Database class integration.

contact_extensions.php

@@ -63,17 +63,17 @@
 
 	//get the extension list
 		$sql = "select e.extension_uuid, e.extension, e.enabled, e.description ";
-		$sql .= " from v_extensions e, v_extension_users eu, v_users u ";
-		$sql .= " where e.extension_uuid = eu.extension_uuid ";
-		$sql .= " and u.user_uuid = eu.user_uuid ";
-		$sql .= " and e.domain_uuid = '$domain_uuid' ";
-		$sql .= " and u.contact_uuid = '$contact_uuid' ";
+		$sql .= "from v_extensions e, v_extension_users eu, v_users u ";
+		$sql .= "where e.extension_uuid = eu.extension_uuid ";
+		$sql .= "and u.user_uuid = eu.user_uuid ";
+		$sql .= "and e.domain_uuid = :domain_uuid ";
+		$sql .= "and u.contact_uuid = :contact_uuid ";
 		$sql .= "order by e.extension asc ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		$result_count = count($result);
-		unset ($prep_statement, $sql);
+		$parameters['domain_uuid'] = $domain_uuid;
+		$parameters['contact_uuid'] = $contact_uuid;
+		$database = new database;
+		$result = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
 
 	$c = 0;
 	$row_style["0"] = "row_style0";
@@ -90,7 +90,7 @@
 	}
 	echo "</td>\n";
 	echo "</tr>\n";
-	if ($result_count > 0) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		foreach($result as $row) {
 			$tr_link = (permission_exists('extension_edit')) ? "href='/app/extensions/extension_edit.php?id=".escape($row['extension_uuid'])."'" : null;
 			echo "<tr ".$tr_link.">\n";
@@ -114,9 +114,9 @@
 			echo "	</td>\n";
 			echo "</tr>\n";
 			$c = ($c) ? 0 : 1;
-		} //end foreach
-		unset($sql, $result, $row_count);
-	} //end if results
+		}
+	}
+	unset($result, $row);
 
 	echo "</table>";
 

contact_group_delete.php

@@ -40,26 +40,28 @@ else {
 		$language = new text;
 		$text = $language->get();
 
-		if (count($_REQUEST) > 0) {
-			$contact_uuid = check_str($_REQUEST["contact_uuid"]);
-			$contact_group_uuid = $_REQUEST["id"];
-		}
+		$contact_uuid = $_REQUEST["contact_uuid"];
+		$contact_group_uuid = $_REQUEST["id"];
 	}
 
 //delete the group
 	if (is_uuid($contact_uuid) && is_uuid($contact_group_uuid)) {
-		$sql = "delete from v_contact_groups ";
-		$sql .= "where contact_uuid = '".$contact_uuid."' ";
-		$sql .= "and contact_group_uuid = '".$contact_group_uuid."' ";
-		$db->exec(check_sql($sql));
-		unset($sql);
+		$array['contact_groups'][0]['contact_uuid'] = $contact_uuid;
+		$array['contact_groups'][0]['contact_group_uuid'] = $contact_group_uuid;
+
+		$database = new database;
+		$database->app_name = 'contacts';
+		$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
-//redirect the browser
+//redirect
 	if (!$included) {
-		message::add($text['message-delete']);
 		header("Location: contact_edit.php?id=".$contact_uuid);
-		return;
+		exit;
 	}
 
 ?>

contact_import.php

@@ -252,16 +252,16 @@
 
 		//get the groups
 			$sql = "select * from v_groups where domain_uuid is null ";
-			$prep_statement = $db->prepare($sql);
-			$prep_statement->execute();
-			$groups = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+			$database = new database;
+			$groups = $database->select($sql, null, 'all');
+			unset($sql);
 
 		//get the users
-			$sql = "select * from v_users where domain_uuid = '".$domain_uuid."' ";
-			$prep_statement = $db->prepare($sql);
-			$prep_statement->execute();
-			$users = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
-
+			$sql = "select * from v_users where domain_uuid = :domain_uuid ";
+			$parameters['domain_uuid'] = $domain_uuid;
+			$database = new database;
+			$users = $database->select($sql, $parameters, 'all');
+			unset($sql);
 
 		//get the contents of the csv file and convert them into an array
 			$handle = @fopen($_SESSION['file'], "r");
@@ -340,9 +340,6 @@
 										$database->app_name = 'contacts';
 										$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
 										$database->save($array);
-										//$message = $database->message;
-	
-									//clear the array
 										unset($array);
 										
 									//set the row id back to 0
@@ -368,12 +365,12 @@
 						$database->app_name = 'contacts';
 						$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
 						$database->save($array);
-						//$message = $database->message;
+						unset($array);
 					}
 
 				//send the redirect header
 					header("Location: contacts.php");
-					return;
+					exit;
 			}
 
 		//show the header
@@ -422,8 +419,6 @@
 
 		//include the footer
 			require_once "resources/footer.php";
-
-		//end the script
 			exit;
 	}
 

contact_import_google.php

@@ -70,26 +70,27 @@ if ($_POST['a'] == 'import') {
 	if (sizeof($import_ids) > 0) {
 
 		$import_ids = array_unique($import_ids);
-		foreach ($import_ids as $contact_id) {
+		foreach ($import_ids as $index_1 => $contact_id) {
 
 			//check for duplicate contact (already exists, previously imported, etc)
 			$sql = "select contact_uuid from v_contact_settings ";
-			$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+			$sql .= "where domain_uuid = :domain_uuid ";
 			$sql .= "and contact_setting_category = 'google' ";
 			$sql .= "and contact_setting_subcategory = 'id' ";
-			$sql .= "and contact_setting_value = '".$contact_id."' ";
+			$sql .= "and contact_setting_value = :contact_setting_value ";
 			$sql .= "and contact_setting_enabled = 'true' ";
-			$prep_statement = $db->prepare($sql);
-			$prep_statement->execute();
-			$result = $prep_statement->fetch(PDO::FETCH_ASSOC);
-			if ($result['contact_uuid'] != '') {
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$parameters['contact_setting_value'] = $contact_id;
+			$database = new database;
+			$result = $database->select($sql, $parameters, 'row');
+			if (is_uuid($result['contact_uuid'])) {
 				$duplicate_exists = true;
 				$duplicate_contact_uuid = $result['contact_uuid'];
 			}
 			else {
 				$duplicate_exists = false;
 			}
-			unset($sql, $prep_statement, $result);
+			unset($sql, $parameters, $result);
 
 			//skip importing contact
 			if ($duplicate_exists && $_POST['import_duplicates'] == 'skip') {
@@ -110,214 +111,127 @@ if ($_POST['a'] == 'import') {
 
 			//insert contact
 			$contact_uuid = uuid();
-			$sql = "insert into v_contacts ";
-			$sql .= "( ";
-			$sql .= "domain_uuid, ";
-			$sql .= "contact_uuid, ";
-			$sql .= "contact_type, ";
-			$sql .= "contact_organization, ";
-			$sql .= "contact_name_prefix, ";
-			$sql .= "contact_name_given, ";
-			$sql .= "contact_name_middle, ";
-			$sql .= "contact_name_family, ";
-			$sql .= "contact_name_suffix, ";
-			$sql .= "contact_nickname, ";
-			$sql .= "contact_title, ";
-			$sql .= "contact_category, ";
-			$sql .= "contact_note ";
-			$sql .= ") ";
-			$sql .= "values ";
-			$sql .= "( ";
-			$sql .= "'".$_SESSION['domain_uuid']."', ";
-			$sql .= "'".$contact_uuid."', ";
-			$sql .= "'".check_str($_POST['import_type'])."', ";
-			$sql .= "'".check_str($contact['organization'])."', ";
-			$sql .= "'".check_str($contact['name_prefix'])."', ";
-			$sql .= "'".check_str($contact['name_given'])."', ";
-			$sql .= "'".check_str($contact['name_middle'])."', ";
-			$sql .= "'".check_str($contact['name_family'])."', ";
-			$sql .= "'".check_str($contact['name_suffix'])."', ";
-			$sql .= "'".check_str($contact['nickname'])."', ";
-			$sql .= "'".check_str($contact['title'])."', ";
-			$sql .= "'".check_str($_POST['import_category'])."', ";
-			$sql .= "'".check_str($contact['notes'])."' ";
-			$sql .= ")";
-			$db->exec(check_sql($sql));
-			unset($sql);
+			$array['contacts'][$index_1]['domain_uuid'] = $_SESSION['domain_uuid'];
+			$array['contacts'][$index_1]['contact_uuid'] = $contact_uuid;
+			$array['contacts'][$index_1]['contact_type'] = $_POST['import_type'];
+			$array['contacts'][$index_1]['contact_organization'] = $contact['organization'];
+			$array['contacts'][$index_1]['contact_name_prefix'] = $contact['name_prefix'];
+			$array['contacts'][$index_1]['contact_name_given'] = $contact['name_given'];
+			$array['contacts'][$index_1]['contact_name_middle'] = $contact['name_middle'];
+			$array['contacts'][$index_1]['contact_name_family'] = $contact['name_family'];
+			$array['contacts'][$index_1]['contact_name_suffix'] = $contact['name_suffix'];
+			$array['contacts'][$index_1]['contact_nickname'] = $contact['nickname'];
+			$array['contacts'][$index_1]['contact_title'] = $contact['title'];
+			$array['contacts'][$index_1]['contact_category'] = $_POST['import_category'];
+			$array['contacts'][$index_1]['contact_note'] = $contact['notes'];
 
 			//set sharing
 			if ($_POST['import_shared'] != 'true') {
-				$sql = "insert into v_contact_groups ";
-				$sql .= "( ";
-				$sql .= "contact_group_uuid, ";
-				$sql .= "domain_uuid, ";
-				$sql .= "contact_uuid, ";
-				$sql .= "group_uuid ";
-				$sql .= ") ";
-				$sql .= "values ";
-				$sql .= "( ";
-				$sql .= "'".uuid()."', ";
-				$sql .= "'".$_SESSION['domain_uuid']."', ";
-				$sql .= "'".$contact_uuid."', ";
-				$sql .= "'".$_SESSION["user_uuid"]."' ";
-				$sql .= ")";
-				$db->exec(check_sql($sql));
-				unset($sql);
+				$contact_group_uuid = uuid();
+				$array['contact_groups'][$index_1]['contact_group_uuid'] = $contact_group_uuid;
+				$array['contact_groups'][$index_1]['domain_uuid'] = $_SESSION['domain_uuid'];
+				$array['contact_groups'][$index_1]['contact_uuid'] = $contact_uuid;
+				$array['contact_groups'][$index_1]['group_uuid'] = $_SESSION["user_uuid"];
 			}
 
 			//insert emails
-			if ($_POST['import_fields']['email'] && sizeof($contact['emails']) > 0) {
-				foreach ($contact['emails'] as $contact_email) {
-					$sql = "insert into v_contact_emails ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_email_uuid, ";
-					$sql .= "email_label, ";
-					$sql .= "email_address, ";
-					$sql .= "email_primary ";
-					$sql .= ") ";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$_SESSION['domain_uuid']."', ";
-					$sql .= "'".$contact_uuid."', ";
-					$sql .= "'".uuid()."', ";
-					$sql .= "'".check_str($contact_email['label'])."', ";
-					$sql .= "'".check_str($contact_email['address'])."', ";
-					$sql .= (($contact_email['primary']) ? 1 : 0)." ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+			if ($_POST['import_fields']['email'] && is_array($contact['emails']) && @sizeof($contact['emails']) != 0) {
+				foreach ($contact['emails'] as $index_2 => $contact_email) {
+					$contact_email_uuid = uuid();
+					$array['contact_emails'][$index_2]['domain_uuid'] = $_SESSION['domain_uuid'];
+					$array['contact_emails'][$index_2]['contact_uuid'] = $contact_uuid;
+					$array['contact_emails'][$index_2]['contact_email_uuid'] = $contact_email_uuid;
+					$array['contact_emails'][$index_2]['email_label'] = $contact_email['label'];
+					$array['contact_emails'][$index_2]['email_address'] = $contact_email['address'];
+					$array['contact_emails'][$index_2]['email_primary'] = $contact_email['primary'] ? 1 : 0;
 				}
 			}
 
 			//insert numbers
-			if ($_POST['import_fields']['number'] && sizeof($contact['numbers']) > 0) {
-				foreach ($contact['numbers'] as $contact_number) {
-					$sql = "insert into v_contact_phones ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_phone_uuid, ";
-					$sql .= "phone_type_voice, ";
-					$sql .= "phone_type_fax, ";
-					$sql .= "phone_label, ";
-					$sql .= "phone_number, ";
-					$sql .= "phone_primary ";
-					$sql .= ") ";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$domain_uuid."', ";
-					$sql .= "'".$contact_uuid."', ";
-					$sql .= "'".uuid()."', ";
-					$sql .= ((substr_count(strtoupper($contact_number['label']), strtoupper($text['label-fax'])) == 0) ? 1 : 'null').", ";
-					$sql .= ((substr_count(strtoupper($contact_number['label']), strtoupper($text['label-fax'])) != 0) ? 1 : 'null').", ";
-					$sql .= "'".check_str($contact_number['label'])."', ";
-					$sql .= "'".check_str($contact_number['number'])."', ";
-					$sql .= ((sizeof($contact['numbers']) == 1) ? 1 : 0)." ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+			if ($_POST['import_fields']['number'] && is_array($contact['numbers']) && @sizeof($contact['numbers']) != 0) {
+				foreach ($contact['numbers'] as $index_3 => $contact_number) {
+					$contact_phone_uuid = uuid();
+					$array['contact_phones'][$index_3]['domain_uuid'] = $domain_uuid;
+					$array['contact_phones'][$index_3]['contact_uuid'] = $contact_uuid;
+					$array['contact_phones'][$index_3]['contact_phone_uuid'] = $contact_phone_uuid;
+					$array['contact_phones'][$index_3]['phone_type_voice'] = substr_count(strtoupper($contact_number['label']), strtoupper($text['label-fax'])) == 0 ? 1 : null;
+					$array['contact_phones'][$index_3]['phone_type_fax'] = substr_count(strtoupper($contact_number['label']), strtoupper($text['label-fax'])) != 0 ? 1 : null;
+					$array['contact_phones'][$index_3]['phone_label'] = $contact_number['label'];
+					$array['contact_phones'][$index_3]['phone_number'] = $contact_number['number'];
+					$array['contact_phones'][$index_3]['phone_primary'] = @sizeof($contact['numbers']) == 1 ? 1 : 0;
 				}
 			}
 
 			//insert urls
-			if ($_POST['import_fields']['url'] && sizeof($contact['urls']) > 0) {
-				foreach ($contact['urls'] as $contact_url) {
-					$sql = "insert into v_contact_urls ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_url_uuid, ";
-					$sql .= "url_label, ";
-					$sql .= "url_address, ";
-					$sql .= "url_primary ";
-					$sql .= ") ";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$_SESSION['domain_uuid']."', ";
-					$sql .= "'".$contact_uuid."', ";
-					$sql .= "'".uuid()."', ";
-					$sql .= "'".check_str($contact_url['label'])."', ";
-					$sql .= "'".check_str($contact_url['url'])."', ";
-					$sql .= ((sizeof($contact['urls']) == 1) ? 1 : 0)." ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+			if ($_POST['import_fields']['url'] && is_array($contact['urls']) && @sizeof($contact['urls']) != 0) {
+				foreach ($contact['urls'] as $index_4 => $contact_url) {
+					$contact_url_uuid = uuid();
+					$array['contact_urls'][$index_4]['domain_uuid'] = $_SESSION['domain_uuid'];
+					$array['contact_urls'][$index_4]['contact_uuid'] = $contact_uuid;
+					$array['contact_urls'][$index_4]['contact_url_uuid'] = $contact_url_uuid;
+					$array['contact_urls'][$index_4]['url_label'] = $contact_url['label'];
+					$array['contact_urls'][$index_4]['url_address'] = $contact_url['url'];
+					$array['contact_urls'][$index_4]['url_primary'] = @sizeof($contact['urls']) == 1 ? 1 : 0;
 				}
 			}
 
 			//insert addresses
-			if ($_POST['import_fields']['address'] && sizeof($contact['addresses']) > 0) {
-				foreach ($contact['addresses'] as $contact_address) {
-					$sql = "insert into v_contact_addresses ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_address_uuid, ";
-					$sql .= "address_type, ";
-					$sql .= "address_label, ";
-					$sql .= "address_street, ";
-					$sql .= "address_extended, ";
-					$sql .= "address_community, ";
-					$sql .= "address_locality, ";
-					$sql .= "address_region, ";
-					$sql .= "address_postal_code, ";
-					$sql .= "address_country, ";
-					$sql .= "address_primary ";
-					$sql .= ") ";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$_SESSION['domain_uuid']."', ";
-					$sql .= "'".$contact_uuid."', ";
-					$sql .= "'".uuid()."', ";
+			if ($_POST['import_fields']['address'] && is_array($contact['addresses']) && @sizeof($contact['addresses']) != 0) {
+				foreach ($contact['addresses'] as $index_5 => $contact_address) {
+					$contact_address_uuid = uuid();
+					$array['contact_addresses'][$index_5]['domain_uuid'] = $_SESSION['domain_uuid'];
+					$array['contact_addresses'][$index_5]['contact_uuid'] = $contact_uuid;
+					$array['contact_addresses'][$index_5]['contact_address_uuid'] = $contact_address_uuid;
 					if (substr_count(strtoupper($contact_address['label']), strtoupper($text['option-home'])) != 0) {
-						$sql .= "'home', "; // vcard address type
+						$array['contact_addresses'][$index_5]['address_type'] = 'home';
 					}
 					else if (substr_count(strtoupper($contact_address['label']), strtoupper($text['option-work'])) != 0) {
-						$sql .= "'work', "; // vcard address type
+						$array['contact_addresses'][$index_5]['address_type'] = 'work';
 					}
 					else {
-						$sql .= "'', ";
+						$array['contact_addresses'][$index_5]['address_type'] = null;
 					}
-					$sql .= "'".check_str($contact_address['label'])."', ";
-					$sql .= "'".check_str($contact_address['street'])."', ";
-					$sql .= "'".check_str($contact_address['extended'])."', ";
-					$sql .= "'".check_str($contact_address['community'])."', ";
-					$sql .= "'".check_str($contact_address['locality'])."', ";
-					$sql .= "'".check_str($contact_address['region'])."', ";
-					$sql .= "'".check_str($contact_address['postal_code'])."', ";
-					$sql .= "'".check_str($contact_address['country'])."', ";
-					$sql .= ((sizeof($contact['addresses']) == 1) ? 1 : 0)." ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['contact_addresses'][$index_5]['address_label'] = $contact_address['label'];
+					$array['contact_addresses'][$index_5]['address_street'] = $contact_address['street'];
+					$array['contact_addresses'][$index_5]['address_extended'] = $contact_address['extended'];
+					$array['contact_addresses'][$index_5]['address_community'] = $contact_address['community'];
+					$array['contact_addresses'][$index_5]['address_locality'] = $contact_address['locality'];
+					$array['contact_addresses'][$index_5]['address_region'] = $contact_address['region'];
+					$array['contact_addresses'][$index_5]['address_postal_code'] = $contact_address['postal_code'];
+					$array['contact_addresses'][$index_5]['address_country'] = $contact_address['country'];
+					$array['contact_addresses'][$index_5]['address_primary'] = @sizeof($contact['addresses']) == 1 ? 1 : 0;
 				}
 			}
 
 			//add google contact id, etag and updated date to contact settings
 			$contact['updated'] = str_replace('T', ' ', $contact['updated']);
 			$contact['updated'] = str_replace('Z', '', $contact['updated']);
-			$sql = "insert into v_contact_settings ";
-			$sql .= "(";
-			$sql .= "contact_setting_uuid, ";
-			$sql .= "contact_uuid, ";
-			$sql .= "domain_uuid, ";
-			$sql .= "contact_setting_category, ";
-			$sql .= "contact_setting_subcategory, ";
-			$sql .= "contact_setting_name, ";
-			$sql .= "contact_setting_value, ";
-			$sql .= "contact_setting_order, ";
-			$sql .= "contact_setting_enabled ";
-			$sql .= ") ";
-			$sql .= "values ";
-			$sql .= "('".uuid()."', '".$contact_uuid."', '".$_SESSION['domain_uuid']."', 'sync', 'source', 'array', 'google', 0, 'true' )";
-			$sql .= ",('".uuid()."', '".$contact_uuid."', '".$_SESSION['domain_uuid']."', 'google', 'id', 'text', '".check_str($contact_id)."', 0, 'true' )";
-			$sql .= ",('".uuid()."', '".$contact_uuid."', '".$_SESSION['domain_uuid']."', 'google', 'updated', 'date', '".check_str($contact['updated'])."', 0, 'true' )";
-			$sql .= ",('".uuid()."', '".$contact_uuid."', '".$_SESSION['domain_uuid']."', 'google', 'etag', 'text', '".check_str($contact['etag'])."', 0, 'true' )";
-			$db->exec(check_sql($sql));
-			unset($sql);
+			$contact_setting_columns = array('contact_setting_category', 'contact_setting_subcategory', 'contact_setting_name', 'contact_setting_value', 'contact_setting_order', 'contact_setting_enabled');
+			$contact_setting_array[] = array('sync', 'source', 'array', 'google', 0, 'true');
+			$contact_setting_array[] = array('google', 'id', 'text', $contact_id, 0, 'true');
+			$contact_setting_array[] = array('google', 'updated', 'date', $contact['updated'], 0, 'true');
+			$contact_setting_array[] = array('google', 'etag', 'text', $contact['etag'], 0, 'true');
+			foreach ($contact_setting_array as $index_6 => $values) {
+				$contact_setting_uuid = uuid();
+				$array['contact_settings'][$index_6]['contact_setting_uuid'] = $contact_setting_uuid;
+				$array['contact_settings'][$index_6]['contact_uuid'] = $contact_uuid;
+				$array['contact_settings'][$index_6]['domain_uuid'] = $_SESSION['domain_uuid'];
+				foreach ($values as $index_7 => $value) {
+					foreach ($contact_setting_columns as $column) {
+						$array['contact_settings'][$index_6][$contact_setting_columns[$index_7]] = $value;
+					}
+				}
+			}
+			unset($contact_setting_columns, $contact_setting_array);
+
+			//insert records
+			$database = new database;
+			$database->app_name = 'contacts';
+			$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+			$database->save($array);
+			unset($array);
 
+			//increment counter
 			$contacts_imported++;
 
 		}
@@ -325,7 +239,7 @@ if ($_POST['a'] == 'import') {
 		$message = $text['message-contacts_imported']." ".$contacts_imported;
 		if ($contacts_replaced > 0) { $message .= " (".$text['message_contacts_imported_replaced']." ".$contacts_replaced.")"; }
 		if ($contacts_skipped > 0) { $message .= ", ".$text['message_contacts_imported_skipped']." ".$contacts_skipped; }
-		$_SESSION["message"] = $message;
+		message::add($message);
 		header("Location: contacts.php");
 		exit;
 

contact_note_delete.php

@@ -38,22 +38,27 @@ else {
 	$language = new text;
 	$text = $language->get();
 
-if (count($_GET)>0) {
-	$id = check_str($_GET["id"]);
-	$contact_uuid = check_str($_GET["contact_uuid"]);
-}
+//get the http values and set as variables
+	$contact_note_uuid = $_GET["id"];
+	$contact_uuid = $_GET["contact_uuid"];
 
-if (strlen($id)>0) {
-	$sql = "delete from v_contact_notes ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
-	$sql .= "and contact_note_uuid = '$id' ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	unset($sql);
-}
+//delete the record
+	if (is_uuid($contact_note_uuid) && is_uuid($contact_uuid)) {
+		$array['contact_notes'][0]['contact_note_uuid'] = $contact_note_uuid;
+		$array['contact_notes'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+		$array['contact_notes'][0]['contact_uuid'] = $contact_uuid;
+
+		$database = new database;
+		$database->app_name = 'contacts';
+		$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+		$database->delete($array);
+		unset($array);
 
-message::add($text['message-delete']);
-header("Location: contact_edit.php?id=".$contact_uuid);
-return;
+		message::add($text['message-delete']);
+	}
+
+//redirect
+	header("Location: contact_edit.php?id=".$contact_uuid);
+	exit;
 
 ?>

contact_note_edit.php

@@ -39,24 +39,24 @@ else {
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$contact_note_uuid = check_str($_REQUEST["id"]);
+		$contact_note_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
 	}
 
 //get the primary id for the contact
-	if (strlen($_GET["contact_uuid"]) > 0) {
-		$contact_uuid = check_str($_GET["contact_uuid"]);
+	if (is_uuid($_GET["contact_uuid"])) {
+		$contact_uuid = $_GET["contact_uuid"];
 	}
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$contact_note = check_str($_POST["contact_note"]);
-		$last_mod_date = check_str($_POST["last_mod_date"]);
-		$last_mod_user = check_str($_POST["last_mod_user"]);
+		$contact_note = $_POST["contact_note"];
+		$last_mod_date = $_POST["last_mod_date"];
+		$last_mod_user = $_POST["last_mod_user"];
 	}
 
 //process the form data
@@ -64,7 +64,7 @@ else {
 
 		//get the primary id for the contact note
 			if ($action == "update") {
-				$contact_note_uuid = check_str($_POST["contact_note_uuid"]);
+				$contact_note_uuid = $_POST["contact_note_uuid"];
 			}
 
 		//check for all required data
@@ -84,80 +84,77 @@ else {
 
 		//add or update the database
 			if ($_POST["persistformvar"] != "true") {
+
 				//update last modified
-					$sql = "update v_contacts set ";
-					$sql .= "last_mod_date = now(), ";
-					$sql .= "last_mod_user = '".$_SESSION['username']."' ";
-					$sql .= "where domain_uuid = '".$domain_uuid."' ";
-					$sql .= "and contact_uuid = '".$contact_uuid."' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['contacts'][0]['contact_uuid'] = $contact_uuid;
+					$array['contacts'][0]['domain_uuid'] = $domain_uuid;
+					$array['contacts'][0]['last_mod_date'] = 'now()';
+					$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
+
+					$p = new permissions;
+					$p->add('contact_edit', 'temp');
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('contact_edit', 'temp');
 
 				//add the note
-					if ($action == "add") {
+					if ($action == "add" && permission_exists('contact_note_add')) {
 						$contact_note_uuid = uuid();
-						$sql = "insert into v_contact_notes ";
-						$sql .= "(";
-						$sql .= "contact_note_uuid, ";
-						$sql .= "contact_uuid, ";
-						$sql .= "contact_note, ";
-						$sql .= "domain_uuid, ";
-						$sql .= "last_mod_date, ";
-						$sql .= "last_mod_user ";
-						$sql .= ")";
-						$sql .= "values ";
-						$sql .= "(";
-						$sql .= "'$contact_note_uuid', ";
-						$sql .= "'$contact_uuid', ";
-						$sql .= "'$contact_note', ";
-						$sql .= "'$domain_uuid', ";
-						$sql .= "now(), ";
-						$sql .= "'".$_SESSION['username']."' ";
-						$sql .= ")";
-						$db->exec(check_sql($sql));
-						unset($sql);
+						$array['contact_notes'][0]['contact_note_uuid'] = $contact_note_uuid;
 
 						message::add($text['message-add']);
-						header("Location: contact_edit.php?id=".$contact_uuid);
-						return;
-					} //if ($action == "add")
+					}
 
 				//update the note
-					if ($action == "update") {
-						$sql = "update v_contact_notes set ";
-						$sql .= "contact_uuid = '$contact_uuid', ";
-						$sql .= "contact_note = '$contact_note', ";
-						$sql .= "last_mod_date = now(), ";
-						$sql .= "last_mod_user = '".$_SESSION['username']."' ";
-						$sql .= "where domain_uuid = '$domain_uuid' ";
-						$sql .= "and contact_note_uuid = '$contact_note_uuid'";
-						$db->exec(check_sql($sql));
-						unset($sql);
+					if ($action == "update" && permission_exists('contact_note_edit')) {
+						$array['contact_notes'][0]['contact_note_uuid'] = $contact_note_uuid;
 
 						message::add($text['message-update']);
-						header("Location: contact_edit.php?id=".$contact_uuid);
-						return;
-					} //if ($action == "update")
-			} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+					}
+
+				//execute
+					if (is_array($array) && @sizeof($array) != 0) {
+						$array['contact_notes'][0]['contact_uuid'] = $contact_uuid;
+						$array['contact_notes'][0]['domain_uuid'] = $domain_uuid;
+						$array['contact_notes'][0]['contact_note'] = $contact_note;
+						$array['contact_notes'][0]['last_mod_date'] = 'now()';
+						$array['contact_notes'][0]['last_mod_user'] = $_SESSION['username'];
+
+						$database = new database;
+						$database->app_name = 'contacts';
+						$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+						$database->save($array);
+						unset($array);
+					}
+
+				//redirect
+					header("Location: contact_edit.php?id=".escape($contact_uuid));
+					exit;
+
+			}
+	}
 
 //pre-populate the form
 	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
 		$contact_note_uuid = $_GET["id"];
-		$sql = "";
-		$sql .= "select * from v_contact_notes ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and contact_note_uuid = '$contact_note_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql = "select * from v_contact_notes ";
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and contact_note_uuid = :contact_note_uuid ";
+		$parameters['domain_uuid'] = $domain_uuid;
+		$parameters['contact_note_uuid'] = $contact_note_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$contact_note = $row["contact_note"];
 			$last_mod_date = $row["last_mod_date"];
 			$last_mod_user = $row["last_mod_user"];
-			break; //limit to 1 row
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header

contact_notes.php

@@ -48,15 +48,14 @@
 
 //get the contact list
 	$sql = "select * from v_contact_notes ";
-	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-	$sql .= "and contact_uuid = '$contact_uuid' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and contact_uuid = :contact_uuid ";
 	$sql .= "order by last_mod_date desc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	if ($prep_statement) {
-		$prep_statement->execute();
-		$contact_notes = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		unset ($prep_statement, $sql);
-	}
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$parameters['contact_uuid'] = $contact_uuid;
+	$database = new database;
+	$contact_notes = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //set the row style array
 	$c = 0;
@@ -79,7 +78,7 @@
 
 	echo "<div id='contact_notes' style='width: 100%; overflow: auto; direction: rtl; text-align: right; margin-bottom: 23px;'>";
 	echo "<table class='tr_hover' style='width: 100%; direction: ltr; padding-left: 1px' border='0' cellpadding='0' cellspacing='0'>\n";
-	if (is_array($contact_notes)) {
+	if (is_array($contact_notes) && @sizeof($contact_notes) != 0) {
 		foreach($contact_notes as $row) {
 			$contact_note = $row['contact_note'];
 			$contact_note = escape($contact_note);
@@ -102,9 +101,9 @@
 			echo "	</td>\n";
 			echo "</tr>\n";
 			$c = ($c) ? 0 : 1;
-		} //end foreach
-		unset($sql, $contact_notes);
-	} //end if results
+		}
+	}
+	unset($contact_notes, $row);
 	echo "</table>";
 	echo "</div>\n";