Пример #1
0
 private function action()
 {
     if (isset($_POST['login']) && isset($_POST['challenge'])) {
         if (isset($_POST['password_hmac']) && strlen($_POST['password_hmac'])) {
             self::login();
         } else {
             $this->aErrors[] = getString("Nebyly zaslány všechny potřebné údaje!", 'login');
             $this->aErrors[] = getString("Zkontrolujte, zda máte zapnutý javascript!", 'login');
         }
     }
     if (!$this->CFG->isAuthenticated()) {
         /// 3s prodleva mezi nactenim a odeslanim formulare pro ok prihlaseni ///
         $vals = array(array('timecreated', getDateToDb(time() + 3)), array('session', session_id()));
         $this->db->insert("core_challenges", $vals);
         $challenge = $this->db->getLastId();
         $this->addVar($challenge, "challenge");
         $this->addVar(cBuildIndex::getActionUrl('login'), "href");
     }
 }
function addData($name, $id)
{
    $flag = "";
    $caseId = "";
    $username = "";
    $des = "";
    $description = "";
    $caseid = "";
    $name = "";
    $age = "";
    $sex = "";
    $address1 = "";
    $address2 = "";
    $pincode = "";
    $disease = "";
    $fatal = "";
    $district = "";
    $reportedon = "";
    $diedon = "";
    $date = "";
    $createdon = "";
    $newpostoffice = "";
    $caseDate = "";
    $username = "";
    $usertype = "";
    if ($id == 'add') {
        $username = trim($_SESSION['userName']);
        $usertype = trim($_SESSION['userType']);
        $hospitalid = trim($_POST['cmbHospital']);
        $name = trim($_POST['txtName']);
        $age = trim($_POST['txtAge']);
        $sex = trim($_POST['rdoSex']);
        $address1 = trim($_POST['txtAddress1']);
        $address2 = trim($_POST['txtAddress2']);
        $pincode = trim($_POST['txtPincode']);
        $disease = trim($_POST['cmbDisease']);
        $fatal = trim($_POST['cmbFatal']);
        $district = trim($_POST['cmbDistrict']);
        $reportedon = trim($_POST['txtReportedOn']);
        $createdon = date("d/m/Y");
        $date = trim($_POST['txtCaseDate']);
        if (strlen($name) < 1) {
            $flag = 'phpValidError';
        }
        if (isInvalidName($name)) {
            $flag = 'phpValidError';
        }
        if (strlen($address1) < 1) {
            $flag = 'phpValidError';
        }
        if (isInvalidName($address1)) {
            $flag = 'phpValidError';
        }
        if (isInvalidAddress($address2)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($hospitalid)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($age)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($disease)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($district)) {
            $flag = 'phpValidError';
        }
        if (strlen($pincode) > 0) {
            if (strlen($pincode) != 6) {
                $flag = 'phpValidError';
            }
            if (isInvalidNumber($pincode)) {
                $flag = 'phpValidError';
            }
        }
        if ($_POST['cmbPostOffice'] == 1 && $_POST['cmbNearPostOffice'] != "select") {
            $postofficeid = trim($_POST['cmbNearPostOffice']);
        } else {
            $postofficeid = trim($_POST['cmbPostOffice']);
        }
        if ($_POST['txtDiedOn'] == "") {
            $diedon = "";
        } else {
            $diedon = trim($_POST['txtDiedOn']);
            if (!isValidDate($diedon)) {
                $flag = 'phpValidError';
            }
            $diedon = getDateToDb($diedon);
        }
        if (isInvalidNumber($postofficeid)) {
            $flag = 'phpValidError';
        }
        if (!isValidDate($date)) {
            $flag = 'phpValidError';
        }
        if (!isValidDate($reportedon)) {
            $flag = 'phpValidError';
        }
        $result = mysql_query("select * from casereport where name='" . $name . "' and age='" . $age . "'\n\t\t\t\tand sex='" . $sex . "' and fatal='" . $fatal . "' and casedate='" . getDateToDb($date) . "'\n\t\t\t\tand reportedon='" . getDateToDb($reportedon) . "'\t") or die(mysql_error());
        $intnameExists = mysql_num_rows($result);
        if ($intnameExists > 0) {
            $flag = 'false';
        } else {
            if ($flag == 'phpValidError') {
            } else {
                mysql_query("insert into casereport\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tage,\n\t\t\t\t\t\t\t\t\tsex,\n\t\t\t\t\t\t\t\t\taddress1,\n\t\t\t\t\t\t\t\t\taddress2,\n\t\t\t\t\t\t\t\t\tdiseaseid,\n\t\t\t\t\t\t\t\t\tfatal,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\thospitalid,\n\t\t\t\t\t\t\t\t\tpostofficeid,\n\t\t\t\t\t\t\t\t\treportedon,\n\t\t\t\t\t\t\t\t\tdiedon,\n\t\t\t\t\t\t\t\t\tcasedate,\n\t\t\t\t\t\t\t\t\tcreatedon\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($username) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($age) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($sex) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($disease) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($fatal) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($district) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($hospitalid) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($postofficeid) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($reportedon)) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($diedon) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($date)) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($createdon)) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
                mysql_query("update casereport set diedon=NULL where diedon=00-00-0000") or die(mysql_error());
                if ($_POST['cmbPostOffice'] == 1) {
                    $newpostoffice = $_POST['txtNewPostOffice'];
                    if (strlen($newpostoffice) < 3) {
                        $flag = 'phpValidError';
                    }
                    if (isInvalidName($newpostoffice)) {
                        $flag = 'phpValidError';
                    }
                    if ($flag == 'phpValidError') {
                    } else {
                        mysql_query("insert into newpostoffice\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\tpincode\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($newpostoffice) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($district) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "'\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t  ") or die(mysql_error());
                    }
                }
                $username = $_SESSION['userName'];
                $description = "New Case Report on patient  " . $name . " is added";
                insertEventData('Add_Case_Report', "New_Case_Reported", $username, $description);
                $flag = 'true';
            }
        }
    } else {
        $hospitalid = $_POST['cmbHospital'];
        $postofficeid = $_POST['cmbPostOffice'];
        $name = trim($_POST['txtName']);
        $age = trim($_POST['txtAge']);
        $sex = trim($_POST['rdoSex']);
        $address1 = trim($_POST['txtAddress1']);
        $address2 = trim($_POST['txtAddress2']);
        $pincode = trim($_POST['txtPincode']);
        $disease = trim($_POST['cmbDisease']);
        $fatal = trim($_POST['cmbFatal']);
        $district = trim($_POST['cmbDistrict']);
        $reportedon = trim($_POST['txtReportedOn']);
        $caseId = trim($_POST['txtCaseId']);
        $date = trim($_POST['txtCaseDate']);
        if (trim($_POST['txtDiedOn']) == "") {
            $diedon = "";
        } else {
            $diedon = trim($_POST['txtDiedOn']);
            if (!isValidDate($diedon)) {
                $flag = 'phpValidError';
            }
            $diedon = getDateToDb($diedon);
        }
        if (!isValidDate($reportedon)) {
            $flag = 'phpValidError';
        }
        if (!isValidDate($date)) {
            $flag = 'phpValidError';
        }
        if (strlen($name) < 1) {
            $flag = 'phpValidError';
        }
        if (isInvalidName($name)) {
            $flag = 'phpValidError';
        }
        if (strlen($address1) < 1) {
            $flag = 'phpValidError';
        }
        if (isInvalidName($address1)) {
            $flag = 'phpValidError';
        }
        if (isInvalidAddress($address2)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($hospitalid)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($age)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($disease)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($district)) {
            $flag = 'phpValidError';
        }
        if (isInvalidNumber($caseId)) {
            $flag = 'phpValidError';
        }
        if (strlen($pincode) > 0) {
            if (strlen($pincode) != 6) {
                $flag = 'phpValidError';
            }
            if (isInvalidNumber($pincode)) {
                $flag = 'phpValidError';
            }
        }
        if ($flag == 'phpValidError') {
        } else {
            mysql_query("update casereport\n\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\tage='" . preventInj($age) . "',\n\t\t\t\t\t\tsex='" . preventInj($sex) . "',\n\t\t\t\t\t\taddress1='" . preventInj($address1) . "',\n\t\t\t\t\t\taddress2='" . preventInj($address2) . "',\n\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\tdiseaseid='" . preventInj($disease) . "',\n\t\t\t\t\t\tdistrictid='" . preventInj($district) . "',\n\t\t\t\t\t\thospitalid='" . preventInj($hospitalid) . "',\n\t\t\t\t\t\tpostofficeid='" . preventInj($postofficeid) . "',\n\t\t\t\t\t\treportedon='" . preventInj(getDateToDb($reportedon)) . "',\n\t\t\t\t\t\tdiedon='" . preventInj($diedon) . "',\n\t\t\t\t\t\tcasedate='" . preventInj(getDateToDb($date)) . "'\n\t\t\t\t\twhere casereportid='" . preventInj($caseId) . "' ") or die(mysql_error());
            mysql_query("update casereport set diedon=NULL where diedon=00-00-0000") or die(mysql_error());
            $username = $_SESSION['userName'];
            $description = "Case Report with id  " . $caseId . " is updated";
            insertEventData('Update_Case_Report', "Case_Report_Updated", $username, $description);
            $flag = 'success';
        }
    }
    return $flag;
}
 private function update($aUser)
 {
     $ok = false;
     //$this->logs->addLog($aUser,"aUser - update");
     $time = getDateToDb(time() + AUTH_TIMEOUT);
     if (is_numeric($aUser['id']) && $aUser['session']) {
         $ok = cDb::update("core_authentications", array('timeinit', $time, true), array(array('user', '=', $aUser['id']), 'AND', array('session', '=', session_id())));
     }
     if (!$ok) {
         $this->clearSessions();
         $this->clearCookies();
         return false;
     }
     $this->setSessions($aUser);
     $this->setCookies($aUser);
     return true;
 }
function displayContent($authorise, $val)
{
    $userName = $_SESSION['userName'];
    $strContent = '<h3>List Bulk Case Report</h3>';
    $choice = 0;
    $result = null;
    switch ($val) {
        case "1":
            if (isset($_GET['Datestart'])) {
                $startdate = getDateToDb($_GET['Datestart']);
                $enddate = getDateToDb($_GET['Dateclose']);
            } else {
                $arrDate = strtEndDateMonthDiff();
                $startdate = $arrDate[0];
                $enddate = $arrDate[1];
            }
            $filterVal = "createdon between '" . $startdate . "' and '" . $enddate . "' ";
            $choice = 1;
            $strContent .= '<h4>Case Reported between ' . getDateFromDb($startdate) . ' 
				and ' . getDateFromDb($enddate) . '</h4>';
            break;
        case "2":
            $disease = $_GET['cmpDiseaseList'];
            $filterVal = "bulkcase.diseaseid='" . $disease . "' ";
            $choice = 2;
            $resultDis = mysql_query("SELECT name FROM disease where \n\t\t\t\tdiseaseid='" . $disease . "'  ") or die(mysql_error());
            $row = mysql_fetch_array($resultDis);
            $strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
            break;
        case "3":
            $district = $_GET['cmpDistrictList'];
            $filterVal = "bulkcase.districtid='" . $district . "' ";
            $choice = 3;
            $resultDist = mysql_query("SELECT name FROM district where \n\t\t\t\tdistrictid='" . $district . "'  ") or die(mysql_error());
            $row = mysql_fetch_array($resultDist);
            $strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
            break;
        default:
            $arrDate = strtEndDateMonthDiff();
            $startdate = $arrDate[0];
            $enddate = $arrDate[1];
            $filterVal = " reportedon between '" . $startdate . "' and '" . $enddate . "' ";
            $choice = 1;
            $strContent .= '<h4>Case Reported between ' . $startdate . ' and ' . $enddate . '</h4>';
            break;
    }
    if ($authorise == "GMO") {
        $userName = $_SESSION['userName'];
        $resultGmo = mysql_query("SELECT districtid FROM gmo where username='******'  ") or die(mysql_error());
        $rowGmo = mysql_fetch_array($resultGmo);
        $districtid = $rowGmo['districtid'];
        $result = mysql_query("SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid \n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid \n\t\t\tLEFT JOIN gmo on bulkcase.districtid=gmo.districtid \n\t\t\tWHERE gmo.districtid='" . $districtid . "' and " . $filterVal . " ") or die(mysql_error());
        $paginationQuery = "SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid \n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid \n\t\t\tWHERE bulkcase.districtid='" . $districtid . "' and " . $filterVal;
    } else {
        if ($authorise == "DAO") {
            $resultDao = mysql_query("SELECT districtid FROM dao where username='******' ");
            $rowDao = mysql_fetch_array($resultDao);
            $districtid = $rowDao['districtid'];
            $result = mysql_query("SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid\n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid \n\t\t\tWHERE bulkcase.districtid='" . $districtid . "' and " . $filterVal . "") or die(mysql_error());
            $paginationQuery = "SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid\n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid \n\t\t\tWHERE bulkcase.districtid='" . $districtid . "' and  " . $filterVal;
        } else {
            if ($authorise == "ADMIN") {
                $result = mysql_query("SELECT  bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid\n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid\n\t\t\tWHERE 1=1 and " . $filterVal . " ") or die(mysql_error());
                $paginationQuery = "SELECT  bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid\n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid\n\t\t\tWHERE 1=1 and " . $filterVal;
            } else {
            }
        }
    }
    $intResultNum = mysql_num_rows($result);
    if ($intResultNum > 0) {
        list($result, $classObj, $dispyListInfo) = classPagination($paginationQuery, $intResultNum);
        $listData = listCaseReport($authorise, $intResultNum, $result);
        $strContent .= $listData;
        $strContent .= '<br /><br />';
        $strContent .= $dispyListInfo . '<br />';
        $strContent .= $classObj->navigationBar();
    } else {
        $strContent .= "No data is stored in the database or you are not authorised to view this data";
    }
    return $strContent;
}
function showContent($authorise, $selectedText, $option)
{
    $strContent = "";
    $choice = 0;
    $dte1 = "";
    $dte2 = "";
    $curDate = "";
    $event = "";
    switch ($option) {
        case "1":
            $year = $_GET['MYear'];
            $dte1 = $year . "-" . $selectedText . "-" . "01";
            $dte2 = $year . "-" . $selectedText . "-" . "31";
            $filterval = "eventtime between '" . $dte1 . "' and '" . $dte2 . "' ";
            $choice = 1;
            break;
        case "2":
            $curDate = date("d.m.Y");
            $arrDate = explode(".", $curDate);
            $dte1 = $selectedText . "-01-01";
            $dte2 = $selectedText . "-12-31";
            $filterval = "eventtime between '" . $dte1 . "' and '" . $dte2 . "' ";
            $choice = 2;
            break;
        case "3":
            if (isset($_GET['Datestart'])) {
                $startdate = getDateToDb($_GET['Datestart']);
                $enddate = getDateToDb($_GET['Dateclose']);
            } else {
                $arrDate = strtEndDateMonthDiff();
                $startdate = $arrDate[0];
                $enddate = $arrDate[1];
            }
            $filterval = "eventtime between '" . $startdate . "' and '" . $enddate . "' ";
            $choice = 3;
            break;
        case "4":
            $filterval = "event like '%" . $selectedText . "' ";
            $choice = 4;
            break;
        default:
            break;
    }
    $result = mysql_query("select * from eventlog where 1=1  and " . $filterval . " ") or die(mysql_error());
    $paginationQuery = "select * from eventlog where 1=1  and " . $filterval;
    $intCount = mysql_num_rows($result);
    if ($intCount > 0) {
        if ($choice == 1) {
            echo '<h4>Report on ' . getMonth($selectedText) . ' ' . $_GET['MYear'] . '</h4><br>';
        } else {
            if ($choice == 2) {
                echo '<h4>Report For The Year ' . $selectedText . '</h4><br>';
            } else {
                if ($choice == 3) {
                    if (isset($_GET['Datestart'])) {
                        echo '<h4>Report on ' . $_GET['Datestart'] . ' and ' . $_GET['Dateclose'] . '</h4><br>';
                    } else {
                        echo '<h4>Report on ' . getDateFromDb($startdate) . ' and ' . getDateFromDb($enddate) . '</h4><br>';
                    }
                } else {
                    echo '<h4>Report on  ' . $selectedText . '</h4><br>';
                }
            }
        }
        /* function for pagination */
        list($result, $classObj, $dispyListInfo) = classPagination($paginationQuery, $intCount);
        $listData = listEvent($authorise, $intCount, $result);
        $strContent .= $listData;
        $strContent .= '<br /><br />';
        $strContent .= $dispyListInfo . '<br />';
        $strContent .= $classObj->navigationBar();
    } else {
        $strContent .= "No data is stored in the database or you are not authorised to view this data";
    }
    echo $strContent;
}
function displayContent($authorise, $val)
{
    $userName = $_SESSION['userName'];
    $strContent = '<h3>List Case Report</h3>';
    $choice = 0;
    $result = null;
    switch ($val) {
        case "1":
            if (isset($_GET['Datestart'])) {
                $startdate = getDateToDb($_GET['Datestart']);
                $enddate = getDateToDb($_GET['Dateclose']);
            } else {
                $arrDate = strtEndDateMonthDiff();
                $startdate = $arrDate[0];
                $enddate = $arrDate[1];
            }
            $filterVal = "reportedon between '" . $startdate . "' and '" . $enddate . "' ";
            $choice = 1;
            $strContent .= '<h4>Case Reported between ' . getDateFromDb($startdate) . ' 
				and ' . getDateFromDb($enddate) . '</h4>';
            break;
        case "2":
            $disease = $_GET['cmpDiseaseList'];
            $filterVal = "casereport.diseaseid='" . $disease . "' ";
            $choice = 2;
            $resultDis = mysql_query("SELECT name FROM disease where \n\t\t\t\tdiseaseid='" . $disease . "'  ") or die(mysql_error());
            $row = mysql_fetch_array($resultDis);
            $strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
            break;
        case "3":
            $district = $_GET['cmpDistrictList'];
            $filterVal = "casereport.districtid='" . $district . "' ";
            $choice = 3;
            $resultDist = mysql_query("SELECT name FROM district where \n\t\t\t\tdistrictid='" . $district . "'  ") or die(mysql_error());
            $row = mysql_fetch_array($resultDist);
            $strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
            break;
        case "4":
            $age = explode("-", $_GET['cmpAgeList']);
            $agest = $age[0];
            $ageend = $age[1];
            $filterVal = "age between '" . $agest . "' and '" . $ageend . "' ";
            $choice = 4;
            $strContent .= '<h4>Case Reported on age, between ' . $agest . ' and ' . $ageend . '</h4>';
            break;
        case "5":
            $hospital = $_GET['cmpHospitalList'];
            $filterVal = "casereport.hospitalid='" . $hospital . "' ";
            $choice = 5;
            $resultHos = mysql_query("SELECT name FROM hospital where \n\t\t\t\thospitalid='" . $hospital . "'  ") or die(mysql_error());
            $row = mysql_fetch_array($resultHos);
            $strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
            break;
        default:
            $arrDate = strtEndDateMonthDiff();
            $startdate = $arrDate[0];
            $enddate = $arrDate[1];
            $filterVal = " reportedon between '" . $startdate . "' and '" . $enddate . "' ";
            $choice = 1;
            $strContent .= '<h4>Case Reported between ' . $startdate . ' and ' . $enddate . '</h4>';
            break;
    }
    if ($authorise == "GMO") {
        $resultGmo = mysql_query("SELECT districtid FROM gmo where username='******'  ") or die(mysql_error());
        $rowGmo = mysql_fetch_array($resultGmo);
        $districtid = $rowGmo['districtid'];
        $result = mysql_query("SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE casereport.districtid='" . $districtid . "' and " . $filterVal . "") or die(mysql_error());
        $paginationQuery = "SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\t\t\t\t\t\t\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\t\t\t\t\t\t\t\t\tWHERE casereport.districtid='" . $districtid . "' and " . $filterVal;
    } else {
        if ($authorise == "DAO") {
            $resultDao = mysql_query("SELECT districtid FROM dao where username='******' ");
            $rowDao = mysql_fetch_array($resultDao);
            $districtid = $rowDao['districtid'];
            $result = mysql_query("SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE casereport.districtid='" . $districtid . "' and " . $filterVal . "") or die(mysql_error());
            $paginationQuery = "SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\t\t\t\t\t\t\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\t\t\t\t\t\t\t\t\tWHERE casereport.districtid='" . $districtid . "' and " . $filterVal;
        } else {
            if ($authorise == "HOSPITAL") {
                $resultHos = mysql_query("SELECT hospitalid FROM hospital where username='******' ");
                $rowHos = mysql_fetch_array($resultHos);
                $hosId = $rowHos['hospitalid'];
                $result = mysql_query("SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname,hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE casereport.hospitalid='" . $hosId . "' and " . $filterVal . " ") or die(mysql_error());
                $paginationQuery = "SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname,hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE casereport.hospitalid='" . $hosId . "' and " . $filterVal;
            } else {
                if ($authorise == "ADMIN") {
                    $result = mysql_query("SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE " . $filterVal . " ") or die(mysql_error());
                    $paginationQuery = "SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\t\t\t\t\t\t\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\t\t\t\t\t\t\t\t\tWHERE " . $filterVal;
                } else {
                }
            }
        }
    }
    $intResultNum = mysql_num_rows($result);
    if ($intResultNum > 0) {
        /* function for pagination */
        list($result, $classObj, $dispyListInfo) = classPagination($paginationQuery, $intResultNum);
        $listData = listCaseReport($authorise, $intResultNum, $result);
        $strContent .= $listData;
        $strContent .= '<br /><br />';
        $strContent .= $dispyListInfo . '<br />';
        $strContent .= $classObj->navigationBar();
    } else {
        $strContent .= "No data is stored in the database or you are not authorised to view this data";
    }
    return $strContent;
}
function fileReadCSV($fileName)
{
    $pincode = "";
    $diedon = "";
    $strcontent = "";
    $strReason = "";
    $distId = "";
    $disId = "";
    $hosId = "";
    $postId = "";
    $strcontent .= '<table>
		<tr>
			<td>';
    $handle = "";
    $createdOn = "";
    $strValue = "";
    $diedon = "";
    $userName = $_SESSION['userName'];
    $createdOn = date("d/m/Y");
    $handle = fopen("{$fileName}", "r");
    while (($data = fgetcsv($handle, 1000, "\t")) !== FALSE) {
        if (strlen($data[0]) > 1) {
            if ($data[11] == "" || $data[11] == " " || $data[11] == NULL || strlen($data[11]) == 0) {
                $data[11] = $data[11];
            } else {
                $data[11] = getDateToDb($data[11]);
            }
            mysql_query("insert into dummycasereport\n\t\t\t(\n\t\t\t\tname,\n\t\t\t\tage,\n\t\t\t\tsex,\n\t\t\t\taddress1,\n\t\t\t\taddress2,\n\t\t\t\tdistrictname,\n\t\t\t\tpostofficename,\n\t\t\t\tpincode,\n\t\t\t\thospitalname,\n\t\t\t\tdiseasename,\n\t\t\t\tfatal,\n\t\t\t\tdiedon,\n\t\t\t\tcasedate,\n\t\t\t\treportedon,\n\t\t\t\tusername,\n\t\t\t\tcreatedon\n\t\t\t)\n\t\t\tvalues\n\t\t\t(\n\t\t\t\t'" . trim(preventInj($data[0])) . "',\n\t\t\t\t'" . trim(preventInj($data[1])) . "',\n\t\t\t\t'" . trim(preventInj($data[2])) . "',\n\t\t\t\t'" . trim(preventInj($data[3])) . "',\n\t\t\t\t'" . trim(preventInj($data[4])) . "',\n\t\t\t\t'" . trim(preventInj($data[5])) . "',\n\t\t\t\t'" . trim(preventInj($data[6])) . "',\n\t\t\t\t'" . trim(preventInj($data[7])) . "',\n\t\t\t\t'" . trim(preventInj($data[8])) . "',\n\t\t\t\t'" . trim(preventInj($data[9])) . "',\n\t\t\t\t'" . trim(preventInj($data[10])) . "',\n\t\t\t\t'" . trim(preventInj($data[11])) . "',\n\t\t\t\t'" . trim(preventInj(getDateToDb($data[12]))) . "',\n\t\t\t\t'" . trim(preventInj(getDateToDb($data[13]))) . "',\n\t\t\t\t'" . trim(preventInj($userName)) . "',\n\t\t\t\t'" . trim(preventInj(getDateToDb($createdOn))) . "'\n\t\t\t)\n\t\t\t") or die(mysql_error());
        }
    }
    //$strcontent.="Inserting of dummy case report finished...wait <br />";
    fclose($handle);
    $result = mysql_query("SELECT dummycasereport.name as name, age, sex, address1, address2,\n\t\t\tdistrict.districtid as districtid, postofficeid, dummycasereport.pincode as pincode,\n\t\t\thospitalid, diseaseid, fatal, reportedon, diedon, casedate, dummycasereport.username,\n\t\t\tcreatedon, casereportid\n\t\tFROM\n\t\t\tdummycasereport\n\t\tLEFT JOIN\n\t\t\tdistrict on dummycasereport.districtname = district.name\n\t\tLEFT JOIN\n\t\t\tdisease on dummycasereport.diseasename = disease.name\n\t\tLEFT JOIN\n\t\t\tpostoffice on dummycasereport.postofficename = postoffice.name\n\t\tLEFT JOIN\n\t\t\thospital on dummycasereport.hospitalname = hospital.name\n\t\tWHERE district.districtid is NOT NULL AND  diseaseid is NOT NULL AND\n\t\t\tpostofficeid is NOT NULL AND hospitalid is NOT NULL") or die(mysql_error());
    $intResultNum = mysql_num_rows($result);
    while ($row = mysql_fetch_array($result)) {
        //check the same result is reported earlier
        $resultExist = mysql_query("SELECT * from casereport where name='" . $row['name'] . "'\n\t\t\tand age='" . $row['age'] . "'\n\t\t\tand sex='" . $row['sex'] . "'\n\t\t\tand fatal='" . $row['fatal'] . "'\n\t\t\tand address1='" . $row['address1'] . "'\n\t\t\tand address2='" . $row['address2'] . "'\n\t\t\tand districtid='" . $row['districtid'] . "'\n\t\t\tand postofficeid='" . $row['postofficeid'] . "'\n\t\t\tand pincode='" . $row['pincode'] . "'\n\t\t\tand hospitalid='" . $row['hospitalid'] . "'\n\t\t\tand diseaseid='" . $row['diseaseid'] . "'\n\t\t\tand fatal='" . $row['fatal'] . "'\n\t\t\tand reportedon='" . $row['reportedon'] . "'\n\t\t\tand diedon=\t'" . $row['diedon'] . "'\n\t\t\tand casedate='" . $row['casedate'] . "'\n\t\t") or die(mysql_error());
        $intnameExists = mysql_num_rows($resultExist);
        if ($intnameExists > 0) {
            //case alreay reported
        } else {
            mysql_query("insert into casereport\n\t\t\t(\n\t\t\t\tname,\n\t\t\t\tage,\n\t\t\t\tsex,\n\t\t\t\taddress1,\n\t\t\t\taddress2,\n\t\t\t\tdistrictid,\n\t\t\t\tpostofficeid,\n\t\t\t\tpincode,\n\t\t\t\thospitalid,\n\t\t\t\tdiseaseid,\n\t\t\t\tfatal,\n\t\t\t\tdiedon,\n\t\t\t\tcasedate,\n\t\t\t\treportedon,\n\t\t\t\tusername,\n\t\t\t\tcreatedon\n\t\t\t)\n\t\t\tvalues\n\t\t\t(\n\t\t\t\t'" . $row['name'] . "',\n\t\t\t\t'" . $row['age'] . "',\n\t\t\t\t'" . $row['sex'] . "',\n\t\t\t\t'" . $row['address1'] . "',\n\t\t\t\t'" . $row['address2'] . "',\n\t\t\t\t'" . $row['districtid'] . "',\n\t\t\t\t'" . $row['postofficeid'] . "',\n\t\t\t\t'" . $row['pincode'] . "',\n\t\t\t\t'" . $row['hospitalid'] . "',\n\t\t\t\t'" . $row['diseaseid'] . "',\n\t\t\t\t'" . $row['fatal'] . "',\n\t\t\t\t'" . $row['diedon'] . "',\n\t\t\t\t'" . $row['casedate'] . "',\n\t\t\t\t'" . $row['reportedon'] . "',\n\t\t\t\t'" . $row['username'] . "',\n\t\t\t\t'" . $row['createdon'] . "'\n\t\t\t)\n\t\t\t") or die(mysql_error());
            $resultMax = mysql_query("SELECT MAX(casereportid) as maxId from casereport") or die(mysql_error());
            $rowMax = mysql_fetch_array($resultMax);
            $maxId = $rowMax['maxId'];
            mysql_query("UPDATE casereport SET diedon = NULL WHERE diedon='0000-00-00'\n\t\t\t\t\t\tand casereportid='" . $maxId . "' ") or die(mysql_error());
            mysql_query("UPDATE casereport SET pincode = NULL WHERE pincode=0\n\t\t\t\t\t\tand casereportid='" . $maxId . "' ") or die(mysql_error());
            $username = $_SESSION['userName'];
            $description = "Cases Imported by  " . $username . " is loaded into the database";
            insertEventData('Import_Case', "Case_Imported", $username, $description);
        }
        mysql_query("delete from dummycasereport where casereportid='" . $row['casereportid'] . "' ") or die(mysql_error());
    }
    //$strcontent.="Valid datas are inserted to a case report table <br />";
    $result = mysql_query("SELECT * FROM dummycasereport") or die(mysql_error());
    $intResultNum = mysql_num_rows($result);
    if ($intResultNum > 0) {
        while ($row = mysql_fetch_array($result)) {
            $resultCheck = mysql_query("SELECT dummycasereport.name as name, age, sex, address1,\n\t\t\t\taddress2, district.districtid as districtid, postofficeid, dummycasereport.pincode\n\t\t\t\tas pincode, hospitalid, diseaseid, fatal, reportedon, diedon, casedate,\n\t\t\t\tdummycasereport.username, createdon, casereportid\n\t\t\tFROM\n\t\t\t\tdummycasereport\n\t\t\tLEFT JOIN\n\t\t\t\tdistrict on dummycasereport.districtname = district.name\n\t\t\tLEFT JOIN\n\t\t\t\tdisease on dummycasereport.diseasename = disease.name\n\t\t\tLEFT JOIN\n\t\t\t\tpostoffice on dummycasereport.postofficename = postoffice.name\n\t\t\tLEFT JOIN\n\t\t\t\thospital on dummycasereport.hospitalname = hospital.name\n\t\t\tWHERE casereportid='" . $row['casereportid'] . "' ") or die(mysql_error());
            $rowCheck = mysql_fetch_array($resultCheck);
            $distId = $rowCheck['districtid'];
            $disId = $rowCheck['diseaseid'];
            $hosId = $rowCheck['hospitalid'];
            $postId = $rowCheck['postofficeid'];
            $strReason = "Reason to Reject: ";
            if ($distId == NULL) {
                $strReason .= "Check the district name\tis same as in the database. ";
            }
            if ($disId == NULL) {
                $strReason .= "Check the disease name\tis same as in the database. ";
            }
            if ($hosId == NULL) {
                $strReason .= "Check the hospital name\tis same as in the database. ";
            }
            if ($postId == NULL) {
                $strReason .= "Check the postoffice name is same as in the database. ";
            }
            if ($row['diedon'] == "" || $row['diedon'] == " " || $row['diedon'] == NULL) {
                $diedon = NULL;
            } else {
                $diedon = getDateFromDb($row['diedon']);
            }
            if ($diedon == '00/00/0000') {
                $diedon = NULL;
            }
            $strValue .= $row['name'];
            $strValue .= "\t";
            $strValue .= $row['age'];
            $strValue .= "\t";
            $strValue .= $row['sex'];
            $strValue .= "\t";
            $strValue .= $row['address1'];
            $strValue .= "\t";
            $strValue .= $row['address2'];
            $strValue .= "\t";
            $strValue .= $row['districtname'];
            $strValue .= "\t";
            $strValue .= $row['postofficename'];
            $strValue .= "\t";
            $strValue .= $pincode;
            $strValue .= "\t";
            $strValue .= $row['hospitalname'];
            $strValue .= "\t";
            $strValue .= $row['diseasename'];
            $strValue .= "\t";
            $strValue .= $row['fatal'];
            $strValue .= "\t";
            $strValue .= $diedon;
            $strValue .= "\t";
            $strValue .= getDateFromDb($row['casedate']);
            $strValue .= "\t";
            $strValue .= getDateFromDb($row['reportedon']);
            $strValue .= "\t";
            $strValue .= $strReason;
            $strValue .= "\n";
            $strReason = "";
        }
        $intResultNum = $intResultNum * 2;
        $intResultNum = $intResultNum + 1;
        $strcontent .= '</td>
			</tr>
			<tr>
				</td>';
        $strcontent .= '<form>';
        $strcontent .= '<textarea READONLY class="displayBack" rows="' . $intResultNum . '" cols="100">';
        $strcontent .= $strValue;
        $strcontent .= '</textarea>';
        $strcontent .= '</form>';
        $strcontent .= '</td>
			</tr>
			<tr>
				<td>';
        $strcontent .= "Invalid datas are given back for manual insertion <br />";
        $strcontent .= 'Copy the above contents and insert the contents manually through "Add Case Report" link or modify the contents and try again.<span class="impMessage">You must remove the "Reason to Reject:" from the page before re-import the file</span>';
        $strcontent .= '</td>
			</tr>
			<tr>
				<td>';
    }
    mysql_query("delete from dummycasereport") or die(mysql_error());
    $strcontent .= 'Valid contents are uploaded successfully';
    $strcontent .= '</td>
		</tr>
	</table>';
    return $strcontent;
}
Пример #8
0
function editpage_alterPage($pageid)
{
    global $DB;
    $tempid = intval($_POST['temp']);
    $bPage = false;
    /// instance of page 'core_pages' ///
    $aVals = array(array('template', $tempid, false), array('user', 0, false));
    if ($_POST['parent_page'] != 'null') {
        $aVals[] = array('parentid', intval($_POST['parent_page']), false);
    } else {
        $aVals[] = array('parentid', 'NULL', false);
    }
    if (isset($_POST['cache'])) {
        $aVals[] = array('usecache', 1, false);
    } else {
        $aVals[] = array('usecache', 0, false);
    }
    if (isset($_POST['publish'])) {
        $aVals[] = array('published', 1, false);
    } else {
        $aVals[] = array('published', 0, false);
    }
    $aVals[] = array('timemodified', getDateToDb());
    $bPage = $DB->update('core_pages', $aVals, array('id', '=', $pageid));
    /// language pages 'core_lngpages'///
    if ($bPage) {
        $bPageLng = array();
        foreach (cCfg::$aLangs as $lng) {
            if (isset($_POST['lng_' . $lng])) {
                $title = $_POST['title_' . $lng];
                $menutitle = $_POST['menu_title_' . $lng];
                $url = admin_createPageUrl($_POST['title_' . $lng]);
                if ($menutitle == "") {
                    $menutitle = $title;
                }
                $lngExists = $DB->select('core_lngpages', 'id', array(array('lng', '=', $lng), 'AND', array('page', '=', $pageid)));
                if (count($lngExists)) {
                    $bPageLng[$lng] = $DB->update('core_lngpages', array(array('title', $title), array('menutitle', $menutitle), array('url', $url), array('timemodified', getDateToDb())), array(array('lng', '=', $lng), 'AND', array('page', '=', $pageid)));
                    /// no exists record in core_lngpages of this LNG for this page ///
                } else {
                    $bPageLng[$lng] = $DB->insert('core_lngpages', array(array('title', $title), array('menutitle', $menutitle), array('url', $url), array('page', $pageid, false), array('lng', $lng)));
                }
            } else {
                $DB->delete('core_lngpages', array(array('lng', '=', $lng), 'AND', array('page', '=', $pageid)));
            }
        }
        if (!count($bPageLng) || isset($_POST['lng'])) {
            if ($_POST['menut_title'] == "") {
                $_POST['menut_title'] = $_POST['title'];
            }
            $lngExists = $DB->select('core_lngpages', 'id', array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
            if (count($lngExists)) {
                $bPageLng[] = $DB->update('core_lngpages', array(array('title', $_POST['title']), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title'])), array('timemodified', getDateToDb())), array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
            } else {
                $bPageLng[] = $DB->insert('core_lngpages', array(array('title', $_POST['title']), array('page', $pageid, false), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title']))));
            }
        } else {
            $DB->delete('core_lngpages', array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
        }
    }
    return $bPage && count($bPageLng);
}
    $Check->check('css', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in CSS field!');
    $Logs->addLog($Check->isValid(), 'valid');
    //$Logs->addLog($Check->getErrors(),'errors');
    if (!$Check->isValid()) {
        foreach ($Check->getErrors() as $k => $error) {
            $aErrors[] = admin_getErrorToPrint($k, $error);
        }
    } else {
        if ($_POST['parent_temp'] != 'null') {
            $aVals[] = array('parentid', intval($_POST['parent_temp']), false);
        } else {
            $aVals[] = array('parentid', 'NULL', false);
        }
        $aVals[] = array('js', $_POST['js']);
        $aVals[] = array('css', $_POST['css']);
        $aVals[] = array('timemodified', getDateToDb());
        try {
            if (!$DB->update('core_templates', $aVals, array('id', '=', $tempid))) {
                throw new cException("Some error during update operation!");
            }
            $aAlerts[] = "Template was updated.";
        } catch (cException $e) {
            $msg = $e->getDbMessageError(__METHOD__ . '(line:' . __LINE__ . ')', $query);
            $aErrors[] = $msg;
            cLogsDb::addFileLog($msg);
        }
    }
}
$allTemps = admin_getAllTemps();
//$Logs->addLog($allTemps, "allTemps");
//$allPages = admin_getAllPages();//add_getAllPages();
Пример #10
0
 private function parseFakDataToDb()
 {
     /// prihlaseny uzivatel ///
     if (!is_null($this->CFG->getUseraccountId())) {
         $this->aFakToDb[] = array('useracc', $this->CFG->getUseraccountId(), false);
     }
     /// zbytek dat faktury ///
     $this->aFakToDb[] = array('cislo', $this->aPost['cislo_faktury'], false);
     $this->aFakToDb[] = array('splatnost', $this->aPost['splatnost'], false);
     $this->aFakToDb[] = array('datum_vyst', getDateToDb(getStringToTime($this->aPost['datum_vystaveni'], 'j.n.Y')));
     $this->aFakToDb[] = array('datum_splat', getDateToDb(getStringToTime($this->aPost['datum_splatnosti'], 'j.n.Y')));
     $this->aFakToDb[] = array('zpusob_uhr', $this->aPost['zpusob_uhrady'], false);
     $this->aFakToDb[] = array('varsymbol', $this->aPost['variabilni_symbol']);
     $this->aFakToDb[] = array('vystavil', $this->aPost['vystavil']);
     $this->aFakToDb[] = array('vystavil_tel', $this->aPost['vystavil_tel']);
     $this->aFakToDb[] = array('typ', $this->aPost['typ_faktury'], false);
     $this->aFakToDb[] = array('ip', $_SERVER['REMOTE_ADDR']);
 }