<?php
require_once 'core/init.php';
// Log the user out (logout) !
session_destroy();
// Check if token is invalid and if so re-direct
// We must do so in this file, because by including header.php first, we cannot do any header("Location: ")
// because we previously sent out information
//Note: PHP Storm's internal web server won't care about this but Apache does!
$token = isset($_GET['token']) ? $_GET['token'] : '';
if ($token != '' and is_valid_token($token)) {
// It's a valid token, so perform the re-direct.
header("Location: patient-demographic.php?token={$token}");
}
include 'templates/header.php';
include 'templates/patient-paperwork-content.php';
include 'templates/footer.php';
<?
if (!isset($_GET['token']) or !is_valid_token($_GET['token']))
die("Valid token required");
?>
<!-- Title -->
<div align="center">
<h3>Patient Symptoms Intake</h3>
<p>Have you suffered from any of the following in the last two weeks? Select all that apply.</p>
</div>
<style>
table.borderless td,table.borderless th{
border: none !important;
}
</style>
<!-- Symptom Intake Form Checklist. -->
<form action="submit_symptoms_form.php?token=<?php
echo $_GET['token'];
?>
" method="post">
<table class="table borderless" align="center" style="width: auto;">
<tr>
<td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Weight Loss">Weight Loss</label></td>
<td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Sore Throat">Sore Throat</label></td>
<td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Joint Pain">Joint Pain</label></td>
</tr>
<tr>
<td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Weight Gain">Weight Gain</label></td>
<td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Hoarse Voice">Hoarse Voice</label> </td>
<td><label class="checkbox-inline"><input type="checkbox" name="symptom[]" value="Joint Swelling">Joint Swelling</label></td>
</tr>
function forumEditCatCheck($f_cat, $f_des, $f_id2)
{
global $mysqli, $db_table_prefix, $load_page_dir, $session_token_num, $debug_website, $websiteUrl, $site_forum_main;
// Check to see if mod is updating a forum cat
if (isset($_POST['AdminEditCat'])) {
$AdminEditCat = $_POST['AdminEditCat'];
} else {
$AdminEditCat = "FALSE";
}
if (isset($_POST['forum_cat_old'])) {
$forum_cat_old = $_POST['forum_cat_old'];
} else {
$forum_cat_old = "";
}
if (isset($_POST['forum_cat_new'])) {
$forum_cat_new = $_POST['forum_cat_new'];
} else {
$forum_cat_new = "";
}
if (isset($_POST['forum_des_old'])) {
$forum_des_old = $_POST['forum_des_old'];
} else {
$forum_des_old = "";
}
if (isset($_POST['forum_des_new'])) {
$forum_des_new = $_POST['forum_des_new'];
} else {
$forum_des_new = "";
}
if (isset($_POST['forum_id_edit'])) {
$forum_id_edit = $_POST['forum_id_edit'];
} else {
$forum_id_edit = "";
}
if ($AdminEditCat == "TRUE") {
//Token validation function
if (!is_valid_token()) {
//Token does not match
err_message('Sorry, Tokens do not match! Please go back and try again.');
die;
} else {
// Update Database with new cat
$stmt = $mysqli->prepare("UPDATE " . $db_table_prefix . "forum_cat SET forum_cat=?, forum_des=? WHERE forum_id=?");
$stmt->bind_param("ssi", $forum_cat_new, $forum_des_new, $forum_id_edit);
if ($stmt->execute()) {
$stmt->close();
//Sends success message to session
//Shows user success when they are redirected
$success_msg = "You Have Successfully Updated Forum Cat!";
$_SESSION['success_msg'] = $success_msg;
//Disables auto refresh for debug stuff
if ($debug_website == 'TRUE') {
echo "<br> - DEBUG SITE ON - <BR>";
} else {
//Redirects the user
global $websiteUrl, $site_forum_cat;
$form_redir_link = "{$websiteUrl}{$site_forum_main}";
// Redirect member to their post
header("Location: {$form_redir_link}");
exit;
}
} else {
err_message('Oops. There was an error. 5468');
die;
}
}
} else {
if (isset($_POST['EditCat'])) {
$EditCat = $_POST['EditCat'];
} else {
$EditCat = "FALSE";
}
if (isset($_POST['forum_cat'])) {
$forum_cat = $_POST['forum_cat'];
} else {
$forum_cat = "";
}
if (isset($_POST['forum_des'])) {
$forum_des = $_POST['forum_des'];
} else {
$forum_des = "";
}
if (isset($_POST['forum_id_edit'])) {
$forum_id_edit = $_POST['forum_id_edit'];
} else {
$forum_id_edit = "";
}
// Make sure user has permission to edit this cat
if ((userCheckForumAdmin() || userCheckForumMod()) && ($EditCat == "TRUE" && $forum_cat == $f_cat && $f_id2 == $forum_id_edit)) {
// Mod or Admin would like to edit a cat
// Show edit forum in place of cat
echo "<form enctype=\"multipart/form-data\" action=\"\" method=\"POST\" onsubmit=\"submitmystat.disabled = true; return true;\" class='sweetform' >";
// Setup token in form // create multi sessions
if (isset($session_token_num)) {
$session_token_num = $session_token_num + 1;
} else {
$session_token_num = "1";
}
form_token();
echo "<input name=\"forum_cat_new\" type=\"text\" value=\"{$f_cat}\" style='width:200px;font-family:verdana;font-size:12px;font-weight:bold'><BR>";
echo "<input name=\"forum_des_new\" type=\"text\" value=\"{$f_des}\" style='width:300px;font-family:verdana;font-size:12px;font-weight:normal'>";
echo "<input type=\"hidden\" name=\"forum_cat_old\" value=\"{$f_cat}\" />";
echo "<input type=\"hidden\" name=\"forum_des_old\" value=\"{$f_des}\" />";
echo "<input type=\"hidden\" name=\"forum_id_edit\" value=\"{$f_id2}\" />";
echo "<input type=\"hidden\" name=\"AdminEditCat\" value=\"TRUE\" />";
echo "<input type=\"submit\" value=\"Update\" name=\"Update\" class=\"sweet\" onClick=\"this.value = 'Please Wait....'\" />";
echo "</form>";
} else {
global $websiteUrl, $site_forum_cat;
echo "<h3><a href='{$websiteUrl}{$site_forum_main}?1=forum_display&2={$f_cat}&3{$f_id2}/' title='{$f_cat}' ALT='{$f_cat}'>{$f_cat}</a></h3>";
echo " - {$f_des}";
}
}
}
<?php
if (isUserLoggedIn()) {
// saving script
// get the variables from the URL POST string
global $websiteName, $site_forum_main;
//Token validation function
if (!is_valid_token()) {
//Token does not match
err_message('Sorry, Tokens do not match! Please go back and try again.');
} else {
// Page title
$stc_page_title = "{$websiteName} Forum";
// Page Description
$stc_page_description = "Welcome to {$websiteName} Forum. Ask questions and get answers from fellow members.";
// Run Top of page func
style_header_content($stc_page_title, $stc_page_description);
// Which database do we use
$stc_page_sel = "Forum";
if (isset($_POST['forum_id'])) {
$forum_id = $_POST['forum_id'];
} else {
$forum_id = "";
}
if (isset($_POST['forum_post_id'])) {
$forum_post_id = $_POST['forum_post_id'];
} else {
$forum_post_id = "";
}
if (isset($_POST['forum_title'])) {
$forum_title = $_POST['forum_title'];
<?php
/**
* The entrypoint for patient intake paperwork (where the patient inserts information into the iPad).
*/
// Note isset is a language construct, not a function, which is why it won't error if token isn't an index $_GET[]
// This is one of many many bad design choices PHP makes
$token = isset($_GET['token']) ? $_GET['token'] : '';
$current_file_name = basename($_SERVER['PHP_SELF']);
if ($token == '') {
no_token_provided();
} elseif (!is_valid_token($token)) {
invalid_token();
}
function invalid_token()
{
$current_file_name = basename($_SERVER['PHP_SELF']);
echo "<center><h1>Invalid Token</h1>Token is invalid. ";
die("<a href = '{$current_file_name}'>Please click here to re-enter it.</a>");
}
function no_token_provided()
{
$current_file_name = basename($_SERVER['PHP_SELF']);
// Echo using heredoc syntax. Echo's everything between the EOD keywords
echo <<<EOD
<style>body {
font-size: 20px;
input { }
</style>
<center><h1>Token Entry</h1>
