dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Database class integration.

This commit is contained in:
Nate 2019-07-19 15:05:18 -06:00
parent f8bb021dd7
commit cf4bc6a64e
11 changed files with 592 additions and 614 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
core/notifications/notification_edit.php
View File

@ -41,18 +41,14 @@ else {
// retrieve software uuid // retrieve software uuid
$sql = "select software_uuid, software_url, software_version from v_software"; $sql = "select software_uuid, software_url, software_version from v_software";
$prep_statement = $db->prepare($sql); $database = new database;
if ($prep_statement) { $row = $database->select($sql, null, 'row');
$prep_statement->execute(); if (is_array($row) && sizeof($row) != 0) {
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$software_uuid = $row["software_uuid"]; $software_uuid = $row["software_uuid"];
$software_url = $row["software_url"]; $software_url = $row["software_url"];
$software_version = $row["software_version"]; $software_version = $row["software_version"];
break; // limit to 1 row
} }
} unset($sql, $row);
unset($sql, $prep_statement);
if (count($_REQUEST) > 0) { if (count($_REQUEST) > 0) {
@ -76,21 +72,13 @@ else {
// database name & version // database name & version
switch ($db_type) { switch ($db_type) {
case "pgsql" : $db_ver_query = "select version() as db_ver;"; break; case "pgsql" : $sql = "select version();"; break;
case "mysql" : $db_ver_query = "select version() as db_ver;"; break; case "mysql" : $sql = "select version();"; break;
case "sqlite" : $db_ver_query = "select sqlite_version() as db_ver;"; break; case "sqlite" : $sql = "select sqlite_version();"; break;
} }
$prep_statement = $db->prepare($db_ver_query); $database = new database;
if ($prep_statement) { $db_ver = $database->select($sql, null, 'column');
$prep_statement->execute(); unset($sql);
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$database_version = $row["db_ver"];
break; // limit to 1 row
}
}
unset($db_ver_query, $prep_statement);
$db_ver = $database_version;
// operating system name & version // operating system name & version
$os_platform = PHP_OS; $os_platform = PHP_OS;
@ -157,16 +145,9 @@ else {
// get local project notification participation flag // get local project notification participation flag
$sql = "select project_notifications from v_notifications"; $sql = "select project_notifications from v_notifications";
$prep_statement = $db->prepare($sql); $database = new database;
if ($prep_statement) { $current_project_notifications = $database->select($sql, null, 'row');
$prep_statement->execute(); unset($sql);
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$current_project_notifications = $row["project_notifications"];
break; // limit to 1 row
}
}
unset($sql, $prep_statement);
// check if remote record should be removed // check if remote record should be removed
if ($project_notifications == 'false') { if ($project_notifications == 'false') {
@ -191,7 +172,8 @@ else {
if ($response['result'] == 'deleted') { if ($response['result'] == 'deleted') {
// set local project notification participation flag to false // set local project notification participation flag to false
$sql = "update v_notifications set project_notifications = 'false'"; $sql = "update v_notifications set project_notifications = 'false'";
$db->exec(check_sql($sql)); $database = new database;
$database->execute($sql);
unset($sql); unset($sql);
} }
} }
@ -250,7 +232,8 @@ else {
if ($response['result'] == 'updated' || $response['result'] == 'inserted') { if ($response['result'] == 'updated' || $response['result'] == 'inserted') {
// set local project notification participation flag to true // set local project notification participation flag to true
$sql = "update v_notifications set project_notifications = 'true'"; $sql = "update v_notifications set project_notifications = 'true'";
$db->exec(check_sql($sql)); $database = new database;
$database->execute($sql);
unset($sql); unset($sql);
// set message // set message
if ( if (
@ -276,16 +259,12 @@ else {
// check local project notification participation flag // check local project notification participation flag
$sql = "select project_notifications from v_notifications"; $sql = "select project_notifications from v_notifications";
$prep_statement = $db->prepare($sql); $database = new database;
if ($prep_statement) { $row = $database->select($sql, null, 'row');
$prep_statement->execute(); if (is_array($row) && sizeof($row) != 0) {
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$setting["project_notifications"] = $row["project_notifications"]; $setting["project_notifications"] = $row["project_notifications"];
break; // limit to 1 row
} }
} unset($sql, $row);
unset($sql, $prep_statement);
// if participation enabled // if participation enabled
if ($setting["project_notifications"] == 'true') { if ($setting["project_notifications"] == 'true') {

9
core/upgrade/index.php
View File

@ -214,13 +214,14 @@
echo "<input type='checkbox' name='do[menu]' id='do_menu' value='1' onchange=\"$('#sel_menu').fadeToggle('fast');\">"; echo "<input type='checkbox' name='do[menu]' id='do_menu' value='1' onchange=\"$('#sel_menu').fadeToggle('fast');\">";
echo "<select name='sel_menu' id='sel_menu' class='formfld' style='display: none; vertical-align: middle; margin-left: 5px;'>"; echo "<select name='sel_menu' id='sel_menu' class='formfld' style='display: none; vertical-align: middle; margin-left: 5px;'>";
$sql = "select * from v_menus "; $sql = "select * from v_menus ";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
foreach ($result as &$row) { foreach ($result as &$row) {
echo "<option value='".$row["menu_uuid"]."|".$row["menu_language"]."'>".$row["menu_name"]."</option>"; echo "<option value='".$row["menu_uuid"]."|".$row["menu_language"]."'>".$row["menu_name"]."</option>";
} }
unset ($sql, $result, $prep_statement); }
unset ($sql, $result);
echo "</select>"; echo "</select>";
echo " &nbsp;".$text['description-upgrade_menu']; echo " &nbsp;".$text['description-upgrade_menu'];
echo " </td>\n"; echo " </td>\n";

203
core/user_settings/user_dashboard.php
View File

@ -54,7 +54,8 @@
$sql .= "default_setting_category = 'login' "; $sql .= "default_setting_category = 'login' ";
$sql .= "and default_setting_subcategory = 'message' "; $sql .= "and default_setting_subcategory = 'message' ";
$sql .= "and default_setting_name = 'text' "; $sql .= "and default_setting_name = 'text' ";
$db->exec(check_sql($sql)); $database = new database;
$database->execute($sql);
unset($sql); unset($sql);
} }
@ -127,10 +128,10 @@
$stats['domain']['devices']['total'] = 0; $stats['domain']['devices']['total'] = 0;
$stats['domain']['devices']['disabled'] = 0; $stats['domain']['devices']['disabled'] = 0;
$sql = "select domain_uuid, device_enabled from v_devices"; $sql = "select domain_uuid, device_enabled from v_devices";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['devices']['total'] = count($result); $stats['system']['devices']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['devices']['disabled'] += ($row['device_enabled'] != 'true') ? 1 : 0; $stats['system']['devices']['disabled'] += ($row['device_enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -138,7 +139,8 @@
$stats['domain']['devices']['disabled'] += ($row['device_enabled'] != 'true') ? 1 : 0; $stats['domain']['devices']['disabled'] += ($row['device_enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//extensions //extensions
@ -148,10 +150,10 @@
$stats['domain']['extensions']['total'] = 0; $stats['domain']['extensions']['total'] = 0;
$stats['domain']['extensions']['disabled'] = 0; $stats['domain']['extensions']['disabled'] = 0;
$sql = "select domain_uuid, enabled from v_extensions"; $sql = "select domain_uuid, enabled from v_extensions";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['extensions']['total'] = count($result); $stats['system']['extensions']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['extensions']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; $stats['system']['extensions']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -159,7 +161,8 @@
$stats['domain']['extensions']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; $stats['domain']['extensions']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//gateways //gateways
@ -169,10 +172,10 @@
$stats['domain']['gateways']['total'] = 0; $stats['domain']['gateways']['total'] = 0;
$stats['domain']['gateways']['disabled'] = 0; $stats['domain']['gateways']['disabled'] = 0;
$sql = "select domain_uuid, enabled from v_gateways"; $sql = "select domain_uuid, enabled from v_gateways";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['gateways']['total'] = count($result); $stats['system']['gateways']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['gateways']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; $stats['system']['gateways']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -180,7 +183,8 @@
$stats['domain']['gateways']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0; $stats['domain']['gateways']['disabled'] += ($row['enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//users //users
@ -190,10 +194,10 @@
$stats['domain']['users']['total'] = 0; $stats['domain']['users']['total'] = 0;
$stats['domain']['users']['disabled'] = 0; $stats['domain']['users']['disabled'] = 0;
$sql = "select domain_uuid, user_enabled from v_users"; $sql = "select domain_uuid, user_enabled from v_users";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['users']['total'] = count($result); $stats['system']['users']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['users']['disabled'] += ($row['user_enabled'] != 'true') ? 1 : 0; $stats['system']['users']['disabled'] += ($row['user_enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -201,7 +205,8 @@
$stats['domain']['users']['disabled'] += ($row['user_enabled'] != 'true') ? 1 : 0; $stats['domain']['users']['disabled'] += ($row['user_enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//destinations //destinations
@ -211,10 +216,10 @@
$stats['domain']['destinations']['total'] = 0; $stats['domain']['destinations']['total'] = 0;
$stats['domain']['destinations']['disabled'] = 0; $stats['domain']['destinations']['disabled'] = 0;
$sql = "select domain_uuid, destination_enabled from v_destinations"; $sql = "select domain_uuid, destination_enabled from v_destinations";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['destinations']['total'] = count($result); $stats['system']['destinations']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['destinations']['disabled'] += ($row['destination_enabled'] != 'true') ? 1 : 0; $stats['system']['destinations']['disabled'] += ($row['destination_enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -222,7 +227,8 @@
$stats['domain']['destinations']['disabled'] += ($row['destination_enabled'] != 'true') ? 1 : 0; $stats['domain']['destinations']['disabled'] += ($row['destination_enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//call center queues //call center queues
@ -232,10 +238,10 @@
$stats['domain']['call_center_queues']['total'] = 0; $stats['domain']['call_center_queues']['total'] = 0;
$stats['domain']['call_center_queues']['disabled'] = 0; $stats['domain']['call_center_queues']['disabled'] = 0;
$sql = "select domain_uuid from v_call_center_queues"; $sql = "select domain_uuid from v_call_center_queues";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['call_center_queues']['total'] = count($result); $stats['system']['call_center_queues']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
//$stats['system']['call_center_queues']['disabled'] += ($row['queue_enabled'] != 'true') ? 1 : 0; //$stats['system']['call_center_queues']['disabled'] += ($row['queue_enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -243,7 +249,8 @@
//$stats['domain']['call_center_queues']['disabled'] += ($row['queue_enabled'] != 'true') ? 1 : 0; //$stats['domain']['call_center_queues']['disabled'] += ($row['queue_enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//ivr menus //ivr menus
@ -253,10 +260,10 @@
$stats['domain']['ivr_menus']['total'] = 0; $stats['domain']['ivr_menus']['total'] = 0;
$stats['domain']['ivr_menus']['disabled'] = 0; $stats['domain']['ivr_menus']['disabled'] = 0;
$sql = "select domain_uuid, ivr_menu_enabled from v_ivr_menus"; $sql = "select domain_uuid, ivr_menu_enabled from v_ivr_menus";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['ivr_menus']['total'] = count($result); $stats['system']['ivr_menus']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['ivr_menus']['disabled'] += ($row['ivr_menu_enabled'] != 'true') ? 1 : 0; $stats['system']['ivr_menus']['disabled'] += ($row['ivr_menu_enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -264,7 +271,8 @@
$stats['domain']['ivr_menus']['disabled'] += ($row['ivr_menu_enabled'] != 'true') ? 1 : 0; $stats['domain']['ivr_menus']['disabled'] += ($row['ivr_menu_enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//ring groups //ring groups
@ -274,10 +282,10 @@
$stats['domain']['ring_groups']['total'] = 0; $stats['domain']['ring_groups']['total'] = 0;
$stats['domain']['ring_groups']['disabled'] = 0; $stats['domain']['ring_groups']['disabled'] = 0;
$sql = "select domain_uuid, ring_group_enabled from v_ring_groups"; $sql = "select domain_uuid, ring_group_enabled from v_ring_groups";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['ring_groups']['total'] = count($result); $stats['system']['ring_groups']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['ring_groups']['disabled'] += ($row['ring_group_enabled'] != 'true') ? 1 : 0; $stats['system']['ring_groups']['disabled'] += ($row['ring_group_enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -285,7 +293,8 @@
$stats['domain']['ring_groups']['disabled'] += ($row['ring_group_enabled'] != 'true') ? 1 : 0; $stats['domain']['ring_groups']['disabled'] += ($row['ring_group_enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//voicemails //voicemails
@ -295,10 +304,10 @@
$stats['domain']['voicemails']['total'] = 0; $stats['domain']['voicemails']['total'] = 0;
$stats['domain']['voicemails']['disabled'] = 0; $stats['domain']['voicemails']['disabled'] = 0;
$sql = "select domain_uuid, voicemail_enabled from v_voicemails"; $sql = "select domain_uuid, voicemail_enabled from v_voicemails";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['voicemails']['total'] = count($result); $stats['system']['voicemails']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['voicemails']['disabled'] += ($row['voicemail_enabled'] != 'true') ? 1 : 0; $stats['system']['voicemails']['disabled'] += ($row['voicemail_enabled'] != 'true') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -306,7 +315,8 @@
$stats['domain']['voicemails']['disabled'] += ($row['voicemail_enabled'] != 'true') ? 1 : 0; $stats['domain']['voicemails']['disabled'] += ($row['voicemail_enabled'] != 'true') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
//voicemail messages //voicemail messages
@ -316,10 +326,10 @@
$stats['domain']['messages']['total'] = 0; $stats['domain']['messages']['total'] = 0;
$stats['domain']['messages']['new'] = 0; $stats['domain']['messages']['new'] = 0;
$sql = "select domain_uuid, message_status from v_voicemail_messages"; $sql = "select domain_uuid, message_status from v_voicemail_messages";
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $result = $database->select($sql, null, 'all');
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
$stats['system']['messages']['total'] = count($result); $stats['system']['messages']['total'] = sizeof($result);
foreach ($result as $row) { foreach ($result as $row) {
$stats['system']['messages']['new'] += ($row['message_status'] != 'saved') ? 1 : 0; $stats['system']['messages']['new'] += ($row['message_status'] != 'saved') ? 1 : 0;
if ($row['domain_uuid'] == $_SESSION['domain_uuid']) { if ($row['domain_uuid'] == $_SESSION['domain_uuid']) {
@ -327,7 +337,8 @@
$stats['domain']['messages']['new'] += ($row['message_status'] != 'saved') ? 1 : 0; $stats['domain']['messages']['new'] += ($row['message_status'] != 'saved') ? 1 : 0;
} }
} }
unset ($sql, $prep_statement, $result); }
unset($sql, $result);
} }
} }
@ -410,6 +421,7 @@
foreach ($_SESSION['user']['extension'] as $assigned_extension) { foreach ($_SESSION['user']['extension'] as $assigned_extension) {
$assigned_extensions[$assigned_extension['extension_uuid']] = $assigned_extension['user']; $assigned_extensions[$assigned_extension['extension_uuid']] = $assigned_extension['user'];
} }
unset($assigned_extension);
//if also viewing system status, show more recent calls (more room avaialble) //if also viewing system status, show more recent calls (more room avaialble)
$missed_limit = (is_array($selected_blocks) && in_array('counts', $selected_blocks)) ? 10 : 5; $missed_limit = (is_array($selected_blocks) && in_array('counts', $selected_blocks)) ? 10 : 5;
@ -425,30 +437,34 @@
from from
v_xml_cdr v_xml_cdr
where where
domain_uuid = '".$_SESSION['domain_uuid']."' domain_uuid = :domain_uuid
and ( and (
direction = 'inbound' direction = 'inbound'
or direction = 'local' or direction = 'local'
) )
and (missed_call = true or bridge_uuid is null) and (missed_call = true or bridge_uuid is null) ";
and destination_number in ('".implode("','",$assigned_extensions)."') if (is_array($assigned_extensions) && sizeof($assigned_extensions) != 0) {
and (";
$x = 0; $x = 0;
foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) { foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) {
$sql .= "extension_uuid = '".$assigned_extension_uuid."' "; $sql_where_array[] = "extension_uuid = :assigned_extension_uuid_".$x;
$sql .= "or destination_number = '".$assigned_extension."' "; $sql_where_array[] = "destination_number = :destination_number_".$x;
if (++$x < sizeof($assigned_extensions)) { $sql .= "or "; } $parameters['assigned_extension_uuid_'.$x] = $assigned_extension_uuid;
$parameters['destination_number_'.$x] = $assigned_extension;
$x++;
}
if (is_array($sql_where_array) && sizeof($sql_where_array) != 0) {
$sql .= "and (".implode(' or ', $sql_where_array).") ";
}
unset($sql_where_array);
} }
$sql .= " $sql .= "
)
and start_epoch > ".(time() - 86400)." and start_epoch > ".(time() - 86400)."
order by order by
start_epoch desc"; start_epoch desc";
$prep_statement = $db->prepare(check_sql($sql)); $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$prep_statement->execute(); $database = new database;
$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); $result = $database->select($sql, $parameters, 'all');
$result_count = count($result); $num_rows = is_array($result) ? sizeof($result) : 0;
unset ($prep_statement, $sql);
$c = 0; $c = 0;
$row_style["0"] = "row_style0"; $row_style["0"] = "row_style0";
@ -456,20 +472,20 @@
$hud[$n]['html'] .= "<span class='hud_title' onclick=\"document.location.href='".PROJECT_PATH."/app/xml_cdr/xml_cdr.php?call_result=missed'\">".$text['label-missed_calls']."</span>"; $hud[$n]['html'] .= "<span class='hud_title' onclick=\"document.location.href='".PROJECT_PATH."/app/xml_cdr/xml_cdr.php?call_result=missed'\">".$text['label-missed_calls']."</span>";
$hud[$n]['html'] .= "<span class='hud_stat' onclick=\"$('#hud_'+".$n."+'_details').slideToggle('fast');\">".$result_count."</span>"; $hud[$n]['html'] .= "<span class='hud_stat' onclick=\"$('#hud_'+".$n."+'_details').slideToggle('fast');\">".$num_rows."</span>";
$hud[$n]['html'] .= "<span class='hud_stat_title' onclick=\"$('#hud_'+".$n."+'_details').slideToggle('fast');\">".$text['label-last_24_hours']."</span>\n"; $hud[$n]['html'] .= "<span class='hud_stat_title' onclick=\"$('#hud_'+".$n."+'_details').slideToggle('fast');\">".$text['label-last_24_hours']."</span>\n";
$hud[$n]['html'] .= "<div class='hud_details' id='hud_".$n."_details'>"; $hud[$n]['html'] .= "<div class='hud_details' id='hud_".$n."_details'>";
$hud[$n]['html'] .= "<table class='tr_hover' width='100%' cellpadding='0' cellspacing='0' border='0'>\n"; $hud[$n]['html'] .= "<table class='tr_hover' width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
$hud[$n]['html'] .= "<tr>\n"; $hud[$n]['html'] .= "<tr>\n";
if ($result_count > 0) { if ($num_rows > 0) {
$hud[$n]['html'] .= "<th class='hud_heading'>&nbsp;</th>\n"; $hud[$n]['html'] .= "<th class='hud_heading'>&nbsp;</th>\n";
} }
$hud[$n]['html'] .= "<th class='hud_heading' width='100%'>".$text['label-cid_number']."</th>\n"; $hud[$n]['html'] .= "<th class='hud_heading' width='100%'>".$text['label-cid_number']."</th>\n";
$hud[$n]['html'] .= "<th class='hud_heading'>".$text['label-missed']."</th>\n"; $hud[$n]['html'] .= "<th class='hud_heading'>".$text['label-missed']."</th>\n";
$hud[$n]['html'] .= "</tr>\n"; $hud[$n]['html'] .= "</tr>\n";
if ($result_count > 0) { if ($num_rows > 0) {
$theme_cdr_images_exist = ( $theme_cdr_images_exist = (
file_exists($theme_image_path."icon_cdr_inbound_voicemail.png") && file_exists($theme_image_path."icon_cdr_inbound_voicemail.png") &&
file_exists($theme_image_path."icon_cdr_inbound_cancelled.png") && file_exists($theme_image_path."icon_cdr_inbound_cancelled.png") &&
@ -512,8 +528,8 @@
$hud[$n]['html'] .= "</tr>\n"; $hud[$n]['html'] .= "</tr>\n";
$c = ($c) ? 0 : 1; $c = ($c) ? 0 : 1;
} }
unset($sql, $result, $row_count);
} }
unset($sql, $parameters, $result, $num_rows, $index, $row);
$hud[$n]['html'] .= "</table>\n"; $hud[$n]['html'] .= "</table>\n";
$hud[$n]['html'] .= "<span style='display: block; margin: 6px 0 7px 0;'><a href='".PROJECT_PATH."/app/xml_cdr/xml_cdr.php?call_result=missed'>".$text['label-view_all']."</a></span>\n"; $hud[$n]['html'] .= "<span style='display: block; margin: 6px 0 7px 0;'><a href='".PROJECT_PATH."/app/xml_cdr/xml_cdr.php?call_result=missed'>".$text['label-view_all']."</a></span>\n";
@ -544,26 +560,33 @@
from from
v_xml_cdr v_xml_cdr
where where
domain_uuid = '".$_SESSION['domain_uuid']."' domain_uuid = :domain_uuid ";
and ("; if (is_array($assigned_extensions) && sizeof($assigned_extensions) != 0) {
$x = 0; $x = 0;
foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) { foreach ($assigned_extensions as $assigned_extension_uuid => $assigned_extension) {
$sql .= "extension_uuid = '".$assigned_extension_uuid."' "; $sql_where_array[] = "extension_uuid = extension_uuid_".$x;
$sql .= "or caller_id_number = '".$assigned_extension."' "; $sql_where_array[] = "caller_id_number = caller_id_number_".$x;
$sql .= "or destination_number = '".$assigned_extension."' "; $sql_where_array[] = "destination_number = destination_number_1_".$x;
$sql .= "or destination_number = '*99".$assigned_extension."' "; $sql_where_array[] = "destination_number = destination_number_2_".$x;
if (++$x < sizeof($assigned_extensions)) { $sql .= "or "; } $parameters['extension_uuid_'.$x] = $assigned_extension_uuid;
$parameters['caller_id_number_'.$x] = $assigned_extension;
$parameters['destination_number_1_'.$x] = $assigned_extension;
$parameters['destination_number_2_'.$x] = '*99'.$assigned_extension;
$x++;
}
if (is_array($sql_where_array) && sizeof($sql_where_array) != 0) {
$sql .= "and (".implode(' or ', $sql_where_array).") ";
}
unset($sql_where_array);
} }
$sql .= " $sql .= "
)
and start_epoch > ".(time() - 86400)." and start_epoch > ".(time() - 86400)."
order by order by
start_epoch desc"; start_epoch desc";
$prep_statement = $db->prepare(check_sql($sql)); $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$prep_statement->execute(); $database = new database;
$result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); $result = $database->select($sql, $parameters, 'all');
$result_count = count($result); $num_rows = is_array($result) ? sizeof($result) : 0;
unset ($prep_statement, $sql);
$c = 0; $c = 0;
$row_style["0"] = "row_style0"; $row_style["0"] = "row_style0";
@ -571,20 +594,20 @@
$hud[$n]['html'] .= "<span class='hud_title' onclick=\"document.location.href='".PROJECT_PATH."/app/xml_cdr/xml_cdr.php';\">".$text['label-recent_calls']."</span>"; $hud[$n]['html'] .= "<span class='hud_title' onclick=\"document.location.href='".PROJECT_PATH."/app/xml_cdr/xml_cdr.php';\">".$text['label-recent_calls']."</span>";
$hud[$n]['html'] .= "<span class='hud_stat' onclick=\"$('#hud_'+".$n."+'_details').slideToggle('fast');\">".$result_count."</span>"; $hud[$n]['html'] .= "<span class='hud_stat' onclick=\"$('#hud_'+".$n."+'_details').slideToggle('fast');\">".$num_rows."</span>";
$hud[$n]['html'] .= "<span class='hud_stat_title' onclick=\"$('#hud_'+".$n."+'_details').slideToggle('fast');\">".$text['label-last_24_hours']."</span>\n"; $hud[$n]['html'] .= "<span class='hud_stat_title' onclick=\"$('#hud_'+".$n."+'_details').slideToggle('fast');\">".$text['label-last_24_hours']."</span>\n";
$hud[$n]['html'] .= "<div class='hud_details' id='hud_".$n."_details'>"; $hud[$n]['html'] .= "<div class='hud_details' id='hud_".$n."_details'>";
$hud[$n]['html'] .= "<table class='tr_hover' width='100%' cellpadding='0' cellspacing='0' border='0'>\n"; $hud[$n]['html'] .= "<table class='tr_hover' width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
$hud[$n]['html'] .= "<tr>\n"; $hud[$n]['html'] .= "<tr>\n";
if ($result_count > 0) { if ($num_rows > 0) {
$hud[$n]['html'] .= "<th class='hud_heading'>&nbsp;</th>\n"; $hud[$n]['html'] .= "<th class='hud_heading'>&nbsp;</th>\n";
} }
$hud[$n]['html'] .= "<th class='hud_heading' width='100%'>".$text['label-cid_number']."</th>\n"; $hud[$n]['html'] .= "<th class='hud_heading' width='100%'>".$text['label-cid_number']."</th>\n";
$hud[$n]['html'] .= "<th class='hud_heading'>".$text['label-date_time']."</th>\n"; $hud[$n]['html'] .= "<th class='hud_heading'>".$text['label-date_time']."</th>\n";
$hud[$n]['html'] .= "</tr>\n"; $hud[$n]['html'] .= "</tr>\n";
if ($result_count > 0) { if ($num_rows > 0) {
$theme_cdr_images_exist = ( $theme_cdr_images_exist = (
file_exists($theme_image_path."icon_cdr_inbound_answered.png") && file_exists($theme_image_path."icon_cdr_inbound_answered.png") &&
file_exists($theme_image_path."icon_cdr_inbound_voicemail.png") && file_exists($theme_image_path."icon_cdr_inbound_voicemail.png") &&
@ -659,8 +682,8 @@
unset($cdr_name, $cdr_number); unset($cdr_name, $cdr_number);
$c = ($c) ? 0 : 1; $c = ($c) ? 0 : 1;
} }
unset($sql, $result, $row_count);
} }
unset($sql, $parameters, $result, $num_rows, $index, $row);
$hud[$n]['html'] .= "</table>\n"; $hud[$n]['html'] .= "</table>\n";
$hud[$n]['html'] .= "<span style='display: block; margin: 6px 0 7px 0;'><a href='".PROJECT_PATH."/app/xml_cdr/xml_cdr.php'>".$text['label-view_all']."</a></span>\n"; $hud[$n]['html'] .= "<span style='display: block; margin: 6px 0 7px 0;'><a href='".PROJECT_PATH."/app/xml_cdr/xml_cdr.php'>".$text['label-view_all']."</a></span>\n";
@ -1076,7 +1099,7 @@
//db connections //db connections
switch ($db_type) { switch ($db_type) {
case 'pgsql': case 'pgsql':
$sql = "select count(*) as connections from pg_stat_activity"; $sql = "select count(*) from pg_stat_activity";
break; break;
case 'mysql': case 'mysql':
$sql = "show status where `variable_name` = 'Threads_connected'"; $sql = "show status where `variable_name` = 'Threads_connected'";
@ -1090,11 +1113,9 @@
} }
} }
if ($sql != '') { if ($sql != '') {
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $connections = $database->select($sql, null, 'column');
$result = $prep_statement->fetch(PDO::FETCH_NAMED); unset($sql);
$connections = $result['connections'];
unset ($sql, $prep_statement, $result);
} }
if ($connections != '') { if ($connections != '') {
$hud[$n]['html'] .= "<tr class='tr_link_void'>\n"; $hud[$n]['html'] .= "<tr class='tr_link_void'>\n";

28
core/user_settings/user_setting_delete.php
View File

@ -44,26 +44,32 @@
//delete user settings //delete user settings
$user_setting_uuids = $_REQUEST["id"]; $user_setting_uuids = $_REQUEST["id"];
$user_uuid = check_str($_REQUEST["user_uuid"]); $user_uuid = $_REQUEST["user_uuid"];
if (sizeof($user_setting_uuids) > 0) { if (is_uuid($user_uuid) && is_array($user_setting_uuids) && sizeof($user_setting_uuids) != 0) {
foreach ($user_setting_uuids as $user_setting_uuid) { foreach ($user_setting_uuids as $index => $user_setting_uuid) {
$sql = "delete from v_user_settings "; if (is_uuid($user_setting_uuid)) {
$sql .= "where user_uuid = '".$user_uuid."' "; $array['user_settings'][$index]['user_setting_uuid'] = $user_setting_uuid;
$sql .= "and user_setting_uuid = '".$user_setting_uuid."' "; $array['user_settings'][$index]['user_uuid'] = $user_uuid;
$prep_statement = $db->prepare(check_sql($sql)); }
$prep_statement->execute(); }
unset ($prep_statement, $sql); if (is_array($array) && sizeof($array) != 0) {
$database = new database;
$database->app_name = 'user_settings';
$database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97';
$database->delete($array);
$user_settings_deleted = sizeof($array['user_settings']);
unset($array);
} }
// set message // set message
$_SESSION["message"] = $text['message-delete'].": ".sizeof($user_setting_uuids); message::add($text['message-delete'].": ".$user_settings_deleted);
} }
else { else {
// set message // set message
message::add($text['message-delete_failed'], 'negative'); message::add($text['message-delete_failed'], 'negative');
} }
header("Location: /core/users/user_edit.php?id=".check_str($_REQUEST["user_uuid"])); header("Location: /core/users/user_edit.php?id=".$user_uuid);
exit; exit;
?> ?>

328
core/user_settings/user_setting_edit.php
View File

@ -62,35 +62,35 @@
} }
//action add or update //action add or update
if (isset($_REQUEST["id"])) { if (is_uuid($_REQUEST["id"])) {
$action = "update"; $action = "update";
$user_setting_uuid = check_str($_REQUEST["id"]); $user_setting_uuid = $_REQUEST["id"];
} }
else { else {
$action = "add"; $action = "add";
} }
//set the user_uuid //set the user_uuid
if (strlen($_GET["user_uuid"]) > 0) { if (is_uuid($_GET["user_uuid"])) {
$user_uuid = check_str($_GET["user_uuid"]); $user_uuid = $_GET["user_uuid"];
} }
//get http post variables and set them to php variables //get http post variables and set them to php variables
if (count($_REQUEST) > 0) { if (count($_REQUEST) > 0) {
$user_setting_category = strtolower(check_str($_REQUEST["user_setting_category"])); $user_setting_category = strtolower($_REQUEST["user_setting_category"]);
$user_setting_subcategory = strtolower(check_str($_POST["user_setting_subcategory"])); $user_setting_subcategory = strtolower($_POST["user_setting_subcategory"]);
$user_setting_name = strtolower(check_str($_POST["user_setting_name"])); $user_setting_name = strtolower($_POST["user_setting_name"]);
$user_setting_value = check_str($_POST["user_setting_value"]); $user_setting_value = $_POST["user_setting_value"];
$user_setting_order = check_str($_POST["user_setting_order"]); $user_setting_order = $_POST["user_setting_order"];
$user_setting_enabled = strtolower(check_str($_POST["user_setting_enabled"])); $user_setting_enabled = strtolower($_POST["user_setting_enabled"]);
$user_setting_description = check_str($_POST["user_setting_description"]); $user_setting_description = $_POST["user_setting_description"];
} }
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
$msg = ''; $msg = '';
if ($action == "update") { if ($action == "update") {
$user_setting_uuid = check_str($_POST["user_setting_uuid"]); $user_setting_uuid = $_POST["user_setting_uuid"];
} }
//check for all required/authorized data //check for all required/authorized data
@ -122,144 +122,123 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
//update switch timezone variables //update switch timezone variables
if ($user_setting_category == "domain" && $user_setting_subcategory == "time_zone" && $user_setting_name == "name" ) { if ($user_setting_category == "domain" && $user_setting_subcategory == "time_zone" && $user_setting_name == "name" ) {
//get the dialplan_uuid //get the dialplan_uuid
$sql = "select * from v_dialplans "; $sql = "select dialplan_uuid from v_dialplans ";
$sql .= "where domain_uuid = '".$domain_uuid."' "; $sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and app_uuid = '9f356fe7-8cf8-4c14-8fe2-6daf89304458' "; $sql .= "and app_uuid = '9f356fe7-8cf8-4c14-8fe2-6daf89304458' ";
$prep_statement = $db->prepare(check_sql($sql)); $parameters['domain_uuid'] = $domain_uuid;
$prep_statement->execute(); $database = new database;
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $dialplan_uuid = $database->select($sql, $parameters, 'column');
foreach ($result as $row) { unset($sql, $parameters);
$dialplan_uuid = $row["dialplan_uuid"];
}
unset ($prep_statement);
//get the action //get the action
$sql = "select * from v_dialplan_details "; $sql = "select dialplan_detail_uuid from v_dialplan_details ";
$sql .= "where domain_uuid = '".$domain_uuid."' "; $sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and dialplan_uuid = '".$dialplan_uuid."' "; $sql .= "and dialplan_uuid = :dialplan_uuid ";
$sql .= "and dialplan_detail_tag = 'action' "; $sql .= "and dialplan_detail_tag = 'action' ";
$sql .= "and dialplan_detail_type = 'set' "; $sql .= "and dialplan_detail_type = 'set' ";
$sql .= "and dialplan_detail_data like 'timezone=%' "; $sql .= "and dialplan_detail_data like 'timezone=%' ";
$prep_statement = $db->prepare(check_sql($sql)); $parameters['domain_uuid'] = $domain_uuid;
$prep_statement->execute(); $parameters['dialplan_uuid'] = $dialplan_uuid;
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $database = new database;
$detail_action = "add"; $dialplan_detail_uuid = $database->select($sql, $parameters, 'column');
foreach ($result as $row) { if (is_uuid($dialplan_detail_uuid)) {
$dialplan_detail_uuid = $row["dialplan_detail_uuid"];
$detail_action = "update"; $detail_action = "update";
} }
unset ($prep_statement); unset($sql, $parameters);
//update the timezone //update the timezone
if ($detail_action == "update") { if ($detail_action == "update") {
$sql = "update v_dialplan_details "; $p = new permissions;
$sql .= "set dialplan_detail_data = 'timezone=".$user_setting_value."' "; $p->add('dialplan_detail_edit', 'temp');
$sql .= "where dialplan_detail_uuid = '".$dialplan_detail_uuid."' ";
$array['dialplan_details'][0]['dialplan_detail_uuid'] = $dialplan_detail_uuid;
$array['dialplan_details'][0]['dialplan_detail_data'] = 'timezone='.$user_setting_value;
} }
else { else {
$dialplan_detail_uuid = uuid(); $p = new permissions;
$dialplan_detail_group = 0; $p->add('dialplan_detail_add', 'temp');
$sql = "insert into v_dialplan_details ";
$sql .= "("; $array['dialplan_details'][0]['domain_uuid'] = $domain_uuid;
$sql .= "domain_uuid, "; $array['dialplan_details'][0]['dialplan_detail_uuid'] = uuid();
$sql .= "dialplan_detail_uuid, "; $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid;
$sql .= "dialplan_uuid, "; $array['dialplan_details'][0]['dialplan_detail_tag'] = 'action';
$sql .= "dialplan_detail_tag, "; $array['dialplan_details'][0]['dialplan_detail_type'] = 'set';
$sql .= "dialplan_detail_type, "; $array['dialplan_details'][0]['dialplan_detail_data'] = 'timezone='.$user_setting_value;
$sql .= "dialplan_detail_data, "; $array['dialplan_details'][0]['dialplan_detail_inline'] = 'true';
$sql .= "dialplan_detail_inline, "; $array['dialplan_details'][0]['dialplan_detail_group'] = 0;
$sql .= "dialplan_detail_group "; }
$sql .= ") "; if (is_array($array) && sizeof($array) != 0) {
$sql .= "values "; $database = new database;
$sql .= "("; $database->app_name = 'user_settings';
$sql .= "'".$domain_uuid."', "; $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97';
$sql .= "'".$dialplan_detail_uuid."', "; $database->save($array);
$sql .= "'".$dialplan_uuid."', "; unset($array);
$sql .= "'action', ";
$sql .= "'set', "; $p->delete('dialplan_detail_edit', 'temp');
$sql .= "'timezone=".$user_setting_value."', "; $p->delete('dialplan_detail_add', 'temp');
$sql .= "'true', ";
$sql .= "'".$dialplan_detail_group."' ";
$sql .= "); ";
} }
$db->query($sql);
unset($sql);
} }
//add the user setting //add the user setting
if ($action == "add" && permission_exists('user_setting_add')) { if ($action == "add" && permission_exists('user_setting_add')) {
$sql = "insert into v_user_settings "; $array['user_settings'][0]['user_setting_uuid'] = uuid();
$sql .= "("; }
$sql .= "user_uuid, ";
$sql .= "domain_uuid, ";
$sql .= "user_setting_uuid, ";
$sql .= "user_setting_category, ";
$sql .= "user_setting_subcategory, ";
$sql .= "user_setting_name, ";
$sql .= "user_setting_value, ";
$sql .= "user_setting_order, ";
$sql .= "user_setting_enabled, ";
$sql .= "user_setting_description ";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'$user_uuid', ";
$sql .= "'$domain_uuid', ";
$sql .= "'".uuid()."', ";
$sql .= "'$user_setting_category', ";
$sql .= "'$user_setting_subcategory', ";
$sql .= "'$user_setting_name', ";
$sql .= "'$user_setting_value', ";
$sql .= "$user_setting_order, ";
$sql .= "'$user_setting_enabled', ";
$sql .= "'$user_setting_description' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
} //if ($action == "add")
//update the user setting //update the user setting
if ($action == "update" && permission_exists('user_setting_edit')) { if ($action == "update" && permission_exists('user_setting_edit')) {
$sql = "update v_user_settings set "; $array['user_settings'][0]['user_setting_uuid'] = $user_setting_uuid;
$sql .= "user_setting_category = '$user_setting_category', "; }
$sql .= "user_setting_subcategory = '$user_setting_subcategory', ";
$sql .= "user_setting_name = '$user_setting_name', "; //execute add or update
$sql .= "user_setting_value = '$user_setting_value', "; if (is_array($array) && sizeof($array) != 0) {
$sql .= "user_setting_order = $user_setting_order, "; $array['user_settings'][0]['user_uuid'] = $user_uuid;
$sql .= "user_setting_enabled = '$user_setting_enabled', "; $array['user_settings'][0]['domain_uuid'] = $domain_uuid;
$sql .= "user_setting_description = '$user_setting_description' "; $array['user_settings'][0]['user_setting_category'] = $user_setting_category;
$sql .= "where user_uuid = '$user_uuid' "; $array['user_settings'][0]['user_setting_subcategory'] = $user_setting_subcategory;
$sql .= "and user_setting_uuid = '$user_setting_uuid'"; $array['user_settings'][0]['user_setting_name'] = $user_setting_name;
$db->exec(check_sql($sql)); $array['user_settings'][0]['user_setting_value'] = $user_setting_value;
unset($sql); $array['user_settings'][0]['user_setting_order'] = $user_setting_order;
} //if ($action == "update") $array['user_settings'][0]['user_setting_enabled'] = $user_setting_enabled;
$array['user_settings'][0]['user_setting_description'] = $user_setting_description;
$database = new database;
$database->app_name = 'user_settings';
$database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97';
$database->save($array);
unset($array);
}
//update time zone //update time zone
if ($user_setting_category == "domain" && $user_setting_subcategory == "time_zone" && $user_setting_name == "name" && strlen($user_setting_value) > 0 ) { if ($user_setting_category == "domain" && $user_setting_subcategory == "time_zone" && $user_setting_name == "name" && strlen($user_setting_value) > 0 ) {
$sql = "select * from v_dialplans "; $sql = "select * from v_dialplans ";
$sql .= "where app_uuid = '34dd307b-fffe-4ead-990c-3d070e288126' "; $sql .= "where app_uuid = '34dd307b-fffe-4ead-990c-3d070e288126' ";
$sql .= "and domain_uuid = '".$_SESSION["domain_uuid"]."' "; $sql .= "and domain_uuid = :domain_uuid ";
$prep_statement = $db->prepare(check_sql($sql)); $parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$prep_statement->execute(); $database = new database;
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $result = $database->select($sql, $parameters, 'all');
unset($sql, $parameters);
$time_zone_found = false; $time_zone_found = false;
if (is_array($result) && sizeof($result) != 0) {
foreach ($result as &$row) { foreach ($result as &$row) {
//get the dialplan_uuid //get the dialplan_uuid
$dialplan_uuid = $row["dialplan_uuid"]; $dialplan_uuid = $row["dialplan_uuid"];
//get the dialplan details //get the dialplan details
$sql = "select * from v_dialplan_details "; $sql = "select * from v_dialplan_details ";
$sql .= "where dialplan_uuid = '".$dialplan_uuid."' "; $sql .= "where dialplan_uuid = :dialplan_uuid ";
$sql .= "and domain_uuid = '".$_SESSION["domain_uuid"]."' "; $sql .= "and domain_uuid = :domain_uuid ";
$sub_prep_statement = $db->prepare(check_sql($sql)); $parameters['dialplan_uuid'] = $dialplan_uuid;
$sub_prep_statement->execute(); $parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED); $database = new database;
foreach ($sub_result as $field) { $sub_result = $database->select($sql, $parameters, 'all');
$dialplan_detail_uuid = $field["dialplan_detail_uuid"]; if (is_array($sub_result) && sizeof($sub_result) != 0) {
$dialplan_detail_tag = $field["dialplan_detail_tag"]; //action //condition foreach ($sub_result as $sub_row) {
$dialplan_detail_type = $field["dialplan_detail_type"]; //set $dialplan_detail_uuid = $sub_row["dialplan_detail_uuid"];
$dialplan_detail_data = $field["dialplan_detail_data"]; $dialplan_detail_tag = $sub_row["dialplan_detail_tag"]; //action //condition
$dialplan_detail_group = $field["dialplan_detail_group"]; $dialplan_detail_type = $sub_row["dialplan_detail_type"]; //set
$dialplan_detail_data = $sub_row["dialplan_detail_data"];
$dialplan_detail_group = $sub_row["dialplan_detail_group"];
if ($dialplan_detail_tag == "action" && $dialplan_detail_type == "set") { if ($dialplan_detail_tag == "action" && $dialplan_detail_type == "set") {
$data_array = explode("=", $dialplan_detail_data); $data_array = explode("=", $dialplan_detail_data);
if ($data_array[0] == "timezone") { if ($data_array[0] == "timezone") {
@ -268,51 +247,51 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
} }
} }
} }
}
unset($sql, $parameters, $sub_result, $sub_row);
//add the time zone //add the time zone
if (!$time_zone_found) { if (!$time_zone_found) {
//$dialplan_detail_uuid = uuid();
$dialplan_detail_uuid = "eb3b3a4e-88ea-4306-b2a8-9f52d3c95f2f"; $dialplan_detail_uuid = "eb3b3a4e-88ea-4306-b2a8-9f52d3c95f2f";
$sql = "insert into v_dialplan_details "; $array['dialplan_details'][0]['domain_uuid'] = $_SESSION["domain_uuid"];
$sql .= "("; $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid;
$sql .= "domain_uuid, "; $array['dialplan_details'][0]['dialplan_detail_uuid'] = $dialplan_detail_uuid;
$sql .= "dialplan_uuid, "; $array['dialplan_details'][0]['dialplan_detail_tag'] = 'action';
$sql .= "dialplan_detail_uuid, "; $array['dialplan_details'][0]['dialplan_detail_type'] = 'set';
$sql .= "dialplan_detail_tag, "; $array['dialplan_details'][0]['dialplan_detail_data'] = 'timezone='.$user_setting_value;
$sql .= "dialplan_detail_type, "; $array['dialplan_details'][0]['dialplan_detail_group'] = strlen($dialplan_detail_group) > 0 ? $dialplan_detail_group : 'null';
$sql .= "dialplan_detail_data, "; $array['dialplan_details'][0]['dialplan_detail_order'] = '15';
$sql .= "dialplan_detail_group, ";
$sql .= "dialplan_detail_order "; $p = new permissions;
$sql .= ") "; $p->add('dialplan_detail_add', 'temp');
$sql .= "values ";
$sql .= "("; $database = new database;
$sql .= "'".$_SESSION["domain_uuid"]."', "; //8cfd9525-6ccf-4c2c-813a-bca5809067cd $database->app_name = 'user_settings';
$sql .= "'$dialplan_uuid', "; //807b4aa6-4478-4663-a661-779397c1d542 $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97';
$sql .= "'$dialplan_detail_uuid', "; $database->save($array);
$sql .= "'action', "; unset($array);
$sql .= "'set', ";
$sql .= "'timezone=$user_setting_value', "; $p->delete('dialplan_detail_add', 'temp');
if (strlen($dialplan_detail_group) > 0) {
$sql .= "'$dialplan_detail_group', ";
}
else {
$sql .= "null, ";
}
$sql .= "'15' ";
$sql .= ")";
$db->exec(check_sql($sql));
unset($sql);
} }
//update the time zone //update the time zone
if ($time_zone_found) { if ($time_zone_found) {
$sql = "update v_dialplan_details set "; $array['dialplan_details'][0]['dialplan_detail_uuid'] = $dialplan_detail_uuid;
$sql .= "dialplan_detail_data = 'timezone=".$user_setting_value."' "; $array['dialplan_details'][0]['dialplan_detail_data'] = 'timezone='.$user_setting_value;
$sql .= "where domain_uuid = '".$_SESSION["domain_uuid"]."' "; $array['dialplan_details'][0]['domain_uuid'] = $_SESSION["domain_uuid"];
$sql .= "and dialplan_uuid = '$dialplan_uuid' "; $array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid;
$sql .= "and dialplan_detail_uuid = '$dialplan_detail_uuid' ";
$db->exec(check_sql($sql)); $p = new permissions;
unset($sql); $p->add('dialplan_detail_edit', 'temp');
$database = new database;
$database->app_name = 'user_settings';
$database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97';
$database->save($array);
unset($array);
$p->delete('dialplan_detail_edit', 'temp');
}
} }
} }
} }
@ -326,19 +305,20 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
} }
header("Location: /core/users/user_edit.php?id=".$user_uuid); header("Location: /core/users/user_edit.php?id=".$user_uuid);
return; return;
} //if ($_POST["persistformvar"] != "true") }
} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) }
//pre-populate the form //pre-populate the form
if (count($_GET)>0 && $_POST["persistformvar"] != "true") { if (is_uuid($_GET["id"]) && count($_GET)>0 && $_POST["persistformvar"] != "true") {
$user_setting_uuid = check_str($_GET["id"]); $user_setting_uuid = $_GET["id"];
$sql = "select * from v_user_settings "; $sql = "select * from v_user_settings ";
$sql .= "where user_uuid = '$user_uuid' "; $sql .= "where user_uuid = :user_uuid ";
$sql .= "and user_setting_uuid = '$user_setting_uuid' "; $sql .= "and user_setting_uuid = :user_setting_uuid ";
$prep_statement = $db->prepare(check_sql($sql)); $parameters['user_uuid'] = $user_uuid;
$prep_statement->execute(); $parameters['user_setting_uuid'] = $user_setting_uuid;
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $database = new database;
foreach ($result as &$row) { $row = $database->select($sql, $parameters, 'row');
if (is_array($row) && sizeof($row) != 0) {
$user_setting_category = $row["user_setting_category"]; $user_setting_category = $row["user_setting_category"];
$user_setting_subcategory = $row["user_setting_subcategory"]; $user_setting_subcategory = $row["user_setting_subcategory"];
$user_setting_name = $row["user_setting_name"]; $user_setting_name = $row["user_setting_name"];
@ -346,9 +326,8 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
$user_setting_order = $row["user_setting_order"]; $user_setting_order = $row["user_setting_order"];
$user_setting_enabled = $row["user_setting_enabled"]; $user_setting_enabled = $row["user_setting_enabled"];
$user_setting_description = $row["user_setting_description"]; $user_setting_description = $row["user_setting_description"];
break; //limit to 1 row
} }
unset ($prep_statement); unset($sql, $parameters, $row);
} }
//show the header //show the header
@ -449,18 +428,19 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
$sql = ""; $sql = "";
$sql .= "select * from v_menus "; $sql .= "select * from v_menus ";
$sql .= "order by menu_language, menu_name asc "; $sql .= "order by menu_language, menu_name asc ";
$sub_prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$sub_prep_statement->execute(); $result = $database->select($sql, null, 'all');
$sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED); if (is_array($result) && sizeof($result) != 0) {
foreach ($sub_result as $sub_row) { foreach ($result as $row) {
if (strtolower($row['user_setting_value']) == strtolower($sub_row["menu_uuid"])) { if (strtolower($row['user_setting_value']) == strtolower($row["menu_uuid"])) {
echo " <option value='".strtolower($sub_row["menu_uuid"])."' selected='selected'>".escape($sub_row["menu_language"])." - ".escape($sub_row["menu_name"])."\n"; echo " <option value='".strtolower($row["menu_uuid"])."' selected='selected'>".escape($row["menu_language"])." - ".escape($row["menu_name"])."\n";
} }
else { else {
echo " <option value='".strtolower($sub_row["menu_uuid"])."'>".escape($sub_row["menu_language"])." - ".escape($sub_row["menu_name"])."</option>\n"; echo " <option value='".strtolower($row["menu_uuid"])."'>".escape($row["menu_language"])." - ".escape($row["menu_name"])."</option>\n";
} }
} }
unset ($sub_prep_statement); }
unset($sql, $result, $row);
echo " </select>\n"; echo " </select>\n";
} }
elseif ($category == "domain" && $subcategory == "template" && $name == "name" ) { elseif ($category == "domain" && $subcategory == "template" && $name == "name" ) {

99
core/user_settings/user_settings.php
View File

@ -39,51 +39,58 @@
} }
//toggle setting enabled //toggle setting enabled
if (sizeof($_REQUEST) > 1) { if (
$user_uuid = check_str($_REQUEST["user_id"]); is_uuid($_REQUEST["user_id"]) &&
is_array($_REQUEST["id"]) &&
sizeof($_REQUEST["id"]) == 1 &&
($_REQUEST['enabled'] === 'true' || $_REQUEST['enabled'] === 'false')
) {
//get input
$user_setting_uuids = $_REQUEST["id"]; $user_setting_uuids = $_REQUEST["id"];
$enabled = check_str($_REQUEST['enabled']); $enabled = $_REQUEST['enabled'];
if ($user_uuid != '' && sizeof($user_setting_uuids) == 1 && $enabled != '') { //update setting
$sql = "update v_user_settings set "; $array['user_settings'][0]['user_setting_uuid'] = $user_setting_uuids[0];
$sql .= "user_setting_enabled = '".$enabled."' "; $array['user_settings'][0]['user_setting_enabled'] = $enabled;
$sql .= "where user_uuid = '".$user_uuid."' "; $database = new database;
$sql .= "and user_setting_uuid = '".$user_setting_uuids[0]."' "; $database->app_name = 'user_settings';
$db->exec(check_sql($sql)); $database->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97';
unset($sql); $database->save($array);
unset($array);
//redirect
message::add($text['message-update']); message::add($text['message-update']);
header("Location: /core/users/user_edit.php?id=".$user_uuid); header("Location: /core/users/user_edit.php?id=".$_REQUEST["user_id"]);
exit; exit;
} }
}
//include the paging //include the paging
require_once "resources/paging.php"; require_once "resources/paging.php";
//get the variables //get the variables
$order_by = check_str($_GET["order_by"]); $order_by = $_GET["order_by"];
$order = check_str($_GET["order"]); $order = $_GET["order"];
//show the content //show the content
echo "<form name='frm_settings' id='frm_settings' method='get' action='/core/user_settings/user_setting_delete.php'>"; echo "<form name='frm_settings' id='frm_settings' method='get' action='/core/user_settings/user_setting_delete.php'>";
echo "<input type='hidden' name='user_uuid' value='".$user_uuid."'>"; echo "<input type='hidden' name='user_uuid' value='".$user_uuid."'>";
//common sql where
$sql_where = "where user_uuid = :user_uuid ";
$sql_where .= "and not ( ";
$sql_where .= "(user_setting_category = 'domain' and user_setting_subcategory = 'language') ";
$sql_where .= "or (user_setting_category = 'domain' and user_setting_subcategory = 'time_zone') ";
$sql_where .= "or (user_setting_category = 'message' and user_setting_subcategory = 'key') ";
$sql_where .= ") ";
$parameters['user_uuid'] = $user_uuid;
//prepare to page the results //prepare to page the results
$sql = "select count(*) as num_rows from v_user_settings "; $sql = "select count(*) from v_user_settings ";
$sql .= "where user_uuid = '$user_uuid' "; $sql .= $sql_where;
$prep_statement = $db->prepare($sql); $database = new database;
if ($prep_statement) { $num_rows = $database->select($sql, $parameters, 'column');
$prep_statement->execute(); unset($sql);
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
if ($row['num_rows'] > 0) {
$num_rows = $row['num_rows'];
}
else {
$num_rows = '0';
}
unset ($prep_statement, $sql);
}
//prepare to page the results //prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 100; $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 100;
@ -95,23 +102,17 @@
//get the list //get the list
$sql = "select * from v_user_settings "; $sql = "select * from v_user_settings ";
$sql .= "where user_uuid = '$user_uuid' "; $sql .= $sql_where;
$sql .= "and not ( "; if ($order_by != '') {
$sql .= "(user_setting_category = 'domain' and user_setting_subcategory = 'language') ";
$sql .= "or (user_setting_category = 'domain' and user_setting_subcategory = 'time_zone') ";
$sql .= "or (user_setting_category = 'message' and user_setting_subcategory = 'key') ";
$sql .= ") ";
if (strlen($order_by) == 0) {
$sql .= "order by user_setting_category, user_setting_subcategory, user_setting_order asc "; $sql .= "order by user_setting_category, user_setting_subcategory, user_setting_order asc ";
} }
else { else {
$sql .= "order by $order_by $order "; $sql .= order_by($order_by, $order);
} }
$sql .= "limit $rows_per_page offset $offset "; $sql .= limit_offset($rows_per_page, $offset);
$prep_statement = $db->prepare(check_sql($sql)); $database = new database;
$prep_statement->execute(); $user_settings = $database->select($sql, $parameters, 'all');
$user_settings = $prep_statement->fetchAll(PDO::FETCH_NAMED); unset($sql, $sql_where, $parameters);
unset ($prep_statement, $sql);
$c = 0; $c = 0;
$row_style["0"] = "row_style0"; $row_style["0"] = "row_style0";
@ -120,7 +121,7 @@
//show the content //show the content
echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n"; echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
if (is_array($user_settings)) { if (is_array($user_settings) && sizeof($user_settings) != 0) {
$previous_category = ''; $previous_category = '';
foreach($user_settings as $row) { foreach($user_settings as $row) {
if ($previous_category != $row['user_setting_category']) { if ($previous_category != $row['user_setting_category']) {
@ -190,15 +191,17 @@
$name = $row['user_setting_name']; $name = $row['user_setting_name'];
if ($category == "domain" && $subcategory == "menu" && $name == "uuid" ) { if ($category == "domain" && $subcategory == "menu" && $name == "uuid" ) {
$sql = "select * from v_menus "; $sql = "select * from v_menus ";
$sql .= "where menu_uuid = '".$row['user_setting_value']."' "; $sql .= "where menu_uuid = :menu_uuid ";
$sub_prep_statement = $db->prepare(check_sql($sql)); $parameters['menu_uuid'] = $row['user_setting_value'];
$sub_prep_statement->execute(); $database = new database;
$sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED); $sub_result = $database->select($sql, $parameters, 'all');
unset ($prep_statement, $sql); if (is_array($sub_result) && sizeof($sub_result) != 0) {
foreach ($sub_result as &$sub_row) { foreach ($sub_result as &$sub_row) {
echo $sub_row["menu_language"]." - ".$sub_row["menu_name"]."\n"; echo $sub_row["menu_language"]." - ".$sub_row["menu_name"]."\n";
} }
} }
unset($sql, $parameters, $sub_result, $sub_row);
}
elseif ($category == "domain" && $subcategory == "template" && $name == "name" ) { elseif ($category == "domain" && $subcategory == "template" && $name == "name" ) {
echo " ".ucwords($row['user_setting_value']); echo " ".ucwords($row['user_setting_value']);
} }
@ -232,7 +235,7 @@
} }
echo " </td>\n"; echo " </td>\n";
echo " <td valign='top' class='".$row_style[$c]." tr_link_void' style='text-align: center;'>\n"; echo " <td valign='top' class='".$row_style[$c]." tr_link_void' style='text-align: center;'>\n";
echo " <a href='?user_id=".$row['user_uuid']."&id[]=".$row['user_setting_uuid']."&enabled=".(($row['user_setting_enabled'] == 'true') ? 'false' : 'true')."'>".$text['label-'.$row['user_setting_enabled']]."</a>\n"; echo " <a href='../user_settings/user_settings.php?user_id=".$row['user_uuid']."&id[]=".$row['user_setting_uuid']."&enabled=".(($row['user_setting_enabled'] == 'true') ? 'false' : 'true')."'>".$text['label-'.$row['user_setting_enabled']]."</a>\n";
echo " </td>\n"; echo " </td>\n";
echo " <td valign='top' class='row_stylebg'>".escape($row['user_setting_description'])."&nbsp;</td>\n"; echo " <td valign='top' class='row_stylebg'>".escape($row['user_setting_description'])."&nbsp;</td>\n";
echo " <td class='list_control_icons'>"; echo " <td class='list_control_icons'>";

61
core/users/user_delete.php
View File

@ -43,21 +43,18 @@
$text = $language->get(); $text = $language->get();
//get the id //get the id
$user_uuid = check_str($_GET["id"]); $user_uuid = $_GET["id"];
//validate the uuid //validate the uuid
if (is_uuid($user_uuid)) { if (is_uuid($user_uuid)) {
//get the user's domain from v_users //get the user's domain from v_users
if (permission_exists('user_domain')) { if (permission_exists('user_domain')) {
$sql = "select domain_uuid from v_users "; $sql = "select domain_uuid from v_users ";
$sql .= "where user_uuid = '".$user_uuid."' "; $sql .= "where user_uuid = :user_uuid ";
$prep_statement = $db->prepare(check_sql($sql)); $parameters['user_uuid'] = $user_uuid;
$prep_statement->execute(); $database = new database;
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $domain_uuid = $database->select($sql, $parameters, 'column');
foreach ($result as &$row) { unset($sql, $parameters);
$domain_uuid = $row["domain_uuid"];
}
unset ($prep_statement);
} }
else { else {
$domain_uuid = $_SESSION['domain_uuid']; $domain_uuid = $_SESSION['domain_uuid'];
@ -74,35 +71,37 @@
} }
//delete the user settings //delete the user settings
$sql = "delete from v_user_settings "; $array['user_settings'][0]['user_uuid'] = $user_uuid;
$sql .= "where user_uuid = '".$user_uuid."' "; $array['user_settings'][0]['domain_uuid'] = $domain_uuid;
$sql .= "and domain_uuid = '".$domain_uuid."' ";
if (!$db->exec($sql)) {
$info = $db->errorInfo();
print_r($info);
}
//delete the groups the user is assigned to //delete the groups the user is assigned to
$sql = "delete from v_user_groups "; $array['user_groups'][0]['user_uuid'] = $user_uuid;
$sql .= "where user_uuid = '".$user_uuid."' "; $array['user_groups'][0]['domain_uuid'] = $domain_uuid;
$sql .= "and domain_uuid = '".$domain_uuid."' ";
if (!$db->exec($sql)) {
$info = $db->errorInfo();
print_r($info);
}
//delete the user //delete the user
$sql = "delete from v_users "; $array['users'][0]['user_uuid'] = $user_uuid;
$sql .= "where user_uuid = '".$user_uuid."' "; $array['users'][0]['domain_uuid'] = $domain_uuid;
$sql .= "and domain_uuid = '".$domain_uuid."' ";
if (!$db->exec($sql)) { //execute
$info = $db->errorInfo(); $p = new permissions;
print_r($info); $p->add('user_setting_delete', 'temp');
} $p->add('user_group_delete', 'temp');
$database = new database;
$database->app_name = 'users';
$database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
$database->delete($array);
unset($array);
$p->delete('user_setting_delete', 'temp');
$p->delete('user_group_delete', 'temp');
//set message
message::add($text['message-delete']);
} }
//redirect the user //redirect the user
message::add($text['message-delete']);
header("Location: users.php"); header("Location: users.php");
exit;
?> ?>

125
core/users/user_edit.php
View File

@ -35,16 +35,17 @@
$text = $language->get(); $text = $language->get();
//get user uuid //get user uuid
if ((is_uuid($_REQUEST["id"]) && permission_exists('user_edit')) || if (is_uuid($_REQUEST["id"]) && (permission_exists('user_edit') || $_REQUEST["id"] == $_SESSION['user_uuid'])) {
(is_uuid($_REQUEST["id"]) && $_REQUEST["id"] == $_SESSION['user_uuid'])) {
$user_uuid = $_REQUEST["id"]; $user_uuid = $_REQUEST["id"];
$action = 'edit'; $action = 'edit';
} }
elseif (permission_exists('user_add') && !isset($_REQUEST["id"])) { else if (permission_exists('user_add') && !is_uuid($_REQUEST["id"])) {
$user_uuid = uuid(); $user_uuid = uuid();
$action = 'add'; $action = 'add';
} }
else { else {
echo 'here';
exit;
// load users own account // load users own account
header("Location: user_edit.php?id=".$_SESSION['user_uuid']); header("Location: user_edit.php?id=".$_SESSION['user_uuid']);
exit; exit;
@ -52,13 +53,15 @@
//get total user count from the database, check limit, if defined //get total user count from the database, check limit, if defined
if (permission_exists('user_add') && $action == 'add' && $_SESSION['limit']['users']['numeric'] != '') { if (permission_exists('user_add') && $action == 'add' && $_SESSION['limit']['users']['numeric'] != '') {
$sql = "select count(user_uuid) as num_rows from v_users where domain_uuid = :domain_uuid "; $sql = "select count(*) ";
$sql .= "from v_users ";
$sql .= "where domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database; $database = new database;
$total_users = $database->execute($sql, $parameters, 'column'); $num_rows = $database->select($sql, $parameters, 'column');
unset($parameters); unset($sql, $parameters);
if ($total_users >= $_SESSION['limit']['users']['numeric']) { if ($num_rows >= $_SESSION['limit']['users']['numeric']) {
message::add($text['message-maximum_users'].' '.$_SESSION['limit']['users']['numeric'], 'negative'); message::add($text['message-maximum_users'].' '.$_SESSION['limit']['users']['numeric'], 'negative');
header('Location: users.php'); header('Location: users.php');
exit; exit;
@ -77,26 +80,28 @@
} }
//delete the group from the user //delete the group from the user
if ($_GET["a"] == "delete" && permission_exists("user_delete")) { if ($_GET["a"] == "delete" && is_uuid($_GET["group_uuid"]) && is_uuid($user_uuid) && permission_exists("user_delete")) {
//set the variables //set the variables
$group_uuid = $_GET["group_uuid"]; $group_uuid = $_GET["group_uuid"];
//delete the group from the users //delete the group from the users
if (is_uuid($group_uuid) && is_uuid($user_uuid)) { $array['user_groups'][0]['group_uuid'] = $group_uuid;
$sql = "delete from v_user_groups "; $array['user_groups'][0]['user_uuid'] = $user_uuid;
$sql .= "where group_uuid = :group_uuid ";
$sql .= "and user_uuid = :user_uuid "; $p = new permissions;
$parameters['group_uuid'] = $group_uuid; $p->add('user_group_delete', 'temp');
$parameters['user_uuid'] = $user_uuid;
$database = new database; $database = new database;
$database->execute($sql, $parameters); $database->app_name = 'users';
unset($parameters); $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
} $database->delete($array);
unset($array);
$p->delete('user_group_delete', 'temp');
//redirect the user //redirect the user
message::add($text['message-update']); message::add($text['message-update']);
if (is_uuid($user_uuid)) {
header("Location: user_edit.php?id=".$user_uuid); header("Location: user_edit.php?id=".$user_uuid);
} exit;
return;
} }
//retrieve password requirements //retrieve password requirements
@ -143,7 +148,7 @@
} }
if (permission_exists('user_edit') && $action == 'edit') { if (permission_exists('user_edit') && $action == 'edit') {
if ($username != $username_old && $username != '') { if ($username != $username_old && $username != '') {
$sql = "select count(*) as num_rows from v_users where username = :username "; $sql = "select count(*) from v_users where username = :username ";
if ($_SESSION["user"]["unique"]["text"] != "global") { if ($_SESSION["user"]["unique"]["text"] != "global") {
$sql .= "and domain_uuid = :domain_uuid "; $sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $domain_uuid; $parameters['domain_uuid'] = $domain_uuid;
@ -218,7 +223,7 @@
$parameters['user_uuid'] = $user_uuid; $parameters['user_uuid'] = $user_uuid;
$database = new database; $database = new database;
$row = $database->select($sql, $parameters, 'row'); $row = $database->select($sql, $parameters, 'row');
if ($row['user_setting_uuid'] == '' && $user_language != '') { if (!is_uuid($row['user_setting_uuid']) && $user_language != '') {
//add user setting to array for insert //add user setting to array for insert
$array['user_settings'][$i]['user_setting_uuid'] = uuid(); $array['user_settings'][$i]['user_setting_uuid'] = uuid();
$array['user_settings'][$i]['user_uuid'] = $user_uuid; $array['user_settings'][$i]['user_uuid'] = $user_uuid;
@ -232,14 +237,20 @@
} }
else { else {
if ($row['user_setting_value'] == '' || $user_language == '') { if ($row['user_setting_value'] == '' || $user_language == '') {
$sql = "delete from v_user_settings "; $array_delete['user_settings'][0]['user_setting_category'] = 'domain';
$sql .= "where user_setting_category = 'domain' "; $array_delete['user_settings'][0]['user_setting_subcategory'] = 'language';
$sql .= "and user_setting_subcategory = 'language' "; $array_delete['user_settings'][0]['user_uuid'] = $user_uuid;
$sql .= "and user_uuid = :user_uuid ";
$parameters['user_uuid'] = $user_uuid; $p = new permissions;
$p->add('user_setting_delete', 'temp');
$database = new database; $database = new database;
$database->execute($sql, $parameters); $database->app_name = 'users';
unset($sql); $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
$database->delete($array_delete);
unset($array_delete);
$p->delete('user_setting_delete', 'temp');
} }
else { else {
//add user setting to array for update //add user setting to array for update
@ -278,13 +289,20 @@
} }
else { else {
if ($row['user_setting_value'] == '' || $user_time_zone == '') { if ($row['user_setting_value'] == '' || $user_time_zone == '') {
$sql = "delete from v_user_settings "; $array_delete['user_settings'][0]['user_setting_category'] = 'domain';
$sql .= "where user_setting_category = 'domain' "; $array_delete['user_settings'][0]['user_setting_subcategory'] = 'time_zone';
$sql .= "and user_setting_subcategory = 'time_zone' "; $array_delete['user_settings'][0]['user_uuid'] = $user_uuid;
$sql .= "and user_uuid = :user_uuid ";
$parameters['user_uuid'] = $user_uuid; $p = new permissions;
$p->add('user_setting_delete', 'temp');
$database = new database; $database = new database;
$database->execute($sql, $parameters); $database->app_name = 'users';
$database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
$database->delete($array_delete);
unset($array_delete);
$p->delete('user_setting_delete', 'temp');
} }
else { else {
//add user setting to array for update //add user setting to array for update
@ -324,14 +342,20 @@
} }
else { else {
if ($row['user_setting_value'] == '' || $message_key == '') { if ($row['user_setting_value'] == '' || $message_key == '') {
$sql = "delete from v_user_settings "; $array_delete['user_settings'][0]['user_setting_category'] = 'message';
$sql .= "where user_setting_category = 'message' "; $array_delete['user_settings'][0]['user_setting_subcategory'] = 'key';
$sql .= "and user_setting_subcategory = 'key' "; $array_delete['user_settings'][0]['user_uuid'] = $user_uuid;
$sql .= "and user_uuid = :user_uuid ";
$parameters['user_uuid'] = $user_uuid; $p = new permissions;
$p->add('user_setting_delete', 'temp');
$database = new database; $database = new database;
$database->execute($sql, $parameters); $database->app_name = 'users';
unset($sql); $database->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
$database->delete($array_delete);
unset($array_delete);
$p->delete('user_setting_delete', 'temp');
} }
else { else {
//add user setting to array for update //add user setting to array for update
@ -583,7 +607,7 @@
} }
} }
} }
unset($sql, $parameters); unset($sql, $parameters, $result, $row);
} }
} }
@ -707,17 +731,20 @@
echo " <option value=''></option>\n"; echo " <option value=''></option>\n";
//get all language codes from database //get all language codes from database
$sql = "select * from v_languages order by language asc "; $sql = "select * from v_languages order by language asc ";
$parameters = null;
$database = new database; $database = new database;
$languages = $database->select($sql, $parameters, 'all'); $languages = $database->select($sql, null, 'all');
if (is_array($languages) && sizeof($languages) != 0) {
foreach ($languages as $row) { foreach ($languages as $row) {
$language_codes[$row["code"]] = $row["language"]; $language_codes[$row["code"]] = $row["language"];
} }
unset($languages); }
unset($sql, $languages, $row);
if (is_array($_SESSION['app']['languages']) && sizeof($_SESSION['app']['languages']) != 0) {
foreach ($_SESSION['app']['languages'] as $code) { foreach ($_SESSION['app']['languages'] as $code) {
$selected = ($code == $user_settings['domain']['language']['code']) ? "selected='selected'" : null; $selected = ($code == $user_settings['domain']['language']['code']) ? "selected='selected'" : null;
echo " <option value='".escape($code)."' ".escape($selected).">".escape($language_codes[$code])." [".escape($code)."]</option>\n"; echo " <option value='".escape($code)."' ".escape($selected).">".escape($language_codes[$code])." [".escape($code)."]</option>\n";
} }
}
echo " </select>\n"; echo " </select>\n";
echo " <br />\n"; echo " <br />\n";
echo " ".$text['description-user_language']."<br />\n"; echo " ".$text['description-user_language']."<br />\n";
@ -881,7 +908,6 @@
$parameters['user_uuid'] = $user_uuid; $parameters['user_uuid'] = $user_uuid;
$database = new database; $database = new database;
$user_groups = $database->select($sql, $parameters, 'all'); $user_groups = $database->select($sql, $parameters, 'all');
unset($parameters);
if (is_array($user_groups)) { if (is_array($user_groups)) {
echo "<table cellpadding='0' cellspacing='0' border='0'>\n"; echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
foreach($user_groups as $field) { foreach($user_groups as $field) {
@ -903,7 +929,7 @@
} }
echo "</table>\n"; echo "</table>\n";
} }
unset($sql, $user_groups); unset($sql, $parameters, $user_groups, $field);
$sql = "select * from v_groups "; $sql = "select * from v_groups ";
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
@ -914,7 +940,6 @@
$parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database; $database = new database;
$groups = $database->select($sql, $parameters, 'all'); $groups = $database->select($sql, $parameters, 'all');
unset($parameters);
if (is_array($groups)) { if (is_array($groups)) {
if (isset($assigned_groups)) { echo "<br />\n"; } if (isset($assigned_groups)) { echo "<br />\n"; }
echo "<select name='group_uuid_name' class='formfld' style='width: auto; margin-right: 3px;' ".($action == 'add' ? "required='required'" : null).">\n"; echo "<select name='group_uuid_name' class='formfld' style='width: auto; margin-right: 3px;' ".($action == 'add' ? "required='required'" : null).">\n";
@ -932,7 +957,7 @@
echo "<input type='submit' class='btn' value=\"".$text['button-add']."\" >\n"; echo "<input type='submit' class='btn' value=\"".$text['button-add']."\" >\n";
} }
} }
unset($sql, $groups); unset($sql, $parameters, $groups, $field);
echo " </td>"; echo " </td>";
echo " </tr>"; echo " </tr>";

18
core/users/user_imports.php
View File

@ -42,7 +42,7 @@
$language = new text; $language = new text;
$text = $language->get(); $text = $language->get();
//built in str_getcsv requires PHP 5.3 or higher, this function can be used to reproduct the functionality but requirs PHP 5.1.0 or higher //built in str_getcsv requires PHP 5.3 or higher, this function can be used to reproduce the functionality but requires PHP 5.1.0 or higher
if(!function_exists('str_getcsv')) { if(!function_exists('str_getcsv')) {
function str_getcsv($input, $delimiter = ",", $enclosure = '"', $escape = "\\") { function str_getcsv($input, $delimiter = ",", $enclosure = '"', $escape = "\\") {
$fp = fopen("php://memory", 'r+'); $fp = fopen("php://memory", 'r+');
@ -60,8 +60,6 @@
//get the http get values and set them as php variables //get the http get values and set them as php variables
$action = check_str($_POST["action"]); $action = check_str($_POST["action"]);
$from_row = check_str($_POST["from_row"]); $from_row = check_str($_POST["from_row"]);
$order_by = check_str($_POST["order_by"]);
$order = check_str($_POST["order"]);
$delimiter = check_str($_POST["data_delimiter"]); $delimiter = check_str($_POST["data_delimiter"]);
$enclosure = check_str($_POST["data_enclosure"]); $enclosure = check_str($_POST["data_enclosure"]);
@ -74,7 +72,7 @@
//copy the csv file //copy the csv file
//$_POST['submit'] == "Upload" && //$_POST['submit'] == "Upload" &&
if ( is_uploaded_file($_FILES['ulfile']['tmp_name']) && permission_exists('user_imports')) { if (is_uploaded_file($_FILES['ulfile']['tmp_name']) && permission_exists('user_imports')) {
if (check_str($_POST['type']) == 'csv') { if (check_str($_POST['type']) == 'csv') {
move_uploaded_file($_FILES['ulfile']['tmp_name'], $_SESSION['server']['temp']['dir'].'/'.$_FILES['ulfile']['name']); move_uploaded_file($_FILES['ulfile']['tmp_name'], $_SESSION['server']['temp']['dir'].'/'.$_FILES['ulfile']['name']);
$save_msg = "Uploaded file to ".$_SESSION['server']['temp']['dir']."/". htmlentities($_FILES['ulfile']['name']); $save_msg = "Uploaded file to ".$_SESSION['server']['temp']['dir']."/". htmlentities($_FILES['ulfile']['name']);
@ -131,10 +129,7 @@
$schema[$i]['fields'][] = 'group_name'; $schema[$i]['fields'][] = 'group_name';
//debug info //debug info
//echo "<pre>\n"; //view_array($schema);
//print_r($schema);
//echo "</pre>\n";
//exit;
} }
//match the column names to the field names //match the column names to the field names
@ -252,9 +247,9 @@
//get the groups //get the groups
$sql = "select * from v_groups where domain_uuid is null "; $sql = "select * from v_groups where domain_uuid is null ";
$prep_statement = $db->prepare($sql); $database = new database;
$prep_statement->execute(); $groups = $database->select($sql, null, 'all');
$groups = $prep_statement->fetchAll(PDO::FETCH_ASSOC); unset($sql);
//get the contents of the csv file and convert them into an array //get the contents of the csv file and convert them into an array
$handle = @fopen($_SESSION['file'], "r"); $handle = @fopen($_SESSION['file'], "r");
@ -384,6 +379,7 @@
$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e'; $database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
$database->save($array); $database->save($array);
//$message = $database->message; //$message = $database->message;
unset($array);
} }
//send the redirect header //send the redirect header

88
core/users/users.php
View File

@ -48,24 +48,9 @@
$document['title'] = $text['title-user_manager']; $document['title'] = $text['title-user_manager'];
//get variables used to control the order //get variables used to control the order
$order_by = $_GET["order_by"]; $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'u.username';
$order = $_GET["order"]; $order = $_GET["order"];
//validate order by
if (strlen($order_by) > 0) {
$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
}
//validate the order
switch ($order) {
case 'asc':
break;
case 'desc':
break;
default:
$order = '';
}
//set the variables //set the variables
$search = $_REQUEST["search"]; $search = $_REQUEST["search"];
if (strlen($search) > 0) { if (strlen($search) > 0) {
@ -75,28 +60,32 @@
//get the list of superadmins //get the list of superadmins
$superadmins = superadmin_list($db); $superadmins = superadmin_list($db);
//get the user count from the database //common where clause
$sql = "select count(*) from view_users as u where 1 = 1 "; $sql_where = "where true ";
if (!(permission_exists('user_all') && $_GET['show'] == 'all')) { if (!(permission_exists('user_all') && $_GET['show'] == 'all')) {
$sql .= "and u.domain_uuid = :domain_uuid \n"; $sql_where .= "and u.domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid']; $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
} }
if (strlen($search) > 0) { if (strlen($search) > 0) {
$sql .= "and (\n"; $sql_where .= "and ( ";
$sql .= "lower(username) like :search \n"; $sql_where .= "lower(username) like :search ";
$sql .= "or lower(groups) like :search \n"; $sql_where .= "or lower(groups) like :search ";
$sql .= "or lower(contact_organization) like :search \n"; $sql_where .= "or lower(contact_organization) like :search ";
$sql .= "or lower(contact_name_given) like :search \n"; $sql_where .= "or lower(contact_name_given) like :search ";
$sql .= "or lower(contact_name_family) like :search \n"; $sql_where .= "or lower(contact_name_family) like :search ";
$sql .= ")\n"; $sql_where .= ") ";
$parameters['search'] = '%'.$search.'%'; $parameters['search'] = '%'.$search.'%';
} }
//get the user count from the database
$sql = "select count(*) from view_users as u ";
$sql .= $sql_where;
$database = new database; $database = new database;
$num_rows = $database->select($sql, $parameters, 'column'); $num_rows = $database->select($sql, $parameters, 'column');
unset ($parameters, $sql); unset($sql);
//prepare for paging //prepare for paging
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; $rows_per_page = is_numeric($_SESSION['domain']['paging']['numeric']) ? $_SESSION['domain']['paging']['numeric'] : 50;
$param = "search=".escape($search); $param = "search=".escape($search);
if (permission_exists('user_all') && $_GET['show'] == 'all') { if (permission_exists('user_all') && $_GET['show'] == 'all') {
$param .= "&show=all"; $param .= "&show=all";
@ -107,35 +96,14 @@
$offset = $rows_per_page * $page; $offset = $rows_per_page * $page;
//get the users from the database //get the users from the database
$sql = "select u.domain_uuid, u.user_uuid, u.contact_uuid, u.domain_name, u.username, u.user_enabled, u.contact_organization, u.contact_name_given, u.contact_name_family, u.groups \n"; $sql = "select u.domain_uuid, u.user_uuid, u.contact_uuid, u.domain_name, u.username, u.user_enabled, u.contact_organization, u.contact_name_given, u.contact_name_family, u.groups ";
$sql .= "from view_users as u \n"; $sql .= "from view_users as u ";
$sql .= "where 1 = 1 \n"; $sql .= $sql_where;
if (!(permission_exists('user_all') && $_GET['show'] == 'all')) { $sql .= order_by($order_by, $order);
$sql .= "and u.domain_uuid = :domain_uuid \n"; $sql .= limit_offset($rows_per_page, $offset);
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
}
if (strlen($search) > 0) {
$sql .= "and (\n";
$sql .= "lower(username) like :search \n";
$sql .= "or lower(groups) like :search \n";
$sql .= "or lower(contact_organization) like :search \n";
$sql .= "or lower(contact_name_given) like :search \n";
$sql .= "or lower(contact_name_family) like :search \n";
$sql .= ")\n";
$parameters['search'] = '%'.$search.'%';
}
if (strlen($order_by)> 0) {
$sql .= "order by ".$order_by." ".$order." \n";
}
else {
$sql .= "order by u.username asc \n";
}
$sql .= "limit :rows_per_page offset :offset ";
$parameters['rows_per_page'] = $rows_per_page;
$parameters['offset'] = $offset;
$database = new database; $database = new database;
$users = $database->select($sql, $parameters, 'all'); $users = $database->select($sql, $parameters, 'all');
unset ($parameters, $sql); unset($sql, $sql_where, $parameters);
//page title and description //page title and description
echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n"; echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
@ -201,7 +169,7 @@
echo "</td>\n"; echo "</td>\n";
echo "</tr>\n"; echo "</tr>\n";
if (is_array($users)) { if (is_array($users) && sizeof($users) != 0) {
foreach($users as $row) { foreach($users as $row) {
if (if_superadmin($superadmins, $row['user_uuid']) && !if_group("superadmin")) { if (if_superadmin($superadmins, $row['user_uuid']) && !if_group("superadmin")) {
//hide //hide
@ -253,11 +221,11 @@
} }
echo " </td>\n"; echo " </td>\n";
echo "</tr>\n"; echo "</tr>\n";
if ($c==0) { $c=1; } else { $c=0; } $c = $c == 0 ? 1 : 0;
}
}
unset($users, $row);
} }
} //end foreach
unset($sql, $users);
} //end if results
echo "<tr>\n"; echo "<tr>\n";
echo "</table>\n"; echo "</table>\n";

2
resources/functions.php
View File

@ -2125,7 +2125,7 @@ function number_pad($number,$n) {
//validate and format order by clause of select statement //validate and format order by clause of select statement
if (!function_exists('order_by')) { if (!function_exists('order_by')) {
function order_by($col, $dir) { function order_by($col, $dir) {
$col = preg_replace('#[^a-zA-Z0-9-_]#', '', $col); $col = preg_replace('#[^a-zA-Z0-9-_.]#', '', $col);
$dir = strtolower($dir) == 'desc' ? 'desc' : 'asc'; $dir = strtolower($dir) == 'desc' ? 'desc' : 'asc';
if ($col != '') { return ' order by '.$col.' '.$dir.' '; } if ($col != '') { return ' order by '.$col.' '.$dir.' '; }
} }