Database class integration.

core/groups/group_permissions.php

@@ -58,65 +58,64 @@
 	}
 
 //if there are no permissions listed in v_group_permissions then set the default permissions
-	$sql = "select count(*) as count from v_group_permissions ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	foreach ($result as &$row) {
-		$group_permission_count = $row["count"];
-		break; //limit to 1 row
-	}
-	unset ($prep_statement);
+	$sql = "select count(*) from v_group_permissions ";
+	$database = new database;
+	$group_permission_count = $database->select($sql, null, 'column');
+	unset($sql);
+
 	if ($group_permission_count == 0) {
 		//no permissions found add the defaults
 		foreach($apps as $app) {
 			foreach ($app['permissions'] as $row) {
-				foreach ($row['groups'] as $group) {
+				foreach ($row['groups'] as $index => $group) {
 					//add the record
-					$sql = "insert into v_group_permissions ";
-					$sql .= "(";
-					$sql .= "group_permission_uuid, ";
-					$sql .= "permission_name, ";
-					$sql .= "group_name ";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'".uuid()."', ";
-					$sql .= "'".$row['name']."', ";
-					$sql .= "'".$group."' ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['group_permissions'][$index]['group_permission_uuid'] = uuid();
+					$array['group_permissions'][$index]['permission_name'] = $row['name'];
+					$array['group_permissions'][$index]['group_name'] = $group;
+				}
+				if (is_array($array) && sizeof($array) != 0) {
+					$database = new database;
+					$database->app_name = 'groups';
+					$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+					$database->save($array);
+					unset($array);
 				}
 			}
 		}
 	}
 
 //get the group uuid, lookup domain uuid (if any) and name
-	$group_uuid = check_str($_REQUEST['group_uuid']);
+	$group_uuid = $_REQUEST['group_uuid'];
 	$sql = "select domain_uuid, group_name from v_groups ";
-	$sql .= "where group_uuid = '".$group_uuid."' ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	foreach ($result as &$row) {
+	$sql .= "where group_uuid = :group_uuid ";
+	$parameters['group_uuid'] = $group_uuid;
+	$database = new database;
+	$row = $database->select($sql, $parameters, 'row');
+	if (is_array($row) && sizeof($row) != 0) {
 		$domain_uuid = $row["domain_uuid"];
 		$group_name = $row["group_name"];
-		break; //limit to 1 row
 	}
-	unset ($prep_statement);
+	unset($sql, $parameters, $row);
 
 //get the permissions assigned to this group
-	$sql = " select * from v_group_permissions ";
-	$sql .= "where group_name = '$group_name' ";
-	$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	foreach ($result as &$row) {
-		$permission_name = $row["permission_name"];
-		$permissions_db[$permission_name] = "true";
+	$sql = "select * from v_group_permissions ";
+	$sql .= "where group_name = :group_name ";
+	if (is_uuid($domain_uuid)) {
+		$sql .= "and domain_uuid = :domain_uuid ";
+		$parameters['domain_uuid'] = $domain_uuid;
+	}
+	else {
+		$sql .= "and domain_uuid is null ";
+	}
+	$parameters['group_name'] = $group_name;
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	if (is_array($result) && sizeof($result) != 0) {
+		foreach ($result as &$row) {
+			$permissions_db[$row["permission_name"]] = "true";
+		}
 	}
+	unset($sql, $parameters, $result, $row);
 
 //show the db checklist
 	//echo "<pre>";
@@ -175,52 +174,68 @@
 					}
 					if ($permissions_db_checklist[$permission] == "true" && $permissions_form_checklist[$permission] == "false") {
 						//delete the record
-							$sql = "delete from v_group_permissions ";
-							$sql .= "where group_name = '$group_name' ";
-							$sql .= "and permission_name = '$permission' ";
-							$db->exec(check_sql($sql));
-							unset($sql);
+							$array['group_permissions'][0]['group_name'] = $group_name;
+							$array['group_permissions'][0]['permission_name'] = $permission;
+							$database = new database;
+							$database->app_name = 'groups';
+							$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+							$database->delete($array);
+							unset($array);
 
 						foreach($apps as $app) {
 							foreach ($app['permissions'] as $row) {
 								if ($row['name'] == $permission) {
 
-									$sql = "delete from v_menu_item_groups ";
-									$sql .= "where menu_item_uuid = '".$row['menu']['uuid']."' ";
-									$sql .= "and group_name = '$group_name' ";
-									$sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
-									$db->exec(check_sql($sql));
-									unset($sql);
+									$array['menu_item_groups'][0]['menu_item_uuid'] = $row['menu']['uuid'];
+									$array['menu_item_groups'][0]['group_name'] = $group_name;
+									$array['menu_item_groups'][0]['menu_uuid'] = 'b4750c3f-2a86-b00d-b7d0-345c14eca286';
+
+									$p = new permissions;
+									$p->add('menu_item_group_delete', 'temp');
+
+									$database = new database;
+									$database->app_name = 'groups';
+									$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+									$database->delete($array);
+									unset($array);
+
+									$p->delete('menu_item_group_delete', 'temp');
 
-									$sql = " select menu_item_parent_uuid from v_menu_items ";
-									$sql .= "where menu_item_uuid = '".$row['menu']['uuid']."' ";
+									$sql = "select menu_item_parent_uuid from v_menu_items ";
+									$sql .= "where menu_item_uuid = :menu_item_uuid ";
 									$sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
-									$prep_statement = $db->prepare(check_sql($sql));
-									$prep_statement->execute();
-									$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-									foreach ($result as &$row) {
-										$menu_item_parent_uuid = $row["menu_item_parent_uuid"];
-									}
-									unset ($prep_statement);
+									$parameters['menu_item_uuid'] = $row['menu']['uuid'];
+									$database = new database;
+									$menu_item_parent_uuid = $database->select($sql, $parameters, 'column');
+									unset($sql, $parameters);
 
-									$sql = " select * from v_menu_items as i, v_menu_item_groups as g  ";
+									$sql = "select count(*) from v_menu_items as i, v_menu_item_groups as g  ";
 									$sql .= "where i.menu_item_uuid = g.menu_item_uuid ";
 									$sql .= "and i.menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
-									$sql .= "and i.menu_item_parent_uuid = '$menu_item_parent_uuid' ";
-									$sql .= "and g.group_name = '$group_name' ";
-									$prep_statement = $db->prepare(check_sql($sql));
-									$prep_statement->execute();
-									$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-									$result_count = count($result);
+									$sql .= "and i.menu_item_parent_uuid = :menu_item_parent_uuid ";
+									$sql .= "and g.group_name = :group_name ";
+									$parameters['menu_item_parent_uuid'] = $menu_item_parent_uuid;
+									$parameters['group_name'] = $group_name;
+									$database = new database;
+									$result_count = $database->select($sql, $parameters, 'column');
+
 									if ($result_count == 0) {
-										$sql = "delete from v_menu_item_groups ";
-										$sql .= "where menu_item_uuid = '$menu_item_parent_uuid' ";
-										$sql .= "and group_name = '$group_name' ";
-										$sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
-										$db->exec(check_sql($sql));
-										unset($sql);
+										$array['menu_item_groups'][0]['menu_item_uuid'] = $menu_item_parent_uuid;
+										$array['menu_item_groups'][0]['group_name'] = $group_name;
+										$array['menu_item_groups'][0]['menu_uuid'] = 'b4750c3f-2a86-b00d-b7d0-345c14eca286';
+
+										$p = new permissions;
+										$p->add('menu_item_group_delete', 'temp');
+
+										$database = new database;
+										$database->app_name = 'groups';
+										$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+										$database->delete($array);
+										unset($array);
+
+										$p->delete('menu_item_group_delete', 'temp');
 									}
-									unset ($prep_statement);
+									unset($sql, $parameters, $result_count);
 								}
 							}
 						}
@@ -229,82 +244,72 @@
 					}
 					if ($permissions_db_checklist[$permission] == "false" && $permissions_form_checklist[$permission] == "true") {
 						//add the record
-							$sql = "insert into v_group_permissions ";
-							$sql .= "(";
-							$sql .= "group_permission_uuid, ";
-							if ($domain_uuid != '') {
-								$sql .= "domain_uuid, ";
+							$array['group_permissions'][0]['group_permission_uuid'] = uuid();
+							if (is_uuid($domain_uuid)) {
+								$array['group_permissions'][0]['domain_uuid'] = $domain_uuid;
 							}
-							$sql .= "permission_name, ";
-							$sql .= "group_name ";
-							$sql .= ")";
-							$sql .= "values ";
-							$sql .= "(";
-							$sql .= "'".uuid()."', ";
-							if ($domain_uuid != '') {
-								$sql .= "'".$domain_uuid."', ";
-							}
-							$sql .= "'$permission', ";
-							$sql .= "'$group_name' ";
-							$sql .= ")";
-							$db->exec(check_sql($sql));
-							unset($sql);
+							$array['group_permissions'][0]['permission_name'] = $permission;
+							$array['group_permissions'][0]['group_name'] = $group_name;
+							$database = new database;
+							$database->app_name = 'groups';
+							$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+							$database->save($array);
+							unset($array);
 
 						foreach($apps as $app) {
 							foreach ($app['permissions'] as $row) {
 								if ($row['name'] == $permission) {
 
-									$sql = "insert into v_menu_item_groups ";
-									$sql .= "(";
-									$sql .= "menu_uuid, ";
-									$sql .= "menu_item_uuid, ";
-									$sql .= "group_name ";
-									$sql .= ")";
-									$sql .= "values ";
-									$sql .= "(";
-									$sql .= "'b4750c3f-2a86-b00d-b7d0-345c14eca286', ";
-									$sql .= "'".$row['menu']['uuid']."', ";
-									$sql .= "'$group_name' ";
-									$sql .= ")";
-									$db->exec(check_sql($sql));
-									unset($sql);
-
-									$sql = " select menu_item_parent_uuid from v_menu_items ";
-									$sql .= "where menu_item_uuid = '".$row['menu']['uuid']."' ";
-									$sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
-									$prep_statement = $db->prepare(check_sql($sql));
-									$prep_statement->execute();
-									$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-									foreach ($result as &$row) {
-										$menu_item_parent_uuid = $row["menu_item_parent_uuid"];
-									}
-									unset ($prep_statement);
+									$array['menu_item_groups'][0]['menu_uuid'] = 'b4750c3f-2a86-b00d-b7d0-345c14eca286';
+									$array['menu_item_groups'][0]['menu_item_uuid'] = $row['menu']['uuid'];
+									$array['menu_item_groups'][0]['group_name'] = $group_name;
+
+									$p = new permissions;
+									$p->add('menu_item_group_add', 'temp');
+
+									$database = new database;
+									$database->app_name = 'groups';
+									$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+									$database->save($array);
+									unset($array);
 
-									$sql = " select * from v_menu_item_groups ";
-									$sql .= "where menu_item_uuid = '$menu_item_parent_uuid' ";
-									$sql .= "and group_name = '$group_name' ";
+									$p->delete('menu_item_group_add', 'temp');
+
+									$sql = "select menu_item_parent_uuid from v_menu_items ";
+									$sql .= "where menu_item_uuid = :menu_item_uuid ";
+									$sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
+									$parameters['menu_item_uuid'] = $row['menu']['uuid'];
+									$database = new database;
+									$menu_item_parent_uuid = $database->select($sql, $parameters, 'column');
+									unset($sql, $parameters);
+
+									$sql = "select count(*) from v_menu_item_groups ";
+									$sql .= "where menu_item_uuid = :menu_item_uuid ";
+									$sql .= "and group_name = :group_name ";
 									$sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
-									$prep_statement = $db->prepare(check_sql($sql));
-									$prep_statement->execute();
-									$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-									$result_count = count($result);
+									$parameters['menu_item_uuid'] = $menu_item_parent_uuid;
+									$parameters['group_name'] = $group_name;
+									$database = new database;
+									$result_count = $database->select($sql, $parameters, 'column');
+
 									if ($result_count == 0) {
-										$sql = "insert into v_menu_item_groups ";
-										$sql .= "(";
-										$sql .= "menu_uuid, ";
-										$sql .= "menu_item_uuid, ";
-										$sql .= "group_name ";
-										$sql .= ")";
-										$sql .= "values ";
-										$sql .= "(";
-										$sql .= "'b4750c3f-2a86-b00d-b7d0-345c14eca286', ";
-										$sql .= "'$menu_item_parent_uuid', ";
-										$sql .= "'$group_name' ";
-										$sql .= ")";
-										$db->exec(check_sql($sql));
-										unset($sql);
+										$array['menu_item_groups'][0]['menu_uuid'] = 'b4750c3f-2a86-b00d-b7d0-345c14eca286';
+										$array['menu_item_groups'][0]['menu_item_uuid'] = $menu_item_parent_uuid;
+										$array['menu_item_groups'][0]['group_name'] = $group_name;
+
+										$p = new permissions;
+										$p->add('menu_item_group_add', 'temp');
+
+										$database = new database;
+										$database->app_name = 'groups';
+										$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+										$database->save($array);
+										unset($array);
+
+										$p->delete('menu_item_group_add', 'temp');
 									}
-									unset ($prep_statement);
+
+									unset($sql, $parameters, $result_count);
 								}
 							}
 						}
@@ -328,7 +333,7 @@
 	echo "		if (new_group_name != null) {\n";
 	echo "			new_group_desc = prompt('".$text['message-new_group_description']."');\n";
 	echo "			if (new_group_desc != null) {\n";
-	echo "				window.location = 'permissions_copy.php?group_name=".escape($group_name)."&new_group_name=' + new_group_name + '&new_group_desc=' + new_group_desc;\n";
+	echo "				window.location = 'permissions_copy.php?id=".escape($group_uuid)."&new_group_name=' + new_group_name + '&new_group_desc=' + new_group_desc;\n";
 	echo "			}\n";
 	echo "		}\n";
 	echo "	}\n";
@@ -427,7 +432,6 @@
 
 		} //end foreach
 		echo "<br>";
-		unset($sql, $result, $row_count);
 
 	echo "</form>\n";
 

core/groups/groupadd.php

@@ -45,55 +45,42 @@
 //get the http values and set them as variables
 	if (count($_POST) > 0) {
 		//set the variables
-			$group_name = check_str($_POST["group_name"]);
+			$group_name = $_POST["group_name"];
 			if (permission_exists('group_domain')) {
-				$domain_uuid = check_str($_POST["domain_uuid"]);
+				$domain_uuid = $_POST["domain_uuid"];
 			}
 			else {
 				$domain_uuid = $_SESSION['domain_uuid'];
 			}
-			$group_description = check_str($_POST["group_description"]);
+			$group_description = $_POST["group_description"];
 
 		//check for global/domain duplicates
-			$sql = "select count(*) as num_rows from v_groups where ";
-			$sql .= "group_name = '".$group_name."' ";
-			$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
-			$prep_statement = $db->prepare($sql);
-			if ($prep_statement) {
-				$prep_statement->execute();
-				$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-				$group_exists = ($row['num_rows'] > 0) ? true : false;
+			$sql = "select count(*) from v_groups where ";
+			$sql .= "group_name = :group_name ";
+			if (is_uuid($domain_uuid)) {
+				$sql .= "and domain_uuid = :domain_uuid ";
+				$parameters['domain_uuid'] = $domain_uuid;
 			}
 			else {
-				$group_exists = false;
+				$sql .= "and domain_uuid is null ";
 			}
-			unset($sql, $prep_statement, $row);
+			$parameters['group_name'] = $group_name;
+			$database = new database;
+			$num_rows = $database->select($sql, $parameters, 'column');
+			$group_exists = ($num_rows > 0) ? true : false;
+			unset($sql, $parameters, $num_rows);
 
 		//insert group
 			if (!$group_exists) {
-				$sql = "insert into v_groups ";
-				$sql .= "(";
-				$sql .= "group_uuid, ";
-				$sql .= "domain_uuid, ";
-				$sql .= "group_name, ";
-				$sql .= "group_description ";
-				$sql .= ")";
-				$sql .= "values ";
-				$sql .= "(";
-				$sql .= "'".uuid()."', ";
-				$sql .= (($domain_uuid != '') ? "'".$domain_uuid."'" : "null").", ";
-				$sql .= "'".$group_name."', ";
-				$sql .= "'".$group_description."' ";
-				$sql .= ")";
-				if (!$db->exec($sql)) {
-					//echo $db->errorCode() . "<br>";
-					$info = $db->errorInfo();
-					echo "<pre>".print_r($info, true)."</pre>";
-					exit;
-					// $info[0] == $db->errorCode() unified error code
-					// $info[1] is the driver specific error code
-					// $info[2] is the driver specific error string
-				}
+				$array['groups'][0]['group_uuid'] = uuid();
+				$array['groups'][0]['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : null;
+				$array['groups'][0]['group_name'] = $group_name;
+				$array['groups'][0]['group_description'] = $group_description;
+				$database = new database;
+				$database->app_name = 'groups';
+				$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+				$database->save($array);
+				unset($array);
 
 				message::add($text['message-add']);
 				header("Location: groups.php");

core/groups/groupdelete.php

@@ -42,57 +42,97 @@
 	$language = new text;
 	$text = $language->get();
 
-//get the http value and set as a variable
-	$group_uuid = check_str($_GET["id"]);
-
 //validate the uuid
-	if (is_uuid($group_uuid)) {
+	if (is_uuid($_GET["id"])) {
+		$group_uuid = $_GET["id"];
+
 		//get the group from v_groups
 			$sql = "select domain_uuid, group_name from v_groups ";
-			$sql .= "where group_uuid = '".$group_uuid."' ";
+			$sql .= "where group_uuid = :group_uuid ";
 			if (!permission_exists('group_domain')) {
-				$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
+				$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
+				$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 			}
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-			foreach ($result as &$row) {
+			$parameters['group_uuid'] = $group_uuid;
+			$database = new database;
+			$row = $database->select($sql, $parameters, 'row');
+			unset($sql, $parameters);
+
+			if (is_array($row) && sizeof($row) != 0) {
+
 				$domain_uuid = $row["domain_uuid"];
 				$group_name = $row["group_name"];
-			}
-			unset ($prep_statement);
-
-		//delete the user groups
-			$sql = "delete from v_user_groups ";
-			$sql .= "where group_uuid = '".$group_uuid."' ";
-			if (!$db->exec($sql)) {
-				$error = $db->errorInfo();
-				print_r($error);
-			}
 
-		//delete the group permissions
-			if (strlen($group_name) > 0) {
-				$sql = "delete from v_group_permissions ";
-				$sql .= "where group_name = '".$group_name."' ";
-				$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
-				if (!$db->exec($sql)) {
-					$error = $db->errorInfo();
-					print_r($error);
-				}
-			}
+				//delete the user groups
+					$array['user_groups'][0]['group_uuid'] = $group_uuid;
+
+					$p = new permissions;
+					$p->add('user_group_delete', 'temp');
+
+					$database = new database;
+					$database->app_name = 'groups';
+					$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+					$database->delete($array);
+					unset($array);
+
+					$p->delete('user_group_delete', 'temp');
+
+				//get the group permissions
+					$sql = "select group_permission_uuid ";
+					$sql .= "from v_group_permissions ";
+					$sql .= "where group_name = :group_name ";
+					if (is_uuid($domain_uuid)) {
+						$sql .= "and domain_uuid = :domain_uuid ";
+						$parameters['domain_uuid'] = $domain_uuid;
+					}
+					else {
+						$sql .= "and domain_uuid is null ";
+					}
+					$parameters['group_name'] = $group_name;
+					$database = new database;
+					$result = $database->select($sql, $parameters, 'all');
+					if (is_array($result) && sizeof($result) != 0) {
+						foreach ($result as $index => $row) {
+							//build array
+								$array['group_permissions'][$index]['group_permission_uuid'] = $row['group_permission_uuid'];
+								$array['group_permissions'][$index]['group_name'] = $group_name;
+						}
+						if (is_array($array) && sizeof($array) != 0) {
+							//delete the group permissions
+								$p = new permissions;
+								$p->add('group_permission_delete', 'temp');
+
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->delete($array);
+								unset($array);
+
+								$p->delete('group_permission_delete', 'temp');
+						}
+					}
+					unset($sql, $parameters, $result, $row);
+
+				//delete the group
+					$array['groups'][0]['group_uuid'] = $group_uuid;
+					if (is_uuid($domain_uuid)) {
+						$array['groups'][0]['domain_uuid'] = $domain_uuid;
+					}
+
+					$database = new database;
+					$database->app_name = 'groups';
+					$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+					$database->delete($array);
+					unset($array);
+
+				//set message
+					message::add($text['message-delete']);
 
-		//delete the group
-			$sql = "delete from v_groups ";
-			$sql .= "where group_uuid = '".$group_uuid."' ";
-			$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
-			if (!$db->exec($sql)) {
-				$error = $db->errorInfo();
-				print_r($error);
 			}
+			unset($sql, $parameters, $row);
 	}
 
 //redirect the user
-	message::add($text['message-delete']);
 	header("Location: groups.php");
 
 ?>

core/groups/groupedit.php

@@ -45,128 +45,176 @@
 //process update
 	if (count($_POST) > 0) {
 		//set the variables
-			$group_uuid = check_str($_POST['group_uuid']);
-			$group_name = check_str($_POST['group_name']);
-			$group_name_previous = check_str($_POST['group_name_previous']);
-			$domain_uuid = check_str($_POST["domain_uuid"]);
-			$domain_uuid_previous = check_str($_POST["domain_uuid_previous"]);
-			$group_description = check_str($_POST["group_description"]);
+			$group_uuid = $_POST['group_uuid'];
+			$group_name = $_POST['group_name'];
+			$group_name_previous = $_POST['group_name_previous'];
+			$domain_uuid = $_POST["domain_uuid"];
+			$domain_uuid_previous = $_POST["domain_uuid_previous"];
+			$group_description = $_POST["group_description"];
 
 		//check for global/domain duplicates
-			$sql = "select count(*) as num_rows from v_groups where ";
-			$sql .= "group_name = '".$group_name."' ";
-			$sql .= "and group_uuid <> '".$group_uuid."' ";
-			$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
-			$prep_statement = $db->prepare($sql);
-			if ($prep_statement) {
-				$prep_statement->execute();
-				$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-				$group_exists = ($row['num_rows'] > 0) ? true : false;
+			$sql = "select count(*) from v_groups where ";
+			$sql .= "group_name = :group_name ";
+			$sql .= "and group_uuid <> :group_uuid ";
+			if (is_uuid($domain_uuid)) {
+				$sql .= "and domain_uuid = :domain_uuid ";
+				$parameters['domain_uuid'] = $domain_uuid;
 			}
 			else {
-				$group_exists = false;
+				$sql .= "and domain_uuid is null ";
 			}
-			unset($sql, $prep_statement, $row);
+			$parameters['group_name'] = $group_name;
+			$parameters['group_uuid'] = $group_uuid;
+			$database = new database;
+			$num_rows = $database->select($sql, $parameters, 'column');
+			$group_exists = ($num_rows > 0) ? true : false;
+			unset($sql, $parameters, $num_rows);
 
 		//update group
 			if (!$group_exists) {
-				$sql = "update v_groups ";
-				$sql .= "set ";
-				$sql .= "group_name = '".$group_name."', ";
-				$sql .= "domain_uuid = ".(($domain_uuid != '') ? "'".$domain_uuid."'" : "null").", ";
-				$sql .= "group_description = '".$group_description."' ";
-				$sql .= "where group_uuid = '".$group_uuid."' ";
-				if (!$db->exec(check_sql($sql))) {
-					$error = $db->errorInfo();
-					echo "<pre>".print_r($error, true)."</pre>";
-					exit;
-				}
+				$array['groups'][0]['group_uuid'] = $group_uuid;
+				$array['groups'][0]['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : null;
+				$array['groups'][0]['group_name'] = $group_name;
+				$array['groups'][0]['group_description'] = $group_description;
+				$database = new database;
+				$database->app_name = 'groups';
+				$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+				$database->save($array);
+				unset($array);
 
 				//group changed from global to domain-specific
-				if ($domain_uuid_previous == '' && $domain_uuid != '') {
+				if (!is_uuid($domain_uuid_previous) && is_uuid($domain_uuid)) {
 					//remove any users assigned to the group from the old domain
-						$sql = "delete from v_user_groups where group_uuid = '".$group_uuid."' and domain_uuid <> '".$domain_uuid."' ";
-						if (!$db->exec(check_sql($sql))) {
-							$error = $db->errorInfo();
-							//echo "<pre>".print_r($error, true)."</pre>"; exit;
-						}
+						$sql = "delete from v_user_groups where group_uuid = :group_uuid and domain_uuid <> :domain_uuid ";
+						$parameters['group_uuid'] = $group_uuid;
+						$parameters['domain_uuid'] = $domain_uuid;
+						$database = new database;
+						$database->app_name = 'groups';
+						$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
+
 					//update permissions to use new domain uuid
-						$sql = "update v_group_permissions set domain_uuid = '".$domain_uuid."' where group_name = '".$group_name_previous."' and domain_uuid is null ";
-						if (!$db->exec(check_sql($sql))) {
-							$error = $db->errorInfo();
-							//echo "<pre>".print_r($error, true)."</pre>"; exit;
-						}
+						$sql = "update v_group_permissions set domain_uuid = :domain_uuid where group_name = :group_name and domain_uuid is null ";
+						$parameters['domain_uuid'] = $domain_uuid;
+						$parameters['group_name'] = $group_name_previous;
+						$database = new database;
+						$database->app_name = 'groups';
+						$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
+
 					//change group name
 						if ($group_name != $group_name_previous && $group_name != '') {
 							//change group name in group users
-								$sql = "update v_user_groups set group_name = '".$group_name."' where group_uuid = '".$group_uuid."' and group_name = '".$group_name_previous."' ";
-								if (!$db->exec(check_sql($sql))) {
-									$error = $db->errorInfo();
-									//echo "<pre>".print_r($error, true)."</pre>"; exit;
-								}
+								$sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old ";
+								$parameters['group_name_new'] = $group_name;
+								$parameters['group_uuid'] = $group_uuid;
+								$parameters['group_name_old'] = $group_name_previous;
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->execute($sql, $parameters);
+								unset($sql, $parameters);
+
 							//change group name in permissions
-								$sql = "update v_group_permissions set group_name = '".$group_name."' where domain_uuid = '".$domain_uuid."' and group_name = '".$group_name_previous."' ";
-								if (!$db->exec(check_sql($sql))) {
-									$error = $db->errorInfo();
-									//echo "<pre>".print_r($error, true)."</pre>"; exit;
-								}
+								$sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old ";
+								$parameters['group_name_new'] = $group_name;
+								$parameters['domain_uuid'] = $domain_uuid;
+								$parameters['group_name_old'] = $group_name_previous;
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->execute($sql, $parameters);
+								unset($sql, $parameters);
 						}
 				}
 
 				//group changed from one domain to another
-				else if ($domain_uuid_previous != '' && $domain_uuid != '' && $domain_uuid_previous != $domain_uuid) {
+				else if (is_uuid($domain_uuid_previous) && is_uuid($domain_uuid) && $domain_uuid_previous != $domain_uuid) {
 					//remove any users assigned to the group from the old domain
-						$sql = "delete from v_user_groups where group_uuid = '".$group_uuid."' and domain_uuid = '".$domain_uuid_previous."' ";
-						if (!$db->exec(check_sql($sql))) {
-							$error = $db->errorInfo();
-							//echo "<pre>".print_r($error, true)."</pre>"; exit;
-						}
+						$array['user_groups'][0]['group_uuid'] = $group_uuid;
+						$array['user_groups'][0]['domain_uuid'] = $domain_uuid_previous;
+
+						$p = new permissions;
+						$p->add('user_group_delete', 'temp');
+
+						$database = new database;
+						$database->app_name = 'groups';
+						$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+						$database->delete($array);
+						unset($array);
+
+						$p->delete('user_group_delete', 'temp');
 					//update permissions to use new domain uuid
-						$sql = "update v_group_permissions set domain_uuid = '".$domain_uuid."' where group_name = '".$group_name_previous."' and domain_uuid = '".$domain_uuid_previous."' ";
-						if (!$db->exec(check_sql($sql))) {
-							$error = $db->errorInfo();
-							//echo "<pre>".print_r($error, true)."</pre>"; exit;
-						}
+						$sql = "update v_group_permissions set domain_uuid = :domain_uuid_new where group_name = :group_name and domain_uuid = :domain_uuid_old ";
+						$parameters['domain_uuid_new'] = $domain_uuid;
+						$parameters['group_name'] = $group_name_previous;
+						$parameters['domain_uuid_old'] = $domain_uuid_previous;
+						$database = new database;
+						$database->app_name = 'groups';
+						$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
 					//change group name
 						if ($group_name != $group_name_previous && $group_name != '') {
 							//change group name in group users
-								$sql = "update v_user_groups set group_name = '".$group_name."' where group_uuid = '".$group_uuid."' and group_name = '".$group_name_previous."' ";
-								if (!$db->exec(check_sql($sql))) {
-									$error = $db->errorInfo();
-									//echo "<pre>".print_r($error, true)."</pre>"; exit;
-								}
+								$sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old ";
+								$parameters['group_name_new'] = $group_name;
+								$parameters['group_uuid'] = $group_uuid;
+								$parameters['group_name_old'] = $group_name_previous;
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->execute($sql, $parameters);
+								unset($sql, $parameters);
 							//change group name in permissions
-								$sql = "update v_group_permissions set group_name = '".$group_name."' where domain_uuid = '".$domain_uuid."' and group_name = '".$group_name_previous."' ";
-								if (!$db->exec(check_sql($sql))) {
-									$error = $db->errorInfo();
-									//echo "<pre>".print_r($error, true)."</pre>"; exit;
-								}
+								$sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old ";
+								$parameters['group_name_new'] = $group_name;
+								$parameters['domain_uuid'] = $domain_uuid;
+								$parameters['group_name_old'] = $group_name_previous;
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->execute($sql, $parameters);
+								unset($sql, $parameters);
 						}
 				}
 
 				//group changed from domain-specific to global
-				else if ($domain_uuid_previous != '' && $domain_uuid == '') {
+				else if (is_uuid($domain_uuid_previous) && !is_uuid($domain_uuid)) {
 					//change group name
 						if ($group_name != $group_name_previous && $group_name != '') {
 							//change group name in group users
-								$sql = "update v_user_groups set group_name = '".$group_name."' where group_uuid = '".$group_uuid."' and group_name = '".$group_name_previous."' ";
-								if (!$db->exec(check_sql($sql))) {
-									$error = $db->errorInfo();
-									//echo "<pre>".print_r($error, true)."</pre>"; exit;
-								}
+								$sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old ";
+								$parameters['group_name_new'] = $group_name;
+								$parameters['group_uuid'] = $group_uuid;
+								$parameters['group_name_old'] = $group_name_previous;
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->execute($sql, $parameters);
+								unset($sql, $parameters);
 							//change group name in permissions
-								$sql = "update v_group_permissions set group_name = '".$group_name."' where domain_uuid = '".$domain_uuid_previous."' and group_name = '".$group_name_previous."' ";
-								if (!$db->exec(check_sql($sql))) {
-									$error = $db->errorInfo();
-									//echo "<pre>".print_r($error, true)."</pre>"; exit;
-								}
+								$sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old ";
+								$parameters['group_name_new'] = $group_name;
+								$parameters['domain_uuid'] = $domain_uuid_previous;
+								$parameters['group_name_old'] = $group_name_previous;
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->execute($sql, $parameters);
+								unset($sql, $parameters);
 						}
 					//update permissions to not use a domain uuid
-						$sql = "update v_group_permissions set domain_uuid = null where group_name = '".$group_name."' and domain_uuid = '".$domain_uuid_previous."' ";
-						if (!$db->exec(check_sql($sql))) {
-							$error = $db->errorInfo();
-							//echo "<pre>".print_r($error, true)."</pre>"; exit;
-						}
+						$sql = "update v_group_permissions set domain_uuid = null where group_name = :group_name and domain_uuid = :domain_uuid ";
+						$parameters['group_name'] = $group_name;
+						$parameters['domain_uuid'] = $domain_uuid_previous;
+						$database = new database;
+						$database->app_name = 'groups';
+						$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+						$database->execute($sql, $parameters);
+						unset($sql, $parameters);
 				}
 
 				//domain didn't change, but name may still
@@ -174,17 +222,32 @@
 					//change group name
 						if ($group_name != $group_name_previous && $group_name != '') {
 							//change group name in group users
-								$sql = "update v_user_groups set group_name = '".$group_name."' where group_uuid = '".$group_uuid."' and group_name = '".$group_name_previous."' ";
-								if (!$db->exec(check_sql($sql))) {
-									$error = $db->errorInfo();
-									//echo "<pre>".print_r($error, true)."</pre>"; exit;
-								}
+								$sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old ";
+								$parameters['group_name_new'] = $group_name;
+								$parameters['group_uuid'] = $group_uuid;
+								$parameters['group_name_old'] = $group_name_previous;
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->execute($sql, $parameters);
+								unset($sql, $parameters);
 							//change group name in permissions
-								$sql = "update v_group_permissions set group_name = '".$group_name."' where domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ")." and group_name = '".$group_name_previous."' ";
-								if (!$db->exec(check_sql($sql))) {
-									$error = $db->errorInfo();
-									//echo "<pre>".print_r($error, true)."</pre>"; exit;
+								$sql = "update v_group_permissions set group_name = :group_name_new ";
+								if (is_uuid($domain_uuid)) {
+									$sql .= "where domain_uuid = :domain_uuid ";
+									$parameters['domain_uuid'] = $domain_uuid;
+								}
+								else {
+									$sql .= "where domain_uuid is null ";
 								}
+								$sql .= "and group_name = :group_name_old ";
+								$parameters['group_name_new'] = $group_name;
+								$parameters['group_name_old'] = $group_name_previous;
+								$database = new database;
+								$database->app_name = 'groups';
+								$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+								$database->execute($sql, $parameters);
+								unset($sql, $parameters);
 						}
 				}
 
@@ -201,18 +264,19 @@
 	}
 
 //pre-populate the form
-	$group_uuid = check_str($_REQUEST['id']);
-	if ($group_uuid != '') {
+	$group_uuid = $_REQUEST['id'];
+	if (is_uuid($group_uuid)) {
 		$sql = "select * from v_groups where ";
-		$sql .= "group_uuid = '".$group_uuid."' ";
-		$prep_statement = $db->prepare($sql);
-		if ($prep_statement) {
-			$prep_statement->execute();
-			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+		$sql .= "group_uuid = :group_uuid ";
+		$parameters['group_uuid'] = $group_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && sizeof($row) != 0) {
 			$group_name = $row['group_name'];
 			$domain_uuid = $row['domain_uuid'];
 			$group_description = $row['group_description'];
 		}
+		unset($sql, $parameters, $row);
 	}
 
 //include the header

core/groups/groupmemberadd.php

@@ -45,43 +45,34 @@
 	}
 
 //get the http values and set them as variables
-	$domain_uuid = check_str($_POST["domain_uuid"]);
-	$group_uuid = check_str($_POST["group_uuid"]);
-	$group_name = check_str($_POST["group_name"]);
-	$user_uuid = check_str($_POST["user_uuid"]);
+	$domain_uuid = $_POST["domain_uuid"];
+	$group_uuid = $_POST["group_uuid"];
+	$group_name = $_POST["group_name"];
+	$user_uuid = $_POST["user_uuid"];
 
 //add the user to the group
 	if (is_uuid($user_uuid) && is_uuid($group_uuid) && strlen($group_name) > 0) {
-		$sql = "insert into v_user_groups ";
-		$sql .= "(";
-		$sql .= "user_group_uuid, ";
-		$sql .= "domain_uuid, ";
-		$sql .= "group_uuid, ";
-		$sql .= "group_name, ";
-		$sql .= "user_uuid ";
-		$sql .= ")";
-		$sql .= "values ";
-		$sql .= "(";
-		$sql .= "'".uuid()."', ";
-		$sql .= "'".$domain_uuid."', ";
-		$sql .= "'".$group_uuid."', ";
-		$sql .= "'".$group_name."', ";
-		$sql .= "'".$user_uuid."' ";
-		$sql .= ")";
-		if (!$db->exec($sql)) {
-			$info = $db->errorInfo();
-			echo "<pre>".print_r($info, true)."</pre>";
-			exit;
-		}
-		else {
-			//log the success
-			//$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name;
-			//log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
-		}
+		$array['user_groups'][0]['user_group_uuid'] = uuid();
+		$array['user_groups'][0]['domain_uuid'] = $domain_uuid;
+		$array['user_groups'][0]['group_uuid'] = $group_uuid;
+		$array['user_groups'][0]['group_name'] = $group_name;
+		$array['user_groups'][0]['user_uuid'] = $user_uuid;
+
+		$p = new permissions;
+		$p->add('user_group_add', 'temp');
+
+		$database = new database;
+		$database->app_name = 'groups';
+		$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+		$database->save($array);
+		unset($array);
+
+		$p->delete('user_group_add', 'temp');
+
+		message::add($text['message-update']);
 	}
 
 //redirect the user
-	message::add($text['message-update']);
 	header("Location: groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name);
 
 ?>

core/groups/groupmemberdelete.php

@@ -45,23 +45,23 @@
 	}
 
 //get the http values and set them as variables
-	$group_name = check_str($_GET["group_name"]);
-	$user_uuid = check_str($_GET["user_uuid"]);
-	$group_uuid = check_str($_GET["group_uuid"]);
+	$group_name = $_GET["group_name"];
+	$user_uuid = $_GET["user_uuid"];
+	$group_uuid = $_GET["group_uuid"];
 
 //delete the group membership
-	$sql_delete = "delete from v_user_groups ";
-	$sql_delete .= "where user_uuid = '".$user_uuid."' ";
-	$sql_delete .= "and group_uuid = '".$group_uuid."' ";
-	if (!$db->exec($sql_delete)) {
-		$info = $db->errorInfo();
-		echo "<pre>".print_r($info, true)."</pre>";
-		exit;
-	}
-	else {
-		//$log_type = 'group'; $log_status='remove'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." removed from group: ".$group_name;
-		//log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
-	}
+	$p = new permissions;
+	$p->add('user_group_delete', 'temp');
+
+	$array['user_groups'][0]['user_uuid'] = $user_uuid;
+	$array['user_groups'][0]['group_uuid'] = $group_uuid;
+	$database = new database;
+	$database->app_name = 'groups';
+	$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+	$database->delete($array);
+	unset($array);
+
+	$p->delete('user_group_delete', 'temp');
 
 //redirect the user
 	message::add($text['message-delete']);

core/groups/groupmembers.php

@@ -49,46 +49,44 @@
 	$text = $language->get();
 
 //get the group uuid, lookup domain uuid (if any) and name
-	$group_uuid = check_str($_REQUEST['group_uuid']);
+	$group_uuid = $_REQUEST['group_uuid'];
 	$sql = "select domain_uuid, group_name from v_groups ";
-	$sql .= "where group_uuid = '".$group_uuid."' ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	foreach ($result as &$row) {
+	$sql .= "where group_uuid = :group_uuid ";
+	$parameters['group_uuid'] = $group_uuid;
+	$database = new database;
+	$row = $database->select($sql, $parameters, 'row');
+	if (is_array($row) && sizeof($row) != 0) {
 		$domain_uuid = $row["domain_uuid"];
 		$group_name = $row["group_name"];
-		break; //limit to 1 row
 	}
-	unset ($prep_statement);
+	unset($sql, $parameters, $row);
 
 //define the if group members function
 	function is_group_member($group_uuid, $user_uuid) {
-		global $db, $domain_uuid;
-		$sql = "select * from v_user_groups ";
-		$sql .= "where user_uuid = '".$user_uuid."' ";
-		$sql .= "and group_uuid = '".$group_uuid."' ";
-		$sql .= "and domain_uuid = '".(($domain_uuid != '') ? $domain_uuid : $_SESSION['domain_uuid'])."' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		if (count($prep_statement->fetchAll(PDO::FETCH_NAMED)) == 0) { return true; } else { return false; }
-		unset ($sql, $prep_statement);
+		global $domain_uuid;
+		$sql = "select count(*) from v_user_groups ";
+		$sql .= "where user_uuid = :user_uuid ";
+		$sql .= "and group_uuid = :group_uuid ";
+		$sql .= "and domain_uuid = :domain_uuid ";
+		$parameters['user_uuid'] = $user_uuid;
+		$parameters['group_uuid'] = $group_uuid;
+		$parameters['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : $_SESSION['domain_uuid'];
+		$database = new database;
+		$num_rows = $database->select($sql, $parameters, 'column');
+		return $num_rows == 0 ? true : false;
+		unset($sql, $parameters, $num_rows);
 	}
 	//$exampledatareturned = example("apples", 1);
 
 //get the the users array
 	if (permission_exists('group_member_add')) {
 		$sql = "select * from v_users where ";
-		if ($domain_uuid != '') {
-			$sql .= "domain_uuid = '".$domain_uuid."' ";
-		}
-		else {
-			$sql .= "domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		}
+		$sql .= "domain_uuid = :domain_uuid ";
 		$sql .= "order by username ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$parameters['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : $_SESSION['domain_uuid'];
+		$database = new database;
+		$users = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
 	}
 
 //get the groups users
@@ -96,17 +94,20 @@
 	$sql .= "from v_user_groups as ug, v_users as u, v_domains as d ";
 	$sql .= "where ug.user_uuid = u.user_uuid ";
 	$sql .= "and ug.domain_uuid = d.domain_uuid ";
-	if ($domain_uuid != '') {
-		$sql .= "and ug.domain_uuid = '".$domain_uuid."' ";
+	if (is_uuid($domain_uuid)) {
+		$sql .= "and ug.domain_uuid = :domain_uuid_ug ";
+		$parameters['domain_uuid_ug'] = $domain_uuid;
 	}
 	if (!permission_exists('user_all')) {
-		$sql .= "and u.domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		$sql .= "and u.domain_uuid = :domain_uuid_u ";
+		$parameters['domain_uuid_u'] = $_SESSION['domain_uuid'];
 	}
-	$sql .= "and ug.group_uuid = '".$group_uuid."' ";
+	$sql .= "and ug.group_uuid = :group_uuid ";
 	$sql .= "order by d.domain_name asc, u.username asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$parameters['group_uuid'] = $group_uuid;
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //include the header
 	require_once "resources/header.php";
@@ -158,27 +159,29 @@
 	$echo .= "</tr>\n";
 
 	$count = 0;
-	foreach ($result as &$row) {
-		$username = $row["username"];
-		$user_uuid = $row["user_uuid"];
-		$domain_uuid = $row["domain_uuid"];
-		$group_uuid = $row["group_uuid"];
-		$echo .= "<tr>";
-		if (permission_exists('user_all')) {
-			$echo .= "<td align='left' class='".$row_style[$c]."' nowrap='nowrap'>".$_SESSION['domains'][$domain_uuid]['domain_name']."</td>\n";
-		}
-		$echo .= "<td align='left' class='".$row_style[$c]."' nowrap='nowrap'>".$username."</td>\n";
-		$echo .= "<td class='list_control_icons' style='width: 25px;'>";
-		if (permission_exists('group_member_delete')) {
-			$echo .= "<a href='groupmemberdelete.php?user_uuid=".$user_uuid."&group_name=".$group_name."&group_uuid=".$group_uuid."' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>".$v_link_label_delete."</a>";
-		}
-		$echo .= "</td>\n";
-		$echo .= "</tr>\n";
+	if (is_array($result) && sizeof($result) != 0) {
+		foreach ($result as &$row) {
+			$username = $row["username"];
+			$user_uuid = $row["user_uuid"];
+			$domain_uuid = $row["domain_uuid"];
+			$group_uuid = $row["group_uuid"];
+			$echo .= "<tr>";
+			if (permission_exists('user_all')) {
+				$echo .= "<td align='left' class='".$row_style[$c]."' nowrap='nowrap'>".$_SESSION['domains'][$domain_uuid]['domain_name']."</td>\n";
+			}
+			$echo .= "<td align='left' class='".$row_style[$c]."' nowrap='nowrap'>".$username."</td>\n";
+			$echo .= "<td class='list_control_icons' style='width: 25px;'>";
+			if (permission_exists('group_member_delete')) {
+				$echo .= "<a href='groupmemberdelete.php?user_uuid=".$user_uuid."&group_name=".$group_name."&group_uuid=".$group_uuid."' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>".$v_link_label_delete."</a>";
+			}
+			$echo .= "</td>\n";
+			$echo .= "</tr>\n";
 
-		$c = ($c) ? 0 : 1;
+			$c = ($c) ? 0 : 1;
 
-		$user_groups[] = $row["user_uuid"];
-		$count++;
+			$user_groups[] = $row["user_uuid"];
+			$count++;
+		}
 	}
 
 	$echo .= "</table>\n";

core/groups/groups.php

@@ -47,20 +47,24 @@
 	$document['title'] = $text['title-group_manager'];
 	if (isset($_REQUEST["change"])) {
 		//get the values from the HTTP POST and save them as PHP variables
-		$change = check_str($_REQUEST["change"]);
-		$group_uuid = check_str($_REQUEST["group_uuid"]);
-		$group_name = check_str($_REQUEST["group_name"]);
+		$change = $_REQUEST["change"];
+		$group_uuid = $_REQUEST["group_uuid"];
+		$group_name = $_REQUEST["group_name"];
 
-		$sql = "update v_groups set group_protected = '".$change."' ";
-		$sql .= "where group_uuid = '".$group_uuid."' ";
+		$sql = "update v_groups set group_protected = :group_protected ";
+		$sql .= "where group_uuid = :group_uuid ";
 		if (!permission_exists('group_domain')) {
 			$sql .= "and (";
-			$sql .= "	domain_uuid = '".$domain_uuid."' ";
+			$sql .= "	domain_uuid = :domain_uuid ";
 			$sql .= "	or domain_uuid is null ";
 			$sql .= ") ";
+			$parameters['domain_uuid'] = $domain_uuid;
 		}
-		$db->exec(check_sql($sql));
-		unset($sql);
+		$parameters['group_protected'] = $change;
+		$parameters['group_uuid'] = $group_uuid;
+		$database = new database;
+		$database->execute($sql, $parameters);
+		unset($sql, $parameters);
 
 		message::add($text['message-update']);
 	}
@@ -68,14 +72,14 @@
 //get the groups
 	$sql = "select * from v_groups ";
 	if (!(permission_exists('group_all') && $_GET['show'] == 'all')) {
-		$sql .= "where domain_uuid = '".$domain_uuid."' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
 		$sql .= "or domain_uuid is null ";
+		$parameters['domain_uuid'] = $domain_uuid;
 	}
 	$sql .= "order by domain_uuid desc, group_name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset($sql, $prep_statement);
+	$database = new database;
+	$groups = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 	//$system_groups = array('superadmin','admin','user','public','agent');
 	$system_groups = array();
 
@@ -83,16 +87,18 @@
 //get group counts
 	$sql = "select group_uuid, count(user_uuid) as group_count from v_user_groups ";
 	if (!permission_exists('user_all')) {
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	}
 	$sql .= "group by group_uuid ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	foreach ($result as $row) {
-		$group_counts[$row['group_uuid']] = $row['group_count'];
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	if (is_array($result) && sizeof($result) != 0) {
+		foreach ($result as $row) {
+			$group_counts[$row['group_uuid']] = $row['group_count'];
+		}
 	}
-	unset($sql, $prep_statement, $result, $row);
+	unset($sql, $parameters, $result, $row);
 
 //show the content
 	echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>";

core/groups/permissions_copy.php

@@ -30,7 +30,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (permission_exists('extension_add')) {
+	if (permission_exists('group_permission_add')) {
 		//access granted
 	}
 	else {
@@ -46,76 +46,87 @@
 	require_once "resources/paging.php";
 
 //set the http get/post variable(s) to a php variable
-	if (isset($_REQUEST["group_name"]) && isset($_REQUEST["new_group_name"])) {
+	if (is_uuid($_REQUEST["id"]) && isset($_REQUEST["new_group_name"])) {
 
 		//get HTTP values and set as variables
-			$group_name = check_str($_REQUEST["group_name"]);
-			$new_group_name = check_str($_REQUEST["new_group_name"]);
-			$new_group_desc = check_str($_REQUEST["new_group_desc"]);
+			$group_uuid = $_REQUEST["id"];
+			$new_group_name = $_REQUEST["new_group_name"];
+			$new_group_desc = $_REQUEST["new_group_desc"];
 
-		//get the groups data
+		//get the source groups data
 			$sql = "select * from v_groups ";
-			$sql .= "where domain_uuid = '".$domain_uuid."' ";
-			$sql .= "or domain_uuid is null ";
-			$sql .= "and group_name = '".$group_name."' ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-			foreach ($result as &$row) {
+			$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
+			$sql .= "and group_uuid = :group_uuid ";
+			$parameters['domain_uuid'] = $domain_uuid;
+			$parameters['group_uuid'] = $group_uuid;
+			$database = new database;
+			$row = $database->select($sql, $parameters, 'row');
+			if (is_array($row) && sizeof($row) != 0) {
 				$domain_uuid = $row["domain_uuid"];
 				$group_name = $row["group_name"];
 			}
-			unset ($prep_statement);
+			unset($sql, $parameters, $row);
 
-		//create new group
-			$group_uuid = uuid();
-			$sql = "insert into v_groups ";
-			$sql .= "( ";
-			$sql .= "group_uuid, ";
-			$sql .= "group_name, ";
-			$sql .= "group_description ";
-			$sql .= ") ";
-			$sql .= "values ";
-			$sql .= "( ";
-			$sql .= "'".$group_uuid."', ";
-			$sql .= "'".$new_group_name."', ";
-			$sql .= "'".$new_group_desc."' ";
-			$sql .= ") ";
-			$db->exec(check_sql($sql));
-			unset($sql);
-
-		//get the group permissions data
+		//create new target group
+			$new_group_uuid = uuid();
+			$array['groups'][0]['group_uuid'] = $new_group_uuid;
+			if (is_uuid($domain_uuid)) {
+				$array['groups'][0]['domain_uuid'] = $domain_uuid;
+			}
+			$array['groups'][0]['group_name'] = $new_group_name;
+			$array['groups'][0]['group_description'] = $new_group_desc;
+			$database = new database;
+			$database->app_name = 'groups';
+			$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+			$database->save($array);
+			unset($array);
+
+		//get the source group permissions data
 			$sql = "select * from v_group_permissions ";
-			$sql .= "where group_name = '".$group_name."' ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-			foreach ($result as &$row) {
-				$domain_uuid = $row["domain_uuid"];
-				$permission_name = $row["permission_name"];
-				$group_name = $row["group_name"];
-
-				//copy the group permissions
-				$group_permission_uuid = uuid();
-				$sql = "insert into v_group_permissions ";
-				$sql .= "( ";
-				$sql .= "group_permission_uuid, ";
-				$sql .= "permission_name, ";
-				$sql .= "group_name ";
-				$sql .= ") ";
-				$sql .= "values ";
-				$sql .= "( ";
-				$sql .= "'".$group_permission_uuid."', ";
-				$sql .= "'".$permission_name."', ";
-				$sql .= "'".$new_group_name."' ";
-				$sql .= ") ";
-				$db->exec(check_sql($sql));
-				unset($sql);
+			$sql .= "where group_name = :group_name ";
+			if (is_uuid($domain_uuid)) {
+				$sql .= "and domain_uuid = :domain_uuid ";
+				$parameters['domain_uuid'] = $domain_uuid;
+			}
+			else {
+				$sql .= "and domain_uuid is null ";
+			}
+			$parameters['group_name'] = $group_name;
+			$database = new database;
+			$result = $database->select($sql, $parameters, 'all');
+			unset($sql, $parameters);
+
+			if (is_array($result) && sizeof($result) != 0) {
+				foreach ($result as $index => &$row) {
+					$domain_uuid = $row["domain_uuid"];
+					$permission_name = $row["permission_name"];
+					$group_name = $row["group_name"];
+
+					//copy the group permissions
+					$array['group_permissions'][$index]['group_permission_uuid'] = uuid();
+					if (is_uuid($domain_uuid)) {
+						$array['group_permissions'][$index]['domain_uuid'] = $domain_uuid;
+					}
+					$array['group_permissions'][$index]['permission_name'] = $permission_name;
+					$array['group_permissions'][$index]['group_name'] = $new_group_name;
+					$array['group_permissions'][$index]['group_uuid'] = $new_group_uuid;
+				}
+				if (is_array($array) && sizeof($array) != 0) {
+					$p = new permissions;
+					$p->add('group_permission_add', 'temp');
+
+					$database = new database;
+					$database->app_name = 'groups';
+					$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+					$database->save($array);
+					unset($array);
+
+					$p->delete('group_permission_add', 'temp');
+
+					message::add($text['message-copy']);
+				}
 			}
 			unset ($prep_statement);
-
-		//redirect the user
-			message::add($text['message-copy']);
 	}
 
 //redirect