function load($oid)
{
$q = new DBQuery();
$q->addQuery('*');
$q->addTable('risks');
$q->addWhere('risk_id = ' . $oid);
return db_loadObject($q->prepare(), $this);
}
function load($oid)
{
$q = new DBQuery();
$q->addTable('departments', 'dep');
$q->addQuery('dep.*');
$q->addWhere('dep.dept_id = ' . $oid);
$sql = $q->prepare();
$q->clear();
return db_loadObject($sql, $this);
}
}
// load the company types
$types = dPgetSysVal('CompanyType');
// load the record data
$q = new DBQuery();
$q->addTable('companies');
$q->addQuery('companies.*');
$q->addQuery('con.contact_first_name');
$q->addQuery('con.contact_last_name');
$q->addJoin('users', 'u', 'u.user_id = companies.company_owner');
$q->addJoin('contacts', 'con', 'u.user_contact = con.contact_id');
$q->addWhere('companies.company_id = ' . $company_id);
$sql = $q->prepare();
$q->clear();
$obj = null;
if (!db_loadObject($sql, $obj) && $company_id > 0) {
// $AppUI->setMsg( ' $qid =& $q->exec(); Company' ); // What is this for?
$AppUI->setMsg("invalidID", UI_MSG_ERROR, true);
$AppUI->redirect();
}
// collect all the users for the company owner list
$q = new DBQuery();
$q->addTable('users', 'u');
$q->addTable('contacts', 'con');
$q->addQuery('user_id');
$q->addQuery('CONCAT_WS(", ",contact_last_name,contact_first_name)');
$q->addOrder('contact_last_name');
$q->addWhere('u.user_contact = con.contact_id');
$owners = $q->loadHashList();
// setup the title block
$ttl = $company_id > 0 ? "Edit Company" : "Add Company";
// check if this record has dependencies to prevent deletion
$msg = '';
$obj = new CCompany();
$canDelete = $obj->canDelete($msg, $company_id);
// load the record data
$q = new DBQuery();
$q->addTable('companies', 'c');
$q->addQuery('c.*, u.user_id');
$q->addQuery('CONCAT(co.contact_first_name, " ", co.contact_last_name) AS contact_name');
$q->addJoin('users', 'u', 'u.user_id = c.company_owner');
$q->addJoin('contacts', 'co', 'u.user_contact = co.contact_id');
$q->addWhere('c.company_id = ' . $company_id);
$sql = $q->prepare();
$q->clear();
$obj = null;
if (!db_loadObject($sql, $obj)) {
$AppUI->setMsg('Company');
$AppUI->setMsg("invalidID", UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
$AppUI->savePlace();
}
// load the list of project statii and company types
$pstatus = dPgetSysVal('ProjectStatus');
$types = dPgetSysVal('CompanyType');
// setup the title block
$titleBlock = new CTitleBlock('Company Information');
if ($canEdit) {
$titleBlock->addCell();
$titleBlock->addButton($AppUI->_('new company'), 'index.php?m=companies&a=addedit');
}
/**
* Login function
*
* A number of things are done in this method to prevent illegal entry:
* <ul>
* <li>The username and password are trimmed and escaped to prevent malicious
* SQL being executed
* </ul>
* The schema previously used the MySQL PASSWORD function for encryption. This
* Method has been deprecated in favour of PHP's MD5() function for database independance.
* The check_legacy_password option is no longer valid
*
* Upon a successful username and password match, several fields from the user
* table are loaded in this object for convenient reference. The style, localces
* and preferences are also loaded at this time.
*
* @param string The user login name
* @param string The user password
* @return boolean True if successful, false if not
*/
function login($username, $password)
{
require_once DP_BASE_DIR . '/classes/authenticator.class.php';
$auth_method = dPgetConfig('auth_method', 'sql');
if (@$_POST['login'] != 'login' && @$_POST['login'] != $this->_('login', UI_OUTPUT_RAW) && $_REQUEST['login'] != $auth_method) {
die('You have chosen to log in using an unsupported or disabled login method');
}
$auth =& getauth($auth_method);
$username = trim(db_escape($username));
$password = trim($password);
if (!$auth->authenticate($username, $password)) {
return false;
}
$user_id = $auth->userId($username);
$username = $auth->username;
// Some authentication schemes may collect username in various ways.
// Now that the password has been checked, see if they are allowed to
// access the system
if (!isset($GLOBALS['acl'])) {
$GLOBALS['acl'] =& new dPacl();
}
if (!$GLOBALS['acl']->checkLogin($user_id)) {
dprint(__FILE__, __LINE__, 1, 'Permission check failed');
return false;
}
$q = new DBQuery();
$q->addTable('users');
$q->addQuery('user_id, contact_first_name as user_first_name, contact_last_name as user_last_name, contact_company as user_company, contact_department as user_department, contact_email as user_email, user_type');
$q->addJoin('contacts', 'con', 'contact_id = user_contact');
$q->addWhere("user_id = {$user_id} AND user_username = '******'");
$sql = $q->prepare();
$q->clear();
dprint(__FILE__, __LINE__, 7, "Login SQL: {$sql}");
if (!db_loadObject($sql, $this)) {
dprint(__FILE__, __LINE__, 1, 'Failed to load user information');
return false;
}
// load the user preferences
$this->loadPrefs($this->user_id);
$this->setUserLocale();
$this->checkStyle();
return true;
}
function format_field($value, $type, $ticket = NULL)
{
global $CONFIG;
global $AppUI;
global $canEdit;
switch ($type) {
case "user":
if ($value) {
$output = query2result("SELECT CONCAT_WS(' ',contact_first_name,contact_last_name) as name FROM users u LEFT JOIN contacts ON u.user_contact = contact_id WHERE user_id = '{$value}'");
} else {
$output = "-";
}
break;
case "status":
if ($canEdit) {
$output = create_selectbox("type_toggle", array("Open" => $AppUI->_("Open"), "Processing" => $AppUI->_("Processing"), "Closed" => $AppUI->_("Closed"), "Deleted" => $AppUI->_("Deleted")), $value);
} else {
$output = chooseSelectedValue("type_toggle", array("Open" => $AppUI->_("Open"), "Processing" => $AppUI->_("Processing"), "Closed" => $AppUI->_("Closed"), "Deleted" => $AppUI->_("Deleted")), $value);
}
break;
case "priority_view":
$priority = $CONFIG["priority_names"][$value];
$color = $CONFIG["priority_colors"][$value];
if ($value == 3) {
$priority = "<strong>{$priority}</strong>";
}
if ($value == 4) {
$priority = "<blink><strong>{$priority}</strong></blink>";
}
$output = "<font color=\"{$color}\">{$priority}</font>";
break;
case "priority_select":
if ($canEdit) {
$output = create_selectbox("priority_toggle", $CONFIG["priority_names"], $value);
} else {
$output = chooseSelectedValue("priority_toggle", $CONFIG["priority_names"], $value);
}
break;
case "assignment":
$options[0] = "-";
$query = "SELECT user_id as id, CONCAT_WS(' ',contact_first_name,contact_last_name) as name FROM users u LEFT JOIN contacts ON u.user_contact = contact_id ORDER BY name";
$result = do_query($query);
while ($row = result2hash($result)) {
$options[$row["id"]] = $row["name"];
}
if ($canEdit) {
$output = create_selectbox("assignment_toggle", $options, $value);
} else {
$output = chooseSelectedValue("assignment_toggle", $options, $value);
}
break;
case "view":
if ($CONFIG["index_link"] == "latest") {
$latest_value = query2result("SELECT ticket FROM tickets WHERE parent = '{$value}' ORDER BY ticket DESC LIMIT 1");
if ($latest_value) {
$value = $latest_value;
}
}
$output = "<a href=index.php?m=ticketsmith&a=view&ticket={$value}>{$value} ";
$output .= "<img src=images/icons/pencil.gif border=0></a>";
break;
case "attach":
$output = "<A href=index.php?m=ticketsmith&a=attach&ticket={$value}>";
$output .= "Link</a>";
break;
case "doattach":
$output = "<A href=index.php?m=ticketsmith&a=attach&newparent={$value}&dosql=reattachticket&ticket={$ticket}>";
$output .= "Link</a>";
break;
case "open_date":
$output = get_time_ago($value);
if ($CONFIG["warning_active"]) {
if (time() - $value > $CONFIG["warning_age"] * 3600) {
$output = "<font color=\"" . $CONFIG["warning_color"] . "\"><xb>" . $output . "</strong></font>";
}
}
break;
case "activity_date":
if (!$value) {
$output = "<em>" . $AppUI->_('none') . "</em>";
} else {
$output = get_time_ago($value);
}
$latest_followup_type = query2result("SELECT type FROM tickets WHERE parent = '{$ticket}' ORDER BY timestamp DESC LIMIT 1");
if ($latest_followup_type) {
$latest_followup_type = preg_replace("/(\\w+)\\s.*/", "\\1", $latest_followup_type);
$output .= " [{$latest_followup_type}]";
}
break;
case "elapsed_date":
$output = date($CONFIG["date_format"], $value);
$time_ago = get_time_ago($value);
$output .= " <em>({$time_ago})</em>";
break;
case "body":
if ($CONFIG["wordwrap"]) {
$value = word_wrap($value, 78);
}
$value = htmlspecialchars($value);
$output = "<table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"10\">\n";
$output .= "<tr><td bgcolor=\"" . $CONFIG["ticket_color"] . "\">\n<tt><pre>\n";
$url_find = "/(http|https|ftp|news|telnet|finger)(:\\/\\/[^ \">\\t\\r\\n]*)/";
$url_replace = "<a href=\"\\1\\2\" target=\"new\">";
$url_replace .= "<span style=\"font-size: 10pt;\">\\1\\2</span></a>";
$value = preg_replace($url_find, $url_replace, $value);
$output .= stripslashes($value);
$output .= "\n</pre></tt>\n</td></tr>\n</table>\n";
break;
case "followup":
$output = "\n<tt>\n";
$output .= "<textarea style='font-family: monospace;' name=\"followup\" wrap=\"hard\" cols=\"72\" rows=\"20\">\n";
$signature = query2result("SELECT user_signature FROM users WHERE user_id = '{$AppUI->user_id}'");
if ($signature) {
$output .= "\n";
$output .= "-- \n";
$output .= $signature;
}
$output .= "\n\n";
$output .= "---- " . $AppUI->_('Original message') . " ----\n\n";
if ($CONFIG["wordwrap"]) {
$value = word_wrap($value, 70, true);
}
$value = htmlspecialchars($value);
$output .= $value;
$output .= "\n</textarea>\n";
$output .= "</tt>\n";
break;
case "subject":
$value = preg_replace("/\\s*Re:\\s*/i", "", $value);
$value = preg_replace("/(\\[\\#\\d+\\])(\\w+)/", "\\2", $value);
$value = "Re: " . $value;
$value = htmlspecialchars($value);
@($output .= "<input type=\"text\" name=\"subject\" value=\"{$value}\" size=\"70\">\n");
break;
case "cc":
$value = htmlspecialchars($value);
$output = "<input type=\"text\" name=\"cc\" value=\"{$value}\" size=\"70\">";
break;
case "recipient":
$value = htmlspecialchars($value);
$output = "<input type=\"text\" name=\"recipient\" value=\"{$value}\" size=\"70\">";
break;
case "original_author":
if ($value) {
$value = preg_replace('/\\"/', '', $value);
$output = htmlspecialchars($value);
} else {
$output = "<em>(" . $AppUI->_('original ticket author') . ")</em>";
}
break;
case "email":
if ($value) {
$value = preg_replace('/\\"/', '', $value);
$output = htmlspecialchars($value);
} else {
$output = "<em>" . $AppUI->_('none') . "</em>";
}
break;
case 'ticket_company':
$q = new DBQuery();
$q->addTable('companies');
$q->addQuery('companies.*');
$q->addWhere('companies.company_id = ' . $value);
$sql = $q->prepare();
if (!db_loadObject($sql, $obj)) {
// it all dies!
}
$output = '<a href="index.php?m=companies&a=view&company_id=' . $value . '">' . $obj->company_name . '</a>';
break;
case 'ticket_project':
$q = new DBQuery();
$q->addTable('projects');
$q->addQuery('projects.*');
$q->addWhere('projects.project_id = ' . $value);
$sql = $q->prepare();
if (!db_loadObject($sql, $obj)) {
// it all dies!
}
$output = '<a href="index.php?m=projects&a=view&project_id=' . $value . '">' . $obj->project_name . '</a>';
break;
default:
$output = $value ? htmlspecialchars($value) : "<em>" . $AppUI->_('none') . "</em>";
}
return $output;
}
$q->leftJoin('projects', 'p', 'p.project_id = task_project');
$q->leftJoin('task_log', 'tl', 'tl.task_log_task = task_id');
$q->addWhere('task_id = ' . $task_id);
$q->addQuery('tasks.*');
$q->addQuery('project_name, project_color_identifier');
$q->addQuery('u1.user_username as username');
$q->addQuery('ROUND(SUM(task_log_hours),2) as log_hours_worked');
$q->addGroup('task_id');
// check if this record has dependencies to prevent deletion
$msg = '';
$obj = new CTask();
$canDelete = $obj->canDelete($msg, $task_id);
//$obj = null;
$sql = $q->prepare();
$q->clear();
if (!db_loadObject($sql, $obj, true, false)) {
$AppUI->setMsg('Task');
$AppUI->setMsg("invalidID", UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
$AppUI->savePlace();
}
if (!$obj->canAccess($AppUI->user_id)) {
$AppUI->redirect("m=public&a=access_denied");
}
// retrieve any state parameters
if (isset($_GET['tab'])) {
$AppUI->setState('TaskLogVwTab', $_GET['tab']);
}
$tab = $AppUI->getState('TaskLogVwTab') !== NULL ? $AppUI->getState('TaskLogVwTab') : 0;
// get the prefered date format
function load($oid)
{
$sql = "SELECT * FROM helpdesk_items WHERE item_id = {$oid}";
return db_loadObject($sql, $this);
}
<table class="table-stroke my-style" id="home_visit_guide" data-role="table" data-mode="reflow" data-filter="false" data-filter-placeholder="ค้นหา...">
<thead>
<tr>
<th>ลำดับ</th>
<th>ICD10</th>
<th data-priority="2">วินิจฉัย</th>
<th data-priority="3">Diag type</th>
</tr>
</thead>
<tbody>
<?php
$sql = "select ci.icd10,icd.name,dxtype,dt.name as typename \r\n from \r\n clinic_persist_icd ci\r\n join icd101 icd on icd.code=ci.icd10 \r\n join diagtype dt on dt.diagtype=ci.dxtype\r\n where hn={$obj->patient_hn} \r\n group by icd10 order by dxtype";
$obj = null;
db_loadObject($sql, $obj);
$obj_detail = null;
$row = 1;
$obj_detail = db_loadList($AppUI, $sql, NULL);
foreach ($obj_detail as $key_detail) {
?>
<tr>
<td><?php
echo $row;
?>
</td>
<td><?php
echo $key_detail['icd10'];
?>
</td>
<td><?php
/**
* Generic check for whether dependencies exist for this object in the db schema
*
* Can be overloaded/supplemented by the child class
* @param string $msg Error message returned
* @param int Optional key index
* @param array Optional array to compiles standard joins:
* format [label => 'Label', name => 'table name', idfield => 'field', joinfield => 'field']
* @return true|false
*/
function canDelete(&$msg, $oid = null, $joins = null)
{
global $AppUI;
// First things first. Are we allowed to delete?
$acl =& $AppUI->acl();
if (!$acl->checkModuleItem($this->_permission_name, 'delete', $oid)) {
$msg = $AppUI->_('noDeletePermission');
return false;
}
$k = $this->_tbl_key;
if ($oid) {
$this->{$k} = intval($oid);
}
if (is_array($joins)) {
$q = new DBQuery();
$q->addTable($this->_tbl, 'k');
$q->addQuery($k);
$i = 0;
foreach ($joins as $table) {
$table_alias = 't' . $i++;
$q->addJoin($table['name'], $table_alias, $table_alias . '.' . $table['joinfield'] . ' = ' . 'k' . '.' . $k);
$q->addQuery('COUNT(DISTINCT ' . $table_alias . '.' . $table['idfield'] . ') AS ' . $table['idfield'] . $table_alias);
}
$q->addWhere($k . " = '" . $this->{$k} . "'");
$q->addGroup($k);
$sql = $q->prepare(true);
$obj = null;
if (!db_loadObject($sql, $obj)) {
$msg = db_error();
return false;
}
$msg = array();
$i = 0;
foreach ($joins as $table) {
$table_alias = 't' . $i++;
$k = $table['idfield'] . $table_alias;
if ($obj->{$k}) {
$msg[] = $table_alias . '.' . $AppUI->_($table['label']);
}
}
if (count($msg)) {
$msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg);
return false;
}
}
return true;
}
/**
* Generic check for whether dependencies exist for this object in the db schema
*
* Can be overloaded/supplemented by the child class
* @param string $msg Error message returned
* @param int Optional key index
* @param array Optional array to compiles standard joins: format [label=>'Label',name=>'table name',idfield=>'field',joinfield=>'field']
* @return true|false
*/
function canDelete(&$msg, $oid = null, $joins = null)
{
global $AppUI;
// First things first. Are we allowed to delete?
$acl =& $AppUI->acl();
if (!$acl->checkModuleItem($this->_tbl, "delete", $oid)) {
$msg = $AppUI->_("noDeletePermission");
return false;
}
$k = $this->_tbl_key;
if ($oid) {
$this->{$k} = intval($oid);
}
if (is_array($joins)) {
$select = "{$k}";
$join = "";
$q = new DBQuery();
$q->addTable($this->_tbl);
$q->addWhere("{$k} = '" . $this->{$k} . "'");
$q->addGroup($k);
foreach ($joins as $table) {
$q->addQuery("COUNT(DISTINCT {$table['idfield']}) AS {$table['idfield']}");
$q->addJoin($table['name'], $table['name'], "{$table['joinfield']} = {$k}");
}
$sql = $q->prepare();
$q->clear();
$obj = null;
if (!db_loadObject($sql, $obj)) {
$msg = db_error();
return false;
}
$msg = array();
foreach ($joins as $table) {
$k = $table['idfield'];
if ($obj->{$k}) {
$msg[] = $AppUI->_($table['label']);
}
}
if (count($msg)) {
$msg = $AppUI->_("noDeleteRecord") . ": " . implode(', ', $msg);
return false;
} else {
return true;
}
}
return true;
}
$q->addQuery('contact_first_name, contact_last_name');
$q->addQuery('project_id');
$q->addQuery('task_id, task_name');
$q->addTable('links');
$q->leftJoin('users', 'u', 'link_owner = user_id');
$q->leftJoin('contacts', 'c', 'user_contact = contact_id');
$q->leftJoin('projects', 'p', 'project_id = link_project');
$q->leftJoin('tasks', 't', 'task_id = link_task');
$q->addWhere('link_id = ' . $link_id);
// check if this record has dependancies to prevent deletion
$msg = '';
$obj = new CLink();
$canDelete = $obj->canDelete($msg, $link_id);
// load the record data
$obj = null;
if (!db_loadObject($q->prepare(), $obj) && $link_id > 0) {
$AppUI->setMsg('Link');
$AppUI->setMsg("invalidID", UI_MSG_ERROR, true);
$AppUI->redirect();
}
// setup the title block
$ttl = $link_id ? "Edit Link" : "Add Link";
$titleBlock = new CTitleBlock($ttl, 'folder5.png', $m, "{$m}.{$a}");
$titleBlock->addCrumb("?m={$m}", "links list");
$canDelete = getPermission($m, 'delete', $link_id);
if ($canDelete && $link_id > 0) {
$titleBlock->addCrumbDelete('delete link', $canDelete, $msg);
}
$titleBlock->show();
if ($obj->link_project) {
$link_project = $obj->link_project;
function canDelete(&$msg, $oid = null, $joins = null)
{
global $AppUI;
// First things first. Are we allowed to delete?
$acl =& $AppUI->acl();
if (!$acl->checkModuleItem('task_log', "delete", $oid)) {
$msg = $AppUI->_("noDeletePermission");
return false;
}
$k = $this->_tbl_key;
if ($oid) {
$this->{$k} = intval($oid);
}
if (is_array($joins)) {
$select = "{$k}";
$join = "";
foreach ($joins as $table) {
$select .= ",\nCOUNT(DISTINCT {$table['idfield']}) AS {$table['idfield']}";
$join .= "\nLEFT JOIN {$table['name']} ON {$table['joinfield']} = {$k}";
}
$sql = "SELECT {$select}\nFROM {$this->_tbl}\n{$join}\nWHERE {$k} = " . $this->{$k} . " GROUP BY {$k}";
$obj = null;
if (!db_loadObject($sql, $obj)) {
$msg = db_error();
return false;
}
$msg = array();
foreach ($joins as $table) {
$k = $table['idfield'];
if ($obj->{$k}) {
$msg[] = $AppUI->_($table['label']);
}
}
if (count($msg)) {
$msg = $AppUI->_("noDeleteRecord") . ": " . implode(', ', $msg);
return false;
} else {
return true;
}
}
return true;
}
$AppUI->redirect("m=public&a=access_denied");
}
$q = new DBQuery();
$q->addTable('file_folders');
$q->addQuery('file_folders.*');
$q->addWhere("file_folder_id={$folder}");
$sql = $q->prepare();
// check if this record has dependancies to prevent deletion
$msg = '';
$obj = new CFileFolder();
if ($folder > 0) {
$canDelete = $obj->canDelete($msg, $folder);
}
// load the record data
$obj = null;
if (!db_loadObject($sql, $obj) && $folder > 0) {
$AppUI->setMsg('File Folder');
$AppUI->setMsg("invalidID", UI_MSG_ERROR, true);
$AppUI->redirect();
}
$folders = getFolderSelectList();
// setup the title block
$ttl = $folder ? "Edit File Folder" : "Add File Folder";
$titleBlock = new CTitleBlock($ttl, 'folder5.png', $m, "{$m}.{$a}");
$titleBlock->addCrumb("?m=files", "files list");
if ($canEdit && $folder > 0) {
$titleBlock->addCrumbDelete('delete file folder', $canDelete, $msg);
}
$titleBlock->show();
?>
<script language="javascript">
