</div> </div> </div> <?php printFooter(); printFoot(); die; } else { throw403(); } } $extraHeadCode = "<script>"; $extraHeadCode .= "var channel = \"{$channel}\";"; $extraHeadCode .= "var channelCoebotData = " . json_encode($channelCoebotData) . ";"; $extraHeadCode .= "var userAccessLevel = " . getUserAccessLevel($channel) . ";"; $extraHeadCode .= "</script>"; if (!isCookieTrue("experimentalFeatures")) { $extraHeadCode .= "<style>.js-commands-addbtn, .js-commands-editcolumn, .js-quotes-addbtn, .js-quotes-editcolumn, .js-autoreplies-addbtn, .js-autoreplies-editcolumn, .hidden-if-experimental { display: none!important; }</style>"; } if (!isCookieTrue("showWhalePenis")) { $extraHeadCode .= "<style>.whale-penis { display: none!important; }</style>"; } printHead($channelCoebotData["displayName"], array("/css/channel.css"), array("//cdn.datatables.net/1.10.4/js/jquery.dataTables.min.js", "//cdn.datatables.net/plug-ins/9dcbecd42ad/integration/bootstrap/3/dataTables.bootstrap.js", "/js/later.min.js", "/js/prettycron.js", "/js/channel.js"), $extraHeadCode); printNav('', true); ?> <div class="container-fluid"> <div class="row" role="tabpanel"> <div class="sidebar"> <div class="panel panel-default channel-sidebar-panel">
function cancelReservation(Reservation $informationroom) { error_log("will do the actual insert to the database"); //retrieves the sw, and gets id, firstname and lastname $currentUser = getUserProfileID(); // if the person doing the edit is a social worker, add their name and id to the reservation // activity record if (getUserAccessLevel() == 1) { $sw = retrieve_UserProfile_SW($currentUser); $swObject = current($sw); // there is only one record in the returned array, so get it // consider changing this code $informationroom->set_socialWorkerProfileId($swObject->get_swProfileId()); $informationroom->set_swFirstName($swObject->get_swFirstName()); $informationroom->set_swLastName($swObject->get_swLastName()); $informationroom->set_swDateStatusSubmitted(date("Y-m-d H:i:s")); $informationroom->set_status("Unconfirmed"); } else { if (getUserAccessLevel() == 2) { $rmhStaff = retrieve_UserProfile_RMHApprover_OBJ($currentUser); $informationroom->set_rmhStaffProfileId($rmhStaff->get_rmhStaffProfileId()); $informationroom->set_rmhStaffFirstName($rmhStaff->get_rmhStaffFirstName()); $informationroom->set_rmhStaffLastName($rmhStaff->get_rmhStaffLastName()); $informationroom->set_rmhDateStatusSubmitted(date("Y-m-d H:i:s")); $informationroom->set_status("Confirmed"); } } $informationroom->set_activityType("Cancel"); // insert a new activity record with a Cancel status // because we keep track of all changes, never update // the current activity record. instead, insert a new one // with the same request id but new activity id $retval = insert_RoomReservationActivity($informationroom); return $retval; }
function updateFamilyProfile(Family $familyProfile) { error_log("in updateFamilyProfile will do the actual insert to the database"); $activityType = "Edit"; //retrieves the sw, and gets id, firstname and lastname $currentUser = getUserProfileID(); $swID = ""; $swFirstName = ""; $swLastName = ""; $rmhStaffProfileId = ""; $rmhStaffFirstName = ""; $rmhStaffLastName = ""; $dateSWSubmit = 'NULL'; $dateRMHApproved = 'NULL'; // if the person doing the edit is a social worker, add their name and id to the reservation // activity record if (getUserAccessLevel() == 1) { $rmhStaffProfileId = 'NULL'; $sw = retrieve_UserProfile_SW($currentUser); $swObject = current($sw); // there is only one record in the returned array, so get it // consider changing this code $swID = $swObject->get_swProfileId(); // $swFirstName = $swObject->get_swFirstName(); // $swLastName=$swObject->get_swLastName(); $status = "Unconfirmed"; $dateSWSubmit = date("Y-m-d H:i:s"); } else { if (getUserAccessLevel() == 2) { $rmhStaff = retrieve_UserProfile_RMHApprover_OBJ($currentUser); $rmhStaffProfileId = $rmhStaff->get_rmhStaffProfileId(); // $rmhStaffFirstName = $rmhStaff->get_rmhStaffFirstName(); // $rmhStaffLastName = $rmhStaff->get_rmhStaffLastName(); $status = "Confirmed"; $dateRMHApproved = date("Y-m-d H:i:s"); } } // only if this is an RMH staff approval // insert_FamilyProfile($familyProfile); error_log('in updateFamilyProfile, familyProfileId is ' . $familyProfile->get_familyProfileId()); // only insert an activity record - will insert change into FamilyProfile table only if // approved $currentProfileActivity = new ProfileActivity(0, 0, $familyProfile->get_familyProfileId(), $swID, $rmhStaffProfileId, $dateSWSubmit, $dateRMHApproved, $activityType, $status, $familyProfile->get_parentfname(), $familyProfile->get_parentlname(), $familyProfile->get_parentemail(), $familyProfile->get_parentphone1(), $familyProfile->get_parentphone2(), $familyProfile->get_parentaddress(), $familyProfile->get_parentcity(), $familyProfile->get_parentstate(), $familyProfile->get_parentzip(), $familyProfile->get_parentcountry(), $familyProfile->get_patientfname(), $familyProfile->get_patientlname(), $familyProfile->get_patientrelation(), $familyProfile->get_patientdob(), $familyProfile->get_patientformpdf(), $familyProfile->get_patientnotes(), $familyProfile->get_patientnotes()); $retval = insert_ProfileActivity($currentProfileActivity); return $retval; }
* It comes with absolutely no warranty. You can redistribute and/or * modify it under the terms of the GNU Public License as published * by the Free Software Foundation (see <http://www.gnu.org/licenses/). */ /** * Navigation script for RMH-RoomReservationMaker. * This file includes the navigation based on user permission level * This file is automatically included in the header.php file * @author Prayas Bhattarai * @version May 1, 2012 */ //avoid direct access to the page: if (!defined('PARENT')) { die('Restricted access'); } $userAccess = getUserAccessLevel(); error_log("in navigation.php, user access level is {$userAccess}"); //Navigation items are set automatically based on the page name. It can be overriden by assigning the page name to $navItem //So for pages that are linked from the navigation menu, their $navItem is set automatically. But pages that are child pages of //a menu item, which doesn't have a direct link from the navigation, their $navItem has to be set to one of the pages in the left menu //this is done to highlight the current selected page if (!isset($navItem)) { $navItem = basename($_SERVER['PHP_SELF']); } ?> <nav class="navpane"> <ul> <!--navigation links available to all members --> <li data-href="<?php echo BASE_DIR . '/index.php';
$rmhparentName = $reservation->get_parentLastName() . ", " . $reservation->get_parentFirstName(); $rmhDatasubmit = $reservation->get_rmhDateStatusSubmitted(); $rmhbeginDate = $reservation->get_beginDate(); $rmhEndDate = $reservation->get_endDate(); $rmhActivity = $reservation->get_activityType(); $rmhStatus = $reservation->get_status(); echo '<tr>'; echo '<td>' . "<a href=EditReservation.php?id={$rmhRequestID}> {$rmhRequestID}" . '</td>'; echo '<td>' . $rmhSocialWorkerName . '</td>'; echo '<td>' . $rmhStaffName . '</td>'; echo '<td>' . $rmhparentName . '</td>'; echo '<td>' . $rmhDatasubmit . '</td>'; echo '<td>' . $rmhbeginDate . '</td>'; echo '<td>' . $rmhEndDate . '</td>'; echo '<td>' . $rmhActivity . '</td>'; if (getUserAccessLevel() > 1) { //if the user is an approver, let the user modify the status $link = '<a href="' . BASE_DIR . '/reservation/activity.php?type=reservation&request=' . $rmhRequestID . '">' . $rmhStatus . '</a>'; echo '<td>' . $link . '</td>'; } else { echo '<td>' . $rmhStatus . '</td>'; } echo '</tr>'; } echo '</table>'; echo '</div>'; // displayChooseRequestIDDropDown($foundReservations); } } else { if (isset($_POST['form_token']) && !validateTokenField($_POST)) { displayErrorMsg('The request could not be completed: security check failed!');
function getChannelWithAuthOrDie($userAccessLevel, $useJson = false) { $channel = getParam('channel'); if (!validateChannel($channel)) { respondMessage("invalid parameter (channel)"); return NULL; } if (getUserAccessLevel($channel) < $userAccessLevel) { respondMessage("not authorized"); return NULL; } return $channel; }
/** * checkDefaultPassword function that checks if the currently logged in user is using a default password. Sets a session message which is displayed when the user is redirected to the index page, which suggests the user to change their password. * @author Prayas Bhattarai * @return boolean */ function checkDefaultPassword() { $userProfile = retrieveCurrentUserProfile(); $currentPass = $userProfile->get_password(); if (getUserAccessLevel() == 1) { //use functions for social workers $fname = $userProfile->get_swFirstName(); $phone = $userProfile->get_swphone(); } else { if (getUserAccessLevel() > 1) { //use functions for rmh staff $fname = $userProfile->get_rmhStaffFirstName(); $phone = $userProfile->get_rmhStaffPhone(); } else { return false; } } $defaultPass = trim(strtolower($fname)) . trim(substr($phone, -4)); $defaultPass = getHashValue($defaultPass); if ($defaultPass != $currentPass) { return true; } else { setSessionMessage(array('default_pass' => 'You are using the default password for your account. It is advised that you change your password immediately by clicking on the "Manage Account" section.')); } }
function retrieveCurrentUserProfile() { //since access level is stored in the session, use that to find the user category //1 is for social worker //2 is for staff approver //3 is for admin //if there is a db function available for this, this function is not needed $accessLevel = getUserAccessLevel(); $userProfileId = getUserProfileID(); switch ($accessLevel) { case 1: return retrieve_UserProfile_SW_OBJ($userProfileId); break; case 2: return retrieve_UserProfile_RMHApprover_OBJ($userProfileId); break; case 3: $userProfile = retrieve_UserProfile_RMHAdmin($userProfileId); return is_array($userProfile) ? current($userProfile) : false; break; default: return false; break; } }