new system prototype
This commit is contained in:
@ -1,18 +1,13 @@
|
||||
<?php
|
||||
// /var/www/html/db_view_ordered.php
|
||||
require_once __DIR__ . '/common.php';
|
||||
require_once __DIR__ . '/db_init.php';
|
||||
header('Content-Type: text/html; charset=UTF-8');
|
||||
|
||||
// ---- Auth ----
|
||||
$auth = $_SERVER['HTTP_AUTHORIZATION'] ?? ($_SERVER['Authorization'] ?? '');
|
||||
if (stripos($auth, 'Bearer ') !== 0) { http_response_code(401); echo "Missing Bearer token"; exit; }
|
||||
$token = substr($auth, 7);
|
||||
if (!token_is_valid($token)) { http_response_code(403); echo "Invalid or expired token"; exit; }
|
||||
$tokenRec = require_valid_token();
|
||||
|
||||
// ---- Paths for order, header labels and value translations ----
|
||||
$ORDER_JSON = __DIR__ . '/header_order.json';
|
||||
$LABELS_JSON = __DIR__ . '/questions_en.json'; // Spaltenüberschriften (2. Kopfzeile)
|
||||
$VALS_JSON = __DIR__ . '/translations_en.json'; // NEU: Werte-Übersetzungen
|
||||
$LABELS_JSON = __DIR__ . '/questions_en.json';
|
||||
$VALS_JSON = __DIR__ . '/translations_en.json';
|
||||
|
||||
$order = @json_decode(@file_get_contents($ORDER_JSON), true);
|
||||
$labels = @json_decode(@file_get_contents($LABELS_JSON), true);
|
||||
@ -22,10 +17,7 @@ if (!is_array($labels)) $labels = [];
|
||||
if (!is_array($vals)) $vals = [];
|
||||
|
||||
function t_val(string $id, string $raw, array $vals): string {
|
||||
// feste Wörter direkt durchlassen
|
||||
if ($raw === '' || $raw === 'None' || $raw === 'Done' || $raw === 'Not Done') return $raw;
|
||||
|
||||
// Kandidaten: exakt, normalisiert, id+value
|
||||
$norm = strtolower(preg_replace('/[^a-z0-9]+/i', '_', $raw));
|
||||
$cands = [$raw];
|
||||
if ($norm && $norm !== $raw) $cands[] = $norm;
|
||||
@ -33,19 +25,15 @@ function t_val(string $id, string $raw, array $vals): string {
|
||||
$cands[] = "{$id}-{$raw}";
|
||||
$cands[] = "{$id}_{$norm}";
|
||||
$cands[] = "{$id}-{$norm}";
|
||||
|
||||
foreach ($cands as $k) {
|
||||
if (isset($vals[$k]) && is_string($vals[$k]) && $vals[$k] !== '') return $vals[$k];
|
||||
}
|
||||
// Fallback: Versuch mit einfachen globalen Keys (z. B. "yes","no","consent_signed")
|
||||
if (isset($vals[$norm])) return (string)$vals[$norm];
|
||||
if (isset($vals[$raw])) return (string)$vals[$raw];
|
||||
|
||||
return $raw; // nichts gefunden → Original anzeigen
|
||||
return $raw;
|
||||
}
|
||||
|
||||
// ---- load & decrypt DB ----
|
||||
$dbPath = __DIR__ . '/uploads/questionnaire_database';
|
||||
$dbPath = QDB_PATH;
|
||||
if (!file_exists($dbPath)) { http_response_code(404); echo "Database not found"; exit; }
|
||||
$enc = file_get_contents($dbPath);
|
||||
if ($enc === false) { http_response_code(500); echo "Read error"; exit; }
|
||||
@ -53,7 +41,6 @@ if ($enc === false) { http_response_code(500); echo "Read error"; exit; }
|
||||
try { $plain = aes256_cbc_decrypt_bytes($enc, get_master_key_bytes()); }
|
||||
catch (Throwable $e) { http_response_code(500); echo "Decryption failed"; exit; }
|
||||
|
||||
// ---- temp SQLite file ----
|
||||
$tmp = tempnam(sys_get_temp_dir(), 'qdb_');
|
||||
file_put_contents($tmp, $plain);
|
||||
|
||||
@ -61,27 +48,49 @@ try {
|
||||
$pdo = new PDO("sqlite:$tmp");
|
||||
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
$clients = $pdo->query("SELECT clientCode FROM clients ORDER BY clientCode")->fetchAll(PDO::FETCH_COLUMN) ?: [];
|
||||
$questionnaireIds = $pdo->query("SELECT id FROM questionnaires")->fetchAll(PDO::FETCH_COLUMN) ?: [];
|
||||
[$rbacClause, $rbacParams] = rbac_client_filter($tokenRec);
|
||||
|
||||
$clientStmt = $pdo->prepare(
|
||||
"SELECT client.clientCode FROM client WHERE $rbacClause ORDER BY client.clientCode"
|
||||
);
|
||||
foreach ($rbacParams as $k => $v) $clientStmt->bindValue($k, $v);
|
||||
$clientStmt->execute();
|
||||
$clients = $clientStmt->fetchAll(PDO::FETCH_COLUMN) ?: [];
|
||||
|
||||
$questionnaireIds = $pdo->query("SELECT questionnaireID FROM questionnaire")->fetchAll(PDO::FETCH_COLUMN) ?: [];
|
||||
$qidSet = array_fill_keys($questionnaireIds, true);
|
||||
|
||||
$completed = [];
|
||||
$stmt = $pdo->query("SELECT clientCode, questionnaireId, isDone FROM completed_questionnaires");
|
||||
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
$c = $row['clientCode'] ?? 'undefined';
|
||||
$q = $row['questionnaireId'] ?? 'undefined';
|
||||
$completed[$c][$q] = ((int)($row['isDone'] ?? 0)) ? true : false;
|
||||
$cqStmt = $pdo->prepare(
|
||||
"SELECT cq.clientCode, cq.questionnaireID, cq.status
|
||||
FROM completed_questionnaire cq
|
||||
JOIN client ON client.clientCode = cq.clientCode
|
||||
WHERE $rbacClause"
|
||||
);
|
||||
foreach ($rbacParams as $k => $v) $cqStmt->bindValue($k, $v);
|
||||
$cqStmt->execute();
|
||||
while ($row = $cqStmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
$completed[$row['clientCode']][$row['questionnaireID']] = $row['status'];
|
||||
}
|
||||
|
||||
// client_answer uses questionID, which maps to old "questionId" format
|
||||
$answers = [];
|
||||
$stmt = $pdo->query("SELECT clientCode, questionId, answerValue FROM answers");
|
||||
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
$c = $row['clientCode'] ?? 'undefined';
|
||||
$q = $row['questionId'] ?? 'undefined';
|
||||
$answers[$c][$q] = (string)($row['answerValue'] ?? '');
|
||||
$ansStmt = $pdo->prepare(
|
||||
"SELECT ca.clientCode, ca.questionID, ca.answerOptionID, ca.freeTextValue, ca.numericValue
|
||||
FROM client_answer ca
|
||||
JOIN client ON client.clientCode = ca.clientCode
|
||||
WHERE $rbacClause"
|
||||
);
|
||||
foreach ($rbacParams as $k => $v) $ansStmt->bindValue($k, $v);
|
||||
$ansStmt->execute();
|
||||
while ($row = $ansStmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
$val = $row['freeTextValue'] ?? $row['answerOptionID'] ?? '';
|
||||
if ($val === '' && $row['numericValue'] !== null) {
|
||||
$val = (string)$row['numericValue'];
|
||||
}
|
||||
$answers[$row['clientCode']][$row['questionID']] = $val;
|
||||
}
|
||||
|
||||
// ---- HTML ----
|
||||
echo '<style>
|
||||
table{border-collapse:collapse;width:100%;}
|
||||
th,td{border:1px solid #ddd;padding:6px 8px;text-align:left;vertical-align:top;}
|
||||
@ -93,12 +102,10 @@ try {
|
||||
|
||||
echo '<table id="qdb-table">';
|
||||
echo '<thead>';
|
||||
// Row 1: checkbox + IDs (bleiben als technische Schlüssel im Kopf – Werte darunter sind übersetzt)
|
||||
echo '<tr><th class="chkcol"><input type="checkbox" id="chkAll" title="select all"></th>';
|
||||
foreach ($order as $id) echo '<th data-id="'.htmlspecialchars($id).'">'.htmlspecialchars($id).'</th>';
|
||||
echo '</tr>';
|
||||
|
||||
// Row 2: blank + English labels
|
||||
echo '<tr><th class="chkcol"></th>';
|
||||
foreach ($order as $id) {
|
||||
$lbl = $labels[$id] ?? '';
|
||||
@ -113,7 +120,8 @@ try {
|
||||
if ($id === 'client_code') {
|
||||
$val = $client;
|
||||
} elseif (isset($qidSet[$id]) && strpos($id, '-') === false) {
|
||||
$val = ($completed[$client][$id] ?? false) ? 'Done' : 'Not Done';
|
||||
$status = $completed[$client][$id] ?? '';
|
||||
$val = ($status === 'done' || $status === 'Done') ? 'Done' : ($status !== '' ? $status : 'Not Done');
|
||||
} else {
|
||||
$raw = $answers[$client][$id] ?? '';
|
||||
$val = (strlen(trim($raw)) > 0) ? t_val($id, $raw, $vals) : 'None';
|
||||
@ -126,7 +134,8 @@ try {
|
||||
|
||||
} catch (Throwable $e) {
|
||||
http_response_code(500);
|
||||
echo "Error: ".htmlspecialchars($e->getMessage());
|
||||
error_log($e->getMessage());
|
||||
echo "Server error";
|
||||
} finally {
|
||||
@unlink($tmp);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user