/**
* Authentication & authorization middleware for routes
*
* Checks if User is signed in & has required privileges. Otherwise redirects to login page
*
* @param int $minRole Minimum required User role
*
* @return callable
*/
function authForRole($minRole)
{
return function () use($minRole) {
$app = Slim\Slim::getInstance();
$auth = new Auth();
$signedIn = $auth->checkSession();
if (!$signedIn) {
$app->flash('error', 'Sign in required');
$app->redirect('/signin');
} else {
$user = unserialize($_SESSION['User']);
switch ($minRole) {
case User::ADMIN:
if (in_array($user['role'], [User::ADMIN])) {
return;
}
break;
case User::EXTENDED:
if (in_array($user['role'], [User::ADMIN, User::EXTENDED])) {
return;
}
break;
case User::NORMAL:
if (in_array($user['role'], [User::ADMIN, User::EXTENDED, User::NORMAL])) {
return;
}
break;
}
$app->flash('error', 'You are not authorized to view this page');
$app->redirect('/signin');
}
};
}
<?php
require "../../admin/db.php";
if (isset($_GET['email']) && isset($_GET['code'])) {
$Auth = new Auth();
$result = $Auth->verify($_GET['email'], $_GET['code']);
if ($result == 1) {
if ($Auth->checkSession()) {
$_SESSION['verified'] = "yes";
if ($_SESSION['is_admin']) {
header("Location: " . $baseurl . "admin/?msg=verified");
} elseif ($_SESSION['is_super']) {
header("Location: " . $baseurl . "super/?msg=verified");
} elseif ($_SESSION['is_provider']) {
header("Location: " . $baseurl . "provider/?msg=verified");
} else {
header("Location: " . $baseurl . "dashboard/?msg=verified");
}
} else {
header("Location: " . $baseurl . "user/login/?msg=verified");
}
}
if ($result == 2) {
if ($Auth->checkSession()) {
$_SESSION['verified'] = "yes";
if ($_SESSION['data']['verifiedProvider'] != "yes") {
header("Location: " . $baseurl . "provider/verify/?msg=email");
} else {
header("Location: " . $baseurl . "provider/");
}
} else {
$titles = array("md" => array("title" => "Physician", "degree" => "MD"), "do" => array("title" => "Physician", "degree" => "DO"), "np" => array("title" => "Nurse Practitioner", "degree" => "NP"), "npc" => array("title" => "Nurse Practitioner", "degree" => "NP-C"), "cfnp" => array("title" => "Nurse Practitioner", "degree" => "CFNP"), "aprnbc" => array("title" => "Nurse Practitioner", "degree" => "APRN, BC"), "pac" => array("title" => "Physician Assistant", "degree" => "PA-C"), "pa" => array("title" => "Physician Assistant", "degree" => "PA"), "pharmd" => array("title" => "Pharmacist", "degree" => "PharmD"), "pd" => array("title" => "Pharmacist", "degree" => "PD"), "mpharm" => array("title" => "Pharmacist", "degree" => "MPharm"), "cnm" => array("title" => "Midwife", "degree" => "CNM"), "dpt" => array("title" => "Physical Therapist", "degree" => "DPT"), "pt" => array("title" => "Physical Therapist", "degree" => "PT"), "rnbsn" => array("title" => "Nurse", "degree" => "RN, BSN"), "rn" => array("title" => "Nurse", "degree" => "RN"), "phd" => array("title" => "Any PhD", "degree" => "PhD"));
class activity
{
public function newLog($uid, $type, $distance, $steps, $time, $date, $trail_id = null, $trail_name = null)
{
$db = new MysqliDb(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
$data = array("uid" => $uid, "type" => $type, "trail_id" => $trail_id, "distance" => $distance, "steps" => $steps, "time" => $time, "trail_name" => $trail_name, "date" => $date);
$id = $db->insert('activities', $data);
if ($id) {
$return = array("status" => "done", "id" => $id);
} else {
$return = array("status" => "error", "message" => "A MySQLi error has occurred.", "tech" => $db->getLastError());
}
return $return;
}
public function getUserReport($uid)
{
$db = new MysqliDb(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
$db->where('uid', $uid);
$db->orderBy("id", "Desc");
$result = $db->get("activities");
return $result;
}
}
require "../src/auth.php";
$userCheck = new Auth();
if ($userCheck->checkSession() == "auth") {
$userActive = true;
}
header("X-XSS-Protection: 1; mode=block");
header("X-Frame-Options: sameorigin");
<?php
require "/nfs/users/clind/public_html/prescriptiontrails.org/admin/db.php";
$Auth = new Auth();
if ($Auth->checkSession() == "auth") {
header("Location: " . $baseurl . "dashboard/");
exit;
}
if ($_GET['er'] == "yes") {
$type = "Unknown";
$details = "An unknown error has occurred.";
if ($_GET['e'] == 4) {
$type = "Mismatch";
$details = "We weren't able to verify the username/password combination you submited. Please try again. Click <a class=\"amber-text\" href=\"" . $baseurl . "user/forgot/\">here</a> to reset your password.";
}
if ($_GET['e'] == 2) {
$type = "Inactive";
$details = "It appears that your account has been disabled. Please contact us at director@prescriptiontrails.org.";
}
if ($_GET['e'] == 5) {
$type = "DB";
$details = "A database error occurred.";
}
}
if (!empty($_GET['rdr']) && isset($_GET['rdr'])) {
$rdr = filter_input(INPUT_GET, "rdr", FILTER_SANITIZE_URL);
$rdr = ltrim($rdr, "/");
} else {
$rdr = "default";
}
?>
