Hệ thống quản lý phòng khám trực tuyến bằng PHP
1 <?php
2 $currDir = dirname(__FILE__);
3 require("{$currDir}/incCommon.php");
4
5 $recID = 0;
6
7 // request to save changes?
8 if(isset($_REQUEST['saveChanges'])){
9 // validate data
10 $recID = intval($_REQUEST['recID']);
11 $memberID = makeSafe(strtolower($_REQUEST['memberID']));
12 $groupID = intval($_REQUEST['groupID']);
13 ###############################
14
15 /* for ajax requests coming from the users' area, get the recID */
16 if(is_ajax()){
17 $tableName = $_REQUEST['t'];
18 $pkValue = $_REQUEST['pkValue'];
19
20 if(!in_array($tableName, array_keys(getTableList()))) die($Translation["invalid table"]);
21
22 if(!$pkValue) die($Translation["invalid primary key"]);
23
24 $recID = sqlValue("select recID from membership_userrecords where tableName='{$tableName}' and pkValue='" . makeSafe($pkValue) . "'");
25 if(!$recID) die($Translation["record not found"]);
26
27 /* determine groupID if not provided */
28 if(!$groupID){
29 $groupID = sqlValue("select groupID from membership_users where memberID='{$memberID}'");
30 if(!$groupID) die($Translation["invalid username"]);
31 }
32 }
33
34 // update ownership
35 $upQry = "UPDATE `membership_userrecords` set memberID='{$memberID}', groupID='{$groupID}' WHERE recID='{$recID}'";
36 sql($upQry, $eo);
37
38 if(is_ajax()){
39 echo 'OK';
40 exit;
41 }
42
43 // redirect to member editing page
44 redirect("admin/pageEditOwnership.php?recID={$recID}");
45 exit;
46 }elseif(isset($_GET['recID'])){
47 // we have an edit request for a member
48 $recID = intval($_GET['recID']);
49 }
50
51 if(!$recID){
52 redirect("admin/pageViewRecords.php");
53 exit;
54 }
55
56 $GLOBALS['page_title'] = $Translation['edit Record Ownership'];
57 include("{$currDir}/incHeader.php");
58
59 // fetch record data to fill in the form below
60 $res = sql("select * from membership_userrecords where recID='{$recID}'", $eo);
61 if($row = db_fetch_assoc($res)){
62 // get record data
63 $tableName = $row['tableName'];
64 $pkValue = $row['pkValue'];
65 $memberID = strtolower($row['memberID']);
66 $dateAdded = @date($adminConfig['PHPDateTimeFormat'], $row['dateAdded']);
67 $dateUpdated = @date($adminConfig['PHPDateTimeFormat'], $row['dateUpdated']);
68 $groupID = $row['groupID'];
69 }else {
70 // no such record exists
71 die("<div class=\"alert alert-danger\">{$Translation["record not found error"]}</div>");
72 }
73 ?>
74
75 <div class="page-header"><h1><?php echo $Translation['edit Record Ownership']; ?></h1></div>
76
77 <form method="post" action="pageEditOwnership.php" class="form-horizontal">
78 <input type="hidden" name="recID" value="<?php echo html_attr($recID); ?>">
79 <div style="height: 1em;"></div>
80
81 <div class="form-group">
82 <label for="groupID" class="col-xs-12 col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label">
83 <?php echo $Translation["owner group"]; ?>
84 </label>
85 <div class="col-xs-10 col-sm-7 col-md-8 col-lg-5">
86 <?php
87 echo bootstrapSQLSelect('groupID', "select g.groupID, g.name from membership_groups g order by name", $groupID);
88 ?>
89 </div>
90 <div class="col-xs-2 col-sm-1">
91 <a class="btn btn-default" title="<?php echo html_attr($Translation['view all records by group']); ?>" href="pageViewRecords.php?groupID=<?php echo urlencode($groupID); ?>">
92 <i class="glyphicon glyphicon-chevron-right"></i>
93 </a>
94 </div>
95 </div>
96
97 <div class="form-group">
98 <label for="memberID" class="col-xs-12 col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label">
99 <?php echo $Translation["owner member"]; ?>
100 </label>
101 <div class="col-xs-10 col-sm-7 col-md-8 col-lg-5">
102 <?php
103 echo bootstrapSQLSelect('memberID', "select lcase(memberID), lcase(memberID) from membership_users where groupID='$groupID' order by memberID", $memberID);
104 ?>
105 <span class="help-block"><?php echo $Translation["switch record ownership"]; ?></span>
106 </div>
107 <div class="col-xs-2 col-sm-1">
108 <a class="btn btn-default" title="<?php echo html_attr($Translation['view all records by member']); ?>" href="pageViewRecords.php?memberID=<?php echo urlencode($memberID); ?>">
109 <span class="glyphicon glyphicon-chevron-right"></span>
110 </a>
111 </div>
112 </div>
113
114 <div class="form-group">
115 <label class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label">
116 <?php echo $Translation["record created on"]; ?>
117 </label>
118 <div class="col-sm-8 col-md-9 col-lg-6">
119 <p class="form-control-static"><?php echo $dateAdded; ?></p>
120 </div>
121 </div>
122
123 <div class="form-group">
124 <label class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label">
125 <?php echo $Translation["record modified on"]; ?>
126 </label>
127 <div class="col-sm-8 col-md-9 col-lg-6">
128 <p class="form-control-static"><?php echo $dateUpdated; ?></p>
129 </div>
130 </div>
131
132 <div class="form-group">
133 <label class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label">
134 <?php echo $Translation["table"]; ?>
135 </label>
136 <div class="col-sm-8 col-md-9 col-lg-6">
137 <p class="form-control-static">
138 <a href="pageViewRecords.php?tableName=<?php echo urlencode($tableName); ?>" title="<?php echo html_attr($Translation['view all records of table']); ?>">
139 <?php echo $tableName; ?>
140 <i class="glyphicon glyphicon-th"></i>
141 </a>
142 </p>
143 </div>
144 </div>
145
146 <div class="form-group ">
147 <label for="member username" class="col-sm-4 col-md-3 col-lg-2 col-lg-offset-2 control-label">
148 <div><?php echo $Translation["record data"]; ?></div>
149 </label>
150 <div class="col-sm-8 col-md-9 col-lg-6">
151 <div class="form-control-static">
152 <?php
153 // get pk field name
154 $pkField = getPKFieldName($tableName);
155
156 $res = sql("select * from `{$tableName}` where `{$pkField}`='" . makeSafe($pkValue, false) . "'", $eo);
157 if($row = db_fetch_assoc($res)){
158 ?>
159 <div style="margin-bottom: 1em;">
160 <a href="../<?php echo $tableName; ?>_view.php?SelectedID=<?php echo urlencode($pkValue); ?>&dvprint_x=1" target="_blank" class="btn btn-default">
161 <i class='glyphicon glyphicon-print'></i>
162 <?php echo $Translation["print"]; ?>
163 </a>
164 <a href="../<?php echo $tableName; ?>_view.php?SelectedID=<?php echo urlencode($pkValue); ?>" target="_blank" class="btn btn-default">
165 <i class='glyphicon glyphicon-pencil'></i>
166 <?php echo $Translation["edit"]; ?>
167 </a>
168 </div>
169
170 <table class="table table-striped table-bordered">
171 <thead>
172 <tr>
173 <th style="width: 30%"><?php echo $Translation["field name"]; ?></th>
174 <th><?php echo $Translation["value"]; ?></th>
175 </tr>
176 </thead>
177 <tbody>
178 <?php
179 foreach ($row as $field_name => $field_value){
180 $field_link = false;
181 if(@is_file("{$currDir}/../{$Translation['ImageFolder']}{$field_value}")){
182 $field_value = "<a href=\"../{$Translation['ImageFolder']}{$field_value}\" target=\"_blank\">" . html_attr($field_value) . "</a>";
183 $field_link = true;
184 }
185 ?>
186 <tr>
187 <td><?php echo $field_name; ?></td>
188 <?php if($field_link){ ?>
189 <td><?php echo $field_value; ?></td>
190 <?php }else{ ?>
191 <td><?php echo nl2br(htmlspecialchars($field_value, ENT_NOQUOTES | ENT_COMPAT | ENT_HTML401, datalist_db_encoding)); ?></td>
192 <?php } ?>
193 </tr>
194 <?php
195 }
196 ?>
197 </tbody>
198 </table>
199 <?php
200 }else{
201 ?>
202 <div class="alert alert-danger"><?php echo $Translation['record not found error']; ?></div>
203 <?php
204 }
205 ?>
206 </div>
207 </div>
208 </div>
209
210 <div class="row">
211 <div class="col-sm-8 col-sm-offset-4 col-md-9 col-md-offset-3 col-lg-6 col-lg-offset-4">
212 <button type="submit" name="saveChanges" value="1" class="hidden-xs hidden-sm btn btn-primary btn-lg">
213 <i class="glyphicon glyphicon-ok"></i>
214 <?php echo $Translation["save changes"]; ?>
215 </button>
216 <button type="submit" name="saveChanges" value="1" class="hidden-md hidden-lg btn btn-primary btn-lg btn-block">
217 <i class="glyphicon glyphicon-ok"></i>
218 <?php echo $Translation["save changes"]; ?>
219 </button>
220 </div>
221 </div>
222 </form>
223
224 <div style="height: 1em;"></div>
225
226 <style>
227 .form-control{ width: 100% !important; }
228 </style>
229
230 <?php
231 include("{$currDir}/incFooter.php");
232 ?>
