Hệ thống quản lý phòng khám trực tuyến bằng PHP
1 <?php
2 $currDir=dirname(__FILE__);
3 include("$currDir/defaultLang.php");
4 include("$currDir/language.php");
5 include("$currDir/lib.php");
6
7 // upload paths
8 $p=array(
9 'patients' => array(
10 'image' => $Translation['ImageFolder'],
11 'primary key' => 'id'
12 ),
13 'disease_symptoms' => array(
14 'reference' => '',
15 'primary key' => 'id'
16 ),
17 'medical_records' => array(
18 'image_1' => $Translation['ImageFolder'],
19 'image_2' => $Translation['ImageFolder'],
20 'image_3' => $Translation['ImageFolder'],
21 'image_4' => $Translation['ImageFolder'],
22 'image_5' => $Translation['ImageFolder'],
23 'document_1' => $Translation['ImageFolder'],
24 'document_2' => $Translation['ImageFolder'],
25 'document_3' => $Translation['ImageFolder'],
26 'document_4' => $Translation['ImageFolder'],
27 'document_5' => $Translation['ImageFolder'],
28 'primary key' => 'id'
29 )
30 );
31
32 if(!count($p)) getLink();
33
34 // default links
35 $dL=array(
36 );
37
38 // receive user input
39 $t=$_GET['t']; // table name
40 $f=$_GET['f']; // field name
41 $i=makeSafe($_GET['i']); // id
42
43 // validate input
44 if(!in_array($t, array_keys($p))) getLink();
45 if(!in_array($f, array_keys($p[$t])) || $f=='primary key') getLink();
46 if(!$i && !$dL[$t][$f]) getLink();
47
48 // user has view access to the requested table?
49 if(!check_record_permission($t, $_GET['i'])) getLink();
50
51 // send default link if no id provided, e.g. new record
52 if(!$i){
53 $path=$p[$t][$f];
54 if(preg_match('/^(http|ftp)/i', $dL[$t][$f])){ $path=''; }
55 @header("Location: {$path}{$dL[$t][$f]}");
56 exit;
57 }
58
59 getLink($t, $f, $p[$t]['primary key'], $i, $p[$t][$f]);
60
61 function getLink($table='', $linkField='', $pk='', $id='', $path=''){
62 if(!$id || !$table || !$linkField || !$pk){ // default link to return
63 exit;
64 }
65
66 if(preg_match('/^Lookup: (.*?)::(.*?)::(.*?)$/', $path, $m)){
67 $linkID=makeSafe(sqlValue("select `$linkField` from `$table` where `$pk`='$id'"));
68 $link=sqlValue("select `{$m[3]}` from `{$m[1]}` where `{$m[2]}`='$linkID'");
69 }else{
70 $link=sqlValue("select `$linkField` from `$table` where `$pk`='$id'");
71 }
72
73 if(!$link){
74 exit;
75 }
76
77 if(preg_match('/^(http|ftp)/i', $link)){ // if the link points to an external url, don't prepend path
78 $path='';
79 }elseif(!is_file(dirname(__FILE__)."/$path$link")){ // if the file doesn't exist in the given path, try to find it without the path
80 $path='';
81 }
82
83 @header("Location: $path$link");
84 exit;
85 }