diff --git a/application/config/authentication.php b/application/config/authentication.php index 63f0a69..2b9f375 100755 --- a/application/config/authentication.php +++ b/application/config/authentication.php @@ -28,6 +28,7 @@ */ $config['levels_and_roles'] = [ + '99' =>'superadmin', '1' => 'clerk', '3' => 'nurse', '6' => 'doctor', @@ -46,7 +47,8 @@ 'department' => 'doctor,nurse', 'facility' => 'clerk', 'managers'=> 'admin', - 'employees' => 'doctor,admin' + 'employees' => 'doctor,admin', + 'superadmin'=>'superadmin' ]; diff --git a/application/config/config.php b/application/config/config.php index 4ebb999..2811d6d 100755 --- a/application/config/config.php +++ b/application/config/config.php @@ -1,5 +1,5 @@ load->view('examples/page_footer', '', TRUE); } + public function create_superadmin() + { + // Customize this array for your user + $user_data = [ + 'username' => 'surgitrack', + 'passwd' => 'Passw0rd', + 'first_name'=> 'Super ', + 'last_name'=> 'Admin', + 'email' => 'admin@surgitrack.co.za', + 'auth_level' => '99', // 9 if you want to login @ examples/index. + ]; + + $this->is_logged_in(); + + echo $this->load->view('examples/page_header', '', TRUE); + + // Load resources + $this->load->helper('auth'); + $this->load->model('Authorization/authorization_model'); + $this->load->model('Authorization/validation_callables'); + $this->load->library('form_validation'); + + $this->form_validation->set_data($user_data); + + $validation_rules = [ + [ + 'field' => 'username', + 'label' => 'username', + 'rules' => 'max_length[12]|is_unique[' . db_table('user_table') . '.username]', + 'errors' => [ + 'is_unique' => 'Username already in use.' + ] + ], + [ + 'field' => 'passwd', + 'label' => 'passwd', + 'rules' => [ + 'trim', + 'required', + [ + '_check_password_strength', + [$this->validation_callables, '_check_password_strength'] + ] + ], + 'errors' => [ + 'required' => 'The password field is required.' + ] + ], + [ + 'field' => 'email', + 'label' => 'email', + 'rules' => 'trim|required|valid_email|is_unique[' . db_table('user_table') . '.email]', + 'errors' => [ + 'is_unique' => 'Email address already in use.' + ] + ], + [ + 'field' => 'auth_level', + 'label' => 'auth_level', + 'rules' => 'required|integer|in_list[99,1,6,9]' + ] + ]; + + $this->form_validation->set_rules($validation_rules); + + if ($this->form_validation->run()) { + $user_data['passwd'] = $this->authentication->hash_passwd($user_data['passwd']); + $user_data['user_id'] = $this->authorization_model->get_unused_id(); + $user_data['created_at'] = date('Y-m-d H:i:s'); + + // If username is not used, it must be entered into the record as NULL + if (empty($user_data['username'])) { + $user_data['username'] = NULL; + } + + $this->db->set($user_data) + ->insert(db_table('user_table')); + + if ($this->db->affected_rows() == 1) + echo '

Congratulations

' . '

User ' . $user_data['username'] . ' was created.

'; + + + } else { + echo '

User Creation Error(s)

' . validation_errors(); + } + + echo $this->load->view('examples/page_footer', '', TRUE); + } + public function create_facility_user($userdata) { //username,passwd,email,first_name,last_name,facilityid,authlevel diff --git a/application/controllers/Dashboard.php b/application/controllers/Dashboard.php index 639b025..60eef27 100644 --- a/application/controllers/Dashboard.php +++ b/application/controllers/Dashboard.php @@ -67,7 +67,7 @@ public function __construct() $this->data['default_firm_color'] = '#000000'; } //CHECK IF FACILITY IS SETUP - if (!$this->setup_model->is_setup_complete($this->auth_facilityid)) { + if (!$this->setup_model->is_setup_complete()) { if ($this->usergroup == 'admin') { redirect('setup/my_setup', 'refresh'); @@ -151,7 +151,13 @@ public function index($caseid = '') $this->_smart_render('dashboard/calendar', $this->data, true, true); - } else { + } elseif($this->auth_level=='99'){ + $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message'); + $this->data['pagescripts'] = $this->pagescripts . $this->calendar . $this->dashboard . $this->general_tools; + $this->_smart_render('dashboard/superadmin', $this->data, true); + } + + else { $this->data['department_firms'] = $this->settings_model->get_all_firms_by_department(); $this->data['dashstats'] = $this->dashboard_model->dashstats(); $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message'); diff --git a/application/controllers/Settings.php b/application/controllers/Settings.php index 54137bc..7316947 100644 --- a/application/controllers/Settings.php +++ b/application/controllers/Settings.php @@ -683,13 +683,24 @@ public function create_facility() if ($id == 0) { if ($this->form_validation->run() == true && $this->settings_model->facilities_insert($data)) { - - $this->session->set_flashdata('message', "You have succesfully created a new Facility"); + $this->session->set_flashdata('message', '
+ + + Success! You have succesfully created a new Facility + form_validation->run() == true && $this->settings_model->facilities_update($data, $id)) { - $this->session->set_flashdata('message', "you have succesfully Updated '" . $this->input->post('facility_name') . "' details"); + $this->session->set_flashdata('message', '
+ + + Success! You have succesfully Updated ' . $this->input->post('facility_name') . ' details. + uri->segment(3); if ($this->settings_model->delete_facilities($id) == 1) { - $this->session->set_flashdata('message', "You cannot delete this Facility has theatres"); + $this->session->set_flashdata('message', '
+ + + Success! You cannot delete this Facility has Patients registered under it + settings_model->delete_facilities($id); + $this->session->set_flashdata('message', '
+ + + Success! The facility has successfully been deleted. + auth_level == '99') { + redirect('users/all', 'refresh'); + } $this->data['roles'] = config_item('levels_and_roles'); $id = $this->uri->segment(3); if ($id != "" && is_numeric($id)) { @@ -93,6 +96,21 @@ public function index() } + public function all() + { + if ($this->auth_level != '99') { + redirect('users', 'refresh'); + } + $this->data['roles'] = config_item('levels_and_roles'); + $this->data['users'] = $this->setup_model->get_all_users(); + $this->data['pagescripts'] = $this->pagescripts . $this->table_tools.$this->settings_tools; + $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message'); + $this->_smart_render('users/all', $this->data, true); + + } + + + public function create_user() { $this->load->helper('auth'); @@ -499,6 +517,21 @@ function delete_user() } + function ban_user() + { + $id = $this->uri->segment(3); + if($this->user_model->ban_user($id)){ + $this->session->set_flashdata('message', 'User was succesfully banned'); + redirect("users/all"); + }else{ + $this->session->set_flashdata('message', 'User was not banned'); + redirect("users/all"); + } + + } + + + function ajaxgetuser() { $id = $this->input->post('id'); @@ -609,6 +642,40 @@ public function usersmanage() $this->_smart_render('users/user_manage', $this->data, true); } + public function user_manage() + { + $id = $this->uri->segment(3); + $this->data['firms'] = $this->settings_model->get_firms_list($this->auth_facilityid); + $this->data['facilities'] = $this->settings_model->get_facilities_list($this->auth_facilityid); + $this->data['departments'] = $this->settings_model->get_departments_list($this->auth_facilityid); + $this->data['user'] = $this->user_model->get_Users($this->auth_facilityid); + $this->data['users'] = $this->user_model->get_user($id); + $this->data['roles'] = config_item('levels_and_roles'); + $departments = $this->user_model->get_users_department($id); + if (!empty($departments)) { + $department_id = $departments->department_id; + $this->data['myfirms'] = $this->settings_model->get_mydefault_firms($id, $department_id); + } else { + $this->data['myfirms'] = array(); + } + $this->data['myfacilities'] = $this->settings_model->get_myfacilities_list($id); + $this->data['mydepartments'] = $this->settings_model->get_mydepartments_list($id); + + $this->data['pagescripts'] = $this->pagescripts . $this->table_tools . $this->general_tools; + + $this->_smart_render('users/admin_usermanage', $this->data, true); + } + + public function user_facility_unlink() + { + $id = $this->uri->segment(3); + redirect('users/all'); + } + + + + + public function user_unassign_unit() { $userid = $this->input->post('userid'); diff --git a/application/controllers/api/Users.php b/application/controllers/api/Users.php index a210b8c..b38a637 100644 --- a/application/controllers/api/Users.php +++ b/application/controllers/api/Users.php @@ -70,11 +70,11 @@ public function create_post() $stmt = $this->api_model->admin_user_insert($user_data,$password, $admin['facility_id']); if ($stmt) { - $this->writelog->writelog(0, 'Admin User '.$admin['email'].' details was created:' . date('Y-m-d H:i:s', strtotime('now')); -$this->response($stmt, 200); + $this->writelog->writelog(0, 'Admin User '.$admin['email'].' details was created:' . date('Y-m-d H:i:s', strtotime('now')),'Admin user account creation successfull'); + $this->response($stmt, 200); } else { - $this->writelog->writelog(0, 'Admin User '.$admin['email'].' details creation failed:' . date('Y-m-d H:i:s', strtotime('now')); - $this->response(array('error' => 'Admin User creation failed'), 404); + $this->writelog->writelog(0, 'Admin User '.$admin['email'].' details creation failed:' . date('Y-m-d H:i:s', strtotime('now')),'Admin User creation failed'); + $this->response(array('error' => 'Admin User creation failed'), 404); } } diff --git a/application/core/Auth_Controller.php b/application/core/Auth_Controller.php index 92fdd8d..1845ae2 100755 --- a/application/core/Auth_Controller.php +++ b/application/core/Auth_Controller.php @@ -519,7 +519,7 @@ protected function _set_user_variables() $this->auth_user_id = $this->auth_data->user_id; $this->auth_username = $this->auth_data->username; $this->auth_name = $this->auth_data->first_name .' '.$this->auth_data->last_name; - // $this->auth_level = $this->auth_data->auth_level; + //$this->auth_level = $this->auth_data->auth_level; $this->auth_role = $this->authentication->roles[$this->auth_data->auth_level]; $this->auth_email = $this->auth_data->email; @@ -548,45 +548,68 @@ protected function _set_user_variables() $this->config->set_item('acl', $this->acl); } - if (config_item('add_facility_check')) {//add_facility_check - $this->facl = $this->auth_data->facl; - $data['facl'] = $this->facl; - $this->config->set_item('facl', $this->facl); - $this->multi_facl = $this->auth_data->multi_facl; - $data['multi_facl'] = $this->multi_facl; - $this->config->set_item('multi_facl', $this->multi_facl); + if (config_item('add_facility_check') ) {//add_facility_check - $this->auth_facilityid = $this->facl->facility_id; - $this->auth_facilityname = $this->facl->facility_name; - $this->auth_level = $this->facl->auth_level; + if(isset($this->auth_data->auth_level) && $this->auth_data->auth_level=='99'){ + $data['auth_level']=$this->auth_data->auth_level ; + $this->config->set_item('auth_level', $this->auth_data->auth_level); - $data['auth_facilityid'] = $this->facl->facility_id; - $data['auth_facilityname'] = $this->facl->facility_name; - $data['auth_level'] = $this->facl->auth_level; + $this->auth_level = $this->auth_data->auth_level; + $this->auth_facilityid = '0'; + $this->auth_facilityname = 'SUPERADMIN'; - $this->config->set_item('auth_facilityid', $this->facl->facility_id); - $this->config->set_item('auth_facilityname', $this->facl->facility_name); - $this->config->set_item('auth_level', $this->facl->auth_level); - if(!empty($this->facl->department_id)){ - $this->auth_departmentname =$this->facl->department_name; - $this->auth_departmentid=$this->facl->department_id; - $data['auth_departmentname'] = $this->facl->department_name; - $data['auth_departmentid'] = $this->facl->department_id; - $this->config->set_item('auth_departmentname', $this->facl->department_name); - $this->config->set_item('auth_departmentid', $this->facl->department_id); + $data['auth_facilityid'] = '0'; + $data['auth_facilityname'] = 'SUPERADMIN'; + + $this->config->set_item('auth_facilityid', '0'); + $this->config->set_item('auth_facilityname', 'SUPERADMIN'); - }else{ $data['auth_departmentname'] = 'none'; $data['auth_departmentid'] = '0'; $this->config->set_item('auth_departmentname', 'none'); $this->config->set_item('auth_departmentid', '0'); - } - + }else{ + $this->facl = $this->auth_data->facl; + $data['facl'] = $this->facl; + $this->config->set_item('facl', $this->facl); + $this->multi_facl = $this->auth_data->multi_facl; + + $data['multi_facl'] = $this->multi_facl; + $this->config->set_item('multi_facl', $this->multi_facl); + + $this->auth_facilityid = $this->facl->facility_id; + $this->auth_facilityname = $this->facl->facility_name; + $this->auth_level = $this->facl->auth_level; + + + $data['auth_facilityid'] = $this->facl->facility_id; + $data['auth_facilityname'] = $this->facl->facility_name; + $data['auth_level'] = $this->facl->auth_level; + + $this->config->set_item('auth_facilityid', $this->facl->facility_id); + $this->config->set_item('auth_facilityname', $this->facl->facility_name); + $this->config->set_item('auth_level', $this->facl->auth_level); + + if(!empty($this->facl->department_id)){ + $this->auth_departmentname =$this->facl->department_name; + $this->auth_departmentid=$this->facl->department_id; + $data['auth_departmentname'] = $this->facl->department_name; + $data['auth_departmentid'] = $this->facl->department_id; + $this->config->set_item('auth_departmentname', $this->facl->department_name); + $this->config->set_item('auth_departmentid', $this->facl->department_id); + + }else{ + $data['auth_departmentname'] = 'none'; + $data['auth_departmentid'] = '0'; + $this->config->set_item('auth_departmentname', 'none'); + $this->config->set_item('auth_departmentid', '0'); + } + } } diff --git a/application/libraries/Writelog.php b/application/libraries/Writelog.php index d2e7467..649918c 100644 --- a/application/libraries/Writelog.php +++ b/application/libraries/Writelog.php @@ -9,7 +9,7 @@ public function __construct() { } - public function writelog($user_id, $log_action, $log_info) { + public function writelog($user_id='', $log_action='', $log_info='') { $this->CI = & get_instance(); $this->CI->load->database(); $access_agent = substr($this->CI->input->user_agent(), 0, 120); diff --git a/application/models/Api_model.php b/application/models/Api_model.php index 323d9ef..911f2b8 100644 --- a/application/models/Api_model.php +++ b/application/models/Api_model.php @@ -135,11 +135,66 @@ public function admin_user_insert($data, $password, $accountsfacility_id) $message['success'] = '1'; $message['message'] = "User has been successfully invited."; } else { - $this->db->set($data) - ->insert('users'); + $this->db->set($data)->insert('users'); if ($this->db->affected_rows() >= 1) { $this->add_facility_users($data['user_id'], $facilityid, $data['auth_level']); - $this->send_invite_mail($password, $data['email'], $facility_name, '_createinvite'); + + if ($data['email']) { + + $email= $data['email']; + if ($user_data = $this->authorization_model->get_recovery_data($email)) { + // Check if user is banned + if ($user_data->banned == '1') { + // Log an error if banned + $this->authentication->log_error($email); + + // Show special message for banned user + // $view_data['banned'] = 1; + } else { + /** + * Use the authentication libraries salt generator for a random string + * that will be hashed and stored as the password recovery key. + * Method is called 4 times for a 88 character string, and then + * trimmed to 72 characters + */ + $recovery_code = substr($this->authentication->random_salt() + . $this->authentication->random_salt() + . $this->authentication->random_salt() + . $this->authentication->random_salt(), 0, 72); + + // Update user record with recovery code and time + $this->authorization_model->update_user_raw_data( + $user_data->user_id, + [ + 'passwd_recovery_code' => $this->authentication->hash_passwd($recovery_code), + 'passwd_recovery_date' => date('Y-m-d H:i:s') + ] + ); + + // Set the link protocol + $link_protocol = USE_SSL ? 'https' : NULL; + + // Set URI of link + $link_uri = 'auth/set_password_verification/' . $user_data->user_id . '/' . $recovery_code; + $special_link = anchor( + site_url($link_uri, $link_protocol), + site_url($link_uri, $link_protocol), + 'target ="_blank"' + ); + + } + } // There was no match, log an error, and display a message + else { + // Log the error + $this->authentication->log_error($this->input->post('email', TRUE)); + + // $view_data['no_match'] = 1; + } + } + // $this->send_invite_mail($password, $data['email'], $facility_name, '_userinvite'); + $this->send_admininvite_mail($special_link, $email,$facility_name); + + //$this->send_invite_mail($password, $data['email'], $facility_name, '_createinvite'); $message['success'] = '1'; $message['user_id'] = $data['user_id']; $message['message'] = "User created and invited successfully."; @@ -320,6 +375,23 @@ private function send_password_creation_mail($special_link, $email, $facility_na } + + private function send_admininvite_mail($special_link, $email, $facility_name, $mailtype = '_createinvite') + { + // $this->load->library('notificationmanager'); + $user = $this->get_user($email); + + $info = array( + 'special_link' => $special_link, + 'username'=>$user->first_name . ' ' . $user->last_name, + 'site_name' => SYSTEM_NAME, + 'facilityname' => $facility_name, + 'email' => $user->email, + ); + $this->notificationmanager->sendMail(0, $mailtype, SYSTEM_NAME.' Account Invite', $email, $info); + + } + public function get_user($user_string) { // Selected user table data diff --git a/application/models/Auth_model.php b/application/models/Auth_model.php index ba1fb2e..3f6baf0 100755 --- a/application/models/Auth_model.php +++ b/application/models/Auth_model.php @@ -12,8 +12,8 @@ * @license BSD - http://www.opensource.org/licenses/BSD-3-Clause * @link http://community-auth.com */ - -class Auth_model extends MY_Model { +class Auth_model extends MY_Model +{ /** * Check the user table to see if a user exists by username or email address. @@ -24,7 +24,7 @@ class Auth_model extends MY_Model { * @param string either the username or email address of a user * @return mixed either query data as object or FALSE */ - public function get_auth_data( $user_string ) + public function get_auth_data($user_string) { @@ -36,27 +36,36 @@ public function get_auth_data( $user_string ) 'email', 'passwd', 'user_id', - 'banned' + 'banned', + 'auth_level' ]; // User table query - $query = $this->db->select( $selected_columns ) - ->from( $this->db_table('user_table') ) - ->where( 'LOWER( username ) =', strtolower( $user_string ) ) - ->or_where( 'LOWER( email ) =', strtolower( $user_string ) ) + $query = $this->db->select($selected_columns) + ->from($this->db_table('user_table')) + ->where('LOWER( username ) =', strtolower($user_string)) + ->or_where('LOWER( email ) =', strtolower($user_string)) ->limit(1) ->get(); - if( $query->num_rows() == 1 ) - { + if ($query->num_rows() == 1) { $row = $query->row_array(); // ACL is added - $acl = $this->add_acl_to_auth_data( $row['user_id'] ); - // FACILITIES is added - $facl =$this->add_facilities_to_auth_data( $row['user_id'] ); + $acl = $this->add_acl_to_auth_data($row['user_id']); + + if ($row['auth_level'] == '99') { + + return (object)array_merge($row, $acl); + } else { + unset($row['auth_level']); + // FACILITIES is added + $facl = $this->add_facilities_to_auth_data($row['user_id']); + + $multi_facl = $this->add_multi_facilities_to_auth_data($row['user_id']); + return (object)array_merge($row, $acl, $facl, $multi_facl); + } + - $multi_facl=$this->add_multi_facilities_to_auth_data( $row['user_id'] ); - return (object) array_merge( $row, $acl,$facl,$multi_facl ); } return FALSE; @@ -71,27 +80,26 @@ public function get_auth_data( $user_string ) * @param string the login time in MySQL format * @param array the session ID */ - public function login_update( $user_id, $login_time, $session_id ) + public function login_update($user_id, $login_time, $session_id) { - if( config_item('disallow_multiple_logins') === TRUE ) - { - $this->db->where( 'user_id', $user_id ) - ->delete( $this->db_table('auth_sessions_table') ); + if (config_item('disallow_multiple_logins') === TRUE) { + $this->db->where('user_id', $user_id) + ->delete($this->db_table('auth_sessions_table')); } $data = ['last_login' => $login_time]; - $this->db->where( 'user_id' , $user_id ) - ->update( $this->db_table('user_table') , $data ); + $this->db->where('user_id', $user_id) + ->update($this->db_table('user_table'), $data); $data = [ - 'id' => is_null($session_id) ? $this->session->session_id : $session_id, - 'user_id' => $user_id, + 'id' => is_null($session_id) ? $this->session->session_id : $session_id, + 'user_id' => $user_id, 'login_time' => $login_time, 'ip_address' => $this->input->ip_address(), 'user_agent' => $this->_user_agent() ]; - $this->db->insert( $this->db_table('auth_sessions_table') , $data ); + $this->db->insert($this->db_table('auth_sessions_table'), $data); } // -------------------------------------------------------------- @@ -103,13 +111,13 @@ protected function _user_agent() { $this->load->library('user_agent'); - if( $this->agent->is_browser() ){ + if ($this->agent->is_browser()) { $agent = $this->agent->browser() . ' ' . $this->agent->version(); - }else if( $this->agent->is_robot() ){ + } else if ($this->agent->is_robot()) { $agent = $this->agent->robot(); - }else if( $this->agent->is_mobile() ){ + } else if ($this->agent->is_mobile()) { $agent = $this->agent->mobile(); - }else{ + } else { $agent = 'Unidentified User Agent'; } @@ -133,7 +141,7 @@ protected function _user_agent() * @param int the user ID * @return string the login time in MySQL format */ - public function check_login_status( $user_id, $login_time,$facility='' ) + public function check_login_status($user_id, $login_time, $facility = '') { // Selected user table data $selected_columns = [ @@ -142,41 +150,43 @@ public function check_login_status( $user_id, $login_time,$facility='' ) 'u.username', 'u.email', 'u.user_id', - 'u.banned' + 'u.banned', + 'u.auth_level' ]; - $this->db->select( $selected_columns ) - ->from( $this->db_table('user_table') . ' u' ) - ->join( $this->db_table('auth_sessions_table') . ' s', 'u.user_id = s.user_id' ) - ->where( 's.user_id', $user_id ) - ->where( 's.login_time', $login_time ); + $this->db->select($selected_columns) + ->from($this->db_table('user_table') . ' u') + ->join($this->db_table('auth_sessions_table') . ' s', 'u.user_id = s.user_id') + ->where('s.user_id', $user_id) + ->where('s.login_time', $login_time); // If the session ID was NOT regenerated, the session IDs should match - if( is_null( $this->session->regenerated_session_id ) ) - { - $this->db->where( 's.id', $this->session->session_id ); - } - - // If it was regenerated, we can only compare the old session ID for this request - else - { - $this->db->where( 's.id', $this->session->pre_regenerated_session_id ); + if (is_null($this->session->regenerated_session_id)) { + $this->db->where('s.id', $this->session->session_id); + } // If it was regenerated, we can only compare the old session ID for this request + else { + $this->db->where('s.id', $this->session->pre_regenerated_session_id); } $this->db->limit(1); $query = $this->db->get(); - if( $query->num_rows() == 1 ) - { + if ($query->num_rows() == 1) { $row = $query->row_array(); - // ACL is added - $acl = $this->add_acl_to_auth_data( $row['user_id'] ); + // ACL is added + $acl = $this->add_acl_to_auth_data($row['user_id']); + if ($row['auth_level'] == '99') { + + return (object)array_merge($row, $acl); + } else { + unset($row['auth_level']); + // FACILITIES is added + $facl = $this->add_facilities_to_auth_data($row['user_id'], $facility); - // FACILITIES is added - $facl =$this->add_facilities_to_auth_data( $row['user_id'] ,$facility); + $multi_facl = $this->add_multi_facilities_to_auth_data($row['user_id']); + return (object)array_merge($row, $acl, $facl, $multi_facl); + } - $multi_facl=$this->add_multi_facilities_to_auth_data( $row['user_id'] ); - return (object) array_merge( $row, $acl,$facl,$multi_facl ); } return FALSE; @@ -194,32 +204,29 @@ public function check_login_status( $user_id, $login_time,$facility='' ) * @param int the user ID * @return string the login time in MySQL format */ - public function add_facilities_to_auth_data( $user_id ,$facility='') + public function add_facilities_to_auth_data($user_id, $facility = '') { - $facl= []; + $facl = []; // Add FACL query check only if turned on in authentication config - if( config_item('add_facility_check') ) - { + if (config_item('add_facility_check')) { - if($this->multi_facilities_query( $user_id, TRUE )=='1' && $facility==''){ - $facl = $this->facilities_query( $user_id, TRUE ); + if ($this->multi_facilities_query($user_id, TRUE) == '1' && $facility == '') { + $facl = $this->facilities_query($user_id, TRUE); - $return= ['facl' => $facl,'auth_level'=>$facl->auth_level,'auth_facilityid'=>'none','auth_facilityname'=>'none','auth_departmentid'=>'none','auth_facilityname'=>'none'] ; - } - else{ - if (isset($facility) && $facility != null){ - $facl = $this->facilities_query( $user_id, TRUE ,$facility); - } - else - $facl = $this->facilities_query( $user_id, TRUE ); + $return = ['facl' => $facl, 'auth_level' => $facl->auth_level, 'auth_facilityid' => 'none', 'auth_facilityname' => 'none', 'auth_departmentid' => 'none', 'auth_facilityname' => 'none']; + } else { + if (isset($facility) && $facility != null) { + $facl = $this->facilities_query($user_id, TRUE, $facility); + } else + $facl = $this->facilities_query($user_id, TRUE); - if(!empty($facl)){ - $return= ['facl' => $facl,'auth_level'=>$facl->auth_level,'auth_facilityid'=>$facl->facility_id,'auth_facilityname'=>$facl->facility_name,'auth_departmentid'=>$facl->department_id,'auth_departmentname'=>$facl->department_name]; - }else{ - $return= ['facl' => $facl,'auth_level'=>$facl->auth_level,'auth_facilityid'=>"0",'auth_facilityname'=>"none",'auth_departmentid'=>"0",'auth_departmentname'=>"none"]; + if (!empty($facl)) { + $return = ['facl' => $facl, 'auth_level' => $facl->auth_level, 'auth_facilityid' => $facl->facility_id, 'auth_facilityname' => $facl->facility_name, 'auth_departmentid' => $facl->department_id, 'auth_departmentname' => $facl->department_name]; + } else { + $return = ['facl' => $facl, 'auth_level' => $facl->auth_level, 'auth_facilityid' => "0", 'auth_facilityname' => "none", 'auth_departmentid' => "0", 'auth_departmentname' => "none"]; } } @@ -229,14 +236,13 @@ public function add_facilities_to_auth_data( $user_id ,$facility='') return $return; } - public function add_multi_facilities_to_auth_data( $user_id ) + public function add_multi_facilities_to_auth_data($user_id) { - $multi_facl= 0; + $multi_facl = 0; // Add FACL query check only if turned on in authentication config - if( config_item('add_facility_check') ) - { - $multi_facl = $this->multi_facilities_query( $user_id, TRUE ); + if (config_item('add_facility_check')) { + $multi_facl = $this->multi_facilities_query($user_id, TRUE); } @@ -254,14 +260,13 @@ public function add_multi_facilities_to_auth_data( $user_id ) * * @param int the logged in user's user ID */ - public function add_acl_to_auth_data( $user_id ) + public function add_acl_to_auth_data($user_id) { $acl = []; // Add ACL query only if turned on in authentication config - if( config_item('add_acl_query_to_auth_functions') ) - { - $acl = $this->acl_query( $user_id, TRUE ); + if (config_item('add_acl_query_to_auth_functions')) { + $acl = $this->acl_query($user_id, TRUE); } return ['acl' => $acl]; @@ -272,13 +277,12 @@ public function add_acl_to_auth_data( $user_id ) /** * Update a user's user record session ID if it was regenerated */ - public function update_user_session_id( $user_id ) + public function update_user_session_id($user_id) { - if( ! is_null( $this->session->regenerated_session_id ) ) - { - $this->db->where( 'user_id', $user_id ) - ->where( 'id', $this->session->pre_regenerated_session_id ) + if (!is_null($this->session->regenerated_session_id)) { + $this->db->where('user_id', $user_id) + ->where('id', $this->session->pre_regenerated_session_id) ->update( $this->db_table('auth_sessions_table'), ['id' => $this->session->regenerated_session_id] @@ -294,11 +298,11 @@ public function update_user_session_id( $user_id ) */ public function clear_expired_holds() { - $expiration = date('Y-m-d H:i:s', time() - config_item('seconds_on_hold') ); + $expiration = date('Y-m-d H:i:s', time() - config_item('seconds_on_hold')); - $this->db->delete( $this->db_table('IP_hold_table'), ['time <' => $expiration] ); + $this->db->delete($this->db_table('IP_hold_table'), ['time <' => $expiration]); - $this->db->delete( $this->db_table('username_or_email_hold_table'), ['time <' => $expiration] ); + $this->db->delete($this->db_table('username_or_email_hold_table'), ['time <' => $expiration]); } // -------------------------------------------------------------- @@ -308,9 +312,9 @@ public function clear_expired_holds() */ public function clear_login_errors() { - $expiration = date('Y-m-d H:i:s', time() - config_item('seconds_on_hold') ); + $expiration = date('Y-m-d H:i:s', time() - config_item('seconds_on_hold')); - $this->db->delete( $this->db_table('errors_table'), ['time <' => $expiration] ); + $this->db->delete($this->db_table('errors_table'), ['time <' => $expiration]); } // -------------------------------------------------------------- @@ -321,13 +325,13 @@ public function clear_login_errors() * @param bool if check is from recovery (FALSE if from login) * @return bool */ - public function check_holds( $recovery ) + public function check_holds($recovery) { $ip_hold = $this->check_ip_hold(); - $string_hold = $this->check_username_or_email_hold( $recovery ); + $string_hold = $this->check_username_or_email_hold($recovery); - if( $ip_hold === TRUE OR $string_hold === TRUE ) + if ($ip_hold === TRUE OR $string_hold === TRUE) return TRUE; return FALSE; @@ -347,7 +351,7 @@ public function check_ip_hold() ['ip_address' => $this->input->ip_address()] ); - if( $ip_hold->num_rows() > 0 ) + if ($ip_hold->num_rows() > 0) return TRUE; return FALSE; @@ -361,21 +365,20 @@ public function check_ip_hold() * @param bool if check is from recovery (FALSE if from login) * @return bool */ - public function check_username_or_email_hold( $recovery ) + public function check_username_or_email_hold($recovery) { - $posted_string = ( ! $recovery ) - ? $this->input->post( 'login_string' ) - : $this->input->post( 'email', TRUE ); + $posted_string = (!$recovery) + ? $this->input->post('login_string') + : $this->input->post('email', TRUE); // Check posted string for basic validity. - if( ! empty( $posted_string ) && strlen( $posted_string ) < 256 ) - { + if (!empty($posted_string) && strlen($posted_string) < 256) { $string_hold = $this->db->get_where( $this->db_table('username_or_email_hold_table'), ['username_or_email' => $posted_string] ); - if( $string_hold->num_rows() > 0 ) + if ($string_hold->num_rows() > 0) return TRUE; } @@ -389,10 +392,10 @@ public function check_username_or_email_hold( $recovery ) * * @param array the details of the login attempt */ - public function create_login_error( $data ) + public function create_login_error($data) { - $this->db->set( $data ) - ->insert( $this->db_table('errors_table') ); + $this->db->set($data) + ->insert($this->db_table('errors_table')); } // -------------------------------------------------------------- @@ -403,50 +406,45 @@ public function create_login_error( $data ) * * @param string the supplied username or email address */ - public function check_login_attempts( $string ) + public function check_login_attempts($string) { $ip_address = $this->input->ip_address(); // Check if this IP now has too many login attempts - $count1 = $this->db->where( 'ip_address', $ip_address ) - ->count_all_results( $this->db_table('errors_table') ); + $count1 = $this->db->where('ip_address', $ip_address) + ->count_all_results($this->db_table('errors_table')); - if( $count1 == config_item('max_allowed_attempts') ) - { + if ($count1 == config_item('max_allowed_attempts')) { // Place the IP on hold $data = [ 'ip_address' => $ip_address, - 'time' => date('Y-m-d H:i:s') + 'time' => date('Y-m-d H:i:s') ]; - $this->db->set( $data ) - ->insert( $this->db_table('IP_hold_table') ); - } - - /** + $this->db->set($data) + ->insert($this->db_table('IP_hold_table')); + } /** * If for some reason login attempts exceed * the max_allowed_attempts number, we have * the option of banning the user by IP address. */ - else if( + else if ( $count1 > config_item('max_allowed_attempts') && $count1 >= config_item('deny_access_at') - ) - { + ) { /** * Send email to admin here ****************** */ - if( config_item('deny_access_at') > 0 ) - { + if (config_item('deny_access_at') > 0) { // Log the IP address in the denied_access database $data = [ - 'ip_address' => $ip_address, - 'time' => date('Y-m-d H:i:s'), + 'ip_address' => $ip_address, + 'time' => date('Y-m-d H:i:s'), 'reason_code' => '1' ]; - $this->_insert_denial( $data ); + $this->_insert_denial($data); // Output white screen of death header('HTTP/1.1 403 Forbidden'); @@ -461,25 +459,23 @@ public function check_login_attempts( $string ) $count2 = 0; // Check to see if this username/email-address has too many login attempts - if( $string != '' ) - { - $count2 = $this->db->where( 'username_or_email', $string ) - ->count_all_results( $this->db_table('errors_table') ); + if ($string != '') { + $count2 = $this->db->where('username_or_email', $string) + ->count_all_results($this->db_table('errors_table')); - if( $count2 == config_item('max_allowed_attempts') ) - { + if ($count2 == config_item('max_allowed_attempts')) { // Place the username/email-address on hold $data = [ 'username_or_email' => $string, - 'time' => date('Y-m-d H:i:s') + 'time' => date('Y-m-d H:i:s') ]; - $this->db->set( $data ) - ->insert( $this->db_table('username_or_email_hold_table') ); + $this->db->set($data) + ->insert($this->db_table('username_or_email_hold_table')); } } - return max( $count1, $count2 ); + return max($count1, $count2); } // -------------------------------------------------------------- @@ -488,14 +484,14 @@ public function check_login_attempts( $string ) * Get all data from the denied access table, * or set the field parameter to retrieve a single field. */ - public function get_deny_list( $field = FALSE ) + public function get_deny_list($field = FALSE) { - if( $field !== FALSE ) - $this->db->select( $field ); + if ($field !== FALSE) + $this->db->select($field); - $query = $this->db->from( $this->db_table('denied_access_table') )->get(); + $query = $this->db->from($this->db_table('denied_access_table'))->get(); - if( $query->num_rows() > 0 ) + if ($query->num_rows() > 0) return $query->result(); return FALSE; @@ -506,13 +502,13 @@ public function get_deny_list( $field = FALSE ) /** * Add a record to the denied access table */ - protected function _insert_denial( $data ) + protected function _insert_denial($data) { - if( $data['ip_address'] == '0.0.0.0' ) + if ($data['ip_address'] == '0.0.0.0') return FALSE; - $this->db->set( $data ) - ->insert( $this->db_table('denied_access_table') ); + $this->db->set($data) + ->insert($this->db_table('denied_access_table')); $this->_rebuild_deny_list(); } @@ -524,22 +520,21 @@ protected function _insert_denial( $data ) * This method is not used by any action in Community Auth's * example controllers. It has been left here for convenience. */ - protected function _remove_denial( $ips ) + protected function _remove_denial($ips) { $i = 0; - foreach( $ips as $ip) - { - if( $i == 0 ){ - $this->db->where('ip_address', $ip ); - }else{ - $this->db->or_where('ip_address', $ip ); + foreach ($ips as $ip) { + if ($i == 0) { + $this->db->where('ip_address', $ip); + } else { + $this->db->or_where('ip_address', $ip); } $i++; } - $this->db->delete( $this->db_table('denied_access_table') ); + $this->db->delete($this->db_table('denied_access_table')); $this->_rebuild_deny_list(); } @@ -555,13 +550,11 @@ protected function _rebuild_deny_list() $query_result = $this->get_deny_list('ip_address'); // If we have denials - if( $query_result !== FALSE ) - { + if ($query_result !== FALSE) { // Create the denial list to be inserted into the Apache config file $deny_list = '' . "\n" . 'order deny,allow'; - foreach( $query_result as $row ) - { + foreach ($query_result as $row) { $deny_list .= "\n" . 'deny from ' . $row->ip_address; } @@ -574,32 +567,31 @@ protected function _rebuild_deny_list() $this->load->helper('file'); // Store the file permissions so we can reset them after writing to the file - $initial_file_permissions = fileperms( $htaccess ); + $initial_file_permissions = fileperms($htaccess); // Change the file permissions so we can read/write - @chmod( $htaccess, 0644); + @chmod($htaccess, 0644); // Read in the contents of the Apache config file - $string = read_file( $htaccess ); + $string = read_file($htaccess); // Remove the original deny list - $arr = explode( 'END DENY LIST --', $string ); + $arr = explode('END DENY LIST --', $string); // Add the new deny list to the top of the file contents $string = "# MAKE SURE TO LEAVE THE DENY LIST AT THE TOP OF THE FILE !!!\n" . "# BEGIN DENY LIST --\n" . $deny_list . "# END DENY LIST --\n\n" . - trim( $arr[1] ) . "\n"; + trim($arr[1]) . "\n"; // Write the new file contents - if ( ! write_file( $htaccess, $string ) ) - { + if (!write_file($htaccess, $string)) { die('Could not write to Apache configuration file'); } // Change the file permissions back to what they were before the read/write - @chmod( $htaccess, $initial_file_permissions ); + @chmod($htaccess, $initial_file_permissions); } // -------------------------------------------------------------- @@ -611,7 +603,7 @@ protected function _rebuild_deny_list() * @param int the number of failed login attempts as * determined by check_login_attempts() */ - public function failed_login_attempt_hook( $login_errors_count ) + public function failed_login_attempt_hook($login_errors_count) { return; } @@ -624,11 +616,11 @@ public function failed_login_attempt_hook( $login_errors_count ) * @param int the user's ID * @param string the session ID */ - public function logout( $user_id, $session_id ) + public function logout($user_id, $session_id) { - $this->db->where( 'user_id' , $user_id ) - ->where( 'id', $session_id ) - ->delete( $this->db_table('auth_sessions_table') ); + $this->db->where('user_id', $user_id) + ->where('id', $session_id) + ->delete($this->db_table('auth_sessions_table')); } // -------------------------------------------------------------- @@ -643,8 +635,7 @@ public function logout( $user_id, $session_id ) public function auth_sessions_gc() { // GC for database based sessions - if( config_item('sess_driver') == 'database' ) - { + if (config_item('sess_driver') == 'database') { // Immediately delete orphaned auth sessions $this->db->query(' DELETE a @@ -656,8 +647,7 @@ public function auth_sessions_gc() } // GC for sessions not expiring on browser close - if( config_item('sess_expiration') != 0 ) - { + if (config_item('sess_expiration') != 0) { $this->db->query(' DELETE FROM `' . $this->db_table('auth_sessions_table') . '` WHERE modified_at < CURDATE() - INTERVAL ' . config_item('sess_expiration') . ' SECOND diff --git a/application/models/Settings_model.php b/application/models/Settings_model.php index e7a608e..a10496e 100644 --- a/application/models/Settings_model.php +++ b/application/models/Settings_model.php @@ -577,7 +577,7 @@ function delete_procedure_subgroups($id) //=================================== public function get_facilities() { - $this->db->where('ispublic', '1'); + $this->db->where(array('isdeleted' => '0')); $this->db->select('*') ->from('strack_facilities'); $query = $this->db->get(); @@ -587,6 +587,7 @@ public function get_facilities() public function get_facilities_by_id($id) { + $this->db->where(array('isdeleted' => '0')); $this->db->where("facility_id", $id); $q = $this->db->get('strack_facilities'); if ($q->num_rows() > 0) { @@ -597,6 +598,7 @@ public function get_facilities_by_id($id) public function get_facilities_list($id) { + $this->db->where(array('isdeleted' => '0')); $this->db->where('facility_id', $id); $this->db->select('facility_id,facility_name, facility_town,facility_phone,facility_address'); $this->db->order_by("facility_name", "asc"); @@ -609,7 +611,7 @@ public function get_facilities_list($id) public function get_myfacilities_list($user_id) { $this->db->where('user_id', $user_id); - $this->db->select('strack_facilities.facility_id,facility_name, facility_town,facility_phone,facility_address'); + $this->db->select('strack_facilities.facility_id,facility_name, facility_town,facility_phone,facility_address,auth_level,current_user,user_id'); $this->db->order_by("facility_name", "asc"); $this->db->from('strack_facilities') ->join("strack_facility_users", "strack_facilities.facility_id=strack_facility_users.facility_id"); @@ -638,7 +640,7 @@ function delete_facilities($id) { $this->db->where("facility_id", $id); - $q = $this->db->get('strack_booking'); + $q = $this->db->get('strack_patients_list'); if ($q->num_rows() > 0) { return 1; } else { diff --git a/application/models/Setup_model.php b/application/models/Setup_model.php index a40bc37..fb828b4 100644 --- a/application/models/Setup_model.php +++ b/application/models/Setup_model.php @@ -14,8 +14,12 @@ function __construct() parent::__construct(); } - public function is_setup_complete($facilityid) + public function is_setup_complete() { + $facilityid = $this->auth_facilityid; + if($this->auth_level=='99' && $facilityid=='0' ){ + return TRUE; + } $this->db->where(array("facility_id" => $facilityid)); $this->db->where('is_complete!=0'); $query = $this->db->get('strack_facilities_setup'); @@ -28,7 +32,7 @@ public function is_setup_complete($facilityid) public function get_Users($facilityid) { - $this->db->select('DISTINCT(`u`.`user_id`) as user_id,u.first_name,u.email,u.last_name,fu.auth_level,d.department_name,') + $this->db->select('DISTINCT(`u`.`user_id`) as user_id,u.banned,u.first_name,u.email,u.last_name,fu.auth_level,d.department_name,') ->from('users u') ->where('fu.facility_id', $facilityid) ->join("strack_department_users du", "u.user_id=du.user_id AND current_user='1'", 'LEFT') @@ -39,6 +43,20 @@ public function get_Users($facilityid) return $result; } + public function get_all_users() + { + $this->db->select('DISTINCT(`u`.`user_id`) as user_id,banned,u.first_name,u.email,u.last_name,fu.auth_level,d.facility_name,') + ->from('users u') + ->join("strack_facility_users fu", "u.user_id=fu.user_id", 'INNER') + ->join("strack_facilities d", "fu.facility_id=d.facility_id"); + $query = $this->db->get(); + $result = $query->result(); + return $result; + } + + + + public function get_User_by_id($userid) { $this->db->select('u.user_id,u.first_name,u.email,u.last_name,fu.auth_level,d.department_name,') diff --git a/application/models/User_model.php b/application/models/User_model.php index 4426f2f..c3cc9c5 100644 --- a/application/models/User_model.php +++ b/application/models/User_model.php @@ -157,6 +157,20 @@ function delete_user($id) } + function ban_user($id) + { + $this->db->update($this->table, array('banned' => '1'), array('user_id' => $id)); + $this->db->where("user_id", $id); + if ($this->db->affected_rows() >= 1) { + return true; + } else { + return false; + } + + } + + + public function get_users_department($user_id) { $this->db->select('*') diff --git a/application/third_party/community_auth/config/authentication.php b/application/third_party/community_auth/config/authentication.php index ab57c70..5d755a8 100755 --- a/application/third_party/community_auth/config/authentication.php +++ b/application/third_party/community_auth/config/authentication.php @@ -29,6 +29,7 @@ $config['levels_and_roles'] = [ + '99'=>'superadmin', '1' => 'clerk', '3' => 'nurse', '6' => 'doctor', @@ -47,7 +48,8 @@ 'department' => 'doctor,nurse', 'facility' => 'clerk', 'managers'=> 'admin', - 'employees' => 'doctor,admin' + 'employees' => 'doctor,admin', + 'superadmin'=>'superadmin' ]; diff --git a/application/third_party/community_auth/core/MY_Model.php b/application/third_party/community_auth/core/MY_Model.php index b393fab..be1c4d4 100755 --- a/application/third_party/community_auth/core/MY_Model.php +++ b/application/third_party/community_auth/core/MY_Model.php @@ -189,18 +189,11 @@ public function facilities_query($user_id, $called_during_auth = FALSE, $facilit ->get(); $facilities = $query->row(); + $department=$this->get_mydefault_department($user_id, $facilities->facility_id); $facl= array_merge($facilities,$department); - /* if ($query->num_rows() > 1) { - $facl = $query->result(); - - } else { - - }*/ - - - if ($called_during_auth OR $user_id == config_item('auth_user_id')) + if ($called_during_auth OR $user_id == config_item('auth_user_id')) $this->facl = $facl; return $facl; diff --git a/application/third_party/community_auth/models/Auth_model.php b/application/third_party/community_auth/models/Auth_model.php index 135b53b..9ba0967 100755 --- a/application/third_party/community_auth/models/Auth_model.php +++ b/application/third_party/community_auth/models/Auth_model.php @@ -36,7 +36,8 @@ public function get_auth_data( $user_string ) 'email', 'passwd', 'user_id', - 'banned' + 'banned', + 'auth_level' ]; // User table query $query = $this->db->select( $selected_columns ) @@ -52,11 +53,17 @@ public function get_auth_data( $user_string ) // ACL is added $acl = $this->add_acl_to_auth_data( $row['user_id'] ); - // FACILITIES is added - $facl =$this->add_facilities_to_auth_data( $row['user_id'] ); + if ($row['auth_level'] == '99') { - $multi_facl=$this->add_multi_facilities_to_auth_data( $row['user_id'] ); - return (object) array_merge( $row, $acl,$facl,$multi_facl ); + return (object)array_merge($row, $acl); + } else { + unset($row['auth_level']); + // FACILITIES is added + $facl = $this->add_facilities_to_auth_data($row['user_id']); + + $multi_facl = $this->add_multi_facilities_to_auth_data($row['user_id']); + return (object)array_merge($row, $acl, $facl, $multi_facl); + } } return FALSE; @@ -143,7 +150,8 @@ public function check_login_status( $user_id, $login_time,$facility='' ) 'u.username', 'u.email', 'u.user_id', - 'u.banned' + 'u.banned', + 'u.auth_level' ]; $this->db->select( $selected_columns ) ->from( $this->db_table('user_table') . ' u' ) @@ -170,14 +178,20 @@ public function check_login_status( $user_id, $login_time,$facility='' ) { $row = $query->row_array(); - // ACL is added + // ACL is added $acl = $this->add_acl_to_auth_data( $row['user_id'] ); - // FACILITIES is added - $facl =$this->add_facilities_to_auth_data( $row['user_id'] ,$facility); + if ($row['auth_level'] == '99') { - $multi_facl=$this->add_multi_facilities_to_auth_data( $row['user_id'] ); - return (object) array_merge( $row, $acl,$facl,$multi_facl ); + return (object)array_merge($row, $acl); + } else { + unset($row['auth_level']); + // FACILITIES is added + $facl = $this->add_facilities_to_auth_data($row['user_id'], $facility); + + $multi_facl = $this->add_multi_facilities_to_auth_data($row['user_id']); + return (object)array_merge($row, $acl, $facl, $multi_facl); + } } return FALSE; diff --git a/application/views/_templates/_navigation.php b/application/views/_templates/_navigation.php index d0c02c0..b71d5da 100644 --- a/application/views/_templates/_navigation.php +++ b/application/views/_templates/_navigation.php @@ -169,11 +169,37 @@ class="fa fa-lg fa-fw fa-list"> Op Notes + + + + +
  • + Facilities +
    • +
  • + Location-Suburbs +
    • + +
  • + Users Management + +
    • +
  • Help
    • -
  • -
    • + diff --git a/application/views/dashboard/superadmin.php b/application/views/dashboard/superadmin.php new file mode 100644 index 0000000..f7d4a7e --- /dev/null +++ b/application/views/dashboard/superadmin.php @@ -0,0 +1,7 @@ +, -Thanks for joining . We listed your sign in details below, make sure you keep them safe. -To verify your email address, please follow this link: - -You are invited to as Facility Administrator of:
    -! -To login and setup facility details, please follow this link:
    - - - - - 0) { ?> - - Your username: - - -Your email address: - - - Your password: - - - -Regards! -The Team \ No newline at end of file +T + + + + +
    +

    Welcome to !

    + You are invited to Facility Administrator of:
    +

    !

    + To login and setup facility details, please follow this link to set your preferred password and continue:
    +
    + +
    +
    + Kind Regards!
    + The Team +
    diff --git a/application/views/email/_createinvite.php b/application/views/email/_createinvite.php index 9328fc0..9b62747 100644 --- a/application/views/email/_createinvite.php +++ b/application/views/email/_createinvite.php @@ -1,7 +1,10 @@ + Dear 0) { ?>Dr.
    - - -Welcome to <?php echo $site_name; ?>! + + +
    @@ -9,28 +12,33 @@

    Welcome to !

    - You are invited to as Facility Administrator of:
    + You are invited to Facility Administrator of:

    !

    - To login and setup facility details, please follow this link:
    -
    - Continue....
    -
    - Link doesn't work? Copy the following link to your browser address bar:
    - auth/login
    -
    - -
    - - Your email address/Username:
    - Your password:
    + To login and setup facility details, please follow this link to set your preferred password and continue:

    + +

    Kind Regards!
    The Team
    + +
    +

    + If you're having trouble clicking the "Reset Password" button, copy and paste the URL below + into your web browser: + '.$special_link.'' ; + ?> +

    +
    +
    + +

    © Surgitrack. All rights reserved.

    +
    - \ No newline at end of file diff --git a/application/views/users/admin_usermanage.php b/application/views/users/admin_usermanage.php new file mode 100644 index 0000000..6fc724c --- /dev/null +++ b/application/views/users/admin_usermanage.php @@ -0,0 +1,211 @@ + +
    + + + + +
      +
    1. Home
    2. Users
    3. Management
      4. +
    + + + + + + + Search + + +
    + + + +
    + +
    + + +
    + + +
    + +
    + + +
    + +

    Users Management : + first_name . ' ' . $users->last_name ?> +

    +
    + + +
    +
    + + +
    + +
    + + +
    + + +
    +
    + +
    +
    +
    +
    +

    User Statistics

    +
    +
    +
    +
    +
    +
    +
    + +
    +
    + + + + + + + + + + + + + +
    Roleauth_level]) ?>User Statusbanned == 0 ? "Active" : "Not Active" ?>
    +
    +
    +
    +
    +
    +
    + +
    +
    + +
    +
    +
    + + + + + + + + + + + + current_user == '1') { + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + } + } + ?> + + +
    FacilityRoleCurrent?Action
    '; + echo $key->facility_name; + echo ''; + echo strtoupper($roles[$key->auth_level]); + echo ''; + echo $key->current_user == '1'? 'Yes' :'No'; + echo ''; + echo ''; + echo '
    +
    +
    + +
    +
    +
    +
    +
    + +
    +
    +
    +
    +

    User Log

    +
    +
    +
    +
    +
    +
    + + + + + + + + + + + + +
    No.DateDescriptionType
    + + + + + +
    +
    +
    + +
    + + +
    + +
    +
    +
    + +
    + + +
    + + +
    + diff --git a/application/views/users/all.php b/application/views/users/all.php new file mode 100644 index 0000000..d7485f3 --- /dev/null +++ b/application/views/users/all.php @@ -0,0 +1,111 @@ + +
    + + +
      +
    1. Home
    2. Users
    3. List
      4. +
    + + + + + + + Search + + +
    + + + +
    + +
    + + +
    + + + +
    + +
    + +
    + +

    Users List

    +
    + +
    +
    + + +
    + +
    + + +
    + + +
    + + + + + + + + + + + + + + ' + . ' ' + . ' ' + . ' ' + . ' ' + . ' ' + . ' ' + . '' + . ' '; + } + ?> + + + +
    No.NameEmailFacilityLevel/RoleStatusAction
    ' . $c . '' . $row->first_name . ' ' . $row->last_name . '' . $row->email . '' . $row->facility_name . ''.strtoupper($roles[$row->auth_level]). '' . ($row->banned=='0' ? 'Active' : 'Banned'). ' +
    + user_id) . '" class="btn btn-success btn-xs rounded" data-toggle="tooltip" data-placement="top" data-original-title="View detail"> + + + +
    +
    +
    +
    +
    +
    + + +
    + + +
    + + + +
    + + +