diff --git a/app/contacts/contact_time_delete.php b/app/contacts/contact_time_delete.php index 3a688c4d74..3dac60ca0c 100644 --- a/app/contacts/contact_time_delete.php +++ b/app/contacts/contact_time_delete.php @@ -39,25 +39,26 @@ else { $text = $language->get(); //get the http values and set as variables - if (count($_GET) > 0) { - $contact_time_uuid = check_str($_GET["id"]); - $contact_uuid = check_str($_GET["contact_uuid"]); - } + $contact_time_uuid = $_GET["id"]; + $contact_uuid = $_GET["contact_uuid"]; //delete the record - if (strlen($contact_time_uuid) > 0) { - $sql = "delete from v_contact_times "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $sql .= "and contact_time_uuid = '".$contact_time_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + if (is_uuid($contact_time_uuid) && is_uuid($contact_uuid)) { + $array['contact_times'][0]['domain_uuid'] = $domain_uuid; + $array['contact_times'][0]['contact_uuid'] = $contact_uuid; + $array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->delete($array); + unset($array); + + message::add($text['message-delete']); } //redirect the browser - message::add($text['message-delete']); header("Location: contact_edit.php?id=".$contact_uuid); - return; + exit; ?> \ No newline at end of file diff --git a/app/contacts/contact_time_edit.php b/app/contacts/contact_time_edit.php index 5c24ad4125..96d1c5d349 100644 --- a/app/contacts/contact_time_edit.php +++ b/app/contacts/contact_time_edit.php @@ -39,32 +39,32 @@ else { $text = $language->get(); //action add or update - if (isset($_REQUEST["id"])) { + if (is_uuid($_REQUEST["id"])) { $action = "update"; - $contact_time_uuid = check_str($_REQUEST["id"]); + $contact_time_uuid = $_REQUEST["id"]; } else { $action = "add"; } //get the contact uuid - if (strlen($_GET["contact_uuid"]) > 0) { - $contact_uuid = check_str($_GET["contact_uuid"]); + if (is_uuid($_GET["contact_uuid"])) { + $contact_uuid = $_GET["contact_uuid"]; } //get http post variables and set them to php variables - if (count($_POST)>0) { - $time_start = check_str($_POST["time_start"]); - $time_stop = check_str($_POST["time_stop"]); - $time_description = check_str($_POST["time_description"]); + if (is_array($_POST) && @sizeof($_POST) != 0) { + $time_start = $_POST["time_start"]; + $time_stop = $_POST["time_stop"]; + $time_description = $_POST["time_description"]; } //process the form data - if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { + if (is_array($_POST) && @sizeof($_POST) != 0 && strlen($_POST["persistformvar"]) == 0) { //set the uuid if ($action == "update") { - $contact_time_uuid = check_str($_POST["contact_time_uuid"]); + $contact_time_uuid = $_POST["contact_time_uuid"]; } //check for all required data @@ -86,82 +86,76 @@ else { if ($_POST["persistformvar"] != "true") { //update last modified - $sql = "update v_contacts set "; - $sql .= "last_mod_date = now(), "; - $sql .= "last_mod_user = '".$_SESSION['username']."' "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contacts'][0]['contact_uuid'] = $contact_uuid; + $array['contacts'][0]['domain_uuid'] = $domain_uuid; + $array['contacts'][0]['last_mod_date'] = 'now()'; + $array['contacts'][0]['last_mod_user'] = $_SESSION['username']; + + $p = new permissions; + $p->add('contact_edit', 'temp'); + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + + $p->delete('contact_edit', 'temp'); if ($action == "add") { $contact_time_uuid = uuid(); - $sql = "insert into v_contact_times "; - $sql .= "( "; - $sql .= "domain_uuid, "; - $sql .= "contact_time_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "user_uuid, "; - $sql .= "time_start, "; - $sql .= "time_stop, "; - $sql .= "time_description "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".$domain_uuid."', "; - $sql .= "'".$contact_time_uuid."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$_SESSION["user"]["user_uuid"]."', "; - $sql .= "'".$time_start."', "; - $sql .= "'".$time_stop."', "; - $sql .= "'".$time_description."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid; message::add($text['message-add']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "add") + } if ($action == "update") { - $sql = "update v_contact_times "; - $sql .= "set "; - $sql .= "time_start = '".$time_start."', "; - $sql .= "time_stop = '".$time_stop."', "; - $sql .= "time_description = '".$time_description."' "; - $sql .= "where "; - $sql .= "contact_time_uuid = '".$contact_time_uuid."' "; - $sql .= "and domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $sql .= "and user_uuid = '".$_SESSION["user"]["user_uuid"]."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid; message::add($text['message-update']); - header("Location: contact_edit.php?id=".$contact_uuid); - return; - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") - } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) + } + + if (is_array($array) && @sizeof($array) != 0) { + $array['contact_times'][0]['domain_uuid'] = $domain_uuid; + $array['contact_times'][0]['contact_uuid'] = $contact_uuid; + $array['contact_times'][0]['user_uuid'] = $_SESSION["user"]["user_uuid"]; + $array['contact_times'][0]['time_start'] = $time_start; + $array['contact_times'][0]['time_stop'] = $time_stop; + $array['contact_times'][0]['time_description'] = $time_description; + + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + } + + header("Location: contact_edit.php?id=".$contact_uuid); + exit; + + } + } //pre-populate the form - if (count($_GET)>0 && $_POST["persistformvar"] != "true") { + if (is_array($_GET) && @sizeof($_GET) != 0 && $_POST["persistformvar"] != "true") { $contact_time_uuid = $_GET["id"]; $sql = "select ct.*, u.username "; $sql .= "from v_contact_times as ct, v_users as u "; $sql .= "where ct.user_uuid = u.user_uuid "; - $sql .= "and ct.domain_uuid = '".$domain_uuid."' "; - $sql .= "and ct.contact_uuid = '".$contact_uuid."' "; - $sql .= "and ct.user_uuid = '".$_SESSION["user"]["user_uuid"]."' "; - $sql .= "and contact_time_uuid = '".$contact_time_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - $time_start = $result["time_start"]; - $time_stop = $result["time_stop"]; - $time_description = $result["time_description"]; - unset ($prep_statement); + $sql .= "and ct.domain_uuid = :domain_uuid "; + $sql .= "and ct.contact_uuid = :contact_uuid "; + $sql .= "and ct.user_uuid = :user_uuid "; + $sql .= "and contact_time_uuid = :contact_time_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $parameters['user_uuid'] = $_SESSION["user"]["user_uuid"]; + $parameters['contact_time_uuid'] = $contact_time_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + $time_start = $row["time_start"]; + $time_stop = $row["time_stop"]; + $time_description = $row["time_description"]; + unset($sql, $parameters, $row); } //show the header diff --git a/app/contacts/contact_timer.php b/app/contacts/contact_timer.php index 9b93f6a224..da385bd059 100644 --- a/app/contacts/contact_timer.php +++ b/app/contacts/contact_timer.php @@ -33,54 +33,41 @@ if (!permission_exists('contact_time_add')) { echo "access denied"; exit; } $text = $language->get(); //get contact uuid - $domain_uuid = check_str($_REQUEST['domain_uuid']); - $contact_uuid = check_str($_REQUEST['contact_uuid']); + $domain_uuid = $_REQUEST['domain_uuid']; + $contact_uuid = $_REQUEST['contact_uuid']; //get posted variables & set time status - if (sizeof($_POST) > 0) { - $contact_time_uuid = check_str($_POST['contact_time_uuid']); - $contact_uuid = check_str($_POST['contact_uuid']); - $time_action = check_str($_POST['time_action']); - $time_description = check_str($_POST['time_description']); + if (is_array($_POST) && @sizeof($_POST) != 0) { + $contact_time_uuid = $_POST['contact_time_uuid']; + $contact_uuid = $_POST['contact_uuid']; + $time_action = $_POST['time_action']; + $time_description = $_POST['time_description']; if ($time_description == 'Description...') { unset($time_description); } if ($time_action == 'start') { $contact_time_uuid = uuid(); - $sql = "insert into v_contact_times "; - $sql .= "( "; - $sql .= "domain_uuid, "; - $sql .= "contact_time_uuid, "; - $sql .= "contact_uuid, "; - $sql .= "user_uuid, "; - $sql .= "time_start, "; - $sql .= "time_description "; - $sql .= ") "; - $sql .= "values "; - $sql .= "( "; - $sql .= "'".$domain_uuid."', "; - $sql .= "'".$contact_time_uuid."', "; - $sql .= "'".$contact_uuid."', "; - $sql .= "'".$_SESSION["user"]["user_uuid"]."', "; - $sql .= "'".date("Y-m-d H:i:s")."', "; - $sql .= "'".$time_description."' "; - $sql .= ")"; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_times'][0]['domain_uuid'] = $domain_uuid; + $array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid; + $array['contact_times'][0]['contact_uuid'] = $contact_uuid; + $array['contact_times'][0]['user_uuid'] = $_SESSION["user"]["user_uuid"]; + $array['contact_times'][0]['time_start'] = date("Y-m-d H:i:s"); + $array['contact_times'][0]['time_description'] = $time_description; } if ($time_action == 'stop') { - $sql = "update v_contact_times "; - $sql .= "set "; - $sql .= "time_stop = '".date("Y-m-d H:i:s")."', "; - $sql .= "time_description = '".$time_description."' "; - $sql .= "where "; - $sql .= "contact_time_uuid = '".$contact_time_uuid."' "; - $sql .= "and domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $sql .= "and user_uuid = '".$_SESSION["user"]["user_uuid"]."' "; - $db->exec(check_sql($sql)); - unset($sql); + $array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid; + $array['contact_times'][0]['time_stop'] = date("Y-m-d H:i:s"); + $array['contact_times'][0]['time_description'] = $time_description; } + + if (is_array($array) && @sizeof($array) != 0) { + $database = new database; + $database->app_name = 'contacts'; + $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c'; + $database->save($array); + unset($array); + } + header("Location: contact_timer.php?domain_uuid=".$domain_uuid."&contact_uuid=".$contact_uuid); } @@ -91,43 +78,46 @@ if (!permission_exists('contact_time_add')) { echo "access denied"; exit; } $sql .= "contact_name_family, "; $sql .= "contact_nickname "; $sql .= "from v_contacts "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - if (sizeof($result) > 0) { - $contact_organization = $result["contact_organization"]; - $contact_name_given = $result["contact_name_given"]; - $contact_name_family = $result["contact_name_family"]; - $contact_nickname = $result["contact_nickname"]; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $contact_organization = $row["contact_organization"]; + $contact_name_given = $row["contact_name_given"]; + $contact_name_family = $row["contact_name_family"]; + $contact_nickname = $row["contact_nickname"]; } else { exit; } - unset ($sql, $prep_statement, $result); + unset($sql, $parameters, $row); //determine timer state and action $sql = "select "; $sql .= "contact_time_uuid, "; $sql .= "time_description "; $sql .= "from v_contact_times "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and user_uuid = '".$_SESSION['user']['user_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and user_uuid = :user_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "and time_start is not null "; $sql .= "and time_stop is null "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - if (sizeof($result) > 0) { - $contact_time_uuid = $result["contact_time_uuid"]; - $time_description = $result["time_description"]; + $parameters['domain_uuid'] = $domain_uuid; + $parameters['user_uuid'] = $_SESSION['user']['user_uuid']; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $contact_time_uuid = $row["contact_time_uuid"]; + $time_description = $row["time_description"]; } - unset ($sql, $prep_statement, $result); + unset($sql, $parameters, $row); - $timer_state = ($contact_time_uuid != '') ? 'running' : 'stopped'; - $timer_action = ($timer_state == 'running') ? 'stop' : 'start'; + $timer_state = is_uuid($contact_time_uuid) ? 'running' : 'stopped'; + $timer_action = $timer_state == 'running' ? 'stop' : 'start'; //determine contact name to display if ($contact_nickname != '') { @@ -358,4 +348,4 @@ if (!permission_exists('contact_time_add')) { echo "access denied"; exit; } - + \ No newline at end of file diff --git a/app/contacts/contact_timer_inc.php b/app/contacts/contact_timer_inc.php index ae1d0b8738..4e9ed64385 100644 --- a/app/contacts/contact_timer_inc.php +++ b/app/contacts/contact_timer_inc.php @@ -29,29 +29,32 @@ require_once "resources/check_auth.php"; if (!permission_exists('contact_time_add')) { echo "access denied"; exit; } //get contact and time uuids - $domain_uuid = check_str($_REQUEST['domain_uuid']); - $contact_uuid = check_str($_REQUEST['contact_uuid']); - $contact_time_uuid = check_str($_REQUEST['contact_time_uuid']); + $domain_uuid = $_REQUEST['domain_uuid']; + $contact_uuid = $_REQUEST['contact_uuid']; + $contact_time_uuid = $_REQUEST['contact_time_uuid']; //get time quantity $sql = "select "; $sql .= "time_start "; $sql .= "from v_contact_times "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "and contact_time_uuid = '".$contact_time_uuid."' "; - $sql .= "and user_uuid = '".$_SESSION['user']['user_uuid']."' "; - $sql .= "and contact_uuid = '".$contact_uuid."' "; + $sql .= "where domain_uuid = :domain_uuid "; + $sql .= "and contact_time_uuid = :contact_time_uuid "; + $sql .= "and user_uuid = :user_uuid "; + $sql .= "and contact_uuid = :contact_uuid "; $sql .= "and time_start is not null "; $sql .= "and time_stop is null "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetch(PDO::FETCH_NAMED); - if (sizeof($result) > 0) { - $time_start = strtotime($result["time_start"]); + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $parameters['user_uuid'] = $_SESSION['user']['user_uuid']; + $parameters['contact_time_uuid'] = $contact_time_uuid; + $database = new database; + $row = $database->select($sql, $parameters, 'row'); + if (is_array($row) && @sizeof($row) != 0) { + $time_start = strtotime($row["time_start"]); $time_now = strtotime(date("Y-m-d H:i:s")); $time_diff = gmdate("H:i:s", ($time_now - $time_start)); echo $time_diff; echo ""; } - unset ($sql, $prep_statement, $result); + unset ($sql, $parameters, $row); ?> \ No newline at end of file diff --git a/app/contacts/contact_times.php b/app/contacts/contact_times.php index 04bee75e67..eda7fbb847 100644 --- a/app/contacts/contact_times.php +++ b/app/contacts/contact_times.php @@ -42,14 +42,14 @@ $sql = "select ct.*, u.username, u.domain_uuid as user_domain_uuid "; $sql .= "from v_contact_times as ct, v_users as u "; $sql .= "where ct.user_uuid = u.user_uuid "; - $sql .= "and ct.domain_uuid = '".$domain_uuid."' "; - $sql .= "and ct.contact_uuid = '".$contact_uuid."' "; + $sql .= "and ct.domain_uuid = :domain_uuid "; + $sql .= "and ct.contact_uuid = :contact_uuid "; $sql .= "order by ct.time_start desc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); + $parameters['domain_uuid'] = $domain_uuid; + $parameters['contact_uuid'] = $contact_uuid; + $database = new database; + $result = $database->select($sql, $parameters, 'all'); + unset($sql, $parameters); //set the row style $c = 0; @@ -85,7 +85,7 @@ echo "
"; echo "\n"; - if ($result_count > 0) { + if (is_array($result) && @sizeof($result) != 0) { foreach($result as $row) { $tr_link = (permission_exists('contact_time_edit') && $row['user_uuid'] == $_SESSION["user"]["user_uuid"]) ? "href='contact_time_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_time_uuid'])."'" : null; echo "\n"; @@ -120,9 +120,9 @@ } echo " \n"; echo "\n"; - $c = ($c) ? 0 : 1; + $c = $c ? 0 : 1; } //end foreach - unset($sql, $result, $row_count); + unset($result, $row); } //end if results echo "
"; echo "
\n"; diff --git a/app/contacts/contact_url_edit.php b/app/contacts/contact_url_edit.php index 1dc290e6da..c6919b037c 100644 --- a/app/contacts/contact_url_edit.php +++ b/app/contacts/contact_url_edit.php @@ -150,6 +150,7 @@ else { header("Location: contact_edit.php?id=".$contact_uuid); exit; + } }