1<?php 2/* 3 FusionPBX 4 Version: MPL 1.1 5 6 The contents of this file are subject to the Mozilla Public License Version 7 1.1 (the "License"); you may not use this file except in compliance with 8 the License. You may obtain a copy of the License at 9 http://www.mozilla.org/MPL/ 10 11 Software distributed under the License is distributed on an "AS IS" basis, 12 WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 13 for the specific language governing rights and limitations under the 14 License. 15 16 The Original Code is FusionPBX 17 18 The Initial Developer of the Original Code is 19 Mark J Crane <markjcrane@fusionpbx.com> 20 Portions created by the Initial Developer are Copyright (C) 2008-2016 21 the Initial Developer. All Rights Reserved. 22 23 Contributor(s): 24 Mark J Crane <markjcrane@fusionpbx.com> 25*/ 26 27//includes 28 require_once "root.php"; 29 require_once "resources/require.php"; 30 require_once "resources/check_auth.php"; 31 require_once "resources/paging.php"; 32 33//check permissions 34 if (permission_exists('contact_view')) { 35 //access granted 36 } 37 else { 38 echo "access denied"; 39 exit; 40 } 41 42//add multi-lingual support 43 $language = new text; 44 $text = $language->get(); 45 46//includes and title 47 $document['title'] = $text['title-contacts']; 48 require_once "resources/header.php"; 49 50//get the search criteria 51 $search_all = strtolower(check_str($_GET["search_all"])); 52 $phone_number = check_str($_GET["phone_number"]); 53 54//get variables used to control the order 55 $order_by = check_str($_GET["order_by"]); 56 $order = check_str($_GET["order"]); 57 58//retrieve current user's assigned groups (uuids) 59 foreach ($_SESSION['groups'] as $group_data) { 60 $user_group_uuids[] = $group_data['group_uuid']; 61 } 62 63//add user's uuid to group uuid list to include private (non-shared) contacts 64 $user_group_uuids[] = $_SESSION["user_uuid"]; 65 66//get contact settings - sync sources 67 $sql = "select "; 68 $sql .= "contact_uuid, "; 69 $sql .= "contact_setting_value "; 70 $sql .= "from "; 71 $sql .= "v_contact_settings "; 72 $sql .= "where "; 73 $sql .= "domain_uuid = '".$_SESSION['domain_uuid']."' "; 74 $sql .= "and contact_setting_category = 'sync' "; 75 $sql .= "and contact_setting_subcategory = 'source' "; 76 $sql .= "and contact_setting_name = 'array' "; 77 $sql .= "and contact_setting_value <> '' "; 78 $sql .= "and contact_setting_value is not null "; 79 if (!(if_group("superadmin") || if_group("admin"))) { 80 $sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group 81 $sql .= " contact_uuid in ( \n"; 82 $sql .= " select contact_uuid from v_contact_groups "; 83 $sql .= " where group_uuid in ('".implode("','", array_filter($user_group_uuids))."') "; 84 $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; 85 $sql .= " ) \n"; 86 $sql .= " or \n"; 87 $sql .= " contact_uuid not in ( \n"; 88 $sql .= " select contact_uuid from v_contact_groups "; 89 $sql .= " where group_uuid = '".$_SESSION['group_uuid']."' "; 90 $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; 91 $sql .= " ) \n"; 92 $sql .= ") \n"; 93 } 94 $prep_statement = $db->prepare(check_sql($sql)); 95 $prep_statement->execute(); 96 $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); 97 if (count($result) > 0) { 98 foreach($result as $row) { 99 $contact_sync_sources[$row['contact_uuid']][] = $row['contact_setting_value']; 100 } 101 } 102 unset ($sql, $prep_statement, $result); 103 104//build query for paging and list 105 $sql = "select count(*) as num_rows "; 106 $sql .= "from v_contacts as c "; 107 $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; 108 if (!(if_group("superadmin") || if_group("admin"))) { 109 $sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group 110 $sql .= " contact_uuid in ( \n"; 111 $sql .= " select contact_uuid from v_contact_groups "; 112 $sql .= " where group_uuid in ('".implode("','", array_filter($user_group_uuids))."') "; 113 $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; 114 $sql .= " ) \n"; 115 $sql .= " or contact_uuid in ( \n"; 116 $sql .= " select contact_uuid from v_contact_users "; 117 $sql .= " where user_uuid = '".$_SESSION['user_uuid']."' "; 118 $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' "; 119 $sql .= ""; 120 $sql .= " ) \n"; 121 $sql .= ") \n"; 122 } 123 if (strlen($phone_number) > 0) { 124 $phone_number = preg_replace('{\D}', '', $phone_number); 125 $sql .= "and contact_uuid in ( "; 126 $sql .= " select contact_uuid from v_contact_phones "; 127 $sql .= " where phone_number like '%".$phone_number."%' "; 128 $sql .= ") \n"; 129 } 130 else { 131 if (strlen($search_all) > 0) { 132 if (is_numeric($search_all)) { 133 $sql .= "and contact_uuid in ( \n"; 134 $sql .= " select contact_uuid from v_contact_phones "; 135 $sql .= " where phone_number like '%".$search_all."%' "; 136 $sql .= ") \n"; 137 } 138 else { 139 $sql .= "and contact_uuid in ( \n"; 140 $sql .= " select contact_uuid from v_contacts "; 141 $sql .= " where domain_uuid = '".$_SESSION['domain_uuid']."' \n"; 142 $sql .= " and ( \n"; 143 $sql .= " lower(contact_organization) like '%".$search_all."%' or \n"; 144 $sql .= " lower(contact_name_given) like '%".$search_all."%' or \n"; 145 $sql .= " lower(contact_name_family) like '%".$search_all."%' or \n"; 146 $sql .= " lower(contact_nickname) like '%".$search_all."%' or \n"; 147 $sql .= " lower(contact_title) like '%".$search_all."%' or \n"; 148 $sql .= " lower(contact_category) like '%".$search_all."%' or \n"; 149 $sql .= " lower(contact_role) like '%".$search_all."%' or \n"; 150 $sql .= " lower(contact_url) like '%".$search_all."%' or \n"; 151 $sql .= " lower(contact_time_zone) like '%".$search_all."%' or \n"; 152 $sql .= " lower(contact_note) like '%".$search_all."%' or \n"; 153 $sql .= " lower(contact_type) like '%".$search_all."%' \n"; 154 $sql .= " ) \n"; 155 $sql .= ") \n"; 156 } 157 } 158 } 159 $prep_statement = $db->prepare($sql); 160 if ($prep_statement) { 161 $prep_statement->execute(); 162 $row = $prep_statement->fetch(PDO::FETCH_ASSOC); 163 if ($row['num_rows'] > 0) { 164 $num_rows = $row['num_rows']; 165 } 166 else { 167 $num_rows = '0'; 168 } 169 } 170 171//prepare to page the results 172 $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; 173 $param = ""; 174 $page = $_GET['page']; 175 if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; } 176 list($paging_controls_mini, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page, true); //top 177 list($paging_controls, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page); //bottom 178 $offset = $rows_per_page * $page; 179 180//get the list 181 $sql = str_replace('count(*) as num_rows', '*', $sql); // modify query created above 182 if (strlen($order_by) > 0) { 183 $sql .= "order by ".$order_by." ".$order." "; 184 } 185 else { 186 $sql .= "order by last_mod_date desc "; 187 if ($db_type == "pgsql") { 188 $sql .= "nulls last "; 189 } 190 } 191 $sql .= "limit ".$rows_per_page." offset ".$offset." "; 192 $prep_statement = $db->prepare(check_sql($sql)); 193 $prep_statement->execute(); 194 $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); 195 $result_count = count($result); 196 unset ($prep_statement, $sql); 197 198//show the content 199 echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n"; 200 echo " <tr>\n"; 201 echo " <td align='left' valign='top' width='50%'>\n"; 202 echo " <b>".$text['header-contacts']."</b>\n"; 203 echo " <br /><br />"; 204 echo " </td>\n"; 205 echo " <td align='right' valign='top' width='50%' nowrap='nowrap'>\n"; 206 echo " <form method='get' name='frm_search' action=''>\n"; 207 echo " <input class='formfld' style='text-align: right;' type='text' name='search_all' id='search_all' value=\"".$search_all."\">\n"; 208 echo " <input class='btn' type='submit' name='submit' value=\"".$text['button-search']."\">\n"; 209 if (permission_exists('contact_add')) { 210 echo "<input type='button' class='btn' alt='".$text['button-import']."' onclick=\"window.location='contact_import.php'\" value='".$text['button-import']."'>\n"; 211 } 212 echo " </form>\n"; 213 echo " </td>\n"; 214 if ($paging_controls_mini != '') { 215 echo " <td valign='top' nowrap='nowrap' style='padding-left: 15px;'>".$paging_controls_mini."</td>\n"; 216 } 217 echo " </tr>\n"; 218 echo " <tr>\n"; 219 echo " <td colspan='3'>\n"; 220 echo " ".$text['description-contacts']."<br /><br />\n"; 221 echo " </td>\n"; 222 echo " </tr>\n"; 223 echo "</table>\n"; 224 echo "<br />\n"; 225 226 $c = 0; 227 $row_style["0"] = "row_style0"; 228 $row_style["1"] = "row_style1"; 229 230 echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n"; 231 echo "<tr>\n"; 232 echo th_order_by('contact_type', $text['label-contact_type'], $order_by, $order); 233 echo th_order_by('contact_organization', $text['label-contact_organization'], $order_by, $order); 234 echo th_order_by('contact_name_given', $text['label-contact_name_given'], $order_by, $order); 235 echo th_order_by('contact_name_family', $text['label-contact_name_family'], $order_by, $order); 236 echo th_order_by('contact_nickname', $text['label-contact_nickname'], $order_by, $order); 237 echo th_order_by('contact_title', $text['label-contact_title'], $order_by, $order); 238 echo th_order_by('contact_role', $text['label-contact_role'], $order_by, $order); 239 echo "<th style='padding: 0px;'> </th>\n"; 240 echo "<td class='list_control_icons'>"; 241 echo "<a href='contact_edit.php' alt='".$text['button-add']."'>$v_link_label_add</a>"; 242 echo "</td>\n"; 243 echo "</tr>\n"; 244 245 if ($result_count > 0) { 246 foreach($result as $row) { 247 $tr_link = "href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'"; 248 echo "<tr ".$tr_link.">\n"; 249 echo " <td valign='top' class='".$row_style[$c]."'>".ucwords($row['contact_type'])." </td>\n"; 250 echo " <td valign='top' class='".$row_style[$c]."' style='width: 35%; max-width: 50px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_organization']."</a> </td>\n"; 251 echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_name_given']."</a> </td>\n"; 252 echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'><a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."'>".$row['contact_name_family']."</a> </td>\n"; 253 echo " <td valign='top' class='".$row_style[$c]."' style='white-space: nowrap;'>".$row['contact_nickname']." </td>\n"; 254 echo " <td valign='top' class='".$row_style[$c]."' style='width: 10%; max-width: 40px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".$row['contact_title']." </td>\n"; 255 echo " <td valign='top' class='".$row_style[$c]."' style='width: 10%; max-width: 40px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>".$row['contact_role']." </td>\n"; 256 echo " <td valign='top' class='".$row_style[$c]."' style='padding: 2px 2px; text-align: center; width: 25px;'>"; 257 if (sizeof($contact_sync_sources[$row['contact_uuid']]) > 0) { 258 foreach ($contact_sync_sources[$row['contact_uuid']] as $contact_sync_source) { 259 switch ($contact_sync_source) { 260 case 'google': echo "<img src='resources/images/icon_gcontacts.png' style='width: 21px; height: 21px; border: none; padding-left: 2px;' alt='".$text['label-contact_google']."'>"; break; 261 } 262 } 263 } 264 else { echo " "; } 265 echo " </td>\n"; 266 echo " <td class='list_control_icons'>"; 267 echo "<a href='contact_edit.php?id=".$row['contact_uuid']."&query_string=".urlencode($_SERVER["QUERY_STRING"])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>"; 268 echo "<a href='contact_delete.php?id=".$row['contact_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>"; 269 echo " </td>\n"; 270 echo "</tr>\n"; 271 if ($c==0) { $c=1; } else { $c=0; } 272 } //end foreach 273 unset($sql, $result, $row_count); 274 } //end if results 275 276 echo "<tr>\n"; 277 echo "<td colspan='15' align='right'>\n"; 278 echo " <a href='contact_edit.php' alt='".$text['button-add']."'>$v_link_label_add</a>"; 279 echo "</td>\n"; 280 echo "</tr>\n"; 281 282 echo "</table>"; 283 284 echo $paging_controls; 285 echo "<br /><br />"; 286 287 echo "<script>document.getElementById('search_all').focus();</script>"; 288 289//include the footer 290 require_once "resources/footer.php"; 291 292?> 293