</div>
</div>
</div>
<?php
printFooter();
printFoot();
die;
} else {
throw403();
}
}
$extraHeadCode = "<script>";
$extraHeadCode .= "var channel = \"{$channel}\";";
$extraHeadCode .= "var channelCoebotData = " . json_encode($channelCoebotData) . ";";
$extraHeadCode .= "var userAccessLevel = " . getUserAccessLevel($channel) . ";";
$extraHeadCode .= "</script>";
if (!isCookieTrue("experimentalFeatures")) {
$extraHeadCode .= "<style>.js-commands-addbtn, .js-commands-editcolumn, .js-quotes-addbtn, .js-quotes-editcolumn, .js-autoreplies-addbtn, .js-autoreplies-editcolumn, .hidden-if-experimental { display: none!important; }</style>";
}
if (!isCookieTrue("showWhalePenis")) {
$extraHeadCode .= "<style>.whale-penis { display: none!important; }</style>";
}
printHead($channelCoebotData["displayName"], array("/css/channel.css"), array("//cdn.datatables.net/1.10.4/js/jquery.dataTables.min.js", "//cdn.datatables.net/plug-ins/9dcbecd42ad/integration/bootstrap/3/dataTables.bootstrap.js", "/js/later.min.js", "/js/prettycron.js", "/js/channel.js"), $extraHeadCode);
printNav('', true);
?>
<div class="container-fluid">
<div class="row" role="tabpanel">
<div class="sidebar">
<div class="panel panel-default channel-sidebar-panel">
function cancelReservation(Reservation $informationroom)
{
error_log("will do the actual insert to the database");
//retrieves the sw, and gets id, firstname and lastname
$currentUser = getUserProfileID();
// if the person doing the edit is a social worker, add their name and id to the reservation
// activity record
if (getUserAccessLevel() == 1) {
$sw = retrieve_UserProfile_SW($currentUser);
$swObject = current($sw);
// there is only one record in the returned array, so get it
// consider changing this code
$informationroom->set_socialWorkerProfileId($swObject->get_swProfileId());
$informationroom->set_swFirstName($swObject->get_swFirstName());
$informationroom->set_swLastName($swObject->get_swLastName());
$informationroom->set_swDateStatusSubmitted(date("Y-m-d H:i:s"));
$informationroom->set_status("Unconfirmed");
} else {
if (getUserAccessLevel() == 2) {
$rmhStaff = retrieve_UserProfile_RMHApprover_OBJ($currentUser);
$informationroom->set_rmhStaffProfileId($rmhStaff->get_rmhStaffProfileId());
$informationroom->set_rmhStaffFirstName($rmhStaff->get_rmhStaffFirstName());
$informationroom->set_rmhStaffLastName($rmhStaff->get_rmhStaffLastName());
$informationroom->set_rmhDateStatusSubmitted(date("Y-m-d H:i:s"));
$informationroom->set_status("Confirmed");
}
}
$informationroom->set_activityType("Cancel");
// insert a new activity record with a Cancel status
// because we keep track of all changes, never update
// the current activity record. instead, insert a new one
// with the same request id but new activity id
$retval = insert_RoomReservationActivity($informationroom);
return $retval;
}
function updateFamilyProfile(Family $familyProfile)
{
error_log("in updateFamilyProfile will do the actual insert to the database");
$activityType = "Edit";
//retrieves the sw, and gets id, firstname and lastname
$currentUser = getUserProfileID();
$swID = "";
$swFirstName = "";
$swLastName = "";
$rmhStaffProfileId = "";
$rmhStaffFirstName = "";
$rmhStaffLastName = "";
$dateSWSubmit = 'NULL';
$dateRMHApproved = 'NULL';
// if the person doing the edit is a social worker, add their name and id to the reservation
// activity record
if (getUserAccessLevel() == 1) {
$rmhStaffProfileId = 'NULL';
$sw = retrieve_UserProfile_SW($currentUser);
$swObject = current($sw);
// there is only one record in the returned array, so get it
// consider changing this code
$swID = $swObject->get_swProfileId();
// $swFirstName = $swObject->get_swFirstName();
// $swLastName=$swObject->get_swLastName();
$status = "Unconfirmed";
$dateSWSubmit = date("Y-m-d H:i:s");
} else {
if (getUserAccessLevel() == 2) {
$rmhStaff = retrieve_UserProfile_RMHApprover_OBJ($currentUser);
$rmhStaffProfileId = $rmhStaff->get_rmhStaffProfileId();
// $rmhStaffFirstName = $rmhStaff->get_rmhStaffFirstName();
// $rmhStaffLastName = $rmhStaff->get_rmhStaffLastName();
$status = "Confirmed";
$dateRMHApproved = date("Y-m-d H:i:s");
}
}
// only if this is an RMH staff approval
// insert_FamilyProfile($familyProfile);
error_log('in updateFamilyProfile, familyProfileId is ' . $familyProfile->get_familyProfileId());
// only insert an activity record - will insert change into FamilyProfile table only if
// approved
$currentProfileActivity = new ProfileActivity(0, 0, $familyProfile->get_familyProfileId(), $swID, $rmhStaffProfileId, $dateSWSubmit, $dateRMHApproved, $activityType, $status, $familyProfile->get_parentfname(), $familyProfile->get_parentlname(), $familyProfile->get_parentemail(), $familyProfile->get_parentphone1(), $familyProfile->get_parentphone2(), $familyProfile->get_parentaddress(), $familyProfile->get_parentcity(), $familyProfile->get_parentstate(), $familyProfile->get_parentzip(), $familyProfile->get_parentcountry(), $familyProfile->get_patientfname(), $familyProfile->get_patientlname(), $familyProfile->get_patientrelation(), $familyProfile->get_patientdob(), $familyProfile->get_patientformpdf(), $familyProfile->get_patientnotes(), $familyProfile->get_patientnotes());
$retval = insert_ProfileActivity($currentProfileActivity);
return $retval;
}
* It comes with absolutely no warranty. You can redistribute and/or
* modify it under the terms of the GNU Public License as published
* by the Free Software Foundation (see <http://www.gnu.org/licenses/).
*/
/**
* Navigation script for RMH-RoomReservationMaker.
* This file includes the navigation based on user permission level
* This file is automatically included in the header.php file
* @author Prayas Bhattarai
* @version May 1, 2012
*/
//avoid direct access to the page:
if (!defined('PARENT')) {
die('Restricted access');
}
$userAccess = getUserAccessLevel();
error_log("in navigation.php, user access level is {$userAccess}");
//Navigation items are set automatically based on the page name. It can be overriden by assigning the page name to $navItem
//So for pages that are linked from the navigation menu, their $navItem is set automatically. But pages that are child pages of
//a menu item, which doesn't have a direct link from the navigation, their $navItem has to be set to one of the pages in the left menu
//this is done to highlight the current selected page
if (!isset($navItem)) {
$navItem = basename($_SERVER['PHP_SELF']);
}
?>
<nav class="navpane">
<ul>
<!--navigation links available to all members -->
<li data-href="<?php
echo BASE_DIR . '/index.php';
$rmhparentName = $reservation->get_parentLastName() . ", " . $reservation->get_parentFirstName();
$rmhDatasubmit = $reservation->get_rmhDateStatusSubmitted();
$rmhbeginDate = $reservation->get_beginDate();
$rmhEndDate = $reservation->get_endDate();
$rmhActivity = $reservation->get_activityType();
$rmhStatus = $reservation->get_status();
echo '<tr>';
echo '<td>' . "<a href=EditReservation.php?id={$rmhRequestID}> {$rmhRequestID}" . '</td>';
echo '<td>' . $rmhSocialWorkerName . '</td>';
echo '<td>' . $rmhStaffName . '</td>';
echo '<td>' . $rmhparentName . '</td>';
echo '<td>' . $rmhDatasubmit . '</td>';
echo '<td>' . $rmhbeginDate . '</td>';
echo '<td>' . $rmhEndDate . '</td>';
echo '<td>' . $rmhActivity . '</td>';
if (getUserAccessLevel() > 1) {
//if the user is an approver, let the user modify the status
$link = '<a href="' . BASE_DIR . '/reservation/activity.php?type=reservation&request=' . $rmhRequestID . '">' . $rmhStatus . '</a>';
echo '<td>' . $link . '</td>';
} else {
echo '<td>' . $rmhStatus . '</td>';
}
echo '</tr>';
}
echo '</table>';
echo '</div>';
// displayChooseRequestIDDropDown($foundReservations);
}
} else {
if (isset($_POST['form_token']) && !validateTokenField($_POST)) {
displayErrorMsg('The request could not be completed: security check failed!');
function getChannelWithAuthOrDie($userAccessLevel, $useJson = false)
{
$channel = getParam('channel');
if (!validateChannel($channel)) {
respondMessage("invalid parameter (channel)");
return NULL;
}
if (getUserAccessLevel($channel) < $userAccessLevel) {
respondMessage("not authorized");
return NULL;
}
return $channel;
}
/**
* checkDefaultPassword function that checks if the currently logged in user is using a default password. Sets a session message which is displayed when the user is redirected to the index page, which suggests the user to change their password.
* @author Prayas Bhattarai
* @return boolean
*/
function checkDefaultPassword()
{
$userProfile = retrieveCurrentUserProfile();
$currentPass = $userProfile->get_password();
if (getUserAccessLevel() == 1) {
//use functions for social workers
$fname = $userProfile->get_swFirstName();
$phone = $userProfile->get_swphone();
} else {
if (getUserAccessLevel() > 1) {
//use functions for rmh staff
$fname = $userProfile->get_rmhStaffFirstName();
$phone = $userProfile->get_rmhStaffPhone();
} else {
return false;
}
}
$defaultPass = trim(strtolower($fname)) . trim(substr($phone, -4));
$defaultPass = getHashValue($defaultPass);
if ($defaultPass != $currentPass) {
return true;
} else {
setSessionMessage(array('default_pass' => 'You are using the default password for your account. It is advised that you change your password immediately by clicking on the "Manage Account" section.'));
}
}
function retrieveCurrentUserProfile()
{
//since access level is stored in the session, use that to find the user category
//1 is for social worker
//2 is for staff approver
//3 is for admin
//if there is a db function available for this, this function is not needed
$accessLevel = getUserAccessLevel();
$userProfileId = getUserProfileID();
switch ($accessLevel) {
case 1:
return retrieve_UserProfile_SW_OBJ($userProfileId);
break;
case 2:
return retrieve_UserProfile_RMHApprover_OBJ($userProfileId);
break;
case 3:
$userProfile = retrieve_UserProfile_RMHAdmin($userProfileId);
return is_array($userProfile) ? current($userProfile) : false;
break;
default:
return false;
break;
}
}
