diff --git a/app/conference_controls/conference_control_detail_edit.php b/app/conference_controls/conference_control_detail_edit.php index 167b821ad8..55f12fd9a4 100644 --- a/app/conference_controls/conference_control_detail_edit.php +++ b/app/conference_controls/conference_control_detail_edit.php @@ -28,7 +28,7 @@ } //set the parent uuid - if (strlen($_GET["conference_control_uuid"]) > 0) { + if (is_uuid($_GET["conference_control_uuid"])) { $conference_control_uuid = $_GET["conference_control_uuid"]; } diff --git a/app/conference_profiles/conference_profile_delete.php b/app/conference_profiles/conference_profile_delete.php index 868c91b4d6..1715aae4d8 100644 --- a/app/conference_profiles/conference_profile_delete.php +++ b/app/conference_profiles/conference_profile_delete.php @@ -18,32 +18,27 @@ $language = new text; $text = $language->get(); -//get the id - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); - } - //delete the data - if (strlen($id) > 0) { - //delete the conference_profile_params - $sql = "delete from v_conference_profile_params "; - $sql .= "where conference_profile_uuid = '$id' "; - //$sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + if (is_uuid($_GET["id"])) { - //delete conference_profile - $sql = "delete from v_conference_profiles "; - $sql .= "where conference_profile_uuid = '$id' "; - //$sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + $conference_profile_uuid = $_GET["id"]; + + //delete the conference profile params + $array['conference_profile_params'][0]['conference_profile_uuid'] = $conference_profile_uuid; + //delete conference profile + $array['conference_profiles'][0]['conference_profile_uuid'] = $conference_profile_uuid; + + $database = new database; + $database->app_name = 'conference_profiles'; + $database->app_uuid = 'c33e2c2a-847f-44c1-8c0d-310df5d65ba9'; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); } //redirect the user - message::add($text['message-delete']); header('Location: conference_profiles.php'); ?> diff --git a/app/conference_profiles/conference_profile_edit.php b/app/conference_profiles/conference_profile_edit.php index 1c4fa4a5a3..a37135d0ca 100644 --- a/app/conference_profiles/conference_profile_edit.php +++ b/app/conference_profiles/conference_profile_edit.php @@ -19,9 +19,9 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $conference_profile_uuid = check_str($_REQUEST["id"]); + $conference_profile_uuid = $_REQUEST["id"]; } else { $action = "add"; @@ -29,16 +29,16 @@ //get http post variables and set them to php variables if (count($_POST) > 0) { - $profile_name = check_str($_POST["profile_name"]); - $profile_enabled = check_str($_POST["profile_enabled"]); - $profile_description = check_str($_POST["profile_description"]); + $profile_name = $_POST["profile_name"]; + $profile_enabled = $_POST["profile_enabled"]; + $profile_description = $_POST["profile_description"]; } //check to see if the http post exists if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //get the uuid if ($action == "update") { - $conference_profile_uuid = check_str($_POST["conference_profile_uuid"]); + $conference_profile_uuid = $_POST["conference_profile_uuid"]; } //check for all required data @@ -61,66 +61,51 @@ //add or update the database if ($_POST["persistformvar"] != "true") { + + $array['conference_profiles'][0]['profile_name'] = $profile_name; + $array['conference_profiles'][0]['profile_enabled'] = $profile_enabled; + $array['conference_profiles'][0]['profile_description'] = $profile_description; + if ($action == "add" && permission_exists('conference_profile_add')) { - $sql = "insert into v_conference_profiles "; - $sql .= "("; - //$sql .= "domain_uuid, "; - $sql .= "conference_profile_uuid, "; - $sql .= "profile_name, "; - $sql .= "profile_enabled, "; - $sql .= "profile_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - //$sql .= "'$domain_uuid', "; - $sql .= "'".uuid()."', "; - $sql .= "'$profile_name', "; - $sql .= "'$profile_enabled', "; - $sql .= "'$profile_description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - + $array['conference_profiles'][0]['conference_profile_uuid'] = uuid(); message::add($text['message-add']); - header("Location: conference_profiles.php"); - return; - - } //if ($action == "add") + } if ($action == "update" && permission_exists('conference_profile_edit')) { - $sql = "update v_conference_profiles set "; - $sql .= "profile_name = '$profile_name', "; - $sql .= "profile_enabled = '$profile_enabled', "; - $sql .= "profile_description = '$profile_description' "; - $sql .= "where conference_profile_uuid = '$conference_profile_uuid'"; - //$sql .= "and domain_uuid = '$domain_uuid' "; - $db->exec(check_sql($sql)); - unset($sql); - + $array['conference_profiles'][0]['conference_profile_uuid'] = $conference_profile_uuid; message::add($text['message-update']); - header("Location: conference_profiles.php"); - return; - - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } + + if (is_uuid($array['conference_profiles'][0]['conference_profile_uuid'])) { + $database = new database; + $database->app_name = 'conference_profiles'; + $database->app_uuid = 'c33e2c2a-847f-44c1-8c0d-310df5d65ba9'; + $database->save($array); + unset($array); + } + + header("Location: conference_profiles.php"); + exit; + + } + } //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { - $conference_profile_uuid = check_str($_GET["id"]); + $conference_profile_uuid = $_GET["id"]; $sql = "select * from v_conference_profiles "; - $sql .= "where conference_profile_uuid = '$conference_profile_uuid' "; - //$sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - - foreach ($result as &$row) { + $sql .= "where conference_profile_uuid = :conference_profile_uuid "; + //$sql .= "and domain_uuid = :domain_uuid "; + $parameters['conference_profile_uuid'] = $conference_profile_uuid; + //$parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row) != 0) { $profile_name = $row["profile_name"]; $profile_enabled = $row["profile_enabled"]; $profile_description = $row["profile_description"]; } - unset ($prep_statement); + unset($sql, $parameters); } //show the header diff --git a/app/conference_profiles/conference_profile_param_delete.php b/app/conference_profiles/conference_profile_param_delete.php index 1611190345..f4183304a5 100644 --- a/app/conference_profiles/conference_profile_param_delete.php +++ b/app/conference_profiles/conference_profile_param_delete.php @@ -18,25 +18,26 @@ $language = new text; $text = $language->get(); -//get the id - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); - $conference_profile_uuid = check_str($_GET["conference_profile_uuid"]); - } - //delete the data - if (strlen($id) > 0) { + if (is_uuid($_GET["id"]) && is_uuid($_GET["conference_profile_uuid"])) { + + $conference_profile_param_uuid = $_GET["id"]; + $conference_profile_uuid = $_GET["conference_profile_uuid"]; + //delete conference_profile_param - $sql = "delete from v_conference_profile_params "; - $sql .= "where conference_profile_param_uuid = '$id' "; - //$sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + $array['conference_profile_params'][0]['conference_profile_param_uuid'] = $conference_profile_param_uuid; + + $database = new database; + $database->app_name = 'conference_profiles'; + $database->app_uuid = 'c33e2c2a-847f-44c1-8c0d-310df5d65ba9'; + $database->delete($array); + unset($array); + + //set message + message::add($text['message-delete']); } //redirect the user - message::add($text['message-delete']); - header('Location: conference_profile_param_edit.php?id='.$conference_profile_uuid); + header('Location: conference_profile_edit.php?id='.$conference_profile_uuid); ?> diff --git a/app/conference_profiles/conference_profile_param_edit.php b/app/conference_profiles/conference_profile_param_edit.php index 1fcd943d8b..f981969f39 100644 --- a/app/conference_profiles/conference_profile_param_edit.php +++ b/app/conference_profiles/conference_profile_param_edit.php @@ -19,25 +19,25 @@ $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $conference_profile_param_uuid = check_str($_REQUEST["id"]); + $conference_profile_param_uuid = $_REQUEST["id"]; } else { $action = "add"; } //set the parent uuid - if (strlen($_GET["conference_profile_uuid"]) > 0) { - $conference_profile_uuid = check_str($_GET["conference_profile_uuid"]); + if (is_uuid($_GET["conference_profile_uuid"])) { + $conference_profile_uuid = $_GET["conference_profile_uuid"]; } //get http post variables and set them to php variables if (count($_POST)>0) { - $profile_param_name = check_str($_POST["profile_param_name"]); - $profile_param_value = check_str($_POST["profile_param_value"]); - $profile_param_enabled = check_str($_POST["profile_param_enabled"]); - $profile_param_description = check_str($_POST["profile_param_description"]); + $profile_param_name = $_POST["profile_param_name"]; + $profile_param_value = $_POST["profile_param_value"]; + $profile_param_enabled = $_POST["profile_param_enabled"]; + $profile_param_description = $_POST["profile_param_description"]; } //process the http post if it exists @@ -45,7 +45,7 @@ //get the uuid if ($action == "update") { - $conference_profile_param_uuid = check_str($_POST["conference_profile_param_uuid"]); + $conference_profile_param_uuid = $_POST["conference_profile_param_uuid"]; } //check for all required data @@ -69,72 +69,54 @@ //add or update the database if ($_POST["persistformvar"] != "true") { + + $array['conference_profile_params'][0]['conference_profile_uuid'] = $conference_profile_uuid; + $array['conference_profile_params'][0]['profile_param_name'] = $profile_param_name; + $array['conference_profile_params'][0]['profile_param_value'] = $profile_param_value; + $array['conference_profile_params'][0]['profile_param_enabled'] = $profile_param_enabled; + $array['conference_profile_params'][0]['profile_param_description'] = $profile_param_description; + if ($action == "add" && permission_exists('conference_profile_param_add')) { - $sql = "insert into v_conference_profile_params "; - $sql .= "("; - //$sql .= "domain_uuid, "; - $sql .= "conference_profile_param_uuid, "; - $sql .= "conference_profile_uuid, "; - $sql .= "profile_param_name, "; - $sql .= "profile_param_value, "; - $sql .= "profile_param_enabled, "; - $sql .= "profile_param_description "; - $sql .= ")"; - $sql .= "values "; - $sql .= "("; - //$sql .= "'$domain_uuid', "; - $sql .= "'".uuid()."', "; - $sql .= "'$conference_profile_uuid', "; - $sql .= "'$profile_param_name', "; - $sql .= "'$profile_param_value', "; - $sql .= "'$profile_param_enabled', "; - $sql .= "'$profile_param_description' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); - + $array['conference_profile_params'][0]['conference_profile_param_uuid'] = uuid(); message::add($text['message-add']); - header('Location: conference_profile_edit.php?id='.$conference_profile_uuid); - return; - - } //if ($action == "add") + } if ($action == "update" && permission_exists('conference_profile_param_edit')) { - $sql = "update v_conference_profile_params set "; - $sql .= "conference_profile_uuid = '$conference_profile_uuid', "; - $sql .= "profile_param_name = '$profile_param_name', "; - $sql .= "profile_param_value = '$profile_param_value', "; - $sql .= "profile_param_enabled = '$profile_param_enabled', "; - $sql .= "profile_param_description = '$profile_param_description' "; - $sql .= "where conference_profile_param_uuid = '$conference_profile_param_uuid'"; - //$sql .= "and domain_uuid = '$domain_uuid' "; - $db->exec(check_sql($sql)); - unset($sql); - + $array['conference_profile_params'][0]['conference_profile_param_uuid'] = $conference_profile_param_uuid; message::add($text['message-update']); - header('Location: conference_profile_edit.php?id='.$conference_profile_uuid); - return; - - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } + + if (is_uuid($array['conference_profile_params'][0]['conference_profile_param_uuid'])) { + $database = new database; + $database->app_name = 'conference_profiles'; + $database->app_uuid = 'c33e2c2a-847f-44c1-8c0d-310df5d65ba9'; + $database->save($array); + unset($array); + } + + header('Location: conference_profile_edit.php?id='.$conference_profile_uuid); + exit; + + } + } //pre-populate the form if (count($_GET) > 0 && $_POST["persistformvar"] != "true") { - $conference_profile_param_uuid = check_str($_GET["id"]); + $conference_profile_param_uuid = $_GET["id"]; $sql = "select * from v_conference_profile_params "; - $sql .= "where conference_profile_param_uuid = '$conference_profile_param_uuid' "; - //$sql .= "and domain_uuid = '$domain_uuid' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach ($result as &$row) { + $sql .= "where conference_profile_param_uuid = :conference_profile_param_uuid "; + //$sql .= "and domain_uuid = :domain_uuid "; + $parameters['conference_profile_param_uuid'] = $conference_profile_param_uuid; + //$parameters['domain_uuid'] = $_SESSION['domain_uuid']; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && sizeof($row)) { $profile_param_name = $row["profile_param_name"]; $profile_param_value = $row["profile_param_value"]; $profile_param_enabled = $row["profile_param_enabled"]; $profile_param_description = $row["profile_param_description"]; } - unset ($prep_statement); + unset($sql, $parameters); } //show the header diff --git a/app/conference_profiles/conference_profile_params.php b/app/conference_profiles/conference_profile_params.php index 53608b878d..2f5912417f 100644 --- a/app/conference_profiles/conference_profile_params.php +++ b/app/conference_profiles/conference_profile_params.php @@ -19,51 +19,20 @@ $text = $language->get(); //get variables used to control the order - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); - -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } - -//add the search term - $search = check_str($_GET["search"]); - if (strlen($search) > 0) { - $sql_search = "and ("; - $sql_search .= "profile_param_name like :search"; - $sql_search .= "or profile_param_value like :search"; - $sql_search .= "or profile_param_enabled like :search"; - $sql_search .= "or profile_param_description like :search"; - $sql_search .= ")"; - } + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; //additional includes require_once "resources/header.php"; require_once "resources/paging.php"; //prepare to page the results - $sql = "select count(*) as num_rows from v_conference_profile_params "; + $sql = "select count(*) from v_conference_profile_params "; $sql .= "where conference_profile_uuid = :conference_profile_uuid "; - //$sql .= "and domain_uuid = :domain_uuid "; - //$sql .= $sql_search; - //$parameters['domain_uuid'] = $domain_uuid; - if (strlen($search) > 0) { - $parameters['search'] = '%'.$search.'%'; - } $parameters['conference_profile_uuid'] = $conference_profile_uuid; $database = new database; - $row = $database->select($sql, $parameters, 'all'); + $num_rows = $database->select($sql, $parameters, 'column'); + unset($sql); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -76,14 +45,11 @@ //get the list $sql = "select * from v_conference_profile_params "; $sql .= "where conference_profile_uuid = :conference_profile_uuid "; - //$sql .= "where domain_uuid = '$domain_uuid' "; - //$sql .= $sql_search; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $sql .= "limit :rows_per_page offset :offset "; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); $database = new database; $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //alternate the row style $c = 0; @@ -92,15 +58,6 @@ //show the content echo "\n"; - //echo " \n"; - //echo " \n"; - //echo " \n"; - //echo " \n"; - //echo " \n"; - //echo " \n"; echo " \n"; echo " \n"; echo "\n"; - if (is_array($result)) { + if (is_array($result) && sizeof($result) != 0) { foreach($result as $row) { if (permission_exists('conference_profile_param_edit')) { $tr_link = "href='conference_profile_param_edit.php?conference_profile_uuid=".$row['conference_profile_uuid']."&id=".$row['conference_profile_param_uuid']."'"; @@ -145,7 +102,7 @@ echo "\n"; if ($c==0) { $c=1; } else { $c=0; } } //end foreach - unset($sql, $result, $row_count); + unset($result); } //end if results echo "\n"; diff --git a/app/conference_profiles/conference_profiles.php b/app/conference_profiles/conference_profiles.php index 63b226a4d8..56d49440b6 100644 --- a/app/conference_profiles/conference_profiles.php +++ b/app/conference_profiles/conference_profiles.php @@ -19,47 +19,30 @@ $text = $language->get(); //get variables used to control the order - $order_by = check_str($_GET["order_by"]); - $order = check_str($_GET["order"]); - -//validate order by - if (strlen($order_by) > 0) { - $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); - } - -//validate the order - switch ($order) { - case 'asc': - break; - case 'desc': - break; - default: - $order = ''; - } + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; //add the search term - $search = check_str($_GET["search"]); + $search = $_GET["search"]; if (strlen($search) > 0) { $sql_search = "where ("; $sql_search .= "profile_name like :search"; $sql_search .= "or profile_enabled like :search"; $sql_search .= "or profile_description like :search"; $sql_search .= ")"; + $parameters['search'] = '%'.$search.'%'; } //additional includes require_once "resources/header.php"; require_once "resources/paging.php"; //prepare to page the results - $sql = "select count(*) as num_rows from v_conference_profiles "; + $sql = "select count(*) from v_conference_profiles "; //$sql .= "where domain_uuid = :domain_uuid "; $sql .= $sql_search; //$parameters['domain_uuid'] = $domain_uuid; - if (strlen($search) > 0) { - $parameters['search'] = '%'.$search.'%'; - } $database = new database; - $row = $database->select($sql, $parameters, 'all'); + $num_rows = $database->select($sql, $parameters, 'column'); //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; @@ -71,12 +54,11 @@ //get the list $sql = "select * from v_conference_profiles "; - //$sql .= "where domain_uuid = '$domain_uuid' "; + //$sql .= "where domain_uuid = :domain_uuid "; $sql .= $sql_search; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $sql .= "limit :rows_per_page offset :offset "; - $parameters['rows_per_page'] = $rows_per_page; - $parameters['offset'] = $offset; + $sql .= order_by($order_by, $order); + $sql .= limit_offset($rows_per_page, $offset); + //$parameters['domain_uuid'] = $_SESSION['domain_uuid']; $database = new database; $result = $database->select($sql, $parameters, 'all'); @@ -118,7 +100,7 @@ echo "\n"; echo "\n"; - if (is_array($result)) { + if (is_array($result) && sizeof($result) != 0) { foreach($result as $row) { if (permission_exists('conference_profile_edit')) { $tr_link = "href='conference_profile_edit.php?id=".$row['conference_profile_uuid']."'";
".$text['title-conference_profile_params']."
\n"; - //echo " \n"; - //echo " \n"; - //echo "
\n"; echo " ".$text['title_description-conference_profile_param']."

\n"; @@ -124,7 +81,7 @@ echo "