Devices: Database class integration.

app/devices/app_defaults.php

@@ -30,7 +30,8 @@ if ($domains_processed == 1) {
 		$sql .= "enabled = 'true' ";
 		$sql .= "where enabled is null ";
 		$sql .= "or enabled = '' ";
-		$db->exec(check_sql($sql));
+		$database = new database;
+		$database->execute($sql);
 		unset($sql);
 
 	//set the device key vendor
@@ -38,117 +39,108 @@ if ($domains_processed == 1) {
 		$sql .= "where d.device_uuid = k.device_uuid  ";
 		$sql .= "and k.device_uuid is not null ";
 		$sql .= "and k.device_key_vendor is null ";
-		$s = $db->prepare($sql);
+		$database = new database;
-		$s->execute();
+		$device_keys = $database->select($sql, null, 'all');
-		$device_keys = $s->fetchAll(PDO::FETCH_ASSOC);
+		if (is_array($device_keys) && @sizeof($device_keys)) {
-		foreach ($device_keys as &$row) {
+			foreach ($device_keys as $index => &$row) {
-			$sql = "update v_device_keys ";
+				$array['device_keys'][$index]['device_key_uuid'] = $row["device_key_uuid"];
-			$sql .= "set device_key_vendor = '".$row["device_vendor"]."' ";
+				$array['device_keys'][$index]['device_key_vendor'] = $row["device_vendor"];
-			$sql .= "where device_key_uuid = '".$row["device_key_uuid"]."';\n ";
+			}
-			$db->exec(check_sql($sql));
+			if (is_array($array) && @sizeof($array)) {
+				$p = new permissions;
+				$p->add('device_key_edit', 'temp');
+
+				$database = new database;
+				$database->app_name = 'devices';
+				$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+				$database->save($array);
+				$response = $database->message;
+				unset($array);
+
+				$p->delete('device_key_edit', 'temp');
+			}
 		}
-		unset($device_keys, $sql);
+		unset($sql, $device_keys);
 
 	//add device vendor functions to the database
-		$sql = "select count(*) as num_rows from v_device_vendors; ";
+		$sql = "select count(*) from v_device_vendors; ";
-		$prep_statement = $db->prepare($sql);
+		$database = new database;
-		if ($prep_statement) {
+		$num_rows = $database->select($sql, null, 'column');
-			$prep_statement->execute();
+		unset($sql);
-			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-			if ($row['num_rows'] == 0) {
 
-				//get the vendor array
+		if ($num_rows == 0) {
-					require_once $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH.'/app/devices/app_config.php';
 
-				//get the groups and create an array to use the name to get the uuid
+			//get the vendor array
-					$sql = "select * from v_groups; ";
+				require_once $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH.'/app/devices/app_config.php';
-					$prep_statement = $db->prepare($sql);
+
-					$prep_statement->execute();
+			//get the groups and create an array to use the name to get the uuid
-					$groups = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+				$sql = "select * from v_groups ";
-					unset($prep_statement);
+				$database = new database;
-					foreach ($groups as $row) {
+				$groups = $database->select($sql, null, 'all');
-						if ($row['domain_uuid'] == '') {
+				foreach ($groups as $row) {
-							$group_uuids[$row['group_name']] = $row['group_uuid'];
+					if ($row['domain_uuid'] == '') {
-						}
+						$group_uuids[$row['group_name']] = $row['group_uuid'];
 					}
+				}
+				unset($sql, $groups, $row);
 
-				//process the array
+			//build the array
-					foreach ($vendors as $vendor) {
+				if (is_array($vendors) && @sizeof($vendors) != 0) {
+					foreach ($vendors as $index_1 => $vendor) {
 						//insert the data into the database
 							$device_vendor_uuid = uuid();
-							$sql = "insert into v_device_vendors ";
+							$array['device_vendors'][$index_1]['device_vendor_uuid'] = $device_vendor_uuid;
-							$sql .= "(";
+							$array['device_vendors'][$index_1]['name'] = $vendor['name'];
-							$sql .= "device_vendor_uuid, ";
+							$array['device_vendors'][$index_1]['enabled'] = 'true';
-							$sql .= "name, ";
-							$sql .= "enabled ";
-							$sql .= ") ";
-							$sql .= "values ";
-							$sql .= "( ";
-							$sql .= "'".$device_vendor_uuid."', ";
-							$sql .= "'".$vendor['name']."', ";
-							$sql .= "'true' ";
-							$sql .= ");";
-							//echo $sql."\n";
-							$db->exec(check_sql($sql));
-							unset($sql);
 
 						//add the vendor functions
-							foreach ($vendor['functions'] as $function) {
+							if (is_array($vendor['functions']) && @sizeof($vendor['functions']) != 0) {
-								//get the id
+								foreach ($vendor['functions'] as $index_2 => $function) {
-									$device_vendor_function_uuid = uuid();
+									//add the device vendor function
-								//add the device vendor function
+										$device_vendor_function_uuid = uuid();
-									$sql = "insert into v_device_vendor_functions ";
+										$array['device_vendor_functions'][$index_2]['device_vendor_uuid'] = $device_vendor_uuid;
-									$sql .= "(";
+										$array['device_vendor_functions'][$index_2]['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-									$sql .= "device_vendor_uuid, ";
+										$array['device_vendor_functions'][$index_2]['name'] = $function['name'];
-									$sql .= "device_vendor_function_uuid, ";
+										$array['device_vendor_functions'][$index_2]['value'] = $function['value'];
-									//$sql .= "label, ";
+										$array['device_vendor_functions'][$index_2]['enabled'] = 'true';
-									$sql .= "name, ";
+										$array['device_vendor_functions'][$index_2]['description'] = $function['description'];
-									$sql .= "value, ";
-									$sql .= "enabled, ";
-									$sql .= "description ";
-									$sql .= ") ";
-									$sql .= "values ";
-									$sql .= "( ";
-									$sql .= "'".$device_vendor_uuid."', ";
-									$sql .= "'".$device_vendor_function_uuid."', ";
-									//$sql .= "'".$function['label']."', ";
-									$sql .= "'".$function['name']."', ";
-									$sql .= "'".$function['value']."', ";
-									$sql .= "'true', ";
-									$sql .= "'".$function['description']."' ";
-									$sql .= ");";
-									//echo $sql."\n";
-									$db->exec(check_sql($sql));
-									unset($sql);
 
-								//add the device vendor function groups
+									//add the device vendor function groups
-									if (is_array($function['groups'])) {
+										if (is_array($function['groups']) && @sizeof($function['groups']) != 0) {
-										$sql = "insert into v_device_vendor_function_groups ";
+											foreach ($function['groups'] as $index_3 => $group_name) {
-										$sql .= "(";
+												$device_vendor_function_group_uuid = uuid();
-										$sql .= "device_vendor_function_group_uuid, ";
+												$array['device_vendor_function_groups'][$index_3]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid;
-										$sql .= "device_vendor_function_uuid, ";
+												$array['device_vendor_function_groups'][$index_3]['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-										$sql .= "device_vendor_uuid, ";
+												$array['device_vendor_function_groups'][$index_3]['device_vendor_uuid'] = $device_vendor_uuid;
-										$sql .= "group_name, ";
+												$array['device_vendor_function_groups'][$index_3]['group_name'] = $group_name;
-										$sql .= "group_uuid ";
+												$array['device_vendor_function_groups'][$index_3]['group_uuid'] = $group_uuids[$group_name];
-										$sql .= ") ";
+											}
-										$sql .= "values ";
-										$i = 0;
-										foreach ($function['groups'] as $group_name) {
-											if ($i == 0) { $sql .= "("; } else { $sql .= ",("; }
-											$sql .= "'".uuid()."', ";
-											$sql .= "'".$device_vendor_function_uuid."', ";
-											$sql .= "'".$device_vendor_uuid."', ";
-											$sql .= "'$group_name', ";
-											$sql .= "'".$group_uuids[$group_name]."' ";
-											$sql .= ")";
-											$i++;
 										}
-										$db->exec($sql);
+								}
-									}
 							}
 					}
+				}
+
+			//execute
+				if (is_array($array) && @sizeof($array) != 0) {
+					$p = new permissions;
+					$p->add('device_vendor_add', 'temp');
+					$p->add('device_vendor_function_add', 'temp');
+					$p->add('device_vendor_function_group_add', 'temp');
+
+					$database = new database;
+					$database->app_name = 'devices';
+					$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('device_vendor_add', 'temp');
+					$p->delete('device_vendor_function_add', 'temp');
+					$p->delete('device_vendor_function_group_add', 'temp');
+				}
+
+		}
+		unset($num_rows);
 
-			} //if num_rows
-		} // if prep_statement
 }
-?>
+?>

app/devices/device_copy.php

@@ -43,9 +43,9 @@
 	$text = $language->get();
 
 //set the http get/post variable(s) to a php variable
-	if (isset($_REQUEST["id"]) && isset($_REQUEST["mac"])) {
+	if (is_array($_REQUEST["id"]) && isset($_REQUEST["mac"])) {
-		$device_uuid = check_str($_REQUEST["id"]);
+		$device_uuid = $_REQUEST["id"];
-		$mac_address_new = check_str($_REQUEST["mac"]);
+		$mac_address_new = $_REQUEST["mac"];
 		$mac_address_new = preg_replace('#[^a-fA-F0-9./]#', '', $mac_address_new);
 	}
 
@@ -57,60 +57,62 @@
 		//allow duplicates to be used as templaes
 	}
 	else {
-		$sql = "SELECT count(*) AS num_rows FROM v_devices ";
+		$sql = "select count(*) from v_devices ";
-		$sql .= "WHERE device_mac_address = '".$mac_address_new."' ";
+		$sql .= "where device_mac_address = :device_mac_address ";
-		$prep_statement = $db->prepare($sql);
+		$parameters['device_mac_address'] = $mac_address_new;
-		if ($prep_statement) {
+		$database = new database;
-			$prep_statement->execute();
+		$num_rows = $database->select($sql, $parameters, 'column');
-			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+		if ($num_rows == 0) {
-			if ($row['num_rows'] == "0") {
+			$save = true;
-				$save = true;
-			}
-			else {
-				$save = false;
-				message::add($text['message-duplicate']);
-			}
 		}
-		unset($prep_statement);
+		else {
+			$save = false;
+			message::add($text['message-duplicate']);
+		}
+		unset($sql, $parameters, $num_rows);
 	}
 
 //get the device
-	$sql = "SELECT * FROM v_devices ";
+	$sql = "select * from v_devices ";
-	$sql .= "where device_uuid = '".$device_uuid."' ";
+	$sql .= "where device_uuid = :device_uuid ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_uuid'] = $device_uuid;
-	$prep_statement->execute();
+	$database = new database;
-	$devices = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$devices = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //get device lines
-	$sql = "SELECT * FROM v_device_lines ";
+	$sql = "select * from v_device_lines ";
-	$sql .= "where device_uuid = '".$device_uuid."' ";
+	$sql .= "where device_uuid = :device_uuid ";
 	$sql .= "order by line_number asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_uuid'] = $device_uuid;
-	$prep_statement->execute();
+	$database = new database;
-	$device_lines = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$device_lines = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //get device keys
-	$sql = "SELECT * FROM v_device_keys ";
+	$sql = "select * from v_device_keys ";
-	$sql .= "WHERE device_uuid = '".$device_uuid."' ";
+	$sql .= "where device_uuid = :device_uuid ";
-	$sql .= "ORDER by ";
+	$sql .= "order by ";
-	$sql .= "CASE device_key_category ";
+	$sql .= "case device_key_category ";
-	$sql .= "WHEN 'line' THEN 1 ";
+	$sql .= "when 'line' then 1 ";
-	$sql .= "WHEN 'memort' THEN 2 ";
+	$sql .= "when 'memort' then 2 ";
-	$sql .= "WHEN 'programmable' THEN 3 ";
+	$sql .= "when 'programmable' then 3 ";
-	$sql .= "WHEN 'expansion' THEN 4 ";
+	$sql .= "when 'expansion' then 4 ";
-	$sql .= "ELSE 100 END, ";
+	$sql .= "else 100 END, ";
 	$sql .= "cast(device_key_id as numeric) asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_uuid'] = $device_uuid;
-	$prep_statement->execute();
+	$database = new database;
-	$device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$device_keys = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //get device settings
-	$sql = "SELECT * FROM v_device_settings ";
+	$sql = "select * from v_device_settings ";
-	$sql .= "WHERE device_uuid = '".$device_uuid."' ";
+	$sql .= "where device_uuid = :device_uuid ";
-	$sql .= "ORDER by device_setting_subcategory asc ";
+	$sql .= "order by device_setting_subcategory asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_uuid'] = $device_uuid;
-	$prep_statement->execute();
+	$database = new database;
-	$device_settings = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$device_settings = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //prepare the devices array
 	unset($devices[0]["device_uuid"]);

app/devices/device_dashboard.php

@@ -43,34 +43,31 @@
 	//require_once "app/devices/resources/classes/device.php";
 
 //get the vendor functions
-	$sql = "SELECT v.name as vendor_name, f.name, f.value ";
+	$sql = "select v.name as vendor_name, f.name, f.value ";
-	$sql .= "FROM v_device_vendors as v, v_device_vendor_functions as f ";
+	$sql .= "from v_device_vendors as v, v_device_vendor_functions as f ";
-	$sql .= "WHERE v.device_vendor_uuid = f.device_vendor_uuid ";
+	$sql .= "where v.device_vendor_uuid = f.device_vendor_uuid ";
-	$sql .= "AND f.device_vendor_function_uuid in ";
+	$sql .= "and f.device_vendor_function_uuid in ";
 	$sql .= "(";
-	$sql .= "	SELECT device_vendor_function_uuid FROM v_device_vendor_function_groups ";
+	$sql .= "	select device_vendor_function_uuid from v_device_vendor_function_groups ";
-	$sql .= "	WHERE device_vendor_function_uuid = f.device_vendor_function_uuid ";
+	$sql .= "	where device_vendor_function_uuid = f.device_vendor_function_uuid ";
-	$sql .= "	AND ( ";
+	$sql .= "	and ( ";
 	if (is_array($_SESSION['groups'])) {
-		$x = 0;
+		foreach($_SESSION['groups'] as $index => $row) {
-		foreach($_SESSION['groups'] as $row) {
+			$sql_where_or[] = "group_name = :group_name_".$index;
-			if ($x == 0) {
+			$parameters['group_name_'.$index] = $row['group_name'];
-				$sql .= "		group_name = '".$row['group_name']."' ";
+		}
-			}
+		if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
-			else {
+			$sql .= implode(' or ', $sql_where_or);
-				$sql .= "		or group_name = '".$row['group_name']."' ";
-			}
-			$x++;
 		}
 	}
 	$sql .= "	) ";
 	$sql .= ") ";
-	$sql .= "AND v.enabled = 'true' ";
+	$sql .= "and v.enabled = 'true' ";
-	$sql .= "AND f.enabled = 'true' ";
+	$sql .= "and f.enabled = 'true' ";
-	$sql .= "ORDER BY v.name ASC, f.name ASC ";
+	$sql .= "order by v.name asc, f.name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	$prep_statement->execute();
+	$vendor_functions = $database->select($sql, (is_array($parameters) ? $parameters : null), 'all');
-	$vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql, $sql_where_or, $parameters);
 
 //add or update the database
 	if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -79,37 +76,39 @@
 			if ($_POST["persistformvar"] != "true") {
 
 				//get device
-					$sql = "SELECT device_uuid, device_profile_uuid FROM v_devices ";
+					$sql = "select device_uuid, device_profile_uuid from v_devices ";
-					$sql .= "WHERE device_user_uuid = '".$_SESSION['user_uuid']."' ";
+					$sql .= "where device_user_uuid = :device_user_uuid ";
-					$prep_statement = $db->prepare(check_sql($sql));
+					$parameters['device_user_uuid'] = $_SESSION['user_uuid'];
-					$prep_statement->execute();
+					$database = new database;
-					$row = $prep_statement->fetch(PDO::FETCH_NAMED);
+					$row = $database->select($sql, $parameters, 'row');
-					$device_uuid = $row['device_uuid'];
+					if (is_array($row) && @sizeof($row) != 0) {
-					$device_profile_uuid = $row['device_profile_uuid'];
+						$device_uuid = $row['device_uuid'];
-					unset($row);
+						$device_profile_uuid = $row['device_profile_uuid'];
+					}
+					unset($sql, $parameters, $row);
 
 				//get device profile keys
-					if (isset($device_profile_uuid)) {
+					if (is_uuid($device_profile_uuid)) {
-						$sql = "SELECT * FROM v_device_keys ";
+						$sql = "select * from v_device_keys ";
-						$sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' ";
+						$sql .= "where device_profile_uuid = :device_profile_uuid ";
-						$prep_statement = $db->prepare(check_sql($sql));
+						$parameters['device_profile_uuid'] = $device_profile_uuid;
-						$prep_statement->execute();
+						$database = new database;
-						$device_profile_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+						$device_profile_keys = $database->select($sql, $parameters, 'all');
-						unset($sql,$prep_statement);
+						unset($sql, $parameters);
 					}
 
 				//get device keys
-					if (isset($device_uuid)) {
+					if (is_uuid($device_uuid)) {
-						$sql = "SELECT * FROM v_device_keys ";
+						$sql = "select * from v_device_keys ";
-						$sql .= "WHERE device_uuid = '".$device_uuid."' ";
+						$sql .= "where device_uuid = :device_uuid ";
-						$prep_statement = $db->prepare(check_sql($sql));
+						$parameters['device_uuid'] = $device_uuid;
-						$prep_statement->execute();
+						$database = new database;
-						$device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+						$device_keys = $database->select($sql, $parameters, 'all');
-						unset($sql,$prep_statement);
+						unset($sql, $parameters);
 					}
 
 				//create a list of protected keys - device keys
-					if (is_array($device_keys)) {
+					if (is_array($device_keys) && @sizeof($device_keys) != 0) {
 						foreach($device_keys as $row) {
 							//determine if the key is allowed
 								$device_key_authorized = false;
@@ -176,16 +175,16 @@
 								if (strlen($row["device_key_icon"]) > 25) { $save = false; echo "icon "; }
 
 							//escape characters in the string
-								$device_uuid = check_str($row["device_uuid"]);
+								$device_uuid = $row["device_uuid"];
-								$device_key_uuid = check_str($row["device_key_uuid"]);
+								$device_key_uuid = $row["device_key_uuid"];
-								$device_key_id = check_str($row["device_key_id"]);
+								$device_key_id = $row["device_key_id"];
-								$device_key_type = check_str($row["device_key_type"]);
+								$device_key_type = $row["device_key_type"];
-								$device_key_line = check_str($row["device_key_line"]);
+								$device_key_line = $row["device_key_line"];
-								$device_key_value = check_str($row["device_key_value"]);
+								$device_key_value = $row["device_key_value"];
-								$device_key_label = check_str($row["device_key_label"]);
+								$device_key_label = $row["device_key_label"];
-								$device_key_icon = check_str($row["device_key_icon"]);
+								$device_key_icon = $row["device_key_icon"];
-								$device_key_category = check_str($row["device_key_category"]);
+								$device_key_category = $row["device_key_category"];
-								$device_key_vendor = check_str($row["device_key_vendor"]);
+								$device_key_vendor = $row["device_key_vendor"];
 
 							//process the profile keys
 								if (strlen($row["device_profile_uuid"]) > 0) {
@@ -211,51 +210,32 @@
 								}
 
 							//sql add or update
-								if (strlen($device_key_uuid) == 0) {
+								if (!is_uuid($device_key_uuid)) {
 									if (permission_exists('device_key_add') && strlen($device_key_type) > 0 && strlen($device_key_value) > 0) {
 
-										//create the primary keys
-											$device_key_uuid = uuid();
-
 										//if the device_uuid is not in the array then get the device_uuid from the database
 											if (strlen($device_uuid) == 0) {
-												$sql = "SELECT device_uuid, device_profile_uuid FROM v_devices ";
+												$sql = "select device_uuid from v_devices ";
-												$sql .= "WHERE device_user_uuid = '".$_SESSION['user_uuid']."' ";
+												$sql .= "where device_user_uuid = :device_user_uuid ";
-												$prep_statement = $db->prepare(check_sql($sql));
+												$parameters['device_user_uuid'] = $_SESSION['user_uuid'];
-												$prep_statement->execute();
+												$database = new database;
-												$row = $prep_statement->fetch(PDO::FETCH_NAMED);
+												$device_uuid = $database->select($sql, $parameters, 'column');
-												$device_uuid = $row['device_uuid'];
+												unset($sql, $parameters);
-												unset($row);
 											}
 
 										//insert the keys
-											$sql = "insert into v_device_keys ";
+											$device_key_uuid = uuid();
-											$sql .= "(";
+											$array['device_keys'][0]['device_key_uuid'] = $device_key_uuid;
-											$sql .= "domain_uuid, ";
+											$array['device_keys'][0]['device_uuid'] = $device_uuid;
-											$sql .= "device_key_uuid, ";
+											$array['device_keys'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
-											$sql .= "device_uuid, ";
+											$array['device_keys'][0]['device_key_id'] = $device_key_id;
-											$sql .= "device_key_id, ";
+											$array['device_keys'][0]['device_key_type'] = $device_key_type;
-											$sql .= "device_key_type, ";
+											$array['device_keys'][0]['device_key_line'] = $device_key_line;
-											$sql .= "device_key_line, ";
+											$array['device_keys'][0]['device_key_value'] = $device_key_value;
-											$sql .= "device_key_value, ";
+											$array['device_keys'][0]['device_key_label'] = $device_key_label;
-											$sql .= "device_key_label, ";
+											$array['device_keys'][0]['device_key_icon'] = $device_key_icon;
-											$sql .= "device_key_icon, ";
+											$array['device_keys'][0]['device_key_category'] = $device_key_category;
-											$sql .= "device_key_category, ";
+											$array['device_keys'][0]['device_key_vendor'] = $device_key_vendor;
-											$sql .= "device_key_vendor ";
-											$sql .= ") ";
-											$sql .= "VALUES (";
-											$sql .= "'".$_SESSION['domain_uuid']."', ";
-											$sql .= "'".$device_key_uuid."', ";
-											$sql .= "'".$device_uuid."', ";
-											$sql .= "'".$device_key_id."', ";
-											$sql .= "'".$device_key_type."', ";
-											$sql .= "'".$device_key_line."', ";
-											$sql .= "'".$device_key_value."', ";
-											$sql .= "'".$device_key_label."', ";
-											$sql .= "'".$device_key_icon."', ";
-											$sql .= "'".$device_key_category."', ";
-											$sql .= "'".$device_key_vendor."' ";
-											$sql .= ");";
 
 										//action add or update
 											$action = "add";
@@ -266,24 +246,23 @@
 										$action = "update";
 
 									//update the device keys
-										$sql = "update v_device_keys set ";
+										$array['device_keys'][0]['device_key_uuid'] = $device_key_uuid;
+										$array['device_keys'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
 										if (permission_exists('device_key_id')) {
-											$sql .= "device_key_id = '".$device_key_id."', ";
+											$array['device_keys'][0]['device_key_id'] = $device_key_id;
 										}
-										$sql .= "device_key_type = '".$device_key_type."', ";
+										$array['device_keys'][0]['device_key_type'] = $device_key_type;
-										$sql .= "device_key_value = '".$device_key_value."', ";
+										$array['device_keys'][0]['device_key_value'] = $device_key_value;
-										$sql .= "device_key_label = '".$device_key_label."', ";
+										$array['device_keys'][0]['device_key_label'] = $device_key_label;
-										$sql .= "device_key_icon = '".$device_key_icon."' ";
+										$array['device_keys'][0]['device_key_icon'] = $device_key_icon;
-										$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-										$sql .= "and device_key_uuid = '".$device_key_uuid."'; ";
 								}
 								if ($save) {
-									$db->exec(check_sql($sql));
+									$database = new database;
-									//echo "valid: ".$sql."\n";
+									$database->app_name = 'devices';
-								}
+									$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
-								else {
+									$database->save($array);
-									//echo "invalid: ".$sql."\n";
 								}
+								unset($array);
 						}
 					}
 
@@ -301,29 +280,32 @@
 					header("Location: /core/user_settings/user_dashboard.php");
 					exit;
 
-			} //if ($_POST["persistformvar"] != "true")
+			}
-	} //(count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0)
+	}
 
 //set the sub array index
 	$x = "999";
 
 //get device
-	$sql = "SELECT device_uuid, device_profile_uuid FROM v_devices ";
+	$sql = "select device_uuid, device_profile_uuid from v_devices ";
-	$sql .= "WHERE device_user_uuid = '".$_SESSION['user_uuid']."' ";
+	$sql .= "where device_user_uuid = :device_user_uuid ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_user_uuid'] = $_SESSION['user_uuid'];
-	$prep_statement->execute();
+	$database = new database;
-	$row = $prep_statement->fetch(PDO::FETCH_NAMED);
+	$row = $database->select($sql, $parameters, 'row');
-	$device_uuid = $row['device_uuid'];
+	if (is_array($row) && @sizeof($row) != 0) {
-	$device_profile_uuid = $row['device_profile_uuid'];
+		$device_uuid = $row['device_uuid'];
-	unset($row);
+		$device_profile_uuid = $row['device_profile_uuid'];
+	}
+	unset($sql, $parameters, $row);
 
 //get device lines
-	if (isset($device_uuid)) {
+	if (is_uuid($device_uuid)) {
-		$sql = "SELECT * from v_device_lines ";
+		$sql = "select * from v_device_lines ";
-		$sql .= "WHERE device_uuid = '".$device_uuid."' ";
+		$sql .= "where device_uuid = :device_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['device_uuid'] = $device_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		$device_lines = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$device_lines = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
 	}
 
 //get the user
@@ -341,37 +323,31 @@
 	$sip_profile_name = 'internal';
 
 //get device keys in the right order where device keys are listed after the profile keys
-	if (isset($device_uuid)) {
+	if (is_uuid($device_uuid)) {
-		$sql = "SELECT * FROM v_device_keys ";
+		$sql = "select * from v_device_keys ";
-		$sql .= "WHERE (";
+		$sql .= "where (";
-		$sql .= "device_uuid = '".$device_uuid."' ";
+		$sql .= "device_uuid = :device_uuid ";
-		if (strlen($device_profile_uuid) > 0) {
+		$sql .= is_uuid($device_profile_uuid) ? "or device_profile_uuid = :device_profile_uuid " : null;
-			$sql .= "or device_profile_uuid = '".$device_profile_uuid."' ";
-		}
 		$sql .= ") ";
-		$sql .= "ORDER BY ";
+		$sql .= "order by ";
-		$sql .= "device_key_vendor ASC, ";
+		$sql .= "device_key_vendor asc, ";
-		$sql .= "CASE device_key_category ";
+		$sql .= "case device_key_category ";
-		$sql .= "WHEN 'line' THEN 1 ";
+		$sql .= "when 'line' then 1 ";
-		$sql .= "WHEN 'memory' THEN 2 ";
+		$sql .= "when 'memory' then 2 ";
-		$sql .= "WHEN 'programmable' THEN 3 ";
+		$sql .= "when 'programmable' then 3 ";
-		$sql .= "WHEN 'expansion' THEN 4 ";
+		$sql .= "when 'expansion' then 4 ";
-		$sql .= "ELSE 100 END, ";
+		$sql .= "else 100 end, ";
-		if ($db_type == "mysql") {
+		$sql .= $db_type == "mysql" ? "device_key_id asc " : "cast(device_key_id as numeric) asc, ";
-			$sql .= "device_key_id ASC ";
+		$sql .= "case when device_uuid is null then 0 else 1 end asc ";
-		}
+		$parameters['device_uuid'] = $device_uuid;
-		else {
+		$parameters['device_profile_uuid'] = $device_profile_uuid;
-			$sql .= "CAST(device_key_id as numeric) ASC, ";
+		$database = new database;
-		}
+		$keys = $database->select($sql, $parameters, 'all');
-		$sql .= "CASE WHEN device_uuid IS NULL THEN 0 ELSE 1 END ASC ";
+		unset($sql, $parameters);
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$keys = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		unset($sql,$prep_statement);
 	}
 
 //override profile keys with device keys
-	if (is_array($device_keys)) {
+	if (is_array($device_keys) && @sizeof($device_keys) != 0) {
 		foreach($keys as $row) {
 			$id = $row['device_key_id'];
 			$device_keys[$id] = $row;
@@ -386,7 +362,7 @@
 	}
 
 //get the vendor count and last and device information
-	if (is_array($device_keys)) {
+	if (is_array($device_keys) && @sizeof($device_keys) != 0) {
 		$vendor_count = 0;
 		foreach($device_keys as $row) {
 			if ($previous_vendor != $row['device_key_vendor']) {
@@ -416,7 +392,7 @@
 	}
 
 //remove the keys the user is not allowed to edit based on the authorized vendor keys
-	if (is_array($device_keys)) {
+	if (is_array($device_keys) && @sizeof($device_keys) != 0) {
 		foreach($device_keys as $row) {
 			//loop through the authorized vendor functions
 				$device_key_authorized = false;
@@ -468,7 +444,7 @@
 	if (permission_exists('device_key_edit')) {
 		echo "			<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 		$x = 0;
-		if (is_array($device_keys)) {
+		if (is_array($device_keys) && @sizeof($device_keys) != 0) {
 			foreach($device_keys as $row) {
 				//set the variables
 					$device_key_vendor = $row['device_key_vendor'];

app/devices/device_delete.php

@@ -42,48 +42,45 @@
 	$text = $language->get();
 
 //get the id
-	if (isset($_GET["id"])) {
+	$device_uuid = $_GET["id"];
-		$id = $_GET["id"];
-	}
 
 //delete the data and sub-data
-	if (is_uuid($id)) {
+	if (is_uuid($device_uuid)) {
 
 		//delete device_lines
-			$sql = "delete from v_device_lines ";
+			$array['device_lines'][0]['device_uuid'] = $device_uuid;
-			$sql .= "where device_uuid = '$id' ";
-			$db->exec($sql);
-			unset($sql);
 
 		//delete device_keys
-			$sql = "delete from v_device_keys ";
+			$array['device_keys'][0]['device_uuid'] = $device_uuid;
-			$sql .= "where device_uuid = '$id' ";
-			$db->exec($sql);
-			unset($sql);
 
 		//delete device_settings
-			$sql = "delete from v_device_settings ";
+			$array['device_settings'][0]['device_uuid'] = $device_uuid;
-			$sql .= "where device_uuid = '$id' ";
-			$db->exec($sql);
-			unset($sql);
 
 		//delete the device
-			$sql = "delete from v_devices ";
+			$array['devices'][0]['device_uuid'] = $device_uuid;
-			$sql .= "where device_uuid = '$id' ";
+
-			$db->exec($sql);
+		//execute
-			unset($sql);
+			$database = new database;
+			$database->app_name = 'devices';
+			$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+			$database->delete($array);
+			$response = $database->message;
+			unset($array);
+
+		//write the provision files
+			if (strlen($_SESSION['provision']['path']['text']) > 0) {
+				$prov = new provision;
+				$prov->domain_uuid = $domain_uuid;
+				$response = $prov->write();
+			}
+
+		//set message
+			message::add($text['message-delete']);
+
 	}
 
-//write the provision files
+//redirect the user
-	if (strlen($_SESSION['provision']['path']['text']) > 0) {
-		$prov = new provision;
-		$prov->domain_uuid = $domain_uuid;
-		$response = $prov->write();
-	}
-
-//set the message and redirect the user
-	message::add($text['message-delete']);
 	header("Location: devices.php");
-	return;
+	exit;
 
 ?>

app/devices/device_download.php

@@ -76,30 +76,44 @@
 		header("Content-Transfer-Encoding: binary");
 	}
 
+
+//define possible columns in the array
+	$allowed_columns[] = 'device_uuid';
+	$allowed_columns[] = 'domain_uuid';
+	$allowed_columns[] = 'device_mac_address';
+	$allowed_columns[] = 'device_label';
+	$allowed_columns[] = 'device_template';
+	$allowed_columns[] = 'device_description';
+
 //get the devices and send them as output
-	if (isset($_REQUEST["column_group"])) {
+	$column_group = $_REQUEST["column_group"];
-		$columns = implode(",",$_REQUEST["column_group"]);
+	if (is_array($column_group) && @sizeof($column_group) != 0) {
-		$sql = "select " . $columns . " from v_devices ";
+		//validate columns
-		$sql .= " where domain_uuid = '".$domain_uuid."' ";
+			foreach ($column_group as $index => $column_name) {
-		$prep_statement = $db->prepare(check_sql($sql));
+				if (!in_array($column_name, $allowed_columns)) {
-		$prep_statement->execute();
+					unset($column_group[$index]);
-		$devices = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+				}
-		unset ($sql, $prep_statement);
+			}
-		//print_r($extensions);
+		//iterate columns
+			if (is_array($column_group) && @sizeof($column_group) != 0) {
+				$column_names = implode(", ", $column_group);
+				$sql = "select ".$column_names." from v_devices ";
+				$sql .= " where domain_uuid = :domain_uuid ";
+				$parameters['domain_uuid'] = $domain_uuid;
+				$database = new database;
+				$devices = $database->select($sql, $parameters, 'all');
+				unset($sql, $parameters, $column_names);
+				//print_r($extensions);
 
-		download_send_headers("data_export_" . date("Y-m-d") . ".csv");
+				if (is_array($devices) && @sizeof($devices) != 0) {
-		echo array2csv($devices);
+					download_send_headers("data_export_".date("Y-m-d").".csv");
-		die();
+					echo array2csv($devices);
+					exit();
+				}
+			}
+			unset($column_group);
 	}
 
-//define the columns in the array
-	$columns[] = 'device_uuid';
-	$columns[] = 'domain_uuid';
-	$columns[] = 'device_mac_address';
-	$columns[] = 'device_label';
-	$columns[] = 'device_template';
-	$columns[] = 'device_description';
-
 //set the row style
 	$c = 0;
 	$row_style["0"] = "row_style0";
@@ -121,12 +135,12 @@
 	echo "	<th>Description</th>\n";
 	echo "</tr>\n";
 
-	foreach ($columns as $value) {
+	foreach ($allowed_columns as $column_name) {
 		echo "<tr>\n";
 		echo "	<td width = '20px' valign='top' class='".$row_style[$c]."'>\n";
-		echo "		<input class=\"checkbox1\" type=\"checkbox\" name=\"column_group[]\" value=\"$value\"/>";
+		echo "		<input class=\"checkbox1\" type=\"checkbox\" name=\"column_group[]\" value=\"".$column_name."\"/>";
 		echo "	</td>\n";
-		echo "	<td valign='top' class='".$row_style[$c]."'>$value</td>";
+		echo "	<td valign='top' class='".$row_style[$c]."'>".$column_name."</td>";
 		echo "	<td valign='top' class='".$row_style[$c]."'></td>";
 		echo "</tr>";
 		if ($c==0) { $c=1; } else { $c=0; }

app/devices/device_edit.php

@@ -50,19 +50,18 @@
 				$sql .= "v_domains as d2 ";
 				$sql .= "where ";
 				$sql .= "d1.domain_uuid = d2.domain_uuid and ";
-				$sql .= "d1.device_mac_address = '".check_str($_GET["mac"])."' ";
+				$sql .= "d1.device_mac_address = :device_mac_address ";
-				if ($_GET["device_uuid"] != '') {
+				if (is_uuid($_GET["device_uuid"])) {
-					$sql .= " and d1.device_uuid <> '".check_str($_GET["device_uuid"])."' ";
+					$sql .= " and d1.device_uuid <> :device_uuid ";
 				}
-				$prep_statement = $db->prepare($sql);
+				$parameters['device_mac_address'] = $_GET["mac"];
-				if ($prep_statement) {
+				$parameters['device_uuid'] = $_GET["device_uuid"];
-					$prep_statement->execute();
+				$database = new database;
-					$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+				$domain_name = $database->select($sql, $parameters, 'column');
-					if ($row['domain_name'] != '') {
+				if ($domain_name != '') {
-						echo $text['message-duplicate'].((if_group("superadmin") && $_SESSION["domain_name"] != $row["domain_name"]) ? ": ".$row["domain_name"] : null);
+					echo $text['message-duplicate'].(if_group("superadmin") && $_SESSION["domain_name"] != $domain_name ? ": ".$domain_name : null);
-					}
 				}
-				unset($prep_statement);
+				unset($sql, $parameters, $domain_name);
 			}
 
 		//username
@@ -75,22 +74,22 @@
 				$sql .= "v_domains as d2 ";
 				$sql .= "where ";
 				$sql .= "d1.domain_uuid = d2.domain_uuid and ";
-				$sql .= "d1.device_username = '".check_str($_GET["username"])."' ";
+				$sql .= "d1.device_username = :device_username ";
-				if ($_GET['domain_uuid'] != '') {
+				if (is_uuid($_GET['domain_uuid'])) {
-					$sql .= "and d2.domain_uuid = '".check_str($_GET['domain_uuid'])."' ";
+					$sql .= "and d2.domain_uuid = :domain_uuid ";
 				}
-				if ($_GET['device_uuid'] != '') {
+				if (is_uuid($_GET['device_uuid'])) {
-					$sql .= "and d1.device_uuid <> '".check_str($_GET["device_uuid"])."' ";
+					$sql .= "and d1.device_uuid <> :device_uuid ";
 				}
-				$prep_statement = $db->prepare($sql);
+				$parameters['device_username'] = $_GET["username"];
-				if ($prep_statement) {
+				$parameters['domain_uuid'] = $_GET["domain_uuid"];
-					$prep_statement->execute();
+				$parameters['device_uuid'] = $_GET["device_uuid"];
-					$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+				$database = new database;
-					if ($row['domain_name'] != '') {
+				$row = $database->select($sql, $parameters, 'row');
-						echo $text['message-duplicate_username'].((if_group("superadmin")) ? ": ".format_mac($row['device_mac_address']).(($_SESSION["domain_name"] != $row["domain_name"]) ? " (".$row["domain_name"].")" : null) : null);
+				if (is_array($row) && @sizeof($row) != 0 && $row['domain_name'] != '') {
-					}
+					echo $text['message-duplicate_username'].(if_group("superadmin") ? ": ".format_mac($row['device_mac_address']).($_SESSION["domain_name"] != $row["domain_name"] ? " (".$row["domain_name"].")" : null) : null);
 				}
-				unset($prep_statement);
+				unset($sql, $parameters, $row);
 			}
 
 		exit;
@@ -100,9 +99,9 @@
 	require_once "app/devices/resources/classes/device.php";
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$device_uuid = check_str($_REQUEST["id"]);
+		$device_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -111,19 +110,16 @@
 //get total device count from the database, check limit, if defined
 	if ($action == 'add') {
 		if ($_SESSION['limit']['devices']['numeric'] != '') {
-			$sql = "select count(*) as num_rows from v_devices where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+			$sql = "select count(*) from v_devices where domain_uuid = :domain_uuid ";
-			$prep_statement = $db->prepare($sql);
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-			if ($prep_statement) {
+			$database = new database;
-				$prep_statement->execute();
+			$total_devices = $database->select($sql, $parameters, 'column');
-				$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-				$total_devices = $row['num_rows'];
-			}
-			unset($prep_statement, $row);
 			if ($total_devices >= $_SESSION['limit']['devices']['numeric']) {
 				message::add($text['message-maximum_devices'].' '.$_SESSION['limit']['devices']['numeric'], 'negative');
 				header('Location: devices.php');
-				return;
+				exit;
 			}
+			unset($sql, $parameters, $total_devices);
 		}
 	}
 
@@ -131,60 +127,60 @@
 	if (count($_POST) > 0) {
 		//device mac address
 			if (permission_exists('device_mac_address')) {
-				$device_mac_address = check_str($_POST["device_mac_address"]);
+				$device_mac_address = $_POST["device_mac_address"];
 				$device_mac_address = strtolower(preg_replace('#[^a-fA-F0-9./]#', '', $device_mac_address));
 				$_POST["device_mac_address"] = $device_mac_address;
 			}
 			else {
 				$sql = "select * from v_devices ";
-				$sql .= "where device_uuid = '$device_uuid' ";
+				$sql .= "where device_uuid = :device_uuid ";
-				$prep_statement = $db->prepare(check_sql($sql));
+				$parameters['device_uuid'] = $device_uuid;
-				$prep_statement->execute();
+				$database = new database;
-				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+				$row = $database->select($sql, $parameters, 'row');
-				foreach ($result as &$row) {
+				if (is_array($row) && @sizeof($row) != 0) {
 					$device_mac_address = $row["device_mac_address"];
 					$_POST["device_mac_address"] = $device_mac_address;
 				}
-				unset ($prep_statement);
+				unset($sql, $parameters, $row);
 			}
 		//get assigned user
-			$device_user_uuid = check_str($_POST["device_user_uuid"]);
+			$device_user_uuid = $_POST["device_user_uuid"];
 		//devices
-			$device_label = check_str($_POST["device_label"]);
+			$device_label = $_POST["device_label"];
-			$device_vendor = check_str($_POST["device_vendor"]);
+			$device_vendor = $_POST["device_vendor"];
-			$device_uuid_alternate = check_str($_POST["device_uuid_alternate"]);
+			$device_uuid_alternate = $_POST["device_uuid_alternate"];
-			$device_model = check_str($_POST["device_model"]);
+			$device_model = $_POST["device_model"];
-			$device_firmware_version = check_str($_POST["device_firmware_version"]);
+			$device_firmware_version = $_POST["device_firmware_version"];
-			$device_enabled = check_str($_POST["device_enabled"]);
+			$device_enabled = $_POST["device_enabled"];
-			$device_template = check_str($_POST["device_template"]);
+			$device_template = $_POST["device_template"];
-			$device_description = check_str($_POST["device_description"]);
+			$device_description = $_POST["device_description"];
 		//lines
-			$line_number = check_str($_POST["line_number"]);
+			$line_number = $_POST["line_number"];
-			$server_address = check_str($_POST["server_address"]);
+			$server_address = $_POST["server_address"];
-			$outbound_proxy_primary = check_str($_POST["outbound_proxy_primary"]);
+			$outbound_proxy_primary = $_POST["outbound_proxy_primary"];
-			$outbound_proxy_secondary = check_str($_POST["outbound_proxy_secondary"]);
+			$outbound_proxy_secondary = $_POST["outbound_proxy_secondary"];
-			$display_name = check_str($_POST["display_name"]);
+			$display_name = $_POST["display_name"];
-			$user_id = check_str($_POST["user_id"]);
+			$user_id = $_POST["user_id"];
-			$auth_id = check_str($_POST["auth_id"]);
+			$auth_id = $_POST["auth_id"];
-			$password = check_str($_POST["password"]);
+			$password = $_POST["password"];
 		//profile
-			$device_profile_uuid = check_str($_POST["device_profile_uuid"]);
+			$device_profile_uuid = $_POST["device_profile_uuid"];
 		//keys
-			$device_key_category = check_str($_POST["device_key_category"]);
+			$device_key_category = $_POST["device_key_category"];
-			$device_key_id = check_str($_POST["device_key_id"]);
+			$device_key_id = $_POST["device_key_id"];
-			$device_key_type = check_str($_POST["device_key_type"]);
+			$device_key_type = $_POST["device_key_type"];
-			$device_key_line = check_str($_POST["device_key_line"]);
+			$device_key_line = $_POST["device_key_line"];
-			$device_key_value = check_str($_POST["device_key_value"]);
+			$device_key_value = $_POST["device_key_value"];
-			$device_key_extension = check_str($_POST["device_key_extension"]);
+			$device_key_extension = $_POST["device_key_extension"];
-			$device_key_label = check_str($_POST["device_key_label"]);
+			$device_key_label = $_POST["device_key_label"];
-			$device_key_icon = check_str($_POST["device_key_icon"]);
+			$device_key_icon = $_POST["device_key_icon"];
 		//settings
-			//$device_setting_category = check_str($_POST["device_setting_category"]);
+			//$device_setting_category = $_POST["device_setting_category"]);
-			$device_setting_subcategory = check_str($_POST["device_setting_subcategory"]);
+			$device_setting_subcategory = $_POST["device_setting_subcategory"];
-			//$device_setting_name = check_str($_POST["device_setting_name"]);
+			//$device_setting_name = $_POST["device_setting_name"];
-			$device_setting_value = check_str($_POST["device_setting_value"]);
+			$device_setting_value = $_POST["device_setting_value"];
-			$device_setting_enabled = check_str($_POST["device_setting_enabled"]);
+			$device_setting_enabled = $_POST["device_setting_enabled"];
-			$device_setting_description = check_str($_POST["device_setting_description"]);
+			$device_setting_description = $_POST["device_setting_description"];
 	}
 
 //use the mac address to get the vendor
@@ -259,7 +255,7 @@
 								unset($_POST["device_keys"][$x]);
 							}
 						//unset device_detail_uuid if the field has no value
-							if (strlen($row["device_key_uuid"]) == 0) {
+							if (!is_uuid($row["device_key_uuid"])) {
 								unset($_POST["device_keys"][$x]["device_key_uuid"]);
 							}
 						//increment the row
@@ -272,7 +268,7 @@
 								unset($_POST["device_settings"][$x]);
 							}
 						//unset device_detail_uuid if the field has no value
-							if (strlen($row["device_setting_uuid"]) == 0) {
+							if (!is_uuid($row["device_setting_uuid"])) {
 								unset($_POST["device_settings"][$x]["device_setting_uuid"]);
 							}
 						//increment the row
@@ -308,12 +304,12 @@
 						$database = new database;
 						$database->app_name = 'devices';
 						$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
-						if (strlen($device_uuid) > 0) {
+						if (is_uuid($device_uuid)) {
 							$database->uuid($device_uuid);
 						}
 						$database->save($array);
 						$response = $database->message;
-						if (strlen($response['uuid']) > 0) {
+						if (is_uuid($response['uuid'])) {
 							$device_uuid = $response['uuid'];
 						}
 					}
@@ -348,11 +344,11 @@
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
 		$sql = "select * from v_devices ";
-		$sql .= "where device_uuid = '$device_uuid' ";
+		$sql .= "where device_uuid = :device_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['device_uuid'] = $device_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$row = $database->select($sql, $parameters, 'row');
-		foreach ($result as &$row) {
+		if (is_array($row) && @sizeof($row) != 0) {
 			$device_mac_address = $row["device_mac_address"];
 			$device_provisioned_ip = $row["device_provisioned_ip"];
 			$domain_uuid = $row["domain_uuid"];
@@ -371,7 +367,7 @@
 			$device_profile_uuid = $row["device_profile_uuid"];
 			$device_description = $row["device_description"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //use the mac address to get the vendor
@@ -384,23 +380,26 @@
 	$x = "999";
 
 //alternate device settings
-	if (strlen($device_uuid_alternate) > 0) {
+	if (is_uuid($device_uuid_alternate)) {
 		$sql = "select * from v_devices ";
-		$sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
+		$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
-		$sql .= "and device_uuid = '$device_uuid_alternate' ";
+		$sql .= "and device_uuid = :device_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['domain_uuid'] = $domain_uuid;
-		$prep_statement->execute();
+		$parameters['device_uuid'] = $device_uuid_alternate;
-		$device_alternate = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$database = new database;
-		unset ($prep_statement, $sql);
+		$device_alternate = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
 	}
 
 //get device lines
-	$sql = "SELECT * FROM v_device_lines ";
+	$sql = "select * from v_device_lines ";
-	$sql .= "where device_uuid = '".$device_uuid."' ";
+	$sql .= "where device_uuid = :device_uuid ";
 	$sql .= "order by cast(line_number as int) asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_uuid'] = $device_uuid;
-	$prep_statement->execute();
+	$database = new database;
-	$device_lines = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$device_lines = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
+
 	$device_lines[$x]['line_number'] = '';
 	$device_lines[$x]['server_address'] = '';
 	$device_lines[$x]['outbound_proxy_primary'] = $_SESSION['provision']['outbound_proxy_primary']['text'];
@@ -418,31 +417,28 @@
 	$device_lines[$x]['register_expires'] = $_SESSION['provision']['line_register_expires']['numeric'];
 
 //get device keys
-	$sql = "SELECT * FROM v_device_keys ";
+	$sql = "select * from v_device_keys ";
-	$sql .= "WHERE device_uuid = '".$device_uuid."' ";
+	$sql .= "where device_uuid = :device_uuid ";
-	$sql .= "ORDER by ";
+	$sql .= "order by ";
 	$sql .= "device_key_vendor asc, ";
-	$sql .= "CASE device_key_category ";
+	$sql .= "case device_key_category ";
-	$sql .= "WHEN 'line' THEN 1 ";
+	$sql .= "when 'line' then 1 ";
-	$sql .= "WHEN 'memory' THEN 2 ";
+	$sql .= "when 'memory' then 2 ";
-	$sql .= "WHEN 'programmable' THEN 3 ";
+	$sql .= "when 'programmable' then 3 ";
-	$sql .= "WHEN 'expansion' THEN 4 ";
+	$sql .= "when 'expansion' then 4 ";
-	$sql .= "WHEN 'expansion-1' THEN 5 ";
+	$sql .= "when 'expansion-1' then 5 ";
-	$sql .= "WHEN 'expansion-2' THEN 6 ";
+	$sql .= "when 'expansion-2' then 6 ";
-	$sql .= "WHEN 'expansion-3' THEN 7 ";
+	$sql .= "when 'expansion-3' then 7 ";
-	$sql .= "WHEN 'expansion-4' THEN 8 ";
+	$sql .= "when 'expansion-4' then 8 ";
-	$sql .= "WHEN 'expansion-5' THEN 9 ";
+	$sql .= "when 'expansion-5' then 9 ";
-	$sql .= "WHEN 'expansion-6' THEN 10 ";
+	$sql .= "when 'expansion-6' then 10 ";
-	$sql .= "ELSE 100 END, ";
+	$sql .= "else 100 end, ";
-	if ($db_type == "mysql") {
+	$sql .= $db_type == "mysql" ? "device_key_id asc " : "cast(device_key_id as numeric) asc ";
-		$sql .= "device_key_id asc ";
+	$parameters['device_uuid'] = $device_uuid;
-	}
+	$database = new database;
-	else {
+	$device_keys = $database->select($sql, $parameters, 'all');
-		$sql .= "cast(device_key_id as numeric) asc ";
+	unset($sql, $parameters);
-	}
+
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 	$device_keys[$x]['device_key_category'] = '';
 	$device_keys[$x]['device_key_id'] = '';
 	$device_keys[$x]['device_key_type'] = '';
@@ -453,45 +449,48 @@
 	$device_keys[$x]['device_key_icon'] = '';
 
 //get the device vendors
-	$sql = "SELECT name ";
+	$sql = "select name ";
-	$sql .= "FROM v_device_vendors ";
+	$sql .= "from v_device_vendors ";
-	$sql .= "WHERE enabled = 'true' ";
+	$sql .= "where enabled = 'true' ";
-	$sql .= "ORDER BY name ASC ";
+	$sql .= "order by name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	$prep_statement->execute();
+	$device_vendors = $database->select($sql, null, 'all');
-	$device_vendors = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql);
 
 //get the vendor functions
-	$sql = "SELECT v.name as vendor_name, f.name, f.value ";
+	$sql = "select v.name as vendor_name, f.name, f.value ";
-	$sql .= "FROM v_device_vendors as v, v_device_vendor_functions as f ";
+	$sql .= "from v_device_vendors as v, v_device_vendor_functions as f ";
-	$sql .= "WHERE v.device_vendor_uuid = f.device_vendor_uuid ";
+	$sql .= "where v.device_vendor_uuid = f.device_vendor_uuid ";
 	$sql .= "and v.enabled = 'true' ";
 	$sql .= "and f.enabled = 'true' ";
 	$sql .= "order by v.name asc, f.name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	$prep_statement->execute();
+	$vendor_functions = $database->select($sql, null, 'all');
-	$vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql);
 
 //get device settings
-	$sql = "SELECT * FROM v_device_settings ";
+	$sql = "select * from v_device_settings ";
-	$sql .= "WHERE device_uuid = '".$device_uuid."' ";
+	$sql .= "where device_uuid = :device_uuid ";
-	$sql .= "ORDER by device_setting_subcategory asc ";
+	$sql .= "order by device_setting_subcategory asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_uuid'] = $device_uuid;
-	$prep_statement->execute();
+	$database = new database;
-	$device_settings = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$device_settings = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
+
 	$device_settings[$x]['device_setting_name'] = '';
 	$device_settings[$x]['device_setting_value'] = '';
 	$device_settings[$x]['enabled'] = '';
 	$device_settings[$x]['device_setting_description'] = '';
 
 //get the users
-	$sql = "SELECT * FROM v_users ";
+	$sql = "select * from v_users ";
-	$sql .= "WHERE domain_uuid = '".$domain_uuid."' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
-	$sql .= "AND user_enabled = 'true' ";
+	$sql .= "and user_enabled = 'true' ";
-	$sql .= "ORDER by username asc ";
+	$sql .= "order by username asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['domain_uuid'] = $domain_uuid;
-	$prep_statement->execute();
+	$database = new database;
-	$users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$users = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //use the mac address to get the vendor
 	if (strlen($device_vendor) == 0) {
@@ -901,7 +900,7 @@
 				if (strlen($row['register_expires']) == 0) { $row['register_expires'] = $_SESSION['provision']['line_register_expires']['numeric']; }
 
 			//determine whether to hide the element
-				if (strlen($device_line_uuid) == 0) {
+				if (!is_uuid($device_line_uuid)) {
 					$element['hidden'] = false;
 					$element['visibility'] = "visibility:visible;";
 				}
@@ -910,7 +909,7 @@
 					$element['visibility'] = "visibility:hidden;";
 				}
 			//add the primary key uuid
-				if (strlen($row['device_line_uuid']) > 0) {
+				if (is_uuid($row['device_line_uuid'])) {
 					echo "	<input name='device_lines[".$x."][device_line_uuid]' type='hidden' value=\"".escape($row['device_line_uuid'])."\"/>\n";
 				}
 			//show each row in the array
@@ -1027,7 +1026,7 @@
 				echo "			</td>\n";
 
 			echo "				<td>\n";
-			if (strlen($row['device_line_uuid']) > 0) {
+			if (is_uuid($row['device_line_uuid'])) {
 				if (permission_exists('device_delete')) {
 					echo "					<a href='device_line_delete.php?device_uuid=".escape($row['device_uuid'])."&id=".escape($row['device_line_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
 				}
@@ -1047,14 +1046,12 @@
 	if (permission_exists('device_profile_edit')) {
 		//device profile
 		$sql = "select * from v_device_profiles ";
-		$sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
+		$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
 		$sql .= "order by device_profile_name asc ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['domain_uuid'] = $domain_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$result = $database->select($sql, $parameters, 'all');
-		$result_count = count($result);
+		if (is_array($result) && @sizeof($result) != 0) {
-		unset ($prep_statement, $sql);
-		if ($result_count > 0) {
 			echo "	<tr>";
 			echo "		<td class='vncell' valign='top'>".$text['label-profile']."</td>";
 			echo "		<td class='vtable' align='left'>";
@@ -1070,6 +1067,7 @@
 			echo "		</td>";
 			echo "	</tr>";
 		}
+		unset($sql, $parameters, $result);
 	}
 
 	if (permission_exists('device_key_edit')) {
@@ -1124,7 +1122,7 @@
 					echo "			</tr>\n";
 				}
 			//determine whether to hide the element
-				if (strlen($device_key_uuid) == 0) {
+				if (!is_uuid($device_key_uuid)) {
 					$element['hidden'] = false;
 					$element['visibility'] = "visibility:visible;";
 				}
@@ -1133,7 +1131,7 @@
 					$element['visibility'] = "visibility:hidden;";
 				}
 			//add the primary key uuid
-				if (strlen($row['device_key_uuid']) > 0) {
+				if (is_uuid($row['device_key_uuid'])) {
 					echo "	<input name='device_keys[".$x."][device_key_uuid]' type='hidden' value=\"".escape($row['device_key_uuid'])."\"/>\n";
 				}
 			//show all the rows in the array
@@ -1307,7 +1305,7 @@
 				//echo "				<input type='button' class='btn' value='".$text['button-save']."' onclick='submit_form();'/>\n";
 				//echo "			</td>\n";
 				echo "				<td nowrap='nowrap'>\n";
-				if (strlen($row['device_key_uuid']) > 0) {
+				if (is_uuid($row['device_key_uuid'])) {
 					if (permission_exists('device_key_delete')) {
 						echo "					<a href='device_key_delete.php?device_uuid=".escape($row['device_uuid'])."&id=".escape($row['device_key_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
 					}
@@ -1344,7 +1342,7 @@
 		$x = 0;
 		foreach($device_settings as $row) {
 			//determine whether to hide the element
-				if (strlen($device_setting_uuid) == 0) {
+				if (!is_uuid($device_setting_uuid)) {
 					$element['hidden'] = false;
 					$element['visibility'] = "visibility:visible;";
 				}
@@ -1353,7 +1351,7 @@
 					$element['visibility'] = "visibility:hidden;";
 				}
 			//add the primary key uuid
-				if (strlen($row['device_setting_uuid']) > 0) {
+				if (is_uuid($row['device_setting_uuid'])) {
 					echo "	<input name='device_settings[".$x."][device_setting_uuid]' type='hidden' value=\"".escape($row['device_setting_uuid'])."\"/>\n";
 				}
 
@@ -1395,7 +1393,7 @@
 				echo "		</td>";
 
 				echo "				<td>\n";
-				if (strlen($row['device_setting_uuid']) > 0) {
+				if (is_uuid($row['device_setting_uuid'])) {
 					if (permission_exists('device_edit')) {
 						echo "					<a href='device_setting_edit.php?device_uuid=".escape($row['device_uuid'])."&id=".escape($row['device_setting_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>\n";
 					}
@@ -1449,7 +1447,7 @@
 		echo "</tr>\n";
 	}
 
-	if (permission_exists('device_alternate') && strlen($device_uuid_alternate) > 0) {
+	if (permission_exists('device_alternate') && is_uuid($device_uuid_alternate)) {
 		echo "<tr>\n";
 		echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 		echo "	".$text['label-device_uuid_alternate']."\n";
@@ -1516,7 +1514,7 @@
 		echo "</td>\n";
 		echo "<td class='vtable' align='left'>\n";
 		echo "    <select class='formfld' name='domain_uuid' id='domain_uuid'>\n";
-		if (strlen($domain_uuid) == 0) {
+		if (!is_uuid($domain_uuid)) {
 			echo "    <option value='' selected='selected'>".$text['select-global']."</option>\n";
 		}
 		else {

app/devices/device_imports.php

@@ -247,10 +247,11 @@
 			$domain_uuid = $_SESSION['domain_uuid'];
 
 		//get the users
-			$sql = "select * from v_users where domain_uuid = '".$domain_uuid."' ";
+			$sql = "select * from v_users where domain_uuid = :domain_uuid ";
-			$prep_statement = $db->prepare($sql);
+			$parameters['domain_uuid'] = $domain_uuid;
-			$prep_statement->execute();
+			$database = new database;
-			$users = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+			$users = $database->select($sql, $parameters, 'all');
+			unset($sql, $parameters);
 
 		//get the contents of the csv file and convert them into an array
 			$handle = @fopen($_SESSION['file'], "r");

app/devices/device_key_delete.php

@@ -38,28 +38,29 @@ else {
 	$text = $language->get();
 
 //get the id
-	if (isset($_GET["id"])) {
+	$device_key_uuid = $_GET["id"];
-		$id = $_GET["id"];
+	$device_uuid = $_GET["device_uuid"];
-		$device_uuid = check_str($_GET["device_uuid"]);
+	$device_profile_uuid = $_GET["device_profile_uuid"];
-		$device_profile_uuid = check_str($_GET["device_profile_uuid"]);
-	}
 
 //delete device keys
-	if (is_uuid($id)) {
+	if (is_uuid($device_key_uuid)) {
-		$sql = "delete from v_device_keys ";
+		$array['device_keys'][0]['device_key_uuid'] = $device_key_uuid;
-		$sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' or domain_uuid is null) ";
+
-		$sql .= "and device_key_uuid = '".$id."' ";
+		$database = new database;
-		$db->exec($sql);
+		$database->app_name = 'devices';
-		unset($sql);
+		$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
 //send a redirect
-	message::add($text['message-delete']);
+	if (is_uuid($device_uuid)) {
-	if ($device_uuid != '') {
 		header("Location: device_edit.php?id=".$device_uuid);
 	}
-	else if ($device_profile_uuid != '') {
+	else if (is_uuid($device_profile_uuid)) {
 		header("Location: device_profile_edit.php?id=".$device_profile_uuid);
 	}
-	return;
+	exit;
 ?>

app/devices/device_key_edit.php

@@ -38,37 +38,37 @@ else {
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$device_key_uuid = check_str($_REQUEST["id"]);
+		$device_key_uuid = $_REQUEST["id"];
-		$device_uuid = check_str($_REQUEST["device_uuid"]);
+		$device_uuid = $_REQUEST["device_uuid"];
 	}
 	else {
 		$action = "add";
 	}
 
 //set the parent uuid
-	if (strlen($_GET["device_key_uuid"]) > 0) {
+	if (is_uuid($_GET["device_key_uuid"])) {
-		$device_key_uuid = check_str($_GET["device_key_uuid"]);
+		$device_key_uuid = $_GET["device_key_uuid"];
 	}
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$device_key_id = check_str($_POST["device_key_id"]);
+		$device_key_id = $_POST["device_key_id"];
-		$device_key_category = check_str($_POST["device_key_category"]);
+		$device_key_category = $_POST["device_key_category"];
-		$device_key_type = check_str($_POST["device_key_type"]);
+		$device_key_type = $_POST["device_key_type"];
-		$device_key_line = check_str($_POST["device_key_line"]);
+		$device_key_line = $_POST["device_key_line"];
-		$device_key_value = check_str($_POST["device_key_value"]);
+		$device_key_value = $_POST["device_key_value"];
-		$device_key_extension = check_str($_POST["device_key_extension"]);
+		$device_key_extension = $_POST["device_key_extension"];
-		$device_key_label = check_str($_POST["device_key_label"]);
+		$device_key_label = $_POST["device_key_label"];
-		$device_key_icon = check_str($_POST["device_key_icon"]);
+		$device_key_icon = $_POST["device_key_icon"];
 	}
 
 if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 	$msg = '';
 	if ($action == "update") {
-		$device_key_uuid = check_str($_POST["device_key_uuid"]);
+		$device_key_uuid = $_POST["device_key_uuid"];
 	}
 
 	//check for all required data
@@ -95,74 +95,52 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	//add or update the database
 		if ($_POST["persistformvar"] != "true") {
 			if ($action == "add" && permission_exists('device_key_add')) {
-				$sql = "insert into v_device_keys ";
+				$array['device_keys'][0]['device_key_uuid'] = uuid();
-				$sql .= "(";
-				$sql .= "domain_uuid, ";
-				$sql .= "device_key_uuid, ";
-				$sql .= "device_uuid, ";
-				$sql .= "device_key_id, ";
-				$sql .= "device_key_category, ";
-				$sql .= "device_key_type, ";
-				$sql .= "device_key_line, ";
-				$sql .= "device_key_value, ";
-				$sql .= "device_key_extension, ";
-				$sql .= "device_key_label, ";
-                                $sql .= "device_key_icon ";
-				$sql .= ")";
-				$sql .= "values ";
-				$sql .= "(";
-				$sql .= "'$domain_uuid', ";
-				$sql .= "'".uuid()."', ";
-				$sql .= "'$device_uuid', ";
-				$sql .= "'$device_key_id', ";
-				$sql .= "'$device_key_category', ";
-				$sql .= "'$device_key_type', ";
-				$sql .= "'$device_key_line', ";
-				$sql .= "'$device_key_value', ";
-				$sql .= "'$device_key_extension', ";
-				$sql .= "'$device_key_label', ";
-				$sql .= "'$device_key_icon' ";
-				$sql .= ")";
-				$db->exec(check_sql($sql));
-				unset($sql);
 
 				message::add($text['message-add']);
-				header("Location: device_edit.php?id=".$device_uuid);
+			}
-				return;
-			} //if ($action == "add")
 
 			if ($action == "update" && permission_exists('device_key_edit')) {
-				$sql = "update v_device_keys set ";
+				$array['device_keys'][0]['device_key_uuid'] = $device_key_uuid;
-				$sql .= "device_key_id = '$device_key_id', ";
-				$sql .= "device_key_category = '$device_key_category', ";
-				$sql .= "device_key_type = '$device_key_type', ";
-				$sql .= "device_key_line = '$device_key_line', ";
-				$sql .= "device_key_value = '$device_key_value', ";
-				$sql .= "device_key_extension = '$device_key_extension', ";
-				$sql .= "device_key_label = '$device_key_label', ";
-				$sql .= "device_key_icon = '$device_key_icon' ";
-				$sql .= "where domain_uuid = '$domain_uuid' ";
-				$sql .= "and device_key_uuid = '$device_key_uuid' ";
-				$db->exec(check_sql($sql));
-				unset($sql);
 
 				message::add($text['message-update']);
+			}
+
+			if (is_array($array) && @sizeof($array) != 0) {
+				$array['device_keys'][0]['domain_uuid'] = $domain_uuid;
+				$array['device_keys'][0]['device_uuid'] = $device_uuid;
+				$array['device_keys'][0]['device_key_id'] = $device_key_id;
+				$array['device_keys'][0]['device_key_category'] = $device_key_category;
+				$array['device_keys'][0]['device_key_type'] = $device_key_type;
+				$array['device_keys'][0]['device_key_line'] = $device_key_line;
+				$array['device_keys'][0]['device_key_value'] = $device_key_value;
+				$array['device_keys'][0]['device_key_extension'] = $device_key_extension;
+				$array['device_keys'][0]['device_key_label'] = $device_key_label;
+				$array['device_keys'][0]['device_key_icon'] = $device_key_icon;
+
+				$database = new database;
+				$database->app_name = 'devices';
+				$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+				$database->save($array);
+				unset($array);
+
 				header("Location: device_edit.php?id=".$device_uuid);
 				return;
-			} //if ($action == "update")
+			}
-		} //if ($_POST["persistformvar"] != "true")
+		}
-} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+}
 
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
-		$device_key_uuid = check_str($_GET["id"]);
+		$device_key_uuid = $_GET["id"];
 		$sql = "select * from v_device_keys ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
-		$sql .= "and device_key_uuid = '$device_key_uuid' ";
+		$sql .= "and device_key_uuid = :device_key_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['domain_uuid'] = $domain_uuid;
-		$prep_statement->execute();
+		$parameters['device_key_uuid'] = $device_key_uuid;
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$database = new database;
-		foreach ($result as &$row) {
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$device_uuid = $row["device_uuid"];
 			$device_key_id = $row["device_key_id"];
 			$device_key_category = $row["device_key_category"];
@@ -173,7 +151,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 			$device_key_label = $row["device_key_label"];
 			$device_key_icon = $row["device_key_icon"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header
@@ -193,31 +171,15 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
 	echo "	<select class='formfld' name='device_key_category'>\n";
-	echo "	<option value=''></option>\n";
+	echo "		<option value=''></option>\n";
-	if ($device_key_category == "line") {
+	if ($device_key_category != '') {
-		echo "	<option value='line' selected='selected'>".$text['label-line']."</option>\n";
+		$selected[$device_key_category] = "selected='selected'";
-	}
-	else {
-		echo "	<option value='line'>".$text['label-line']."</option>\n";
-	}
-	if ($device_key_category == "memory") {
-		echo "	<option value='memory' selected='selected'>".$text['label-memory']."</option>\n";
-	}
-	else {
-		echo "	<option value='memory'>".$text['label-memory']."</option>\n";
-	}
-	if ($device_key_category == "programmable") {
-		echo "	<option value='programmable' selected='selected'>".$text['label-programmable']."</option>\n";
-	}
-	else {
-		echo "	<option value='programmable'>".$text['label-programmable']."</option>\n";
-	}
-	if ($device_key_category == "expansion") {
-		echo "	<option value='expansion' selected='selected'>".$text['label-expansion']."</option>\n";
-	}
-	else {
-		echo "	<option value='expansion'>".$text['label-expansion']."</option>\n";
 	}
+	echo "		<option value='line' ".$selected['line'].">".$text['label-line']."</option>\n";
+	echo "		<option value='memory' ".$selected['memory'].">".$text['label-memory']."</option>\n";
+	echo "		<option value='programmable' ".$selected['programmable'].">".$text['label-programmable']."</option>\n";
+	echo "		<option value='expansion' ".$selected['expansion'].">".$text['label-expansion']."</option>\n";
+	unset($selected);
 	echo "	</select>\n";
 	echo "<br />\n";
 	echo $text['description-device_key_category']."\n";
@@ -230,115 +192,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
 	echo "	<select class='formfld' name='device_key_id'>\n";
-	echo "	<option value=''></option>\n";
+	echo "		<option value=''></option>\n";
-	if ($device_key_id == "1") {
+	if (is_numeric($device_key_id)) {
-		echo "	<option value='1' selected='selected'>1</option>\n";
+		$selected[$device_key_id] = "selected='selected'";
 	}
-	else {
+	for ($i = 1; $i <= 18; $i++) {
-		echo "	<option value='1'>1</option>\n";
+		echo "	<option value='".$i."' ".$selected[$i].">".$i."</option>\n";
-	}
-	if ($device_key_id == "2") {
-		echo "	<option value='2' selected='selected'>2</option>\n";
-	}
-	else {
-		echo "	<option value='2'>2</option>\n";
-	}
-	if ($device_key_id == "3") {
-		echo "	<option value='3' selected='selected'>3</option>\n";
-	}
-	else {
-		echo "	<option value='3'>3</option>\n";
-	}
-	if ($device_key_id == "4") {
-		echo "	<option value='4' selected='selected'>4</option>\n";
-	}
-	else {
-		echo "	<option value='4'>4</option>\n";
-	}
-	if ($device_key_id == "5") {
-		echo "	<option value='5' selected='selected'>5</option>\n";
-	}
-	else {
-		echo "	<option value='5'>5</option>\n";
-	}
-	if ($device_key_id == "6") {
-		echo "	<option value='6' selected='selected'>6</option>\n";
-	}
-	else {
-		echo "	<option value='6'>6</option>\n";
-	}
-	if ($device_key_id == "7") {
-		echo "	<option value='7' selected='selected'>7</option>\n";
-	}
-	else {
-		echo "	<option value='7'>7</option>\n";
-	}
-	if ($device_key_id == "8") {
-		echo "	<option value='8' selected='selected'>8</option>\n";
-	}
-	else {
-		echo "	<option value='8'>8</option>\n";
-	}
-	if ($device_key_id == "9") {
-		echo "	<option value='9' selected='selected'>9</option>\n";
-	}
-	else {
-		echo "	<option value='9'>9</option>\n";
-	}
-	if ($device_key_id == "10") {
-		echo "	<option value='10' selected='selected'>10</option>\n";
-	}
-	else {
-		echo "	<option value='10'>10</option>\n";
-	}
-	if ($device_key_id == "11") {
-		echo "	<option value='11' selected='selected'>11</option>\n";
-	}
-	else {
-		echo "	<option value='11'>11</option>\n";
-	}
-	if ($device_key_id == "12") {
-		echo "	<option value='12' selected='selected'>12</option>\n";
-	}
-	else {
-		echo "	<option value='12'>12</option>\n";
-	}
-	if ($device_key_id == "13") {
-		echo "	<option value='13' selected='selected'>13</option>\n";
-	}
-	else {
-		echo "	<option value='13'>13</option>\n";
-	}
-	if ($device_key_id == "14") {
-		echo "	<option value='14' selected='selected'>14</option>\n";
-	}
-	else {
-		echo "	<option value='14'>14</option>\n";
-	}
-	if ($device_key_id == "15") {
-		echo "	<option value='15' selected='selected'>15</option>\n";
-	}
-	else {
-		echo "	<option value='15'>15</option>\n";
-	}
-	if ($device_key_id == "16") {
-		echo "	<option value='16' selected='selected'>16</option>\n";
-	}
-	else {
-		echo "	<option value='16'>16</option>\n";
-	}
-	if ($device_key_id == "17") {
-		echo "	<option value='17' selected='selected'>17</option>\n";
-	}
-	else {
-		echo "	<option value='17'>17</option>\n";
-	}
-	if ($device_key_id == "18") {
-		echo "	<option value='18' selected='selected'>18</option>\n";
-	}
-	else {
-		echo "	<option value='18'>18</option>\n";
 	}
+	unset($selected);
 	echo "	</select>\n";
 	echo "<br />\n";
 	echo $text['description-device_key_id']."\n";
@@ -351,85 +212,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
 	echo "	<select class='formfld' name='device_key_line'>\n";
-	echo "	<option value=''></option>\n";
+	echo "		<option value=''></option>\n";
-	if ($device_key_line == "0") {
+	if (is_numeric($device_key_line)) {
-		echo "	<option value='0' selected='selected'>0</option>\n";
+		$selected[$device_key_line] = "selected='selected'";
 	}
-	else {
+	for ($i = 0; $i <= 12; $i++) {
-		echo "	<option value='0'>0</option>\n";
+		echo "	<option value='".$i."' ".$selected[$i].">".$i."</option>\n";
-	}
-	if ($device_key_line == "1") {
-		echo "	<option value='1' selected='selected'>1</option>\n";
-	}
-	else {
-		echo "	<option value='1'>1</option>\n";
-	}
-	if ($device_key_line == "2") {
-		echo "	<option value='2' selected='selected'>2</option>\n";
-	}
-	else {
-		echo "	<option value='2'>2</option>\n";
-	}
-	if ($device_key_line == "3") {
-		echo "	<option value='3' selected='selected'>3</option>\n";
-	}
-	else {
-		echo "	<option value='3'>3</option>\n";
-	}
-	if ($device_key_line == "4") {
-		echo "	<option value='4' selected='selected'>4</option>\n";
-	}
-	else {
-		echo "	<option value='4'>4</option>\n";
-	}
-	if ($device_key_line == "5") {
-		echo "	<option value='5' selected='selected'>5</option>\n";
-	}
-	else {
-		echo "	<option value='5'>5</option>\n";
-	}
-	if ($device_key_line == "6") {
-		echo "	<option value='6' selected='selected'>6</option>\n";
-	}
-	else {
-		echo "	<option value='6'>6</option>\n";
-	}
-	if ($device_key_line == "7") {
-		echo "	<option value='7' selected='selected'>7</option>\n";
-	}
-	else {
-		echo "	<option value='7'>7</option>\n";
-	}
-	if ($device_key_line == "8") {
-		echo "	<option value='8' selected='selected'>8</option>\n";
-	}
-	else {
-		echo "	<option value='8'>8</option>\n";
-	}
-	if ($device_key_line == "9") {
-		echo "	<option value='9' selected='selected'>9</option>\n";
-	}
-	else {
-		echo "	<option value='9'>9</option>\n";
-	}
-	if ($device_key_line == "10") {
-		echo "	<option value='10' selected='selected'>10</option>\n";
-	}
-	else {
-		echo "	<option value='10'>10</option>\n";
-	}
-	if ($device_key_line == "11") {
-		echo "	<option value='11' selected='selected'>11</option>\n";
-	}
-	else {
-		echo "	<option value='11'>11</option>\n";
-	}
-	if ($device_key_line == "12") {
-		echo "	<option value='12' selected='selected'>12</option>\n";
-	}
-	else {
-		echo "	<option value='12'>12</option>\n";
 	}
+	unset($selected);
 	echo "	</select>\n";
 	echo "<br />\n";
 	echo $text['description-device_key_line']."\n";
@@ -441,76 +231,82 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "	".$text['label-device_key_type']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
-?>
 
-	<?php $selected = "selected='selected'"; ?>
+	$device_key_types['Cisco'] = array(
-	<?php $found = false; ?>
+		'line' => 'line',
-	<select class='formfld' name='device_key_type'>
+		'disabled' => 'disabled'
-	<option value=''></option>
+		);
-	<optgroup label='Cisco'>
+	$device_key_types['Yealink'] = array(
-		<option value='line' <?php if ($device_key_type == "0") { echo $selected;$found=true; } ?>>line</option>
+		0 => 'N/A (Memory Key Default)',
-		<option value='disabled' <?php if ($device_key_type == "disabled") { echo $selected;$found=true; } ?>>disabled</option>
+		1 => 'Conference',
-	</optgroup>
+		2 => 'Forward',
-	<optgroup label='Yealink'>
+		3 => 'Transfer',
-		<option value='0' <?php if ($device_key_type == "0") { echo $selected;$found=true; } ?>>0-N/A(default for memory key)</option>
+		4 => 'Hold',
-		<option value='1' <?php if ($device_key_type == "1") { echo $selected;$found=true; } ?>>1-Conference</option>
+		5 => 'DND',
-		<option value='2' <?php if ($device_key_type == "2") { echo $selected;$found=true; } ?>>2-Forward</option>
+		6 => 'Redial',
-		<option value='3' <?php if ($device_key_type == "3") { echo $selected;$found=true; } ?>>3-Transfer</option>
+		7 => 'Call Return',
-		<option value='4' <?php if ($device_key_type == "4") { echo $selected;$found=true; } ?>>4-Hold</option>
+		8 => 'SMS',
-		<option value='5' <?php if ($device_key_type == "5") { echo $selected;$found=true; } ?>>5-DND</option>
+		9 => 'Call Pickup',
-		<option value='6' <?php if ($device_key_type == "6") { echo $selected;$found=true; } ?>>6-Redial</option>
+		10 => 'Call Park',
-		<option value='7' <?php if ($device_key_type == "7") { echo $selected;$found=true; } ?>>7-Call Return</option>
+		11 => 'DTMF',
-		<option value='8' <?php if ($device_key_type == "8") { echo $selected;$found=true; } ?>>8-SMS</option>
+		12 => 'Voicemail',
-		<option value='9' <?php if ($device_key_type == "9") { echo $selected;$found=true; } ?>>9-Call Pickup</option>
+		13 => 'SpeedDial',
-		<option value='10' <?php if ($device_key_type == "10") { echo $selected;$found=true; } ?>>10-Call Park</option>
+		14 => 'Intercom',
-		<option value='11' <?php if ($device_key_type == "11") { echo $selected;$found=true; } ?>>11-DTMF</option>
+		15 => 'Line (Line Key Default)',
-		<option value='12' <?php if ($device_key_type == "12") { echo $selected;$found=true; } ?>>12-Voicemail</option>
+		16 => 'BLF',
-		<option value='13' <?php if ($device_key_type == "13") { echo $selected;$found=true; } ?>>13-SpeedDial</option>
+		17 => 'URL',
-		<option value='14' <?php if ($device_key_type == "14") { echo $selected;$found=true; } ?>>14-Intercom</option>
+		19 => 'Public Hold',
-		<option value='15' <?php if ($device_key_type == "15") { echo $selected;$found=true; } ?>>15-Line(default for line key)</option>
+		20 => 'Private',
-		<option value='16' <?php if ($device_key_type == "16") { echo $selected;$found=true; } ?>>16-BLF</option>
+		21 => 'Shared Line',
-		<option value='17' <?php if ($device_key_type == "17") { echo $selected;$found=true; } ?>>17-URL</option>
+		22 => 'XML Group',
-		<option value='19' <?php if ($device_key_type == "19") { echo $selected;$found=true; } ?>>19-Public Hold</option>
+		23 => 'Group Pickup',
-		<option value='20' <?php if ($device_key_type == "20") { echo $selected;$found=true; } ?>>20-Private</option>
+		24 => 'Paging',
-		<option value='21' <?php if ($device_key_type == "21") { echo $selected;$found=true; } ?>>21-Shared Line</option>
+		25 => 'Record',
-		<option value='22' <?php if ($device_key_type == "22") { echo $selected;$found=true; } ?>>22-XML Group</option>
+		27 => 'XML Browser',
-		<option value='23' <?php if ($device_key_type == "23") { echo $selected;$found=true; } ?>>23-Group Pickup</option>
+		28 => 'History',
-		<option value='24' <?php if ($device_key_type == "24") { echo $selected;$found=true; } ?>>24-Paging</option>
+		29 => 'Directory',
-		<option value='25' <?php if ($device_key_type == "25") { echo $selected;$found=true; } ?>>25-Record</option>
+		30 => 'Menu',
-		<option value='27' <?php if ($device_key_type == "27") { echo $selected;$found=true; } ?>>27-XML Browser</option>
+		32 => 'New SMS',
-		<option value='28' <?php if ($device_key_type == "28") { echo $selected;$found=true; } ?>>28-History</option>
+		33 => 'Status',
-		<option value='29' <?php if ($device_key_type == "29") { echo $selected;$found=true; } ?>>29-Directory</option>
+		34 => 'Hot Desking',
-		<option value='30' <?php if ($device_key_type == "30") { echo $selected;$found=true; } ?>>30-Menu</option>
+		35 => 'URL Record',
-		<option value='32' <?php if ($device_key_type == "32") { echo $selected;$found=true; } ?>>32-New SMS</option>
+		38 => 'LDAP',
-		<option value='33' <?php if ($device_key_type == "33") { echo $selected;$found=true; } ?>>33-Status</option>
+		39 => 'BLF List',
-		<option value='34' <?php if ($device_key_type == "34") { echo $selected;$found=true; } ?>>34-Hot Desking</option>
+		40 => 'Prefix',
-		<option value='35' <?php if ($device_key_type == "35") { echo $selected;$found=true; } ?>>35-URL Record</option>
+		41 => 'Zero-Sp-Touch',
-		<option value='38' <?php if ($device_key_type == "38") { echo $selected;$found=true; } ?>>38-LDAP</option>
+		42 => 'ACD',
-		<option value='39' <?php if ($device_key_type == "39") { echo $selected;$found=true; } ?>>39-BLF List</option>
+		43 => 'Local Phonebook',
-		<option value='40' <?php if ($device_key_type == "40") { echo $selected;$found=true; } ?>>40-Prefix</option>
+		44 => 'Broadsoft Phonebook',
-		<option value='41' <?php if ($device_key_type == "41") { echo $selected;$found=true; } ?>>41-Zero-Sp-Touch</option>
+		45 => 'Local Group',
-		<option value='42' <?php if ($device_key_type == "42") { echo $selected;$found=true; } ?>>42-ACD</option>
+		46 => 'Broadsoft Group',
-		<option value='43' <?php if ($device_key_type == "43") { echo $selected;$found=true; } ?>>43-Local Phonebook</option>
+		47 => 'XML Phonebook',
-		<option value='44' <?php if ($device_key_type == "44") { echo $selected;$found=true; } ?>>44-Broadsoft Phonebook</option>
+		48 => 'Switch Account Up',
-		<option value='45' <?php if ($device_key_type == "45") { echo $selected;$found=true; } ?>>45-Local Group</option>
+		49 => 'Switch Account Down',
-		<option value='46' <?php if ($device_key_type == "46") { echo $selected;$found=true; } ?>>46-Broadsoft Group</option>
+		50 => 'Keypad Lock'
-		<option value='47' <?php if ($device_key_type == "47") { echo $selected;$found=true; } ?>>47-XML Phonebook</option>
+		);
-		<option value='48' <?php if ($device_key_type == "48") { echo $selected;$found=true; } ?>>48-Switch Account Up</option>
+	$device_key_types['Other'] = array(
-		<option value='49' <?php if ($device_key_type == "49") { echo $selected;$found=true; } ?>>49-Switch Account Down</option>
+		'line' => 'line',
-		<option value='50' <?php if ($device_key_type == "50") { echo $selected;$found=true; } ?>>50-Keypad Lock</option>
+		'other' => 'other'
-	</optgroup>
+		);
-	<optgroup label='Other'>
+	if ($device_key_type != '') {
-		<option value='line' <?php if ($device_key_type == "line") { echo $selected;$found=true; } ?>>line</option>
+		$selected[$device_key_type] = "selected='selected'";
-		<option value='other'>other</option>
+		$found = in_array($device_key_type, $device_key_types_yealink) || $device_key_type == 'disabled' || $device_key_type == 'line' ? true : false;
-	<?php
+	}
-		if (!$found) {
+	echo "<select class='formfld' name='device_key_type'>\n";
+	echo "	<option value=''></option>\n";
+	foreach ($device_key_types as $vendor => $types) {
+		echo "<optgroup label='".$vendor."'>\n";
+		foreach ($types as $value => $label) {
+			echo "<option value='".$value."' ".$selected[$value].">".$label."</option>\n";
+		}
+		if ($vendor == 'Other' && $device_key_type != '' && !$found) {
 			echo "<option value='".$device_key_type."'>".$device_key_type."</option>\n";
 		}
-	?>
+		echo "</optgroup>\n";
-	</optgroup>
+	}
-	</select>
+	echo "</select>\n";
+	unset($selected);
 
-<?php
 	echo "<br />\n";
 	echo $text['description-device_key_type']."\n";
 	echo "</td>\n";
@@ -548,7 +344,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo $text['description-device_key_label']."\n";
 	echo "</td>\n";
 	echo "</tr>\n";
-	
+
         echo "<tr>\n";
 	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 	echo "	".$text['label-device_key_icon']."\n";
@@ -575,4 +371,4 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 //include the footer
 	require_once "resources/footer.php";
-?>
+?>

app/devices/device_line_delete.php

@@ -25,7 +25,7 @@
 require_once "root.php";
 require_once "resources/require.php";
 require_once "resources/check_auth.php";
-if (permission_exists('device_delete')) {
+if (permission_exists('device_line_delete')) {
 	//access granted
 }
 else {
@@ -38,23 +38,24 @@ else {
 	$text = $language->get();
 
 //get the id
-	if (isset($_GET["id"])) {
+	$device_line_uuid = $_GET["id"];
-		$id = $_GET["id"];
+	$device_uuid = $_GET["device_uuid"];
-		$device_uuid = $_GET["device_uuid"];
-	}
 
 //delete device_line
-	if (is_uuid($id)) {
+	if (is_uuid($device_line_uuid) && is_uuid($device_uuid)) {
-		$sql = "delete from v_device_lines ";
+
-		$sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' or domain_uuid is null) ";
+		$array['device_lines'][0]['device_line_uuid'] = $device_line_uuid;
-		$sql .= "and device_line_uuid = '$id' ";
+
-		$prep_statement = $db->prepare(check_sql($sql));
+		$database = new database;
-		$prep_statement->execute();
+		$database->app_name = 'devices';
-		unset($sql);
+		$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
-//send a redirect
+//redirect
-	message::add($text['message-delete']);
 	header("Location: device_edit.php?id=".$device_uuid);
 	return;
 

app/devices/device_line_edit.php

@@ -38,38 +38,38 @@ else {
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$device_line_uuid = check_str($_REQUEST["id"]);
+		$device_line_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
 	}
 
 //set the parent uuid
-	if (strlen($_GET["device_uuid"]) > 0) {
+	if (is_uuid($_GET["device_uuid"])) {
-		$device_uuid = check_str($_GET["device_uuid"]);
+		$device_uuid = $_GET["device_uuid"];
 	}
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$line_number = check_str($_POST["line_number"]);
+		$line_number = $_POST["line_number"];
-		$server_address = check_str($_POST["server_address"]);
+		$server_address = $_POST["server_address"];
-		$outbound_proxy = check_str($_POST["outbound_proxy"]);
+		$outbound_proxy = $_POST["outbound_proxy"];
-		$sip_port = check_str($_POST["sip_port"]);
+		$sip_port = $_POST["sip_port"];
-		$sip_transport = check_str($_POST["sip_transport"]);
+		$sip_transport = $_POST["sip_transport"];
-		$register_expires = check_str($_POST["register_expires"]);
+		$register_expires = $_POST["register_expires"];
-		$display_name = check_str($_POST["display_name"]);
+		$display_name = $_POST["display_name"];
-		$user_id = check_str($_POST["user_id"]);
+		$user_id = $_POST["user_id"];
-		$auth_id = check_str($_POST["auth_id"]);
+		$auth_id = $_POST["auth_id"];
-		$password = check_str($_POST["password"]);
+		$password = $_POST["password"];
 	}
 
 if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 	$msg = '';
 	if ($action == "update") {
-		$device_line_uuid = check_str($_POST["device_line_uuid"]);
+		$device_line_uuid = $_POST["device_line_uuid"];
 	}
 
 	//check for all required data
@@ -97,94 +97,58 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 		if ($_POST["persistformvar"] != "true") {
 			//add the line
 				if ($action == "add" && permission_exists('device_add')) {
-					$sql = "insert into v_device_lines ";
+					$array['device_lines'][0]['device_line_uuid'] = uuid();
-					$sql .= "(";
+					$array['device_lines'][0]['sip_port'] = $sip_port;
-					$sql .= "domain_uuid, ";
+					$array['device_lines'][0]['register_expires'] = $register_expires;
-					$sql .= "device_line_uuid, ";
+
-					$sql .= "device_uuid, ";
+					message::add($text['message-add']);
-					$sql .= "line_number, ";
+				}
-					$sql .= "server_address, ";
-					$sql .= "outbound_proxy, ";
-					$sql .= "sip_port, ";
-					$sql .= "sip_transport, ";
-					$sql .= "register_expires, ";
-					$sql .= "display_name, ";
-					$sql .= "user_id, ";
-					$sql .= "auth_id, ";
-					$sql .= "password ";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'$domain_uuid', ";
-					$sql .= "'".uuid()."', ";
-					$sql .= "'$device_uuid', ";
-					$sql .= "'$line_number', ";
-					$sql .= "'$server_address', ";
-					$sql .= "'$outbound_proxy', ";
-					$sql .= "'$sip_port', ";
-					$sql .= "'$sip_transport', ";
-					$sql .= "'$register_expires', ";
-					$sql .= "'$display_name', ";
-					$sql .= "'$user_id', ";
-					$sql .= "'$auth_id', ";
-					$sql .= "'$password' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
-				} //if ($action == "add")
 
 			//update the line
 				if ($action == "update" && permission_exists('device_edit')) {
-					$sql = "update v_device_lines set ";
+					$array['device_lines'][0]['device_line_uuid'] = $device_line_uuid;
-					$sql .= "device_uuid = '$device_uuid', ";
+					$array['device_lines'][0]['sip_port'] = $sip_port != '' ? $sip_port : null;
-					$sql .= "line_number = '$line_number', ";
+					$array['device_lines'][0]['register_expires'] = $register_expires != '' ? $register_expires : null;
-					$sql .= "server_address = '$server_address', ";
-					$sql .= "outbound_proxy = '$outbound_proxy', ";
-					if (strlen($sip_port) > 0) {
-						$sql .= "sip_port = '$sip_port', ";
-					}
-					else {
-						$sql .= "sip_port = null, ";
-					}
-					$sql .= "sip_transport = '$sip_transport', ";
-					if (strlen($register_expires) > 0) {
-						$sql .= "register_expires = '$register_expires', ";
-					}
-					else {
-						$sql .= "register_expires = null, ";
-					}
-					$sql .= "display_name = '$display_name', ";
-					$sql .= "user_id = '$user_id', ";
-					$sql .= "auth_id = '$auth_id', ";
-					$sql .= "password = '$password' ";
-					$sql .= "where domain_uuid = '$domain_uuid' ";
-					$sql .= "and device_line_uuid = '$device_line_uuid' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
-				} //if ($action == "update")
 
+					message::add($text['message-update']);
+				}
+
+			//execute
+				if (is_array($array) && @sizeof($array) != 0) {
+					$array['device_lines'][0]['domain_uuid'] = $domain_uuid;
+					$array['device_lines'][0]['device_uuid'] = $device_uuid;
+					$array['device_lines'][0]['line_number'] = $line_number;
+					$array['device_lines'][0]['server_address'] = $server_address;
+					$array['device_lines'][0]['outbound_proxy'] = $outbound_proxy;
+					$array['device_lines'][0]['sip_transport'] = $sip_transport;
+					$array['device_lines'][0]['display_name'] = $display_name;
+					$array['device_lines'][0]['user_id'] = $user_id;
+					$array['device_lines'][0]['auth_id'] = $auth_id;
+					$array['device_lines'][0]['password'] = $password;
+
+					$database = new database;
+					$database->app_name = 'devices';
+					$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+					$database->save($array);
+					unset($array);
+				}
 
-			if ($action == "add") {
-				message::add($text['message-add']);
-			}
-			if ($action == "update") {
-				message::add($text['message-update']);
-			}
 			header("Location: device_edit.php?id=".$device_uuid);
-			return;
+			exit;
-		} //if ($_POST["persistformvar"] != "true")
+		}
-} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+}
 
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
-		$device_line_uuid = check_str($_GET["id"]);
+		$device_line_uuid = $_GET["id"];
 		$sql = "select * from v_device_lines ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
-		$sql .= "and device_line_uuid = '$device_line_uuid' ";
+		$sql .= "and device_line_uuid = :device_line_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['domain_uuid'] = $domain_uuid;
-		$prep_statement->execute();
+		$parameters['device_line_uuid'] = $device_line_uuid;
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$database = new database;
-		foreach ($result as &$row) {
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$line_number = $row["line_number"];
 			$server_address = $row["server_address"];
 			$outbound_proxy = $row["outbound_proxy"];
@@ -196,7 +160,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 			$auth_id = $row["auth_id"];
 			$password = $row["password"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header
@@ -215,42 +179,15 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "	".$text['label-line_number']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
-	echo "				<select class='formfld' style='width: 45px;' name='line_number'>\n";
+	echo "	<select class='formfld' style='width: 45px;' name='line_number'>\n";
-	echo "				<option value='".escape($line_number)."' SELECTED='SELECTED'>".escape($line_number)."</option>\n";
+	if (is_numeric($line_number)) {
-	echo "				<option value=''></option>\n";
+		echo "	<option value='".escape($line_number)."' selected='selected'>".escape($line_number)."</option>\n";
-	echo "				<option value='1'>1</option>\n";
+	}
-	echo "				<option value='2'>2</option>\n";
+	echo "		<option value=''></option>\n";
-	echo "				<option value='3'>3</option>\n";
+	for ($n = 1; $n <= 32; $n++) {
-	echo "				<option value='4'>4</option>\n";
+		echo "	<option value='".$n."'>".$n."</option>\n";
-	echo "				<option value='5'>5</option>\n";
+	}
-	echo "				<option value='6'>6</option>\n";
+	echo "	</select>\n";
-	echo "				<option value='7'>7</option>\n";
-	echo "				<option value='8'>8</option>\n";
-	echo "				<option value='9'>9</option>\n";
-	echo "				<option value='10'>10</option>\n";
-	echo "				<option value='11'>11</option>\n";
-	echo "				<option value='12'>12</option>\n";
-	echo "				<option value='13'>13</option>\n";
-	echo "				<option value='14'>14</option>\n";
-	echo "				<option value='15'>15</option>\n";
-	echo "				<option value='16'>16</option>\n";
-	echo "				<option value='17'>17</option>\n";
-	echo "				<option value='18'>18</option>\n";
-	echo "				<option value='19'>19</option>\n";
-	echo "				<option value='20'>20</option>\n";
-	echo "				<option value='21'>21</option>\n";
-	echo "				<option value='22'>22</option>\n";
-	echo "				<option value='23'>23</option>\n";
-	echo "				<option value='24'>24</option>\n";
-	echo "				<option value='25'>25</option>\n";
-	echo "				<option value='26'>26</option>\n";
-	echo "				<option value='27'>27</option>\n";
-	echo "				<option value='28'>28</option>\n";
-	echo "				<option value='29'>29</option>\n";
-	echo "				<option value='30'>30</option>\n";
-	echo "				<option value='31'>31</option>\n";
-	echo "				<option value='32'>32</option>\n";
-	echo "				</select>\n";
 	echo "<br />\n";
 	echo $text['description-line_number']."\n";
 	echo "</td>\n";

app/devices/device_profile_copy.php

@@ -43,39 +43,42 @@
 	$text = $language->get();
 
 //set the http get/post variable(s) to a php variable
-	if (isset($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$device_profile_uuid = $_REQUEST["id"];
 	}
 
-//set the default
-	$save = true;
-
 //get the device
-	$sql = "SELECT * FROM v_device_profiles ";
+	$sql = "select * from v_device_profiles ";
-	$sql .= "where device_profile_uuid = '".$device_profile_uuid."' ";
+	$sql .= "where device_profile_uuid = :device_profile_uuid ";
+	$parameters['device_profile_uuid'] = $device_profile_uuid;
 	$database = new database;
-	$device_profiles = $database->select($sql);
+	$device_profiles = $database->select($sql, $parameters);
+	unset($sql, $parameters);
 
 //get device keys
-	$sql = "SELECT * FROM v_device_keys ";
+	$sql = "select * from v_device_keys ";
-	$sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' ";
+	$sql .= "where device_profile_uuid = :device_profile_uuid ";
-	$sql .= "ORDER by ";
+	$sql .= "order by ";
-	$sql .= "CASE device_key_category ";
+	$sql .= "case device_key_category ";
-	$sql .= "WHEN 'line' THEN 1 ";
+	$sql .= "when 'line' then 1 ";
-	$sql .= "WHEN 'memort' THEN 2 ";
+	$sql .= "when 'memort' then 2 ";
-	$sql .= "WHEN 'programmable' THEN 3 ";
+	$sql .= "when 'programmable' then 3 ";
-	$sql .= "WHEN 'expansion' THEN 4 ";
+	$sql .= "when 'expansion' then 4 ";
-	$sql .= "ELSE 100 END, ";
+	$sql .= "else 100 end, ";
 	$sql .= "cast(device_key_id as numeric) asc ";
+	$parameters['device_profile_uuid'] = $device_profile_uuid;
 	$database = new database;
-	$device_keys = $database->select($sql);
+	$device_keys = $database->select($sql, $parameters);
+	unset($sql, $parameters);
 
 //get device settings
-	$sql = "SELECT * FROM v_device_settings ";
+	$sql = "select * from v_device_settings ";
-	$sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' ";
+	$sql .= "where device_profile_uuid = :device_profile_uuid ";
-	$sql .= "ORDER by device_setting_subcategory asc ";
+	$sql .= "order by device_setting_subcategory asc ";
+	$parameters['device_profile_uuid'] = $device_profile_uuid;
 	$database = new database;
-	$device_settings = $database->select($sql);
+	$device_settings = $database->select($sql, $parameters);
+	unset($sql, $parameters);
 
 //prepare the devices array
 	unset($device_profiles[0]["device_profile_uuid"]);
@@ -106,14 +109,13 @@
 	$array["device_profiles"][0]["device_settings"] = $device_settings;
 
 //copy the device
-	if ($save) {
+	$database = new database;
-		$database = new database;
+	$database->app_name = 'devices';
-		$database->app_name = 'devices';
+	$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
-		$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+	$database->save($array);
-		$database->save($array);
+	unset($array);
-		$response = $database->message;
+
-		message::add($text['message-copy']);
+	message::add($text['message-copy']);
-	}
 
 //redirect
 	header("Location: device_profiles.php");

app/devices/device_profile_delete.php

@@ -42,42 +42,53 @@
 	$text = $language->get();
 
 //get the id
-	if (isset($_GET["id"])) {
+	$device_profile_uuid = $_GET["id"];
-		$id = $_GET["id"];
-	}
 
 //delete the data and subdata
-	if (is_uuid($id)) {
+	if (is_uuid($device_profile_uuid)) {
 
-		//delete device profile keys
+		//add temp permissions
-			$sql = "delete from v_device_keys ";
+			$p = new permissions;
-			$sql .= "where device_profile_uuid = '".$id."' ";
+			$p->add('device_key_delete', 'temp');
-			$db->exec($sql);
+			$p->add('device_edit', 'temp');
-			unset($sql);
 
-		//delete device profile
+		//create array
-			$sql = "delete from v_device_profiles ";
+			$array['device_keys'][0]['device_profile_uuid'] = $device_profile_uuid;
-			$sql .= "where device_profile_uuid = '".$id."' ";
+			$array['device_profiles'][0]['device_profile_uuid'] = $device_profile_uuid;
-			$db->exec($sql);
+
-			unset($sql);
+		//delete
+			$database = new database;
+			$database->app_name = 'devices';
+			$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+			$database->delete($array);
+			unset($array);
 
 		//remove device profile uuid from any assigned devices
 			$sql = "update v_devices set ";
 			$sql .= "device_profile_uuid = null ";
-			$sql .= "where device_profile_uuid = '".$id."' ";
+			$sql .= "where device_profile_uuid = :device_profile_uuid ";
-			$db->exec($sql);
+			$parameters['device_profile_uuid'] = $device_profile_uuid;
-			unset($sql);
+			$database = new database;
+			$database->execute($sql);
+			unset($sql, $parameters);
+
+		//remove temp permissions
+			$p->delete('device_key_delete', 'temp');
+			$p->delete('device_edit', 'temp');
+
+		//write the provision files
+			if ($_SESSION['provision']['path']['text'] != '') {
+				$prov = new provision;
+				$prov->domain_uuid = $domain_uuid;
+				$response = $prov->write();
+			}
+
+		//set message
+			message::add($text['message-delete']);
+
 	}
 
-//write the provision files
+//redirect the user
-	if (strlen($_SESSION['provision']['path']['text']) > 0) {
-		$prov = new provision;
-		$prov->domain_uuid = $domain_uuid;
-		$response = $prov->write();
-	}
-
-//set the message and redirect the user
-	message::add($text['message-delete']);
 	header("Location: device_profiles.php");
 	return;
 

app/devices/device_profile_edit.php

@@ -42,9 +42,9 @@
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$device_profile_uuid = check_str($_REQUEST["id"]);
+		$device_profile_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -53,28 +53,28 @@
 //get http post variables and set them to php variables
 	if (count($_POST) > 0) {
 		//echo "<textarea>"; print_r($_POST); echo "</textarea>"; exit;
-		$device_profile_name = check_str($_POST["device_profile_name"]);
+		$device_profile_name = $_POST["device_profile_name"];
-		$device_profile_enabled = check_str($_POST["device_profile_enabled"]);
+		$device_profile_enabled = $_POST["device_profile_enabled"];
-		$device_profile_description = check_str($_POST["device_profile_description"]);
+		$device_profile_description = $_POST["device_profile_description"];
-		$device_key_category = check_str($_POST["device_key_category"]);
+		$device_key_category = $_POST["device_key_category"];
-		$device_key_id = check_str($_POST["device_key_id"]);
+		$device_key_id = $_POST["device_key_id"];
-		$device_key_type = check_str($_POST["device_key_type"]);
+		$device_key_type = $_POST["device_key_type"];
-		$device_key_line = check_str($_POST["device_key_line"]);
+		$device_key_line = $_POST["device_key_line"];
-		$device_key_value = check_str($_POST["device_key_value"]);
+		$device_key_value = $_POST["device_key_value"];
-		$device_key_extension = check_str($_POST["device_key_extension"]);
+		$device_key_extension = $_POST["device_key_extension"];
-		$device_key_label = check_str($_POST["device_key_label"]);
+		$device_key_label = $_POST["device_key_label"];
-                $device_key_icon = check_str($_POST["device_key_icon"]);
+                $device_key_icon = $_POST["device_key_icon"];
 		
-		//$device_setting_category = check_str($_POST["device_setting_category"]);
+		//$device_setting_category = $_POST["device_setting_category"];
-		$device_setting_subcategory = check_str($_POST["device_setting_subcategory"]);
+		$device_setting_subcategory = $_POST["device_setting_subcategory"];
-		//$device_setting_name = check_str($_POST["device_setting_name"]);
+		//$device_setting_name = $_POST["device_setting_name"];
-		$device_setting_value = check_str($_POST["device_setting_value"]);
+		$device_setting_value = $_POST["device_setting_value"];
-		$device_setting_enabled = check_str($_POST["device_setting_enabled"]);
+		$device_setting_enabled = $_POST["device_setting_enabled"];
-		$device_setting_description = check_str($_POST["device_setting_description"]);
+		$device_setting_description = $_POST["device_setting_description"];
 		
 		//allow the domain_uuid to be changed only with the device_profile_domain permission
 		if (permission_exists('device_profile_domain')) {
-			$domain_uuid = check_str($_POST["domain_uuid"]);
+			$domain_uuid = $_POST["domain_uuid"];
 		}
 		else {
 			$_POST["domain_uuid"] = $_SESSION['domain_uuid'];
@@ -163,6 +163,7 @@
 						if (strlen($response['uuid']) > 0) {
 							$device_profile_uuid = $response['uuid'];
 						}
+						unset($array);
 					}
 
 				//write the provision files
@@ -196,44 +197,41 @@
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
 		$sql = "select * from v_device_profiles ";
-		$sql .= "where device_profile_uuid = '$device_profile_uuid' ";
+		$sql .= "where device_profile_uuid = :device_profile_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['device_profile_uuid'] = $device_profile_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$row = $database->select($sql, $parameters, 'row');
-		foreach ($result as &$row) {
+		if (is_array($row) && @sizeof($row) != 0) {
 			$device_profile_name = $row["device_profile_name"];
 			$device_profile_domain_uuid = $row["domain_uuid"];
 			$device_profile_enabled = $row["device_profile_enabled"];
 			$device_profile_description = $row["device_profile_description"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //set the sub array index
 	$x = "999";
 
 //get device keys
-	$sql = "SELECT * FROM v_device_keys ";
+	$sql = "select * from v_device_keys ";
-	$sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' ";
+	$sql .= "where device_profile_uuid = :device_profile_uuid ";
-	$sql .= "ORDER by ";
+	$sql .= "order by ";
 	$sql .= "device_key_vendor asc, ";
-	$sql .= "CASE device_key_category ";
+	$sql .= "case device_key_category ";
-	$sql .= "WHEN 'line' THEN 1 ";
+	$sql .= "when 'line' then 1 ";
-	$sql .= "WHEN 'memory' THEN 2 ";
+	$sql .= "when 'memory' then 2 ";
-	$sql .= "WHEN 'programmable' THEN 3 ";
+	$sql .= "when 'programmable' then 3 ";
-	$sql .= "WHEN 'expansion' THEN 4 ";
+	$sql .= "when 'expansion' then 4 ";
-	$sql .= "WHEN 'expansion-1' THEN 5 ";
+	$sql .= "when 'expansion-1' then 5 ";
-	$sql .= "WHEN 'expansion-2' THEN 6 ";
+	$sql .= "when 'expansion-2' then 6 ";
-	$sql .= "ELSE 100 END, ";
+	$sql .= "else 100 end, ";
-	if ($db_type == "mysql") {
+	$sql .= $db_type == "mysql" ? "device_key_id asc " : "cast(device_key_id as numeric) asc ";
-		$sql .= "device_key_id asc ";
+	$parameters['device_profile_uuid'] = $device_profile_uuid;
-	}
+	$database = new database;
-	else {
+	$device_keys = $database->select($sql, $parameters, 'all');
-		$sql .= "cast(device_key_id as numeric) asc ";
+	unset($sql, $parameters);
-	}
+
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$device_keys = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 	$device_keys[$x]['device_key_category'] = '';
 	$device_keys[$x]['device_key_id'] = '';
 	$device_keys[$x]['device_key_type'] = '';
@@ -242,27 +240,27 @@
 	$device_keys[$x]['device_key_extension'] = '';
 	$device_keys[$x]['device_key_protected'] = '';
 	$device_keys[$x]['device_key_label'] = '';
-        $device_keys[$x]['device_key_icon'] = '';
+	$device_keys[$x]['device_key_icon'] = '';
 
 //get the vendors
-	$sql = "SELECT * ";
+	$sql = "select * ";
-	$sql .= "FROM v_device_vendors as v ";
+	$sql .= "from v_device_vendors as v ";
 	$sql .= "where enabled = 'true' ";
 	$sql .= "order by name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	$prep_statement->execute();
+	$vendors = $database->select($sql, null, 'all');
-	$vendors = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql);
 
 //get the vendor functions
-	$sql = "SELECT v.name as vendor_name, f.name, f.value ";
+	$sql = "select v.name as vendor_name, f.name, f.value ";
-	$sql .= "FROM v_device_vendors as v, v_device_vendor_functions as f ";
+	$sql .= "from v_device_vendors as v, v_device_vendor_functions as f ";
 	$sql .= "where v.device_vendor_uuid = f.device_vendor_uuid ";
 	$sql .= "and v.enabled = 'true' ";
 	$sql .= "and f.enabled = 'true' ";
 	$sql .= "order by v.name asc, f.name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	$prep_statement->execute();
+	$vendor_functions = $database->select($sql, null, 'all');
-	$vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql);
 
 //get the vendor count
 	$vendor_count = 0;
@@ -274,12 +272,14 @@
 	}
 
 //get device settings
-	$sql = "SELECT * FROM v_device_settings ";
+	$sql = "select * from v_device_settings ";
-	$sql .= "WHERE device_profile_uuid = '".$device_profile_uuid."' ";
+	$sql .= "where device_profile_uuid = :device_profile_uuid ";
-	$sql .= "ORDER by device_setting_subcategory asc ";
+	$sql .= "order by device_setting_subcategory asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_profile_uuid'] = $device_profile_uuid;
-	$prep_statement->execute();
+	$database = new database;
-	$device_settings = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$device_settings = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
+
 	$device_settings[$x]['device_setting_name'] = '';
 	$device_settings[$x]['device_setting_value'] = '';
 	$device_settings[$x]['enabled'] = '';
@@ -408,7 +408,7 @@
 				echo "			</tr>\n";
 			}
 		//determine whether to hide the element
-			if (strlen($device_key_uuid) == 0) {
+			if (!is_uuid($device_key_uuid)) {
 				$element['hidden'] = false;
 				$element['visibility'] = "visibility:visible;";
 			}
@@ -417,7 +417,7 @@
 				$element['visibility'] = "visibility:hidden;";
 			}
 		//add the primary key uuid
-			if (strlen($row['device_key_uuid']) > 0) {
+			if (is_uuid($row['device_key_uuid'])) {
 				echo "	<input name='device_keys[".$x."][device_key_uuid]' type='hidden' value=\"".escape($row['device_key_uuid'])."\">\n";
 			}
 			else {
@@ -584,7 +584,7 @@
 			echo "</td>\n";
 
 			echo "<td nowrap='nowrap'>\n";
-			if (strlen($row['device_key_uuid']) > 0) {
+			if (is_uuid($row['device_key_uuid'])) {
 				if (permission_exists('device_key_delete')) {
 					echo "					<a href='device_key_delete.php?device_profile_uuid=".escape($row['device_profile_uuid'])."&id=".escape($row['device_key_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
 				}
@@ -619,7 +619,7 @@
 	$x = 0;
 	foreach($device_settings as $row) {
 		//determine whether to hide the element
-			if (strlen($device_setting_uuid) == 0) {
+			if (!is_uuid($device_setting_uuid)) {
 				$element['hidden'] = false;
 				$element['visibility'] = "visibility:visible;";
 			}
@@ -628,7 +628,7 @@
 				$element['visibility'] = "visibility:hidden;";
 			}
 		//add the primary key uuid
-			if (strlen($row['device_setting_uuid']) > 0) {
+			if (is_uuid($row['device_setting_uuid'])) {
 				echo "	<input name='device_settings[".$x."][device_setting_uuid]' type='hidden' value=\"".escape($row['device_setting_uuid'])."\"/>\n";
 			}
 
@@ -670,7 +670,7 @@
 			echo "		</td>";
 
 			echo "				<td>\n";
-			if (strlen($row['device_setting_uuid']) > 0) {
+			if (is_uuid($row['device_setting_uuid'])) {
 				echo "					<a href='device_setting_delete.php?device_profile_uuid=".escape($row['device_profile_uuid'])."&id=".escape($row['device_setting_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
 			}
 			echo "				</td>\n";
@@ -693,7 +693,7 @@
 		echo "<td class='vtable' align='left'>\n";
 		echo "	<select class='formfld' name='domain_uuid'>\n";
 		if ($action == "update") {
-			echo "	<option value='' ".(($device_profile_domain_uuid == '') ? "selected='selected'" : null).">".$text['select-global']."</option>\n";
+			echo "	<option value='' ".(!is_uuid($device_profile_domain_uuid) ? "selected='selected'" : null).">".$text['select-global']."</option>\n";
 			foreach ($_SESSION['domains'] as $dom) {
 				echo "<option value='".escape($dom['domain_uuid'])."' ".(($device_profile_domain_uuid == $dom['domain_uuid']) ? "selected='selected'" : null).">".escape($dom['domain_name'])."</option>\n";
 			}

app/devices/device_profiles.php

@@ -42,32 +42,31 @@
 	$text = $language->get();
 
 //get the http values and set them as variables
-	$search = check_str($_GET["search"]);
+	$search = $_GET["search"];
-	if (isset($_GET["order_by"])) {
+	$order_by = $_GET["order_by"];
-		$order_by = check_str($_GET["order_by"]);
+	$order = $_GET["order"];
-		$order = check_str($_GET["order"]);
-	}
 
 //additional includes
 	require_once "resources/header.php";
 	$document['title'] = $text['title-profiles'];
 	require_once "resources/paging.php";
 
+//common sql
+	$sql_where = "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
+	if ($search != '') {
+		$sql_where .= "and (";
+		$sql_where .= " 	device_profile_name like :search ";
+		$sql_where .= " 	or device_profile_description like :search ";
+		$sql_where .= ") ";
+		$parameters['search'] = '%'.$search.'%';
+	}
+	$parameters['domain_uuid'] = $domain_uuid;
+
 //prepare to page the results
-	$sql = "select count(*) as num_rows from v_device_profiles ";
+	$sql = "select count(*) from v_device_profiles ";
-	$sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
+	$sql .= $sql_where;
-	if (strlen($search) > 0) {
+	$database = new database;
-		$sql .= "and (";
+	$num_rows = $database->select($sql, $parameters, 'column');
-		$sql .= " 	device_profile_name like '%".$search."%' ";
-		$sql .= " 	or device_profile_description like '%".$search."%' ";
-		$sql .= ") ";
-	}
-	$prep_statement = $db->prepare($sql);
-	if ($prep_statement) {
-	$prep_statement->execute();
-		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-		$num_rows = ($row['num_rows'] > 0) ? $row['num_rows'] : 0;
-	}
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -78,25 +77,12 @@
 	$offset = $rows_per_page * $page;
 
 //get the device profiles
-	$sql = "select * from v_device_profiles ";
+	$sql = str_replace('count(*)', '*', $sql);
-	$sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
+	$sql .= order_by($order_by, $order, 'device_profile_name');
-	if (strlen($search) > 0) {
+	$sql .= limit_offset($rows_per_page, $offset);
-		$sql .= "and (";
+	$database = new database;
-		$sql .= " 	device_profile_name like '%".$search."%' ";
+	$device_profiles = $database->select($sql, $parameters, 'all');
-		$sql .= " 	or device_profile_description like '%".$search."%' ";
+	unset($sql, $parameters);
-		$sql .= ") ";
-	}
-	if (strlen($order_by) == 0) {
-		$sql .= "order by device_profile_name asc ";
-	}
-	else {
-		$sql .= "order by ".$order_by." ".$order." ";
-	}
-	$sql .= "limit ".$rows_per_page." offset ".$offset." ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$device_profiles = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset ($prep_statement, $sql);
 
 //set row styles
 	$c = 0;
@@ -134,13 +120,13 @@
 	echo "</td>\n";
 	echo "<tr>\n";
 
-	if (is_array($device_profiles)) {
+	if (is_array($device_profiles) && @sizeof($device_profiles) != 0) {
 		foreach($device_profiles as $row) {
 			$tr_link = (permission_exists('device_profile_edit')) ? "href='device_profile_edit.php?id=".escape($row['device_profile_uuid'])."'" : null;
 			echo "<tr ".$tr_link.">\n";
 			echo "	<td valign='top' class='".$row_style[$c]."'>";
 			echo (permission_exists('device_profile_edit')) ? "<a href='device_profile_edit.php?id=".escape($row['device_profile_uuid'])."'>".escape($row['device_profile_name'])."</a>" : escape($row['device_profile_name']);
-			echo ($row['domain_uuid'] == '') ? "&nbsp;&nbsp;&nbsp;&nbsp;<span style='color: #888; font-size: 80%'>".$text['select-global']."</span>" : null;
+			echo !is_uuid($row['domain_uuid']) ? "&nbsp;&nbsp;&nbsp;&nbsp;<span style='color: #888; font-size: 80%'>".$text['select-global']."</span>" : null;
 			echo "	</td>\n";
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$text['label-'.escape($row['device_profile_enabled'])]."&nbsp;</td>\n";
 			echo "	<td valign='top' class='row_stylebg'>".escape($row['device_profile_description'])."&nbsp;</td>\n";
@@ -154,9 +140,9 @@
 			echo "	</td>\n";
 			echo "</tr>\n";
 			$c = ($c == 0) ? 1 : 0;
-		} //end foreach
+		}
-		unset($sql, $device_profiles, $row_count);
+	}
-	} //end if results
+	unset($device_profiles);
 
 	echo "<tr>\n";
 	echo "<td colspan='4'>\n";

app/devices/device_setting_delete.php

@@ -39,42 +39,45 @@ else {
 	$text = $language->get();
 
 //get the id
-	if (isset($_GET["id"])) {
+	$device_setting_uuid = $_GET["id"];
-		$id = $_GET["id"];
+	$device_uuid = $_GET["device_uuid"];
-		$device_uuid = $_GET["device_uuid"];
+	$device_profile_uuid = $_GET["device_profile_uuid"];
-		$device_profile_uuid = $_GET["device_profile_uuid"];
-	}
 
-//delete device settings
+//default location
-	if (is_uuid($id)) {
+	$location = 'devices.php';
-		$sql = "delete from v_device_settings ";
-		$sql .= "where device_uuid = '$device_uuid' ";
-		$sql .= "and device_setting_uuid = '$id' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($sql);
-	}
-	
-//delete profile device settings
-	if (is_uuid($id) and is_uuid($device_profile_uuid)) {
-		$sql = "delete from v_device_settings ";
-		$sql .= "where device_profile_uuid = '$device_profile_uuid' ";
-		$sql .= "and device_setting_uuid = '$id' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($sql);
-	}	
 
-//redirect to device profile
+if (is_uuid($device_setting_uuid)) {
-	if (is_uuid($device_profile_uuid)) {
+
+	//delete device settings
+		if (is_uuid($device_uuid)) {
+			$array['device_settings'][0]['device_setting_uuid'] = $device_setting_uuid;
+			$array['device_settings'][0]['device_uuid'] = $device_uuid;
+
+			$location = "device_edit.php?id=".$device_uuid;
+		}
+
+	//delete profile device settings
+		if (is_uuid($device_profile_uuid)) {
+			$array['device_settings'][1]['device_setting_uuid'] = $device_setting_uuid;
+			$array['device_settings'][1]['device_profile_uuid'] = $device_profile_uuid;
+
+			$location = "device_profile_edit.php?id=".$device_profile_uuid;
+		}
+
+	//execute
+		$database = new database;
+		$database->app_name = 'devices';
+		$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+		$database->delete($array);
+		unset($array);
+
+	//set message
 		message::add($text['message-delete']);
-		header("Location: device_profile_edit.php?id=".$device_profile_uuid);
+
-		return;
+}
-	}
+
-	
+//redirect
-//send a redirect
+	header("Location: ".$location);
-	message::add($text['message-delete']);
+	exit;
-	header("Location: device_edit.php?id=".$device_uuid);
-	return;
 
 ?>

app/devices/device_setting_edit.php

@@ -39,7 +39,7 @@ else {
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
 		$device_setting_uuid = check_str($_REQUEST["id"]);
 	}
@@ -47,25 +47,25 @@ else {
 		$action = "add";
 	}
 
-if (strlen($_GET["device_uuid"]) > 0) {
+if (is_uuid($_GET["device_uuid"])) {
-	$device_uuid = check_str($_GET["device_uuid"]);
+	$device_uuid = $_GET["device_uuid"];
 }
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$device_setting_category = check_str($_POST["device_setting_category"]);
+		$device_setting_category = $_POST["device_setting_category"];
-		$device_setting_subcategory = check_str($_POST["device_setting_subcategory"]);
+		$device_setting_subcategory = $_POST["device_setting_subcategory"];
-		$device_setting_name = check_str($_POST["device_setting_name"]);
+		$device_setting_name = $_POST["device_setting_name"];
-		$device_setting_value = check_str($_POST["device_setting_value"]);
+		$device_setting_value = $_POST["device_setting_value"];
-		$device_setting_enabled = check_str($_POST["device_setting_enabled"]);
+		$device_setting_enabled = $_POST["device_setting_enabled"];
-		$device_setting_description = check_str($_POST["device_setting_description"]);
+		$device_setting_description = $_POST["device_setting_description"];
 	}
 
 if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 	$msg = '';
 	if ($action == "update" && permission_exists('device_setting_edit')) {
-		$device_setting_uuid = check_str($_POST["device_setting_uuid"]);
+		$device_setting_uuid = $_POST["device_setting_uuid"];
 	}
 		if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
 			require_once "resources/header.php";
@@ -84,77 +84,57 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 		if ($_POST["persistformvar"] != "true") {
 			//add the device
 				if ($action == "add" && permission_exists('device_setting_add')) {
-					$sql = "insert into v_device_settings ";
+					$array['device_settings'][0]['device_setting_uuid'] = uuid();
-					$sql .= "(";
+					message::add($text['message-add']);
-					$sql .= "device_uuid, ";
+				}
-					$sql .= "device_setting_uuid, ";
-					$sql .= "device_setting_category, ";
-					$sql .= "device_setting_subcategory, ";
-					$sql .= "device_setting_name, ";
-					$sql .= "device_setting_value, ";
-					$sql .= "device_setting_enabled, ";
-					$sql .= "device_setting_description ";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'$device_uuid', ";
-					$sql .= "'".uuid()."', ";
-					$sql .= "'$device_setting_category', ";
-					$sql .= "'$device_setting_subcategory', ";
-					$sql .= "'$device_setting_name', ";
-					$sql .= "'$device_setting_value', ";
-					$sql .= "'$device_setting_enabled', ";
-					$sql .= "'$device_setting_description' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
-				} //if ($action == "add")
 
 			//update the device
 				if ($action == "update" && permission_exists('device_setting_edit')) {
-					$sql = "update v_device_settings set ";
+					$array['device_settings'][0]['device_setting_uuid'] = $device_setting_uuid;
-					$sql .= "device_setting_category = '$device_setting_category', ";
+					message::add($text['message-update']);
-					$sql .= "device_setting_subcategory = '$device_setting_subcategory', ";
+				}
-					$sql .= "device_setting_name = '$device_setting_name', ";
-					$sql .= "device_setting_value = '$device_setting_value', ";
-					$sql .= "device_setting_enabled = '$device_setting_enabled', ";
-					$sql .= "device_setting_description = '$device_setting_description' ";
-					$sql .= "where device_uuid = '$device_uuid' ";
-					$sql .= "and device_setting_uuid = '$device_setting_uuid'";
-					$db->exec(check_sql($sql));
-					unset($sql);
-				} //if ($action == "update")
 
-			if ($action == "add") {
+			//execute
-				message::add($text['message-add']);
+			if (is_array($array) && @sizeof($array) != 0) {
-			}
+				$array['device_settings'][0]['device_uuid'] = $device_uuid;
-			if ($action == "update") {
+				$array['device_settings'][0]['device_setting_category'] = $device_setting_category;
-				message::add($text['message-update']);
+				$array['device_settings'][0]['device_setting_subcategory'] = $device_setting_subcategory;
+				$array['device_settings'][0]['device_setting_name'] = $device_setting_name;
+				$array['device_settings'][0]['device_setting_value'] = $device_setting_value;
+				$array['device_settings'][0]['device_setting_enabled'] = $device_setting_enabled;
+				$array['device_settings'][0]['device_setting_description'] = $device_setting_description;
+
+				$database = new database;
+				$database->app_name = 'devices';
+				$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+				$database->save($array);
+				unset($array);
 			}
+
 			header("Location: device_edit.php?id=".$device_uuid);
-			return;
+			exit;
-		} //if ($_POST["persistformvar"] != "true")
+		}
-} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+}
 
 //pre-populate the form
 	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
-		$device_setting_uuid = check_str($_GET["id"]);
+		$device_setting_uuid = $_GET["id"];
 		$sql = "select * from v_device_settings ";
-		$sql .= "where device_uuid = '$device_uuid' ";
+		$sql .= "where device_uuid = :device_uuid ";
-		$sql .= "and device_setting_uuid = '$device_setting_uuid' ";
+		$sql .= "and device_setting_uuid = :device_setting_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['device_uuid'] = $device_uuid;
-		$prep_statement->execute();
+		$parameters['device_setting_uuid'] = $device_setting_uuid;
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$database = new database;
-		foreach ($result as &$row) {
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$device_setting_category = $row["device_setting_category"];
 			$device_setting_subcategory = $row["device_setting_subcategory"];
 			$device_setting_name = $row["device_setting_name"];
 			$device_setting_value = $row["device_setting_value"];
 			$device_setting_enabled = $row["device_setting_enabled"];
 			$device_setting_description = $row["device_setting_description"];
-			break; //limit to 1 row
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header

app/devices/device_settings.php

@@ -44,7 +44,7 @@ require_once "resources/paging.php";
 //get variables used to control the order
 	$order_by = $_GET["order_by"];
 	$order = $_GET["order"];
-	$device_uuid = check_str($_GET["id"]);
+	$device_uuid = $_GET["id"];
 
 //show the content
 	echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
@@ -60,21 +60,14 @@ require_once "resources/paging.php";
 	echo "</table>\n";
 
 	//prepare to page the results
-		$sql = "select count(*) as num_rows from v_devices_settings ";
+		$sql = "select count(*) from v_devices_settings ";
-		$sql .= "where device_uuid = '$device_uuid' ";
+		$sql .= "where device_uuid = :device_uuid ";
-		$sql .= "and domain_uuid = '$domain_uuid' ";
+		$sql .= "and domain_uuid = :domain_uuid ";
-		if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+		$parameters['device_uuid'] = $device_uuid;
-		$prep_statement = $db->prepare($sql);
+		$parameters['domain_uuid'] = $domain_uuid;
-		if ($prep_statement) {
+		$database = new database;
-		$prep_statement->execute();
+		$num_rows = $database->select($sql, $parameters, 'column');
-			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+		unset($sql);
-			if ($row['num_rows'] > 0) {
-				$num_rows = $row['num_rows'];
-			}
-			else {
-				$num_rows = '0';
-			}
-		}
 
 	//prepare to page the results
 		$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -85,22 +78,20 @@ require_once "resources/paging.php";
 		$offset = $rows_per_page * $page;
 
 	//get the list
-		$sql = "select * from v_device_settings ";
+		$sql = str_replace('count(*)', '*', $sql);
-		$sql .= "where device_uuid = '$device_uuid' ";
+		$sql .= order_by($order_by, $order);
-		if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+		$sql .= limit_offset($rows_per_page, $offset);
-		$sql .= "limit $rows_per_page offset $offset ";
+		$database = new database;
-		$prep_statement = $db->prepare(check_sql($sql));
+		$result = $database->select($sql, $parameters, 'all');
-		$prep_statement->execute();
+		unset($sql, $parameters);
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+
-		$result_count = count($result);
-		unset ($prep_statement, $sql);
 	$c = 0;
 	$row_style["0"] = "row_style0";
 	$row_style["1"] = "row_style1";
 
 	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 
-	if ($result_count > 0) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		$previous_category = '';
 		foreach($result as $row) {
 			if ($previous_category != $row['device_setting_category']) {
@@ -142,9 +133,9 @@ require_once "resources/paging.php";
 			echo "</tr>\n";
 			$previous_category = $row['device_setting_category'];
 			if ($c==0) { $c=1; } else { $c=0; }
-		} //end foreach
+		}
-		unset($sql, $result, $row_count);
+	}
-	} //end if results
+	unset($result, $row);
 
 	echo "<tr>\n";
 	echo "<td colspan='6' align='left'>\n";

app/devices/device_vendor_delete.php

@@ -43,22 +43,26 @@
 	$text = $language->get();
 
 //get the id
-	if (count($_GET)>0) {
+	$device_vendor_uuid = $_GET["id"];
-		$id = check_str($_GET["id"]);
-	}
 
 //delete the data
-	if (strlen($id)>0) {
+	if (is_uuid($device_vendor_uuid)) {
-		//delete device_vendor
+		//create array
-			$sql = "delete from v_device_vendors ";
+			$array['device_vendors'][0]['device_vendor_uuid'] = $device_vendor_uuid;
-			$sql .= "where device_vendor_uuid = '$id' ";
+
-			$prep_statement = $db->prepare(check_sql($sql));
+		//execute
-			$prep_statement->execute();
+			$database = new database;
-			unset($sql);
+			$database->app_name = 'devices';
+			$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+			$database->delete($array);
+			unset($array);
+
+		//set message
+			message::add($text['message-delete']);
 	}
 
 //redirect the user
-	message::add($text['message-delete']);
 	header('Location: device_vendors.php');
+	exit;
 
 ?>

app/devices/device_vendor_edit.php

@@ -43,9 +43,9 @@
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$device_vendor_uuid = check_str($_REQUEST["id"]);
+		$device_vendor_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -53,9 +53,9 @@
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$name = check_str($_POST["name"]);
+		$name = $_POST["name"];
-		$enabled = check_str($_POST["enabled"]);
+		$enabled = $_POST["enabled"];
-		$description = check_str($_POST["description"]);
+		$description = $_POST["description"];
 	}
 
 //process the data
@@ -63,7 +63,7 @@
 
 		//get the uuid
 			if ($action == "update") {
-				$device_vendor_uuid = check_str($_POST["device_vendor_uuid"]);
+				$device_vendor_uuid = $_POST["device_vendor_uuid"];
 			}
 
 		//check for all required data
@@ -87,59 +87,46 @@
 		//add or update the database
 			if ($_POST["persistformvar"] != "true") {
 				if ($action == "add" && permission_exists('device_vendor_add')) {
-					$sql = "insert into v_device_vendors ";
+					$array['device_vendors'][0]['device_vendor_uuid'] = uuid();
-					$sql .= "(";
-					$sql .= "device_vendor_uuid, ";
-					$sql .= "name, ";
-					$sql .= "enabled, ";
-					$sql .= "description ";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".uuid()."', ";
-					$sql .= "'$name', ";
-					$sql .= "'$enabled', ";
-					$sql .= "'$description' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
-
 					message::add($text['message-add']);
-					header("Location: device_vendors.php");
+				}
-					return;
-
-				} //if ($action == "add")
 
 				if ($action == "update" && permission_exists('device_vendor_edit')) {
-					$sql = "update v_device_vendors set ";
+					$array['device_vendors'][0]['device_vendor_uuid'] = $device_vendor_uuid;
-					$sql .= "name = '$name', ";
-					$sql .= "enabled = '$enabled', ";
-					$sql .= "description = '$description' ";
-					$sql .= "where device_vendor_uuid = '$device_vendor_uuid'";
-					$db->exec(check_sql($sql));
-					unset($sql);
-
 					message::add($text['message-update']);
+				}
+
+				if (is_array($array) && @sizeof($array) != 0) {
+					$array['device_vendors'][0]['name'] = $name;
+					$array['device_vendors'][0]['enabled'] = $enabled;
+					$array['device_vendors'][0]['description'] = $description;
+
+					$database = new database;
+					$database->app_name = 'devices';
+					$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+					$database->save($array);
+					unset($array);
+
 					header("Location: device_vendors.php");
-					return;
+					exit;
-				} //if ($action == "update")
+				}
-			} //if ($_POST["persistformvar"] != "true")
+			}
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+	}
 
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
-		$device_vendor_uuid = check_str($_GET["id"]);
+		$device_vendor_uuid = $_GET["id"];
 		$sql = "select * from v_device_vendors ";
-		$sql .= "where device_vendor_uuid = '".$device_vendor_uuid."' ";
+		$sql .= "where device_vendor_uuid = :device_vendor_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['device_vendor_uuid'] = $device_vendor_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$row = $database->select($sql, $parameters, 'row');
-		foreach ($result as &$row) {
+		if (is_array($row) && @sizeof($row) != 0) {
 			$name = $row["name"];
 			$enabled = $row["enabled"];
 			$description = $row["description"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header

app/devices/device_vendor_function_delete.php

@@ -43,23 +43,31 @@
 	$text = $language->get();
 
 //get the id
-	if (count($_GET)>0) {
+	$device_vendor_function_uuid = $_GET["id"];
-		$id = check_str($_GET["id"]);
+	$device_vendor_uuid = $_GET["device_vendor_uuid"];
-		$device_vendor_uuid = check_str($_GET["device_vendor_uuid"]);
-	}
 
 //delete the data
-	if (strlen($id)>0) {
+	if (is_uuid($device_vendor_function_uuid) && is_uuid($device_vendor_uuid)) {
-		//delete device_vendor_function
+		//create array
-			$sql = "delete from v_device_vendor_functions ";
+			$array['device_vendor_functions'][0]['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-			$sql .= "where device_vendor_function_uuid = '$id' ";
+
-			$prep_statement = $db->prepare(check_sql($sql));
+		//execute delete
-			$prep_statement->execute();
+			$database = new database;
-			unset($sql);
+			$database->app_name = 'devices';
+			$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+			$database->delete($array);
+			unset($array);
+
+		//set message
+			message::add($text['message-delete']);
+
+		//redirect the user
+			header('Location: device_vendor_edit.php?id='.$device_vendor_uuid);
+			exit;
 	}
 
-//redirect the user
+//default redirect
-	message::add($text['message-delete']);
+	header('Location: device_vendors.php');
-	header('Location: device_vendor_function_edit.php?id='.$device_vendor_uuid);
+	exit;
 
 ?>

app/devices/device_vendor_function_edit.php

@@ -31,17 +31,28 @@
 //delete the group from the menu item
 	if ($_REQUEST["a"] == "delete" && permission_exists("device_vendor_function_delete") && $_REQUEST["id"] != '') {
 		//get the id
-			$device_vendor_function_group_uuid = check_str($_REQUEST["id"]);
+			$device_vendor_function_group_uuid = $_REQUEST["id"];
-			$device_vendor_function_uuid = check_str($_REQUEST["device_vendor_function_uuid"]);
+			$device_vendor_function_uuid = $_REQUEST["device_vendor_function_uuid"];
-			$device_vendor_uuid = check_str($_REQUEST["device_vendor_uuid"]);
+			$device_vendor_uuid = $_REQUEST["device_vendor_uuid"];
-		//delete the group from the users
+
-			$sql = "delete from v_device_vendor_function_groups ";
+		//delete the device vendor function group
-			$sql .= "where device_vendor_function_group_uuid = '".$device_vendor_function_group_uuid."' ";
+			$array['device_vendor_function_groups'][0]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid;
-			$db->exec(check_sql($sql));
+
+			$p = new permissions;
+			$p->add('device_vendor_function_group_delete', 'temp');
+
+			$database = new database;
+			$database->app_name = 'devices';
+			$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+			$database->delete($array);
+			unset($array);
+
+			$p->delete('device_vendor_function_group_delete', 'temp');
+
 		//redirect the browser
 			message::add($text['message-delete']);
 			header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid));
-			return;
+			exit;
 	}
 
 //check permissions
@@ -55,9 +66,9 @@
 	}
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$device_vendor_function_uuid = check_str($_REQUEST["id"]);
+		$device_vendor_function_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -68,17 +79,17 @@
 	$text = $language->get();
 
 //set the parent uuid
-	if (strlen($_GET["device_vendor_uuid"]) > 0) {
+	if (is_uuid($_GET["device_vendor_uuid"])) {
-		$device_vendor_uuid = check_str($_GET["device_vendor_uuid"]);
+		$device_vendor_uuid = $_GET["device_vendor_uuid"];
 	}
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		//$label = check_str($_POST["label"]);
+		//$label = $_POST["label"];
-		$name = check_str($_POST["name"]);
+		$name = $_POST["name"];
-		$value = check_str($_POST["value"]);
+		$value = $_POST["value"];
-		$enabled = check_str($_POST["enabled"]);
+		$enabled = $_POST["enabled"];
-		$description = check_str($_POST["description"]);
+		$description = $_POST["description"];
 	}
 
 //process the http variables
@@ -86,7 +97,7 @@
 
 		//get the uuid
 			if ($action == "update") {
-				$device_vendor_function_uuid = check_str($_POST["device_vendor_function_uuid"]);
+				$device_vendor_function_uuid = $_POST["device_vendor_function_uuid"];
 			}
 
 		//check for all required data
@@ -115,125 +126,107 @@
 				//add vendor functions
 					if ($action == "add" && permission_exists('device_vendor_function_add')) {
 						$device_vendor_function_uuid = uuid();
-						$sql = "insert into v_device_vendor_functions ";
+						$array['device_vendor_functions'][0]['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-						$sql .= "(";
+					}
-						$sql .= "device_vendor_function_uuid, ";
-						$sql .= "device_vendor_uuid, ";
-						//$sql .= "label, ";
-						$sql .= "name, ";
-						$sql .= "value, ";
-						$sql .= "enabled, ";
-						$sql .= "description ";
-						$sql .= ")";
-						$sql .= "values ";
-						$sql .= "(";
-						$sql .= "'".$device_vendor_function_uuid."', ";
-						$sql .= "'$device_vendor_uuid', ";
-						//$sql .= "'$label', ";
-						$sql .= "'$name', ";
-						$sql .= "'$value', ";
-						$sql .= "'$enabled', ";
-						$sql .= "'$description' ";
-						$sql .= ")";
-						$db->exec(check_sql($sql));
-						unset($sql);
-					} //if ($action == "add")
 
 				//update vendor functions
 					if ($action == "update" && permission_exists('device_vendor_function_edit')) {
-						$sql = "update v_device_vendor_functions set ";
+						$array['device_vendor_functions'][0]['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-						$sql .= "device_vendor_uuid = '$device_vendor_uuid', ";
+					}
-						//$sql .= "label = '$label', ";
+
-						$sql .= "name = '$name', ";
+				//execute
-						$sql .= "value = '$value', ";
+					if (is_array($array) && @sizeof($array) != 0) {
-						$sql .= "enabled = '$enabled', ";
+						$array['device_vendor_functions'][0]['device_vendor_uuid'] = $device_vendor_uuid;
-						$sql .= "description = '$description' ";
+						//$array['device_vendor_functions'][0]['label'] = $label;
-						$sql .= "where device_vendor_function_uuid = '$device_vendor_function_uuid'";
+						$array['device_vendor_functions'][0]['name'] = $name;
-						$db->exec(check_sql($sql));
+						$array['device_vendor_functions'][0]['value'] = $value;
-						unset($sql);
+						$array['device_vendor_functions'][0]['enabled'] = $enabled;
-					} //if ($action == "update")
+						$array['device_vendor_functions'][0]['description'] = $description;
+
+						$database = new database;
+						$database->app_name = 'devices';
+						$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+						$database->save($array);
+						unset($array);
+					}
 
 				//add a group to the menu
 					if (permission_exists('device_vendor_function_add') && $_REQUEST["group_uuid_name"] != '') {
 
 						//get the group uuid and group_name
-							$group_data = explode('|', check_str($_REQUEST["group_uuid_name"]));
+							$group_data = explode('|', $_REQUEST["group_uuid_name"]);
 							$group_uuid = $group_data[0];
 							$group_name = $group_data[1];
 
 						//add the group to the menu
-							if (strlen($device_vendor_function_uuid) > 0) {
+							if (is_uuid($device_vendor_function_uuid)) {
 								$device_vendor_function_group_uuid = uuid();
-								$sql = "insert into v_device_vendor_function_groups ";
+								$array['device_vendor_function_groups'][0]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid;
-								$sql .= "(";
+								$array['device_vendor_function_groups'][0]['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-								$sql .= "device_vendor_function_group_uuid, ";
+								$array['device_vendor_function_groups'][0]['device_vendor_uuid'] = $device_vendor_uuid;
-								$sql .= "device_vendor_function_uuid, ";
+								$array['device_vendor_function_groups'][0]['group_name'] = $group_name;
-								$sql .= "device_vendor_uuid, ";
+								$array['device_vendor_function_groups'][0]['group_uuid'] = $group_uuid;
-								$sql .= "group_name, ";
+
-								$sql .= "group_uuid ";
+								$p = new permissions;
-								$sql .= ")";
+								$p->add('device_vendor_function_group_add', 'temp');
-								$sql .= "values ";
+
-								$sql .= "(";
+								$database = new database;
-								$sql .= "'".$device_vendor_function_group_uuid."', ";
+								$database->app_name = 'devices';
-								$sql .= "'".$device_vendor_function_uuid."', ";
+								$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
-								$sql .= "'".$device_vendor_uuid."', ";
+								$database->save($array);
-								$sql .= "'".$group_name."', ";
+								unset($array);
-								$sql .= "'".$group_uuid."' ";
+
-								$sql .= ")";
+								$p->delete('device_vendor_function_group_add', 'temp');
-								$db->exec($sql);
 							}
 					}
 
 				//redirect the user
 					$_SESSION["message"] = $text['message-'.$action];
 					header("Location: device_vendor_function_edit.php?id=".escape($device_vendor_function_uuid) ."&device_vendor_uuid=".escape($device_vendor_uuid));
-					return;
+					exit;
-			} //if ($_POST["persistformvar"] != "true")
+			}
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+	}
 
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
-		$device_vendor_function_uuid = check_str($_GET["id"]);
+		$device_vendor_function_uuid = $_GET["id"];
 		$sql = "select * from v_device_vendor_functions ";
-		$sql .= "where device_vendor_function_uuid = '$device_vendor_function_uuid' ";
+		$sql .= "where device_vendor_function_uuid = :device_vendor_function_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-		$prep_statement->execute();
+		$database = new database;
-		$device_vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$row = $database->select($sql, $parameters, 'row');
-		foreach ($device_vendor_functions as &$row) {
+		if (is_array($row) && @sizeof($row) != 0) {
 			//$label = $row["label"];
 			$name = $row["name"];
 			$value = $row["value"];
 			$enabled = $row["enabled"];
 			$description = $row["description"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
-//group groups assigned
+//get function groups assigned
 	$sql = "select ";
-	$sql .= "	fg.*, g.domain_uuid as group_domain_uuid ";
+	$sql .= "fg.*, g.domain_uuid as group_domain_uuid ";
 	$sql .= "from ";
-	$sql .= "	v_device_vendor_function_groups as fg, ";
+	$sql .= "v_device_vendor_function_groups as fg, ";
-	$sql .= "	v_groups as g ";
+	$sql .= "v_groups as g ";
 	$sql .= "where ";
-	$sql .= "	fg.group_uuid = g.group_uuid ";
+	$sql .= "fg.group_uuid = g.group_uuid ";
-	$sql .= "	and fg.device_vendor_uuid = :device_vendor_uuid ";
+	$sql .= "and fg.device_vendor_uuid = :device_vendor_uuid ";
-	//$sql .= "	and fg.device_vendor_uuid = '$device_vendor_uuid' ";
+	$sql .= "and fg.device_vendor_function_uuid = :device_vendor_function_uuid ";
-	$sql .= "	and fg.device_vendor_function_uuid = :device_vendor_function_uuid ";
-	//$sql .= "	and fg.device_vendor_function_uuid = '$device_vendor_function_uuid' ";
 	$sql .= "order by ";
-	$sql .= "	g.domain_uuid desc, ";
+	$sql .= "g.domain_uuid desc, ";
-	$sql .= "	g.group_name asc ";
+	$sql .= "g.group_name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$parameters['device_vendor_uuid'] = $device_vendor_uuid;
-	$prep_statement->bindParam(':device_vendor_uuid', $device_vendor_uuid);
+	$parameters['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-	$prep_statement->bindParam(':device_vendor_function_uuid', $device_vendor_function_uuid);
+	$database = new database;
-	$prep_statement->execute();
+	$function_groups = $database->select($sql, $parameters, 'all');
-	$function_groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql, $parameters);
-	unset($sql, $prep_statement);
 
 //set the assigned_groups array
-	if (is_array($menu_item_groups)) {
+	if (is_array($function_groups) && @sizeof($function_groups) != 0) {
-		foreach($menu_item_groups as $field) {
+		foreach($function_groups as $field) {
 			if (strlen($field['group_name']) > 0) {
 				$assigned_groups[] = $field['group_uuid'];
 			}
@@ -242,14 +235,20 @@
 
 //get the groups
 	$sql = "select * from v_groups ";
-	if (sizeof($assigned_groups) > 0) {
+	if (is_array($assigned_groups) && @sizeof($assigned_groups) != 0) {
-		$sql .= "where group_uuid not in ('".implode("','",$assigned_groups)."') ";
+		$sql .= "where ";
+		foreach ($assigned_groups as $index => $group_uuid) {
+			$sql_where[] = 'group_uuid <> :group_uuid_'.$index;
+			$parameters['group_uuid_'.$index] = $group_uuid;
+		}
+		if (is_array($sql_where) && @sizeof($sql_where) != 0) {
+			$sql .= implode(' and ', $sql_where);
+		}
 	}
 	$sql .= "order by domain_uuid desc, group_name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	$prep_statement->execute();
+	$groups = $database->select($sql, $parameters, 'all');
-	$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql, $parameters, $sql_where, $index);
-	unset($sql, $prep_statement);
 
 //show the header
 	require_once "resources/header.php";
@@ -298,13 +297,10 @@
 	echo "</td>\n";
 	echo "</tr>\n";
 
-	//echo "<pre>\n";
-	//print_r($function_groups);
-	//echo "</pre>\n";
 	echo "	<tr>";
 	echo "		<td class='vncell' valign='top'>".$text['label-groups']."</td>";
 	echo "		<td class='vtable'>";
-	if (is_array($function_groups)) {
+	if (is_array($function_groups) && @sizeof($function_groups) != 0) {
 		echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
 		foreach($function_groups as $field) {
 			if (strlen($field['group_name']) > 0) {
@@ -322,7 +318,7 @@
 		}
 		echo "</table>\n";
 	}
-	if (is_array($groups)) {
+	if (is_array($groups) && @sizeof($groups) != 0) {
 		echo "<br />\n";
 		echo "<select name='group_uuid_name' class='formfld' style='width: auto; margin-right: 3px;'>\n";
 		echo "	<option value=''></option>\n";

app/devices/device_vendor_functions.php

@@ -43,19 +43,20 @@
 	$text = $language->get();
 
 //get variables used to control the order
-	$order_by = check_str($_GET["order_by"]);
+	$order_by = $_GET["order_by"];
-	$order = check_str($_GET["order"]);
+	$order = $_GET["order"];
 
 //add the search term
-	$search = check_str($_GET["search"]);
+	$search = $_GET["search"];
 	if (strlen($search) > 0) {
-		$sql_search = "and (";
+		$sql_where = "and (";
-		$sql_search .= "label like '%".$search."%'";
+		$sql_where .= "label like :search ";
-		$sql_search .= "or name like '%".$search."%'";
+		$sql_where .= "or name like :search ";
-		$sql_search .= "or value like '%".$search."%'";
+		$sql_where .= "or value like :search ";
-		$sql_search .= "or enabled like '%".$search."%'";
+		$sql_where .= "or enabled like :search ";
-		$sql_search .= "or description like '%".$search."%'";
+		$sql_where .= "or description like :search ";
-		$sql_search .= ")";
+		$sql_where .= ")";
+		$parameters['search'] = '%'.$search.'%';
 	}
 
 //additional includes
@@ -63,21 +64,12 @@
 	require_once "resources/paging.php";
 
 //prepare to page the results
-	$sql = "select count(*) as num_rows from v_device_vendor_functions ";
+	$sql = "select count(*) from v_device_vendor_functions ";
-	$sql .= "where device_vendor_uuid = '$device_vendor_uuid' ";
+	$sql .= "where device_vendor_uuid = :device_vendor_uuid ";
-	$sql .= $sql_search;
+	$sql .= $sql_where;
-	if (strlen($order_by) == 0) { $sql .= "order by name asc "; } else { $sql .= "order by $order_by $order "; }
+	$parameters['device_vendor_uuid'] = $device_vendor_uuid;
-	$prep_statement = $db->prepare($sql);
+	$database = new database;
-	if ($prep_statement) {
+	$num_rows = $database->select($sql, $parameters, 'column');
-		$prep_statement->execute();
-		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-		if ($row['num_rows'] > 0) {
-				$num_rows = $row['num_rows'];
-		}
-		else {
-				$num_rows = '0';
-		}
-	}
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -88,15 +80,12 @@
 	$offset = $rows_per_page * $page;
 
 //get the list
-	$sql = "select * from v_device_vendor_functions ";
+	$sql = str_replace('count(*)', '*', $sql);
-	$sql .= "where device_vendor_uuid = '$device_vendor_uuid' ";
+	$sql .= order_by($order_by, $order, 'name', 'asc');
-	$sql .= $sql_search;
+	$sql .= limit_offset($rows_per_page, $offset);
-	if (strlen($order_by) == 0) { $sql .= "order by name asc "; } else { $sql .= "order by $order_by $order "; }
+	$database = new database;
-	$sql .= "limit $rows_per_page offset $offset ";
+	$vendor_functions = $database->select($sql, $parameters, 'all');
-	$prep_statement = $db->prepare(check_sql($sql));
+	unset($sql, $parameters);
-	$prep_statement->execute();
-	$vendor_functions = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset ($prep_statement, $sql);
 
 //alternate the row style
 	$c = 0;
@@ -118,7 +107,7 @@
 
 	echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 	echo "<tr>\n";
-	echo "<th>".$text['label-label']."</th>\n";
+	//echo "<th>".$text['label-label']."</th>\n";
 	echo th_order_by('name', $text['label-name'], $order_by, $order);
 	echo th_order_by('value', $text['label-value'], $order_by, $order);
 	echo "<th>".$text['label-groups']."</th>\n";
@@ -134,30 +123,27 @@
 	echo "</td>\n";
 	echo "<tr>\n";
 
-	if (is_array($vendor_functions)) {
+	if (is_array($vendor_functions) && @sizeof($vendor_functions) != 0) {
 		foreach($vendor_functions as $row) {
 
 			//get the groups that have been assigned to the vendor functions
 				$sql = "select ";
-				$sql .= "	fg.*, g.domain_uuid as group_domain_uuid ";
+				$sql .= "fg.*, g.domain_uuid as group_domain_uuid ";
 				$sql .= "from ";
-				$sql .= "	v_device_vendor_function_groups as fg, ";
+				$sql .= "v_device_vendor_function_groups as fg, ";
-				$sql .= "	v_groups as g ";
+				$sql .= "v_groups as g ";
 				$sql .= "where ";
-				$sql .= "	fg.group_uuid = g.group_uuid ";
+				$sql .= "fg.group_uuid = g.group_uuid ";
-				$sql .= "	and fg.device_vendor_uuid = :device_vendor_uuid ";
+				$sql .= "and fg.device_vendor_uuid = :device_vendor_uuid ";
-				//$sql .= "	and fg.device_vendor_uuid = '$device_vendor_uuid' ";
+				$sql .= "and fg.device_vendor_function_uuid = :device_vendor_function_uuid ";
-				$sql .= "	and fg.device_vendor_function_uuid = :device_vendor_function_uuid ";
-				//$sql .= "	and fg.device_vendor_function_uuid = '".$row['device_vendor_function_uuid']."' ";
 				$sql .= "order by ";
-				$sql .= "	g.domain_uuid desc, ";
+				$sql .= "g.domain_uuid desc, ";
-				$sql .= "	g.group_name asc ";
+				$sql .= "g.group_name asc ";
-				$prep_statement = $db->prepare(check_sql($sql));
+				$parameters['device_vendor_uuid'] = $device_vendor_uuid;
-				$prep_statement->bindParam(':device_vendor_uuid', $device_vendor_uuid);
+				$parameters['device_vendor_function_uuid'] = $row['device_vendor_function_uuid'];
-				$prep_statement->bindParam(':device_vendor_function_uuid', $row['device_vendor_function_uuid']);
+				$database = new database;
-				$prep_statement->execute();
+				$vendor_function_groups = $database->select($sql, $parameters, 'all');
-				$vendor_function_groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+				unset($sql, $parameters);
-				unset($sql, $prep_statement);
 				unset($group_list);
 				foreach ($vendor_function_groups as &$sub_row) {
 					$group_list[] = escape($sub_row["group_name"]).(($sub_row['group_domain_uuid'] != '') ? "@".escape($_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name']) : null);
@@ -170,7 +156,7 @@
 				}
 			//show the row of data
 				echo "<tr ".$tr_link.">\n";
-				echo "	<td valign='top' class='".$row_style[$c]."'>".$text['label-'.escape($row['name'])]."&nbsp;</td>\n";
+				//echo "	<td valign='top' class='".$row_style[$c]."'>".$text['label-'.escape($row['name'])]."&nbsp;</td>\n";
 				echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['name'])." &nbsp;</td>\n";
 				echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['value'])."&nbsp;</td>\n";
 				echo "	<td valign='top' class='".$row_style[$c]."'>".escape($group_list)."&nbsp;</td>\n";
@@ -187,9 +173,9 @@
 				echo "</tr>\n";
 			//toggle the value of the c variable
 				if ($c==0) { $c=1; } else { $c=0; }
-		} //end foreach
+		}
-		unset($sql, $result, $row_count);
+		unset($vendor_functions, $row);
-	} //end if results
+	}
 
 	echo "<tr>\n";
 	echo "<td colspan='7' align='left'>\n";

app/devices/device_vendor_restore.php

@@ -1,165 +1,147 @@
 <?php
 /*
-        FusionPBX
+	FusionPBX
-        Version: MPL 1.1
+	Version: MPL 1.1
 
-        The contents of this file are subject to the Mozilla Public License Version
+	The contents of this file are subject to the Mozilla Public License Version
-        1.1 (the "License"); you may not use this file except in compliance with
+	1.1 (the "License"); you may not use this file except in compliance with
-        the License. You may obtain a copy of the License at
+	the License. You may obtain a copy of the License at
-        http://www.mozilla.org/MPL/
+	http://www.mozilla.org/MPL/
 
-        Software distributed under the License is distributed on an "AS IS" basis,
+	Software distributed under the License is distributed on an "AS IS" basis,
-        WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-        for the specific language governing rights and limitations under the
+	for the specific language governing rights and limitations under the
-        License.
+	License.
 
-        The Original Code is FusionPBX
+	The Original Code is FusionPBX
 
-        The Initial Developer of the Original Code is
+	The Initial Developer of the Original Code is
-        Mark J Crane <markjcrane@fusionpbx.com>
+	Mark J Crane <markjcrane@fusionpbx.com>
-        Portions created by the Initial Developer are Copyright (C) 2016
+	Portions created by the Initial Developer are Copyright (C) 2016
-        the Initial Developer. All Rights Reserved.
+	the Initial Developer. All Rights Reserved.
 
-        Contributor(s):
+	Contributor(s):
-        Mark J Crane <markjcrane@fusionpbx.com>
+	Mark J Crane <markjcrane@fusionpbx.com>
-        Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
+	Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
 */
 
 //includes
-        require_once "root.php";
+	require_once "root.php";
-        require_once "resources/require.php";
+	require_once "resources/require.php";
 
 //check permissions
-        require_once "resources/check_auth.php";
+	require_once "resources/check_auth.php";
-        if (permission_exists('device_vendor_restore')) {
+	if (permission_exists('device_vendor_restore')) {
-                //access granted
+			//access granted
-        }
+	}
-        else {
+	else {
-                echo "access denied";
+			echo "access denied";
-                exit;
+			exit;
-        }
+	}
 
 //add multi-lingual support
-        $language = new text;
+	$language = new text;
-        $text = $language->get();
+	$text = $language->get();
-
 
 //flush everything
-        $sql = "delete from v_device_vendors";
+	$sql = "delete from v_device_vendors";
-        $db->exec(check_sql($sql));
+	$database = new database;
-        unset($sql);
+	$database->execute($sql);
+	unset($sql);
 
-        $sql = "delete from v_device_vendor_functions";
+	$sql = "delete from v_device_vendor_functions";
-        $db->exec(check_sql($sql));
+	$database = new database;
-        unset($sql);
+	$database->execute($sql);
+	unset($sql);
 
-        $sql = "delete from v_device_vendor_function_groups";
+	$sql = "delete from v_device_vendor_function_groups";
-        $db->exec(check_sql($sql));
+	$database = new database;
-        unset($sql);
+	$database->execute($sql);
+	unset($sql);
 
 //add device vendor functions to the database
-        $sql = "select count(*) as num_rows from v_device_vendors; ";
+	$sql = "select count(*) from v_device_vendors; ";
-        $prep_statement = $db->prepare($sql);
+	$database = new database;
-        if ($prep_statement) {
+	$num_rows = $database->select($sql, null, 'column');
-                $prep_statement->execute();
+	unset($sql);
-                $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-                if ($row['num_rows'] == 0) {
 
-                        //get the vendor array
+	if ($num_rows == 0) {
-                                require_once $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH.'/app/devices/app_config.php';
 
-                        //get the groups and create an array to use the name to get the uuid
+		//get the vendor array
-                                $sql = "select * from v_groups; ";
+			require_once $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH.'/app/devices/app_config.php';
-                                $prep_statement = $db->prepare($sql);
-                                $prep_statement->execute();
-                                $groups = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
-                                unset($prep_statement);
-                                foreach ($groups as $row) {
-                                        if ($row['domain_uuid'] == '') {
-                                                $group_uuids[$row['group_name']] = $row['group_uuid'];
-                                        }
-                                }
 
-                        //process the array
+		//get the groups and create an array to use the name to get the uuid
-                                foreach ($vendors as $vendor) {
+			$sql = "select * from v_groups ";
-                                        //insert the data into the database
+			$database = new database;
-                                                $device_vendor_uuid = uuid();
+			$groups = $database->select($sql, null, 'all');
-                                                $sql = "insert into v_device_vendors ";
+			if (is_array($groups) && @sizeof($groups) != 0) {
-                                                $sql .= "(";
+				foreach ($groups as $row) {
-                                                $sql .= "device_vendor_uuid, ";
+					if (!is_uuid($row['domain_uuid'])) {
-                                                $sql .= "name, ";
+						$group_uuids[$row['group_name']] = $row['group_uuid'];
-                                                $sql .= "enabled ";
+					}
-                                                $sql .= ") ";
+				}
-                                                $sql .= "values ";
+			}
-                                                $sql .= "( ";
+			unset($sql);
-                                                $sql .= "'".$device_vendor_uuid."', ";
-                                                $sql .= "'".$vendor['name']."', ";
-                                                $sql .= "'true' ";
-                                                $sql .= ");";
-                                                //echo $sql."\n";
-                                                $db->exec(check_sql($sql));
-                                                unset($sql);
 
-                                        //add the vendor functions
+		//create insert array
-                                                foreach ($vendor['functions'] as $function) {
+			foreach ($vendors as $index_1 => $vendor) {
-                                                        //get the id
+				//insert the data into the database
-                                                                $device_vendor_function_uuid = uuid();
+					$device_vendor_uuid = uuid();
-                                                        //add the device vendor funtction
+					$array['device_vendors'][$index_1]['device_vendor_uuid'] = $device_vendor_uuid;
-                                                                $sql = "insert into v_device_vendor_functions ";
+					$array['device_vendors'][$index_1]['name'] = $vendor['name'];
-                                                                $sql .= "(";
+					$array['device_vendors'][$index_1]['enabled'] = 'true';
-                                                                $sql .= "device_vendor_uuid, ";
-                                                                $sql .= "device_vendor_function_uuid, ";
-                                                                //$sql .= "label, ";
-                                                                $sql .= "name, ";
-                                                                $sql .= "value, ";
-                                                                $sql .= "enabled, ";
-                                                                $sql .= "description ";
-                                                                $sql .= ") ";
-                                                                $sql .= "values ";
-                                                                $sql .= "( ";
-                                                                $sql .= "'".$device_vendor_uuid."', ";
-                                                                $sql .= "'".$device_vendor_function_uuid."', ";
-                                                                //$sql .= "'".$function['label']."', ";
-                                                                $sql .= "'".$function['name']."', ";
-                                                                $sql .= "'".$function['value']."', ";
-                                                                $sql .= "'true', ";
-                                                                $sql .= "'".$function['description']."' ";
-                                                                $sql .= ");";
-                                                                //echo $sql."\n";
-                                                                $db->exec(check_sql($sql));
-                                                                unset($sql);
 
-                                                        //add the device vendor function groups
+				//add the vendor functions
-                                                                if (is_array($function['groups'])) {
+					foreach ($vendor['functions'] as $index_2 => $function) {
-                                                                        $sql = "insert into v_device_vendor_function_groups ";
+						$device_vendor_function_uuid = uuid();
-                                                                        $sql .= "(";
+						$array['device_vendor_functions'][$index_2]['device_vendor_uuid'] = $device_vendor_uuid;
-                                                                        $sql .= "device_vendor_function_group_uuid, ";
+						$array['device_vendor_functions'][$index_2]['device_vendor_function_uuid'] = $device_vendor_function_uuid;
-                                                                        $sql .= "device_vendor_function_uuid, ";
+						//$array['device_vendor_functions'][$index_2]['label'] = $function['label'];
-                                                                        $sql .= "device_vendor_uuid, ";
+						$array['device_vendor_functions'][$index_2]['name'] = $function['name'];
-                                                                        $sql .= "group_name, ";
+						$array['device_vendor_functions'][$index_2]['value'] = $function['value'];
-                                                                        $sql .= "group_uuid ";
+						$array['device_vendor_functions'][$index_2]['enabled'] = 'true';
-                                                                        $sql .= ") ";
+						$array['device_vendor_functions'][$index_2]['description'] = $function['description'];
-                                                                        $sql .= "values ";
-                                                                        $i = 0;
-                                                                        foreach ($function['groups'] as $group_name) {
-                                                                                if ($i == 0) { $sql .= "("; } else { $sql .= ",("; }
-                                                                                $sql .= "'".uuid()."', ";
-                                                                                $sql .= "'".$device_vendor_function_uuid."', ";
-                                                                                $sql .= "'".$device_vendor_uuid."', ";
-                                                                                $sql .= "'$group_name', ";
-                                                                                $sql .= "'".$group_uuids[$group_name]."' ";
-                                                                                $sql .= ")";
-                                                                                $i++;
-                                                                        }
-                                                                        $db->exec($sql);
-                                                                }
-                                                }
-                                }
 
-                } //if num_rows
+						//add the device vendor function groups
-        } // if prep_statement
+							if (is_array($function['groups']) && @sizeof($function['groups']) != 0) {
+								foreach ($function['groups'] as $index_3 => $group_name) {
+									$device_vendor_function_group_uuid = uuid();
+									$array['device_vendor_function_groups'][$index_3]['device_vendor_function_group_uuid'] = $device_vendor_function_group_uuid;
+									$array['device_vendor_function_groups'][$index_3]['device_vendor_function_uuid'] = $device_vendor_function_uuid;
+									$array['device_vendor_function_groups'][$index_3]['device_vendor_uuid'] = $device_vendor_uuid;
+									$array['device_vendor_function_groups'][$index_3]['group_name'] = $group_name;
+									$array['device_vendor_function_groups'][$index_3]['group_uuid'] = $group_uuids[$group_name];
+								}
+							}
+					}
+			}
 
-        message::add($text['message-restore']);
+		//assign temp permissions
-        header('Location: device_vendors.php');
+			$p = new permissions;
+			$p->add('device_vendor_add', 'temp');
+			$p->add('device_vendor_function_add', 'temp');
+			$p->add('device_vendor_function_group_add', 'temp');
+
+		//process array
+			$database = new database;
+			$database->app_name = 'devices';
+			$database->app_uuid = '4efa1a1a-32e7-bf83-534b-6c8299958a8e';
+			$database->save($array);
+			unset($array);
+
+		//remove temp permissions
+			$p->delete('device_vendor_add', 'temp');
+			$p->delete('device_vendor_function_add', 'temp');
+			$p->delete('device_vendor_function_group_add', 'temp');
+
+		//set message
+			message::add($text['message-restore']);
+
+	}
+	unset($num_rows);
+
+//redirect
+	header('Location: device_vendors.php');
+	exit;
 
 ?>

app/devices/device_vendors.php

@@ -43,37 +43,29 @@
 	$text = $language->get();
 
 //get variables used to control the order
-	$order_by = check_str($_GET["order_by"]);
+	$order_by = $_GET["order_by"];
-	$order = check_str($_GET["order"]);
+	$order = $_GET["order"];
 
 //add the search term
-	$search = check_str($_GET["search"]);
+	$search = $_GET["search"];
-	if (strlen($search) > 0) {
+	if ($search != '') {
-		$sql_search = "where (";
+		$sql_where = "where (";
-		$sql_search .= "name like '%".$search."%'";
+		$sql_where .= "name like :search ";
-		$sql_search .= "or enabled like '%".$search."%'";
+		$sql_where .= "or enabled like :search ";
-		$sql_search .= "or description like '%".$search."%'";
+		$sql_where .= "or description like :search ";
-		$sql_search .= ")";
+		$sql_where .= ")";
+		$parameters['search'] = '%'.$search.'%';
 	}
+
 //additional includes
 	require_once "resources/header.php";
 	require_once "resources/paging.php";
 
 //prepare to page the results
-	$sql = "select count(*) as num_rows from v_device_vendors ";
+	$sql = "select count(*) from v_device_vendors ";
-	$sql .= $sql_search;
+	$sql .= $sql_where;
-	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+	$database = new database;
-	$prep_statement = $db->prepare($sql);
+	$num_rows = $database->select($sql, $parameters, 'column');
-	if ($prep_statement) {
-		$prep_statement->execute();
-		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-		if ($row['num_rows'] > 0) {
-				$num_rows = $row['num_rows'];
-		}
-		else {
-				$num_rows = '0';
-		}
-	}
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -84,14 +76,12 @@
 	$offset = $rows_per_page * $page;
 
 //get the list
-	$sql = "select * from v_device_vendors ";
+	$sql = str_replace('count(*)', '*', $sql);
-	$sql .= $sql_search;
+	$sql .= order_by($order_by, $order);
-	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+	$sql .= limit_offset($rows_per_page, $offset);
-	$sql .= "limit $rows_per_page offset $offset ";
+	$database = new database;
-	$prep_statement = $db->prepare(check_sql($sql));
+	$result = $database->select($sql, $parameters, 'all');
-	$prep_statement->execute();
+	unset($sql, $parameters);
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset ($prep_statement, $sql);
 
 //alternate the row style
 	$c = 0;
@@ -135,7 +125,7 @@
 	echo "</td>\n";
 	echo "<tr>\n";
 
-	if (is_array($result)) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		foreach($result as $row) {
 			if (permission_exists('device_vendor_edit')) {
 				$tr_link = "href='device_vendor_edit.php?id=".escape($row['device_vendor_uuid'])."'";
@@ -154,9 +144,9 @@
 			echo "	</td>\n";
 			echo "</tr>\n";
 			if ($c==0) { $c=1; } else { $c=0; }
-		} //end foreach
+		}
-		unset($sql, $result, $row_count);
+	}
-	} //end if results
+	unset($result, $row);
 
 	echo "<tr>\n";
 	echo "<td colspan='4' align='left'>\n";

app/devices/devices.php

@@ -46,42 +46,36 @@
 	$text = $language->get();
 
 //get the http values and set them as variables
-	$search = check_str($_GET["search"]);
+	$search = $_GET["search"];
-	if (isset($_GET["order_by"])) {
+	$order_by = $_GET["order_by"];
-		$order_by = check_str($_GET["order_by"]);
+	$order = $_GET["order"];
-		$order = check_str($_GET["order"]);
-	}
 
 //get total devices count from the database
-	$sql = "select count(*) as num_rows from v_devices ";
+	$sql = "select count(*) from v_devices ";
-	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
-	$prep_statement = $db->prepare($sql);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-	if ($prep_statement) {
+	$database = new database;
-		$prep_statement->execute();
+	$total_devices = $database->select($sql, $parameters, 'column');
-		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+	unset($sql, $parameters);
-		$total_devices = $row['num_rows'];
-	}
-	unset($sql, $prep_statement, $row);
 
 //get the devices profiles
 	$sql = "select * from v_device_profiles ";
-	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
-	$prep_statement = $db->prepare($sql);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-	if ($prep_statement) {
+	$database = new database;
-		$prep_statement->execute();
+	$device_profiles = $database->select($sql, $parameters, 'all');
-		$device_profiles = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+	unset($sql, $parameters);
-	}
-	unset($sql, $prep_statement, $row);
 
 //prepare to page the results
-	$sql = "select count(*) as num_rows from v_devices as d ";
+	$sql = "select count(*) from v_devices as d ";
 	if ($_GET['show'] == "all" && permission_exists('device_all')) {
 		if (strlen($search) > 0) {
 			$sql .= "where ";
 		}
-	} else {
+	}
+	else {
 		$sql .= "where (";
-		$sql .= "	d.domain_uuid = '$domain_uuid' ";
+		$sql .= "	d.domain_uuid = :domain_uuid ";
 		if (permission_exists('device_all')) {
 			$sql .= "	or d.domain_uuid is null ";
 		}
@@ -89,30 +83,24 @@
 		if (strlen($search) > 0) {
 			$sql .= "and ";
 		}
+		$parameters['domain_uuid'] = $domain_uuid;
 	}
 	if (strlen($search) > 0) {
 		$sql .= "(";
-		$sql .= "	lower(d.device_mac_address) like '%".strtolower($search)."%' ";
+		$sql .= "	lower(d.device_mac_address) like :search ";
-		$sql .= "	or d.device_label like '%".$search."%' ";
+		$sql .= "	or lower(d.device_label) like :search ";
-		$sql .= "	or d.device_vendor like '%".$search."%' ";
+		$sql .= "	or lower(d.device_vendor) like :search ";
-		$sql .= "	or d.device_enabled like '%".$search."%' ";
+		$sql .= "	or lower(d.device_enabled) like :search ";
-		$sql .= "	or d.device_template like '%".$search."%' ";
+		$sql .= "	or lower(d.device_template) like :search ";
-		$sql .= "	or d.device_description like '%".$search."%' ";
+		$sql .= "	or lower(d.device_description) like :search ";
-		$sql .= "	or d.device_provisioned_method like '%".$search."%' ";
+		$sql .= "	or lower(d.device_provisioned_method) like :search ";
-		$sql .= "	or d.device_provisioned_ip like '%".$search."%' ";
+		$sql .= "	or lower(d.device_provisioned_ip) like :search ";
 		$sql .= ") ";
+		$parameters['search'] = '%'.strtolower($search).'%';
 	}
-	$prep_statement = $db->prepare($sql);
+	$database = new database;
-	if ($prep_statement) {
+	$num_rows = $database->select($sql, $parameters, 'column');
-		$prep_statement->execute();
+	unset($sql, $parameters);
-		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-		if ($row['num_rows'] > 0) {
-			$num_rows = $row['num_rows'];
-		}
-		else {
-			$num_rows = '0';
-		}
-	}
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -135,25 +123,28 @@
 	$sql .= ") ";
 	if ($_GET['show'] == "all" && permission_exists('device_all')) {
 		//echo __line__."<br \>\n";
-	} else {
+	}
+	else {
 		$sql .= "and (";
-		$sql .= "	d.domain_uuid = '$domain_uuid' ";
+		$sql .= "	d.domain_uuid = :domain_uuid ";
 		if (permission_exists('device_all')) {
 			$sql .= "	or d.domain_uuid is null ";
 		}
 		$sql .= ") ";
+		$parameters['domain_uuid'] = $domain_uuid;
 	}
 	if (strlen($search) > 0) {
 		$sql .= "and (";
-		$sql .= "	lower(d.device_mac_address) like '%".strtolower($search)."%' ";
+		$sql .= "	lower(d.device_mac_address) like :search ";
-		$sql .= "	or d.device_label like '%".$search."%' ";
+		$sql .= "	or lower(d.device_label) like :search ";
-		$sql .= "	or d.device_vendor like '%".$search."%' ";
+		$sql .= "	or lower(d.device_vendor) like :search ";
-		$sql .= "	or d.device_enabled like '%".$search."%' ";
+		$sql .= "	or lower(d.device_enabled) like :search ";
-		$sql .= "	or d.device_template like '%".$search."%' ";
+		$sql .= "	or lower(d.device_template) like :search ";
-		$sql .= "	or d.device_description like '%".$search."%' ";
+		$sql .= "	or lower(d.device_description) like :search ";
-		$sql .= "	or d.device_provisioned_method like '%".$search."%' ";
+		$sql .= "	or lower(d.device_provisioned_method) like :search ";
-		$sql .= "	or d.device_provisioned_ip like '%".$search."%' ";
+		$sql .= "	or lower(d.device_provisioned_ip) like :search ";
 		$sql .= ") ";
+		$parameters['search'] = '%'.strtolower($search).'%';
 	}
 	if (strlen($order_by) == 0) {
 		$sql .= "order by d.device_label, d.device_description asc ";
@@ -161,16 +152,15 @@
 	else {
 		$sql .= "order by $order_by $order ";
 	}
-	$sql .= "limit $rows_per_page offset $offset ";
+	$sql .= limit_offset($rows_per_page, $offset);
-	$prep_statement = $db->prepare(check_sql($sql));
+	$database = new database;
-	$prep_statement->execute();
+	$devices = $database->select($sql, $parameters, 'all');
-	$devices = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql, $parameters);
-	unset ($prep_statement, $sql);
 
 //alternate_found
 	$device_alternate = false;
 	foreach($devices as $row) {
-		if (strlen($row['device_uuid_alternate']) > 0) {
+		if (is_uuid($row['device_uuid_alternate'])) {
 			$device_alternate = true;
 			break;
 		}
@@ -249,7 +239,7 @@
 	echo "</td>\n";
 	echo "<tr>\n";
 
-	if (is_array($devices)) {
+	if (is_array($devices) && @sizeof($devices) != 0) {
 		foreach($devices as $row) {
 
 			$device_profile_name = '';
@@ -291,9 +281,9 @@
 			echo "	</td>\n";
 			echo "</tr>\n";
 			if ($c==0) { $c=1; } else { $c=0; }
-		} //end foreach
+		}
-		unset($sql, $devices, $row_count);
+	}
-	} //end if results
+	unset($devices, $row);
 
 	echo "<tr>\n";
 	echo "</table>\n";