function update_case_with_users($dbh, $case_id)
{
$q = $dbh->prepare("SELECT username from cm_case_assignees WHERE case_id = ? AND status = 'active'");
$q->bindParam(1, $case_id);
$q->execute();
$users = $q->fetchALL(PDO::FETCH_ASSOC);
$assigned_users = array();
foreach ($users as $user) {
$name = username_to_fullname($dbh, $user['username']);
$assigned_users[$name] = '';
}
if (count($assigned_users) > 0) {
$ser = serialize($assigned_users);
} else {
$ser = '';
}
$update = $dbh->prepare("UPDATE cm SET assigned_users = ? WHERE id = ?");
$update->bindParam(1, $ser);
$update->bindParam(2, $case_id);
$update->execute();
$error = $update->errorInfo();
if ($error[1]) {
return false;
} else {
return true;
}
}
function format_name_list($dbh, $list)
{
$names = explode(',', $list);
$n = null;
foreach ($names as $name) {
$n .= username_to_fullname($dbh, $name) . ", ";
}
$n_strip = substr($n, 0, -2);
return $n_strip;
}
function get_responsibles($dbh, $event_id)
{
$q = $dbh->prepare("SELECT * FROM cm_events_responsibles\n\t\tWHERE event_id = '{$event_id}'");
$q->execute();
$users = $q->fetchAll(PDO::FETCH_ASSOC);
$responsibles = array();
foreach ($users as $user) {
$lastname = username_to_lastname($dbh, $user['username']);
$fullname = username_to_fullname($dbh, $user['username']);
$user_id = username_to_userid($dbh, $user['username']);
$responsibles[] = array('user_id' => $user_id, 'last_name' => $lastname, 'full_name' => $fullname);
}
return $responsibles;
}
function reports_users_and_groups($dbh, $case_num)
{
$options = null;
if ($_SESSION['permissions']['view_users'] == '1') {
//First get all groups defined in cm_groups config
$q = $dbh->prepare("SELECT group_name, group_title FROM cm_groups ORDER BY group_title ASC");
$q->execute();
$groups = $q->fetchAll(PDO::FETCH_ASSOC);
$options .= "<optgroup label='User Groups'>";
foreach ($groups as $group) {
$options .= "<option value='_grp_" . $group['group_name'] . "'>All " . $group['group_title'] . "s</option>";
}
$options .= "</optgroup>";
//Then get every supervisor
$options .= "<optgroup label='Supervisor Groups'>";
$q = $dbh->prepare("SELECT cm_groups.group_name, cm_groups.supervises, cm_users.grp, cm_users.username\r\n\t\t\tFROM cm_groups, cm_users\r\n\t\t\tWHERE cm_groups.supervises = '1'\r\n\t\t\tAND cm_users.grp = cm_groups.group_name\r\n\t\t\tAND cm_users.status = 'active'\r\n\t\t\tORDER BY cm_users.username ASC");
$q->execute();
$groups = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($groups as $group) {
$options .= "<option value = '_spv_" . $group['username'] . "'>" . username_to_fullname($dbh, $group['username']) . "'s group</option>";
}
$options .= "</optgroup>";
//Then just get individual users
$options .= "<optgroup label='Individual Users'>";
$q = $dbh->prepare("SELECT * FROM cm_users WHERE status = 'active' ORDER BY last_name ASC");
$q->execute();
$users = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($users as $user) {
$options .= "<option value = '" . $user['username'] . "'>" . $user['first_name'] . " " . $user['last_name'] . "</option>";
}
$options .= "</optgroup>";
//Then get all cases
$options .= "<optgroup label='Open Cases'>";
$q = $dbh->prepare("SELECT id,first_name,last_name,organization FROM cm WHERE date_close = '' ORDER BY date_open ASC");
$q->execute();
$cases = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($cases as $c) {
if ($c['first_name'] === '' && $c['last_name'] === '') {
$options .= "<option value='_cse_" . $c['id'] . "'>" . $c['organization'] . "</option>";
} else {
$options .= "<option value='_cse_" . $c['id'] . "'>" . $c['first_name'] . " " . $c['last_name'] . "</option>";
}
}
$options .= "</optgroup>";
} elseif ($_SESSION['permissions']['supervises'] == '1') {
$user = $_SESSION['login'];
//Get users this supervisor is allowed to see
$options .= "<optgroup label='Users'>";
//Add supervisors group and the supervisor himself
$options .= "<option value='" . $_SESSION['login'] . "'>You</option><option selected=selected value= '_spv_" . $_SESSION['login'] . "'>Your Group</option>";
//Add each individual in this user's group
$q = $dbh->prepare("SELECT * FROM cm_users\r\n\t\t\tWHERE (supervisors LIKE '{$user},%'\r\n\t\t\tOR supervisors LIKE '%,{$user},%')\r\n\t\t\tAND status ='active'");
$q->execute();
$users = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($users as $u) {
$options .= "<option value='" . $u['username'] . "'>" . $u['first_name'] . " " . $u['last_name'] . "</option>";
}
$options .= "</optgroup>";
//Get all of this supervisor's open cases
$options .= "<optgroup label='Open Cases'>";
$q = $dbh->prepare("SELECT cm.first_name, cm.last_name,cm.organization,cm.id,\r\n\t\t\tcm_case_assignees.username,cm_case_assignees.case_id,\r\n\t\t\tcm_case_assignees.status FROM cm, cm_case_assignees\r\n\t\t\tWHERE cm_case_assignees.status = 'active'\r\n\t\t\tAND cm_case_assignees.case_id = cm.id\r\n\t\t\tAND cm_case_assignees.username = '******'\r\n\t\t\tAND cm.date_close = ''\r\n\t\t\tORDER BY cm.last_name DESC");
$q->execute();
$cases = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($cases as $c) {
if ($c['first_name'] === '' && $c['last_name'] === '') {
$options .= "<option value='_cse_" . $c['id'] . "'>" . $c['organization'] . "</option>";
} else {
$options .= "<option value='_cse_" . $c['id'] . "'>" . $c['first_name'] . " " . $c['last_name'] . "</option>";
}
}
$options .= "</optgroup>";
} else {
$options .= "<option selected=selected value='" . $_SESSION['login'] . "'>   You </option>";
}
return $options;
}
}
break;
case 'case':
$cols = array("username", "case_id", "date", "description", "time", "seconds");
$col_data = array(array('sTitle' => 'Name'), array('sTitle' => 'Case'), array('sTitle' => 'Date'), array('sTitle' => 'Description'), array('sTitle' => 'Time (hours)'), array('sTitle' => 'Seconds', 'bVisible' => false));
if ($columns_only) {
$output['aoColumns'] = $col_data;
} else {
$case_number = substr($val, 5);
$q = $dbh->prepare("SELECT * FROM cm_case_notes WHERE `case_id` = :val AND `date` >= :date_start AND `date` <= :date_end ORDER BY `date` ASC");
$data = array('val' => $case_number, 'date_start' => $date_start, 'date_end' => $date_end);
$q->execute($data);
$error = $q->errorInfo();
while ($result = $q->fetch(PDO::FETCH_ASSOC)) {
$rows = array();
$result['username'] = username_to_fullname($dbh, $result['username']);
$result['case_id'] = case_id_to_casename($dbh, $result['case_id']);
$result['date'] = extract_date($result['date']);
$result['seconds'] = $result['time'];
$result['time'] = convert_to_hours($result['time']);
foreach ($cols as $col) {
$rows[] = $result[$col];
}
$output['aaData'][] = $rows;
}
if ($q->rowCount() < 1) {
$output['aaData'] = array();
}
$output['aoColumns'] = $col_data;
}
break;
function make_string_added_to_db($name = "", $db_name = "")
{
$fname = username_to_fullname($name);
$u = "_";
$added = "<div id=\"add_div\"><span id=\"added\">MySQL user <span id=\"name\">{$name}</span> has all privlages \n\t\t for database <span id=\"db_name\">{$db_name}{$u}*</span><br/><span id=\"name\">{$fname}</span> can create and drop \n\t\t any database that begins with <span id=\"db_name\">{$db_name}{$u}</span>.</span></div>";
return $added;
}
<?php
foreach ($folders as $folder) {
if (strrchr($folder['folder'], '/')) {
$folder_name = substr(strrchr($folder['folder'], '/'), 1);
} else {
$folder_name = $folder['folder'];
}
$folder_path = $folder['folder'];
$user = username_to_fullname($dbh, $folder['username']);
$date = extract_date_time($folder['date_modified']);
echo "<div class='doc_item folder' path='{$folder_path}' data-id='{$folder['id']}'><img src='html/ico/folder.png'><p>{$folder_name}</p></div>";
echo "<div class='doc_properties' tabindex='1'><h3><img src='html/ico/folder.png'>{$folder_name}</h3>\n\t\t\t\t\t<hr />\n\t\t\t\t\t<p><label>Type</label> Folder</p>\n\t\t\t\t\t<p><label>Created:</label> {$date}</p>\n\t\t\t\t\t<p><label>Created By:</label> {$user}</p>\n\t\t\t\t\t</div>";
}
foreach ($documents as $document) {
$icon = get_icon($document['type']);
$user = username_to_fullname($dbh, $document['username']);
$date = extract_date_time($document['date_modified']);
echo "<div id='doc_{$document['id']}' class='doc_item item {$document['type']}' data-id='{$document['id']}'><img src='{$icon}'><p>{$document['name']}</p></div>";
echo "<div class='doc_properties' tabindex='1'><h3><img src='{$icon}'>{$document['name']}</h3>\n\t\t\t<hr />\n\t\t\t<p><label>Type</label> {$document['type']}</p>\n\t\t\t<p><label>Uploaded:</label> {$date}</p>\n\t\t\t<p><label>Uploaded By:</label> {$user}</p>\n\t\t\t</div>";
}
if (empty($folders) and empty($documents)) {
echo "<span class='docs_empty'>No documents found.</a>";
}
echo "<div class='doc_spacing_fix'></div>";
?>
<?php
if (!isset($update)) {
echo "</div>";
}
<div class="journal_detail">
<div class="journal_header ui-widget-header ui-corner-tl ui-corner-tr ui-helper-clearfix">
<img class="thumbnail-mask" src="<?php
echo return_thumbnail($dbh, $username);
?>
" border="0">
<p>Journal Submitted by <?php
echo username_to_fullname($dbh, $username);
?>
on <?php
echo extract_date_time($date_added);
?>
</p>
<div class = "journal_detail_control">
<?php
if ($view !== 'edit' && $_SESSION['permissions']['writes_journals'] == '1') {
?>
<button class="journal_delete">Delete</button>
<button class="journal_edit">Edit</button>
<button class="journal_print">Print</button>
<?php
} elseif ($view !== 'edit') {
?>
$forward_text = "<<<Forwarded this message to {$forward_names_string}" . "\n\n" . $reply_text;
$tos = generate_recipients($dbh, $thread_id);
$to = $tos['from'] . ',' . $tos['tos'];
$cc = $tos['ccs'];
$data = array('thread_id' => $thread_id, 'to' => $to, 'ccs' => $cc, 'sender' => $user, 'forward_text' => $forward_text);
$q->execute($data);
$error = $q->errorInfo();
//TODO notify forward recipients by email
if (!$error[1]) {
$msg_subject = get_subject($dbh, $thread_id);
$preview = snippet(20, $reply_text);
foreach ($forward_tos as $f) {
if ($f != $user) {
$email = user_email($dbh, $f);
$subject = "ClinicCases: New Message: '" . $msg_subject . "'";
$body = username_to_fullname($dbh, $user) . " forwarded '" . $msg_subject . "' to you:\n\n'{$preview}'\n\n" . CC_EMAIL_FOOTER;
mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM);
}
}
}
}
break;
case 'star_on':
//add start to message
$q = $dbh->prepare("UPDATE cm_messages SET `starred` = REPLACE(`starred`,:user,''),\n\t\t\tstarred = CONCAT(starred,:user) WHERE id = :id");
$user_string = $user . ",";
$data = array('user' => $user_string, 'id' => $id);
$q->execute($data);
$error = $q->errorInfo();
break;
case 'star_off':
?>
<div class = "msg_reply" data-id = "<?php
echo $id;
?>
">
<div class = "msg_reply_left">
<img class="thumbnail-mask" src = "<?php
echo return_thumbnail($dbh, $from);
?>
">
<?php
echo username_to_fullname($dbh, $from);
?>
</div>
<div class = "msg_reply_right">
<?php
echo extract_date_time($time_sent);
?>
</div>
<p><?php
echo nl2br(htmlentities(text_prepare($body)));
?>
}
}
}
//Add board posts
if ($_SESSION['permissions']['view_board'] == '1') {
$this_users_groups = user_which_groups($dbh, $_SESSION['login']);
$grps = implode("','", $this_users_groups);
$q = $dbh->prepare("SELECT * FROM `cm_board` as all_posts\n\tJOIN\n\t(SELECT * FROM cm_board_viewers WHERE viewer IN ('{$grps}') GROUP BY cm_board_viewers.post_id) AS this_user\n\tON\n\tall_posts.id = this_user.post_id AND all_posts.time_added >= '{$mysqldate}'");
$q->execute();
$posts = $q->fetchAll(PDO::FETCH_ASSOC);
foreach ($posts as $post) {
$activity_type = 'new_board_post';
if ($post['author'] === $username) {
$by = 'You';
} else {
$by = username_to_fullname($dbh, $post['author']);
}
$thumb = return_thumbnail($dbh, $post['author']);
$action_text = " posted on your Board ";
$time_done = $post['time_added'];
$time_formatted = extract_date_time($post['time_added']);
$what = $post['title'];
$follow_url = 'index.php?i=Board.php';
$mobile_url = 'index.php?i=Board.php';
$casename = "(view here)";
$id = null;
$item = array('activity_type' => $activity_type, 'by' => $by, 'thumb' => $thumb, 'action_text' => $action_text, 'casename' => $casename, 'id' => $id, 'what' => $what, 'follow_url' => $follow_url, 'time_done' => $time_done, 'time_formatted' => $time_formatted, 'mobile_url' => $mobile_url);
$activities[] = $item;
}
}
if (!empty($activities)) {
$q = $dbh->prepare("UPDATE `cm_board` SET `title` = :title, `body` = :body, `color` = :color, `time_edited` = NOW() WHERE `id` = :id");
$data = array('title' => $title, 'body' => $text, 'color' => $color, 'id' => $id);
$q->execute($data);
$error = $q->errorInfo();
//now, update cm_board_viewers with users who are allowed to see post
//first, delete old viewers
$del_viewers = $dbh->prepare("DELETE FROM cm_board_viewers WHERE post_id = ?");
$del_viewers->bindParam(1, $id);
$del_viewers->execute();
//second, add current viewers
$viewers_query = $dbh->prepare("INSERT INTO cm_board_viewers (`id`, `post_id`,`viewer`) VALUES (NULL,:post_id,:viewer)");
foreach ($viewers as $v) {
$data = array('post_id' => $id, 'viewer' => $v);
$viewers_query->execute($data);
//Notify viewer; TODO test with mail server
$author = username_to_fullname($dbh, $_SESSION['login']);
$email = user_email($dbh, $v);
$subject = "ClinicCases: {$author} posted on your Board";
$body = "{$author} posted on your Board in ClinicCases: {$title}.\n\n" . CC_EMAIL_FOOTER;
mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM);
}
break;
case 'delete':
$q = $dbh->prepare("DELETE FROM cm_board WHERE id = ?");
$q->bindParam(1, $item_id);
$q->execute();
$error = $q->errorInfo();
//check for attachments and delete them
$attch = $dbh->prepare("SELECT * FROM cm_board_attachments WHERE post_id = ?");
$attch->bindParam(1, $item_id);
$attch->execute();
?>
<div class="row">
<form class="navbar-search">
<input type="text" class="board-search search-query" placeholder="Search">
</form>
</div>
<div class="row board-container">
<?php
if ($_SESSION['permissions']['view_board'] === '1') {
if (empty($posts)) {
echo "<p class='end'>There have been no posts to your Board yet.</p>";
die;
} else {
foreach ($posts as $p) {
extract($p);
echo "<div class='container board-item' style='background-color:rgb({$color})'>" . "<h3><img class='img-rounded' src='" . return_thumbnail($dbh, $author) . "'><span class='searchable'> {$title}</span></h3>" . "<div class='searchable'>{$body}</div>" . "<br /><div class='muted searchable'>Posted By " . username_to_fullname($dbh, $author) . " on " . extract_date_time($time_added) . "</div>";
$attach = check_attachments($dbh, $post_id);
if ($attach == true) {
echo "<br /><div class='searchable'><label>Attachments:</label>{$attach}</div>";
}
echo "</div>";
}
}
} else {
echo "<p>You do not have permission to view the board.";
}
?>
</div>
</div>
</body>
</html>
\t\t\t\t<div class = 'csenote_bar_right'>
\t\t\t\t<label>Date:</label> <input type='hidden' name='csenote_date' class='csenote_date_value' value='{$this_date}'> {$selector}
\t\t\t\t<input type='hidden' name='csenote_user' value='{$this_user}'>
\t\t\t\t<input type='hidden' name='csenote_case_id' value='{$this_case_id}'>
\t\t\t\t<input type='hidden' name='query_type' value='add'>
\t\t\t\t<button class='csenote_action_submit'>Add</button><button class='csenote_action_cancel'>Cancel</button></div>
\t\t\t</div>
\t\t\t<textarea name='csenote_description'></textarea>
\t\t\t</form>
\t\t\t</div>
NEWNOTE;
//show all case notes
foreach ($case_notes_data as $case_notes) {
$time = convert_case_time($case_notes['time']);
echo "<div class='csenote' id='csenote_" . $case_notes['id'] . "'>\n\t\t\t\t<div class='csenote_bar'>\n\t\t\t\t<div class = 'csenote_bar_left'><img class='thumbnail-mask' src='" . thumbify($case_notes['picture_url']) . "'>  " . username_to_fullname($dbh, $case_notes['username']) . "</div><div class = 'csenote_bar_right'><span class='csenote_date'>" . extract_date($case_notes['date']) . "</span> · <span class='csenote_time'>" . $time[0] . $time[1] . "</span>";
if ($case_notes['username'] == $_SESSION['login']) {
echo " · <a href='#' class='csenote_edit'>Edit</a> <a href='#' class='csenote_delete'>Delete</a>";
}
echo "</div></div><p class='csenote_instance'>" . nl2br(htmlentities($case_notes['description'])) . "</p></div>";
}
if (empty($case_notes_data)) {
if (isset($search)) {
echo "<p>No case notes found matching <i>{$search}</i></p>";
} else {
echo "<p>No case notes found</p>";
die;
}
}
if (!isset($_POST['update'])) {
echo "</div>";
$data = array('comments' => $new, 'id' => $id[0]);
$update->execute($data);
$error = $q->errorInfo();
}
//notify users via email
//figure out who needs to receive this notification
$q = $dbh->prepare("SELECT reader,username FROM cm_journals WHERE id =?");
$q->bindParam(1, $id[0]);
$q->execute();
$u = $q->fetch(PDO::FETCH_ASSOC);
$involved = $u['reader'] . $u['username'];
$inv = explode(',', $involved);
$this_user = array($_SESSION['login']);
$notify = array_diff($inv, $this_user);
foreach ($notify as $user) {
$commenter = username_to_fullname($dbh, $_SESSION['login']);
$email = user_email($dbh, $user);
$subject = "ClinicCases: {$commenter} has commented on a journal.";
$body = "{$commenter} has commented on a journal.n\n" . CC_EMAIL_FOOTER;
mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM);
}
//TODO test on mail server
break;
case 'delete_comment':
//Get current comment array for this journal
$q = $dbh->prepare('SELECT comments FROM cm_journals WHERE id = ?');
$q->bindParam(1, $id[0]);
$q->execute();
$error = $q->errorInfo();
$result = $q->fetch(PDO::FETCH_ASSOC);
$old = unserialize($result['comments']);
$time_done = $close['time_closed'];
$time_formatted = extract_date_time($close['time_closed']);
$id = $close['id'];
$what = $close['close_notes'];
$follow_url = CC_BASE_URL . 'index.php?i=Cases.php#cases/' . $close['id'];
$item = array('by' => $by, 'action_text' => $action_text, 'casename' => $casename, 'id' => $id, 'what' => $what, 'follow_url' => $follow_url, 'time_done' => $time_done, 'time_formatted' => $time_formatted);
$activities[] = $item;
}
}
//new users who have requested access
if ($p['activate_users'] == '1') {
$get_new_users = $dbh->prepare("SELECT * FROM cm_users\n\t\t\t\tWHERE date_created >= '{$mysqldate}' AND new = 'yes'");
$get_new_users->execute();
$news = $get_new_users->fetchAll(PDO::FETCH_ASSOC);
foreach ($news as $new) {
$by = username_to_fullname($dbh, $new['username']);
$thumb = 'people/tn_no_picture.png';
$action_text = " signed up for ClinicCases ";
$time_done = $new['date_created'];
$time_formatted = extract_date_time($new['date_created']);
$what = 'Please review this application.';
$follow_url = CC_BASE_URL . 'index.php?i=Users.php';
$casename = '(view here)';
$id = null;
$item = array('by' => $by, 'action_text' => $action_text, 'casename' => $casename, 'id' => $id, 'what' => $what, 'follow_url' => $follow_url, 'time_done' => $time_done, 'time_formatted' => $time_formatted);
$activities[] = $item;
}
}
//TODO add board posts
//Sort the activity array
if (!empty($activities)) {
?>
</h3>
<div class="body_text">
<?php
echo $body;
?>
</div>
<p>
<label>
Posted by <?php
echo username_to_fullname($dbh, $author);
?>
on
<?php
echo extract_date_time($time_added);
?>
</label>
<?php
if ($author == $_SESSION['login'] || $_SESSION['permissions']['can_configure'] == '1') {
?>
<a href="#" class="small board_item_edit">Edit</a>
