|
|
@@ -17,7 +17,7 @@
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
Mark J Crane <[email protected]>
|
|
|
- Portions created by the Initial Developer are Copyright (C) 2008-2018
|
|
|
+ Portions created by the Initial Developer are Copyright (C) 2008-2019
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
Contributor(s):
|
|
|
@@ -37,7 +37,7 @@
|
|
|
//get user uuid
|
|
|
if ((is_uuid($_REQUEST["id"]) && permission_exists('user_edit')) ||
|
|
|
(is_uuid($_REQUEST["id"]) && $_REQUEST["id"] == $_SESSION['user_uuid'])) {
|
|
|
- $user_uuid = check_str($_REQUEST["id"]);
|
|
|
+ $user_uuid = $_REQUEST["id"];
|
|
|
$action = 'edit';
|
|
|
}
|
|
|
elseif (permission_exists('user_add') && !isset($_REQUEST["id"])) {
|
|
|
@@ -52,14 +52,12 @@
|
|
|
|
|
|
//get total user count from the database, check limit, if defined
|
|
|
if (permission_exists('user_add') && $action == 'add' && $_SESSION['limit']['users']['numeric'] != '') {
|
|
|
- $sql = "select count(user_uuid) as num_rows from v_users where domain_uuid = '".$_SESSION['domain_uuid']."' ";
|
|
|
- $prep_statement = $db->prepare($sql);
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
|
|
|
- $total_users = $row['num_rows'];
|
|
|
- }
|
|
|
- unset($prep_statement, $row);
|
|
|
+ $sql = "select count(user_uuid) as num_rows from v_users where domain_uuid = :domain_uuid ";
|
|
|
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
+ $database = new database;
|
|
|
+ $total_users = $database->execute($sql, $parameters, 'column');
|
|
|
+ unset($parameters);
|
|
|
+
|
|
|
if ($total_users >= $_SESSION['limit']['users']['numeric']) {
|
|
|
message::add($text['message-maximum_users'].' '.$_SESSION['limit']['users']['numeric'], 'negative');
|
|
|
header('Location: users.php');
|
|
|
@@ -85,9 +83,13 @@
|
|
|
//delete the group from the users
|
|
|
if (is_uuid($group_uuid) && is_uuid($user_uuid)) {
|
|
|
$sql = "delete from v_user_groups ";
|
|
|
- $sql .= "where group_uuid = '".$group_uuid."' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
- $db->exec(check_sql($sql));
|
|
|
+ $sql .= "where group_uuid = :group_uuid ";
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
+ $parameters['group_uuid'] = $group_uuid;
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $database->execute($sql, $parameters);
|
|
|
+ unset($parameters);
|
|
|
}
|
|
|
//redirect the user
|
|
|
message::add($text['message-update']);
|
|
|
@@ -110,29 +112,29 @@
|
|
|
//get the HTTP values and set as variables
|
|
|
if (permission_exists('user_edit') && $action == 'edit') {
|
|
|
$user_uuid = $_REQUEST["id"];
|
|
|
- $username_old = check_str($_POST["username_old"]);
|
|
|
- }
|
|
|
- $domain_uuid = check_str($_POST["domain_uuid"]);
|
|
|
- $username = check_str($_POST["username"]);
|
|
|
- $password = check_str($_POST["password"]);
|
|
|
- $password_confirm = check_str($_POST["password_confirm"]);
|
|
|
- $user_status = check_str($_POST["user_status"]);
|
|
|
- $user_language = check_str($_POST["user_language"]);
|
|
|
- $user_time_zone = check_str($_POST["user_time_zone"]);
|
|
|
+ $username_old = $_POST["username_old"];
|
|
|
+ }
|
|
|
+ $domain_uuid = $_POST["domain_uuid"];
|
|
|
+ $username = $_POST["username"];
|
|
|
+ $password = $_POST["password"];
|
|
|
+ $password_confirm = $_POST["password_confirm"];
|
|
|
+ $user_status = $_POST["user_status"];
|
|
|
+ $user_language = $_POST["user_language"];
|
|
|
+ $user_time_zone = $_POST["user_time_zone"];
|
|
|
if (permission_exists('user_edit') && $action == 'edit') {
|
|
|
- $contact_uuid = check_str($_POST["contact_uuid"]);
|
|
|
+ $contact_uuid = $_POST["contact_uuid"];
|
|
|
}
|
|
|
else if (permission_exists('user_add') && $action == 'add') {
|
|
|
- $user_email = check_str($_POST["user_email"]);
|
|
|
- $contact_organization = check_str($_POST["contact_organization"]);
|
|
|
- $contact_name_given = check_str($_POST["contact_name_given"]);
|
|
|
- $contact_name_family = check_str($_POST["contact_name_family"]);
|
|
|
- }
|
|
|
- $group_uuid_name = check_str($_POST["group_uuid_name"]);
|
|
|
- $user_enabled = check_str($_POST["user_enabled"]);
|
|
|
- $api_key = check_str($_POST["api_key"]);
|
|
|
+ $user_email = $_POST["user_email"];
|
|
|
+ $contact_organization = $_POST["contact_organization"];
|
|
|
+ $contact_name_given = $_POST["contact_name_given"];
|
|
|
+ $contact_name_family = $_POST["contact_name_family"];
|
|
|
+ }
|
|
|
+ $group_uuid_name = $_POST["group_uuid_name"];
|
|
|
+ $user_enabled = $_POST["user_enabled"];
|
|
|
+ $api_key = $_POST["api_key"];
|
|
|
if (permission_exists('message_view')) {
|
|
|
- $message_key = check_str($_POST["message_key"]);
|
|
|
+ $message_key = $_POST["message_key"];
|
|
|
}
|
|
|
|
|
|
//check required values
|
|
|
@@ -141,17 +143,16 @@
|
|
|
}
|
|
|
if (permission_exists('user_edit') && $action == 'edit') {
|
|
|
if ($username != $username_old && $username != '') {
|
|
|
- $sql = "select count(*) as num_rows from v_users where username = '".$username."'";
|
|
|
- if ($_SESSION["user"]["unique"]["text"] != "global"){
|
|
|
- $sql .= " and domain_uuid = '".$domain_uuid."'";
|
|
|
+ $sql = "select count(*) as num_rows from v_users where username = :username ";
|
|
|
+ if ($_SESSION["user"]["unique"]["text"] != "global") {
|
|
|
+ $sql .= "and domain_uuid = :domain_uuid ";
|
|
|
+ $parameters['domain_uuid'] = $domain_uuid;
|
|
|
}
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
|
|
|
- if (0 < $row['num_rows']) {
|
|
|
- message::add($text['message-username_exists'], 'negative', 7500);
|
|
|
- }
|
|
|
+ $parameters['username'] = $username;
|
|
|
+ $database = new database;
|
|
|
+ $num_rows = $database->select($sql, $parameters, 'column');
|
|
|
+ if ($num_rows > 0) {
|
|
|
+ message::add($text['message-username_exists'], 'negative', 7500);
|
|
|
}
|
|
|
unset($sql);
|
|
|
}
|
|
|
@@ -213,136 +214,136 @@
|
|
|
$sql = "select user_setting_uuid, user_setting_value from v_user_settings ";
|
|
|
$sql .= "where user_setting_category = 'domain' ";
|
|
|
$sql .= "and user_setting_subcategory = 'language' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
|
|
|
- if ($row['user_setting_uuid'] == '' && $user_language != '') {
|
|
|
- //add user setting to array for insert
|
|
|
- $array['user_settings'][$i]['user_setting_uuid'] = uuid();
|
|
|
- $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
- $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
- $array['user_settings'][$i]['user_setting_category'] = 'domain';
|
|
|
- $array['user_settings'][$i]['user_setting_subcategory'] = 'language';
|
|
|
- $array['user_settings'][$i]['user_setting_name'] = 'code';
|
|
|
- $array['user_settings'][$i]['user_setting_value'] = $user_language;
|
|
|
- $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
- $i++;
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $row = $database->select($sql, $parameters, 'row');
|
|
|
+ if ($row['user_setting_uuid'] == '' && $user_language != '') {
|
|
|
+ //add user setting to array for insert
|
|
|
+ $array['user_settings'][$i]['user_setting_uuid'] = uuid();
|
|
|
+ $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
+ $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
+ $array['user_settings'][$i]['user_setting_category'] = 'domain';
|
|
|
+ $array['user_settings'][$i]['user_setting_subcategory'] = 'language';
|
|
|
+ $array['user_settings'][$i]['user_setting_name'] = 'code';
|
|
|
+ $array['user_settings'][$i]['user_setting_value'] = $user_language;
|
|
|
+ $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
+ $i++;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ if ($row['user_setting_value'] == '' || $user_language == '') {
|
|
|
+ $sql = "delete from v_user_settings ";
|
|
|
+ $sql .= "where user_setting_category = 'domain' ";
|
|
|
+ $sql .= "and user_setting_subcategory = 'language' ";
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $database->execute($sql, $parameters);
|
|
|
+ unset($sql);
|
|
|
}
|
|
|
else {
|
|
|
- if ($row['user_setting_value'] == '' || $user_language == '') {
|
|
|
- $sql = "delete from v_user_settings ";
|
|
|
- $sql .= "where user_setting_category = 'domain' ";
|
|
|
- $sql .= "and user_setting_subcategory = 'language' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
- $db->exec(check_sql($sql));
|
|
|
- unset($sql);
|
|
|
- }
|
|
|
- else {
|
|
|
- //add user setting to array for update
|
|
|
- $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
|
|
|
- $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
- $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
- $array['user_settings'][$i]['user_setting_category'] = 'domain';
|
|
|
- $array['user_settings'][$i]['user_setting_subcategory'] = 'language';
|
|
|
- $array['user_settings'][$i]['user_setting_name'] = 'code';
|
|
|
- $array['user_settings'][$i]['user_setting_value'] = $user_language;
|
|
|
- $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
- $i++;
|
|
|
- }
|
|
|
+ //add user setting to array for update
|
|
|
+ $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
|
|
|
+ $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
+ $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
+ $array['user_settings'][$i]['user_setting_category'] = 'domain';
|
|
|
+ $array['user_settings'][$i]['user_setting_subcategory'] = 'language';
|
|
|
+ $array['user_settings'][$i]['user_setting_name'] = 'code';
|
|
|
+ $array['user_settings'][$i]['user_setting_value'] = $user_language;
|
|
|
+ $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
+ $i++;
|
|
|
}
|
|
|
}
|
|
|
- unset($sql, $prep_statement, $row);
|
|
|
+ unset($sql, $parameters, $row);
|
|
|
|
|
|
//check to see if user time zone is set
|
|
|
$sql = "select user_setting_uuid, user_setting_value from v_user_settings ";
|
|
|
$sql .= "where user_setting_category = 'domain' ";
|
|
|
$sql .= "and user_setting_subcategory = 'time_zone' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
|
|
|
- if ($row['user_setting_uuid'] == '' && $user_time_zone != '') {
|
|
|
- //add user setting to array for insert
|
|
|
- $array['user_settings'][$i]['user_setting_uuid'] = uuid();
|
|
|
- $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
- $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
- $array['user_settings'][$i]['user_setting_category'] = 'domain';
|
|
|
- $array['user_settings'][$i]['user_setting_subcategory'] = 'time_zone';
|
|
|
- $array['user_settings'][$i]['user_setting_name'] = 'name';
|
|
|
- $array['user_settings'][$i]['user_setting_value'] = $user_time_zone;
|
|
|
- $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
- $i++;
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $row = $database->select($sql, $parameters, 'row');
|
|
|
+ if ($row['user_setting_uuid'] == '' && $user_time_zone != '') {
|
|
|
+ //add user setting to array for insert
|
|
|
+ $array['user_settings'][$i]['user_setting_uuid'] = uuid();
|
|
|
+ $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
+ $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
+ $array['user_settings'][$i]['user_setting_category'] = 'domain';
|
|
|
+ $array['user_settings'][$i]['user_setting_subcategory'] = 'time_zone';
|
|
|
+ $array['user_settings'][$i]['user_setting_name'] = 'name';
|
|
|
+ $array['user_settings'][$i]['user_setting_value'] = $user_time_zone;
|
|
|
+ $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
+ $i++;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ if ($row['user_setting_value'] == '' || $user_time_zone == '') {
|
|
|
+ $sql = "delete from v_user_settings ";
|
|
|
+ $sql .= "where user_setting_category = 'domain' ";
|
|
|
+ $sql .= "and user_setting_subcategory = 'time_zone' ";
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $database->execute($sql, $parameters);
|
|
|
}
|
|
|
else {
|
|
|
- if ($row['user_setting_value'] == '' || $user_time_zone == '') {
|
|
|
- $sql = "delete from v_user_settings ";
|
|
|
- $sql .= "where user_setting_category = 'domain' ";
|
|
|
- $sql .= "and user_setting_subcategory = 'time_zone' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
- $db->exec(check_sql($sql));
|
|
|
- unset($sql);
|
|
|
- }
|
|
|
- else {
|
|
|
- //add user setting to array for update
|
|
|
- $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
|
|
|
- $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
- $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
- $array['user_settings'][$i]['user_setting_category'] = 'domain';
|
|
|
- $array['user_settings'][$i]['user_setting_subcategory'] = 'time_zone';
|
|
|
- $array['user_settings'][$i]['user_setting_name'] = 'name';
|
|
|
- $array['user_settings'][$i]['user_setting_value'] = $user_time_zone;
|
|
|
- $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
- $i++;
|
|
|
- }
|
|
|
+ //add user setting to array for update
|
|
|
+ $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
|
|
|
+ $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
+ $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
+ $array['user_settings'][$i]['user_setting_category'] = 'domain';
|
|
|
+ $array['user_settings'][$i]['user_setting_subcategory'] = 'time_zone';
|
|
|
+ $array['user_settings'][$i]['user_setting_name'] = 'name';
|
|
|
+ $array['user_settings'][$i]['user_setting_value'] = $user_time_zone;
|
|
|
+ $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
+ $i++;
|
|
|
}
|
|
|
}
|
|
|
+ unset($sql, $parameters, $row);
|
|
|
|
|
|
//check to see if message key is set
|
|
|
if (permission_exists('message_view')) {
|
|
|
$sql = "select user_setting_uuid, user_setting_value from v_user_settings ";
|
|
|
$sql .= "where user_setting_category = 'message' ";
|
|
|
$sql .= "and user_setting_subcategory = 'key' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
|
|
|
- if ($row['user_setting_uuid'] == '' && $message_key != '') {
|
|
|
- //add user setting to array for insert
|
|
|
- $array['user_settings'][$i]['user_setting_uuid'] = uuid();
|
|
|
- $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
- $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
- $array['user_settings'][$i]['user_setting_category'] = 'message';
|
|
|
- $array['user_settings'][$i]['user_setting_subcategory'] = 'key';
|
|
|
- $array['user_settings'][$i]['user_setting_name'] = 'text';
|
|
|
- $array['user_settings'][$i]['user_setting_value'] = $message_key;
|
|
|
- $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
- $i++;
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $row = $database->select($sql, $parameters, 'row');
|
|
|
+ if ($row['user_setting_uuid'] == '' && $message_key != '') {
|
|
|
+ //add user setting to array for insert
|
|
|
+ $array['user_settings'][$i]['user_setting_uuid'] = uuid();
|
|
|
+ $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
+ $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
+ $array['user_settings'][$i]['user_setting_category'] = 'message';
|
|
|
+ $array['user_settings'][$i]['user_setting_subcategory'] = 'key';
|
|
|
+ $array['user_settings'][$i]['user_setting_name'] = 'text';
|
|
|
+ $array['user_settings'][$i]['user_setting_value'] = $message_key;
|
|
|
+ $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
+ $i++;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ if ($row['user_setting_value'] == '' || $message_key == '') {
|
|
|
+ $sql = "delete from v_user_settings ";
|
|
|
+ $sql .= "where user_setting_category = 'message' ";
|
|
|
+ $sql .= "and user_setting_subcategory = 'key' ";
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $database->execute($sql, $parameters);
|
|
|
+ unset($sql);
|
|
|
}
|
|
|
else {
|
|
|
- if ($row['user_setting_value'] == '' || $message_key == '') {
|
|
|
- $sql = "delete from v_user_settings ";
|
|
|
- $sql .= "where user_setting_category = 'message' ";
|
|
|
- $sql .= "and user_setting_subcategory = 'key' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
- $db->exec(check_sql($sql));
|
|
|
- unset($sql);
|
|
|
- }
|
|
|
- else {
|
|
|
- //add user setting to array for update
|
|
|
- $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
|
|
|
- $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
- $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
- $array['user_settings'][$i]['user_setting_category'] = 'message';
|
|
|
- $array['user_settings'][$i]['user_setting_subcategory'] = 'key';
|
|
|
- $array['user_settings'][$i]['user_setting_name'] = 'text';
|
|
|
- $array['user_settings'][$i]['user_setting_value'] = $message_key;
|
|
|
- $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
- $i++;
|
|
|
- }
|
|
|
+ //add user setting to array for update
|
|
|
+ $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
|
|
|
+ $array['user_settings'][$i]['user_uuid'] = $user_uuid;
|
|
|
+ $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
+ $array['user_settings'][$i]['user_setting_category'] = 'message';
|
|
|
+ $array['user_settings'][$i]['user_setting_subcategory'] = 'key';
|
|
|
+ $array['user_settings'][$i]['user_setting_name'] = 'text';
|
|
|
+ $array['user_settings'][$i]['user_setting_value'] = $message_key;
|
|
|
+ $array['user_settings'][$i]['user_setting_enabled'] = 'true';
|
|
|
+ $i++;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -370,43 +371,46 @@
|
|
|
if ((permission_exists('user_add') || permission_exists('user_edit')) && permission_exists('user_domain')) {
|
|
|
//adjust group user records
|
|
|
$sql = "select user_group_uuid from v_user_groups ";
|
|
|
- $sql .= "where user_uuid = '".$user_uuid."' ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
|
|
|
+ $sql .= "where user_uuid = :user_uuid ";
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $result = $database->select($sql, $parameters, 'all');
|
|
|
+ if (is_array($result)) {
|
|
|
foreach ($result as $row) {
|
|
|
//add group user to array for update
|
|
|
- $array['user_groups'][$n]['user_group_uuid'] = $row['user_group_uuid'];
|
|
|
- $array['user_groups'][$n]['domain_uuid'] = $domain_uuid;
|
|
|
- $n++;
|
|
|
+ $array['user_groups'][$n]['user_group_uuid'] = $row['user_group_uuid'];
|
|
|
+ $array['user_groups'][$n]['domain_uuid'] = $domain_uuid;
|
|
|
+ $n++;
|
|
|
}
|
|
|
}
|
|
|
- unset($sql, $prep_statement, $result, $row);
|
|
|
+ unset($sql, $parameters);
|
|
|
//adjust user setting records
|
|
|
$sql = "select user_setting_uuid from v_user_settings ";
|
|
|
- $sql .= "where user_uuid = '".$user_uuid."' ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
|
|
|
+ $sql .= "where user_uuid = :user_uuid ";
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $result = $database->select($sql, $parameters);
|
|
|
+ if (is_array($result)) {
|
|
|
foreach ($result as $row) {
|
|
|
//add user setting to array for update
|
|
|
- $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
|
|
|
- $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
- $i++;
|
|
|
+ $array['user_settings'][$i]['user_setting_uuid'] = $row['user_setting_uuid'];
|
|
|
+ $array['user_settings'][$i]['domain_uuid'] = $domain_uuid;
|
|
|
+ $i++;
|
|
|
}
|
|
|
}
|
|
|
- unset($sql, $prep_statement, $result, $row);
|
|
|
+ unset($sql, $parameters);
|
|
|
//unassign any foreign domain groups
|
|
|
- $sql = "delete from v_user_groups where ";
|
|
|
- $sql .= "domain_uuid = '".$domain_uuid."' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
+ $sql = "delete from v_user_groups ";
|
|
|
+ $sql .= "where domain_uuid = :domain_uuid ";
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
$sql .= "and group_uuid not in (";
|
|
|
- $sql .= " select group_uuid from v_groups where domain_uuid = '".$domain_uuid."' or domain_uuid is null ";
|
|
|
+ $sql .= " select group_uuid from v_groups where domain_uuid = :domain_uuid or domain_uuid is null ";
|
|
|
$sql .= ") ";
|
|
|
- $db->exec(check_sql($sql));
|
|
|
- unset($sql);
|
|
|
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $database->execute($sql, $parameters);
|
|
|
+ unset($sql, $parameters);
|
|
|
}
|
|
|
|
|
|
//add contact to array for insert
|
|
|
@@ -476,25 +480,23 @@
|
|
|
if ($action == 'edit' && permission_exists('user_edit') && file_exists($_SERVER["PROJECT_ROOT"]."/app/call_centers/app_config.php")) {
|
|
|
//get the call center agent uuid
|
|
|
$sql = "select call_center_agent_uuid from v_call_center_agents ";
|
|
|
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
|
|
|
- $sql .= "and user_uuid = '".$user_uuid."' ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
|
|
|
- $call_center_agent_uuid = $row['call_center_agent_uuid'];
|
|
|
- }
|
|
|
- unset($sql, $prep_statement, $result);
|
|
|
+ $sql .= "where domain_uuid = :domain_uuid ";
|
|
|
+ $sql .= "and user_uuid = :user_uuid ";
|
|
|
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $call_center_agent_uuid = $database->select($sql, $parameters, 'column');
|
|
|
+ unset($sql, $parameters);
|
|
|
|
|
|
//update the user_status
|
|
|
- if (isset($call_center_agent_uuid)) {
|
|
|
+ if (isset($call_center_agent_uuid) && is_uuid($call_center_agent_uuid)) {
|
|
|
$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
|
|
|
$switch_cmd .= "callcenter_config agent set status ".$call_center_agent_uuid." '".$user_status."'";
|
|
|
$switch_result = event_socket_request($fp, 'api '.$switch_cmd);
|
|
|
}
|
|
|
|
|
|
//update the user state
|
|
|
- if (isset($call_center_agent_uuid)) {
|
|
|
+ if (isset($call_center_agent_uuid) && is_uuid($call_center_agent_uuid)) {
|
|
|
$cmd = "api callcenter_config agent set state ".$call_center_agent_uuid." Waiting";
|
|
|
$response = event_socket_request($fp, $cmd);
|
|
|
}
|
|
|
@@ -512,10 +514,7 @@
|
|
|
}
|
|
|
|
|
|
//populate the form with values from session variable
|
|
|
- if (
|
|
|
- is_array($_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']) &&
|
|
|
- sizeof($_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']) != 0
|
|
|
- ) {
|
|
|
+ if (is_array($_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']) && sizeof($_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']) != 0) {
|
|
|
$domain_uuid = $_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']["domain_uuid"];
|
|
|
$username = $_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']["username"];
|
|
|
$password = $_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']["password"];
|
|
|
@@ -536,17 +535,17 @@
|
|
|
$unsaved = true;
|
|
|
unset($_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']);
|
|
|
}
|
|
|
-
|
|
|
-//populate the form with values from db
|
|
|
else {
|
|
|
+ //populate the form with values from db
|
|
|
if ($action == 'edit') {
|
|
|
- $sql = "select * from v_users where user_uuid = '".$user_uuid."' ";
|
|
|
+ $sql = "select * from v_users where user_uuid = :user_uuid ";
|
|
|
if (!permission_exists('user_all')) {
|
|
|
- $sql .= "and domain_uuid = '".$domain_uuid."' ";
|
|
|
+ $sql .= "and domain_uuid = :domain_uuid ";
|
|
|
+ $parameters['domain_uuid'] = $domain_uuid;
|
|
|
}
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- $prep_statement->execute();
|
|
|
- $row = $prep_statement->fetch(PDO::FETCH_NAMED);
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $row = $database->select($sql, $parameters, 'row');
|
|
|
if (is_array($row) && sizeof($row) > 0) {
|
|
|
$domain_uuid = $row["domain_uuid"];
|
|
|
$user_uuid = $row["user_uuid"];
|
|
|
@@ -561,16 +560,16 @@
|
|
|
header("Location: user_edit.php?id=".$_SESSION['user_uuid']);
|
|
|
exit;
|
|
|
}
|
|
|
- unset($sql, $prep_statement, $row);
|
|
|
+ unset($sql, $parameters, $row);
|
|
|
|
|
|
- //get user settings
|
|
|
+ //get user settings
|
|
|
$sql = "select * from v_user_settings ";
|
|
|
- $sql .= "where user_uuid = '".$user_uuid."' ";
|
|
|
+ $sql .= "where user_uuid = :user_uuid ";
|
|
|
$sql .= "and user_setting_enabled = 'true' ";
|
|
|
- $prep_statement = $db->prepare($sql);
|
|
|
- if ($prep_statement) {
|
|
|
- $prep_statement->execute();
|
|
|
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $result = $database->select($sql, $parameters, 'all');
|
|
|
+ if (is_array($result)) {
|
|
|
foreach($result as $row) {
|
|
|
$name = $row['user_setting_name'];
|
|
|
$category = $row['user_setting_category'];
|
|
|
@@ -584,6 +583,7 @@
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
+ unset($sql, $parameters);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -706,14 +706,14 @@
|
|
|
echo " <select id='user_language' name='user_language' class='formfld' style=''>\n";
|
|
|
echo " <option value=''></option>\n";
|
|
|
//get all language codes from database
|
|
|
- $sql = "select * from v_languages order by language asc";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- $prep_statement->execute();
|
|
|
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
- foreach ($result as &$row) {
|
|
|
+ $sql = "select * from v_languages order by language asc ";
|
|
|
+ $parameters = null;
|
|
|
+ $database = new database;
|
|
|
+ $languages = $database->select($sql, $parameters, 'all');
|
|
|
+ foreach ($languages as $row) {
|
|
|
$language_codes[$row["code"]] = $row["language"];
|
|
|
}
|
|
|
- unset($prep_statement, $result, $row);
|
|
|
+ unset($languages);
|
|
|
foreach ($_SESSION['app']['languages'] as $code) {
|
|
|
$selected = ($code == $user_settings['domain']['language']['code']) ? "selected='selected'" : null;
|
|
|
echo " <option value='".escape($code)."' ".escape($selected).">".escape($language_codes[$code])." [".escape($code)."]</option>\n";
|
|
|
@@ -793,16 +793,17 @@
|
|
|
$sql .= "from ";
|
|
|
$sql .= "v_contacts as c ";
|
|
|
$sql .= "where ";
|
|
|
- $sql .= "c.domain_uuid = '".escape($domain_uuid)."' ";
|
|
|
+ $sql .= "c.domain_uuid = :domain_uuid ";
|
|
|
$sql .= "and not exists ( ";
|
|
|
$sql .= " select ";
|
|
|
$sql .= " contact_uuid ";
|
|
|
$sql .= " from ";
|
|
|
$sql .= " v_users as u ";
|
|
|
$sql .= " where ";
|
|
|
- $sql .= " u.domain_uuid = '".escape($domain_uuid)."' ";
|
|
|
+ $sql .= " u.domain_uuid = :domain_uuid ";
|
|
|
if (is_uuid($contact_uuid)) { //don't exclude currently assigned contact
|
|
|
- $sql .= "and u.contact_uuid <> '".escape($contact_uuid)."' ";
|
|
|
+ $sql .= "and u.contact_uuid <> :contact_uuid ";
|
|
|
+ $parameters['contact_uuid'] = $contact_uuid;
|
|
|
}
|
|
|
$sql .= " and u.contact_uuid = c.contact_uuid ";
|
|
|
$sql .= ") ";
|
|
|
@@ -811,13 +812,14 @@
|
|
|
$sql .= "lower(c.contact_name_family) asc, ";
|
|
|
$sql .= "lower(c.contact_name_given) asc, ";
|
|
|
$sql .= "lower(c.contact_nickname) asc ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- $prep_statement->execute();
|
|
|
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
- unset ($prep_statement, $sql);
|
|
|
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
+ $parameters['contact_uuid'] = $contact_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $contacts = $database->select($sql, $parameters, 'all');
|
|
|
+ unset($parameters);
|
|
|
echo "<select name=\"contact_uuid\" id=\"contact_uuid\" class=\"formfld\">\n";
|
|
|
echo "<option value=\"\"></option>\n";
|
|
|
- foreach($result as $row) {
|
|
|
+ foreach($contacts as $row) {
|
|
|
$contact_name = array();
|
|
|
if ($row['contact_organization'] != '') { $contact_name[] = $row['contact_organization']; }
|
|
|
if ($row['contact_name_family'] != '') { $contact_name[] = $row['contact_name_family']; }
|
|
|
@@ -825,7 +827,7 @@
|
|
|
if ($row['contact_name_family'] == '' && $row['contact_name_family'] == '' && $row['contact_nickname'] != '') { $contact_name[] = $row['contact_nickname']; }
|
|
|
echo "<option value='".escape($row['contact_uuid'])."' ".(($row['contact_uuid'] == $contact_uuid) ? "selected='selected'" : null).">".escape(implode(', ', $contact_name))."</option>\n";
|
|
|
}
|
|
|
- unset($sql, $result, $row_count);
|
|
|
+ unset($sql, $row_count);
|
|
|
echo "</select>\n";
|
|
|
echo "<br />\n";
|
|
|
echo $text['description-contact']."\n";
|
|
|
@@ -875,14 +877,14 @@
|
|
|
$sql .= "order by ";
|
|
|
$sql .= " g.domain_uuid desc, ";
|
|
|
$sql .= " g.group_name asc ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- $prep_statement->bindParam(':domain_uuid', $domain_uuid);
|
|
|
- $prep_statement->bindParam(':user_uuid', $user_uuid);
|
|
|
- $prep_statement->execute();
|
|
|
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
- if (is_array($result)) {
|
|
|
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
+ $parameters['user_uuid'] = $user_uuid;
|
|
|
+ $database = new database;
|
|
|
+ $user_groups = $database->select($sql, $parameters, 'all');
|
|
|
+ unset($parameters);
|
|
|
+ if (is_array($user_groups)) {
|
|
|
echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
|
|
|
- foreach($result as $field) {
|
|
|
+ foreach($user_groups as $field) {
|
|
|
if (strlen($field['group_name']) > 0) {
|
|
|
echo "<tr>\n";
|
|
|
echo " <td class='vtable' style='white-space: nowrap; padding-right: 30px;' nowrap='nowrap'>";
|
|
|
@@ -894,22 +896,25 @@
|
|
|
echo " </td>\n";
|
|
|
}
|
|
|
echo "</tr>\n";
|
|
|
- $assigned_groups[] = $field['group_uuid'];
|
|
|
+ if (is_uuid($field['group_uuid'])) {
|
|
|
+ $assigned_groups[] = $field['group_uuid'];
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
echo "</table>\n";
|
|
|
}
|
|
|
- unset($sql, $prep_statement, $result);
|
|
|
+ unset($sql, $user_groups);
|
|
|
|
|
|
$sql = "select * from v_groups ";
|
|
|
- $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
|
|
|
+ $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
|
|
|
if (sizeof($assigned_groups) > 0) {
|
|
|
$sql .= "and group_uuid not in ('".implode("','",$assigned_groups)."') ";
|
|
|
}
|
|
|
$sql .= "order by domain_uuid desc, group_name asc ";
|
|
|
- $prep_statement = $db->prepare(check_sql($sql));
|
|
|
- $prep_statement->execute();
|
|
|
- $groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
+ $database = new database;
|
|
|
+ $groups = $database->select($sql, $parameters, 'all');
|
|
|
+ unset($parameters);
|
|
|
if (is_array($groups)) {
|
|
|
if (isset($assigned_groups)) { echo "<br />\n"; }
|
|
|
echo "<select name='group_uuid_name' class='formfld' style='width: auto; margin-right: 3px;' ".($action == 'add' ? "required='required'" : null).">\n";
|
|
|
@@ -927,7 +932,7 @@
|
|
|
echo "<input type='submit' class='btn' value=\"".$text['button-add']."\" >\n";
|
|
|
}
|
|
|
}
|
|
|
- unset($sql, $prep_statement, $groups);
|
|
|
+ unset($sql, $groups);
|
|
|
|
|
|
echo " </td>";
|
|
|
echo " </tr>";
|
FusionPBX