Compare commits
3 Commits
f75b512a63
...
6b285ac769
Author | SHA1 | Date | |
---|---|---|---|
![]() |
6b285ac769 | ||
![]() |
c01372a983 | ||
![]() |
af854c0a46 |
87
access.php
87
access.php
@ -1,41 +1,58 @@
|
|||||||
<?php
|
<?php
|
||||||
include_once('includes/functions.php');
|
include_once('includes/functions.php');
|
||||||
// include_once('includes/config/config.php');
|
// include_once('includes/config/config.php');
|
||||||
$menu_key=$_SESSION['menu_key'];
|
|
||||||
//echo "<script>alert(".$_SESSION['menu_key'].")</script>";
|
|
||||||
$access_level=getaccesslevel($_SESSION['RoleId'] ,$menu_key);
|
|
||||||
$_SESSION['access_key']=$access_level;
|
|
||||||
//echo "aceess======".$access_level;
|
|
||||||
if (
|
|
||||||
is_string($__currentPage) &&
|
|
||||||
(
|
|
||||||
(strripos($__currentPage, "interim", 5) !== false) ||
|
|
||||||
(strripos($__currentPage, "review_ohc_selection") !== false)
|
|
||||||
)
|
|
||||||
){
|
|
||||||
|
|
||||||
}else{
|
// Check if session variables exist
|
||||||
$acn="";
|
$menu_key = isset($_SESSION['menu_key']) ? $_SESSION['menu_key'] : '';
|
||||||
$acn= $_REQUEST['acn'] or $_REQUEST['frmacn'];
|
$role_id = isset($_SESSION['RoleId']) ? $_SESSION['RoleId'] : '';
|
||||||
$sql_access= "select menu_id from assign_menu where role_id='".$_SESSION['RoleId']."' and menu_id='".$menu_key."'";
|
|
||||||
//echo $sql_access;
|
|
||||||
//$l->log($sql_access, PEAR_LOG_INFO);
|
|
||||||
$result_access = mysqli_query($conn,$sql_access);
|
|
||||||
$count_access=@mysqli_num_rows($result_access);
|
|
||||||
//echo $count_access;
|
|
||||||
if((isset($menu_key) && $menu_key!='') && $count_access==0){
|
|
||||||
//$l->log("inside first check", PEAR_LOG_INFO);
|
|
||||||
echo "<script>location.href='error.php'</script>";
|
|
||||||
}else{
|
|
||||||
if(isset($acn) && ($acn=="delete" || $acn=="Delete") && $access_level!='E'){
|
|
||||||
echo "<script>location.href='error.php'</script>";
|
|
||||||
//$l->log("inside second check", PEAR_LOG_INFO);
|
|
||||||
}else if(isset($acn) &&($acn=="Add" || $acn=="Save"|| $acn=="add"|| $acn=="Update"|| $acn=="update") && ($access_level!='W' && $access_level!='E' && $access_level!='R' )){
|
|
||||||
echo "<script>location.href='error.php'</script>";
|
|
||||||
//$l->log("inside third check", PEAR_LOG_INFO);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
validateRequest();
|
if (!empty($role_id) && !empty($menu_key)) {
|
||||||
|
$access_level = getaccesslevel($role_id, $menu_key);
|
||||||
|
$_SESSION['access_key'] = $access_level;
|
||||||
|
|
||||||
|
// Check for specific page conditions
|
||||||
|
if (
|
||||||
|
is_string($__currentPage) &&
|
||||||
|
(
|
||||||
|
(stripos($__currentPage, "interim") !== false) ||
|
||||||
|
(stripos($__currentPage, "review_ohc_selection") !== false)
|
||||||
|
)
|
||||||
|
) {
|
||||||
|
// Do nothing if condition matches
|
||||||
|
} else {
|
||||||
|
$acn = isset($_REQUEST['acn']) ? $_REQUEST['acn'] : (isset($_REQUEST['frmacn']) ? $_REQUEST['frmacn'] : '');
|
||||||
|
|
||||||
|
// SQL query to check menu access
|
||||||
|
$sql_access = "SELECT menu_id FROM assign_menu WHERE role_id='" . mysqli_real_escape_string($conn, $role_id) . "' AND menu_id='" . mysqli_real_escape_string($conn, $menu_key) . "'";
|
||||||
|
error_log("sql_access".$sql_access);
|
||||||
|
$result_access = mysqli_query($conn, $sql_access);
|
||||||
|
$count_access = mysqli_num_rows($result_access);
|
||||||
|
|
||||||
|
// Access control checks
|
||||||
|
if (!empty($menu_key) && $count_access == 0) {
|
||||||
|
echo "<script>location.href='error.php'</script>";
|
||||||
|
exit;
|
||||||
|
} else {
|
||||||
|
if (
|
||||||
|
!empty($acn) &&
|
||||||
|
(($acn == "delete" || $acn == "Delete") && $access_level != 'E')
|
||||||
|
) {
|
||||||
|
echo "<script>location.href='error.php'</script>";
|
||||||
|
exit;
|
||||||
|
} else if (
|
||||||
|
!empty($acn) &&
|
||||||
|
(in_array(strtolower($acn), ['add', 'save', 'update']) && !in_array($access_level, ['W', 'E', 'R']))
|
||||||
|
) {
|
||||||
|
echo "<script>location.href='error.php'</script>";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate the request for special characters
|
||||||
|
validateRequest();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// echo "<script>location.href='error.php'</script>";
|
||||||
|
// exit;
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
@ -1493,7 +1493,8 @@ $non_emp = getTableFieldValue('patient_category', 'patient_cat_id', 'patient_cat
|
|||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
$docs_select_query = "select * from employee_docs where emp_id=$emp_id";
|
$docs_select_query = "select * from employee_docs where emp_id='$emp_id'";
|
||||||
|
error_log($docs_select_query . " ERROR " . mysqli_error($conn));
|
||||||
|
|
||||||
$docs_result = @mysqli_query($conn, $docs_select_query);
|
$docs_result = @mysqli_query($conn, $docs_select_query);
|
||||||
|
|
||||||
@ -1550,7 +1551,7 @@ $non_emp = getTableFieldValue('patient_category', 'patient_cat_id', 'patient_cat
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
<?php } ?>
|
<?php }else { ?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -1601,6 +1602,7 @@ $non_emp = getTableFieldValue('patient_category', 'patient_cat_id', 'patient_cat
|
|||||||
|
|
||||||
|
|
||||||
<?php $count++;
|
<?php $count++;
|
||||||
|
}
|
||||||
} ?>
|
} ?>
|
||||||
|
|
||||||
|
|
||||||
|
@ -2,3 +2,7 @@ ALTER TABLE `sop_document` ADD `last_renewal_date` DATE NOT NULL AFTER `id`, ADD
|
|||||||
|
|
||||||
-- Dushant
|
-- Dushant
|
||||||
ALTER TABLE `calibration_item_tbl` ADD `status` VARCHAR(100) NOT NULL AFTER `bill_file_type`;
|
ALTER TABLE `calibration_item_tbl` ADD `status` VARCHAR(100) NOT NULL AFTER `bill_file_type`;
|
||||||
|
|
||||||
|
|
||||||
|
-- Dushant
|
||||||
|
ALTER TABLE `sop_document` ADD `last_renewal_date` DATE NOT NULL AFTER `id`;
|
||||||
|
@ -3883,36 +3883,33 @@ function getTodayStockCount()
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
function validateRequest()
|
function validateRequest()
|
||||||
|
|
||||||
{
|
{
|
||||||
$special_chars = "'^<5E>$%()}{~><>,|=_+<2B>-"; // all the special characters you want to check for
|
$special_chars = preg_quote("^$%()}{~><>,|=_+-", '/'); // Use preg_quote to escape special characters for regex
|
||||||
|
$return = array();
|
||||||
|
$return['msg'] = "Internal Server Error";
|
||||||
|
|
||||||
$return = array();
|
foreach ($_REQUEST as $formKey => $formKeyVal) {
|
||||||
|
if (
|
||||||
|
preg_match('/[' . $special_chars . ']/', $formKeyVal) ||
|
||||||
|
preg_match('/[' . $special_chars . ']/', $formKey)
|
||||||
|
) {
|
||||||
|
// Debugging line to log what is triggering the error
|
||||||
|
// echo "<script>alert('Special character detected in: " . $formKey . " = " . $formKeyVal . "')</script>";
|
||||||
|
|
||||||
$return['msg'] = "Internal Server Error";
|
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
|
||||||
|
header('Cache-Control: no-cache, must-revalidate');
|
||||||
|
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
||||||
|
header('Content-type: application/json');
|
||||||
|
die(json_encode($return));
|
||||||
|
}
|
||||||
|
|
||||||
foreach ($_REQUEST as $formKey => $formKeyVal) {
|
echo "<script>location.href='error.php'</script>";
|
||||||
|
exit;
|
||||||
if (preg_match('/' . $special_chars . '/', $formKeyVal) || preg_match('/' . $special_chars . '/', $formKey)) {
|
}
|
||||||
|
}
|
||||||
// echo "<script>alert('Manoj'+'".$formKey."=".$formKeyVal."')</script>";
|
|
||||||
|
|
||||||
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
|
|
||||||
|
|
||||||
header('Cache-Control: no-cache, must-revalidate');
|
|
||||||
|
|
||||||
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
|
||||||
|
|
||||||
header('Content-type: application/json');
|
|
||||||
|
|
||||||
die(json_encode($return));
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "<script>location.href='error.php'</script>";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* Takes input as array suitable for multiselect form attributes
|
* Takes input as array suitable for multiselect form attributes
|
||||||
|
@ -956,7 +956,9 @@
|
|||||||
include('form/checkup_type_modal.php');
|
include('form/checkup_type_modal.php');
|
||||||
?>
|
?>
|
||||||
<?php include('form/medical_full_view.php'); ?>
|
<?php include('form/medical_full_view.php'); ?>
|
||||||
<?php include_once('full_view_medical.php'); ?>
|
<?php
|
||||||
|
// include_once('full_view_medical.php');
|
||||||
|
?>
|
||||||
<?php include_once('select_checkup_type_s.php'); ?>
|
<?php include_once('select_checkup_type_s.php'); ?>
|
||||||
<?php include_once('form/form_o.php'); ?>
|
<?php include_once('form/form_o.php'); ?>
|
||||||
<?php include_once('form/form_33.php'); ?>
|
<?php include_once('form/form_33.php'); ?>
|
||||||
|
@ -25,6 +25,7 @@ $ohc_type = $_SESSION['current_ohcttype']?>
|
|||||||
<!-- End of breadcrumb -->
|
<!-- End of breadcrumb -->
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
|
||||||
$db_new_date="";
|
$db_new_date="";
|
||||||
$last_day="";
|
$last_day="";
|
||||||
$m=0;
|
$m=0;
|
||||||
@ -48,7 +49,10 @@ $y = date('Y',strtotime("".$selectedShiftYear."-".($selectedShiftMonth+1)."-01")
|
|||||||
|
|
||||||
$shift_status_options = generateOption('shift_status','status_name','shift_status_id','','','');
|
$shift_status_options = generateOption('shift_status','status_name','shift_status_id','','','');
|
||||||
// generateOptionForMultipleWithWhereClause('shift_status','status_name','shift_status_id','','','is_shift','Y');
|
// generateOptionForMultipleWithWhereClause('shift_status','status_name','shift_status_id','','','is_shift','Y');
|
||||||
|
error_log("MONTh " . $m);
|
||||||
|
error_log("Year " . $y);
|
||||||
|
error_log("LAST DATE " . $last_day);
|
||||||
|
$last_day = date_format(date_create($last_day), 'd');
|
||||||
?>
|
?>
|
||||||
<script>
|
<script>
|
||||||
var jsonArrayShiftData = <?php echo json_encode($shift_data); ?>;
|
var jsonArrayShiftData = <?php echo json_encode($shift_data); ?>;
|
||||||
@ -61,7 +65,7 @@ var jsonArrayShiftData = <?php echo json_encode($shift_data); ?>;
|
|||||||
<div class="page-content">
|
<div class="page-content">
|
||||||
<div class="box box-primary"
|
<div class="box box-primary"
|
||||||
style="padding: 10px; margin: 2px 0px 50px 5px; width: 99.5%;">
|
style="padding: 10px; margin: 2px 0px 50px 5px; width: 99.5%;">
|
||||||
<form id="shift_form" method="post">
|
<form id="shift_form" action="shift_details.php" method="post">
|
||||||
<!-- box-body-->
|
<!-- box-body-->
|
||||||
<div class="box-body" id="reload_amb">
|
<div class="box-body" id="reload_amb">
|
||||||
|
|
||||||
@ -115,10 +119,12 @@ var jsonArrayShiftData = <?php echo json_encode($shift_data); ?>;
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
<button class="btn btn-primary " type="button"
|
<!-- <button class="btn btn-primary " type="button"
|
||||||
id="submit_button" onclick="$('#shift_form').attr('action', '');$('#shift_form').submit()">
|
id="submit_button">
|
||||||
<i class="ace-icon fa fa-send"></i> Submit
|
<i class="ace-icon fa fa-send"></i> Submit
|
||||||
</button>
|
</button> -->
|
||||||
|
|
||||||
|
<input type="submit" value="Submit" class="btn btn-primary" id="submit_button" />
|
||||||
|
|
||||||
<button class="btn btn-danger " type="button"
|
<button class="btn btn-danger " type="button"
|
||||||
id="pdf_print" onclick="print_pdf('p')">
|
id="pdf_print" onclick="print_pdf('p')">
|
||||||
|
@ -43,6 +43,7 @@ $result_menu_exists = mysqli_query($conn,$sql_menu_exists);
|
|||||||
$countAccessibleMenuPages_exists=mysqli_num_rows($result_menu_exists);
|
$countAccessibleMenuPages_exists=mysqli_num_rows($result_menu_exists);
|
||||||
|
|
||||||
$sql_menu= "select menu_id from menu_master where upper(menu_url)=upper('".$__currentPage."') and menu_id in(select menu_id from assign_menu where role_id='".$_SESSION['RoleId']."')";
|
$sql_menu= "select menu_id from menu_master where upper(menu_url)=upper('".$__currentPage."') and menu_id in(select menu_id from assign_menu where role_id='".$_SESSION['RoleId']."')";
|
||||||
|
error_log("sql_menu".$sql_menu);
|
||||||
$result_menu = mysqli_query($conn,$sql_menu);
|
$result_menu = mysqli_query($conn,$sql_menu);
|
||||||
$countAccessibleMenuPages=mysqli_num_rows($result_menu);
|
$countAccessibleMenuPages=mysqli_num_rows($result_menu);
|
||||||
|
|
||||||
@ -56,7 +57,7 @@ if($row_menu = mysqli_fetch_array($result_menu)){
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
$_SESSION['menu_current_page'] = $__currentPage;
|
$_SESSION['menu_current_page'] = $__currentPage;
|
||||||
include_once ('access.php');
|
// include_once ('access.php');
|
||||||
|
|
||||||
// echo "top_user:".$top_user.":Manoj";
|
// echo "top_user:".$top_user.":Manoj";
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user