4.16.5

Application.php

@@ -557,18 +557,16 @@ public static function getSettingKeys($pid) {
             }
         } else {
             $prefix = CareerDev::getPrefix();
+            $module = self::getModule();
             $sql = "SELECT DISTINCT(s.key) AS array_key
                             FROM redcap_external_module_settings AS s
                                 INNER JOIN redcap_external_modules AS m
                                     ON m.external_module_id = s.external_module_id
-                            WHERE m.directory_prefix = '".db_real_escape_string($prefix)."'
-                                AND s.project_id = '".db_real_escape_string($pid)."'";
-            $q = db_query($sql);
-            if ($error = db_error()) {
-                throw new \Exception("ERROR: $error");
-            }
+                            WHERE m.directory_prefix = ?
+                                AND s.project_id = ?";
+            $q = $module->query($sql, [$prefix, $pid]);
             $keys = [];
-            while ($row = db_fetch_assoc($q)) {
+            while ($row = $q->fetch_assoc($q)) {
                 $keys[] = $row['array_key'];
             }
             return $keys;

CareerDev.php

@@ -16,7 +16,7 @@ class CareerDev {
 	public static $passedModule = NULL;
 
 	public static function getVersion() {
-		return "4.16.4";
+		return "4.16.5";
 	}
 
 	public static function getLockFile($pid) {
@@ -252,6 +252,7 @@ public static function isFAQ() {
 
 	public static function setPid($pid) {
 	    // self::log("Setting pid to $pid", $pid);
+        $pid = Sanitizer::sanitizePid($pid);
         $_GET['pid'] = $pid;
         $_GET['project_id'] = $pid;
 		self::$pid = $pid;
@@ -276,9 +277,14 @@ public static function getPid($token = "") {
 		$requestedPid = FALSE;
  		if (isset($_GET['pid'])) {
 			# least reliable because REDCap can sometimes change this value in other crons
-            $requestedPid = REDCapManagement::sanitize($_GET['pid']);
+            $module = self::getModule();
+            if ($module) {
+                $requestedPid = Sanitizer::sanitize($module->getProjectId($_GET['pid']));
+            } else {
+                $requestedPid = Sanitizer::sanitizePid($_GET['pid']);
+            }
 		} else if (isset($_GET['project_id'])) {
-            $requestedPid = REDCapManagement::sanitize($_GET['project_id']);
+            $requestedPid = Sanitizer::sanitizePid($_GET['project_id']);
         }
  		if ($requestedPid && is_numeric($requestedPid)) {
  		    $module = self::getModule();
@@ -559,15 +565,13 @@ public static function getPidFromDatabase($localToken) {
         $fieldsToSearch = ["token", "mentor_token"];
 	    $prefix = self::getPrefix();
         if ($prefix) {
+            $module = self::getModule();
             foreach ($fieldsToSearch as $field) {
-                $sql = "SELECT s.project_id AS project_id FROM redcap_external_module_settings AS s INNER JOIN redcap_external_modules AS m ON m.external_module_id = s.external_module_id WHERE s.key = '$field' AND m.directory_prefix = '".db_real_escape_string($prefix)."' AND s.value = '".db_real_escape_string($localToken)."'";
-                $q = db_query($sql);
-                $numRows = db_num_rows($q);
-                if ($error = db_error()) {
-                    self::log("ERROR: $error ".$sql);
-                }
+                $sql = "SELECT s.project_id AS project_id FROM redcap_external_module_settings AS s INNER JOIN redcap_external_modules AS m ON m.external_module_id = s.external_module_id WHERE s.key = ? AND m.directory_prefix = ? AND s.value = ?";
+                $q = $module->query($sql, [$field, $prefix, $localToken]);
+                $numRows = $q->num_rows;
                 $currentPid = FALSE;
-                while ($row = db_fetch_assoc($q)) {
+                while ($row = $q->fetch_assoc()) {
                     $currentPid = $row["project_id"];
                     break;
                 }

FlightTrackerExternalModule.php

@@ -745,6 +745,9 @@ function executeCron() {
         }
 
         $this->enqueueInitialCrons($activePids);
+        if (Application::isVanderbilt()) {
+            $this->enqueueMultiProjectCrons($activePids);
+        }
 
 		foreach ($activePids as $pid) {
             $this->cleanupLogs($pid);
@@ -763,14 +766,10 @@ function executeCron() {
                     if ($this->getProjectSetting("run_tonight", $pid)) {
                         $this->setProjectSetting("run_tonight", FALSE, $pid);
                         # already done in enqueueInitialCrons
-                        // loadInitialCrons($mgr, FALSE, $token, $server);
                     } else {
                         loadCrons($mgr, FALSE, $token, $server);
                     }
                     Application::log($this->getName().": $tokenName enqueued crons", $pid);
-                    $addlEmailText = in_array($pid, $pidsUpdated) ? "Surveys shared from other Flight Tracker projects" : "";
-//                     $mgr->run($adminEmail, $tokenName, $addlEmailText);
-                    // CareerDev::log($this->getName().": cron run complete for pid $pid", $pid);
                 } catch(\Exception $e) {
                     Application::log("Error in cron logic", $pid);
                     \REDCap::email($adminEmail, Application::getSetting("default_from", $pid), Application::getProgramName()." Error in Cron", $e->getMessage());
@@ -779,6 +778,26 @@ function executeCron() {
 		}
 	}
 
+    function enqueueMultiProjectCrons($pids) {
+        if (!empty($pids)) {
+            $token = "";
+            $server = "";
+            $pid = "";
+            for ($i = 0; $i < count($pids); $i++) {
+                $pid = $pids[$i];
+                $token = $this->getProjectSetting("token", $pid);
+                $server = $this->getProjectSetting("server", $pid);
+                if ($pid && $token && $server) {
+                    break;
+                }
+            }
+            if ($pid && $token && $server) {
+                $mgr = new CronManager($token, $server, $pid, $this);
+                loadMultiProjectCrons($mgr, $pids);
+            }
+        }
+    }
+
 	function enqueueInitialCrons($pids) {
         foreach ($pids as $pid) {
             $token = $this->getProjectSetting("token", $pid);
@@ -852,7 +871,7 @@ function redcap_module_link_check_display($project_id, $link) {
 		    return null;
         }
 
-        if (self::hasAppropriateRights($userid, $project_id)) {
+        if ($this->hasAppropriateRights($userid, $project_id)) {
             if (!$isMentorPage) {
                 return $link;
             } else {
@@ -1018,7 +1037,7 @@ public function canRedirectToInstall() {
 		$bool = !self::isAJAXPage() && !self::isAPITokenPage() && !self::isUserRightsPage() && !self::isExternalModulePage() && (!isset($_GET['page']) || ($_GET['page'] != "install"));
 		if ($_GET['pid']) {
 			# project context
-			$bool = $bool && self::hasAppropriateRights(USERID, $_GET['pid']);
+			$bool = $bool && $this->hasAppropriateRights(USERID, $_GET['pid']);
 		}
 		return $bool;
 	}
@@ -1083,20 +1102,20 @@ private function isModuleEnabled($pid) {
 		return ExternalModules::getProjectSetting($this->getDirectoryPrefix(), $pid, \ExternalModules\ExternalModules::KEY_ENABLED);
 	}
 
-	private static function hasAppropriateRights($userid, $pid) {
-		$sql = "SELECT design, role_id FROM redcap_user_rights WHERE project_id = '".db_real_escape_string($pid)."' AND username = '".db_real_escape_string($userid)."'";
-		$q =  db_query($sql);
+	private function hasAppropriateRights($userid, $pid) {
+		$sql = "SELECT design, role_id FROM redcap_user_rights WHERE project_id = ? AND username = ?";
+		$q =  $this->query($sql, [$pid, $userid]);
 		$roleId = FALSE;
-		if ($row = db_fetch_assoc($q)) {
+		if ($row = $q->fetch_assoc()) {
 			if ($row['design']) {
 			    return TRUE;
             }
 			$roleId = $row['role_id'];
 		}
 		if ($roleId) {
-		    $sql = "SELECT roles.design AS design FROM redcap_user_rights AS rights INNER JOIN redcap_user_roles AS roles ON rights.role_id = roles.role_id WHERE rights.project_id = '".db_real_escape_string($pid)."' AND rights.username = '".db_real_escape_string($userid)."'";
-            $q =  db_query($sql);
-            if ($row = db_fetch_assoc($q)) {
+		    $sql = "SELECT roles.design AS design FROM redcap_user_rights AS rights INNER JOIN redcap_user_roles AS roles ON rights.role_id = roles.role_id WHERE rights.project_id = ? AND rights.username = ?";
+            $q =  $this->query($sql, [$pid, $userid]);
+            if ($row = $q->fetch_assoc()) {
                 if ($row['design']) {
                     return TRUE;
                 }

addNewScholar.php

@@ -11,13 +11,15 @@
 require_once(dirname(__FILE__)."/charts/baseWeb.php");
 require_once(dirname(__FILE__)."/classes/Autoload.php");
 
+$redcapLookupUrl = Application::link("mentor/lookupREDCapUseridFromREDCap.php");
 $fields = [
 		"First Name" => "identifier_first_name",
 		"Last Name" => "identifier_last_name",
         "Email" => "identifier_email",
-        "User-id" => "identifier_userid",
+        "<a href='javascript:;' onclick='lookupREDCapUserid(\"$redcapLookupUrl\", $(\"#results\"));' title='Click to Look Up'>REDCap User-ID</a><br/><span class='smaller'>(optional; click to look up)</span>" => "identifier_userid",
 		];
-if (checkPOSTKeys(array_values($fields))) {
+$requiredFields = ["identifier_first_name", "identifier_last_name", "identifier_email"];
+if (checkPOSTKeys($requiredFields)) {
 	$recordIds = Download::recordIds($token, $server);
 	$max = 0;
 	foreach ($recordIds as $record) {
@@ -49,16 +51,22 @@
     echo $incompleteMssg;
 	echo "<h1>Add a New Scholar or Modify an Existing Scholar</h1>\n";
 
-	$link = CareerDev::link("addNewScholar.php");
+	$link = Application::link("addNewScholar.php");
 	echo "<form action='$link' method='POST'>\n";
 	echo Application::generateCSRFTokenHTML();
 	echo "<table style='margin:0px auto;'>\n";
 	foreach ($fields as $label => $var) {
         $defaultValue = Sanitizer::sanitize($_POST[$var]) ?? "";
+        $id = preg_replace("/^identifier_/", "", $var);
 		echo "<tr>\n";
 		echo "<td style='text-align: right; padding-right: 5px;'>$label:</td>\n";
-		echo "<td padding-left: 5px;'><input type='text' name='$var' style='width: 250px;' value='$defaultValue'></td>\n";
+		echo "<td padding-left: 5px;'><input type='text' name='$var' id='$id' style='width: 250px;' value='$defaultValue'></td>\n";
 		echo "</tr>\n";
+        if (preg_match("/User-ID/", $label)) {
+            echo "<tr>";
+            echo "<td id='results' class='centered' colspan='2'></td>";
+            echo "</tr>";
+        }
 	}
 	echo "</table>\n";
 	echo "<p class='centered'><input type='submit' value='Add/Modify'></p>\n";

batch.php

@@ -14,7 +14,7 @@
 $headers = $specialFields;
 foreach ($queue as $job) {
     foreach (array_keys($job) as $header) {
-        if (!in_array($header, $headers)) {
+        if (!in_array($header, $headers) && isset($job['records'])) {
             $headers[] = $header;
         }
     }
@@ -55,12 +55,14 @@
                         echo "<td></td>";
                     }
                 } else if (preg_match("/Ts$/", $header) && $row[$header] && is_numeric($row[$header])) {
-                    echo "<td>".date("Y-m-d H:i:s", $row[$header])."</td>";
+                    echo "<td>" . date("Y-m-d H:i:s", $row[$header]) . "</td>";
                 } else if (is_array($row[$header])) {
-                    echo "<td style='max-width: 300px; overflow: auto;'>".implode(", ", $row[$header])."</td>";
+                    echo "<td style='max-width: 300px; overflow: auto;'>" . implode(", ", $row[$header]) . "</td>";
                 } else {
-                    echo "<td>".$row[$header]."</td>";
+                    echo "<td>" . $row[$header] . "</td>";
                 }
+            } else if (($header == "records") && isset($row['pids'])) {
+                echo "<td>" . $row['pids'] . "</td>";
             } else {
                 echo "<td></td>";
             }