lib/db.php

   1 <?php
   2 class DB extends SQLite3 {
   3   function __construct(){
   4     $this->open(CONFIG_DB);
   5   }
   6   function checkUser($username, $password){
   7     global $log;
   8     $stmt=$this->prepare("SELECT hash FROM users WHERE user=:user");
   9     $stmt->bindValue(":user", $username);
  10     $result=$stmt->execute();
  11     $hash=$result->fetchArray();
  12     if($hash){
  13       return(password_verify($password, $hash["hash"]));
  14     }
  15     else{
  16       return(false);
  17     }
  18   }
  19   function getGroup($username){
  20     global $log;
  21     $stmt=$this->prepare("SELECT usergroup FROM users WHERE user=:user");
  22     $stmt->bindValue(":user", $username);
  23     $result=$stmt->execute();
  24     return($result);
  25   }
  26   function getDepartment($username){
  27     global $log;
  28     $stmt=$this->prepare("SELECT department FROM users WHERE user=:user");
  29     $stmt->bindValue(":user", $username);
  30     $result=$stmt->execute();
  31     return($result);
  32   }
  33   function admit($post){
  34     global $log;
  35     if(!checkAccess("admission", "dbSet")) return false;
  36     $post["name"]=ucwords(strtolower($post["name"]));
  37     $query=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid");
  38     $query->bindValue(":pid", $post["pid"]);
  39     $exist=$query->execute();
  40     if($exist->fetchArray()[0]==0){
  41       $stmt=$this->prepare("INSERT INTO patients (pid,name,age,sex,admission,status,vp,ward,bed,data) VALUES (:pid,:name,:age,:sex,:admission,:status,:vp,:ward,:bed,:data);");
  42     }
  43     else{
  44       $stmt=$this->prepare("UPDATE patients SET name=:name,age=:age,sex=:sex,admission=:admission,ward=:ward,bed=:bed,vp=:vp,data=:data WHERE pid=:pid;");
  45     }
  46     $stmt->bindValue(":pid", $post["pid"]);
  47     $stmt->bindValue(":name", $post["name"]);
  48     $stmt->bindValue(":age", $post["age"]);
  49     $stmt->bindValue(":sex", $post["sex"]);
  50     $stmt->bindValue(":admission", strtotime($post["date"]." ".$post["time"]));
  51     $stmt->bindValue(":status", "admitted");
  52     $stmt->bindValue(":ward", $post["ward"]);
  53     $stmt->bindValue(":bed", $post["bed"]);
  54     $stmt->bindValue(":vp", $post["vp"]);
  55     $stmt->bindValue(":data", json_encode($post));
  56     $stmt->execute();
  57     $log->log($post["pid"], "admit", json_encode($post));
  58   }
  59   function editCase($pid, $diagnosis, $summary){
  60     global $log;
  61     if(!checkAccess("history", "dbSet")) return false;
  62     $stmt=$this->prepare("UPDATE patients SET diagnosis=:diagnosis,summary=:summary WHERE pid=:pid;");
  63     $stmt->bindValue(":pid", $pid);
  64     $stmt->bindValue(":diagnosis", $diagnosis);
  65     $stmt->bindValue(":summary", $summary);
  66     $stmt->execute();
  67     $log->log($pid, "case_edit", json_encode([$diagnosis, $summary]));
  68   }
  69   function updateHistory($post, $pid){
  70     global $log;
  71     if(!checkAccess("history", "dbSet:")) return false;
  72     $stmt=$this->prepare("UPDATE patients SET history=:history WHERE pid=:pid;");
  73     $stmt->bindValue(":history", json_encode($post));
  74     $stmt->bindValue(":pid", $pid);
  75     $stmt->execute();
  76     $log->log($pid, "history", json_encode($post));
  77   }
  78   function advice($post, $pid){
  79     global $log;
  80     if(!checkAccess("treatment", "dbSet")) return false;
  81     $query=$this->prepare("SELECT count(rowid) FROM advice WHERE pid=:pid");
  82     $query->bindValue(":pid", $pid);
  83     $exist=$query->execute();
  84     if($exist->fetchArray()[0]==0){
  85       $stmt=$this->prepare("INSERT INTO advice (pid,time,data) VALUES (:pid,:time,:data);");
  86     }
  87     else{
  88       $stmt=$this->prepare("UPDATE advice SET pid=:pid,time=:time,data=:data WHERE pid=:pid;");
  89     }
  90     $stmt->bindValue(":pid", $pid);
  91     $stmt->bindValue(":time", time());
  92     $stmt->bindValue(":data", json_encode($post));
  93     $stmt->execute();
  94     $log->log($pid, "advice", json_encode($post));
  95   }
  96   function addPhysician($post, $pid){
  97     global $log;
  98     if(!checkAccess("physician", "dbSet")) return false;
  99     $stmt=$this->prepare("INSERT INTO physician (pid, time, data) VALUES (:pid, :time, :data);");
 100     $stmt->bindValue(":pid", $pid);
 101     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
 102     $stmt->bindValue(":data", json_encode($post));
 103     $stmt->execute();
 104     $log->log($pid, "physician_note", json_encode($post));
 105   }
 106   function editPhysician($post, $pid, $id){
 107     global $log;
 108     if(!checkAccess("physician", "dbSet")) return false;
 109     $stmt=$this->prepare("UPDATE physician SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
 110     $stmt->bindValue(":pid", $pid);
 111     $stmt->bindValue(":id", $id);
 112     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
 113     $stmt->bindValue(":data", json_encode($post));
 114     $stmt->execute();
 115     $log->log($pid, "edit_physician_note", json_encode($post));
 116   }
 117   function addNursing($post, $pid){
 118     global $log;
 119     if(!checkAccess("nursing", "dbSet")) return false;
 120     $stmt=$this->prepare("INSERT INTO nursing (pid, time, data) VALUES (:pid, :time, :data);");
 121     $stmt->bindValue(":pid", $pid);
 122     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
 123     $stmt->bindValue(":data", json_encode($post));
 124     $stmt->execute();
 125     $log->log($pid, "nursing_note", json_encode($post));
 126   }
 127   function editNursing($post, $pid, $id){
 128     global $log;
 129     if(!checkAccess("nursing", "dbSet")) return false;
 130     $stmt=$this->prepare("UPDATE nursing SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
 131     $stmt->bindValue(":pid", $pid);
 132     $stmt->bindValue(":id", $id);
 133     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
 134     $stmt->bindValue(":data", json_encode($post));
 135     $stmt->execute();
 136     $log->log($pid, "edit_nursing_note", json_encode($post));
 137   }
 138   function addReport($post, $pid, $form){
 139     global $log;
 140     if(!checkAccess("report", "dbSet")) return false;
 141     $stmt=$this->prepare("INSERT INTO reports (pid, time, form, data) VALUES (:pid, :time, :form, :data);");
 142     $stmt->bindValue(":pid", $pid);
 143     if(!empty($post["time"])){
 144       $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
 145     }
 146     else{
 147       $stmt->bindValue(":time", strtotime($post["date"]));
 148     }
 149     $stmt->bindValue(":form", $post["form"]);
 150     $stmt->bindValue(":data", json_encode($post));
 151     $stmt->execute();
 152     $log->log($pid, "report_added", json_encode($post));
 153   }
 154   function editReport($post, $pid, $id, $form){
 155     global $log;
 156     if(!checkAccess("report", "dbSet")) return false;
 157     $stmt=$this->prepare("UPDATE reports SET time=:time,data=:data WHERE pid=:pid AND rowid=:id;");
 158     $stmt->bindValue(":pid", $pid);
 159     $stmt->bindValue(":id", $id);
 160     if(!empty($post["time"])){
 161       $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
 162     }
 163     else{
 164       $stmt->bindValue(":time", strtotime($post["date"]));
 165     }
 166     $stmt->bindValue(":data", json_encode($post));
 167     $stmt->execute();
 168     $log->log($pid, "report_edited", json_encode($post));
 169   }
 170   function addDrug($pid, $drug, $dose, $route, $frequency, $date, $time, $duration, $addl){
 171     global $log;
 172     if(!checkAccess("treatment", "dbSet")) return false;
 173     $stmt=$this->prepare("INSERT INTO treatment (pid, drug, dose, route, frequency, start, duration, omit, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :start, :duration, :omit, :addl);");
 174     $stmt->bindValue(":pid", $pid);
 175     $stmt->bindValue(":drug", $drug);
 176     $stmt->bindValue(":dose", $dose);
 177     $stmt->bindValue(":route", $route);
 178     $stmt->bindValue(":frequency", $frequency);
 179     $stmt->bindValue(":start", strtotime($date." ".$time));
 180     $stmt->bindValue(":duration", $duration);
 181     $stmt->bindValue(":addl", $addl);
 182     $stmt->bindValue(":omit", false);
 183     $stmt->execute();
 184     $log->log($pid, "drug_added", json_encode([$drug,$dose,$route,$frequency,$date,$time,$duration,$addl]));
 185   }
 186   function omitDrug($id, $date, $time){
 187     global $log;
 188     if(!checkAccess("treatment", "dbSet")) return false;
 189     $stmt=$this->prepare("UPDATE treatment SET end=:end,omit=:omit WHERE rowid=:id;");
 190     $stmt->bindValue(":end", strtotime($date." ".$time));
 191     $stmt->bindValue(":omit", true);
 192     $stmt->bindValue(":id", $id);
 193     $stmt->execute();
 194     $log->log(null, "drug_omitted", $id);
 195   }
 196   function deleteDrug($id){
 197     global $log;
 198     if(!checkAccess("treatment", "dbSet")) return false;
 199     $stmt=$this->prepare("UPDATE treatment SET omit=:omit WHERE rowid=:id;");
 200     $stmt->bindValue(":omit", -1);
 201     $stmt->bindValue(":id", $id);
 202     $stmt->execute();
 203     $log->log(null, "drug_deleted", $id);
 204   }
 205   function giveDrug($id, $given){
 206     global $log;
 207     if(!checkAccess("nursing", "dbSet")) return false;
 208     $stmt=$this->prepare("UPDATE treatment SET administer=:given WHERE rowid=:id;");
 209     $stmt->bindValue(":given", $given);
 210     $stmt->bindValue(":id", $id);
 211     $stmt->execute();
 212     $log->log(null, "drug_given", $id);
 213   }
 214   function addRequisition($pid, $test, $sample, $date, $time, $room, $form, $addl){
 215     global $log;
 216     if(!checkAccess("requisition", "dbSet")) return false;
 217     $stmt=$this->prepare("INSERT INTO requisition (pid, test, sample, time, room, form, status, addl) VALUES (:pid, :test, :sample, :time, :room, :form, :status, :addl);");
 218     $stmt->bindValue(":pid", $pid);
 219     $stmt->bindValue(":test", $test);
 220     $stmt->bindValue(":sample", $sample);
 221     $stmt->bindValue(":time", strtotime($date." ".$time));
 222     $stmt->bindValue(":room", $room);
 223     $stmt->bindValue(":form", $form);
 224     $stmt->bindValue(":status", "sent");
 225     $stmt->bindValue(":addl", $addl);
 226     $stmt->execute();
 227     $log->log($pid, "requisition_added", json_encode([$test,$room,$form]));
 228   }
 229   function receiveRequisition($id){
 230     global $log;
 231     if(!checkAccess("report", "dbSet")) return false;
 232     $stmt=$this->prepare("UPDATE requisition SET status=:status WHERE rowid=:id;");
 233     $stmt->bindValue(":status", "received");
 234     $stmt->bindValue(":id", $id);
 235     $stmt->execute();
 236     $log->log(null, "requisition_received", $id);
 237   }
 238   function omitRequisition($id){
 239     global $log;
 240     if(!checkAccess("requisition", "dbSet")) return false;
 241     $stmt=$this->prepare("UPDATE requisition SET status=:status WHERE rowid=:id;");
 242     $stmt->bindValue(":status", "done");
 243     $stmt->bindValue(":id", $id);
 244     $stmt->execute();
 245     $log->log(null, "requisition_removed", $id);
 246   }
 247   function addAdvice($pid, $drug, $dose, $route, $frequency, $duration, $addl){
 248     global $log;
 249     if(!checkAccess("discharge", "dbSet")) return false;
 250     $stmt=$this->prepare("INSERT INTO discharge (pid, drug, dose, route, frequency, duration, addl) VALUES (:pid, :drug, :dose, :route, :frequency, :duration, :addl);");
 251     $stmt->bindValue(":pid", $pid);
 252     $stmt->bindValue(":drug", $drug);
 253     $stmt->bindValue(":dose", $dose);
 254     $stmt->bindValue(":route", $route);
 255     $stmt->bindValue(":frequency", $frequency);
 256     $stmt->bindValue(":duration", $duration);
 257     $stmt->bindValue(":addl", $addl);
 258     $stmt->execute();
 259   }
 260   function deleteAdvice($id){
 261     global $log;
 262     if(!checkAccess("discharge", "dbSet")) return false;
 263     $stmt=$this->prepare("DELETE FROM discharge WHERE rowid=:id;");
 264     $stmt->bindValue(":id", $id);
 265     $stmt->execute();
 266   }
 267   function setDischarged($pid){
 268     global $log;
 269     if(!checkAccess("discharge", "dbSet")) return false;
 270     $stmt=$this->prepare("UPDATE patients SET status=:discharged,departure=:time WHERE pid=:pid;");
 271     $stmt->bindValue(":pid", $pid);
 272     $stmt->bindValue(":discharged", "discharged");
 273     $stmt->bindValue(":time", time());
 274     $stmt->execute();
 275     $log->log($pid, "discharged", null);
 276   }
 277   function setDead($pid, $post){
 278     global $log;
 279     if(!checkAccess("death", "dbSet")) return false;
 280     $stmt=$this->prepare("INSERT INTO death (pid, time, data) VALUES (:pid, :time, :data);");
 281     $stmt->bindValue(":pid", $pid);
 282     $stmt->bindValue(":time", strtotime($post["date"].$post["time"]));
 283     $stmt->bindValue(":data", json_encode($post));
 284     $stmt->execute();
 285     $stmt=$this->prepare("UPDATE patients SET status=:expired,departure=:time WHERE pid=:pid;");
 286     $stmt->bindValue(":pid", $pid);
 287     $stmt->bindValue(":expired", "expired");
 288     $stmt->bindValue(":time", time());
 289     $stmt->execute();
 290     $log->log($pid, "death_declare", json_encode($post));
 291   }
 292   function getDrugs($pid){
 293     global $log;
 294     if(!checkAccess("treatment", "dbGet")) return false;
 295     $stmt=$this->prepare("SELECT rowid,* FROM treatment WHERE pid=:pid AND omit!=:omit ORDER BY omit,drug,start;");
 296     $stmt->bindValue(":pid", $pid);
 297     $stmt->bindValue(":omit", -1);
 298     $result=$stmt->execute();
 299     return($result);
 300   }
 301   function getAdminister($id){
 302     global $log;
 303     if(!checkAccess("nursing", "dbGet")) return false;
 304     $stmt=$this->prepare("SELECT rowid,administer FROM treatment WHERE rowid=:id;");
 305     $stmt->bindValue(":id", $id);
 306     $result=$stmt->execute();
 307     return($result);
 308   }
 309   function getRequisitions($pid){
 310     global $log;
 311     if(!checkAccess("requisition", "dbGet")) return false;
 312     $stmt=$this->prepare("SELECT rowid,* FROM requisition WHERE pid=:pid AND status!=:status ORDER BY room;");
 313     $stmt->bindValue(":pid", $pid);
 314     $stmt->bindValue(":status", "done");
 315     $result=$stmt->execute();
 316     return($result);
 317   }
 318   function getDischargeAdvice($pid){
 319     global $log;
 320     if(!checkAccess("discharge", "dbGet")) return false;
 321     $stmt=$this->prepare("SELECT rowid,* FROM discharge WHERE pid=:pid;");
 322     $stmt->bindValue(":pid", $pid);
 323     $result=$stmt->execute();
 324     return($result);
 325   }
 326   function getDeath($pid){
 327     global $log;
 328     if(!checkAccess("discharge", "dbGet")) return false;
 329     $stmt=$this->prepare("SELECT data FROM death WHERE pid=:pid;");
 330     $stmt->bindValue(":pid", $pid);
 331     $result=$stmt->execute();
 332     return($result);
 333   }
 334   function getName($pid){
 335     global $log;
 336     if(!checkAccess("info", "dbGet")) return false;
 337     $stmt=$this->prepare("SELECT name FROM patients WHERE pid=:pid;");
 338     $stmt->bindValue(":pid", $pid);
 339     $result=$stmt->execute();
 340     return($result);
 341   }
 342   function getAge($pid){
 343     global $log;
 344     if(!checkAccess("info", "dbGet")) return false;
 345     $stmt=$this->prepare("SELECT age FROM patients WHERE pid=:pid;");
 346     $stmt->bindValue(":pid", $pid);
 347     $result=$stmt->execute();
 348     return($result);
 349   }
 350   function getSex($pid){
 351     global $log;
 352     if(!checkAccess("info", "dbGet")) return false;
 353     $stmt=$this->prepare("SELECT sex FROM patients WHERE pid=:pid;");
 354     $stmt->bindValue(":pid", $pid);
 355     $result=$stmt->execute();
 356     return($result);
 357   }
 358   function getWard($pid){
 359     global $log;
 360     if(!checkAccess("info", "dbGet")) return false;
 361     $stmt=$this->prepare("SELECT ward FROM patients WHERE pid=:pid;");
 362     $stmt->bindValue(":pid", $pid);
 363     $result=$stmt->execute();
 364     return($result);
 365   }
 366   function getBed($pid){
 367     global $log;
 368     if(!checkAccess("info", "dbGet")) return false;
 369     $stmt=$this->prepare("SELECT bed FROM patients WHERE pid=:pid;");
 370     $stmt->bindValue(":pid", $pid);
 371     $result=$stmt->execute();
 372     return($result);
 373   }
 374   function getStatus($pid){
 375     global $log;
 376     if(!checkAccess("info", "dbGet")) return false;
 377     $stmt=$this->prepare("SELECT status FROM patients WHERE pid=:pid;");
 378     $stmt->bindValue(":pid", $pid);
 379     $result=$stmt->execute();
 380     return($result);
 381   }
 382   function getDiagnosis($pid){
 383     global $log;
 384     if(!checkAccess("diagnosis", "dbGet")) return false;
 385     $stmt=$this->prepare("SELECT diagnosis FROM patients WHERE pid=:pid;");
 386     $stmt->bindValue(":pid", $pid);
 387     $result=$stmt->execute();
 388     return($result);
 389   }
 390   function getPatientList(){
 391     global $log;
 392     if(!checkAccess("info", "dbGet")) return false;
 393     $stmt=$this->prepare("SELECT pid,ward,bed,name,diagnosis,status FROM patients ORDER BY admission;");
 394     $result=$stmt->execute();
 395     return($result);
 396   }
 397   function getAdmittedPatientList(){
 398     global $log;
 399     if(!checkAccess("info", "dbGet")) return false;
 400     $stmt=$this->prepare("SELECT pid,ward,bed,name,diagnosis FROM patients WHERE status='admitted' ORDER BY UPPER(ward),bed;");
 401     $result=$stmt->execute();
 402     return($result);
 403   }
 404   function getArchivedPatientList(){
 405     global $log;
 406     if(!checkAccess("info", "dbGet")) return false;
 407     $stmt=$this->prepare("SELECT pid,ward,bed,name,diagnosis,status FROM patients WHERE status!='admitted' ORDER BY admission;");
 408     $result=$stmt->execute();
 409     return($result);
 410   }
 411   function getRequisitionList(){
 412     global $log;
 413     if(!checkAccess("requisition", "dbGet")) return false;
 414     $stmt=$this->prepare("SELECT requisition.rowid,requisition.* FROM requisition INNER JOIN patients ON requisition.pid=patients.pid WHERE requisition.status!=:status AND patients.status=:admitted ORDER BY requisition.room,requisition.test;");
 415     $stmt->bindValue(":status", "done");
 416     $stmt->bindValue(":admitted", "admitted");
 417     $stmt->bindValue(":today", time());
 418     $result=$stmt->execute();
 419     return($result);
 420   }
 421   function getForm($id){
 422     global $log;
 423     if(!checkAccess("report", "dbGet")) return false;
 424     $stmt=$this->prepare("SELECT form FROM reports WHERE rowid=:id;");
 425     $stmt->bindValue(":id", $id);
 426     $result=$stmt->execute();
 427     return($result);
 428   }
 429   function getAdmission($pid){
 430     global $log;
 431     if(!checkAccess("admission", "dbGet")) return false;
 432     $stmt=$this->prepare("SELECT admission FROM patients WHERE pid=:pid;");
 433     $stmt->bindValue(":pid", $pid);
 434     $result=$stmt->execute();
 435     return($result);
 436   }
 437   function getAdmissionData($pid){
 438     global $log;
 439     if(!checkAccess("admission", "dbGet")) return false;
 440     $stmt=$this->prepare("SELECT data FROM patients WHERE pid=:pid;");
 441     $stmt->bindValue(":pid", $pid);
 442     $result=$stmt->execute();
 443     return($result);
 444   }
 445   function getDeparture($pid){
 446     global $log;
 447     if(!checkAccess("admission", "dbGet")) return false;
 448     $stmt=$this->prepare("SELECT departure FROM patients WHERE pid=:pid;");
 449     $stmt->bindValue(":pid", $pid);
 450     $result=$stmt->execute();
 451     return($result);
 452   }
 453   function getSummary($pid){
 454     global $log;
 455     if(!checkAccess("summary", "dbGet")) return false;
 456     $stmt=$this->prepare("SELECT summary FROM patients WHERE pid=:pid;");
 457     $stmt->bindValue(":pid", $pid);
 458     $result=$stmt->execute();
 459     return($result);
 460   }
 461   function getHistory($pid){
 462     global $log;
 463     if(!checkAccess("history", "dbGet")) return false;
 464     $stmt=$this->prepare("SELECT history FROM patients WHERE pid=:pid;");
 465     $stmt->bindValue(":pid", $pid);
 466     $result=$stmt->execute();
 467     return($result);
 468   }
 469   function getAdvice($pid){
 470     global $log;
 471     if(!checkAccess("treatment", "dbGet")) return false;
 472     $stmt=$this->prepare("SELECT data FROM advice WHERE pid=:pid;");
 473     $stmt->bindValue(":pid", $pid);
 474     $result=$stmt->execute();
 475     return($result);
 476   }
 477   function getData($pid, $id, $cat){
 478     global $log;
 479     if($cat=="physician"){
 480       if(!checkAccess("physician", "dbGet")) return false;
 481       $stmt=$this->prepare("SELECT data FROM physician WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
 482     } elseif($cat=="nursing"){
 483       if(!checkAccess("nursing", "dbGet")) return false;
 484       $stmt=$this->prepare("SELECT data FROM nursing WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
 485     } elseif($cat=="reports"){
 486       if(!checkAccess("report", "dbGet")) return false;
 487       $stmt=$this->prepare("SELECT form,data FROM reports WHERE pid=:pid AND rowid=:id ORDER BY time DESC;");
 488     } else{
 489       return(false);
 490     }
 491     $stmt->bindValue(":pid", $pid);
 492     $stmt->bindValue(":id", $id);
 493     $result=$stmt->execute();
 494     return($result);
 495   }
 496   function getAllData($pid, $cat){
 497     global $log;
 498     if($cat=="physician"){
 499       if(!checkAccess("physician", "dbGet")) return false;
 500       $stmt=$this->prepare("SELECT rowid,data FROM physician WHERE pid=:pid ORDER BY time DESC;");
 501     } elseif($cat=="nursing"){
 502       if(!checkAccess("nursing", "dbGet")) return false;
 503       $stmt=$this->prepare("SELECT rowid,data FROM nursing WHERE pid=:pid ORDER BY time DESC;");
 504     } elseif($cat=="reports"){
 505       if(!checkAccess("report", "dbGet")) return false;
 506       $stmt=$this->prepare("SELECT rowid,form,data FROM reports WHERE pid=:pid ORDER BY time DESC;");
 507     } elseif($cat=="info"){
 508       if(!checkAccess("info", "dbGet")) return false;
 509       $stmt=$this->prepare("SELECT rowid,data FROM patients WHERE pid=:pid ORDER BY time DESC;");
 510     } elseif($cat=="history"){
 511       if(!checkAccess("history", "dbGet")) return false;
 512       $stmt=$this->prepare("SELECT rowid,history FROM patients WHERE pid=:pid ORDER BY time DESC;");
 513     } else{
 514       return(false);
 515     }
 516     $stmt->bindValue(":pid", $pid);
 517     $result=$stmt->execute();
 518     return($result);
 519   }
 520 }
 521 $db = new DB();
 522 ?>