_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where user_uuid = :user_uuid "; + $sql .= "and user_setting_uuid = :user_setting_uuid "; + $parameters['user_uuid'] = $user_uuid; + $parameters['user_setting_uuid'] = $user_setting_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $user_setting_category = $row["user_setting_category"]; $user_setting_subcategory = $row["user_setting_subcategory"]; $user_setting_name = $row["user_setting_name"]; @@ -346,9 +326,8 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { $user_setting_order = $row["user_setting_order"]; $user_setting_enabled = $row["user_setting_enabled"]; $user_setting_description = $row["user_setting_description"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header @@ -449,18 +428,19 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { $sql = ""; $sql .= "select * from v_menus "; $sql .= "order by menu_language, menu_name asc "; - $sub_prep_statement = $db->prepare(check_sql($sql)); - $sub_prep_statement->execute(); - $sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($sub_result as $sub_row) { - if (strtolower($row['user_setting_value']) == strtolower($sub_row["menu_uuid"])) { - echo " \n"; + $database = new database; + $result = $database->select($sql, null, 'all'); + if (is_array($result) && sizeof($result) != 0) { + foreach ($result as $row) { + if (strtolower($row['user_setting_value']) == strtolower($row["menu_uuid"])) { + echo " \n"; + } } } - unset ($sub_prep_statement); + unset($sql, $result, $row); echo " \n"; } elseif ($category == "domain" && $subcategory == "template" && $name == "name" ) { diff --git a/core/user_settings/user_settings.php b/core/user_settings/user_settings.php index 325d45b2b8..a2fbfed24d 100644 --- a/core/user_settings/user_settings.php +++ b/core/user_settings/user_settings.php @@ -39,51 +39,58 @@ } //toggle setting enabled - if (sizeof($_REQUEST) > 1) { - $user_uuid = check_str($_REQUEST["user_id"]); - $user_setting_uuids = $_REQUEST["id"]; - $enabled = check_str($_REQUEST['enabled']); + if ( + is_uuid($_REQUEST["user_id"]) && + is_array($_REQUEST["id"]) && + sizeof($_REQUEST["id"]) == 1 && + ($_REQUEST['enabled'] === 'true' || $_REQUEST['enabled'] === 'false') + ) { - if ($user_uuid != '' && sizeof($user_setting_uuids) == 1 && $enabled != '') { - $sql = "update v_user_settings set "; - $sql .= "user_setting_enabled = '".$enabled."' "; - $sql .= "where user_uuid = '".$user_uuid."' "; - $sql .= "and user_setting_uuid = '".$user_setting_uuids[0]."' "; - $db->exec(check_sql($sql)); - unset($sql); + //get input + $user_setting_uuids = $_REQUEST["id"]; + $enabled = $_REQUEST['enabled']; + //update setting + $array['user_settings'][0]['user_setting_uuid'] = $user_setting_uuids[0]; + $array['user_settings'][0]['user_setting_enabled'] = $enabled; + $database = new database; + $database->app_name = 'user_settings'; + $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97'; + $database->save($array); + unset($array); + + //redirect message::add($text['message-update']); - header("Location: /core/users/user_edit.php?id=".$user_uuid); + header("Location: /core/users/user_edit.php?id=".$_REQUEST["user_id"]); exit; - } } //include the paging require_once "resources/paging.php"; //get the variables - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; //show the content echo "
"; echo ""; +//common sql where + $sql_where = "where user_uuid = :user_uuid "; + $sql_where .= "and not ( "; + $sql_where .= "(user_setting_category = 'domain' and user_setting_subcategory = 'language') "; + $sql_where .= "or (user_setting_category = 'domain' and user_setting_subcategory = 'time_zone') "; + $sql_where .= "or (user_setting_category = 'message' and user_setting_subcategory = 'key') "; + $sql_where .= ") "; + $parameters['user_uuid'] = $user_uuid; + //prepare to page the results - $sql = "select count(*) as num_rows from v_user_settings "; - $sql .= "where user_uuid = '$user_uuid' "; - $prep_statement = $db->prepare($sql); - if ($prep_statement) { - $prep_statement->execute(); - $row = $prep_statement->fetch(PDO::FETCH_ASSOC); - if ($row['num_rows'] > 0) { - $num_rows = $row['num_rows']; - } - else { - $num_rows = '0'; - } - unset ($prep_statement, $sql); - } + $sql = "select count(*) from v_user_settings "; + $sql .= $sql_where; + $database = new database; + $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 100; @@ -95,23 +102,17 @@ //get the list $sql = "select * from v_user_settings "; - $sql .= "where user_uuid = '$user_uuid' "; - $sql .= "and not ( "; - $sql .= "(user_setting_category = 'domain' and user_setting_subcategory = 'language') "; - $sql .= "or (user_setting_category = 'domain' and user_setting_subcategory = 'time_zone') "; - $sql .= "or (user_setting_category = 'message' and user_setting_subcategory = 'key') "; - $sql .= ") "; - if (strlen($order_by) == 0) { + $sql .= $sql_where; + if ($order_by != '') { $sql .= "order by user_setting_category, user_setting_subcategory, user_setting_order asc "; } else { - $sql .= "order by $order_by $order "; + $sql .= order_by($order_by, $order); } - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $user_settings = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql .= limit_offset($rows_per_page, $offset); + $database = new database; + $user_settings = $database->select($sql, $parameters, 'all'); + unset($sql, $sql_where, $parameters); $c = 0; $row_style["0"] = "row_style0"; @@ -120,7 +121,7 @@ //show the content echo "\n"; - if (is_array($user_settings)) { + if (is_array($user_settings) && sizeof($user_settings) != 0) { $previous_category = ''; foreach($user_settings as $row) { if ($previous_category != $row['user_setting_category']) { @@ -190,14 +191,16 @@ $name = $row['user_setting_name']; if ($category == "domain" && $subcategory == "menu" && $name == "uuid" ) { $sql = "select * from v_menus "; - $sql .= "where menu_uuid = '".$row['user_setting_value']."' "; - $sub_prep_statement = $db->prepare(check_sql($sql)); - $sub_prep_statement->execute(); - $sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); - foreach ($sub_result as &$sub_row) { - echo $sub_row["menu_language"]." - ".$sub_row["menu_name"]."\n"; + $sql .= "where menu_uuid = :menu_uuid "; + $parameters['menu_uuid'] = $row['user_setting_value']; + $database = new database; + $sub_result = $database->select($sql, $parameters, 'all'); + if (is_array($sub_result) && sizeof($sub_result) != 0) { + foreach ($sub_result as &$sub_row) { + echo $sub_row["menu_language"]." - ".$sub_row["menu_name"]."\n"; + } } + unset($sql, $parameters, $sub_result, $sub_row); } elseif ($category == "domain" && $subcategory == "template" && $name == "name" ) { echo " ".ucwords($row['user_setting_value']); @@ -232,7 +235,7 @@ } echo " \n"; echo " \n"; echo " \n"; echo " "; echo " "; diff --git a/core/users/user_imports.php b/core/users/user_imports.php index ec9dba1c5d..8f8c16849d 100644 --- a/core/users/user_imports.php +++ b/core/users/user_imports.php @@ -42,7 +42,7 @@ $language = new text; $text = $language->get(); -//built in str_getcsv requires PHP 5.3 or higher, this function can be used to reproduct the functionality but requirs PHP 5.1.0 or higher +//built in str_getcsv requires PHP 5.3 or higher, this function can be used to reproduce the functionality but requires PHP 5.1.0 or higher if(!function_exists('str_getcsv')) { function str_getcsv($input, $delimiter = ",", $enclosure = '"', $escape = "\\") { $fp = fopen("php://memory", 'r+'); @@ -60,8 +60,6 @@ //get the http get values and set them as php variables $action = check_str($_POST["action"]); $from_row = check_str($_POST["from_row"]); - $order_by = check_str($_POST["order_by"]); - $order = check_str($_POST["order"]); $delimiter = check_str($_POST["data_delimiter"]); $enclosure = check_str($_POST["data_enclosure"]); @@ -74,7 +72,7 @@ //copy the csv file //$_POST['submit'] == "Upload" && - if ( is_uploaded_file($_FILES['ulfile']['tmp_name']) && permission_exists('user_imports')) { + if (is_uploaded_file($_FILES['ulfile']['tmp_name']) && permission_exists('user_imports')) { if (check_str($_POST['type']) == 'csv') { move_uploaded_file($_FILES['ulfile']['tmp_name'], $_SESSION['server']['temp']['dir'].'/'.$_FILES['ulfile']['name']); $save_msg = "Uploaded file to ".$_SESSION['server']['temp']['dir']."/". htmlentities($_FILES['ulfile']['name']); @@ -131,10 +129,7 @@ $schema[$i]['fields'][] = 'group_name'; //debug info - //echo "
\n";
-			//print_r($schema);
-			//echo "
\n"; - //exit; + //view_array($schema); } //match the column names to the field names @@ -252,9 +247,9 @@ //get the groups $sql = "select * from v_groups where domain_uuid is null "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $groups = $prep_statement->fetchAll(PDO::FETCH_ASSOC); + $database = new database; + $groups = $database->select($sql, null, 'all'); + unset($sql); //get the contents of the csv file and convert them into an array $handle = @fopen($_SESSION['file'], "r"); @@ -384,6 +379,7 @@ $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; $database->save($array); //$message = $database->message; + unset($array); } //send the redirect header diff --git a/core/users/users.php b/core/users/users.php index df1f31b09b..cc6c2b5ff0 100644 --- a/core/users/users.php +++ b/core/users/users.php @@ -48,24 +48,9 @@ $document['title'] = $text['title-user_manager']; //get variables used to control the order - $order_by = $_GET["order_by"]; + $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'u.username'; $order = $_GET["order"]; -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } - //set the variables $search = $_REQUEST["search"]; if (strlen($search) > 0) { @@ -75,28 +60,32 @@ //get the list of superadmins $superadmins = superadmin_list($db); -//get the user count from the database - $sql = "select count(*) from view_users as u where 1 = 1 "; +//common where clause + $sql_where = "where true "; if (!(permission_exists('user_all') && $_GET['show'] == 'all')) { - $sql .= "and u.domain_uuid = :domain_uuid \n"; + $sql_where .= "and u.domain_uuid = :domain_uuid "; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; } if (strlen($search) > 0) { - $sql .= "and (\n"; - $sql .= "lower(username) like :search \n"; - $sql .= "or lower(groups) like :search \n"; - $sql .= "or lower(contact_organization) like :search \n"; - $sql .= "or lower(contact_name_given) like :search \n"; - $sql .= "or lower(contact_name_family) like :search \n"; - $sql .= ")\n"; + $sql_where .= "and ( "; + $sql_where .= "lower(username) like :search "; + $sql_where .= "or lower(groups) like :search "; + $sql_where .= "or lower(contact_organization) like :search "; + $sql_where .= "or lower(contact_name_given) like :search "; + $sql_where .= "or lower(contact_name_family) like :search "; + $sql_where .= ") "; $parameters['search'] = '%'.$search.'%'; } + +//get the user count from the database + $sql = "select count(*) from view_users as u "; + $sql .= $sql_where; $database = new database; $num_rows = $database->select($sql, $parameters, 'column'); - unset ($parameters, $sql); + unset($sql); //prepare for paging - $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; + $rows_per_page = is_numeric($_SESSION['domain']['paging']['numeric']) ? $_SESSION['domain']['paging']['numeric'] : 50; $param = "search=".escape($search); if (permission_exists('user_all') && $_GET['show'] == 'all') { $param .= "&show=all"; @@ -107,35 +96,14 @@ $offset = $rows_per_page * $page; //get the users from the database - $sql = "select u.domain_uuid, u.user_uuid, u.contact_uuid, u.domain_name, u.username, u.user_enabled, u.contact_organization, u.contact_name_given, u.contact_name_family, u.groups \n"; - $sql .= "from view_users as u \n"; - $sql .= "where 1 = 1 \n"; - if (!(permission_exists('user_all') && $_GET['show'] == 'all')) { - $sql .= "and u.domain_uuid = :domain_uuid \n"; - $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - } - if (strlen($search) > 0) { - $sql .= "and (\n"; - $sql .= "lower(username) like :search \n"; - $sql .= "or lower(groups) like :search \n"; - $sql .= "or lower(contact_organization) like :search \n"; - $sql .= "or lower(contact_name_given) like :search \n"; - $sql .= "or lower(contact_name_family) like :search \n"; - $sql .= ")\n"; - $parameters['search'] = '%'.$search.'%'; - } - if (strlen($order_by)> 0) { - $sql .= "order by ".$order_by." ".$order." \n"; - } - else { - $sql .= "order by u.username asc \n"; - } - $sql .= "limit :rows_per_page offset :offset "; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; + $sql = "select u.domain_uuid, u.user_uuid, u.contact_uuid, u.domain_name, u.username, u.user_enabled, u.contact_organization, u.contact_name_given, u.contact_name_family, u.groups "; + $sql .= "from view_users as u "; + $sql .= $sql_where; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); $database = new database; $users = $database->select($sql, $parameters, 'all'); - unset ($parameters, $sql); + unset($sql, $sql_where, $parameters); //page title and description echo "
\n"; - echo " ".$text['label-'.$row['user_setting_enabled']]."\n"; + echo " ".$text['label-'.$row['user_setting_enabled']]."\n"; echo " ".escape($row['user_setting_description'])." "; diff --git a/core/users/user_delete.php b/core/users/user_delete.php index d4a5ac4e80..97b8fc5f2b 100644 --- a/core/users/user_delete.php +++ b/core/users/user_delete.php @@ -43,21 +43,18 @@ $text = $language->get(); //get the id - $user_uuid = check_str($_GET["id"]); + $user_uuid = $_GET["id"]; //validate the uuid if (is_uuid($user_uuid)) { //get the user's domain from v_users if (permission_exists('user_domain')) { $sql = "select domain_uuid from v_users "; - $sql .= "where user_uuid = '".$user_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { - $domain_uuid = $row["domain_uuid"]; - } - unset ($prep_statement); + $sql .= "where user_uuid = :user_uuid "; + $parameters['user_uuid'] = $user_uuid; + $database = new database; + $domain_uuid = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); } else { $domain_uuid = $_SESSION['domain_uuid']; @@ -74,35 +71,37 @@ } //delete the user settings - $sql = "delete from v_user_settings "; - $sql .= "where user_uuid = '".$user_uuid."' "; - $sql .= "and domain_uuid = '".$domain_uuid."' "; - if (!$db->exec($sql)) { - $info = $db->errorInfo(); - print_r($info); - } + $array['user_settings'][0]['user_uuid'] = $user_uuid; + $array['user_settings'][0]['domain_uuid'] = $domain_uuid; //delete the groups the user is assigned to - $sql = "delete from v_user_groups "; - $sql .= "where user_uuid = '".$user_uuid."' "; - $sql .= "and domain_uuid = '".$domain_uuid."' "; - if (!$db->exec($sql)) { - $info = $db->errorInfo(); - print_r($info); - } + $array['user_groups'][0]['user_uuid'] = $user_uuid; + $array['user_groups'][0]['domain_uuid'] = $domain_uuid; //delete the user - $sql = "delete from v_users "; - $sql .= "where user_uuid = '".$user_uuid."' "; - $sql .= "and domain_uuid = '".$domain_uuid."' "; - if (!$db->exec($sql)) { - $info = $db->errorInfo(); - print_r($info); - } + $array['users'][0]['user_uuid'] = $user_uuid; + $array['users'][0]['domain_uuid'] = $domain_uuid; + + //execute + $p = new permissions; + $p->add('user_setting_delete', 'temp'); + $p->add('user_group_delete', 'temp'); + + $database = new database; + $database->app_name = 'users'; + $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207'; + $database->delete($array); + unset($array); + + $p->delete('user_setting_delete', 'temp'); + $p->delete('user_group_delete', 'temp'); + + //set message + message::add($text['message-delete']); } //redirect the user - message::add($text['message-delete']); header("Location: users.php"); + exit; ?> diff --git a/core/users/user_edit.php b/core/users/user_edit.php index 6db4f6bf7d..af34ddd559 100644 --- a/core/users/user_edit.php +++ b/core/users/user_edit.php @@ -35,16 +35,17 @@ $text = $language->get(); //get user uuid - if ((is_uuid($_REQUEST["id"]) && permission_exists('user_edit')) || - (is_uuid($_REQUEST["id"]) && $_REQUEST["id"] == $_SESSION['user_uuid'])) { + if (is_uuid($_REQUEST["id"]) && (permission_exists('user_edit') || $_REQUEST["id"] == $_SESSION['user_uuid'])) { $user_uuid = $_REQUEST["id"]; $action = 'edit'; } - elseif (permission_exists('user_add') && !isset($_REQUEST["id"])) { + else if (permission_exists('user_add') && !is_uuid($_REQUEST["id"])) { $user_uuid = uuid(); $action = 'add'; } else { + echo 'here'; + exit; // load users own account header("Location: user_edit.php?id=".$_SESSION['user_uuid']); exit; @@ -52,13 +53,15 @@ //get total user count from the database, check limit, if defined if (permission_exists('user_add') && $action == 'add' && $_SESSION['limit']['users']['numeric'] != '') { - $sql = "select count(user_uuid) as num_rows from v_users where domain_uuid = :domain_uuid "; + $sql = "select count(*) "; + $sql .= "from v_users "; + $sql .= "where domain_uuid = :domain_uuid "; $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; - $total_users = $database->execute($sql, $parameters, 'column'); - unset($parameters); + $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql, $parameters); - if ($total_users >= $_SESSION['limit']['users']['numeric']) { + if ($num_rows >= $_SESSION['limit']['users']['numeric']) { message::add($text['message-maximum_users'].' '.$_SESSION['limit']['users']['numeric'], 'negative'); header('Location: users.php'); exit; @@ -77,26 +80,28 @@ } //delete the group from the user - if ($_GET["a"] == "delete" && permission_exists("user_delete")) { + if ($_GET["a"] == "delete" && is_uuid($_GET["group_uuid"]) && is_uuid($user_uuid) && permission_exists("user_delete")) { //set the variables $group_uuid = $_GET["group_uuid"]; //delete the group from the users - if (is_uuid($group_uuid) && is_uuid($user_uuid)) { - $sql = "delete from v_user_groups "; - $sql .= "where group_uuid = :group_uuid "; - $sql .= "and user_uuid = :user_uuid "; - $parameters['group_uuid'] = $group_uuid; - $parameters['user_uuid'] = $user_uuid; - $database = new database; - $database->execute($sql, $parameters); - unset($parameters); - } + $array['user_groups'][0]['group_uuid'] = $group_uuid; + $array['user_groups'][0]['user_uuid'] = $user_uuid; + + $p = new permissions; + $p->add('user_group_delete', 'temp'); + + $database = new database; + $database->app_name = 'users'; + $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207'; + $database->delete($array); + unset($array); + + $p->delete('user_group_delete', 'temp'); + //redirect the user message::add($text['message-update']); - if (is_uuid($user_uuid)) { - header("Location: user_edit.php?id=".$user_uuid); - } - return; + header("Location: user_edit.php?id=".$user_uuid); + exit; } //retrieve password requirements @@ -143,7 +148,7 @@ } if (permission_exists('user_edit') && $action == 'edit') { if ($username != $username_old && $username != '') { - $sql = "select count(*) as num_rows from v_users where username = :username "; + $sql = "select count(*) from v_users where username = :username "; if ($_SESSION["user"]["unique"]["text"] != "global") { $sql .= "and domain_uuid = :domain_uuid "; $parameters['domain_uuid'] = $domain_uuid; @@ -218,7 +223,7 @@ $parameters['user_uuid'] = $user_uuid; $database = new database; $row = $database->select($sql, $parameters, 'row'); - if ($row['user_setting_uuid'] == '' && $user_language != '') { + if (!is_uuid($row['user_setting_uuid']) && $user_language != '') { //add user setting to array for insert $array['user_settings'][$i]['user_setting_uuid'] = uuid(); $array['user_settings'][$i]['user_uuid'] = $user_uuid; @@ -232,14 +237,20 @@ } else { if ($row['user_setting_value'] == '' || $user_language == '') { - $sql = "delete from v_user_settings "; - $sql .= "where user_setting_category = 'domain' "; - $sql .= "and user_setting_subcategory = 'language' "; - $sql .= "and user_uuid = :user_uuid "; - $parameters['user_uuid'] = $user_uuid; + $array_delete['user_settings'][0]['user_setting_category'] = 'domain'; + $array_delete['user_settings'][0]['user_setting_subcategory'] = 'language'; + $array_delete['user_settings'][0]['user_uuid'] = $user_uuid; + + $p = new permissions; + $p->add('user_setting_delete', 'temp'); + $database = new database; - $database->execute($sql, $parameters); - unset($sql); + $database->app_name = 'users'; + $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207'; + $database->delete($array_delete); + unset($array_delete); + + $p->delete('user_setting_delete', 'temp'); } else { //add user setting to array for update @@ -278,13 +289,20 @@ } else { if ($row['user_setting_value'] == '' || $user_time_zone == '') { - $sql = "delete from v_user_settings "; - $sql .= "where user_setting_category = 'domain' "; - $sql .= "and user_setting_subcategory = 'time_zone' "; - $sql .= "and user_uuid = :user_uuid "; - $parameters['user_uuid'] = $user_uuid; + $array_delete['user_settings'][0]['user_setting_category'] = 'domain'; + $array_delete['user_settings'][0]['user_setting_subcategory'] = 'time_zone'; + $array_delete['user_settings'][0]['user_uuid'] = $user_uuid; + + $p = new permissions; + $p->add('user_setting_delete', 'temp'); + $database = new database; - $database->execute($sql, $parameters); + $database->app_name = 'users'; + $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207'; + $database->delete($array_delete); + unset($array_delete); + + $p->delete('user_setting_delete', 'temp'); } else { //add user setting to array for update @@ -324,14 +342,20 @@ } else { if ($row['user_setting_value'] == '' || $message_key == '') { - $sql = "delete from v_user_settings "; - $sql .= "where user_setting_category = 'message' "; - $sql .= "and user_setting_subcategory = 'key' "; - $sql .= "and user_uuid = :user_uuid "; - $parameters['user_uuid'] = $user_uuid; + $array_delete['user_settings'][0]['user_setting_category'] = 'message'; + $array_delete['user_settings'][0]['user_setting_subcategory'] = 'key'; + $array_delete['user_settings'][0]['user_uuid'] = $user_uuid; + + $p = new permissions; + $p->add('user_setting_delete', 'temp'); + $database = new database; - $database->execute($sql, $parameters); - unset($sql); + $database->app_name = 'users'; + $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207'; + $database->delete($array_delete); + unset($array_delete); + + $p->delete('user_setting_delete', 'temp'); } else { //add user setting to array for update @@ -583,7 +607,7 @@ } } } - unset($sql, $parameters); + unset($sql, $parameters, $result, $row); } } @@ -707,16 +731,19 @@ echo " \n"; //get all language codes from database $sql = "select * from v_languages order by language asc "; - $parameters = null; $database = new database; - $languages = $database->select($sql, $parameters, 'all'); - foreach ($languages as $row) { - $language_codes[$row["code"]] = $row["language"]; + $languages = $database->select($sql, null, 'all'); + if (is_array($languages) && sizeof($languages) != 0) { + foreach ($languages as $row) { + $language_codes[$row["code"]] = $row["language"]; + } } - unset($languages); - foreach ($_SESSION['app']['languages'] as $code) { - $selected = ($code == $user_settings['domain']['language']['code']) ? "selected='selected'" : null; - echo " \n"; + unset($sql, $languages, $row); + if (is_array($_SESSION['app']['languages']) && sizeof($_SESSION['app']['languages']) != 0) { + foreach ($_SESSION['app']['languages'] as $code) { + $selected = ($code == $user_settings['domain']['language']['code']) ? "selected='selected'" : null; + echo " \n"; + } } echo " \n"; echo "
\n"; @@ -881,7 +908,6 @@ $parameters['user_uuid'] = $user_uuid; $database = new database; $user_groups = $database->select($sql, $parameters, 'all'); - unset($parameters); if (is_array($user_groups)) { echo "\n"; foreach($user_groups as $field) { @@ -903,7 +929,7 @@ } echo "
\n"; } - unset($sql, $user_groups); + unset($sql, $parameters, $user_groups, $field); $sql = "select * from v_groups "; $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; @@ -914,7 +940,6 @@ $parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; $groups = $database->select($sql, $parameters, 'all'); - unset($parameters); if (is_array($groups)) { if (isset($assigned_groups)) { echo "
\n"; } echo "\n"; } } - unset($sql, $groups); + unset($sql, $parameters, $groups, $field); echo "
\n"; @@ -201,7 +169,7 @@ echo "\n"; echo "\n"; - if (is_array($users)) { + if (is_array($users) && sizeof($users) != 0) { foreach($users as $row) { if (if_superadmin($superadmins, $row['user_uuid']) && !if_group("superadmin")) { //hide @@ -253,11 +221,11 @@ } echo " \n"; echo "\n"; - if ($c==0) { $c=1; } else { $c=0; } + $c = $c == 0 ? 1 : 0; } - } //end foreach - unset($sql, $users); - } //end if results + } + unset($users, $row); + } echo "\n"; echo "
\n"; diff --git a/resources/functions.php b/resources/functions.php index 2e96aeb0e5..b7472b32dc 100644 --- a/resources/functions.php +++ b/resources/functions.php @@ -2125,7 +2125,7 @@ function number_pad($number,$n) { //validate and format order by clause of select statement if (!function_exists('order_by')) { function order_by($col, $dir) { - $col = preg_replace('#[^a-zA-Z0-9-_]#', '', $col); + $col = preg_replace('#[^a-zA-Z0-9-_.]#', '', $col); $dir = strtolower($dir) == 'desc' ? 'desc' : 'asc'; if ($col != '') { return ' order by '.$col.' '.$dir.' '; } }