From fd898ae18aff47d34fbc09326d23293e1d19c093 Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Mon, 29 Jul 2019 09:39:16 -0600
Subject: [PATCH] Database class integration.

---
 .../database_transaction_delete.php           | 29 +++++++-------
 .../database_transaction_edit.php             | 26 ++++++-------
 .../database_transactions.php                 | 38 ++++---------------
 3 files changed, 34 insertions(+), 59 deletions(-)

diff --git a/app/database_transactions/database_transaction_delete.php b/app/database_transactions/database_transaction_delete.php
index e2701e243c..30f0902468 100644
--- a/app/database_transactions/database_transaction_delete.php
+++ b/app/database_transactions/database_transaction_delete.php
@@ -43,22 +43,23 @@
 	$text = $language->get();
 
 //get the id
-	if (count($_GET)>0) {
-		$id = check_str($_GET["id"]);
+	$database_transaction_uuid = $_GET["id"];
+
+//delete transaction
+	if (is_uuid($database_transaction_uuid)) {
+		$array['database_transactions'][0]['database_transaction_uuid'] = $database_transaction_uuid;
+		$array['database_transactions'][0]['domain_uuid'] = $domain_uuid;
+
+		$database = new database;
+		$database->app_name = 'database_transactions';
+		$database->app_uuid = 'de47783c-1caa-4b3e-9b51-ad6c9e69215c';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
-//delete database_transaction
-	if (strlen($id)>0) {
-		$sql = "delete from v_database_transactions ";
-		$sql .= "where database_transaction_uuid = '$id' ";
-		$sql .= "and domain_uuid = '$domain_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($sql);
-	}
-
-//redirect the user
-	message::add($text['message-delete']);
+//redirect
 	header('Location: database_transactions.php');
 
 ?>
\ No newline at end of file
diff --git a/app/database_transactions/database_transaction_edit.php b/app/database_transactions/database_transaction_edit.php
index d82c514fb3..ba4dd327f1 100644
--- a/app/database_transactions/database_transaction_edit.php
+++ b/app/database_transactions/database_transaction_edit.php
@@ -43,32 +43,28 @@
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
-		$database_transaction_uuid = check_str($_REQUEST["id"]);
+	if (is_uuid($_REQUEST["id"])) {
+		$database_transaction_uuid = $_REQUEST["id"];
 	}
 
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
-		$database_transaction_uuid = check_str($_GET["id"]);
+		$database_transaction_uuid = $_GET["id"];
 
 		$sql = "select ";
 		$sql .= "t.database_transaction_uuid, d.domain_name, u.username, t.user_uuid, t.app_name, t.app_uuid, ";
 		$sql .= "t.transaction_code, t.transaction_address, t.transaction_type, t.transaction_date, ";
 		$sql .= "t.transaction_old, t.transaction_new, t.transaction_result ";
 		$sql .= "from v_database_transactions as t, v_domains as d, v_users as u ";
-		$sql .= "where t.domain_uuid = '$domain_uuid' ";
-		$sql .= "and t.database_transaction_uuid = '$database_transaction_uuid' ";
+		$sql .= "where t.domain_uuid = :domain_uuid ";
+		$sql .= "and t.database_transaction_uuid = :database_transaction_uuid ";
 		$sql .= "and t.user_uuid = u.user_uuid ";
 		$sql .= "and t.domain_uuid = d.domain_uuid ";
-
-		//$sql = "select *, u.username from v_database_transactions as t, v_users as u ";
-		//$sql .= "where domain_uuid = '$domain_uuid' ";
-		//$sql .= "t.user_uuid = u.user_uuid ";
-		//$sql .= "and database_transaction_uuid = '$database_transaction_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$parameters['domain_uuid'] = $domain_uuid;
+		$parameters['database_transaction_uuid'] = $database_transaction_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$user_uuid = $row["user_uuid"];
 			$app_name = $row["app_name"];
 			$app_uuid = $row["app_uuid"];
@@ -82,7 +78,7 @@
 			$transaction_new = $row["transaction_new"];
 			$transaction_result = $row["transaction_result"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //get the type if not provided
diff --git a/app/database_transactions/database_transactions.php b/app/database_transactions/database_transactions.php
index ffac123aae..64e5bab5c2 100644
--- a/app/database_transactions/database_transactions.php
+++ b/app/database_transactions/database_transactions.php
@@ -43,26 +43,11 @@
 	$text = $language->get();
 
 //get variables used to control the order
-	$order_by = check_str($_GET["order_by"]);
-	$order = check_str($_GET["order"]);
-
-//validate order by
-	if (strlen($order_by) > 0) {
-		$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
-	}
-
-//validate the order
-	switch ($order) {
-		case 'asc':
-			break;
-		case 'desc':
-			break;
-		default:
-			$order = '';
-	}
+	$order_by = $_GET["order_by"] != '' ? $_GET['order_by'] : 'transaction_date';
+	$order = $_GET["order"] != '' ? $_GET['order'] : 'desc';
 
 //add the search term
-	$search = strtolower(check_str($_GET["search"]));
+	$search = strtolower($_GET["search"]);
 	if (strlen($search) > 0) {
 		$sql_search = "and (";
 		$sql_search .= "	lower(transaction_code) like :search ";
@@ -77,7 +62,7 @@
 	require_once "resources/paging.php";
 
 //prepare to page the results
-	$sql = "select count(database_transaction_uuid) as num_rows from v_database_transactions ";
+	$sql = "select count(database_transaction_uuid) from v_database_transactions ";
 	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= $sql_search;
 	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
@@ -100,19 +85,12 @@
 	$sql .= "t.database_transaction_uuid, d.domain_name, u.username, t.user_uuid, t.app_name, t.app_uuid, ";
 	$sql .= "t.transaction_code, t.transaction_address, t.transaction_type, t.transaction_date ";
 	$sql .= "from v_database_transactions as t ";
-	$sql .= "LEFT OUTER JOIN v_domains as d USING (domain_uuid) ";
-	$sql .= "LEFT OUTER JOIN v_users as u USING (user_uuid) ";
+	$sql .= "left outer join v_domains as d using (domain_uuid) ";
+	$sql .= "left outer join v_users as u using (user_uuid) ";
 	$sql .= "where t.domain_uuid = :domain_uuid ";
 	$sql .= $sql_search;
-	if (strlen($order_by) == 0) {
-		$sql .= "order by transaction_date desc ";
-	}
-	else {
-		$sql .= "order by $order_by $order ";
-	}
-	$sql .= "limit :rows_per_page offset :offset ";
-	$parameters['rows_per_page'] = $rows_per_page;
-	$parameters['offset'] = $offset;
+	$sql .= order_by($order_by, $order);
+	$sql .= limit_offset($rows_per_page, $offset);
 	$database = new database;
 	$result = $database->select($sql, $parameters, 'all');