From 14199fca2ee6343e1ae2a7d0dbd55c13ff96afa0 Mon Sep 17 00:00:00 2001
From: steve-lad <72376554+steve-lad@users.noreply.github.com>
Date: Sat, 6 Feb 2021 17:26:37 +0100
Subject: [PATCH 1/7] Switch to PDO model

Switch to PDO model and correct transactions
---
 Sccp_manager.class.php                 |  32 +++--
 Sccp_manager.inc/dbinterface.class.php | 180 +++++++++++++------------
 2 files changed, 112 insertions(+), 100 deletions(-)

diff --git a/Sccp_manager.class.php b/Sccp_manager.class.php
index dba8c84..a4ad284 100644
--- a/Sccp_manager.class.php
+++ b/Sccp_manager.class.php
@@ -169,6 +169,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
             $this->xml_data = simplexml_load_file($xml_vars);
             $this->initVarfromXml(); // Overwrite Exist
         }
+        $this->saveSccpSettings();
     }
 
     /*
@@ -269,25 +270,25 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
     /* unused but FPBX API requires it */
 
     public function install() {
-        
+
     }
 
     /* unused but FPBX API requires it */
 
     public function uninstall() {
-        
+
     }
 
     /* unused but FPBX API requires it */
 
     public function backup() {
-        
+
     }
 
     /* unused but FPBX API requires it */
 
     public function restore($backup) {
-        
+
     }
 
     public function getActionBar($request) {
@@ -815,7 +816,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
                             $hw_list[] = array('name' => $idv);
                         }
                         if ($idv == 'all') {
-                            
+
                         }
                     }
                 }
@@ -1483,10 +1484,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
     }
 
     public function getSccpSettingFromDB() {
-        $raw_data = $this->dbinterface->get_db_SccpSetting();
-        foreach ($raw_data as $var) {
-            $this->sccpvalues[$var['keyword']] = array('keyword' => $var['keyword'], 'data' => $var['data'], 'seq' => $var['seq'], 'type' => $var['type']);
-        }
+        $this->sccpvalues = $this->dbinterface->get_db_SccpSetting();
         return;
     }
 
@@ -1864,19 +1862,25 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
 //        global $db;
 //        global $amp_conf;
 
-        $save_settings = array();
+//        $save_settings = array();
         if (empty($save_value)) {
-            foreach ($this->sccpvalues as $key => $val) {
+            $this->dbinterface->write('sccpsettings', $this->sccpvalues, 'clear');
+
+/*            foreach ($this->sccpvalues as $key => $val) {
                 if ((trim($val['data']) !== '') or ($val['data'] == '0')) {
-                    $save_settings[] = array($key, $db->escapeSimple($val['data']), $val['seq'], $val['type']);
+                    $save_settings[] = array($key, $val['data'], $val['seq'], $val['type']);
+                } else {
+                    $unsaved_settings[] = array($key, $val['data'], $val['seq'], $val['type']);
                 }
             }
             $this->dbinterface->write('sccpsettings', $save_settings, 'clear');
+*/
         } else {
             $this->dbinterface->write('sccpsettings', $save_value, 'update');
-            return true;
         }
         return true;
+//        }
+//        return true;
     }
 
     /*
@@ -2093,7 +2097,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
         }
         // [Namesoftkeyset]
         // type=softkeyset
-        // 
+        //
         // ----- It is a very bad idea to add an external configuration file "sccp_custom.conf" !!!!
         // This will add problems when solving problems caused by unexpected solutions from users.
         //
diff --git a/Sccp_manager.inc/dbinterface.class.php b/Sccp_manager.inc/dbinterface.class.php
index efcb398..b4ee6ee 100644
--- a/Sccp_manager.inc/dbinterface.class.php
+++ b/Sccp_manager.inc/dbinterface.class.php
@@ -21,7 +21,7 @@ class dbinterface
 
     public function info()
     {
-        $Ver = '13.0.2';
+        $Ver = '13.0.2';    // This should be updated
         return array('Version' => $Ver,
             'about' => 'Data access interface ver: ' . $Ver);
     }
@@ -45,25 +45,25 @@ class dbinterface
 
     public function HWextension_db_SccpTableData($dataid, $data = array())
     {
+        global $db;
+        $stmt = '';
+        $stmts = '';
         if ($dataid == '') {
             return false;
         }
         switch ($dataid) {
             case "SccpExtension":
                 if (empty($data['name'])) {
-                    $sql = "SELECT * FROM `sccpline` ORDER BY `name`";
-                    $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                    $stmts = $db->prepare('SELECT * FROM sccpline ORDER BY name');
                 } else {
-                    $sql = "SELECT * FROM `sccpline` WHERE `name`='" . $data['name']. "'";
-                    ;
-                    $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                    $stmts = $db->prepare('SELECT * FROM sccpline WHERE name = $data[name]');
                 }
                 break;
             case "SccpDevice":
-                $filtred ='';
-                $singlrow = false;
+                $filtered ='';
+                $singlerow = false;
                 if (empty($data['fields'])) {
-                    $fld = '`name`,`name` as `mac`, `type`, `button`, `addon`, `_description` as description';
+                    $fld = 'name, name as mac, type, button, addon, _description as description';
                 } else {
                     switch ($data['fields']) {
                         case "all":
@@ -78,30 +78,29 @@ class dbinterface
                     }
                 }
                 if (!empty($data['name'])) {
-                    $filtred = "`name`='" . $data['name']. "'";
-                    ;
-                    $singlrow = true;
+                    $filtered = 'name =' . $data['name']. '';
+                    $singlerow = true;
                 }
                 if (!empty($data['type'])) {
                     switch ($data['type']) {
                         case "cisco-sip":
-                            $filtred = "`TYPE` LIKE '%-sip'";
+                            $filtered = 'TYPE LIKE \'%-sip\'';
                             break;
                         case "cisco":
                         default:
-                            $filtred = "`TYPE` not LIKE '%-sip'";
+                            $filtered = 'TYPE not LIKE \'%-sip\'';
                             break;
                     }
                 }
-                if (empty($filtred)) {
-                    $sql = "SELECT ". $fld ." FROM `sccpdeviceconfig` ORDER BY `name`";
+                if (empty($filtered)) {
+                    $sql = 'SELECT ' . $fld . ' FROM sccpdeviceconfig ORDER BY name';
                 } else {
-                    $sql = "SELECT ". $fld ." FROM `sccpdeviceconfig` WHERE ".$filtred." ORDER BY `name`";
+                    $sql = 'SELECT ' . $fld . ' FROM sccpdeviceconfig WHERE '. $filtered . ' ORDER BY name';
                 }
-                if ($singlrow) {
-                    $raw_settings = sql($sql, "getRow", DB_FETCHMODE_ASSOC);
+                if ($singlerow) {
+                    $stmt = $db->prepare($sql);
                 } else {
-                    $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                    $stmts = $db->prepare($sql);
                 }
                 break;
             case "HWSipDevice":
@@ -115,26 +114,26 @@ class dbinterface
                 break;
             case "get_colums_sccpdevice":
                 $sql = "DESCRIBE sccpdevice";
-                $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                $stmt = $db->prepare($sql);
                 break;
             case "get_colums_sccpuser":
                 $sql = "DESCRIBE sccpuser";
-                $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                $stmts = $db->prepare($sql);
                 break;
             case "get_sccpdevice_byid":
                 $sql = 'SELECT t1.*, types.dns,  types.buttons, types.loadimage, types.nametemplate as nametemplate, '
                         . 'addon.buttons as addon_buttons FROM sccpdevice AS t1 '
                         . 'LEFT JOIN sccpdevmodel as types ON t1.type=types.model '
-                        . 'LEFT JOIN sccpdevmodel as addon ON t1.addon=addon.model WHERE name="' . $data['id'] . '";';
-                $raw_settings = sql($sql, "getRow", DB_FETCHMODE_ASSOC);
+                        . 'LEFT JOIN sccpdevmodel as addon ON t1.addon=addon.model WHERE name="' . $data['id'] . '';
+                $stmt = $db->prepare($sql);
                 break;
             case "get_sccpuser":
-                $sql = "SELECT * FROM `sccpuser` ";
+                $sql = 'SELECT * FROM sccpuser ';
                 if (!empty($data['id'])) {
-                    $sql .= 'WHERE name="' . $data['id'] . '" ';
+                    $sql .= 'WHERE name= ' . $data['id'] . '';
                 }
-                $sql .= "ORDER BY `name`;";
-                $raw_settings = sql($sql, "getRow", DB_FETCHMODE_ASSOC);
+                $sql .= ' ORDER BY name';
+                $stmt = $db->prepare($sql);
                 break;
             case "get_sccpdevice_buttons":
                 $sql = '';
@@ -145,29 +144,40 @@ class dbinterface
                     $sql .= (empty($sql)) ? 'ref="' . $data['id'] . '" ' : 'and ref="' . $data['id'] . '" ';
                 }
                 if (!empty($sql)) {
-                    $sql = 'SELECT * FROM sccpbuttonconfig WHERE ' .$sql. 'ORDER BY `instance`;';
-                    $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                    $sql = 'SELECT * FROM sccpbuttonconfig WHERE ' .$sql. ' ORDER BY `instance`;';
+                    $stmts = $db->prepare($sql);
                 } else {
                     $raw_settings = array();
                 }
                 break;
         }
-
+        if (!empty($stmt)) {
+            $stmt->execute();
+            $raw_settings = $stmt->fetch(\PDO::FETCH_ASSOC);
+        } elseif (!empty($stmts)) {
+            $stmts->execute();
+            $raw_settings = $stmts->fetchAll(\PDO::FETCH_ASSOC);
+        }
         return $raw_settings;
     }
 
     public function get_db_SccpSetting()
     {
-        $sql = "SELECT `keyword`, `data`, `type`, `seq` FROM `sccpsettings` ORDER BY `type`, `seq`";
-        $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
-        return $raw_settings;
+        global $db;
+        $stmt = $db->prepare('SELECT keyword, data, type, seq FROM sccpsettings ORDER BY type, seq');
+        $stmt->execute();
+        foreach ($stmt->fetchAll() as $var) {
+            $mysccpvalues[$var['keyword']] = array('keyword' => $var['keyword'], 'data' => $var['data'], 'seq' => $var['seq'], 'type' => $var['type']);
+        }
+        return $mysccpvalues;
     }
 
     public function get_db_sysvalues()
     {
-        $sql = "SHOW VARIABLES LIKE '%group_concat%'";
-        $raw_settings = sql($sql, "getRow", DB_FETCHMODE_ASSOC);
-        return $raw_settings;
+        global $db;
+        $stmt = $db->prepare('SHOW VARIABLES LIKE \'%group_concat%\'');
+        $stmt->execute();
+        return $stmt->fetch(\PDO::FETCH_ASSOC);
     }
 
     /*
@@ -186,20 +196,19 @@ class dbinterface
                 $sel_inf = "*";
                 break;
         }
-
         $sel_inf .= ", '0' as 'validate'";
         switch ($get) {
             case "byciscoid":
                 if (!empty($filter)) {
                     if (!empty($filter['model'])) {
                         if (strpos($filter['model'], 'loadInformation')) {
-                            $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (`loadinformationid` ='" . $filter['model'] . "') ORDER BY model ";
+                            $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (loadinformationid =' . $filter['model'] . ') ORDER BY model';
                         } else {
-                            $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (`loadinformationid` ='loadInformation" . $filter['model'] . "') ORDER BY model ";
+                            $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (loadinformationid =loadInformation' . $filter['model'] . ') ORDER BY model';
                         }
                     } else {
 //                          $sql = "SELECT ".$filter['model'];
-                        $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel ORDER BY model ";
+                        $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
                     }
                     break;
                 }
@@ -207,86 +216,87 @@ class dbinterface
             case "byid":
                 if (!empty($filter)) {
                     if (!empty($filter['model'])) {
-                        $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (`model` ='" . $filter['model'] . "') ORDER BY model ";
+                        $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (model =' . $filter['model'] . ') ORDER BY model';
                     } else {
 //                          $sql = "SELECT ".$filter['model'];
-                        $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel ORDER BY model ";
+                        $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
                     }
                     break;
                 }
                 break;
             case "extension":
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (dns = 0) and (enabled > 0) ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns = 0) and (enabled > 0) ORDER BY model'; //check table
                 break;
             case "enabled":
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE enabled > 0 ORDER BY model ';
+                break;
             case "phones":
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) ORDER BY model ";
-//                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (enabled > 0) ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) ORDER BY model '; //check table
                 break;
             case "ciscophones":
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND `vendor` not LIKE '%-sip' ORDER BY model ";
-//                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (enabled > 0) ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND vendor NOT LIKE \'%-sip\' ORDER BY model';
                 break;
             case "sipphones":
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND `vendor` LIKE '%-sip' ORDER BY model ";
-//                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (enabled > 0) ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND `vendor` LIKE \'%-sip\' ORDER BY model';
                 break;
             case "all":
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
+                break;
             default:
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
                 break;
         }
-        $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
-        return $raw_settings;
+        $stmt = $db->prepare($sql);
+        $stmt->execute();
+        return $stmt->fetchAll();
     }
 
-    function write($db_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
+    function write($table_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
     {
-        // mode clear  - Empty tabele before update
+        // mode clear  - Empty table before update
         // mode update - update / replace record
         global $db;
 //        global $amp_conf;
-        $result = "Error";
+        $result = false;
         $delete_value = array();
-        switch ($db_name) {
+        switch ($table_name) {
             case 'sccpsettings':
                 foreach ($save_value as $key_v => $data) {
-                    if (!empty($data)) {
-                        if (isset($data[1])) {
-                            if ($data[1] == $this->val_null) {
+                    if (!empty($data) && isset($data['data'])) {
+                            if ($data['data'] == $this->val_null) {
                                 $delete_value[] = $save_value[$key_v]['keyword'];
                                 unset($save_value[$key_v]);
                             }
-                        }
-                        if (isset($data['data'])) {
+/*                      if (isset($data['data'])) {
                             if ($data['data'] == $this->val_null) {
                                 $delete_value[] = $save_value[$key_v]['keyword'];
                                 unset($save_value[$key_v]);
                             }
                         }
-                    }
+*/                    }
                 }
                 if ($mode == 'clear') {
-                    $sql = 'truncate `sccpsettings`';
-                    $stmt = $db->prepare($sql);
-                    $stmt->execute();
-                    $stmt = $db->prepare('INSERT INTO `sccpsettings` (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
+//                    $sql = 'truncate `sccpsettings`';
+                    $db->prepare('TRUNCATE sccpsettings')->execute();
+                    $stmt = $db->prepare('INSERT INTO sccpsettings (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
                     $result = $db->executeMultiple($stmt, $save_value);
                 } else {
                     if (!empty($delete_value)) {
-                        $stmt = $db->prepare('DELETE FROM `sccpsettings` WHERE `keyword`=?');
+                        $stmt = $db->prepare('DELETE FROM sccpsettings WHERE `keyword`=?');
                         $result = $db->executeMultiple($stmt, $delete_value);
                     }
                     if (!empty($save_value)) {
-                        $stmt = $db->prepare('REPLACE INTO `sccpsettings` (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
+                        $stmt = $db->prepare('REPLACE INTO sccpsettings (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
                         $result = $db->executeMultiple($stmt, $save_value);
                     }
                 }
                 break;
             case 'sccpdevmodel':
+                break;
             case 'sccpdevice':
+                break;
             case 'sccpuser':
-                $sql_db = $db_name;
+                $sql_db = $table_name;
                 $sql_key = "";
                 $sql_var = "";
                 foreach ($save_value as $key_v => $data) {
@@ -304,23 +314,21 @@ class dbinterface
                 }
                 if (!empty($sql_var)) {
                     if ($mode == 'delete') {
-                        $req = 'DELETE FROM `' . $sql_db . '` WHERE ' . $sql_key . ';';
+                        $req = 'DELETE FROM sccpuser WHERE ' . $sql_key . '';
                     } else {
                         if ($mode == 'update') {
-                            $req = 'UPDATE `' . $sql_db . '` SET ' . $sql_var . ' WHERE ' . $sql_key . ';';
+                            $req = 'UPDATE sccpuser SET ' . $sql_var .  WHERE  . $sql_key . '';
                         } else {
-                            $req = 'REPLACE INTO `' . $sql_db . '` SET ' . $sql_var . ';';
+                            $req = 'REPLACE INTO sccpuser SET ' . $sql_var . '';
                         }
                     }
                 }
-                $stmt = $db->prepare($req);
-                $result = $stmt->execute();
+                $result = $db->prepare($req)->execute();
                 break;
             case 'sccpbuttons':
                 if (($mode == 'clear') || ($mode == 'delete')) {
-                    $sql = 'DELETE FROM `sccpbuttonconfig` WHERE ref="' . $hwid . '";';
-                    $stmt = $db->prepare($sql);
-                    $stmt->execute();
+                    $sql = 'DELETE FROM sccpbuttonconfig WHERE ref=' . $hwid . '';
+                    $result = $db->prepare($sql)->execute();
                 }
                 if ($mode == 'delete') {
                     break;
@@ -329,13 +337,13 @@ class dbinterface
                     break;
                 }
                 if ($mode == 'replace') {
-                    $sql = 'UPDATE `sccpbuttonconfig` SET `name`=? WHERE  `ref`= ? AND `reftype`=? AND `instance`=?  AND `buttontype`=?;';
+                    $sql = 'UPDATE sccpbuttonconfig SET `name`=? WHERE  `ref`= ? AND `reftype`=? AND `instance`=?  AND `buttontype`=?';
 //                    $sql = 'INSERT INTO `sccpbuttonconfig` (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?);';
 //                    die(print_r($save_value,1));
                     $stmt = $db->prepare($sql);
                     $result= $db->executeMultiple($stmt, $save_value);
                 } else {
-                    $sql = 'INSERT INTO `sccpbuttonconfig` (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?);';
+                    $sql = 'INSERT INTO sccpbuttonconfig (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?)';
 //                    die(print_r($save_value,1));
                     $stmt = $db->prepare($sql);
                     $result = $db->executeMultiple($stmt, $save_value);
@@ -356,18 +364,18 @@ class dbinterface
         $result = exec('mysqldump '.$database.' --password='.$pass.' --user='.$user.' --single-transaction >'.$filename, $output);
         return $filename;
     }
-    
+
 /*
  *  Check Table structure
  */
     public function validate()
     {
         global $db;
+        $result = false;
         $check_fields = array('430' => array('_hwlang' => "varchar(12)"), '431' => array('private'=> "enum('on','off')"), '433' => array('directed_pickup'=>'') );
-        $sql = "DESCRIBE `sccpdevice`;";
-        $raw_result = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
-        $result = 0;
-        foreach ($raw_result as $value) {
+        $stmt = $db->prepare('DESCRIBE sccpdevice');
+        $stmt->execute();
+        foreach ($stmt->fetchAll() as $value) {
             $id_result[$value['Field']] = $value['Type'];
         }
         foreach ($check_fields as $key => $value) {
@@ -393,7 +401,7 @@ class dbinterface
                 break;
             }
         }
-        
+
         return $result;
     }
 }

From c1fb9370bd1666dd856e88540a145022a3dff5e3 Mon Sep 17 00:00:00 2001
From: steve-lad <72376554+steve-lad@users.noreply.github.com>
Date: Sun, 7 Feb 2021 14:48:49 +0100
Subject: [PATCH 2/7] Test for chan_sccp_b version compatibility

SoftKeySets fails with chan_sccp-b prior to revision number 11048.

Check the version with the installer, and subsequently to ensure do not get exception.
---
 .../aminterface/oldinterface.class.php        |  2 +-
 Sccp_manager.inc/srvinterface.class.php       | 28 +++++++++++++------
 install.php                                   | 19 ++++++++++---
 views/server.info.php                         |  3 ++
 4 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/Sccp_manager.inc/aminterface/oldinterface.class.php b/Sccp_manager.inc/aminterface/oldinterface.class.php
index 1719f63..a8d8c86 100644
--- a/Sccp_manager.inc/aminterface/oldinterface.class.php
+++ b/Sccp_manager.inc/aminterface/oldinterface.class.php
@@ -306,7 +306,7 @@ class oldinterface
                         $result["vCode"] = 433;
                     } else {
                         $result["vCode"] = 430;
-                    }          
+                    }
                 }
             }
 
diff --git a/Sccp_manager.inc/srvinterface.class.php b/Sccp_manager.inc/srvinterface.class.php
index cf8eea5..f6b3542 100644
--- a/Sccp_manager.inc/srvinterface.class.php
+++ b/Sccp_manager.inc/srvinterface.class.php
@@ -15,6 +15,7 @@ class srvinterface {
     var $error;
     var $_info;
     var $ami_mode;
+    var $useAmiForSoftKeys = true;
 
     public function __construct($parent_class = null) {
         $this->paren_class = $parent_class;
@@ -206,24 +207,35 @@ class srvinterface {
 */        }
     }
 
-    public function get_compatible_sccp() {
-
+    public function get_compatible_sccp($revNumComp=false) {
+        // only called with args from installer to get revision and compatibility
         $res = $this->getSCCPVersion();
         if (empty($res)) {
             return 0;
         }
         switch ($res["vCode"]) {
             case 0:
-                return 0;
+                $retval = 0;
+                break;
             case 433:
-                return 433;
-
+                $retval = 433;
+                break;
             case 432:
+                $retval = 430;
+                break;
             case 431:
-                return 431;
+                $retval = 431;
+                break;
             default:
-                return 430;
+                $retval = 430;
         }
+        if ($res['RevisionNum'] < 11048) {
+            $this->useAmiForSoftKeys = false;
+        }
+        if ($revNumComp) {
+            return array($retval, $this->useAmiForSoftKeys);
+        }
+        return $retval;
     }
 
     public function getSCCPVersion() {
@@ -236,7 +248,7 @@ class srvinterface {
 
     public function sccp_list_keysets() {
 
-        if ($this->ami_mode) {
+        if (($this->ami_mode) && ($this->useAmiForSoftKeys)){
             return $this->aminterface->sccp_list_keysets();
         } else {
             return $this->oldinterface->sccp_list_keysets();
diff --git a/install.php b/install.php
index 6c4f298..6e5c510 100644
--- a/install.php
+++ b/install.php
@@ -17,6 +17,7 @@ global $astman;
 global $version;
 global $srvinterface;
 global $mobile_hw;
+global $useAmiForSoftKeys;
 $mobile_hw = '0';
 
 $class = "\\FreePBX\\Modules\\Sccp_manager\\srvinterface";
@@ -375,6 +376,7 @@ $table_req = array('sccpdevice', 'sccpline');
 $ss = FreePBX::create()->Sccp_manager;
 $astman = FreePBX::create()->astman;
 $sccp_compatible = 0;
+$chanSCCPWarning = true;
 //$db_config = $db_config_v0;
 $db_config = '';
 
@@ -445,13 +447,13 @@ function CheckAsteriskVersion()
 
 function CheckChanSCCPCompatible()
 {
+    global $chanSCCPWarning;
     global $srvinterface, $astman;
     if (!$astman) {
         ie_freepbx('No asterisk manager connection provided!. Installation Failed');
     }
-    $sccp_compatible = $srvinterface->get_compatible_sccp();
-    outn("<li>" . _("Sccp model Compatible code : ") . $sccp_compatible . "</li>");
-    return $sccp_compatible;
+    // calling with true returns array with compatibility and RevisionNumber
+    return $srvinterface->get_compatible_sccp(true);
 }
 
 function InstallDB_Buttons()
@@ -964,7 +966,11 @@ function Setup_RealTime()
 CheckSCCPManagerDBTables($table_req);
 #CheckPermissions();
 CheckAsteriskVersion();
-$sccp_compatible = CheckChanSCCPCompatible();
+$sccp_version = array();
+$sccp_version = CheckChanSCCPCompatible();
+$sccp_compatible = $sccp_version[0];
+$chanSCCPWarning = $sccp_version[1] ^= 1;
+outn("<li>" . _("Sccp model Compatible code : ") . $resultReturned[0] . "</li>");
 if ($sccp_compatible == 0) {
 //    die_freepbx('Chan Sccp not Found. Install it before continuing');
     outn("<br>");
@@ -995,6 +1001,11 @@ if (!$sccp_db_ver) {
 InstallDB_createButtonConfigTrigger();
 InstallDB_CreateSccpDeviceConfigView($sccp_compatible);
 InstallDB_updateDBVer($sccp_compatible);
+dbug('chanSCCPWarning',$chanSCCPWarning);
+if ($chanSCCPWarning) {
+    outn("<br>");
+    outn("<font color='red'>Warning: Upgrade chan_sccp_b to use full ami functionality</font>");
+}
 if (!$sccp_db_ver) {
     Setup_RealTime();
     outn("<br>");
diff --git a/views/server.info.php b/views/server.info.php
index 3982fed..56da782 100644
--- a/views/server.info.php
+++ b/views/server.info.php
@@ -36,6 +36,9 @@ $info['aminterface'] = $this->aminterface->info();
 $info['XML'] = $this->xmlinterface->info();
 $info['sccp_class'] = $driver['sccp'];
 $info['Core_sccp'] = array('Version' => $core['Version'], 'about' => 'Sccp ver.' . $core['Version'] . ' r' . $core['vCode'] . ' Revision :' . $core['RevisionNum'] . ' Hash :' . $core['RevisionHash']);
+if (!$this->srvinterface->useAmiForSoftKeys) {
+    $info['Core_sccp'] = array('Version' => $core['Version'], 'about' => 'Sccp ver.' . $core['Version'] . ' r' . $core['vCode'] . ' Revision :' . $core['RevisionNum'] . ' Hash :' . $core['RevisionHash'] . ' ----Warning: Upgrade chan_sccp to use full ami functionality');
+}
 $info['Asterisk'] = array('Version' => FreePBX::Config()->get('ASTVERSION'), 'about' => 'Asterisk.');
 
 

From c104b0e8feab92524e2922ee200116b2ceef3067 Mon Sep 17 00:00:00 2001
From: steve-lad <72376554+steve-lad@users.noreply.github.com>
Date: Sat, 6 Feb 2021 17:26:37 +0100
Subject: [PATCH 3/7] Switch to PDO model

Switch to PDO model and correct transactions
---
 Sccp_manager.class.php                 |  32 +++--
 Sccp_manager.inc/dbinterface.class.php | 180 +++++++++++++------------
 2 files changed, 112 insertions(+), 100 deletions(-)

diff --git a/Sccp_manager.class.php b/Sccp_manager.class.php
index dba8c84..a4ad284 100644
--- a/Sccp_manager.class.php
+++ b/Sccp_manager.class.php
@@ -169,6 +169,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
             $this->xml_data = simplexml_load_file($xml_vars);
             $this->initVarfromXml(); // Overwrite Exist
         }
+        $this->saveSccpSettings();
     }
 
     /*
@@ -269,25 +270,25 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
     /* unused but FPBX API requires it */
 
     public function install() {
-        
+
     }
 
     /* unused but FPBX API requires it */
 
     public function uninstall() {
-        
+
     }
 
     /* unused but FPBX API requires it */
 
     public function backup() {
-        
+
     }
 
     /* unused but FPBX API requires it */
 
     public function restore($backup) {
-        
+
     }
 
     public function getActionBar($request) {
@@ -815,7 +816,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
                             $hw_list[] = array('name' => $idv);
                         }
                         if ($idv == 'all') {
-                            
+
                         }
                     }
                 }
@@ -1483,10 +1484,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
     }
 
     public function getSccpSettingFromDB() {
-        $raw_data = $this->dbinterface->get_db_SccpSetting();
-        foreach ($raw_data as $var) {
-            $this->sccpvalues[$var['keyword']] = array('keyword' => $var['keyword'], 'data' => $var['data'], 'seq' => $var['seq'], 'type' => $var['type']);
-        }
+        $this->sccpvalues = $this->dbinterface->get_db_SccpSetting();
         return;
     }
 
@@ -1864,19 +1862,25 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
 //        global $db;
 //        global $amp_conf;
 
-        $save_settings = array();
+//        $save_settings = array();
         if (empty($save_value)) {
-            foreach ($this->sccpvalues as $key => $val) {
+            $this->dbinterface->write('sccpsettings', $this->sccpvalues, 'clear');
+
+/*            foreach ($this->sccpvalues as $key => $val) {
                 if ((trim($val['data']) !== '') or ($val['data'] == '0')) {
-                    $save_settings[] = array($key, $db->escapeSimple($val['data']), $val['seq'], $val['type']);
+                    $save_settings[] = array($key, $val['data'], $val['seq'], $val['type']);
+                } else {
+                    $unsaved_settings[] = array($key, $val['data'], $val['seq'], $val['type']);
                 }
             }
             $this->dbinterface->write('sccpsettings', $save_settings, 'clear');
+*/
         } else {
             $this->dbinterface->write('sccpsettings', $save_value, 'update');
-            return true;
         }
         return true;
+//        }
+//        return true;
     }
 
     /*
@@ -2093,7 +2097,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
         }
         // [Namesoftkeyset]
         // type=softkeyset
-        // 
+        //
         // ----- It is a very bad idea to add an external configuration file "sccp_custom.conf" !!!!
         // This will add problems when solving problems caused by unexpected solutions from users.
         //
diff --git a/Sccp_manager.inc/dbinterface.class.php b/Sccp_manager.inc/dbinterface.class.php
index efcb398..b4ee6ee 100644
--- a/Sccp_manager.inc/dbinterface.class.php
+++ b/Sccp_manager.inc/dbinterface.class.php
@@ -21,7 +21,7 @@ class dbinterface
 
     public function info()
     {
-        $Ver = '13.0.2';
+        $Ver = '13.0.2';    // This should be updated
         return array('Version' => $Ver,
             'about' => 'Data access interface ver: ' . $Ver);
     }
@@ -45,25 +45,25 @@ class dbinterface
 
     public function HWextension_db_SccpTableData($dataid, $data = array())
     {
+        global $db;
+        $stmt = '';
+        $stmts = '';
         if ($dataid == '') {
             return false;
         }
         switch ($dataid) {
             case "SccpExtension":
                 if (empty($data['name'])) {
-                    $sql = "SELECT * FROM `sccpline` ORDER BY `name`";
-                    $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                    $stmts = $db->prepare('SELECT * FROM sccpline ORDER BY name');
                 } else {
-                    $sql = "SELECT * FROM `sccpline` WHERE `name`='" . $data['name']. "'";
-                    ;
-                    $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                    $stmts = $db->prepare('SELECT * FROM sccpline WHERE name = $data[name]');
                 }
                 break;
             case "SccpDevice":
-                $filtred ='';
-                $singlrow = false;
+                $filtered ='';
+                $singlerow = false;
                 if (empty($data['fields'])) {
-                    $fld = '`name`,`name` as `mac`, `type`, `button`, `addon`, `_description` as description';
+                    $fld = 'name, name as mac, type, button, addon, _description as description';
                 } else {
                     switch ($data['fields']) {
                         case "all":
@@ -78,30 +78,29 @@ class dbinterface
                     }
                 }
                 if (!empty($data['name'])) {
-                    $filtred = "`name`='" . $data['name']. "'";
-                    ;
-                    $singlrow = true;
+                    $filtered = 'name =' . $data['name']. '';
+                    $singlerow = true;
                 }
                 if (!empty($data['type'])) {
                     switch ($data['type']) {
                         case "cisco-sip":
-                            $filtred = "`TYPE` LIKE '%-sip'";
+                            $filtered = 'TYPE LIKE \'%-sip\'';
                             break;
                         case "cisco":
                         default:
-                            $filtred = "`TYPE` not LIKE '%-sip'";
+                            $filtered = 'TYPE not LIKE \'%-sip\'';
                             break;
                     }
                 }
-                if (empty($filtred)) {
-                    $sql = "SELECT ". $fld ." FROM `sccpdeviceconfig` ORDER BY `name`";
+                if (empty($filtered)) {
+                    $sql = 'SELECT ' . $fld . ' FROM sccpdeviceconfig ORDER BY name';
                 } else {
-                    $sql = "SELECT ". $fld ." FROM `sccpdeviceconfig` WHERE ".$filtred." ORDER BY `name`";
+                    $sql = 'SELECT ' . $fld . ' FROM sccpdeviceconfig WHERE '. $filtered . ' ORDER BY name';
                 }
-                if ($singlrow) {
-                    $raw_settings = sql($sql, "getRow", DB_FETCHMODE_ASSOC);
+                if ($singlerow) {
+                    $stmt = $db->prepare($sql);
                 } else {
-                    $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                    $stmts = $db->prepare($sql);
                 }
                 break;
             case "HWSipDevice":
@@ -115,26 +114,26 @@ class dbinterface
                 break;
             case "get_colums_sccpdevice":
                 $sql = "DESCRIBE sccpdevice";
-                $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                $stmt = $db->prepare($sql);
                 break;
             case "get_colums_sccpuser":
                 $sql = "DESCRIBE sccpuser";
-                $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                $stmts = $db->prepare($sql);
                 break;
             case "get_sccpdevice_byid":
                 $sql = 'SELECT t1.*, types.dns,  types.buttons, types.loadimage, types.nametemplate as nametemplate, '
                         . 'addon.buttons as addon_buttons FROM sccpdevice AS t1 '
                         . 'LEFT JOIN sccpdevmodel as types ON t1.type=types.model '
-                        . 'LEFT JOIN sccpdevmodel as addon ON t1.addon=addon.model WHERE name="' . $data['id'] . '";';
-                $raw_settings = sql($sql, "getRow", DB_FETCHMODE_ASSOC);
+                        . 'LEFT JOIN sccpdevmodel as addon ON t1.addon=addon.model WHERE name="' . $data['id'] . '';
+                $stmt = $db->prepare($sql);
                 break;
             case "get_sccpuser":
-                $sql = "SELECT * FROM `sccpuser` ";
+                $sql = 'SELECT * FROM sccpuser ';
                 if (!empty($data['id'])) {
-                    $sql .= 'WHERE name="' . $data['id'] . '" ';
+                    $sql .= 'WHERE name= ' . $data['id'] . '';
                 }
-                $sql .= "ORDER BY `name`;";
-                $raw_settings = sql($sql, "getRow", DB_FETCHMODE_ASSOC);
+                $sql .= ' ORDER BY name';
+                $stmt = $db->prepare($sql);
                 break;
             case "get_sccpdevice_buttons":
                 $sql = '';
@@ -145,29 +144,40 @@ class dbinterface
                     $sql .= (empty($sql)) ? 'ref="' . $data['id'] . '" ' : 'and ref="' . $data['id'] . '" ';
                 }
                 if (!empty($sql)) {
-                    $sql = 'SELECT * FROM sccpbuttonconfig WHERE ' .$sql. 'ORDER BY `instance`;';
-                    $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
+                    $sql = 'SELECT * FROM sccpbuttonconfig WHERE ' .$sql. ' ORDER BY `instance`;';
+                    $stmts = $db->prepare($sql);
                 } else {
                     $raw_settings = array();
                 }
                 break;
         }
-
+        if (!empty($stmt)) {
+            $stmt->execute();
+            $raw_settings = $stmt->fetch(\PDO::FETCH_ASSOC);
+        } elseif (!empty($stmts)) {
+            $stmts->execute();
+            $raw_settings = $stmts->fetchAll(\PDO::FETCH_ASSOC);
+        }
         return $raw_settings;
     }
 
     public function get_db_SccpSetting()
     {
-        $sql = "SELECT `keyword`, `data`, `type`, `seq` FROM `sccpsettings` ORDER BY `type`, `seq`";
-        $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
-        return $raw_settings;
+        global $db;
+        $stmt = $db->prepare('SELECT keyword, data, type, seq FROM sccpsettings ORDER BY type, seq');
+        $stmt->execute();
+        foreach ($stmt->fetchAll() as $var) {
+            $mysccpvalues[$var['keyword']] = array('keyword' => $var['keyword'], 'data' => $var['data'], 'seq' => $var['seq'], 'type' => $var['type']);
+        }
+        return $mysccpvalues;
     }
 
     public function get_db_sysvalues()
     {
-        $sql = "SHOW VARIABLES LIKE '%group_concat%'";
-        $raw_settings = sql($sql, "getRow", DB_FETCHMODE_ASSOC);
-        return $raw_settings;
+        global $db;
+        $stmt = $db->prepare('SHOW VARIABLES LIKE \'%group_concat%\'');
+        $stmt->execute();
+        return $stmt->fetch(\PDO::FETCH_ASSOC);
     }
 
     /*
@@ -186,20 +196,19 @@ class dbinterface
                 $sel_inf = "*";
                 break;
         }
-
         $sel_inf .= ", '0' as 'validate'";
         switch ($get) {
             case "byciscoid":
                 if (!empty($filter)) {
                     if (!empty($filter['model'])) {
                         if (strpos($filter['model'], 'loadInformation')) {
-                            $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (`loadinformationid` ='" . $filter['model'] . "') ORDER BY model ";
+                            $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (loadinformationid =' . $filter['model'] . ') ORDER BY model';
                         } else {
-                            $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (`loadinformationid` ='loadInformation" . $filter['model'] . "') ORDER BY model ";
+                            $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (loadinformationid =loadInformation' . $filter['model'] . ') ORDER BY model';
                         }
                     } else {
 //                          $sql = "SELECT ".$filter['model'];
-                        $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel ORDER BY model ";
+                        $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
                     }
                     break;
                 }
@@ -207,86 +216,87 @@ class dbinterface
             case "byid":
                 if (!empty($filter)) {
                     if (!empty($filter['model'])) {
-                        $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (`model` ='" . $filter['model'] . "') ORDER BY model ";
+                        $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (model =' . $filter['model'] . ') ORDER BY model';
                     } else {
 //                          $sql = "SELECT ".$filter['model'];
-                        $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel ORDER BY model ";
+                        $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
                     }
                     break;
                 }
                 break;
             case "extension":
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (dns = 0) and (enabled > 0) ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns = 0) and (enabled > 0) ORDER BY model'; //check table
                 break;
             case "enabled":
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE enabled > 0 ORDER BY model ';
+                break;
             case "phones":
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) ORDER BY model ";
-//                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (enabled > 0) ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) ORDER BY model '; //check table
                 break;
             case "ciscophones":
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND `vendor` not LIKE '%-sip' ORDER BY model ";
-//                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (enabled > 0) ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND vendor NOT LIKE \'%-sip\' ORDER BY model';
                 break;
             case "sipphones":
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND `vendor` LIKE '%-sip' ORDER BY model ";
-//                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel WHERE (enabled > 0) ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND `vendor` LIKE \'%-sip\' ORDER BY model';
                 break;
             case "all":
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
+                break;
             default:
-                $sql = "SELECT " . $sel_inf . " FROM sccpdevmodel ORDER BY model ";
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
                 break;
         }
-        $raw_settings = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
-        return $raw_settings;
+        $stmt = $db->prepare($sql);
+        $stmt->execute();
+        return $stmt->fetchAll();
     }
 
-    function write($db_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
+    function write($table_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
     {
-        // mode clear  - Empty tabele before update
+        // mode clear  - Empty table before update
         // mode update - update / replace record
         global $db;
 //        global $amp_conf;
-        $result = "Error";
+        $result = false;
         $delete_value = array();
-        switch ($db_name) {
+        switch ($table_name) {
             case 'sccpsettings':
                 foreach ($save_value as $key_v => $data) {
-                    if (!empty($data)) {
-                        if (isset($data[1])) {
-                            if ($data[1] == $this->val_null) {
+                    if (!empty($data) && isset($data['data'])) {
+                            if ($data['data'] == $this->val_null) {
                                 $delete_value[] = $save_value[$key_v]['keyword'];
                                 unset($save_value[$key_v]);
                             }
-                        }
-                        if (isset($data['data'])) {
+/*                      if (isset($data['data'])) {
                             if ($data['data'] == $this->val_null) {
                                 $delete_value[] = $save_value[$key_v]['keyword'];
                                 unset($save_value[$key_v]);
                             }
                         }
-                    }
+*/                    }
                 }
                 if ($mode == 'clear') {
-                    $sql = 'truncate `sccpsettings`';
-                    $stmt = $db->prepare($sql);
-                    $stmt->execute();
-                    $stmt = $db->prepare('INSERT INTO `sccpsettings` (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
+//                    $sql = 'truncate `sccpsettings`';
+                    $db->prepare('TRUNCATE sccpsettings')->execute();
+                    $stmt = $db->prepare('INSERT INTO sccpsettings (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
                     $result = $db->executeMultiple($stmt, $save_value);
                 } else {
                     if (!empty($delete_value)) {
-                        $stmt = $db->prepare('DELETE FROM `sccpsettings` WHERE `keyword`=?');
+                        $stmt = $db->prepare('DELETE FROM sccpsettings WHERE `keyword`=?');
                         $result = $db->executeMultiple($stmt, $delete_value);
                     }
                     if (!empty($save_value)) {
-                        $stmt = $db->prepare('REPLACE INTO `sccpsettings` (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
+                        $stmt = $db->prepare('REPLACE INTO sccpsettings (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
                         $result = $db->executeMultiple($stmt, $save_value);
                     }
                 }
                 break;
             case 'sccpdevmodel':
+                break;
             case 'sccpdevice':
+                break;
             case 'sccpuser':
-                $sql_db = $db_name;
+                $sql_db = $table_name;
                 $sql_key = "";
                 $sql_var = "";
                 foreach ($save_value as $key_v => $data) {
@@ -304,23 +314,21 @@ class dbinterface
                 }
                 if (!empty($sql_var)) {
                     if ($mode == 'delete') {
-                        $req = 'DELETE FROM `' . $sql_db . '` WHERE ' . $sql_key . ';';
+                        $req = 'DELETE FROM sccpuser WHERE ' . $sql_key . '';
                     } else {
                         if ($mode == 'update') {
-                            $req = 'UPDATE `' . $sql_db . '` SET ' . $sql_var . ' WHERE ' . $sql_key . ';';
+                            $req = 'UPDATE sccpuser SET ' . $sql_var .  WHERE  . $sql_key . '';
                         } else {
-                            $req = 'REPLACE INTO `' . $sql_db . '` SET ' . $sql_var . ';';
+                            $req = 'REPLACE INTO sccpuser SET ' . $sql_var . '';
                         }
                     }
                 }
-                $stmt = $db->prepare($req);
-                $result = $stmt->execute();
+                $result = $db->prepare($req)->execute();
                 break;
             case 'sccpbuttons':
                 if (($mode == 'clear') || ($mode == 'delete')) {
-                    $sql = 'DELETE FROM `sccpbuttonconfig` WHERE ref="' . $hwid . '";';
-                    $stmt = $db->prepare($sql);
-                    $stmt->execute();
+                    $sql = 'DELETE FROM sccpbuttonconfig WHERE ref=' . $hwid . '';
+                    $result = $db->prepare($sql)->execute();
                 }
                 if ($mode == 'delete') {
                     break;
@@ -329,13 +337,13 @@ class dbinterface
                     break;
                 }
                 if ($mode == 'replace') {
-                    $sql = 'UPDATE `sccpbuttonconfig` SET `name`=? WHERE  `ref`= ? AND `reftype`=? AND `instance`=?  AND `buttontype`=?;';
+                    $sql = 'UPDATE sccpbuttonconfig SET `name`=? WHERE  `ref`= ? AND `reftype`=? AND `instance`=?  AND `buttontype`=?';
 //                    $sql = 'INSERT INTO `sccpbuttonconfig` (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?);';
 //                    die(print_r($save_value,1));
                     $stmt = $db->prepare($sql);
                     $result= $db->executeMultiple($stmt, $save_value);
                 } else {
-                    $sql = 'INSERT INTO `sccpbuttonconfig` (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?);';
+                    $sql = 'INSERT INTO sccpbuttonconfig (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?)';
 //                    die(print_r($save_value,1));
                     $stmt = $db->prepare($sql);
                     $result = $db->executeMultiple($stmt, $save_value);
@@ -356,18 +364,18 @@ class dbinterface
         $result = exec('mysqldump '.$database.' --password='.$pass.' --user='.$user.' --single-transaction >'.$filename, $output);
         return $filename;
     }
-    
+
 /*
  *  Check Table structure
  */
     public function validate()
     {
         global $db;
+        $result = false;
         $check_fields = array('430' => array('_hwlang' => "varchar(12)"), '431' => array('private'=> "enum('on','off')"), '433' => array('directed_pickup'=>'') );
-        $sql = "DESCRIBE `sccpdevice`;";
-        $raw_result = sql($sql, "getAll", DB_FETCHMODE_ASSOC);
-        $result = 0;
-        foreach ($raw_result as $value) {
+        $stmt = $db->prepare('DESCRIBE sccpdevice');
+        $stmt->execute();
+        foreach ($stmt->fetchAll() as $value) {
             $id_result[$value['Field']] = $value['Type'];
         }
         foreach ($check_fields as $key => $value) {
@@ -393,7 +401,7 @@ class dbinterface
                 break;
             }
         }
-        
+
         return $result;
     }
 }

From 22e1939acedd711114e4e8ef85593343ebdb9c2b Mon Sep 17 00:00:00 2001
From: steve-lad <72376554+steve-lad@users.noreply.github.com>
Date: Sun, 7 Feb 2021 16:09:35 +0100
Subject: [PATCH 4/7] Cleaning up

Simplify structure and fix errors
---
 Sccp_manager.inc/dbinterface.class.php | 71 ++++++++++++--------------
 1 file changed, 34 insertions(+), 37 deletions(-)

diff --git a/Sccp_manager.inc/dbinterface.class.php b/Sccp_manager.inc/dbinterface.class.php
index b4ee6ee..674f69e 100644
--- a/Sccp_manager.inc/dbinterface.class.php
+++ b/Sccp_manager.inc/dbinterface.class.php
@@ -31,20 +31,21 @@ class dbinterface
      */
     public function get_db_SccpTableByID($dataid, $data = array(), $indexField = '')
     {
-        $resut = array();
+        $result = array();
         $raw = $this->HWextension_db_SccpTableData($dataid, $data);
         if (empty($raw) || empty($indexField)) {
             return $raw;
         }
         foreach ($raw as $value) {
             $id = $value[$indexField];
-            $resut[$id] = $value;
+            $result[$id] = $value;
         }
         return $resut;
     }
 
     public function HWextension_db_SccpTableData($dataid, $data = array())
     {
+        // $stmt is a single row fetch, $stmts is a fetchAll.
         global $db;
         $stmt = '';
         $stmts = '';
@@ -52,14 +53,14 @@ class dbinterface
             return false;
         }
         switch ($dataid) {
-            case "SccpExtension":
+            case 'SccpExtension':
                 if (empty($data['name'])) {
                     $stmts = $db->prepare('SELECT * FROM sccpline ORDER BY name');
                 } else {
                     $stmts = $db->prepare('SELECT * FROM sccpline WHERE name = $data[name]');
                 }
                 break;
-            case "SccpDevice":
+            case 'SccpDevice':
                 $filtered ='';
                 $singlerow = false;
                 if (empty($data['fields'])) {
@@ -103,20 +104,20 @@ class dbinterface
                     $stmts = $db->prepare($sql);
                 }
                 break;
-            case "HWSipDevice":
+            case 'HWSipDevice':
                 $raw_settings = $this->getDb_model_info($get = "sipphones", $format_list = "model");
                 break;
-            case "HWDevice":
+            case 'HWDevice':
                 $raw_settings = $this->getDb_model_info($get = "ciscophones", $format_list = "model");
                 break;
-            case "HWextension":
+            case 'HWextension':
                 $raw_settings = $this->getDb_model_info($get = "extension", $format_list = "model");
                 break;
-            case "get_colums_sccpdevice":
+            case 'get_colums_sccpdevice':
                 $sql = "DESCRIBE sccpdevice";
                 $stmt = $db->prepare($sql);
                 break;
-            case "get_colums_sccpuser":
+            case 'get_colums_sccpuser':
                 $sql = "DESCRIBE sccpuser";
                 $stmts = $db->prepare($sql);
                 break;
@@ -127,7 +128,7 @@ class dbinterface
                         . 'LEFT JOIN sccpdevmodel as addon ON t1.addon=addon.model WHERE name="' . $data['id'] . '';
                 $stmt = $db->prepare($sql);
                 break;
-            case "get_sccpuser":
+            case 'get_sccpuser':
                 $sql = 'SELECT * FROM sccpuser ';
                 if (!empty($data['id'])) {
                     $sql .= 'WHERE name= ' . $data['id'] . '';
@@ -135,13 +136,13 @@ class dbinterface
                 $sql .= ' ORDER BY name';
                 $stmt = $db->prepare($sql);
                 break;
-            case "get_sccpdevice_buttons":
+            case 'get_sccpdevice_buttons':
                 $sql = '';
                 if (!empty($data['buttontype'])) {
                     $sql .= 'buttontype="' . $data['buttontype'] . '" ';
                 }
                 if (!empty($data['id'])) {
-                    $sql .= (empty($sql)) ? 'ref="' . $data['id'] . '" ' : 'and ref="' . $data['id'] . '" ';
+                    $sql .= (empty($sql)) ? 'ref="' . $data['id'] . '" ' : 'and ref="' . $data['id'] . '';
                 }
                 if (!empty($sql)) {
                     $sql = 'SELECT * FROM sccpbuttonconfig WHERE ' .$sql. ' ORDER BY `instance`;';
@@ -204,7 +205,7 @@ class dbinterface
                         if (strpos($filter['model'], 'loadInformation')) {
                             $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (loadinformationid =' . $filter['model'] . ') ORDER BY model';
                         } else {
-                            $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (loadinformationid =loadInformation' . $filter['model'] . ') ORDER BY model';
+                            $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (loadinformationid = loadInformation' . $filter['model'] . ') ORDER BY model';
                         }
                     } else {
 //                          $sql = "SELECT ".$filter['model'];
@@ -326,36 +327,32 @@ class dbinterface
                 $result = $db->prepare($req)->execute();
                 break;
             case 'sccpbuttons':
-                if (($mode == 'clear') || ($mode == 'delete')) {
-                    $sql = 'DELETE FROM sccpbuttonconfig WHERE ref=' . $hwid . '';
-                    $result = $db->prepare($sql)->execute();
+                switch ($mode) {
+                    case 'clear':   // no break here as clear is same as delete
+                    case 'delete':
+                        $sql = 'DELETE FROM sccpbuttonconfig WHERE ref=' . $hwid . '';
+                        $result = $db->prepare($sql)->execute();
+                        break;
+                    case 'replace':
+                        if (!empty($save_value)) {
+                            $sql = 'UPDATE sccpbuttonconfig SET `name`=? WHERE  `ref`= ? AND `reftype`=? AND `instance`=?  AND `buttontype`=?';
+                            $stmt = $db->prepare($sql);
+                            $result= $db->executeMultiple($stmt, $save_value);
+                        }
+                        break;
+                    default:
+                        if (!empty($save_value)) {
+                            $sql = 'INSERT INTO sccpbuttonconfig (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?)';
+                            $stmt = $db->prepare($sql);
+                            $result = $db->executeMultiple($stmt, $save_value);
+                        }
                 }
-                if ($mode == 'delete') {
-                    break;
-                }
-                if (empty($save_value)) {
-                    break;
-                }
-                if ($mode == 'replace') {
-                    $sql = 'UPDATE sccpbuttonconfig SET `name`=? WHERE  `ref`= ? AND `reftype`=? AND `instance`=?  AND `buttontype`=?';
-//                    $sql = 'INSERT INTO `sccpbuttonconfig` (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?);';
-//                    die(print_r($save_value,1));
-                    $stmt = $db->prepare($sql);
-                    $result= $db->executeMultiple($stmt, $save_value);
-                } else {
-                    $sql = 'INSERT INTO sccpbuttonconfig (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?)';
-//                    die(print_r($save_value,1));
-                    $stmt = $db->prepare($sql);
-                    $result = $db->executeMultiple($stmt, $save_value);
-                }
-
-                break;
         }
         return $result;
     }
 
     /*
-     *  My be Replace by SccpTables ??!
+     *  Maybe Replace by SccpTables ??!
      *
      */
     public function dump_sccp_tables($data_path, $database, $user, $pass)

From 6664ab97af043a77030cd51fe7e866c369d9c59c Mon Sep 17 00:00:00 2001
From: steve-lad <72376554+steve-lad@users.noreply.github.com>
Date: Mon, 8 Feb 2021 15:27:35 +0100
Subject: [PATCH 5/7] Further clean ups and annotations

Document changes
---
 Sccp_manager.class.php                 | 18 ++----
 Sccp_manager.inc/dbinterface.class.php | 76 ++++++++++----------------
 assets/js/sccp_manager.js              | 11 ++--
 views/advserver.model.php              | 33 +++++------
 4 files changed, 56 insertions(+), 82 deletions(-)

diff --git a/Sccp_manager.class.php b/Sccp_manager.class.php
index a4ad284..41f577d 100644
--- a/Sccp_manager.class.php
+++ b/Sccp_manager.class.php
@@ -869,6 +869,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
                 }
                 break;
             case 'getDeviceModel':
+dbug('getting Device model');
                 switch ($request['type']) {
                     case 'all':
                     case 'extension':
@@ -929,6 +930,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
                 return $result;
                 break;
             case 'getExtensionGrid':
+dbug('getting Extension Grid');
                 $result = $this->dbinterface->HWextension_db_SccpTableData('SccpExtension');
                 if (empty($result)) {
                     return array();
@@ -952,6 +954,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
                 return $result;
                 break;
             case 'getPhoneGrid':
+dbug('getting Phone Grid');
                 $cmd_type = !empty($request['type']) ? $request['type'] : '';
 
                 $result = $this->dbinterface->HWextension_db_SccpTableData('SccpDevice', array('type' => $cmd_type));
@@ -1865,22 +1868,10 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
 //        $save_settings = array();
         if (empty($save_value)) {
             $this->dbinterface->write('sccpsettings', $this->sccpvalues, 'clear');
-
-/*            foreach ($this->sccpvalues as $key => $val) {
-                if ((trim($val['data']) !== '') or ($val['data'] == '0')) {
-                    $save_settings[] = array($key, $val['data'], $val['seq'], $val['type']);
-                } else {
-                    $unsaved_settings[] = array($key, $val['data'], $val['seq'], $val['type']);
-                }
-            }
-            $this->dbinterface->write('sccpsettings', $save_settings, 'clear');
-*/
         } else {
             $this->dbinterface->write('sccpsettings', $save_value, 'update');
         }
         return true;
-//        }
-//        return true;
     }
 
     /*
@@ -2140,9 +2131,8 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
         } else {
             $dir_list = $this->findAllFiles($dir, $file_ext, 'fileonly');
         }
-
         $raw_settings = $this->dbinterface->getDb_model_info($get, $format_list, $filter);
-
+dbug('reloading table');
         if ($validate) {
             for ($i = 0; $i < count($raw_settings); $i++) {
                 $raw_settings[$i]['validate'] = '-;-';
diff --git a/Sccp_manager.inc/dbinterface.class.php b/Sccp_manager.inc/dbinterface.class.php
index 674f69e..a4bd67e 100644
--- a/Sccp_manager.inc/dbinterface.class.php
+++ b/Sccp_manager.inc/dbinterface.class.php
@@ -121,7 +121,7 @@ class dbinterface
                 $sql = "DESCRIBE sccpuser";
                 $stmts = $db->prepare($sql);
                 break;
-            case "get_sccpdevice_byid":
+            case 'get_sccpdevice_byid':
                 $sql = 'SELECT t1.*, types.dns,  types.buttons, types.loadimage, types.nametemplate as nametemplate, '
                         . 'addon.buttons as addon_buttons FROM sccpdevice AS t1 '
                         . 'LEFT JOIN sccpdevmodel as types ON t1.type=types.model '
@@ -185,21 +185,15 @@ class dbinterface
      *      Get Sccp Device Model information
      */
 
-    function getDb_model_info($get = "all", $format_list = "all", $filter = array())
+    function getDb_model_info($get = 'all', $format_list = 'all', $filter = array())
     {
         global $db;
-        switch ($format_list) {
-            case "model":
-                $sel_inf = "model, vendor, dns, buttons";
-                break;
-            case "all":
-            default:
-                $sel_inf = "*";
-                break;
+        $sel_inf = '*, 0 as validate';
+        if ($format_list === 'model') {
+            $sel_inf = 'model, vendor, dns, buttons, 0 as validate';
         }
-        $sel_inf .= ", '0' as 'validate'";
         switch ($get) {
-            case "byciscoid":
+            case 'byciscoid':
                 if (!empty($filter)) {
                     if (!empty($filter['model'])) {
                         if (strpos($filter['model'], 'loadInformation')) {
@@ -214,7 +208,7 @@ class dbinterface
                     break;
                 }
                 break;
-            case "byid":
+            case 'byid':
                 if (!empty($filter)) {
                     if (!empty($filter['model'])) {
                         $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (model =' . $filter['model'] . ') ORDER BY model';
@@ -225,31 +219,29 @@ class dbinterface
                     break;
                 }
                 break;
-            case "extension":
+            case 'extension':
                 $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns = 0) and (enabled > 0) ORDER BY model'; //check table
                 break;
-            case "enabled":
-                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE enabled > 0 ORDER BY model ';
+            case 'enabled':
+                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE enabled > 0 ORDER BY model '; //previously this fell through to phones.
                 break;
-            case "phones":
+            case 'phones':
                 $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) ORDER BY model '; //check table
                 break;
-            case "ciscophones":
+            case 'ciscophones':
                 $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND vendor NOT LIKE \'%-sip\' ORDER BY model';
                 break;
-            case "sipphones":
+            case 'sipphones':
                 $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel WHERE (dns > 0) and (enabled > 0) AND `vendor` LIKE \'%-sip\' ORDER BY model';
                 break;
-            case "all":
-                $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
-                break;
+            case 'all':     // Fall through to default
             default:
                 $sql = 'SELECT ' . $sel_inf . ' FROM sccpdevmodel ORDER BY model';
                 break;
         }
         $stmt = $db->prepare($sql);
         $stmt->execute();
-        return $stmt->fetchAll();
+        return $stmt->fetchAll(\PDO::FETCH_ASSOC);
     }
 
     function write($table_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
@@ -318,7 +310,7 @@ class dbinterface
                         $req = 'DELETE FROM sccpuser WHERE ' . $sql_key . '';
                     } else {
                         if ($mode == 'update') {
-                            $req = 'UPDATE sccpuser SET ' . $sql_var .  WHERE  . $sql_key . '';
+                            $req = 'UPDATE sccpuser SET ' . $sql_var .  'WHERE ' . $sql_key . '';
                         } else {
                             $req = 'REPLACE INTO sccpuser SET ' . $sql_var . '';
                         }
@@ -368,37 +360,29 @@ class dbinterface
     public function validate()
     {
         global $db;
-        $result = false;
-        $check_fields = array('430' => array('_hwlang' => "varchar(12)"), '431' => array('private'=> "enum('on','off')"), '433' => array('directed_pickup'=>'') );
+        $result = 0;
+        $check_fields = [
+                        '430' => ['_hwlang' => "varchar(12)"],
+                        '431' => ['private'=> "enum('on','off')"],
+                        '433' => ['directed_pickup'=>'']
+                        ];
         $stmt = $db->prepare('DESCRIBE sccpdevice');
         $stmt->execute();
-        foreach ($stmt->fetchAll() as $value) {
+        foreach ($stmt->fetchAll(\PDO::FETCH_ASSOC) as $value) {
             $id_result[$value['Field']] = $value['Type'];
         }
         foreach ($check_fields as $key => $value) {
-            $sub_result = true;
-            foreach ($value as $skey => $svalue) {
-                if (!empty($svalue)) {
-                    if (empty($id_result[$skey])) {
-                        $sub_result = false;
-                    } else {
-                        if (strtolower($id_result[$skey]) != strtolower($svalue)) {
-                            $sub_result = false;
-                        }
-                    }
-                } else {
-                    if (!empty($id_result[$skey])) {
-                        $sub_result = false;
+            if (!empty(array_intersect_assoc($value, $id_result))) {
+                  $result = $key;
+            } else {
+                // no match but maybe checking against an empty string so just need to check key does not exist
+                foreach ($value as $skey => $svalue) {
+                    if (empty($svalue) && (!isset($id_result[$skey]))) {
+                        $result = $key;
                     }
                 }
             }
-            if ($sub_result) {
-                $result = $key;
-            } else {
-                break;
-            }
         }
-
         return $result;
     }
 }
diff --git a/assets/js/sccp_manager.js b/assets/js/sccp_manager.js
index b8502ff..d163635 100644
--- a/assets/js/sccp_manager.js
+++ b/assets/js/sccp_manager.js
@@ -241,7 +241,7 @@ $(document).ready(function () {
         }
         e.preventDefault();
     });
-    
+
 // Form.buttons - Form.adddevice
     $('.futuretype').change(function (e) {
         var kid = $(this).data('id');
@@ -256,7 +256,7 @@ $(document).ready(function () {
                 }
             }
         });
-        
+
     });
 
     $('.buttontype').change(function (e) {
@@ -627,7 +627,7 @@ $(document).ready(function () {
                     i++;
                 });
             }
-            
+
             if (datas === '') {
                 if (confirm(conf_msg)) {
                     datas = 'name[0]=all';
@@ -692,7 +692,7 @@ $(document).ready(function () {
 //});
 
 
-//    Bootstrap table Enabled / Disabled buttons ( class="btn-tab-select")
+//    Bootstrap table Enable / Disable buttons ( class="btn-tab-select")
 $("table").on('check-all.bs.table', function (rows) {
     var id_fld = $(this).data('id');
     $(".btn-tab-select").each(function () {
@@ -1011,7 +1011,7 @@ function bs_page_reload()
 }
 function bs_alert(data, status, reload)
 {
-    
+
     if (document.getElementById('hwalert') === null) {
         if (Array.isArray(data)) {
             data.forEach(function (entry) {
@@ -1075,4 +1075,3 @@ function sleep(milliseconds)
         }
     }
 }
-
diff --git a/views/advserver.model.php b/views/advserver.model.php
index d19ea78..0a999b4 100644
--- a/views/advserver.model.php
+++ b/views/advserver.model.php
@@ -13,12 +13,13 @@
 
             <div class="display no-border">
                 <div id="toolbar-model">
-                    <button type="button" class="btn btn-primary btn-lg" data-toggle="modal" data-target=".add_new_model"><i class="fa fa-bolt"></i> <?php echo _("Add model"); ?></button>
+                    <button type="button" class="btn btn-primary btn-lg" data-toggle="modal" data-target=".add_new_model"><i class="fa fa-bolt"></i> <?php echo _("Add model"); ?>
+                    </button>
                     <button data-id="model_disabled" class="btn btn-danger sccp_update btn-tab-select" data-type="sccp_model" data-table="table-models" disabled data-section="all">
-                        <i class="glyphicon glyphicon-remove"></i> <span><?php echo _('Disabled') ?></span>
+                        <i class="glyphicon glyphicon-remove"></i> <span><?php echo _('Disable') ?></span>
                     </button>
                     <button data-id="model_enabled" class="btn btn-danger sccp_update btn-tab-select" data-table="table-models" data-type="sccp_model" disabled data-section="all">
-                        <i class="glyphicon glyphicon-active"></i> <span><?php echo _('Enabled') ?></span>
+                        <i class="glyphicon glyphicon-active"></i> <span><?php echo _('Enable') ?></span>
                     </button>
                     <div class="btn-group">
                         <a class="btn dropdown-toggle" data-toggle="dropdown" href="#">
@@ -27,8 +28,8 @@
                         </a>
                         <ul class="dropdown-menu">
                             <li><a class="dropitem" data-id="enabled" tabindex="-1" href="#"><span><?php echo _('Show Enabled') ?></span></a></li>
-                            <li><a class="dropitem" data-id="extension" tabindex="-1" href="#"><span><?php echo _('Expansion Module')?></span></a></li>                            
-                            <li><a class="dropitem" data-id="all" tabindex="-1" href="#"><span><?php echo _('Show All') ?></span></a></li>                            
+                            <li><a class="dropitem" data-id="extension" tabindex="-1" href="#"><span><?php echo _('Expansion Module')?></span></a></li>
+                            <li><a class="dropitem" data-id="all" tabindex="-1" href="#"><span><?php echo _('Show All') ?></span></a></li>
                         </ul>
                     </div>
                 </div>
@@ -108,8 +109,8 @@
                     <div class="row"><div class="col-md-12">
                         <span id="new_buttons-help" class="help-block fpbx-help-block">Help.</span>
                 </div></div></div>
-                
-                
+
+
                 <div class="element-container"><div class="row"> <div class="form-group"><div class="col-md-3">
                         <label class="control-label" for="new_loadimage"><?php echo _('Load Image');?></label>
                         <i class="fa fa-question-circle fpbx-help-icon" data-for="new_loadimage"></i>
@@ -129,7 +130,7 @@
                     <div class="row"><div class="col-md-12">
                         <span id="new_loadinformationid-help" class="help-block fpbx-help-block">Help.</span>
                 </div></div></div>
-                
+
                 <div class="element-container"><div class="row"> <div class="form-group"><div class="col-md-3">
                         <label class="control-label" for="new_nametemplate"><?php echo _('Model template XML');?></label>
                         <i class="fa fa-question-circle fpbx-help-icon" data-for="new_nametemplate"></i>
@@ -143,7 +144,7 @@
             <div class="modal-footer">
                 <button type="button" class="btn btn-default" data-dismiss="modal"><?php echo _('Close');?></button>
                 <button type="button" class="btn btn-primary sccp_update" data-id="model_add" id="add_new_model" data-dismiss="modal"><?php echo _('Add New model without Enabled');?></button>
-            </div>            
+            </div>
         </div>
     </div>
 </div>
@@ -169,7 +170,7 @@
                         <span id="editd_model-help" class="help-block fpbx-help-block">Help.</span>
                 </div></div></div>
 
-                
+
                 <div class="element-container"><div class="row"> <div class="form-group"><div class="col-md-3">
                         <label class="control-label" for="editd_loadimage"><?php echo _('Load Image');?></label>
                         <i class="fa fa-question-circle fpbx-help-icon" data-for="edit_devimage"></i>
@@ -190,12 +191,12 @@
                         <span id="editd_nametemplate-help" class="help-block fpbx-help-block">Help.</span>
                 </div></div></div>
 
-                
+
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-default" data-dismiss="modal"><?php echo _('Close');?></button>
                 <button type="button" class="btn btn-primary sccp_update" data-id="model_apply" data-dismiss="modal"><?php echo _('apply');?></button>
-            </div>            
+            </div>
         </div>
     </div>
 </div>
@@ -214,7 +215,7 @@
 //    function DispayInputFormatter(value, row, index) {
 //        return  (value == null) ?  '<input class="tabl-edit form-control" name="' + row['model'] + '_template" type="text" value="">'  : '<input class="tabl-edit form-control" name="' + row['model'] + '_template" type="text" value="' + value + '">';
 //    }
-    
+
     function DispayActionsModelFormatter(value, row, index) {
         var exp_model = '';
 //        exp_model += '<a href="#edit_model"   class="btn btn-info"   onclick="load_model(this, &quot;'+row['model']+'&quot;)" data-toggle="modal"><i class="fa fa-pencil"></i></a>';
@@ -236,12 +237,12 @@
         return value;
 
     }
-    
+
     function SetRowColor(row, index) {
         var tclass = "active";
         if (row['enabled'] === 1) {
             tclass = (index % 2 === 0) ? "info" : "info";
-        }    
+        }
         if ((row['validate'] === 'yes;yes') || (row['validate'] === 'yes;-')) {
 //            tclass = (row['enabled'] === '1') ?  "danger" : "warning";
         } else {
@@ -249,7 +250,7 @@
         }
         return {classes: tclass};
     }
-    
+
     function load_model(elmnt,clr) {
 //        $("#edit_devmodel").text(clr);
         var drow = $("#table-models").bootstrapTable('getRowByUniqueId',clr);

From 89d4e45f5ebfca2e2ff3a3cff7be518a4a1d9b60 Mon Sep 17 00:00:00 2001
From: steve-lad <72376554+steve-lad@users.noreply.github.com>
Date: Mon, 8 Feb 2021 17:41:19 +0100
Subject: [PATCH 6/7] Update Transactions and fix errors

Reduce quoting level, and fix errors introduced by prior commits
---
 Sccp_manager.class.php                 |  4 +-
 Sccp_manager.inc/dbinterface.class.php | 63 ++++++++++++++------------
 2 files changed, 36 insertions(+), 31 deletions(-)

diff --git a/Sccp_manager.class.php b/Sccp_manager.class.php
index 41f577d..1b77a3f 100644
--- a/Sccp_manager.class.php
+++ b/Sccp_manager.class.php
@@ -1165,7 +1165,7 @@ dbug('getting Phone Grid');
         $save_settings = array();
         $save_codec = array();
         $name_dev = '';
-        $db_field = $this->dbinterface->HWextension_db_SccpTableData("get_colums_sccpdevice");
+        $db_field = $this->dbinterface->HWextension_db_SccpTableData("get_columns_sccpdevice");
         $hw_id = (empty($get_settings['sccp_deviceid'])) ? 'new' : $get_settings['sccp_deviceid'];
         $hw_type = (empty($get_settings['sccp_device_typeid'])) ? 'sccpdevice' : $get_settings['sccp_device_typeid'];
         $update_hw = ($hw_id == 'new') ? 'update' : 'clear';
@@ -1407,7 +1407,7 @@ dbug('getting Phone Grid');
           );
          */
         $name_dev = '';
-        $db_field = $this->dbinterface->HWextension_db_SccpTableData("get_colums_sccpuser");
+        $db_field = $this->dbinterface->HWextension_db_SccpTableData("get_columns_sccpuser");
         // $hw_id = (empty($get_settings['sccp_deviceid'])) ? 'new' : $get_settings['sccp_deviceid'];
         // $update_hw = ($hw_id == 'new') ? 'update' : 'clear';
         $hw_prefix = 'SEP';
diff --git a/Sccp_manager.inc/dbinterface.class.php b/Sccp_manager.inc/dbinterface.class.php
index a4bd67e..0d3ee83 100644
--- a/Sccp_manager.inc/dbinterface.class.php
+++ b/Sccp_manager.inc/dbinterface.class.php
@@ -113,19 +113,19 @@ class dbinterface
             case 'HWextension':
                 $raw_settings = $this->getDb_model_info($get = "extension", $format_list = "model");
                 break;
-            case 'get_colums_sccpdevice':
-                $sql = "DESCRIBE sccpdevice";
+            case 'get_columns_sccpdevice':
+                $sql = 'DESCRIBE sccpdevice';
                 $stmt = $db->prepare($sql);
                 break;
-            case 'get_colums_sccpuser':
-                $sql = "DESCRIBE sccpuser";
+            case 'get_columns_sccpuser':
+                $sql = 'DESCRIBE sccpuser';
                 $stmts = $db->prepare($sql);
                 break;
             case 'get_sccpdevice_byid':
-                $sql = 'SELECT t1.*, types.dns,  types.buttons, types.loadimage, types.nametemplate as nametemplate, '
-                        . 'addon.buttons as addon_buttons FROM sccpdevice AS t1 '
-                        . 'LEFT JOIN sccpdevmodel as types ON t1.type=types.model '
-                        . 'LEFT JOIN sccpdevmodel as addon ON t1.addon=addon.model WHERE name="' . $data['id'] . '';
+                $sql = 'SELECT t1.*, types.dns,  types.buttons, types.loadimage, types.nametemplate as nametemplate,
+                        addon.buttons as addon_buttons FROM sccpdevice AS t1
+                        LEFT JOIN sccpdevmodel as types ON t1.type=types.model
+                        LEFT JOIN sccpdevmodel as addon ON t1.addon=addon.model WHERE name =\'' . $data['id'] . '\'';
                 $stmt = $db->prepare($sql);
                 break;
             case 'get_sccpuser':
@@ -246,6 +246,13 @@ class dbinterface
 
     function write($table_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
     {
+//dbug('entering write for table', $table_name);
+if ($table_name === 'sccpdevmodel'){
+dbug('entering write with save_value', $save_value);
+dbug('entering write with mode', $mode);
+dbug('entering write with key_fld', $key_fld);
+dbug('entering write with hwid', $hwid);
+}
         // mode clear  - Empty table before update
         // mode update - update / replace record
         global $db;
@@ -271,25 +278,22 @@ class dbinterface
                 if ($mode == 'clear') {
 //                    $sql = 'truncate `sccpsettings`';
                     $db->prepare('TRUNCATE sccpsettings')->execute();
-                    $stmt = $db->prepare('INSERT INTO sccpsettings (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
+                    $stmt = $db->prepare('INSERT INTO sccpsettings (keyword, data, seq, type) VALUES (?,?,?,?)');
                     $result = $db->executeMultiple($stmt, $save_value);
                 } else {
                     if (!empty($delete_value)) {
-                        $stmt = $db->prepare('DELETE FROM sccpsettings WHERE `keyword`=?');
+                        $stmt = $db->prepare('DELETE FROM sccpsettings WHERE keyword = ?');
                         $result = $db->executeMultiple($stmt, $delete_value);
                     }
                     if (!empty($save_value)) {
-                        $stmt = $db->prepare('REPLACE INTO sccpsettings (`keyword`, `data`, `seq`, `type`) VALUES (?,?,?,?)');
+                        $stmt = $db->prepare('REPLACE INTO sccpsettings (keyword, data, seq, type) VALUES (?,?,?,?)');
                         $result = $db->executeMultiple($stmt, $save_value);
                     }
                 }
                 break;
-            case 'sccpdevmodel':
-                break;
-            case 'sccpdevice':
-                break;
+            case 'sccpdevmodel':    // Fall through to next intentionally
+            case 'sccpdevice':    // Fall through to next intentionally
             case 'sccpuser':
-                $sql_db = $table_name;
                 $sql_key = "";
                 $sql_var = "";
                 foreach ($save_value as $key_v => $data) {
@@ -297,23 +301,24 @@ class dbinterface
                         $sql_var .= ', ';
                     }
                     if ($data === $this->val_null) {
-                        $sql_var .= '`' . $key_v . '`=NULL';
+                        $sql_var .= $key_v . '= NULL';
                     } else {
-                        $sql_var .= '`' . $key_v . '`="' . $data . '"';
+                        $sql_var .= $key_v . ' = \'' . $data . '\'';
                     }
                     if ($key_fld == $key_v) {
-                        $sql_key = '`' . $key_v . '`="' . $data . '"';
+                        $sql_key = $key_v . ' = \'' . $data . '\'';
                     }
                 }
                 if (!empty($sql_var)) {
-                    if ($mode == 'delete') {
-                        $req = 'DELETE FROM sccpuser WHERE ' . $sql_key . '';
-                    } else {
-                        if ($mode == 'update') {
-                            $req = 'UPDATE sccpuser SET ' . $sql_var .  'WHERE ' . $sql_key . '';
-                        } else {
-                            $req = 'REPLACE INTO sccpuser SET ' . $sql_var . '';
-                        }
+                    switch ($mode) {
+                        case 'delete':
+                            $req = 'DELETE FROM '. $table_name . ' WHERE ' . $sql_key;
+                            break;
+                        case 'update':
+                            $req = 'UPDATE ' . $table_name . ' SET ' . $sql_var . ' WHERE ' . $sql_key;
+                            break;
+                        default:
+                            $req = 'REPLACE INTO ' . $table_name . ' SET ' . $sql_var;
                     }
                 }
                 $result = $db->prepare($req)->execute();
@@ -327,14 +332,14 @@ class dbinterface
                         break;
                     case 'replace':
                         if (!empty($save_value)) {
-                            $sql = 'UPDATE sccpbuttonconfig SET `name`=? WHERE  `ref`= ? AND `reftype`=? AND `instance`=?  AND `buttontype`=?';
+                            $sql = 'UPDATE sccpbuttonconfig SET name =? WHERE  ref = ? AND reftype =? AND instance =?  AND buttontype =?';
                             $stmt = $db->prepare($sql);
                             $result= $db->executeMultiple($stmt, $save_value);
                         }
                         break;
                     default:
                         if (!empty($save_value)) {
-                            $sql = 'INSERT INTO sccpbuttonconfig (`ref`, `reftype`,`instance`, `buttontype`, `name`, `options`) VALUES (?,?,?,?,?,?)';
+                            $sql = 'INSERT INTO sccpbuttonconfig (ref, reftype, instance, buttontype, name, options) VALUES (?,?,?,?,?,?)';
                             $stmt = $db->prepare($sql);
                             $result = $db->executeMultiple($stmt, $save_value);
                         }

From 175346c2c1e45fa80fa26c5bb826cdd8001e9844 Mon Sep 17 00:00:00 2001
From: steve-lad <72376554+steve-lad@users.noreply.github.com>
Date: Tue, 9 Feb 2021 12:31:06 +0100
Subject: [PATCH 7/7] Use bindParam on db executes

Use bind param to have stricter typing

Fix bug in Sccp-Manager where key and keyword were not the same
---
 Sccp_manager.class.php                 | 10 ++---
 Sccp_manager.inc/dbinterface.class.php | 52 +++++++++++---------------
 2 files changed, 26 insertions(+), 36 deletions(-)

diff --git a/Sccp_manager.class.php b/Sccp_manager.class.php
index 1b77a3f..9e170ed 100644
--- a/Sccp_manager.class.php
+++ b/Sccp_manager.class.php
@@ -869,7 +869,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
                 }
                 break;
             case 'getDeviceModel':
-dbug('getting Device model');
+//dbug('getting Device model');
                 switch ($request['type']) {
                     case 'all':
                     case 'extension':
@@ -930,7 +930,7 @@ dbug('getting Device model');
                 return $result;
                 break;
             case 'getExtensionGrid':
-dbug('getting Extension Grid');
+//dbug('getting Extension Grid');
                 $result = $this->dbinterface->HWextension_db_SccpTableData('SccpExtension');
                 if (empty($result)) {
                     return array();
@@ -954,7 +954,7 @@ dbug('getting Extension Grid');
                 return $result;
                 break;
             case 'getPhoneGrid':
-dbug('getting Phone Grid');
+//dbug('getting Phone Grid');
                 $cmd_type = !empty($request['type']) ? $request['type'] : '';
 
                 $result = $this->dbinterface->HWextension_db_SccpTableData('SccpDevice', array('type' => $cmd_type));
@@ -1736,7 +1736,7 @@ dbug('getting Phone Grid');
             }
         }
 
-        $this->sccpvalues['sccp_compatible'] = array('keyword' => 'compatible', 'data' => $ver_id, 'type' => '1', 'seq' => '99');
+        $this->sccpvalues['sccp_compatible'] = array('keyword' => 'sccp_compatible', 'data' => $ver_id, 'type' => '1', 'seq' => '99');
         $this->sccppath = $this->extconfigs->validate_init_path($confDir, $this->sccpvalues, $sccp_driver_replace);
         $driver = $this->FreePBX->Core->getAllDriversInfo(); // ??????
 
@@ -2132,7 +2132,7 @@ dbug('getting Phone Grid');
             $dir_list = $this->findAllFiles($dir, $file_ext, 'fileonly');
         }
         $raw_settings = $this->dbinterface->getDb_model_info($get, $format_list, $filter);
-dbug('reloading table');
+//dbug('reloading table');
         if ($validate) {
             for ($i = 0; $i < count($raw_settings); $i++) {
                 $raw_settings[$i]['validate'] = '-;-';
diff --git a/Sccp_manager.inc/dbinterface.class.php b/Sccp_manager.inc/dbinterface.class.php
index 0d3ee83..b57c116 100644
--- a/Sccp_manager.inc/dbinterface.class.php
+++ b/Sccp_manager.inc/dbinterface.class.php
@@ -246,48 +246,38 @@ class dbinterface
 
     function write($table_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
     {
-//dbug('entering write for table', $table_name);
-if ($table_name === 'sccpdevmodel'){
-dbug('entering write with save_value', $save_value);
-dbug('entering write with mode', $mode);
-dbug('entering write with key_fld', $key_fld);
-dbug('entering write with hwid', $hwid);
-}
         // mode clear  - Empty table before update
         // mode update - update / replace record
         global $db;
-//        global $amp_conf;
         $result = false;
         $delete_value = array();
         switch ($table_name) {
             case 'sccpsettings':
-                foreach ($save_value as $key_v => $data) {
-                    if (!empty($data) && isset($data['data'])) {
-                            if ($data['data'] == $this->val_null) {
-                                $delete_value[] = $save_value[$key_v]['keyword'];
-                                unset($save_value[$key_v]);
-                            }
-/*                      if (isset($data['data'])) {
-                            if ($data['data'] == $this->val_null) {
-                                $delete_value[] = $save_value[$key_v]['keyword'];
-                                unset($save_value[$key_v]);
-                            }
-                        }
-*/                    }
-                }
+                $time = -microtime(true);
                 if ($mode == 'clear') {
-//                    $sql = 'truncate `sccpsettings`';
                     $db->prepare('TRUNCATE sccpsettings')->execute();
-                    $stmt = $db->prepare('INSERT INTO sccpsettings (keyword, data, seq, type) VALUES (?,?,?,?)');
-                    $result = $db->executeMultiple($stmt, $save_value);
+                    $stmt = $db->prepare('INSERT INTO sccpsettings (keyword, data, seq, type) VALUES (:keyword,:data,:seq,:type)');
                 } else {
-                    if (!empty($delete_value)) {
-                        $stmt = $db->prepare('DELETE FROM sccpsettings WHERE keyword = ?');
-                        $result = $db->executeMultiple($stmt, $delete_value);
+                    $stmt = $db->prepare('REPLACE INTO sccpsettings (keyword, data, seq, type) VALUES (:keyword,:data,:seq,:type)');
+                }
+                foreach ($save_value as $key => $dataArr) {
+                    if (!empty($dataArr) && isset($dataArr['data'])) {
+                        if ($dataArr['data'] == $this->val_null) {
+                              $delete_value[] = $save_value[$key]['keyword'];
+                              break;
+                        }
                     }
-                    if (!empty($save_value)) {
-                        $stmt = $db->prepare('REPLACE INTO sccpsettings (keyword, data, seq, type) VALUES (?,?,?,?)');
-                        $result = $db->executeMultiple($stmt, $save_value);
+                    $stmt->bindParam(':keyword',$dataArr['keyword'],\PDO::PARAM_STR);
+                    $stmt->bindParam(':data',$dataArr['data'],\PDO::PARAM_STR);
+                    $stmt->bindParam(':seq',$dataArr['seq'],\PDO::PARAM_INT);
+                    $stmt->bindParam(':type',$dataArr['type'],\PDO::PARAM_INT);
+                    $result = $stmt->execute();
+                }
+                if (!empty($delete_value)) {
+                    $stmt = $db->prepare('DELETE FROM sccpsettings WHERE keyword = :keyword');
+                    foreach ($delete_value as $del_key) {
+                        $stmt->bindParam(':keyword',$del_key,\PDO::PARAM_STR);
+                        $result = $stmt->execute();
                     }
                 }
                 break;