/** * Writes a log entry into the database. * * @param int $module The moduleId of the module. * @param actionType $action The type of action the user did. * @param array $data Data before and after the action. */ public static function write($module, $action, $data) { if (!isset($_SESSION['user']) || $_SESSION['user'] == "") { die; } if (actionlogger::$loggingEnabled) { dbConn::execute("INSERT INTO :prefix:admin_action (sessionId, moduleId, action, data, ipaddress) VALUES (:0, :1, :2, :3, :4);", $_SESSION['sessionId'], $module, $action, json_encode($data), $_SERVER['REMOTE_ADDR']); } }
<?php require "../config.php"; dbConn::execute("UPDATE :prefix:plan SET deleted = 1, name = CONCAT(name, '_', CURRENT_TIMESTAMP) WHERE name = :0", $_POST['plan']); echo "SUCCESS";
<?php session_start(); define('DOCROOT', realpath(dirname(__FILE__)) . '/'); require DOCROOT . 'dbConn.php'; $con = new dbConn(); $password = $_POST['password']; $email = $_SESSION['email']; require DOCROOT . 'activationAndNotifications.php'; $stm = "select pwcr from users where email = '" . $email . "';"; $res = $con->execute($stm); if ($res->num_rows > 0) { while ($row = $res->fetch_assoc()) { if ($row['pwcr'] == 1) { $stm = "update users set password = '******' where email='" . $email . "';"; if ($con->execute($stm) === true) { $not = new notification(); $body = "Password changed successfully."; $not->email("*****@*****.**", "Administration", "*****@*****.**", "mailstodeliver", $email, "Password Changed Successfully", $body); $stm = "update users set pcwr = 0 where email = '" . $email . "';"; $con->execute($stm); $stm = "update users set activationCode = 0 where email = '" . $email . "';"; $con->execute($stm); $_SESSION['homeMessage'] = "Password has been changed successfully."; echo "<meta http-equiv='refresh' content='0; url=http://32.208.103.211/chatRegistration/index.php'>"; } else { $_SESSION['homeMessage'] = "Link has been expired."; echo "<meta http-equiv='refresh' content='0; url=http://32.208.103.211/chatRegistration/index.php'>"; } } }
<?php require "../config.php"; function validateDate($date) { $d = DateTime::createFromFormat('d.m.Y', $date); return $d && $d->format('d.m.Y') == $date; } if (!isset($_POST['name']) || strlen($_POST['name']) < 1) { die("Bitte geben Sie einen gültigen Namen ein."); } if (!isset($_POST['public']) || !validateDate($_POST['public']) || !isset($_POST['editable']) || !validateDate($_POST['editable'])) { die("Bitte geben Sie ein gültiges Datum ein."); } dbConn::execute("UPDATE :prefix:plan SET name = :0, public = :1, editable = :2 WHERE name = :3", htmlspecialchars($_POST['name']), DateTime::createFromFormat("d.m.Y", $_POST['public'])->format("Y-m-d H:i:s"), DateTime::createFromFormat("d.m.Y", $_POST['editable'])->format("Y-m-d H:i:s"), htmlspecialchars($_POST['originalName'])); dbConn::execute("DELETE FROM :prefix:email_subscriber WHERE plan = :0", htmlspecialchars($_POST['originalName'])); foreach ($_POST['subscribers'] as $r) { dbConn::execute("INSERT INTO :prefix:email_subscriber (email, plan) VALUES (:0, :1);", $r, htmlspecialchars($_POST['name'])); } echo "SUCCESS";
/** * Saves changes into database from POST data. * * @param string &$error Error variable for error text. * @return bool True if changes been done without errors. */ private function saveChanges(&$error) { try { \dbConn::execute("UPDATE :prefix:patient SET \n firstname = :0,\n lastname = :1,\n birth = :2,\n room = :3\n WHERE patientId = :4\n ", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), (new \DateTime($_POST['birthday']))->format("Y-m-d"), $_POST['room'], $_GET['par2']); return true; } catch (\Exception $ex) { $error = $ex->getMessage(); return false; } }
<?php require "../config.php"; function validateDate($date) { $d = DateTime::createFromFormat('d.m.Y', $date); return $d && $d->format('d.m.Y') == $date; } if (!isset($_POST['name']) || strlen($_POST['name']) < 1) { die("Bitte geben Sie einen gültigen Namen ein."); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:plan WHERE name = :0", $_POST['name']) > 0) { die("Der eingegebene Name ist schon vergeben."); } if (!isset($_POST['public']) || !validateDate($_POST['public']) || !isset($_POST['editable']) || !validateDate($_POST['editable'])) { die("Bitte geben Sie ein gültiges Datum ein."); } dbConn::execute("INSERT INTO :prefix:plan (name, public, editable) VALUES (:0, :1, :2);", htmlspecialchars($_POST['name']), $_POST['public'], $_POST['editable']); $tpl = new template("admin/nav.plan"); $tpl->insert("active", ""); $tpl->insert("name", htmlspecialchars($_POST['name'])); echo "SUCCESS" . $tpl->getOutput();
header("location: " . ROOT . "login"); die; } function generateRandomString($length = 10) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[rand(0, $charactersLength - 1)]; } return $randomString; } $required = array("firstname", "lastname", "email", "password", "passwordre", "rfid", "isAdmin", "state"); foreach ($required as $r) { if (!isset($_POST[$r]) || $_POST[$r] == "") { die("Bitte füllen Sie alle Felder aus."); } } if ($_POST['password'] != $_POST['passwordre']) { die("Passwörter stimmen nicht überein."); } if (strlen($_POST['password']) < 6) { die("Passwort muss mindestens 6 Zeichen enthalten"); } try { $salt = generateRandomString(50); \dbConn::execute("INSERT INTO :prefix:user (firstname, \n lastname, \n email, \n password,\n salt,\n rfid,\n isAdmin,\n state) \n VALUES (:0, :1, :2, :3, :4, :5, :6, :7);", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), htmlentities($_POST['email']), hash("sha512", $_POST['password'] . $salt), $salt, htmlentities($_POST['rfid']), $_POST['isAdmin'], $_POST['state']); } catch (\Exception $ex) { echo $ex->getMessage(); }
<?php session_start(); require "../../config.php"; if (!isset($_SESSION['user'])) { header("location: " . ROOT . "login"); die; } try { \dbConn::execute("INSERT INTO :prefix:patient (firstname, lastname, birth, room) VALUES (:0, :1, :2, :3);", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), (new \DateTime($_POST['birthday']))->format("Y-m-d"), $_POST['room']); } catch (\Exception $ex) { echo $ex->getMessage(); }
<?php require "../config.php"; if ($_POST['name'] == "") { die("Bitte geben Sie einen Namen ein."); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:production WHERE plan = :0 AND name = :1", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name'])) > 0) { die("Der Name ist bereits vergeben."); } dbConn::execute("INSERT INTO :prefix:production (plan, name) VALUES (:0, :1);", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name'])); echo "SUCCESS";
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) < 1) { array_push($errors, array(110 => "invalid rfid code. code not in use")); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:patient WHERE room = :0", $_GET['room']) < 1) { array_push($errors, array(111 => "invalid room id. room not in use")); } dieOnErrors($errors); // check if user account is in active state if (dbConn::querySingle("SELECT state FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) != "activated") { array_push($errors, array(116 => "user disabled")); dieOnErrors($errors); } // check if user is allowed to visit given room if (dbConn::querySingle("\n SELECT COUNT(*)\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE p.room = :0 AND u.rfid = :1\n ", $_GET['room'], $_GET['rfid']) < 1) { array_push($errors, array(115 => "permission denied")); } dieOnErrors($errors); // all data is valid and user has access // now create the response // collect required data $user = dbConn::queryRow("SELECT * FROM :prefix:user WHERE rfid = :0", $_GET['rfid']); $visit = dbConn::queryRow("\n SELECT * \n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE p.room = :0 AND user = :1\n ", $_GET['room'], $user['userId']); $media = array(); foreach (dbConn::query("SELECT type, path FROM :prefix:visit_media WHERE visitId = :0", $visit['visitId']) as $r) { $r['path'] = URL . "/media/" . strtolower($r['type']) . "/" . $r['path']; array_push($media, $r); } $response = array("success" => array("firstname" => $user['firstname'], "lastname" => $user['lastname'], "email" => $user['email'], "relation" => $visit['relation'], "scent" => $visit['scent'], "description" => $visit['description'], "media" => $media, "lastvisit" => dbConn::querySingle("SELECT MAX(created) FROM :prefix:visit_history WHERE visitId = :0", $visit['visitId']))); dbConn::execute("INSERT INTO :prefix:visit_history (visitId) VALUES (:0);", $visit['visitId']); header('Content-type: application/json'); echo json_encode($response, JSON_PRETTY_PRINT);
break; } $change->insert("shift", "<small>{$r['plan']}, {$r['production']}</small><br />" . substr($r['fromDate'], 0, 5) . " - " . substr($r['toDate'], 0, 5)); if ($r['nameBefore'] == $r['nameAfter']) { $change->insert("user", $r['nameAfter']); } else { $change->insert("user", "<small><span style=\"text-decoration:line-through;\">{$r['nameBefore']}</span></small>\n <br /><strong>{$r['nameAfter']}</strong>"); } if ($r['emailBefore'] == $r['emailAfter']) { $change->insert("email", $r['emailAfter']); } else { $change->insert("email", "<small><span style=\"text-decoration:line-through;\">{$r['emailBefore']}</span></small>\n <br /><strong>{$r['emailAfter']}</strong>"); } $change->insert("hidden", "hidden"); $email->insert("content", $change->getOutput()); dbConn::execute("DELETE FROM :prefix:email_pending WHERE historyId = :0", $r['historyId']); } } if ($emailRequired) { $emailError = ""; $arr = array(); foreach (dbConn::query("SELECT email FROM :prefix:email_subscriber \n WHERE plan = :0", $_POST['plan']) as $r) { $arr[] = $r['email']; } if (count($arr) > 0 && trim($arr[0]) != "") { emailSettings::send($arr, "Änderungen am Schichtplan " . $_POST['plan'], $email->getOutput(), $emailError); if ($emailError != "") { throw new Exception($emailError); } } }
<?php require "../config.php"; function validateDate($date) { $d = DateTime::createFromFormat('H:i', $date); return $d && $d->format('H:i') == $date; } $plan = $_POST['plan']; $_POST = $_POST['data']; if (!validateDate($_POST['from']) || !validateDate($_POST['to'])) { die("Bitte geben Sie ein gültiges Zeitformat ein."); } if ($_POST['to'] == $_POST['from']) { die("Anfang und Ende dürfen nicht identisch sein."); } if (strtotime($_POST['to']) < strtotime($_POST['from'])) { die("Der Anfang muss vor dem Ende liegen."); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:shift WHERE plan = :0 AND fromDate = :1 AND toDate = :2", $plan, $_POST['from'], $_POST['to']) > 0) { die("Eine Schicht mit den eingegebenen Zeiten existiert bereits für diesen Plan."); } dbConn::execute("INSERT INTO :prefix:shift (plan, fromDate, toDate) VALUES (:0, :1, :2)", $plan, $_POST['from'], $_POST['to']); echo "SUCCESS";
<?php session_start(); require "../../config.php"; if (!isset($_SESSION['user'])) { header("location: " . ROOT . "login"); die; } if (!isset($_POST['userid'])) { die("Missing argument userid"); } try { dbConn::execute("DELETE FROM :prefix:user WHERE userId = :0", $_POST['userid']); echo "SUCCESS"; } catch (Exception $ex) { echo $ex->getMessage(); }