function stream_large_file($filename, $mimeType = 'text/plain; charset="UTF-8"', $chunkSize = 1048576, $retbytes = TRUE) { // Read a file and display its content chunk by chunk header('Content-Type: ' . $mimeType); header('Content-Disposition: attachment; filename=' . escape_output(basename($filename))); header('Content-Length: ' . filesize($filename)); $buffer = ''; $cnt = 0; // $handle = fopen($filename, 'rb'); $handle = fopen($filename, 'rb'); if ($handle === false) { return false; } while (!feof($handle)) { $buffer = fread($handle, $chunkSize); echo $buffer; ob_flush(); flush(); if ($retbytes) { $cnt += strlen($buffer); } } $status = fclose($handle); if ($retbytes && $status) { return $cnt; // return num. bytes delivered like readfile() does. } return $status; }
function rss() { global $prefs, $thisarticle; set_error_handler('tagErrorHandler'); extract($prefs); extract(doSlash(gpsa(array('category', 'section', 'limit', 'area')))); $sitename .= $section ? ' - ' . fetch_section_title($section) : ''; $sitename .= $category ? ' - ' . fetch_category_title($category) : ''; $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $out[] = tag('http://textpattern.com/?v=' . $version, 'generator'); $out[] = tag(doSpecial($sitename), 'title'); $out[] = tag(hu, 'link'); $out[] = tag(doSpecial($site_slogan), 'description'); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $out[] = tag(safe_strftime('rfc822', $last), 'pubDate'); $articles = array(); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); if ($frs) { foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('rss_entry'); $a['posted'] = $uPosted; $permlink = permlinkurl($a); $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $Title = escape_output(strip_tags($Title)) . $count; $thisauthor = get_author_name($AuthorID); $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb; $articles[$ID] = tag($item, 'item'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uPosted; } } } elseif ($area == 'link') { $cfilter = $category ? "category='{$category}'" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate'); $articles[$id] = tag($item, 'item'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!$articles) { if ($section) { if (safe_field('name', 'txp_section', "name = '{$section}'") == false) { txp_die(gTxt('404_not_found'), '404'); } } elseif ($category) { switch ($area) { case 'link': if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; case 'article': default: if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'article'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; } } } else { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { // make sure notices/warnings/errors don't fudge up the feed // when compression is used $buf = ''; while ($b = @ob_get_clean()) { $buf .= $b; } @ob_start('ob_gzhandler'); echo $buf; } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id]) !== false) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0') { header("HTTP/1.0 304 Not Modified"); } else { header("HTTP/1.1 304 Not Modified"); } exit; } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } } $out = array_merge($out, $articles); header("Content-Type: application/rss+xml; charset=utf-8"); if ($etag) { header('ETag: "' . $etag . '"'); } return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">' . n . tag(join(n, $out), 'channel') . n . '</rss>'; }
function assert_int($myvar) { global $production_status; if (is_numeric($myvar) and $myvar == intval($myvar)) { return (int) $myvar; } if ($production_status == 'debug' || txpinterface == 'admin') { trigger_error("<pre>Error: '" . htmlspecialchars($myvar) . "' is not an integer</pre>" . "\n" . '<pre style="padding-left: 2em;" class="backtrace"><code>' . escape_output(join("\n", get_caller(5, 1))) . '</code></pre>', E_USER_WARNING); } else { trigger_error("'" . htmlspecialchars($myvar) . "' is not an integer.", E_USER_WARNING); } return false; }
<option value="3">3</option> <option value="4">4</option> <option value="5">5</option> </select> </div> <!-- hidden inputs to send to php --> <input type="hidden" name="exerciseID" value="<?php echo escape_output($exercise->id); ?> "> <input type="hidden" name="workoutsID" value="<?php echo escape_output($workoutID); ?> "> <input type="hidden" name="workout-log-id" value="<?php echo escape_output($workout_log_id); ?> " > <div class="centered"> <input type="submit" class="enter-set-btn button small secondary" value="Enter Item" name="submit-set-btn"> </div> <!-- success box --> <!-- <div class="row success-alert-box centered"> <div class="centered alert-box success radius"> Set Added! </div> </div> --> <!-- success box --> </div>
function zem_data_field(&$obj, $atts) { extract(lAtts(array('type' => '', 'field' => '', 'wraptag' => '', 'class' => 'zem_data_field', 'format' => '', 'title' => '', 'title_format' => '', 'label' => '', 'sep' => ': ', 'escape' => '1', 'linktext' => NULL, 'default' => ''), $atts, 0)); $attr = ''; if (!$obj) { return; } if (!array_key_exists($field, $obj)) { trigger_error(gTxt('unknown_field', array('{field}' => $field))); } if (empty($obj[$field])) { if ($default) { $out = $default; } else { return ''; } } else { $out = $obj[$field]; } if ($type == 'date' and $format) { $out = zem_strftime($format, strtotime($out)); } if ($type == 'date' and $title_format) { $attr = ' title="' . zem_strftime($title_format, strtotime($out)) . '"'; } if ($escape) { $out = escape_output($out); } if ($type == 'permlink') { $out = permlink(array('class' => $class, 'id' => $out), $linktext); } elseif ($type == 'link') { $out = href($linktext, $out); } elseif ($type == 'email') { $out = eE($out); } elseif ($type == 'emaillink') { $out = href($linktext, 'mailto:' . eE($out)); } $pre = ''; if ($label) { $pre = $label . $sep; } return doTag($pre . $out, $wraptag, $class, $attr); }
function tag_file_download_link() { global $step, $endform, $tag_name, $permlink_mode; $atts = gpsa(array('filename', 'id')); extract($atts); $thing = gps('thing'); $type = gps('type'); $description = gps('description'); $types = array('textile' => 'Textile', 'textpattern' => 'Textpattern', 'xhtml' => 'XHTML'); $out = form(startTable('tagbuilder') . tr(tdcs(hed(gTxt('tag_' . $tag_name), 3), 2)) . tagRow('type', '' . selectInput('type', $types, $type ? $type : 'textpattern', true)) . tagRow('id', input_id($id)) . tagRow('filename', fInput('text', 'filename', $filename, 'edit', '', '', 25)) . tagRow('link_text', fInput('text', 'thing', $thing ? $thing : $filename, 'edit', '', '', 25)) . tagRow('description', '<textarea name="description" cols="22" rows="3">' . $description . '</textarea>') . $endform); if ($step == 'build') { $description = str_replace('&', '&', escape_output($description)); $url = $permlink_mode == 'messy' ? hu . 'index.php?s=file_download' . a . 'id=' . $id : hu . gTxt('file_download') . '/' . $id . ($filename ? '/' . $filename : ''); switch ($type) { case 'textile': $thing = $thing ? $thing : $filename; $description = $description ? ' (' . $description . ')' : ''; $out .= tdb('"' . $thing . $description . '":' . $url); break; case 'xhtml': $thing = $thing ? $thing : $filename; $description = $description ? ' title="' . $description . '"' : ''; $out .= tdb('<a href="' . $url . '"' . $description . '>' . $thing . '</a>'); break; case 'textpattern': default: $atts = array('id' => $id); $thing = $thing ? $thing : '<txp:file_download_name />'; $out .= tdb(tb($tag_name, $atts, $thing)); break; } } return $out; }
display_error("Error: Insufficient privileges", "You must be an administrator to create forms."); break; } echo "<h1>Create a form</h1>\r\n"; display_form_edit_form($user); break; case 'edit': if (!$user->isAdmin()) { display_error("Error: Insufficient privileges", "You must be an administrator to modify forms."); break; } echo "<h1>Modify a form</h1>\r\n"; display_form_edit_form($user, intval($_REQUEST['id'])); break; case 'show': $formTitle = $database->queryFirstValue("SELECT `name` FROM `forms` WHERE `id` = " . intval($_REQUEST['id']) . " LIMIT 1"); if (!$formTitle) { echo "This form was not found. Please select another form and try again."; } else { echo "<h1>" . escape_output($formTitle) . " - History</h1>\r\n"; display_form_history($user, intval($_REQUEST['id'])); } break; default: case 'index': echo "<h1>Forms</h1>\r\n"; display_forms($user); echo "<a href='form.php?action=new'>Add a new form</a><br />\r\n"; break; } display_footer();
function processTags($matches) { global $pretext, $production_status, $txptrace, $txptracelevel, $txp_current_tag; $tag = $matches[1]; $trouble_makers = array('link'); if (in_array($tag, $trouble_makers)) { $tag = 'tpt_' . $tag; } $atts = isset($matches[2]) ? splat($matches[2]) : ''; $thing = isset($matches[4]) ? $matches[4] : null; $old_tag = @$txp_current_tag; $txp_current_tag = '<txp:' . $tag . ($atts ? $matches[2] : '') . ($thing ? '>' : '/>'); trace_add($txp_current_tag); @++$txptracelevel; if ($production_status == 'debug') { maxMemUsage(trim($matches[0])); } $out = ''; if (function_exists($tag)) { $out = $tag($atts, $thing, $matches[0]); } elseif (isset($pretext[$tag])) { $out = escape_output($pretext[$tag]); } else { trigger_error(gTxt('unknown_tag', array('{tag}' => $tag)), E_USER_WARNING); } @--$txptracelevel; if (isset($matches[4])) { trace_add('</txp:' . $tag . '>'); } $txp_current_tag = $old_tag; return $out; }
<div class="medium-4 medium-offset-4 columns centered"> <form action="<?php base_url(); ?> workouts" method="post"> <h5 class="margin-top">Select Existing Exercise</h5> <select name="add_existing_exercise_selection"> <!-- begin all exercises selection - value is the exercise id number--> <?php foreach ($allExercises as $exercise) { ?> <option value="<?php echo escape_output($exercise->id); ?> "><?php echo escape_output($exercise->name); ?> </option> <?php } ?> <!-- begin all exercises selection --> </select> <div class="centered"> <!-- takes workout id and sends to the server --> <input id="existing-exercise-workoutID" type="hidden" name="existing-exercise-workoutID"> <input type="submit" class="button success small" value="Submit" name="add-existing-exercise"> </div> </form> <h4>OR</h4> <h5 class="margin-top">Create and Add New Exercise</h5>
function plugin_install() { $plugin = ps('plugin64'); $plugin = preg_replace('@.*\\$plugin=\'([\\w=+/]+)\'.*@s', '$1', $plugin); $plugin = preg_replace('/^#.*$/m', '', $plugin); if (trim($plugin)) { $plugin = base64_decode($plugin); if (strncmp($plugin, "‹", 2) === 0) { $plugin = gzinflate(substr($plugin, 10)); } if ($plugin = unserialize($plugin)) { if (is_array($plugin)) { extract($plugin); if (empty($type)) { $type = 0; } $type = assert_int($type); $exists = fetch('name', 'txp_plugin', 'name', $name); if (isset($help_raw) && empty($plugin['allow_html_help'])) { // default: help is in Textile format include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $help = $textile->TextileRestricted($help_raw, 0, 0); } if ($exists) { $rs = safe_update("txp_plugin", "status = 0,\n\t\t\t\t\t\t\ttype = {$type},\n\t\t\t\t\t\t\tauthor = '" . doSlash($author) . "',\n\t\t\t\t\t\t\tauthor_uri = '" . doSlash($author_uri) . "',\n\t\t\t\t\t\t\tversion = '" . doSlash($version) . "',\n\t\t\t\t\t\t\tdescription = '" . doSlash($description) . "',\n\t\t\t\t\t\t\thelp = '" . doSlash($help) . "',\n\t\t\t\t\t\t\tcode = '" . doSlash($code) . "',\n\t\t\t\t\t\t\tcode_restore = '" . doSlash($code) . "',\n\t\t\t\t\t\t\tcode_md5 = '" . doSlash($md5) . "'", "name = '" . doSlash($name) . "'"); } else { $rs = safe_insert("txp_plugin", "name = '" . doSlash($name) . "',\n\t\t\t\t\t\t\tstatus = 0,\n\t\t\t\t\t\t\ttype = {$type},\n\t\t\t\t\t\t\tauthor = '" . doSlash($author) . "',\n\t\t\t\t\t\t\tauthor_uri = '" . doSlash($author_uri) . "',\n\t\t\t\t\t\t\tversion = '" . doSlash($version) . "',\n\t\t\t\t\t\t\tdescription = '" . doSlash($description) . "',\n\t\t\t\t\t\t\thelp = '" . doSlash($help) . "',\n\t\t\t\t\t\t\tcode = '" . doSlash($code) . "',\n\t\t\t\t\t\t\tcode_restore = '" . doSlash($code) . "',\n\t\t\t\t\t\t\tcode_md5 = '" . doSlash($md5) . "'"); } if ($rs and $code) { $message = gTxt('plugin_installed', array('{name}' => escape_output($name))); plugin_list($message); } else { $message = gTxt('plugin_install_failed', array('{name}' => escape_output($name))); plugin_list($message); } } } else { plugin_list(gTxt('bad_plugin_code')); } } }
//ensure that id is set. if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { display_error("Error: Invalid entry ID", "Please check the ID and try again."); break; } //ensure that this user has permissions to edit this form entry. $facility_id = intval($database->queryFirstValue("SELECT `machines`.`facility_id` FROM `form_entries` LEFT OUTER JOIN `machines` ON `machines`.`id` = `form_entries`.`machine_id` WHERE `form_entries`.`id` = " . intval($_REQUEST['id']) . " LIMIT 1")); if (!$facility_id) { display_error("Error: Invalid entry ID", "Please check the ID and try again."); break; } elseif (intval($facility_id) != $user->facility['id']) { display_error("Error: Insufficient privileges", "You may only view and edit forms belonging to your facility."); break; } echo "<div class='row-fluid'>\r\n <div class='span12'>\r\n <h1>QA Record<a href='form_entry.php?action=print&form_id=" . intval($_REQUEST['form_id']) . "&id=" . intval($_REQUEST['id']) . "' class='btn btn-info pull-right'>Print to PDF</a></h1>\r\n </div>\n</div>\n"; display_form_entry_edit_form($user, intval($_REQUEST['id']), false); break; default: case 'index': start_html($user, "UC Medicine QA", "Manage Form Entries", $_REQUEST['status'], $_REQUEST['class']); $form_name = $database->queryFirstValue("SELECT `name` FROM `forms` WHERE `id` = " . intval($_REQUEST['form_id']) . " LIMIT 1"); if (!$form_name) { display_error("Error: Invalid form ID", "That form ID is invalid. Please go back and try again."); break; } echo "<h1>History for: " . escape_output($form_name) . "</h1>\r\n"; display_form_entries($user, intval($_REQUEST['form_id'])); echo "<a href='form_entry.php?action=new&form_id=" . intval($_REQUEST['form_id']) . "'>Submit a record</a><br />\r\n"; break; } display_footer();
display_machine_dropdown($user, "form_entry[machine_id]", $id === false ? 0 : intval($formEntry->machine['id']), intval($form->machineType['id'])); echo " </div>\r\n </div>\r\n <div class='control-group'>\n"; if ($user->isAdmin()) { echo " <label class='control-label' for='form_entry[machine_id]'>Performed by</label>\r\n <div class='controls'>\n"; display_user_dropdown($user, "form_entry[user_id]", $id === false ? $user->id : intval($formEntry->user['id'])); echo " </div>\n"; } else { echo " <input type='hidden' name='form_entry[user_id]' value='" . ($id === false ? intval($user->id) : intval($formEntry->user['id'])) . "' />\n"; } echo " </div>\r\n </div>\r\n <div class='span6'>\r\n <div class='control-group'>\r\n <label class='control-label' for='form_entry[qa_month]'>QA Month</label>\r\n <div class='controls'>\r\n "; display_month_year_dropdown("form_entry[qa_month]", "form_entry", $id === false ? False : array(intval($formEntry->qaMonth), intval($formEntry->qaYear))); echo "\r\n </div>\r\n </div>\r\n <div class='control-group'>\r\n <label class='control-label' for='form_entry[created_at]'>Inspection Date</label>\r\n <div class='controls'>\r\n <input name='form_entry[created_at]' type='datetime-local' readonly='true' class='input-xlarge enabled' id='form_entry_created_at'" . ($id === false ? "" : " value='" . escape_output($formEntry->createdAt) . "'") . ">\r\n </div>\r\n </div>\r\n </div>\r\n </div>\r\n <div class='row-fluid'>\r\n <div class='span4'>\r\n <h3 class='center-horizontal'>Contrast Scale</h3>\r\n <h4 class='center-horizontal'>Slice 1-5 (-511 mm)</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n <tr>\r\n <th>Plug</th>\r\n <th>CT #</th>\r\n <th>Nom.</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>1</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][contrast_scale_1_value]' class='form_entry_form_values_contrast_scale_1_value span5' id='form_entry_form_values_contrast_scale_1_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_1_value']->value) . "'") . "/> ± <input type='number' step='0.01' name='form_entry[form_values][contrast_scale_1_plusmin]' class='form_entry_form_values_contrast_scale_1_plusmin span5' id='form_entry_form_values_contrast_scale_1_plusmin' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_1_plusmin']->value) . "'") . "/></td>\r\n <td>-95±15</td>\r\n </tr>\r\n <tr>\r\n <td>2</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][contrast_scale_2_value]' class='form_entry_form_values_contrast_scale_2_value span5' id='form_entry_form_values_contrast_scale_2_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_2_value']->value) . "'") . "/> ± <input type='number' step='0.01' name='form_entry[form_values][contrast_scale_2_plusmin]' class='form_entry_form_values_contrast_scale_2_plusmin span5' id='form_entry_form_values_contrast_scale_2_plusmin' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_2_plusmin']->value) . "'") . "/></td>\r\n <td>913±50</td>\r\n </tr>\r\n <tr>\r\n <td>3</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][contrast_scale_3_value]' class='form_entry_form_values_contrast_scale_3_value span5' id='form_entry_form_values_contrast_scale_3_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_3_value']->value) . "'") . "/> ± <input type='number' step='0.01' name='form_entry[form_values][contrast_scale_3_plusmin]' class='form_entry_form_values_contrast_scale_3_plusmin span5' id='form_entry_form_values_contrast_scale_3_plusmin' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_3_plusmin']->value) . "'") . "/></td>\r\n <td>-988±5</td>\r\n </tr>\r\n <tr>\r\n <td>4</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][contrast_scale_4_value]' class='form_entry_form_values_contrast_scale_4_value span5' id='form_entry_form_values_contrast_scale_4_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_4_value']->value) . "'") . "/> ± <input type='number' step='0.01' name='form_entry[form_values][contrast_scale_4_plusmin]' class='form_entry_form_values_contrast_scale_4_plusmin span5' id='form_entry_form_values_contrast_scale_4_plusmin' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_4_plusmin']->value) . "'") . "/></td>\r\n <td>120±15</td>\r\n </tr>\r\n <tr>\r\n <td>5</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][contrast_scale_5_value]' class='form_entry_form_values_contrast_scale_5_value span5' id='form_entry_form_values_contrast_scale_5_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_5_value']->value) . "'") . "/> ± <input type='number' step='0.01' name='form_entry[form_values][contrast_scale_5_plusmin]' class='form_entry_form_values_contrast_scale_5_plusmin span5' id='form_entry_form_values_contrast_scale_5_plusmin' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['contrast_scale_5_plusmin']->value) . "'") . "/></td>\r\n <td>0±4</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n </div>\r\n <div class='span4'>\r\n <h3 class='center-horizontal'>Low Contrast Detectability</h3>\r\n <h4 class='center-horizontal'>Slice 2-5 (-471mm) (W/L=100/100)</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>See 6mm row?</td>\r\n <td class='control-group'><input name='form_entry[form_values][low_contrast_detect_6mm_row]' class='form_entry_form_values_low_contrast_detect_6mm_row span12' id='form_entry_form_values_low_contrast_detect_6mm_row' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['low_contrast_detect_6mm_row']->value) . "'") . "/></td>\r\n <td>5</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n <h3 class='center-horizontal'>Spatial Integrity</h3>\r\n <h4 class='center-horizontal'>Slice 3-5 (-431mm)</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n <tr>\r\n <th>BB to BB</th>\r\n <th>Nominal</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][spatial_integrity_bb_to_bb]' class='form_entry_form_values_spatial_integrity_bb_to_bb span12' id='form_entry_form_values_spatial_integrity_bb_to_bb' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['spatial_integrity_bb_to_bb']->value) . "'") . "/></td>\r\n <td>100±1</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n <h3 class='center-horizontal'>High Contrast Resolution</h3>\r\n <h4 class='center-horizontal'>Slice 4-5 (-391mm) (W/L=100/1100)</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>highest lp/cm block</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][high_contrast_resolution_max_lp_cm_block]' class='form_entry_form_values_high_contrast_resolution_max_lp_cm_block span12' id='form_entry_form_values_high_contrast_resolution_max_lp_cm_block' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['high_contrast_resolution_max_lp_cm_block']->value) . "'") . "/></td>\r\n <td>8</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n </div>\r\n <div class='span4'>\r\n <h3 class='center-horizontal'>Laser Position</h3>\r\n <h4 class='center-horizontal'>Wilke Phantom</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n <tr>\r\n <th>Laser</th>\r\n <th>Measurement</th>\r\n <th>Nom.</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>Cor</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][laser_position_cor]' class='form_entry_form_values_laser_position_cor span12' id='form_entry_form_values_laser_position_cor' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['laser_position_cor']->value) . "'") . "/></td>\r\n <td>0±2</td>\r\n </tr>\r\n <tr>\r\n <td>Sag</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][laser_position_sag]' class='form_entry_form_values_laser_position_sag span12' id='form_entry_form_values_laser_position_sag' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['laser_position_sag']->value) . "'") . "/></td>\r\n <td>0±2</td>\r\n </tr>\r\n <tr>\r\n <td>Axial</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][laser_position_axial]' class='form_entry_form_values_laser_position_axial span12' id='form_entry_form_values_laser_position_axial' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['laser_position_axial']->value) . "'") . "/></td>\r\n <td>0±2</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n <h3 class='center-horizontal'>Laser Localization</h3>\r\n <h4 class='center-horizontal'>Pinnacle</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>BB±1mm?</td>\r\n <td class='control-group'><select id='form_entry_form_values_laser_localization' name='form_entry[form_values][laser_localization]'>\r\n <option value='NULL'" . ($id != false && $formEntry->formValues['laser_localization']->value == 'NULL' ? " selected='selected'" : "") . "></option>\r\n <option value='Y'" . ($id != false && $formEntry->formValues['laser_localization']->value == 'Y' ? " selected='selected'" : "") . ">Y</option>\r\n <option value='N'" . ($id != false && $formEntry->formValues['laser_localization']->value == 'N' ? " selected='selected'" : "") . ">N</option>\r\n </select></td>\r\n <td>8</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n </div>\r\n </div>\r\n <div class='row-fluid'>\r\n <div class='span4'>\r\n <h3 class='center-horizontal'>Review Daily QA Logs</h3>\r\n <h4 class='center-horizontal'> </h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>Performed</td>\r\n <td class='control-group'><select id='form_entry_form_values_daily_qa_logs_reviewed' name='form_entry[form_values][daily_qa_logs_reviewed]'>\r\n <option value='NULL'" . ($id != false && $formEntry->formValues['daily_qa_logs_reviewed']->value == 'NULL' ? " selected='selected'" : "") . "></option>\r\n <option value='Y'" . ($id != false && $formEntry->formValues['daily_qa_logs_reviewed']->value == 'Y' ? " selected='selected'" : "") . ">Y</option>\r\n <option value='N'" . ($id != false && $formEntry->formValues['daily_qa_logs_reviewed']->value == 'N' ? " selected='selected'" : "") . ">N</option>\r\n </select></td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n </div>\r\n <div class='span4'>\r\n <h3 class='center-horizontal'>Table Incrementation</h3>\r\n <h4 class='center-horizontal'>Ruler</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>±1mm?</td>\r\n <td class='control-group'><select id='form_entry_form_values_table_incrementation' name='form_entry[form_values][table_incrementation]'>\r\n <option value='NULL'" . ($id != false && $formEntry->formValues['table_incrementation']->value == 'NULL' ? " selected='selected'" : "") . "></option>\r\n <option value='Y'" . ($id != false && $formEntry->formValues['table_incrementation']->value == 'Y' ? " selected='selected'" : "") . ">Y</option>\r\n <option value='N'" . ($id != false && $formEntry->formValues['table_incrementation']->value == 'N' ? " selected='selected'" : "") . ">N</option>\r\n </select></td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n </div>\r\n <div class='span4'>\r\n <h3 class='center-horizontal'>Slice Thickness</h3>\r\n <h4 class='center-horizontal'>Slice 1-5</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>Slice Thickness (mm)</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][slice_thickness]' class='form_entry_form_values_slice_thickness span12' id='form_entry_form_values_slice_thickness' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['slice_thickness']->value) . "'") . "/></td>\r\n <td>3</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n </div>\r\n </div>\r\n <div class='row-fluid'>\r\n <div class='span6'>\r\n <h3 class='center-horizontal'>Field Uniformity (head)</h3>\r\n <h4 class='center-horizontal'>Slice 3-5 (-431 mm)</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n <tr>\r\n <th>ROI</th>\r\n <th>CT #</th>\r\n <th>Nominal</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>1</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][field_uniformity_1_value]' class='form_entry_form_values_field_uniformity_1_value span12' id='form_entry_form_values_field_uniformity_1_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['field_uniformity_1_value']->value) . "'") . "/></td>\r\n <td>0±5</td>\r\n </tr>\r\n <tr>\r\n <td>2</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][field_uniformity_2_value]' class='form_entry_form_values_field_uniformity_2_value span12' id='form_entry_form_values_field_uniformity_2_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['field_uniformity_2_value']->value) . "'") . "/></td>\r\n <td>0±5</td>\r\n </tr>\r\n <tr>\r\n <td>3</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][field_uniformity_3_value]' class='form_entry_form_values_field_uniformity_3_value span12' id='form_entry_form_values_field_uniformity_3_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['field_uniformity_3_value']->value) . "'") . "/></td>\r\n <td>0±5</td>\r\n </tr>\r\n <tr>\r\n <td>4</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][field_uniformity_4_value]' class='form_entry_form_values_field_uniformity_4_value span12' id='form_entry_form_values_field_uniformity_4_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['field_uniformity_4_value']->value) . "'") . "/></td>\r\n <td>0±5</td>\r\n </tr>\r\n <tr>\r\n <td>5</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][field_uniformity_5_value]' class='form_entry_form_values_field_uniformity_5_value span12' id='form_entry_form_values_field_uniformity_5_value' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['field_uniformity_5_value']->value) . "'") . "/></td>\r\n <td>0±5</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n </div>\r\n <div class='span6'>\r\n <h3 class='center-horizontal'>Noise (head)</h3>\r\n <h4 class='center-horizontal'>Slice 3-5 (-431 mm)</h4>\r\n <table class='table table-bordered table-striped'>\r\n <thead>\r\n <tr>\r\n <th>ROI</th>\r\n <th>Standard Deviation</th>\r\n <th>Nominal</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n <tr>\r\n <td>1</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][noise_1_stddev]' class='form_entry_form_values_noise_1_stddev span12' id='form_entry_form_values_noise_1_stddev' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['noise_1_stddev']->value) . "'") . "/></td>\r\n <td>11±2</td>\r\n </tr>\r\n <tr>\r\n <td>2</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][noise_2_stddev]' class='form_entry_form_values_noise_2_stddev span12' id='form_entry_form_values_noise_2_stddev' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['noise_2_stddev']->value) . "'") . "/></td>\r\n <td>9±2</td>\r\n </tr>\r\n <tr>\r\n <td>3</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][noise_3_stddev]' class='form_entry_form_values_noise_3_stddev span12' id='form_entry_form_values_noise_3_stddev' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['noise_3_stddev']->value) . "'") . "/></td>\r\n <td>9±2</td>\r\n </tr>\r\n <tr>\r\n <td>4</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][noise_4_stddev]' class='form_entry_form_values_noise_4_stddev span12' id='form_entry_form_values_noise_4_stddev' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['noise_4_stddev']->value) . "'") . "/></td>\r\n <td>9±2</td>\r\n </tr>\r\n <tr>\r\n <td>5</td>\r\n <td class='control-group'><input type='number' step='0.01' name='form_entry[form_values][noise_5_stddev]' class='form_entry_form_values_noise_5_stddev span12' id='form_entry_form_values_noise_5_stddev' " . (!$formEntry->formValues ? "" : " value='" . escape_output($formEntry->formValues['noise_5_stddev']->value) . "'") . "/></td>\r\n <td>9±2</td>\r\n </tr>\r\n </tbody>\r\n </table>\r\n </div>\r\n </div>\r\n <h3>Image</h3>\r\n"; if ($id != false && $formEntry->imagePath != '') { echo "<img src='" . joinPaths(ROOT_URL, escape_output($formEntry->imagePath)) . "' /><br />\r\n"; } echo " <div id='image_preview' class='row-fluid'></div>\r\n <p>Supported formats: JPEG, PNG, GIF, WBMP, GD2</p>\r\n <input name='form_image' class='input-file' type='file' onChange='displayImagePreview(this.files);' />\r\n <h3>Comments</h3>\r\n <textarea name='form_entry[comments]' id='form_entry_comments' rows='10' class='span12' placeholder='Comments go here.'>" . ($id === false ? "" : escape_output($formEntry->comments)) . "</textarea><br />\r\n <div class='form-actions'>\r\n"; if ($id != false && $formEntry->approvedOn != '') { echo " <button type='submit' class='btn btn-primary disabled' disabled='disabled'>Approved</button>\r\n"; } else { echo " <button type='submit' class='btn btn-primary'>" . ($id === false ? "Save" : "Save changes") . "</button>\r\n"; } echo " <a class='btn' href='#' onClick='window.location.replace(document.referrer);' >" . ($id === false ? "Go back" : "Discard changes") . "</a>\r\n"; if ($id != false && $user->isPhysicist()) { if ($formEntry->approvedOn == '') { echo " <a class='btn btn-success' href='form_entry.php?action=approve&id=" . intval($id) . "'>Approve</a>\r\n"; } else { echo " <a class='btn btn-warning' href='form_entry.php?action=unapprove&id=" . intval($id) . "'>Unapprove</a>\r\n"; } } if ($id != false && $user->isAdmin()) { echo "<button class='btn btn-danger delete-button' data-id='" . intval($id) . "'>Delete</button>\n";
function discuss_edit() { pagetop(gTxt('edit_comment')); extract(gpsa(array('discussid', 'sort', 'dir', 'page', 'crit', 'search_method'))); $discussid = assert_int($discussid); $rs = safe_row('*, unix_timestamp(posted) as uPosted', 'txp_discuss', "discussid = {$discussid}"); if ($rs) { extract($rs); $message = escape_output($message); if (fetch('ip', 'txp_discuss_ipban', 'ip', $ip)) { $ban_step = 'ipban_unban'; $ban_text = gTxt('unban'); } else { $ban_step = 'ipban_add'; $ban_text = gTxt('ban'); } $ban_link = '[<a href="?event=discuss' . a . 'step=' . $ban_step . a . 'ip=' . $ip . a . 'name=' . urlencode($name) . a . 'discussid=' . $discussid . '">' . $ban_text . '</a>]'; echo form(startTable('edit') . stackRows(fLabelCell('name') . fInputCell('name', $name), fLabelCell('IP') . td("{$ip} {$ban_link}"), fLabelCell('email') . fInputCell('email', $email), fLabelCell('website') . fInputCell('web', $web), fLabelCell('date') . td(safe_strftime('%d %b %Y %X', $uPosted)), tda(gTxt('message')) . td('<textarea name="message" cols="60" rows="15">' . $message . '</textarea>'), fLabelCell('status') . td(selectInput('visible', array(VISIBLE => gTxt('visible'), SPAM => gTxt('spam'), MODERATE => gTxt('unmoderated')), $visible, false)), td() . td(fInput('submit', 'step', gTxt('save'), 'publish')), hInput('sort', $sort) . hInput('dir', $dir) . hInput('page', $page) . hInput('crit', $crit) . hInput('search_method', $search_method) . hInput('discussid', $discussid) . hInput('parentid', $parentid) . hInput('ip', $ip) . eInput('discuss') . sInput('discuss_save')) . endTable()); } else { echo graf(gTxt('comment_not_found'), ' style="text-align: center;"'); } }
base_url(); ?> workout" method="post"> <select id="selected-workout" name="workoutID"> <option value="">Select Workout</option> <!-- post all workouts from database --> <!-- value is the workout-id from database --> <?php foreach ($workouts as $workout) { ?> <option value="<?php echo escape_output($workout->id); ?> "><?php echo escape_output($workout->name); ?> </option> <?php } ?> <!-- end post all workouts from database --> </select> </form> </div> <?php if (isset($_SESSION['workout_log_id'])) { ?> <h4 class="centered ripped">You currently have a workout in progress!! <br> If you select another one - the current workout will end.</h4> <?php }
$entry['machine_name'] = "Unknown machine"; } echo "<li><a href='form_entry.php?action=edit&id=" . intval($entry['id']) . "'>" . escape_output($entry['machine_name']) . " for " . escape_output(intval($entry['qa_month']) . "/" . intval($entry['qa_year'])) . "</a></li>\r\n"; } } ?> </div> </div> <div class="span4"> <div class="row-fluid"> <h2>Latest updates</h2> <?php // get a list of all form entries for machines within this user's facility. $entries = $database->stdQuery("SELECT `machines`.`name` AS `machine_name`, `form_entries`.`id`, `form_entries`.`qa_month`, `form_entries`.`qa_year`, `form_entries`.`approved_on` FROM `form_entries` LEFT OUTER JOIN `machines` ON `machines`.`id` = `form_entries`.`machine_id` WHERE `machines`.`facility_id` = " . intval($user->facility['id']) . " ORDER BY `form_entries`.`updated_at` DESC LIMIT 20"); if (!$entries) { echo "None!"; } else { echo "<ul>\r\n"; while ($entry = mysqli_fetch_assoc($entries)) { if ($entry['machine_name'] == '') { $entry['machine_name'] = "Unknown machine"; } echo "<li><a href='form_entry.php?action=edit&id=" . intval($entry['id']) . "'>" . escape_output($entry['machine_name']) . " for " . escape_output(intval($entry['qa_month']) . "/" . intval($entry['qa_year'])) . ($entry['approved_on'] != '' ? "(approved)" : "") . "</a></li>\r\n"; } } ?> </div> </div> </div> <?php display_footer();
display_error("Error: Insufficient privileges", "You must be an administrator to add machine types."); break; } echo "<h1>Add a machine type</h1>\n"; display_machine_type_edit_form($user); break; case 'edit': if (!$user->isAdmin()) { display_error("Error: Insufficient privileges", "You must be an administrator to modify machine types."); break; } echo "<h1>Modify a machine type</h1>\n"; display_machine_type_edit_form($user, intval($_REQUEST['id'])); break; case 'show': $machineTypeName = $database->queryFirstValue("SELECT `name` FROM `machine_types` WHERE `id` = " . intval($_REQUEST['id']) . " LIMIT 1"); if (!$machineTypeName) { echo "This machine type was not found. Please select another machine type and try again."; } else { echo "<h1>" . escape_output($machineTypeName) . " - History <small>(<a href='machine_type.php?action=edit&id=" . intval($_REQUEST['id']) . "'>edit</a>)</small></h1>\n"; display_machine_type_info($user, intval($_REQUEST['id'])); } break; default: case 'index': echo "<h1>Machine Types</h1>\n"; display_machine_types($user); echo "<a href='machine_type.php?action=new'>Add a new machine type</a><br />\n"; break; } display_footer();
display_error("Error: Insufficient privileges", "You may only modify your own facility's machines."); break; } echo "<h1>Modify a machine</h1>\r\n"; display_machine_edit_form($user, intval($_REQUEST['id'])); break; case 'show': if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id'])) { display_error("Error: Invalid machine ID", "Please check your ID and try again."); break; } //ensure that user has sufficient privileges to view this machine. $machineObject = $database->queryFirstRow("SELECT * FROM `machines` WHERE `id` = " . intval($_REQUEST['id']) . " LIMIT 1"); if (!$machineObject) { display_error("Error: Invalid machine ID", "Please check your ID and try again."); break; } elseif (intval($machineObject['facility_id']) != $user->facility['id']) { display_error("Error: Insufficient privileges", "You may only view your own facility's machines."); break; } echo "<h1>" . escape_output($machineObject['name']) . " - History <small>(<a href='machine.php?action=edit&id=" . intval($_REQUEST['id']) . "'>edit</a>)</small></h1>\r\n"; display_machine_info($user, intval($_REQUEST['id'])); break; default: case 'index': echo "<h1>Machines</h1>\r\n"; display_machines($user); echo "<a href='machine.php?action=new'>Add a new machine</a><br />\r\n"; break; } display_footer();
public function register($name, $email, $password, $password_confirmation, $facility_id) { //registration is closed to all non-admin users. if (!$this->loggedIn() || !$this->isAdmin()) { $returnArray = array("location" => "register.php", "status" => "Registration is closed to all non-admin users. Please contact your facility administrator for access."); } else { //check if user's passwords match. if ($password != $password_confirmation) { $returnArray = array("location" => "register.php", "status" => "Your passwords do not match. Please try again."); } else { //check if email is well-formed. $email_regex = "/[0-9A-Za-z\\+\\-\\%\\.]+@[0-9A-Za-z\\.\\-]+\\.[A-Za-z]{2,4}/"; if (!preg_match($email_regex, $email)) { $returnArray = array("location" => "register.php", "status" => "The email address you have entered is malformed. Please check it and try again."); } else { //check if user is already registered. $checkNameEmail = intval($this->dbConn->queryCount("SELECT COUNT(*) FROM `users` WHERE (`name` = " . $this->dbConn->quoteSmart($name) . " || `email` = " . $this->dbConn->quoteSmart($email) . ")")); if ($checkNameEmail > 0) { $returnArray = array("location" => "register.php", "status" => "Your name or email has previously been registered. Please try logging in."); } else { //check if this facility exists. $checkFacilityExists = intval($this->dbConn->queryCount("SELECT COUNT(*) FROM `facilities` WHERE `id` = " . intval($facility_id))); if ($checkFacilityExists < 1) { $returnArray = array("location" => "register.php", "status" => "That facility does not exist. Please try again.", 'class' => 'error'); } else { //register this user. $bcrypt = new Bcrypt(); $registerUser = $this->dbConn->stdQuery("INSERT INTO `users` SET `name` = " . $this->dbConn->quoteSmart($name) . ", `email` = " . $this->dbConn->quoteSmart($email) . ", `password_hash` = " . $this->dbConn->quoteSmart($bcrypt->hash($password)) . ", `usermask` = 1, `last_ip` = " . $this->dbConn->quoteSmart($_SERVER['REMOTE_ADDR']) . ", `facility_id` = " . intval($facility_id)); if (!$registerUser) { $returnArray = array("location" => "register.php", "status" => "Database errors were encountered during registration. Please try again later.", 'class' => 'error'); } else { $returnArray = array("location" => "register.php", "status" => "Registration successful. " . escape_output($name) . " can now log in.", 'class' => 'success'); } } } } } } return $returnArray; }
function file_download_description($atts) { global $thisfile; extract(lAtts(array('class' => '', 'escape' => '', 'wraptag' => ''), $atts)); if ($thisfile['description']) { $description = $escape == 'html' ? escape_output($thisfile['description']) : $thisfile['description']; return $wraptag ? doTag($description, $wraptag, $class) : $description; } }
public function displayProfile($user) { echo " <h1>" . escape_output($this->name) . ($user->isAdmin() && $this->id == $user->facility['id'] ? "<small><a href='facility.php?action=edit&id=" . intval($this->id) . "'>(edit)</a></small>" : "") . "</h1>\r\n <h3>People</h3>\r\n <table class='table table-striped table-bordered dataTable'>\r\n <thead>\r\n <tr>\r\n <th>Name</th>\r\n <th>Email</th>\r\n <th>Role</th>\r\n <th>QA Entries</th>\r\n </tr>\r\n </thead>\r\n <tbody>\n"; foreach ($this->users as $thisUser) { $thisUser = new User($this->dbConn, $thisUser['id']); echo " <tr>\r\n <td><a href='user.php?action=show&id=" . intval($thisUser->id) . "'>" . escape_output($thisUser->name) . "</a></td>\r\n <td>" . escape_output($thisUser->email) . "</td>\r\n <td>" . escape_output(convert_usermask_to_text($thisUser->usermask)) . "</td>\r\n <td>" . escape_output(count($thisUser->formEntries)) . "</td>\r\n </tr>\n"; } echo " </tbody>\r\n </table>\n"; echo " <h3>Machines</h3>\r\n <table class='table table-striped table-bordered dataTable'>\r\n <thead>\r\n <tr>\r\n <th>Name</th>\r\n <th>Type</th>\r\n <th>QA Entries</th>\r\n <th>Last Entry</th>\r\n </tr>\r\n </thead>\r\n <tbody>\n"; foreach ($this->machines as $machine) { $machine = new Machine($this->dbConn, $machine['id']); $lastEntry = new FormEntry($machine->dbConn, count($machine->formEntries) > 0 ? $machine->formEntries[0]['id'] : 0); echo " <tr>\r\n <td><a href='machine.php?action=show&id=" . intval($machine->id) . "'>" . escape_output($machine->name) . "</a></td>\r\n <td>" . escape_output($machine->machineType['name']) . "</td>\r\n <td>" . escape_output(count($machine->formEntries)) . "</td>\r\n <td>" . escape_output($lastEntry->updatedAt == '' ? "N/A" : format_mysql_timestamp($lastEntry->updatedAt)) . "</td>\r\n </tr>\n"; } echo " </tbody>\r\n </table>\n"; }
function display_history_plot($user, $form_id) { //displays plot for a particular form. try { $form = new Form($user->dbConn, $form_id); } catch (Exception $e) { echo "The form ID you provided was invalid. Please try again.\n"; return; } echo "<div id='vis'></div>\r\n <form action='#'>\r\n <input type='hidden' id='form_id' name='form_id' value='" . intval($form_id) . "' />\r\n <div class='row-fluid'>\r\n <div class='span4'>\r\n <div class='row-fluid'><h3 class='span12' style='text-align:center;'>Machines</h3></div>\r\n <div class='row-fluid'>\r\n <select multiple='multiple' id='machines' class='span12' size='10' name='machines[]'>\n"; foreach ($form->machines as $machine) { echo " <option value='" . intval($machine['id']) . "'>" . escape_output($machine['name']) . "</option>\n"; } echo " </select>\r\n </div>\r\n </div>\r\n <div class='span4'>\r\n <div class='row-fluid'><h3 class='span12' style='text-align:center;'>Fields</h3></div>\r\n <div class='row-fluid'>\r\n <select multiple='multiple' id='form_fields' class='span12' size='10' name='form_fields[]'>\n"; foreach ($form->formFields as $field) { echo " <option value='" . intval($field['id']) . "'>" . escape_output($field['name']) . "</option>\n"; } echo " </select>\r\n </div>\r\n </div>\r\n <div class='span4'>\r\n <div class='row-fluid'><h3 class='span12' style='text-align:center;'>Time Range</h3></div>\r\n <div class='row-fluid'>\r\n <div class='span12' style='text-align:center;'>(Coming soon)</div>\r\n </div>\r\n </div>\r\n </div>\r\n <div class='row-fluid'>\r\n <div class='span12' style='text-align:center;'>As a reminder, you can highlight multiple fields by either clicking and dragging, or holding down Control and clicking on the fields you want.</div>\r\n </div>\r\n <div class='form-actions'>\r\n <a class='btn btn-xlarge btn-primary' href='#' onClick='drawLargeD3Plot();'>Redraw Plot</a>\r\n </div>\r\n </form>\n"; }
function atom() { global $thisarticle; extract($GLOBALS['prefs']); define("t_texthtml", ' type="text/html"'); define("t_text", ' type="text"'); define("t_html", ' type="html"'); define("t_xhtml", ' type="xhtml"'); define('t_appxhtml', ' type="xhtml"'); define("r_relalt", ' rel="alternate"'); define("r_relself", ' rel="self"'); $area = doSlash(gps('area')); extract(doSlash(gpsa(array('category', 'section', 'limit')))); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $sitename .= $section ? ' - ' . $section : ''; $sitename .= $category ? ' - ' . $category : ''; $pub = safe_row("RealName, email", "txp_users", "privs=1"); $out[] = tag(escape_output($sitename), 'title', t_text); $out[] = tag(escape_output($site_slogan), 'subtitle', t_text); $out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />'; $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />'; $articles = array(); //Atom feeds with mail or domain name $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id'); $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"'); $out[] = tag(safe_strftime("w3cdtf", $last), 'updated'); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag(hu, 'uri'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); $query = array(); foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('atom_entry'); $e = array(); $a['posted'] = $uPosted; if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $thisauthor = get_author_name($AuthorID); $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author'); $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published'); $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated'); $escaped_title = escape_output($Title); $e['title'] = tag($escaped_title . $count, 'title', t_html); $permlink = permlinkurl($a); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />'; $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id'); $e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : ''; $e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : ''; $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if (trim($content)) { $e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html); } if (trim($summary)) { $e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html); } $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uLastMod; } } } elseif ($area == 'link') { $cfilter = $category ? "category='" . $category . "'" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc, id desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $e['title'] = tag(htmlspecialchars($linkname), 'title', t_html); $e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html); $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url); $url = preg_replace("/&((?U).*)=/", "&\\1=", $url); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />'; $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published'); $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated'); $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id'); $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!empty($articles)) { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { @ob_start("ob_gzhandler"); } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if ($imsd >= $last) { txp_status_header("304 Not Modified"); exit; } header("Last-Modified: " . gmdate('D, d M Y H:i:s \\G\\M\\T', $last)); if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id])) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { header("HTTP/1.1 304 Not Modified"); exit; } if ($etag) { header('ETag: "' . $etag . '"'); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } $out = array_merge($out, $articles); header('Content-type: application/atom+xml; charset=utf-8'); return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>'; } }
} if ($user->isAdmin()) { $facility_id = $database->queryFirstValue("SELECT `facility_id` FROM `users` WHERE `id` = " . intval($_REQUEST['id']) . " LIMIT 1"); if (!$facility_id) { display_error("Error: Invalid user ID", "Please check your ID and try again."); break; } elseif (intval($facility_id) != $user->facility['id']) { display_error("Error: Insufficient privileges", "You may only view your own facility's users."); break; } } echo "<h1>Modify a user</h1>\r\n"; display_user_edit_form($user, intval($_REQUEST['id'])); break; case 'show': $userName = $database->queryFirstValue("SELECT `name` FROM `users` WHERE `id` = " . intval($_REQUEST['id']) . " LIMIT 1"); if (!$userName) { echo "This user was not found. Please select another user and try again."; } else { echo "<h1>" . escape_output($userName) . "</h1>\r\n"; display_user_profile($user, intval($_REQUEST['id'])); } break; default: case 'index': echo "<h1>Users</h1>\r\n"; display_users($user); echo "<a href='user.php?action=new'>Add a new user</a><br />\r\n"; break; } display_footer();