public function getOutput() { $tpl = new \template("mypatients/container"); // user data $user = \dbConn::queryRow("SELECT userid, firstname, lastname, rfid, email, state \n FROM :prefix:user WHERE userId = :0", $_SESSION['userId']); $tpl->insert("firstname", $user['firstname']); $tpl->insert("lastname", $user['lastname']); $tpl->insert("userid", $user['userid']); $tpl->insert("rfid", $user['rfid']); $tpl->insert("email", $user['email']); foreach (\dbConn::query("SELECT * FROM :prefix:user_state") as $r) { $tpl->insert("states", $r['name'] == $user['state'] ? "<option value=\"{$r['name']}\" selected>{$r['display']}</option>" : "<option value=\"{$r['name']}\">{$r['display']}</option>"); } // insert patients $hasPatients = false; $visit = null; foreach (\dbConn::query("\n SELECT firstname, lastname, patientId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE user = :0\n ORDER BY firstname", $_SESSION['userId']) as $r) { $tpl->insert("patients", "<option value=\"{$r['patientId']}\">{$r['firstname']} {$r['lastname']}</option>"); if (!$hasPatients) { $visit = \dbConn::queryRow("SELECT * FROM :prefix:visit WHERE user = :0 AND patient = :1", $_SESSION['userId'], $r['patientId']); } $hasPatients = true; } $visitTpl = new \template("visitors/edit.visit"); // relation foreach (\dbConn::query("SELECT * FROM :prefix:relation ORDER BY name ASC") as $r) { $visitTpl->insert("relations", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['relation'] ? " selected" : "") . ">{$r['name']}</option>"); } // description $visitTpl->insert("description", $visit['description']); // scent foreach (\dbConn::query("SELECT * FROM :prefix:scent ORDER BY name ASC") as $r) { $visitTpl->insert("scents", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['scent'] ? " selected" : "") . ">{$r['name']}</option>"); } // images $imgCount = 0; foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Image') as $img) { $visitTpl->insert("image" . ($imgCount + 1), ROOT . "media/image/" . $img['path']); $imgCount++; } for ($i = $imgCount + 1; $i <= 3; $i++) { $visitTpl->insert("image" . $i, ROOT . "images/icons/image.png"); } // audios $audioCount = 0; foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Audio') as $audio) { $visitTpl->insert("audio" . ($audioCount + 1), ROOT . "images/icons/audio.png"); $audioCount++; } for ($i = $audioCount + 1; $i <= 3; $i++) { $visitTpl->insert("audio" . $i, ROOT . "images/icons/plus.png"); } $tpl->insert("visit", $visitTpl->getOutput()); return $tpl->getOutput(); }
/** * Gets the html output and handles form inputs. * * @return string Html output. */ public function getOutput() { switch ($this->viewpoint) { // ###################################################################################################### case "overview": $tpl = new \template("patients/container"); $query = ""; if ($_SESSION['isAdmin']) { $query = "SELECT \n patientId,\n firstname, \n lastname,\n room\n FROM :prefix:patient\n ORDER BY lastname ASC"; } else { $query = "SELECT \n patientId,\n firstname, \n lastname,\n room\n FROM :prefix:patient\n WHERE patientId IN (SELECT patientId FROM :prefix:visit WHERE user = "******")\n ORDER BY lastname ASC"; } foreach (\dbConn::query($query) as $r) { $p = new \template("patients/patient"); $p->insert("id", $r['patientId']); $p->insert("firstname", $r['firstname']); $p->insert("lastname", $r['lastname']); $p->insert("room", $r['room']); $p->insert("visitorcount", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE patient = :0", $r['patientId'])); $p->insert("destination", ROOT . "patients" . "/" . $r['patientId']); $tpl->insert("patients", $p); } return $tpl->getOutput(); break; // ###################################################################################################### // ###################################################################################################### case "edit": $result = null; $tpl = new \template("patients/edit"); $tpl->insert("id", $_GET['par2']); if (isset($_POST['save'])) { $error = ""; if (!$this->saveChanges($error)) { $result = new \template("alerts/danger"); $result->insert("caption", "Fehler"); $result->insert("text", $error); $tpl->insert("firstname", $_POST['firstname']); $tpl->insert("lastname", $_POST['lastname']); $tpl->insert("room", $_POST['room']); $tpl->insert("birthday", (new \DateTime($_POST['birthday']))->format("d.m.Y")); } else { $result = new \template("alerts/success"); $result->insert("caption", "Erfolgreich"); $result->insert("text", "Änderungen wurden erfolgreich gespeichert."); } } $data = \dbConn::queryRow("SELECT * FROM :prefix:patient WHERE patientId = :0", $_GET['par2']); if (isset($result)) { $tpl->insert("result", $result); if ($error == "") { $tpl->insert("firstname", $data['firstname']); $tpl->insert("lastname", $data['lastname']); $tpl->insert("room", $data['room']); $tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y")); } } else { $tpl->insert("firstname", $data['firstname']); $tpl->insert("lastname", $data['lastname']); $tpl->insert("room", $data['room']); $tpl->insert("birthday", (new \DateTime($data['birth']))->format("d.m.Y")); } foreach (\dbConn::query("\n SELECT firstname, lastname\n FROM :prefix:visit AS v\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE v.patient = :0\n ", $_GET['par2']) as $r) { $tpl->insert("visitors", "<option>" . $r['firstname'] . " " . $r['lastname'] . "</option>"); } return $tpl->getOutput(); break; // ###################################################################################################### // ###################################################################################################### case "new": if (!$_SESSION['isAdmin']) { return "<h1>Zugriff verweigert</h1>"; } $tpl = new \template("patients/new"); return $tpl->getOutput(); break; } }
} else { if ($colSum == 0) { $colSum = $colSize; } $colSum += $colSize; $planTpl->insert("tableCount", $colSize); } foreach ($values['productions'] as $prod) { $pr = new template("production"); $pr->insert("name", $prod); $pr->insert("nameEscaped", rawurlencode($prod)); $pr->insert("plan", rawurlencode($plan)); $pr->insert("url", rawurlencode(URL . "/")); $pr->insert("organisation", rawurlencode(ORGANISATION)); $pr->insert("webmaster", WEBMASTER); $master = dbConn::queryRow("SELECT masterName, masterEmail FROM :prefix:production\n WHERE plan = :0 AND name = :1", $plan, $prod); $pr->insert("masterName", $master['masterName']); $pr->insert("masterEmail", $master['masterEmail']); $planTpl->insert("productions", $pr->getOutput()); } foreach ($values['shifts'] as $sh) { $t = new template("shift"); $t->insert("fromToDate", substr(str_replace(":00-", " - ", $sh), 0, 13)); $shiftId = dbConn::querySingle("SELECT shiftId FROM :prefix:shift WHERE \n plan = :0 AND fromDate = :1 AND toDate = :2 ", $plan, explode("-", str_replace(":", "", $sh))[0], explode("-", str_replace(":", "", $sh))[1]); foreach ($values['productions'] as $prod) { // separate tables if (!in_array($prod, $values['productions'])) { continue; } $has = false; $required = 0;
public function getOutput() { switch ($this->viewpoint) { case "overview": $tpl = new \template("visitors/container"); foreach (\dbConn::query("SELECT * FROM :prefix:user ORDER BY lastname ASC") as $r) { $v = new \template("visitors/visitor"); $v->insert("firstname", $r['firstname']); $v->insert("id", $r['userId']); $v->insert("lastname", $r['lastname']); $v->insert("rfid", $r['rfid']); $v->insert("patients", \dbConn::querySingle("SELECT COUNT(*) FROM :prefix:visit WHERE user = :0", $r['userId'])); $v->insert("lastvisit", \dbConn::querySingle("\n SELECT DATE_FORMAT(MAX(h.created), '%d.%m.%y %H:%i')\n FROM :prefix:visit AS v\n INNER JOIN :prefix:visit_history AS h\n ON v.visitId = h.visitId\n WHERE v.user = :0\n ", $r['userId'])); $v->insert("destination", ROOT . "visitors/" . $r['userId']); $tpl->insert("visitors", $v); } return $tpl->getOutput(); break; // ###################################################################################################### // ###################################################################################################### case "new": $tpl = new \template("visitors/new"); return $tpl; break; // ###################################################################################################### // ###################################################################################################### case "edit": $hasPatients = false; $visit = null; $tpl = new \template("visitors/edit.container"); // user data $user = \dbConn::queryRow("SELECT userid, firstname, lastname, rfid, email, state \n FROM :prefix:user WHERE userId = :0", $_GET['par2']); $tpl->insert("firstname", $user['firstname']); $tpl->insert("lastname", $user['lastname']); $tpl->insert("userid", $user['userid']); $tpl->insert("rfid", $user['rfid']); $tpl->insert("email", $user['email']); foreach (\dbConn::query("SELECT * FROM :prefix:user_state") as $r) { $tpl->insert("states", $r['name'] == $user['state'] ? "<option value=\"{$r['name']}\" selected>{$r['display']}</option>" : "<option value=\"{$r['name']}\">{$r['display']}</option>"); } // insert patients foreach (\dbConn::query("\n SELECT firstname, lastname, patientId\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE user = :0\n ORDER BY firstname", $_GET['par2']) as $r) { $tpl->insert("patients", "<option value=\"{$r['patientId']}\">{$r['firstname']} {$r['lastname']}</option>"); if (!$hasPatients) { $visit = \dbConn::queryRow("SELECT * FROM :prefix:visit WHERE user = :0 AND patient = :1", $_GET['par2'], $r['patientId']); } $hasPatients = true; } $visitTpl = new \template("visitors/edit.visit"); // relation foreach (\dbConn::query("SELECT * FROM :prefix:relation ORDER BY name ASC") as $r) { $visitTpl->insert("relations", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['relation'] ? " selected" : "") . ">{$r['name']}</option>"); } // description $visitTpl->insert("description", $visit['description']); // scent foreach (\dbConn::query("SELECT * FROM :prefix:scent ORDER BY name ASC") as $r) { $visitTpl->insert("scents", "<option value=\"{$r['name']}\"" . ($r['name'] == $visit['scent'] ? " selected" : "") . ">{$r['name']}</option>"); } // images $imgCount = 0; foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Image') as $img) { $visitTpl->insert("image" . ($imgCount + 1), ROOT . "media/image/" . $img['path']); $imgCount++; } for ($i = $imgCount + 1; $i <= 3; $i++) { $visitTpl->insert("image" . $i, ROOT . "images/icons/image.png"); } // audios $audioCount = 0; foreach (\dbConn::query("SELECT * FROM :prefix:visit_media WHERE visitId = :0 AND type = :1", $visit['visitId'], 'Audio') as $audio) { $visitTpl->insert("audio" . ($audioCount + 1), ROOT . "images/icons/audio.png"); $audioCount++; } for ($i = $audioCount + 1; $i <= 3; $i++) { $visitTpl->insert("audio" . $i, ROOT . "images/icons/plus.png"); } $tpl->insert("visit", $visitTpl->getOutput()); return $tpl->getOutput(); break; } }
// no user logged on if (!isset($_SESSION['user'])) { header("location: " . ROOT . "admin/"); die; } else { if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:admin WHERE adminId = :0", $_SESSION['user']) < 1) { unset($_SESSION['user']); header("location: " . ROOT . "admin/"); die; } else { if (isset($_GET['filename'])) { $name = BASEDIR . "../files/backups/" . $_GET['filename']; if (!file_exists($name) || $_GET['filename'] == "backup.php") { header("location: " . ROOT); die; } actionLogger::write(dbConn::querySingle("SELECT moduleId FROM :prefix:module WHERE class = 'backup'"), actionType::DOWNLOAD, dbConn::queryRow("SELECT * FROM :prefix:backup WHERE filename = :0", $_GET['filename'])); $fp = fopen($name, 'rb'); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-type: application/octet-stream"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($name)); ob_end_flush(); @readfile($name); } } }
if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) < 1) { array_push($errors, array(110 => "invalid rfid code. code not in use")); } if (dbConn::querySingle("SELECT COUNT(*) FROM :prefix:patient WHERE room = :0", $_GET['room']) < 1) { array_push($errors, array(111 => "invalid room id. room not in use")); } dieOnErrors($errors); // check if user account is in active state if (dbConn::querySingle("SELECT state FROM :prefix:user WHERE rfid = :0", $_GET['rfid']) != "activated") { array_push($errors, array(116 => "user disabled")); dieOnErrors($errors); } // check if user is allowed to visit given room if (dbConn::querySingle("\n SELECT COUNT(*)\n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n INNER JOIN :prefix:user AS u\n ON v.user = u.userId\n WHERE p.room = :0 AND u.rfid = :1\n ", $_GET['room'], $_GET['rfid']) < 1) { array_push($errors, array(115 => "permission denied")); } dieOnErrors($errors); // all data is valid and user has access // now create the response // collect required data $user = dbConn::queryRow("SELECT * FROM :prefix:user WHERE rfid = :0", $_GET['rfid']); $visit = dbConn::queryRow("\n SELECT * \n FROM :prefix:visit AS v\n INNER JOIN :prefix:patient AS p\n ON v.patient = p.patientId\n WHERE p.room = :0 AND user = :1\n ", $_GET['room'], $user['userId']); $media = array(); foreach (dbConn::query("SELECT type, path FROM :prefix:visit_media WHERE visitId = :0", $visit['visitId']) as $r) { $r['path'] = URL . "/media/" . strtolower($r['type']) . "/" . $r['path']; array_push($media, $r); } $response = array("success" => array("firstname" => $user['firstname'], "lastname" => $user['lastname'], "email" => $user['email'], "relation" => $visit['relation'], "scent" => $visit['scent'], "description" => $visit['description'], "media" => $media, "lastvisit" => dbConn::querySingle("SELECT MAX(created) FROM :prefix:visit_history WHERE visitId = :0", $visit['visitId']))); dbConn::execute("INSERT INTO :prefix:visit_history (visitId) VALUES (:0);", $visit['visitId']); header('Content-type: application/json'); echo json_encode($response, JSON_PRETTY_PRINT);