/
contact_delete.php
152 lines (140 loc) · 6.63 KB
/
contact_delete.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
// delete_contact.php - Form for deleting contacts, moves any associated records to another contact the user chooses
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
// This Page Is Valid XHTML 1.0 Transitional! 31Oct05
$permission = 55; // Delete Sites/Contacts
require ('core.php');
require (APPLICATION_LIBPATH . 'functions.inc.php');
// This page requires authentication
require (APPLICATION_LIBPATH . 'auth.inc.php');
// External variables
$process = $_REQUEST['process'];
$id = cleanvar($_REQUEST['id']);
$newcontact = mysql_real_escape_string($_REQUEST['newcontact']);
$title = $strDeleteContact;
include (APPLICATION_INCPATH . 'htmlheader.inc.php');
if (empty($process))
{
if (empty($id))
{
echo "<h2>{$strDeleteContact}</h2>";
echo "<form action=\"{$_SERVER['PHP_SELF']}?action=delete\" method=\"post\">";
echo "<table align='center'>";
echo "<tr><th>{$strContact}:</th><td>".contact_site_drop_down("id", 0)."</td></tr>";
echo "</table>";
echo "<p><input name=\"submit1\" type=\"submit\" value=\"{$strDelete}\" /></p>";
echo "</form>";
}
else
{
echo "<h2>{$strDeleteContact}</h2>\n";
$sql="SELECT * FROM `{$dbContacts}` WHERE id='$id' ";
$contactresult = mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_WARNING);
while ($contactrow=mysql_fetch_array($contactresult))
{
echo "<table align='center' class='vertical'>";
echo "<tr><th>{$strName}:</th><td><h3>".$contactrow['forenames'].' '.$contactrow['surname']."</h3></td></tr>";
echo "<tr><th>{$strSite}:</th><td><a href=\"site_details.php?id=".$contactrow['siteid']."\">".site_name($contactrow['siteid'])."</a></td></tr>";
echo "<tr><th>{$strDepartment}:</th><td>".$contactrow['department']."</td></tr>";
echo "<tr><th>{$strEmail}:</th><td><a href=\"mailto:".$contactrow['email']."\">".$contactrow['email']."</a></td></tr>";
echo "<tr><th>{$strTelephone}:</th><td>".$contactrow['phone']."</td></tr>";
echo "<tr><th>{$strNotes}:</th><td>".$contactrow['notes']."</td></tr>";
}
mysql_free_result($contactresult);
echo "</table>\n";
$totalincidents=contact_count_incidents($id);
if ($totalincidents > 0)
{
echo user_alert(sprintf($strThereAreXIncidentsAssignedToThisContact, $totalincidents), E_USER_WARNING);
}
$sql = "SELECT sc.maintenanceid AS maintenanceid, m.product, p.name AS productname, ";
$sql .= "m.expirydate, m.term ";
$sql .= "FROM `{$dbSupportContacts}` AS sc, `{$dbMaintenance}` AS m, `{$dbProducts}` AS p ";
$sql .= "WHERE sc.maintenanceid = m.id AND m.product = p.id AND sc.contactid = '$id' ";
$result=mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_WARNING);
$totalcontracts=mysql_num_rows($result);
if ($totalcontracts>0)
{
echo user_alert(sprintf($strThereAreXcontractsAssignedToThisPerson, $totalcontracts), E_USER_WARNING);
}
if ($totalincidents > 0 || $totalcontracts > 0)
{
echo "<form action='{$_SERVER['PHP_SELF']}' onsubmit=\"return confirm_action('{$strAreYouSureDelete}')\" method='post'>\n";
echo "<p align='center'>{$strBeforeDeleteContact}</p>";
$sql = "SELECT id, forenames, surname, siteid FROM `{$dbContacts}` ORDER BY surname ASC";
$result = mysql_query($sql);
echo "<p align='center'>";
echo "<select name='newcontact'>";
if ($id == 0)
echo "<option selected='selected' value='0'>Select A Contact\n";
while ($contacts = mysql_fetch_array($result))
{
$site='';
if ($contacts['siteid']!='' && $contacts['siteid']!=0)
{
$site=" of ".site_name($contacts['siteid']);
}
if ($contacts['id']!=$id)
{
echo "<option value=\"{$contacts['id']}\">";
echo htmlspecialchars($contacts['surname'].', '.$contacts['forenames'].$site);
echo "</option>\n";
}
}
echo "</select><br />";
echo "<br />";
echo "<input type='hidden' name='id' value='$id' />";
echo "<input type='hidden' name='process' value='true' />";
echo "<input type='submit' value='{$strDelete}' />";
echo "</p>";
echo "</form>";
}
else
{
// plain delete
echo "<br />";
echo "<form action='{$_SERVER['PHP_SELF']}' onsubmit=\"return confirm_action('{$strAreYouSureDelete}')\" method='post'>\n";
echo "<input type='hidden' name='newcontact' value='' />"; // empty
echo "<input type='hidden' name='id' value='$id' />";
echo "<input type='hidden' name='process' value='true' />";
echo "<p align='center'>";
echo "<input type='submit' value='{$strDelete}' />";
echo "</p>";
echo "</form>\n";
}
}
include (APPLICATION_INCPATH . 'htmlfooter.inc.php');
}
else
{
// save to db
if (!empty($newcontact))
{
$sql = "UPDATE `{$dbSupportContacts}` SET contactid='$newcontact' WHERE contactid='$id' ";
mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
$sql = "UPDATE `{$dbIncidents}` SET contact='$newcontact' WHERE contact='$id' ";
mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
$sql = "UPDATE `{$dbMaintenance}` SET admincontact='$newcontact' WHERE admincontact='$id' ";
mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
}
// do the delete
$sql = "DELETE FROM `{$dbContacts}` WHERE id='$id' LIMIT 1";
mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
journal(CFG_LOGGING_NORMAL, 'Contact Deleted', "Contact $id was deleted", CFG_JOURNAL_CONTACTS, $id);
if (!empty($newcontact)) html_redirect("contact_details.php?id={$newcontact}");
else html_redirect("contacts.php");
}
?>