roundcubemail/program/steps/addressbook/save.inc

<?php

/*
 +-----------------------------------------------------------------------+
 | program/steps/addressbook/save.inc                                    |
 |                                                                       |
 | This file is part of the RoundCube Webmail client                     |
 | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 | PURPOSE:                                                              |
 |   Save a contact entry or to add a new one                            |
 |                                                                       |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
 +-----------------------------------------------------------------------+

 $Id$

*/


$a_save_cols = array('name', 'firstname', 'surname', 'email');


// update an existing contact
if ($_POST['_cid'])
  {
  $a_write_sql = array();

  foreach ($a_save_cols as $col)
    {
    $fname = '_'.$col;
    if (!isset($_POST[$fname]))
      continue;
    
    $a_write_sql[] = sprintf("%s='%s'", $col, addslashes(strip_tags($_POST[$fname])));
    }

  if (sizeof($a_write_sql))
    {
    $DB->query("UPDATE ".get_table_name('contacts')."
                SET    changed=now(), ".join(', ', $a_write_sql)."
                WHERE  contact_id=?
                AND    user_id=?
                AND    del<>'1'",
                $_POST['_cid'],
                $_SESSION['user_id']);
                       
    $updated = $DB->affected_rows();
    }
       
  if ($updated)
    {
    $_action = 'show';
    show_message('successfullysaved', 'confirmation');    
    
    if ($_POST['_framed'])
      {
      // define list of cols to be displayed
      $a_show_cols = array('name', 'email');
      $a_js_cols = array();
  
      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
                                WHERE  contact_id=?
                                AND    user_id=?
                                AND    del<>'1'",
                               $_POST['_cid'],
                               $_SESSION['user_id']);
                         
      $sql_arr = $DB->fetch_assoc($sql_result);
      foreach ($a_show_cols as $col)
        $a_js_cols[] = (string)$sql_arr[$col];

      // update the changed col in list
      $OUTPUT->add_script(sprintf("if(parent.%s)parent.%s.update_contact_row('%d', %s);",
                          $JS_OBJECT_NAME,
                          $JS_OBJECT_NAME,
                          $_POST['_cid'],
                          array2js($a_js_cols)));

      // show confirmation
      show_message('successfullysaved', 'confirmation');
      }
    }
  else
    {
    // show error message
    show_message('errorsaving', 'error');
    $_action = 'show';
    }
  }

// insert a new contact
else
  {
  $a_insert_cols = $a_insert_values = array();

  foreach ($a_save_cols as $col)
    {
    $fname = '_'.$col;
    if (!isset($_POST[$fname]))
      continue;
    
    $a_insert_cols[] = $col;
    $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname])));
    }
    
  if (sizeof($a_insert_cols))
    {
    $DB->query("INSERT INTO ".get_table_name('contacts')."
                (user_id, changedm ".join(', ', $a_insert_cols).")
                VALUES (?, now(), ".join(', ', $a_insert_values).")",
                $_SESSION['user_id']);
                       
    $insert_id = $DB->insert_id();
    }
    
  if ($insert_id)
    {
    $_action = 'show';
    $_GET['_cid'] = $insert_id;

    if ($_POST['_framed'])
      {
      // add contact row or jump to the page where it should appear
      $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
                                WHERE  contact_id=?
                                AND    user_id=?",
                                $insert_id,
                                $_SESSION['user_id']);
      $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);

      $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
                           $JS_OBJECT_NAME, 
                           $JS_OBJECT_NAME,
                           $insert_id);
      
      // update record count display
      $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
                           $JS_OBJECT_NAME, 
                           $JS_OBJECT_NAME,
                           rcmail_get_rowcount_text());

      $OUTPUT->add_script($commands);
      
      // show confirmation
      show_message('successfullysaved', 'confirmation');      
      }
    }
  else
    {
    // show error message
    show_message('errorsaving', 'error');
    $_action = 'add';
    }
  }


?>
Initial revision 19 years ago			`<?php`

			`/*`
			`+-----------------------------------------------------------------------+`
			`\| program/steps/addressbook/save.inc \|`
			`\| \|`
			`\| This file is part of the RoundCube Webmail client \|`
			`\| Copyright (C) 2005, RoundCube Dev. - Switzerland \|`
Minor bugfixes and correction of confusing License notfications 19 years ago			`\| Licensed under the GNU GPL \|`
Initial revision 19 years ago			`\| \|`
			`\| PURPOSE: \|`
			`\| Save a contact entry or to add a new one \|`
			`\| \|`
			`+-----------------------------------------------------------------------+`
			`\| Author: Thomas Bruederli <roundcube@gmail.com> \|`
			`+-----------------------------------------------------------------------+`

			$Id$

			`*/`


			`$a_save_cols = array('name', 'firstname', 'surname', 'email');`


			`// update an existing contact`
			`if ($_POST['_cid'])`
			`{`
			`$a_write_sql = array();`

			`foreach ($a_save_cols as $col)`
			`{`
			`$fname = '_'.$col;`
			`if (!isset($_POST[$fname]))`
			`continue;`

Prevent from address book XSS 19 years ago			`$a_write_sql[] = sprintf("%s='%s'", $col, addslashes(strip_tags($_POST[$fname])));`
Initial revision 19 years ago			`}`

			`if (sizeof($a_write_sql))`
			`{`
more pear/mdb2 integration 19 years ago			`$DB->query("UPDATE ".get_table_name('contacts')."`
Added 'changed' col to contacts table and support for 160-bit session hashes 19 years ago			`SET changed=now(), ".join(', ', $a_write_sql)."`
more pear/mdb2 integration 19 years ago			`WHERE contact_id=?`
			`AND user_id=?`
			`AND del<>'1'",`
			`$_POST['_cid'],`
			`$_SESSION['user_id']);`
Initial revision 19 years ago
			`$updated = $DB->affected_rows();`
			`}`

			`if ($updated)`
			`{`
			`$_action = 'show';`
			`show_message('successfullysaved', 'confirmation');`

			`if ($_POST['_framed'])`
			`{`
			`// define list of cols to be displayed`
			`$a_show_cols = array('name', 'email');`
			`$a_js_cols = array();`

more pear/mdb2 integration 19 years ago			`$sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."`
			`WHERE contact_id=?`
			`AND user_id=?`
			`AND del<>'1'",`
Initial revision 19 years ago			`$_POST['_cid'],`
more pear/mdb2 integration 19 years ago			`$_SESSION['user_id']);`
Initial revision 19 years ago
			`$sql_arr = $DB->fetch_assoc($sql_result);`
			`foreach ($a_show_cols as $col)`
			`$a_js_cols[] = (string)$sql_arr[$col];`

			`// update the changed col in list`
			`$OUTPUT->add_script(sprintf("if(parent.%s)parent.%s.update_contact_row('%d', %s);",`
			`$JS_OBJECT_NAME,`
			`$JS_OBJECT_NAME,`
			`$_POST['_cid'],`
			`array2js($a_js_cols)));`

			`// show confirmation`
			`show_message('successfullysaved', 'confirmation');`
			`}`
			`}`
			`else`
			`{`
			`// show error message`
			`show_message('errorsaving', 'error');`
			`$_action = 'show';`
			`}`
			`}`

			`// insert a new contact`
			`else`
			`{`
			`$a_insert_cols = $a_insert_values = array();`

			`foreach ($a_save_cols as $col)`
			`{`
			`$fname = '_'.$col;`
			`if (!isset($_POST[$fname]))`
			`continue;`

			`$a_insert_cols[] = $col;`
Prevent from address book XSS 19 years ago			`$a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname])));`
Initial revision 19 years ago			`}`

			`if (sizeof($a_insert_cols))`
			`{`
more pear/mdb2 integration 19 years ago			`$DB->query("INSERT INTO ".get_table_name('contacts')."`
Added 'changed' col to contacts table and support for 160-bit session hashes 19 years ago			`(user_id, changedm ".join(', ', $a_insert_cols).")`
			`VALUES (?, now(), ".join(', ', $a_insert_values).")",`
more pear/mdb2 integration 19 years ago			`$_SESSION['user_id']);`
Initial revision 19 years ago
			`$insert_id = $DB->insert_id();`
			`}`

			`if ($insert_id)`
			`{`
			`$_action = 'show';`
			`$_GET['_cid'] = $insert_id;`

			`if ($_POST['_framed'])`
			`{`
			`// add contact row or jump to the page where it should appear`
			`$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);`
more pear/mdb2 integration 19 years ago			`$sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."`
			`WHERE contact_id=?`
			`AND user_id=?",`
			`$insert_id,`
			`$_SESSION['user_id']);`
Initial revision 19 years ago			`$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);`

			`$commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",`
			`$JS_OBJECT_NAME,`
			`$JS_OBJECT_NAME,`
			`$insert_id);`

			`// update record count display`
			`$commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",`
			`$JS_OBJECT_NAME,`
			`$JS_OBJECT_NAME,`
			`rcmail_get_rowcount_text());`

			`$OUTPUT->add_script($commands);`

			`// show confirmation`
			`show_message('successfullysaved', 'confirmation');`
			`}`
			`}`
			`else`
			`{`
			`// show error message`
			`show_message('errorsaving', 'error');`
			`$_action = 'add';`
			`}`
			`}`


			`?>`