1<?php
2/*
3	FusionPBX
4	Version: MPL 1.1
5
6	The contents of this file are subject to the Mozilla Public License Version
7	1.1 (the "License"); you may not use this file except in compliance with
8	the License. You may obtain a copy of the License at
9	http://www.mozilla.org/MPL/
10
11	Software distributed under the License is distributed on an "AS IS" basis,
12	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13	for the specific language governing rights and limitations under the
14	License.
15
16	The Original Code is FusionPBX
17
18	The Initial Developer of the Original Code is
19	Mark J Crane <markjcrane@fusionpbx.com>
20	Portions created by the Initial Developer are Copyright (C) 2008-2016
21	the Initial Developer. All Rights Reserved.
22
23	Contributor(s):
24	Mark J Crane <markjcrane@fusionpbx.com>
25*/
26
27//includes
28	require_once "root.php";
29	require_once "resources/require.php";
30	require_once "resources/check_auth.php";
31	require_once "resources/paging.php";
32
33//check permissions
34	if (permission_exists('contact_view')) {
35		//access granted
36	}
37	else {
38		echo "access denied";
39		exit;
40	}
41
42//add multi-lingual support
43	$language = new text;
44	$text = $language->get();
45
46//includes and title
47	$document['title'] = $text['title-contacts'];
48	require_once "resources/header.php";
49
50//get the search criteria
51	$search_all = strtolower(check_str($_GET["search_all"]));
52	$phone_number = check_str($_GET["phone_number"]);
53
54//get variables used to control the order
55	$order_by = check_str($_GET["order_by"]);
56	$order = check_str($_GET["order"]);
57
58//retrieve current user's assigned groups (uuids)
59	foreach ($_SESSION['groups'] as $group_data) {
60		$user_group_uuids[] = $group_data['group_uuid'];
61	}
62
63//add user's uuid to group uuid list to include private (non-shared) contacts
64	$user_group_uuids[] = $_SESSION["user_uuid"];
65
66//get contact settings - sync sources
67	$sql = "select ";
68	$sql .= "contact_uuid, ";
69	$sql .= "contact_setting_value ";
70	$sql .= "from ";
71	$sql .= "v_contact_settings ";
72	$sql .= "where ";
73	$sql .= "domain_uuid = '".$_SESSION['domain_uuid']."' ";
74	$sql .= "and contact_setting_category = 'sync' ";
75	$sql .= "and contact_setting_subcategory = 'source' ";
76	$sql .= "and contact_setting_name = 'array' ";
77	$sql .= "and contact_setting_value <> '' ";
78	$sql .= "and contact_setting_value is not null ";
79	if (!(if_group("superadmin") || if_group("admin"))) {
80		$sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group
81		$sql .= "	contact_uuid in ( \n";
82		$sql .= "		select contact_uuid from v_contact_groups ";
83		$sql .= "		where group_uuid in ('".implode("','", array_filter($user_group_uuids))."') ";
84		$sql .= "		and domain_uuid = '".$_SESSION['domain_uuid']."' ";
85		$sql .= "	) \n";
86		$sql .= "	or \n";
87		$sql .= "	contact_uuid not in ( \n";
88		$sql .= "		select contact_uuid from v_contact_groups ";
89		$sql .= "		where group_uuid = '".$_SESSION['group_uuid']."' ";
90		$sql .= "		and domain_uuid = '".$_SESSION['domain_uuid']."' ";
91		$sql .= "	) \n";
92		$sql .= ") \n";
93	}
94	$prep_statement = $db->prepare(check_sql($sql));
95	$prep_statement->execute();
96	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
97	if (count($result) > 0) {
98		foreach($result as $row) {
99			$contact_sync_sources[$row['contact_uuid']][] = $row['contact_setting_value'];
100		}
101	}
102	unset ($sql, $prep_statement, $result);
103
104//build query for paging and list
105	$sql = "select count(*) as num_rows ";
106	$sql .= "from v_contacts as c ";
107	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
108	if (!(if_group("superadmin") || if_group("admin"))) {
109		$sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group
110		$sql .= "	contact_uuid in ( \n";
111		$sql .= "		select contact_uuid from v_contact_groups ";
112		$sql .= "		where group_uuid in ('".implode("','", array_filter($user_group_uuids))."') ";
113		$sql .= "		and domain_uuid = '".$_SESSION['domain_uuid']."' ";
114		$sql .= "	) \n";
115		$sql .= "	or contact_uuid in ( \n";
116		$sql .= "		select contact_uuid from v_contact_users ";
117		$sql .= "		where user_uuid = '".$_SESSION['user_uuid']."' ";
118		$sql .= "		and domain_uuid = '".$_SESSION['domain_uuid']."' ";
119		$sql .= "";
120		$sql .= "	) \n";
121		$sql .= ") \n";
122	}
123	if (strlen($phone_number) > 0) {
124		$phone_number = preg_replace('{\D}', '', $phone_number);
125		$sql .= "and contact_uuid in ( ";
126		$sql .= "	select contact_uuid from v_contact_phones ";
127		$sql .= "	where phone_number like '%".$phone_number."%' ";
128		$sql .= ") \n";
129	}
130	else {
131		if (strlen($search_all) > 0) {
132			if (is_numeric($search_all)) {
133				$sql .= "and contact_uuid in ( \n";
134				$sql .= "	select contact_uuid from v_contact_phones ";
135				$sql .= "	where phone_number like '%".$search_all."%' ";
136				$sql .= ") \n";
137			}
138			else {
139				$sql .= "and contact_uuid in ( \n";
140				$sql .= "	select contact_uuid from v_contacts ";
141				$sql .= "	where domain_uuid = '".$_SESSION['domain_uuid']."' \n";
142				$sql .= "	and ( \n";
143				$sql .= "		lower(contact_organization) like '%".$search_all."%' or \n";
144				$sql .= "		lower(contact_name_given) like '%".$search_all."%' or \n";
145				$sql .= "		lower(contact_name_family) like '%".$search_all."%' or \n";
146				$sql .= "		lower(contact_nickname) like '%".$search_all."%' or \n";
147				$sql .= "		lower(contact_title) like '%".$search_all."%' or \n";
148				$sql .= "		lower(contact_category) like '%".$search_all."%' or \n";
149				$sql .= "		lower(contact_role) like '%".$search_all."%' or \n";
150				$sql .= "		lower(contact_url) like '%".$search_all."%' or \n";
151				$sql .= "		lower(contact_time_zone) like '%".$search_all."%' or \n";
152				$sql .= "		lower(contact_note) like '%".$search_all."%' or \n";
153				$sql .= "		lower(contact_type) like '%".$search_all."%' \n";
154				$sql .= "	) \n";
155				$sql .= ") \n";
156			}
157		}
158	}
159	$prep_statement = $db->prepare($sql);
160	if ($prep_statement) {
161	$prep_statement->execute();
162		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
163		if ($row['num_rows'] > 0) {
164			$num_rows = $row['num_rows'];
165		}
166		else {
167			$num_rows = '0';
168		}
169	}
170
171//prepare to page the results
172	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
173	$param = "";
174	$page = $_GET['page'];
175	if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; }
176	list($paging_controls_mini, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page, true); //top
177	list($paging_controls, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page); //bottom
178	$offset = $rows_per_page * $page;
179
180//get the list
181	$sql = str_replace('count(*) as num_rows', '*', $sql); // modify query created above
182	if (strlen($order_by) > 0) {
183		$sql .= "order by ".$order_by." ".$order." ";
184	}
185	else {
186		$sql .= "order by last_mod_date desc ";
187		if ($db_type == "pgsql") {
188			$sql .= "nulls last ";
189		}
190	}
191	$sql .= "limit ".$rows_per_page." offset ".$offset." ";
192	$prep_statement = $db->prepare(check_sql($sql));
193	$prep_statement->execute();
194	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
195	$result_count = count($result);
196	unset ($prep_statement, $sql);
197
198//show the content
199	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
200	echo "	<tr>\n";
201	echo "		<td align='left' valign='top' width='50%'>\n";
202	echo "			<b>".$text['header-contacts']."</b>\n";
203	echo "			<br /><br />";
204	echo "		</td>\n";
205	echo "		<td align='right' valign='top' width='50%' nowrap='nowrap'>\n";
206	echo "			<form method='get' name='frm_search' action=''>\n";
207	echo "				<input class='formfld' style='text-align: right;' type='text' name='search_all' id='search_all' value=\"".$search_all."\">\n";
208	echo "				<input class='btn' type='submit' name='submit' value=\"".$text['button-search']."\">\n";
209	if (permission_exists('contact_add')) {
210		echo 				"<input type='button' class='btn' alt='".$text['button-import']."' onclick=\"window.location='contact_import.php'\" value='".$text['button-import']."'>\n";
211	}
212	echo "			</form>\n";
213	echo "		</td>\n";
214	if ($paging_controls_mini != '') {
215		echo "		<td valign='top' nowrap='nowrap' style='padding-left: 15px;'>".$paging_controls_mini."</td>\n";
216	}
217	echo "	</tr>\n";
218	echo "	<tr>\n";
219	echo "		<td colspan='3'>\n";
220	echo "			".$text['description-contacts']."<br /><br />\n";
221	echo "		</td>\n";
222	echo "	</tr>\n";
223	echo "</table>\n";
224	echo "<br />\n";
225
226	$c = 0;
227	$row_style["0"] = "row_style0";
228	$row_style["1"] = "row_style1";
229
230	echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
231	echo "<tr>\n";
232	echo th_order_by('contact_type', $text['label-contact_type'], $order_by, $order);
233	echo th_order_by('contact_organization', $text['label-contact_organization'], $order_by, $order);
234	echo th_order_by('contact_name_given', $text['label-contact_name_given'], $order_by, $order);
235	echo th_order_by('contact_name_family', $text['label-contact_name_family'], $order_by, $order);
236	echo th_order_by('contact_nickname', $text['label-contact_nickname'], $order_by, $order);
237	echo th_order_by('contact_title', $text['label-contact_title'], $order_by, $order);
238	echo th_order_by('contact_role', $text['label-contact_role'], $order_by, $order);
239	echo "<th style='padding: 0px;'>&nbsp;</th>\n";
240	echo "<td class='list_control_icons'>";
241	echo 	"<a href='contact_edit.php' alt='".$text['button-add']."'>$v_link_label_add</a>";
242	echo "</td>\n";
243	echo "</tr>\n";
244
245	if ($result_count > 0) {
246		foreach($result as $row) {
247			$tr_link = "href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'";
248			echo "<tr ".$tr_link.">\n";
249			echo "	<td valign='top' class='".$row_style[$c]."'>".ucwords($row['contact_type'])."&nbsp;</td>\n";
250			echo "	<td valign='top' class='".$row_style[$c]."' style='width: 35%; max-width: 50px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_organization']."</a>&nbsp;</td>\n";
251			echo "	<td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_name_given']."</a>&nbsp;</td>\n";
252			echo "	<td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_name_family']."</a>&nbsp;</td>\n";
253			echo "	<td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'>".$row['contact_nickname']."&nbsp;</td>\n";
254			echo "	<td valign='top' class='".$row_style[$c]."' style='width: 10%; max-width: 40px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".$row['contact_title']."&nbsp;</td>\n";
255			echo "	<td valign='top' class='".$row_style[$c]."' style='width: 10%; max-width: 40px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".$row['contact_role']."&nbsp;</td>\n";
256			echo "	<td valign='top' class='".$row_style[$c]."' style='padding: 2px 2px; text-align: center; width: 25px;'>";
257				if (sizeof($contact_sync_sources[$row['contact_uuid']]) > 0) {
258					foreach ($contact_sync_sources[$row['contact_uuid']] as $contact_sync_source) {
259						switch ($contact_sync_source) {
260							case 'google': echo "<img src='resources/images/icon_gcontacts.png' style='width: 21px; height: 21px; border: none; padding-left: 2px;' alt='".$text['label-contact_google']."'>"; break;
261						}
262					}
263				}
264				else { echo "&nbsp;"; }
265			echo "	</td>\n";
266			echo "	<td class='list_control_icons'>";
267			echo 		"<a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
268			echo 		"<a href='contact_delete.php?id=".$row['contact_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
269			echo "	</td>\n";
270			echo "</tr>\n";
271			if ($c==0) { $c=1; } else { $c=0; }
272		} //end foreach
273		unset($sql, $result, $row_count);
274	} //end if results
275
276	echo "<tr>\n";
277	echo "<td colspan='15' align='right'>\n";
278	echo "	<a href='contact_edit.php' alt='".$text['button-add']."'>$v_link_label_add</a>";
279	echo "</td>\n";
280	echo "</tr>\n";
281
282	echo "</table>";
283
284	echo $paging_controls;
285	echo "<br /><br />";
286
287	echo "<script>document.getElementById('search_all').focus();</script>";
288
289//include the footer
290	require_once "resources/footer.php";
291
292?>
293