function addData($name, $id)
{
$flag = "";
$caseId = "";
$username = "";
$des = "";
$description = "";
$caseid = "";
$name = "";
$age = "";
$sex = "";
$address1 = "";
$address2 = "";
$pincode = "";
$disease = "";
$fatal = "";
$district = "";
$reportedon = "";
$diedon = "";
$date = "";
$createdon = "";
$newpostoffice = "";
$caseDate = "";
$username = "";
$usertype = "";
if ($id == 'add') {
$username = trim($_SESSION['userName']);
$usertype = trim($_SESSION['userType']);
$hospitalid = trim($_POST['cmbHospital']);
$name = trim($_POST['txtName']);
$age = trim($_POST['txtAge']);
$sex = trim($_POST['rdoSex']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$pincode = trim($_POST['txtPincode']);
$disease = trim($_POST['cmbDisease']);
$fatal = trim($_POST['cmbFatal']);
$district = trim($_POST['cmbDistrict']);
$reportedon = trim($_POST['txtReportedOn']);
$createdon = date("d/m/Y");
$date = trim($_POST['txtCaseDate']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($hospitalid)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($age)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($disease)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($district)) {
$flag = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
}
if ($_POST['cmbPostOffice'] == 1 && $_POST['cmbNearPostOffice'] != "select") {
$postofficeid = trim($_POST['cmbNearPostOffice']);
} else {
$postofficeid = trim($_POST['cmbPostOffice']);
}
if ($_POST['txtDiedOn'] == "") {
$diedon = "";
} else {
$diedon = trim($_POST['txtDiedOn']);
if (!isValidDate($diedon)) {
$flag = 'phpValidError';
}
$diedon = getDateToDb($diedon);
}
if (isInvalidNumber($postofficeid)) {
$flag = 'phpValidError';
}
if (!isValidDate($date)) {
$flag = 'phpValidError';
}
if (!isValidDate($reportedon)) {
$flag = 'phpValidError';
}
$result = mysql_query("select * from casereport where name='" . $name . "' and age='" . $age . "'\n\t\t\t\tand sex='" . $sex . "' and fatal='" . $fatal . "' and casedate='" . getDateToDb($date) . "'\n\t\t\t\tand reportedon='" . getDateToDb($reportedon) . "'\t") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 'false';
} else {
if ($flag == 'phpValidError') {
} else {
mysql_query("insert into casereport\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tage,\n\t\t\t\t\t\t\t\t\tsex,\n\t\t\t\t\t\t\t\t\taddress1,\n\t\t\t\t\t\t\t\t\taddress2,\n\t\t\t\t\t\t\t\t\tdiseaseid,\n\t\t\t\t\t\t\t\t\tfatal,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\thospitalid,\n\t\t\t\t\t\t\t\t\tpostofficeid,\n\t\t\t\t\t\t\t\t\treportedon,\n\t\t\t\t\t\t\t\t\tdiedon,\n\t\t\t\t\t\t\t\t\tcasedate,\n\t\t\t\t\t\t\t\t\tcreatedon\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($username) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($age) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($sex) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($disease) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($fatal) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($district) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($hospitalid) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($postofficeid) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($reportedon)) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($diedon) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($date)) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($createdon)) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
mysql_query("update casereport set diedon=NULL where diedon=00-00-0000") or die(mysql_error());
if ($_POST['cmbPostOffice'] == 1) {
$newpostoffice = $_POST['txtNewPostOffice'];
if (strlen($newpostoffice) < 3) {
$flag = 'phpValidError';
}
if (isInvalidName($newpostoffice)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("insert into newpostoffice\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\tpincode\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($newpostoffice) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($district) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "'\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t ") or die(mysql_error());
}
}
$username = $_SESSION['userName'];
$description = "New Case Report on patient " . $name . " is added";
insertEventData('Add_Case_Report', "New_Case_Reported", $username, $description);
$flag = 'true';
}
}
} else {
$hospitalid = $_POST['cmbHospital'];
$postofficeid = $_POST['cmbPostOffice'];
$name = trim($_POST['txtName']);
$age = trim($_POST['txtAge']);
$sex = trim($_POST['rdoSex']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$pincode = trim($_POST['txtPincode']);
$disease = trim($_POST['cmbDisease']);
$fatal = trim($_POST['cmbFatal']);
$district = trim($_POST['cmbDistrict']);
$reportedon = trim($_POST['txtReportedOn']);
$caseId = trim($_POST['txtCaseId']);
$date = trim($_POST['txtCaseDate']);
if (trim($_POST['txtDiedOn']) == "") {
$diedon = "";
} else {
$diedon = trim($_POST['txtDiedOn']);
if (!isValidDate($diedon)) {
$flag = 'phpValidError';
}
$diedon = getDateToDb($diedon);
}
if (!isValidDate($reportedon)) {
$flag = 'phpValidError';
}
if (!isValidDate($date)) {
$flag = 'phpValidError';
}
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($hospitalid)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($age)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($disease)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($district)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($caseId)) {
$flag = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update casereport\n\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\tage='" . preventInj($age) . "',\n\t\t\t\t\t\tsex='" . preventInj($sex) . "',\n\t\t\t\t\t\taddress1='" . preventInj($address1) . "',\n\t\t\t\t\t\taddress2='" . preventInj($address2) . "',\n\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\tdiseaseid='" . preventInj($disease) . "',\n\t\t\t\t\t\tdistrictid='" . preventInj($district) . "',\n\t\t\t\t\t\thospitalid='" . preventInj($hospitalid) . "',\n\t\t\t\t\t\tpostofficeid='" . preventInj($postofficeid) . "',\n\t\t\t\t\t\treportedon='" . preventInj(getDateToDb($reportedon)) . "',\n\t\t\t\t\t\tdiedon='" . preventInj($diedon) . "',\n\t\t\t\t\t\tcasedate='" . preventInj(getDateToDb($date)) . "'\n\t\t\t\t\twhere casereportid='" . preventInj($caseId) . "' ") or die(mysql_error());
mysql_query("update casereport set diedon=NULL where diedon=00-00-0000") or die(mysql_error());
$username = $_SESSION['userName'];
$description = "Case Report with id " . $caseId . " is updated";
insertEventData('Update_Case_Report', "Case_Report_Updated", $username, $description);
$flag = 'success';
}
}
return $flag;
}
function addBulkCaseDetails($strId)
{
$blnFlag = "";
$username = $_SESSION['userName'];
$intDistrictId = trim($_POST['cmpDistrict']);
$intDiseaseId = trim($_POST['cmpDisease']);
$intReportedNo = trim($_POST['txtReportedNo']);
$intFatalNo = trim($_POST['txtFatalNo']);
if (isStringNull($intDistrictId)) {
$blnFlag = 'phpValidError';
}
if (isStringNull($intDiseaseId)) {
$blnFlag = 'phpValidError';
}
if (isInvalidNumber($intDistrictId)) {
$blnFlag = 'phpValidError';
}
if (isInvalidNumber($intDiseaseId)) {
$blnFlag = 'phpValidError';
}
if (isStringNull($intReportedNo)) {
$blnFlag = 'phpValidError';
}
if (isInvalidNumber($intReportedNo)) {
$blnFlag = 'phpValidError';
}
if (isInvalidNumber($intFatalNo)) {
$blnFlag = 'phpValidError';
}
if ($strId == 'add') {
$createdon = date("Y-m-d");
if ($blnFlag == 'phpValidError') {
} else {
mysql_query("insert into bulkcase\n\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\tdiseaseid,\n\t\t\t\t\t\t\t\treportedcase,\n\t\t\t\t\t\t\t\tfatalcase,\n\t\t\t\t\t\t\t\tcreatedon,\n\t\t\t\t\t\t\t\tusername\n\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t'" . preventInj($intDistrictId) . "',\n\t\t\t\t\t\t\t\t'" . preventInj($intDiseaseId) . "',\n\t\t\t\t\t\t\t\t'" . preventInj($intReportedNo) . "',\n\t\t\t\t\t\t\t\t'" . preventInj($intFatalNo) . "',\n\t\t\t\t\t\t\t\t'" . $createdon . "',\n\t\t\t\t\t\t\t\t'" . preventInj($username) . "'\n\t\t\t\t\t\t\t)\n\t\t\t\t\t\t") or die(mysql_error());
$blnFlag = 'true';
$description = "";
insertEventData("Add_Bulk_Case_Report", "New_Bulk_Case_Reported", $username, $description);
}
} else {
if ($strId == 'edit') {
$intBulkCaseId = $_POST['txtBulkCaseId'];
if (isInvalidNumber($intBulkCaseId)) {
$blnFlag = 'phpValidError';
}
if ($blnFlag == 'phpValidError') {
} else {
mysql_query("UPDATE bulkcase SET\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($intDistrictId) . "',\n\t\t\t\t\t\t\t\t\t\tdiseaseid='" . preventInj($intDiseaseId) . "',\n\t\t\t\t\t\t\t\t\t\treportedcase='" . preventInj($intReportedNo) . "',\n\t\t\t\t\t\t\t\t\t\tfatalcase='" . preventInj($intFatalNo) . "'\n\t\t\t\t\t\t\t\tWHERE bulkcaseid='" . $intBulkCaseId . "' ") or die(mysql_error());
$description = "Bulk case report with id " . $intBulkCaseId . " is updated";
insertEventData("Update_Bulk_Case_Report ", "Bulk_Case_Report_Updated", $username, $description);
$blnFlag = 'success';
}
} else {
}
}
return $blnFlag;
}
function addData()
{
$gmoId = "";
$name = "";
$designation = null;
$address1 = null;
$address2 = null;
$phone1 = null;
$email = "";
$phone2 = null;
$mobile = null;
$user = '******';
$pass = '******';
$flag1 = null;
if (isset($_GET['add'])) {
$name = $_GET['name'];
$designation = $_GET['designation'];
$address1 = $_GET['address1'];
$address2 = $_GET['address2'];
$email = $_GET['email'];
$phone1 = $_GET['phonenumber1'];
$phone2 = $_GET['phonenumber2'];
$mobile = $_GET['mobilenumber'];
$user = $_GET['username'];
$pass = $_GET['password'];
$resultdist = mysql_query("select districtid from district where name='" . $_GET['district'] . "' ") or die(mysql_error());
$rowdist = mysql_fetch_array($resultdist);
$districtid = $rowdist['districtid'];
if (strlen($name) < 1) {
$flag1 = 'phpValidError';
}
if (isInvalidName($name)) {
$flag1 = 'phpValidError';
}
if (strlen($designation) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($designation)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag1 = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag1 = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag1 = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag1 = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag1 = 'phpValidError';
}
if (isStringNull($districtid)) {
$flag1 = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag1 = 'phpValidError';
}
if (strlen($user) < 5) {
$flag1 = 'phpValidError';
}
if (strlen($user) > 25) {
$flag1 = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag1 = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag1 = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag1 = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag1 = 'phpValidError';
}
$result = mysql_query("select * from gmo where name='" . $name . "' and officeaddress1='" . $address1 . "' and\n\t\t\t\tofficeaddress2='" . $address2 . "' and officephno1='" . $phone1 . "' and officephno2='" . $phone2 . "'\n\t\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and designation='" . $designation . "'\n\t\t\t\tand districtid='" . $districtid . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 1;
} else {
if ($flag1 == 'phpValidError') {
} else {
$result1 = mysql_query("select * from user where username='******' ") or die(mysql_error());
$intUnameExists = mysql_num_rows($result1);
if ($intUnameExists > 0) {
$flag = 2;
} else {
$flag = 3;
mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\t\tusertype\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t\t'GMO'\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\t ") or die(mysql_error());
mysql_query("insert into gmo\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\t\tdesignation,\n\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\t\t\t\tofficeaddress1,\n\t\t\t\t\t\t\t\t\t\t\t\tofficeaddress2,\n\t\t\t\t\t\t\t\t\t\t\t\tofficephno1,\n\t\t\t\t\t\t\t\t\t\t\t\tofficephno2,\n\t\t\t\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\t\tstateid\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($name)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($designation)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($user)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($email)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($mobile)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . trim($districtid) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'01'\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t") or die(mysql_error());
$description = "New gmo with username " . $user . " is registered";
insertEventData("Registration", "Registered new gmo", 'GMO', $description);
}
}
}
}
return $flag;
}
function addData()
{
$hospitalName = "";
$address1 = null;
$address2 = null;
$phone1 = null;
$email = "";
$phone2 = null;
$regno = null;
$mobile = null;
$user = null;
$pass = null;
$district = null;
$flag = 7;
$flag1 = null;
$intnameExists = 0;
if (isset($_GET['add'])) {
$name = $_GET['hname'];
$address1 = $_GET['address1'];
$address2 = $_GET['address2'];
$email = $_GET['email'];
$phone1 = $_GET['phonenumber1'];
$phone2 = $_GET['phonenumber2'];
$regno = $_GET['regno'];
$mobile = $_GET['mobilenumber'];
$user = $_GET['username'];
$pass = preventInj($_GET['password']);
$pincode = $_GET['pincode'];
$district = $_GET['district'];
$resultdist = mysql_query("select districtid from district where name='" . $_GET['district'] . "' ") or die(mysql_error());
$rowdist = mysql_fetch_array($resultdist);
$districtid = $rowdist['districtid'];
if (strlen($name) < 1) {
$flag1 = 'phpValidError';
}
if (isInvalidName($name)) {
$flag1 = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag1 = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag1 = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag1 = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag1 = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag1 = 'phpValidError';
}
if (isStringNull($districtid)) {
$flag1 = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag1 = 'phpValidError';
}
if (isInvalidPhoneNo($phone2)) {
$flag1 = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag1 = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag1 = 'phpValidError';
}
}
if (isInvalidName($regno)) {
$flag1 = 'phpValidError';
}
if (strlen($user) < 5) {
$flag1 = 'phpValidError';
}
if (strlen($user) > 25) {
$flag1 = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag1 = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag1 = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag1 = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag1 = 'phpValidError';
}
$result = mysql_query("select * from hospital where name='" . $name . "' and hospitaladdress1='" . $address1 . "' and hospitaladdress2='" . $address2 . "' and hospitalphno1='" . $phone1 . "' and hospitalphno2='" . $phone2 . "'\n\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and registerno='" . $regno . "' and \n\t\t\tdistrictid='" . $districtid . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 1;
} else {
if ($flag1 == 'phpValidError') {
} else {
$result1 = mysql_query("select * from user where username='******' ") or die(mysql_error());
$intUnameExists = mysql_num_rows($result1);
if ($intUnameExists > 0) {
$flag = 2;
} else {
mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\tusertype\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\t\tpassword('" . $pass . "'),\n\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t'HOSPITAL'\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t ");
mysql_query("insert into hospital\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\t\t\thospitaladdress1,\n\t\t\t\t\t\t\t\t\t\t\thospitaladdress2,\n\t\t\t\t\t\t\t\t\t\t\thospitalphno1,\n\t\t\t\t\t\t\t\t\t\t\thospitalphno2,\n\t\t\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\t\t\tregisterno,\n\t\t\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\tvalues \n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($name)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($user)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($email)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($mobile)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($districtid)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($pincode)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($regno)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'Pending'\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t");
$flag = 3;
$description = "New hospital with name " . $name . " is registered";
insertEventData("Registration", "Registered new hospital", $user, $description);
}
}
}
}
return $flag;
}
function addData($uname, $id, $poId, $newPoId)
{
$flag = "";
$name = "";
$distId = "";
$latitude = "";
$longitude = "";
$pincode = "";
if ($id == 'add') {
$name = trim($_POST['txtName']);
$distId = trim($_POST['cboDistrict']);
$latitude = trim($_POST['txtLatitude']);
$longitude = trim($_POST['txtLongitude']);
$pincode = trim($_POST['txtPincode']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($distId)) {
$flag = 'phpValidError';
}
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
if (isStringNull($latitude)) {
$flag = 'phpValidError';
}
if (isInvalidFloat($latitude)) {
$flag = 'phpValidError';
}
if (isStringNull($longitude)) {
$flag = 'phpValidError';
}
if (isInvalidFloat($longitude)) {
$flag = 'phpValidError';
}
$result = mysql_query("SELECT * FROM postoffice WHERE name='" . $name . "'\n\t\t\tAND districtid='" . $distId . "' AND pincode='" . $pincode . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 'false';
} else {
if ($flag == 'phpValidError') {
} else {
mysql_query("insert into postoffice\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tlatitude,\n\t\t\t\t\t\t\t\t\tlongitude\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($distId) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($latitude) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($longitude) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
$flag = 'true';
$usertype = $_SESSION['userType'];
$username = $_SESSION['userName'];
$description = "Post office name " . trim($name) . " is added";
insertEventData('Add_Post_Office', "Add_new_Postoffice", $username, $description);
}
}
} else {
if ($id == 'edit') {
$postOfficeId = $poId;
$name = trim($_POST['txtName']);
$distId = trim($_POST['cboDistrict']);
$latitude = trim($_POST['txtLatitude']);
$longitude = trim($_POST['txtLongitude']);
$pincode = trim($_POST['txtPincode']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($distId)) {
$flag = 'phpValidError';
}
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
if (isStringNull($latitude)) {
$flag = 'phpValidError';
}
if (isInvalidFloat($latitude)) {
$flag = 'phpValidError';
}
if (isStringNull($longitude)) {
$flag = 'phpValidError';
}
if (isInvalidFloat($longitude)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($postOfficeId)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("UPDATE postoffice SET\n\t\t\t\t\t\t\t\t\tname ='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($distId) . "',\n\t\t\t\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\tlatitude='" . preventInj($latitude) . "',\n\t\t\t\t\t\t\t\t\tlongitude='" . preventInj($longitude) . "'\n\t\t\t\t\t\t\t\tWHERE postofficeid='" . $postOfficeId . "' ") or die(mysql_error());
$username = $_SESSION['userName'];
$description = "Postoffice name " . $name . " is updated";
insertEventData('Update_Post_Office', "Update_Post_Office_Details", $username, $description);
$flag = 'success';
}
} else {
if ($id == 'editNew') {
$newpostOfficeId = $newPoId;
$name = trim($_POST['txtName']);
$distId = trim($_POST['cboDistrict']);
$latitude = trim($_POST['txtLatitude']);
$longitude = trim($_POST['txtLongitude']);
$pincode = trim($_POST['txtPincode']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($distId)) {
$flag = 'phpValidError';
}
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
if (isStringNull($latitude)) {
$flag = 'phpValidError';
}
if (isInvalidFloat($latitude)) {
$flag = 'phpValidError';
}
if (isStringNull($longitude)) {
$flag = 'phpValidError';
}
if (isInvalidFloat($longitude)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($newpostOfficeId)) {
$flag = 'phpValidError';
}
$result = mysql_query("SELECT * FROM postoffice WHERE name='" . $name . "'\n\t\t\tAND districtid='" . $distId . "' AND pincode='" . $pincode . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 'false';
} else {
if ($flag == 'phpValidError') {
} else {
mysql_query("insert into postoffice\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tlatitude,\n\t\t\t\t\t\t\t\t\tlongitude\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($distId) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($latitude) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($longitude) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
mysql_query("DELETE FROM newpostoffice WHERE postofficeid='" . $newpostOfficeId . "' ") or die(mysql_error());
$flag = 'newAdd';
$username = $_SESSION['userName'];
$description = "Post office name " . trim($name) . " is deleted from pending list and new postoffice added";
insertEventData('Add_Post_Office', "Add_Pending_Post_office", $username, $description);
}
}
} else {
}
}
}
return $flag;
}
function addData($uname, $id)
{
$daoId = 0;
$name = "";
$designation = null;
$address1 = null;
$address2 = null;
$phone1 = null;
$email = "";
$phone2 = null;
$mobile = null;
$user = "";
$pass = "";
$districtid = "";
$flag = "";
if ($id == 'add') {
$name = trim($_POST['txtName']);
$designation = trim($_POST['txtDesignation']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$email = trim($_POST['txtEmail']);
$districtid = trim($_POST['cmpDistrict']);
$phone1 = trim($_POST['txtPhone1']);
$mobile = trim($_POST['txtMobile']);
$user = trim($_POST['txtUserName']);
$pass = trim($_POST['txtPassword']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($designation) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($designation)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag = 'phpValidError';
}
if (strlen($user) < 5) {
$flag = 'phpValidError';
}
if (strlen($user) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag = 'phpValidError';
}
$result = mysql_query("select * from dao where name='" . $name . "' and address1='" . $address1 . "'\n\t\t\tand address2='" . $address2 . "' and phonenumber='" . $phone1 . "' and mobilenumber='" . $mobile . "'\n\t\t\tand emailid='" . $email . "' and designation='" . $designation . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 'false';
} else {
if ($flag == 'phpValidError') {
} else {
$result1 = mysql_query("select * from user where username='******' ") or die(mysql_error());
$intUnameExists = mysql_num_rows($result1);
if ($intUnameExists > 0) {
$flag = 'fail';
} else {
mysql_query("insert into user\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\tusertype,\n\t\t\t\t\t\t\t\t\tlastlogin\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t'Approved',\n\t\t\t\t\t\t\t\t\t\t'DAO',\n\t\t\t\t\t\t\t\t\t\tnow()\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t ") or die(mysql_error());
mysql_query("insert into dao\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdesignation,\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\taddress1,\n\t\t\t\t\t\t\t\t\taddress2,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\tphonenumber,\n\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($designation) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t'" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t'Approved'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
$flag = 'true';
$username = $_SESSION['userName'];
$description = "New dao with username " . $user . " is added";
insertEventData('Add_Dao', "Add_new_dao", $username, $description);
}
}
}
} else {
if ($_SESSION['userType'] == "DAO" && $_POST['txtPassword'] != NULL) {
$pass = trim($_POST['txtPassword']);
$user = trim($_POST['txtUserName']);
if (strlen($user) < 5) {
$flag = 'phpValidError';
}
if (strlen($user) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update user\n\t\t\t\t\t\t\t\t\tset userpasswd='" . preventInj($pass) . "',\n\t\t\t\t\t\t\t\t\t\t\tlastlogin=now()\n\t\t\t\t\t\t\t\t\twhere username='******' ") or die(mysql_error());
}
}
$name = trim($_POST['txtName']);
$designation = trim($_POST['txtDesignation']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$email = trim($_POST['txtEmail']);
$districtid = trim($_POST['cmpDistrict']);
$phone1 = trim($_POST['txtPhone1']);
$mobile = trim($_POST['txtMobile']);
$daoId = trim($_POST['daoId']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($designation) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($designation)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($daoId)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update dao\n\t\t\t\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t\tdesignation='" . preventInj($designation) . "',\n\t\t\t\t\t\t\t\t\t\taddress1='" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t\taddress2='" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t\tphonenumber='" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t\tmobilenumber='" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t\temailid='" . preventInj($email) . "'\n\t\t\t\t\t\t\t\twhere daoid='" . $daoId . "' ") or die(mysql_error());
$username = $_SESSION['userName'];
$description = "Dao with id " . $des . " is updated";
insertEventData('Update_Dao', "Dao_Details_Updated", $username, $description);
$flag = 'success';
}
}
return $flag;
}
function addData($uname, $id)
{
$hospitalId = "";
$name = "";
$address1 = null;
$address2 = null;
$phone1 = null;
$email = "";
$phone2 = null;
$regno = null;
$mobile = null;
$user = null;
$pass = null;
$flag = "";
if ($id == 'add') {
$name = trim($_POST['txtHospitalName']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$email = trim($_POST['txtEmail']);
$phone1 = trim($_POST['txtPhone1']);
$phone2 = trim($_POST['txtPhone2']);
$regno = trim($_POST['txtRegNo']);
$mobile = trim($_POST['txtMobile']);
$user = trim($_POST['txtUserName']);
$pass = trim($_POST['txtPassword']);
$pincode = trim($_POST['txtPincode']);
$districtid = trim($_POST['cmpDistrict']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag = 'phpValidError';
}
}
if (isInvalidNumber($districtid)) {
$flag = 'phpValidError';
}
if (strlen($phone1) < 7) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone2)) {
$flag = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
}
if (isInvalidName($regno)) {
$flag = 'phpValidError';
}
if (strlen($user) < 5) {
$flag = 'phpValidError';
}
if (strlen($user) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag = 'phpValidError';
}
$result = mysql_query("select * from hospital where name='" . $name . "' and\n\t\t\thospitaladdress1='" . $address1 . "' and hospitaladdress2='" . $address2 . "'\n\t\t\tand hospitalphno1='" . $phone1 . "' and hospitalphno2='" . $phone2 . "'\n\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and registerno='" . $regno . "'\n\t\t\tand districtid='" . $districtid . "' ") or die(mysql_error());
$intnameExists = mysql_num_rows($result);
if ($intnameExists > 0) {
$flag = 'false';
} else {
if ($flag == 'phpValidError') {
} else {
$result1 = mysql_query("select * from user where username='******' ") or die(mysql_error());
$intUnameExists = mysql_num_rows($result1);
if ($intUnameExists > 0) {
$flag = 'fail';
} else {
mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\tusertype,\n\t\t\t\t\t\t\t\t\t\t\tlastlogin\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t\t'Approved',\n\t\t\t\t\t\t\t\t\t\t\t'HOSPITAL',\n\t\t\t\t\t\t\t\t\t\t\tnow()\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t ") or die(mysql_error());
mysql_query("insert into hospital\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\thospitaladdress1,\n\t\t\t\t\t\t\t\t\thospitaladdress2,\n\t\t\t\t\t\t\t\t\thospitalphno1,\n\t\t\t\t\t\t\t\t\thospitalphno2,\n\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tregisterno,\n\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($regno) . "',\n\t\t\t\t\t\t\t\t\t'Approved'\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
$flag = 'true';
$description = "New hospital with name " . $name . " is added";
insertEventData('Add_Hospital', "Add new hospital", $user, $description);
}
}
}
} else {
$name = trim($_POST['txtHospitalName']);
$address1 = trim($_POST['txtAddress1']);
$address2 = trim($_POST['txtAddress2']);
$email = trim($_POST['txtEmail']);
$phone1 = trim($_POST['txtPhone1']);
$phone2 = trim($_POST['txtPhone2']);
$regno = trim($_POST['txtRegNo']);
$mobile = trim($_POST['txtMobile']);
$pincode = trim($_POST['txtPincode']);
$districtid = trim($_POST['cmpDistrict']);
$hospitalId = trim($_POST['hospitalId']);
if (strlen($name) < 1) {
$flag = 'phpValidError';
}
if (isInvalidName($name)) {
$flag = 'phpValidError';
}
if (strlen($address1) < 1) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address1)) {
$flag = 'phpValidError';
}
if (isInvalidAddress($address2)) {
$flag = 'phpValidError';
}
if (strlen($email) > 0) {
if (isInvalidEmail($email)) {
$flag = 'phpValidError';
}
}
if (strlen($phone1) < 7) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone1)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($phone2)) {
$flag = 'phpValidError';
}
if (isInvalidPhoneNo($mobile)) {
$flag = 'phpValidError';
}
if (strlen($pincode) > 0) {
if (strlen($pincode) != 6) {
$flag = 'phpValidError';
}
if (isInvalidNumber($pincode)) {
$flag = 'phpValidError';
}
}
if (isInvalidName($regno)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($districtid)) {
$flag = 'phpValidError';
}
if (isInvalidNumber($hospitalId)) {
$flag = 'phpValidError';
}
if ($_SESSION['userType'] == "HOSPITAL" && $_POST['txtPassword'] != NULL) {
$pass = trim($_POST['txtPassword']);
$user = trim($_POST['txtUserName']);
if (strlen($user) < 5) {
$flag = 'phpValidError';
}
if (strlen($user) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) {
$flag = 'phpValidError';
}
if (strlen($pass) < 5) {
$flag = 'phpValidError';
}
if (strlen($pass) > 25) {
$flag = 'phpValidError';
}
if (!ereg('^[a-zA-Z]', $pass)) {
$flag = 'phpValidError';
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update user\n\t\t\t\t\t\t\t\t\tset userpasswd='" . preventInj($pass) . "',\n\t\t\t\t\t\t\t\t\t\t\tlastlogin=now()\n\t\t\t\t\t\t\t\t\twhere username='******' ") or die(mysql_error());
}
}
if ($flag == 'phpValidError') {
} else {
mysql_query("update hospital\n\t\t\t\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t\temailid='" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t\thospitaladdress1='" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t\thospitaladdress2='" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t\thospitalphno1='" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t\thospitalphno2='" . preventInj($phone2) . "',\n\t\t\t\t\t\t\t\t\t\tmobilenumber='" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t\tregisterno='" . preventInj($regno) . "',\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($districtid) . "'\n\t\t\t\t\t\t\t\twhere hospitalid='" . preventInj($hospitalId) . "' ") or die(mysql_error());
$flag = 'success';
$username = $_SESSION['userName'];
$description = "Hospital with id " . $hospitalId . " is updated";
insertEventData('Update_Hospital', "Update_Hospital_Details", $username, $description);
}
}
return $flag;
}
function addDiseaseDetails($strUserName, $strId)
{
$blnFlag = "";
$strDiseaseName = "";
$strDescription = "";
$intDiseaseId = "";
$strSymptoms = "";
$strPrecautions = "";
$strMedication = "";
$strSpecialAdvice = "";
$strSelectImageName = "";
$strSelectImageName = trim($_POST['strselectImage']);
$strDiseaseName = trim($_POST['txtDiseaseName']);
$strDescription = trim($_POST['txtAreaDescription']);
$strSymptoms = $_POST['txtAreaSymptoms'];
$strPrecautions = $_POST['txtAreaPrecautions'];
$strMedication = $_POST['txtAreaMedication'];
$strSpecialAdvice = $_POST['txtAreaSpecialAdvice'];
if (strlen($strDiseaseName) < 1) {
$blnFlag = 'phpValidError';
}
if (isInvalidName($strDiseaseName)) {
$blnFlag = 'phpValidError';
}
if (strlen($strDescription) < 1) {
$blnFlag = 'phpValidError';
}
// if(isInvalidName($strDescription))
// $blnFlag ='phpValidError';
if (strlen($strSymptoms) < 1) {
$blnFlag = 'phpValidError';
}
// if(isInvalidName($strSymptoms))
// $blnFlag ='phpValidError';
if (strlen($strPrecautions) < 1) {
$blnFlag = 'phpValidError';
}
// if(isInvalidName($strPrecautions))
// $blnFlag ='phpValidError';
if (strlen($strMedication) < 1) {
$blnFlag = 'phpValidError';
}
// if(isInvalidName($strMedication))
// $blnFlag ='phpValidError';
if (strlen($strSpecialAdvice) < 1) {
$blnFlag = 'phpValidError';
}
// if(isInvalidName($strSpecialAdvice))
// $blnFlag ='phpValidError';
if ($strId == 'add') {
$resultDisease = mysql_query("SELECT * FROM disease WHERE name='" . $strDiseaseName . "' ") or die(mysql_error());
$intDiseaseNameExists = mysql_num_rows($resultDisease);
if ($intDiseaseNameExists > 0) {
$blnFlag = 'false';
} else {
if ($blnFlag == 'phpValidError') {
} else {
mysql_query("insert into disease\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdescription,\n\t\t\t\t\t\t\t\t\tsymptoms,\n\t\t\t\t\t\t\t\t\tprecaution,\n\t\t\t\t\t\t\t\t\tmedication,\n\t\t\t\t\t\t\t\t\tspecialadvice,\n\t\t\t\t\t\t\t\t\timagename\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($strDiseaseName) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strDescription) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strSymptoms) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strPrecautions) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strMedication) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strSpecialAdvice) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strSelectImageName) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error());
$blnFlag = 'true';
$username = $_SESSION['userName'];
$usertype = $_SESSION['userType'];
$description = "Disease name " . trim($strDiseaseName) . " is added";
insertEventData($usertype, "Add new disease", $username, $description);
}
}
} else {
if ($strId == 'edit') {
$intDiseaseId = $_POST['txtDiseaseId'];
if (isInvalidNumber($intDiseaseId)) {
$blnFlag = 'phpValidError';
}
if ($blnFlag == 'phpValidError') {
} else {
mysql_query("UPDATE disease SET\n\t\t\t\t\t\t\t\t\tname ='" . preventInj($strDiseaseName) . "',\n\t\t\t\t\t\t\t\t\tdescription='" . preventInj($strDescription) . "',\n\t\t\t\t\t\t\t\t\tsymptoms='" . preventInj($strSymptoms) . "',\n\t\t\t\t\t\t\t\t\tprecaution='" . preventInj($strPrecautions) . "',\n\t\t\t\t\t\t\t\t\tmedication='" . preventInj($strMedication) . "',\n\t\t\t\t\t\t\t\t\tspecialadvice='" . preventInj($strSpecialAdvice) . "',\n\t\t\t\t\t\t\t\t\timagename='" . preventInj($strSelectImageName) . "'\n\t\t\t\t\t\t\t\tWHERE diseaseid='" . $intDiseaseId . "' ") or die(mysql_error());
$username = $_SESSION['userName'];
$description = "Disease name " . $strDiseaseName . " is updated";
insertEventData('Update_Disease', "Update_Disease_Details", $username, $description);
$blnFlag = 'success';
}
}
}
return $blnFlag;
}
