private function action()
{
if (isset($_POST['login']) && isset($_POST['challenge'])) {
if (isset($_POST['password_hmac']) && strlen($_POST['password_hmac'])) {
self::login();
} else {
$this->aErrors[] = getString("Nebyly zaslány všechny potřebné údaje!", 'login');
$this->aErrors[] = getString("Zkontrolujte, zda máte zapnutý javascript!", 'login');
}
}
if (!$this->CFG->isAuthenticated()) {
/// 3s prodleva mezi nactenim a odeslanim formulare pro ok prihlaseni ///
$vals = array(array('timecreated', getDateToDb(time() + 3)), array('session', session_id()));
$this->db->insert("core_challenges", $vals);
$challenge = $this->db->getLastId();
$this->addVar($challenge, "challenge");
$this->addVar(cBuildIndex::getActionUrl('login'), "href");
}
}
function addData($name, $id)
{
$flag = "";
$caseId = "";
$username = "";
$des = "";
$description = "";
$caseid = "";
$name = "";
$age = "";
$sex = "";
$address1 = "";
$address2 = "";
$pincode = "";
$disease = "";
$fatal = "";
$district = "";
$reportedon = "";
$diedon = "";
$date = "";
$createdon = "";
$newpostoffice = "";
$caseDate = "";
$username = "";
$usertype = "";
if ($id == 'add') {
$username = trim($_SESSION['userName']);
$usertype = trim($_SESSION['userType']);
$hospitalid = trim($_POST['cmbHospital']);
$name = trim($_POST['txtName']);
$age = trim($_POST['txtAge']);
$sex = trim($_POST['rdoSex']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$pincode = trim($_POST['txtPincode']);
$disease = trim($_POST['cmbDisease']);
$fatal = trim($_POST['cmbFatal']);
$district = trim($_POST['cmbDistrict']);
$reportedon = trim($_POST['txtReportedOn']);
$createdon = date("d/m/Y");
$date = trim($_POST['txtCaseDate']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($hospitalid)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($age)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($disease)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($district)) {
$flag = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
}
if ($_POST['cmbPostOffice'] == 1 && $_POST['cmbNearPostOffice'] != "select") {
$postofficeid = trim($_POST['cmbNearPostOffice']);
} else {
$postofficeid = trim($_POST['cmbPostOffice']);
}
if ($_POST['txtDiedOn'] == "") {
$diedon = "";
} else {
$diedon = trim($_POST['txtDiedOn']);
if (!isValidDate($diedon)) {
$flag = 'phpValidError';
}
$diedon = getDateToDb($diedon);
}
if (isInvalidNumber($postofficeid)) {
$flag = 'phpValidError';
}
if (!isValidDate($date)) {
$flag = 'phpValidError';
}
if (!isValidDate($reportedon)) {
$flag = 'phpValidError';
}
$result = mysql_query("select * from casereport where name='" . $name . "' and age='" . $age . "'\n\t\t\t\tand sex='" . $sex . "' and fatal='" . $fatal . "' and casedate='" . getDateToDb($date) . "'\n\t\t\t\tand reportedon='" . getDateToDb($reportedon) . "'\t") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 'false';
} else {
if ($flag == 'phpValidError') {
} else {
mysql_query("insert into casereport\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tage,\n\t\t\t\t\t\t\t\t\tsex,\n\t\t\t\t\t\t\t\t\taddress1,\n\t\t\t\t\t\t\t\t\taddress2,\n\t\t\t\t\t\t\t\t\tdiseaseid,\n\t\t\t\t\t\t\t\t\tfatal,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\thospitalid,\n\t\t\t\t\t\t\t\t\tpostofficeid,\n\t\t\t\t\t\t\t\t\treportedon,\n\t\t\t\t\t\t\t\t\tdiedon,\n\t\t\t\t\t\t\t\t\tcasedate,\n\t\t\t\t\t\t\t\t\tcreatedon\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($username) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($age) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($sex) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($disease) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($fatal) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($district) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($hospitalid) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($postofficeid) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($reportedon)) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($diedon) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($date)) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($createdon)) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
mysql_query("update casereport set diedon=NULL where diedon=00-00-0000") or die(mysql_error());
if ($_POST['cmbPostOffice'] == 1) {
$newpostoffice = $_POST['txtNewPostOffice'];
if (strlen($newpostoffice) < 3) {
$flag = 'phpValidError';
}
if (isInvalidName($newpostoffice)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("insert into newpostoffice\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\tpincode\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($newpostoffice) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($district) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "'\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t ") or die(mysql_error());
}
}
$username = $_SESSION['userName'];
$description = "New Case Report on patient " . $name . " is added";
insertEventData('Add_Case_Report', "New_Case_Reported", $username, $description);
$flag = 'true';
}
}
} else {
$hospitalid = $_POST['cmbHospital'];
$postofficeid = $_POST['cmbPostOffice'];
$name = trim($_POST['txtName']);
$age = trim($_POST['txtAge']);
$sex = trim($_POST['rdoSex']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$pincode = trim($_POST['txtPincode']);
$disease = trim($_POST['cmbDisease']);
$fatal = trim($_POST['cmbFatal']);
$district = trim($_POST['cmbDistrict']);
$reportedon = trim($_POST['txtReportedOn']);
$caseId = trim($_POST['txtCaseId']);
$date = trim($_POST['txtCaseDate']);
if (trim($_POST['txtDiedOn']) == "") {
$diedon = "";
} else {
$diedon = trim($_POST['txtDiedOn']);
if (!isValidDate($diedon)) {
$flag = 'phpValidError';
}
$diedon = getDateToDb($diedon);
}
if (!isValidDate($reportedon)) {
$flag = 'phpValidError';
}
if (!isValidDate($date)) {
$flag = 'phpValidError';
}
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($hospitalid)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($age)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($disease)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($district)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($caseId)) {
$flag = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update casereport\n\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\tage='" . preventInj($age) . "',\n\t\t\t\t\t\tsex='" . preventInj($sex) . "',\n\t\t\t\t\t\taddress1='" . preventInj($address1) . "',\n\t\t\t\t\t\taddress2='" . preventInj($address2) . "',\n\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\tdiseaseid='" . preventInj($disease) . "',\n\t\t\t\t\t\tdistrictid='" . preventInj($district) . "',\n\t\t\t\t\t\thospitalid='" . preventInj($hospitalid) . "',\n\t\t\t\t\t\tpostofficeid='" . preventInj($postofficeid) . "',\n\t\t\t\t\t\treportedon='" . preventInj(getDateToDb($reportedon)) . "',\n\t\t\t\t\t\tdiedon='" . preventInj($diedon) . "',\n\t\t\t\t\t\tcasedate='" . preventInj(getDateToDb($date)) . "'\n\t\t\t\t\twhere casereportid='" . preventInj($caseId) . "' ") or die(mysql_error());
mysql_query("update casereport set diedon=NULL where diedon=00-00-0000") or die(mysql_error());
$username = $_SESSION['userName'];
$description = "Case Report with id " . $caseId . " is updated";
insertEventData('Update_Case_Report', "Case_Report_Updated", $username, $description);
$flag = 'success';
}
}
return $flag;
}
private function update($aUser)
{
$ok = false;
//$this->logs->addLog($aUser,"aUser - update");
$time = getDateToDb(time() + AUTH_TIMEOUT);
if (is_numeric($aUser['id']) && $aUser['session']) {
$ok = cDb::update("core_authentications", array('timeinit', $time, true), array(array('user', '=', $aUser['id']), 'AND', array('session', '=', session_id())));
}
if (!$ok) {
$this->clearSessions();
$this->clearCookies();
return false;
}
$this->setSessions($aUser);
$this->setCookies($aUser);
return true;
}
function displayContent($authorise, $val)
{
$userName = $_SESSION['userName'];
$strContent = '<h3>List Bulk Case Report</h3>';
$choice = 0;
$result = null;
switch ($val) {
case "1":
if (isset($_GET['Datestart'])) {
$startdate = getDateToDb($_GET['Datestart']);
$enddate = getDateToDb($_GET['Dateclose']);
} else {
$arrDate = strtEndDateMonthDiff();
$startdate = $arrDate[0];
$enddate = $arrDate[1];
}
$filterVal = "createdon between '" . $startdate . "' and '" . $enddate . "' ";
$choice = 1;
$strContent .= '<h4>Case Reported between ' . getDateFromDb($startdate) . '
and ' . getDateFromDb($enddate) . '</h4>';
break;
case "2":
$disease = $_GET['cmpDiseaseList'];
$filterVal = "bulkcase.diseaseid='" . $disease . "' ";
$choice = 2;
$resultDis = mysql_query("SELECT name FROM disease where \n\t\t\t\tdiseaseid='" . $disease . "' ") or die(mysql_error());
$row = mysql_fetch_array($resultDis);
$strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
break;
case "3":
$district = $_GET['cmpDistrictList'];
$filterVal = "bulkcase.districtid='" . $district . "' ";
$choice = 3;
$resultDist = mysql_query("SELECT name FROM district where \n\t\t\t\tdistrictid='" . $district . "' ") or die(mysql_error());
$row = mysql_fetch_array($resultDist);
$strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
break;
default:
$arrDate = strtEndDateMonthDiff();
$startdate = $arrDate[0];
$enddate = $arrDate[1];
$filterVal = " reportedon between '" . $startdate . "' and '" . $enddate . "' ";
$choice = 1;
$strContent .= '<h4>Case Reported between ' . $startdate . ' and ' . $enddate . '</h4>';
break;
}
if ($authorise == "GMO") {
$userName = $_SESSION['userName'];
$resultGmo = mysql_query("SELECT districtid FROM gmo where username='******' ") or die(mysql_error());
$rowGmo = mysql_fetch_array($resultGmo);
$districtid = $rowGmo['districtid'];
$result = mysql_query("SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid \n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid \n\t\t\tLEFT JOIN gmo on bulkcase.districtid=gmo.districtid \n\t\t\tWHERE gmo.districtid='" . $districtid . "' and " . $filterVal . " ") or die(mysql_error());
$paginationQuery = "SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid \n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid \n\t\t\tWHERE bulkcase.districtid='" . $districtid . "' and " . $filterVal;
} else {
if ($authorise == "DAO") {
$resultDao = mysql_query("SELECT districtid FROM dao where username='******' ");
$rowDao = mysql_fetch_array($resultDao);
$districtid = $rowDao['districtid'];
$result = mysql_query("SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid\n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid \n\t\t\tWHERE bulkcase.districtid='" . $districtid . "' and " . $filterVal . "") or die(mysql_error());
$paginationQuery = "SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid\n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid \n\t\t\tWHERE bulkcase.districtid='" . $districtid . "' and " . $filterVal;
} else {
if ($authorise == "ADMIN") {
$result = mysql_query("SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid\n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid\n\t\t\tWHERE 1=1 and " . $filterVal . " ") or die(mysql_error());
$paginationQuery = "SELECT bulkcaseid, disease.name as diseasename, district.name as \n\t\t\tdistname, reportedcase, fatalcase, createdon\n\t\t\tFROM bulkcase \n\t\t\tLEFT JOIN disease on bulkcase.diseaseid=disease.diseaseid\n\t\t\tLEFT JOIN district on bulkcase.districtid=district.districtid\n\t\t\tWHERE 1=1 and " . $filterVal;
} else {
}
}
}
$intResultNum = mysql_num_rows($result);
if ($intResultNum > 0) {
list($result, $classObj, $dispyListInfo) = classPagination($paginationQuery, $intResultNum);
$listData = listCaseReport($authorise, $intResultNum, $result);
$strContent .= $listData;
$strContent .= '<br /><br />';
$strContent .= $dispyListInfo . '<br />';
$strContent .= $classObj->navigationBar();
} else {
$strContent .= "No data is stored in the database or you are not authorised to view this data";
}
return $strContent;
}
function showContent($authorise, $selectedText, $option)
{
$strContent = "";
$choice = 0;
$dte1 = "";
$dte2 = "";
$curDate = "";
$event = "";
switch ($option) {
case "1":
$year = $_GET['MYear'];
$dte1 = $year . "-" . $selectedText . "-" . "01";
$dte2 = $year . "-" . $selectedText . "-" . "31";
$filterval = "eventtime between '" . $dte1 . "' and '" . $dte2 . "' ";
$choice = 1;
break;
case "2":
$curDate = date("d.m.Y");
$arrDate = explode(".", $curDate);
$dte1 = $selectedText . "-01-01";
$dte2 = $selectedText . "-12-31";
$filterval = "eventtime between '" . $dte1 . "' and '" . $dte2 . "' ";
$choice = 2;
break;
case "3":
if (isset($_GET['Datestart'])) {
$startdate = getDateToDb($_GET['Datestart']);
$enddate = getDateToDb($_GET['Dateclose']);
} else {
$arrDate = strtEndDateMonthDiff();
$startdate = $arrDate[0];
$enddate = $arrDate[1];
}
$filterval = "eventtime between '" . $startdate . "' and '" . $enddate . "' ";
$choice = 3;
break;
case "4":
$filterval = "event like '%" . $selectedText . "' ";
$choice = 4;
break;
default:
break;
}
$result = mysql_query("select * from eventlog where 1=1 and " . $filterval . " ") or die(mysql_error());
$paginationQuery = "select * from eventlog where 1=1 and " . $filterval;
$intCount = mysql_num_rows($result);
if ($intCount > 0) {
if ($choice == 1) {
echo '<h4>Report on ' . getMonth($selectedText) . ' ' . $_GET['MYear'] . '</h4><br>';
} else {
if ($choice == 2) {
echo '<h4>Report For The Year ' . $selectedText . '</h4><br>';
} else {
if ($choice == 3) {
if (isset($_GET['Datestart'])) {
echo '<h4>Report on ' . $_GET['Datestart'] . ' and ' . $_GET['Dateclose'] . '</h4><br>';
} else {
echo '<h4>Report on ' . getDateFromDb($startdate) . ' and ' . getDateFromDb($enddate) . '</h4><br>';
}
} else {
echo '<h4>Report on ' . $selectedText . '</h4><br>';
}
}
}
/* function for pagination */
list($result, $classObj, $dispyListInfo) = classPagination($paginationQuery, $intCount);
$listData = listEvent($authorise, $intCount, $result);
$strContent .= $listData;
$strContent .= '<br /><br />';
$strContent .= $dispyListInfo . '<br />';
$strContent .= $classObj->navigationBar();
} else {
$strContent .= "No data is stored in the database or you are not authorised to view this data";
}
echo $strContent;
}
function displayContent($authorise, $val)
{
$userName = $_SESSION['userName'];
$strContent = '<h3>List Case Report</h3>';
$choice = 0;
$result = null;
switch ($val) {
case "1":
if (isset($_GET['Datestart'])) {
$startdate = getDateToDb($_GET['Datestart']);
$enddate = getDateToDb($_GET['Dateclose']);
} else {
$arrDate = strtEndDateMonthDiff();
$startdate = $arrDate[0];
$enddate = $arrDate[1];
}
$filterVal = "reportedon between '" . $startdate . "' and '" . $enddate . "' ";
$choice = 1;
$strContent .= '<h4>Case Reported between ' . getDateFromDb($startdate) . '
and ' . getDateFromDb($enddate) . '</h4>';
break;
case "2":
$disease = $_GET['cmpDiseaseList'];
$filterVal = "casereport.diseaseid='" . $disease . "' ";
$choice = 2;
$resultDis = mysql_query("SELECT name FROM disease where \n\t\t\t\tdiseaseid='" . $disease . "' ") or die(mysql_error());
$row = mysql_fetch_array($resultDis);
$strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
break;
case "3":
$district = $_GET['cmpDistrictList'];
$filterVal = "casereport.districtid='" . $district . "' ";
$choice = 3;
$resultDist = mysql_query("SELECT name FROM district where \n\t\t\t\tdistrictid='" . $district . "' ") or die(mysql_error());
$row = mysql_fetch_array($resultDist);
$strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
break;
case "4":
$age = explode("-", $_GET['cmpAgeList']);
$agest = $age[0];
$ageend = $age[1];
$filterVal = "age between '" . $agest . "' and '" . $ageend . "' ";
$choice = 4;
$strContent .= '<h4>Case Reported on age, between ' . $agest . ' and ' . $ageend . '</h4>';
break;
case "5":
$hospital = $_GET['cmpHospitalList'];
$filterVal = "casereport.hospitalid='" . $hospital . "' ";
$choice = 5;
$resultHos = mysql_query("SELECT name FROM hospital where \n\t\t\t\thospitalid='" . $hospital . "' ") or die(mysql_error());
$row = mysql_fetch_array($resultHos);
$strContent .= '<h4>Case Report of ' . $row['name'] . '</h4>';
break;
default:
$arrDate = strtEndDateMonthDiff();
$startdate = $arrDate[0];
$enddate = $arrDate[1];
$filterVal = " reportedon between '" . $startdate . "' and '" . $enddate . "' ";
$choice = 1;
$strContent .= '<h4>Case Reported between ' . $startdate . ' and ' . $enddate . '</h4>';
break;
}
if ($authorise == "GMO") {
$resultGmo = mysql_query("SELECT districtid FROM gmo where username='******' ") or die(mysql_error());
$rowGmo = mysql_fetch_array($resultGmo);
$districtid = $rowGmo['districtid'];
$result = mysql_query("SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE casereport.districtid='" . $districtid . "' and " . $filterVal . "") or die(mysql_error());
$paginationQuery = "SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\t\t\t\t\t\t\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\t\t\t\t\t\t\t\t\tWHERE casereport.districtid='" . $districtid . "' and " . $filterVal;
} else {
if ($authorise == "DAO") {
$resultDao = mysql_query("SELECT districtid FROM dao where username='******' ");
$rowDao = mysql_fetch_array($resultDao);
$districtid = $rowDao['districtid'];
$result = mysql_query("SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE casereport.districtid='" . $districtid . "' and " . $filterVal . "") or die(mysql_error());
$paginationQuery = "SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\t\t\t\t\t\t\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\t\t\t\t\t\t\t\t\tWHERE casereport.districtid='" . $districtid . "' and " . $filterVal;
} else {
if ($authorise == "HOSPITAL") {
$resultHos = mysql_query("SELECT hospitalid FROM hospital where username='******' ");
$rowHos = mysql_fetch_array($resultHos);
$hosId = $rowHos['hospitalid'];
$result = mysql_query("SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname,hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE casereport.hospitalid='" . $hosId . "' and " . $filterVal . " ") or die(mysql_error());
$paginationQuery = "SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname,hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE casereport.hospitalid='" . $hosId . "' and " . $filterVal;
} else {
if ($authorise == "ADMIN") {
$result = mysql_query("SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\tWHERE " . $filterVal . " ") or die(mysql_error());
$paginationQuery = "SELECT casereportid, casereport.name as pname, age, sex, \n\t\t\t\t\t\t\t\t\t\t\tdisease.name as dname, hospital.name as hname, casedate FROM casereport \n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN hospital on casereport.hospitalid=hospital.hospitalid\n\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN disease on casereport.diseaseid=disease.diseaseid \n\t\t\t\t\t\t\t\t\t\t\tWHERE " . $filterVal;
} else {
}
}
}
}
$intResultNum = mysql_num_rows($result);
if ($intResultNum > 0) {
/* function for pagination */
list($result, $classObj, $dispyListInfo) = classPagination($paginationQuery, $intResultNum);
$listData = listCaseReport($authorise, $intResultNum, $result);
$strContent .= $listData;
$strContent .= '<br /><br />';
$strContent .= $dispyListInfo . '<br />';
$strContent .= $classObj->navigationBar();
} else {
$strContent .= "No data is stored in the database or you are not authorised to view this data";
}
return $strContent;
}
function fileReadCSV($fileName)
{
$pincode = "";
$diedon = "";
$strcontent = "";
$strReason = "";
$distId = "";
$disId = "";
$hosId = "";
$postId = "";
$strcontent .= '<table>
<tr>
<td>';
$handle = "";
$createdOn = "";
$strValue = "";
$diedon = "";
$userName = $_SESSION['userName'];
$createdOn = date("d/m/Y");
$handle = fopen("{$fileName}", "r");
while (($data = fgetcsv($handle, 1000, "\t")) !== FALSE) {
if (strlen($data[0]) > 1) {
if ($data[11] == "" || $data[11] == " " || $data[11] == NULL || strlen($data[11]) == 0) {
$data[11] = $data[11];
} else {
$data[11] = getDateToDb($data[11]);
}
mysql_query("insert into dummycasereport\n\t\t\t(\n\t\t\t\tname,\n\t\t\t\tage,\n\t\t\t\tsex,\n\t\t\t\taddress1,\n\t\t\t\taddress2,\n\t\t\t\tdistrictname,\n\t\t\t\tpostofficename,\n\t\t\t\tpincode,\n\t\t\t\thospitalname,\n\t\t\t\tdiseasename,\n\t\t\t\tfatal,\n\t\t\t\tdiedon,\n\t\t\t\tcasedate,\n\t\t\t\treportedon,\n\t\t\t\tusername,\n\t\t\t\tcreatedon\n\t\t\t)\n\t\t\tvalues\n\t\t\t(\n\t\t\t\t'" . trim(preventInj($data[0])) . "',\n\t\t\t\t'" . trim(preventInj($data[1])) . "',\n\t\t\t\t'" . trim(preventInj($data[2])) . "',\n\t\t\t\t'" . trim(preventInj($data[3])) . "',\n\t\t\t\t'" . trim(preventInj($data[4])) . "',\n\t\t\t\t'" . trim(preventInj($data[5])) . "',\n\t\t\t\t'" . trim(preventInj($data[6])) . "',\n\t\t\t\t'" . trim(preventInj($data[7])) . "',\n\t\t\t\t'" . trim(preventInj($data[8])) . "',\n\t\t\t\t'" . trim(preventInj($data[9])) . "',\n\t\t\t\t'" . trim(preventInj($data[10])) . "',\n\t\t\t\t'" . trim(preventInj($data[11])) . "',\n\t\t\t\t'" . trim(preventInj(getDateToDb($data[12]))) . "',\n\t\t\t\t'" . trim(preventInj(getDateToDb($data[13]))) . "',\n\t\t\t\t'" . trim(preventInj($userName)) . "',\n\t\t\t\t'" . trim(preventInj(getDateToDb($createdOn))) . "'\n\t\t\t)\n\t\t\t") or die(mysql_error());
}
}
//$strcontent.="Inserting of dummy case report finished...wait <br />";
fclose($handle);
$result = mysql_query("SELECT dummycasereport.name as name, age, sex, address1, address2,\n\t\t\tdistrict.districtid as districtid, postofficeid, dummycasereport.pincode as pincode,\n\t\t\thospitalid, diseaseid, fatal, reportedon, diedon, casedate, dummycasereport.username,\n\t\t\tcreatedon, casereportid\n\t\tFROM\n\t\t\tdummycasereport\n\t\tLEFT JOIN\n\t\t\tdistrict on dummycasereport.districtname = district.name\n\t\tLEFT JOIN\n\t\t\tdisease on dummycasereport.diseasename = disease.name\n\t\tLEFT JOIN\n\t\t\tpostoffice on dummycasereport.postofficename = postoffice.name\n\t\tLEFT JOIN\n\t\t\thospital on dummycasereport.hospitalname = hospital.name\n\t\tWHERE district.districtid is NOT NULL AND diseaseid is NOT NULL AND\n\t\t\tpostofficeid is NOT NULL AND hospitalid is NOT NULL") or die(mysql_error());
$intResultNum = mysql_num_rows($result);
while ($row = mysql_fetch_array($result)) {
//check the same result is reported earlier
$resultExist = mysql_query("SELECT * from casereport where name='" . $row['name'] . "'\n\t\t\tand age='" . $row['age'] . "'\n\t\t\tand sex='" . $row['sex'] . "'\n\t\t\tand fatal='" . $row['fatal'] . "'\n\t\t\tand address1='" . $row['address1'] . "'\n\t\t\tand address2='" . $row['address2'] . "'\n\t\t\tand districtid='" . $row['districtid'] . "'\n\t\t\tand postofficeid='" . $row['postofficeid'] . "'\n\t\t\tand pincode='" . $row['pincode'] . "'\n\t\t\tand hospitalid='" . $row['hospitalid'] . "'\n\t\t\tand diseaseid='" . $row['diseaseid'] . "'\n\t\t\tand fatal='" . $row['fatal'] . "'\n\t\t\tand reportedon='" . $row['reportedon'] . "'\n\t\t\tand diedon=\t'" . $row['diedon'] . "'\n\t\t\tand casedate='" . $row['casedate'] . "'\n\t\t") or die(mysql_error());
$intnameExists = mysql_num_rows($resultExist);
if ($intnameExists > 0) {
//case alreay reported
} else {
mysql_query("insert into casereport\n\t\t\t(\n\t\t\t\tname,\n\t\t\t\tage,\n\t\t\t\tsex,\n\t\t\t\taddress1,\n\t\t\t\taddress2,\n\t\t\t\tdistrictid,\n\t\t\t\tpostofficeid,\n\t\t\t\tpincode,\n\t\t\t\thospitalid,\n\t\t\t\tdiseaseid,\n\t\t\t\tfatal,\n\t\t\t\tdiedon,\n\t\t\t\tcasedate,\n\t\t\t\treportedon,\n\t\t\t\tusername,\n\t\t\t\tcreatedon\n\t\t\t)\n\t\t\tvalues\n\t\t\t(\n\t\t\t\t'" . $row['name'] . "',\n\t\t\t\t'" . $row['age'] . "',\n\t\t\t\t'" . $row['sex'] . "',\n\t\t\t\t'" . $row['address1'] . "',\n\t\t\t\t'" . $row['address2'] . "',\n\t\t\t\t'" . $row['districtid'] . "',\n\t\t\t\t'" . $row['postofficeid'] . "',\n\t\t\t\t'" . $row['pincode'] . "',\n\t\t\t\t'" . $row['hospitalid'] . "',\n\t\t\t\t'" . $row['diseaseid'] . "',\n\t\t\t\t'" . $row['fatal'] . "',\n\t\t\t\t'" . $row['diedon'] . "',\n\t\t\t\t'" . $row['casedate'] . "',\n\t\t\t\t'" . $row['reportedon'] . "',\n\t\t\t\t'" . $row['username'] . "',\n\t\t\t\t'" . $row['createdon'] . "'\n\t\t\t)\n\t\t\t") or die(mysql_error());
$resultMax = mysql_query("SELECT MAX(casereportid) as maxId from casereport") or die(mysql_error());
$rowMax = mysql_fetch_array($resultMax);
$maxId = $rowMax['maxId'];
mysql_query("UPDATE casereport SET diedon = NULL WHERE diedon='0000-00-00'\n\t\t\t\t\t\tand casereportid='" . $maxId . "' ") or die(mysql_error());
mysql_query("UPDATE casereport SET pincode = NULL WHERE pincode=0\n\t\t\t\t\t\tand casereportid='" . $maxId . "' ") or die(mysql_error());
$username = $_SESSION['userName'];
$description = "Cases Imported by " . $username . " is loaded into the database";
insertEventData('Import_Case', "Case_Imported", $username, $description);
}
mysql_query("delete from dummycasereport where casereportid='" . $row['casereportid'] . "' ") or die(mysql_error());
}
//$strcontent.="Valid datas are inserted to a case report table <br />";
$result = mysql_query("SELECT * FROM dummycasereport") or die(mysql_error());
$intResultNum = mysql_num_rows($result);
if ($intResultNum > 0) {
while ($row = mysql_fetch_array($result)) {
$resultCheck = mysql_query("SELECT dummycasereport.name as name, age, sex, address1,\n\t\t\t\taddress2, district.districtid as districtid, postofficeid, dummycasereport.pincode\n\t\t\t\tas pincode, hospitalid, diseaseid, fatal, reportedon, diedon, casedate,\n\t\t\t\tdummycasereport.username, createdon, casereportid\n\t\t\tFROM\n\t\t\t\tdummycasereport\n\t\t\tLEFT JOIN\n\t\t\t\tdistrict on dummycasereport.districtname = district.name\n\t\t\tLEFT JOIN\n\t\t\t\tdisease on dummycasereport.diseasename = disease.name\n\t\t\tLEFT JOIN\n\t\t\t\tpostoffice on dummycasereport.postofficename = postoffice.name\n\t\t\tLEFT JOIN\n\t\t\t\thospital on dummycasereport.hospitalname = hospital.name\n\t\t\tWHERE casereportid='" . $row['casereportid'] . "' ") or die(mysql_error());
$rowCheck = mysql_fetch_array($resultCheck);
$distId = $rowCheck['districtid'];
$disId = $rowCheck['diseaseid'];
$hosId = $rowCheck['hospitalid'];
$postId = $rowCheck['postofficeid'];
$strReason = "Reason to Reject: ";
if ($distId == NULL) {
$strReason .= "Check the district name\tis same as in the database. ";
}
if ($disId == NULL) {
$strReason .= "Check the disease name\tis same as in the database. ";
}
if ($hosId == NULL) {
$strReason .= "Check the hospital name\tis same as in the database. ";
}
if ($postId == NULL) {
$strReason .= "Check the postoffice name is same as in the database. ";
}
if ($row['diedon'] == "" || $row['diedon'] == " " || $row['diedon'] == NULL) {
$diedon = NULL;
} else {
$diedon = getDateFromDb($row['diedon']);
}
if ($diedon == '00/00/0000') {
$diedon = NULL;
}
$strValue .= $row['name'];
$strValue .= "\t";
$strValue .= $row['age'];
$strValue .= "\t";
$strValue .= $row['sex'];
$strValue .= "\t";
$strValue .= $row['address1'];
$strValue .= "\t";
$strValue .= $row['address2'];
$strValue .= "\t";
$strValue .= $row['districtname'];
$strValue .= "\t";
$strValue .= $row['postofficename'];
$strValue .= "\t";
$strValue .= $pincode;
$strValue .= "\t";
$strValue .= $row['hospitalname'];
$strValue .= "\t";
$strValue .= $row['diseasename'];
$strValue .= "\t";
$strValue .= $row['fatal'];
$strValue .= "\t";
$strValue .= $diedon;
$strValue .= "\t";
$strValue .= getDateFromDb($row['casedate']);
$strValue .= "\t";
$strValue .= getDateFromDb($row['reportedon']);
$strValue .= "\t";
$strValue .= $strReason;
$strValue .= "\n";
$strReason = "";
}
$intResultNum = $intResultNum * 2;
$intResultNum = $intResultNum + 1;
$strcontent .= '</td>
</tr>
<tr>
</td>';
$strcontent .= '<form>';
$strcontent .= '<textarea READONLY class="displayBack" rows="' . $intResultNum . '" cols="100">';
$strcontent .= $strValue;
$strcontent .= '</textarea>';
$strcontent .= '</form>';
$strcontent .= '</td>
</tr>
<tr>
<td>';
$strcontent .= "Invalid datas are given back for manual insertion <br />";
$strcontent .= 'Copy the above contents and insert the contents manually through "Add Case Report" link or modify the contents and try again.<span class="impMessage">You must remove the "Reason to Reject:" from the page before re-import the file</span>';
$strcontent .= '</td>
</tr>
<tr>
<td>';
}
mysql_query("delete from dummycasereport") or die(mysql_error());
$strcontent .= 'Valid contents are uploaded successfully';
$strcontent .= '</td>
</tr>
</table>';
return $strcontent;
}
function editpage_alterPage($pageid)
{
global $DB;
$tempid = intval($_POST['temp']);
$bPage = false;
/// instance of page 'core_pages' ///
$aVals = array(array('template', $tempid, false), array('user', 0, false));
if ($_POST['parent_page'] != 'null') {
$aVals[] = array('parentid', intval($_POST['parent_page']), false);
} else {
$aVals[] = array('parentid', 'NULL', false);
}
if (isset($_POST['cache'])) {
$aVals[] = array('usecache', 1, false);
} else {
$aVals[] = array('usecache', 0, false);
}
if (isset($_POST['publish'])) {
$aVals[] = array('published', 1, false);
} else {
$aVals[] = array('published', 0, false);
}
$aVals[] = array('timemodified', getDateToDb());
$bPage = $DB->update('core_pages', $aVals, array('id', '=', $pageid));
/// language pages 'core_lngpages'///
if ($bPage) {
$bPageLng = array();
foreach (cCfg::$aLangs as $lng) {
if (isset($_POST['lng_' . $lng])) {
$title = $_POST['title_' . $lng];
$menutitle = $_POST['menu_title_' . $lng];
$url = admin_createPageUrl($_POST['title_' . $lng]);
if ($menutitle == "") {
$menutitle = $title;
}
$lngExists = $DB->select('core_lngpages', 'id', array(array('lng', '=', $lng), 'AND', array('page', '=', $pageid)));
if (count($lngExists)) {
$bPageLng[$lng] = $DB->update('core_lngpages', array(array('title', $title), array('menutitle', $menutitle), array('url', $url), array('timemodified', getDateToDb())), array(array('lng', '=', $lng), 'AND', array('page', '=', $pageid)));
/// no exists record in core_lngpages of this LNG for this page ///
} else {
$bPageLng[$lng] = $DB->insert('core_lngpages', array(array('title', $title), array('menutitle', $menutitle), array('url', $url), array('page', $pageid, false), array('lng', $lng)));
}
} else {
$DB->delete('core_lngpages', array(array('lng', '=', $lng), 'AND', array('page', '=', $pageid)));
}
}
if (!count($bPageLng) || isset($_POST['lng'])) {
if ($_POST['menut_title'] == "") {
$_POST['menut_title'] = $_POST['title'];
}
$lngExists = $DB->select('core_lngpages', 'id', array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
if (count($lngExists)) {
$bPageLng[] = $DB->update('core_lngpages', array(array('title', $_POST['title']), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title'])), array('timemodified', getDateToDb())), array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
} else {
$bPageLng[] = $DB->insert('core_lngpages', array(array('title', $_POST['title']), array('page', $pageid, false), array('menutitle', $_POST['menu_title']), array('url', admin_createPageUrl($_POST['title']))));
}
} else {
$DB->delete('core_lngpages', array(array('lng', '=', null), 'AND', array('page', '=', $pageid)));
}
}
return $bPage && count($bPageLng);
}
$Check->check('css', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in CSS field!');
$Logs->addLog($Check->isValid(), 'valid');
//$Logs->addLog($Check->getErrors(),'errors');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
if ($_POST['parent_temp'] != 'null') {
$aVals[] = array('parentid', intval($_POST['parent_temp']), false);
} else {
$aVals[] = array('parentid', 'NULL', false);
}
$aVals[] = array('js', $_POST['js']);
$aVals[] = array('css', $_POST['css']);
$aVals[] = array('timemodified', getDateToDb());
try {
if (!$DB->update('core_templates', $aVals, array('id', '=', $tempid))) {
throw new cException("Some error during update operation!");
}
$aAlerts[] = "Template was updated.";
} catch (cException $e) {
$msg = $e->getDbMessageError(__METHOD__ . '(line:' . __LINE__ . ')', $query);
$aErrors[] = $msg;
cLogsDb::addFileLog($msg);
}
}
}
$allTemps = admin_getAllTemps();
//$Logs->addLog($allTemps, "allTemps");
//$allPages = admin_getAllPages();//add_getAllPages();
private function parseFakDataToDb()
{
/// prihlaseny uzivatel ///
if (!is_null($this->CFG->getUseraccountId())) {
$this->aFakToDb[] = array('useracc', $this->CFG->getUseraccountId(), false);
}
/// zbytek dat faktury ///
$this->aFakToDb[] = array('cislo', $this->aPost['cislo_faktury'], false);
$this->aFakToDb[] = array('splatnost', $this->aPost['splatnost'], false);
$this->aFakToDb[] = array('datum_vyst', getDateToDb(getStringToTime($this->aPost['datum_vystaveni'], 'j.n.Y')));
$this->aFakToDb[] = array('datum_splat', getDateToDb(getStringToTime($this->aPost['datum_splatnosti'], 'j.n.Y')));
$this->aFakToDb[] = array('zpusob_uhr', $this->aPost['zpusob_uhrady'], false);
$this->aFakToDb[] = array('varsymbol', $this->aPost['variabilni_symbol']);
$this->aFakToDb[] = array('vystavil', $this->aPost['vystavil']);
$this->aFakToDb[] = array('vystavil_tel', $this->aPost['vystavil_tel']);
$this->aFakToDb[] = array('typ', $this->aPost['typ_faktury'], false);
$this->aFakToDb[] = array('ip', $_SERVER['REMOTE_ADDR']);
}