diff --git a/app/conference_controls/conference_control_delete.php b/app/conference_controls/conference_control_delete.php
index 8f7c635266..6a188cd70b 100644
--- a/app/conference_controls/conference_control_delete.php
+++ b/app/conference_controls/conference_control_delete.php
@@ -6,7 +6,7 @@
//check permissions
require_once "resources/check_auth.php";
- if (permission_exists('conference_control_delete')) {
+ if (permission_exists('conference_control_delete') && permission_exists('conference_control_detail_delete')) {
//access granted
}
else {
@@ -18,32 +18,27 @@
$language = new text;
$text = $language->get();
-//get the id
- if (count($_GET) > 0) {
- $id = check_str($_GET["id"]);
- }
-
//delete the data
- if (strlen($id) > 0) {
- //delete conference_control_detail
- $sql = "delete from v_conference_control_details ";
- $sql .= "where conference_control_uuid = '$id' ";
- //$sql .= "and domain_uuid = '$domain_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ if (is_uuid($_GET["id"])) {
- //delete conference_control
- $sql = "delete from v_conference_controls ";
- $sql .= "where conference_control_uuid = '$id' ";
- //$sql .= "and domain_uuid = '$domain_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $conference_control_uuid = $_GET["id"];
+
+ //delete conference control detail
+ $array['conference_control_details'][0]['conference_control_uuid'] = $conference_control_uuid;
+ //delete conference control
+ $array['conference_controls'][0]['conference_control_uuid'] = $conference_control_uuid;
+
+ $database = new database;
+ $database->app_name = 'conference_controls';
+ $database->app_uuid = 'e1ad84a2-79e1-450c-a5b1-7507a043e048';
+ $database->delete($array);
+ unset($array);
+
+ //set message
+ message::add($text['message-delete']);
}
//redirect the user
- message::add($text['message-delete']);
header('Location: conference_controls.php');
?>
\ No newline at end of file
diff --git a/app/conference_controls/conference_control_detail_delete.php b/app/conference_controls/conference_control_detail_delete.php
index 20673b2672..5d4560ea7f 100644
--- a/app/conference_controls/conference_control_detail_delete.php
+++ b/app/conference_controls/conference_control_detail_delete.php
@@ -18,25 +18,26 @@
$language = new text;
$text = $language->get();
-//get the id
- if (count($_GET) > 0) {
- $id = check_str($_GET["id"]);
- $conference_control_uuid = check_str($_GET["conference_control_uuid"]);
- }
-
//delete the data
- if (strlen($id) > 0) {
+ if (is_uuid($_GET["id"]) && is_uuid($_GET["conference_control_uuid"])) {
+
+ $conference_control_detail_uuid = $_GET["id"];
+ $conference_control_uuid = $_GET["conference_control_uuid"];
+
//delete conference_control_detail
- $sql = "delete from v_conference_control_details ";
- $sql .= "where conference_control_detail_uuid = '$id' ";
- //$sql .= "and domain_uuid = '$domain_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $array['conference_control_details'][0]['conference_control_detail_uuid'] = $conference_control_detail_uuid;
+
+ $database = new database;
+ $database->app_name = 'conference_controls';
+ $database->app_uuid = 'e1ad84a2-79e1-450c-a5b1-7507a043e048';
+ $database->delete($array);
+ unset($array);
+
+ //set message
+ message::add($text['message-delete']);
}
//redirect the user
- message::add($text['message-delete']);
- header('Location: conference_control_detail_edit.php?id='.$conference_control_uuid);
+ header('Location: conference_control_edit.php?id='.$conference_control_uuid);
?>
\ No newline at end of file
diff --git a/app/conference_controls/conference_control_detail_edit.php b/app/conference_controls/conference_control_detail_edit.php
index 0d92fe6383..167b821ad8 100644
--- a/app/conference_controls/conference_control_detail_edit.php
+++ b/app/conference_controls/conference_control_detail_edit.php
@@ -19,9 +19,9 @@
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $conference_control_detail_uuid = check_str($_REQUEST["id"]);
+ $conference_control_detail_uuid = $_REQUEST["id"];
}
else {
$action = "add";
@@ -29,22 +29,22 @@
//set the parent uuid
if (strlen($_GET["conference_control_uuid"]) > 0) {
- $conference_control_uuid = check_str($_GET["conference_control_uuid"]);
+ $conference_control_uuid = $_GET["conference_control_uuid"];
}
//get http post variables and set them to php variables
if (count($_POST)>0) {
- $control_digits = check_str($_POST["control_digits"]);
- $control_action = check_str($_POST["control_action"]);
- $control_data = check_str($_POST["control_data"]);
- $control_enabled = check_str($_POST["control_enabled"]);
+ $control_digits = $_POST["control_digits"];
+ $control_action = $_POST["control_action"];
+ $control_data = $_POST["control_data"];
+ $control_enabled = $_POST["control_enabled"];
}
if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//get the uuid
if ($action == "update") {
- $conference_control_detail_uuid = check_str($_POST["conference_control_detail_uuid"]);
+ $conference_control_detail_uuid = $_POST["conference_control_detail_uuid"];
}
//check for all required data
@@ -68,72 +68,54 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//add or update the database
if ($_POST["persistformvar"] != "true") {
+
+ $array['conference_control_details'][0]['conference_control_uuid'] = $conference_control_uuid;
+ $array['conference_control_details'][0]['control_digits'] = $control_digits;
+ $array['conference_control_details'][0]['control_action'] = $control_action;
+ $array['conference_control_details'][0]['control_data'] = $control_data;
+ $array['conference_control_details'][0]['control_enabled'] = $control_enabled;
+
if ($action == "add" && permission_exists('conference_control_detail_add')) {
- $sql = "insert into v_conference_control_details ";
- $sql .= "(";
- //$sql .= "domain_uuid, ";
- $sql .= "conference_control_detail_uuid, ";
- $sql .= "conference_control_uuid, ";
- $sql .= "control_digits, ";
- $sql .= "control_action, ";
- $sql .= "control_data, ";
- $sql .= "control_enabled ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- //$sql .= "'$domain_uuid', ";
- $sql .= "'".uuid()."', ";
- $sql .= "'$conference_control_uuid', ";
- $sql .= "'$control_digits', ";
- $sql .= "'$control_action', ";
- $sql .= "'$control_data', ";
- $sql .= "'$control_enabled' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
-
+ $array['conference_control_details'][0]['conference_control_detail_uuid'] = uuid();
message::add($text['message-add']);
- header('Location: conference_control_edit.php?id='.$conference_control_uuid);
- return;
-
- } //if ($action == "add")
+ }
if ($action == "update" && permission_exists('conference_control_detail_edit')) {
- $sql = "update v_conference_control_details set ";
- $sql .= "conference_control_uuid = '$conference_control_uuid', ";
- $sql .= "control_digits = '$control_digits', ";
- $sql .= "control_action = '$control_action', ";
- $sql .= "control_data = '$control_data', ";
- $sql .= "control_enabled = '$control_enabled' ";
- $sql .= "where conference_control_detail_uuid = '$conference_control_detail_uuid'";
- //$sql .= "and domain_uuid = '$domain_uuid' ";
- $db->exec(check_sql($sql));
- unset($sql);
-
+ $array['conference_control_details'][0]['conference_control_detail_uuid'] = $conference_control_detail_uuid;
message::add($text['message-update']);
- header('Location: conference_control_edit.php?id='.$conference_control_uuid);
- return;
+ }
- } //if ($action == "update")
- } //if ($_POST["persistformvar"] != "true")
-} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+ if (is_uuid($array['conference_control_details'][0]['conference_control_detail_uuid'])) {
+ $database = new database;
+ $database->app_name = 'conference_controls';
+ $database->app_uuid = 'e1ad84a2-79e1-450c-a5b1-7507a043e048';
+ $database->save($array);
+ unset($array);
+ }
+
+ header('Location: conference_control_edit.php?id='.$conference_control_uuid);
+ exit;
+
+ }
+}
//pre-populate the form
if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
- $conference_control_detail_uuid = check_str($_GET["id"]);
+ $conference_control_detail_uuid = $_GET["id"];
$sql = "select * from v_conference_control_details ";
- $sql .= "where conference_control_detail_uuid = '$conference_control_detail_uuid' ";
- //$sql .= "and domain_uuid = '$domain_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where conference_control_detail_uuid = :conference_control_detail_uuid ";
+ //$sql .= "and domain_uuid = :domain_uuid ";
+ $parameters['conference_control_detail_uuid'] = $conference_control_detail_uuid;
+ //$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$control_digits = $row["control_digits"];
$control_action = $row["control_action"];
$control_data = $row["control_data"];
$control_enabled = $row["control_enabled"];
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
}
//show the header
diff --git a/app/conference_controls/conference_control_details.php b/app/conference_controls/conference_control_details.php
index 2b0992ed1a..2a00ac7698 100644
--- a/app/conference_controls/conference_control_details.php
+++ b/app/conference_controls/conference_control_details.php
@@ -19,26 +19,11 @@
$text = $language->get();
//get variables used to control the order
- $order_by = check_str($_GET["order_by"]);
- $order = check_str($_GET["order"]);
-
-//validate order by
- if (strlen($order_by) > 0) {
- $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
- }
-
-//validate the order
- switch ($order) {
- case 'asc':
- break;
- case 'desc':
- break;
- default:
- $order = '';
- }
+ $order_by = $_GET["order_by"];
+ $order = $_GET["order"];
//add the search term
- $search = check_str($_GET["search"]);
+ $search = $_GET["search"];
if (strlen($search) > 0) {
$sql_search = "and (";
$sql_search .= "control_digits like :search";
@@ -46,24 +31,22 @@
$sql_search .= "or control_data like :search";
$sql_search .= "or control_enabled like :search";
$sql_search .= ")";
+ $parameters['search'] = '%'.$search.'%';
}
//additional includes
require_once "resources/header.php";
require_once "resources/paging.php";
//prepare to page the results
- $sql = "select count(*) as num_rows ";
+ $sql = "select count(*) ";
$sql .= "from v_conference_control_details ";
$sql .= "where conference_control_uuid = :conference_control_uuid ";
//$sql .= "and domain_uuid = :domain_uuid ";
$sql .= $sql_search;
$parameters['conference_control_uuid'] = $conference_control_uuid;
//$parameters['domain_uuid'] = $domain_uuid;
- if (strlen($search) > 0) {
- $parameters['search'] = '%'.$search.'%';
- }
$database = new database;
- $row = $database->select($sql, $parameters, 'all');
+ $num_rows = $database->select($sql, $parameters, 'column');
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -78,11 +61,9 @@
$sql .= "where conference_control_uuid = :conference_control_uuid ";
//$sql .= "and domain_uuid = :domain_uuid ";
$sql .= $sql_search;
- if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; }
- $sql .= "limit :rows_per_page offset :offset ";
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
$database = new database;
- $parameters['rows_per_page'] = $rows_per_page;
- $parameters['offset'] = $offset;
$result = $database->select($sql, $parameters, 'all');
//alternate the row style
@@ -119,7 +100,7 @@
echo "\n";
echo "\n";
- if (is_array($result)) {
+ if (is_array($result) && sizeof($result) != 0) {
foreach($result as $row) {
if (permission_exists('conference_control_detail_edit')) {
$tr_link = "href='conference_control_detail_edit.php?conference_control_uuid=".escape($row['conference_control_uuid'])."&id=".escape($row['conference_control_detail_uuid'])."'";
@@ -140,7 +121,7 @@
echo "
\n";
if ($c==0) { $c=1; } else { $c=0; }
} //end foreach
- unset($sql, $result, $row_count);
+ unset($result);
} //end if results
echo "\n";
diff --git a/app/conference_controls/conference_control_edit.php b/app/conference_controls/conference_control_edit.php
index d4288ce3e6..2f874bb81e 100644
--- a/app/conference_controls/conference_control_edit.php
+++ b/app/conference_controls/conference_control_edit.php
@@ -19,9 +19,9 @@
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $conference_control_uuid = check_str($_REQUEST["id"]);
+ $conference_control_uuid = $_REQUEST["id"];
}
else {
$action = "add";
@@ -29,9 +29,9 @@
//get http post variables and set them to php variables
if (is_array($_POST)) {
- $control_name = check_str($_POST["control_name"]);
- $control_enabled = check_str($_POST["control_enabled"]);
- $control_description = check_str($_POST["control_description"]);
+ $control_name = $_POST["control_name"];
+ $control_enabled = $_POST["control_enabled"];
+ $control_description = $_POST["control_description"];
}
//process the user data and save it to the database
@@ -39,7 +39,7 @@
//get the uuid from the POST
if ($action == "update") {
- $conference_control_uuid = check_str($_POST["conference_control_uuid"]);
+ $conference_control_uuid = $_POST["conference_control_uuid"];
}
//check for all required data
@@ -61,7 +61,7 @@
}
//add the conference_control_uuid
- if (strlen($_POST["conference_control_uuid"]) == 0) {
+ if (!is_uuid($_POST["conference_control_uuid"])) {
$conference_control_uuid = uuid();
$_POST["conference_control_uuid"] = $conference_control_uuid;
}
@@ -72,7 +72,7 @@
//save to the data
$database = new database;
$database->app_name = 'conference_controls';
- $database->app_uuid = null;
+ $database->app_uuid = 'e1ad84a2-79e1-450c-a5b1-7507a043e048';
if (strlen($conference_control_uuid) > 0) {
$database->uuid($conference_control_uuid);
}
@@ -94,19 +94,19 @@
//pre-populate the form
if (is_array($_GET) && $_POST["persistformvar"] != "true") {
- $conference_control_uuid = check_str($_GET["id"]);
+ $conference_control_uuid = $_GET["id"];
$sql = "select * from v_conference_controls ";
//$sql .= "where domain_uuid = '$domain_uuid' ";
- $sql .= "where conference_control_uuid = '$conference_control_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where conference_control_uuid = :conference_control_uuid ";
+ $parameters['conference_control_uuid'] = $conference_control_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$control_name = $row["control_name"];
$control_enabled = $row["control_enabled"];
$control_description = $row["control_description"];
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
}
//show the header
diff --git a/app/conference_controls/conference_controls.php b/app/conference_controls/conference_controls.php
index 022021f739..bce62e6cea 100644
--- a/app/conference_controls/conference_controls.php
+++ b/app/conference_controls/conference_controls.php
@@ -19,31 +19,17 @@
$text = $language->get();
//get variables used to control the order
- $order_by = check_str($_GET["order_by"]);
- $order = check_str($_GET["order"]);
-
-//validate order by
- if (strlen($order_by) > 0) {
- $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
- }
-
-//validate the order
- switch ($order) {
- case 'asc':
- break;
- case 'desc':
- break;
- default:
- $order = '';
- }
+ $order_by = $_GET["order_by"];
+ $order = $_GET["order"];
//add the search term
- $search = strtolower(check_str($_GET["search"]));
+ $search = strtolower($_GET["search"]);
if (strlen($search) > 0) {
$sql_search = "where (";
$sql_search .= "lower(control_name) like :search ";
$sql_search .= "or lower(control_description) like :search ";
$sql_search .= ") ";
+ $parameters['search'] = '%'.$search.'%';
}
//additional includes
@@ -51,14 +37,12 @@
require_once "resources/paging.php";
//prepare to page the results
- $sql = "select count(conference_control_uuid) as num_rows ";
- $sql .= "from v_conference_controls";
+ $sql = "select count(conference_control_uuid) ";
+ $sql .= "from v_conference_controls ";
$sql .= $sql_search;
- if (strlen($search) > 0) {
- $parameters['search'] = '%'.$search.'%';
- }
$database = new database;
- $row = $database->select($sql, $parameters, 'all');
+ $num_rows = $database->select($sql, $parameters, 'column');
+ unset($sql);
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -72,13 +56,12 @@
$sql = "select * from v_conference_controls ";
//$sql .= "where domain_uuid = :domain_uuid ";
$sql .= $sql_search;
- if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
- $sql .= "limit :rows_per_page offset :offset ";
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
//$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
- $parameters['rows_per_page'] = $rows_per_page;
- $parameters['offset'] = $offset;
$database = new database;
$result = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//alternate the row style
$c = 0;
@@ -118,7 +101,7 @@
echo "\n";
echo "
\n";
- if (is_array($result)) {
+ if (is_array($result) && sizeof($result) != 0) {
foreach($result as $row) {
if (permission_exists('conference_control_edit')) {
$tr_link = "href='conference_control_edit.php?id=".$row['conference_control_uuid']."'";
@@ -138,7 +121,7 @@
echo "
\n";
if ($c==0) { $c=1; } else { $c=0; }
} //end foreach
- unset($sql, $result, $row_count);
+ unset($result);
} //end if results
echo "\n";