Pin Numbers: Database class integration.

2019-08-12 05:26:58 -06:00 · 2019-08-12 05:26:58 -06:00 · e72796c51a
parent 3516125ebb
commit e72796c51a
7 changed files with 339 additions and 367 deletions
--- a/app/extensions/extension_download.php
+++ b/app/extensions/extension_download.php
@ -17,138 +17,144 @@
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2012
+	Portions created by the Initial Developer are Copyright (C) 2008-2019
 	the Initial Developer. All Rights Reserved.
 	Contributor(s):
 	Mark J Crane <markjcrane@fusionpbx.com>
 */
 include "root.php";
 require_once "resources/require.php";
 require_once "resources/check_auth.php";
 require_once "resources/paging.php";
 if (if_group("superadmin")) {
 	//access granted
 }
 else {
 	echo "access denied";
 	exit;
 }
-//add multi-lingual support
+//includes
-$language = new text;
+	include "root.php";
-$text = $language->get();
+	require_once "resources/require.php";
 	require_once "resources/check_auth.php";
 	require_once "resources/paging.php";
-//define available columns
+//check permissions
-$available_columns[] = 'extension_uuid';
+	if (if_group("superadmin")) {
-$available_columns[] = 'domain_uuid';
+		//access granted
 $available_columns[] = 'extension';
 $available_columns[] = 'number_alias';
 $available_columns[] = 'password';
 $available_columns[] = 'accountcode';
 $available_columns[] = 'effective_caller_id_name';
 $available_columns[] = 'effective_caller_id_number';
 $available_columns[] = 'outbound_caller_id_name';
 $available_columns[] = 'outbound_caller_id_number';
 $available_columns[] = 'emergency_caller_id_name';
 $available_columns[] = 'emergency_caller_id_number';
 $available_columns[] = 'directory_first_name';
 $available_columns[] = 'directory_last_name';
 $available_columns[] = 'directory_visible';
 $available_columns[] = 'directory_exten_visible';
 $available_columns[] = 'limit_max';
 $available_columns[] = 'limit_destination';
 $available_columns[] = 'missed_call_app';
 $available_columns[] = 'missed_call_data';
 $available_columns[] = 'user_context';
 $available_columns[] = 'toll_allow';
 $available_columns[] = 'call_timeout';
 $available_columns[] = 'call_group';
 $available_columns[] = 'call_screen_enabled';
 $available_columns[] = 'user_record';
 $available_columns[] = 'hold_music';
 $available_columns[] = 'auth_acl';
 $available_columns[] = 'cidr';
 $available_columns[] = 'sip_force_contact';
 $available_columns[] = 'nibble_account';
 $available_columns[] = 'sip_force_expires';
 $available_columns[] = 'mwi_account';
 $available_columns[] = 'sip_bypass_media';
 $available_columns[] = 'unique_id';
 $available_columns[] = 'dial_string';
 $available_columns[] = 'dial_user';
 $available_columns[] = 'dial_domain';
 $available_columns[] = 'do_not_disturb';
 $available_columns[] = 'forward_all_destination';
 $available_columns[] = 'forward_all_enabled';
 $available_columns[] = 'forward_busy_destination';
 $available_columns[] = 'forward_busy_enabled';
 $available_columns[] = 'forward_no_answer_destination';
 $available_columns[] = 'forward_no_answer_enabled';
 $available_columns[] = 'follow_me_uuid';
 $available_columns[] = 'enabled';
 $available_columns[] = 'description';
 $available_columns[] = 'forward_caller_id_uuid';
 $available_columns[] = 'absolute_codec_string';
 $available_columns[] = 'forward_user_not_registered_destination';
 $available_columns[] = 'forward_user_not_registered_enabled';
 function array2csv(array &$array)
 {
   if (count($array) == 0) {
     return null;
   }
   ob_start();
   $df = fopen("php://output", 'w');
   fputcsv($df, array_keys(reset($array)));
   foreach ($array as $row) {
      fputcsv($df, $row);
   }
   fclose($df);
   return ob_get_clean();
 }
 function download_send_headers($filename) {
    // disable caching
    $now = gmdate("D, d M Y H:i:s");
    header("Expires: Tue, 03 Jul 2001 06:00:00 GMT");
    header("Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate");
    header("Last-Modified: {$now} GMT");
    // force download
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    // disposition / encoding on response body
    header("Content-Disposition: attachment;filename={$filename}");
    header("Content-Transfer-Encoding: binary");
 }
 if (is_array($_REQUEST["column_group"]) && @sizeof($_REQUEST["column_group"]) != 0) {
 	//validate submitted columns
 	foreach($_REQUEST["column_group"] as $column_name) {
 		if (in_array($column_name, $available_columns)) {
 			$selected_columns[] = $column_name;
 		}
 	}
-	if (is_array($selected_columns) && @sizeof($selected_columns) != 0) {
+	else {
-		$sql = "select ".implode(', ', $selected_columns)." from v_extensions ";
+		echo "access denied";
 		$sql .= "where domain_uuid = :domain_uuid ";
 		$parameters['domain_uuid'] = $domain_uuid;
 		$database = new database;
 		$extensions = $database->select($sql, $parameters, 'all');
 		unset($sql, $parameters, $selected_columns);
 		download_send_headers("data_export_".date("Y-m-d").".csv");
 		echo array2csv($extensions);
 		exit;
 	}
 }
-$c = 0;
+//add multi-lingual support
-$row_style["0"] = "row_style0";
+	$language = new text;
-$row_style["1"] = "row_style1";
+	$text = $language->get();
 //define available columns
 	$available_columns[] = 'extension_uuid';
 	$available_columns[] = 'domain_uuid';
 	$available_columns[] = 'extension';
 	$available_columns[] = 'number_alias';
 	$available_columns[] = 'password';
 	$available_columns[] = 'accountcode';
 	$available_columns[] = 'effective_caller_id_name';
 	$available_columns[] = 'effective_caller_id_number';
 	$available_columns[] = 'outbound_caller_id_name';
 	$available_columns[] = 'outbound_caller_id_number';
 	$available_columns[] = 'emergency_caller_id_name';
 	$available_columns[] = 'emergency_caller_id_number';
 	$available_columns[] = 'directory_first_name';
 	$available_columns[] = 'directory_last_name';
 	$available_columns[] = 'directory_visible';
 	$available_columns[] = 'directory_exten_visible';
 	$available_columns[] = 'limit_max';
 	$available_columns[] = 'limit_destination';
 	$available_columns[] = 'missed_call_app';
 	$available_columns[] = 'missed_call_data';
 	$available_columns[] = 'user_context';
 	$available_columns[] = 'toll_allow';
 	$available_columns[] = 'call_timeout';
 	$available_columns[] = 'call_group';
 	$available_columns[] = 'call_screen_enabled';
 	$available_columns[] = 'user_record';
 	$available_columns[] = 'hold_music';
 	$available_columns[] = 'auth_acl';
 	$available_columns[] = 'cidr';
 	$available_columns[] = 'sip_force_contact';
 	$available_columns[] = 'nibble_account';
 	$available_columns[] = 'sip_force_expires';
 	$available_columns[] = 'mwi_account';
 	$available_columns[] = 'sip_bypass_media';
 	$available_columns[] = 'unique_id';
 	$available_columns[] = 'dial_string';
 	$available_columns[] = 'dial_user';
 	$available_columns[] = 'dial_domain';
 	$available_columns[] = 'do_not_disturb';
 	$available_columns[] = 'forward_all_destination';
 	$available_columns[] = 'forward_all_enabled';
 	$available_columns[] = 'forward_busy_destination';
 	$available_columns[] = 'forward_busy_enabled';
 	$available_columns[] = 'forward_no_answer_destination';
 	$available_columns[] = 'forward_no_answer_enabled';
 	$available_columns[] = 'follow_me_uuid';
 	$available_columns[] = 'enabled';
 	$available_columns[] = 'description';
 	$available_columns[] = 'forward_caller_id_uuid';
 	$available_columns[] = 'absolute_codec_string';
 	$available_columns[] = 'forward_user_not_registered_destination';
 	$available_columns[] = 'forward_user_not_registered_enabled';
 //define the functions
 	function array2csv(array &$array) {
 		if (count($array) == 0) {
 			return null;
 		}
 		ob_start();
 		$df = fopen("php://output", 'w');
 		fputcsv($df, array_keys(reset($array)));
 		foreach ($array as $row) {
 			fputcsv($df, $row);
 		}
 		fclose($df);
 		return ob_get_clean();
 	}
 	function download_send_headers($filename) {
 		// disable caching
 		$now = gmdate("D, d M Y H:i:s");
 		header("Expires: Tue, 03 Jul 2001 06:00:00 GMT");
 		header("Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate");
 		header("Last-Modified: {$now} GMT");
 		// force download
 		header("Content-Type: application/force-download");
 		header("Content-Type: application/octet-stream");
 		header("Content-Type: application/download");
 		// disposition / encoding on response body
 		header("Content-Disposition: attachment;filename={$filename}");
 		header("Content-Transfer-Encoding: binary");
 	}
 //get the extensions from the database and send them as output
 	if (is_array($_REQUEST["column_group"]) && @sizeof($_REQUEST["column_group"]) != 0) {
 		//validate submitted columns
 		foreach($_REQUEST["column_group"] as $column_name) {
 			if (in_array($column_name, $available_columns)) {
 				$selected_columns[] = $column_name;
 			}
 		}
 		if (is_array($selected_columns) && @sizeof($selected_columns) != 0) {
 			$sql = "select ".implode(', ', $selected_columns)." from v_extensions ";
 			$sql .= "where domain_uuid = :domain_uuid ";
 			$parameters['domain_uuid'] = $domain_uuid;
 			$database = new database;
 			$extensions = $database->select($sql, $parameters, 'all');
 			unset($sql, $parameters, $selected_columns);
 			download_send_headers("data_export_".date("Y-m-d").".csv");
 			echo array2csv($extensions);
 			exit;
 		}
 	}
 //set the row styles
 	$c = 0;
 	$row_style["0"] = "row_style0";
 	$row_style["1"] = "row_style1";
 //begin the page content
 	require_once "resources/header.php";
@ -169,23 +175,24 @@ $row_style["1"] = "row_style1";
 	echo "</tr>\n";
 	foreach ($available_columns as $column_name) {
 		$tr_link = "onclick=\"document.getElementById('checkbox_".$column_name."').checked = document.getElementById('checkbox_".$column_name."').checked ? false : true;\"";
 		echo "<tr>\n";
-		echo "	<td valign='middle' class='".$row_style[$c]."' style='padding: 0;'><input class='checkbox1' type='checkbox' name='column_group[]' value='".$column_name."' /></td>\n";
+		echo "	<td valign='middle' class='".$row_style[$c]."' style='padding: 0;'><input class='checkbox1' type='checkbox' name='column_group[]' id=\"checkbox_".$column_name."\" value=\"".$column_name."\" /></td>\n";
-		echo "	<td valign='middle' class='".$row_style[$c]."'>".$column_name."</td>\n";
+		echo "	<td valign='middle' class='".$row_style[$c]."' ".$tr_link.">".$column_name."</td>\n";
 		echo "</tr>\n";
 		$c = $c ? 0 : 1;
 	}
-	echo "	<tr>\n";
+	echo "<tr>\n";
-	echo "		<td colspan='2' align='right'>\n";
+	echo "	<td colspan='2' align='right'>\n";
-	echo "			<br>";
+	echo "		<br>\n";
-	echo "			<input type='submit' class='btn' value='".$text['button-export']."'>\n";
+	echo "		<input type='submit' class='btn' value='".$text['button-export']."'>\n";
-	echo "		</td>\n";
+	echo "	</td>\n";
-	echo "	</tr>";
+	echo "</tr>\n";
-	echo "</table>";
+	echo "</table>\n";
-	echo "<br><br>";
+	echo "<br><br>\n";
-	echo "</form>";
+	echo "</form>\n";
 	//define the checkbox_toggle function
 	echo "<script type=\"text/javascript\">\n";
--- a/app/extensions/extensions.php
+++ b/app/extensions/extensions.php
@ -236,7 +236,7 @@
 				echo "&nbsp;</td>\n";
 			}
-			echo "	<td valign='top' class='".$row_style[$c]."'>".escape(ucwords($row['enabled']))."</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".($row['enabled'] == 'true' ? $text['label-true'] : $text['label-false'])."</td>\n";
 			echo "	<td valign='top' class='row_stylebg' width='30%'>".escape($row['description'])."&nbsp;</td>\n";
 			echo "	<td class='list_control_icons'>";
--- a/app/pin_numbers/app_languages.php
+++ b/app/pin_numbers/app_languages.php
@ -221,45 +221,25 @@ $text['description-description']['ru-ru'] = "Введите описание.";
 $text['description-description']['sv-se'] = "Ange beskrivningen.";
 $text['description-description']['uk-ua'] = "";
-$text['label-true']['en-us'] = "true";
+$text['label-column_name']['en-us'] = "Column Name";
-$text['label-true']['ar-eg'] = "";
+$text['label-column_name']['ar-eg'] = "";
-$text['label-true']['de-at'] = "ein"; //copied from de-de
+$text['label-column_name']['de-at'] = "";
-$text['label-true']['de-ch'] = "ein"; //copied from de-de
+$text['label-column_name']['de-ch'] = "";
-$text['label-true']['de-de'] = "ein";
+$text['label-column_name']['de-de'] = "";
-$text['label-true']['es-cl'] = "";
+$text['label-column_name']['es-cl'] = "";
-$text['label-true']['es-mx'] = "";
+$text['label-column_name']['es-mx'] = "";
-$text['label-true']['fr-ca'] = "";
+$text['label-column_name']['fr-ca'] = "";
-$text['label-true']['fr-fr'] = "";
+$text['label-column_name']['fr-fr'] = "";
-$text['label-true']['he-il'] = "";
+$text['label-column_name']['he-il'] = "";
-$text['label-true']['it-it'] = "Vero";
+$text['label-column_name']['it-it'] = "";
-$text['label-true']['nl-nl'] = "";
+$text['label-column_name']['nl-nl'] = "";
-$text['label-true']['pl-pl'] = "";
+$text['label-column_name']['pl-pl'] = "";
-$text['label-true']['pt-br'] = "";
+$text['label-column_name']['pt-br'] = "";
-$text['label-true']['pt-pt'] = "";
+$text['label-column_name']['pt-pt'] = "";
-$text['label-true']['ro-ro'] = "";
+$text['label-column_name']['ro-ro'] = "";
-$text['label-true']['ru-ru'] = "Да";
+$text['label-column_name']['ru-ru'] = "";
-$text['label-true']['sv-se'] = "sann";
+$text['label-column_name']['sv-se'] = "";
-$text['label-true']['uk-ua'] = "";
+$text['label-column_name']['uk-ua'] = "";
 $text['label-false']['en-us'] = "false";
 $text['label-false']['ar-eg'] = "";
 $text['label-false']['de-at'] = "aus"; //copied from de-de
 $text['label-false']['de-ch'] = "aus"; //copied from de-de
 $text['label-false']['de-de'] = "aus";
 $text['label-false']['es-cl'] = "falso";
 $text['label-false']['es-mx'] = "falso"; //copied from es-cl
 $text['label-false']['fr-ca'] = "falso"; //copied from fr-fr
 $text['label-false']['fr-fr'] = "falso";
 $text['label-false']['he-il'] = "";
 $text['label-false']['it-it'] = "Falso";
 $text['label-false']['nl-nl'] = "";
 $text['label-false']['pl-pl'] = "";
 $text['label-false']['pt-br'] = "falso"; //copied from pt-pt
 $text['label-false']['pt-pt'] = "falso";
 $text['label-false']['ro-ro'] = "";
 $text['label-false']['ru-ru'] = "";
 $text['label-false']['sv-se'] = "falsk";
 $text['label-false']['uk-ua'] = "";
 $text['button-add']['en-us'] = "Add";
 $text['button-add']['ar-eg'] = "";
--- a/app/pin_numbers/pin_download.php
+++ b/app/pin_numbers/pin_download.php
@ -1,47 +1,55 @@
 <?php
 /*
-        FusionPBX
+	FusionPBX
-        Version: MPL 1.1
+	Version: MPL 1.1
-        The contents of this file are subject to the Mozilla Public License Version
+	The contents of this file are subject to the Mozilla Public License Version
-        1.1 (the "License"); you may not use this file except in compliance with
+	1.1 (the "License"); you may not use this file except in compliance with
-        the License. You may obtain a copy of the License at
+	the License. You may obtain a copy of the License at
-        http://www.mozilla.org/MPL/
+	http://www.mozilla.org/MPL/
-        Software distributed under the License is distributed on an "AS IS" basis,
+	Software distributed under the License is distributed on an "AS IS" basis,
-        WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-        for the specific language governing rights and limitations under the
+	for the specific language governing rights and limitations under the
-        License.
+	License.
-        The Original Code is FusionPBX
+	The Original Code is FusionPBX
-        The Initial Developer of the Original Code is
+	The Initial Developer of the Original Code is
-        Mark J Crane <markjcrane@fusionpbx.com>
+	Mark J Crane <markjcrane@fusionpbx.com>
-        Portions created by the Initial Developer are Copyright (C) 2008-2016
+	Portions created by the Initial Developer are Copyright (C) 2008-2019
-        the Initial Developer. All Rights Reserved.
+	the Initial Developer. All Rights Reserved.
-        Contributor(s):
+	Contributor(s):
-        Mark J Crane <markjcrane@fusionpbx.com>
+	Mark J Crane <markjcrane@fusionpbx.com>
 */
 //includes
-        include "root.php";
+	include "root.php";
-        require_once "resources/require.php";
+	require_once "resources/require.php";
-        require_once "resources/check_auth.php";
+	require_once "resources/check_auth.php";
-        require_once "resources/paging.php";
+	require_once "resources/paging.php";
 //check permissions
-        if (if_group("superadmin")) {
+	if (if_group("superadmin")) {
-                //access granted
+		//access granted
-        }
+	}
-        else {
+	else {
-                echo "access denied";
+		echo "access denied";
-                exit;
+		exit;
-        }
+	}
 //add multi-lingual support
-        $language = new text;
+	$language = new text;
-        $text = $language->get();
+	$text = $language->get();
 //define available columns
 	$available_columns[] = 'pin_number_uuid';
 	$available_columns[] = 'domain_uuid';
 	$available_columns[] = 'pin_number';
 	$available_columns[] = 'accountcode';
 	$available_columns[] = 'enabled';
 	$available_columns[] = 'description';
 //define the functions
 	function array2csv(array &$array) {
@ -75,74 +83,70 @@
 		header("Content-Transfer-Encoding: binary");
 	}
-//get the pin numbers from the database ans send them as output
+//get the pin numbers from the database and send them as output
-	if (isset($_REQUEST["column_group"])) {
+	if (is_array($_REQUEST["column_group"]) && @sizeof($_REQUEST["column_group"]) != 0) {
-		$columns = implode(",",$_REQUEST["column_group"]);
+		//validate submitted columns
-		$sql = "select " . $columns . " from v_pin_numbers ";
+		foreach($_REQUEST["column_group"] as $column_name) {
-		$sql .= " where domain_uuid = '".$domain_uuid."' ";
+			if (in_array($column_name, $available_columns)) {
-		$prep_statement = $db->prepare(check_sql($sql));
+				$selected_columns[] = $column_name;
-		$prep_statement->execute();
+			}
-		$pin_numbers = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+		}
-		unset ($sql, $prep_statement);
+		if (is_array($selected_columns) && @sizeof($selected_columns) != 0) {
-		//print_r($pin_numbers);
+			$sql = "select ".implode(', ', $selected_columns)." from v_pin_numbers ";
 			$sql .= "where domain_uuid = :domain_uuid ";
 			$parameters['domain_uuid'] = $domain_uuid;
 			$database = new database;
 			$pin_numbers = $database->select($sql, $parameters, 'all');
 			unset($sql, $parameters, $selected_columns);
-		download_send_headers("data_export_" . date("Y-m-d") . ".csv");
+			download_send_headers("data_export_".date("Y-m-d") . ".csv");
-		echo array2csv($pin_numbers);
+			echo array2csv($pin_numbers);
-		die();
+			exit;
 		}
 	}
 //define the columns in the array
        $columns[] = 'pin_number_uuid';
        $columns[] = 'domain_uuid';
        $columns[] = 'pin_number';
        $columns[] = 'accountcode';
        $columns[] = 'enabled';
        $columns[] = 'description';
 //set the row styles
-        $c = 0;
+	$c = 0;
-        $row_style["0"] = "row_style0";
+	$row_style["0"] = "row_style0";
-        $row_style["1"] = "row_style1";
+	$row_style["1"] = "row_style1";
 //begin the page content
-        require_once "resources/header.php";
+	require_once "resources/header.php";
 	echo "<form method='post' name='frm' action='pin_download.php' autocomplete='off'>\n";
-	echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+
 	echo "<div style='float: right;'>\n";
 	echo "<input type='button' class='btn' alt='".$text['button-back']."' onclick=\"window.location='pin_numbers.php'\" value='".$text['button-back']."'>\n";
 	echo "<input type='submit' class='btn' value='".$text['button-export']."'>\n";
 	echo "</div>\n";
 	echo "<b>".$text['header-export']."</b>\n";
 	echo "<br /><br />\n";
 	echo "<table class='tr_hover' width='100%' cellpadding='0' cellspacing='0'>\n";
 	echo "<tr>\n";
-	echo "	<td valign='top' align='left' nowrap='nowrap'><b>".$text['header-export']."</b><br /></td>\n";
+	echo "	<th style='padding: 0;'><input type='checkbox' id='selectall' onclick='checkbox_toggle();'/></th>\n";
-	echo "	<td valign='top' align='right' colspan='2'>\n";
+	echo "	<th width='100%'>".$text['label-column_name']."</th>\n";
 	echo "		<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='pin_numbers.php'\" value='".$text['button-back']."'>\n";
 	echo "	</td>\n";
 	echo "	</tr>\n";
 	echo "	<th><input type=\"checkbox\" id=\"selectall\" onclick=\"checkbox_toggle();\"/></th>\n";
 	echo "	<th>Column Name</th>\n";
 	echo "	<th>Description</th>\n";
 	echo "</tr>\n";
-        foreach ($columns as $value) {
+	foreach ($available_columns as $column_name) {
-                echo "<tr>\n";
+		$tr_link = "onclick=\"document.getElementById('checkbox_".$column_name."').checked = document.getElementById('checkbox_".$column_name."').checked ? false : true;\"";
-                echo "  <td width = '20px' valign='top' class='".$row_style[$c]."'>\n";
+		echo "<tr>\n";
-		echo "		<input class=\"checkbox1\" type=\"checkbox\" name=\"column_group[]\" value=\"$value\"/>\n";
+		echo "  <td valign='middle' class='".$row_style[$c]."' style='padding: 0;'><input class='checkbox1' type='checkbox' name='column_group[]' id=\"checkbox_".$column_name."\" value=\"".$column_name."\" /></td>\n";
-                echo "	</td>\n";
+		echo "  <td valign='middle' class='".$row_style[$c]."' ".$tr_link.">".$column_name."</td>\n";
-                echo "  <td valign='top' class='".$row_style[$c]."'>\n";
+		echo "</tr>\n";
-		echo "		$value\n";
+		$c = $c ? 0 : 1;
-                echo "	</td>\n";
+	}
                echo "  <td valign='top' class='".$row_style[$c]."'></td>";
                echo "</tr>";
                if ($c==0) { $c=1; } else { $c=0; }
        }
-        echo "  <tr>\n";
+	echo "<tr>\n";
-        echo "          <td colspan='3' align='right'>\n";
+	echo "	<td colspan='2' align='right'>\n";
-        echo "                  <br>";
+	echo "		<br>\n";
-        echo "                  <input type='submit' class='btn' value='".$text['button-export']."'>\n";
+	echo "		<input type='submit' class='btn' value='".$text['button-export']."'>\n";
-        echo "          </td>\n";
+	echo "	</td>\n";
-        echo "  </tr>";
+	echo "</tr>\n";
-        echo "</table>";
+	echo "</table>\n";
-        echo "<br><br>";
+	echo "<br><br>\n";
-        echo "</form>";
+	echo "</form>\n";
 	//define the checkbox_toggle function
 	echo "<script type=\"text/javascript\">\n";
@ -162,6 +166,6 @@
 	echo "</script>\n";
 //include the footer
-        require_once "resources/footer.php";
+	require_once "resources/footer.php";
 ?>
--- a/app/pin_numbers/pin_number_delete.php
+++ b/app/pin_numbers/pin_number_delete.php
@ -43,23 +43,25 @@
 	$text = $language->get();
 //get the id
-	if (count($_GET)>0) {
+	$pin_number_uuid = $_GET["id"];
 		$id = check_str($_GET["id"]);
 	}
 //delete the data
-	if (strlen($id)>0) {
+	if (is_uuid($pin_number_uuid)) {
 		//build array
 			$array['pin_numbers'][0]['pin_number_uuid'] = $pin_number_uuid;
 			$array['pin_numbers'][0]['domain_uuid'] = $domain_uuid;
 		//delete pin_number
-			$sql = "delete from v_pin_numbers ";
+			$database = new database;
-			$sql .= "where pin_number_uuid = '$id' ";
+			$database->app_name = 'pin_numbers';
-			$sql .= "and domain_uuid = '$domain_uuid' ";
+			$database->app_uuid = '4b88ccfb-cb98-40e1-a5e5-33389e14a388';
-			$prep_statement = $db->prepare(check_sql($sql));
+			$database->delete($array);
-			$prep_statement->execute();
+			unset($array);
-			unset($sql);
+		//set message
 			message::add($text['message-delete']);
 	}
 //redirect the user
 	message::add($text['message-delete']);
 	header('Location: pin_numbers.php');
 	exit;
 ?>
--- a/app/pin_numbers/pin_number_edit.php
+++ b/app/pin_numbers/pin_number_edit.php
@ -43,9 +43,9 @@
 	$text = $language->get();
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$pin_number_uuid = check_str($_REQUEST["id"]);
+		$pin_number_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@ -53,17 +53,17 @@
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$pin_number = check_str($_POST["pin_number"]);
+		$pin_number = $_POST["pin_number"];
-		$accountcode = check_str($_POST["accountcode"]);
+		$accountcode = $_POST["accountcode"];
-		$enabled = check_str($_POST["enabled"]);
+		$enabled = $_POST["enabled"];
-		$description = check_str($_POST["description"]);
+		$description = $_POST["description"];
 	}
 if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	$msg = '';
 	if ($action == "update") {
-		$pin_number_uuid = check_str($_POST["pin_number_uuid"]);
+		$pin_number_uuid = $_POST["pin_number_uuid"];
 	}
 	//check for all required data
@ -87,68 +87,58 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	//add or update the database
 		if ($_POST["persistformvar"] != "true") {
 			if ($action == "add" && permission_exists('pin_number_add')) {
-				$sql = "insert into v_pin_numbers ";
+				//begin array
-				$sql .= "(";
+					$pin_number_uuid = uuid();
-				$sql .= "domain_uuid, ";
+					$array['pin_numbers'][0]['pin_number_uuid'] = $pin_number_uuid;
-				$sql .= "pin_number_uuid, ";
+				//set message
-				$sql .= "pin_number, ";
+					message::add($text['message-add']);
-				$sql .= "accountcode, ";
+			}
 				$sql .= "enabled, ";
 				$sql .= "description ";
 				$sql .= ")";
 				$sql .= "values ";
 				$sql .= "(";
 				$sql .= "'$domain_uuid', ";
 				$sql .= "'".uuid()."', ";
 				$sql .= "'$pin_number', ";
 				$sql .= "'$accountcode', ";
 				$sql .= "'$enabled', ";
 				$sql .= "'$description' ";
 				$sql .= ")";
 				$db->exec(check_sql($sql));
 				unset($sql);
 				message::add($text['message-add']);
 				header("Location: pin_numbers.php");
 				return;
 			} //if ($action == "add")
 			if ($action == "update" && permission_exists('pin_number_edit')) {
-				$sql = "update v_pin_numbers set ";
+				//begin array
-				$sql .= "pin_number = '$pin_number', ";
+					$array['pin_numbers'][0]['pin_number_uuid'] = $pin_number_uuid;
-				$sql .= "accountcode = '$accountcode', ";
+				//set message
-				$sql .= "enabled = '$enabled', ";
+					message::add($text['message-update']);
-				$sql .= "description = '$description' ";
+			}
 				$sql .= "where pin_number_uuid = '$pin_number_uuid'";
 				$sql .= "and domain_uuid = '$domain_uuid' ";
 				$db->exec(check_sql($sql));
 				unset($sql);
-				message::add($text['message-update']);
+			if (is_array($array) && @sizeof($array) != 0) {
-				header("Location: pin_numbers.php");
+				//add common array items
-				return;
+					$array['pin_numbers'][0]['domain_uuid'] = $domain_uuid;
 					$array['pin_numbers'][0]['pin_number'] = $pin_number;
 					$array['pin_numbers'][0]['accountcode'] = $accountcode;
 					$array['pin_numbers'][0]['enabled'] = $enabled;
 					$array['pin_numbers'][0]['description'] = $description;
 				//save data
 					$database = new database;
 					$database->app_name = 'pin_numbers';
 					$database->app_uuid = '4b88ccfb-cb98-40e1-a5e5-33389e14a388';
 					$database->save($array);
 					unset($array);
 				//redirect
 					header("Location: pin_numbers.php");
 					exit;
 			}
 		}
-			} //if ($action == "update")
+}
 		} //if ($_POST["persistformvar"] != "true")
 } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
-		$pin_number_uuid = check_str($_GET["id"]);
+		$pin_number_uuid = $_GET["id"];
 		$sql = "select * from v_pin_numbers ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
-		$sql .= "and pin_number_uuid = '$pin_number_uuid' ";
+		$sql .= "and pin_number_uuid = :pin_number_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['domain_uuid'] = $domain_uuid;
-		$prep_statement->execute();
+		$parameters['pin_number_uuid'] = $pin_number_uuid;
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$database = new database;
-		foreach ($result as &$row) {
+		$row = $database->select($sql, $parameters, 'row');
 		if (is_array($row) && @sizeof($row) != 0) {
 			$pin_number = $row["pin_number"];
 			$accountcode = $row["accountcode"];
 			$enabled = $row["enabled"];
 			$description = $row["description"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 //show the header
@ -193,7 +183,6 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
 	echo "	<select class='formfld' name='enabled'>\n";
 	echo "	<option value=''></option>\n";
 	if ($enabled == "true") {
 		echo "	<option value='true' selected='selected'>".$text['label-true']."</option>\n";
 	}
--- a/app/pin_numbers/pin_numbers.php
+++ b/app/pin_numbers/pin_numbers.php
@ -43,39 +43,31 @@
 	$text = $language->get();
 //get variables used to control the order
-	$order_by = check_str($_GET["order_by"]);
+	$order_by = $_GET["order_by"];
-	$order = check_str($_GET["order"]);
+	$order = $_GET["order"];
 //add the search term
-	$search = check_str($_GET["search"]);
+	$search = $_GET["search"];
 	if (strlen($search) > 0) {
 		$sql_search = "and (";
-		$sql_search .= "pin_number like '%".$search."%'";
+		$sql_search .= "lower(pin_number) like :search ";
-		$sql_search .= "or accountcode like '%".$search."%'";
+		$sql_search .= "or lower(accountcode) like :search ";
-		$sql_search .= "or enabled like '%".$search."%'";
+		$sql_search .= "or lower(enabled) like :search ";
-		$sql_search .= "or description like '%".$search."%'";
+		$sql_search .= "or lower(description) like :search ";
 		$sql_search .= ")";
 		$parameters['search'] = '%'.strtolower($search).'%';
 	}
 //additional includes
 	require_once "resources/header.php";
 	require_once "resources/paging.php";
 //prepare to page the results
-	$sql = "select count(*) as num_rows from v_pin_numbers ";
+	$sql = "select count(*) from v_pin_numbers ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= $sql_search;
-	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+	$parameters['domain_uuid'] = $domain_uuid;
-	$prep_statement = $db->prepare($sql);
+	$database = new database;
-	if ($prep_statement) {
+	$num_rows = $database->select($sql, $parameters, 'column');
 		$prep_statement->execute();
 		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
 		if ($row['num_rows'] > 0) {
 				$num_rows = $row['num_rows'];
 		}
 		else {
 				$num_rows = '0';
 		}
 	}
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@ -86,15 +78,12 @@
 	$offset = $rows_per_page * $page;
 //get the list
-	$sql = "select * from v_pin_numbers ";
+	$sql = str_replace('count(*)', '*', $sql);
-	$sql .= "where domain_uuid = '$domain_uuid' ";
+	$sql .= order_by($order_by, $order);
-	$sql .= $sql_search;
+	$sql .= limit_offset($rows_per_page, $offset);
-	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+	$database = new database;
-	$sql .= "limit $rows_per_page offset $offset ";
+	$result = $database->select($sql, $parameters, 'all');
-	$prep_statement = $db->prepare(check_sql($sql));
+	unset($sql, $parameters);
 	$prep_statement->execute();
 	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 	unset ($prep_statement, $sql);
 //alternate the row style
 	$c = 0;
@ -108,9 +97,9 @@
 	echo "		<td width='50%' align='left' nowrap='nowrap'><b>".$text['title-pin_numbers']."</b></td>\n";
 	echo "		<form method='get' action=''>\n";
 	echo "			<td width='50%' style='vertical-align: top; text-align: right; white-space: nowrap;'>\n";
 	echo "				<input type='button' class='btn' style='margin-right: 15px;' value='".$text['button-export']."' onclick=\"window.location.href='pin_download.php'\">\n";
 	echo "				<input type='text' class='txt' style='width: 150px' name='search' id='search' value='".$search."'>\n";
 	echo "				<input type='submit' class='btn' name='submit' value='".$text['button-search']."'>\n";
 	echo "<input type='button' class='btn' style='margin-right: 15px;' value='".$text['button-export']."' onclick=\"window.location.href='pin_download.php'\">\n";
 	echo "			</td>\n";
 	echo "		</form>\n";
 	echo "	</tr>\n";
@ -137,16 +126,16 @@
 	echo "</td>\n";
 	echo "<tr>\n";
-	if (is_array($result)) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		foreach($result as $row) {
 			if (permission_exists('pin_number_edit')) {
 				$tr_link = "href='pin_number_edit.php?id=".escape($row['pin_number_uuid'])."'";
 			}
 			echo "<tr ".$tr_link.">\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['pin_number']."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['pin_number'])."&nbsp;</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['accountcode']."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['accountcode'])."&nbsp;</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['enabled']."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".($row['enabled'] == 'true' ? $text['label-true'] : $text['label-false'])."</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['description']."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['description'])."&nbsp;</td>\n";
 			echo "	<td class='list_control_icons'>";
 			if (permission_exists('pin_number_edit')) {
 				echo "<a href='pin_number_edit.php?id=".escape($row['pin_number_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
@ -156,10 +145,10 @@
 			}
 			echo "	</td>\n";
 			echo "</tr>\n";
-			if ($c==0) { $c=1; } else { $c=0; }
+			$c = $c ? 0 : 1;
-		} //end foreach
+		}
-		unset($sql, $result, $row_count);
+	}
-	} //end if results
+	unset($result, $row);
 	echo "<tr>\n";
 	echo "<td colspan='5' align='left'>\n";
@ -184,4 +173,5 @@
 //include the footer
 	require_once "resources/footer.php";
 ?>