From 1a5c76836d4d0bf2ef9332c9dcb6a3b93039ac70 Mon Sep 17 00:00:00 2001 From: Agnibho Mondal Date: Sun, 16 May 2021 14:16:28 +0530 Subject: [PATCH] Bugfixes --- adduser | 24 +++++++++++++++++++ attachments.php | 18 ++++++-------- forms/admission.schema.json | 2 +- lib/db.php | 14 +++++++---- lib/foot.php | 40 +------------------------------ login.php | 2 +- res/script.js | 48 +++++++++++++++++++++++++++++++++++++ schema.sql | 4 ++-- 8 files changed, 94 insertions(+), 58 deletions(-) create mode 100755 adduser create mode 100644 res/script.js diff --git a/adduser b/adduser new file mode 100755 index 0000000..6259895 --- /dev/null +++ b/adduser @@ -0,0 +1,24 @@ +#! /bin/env php +prepare("SELECT * FROM users WHERE user=:user"); + $stmt->bindValue(":user",$_SERVER["argv"][1]); + if($stmt->execute()->fetchArray()){ + $stmt=$db->prepare("UPDATE users SET usergroup=:usergroup,hash=:hash WHERE user=:user"); + $stmt->bindValue(":user", $_SERVER["argv"][1]); + $stmt->bindValue(":hash", password_hash($_SERVER["argv"][3], PASSWORD_DEFAULT)); + $stmt->execute(); + } + else{ + $stmt=$db->prepare("INSERT INTO users (user,usergroup,hash) VALUES (:user,:usergroup,:hash)"); + $stmt->bindValue(":user", $_SERVER["argv"][1]); + $stmt->bindValue(":usergroup", $_SERVER["argv"][2]); + $stmt->bindValue(":hash", password_hash($_SERVER["argv"][3], PASSWORD_DEFAULT)); + $stmt->execute(); + } +} +else{ + echo "Plese enter an username and password for entry into the DB\n"; +} +?> diff --git a/attachments.php b/attachments.php index 6bc4833..b8ff3d5 100644 --- a/attachments.php +++ b/attachments.php @@ -7,22 +7,17 @@ if(empty($_SESSION["user"])){ exit(); } $error="

"; -$imgs="

"; +$imgs="
"; $pdfs="
"; if(!empty($_GET["pid"])){ $pid=$_GET["pid"]; if(!empty($_FILES)){ - if($_FILES["upload"]["size"]<8000000){ - if(in_array($_FILES["upload"]["type"], ["image/jpeg", "image/jpg", "image/png", "image/gif", "application/pdf"])){ - $fname=str_replace("/", "", $pid)."-".time()."-".rand(1000,9999).".".pathinfo($_FILES["upload"]["name"], PATHINFO_EXTENSION); - move_uploaded_file($_FILES["upload"]["tmp_name"], "data/attachments/".$fname); - } - else{ - $error=$error."Only jpg, png, gif, pdf files are supported."; - } + if(in_array($_FILES["upload"]["type"], ["image/jpeg", "image/jpg", "image/png", "image/gif", "application/pdf"])){ + $fname=str_replace("/", "", $pid)."-".time()."-".rand(1000,9999).".".pathinfo($_FILES["upload"]["name"], PATHINFO_EXTENSION); + move_uploaded_file($_FILES["upload"]["tmp_name"], "data/attachments/".$fname); } else{ - $error=$error."Maximum filesize exceeded. File upload failed"; + $error=$error."Only jpg, png, gif, pdf files are supported."; } } @@ -32,7 +27,7 @@ if(!empty($_GET["pid"])){ } else{ preg_match("/-([0-9]+)-/", pathinfo($attach, PATHINFO_FILENAME), $orig); - $imgs=$imgs."
Uploaded on: ".date("M d, Y h:i a", $orig[1])."
"; + $imgs=$imgs."
Uploaded on: ".date("M d, Y h:i a", $orig[1])."
"; } } } @@ -57,6 +52,7 @@ $error=$error."

";
+
diff --git a/forms/admission.schema.json b/forms/admission.schema.json index a87274b..2a58dd7 100644 --- a/forms/admission.schema.json +++ b/forms/admission.schema.json @@ -52,5 +52,5 @@ "type": "string" } }, - "required": ["pid", "name", "age", "sex", "date", "ward", "bed", "status"] + "required": ["pid", "name", "age", "sex", "date"] } diff --git a/lib/db.php b/lib/db.php index 0c91fc2..67482ab 100644 --- a/lib/db.php +++ b/lib/db.php @@ -7,7 +7,13 @@ class DB extends SQLite3 { $stmt=$this->prepare("SELECT hash FROM users WHERE user=:user"); $stmt->bindValue(":user", $username); $result=$stmt->execute(); - return(password_verify($password, $result->fetchArray()[0])); + $hash=$result->fetchArray(); + if($hash){ + return(password_verify($password, $hash["hash"])); + } + else{ + return(false); + } } function admit($post){ $quer=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid"); @@ -68,10 +74,10 @@ class DB extends SQLite3 { $stmt->bindValue(":data", json_encode($post)); $stmt->execute(); } - function addDrug($pid, $name, $dose, $route, $frequency, $date, $time, $duration, $addl){ - $stmt=$this->prepare("INSERT INTO treatment (pid, name, dose, route, frequency, start, duration, omit, addl) VALUES (:pid, :name, :dose, :route, :frequency, :start, :duration, :omit, :addl);"); + function addDrug($pid, $drug, $dose, $route, $frequency, $date, $time, $duration, $addl){ + $stmt=$this->prepare("INSERT INTO treatment (pid, drug, dose, route, frequency, start, duration, omit, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :start, :duration, :omit, :addl);"); $stmt->bindValue(":pid", $pid); - $stmt->bindValue(":name", $name); + $stmt->bindValue(":drug", $drug); $stmt->bindValue(":dose", $dose); $stmt->bindValue(":route", $route); $stmt->bindValue(":frequency", $frequency); diff --git a/lib/foot.php b/lib/foot.php index c8308cf..386e648 100644 --- a/lib/foot.php +++ b/lib/foot.php @@ -2,42 +2,4 @@ - - + diff --git a/login.php b/login.php index 9b489f1..4a4fde5 100644 --- a/login.php +++ b/login.php @@ -3,7 +3,7 @@ require("lib/db.php"); require("lib/functions.php"); session_start(); $error=""; -if($_GET["action"]=="logout"){ +if(!empty($_GET["action"]) && $_GET["action"]=="logout"){ $_SESSION["user"]=null; } if(!empty($_POST["username"]) && !empty($_POST["password"])){ diff --git a/res/script.js b/res/script.js new file mode 100644 index 0000000..f7cfddf --- /dev/null +++ b/res/script.js @@ -0,0 +1,48 @@ +$(document).ready(function(){ + $("#upload").change(function(){ + lim=$("#size-limit").text().split("MB")[0]*1000*1000; + if(this.files[0]["size"]>lim){ + $("#upload-error").html(" [Selected file exceeds size limit]"); + } + else if(["image/jpeg", "image/jpg", "image/png", "image/gif", "application/pdf"].indexOf(this.files[0]["type"])==-1){ + $("#upload-error").html(" "+this.files[0]["type"]+" files are not supported"); + } + else{ + $("#upload-error").text(""); + } + }); + $("[name='date']").each(function(){ + if($(this).val()==""){ + $(this).val(moment().format("YYYY-MM-DD")); + } + }); + $("[name='time']").each(function(){ + if($(this).val()==""){ + $(this).val(moment().format("HH:MM")); + } + }); + if($("[name='drug']").length){ + $(this).prop("autocomplete","off"); + $.get("autocomplete/drugs.json", function(data){ + $("[name='drug']").each(function(){ + $(this).autocomplete({source:data, highlightClass:'text-danger',treshold:2}); + }); + }); + }; + if($("[name='route']").length){ + $(this).prop("autocomplete","off"); + $.get("autocomplete/route.json", function(data){ + $("[name='route']").each(function(){ + $(this).autocomplete({source:data, highlightClass:'text-danger',treshold:1}); + }); + }); + }; + if($("[name='frequency']").length){ + $(this).prop("autocomplete","off"); + $.get("autocomplete/frequency.json", function(data){ + $("[name='frequency']").each(function(){ + $(this).autocomplete({source:data, highlightClass:'text-danger',treshold:1}); + }); + }); + }; +}); diff --git a/schema.sql b/schema.sql index be66264..bf3dc2e 100644 --- a/schema.sql +++ b/schema.sql @@ -40,7 +40,7 @@ data text ); CREATE TABLE treatment( pid int, -name text, +drug text, dose text, route text, frequency text, @@ -51,7 +51,7 @@ omit boolean, addl text ); CREATE TABLE users( -user text, +user text unique, usergroup text, hash text, change boolean, -- 2.39.5