From: Agnibho Mondal Date: Mon, 17 May 2021 16:25:31 +0000 (+0530) Subject: Added access control X-Git-Url: https://code.agnibho.com/repo?a=commitdiff_plain;h=e0f48e1b130e18071c25ccaabde4eb9f9e1b79d8;p=simpleipd.git Added access control --- diff --git a/access.json b/access.json new file mode 100644 index 0000000..380c1a1 --- /dev/null +++ b/access.json @@ -0,0 +1,130 @@ +{ + "info": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "all", + "lab": "all", + "clerk": "view" + }, + "diagnosis": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "view", + "lab": "view", + "clerk": "view" + }, + "summary": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "view", + "lab": "view", + "clerk": "view" + }, + "admission": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "all", + "lab": "view", + "clerk": "all" + }, + "attachments": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "all", + "lab": "all", + "clerk": "view" + }, + "death": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "view", + "lab": "view", + "clerk": "view" + }, + "discharge": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "view", + "lab": "view", + "clerk": "view" + }, + "history": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "view", + "lab": "view", + "clerk": "view" + }, + "laboratory": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "all", + "lab": "all", + "clerk": "view" + }, + "nursing": { + "admin": "all", + "visiting": "view", + "resident": "view", + "nursing": "all", + "lab": "view", + "clerk": "view" + }, + "physician": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "view", + "lab": "view", + "clerk": "view" + }, + "print-discharge": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "view", + "lab": "view", + "clerk": "view" + }, + "report": { + "admin": "all", + "visiting": "view", + "resident": "view", + "nursing": "view", + "lab": "all", + "clerk": "view" + }, + "requisition": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "all", + "lab": "all", + "clerk": "view" + }, + "treatment": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "view", + "lab": "view", + "clerk": "view" + }, + "view": { + "admin": "all", + "visiting": "all", + "resident": "all", + "nursing": "all", + "lab": "all", + "clerk": "view" + } +} diff --git a/adduser b/adduser index fb4c6b5..f878e29 100755 --- a/adduser +++ b/adduser @@ -1,24 +1,27 @@ #! /usr/bin/env php prepare("SELECT * FROM users WHERE user=:user"); $stmt->bindValue(":user",$_SERVER["argv"][1]); if($stmt->execute()->fetchArray()){ - $stmt=$db->prepare("UPDATE users SET usergroup=:usergroup,hash=:hash WHERE user=:user"); + $stmt=$db->prepare("UPDATE users SET usergroup=:usergroup,department=:department,hash=:hash WHERE user=:user"); $stmt->bindValue(":user", $_SERVER["argv"][1]); - $stmt->bindValue(":hash", password_hash($_SERVER["argv"][3], PASSWORD_DEFAULT)); + $stmt->bindValue(":usergroup", $_SERVER["argv"][2]); + $stmt->bindValue(":department", $_SERVER["argv"][3]); + $stmt->bindValue(":hash", password_hash($_SERVER["argv"][4], PASSWORD_DEFAULT)); $stmt->execute(); } else{ - $stmt=$db->prepare("INSERT INTO users (user,usergroup,hash) VALUES (:user,:usergroup,:hash)"); + $stmt=$db->prepare("INSERT INTO users (user,usergroup,department,hash) VALUES (:user,:usergroup,:department,:hash)"); $stmt->bindValue(":user", $_SERVER["argv"][1]); $stmt->bindValue(":usergroup", $_SERVER["argv"][2]); - $stmt->bindValue(":hash", password_hash($_SERVER["argv"][3], PASSWORD_DEFAULT)); + $stmt->bindValue(":department", $_SERVER["argv"][3]); + $stmt->bindValue(":hash", password_hash($_SERVER["argv"][4], PASSWORD_DEFAULT)); $stmt->execute(); } } else{ - echo "Plese enter an username and password for entry into the DB\n"; + echo basename(__FILE__)." [username] [usergroup] [department] [password]\n"; } ?> diff --git a/admission.php b/admission.php index 6864344..e1d5fc5 100644 --- a/admission.php +++ b/admission.php @@ -1,14 +1,7 @@ editCase($pid, $_POST["diagnosis"], $_POST["summary"]); + } + $form=schema2form("forms/admission.schema.json", $pid); } else{ $form=schema2form("forms/admission.schema.json"); @@ -33,7 +30,14 @@ else{
-

New Patient Information

+

Patient Information

+
> + + "> + + + +
diff --git a/attachments.php b/attachments.php index 2007734..000e118 100644 --- a/attachments.php +++ b/attachments.php @@ -1,11 +1,5 @@ "; $imgs="
"; $pdfs="
"; @@ -47,7 +41,7 @@ $error=$error."

";
-
+ > diff --git a/death.php b/death.php index 45b43af..29844f0 100644 --- a/death.php +++ b/death.php @@ -1,9 +1,7 @@ "; $view=$view."DrugDoseRouteFrequencyDurationNote"; while($drug=$list->fetchArray()){ + var_dump($drug); $view=$view."".$drug["drug"]."".$drug["dose"]."".$drug["route"]."".$drug["frequency"]."".$drug["duration"]."".$drug["addl"].""; } $view=$view.""; @@ -39,8 +34,10 @@ if(!empty($_GET["pid"])){
- - +
> + +
+ > diff --git a/error.php b/error.php new file mode 100644 index 0000000..6597e48 --- /dev/null +++ b/error.php @@ -0,0 +1,9 @@ + + + + Error Encountered + + +

Your account does not have access to this page

+ + diff --git a/forms/admission.schema.json b/forms/admission.schema.json index f2d76f5..8b32425 100644 --- a/forms/admission.schema.json +++ b/forms/admission.schema.json @@ -51,15 +51,6 @@ "bed": { "description": "Bed Number", "type": "string" - }, - "diagnosis": { - "description": "Diagnosis", - "type": "string" - }, - "summary": { - "description": "Summary", - "type": "string", - "format": "textarea" } }, "required": ["pid", "name", "age", "sex", "date"] diff --git a/history.php b/history.php index 982b91b..22c7320 100644 --- a/history.php +++ b/history.php @@ -1,11 +1,5 @@
- +
> + +
diff --git a/index.php b/index.php index 94632b1..f030dd5 100644 --- a/index.php +++ b/index.php @@ -1,12 +1,5 @@ getPatientList(); $showList=""; while($arr=$list->fetchArray()){ diff --git a/laboratory.php b/laboratory.php index 6462ec7..c619e8e 100644 --- a/laboratory.php +++ b/laboratory.php @@ -1,10 +1,5 @@ $target->$group)){ + $access=$registry->$target->$group; + } + } + if($type=="form"){ + if($access=="all"){ + return ""; + } + else{ + return "style='display:none'"; + } + } + if($type=="dbSet"){ + if($access=="all"){ + return true; + } + else{ + return false; + } + } + if($type=="dbGet"){ + if($access=="all" || $access=="view"){ + return true; + } + else{ + return false; + } + } + else{ + return $access; + } +} +?> diff --git a/lib/db.php b/lib/db.php index 50d1c08..55f5a55 100644 --- a/lib/db.php +++ b/lib/db.php @@ -15,15 +15,28 @@ class DB extends SQLite3 { return(false); } } + function getGroup($username){ + $stmt=$this->prepare("SELECT usergroup FROM users WHERE user=:user"); + $stmt->bindValue(":user", $username); + $result=$stmt->execute(); + return($result); + } + function getDepartment($username){ + $stmt=$this->prepare("SELECT department FROM users WHERE user=:user"); + $stmt->bindValue(":user", $username); + $result=$stmt->execute(); + return($result); + } function admit($post){ - $quer=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid"); - $quer->bindValue(":pid", $post["pid"]); - $exist=$quer->execute(); + if(!checkAccess("admission", "dbSet")) return false; + $query=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid"); + $query->bindValue(":pid", $post["pid"]); + $exist=$query->execute(); if($exist->fetchArray()[0]==0){ - $stmt=$this->prepare("INSERT INTO patients (pid,name,age,sex,status,summary,ward,bed,diagnosis,data) VALUES (:pid,:name,:age,:sex,'admitted',:summary,:ward,:bed,:diagnosis,:data);"); + $stmt=$this->prepare("INSERT INTO patients (pid,name,age,sex,status,vp,ward,bed,data) VALUES (:pid,:name,:age,:sex,:status,:vp,:ward,:bed,:data);"); } else{ - $stmt=$this->prepare("UPDATE patients SET name=:name,age=:age,sex=:sex,ward=:ward,bed=:bed,diagnosis=:diagnosis,summary=:summary,data=:data WHERE pid=:pid;"); + $stmt=$this->prepare("UPDATE patients SET name=:name,age=:age,sex=:sex,ward=:ward,bed=:bed,vp=:vp,data=:data WHERE pid=:pid;"); } $stmt->bindValue(":pid", $post["pid"]); $stmt->bindValue(":name", $post["name"]); @@ -32,18 +45,27 @@ class DB extends SQLite3 { $stmt->bindValue(":status", "admitted"); $stmt->bindValue(":ward", $post["ward"]); $stmt->bindValue(":bed", $post["bed"]); - $stmt->bindValue(":diagnosis", $post["diagnosis"]); - $stmt->bindValue(":summary", $post["summary"]); + $stmt->bindValue(":vp", $post["vp"]); $stmt->bindValue(":data", json_encode($post)); $stmt->execute(); } + function editCase($pid, $diagnosis, $summary){ + if(!checkAccess("history", "dbSet")) return false; + $stmt=$this->prepare("UPDATE patients SET diagnosis=:diagnosis,summary=:summary WHERE pid=:pid;"); + $stmt->bindValue(":pid", $pid); + $stmt->bindValue(":diagnosis", $diagnosis); + $stmt->bindValue(":summary", $summary); + $stmt->execute(); + } function updateHistory($post, $pid){ + if(!checkAccess("history", "dbSet:")) return false; $stmt=$this->prepare("UPDATE patients SET history=:history WHERE pid=:pid;"); $stmt->bindValue(":history", json_encode($post)); $stmt->bindValue(":pid", $pid); $stmt->execute(); } function addPhysician($post, $pid){ + if(!checkAccess("physician", "dbSet")) return false; $stmt=$this->prepare("INSERT INTO physician (pid, time, data) VALUES (:pid, :time, :data);"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":time", strtotime($post["date"].$post["time"])); @@ -51,6 +73,7 @@ class DB extends SQLite3 { $stmt->execute(); } function editPhysician($post, $pid, $id){ + if(!checkAccess("physician", "dbSet")) return false; $stmt=$this->prepare("UPDATE physician SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":id", $id); @@ -59,6 +82,7 @@ class DB extends SQLite3 { $stmt->execute(); } function addNursing($post, $pid){ + if(!checkAccess("nursing", "dbSet")) return false; $stmt=$this->prepare("INSERT INTO nursing (pid, time, data) VALUES (:pid, :time, :data);"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":time", strtotime($post["date"].$post["time"])); @@ -66,6 +90,7 @@ class DB extends SQLite3 { $stmt->execute(); } function editNursing($post, $pid, $id){ + if(!checkAccess("nursing", "dbSet")) return false; $stmt=$this->prepare("UPDATE nursing SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":id", $id); @@ -74,6 +99,7 @@ class DB extends SQLite3 { $stmt->execute(); } function addReport($post, $pid, $form){ + if(!checkAccess("report", "dbSet")) return false; $stmt=$this->prepare("INSERT INTO reports (pid, time, form, data) VALUES (:pid, :time, :form, :data);"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":time", strtotime($post["date"].$post["time"])); @@ -82,6 +108,7 @@ class DB extends SQLite3 { $stmt->execute(); } function editReport($post, $pid, $id, $form){ + if(!checkAccess("report", "dbSet")) return false; $stmt=$this->prepare("UPDATE reports SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":id", $id); @@ -90,6 +117,7 @@ class DB extends SQLite3 { $stmt->execute(); } function addDrug($pid, $drug, $dose, $route, $frequency, $date, $time, $duration, $addl){ + if(!checkAccess("treatment", "dbSet")) return false; $stmt=$this->prepare("INSERT INTO treatment (pid, drug, dose, route, frequency, start, duration, omit, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :start, :duration, :omit, :addl);"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":drug", $drug); @@ -103,6 +131,7 @@ class DB extends SQLite3 { $stmt->execute(); } function omitDrug($id){ + if(!checkAccess("treatment", "dbSet")) return false; $stmt=$this->prepare("UPDATE treatment SET end=:end,omit=:omit WHERE rowid=:id;"); $stmt->bindValue(":end", time()); $stmt->bindValue(":omit", true); @@ -110,6 +139,7 @@ class DB extends SQLite3 { $stmt->execute(); } function addRequisition($pid, $test, $date, $time, $room, $form){ + if(!checkAccess("requisition", "dbSet")) return false; $stmt=$this->prepare("INSERT INTO requisition (pid, test, time, room, form, status) VALUES (:pid, :test, :time, :room, :form, :status);"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":test", $test); @@ -120,12 +150,14 @@ class DB extends SQLite3 { $stmt->execute(); } function omitRequisition($id){ + if(!checkAccess("requisition", "dbSet")) return false; $stmt=$this->prepare("UPDATE requisition SET status=:status WHERE rowid=:id;"); $stmt->bindValue(":status", "done"); $stmt->bindValue(":id", $id); $stmt->execute(); } function addAdvice($pid, $name, $dose, $route, $frequency, $duration, $addl){ + if(!checkAccess("discharge", "dbSet")) return false; $stmt=$this->prepare("INSERT INTO discharge (pid, name, dose, route, frequency, duration, addl) VALUES (:pid, :name, :dose, :route, :frequency, :duration, :addl);"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":name", $name); @@ -137,17 +169,20 @@ class DB extends SQLite3 { $stmt->execute(); } function deleteAdvice($id){ + if(!checkAccess("discharge", "dbSet")) return false; $stmt=$this->prepare("DELETE FROM discharge WHERE rowid=:id;"); $stmt->bindValue(":id", $id); $stmt->execute(); } function setDischarged($pid){ + if(!checkAccess("discharge", "dbSet")) return false; $stmt=$this->prepare("UPDATE patients SET status=:discharged WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":discharged", "discharged"); $stmt->execute(); } function setDead($pid, $post){ + if(!checkAccess("death", "dbSet")) return false; $stmt=$this->prepare("INSERT INTO death (pid, time, data) VALUES (:pid, :time, :data);"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":time", strtotime($post["date"].$post["time"])); @@ -158,12 +193,14 @@ class DB extends SQLite3 { $stmt->execute(); } function getDrugs($pid){ + if(!checkAccess("treatment", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,* FROM treatment WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getRequisitions($pid){ + if(!checkAccess("requisition", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,* FROM requisition WHERE pid=:pid AND status=:status;"); $stmt->bindValue(":pid", $pid); $stmt->bindValue(":status", "active"); @@ -171,106 +208,125 @@ class DB extends SQLite3 { return($result); } function getAdvice($pid){ + if(!checkAccess("discharge", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,* FROM discharge WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getName($pid){ + if(!checkAccess("info", "dbGet")) return false; $stmt=$this->prepare("SELECT name FROM patients WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getAge($pid){ + if(!checkAccess("info", "dbGet")) return false; $stmt=$this->prepare("SELECT age FROM patients WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getSex($pid){ + if(!checkAccess("info", "dbGet")) return false; $stmt=$this->prepare("SELECT sex FROM patients WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getWard($pid){ + if(!checkAccess("info", "dbGet")) return false; $stmt=$this->prepare("SELECT ward FROM patients WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getBed($pid){ + if(!checkAccess("info", "dbGet")) return false; $stmt=$this->prepare("SELECT bed FROM patients WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getStatus($pid){ + if(!checkAccess("info", "dbGet")) return false; $stmt=$this->prepare("SELECT status FROM patients WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getDiagnosis($pid){ + if(!checkAccess("diagnosis", "dbGet")) return false; $stmt=$this->prepare("SELECT diagnosis FROM patients WHERE pid=:pid;"); $stmt->bindValue(":pid", $pid); $result=$stmt->execute(); return($result); } function getPatientList(){ + if(!checkAccess("info", "dbGet")) return false; $stmt=$this->prepare("SELECT pid,ward,bed,name,diagnosis FROM patients;"); $result=$stmt->execute(); return($result); } function getRequisitionList(){ + if(!checkAccess("requisition", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,pid,test,room,time,form FROM requisition WHERE status=:active;"); $stmt->bindValue(":active", "active"); $result=$stmt->execute(); return($result); } function getForm($id){ - $stmt=$this->prepare("SELECT form FROM reports WHERE rowid=:id;"); - $stmt->bindValue(":id", $id); - $result=$stmt->execute(); - return($result); + if(!checkAccess("report", "dbGet")) return false; + $stmt=$this->prepare("SELECT form FROM reports WHERE rowid=:id;"); + $stmt->bindValue(":id", $id); + $result=$stmt->execute(); + return($result); } function getAdmission($pid){ - $stmt=$this->prepare("SELECT admission FROM patients WHERE pid=:pid;"); - $stmt->bindValue(":pid", $pid); - $result=$stmt->execute(); - return($result); + if(!checkAccess("admission", "dbGet")) return false; + $stmt=$this->prepare("SELECT admission FROM patients WHERE pid=:pid;"); + $stmt->bindValue(":pid", $pid); + $result=$stmt->execute(); + return($result); } function getAdmissionData($pid){ - $stmt=$this->prepare("SELECT data FROM patients WHERE pid=:pid;"); - $stmt->bindValue(":pid", $pid); - $result=$stmt->execute(); - return($result); + if(!checkAccess("admission", "dbGet")) return false; + $stmt=$this->prepare("SELECT data FROM patients WHERE pid=:pid;"); + $stmt->bindValue(":pid", $pid); + $result=$stmt->execute(); + return($result); } function getDeparture($pid){ - $stmt=$this->prepare("SELECT departure FROM patients WHERE pid=:pid;"); - $stmt->bindValue(":pid", $pid); - $result=$stmt->execute(); - return($result); + if(!checkAccess("admission", "dbGet")) return false; + $stmt=$this->prepare("SELECT departure FROM patients WHERE pid=:pid;"); + $stmt->bindValue(":pid", $pid); + $result=$stmt->execute(); + return($result); } function getSummary($pid){ - $stmt=$this->prepare("SELECT summary FROM patients WHERE pid=:pid;"); - $stmt->bindValue(":pid", $pid); - $result=$stmt->execute(); - return($result); + if(!checkAccess("summary", "dbGet")) return false; + $stmt=$this->prepare("SELECT summary FROM patients WHERE pid=:pid;"); + $stmt->bindValue(":pid", $pid); + $result=$stmt->execute(); + return($result); } function getHistory($pid){ - $stmt=$this->prepare("SELECT history FROM patients WHERE pid=:pid;"); - $stmt->bindValue(":pid", $pid); - $result=$stmt->execute(); - return($result); + if(!checkAccess("history", "dbGet")) return false; + $stmt=$this->prepare("SELECT history FROM patients WHERE pid=:pid;"); + $stmt->bindValue(":pid", $pid); + $result=$stmt->execute(); + return($result); } function getData($pid, $id, $cat){ if($cat=="physician"){ + if(!checkAccess("physician", "dbGet")) return false; $stmt=$this->prepare("SELECT data FROM physician WHERE pid=:pid AND rowid=:id;"); } elseif($cat=="nursing"){ + if(!checkAccess("nursing", "dbGet")) return false; $stmt=$this->prepare("SELECT data FROM nursing WHERE pid=:pid AND rowid=:id;"); } elseif($cat=="reports"){ + if(!checkAccess("report", "dbGet")) return false; $stmt=$this->prepare("SELECT data FROM reports WHERE pid=:pid AND rowid=:id;"); } else{ return(false); @@ -282,14 +338,19 @@ class DB extends SQLite3 { } function getAllData($pid, $cat){ if($cat=="physician"){ + if(!checkAccess("physician", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,data FROM physician WHERE pid=:pid;"); } elseif($cat=="nursing"){ + if(!checkAccess("nursing", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,data FROM nursing WHERE pid=:pid;"); } elseif($cat=="reports"){ + if(!checkAccess("report", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,data FROM reports WHERE pid=:pid;"); } elseif($cat=="info"){ + if(!checkAccess("info", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,data FROM patients WHERE pid=:pid;"); } elseif($cat=="history"){ + if(!checkAccess("history", "dbGet")) return false; $stmt=$this->prepare("SELECT rowid,history FROM patients WHERE pid=:pid;"); } else{ return(false); diff --git a/lib/functions.php b/lib/functions.php index 51c3cb3..434ca81 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -8,7 +8,7 @@ function schema2form($file, $pid=null, $id=null, $cat=null, $data=null){ $data=json_decode($db->getData($pid, $id, $cat)->fetchArray()["data"]); } elseif(!empty($pid) && $file=="forms/admission.schema.json"){ - $data=json_decode($db->getAdmission($pid)->fetchArray()["data"]); + $data=json_decode($db->getAdmissionData($pid)->fetchArray()["data"]); $lockpid="readonly"; } elseif(!empty($pid) && $file=="forms/history.schema.json"){ diff --git a/lib/require.php b/lib/require.php new file mode 100644 index 0000000..f2f5f85 --- /dev/null +++ b/lib/require.php @@ -0,0 +1,18 @@ + diff --git a/login.php b/login.php index 4a4fde5..c8d037d 100644 --- a/login.php +++ b/login.php @@ -1,14 +1,15 @@ checkUser($_POST["username"], $_POST["password"])){ $_SESSION["user"]=$_POST["username"]; + $_SESSION["group"]=$db->getGroup($_SESSION["user"])->fetchArray()["usergroup"]; + $_SESSION["department"]=$db->getDepartment($_SESSION["user"])->fetchArray()["department"]; header("Location: index.php"); exit(); } diff --git a/nursing.php b/nursing.php index 8955a19..c7a0ff7 100644 --- a/nursing.php +++ b/nursing.php @@ -1,11 +1,5 @@
- +
> + +
diff --git a/physician.php b/physician.php index 941c16d..8113d65 100644 --- a/physician.php +++ b/physician.php @@ -1,11 +1,5 @@
- +
> + +
diff --git a/print-discharge.php b/print-discharge.php index e3e041c..54068ed 100644 --- a/print-discharge.php +++ b/print-discharge.php @@ -1,11 +1,5 @@ form)){ diff --git a/report.php b/report.php index 571edab..3bb5912 100644 --- a/report.php +++ b/report.php @@ -1,9 +1,7 @@ getRequisitions($pid); $list=""; while($req=$reqList->fetchArray()){ - $list=$list."".$req["test"]."".$req["room"]."".date("M j, Y", $req["time"]).""; + $list=$list."".$req["test"]."".$req["room"]."".date("M j, Y", $req["time"]).""; } } ?> @@ -60,7 +54,7 @@ if(isSet($_GET["pid"])){ Test NameDestinationDate -
+ >