public function getOutput()
{
$tpl = new \template("mypatients/container");
// user data
$user = \dbConn::queryRow("SELECT userid, firstname, lastname, rfid, email, state \n FROM :prefix:user WHERE userId = :0", $_SESSION['userId']);
$tpl->insert("firstname", $user['firstname']);
$tpl->insert("lastname", $user['lastname']);
$tpl->insert("userid", $user['userid']);
$tpl->insert("rfid", $user['rfid']);
$tpl->insert("email", $user['email']);
foreach (\dbConn::query("SELECT * FROM :prefix:user_state") as $r) {
$tpl->insert("states", $r['name'] == $user['state'] ? "<option value=\"{$r['name']}\" selected>{$r['display']}</option>" : "<option value=\"{$r['name']}\">{$r['display']}</option>");
}
// insert patients
$hasPatients = false;
$visit = null;
foreach (\dbConn::query("\n SELECT firstname, lastname, patientId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE user = :0\n ORDER BY firstname", $_SESSION['userId']) as $r) {
$tpl->insert("patients", "<option value=\"{$r['patientId']}\">{$r['firstname']} {$r['lastname']}</option>");
if (!$hasPatients) {
$visit = \dbConn::queryRow("SELECT * FROM :prefix:visit WHERE user = :0 AND patient = :1", $_SESSION['userId'], $r['patientId']);
}
$hasPatients = true;
}
$visitTpl = new \template("visitors/edit.visit");
// relation
foreach (\dbConn::query("SELECT * FROM :prefix:relation ORDER BY name ASC") as $r) {
$visitTpl->insert("relations", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['relation'] ? " selected" : "") . ">{$r['name']}</option>");
}
// description
$visitTpl->insert("description", $visit['description']);
// scent
foreach (\dbConn::query("SELECT * FROM :prefix:scent ORDER BY name ASC") as $r) {
$visitTpl->insert("scents", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['scent'] ? " selected" : "") . ">{$r['name']}</option>");
}
// images
$imgCount = 0;
foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Image') as $img) {
$visitTpl->insert("image" . ($imgCount + 1), ROOT . "media/image/" . $img['path']);
$imgCount++;
}
for ($i = $imgCount + 1; $i <= 3; $i++) {
$visitTpl->insert("image" . $i, ROOT . "images/icons/image.png");
}
// audios
$audioCount = 0;
foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Audio') as $audio) {
$visitTpl->insert("audio" . ($audioCount + 1), ROOT . "images/icons/audio.png");
$audioCount++;
}
for ($i = $audioCount + 1; $i <= 3; $i++) {
$visitTpl->insert("audio" . $i, ROOT . "images/icons/plus.png");
}
$tpl->insert("visit", $visitTpl->getOutput());
return $tpl->getOutput();
}
/**
* Gets the html output and handles form inputs.
*
* @return string Html output.
*/
public function getOutput()
{
switch ($this->viewpoint) {
// ######################################################################################################
case "overview":
$tpl = new \template("patients/container");
$query = "";
if ($_SESSION['isAdmin']) {
$query = "SELECT \n patientId,\n firstname, \n lastname,\n room\n FROM :prefix:patient\n ORDER BY lastname ASC";
} else {
$query = "SELECT \n patientId,\n firstname, \n lastname,\n room\n FROM :prefix:patient\n WHERE patientId IN (SELECT patientId FROM :prefix:visit WHERE user = "******")\n ORDER BY lastname ASC";
}
foreach (\dbConn::query($query) as $r) {
$p = new \template("patients/patient");
$p->insert("id", $r['patientId']);
$p->insert("firstname", $r['firstname']);
$p->insert("lastname", $r['lastname']);
$p->insert("room", $r['room']);
$p->insert("visitorcount", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE patient = :0", $r['patientId']));
$p->insert("destination", ROOT . "patients" . "/" . $r['patientId']);
$tpl->insert("patients", $p);
}
return $tpl->getOutput();
break;
// ######################################################################################################
// ######################################################################################################
case "edit":
$result = null;
$tpl = new \template("patients/edit");
$tpl->insert("id", $_GET['par2']);
if (isset($_POST['save'])) {
$error = "";
if (!$this->saveChanges($error)) {
$result = new \template("alerts/danger");
$result->insert("caption", "Fehler");
$result->insert("text", $error);
$tpl->insert("firstname", $_POST['firstname']);
$tpl->insert("lastname", $_POST['lastname']);
$tpl->insert("room", $_POST['room']);
$tpl->insert("birthday", (new \DateTime($_POST['birthday']))->format("d.m.Y"));
} else {
$result = new \template("alerts/success");
$result->insert("caption", "Erfolgreich");
$result->insert("text", "Änderungen wurden erfolgreich gespeichert.");
}
}
$data = \dbConn::queryRow("SELECT * FROM :prefix:patient WHERE patientId = :0", $_GET['par2']);
if (isset($result)) {
$tpl->insert("result", $result);
if ($error == "") {
$tpl->insert("firstname", $data['firstname']);
$tpl->insert("lastname", $data['lastname']);
$tpl->insert("room", $data['room']);
$tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y"));
}
} else {
$tpl->insert("firstname", $data['firstname']);
$tpl->insert("lastname", $data['lastname']);
$tpl->insert("room", $data['room']);
$tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y"));
}
foreach (\dbConn::query("\n SELECT firstname, lastname\n FROM :prefix:visit AS v\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE v.patient = :0\n ", $_GET['par2']) as $r) {
$tpl->insert("visitors", "<option>" . $r['firstname'] . " " . $r['lastname'] . "</option>");
}
return $tpl->getOutput();
break;
// ######################################################################################################
// ######################################################################################################
case "new":
if (!$_SESSION['isAdmin']) {
return "<h1>Zugriff verweigert</h1>";
}
$tpl = new \template("patients/new");
return $tpl->getOutput();
break;
}
}
} else {
if ($colSum == 0) {
$colSum = $colSize;
}
$colSum += $colSize;
$planTpl->insert("tableCount", $colSize);
}
foreach ($values['productions'] as $prod) {
$pr = new template("production");
$pr->insert("name", $prod);
$pr->insert("nameEscaped", rawurlencode($prod));
$pr->insert("plan", rawurlencode($plan));
$pr->insert("url", rawurlencode(URL . "/"));
$pr->insert("organisation", rawurlencode(ORGANISATION));
$pr->insert("webmaster", WEBMASTER);
$master = dbConn::queryRow("SELECT masterName, masterEmail FROM :prefix:production\n WHERE plan = :0 AND name = :1", $plan, $prod);
$pr->insert("masterName", $master['masterName']);
$pr->insert("masterEmail", $master['masterEmail']);
$planTpl->insert("productions", $pr->getOutput());
}
foreach ($values['shifts'] as $sh) {
$t = new template("shift");
$t->insert("fromToDate", substr(str_replace(":00-", " - ", $sh), 0, 13));
$shiftId = dbConn::querySingle("SELECT shiftId FROM :prefix:shift WHERE \n plan = :0 AND fromDate = :1 AND toDate = :2 ", $plan, explode("-", str_replace(":", "", $sh))[0], explode("-", str_replace(":", "", $sh))[1]);
foreach ($values['productions'] as $prod) {
// separate tables
if (!in_array($prod, $values['productions'])) {
continue;
}
$has = false;
$required = 0;
public function getOutput()
{
switch ($this->viewpoint) {
case "overview":
$tpl = new \template("visitors/container");
foreach (\dbConn::query("SELECT * FROM :prefix:user ORDER BY lastname ASC") as $r) {
$v = new \template("visitors/visitor");
$v->insert("firstname", $r['firstname']);
$v->insert("id", $r['userId']);
$v->insert("lastname", $r['lastname']);
$v->insert("rfid", $r['rfid']);
$v->insert("patients", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE user = :0", $r['userId']));
$v->insert("lastvisit", \dbConn::querySingle("\n SELECT DATE_FORMAT(MAX(h.created), '%d.%m.%y %H:%i')\n FROM :prefix:visit AS v\n INNER JOIN :prefix:visit_history AS h\n ON v.visitId = h.visitId\n WHERE v.user = :0\n ", $r['userId']));
$v->insert("destination", ROOT . "visitors/" . $r['userId']);
$tpl->insert("visitors", $v);
}
return $tpl->getOutput();
break;
// ######################################################################################################
// ######################################################################################################
case "new":
$tpl = new \template("visitors/new");
return $tpl;
break;
// ######################################################################################################
// ######################################################################################################
case "edit":
$hasPatients = false;
$visit = null;
$tpl = new \template("visitors/edit.container");
// user data
$user = \dbConn::queryRow("SELECT userid, firstname, lastname, rfid, email, state \n FROM :prefix:user WHERE userId = :0", $_GET['par2']);
$tpl->insert("firstname", $user['firstname']);
$tpl->insert("lastname", $user['lastname']);
$tpl->insert("userid", $user['userid']);
$tpl->insert("rfid", $user['rfid']);
$tpl->insert("email", $user['email']);
foreach (\dbConn::query("SELECT * FROM :prefix:user_state") as $r) {
$tpl->insert("states", $r['name'] == $user['state'] ? "<option value=\"{$r['name']}\" selected>{$r['display']}</option>" : "<option value=\"{$r['name']}\">{$r['display']}</option>");
}
// insert patients
foreach (\dbConn::query("\n SELECT firstname, lastname, patientId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE user = :0\n ORDER BY firstname", $_GET['par2']) as $r) {
$tpl->insert("patients", "<option value=\"{$r['patientId']}\">{$r['firstname']} {$r['lastname']}</option>");
if (!$hasPatients) {
$visit = \dbConn::queryRow("SELECT * FROM :prefix:visit WHERE user = :0 AND patient = :1", $_GET['par2'], $r['patientId']);
}
$hasPatients = true;
}
$visitTpl = new \template("visitors/edit.visit");
// relation
foreach (\dbConn::query("SELECT * FROM :prefix:relation ORDER BY name ASC") as $r) {
$visitTpl->insert("relations", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['relation'] ? " selected" : "") . ">{$r['name']}</option>");
}
// description
$visitTpl->insert("description", $visit['description']);
// scent
foreach (\dbConn::query("SELECT * FROM :prefix:scent ORDER BY name ASC") as $r) {
$visitTpl->insert("scents", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['scent'] ? " selected" : "") . ">{$r['name']}</option>");
}
// images
$imgCount = 0;
foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Image') as $img) {
$visitTpl->insert("image" . ($imgCount + 1), ROOT . "media/image/" . $img['path']);
$imgCount++;
}
for ($i = $imgCount + 1; $i <= 3; $i++) {
$visitTpl->insert("image" . $i, ROOT . "images/icons/image.png");
}
// audios
$audioCount = 0;
foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Audio') as $audio) {
$visitTpl->insert("audio" . ($audioCount + 1), ROOT . "images/icons/audio.png");
$audioCount++;
}
for ($i = $audioCount + 1; $i <= 3; $i++) {
$visitTpl->insert("audio" . $i, ROOT . "images/icons/plus.png");
}
$tpl->insert("visit", $visitTpl->getOutput());
return $tpl->getOutput();
break;
}
}
// no user logged on
if (!isset($_SESSION['user'])) {
header("location: " . ROOT . "admin/");
die;
} else {
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:admin WHERE adminId = :0", $_SESSION['user']) < 1) {
unset($_SESSION['user']);
header("location: " . ROOT . "admin/");
die;
} else {
if (isset($_GET['filename'])) {
$name = BASEDIR . "../files/backups/" . $_GET['filename'];
if (!file_exists($name) || $_GET['filename'] == "backup.php") {
header("location: " . ROOT);
die;
}
actionLogger::write(dbConn::querySingle("SELECT moduleId FROM :prefix:module WHERE class = 'backup'"), actionType::DOWNLOAD, dbConn::queryRow("SELECT * FROM :prefix:backup WHERE filename = :0", $_GET['filename']));
$fp = fopen($name, 'rb');
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-type: application/octet-stream");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($name));
ob_end_flush();
@readfile($name);
}
}
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) < 1) {
array_push($errors, array(110 => "invalid rfid code. code not in use"));
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:patient WHERE room = :0", $_GET['room']) < 1) {
array_push($errors, array(111 => "invalid room id. room not in use"));
}
dieOnErrors($errors);
// check if user account is in active state
if (dbConn::querySingle("SELECT state FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) != "activated") {
array_push($errors, array(116 => "user disabled"));
dieOnErrors($errors);
}
// check if user is allowed to visit given room
if (dbConn::querySingle("\n SELECT COUNT(*)\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE p.room = :0 AND u.rfid = :1\n ", $_GET['room'], $_GET['rfid']) < 1) {
array_push($errors, array(115 => "permission denied"));
}
dieOnErrors($errors);
// all data is valid and user has access
// now create the response
// collect required data
$user = dbConn::queryRow("SELECT * FROM :prefix:user WHERE rfid = :0", $_GET['rfid']);
$visit = dbConn::queryRow("\n SELECT * \n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE p.room = :0 AND user = :1\n ", $_GET['room'], $user['userId']);
$media = array();
foreach (dbConn::query("SELECT type, path FROM :prefix:visit_media WHERE visitId = :0", $visit['visitId']) as $r) {
$r['path'] = URL . "/media/" . strtolower($r['type']) . "/" . $r['path'];
array_push($media, $r);
}
$response = array("success" => array("firstname" => $user['firstname'], "lastname" => $user['lastname'], "email" => $user['email'], "relation" => $visit['relation'], "scent" => $visit['scent'], "description" => $visit['description'], "media" => $media, "lastvisit" => dbConn::querySingle("SELECT MAX(created) FROM :prefix:visit_history WHERE visitId = :0", $visit['visitId'])));
dbConn::execute("INSERT INTO :prefix:visit_history (visitId) VALUES (:0);", $visit['visitId']);
header('Content-type: application/json');
echo json_encode($response, JSON_PRETTY_PRINT);
