<?php
/*********************************************************************************************************
  "Ensemble" is the proprietary property of The Regents of the University of California ("The Regents.")

  Copyright (c) 2005-10 The Regents of the University of California, Davis campus. All Rights Reserved.

  Redistribution and use in source and binary forms, with or without modification, are permitted by
  nonprofit, research institutions for research use only, provided the conditions in the included
  license agreement are met.

  Refer to the file "ensemble_license.txt" for the license agreement,
  located in the top level directory of this distribution.

**********************************************************************************************************/
/*
 * This utility can be used in a situation where there are multiple caregivers that are filling out surveys
 * on behalf of residents or patients in a facility. There should be records associated with the caregivers 
 * in the subject table. These records should at minimum have a first name and password associated with them. 
 *
 * This utility makes several assumptions. Each caregiver is associated with a wing in a facility, and will fill out 
 * surveys only for the wing which they are assigned to. Further, residents can either have a status of "enrolled"
 * or "not enrolled". Residents which are not enrolled will not have surveys filled out for them.
 *
 *
 * GET VARIABLES:
 * The URL for the utility should have a ticket "tc" $_GET variable associated with it.
 * Optionally, an "id" $_GET variable for the caregiver's subject_id can be appended. 
 * If the "id" $_GET variable is used, the caregiver will not be prompted for their subject_id (username)
 *
 * CONFIG FILES:
 * This utility will look for a list of wing names in wing_names.txt. This file should be stored in the same directory
 * as this utility, and contain wing names. Each wing name should be stored on a separate line.
 *
 * ENSEMBLE DATABASE
 * Three attribute records should exist in the attribute table: "wing", "person_type", and "enrolled"
 * Residents and caregivers are linked to the attributes in the subject_x_attribute table.
 * The fields "attribute_value_text" and "attribute_value_double" in the subject_x_attribute table indicate the values associated
 * with these attributes.
 * Each caregiver should be linked to the "person_type" attribute with a value of "caregiver" in the attribute_value_text field.
 * Each resident should be linked to the "person_type" attribute with a value of "resident" in the attribute_value_text field.
 * Each resident should be linked to the "wing" attribute with a string describing their wing name in the attribute_value_text field.
 * Each resident should be linked to the "enrolled" attribute with a value of 0 or 1, indicating whether or not they are enrolled.
 * 
 * Optionally, each caregiver can be linked to the "wing" attribute, and their wing name stored in the attribute_value_text field.
 * This is preferred method. Caregivers that are assigned a wing will automatically see a list of residents for their wing.
 * Caregivers that are not assigned to a wing will be given a list of wings to choose from.
 *
 * USAGE:
 * If the "id" GET variable is omitted, the caregiver will be asked for their username (actually this is their subject_id)
 * They must enter the passcode associated with their subject_id to enter the system.
 * Caregivers not assigned to a wing will be provided a list of wings to choose from upon logging in
 * A list of resident names will then be provided associated with the caregiver's wing. 
 * Each resident name is actually a link to initiate an Ensemble session for that resident.
 * The resident's subject_id will be assigned to that Ensemble session. 
 * If you wish to record caregiver name in the Ensemble session, this should be queried in the survey.
 * Further, if you wish to verify the subject_id for the Ensemble session, you may use the form_display_subject_name.php form handler.
 * 
 * Author(s): 
 * July 6, 2010 - Stefan Tomic, original version
*/

$session_timeout = 7200; //two hours


include_once('../../include/variables.php');
//spoof QPI_SESSION_NAME to another session name, so that SESSION info isn't wiped out when starting QPI sessions.
$QPI_SESSION_NAME = "ENSEMBLE_PARTICIPANT_MANAGER";

session_set_cookie_params($session_timeout);

//include variables for subject. This also runs session_start and sets the cookie.
include_once('../../include/subject_includes.php');

$login_posted = (isset($_POST['username']) && isset($_POST['passcode']));
$login_saved = (isset($_SESSION['pman_username']) && isset($_SESSION['pman_passcode']));

//if login_saved, but a new username ID was passed via $_GET, then clear out the session
if($login_saved && isset($_GET['id'])) {
  $newID = $_SESSION['pman_username'] !== $_GET['id'];

 }

if((isset($_POST) && isset($_POST['logout'])) || $newID) {

  //unset all of the session variables.
  $_SESSION = array();

  //delete the session cookie if it is set
  if(isset($_COOKIE[$QPI_SESSION_NAME]))
    setcookie($QPI_SESSION_NAME,'',time()-3600,'/',"",0);
  
  //destroy the session
  session_destroy();

 }

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Participant Manager</title>
<style type="text/css">
<!--
@import url("../../include/qpi_stylesheet.css");
-->
</style>
</head>

<body>
<?

print "<h2>Ensemble Participant Manager</h2>";

$tc = isset($_GET['tc'])? $_GET['tc'] : $_POST['tc'] ;

//obtain current get string to pass back to this script if desired.
$getStr = sprintf("?tc=%s",$tc);
if(isset($_GET['id'])) {
  $getStr = $getStr . sprintf("&id=%s",$_GET['id']);
 }

$printUsage = FALSE;
//at initial entry, make sure that required $_GET variables are assigned
if(empty($tc)) {
    
    print('<div class=red_text>ERROR: Missing ticket code (tc) GET variable</div>');
    $printUsage = TRUE;
 }

if($printUsage) {
    print "<p>USAGE:<br>";
    print (empty($_SERVER['HTTPS']))? "http://" : "https://";
    printf("%s%s?tc=512fb1b3f336</p>",$_SERVER['HTTP_HOST'],$_SERVER['PHP_SELF']);
    
    die();
 }

$enc_key = subinfo_encryption_key();


//authenticate the participant if username and password entered or if it is stored in $_SESSION
if($login_posted || $login_saved) {

  $username = ($login_posted)? $_POST['username'] : $_SESSION['pman_username'];
  $passcode = ($login_posted)? $_POST['passcode'] : mysql_aes_decrypt($_SESSION['pman_passcode'],$enc_key);

  $sql_check_passcode = sprintf("select aes_decrypt(`passphrase`,'%s') as passphrase from subject " .
				"left join subject_x_attribute using (subject_id) left join attribute using (attribute_id) ".
				"where subject_id = '%s' and attribute.name = 'person_type' and ".
				"attribute_value_text = 'caregiver'",$enc_key,$username);
  $row_passcode = mysql_select($sql_check_passcode);
  
  if(strcmp($row_passcode['passphrase'],$passcode) != 0) {
    print "<div class=red_text>Incorrect Username/Passcode Entered.</div>";
    unset($_SESSION['pman_username']);
    unset($_SESSION['pman_passcode']);
    unset($_SESSION['wing_assignment']);
  }
  elseif($login_posted) {
    $_SESSION['pman_username'] = $_POST['username'];
    $_SESSION['pman_passcode'] = mysql_aes_encrypt($_POST['passcode'],$enc_key);
  }
 }


//if username and password are not stored in $_SESSION, display the login form
if(!isset($_SESSION['pman_username']) || !isset($_SESSION['pman_passcode'])) {
  //display username and password fields
  printf("<form action=\"%s\" method=\"post\" name=\"subject_id_passcode\" id=\"subject_id_passcode\">",$_SERVER['PHP_SELF'].$getStr);
  printf("<input type=\"hidden\" name=\"passcode_submit\" value=\"1\">");
  print "<table border=0><tr>\n";
  if(isset($_GET['id'])) {
    //see if this ID is associated with a caregiver. If not, enter the standard username entry box.
    $sql_check_caregiver = sprintf("select attribute_value_text from subject_x_attribute left join ".
				   "attribute using (attribute_id) where subject_id = '%s' ".
				   " and attribute.name = 'person_type' and ".
				   " attribute_value_text = 'caregiver'",$_GET['id']);
    $check_caregiver = mysql_query($sql_check_caregiver) or die(mysql_error());
    if(mysql_num_rows($check_caregiver) > 0)
      $useGETID = TRUE;
    else
      $useGETID = FALSE;
  }

  //if we have determined that the ID belongs to a caregiver, use this
  if($useGETID) {
    printf("<input name=\"username\" type=\"hidden\" id=\"username\" value=\"%s\">",$_GET['id']);
    $sub_name = get_subject_name($_GET['id']);
    printf("<td colspan=2>Welcome %s, please enter your passcode</td>",$sub_name['name_first']);
  }
  else {
    print "<td>" . LANGUAGE_TEXT_QUOTE_USERNAME . "</td>";
    printf("<td><input name=\"username\" type=\"text\" id=\"username\" size=\"20\" maxlength=\"20\"></td>");
  }
  print "<tr><td>" . LANGUAGE_TEXT_QUOTE_PASSCODE . "</td>";
  print "<td><input name=\"passcode\" type=\"password\" id=\"passcode\" size=\"20\" maxlength=\"20\"></td></tr>";
  print "<tr><td><input name=\"submit\" type=\"submit\" id=\"submit\"></td></tr>";
  print "</form>";
  die();
 }

$current_user_name = get_subject_name($_SESSION['pman_username']);
printf("<p>Logged in as %s</p>",$current_user_name['name_first']);

if(isset($_POST['wing_assignment'])) {
  $_SESSION['wing_assignment'] = $_POST['wing_assignment'];
 }

if(!isset($_SESSION['wing_assignment'])) {
  //obtain the current user's "wing"
  $sql_get_wing = sprintf("select attribute_value_text from subject_x_attribute left join attribute using (attribute_id)".
			  " where subject_id = '%s' and attribute.name = 'wing'",$_SESSION['pman_username']);

  $get_wing = mysql_query($sql_get_wing) or die(mysql_error());

  //if this caregiver doesn't have a wing associated with it, then provide a list of wings to choose from
  if(mysql_num_rows($get_wing) == 0) {
  
    $wing_list = file('wing_list.txt',FILE_IGNORE_NEW_LINES) or die('ERROR: wing_list.txt does not exist. Please contact the system administrator.');
    print "Please select your wing<br>";
    printf("<form action=\"%s\" method=\"post\" name=\"wing_assignment\"id=\"wing_assignment\">",$_SERVER['PHP_SELF'].$getStr);
    printf("<select name=\"wing_assignment\" id=\"wing_assignment\">\n");
    foreach($wing_list as $wing_name) {
      printf("<option value=\"%s\">%s</option>\n",$wing_name,$wing_name);
    }
    print "</select>\n";
    print "<input name=\"Submit\" id=\"Submit\" type=\"submit\" value=\"Submit\">";
    print "</form>\n";
    die();
  }
  else {
    $row_get_wing = mysql_fetch_assoc($get_wing);
    $_SESSION['wing_assignment'] = $row_get_wing['attribute_value_text'];
  }
 }

//find all subjects that match the current user's wing, person_type=resident, and enrolled=1
$sql_get_subject_wing = sprintf("select subject_id, name_last, name_first from subject_x_attribute left join " .
				" attribute using (attribute_id) left join subject using (subject_id) where ".
				" attribute.name = 'wing' and attribute_value_text = '%s'",$_SESSION['wing_assignment']);

$get_subject_wing = mysql_query($sql_get_subject_wing) or die(mysql_error());
while($subject_wing = mysql_fetch_assoc($get_subject_wing)) {
  $sub_wing_list[] = $subject_wing['subject_id'];
 }


$sql_get_subject_resident = sprintf("select subject_id, name_last, name_first from subject_x_attribute left join " .
				" attribute using (attribute_id) left join subject using (subject_id) where ".
				" attribute.name = 'person_type' and attribute_value_text = 'resident'");
$get_subject_resident = mysql_query($sql_get_subject_resident) or die(mysql_error());
while($subject_resident = mysql_fetch_assoc($get_subject_resident)) {
  $sub_wing_resident[] = $subject_resident['subject_id'];
 }

$sql_get_subject_enrolled = sprintf("select subject_id, name_last, name_first from subject_x_attribute left join " .
				" attribute using (attribute_id) left join subject using (subject_id) where ".
				" attribute.name = 'enrolled' and attribute_value_double = 1");
$get_subject_enrolled = mysql_query($sql_get_subject_enrolled) or die(mysql_error());
while($subject_enrolled = mysql_fetch_assoc($get_subject_enrolled)) {
  $sub_wing_enrolled[] = $subject_enrolled['subject_id'];
 }

$sublist = array_intersect($sub_wing_list,$sub_wing_resident,$sub_wing_enrolled);

//remove subjects from sublist that have completed a survey today
$today = date('Y-m-d');
$sql_completed_session = sprintf("select subject_id,session.session_id from session left join ticket using (ticket_id) " .
				 "where date(`date_time`) = '%s' and " .
				 "end_datetime is not null and ticket_code = '%s'",
				 $today, $tc);
$completed_session = mysql_query($sql_completed_session) or die(mysql_error());
$completed_sublist = array();
while($row_completed_session = mysql_fetch_assoc($completed_session)) {
  $completed_sublist[] = $row_completed_session['subject_id'];
  

 }
$sublist = array_diff($sublist,$completed_sublist);

//obtain first and last names for $sublist
foreach($sublist as $thisSubID) {
  $sql_get_sub_name = sprintf("select aes_decrypt(`name_last`,'%s') as name_last , " .
			      "aes_decrypt(`name_first`,'%s') as name_first from subject ".
			      "where subject_id = '%s'",$enc_key,$enc_key,$thisSubID);
  $sub_name = mysql_select($sql_get_sub_name);

  $sublist_name_last[] = $sub_name['name_last'];
  $sublist_name_first[] = $sub_name['name_first'];

}

//order subjects by last name, first name
array_multisort($sublist_name_last,$sublist_name_first,$sublist);


printf("<h3>Participant List for wing \"%s\"</h3>",$_SESSION['wing_assignment']);
print "<table border = 0>\n";

//list links for each subject
foreach($sublist as $key=>$thisSubID) {
  
  $subFullName = $sublist_name_last[$key] . ", " . $sublist_name_first[$key];
  $encSubID = mysql_aes_encrypt($thisSubID,$enc_key);

  $subLink = sprintf('<a href="%sstart.php?tc=%s&sid=%s">%s</a>',$questionnaire_location,$tc,$encSubID,$subFullName);	  
  printf("<tr><td class=table_padding>%s</td></tr>\n",$subLink);
}

if(sizeof($sublist) == 0) {
  print "<div class=red_text>No remaining participants today.</div>";
 }


print "</table>\n";
print "<p>&nbsp;</p>";

printf("<form action=\"%s\" method=\"post\" name=\"logout\" id=\"logout\">",$_SERVER['PHP_SELF'].$getStr);
print "<input name=\"logout\" id=\"logout\" type=\"submit\" value=\"logout\">";
print "<input type=\"hidden\" id=\"logout\" value=\"logout\">";

print "</form>";


?>