function update_case_with_users($dbh, $case_id) { $q = $dbh->prepare("SELECT username from cm_case_assignees WHERE case_id = ? AND status = 'active'"); $q->bindParam(1, $case_id); $q->execute(); $users = $q->fetchALL(PDO::FETCH_ASSOC); $assigned_users = array(); foreach ($users as $user) { $name = username_to_fullname($dbh, $user['username']); $assigned_users[$name] = ''; } if (count($assigned_users) > 0) { $ser = serialize($assigned_users); } else { $ser = ''; } $update = $dbh->prepare("UPDATE cm SET assigned_users = ? WHERE id = ?"); $update->bindParam(1, $ser); $update->bindParam(2, $case_id); $update->execute(); $error = $update->errorInfo(); if ($error[1]) { return false; } else { return true; } }
function format_name_list($dbh, $list) { $names = explode(',', $list); $n = null; foreach ($names as $name) { $n .= username_to_fullname($dbh, $name) . ", "; } $n_strip = substr($n, 0, -2); return $n_strip; }
function get_responsibles($dbh, $event_id) { $q = $dbh->prepare("SELECT * FROM cm_events_responsibles\n\t\tWHERE event_id = '{$event_id}'"); $q->execute(); $users = $q->fetchAll(PDO::FETCH_ASSOC); $responsibles = array(); foreach ($users as $user) { $lastname = username_to_lastname($dbh, $user['username']); $fullname = username_to_fullname($dbh, $user['username']); $user_id = username_to_userid($dbh, $user['username']); $responsibles[] = array('user_id' => $user_id, 'last_name' => $lastname, 'full_name' => $fullname); } return $responsibles; }
function reports_users_and_groups($dbh, $case_num) { $options = null; if ($_SESSION['permissions']['view_users'] == '1') { //First get all groups defined in cm_groups config $q = $dbh->prepare("SELECT group_name, group_title FROM cm_groups ORDER BY group_title ASC"); $q->execute(); $groups = $q->fetchAll(PDO::FETCH_ASSOC); $options .= "<optgroup label='User Groups'>"; foreach ($groups as $group) { $options .= "<option value='_grp_" . $group['group_name'] . "'>All " . $group['group_title'] . "s</option>"; } $options .= "</optgroup>"; //Then get every supervisor $options .= "<optgroup label='Supervisor Groups'>"; $q = $dbh->prepare("SELECT cm_groups.group_name, cm_groups.supervises, cm_users.grp, cm_users.username\r\n\t\t\tFROM cm_groups, cm_users\r\n\t\t\tWHERE cm_groups.supervises = '1'\r\n\t\t\tAND cm_users.grp = cm_groups.group_name\r\n\t\t\tAND cm_users.status = 'active'\r\n\t\t\tORDER BY cm_users.username ASC"); $q->execute(); $groups = $q->fetchAll(PDO::FETCH_ASSOC); foreach ($groups as $group) { $options .= "<option value = '_spv_" . $group['username'] . "'>" . username_to_fullname($dbh, $group['username']) . "'s group</option>"; } $options .= "</optgroup>"; //Then just get individual users $options .= "<optgroup label='Individual Users'>"; $q = $dbh->prepare("SELECT * FROM cm_users WHERE status = 'active' ORDER BY last_name ASC"); $q->execute(); $users = $q->fetchAll(PDO::FETCH_ASSOC); foreach ($users as $user) { $options .= "<option value = '" . $user['username'] . "'>" . $user['first_name'] . " " . $user['last_name'] . "</option>"; } $options .= "</optgroup>"; //Then get all cases $options .= "<optgroup label='Open Cases'>"; $q = $dbh->prepare("SELECT id,first_name,last_name,organization FROM cm WHERE date_close = '' ORDER BY date_open ASC"); $q->execute(); $cases = $q->fetchAll(PDO::FETCH_ASSOC); foreach ($cases as $c) { if ($c['first_name'] === '' && $c['last_name'] === '') { $options .= "<option value='_cse_" . $c['id'] . "'>" . $c['organization'] . "</option>"; } else { $options .= "<option value='_cse_" . $c['id'] . "'>" . $c['first_name'] . " " . $c['last_name'] . "</option>"; } } $options .= "</optgroup>"; } elseif ($_SESSION['permissions']['supervises'] == '1') { $user = $_SESSION['login']; //Get users this supervisor is allowed to see $options .= "<optgroup label='Users'>"; //Add supervisors group and the supervisor himself $options .= "<option value='" . $_SESSION['login'] . "'>You</option><option selected=selected value= '_spv_" . $_SESSION['login'] . "'>Your Group</option>"; //Add each individual in this user's group $q = $dbh->prepare("SELECT * FROM cm_users\r\n\t\t\tWHERE (supervisors LIKE '{$user},%'\r\n\t\t\tOR supervisors LIKE '%,{$user},%')\r\n\t\t\tAND status ='active'"); $q->execute(); $users = $q->fetchAll(PDO::FETCH_ASSOC); foreach ($users as $u) { $options .= "<option value='" . $u['username'] . "'>" . $u['first_name'] . " " . $u['last_name'] . "</option>"; } $options .= "</optgroup>"; //Get all of this supervisor's open cases $options .= "<optgroup label='Open Cases'>"; $q = $dbh->prepare("SELECT cm.first_name, cm.last_name,cm.organization,cm.id,\r\n\t\t\tcm_case_assignees.username,cm_case_assignees.case_id,\r\n\t\t\tcm_case_assignees.status FROM cm, cm_case_assignees\r\n\t\t\tWHERE cm_case_assignees.status = 'active'\r\n\t\t\tAND cm_case_assignees.case_id = cm.id\r\n\t\t\tAND cm_case_assignees.username = '******'\r\n\t\t\tAND cm.date_close = ''\r\n\t\t\tORDER BY cm.last_name DESC"); $q->execute(); $cases = $q->fetchAll(PDO::FETCH_ASSOC); foreach ($cases as $c) { if ($c['first_name'] === '' && $c['last_name'] === '') { $options .= "<option value='_cse_" . $c['id'] . "'>" . $c['organization'] . "</option>"; } else { $options .= "<option value='_cse_" . $c['id'] . "'>" . $c['first_name'] . " " . $c['last_name'] . "</option>"; } } $options .= "</optgroup>"; } else { $options .= "<option selected=selected value='" . $_SESSION['login'] . "'>   You </option>"; } return $options; }
} break; case 'case': $cols = array("username", "case_id", "date", "description", "time", "seconds"); $col_data = array(array('sTitle' => 'Name'), array('sTitle' => 'Case'), array('sTitle' => 'Date'), array('sTitle' => 'Description'), array('sTitle' => 'Time (hours)'), array('sTitle' => 'Seconds', 'bVisible' => false)); if ($columns_only) { $output['aoColumns'] = $col_data; } else { $case_number = substr($val, 5); $q = $dbh->prepare("SELECT * FROM cm_case_notes WHERE `case_id` = :val AND `date` >= :date_start AND `date` <= :date_end ORDER BY `date` ASC"); $data = array('val' => $case_number, 'date_start' => $date_start, 'date_end' => $date_end); $q->execute($data); $error = $q->errorInfo(); while ($result = $q->fetch(PDO::FETCH_ASSOC)) { $rows = array(); $result['username'] = username_to_fullname($dbh, $result['username']); $result['case_id'] = case_id_to_casename($dbh, $result['case_id']); $result['date'] = extract_date($result['date']); $result['seconds'] = $result['time']; $result['time'] = convert_to_hours($result['time']); foreach ($cols as $col) { $rows[] = $result[$col]; } $output['aaData'][] = $rows; } if ($q->rowCount() < 1) { $output['aaData'] = array(); } $output['aoColumns'] = $col_data; } break;
function make_string_added_to_db($name = "", $db_name = "") { $fname = username_to_fullname($name); $u = "_"; $added = "<div id=\"add_div\"><span id=\"added\">MySQL user <span id=\"name\">{$name}</span> has all privlages \n\t\t for database <span id=\"db_name\">{$db_name}{$u}*</span><br/><span id=\"name\">{$fname}</span> can create and drop \n\t\t any database that begins with <span id=\"db_name\">{$db_name}{$u}</span>.</span></div>"; return $added; }
<?php foreach ($folders as $folder) { if (strrchr($folder['folder'], '/')) { $folder_name = substr(strrchr($folder['folder'], '/'), 1); } else { $folder_name = $folder['folder']; } $folder_path = $folder['folder']; $user = username_to_fullname($dbh, $folder['username']); $date = extract_date_time($folder['date_modified']); echo "<div class='doc_item folder' path='{$folder_path}' data-id='{$folder['id']}'><img src='html/ico/folder.png'><p>{$folder_name}</p></div>"; echo "<div class='doc_properties' tabindex='1'><h3><img src='html/ico/folder.png'>{$folder_name}</h3>\n\t\t\t\t\t<hr />\n\t\t\t\t\t<p><label>Type</label> Folder</p>\n\t\t\t\t\t<p><label>Created:</label> {$date}</p>\n\t\t\t\t\t<p><label>Created By:</label> {$user}</p>\n\t\t\t\t\t</div>"; } foreach ($documents as $document) { $icon = get_icon($document['type']); $user = username_to_fullname($dbh, $document['username']); $date = extract_date_time($document['date_modified']); echo "<div id='doc_{$document['id']}' class='doc_item item {$document['type']}' data-id='{$document['id']}'><img src='{$icon}'><p>{$document['name']}</p></div>"; echo "<div class='doc_properties' tabindex='1'><h3><img src='{$icon}'>{$document['name']}</h3>\n\t\t\t<hr />\n\t\t\t<p><label>Type</label> {$document['type']}</p>\n\t\t\t<p><label>Uploaded:</label> {$date}</p>\n\t\t\t<p><label>Uploaded By:</label> {$user}</p>\n\t\t\t</div>"; } if (empty($folders) and empty($documents)) { echo "<span class='docs_empty'>No documents found.</a>"; } echo "<div class='doc_spacing_fix'></div>"; ?> <?php if (!isset($update)) { echo "</div>"; }
<div class="journal_detail"> <div class="journal_header ui-widget-header ui-corner-tl ui-corner-tr ui-helper-clearfix"> <img class="thumbnail-mask" src="<?php echo return_thumbnail($dbh, $username); ?> " border="0"> <p>Journal Submitted by <?php echo username_to_fullname($dbh, $username); ?> on <?php echo extract_date_time($date_added); ?> </p> <div class = "journal_detail_control"> <?php if ($view !== 'edit' && $_SESSION['permissions']['writes_journals'] == '1') { ?> <button class="journal_delete">Delete</button> <button class="journal_edit">Edit</button> <button class="journal_print">Print</button> <?php } elseif ($view !== 'edit') { ?>
$forward_text = "<<<Forwarded this message to {$forward_names_string}" . "\n\n" . $reply_text; $tos = generate_recipients($dbh, $thread_id); $to = $tos['from'] . ',' . $tos['tos']; $cc = $tos['ccs']; $data = array('thread_id' => $thread_id, 'to' => $to, 'ccs' => $cc, 'sender' => $user, 'forward_text' => $forward_text); $q->execute($data); $error = $q->errorInfo(); //TODO notify forward recipients by email if (!$error[1]) { $msg_subject = get_subject($dbh, $thread_id); $preview = snippet(20, $reply_text); foreach ($forward_tos as $f) { if ($f != $user) { $email = user_email($dbh, $f); $subject = "ClinicCases: New Message: '" . $msg_subject . "'"; $body = username_to_fullname($dbh, $user) . " forwarded '" . $msg_subject . "' to you:\n\n'{$preview}'\n\n" . CC_EMAIL_FOOTER; mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM); } } } } break; case 'star_on': //add start to message $q = $dbh->prepare("UPDATE cm_messages SET `starred` = REPLACE(`starred`,:user,''),\n\t\t\tstarred = CONCAT(starred,:user) WHERE id = :id"); $user_string = $user . ","; $data = array('user' => $user_string, 'id' => $id); $q->execute($data); $error = $q->errorInfo(); break; case 'star_off':
?> <div class = "msg_reply" data-id = "<?php echo $id; ?> "> <div class = "msg_reply_left"> <img class="thumbnail-mask" src = "<?php echo return_thumbnail($dbh, $from); ?> "> <?php echo username_to_fullname($dbh, $from); ?> </div> <div class = "msg_reply_right"> <?php echo extract_date_time($time_sent); ?> </div> <p><?php echo nl2br(htmlentities(text_prepare($body))); ?>
} } } //Add board posts if ($_SESSION['permissions']['view_board'] == '1') { $this_users_groups = user_which_groups($dbh, $_SESSION['login']); $grps = implode("','", $this_users_groups); $q = $dbh->prepare("SELECT * FROM `cm_board` as all_posts\n\tJOIN\n\t(SELECT * FROM cm_board_viewers WHERE viewer IN ('{$grps}') GROUP BY cm_board_viewers.post_id) AS this_user\n\tON\n\tall_posts.id = this_user.post_id AND all_posts.time_added >= '{$mysqldate}'"); $q->execute(); $posts = $q->fetchAll(PDO::FETCH_ASSOC); foreach ($posts as $post) { $activity_type = 'new_board_post'; if ($post['author'] === $username) { $by = 'You'; } else { $by = username_to_fullname($dbh, $post['author']); } $thumb = return_thumbnail($dbh, $post['author']); $action_text = " posted on your Board "; $time_done = $post['time_added']; $time_formatted = extract_date_time($post['time_added']); $what = $post['title']; $follow_url = 'index.php?i=Board.php'; $mobile_url = 'index.php?i=Board.php'; $casename = "(view here)"; $id = null; $item = array('activity_type' => $activity_type, 'by' => $by, 'thumb' => $thumb, 'action_text' => $action_text, 'casename' => $casename, 'id' => $id, 'what' => $what, 'follow_url' => $follow_url, 'time_done' => $time_done, 'time_formatted' => $time_formatted, 'mobile_url' => $mobile_url); $activities[] = $item; } } if (!empty($activities)) {
$q = $dbh->prepare("UPDATE `cm_board` SET `title` = :title, `body` = :body, `color` = :color, `time_edited` = NOW() WHERE `id` = :id"); $data = array('title' => $title, 'body' => $text, 'color' => $color, 'id' => $id); $q->execute($data); $error = $q->errorInfo(); //now, update cm_board_viewers with users who are allowed to see post //first, delete old viewers $del_viewers = $dbh->prepare("DELETE FROM cm_board_viewers WHERE post_id = ?"); $del_viewers->bindParam(1, $id); $del_viewers->execute(); //second, add current viewers $viewers_query = $dbh->prepare("INSERT INTO cm_board_viewers (`id`, `post_id`,`viewer`) VALUES (NULL,:post_id,:viewer)"); foreach ($viewers as $v) { $data = array('post_id' => $id, 'viewer' => $v); $viewers_query->execute($data); //Notify viewer; TODO test with mail server $author = username_to_fullname($dbh, $_SESSION['login']); $email = user_email($dbh, $v); $subject = "ClinicCases: {$author} posted on your Board"; $body = "{$author} posted on your Board in ClinicCases: {$title}.\n\n" . CC_EMAIL_FOOTER; mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM); } break; case 'delete': $q = $dbh->prepare("DELETE FROM cm_board WHERE id = ?"); $q->bindParam(1, $item_id); $q->execute(); $error = $q->errorInfo(); //check for attachments and delete them $attch = $dbh->prepare("SELECT * FROM cm_board_attachments WHERE post_id = ?"); $attch->bindParam(1, $item_id); $attch->execute();
?> <div class="row"> <form class="navbar-search"> <input type="text" class="board-search search-query" placeholder="Search"> </form> </div> <div class="row board-container"> <?php if ($_SESSION['permissions']['view_board'] === '1') { if (empty($posts)) { echo "<p class='end'>There have been no posts to your Board yet.</p>"; die; } else { foreach ($posts as $p) { extract($p); echo "<div class='container board-item' style='background-color:rgb({$color})'>" . "<h3><img class='img-rounded' src='" . return_thumbnail($dbh, $author) . "'><span class='searchable'> {$title}</span></h3>" . "<div class='searchable'>{$body}</div>" . "<br /><div class='muted searchable'>Posted By " . username_to_fullname($dbh, $author) . " on " . extract_date_time($time_added) . "</div>"; $attach = check_attachments($dbh, $post_id); if ($attach == true) { echo "<br /><div class='searchable'><label>Attachments:</label>{$attach}</div>"; } echo "</div>"; } } } else { echo "<p>You do not have permission to view the board."; } ?> </div> </div> </body> </html>
\t\t\t\t<div class = 'csenote_bar_right'> \t\t\t\t<label>Date:</label> <input type='hidden' name='csenote_date' class='csenote_date_value' value='{$this_date}'> {$selector} \t\t\t\t<input type='hidden' name='csenote_user' value='{$this_user}'> \t\t\t\t<input type='hidden' name='csenote_case_id' value='{$this_case_id}'> \t\t\t\t<input type='hidden' name='query_type' value='add'> \t\t\t\t<button class='csenote_action_submit'>Add</button><button class='csenote_action_cancel'>Cancel</button></div> \t\t\t</div> \t\t\t<textarea name='csenote_description'></textarea> \t\t\t</form> \t\t\t</div> NEWNOTE; //show all case notes foreach ($case_notes_data as $case_notes) { $time = convert_case_time($case_notes['time']); echo "<div class='csenote' id='csenote_" . $case_notes['id'] . "'>\n\t\t\t\t<div class='csenote_bar'>\n\t\t\t\t<div class = 'csenote_bar_left'><img class='thumbnail-mask' src='" . thumbify($case_notes['picture_url']) . "'>  " . username_to_fullname($dbh, $case_notes['username']) . "</div><div class = 'csenote_bar_right'><span class='csenote_date'>" . extract_date($case_notes['date']) . "</span> · <span class='csenote_time'>" . $time[0] . $time[1] . "</span>"; if ($case_notes['username'] == $_SESSION['login']) { echo " · <a href='#' class='csenote_edit'>Edit</a> <a href='#' class='csenote_delete'>Delete</a>"; } echo "</div></div><p class='csenote_instance'>" . nl2br(htmlentities($case_notes['description'])) . "</p></div>"; } if (empty($case_notes_data)) { if (isset($search)) { echo "<p>No case notes found matching <i>{$search}</i></p>"; } else { echo "<p>No case notes found</p>"; die; } } if (!isset($_POST['update'])) { echo "</div>";
$data = array('comments' => $new, 'id' => $id[0]); $update->execute($data); $error = $q->errorInfo(); } //notify users via email //figure out who needs to receive this notification $q = $dbh->prepare("SELECT reader,username FROM cm_journals WHERE id =?"); $q->bindParam(1, $id[0]); $q->execute(); $u = $q->fetch(PDO::FETCH_ASSOC); $involved = $u['reader'] . $u['username']; $inv = explode(',', $involved); $this_user = array($_SESSION['login']); $notify = array_diff($inv, $this_user); foreach ($notify as $user) { $commenter = username_to_fullname($dbh, $_SESSION['login']); $email = user_email($dbh, $user); $subject = "ClinicCases: {$commenter} has commented on a journal."; $body = "{$commenter} has commented on a journal.n\n" . CC_EMAIL_FOOTER; mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM); } //TODO test on mail server break; case 'delete_comment': //Get current comment array for this journal $q = $dbh->prepare('SELECT comments FROM cm_journals WHERE id = ?'); $q->bindParam(1, $id[0]); $q->execute(); $error = $q->errorInfo(); $result = $q->fetch(PDO::FETCH_ASSOC); $old = unserialize($result['comments']);
$time_done = $close['time_closed']; $time_formatted = extract_date_time($close['time_closed']); $id = $close['id']; $what = $close['close_notes']; $follow_url = CC_BASE_URL . 'index.php?i=Cases.php#cases/' . $close['id']; $item = array('by' => $by, 'action_text' => $action_text, 'casename' => $casename, 'id' => $id, 'what' => $what, 'follow_url' => $follow_url, 'time_done' => $time_done, 'time_formatted' => $time_formatted); $activities[] = $item; } } //new users who have requested access if ($p['activate_users'] == '1') { $get_new_users = $dbh->prepare("SELECT * FROM cm_users\n\t\t\t\tWHERE date_created >= '{$mysqldate}' AND new = 'yes'"); $get_new_users->execute(); $news = $get_new_users->fetchAll(PDO::FETCH_ASSOC); foreach ($news as $new) { $by = username_to_fullname($dbh, $new['username']); $thumb = 'people/tn_no_picture.png'; $action_text = " signed up for ClinicCases "; $time_done = $new['date_created']; $time_formatted = extract_date_time($new['date_created']); $what = 'Please review this application.'; $follow_url = CC_BASE_URL . 'index.php?i=Users.php'; $casename = '(view here)'; $id = null; $item = array('by' => $by, 'action_text' => $action_text, 'casename' => $casename, 'id' => $id, 'what' => $what, 'follow_url' => $follow_url, 'time_done' => $time_done, 'time_formatted' => $time_formatted); $activities[] = $item; } } //TODO add board posts //Sort the activity array if (!empty($activities)) {
?> </h3> <div class="body_text"> <?php echo $body; ?> </div> <p> <label> Posted by <?php echo username_to_fullname($dbh, $author); ?> on <?php echo extract_date_time($time_added); ?> </label> <?php if ($author == $_SESSION['login'] || $_SESSION['permissions']['can_configure'] == '1') { ?> <a href="#" class="small board_item_edit">Edit</a>