PageRenderTime 4ms CodeModel.GetById 1ms app.highlight 13ms RepoModel.GetById 1ms app.codeStats 0ms

/public_html/list_view.php

http://ditag.googlecode.com/
PHP | 425 lines | 294 code | 112 blank | 19 comment | 51 complexity | 1b0b039abf3e8ca1b6ba6b2fd770b3ce MD5 | raw file
  1<?php
  2
  3session_start();
  4
  5//print_r($_SESSION);
  6
  7include_once("db_login.php");
  8$cnx_status = connect_to_db();
  9if (!$cnx_status) {
 10	die("Could not connect to database: " . mysql_error());
 11}
 12
 13
 14//echo "AUTH IS " . $_SESSION["auth"] . "<br />";
 15
 16if (!$_SESSION['auth']) {
 17	echo "Please <a href=\"login_form.php\">log in</a> to the MoDD website.";
 18	echo "</body></html>";
 19	
 20	exit;
 21}
 22
 23// need to figure out WHO is doing something
 24// and WHAT they are doing
 25//
 26// then set variables for this to refer to later.
 27
 28
 29$my_uid    = $_SESSION["uid"];
 30
 31if (isset($_POST['user_submit'])) {
 32	$view_uid = $_POST['user_list'];
 33	if (strcmp($view_uid,"none") != 0){
 34		$_SESSION["view_uid"] = $view_uid;
 35	}
 36	else {
 37		unset($_SESSION["view_uid"]);
 38	}
 39}
 40
 41$self   = $_SERVER['PHP_SELF'];
 42
 43$who  =  NULL;
 44$what =  NULL;
 45
 46$ADMIN = "admin";
 47$USER  = "user";
 48$PROV  = "provider";
 49
 50$VIEW = "view";
 51$SAVE = "save";
 52$EDIT = "edit";
 53
 54$the_username = $_SESSION["username"];
 55
 56// by default, you're in a 'view' state
 57$what = $VIEW;
 58
 59$who = getPermissions($my_uid);
 60
 61if ($_POST['edit']) {
 62	$what = $EDIT;
 63}
 64else if ($_POST['save']) {
 65	$what = $VIEW;
 66}
 67
 68if ( strcmp($what,$VIEW)==0 ) {
 69	if (strcmp($who,$USER) == 0) {
 70		saveUserComments();
 71	} else if (strcmp($who,$PROV)==0) {
 72		saveProvComments();
 73	}
 74}
 75
 76render_header();
 77render_start();
 78
 79if ( strcmp($who,$ADMIN)==0 ) {
 80	render_stats();
 81}
 82
 83if ( (strcmp($who,$PROV)==0) or (strcmp($who,$ADMIN)==0) ) {
 84	render_user_list();
 85
 86	if (isset($_SESSION['view_uid'])) {
 87		showSamplesFor($_SESSION["view_uid"]);
 88	}
 89}
 90else if (strcmp($who, $USER)==0) {
 91	showSamplesFor($_SESSION["uid"]);
 92}
 93
 94
 95
 96function showSamplesFor($show_uid) {
 97
 98	global $who, $what, $PROV, $USER, $ADMIN, $VIEW, $SAVE, $EDIT;
 99
100	$list_components = array();
101	
102	$select = ' SELECT ';
103	$from   = ' FROM ';
104	
105	$query = $select . " sample_id,time,glucose,user_comment,cp_comment " . $from . " `sample` " . 
106			" WHERE " . " (`sample`.user_id=$show_uid) ORDER BY time";
107
108	$sample_ids = mysql_query($query);
109	
110	while ($result_row = mysql_fetch_row($sample_ids)) {
111		$sample_id = $result_row[0];
112		$list_components[$sample_id] = array();
113		$list_components[$sample_id]["time"] = $result_row[1]; 
114		$list_components[$sample_id]["glucose"] = $result_row[2]; 
115		$list_components[$sample_id]["user_comment"] = $result_row[3];
116		$list_components[$sample_id]["cp_comment"] = $result_row[4];
117	
118	
119		//get all the audio files
120		$audio_query = $select . " location,audio_id " . $from . " `audio` " . " WHERE " . 
121																" (`audio`.sample_id=$sample_id) ";
122		$audio_locs = mysql_query($audio_query);
123		$audio_files = array();
124		while ($res_row_2 = mysql_fetch_array($audio_locs, MYSQL_ASSOC)) {
125			//echo "Got for item location:" . $res_row_2[0] . " & length:" . $res_row_2[1] ."<br />";
126			array_push($audio_files, array($res_row_2["location"], $res_row_2["audio_id"]));
127		}
128		$list_components["$sample_id"]["audio"] = $audio_files;
129		
130		
131		// get all the image files
132		$image_query = $select . " location " . $from . " `image` " . " WHERE " . 
133																" (`image`.sample_id=$sample_id) ";
134		$image_locs = mysql_query($image_query);
135		$image_files = array();
136		while ($res_row_2 = mysql_fetch_array($image_locs, MYSQL_ASSOC)) {
137			//echo "Got for item location:" . $res_row_2[0] . " & length:" . $res_row_2[1] ."<br />";
138			array_push($image_files, $res_row_2["location"]);
139		}
140		$list_components["$sample_id"]["image"] = $image_files; 
141	}
142
143	
144	$name_query = "SELECT firstname, lastname FROM user WHERE user.user_id=$show_uid";
145	$name_res = mysql_query($name_query);
146	$name_data = mysql_fetch_array($name_res, MYSQL_ASSOC);
147	
148	echo ("<h3> Samples for $name_data[firstname] $name_data[lastname] </h3>\n");
149
150	echo(
151	'<table width="100%"  border="1" align="center">
152	  <tr>
153		<th width="5%" class="table_header" scope="col">Sample ID </th>
154		<th width="10%" class="table_header" scope="col">Time</th>
155		<th width="5%" class="table_header" scope="col">Glucose</th>
156		<th width="20%" class="table_header" scope="col">Images</th>
157		<th width="15%" class="table_header" scope="col">Audio</th>');
158	
159	
160	if ( strcmp($what,$VIEW) == 0 ) {
161		$button_name = "edit";
162		$button_val  = "Edit";
163	}
164	else if (strcmp($what, $EDIT) == 0) {
165		$button_name = "save";
166		$button_val  = "Save";
167	}
168	
169	/* The user comments column */
170	if (strcmp($who, $USER) == 0) {
171		echo("<th width='25%' class='table_header' scope='col'>" .
172		"<form action=\" " . $_SERVER[PHP_SELF] . "\" method=\"POST\">\n" .
173		"Comments <input type=\"submit\" name=$button_name value=$button_val>\n" .
174		"</th>");
175	}
176	else {
177		echo ("<th width='25%' class='table_header' scope='col'> Comments </th> \n");
178	}
179	/* end user comments column*/
180
181	/* The provider comments column */
182	if (strcmp($who, $PROV) == 0) {
183		echo("<th width='25%' class='table_header' scope='col'>" .
184		"<form action=\" " . $_SERVER[PHP_SELF] . "\" method=\"POST\">\n" .
185		"Care Provider's Comments <input type=\"submit\" name=$button_name value=$button_val>\n" .
186		"</th></tr>");
187	} 
188	else {
189		echo ("<th width='25%' class='table_header' scope='col'> Care Provider's Comments </th></tr> \n");
190	}
191	/* end provider comments column */
192
193
194	$even_row = false;
195	
196	foreach ($list_components as $id => $data) {
197	 
198		 $row_tag = ($even_row) ? "class=\"even_row\"" : "class=\"odd_row\"";
199		 
200		 echo "<tr $row_tag>"; 
201		 echo "<td ALIGN=\"center\"><b>$id</b></td>";
202		 echo "<td>$data[time]</td>";
203		 echo "<td>$data[glucose]</td>";
204		 
205		 // show each image.
206		 echo "<td>";
207		 foreach ($data["image"] as $img) {
208			echo "<img src=\"samples/sample_$id/image/$img\" style=\"padding:10px\"/><br />";
209		 } 
210		 echo "</td>";
211		 
212		 
213		 echo "<td>";
214		 foreach ($data["audio"] as $aud) {
215		 	
216			 $file_path = "samples/sample_$id/audio/";
217			
218			
219			 $audio_file_location = $aud[0];
220			 $audio_file_id = $aud[1];
221			 
222			 $file_parts = explode(".",$audio_file_location);
223			 if ( (file_exists($file_path.$file_parts[0].".mp3")) and 
224			      (filesize($file_path.$file_parts[0].".mp3") > 0) ) {
225		 	 
226				 echo "<a href=\"scripts/get_file.php?sample_id=$id&file_type=mp3&file_id=$audio_file_id\">".		
227				 "$file_parts[0].mp3</a><br />";
228			} else {
229				echo "<a href=\"scripts/get_file.php?sample_id=$id&file_type=amr&file_id=$audio_file_id\">".		
230				 "$file_parts[0].mp3</a><br />";
231			}
232		 } 
233		 echo "</td>";
234		 
235		 
236		 echo "<td>";
237		 if ( (strcmp($what,$EDIT) == 0) && (strcmp($who,$USER) == 0) )  {
238			echo "<textarea name=\"user_sample$id\" cols=\"30\" rows=\"10\">$data[user_comment]</textarea>";
239		 }
240		 else {
241			echo "$data[user_comment]";
242		 }
243		 echo "</td>";
244	
245	
246		echo "<td>";
247		if ( (strcmp($what,$EDIT) == 0) && (strcmp($who,$PROV)==0) ){
248			echo "<textarea name=\"cp_sample$id\" cols=\"30\" rows=\"10\">$data[cp_comment]</textarea>";
249		}
250		else {
251			echo "$data[cp_comment]";
252		}
253		
254		echo "</tr>";
255		
256		$even_row = !$even_row;
257	 
258	} // end bracket for loop that goes through all the samples
259	
260	echo("</table>");
261	echo "</form>";
262	
263	render_end();
264}
265
266function render_stats() {
267
268// TODO: ADD DELETE ACCOUNT BUTTON
269
270	$user_stats_query   = "SELECT user_id, username, firstname, lastname, last_log_time FROM user ".
271						  "WHERE permission=\"U\"";
272	$user_stats_res     = mysql_query($user_stats_query);
273	
274	
275	echo("<h3> Registered Users </h3>");
276	
277	echo("<table BORDER=\"1\" WIDTH=\"75%\">\n");
278	echo("<tr>\n");
279	echo("<th>User ID</th>\n");
280	echo("<th>Username</th>\n");
281	echo("<th>First name</th>\n");
282	echo("<th>Last name</th>\n");
283	echo("<th>Last log</th>\n");
284	echo("<th>Last sample</th>\n");
285	echo("<th>Number samples</th>\n");
286	echo("</tr>\n");
287	 
288	
289	while ($user_row = mysql_fetch_array($user_stats_res, MYSQL_ASSOC)) {
290		
291		$this_user_id = $user_row["user_id"];
292		
293		echo("<tr>\n");
294		echo("<td>$this_user_id</td>\n");
295		echo("<td>$user_row[username]</td>\n");
296		echo("<td>$user_row[firstname]</td>\n");
297		echo("<td>$user_row[lastname]</td>\n");
298		echo("<td>$user_row[last_log_time]</td>\n");
299		
300		
301		$last_sample_query   = "SELECT time FROM sample WHERE user_id=$this_user_id ORDER BY time DESC";
302		$last_sample_res     = mysql_query($last_sample_query);
303		$last_sample_data    = mysql_fetch_array($last_sample_res);
304		
305		$last_sample = $last_sample_data[0];
306		
307		
308		
309		$num_samples_query   = "SELECT COUNT(*) FROM sample WHERE user_id=$this_user_id";
310		$num_samples_res     = mysql_query($num_samples_query);
311		$num_sample_data    = mysql_fetch_array($num_samples_res);
312		
313		$num_samples = $num_sample_data[0];
314	
315		
316		
317		echo("<td>$last_sample</td>\n");
318		echo("<td>$num_samples</td>\n");
319		echo("</tr>");
320	}
321	
322	echo("</table>");
323	
324	echo("<br /><HR WIDTH=\"100%\">");
325
326}
327
328function render_header() {
329	echo (
330	'<html xmlns="http://www.w3.org/1999/xhtml">
331	<head>
332	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
333	<title>My Samples</title>
334	<link href="moddweb.css" rel="stylesheet" type="text/css">
335	</head>');
336}
337
338function render_start() {
339
340	$name   = $_SESSION["name"];
341
342	echo ('<body>');
343
344	echo ('<table width="100%" border="0">');
345	echo ("<tr><td WIDTH=\"80%\">&nbsp;</td>");
346	echo ("<td ALIGN=right><a href=\"change_password.php\">change password</a></td>");
347	echo ("<td ALIGN=right><a href=\"goodbye.php\">log out</a></td></tr>");
348	echo ('<tr><td WIDTH="2%"><h2 class="nice_box"> Welcome, ' . $name . '!</h2></td></tr>');
349	echo ("</table>");
350	
351
352}
353
354function render_end() {
355	echo ('</body></html>');
356}
357
358function render_user_list() {
359	/* determine if you need to give admin the list of users  records to view */
360
361	$query_res = mysql_query("SELECT user_id,firstname,lastname,permission FROM user");
362	$reg_users = array();
363	
364	while ($row = mysql_fetch_array($query_res, MYSQL_ASSOC)) {
365		//echo $row["firstname"];
366		if (strcmp($row["permission"],"U") == 0) {
367			$reg_users[$row["user_id"]] = $row["firstname"] . " " . $row["lastname"];
368		}
369	}
370		
371	echo "<br /> <br />";
372	echo('<form action="' . $self . '" method="POST">
373	<label>Select a user to view: </label><br />
374	<SELECT NAME="user_list">
375	<option VALUE="none"></option>');		
376	
377	foreach ($reg_users as $key => $value) {
378		echo('<OPTION VALUE="' . $key . '">' . $value . "</option>");
379	}
380	echo ("</SELECT>
381		<input type=\"submit\" name=\"user_submit\" value=\"View\">
382		</form>");
383}
384
385function saveUserComments() {
386	foreach ($_POST as $key => $value) {
387		if (strpos($key, "user_sample") === 0) {
388			$comment_id = substr($key,11);
389			$comment_query = "UPDATE sample SET user_comment=\"$value\" WHERE sample_id=$comment_id";
390			$res = mysql_query($comment_query);		
391		}
392	}
393}
394
395function saveProvComments() {
396	foreach ($_POST as $key => $value) {
397		if (strpos($key, "cp_sample") === 0) {
398			$comment_id = substr($key,9);
399			$comment_query = "UPDATE sample SET cp_comment=\"$value\" WHERE sample_id=$comment_id";		
400			$res = mysql_query($comment_query);
401		}
402	}
403}
404
405function getPermissions($a_uid) {
406
407	global $PROV, $ADMIN, $USER;
408
409	$prmsn_query = "SELECT permission FROM user where user_id=$a_uid";		
410	$res = mysql_query($prmsn_query);
411	
412	$prmsn_array = mysql_fetch_array($res, MYSQL_ASSOC);
413
414	switch ($prmsn_array['permission']) {
415		case "P":
416			return $PROV;
417		case "A";
418			return $ADMIN;
419		case "U":
420			return $USER;
421	}
422}
423
424
425?>