diff --git a/app/devices/device_delete.php b/app/devices/device_delete.php index 87f19b8bdd..0abf85ed0c 100644 --- a/app/devices/device_delete.php +++ b/app/devices/device_delete.php @@ -38,39 +38,35 @@ else { $text = $language->get(); //get the id - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); + if (isset($_GET["id"])) { + $id = $_GET["id"]; } -//delete the data and subdata - if (strlen($id) > 0) { +//delete the data and sub-data + if (is_uuid($id)) { //delete device_lines $sql = "delete from v_device_lines "; $sql .= "where device_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); + $db->exec($sql); unset($sql); //delete device_keys $sql = "delete from v_device_keys "; $sql .= "where device_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); + $db->exec($sql); unset($sql); //delete device_settings $sql = "delete from v_device_settings "; $sql .= "where device_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); + $db->exec($sql); unset($sql); //delete the device $sql = "delete from v_devices "; $sql .= "where device_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); + $db->exec($sql); unset($sql); } diff --git a/app/devices/device_key_delete.php b/app/devices/device_key_delete.php index 0f060bc217..5d3d789d88 100644 --- a/app/devices/device_key_delete.php +++ b/app/devices/device_key_delete.php @@ -15,6 +15,69 @@ The Original Code is FusionPBX + The Initial Developer of the Original Code is + Mark J Crane + Copyright (C) 2015 All Rights Reserved. + + Contributor(s): + Mark J Crane +*/ +require_once "root.php"; +require_once "resources/require.php"; +require_once "resources/check_auth.php"; +if (permission_exists('device_key_delete')) { + //access granted +} +else { + echo "access denied"; + exit; +} + +//add multi-lingual support + $language = new text; + $text = $language->get(); + +//get the id + if (isset($_GET["id"])) { + $id = $_GET["id"]; + $device_uuid = check_str($_GET["device_uuid"]); + $device_profile_uuid = check_str($_GET["device_profile_uuid"]); + } + +//delete device keys + if (is_uuid($id) && is_uuid($device_uuid) && is_uuid($device_profile_uuid)) { + $sql = "delete from v_device_keys "; + $sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' or domain_uuid = null) "; + $sql .= "and device_key_uuid = '".$id."' "; + $db->exec($sql); + unset($sql); + } + +//send a redirect + $_SESSION["message"] = $text['message-delete']; + if ($device_uuid != '') { + header("Location: device_edit.php?id=".$device_uuid); + } + else if ($device_profile_uuid != '') { + header("Location: device_profile_edit.php?id=".$device_profile_uuid); + } + Copyright (C) 2013 All Rights Reserved. @@ -38,29 +101,28 @@ else { $text = $language->get(); //get the id - if (count($_GET)>0) { - $id = check_str($_GET["id"]); + if (isset($_GET["id"])) { + $id = $_GET["id"]; $device_uuid = check_str($_GET["device_uuid"]); $device_profile_uuid = check_str($_GET["device_profile_uuid"]); } -if (strlen($id)>0) { - //delete device_key +//delete device keys + if (is_uuid($id)) { $sql = "delete from v_device_keys "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; + $sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' or domain_uuid is null) "; $sql .= "and device_key_uuid = '".$id."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); + $db->exec($sql); unset($sql); -} - -$_SESSION["message"] = $text['message-delete']; -if ($device_uuid != '') { - header("Location: device_edit.php?id=".$device_uuid); -} -else if ($device_profile_uuid != '') { - header("Location: device_profile_edit.php?id=".$device_profile_uuid); -} -return; + } +//send a redirect + $_SESSION["message"] = $text['message-delete']; + if ($device_uuid != '') { + header("Location: device_edit.php?id=".$device_uuid); + } + else if ($device_profile_uuid != '') { + header("Location: device_profile_edit.php?id=".$device_profile_uuid); + } + return; ?> \ No newline at end of file diff --git a/app/devices/device_line_delete.php b/app/devices/device_line_delete.php index f078dc3197..8f16e42871 100644 --- a/app/devices/device_line_delete.php +++ b/app/devices/device_line_delete.php @@ -38,23 +38,24 @@ else { $text = $language->get(); //get the id - if (count($_GET)>0) { - $id = check_str($_GET["id"]); - $device_uuid = check_str($_GET["device_uuid"]); + if (isset($_GET["id"])) { + $id = $_GET["id"]; + $device_uuid = $_GET["device_uuid"]; } -if (strlen($id)>0) { - //delete device_line +//delete device_line + if (is_uuid($id)) { $sql = "delete from v_device_lines "; - $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "where (domain_uuid = '".$_SESSION["domain_uuid"]."' or domain_uuid is null) "; $sql .= "and device_line_uuid = '$id' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); unset($sql); -} + } -$_SESSION["message"] = $text['message-delete']; -header("Location: device_edit.php?id=".$device_uuid); -return; +//send a redirect + $_SESSION["message"] = $text['message-delete']; + header("Location: device_edit.php?id=".$device_uuid); + return; ?> \ No newline at end of file diff --git a/app/devices/device_profile_delete.php b/app/devices/device_profile_delete.php index aef023b9f2..0e15377dc8 100644 --- a/app/devices/device_profile_delete.php +++ b/app/devices/device_profile_delete.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Copyright (C) 2008-2012 All Rights Reserved. + Copyright (C) 2008-2015 All Rights Reserved. Contributor(s): Mark J Crane @@ -38,43 +38,36 @@ else { $text = $language->get(); //get the id - if (count($_GET) > 0) { - $id = check_str($_GET["id"]); + if (isset($_GET["id"])) { + $id = $_GET["id"]; } //delete the data and subdata - if (strlen($id) > 0) { + if (is_uuid($id)) { //delete device profile keys $sql = "delete from v_device_keys "; $sql .= "where device_profile_uuid = '".$id."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); + $db->exec($sql); unset($sql); //delete device profile $sql = "delete from v_device_profiles "; $sql .= "where device_profile_uuid = '".$id."' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); + $db->exec($sql); unset($sql); //remove device profile uuid from any assigned devices $sql = "update v_devices set "; $sql .= "device_profile_uuid = null "; $sql .= "where device_profile_uuid = '".$id."' "; - $db->exec(check_sql($sql)); + $db->exec($sql); unset($sql); } -/* -// necessary? - //write the provision files require_once "app/provision/provision_write.php"; -*/ - //set the message and redirect the user $_SESSION["message"] = $text['message-delete']; header("Location: device_profiles.php"); diff --git a/app/devices/device_setting_delete.php b/app/devices/device_setting_delete.php index fea610c748..6db7497573 100644 --- a/app/devices/device_setting_delete.php +++ b/app/devices/device_setting_delete.php @@ -38,23 +38,25 @@ else { $language = new text; $text = $language->get(); -if (count($_GET)>0) { - $id = check_str($_GET["id"]); - $device_uuid = check_str($_GET["device_uuid"]); -} +//get the id + if (isset($_GET["id"])) { + $id = $_GET["id"]; + $device_uuid = $_GET["device_uuid"]; + } -if (strlen($id)>0) { - //delete device_setting +//delete device settings + if (is_uuid($id)) { $sql = "delete from v_device_settings "; $sql .= "where device_uuid = '$device_uuid' "; $sql .= "and device_setting_uuid = '$id' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); unset($sql); -} + } -$_SESSION["message"] = $text['message-delete']; -header("Location: device_edit.php?id=".$device_uuid); -return; +//send a redirect + $_SESSION["message"] = $text['message-delete']; + header("Location: device_edit.php?id=".$device_uuid); + return; ?> \ No newline at end of file