interface/language/lang_constant.php

   1 <?php
   2 /**
   3  * lang_constant.php script
   4  *
   5  * @package   OpenEMR
   6  * @link      http://www.open-emr.org
   7  * @author    Brady Miller <brady.g.miller@gmail.com>
   8  * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
   9  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  10  */
  11
  12
  13 require_once("language.inc.php");
  14
  15 // Ensure this script is not called separately
  16 if ((empty($_SESSION['lang_module_unique_id'])) ||
  17     (empty($unique_id)) ||
  18     ($unique_id != $_SESSION['lang_module_unique_id'])) {
  19     die(xlt('Authentication Error'));
  20 }
  21 unset($_SESSION['lang_module_unique_id']);
  22
  23 // gacl control
  24 $thisauth = acl_check('admin', 'language');
  25 if (!$thisauth) {
  26     echo "<html>\n<body>\n";
  27     echo "<p>" . xlt('You are not authorized for this.') . "</p>\n";
  28     echo "</body>\n</html>\n";
  29     exit();
  30 }
  31
  32 if ($_POST['add']) {
  33     if (!verifyCsrfToken($_POST["csrf_token_form"])) {
  34         csrfNotVerified();
  35     }
  36
  37     //validate
  38     if ($_POST['constant_name'] == "") {
  39             echo xlt('Constant name is blank').'<br>';
  40             $err='y';
  41     }
  42
  43     $sql="SELECT * FROM lang_constants WHERE constant_name=? limit 1" ;
  44     $res=SqlQuery($sql, array($_POST['constant_name']));
  45     if ($res) {
  46         echo xlt('Data Alike is already in database, please change constant name').'<br>';
  47         $err='y';
  48     }
  49
  50     if ($err=='y') {
  51         $val_constant=$_POST['constant_name'];
  52     } else {
  53             //insert into the main table
  54         $sql="INSERT INTO lang_constants SET constant_name=?";
  55         SqlStatement($sql, array($_POST['constant_name']));
  56
  57                 //insert into the log table - to allow persistant customizations
  58             insert_language_log('', '', $_POST['constant_name'], '');
  59
  60         echo xlt('Constant') . ' ' . text($_POST['constant_name']) . ' ' . xlt('added') . '<br>';
  61     }
  62
  63
  64
  65 // echo "$sql here ";
  66 }
  67
  68 ?>
  69
  70 <TABLE>
  71 <FORM name="cons_form" METHOD=POST ACTION="?m=constant&csrf_token_form=<?php echo attr(urlencode(collectCsrfToken())); ?>" onsubmit="return top.restoreSession()">
  72 <input type="hidden" name="csrf_token_form" value="<?php echo attr(collectCsrfToken()); ?>" />
  73 <TR>
  74     <TD><?php echo xlt('constant name'); ?></TD>
  75     <TD><INPUT TYPE="text" NAME="constant_name" size="100" value="<?php echo attr($val_constant); ?>"></TD>
  76 </TR>
  77 <TR>
  78     <TD></TD>
  79     <TD><INPUT TYPE="submit" name="add" value="<?php echo xla('Add'); ?>"></TD>
  80 </TR>
  81 </FORM>
  82 </TABLE>
  83 <span class="text"><?php echo xlt('Please Note: constants are case sensitive and any string is allowed.'); ?></span>