示例#1
0
 public function getOutput()
 {
     $tpl = new \template("mypatients/container");
     // user data
     $user = \dbConn::queryRow("SELECT userid, firstname, lastname, rfid, email, state \n                                    FROM :prefix:user WHERE userId = :0", $_SESSION['userId']);
     $tpl->insert("firstname", $user['firstname']);
     $tpl->insert("lastname", $user['lastname']);
     $tpl->insert("userid", $user['userid']);
     $tpl->insert("rfid", $user['rfid']);
     $tpl->insert("email", $user['email']);
     foreach (\dbConn::query("SELECT * FROM :prefix:user_state") as $r) {
         $tpl->insert("states", $r['name'] == $user['state'] ? "<option value=\"{$r['name']}\" selected>{$r['display']}</option>" : "<option value=\"{$r['name']}\">{$r['display']}</option>");
     }
     // insert patients
     $hasPatients = false;
     $visit = null;
     foreach (\dbConn::query("\n                                    SELECT firstname, lastname, patientId\n                                    FROM :prefix:visit AS v\n                                    INNER JOIN :prefix:patient AS p\n                                    ON v.patient = p.patientId\n                                    WHERE user = :0\n                                    ORDER BY firstname", $_SESSION['userId']) as $r) {
         $tpl->insert("patients", "<option value=\"{$r['patientId']}\">{$r['firstname']} {$r['lastname']}</option>");
         if (!$hasPatients) {
             $visit = \dbConn::queryRow("SELECT * FROM :prefix:visit WHERE user = :0 AND patient = :1", $_SESSION['userId'], $r['patientId']);
         }
         $hasPatients = true;
     }
     $visitTpl = new \template("visitors/edit.visit");
     // relation
     foreach (\dbConn::query("SELECT * FROM :prefix:relation ORDER BY name ASC") as $r) {
         $visitTpl->insert("relations", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['relation'] ? " selected" : "") . ">{$r['name']}</option>");
     }
     // description
     $visitTpl->insert("description", $visit['description']);
     // scent
     foreach (\dbConn::query("SELECT * FROM :prefix:scent ORDER BY name ASC") as $r) {
         $visitTpl->insert("scents", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['scent'] ? " selected" : "") . ">{$r['name']}</option>");
     }
     // images
     $imgCount = 0;
     foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Image') as $img) {
         $visitTpl->insert("image" . ($imgCount + 1), ROOT . "media/image/" . $img['path']);
         $imgCount++;
     }
     for ($i = $imgCount + 1; $i <= 3; $i++) {
         $visitTpl->insert("image" . $i, ROOT . "images/icons/image.png");
     }
     // audios
     $audioCount = 0;
     foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Audio') as $audio) {
         $visitTpl->insert("audio" . ($audioCount + 1), ROOT . "images/icons/audio.png");
         $audioCount++;
     }
     for ($i = $audioCount + 1; $i <= 3; $i++) {
         $visitTpl->insert("audio" . $i, ROOT . "images/icons/plus.png");
     }
     $tpl->insert("visit", $visitTpl->getOutput());
     return $tpl->getOutput();
 }
示例#2
0
 /**
  * Gets the html output and handles form inputs.
  *
  * @return string Html output.
  */
 public function getOutput()
 {
     switch ($this->viewpoint) {
         // ######################################################################################################
         case "overview":
             $tpl = new \template("patients/container");
             $query = "";
             if ($_SESSION['isAdmin']) {
                 $query = "SELECT \n                                patientId,\n                                firstname, \n                                lastname,\n                                room\n                            FROM :prefix:patient\n                            ORDER BY lastname ASC";
             } else {
                 $query = "SELECT \n                                patientId,\n                                firstname, \n                                lastname,\n                                room\n                            FROM :prefix:patient\n                            WHERE patientId IN (SELECT patientId FROM :prefix:visit WHERE user = "******")\n                            ORDER BY lastname ASC";
             }
             foreach (\dbConn::query($query) as $r) {
                 $p = new \template("patients/patient");
                 $p->insert("id", $r['patientId']);
                 $p->insert("firstname", $r['firstname']);
                 $p->insert("lastname", $r['lastname']);
                 $p->insert("room", $r['room']);
                 $p->insert("visitorcount", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE patient = :0", $r['patientId']));
                 $p->insert("destination", ROOT . "patients" . "/" . $r['patientId']);
                 $tpl->insert("patients", $p);
             }
             return $tpl->getOutput();
             break;
             // ######################################################################################################
         // ######################################################################################################
         case "edit":
             $result = null;
             $tpl = new \template("patients/edit");
             $tpl->insert("id", $_GET['par2']);
             if (isset($_POST['save'])) {
                 $error = "";
                 if (!$this->saveChanges($error)) {
                     $result = new \template("alerts/danger");
                     $result->insert("caption", "Fehler");
                     $result->insert("text", $error);
                     $tpl->insert("firstname", $_POST['firstname']);
                     $tpl->insert("lastname", $_POST['lastname']);
                     $tpl->insert("room", $_POST['room']);
                     $tpl->insert("birthday", (new \DateTime($_POST['birthday']))->format("d.m.Y"));
                 } else {
                     $result = new \template("alerts/success");
                     $result->insert("caption", "Erfolgreich");
                     $result->insert("text", "Änderungen wurden erfolgreich gespeichert.");
                 }
             }
             $data = \dbConn::queryRow("SELECT * FROM :prefix:patient WHERE patientId = :0", $_GET['par2']);
             if (isset($result)) {
                 $tpl->insert("result", $result);
                 if ($error == "") {
                     $tpl->insert("firstname", $data['firstname']);
                     $tpl->insert("lastname", $data['lastname']);
                     $tpl->insert("room", $data['room']);
                     $tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y"));
                 }
             } else {
                 $tpl->insert("firstname", $data['firstname']);
                 $tpl->insert("lastname", $data['lastname']);
                 $tpl->insert("room", $data['room']);
                 $tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y"));
             }
             foreach (\dbConn::query("\n                    SELECT firstname, lastname\n                    FROM :prefix:visit AS v\n                    INNER JOIN :prefix:user AS u\n                    ON v.user = u.userId\n                    WHERE v.patient = :0\n                ", $_GET['par2']) as $r) {
                 $tpl->insert("visitors", "<option>" . $r['firstname'] . " " . $r['lastname'] . "</option>");
             }
             return $tpl->getOutput();
             break;
             // ######################################################################################################
         // ######################################################################################################
         case "new":
             if (!$_SESSION['isAdmin']) {
                 return "<h1>Zugriff verweigert</h1>";
             }
             $tpl = new \template("patients/new");
             return $tpl->getOutput();
             break;
     }
 }
示例#3
0
 } else {
     if ($colSum == 0) {
         $colSum = $colSize;
     }
     $colSum += $colSize;
     $planTpl->insert("tableCount", $colSize);
 }
 foreach ($values['productions'] as $prod) {
     $pr = new template("production");
     $pr->insert("name", $prod);
     $pr->insert("nameEscaped", rawurlencode($prod));
     $pr->insert("plan", rawurlencode($plan));
     $pr->insert("url", rawurlencode(URL . "/"));
     $pr->insert("organisation", rawurlencode(ORGANISATION));
     $pr->insert("webmaster", WEBMASTER);
     $master = dbConn::queryRow("SELECT masterName, masterEmail FROM :prefix:production\n                                        WHERE plan = :0 AND name = :1", $plan, $prod);
     $pr->insert("masterName", $master['masterName']);
     $pr->insert("masterEmail", $master['masterEmail']);
     $planTpl->insert("productions", $pr->getOutput());
 }
 foreach ($values['shifts'] as $sh) {
     $t = new template("shift");
     $t->insert("fromToDate", substr(str_replace(":00-", " - ", $sh), 0, 13));
     $shiftId = dbConn::querySingle("SELECT shiftId FROM :prefix:shift WHERE \n                plan = :0 AND fromDate = :1 AND toDate = :2 ", $plan, explode("-", str_replace(":", "", $sh))[0], explode("-", str_replace(":", "", $sh))[1]);
     foreach ($values['productions'] as $prod) {
         // separate tables
         if (!in_array($prod, $values['productions'])) {
             continue;
         }
         $has = false;
         $required = 0;
示例#4
0
 public function getOutput()
 {
     switch ($this->viewpoint) {
         case "overview":
             $tpl = new \template("visitors/container");
             foreach (\dbConn::query("SELECT * FROM :prefix:user ORDER BY lastname ASC") as $r) {
                 $v = new \template("visitors/visitor");
                 $v->insert("firstname", $r['firstname']);
                 $v->insert("id", $r['userId']);
                 $v->insert("lastname", $r['lastname']);
                 $v->insert("rfid", $r['rfid']);
                 $v->insert("patients", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE user = :0", $r['userId']));
                 $v->insert("lastvisit", \dbConn::querySingle("\n                                                                    SELECT DATE_FORMAT(MAX(h.created), '%d.%m.%y %H:%i')\n                                                                    FROM :prefix:visit AS v\n                                                                    INNER JOIN :prefix:visit_history AS h\n                                                                    ON v.visitId = h.visitId\n                                                                    WHERE v.user = :0\n                                                                ", $r['userId']));
                 $v->insert("destination", ROOT . "visitors/" . $r['userId']);
                 $tpl->insert("visitors", $v);
             }
             return $tpl->getOutput();
             break;
             // ######################################################################################################
         // ######################################################################################################
         case "new":
             $tpl = new \template("visitors/new");
             return $tpl;
             break;
             // ######################################################################################################
         // ######################################################################################################
         case "edit":
             $hasPatients = false;
             $visit = null;
             $tpl = new \template("visitors/edit.container");
             // user data
             $user = \dbConn::queryRow("SELECT userid, firstname, lastname, rfid, email, state \n                                            FROM :prefix:user WHERE userId = :0", $_GET['par2']);
             $tpl->insert("firstname", $user['firstname']);
             $tpl->insert("lastname", $user['lastname']);
             $tpl->insert("userid", $user['userid']);
             $tpl->insert("rfid", $user['rfid']);
             $tpl->insert("email", $user['email']);
             foreach (\dbConn::query("SELECT * FROM :prefix:user_state") as $r) {
                 $tpl->insert("states", $r['name'] == $user['state'] ? "<option value=\"{$r['name']}\" selected>{$r['display']}</option>" : "<option value=\"{$r['name']}\">{$r['display']}</option>");
             }
             // insert patients
             foreach (\dbConn::query("\n                                            SELECT firstname, lastname, patientId\n                                            FROM :prefix:visit AS v\n                                            INNER JOIN :prefix:patient AS p\n                                            ON v.patient = p.patientId\n                                            WHERE user = :0\n                                            ORDER BY firstname", $_GET['par2']) as $r) {
                 $tpl->insert("patients", "<option value=\"{$r['patientId']}\">{$r['firstname']} {$r['lastname']}</option>");
                 if (!$hasPatients) {
                     $visit = \dbConn::queryRow("SELECT * FROM :prefix:visit WHERE user = :0 AND patient = :1", $_GET['par2'], $r['patientId']);
                 }
                 $hasPatients = true;
             }
             $visitTpl = new \template("visitors/edit.visit");
             // relation
             foreach (\dbConn::query("SELECT * FROM :prefix:relation ORDER BY name ASC") as $r) {
                 $visitTpl->insert("relations", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['relation'] ? " selected" : "") . ">{$r['name']}</option>");
             }
             // description
             $visitTpl->insert("description", $visit['description']);
             // scent
             foreach (\dbConn::query("SELECT * FROM :prefix:scent ORDER BY name ASC") as $r) {
                 $visitTpl->insert("scents", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['scent'] ? " selected" : "") . ">{$r['name']}</option>");
             }
             // images
             $imgCount = 0;
             foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Image') as $img) {
                 $visitTpl->insert("image" . ($imgCount + 1), ROOT . "media/image/" . $img['path']);
                 $imgCount++;
             }
             for ($i = $imgCount + 1; $i <= 3; $i++) {
                 $visitTpl->insert("image" . $i, ROOT . "images/icons/image.png");
             }
             // audios
             $audioCount = 0;
             foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Audio') as $audio) {
                 $visitTpl->insert("audio" . ($audioCount + 1), ROOT . "images/icons/audio.png");
                 $audioCount++;
             }
             for ($i = $audioCount + 1; $i <= 3; $i++) {
                 $visitTpl->insert("audio" . $i, ROOT . "images/icons/plus.png");
             }
             $tpl->insert("visit", $visitTpl->getOutput());
             return $tpl->getOutput();
             break;
     }
 }
示例#5
0
// no user logged on
if (!isset($_SESSION['user'])) {
    header("location: " . ROOT . "admin/");
    die;
} else {
    if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:admin WHERE adminId = :0", $_SESSION['user']) < 1) {
        unset($_SESSION['user']);
        header("location: " . ROOT . "admin/");
        die;
    } else {
        if (isset($_GET['filename'])) {
            $name = BASEDIR . "../files/backups/" . $_GET['filename'];
            if (!file_exists($name) || $_GET['filename'] == "backup.php") {
                header("location: " . ROOT);
                die;
            }
            actionLogger::write(dbConn::querySingle("SELECT moduleId FROM :prefix:module WHERE class = 'backup'"), actionType::DOWNLOAD, dbConn::queryRow("SELECT * FROM :prefix:backup WHERE filename = :0", $_GET['filename']));
            $fp = fopen($name, 'rb');
            header("Pragma: public");
            header("Expires: 0");
            header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
            header("Cache-Control: public");
            header("Content-Description: File Transfer");
            header("Content-type: application/octet-stream");
            header("Content-Transfer-Encoding: binary");
            header("Content-Length: " . filesize($name));
            ob_end_flush();
            @readfile($name);
        }
    }
}
示例#6
0
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) < 1) {
    array_push($errors, array(110 => "invalid rfid code. code not in use"));
}
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:patient WHERE room = :0", $_GET['room']) < 1) {
    array_push($errors, array(111 => "invalid room id. room not in use"));
}
dieOnErrors($errors);
// check if user account is in active state
if (dbConn::querySingle("SELECT state FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) != "activated") {
    array_push($errors, array(116 => "user disabled"));
    dieOnErrors($errors);
}
// check if user is allowed to visit given room
if (dbConn::querySingle("\n            SELECT COUNT(*)\n            FROM :prefix:visit AS v\n            INNER JOIN :prefix:patient AS p\n            ON v.patient = p.patientId\n            INNER JOIN :prefix:user AS u\n            ON v.user = u.userId\n            WHERE p.room = :0 AND u.rfid = :1\n        ", $_GET['room'], $_GET['rfid']) < 1) {
    array_push($errors, array(115 => "permission denied"));
}
dieOnErrors($errors);
// all data is valid and user has access
// now create the response
// collect required data
$user = dbConn::queryRow("SELECT * FROM :prefix:user WHERE rfid = :0", $_GET['rfid']);
$visit = dbConn::queryRow("\n                        SELECT * \n                        FROM :prefix:visit AS v\n                        INNER JOIN :prefix:patient AS p\n                        ON v.patient = p.patientId\n                        WHERE p.room = :0 AND user = :1\n                    ", $_GET['room'], $user['userId']);
$media = array();
foreach (dbConn::query("SELECT type, path FROM :prefix:visit_media WHERE visitId = :0", $visit['visitId']) as $r) {
    $r['path'] = URL . "/media/" . strtolower($r['type']) . "/" . $r['path'];
    array_push($media, $r);
}
$response = array("success" => array("firstname" => $user['firstname'], "lastname" => $user['lastname'], "email" => $user['email'], "relation" => $visit['relation'], "scent" => $visit['scent'], "description" => $visit['description'], "media" => $media, "lastvisit" => dbConn::querySingle("SELECT MAX(created) FROM :prefix:visit_history WHERE visitId = :0", $visit['visitId'])));
dbConn::execute("INSERT INTO :prefix:visit_history (visitId) VALUES (:0);", $visit['visitId']);
header('Content-type: application/json');
echo json_encode($response, JSON_PRETTY_PRINT);