Esempio n. 1
0
             $_SESSION['error'] = "User already found in database, please retry.";
             // Else return with 'not exists' message
         }
     }
     $_SESSION[$include] = $data;
     header("Location:index.php?page={$include}");
     exit;
     break;
 case 'usereg':
     if (isset($_POST['userID']) && is_numeric($_POST['userID'])) {
         $userEdit = new eCRFUser($_POST['userID']);
         if ($userEdit->getPrivilege() > 90 && $_POST['usereg-privilege_id'] < 90) {
             $_SESSION['error'] = "You must use the User Admin screen to authorise new users.";
         } elseif ($userEdit->getPrivilege() < $user->getPrivilege() || $user->getPrivilege() > $_POST['usereg-privilege_id']) {
             $_SESSION['error'] = "You cannot edit a user with greater privilege than yourself.";
         } elseif ($userEdit->getCentre() != $user->getCentre() && $user->isLocal()) {
             $_SESSION['error'] = "You cannot edit users from other centres.";
         } elseif ($userEdit->getCountry() != $user->getCountry() && !$user->isCentralAdmin()) {
             $_SESSION['error'] = "You cannot edit users from other countries.";
         } elseif ($userEdit->getID() !== $user->getID() && $_POST['deleteUser'] === '1') {
             $userEdit->deleteUser();
             $_SESSION['message'] = "You have deleted the user.";
         } else {
             if ($trial->addUserInput($_POST, $userEdit)) {
                 if ($_POST['usereg-revalUser'] === '1') {
                     $password = $userEdit->generatePassword();
                     // Generate new password
                     $userEdit->setPassword($password, $user->getKey());
                     // Set it for the user
                     $email = $userEdit->writeEmail('created', $user, $password);
                     // Send email with username and password
Esempio n. 2
0
 public function getFormFields($page = NULL, $multiple = false, $multiSuffix = NULL, $record = NULL)
 {
     if (!$page) {
         $page = $this->getPage();
     }
     Timer::start();
     $fields = array();
     if ($multiple) {
         if (!isset($this->multipleFormFields[$page])) {
             $sql = "SELECT id, labelText, fieldName, defaultVal,\n\t\t\t\t  \ttype, toggle, mandatory, multiple, size, class \t\t \n\t\t\t\t  FROM formFields  \n\t\t\t\t  WHERE pages_name=?  \n                  AND multiple = ?\n\t\t\t\t  ORDER BY entryorder";
             $pA = array('ss', $page, $multiple);
             $result = $this->multipleFormFields[$page] = DB::query($sql, $pA);
         } else {
             $result = $this->multipleFormFields[$page];
         }
     } else {
         if (!isset($this->formFields[$page])) {
             $sql = "SELECT formFields.id, IFNULL( label_text, formFields.labelText ) as label_text, fieldName, defaultVal,\n\t\t\t\t\ttype, toggle, mandatory, size, class, readonly\t\t \n\t\t\t\tFROM formFields\n\t\t\t\tLEFT JOIN formFields_labels\n\t\t\t\tON formFields.id = formFields_id AND language_code = '{$this->getFormLanguage()}' \n\t\t\t\tWHERE pages_name=? \n                AND multiple IS NULL\t\t\t\n\t\t\t\tORDER BY entryorder";
             $pA = array('s', $page);
             $result = $this->formFields[$page] = DB::query($sql, $pA);
         } else {
             $result = $this->formFields[$page];
         }
     }
     $excluded = $this->getExcludedFormFields($record);
     $counter = 1;
     foreach ($result->rows as $row) {
         if (in_array($row->id, $excluded)) {
             continue;
         }
         if (!$row->fieldName) {
             $row->fieldName = $counter++;
         }
         if ($row->type != 'data') {
             $name = "{$page}-{$row->fieldName}";
             // Prepends the name with the current page
         } else {
             $name = $row->fieldName;
         }
         if ($multiSuffix) {
             $name .= "_{$multiSuffix}";
         }
         $fields[$name]['type'] = $row->type;
         $fields[$name]['label'] = $row->label_text;
         $fields[$name]['toggle'] = $row->toggle;
         $fields[$name]['mandatory'] = $row->mandatory;
         $fields[$name]['default'] = $row->defaultVal;
         $fields[$name]['size'] = $row->size;
         $fields[$name]['readonly'] = $row->readonly;
         $fields[$name]['class'] = $row->class;
         if ($row->type == 'checkbox' || $row->type == 'radio') {
             // Add checkbox options from validation table
             if (!isset($this->checkboxRadioOptions[$row->id])) {
                 $options = array();
                 $sql = "SELECT value, special FROM formVal \n                    WHERE formFields_id = ?\n                    AND operator = 'IN LIST'\n                    ORDER BY groupNum";
                 $pA = array('i', $row->id);
                 $getTable = DB::cleanQuery($sql, $pA);
                 if ($getTable->getRows() > 1) {
                     $sql = "SELECT a.option_value, IFNULL( b.option_text, a.option_text ) as option_text \n\t\t\t\t\tFROM {$getTable->value} a \n\t\t\t\t\tLEFT JOIN {$getTable->value} b \n\t\t\t\t\tON a.option_value = b.option_value AND b.language_code = '{$this->language}' ";
                     if ($getTable->value != 'centre') {
                         $sql .= "WHERE a.language_code = 'en' ";
                     }
                     $sql .= "ORDER BY a.option_order";
                     $result = DB::query($sql);
                     foreach ($result->rows as $row) {
                         $this->addOption($row->option_text, $row->option_value);
                     }
                 } else {
                     $sql = "SELECT a.option_value, IFNULL( b.option_text, a.option_text ) as option_text \n\t\t\t\t\t\tFROM {$getTable->value} a \n\t\t\t\t\t\tLEFT JOIN {$getTable->value} b \n\t\t\t\t\t\tON a.option_value = b.option_value AND b.language_code = '{$this->language}' \n\t\t\t\t\t\tWHERE a.language_code = 'en' ORDER BY a.option_order";
                     $ref = DB::query($sql);
                 }
                 foreach ($ref->rows as $rRow) {
                     $options[$rRow->option_value] = $rRow->option_text;
                 }
                 $fields[$name]['options'] = $this->checkboxRadioOptions[$row->id] = $options;
             } else {
                 $fields[$name]['options'] = $this->checkboxRadioOptions[$row->id];
             }
         }
         if ($row->type == 'select') {
             // Adds select options from table
             if (!isset($this->selectOptions[$row->id])) {
                 $options = array();
                 $sql = "SELECT value, special, operator FROM formVal \n                    WHERE formFields_id = ? ORDER BY groupNum";
                 $pA = array('i', $row->id);
                 $getTable = DB::query($sql, $pA);
                 foreach ($getTable->rows as $vRow) {
                     $filterNum = NULL;
                     switch ($vRow->operator) {
                         case 'IN LIST':
                             if ($vRow->special == 'FILTER') {
                                 $filter = explode('-', $vRow->value);
                                 $filterNum = $this->record->getField($filter[0], $filter[1]);
                             } else {
                                 $refTable = DB::clean($vRow->value);
                                 $order = $vRow->special == 'ALPHA' ? 'name' : 'option_order';
                                 if (strpos($refTable, '-')) {
                                     $filterBy = explode('-', $refTable);
                                     $refTable = $filterBy[0];
                                     $filterTable = $filterBy[1];
                                 } else {
                                     $filterTable = NULL;
                                 }
                                 $sql = "SELECT a.option_value, IFNULL( b.option_text, a.option_text ) as option_text\n\t\t\t\t\t\t\t\t\tFROM {$refTable} a \n\t\t\t\t\t\t\t\t\tLEFT JOIN {$refTable} b\n\t\t\t\t\t\t\t\t\tON a.option_value = b.option_value AND b.language_code = '{$this->language}' ";
                                 if ($filterTable) {
                                     $sql .= "RIGHT JOIN {$filterTable} c\n                                            ON a.id = c.{$refTable}_id ";
                                 }
                                 if ($refTable != 'centre') {
                                     $sql .= "WHERE a.language_code = 'en' ";
                                 }
                                 $sql .= "ORDER BY a.{$order}";
                                 $ref = DB::query($sql);
                             }
                             break;
                         case 'NOT IN LIST':
                             $excludeArr = explode(',', $vRow->value);
                             break;
                         default:
                             if ($vRow->special == 'REFERENCE') {
                                 $valArr = explode('-', $vRow->value);
                                 if ($valArr[0] == 'user') {
                                     $valNum = $_SESSION['user']->get($valArr[1]);
                                 }
                                 foreach ($ref->rows as $key => $rRow) {
                                     if ($valNum > $rRow->option_value) {
                                         unset($ref->rows[$key]);
                                     }
                                 }
                             }
                             break;
                     }
                 }
                 foreach ($ref->rows as $rRow) {
                     if (isset($excludeArr) && in_array($rRow->option_value, $excludeArr)) {
                         continue;
                     }
                     if ($row->fieldName == 'centre_id') {
                         // If making fields for centre_id and user is only allowed local then restrict to local
                         if (isset($this->user) && $this->user->isLocal() && $rRow->option_value != $this->user->getCentre()) {
                             continue;
                         } else {
                             $options[$rRow->option_value] = $rRow->option_text;
                         }
                     } else {
                         if (isset($filterNum)) {
                             $filterRef = explode(',', $rRow->filterRef);
                             if (!in_array($filterNum, $filterRef)) {
                                 continue;
                             }
                             $options[$rRow->option_value] = $rRow->option_text;
                         } else {
                             $options[$rRow->option_value] = $rRow->option_text;
                         }
                     }
                 }
                 $fields[$name]['options'] = $this->selectOptions[$row->id] = $options;
             } else {
                 $fields[$name]['options'] = $this->selectOptions[$row->id];
             }
         }
         if ($row->type == 'number') {
             // Gets potential units for units table
             $unit = array();
             $sql = "SELECT unit, conversion, decimal_places FROM units WHERE number = ? ORDER BY unitorder";
             $pA = array('s', $row->fieldName);
             $ref = DB::query($sql, $pA);
             foreach ($ref->rows as $rRow) {
                 $unit[$rRow->unit]['conversion'] = $rRow->conversion;
                 $unit[$rRow->unit]['decimals'] = $rRow->decimal_places;
             }
             $fields[$name]['unit'] = $unit;
         }
         if ($row->type == 'multiple') {
             $page = substr($name, 0, strpos($name, "-"));
             // Split out class and name from input field
             $name = substr($name, strpos($name, "-") + 1);
             $data = $this->record->getData($page);
             $number = $data->get($name);
             if ($number) {
                 for ($i = 0; $i < $number; $i++) {
                     $fields = array_merge($fields, $this->getFormFields($page, $name, $i + 1));
                 }
             }
         }
     }
     $getFormFields = $fields;
     $this->fields = $getFormFields;
     return $getFormFields;
 }