Mobile Twinning - Fix search (#190)

* Mobile Twinning - Fix search

* Update mobile_twinning.php

* Update mobile_twinning.php

mobile-twinning/mobile_twinning.php

@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <[email protected]>
-	Portions created by the Initial Developer are Copyright (C) 2008-2016
+	Portions created by the Initial Developer are Copyright (C) 2008-2025
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -30,7 +30,6 @@
 	require_once "resources/pdo.php";
 	require_once "resources/check_auth.php";
 	require_once "resources/paging.php";
-	require_once "resources/header.php";
 
 //check permissions
 	if (permission_exists('mobile_twinning_view')) {
@@ -41,40 +40,46 @@
 		exit;
 	}
 
+//initialize the database object
+	$database = new database;
+
 //add multi-lingual support
 	$language = new text;
 	$text = $language->get();
 
-//get the https values and set as variables
-	$order_by = check_str($_GET["order_by"]);
-	$order = check_str($_GET["order"]);
-
-//handle search term
-	$search = check_str($_GET["search"]);
-	if (strlen($search) > 0) {
-		$sql_mod = "and ( ";
-		$sql_mod .= "e.extension ILIKE '%".$search."%' ";
-		$sql_mod .= "or e.description ILIKE '%".$search."%' ";
-		$sql_mod .= "or m.mobile_twinning_number ILIKE '%".$search."%' ";
-		$sql_mod .= ") ";
-	}
-	if (strlen($order_by) < 1) {
-		$order_by = "e.extension";
-		$order = "ASC";
+//get order and order by
+	$order_by = $_GET["order_by"] ?? 'extension';
+	$order = $_GET["order"] ?? 'asc';
+	$sort = $order_by == 'extension' ? 'natural' : null;
+
+//get total extension count for domain
+	if (isset($_SESSION['limit']['extensions']['numeric'])) {
+		$sql = "select count(*) from v_extensions ";
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$total_extensions = $database->select($sql, $parameters, 'column');
+		unset($sql, $parameters);
 	}
 
-//get total extension count from the database
-	$sql = "select count(*) as num_rows from v_extensions where domain_uuid = '".$_SESSION['domain_uuid']."' ".$sql_mod." ";
-	$prep_statement = $db->prepare($sql);
-	if ($prep_statement) {
-		$prep_statement->execute();
-		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-		$total_extensions = $row['num_rows'];
-		if (($db_type == "pgsql") or ($db_type == "mysql")) {
-			$numeric_extensions = $row['num_rows'];
-		}
+//add the search term
+	$search = strtolower($_GET["search"] ?? '');
+
+//get total extension count
+	$sql = "select count(*) from v_extensions ";
+	$sql .= "where true ";
+	if (!(!empty($_GET['show']) && $_GET['show'] == "all" && permission_exists('extension_all'))) {
+		$sql .= "and domain_uuid = :domain_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	}
+	if (!empty($search)) {
+		$sql .= "and ( ";
+		$sql .= " lower(extension) like :search ";
+		$sql .= " or lower(mobile_twinning_number) like :search ";
+		$sql .= " or lower(description) like :search ";
+		$sql .= ") ";
+		$parameters['search'] = '%'.$search.'%';
 	}
-	unset($prep_statement, $row);
+	$num_rows = $database->select($sql, $parameters ?? null, 'column');
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -89,8 +94,19 @@
 	$sql = "select e.extension, m.mobile_twinning_number, e.description, m.mobile_twinning_uuid, e.extension_uuid \n";
 	$sql .= "FROM  v_extensions AS e \n ";
 	$sql .= "LEFT OUTER JOIN v_mobile_twinnings AS m ON m.extension_uuid = e.extension_uuid ";
-	$sql .= "where e.domain_uuid = '$domain_uuid' ";
-	$sql .= $sql_mod; //add search mod from above
+	$sql .= "where true ";
+	if (!(!empty($_GET['show']) && $_GET['show'] == "all" && permission_exists('extension_all'))) {
+		$sql .= "and e.domain_uuid = :domain_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	}
+	if (!empty($search)) {
+		$sql .= "and ( ";
+		$sql .= " lower(extension) like :search ";
+		$sql .= " or lower(mobile_twinning_number) like :search ";
+		$sql .= " or lower(description) like :search ";
+		$sql .= ") ";
+		$parameters['search'] = '%'.$search.'%';
+	}
 	$sql .= "and e.enabled = 'true' ";
 	if (strlen($order_by)> 0) {
 		$sql .= "order by $order_by $order ";
@@ -99,11 +115,16 @@
 		$sql .= "order by extension asc ";
 	}
 	$sql .= " limit $rows_per_page offset $offset ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$result = $database->select($sql, $parameters ?? null, 'all');
 	$result_count = count($result);
-	unset ($prep_statement, $sql);
+	unset($parameters, $sql);
+
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
+//include the header
+	require_once "resources/header.php";
 
 //set the alternating styles
 	$c = 0;
@@ -112,7 +133,7 @@
 
 //begin the content
 	echo "<div class='action_bar' id='action_bar'>\n";
-	echo "	<div class='heading'><b>".$text['header-mobile_twinning']."</b><div class='count'>".number_format($numeric_extensions)."</div></div>\n";
+	echo "	<div class='heading'><b>".$text['header-mobile_twinning']."</b><div class='count'>".number_format($result_count)."</div></div>\n";
 	echo "	<div class='actions'>\n";
 	if ((if_group("admin") || if_group("superadmin"))) {
 		echo "	<form method='get' action=''>\n";
@@ -143,9 +164,9 @@
 		foreach($result as $row) {
 			$tr_link = (permission_exists('mobile_twinning_edit')) ? " href='mobile_twinning_edit.php?id=".$row['mobile_twinning_uuid']."&extid=".$row['extension_uuid']."'" : null;
 			echo "<tr ".$tr_link.">\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['extension']."</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".format_phone(substr($row['mobile_twinning_number'],-10))."</td>\n";
-			echo "	<td valign='top' class='row_stylebg' width='40%'>".$row['description']."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['extension'])."</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape(format_phone(substr($row['mobile_twinning_number'],-10)))."</td>\n";
+			echo "	<td valign='top' class='row_stylebg' width='40%'>".escape($row['description'])."&nbsp;</td>\n";
 			echo "	<td class='list_control_icons'>";
 			echo "     <a href='mobile_twinning_edit.php?id=".$row['mobile_twinning_uuid']."&extid=".$row['extension_uuid']."'>$v_link_label_edit</a>";
 			echo "  </td>\n";