program/steps/addressbook/save.inc

   1 <?php
   2
   3 /*
   4  +-----------------------------------------------------------------------+
   5  | program/steps/addressbook/save.inc                                    |
   6  |                                                                       |
   7  | This file is part of the RoundCube Webmail client                     |
   8  | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |
   9  | Licensed under the GNU GPL                                            |
  10  |                                                                       |
  11  | PURPOSE:                                                              |
  12  |   Save a contact entry or to add a new one                            |
  13  |                                                                       |
  14  +-----------------------------------------------------------------------+
  15  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  16  +-----------------------------------------------------------------------+
  17
  18  $Id: save.inc 159 2006-03-03 16:34:35Z roundcube $
  19
  20 */
  21
  22 // check input
  23 if ((empty($_POST['_name']) || empty($_POST['_email'])) && empty($_GET['_framed']))
  24   {
  25   show_message('formincomplete', 'warning');
  26   rcmail_overwrite_action(empty($_POST['_cid']) ? 'add' : 'show');
  27   return;
  28   }
  29
  30 // setup some vars we need
  31 $a_save_cols = array('name', 'firstname', 'surname', 'email');
  32 $contacts_table = get_table_name('contacts');
  33
  34 // update an existing contact
  35 if (!empty($_POST['_cid']))
  36   {
  37   $a_write_sql = array();
  38
  39   foreach ($a_save_cols as $col)
  40     {
  41     $fname = '_'.$col;
  42     if (!isset($_POST[$fname]))
  43       continue;
  44
  45     $a_write_sql[] = sprintf("%s=%s",
  46                              $DB->quoteIdentifier($col),
  47                              $DB->quote(get_input_value($fname, RCUBE_INPUT_POST)));
  48     }
  49
  50   if (sizeof($a_write_sql))
  51     {
  52     $DB->query("UPDATE $contacts_table
  53                 SET    changed=now(), ".join(', ', $a_write_sql)."
  54                 WHERE  contact_id=?
  55                 AND    user_id=?
  56                 AND    del<>1",
  57                 $_POST['_cid'],
  58                 $_SESSION['user_id']);
  59
  60     $updated = $DB->affected_rows();
  61     }
  62
  63   if ($updated)
  64     {
  65     $_action = 'show';
  66     show_message('successfullysaved', 'confirmation');
  67
  68     if ($_framed)
  69       {
  70       // define list of cols to be displayed
  71       $a_show_cols = array('name', 'email');
  72       $a_js_cols = array();
  73
  74       $sql_result = $DB->query("SELECT * FROM $contacts_table
  75                                 WHERE  contact_id=?
  76                                 AND    user_id=?
  77                                 AND    del<>1",
  78                                $_POST['_cid'],
  79                                $_SESSION['user_id']);
  80
  81       $sql_arr = $DB->fetch_assoc($sql_result);
  82       foreach ($a_show_cols as $col)
  83         $a_js_cols[] = (string)$sql_arr[$col];
  84
  85       // update the changed col in list
  86       $OUTPUT->add_script(sprintf("if(parent.%s)parent.%s.update_contact_row('%d', %s);",
  87                           $JS_OBJECT_NAME,
  88                           $JS_OBJECT_NAME,
  89                           $_POST['_cid'],
  90                           array2js($a_js_cols)));
  91
  92       // show confirmation
  93       show_message('successfullysaved', 'confirmation');
  94       }
  95     }
  96   else
  97     {
  98     // show error message
  99     show_message('errorsaving', 'error');
 100     rcmail_overwrite_action('show');
 101     }
 102   }
 103
 104 // insert a new contact
 105 else
 106   {
 107   $a_insert_cols = $a_insert_values = array();
 108
 109   // check for existing contacts
 110   $sql = "SELECT 1 FROM $contacts_table
 111           WHERE  user_id = {$_SESSION['user_id']}
 112           AND del <> '1' ";
 113
 114   // get email and name, build sql for existing user check
 115   if (isset($_GET['_emails']) && isset($_GET['_names']))
 116     {
 117     $sql   .= "AND email IN (";
 118     $emails = explode(',', get_input_value('_emails', RCUBE_INPUT_GET));
 119     $names  = explode(',', get_input_value('_names', RCUBE_INPUT_GET));
 120     $count  = count($emails);
 121     $n = 0;
 122     foreach ($emails as $email)
 123       {
 124       $end  = (++$n == $count) ? '' : ',';
 125       $sql .= $DB->quote($email) . $end;
 126       }
 127     $sql .= ")";
 128     $ldap_form = true;
 129     }
 130   else if (isset($_POST['_email']))
 131     $sql  .= "AND email = " . $DB->quote(get_input_value('_email', RCUBE_INPUT_POST));
 132
 133   $sql_result = $DB->query($sql);
 134
 135   // show warning message
 136   if ($DB->num_rows($sql_result))
 137     {
 138     show_message('contactexists', 'warning');
 139
 140     if ($ldap_form)
 141       rcmail_overwrite_action('ldappublicsearch');
 142     else
 143       rcmail_overwrite_action('add');
 144
 145     return;
 146     }
 147
 148   if ($ldap_form)
 149     {
 150     $n = 0;
 151     foreach ($emails as $email)
 152       {
 153       $DB->query("INSERT INTO $contacts_table
 154                  (user_id, name, email
 155                  VALUES ({$_SESSION['user_id']}," . $DB->quote($names[$n++]) . "," .
 156                                       $DB->quote($email) . ")");
 157       $insert_id[] = $DB->insert_id();
 158       }
 159     }
 160   else
 161     {
 162     foreach ($a_save_cols as $col)
 163       {
 164       $fname = '_'.$col;
 165       if (!isset($_POST[$fname]))
 166         continue;
 167
 168       $a_insert_cols[] = $col;
 169       $a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST));
 170       }
 171
 172     if (sizeof($a_insert_cols))
 173       {
 174       $DB->query("INSERT INTO $contacts_table
 175                 (user_id, changed, del, ".join(', ', $a_insert_cols).")
 176                 VALUES (?, now(), 0, ".join(', ', $a_insert_values).")",
 177                 $_SESSION['user_id']);
 178
 179       $insert_id = $DB->insert_id(get_sequence_name('contacts'));
 180       }
 181     }
 182
 183   if ($insert_id)
 184     {
 185     if (!$ldap_form)
 186       {
 187       $_action = 'show';
 188       $_GET['_cid'] = $insert_id;
 189
 190       if ($_framed)
 191         {
 192         // add contact row or jump to the page where it should appear
 193         $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
 194         $sql_result = $DB->query("SELECT * FROM $contacts_table
 195                                   WHERE  contact_id=?
 196                                   AND    user_id=?",
 197                                   $insert_id,
 198                                   $_SESSION['user_id']);
 199         $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
 200
 201         $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
 202                              $JS_OBJECT_NAME,
 203                              $JS_OBJECT_NAME,
 204                              $insert_id);
 205
 206         // update record count display
 207         $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
 208                              $JS_OBJECT_NAME,
 209                              $JS_OBJECT_NAME,
 210                              rcmail_get_rowcount_text());
 211
 212         $OUTPUT->add_script($commands);
 213         }
 214
 215       // show confirmation
 216       show_message('successfullysaved', 'confirmation');
 217       }
 218     else
 219       {
 220       // add contact row or jump to the page where it should appear
 221       $commands = '';
 222       foreach ($insert_id as $id)
 223         {
 224         $sql_result = $DB->query("SELECT * FROM $contacts_table
 225                                   WHERE  contact_id = $id
 226                                   AND    user_id    = {$_SESSION['user_id']}");
 227
 228         $commands .= sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
 229         $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
 230         $last_id = $id;
 231         }
 232
 233       // display the last insert id
 234       $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
 235                             $JS_OBJECT_NAME,
 236                             $JS_OBJECT_NAME,
 237                             $last_id);
 238
 239       // update record count display
 240       $commands .= sprintf("if(parent.%s)parent.%s.set_rowcount('%s');\n",
 241                            $JS_OBJECT_NAME,
 242                            $JS_OBJECT_NAME,
 243                            rcmail_get_rowcount_text());
 244
 245       $OUTPUT->add_script($commands);
 246       rcmail_overwrite_action('ldappublicsearch');
 247       }
 248
 249     // show confirmation
 250     show_message('successfullysaved', 'confirmation');
 251     }
 252   else
 253     {
 254     // show error message
 255     show_message('errorsaving', 'error');
 256     rcmail_overwrite_action('add');
 257     }
 258   }
 259
 260 ?>