Compare commits

...

3 Commits

Author SHA1 Message Date
Dushant Mali
6b285ac769 Merge branch 'main' of http://103.196.222.49:3000/ohctech/ohctech_p8 2025-03-04 10:54:38 +05:30
Dushant Mali
c01372a983 Merge branch 'main' of http://103.196.222.49:3000/ohctech/ohctech_p8 2025-02-21 12:14:03 +05:30
Dushant Mali
af854c0a46 Updated Code 2025-02-21 11:45:27 +05:30
7 changed files with 97 additions and 68 deletions

View File

@ -1,41 +1,58 @@
<?php <?php
include_once('includes/functions.php'); include_once('includes/functions.php');
// include_once('includes/config/config.php'); // include_once('includes/config/config.php');
$menu_key=$_SESSION['menu_key'];
//echo "<script>alert(".$_SESSION['menu_key'].")</script>"; // Check if session variables exist
$access_level=getaccesslevel($_SESSION['RoleId'] ,$menu_key); $menu_key = isset($_SESSION['menu_key']) ? $_SESSION['menu_key'] : '';
$_SESSION['access_key']=$access_level; $role_id = isset($_SESSION['RoleId']) ? $_SESSION['RoleId'] : '';
//echo "aceess======".$access_level;
if ( if (!empty($role_id) && !empty($menu_key)) {
$access_level = getaccesslevel($role_id, $menu_key);
$_SESSION['access_key'] = $access_level;
// Check for specific page conditions
if (
is_string($__currentPage) && is_string($__currentPage) &&
( (
(strripos($__currentPage, "interim", 5) !== false) || (stripos($__currentPage, "interim") !== false) ||
(strripos($__currentPage, "review_ohc_selection") !== false) (stripos($__currentPage, "review_ohc_selection") !== false)
) )
){ ) {
// Do nothing if condition matches
} else {
$acn = isset($_REQUEST['acn']) ? $_REQUEST['acn'] : (isset($_REQUEST['frmacn']) ? $_REQUEST['frmacn'] : '');
}else{ // SQL query to check menu access
$acn=""; $sql_access = "SELECT menu_id FROM assign_menu WHERE role_id='" . mysqli_real_escape_string($conn, $role_id) . "' AND menu_id='" . mysqli_real_escape_string($conn, $menu_key) . "'";
$acn= $_REQUEST['acn'] or $_REQUEST['frmacn']; error_log("sql_access".$sql_access);
$sql_access= "select menu_id from assign_menu where role_id='".$_SESSION['RoleId']."' and menu_id='".$menu_key."'"; $result_access = mysqli_query($conn, $sql_access);
//echo $sql_access; $count_access = mysqli_num_rows($result_access);
//$l->log($sql_access, PEAR_LOG_INFO);
$result_access = mysqli_query($conn,$sql_access); // Access control checks
$count_access=@mysqli_num_rows($result_access); if (!empty($menu_key) && $count_access == 0) {
//echo $count_access; echo "<script>location.href='error.php'</script>";
if((isset($menu_key) && $menu_key!='') && $count_access==0){ exit;
//$l->log("inside first check", PEAR_LOG_INFO); } else {
if (
!empty($acn) &&
(($acn == "delete" || $acn == "Delete") && $access_level != 'E')
) {
echo "<script>location.href='error.php'</script>"; echo "<script>location.href='error.php'</script>";
}else{ exit;
if(isset($acn) && ($acn=="delete" || $acn=="Delete") && $access_level!='E'){ } else if (
!empty($acn) &&
(in_array(strtolower($acn), ['add', 'save', 'update']) && !in_array($access_level, ['W', 'E', 'R']))
) {
echo "<script>location.href='error.php'</script>"; echo "<script>location.href='error.php'</script>";
//$l->log("inside second check", PEAR_LOG_INFO); exit;
}else if(isset($acn) &&($acn=="Add" || $acn=="Save"|| $acn=="add"|| $acn=="Update"|| $acn=="update") && ($access_level!='W' && $access_level!='E' && $access_level!='R' )){ }
echo "<script>location.href='error.php'</script>";
//$l->log("inside third check", PEAR_LOG_INFO);
} }
}
validateRequest(); // Validate the request for special characters
validateRequest();
}
} else {
// echo "<script>location.href='error.php'</script>";
// exit;
} }
?> ?>

View File

@ -1493,7 +1493,8 @@ $non_emp = getTableFieldValue('patient_category', 'patient_cat_id', 'patient_cat
<?php <?php
$docs_select_query = "select * from employee_docs where emp_id=$emp_id"; $docs_select_query = "select * from employee_docs where emp_id='$emp_id'";
error_log($docs_select_query . " ERROR " . mysqli_error($conn));
$docs_result = @mysqli_query($conn, $docs_select_query); $docs_result = @mysqli_query($conn, $docs_select_query);
@ -1550,7 +1551,7 @@ $non_emp = getTableFieldValue('patient_category', 'patient_cat_id', 'patient_cat
<?php } ?> <?php }else { ?>
@ -1601,6 +1602,7 @@ $non_emp = getTableFieldValue('patient_category', 'patient_cat_id', 'patient_cat
<?php $count++; <?php $count++;
}
} ?> } ?>

View File

@ -2,3 +2,7 @@ ALTER TABLE `sop_document` ADD `last_renewal_date` DATE NOT NULL AFTER `id`, ADD
-- Dushant -- Dushant
ALTER TABLE `calibration_item_tbl` ADD `status` VARCHAR(100) NOT NULL AFTER `bill_file_type`; ALTER TABLE `calibration_item_tbl` ADD `status` VARCHAR(100) NOT NULL AFTER `bill_file_type`;
-- Dushant
ALTER TABLE `sop_document` ADD `last_renewal_date` DATE NOT NULL AFTER `id`;

View File

@ -3883,36 +3883,33 @@ function getTodayStockCount()
} }
} }
function validateRequest() function validateRequest()
{ {
$special_chars = "'^<5E>$%()}{~><>,|=_+<2B>-"; // all the special characters you want to check for $special_chars = preg_quote("^$%()}{~><>,|=_+-", '/'); // Use preg_quote to escape special characters for regex
$return = array(); $return = array();
$return['msg'] = "Internal Server Error"; $return['msg'] = "Internal Server Error";
foreach ($_REQUEST as $formKey => $formKeyVal) { foreach ($_REQUEST as $formKey => $formKeyVal) {
if (
if (preg_match('/' . $special_chars . '/', $formKeyVal) || preg_match('/' . $special_chars . '/', $formKey)) { preg_match('/[' . $special_chars . ']/', $formKeyVal) ||
preg_match('/[' . $special_chars . ']/', $formKey)
// echo "<script>alert('Manoj'+'".$formKey."=".$formKeyVal."')</script>"; ) {
// Debugging line to log what is triggering the error
// echo "<script>alert('Special character detected in: " . $formKey . " = " . $formKeyVal . "')</script>";
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
header('Cache-Control: no-cache, must-revalidate'); header('Cache-Control: no-cache, must-revalidate');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Content-type: application/json'); header('Content-type: application/json');
die(json_encode($return)); die(json_encode($return));
} }
echo "<script>location.href='error.php'</script>"; echo "<script>location.href='error.php'</script>";
exit;
} }
} }
} }
/** /**
* *
* Takes input as array suitable for multiselect form attributes * Takes input as array suitable for multiselect form attributes

View File

@ -956,7 +956,9 @@
include('form/checkup_type_modal.php'); include('form/checkup_type_modal.php');
?> ?>
<?php include('form/medical_full_view.php'); ?> <?php include('form/medical_full_view.php'); ?>
<?php include_once('full_view_medical.php'); ?> <?php
// include_once('full_view_medical.php');
?>
<?php include_once('select_checkup_type_s.php'); ?> <?php include_once('select_checkup_type_s.php'); ?>
<?php include_once('form/form_o.php'); ?> <?php include_once('form/form_o.php'); ?>
<?php include_once('form/form_33.php'); ?> <?php include_once('form/form_33.php'); ?>

View File

@ -25,6 +25,7 @@ $ohc_type = $_SESSION['current_ohcttype']?>
<!-- End of breadcrumb --> <!-- End of breadcrumb -->
<?php <?php
$db_new_date=""; $db_new_date="";
$last_day=""; $last_day="";
$m=0; $m=0;
@ -48,7 +49,10 @@ $y = date('Y',strtotime("".$selectedShiftYear."-".($selectedShiftMonth+1)."-01")
$shift_status_options = generateOption('shift_status','status_name','shift_status_id','','',''); $shift_status_options = generateOption('shift_status','status_name','shift_status_id','','','');
// generateOptionForMultipleWithWhereClause('shift_status','status_name','shift_status_id','','','is_shift','Y'); // generateOptionForMultipleWithWhereClause('shift_status','status_name','shift_status_id','','','is_shift','Y');
error_log("MONTh " . $m);
error_log("Year " . $y);
error_log("LAST DATE " . $last_day);
$last_day = date_format(date_create($last_day), 'd');
?> ?>
<script> <script>
var jsonArrayShiftData = <?php echo json_encode($shift_data); ?>; var jsonArrayShiftData = <?php echo json_encode($shift_data); ?>;
@ -61,7 +65,7 @@ var jsonArrayShiftData = <?php echo json_encode($shift_data); ?>;
<div class="page-content"> <div class="page-content">
<div class="box box-primary" <div class="box box-primary"
style="padding: 10px; margin: 2px 0px 50px 5px; width: 99.5%;"> style="padding: 10px; margin: 2px 0px 50px 5px; width: 99.5%;">
<form id="shift_form" method="post"> <form id="shift_form" action="shift_details.php" method="post">
<!-- box-body--> <!-- box-body-->
<div class="box-body" id="reload_amb"> <div class="box-body" id="reload_amb">
@ -115,10 +119,12 @@ var jsonArrayShiftData = <?php echo json_encode($shift_data); ?>;
</div> </div>
<button class="btn btn-primary " type="button" <!-- <button class="btn btn-primary " type="button"
id="submit_button" onclick="$('#shift_form').attr('action', '');$('#shift_form').submit()"> id="submit_button">
<i class="ace-icon fa fa-send"></i> Submit <i class="ace-icon fa fa-send"></i> Submit
</button> </button> -->
<input type="submit" value="Submit" class="btn btn-primary" id="submit_button" />
<button class="btn btn-danger " type="button" <button class="btn btn-danger " type="button"
id="pdf_print" onclick="print_pdf('p')"> id="pdf_print" onclick="print_pdf('p')">

View File

@ -43,6 +43,7 @@ $result_menu_exists = mysqli_query($conn,$sql_menu_exists);
$countAccessibleMenuPages_exists=mysqli_num_rows($result_menu_exists); $countAccessibleMenuPages_exists=mysqli_num_rows($result_menu_exists);
$sql_menu= "select menu_id from menu_master where upper(menu_url)=upper('".$__currentPage."') and menu_id in(select menu_id from assign_menu where role_id='".$_SESSION['RoleId']."')"; $sql_menu= "select menu_id from menu_master where upper(menu_url)=upper('".$__currentPage."') and menu_id in(select menu_id from assign_menu where role_id='".$_SESSION['RoleId']."')";
error_log("sql_menu".$sql_menu);
$result_menu = mysqli_query($conn,$sql_menu); $result_menu = mysqli_query($conn,$sql_menu);
$countAccessibleMenuPages=mysqli_num_rows($result_menu); $countAccessibleMenuPages=mysqli_num_rows($result_menu);
@ -56,7 +57,7 @@ if($row_menu = mysqli_fetch_array($result_menu)){
} }
} }
$_SESSION['menu_current_page'] = $__currentPage; $_SESSION['menu_current_page'] = $__currentPage;
include_once ('access.php'); // include_once ('access.php');
// echo "top_user:".$top_user.":Manoj"; // echo "top_user:".$top_user.":Manoj";