Example #1
0
 /**
  * Writes a log entry into the database.
  *
  * @param int           $module     The moduleId of the module.
  * @param actionType    $action     The type of action the user did.
  * @param array         $data       Data before and after the action.
  */
 public static function write($module, $action, $data)
 {
     if (!isset($_SESSION['user']) || $_SESSION['user'] == "") {
         die;
     }
     if (actionlogger::$loggingEnabled) {
         dbConn::execute("INSERT INTO :prefix:admin_action (sessionId, moduleId, action, data, ipaddress) VALUES (:0, :1, :2, :3, :4);", $_SESSION['sessionId'], $module, $action, json_encode($data), $_SERVER['REMOTE_ADDR']);
     }
 }
Example #2
0
<?php

require "../config.php";
dbConn::execute("UPDATE :prefix:plan SET deleted = 1, name = CONCAT(name, '_', CURRENT_TIMESTAMP) WHERE name = :0", $_POST['plan']);
echo "SUCCESS";
Example #3
0
<?php

session_start();
define('DOCROOT', realpath(dirname(__FILE__)) . '/');
require DOCROOT . 'dbConn.php';
$con = new dbConn();
$password = $_POST['password'];
$email = $_SESSION['email'];
require DOCROOT . 'activationAndNotifications.php';
$stm = "select pwcr from users where email = '" . $email . "';";
$res = $con->execute($stm);
if ($res->num_rows > 0) {
    while ($row = $res->fetch_assoc()) {
        if ($row['pwcr'] == 1) {
            $stm = "update users set password = '******' where email='" . $email . "';";
            if ($con->execute($stm) === true) {
                $not = new notification();
                $body = "Password changed successfully.";
                $not->email("*****@*****.**", "Administration", "*****@*****.**", "mailstodeliver", $email, "Password Changed Successfully", $body);
                $stm = "update users set pcwr = 0 where email = '" . $email . "';";
                $con->execute($stm);
                $stm = "update users set activationCode = 0 where email = '" . $email . "';";
                $con->execute($stm);
                $_SESSION['homeMessage'] = "Password has been changed successfully.";
                echo "<meta http-equiv='refresh' content='0; url=http://32.208.103.211/chatRegistration/index.php'>";
            } else {
                $_SESSION['homeMessage'] = "Link has been expired.";
                echo "<meta http-equiv='refresh' content='0; url=http://32.208.103.211/chatRegistration/index.php'>";
            }
        }
    }
Example #4
0
<?php

require "../config.php";
function validateDate($date)
{
    $d = DateTime::createFromFormat('d.m.Y', $date);
    return $d && $d->format('d.m.Y') == $date;
}
if (!isset($_POST['name']) || strlen($_POST['name']) < 1) {
    die("Bitte geben Sie einen gültigen Namen ein.");
}
if (!isset($_POST['public']) || !validateDate($_POST['public']) || !isset($_POST['editable']) || !validateDate($_POST['editable'])) {
    die("Bitte geben Sie ein gültiges Datum ein.");
}
dbConn::execute("UPDATE :prefix:plan SET name = :0, public = :1, editable = :2 WHERE name = :3", htmlspecialchars($_POST['name']), DateTime::createFromFormat("d.m.Y", $_POST['public'])->format("Y-m-d H:i:s"), DateTime::createFromFormat("d.m.Y", $_POST['editable'])->format("Y-m-d H:i:s"), htmlspecialchars($_POST['originalName']));
dbConn::execute("DELETE FROM :prefix:email_subscriber WHERE plan = :0", htmlspecialchars($_POST['originalName']));
foreach ($_POST['subscribers'] as $r) {
    dbConn::execute("INSERT INTO :prefix:email_subscriber (email, plan) VALUES (:0, :1);", $r, htmlspecialchars($_POST['name']));
}
echo "SUCCESS";
Example #5
0
 /**
  * Saves changes into database from POST data.
  *
  * @param string &$error Error variable for error text.
  * @return bool True if changes been done without errors.
  */
 private function saveChanges(&$error)
 {
     try {
         \dbConn::execute("UPDATE :prefix:patient SET \n                                    firstname = :0,\n                                    lastname = :1,\n                                    birth = :2,\n                                    room = :3\n                                WHERE patientId = :4\n                            ", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), (new \DateTime($_POST['birthday']))->format("Y-m-d"), $_POST['room'], $_GET['par2']);
         return true;
     } catch (\Exception $ex) {
         $error = $ex->getMessage();
         return false;
     }
 }
Example #6
0
<?php

require "../config.php";
function validateDate($date)
{
    $d = DateTime::createFromFormat('d.m.Y', $date);
    return $d && $d->format('d.m.Y') == $date;
}
if (!isset($_POST['name']) || strlen($_POST['name']) < 1) {
    die("Bitte geben Sie einen gültigen Namen ein.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:plan WHERE name = :0", $_POST['name']) > 0) {
    die("Der eingegebene Name ist schon vergeben.");
}
if (!isset($_POST['public']) || !validateDate($_POST['public']) || !isset($_POST['editable']) || !validateDate($_POST['editable'])) {
    die("Bitte geben Sie ein gültiges Datum ein.");
}
dbConn::execute("INSERT INTO :prefix:plan (name, public, editable) VALUES (:0, :1, :2);", htmlspecialchars($_POST['name']), $_POST['public'], $_POST['editable']);
$tpl = new template("admin/nav.plan");
$tpl->insert("active", "");
$tpl->insert("name", htmlspecialchars($_POST['name']));
echo "SUCCESS" . $tpl->getOutput();
    header("location: " . ROOT . "login");
    die;
}
function generateRandomString($length = 10)
{
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}
$required = array("firstname", "lastname", "email", "password", "passwordre", "rfid", "isAdmin", "state");
foreach ($required as $r) {
    if (!isset($_POST[$r]) || $_POST[$r] == "") {
        die("Bitte füllen Sie alle Felder aus.");
    }
}
if ($_POST['password'] != $_POST['passwordre']) {
    die("Passwörter stimmen nicht überein.");
}
if (strlen($_POST['password']) < 6) {
    die("Passwort muss mindestens 6 Zeichen enthalten");
}
try {
    $salt = generateRandomString(50);
    \dbConn::execute("INSERT INTO :prefix:user (firstname, \n                                                lastname, \n                                                email, \n                                                password,\n                                                salt,\n                                                rfid,\n                                                isAdmin,\n                                                state) \n                                                VALUES (:0, :1, :2, :3, :4, :5, :6, :7);", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), htmlentities($_POST['email']), hash("sha512", $_POST['password'] . $salt), $salt, htmlentities($_POST['rfid']), $_POST['isAdmin'], $_POST['state']);
} catch (\Exception $ex) {
    echo $ex->getMessage();
}
<?php

session_start();
require "../../config.php";
if (!isset($_SESSION['user'])) {
    header("location: " . ROOT . "login");
    die;
}
try {
    \dbConn::execute("INSERT INTO :prefix:patient (firstname, lastname, birth, room) VALUES (:0, :1, :2, :3);", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), (new \DateTime($_POST['birthday']))->format("Y-m-d"), $_POST['room']);
} catch (\Exception $ex) {
    echo $ex->getMessage();
}
<?php

require "../config.php";
if ($_POST['name'] == "") {
    die("Bitte geben Sie einen Namen ein.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:production WHERE plan = :0 AND name = :1", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name'])) > 0) {
    die("Der Name ist bereits vergeben.");
}
dbConn::execute("INSERT INTO :prefix:production (plan, name) VALUES (:0, :1);", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name']));
echo "SUCCESS";
Example #10
0
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) < 1) {
    array_push($errors, array(110 => "invalid rfid code. code not in use"));
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:patient WHERE room = :0", $_GET['room']) < 1) {
    array_push($errors, array(111 => "invalid room id. room not in use"));
}
dieOnErrors($errors);
// check if user account is in active state
if (dbConn::querySingle("SELECT state FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) != "activated") {
    array_push($errors, array(116 => "user disabled"));
    dieOnErrors($errors);
}
// check if user is allowed to visit given room
if (dbConn::querySingle("\n            SELECT COUNT(*)\n            FROM :prefix:visit AS v\n            INNER JOIN :prefix:patient AS p\n            ON v.patient = p.patientId\n            INNER JOIN :prefix:user AS u\n            ON v.user = u.userId\n            WHERE p.room = :0 AND u.rfid = :1\n        ", $_GET['room'], $_GET['rfid']) < 1) {
    array_push($errors, array(115 => "permission denied"));
}
dieOnErrors($errors);
// all data is valid and user has access
// now create the response
// collect required data
$user = dbConn::queryRow("SELECT * FROM :prefix:user WHERE rfid = :0", $_GET['rfid']);
$visit = dbConn::queryRow("\n                        SELECT * \n                        FROM :prefix:visit AS v\n                        INNER JOIN :prefix:patient AS p\n                        ON v.patient = p.patientId\n                        WHERE p.room = :0 AND user = :1\n                    ", $_GET['room'], $user['userId']);
$media = array();
foreach (dbConn::query("SELECT type, path FROM :prefix:visit_media WHERE visitId = :0", $visit['visitId']) as $r) {
    $r['path'] = URL . "/media/" . strtolower($r['type']) . "/" . $r['path'];
    array_push($media, $r);
}
$response = array("success" => array("firstname" => $user['firstname'], "lastname" => $user['lastname'], "email" => $user['email'], "relation" => $visit['relation'], "scent" => $visit['scent'], "description" => $visit['description'], "media" => $media, "lastvisit" => dbConn::querySingle("SELECT MAX(created) FROM :prefix:visit_history WHERE visitId = :0", $visit['visitId'])));
dbConn::execute("INSERT INTO :prefix:visit_history (visitId) VALUES (:0);", $visit['visitId']);
header('Content-type: application/json');
echo json_encode($response, JSON_PRETTY_PRINT);
                 break;
         }
         $change->insert("shift", "<small>{$r['plan']}, {$r['production']}</small><br />" . substr($r['fromDate'], 0, 5) . " - " . substr($r['toDate'], 0, 5));
         if ($r['nameBefore'] == $r['nameAfter']) {
             $change->insert("user", $r['nameAfter']);
         } else {
             $change->insert("user", "<small><span style=\"text-decoration:line-through;\">{$r['nameBefore']}</span></small>\n                <br /><strong>{$r['nameAfter']}</strong>");
         }
         if ($r['emailBefore'] == $r['emailAfter']) {
             $change->insert("email", $r['emailAfter']);
         } else {
             $change->insert("email", "<small><span style=\"text-decoration:line-through;\">{$r['emailBefore']}</span></small>\n                <br /><strong>{$r['emailAfter']}</strong>");
         }
         $change->insert("hidden", "hidden");
         $email->insert("content", $change->getOutput());
         dbConn::execute("DELETE FROM :prefix:email_pending WHERE historyId = :0", $r['historyId']);
     }
 }
 if ($emailRequired) {
     $emailError = "";
     $arr = array();
     foreach (dbConn::query("SELECT email FROM :prefix:email_subscriber \n                                        WHERE plan = :0", $_POST['plan']) as $r) {
         $arr[] = $r['email'];
     }
     if (count($arr) > 0 && trim($arr[0]) != "") {
         emailSettings::send($arr, "Änderungen am Schichtplan " . $_POST['plan'], $email->getOutput(), $emailError);
         if ($emailError != "") {
             throw new Exception($emailError);
         }
     }
 }
Example #12
0
<?php

require "../config.php";
function validateDate($date)
{
    $d = DateTime::createFromFormat('H:i', $date);
    return $d && $d->format('H:i') == $date;
}
$plan = $_POST['plan'];
$_POST = $_POST['data'];
if (!validateDate($_POST['from']) || !validateDate($_POST['to'])) {
    die("Bitte geben Sie ein gültiges Zeitformat ein.");
}
if ($_POST['to'] == $_POST['from']) {
    die("Anfang und Ende dürfen nicht identisch sein.");
}
if (strtotime($_POST['to']) < strtotime($_POST['from'])) {
    die("Der Anfang muss vor dem Ende liegen.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:shift WHERE plan = :0 AND fromDate = :1 AND toDate = :2", $plan, $_POST['from'], $_POST['to']) > 0) {
    die("Eine Schicht mit den eingegebenen Zeiten existiert bereits für diesen Plan.");
}
dbConn::execute("INSERT INTO :prefix:shift (plan, fromDate, toDate) VALUES (:0, :1, :2)", $plan, $_POST['from'], $_POST['to']);
echo "SUCCESS";
<?php

session_start();
require "../../config.php";
if (!isset($_SESSION['user'])) {
    header("location: " . ROOT . "login");
    die;
}
if (!isset($_POST['userid'])) {
    die("Missing argument userid");
}
try {
    dbConn::execute("DELETE FROM :prefix:user WHERE userId = :0", $_POST['userid']);
    echo "SUCCESS";
} catch (Exception $ex) {
    echo $ex->getMessage();
}