Database class integration. Add HTML step attribute to Contact Address lat and lon fields to support decimal values.

app_defaults.php

@@ -21,34 +21,41 @@ if ($domains_processed == 1) {
 			$sql .= "or phone_type = 'voicemail' ";
 			$sql .= "or phone_type = 'cell' ";
 			$sql .= "or phone_type = 'pcs' ";
-			$db->exec(check_sql($sql));
+			$database = new database;
+			$database->execute($sql);
 			unset($sql);
 
 			$sql = "update v_contact_phones set phone_type_fax = '1' where phone_type = 'fax'";
-			$db->exec(check_sql($sql));
+			$database = new database;
+			$database->execute($sql);
 			unset($sql);
 
 			$sql = "update v_contact_phones set phone_type_video = '1' where phone_type = 'video'";
-			$db->exec(check_sql($sql));
+			$database = new database;
+			$database->execute($sql);
 			unset($sql);
 
 			$sql = "update v_contact_phones set phone_type_text = '1' where phone_type = 'cell' or phone_type = 'pager'";
-			$db->exec(check_sql($sql));
+			$database = new database;
+			$database->execute($sql);
 			unset($sql);
 
 			// migrate phone_type values to phone_label, correct case and make multilingual where appropriate
 			$default_phone_types = array('home','work','pref','voice','fax','msg','cell','pager','modem','car','isdn','video','pcs');
 			$default_phone_labels = array($text['option-home'],$text['option-work'],'Pref','Voice',$text['option-fax'],$text['option-voicemail'],$text['option-mobile'],$text['option-pager'],'Modem','Car','ISDN','Video','PCS');
 			foreach ($default_phone_types as $index => $old) {
-				$new = $default_phone_labels[$index];
-				$sql = "update v_contact_phones set phone_label = '".$new."' where phone_type = '".$old."'";
-				$db->exec(check_sql($sql));
-				unset($sql);
+				$sql = "update v_contact_phones set phone_label = :phone_label where phone_type = :phone_type ";
+				$parameters['phone_label'] = $default_phone_labels[$index]; //new
+				$parameters['phone_type'] = $old;
+				$database = new database;
+				$database->execute($sql, $parameters);
+				unset($sql, $parameters);
 			}
 
 			// empty phone_type field to prevent confusion in the future
-			$sql = "update v_contact_phones set phone_type = null";
-			$db->exec(check_sql($sql));
+			$sql = "update v_contact_phones set phone_type is null";
+			$database = new database;
+			$database->execute($sql);
 			unset($sql);
 		}
 		unset($obj);
@@ -61,53 +68,56 @@ if ($domains_processed == 1) {
 		$field_exists = $obj->column_exists($db_name, 'v_contacts', 'contact_email');	//check if field exists
 		if ($field_exists) {
 			// get email records
-			$sql = "select * from v_contacts where contact_email is not null and contact_email != ''";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-			$result_count = count($result);
-			unset ($prep_statement, $sql);
-			if ($result_count > 0) {
+			$sql = "select * from v_contacts where contact_email is not null and contact_email != '' ";
+			$database = new database;
+			$result = $database->select($sql);
+			unset($sql);
+
+			if (is_array($result) && @sizeof($result) != 0) {
 				foreach($result as $row) {
-					$sql = "insert into v_contact_emails ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_email_uuid, ";
-					$sql .= "email_primary, ";
-					$sql .= "email_address";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$row['domain_uuid']."', ";
-					$sql .= "'".$row['contact_uuid']."', ";
-					$sql .= "'".uuid()."', ";
-					$sql .= "1, ";
-					$sql .= "'".$row['contact_email']."' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['contact_emails'][0]['contact_email_uuid'] = uuid();
+					$array['contact_emails'][0]['domain_uuid'] = $row['domain_uuid'];
+					$array['contact_emails'][0]['contact_uuid'] = $row['contact_uuid'];
+					$array['contact_emails'][0]['email_primary'] = 1;
+					$array['contact_emails'][0]['email_address'] = $row['contact_email'];
+
+					$p = new permissions;
+					$p->add('contact_email_add', 'temp');
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('contact_email_add', 'temp');
 
 					//verify and remove value from old field
-					$sql2 = "select email_address from v_contact_emails ";
-					$sql2 .= "where domain_uuid = '".$row['domain_uuid']."' ";
-					$sql2 .= "and contact_uuid = '".$row['contact_uuid']."' ";
-					$sql2 .= "and email_address = '".$row['contact_email']."' ";
-					$prep_statement2 = $db->prepare(check_sql($sql2));
-					$prep_statement2->execute();
-					$result2 = $prep_statement2->fetchAll(PDO::FETCH_NAMED);
-					$result_count2 = count($result2);
-					if ($result_count2 > 0) {
-						$sql3 = "update v_contacts set contact_email = '' ";
-						$sql3 .= "where domain_uuid = '".$row['domain_uuid']."' ";
-						$sql3 .= "and contact_uuid = '".$row['contact_uuid']."' ";
-						$prep_statement3 = $db->prepare(check_sql($sql3));
-						$prep_statement3->execute();
-						unset($sql3, $prep_statement3);
+					$sql = "select email_address from v_contact_emails ";
+					$sql .= "where domain_uuid = :domain_uuid ";
+					$sql .= "and contact_uuid = :contact_uuid ";
+					$sql .= "and email_address = :email_address ";
+					$parameters['domain_uuid'] = $row['domain_uuid'];
+					$parameters['contact_uuid'] = $row['contact_uuid'];
+					$parameters['email_address'] = $row['contact_email'];
+					$database = new database;
+					$result_2 = $database->select($sql, $parameters, 'all');
+					unset($sql, $parameters);
+
+					if (is_array($result_2) && @sizeof($result_2) != 0) {
+						$sql = "update v_contacts set contact_email = null ";
+						$sql .= "where domain_uuid = :domain_uuid ";
+						$sql .= "and contact_uuid = :contact_uuid ";
+						$parameters['domain_uuid'] = $row['domain_uuid'];
+						$parameters['contact_uuid'] = $row['contact_uuid'];
+						$database = new database;
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
 					}
-					unset($sql2, $result2, $prep_statement2);
+					unset($result_2);
 				}
 			}
+			unset($result, $row);
 		}
 		unset($obj);
 
@@ -120,52 +130,55 @@ if ($domains_processed == 1) {
 		if ($field_exists) {
 			// get email records
 			$sql = "select * from v_contacts where contact_url is not null and contact_url != ''";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-			$result_count = count($result);
-			unset ($prep_statement, $sql);
-			if ($result_count > 0) {
+			$database = new database;
+			$result = $database->select($sql);
+			unset($sql);
+
+			if (is_array($result) && @sizeof($result) != 0) {
 				foreach($result as $row) {
-					$sql = "insert into v_contact_urls ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_url_uuid, ";
-					$sql .= "url_primary, ";
-					$sql .= "url_address";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$row['domain_uuid']."', ";
-					$sql .= "'".$row['contact_uuid']."', ";
-					$sql .= "'".uuid()."', ";
-					$sql .= "1, ";
-					$sql .= "'".$row['contact_url']."' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['contact_urls'][0]['contact_url_uuid'] = uuid();
+					$array['contact_urls'][0]['domain_uuid'] = $row['domain_uuid'];
+					$array['contact_urls'][0]['contact_uuid'] = $row['contact_uuid'];
+					$array['contact_urls'][0]['url_primary'] = 1;
+					$array['contact_urls'][0]['url_address'] = $row['contact_url'];
+
+					$p = new permissions;
+					$p->add('contact_url_add', 'temp');
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('contact_url_add', 'temp');
 
 					//verify and remove value from old field
-					$sql2 = "select url_address from v_contact_urls ";
-					$sql2 .= "where domain_uuid = '".$row['domain_uuid']."' ";
-					$sql2 .= "and contact_uuid = '".$row['contact_uuid']."' ";
-					$sql2 .= "and url_address = '".$row['contact_url']."' ";
-					$prep_statement2 = $db->prepare(check_sql($sql2));
-					$prep_statement2->execute();
-					$result2 = $prep_statement2->fetchAll(PDO::FETCH_NAMED);
-					$result_count2 = count($result2);
-					if ($result_count2 > 0) {
-						$sql3 = "update v_contacts set contact_url = '' ";
-						$sql3 .= "where domain_uuid = '".$row['domain_uuid']."' ";
-						$sql3 .= "and contact_uuid = '".$row['contact_uuid']."' ";
-						$prep_statement3 = $db->prepare(check_sql($sql3));
-						$prep_statement3->execute();
-						unset($sql3, $prep_statement3);
+					$sql = "select url_address from v_contact_urls ";
+					$sql .= "where domain_uuid = :domain_uuid ";
+					$sql .= "and contact_uuid = :contact_uuid ";
+					$sql .= "and url_address = :url_address ";
+					$parameters['domain_uuid'] = $row['domain_uuid'];
+					$parameters['contact_uuid'] = $row['contact_uuid'];
+					$parameters['url_address'] = $row['contact_url'];
+					$database = new database;
+					$result_2 = $database->select($sql, $parameters, 'all');
+					unset($sql, $parameters);
+
+					if (is_array($result_2) && @sizeof($result_2) != 0) {
+						$sql = "update v_contacts set contact_url = '' ";
+						$sql .= "where domain_uuid = :domain_uuid ";
+						$sql .= "and contact_uuid = :contact_uuid ";
+						$parameters['domain_uuid'] = $row['domain_uuid'];
+						$parameters['contact_uuid'] = $row['contact_uuid'];
+						$database = new database;
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
 					}
-					unset($sql2, $result2, $prep_statement2);
+					unset($result_2);
 				}
 			}
+			unset($result, $row);
 		}
 		unset($obj);
 
@@ -175,44 +188,48 @@ if ($domains_processed == 1) {
 		foreach ($name_tables as $name_index => $name_table) {
 			$sql = "update v_contact_".$name_table." set ".$name_fields[$name_index]."_primary = 0 ";
 			$sql .= "where ".$name_fields[$name_index]."_primary is null ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($sql, $prep_statement);
+			$database = new database;
+			$database->execute($sql);
+			unset($sql);
 		}
-		unset($name_tables, $name_fields);
+		unset($name_tables, $name_fields, $name_index, $name_table);
 
 	//move the users from the contact groups table into the contact users table
 		$sql = "select * from v_contact_groups ";
 		$sql .= "where group_uuid in (select user_uuid from v_users) ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
-			$sql = "insert into v_contact_users ";
-			$sql .= "( ";
-			$sql .= "contact_user_uuid, ";
-			$sql .= "domain_uuid, ";
-			$sql .= "contact_uuid, ";
-			$sql .= "user_uuid ";
-			$sql .= ") ";
-			$sql .= "values ";
-			$sql .= "( ";
-			$sql .= "'".uuid()."', ";
-			$sql .= "'".$row["domain_uuid"]."', ";
-			$sql .= "'".$row["contact_uuid"]."', ";
-			$sql .= "'".$row["group_uuid"]."' ";
-			$sql .= ");";
-			//echo $sql."\n";
-			$db->exec($sql);
-			unset($sql);
+		$database = new database;
+		$result = $database->select($sql, null, 'all');
+		if (is_array($result) && @sizeof($result) != 0) {
+			foreach ($result as &$row) {
+				$p = new permissions;
+				$p->add('contact_user_add', 'temp');
+				$p->add('contact_group_delete', 'temp');
+
+				$array['contact_users'][0]['contact_user_uuid'] = uuid();
+				$array['contact_users'][0]['domain_uuid'] = $row["domain_uuid"];
+				$array['contact_users'][0]['contact_uuid'] = $row["contact_uuid"];
+				$array['contact_users'][0]['user_uuid'] = $row["group_uuid"];
+
+				$database = new database;
+				$database->app_name = 'contacts';
+				$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+				$database->save($array);
+				unset($array);
+
+				$array['contact_groups'][0]['contact_group_uuid'] = $row["contact_group_uuid"];
+
+				$database = new database;
+				$database->app_name = 'contacts';
+				$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+				$database->delete($array);
+				unset($array);
+
+				$p->delete('contact_user_add', 'temp');
+				$p->delete('contact_group_delete', 'temp');
+			}
 
-			$sql = "delete from v_contact_groups ";
-			$sql .= "where contact_group_uuid = '".$row["contact_group_uuid"]."';";
-			//echo $sql."\n";
-			$db->exec($sql);
-			unset($sql);
 		}
-		unset ($prep_statement);
+		unset($sql, $result, $row);
 
 }
 

contact_address_delete.php

@@ -39,23 +39,24 @@ else {
 	$text = $language->get();
 
 //get the http values and set as variables
-	if (count($_GET) > 0) {
-		$id = check_str($_GET["id"]);
-		$contact_uuid = check_str($_GET["contact_uuid"]);
-	}
+	$contact_address_uuid = $_GET["id"];
+	$contact_uuid = $_GET["contact_uuid"];
 
 //delete the record
-	if (strlen($id) > 0) {
-		$sql = "delete from v_contact_addresses ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_address_uuid = '$id' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($sql);
+	if (is_uuid($contact_address_uuid) && is_uuid($contact_uuid)) {
+		$array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid;
+		$array['contact_addresses'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+		$database = new database;
+		$database->app_name = 'contacts';
+		$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
 //redirect the browser
-	message::add($text['message-delete']);
 	header("Location: contact_edit.php?id=".$contact_uuid);
 	return;
 

contact_address_edit.php

@@ -40,38 +40,38 @@ else {
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$contact_address_uuid = check_str($_REQUEST["id"]);
+		$contact_address_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
 	}
 
 //get the contact uuid
-	if (strlen($_GET["contact_uuid"]) > 0) {
-		$contact_uuid = check_str($_GET["contact_uuid"]);
+	if (is_uuid($_GET["contact_uuid"])) {
+		$contact_uuid = $_GET["contact_uuid"];
 	}
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$address_type = check_str($_POST["address_type"]);
-		$address_label = check_str($_POST["address_label"]);
-		$address_label_custom = check_str($_POST["address_label_custom"]);
-		$address_street = check_str($_POST["address_street"]);
-		$address_extended = check_str($_POST["address_extended"]);
-		$address_community = check_str($_POST["address_community"]);
-		$address_locality = check_str($_POST["address_locality"]);
-		$address_region = check_str($_POST["address_region"]);
-		$address_postal_code = check_str($_POST["address_postal_code"]);
-		$address_country = check_str($_POST["address_country"]);
-		$address_latitude = check_str($_POST["address_latitude"]);
-		$address_longitude = check_str($_POST["address_longitude"]);
-		$address_primary = check_str($_POST["address_primary"]);
-		$address_description = check_str($_POST["address_description"]);
+		$address_type = $_POST["address_type"];
+		$address_label = $_POST["address_label"];
+		$address_label_custom = $_POST["address_label_custom"];
+		$address_street = $_POST["address_street"];
+		$address_extended = $_POST["address_extended"];
+		$address_community = $_POST["address_community"];
+		$address_locality = $_POST["address_locality"];
+		$address_region = $_POST["address_region"];
+		$address_postal_code = $_POST["address_postal_code"];
+		$address_country = $_POST["address_country"];
+		$address_latitude = $_POST["address_latitude"];
+		$address_longitude = $_POST["address_longitude"];
+		$address_primary = $_POST["address_primary"];
+		$address_description = $_POST["address_description"];
 
 		//use custom label if set
-		$address_label = ($address_label_custom != '') ? $address_label_custom : $address_label;
+		$address_label = $address_label_custom != '' ? $address_label_custom : $address_label;
 	}
 
 //process the form data
@@ -79,7 +79,7 @@ else {
 
 		//set the uuid
 			if ($action == "update") {
-				$contact_address_uuid = check_str($_POST["contact_address_uuid"]);
+				$contact_address_uuid = $_POST["contact_address_uuid"];
 			}
 
 		//check for all required data
@@ -101,109 +101,88 @@ else {
 			if ($_POST["persistformvar"] != "true") {
 
 				//update last modified
-				$sql = "update v_contacts set ";
-				$sql .= "last_mod_date = now(), ";
-				$sql .= "last_mod_user = '".$_SESSION['username']."' ";
-				$sql .= "where domain_uuid = '".$domain_uuid."' ";
-				$sql .= "and contact_uuid = '".$contact_uuid."' ";
-				$db->exec(check_sql($sql));
-				unset($sql);
-
-				//if primary, unmark other primary numbers
-				if ($address_primary) {
-					$sql = "update v_contact_addresses set address_primary = 0 ";
-					$sql .= "where domain_uuid = '".$domain_uuid."' ";
-					$sql .= "and contact_uuid = '".$contact_uuid."' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
-				}
-
-				if ($action == "add") {
+					$array['contacts'][0]['contact_uuid'] = $contact_uuid;
+					$array['contacts'][0]['domain_uuid'] = $domain_uuid;
+					$array['contacts'][0]['last_mod_date'] = 'now()';
+					$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
+
+					$p = new permissions;
+					$p->add('contact_edit', 'temp');
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('contact_edit', 'temp');
+
+				//if primary, unmark other primary addresses
+					if ($email_primary) {
+						$sql = "update v_contact_addresses set address_primary = 0 ";
+						$sql .= "where domain_uuid = :domain_uuid ";
+						$sql .= "and contact_uuid = :contact_uuid ";
+						$parameters['domain_uuid'] = $domain_uuid;
+						$parameters['contact_uuid'] = $contact_uuid;
+						$database = new database;
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
+					}
+
+				if ($action == "add" && permission_exists('contact_address_add')) {
 					$contact_address_uuid = uuid();
-					$sql = "insert into v_contact_addresses ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_address_uuid, ";
-					$sql .= "address_type, ";
-					$sql .= "address_label, ";
-					$sql .= "address_street, ";
-					$sql .= "address_extended, ";
-					$sql .= "address_community, ";
-					$sql .= "address_locality, ";
-					$sql .= "address_region, ";
-					$sql .= "address_postal_code, ";
-					$sql .= "address_country, ";
-					$sql .= "address_latitude, ";
-					$sql .= "address_longitude, ";
-					$sql .= "address_primary, ";
-					$sql .= "address_description ";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$_SESSION['domain_uuid']."', ";
-					$sql .= "'".$contact_uuid."', ";
-					$sql .= "'".$contact_address_uuid."', ";
-					$sql .= "'".$address_type."', ";
-					$sql .= "'".$address_label."', ";
-					$sql .= "'".$address_street."', ";
-					$sql .= "'".$address_extended."', ";
-					$sql .= "'".$address_community."', ";
-					$sql .= "'".$address_locality."', ";
-					$sql .= "'".$address_region."', ";
-					$sql .= "'".$address_postal_code."', ";
-					$sql .= "'".$address_country."', ";
-					$sql .= "'".$address_latitude."', ";
-					$sql .= "'".$address_longitude."', ";
-					$sql .= (($address_primary) ? 1 : 0).", ";
-					$sql .= "'".$address_description."' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid;
 
 					message::add($text['message-add']);
-					header("Location: contact_edit.php?id=".$contact_uuid);
-					return;
-				} //if ($action == "add")
-
-				if ($action == "update") {
-					$sql = "update v_contact_addresses set ";
-					$sql .= "contact_uuid = '".$contact_uuid."', ";
-					$sql .= "address_type = '".$address_type."', ";
-					$sql .= "address_label = '".$address_label."', ";
-					$sql .= "address_street = '".$address_street."', ";
-					$sql .= "address_extended = '".$address_extended."', ";
-					$sql .= "address_community = '".$address_community."', ";
-					$sql .= "address_locality = '".$address_locality."', ";
-					$sql .= "address_region = '".$address_region."', ";
-					$sql .= "address_postal_code = '".$address_postal_code."', ";
-					$sql .= "address_country = '".$address_country."', ";
-					$sql .= "address_latitude = '".$address_latitude."', ";
-					$sql .= "address_longitude = '".$address_longitude."', ";
-					$sql .= "address_primary = ".(($address_primary) ? 1 : 0).", ";
-					$sql .= "address_description = '".$address_description."' ";
-					$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-					$sql .= "and contact_address_uuid = '".$contact_address_uuid."'";
-					$db->exec(check_sql($sql));
-					unset($sql);
+				}
+
+				if ($action == "update" && permission_exists('contact_address_edit')) {
+					$array['contact_addresses'][0]['contact_address_uuid'] = $contact_address_uuid;
 
 					message::add($text['message-update']);
-					header("Location: contact_edit.php?id=".$contact_uuid);
-					return;
-				} //if ($action == "update")
-			} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+				}
+
+				if (is_array($array) && @sizeof($array) != 0) {
+					$array['contact_addresses'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+					$array['contact_addresses'][0]['contact_uuid'] = $contact_uuid;
+					$array['contact_addresses'][0]['address_type'] = $address_type;
+					$array['contact_addresses'][0]['address_label'] = $address_label;
+					$array['contact_addresses'][0]['address_street'] = $address_street;
+					$array['contact_addresses'][0]['address_extended'] = $address_extended;
+					$array['contact_addresses'][0]['address_community'] = $address_community;
+					$array['contact_addresses'][0]['address_locality'] = $address_locality;
+					$array['contact_addresses'][0]['address_region'] = $address_region;
+					$array['contact_addresses'][0]['address_postal_code'] = $address_postal_code;
+					$array['contact_addresses'][0]['address_country'] = $address_country;
+					$array['contact_addresses'][0]['address_latitude'] = $address_latitude;
+					$array['contact_addresses'][0]['address_longitude'] = $address_longitude;
+					$array['contact_addresses'][0]['address_primary'] = $address_primary ? 1 : 0;
+					$array['contact_addresses'][0]['address_description'] = $address_description;
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+				}
+
+				header("Location: contact_edit.php?id=".$contact_uuid);
+				exit;
+
+			}
+	}
 
 //pre-populate the form
 	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
 		$contact_address_uuid = $_GET["id"];
 		$sql = "select * from v_contact_addresses ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_address_uuid = '$contact_address_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and contact_address_uuid = :contact_address_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['contact_address_uuid'] = $contact_address_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$address_type = $row["address_type"];
 			$address_label = $row["address_label"];
 			$address_street = $row["address_street"];
@@ -217,9 +196,8 @@ else {
 			$address_longitude = $row["address_longitude"];
 			$address_primary = $row["address_primary"];
 			$address_description = $row["address_description"];
-			break; //limit to 1 row
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header
@@ -404,7 +382,7 @@ else {
 	echo "	".$text['label-address_latitude']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
-	echo "	<input class='formfld' type='number' name='address_latitude' maxlength='255' min='-90' max='90' value=\"".escape($address_latitude)."\">\n";
+	echo "	<input class='formfld' type='number' name='address_latitude' maxlength='255' min='-90' max='90' step='0.0000001' value=\"".escape($address_latitude)."\">\n";
 	echo "<br />\n";
 	echo $text['description-address_latitude']."\n";
 	echo "</td>\n";
@@ -415,7 +393,7 @@ else {
 	echo "	".$text['label-address_longitude']."\n";
 	echo "</td>\n";
 	echo "<td class='vtable' align='left'>\n";
-	echo "	<input class='formfld' type='number' name='address_longitude' maxlength='255' min='-180' max='180' value=\"".escape($address_longitude)."\">\n";
+	echo "	<input class='formfld' type='number' name='address_longitude' maxlength='255' min='-180' max='180' step='0.0000001' value=\"".escape($address_longitude)."\">\n";
 	echo "<br />\n";
 	echo $text['description-address_longitude']."\n";
 	echo "</td>\n";

contact_addresses.php

@@ -48,14 +48,14 @@
 
 	//get the contact list
 		$sql = "select * from v_contact_addresses ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '$contact_uuid' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and contact_uuid = :contact_uuid ";
 		$sql .= "order by address_primary desc, address_label asc ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		$result_count = count($result);
-		unset ($prep_statement, $sql);
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['contact_uuid'] = $contact_uuid;
+		$database = new database;
+		$result = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
 
 	$c = 0;
 	$row_style["0"] = "row_style0";
@@ -77,7 +77,7 @@
 	echo "</td>\n";
 	echo "</tr>\n";
 
-	if ($result_count > 0) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		foreach($result as $row) {
 			$map_query = escape($row['address_street'])." ".escape($row['address_extended']).", ".escape($row['address_locality']).", ".escape($row['address_region']).", ".escape($row['address_region']).", ".escape($row['address_postal_code']);
 			if (permission_exists('contact_address_edit')) {
@@ -102,9 +102,9 @@
 			echo "	</td>\n";
 			echo "</tr>\n";
 			$c = ($c) ? 0 : 1;
-		} //end foreach
-		unset($sql, $result, $row_count);
-	} //end if results
+		}
+		unset($result, $row);
+	}
 
 	echo "</table>";
 

contact_attachment.php

@@ -40,12 +40,13 @@
 	if (is_uuid($contact_attachment_uuid)) {
 
 		$sql = "select attachment_filename, attachment_content from v_contact_attachments ";
-		$sql .= "where contact_attachment_uuid = '".$contact_attachment_uuid."' ";
-		$sql .= "and (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$attachment = $prep_statement->fetch(PDO::FETCH_NAMED);
-		unset ($prep_statement, $sql);
+		$sql .= "where contact_attachment_uuid = :contact_attachment_uuid ";
+		$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
+		$parameters['contact_attachment_uuid'] = $contact_attachment_uuid;
+		$parameters['domain_uuid'] = $domain_uuid;
+		$database = new database;
+		$attachment = $database->select($sql, $parameters, 'row');
+		unset($sql, $parameters);
 
 		$attachment_type = strtolower(pathinfo($attachment['attachment_filename'], PATHINFO_EXTENSION));
 

contact_attachment_delete.php

@@ -39,25 +39,26 @@
 	$text = $language->get();
 
 //get the http values and set as variables
-	if (count($_GET) > 0) {
-		$id = check_str($_GET["id"]);
-		$contact_uuid = check_str($_GET["contact_uuid"]);
-	}
+	$contact_attachment_uuid = $_GET["id"];
+	$contact_uuid = $_GET["contact_uuid"];
 
 //delete the record
-	if (is_uuid($id)) {
-		$sql = "delete from v_contact_attachments ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and contact_attachment_uuid = :contact_attachment_uuid ";
-		$bind[':contact_attachment_uuid'] = $id;
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute(is_array($bind) ? $bind : null);
-		unset($sql);
+	if (is_uuid($contact_attachment_uuid) && is_uuid($contact_uuid)) {
+		$array['contact_attachments'][0]['contact_attachment_uuid'] = $contact_attachment_uuid;
+		$array['contact_attachments'][0]['domain_uuid'] = $domain_uuid;
+		$array['contact_attachments'][0]['contact_uuid'] = $contact_uuid;
+
+		$database = new database;
+		$database->app_name = 'contacts';
+		$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
-//redirect the browser
-	message::add($text['message-delete']);
+//redirect
 	header("Location: contact_edit.php?id=".$contact_uuid);
-	return;
+	exit;
 
 ?>

contact_attachment_edit.php

@@ -57,8 +57,8 @@
 	if (is_array($_POST) && sizeof($_POST) != 0) {
 
 		$attachment = $_FILES['attachment'];
-		$attachment_primary = check_str($_POST['attachment_primary']);
-		$attachment_description = check_str($_POST['attachment_description']);
+		$attachment_primary = $_POST['attachment_primary'];
+		$attachment_description = $_POST['attachment_description'];
 
 		if (!is_array($attachment) || sizeof($attachment) == 0) {
 			$attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION));
@@ -68,12 +68,18 @@
 		}
 
 		//unflag others as primary
+			$allowed_primary_attachment = false;
 			if ($attachment_primary && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png')) {
 				$sql = "update v_contact_attachments set attachment_primary = 0 ";
-				$sql .= "where domain_uuid = '".$domain_uuid."' ";
-				$sql .= "and contact_uuid = '".$contact_uuid."' ";
-				$db->exec(check_sql($sql));
-				unset($sql);
+				$sql .= "where domain_uuid = :domain_uuid ";
+				$sql .= "and contact_uuid = :contact_uuid ";
+				$parameters['domain_uuid'] = $domain_uuid;
+				$parameters['contact_uuid'] = $contact_uuid;
+				$database = new database;
+				$database->execute($sql, $parameters);
+				unset($sql, $parameters);
+
+				$allowed_primary_attachment = true;
 			}
 
 		//format array
@@ -81,7 +87,7 @@
 			$array['contact_attachments'][$index]['contact_attachment_uuid'] = $action == 'update' ? $contact_attachment_uuid : uuid();
 			$array['contact_attachments'][$index]['domain_uuid'] = $_SESSION['domain_uuid'];
 			$array['contact_attachments'][$index]['contact_uuid'] = $contact_uuid;
-			$array['contact_attachments'][$index]['attachment_primary'] = $attachment_primary == '1' && ($attachment_type == 'jpg' || $attachment_type == 'jpeg' || $attachment_type == 'gif' || $attachment_type == 'png') ? 1 : 0;
+			$array['contact_attachments'][$index]['attachment_primary'] = $allowed_primary_attachment ? 1 : 0;
 			if ($attachment['error'] == '0' && in_array(strtolower(pathinfo($attachment['name'], PATHINFO_EXTENSION)), $allowed_extensions)) {
 				$array['contact_attachments'][$index]['attachment_filename'] = $attachment['name'];
 				$array['contact_attachments'][$index]['attachment_content'] = base64_encode(file_get_contents($attachment['tmp_name']));
@@ -96,8 +102,8 @@
 			$database = new database;
 			$database->app_name = 'contacts';
 			$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
-			$database->uuid($contact_attachment_uuid);
 			$database->save($array);
+			unset($array);
 
 		//redirect
 			message::add($text['message-message_'.($action == 'update' ? 'updated' : 'added')]);
@@ -109,17 +115,19 @@
 //get form data
 	if (is_array($_GET) && sizeof($_GET) != 0) {
 		$sql = "select * from v_contact_attachments ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
 		$sql .= "and contact_attachment_uuid = :contact_attachment_uuid ";
-		$bind[':contact_attachment_uuid'] = $contact_attachment_uuid;
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute(is_array($bind) ? $bind : null);
-		$row = $prep_statement->fetch(PDO::FETCH_NAMED);
-		$attachment_primary = $row["attachment_primary"];
-		$attachment_filename = $row["attachment_filename"];
-		$attachment_content = $row["attachment_content"];
-		$attachment_description = $row["attachment_description"];
-		unset($sql, $bind, $prep_statement, $row);
+		$parameters['domain_uuid'] = $domain_uuid;
+		$parameters['contact_attachment_uuid'] = $contact_attachment_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
+			$attachment_primary = $row["attachment_primary"];
+			$attachment_filename = $row["attachment_filename"];
+			$attachment_content = $row["attachment_content"];
+			$attachment_description = $row["attachment_description"];
+		}
+		unset($sql, $parameters, $row);
 	}
 
 //show the header

contact_attachments.php

@@ -36,13 +36,14 @@
 
 //get the contact attachment list
 	$sql = "select *, length(decode(attachment_content,'base64')) as attachment_size from v_contact_attachments ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
-	$sql .= "and contact_uuid = '$contact_uuid' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and contact_uuid = :contact_uuid ";
 	$sql .= "order by attachment_primary desc, attachment_filename asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$contact_attachments = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset ($prep_statement, $sql);
+	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['contact_uuid'] = $contact_uuid;
+	$database = new database;
+	$contact_attachments = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //set the row style
 	$c = 0;
@@ -82,7 +83,7 @@
 	}
 	echo "</td>\n";
 	echo "</tr>\n";
-	if (is_array($contact_attachments)) {
+	if (is_array($contact_attachments) && @sizeof($contact_attachments) != 0) {
 		foreach($contact_attachments as $row) {
 			if (permission_exists('contact_attachment_edit')) {
 				$tr_link = "href='contact_attachment_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_attachment_uuid'])."'";
@@ -110,8 +111,8 @@
 			echo "</tr>\n";
 			$c = $c ?: 1;
 		}
-		unset($sql, $contact_attachments);
 	}
+	unset($contact_attachments, $row);
 
 	echo "</table>";
 

contact_auth.php

@@ -110,6 +110,7 @@ if ($_SESSION['contact_auth']['source'] == 'google') {
 
 }
 else {
+
 	message::add($text['message-access_denied'], 'negative');
 	header("Location: ".$_SESSION['contact_auth']['referer']);
 	unset($_SESSION['contact_auth']);

contact_delete.php

@@ -40,109 +40,61 @@ if (!$included) {
 	$language = new text;
 	$text = $language->get();
 
-	if (count($_GET)>0) {
-		$contact_uuid = check_str($_GET["id"]);
-	}
+	$contact_uuid = $_GET["id"];
 }
 
 if (is_uuid($contact_uuid)) {
-	//delete addresses
-		$sql = "delete from v_contact_addresses ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = :contact_uuid ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete phones
-		$sql = "delete from v_contact_phones ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete emails
-		$sql = "delete from v_contact_emails ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete urls
-		$sql = "delete from v_contact_urls ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete notes
-		$sql = "delete from v_contact_notes ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete relations
-		$sql = "delete from v_contact_relations ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and ";
-		$sql .= "( ";
-		$sql .= "	contact_uuid = '".$contact_uuid."' ";
-		$sql .= "	or relation_contact_uuid = '".$contact_uuid."' ";
-		$sql .= ") ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete settings
-		$sql = "delete from v_contact_settings ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete attachments
-		$sql = "delete from v_contact_attachments ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete contact users
-		$sql = "delete from v_contact_users ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete contact groups
-		$sql = "delete from v_contact_groups ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
-
-	//delete a contact
-		$sql = "delete from v_contacts ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($prep_statement, $sql);
+
+	//specify tables
+		$tables[] = 'contact_addresses';
+		$tables[] = 'contact_attachments';
+		$tables[] = 'contact_emails';
+		$tables[] = 'contact_groups';
+		$tables[] = 'contact_notes';
+		$tables[] = 'contact_phones';
+		$tables[] = 'contact_relations';
+		$tables[] = 'contact_settings';
+		$tables[] = 'contact_times';
+		$tables[] = 'contact_urls';
+		$tables[] = 'contact_users';
+		$tables[] = 'contacts';
+
+	//create array from tables
+		foreach ($tables as $table) {
+			$array[$table][0]['contact_uuid'] = $contact_uuid;
+			$array[$table][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+		}
+
+	//include reciprocal relationships
+		$array['contact_relations'][1]['relation_contact_uuid'] = $contact_uuid;
+		$array['contact_relations'][1]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+	//grant temp permissions
+		$p = new permissions;
+		$database = new database;
+		foreach ($tables as $table) {
+			$p->add($database->singular($table).'_delete', 'temp');
+		}
+
+	//execute
+		$database = new database;
+		$database->app_name = 'contacts';
+		$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+		$database->delete($array);
+		unset($array);
+
+	//revoke temp permissions
+		foreach ($tables as $table) {
+			$p->delete($database->singular($table).'_delete', 'temp');
+		}
+
+	//set message
+		message::add($text['message-delete']);
 }
 
 if (!$included) {
-	message::add($text['message-delete']);
 	header("Location: contacts.php");
-	return;
+	exit;
 }
 
 ?>

contact_edit.php

@@ -43,9 +43,9 @@
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$contact_uuid = check_str($_REQUEST["id"]);
+		$contact_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -53,21 +53,21 @@
 
 //get http post variables and set them to php variables
 	if (count($_POST) > 0) {
-		$user_uuid = check_str($_POST["user_uuid"]);
+		$user_uuid = $_POST["user_uuid"];
 		$group_uuid = $_POST['group_uuid'];
-		$contact_type = check_str($_POST["contact_type"]);
-		$contact_organization = check_str($_POST["contact_organization"]);
-		$contact_name_prefix = check_str($_POST["contact_name_prefix"]);
-		$contact_name_given = check_str($_POST["contact_name_given"]);
-		$contact_name_middle = check_str($_POST["contact_name_middle"]);
-		$contact_name_family = check_str($_POST["contact_name_family"]);
-		$contact_name_suffix = check_str($_POST["contact_name_suffix"]);
-		$contact_nickname = check_str($_POST["contact_nickname"]);
-		$contact_title = check_str($_POST["contact_title"]);
-		$contact_category = check_str($_POST["contact_category"]);
-		$contact_role = check_str($_POST["contact_role"]);
-		$contact_time_zone = check_str($_POST["contact_time_zone"]);
-		$contact_note = check_str($_POST["contact_note"]);
+		$contact_type = $_POST["contact_type"];
+		$contact_organization = $_POST["contact_organization"];
+		$contact_name_prefix = $_POST["contact_name_prefix"];
+		$contact_name_given = $_POST["contact_name_given"];
+		$contact_name_middle = $_POST["contact_name_middle"];
+		$contact_name_family = $_POST["contact_name_family"];
+		$contact_name_suffix = $_POST["contact_name_suffix"];
+		$contact_nickname = $_POST["contact_nickname"];
+		$contact_title = $_POST["contact_title"];
+		$contact_category = $_POST["contact_category"];
+		$contact_role = $_POST["contact_role"];
+		$contact_time_zone = $_POST["contact_time_zone"];
+		$contact_note = $_POST["contact_note"];
 	}
 
 //process the form data
@@ -75,7 +75,7 @@
 
 		//set the uuid
 			if ($action == "update") {
-				$contact_uuid = check_str($_POST["contact_uuid"]);
+				$contact_uuid = $_POST["contact_uuid"];
 			}
 
 		//check for all required data
@@ -111,79 +111,41 @@
 				//add the contact
 					if ($action == "add" && permission_exists('contact_add')) {
 						$contact_uuid = uuid();
-						$sql = "insert into v_contacts ";
-						$sql .= "( ";
-						$sql .= "domain_uuid, ";
-						$sql .= "contact_uuid, ";
-						$sql .= "contact_type, ";
-						$sql .= "contact_organization, ";
-						$sql .= "contact_name_prefix, ";
-						$sql .= "contact_name_given, ";
-						$sql .= "contact_name_middle, ";
-						$sql .= "contact_name_family, ";
-						$sql .= "contact_name_suffix, ";
-						$sql .= "contact_nickname, ";
-						$sql .= "contact_title, ";
-						$sql .= "contact_category, ";
-						$sql .= "contact_role, ";
-						$sql .= "contact_time_zone, ";
-						$sql .= "contact_note, ";
-						$sql .= "last_mod_date, ";
-						$sql .= "last_mod_user ";
-						$sql .= ") ";
-						$sql .= "values ";
-						$sql .= "( ";
-						$sql .= "'".$_SESSION['domain_uuid']."', ";
-						$sql .= "'".$contact_uuid."', ";
-						$sql .= "'".$contact_type."', ";
-						$sql .= "'".$contact_organization."', ";
-						$sql .= "'".$contact_name_prefix."', ";
-						$sql .= "'".$contact_name_given."', ";
-						$sql .= "'".$contact_name_middle."', ";
-						$sql .= "'".$contact_name_family."', ";
-						$sql .= "'".$contact_name_suffix."', ";
-						$sql .= "'".$contact_nickname."', ";
-						$sql .= "'".$contact_title."', ";
-						$sql .= "'".$contact_category."', ";
-						$sql .= "'".$contact_role."', ";
-						$sql .= "'".$contact_time_zone."', ";
-						$sql .= "'".$contact_note."', ";
-						$sql .= "now(), ";
-						$sql .= "'".$_SESSION['username']."' ";
-						$sql .= ")";
-						$db->exec(check_sql($sql));
-						unset($sql);
+						$array['contacts'][0]['contact_uuid'] = $contact_uuid;
 
 						message::add($text['message-add']);
 						$location = "contact_edit.php?id=".$contact_uuid;
-					} //if ($action == "add")
+					}
 
 				//update the contact
 					if ($action == "update" && permission_exists('contact_edit')) {
-						$sql = "update v_contacts set ";
-						$sql .= "contact_type = '".$contact_type."', ";
-						$sql .= "contact_organization = '".$contact_organization."', ";
-						$sql .= "contact_name_prefix = '".$contact_name_prefix."', ";
-						$sql .= "contact_name_given = '".$contact_name_given."', ";
-						$sql .= "contact_name_middle = '".$contact_name_middle."', ";
-						$sql .= "contact_name_family = '".$contact_name_family."', ";
-						$sql .= "contact_name_suffix = '".$contact_name_suffix."', ";
-						$sql .= "contact_nickname = '".$contact_nickname."', ";
-						$sql .= "contact_title = '".$contact_title."', ";
-						$sql .= "contact_category = '".$contact_category."', ";
-						$sql .= "contact_role = '".$contact_role."', ";
-						$sql .= "contact_time_zone = '".$contact_time_zone."', ";
-						$sql .= "contact_note = '".$contact_note."', ";
-						$sql .= "last_mod_date = now(), ";
-						$sql .= "last_mod_user = '".$_SESSION['username']."' ";
-						$sql .= "where domain_uuid = '".$domain_uuid."' ";
-						$sql .= "and contact_uuid = '".$contact_uuid."' ";
-						$db->exec(check_sql($sql));
-						unset($sql);
+						$array['contacts'][0]['contact_uuid'] = $contact_uuid;
 
 						message::add($text['message-update']);
 						$location = "contact_edit.php?id=".escape($contact_uuid);
-					} //if ($action == "update")
+					}
+
+				//create array
+					if (is_array($array) && @sizeof($array) != 0) {
+						$array['contacts'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+						$array['contacts'][0]['contact_type'] = $contact_type;
+						$array['contacts'][0]['contact_organization'] = $contact_organization;
+						$array['contacts'][0]['contact_name_prefix'] = $contact_name_prefix;
+						$array['contacts'][0]['contact_name_given'] = $contact_name_given;
+						$array['contacts'][0]['contact_name_middle'] = $contact_name_middle;
+						$array['contacts'][0]['contact_name_family'] = $contact_name_family;
+						$array['contacts'][0]['contact_name_suffix'] = $contact_name_suffix;
+						$array['contacts'][0]['contact_nickname'] = $contact_nickname;
+						$array['contacts'][0]['contact_title'] = $contact_title;
+						$array['contacts'][0]['contact_category'] = $contact_category;
+						$array['contacts'][0]['contact_role'] = $contact_role;
+						$array['contacts'][0]['contact_time_zone'] = $contact_time_zone;
+						$array['contacts'][0]['contact_note'] = $contact_note;
+						$array['contacts'][0]['last_mod_date'] = 'now()';
+						$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
+
+						$p = new permissions;
+					}
 
 				//assign the contact to the user that added the contact
 					if ($action == "add" && !permission_exists('contact_user_add')) {
@@ -191,50 +153,37 @@
 					}
 
 				//add user to contact users table
-					if ($user_uuid != '') {
+					if (is_uuid($user_uuid) && (permission_exists('contact_user_add') || $action == "add")) {
 						$contact_user_uuid = uuid();
-						$sql = "insert into v_contact_users ";
-						$sql .= "(";
-						$sql .= "domain_uuid, ";
-						$sql .= "contact_user_uuid, ";
-						$sql .= "contact_uuid, ";
-						$sql .= "user_uuid ";
-						$sql .= ") ";
-						$sql .= "values ";
-						$sql .= "(";
-						$sql .= "'$domain_uuid', ";
-						$sql .= "'$contact_user_uuid', ";
-						$sql .= "'$contact_uuid', ";
-						$sql .= "'$user_uuid' ";
-						$sql .= ")";
-						if (permission_exists('contact_user_add')) {
-							$db->exec(check_sql($sql));
-						}
-						elseif ($action == "add") {
-							//add the contact to the user that created it
-							$db->exec(check_sql($sql));
-						}
-						unset($sql);
+						$array['contact_users'][0]['domain_uuid'] = $domain_uuid;
+						$array['contact_users'][0]['contact_user_uuid'] = $contact_user_uuid;
+						$array['contact_users'][0]['contact_uuid'] = $contact_uuid;
+						$array['contact_users'][0]['user_uuid'] = $user_uuid;
+
+						$p->add('contact_user_add', 'temp');
 					}
 
 				//assign the contact to the group
-					if ($group_uuid != '' && permission_exists('contact_group_add')) {
-						$sql = "insert into v_contact_groups ";
-						$sql .= "( ";
-						$sql .= "contact_group_uuid, ";
-						$sql .= "domain_uuid, ";
-						$sql .= "contact_uuid, ";
-						$sql .= "group_uuid ";
-						$sql .= ") ";
-						$sql .= "values ";
-						$sql .= "( ";
-						$sql .= "'".uuid()."', ";
-						$sql .= "'".$domain_uuid."', ";
-						$sql .= "'".$contact_uuid."', ";
-						$sql .= "'".$group_uuid."' ";
-						$sql .= ") ";
-						$db->exec(check_sql($sql));
-						unset($sql);
+					if (is_uuid($group_uuid) && permission_exists('contact_group_add')) {
+						$contact_group_uuid = uuid();
+						$array['contact_group'][0]['contact_group_uuid'] = $contact_group_uuid;
+						$array['contact_group'][0]['domain_uuid'] = $domain_uuid;
+						$array['contact_group'][0]['contact_uuid'] = $contact_uuid;
+						$array['contact_group'][0]['group_uuid'] = $group_uuid;
+
+						$p->add('contact_group_add', 'temp');
+					}
+
+				//execute
+					if (is_array($array) && @sizeof($array) != 0) {
+						$database = new database;
+						$database->app_name = 'contacts';
+						$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+						$database->save($array);
+						unset($array);
+
+						$p->delete('contact_user_add', 'temp');
+						$p->delete('contact_group_add', 'temp');
 					}
 
 				//handle redirect
@@ -244,21 +193,22 @@
 
 				//redirect the browser
 					header("Location: ".$location);
-					return;
+					exit;
 
-			} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+			}
+	}
 
 //pre-populate the form
 	if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
 		$contact_uuid = $_GET["id"];
 		$sql = "select * from v_contacts ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '$contact_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and contact_uuid = :contact_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['contact_uuid'] = $contact_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && @sizeof($row) != 0) {
 			$contact_type = $row["contact_type"];
 			$contact_organization = $row["contact_organization"];
 			$contact_name_prefix = $row["contact_name_prefix"];
@@ -273,17 +223,17 @@
 			$contact_time_zone = $row["contact_time_zone"];
 			$contact_note = $row["contact_note"];
 		}
-		unset ($prep_statement, $sql);
+		unset($sql, $parameters, $row);
 	}
 
 //get the users array
-	$sql = "SELECT * FROM v_users ";
-	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	$sql = "select * from v_users ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "order by username asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset($prep_statement, $sql);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
+	$users = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //determine if contact assigned to a user
 	if (is_array($users) && sizeof($users) != 0) {
@@ -296,16 +246,17 @@
 	}
 
 //get the users assigned to this contact
-	$sql = "SELECT u.username, u.user_uuid, a.contact_user_uuid FROM v_contacts as c, v_users as u, v_contact_users as a ";
-	$sql .= "where c.contact_uuid = '".$contact_uuid."' ";
-	$sql .= "and c.domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	$sql = "select u.username, u.user_uuid, a.contact_user_uuid from v_contacts as c, v_users as u, v_contact_users as a ";
+	$sql .= "where c.contact_uuid = :contact_uuid ";
+	$sql .= "and c.domain_uuid = :domain_uuid ";
 	$sql .= "and u.user_uuid = a.user_uuid ";
 	$sql .= "and c.contact_uuid = a.contact_uuid ";
 	$sql .= "order by u.username asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$contact_users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset($prep_statement, $sql);
+	$parameters['contact_uuid'] = $contact_uuid;
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
+	$contact_users = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //show the header
 	require_once "resources/header.php";
@@ -390,8 +341,8 @@
 	echo "<tr>\n";
 	echo "<td valign='top' align='left' width='30%' nowrap='nowrap'><b>";
 	switch ($action) {
-		case "add" : 	echo $text['header-contact-add'];	break;
-		case "update" :	echo $text['header-contact-edit'];	break;
+		case "add": echo $text['header-contact-add']; break;
+		case "update": echo $text['header-contact-edit']; break;
 	}
 	echo "</b></td>\n";
 	echo "<td valign='top' width='70%' align='right'>\n";
@@ -402,20 +353,19 @@
 			$sql = "select ";
 			$sql .= "time_start ";
 			$sql .= "from v_contact_times ";
-			$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-			$sql .= "and user_uuid = '".$_SESSION['user']['user_uuid']."' ";
-			$sql .= "and contact_uuid = '".$contact_uuid."' ";
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$sql .= "and user_uuid = :user_uuid ";
+			$sql .= "and contact_uuid = :contact_uuid ";
 			$sql .= "and time_start is not null ";
 			$sql .= "and time_stop is null ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$result = $prep_statement->fetch(PDO::FETCH_NAMED);
-			if ($result['time_start'] != '') {
-				$time_start = $result['time_start'];
-				$btn_mod = "style='background-color: #3693df; background-image: none;'";
-			}
-			unset ($sql, $prep_statement, $result);
-			echo "	<input type='button' class='btn' ".$btn_mod." alt='".$text['button-timer']."' ".(($time_start != '') ? "title='".escape($time_start)."'" : null)." onclick=\"window.open('contact_timer.php?domain_uuid=".escape($domain_uuid)."&contact_uuid=".escape($contact_uuid)."','contact_time_".escape($contact_uuid)."','width=300, height=375, top=30, left='+(screen.width - 350)+', menubar=no, scrollbars=no, status=no, toolbar=no, resizable=no');\" value='".$text['button-timer']."'>\n";
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$parameters['user_uuid'] = $_SESSION['user']['user_uuid'];
+			$parameters['contact_uuid'] = $contact_uuid;
+			$database = new database;
+			$time_start = $database->select($sql, $parameters, 'column');
+			$btn_mod = $time_start != '' ? "style='background-color: #3693df; background-image: none;'" : null;
+			unset($sql, $parameters);
+			echo "	<input type='button' class='btn' ".$btn_mod." alt='".$text['button-timer']."' ".($time_start != '' ? "title='".escape($time_start)."'" : null)." onclick=\"window.open('contact_timer.php?domain_uuid=".escape($domain_uuid)."&contact_uuid=".escape($contact_uuid)."','contact_time_".escape($contact_uuid)."','width=300, height=375, top=30, left='+(screen.width - 350)+', menubar=no, scrollbars=no, status=no, toolbar=no, resizable=no');\" value='".$text['button-timer']."'>\n";
 		}
 		echo "	<input type='button' class='btn' name='' alt='".$text['button-qr_code']."' onclick=\"$('#qr_code_container').fadeIn(400);\" value='".$text['button-qr_code']."'>\n";
 		echo "	<input type='button' class='btn' name='' alt='".$text['button-vcard']."' onclick=\"window.location='contacts_vcard.php?id=".escape($contact_uuid)."&type=download'\" value='".$text['button-vcard']."'>\n";
@@ -686,15 +636,16 @@
 			$sql .= "v_contact_groups as cg ";
 			$sql .= "where ";
 			$sql .= "cg.group_uuid = g.group_uuid ";
-			$sql .= "and cg.domain_uuid = '".$domain_uuid."' ";
-			$sql .= "and cg.contact_uuid = '".$contact_uuid."' ";
-			$sql .= "and cg.group_uuid <> '".$_SESSION["user_uuid"]."' ";
+			$sql .= "and cg.domain_uuid = :domain_uuid ";
+			$sql .= "and cg.contact_uuid = :contact_uuid ";
+			$sql .= "and cg.group_uuid <> :group_uuid ";
 			$sql .= "order by g.group_name asc ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-			$result_count = count($result);
-			if ($result_count > 0) {
+			$parameters['domain_uuid'] = $domain_uuid;
+			$parameters['contact_uuid'] = $contact_uuid;
+			$parameters['group_uuid'] = $_SESSION["user_uuid"];
+			$database = new database;
+			$result = $database->select($sql, $parameters, 'all');
+			if (is_array($result) && @sizeof($result) != 0) {
 				echo "	<table width='52%'>\n";
 				foreach($result as $field) {
 					if (strlen($field['group_name']) > 0) {
@@ -712,21 +663,28 @@
 				echo "	</table>\n";
 				echo "	<br />\n";
 			}
-			unset($sql, $prep_statement, $result, $field);
+			unset($sql, $parameters, $result, $field);
 
 			if (permission_exists('contact_group_add') || if_group("superadmin")) {
 				$sql = "select * from v_groups ";
-				$sql .= "where domain_uuid = '".$domain_uuid."' ";
+				$sql .= "where domain_uuid = :domain_uuid ";
 				$sql .= "or domain_uuid is null ";
-				if (sizeof($assigned_groups) > 0) {
-					$sql .= "and group_uuid not in ('".implode("','",$assigned_groups)."') ";
+				if (is_array($assigned_groups) && @sizeof($assigned_groups) != 0) {
+					foreach ($assigned_groups as $index => $assigned_group) {
+						$sql_where_and[] = "group_uuid <> :group_uuid_".$index." ";
+						$parameters['group_uuid_'.$index] = $assigned_group;
+					}
+					if (is_array($sql_where_and) && @sizeof($sql_where_and) != 0) {
+						$sql .= "and ".implode(' and ', $sql_where_and)." ";
+					}
 				}
 				$sql .= "order by group_name asc ";
-				$prep_statement = $db->prepare(check_sql($sql));
-				$prep_statement->execute();
-				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-				$result_count = count($result);
-				if ($result_count > 0) {
+				$parameters['domain_uuid'] = $domain_uuid;
+				$database = new database;
+				$result = $database->select($sql, $parameters, 'all');
+				unset($sql, $sql_where_and, $index, $parameters, $assigned_groups, $assigned_group);
+
+				if (is_array($result) && @sizeof($result) != 0) {
 					echo "	<select name='group_uuid' class='formfld' style='width: auto; margin-right: 3px;'>\n";
 					echo "		<option value=''></option>\n";
 					foreach($result as $field) {
@@ -741,7 +699,7 @@
 					}
 					echo "<br>";
 				}
-				unset($sql, $prep_statement, $result, $field);
+				unset($result, $field);
 			}
 
 			echo "		".$text['description-groups']."\n";

contact_email_delete.php

@@ -42,7 +42,6 @@ $contact_email_uuid = $_GET["id"];
 $contact_uuid = $_GET["contact_uuid"];
 
 if (is_uuid($contact_email_uuid) && is_uuid($contact_uuid)) {
-
 	$array['contact_emails'][0]['contact_email_uuid'] = $contact_email_uuid;
 	$array['contact_emails'][0]['domain_uuid'] = $_SESSION['domain_uuid'];