public function login()
{
$this->form_validation->set_rules('useremail', 'Email', 'required|valid_email|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'required|xss_clean');
if ($this->form_validation->run() == FALSE) {
$this->trylogin();
} else {
$this->load->model('auth_model');
$query = $this->auth_model->check_login($this->input->post('useremail'), $this->input->post('password'), 'result');
if ($query->num_rows() > 0) {
$row = $query->row();
if ($row->banned == 1) {
$msg = '<div class="alert alert-danger">' . '<button data-dismiss="alert" class="close" type="button">×</button>' . '<strong>User banned</strong>' . '</div>';
$this->session->set_flashdata('msg', $msg);
redirect(site_url('account/trylogin'));
} else {
if ($row->confirmed != 1) {
$msg = '<div class="alert alert-danger">' . '<button data-dismiss="alert" class="close" type="button">×</button>' . '<strong>Account not activated</strong>' . '</div>';
$this->session->set_flashdata('msg', $msg);
redirect(site_url('account/trylogin'));
} else {
if (is_admin()) {
create_log($row->user_name);
}
$this->session->set_userdata('user_id', $row->id);
$this->session->set_userdata('user_name', $row->user_name);
$this->session->set_userdata('user_type', $row->user_type);
$this->session->set_userdata('is_paid', $row->is_paid);
$this->session->set_userdata('user_email', $this->input->post('useremail'));
if ($this->session->userdata('req_url') != '') {
$req_url = $this->session->userdata('req_url');
$this->session->set_userdata('req_url', '');
redirect($req_url);
}
redirect(site_url());
}
}
} else {
$msg = '<div class="alert alert-danger">' . '<button data-dismiss="alert" class="close" type="button">×</button>' . '<strong>Username or password not matched</strong>' . '</div>';
$this->session->set_flashdata('msg', $msg);
redirect(site_url('account/trylogin'));
}
}
}
}
if (!$expires) {
$expires = date('Y-m-d H:i:s', time() + 1 * 24 * 60 * 60);
}
$db = CreateObject('s3dbapi.db');
$db->Halt_On_Error = 'no';
$db->Host = $GLOBALS['s3db_info']['server']['db']['db_host'];
$db->Type = $GLOBALS['s3db_info']['server']['db']['db_type'];
$db->Database = $GLOBALS['s3db_info']['server']['db']['db_name'];
$db->User = $GLOBALS['s3db_info']['server']['db']['db_user'];
$db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass'];
$db->connect();
#create a log indicating the user has logged in
$user_lid = $user_info['account_lid'];
$user_id = $user_info['account_id'];
create_log($user_lid, $db);
#Create the key
$inputs = array('key_id' => $key, 'expires' => $expires, 'notes' => 'Key generated automatically via API', 'account_id' => $user_id);
$added = add_entry('access_keys', $inputs, $db);
$data[0] = $inputs;
$letter = 'E';
$pack = compact('data', 'user_id', 'db', 'letter', 't', 'format');
if ($added) {
echo completeDisplay($pack);
exit;
} else {
echo formatReturn('2', 'Your authentication was valid but a key could not be created.', $format, '');
exit;
}
}
} else {
<?php
include '../init.php';
if (empty($_POST) == false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) == true || empty($password) == true) {
$errors[] = 'Enter a username and password';
} else {
if (user_exists($username) == false) {
$errors[] = 'Username does not exist!';
} else {
$login = login($username, $password);
if ($login == false) {
$errors[] = 'Invalid password.';
} else {
$_SESSION['id'] = $login;
//login will return the id
//Log the action. First argument is the user's id, second is a string describing the action taken.
create_log($_SESSION['id'], "Logged into system");
header('Location: ../../index.php');
}
}
}
print_r($errors);
}
function auth($username, $password, $format = 'html', $createkey = true, $authorities = '')
{
if ($username != '' && $password != '') {
#connect to the db
$db = CreateObject('s3dbapi.db');
$db->Halt_On_Error = 'no';
$db->Host = $GLOBALS['s3db_info']['server']['db']['db_host'];
$db->Type = $GLOBALS['s3db_info']['server']['db']['db_type'];
$db->Database = $GLOBALS['s3db_info']['server']['db']['db_name'];
$db->User = $GLOBALS['s3db_info']['server']['db']['db_user'];
$db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass'];
$db->connect();
list($valid, $user_info, $message) = auth_user_api($username, $user_id, $password, $db);
if (!$valid) {
#does this user have another account? try it remotelly
#in case an authority has been endorsed: if authority is complex, build the username taking that into account
if ($authorities) {
$create_account = false;
foreach ($GLOBALS['endorsed'] as $ord => $end) {
if ($end == $authorities) {
$email = $username . (substr($end, 0, 1) == '@' ? '' : '@') . $end;
$userLabel = $end . ':' . $username;
$protocol = $GLOBALS['s3db_info']['deployment']['endorsed_protocol'][$ord];
$auth = $GLOBALS['s3db_info']['deployment']['endorsed_server'][$ord];
$userComplexId = $protocol . ':' . $authorities . ':' . $username;
#$email = $username.((substr($end,0,1)=='@')?'':'@').$end;
#$protocol = $GLOBALS['s3db_info']['deployment']['endorsed_protocol'][$ord];
#$userLabel = $protocol.':'.$end.':'.$username;
#$auth=$GLOBALS['s3db_info']['deployment']['endorsed_server'][$ord];
if ($protocol == 'ldap') {
$userComplexName = $protocol . ':' . $auth . ':' . ereg_replace('cn=email', 'cn=' . $username, $GLOBALS['s3db_info']['deployment']['endorsed_ldap_rns'][$ord]);
$create_account = $GLOBALS['s3db_info']['deployment']['endorsed_automated'][$ord];
} elseif ($protocol == 'http') {
$userComplexName = $protocol . ':' . $auth . ':' . ereg_replace('email', $username, $GLOBALS['s3db_info']['deployment']['endorsed_ldap_rns'][$ord]);
}
}
}
}
if ($userComplexName == '') {
$userComplexName = $username;
}
#
list($valid, $token, $expires) = univ_authenticate($userComplexName, $password, $serv_account);
#if user was validated remotelly, user_info will correspond to the remote user. Also, a key has been generated; that is what will be used for the remainder of this session.
if ($valid) {
#even if user was authenticated remotelly, he still needs to have been created as user of this deployment
if ($email == '') {
$email = $username;
}
if ($userComplexId != '') {
$username = $userComplexId;
$account_id = s3id();
}
#else {$account_id=$username;}
$sql = "select * from s3db_account where (account_id='" . $account_id . "' or account_email='" . $email . "') and account_status='A'";
#$sql = "select * from s3db_account where (account_id='".$username."' or account_email='".$username."') and account_status='A'";
$db->query($sql);
if (!$db->next_record()) {
##If these account have been endorsed as trustworthy, we can, at this point, create an account for the user
if ($create_account) {
#$adminUser=1;
/*$s3ql=array('user_id'=>$adminUser,'db'=>$db);
$s3ql['insert']='user';
$s3ql['where']['user_id']=$email;
$s3ql['where']['email']=$email;
$done = S3QLaction($s3ql);
*/
$sql = "insert into s3db_account (account_id, account_lid,account_pwd,account_uname,account_email,account_addr_id,created_on,created_by,account_status,account_type) values ('" . $account_id . "','" . $userLabel . "','" . random_string(15) . "','" . $email . "','" . $email . "','0','now()','1','A','u')";
$db->query($sql);
$user_info = array('account_id' => $account_id, 'account_lid' => $userLabel, 'account_type' => 'r');
} elseif (is_file($GLOBALS['uploads'] . '/userManage.s3db')) {
$user_proj = unserialize(file_get_contents($GLOBALS['uploads'] . '/userManage.s3db'));
if (!$user_proj) {
return array(false, "User project does not exist");
exit;
}
$sql = "select * from s3db_statement where rule_id = '" . $user_proj['email']['rule_id'] . "' and value = '" . $username . "'";
$db->query($sql);
if ($db->next_record()) {
$item_id = $db->f('resource_id');
if ($item_id) {
$sql = "select * from s3db_statement where resource_id = '" . $item_id . "' and rule_id = '" . $user_proj['user_id']['rule_id'] . "'";
$db->query($sql);
if ($db->next_record()) {
$sql = "select * from s3db_account where account_status = 'A' and account_id = '" . ereg_replace('^U', '', $db->f('value')) . "'";
$db->query($sql);
if ($db->next_record()) {
$user_info = array('account_id' => ereg_replace('^U', '', $db->f('value')), 'account_type' => 'u');
}
} else {
return array(false, '');
}
} else {
return array(false, '');
}
} else {
return array(false, '');
}
} else {
return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'User ' . $username . ' does not have permission in this deployment. If you think you should have permission, please inform the administrator of this deployment.', $format, ''));
$valid = 0;
exit;
}
} else {
$key = $token;
$user_info = array('account_id' => $account_id, 'account_lid' => $username, 'account_type' => 'r');
# $user_info = array('account_id'=>$username, 'account_type'=>'r');
if (strtotime($expires) > strtotime(date('Y-m-d', time() + 1 * 24 * 60 * 60))) {
return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'S3DB received a key which expires after 24h. For security reasons, a key must be valid for 24h or less', $format, ''), $user_info);
exit;
}
}
} else {
return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], $token, $format, ''));
}
} else {
#local user was validated
$key = random_string(15);
$expires = date('Y-m-d', time() + 1 * 24 * 60 * 60);
}
if ($valid) {
$user_id = $user_info['account_id'];
create_log($user_id, $db);
if ($createkey) {
if (!$key) {
$key = random_string(15);
}
if (!$expires) {
$expires = date('Y-m-d', time() + 1 * 24 * 60 * 60);
}
$inputs = array('key_id' => $key, 'expires' => $expires, 'notes' => 'Key generated automatically via API', 'account_id' => $user_id);
$added = add_entry('access_keys', $inputs, $db);
$data[0] = $inputs;
$letter = 'E';
$pack = compact('data', 'user_id', 'db', 'letter', 't', 'format');
if ($added) {
return array(true, completeDisplay($pack), $user_info);
exit;
} else {
return array(false, formatReturn('2', 'Your authentication was valid but a key could not be created.', $format, ''));
exit;
}
} else {
$db = CreateObject('s3dbapi.db');
$db->Halt_On_Error = 'no';
$db->Host = $GLOBALS['s3db_info']['server']['db']['db_host'];
$db->Type = $GLOBALS['s3db_info']['server']['db']['db_type'];
$db->Database = $GLOBALS['s3db_info']['server']['db']['db_name'];
$db->User = $GLOBALS['s3db_info']['server']['db']['db_user'];
$db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass'];
$db->connect();
$_SESSION['db'] = $db;
$_SESSION['user'] = $user_info;
return array(true, formatReturn('0', 'User validated.', $format, ''), $user_info);
exit;
}
} else {
return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid username and password', $format, ''));
exit;
}
} elseif ($username != '') {
return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid password', $format, ''));
exit;
} elseif ($password != '') {
return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid username', $format, ''));
exit;
} else {
return array(false, formatReturn($GLOBALS['error_codes']['something_missing'], 'Please provide a valid username and password', $format, ''));
exit;
}
}
$ordinamento = $_POST['ordinamento'];
if ($cubename_sel == "") {
$parametri = $_GET['parametri'];
list($cubename_sel, $level_ser, $colonna, $ordinamento, $slice) = explode("*", $parametri);
$levels = explode("-", $level_ser);
}
printHTMLHead($stylefile, $jsfile);
printBar($cubename_sel, $levels, $img_back, $img_save, $img_home, $img_pdf, $img_csv, $img_share, $img_email, $img_weka);
print "<script>init_report(\"{$colonna}\",\"{$ordinamento}\");</script>";
$level_ser = implode("-", $levels);
//print "LEV $level_ser<br>";
$query = SQLgenerator2($cubename_sel, $level_ser, $slice, $colonna, $ordinamento);
$result = exec_query($query);
print "<center>";
print "<div id=divReport>";
printReport($cubename_sel, $levels, $result);
print "</div>";
print "</center>";
//*********************************************maschere
include "slice/slice_mask.php";
include "drill/drill_mask.php";
include "hier/hier_mask.php";
include "dim/dim_mask.php";
include "drill-across/drill_mask.php";
include "pivoting/pivoting_mask.php";
print "<div id='share_fb' style='z-index:300; visibility:hidden;background-color: white; width:200px; height:100px; border: 2px grey solid;position:absolute;top:100px;left:150px;'>";
print "</div>";
print "<div id='DIVsend_email' style='z-index:300; visibility:hidden;background-color: white; width:500px; height:260px; border: 2px grey solid;position:absolute;top:100px;left:150px;'>";
print "</div>";
create_log($query);
<?php
include '../init.php';
//Log the action. First argument is the user's id, second is a string describing the action taken.
create_log($_SESSION['id'], "Exported Data");
// pd.gender
global $db;
$fields = $_POST['field'];
$array_length = count($fields);
$counter = 0;
$sql = "SELECT";
$csv = "";
while ($counter < $array_length) {
switch ($fields[$counter]) {
case '1':
$sql .= " pd.gender";
$csv .= "gender";
break;
case '2':
$sql .= " pd.alcohol_usage";
$csv .= "alcohol_usage";
break;
case '3':
$sql .= " pd.has_history_tobacco";
$csv .= "has_history_tobacco";
break;
case '4':
$sql .= " pp.has_pain_now";
$csv .= "has_pain_now";
break;
case '5':
function login()
{
$user_name = $this->input->post('username');
$password = $this->input->post('password');
$query = $this->auth_model->check_login($user_name, $password, 'result');
if ($query->num_rows() > 0) {
$row = $query->row();
$ok = 0;
if ($row->user_type == 1) {
$ok = 1;
} else {
if ($row->confirmed == 1) {
$ok = 1;
} else {
$ok = -0;
}
}
if ($ok == 1) {
create_log($row->user_name);
if ($this->input->post('remember')) {
$this->auth_model->set_login_cookie($row->user_name);
}
$this->session->set_userdata('user_id', $row->id);
$this->session->set_userdata('user_type', $row->user_type);
$this->session->set_userdata('user_name', $row->user_name);
$this->session->set_userdata('user_email', $row->user_email);
if ($this->session->userdata('req_url') != '') {
redirect($this->session->userdata('req_url'));
} else {
$lang = $this->input->post('lang');
redirect(site_url('admin', $lang));
}
} else {
$data = array('error' => '<div class="alert alert-danger" style="margin-top:10px;">' . lang_key('account_not_confirmed') . '</div>');
load_admin_view('login_view', $data);
}
} else {
$data = array('error' => '<div class="alert alert-danger" style="margin-top:10px;">' . lang_key('login_failed') . '</div>');
load_admin_view('login_view', $data);
}
}
<?php
include "core/init.php";
if (!logged_in()) {
header("Location: index.php");
}
//Log the action. First argument is the user's id, second is a string describing the action taken.
create_log($_SESSION['id'], "Searched a patient");
if (!isset($_GET['tab'])) {
$tab = 'demographics';
} else {
$tab = clean_up($_GET['tab']);
}
include "templates/header.php";
include "templates/navbar.php";
include "templates/patient-info-content.php";
include "templates/footer.php";
function delete_appointment()
{
//Log the action. First argument is the user's id, second is a string describing the action taken.
create_log($_SESSION['id'], "Deleted patient appointment");
global $db;
$slot_id = clean($_POST['slot_id']);
$query = "DELETE FROM Schedule WHERE slot_id = ?";
/* prepare statement */
if (!($stmt = $db->prepare($query))) {
echo "Prepare failed: (" . $db->errno . ") " . $db->error;
}
if (!$stmt->bind_param("s", $slot_id)) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$rows_affected = $stmt->affected_rows;
$stmt->close();
if ($rows_affected == 1) {
die("OK");
}
//no need for JSON here
}
