<?php
ob_start();
error_reporting(0);
require 'database.php';
require 'varfilter.php';
require 'PHPMailer_v5.1/class.phpmailer.php';
if (isset($_POST['submit'])) {
$email = unhack($_POST['email']);
//Start Validating submitted Date
if (empty($email)) {
$ERROR = "Please Enter Your Email Address";
//Check for empty field
} else {
$client_check = mysql_query("SELECT username FROM client_login WHERE username='******'") or die(mysql_error());
//Check for existing user in registered table
if (mysql_num_rows($client_check) == 0) {
$ERROR = "You email is not found";
$ERROR1 = "You email is not found";
} else {
$ftch = mysql_fetch_array($client_check);
$newemail1 = $ftch[0];
}
$doc_check = mysql_query("SELECT username FROM doctor_login WHERE username='******'") or die(mysql_error());
//Check for existing user in registered table
if (mysql_num_rows($doc_check) == 0) {
$ERROR = "You email is not found";
$ERROR2 = "You email is not found";
} else {
$ftch = mysql_fetch_array($doc_check);
$newemail2 = $ftch[0];
require 'headwithsearch.php';
require 'varfilter.php';
require 'database.php';
$username = $_SESSION['username'];
$c = mysql_query("select COUNT(doctor_name) from mydocs where doctor_name='{$username}'") or die(mysql_error());
$counter = mysql_fetch_array($c);
$count = 0;
if ($counter[0] != 0) {
$count = $counter[0];
}
if (isset($_POST['upload'])) {
$myfile = $_POST['myfile'];
$imgname = unhack($_POST['name']);
$email = unhack($_POST['email']);
$imgdate = unhack($_POST['date']);
$phone = unhack($_POST['phone']);
$get_prev_id = mysql_query("select MAX(docs_id) from mydocs") or die(mysql_error() . " Prev id not fetched");
$docs_id = mysql_fetch_array($get_prev_id);
$d_id = $docs_id[0];
//Properties of the uploaded file
$name = $_FILES['myfile']['name'];
$nam = isimg($name);
$type = $_FILES['myfile']['type'];
$siz = $_FILES['myfile']['size'];
$size = imgsize($siz);
$tmp_name = $_FILES['myfile']['tmp_name'];
$error = $_FILES['myfile']['error'];
//Validate must upload file and not empty receipt no and patient name
if ($error > 0) {
echo "<font color='red'><h3>Please Choose file first</h3></font>";
}
<?php
ob_start();
session_start();
if (empty($_SESSION['cusername'])) {
header('location:index.php');
}
$cusernmae = $_SESSION['cusername'];
require 'database.php';
require 'varfilter.php';
$page = $_REQUEST['page'];
$page1 = unhack($page);
$get = mysql_query("select img from mydocs where docs_id='{$page1}' and client_name='{$cusernmae}'");
$fimg = mysql_fetch_array($get);
$rm = $fimg[0];
unlink($rm);
chmod("mydocs/clients/{$cusernmae}/{$page1}", 0777);
rmdir("mydocs/clients/{$cusernmae}/{$page1}");
mysql_query("delete from mydocs where docs_id='{$page1}' and client_name='{$cusernmae}' ") or die(mysql_error());
$c = mysql_query("select no_of_upload from client_login where username='******'") or die(mysql_error());
$counter = mysql_fetch_array($c);
$counting = $counter[0];
$count = $counter[0] - 1;
mysql_query("update client_login set no_of_upload='{$count}' where username='******'");
header('location: clienthome.php');
?>
ob_start();
error_reporting(0);
session_start();
if (empty($_SESSION['ausername'])) {
header('location:index.php');
exit;
}
require 'headwithsearch.php';
require 'varfilter.php';
session_start();
$username = $_SESSION['ausername'];
require 'database.php';
if (isset($_POST['srch'])) {
$s = $_POST['srch_txt'];
$srch_txt = unhack($s);
//echo '<div class="row" style="padding:20px">';
if (!empty($srch_txt)) {
$engine = mysql_query("select * from doctor_detail where name like'%" . $srch_txt . "%' OR email like'%" . $srch_txt . "%' OR phone like'%" . $srch_txt . "%'") or die(mysql_error() . " Searching Error line no 7 search.php");
?>
<div class="container">
<div class="hero-unit" style="margin:0px; padding:10px 0px; text-align:left">
<div class="span7"><?php
echo $ic;
?>
</div>
<div class="span4 text-right">
<form method="post" action="adminsrch.php" class="" style="">
<input type="text" name="srch_txt" class="input-medium search-query">
<button type="submit" name="srch" class="btn btn-success">Search</button>
</form>
header('location:index.php');
exit;
}
require 'headwithsearch.php';
require 'database.php';
require 'varfilter.php';
$username = $_SESSION['username'];
$cusername = $_SESSION['cusername'];
if (isset($_POST['chng'])) {
$old = $_POST['oldpwd'];
$new = $_POST['newpwd'];
$re = $_POST['repwd'];
//Using Unhack Var
$oldp = unhack($old);
$newp = unhack($new);
$rep = unhack($re);
if (!empty($oldp) && !empty($newp) && !empty($rep)) {
if ($newp == $rep) {
if (!empty($_SESSION['username'])) {
$getpass = mysql_query("select password from doctor_login where password='******' AND username='******' ") or die(mysql_error());
if (mysql_num_rows($getpass) == 1) {
mysql_query("update doctor_login set password='******' where username='******'") or die(mysql_error());
$echo = "Password Changed";
} else {
$echo = "your Old password is incorrect";
}
}
if (!empty($_SESSION['ausername'])) {
$getpass = mysql_query("select password from admin where password='******' AND name='{$username}' ") or die(mysql_error());
if (mysql_num_rows($getpass) == 1) {
mysql_query("update admin set password='******' where name='{$username}'") or die(mysql_error());
$tmp_name = $_FILES['myfile']['tmp_name'];
$error = $_FILES['myfile']['error'];
$destination = "mydocs/clients/{$cusername}/{$page}";
//remove old file
$get = mysql_query("select img from mydocs where docs_id='{$page}'");
$fimg = mysql_fetch_array($get);
$rm = $fimg[0];
unlink($rm);
move_uploaded_file($tmp_name, "{$destination}/" . $name);
$saved = "{$destination}/" . $name;
mysql_query("update mydocs set img='{$saved}' , img_name='{$fname}', details='{$details1}' , doc_date='{$date1}', client_phone='{$client_phone1}' where docs_id='{$page}' ") or die(mysql_error());
mysql_query("update client_login set no_of_upload='{$count}' where username='******' ");
header('location: index.php');
} else {
$fname = $_POST['fname'];
$details1 = $_POST['details1'];
$date1 = $_POST['date1'];
$client_phone1 = unhack($_POST['client_phone1']);
$ffname = unhack($fname);
$ddetails1 = unhack($details1);
$ddate1 = unhack($date1);
mysql_query("update mydocs set img_name='{$ffname}', details='{$ddetails1}' , doc_date='{$ddate1}',client_phone='{$client_phone1}' where docs_id='{$page}' ") or die(mysql_error());
mysql_query("update client_login set no_of_upload='{$count}' where username='******' ");
header('location: index.php');
}
}
?>
<!--</div>
</div>-->
header('location:doctorhome.php');
} elseif (!empty($_SESSION['cusername'])) {
header('location:clienthome.php');
} elseif (!empty($_SESSION['ausername'])) {
header('location: adminhome.php');
}
require 'database.php';
error_reporting(0);
if (isset($_POST['login'])) {
$name = $_POST['username'];
$pass = $_POST['psswd'];
if (empty($name) && empty($pass)) {
$echo = "Please fill username and password";
} else {
$username = unhack($name);
$password = unhack($pass);
$finddoc = mysql_query("select username,password,doc_id,con_id from doctor_login where username='******' AND password='******' ") or die(mysql_error());
if (mysql_num_rows($finddoc) == 1) {
$m = mysql_fetch_row($finddoc);
$iid = $m[2];
$_SESSION['username'] = $username;
$cod = $m[3];
$_SESSION['con_id'] = $cod;
$_SESSION['did'] = $iid;
header('location: doctorhome.php');
}
$findadmin = mysql_query("select name,password from admin where name='{$username}' AND password='******' ") or die(mysql_error());
if (mysql_num_rows($findadmin)) {
$_SESSION['ausername'] = $username;
header('location: adminhome.php');
} else {
<?php
ob_start();
error_reporting(0);
require 'database.php';
require 'varfilter.php';
if (isset($_POST['signup'])) {
$name = unhack($_POST['name']);
$email = unhack($_POST['email']);
$phone = unhack($_POST['phone']);
$pass1 = unhack($_POST['pass1']);
$pass2 = unhack($_POST['pass2']);
$sec_q = unhack($_POST['sec_q']);
$sec_a = unhack($_POST['sec_a']);
$ERROR = "";
//Start Validating submitted Date
if (empty($name) && empty($email) && empty($phone) && empty($pass1) && empty($pass2) && empty($sec_q) && empty($sec_a)) {
$ERROR = "Please fill all fields";
//Check for empty field
} elseif (!is_numeric($phone)) {
$ERROR = "This is no a valid phone number";
//Check for valid phone number
} elseif (strlen($pass1) < 5) {
$ERROR = "Password must be Greater then 5 character";
//Check password lenghth
} elseif ($pass1 != $pass2) {
$ERROR = "Password not matched";
//Match paassword
}
$check1 = mysql_query("select username from doctor_login where username='******'");
//Check for existing user in registered table
} else {
}
}
mysql_query("INSERT INTO `mydocs` \r\n\t(`docs_id`, `img`, `current_folder`, `img_name`, `details`, `doc_date`, `doctor_name`, `client_name`, `client_phone`,`cod`,'cat')\r\n\t VALUES (NULL, '{$thumbnail}', '{$destination}', '{$imgname}', '{$email}', '{$imgdate}', '{$username}', '', '{$phone}','{$codx}','{$cat}')") or die(mysql_error() . "E22");
mysql_query("update doctor_login set no_of_upload='{$count}' where username='******' ");
echo '<h3>Your file is successfully Uploaded To the Server im in else mode</h3>';
///////////////////////EndSuperScript///////////////////////////////////
}
}
if (isset($_POST['ehr'])) {
$myfile = $_POST['myfile'];
$imgname = unhack($_POST['name']);
$email = unhack($_POST['email']);
$imgdate = unhack($_POST['date']);
$phone = unhack($_POST['phone']);
$cat = unhack($_POST['cat']);
$imgdate = convertDate($imgdate);
$get_prev_id = mysql_query("select MAX(docs_id) from mydocs") or die(mysql_error() . " Prev id not fetched");
$docs_id = mysql_fetch_array($get_prev_id);
$d_id = $docs_id[0];
//Properties of the uploaded file
$n = $_FILES['myfile'];
$c = count($n);
$thumbnail = 0;
if (file_exists("mydocs/" . $username)) {
$increement = $d_id + 1;
date_default_timezone_get('asia/kolkata');
$date = date("Y-m-d");
mkdir("mydocs/{$username}/" . $increement);
$destination = "mydocs/{$username}/{$increement}";
for ($i = 0; $i < $c; $i++) {
ob_start();
error_reporting(0);
require 'database.php';
require 'varfilter.php';
require 'data_handler.php';
if (isset($_POST['signup'])) {
$name = unhack($_POST['name']);
$email = unhack($_POST['email']);
$phone = unhack($_POST['phone']);
$pass1 = unhack($_POST['pass1']);
$pass2 = unhack($_POST['pass2']);
$sec_q = unhack($_POST['sec_q']);
$sec_a = unhack($_POST['sec_a']);
$city = unhack($_POST['city']);
$lastname = unhack($_POST['lname']);
$gen = unhack($_POST['gen']);
$ERROR = "";
//Start Validating submitted Date
if (empty($name) && empty($email) && empty($phone) && empty($pass1) && empty($pass2) && empty($sec_q) && empty($sec_a)) {
$ERROR = "Please fill all fields";
//Check for empty field
} elseif (!is_numeric($phone)) {
$ERROR = "This is no a valid phone number";
//Check for valid phone number
} elseif (strlen($pass1) < 5) {
$ERROR = "Password must be Greater then 5 character";
//Check password lenghth
} elseif ($pass1 != $pass2) {
$ERROR = "Password not matched";
//Match paassword
}