Exemplo n.º 1
0
     $sender_id = $_SESSION['mid'];
     $sid_query = "SELECT sid FROM Mothers_Scientists where mid={$sender_id}";
     $result = mysql_query($sid_query);
     if (!$result) {
         error_log(mysql_error());
     }
     $row = mysql_fetch_row($result);
     $recipient_id = $row[0];
     $meta = INBOX_SENDER_MOTHER | INBOX_RECIPIENT_SCIENTIST | INBOX_MESSAGE_UNREAD;
 } else {
     if (isset($_SESSION['sid'])) {
         // A consultant is sending a message to one of the mothers.
         $sender_id = $_SESSION['sid'];
         $recipient_id = (int) $_REQUEST['mailto'];
         // cast to an int to avoid sql exploits
         if (!can_access_mother($recipient_id)) {
             header('Content-type: application/json');
             die('{ "error": "You are not authorized to send mail to this mother." }');
         }
         $meta = INBOX_SENDER_SCIENTIST | INBOX_RECIPIENT_MOTHER | INBOX_MESSAGE_UNREAD;
     }
 }
 $query = "INSERT INTO Inbox \n              (`message`, `messageDate`, `senderId`, `recipientId`, `metadata`)\n              VALUES\n              ('" . mysql_real_escape_string(urldecode($_REQUEST['message'])) . "', NOW(), {$sender_id}, {$recipient_id}, {$meta});";
 $result = mysql_query($query);
 if (!$result) {
     error_log(mysql_error());
 } else {
     header('Content-type: application/json');
     $response = array("message" => "Your message was sent", "timestamp" => date("U"), "id" => mysql_insert_id(), "content" => urldecode($_REQUEST['message']), "sent" => true);
     if ($jsonp) {
         echo "{$callback}(";
Exemplo n.º 2
0
            return _("System Feedback");
        case ACTION_SYSTEM_PERCEPTION:
            return _("System Perception");
        case ACTION_BREASTFEEDING_FOLLOWUP:
            return _("Breastfeeding Followup");
        case ACTION_SELF_EFFICACY:
            return _("Self Efficacy");
        case ACTION_BREASTFEEDING_EVALUATION:
            return _("Breastfeeding Evaluation");
        case ACTION_POSTNATAL_DEPRESSION:
            return _("Postnatal Depression");
        default:
            return "";
    }
}
if (!can_access_mother((int) $_POST['mid'])) {
    header("HTTP/1.0 403 Forbidden");
    die("<h1>Forbidden</h1>");
}
$survey = $_POST["survey"];
$query = "SELECT * FROM " . surveyTable($survey) . " WHERE mid in ( %s );";
if (isset($_POST['downloadAll'])) {
    if ($_SESSION['admin'] == SUPER_ADMIN) {
        $query = sprintf($query, "SELECT M.mid FROM Mothers M");
    } else {
        if ($_SESSION['admin'] == HOSPITAL_ADMIN) {
            $query = sprintf($query, "SELECT M.mid FROM Mothers M where M.hospital_id = " . $_SESSION['hospital_id']);
        } else {
            $query = sprintf($query, "SELECT M.mid FROM Mothers M,Mothers_Scientists MS where M.mid=MS.mid AND MS.sid=" . $_SESSION['sid']);
        }
    }