diff --git a/app/contacts/contact_relation_delete.php b/app/contacts/contact_relation_delete.php index 81886ad2af..9e0b711fff 100644 --- a/app/contacts/contact_relation_delete.php +++ b/app/contacts/contact_relation_delete.php @@ -38,23 +38,27 @@ else { $language = new text; $text = $language->get(); -if (count($_GET)>0) { - $id = check_str($_GET["id"]); //relation - $contact_uuid = check_str($_GET["contact_uuid"]); -} +//get submitted + $contact_relation_uuid = $_GET["id"]; + $contact_uuid = $_GET["contact_uuid"]; -if (strlen($id)>0) { - $sql = "delete from v_contact_relations "; - $sql .= "where contact_relation_uuid = '".$id."' "; - $sql .= "and domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); -} +//delete + if (is_uuid($contact_relation_uuid) && is_uuid($contact_uuid)) { + $array['contact_relations'][0]['contact_relation_uuid'] = $contact_relation_uuid; + $array['contact_relations'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_relations'][0]['contact_uuid'] = $contact_uuid; -message::add($text['message-delete']); -header("Location: contact_edit.php?id=".$contact_uuid); -return; + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); + } + +//redirect + header("Location: contact_edit.php?id=".$contact_uuid); + exit; ?> \ No newline at end of file diff --git a/app/contacts/contact_relation_edit.php b/app/contacts/contact_relation_edit.php index 74c2b19819..80b2febc18 100644 --- a/app/contacts/contact_relation_edit.php +++ b/app/contacts/contact_relation_edit.php @@ -40,27 +40,27 @@ else { $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $contact_relation_uuid = check_str($_REQUEST["id"]); + $contact_relation_uuid = $_REQUEST["id"]; } else { $action = "add"; } //get the contact uuid - if (strlen($_GET["contact_uuid"]) > 0) { - $contact_uuid = check_str($_GET["contact_uuid"]); + if (is_uuid($_GET["contact_uuid"])) { + $contact_uuid = $_GET["contact_uuid"]; } //get http post variables and set them to php variables - if (count($_POST)>0) { - $relation_label = check_str($_POST["relation_label"]); - $relation_label_custom = check_str($_POST["relation_label_custom"]); - $relation_contact_uuid = check_str($_POST["relation_contact_uuid"]); - $relation_reciprocal = check_str($_POST["relation_reciprocal"]); - $relation_reciprocal_label = check_str($_POST["relation_reciprocal_label"]); - $relation_reciprocal_label_custom = check_str($_POST["relation_reciprocal_label_custom"]); + if (is_array($_POST) && @sizeof($_POST) != 0) { + $relation_label = $_POST["relation_label"]; + $relation_label_custom = $_POST["relation_label_custom"]; + $relation_contact_uuid = $_POST["relation_contact_uuid"]; + $relation_reciprocal = $_POST["relation_reciprocal"]; + $relation_reciprocal_label = $_POST["relation_reciprocal_label"]; + $relation_reciprocal_label_custom = $_POST["relation_reciprocal_label_custom"]; //use custom label(s), if set $relation_label = ($relation_label_custom != '') ? $relation_label_custom : $relation_label; @@ -68,11 +68,11 @@ else { } //process the form data - if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { + if (is_array($_POST) && @sizeof($_POST) != 0 && strlen($_POST["persistformvar"]) == 0) { //set the uuid if ($action == "update") { - $contact_relation_uuid = check_str($_POST["contact_relation_uuid"]); + $contact_relation_uuid = $_POST["contact_relation_uuid"]; } //check for all required data @@ -94,93 +94,82 @@ else { if ($_POST["persistformvar"] != "true") { //update last modified - $sql = "update v_contacts set "; - $sql .= "last_mod_date = now(), "; - $sql .= "last_mod_user = '".$_SESSION['username']."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][0]['contact_uuid'] = $contact_uuid; + $array['contacts'][0]['domain_uuid'] = $domain_uuid; + $array['contacts'][0]['last_mod_date'] = 'now()'; + $array['contacts'][0]['last_mod_user'] = $_SESSION['username']; - if ($action == "add") { - $contact_relation_uuid = uuid(); - $sql = "insert into v_contact_relations "; - $sql .= "("; - $sql .= "contact_relation_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "relation_label, "; - $sql .= "relation_contact_uuid "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$contact_relation_uuid."', "; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$relation_label."', "; - $sql .= "'".$relation_contact_uuid."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $p = new permissions; + $p->add('contact_edit', 'temp'); - if ($relation_reciprocal) { + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_edit', 'temp'); + + //add the setting + if ($action == "add" && permission_exists('contact_relation_add')) { $contact_relation_uuid = uuid(); - $sql = "insert into v_contact_relations "; - $sql .= "("; - $sql .= "contact_relation_uuid, "; - $sql .= "domain_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "relation_label, "; - $sql .= "relation_contact_uuid "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - $sql .= "'".$contact_relation_uuid."', "; - $sql .= "'".$_SESSION['domain_uuid']."', "; - $sql .= "'".$relation_contact_uuid."', "; - $sql .= "'".$relation_reciprocal_label."', "; - $sql .= "'".$contact_uuid."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_relations'][0]['contact_relation_uuid'] = $contact_relation_uuid; + + if ($relation_reciprocal) { + $contact_relation_uuid = uuid(); + $array['contact_relations'][1]['contact_relation_uuid'] = $contact_relation_uuid; + $array['contact_relations'][1]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_relations'][1]['contact_uuid'] = $relation_contact_uuid; + $array['contact_relations'][1]['relation_label'] = $relation_reciprocal_label; + $array['contact_relations'][1]['relation_contact_uuid'] = $contact_uuid; + } + + message::add($text['message-add']); } - message::add($text['message-add']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "add") + //update the setting + if ($action == "update" && permission_exists('contact_relation_edit')) { + $array['contact_relations'][0]['contact_relation_uuid'] = $contact_relation_uuid; - if ($action == "update") { - $sql = "update v_contact_relations set "; - $sql .= "relation_label = '".$relation_label."', "; - $sql .= "relation_contact_uuid = '".$relation_contact_uuid."' "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_relation_uuid = '".$contact_relation_uuid."'"; - $db->exec(check_sql($sql)); - unset($sql); + message::add($text['message-update']); + } - message::add($text['message-update']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + //execute + if (is_array($array) && @sizeof($array) != 0) { + $array['contact_relations'][0]['contact_uuid'] = $contact_uuid; + $array['contact_relations'][0]['domain_uuid'] = $_SESSION['domain_uuid']; + $array['contact_relations'][0]['relation_label'] = $relation_label; + $array['contact_relations'][0]['relation_contact_uuid'] = $relation_contact_uuid; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + } + + //redirect the browser + header("Location: contact_edit.php?id=".escape($contact_uuid)); + exit; + + } + } //pre-populate the form - if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { + if (is_array($_GET) && @sizeof($_GET) != 0 && $_POST["persistformvar"] != "true") { $contact_relation_uuid = $_GET["id"]; $sql = "select * from v_contact_relations "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_relation_uuid = '".$contact_relation_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_relation_uuid = :contact_relation_uuid "; + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_relation_uuid'] = $contact_relation_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { $relation_label = $row["relation_label"]; $relation_contact_uuid = $row["relation_contact_uuid"]; - break; //limit to 1 row } - unset ($prep_statement); + unset($sql, $parameters, $row); } //show the header @@ -256,28 +245,30 @@ else { echo "\n"; echo "\n"; $sql = "select contact_uuid, contact_organization, contact_name_given, contact_name_family from v_contacts "; - $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and contact_uuid <> '".$contact_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid <> :contact_uuid "; $sql .= "order by contact_organization desc, contact_name_given asc, contact_name_family asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); echo "\n"; // echo "
\n"; // echo $text['description-related_contact']."\n"; diff --git a/app/contacts/contact_relations.php b/app/contacts/contact_relations.php index df45e1d629..dbc562ba30 100644 --- a/app/contacts/contact_relations.php +++ b/app/contacts/contact_relations.php @@ -51,17 +51,17 @@ $sql .= "v_contacts as c "; $sql .= "where "; $sql .= "cr.relation_contact_uuid = c.contact_uuid "; - $sql .= "and cr.domain_uuid = '".$_SESSION['domain_uuid']."' "; - $sql .= "and cr.contact_uuid = '".$contact_uuid."' "; + $sql .= "and cr.domain_uuid = :domain_uuid "; + $sql .= "and cr.contact_uuid = :contact_uuid "; $sql .= "order by "; $sql .= "c.contact_organization desc, "; $sql .= "c.contact_name_given asc, "; $sql .= "c.contact_name_family asc "; - //echo $sql."

"; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $contact_relations = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $contact_relations = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set the row style $c = 0; @@ -89,7 +89,7 @@ echo "\n"; echo "\n"; - if (is_array($contact_relations)) { + if (is_array($contact_relations) && @sizeof($contact_relations) != 0) { foreach($contact_relations as $row) { if (permission_exists('contact_relation_edit')) { $tr_link = "href='contact_relation_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_relation_uuid'])."' "; @@ -109,7 +109,7 @@ echo "\n"; $c = ($c) ? 0 : 1; } //end foreach - unset($sql, $contact_relations); + unset($contact_relations, $row); } //end if results echo ""; diff --git a/app/contacts/contact_setting_edit.php b/app/contacts/contact_setting_edit.php index 9f5b9c566d..7bae1d7d9a 100644 --- a/app/contacts/contact_setting_edit.php +++ b/app/contacts/contact_setting_edit.php @@ -107,7 +107,7 @@ //set the order $contact_setting_order = $contact_setting_order != '' ? $contact_setting_order : null; - //update last modified + //update last modified $array['contacts'][0]['contact_uuid'] = $contact_uuid; $array['contacts'][0]['domain_uuid'] = $domain_uuid; $array['contacts'][0]['last_mod_date'] = 'now()'; @@ -125,7 +125,7 @@ $p->delete('contact_edit', 'temp'); //add the setting - if ($action == "add" && permission_exists('domain_setting_add')) { + if ($action == "add" && permission_exists('contact_setting_add')) { $contact_setting_uuid = uuid(); $array['contact_settings'][0]['contact_setting_uuid'] = $contact_setting_uuid; @@ -133,7 +133,7 @@ } //update the setting - if ($action == "update") { + if ($action == "update" && permission_exists('contact_setting_edit')) { $array['contact_settings'][0]['contact_setting_uuid'] = $contact_setting_uuid; message::add($text['message-update']); diff --git a/app/contacts/contact_time_edit.php b/app/contacts/contact_time_edit.php index e01e5522ff..7c354c462d 100644 --- a/app/contacts/contact_time_edit.php +++ b/app/contacts/contact_time_edit.php @@ -102,14 +102,14 @@ else { $p->delete('contact_edit', 'temp'); - if ($action == "add") { + if ($action == "add" && permission_exists('contact_time_add')) { $contact_time_uuid = uuid(); $array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid; message::add($text['message-add']); } - if ($action == "update") { + if ($action == "update" && permission_exists('contact_time_edit')) { $array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid; message::add($text['message-update']); diff --git a/app/contacts/contact_url_edit.php b/app/contacts/contact_url_edit.php index c6919b037c..9c1162c63f 100644 --- a/app/contacts/contact_url_edit.php +++ b/app/contacts/contact_url_edit.php @@ -120,14 +120,14 @@ else { unset($sql, $parameters); } - if ($action == "add") { + if ($action == "add" && permission_exists('contact_url_add')) { $contact_url_uuid = uuid(); $array['contact_urls'][0]['contact_url_uuid'] = $contact_url_uuid; message::add($text['message-add']); } - if ($action == "update") { + if ($action == "update" && permission_exists('contact_url_edit')) { $array['contact_urls'][0]['contact_url_uuid'] = $contact_url_uuid; message::add($text['message-update']);