Roundcubemail devel
view | history | commit | commitdiff
thomascube
2006-01-13 be2380fb47b05a222ec5b22deff36d5156a8c943
commit | author | age
4e17e6 1 <?php
T 2
3 /*
4  +-----------------------------------------------------------------------+
5  | program/steps/addressbook/save.inc                                    |
6  |                                                                       |
7  | This file is part of the RoundCube Webmail client                     |
8  | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |
30233b 9  | Licensed under the GNU GPL                                            |
4e17e6 10  |                                                                       |
T 11  | PURPOSE:                                                              |
12  |   Save a contact entry or to add a new one                            |
13  |                                                                       |
14  +-----------------------------------------------------------------------+
15  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
16  +-----------------------------------------------------------------------+
17
18  $Id$
19
20 */
21
10a699 22 // check input
d1d2c4 23 if ((empty($_POST['_name']) || empty($_POST['_email'])) && empty($_GET['_framed']))
10a699 24   {
T 25   show_message('formincomplete', 'warning');
26   rcmail_overwrite_action($_POST['_cid'] ? 'show' : 'add');
27   return;
28   }
29
d1d2c4 30 // setup some vars we need
S 31 $a_save_cols = array('name', 'firstname', 'surname', 'email');
32 $contacts_table = get_table_name('contacts');
10a699 33
4e17e6 34 // update an existing contact
T 35 if ($_POST['_cid'])
36   {
37   $a_write_sql = array();
38
39   foreach ($a_save_cols as $col)
40     {
41     $fname = '_'.$col;
42     if (!isset($_POST[$fname]))
43       continue;
44     
10a699 45     $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));
4e17e6 46     }
T 47
48   if (sizeof($a_write_sql))
49     {
d1d2c4 50     $DB->query("UPDATE $contacts_table
e0ddd4 51                 SET    changed=now(), ".join(', ', $a_write_sql)."
d7cb77 52                 WHERE  contact_id=?
S 53                 AND    user_id=?
1cded8 54                 AND    del<>1",
d7cb77 55                 $_POST['_cid'],
S 56                 $_SESSION['user_id']);
4e17e6 57                        
T 58     $updated = $DB->affected_rows();
59     }
60        
61   if ($updated)
62     {
63     $_action = 'show';
64     show_message('successfullysaved', 'confirmation');    
65     
66     if ($_POST['_framed'])
67       {
68       // define list of cols to be displayed
69       $a_show_cols = array('name', 'email');
70       $a_js_cols = array();
71   
d1d2c4 72       $sql_result = $DB->query("SELECT * FROM $contacts_table
d7cb77 73                                 WHERE  contact_id=?
S 74                                 AND    user_id=?
1cded8 75                                 AND    del<>1",
4e17e6 76                                $_POST['_cid'],
d7cb77 77                                $_SESSION['user_id']);
4e17e6 78                          
T 79       $sql_arr = $DB->fetch_assoc($sql_result);
80       foreach ($a_show_cols as $col)
81         $a_js_cols[] = (string)$sql_arr[$col];
82
83       // update the changed col in list
84       $OUTPUT->add_script(sprintf("if(parent.%s)parent.%s.update_contact_row('%d', %s);",
85                           $JS_OBJECT_NAME,
86                           $JS_OBJECT_NAME,
87                           $_POST['_cid'],
88                           array2js($a_js_cols)));
89
90       // show confirmation
91       show_message('successfullysaved', 'confirmation');
92       }
93     }
94   else
95     {
96     // show error message
97     show_message('errorsaving', 'error');
10a699 98     rcmail_overwrite_action('show');
4e17e6 99     }
T 100   }
101
102 // insert a new contact
103 else
104   {
105   $a_insert_cols = $a_insert_values = array();
d1d2c4 106
10a699 107   // check for existing contacts
d1d2c4 108   $sql = "SELECT 1 FROM $contacts_table
S 109           WHERE  user_id = {$_SESSION['user_id']}
110           AND del <> '1' ";
111
112   // get email and name, build sql for existing user check
113   if (isset($_GET['_emails']) && isset($_GET['_names']))
114     {
115     $sql   .= "AND email IN (";
116     $emails = explode(',', $_GET['_emails']);
117     $names  = explode(',', $_GET['_names']);
118     $count  = count($emails);
119     $n = 0;
120     foreach ($emails as $email)
121       {
122       $end  = (++$n == $count) ? '' : ',';
123       $sql .= $DB->quote(strip_tags($email)) . $end;
124       }
125     $sql .= ")";
126     $ldap_form = true; 
127     }
128   else if (isset($_POST['_email'])) 
129     $sql  .= "AND email = " . $DB->quote(strip_tags($_POST['_email']));
130
131   $sql_result = $DB->query($sql);
10a699 132
T 133   // show warning message
134   if ($DB->num_rows($sql_result))
135     {
136     show_message('contactexists', 'warning');
d1d2c4 137
S 138     if ($ldap_form)
139       rcmail_overwrite_action('ldappublicsearch');
140     else
141       rcmail_overwrite_action('add');
142
10a699 143     return;
T 144     }
4e17e6 145
d1d2c4 146   if ($ldap_form)
4e17e6 147     {
d1d2c4 148     $n = 0; 
S 149     foreach ($emails as $email) 
150       {
151       $DB->query("INSERT INTO $contacts_table 
152                  (user_id, name, email)
153                  VALUES ({$_SESSION['user_id']}," . $DB->quote(strip_tags($names[$n++])) . "," . 
154                                       $DB->quote(strip_tags($email)) . ")");
155       $insert_id[] = $DB->insert_id();
156       }
4e17e6 157     }
d1d2c4 158   else
4e17e6 159     {
d1d2c4 160     foreach ($a_save_cols as $col)
S 161       {
162       $fname = '_'.$col;
163       if (!isset($_POST[$fname]))
164         continue;
165     
166       $a_insert_cols[] = $col;
167       $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
168       }
169     
170     if (sizeof($a_insert_cols))
171       {
172       $DB->query("INSERT INTO $contacts_table
1cded8 173                 (user_id, changed, del, ".join(', ', $a_insert_cols).")
T 174                 VALUES (?, now(), 0, ".join(', ', $a_insert_values).")",
d7cb77 175                 $_SESSION['user_id']);
4e17e6 176                        
d1d2c4 177       $insert_id = $DB->insert_id(get_sequence_name('contacts'));
S 178       }
4e17e6 179     }
T 180     
181   if ($insert_id)
182     {
d1d2c4 183     if (!$ldap_form)
S 184       {
185       $_action = 'show';
186       $_GET['_cid'] = $insert_id;
4e17e6 187
d1d2c4 188       if ($_POST['_framed'])
S 189         {
190         // add contact row or jump to the page where it should appear
191         $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
192         $sql_result = $DB->query("SELECT * FROM $contacts_table
193                                   WHERE  contact_id=?
194                                   AND    user_id=?",
195                                   $insert_id,
196                                   $_SESSION['user_id']);
197         $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
198
199         $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
200                              $JS_OBJECT_NAME, 
201                              $JS_OBJECT_NAME,
202                              $insert_id);
203       
204         // update record count display
205         $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
206                              $JS_OBJECT_NAME, 
207                              $JS_OBJECT_NAME,
208                              rcmail_get_rowcount_text());
209
210         $OUTPUT->add_script($commands);
211         }
212
213       // show confirmation
214       show_message('successfullysaved', 'confirmation');      
215       }
216     else 
4e17e6 217       {
T 218       // add contact row or jump to the page where it should appear
d1d2c4 219       $commands = '';
S 220       foreach ($insert_id as $id) 
221         {
222         $sql_result = $DB->query("SELECT * FROM $contacts_table
223                                   WHERE  contact_id = $id
224                                   AND    user_id    = {$_SESSION['user_id']}");
225         
226         $commands .= sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
227         $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
228         $last_id = $id;
229         }
4e17e6 230
d1d2c4 231       // display the last insert id
4e17e6 232       $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
d1d2c4 233                             $JS_OBJECT_NAME, 
S 234                             $JS_OBJECT_NAME,
235                             $last_id);
236
4e17e6 237       // update record count display
T 238       $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
239                            $JS_OBJECT_NAME, 
240                            $JS_OBJECT_NAME,
241                            rcmail_get_rowcount_text());
242
243       $OUTPUT->add_script($commands);
d1d2c4 244       rcmail_overwrite_action('ldappublicsearch');
4e17e6 245       }
d1d2c4 246
S 247     // show confirmation
248     show_message('successfullysaved', 'confirmation');      
4e17e6 249     }
T 250   else
251     {
252     // show error message
253     show_message('errorsaving', 'error');
10a699 254     rcmail_overwrite_action('add');
4e17e6 255     }
T 256   }
257
d1d2c4 258 ?>