function addData()
{
$gmoId = "";
$name = "";
$designation = null;
$address1 = null;
$address2 = null;
$phone1 = null;
$email = "";
$phone2 = null;
$mobile = null;
$user = '******';
$pass = '******';
$flag1 = null;
if (isset($_GET['add'])) {
$name = $_GET['name'];
$designation = $_GET['designation'];
$address1 = $_GET['address1'];
$address2 = $_GET['address2'];
$email = $_GET['email'];
$phone1 = $_GET['phonenumber1'];
$phone2 = $_GET['phonenumber2'];
$mobile = $_GET['mobilenumber'];
$user = $_GET['username'];
$pass = $_GET['password'];
$resultdist = mysql_query("select districtid from district where name='" . $_GET['district'] . "' ") or die(mysql_error());
$rowdist = mysql_fetch_array($resultdist);
$districtid = $rowdist['districtid'];
if (strlen($name) < 1) {
$flag1 = 'phpValidError';
}
if (isInvalidName($name)) {
$flag1 = 'phpValidError';
}
if (strlen($designation) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($designation)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag1 = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag1 = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag1 = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag1 = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag1 = 'phpValidError';
}
if (isStringNull($districtid)) {
$flag1 = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag1 = 'phpValidError';
}
if (strlen($user) < 5) {
$flag1 = 'phpValidError';
}
if (strlen($user) > 25) {
$flag1 = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag1 = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag1 = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag1 = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag1 = 'phpValidError';
}
$result = mysql_query("select * from gmo where name='" . $name . "' and officeaddress1='" . $address1 . "' and\n\t\t\t\tofficeaddress2='" . $address2 . "' and officephno1='" . $phone1 . "' and officephno2='" . $phone2 . "'\n\t\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and designation='" . $designation . "'\n\t\t\t\tand districtid='" . $districtid . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 1;
} else {
if ($flag1 == 'phpValidError') {
} else {
$result1 = mysql_query("select * from user where username='******' ") or die(mysql_error());
$intUnameExists = mysql_num_rows($result1);
if ($intUnameExists > 0) {
$flag = 2;
} else {
$flag = 3;
mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\t\tusertype\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t\t'GMO'\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\t ") or die(mysql_error());
mysql_query("insert into gmo\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\t\tdesignation,\n\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\t\t\t\tofficeaddress1,\n\t\t\t\t\t\t\t\t\t\t\t\tofficeaddress2,\n\t\t\t\t\t\t\t\t\t\t\t\tofficephno1,\n\t\t\t\t\t\t\t\t\t\t\t\tofficephno2,\n\t\t\t\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\t\tstateid\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($name)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($designation)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($user)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($email)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($mobile)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . trim($districtid) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'01'\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t") or die(mysql_error());
$description = "New gmo with username " . $user . " is registered";
insertEventData("Registration", "Registered new gmo", 'GMO', $description);
}
}
}
}
return $flag;
}
function addData($uname, $id)
{
$daoId = 0;
$name = "";
$designation = null;
$address1 = null;
$address2 = null;
$phone1 = null;
$email = "";
$phone2 = null;
$mobile = null;
$user = "";
$pass = "";
$districtid = "";
$flag = "";
if ($id == 'add') {
$name = trim($_POST['txtName']);
$designation = trim($_POST['txtDesignation']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$email = trim($_POST['txtEmail']);
$districtid = trim($_POST['cmpDistrict']);
$phone1 = trim($_POST['txtPhone1']);
$mobile = trim($_POST['txtMobile']);
$user = trim($_POST['txtUserName']);
$pass = trim($_POST['txtPassword']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($designation) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($designation)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag = 'phpValidError';
}
if (strlen($user) < 5) {
$flag = 'phpValidError';
}
if (strlen($user) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag = 'phpValidError';
}
$result = mysql_query("select * from dao where name='" . $name . "' and address1='" . $address1 . "'\n\t\t\tand address2='" . $address2 . "' and phonenumber='" . $phone1 . "' and mobilenumber='" . $mobile . "'\n\t\t\tand emailid='" . $email . "' and designation='" . $designation . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 'false';
} else {
if ($flag == 'phpValidError') {
} else {
$result1 = mysql_query("select * from user where username='******' ") or die(mysql_error());
$intUnameExists = mysql_num_rows($result1);
if ($intUnameExists > 0) {
$flag = 'fail';
} else {
mysql_query("insert into user\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\tusertype,\n\t\t\t\t\t\t\t\t\tlastlogin\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t'Approved',\n\t\t\t\t\t\t\t\t\t\t'DAO',\n\t\t\t\t\t\t\t\t\t\tnow()\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t ") or die(mysql_error());
mysql_query("insert into dao\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdesignation,\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\taddress1,\n\t\t\t\t\t\t\t\t\taddress2,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\tphonenumber,\n\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($designation) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t'" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t'Approved'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
$flag = 'true';
$username = $_SESSION['userName'];
$description = "New dao with username " . $user . " is added";
insertEventData('Add_Dao', "Add_new_dao", $username, $description);
}
}
}
} else {
if ($_SESSION['userType'] == "DAO" && $_POST['txtPassword'] != NULL) {
$pass = trim($_POST['txtPassword']);
$user = trim($_POST['txtUserName']);
if (strlen($user) < 5) {
$flag = 'phpValidError';
}
if (strlen($user) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update user\n\t\t\t\t\t\t\t\t\tset userpasswd='" . preventInj($pass) . "',\n\t\t\t\t\t\t\t\t\t\t\tlastlogin=now()\n\t\t\t\t\t\t\t\t\twhere username='******' ") or die(mysql_error());
}
}
$name = trim($_POST['txtName']);
$designation = trim($_POST['txtDesignation']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$email = trim($_POST['txtEmail']);
$districtid = trim($_POST['cmpDistrict']);
$phone1 = trim($_POST['txtPhone1']);
$mobile = trim($_POST['txtMobile']);
$daoId = trim($_POST['daoId']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($designation) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($designation)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($daoId)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update dao\n\t\t\t\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t\tdesignation='" . preventInj($designation) . "',\n\t\t\t\t\t\t\t\t\t\taddress1='" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t\taddress2='" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t\tphonenumber='" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t\tmobilenumber='" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t\temailid='" . preventInj($email) . "'\n\t\t\t\t\t\t\t\twhere daoid='" . $daoId . "' ") or die(mysql_error());
$username = $_SESSION['userName'];
$description = "Dao with id " . $des . " is updated";
insertEventData('Update_Dao', "Dao_Details_Updated", $username, $description);
$flag = 'success';
}
}
return $flag;
}
function addData()
{
$hospitalName = "";
$address1 = null;
$address2 = null;
$phone1 = null;
$email = "";
$phone2 = null;
$regno = null;
$mobile = null;
$user = null;
$pass = null;
$district = null;
$flag = 7;
$flag1 = null;
$intnameExists = 0;
if (isset($_GET['add'])) {
$name = $_GET['hname'];
$address1 = $_GET['address1'];
$address2 = $_GET['address2'];
$email = $_GET['email'];
$phone1 = $_GET['phonenumber1'];
$phone2 = $_GET['phonenumber2'];
$regno = $_GET['regno'];
$mobile = $_GET['mobilenumber'];
$user = $_GET['username'];
$pass = preventInj($_GET['password']);
$pincode = $_GET['pincode'];
$district = $_GET['district'];
$resultdist = mysql_query("select districtid from district where name='" . $_GET['district'] . "' ") or die(mysql_error());
$rowdist = mysql_fetch_array($resultdist);
$districtid = $rowdist['districtid'];
if (strlen($name) < 1) {
$flag1 = 'phpValidError';
}
if (isInvalidName($name)) {
$flag1 = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag1 = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag1 = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag1 = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag1 = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag1 = 'phpValidError';
}
if (isStringNull($districtid)) {
$flag1 = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($phone2)) {
$flag1 = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag1 = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag1 = 'phpValidError';
}
}
if (isInvalidName($regno)) {
$flag1 = 'phpValidError';
}
if (strlen($user) < 5) {
$flag1 = 'phpValidError';
}
if (strlen($user) > 25) {
$flag1 = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag1 = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag1 = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag1 = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag1 = 'phpValidError';
}
$result = mysql_query("select * from hospital where name='" . $name . "' and hospitaladdress1='" . $address1 . "' and hospitaladdress2='" . $address2 . "' and hospitalphno1='" . $phone1 . "' and hospitalphno2='" . $phone2 . "'\n\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and registerno='" . $regno . "' and \n\t\t\tdistrictid='" . $districtid . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 1;
} else {
if ($flag1 == 'phpValidError') {
} else {
$result1 = mysql_query("select * from user where username='******' ") or die(mysql_error());
$intUnameExists = mysql_num_rows($result1);
if ($intUnameExists > 0) {
$flag = 2;
} else {
mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\tusertype\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\t\tpassword('" . $pass . "'),\n\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t'HOSPITAL'\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t ");
mysql_query("insert into hospital\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\t\t\thospitaladdress1,\n\t\t\t\t\t\t\t\t\t\t\thospitaladdress2,\n\t\t\t\t\t\t\t\t\t\t\thospitalphno1,\n\t\t\t\t\t\t\t\t\t\t\thospitalphno2,\n\t\t\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\t\t\tregisterno,\n\t\t\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\tvalues \n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($name)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($user)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($email)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($mobile)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($districtid)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($pincode)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($regno)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'Pending'\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t");
$flag = 3;
$description = "New hospital with name " . $name . " is registered";
insertEventData("Registration", "Registered new hospital", $user, $description);
}
}
}
}
return $flag;
}
function addData($uname, $id)
{
$hospitalId = "";
$name = "";
$address1 = null;
$address2 = null;
$phone1 = null;
$email = "";
$phone2 = null;
$regno = null;
$mobile = null;
$user = null;
$pass = null;
$flag = "";
if ($id == 'add') {
$name = trim($_POST['txtHospitalName']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$email = trim($_POST['txtEmail']);
$phone1 = trim($_POST['txtPhone1']);
$phone2 = trim($_POST['txtPhone2']);
$regno = trim($_POST['txtRegNo']);
$mobile = trim($_POST['txtMobile']);
$user = trim($_POST['txtUserName']);
$pass = trim($_POST['txtPassword']);
$pincode = trim($_POST['txtPincode']);
$districtid = trim($_POST['cmpDistrict']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone2)) {
$flag = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
}
if (isInvalidName($regno)) {
$flag = 'phpValidError';
}
if (strlen($user) < 5) {
$flag = 'phpValidError';
}
if (strlen($user) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag = 'phpValidError';
}
$result = mysql_query("select * from hospital where name='" . $name . "' and\n\t\t\thospitaladdress1='" . $address1 . "' and hospitaladdress2='" . $address2 . "'\n\t\t\tand hospitalphno1='" . $phone1 . "' and hospitalphno2='" . $phone2 . "'\n\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and registerno='" . $regno . "'\n\t\t\tand districtid='" . $districtid . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 'false';
} else {
if ($flag == 'phpValidError') {
} else {
$result1 = mysql_query("select * from user where username='******' ") or die(mysql_error());
$intUnameExists = mysql_num_rows($result1);
if ($intUnameExists > 0) {
$flag = 'fail';
} else {
mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\tusertype,\n\t\t\t\t\t\t\t\t\t\t\tlastlogin\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t\t'Approved',\n\t\t\t\t\t\t\t\t\t\t\t'HOSPITAL',\n\t\t\t\t\t\t\t\t\t\t\tnow()\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t ") or die(mysql_error());
mysql_query("insert into hospital\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\thospitaladdress1,\n\t\t\t\t\t\t\t\t\thospitaladdress2,\n\t\t\t\t\t\t\t\t\thospitalphno1,\n\t\t\t\t\t\t\t\t\thospitalphno2,\n\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tregisterno,\n\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($regno) . "',\n\t\t\t\t\t\t\t\t\t'Approved'\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
$flag = 'true';
$description = "New hospital with name " . $name . " is added";
insertEventData('Add_Hospital', "Add new hospital", $user, $description);
}
}
}
} else {
$name = trim($_POST['txtHospitalName']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$email = trim($_POST['txtEmail']);
$phone1 = trim($_POST['txtPhone1']);
$phone2 = trim($_POST['txtPhone2']);
$regno = trim($_POST['txtRegNo']);
$mobile = trim($_POST['txtMobile']);
$pincode = trim($_POST['txtPincode']);
$districtid = trim($_POST['cmpDistrict']);
$hospitalId = trim($_POST['hospitalId']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag = 'phpValidError';
}
}
if (strlen($phone1) < 7) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone2)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
}
if (isInvalidName($regno)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($districtid)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($hospitalId)) {
$flag = 'phpValidError';
}
if ($_SESSION['userType'] == "HOSPITAL" && $_POST['txtPassword'] != NULL) {
$pass = trim($_POST['txtPassword']);
$user = trim($_POST['txtUserName']);
if (strlen($user) < 5) {
$flag = 'phpValidError';
}
if (strlen($user) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update user\n\t\t\t\t\t\t\t\t\tset userpasswd='" . preventInj($pass) . "',\n\t\t\t\t\t\t\t\t\t\t\tlastlogin=now()\n\t\t\t\t\t\t\t\t\twhere username='******' ") or die(mysql_error());
}
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update hospital\n\t\t\t\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t\temailid='" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t\thospitaladdress1='" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t\thospitaladdress2='" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t\thospitalphno1='" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t\thospitalphno2='" . preventInj($phone2) . "',\n\t\t\t\t\t\t\t\t\t\tmobilenumber='" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t\tregisterno='" . preventInj($regno) . "',\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($districtid) . "'\n\t\t\t\t\t\t\t\twhere hospitalid='" . preventInj($hospitalId) . "' ") or die(mysql_error());
$flag = 'success';
$username = $_SESSION['userName'];
$description = "Hospital with id " . $hospitalId . " is updated";
insertEventData('Update_Hospital', "Update_Hospital_Details", $username, $description);
}
}
return $flag;
}
