From 3fc902bb0414f62b085ca34a0e8558aacbebf93e Mon Sep 17 00:00:00 2001
From: Agnibho Mondal <mondal@agnibho.com>
Date: Sat, 15 May 2021 03:30:09 +0530
Subject: [PATCH] Added login

---
 admission.php   | 10 ++++++++++
 attachments.php |  5 +++++
 clinical.php    |  5 +++++
 death.php       |  5 +++++
 discharge.php   |  5 +++++
 history.php     |  5 +++++
 index.php       |  5 +++++
 laboratory.php  |  5 +++++
 lib/db.php      |  9 ++++++++-
 login.php       | 39 +++++++++++++++++++++++++++++++++++++++
 report.php      |  5 +++++
 schema.sql      |  8 ++++++++
 treatment.php   |  5 +++++
 view.php        |  5 +++++
 14 files changed, 115 insertions(+), 1 deletion(-)
 create mode 100644 login.php

diff --git a/admission.php b/admission.php
index d8799f4..6864344 100644
--- a/admission.php
+++ b/admission.php
@@ -1,6 +1,16 @@
 <?php
 require("lib/functions.php");
 require("lib/db.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_POST["pid"]) && !empty($_POST["name"])){
   $db->admit($_POST);
   //header("Location: view.php?pid=".$_POST["pid"]);
diff --git a/attachments.php b/attachments.php
index fde5c41..6bc4833 100644
--- a/attachments.php
+++ b/attachments.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 $error="<p>";
 $imgs="<div class='card mb-3'><div class='card-body'><div class='row'>";
 $pdfs="<div class='card mb-3'><div class='card-body'>";
diff --git a/clinical.php b/clinical.php
index 97b1568..1e580d6 100644
--- a/clinical.php
+++ b/clinical.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["date"]) && !empty($_POST["time"])){
diff --git a/death.php b/death.php
index ef2742f..45b43af 100644
--- a/death.php
+++ b/death.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["date"]) && !empty($_POST["time"]) && !empty($_POST["diagnosis"])){
diff --git a/discharge.php b/discharge.php
index 8e0f7ac..32e7488 100644
--- a/discharge.php
+++ b/discharge.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["delete"])){
diff --git a/history.php b/history.php
index 69c2f72..982b91b 100644
--- a/history.php
+++ b/history.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["cc"])){
diff --git a/index.php b/index.php
index d5926b6..72bc484 100644
--- a/index.php
+++ b/index.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 $list=$db->getList();
 $show="";
 if(!empty($list)){
diff --git a/laboratory.php b/laboratory.php
index c20784f..6462ec7 100644
--- a/laboratory.php
+++ b/laboratory.php
@@ -1,5 +1,10 @@
 <?php
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 $list="";
 if(isSet($_GET["pid"])){
   foreach(glob("forms/report*.json") as $file){
diff --git a/lib/db.php b/lib/db.php
index 099028b..0c91fc2 100644
--- a/lib/db.php
+++ b/lib/db.php
@@ -3,6 +3,12 @@ class DB extends SQLite3 {
   function __construct(){
     $this->open("data/data.db");
   }
+  function checkUser($username, $password){
+    $stmt=$this->prepare("SELECT hash FROM users WHERE user=:user");
+    $stmt->bindValue(":user", $username);
+    $result=$stmt->execute();
+    return(password_verify($password, $result->fetchArray()[0]));
+  }
   function admit($post){
     $quer=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid");
     $quer->bindValue(":pid", $post["pid"]);
@@ -76,7 +82,8 @@ class DB extends SQLite3 {
     $stmt->execute();
   }
   function omitDrug($id){
-    $stmt=$this->prepare("UPDATE treatment SET omit=:omit WHERE rowid=:id;");
+    $stmt=$this->prepare("UPDATE treatment SET end=:end,omit=:omit WHERE rowid=:id;");
+    $stmt->bindValue(":end", time());
     $stmt->bindValue(":omit", true);
     $stmt->bindValue(":id", $id);
     $stmt->execute();
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..9b489f1
--- /dev/null
+++ b/login.php
@@ -0,0 +1,39 @@
+<?php
+require("lib/db.php");
+require("lib/functions.php");
+session_start();
+$error="";
+if($_GET["action"]=="logout"){
+  $_SESSION["user"]=null;
+}
+if(!empty($_POST["username"]) && !empty($_POST["password"])){
+  if($db->checkUser($_POST["username"], $_POST["password"])){
+    $_SESSION["user"]=$_POST["username"];
+    header("Location: index.php");
+    exit();
+  }
+  else{
+      $error="<div class='alert alert-danger'>Username or password is incorrect.</div>";
+  }
+}
+//header("Location: view.php?id=".$_GET["id"]);
+//exit();
+?>
+<!DOCTYPE html>
+<html>
+  <head>
+    <?php include("lib/head.php");?>
+    <title>Login</title>
+  </head>
+  <body>
+    <div class="container">
+      <?php echo $error;?>
+      <form method="post">
+        <input class="m-2 form-control" type="text" name="username" placeholder="Username" required>
+        <input class="m-2 form-control" type="password" name="password" placeholder="Password" required>
+        <button class="m-2 btn btn-primary" type="submit">Login</button>
+      </form>
+    </div>
+    <?php include("lib/foot.php");?>
+  </body>
+</html>
diff --git a/report.php b/report.php
index 6abf5c8..d21f96c 100644
--- a/report.php
+++ b/report.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"]) && !empty($_GET["form"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["date"])){
diff --git a/schema.sql b/schema.sql
index 855f5de..be66264 100644
--- a/schema.sql
+++ b/schema.sql
@@ -45,7 +45,15 @@ dose text,
 route text,
 frequency text,
 start int,
+end int,
 duration text,
 omit boolean,
 addl text
 );
+CREATE TABLE users(
+user text,
+usergroup text,
+hash text,
+change boolean,
+last int
+);
diff --git a/treatment.php b/treatment.php
index 56ad05f..6e037ca 100644
--- a/treatment.php
+++ b/treatment.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["omit"])){
diff --git a/view.php b/view.php
index 7532d22..1d26146 100644
--- a/view.php
+++ b/view.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 $info="";
 $clinical=[];
 $reports=[];
-- 
2.39.5