Database class integration.

contact_setting_delete.php

@@ -40,24 +40,25 @@ else {
 	$text = $language->get();
 
 //set the variables
-	if (count($_GET) > 0) {
-		$id = check_str($_GET["id"]);
-		$contact_uuid = check_str($_GET["contact_uuid"]);
-	}
+	$contact_setting_uuid = $_GET["id"];
+	$contact_uuid = $_GET["contact_uuid"];
 
 //delete domain_setting
-	if (strlen($id) > 0) {
-		$sql = "delete from v_contact_settings ";
-		$sql .= "where contact_uuid = '$contact_uuid' ";
-		$sql .= "and contact_setting_uuid = '$id' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($sql);
+	if (is_uuid($contact_setting_uuid) && is_uuid($contact_uuid)) {
+		$array['contact_settings'][0]['contact_setting_uuid'] = $contact_setting_uuid;
+		$array['contact_settings'][0]['contact_uuid'] = $contact_uuid;
+
+		$database = new database;
+		$database->app_name = 'contacts';
+		$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
 //redirect the user
-	message::add($text['message-delete']);
 	header("Location: contact_edit.php?id=".$contact_uuid);
-	return;
+	exit;
 
 ?>

contact_setting_edit.php

@@ -44,17 +44,17 @@
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$contact_setting_uuid = check_str($_REQUEST["id"]);
+		$contact_setting_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
 	}
 
 //get the contact uuid
-	if (strlen($_GET["contact_uuid"]) > 0) {
-		$contact_uuid = check_str($_GET["contact_uuid"]);
+	if (is_uuid($_GET["contact_uuid"])) {
+		$contact_uuid = $_GET["contact_uuid"];
 	}
 
 //set the session domain uuid as a variable
@@ -62,21 +62,21 @@
 
 //get http post variables and set them to php variables
 	if (count($_POST) > 0) {
-		$contact_setting_category = strtolower(check_str($_POST["contact_setting_category"]));
-		$contact_setting_subcategory = strtolower(check_str($_POST["contact_setting_subcategory"]));
-		$contact_setting_name = strtolower(check_str($_POST["contact_setting_name"]));
-		$contact_setting_value = check_str($_POST["contact_setting_value"]);
-		$contact_setting_order = check_str($_POST["contact_setting_order"]);
-		$contact_setting_enabled = strtolower(check_str($_POST["contact_setting_enabled"]));
-		$contact_setting_description = check_str($_POST["contact_setting_description"]);
+		$contact_setting_category = strtolower($_POST["contact_setting_category"]);
+		$contact_setting_subcategory = strtolower($_POST["contact_setting_subcategory"]);
+		$contact_setting_name = strtolower($_POST["contact_setting_name"]);
+		$contact_setting_value = $_POST["contact_setting_value"];
+		$contact_setting_order = $_POST["contact_setting_order"];
+		$contact_setting_enabled = strtolower($_POST["contact_setting_enabled"]);
+		$contact_setting_description = $_POST["contact_setting_description"];
 	}
 
 //process the form data
-	if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
+	if (is_array($_POST) && sizeof($_POST) != 0 && strlen($_POST["persistformvar"]) == 0) {
 
 		//set the uuid
 			if ($action == "update") {
-				$contact_setting_uuid = check_str($_POST["contact_setting_uuid"]);
+				$contact_setting_uuid = $_POST["contact_setting_uuid"];
 			}
 
 		//check for all required data
@@ -105,87 +105,76 @@
 			if ($_POST["persistformvar"] != "true") {
 
 				//set the order
-					$contact_setting_order = ($contact_setting_order != '') ? $contact_setting_order : 'null';
-
-				//update last modified
-					$sql = "update v_contacts set ";
-					$sql .= "last_mod_date = now(), ";
-					$sql .= "last_mod_user = '".$_SESSION['username']."' ";
-					$sql .= "where domain_uuid = '".$domain_uuid."' ";
-					$sql .= "and contact_uuid = '".$contact_uuid."' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
-
-				//add the domain
+					$contact_setting_order = $contact_setting_order != '' ? $contact_setting_order : null;
+
+					//update last modified
+					$array['contacts'][0]['contact_uuid'] = $contact_uuid;
+					$array['contacts'][0]['domain_uuid'] = $domain_uuid;
+					$array['contacts'][0]['last_mod_date'] = 'now()';
+					$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
+
+					$p = new permissions;
+					$p->add('contact_edit', 'temp');
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('contact_edit', 'temp');
+
+				//add the setting
 					if ($action == "add" && permission_exists('domain_setting_add')) {
-						$sql = "insert into v_contact_settings ";
-						$sql .= "(";
-						$sql .= "contact_setting_uuid, ";
-						$sql .= "contact_uuid, ";
-						$sql .= "domain_uuid, ";
-						$sql .= "contact_setting_category, ";
-						$sql .= "contact_setting_subcategory, ";
-						$sql .= "contact_setting_name, ";
-						$sql .= "contact_setting_value, ";
-						$sql .= "contact_setting_order, ";
-						$sql .= "contact_setting_enabled, ";
-						$sql .= "contact_setting_description ";
-						$sql .= ")";
-						$sql .= "values ";
-						$sql .= "(";
-						$sql .= "'".uuid()."', ";
-						$sql .= "'$contact_uuid', ";
-						$sql .= "'$domain_uuid', ";
-						$sql .= "'$contact_setting_category', ";
-						$sql .= "'$contact_setting_subcategory', ";
-						$sql .= "'$contact_setting_name', ";
-						$sql .= "'$contact_setting_value', ";
-						$sql .= "$contact_setting_order, ";
-						$sql .= "'$contact_setting_enabled', ";
-						$sql .= "'$contact_setting_description' ";
-						$sql .= ")";
-						$db->exec(check_sql($sql));
-						unset($sql);
-					} //if ($action == "add")
-
-				//update the domain
-					if ($action == "update") {
-						$sql = "update v_contact_settings set ";
-						$sql .= "contact_setting_category = '$contact_setting_category', ";
-						$sql .= "contact_setting_subcategory = '$contact_setting_subcategory', ";
-						$sql .= "contact_setting_name = '$contact_setting_name', ";
-						$sql .= "contact_setting_value = '$contact_setting_value', ";
-						$sql .= "contact_setting_order = $contact_setting_order, ";
-						$sql .= "contact_setting_enabled = '$contact_setting_enabled', ";
-						$sql .= "contact_setting_description = '$contact_setting_description' ";
-						$sql .= "where contact_uuid = '$contact_uuid' ";
-						$sql .= "and contact_setting_uuid = '$contact_setting_uuid'";
-						$db->exec(check_sql($sql));
-						unset($sql);
-					} //if ($action == "update")
+						$contact_setting_uuid = uuid();
+						$array['contact_settings'][0]['contact_setting_uuid'] = $contact_setting_uuid;
 
-				//redirect the browser
+						message::add($text['message-add']);
+					}
+
+				//update the setting
 					if ($action == "update") {
+						$array['contact_settings'][0]['contact_setting_uuid'] = $contact_setting_uuid;
+
 						message::add($text['message-update']);
 					}
-					if ($action == "add") {
-						message::add($text['message-add']);
+
+				//execute
+					if (is_array($array) && @sizeof($array) != 0) {
+						$array['contact_settings'][0]['contact_uuid'] = $contact_uuid;
+						$array['contact_settings'][0]['domain_uuid'] = $domain_uuid;
+						$array['contact_settings'][0]['contact_setting_category'] = $contact_setting_category;
+						$array['contact_settings'][0]['contact_setting_subcategory'] = $contact_setting_subcategory;
+						$array['contact_settings'][0]['contact_setting_name'] = $contact_setting_name;
+						$array['contact_settings'][0]['contact_setting_value'] = $contact_setting_value;
+						$array['contact_settings'][0]['contact_setting_order'] = $contact_setting_order;
+						$array['contact_settings'][0]['contact_setting_enabled'] = $contact_setting_enabled;
+						$array['contact_settings'][0]['contact_setting_description'] = $contact_setting_description;
+
+						$database = new database;
+						$database->app_name = 'contacts';
+						$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+						$database->save($array);
+						unset($array);
 					}
+
+				//redirect the browser
 					header("Location: contact_edit.php?id=".escape($contact_uuid));
-					return;
-			} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+					exit;
+			}
+	}
 
 //pre-populate the form
-	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
-		$contact_setting_uuid = check_str($_GET["id"]);
+	if (is_array($_GET) && sizeof($_GET) != 0 && $_POST["persistformvar"] != "true") {
+		$contact_setting_uuid = $_GET["id"];
 		$sql = "select * from v_contact_settings ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and contact_setting_uuid = '$contact_setting_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and contact_setting_uuid = :contact_setting_uuid ";
+		$parameters['domain_uuid'] = $domain_uuid;
+		$parameters['contact_setting_uuid'] = $contact_setting_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && sizeof($row) != 0) {
 			$contact_setting_category = escape($row["contact_setting_category"]);
 			$contact_setting_subcategory = escape($row["contact_setting_subcategory"]);
 			$contact_setting_name = escape($row["contact_setting_name"]);
@@ -194,7 +183,7 @@
 			$contact_setting_enabled = escape($row["contact_setting_enabled"]);
 			$contact_setting_description = escape($row["contact_setting_description"]);
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header
@@ -273,16 +262,13 @@
 	echo "	".$text['label-contact_setting_value']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
-	$category = $row['contact_setting_category'];
-	$subcategory = $row['contact_setting_subcategory'];
-	$name = $row['contact_setting_name'];
-	echo "	<input class='formfld' type='text' name='contact_setting_value' maxlength='255' value=\"".escape($row['contact_setting_value'])."\">\n";
+	echo "	<input class='formfld' type='text' name='contact_setting_value' maxlength='255' value=\"".escape($contact_setting_value)."\">\n";
 	echo "<br />\n";
 	echo $text['description-contact_setting_value']."\n";
 	echo "</td>\n";
 	echo "</tr>\n";
 
-	if ($name == "array") {
+	if ($contact_setting_name == "array") {
 		echo "<tr>\n";
 		echo "<td class='vncellreq' valign='top' align='left' nowrap='nowrap' width='30%'>\n";
 		echo "    ".$text['label-order']."\n";

contact_settings.php

@@ -41,17 +41,17 @@
 
 //get the list
 	$sql = "select * from v_contact_settings ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
-	$sql .= "and contact_uuid = '$contact_uuid' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and contact_uuid = :contact_uuid ";
 	$sql .= "order by ";
 	$sql .= "contact_setting_category asc ";
 	$sql .= ", contact_setting_subcategory asc ";
 	$sql .= ", contact_setting_order asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	$result_count = count($result);
-	unset ($prep_statement, $sql);
+	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['contact_uuid'] = $contact_uuid;
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 	$c = 0;
 	$row_style["0"] = "row_style0";
@@ -79,7 +79,7 @@
 	}
 	echo "</td>\n";
 	echo "</tr>\n";
-	if ($result_count > 0) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		$previous_category = '';
 		foreach($result as $row) {
 			if (permission_exists('contact_setting_edit')) {
@@ -117,7 +117,7 @@
 			$previous_category = escape($row['contact_setting_category']);
 			$c = ($c) ? 0 : 1;
 		} //end foreach
-		unset($sql, $result, $row_count);
+		unset($result, $row);
 	} //end if results
 
 	echo "</table>";