Roundcubemail devel
blame | history | patch | commit | commitdiff | ignore whitespace
thomascube
2005-11-18 fbf77b4493f1b77c99751d8a86365c712ae3fb1b 
 program/steps/addressbook/save.inc


@@ -6,7 +6,7 @@


 |                                                                       |


 | This file is part of the RoundCube Webmail client                     |


 | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |


 | All rights reserved.                                                  |


 | Licensed under the GNU GPL                                            |


 |                                                                       |


 | PURPOSE:                                                              |


 |   Save a contact entry or to add a new one                            |


@@ -23,6 +23,15 @@


$a_save_cols = array('name', 'firstname', 'surname', 'email');






// check input


if (empty($_POST['_name']) || empty($_POST['_email']))


  {


  show_message('formincomplete', 'warning');


  rcmail_overwrite_action($_POST['_cid'] ? 'show' : 'add');


  return;


  }






// update an existing contact


if ($_POST['_cid'])


  {


@@ -34,20 +43,18 @@


    if (!isset($_POST[$fname]))


      continue;


    


    $a_write_sql[] = sprintf("%s='%s'", $col, addslashes($_POST[$fname]));


    $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));


    }




  if (sizeof($a_write_sql))


    {


    $DB->query(sprintf("UPDATE %s


                        SET    %s


                        WHERE  contact_id=%d


                        AND    user_id=%d


                        AND    del!='1'",


                       get_table_name('contacts'),


                       join(', ', $a_write_sql),


                       $_POST['_cid'],


                       $_SESSION['user_id']));


    $DB->query("UPDATE ".get_table_name('contacts')."


                SET    changed=now(), ".join(', ', $a_write_sql)."


                WHERE  contact_id=?


                AND    user_id=?


                AND    del<>'1'",


                $_POST['_cid'],


                $_SESSION['user_id']);


                       


    $updated = $DB->affected_rows();


    }


@@ -63,13 +70,12 @@


      $a_show_cols = array('name', 'email');


      $a_js_cols = array();


  


      $sql_result = $DB->query(sprintf("SELECT * FROM %s


                                        WHERE  contact_id=%d


                                        AND    user_id=%d


                                        AND    del!='1'",


                               get_table_name('contacts'),


      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."


                                WHERE  contact_id=?


                                AND    user_id=?


                                AND    del<>'1'",


                               $_POST['_cid'],


                               $_SESSION['user_id']));


                               $_SESSION['user_id']);


                         


      $sql_arr = $DB->fetch_assoc($sql_result);


      foreach ($a_show_cols as $col)


@@ -90,7 +96,7 @@


    {


    // show error message


    show_message('errorsaving', 'error');


    $_action = 'show';


    rcmail_overwrite_action('show');


    }


  }




@@ -98,6 +104,22 @@


else


  {


  $a_insert_cols = $a_insert_values = array();


  


  // check for existing contacts


  $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."


                            WHERE  user_id=?


                            AND    email=?


                            AND    del<>'1'",


                           $_SESSION['user_id'],


                           $_POST['_email']);




  // show warning message


  if ($DB->num_rows($sql_result))


    {


    show_message('contactexists', 'warning');


    $_action = 'add';


    return;


    }




  foreach ($a_save_cols as $col)


    {


@@ -106,18 +128,15 @@


      continue;


    


    $a_insert_cols[] = $col;


    $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));


    $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));


    }


    


  if (sizeof($a_insert_cols))


    {


    $DB->query(sprintf("INSERT INTO %s


                        (user_id, %s)


                        VALUES (%d, %s)",


                       get_table_name('contacts'),


                       join(', ', $a_insert_cols),


                       $_SESSION['user_id'],


                       join(', ', $a_insert_values)));


    $DB->query("INSERT INTO ".get_table_name('contacts')."


                (user_id, changed, ".join(', ', $a_insert_cols).")


                VALUES (?, now(), ".join(', ', $a_insert_values).")",


                $_SESSION['user_id']);


                       


    $insert_id = $DB->insert_id();


    }


@@ -131,12 +150,11 @@


      {


      // add contact row or jump to the page where it should appear


      $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);


      $sql_result = $DB->query(sprintf("SELECT * FROM %s


                                        WHERE  contact_id=%d


                                        AND    user_id=%d",


                                       get_table_name('contacts'),


                                       $insert_id,


                                       $_SESSION['user_id']));


      $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."


                                WHERE  contact_id=?


                                AND    user_id=?",


                                $insert_id,


                                $_SESSION['user_id']);


      $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);




      $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",


@@ -160,7 +178,7 @@


    {


    // show error message


    show_message('errorsaving', 'error');


    $_action = 'add';


    rcmail_overwrite_action('add');


    }


  }