Added login

diff --git a/admission.php b/admission.php
index d8799f46836ef60b1ca57df1aa75251ca2462db4..6864344722cc376f91aba7186f0773221e9ab431 100644 (file)
--- a/admission.php
+++ b/admission.php
@@ -1,6 +1,16 @@
 <?php
 require("lib/functions.php");
 require("lib/db.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_POST["pid"]) && !empty($_POST["name"])){
   $db->admit($_POST);
   //header("Location: view.php?pid=".$_POST["pid"]);

diff --git a/attachments.php b/attachments.php
index fde5c41f5aceab85372824ff2a74c2700da2b640..6bc4833ebdc4d7f50f1fdb5c40bbe896b7d9c89d 100644 (file)
--- a/attachments.php
+++ b/attachments.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 $error="<p>";
 $imgs="<div class='card mb-3'><div class='card-body'><div class='row'>";
 $pdfs="<div class='card mb-3'><div class='card-body'>";

diff --git a/clinical.php b/clinical.php
index 97b156844c33dddc5964736eb4519ebd875931d7..1e580d64d348c17b3feb2920c0aca87e5425dbe5 100644 (file)
--- a/clinical.php
+++ b/clinical.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["date"]) && !empty($_POST["time"])){

diff --git a/death.php b/death.php
index ef2742f304138ae1fc58aeb523434da0fcf645ee..45b43af0ac1e20369832e8a66cf0e67e9f3eab60 100644 (file)
--- a/death.php
+++ b/death.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["date"]) && !empty($_POST["time"]) && !empty($_POST["diagnosis"])){

diff --git a/discharge.php b/discharge.php
index 8e0f7ac3f7d368a9efa857436f646f45ae820145..32e7488c025577b00354896d672bade67f8fda1c 100644 (file)
--- a/discharge.php
+++ b/discharge.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["delete"])){

diff --git a/history.php b/history.php
index 69c2f72c07942ccd47f34db5bddaad9ac57975d4..982b91b1390bc3d250f6d830340594fa50d0858a 100644 (file)
--- a/history.php
+++ b/history.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["cc"])){

diff --git a/index.php b/index.php
index d5926b6eeb4f2533c5e30ab3c238b5cdd2c359a2..72bc4847815db6ec5c3b5ff3b628974eafa85417 100644 (file)
--- a/index.php
+++ b/index.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 $list=$db->getList();
 $show="";
 if(!empty($list)){

diff --git a/laboratory.php b/laboratory.php
index c20784f367c5298c832d422a92042a7674a554b2..6462ec79a31e06a2bbb9a1346228b2413078a3c3 100644 (file)
--- a/laboratory.php
+++ b/laboratory.php
@@ -1,5 +1,10 @@
 <?php
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 $list="";
 if(isSet($_GET["pid"])){
   foreach(glob("forms/report*.json") as $file){

diff --git a/lib/db.php b/lib/db.php
index 099028b14e9f277eed96e9615ec18d74ac5060cf..0c91fc2563cb14cc293b4aeb13bb9a5da4830939 100644 (file)
--- a/lib/db.php
+++ b/lib/db.php
@@ -3,6 +3,12 @@ class DB extends SQLite3 {
   function __construct(){
     $this->open("data/data.db");
   }
+  function checkUser($username, $password){
+    $stmt=$this->prepare("SELECT hash FROM users WHERE user=:user");
+    $stmt->bindValue(":user", $username);
+    $result=$stmt->execute();
+    return(password_verify($password, $result->fetchArray()[0]));
+  }
   function admit($post){
     $quer=$this->prepare("SELECT count(rowid) FROM patients WHERE pid=:pid");
     $quer->bindValue(":pid", $post["pid"]);
@@ -76,7 +82,8 @@ class DB extends SQLite3 {
     $stmt->execute();
   }
   function omitDrug($id){
-    $stmt=$this->prepare("UPDATE treatment SET omit=:omit WHERE rowid=:id;");
+    $stmt=$this->prepare("UPDATE treatment SET end=:end,omit=:omit WHERE rowid=:id;");
+    $stmt->bindValue(":end", time());
     $stmt->bindValue(":omit", true);
     $stmt->bindValue(":id", $id);
     $stmt->execute();

diff --git a/login.php b/login.php
new file mode 100644 (file)
index 0000000..9b489f1
--- /dev/null
+++ b/login.php
@@ -0,0 +1,39 @@
+<?php
+require("lib/db.php");
+require("lib/functions.php");
+session_start();
+$error="";
+if($_GET["action"]=="logout"){
+  $_SESSION["user"]=null;
+}
+if(!empty($_POST["username"]) && !empty($_POST["password"])){
+  if($db->checkUser($_POST["username"], $_POST["password"])){
+    $_SESSION["user"]=$_POST["username"];
+    header("Location: index.php");
+    exit();
+  }
+  else{
+      $error="<div class='alert alert-danger'>Username or password is incorrect.</div>";
+  }
+}
+//header("Location: view.php?id=".$_GET["id"]);
+//exit();
+?>
+<!DOCTYPE html>
+<html>
+  <head>
+    <?php include("lib/head.php");?>
+    <title>Login</title>
+  </head>
+  <body>
+    <div class="container">
+      <?php echo $error;?>
+      <form method="post">
+        <input class="m-2 form-control" type="text" name="username" placeholder="Username" required>
+        <input class="m-2 form-control" type="password" name="password" placeholder="Password" required>
+        <button class="m-2 btn btn-primary" type="submit">Login</button>
+      </form>
+    </div>
+    <?php include("lib/foot.php");?>
+  </body>
+</html>

diff --git a/report.php b/report.php
index 6abf5c8593c011ab8242fb1c83d0906f8356fd70..d21f96cfc7dfc6a9d0ccabe963e19b477785f3e4 100644 (file)
--- a/report.php
+++ b/report.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"]) && !empty($_GET["form"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["date"])){

diff --git a/schema.sql b/schema.sql
index 855f5de41aa2bf2020afc7629dbc12cd6dc995f0..be662646f082c0dde09bc961bc157e5391a9f90d 100644 (file)
--- a/schema.sql
+++ b/schema.sql
@@ -45,7 +45,15 @@ dose text,
 route text,
 frequency text,
 start int,
+end int,
 duration text,
 omit boolean,
 addl text
 );
+CREATE TABLE users(
+user text,
+usergroup text,
+hash text,
+change boolean,
+last int
+);

diff --git a/treatment.php b/treatment.php
index 56ad05f7b5712ad32aa30618c2be8b9f8c73c379..6e037ca3ebe9211c518e3a45257c5f6434d6c67b 100644 (file)
--- a/treatment.php
+++ b/treatment.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 if(!empty($_GET["pid"])){
   $pid=$_GET["pid"];
   if(!empty($_POST["omit"])){

diff --git a/view.php b/view.php
index 7532d221af8ee4b1bb37e92c10572ff5559423ba..1d2614632fc22be8047ebce259a9c011ff0b15a9 100644 (file)
--- a/view.php
+++ b/view.php
@@ -1,6 +1,11 @@
 <?php
 require("lib/db.php");
 require("lib/functions.php");
+session_start();
+if(empty($_SESSION["user"])){
+  header("Location: login.php");
+  exit();
+}
 $info="";
 $clinical=[];
 $reports=[];