diff --git a/app/access_controls/access_control_delete.php b/app/access_controls/access_control_delete.php
index 44cb5bcb4f..dbdfa5842d 100644
--- a/app/access_controls/access_control_delete.php
+++ b/app/access_controls/access_control_delete.php
@@ -30,38 +30,26 @@
//check permissions
require_once "resources/check_auth.php";
- if (permission_exists('access_control_delete')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('access_control_delete')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
$language = new text;
$text = $language->get();
-//get the id
- if (count($_GET)>0) {
- $id = check_str($_GET["id"]);
- }
-
//delete the data
- if (strlen($id)>0) {
- //delete access_control
- $sql = "delete from v_access_controls ";
- $sql .= "where access_control_uuid = '$id' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ if (is_uuid($_GET["id"])) {
+ $access_control_uuid = $_GET["id"];
- //delete access_control_node
- $sql = "delete from v_access_control_nodes ";
- $sql .= "where access_control_uuid = '$id' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $array['access_controls'][]['access_control_uuid'] = $access_control_uuid;
+ $array['access_control_nodes'][]['access_control_uuid'] = $access_control_uuid;
+
+ $database = new database;
+ $database->app_name = 'access_control';
+ $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
+ $database->delete($array);
+ unset($array);
//clear the cache
$cache = new cache;
@@ -70,11 +58,11 @@
//create the event socket connection
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
if ($fp) { event_socket_request($fp, "api reloadacl"); }
+
+ message::add($text['message-delete']);
}
//redirect the user
- message::add($text['message-delete']);
header('Location: access_controls.php');
-
?>
diff --git a/app/access_controls/access_control_edit.php b/app/access_controls/access_control_edit.php
index 38b6c7d014..2b05a8a95f 100644
--- a/app/access_controls/access_control_edit.php
+++ b/app/access_controls/access_control_edit.php
@@ -22,15 +22,11 @@
//includes
require_once "root.php";
require_once "resources/require.php";
+ require_once "resources/check_auth.php";
//check permissions
- require_once "resources/check_auth.php";
- if (permission_exists('access_control_add') || permission_exists('access_control_edit')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('access_control_add') && !permission_exists('access_control_edit')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -38,9 +34,9 @@
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $access_control_uuid = check_str($_REQUEST["id"]);
+ $access_control_uuid = $_REQUEST["id"];
}
else {
$action = "add";
@@ -80,51 +76,34 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//add or update the database
if ($_POST["persistformvar"] != "true") {
+ $execute = false;
+
if ($action == "add" && permission_exists('access_control_add')) {
- //update the database
- $sql = "insert into v_access_controls ";
- $sql .= "(";
- $sql .= "access_control_uuid, ";
- $sql .= "access_control_name, ";
- $sql .= "access_control_default, ";
- $sql .= "access_control_description ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".uuid()."', ";
- $sql .= "'$access_control_name', ";
- $sql .= "'$access_control_default', ";
- $sql .= "'$access_control_description' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
-
- //clear the cache
- $cache = new cache;
- $cache->delete("configuration:acl.conf");
-
- //create the event socket connection
- $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
- if ($fp) { event_socket_request($fp, "api reloadacl"); }
+ $execute = true;
+ $access_control_uuid = uuid();
//add the message
message::add($text['message-add']);
-
- //redirect the user
- header("Location: access_controls.php");
- return;
-
- } //if ($action == "add")
+ }
if ($action == "update" && permission_exists('access_control_edit')) {
- //update the database
- $sql = "update v_access_controls set ";
- $sql .= "access_control_name = '$access_control_name', ";
- $sql .= "access_control_default = '$access_control_default', ";
- $sql .= "access_control_description = '$access_control_description' ";
- $sql .= "where access_control_uuid = '$access_control_uuid'";
- $db->exec(check_sql($sql));
- unset($sql);
+ $execute = true;
+ //$access_control_uuid //already set
+
+ //add the message
+ message::add($text['message-update']);
+ }
+
+ if ($execute) {
+ $array['access_controls'][0]['access_control_uuid'] = $access_control_uuid;
+ $array['access_controls'][0]['access_control_name'] = $access_control_name;
+ $array['access_controls'][0]['access_control_default'] = $access_control_default;
+ $array['access_controls'][0]['access_control_description'] = $access_control_description;
+ $database = new database;
+ $database->app_name = 'access_control';
+ $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
+ $database->save($array);
+ unset($array);
//clear the cache
$cache = new cache;
@@ -133,33 +112,29 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//create the event socket connection
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
if ($fp) { event_socket_request($fp, "api reloadacl"); }
+ }
- //add the message
- message::add($text['message-update']);
+ //redirect the user
+ header("Location: access_controls.php");
+ return;
- //redirect the user
- header("Location: access_controls.php");
- return;
-
- } //if ($action == "update")
} //if ($_POST["persistformvar"] != "true")
} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
//pre-populate the form
- if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
- $access_control_uuid = check_str($_GET["id"]);
+ if (count($_GET) > 0 && $_POST["persistformvar"] != "true" && is_uuid($_GET["id"])) {
+ $access_control_uuid = $_GET["id"];
$sql = "select * from v_access_controls ";
- $sql .= "where access_control_uuid = '$access_control_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where access_control_uuid = :access_control_uuid ";
+ $parameters['access_control_uuid'] = $access_control_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row)) {
$access_control_name = $row["access_control_name"];
$access_control_default = $row["access_control_default"];
$access_control_description = $row["access_control_description"];
- break; //limit to 1 row
}
- unset ($prep_statement);
+ unset ($sql, $parameters, $row);
}
//show the header
diff --git a/app/access_controls/access_control_node_delete.php b/app/access_controls/access_control_node_delete.php
index 816c2ea2d1..d7625dfec3 100644
--- a/app/access_controls/access_control_node_delete.php
+++ b/app/access_controls/access_control_node_delete.php
@@ -25,32 +25,26 @@
require_once "resources/check_auth.php";
//check permissions
- if (permission_exists('access_control_node_delete')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('access_control_node_delete')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
$language = new text;
$text = $language->get();
-//get the id
- if (count($_GET) > 0) {
- $id = check_str($_GET["id"]);
- $access_control_uuid = check_str($_GET["access_control_uuid"]);
- }
+//delete access control node
+ if (is_uuid($_GET['id']) && is_uuid($_GET['access_control_uuid'])) {
+ $access_control_node_uuid = $_GET["id"];
+ $access_control_uuid = $_GET["access_control_uuid"];
-//delete access_control_node
- if (strlen($id) > 0) {
- //update the database
- $sql = "delete from v_access_control_nodes ";
- $sql .= "where access_control_node_uuid = '$id' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $array['access_control_nodes'][0]['access_control_node_uuid'] = $access_control_node_uuid;
+ $array['access_control_nodes'][0]['access_control_uuid'] = $access_control_uuid;
+ $database = new database;
+ $database->app_name = 'access_control';
+ $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
+ $database->delete($array);
+ unset($array);
//clear the cache
$cache = new cache;
@@ -59,10 +53,12 @@
//create the event socket connection
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
if ($fp) { event_socket_request($fp, "api reloadacl"); }
+
+ //set message
+ message::add($text['message-delete']);
}
//redirect the browser
- message::add($text['message-delete']);
header('Location: access_control_edit.php?id='.$access_control_uuid);
?>
diff --git a/app/access_controls/access_control_node_edit.php b/app/access_controls/access_control_node_edit.php
index b1875c7b7a..510b592803 100644
--- a/app/access_controls/access_control_node_edit.php
+++ b/app/access_controls/access_control_node_edit.php
@@ -25,12 +25,8 @@
require_once "resources/check_auth.php";
//check permissions
- if (permission_exists('access_control_node_add') || permission_exists('access_control_node_edit')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('access_control_node_add') && !permission_exists('access_control_node_edit')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -38,32 +34,32 @@
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $access_control_node_uuid = check_str($_REQUEST["id"]);
+ $access_control_node_uuid = $_REQUEST["id"];
}
else {
$action = "add";
}
//set the parent uuid
- if (strlen($_GET["access_control_uuid"]) > 0) {
- $access_control_uuid = check_str($_GET["access_control_uuid"]);
+ if (is_uuid($_GET["access_control_uuid"])) {
+ $access_control_uuid = $_GET["access_control_uuid"];
}
//get http post variables and set them to php variables
if (count($_POST)>0) {
- $node_type = check_str($_POST["node_type"]);
- $node_cidr = check_str($_POST["node_cidr"]);
- $node_domain = check_str($_POST["node_domain"]);
- $node_description = check_str($_POST["node_description"]);
+ $node_type = $_POST["node_type"];
+ $node_cidr = $_POST["node_cidr"];
+ $node_domain = $_POST["node_domain"];
+ $node_description = $_POST["node_description"];
}
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
//get the uuid
- if ($action == "update") {
- $access_control_node_uuid = check_str($_POST["access_control_node_uuid"]);
+ if ($action == "update" && is_uuid($_POST["access_control_node_uuid"])) {
+ $access_control_node_uuid = $_POST["access_control_node_uuid"];
}
//check for all required data
@@ -97,27 +93,19 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
//add or update the database
if ($_POST["persistformvar"] != "true") {
if ($action == "add" && permission_exists('access_control_node_add')) {
- //update the database
- $sql = "insert into v_access_control_nodes ";
- $sql .= "(";
- $sql .= "access_control_node_uuid, ";
- $sql .= "access_control_uuid, ";
- $sql .= "node_type, ";
- $sql .= "node_cidr, ";
- $sql .= "node_domain, ";
- $sql .= "node_description ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".uuid()."', ";
- $sql .= "'$access_control_uuid', ";
- $sql .= "'$node_type', ";
- $sql .= "'$node_cidr', ";
- $sql .= "'$node_domain', ";
- $sql .= "'$node_description' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+
+ //insert
+ $array['access_control_nodes'][0]['access_control_node_uuid'] = uuid();
+ $array['access_control_nodes'][0]['access_control_uuid'] = $access_control_uuid;
+ $array['access_control_nodes'][0]['node_type'] = $node_type;
+ $array['access_control_nodes'][0]['node_cidr'] = $node_cidr;
+ $array['access_control_nodes'][0]['node_domain'] = $node_domain;
+ $array['access_control_nodes'][0]['node_description'] = $node_description;
+ $database = new database;
+ $database->app_name = 'access_controls';
+ $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
+ $database->save($array);
+ unset($array);
//clear the cache
$cache = new cache;
@@ -138,16 +126,18 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
if ($action == "update" && permission_exists('access_control_node_edit')) {
- //update the database
- $sql = "update v_access_control_nodes set ";
- $sql .= "access_control_uuid = '$access_control_uuid', ";
- $sql .= "node_type = '$node_type', ";
- $sql .= "node_cidr = '$node_cidr', ";
- $sql .= "node_domain = '$node_domain', ";
- $sql .= "node_description = '$node_description' ";
- $sql .= "where access_control_node_uuid = '$access_control_node_uuid'";
- $db->exec(check_sql($sql));
- unset($sql);
+ //update
+ $array['access_control_nodes'][0]['access_control_node_uuid'] = $access_control_node_uuid;
+ $array['access_control_nodes'][0]['access_control_uuid'] = $access_control_uuid;
+ $array['access_control_nodes'][0]['node_type'] = $node_type;
+ $array['access_control_nodes'][0]['node_cidr'] = $node_cidr;
+ $array['access_control_nodes'][0]['node_domain'] = $node_domain;
+ $array['access_control_nodes'][0]['node_description'] = $node_description;
+ $database = new database;
+ $database->app_name = 'access_controls';
+ $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd';
+ $database->save($array);
+ unset($array);
//clear the cache
$cache = new cache;
@@ -169,20 +159,20 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
//pre-populate the form
- if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
- $access_control_node_uuid = check_str($_GET["id"]);
+ if (count($_GET) > 0 && $_POST["persistformvar"] != "true" && is_uuid($_GET["id"])) {
+ $access_control_node_uuid = $_GET["id"];
$sql = "select * from v_access_control_nodes ";
- $sql .= "where access_control_node_uuid = '".$access_control_node_uuid."' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where access_control_node_uuid = :access_control_node_uuid ";
+ $parameters['access_control_node_uuid'] = $access_control_node_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$node_type = $row["node_type"];
$node_cidr = $row["node_cidr"];
$node_domain = $row["node_domain"];
$node_description = $row["node_description"];
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
}
//show the header
diff --git a/app/access_controls/access_control_nodes.php b/app/access_controls/access_control_nodes.php
index 3fba3985b2..12a9190b22 100644
--- a/app/access_controls/access_control_nodes.php
+++ b/app/access_controls/access_control_nodes.php
@@ -25,12 +25,8 @@
require_once "resources/check_auth.php";
//check permissions
- if (permission_exists('access_control_node_view')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('access_control_node_view')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -38,32 +34,8 @@
$text = $language->get();
//get variables used to control the order
- $order_by = check_str($_GET["order_by"]);
- $order = check_str($_GET["order"]);
-
-//validate the order
- switch ($order) {
- case 'asc':
- break;
- case 'desc':
- break;
- default:
- $order = '';
- }
-
-//validate the order by
- switch ($order_by) {
- case 'node_type':
- break;
- case 'node_cidr':
- break;
- case 'node_domain':
- break;
- case 'node_description':
- break;
- default:
- $order_by = '';
- }
+ $order_by = $_GET["order_by"];
+ $order = $_GET["order"];
//additional includes
require_once "resources/header.php";
@@ -78,9 +50,8 @@
echo "\n";
//prepare to page the results
- $sql = "select count(*) as num_rows from v_access_control_nodes ";
+ $sql = "select count(*) from v_access_control_nodes ";
$sql .= "where access_control_uuid = :access_control_uuid ";
- if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; }
$parameters['access_control_uuid'] = $access_control_uuid;
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
@@ -96,13 +67,11 @@
//get the list
$sql = "select * from v_access_control_nodes ";
$sql .= "where access_control_uuid = :access_control_uuid ";
- if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; }
- $sql .= "limit :rows_per_page offset :offset ";
- $database = new database;
- $parameters['rows_per_page'] = $rows_per_page;
- $parameters['offset'] = $offset;
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
$parameters['access_control_uuid'] = $access_control_uuid;
- $access_control_nodes = $database->execute($sql, $parameters);
+ $database = new database;
+ $access_control_nodes = $database->select($sql, $parameters);
//set the row styles
$c = 0;
@@ -133,7 +102,7 @@
}
echo "\n";
echo " | ".escape($row['node_type'])." | \n";
- echo " ".escape($row['node_cidr'])." | \n";
+ echo " ".escape($row['node_cidr'])." | \n";
echo " ".escape($row['node_domain'])." | \n";
echo " ".escape($row['node_description'])." | \n";
echo " ";
@@ -145,32 +114,20 @@
}
echo " | \n";
echo "
\n";
- if ($c==0) { $c=1; } else { $c=0; }
+ $c = $c == 1 ? 0 : 1;
} //end foreach
unset($sql, $result, $row_count);
} //end if results
echo "\n";
- echo "\n";
- echo " \n";
- echo " \n";
- echo " | | \n";
- echo " $paging_controls | \n";
- echo " ";
+ echo " | \n";
if (permission_exists('access_control_node_add')) {
- echo "$v_link_label_add";
+ echo "\n";
}
- else {
- echo " ";
- }
- echo " | \n";
- echo "
\n";
- echo " \n";
- echo "\n";
- echo "\n";
-
- echo "";
- echo "
";
+ echo "
\n";
+ echo "".$paging_controls."
\n";
//include the footer
require_once "resources/footer.php";
diff --git a/app/access_controls/access_controls.php b/app/access_controls/access_controls.php
index 0a10177c2a..a178ff97e8 100644
--- a/app/access_controls/access_controls.php
+++ b/app/access_controls/access_controls.php
@@ -27,15 +27,11 @@
//includes
require_once "root.php";
require_once "resources/require.php";
+ require_once "resources/check_auth.php";
//check permissions
- require_once "resources/check_auth.php";
- if (permission_exists('access_control_view')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('access_control_view')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -46,38 +42,14 @@
$order_by = $_GET["order_by"];
$order = $_GET["order"];
-//validate the order
- switch ($order) {
- case 'asc':
- break;
- case 'desc':
- break;
- default:
- $order = '';
- }
-
-//validate the order by
- switch ($order_by) {
- case 'access_control_name':
- break;
- case 'access_control_default':
- break;
- case 'access_control_description':
- break;
- default:
- $order_by = '';
- }
-
//additional includes
require_once "resources/header.php";
require_once "resources/paging.php";
//prepare to page the results
- $sql = "select count(*) as num_rows from v_access_controls ";
- if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; }
- $parameters = null;
+ $sql = "select count(*) from v_access_controls ";
$database = new database;
- $num_rows = $database->select($sql, $parameters, 'column');
+ $num_rows = $database->select($sql, null, 'column');
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -89,12 +61,10 @@
//get the list
$sql = "select * from v_access_controls ";
- if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
- $sql .= "limit :rows_per_page offset :offset ";
- $parameters['rows_per_page'] = $rows_per_page;
- $parameters['offset'] = $offset;
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
$database = new database;
- $access_controls = $database->select($sql, $parameters, 'all');
+ $access_controls = $database->select($sql, null, 'all');
//alternate the row style
$c = 0;
@@ -102,17 +72,10 @@
$row_style["1"] = "row_style1";
//show the content
- echo "\n";
- echo " \n";
- echo " | ".$text['title-access_controls']." | \n";
- echo " | \n";
- echo "
\n";
- echo " \n";
- echo " \n";
- echo " ".$text['description-access_control']."
\n";
- echo " | \n";
- echo "
\n";
- echo "
\n";
+ echo "".$text['title-access_controls']."\n";
+ echo "
\n";
+ echo $text['description-access_control']."\n";
+ echo "
\n";
echo "\n";
echo "\n";
@@ -135,7 +98,7 @@
$tr_link = "href='access_control_edit.php?id=".escape($row['access_control_uuid'])."'";
}
echo "
\n";
- echo " | ".escape($row['access_control_name'])." | \n";
+ echo " ".escape($row['access_control_name'])." | \n";
echo " ".escape($row['access_control_default'])." | \n";
echo " ".escape($row['access_control_description'])." | \n";
echo " ";
@@ -147,31 +110,20 @@
}
echo " | \n";
echo "
\n";
- if ($c==0) { $c=1; } else { $c=0; }
+ $c = $c == 1 ? 0 : 1;
} //end foreach
unset($sql, $access_controls);
} //end if results
echo "\n";
- echo "\n";
- echo " \n";
- echo " \n";
- echo " | | \n";
- echo " $paging_controls | \n";
- echo " ";
+ echo " | \n";
if (permission_exists('access_control_add')) {
- echo "$v_link_label_add";
+ echo "\n";
}
- else {
- echo " ";
- }
- echo " | \n";
- echo "
\n";
- echo "
\n";
- echo "\n";
- echo "\n";
- echo "";
- echo "
";
+ echo "
\n";
+ echo "".$paging_controls."
\n";
//include the footer
require_once "resources/footer.php";
diff --git a/app/basic_operator_panel/index.php b/app/basic_operator_panel/index.php
index 66a9729bf3..84fd5378a0 100644
--- a/app/basic_operator_panel/index.php
+++ b/app/basic_operator_panel/index.php
@@ -46,9 +46,6 @@
//set user status
if (isset($_REQUEST['status']) && $_REQUEST['status'] != '') {
- //create the database object
- $database = new database;
-
//validate the user status
$user_status = $_REQUEST['status'];
switch ($user_status) {
@@ -68,15 +65,14 @@
//update the status
if (permission_exists("user_account_setting_edit")) {
- $sql = "update v_users set ";
- $sql .= "user_status = :user_status ";
- $sql .= "where domain_uuid = :domain_uuid ";
- $sql .= "and user_uuid = :user_uuid ";
- $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
- $parameters['user_uuid'] = $_SESSION['user']['user_uuid'];
- $parameters['user_status'] = $user_status;
- $database->execute($sql, $parameters);
- unset($parameters);
+ $array['users'][0]['user_uuid'] = $_SESSION['user']['user_uuid'];
+ $array['users'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['users'][0]['user_status'] = $user_status;
+ $database = new database;
+ $database->app_name = 'operator_panel';
+ $database->app_uuid = 'dd3d173a-5d51-4231-ab22-b18c5b712bb2';
+ $database->save($array);
+ unset($array);
}
//if call center app is installed then update the user_status
@@ -87,7 +83,9 @@
$sql .= "and user_uuid = :user_uuid ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$parameters['user_uuid'] = $_SESSION['user']['user_uuid'];
+ $database = new database;
$call_center_agent_uuid = $database->select($sql, $parameters, 'column');
+ unset($sql, $parameters);
//update the user_status
if (isset($call_center_agent_uuid)) {
diff --git a/app/bridges/bridge_delete.php b/app/bridges/bridge_delete.php
index 0a8a7a260a..153d1e4700 100644
--- a/app/bridges/bridge_delete.php
+++ b/app/bridges/bridge_delete.php
@@ -32,26 +32,28 @@
$language = new text;
$text = $language->get();
-//delete the message
- message::add($text['message-delete']);
-
//delete the data
- if (isset($_GET["id"]) && is_uuid($_GET["id"]) && permission_exists('bridge_delete')) {
+ if (is_uuid($_GET["id"]) && permission_exists('bridge_delete')) {
//get the id
- $id = check_str($_GET["id"]);
+ $bridge_uuid = $_GET["id"];
- //delete bridge
- $sql = "delete from v_bridges ";
- $sql .= "where bridge_uuid = '$id' ";
- $sql .= "and domain_uuid = '$domain_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $array['bridges'][0]['bridge_uuid'] = $bridge_uuid;
+ $array['bridges'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+ $database = new database;
+ $database->app_name = 'bridges';
+ $database->app_uuid = 'a6a7c4c5-340a-43ce-bcbc-2ed9bab8659d';
+ $database->delete($array);
+ unset($array);
+
+ //add the message
+ message::add($text['message-delete']);
- //redirect the user
- header('Location: bridges.php');
}
+//redirect the user
+ header('Location: bridges.php');
+
?>
diff --git a/app/bridges/bridge_edit.php b/app/bridges/bridge_edit.php
index 85dc9b76c2..397500d12e 100644
--- a/app/bridges/bridge_edit.php
+++ b/app/bridges/bridge_edit.php
@@ -24,15 +24,11 @@
//includes
require_once "root.php";
require_once "resources/require.php";
+ require_once "resources/check_auth.php";
//check permissions
- require_once "resources/check_auth.php";
- if (permission_exists('bridge_add') || permission_exists('bridge_edit')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('bridge_add') && !permission_exists('bridge_edit')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -40,10 +36,10 @@
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $bridge_uuid = check_str($_REQUEST["id"]);
- $id = check_str($_REQUEST["id"]);
+ $bridge_uuid = $_REQUEST["id"];
+ $id = $_REQUEST["id"];
}
else {
$action = "add";
@@ -51,10 +47,10 @@
//get http post variables and set them to php variables
if (is_array($_POST)) {
- $bridge_uuid = check_str($_POST["bridge_uuid"]);
- $bridge_name = check_str($_POST["bridge_name"]);
- $bridge_destination = check_str($_POST["bridge_destination"]);
- $bridge_enabled = check_str($_POST["bridge_enabled"]);
+ $bridge_uuid = $_POST["bridge_uuid"];
+ $bridge_name = $_POST["bridge_name"];
+ $bridge_destination = $_POST["bridge_destination"];
+ $bridge_enabled = $_POST["bridge_enabled"];
}
//process the user data and save it to the database
@@ -62,7 +58,7 @@
//get the uuid from the POST
if ($action == "update") {
- $bridge_uuid = check_str($_POST["bridge_uuid"]);
+ $bridge_uuid = $_POST["bridge_uuid"];
}
//check for all required data
@@ -98,19 +94,10 @@
//save to the data
$database = new database;
$database->app_name = 'bridges';
- $database->app_uuid = null;
- if (strlen($bridge_uuid) > 0) {
- $database->uuid($bridge_uuid);
- }
+ $database->app_uuid = 'a6a7c4c5-340a-43ce-bcbc-2ed9bab8659d';
$database->save($array);
$message = $database->message;
- //debug info
- //echo "";
- //print_r($message);
- //echo "
";
- //exit;
-
//redirect the user
if (isset($action)) {
if ($action == "add") {
@@ -126,21 +113,18 @@
//pre-populate the form
if (is_array($_GET) && $_POST["persistformvar"] != "true") {
- $bridge_uuid = check_str($_GET["id"]);
- $parameters['bridge_uuid'] = $bridge_uuid;
+ $bridge_uuid = $_GET["id"];
$sql = "select * from v_bridges ";
$sql .= "where bridge_uuid = :bridge_uuid ";
- //$sql .= "and domain_uuid = :domain_uuid ";
+ $parameters['bridge_uuid'] = $bridge_uuid;
$database = new database;
- //$database = $database->app_name = 'bridges';
- $result = $database->execute($sql, $parameters);
- //$message = $database->message;
- foreach ($result as $row) {
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$bridge_name = $row["bridge_name"];
$bridge_destination = $row["bridge_destination"];
$bridge_enabled = $row["bridge_enabled"];
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
}
//show the header
diff --git a/app/bridges/bridges.php b/app/bridges/bridges.php
index 3b78f1873a..32fcc429e9 100644
--- a/app/bridges/bridges.php
+++ b/app/bridges/bridges.php
@@ -31,12 +31,8 @@
require_once "resources/paging.php";
//check permissions
- if (permission_exists('bridge_view')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('bridge_view')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -88,7 +84,7 @@
$parameters['domain_uuid'] = $domain_uuid;
//add the search term
- $search = strtolower(check_str($_GET["search"]));
+ $search = strtolower($_GET["search"]);
if (strlen($search) > 0) {
$sql_search = " (";
$sql_search .= " lower(bridge_name) like :search ";
@@ -100,7 +96,7 @@
}
//prepare to page the results
- $sql = "select count(bridge_uuid) as num_rows from v_bridges ";
+ $sql = "select count(bridge_uuid) from v_bridges ";
if ($_GET['show'] == "all" && permission_exists('bridge_all')) {
if (isset($sql_search)) {
$sql .= "where ".$sql_search;
@@ -112,9 +108,6 @@
$sql .= "and ".$sql_search;
}
}
- if (strlen($order_by) > 0) {
- $sql .= "order by $order_by $order ";
- }
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
@@ -142,12 +135,8 @@
$sql .= "and ".$sql_search;
}
}
- if (strlen($order_by) > 0) {
- $sql .= "order by $order_by $order ";
- }
- if (is_numeric($rows_per_page) && is_numeric($offset)) {
- $sql .= "limit $rows_per_page offset $offset ";
- }
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
$database = new database;
$bridges = $database->select($sql, $parameters, 'all');
//$message = $database->message;
@@ -249,32 +238,22 @@
echo " \n";
echo "\n";
$x++;
- if ($c==0) { $c=1; } else { $c=0; }
+ $c = $c == 1 ? 0 : 1;
} //end foreach
unset($sql, $bridges);
} //end if results
echo "\n";
- echo "\n";
- echo " \n";
- echo " \n";
- echo " | | \n";
- echo " $paging_controls | \n";
- echo " ";
+ echo " | \n";
if (permission_exists('bridge_add')) {
- echo "$v_link_label_add";
+ echo "\n";
}
- else {
- echo " ";
- }
- echo " | \n";
- echo "
\n";
- echo " \n";
- echo "\n";
- echo "\n";
- echo "";
+ echo "
\n";
+ echo "".$paging_controls."
\n";
+
echo "\n";
- echo "
";
//include the footer
require_once "resources/footer.php";
diff --git a/resources/functions.php b/resources/functions.php
index 19d1f55521..144f779131 100644
--- a/resources/functions.php
+++ b/resources/functions.php
@@ -2122,5 +2122,29 @@ function number_pad($number,$n) {
}
}
+//validate and format order by clause of select statement
+ if (!function_exists('order_by')) {
+ function order_by($col, $dir) {
+ $col = preg_replace('#[^a-zA-Z0-9-]#', '', $col);
+ $dir = strtolower($dir) == 'desc' ? 'desc' : 'asc';
+ if ($col != '') { return ' order by '.$col.' '.$dir.' '; }
+ }
+ }
+
+//validate and format limit and offset clause of select statement
+ if (!function_exists('limit_offset')) {
+ function limit_offset($limit, $offset) {
+ $regex = '#[^0-9]#';
+ $limit = preg_replace($regex, '', $limit);
+ $offset = preg_replace($regex, '', $offset);
+ if (is_numeric($limit) && $limit > 0) {
+ $clause .= ' limit '.$limit;
+ if (is_numeric($offset)) {
+ $clause .= ' offset '.$offset;
+ }
+ }
+ return $clause.' ';
+ }
+ }
?>