roundcubemail/program/steps/addressbook/save.inc

<?php

/*
 +-----------------------------------------------------------------------+
 | program/steps/addressbook/save.inc                                    |
 |                                                                       |
 | This file is part of the RoundCube Webmail client                     |
 | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 | PURPOSE:                                                              |
 |   Save a contact entry or to add a new one                            |
 |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
 +-----------------------------------------------------------------------+

 $Id$

*/

// check input
if ((empty($_POST['_name']) || empty($_POST['_email'])) && empty($_GET['_framed']))
  {
  show_message('formincomplete', 'warning');
  rcmail_overwrite_action(empty($_POST['_cid']) ? 'add' : 'show');
  return;
  }

// setup some vars we need
$a_save_cols = array('name', 'firstname', 'surname', 'email');
$contacts_table = get_table_name('contacts');

// update an existing contact
if (!empty($_POST['_cid']))
  {
  $a_write_sql = array();

  foreach ($a_save_cols as $col)
    {
    $fname = '_'.$col;
    if (!isset($_POST[$fname]))
      continue;
    
    $a_write_sql[] = sprintf("%s=%s",
                             $DB->quoteIdentifier($col),
                             $DB->quote(get_input_value($fname, RCUBE_INPUT_POST)));
    }

  if (sizeof($a_write_sql))
    {
    $DB->query("UPDATE $contacts_table
                SET    changed=".$DB->now().", ".join(', ', $a_write_sql)."
                WHERE  contact_id=?
                AND    user_id=?
                AND    del<>1",
                $_POST['_cid'],
                $_SESSION['user_id']);
                       
    $updated = $DB->affected_rows();
    }
       
  if ($updated)
    {
    if ($_framed)
      {
      // define list of cols to be displayed
      $a_show_cols = array('name', 'email');
      $a_js_cols = array();
  
      $sql_result = $DB->query("SELECT * FROM $contacts_table
                                WHERE  contact_id=?
                                AND    user_id=?
                                AND    del<>1",
                               $_POST['_cid'],
                               $_SESSION['user_id']);
                         
      $sql_arr = $DB->fetch_assoc($sql_result);
      foreach ($a_show_cols as $col)
        $a_js_cols[] = (string)$sql_arr[$col];

      // update the changed col in list
      $OUTPUT->add_script(sprintf("if(parent.%s)parent.%s.update_contact_row('%d', %s);",
                          $JS_OBJECT_NAME,
                          $JS_OBJECT_NAME,
                          $_POST['_cid'],
                          array2js($a_js_cols)));

      }
      
    // show confirmation
    show_message('successfullysaved', 'confirmation');    
    rcmail_overwrite_action('show');
    }
  else
    {
    // show error message
    show_message('errorsaving', 'error');
    rcmail_overwrite_action('show');
    }
  }

// insert a new contact
else
  {
  $a_insert_cols = $a_insert_values = array();

  // check for existing contacts
  $sql = "SELECT 1 FROM $contacts_table
          WHERE  user_id = {$_SESSION['user_id']}
          AND del <> '1' ";

  // get email and name, build sql for existing user check
  if (isset($_GET['_emails']) && isset($_GET['_names']))
    {
    $sql   .= "AND email IN (";
    $emails = explode(',', get_input_value('_emails', RCUBE_INPUT_GET));
    $names  = explode(',', get_input_value('_names', RCUBE_INPUT_GET));
    $count  = count($emails);
    $n = 0;
    foreach ($emails as $email)
      {
      $end  = (++$n == $count) ? '' : ',';
      $sql .= $DB->quote($email) . $end;
      }
    $sql .= ")";
    $ldap_form = true; 
    }
  else if (isset($_POST['_email'])) 
    $sql  .= "AND email = " . $DB->quote(get_input_value('_email', RCUBE_INPUT_POST));

  $sql_result = $DB->query($sql);

  // show warning message
  if ($DB->num_rows($sql_result))
    {
    show_message('contactexists', 'warning');

    if ($ldap_form)
      rcmail_overwrite_action('ldappublicsearch');
    else
      rcmail_overwrite_action('add');

    return;
    }

  if ($ldap_form)
    {
    $n = 0; 
    foreach ($emails as $email) 
      {
      $DB->query("INSERT INTO $contacts_table 
                 (user_id, name, email)
                 VALUES ({$_SESSION['user_id']}," . $DB->quote($names[$n++]) . "," . 
                                      $DB->quote($email) . ")");
      $insert_id[] = $DB->insert_id();
      }
    }
  else
    {
    foreach ($a_save_cols as $col)
      {
      $fname = '_'.$col;
      if (!isset($_POST[$fname]))
        continue;
    
      $a_insert_cols[] = $col;
      $a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST));
      }
    
    if (sizeof($a_insert_cols))
      {
      $DB->query("INSERT INTO $contacts_table
                  (user_id, changed, del, ".join(', ', $a_insert_cols).")
                  VALUES (?, ".$DB->now().", 0, ".join(', ', $a_insert_values).")",
                $_SESSION['user_id']);
                       
      $insert_id = $DB->insert_id(get_sequence_name('contacts'));
      }
    }
    
  if ($insert_id)
    {
    if (!$ldap_form)
      {
      if ($_framed)
        {
        // add contact row or jump to the page where it should appear
        $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
        $sql_result = $DB->query("SELECT * FROM $contacts_table
                                  WHERE  contact_id=?
                                  AND    user_id=?",
                                  $insert_id,
                                  $_SESSION['user_id']);
        $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);

        $commands .= sprintf("if(parent.%s)parent.%s.contact_list.select('%d');\n",
                             $JS_OBJECT_NAME, 
                             $JS_OBJECT_NAME,
                             $insert_id);

        // update record count display
        $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
                             $JS_OBJECT_NAME, 
                             $JS_OBJECT_NAME,
                             rcmail_get_rowcount_text());

        $OUTPUT->add_script($commands);
        }

      // show confirmation
      show_message('successfullysaved', 'confirmation');
      $_GET['_cid'] = $insert_id;
      }
    else 
      {
      // add contact row or jump to the page where it should appear
      $commands = '';
      foreach ($insert_id as $id) 
        {
        $sql_result = $DB->query("SELECT * FROM $contacts_table
                                  WHERE  contact_id = $id
                                  AND    user_id    = {$_SESSION['user_id']}");
        
        $commands .= sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
        $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
        $last_id = $id;
        }

      // display the last insert id
      $commands .= sprintf("if(parent.%s)parent.%s.contact_list.select('%d');\n",
                            $JS_OBJECT_NAME, 
                            $JS_OBJECT_NAME,
                            $last_id);

      // update record count display
      $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
                           $JS_OBJECT_NAME, 
                           $JS_OBJECT_NAME,
                           rcmail_get_rowcount_text());

      $OUTPUT->add_script($commands);
      rcmail_overwrite_action('ldappublicsearch');
      }

    // show confirmation
    show_message('successfullysaved', 'confirmation');      
    rcmail_overwrite_action('show');
    }
  else
    {
    // show error message
    show_message('errorsaving', 'error');
    rcmail_overwrite_action('add');
    }
  }

?>
Initial revision 19 years ago			`<?php`

			`/*`
			`+-----------------------------------------------------------------------+`
			`\| program/steps/addressbook/save.inc \|`
			`\| \|`
			`\| This file is part of the RoundCube Webmail client \|`
			`\| Copyright (C) 2005, RoundCube Dev. - Switzerland \|`
Minor bugfixes and correction of confusing License notfications 19 years ago			`\| Licensed under the GNU GPL \|`
Initial revision 19 years ago			`\| \|`
			`\| PURPOSE: \|`
			`\| Save a contact entry or to add a new one \|`
			`\| \|`
			`+-----------------------------------------------------------------------+`
			`\| Author: Thomas Bruederli <roundcube@gmail.com> \|`
			`+-----------------------------------------------------------------------+`

			$Id$

			`*/`

Added localized messages to client and check form input 19 years ago			`// check input`
adding files and modifications for public ldap search 19 years ago			`if ((empty($_POST['_name']) \|\| empty($_POST['_email'])) && empty($_GET['_framed']))`
Added localized messages to client and check form input 19 years ago			`{`
			`show_message('formincomplete', 'warning');`
Improved reading of POST and GET values 19 years ago			`rcmail_overwrite_action(empty($_POST['_cid']) ? 'add' : 'show');`
Added localized messages to client and check form input 19 years ago			`return;`
			`}`

adding files and modifications for public ldap search 19 years ago			`// setup some vars we need`
Reverted files to r305 18 years ago			`$a_save_cols = array('name', 'firstname', 'surname', 'email');`
adding files and modifications for public ldap search 19 years ago			`$contacts_table = get_table_name('contacts');`
Added localized messages to client and check form input 19 years ago
Initial revision 19 years ago			`// update an existing contact`
Improved reading of POST and GET values 19 years ago			`if (!empty($_POST['_cid']))`
Initial revision 19 years ago			`{`
			`$a_write_sql = array();`

			`foreach ($a_save_cols as $col)`
			`{`
			`$fname = '_'.$col;`
			`if (!isset($_POST[$fname]))`
			`continue;`

Fixed some charset bugs 19 years ago			`$a_write_sql[] = sprintf("%s=%s",`
			`$DB->quoteIdentifier($col),`
Improved reading of POST and GET values 19 years ago			`$DB->quote(get_input_value($fname, RCUBE_INPUT_POST)));`
Initial revision 19 years ago			`}`

			`if (sizeof($a_write_sql))`
			`{`
adding files and modifications for public ldap search 19 years ago			`$DB->query("UPDATE $contacts_table`
Added MSSQL support 18 years ago			`SET changed=".$DB->now().", ".join(', ', $a_write_sql)."`
more pear/mdb2 integration 19 years ago			`WHERE contact_id=?`
			`AND user_id=?`
Re-design of caching (new database table added\!); some bugfixes; Postgres support 19 years ago			`AND del<>1",`
more pear/mdb2 integration 19 years ago			`$_POST['_cid'],`
			`$_SESSION['user_id']);`
Initial revision 19 years ago
			`$updated = $DB->affected_rows();`
			`}`

			`if ($updated)`
			`{`
Improved reading of POST and GET values 19 years ago			`if ($_framed)`
Initial revision 19 years ago			`{`
			`// define list of cols to be displayed`
			`$a_show_cols = array('name', 'email');`
			`$a_js_cols = array();`

adding files and modifications for public ldap search 19 years ago			`$sql_result = $DB->query("SELECT * FROM $contacts_table`
more pear/mdb2 integration 19 years ago			`WHERE contact_id=?`
			`AND user_id=?`
Re-design of caching (new database table added\!); some bugfixes; Postgres support 19 years ago			`AND del<>1",`
Initial revision 19 years ago			`$_POST['_cid'],`
more pear/mdb2 integration 19 years ago			`$_SESSION['user_id']);`
Initial revision 19 years ago
			`$sql_arr = $DB->fetch_assoc($sql_result);`
			`foreach ($a_show_cols as $col)`
			`$a_js_cols[] = (string)$sql_arr[$col];`

			`// update the changed col in list`
			`$OUTPUT->add_script(sprintf("if(parent.%s)parent.%s.update_contact_row('%d', %s);",`
			`$JS_OBJECT_NAME,`
			`$JS_OBJECT_NAME,`
			`$_POST['_cid'],`
			`array2js($a_js_cols)));`

			`}`
Partial client re-write with a common list class 18 years ago
			`// show confirmation`
			`show_message('successfullysaved', 'confirmation');`
			`rcmail_overwrite_action('show');`
Initial revision 19 years ago			`}`
			`else`
			`{`
			`// show error message`
			`show_message('errorsaving', 'error');`
Added localized messages to client and check form input 19 years ago			`rcmail_overwrite_action('show');`
Initial revision 19 years ago			`}`
			`}`

			`// insert a new contact`
			`else`
			`{`
			`$a_insert_cols = $a_insert_values = array();`
adding files and modifications for public ldap search 19 years ago
Added localized messages to client and check form input 19 years ago			`// check for existing contacts`
adding files and modifications for public ldap search 19 years ago			`$sql = "SELECT 1 FROM $contacts_table`
			`WHERE user_id = {$_SESSION['user_id']}`
			`AND del <> '1' ";`

			`// get email and name, build sql for existing user check`
			`if (isset($_GET['_emails']) && isset($_GET['_names']))`
			`{`
			`$sql .= "AND email IN (";`
Improved reading of POST and GET values 19 years ago			`$emails = explode(',', get_input_value('_emails', RCUBE_INPUT_GET));`
			`$names = explode(',', get_input_value('_names', RCUBE_INPUT_GET));`
adding files and modifications for public ldap search 19 years ago			`$count = count($emails);`
			`$n = 0;`
			`foreach ($emails as $email)`
			`{`
			`$end = (++$n == $count) ? '' : ',';`
Improved reading of POST and GET values 19 years ago			`$sql .= $DB->quote($email) . $end;`
adding files and modifications for public ldap search 19 years ago			`}`
			`$sql .= ")";`
			`$ldap_form = true;`
			`}`
			`else if (isset($_POST['_email']))`
Improved reading of POST and GET values 19 years ago			`$sql .= "AND email = " . $DB->quote(get_input_value('_email', RCUBE_INPUT_POST));`
adding files and modifications for public ldap search 19 years ago
			`$sql_result = $DB->query($sql);`
Added localized messages to client and check form input 19 years ago
			`// show warning message`
			`if ($DB->num_rows($sql_result))`
			`{`
			`show_message('contactexists', 'warning');`
adding files and modifications for public ldap search 19 years ago
			`if ($ldap_form)`
			`rcmail_overwrite_action('ldappublicsearch');`
			`else`
			`rcmail_overwrite_action('add');`

Added localized messages to client and check form input 19 years ago			`return;`
			`}`
Initial revision 19 years ago
adding files and modifications for public ldap search 19 years ago			`if ($ldap_form)`
Initial revision 19 years ago			`{`
adding files and modifications for public ldap search 19 years ago			`$n = 0;`
			`foreach ($emails as $email)`
			`{`
			`$DB->query("INSERT INTO $contacts_table`
Fixed tickets 1445501 and 1483820 18 years ago			`(user_id, name, email)`
Improved reading of POST and GET values 19 years ago			`VALUES ({$_SESSION['user_id']}," . $DB->quote($names[$n++]) . "," .`
			`$DB->quote($email) . ")");`
adding files and modifications for public ldap search 19 years ago			`$insert_id[] = $DB->insert_id();`
			`}`
Initial revision 19 years ago			`}`
adding files and modifications for public ldap search 19 years ago			`else`
Initial revision 19 years ago			`{`
adding files and modifications for public ldap search 19 years ago			`foreach ($a_save_cols as $col)`
			`{`
			`$fname = '_'.$col;`
			`if (!isset($_POST[$fname]))`
			`continue;`

			`$a_insert_cols[] = $col;`
Improved reading of POST and GET values 19 years ago			`$a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST));`
adding files and modifications for public ldap search 19 years ago			`}`

			`if (sizeof($a_insert_cols))`
			`{`
			`$DB->query("INSERT INTO $contacts_table`
Added MSSQL support 18 years ago			`(user_id, changed, del, ".join(', ', $a_insert_cols).")`
			`VALUES (?, ".$DB->now().", 0, ".join(', ', $a_insert_values).")",`
more pear/mdb2 integration 19 years ago			`$_SESSION['user_id']);`
Initial revision 19 years ago
adding files and modifications for public ldap search 19 years ago			`$insert_id = $DB->insert_id(get_sequence_name('contacts'));`
			`}`
Initial revision 19 years ago			`}`

			`if ($insert_id)`
			`{`
adding files and modifications for public ldap search 19 years ago			`if (!$ldap_form)`
			`{`
Improved reading of POST and GET values 19 years ago			`if ($_framed)`
adding files and modifications for public ldap search 19 years ago			`{`
			`// add contact row or jump to the page where it should appear`
			`$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);`
			`$sql_result = $DB->query("SELECT * FROM $contacts_table`
			`WHERE contact_id=?`
			`AND user_id=?",`
			`$insert_id,`
			`$_SESSION['user_id']);`
			`$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);`

Partial client re-write with a common list class 18 years ago			`$commands .= sprintf("if(parent.%s)parent.%s.contact_list.select('%d');\n",`
adding files and modifications for public ldap search 19 years ago			`$JS_OBJECT_NAME,`
			`$JS_OBJECT_NAME,`
			`$insert_id);`
Partial client re-write with a common list class 18 years ago
adding files and modifications for public ldap search 19 years ago			`// update record count display`
			`$commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",`
			`$JS_OBJECT_NAME,`
			`$JS_OBJECT_NAME,`
			`rcmail_get_rowcount_text());`

			`$OUTPUT->add_script($commands);`
			`}`

			`// show confirmation`
Partial client re-write with a common list class 18 years ago			`show_message('successfullysaved', 'confirmation');`
			`$_GET['_cid'] = $insert_id;`
adding files and modifications for public ldap search 19 years ago			`}`
			`else`
Initial revision 19 years ago			`{`
			`// add contact row or jump to the page where it should appear`
adding files and modifications for public ldap search 19 years ago			`$commands = '';`
			`foreach ($insert_id as $id)`
			`{`
			`$sql_result = $DB->query("SELECT * FROM $contacts_table`
			`WHERE contact_id = $id`
			`AND user_id = {$_SESSION['user_id']}");`

			`$commands .= sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);`
			`$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);`
			`$last_id = $id;`
			`}`
Initial revision 19 years ago
adding files and modifications for public ldap search 19 years ago			`// display the last insert id`
Partial client re-write with a common list class 18 years ago			`$commands .= sprintf("if(parent.%s)parent.%s.contact_list.select('%d');\n",`
adding files and modifications for public ldap search 19 years ago			`$JS_OBJECT_NAME,`
			`$JS_OBJECT_NAME,`
			`$last_id);`

Initial revision 19 years ago			`// update record count display`
			`$commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",`
			`$JS_OBJECT_NAME,`
			`$JS_OBJECT_NAME,`
			`rcmail_get_rowcount_text());`

			`$OUTPUT->add_script($commands);`
adding files and modifications for public ldap search 19 years ago			`rcmail_overwrite_action('ldappublicsearch');`
Initial revision 19 years ago			`}`
adding files and modifications for public ldap search 19 years ago
			`// show confirmation`
			`show_message('successfullysaved', 'confirmation');`
Partial client re-write with a common list class 18 years ago			`rcmail_overwrite_action('show');`
Initial revision 19 years ago			`}`
			`else`
			`{`
			`// show error message`
			`show_message('errorsaving', 'error');`
Added localized messages to client and check form input 19 years ago			`rcmail_overwrite_action('add');`
Initial revision 19 years ago			`}`
			`}`

adding files and modifications for public ldap search 19 years ago			`?>`