<?php require_once 'core/init.php'; // Log the user out (logout) ! session_destroy(); // Check if token is invalid and if so re-direct // We must do so in this file, because by including header.php first, we cannot do any header("Location: ") // because we previously sent out information //Note: PHP Storm's internal web server won't care about this but Apache does! $token = isset($_GET['token']) ? $_GET['token'] : ''; if ($token != '' and is_valid_token($token)) { // It's a valid token, so perform the re-direct. header("Location: patient-demographic.php?token={$token}"); } include 'templates/header.php'; include 'templates/patient-paperwork-content.php'; include 'templates/footer.php';
<? if (!isset($_GET['token']) or !is_valid_token($_GET['token'])) die("Valid token required"); ?> <!-- Title --> <div align="center"> <h3>Patient Symptoms Intake</h3> <p>Have you suffered from any of the following in the last two weeks? Select all that apply.</p> </div> <style> table.borderless td,table.borderless th{ border: none !important; } </style> <!-- Symptom Intake Form Checklist. --> <form action="submit_symptoms_form.php?token=<?php echo $_GET['token']; ?> " method="post"> <table class="table borderless" align="center" style="width: auto;"> <tr> <td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Weight Loss">Weight Loss</label></td> <td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Sore Throat">Sore Throat</label></td> <td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Joint Pain">Joint Pain</label></td> </tr> <tr> <td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Weight Gain">Weight Gain</label></td> <td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Hoarse Voice">Hoarse Voice</label> </td> <td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Joint Swelling">Joint Swelling</label></td> </tr>
function forumEditCatCheck($f_cat, $f_des, $f_id2) { global $mysqli, $db_table_prefix, $load_page_dir, $session_token_num, $debug_website, $websiteUrl, $site_forum_main; // Check to see if mod is updating a forum cat if (isset($_POST['AdminEditCat'])) { $AdminEditCat = $_POST['AdminEditCat']; } else { $AdminEditCat = "FALSE"; } if (isset($_POST['forum_cat_old'])) { $forum_cat_old = $_POST['forum_cat_old']; } else { $forum_cat_old = ""; } if (isset($_POST['forum_cat_new'])) { $forum_cat_new = $_POST['forum_cat_new']; } else { $forum_cat_new = ""; } if (isset($_POST['forum_des_old'])) { $forum_des_old = $_POST['forum_des_old']; } else { $forum_des_old = ""; } if (isset($_POST['forum_des_new'])) { $forum_des_new = $_POST['forum_des_new']; } else { $forum_des_new = ""; } if (isset($_POST['forum_id_edit'])) { $forum_id_edit = $_POST['forum_id_edit']; } else { $forum_id_edit = ""; } if ($AdminEditCat == "TRUE") { //Token validation function if (!is_valid_token()) { //Token does not match err_message('Sorry, Tokens do not match! Please go back and try again.'); die; } else { // Update Database with new cat $stmt = $mysqli->prepare("UPDATE " . $db_table_prefix . "forum_cat SET forum_cat=?, forum_des=? WHERE forum_id=?"); $stmt->bind_param("ssi", $forum_cat_new, $forum_des_new, $forum_id_edit); if ($stmt->execute()) { $stmt->close(); //Sends success message to session //Shows user success when they are redirected $success_msg = "You Have Successfully Updated Forum Cat!"; $_SESSION['success_msg'] = $success_msg; //Disables auto refresh for debug stuff if ($debug_website == 'TRUE') { echo "<br> - DEBUG SITE ON - <BR>"; } else { //Redirects the user global $websiteUrl, $site_forum_cat; $form_redir_link = "{$websiteUrl}{$site_forum_main}"; // Redirect member to their post header("Location: {$form_redir_link}"); exit; } } else { err_message('Oops. There was an error. 5468'); die; } } } else { if (isset($_POST['EditCat'])) { $EditCat = $_POST['EditCat']; } else { $EditCat = "FALSE"; } if (isset($_POST['forum_cat'])) { $forum_cat = $_POST['forum_cat']; } else { $forum_cat = ""; } if (isset($_POST['forum_des'])) { $forum_des = $_POST['forum_des']; } else { $forum_des = ""; } if (isset($_POST['forum_id_edit'])) { $forum_id_edit = $_POST['forum_id_edit']; } else { $forum_id_edit = ""; } // Make sure user has permission to edit this cat if ((userCheckForumAdmin() || userCheckForumMod()) && ($EditCat == "TRUE" && $forum_cat == $f_cat && $f_id2 == $forum_id_edit)) { // Mod or Admin would like to edit a cat // Show edit forum in place of cat echo "<form enctype=\"multipart/form-data\" action=\"\" method=\"POST\" onsubmit=\"submitmystat.disabled = true; return true;\" class='sweetform' >"; // Setup token in form // create multi sessions if (isset($session_token_num)) { $session_token_num = $session_token_num + 1; } else { $session_token_num = "1"; } form_token(); echo "<input name=\"forum_cat_new\" type=\"text\" value=\"{$f_cat}\" style='width:200px;font-family:verdana;font-size:12px;font-weight:bold'><BR>"; echo "<input name=\"forum_des_new\" type=\"text\" value=\"{$f_des}\" style='width:300px;font-family:verdana;font-size:12px;font-weight:normal'>"; echo "<input type=\"hidden\" name=\"forum_cat_old\" value=\"{$f_cat}\" />"; echo "<input type=\"hidden\" name=\"forum_des_old\" value=\"{$f_des}\" />"; echo "<input type=\"hidden\" name=\"forum_id_edit\" value=\"{$f_id2}\" />"; echo "<input type=\"hidden\" name=\"AdminEditCat\" value=\"TRUE\" />"; echo "<input type=\"submit\" value=\"Update\" name=\"Update\" class=\"sweet\" onClick=\"this.value = 'Please Wait....'\" />"; echo "</form>"; } else { global $websiteUrl, $site_forum_cat; echo "<h3><a href='{$websiteUrl}{$site_forum_main}?1=forum_display&2={$f_cat}&3{$f_id2}/' title='{$f_cat}' ALT='{$f_cat}'>{$f_cat}</a></h3>"; echo " - {$f_des}"; } } }
<?php if (isUserLoggedIn()) { // saving script // get the variables from the URL POST string global $websiteName, $site_forum_main; //Token validation function if (!is_valid_token()) { //Token does not match err_message('Sorry, Tokens do not match! Please go back and try again.'); } else { // Page title $stc_page_title = "{$websiteName} Forum"; // Page Description $stc_page_description = "Welcome to {$websiteName} Forum. Ask questions and get answers from fellow members."; // Run Top of page func style_header_content($stc_page_title, $stc_page_description); // Which database do we use $stc_page_sel = "Forum"; if (isset($_POST['forum_id'])) { $forum_id = $_POST['forum_id']; } else { $forum_id = ""; } if (isset($_POST['forum_post_id'])) { $forum_post_id = $_POST['forum_post_id']; } else { $forum_post_id = ""; } if (isset($_POST['forum_title'])) { $forum_title = $_POST['forum_title'];
<?php /** * The entrypoint for patient intake paperwork (where the patient inserts information into the iPad). */ // Note isset is a language construct, not a function, which is why it won't error if token isn't an index $_GET[] // This is one of many many bad design choices PHP makes $token = isset($_GET['token']) ? $_GET['token'] : ''; $current_file_name = basename($_SERVER['PHP_SELF']); if ($token == '') { no_token_provided(); } elseif (!is_valid_token($token)) { invalid_token(); } function invalid_token() { $current_file_name = basename($_SERVER['PHP_SELF']); echo "<center><h1>Invalid Token</h1>Token is invalid. "; die("<a href = '{$current_file_name}'>Please click here to re-enter it.</a>"); } function no_token_provided() { $current_file_name = basename($_SERVER['PHP_SELF']); // Echo using heredoc syntax. Echo's everything between the EOD keywords echo <<<EOD <style>body { font-size: 20px; input { } </style> <center><h1>Token Entry</h1>