$_SESSION['error'] = "User already found in database, please retry."; // Else return with 'not exists' message } } $_SESSION[$include] = $data; header("Location:index.php?page={$include}"); exit; break; case 'usereg': if (isset($_POST['userID']) && is_numeric($_POST['userID'])) { $userEdit = new eCRFUser($_POST['userID']); if ($userEdit->getPrivilege() > 90 && $_POST['usereg-privilege_id'] < 90) { $_SESSION['error'] = "You must use the User Admin screen to authorise new users."; } elseif ($userEdit->getPrivilege() < $user->getPrivilege() || $user->getPrivilege() > $_POST['usereg-privilege_id']) { $_SESSION['error'] = "You cannot edit a user with greater privilege than yourself."; } elseif ($userEdit->getCentre() != $user->getCentre() && $user->isLocal()) { $_SESSION['error'] = "You cannot edit users from other centres."; } elseif ($userEdit->getCountry() != $user->getCountry() && !$user->isCentralAdmin()) { $_SESSION['error'] = "You cannot edit users from other countries."; } elseif ($userEdit->getID() !== $user->getID() && $_POST['deleteUser'] === '1') { $userEdit->deleteUser(); $_SESSION['message'] = "You have deleted the user."; } else { if ($trial->addUserInput($_POST, $userEdit)) { if ($_POST['usereg-revalUser'] === '1') { $password = $userEdit->generatePassword(); // Generate new password $userEdit->setPassword($password, $user->getKey()); // Set it for the user $email = $userEdit->writeEmail('created', $user, $password); // Send email with username and password
public function getFormFields($page = NULL, $multiple = false, $multiSuffix = NULL, $record = NULL) { if (!$page) { $page = $this->getPage(); } Timer::start(); $fields = array(); if ($multiple) { if (!isset($this->multipleFormFields[$page])) { $sql = "SELECT id, labelText, fieldName, defaultVal,\n\t\t\t\t \ttype, toggle, mandatory, multiple, size, class \t\t \n\t\t\t\t FROM formFields \n\t\t\t\t WHERE pages_name=? \n AND multiple = ?\n\t\t\t\t ORDER BY entryorder"; $pA = array('ss', $page, $multiple); $result = $this->multipleFormFields[$page] = DB::query($sql, $pA); } else { $result = $this->multipleFormFields[$page]; } } else { if (!isset($this->formFields[$page])) { $sql = "SELECT formFields.id, IFNULL( label_text, formFields.labelText ) as label_text, fieldName, defaultVal,\n\t\t\t\t\ttype, toggle, mandatory, size, class, readonly\t\t \n\t\t\t\tFROM formFields\n\t\t\t\tLEFT JOIN formFields_labels\n\t\t\t\tON formFields.id = formFields_id AND language_code = '{$this->getFormLanguage()}' \n\t\t\t\tWHERE pages_name=? \n AND multiple IS NULL\t\t\t\n\t\t\t\tORDER BY entryorder"; $pA = array('s', $page); $result = $this->formFields[$page] = DB::query($sql, $pA); } else { $result = $this->formFields[$page]; } } $excluded = $this->getExcludedFormFields($record); $counter = 1; foreach ($result->rows as $row) { if (in_array($row->id, $excluded)) { continue; } if (!$row->fieldName) { $row->fieldName = $counter++; } if ($row->type != 'data') { $name = "{$page}-{$row->fieldName}"; // Prepends the name with the current page } else { $name = $row->fieldName; } if ($multiSuffix) { $name .= "_{$multiSuffix}"; } $fields[$name]['type'] = $row->type; $fields[$name]['label'] = $row->label_text; $fields[$name]['toggle'] = $row->toggle; $fields[$name]['mandatory'] = $row->mandatory; $fields[$name]['default'] = $row->defaultVal; $fields[$name]['size'] = $row->size; $fields[$name]['readonly'] = $row->readonly; $fields[$name]['class'] = $row->class; if ($row->type == 'checkbox' || $row->type == 'radio') { // Add checkbox options from validation table if (!isset($this->checkboxRadioOptions[$row->id])) { $options = array(); $sql = "SELECT value, special FROM formVal \n WHERE formFields_id = ?\n AND operator = 'IN LIST'\n ORDER BY groupNum"; $pA = array('i', $row->id); $getTable = DB::cleanQuery($sql, $pA); if ($getTable->getRows() > 1) { $sql = "SELECT a.option_value, IFNULL( b.option_text, a.option_text ) as option_text \n\t\t\t\t\tFROM {$getTable->value} a \n\t\t\t\t\tLEFT JOIN {$getTable->value} b \n\t\t\t\t\tON a.option_value = b.option_value AND b.language_code = '{$this->language}' "; if ($getTable->value != 'centre') { $sql .= "WHERE a.language_code = 'en' "; } $sql .= "ORDER BY a.option_order"; $result = DB::query($sql); foreach ($result->rows as $row) { $this->addOption($row->option_text, $row->option_value); } } else { $sql = "SELECT a.option_value, IFNULL( b.option_text, a.option_text ) as option_text \n\t\t\t\t\t\tFROM {$getTable->value} a \n\t\t\t\t\t\tLEFT JOIN {$getTable->value} b \n\t\t\t\t\t\tON a.option_value = b.option_value AND b.language_code = '{$this->language}' \n\t\t\t\t\t\tWHERE a.language_code = 'en' ORDER BY a.option_order"; $ref = DB::query($sql); } foreach ($ref->rows as $rRow) { $options[$rRow->option_value] = $rRow->option_text; } $fields[$name]['options'] = $this->checkboxRadioOptions[$row->id] = $options; } else { $fields[$name]['options'] = $this->checkboxRadioOptions[$row->id]; } } if ($row->type == 'select') { // Adds select options from table if (!isset($this->selectOptions[$row->id])) { $options = array(); $sql = "SELECT value, special, operator FROM formVal \n WHERE formFields_id = ? ORDER BY groupNum"; $pA = array('i', $row->id); $getTable = DB::query($sql, $pA); foreach ($getTable->rows as $vRow) { $filterNum = NULL; switch ($vRow->operator) { case 'IN LIST': if ($vRow->special == 'FILTER') { $filter = explode('-', $vRow->value); $filterNum = $this->record->getField($filter[0], $filter[1]); } else { $refTable = DB::clean($vRow->value); $order = $vRow->special == 'ALPHA' ? 'name' : 'option_order'; if (strpos($refTable, '-')) { $filterBy = explode('-', $refTable); $refTable = $filterBy[0]; $filterTable = $filterBy[1]; } else { $filterTable = NULL; } $sql = "SELECT a.option_value, IFNULL( b.option_text, a.option_text ) as option_text\n\t\t\t\t\t\t\t\t\tFROM {$refTable} a \n\t\t\t\t\t\t\t\t\tLEFT JOIN {$refTable} b\n\t\t\t\t\t\t\t\t\tON a.option_value = b.option_value AND b.language_code = '{$this->language}' "; if ($filterTable) { $sql .= "RIGHT JOIN {$filterTable} c\n ON a.id = c.{$refTable}_id "; } if ($refTable != 'centre') { $sql .= "WHERE a.language_code = 'en' "; } $sql .= "ORDER BY a.{$order}"; $ref = DB::query($sql); } break; case 'NOT IN LIST': $excludeArr = explode(',', $vRow->value); break; default: if ($vRow->special == 'REFERENCE') { $valArr = explode('-', $vRow->value); if ($valArr[0] == 'user') { $valNum = $_SESSION['user']->get($valArr[1]); } foreach ($ref->rows as $key => $rRow) { if ($valNum > $rRow->option_value) { unset($ref->rows[$key]); } } } break; } } foreach ($ref->rows as $rRow) { if (isset($excludeArr) && in_array($rRow->option_value, $excludeArr)) { continue; } if ($row->fieldName == 'centre_id') { // If making fields for centre_id and user is only allowed local then restrict to local if (isset($this->user) && $this->user->isLocal() && $rRow->option_value != $this->user->getCentre()) { continue; } else { $options[$rRow->option_value] = $rRow->option_text; } } else { if (isset($filterNum)) { $filterRef = explode(',', $rRow->filterRef); if (!in_array($filterNum, $filterRef)) { continue; } $options[$rRow->option_value] = $rRow->option_text; } else { $options[$rRow->option_value] = $rRow->option_text; } } } $fields[$name]['options'] = $this->selectOptions[$row->id] = $options; } else { $fields[$name]['options'] = $this->selectOptions[$row->id]; } } if ($row->type == 'number') { // Gets potential units for units table $unit = array(); $sql = "SELECT unit, conversion, decimal_places FROM units WHERE number = ? ORDER BY unitorder"; $pA = array('s', $row->fieldName); $ref = DB::query($sql, $pA); foreach ($ref->rows as $rRow) { $unit[$rRow->unit]['conversion'] = $rRow->conversion; $unit[$rRow->unit]['decimals'] = $rRow->decimal_places; } $fields[$name]['unit'] = $unit; } if ($row->type == 'multiple') { $page = substr($name, 0, strpos($name, "-")); // Split out class and name from input field $name = substr($name, strpos($name, "-") + 1); $data = $this->record->getData($page); $number = $data->get($name); if ($number) { for ($i = 0; $i < $number; $i++) { $fields = array_merge($fields, $this->getFormFields($page, $name, $i + 1)); } } } } $getFormFields = $fields; $this->fields = $getFormFields; return $getFormFields; }