Portions created by the Initial Developer are Copyright (C) 2008-2016 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ require_once "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; if (permission_exists('contact_view')) { //access granted } else { echo "access denied"; exit; } //add multi-lingual support $language = new text; $text = $language->get(); //action add or update if (isset($_REQUEST["id"])) { $action = "update"; $contact_uuid = check_str($_REQUEST["id"]); } else { $action = "add"; } //get http post variables and set them to php variables if (count($_POST) > 0) { $user_uuid = check_str($_POST["user_uuid"]); $group_uuid = $_POST['group_uuid']; $contact_type = check_str($_POST["contact_type"]); $contact_organization = check_str($_POST["contact_organization"]); $contact_name_prefix = check_str($_POST["contact_name_prefix"]); $contact_name_given = check_str($_POST["contact_name_given"]); $contact_name_middle = check_str($_POST["contact_name_middle"]); $contact_name_family = check_str($_POST["contact_name_family"]); $contact_name_suffix = check_str($_POST["contact_name_suffix"]); $contact_nickname = check_str($_POST["contact_nickname"]); $contact_title = check_str($_POST["contact_title"]); $contact_category = check_str($_POST["contact_category"]); $contact_role = check_str($_POST["contact_role"]); $contact_time_zone = check_str($_POST["contact_time_zone"]); $contact_note = check_str($_POST["contact_note"]); } //process the form data if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //set the uuid if ($action == "update") { $contact_uuid = check_str($_POST["contact_uuid"]); } //check for all required data $msg = ''; //if (strlen($contact_type) == 0) { $msg .= $text['message-required'].$text['label-contact_type']."
\n"; } //if (strlen($contact_organization) == 0) { $msg .= $text['message-required'].$text['label-contact_organization']."
\n"; } //if (strlen($contact_name_prefix) == 0) { $msg .= $text['message-required'].$text['label-contact_name_prefix']."
\n"; } //if (strlen($contact_name_given) == 0) { $msg .= $text['message-required'].$text['label-contact_name_given']."
\n"; } //if (strlen($contact_name_middle) == 0) { $msg .= $text['message-required'].$text['label-contact_name_middle']."
\n"; } //if (strlen($contact_name_family) == 0) { $msg .= $text['message-required'].$text['label-contact_name_family']."
\n"; } //if (strlen($contact_name_suffix) == 0) { $msg .= $text['message-required'].$text['label-contact_name_suffix']."
\n"; } //if (strlen($contact_nickname) == 0) { $msg .= $text['message-required'].$text['label-contact_nickname']."
\n"; } //if (strlen($contact_title) == 0) { $msg .= $text['message-required'].$text['label-contact_title']."
\n"; } //if (strlen($contact_role) == 0) { $msg .= $text['message-required'].$text['label-contact_role']."
\n"; } //if (strlen($contact_time_zone) == 0) { $msg .= $text['message-required'].$text['label-contact_time_zone']."
\n"; } //if (strlen($contact_note) == 0) { $msg .= $text['message-required'].$text['label-contact_note']."
\n"; } if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { require_once "resources/header.php"; require_once "resources/persist_form_var.php"; echo "

\n"; echo "

\n"; echo $msg."
"; echo "

\n"; persistformvar($_POST); echo "

\n"; require_once "resources/footer.php"; return; } //add or update the database if ($_POST["persistformvar"] != "true") { //add the contact if ($action == "add" && permission_exists('contact_add')) { $contact_uuid = uuid(); $sql = "insert into v_contacts "; $sql .= "( "; $sql .= "domain_uuid, "; $sql .= "contact_uuid, "; $sql .= "contact_type, "; $sql .= "contact_organization, "; $sql .= "contact_name_prefix, "; $sql .= "contact_name_given, "; $sql .= "contact_name_middle, "; $sql .= "contact_name_family, "; $sql .= "contact_name_suffix, "; $sql .= "contact_nickname, "; $sql .= "contact_title, "; $sql .= "contact_category, "; $sql .= "contact_role, "; $sql .= "contact_time_zone, "; $sql .= "contact_note, "; $sql .= "last_mod_date, "; $sql .= "last_mod_user "; $sql .= ") "; $sql .= "values "; $sql .= "( "; $sql .= "'".$_SESSION['domain_uuid']."', "; $sql .= "'".$contact_uuid."', "; $sql .= "'".$contact_type."', "; $sql .= "'".$contact_organization."', "; $sql .= "'".$contact_name_prefix."', "; $sql .= "'".$contact_name_given."', "; $sql .= "'".$contact_name_middle."', "; $sql .= "'".$contact_name_family."', "; $sql .= "'".$contact_name_suffix."', "; $sql .= "'".$contact_nickname."', "; $sql .= "'".$contact_title."', "; $sql .= "'".$contact_category."', "; $sql .= "'".$contact_role."', "; $sql .= "'".$contact_time_zone."', "; $sql .= "'".$contact_note."', "; $sql .= "now(), "; $sql .= "'".$_SESSION['username']."' "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); $_SESSION["message"] = $text['message-add']; $location = "contact_edit.php?id=".$contact_uuid; } //if ($action == "add") //update the contact if ($action == "update" && permission_exists('contact_edit')) { $sql = "update v_contacts set "; $sql .= "contact_type = '".$contact_type."', "; $sql .= "contact_organization = '".$contact_organization."', "; $sql .= "contact_name_prefix = '".$contact_name_prefix."', "; $sql .= "contact_name_given = '".$contact_name_given."', "; $sql .= "contact_name_middle = '".$contact_name_middle."', "; $sql .= "contact_name_family = '".$contact_name_family."', "; $sql .= "contact_name_suffix = '".$contact_name_suffix."', "; $sql .= "contact_nickname = '".$contact_nickname."', "; $sql .= "contact_title = '".$contact_title."', "; $sql .= "contact_category = '".$contact_category."', "; $sql .= "contact_role = '".$contact_role."', "; $sql .= "contact_time_zone = '".$contact_time_zone."', "; $sql .= "contact_note = '".$contact_note."', "; $sql .= "last_mod_date = now(), "; $sql .= "last_mod_user = '".$_SESSION['username']."' "; $sql .= "where domain_uuid = '".$domain_uuid."' "; $sql .= "and contact_uuid = '".$contact_uuid."' "; $db->exec(check_sql($sql)); unset($sql); $_SESSION["message"] = $text['message-update']; $location = "contact_edit.php?id=".$contact_uuid; } //if ($action == "update") //assign the contact to the user that added the contact if ($action == "add" && !permission_exists('contact_user_add')) { $user_uuid = $_SESSION["user_uuid"]; } //add user to contact users table if ($user_uuid != '') { $contact_user_uuid = uuid(); $sql = "insert into v_contact_users "; $sql .= "("; $sql .= "domain_uuid, "; $sql .= "contact_user_uuid, "; $sql .= "contact_uuid, "; $sql .= "user_uuid "; $sql .= ") "; $sql .= "values "; $sql .= "("; $sql .= "'$domain_uuid', "; $sql .= "'$contact_user_uuid', "; $sql .= "'$contact_uuid', "; $sql .= "'$user_uuid' "; $sql .= ")"; if (permission_exists('contact_user_add')) { $db->exec(check_sql($sql)); } elseif ($action == "add") { //add the contact to the user that created it $db->exec(check_sql($sql)); } unset($sql); } //assign the contact to the group if ($group_uuid != '' && permission_exists('contact_group_add')) { $sql = "insert into v_contact_groups "; $sql .= "( "; $sql .= "contact_group_uuid, "; $sql .= "domain_uuid, "; $sql .= "contact_uuid, "; $sql .= "group_uuid "; $sql .= ") "; $sql .= "values "; $sql .= "( "; $sql .= "'".uuid()."', "; $sql .= "'".$domain_uuid."', "; $sql .= "'".$contact_uuid."', "; $sql .= "'".$group_uuid."' "; $sql .= ") "; $db->exec(check_sql($sql)); unset($sql); } //handle redirect if ($_POST['submit'] == $text['button-add']) { $location = "contact_edit.php?id=".$contact_uuid; } //redirect the browser header("Location: ".$location); return; } //if ($_POST["persistformvar"] != "true") } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { $contact_uuid = $_GET["id"]; $sql = "select * from v_contacts "; $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; $sql .= "and contact_uuid = '$contact_uuid' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach ($result as &$row) { $contact_type = $row["contact_type"]; $contact_organization = $row["contact_organization"]; $contact_name_prefix = $row["contact_name_prefix"]; $contact_name_given = $row["contact_name_given"]; $contact_name_middle = $row["contact_name_middle"]; $contact_name_family = $row["contact_name_family"]; $contact_name_suffix = $row["contact_name_suffix"]; $contact_nickname = $row["contact_nickname"]; $contact_title = $row["contact_title"]; $contact_category = $row["contact_category"]; $contact_role = $row["contact_role"]; $contact_time_zone = $row["contact_time_zone"]; $contact_note = $row["contact_note"]; } unset ($prep_statement, $sql); } //get the users array $sql = "SELECT * FROM v_users "; $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; $sql .= "order by username asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $users = $prep_statement->fetchAll(PDO::FETCH_NAMED); unset($prep_statement, $sql); //get the users assigned to this contact $sql = "SELECT u.username, u.user_uuid, a.contact_user_uuid FROM v_contacts as c, v_users as u, v_contact_users as a "; $sql .= "where c.contact_uuid = '".$contact_uuid."' "; $sql .= "and c.domain_uuid = '".$_SESSION['domain_uuid']."' "; $sql .= "and u.user_uuid = a.user_uuid "; $sql .= "and c.contact_uuid = a.contact_uuid "; $sql .= "order by u.username asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $contact_users = $prep_statement->fetchAll(PDO::FETCH_NAMED); unset($prep_statement, $sql); //show the header require_once "resources/header.php"; if ($action == "update") { $document['title'] = $text['title-contact-edit']; } else if ($action == "add") { $document['title'] = $text['title-contact-add']; } //qr code generation $_GET['type'] = "text"; $qr_vcard = true; include "contacts_vcard.php"; echo ""; echo ""; echo ""; echo ""; if (isset($_SESSION['theme']['qr_image'])) { echo ""; } else { echo ""; } //show the content echo "

\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "

"; switch ($action) { case "add" : echo $text['header-contact-add']; break; case "update" : echo $text['header-contact-edit']; break; } echo "

\n"; echo " \n"; if ($action == "update") { if (permission_exists('contact_time_add')) { //detect timer state (and start time) $sql = "select "; $sql .= "time_start "; $sql .= "from v_contact_times "; $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; $sql .= "and user_uuid = '".$_SESSION['user']['user_uuid']."' "; $sql .= "and contact_uuid = '".$contact_uuid."' "; $sql .= "and time_start is not null "; $sql .= "and time_stop is null "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetch(PDO::FETCH_NAMED); if ($result['time_start'] != '') { $time_start = $result['time_start']; $btn_mod = "style='background-color: #3693df; background-image: none;'"; } unset ($sql, $prep_statement, $result); echo " \n"; } echo " \n"; echo " \n"; } if ($action == "update" && is_dir($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/invoices')) { echo " \n"; } if ($action == "update" && is_dir($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/certificates')) { echo " \n"; } echo " \n"; echo "

\n"; switch ($action) { case "add" : echo $text['description-contact-add']; break; case "update" : echo $text['description-contact-edit']; break; } echo "

\n"; echo "

\n"; echo "\n"; echo "\n"; echo "\n"; if ($action == "update") { echo ""; echo "\n"; } echo "\n"; echo "

\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; if (permission_exists('contact_user_edit')) { echo " "; echo " "; echo " "; echo " "; } echo "

\n"; echo " ".$text['label-contact_type']."\n"; echo "

\n"; if (is_array($_SESSION["contact"]["type"])) { sort($_SESSION["contact"]["type"]); echo " \n"; } else { echo " \n"; } // echo "
\n"; // echo $text['description-contact_type']."\n"; echo "

\n"; echo " ".$text['label-contact_organization']."\n"; echo "

\n"; echo " \n"; // echo "
\n"; // echo $text['description-contact_organization']."\n"; echo "

\n"; echo " ".$text['label-contact_name_prefix']."\n"; echo "

\n"; echo " \n"; // echo "
\n"; // echo $text['description-contact_name_prefix']."\n"; echo "

\n"; echo " ".$text['label-contact_name_given']."\n"; echo "

\n"; echo " \n"; // echo "
\n"; // echo $text['description-contact_name_given']."\n"; echo "

\n"; echo " ".$text['label-contact_name_middle']."\n"; echo "

\n"; echo " \n"; // echo "
\n"; // echo $text['description-contact_name_middle']."\n"; echo "

\n"; echo " ".$text['label-contact_name_family']."\n"; echo "

\n"; echo " \n"; // echo "
\n"; // echo $text['description-contact_name_family']."\n"; echo "

\n"; echo " ".$text['label-contact_name_suffix']."\n"; echo "

\n"; echo " \n"; // echo "
\n"; // echo $text['description-contact_name_suffix']."\n"; echo "

\n"; echo " ".$text['label-contact_nickname']."\n"; echo "

\n"; echo " \n"; // echo "
\n"; // echo $text['description-contact_nickname']."\n"; echo "

\n"; echo " ".$text['label-contact_title']."\n"; echo "

\n"; if (is_array($_SESSION["contact"]["title"])) { sort($_SESSION["contact"]["title"]); echo " \n"; } else { echo " \n"; } // echo "
\n"; // echo $text['description-contact_title']."\n"; echo "

\n"; echo " ".$text['label-contact_category']."\n"; echo "

\n"; if (is_array($_SESSION["contact"]["category"])) { sort($_SESSION["contact"]["category"]); echo " \n"; } else { echo " \n"; } // echo "
\n"; // echo $text['description-contact_category']."\n"; echo "

\n"; echo " ".$text['label-contact_role']."\n"; echo "

\n"; if (is_array($_SESSION["contact"]["role"])) { sort($_SESSION["contact"]["role"]); echo " \n"; } else { echo " \n"; } // echo "
\n"; // echo $text['description-contact_role']."\n"; echo "

\n"; echo " ".$text['label-contact_time_zone']."\n"; echo "

\n"; echo " \n"; // echo "
\n"; // echo $text['description-contact_time_zone']."\n"; echo "

".$text['label-users']."

"; if ($action == "update") { echo " \n"; foreach($contact_users as $field) { echo " \n"; echo " \n"; echo " \n"; echo " \n"; } echo "

".$field['username']."

\n"; if (permission_exists('contact_user_delete')) { echo " $v_link_label_delete\n"; } echo "

\n"; } echo "
\n"; if (permission_exists('contact_user_add')) { echo " "; if ($action == "update") { echo " \n"; } unset($users); echo "
\n"; echo " ".$text['description-users']."\n"; } echo "

"; if (permission_exists('contact_group_view')) { $contact_shared = 'true'; echo "

\n"; echo "\n"; echo ""; echo " "; echo " "; echo ""; echo "

".$text['label-groups']."

"; $sql = "select "; $sql .= "g.*, "; $sql .= "cg.contact_group_uuid "; $sql .= "from "; $sql .= "v_groups as g, "; $sql .= "v_contact_groups as cg "; $sql .= "where "; $sql .= "cg.group_uuid = g.group_uuid "; $sql .= "and cg.domain_uuid = '".$domain_uuid."' "; $sql .= "and cg.contact_uuid = '".$contact_uuid."' "; $sql .= "and cg.group_uuid <> '".$_SESSION["user_uuid"]."' "; $sql .= "order by g.group_name asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $result_count = count($result); if ($result_count > 0) { echo " \n"; foreach($result as $field) { if (strlen($field['group_name']) > 0) { echo "\n"; echo " \n"; echo " \n"; echo "\n"; $assigned_groups[] = $field['group_uuid']; } } echo "

".$field['group_name']."

\n"; if (permission_exists('contact_group_delete') || if_group("superadmin")) { echo " $v_link_label_delete\n"; } echo "

\n"; echo "
\n"; } unset($sql, $prep_statement, $result, $field); if (permission_exists('contact_group_add') || if_group("superadmin")) { $sql = "select * from v_groups "; $sql .= "where domain_uuid = '".$domain_uuid."' "; $sql .= "or domain_uuid is null "; if (sizeof($assigned_groups) > 0) { $sql .= "and group_uuid not in ('".implode("','",$assigned_groups)."') "; } $sql .= "order by group_name asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $result_count = count($result); if ($result_count > 0) { echo " "; if ($action == "update") { echo " \n"; } echo "
"; } unset($sql, $prep_statement, $result, $field); } echo " ".$text['description-groups']."\n"; echo "

\n"; echo "

"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo " \n"; echo " \n"; echo " "; echo "

\n"; echo " ".$text['label-contact_note']."\n"; echo "	\n"; echo " ".$contact_note."\n"; // echo " \n"; // echo $text['description-contact_note']."\n"; echo "
\n"; if ($action == "update") { echo " \n"; } echo " "; echo " \n"; echo "

"; echo "

\n"; //echo "

\n"; if (permission_exists('contact_phone_view')) { require "contact_phones.php"; } if (permission_exists('contact_address_view')) { require "contact_addresses.php"; } if (permission_exists('contact_email_view')) { require "contact_emails.php"; } if (permission_exists('contact_url_view')) { require "contact_urls.php"; } if (permission_exists('contact_extension_view')) { require "contact_extensions.php"; } if (permission_exists('contact_relation_view')) { require "contact_relations.php"; } if (permission_exists('contact_note_view')) { require "contact_notes.php"; } if (permission_exists('contact_time_view')) { require "contact_times.php"; } if (permission_exists('contact_setting_view')) { require "contact_settings.php"; } echo "

\n"; echo "

"; echo "

"; //include the footer require_once "resources/footer.php"; ?>