Database class integration.

contact_time_delete.php

@@ -39,25 +39,26 @@ else {
 	$text = $language->get();
 
 //get the http values and set as variables
-	if (count($_GET) > 0) {
-		$contact_time_uuid = check_str($_GET["id"]);
-		$contact_uuid = check_str($_GET["contact_uuid"]);
-	}
+	$contact_time_uuid = $_GET["id"];
+	$contact_uuid = $_GET["contact_uuid"];
 
 //delete the record
-	if (strlen($contact_time_uuid) > 0) {
-		$sql = "delete from v_contact_times ";
-		$sql .= "where domain_uuid = '".$domain_uuid."' ";
-		$sql .= "and contact_uuid = '".$contact_uuid."' ";
-		$sql .= "and contact_time_uuid = '".$contact_time_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($sql);
+	if (is_uuid($contact_time_uuid) && is_uuid($contact_uuid)) {
+		$array['contact_times'][0]['domain_uuid'] = $domain_uuid;
+		$array['contact_times'][0]['contact_uuid'] = $contact_uuid;
+		$array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid;
+
+		$database = new database;
+		$database->app_name = 'contacts';
+		$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+		$database->delete($array);
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
 //redirect the browser
-	message::add($text['message-delete']);
 	header("Location: contact_edit.php?id=".$contact_uuid);
-	return;
+	exit;
 
 ?>

contact_time_edit.php

@@ -39,32 +39,32 @@ else {
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$contact_time_uuid = check_str($_REQUEST["id"]);
+		$contact_time_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
 	}
 
 //get the contact uuid
-	if (strlen($_GET["contact_uuid"]) > 0) {
-		$contact_uuid = check_str($_GET["contact_uuid"]);
+	if (is_uuid($_GET["contact_uuid"])) {
+		$contact_uuid = $_GET["contact_uuid"];
 	}
 
 //get http post variables and set them to php variables
-	if (count($_POST)>0) {
-		$time_start = check_str($_POST["time_start"]);
-		$time_stop = check_str($_POST["time_stop"]);
-		$time_description = check_str($_POST["time_description"]);
+	if (is_array($_POST) && @sizeof($_POST) != 0) {
+		$time_start = $_POST["time_start"];
+		$time_stop = $_POST["time_stop"];
+		$time_description = $_POST["time_description"];
 	}
 
 //process the form data
-	if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
+	if (is_array($_POST) && @sizeof($_POST) != 0 && strlen($_POST["persistformvar"]) == 0) {
 
 		//set the uuid
 			if ($action == "update") {
-				$contact_time_uuid = check_str($_POST["contact_time_uuid"]);
+				$contact_time_uuid = $_POST["contact_time_uuid"];
 			}
 
 		//check for all required data
@@ -86,82 +86,76 @@ else {
 			if ($_POST["persistformvar"] != "true") {
 
 				//update last modified
-				$sql = "update v_contacts set ";
-				$sql .= "last_mod_date = now(), ";
-				$sql .= "last_mod_user = '".$_SESSION['username']."' ";
-				$sql .= "where domain_uuid = '".$domain_uuid."' ";
-				$sql .= "and contact_uuid = '".$contact_uuid."' ";
-				$db->exec(check_sql($sql));
-				unset($sql);
+				$array['contacts'][0]['contact_uuid'] = $contact_uuid;
+				$array['contacts'][0]['domain_uuid'] = $domain_uuid;
+				$array['contacts'][0]['last_mod_date'] = 'now()';
+				$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
+
+				$p = new permissions;
+				$p->add('contact_edit', 'temp');
+
+				$database = new database;
+				$database->app_name = 'contacts';
+				$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+				$database->save($array);
+				unset($array);
+
+				$p->delete('contact_edit', 'temp');
 
 				if ($action == "add") {
 					$contact_time_uuid = uuid();
-					$sql = "insert into v_contact_times ";
-					$sql .= "( ";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_time_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "user_uuid, ";
-					$sql .= "time_start, ";
-					$sql .= "time_stop, ";
-					$sql .= "time_description ";
-					$sql .= ") ";
-					$sql .= "values ";
-					$sql .= "( ";
-					$sql .= "'".$domain_uuid."', ";
-					$sql .= "'".$contact_time_uuid."', ";
-					$sql .= "'".$contact_uuid."', ";
-					$sql .= "'".$_SESSION["user"]["user_uuid"]."', ";
-					$sql .= "'".$time_start."', ";
-					$sql .= "'".$time_stop."', ";
-					$sql .= "'".$time_description."' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid;
 
 					message::add($text['message-add']);
-					header("Location: contact_edit.php?id=".$contact_uuid);
-					return;
-				} //if ($action == "add")
+				}
 
 				if ($action == "update") {
-					$sql = "update v_contact_times ";
-					$sql .= "set ";
-					$sql .= "time_start = '".$time_start."', ";
-					$sql .= "time_stop = '".$time_stop."', ";
-					$sql .= "time_description = '".$time_description."' ";
-					$sql .= "where ";
-					$sql .= "contact_time_uuid = '".$contact_time_uuid."' ";
-					$sql .= "and domain_uuid = '".$domain_uuid."' ";
-					$sql .= "and contact_uuid = '".$contact_uuid."' ";
-					$sql .= "and user_uuid = '".$_SESSION["user"]["user_uuid"]."' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid;
 
 					message::add($text['message-update']);
-					header("Location: contact_edit.php?id=".$contact_uuid);
-					return;
-				} //if ($action == "update")
-			} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+				}
+
+				if (is_array($array) && @sizeof($array) != 0) {
+					$array['contact_times'][0]['domain_uuid'] = $domain_uuid;
+					$array['contact_times'][0]['contact_uuid'] = $contact_uuid;
+					$array['contact_times'][0]['user_uuid'] = $_SESSION["user"]["user_uuid"];
+					$array['contact_times'][0]['time_start'] = $time_start;
+					$array['contact_times'][0]['time_stop'] = $time_stop;
+					$array['contact_times'][0]['time_description'] = $time_description;
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+				}
+
+				header("Location: contact_edit.php?id=".$contact_uuid);
+				exit;
+
+			}
+	}
 
 //pre-populate the form
-	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
+	if (is_array($_GET) && @sizeof($_GET) != 0 && $_POST["persistformvar"] != "true") {
 		$contact_time_uuid = $_GET["id"];
 		$sql = "select ct.*, u.username ";
 		$sql .= "from v_contact_times as ct, v_users as u ";
 		$sql .= "where ct.user_uuid = u.user_uuid ";
-		$sql .= "and ct.domain_uuid = '".$domain_uuid."' ";
-		$sql .= "and ct.contact_uuid = '".$contact_uuid."' ";
-		$sql .= "and ct.user_uuid = '".$_SESSION["user"]["user_uuid"]."' ";
-		$sql .= "and contact_time_uuid = '".$contact_time_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetch(PDO::FETCH_NAMED);
-		$time_start = $result["time_start"];
-		$time_stop = $result["time_stop"];
-		$time_description = $result["time_description"];
-		unset ($prep_statement);
+		$sql .= "and ct.domain_uuid = :domain_uuid ";
+		$sql .= "and ct.contact_uuid = :contact_uuid ";
+		$sql .= "and ct.user_uuid = :user_uuid ";
+		$sql .= "and contact_time_uuid = :contact_time_uuid ";
+		$parameters['domain_uuid'] = $domain_uuid;
+		$parameters['contact_uuid'] = $contact_uuid;
+		$parameters['user_uuid'] = $_SESSION["user"]["user_uuid"];
+		$parameters['contact_time_uuid'] = $contact_time_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		$time_start = $row["time_start"];
+		$time_stop = $row["time_stop"];
+		$time_description = $row["time_description"];
+		unset($sql, $parameters, $row);
 	}
 
 //show the header

contact_timer.php

@@ -33,54 +33,41 @@ if (!permission_exists('contact_time_add')) { echo "access denied"; exit; }
 	$text = $language->get();
 
 //get contact uuid
-	$domain_uuid = check_str($_REQUEST['domain_uuid']);
-	$contact_uuid = check_str($_REQUEST['contact_uuid']);
+	$domain_uuid = $_REQUEST['domain_uuid'];
+	$contact_uuid = $_REQUEST['contact_uuid'];
 
 //get posted variables & set time status
-	if (sizeof($_POST) > 0) {
-		$contact_time_uuid = check_str($_POST['contact_time_uuid']);
-		$contact_uuid = check_str($_POST['contact_uuid']);
-		$time_action = check_str($_POST['time_action']);
-		$time_description = check_str($_POST['time_description']);
+	if (is_array($_POST) && @sizeof($_POST) != 0) {
+		$contact_time_uuid = $_POST['contact_time_uuid'];
+		$contact_uuid = $_POST['contact_uuid'];
+		$time_action = $_POST['time_action'];
+		$time_description = $_POST['time_description'];
 
 		if ($time_description == 'Description...') { unset($time_description); }
 
 		if ($time_action == 'start') {
 			$contact_time_uuid = uuid();
-			$sql = "insert into v_contact_times ";
-			$sql .= "( ";
-			$sql .= "domain_uuid, ";
-			$sql .= "contact_time_uuid, ";
-			$sql .= "contact_uuid, ";
-			$sql .= "user_uuid, ";
-			$sql .= "time_start, ";
-			$sql .= "time_description ";
-			$sql .= ") ";
-			$sql .= "values ";
-			$sql .= "( ";
-			$sql .= "'".$domain_uuid."', ";
-			$sql .= "'".$contact_time_uuid."', ";
-			$sql .= "'".$contact_uuid."', ";
-			$sql .= "'".$_SESSION["user"]["user_uuid"]."', ";
-			$sql .= "'".date("Y-m-d H:i:s")."', ";
-			$sql .= "'".$time_description."' ";
-			$sql .= ")";
-			$db->exec(check_sql($sql));
-			unset($sql);
+			$array['contact_times'][0]['domain_uuid'] = $domain_uuid;
+			$array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid;
+			$array['contact_times'][0]['contact_uuid'] = $contact_uuid;
+			$array['contact_times'][0]['user_uuid'] = $_SESSION["user"]["user_uuid"];
+			$array['contact_times'][0]['time_start'] = date("Y-m-d H:i:s");
+			$array['contact_times'][0]['time_description'] = $time_description;
 		}
 		if ($time_action == 'stop') {
-			$sql = "update v_contact_times ";
-			$sql .= "set ";
-			$sql .= "time_stop = '".date("Y-m-d H:i:s")."', ";
-			$sql .= "time_description = '".$time_description."' ";
-			$sql .= "where ";
-			$sql .= "contact_time_uuid = '".$contact_time_uuid."' ";
-			$sql .= "and domain_uuid = '".$domain_uuid."' ";
-			$sql .= "and contact_uuid = '".$contact_uuid."' ";
-			$sql .= "and user_uuid = '".$_SESSION["user"]["user_uuid"]."' ";
-			$db->exec(check_sql($sql));
-			unset($sql);
+			$array['contact_times'][0]['contact_time_uuid'] = $contact_time_uuid;
+			$array['contact_times'][0]['time_stop'] = date("Y-m-d H:i:s");
+			$array['contact_times'][0]['time_description'] = $time_description;
 		}
+
+		if (is_array($array) && @sizeof($array) != 0) {
+			$database = new database;
+			$database->app_name = 'contacts';
+			$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+			$database->save($array);
+			unset($array);
+		}
+
 		header("Location: contact_timer.php?domain_uuid=".$domain_uuid."&contact_uuid=".$contact_uuid);
 	}
 
@@ -91,43 +78,46 @@ if (!permission_exists('contact_time_add')) { echo "access denied"; exit; }
 	$sql .= "contact_name_family, ";
 	$sql .= "contact_nickname ";
 	$sql .= "from v_contacts ";
-	$sql .= "where domain_uuid = '".$domain_uuid."' ";
-	$sql .= "and contact_uuid = '".$contact_uuid."' ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetch(PDO::FETCH_NAMED);
-	if (sizeof($result) > 0) {
-		$contact_organization = $result["contact_organization"];
-		$contact_name_given = $result["contact_name_given"];
-		$contact_name_family = $result["contact_name_family"];
-		$contact_nickname = $result["contact_nickname"];
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and contact_uuid = :contact_uuid ";
+	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['contact_uuid'] = $contact_uuid;
+	$database = new database;
+	$row = $database->select($sql, $parameters, 'row');
+	if (is_array($row) && @sizeof($row) != 0) {
+		$contact_organization = $row["contact_organization"];
+		$contact_name_given = $row["contact_name_given"];
+		$contact_name_family = $row["contact_name_family"];
+		$contact_nickname = $row["contact_nickname"];
 	}
 	else {
 		exit;
 	}
-	unset ($sql, $prep_statement, $result);
+	unset($sql, $parameters, $row);
 
 //determine timer state and action
 	$sql = "select ";
 	$sql .= "contact_time_uuid, ";
 	$sql .= "time_description ";
 	$sql .= "from v_contact_times ";
-	$sql .= "where domain_uuid = '".$domain_uuid."' ";
-	$sql .= "and user_uuid = '".$_SESSION['user']['user_uuid']."' ";
-	$sql .= "and contact_uuid = '".$contact_uuid."' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and user_uuid = :user_uuid ";
+	$sql .= "and contact_uuid = :contact_uuid ";
 	$sql .= "and time_start is not null ";
 	$sql .= "and time_stop is null ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetch(PDO::FETCH_NAMED);
-	if (sizeof($result) > 0) {
-		$contact_time_uuid = $result["contact_time_uuid"];
-		$time_description = $result["time_description"];
+	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['user_uuid'] = $_SESSION['user']['user_uuid'];
+	$parameters['contact_uuid'] = $contact_uuid;
+	$database = new database;
+	$row = $database->select($sql, $parameters, 'row');
+	if (is_array($row) && @sizeof($row) != 0) {
+		$contact_time_uuid = $row["contact_time_uuid"];
+		$time_description = $row["time_description"];
 	}
-	unset ($sql, $prep_statement, $result);
+	unset($sql, $parameters, $row);
 
-	$timer_state = ($contact_time_uuid != '') ? 'running' : 'stopped';
-	$timer_action = ($timer_state == 'running') ? 'stop' : 'start';
+	$timer_state = is_uuid($contact_time_uuid) ? 'running' : 'stopped';
+	$timer_action = $timer_state == 'running' ? 'stop' : 'start';
 
 //determine contact name to display
 	if ($contact_nickname != '') {
@@ -358,4 +348,4 @@ if (!permission_exists('contact_time_add')) { echo "access denied"; exit; }
 	</center>
 	</form>
 </body>
-</html>
+</html>

contact_timer_inc.php

@@ -29,29 +29,32 @@ require_once "resources/check_auth.php";
 if (!permission_exists('contact_time_add')) { echo "access denied"; exit; }
 
 //get contact and time uuids
-	$domain_uuid = check_str($_REQUEST['domain_uuid']);
-	$contact_uuid = check_str($_REQUEST['contact_uuid']);
-	$contact_time_uuid = check_str($_REQUEST['contact_time_uuid']);
+	$domain_uuid = $_REQUEST['domain_uuid'];
+	$contact_uuid = $_REQUEST['contact_uuid'];
+	$contact_time_uuid = $_REQUEST['contact_time_uuid'];
 
 //get time quantity
 	$sql = "select ";
 	$sql .= "time_start ";
 	$sql .= "from v_contact_times ";
-	$sql .= "where domain_uuid = '".$domain_uuid."' ";
-	$sql .= "and contact_time_uuid = '".$contact_time_uuid."' ";
-	$sql .= "and user_uuid = '".$_SESSION['user']['user_uuid']."' ";
-	$sql .= "and contact_uuid = '".$contact_uuid."' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and contact_time_uuid = :contact_time_uuid ";
+	$sql .= "and user_uuid = :user_uuid ";
+	$sql .= "and contact_uuid = :contact_uuid ";
 	$sql .= "and time_start is not null ";
 	$sql .= "and time_stop is null ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetch(PDO::FETCH_NAMED);
-	if (sizeof($result) > 0) {
-		$time_start = strtotime($result["time_start"]);
+	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['contact_uuid'] = $contact_uuid;
+	$parameters['user_uuid'] = $_SESSION['user']['user_uuid'];
+	$parameters['contact_time_uuid'] = $contact_time_uuid;
+	$database = new database;
+	$row = $database->select($sql, $parameters, 'row');
+	if (is_array($row) && @sizeof($row) != 0) {
+		$time_start = strtotime($row["time_start"]);
 		$time_now = strtotime(date("Y-m-d H:i:s"));
 		$time_diff = gmdate("H:i:s", ($time_now - $time_start));
 		echo $time_diff;
 		echo "<script id='title_script'>set_title('".$time_diff."');</script>";
 	}
-	unset ($sql, $prep_statement, $result);
+	unset ($sql, $parameters, $row);
 ?>

contact_times.php

@@ -42,14 +42,14 @@
 	$sql = "select ct.*, u.username, u.domain_uuid as user_domain_uuid ";
 	$sql .= "from v_contact_times as ct, v_users as u ";
 	$sql .= "where ct.user_uuid = u.user_uuid ";
-	$sql .= "and ct.domain_uuid = '".$domain_uuid."' ";
-	$sql .= "and ct.contact_uuid = '".$contact_uuid."' ";
+	$sql .= "and ct.domain_uuid = :domain_uuid ";
+	$sql .= "and ct.contact_uuid = :contact_uuid ";
 	$sql .= "order by ct.time_start desc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	$result_count = count($result);
-	unset ($prep_statement, $sql);
+	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['contact_uuid'] = $contact_uuid;
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //set the row style
 	$c = 0;
@@ -85,7 +85,7 @@
 
 	echo "<div id='div_contact_times' style='width: 100%; overflow: auto; direction: rtl; text-align: right; margin-bottom: 23px;'>";
 	echo "<table id='table_contact_times' class='tr_hover' style='width: 100%; direction: ltr;' border='0' cellpadding='0' cellspacing='0'>\n";
-	if ($result_count > 0) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		foreach($result as $row) {
 			$tr_link = (permission_exists('contact_time_edit') && $row['user_uuid'] == $_SESSION["user"]["user_uuid"]) ? "href='contact_time_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_time_uuid'])."'" : null;
 			echo "<tr ".$tr_link.">\n";
@@ -120,9 +120,9 @@
 			}
 			echo "	</td>\n";
 			echo "</tr>\n";
-			$c = ($c) ? 0 : 1;
+			$c = $c ? 0 : 1;
 		} //end foreach
-		unset($sql, $result, $row_count);
+		unset($result, $row);
 	} //end if results
 	echo "</table>";
 	echo "</div>\n";

contact_url_edit.php

@@ -150,6 +150,7 @@ else {
 
 				header("Location: contact_edit.php?id=".$contact_uuid);
 				exit;
+
 			}
 	}