Skip to content

Commit

Permalink
convert tedious sql strings to safer orm operations
Browse files Browse the repository at this point in the history
  • Loading branch information
@DAcodedBEAT
DAcodedBEAT committed Dec 29, 2023
1 parent 5daa9f8 commit 932c39a
Show file tree
Hide file tree
Showing 27 changed files with 356 additions and 325 deletions.
64 changes: 29 additions & 35 deletions src/CSVImport.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@
use ChurchCRM\Authentication\AuthenticationManager;
use ChurchCRM\dto\SystemConfig;
use ChurchCRM\dto\SystemURLs;
use ChurchCRM\model\ChurchCRM\FamilyCustom;
use ChurchCRM\model\ChurchCRM\Note;
use ChurchCRM\model\ChurchCRM\PersonCustom;
use ChurchCRM\Utils\InputUtils;
use ChurchCRM\Utils\RedirectUtils;

Expand Down Expand Up @@ -619,48 +621,37 @@ public function assignRoles()
);
}
} else {
$sSQL = 'INSERT INTO family_fam (fam_ID,
fam_Name,
fam_Address1,
fam_Address2,
fam_City,
fam_State,
fam_Zip,
fam_Country,
fam_HomePhone,
fam_WorkPhone,
fam_CellPhone,
fam_Email,
fam_DateEntered,
fam_EnteredBy)
VALUES (NULL, ' .
'"' . $per_LastName . '", ' .
'"' . $sAddress1 . '", ' .
'"' . $sAddress2 . '", ' .
'"' . $sCity . '", ' .
'"' . $sState . '", ' .
'"' . $sZip . '", ' .
'"' . $per_Country . '", ' .
'"' . $per_HomePhone . '", ' .
'"' . $per_WorkPhone . '", ' .
'"' . $per_CellPhone . '", ' .
'"' . $per_Email . '",' .
'"' . date('YmdHis') . '",' .
'"' . AuthenticationManager::getCurrentUser()->getId() . '");';
RunQuery($sSQL);
$family = new \ChurchCRM\model\ChurchCRM\Family();
$family
->setName($per_LastName)
->setAddress1($sAddress1)
->setAddress2($sAddress2)
->setCity($sCity)
->setState($sState)
->setZip($sZip)
->setHomePhone($per_HomePhone)
->setWorkPhone($per_WorkPhone)
->setCellPhone($per_CellPhone)
->setEmail($per_Email)
->setDateEntered(date('YmdHis'))
->setEnteredBy(AuthenticationManager::getCurrentUser()->getId());
$family->save();

$sSQL = 'SELECT LAST_INSERT_ID()';
$rsFid = RunQuery($sSQL);
$aFid = mysqli_fetch_array($rsFid);
$famid = $aFid[0];

$note = new Note();
$note->setFamId($famid);
$note->setText(gettext('Imported'));
$note->setType('create');
$note->setEntered(AuthenticationManager::getCurrentUser()->getId());
$note->save();
$sSQL = "INSERT INTO `family_custom` (`fam_ID`) VALUES ('" . $famid . "')";
RunQuery($sSQL);

$familyCustom = new FamilyCustom();
$familyCustom->setFamId($famid);
$familyCustom->save();

$fFamily = new Family(InputUtils::legacyFilterInput($_POST['FamilyMode'], 'int'));
$fFamily->addMember(
Expand All @@ -681,8 +672,9 @@ public function assignRoles()
$sSQL = "SELECT fam_id FROM family_custom WHERE fam_id = $famid";
$rsFamCustomID = RunQuery($sSQL);
if (mysqli_num_rows($rsFamCustomID) === 0) {
$sSQL = "INSERT INTO `family_custom` (`fam_ID`) VALUES ('" . $famid . "')";
RunQuery($sSQL);
$familyCustom = new FamilyCustom();
$familyCustom->setFamId($famid);
$familyCustom->save();
}

// Build the family_custom SQL
Expand Down Expand Up @@ -728,15 +720,17 @@ public function assignRoles()
$rsPersonID = RunQuery($sSQL);
$aRow = mysqli_fetch_array($rsPersonID);
$iPersonID = $aRow['iPersonID'];

$note = new Note();
$note->setPerId($iPersonID);
$note->setText(gettext('Imported'));
$note->setType('create');
$note->setEntered(AuthenticationManager::getCurrentUser()->getId());
$note->save();
if ($bHasCustom) {
$sSQL = "INSERT INTO `person_custom` (`per_ID`) VALUES ('" . $iPersonID . "')";
RunQuery($sSQL);
$personCustom = new PersonCustom();
$personCustom->setPerId($iPersonID);
$personCustom->save();

// Build the person_custom SQL
for ($col = 0; $col < $numCol; $col++) {
Expand Down
32 changes: 16 additions & 16 deletions src/CanvassEditor.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
require 'Include/Functions.php';

use ChurchCRM\Authentication\AuthenticationManager;
use ChurchCRM\model\ChurchCRM\CanvassData;
use ChurchCRM\Utils\InputUtils;
use ChurchCRM\Utils\RedirectUtils;

Expand Down Expand Up @@ -66,22 +67,21 @@

// New canvas input (add)
if ($iCanvassID < 1) {
$sSQL = 'INSERT INTO canvassdata_can (can_famID, can_Canvasser, can_FYID, can_date, can_Positive,
can_Critical, can_Insightful, can_Financial, can_Suggestion,
can_NotInterested, can_WhyNotInterested)
VALUES (' . $iFamily . ',' .
$iCanvasser . ',' .
$iFYID . ',' .
'"' . $dDate . '",' .
'"' . $tPositive . '",' .
'"' . $tCritical . '",' .
'"' . $tInsightful . '",' .
'"' . $tFinancial . '",' .
'"' . $tSuggestion . '",' .
'"' . $bNotInterested . '",' .
'"' . $tWhyNotInterested . '")';
//Execute the SQL
RunQuery($sSQL);
$canvassData = new CanvassData();
$canvassData
->setFamilyId($iFamily)
->setCanvasser($iCanvasser)
->setFyid($iFYID)
->setDate($dDate)
->setPositive($tPositive)
->setCritical($tCritical)
->setInsightful($tInsightful)
->setFinancial($tFinancial)
->setSuggestion($tSuggestion)
->setNotInterested($bNotInterested)
->setWhyNotInterested($tWhyNotInterested);
$canvassData->save();

$sSQL = 'SELECT MAX(can_ID) AS iCanvassID FROM canvassdata_can';
$rsLastEntry = RunQuery($sSQL);
$newRec = mysqli_fetch_array($rsLastEntry);
Expand Down
25 changes: 15 additions & 10 deletions src/CartToEvent.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@

use ChurchCRM\Authentication\AuthenticationManager;
use ChurchCRM\dto\Cart;
use ChurchCRM\model\ChurchCRM\EventAttend;
use ChurchCRM\Utils\InputUtils;
use ChurchCRM\Utils\LoggerUtils;
use ChurchCRM\Utils\RedirectUtils;

// Security: User must have Manage Groups & Roles permission
Expand All @@ -30,17 +32,21 @@

// Was the form submitted?
if (isset($_POST['Submit']) && count($_SESSION['aPeopleCart']) > 0 && isset($_POST['EventID'])) {
// Get the PersonID
$iEventID = InputUtils::legacyFilterInput($_POST['EventID'], 'int');

// Loop through the session array
$iCount = 0;
foreach ($_SESSION['aPeopleCart'] as $element) {
// Enter ID into event
$sSQL = 'INSERT IGNORE INTO event_attend (event_id, person_id)';
$sSQL .= " VALUES ('" . $iEventID . "','" . $element . "')";
RunQuery($sSQL);
$iCount++;
try {
$eventAttend = new EventAttend();
$eventAttend
->setEventId($iEventID)
->setPersonId($element);
$eventAttend->save();
$iCount++;
} catch (\Throwable $ex) {
$logger = LoggerUtils::getAppLogger();
$logger->error('An error occurred when saving event attendance', ['exception' => $ex]);
}
}
Cart::emptyAll();

Expand All @@ -54,7 +60,7 @@
require 'Include/Header.php';

if (count($_SESSION['aPeopleCart']) > 0) {
$sSQL = 'SELECT * FROM events_event';
$sSQL = 'SELECT event_id, event_title FROM events_event';
$rsEvents = RunQuery($sSQL); ?>
<div class="card">
<p align="center"><?= gettext('Select the event to which you would like to add your cart') ?>:</p>
Expand All @@ -74,8 +80,7 @@
// Create the group select drop-down
echo '<select name="EventID">';
while ($aRow = mysqli_fetch_array($rsEvents)) {
extract($aRow);
echo '<option value="' . $event_id . '">' . $event_title . '</option>';
echo '<option value="' . $aRow['event_id'] . '">' . $aRow['event_title'] . '</option>';
}
echo '</select>'; ?>
</td>
Expand Down
86 changes: 41 additions & 45 deletions src/ChurchCRM/Service/FinancialService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@
use ChurchCRM\dto\SystemConfig;
use ChurchCRM\dto\SystemURLs;
use ChurchCRM\MICRFunctions;
use ChurchCRM\model\ChurchCRM\Deposit;
use ChurchCRM\model\ChurchCRM\FamilyQuery;
use ChurchCRM\model\ChurchCRM\Pledge;
use ChurchCRM\model\ChurchCRM\PledgeQuery;

class FinancialService
Expand Down Expand Up @@ -59,9 +61,14 @@ public function setDeposit(string $depositType, string $depositComment, string $
}
RunQuery($sSQL);
} else {
$sSQL = "INSERT INTO deposit_dep (dep_Date, dep_Comment, dep_EnteredBy, dep_Type)
VALUES ('" . $depositDate . "','" . $depositComment . "'," . AuthenticationManager::getCurrentUser()->getId() . ",'" . $depositType . "')";
RunQuery($sSQL);
$deposit = new Deposit();
$deposit
->setDate($depositDate)
->setComment($depositComment)
->setEnteredby(AuthenticationManager::getCurrentUser()->getId())
->setType($depositType);
$deposit->save();

$sSQL = 'SELECT MAX(dep_ID) AS iDepositSlipID FROM deposit_dep';
$rsDepositSlipID = RunQuery($sSQL);
$iDepositSlipID = mysqli_fetch_array($rsDepositSlipID)[0];
Expand Down Expand Up @@ -255,49 +262,38 @@ public function insertPledgeorPayment($payment)
$sGroupKey = genGroupKey('cash', $payment->FamilyID, $Fund->FundID, $payment->Date);
}
}
$sSQL = "INSERT INTO pledge_plg
(plg_famID,
plg_FYID,
plg_date,
plg_amount,
plg_schedule,
plg_method,
plg_comment,
plg_DateLastEdited,
plg_EditedBy,
plg_PledgeOrPayment,
plg_fundID,
plg_depID,
plg_CheckNo,
plg_scanString,
plg_aut_ID,
plg_NonDeductible,
plg_GroupKey)
VALUES ('" .
$payment->FamilyID . "','" .
$payment->FYID . "','" .
$payment->Date . "','" .
$Fund->Amount . "','" .
($payment->schedule ?? 'NULL') . "','" .
$payment->iMethod . "','" .
$Fund->Comment . "','" .
date('YmdHis') . "'," .
AuthenticationManager::getCurrentUser()->getId() . ",'" .
$payment->type . "'," .
$Fund->FundID . ',' .
$payment->DepositID . ',' .
($payment->iCheckNo ?? 'NULL') . ",'" .
($payment->tScanString ?? 'NULL') . "','" .
($payment->iAutID ?? 'NULL') . "','" .
($Fund->NonDeductible ?? 'NULL') . "','" .
$sGroupKey . "')";

if (isset($sSQL)) {
RunQuery($sSQL);
unset($sSQL);

return $sGroupKey;

$pledge = new Pledge();
$pledge
->setFamId($payment->FamilyID)
->setFyId($payment->FYID)
->setDate($payment->Date)
->setAmount($Fund->Amount)
->setMethod($payment->iMethod)
->setComment($Fund->Comment)
->setDateLastEdited(date('YmdHis'))
->setEditedBy(AuthenticationManager::getCurrentUser()->getId())
->setPledgeOrPayment($payment->type)
->setFundId($Fund->FundID)
->setDepId($payment->DepositID)
->setGroupKey($sGroupKey);
if ($payment->schedule) {
$pledge->setSchedule($payment->schedule);
}
if ($payment->iCheckNo) {
$pledge->setCheckNo($payment->iCheckNo);
}
if ($payment->tScanString) {
$pledge->setScanString($payment->tScanString);
}
if ($payment->iAutID) {
$pledge->setAutId($payment->iAutID);
}
if ($Fund->NonDeductible) {
$pledge->setNondeductible($Fund->NonDeductible);
}
$pledge->save();
return $sGroupKey;
}
}
}
Expand Down
11 changes: 8 additions & 3 deletions src/ChurchCRM/Service/GroupService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

namespace ChurchCRM\Service;

use ChurchCRM\model\ChurchCRM\ListOption;
use ChurchCRM\model\ChurchCRM\PersonQuery;

class GroupService
Expand Down Expand Up @@ -242,10 +243,14 @@ public function addGroupRole(string $groupID, string $groupRoleName): string
$newOptionID = $aTemp[0] + 1;

// Insert into the appropriate options table
$sSQL = 'INSERT INTO list_lst (lst_ID, lst_OptionID, lst_OptionName, lst_OptionSequence)
VALUES (' . $listID . ',' . $newOptionID . ",'" . $groupRoleName . "'," . $newOptionSequence . ')';
$listOption = new ListOption();
$listOption
->setId($listID)
->setOptionId($newOptionID)
->setOptionName($groupRoleName)
->setOptionSequence($newOptionSequence);
$listOption->save();

RunQuery($sSQL);
$iNewNameError = 0;
}
}
Expand Down
12 changes: 7 additions & 5 deletions src/ChurchCRM/Service/TaskService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@
class TaskService
{
/**
* @var ObjectCollection|TaskInterface[]
* @var TaskInterface[]
*/
private $taskClasses;
private array $taskClasses;
private array $notificationClasses = [
// new LatestReleaseTask()
];
Expand Down Expand Up @@ -60,10 +60,12 @@ public function getCurrentUserTasks(): array
$tasks = [];
foreach ($this->taskClasses as $taskClass) {
if ($taskClass->isActive() && (!$taskClass->isAdmin() || ($taskClass->isAdmin() && AuthenticationManager::getCurrentUser()->isAdmin()))) {
$tasks[] = ['title' => $taskClass->getTitle(),
$tasks[] = [
'title' => $taskClass->getTitle(),
'link' => $taskClass->getLink(),
'admin' => $taskClass->isAdmin(),
'desc' => $taskClass->getDesc()];
'desc' => $taskClass->getDesc()
];
}
}

Expand All @@ -75,7 +77,7 @@ public function getTaskNotifications(): array
$tasks = [];
foreach ($this->notificationClasses as $taskClass) {
if ($taskClass->isActive()) {
$tasks[] = new UiNotification($taskClass->getTitle(), 'wrench', $taskClass->getLink(), $taskClass->getDesc(), $taskClass->isAdmin() ? 'warning' : 'info', '12000', 'bottom', 'left');
$tasks[] = new UiNotification($taskClass->getTitle(), 'wrench', $taskClass->getLink(), $taskClass->getDesc(), $taskClass->isAdmin() ? 'warning' : 'info', 12000, 'bottom', 'left');
}
}

Expand Down
2 changes: 1 addition & 1 deletion src/ChurchCRM/dto/Cart.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ public static function addPerson($PersonID): void
if (!is_numeric($PersonID)) {
throw new \Exception(gettext('PersonID for Cart must be numeric'), 400);
}
if ($PersonID !== null && !in_array($PersonID, $_SESSION['aPeopleCart'], false)) {
if (!in_array($PersonID, $_SESSION['aPeopleCart'], false)) {
$_SESSION['aPeopleCart'][] = (int)$PersonID;
}
}
Expand Down
Loading

0 comments on commit 932c39a

Please sign in to comment.