Hệ thống quản lý phòng khám trực tuyến bằng PHP
1 <?php
2 $curr_dir = dirname(__FILE__);
3 include("{$curr_dir}/defaultLang.php");
4 include("{$curr_dir}/language.php");
5 include("{$curr_dir}/lib.php");
6
7 $admin_tools = new AdminTools($_REQUEST);
8
9 class AdminTools{
10 private $request, $lang;
11
12 public function __construct($request = array()){
13 global $Translation;
14
15 if(!getLoggedAdmin()) return;
16 $this->lang = $Translation;
17
18 /* process request to retrieve $this->request, and then execute the requested action */
19 $this->process_request($request);
20 echo call_user_func_array(array($this, $this->request['action']), array());
21 }
22
23 protected function process_request($request){
24 /* action must be a valid controller, else set to default (show_admin_tools) */
25 $controller = isset($request['action']) ? $request['action'] : false;
26 if(!in_array($controller, $this->controllers())) $request['action'] = 'show_admin_tools';
27
28 $this->request = $request;
29 }
30
31 /**
32 * discover the public functions in this class that can act as controllers
33 *
34 * @return array of public function names
35 */
36 protected function controllers(){
37 $rc = new ReflectionClass($this);
38 $methods = $rc->getMethods(ReflectionMethod::IS_PUBLIC);
39
40 $controllers = array();
41 foreach($methods as $mthd){
42 $controllers[] = $mthd->name;
43 }
44
45 return $controllers;
46 }
47
48 /**
49 * function to show admin tools menu for admins, or nothing otherwise
50 */
51 public function show_admin_tools(){
52 handle_maintenance();
53
54 $tablename = $this->get_table();
55
56 ob_start();
57 ?>
58
59 <div class="dropdown pull-right invisible" id="admin-tools-menu-button">
60 <button
61 type="button"
62 data-toggle="dropdown"
63 class="btn btn-danger btn-xs"
64 title="<?php echo html_attr($this->lang['Admin Information']); ?>"
65 >
66 <i class="glyphicon glyphicon-option-vertical"></i>
67 </button>
68 <div class="dropdown-menu" id="admin-tools-menu">
69 <h5><b><?php echo $this->lang['Admin Information']; ?></b></h5>
70 <div class="alert alert-danger no-owner hidden"><?php echo $this->lang['record has no owner']; ?></div>
71 <dl class="dl-horizontal">
72 <dt><?php echo $this->lang['owner']; ?></dt>
73 <dd>
74 <div class="owner-username"></div>
75 <a class="change-owner-link" href="#"><i class="glyphicon glyphicon-user"></i> <?php echo $this->lang['Change owner']; ?></a>
76 <br>
77 <a class="user-records-link" href="" target="_blank"><i class="glyphicon glyphicon-th"></i> <?php echo str_replace('<tablename>', $tablename, $this->lang['show all user records from table']); ?></a>
78 <br>
79 <a class="user-email-link" href="" target="_blank"><i class="glyphicon glyphicon-envelope"></i> <?php echo $this->lang['email this user']; ?></a>
80 </dd>
81
82 <dt><?php echo $this->lang['group']; ?></dt>
83 <dd>
84 <div class="owner-group"></div>
85 <a class="group-records-link" href="" target="_blank"><i class="glyphicon glyphicon-th"></i> <?php echo str_replace('<tablename>', $tablename, $this->lang['show all group records from table']); ?></a>
86 <br>
87 <a class="group-email-link" href="" target="_blank"><i class="glyphicon glyphicon-envelope"></i> <?php echo $this->lang['email this group']; ?></a>
88 </dd>
89
90 <dt><?php echo $this->lang['created']; ?></dt>
91 <dd class="record-created"></dd>
92
93 <dt><?php echo $this->lang['last modified']; ?></dt>
94 <dd class="record-last-modified"></dd>
95 </dl>
96 </div>
97 </div>
98
99 <div class="clearfix"></div>
100
101 <style>
102 #admin-tools-menu-button{ display: inline-block !important; }
103 #admin-tools-menu{ padding: 1em 2em; }
104 #admin-tools-menu .dl-horizontal dd, #admin-tools-menu .dl-horizontal dt{ padding: 1em 0; }
105 </style>
106
107 <?php
108 $html = ob_get_contents();
109 ob_end_clean();
110
111 return $html;
112 }
113
114 /**
115 * function to return the js code for the admin menu
116 */
117 public function get_admin_tools_js(){
118 handle_maintenance();
119
120 $record_info = $this->get_record_info();
121 if(!$record_info || $record_info == 'null') return;
122
123 @header('Content-type: application/javascript');
124 ob_start();
125 ?>
126
127 $j(function(){
128 var tablename = '<?php echo $this->get_table(); ?>';
129 var record_id = '<?php echo addslashes($this->request['id']); ?>';
130 var record_info = <?php echo $record_info; ?>;
131
132 $j('#admin-tools-menu-button')
133 .appendTo('.detail_view .panel-title:first')
134 .removeClass('invisible');
135
136 $j(window).resize(function(){
137 var dv_width = $j('.detail_view').width();
138 var menu_width = Math.min(dv_width * .9, 500);
139 $j('#admin-tools-menu').width(menu_width);
140 }).trigger('resize');
141
142 /* change owner link */
143 $j('#admin-tools-menu .change-owner-link').click(function(){
144 mass_change_owner(tablename, [record_id]);
145 setTimeout(update_username, 900);
146 return false;
147 });
148
149 /* function to update record info after 'change owner' dialog is gone */
150 var update_username = function(){
151 /* wait till any modals disappear */
152 if($j('.modal-dialog:visible').length) return setTimeout(update_username, 900);
153
154 $j.ajax({
155 url: 'ajax_admin_tools.php',
156 data: {
157 table: tablename,
158 id: record_id,
159 action: 'get_record_info'
160 },
161 success: function(ri){
162 update_record_info(ri);
163 }
164 });
165 };
166
167 /* function to update record info */
168 var update_record_info = function(ri){
169 if(ri == undefined) return;
170 $j('#admin-tools-menu .no-owner').addClass('hidden');
171 $j('#admin-tools-menu .dl-horizontal').removeClass('hidden');
172
173 if(undefined == ri.memberID){
174 $j('#admin-tools-menu .no-owner').removeClass('hidden');
175 $j('#admin-tools-menu .dl-horizontal').addClass('hidden');
176 }
177
178 $j('#admin-tools-menu .owner-username').html(ri.memberID);
179 $j('#admin-tools-menu .user-records-link').attr('href', 'admin/pageViewRecords.php?memberID=' + encodeURIComponent(ri.memberID) + '&tableName=' + encodeURIComponent(tablename));
180 $j('#admin-tools-menu .user-email-link').attr('href', 'admin/pageMail.php?memberID=' + encodeURIComponent(ri.memberID));
181
182 $j('#admin-tools-menu .owner-group').html(ri.group);
183 $j('#admin-tools-menu .group-records-link').attr('href', 'admin/pageViewRecords.php?groupID=' + encodeURIComponent(ri.groupID) + '&tableName=' + encodeURIComponent(tablename));
184 $j('#admin-tools-menu .group-email-link').attr('href', 'admin/pageMail.php?groupID=' + encodeURIComponent(ri.groupID));
185
186 $j('#admin-tools-menu .record-created').html(ri.dateAdded);
187 $j('#admin-tools-menu .record-last-modified').html(ri.dateUpdated);
188 };
189
190 update_record_info(record_info);
191 })
192 <?php
193 $js = ob_get_contents();
194 ob_end_clean();
195
196 return $js;
197 }
198
199 public function get_record_info(){
200 handle_maintenance();
201 @header('Content-type: application/json');
202
203 $table = $this->get_table();
204 $safe_id = makeSafe($this->request['id']);
205
206 $res = sql("select r.memberID, r.dateAdded, r.dateUpdated, g.groupID, g.name as 'group' from membership_userrecords r left join membership_groups g on r.groupID=g.groupID where r.tableName='{$table}' and r.pkValue='{$safe_id}'", $eo);
207 if(!$res) return 'null';
208 $rec_info = @db_fetch_assoc($res);
209
210 $admin_config = config('adminConfig');
211 $rec_info['dateAdded'] = date($admin_config['PHPDateTimeFormat'], $rec_info['dateAdded']);
212 $rec_info['dateUpdated'] = date($admin_config['PHPDateTimeFormat'], $rec_info['dateUpdated']);
213
214 return @json_encode($rec_info);
215 }
216
217 /**
218 * @brief Retrieve and validate name of current table
219 * @return table name, or false on error.
220 */
221 protected function get_table(){
222 $table_ok = true;
223
224 $table = $this->request['table'];
225 if(!$table) $table_ok = false;
226
227 if($table_ok){
228 $tables = getTableList();
229 if(!array_key_exists($table, $tables)) $table_ok = false;
230 }
231
232 if(!$table_ok) return false;
233
234 return $table;
235 }
236 }