/**
* Writes a log entry into the database.
*
* @param int $module The moduleId of the module.
* @param actionType $action The type of action the user did.
* @param array $data Data before and after the action.
*/
public static function write($module, $action, $data)
{
if (!isset($_SESSION['user']) || $_SESSION['user'] == "") {
die;
}
if (actionlogger::$loggingEnabled) {
dbConn::execute("INSERT INTO :prefix:admin_action (sessionId, moduleId, action, data, ipaddress) VALUES (:0, :1, :2, :3, :4);", $_SESSION['sessionId'], $module, $action, json_encode($data), $_SERVER['REMOTE_ADDR']);
}
}
<?php
require "../config.php";
dbConn::execute("UPDATE :prefix:plan SET deleted = 1, name = CONCAT(name, '_', CURRENT_TIMESTAMP) WHERE name = :0", $_POST['plan']);
echo "SUCCESS";
<?php
session_start();
define('DOCROOT', realpath(dirname(__FILE__)) . '/');
require DOCROOT . 'dbConn.php';
$con = new dbConn();
$password = $_POST['password'];
$email = $_SESSION['email'];
require DOCROOT . 'activationAndNotifications.php';
$stm = "select pwcr from users where email = '" . $email . "';";
$res = $con->execute($stm);
if ($res->num_rows > 0) {
while ($row = $res->fetch_assoc()) {
if ($row['pwcr'] == 1) {
$stm = "update users set password = '******' where email='" . $email . "';";
if ($con->execute($stm) === true) {
$not = new notification();
$body = "Password changed successfully.";
$not->email("*****@*****.**", "Administration", "*****@*****.**", "mailstodeliver", $email, "Password Changed Successfully", $body);
$stm = "update users set pcwr = 0 where email = '" . $email . "';";
$con->execute($stm);
$stm = "update users set activationCode = 0 where email = '" . $email . "';";
$con->execute($stm);
$_SESSION['homeMessage'] = "Password has been changed successfully.";
echo "<meta http-equiv='refresh' content='0; url=http://32.208.103.211/chatRegistration/index.php'>";
} else {
$_SESSION['homeMessage'] = "Link has been expired.";
echo "<meta http-equiv='refresh' content='0; url=http://32.208.103.211/chatRegistration/index.php'>";
}
}
}
<?php
require "../config.php";
function validateDate($date)
{
$d = DateTime::createFromFormat('d.m.Y', $date);
return $d && $d->format('d.m.Y') == $date;
}
if (!isset($_POST['name']) || strlen($_POST['name']) < 1) {
die("Bitte geben Sie einen gültigen Namen ein.");
}
if (!isset($_POST['public']) || !validateDate($_POST['public']) || !isset($_POST['editable']) || !validateDate($_POST['editable'])) {
die("Bitte geben Sie ein gültiges Datum ein.");
}
dbConn::execute("UPDATE :prefix:plan SET name = :0, public = :1, editable = :2 WHERE name = :3", htmlspecialchars($_POST['name']), DateTime::createFromFormat("d.m.Y", $_POST['public'])->format("Y-m-d H:i:s"), DateTime::createFromFormat("d.m.Y", $_POST['editable'])->format("Y-m-d H:i:s"), htmlspecialchars($_POST['originalName']));
dbConn::execute("DELETE FROM :prefix:email_subscriber WHERE plan = :0", htmlspecialchars($_POST['originalName']));
foreach ($_POST['subscribers'] as $r) {
dbConn::execute("INSERT INTO :prefix:email_subscriber (email, plan) VALUES (:0, :1);", $r, htmlspecialchars($_POST['name']));
}
echo "SUCCESS";
/**
* Saves changes into database from POST data.
*
* @param string &$error Error variable for error text.
* @return bool True if changes been done without errors.
*/
private function saveChanges(&$error)
{
try {
\dbConn::execute("UPDATE :prefix:patient SET \n firstname = :0,\n lastname = :1,\n birth = :2,\n room = :3\n WHERE patientId = :4\n ", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), (new \DateTime($_POST['birthday']))->format("Y-m-d"), $_POST['room'], $_GET['par2']);
return true;
} catch (\Exception $ex) {
$error = $ex->getMessage();
return false;
}
}
<?php
require "../config.php";
function validateDate($date)
{
$d = DateTime::createFromFormat('d.m.Y', $date);
return $d && $d->format('d.m.Y') == $date;
}
if (!isset($_POST['name']) || strlen($_POST['name']) < 1) {
die("Bitte geben Sie einen gültigen Namen ein.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:plan WHERE name = :0", $_POST['name']) > 0) {
die("Der eingegebene Name ist schon vergeben.");
}
if (!isset($_POST['public']) || !validateDate($_POST['public']) || !isset($_POST['editable']) || !validateDate($_POST['editable'])) {
die("Bitte geben Sie ein gültiges Datum ein.");
}
dbConn::execute("INSERT INTO :prefix:plan (name, public, editable) VALUES (:0, :1, :2);", htmlspecialchars($_POST['name']), $_POST['public'], $_POST['editable']);
$tpl = new template("admin/nav.plan");
$tpl->insert("active", "");
$tpl->insert("name", htmlspecialchars($_POST['name']));
echo "SUCCESS" . $tpl->getOutput();
header("location: " . ROOT . "login");
die;
}
function generateRandomString($length = 10)
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$required = array("firstname", "lastname", "email", "password", "passwordre", "rfid", "isAdmin", "state");
foreach ($required as $r) {
if (!isset($_POST[$r]) || $_POST[$r] == "") {
die("Bitte füllen Sie alle Felder aus.");
}
}
if ($_POST['password'] != $_POST['passwordre']) {
die("Passwörter stimmen nicht überein.");
}
if (strlen($_POST['password']) < 6) {
die("Passwort muss mindestens 6 Zeichen enthalten");
}
try {
$salt = generateRandomString(50);
\dbConn::execute("INSERT INTO :prefix:user (firstname, \n lastname, \n email, \n password,\n salt,\n rfid,\n isAdmin,\n state) \n VALUES (:0, :1, :2, :3, :4, :5, :6, :7);", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), htmlentities($_POST['email']), hash("sha512", $_POST['password'] . $salt), $salt, htmlentities($_POST['rfid']), $_POST['isAdmin'], $_POST['state']);
} catch (\Exception $ex) {
echo $ex->getMessage();
}
<?php
session_start();
require "../../config.php";
if (!isset($_SESSION['user'])) {
header("location: " . ROOT . "login");
die;
}
try {
\dbConn::execute("INSERT INTO :prefix:patient (firstname, lastname, birth, room) VALUES (:0, :1, :2, :3);", htmlentities($_POST['firstname']), htmlentities($_POST['lastname']), (new \DateTime($_POST['birthday']))->format("Y-m-d"), $_POST['room']);
} catch (\Exception $ex) {
echo $ex->getMessage();
}
<?php
require "../config.php";
if ($_POST['name'] == "") {
die("Bitte geben Sie einen Namen ein.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:production WHERE plan = :0 AND name = :1", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name'])) > 0) {
die("Der Name ist bereits vergeben.");
}
dbConn::execute("INSERT INTO :prefix:production (plan, name) VALUES (:0, :1);", htmlspecialchars($_POST['plan']), htmlspecialchars($_POST['name']));
echo "SUCCESS";
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) < 1) {
array_push($errors, array(110 => "invalid rfid code. code not in use"));
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:patient WHERE room = :0", $_GET['room']) < 1) {
array_push($errors, array(111 => "invalid room id. room not in use"));
}
dieOnErrors($errors);
// check if user account is in active state
if (dbConn::querySingle("SELECT state FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) != "activated") {
array_push($errors, array(116 => "user disabled"));
dieOnErrors($errors);
}
// check if user is allowed to visit given room
if (dbConn::querySingle("\n SELECT COUNT(*)\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE p.room = :0 AND u.rfid = :1\n ", $_GET['room'], $_GET['rfid']) < 1) {
array_push($errors, array(115 => "permission denied"));
}
dieOnErrors($errors);
// all data is valid and user has access
// now create the response
// collect required data
$user = dbConn::queryRow("SELECT * FROM :prefix:user WHERE rfid = :0", $_GET['rfid']);
$visit = dbConn::queryRow("\n SELECT * \n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE p.room = :0 AND user = :1\n ", $_GET['room'], $user['userId']);
$media = array();
foreach (dbConn::query("SELECT type, path FROM :prefix:visit_media WHERE visitId = :0", $visit['visitId']) as $r) {
$r['path'] = URL . "/media/" . strtolower($r['type']) . "/" . $r['path'];
array_push($media, $r);
}
$response = array("success" => array("firstname" => $user['firstname'], "lastname" => $user['lastname'], "email" => $user['email'], "relation" => $visit['relation'], "scent" => $visit['scent'], "description" => $visit['description'], "media" => $media, "lastvisit" => dbConn::querySingle("SELECT MAX(created) FROM :prefix:visit_history WHERE visitId = :0", $visit['visitId'])));
dbConn::execute("INSERT INTO :prefix:visit_history (visitId) VALUES (:0);", $visit['visitId']);
header('Content-type: application/json');
echo json_encode($response, JSON_PRETTY_PRINT);
break;
}
$change->insert("shift", "<small>{$r['plan']}, {$r['production']}</small><br />" . substr($r['fromDate'], 0, 5) . " - " . substr($r['toDate'], 0, 5));
if ($r['nameBefore'] == $r['nameAfter']) {
$change->insert("user", $r['nameAfter']);
} else {
$change->insert("user", "<small><span style=\"text-decoration:line-through;\">{$r['nameBefore']}</span></small>\n <br /><strong>{$r['nameAfter']}</strong>");
}
if ($r['emailBefore'] == $r['emailAfter']) {
$change->insert("email", $r['emailAfter']);
} else {
$change->insert("email", "<small><span style=\"text-decoration:line-through;\">{$r['emailBefore']}</span></small>\n <br /><strong>{$r['emailAfter']}</strong>");
}
$change->insert("hidden", "hidden");
$email->insert("content", $change->getOutput());
dbConn::execute("DELETE FROM :prefix:email_pending WHERE historyId = :0", $r['historyId']);
}
}
if ($emailRequired) {
$emailError = "";
$arr = array();
foreach (dbConn::query("SELECT email FROM :prefix:email_subscriber \n WHERE plan = :0", $_POST['plan']) as $r) {
$arr[] = $r['email'];
}
if (count($arr) > 0 && trim($arr[0]) != "") {
emailSettings::send($arr, "Änderungen am Schichtplan " . $_POST['plan'], $email->getOutput(), $emailError);
if ($emailError != "") {
throw new Exception($emailError);
}
}
}
<?php
require "../config.php";
function validateDate($date)
{
$d = DateTime::createFromFormat('H:i', $date);
return $d && $d->format('H:i') == $date;
}
$plan = $_POST['plan'];
$_POST = $_POST['data'];
if (!validateDate($_POST['from']) || !validateDate($_POST['to'])) {
die("Bitte geben Sie ein gültiges Zeitformat ein.");
}
if ($_POST['to'] == $_POST['from']) {
die("Anfang und Ende dürfen nicht identisch sein.");
}
if (strtotime($_POST['to']) < strtotime($_POST['from'])) {
die("Der Anfang muss vor dem Ende liegen.");
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:shift WHERE plan = :0 AND fromDate = :1 AND toDate = :2", $plan, $_POST['from'], $_POST['to']) > 0) {
die("Eine Schicht mit den eingegebenen Zeiten existiert bereits für diesen Plan.");
}
dbConn::execute("INSERT INTO :prefix:shift (plan, fromDate, toDate) VALUES (:0, :1, :2)", $plan, $_POST['from'], $_POST['to']);
echo "SUCCESS";
<?php
session_start();
require "../../config.php";
if (!isset($_SESSION['user'])) {
header("location: " . ROOT . "login");
die;
}
if (!isset($_POST['userid'])) {
die("Missing argument userid");
}
try {
dbConn::execute("DELETE FROM :prefix:user WHERE userId = :0", $_POST['userid']);
echo "SUCCESS";
} catch (Exception $ex) {
echo $ex->getMessage();
}
