// Use this to get current location: $_SERVER['PATH_INFO']; // the $_SERVER['PATH_INFO'] should look like /pages/index/destinationssummary.html // (Not used anymore, but still in place) The config file should then be /pages/index/config.inc.php // The template file should be /pages/index/template.html The $template variable will be /pages/index the /template.html will be added by template.php //echo $_SERVER['PATH_INFO']; require_once 'sql.inc'; //needed for captcha image check include_once 'securimage/securimage.php'; //db table where user data is stored $userstable = 'users'; $user_ip = getenv("REMOTE_ADDR"); session_start(); if ($_GET['logout'] == 'true') { doLogout(); session_start(); } $sid = session_id(); //error reporting settings error_reporting(E_ALL); ini_set("display_errors", 1); //open file to report sql queries, results, and errors to $myFile = "errorFile.txt"; $fh = fopen($myFile, 'a') or die("can't open file"); $GLOBALS['fh'] = $fh; $GLOBALS['language']['English'] = "http://dev.disaster.bluesunsupport.com"; $GLOBALS['language']['Spanish'] = "http://dev.spanish.bluesunsupport.com"; $locationinfo = array(); $locationinfo['sid'] = $sid; $locationinfo['config'] = ''; $locationinfo['template'] = ''; $locationinfo['page'] = ''; //display current url //echo curPageURL(); getCurrentPageInfo($locationinfo['config'], $locationinfo['template'], $locationinfo['page']); $loginAttempt = 0; $signupAttempt = -1; if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'login') { $loginAttempt = attemptLogin($user_ip); // if attemptLogin returns 0 the user was logged in successfully and should never know any different otherwise it returns 1 if ($loginAttempt > 0) { $locationinfo['config'] = '/pages/index/config.inc.php'; $locationinfo['template'] = '/pages/index/'; $locationinfo['page'] = '/pages/index/login.html'; } } if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'signup') { $signupAttempt = attemptSignup($user_ip); // if attemptSignup returns 0 the user was signed up successfully and should never know any different otherwise it returns 1 if ($signupAttempt > 0) { $locationinfo['config'] = '/pages/index/config.inc.php'; $locationinfo['template'] = '/pages/index/'; $locationinfo['page'] = '/pages/index/login.html'; } } if (substr_count($locationinfo['config'],"pages") <= 1) { $locationinfo['modulename'] = preg_replace('/\/pages\/(.*)\/config.inc.php/', "\${1}", $locationinfo['config']); $locationinfo['pagename'] = preg_replace('/\/pages\/' . $locationinfo['modulename'] . '\/(.*)\.html/', "\${1}", $locationinfo['page']); } else { $locationinfo['modulename'] = preg_replace('/\/pages\/(.*)\/pages\/(.*)\/config.inc.php/', "\${1}", $locationinfo['config']); $locationinfo['pagename'] = preg_replace('/\/pages\/' . $locationinfo['modulename'] . '\/pages\/' . $locationinfo['modulename'] . '\/(.*)\.html/', "\${1}", $locationinfo['page']); } if (isLoggedIn($locationinfo)) { $locationinfo['uid'] = $_SESSION['user_id']; checkSelfTest($locationinfo); if (checkRecentComplete($locationinfo) == 2) { echo "
"; } logCurrentPage($locationinfo); answerQuestions($locationinfo); } else { if (pageRequiresAuth($locationinfo['modulename'], $locationinfo['pagename'])) { $locationinfo['config'] = '/pages/index/config.inc.php'; $locationinfo['template'] = '/pages/index/'; $locationinfo['page'] = '/pages/index/login.html'; } } if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'editAccount') { $editAttempt = attemptEdit($user_ip); // if attemptEdit returns 0 the user profile was updated successfully and should never know any different otherwise it returns 1 if ($editAttempt > 0) { $locationinfo['config'] = '/pages/index/config.inc.php'; $locationinfo['template'] = '/pages/index/'; $locationinfo['page'] = '/pages/index/editaccount.html'; } } verifyPageExists($locationinfo['config'], $locationinfo['template'], $locationinfo['page']); $locationinfo['pageid'] = getPageID(); $locationinfo['moduleid'] = getModuleID(); require_once $_SERVER['DOCUMENT_ROOT'].$locationinfo['config']; require 'template.php'; $extra_vars['BODY'] = file_get_contents($_SERVER['DOCUMENT_ROOT'] . $locationinfo['page']); $TemplateObj = new TraumaTemplate($locationinfo['page'], $locationinfo['template'], $sid); $next_link = ''; $prev_link = ''; $main_link = ''; $mtl_link = ''; $progress_bar = ''; $page_num = ''; generate_buttons($extra_vars, $locationinfo, $TemplateObj, $prev_link, $next_link, $main_link, $mtl_link); generate_progress($extra_vars, $locationinfo, $TemplateObj, $progress_bar, $page_num); $TemplateObj->evalvars($extra_vars); $TemplateObj->navigation(); $TemplateObj->encrypt_emails(); $TemplateObj->templ_print(); mysqli_close($mysql); fclose($GLOBALS['fh']); ############################# Functions ######################### //current url function curPageURL() { if ($_SERVER["SERVER_PORT"] != "80") { $pageURL = $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL = $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } // This function will return by reference the current page config, // template, and current page function getCurrentPageInfo (&$configFile, &$templateDIR, &$pageFile) { if (isset($_SERVER['PATH_INFO']) && preg_match("/.*\.html/", $_SERVER['PATH_INFO'])) // Full Path info { $pageFile = $_SERVER['PATH_INFO']; $pages_dir = preg_replace('/(.*)\/.*/', "\${1}", $_SERVER['PATH_INFO']); $top_dir = preg_replace('/(.*)\/.*/', "\${1}", $pages_dir); $configFile = $pages_dir . '/config.inc.php'; $templateDIR = $pages_dir; } else // no path info { $templateDIR = '/pages/index'; $configFile = '/pages/index/config.inc.php'; $pageFile = '/pages/index/index.html'; } } function verifyPageExists(&$configFile, &$templateDIR, &$pageFile) { if (!(file_exists($_SERVER['DOCUMENT_ROOT'].$configFile) && file_exists($_SERVER['DOCUMENT_ROOT'].$templateDIR) && file_exists($_SERVER['DOCUMENT_ROOT'].$pageFile))) { $templateDIR = '/pages/index'; $configFile = '/pages/index/config.inc.php'; $pageFile = '/pages/index/404.html'; } } function array_find($needle, $haystack) { foreach ($haystack as $item) { if (strpos($item, $needle) !== FALSE) { return $item; break; } } } function isLoggedIn(&$locationinfo) { if(isset($_SESSION['logged_in'])) { $locationinfo['uid'] = $_SESSION['user_id']; $locationinfo['loggedin'] = true; return true; } else { $locationinfo['loggedin'] = false; return false; } } function getPageID() { $sql = "SELECT pageid, pages.moduleid as moduleid FROM pages,modules WHERE pages.moduleid=modules.moduleid AND modules.name='" . $GLOBALS['locationinfo']['modulename'] . "' AND filename='" . $GLOBALS['locationinfo']['pagename'] . "'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $GLOBALS['locationinfo']['pageid'] = $row['pageid']; $GLOBALS['locationinfo']['moduleid'] = $row['moduleid']; mysqli_free_result($result); return $GLOBALS['locationinfo']['pageid']; } function getPageInfo($pageid) { $sql = "SELECT pages.*, modules.name as module_name FROM pages, modules WHERE pageid=" . $pageid . " AND pages.moduleid = modules.moduleid"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); return $row; } function getModuleName($moduleid) { $sql = "SELECT title FROM modules WHERE moduleid=" . $moduleid; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $moduleName = $row['title']; return $moduleName; } function getModuleID() { $sql = "SELECT pageid, pages.moduleid as moduleid FROM pages,modules WHERE pages.moduleid=modules.moduleid AND modules.name='" . $GLOBALS['locationinfo']['modulename'] . "' AND filename='" . $GLOBALS['locationinfo']['pagename'] . "'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $GLOBALS['locationinfo']['pageid'] = $row['pageid']; $GLOBALS['locationinfo']['moduleid'] = $row['moduleid']; mysqli_free_result($result); return $GLOBALS['locationinfo']['moduleid']; } function logCurrentPage(&$locationinfo) { if ($locationinfo['uid'] > 0) { if (!isset($locationinfo['pageid']) || !isset($locationinfo['moduleid'])) { $locationinfo['pageid'] = getPageID(); $locationinfo['moduleid'] = getModuleID(); } if (isset($locationinfo['pageid']) && isset($locationinfo['moduleid'])) { $prevPercent = percentComplete($locationinfo['moduleid']); $sql = 'INSERT INTO pages_viewed (uid, moduleid, pageid, date_viewed, session_id) VALUES (' . $locationinfo['uid'] . ', ' . $locationinfo['moduleid'] . ', ' . $locationinfo['pageid'] . ', NOW( ), "' . $locationinfo['sid'] . '")'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $sql = "SELECT recentComplete FROM ".$GLOBALS['userstable']." WHERE user_id=" . $locationinfo['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); $row = mysqli_fetch_assoc($result); $recent = $row['recentComplete']; mysqli_free_result($result); //recent can either be 0, 1 or 2 //if 0, check to see if previous was <100 and current is =100, then set to 1 //if 1, automatically set to 2 //if 2, set to 0 //then, if recent is set to 2 and page is homepage of module, redirect to congrats page if ($recent == 1) { $sql = "UPDATE ".$GLOBALS['userstable']." SET recentComplete=2 WHERE user_id=" . $locationinfo['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } } if (($recent == 2) || ($locationinfo['moduleid'] == 3) || ($locationinfo['moduleid'] == 6) || ($locationinfo['moduleid'] == 1)|| ($locationinfo['moduleid'] == 8)) //ss and st are linear and do not need this function { $sql = "UPDATE ".$GLOBALS['userstable']." SET recentComplete=0 WHERE user_id=" . $locationinfo['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } } if ($recent == 0) { $newPercent = percentComplete($locationinfo['moduleid']); if (($newPercent == 100) && ($prevPercent < 100)) { $sql = "UPDATE ".$GLOBALS['userstable']." SET recentComplete=1 WHERE user_id=" . $locationinfo['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } } else { $sql = "UPDATE ".$GLOBALS['userstable']." SET recentComplete=0 WHERE user_id=" . $locationinfo['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } } } } } } function checkRecentComplete(&$locationinfo) { if ($locationinfo['uid'] > 0) { $sql = "SELECT recentComplete FROM ".$GLOBALS['userstable']." WHERE user_id=" . $locationinfo['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); $row = mysqli_fetch_assoc($result); $recent = $row['recentComplete']; mysqli_free_result($result); return $recent; } return 0; } function pageRequiresAuth($modulename, $pagename) { global $mysql; //this method pulls from knowing the module name based on directory... // $sql = "SELECT * FROM modules WHERE name='" . $modulename . "' AND require_login='true'"; //would like to change to pulling from pagename based on module id related to page name in DB... not directory specific $sql = "SELECT pages.moduleid, pages.filename, modules.moduleid, modules.require_login FROM pages, modules WHERE pages.filename='" . $pagename . "' AND pages.moduleid=modules.moduleid AND modules.require_login='true'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); mysqli_free_result($result); if (($numresults == 1) || ($pagename == 'log')) { return true; } else { return false; } } function attemptLogin($user_ip) { $sql = "SELECT user_id, user_active, user_password, user_level, activationCode, signuptime FROM ". $GLOBALS['userstable']." WHERE username='" . $_REQUEST['username'] . "' LIMIT 1"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); $row = mysqli_fetch_assoc($result); $password = $row['user_password']; $active = $row['user_active']; $isadmin = $row['user_level']; $uid = $row['user_id']; $userActivate = $row['activationCode']; $userSignUp = $row['signuptime']; mysqli_free_result($result); if ($numresults == 1) { if (crypt($_REQUEST['password'], $password) == $password || md5($_REQUEST['password']) == $password) { $expired = 0; //check activation code associated with account, and how long user has been signed up //if length exceeds expire time for activation code, disable account and send user error message $sql = "SELECT DATEDIFF(NOW(), '".$userSignUp."') AS DiffDate"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); $row = mysqli_fetch_assoc($result); $dateDiff = $row['DiffDate']; mysqli_free_result($result); $sql = "SELECT expireTime FROM activate WHERE activationCode='" . $userActivate . "' LIMIT 1"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); $row = mysqli_fetch_assoc($result); $activateExpire = $row['expireTime']; mysqli_free_result($result); //echo "Activate: " . $activateExpire; //echo " dateDiff: " . $dateDiff; // if there is an expiration date for activation code, and account is older than expiration, don't allow login! if (($activateExpire != NULL) && ($dateDiff > $activateExpire)) { $expired = 1; //possibly deactivate user account and add user_active checking to login attempt... return 2; } if ($expired == 0) { $GLOBALS['locationinfo']['uid'] = $uid; $_SESSION['user_id'] = $uid; $_SESSION['logged_in'] = TRUE; $sql = "UPDATE ".$GLOBALS['userstable']." SET last_login=NOW() WHERE user_id=" . $uid; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } return 0; } } else { return 1; } } else { return 1; } } function attemptSignup($user_ip) { $generate_form = true; $username = ''; $gender = ''; $age = ''; $ethnicity = ''; $required_fields = $_REQUEST["activate"] != "" && $_REQUEST["username"] != "" && $_REQUEST["password"] != "" && $_REQUEST["password2"] != "" && $_REQUEST["ethnicity"] != "" && $_REQUEST["gender"] != "" && $_REQUEST["age"] != ""; $GLOBALS['activate'] = $_REQUEST["activate"]; $GLOBALS['username'] = $_REQUEST["username"]; $GLOBALS['gender'] = $_REQUEST["gender"]; $GLOBALS['age'] = $_REQUEST["age"]; $GLOBALS['ethnicity'] = $_REQUEST["ethnicity"]; $GLOBALS['participantId'] = $_REQUEST["participantId"]; $activate = $GLOBALS['activate']; $username = $GLOBALS['username']; $gender = $GLOBALS['gender']; $age = $GLOBALS['age']; $ethnicity = $GLOBALS['ethnicity']; $password = $_REQUEST["password"]; $participantId = $GLOBALS['participantId']; if ($required_fields) { if (($_REQUEST["password"] == $_REQUEST["password2"]) && (strlen($_REQUEST["password"]) >= 4)) { if (validCode($_REQUEST['activate'])) // check to see if activation code is valid { //check captcha image code for correctness... $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code'])) { $bad_chars= array("\\", "'", "\""); $good_chars = array("\\\\", "''", "\"\""); //" $sql = "SELECT * FROM ".$GLOBALS['userstable']." WHERE username='" . str_replace($bad_chars, $good_chars, $username) . "'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB:
" . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); mysqli_free_result($result); if ($numresults == 0) { $activate = ($activate == "")?'NULL':"'" . $activate . "'"; $gender = ($gender == "")?'NULL':"'" . $gender . "'"; $age = ($age == "")?'NULL':"'" . $age . "'"; $ethnicity = ($ethnicity == "")?'NULL':"'" . $ethnicity . "'"; $participantId = ($participantId == "") ?'NULL':"'" . $participantId . "'"; $password = md5($_REQUEST["password"]); $sql = "INSERT INTO ".$GLOBALS['userstable']." (username , user_password , gender , age , ethnicity , signuptime, user_level, activationCode, participant_id) VALUES ('" . str_replace($bad_chars, $good_chars, $username) . "', '" . $password . "', " . $gender . ", " . $age . " , " . $ethnicity . " , NOW( ) , 0, " . $activate . "," . $participantId . ")"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB:
" . mysqli_error($GLOBALS['mysql']); exit; } } else { return 2; //username taken } } else { return 4; //reCaptcha is wrong } } else { return 5; //activation code isn't valid } } else { return 3; //passwords are not matching or too short } } else { return 1; //required fields empty } return 0; } //Validate the activation code. function validCode($activeCode) { $sql = "SELECT * FROM activate WHERE activationCode='" . $activeCode . "'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB:
" . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); mysqli_free_result($result); if ($numresults == 0) { return false; } else { return true; } } function attemptStory($user_ip) { $generate_form = true; $copyright = ''; $age = ''; $ethnicity = ''; $occupation = ''; $gender = ''; $a = ''; $b = ''; $c = ''; $d = ''; $e = ''; $f = ''; $g = ''; $h = ''; $i = ''; $j = ''; $k = ''; $l = ''; $m = ''; $n = ''; $o = ''; $p = ''; $q = ''; $required_fields = $_REQUEST["copyright"] != "" && $_REQUEST["age"] != "" && $_REQUEST["ethnicity"] != "" && $_REQUEST["occupation"] != "" && $_REQUEST["gender"] != ""; $copyright = $_REQUEST["copyright"]; $age = $_REQUEST["age"]; $ethnicity = $_REQUEST["ethnicity"]; $occupation = $_REQUEST["occupation"]; $gender = $_REQUEST["gender"]; $a = $_REQUEST["a"]; $b = $_REQUEST["b"]; $c = $_REQUEST["c"]; $d = $_REQUEST["d"]; $e = $_REQUEST["e"]; $f = $_REQUEST["f"]; $g = $_REQUEST["g"]; $h = $_REQUEST["h"]; $i = $_REQUEST["i"]; $j = $_REQUEST["j"]; $k = $_REQUEST["k"]; $l = $_REQUEST["l"]; $m = $_REQUEST["m"]; $n = $_REQUEST["n"]; $o = $_REQUEST["o"]; $p = $_REQUEST["p"]; $q = $_REQUEST["q"]; if ($required_fields) { if ($_REQUEST["copyright"] == "I Agree") { return 0; } else { return 1; //copyright } } else { return 2; //required fields empty } return 0; } function attemptEdit($user_ip) { $generate_form = true; $gender = ''; $age = ''; $ethnicity = ''; $required_fields = $_REQUEST["ethnicity"] != "" && $_REQUEST["gender"] != "" && $_REQUEST["age"] != ""; $GLOBALS['gender'] = $_REQUEST["gender"]; $GLOBALS['age'] = $_REQUEST["age"]; $GLOBALS['ethnicity'] = $_REQUEST["ethnicity"]; $gender = $GLOBALS['gender']; $age = $GLOBALS['age']; $ethnicity = $GLOBALS['ethnicity']; if ($required_fields) { $gender = ($gender == "")?'NULL':"'" . $gender . "'"; $age = ($age == "")?'NULL':"'" . $age . "'"; $ethnicity = ($ethnicity == "")?'NULL':"'" . $ethnicity . "'"; $username = getUserInfo('username'); $sql = 'UPDATE ' . $GLOBALS['userstable'] . ' SET gender=' . $gender . ', age=' . $age . ', ethnicity=' . $ethnicity . ' WHERE user_id=' . $GLOBALS['locationinfo']['uid'] . ' LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB:
" . mysqli_error($GLOBALS['mysql']); exit; } } else { return 1; //required fields empty } return 0; } function cleanUpOldSessions() { $sql = "DELETE FROM sessions WHERE DAYOFYEAR(last_action) != DAYOFYEAR( CURDATE( ) ) "; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } } function generate_progress(&$extra_vars, &$locationinfo, &$TemplateObj, $progress_image='', $page_number='') { $extra_vars['PROGRESS_BAR'] = $progress_image; $extra_vars['PAGE_NUM'] = $page_number; $sql = "SELECT page_num,pages.moduleid,pageid,modSectID FROM pages,modules WHERE modules.name='" . $locationinfo['modulename'] . "' AND pages.moduleid=modules.moduleid AND filename='" . $locationinfo['pagename'] . "'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); if ($numresults == 1) { $row = mysqli_fetch_assoc($result); $locationinfo['moduleid'] = $row['moduleid']; $locationinfo['modSectID'] = $row['modSectID']; // choose to use percentage of module progress per branch $complete = percentBranchProgress($locationinfo, $locationinfo['moduleid'], $locationinfo['modSectID']); // choose to use percentage of module progress // $complete = round_to(percentProgress($locationinfo, $locationinfo['moduleid']), 5); // or choose percentage of module viewed... // $complete = round(percentComplete($locationinfo['moduleid']), 0); // or choose page numbers instead $page = pageBranch($locationinfo, $locationinfo['moduleid'], $locationinfo['modSectID']); $extra_vars['PROGRESS_BAR'] = $complete; $extra_vars['PAGE_NUM'] = $page; } if ($locationinfo['moduleid'] == 1) { $extra_vars['PROGRESS_BAR'] = ''; $extra_vars['PAGE_NUM'] = ''; } if (isset($locationinfo['pagenum']) && ($locationinfo['pagenum'] == 0)) { $extra_vars['PROGRESS_BAR'] = ''; $extra_vars['PAGE_NUM'] = ''; } $TemplateObj->progress_bar($extra_vars['PROGRESS_BAR']); $TemplateObj->page_num($extra_vars['PAGE_NUM']); } function round_to($number, $increments) { $increments = 1 / $increments; return (round($number * $increments) / $increments); } function generate_buttons(&$extra_vars, &$locationinfo, &$TemplateObj, $prev_action='', $next_action='', $main_action='', $mtl_action='') { $extra_vars['PREVIOUS_ACTION'] = $prev_action; $extra_vars['NEXT_ACTION'] = $next_action; $extra_vars['MAIN_ACTION'] = $main_action; $extra_vars['MTL_ACTION'] = $mtl_action; $sql = "SELECT page_num,pages.moduleid,pageid,modSectID FROM pages,modules WHERE modules.name='" . $locationinfo['modulename'] . "' AND pages.moduleid=modules.moduleid AND filename='" . $locationinfo['pagename'] . "'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); if ($numresults == 1) { $row = mysqli_fetch_assoc($result); $locationinfo['pagenum'] = $row['page_num']; $locationinfo['moduleid'] = $row['moduleid']; $locationinfo['pageid'] = $row['pageid']; $locationinfo['modSectID'] = $row['modSectID']; mysqli_free_result($result); if ($extra_vars['PREVIOUS_ACTION'] == '') { $sql = 'select filename from pages where moduleid=' . $locationinfo['moduleid'] . ' and modSectID=' . ($locationinfo['modSectID']) . ' and page_num=' . ($locationinfo['pagenum']-1); $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $locationinfo['previouspage'] = $row['filename']; mysqli_free_result($result); if ($locationinfo['previouspage'] != '') { $extra_vars['PREVIOUS_ACTION'] = '/pages/' . $locationinfo['modulename'] . '/' . $locationinfo['previouspage'] . '.html'; } else { $extra_vars['PREVIOUS_ACTION'] = ''; } } if ($locationinfo['pagenum'] != 0 && $extra_vars['MAIN_ACTION'] == '') { $extra_vars['MAIN_ACTION'] = '/pages/' . $locationinfo['modulename'] . '/' . $locationinfo['modulename'] . '.html'; } if ($extra_vars['MTL_ACTION'] == '') { $extra_vars['MTL_ACTION'] = '/pages/index/log.html'; } if ($extra_vars['NEXT_ACTION'] == '') { $sql = 'SELECT MAX(page_num) as max FROM `pages` WHERE moduleid=' . $locationinfo['moduleid'] . ' and modSectID=' . ($locationinfo['modSectID']); $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $locationinfo['pagesinmodule'] = $row['max']; mysqli_free_result($result); if ($locationinfo['pagenum'] != $locationinfo['pagesinmodule']) { $sql = 'select filename from pages where moduleid=' . $locationinfo['moduleid'] . ' and modSectID=' . ($locationinfo['modSectID']) . ' and page_num=' . ($locationinfo['pagenum']+1); $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $locationinfo['nextpage'] = $row['filename']; mysqli_free_result($result); $extra_vars['NEXT_ACTION'] = '/pages/' . $locationinfo['modulename'] . '/' . $locationinfo['nextpage'] . '.html'; } else { $extra_vars['NEXT_ACTION'] = ''; } } } if ($locationinfo['moduleid'] == 1) { $extra_vars['NEXT_ACTION'] = ''; $extra_vars['MAIN_ACTION'] = ''; $extra_vars['PREVIOUS_ACTION'] = ''; $extra_vars['MTL_ACTION'] = ''; } $TemplateObj->next_button($extra_vars['NEXT_ACTION']); $TemplateObj->previous_button($extra_vars['PREVIOUS_ACTION']); $TemplateObj->main_button($extra_vars['MAIN_ACTION']); $TemplateObj->mtl_button($extra_vars['MTL_ACTION']); } function setNextPage($relativelocation) { $TemplateObj->next_button($relativelocation); } function setPreviousPage($relativelocation) { $TemplateObj->previous_button($relativelocation); } function answerQuestions($locationinfo) { //$string = "\nanswerQuestions\n"; //fwrite($GLOBALS['fh'], $string); $formquestions = array_keys($_REQUEST); //fwrite($GLOBALS['fh'], implode(", ",$formquestions)); $questions = 0; $stquestions = 0; $keys = array(); $stkeys = array(); //$i = 0; foreach ($formquestions as $name) { if (preg_match('/^Question\_/', $name)) { $questions++; array_push($keys, $name); } if (preg_match('/^stQuestion\_/', $name)) { $stquestions++; array_push($stkeys, $name); } } foreach ($keys as $question) { if (is_array($_REQUEST[$question])) { $_REQUEST[$question] = implode('::', $_REQUEST[$question]); } else { $_REQUEST[$question] = implode('::', $_REQUEST[$question]); } $qid = preg_replace('/Question\_(.*)$/', "\${1}", $question); $sql = 'SELECT count(answer) as count from answers where uid=' . $locationinfo['uid'] . ' AND qid=' . $qid; $result = mysqli_query($GLOBALS['mysql'], $sql); $resultString = "\n1 sql: " . $sql; //fwrite($GLOBALS['fh'], $resultString); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); fwrite($GLOBALS['fh'], mysqli_error($GLOBALS['mysql'])."\n"); exit; } $row = mysqli_fetch_assoc($result); //$resultString = "\n1 Result: " . $row; //fwrite($GLOBALS['fh'], $resultString); $numoftimesanswered = $row['count']; mysqli_free_result($result); if ($numoftimesanswered > 0) { //This is the statement which updates when you click next... $sql = "UPDATE answers SET timestamp=NOW(), answer='" . mysqli_real_escape_string($GLOBALS['mysql'],$_REQUEST[$question]) . "' WHERE qid=" . $qid . " AND uid=" . $locationinfo['uid']; } else { $sql = "INSERT INTO answers ( qid, uid, timestamp, answer ) VALUES ( " . $qid . ", " . $locationinfo['uid'] . ", NOW(), '" . mysqli_real_escape_string($GLOBALS['mysql'],$_REQUEST[$question]) . "')"; } $result = mysqli_query($GLOBALS['mysql'], $sql); $resultString = "\n2 sql: " . $sql . "\n2 Result: " . $result; //fwrite($GLOBALS['fh'], $resultString); $GLOBALS['locationinfo']['sql'] = $sql; if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); fwrite($GLOBALS['fh'], mysqli_error($GLOBALS['mysql'])."\n"); exit; } } foreach ($stkeys as $question) { if (is_array($_REQUEST[$question])) { $_REQUEST[$question] = implode('::', $_REQUEST[$question]); } $qid = preg_replace('/stQuestion\_(.*)$/', "\${1}", $question); $sql = "INSERT INTO answers ( qid, uid, timestamp, answer ) VALUES ( " . $qid . ", " . $locationinfo['uid'] . ", NOW(), '" . mysqli_real_escape_string($GLOBALS['mysql'],$_REQUEST[$question]) . "')"; $result = mysqli_query($GLOBALS['mysql'], $sql); $resultString = "\n3 sql: " . $sql . "\n3 Result: " . $result; //fwrite($GLOBALS['fh'], $resultString); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); fwrite($GLOBALS['fh'], mysqli_error($GLOBALS['mysql'])."\n"); exit; } } } function getQuestion($qid) { if (isset($GLOBALS['locationinfo']['questiontext'][$qid])) { return $GLOBALS['locationinfo']['questiontext'][$qid]; } $sql = 'SELECT question from questions WHERE qid=' . $qid; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $question = $row['question']; mysqli_free_result($result); return $question; } function getAnswer($qid, $daysold=-1, $user_id = 0) { if ($user_id == 0) $user_id = $GLOBALS['locationinfo']['uid']; $answer=""; if (!isset($user_id)) { return $answer; } if (!isset($GLOBALS['locationinfo']['answers'])) { //this is normal... $GLOBALS['locationinfo']['answers'] = array(); } if (isset($GLOBALS['locationinfo']['answers'][$qid])) { return $GLOBALS['locationinfo']['answers'][$qid]; } $sql = 'SELECT answer,timestamp, DAYOFYEAR(NOW()) as now, DAYOFYEAR(timestamp) as time, (DAYOFYEAR(NOW())-DAYOFYEAR(timestamp)) as diff from answers WHERE qid=' . $qid . ' AND uid=' . $user_id . ' order by timestamp desc limit 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); $resultString = "\n4 sql: " . $sql; //fwrite($GLOBALS['fh'], $resultString); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); fwrite($GLOBALS['fh'], mysqli_error($GLOBALS['mysql'])."\n"); exit; } $row = mysqli_fetch_assoc($result); //$resultString = "\n4 Result: " . $row; //fwrite($GLOBALS['fh'], $resultString); $answer = $row['answer']; $timesince = abs($row['diff']); $timestamp = $row['timestamp']; $time = $row['time']; $now = $row['now']; mysqli_free_result($result); if (preg_match('/.*::.*/', $answer)) { $answer = explode('::', $answer); } if ($daysold > 0 && $timesince > $daysold) { $answer = ""; } $GLOBALS['locationinfo']['answers'][$qid] = $answer; return $answer; } function getAllAnswers($qid) { $answer=""; if (!isset($GLOBALS['locationinfo']['answers'])) { $GLOBALS['locationinfo']['answers'] = array(""); } if (isset($GLOBALS['locationinfo']['answers'][$qid . 'a'])) { return $GLOBALS['locationinfo']['answers'][$qid . 'a']; } $sql = 'SELECT answer from answers WHERE qid=' . $qid . ' AND uid=' . $GLOBALS['locationinfo']['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $answerarray = array(); while ($row = mysqli_fetch_assoc($result)) { if (preg_match('/.*::.*/', $answer)) { array_push($answerarray, explode('::', $answer)); } else { array_push($answerarray, $row['answer']); } } mysqli_free_result($result); $GLOBALS['locationinfo']['answers'][$qid . 'a'] = $answerarray; return $answerarray; } function getTitle() { if (isset($GLOBALS['locationinfo']['pageid'])) { $sql = 'SELECT title from pages where pageid=' . $GLOBALS['locationinfo']['pageid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $title = $row['title']; mysqli_free_result($result); return $title; } else { if($GLOBALS['locationinfo']['page'] == '/pages/index/404.html') { return "Page Not Found"; } else { return ''; } } } function doLogout() { if (isset($_SESSION['logged_in']) && $_SESSION['logged_in']) { session_destroy(); return true; } else { return false; } } function setAnswer($qid, $answer) { //$string = "\nsetAnswer\n"; //fwrite($GLOBALS['fh'], $string); $sql = 'SELECT answerid from answers WHERE qid=' . $qid . ' AND uid=' . $GLOBALS['locationinfo']['uid'] . ' order by timestamp desc limit 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); //$resultString = "\n5 sql: " . $sql . "\n5 Result: " . $result; //fwrite($GLOBALS['fh'], $resultString); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); fwrite($GLOBALS['fh'], mysqli_error($GLOBALS['mysql'])."\n"); exit; } $row = mysqli_fetch_assoc($result); $aid = $row['answerid']; mysqli_free_result($result); if ($aid == '') { $sql = "INSERT INTO answers ( qid, uid, timestamp, answer ) VALUES ( " . $qid . ", " . $GLOBALS['locationinfo']['uid'] . ", NOW(), '" . mysqli_real_escape_string($GLOBALS['mysql'],$answer) . "')"; } else { $sql = "UPDATE answers SET answer='" . mysqli_real_escape_string($GLOBALS['mysql'],$answer) . "' WHERE answerid=" . $aid . " AND uid=" . $GLOBALS['locationinfo']['uid'] . " AND qid=" . $qid; } $result = mysqli_query($GLOBALS['mysql'], $sql); $resultString = "\n6 sql: " . $sql . "\n6 Result: " . $result; //fwrite($GLOBALS['fh'], $resultString); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); fwrite($GLOBALS['fh'], mysqli_error($GLOBALS['mysql'])."\n"); exit; } } function checkSelfTest(&$locationinfo) { $sql = 'SELECT last_assessment, (DAYOFYEAR(NOW())-DAYOFYEAR(last_assessment)) as diff FROM '.$GLOBALS['userstable'].' where user_id=' . $locationinfo['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $last = $row['last_assessment']; $timesince = abs($row['diff']); mysqli_free_result($result); $locationinfo['lastassessment'] = $last; if ($last == 0) { $locationinfo['selftesttype'] = 'initial'; $SelfTestType = 'initial'; } else if ($timesince > 7) { $locationinfo['selftesttype'] = 'weekly'; $SelfTestType = 'weekly'; } else { $locationinfo['selftesttype'] = 'none'; $SelfTestType = 'none'; } } function checkSelfTestType () { if (isset($GLOBALS['locationinfo']['uid'])) { $sql = 'SELECT last_assessment, (DAYOFYEAR(NOW())-DAYOFYEAR(last_assessment)) as diff FROM '.$GLOBALS['userstable'].' where user_id=' . $GLOBALS['locationinfo']['uid']; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $last = $row['last_assessment']; $timesince = abs($row['diff']); mysqli_free_result($result); $locationinfo['lastassessment'] = $last; if ($last == 0) { $locationinfo['selftesttype'] = 'initial'; $SelfTestType = 'initial'; } else if ($timesince > 7) { $locationinfo['selftesttype'] = 'weekly'; $SelfTestType = 'weekly'; } else { $locationinfo['selftesttype'] = 'none'; $SelfTestType = 'none'; } } else { $SelfTestType = 'none'; } return $SelfTestType; } //used for order of modules viewed on dashboard function orderViewed($user_id = 0) { if ($user_id == 0) $user_id = $GLOBALS['locationinfo']['uid']; for ($i = 2; $i <= 7; $i++) { $sql = 'SELECT MIN(date_viewed) as date FROM pages_viewed WHERE moduleid=' . $i . ' AND uid=' . $user_id; // Number of pages viewed in module $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); //if (!$row['date']) { // $row['date'] = "9999-99-99 99:99:99"; //} $viewed[$i] = $row['date']; mysqli_free_result($result); } arsort($viewed); return $viewed; } //used for total progress on travel log page function percentComplete($moduleid, $user_id = 0) { if ($user_id == 0) $user_id = $GLOBALS['locationinfo']['uid']; $sql = 'SELECT COUNT(DISTINCT pageid) as pages_viewed FROM pages_viewed WHERE moduleid=' . $moduleid . ' AND uid=' . $user_id; // Number of pages viewed in module $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $viewed = $row['pages_viewed']; mysqli_free_result($result); $sql = 'SELECT COUNT(pageid) as total_pages FROM pages WHERE moduleid=' . $moduleid; // Number of pages in module $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $total = $row['total_pages']; mysqli_free_result($result); if ($total > 0) { $percent = ($viewed/$total) * 100; } else { $percent = 0; } if ($percent > 100) { return 100; } else { return round($percent); } } //used for percentage of module progress per branch function percentBranchProgress(&$locationinfo, $moduleid, $moduleSectID) { $sql = 'SELECT COUNT(pageid) as total_pages2 FROM pages WHERE moduleid=' . $moduleid . ' and modSectID=' . $moduleSectID; // Number of pages in module $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $total = $row['total_pages2']; mysqli_free_result($result); $current = $locationinfo['pagenum']+1; $complete = round(($current/$total)*100); if ($complete > 100) { return 100; } else { return round($complete); } } //used for page numbers function pageBranch(&$locationinfo, $moduleid, $moduleSectID) { $sql = 'SELECT COUNT(pageid) as total_pages2, MIN(page_num) as minPage, MAX(page_num) as maxPage FROM pages WHERE moduleid=' . $moduleid . ' and modSectID=' . $moduleSectID; // Number of pages in module $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $total = $row['total_pages2']; $min = $row['minPage']; $max = $row['maxPage']; mysqli_free_result($result); $current = ($locationinfo['pagenum']+1) - $min; if ($total > 1) { $page = 'Page ' . $current . ' of ' . $total; } else { $page = ''; } $locationinfo['totalPages'] = $total; return $page; } //used for percentage of module progress function percentProgress(&$locationinfo, $moduleid) { $sql = 'SELECT COUNT(pageid) as total_pages2 FROM pages WHERE moduleid=' . getModuleID(); // Number of pages in module $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $total = $row['total_pages2']; mysqli_free_result($result); $current = $locationinfo['pagenum']+1; $complete = round(($current/$total)*100); if ($complete > 100) { return 100; } else { return round($complete); } } function recordError($errorCode, $page, $ip, $method) { $sql = "INSERT INTO errors ( ErrorCode, page, ip, method, timestamp ) VALUES ( " . $errorCode . ", '" . $page . "', '" . $ip . "', '" . $method . "', NOW())"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } } function getLastPageViewed($modid = 0) { if ($modid == 0) { $sql = 'SELECT name as modulename,filename FROM pages_viewed JOIN (pages INNER JOIN modules) ON (pages_viewed.pageid=pages.pageid AND pages.moduleid=modules.moduleid) WHERE uid=' . $GLOBALS['locationinfo']['uid'] . ' and (modules.moduleid=2 or modules.moduleid=3 or modules.moduleid=4 or modules.moduleid=5 or modules.moduleid=6 or modules.moduleid=7 or modules.moduleid=8) order by date_viewed desc limit 1'; } else { $sql = 'SELECT name as modulename,filename FROM pages_viewed JOIN (pages INNER JOIN modules) ON (pages_viewed.pageid=pages.pageid AND pages.moduleid=modules.moduleid) WHERE uid=' . $GLOBALS['locationinfo']['uid'] . ' and modules.moduleid=' . $modid . ' order by date_viewed desc limit 1'; } $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $modulename = $row['modulename']; $filename = $row['filename']; mysqli_free_result($result); if ($modulename == '') { $sql = 'SELECT name FROM modules WHERE moduleid=' . $modid; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $modulename = $row['name']; $filename = $modulename; mysqli_free_result($result); } if ($modulename == '' || $filename == '') { return -1; } else { return "/pages/" . $modulename . "/" . $filename . ".html"; } } /** * Return an array with tow values: boolean and string * * @author Laurentiu Tanase' . $row['feedback'] . '
'; break; } } mysqli_free_result($result); return $feedback; } function getImage($pageid=-1, $position=1) { $image = array(); if ($pageid == -1) { $pageid = $GLOBALS['locationinfo']['pageid']; } if((getUserInfo('gender') != "male") && (getUserInfo('gender') != "female")) { $gender = "female"; } else { $gender = getUserInfo('gender'); } if((getUserInfo('age') != "18-25") && (getUserInfo('age') != "26-40") && (getUserInfo('age') != "41-55") && (getUserInfo('age') != "56-70") && (getUserInfo('age') != "71+")) { $age = "41-55"; } else { $age = getUserInfo('age'); } if((getUserInfo('ethnicity') != "indianOrAlska") && (getUserInfo('ethnicity') != "asianOrPacific") && (getUserInfo('ethnicity') != "Black") && (getUserInfo('ethnicity') != "hispanic") && (getUserInfo('ethnicity') != "White")) { $ethnicity = "hispanic"; } else { $ethnicity = getUserInfo('ethnicity'); } //Find file based on user demographic $sql = "select * from images where pageid=" . $pageid . " and gender = '" . $gender . "' and age LIKE '%" . $age . "%' and ethnicity LIKE '%" . $ethnicity . "%' and position='" . $position . "'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_array($result); $num_results = mysqli_num_rows($result); if ($num_results > 0){ //File is found $image['filename'] = $row['filename']; $image['orientation'] = $row['orientation']; } else { //No file found. Find default instead $sql2 = "select * from images where pageid=" . $pageid . " and position='" . $position . "' and fallback=1"; $result2 = mysqli_query($GLOBALS['mysql'], $sql2); if (!$result2) { echo "Could not successfully run query ($sql2) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row2 = mysqli_fetch_array($result2); $image['filename'] = $row2['filename']; $image['orientation'] = $row2['orientation']; } if ($image['filename'] == "") { //No default file was found. $image['filename'] = "/images/index/questionmark.jpg"; $image['orientation'] = "p"; } else { $image_dir = "/../images/".$GLOBALS['locationinfo']['modulename']."/"; $image['filename'] = $image_dir.$image['filename']; } if ($image['orientation'] == 'p') { $image['width'] = '250'; } else { $image['width'] = '400'; } return $image; } function getVideo($sequence="1") { $pageid = $GLOBALS['locationinfo']['pageid']; $age = getUserInfo('age'); if ($age == "18-25" || $age == "26-40"){ $qage = 'Young'; } elseif ( $age == "41-55"){ $qage = 'Middle'; } elseif ( $age == "56-70" or $age == "70+"){ $qage = 'Old'; } else{ $qage = 'Middle'; } $result = ''; $sql = "select video_name from videos where page_id=" . $pageid . " and gender='" . getUserInfo('gender') . "' and age='" . $qage . "' and ethnicity='" . getUserInfo('ethnicity') . "' and sequence='". $sequence ."'"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $video = ''; while ($row = mysqli_fetch_assoc($result)) { $video .= $row['video_name']; } mysqli_free_result($result); return $video; } function getCustomContent($pageid = "", $content_name = "") { if ($pageid != "") { $sql = "SELECT * FROM custom_content WHERE pageid='".$pageid."'"; } elseif ($content_name != "") { $sql = "SELECT * FROM custom_content WHERE name='".$content_name."'"; } else { $sql = "SELECT * FROM custom_content ORDER BY id"; } $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $content = array(); while ($row = mysqli_fetch_assoc($result)) { if ($row['type'] == 'array') { /* * If type is array, that means the content was saved imploded by comma. * * I.E. Professional Hotline info: name,phone * Helpful Contact info: name,phone,description,website * * Data handling: explode by comma, assume ordering is correct * */ $row['content'] = explode("," , $row['content']); } $row['content'] = nl2br($row['content']); $name = $row['name']; $content[$name] = $row; } mysqli_free_result($result); return $content; } function getQidsByPage($pageid = 0) { $qids = array(); if (!isset($GLOBALS['locationinfo']['questiontext'])) { $GLOBALS['locationinfo']['questiontext'] = array(); } if ($pageid == 0) { $pageid = $GLOBALS['locationinfo']['pageid']; } $sql = 'select qid,question from questions where pageid=' . $pageid . ' order by qid asc'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } while ($row = mysqli_fetch_assoc($result)) { array_push($qids, $row['qid']); $GLOBALS['locationinfo']['questiontext'][$row['qid']] = $row['question']; } mysqli_free_result($result); return $qids; } function getLatestPTSDScore() { if (!isset($GLOBALS['locationinfo']['ptsdlatest'])) { $sql = 'SELECT DATE_FORMAT( timestamp, "%Y-%m-%e" ) AS timestamp, timestamp AS date, AVG(answer)*17 AS answer FROM answers WHERE uid = ' . $GLOBALS['locationinfo']['uid'] . ' AND qid >=234 AND qid <=250 GROUP BY timestamp ORDER BY date DESC LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); if ($numresults > 0) { $row = mysqli_fetch_assoc($result); $GLOBALS['locationinfo']['ptsdlatesttimestamp'] = $row['timestamp']; if ($row['answer'] > 90) { $GLOBALS['locationinfo']['ptsdlatest'] = 90; } else { $GLOBALS['locationinfo']['ptsdlatest'] = $row['answer']; } } else { $GLOBALS['locationinfo']['ptsdlatest'] = -1; } mysqli_free_result($result); // Check to make sure nobody skipped questions $sql = 'SELECT DATE_FORMAT( timestamp, "%Y-%m-%e" ) AS timestamp, timestamp AS date, SUM( answer ) AS answer FROM answers WHERE uid = ' . $GLOBALS['locationinfo']['uid'] . ' AND qid >=234 AND qid <=250 AND answer < 0 AND timestamp=' . "'" . $GLOBALS['locationinfo']['ptsdlatesttimestamp'] . "'" . ' GROUP BY timestamp ORDER BY date DESC LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); mysqli_free_result($result); if ($numresults > 0) { $GLOBALS['locationinfo']['ptsdlatest'] = -1; return $GLOBALS['locationinfo']['ptsdlatest']; } } return $GLOBALS['locationinfo']['ptsdlatest']; } function getLatestConfScore () { if (!isset($GLOBALS['locationinfo']['conflatest'])) { $sql = 'SELECT timestamp AS date, DATE_FORMAT( timestamp, "%Y-%m-%e" ) AS timestamp, AVG(answer)*10 AS answer FROM answers WHERE uid ='.$GLOBALS['locationinfo']['uid'].' AND qid >=261 AND qid <=270 GROUP BY timestamp ORDER BY date DESC LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); if ($numresults > 0) { $row = mysqli_fetch_assoc($result); $GLOBALS['locationinfo']['conflatest'] = $row['answer']; $GLOBALS['locationinfo']['conflatesttimestamp'] = $row['timestamp']; } else { $GLOBALS['locationinfo']['conflatest'] = -1; } mysqli_free_result($result); // Check for skipped questions $sql = 'SELECT timestamp AS date, DATE_FORMAT( timestamp, "%Y-%m-%e" ) AS timestamp, AVG(answer)*10 AS answer FROM answers WHERE uid ='.$GLOBALS['locationinfo']['uid'].' AND qid >=261 AND qid <=270 AND answer < 0 AND timestamp=' . "'" . $GLOBALS['locationinfo']['conflatesttimestamp'] . "'" . ' GROUP BY timestamp ORDER BY date DESC LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); $numresults = mysqli_num_rows($result); mysqli_free_result($result); if ($numresults > 0) { $GLOBALS['locationinfo']['conflatest'] = -1; return $GLOBALS['locationinfo']['conflatest']; } } return $GLOBALS['locationinfo']['conflatest']; } function getLatestSocialScore () { if (!isset($GLOBALS['locationinfo']['sociallatest'])) { $sql = 'SELECT timestamp AS date, DATE_FORMAT( timestamp, "%Y-%m-%e" ) AS timestamp, AVG(answer)*7 AS answer FROM answers WHERE uid ='.$GLOBALS['locationinfo']['uid'].' AND qid >=279 AND qid <=285 GROUP BY timestamp ORDER BY date DESC LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); if ($numresults > 0) { $row = mysqli_fetch_assoc($result); $GLOBALS['locationinfo']['sociallatest'] = $row['answer']; $GLOBALS['locationinfo']['sociallatesttimestamp'] = $row['timestamp']; } else { $GLOBALS['locationinfo']['sociallatest'] = -1; } mysqli_free_result($result); // Check for skipped questions $sql = 'SELECT timestamp AS date, DATE_FORMAT( timestamp, "%Y-%m-%e" ) AS timestamp, AVG(answer)*7 AS answer FROM answers WHERE uid ='.$GLOBALS['locationinfo']['uid'].' AND qid >=279 AND qid <=285 AND answer < 0 AND timestamp=' . "'" . $GLOBALS['locationinfo']['sociallatesttimestamp'] . "'" . ' GROUP BY timestamp ORDER BY date DESC LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); $numresults = mysqli_num_rows($result); mysqli_free_result($result); if ($numresults > 0) { $GLOBALS['locationinfo']['sociallatest'] = -1; return $GLOBALS['locationinfo']['sociallatest']; } } return $GLOBALS['locationinfo']['sociallatest']; } function getLatestDepressionScore () { if (!isset($GLOBALS['locationinfo']['depressionlatest'])) { $sql = 'SELECT timestamp AS date, DATE_FORMAT( timestamp, "%Y-%m-%e" ) AS timestamp, AVG(answer)*8 AS answer FROM answers WHERE uid ='.$GLOBALS['locationinfo']['uid'].' AND qid >=271 AND qid <=278 GROUP BY timestamp ORDER BY date DESC LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $numresults = mysqli_num_rows($result); if ($numresults > 0) { $row = mysqli_fetch_assoc($result); $GLOBALS['locationinfo']['depressionlatest'] = $row['answer']; $GLOBALS['locationinfo']['depressionlatesttimestamp'] = $row['timestamp']; } else { $GLOBALS['locationinfo']['depressionlatest'] = -1; } mysqli_free_result($result); // Check for skipped questions $sql = 'SELECT timestamp AS date, DATE_FORMAT( timestamp, "%Y-%m-%e" ) AS timestamp, AVG(answer)*8 AS answer FROM answers WHERE uid ='.$GLOBALS['locationinfo']['uid'].' AND qid >=271 AND qid <=278 AND answer < 0 AND timestamp=' . "'" . $GLOBALS['locationinfo']['depressionlatesttimestamp'] . "'" . ' GROUP BY timestamp ORDER BY date DESC LIMIT 1'; $result = mysqli_query($GLOBALS['mysql'], $sql); $numresults = mysqli_num_rows($result); mysqli_free_result($result); if ($numresults > 0) { $GLOBALS['locationinfo']['depressionlatest'] = -1; return $GLOBALS['locationinfo']['depressionlatest']; } } return $GLOBALS['locationinfo']['depressionlatest']; } function getConfGraph($uid) { $graph = array(9, 13); return $graph; } function getUserInfo($field, $user_id = 0) { if ($user_id == 0) $user_id = $GLOBALS['locationinfo']['uid']; if ($field != "user_password") { $sql = "SELECT " . $field . " FROM ". $GLOBALS['userstable']." WHERE user_id='" . $user_id . "' LIMIT 1"; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); $GLOBALS['locationinfo'][$field] = $row[$field]; mysqli_free_result($result); } return $GLOBALS['locationinfo'][$field]; } function getClinicianData ($search_type, $cid, $level) { if ($level < 1) { return false; } if ($search_type == "codes") { //list of access codes for clinician $sql = 'SELECT activate.activeID, UCASE(activate.activationCode) as activate FROM activate LEFT JOIN client_association on activate.activeID = client_association.activate_id WHERE client_association.user_id = ' . $cid . ' ORDER BY activate'; } elseif ($search_type == "users") { // list of clinicians for access code $sql = 'SELECT users.user_id, users.username, UCASE(activate.activationCode) as activate , users.participant_id as participantId FROM users, activate LEFT JOIN client_association on activate.activeID = client_association.activate_id WHERE activate.activeID = ' . $cid . ' AND users.user_id = client_association.user_id ORDER BY activate'; } elseif ($search_type == "clinician") { //from clinician dashboard, activation codes and users $sql = 'SELECT users.user_id, users.username, DATE_FORMAT(last_login, "%b %d %Y %h:%i %p") as last_access, UCASE(activate.activationCode) as activate , users.participant_id as participantId FROM users, activate LEFT JOIN client_association on activate.activeID = client_association.activate_id WHERE UCASE(activate.activationCode) = UCASE(users.activationCode) AND client_association.user_id = ' . $cid . ' ORDER BY activate, username'; } elseif ($search_type == "specificUser") { $sql = 'SELECT users.user_id, users.username, DATE_FORMAT(last_login, "%b %d %Y %h:%i %p") as last_access, UCASE(activate.activationCode) as activate,users.participant_id as participantId, IF(last_assessment != "0000-00-00 00:00:00",1,0) as assessment, DATE_FORMAT(last_assessment, "%b %d %Y %h:%i %p") as last_assessment FROM users, activate LEFT JOIN client_association on activate.activeID = client_association.activate_id WHERE UCASE(activate.activationCode) = UCASE(users.activationCode) AND client_association.user_id = ' . $GLOBALS['locationinfo']['uid'] . ' AND users.user_id = ' . $cid; } $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $items = array(); while ($row = mysqli_fetch_assoc($result)) { $items[] = $row; } mysqli_free_result($result); return $items; } function getClinicianAdminData ($search_type, $id, $level) { if ($level < 2) { return false; } $sql = ""; if ($search_type == "codeList") { $sql = 'SELECT activeID, UCASE(activationCode) as activate FROM activate ORDER BY activate'; } elseif ($search_type == "userList") { $sql = 'SELECT user_id, username, user_level FROM users WHERE user_level = 0 ORDER BY user_level, username'; } elseif ($search_type == "clinicianList") { $sql = 'SELECT user_id, username, user_level FROM users WHERE user_level in ( 1,2) ORDER BY user_level, username'; } elseif ($search_type == "code") { $sql = 'SELECT * FROM activate WHERE activeID = ' . $id; } elseif ($search_type == "user") { $sql = 'SELECT * FROM users WHERE user_id = ' . $id; } if ($sql != "") { $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $items = array(); while ($row = mysqli_fetch_assoc($result)) { $items[] = $row; } mysqli_free_result($result); return $items; } else { return false; } } function hasClinician($activation) { // to check if user has a clinician assigned to them $sql = 'SELECT COUNT(*) as clinicians FROM client_association JOIN activate on UCASE(activate.activationCode) = UCASE("'.$activation.'") WHERE activate.activeID = client_association.activate_id'; $result = mysqli_query($GLOBALS['mysql'], $sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $row = mysqli_fetch_assoc($result); mysqli_free_result($result); if ($row['clinicians'] > 0) { return true; } else { return false; } } function getPagesViewed($user_id, $module_id = 0, $date = '0000-00-00') { $moduleSearch = ""; $dateSearch = ""; $group_by = ""; if (isset($module_id) && is_numeric($module_id) && ($module_id != 0)) { $moduleSearch = " AND moduleid=".$module_id; } if (isset($date) && validateDate($date) && ($date != '0000-00-00')) { $dateSearch = " AND DATE(date_viewed)='".$date."'"; } if (isset($module_id) && ($module_id == "list")) { $group_by = " GROUP BY moduleid"; } elseif (isset($date) && ($date == "list")) { $group_by = " GROUP BY DATE(date_viewed)"; } // to check if user has a clinician assigned to them $sql = 'SELECT * FROM pages_viewed WHERE uid='.$user_id.$moduleSearch.$dateSearch.$group_by." ORDER BY date_viewed"; $result = mysqli_query($GLOBALS['mysql'], $sql); //echo $sql; if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysqli_error($GLOBALS['mysql']); exit; } $items = array(); while ($row = mysqli_fetch_assoc($result)) { $items[] = $row; } mysqli_free_result($result); return $items; } function validateDate($date) { $t = strtotime($date); $d = date('Y-m-d', $t); return $d && $d == $date; } ?>