if (isset($_FILES['mimg'])) {
$mimg = $_FILES['mimg'];
}
if (isset($_POST['name'])) {
//**************************Image**********************
$target = "groupimage/";
if (basename($_FILES['mimg']['name'])) {
$name = basename($_FILES['mimg']['name']);
$res = checkex($name);
$s1 = 1;
if (!$res) {
error('File Type not allowed!! You can only upload JPEG,PNG,BMP and GIF images.');
$s1 = 0;
} else {
$name = str_replace(' ', '_', $name);
$name = get_rand_id(15) . '_' . $name;
$target = $target . $name;
$mimg = kbase() . '/kart/' . $target;
if (move_uploaded_file($_FILES['mimg']['tmp_name'], $target)) {
$s2 = 1;
} else {
error('Error Uploading Main Image !!');
$s2 = 0;
}
}
}
if ($s1 && $s2) {
//$desc=strip_tags($_POST['desc']);
$q = "INSERT INTO `groups` (`id`, `name`, `members`, `pic`, `alias`) VALUES (NULL, '{$title}', '0', '{$name}', '{$alias}')";
//echo $q;
mysql_query($q) or die('Could not create group|| My SQL Error !!');
<option value="customerservice">Customer Service</option>
<option value="gateway">Gateway Users</option>
<option value="reseller">Reseller</option>
<option value="tele">Telemarketing users</option>
</select>
</td>
</tr>
<tr>
<td colspan="3"><span class="whitetext"><strong>Enter the security code given below</strong>(Codes are case sensitive)</span></td>
</tr>
<?php
$str_securecode1 = get_rand_id(1);
$str_securecode2 = get_rand_id(1);
$str_securecode3 = get_rand_id(1);
$str_securecode4 = get_rand_id(1);
$str_securecode = "{$str_securecode1}{$str_securecode2}{$str_securecode3}{$str_securecode4}";
?>
<tr>
<td><img src="images/securitycode/<?php
echo $str_securecode1;
?>
.gif" border="0"><img src="images/securitycode/<?php
echo $str_securecode2;
?>
.gif" border="0"><img src="images/securitycode/<?php
echo $str_securecode3;
?>
.gif" border="0"><img src="images/securitycode/<?php
echo $str_securecode4;
<div class="content-container"> <span class="logo"><img src="../webroot/img/quizroo-question.png" alt="Member not found" width="248" height="236" /></span>
<p>Sorry! The quiz that you're looking for may no be available. Please check the ID of the quiz again.</p>
<p>The reason you're seeing this error could be due to:</p>
<ul>
<li>The URL is incorrect or doesn't contain the ID of the quiz</li>
<li>No quiz with this ID exists</li>
<li>The owner could have removed the quiz</li>
<li>The quiz was taken down due to violations of rules at Quizroo</li>
</ul>
</div>
</div>
<?php
}
} else {
// generate a one time hash key for the upload, (this hash key will stay with the quiz throughout the entire creation process)
$unikey = get_rand_id(8);
// bind it to a member
$member->bindImagekey($unikey);
// since it's a new quiz, state is always true
$quiz_state = true;
// populate the categories
$query_listCat = "SELECT cat_id, cat_name FROM q_quiz_cat";
$listCat = mysql_query($query_listCat, $quizroo) or die(mysql_error());
$row_listCat = mysql_fetch_assoc($listCat);
$totalRows_listCat = mysql_num_rows($listCat);
?>
<div id="progress-container" class="framePanel rounded">
<h2>Create Quiz</h2>
<div class="content-container">
<p>You're just <strong>4</strong> steps away from creating your own quiz! <em>Step 1</em> contains all the basic information we need to help you setup your quiz. If you have prepared several images for quiz, you can upload them all at once! You can choose which images to use at every step of the creation process.</p>
<ul class="rounded">
$userid = $row['id'];
if ($id != $userid) {
echo "<font color='red'>E-mail address is in use by another person .</font></br>";
$fail = 1;
}
}
}
if (isset($pass)) {
$password = $pass;
/*
for ($i=0; $i<=32; $i++) {
$d=rand(1,30)%2;
$salt .= $d ? chr(rand(65,90)) : chr(rand(48,57));
}
*/
$salt = get_rand_id(32);
//hash password with salt-->
$hashed = md5($password . $salt);
//here is your new encrypted password, ready to store in the database table, `jos_users`
$encrypted = $hashed . ':' . $salt;
}
$fail = !$fail;
if ($contact && $fail) {
if (isset($pass)) {
$q = "UPDATE `jos_users` SET `contact` = '{$contact}', `active` = '1', `name` = '{$name}', `email` = '{$email}', `password` = '{$encrypted}' WHERE `jos_users`.`id` ='{$id}'";
} else {
$q = "UPDATE `jos_users` SET `contact` = '{$contact}', `active` = '1', `name` = '{$name}', `email` = '{$email}' WHERE `jos_users`.`id` ='{$id}'";
}
mysql_query($q) or die('Error Updating Your Profile !!');
echo '<font color="green" >Your details have been Updated Successfully !!</font></br>';
}
if ($_SESSION['img_ver'] == $captcha) {
//**************************security measures***********************
$desc = preg_replace('/[^A-Za-z0-9 ]/', '', $desc);
//disallow anything but characters and numerals
if (!is_numeric($gid)) {
die('1');
}
if (!is_numeric($sec) && $sec != '') {
die('2');
}
if (!is_numeric($cat) && $cat != '') {
die('3');
}
//******************************************************************
$timestamp = date('d/m/Y');
$rand_id = get_rand_id(10);
$q = "INSERT INTO `requests` (`id`, `desc`, `sec`, `cat`, `email`, `contact`, `uid`, `timestamp`, `gid`) VALUES (NULL, '{$desc}', '{$sec}', '{$cat}', '{$email}', '{$contact}', '{$rand_id}', '{$timestamp}', '{$gid}')";
$result = mysql_query($q) or die('sqlerr 1 request');
$q = "select id from requests where uid='{$rand_id}'";
$result = mysql_query($q) or die('sqlerr 2 request');
$row = mysql_fetch_array($result);
$id = $row['id'];
if (isset($key)) {
$key = explode(',', $key);
foreach ($key as $keyword) {
$keyword = strip_tags($keyword);
$q = "INSERT INTO `request_keywords` (`id`, `keyword`, `sec`, `cat`) VALUES ('{$id}', '{$keyword}', '{$sec}','{$cat}')";
mysql_query($q) or die('sqlerr 3 request');
}
}
message('Request posted Successfully !!');
$reseller_id = isset($HTTP_POST_VARS['reseller_id']) ? quote_smart($HTTP_POST_VARS['reseller_id']) : "";
$gateway_id = isset($HTTP_POST_VARS['gateway_id']) ? quote_smart($HTTP_POST_VARS['gateway_id']) : "";
$username = isset($HTTP_POST_VARS['username']) ? quote_smart($HTTP_POST_VARS['username']) : "";
//$password = (isset($HTTP_POST_VARS['password'])?quote_smart($HTTP_POST_VARS['password']):"");
$email = isset($HTTP_POST_VARS['email']) ? quote_smart($HTTP_POST_VARS['email']) : "";
$user_companyexist = 0;
$transaction_type = isset($HTTP_POST_VARS['rad_order_type']) ? quote_smart($HTTP_POST_VARS['rad_order_type']) : "";
$how_about_us = isset($HTTP_POST_VARS['how_about_us']) ? quote_smart($HTTP_POST_VARS['how_about_us']) : "";
$voulmeNumber = isset($HTTP_POST_VARS['merchant_voulme']) ? quote_smart($HTTP_POST_VARS['merchant_voulme']) : "";
$reseller = isset($HTTP_POST_VARS['reseller']) ? quote_smart($HTTP_POST_VARS['reseller']) : "";
$str_pass1 = get_rand_id(1);
$str_pass2 = get_rand_id(1);
$str_pass3 = rand(0, 9);
$str_pass4 = get_rand_id(1);
$str_pass5 = get_rand_id(1);
$str_pass6 = get_rand_id(1);
$password = strtolower("{$str_pass1}{$str_pass2}{$str_pass3}{$str_pass4}{$str_pass5}{$str_pass6}");
$msgtodisplay = "";
if ($transaction_type == "tele") {
$send_ecommercemail = 0;
} else {
$send_ecommercemail = 1;
}
$current_date_time = func_get_current_date_time();
$user_nameexist = 0;
if ($companyname) {
$user_nameexist = func_checkUsernameExistInAnyTable($username, $cnn_cs);
$user_emailexist = func_checkEmailExistInAnyTable($email, $cnn_cs);
$user_companyexist = func_checkCompanynameExistInAnyTable($companyname, $cnn_cs);
$qry_select_user = "******";
//print $qry_select_user;
function sifreHatirlat()
{
# password reminder
$tarih = date_tarih();
global $email, $panelusername, $hash;
$this->getVariable(array("email", 'panelusername', 'hash'));
if ($email != "") {
#validate email:
$kayitliemail = $this->getField($this->conf['logintable']['tablename'], 'email', "email='{$email}'");
$filt = "email='{$email}'";
if ($kayitliemail != '') {
if (!$hash) {
$hash = get_rand_id(10);
$r = $this->executequery("insert into hash (email,hash)values('{$email}','{$hash}')");
if (!$r) {
return false;
}
$msg = "ehcp: \nSomebody at ({$this->clientip}) requested to reset your pass.\ngo to this url to reset your pass: "******"/?op=sifrehatirlat&email={$email}&hash={$hash} \nif you are accessing your server locally, replace ip in this url with local ip of server";
mail($email, $this->sitename . '- password reset info', $msg, $this->headers);
$this->output .= "Password reset info is sent to your email. (pass is same yet)";
return;
}
# get username
$filt2 = $filt;
if ($panelusername != '') {
$filt2 = "{$filt} and panelusername='******'";
}
$username = $this->getField($this->conf['logintable']['tablename'], $this->conf['logintable']['usernamefield'], $filt2);
#validate hash
$filt3 = "{$filt} and hash='{$hash}'";
$sayi = $this->recordcount("hash", $filt3);
if ($sayi == 0) {
$this->errorTextExit("Wrong password reset info, verify the password reset url in your email");
}
#reset pass
$yenisifre = get_rand_id(5);
if ($email == '*****@*****.**') {
$ek = ",status='active'";
}
$s = $this->executeQuery("update " . $this->conf['logintable']['tablename'] . " set " . $this->conf['logintable']['passwordfield'] . "=md5('{$yenisifre}') {$ek} where email='{$email}'", 'update user pass', 'update user pass');
if ($s) {
$msg = "Your password is reset as ({$yenisifre}) Your username is ({$username}) Thank you for using {$this->sitename} -dnsip:" . $this->dnsip . $this->conf['dnsip'];
mail($email, $this->sitename . '- password reset info', $msg, $this->headers);
$this->echoln("Your pass is sent to your email. <br>");
$this->executequery("delete from hash where {$filt3}");
# delete hash after verify
}
} else {
$this->output .= 'No such email';
}
} else {
$inputparams = array(array('email', 'lefttext' => 'Enter your email:'), array('panelusername', 'righttext' => 'leave empty if you dont remember'), array('op', 'hidden', 'default' => __FUNCTION__));
$this->output .= inputform5($inputparams);
#inputform4($action,array('Enter your email:'),array('email'),array(),array("op"),array('sifrehatirlat'));
}
return true;
}
function createad($title, $section, $category, $age, $sp, $info, $mimg, $img1, $img2, $group, $contact, $email, $warranty, $pn, $date, $timg)
{
$created = date("Y-m-d") . ' 00:00:00';
$day = date("d") - 1;
$publish_up = date("Y-m") . '-' . $day . ' 00:00:00';
$uniqueid = get_rand_id(16);
$q = "INSERT INTO `ads` (`id`, `title`, `section`, `category`, `age`, `sp`, `info`, `mimg`, `img1`, `img2`, `group`, `contact`, `email`, `warranty`, `pn`, `date`, `uniqueid`, `timg`) VALUES (NULL, '{$title}', '{$section}', '{$category}', '{$age}', '{$sp}', '{$info}', '{$mimg}', '{$img1}', '{$img2}', '{$group}', '{$contact}', '{$email}', '{$warranty}', '{$pn}', '{$date}', '{$uniqueid}', '{$timg}')";
mysql_query($q) or die('MySQL Error( Submit Ad )!!');
$q = "SELECT id FROM `ads` WHERE `uniqueid`='" . $uniqueid . "'";
$result = mysql_query($q) or die('MySQL Error(3)!!');
$row = mysql_fetch_array($result);
$aid = $row['id'];
$alias = get_alias($title);
$mdesc = $info;
$mkey = preg_replace('/^(A-Za-z0-9)*/', ',', $title);
if (!$uid) {
$uid = 62;
}
//$dt=strtotime($created)+($valid*24*3600);
//$valid=date("Y-m-d H:i:s", $dt);
$q = "INSERT INTO `jos_content` (\n`id` ,\n`title` ,\n`alias` ,\n`title_alias` ,\n`introtext` ,\n`fulltext` ,\n`state` ,\n`sectionid` ,\n`mask` ,\n`catid` ,\n`created` ,\n`created_by` ,\n`created_by_alias` ,\n`modified` ,\n`modified_by` ,\n`checked_out` ,\n`checked_out_time` ,\n`publish_up` ,\n`publish_down` ,\n`images` ,\n`urls` ,\n`attribs` ,\n`version` ,\n`parentid` ,\n`ordering` ,\n`metakey` ,\n`metadesc` ,\n`access` ,\n`hits` ,\n`metadata`,\n`aid`\n)\nVALUES (\nNULL , '" . $title . "', '" . $alias . "', '', '<p>{module View Ads}</p>', '', '1', '" . $section . "', '0', '" . $category . "', '" . $created . "', '" . $uid . "', '', '" . $created . "', '0', '0', '0000-00-00 00:00:00', '" . $publish_up . "', '0000-00-00 00:00:00', '', '', 'show_title=0\nlink_titles=0\nshow_intro=1\nshow_section=0\nlink_section=\nshow_category=0\nlink_category=\nshow_vote=0\nshow_author=0\nshow_create_date=0\nshow_modify_date=0\nshow_pdf_icon=0\nshow_print_icon=0\nshow_email_icon=0\nlanguage=en-GB\nkeyref=\nreadmore=', '1', '0', '1', '" . $mkey . "', '" . $mdesc . "', '0', '0', 'robots=\nauthor=', '" . $aid . "'\n)";
$result = mysql_query($q) or die('MySQL Error(2)!!');
$q = "SELECT id FROM `jos_content` WHERE `aid`=" . $aid;
$resultt = mysql_query($q) or die('MySQL Error(112)!!');
$roww = mysql_fetch_array($resultt);
$q = "UPDATE `ads` SET `artid` = '" . $roww['id'] . "' WHERE `ads`.`id` ={$aid}";
$result = mysql_query($q) or die('sqlerr 121 createad');
$q = "INSERT INTO `ad_visibility` (`aid`, `gid`) VALUES ('{$aid}', '{$group}')";
$result = mysql_query($q) or die('sqlerr 122 creatad');
/*echo '<script type="text/javascript"> alert("Ad Submitted Successfully !!"); </script>';*/
message('Ad Submitted Successfully !! An e-mail with information regarding managing this Ad has been sent to you. If you can\'t find the email in your inbox then check your spam folder.');
return $roww['id'] . ":" . $uniqueid;
}
private function LOGIN_DOC()
{
error_reporting(0);
$this->logger->write("INFO :", "Calling LOGIN_DOC for doctor");
// Cross validation if the request method is POST else it will return "Not Acceptable" status
if ($this->get_request_method() != "POST") {
$this->response('', 406);
}
$post = json_decode(file_get_contents("php://input"), true);
$mob_number = $post['Doctor_mobile_number'];
$password = $post['pwd'];
$this->logger->write("INFO :", "login with" . $mob_number . "pass" . $password);
//$mob_number = $this->_request['Doctor_mobile_number'];
//$password = $this->_request['pwd'];
// Input validations
if (!empty($mob_number) and !empty($password)) {
$sql = mysql_query("SELECT * FROM doctor_stub WHERE Doctor_mobile_number = '{$mob_number}' AND BINARY Doctor_password = md5('{$password}') and Doctor_unregistered='False' LIMIT 1", $this->db);
if (mysql_num_rows($sql) > 0) {
$result = mysql_fetch_array($sql, MYSQL_ASSOC);
// If success everythig is good send header as "OK" and user details
function assign_rand_value($num)
{
// accepts 1 - 36
switch ($num) {
case "1":
$rand_value = "a";
break;
case "2":
$rand_value = "b";
break;
case "3":
$rand_value = "c";
break;
case "4":
$rand_value = "d";
break;
case "5":
$rand_value = "e";
break;
case "6":
$rand_value = "f";
break;
case "7":
$rand_value = "g";
break;
case "8":
$rand_value = "h";
break;
case "9":
$rand_value = "i";
break;
case "10":
$rand_value = "j";
break;
case "11":
$rand_value = "k";
break;
case "12":
$rand_value = "l";
break;
case "13":
$rand_value = "m";
break;
case "14":
$rand_value = "n";
break;
case "15":
$rand_value = "o";
break;
case "16":
$rand_value = "p";
break;
case "17":
$rand_value = "q";
break;
case "18":
$rand_value = "r";
break;
case "19":
$rand_value = "s";
break;
case "20":
$rand_value = "t";
break;
case "21":
$rand_value = "u";
break;
case "22":
$rand_value = "v";
break;
case "23":
$rand_value = "w";
break;
case "24":
$rand_value = "x";
break;
case "25":
$rand_value = "y";
break;
case "26":
$rand_value = "z";
break;
case "27":
$rand_value = "0";
break;
case "28":
$rand_value = "1";
break;
case "29":
$rand_value = "2";
break;
case "30":
$rand_value = "3";
break;
case "31":
$rand_value = "4";
break;
case "32":
$rand_value = "5";
break;
case "33":
$rand_value = "6";
break;
case "34":
$rand_value = "7";
break;
case "35":
$rand_value = "8";
break;
case "36":
$rand_value = "9";
break;
}
return $rand_value;
}
function get_rand_id($length)
{
if ($length > 0) {
$rand_id = "";
for ($i = 1; $i <= $length; $i++) {
mt_srand((double) microtime() * 1000000);
$num = mt_rand(1, 36);
$rand_id .= assign_rand_value($num);
}
}
return $rand_id;
}
$ran_val = get_rand_id(16);
$sql_update = mysql_query("update doctor_stub set Doctor_login_enc_key='{$ran_val}' where Doctor_mobile_number='{$mob_number}'", $this->db);
if ($sql_update == 'success') {
$sql_mod_enc = mysql_query("SELECT * FROM doctor_stub WHERE Doctor_mobile_number = '{$mob_number}' AND BINARY Doctor_password = md5('{$password}') LIMIT 1", $this->db);
if (mysql_num_rows($sql_mod_enc) > 0) {
$result_mod_enc = mysql_fetch_array($sql_mod_enc, MYSQL_ASSOC);
}
$success = array('status' => "Success", "doc_details" => $result_mod_enc);
$this->response($this->json($success), 200);
} else {
$error = array('status' => "Failed", "msg" => "Error while generating login_encrypted_key");
$this->response($this->json($error), 400);
}
//$this->response($this->json($result), 200);
} else {
$error1 = array('status' => "Failed", "msg" => "Login Failure");
$this->response($this->json($error1), 204);
// If no records "No Content" status
}
} else {
// If invalid inputs "Bad Request" status message and reason
$error = array('status' => "Failed", "msg" => "Invalid mobile number or Password");
$this->response($this->json($error), 400);
}
}
function save_new_application()
{
if (isset($_POST['num_leaves']) and intval(trim($_POST['num_leaves'])) > 0) {
//Αν ο αριθμός ημερών δεν είναι κενός και το αριθμός είναι μεγαλύτερος του 0
global $db, $user, $message_list;
// Check if the number of days requested is available (remaining days)
if (trim($_POST['leave_type']) == 2) {
$afm = trim($_POST['user_tel']);
if (intval(trim($_POST['num_leaves'])) > get_remaining_leaves_for_user(afm_to_id($afm))) {
$message_list[] = array('type' => 'danger', 'message' => 'Σφάλμα! Το υπόλοιπο των ημερών αδείας του υπαλλήλου σας δεν επαρκεί.');
return;
}
} else {
if (intval(trim($_POST['num_leaves'])) > get_remaining_leaves()) {
$message_list[] = array('type' => 'danger', 'message' => 'Σφάλμα! Το υπόλοιπο των ημερών αδείας σας δεν επαρκεί.');
return;
}
}
$query = $db->prepare('INSERT INTO leaves_submissions (leave_id, employee_afm, type_id, date_submitted, submitted_by, date_starts, date_ends, num_leaves, ip_submitted, remaining_leaves, filename) VALUES(NULL, :employee_afm, :type_id, :date_submitted, :submitted_by, :date_starts, :date_ends, :num_leaves, :ip_submitted, :remaining_leaves, :filename)');
$afm = $user->afm;
$submitted_by = '';
if (trim($_POST['leave_type']) == 2) {
// This is request via telephone
$afm = trim($_POST['user_tel']);
$submitted_by = $user->afm;
}
$submission_date = date("Y-m-d H:i:s");
$filename = date("Y-m-d_H_i_s") . '_' . get_rand_id(5) . '.pdf';
$query->bindValue(':employee_afm', $afm, PDO::PARAM_STR);
$query->bindValue(':type_id', trim($_POST['leave_type']), PDO::PARAM_INT);
$query->bindValue(':date_submitted', $submission_date, PDO::PARAM_STR);
$query->bindValue(':submitted_by', $submitted_by, PDO::PARAM_STR);
$query->bindValue(':date_starts', trim($_POST['date_starts']), PDO::PARAM_STR);
$query->bindValue(':date_ends', trim($_POST['date_ends']), PDO::PARAM_STR);
$query->bindValue(':num_leaves', trim($_POST['num_leaves']), PDO::PARAM_INT);
$query->bindValue(':ip_submitted', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
$query->bindValue(':remaining_leaves', get_remaining_leaves(), PDO::PARAM_STR);
$query->bindValue(':filename', $filename, PDO::PARAM_STR);
$query->execute();
$id = $db->lastInsertId();
if ($id != 0) {
// Prepare the pdf body
$leave_user = get_user_details_by_afm($afm);
$pdf_body = '<h4>Αίτηση Άδειας</h4>';
$pdf_body .= '<p>Όνομα: ' . $leave_user->first_name . '</p>';
$pdf_body .= '<p>Επίθετο: ' . $leave_user->last_name . '</p>';
$pdf_body .= '<p>Ημερομηνία Έναρξης Άδειας: ' . printDate(trim($_POST['date_starts'])) . '</p>';
$pdf_body .= '<p>Ημερομηνία Λήξης Άδειας: ' . printDate(trim($_POST['date_ends'])) . '</p>';
$pdf_body .= '<p>Ημέρες Άδειας: ' . trim($_POST['num_leaves']) . '</p>';
$pdf_body .= '<p>Ημέρομηνία Υποβολής: ' . printDate($submission_date) . '</p>';
// Also print the pdf
$full_path_filename = getcwd() . '/apps/leaves/files/' . $filename;
print_pdf($full_path_filename, $pdf_body);
if (DEBUG) {
// This is in development mode..
$address = LEAVES_DEBUG_USER_EMAIL;
$receiver = LEAVES_DEBUG_USER_NAME;
} else {
// Send email to the employer
$address = $leave_user->email;
$receiver = $leave_user->first_name . ' ' . $leave_user->last_name;
}
$subject = 'Η Αίτηση Αδείας σας υποβλήθηκε επιτυχώς';
$body = '<p>Η Αίτηση Αδείας σας υποβλήθηκε επιτυχώς</p>';
$body .= '<p>Επισυνάπτεται αντίγραφο της αίτησή σας.</p>';
$body .= '<p>Θα ενημερωθείτε με νεώτερο email μετά το πέρας της επεξεργασίας της αίτησής σας.</p>';
email_send($address, $receiver, $subject, $body, $full_path_filename);
if (trim($_POST['leave_type']) != 2) {
// If it is by telephone no need to alert the supervisors
// Maybe send this no matter what..?
$supervisors = get_user_supervisors($leave_user);
foreach ($supervisors as $supervisor) {
if (DEBUG) {
// This is in development mode..
$address = LEAVES_DEBUG_USER_EMAIL;
$receiver = LEAVES_DEBUG_USER_NAME;
} else {
// Send email to the supervisor
$address = $supervisor['email'];
$receiver = $supervisor['first_name'] . ' ' . $supervisor['last_name'];
}
if (DEBUG) {
$message_list[] = array('type' => 'message', 'message' => 'Ενημερώθηκε ηλεκτρονικά ο ' . $supervisor['first_name'] . ' ' . $supervisor['last_name']);
}
$subject = 'Νέα Αίτηση Αδείας απο τον ' . $leave_user->first_name . ' ' . $leave_user->last_name;
$body = '<p>O ' . $leave_user->first_name . ' ' . $leave_user->last_name . ' υπέβαλλε νέα αίτηση αδείας.</p>';
$body .= '<p>Συνδεθείτε για να επεξεργαστείτε την αίτηση.</p>';
$body .= '<p><a href="' . URL . '?p=leaves|applications">' . URL . '</a></p>';
email_send($address, $receiver, $subject, $body);
}
}
$message_list[] = array('type' => 'success', 'message' => 'Η Αίτηση καταχωρήθηκε επιτυχώς..');
} else {
$message_list[] = array('type' => 'danger', 'message' => 'Σφάλμα! Η Αίτηση δεν καταχωρήθηκε επιτυχώς..');
}
//echo $query->getSQL(); //For debug
}
}
private function RESET_PASS()
{
error_reporting(0);
$this->logger->write("INFO :", "Calling RESET_PASS for doctor");
// Cross validation if the request method is POST else it will return "Not Acceptable" status
if ($this->get_request_method() != "POST") {
$this->response('', 406);
}
$post = json_decode(file_get_contents("php://input"), true);
$mob_number = $post['Doctor_mobile_number'];
$email = mysql_real_escape_string($post['email']);
$this->logger->write("INFO :", "reset with" . $mob_number . "email" . $email);
// $mob_number = $this->_request['Doctor_mobile_number'];
// $password = $this->_request['pwd'];
// Input validations
if (!empty($mob_number) and !empty($email)) {
$sql = mysql_query("SELECT * FROM doctor_stub WHERE Doctor_mobile_number = '{$mob_number}' AND BINARY Doctor_email = '{$email}' and Doctor_unregistered='False' LIMIT 1", $this->db);
if (mysql_num_rows($sql) > 0) {
$result = mysql_fetch_array($sql, MYSQL_ASSOC);
$doctor_id = $result['Doctor_serial_id'];
// If success everythig is good send header as "OK" and user details
function assign_rand_value($num)
{
// accepts 1 - 36
switch ($num) {
case "1":
$rand_value = "a";
break;
case "2":
$rand_value = "b";
break;
case "3":
$rand_value = "c";
break;
case "4":
$rand_value = "d";
break;
case "5":
$rand_value = "e";
break;
case "6":
$rand_value = "f";
break;
case "7":
$rand_value = "g";
break;
case "8":
$rand_value = "h";
break;
case "9":
$rand_value = "i";
break;
case "10":
$rand_value = "j";
break;
case "11":
$rand_value = "k";
break;
case "12":
$rand_value = "l";
break;
case "13":
$rand_value = "m";
break;
case "14":
$rand_value = "n";
break;
case "15":
$rand_value = "o";
break;
case "16":
$rand_value = "p";
break;
case "17":
$rand_value = "q";
break;
case "18":
$rand_value = "r";
break;
case "19":
$rand_value = "s";
break;
case "20":
$rand_value = "t";
break;
case "21":
$rand_value = "u";
break;
case "22":
$rand_value = "v";
break;
case "23":
$rand_value = "w";
break;
case "24":
$rand_value = "x";
break;
case "25":
$rand_value = "y";
break;
case "26":
$rand_value = "z";
break;
case "27":
$rand_value = "0";
break;
case "28":
$rand_value = "1";
break;
case "29":
$rand_value = "2";
break;
case "30":
$rand_value = "3";
break;
case "31":
$rand_value = "4";
break;
case "32":
$rand_value = "5";
break;
case "33":
$rand_value = "6";
break;
case "34":
$rand_value = "7";
break;
case "35":
$rand_value = "8";
break;
case "36":
$rand_value = "9";
break;
}
return $rand_value;
}
function get_rand_id($length)
{
if ($length > 0) {
$rand_id = "";
for ($i = 1; $i <= $length; $i++) {
mt_srand((double) microtime() * 1000000);
$num = mt_rand(1, 36);
$rand_id .= assign_rand_value($num);
}
}
return $rand_id;
}
function send_email($to, $url)
{
$subject = "Password Reset Link for Doctor Referral App";
$message = "Please click on this link to reset your password\n" . $url;
$to = $to;
$message = $message;
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1;From: referralapp@medisense.com" . "\r\n";
// send the email
$mail_sent = @mail($to, $subject, $message, $headers);
}
$ran_val = get_rand_id(10);
$random = $ran_val . $doctor_id;
$sql_update = mysql_query("update doctor_stub set reset_key='{$random}' where Doctor_mobile_number='{$mob_number}'", $this->db);
if ($sql_update == 'success') {
/* code to send the reset password email to the doctor */
$this->logger->write("INFO :", "inside success");
$link = "www.referralio.com/dual_referral_html/reset_secure.php?link=" . $random . "&patch_id=" . $doctor_id;
send_email($email, $link);
/* end of send email */
$success = array('status' => "Success", "msg" => "Email has been sent for resetting password");
$this->response($this->json($success), 200);
} else {
$error = array('status' => "Failed", "msg" => "Error while generating email for reset pass");
$this->response($this->json($error), 400);
}
// $this->response($this->json($result), 200);
} else {
$error1 = array('status' => "Failed", "msg" => "No such records found in database");
$this->response($this->json($error1), 204);
// If no records "No Content" status
}
} else {
// If invalid inputs "Bad Request" status message and reason
$error = array('status' => "Failed", "msg" => "Invalid mobile number or Password");
$this->response($this->json($error), 400);
}
}
//Create an instance of class COMMONFUNC
$db = new DB();
if ($_POST["submit"] == "Submit") {
if (trim($_POST['email']) == "") {
$error['email'] = 'Please Enter Email';
$error_flag = 1;
}
$email = $_POST['email'];
if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", $email) && !empty($_POST['email'])) {
$error['email'] = 'Please Enter Valid Email';
$error_flag = 1;
}
$msg = "";
if ($error_flag == 0) {
$connObj = new Connection($db->Host, $db->User, $db->Password, $db->Database);
$strNewPassword = get_rand_id(6);
$encryptPwd = $strNewPassword;
// Check if email exists in the database
$where = " where `uemail` = '" . $_POST['email'] . "'";
$NumRows = $connObj->getNumRows(TBL_ADMIN, $where);
if ($NumRows > 0) {
$user = $connObj->getSingleRow(TBL_ADMIN, "where uemail='" . $_POST['email'] . "'");
$sql = mysql_query("UPDATE " . TBL_ADMIN . " set password = '******' where uemail='" . $_POST['email'] . "'") or die(mysql_error());
//Send email for notification
sendmail($_POST['email'], $strNewPassword, $user['username'], $user['status']);
$msg = "<div class='error'>Your password has been reset and mailed to you on your registered email id.</div>";
} else {
$msg = "<div class='error'>User not found. Please try again.</div>";
}
}
}
if ($length > 0) {
$rand_id = "";
for ($i = 1; $i <= $length; $i++) {
mt_srand((double) microtime() * 1000000);
$num = mt_rand(1, 36);
$rand_id .= assign_rand_value($num);
}
}
return $rand_id;
}
#######################
$dataArray['user_primary_email'] = $_REQUEST['user_primary_email'];
$dataArray['user_name'] = $_REQUEST['user_name'];
$dataArray['user_password'] = $_REQUEST['user_password'];
/*$dataArray['user_status']='Inactive';*/
$dataArray['user_activation_code'] = get_rand_id(20);
$user->dataInsert('ninerr_user', $dataArray);
###############################################################
/*Mail Part */
###############################################################
$to_mail = $dataArray['user_primary_email'];
$rand = $dataArray['user_activation_code'];
$subject = ucfirst(SITE_NAME) . ': Registration Confirmation';
$mail_table = '
<table width="600" border="0">
<tr>
<td width="600" align="center"><h3>Thank you for joining ' . ucfirst(SITE_NAME) . '!</h3></td>
</tr>
<tr>
<td width="600" align="left">Please click here to confirm your email address.</td>
