Hệ thống quản lý phòng khám trực tuyến bằng PHP
1 <?php
2 $currDir=dirname(__FILE__);
3 include("$currDir/defaultLang.php");
4 include("$currDir/language.php");
5 include("$currDir/lib.php");
6
7 $adminConfig = config('adminConfig');
8
9 /* no access for guests */
10 $mi = getMemberInfo();
11 if(!$mi['username'] || $mi['group'] == $adminConfig['anonymousGroup']){
12 @header('Location: index.php'); exit;
13 }
14
15 /* save profile */
16 if($_POST['action'] == 'saveProfile'){
17 if(!csrf_token(true)){
18 echo $Translation['error:'];
19 exit;
20 }
21
22 /* process inputs */
23 $email=isEmail($_POST['email']);
24 $custom1=makeSafe($_POST['custom1']);
25 $custom2=makeSafe($_POST['custom2']);
26 $custom3=makeSafe($_POST['custom3']);
27 $custom4=makeSafe($_POST['custom4']);
28
29 /* validate email */
30 if(!$email){
31 echo "{$Translation['error:']} {$Translation['email invalid']}";
32 echo "<script>$$('label[for=\"email\"]')[0].pulsate({ pulses: 10, duration: 4 }); $('email').activate();</script>";
33 exit;
34 }
35
36 /* update profile */
37 $updateDT = date($adminConfig['PHPDateTimeFormat']);
38 sql("UPDATE `membership_users` set email='$email', custom1='$custom1', custom2='$custom2', custom3='$custom3', custom4='$custom4', comments=CONCAT_WS('\\n', comments, 'member updated his profile on $updateDT from IP address {$mi[IP]}') WHERE memberID='{$mi['username']}'", $eo);
39
40 // hook: member_activity
41 if(function_exists('member_activity')){
42 $args=array();
43 member_activity($mi, 'profile', $args);
44 }
45
46 exit;
47 }
48
49 /* change password */
50 if($_POST['action'] == 'changePassword' && $mi['username'] != $adminConfig['adminUsername']){
51 if(!csrf_token(true)){
52 echo $Translation['error:'];
53 exit;
54 }
55
56 /* process inputs */
57 $oldPassword=$_POST['oldPassword'];
58 $newPassword=$_POST['newPassword'];
59
60 /* validate password */
61 if(md5($oldPassword) != sqlValue("SELECT `passMD5` FROM `membership_users` WHERE memberID='{$mi['username']}'")){
62 echo "{$Translation['error:']} {$Translation['Wrong password']}";
63 echo "<script>$$('label[for=\"old-password\"]')[0].pulsate({ pulses: 10, duration: 4 }); $('old-password').activate();</script>";
64 exit;
65 }
66 if(strlen($newPassword) < 4){
67 echo "{$Translation['error:']} {$Translation['password invalid']}";
68 echo "<script>$$('label[for=\"new-password\"]')[0].pulsate({ pulses: 10, duration: 4 }); $('new-password').activate();</script>";
69 exit;
70 }
71
72 /* update password */
73 $updateDT = date($adminConfig['PHPDateTimeFormat']);
74 sql("UPDATE `membership_users` set `passMD5`='".md5($newPassword)."', `comments`=CONCAT_WS('\\n', comments, 'member changed his password on $updateDT from IP address {$mi[IP]}') WHERE memberID='{$mi['username']}'", $eo);
75
76 // hook: member_activity
77 if(function_exists('member_activity')){
78 $args=array();
79 member_activity($mi, 'password', $args);
80 }
81
82 exit;
83 }
84
85 /* get profile info */
86 /*
87 $mi already contains the profile info, as documented at:
88 https://bigprof.com/appgini/help/working-with-generated-web-database-application/hooks/memberInfo
89
90 custom field names are stored in $adminConfig['custom1'] to $adminConfig['custom4']
91 */
92 $permissions = array();
93 $userTables = getTableList();
94 if(is_array($userTables)) foreach($userTables as $tn => $tc){
95 $permissions[$tn] = getTablePermissions($tn);
96 }
97
98 /* the profile page view */
99 include_once("$currDir/header.php"); ?>
100
101 <div class="page-header">
102 <h1><?php echo sprintf($Translation['Hello user'], $mi['username']); ?></h1>
103 </div>
104 <div id="notify" class="alert alert-success" style="display: none;"></div>
105 <div id="loader" style="display: none;"><i class="glyphicon glyphicon-refresh"></i> <?php echo $Translation['Loading ...']; ?></div>
106
107 <?php echo csrf_token(); ?>
108 <div class="row">
109
110 <div class="col-md-6">
111
112 <!-- user info form -->
113 <div class="panel panel-info">
114 <div class="panel-heading">
115 <h3 class="panel-title">
116 <i class="glyphicon glyphicon-info-sign"></i>
117 <?php echo $Translation['Your info']; ?>
118 </h3>
119 </div>
120 <div class="panel-body">
121 <fieldset id="profile">
122 <div class="form-group">
123 <label for="email"><?php echo $Translation['email']; ?></label>
124 <input type="email" id="email" name="email" value="<?php echo $mi['email']; ?>" class="form-control">
125 </div>
126
127 <?php for($i=1; $i<5; $i++){ ?>
128 <div class="form-group">
129 <label for="custom<?php echo $i; ?>"><?php echo $adminConfig['custom'.$i]; ?></label>
130 <input type="text" id="custom<?php echo $i; ?>" name="custom<?php echo $i; ?>" value="<?php echo $mi['custom'][$i-1]; ?>" class="form-control">
131 </div>
132 <?php } ?>
133
134 <div class="row">
135 <div class="col-md-4 col-md-offset-4">
136 <button id="update-profile" class="btn btn-success btn-block" type="button"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation['Update profile']; ?></button>
137 </div>
138 </div>
139 </fieldset>
140 </div>
141 </div>
142
143 <!-- access permissions -->
144 <div class="panel panel-info">
145 <div class="panel-heading">
146 <h3 class="panel-title">
147 <i class="glyphicon glyphicon-lock"></i>
148 <?php echo $Translation['Your access permissions']; ?>
149 </h3>
150 </div>
151 <div class="panel-body">
152 <p><strong><?php echo $Translation['Legend']; ?></strong></p>
153 <div class="row">
154 <div class="col-xs-2 col-md-1 text-right"><img src="admin/images/stop_icon.gif"></div>
155 <div class="col-xs-10 col-md-5"><?php echo $Translation['Not allowed']; ?></div>
156 <div class="col-xs-2 col-md-1 text-right"><img src="admin/images/member_icon.gif"></div>
157 <div class="col-xs-10 col-md-5"><?php echo $Translation['Only your own records']; ?></div>
158 </div>
159 <div class="row">
160 <div class="col-xs-2 col-md-1 text-right"><img src="admin/images/members_icon.gif"></div>
161 <div class="col-xs-10 col-md-5"><?php echo $Translation['All records owned by your group']; ?></div>
162 <div class="col-xs-2 col-md-1 text-right"><img src="admin/images/approve_icon.gif"></div>
163 <div class="col-xs-10 col-md-5"><?php echo $Translation['All records']; ?></div>
164 </div>
165
166 <p class="vspacer-lg"></p>
167
168 <div class="table-responsive">
169 <table class="table table-striped table-hover table-bordered" id="permissions">
170 <thead>
171 <tr>
172 <th><?php echo $Translation['Table']; ?></th>
173 <th class="text-center"><?php echo $Translation['View']; ?></th>
174 <th class="text-center"><?php echo $Translation['Add New']; ?></th>
175 <th class="text-center"><?php echo $Translation['Edit']; ?></th>
176 <th class="text-center"><?php echo $Translation['Delete']; ?></th>
177 </tr>
178 </thead>
179 <tbody>
180 <?php foreach($permissions as $tn => $perm){ ?>
181 <tr>
182 <td><img src="<?php echo $userTables[$tn][2]; ?>"> <a href="<?php echo $tn; ?>_view.php"><?php echo $userTables[$tn][0]; ?></a></td>
183 <td class="text-center"><img src="admin/images/<?php echo permIcon($perm[2]); ?>" /></td>
184 <td class="text-center"><img src="admin/images/<?php echo ($perm[1] ? 'approve' : 'stop'); ?>_icon.gif" /></td>
185 <td class="text-center"><img src="admin/images/<?php echo permIcon($perm[3]); ?>" /></td>
186 <td class="text-center"><img src="admin/images/<?php echo permIcon($perm[4]); ?>" /></td>
187 </tr>
188 <?php } ?>
189 </tbody>
190 </table>
191 </div>
192 </div>
193 </div>
194
195 </div>
196
197 <div class="col-md-6">
198
199 <!-- group and IP address -->
200 <div class="panel panel-info">
201 <div class="panel-body">
202 <div class="form-group">
203 <label><?php echo $Translation['Your IP address']; ?></label>
204 <div class="form-control-static"><?php echo $mi['IP']; ?></div>
205 </div>
206 </div>
207 </div>
208
209 <!-- group and IP address -->
210 <div class="panel panel-info">
211 <div class="panel-body">
212 <div class="form-group">
213 <label><?php echo $Translation['group']; ?></label>
214 <div class="form-control-static"><?php echo $mi['group']; ?></div>
215 </div>
216 </div>
217 </div>
218
219 <?php if($mi['username'] != $adminConfig['adminUsername']){ ?>
220 <!-- change password -->
221 <div class="panel panel-info">
222 <div class="panel-heading">
223 <h3 class="panel-title">
224 <i class="glyphicon glyphicon-asterisk"></i><i class="glyphicon glyphicon-asterisk"></i>
225 <?php echo $Translation['Change your password']; ?>
226 </h3>
227 </div>
228 <div class="panel-body">
229 <fieldset id="change-password">
230 <div id="password-change-form">
231
232 <div class="form-group">
233 <label for="old-password"><?php echo $Translation['Old password']; ?></label>
234 <input type="password" id="old-password" autocomplete="off" class="form-control">
235 </div>
236
237 <div class="form-group">
238 <label for="new-password"><?php echo $Translation['new password']; ?></label>
239 <input type="password" id="new-password" autocomplete="off" class="form-control">
240 <p id="password-strength" class="help-block"></p>
241 </div>
242
243 <div class="form-group">
244 <label for="confirm-password"><?php echo $Translation['confirm password']; ?></label>
245 <input type="password" id="confirm-password" autocomplete="off" class="form-control">
246 <p id="confirm-status" class="help-block"></p>
247 </div>
248
249 <div class="row">
250 <div class="col-md-4 col-md-offset-4">
251 <button id="update-password" class="btn btn-success btn-block" type="button"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation['Update password']; ?></button>
252 </div>
253 </div>
254
255 </div>
256 </fieldset>
257 </div>
258 </div>
259 <?php } ?>
260
261 </div>
262
263 </div>
264
265
266 <script>
267 $j(function() {
268 <?php
269 /* Is there a notification to display? */
270 $notify = '';
271 if(isset($_GET['notify'])) $notify = addslashes(strip_tags($_GET['notify']));
272 ?>
273 <?php if($notify){ ?> notify('<?php echo $notify; ?>'); <?php } ?>
274
275 $('update-profile').observe('click', function(){
276 post2(
277 '<?php echo basename(__FILE__); ?>',
278 { action: 'saveProfile', email: $F('email'), custom1: $F('custom1'), custom2: $F('custom2'), custom3: $F('custom3'), custom4: $F('custom4'), csrf_token: $F('csrf_token') },
279 'notify', 'profile', 'loader',
280 '<?php echo basename(__FILE__); ?>?notify=<?php echo urlencode($Translation['Your profile was updated successfully']); ?>'
281 );
282 });
283
284 <?php if($mi['username'] != $adminConfig['adminUsername']){ ?>
285 $('update-password').observe('click', function(){
286 /* make sure passwords match */
287 if($F('new-password') != $F('confirm-password')){
288 $('notify').addClassName('Error');
289 notify('<?php echo "{$Translation['error:']} ".addslashes($Translation['password no match']); ?>');
290 $$('label[for="confirm-password"]')[0].pulsate({ pulses: 10, duration: 4 });
291 $('confirm-password').activate();
292 return false;
293 }
294
295 post2(
296 '<?php echo basename(__FILE__); ?>',
297 { action: 'changePassword', oldPassword: $F('old-password'), newPassword: $F('new-password'), csrf_token: $F('csrf_token') },
298 'notify', 'password-change-form', 'loader',
299 '<?php echo basename(__FILE__); ?>?notify=<?php echo urlencode($Translation['Your password was changed successfully']); ?>'
300 );
301 });
302
303 /* password strength feedback */
304 $('new-password').observe('keyup', function(){
305 ps = passwordStrength($F('new-password'), '<?php echo addslashes($mi['username']); ?>');
306
307 if(ps == 'strong')
308 $('password-strength').update('<?php echo $Translation['Password strength: strong']; ?>').setStyle({color: 'Green'});
309 else if(ps == 'good')
310 $('password-strength').update('<?php echo $Translation['Password strength: good']; ?>').setStyle({color: 'Gold'});
311 else
312 $('password-strength').update('<?php echo $Translation['Password strength: weak']; ?>').setStyle({color: 'Red'});
313 });
314
315 /* inline feedback of confirm password */
316 $('confirm-password').observe('keyup', function(){
317 if($F('confirm-password') != $F('new-password') || !$F('confirm-password').length){
318 $('confirm-status').update('<img align="top" src="Exit.gif"/>');
319 }else{
320 $('confirm-status').update('<img align="top" src="update.gif"/>');
321 }
322 });
323 <?php } ?>
324 });
325
326 function notify(msg){
327 $j('#notify').html(msg).fadeIn();
328 window.setTimeout(function(){ $j('#notify').fadeOut(); }, 15000);
329 }
330 </script>
331
332 <?php
333 /* return icon file name based on given permission value */
334 function permIcon($perm){
335 switch($perm){
336 case 1:
337 return 'member_icon.gif';
338 case 2:
339 return 'members_icon.gif';
340 case 3:
341 return 'approve_icon.gif';
342 default:
343 return 'stop_icon.gif';
344 }
345 }
346 ?>
347
348 <?php include_once("$currDir/footer.php"); ?>