Database class integration.

contact_phone_delete.php

@@ -39,24 +39,26 @@ else {
 	$text = $language->get();
 
 //get the http values and set as variables
-	if (count($_GET) > 0) {
-		$id = check_str($_GET["id"]);
-		$contact_uuid = check_str($_GET["contact_uuid"]);
-	}
+	$contact_phone_uuid = $_GET["id"];
+	$contact_uuid = $_GET["contact_uuid"];
 
 //delete the record
-	if (strlen($id) > 0) {
-		$sql = "delete from v_contact_phones ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and contact_phone_uuid = '$id' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($sql);
+	if (is_uuid($contact_phone_uuid) && is_uuid($contact_uuid)) {
+		$array['contact_phones'][0]['contact_phone_uuid'] = $contact_phone_uuid;
+		$array['contact_phones'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+		$array['contact_phones'][0]['contact_uuid'] = $contact_uuid;
+
+		$database = new database;
+		$database->app_name = 'contacts';
+		$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
-//redirect the browser
-	message::add($text['message-delete']);
+//redirect
 	header("Location: contact_edit.php?id=".$contact_uuid);
-	return;
+	exit;
 
 ?>

contact_phone_edit.php

@@ -44,32 +44,32 @@
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$contact_phone_uuid = check_str($_REQUEST["id"]);
+		$contact_phone_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
 	}
 
 //get the uuid
-	if (strlen($_GET["contact_uuid"]) > 0) {
-		$contact_uuid = check_str($_GET["contact_uuid"]);
+	if (is_uuid($_GET["contact_uuid"])) {
+		$contact_uuid = $_GET["contact_uuid"];
 	}
 
 //get http post variables and set them to php variables
-	if (count($_POST)>0) {
-		$phone_type_voice = check_str($_POST["phone_type_voice"]);
-		$phone_type_fax = check_str($_POST["phone_type_fax"]);
-		$phone_type_video = check_str($_POST["phone_type_video"]);
-		$phone_type_text = check_str($_POST["phone_type_text"]);
-		$phone_label = check_str($_POST["phone_label"]);
-		$phone_label_custom = check_str($_POST["phone_label_custom"]);
-		$phone_speed_dial = check_str($_POST["phone_speed_dial"]);
-		$phone_number = check_str($_POST["phone_number"]);
-		$phone_extension = check_str($_POST["phone_extension"]);
-		$phone_primary = check_str($_POST["phone_primary"]);
-		$phone_description = check_str($_POST["phone_description"]);
+	if (is_array($_POST) && @sizeof($_POST) != 0) {
+		$phone_type_voice = $_POST["phone_type_voice"];
+		$phone_type_fax = $_POST["phone_type_fax"];
+		$phone_type_video = $_POST["phone_type_video"];
+		$phone_type_text = $_POST["phone_type_text"];
+		$phone_label = $_POST["phone_label"];
+		$phone_label_custom = $_POST["phone_label_custom"];
+		$phone_speed_dial = $_POST["phone_speed_dial"];
+		$phone_number = $_POST["phone_number"];
+		$phone_extension = $_POST["phone_extension"];
+		$phone_primary = $_POST["phone_primary"];
+		$phone_description = $_POST["phone_description"];
 
 		//remove any phone number formatting
 		$phone_number = preg_replace('{(?!^\+)[\D]}', '', $phone_number);
@@ -79,11 +79,11 @@
 	}
 
 //process the form data
-	if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
+	if (is_array($_POST) && @sizeof($_POST) != 0 && strlen($_POST["persistformvar"]) == 0) {
 
 		//set thge uuid
 			if ($action == "update") {
-				$contact_phone_uuid = check_str($_POST["contact_phone_uuid"]);
+				$contact_phone_uuid = $_POST["contact_phone_uuid"];
 			}
 
 		//check for all required data
@@ -105,100 +105,89 @@
 			if ($_POST["persistformvar"] != "true") {
 
 				//update last modified
-				$sql = "update v_contacts set ";
-				$sql .= "last_mod_date = now(), ";
-				$sql .= "last_mod_user = '".$_SESSION['username']."' ";
-				$sql .= "where domain_uuid = '".$domain_uuid."' ";
-				$sql .= "and contact_uuid = '".$contact_uuid."' ";
-				$db->exec(check_sql($sql));
-				unset($sql);
+					$array['contacts'][0]['contact_uuid'] = $contact_uuid;
+					$array['contacts'][0]['domain_uuid'] = $domain_uuid;
+					$array['contacts'][0]['last_mod_date'] = 'now()';
+					$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
+
+					$p = new permissions;
+					$p->add('contact_edit', 'temp');
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('contact_edit', 'temp');
 
 				//if primary, unmark other primary numbers
-				if ($phone_primary) {
-					$sql = "update v_contact_phones set phone_primary = 0 ";
-					$sql .= "where domain_uuid = '".$domain_uuid."' ";
-					$sql .= "and contact_uuid = '".$contact_uuid."' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
-				}
-
-				if ($action == "add") {
-					$contact_phone_uuid = uuid();
-					$sql = "insert into v_contact_phones ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_phone_uuid, ";
-					$sql .= "phone_type_voice, ";
-					$sql .= "phone_type_fax, ";
-					$sql .= "phone_type_video, ";
-					$sql .= "phone_type_text, ";
-					$sql .= "phone_label, ";
-					$sql .= "phone_speed_dial, ";
-					$sql .= "phone_number, ";
-					$sql .= "phone_extension, ";
-					$sql .= "phone_primary, ";
-					$sql .= "phone_description ";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$domain_uuid."', ";
-					$sql .= "'".$contact_uuid."', ";
-					$sql .= "'".$contact_phone_uuid."', ";
-					$sql .= (($phone_type_voice) ? 1 : 'null').", ";
-					$sql .= (($phone_type_fax) ? 1 : 'null').", ";
-					$sql .= (($phone_type_video) ? 1 : 'null').", ";
-					$sql .= (($phone_type_text) ? 1 : 'null').", ";
-					$sql .= "'".$phone_label."', ";
-					$sql .= "'".$phone_speed_dial."', ";
-					$sql .= "'".$phone_number."', ";
-					$sql .= "'".$phone_extension."', ";
-					$sql .= (($phone_primary) ? 1 : 0).", ";
-					$sql .= "'".$phone_description."' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
-
-					message::add($text['message-add']);
-					header("Location: contact_edit.php?id=".$contact_uuid);
-					return;
-				} //if ($action == "add")
-
-				if ($action == "update") {
-					$sql = "update v_contact_phones set ";
-					$sql .= "contact_uuid = '$contact_uuid', ";
-					$sql .= "phone_type_voice = ".(($phone_type_voice) ? 1 : 'null').", ";
-					$sql .= "phone_type_fax = ".(($phone_type_fax) ? 1 : 'null').", ";
-					$sql .= "phone_type_video = ".(($phone_type_video) ? 1 : 'null').", ";
-					$sql .= "phone_type_text = ".(($phone_type_text) ? 1 : 'null').", ";
-					$sql .= "phone_label = '".$phone_label."', ";
-					$sql .= "phone_speed_dial = '".$phone_speed_dial."', ";
-					$sql .= "phone_number = '".$phone_number."', ";
-					$sql .= "phone_extension = '".$phone_extension."', ";
-					$sql .= "phone_primary = ".(($phone_primary) ? 1 : 0).", ";
-					$sql .= "phone_description = '".$phone_description."' ";
-					$sql .= "where domain_uuid = '".$domain_uuid."' ";
-					$sql .= "and contact_phone_uuid = '".$contact_phone_uuid."'";
-					$db->exec(check_sql($sql));
-					unset($sql);
-
-					message::add($text['message-update']);
-					header("Location: contact_edit.php?id=".$contact_uuid);
-					return;
-				} //if ($action == "update")
-			} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+					if ($phone_primary) {
+						$sql = "update v_contact_phones set phone_primary = 0 ";
+						$sql .= "where domain_uuid = :domain_uuid ";
+						$sql .= "and contact_uuid = :contact_uuid ";
+						$parameters['domain_uuid'] = $domain_uuid;
+						$parameters['contact_uuid'] = $contact_uuid;
+						$database = new database;
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
+					}
+
+				//add the phone
+					if ($action == "add" && permission_exists('contact_phone_add')) {
+						$contact_phone_uuid = uuid();
+						$array['contact_phones'][0]['contact_phone_uuid'] = $contact_phone_uuid;
+
+						message::add($text['message-add']);
+					}
+
+				//update the phone
+					if ($action == "update" && permission_exists('contact_phone_edit')) {
+						$array['contact_phones'][0]['contact_phone_uuid'] = $contact_phone_uuid;
+
+						message::add($text['message-update']);
+					}
+
+				//execute
+					if (is_array($array) && @sizeof($array) != 0) {
+						$array['contact_phones'][0]['contact_uuid'] = $contact_uuid;
+						$array['contact_phones'][0]['domain_uuid'] = $domain_uuid;
+						$array['contact_phones'][0]['phone_type_voice'] = $phone_type_voice ? 1 : null;
+						$array['contact_phones'][0]['phone_type_fax'] = $phone_type_fax ? 1 : null;
+						$array['contact_phones'][0]['phone_type_video'] = $phone_type_video ? 1 : null;
+						$array['contact_phones'][0]['phone_type_text'] = $phone_type_text ? 1 : null;
+						$array['contact_phones'][0]['phone_label'] = $phone_label;
+						$array['contact_phones'][0]['phone_speed_dial'] = $phone_speed_dial;
+						$array['contact_phones'][0]['phone_number'] = $phone_number;
+						$array['contact_phones'][0]['phone_extension'] = $phone_extension;
+						$array['contact_phones'][0]['phone_primary'] = $phone_primary ? 1 : 0;
+						$array['contact_phones'][0]['phone_description'] = $phone_description;
+
+						$database = new database;
+						$database->app_name = 'contacts';
+						$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+						$database->save($array);
+						unset($array);
+					}
+
+				//redirect
+					header("Location: contact_edit.php?id=".escape($contact_uuid));
+					exit;
+
+			}
+	}
 
 //pre-populate the form
 	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
 		$contact_phone_uuid = $_GET["id"];
 		$sql = "select * from v_contact_phones ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and contact_phone_uuid = '$contact_phone_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and contact_phone_uuid = :contact_phone_uuid ";
+		$parameters['domain_uuid'] = $domain_uuid;
+		$parameters['contact_phone_uuid'] = $contact_phone_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$phone_type_voice = $row["phone_type_voice"];
 			$phone_type_fax = $row["phone_type_fax"];
 			$phone_type_video = $row["phone_type_video"];
@@ -210,7 +199,7 @@
 			$phone_primary = $row["phone_primary"];
 			$phone_description = $row["phone_description"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header

contact_phones.php

@@ -40,13 +40,14 @@
 
 //get the contact list
 	$sql = "select * from v_contact_phones ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
-	$sql .= "and contact_uuid = '$contact_uuid' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and contact_uuid = :contact_uuid ";
 	$sql .= "order by phone_primary desc, phone_label asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$contact_phones = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset ($prep_statement, $sql);
+	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['contact_uuid'] = $contact_uuid;
+	$database = new database;
+	$contact_phones = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //set the row style
 	$c = 0;
@@ -89,7 +90,8 @@
 	}
 	echo "</td>\n";
 	echo "</tr>\n";
-	if (is_array($contact_phones)) {
+
+	if (is_array($contact_phones) && @sizeof($contact_phones) != 0) {
 		foreach($contact_phones as $row) {
 			if (permission_exists('contact_phone_edit')) {
 				$tr_link = "href='contact_phone_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_phone_uuid'])."'";
@@ -129,7 +131,7 @@
 			echo "</tr>\n";
 			$c = ($c) ? 0 : 1;
 		} //end foreach
-		unset($sql, $contact_phones);
+		unset($contact_phones, $row);
 	} //end if results
 
 	echo "</table>";

contact_relation_edit.php

@@ -110,7 +110,7 @@ else {
 
 					$p->delete('contact_edit', 'temp');
 
-				//add the setting
+				//add the relation
 					if ($action == "add" && permission_exists('contact_relation_add')) {
 						$contact_relation_uuid = uuid();
 						$array['contact_relations'][0]['contact_relation_uuid'] = $contact_relation_uuid;
@@ -127,7 +127,7 @@ else {
 						message::add($text['message-add']);
 					}
 
-				//update the setting
+				//update the relation
 					if ($action == "update" && permission_exists('contact_relation_edit')) {
 						$array['contact_relations'][0]['contact_relation_uuid'] = $contact_relation_uuid;
 
@@ -148,7 +148,7 @@ else {
 						unset($array);
 					}
 
-				//redirect the browser
+				//redirect
 					header("Location: contact_edit.php?id=".escape($contact_uuid));
 					exit;
 

contact_url_edit.php

@@ -108,7 +108,7 @@ else {
 
 				$p->delete('contact_edit', 'temp');
 
-				//if primary, unmark other primary numbers
+				//if primary, unmark other primary urls
 				if ($url_primary) {
 					$sql = "update v_contact_urls set url_primary = 0 ";
 					$sql .= "where domain_uuid = :domain_uuid ";