function addData() { $gmoId = ""; $name = ""; $designation = null; $address1 = null; $address2 = null; $phone1 = null; $email = ""; $phone2 = null; $mobile = null; $user = '******'; $pass = '******'; $flag1 = null; if (isset($_GET['add'])) { $name = $_GET['name']; $designation = $_GET['designation']; $address1 = $_GET['address1']; $address2 = $_GET['address2']; $email = $_GET['email']; $phone1 = $_GET['phonenumber1']; $phone2 = $_GET['phonenumber2']; $mobile = $_GET['mobilenumber']; $user = $_GET['username']; $pass = $_GET['password']; $resultdist = mysql_query("select districtid from district where name='" . $_GET['district'] . "' ") or die(mysql_error()); $rowdist = mysql_fetch_array($resultdist); $districtid = $rowdist['districtid']; if (strlen($name) < 1) { $flag1 = 'phpValidError'; } if (isInvalidName($name)) { $flag1 = 'phpValidError'; } if (strlen($designation) < 1) { $flag = 'phpValidError'; } if (isInvalidName($designation)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag1 = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag1 = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag1 = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag1 = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag1 = 'phpValidError'; } if (isStringNull($districtid)) { $flag1 = 'phpValidError'; } if (strlen($phone1) < 7) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag1 = 'phpValidError'; } if (strlen($user) < 5) { $flag1 = 'phpValidError'; } if (strlen($user) > 25) { $flag1 = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag1 = 'phpValidError'; } if (strlen($pass) < 5) { $flag1 = 'phpValidError'; } if (strlen($pass) > 25) { $flag1 = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag1 = 'phpValidError'; } $result = mysql_query("select * from gmo where name='" . $name . "' and officeaddress1='" . $address1 . "' and\n\t\t\t\tofficeaddress2='" . $address2 . "' and officephno1='" . $phone1 . "' and officephno2='" . $phone2 . "'\n\t\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and designation='" . $designation . "'\n\t\t\t\tand districtid='" . $districtid . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 1; } else { if ($flag1 == 'phpValidError') { } else { $result1 = mysql_query("select * from user where username='******' ") or die(mysql_error()); $intUnameExists = mysql_num_rows($result1); if ($intUnameExists > 0) { $flag = 2; } else { $flag = 3; mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\t\tusertype\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t\t'GMO'\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\t ") or die(mysql_error()); mysql_query("insert into gmo\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\t\tdesignation,\n\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\t\t\t\tofficeaddress1,\n\t\t\t\t\t\t\t\t\t\t\t\tofficeaddress2,\n\t\t\t\t\t\t\t\t\t\t\t\tofficephno1,\n\t\t\t\t\t\t\t\t\t\t\t\tofficephno2,\n\t\t\t\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\t\tstateid\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($name)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($designation)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($user)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($email)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($mobile)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . trim($districtid) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'01'\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t") or die(mysql_error()); $description = "New gmo with username " . $user . " is registered"; insertEventData("Registration", "Registered new gmo", 'GMO', $description); } } } } return $flag; }
function addData($uname, $id) { $daoId = 0; $name = ""; $designation = null; $address1 = null; $address2 = null; $phone1 = null; $email = ""; $phone2 = null; $mobile = null; $user = ""; $pass = ""; $districtid = ""; $flag = ""; if ($id == 'add') { $name = trim($_POST['txtName']); $designation = trim($_POST['txtDesignation']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $email = trim($_POST['txtEmail']); $districtid = trim($_POST['cmpDistrict']); $phone1 = trim($_POST['txtPhone1']); $mobile = trim($_POST['txtMobile']); $user = trim($_POST['txtUserName']); $pass = trim($_POST['txtPassword']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($designation) < 1) { $flag = 'phpValidError'; } if (isInvalidName($designation)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag = 'phpValidError'; } if (strlen($phone1) < 7) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag = 'phpValidError'; } if (strlen($user) < 5) { $flag = 'phpValidError'; } if (strlen($user) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag = 'phpValidError'; } if (strlen($pass) < 5) { $flag = 'phpValidError'; } if (strlen($pass) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag = 'phpValidError'; } $result = mysql_query("select * from dao where name='" . $name . "' and address1='" . $address1 . "'\n\t\t\tand address2='" . $address2 . "' and phonenumber='" . $phone1 . "' and mobilenumber='" . $mobile . "'\n\t\t\tand emailid='" . $email . "' and designation='" . $designation . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 'false'; } else { if ($flag == 'phpValidError') { } else { $result1 = mysql_query("select * from user where username='******' ") or die(mysql_error()); $intUnameExists = mysql_num_rows($result1); if ($intUnameExists > 0) { $flag = 'fail'; } else { mysql_query("insert into user\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\tusertype,\n\t\t\t\t\t\t\t\t\tlastlogin\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t'Approved',\n\t\t\t\t\t\t\t\t\t\t'DAO',\n\t\t\t\t\t\t\t\t\t\tnow()\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t ") or die(mysql_error()); mysql_query("insert into dao\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdesignation,\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\taddress1,\n\t\t\t\t\t\t\t\t\taddress2,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\tphonenumber,\n\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($designation) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t'" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t'Approved'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error()); $flag = 'true'; $username = $_SESSION['userName']; $description = "New dao with username " . $user . " is added"; insertEventData('Add_Dao', "Add_new_dao", $username, $description); } } } } else { if ($_SESSION['userType'] == "DAO" && $_POST['txtPassword'] != NULL) { $pass = trim($_POST['txtPassword']); $user = trim($_POST['txtUserName']); if (strlen($user) < 5) { $flag = 'phpValidError'; } if (strlen($user) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag = 'phpValidError'; } if (strlen($pass) < 5) { $flag = 'phpValidError'; } if (strlen($pass) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag = 'phpValidError'; } if ($flag == 'phpValidError') { } else { mysql_query("update user\n\t\t\t\t\t\t\t\t\tset userpasswd='" . preventInj($pass) . "',\n\t\t\t\t\t\t\t\t\t\t\tlastlogin=now()\n\t\t\t\t\t\t\t\t\twhere username='******' ") or die(mysql_error()); } } $name = trim($_POST['txtName']); $designation = trim($_POST['txtDesignation']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $email = trim($_POST['txtEmail']); $districtid = trim($_POST['cmpDistrict']); $phone1 = trim($_POST['txtPhone1']); $mobile = trim($_POST['txtMobile']); $daoId = trim($_POST['daoId']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($designation) < 1) { $flag = 'phpValidError'; } if (isInvalidName($designation)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag = 'phpValidError'; } if (strlen($phone1) < 7) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag = 'phpValidError'; } if (isInvalidNumber($daoId)) { $flag = 'phpValidError'; } if ($flag == 'phpValidError') { } else { mysql_query("update dao\n\t\t\t\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t\tdesignation='" . preventInj($designation) . "',\n\t\t\t\t\t\t\t\t\t\taddress1='" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t\taddress2='" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t\tphonenumber='" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t\tmobilenumber='" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t\temailid='" . preventInj($email) . "'\n\t\t\t\t\t\t\t\twhere daoid='" . $daoId . "' ") or die(mysql_error()); $username = $_SESSION['userName']; $description = "Dao with id " . $des . " is updated"; insertEventData('Update_Dao', "Dao_Details_Updated", $username, $description); $flag = 'success'; } } return $flag; }
function addData() { $hospitalName = ""; $address1 = null; $address2 = null; $phone1 = null; $email = ""; $phone2 = null; $regno = null; $mobile = null; $user = null; $pass = null; $district = null; $flag = 7; $flag1 = null; $intnameExists = 0; if (isset($_GET['add'])) { $name = $_GET['hname']; $address1 = $_GET['address1']; $address2 = $_GET['address2']; $email = $_GET['email']; $phone1 = $_GET['phonenumber1']; $phone2 = $_GET['phonenumber2']; $regno = $_GET['regno']; $mobile = $_GET['mobilenumber']; $user = $_GET['username']; $pass = preventInj($_GET['password']); $pincode = $_GET['pincode']; $district = $_GET['district']; $resultdist = mysql_query("select districtid from district where name='" . $_GET['district'] . "' ") or die(mysql_error()); $rowdist = mysql_fetch_array($resultdist); $districtid = $rowdist['districtid']; if (strlen($name) < 1) { $flag1 = 'phpValidError'; } if (isInvalidName($name)) { $flag1 = 'phpValidError'; } if (strlen($address1) < 1) { $flag1 = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag1 = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag1 = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag1 = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag1 = 'phpValidError'; } if (isStringNull($districtid)) { $flag1 = 'phpValidError'; } if (strlen($phone1) < 7) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($phone2)) { $flag1 = 'phpValidError'; } if (strlen($pincode) > 0) { if (strlen($pincode) != 6) { $flag1 = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag1 = 'phpValidError'; } } if (isInvalidName($regno)) { $flag1 = 'phpValidError'; } if (strlen($user) < 5) { $flag1 = 'phpValidError'; } if (strlen($user) > 25) { $flag1 = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag1 = 'phpValidError'; } if (strlen($pass) < 5) { $flag1 = 'phpValidError'; } if (strlen($pass) > 25) { $flag1 = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag1 = 'phpValidError'; } $result = mysql_query("select * from hospital where name='" . $name . "' and hospitaladdress1='" . $address1 . "' and hospitaladdress2='" . $address2 . "' and hospitalphno1='" . $phone1 . "' and hospitalphno2='" . $phone2 . "'\n\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and registerno='" . $regno . "' and \n\t\t\tdistrictid='" . $districtid . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 1; } else { if ($flag1 == 'phpValidError') { } else { $result1 = mysql_query("select * from user where username='******' ") or die(mysql_error()); $intUnameExists = mysql_num_rows($result1); if ($intUnameExists > 0) { $flag = 2; } else { mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\tusertype\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\t\tpassword('" . $pass . "'),\n\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t'HOSPITAL'\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t "); mysql_query("insert into hospital\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\t\t\thospitaladdress1,\n\t\t\t\t\t\t\t\t\t\t\thospitaladdress2,\n\t\t\t\t\t\t\t\t\t\t\thospitalphno1,\n\t\t\t\t\t\t\t\t\t\t\thospitalphno2,\n\t\t\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\t\t\tregisterno,\n\t\t\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\tvalues \n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($name)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($user)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($email)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($mobile)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($districtid)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($pincode)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($regno)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'Pending'\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t"); $flag = 3; $description = "New hospital with name " . $name . " is registered"; insertEventData("Registration", "Registered new hospital", $user, $description); } } } } return $flag; }
function addData($uname, $id) { $hospitalId = ""; $name = ""; $address1 = null; $address2 = null; $phone1 = null; $email = ""; $phone2 = null; $regno = null; $mobile = null; $user = null; $pass = null; $flag = ""; if ($id == 'add') { $name = trim($_POST['txtHospitalName']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $email = trim($_POST['txtEmail']); $phone1 = trim($_POST['txtPhone1']); $phone2 = trim($_POST['txtPhone2']); $regno = trim($_POST['txtRegNo']); $mobile = trim($_POST['txtMobile']); $user = trim($_POST['txtUserName']); $pass = trim($_POST['txtPassword']); $pincode = trim($_POST['txtPincode']); $districtid = trim($_POST['cmpDistrict']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag = 'phpValidError'; } if (strlen($phone1) < 7) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone2)) { $flag = 'phpValidError'; } if (strlen($pincode) > 0) { if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } } if (isInvalidName($regno)) { $flag = 'phpValidError'; } if (strlen($user) < 5) { $flag = 'phpValidError'; } if (strlen($user) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag = 'phpValidError'; } if (strlen($pass) < 5) { $flag = 'phpValidError'; } if (strlen($pass) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag = 'phpValidError'; } $result = mysql_query("select * from hospital where name='" . $name . "' and\n\t\t\thospitaladdress1='" . $address1 . "' and hospitaladdress2='" . $address2 . "'\n\t\t\tand hospitalphno1='" . $phone1 . "' and hospitalphno2='" . $phone2 . "'\n\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and registerno='" . $regno . "'\n\t\t\tand districtid='" . $districtid . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 'false'; } else { if ($flag == 'phpValidError') { } else { $result1 = mysql_query("select * from user where username='******' ") or die(mysql_error()); $intUnameExists = mysql_num_rows($result1); if ($intUnameExists > 0) { $flag = 'fail'; } else { mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\tusertype,\n\t\t\t\t\t\t\t\t\t\t\tlastlogin\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t\t'Approved',\n\t\t\t\t\t\t\t\t\t\t\t'HOSPITAL',\n\t\t\t\t\t\t\t\t\t\t\tnow()\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t ") or die(mysql_error()); mysql_query("insert into hospital\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\thospitaladdress1,\n\t\t\t\t\t\t\t\t\thospitaladdress2,\n\t\t\t\t\t\t\t\t\thospitalphno1,\n\t\t\t\t\t\t\t\t\thospitalphno2,\n\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tregisterno,\n\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($regno) . "',\n\t\t\t\t\t\t\t\t\t'Approved'\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error()); $flag = 'true'; $description = "New hospital with name " . $name . " is added"; insertEventData('Add_Hospital', "Add new hospital", $user, $description); } } } } else { $name = trim($_POST['txtHospitalName']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $email = trim($_POST['txtEmail']); $phone1 = trim($_POST['txtPhone1']); $phone2 = trim($_POST['txtPhone2']); $regno = trim($_POST['txtRegNo']); $mobile = trim($_POST['txtMobile']); $pincode = trim($_POST['txtPincode']); $districtid = trim($_POST['cmpDistrict']); $hospitalId = trim($_POST['hospitalId']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag = 'phpValidError'; } } if (strlen($phone1) < 7) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone2)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag = 'phpValidError'; } if (strlen($pincode) > 0) { if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } } if (isInvalidName($regno)) { $flag = 'phpValidError'; } if (isInvalidNumber($districtid)) { $flag = 'phpValidError'; } if (isInvalidNumber($hospitalId)) { $flag = 'phpValidError'; } if ($_SESSION['userType'] == "HOSPITAL" && $_POST['txtPassword'] != NULL) { $pass = trim($_POST['txtPassword']); $user = trim($_POST['txtUserName']); if (strlen($user) < 5) { $flag = 'phpValidError'; } if (strlen($user) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag = 'phpValidError'; } if (strlen($pass) < 5) { $flag = 'phpValidError'; } if (strlen($pass) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag = 'phpValidError'; } if ($flag == 'phpValidError') { } else { mysql_query("update user\n\t\t\t\t\t\t\t\t\tset userpasswd='" . preventInj($pass) . "',\n\t\t\t\t\t\t\t\t\t\t\tlastlogin=now()\n\t\t\t\t\t\t\t\t\twhere username='******' ") or die(mysql_error()); } } if ($flag == 'phpValidError') { } else { mysql_query("update hospital\n\t\t\t\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t\temailid='" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t\thospitaladdress1='" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t\thospitaladdress2='" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t\thospitalphno1='" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t\thospitalphno2='" . preventInj($phone2) . "',\n\t\t\t\t\t\t\t\t\t\tmobilenumber='" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t\tregisterno='" . preventInj($regno) . "',\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($districtid) . "'\n\t\t\t\t\t\t\t\twhere hospitalid='" . preventInj($hospitalId) . "' ") or die(mysql_error()); $flag = 'success'; $username = $_SESSION['userName']; $description = "Hospital with id " . $hospitalId . " is updated"; insertEventData('Update_Hospital', "Update_Hospital_Details", $username, $description); } } return $flag; }