Browse Source

Database class integration.

Nate 6 năm trước cách đây
mục cha
commit
e1406393d6
3 tập tin đã thay đổi với 101 bổ sung103 xóa
  1. 15 13
      contact_email_delete.php
  2. 74 78
      contact_email_edit.php
  3. 12 12
      contact_emails.php

+ 15 - 13
contact_email_delete.php

@@ -38,22 +38,24 @@ else {
 	$language = new text;
 	$text = $language->get();
 
-if (count($_GET)>0) {
-	$id = check_str($_GET["id"]);
-	$contact_uuid = check_str($_GET["contact_uuid"]);
-}
+$contact_email_uuid = $_GET["id"];
+$contact_uuid = $_GET["contact_uuid"];
+
+if (is_uuid($contact_email_uuid) && is_uuid($contact_uuid)) {
+
+	$array['contact_emails'][0]['contact_email_uuid'] = $contact_email_uuid;
+	$array['contact_emails'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+	$database = new database;
+	$database->app_name = 'contacts';
+	$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+	$database->delete($array);
+	unset($array);
 
-if (strlen($id)>0) {
-	$sql = "delete from v_contact_emails ";
-	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-	$sql .= "and contact_email_uuid = '".$id."' ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	unset($sql);
+	message::add($text['message-delete']);
 }
 
-message::add($text['message-delete']);
 header("Location: contact_edit.php?id=".$contact_uuid);
-return;
+exit;
 
 ?>

+ 74 - 78
contact_email_edit.php

@@ -40,28 +40,28 @@ else {
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$contact_email_uuid = check_str($_REQUEST["id"]);
+		$contact_email_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
 	}
 
-if (strlen($_GET["contact_uuid"]) > 0) {
-	$contact_uuid = check_str($_GET["contact_uuid"]);
+if (is_uuid($_GET["contact_uuid"])) {
+	$contact_uuid = $_GET["contact_uuid"];
 }
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$email_label = check_str($_POST["email_label"]);
-		$email_label_custom = check_str($_POST["email_label_custom"]);
-		$email_address = check_str($_POST["email_address"]);
-		$email_primary = check_str($_POST["email_primary"]);
-		$email_description = check_str($_POST["email_description"]);
+		$email_label = $_POST["email_label"];
+		$email_label_custom = $_POST["email_label_custom"];
+		$email_address = $_POST["email_address"];
+		$email_primary = $_POST["email_primary"];
+		$email_description = $_POST["email_description"];
 
 		//use custom label if set
-		$email_label = ($email_label_custom != '') ? $email_label_custom : $email_label;
+		$email_label = $email_label_custom != '' ? $email_label_custom : $email_label;
 	}
 
 //process the form data
@@ -69,7 +69,7 @@ if (strlen($_GET["contact_uuid"]) > 0) {
 
 		//set the uuid
 			if ($action == "update") {
-				$contact_email_uuid = check_str($_POST["contact_email_uuid"]);
+				$contact_email_uuid = $_POST["contact_email_uuid"];
 			}
 
 		//check for all required data
@@ -91,89 +91,85 @@ if (strlen($_GET["contact_uuid"]) > 0) {
 			if ($_POST["persistformvar"] != "true") {
 
 				//update last modified
-				$sql = "update v_contacts set ";
-				$sql .= "last_mod_date = now(), ";
-				$sql .= "last_mod_user = '".$_SESSION['username']."' ";
-				$sql .= "where domain_uuid = '".$domain_uuid."' ";
-				$sql .= "and contact_uuid = '".$contact_uuid."' ";
-				$db->exec(check_sql($sql));
-				unset($sql);
-
-				//if primary, unmark other primary numbers
-				if ($email_primary) {
-					$sql = "update v_contact_emails set email_primary = 0 ";
-					$sql .= "where domain_uuid = '".$domain_uuid."' ";
-					$sql .= "and contact_uuid = '".$contact_uuid."' ";
-					$db->exec(check_sql($sql));
-					unset($sql);
-				}
+					$array['contacts'][0]['contact_uuid'] = $contact_uuid;
+					$array['contacts'][0]['domain_uuid'] = $domain_uuid;
+					$array['contacts'][0]['last_mod_date'] = 'now()';
+					$array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
+
+					$p = new permissions;
+					$p->add('contact_edit', 'temp');
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('contact_edit', 'temp');
 
-				if ($action == "add") {
+				//if primary, unmark other primary emails
+					if ($email_primary) {
+						$sql = "update v_contact_emails set email_primary = 0 ";
+						$sql .= "where domain_uuid = :domain_uuid ";
+						$sql .= "and contact_uuid = :contact_uuid ";
+						$parameters['domain_uuid'] = $domain_uuid;
+						$parameters['contact_uuid'] = $contact_uuid;
+						$database = new database;
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
+					}
+
+				if ($action == "add" && permission_exists('contact_email_add')) {
 					$contact_email_uuid = uuid();
-					$sql = "insert into v_contact_emails ";
-					$sql .= "(";
-					$sql .= "domain_uuid, ";
-					$sql .= "contact_uuid, ";
-					$sql .= "contact_email_uuid, ";
-					$sql .= "email_label, ";
-					$sql .= "email_address, ";
-					$sql .= "email_primary, ";
-					$sql .= "email_description ";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".$_SESSION['domain_uuid']."', ";
-					$sql .= "'".$contact_uuid."', ";
-					$sql .= "'".$contact_email_uuid."', ";
-					$sql .= "'".$email_label."', ";
-					$sql .= "'".$email_address."', ";
-					$sql .= (($email_primary) ? 1 : 0).", ";
-					$sql .= "'".$email_description."' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['contact_emails'][0]['contact_email_uuid'] = $contact_email_uuid;
 
 					message::add($text['message-add']);
-					header("Location: contact_edit.php?id=".$contact_uuid);
-					return;
-				} //if ($action == "add")
-
-				if ($action == "update") {
-					$sql = "update v_contact_emails set ";
-					$sql .= "contact_uuid = '".$contact_uuid."', ";
-					$sql .= "email_label = '".$email_label."', ";
-					$sql .= "email_address = '".$email_address."', ";
-					$sql .= "email_primary = ".(($email_primary) ? 1 : 0).", ";
-					$sql .= "email_description = '".$email_description."' ";
-					$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-					$sql .= "and contact_email_uuid = '".$contact_email_uuid."'";
-					$db->exec(check_sql($sql));
-					unset($sql);
+				}
+
+				if ($action == "update" && permission_exists('contact_email_edit')) {
+					$array['contact_emails'][0]['contact_email_uuid'] = $contact_email_uuid;
 
 					message::add($text['message-update']);
-					header("Location: contact_edit.php?id=".$contact_uuid);
-					return;
-				} //if ($action == "update")
-			} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+				}
+
+				if (is_array($array) && @sizeof($array) != 0) {
+					$array['contact_emails'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+					$array['contact_emails'][0]['contact_uuid'] = $contact_uuid;
+					$array['contact_emails'][0]['email_label'] = $email_label;
+					$array['contact_emails'][0]['email_address'] = $email_address;
+					$array['contact_emails'][0]['email_primary'] = $email_primary ? 1 : 0;
+					$array['contact_emails'][0]['email_description'] = $email_description;
+
+					$database = new database;
+					$database->app_name = 'contacts';
+					$database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+					$database->save($array);
+					unset($array);
+				}
+
+				header("Location: contact_edit.php?id=".$contact_uuid);
+				exit;
+
+			}
+	}
 
 //pre-populate the form
 	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
 		$contact_email_uuid = $_GET["id"];
 		$sql = "select * from v_contact_emails ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_email_uuid = '".$contact_email_uuid."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and contact_email_uuid = :contact_email_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['contact_email_uuid'] = $contact_email_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');;
+		if (is_array($row) && @sizeof($row) != 0) {
 			$email_label = $row["email_label"];
 			$email_address = $row["email_address"];
 			$email_primary = $row["email_primary"];
 			$email_description = $row["email_description"];
-			break; //limit to 1 row
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header

+ 12 - 12
contact_emails.php

@@ -48,14 +48,14 @@
 
 	//get the contact list
 		$sql = "select * from v_contact_emails ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and contact_uuid = '$contact_uuid' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and contact_uuid = :contact_uuid ";
 		$sql .= "order by email_primary desc, email_label asc ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		$result_count = count($result);
-		unset ($prep_statement, $sql);
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['contact_uuid'] = $contact_uuid;
+		$database = new database;
+		$result = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
 
 	$c = 0;
 	$row_style["0"] = "row_style0";
@@ -69,12 +69,12 @@
 	echo "<th>".$text['label-email_description']."</th>\n";
 	echo "<td class='list_control_icons'>";
 	if (permission_exists('contact_email_add')) {
-		echo "<a href='contact_email_edit.php?contact_uuid=".$contact_uuid."' alt='".$text['button-add']."'>$v_link_label_add</a>";
+		echo "<a href='contact_email_edit.php?contact_uuid=".escape($contact_uuid)."' alt='".$text['button-add']."'>$v_link_label_add</a>";
 	}
 	echo "</td>\n";
 	echo "</tr>\n";
 
-	if ($result_count > 0) {
+	if (is_array($result) && @sizeof($result) != 0) {
 		foreach($result as $row) {
 			if (permission_exists('contact_email_edit')) {
 				$tr_link = "href='contact_email_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_email_uuid'])."'";
@@ -93,9 +93,9 @@
 			echo "	</td>\n";
 			echo "</tr>\n";
 			$c = ($c) ? 0 : 1;
-		} //end foreach
-		unset($sql, $result, $row_count);
-	} //end if results
+		}
+	}
+	unset($result, $row);
 
 	echo "</table>";