$relQ->insert($idPatient, $_POST["check"][$i]); if ($relQ->isError()) { if ($relQ->getDbErrno() == 1062) { $relQ->clearErrors(); } else { $relQ->close(); Error::query($relQ); } } else { /** * Record log process */ $recordQ->log("Query_Relative", "INSERT", array($idPatient, $_POST["check"][$i])); } } $recordQ->close(); unset($recordQ); $relQ->close(); unset($relQ); /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(_("Relatives have been added.")); //$returnLocation = "../medical/relative_list.php?id_patient=" . $idPatient; // controlling var $returnLocation = "../medical/relative_list.php"; // controlling var header("Location: " . $returnLocation);
echo HTML::insertScript('md5.js'); echo HTML::insertScript('password.php'); } if (isset($focusFormField) && !empty($focusFormField)) { echo HTML::start('script', array('src' => '../js/focus.php?field=' . $focusFormField, 'type' => 'text/javascript')); echo HTML::end('script'); } echo HTML::end('head'); echo HTML::start('body'); require_once "../layout/component.php"; echo HTML::start('div', array('id' => 'wrap')); echo HTML::start('div', array('id' => 'header')); echo appLogo(); echo HTML::para(HTML::link(_("Skip over navigation"), '#main', null, array('accesskey' => 2)), array('id' => 'skip_navigation')); echo shortcuts(isset($tab) ? $tab : null, isset($nav) ? $nav : null); if (isset($tab)) { echo menuBar($tab); } echo HTML::end('div'); // #header echo HTML::rule(); echo HTML::start('div', array('id' => 'main')); echo HTML::start('div', array('id' => 'content')); if (defined("OPEN_DEMO") && OPEN_DEMO) { echo Msg::info(_("This is a demo version")); } /** * Display "public" message(s) from controller if available */ echo FlashMsg::get();
* Retrieving var (PGS) */ $idPatient = Check::postGetSessionInt('id_patient'); $patient = new Patient($idPatient); if ($patient->getName() == '') { FlashMsg::add(_("Beneficiário não cadastrado."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } /** * Search database */ $historyQ = new Query_History(); if (!$historyQ->selectPersonal($idPatient)) { $historyQ->close(); FlashMsg::add(_("Beneficiário não cadastrado."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } $history = $historyQ->fetch(); if ($history) { $formVar["id_patient"] = $history->getIdPatient(); $formVar["birth_growth"] = $history->getBirthGrowth(); $formVar["growth_sexuality"] = $history->getGrowthSexuality(); $formVar["feed"] = $history->getFeed(); $formVar["habits"] = $history->getHabits(); $formVar["peristaltic_conditions"] = $history->getPeristalticConditions(); $formVar["psychological"] = $history->getPsychological(); $formVar["children_complaint"] = $history->getChildrenComplaint(); $formVar["venereal_disease"] = $history->getVenerealDisease(); $formVar["accident_surgical_operation"] = $history->getAccidentSurgicalOperation();
require_once "../lib/Check.php"; /** * Retrieving get vars */ $idUser = intval($_GET["id_user"]); $login = Check::safeText($_GET["login"]); $currentPage = isset($_GET["page"]) ? intval($_GET["page"]) : 1; /** * Search user accesses */ $accessQ = new Query_Page_Access(); $accessQ->setItemsPerPage(OPEN_ITEMS_PER_PAGE); $accessQ->searchUser($idUser, $currentPage); if ($accessQ->getRowCount() == 0) { $accessQ->close(); FlashMsg::add(sprintf(_("No logs for user %s."), $login)); header("Location: " . $returnLocation); exit; } /** * Show page */ $title = _("Access Logs"); require_once "../layout/header.php"; /** * Breadcrumb */ $links = array(_("Admin") => "../admin/index.php", _("Users") => $returnLocation, $title => ""); echo HTML::breadcrumb($links, "icon icon_user"); unset($links); echo HTML::section(2, sprintf(_("Access Logs List for user %s"), $login) . ":");
$oldAbort = ignore_user_abort(true); /** * Update patient */ $patQ = new Query_Page_Patient(); if ($patQ->existName($pat->getFirstName(), $pat->getSurname1(), $pat->getSurname2(), $pat->getIdPatient())) { $patQ->close(); FlashMsg::add(sprintf(_("O nome do beneficiário, %s, está em uso. As mudanças não terão efeito."), $patName), OPEN_MSG_WARNING); header("Location: " . $returnLocation); exit; } $patQ->update($pat); $patQ->close(); unset($patQ); unset($pat); /** * Record log process */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Page_Patient", "UPDATE", array($idPatient)); $recordQ->close(); unset($recordQ); /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(_("Beneficiário atualizado com sucesso.")); header("Location: " . $returnLocation);
if ($errorFound) { Form::setSession(Check::safeArray($_POST), $formError); $_SESSION['auth']['last_login'] = $loginSession; if (isset($sessLoginAttempts)) { $_SESSION['auth']['login_attempts'] = $sessLoginAttempts; } header("Location: ../auth/login_form.php"); exit; } /** * Redirect to index page if suspended */ if (!$user->isActived()) { $_SESSION = array(); // deregister all current session variables FlashMsg::add(_("Your user account has been suspended. Contact with administrator to resolve this problem."), OPEN_MSG_WARNING); header("Location: ../home/index.php"); exit; } /** * Insert new session row with random token */ $sessionQ = new Query_Session(); $token = $sessionQ->getToken($user->getLogin()); $sessionQ->close(); unset($sessionQ); /** * Insert new user access */ $accessQ = new Query_Page_Access(); $accessQ->insert($user);
} $problem = $problemQ->fetch(); if (!$problem) { $problemQ->close(); Error::fetch($problemQ); } $wording = $problem->getWording(); $delProblemQ = new Query_DelProblem(); $delProblemQ->insert($problem, $_SESSION['auth']['user_id'], $_SESSION['auth']['login_session']); unset($delProblemQ); unset($problem); } /** * Record log process (before deleting process) */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Page_Problem", "DELETE", array($idProblem)); $recordQ->close(); unset($recordQ); $problemQ->delete($idProblem); $problemQ->close(); unset($problemQ); /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(sprintf(_("Medical problem, %s, has been deleted."), $wording)); header("Location: " . $returnLocation);
* Destroy form values and errors */ Form::unsetSession(); /** * Prevent user from aborting script */ $oldAbort = ignore_user_abort(true); /** * Update problem */ $problemQ = new Query_Page_Problem(); $problemQ->update($problem); if ($problem->getClosingDate(false)) { FlashMsg::add(sprintf(_("Informações adicionais, %s, foram incluídos no prontuário do funcionário."), $problem->getWording())); } else { FlashMsg::add(sprintf(_("%s, dados atualizados."), $problem->getWording())); } $problemQ->close(); unset($problemQ); unset($problem); /** * Record log process */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Page_Problem", "UPDATE", array($idProblem)); $recordQ->close(); unset($recordQ); /** * Reset abort setting */ ignore_user_abort($oldAbort);
* Insert new patient */ $patQ = new Query_Page_Patient(); if ($patQ->existName($pat->getFirstName(), $pat->getSurname1(), $pat->getSurname2())) { $patQ->close(); FlashMsg::add(sprintf(_("Beneficiário %s, está em uso. As mudanças não serão realizadas."), $patName), OPEN_MSG_WARNING); header("Location: ../medical/patient_new_form.php"); exit; } $patQ->insert($pat); $idPatient = $patQ->getLastId(); $patQ->close(); unset($patQ); unset($pat); /** * Record log process */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Page_Patient", "INSERT", array($idPatient)); $recordQ->close(); unset($recordQ); /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(_("Beneficiário cadastrado.")); $returnLocation = "../medical/patient_view.php?id_patient=" . $idPatient; header("Location: " . $returnLocation);
require_once "../model/Patient.php"; require_once "../model/Problem.php"; /** * Retrieving vars (PGS) */ $idProblem = Check::postGetSessionInt('id_problem'); $idPatient = Check::postGetSessionInt('id_patient'); $patient = new Patient($idPatient); if ($patient->getName() == '') { FlashMsg::add(_("O beneficiário não existe."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } $problem = new Problem($idProblem); if (!$problem) { FlashMsg::add(_("O registro procurado não existe."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } if ($problem->getClosingDate() != "" && $problem->getClosingDate() != '0000-00-00') { $nav = "history"; } /** * Update session variables */ require_once "../lib/LastViewedPatient.php"; LastViewedPatient::add($idPatient, $patient->getName()); /** * Show page */ $title = $problem->getWordingPreview();
$oldAbort = ignore_user_abort(true); /** * Update patient */ $patQ = new Query_Page_Patient(); if ($patQ->existName($pat->getFirstName(), $pat->getSurname1(), $pat->getSurname2(), $pat->getIdPatient())) { $patQ->close(); FlashMsg::add(sprintf(_("Patient name, %s, is already in use. The changes have no effect."), $patName), OPEN_MSG_WARNING); header("Location: " . $returnLocation); exit; } $patQ->update($pat); $patQ->close(); unset($patQ); unset($pat); /** * Record log process */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Page_Patient", "UPDATE", array($idPatient)); $recordQ->close(); unset($recordQ); /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(_("Patient has been updated.")); header("Location: " . $returnLocation);
* Validate data */ $errorLocation = "../admin/theme_edit_form.php?key=" . intval($_POST["id_theme"]); // controlling var require_once "../model/Query/Theme.php"; $theme = new Theme(); $theme->setId($_POST["id_theme"]); $_POST["id_theme"] = $theme->getId(); require_once "../admin/theme_validate_post.php"; /** * Destroy form values and errors */ Form::unsetSession(); /** * Update theme */ $themeQ = new Query_Theme(); if ($themeQ->existCssFile($theme->getCssFile(), $theme->getId())) { FlashMsg: add(sprintf(_("Filename of theme, %s, already exists. The changes have no effect."), $theme->getName())); } else { $themeQ->update($theme); FlashMsg::add(sprintf(_("Theme, %s, has been updated."), $theme->getName())); } $themeQ->close(); unset($themeQ); unset($theme); /** * Redirect to $returnLocation to avoid reload problem */ header("Location: " . $returnLocation);
$set->setSessionTimeout($_POST["session_timeout"]); $_POST["session_timeout"] = $set->getSessionTimeout(); $set->setItemsPerPage($_POST["items_per_page"]); $_POST["items_per_page"] = $set->getItemsPerPage(); if (!$set->validateData()) { $formError["session_timeout"] = $set->getSessionTimeoutError(); $formError["items_per_page"] = $set->getItemsPerPageError(); Form::setSession($_POST, $formError); header("Location: ../admin/setting_edit_form.php"); exit; } /** * Destroy form values and errors */ Form::unsetSession(); /** * Update app settings */ $setQ = new Query_Setting(); $setQ->update($set); if (isset($_POST["id_theme"])) { $setQ->updateTheme($_POST["id_theme"]); } $setQ->close(); unset($setQ); unset($set); /** * Redirect to destiny to avoid reload problem */ FlashMsg::add(_("Data has been updated.")); header("Location: ../admin/setting_edit_form.php");
$relName = Check::safeText($_POST["name"]); /** * Prevent user from aborting script */ $oldAbort = ignore_user_abort(true); /** * Delete relative */ $relQ = new Query_Relative(); /** * Record log process (before deleting process) */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Relative", "DELETE", array($idPatient, $idRelative)); $recordQ->close(); unset($recordQ); $relQ->delete($idPatient, $idRelative); $relQ->close(); unset($relQ); /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(sprintf(_("Relative, %s, has been deleted."), $relName)); //$returnLocation = "../medical/relative_list.php?id_patient=" . $idPatient; // controlling var $returnLocation = "../medical/relative_list.php"; // controlling var header("Location: " . $returnLocation);
require_once "../model/Patient.php"; require_once "../model/Problem.php"; /** * Retrieving vars (PGS) */ $idProblem = Check::postGetSessionInt('id_problem'); $idPatient = Check::postGetSessionInt('id_patient'); $patient = new Patient($idPatient); if ($patient->getName() == '') { FlashMsg::add(_("O beneficiário em questão não possui cadastro."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } $problem = new Problem($idProblem); if (!$problem) { FlashMsg::add(_("Nenhum atendimento foi realizado até o momento."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } $formVar["id_problem"] = $idProblem; $formVar["id_patient"] = $idPatient; $formVar["order_number"] = $problem->getOrderNumber(); $formVar["opening_date"] = $problem->getOpeningDate(); if (!isset($formError)) { $formVar["last_update_date"] = $problem->getLastUpdateDate(); $formVar["id_member"] = $problem->getIdMember(); $formVar["closed_problem"] = $problem->getClosingDate() != "" && $problem->getClosingDate() != "0000-00-00" ? "checked" : ""; $formVar["meeting_place"] = $problem->getMeetingPlace(); $formVar["wording"] = $problem->getWording(); $formVar["subjective"] = $problem->getSubjective(); $formVar["objective"] = $problem->getObjective();
// remove redundant whitespace $searchText = preg_replace("/[[:space:]]+/i", " ", $searchText); // transform string in array of strings $arraySearch = Search::explodeQuoted($searchText); /** * Search database */ $patQ = new Query_Page_Patient(); $patQ->setItemsPerPage(OPEN_ITEMS_PER_PAGE); $patQ->search($searchType, $arraySearch, $currentPage, $logical, $limit); /** * No results message if no results returned from search. */ if ($patQ->getRowCount() == 0) { $patQ->close(); FlashMsg::add(sprintf(_("No results found for '%s'."), $searchText)); header("Location: ../medical/patient_search_form.php"); exit; } /** * Show patient view screen if only one result from query */ if ($patQ->getRowCount() == 1) { $pat = $patQ->fetch(); $patQ->freeResult(); $patQ->close(); header("Location: ../medical/patient_view.php?id_patient=" . $pat->getIdPatient()); exit; } /** * Show page
require_once "../model/Patient.php"; require_once "../model/Problem.php"; /** * Retrieving vars (PGS) */ $idProblem = Check::postGetSessionInt('id_problem'); $idPatient = Check::postGetSessionInt('id_patient'); $patient = new Patient($idPatient); if ($patient->getName() == '') { FlashMsg::add(_("That patient does not exist."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } $problem = new Problem($idProblem); if (!$problem) { FlashMsg::add(_("That medical problem does not exist."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } /** * Show page */ $title = _("View Medical Tests"); $titlePage = $patient->getName() . ' [' . $problem->getWordingPreview() . '] (' . $title . ')'; require_once "../layout/header.php"; /** * Breadcrumb */ $links = array(_("Medical Records") => "../medical/index.php", $patient->getName() => "../medical/patient_view.php", _("Medical Problems Report") => "../medical/problem_list.php", $problem->getWordingPreview() => "../medical/problem_view.php", $title => ""); echo HTML::breadcrumb($links, "icon icon_patient"); unset($links);
$idTest = Check::postGetSessionInt('id_test'); $patient = new Patient($idPatient); if ($patient->getName() == '') { FlashMsg::add(_("That patient does not exist."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } $problem = new Problem($idProblem); if (!$problem) { FlashMsg::add(_("That medical problem does not exist."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } $test = new Test($idProblem, $idTest); if (!$test) { FlashMsg::add(_("That medical test does not exist"), OPEN_MSG_ERROR); header("Location: ../medical/test_list.php"); exit; } /** * Show page */ $title = _("Delete Medical Test"); $titlePage = $patient->getName() . ' [' . $problem->getWordingPreview() . '] (' . $title . ')'; require_once "../layout/header.php"; //$returnLocation = "../medical/test_list.php?id_problem=" . $idProblem . "&id_patient=" . $idPatient; // controlling var $returnLocation = "../medical/test_list.php"; // controlling var /** * Breadcrumb */
* Destroy form values and errors */ Form::unsetSession(); /** * Prevent user from aborting script */ $oldAbort = ignore_user_abort(true); /** * Update problem */ $problemQ = new Query_Page_Problem(); $problemQ->update($problem); if ($problem->getClosingDate(false)) { FlashMsg::add(sprintf(_("Medical problem, %s, has been added to closed medical problems list."), $problem->getWording())); } else { FlashMsg::add(sprintf(_("Medical problem, %s, has been updated."), $problem->getWording())); } $problemQ->close(); unset($problemQ); unset($problem); /** * Record log process */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Page_Problem", "UPDATE", array($idProblem)); $recordQ->close(); unset($recordQ); /** * Reset abort setting */ ignore_user_abort($oldAbort);
$wording = Check::safeText($_POST["wording"]); /** * Prevent user from aborting script */ $oldAbort = ignore_user_abort(true); /** * Delete relative */ $connQ = new Query_Connection(); /** * Record log process (before deleting process) */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Connection", "DELETE", array($idProblem, $idConnection)); $recordQ->close(); unset($recordQ); $connQ->delete($idProblem, $idConnection); $connQ->close(); unset($connQ); /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(sprintf(_("Connection with medical problem, %s, has been deleted."), $wording)); // To header, without & //$returnLocation = "../medical/connection_list.php?id_problem=" . $idProblem . "&id_patient=" . $idPatient; $returnLocation = "../medical/connection_list.php"; header("Location: " . $returnLocation);
* Checking permissions */ require_once "../auth/login_check.php"; loginCheck(OPEN_PROFILE_ADMINISTRATOR); require_once "../lib/Form.php"; Form::compareToken($returnLocation); require_once "../lib/Check.php"; /** * Retrieving post vars */ $idUser = intval($_POST["id_user"]); /** * Delete user */ require_once "../model/Query/User.php"; $userQ = new Query_User(); if (!$userQ->select($idUser)) { $userQ->close(); FlashMsg::add(_("That user does not exist."), OPEN_MSG_ERROR); header("Location: " . $returnLocation); exit; } $user = $userQ->fetch(); $userQ->delete($idUser); $userQ->close(); unset($userQ); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(sprintf(_("User, %s, has been deleted."), $user->getLogin())); header("Location: " . $returnLocation);
* Prevent user from aborting script */ $oldAbort = ignore_user_abort(true); /** * Delete medical test */ $testQ = new Query_Test(); /** * Record log process (before deleting process) */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Test", "DELETE", array($idTest)); $recordQ->close(); unset($recordQ); $testQ->delete($idTest); $testQ->close(); unset($testQ); //@unlink($file); // do not remove the file because LORTAD /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(sprintf(_("Medical test, %s, has been deleted."), $file)); // To header, without & //$returnLocation = "../medical/test_list.php?id_problem=" . $idProblem . "&id_patient=" . $idPatient; // controlling var $returnLocation = "../medical/test_list.php"; // controlling var header("Location: " . $returnLocation);
*/ require_once "../auth/login_check.php"; loginCheck(OPEN_PROFILE_ADMINISTRATOR); /** * Validate data */ require_once "../model/Query/Staff.php"; $staff = new Staff(); require_once "../admin/staff_validate_post.php"; /** * Destroy form values and errors */ Form::unsetSession(); /** * Insert new staff member */ $staffQ = new Query_Staff(); if ($staffQ->existLogin($staff->getLogin())) { FlashMsg::add(sprintf(_("Login, %s, already exists. The changes have no effect."), $staff->getLogin()), OPEN_MSG_WARNING); } else { $staffQ->insert($staff); $info = $staff->getFirstName() . " " . $staff->getSurname1() . " " . $staff->getSurname2(); FlashMsg::add(sprintf(_("Staff member, %s, has been added."), $info)); } $staffQ->close(); unset($staffQ); unset($staff); /** * Redirect to $returnLocation to avoid reload problem */ header("Location: " . $returnLocation);
/** * Retrieving get vars */ $idTheme = intval($_GET["id_theme"]); /** * Checking for $formError to read data from database */ if (!isset($formError)) { include_once "../model/Query/Theme.php"; /** * Search database */ $themeQ = new Query_Theme(); if (!$themeQ->select($idTheme)) { $themeQ->close(); FlashMsg::add(_("That theme does not exist."), OPEN_MSG_ERROR); header("Location: " . $returnLocation); exit; } $theme = $themeQ->fetch(); if ($theme) { $formVar["id_theme"] = $idTheme; $formVar["theme_name"] = $theme->getName(); $formVar["css_file"] = $theme->getCssFile(); $filename = "../css/" . $theme->getCssFile(); $fp = fopen($filename, 'r'); if ($fp) { $formVar["css_rules"] = fread($fp, filesize($filename)); fclose($fp); } } else {
require_once "../model/Query/User.php"; $user = new User(); $user->setIdUser($_POST["id_user"]); $user->setLogin($_POST["login"]); $user->setPwd($_POST["md5"]); $_POST["pwd"] = ""; $user->setPwd2($_POST["md5_confirm"]); $_POST["pwd2"] = ""; if (!$user->validatePwd()) { $formError["pwd"] = $user->getPwdError(); Form::setSession($_POST, $formError); header("Location: " . $errorLocation); exit; } /** * Destroy form values and errors */ Form::unsetSession(); /** * Update user */ $userQ = new Query_User(); $userQ->resetPwd($user); FlashMsg::add(sprintf(_("Password of user, %s, has been reset."), $user->getLogin())); $userQ->close(); unset($userQ); unset($user); /** * Redirect to $returnLocation to avoid reload problem */ header("Location: " . $returnLocation);
$test->setIdTest($_POST["id_test"]); require_once "../medical/test_validate_post.php"; /** * Destroy form values and errors */ Form::unsetSession(); /** * Prevent user from aborting script */ $oldAbort = ignore_user_abort(true); /** * Update medical test */ $testQ = new Query_Test(); $testQ->update($test); FlashMsg::add(sprintf(_("Medical test, %s, has been updated."), $test->getPathFilename(false))); $testQ->close(); unset($testQ); /** * Record log process */ $recordQ = new Query_Page_Record(); $recordQ->log("Query_Test", "UPDATE", array($test->getIdTest())); $recordQ->close(); unset($recordQ); unset($test); /** * Reset abort setting */ ignore_user_abort($oldAbort); /**
* Retrieving var (PGS) */ $idPatient = Check::postGetSessionInt('id_patient'); $patient = new Patient($idPatient); if ($patient->getName() == '') { FlashMsg::add(_("That patient does not exist."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } /** * Search database for problem */ $historyQ = new Query_History(); if (!$historyQ->selectPersonal($idPatient)) { $historyQ->close(); FlashMsg::add(_("That patient does not exist."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } $history = $historyQ->fetch(); if (!$history) { $historyQ->close(); Error::fetch($historyQ); } $historyQ->freeResult(); $historyQ->close(); unset($historyQ); /** * Show page */ $title = _("View Personal Antecedents");
/** * void loginCheck(int $profilePage = OPEN_PROFILE_FREE, bool $inDemo = true) * * @param int $profilePage (optional) one of this values: * OPEN_PROFILE_FREE * OPEN_PROFILE_ADMINISTRATOR * OPEN_PROFILE_ADMINISTRATIVE * OPEN_PROFILE_DOCTOR * @param bool $inDemo (optional) restricted in DEMO version? * @return void * @access public * @see OPEN_DEMO * @since 0.8 */ function loginCheck($profilePage = OPEN_PROFILE_FREE, $inDemo = true) { /** * Checking to see if we are in demo mode and if we should not execute this page */ if (!$inDemo && (defined("OPEN_DEMO") && OPEN_DEMO)) { FlashMsg::add(_("This function is not available in this demo version of OpenClinic.")); // @fixme OPEN_APP_NAME header("Location: ../home/index.php"); exit; } /** * Disabling users control for demo */ if (defined("OPEN_DEMO") && OPEN_DEMO) { $_SESSION['auth']['is_admin'] = true; $_SESSION['auth']['is_administrative'] = true; $_SESSION['auth']['is_doctor'] = true; return; } // before possible login_form.php redirections $_SESSION['auth']['return_page'] = $_SERVER['REQUEST_URI']; /** * Checking to see if session variables exist */ if (!isset($_SESSION['auth']['login_session']) || $_SESSION['auth']['login_session'] == "") { header("Location: ../auth/login_form.php"); exit; } if (!isset($_SESSION['auth']['token']) || $_SESSION['auth']['token'] == "") { header("Location: ../auth/login_form.php"); exit; } /** * Checking if the request is from a different IP to previously */ if (isset($_SESSION['auth']['login_ip']) && $_SESSION['auth']['login_ip'] != $_SERVER['REMOTE_ADDR']) { // This is possibly a session hijack attempt include_once "../auth/logout.php"; exit; } /** * Checking session validation * $chk = md5( isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : $_SERVER['HTTP_ACCEPT'] . $_SERVER['HTTP_ACCEPT_ENCODING'] . $_SERVER['HTTP_ACCEPT_LANGUAGE'] . $_SERVER['HTTP_USER_AGENT'] ); if ($_SESSION['auth']['sign'] != $chk) { // This is possibly a session hijack attempt include_once("../auth/logout.php"); exit(); } /** * Checking session table to see if token has timed out */ $sessQ = new Query_Session(); if (!$sessQ->validToken($_SESSION['auth']['login_session'], $_SESSION['auth']['token'])) { $sessQ->close(); $_SESSION['auth']['invalid_token'] = true; FlashMsg::add(_("Session timeout")); header("Location: ../auth/login_form.php"); exit; } $sessQ->close(); unset($sessQ); /** * Here, the session is valid! */ if (isset($_SESSION['auth']['invalid_token'])) { unset($_SESSION['auth']['invalid_token']); } session_regenerate_id(); // to avoid Session Fixation /** * Checking authorization for this page * The session authorization flags were set at login in login.php */ if ($profilePage != OPEN_PROFILE_FREE && $profilePage != OPEN_PROFILE_ADMINISTRATOR && $profilePage != OPEN_PROFILE_DOCTOR && $profilePage != OPEN_PROFILE_ADMINISTRATIVE) { FlashMsg::add(_("Invalid profile page")); header("Location: ../auth/login_form.php"); exit; } if ($profilePage == OPEN_PROFILE_ADMINISTRATOR && !$_SESSION['auth']['is_admin'] || $profilePage == OPEN_PROFILE_ADMINISTRATIVE && !$_SESSION['auth']['is_administrative'] || $profilePage == OPEN_PROFILE_DOCTOR && !$_SESSION['auth']['is_doctor']) { FlashMsg::add(_("You are not authorized to use this page.")); header("Location: ../home/index.php"); exit; } }
$problemQ = new Query_Page_Problem(); /** * Record log process (before deleting process) */ $recordQ = new Query_Page_Record(); for ($i = 0; $i < $numRows; $i++) { $recordQ->log("Query_Page_Problem", "DELETE", array($array[$i]->getIdProblem())); } $recordQ->close(); unset($recordQ); for ($i = 0; $i < $numRows; $i++) { $problemQ->delete($array[$i]->getIdProblem()); } $problemQ->close(); unset($problemQ); unset($array); } /** * Update session variables */ require_once "../lib/LastViewedPatient.php"; LastViewedPatient::delete($idPatient); /** * Reset abort setting */ ignore_user_abort($oldAbort); /** * Redirect to $returnLocation to avoid reload problem */ FlashMsg::add(sprintf(_("Patient, %s, has been deleted."), $patName)); header("Location: " . $returnLocation);
*/ require_once "../auth/login_check.php"; loginCheck(OPEN_PROFILE_ADMINISTRATIVE); /** * Retrieving vars (PGS) */ $idPatient = Check::postGetSessionInt('id_patient'); /** * Checking for $formError to read data from database */ if (!isset($formError)) { include_once "../model/Patient.php"; $patient = new Patient($idPatient); $patName = $patient->getName(); if ($patName == '') { FlashMsg::add(_("Este beneficiário não está cadastrado."), OPEN_MSG_ERROR); header("Location: ../medical/patient_search_form.php"); exit; } /** * load up post vars */ $formVar["id_patient"] = $idPatient; //$formVar["last_update_date"] = date("Y-m-d"); // automatic date (ISO format) $formVar["id_member"] = $patient->getIdMember(); $formVar["nif"] = $patient->getNIF(); $formVar["first_name"] = $patient->getFirstName(); $formVar["surname1"] = $patient->getSurname1(); $formVar["surname2"] = $patient->getSurname2(); $formVar["address"] = $patient->getAddress(); $formVar["phone_contact"] = $patient->getPhone();