<?php
//*Client Data System, Copyright (C) 2000, 2001, 2002 Tedd Kelleher. This is free software, subject to the
//*GNU GENERAL PUBLIC LICENSE, Version 2, June 1991 (in file named gpl.txt), which should accompany
//*any distribution of this file. Tedd Kelleher can be contacted at hide@address.com
class Insert_client_report
{
var $report_id;
function insert_client_report_answers (
$report_type,
$client_id,
$questions_attributes,
$vetted_value,
$share_answer,
$edit_report_id='',
$report_dates='' )
{
GLOBAL $org_id, $user_id, $unix_date, $unique_seq, $message, $message_type;
//echo 'Vetted values in client form OOOOOOOOOOOOOOOOOOOOOO<br/> ';
//var_dump ( $vetted_value );
//echo '<p>';
//If they are editing a report, check to see they are from the same organization that owns the report
/*
if ( $edit_report_id ) {
if (is_allowed_to_edit_client_report ($edit_report_id, $org_id) == 0) {
echo "Illegal attempt to submit edited form"; exit;
}
}
*/
//echo "Inside insert class, edit report id is". $edit_report_id."<p>";
if ( $edit_report_id ) {
//Function from reports_class.inc
//echo "$perms = report_permissions_client ( $edit_report_id, $org_id, $user_id );";
$perms = report_permissions_client ( $edit_report_id, $org_id, $user_id );
if ( $perms['edit_rpt'] != 1 )
{
echo "Illegal attempt to submit edited form"; exit;
}
}
$client_id += 0;
$report_type = addslashes($report_type);
$clnt_count = count ($client_info);
//Setup the report date insertions, default to current day if no dates are supplied
if ( $report_dates ) {
$begin_date = $report_dates['begin'];
$end_date = $report_dates['end'];
}
else {
$begin_date = $unix_date;
$end_date = $unix_date;
}
//Convert dates into their encrypted date equivalent
$begin_date = date_encrypted_find_index_unix_time ( $begin_date );
if ($end_date) {
$end_date = date_encrypted_find_index_unix_time ( $end_date );
$end_date = "'".$end_date."'";
}
else {
$end_date = 'NULL';
}
$en = new Encryption ();
$unix_date_encrypted = addslashes ( $en->encrypt_data ( $unix_date ) );
transaction_begin ( 'Trans begin for insert client report answers' );
$sqla = "
INSERT
INTO client_rpt_profile (
client_rpt_id,
client_id,
report_type,
report_org_id,
report_user_id,
report_timestamp,
report_date_beginc,
report_date_endc,
client_rpt_sharing_permission
)
VALUES (
'0',
'".$client_id."',
'".$report_type."',
'".$org_id."',
'".$user_id."',
'".$unix_date_encrypted."',
'".$begin_date."',
".$end_date.",
'".$share_answer."'
)";
//echo $sqla."<p/>";
run_query ( $sqla, 'Insert report profileYYY' );
$sqlb = "
SELECT clnt_rpt_rowid FROM client_rpt_profile
WHERE report_user_id = '".$user_id."'
AND client_id = '".$client_id."'
AND report_timestamp LIKE '".$unix_date_encrypted."' ";
//echo $sqlb."<p/>";
$report_id_result = run_query ($sqlb, "Insert report ProfileB");
$this->report_id = fetch_result($report_id_result, "Extract report ID");
$sqlc = "UPDATE client_rpt_profile SET client_rpt_id='".$this->report_id."'
WHERE clnt_rpt_rowid = '".$this->report_id."'";
//echo $sqlc."<p/>";
run_query ($sqlc, "Insert report ProfileC");
//If we are editing a report, depreciate the old report
if ($edit_report_id) {
//Make sure the report id is a number
if( ereg("[^0-9]", $edit_report_id) ) {
echo "Non numeric client report id."; exit;
}
//Find the newest client report in the string, and depreciate that
$newest_rpt_id = $this->find_newest_report_in_series ($edit_report_id);
$sqld = "UPDATE client_rpt_profile SET succeeded_by='".$this->report_id."' WHERE client_rpt_id = '".$newest_rpt_id."'";
//echo $sqld."<p/>";
run_query ($sqld, "Insert report ProfileC");
$message = "Successfully submitted edited client form(s). ";
log_report_activity ( $user_id, 'client', $this->report_id, 'edit_client_rpt' );
// A HORRIBLE hack to put back in these questions and answers.
// We need to just remove identifier questions from forms.
$sqle = "UPDATE client_rpt_answers SET client_rpt_id = '".$this->report_id."' WHERE client_rpt_id = '".$newest_rpt_id."' AND client_rpt_question_id = '98' OR client_rpt_id = '".$newest_rpt_id."' AND client_rpt_question_id = '100' OR client_rpt_id = '".$newest_rpt_id."' AND client_rpt_question_id = '101'";
run_query ($sqle, "Update identifier questions");
}
else {
$message = "Successfully submitted new client form(s). ";
log_report_activity ( $user_id, 'client', $this->report_id, 'create_client_rpt' );
}
$message_type = "ok";
//From encryption_class.inc
$en = new Encryption();
//Loop through the questions set
//"raw_quest_id" still has the form number identifier "101_2", whcih gets changed to "101"
//var_dump ( $questions_attributes );
foreach ( $questions_attributes AS $raw_quest_id => $current_question ) {
//echo "In for each loop ".$report_type.' - '. $current_question['question_type']."<p>";
//If a special modified question, take out the "-"....
if ( strstr ( $raw_quest_id, "_" ) )
{
$location = strrpos($raw_quest_id, "_");
$question_id = substr($raw_quest_id, 0, $location);
}
//...or leaveit alone if there is no "-"
else
{
$question_id = $raw_quest_id;
}
//echo "question ID is: ".$question_id."<p>";
//If the answer is an array (i.e., checkboxes or table) loop through array...
if(is_array($vetted_value[$raw_quest_id])) {
//echo "Array Answers: ".$question_id."<br>";
switch ( $current_question['question_type'] ) {
case 'checkboxes':
foreach($vetted_value[$raw_quest_id] AS $array_answer)
{
//echo $array_answer."<br>";
if ( $array_answer )
{
if ( $current_question['question_encrypted'] == 1 )
{
$array_answer = addslashes( $en->encrypt_data( $array_answer ) );
}
$sql = "INSERT INTO client_rpt_answers (client_rpt_id, client_rpt_question_id, client_rpt_answer) VALUES
('".$this->report_id."', '".$question_id."', '".$array_answer."')";
//echo $sql."<p/>";
run_query ( $sql, 'Insert array report answer' );
}
}
break;
case 'table':
foreach ( $vetted_value[$raw_quest_id] AS $x_key => $y_array )
{
foreach ($y_array AS $y_key => $table_answer)
{
$sql = "INSERT INTO client_rpt_answers (client_rpt_id, client_rpt_question_id,
axis_x, axis_y, client_rpt_answer_int)
VALUES ('".$this->report_id."', '".$question_id."', '".$x_key."', '".$y_key."', '".$table_answer."')";
run_query ( $sql, 'Insert array report answer' );
//echo $sql."<br/>";
}
}
break;
default:
echo "No question type defined in client_report_entry_class.inc";
}
}
///...insert non-array answers
else {
if ( $vetted_value[$raw_quest_id] ) {
//Actually insert the report answers
if ( $current_question['question_encrypted'] == 1 ) {
$vetted_value[$question_id] = $en->encrypt_data( $vetted_value[$question_id] );
}
$vetted_value[$raw_quest_id] = addslashes($vetted_value[$raw_quest_id]);
//echo "Current question type is: ".$current_question["question_type"]."<br/>";
if ( $current_question['question_type'] == 'number' || $current_question['question_type'] == 'date' ) {
//If a non answer option as indicated by a "#", insert into text field
if ( strstr ( $vetted_value[$raw_quest_id], '#' ) ) {
$insert_field = 'client_rpt_answer';
}
else {
$insert_field = 'client_rpt_answer_int';
}
}
elseif ( $current_question['question_type'] == 'textarea' ) {
$text_ans = $vetted_value[$raw_quest_id];
$vetted_value[$raw_quest_id] = md5 ( $vetted_value[$raw_quest_id].$user_id.$unix_date );
$sqlta = "
INSERT INTO textarea_answers ( textarea_answer, textarea_unique )
VALUES ( '".$text_ans."', '".$vetted_value[$raw_quest_id]."' )
";
run_query ( $sqlta, 'Insert tx ans c' );
$insert_field = 'client_rpt_answer';
}
else {
$insert_field = 'client_rpt_answer';
}
//echo "Question #: ".$question_id." Answer: ".$vetted_value[$question_id]."<br>";
$sql = "INSERT INTO client_rpt_answers (client_rpt_id, client_rpt_question_id, ".$insert_field.") VALUES
('".$this->report_id."', '".$question_id."', '".$vetted_value[$raw_quest_id]."')";
//echo $sql."<p>";
run_query ($sql, 'Insert report answer');
}
}
}
transaction_commit ( 'Trans commit for insert_client_report_answers' );
return $this->report_id;
}
//Depreciated
function pull_report_id_of_existing_client_profile ($client_id, $org_id) {
$client_id += 0;
$sql = "SELECT client_rpt_id FROM client_rpt_profile WHERE client_id = '".$client_id."' AND report_org_id = '".$org_id."'
AND report_type LIKE 'client_profile' AND succeeded_by IS NULL";
$array = run_query_return_single_row ($sql, "Fetching exisitng client profile id");
//echo "Report id to replace is: ".$array["client_rpt_id"]."<p>";
return $array["client_rpt_id"];
}
function find_newest_report_in_series ($edit_rpt) {
$newer_report_id = $edit_rpt;
while ( $newer_report_id > 0 ) {
$sql = "SELECT succeeded_by FROM client_rpt_profile WHERE client_rpt_id = '".$newer_report_id."'";
$w = run_query ($sql, "Finding old reports");
$row_count = num_rows( $w );
if ( $row_count > 0 ) {
$x = fetch_array ($w, "Fetching old client report id array", 0);
$temp_newer_report_id = $x[0];
}
else {
echo "tried to retieve non-existant row in find_newest_report_in_series<p/>";
$newer_report_id = 0;
}
if ( $temp_newer_report_id == "" || $temp_newer_report_id == "-2" ) {
$newest_report_id = $newer_report_id;
$newer_report_id = 0;
}
else {
$newer_report_id = $temp_newer_report_id;
}
}
return $newest_report_id;
}
function delete_client_report ( $edit_report_id ) {
//Make sure the report id is a number
GLOBAL $org_id, $message, $message_type;
if( ereg("[^0-9]", $edit_report_id) ) {
echo "Non numeric client report id."; exit;
}
//If they are editing a report, check to see they are from the same organization that owns the report
if ( $edit_report_id ) {
//Function from reports_class.inc
$perms = report_permissions_client ( $edit_report_id, $org_id,
$_SESSION['user_idB'] );
if ( $perms['edit_rpt'] != 1 ) {
echo "Illegal attempt to submit edited form"; exit;
}
}
//Find the newest client report in the string, and depreciate that
$newest_rpt_id = $this->find_newest_report_in_series ($edit_report_id);
$sqld = "UPDATE client_rpt_profile SET succeeded_by = '-2' WHERE client_rpt_id = '".$newest_rpt_id."'";
//echo $sqld."<p/>";
run_query ($sqld, "Insert report ProfileC");
$message_type = "ok";
$message .= "Successfully deleted client form. ";
log_report_activity ( $_SESSION['user_idB'], 'client', $edit_report_id, 'delete_client_rpt' );
//echo "Deleted ".$edit_report_id."<p>";
}
}
?>