hostName= $host; $this->userName= $user; $this->pwd= $pwd; $this->dbName= $database; } function dbLogin() { $this->mysqli= mysqli_connect($this->hostName, $this->userName, $this->pwd, $this->dbName) or die("Error Database :".mysqli_error($this->mysqli)); } function login() { $user= $this->escapeStr($_POST['username']); $pwd= $this->escapeStr(md5($_POST['password'])); $sql= "SELECT `login_id` FROM `travel_login` WHERE username= '$user' AND password= '$pwd'"; $rs= mysqli_query($this->mysqli,$sql); $row= mysqli_num_rows($rs); if($row==1){ $logid= mysqli_fetch_assoc($rs); $_SESSION['admin']= $logid['login_id']; $this->errorMsg=""; $path= "admin-dashboard.php"; $this->redirect($path); } else{ $this->getErrorMsg("Error: Invalid Login, Please try again..."); return false; } } function escapeStr($str) { return mysqli_real_escape_string($this->mysqli,trim($str)); } function getRecord($table,$col,$val){ $sql= "SELECT * FROM $table WHERE $col=$val"; $rs= mysqli_query($this->mysqli,$sql); $row= mysqli_fetch_assoc($rs); return $row; } function getErrorMsg($error) { $this->errorMsg= $error; } function redirect($url) { echo ""; } function checkLogin($check) { if(isset($_SESSION[$check]) && !empty($_SESSION[$check])) { return TRUE; } else { return FALSE; } } function logout($str) { unset($_SESSION[$str]); session_destroy(); return true; } function chg_pwd() { $row= $this->getRecord('travel_login','login_id',$_SESSION['admin']); if($row==true){ if(md5($_POST['current_pwd']) == $row['password']){ $hash_pass= $this->escapeStr(md5($_POST['new_pwd'])); $sql= "UPDATE `travel_login` SET `password`= '$hash_pass' WHERE `login_id`= '".$_SESSION['admin']."'"; $rs= mysqli_query($this->mysqli,$sql); if($rs==TRUE){ $pass= $_POST['new_pwd']; $sql2="UPDATE `password_admin` SET `password`= '$pass' WHERE `user_id`= '".$_SESSION['admin']."'"; $rs2= mysqli_query($this->mysqli,$sql2); $this->errorMsg= ''; $path= "changepass.php?msg=Password sucessfully changed..."; $this->redirect($path); } else{ $this->getErrorMsg(" Record not update..."); return false; } } else{ $this->getErrorMsg("Error: Current password not match, please try again..."); return false; } } else{ $this->getErrorMsg("Error: Record not update..."); return false; } } function getTable($table,$order){ $sql= "SELECT * FROM $table ORDER BY $order"; $rs= mysqli_query($this->mysqli,$sql); if(!empty($rs)){ $rows= array(); while($row= mysqli_fetch_assoc($rs)) { $rows[]= $row; } return $rows; } } function delete_multiple($col,$table,$page) { $muldel= $_POST['mul_del']; foreach($muldel as $del){ $sql= "DELETE FROM $table WHERE $col=$del"; $rs= mysqli_query($this->mysqli,$sql); } $this->errorMsg= ''; $path= $page."?msg=Record successfully deleted..."; $this->redirect($path); } public function randomString($length) { $str = ""; $characters = array_merge(range('A','Z'), range('a','z'), range('0','9')); $max = count($characters) - 1; for ($i = 0; $i < $length; $i++) { $rand = mt_rand(0, $max); $str .= $characters[$rand]; } return $str; } function sendSMS($send_message,$mobile_no){ #$send_message='You have registered successfully.Your Member Id is'; $sender_id="TRVLNO"; $user_name="trvlno"; $pass="trvlno"; $sms=str_replace(' ','%20',$send_message); $sms=str_replace("'",'%27',$sms); $url='http://108.170.9.205/api/mt/SendSMS?user='.$user_name.'&password='.$pass.'&senderid='.$sender_id.'&channel=2&DCS=0&flashsms=0&number='.$mobile_no.'&text='.$sms.'&route=1'; file_get_contents($url); } function news() { $title= $this->escapeStr($_POST['news_title']); $date= $this->escapeStr($_POST['news_date']); $msg= $this->escapeStr($_POST['news_msg']); $img= $_FILES['news_photo']['name']; $loc= $_FILES['news_photo']['tmp_name']; if(!empty($img)) { $image_a= explode('.',$img); $ext= end($image_a); $image= 'NEWS'.time().'.'.$ext; if(!empty($_POST['news_photo'])){ if(is_file('upload/news/'.$_POST['news_photo'])){ unlink('upload/news/'.$_POST['news_photo']); } } move_uploaded_file($loc,'upload/news/'.$image); } else{ $image= $_POST['news_photo']; } if(!empty($_POST['news_id'])){ $id= $_POST['news_id']; $sql= "UPDATE `news` SET `news_title`='$title', `news_date`='$date', `news_msg`='$msg', `news_photo`='$image' WHERE `news_id`=$id"; $path= "news.php?msg=News successfully updated..."; } else{ echo $sql= "INSERT INTO `news` (`news_title`,`news_date`,`news_msg`,`news_photo`) VALUES ('$title','$date','$msg','$image')"; $path= "news.php?msg=News successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Record is not inserted, Please try again..."); return false; } } function Testimonial() { $name= $this->escapeStr($_POST['name']); $mesg= $this->escapeStr($_POST['testi_msg']); $file_size= $_FILES['testi_img']['size']; $img= $_FILES['testi_img']['name']; $loc= $_FILES['testi_img']['tmp_name']; if(!empty($img)) { $image_a= explode('.',$img); $ext= end($image_a); $image= 'test'.time().'.'.$ext; if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'JPG' || $ext == 'JPEG' || $ext == 'PNG' && $file_size) { if(!empty($_POST['testi_img'])) { if(is_file('upload/test/'.$_POST['testi_img'])) { unlink('upload/test/'.$_POST['testi_img']); } } move_uploaded_file($loc,'upload/test/'.$image); }else{ $this->errorMsg= 'Please Upload 391kb image only'; return false; } }else{ $image= $_POST['testi_img']; } if(!empty($_POST['testi_id'])){ $id= $_POST['testi_id']; $sql= "UPDATE `testimonial` SET `name`='$name',`testi_msg`='$mesg', `testi_img`='$image', `testi_date`=NOW() WHERE `testi_id`=$id"; $path= "testimonial.php?msg=Record successfully updated..."; } else{ $sql= "INSERT INTO `testimonial` (`name`,`testi_msg`, `testi_img`, `testi_date`) VALUES ('$name', '$mesg','$image', NOW()); "; $path= "testimonial.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Record Not Inserted Please try again..."); return false; } } function enquery(){ $name= $this->escapeStr($_POST['enquiry_name']); $email= $this->escapeStr($_POST['enquiry_email']); $mob= $this->escapeStr($_POST['enquiry_contact']); $message= $this->escapeStr($_POST['enquiry_message']); /*print "
"; print_r($_REQUEST); exit;*/ $sql= "INSERT INTO `enquiry` (`enquiry_name`, `enquiry_email`, `enquiry_contact`, `enquiry_message`, `enquiry_date`) VALUES ('$name', '$email', '$mob', '$message', NOW())"; $path= "contact.php?msg=Record successfully saved..."; $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ /*$send_message="Amita Multispeciality Hospital & Research Centre you have an enquiry from- ".strtoupper($_POST['enquiry_name']). ", have an query -".$_POST['enquiry_message'].". User Mobile no. is -'".$_POST['enquiry_contact']."' and Email Id is-'".$_POST['enquiry_email']."'.amitahospital2020@gmail.com"; $mobile_no= "7499287045"; $this->sendSMS($send_message,$mobile_no);*/ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Record is not inserted, Please try again..."); return false; } } function appointment(){ $name= $this->escapeStr($_POST['app_name']); $age= $this->escapeStr($_POST['app_age']); $email= $this->escapeStr($_POST['app_email']); $mob= $this->escapeStr($_POST['app_mobile']); $doctor= $this->escapeStr($_POST['doc_id']); $massage= $this->escapeStr($_POST['app_massage']); /*print ""; print_r($_REQUEST); exit;*/ $sql= "INSERT INTO `appointment` (`app_name`, `app_email`, `app_age`, `app_mobile`, `doc_id`, `app_massage`, `app_date`) VALUES ('$name', '$email', '$age', '$mob', '$doctor','$massage', NOW())"; $path= "appointment.php?msg=Record successfully saved..."; $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ /*$send_message="Amita Multispeciality Hospital & Research Centre you have an Appointment from- ".strtoupper($_POST['app_name']). ", have an query -".$_POST['app_massage'].". User Mobile no. is -'".$_POST['mob']."' and Email Id is-'".$_POST['email']."'. amitahospital2020@gmail.com"; $mobile_no= "7499287045"; $this->sendSMS($send_message,$mobile_no);*/ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Record is not inserted, Please try again..."); return false; } } function video() { $video_title= $this->escapeStr($_POST['video_title']); $video_link = $this->escapeStr($_POST['video_link']); $link= html_entity_decode($video_link); if(!empty($_POST['video_id'])) { $id= $_POST['video_id']; $sql= "UPDATE `video` SET `video_title`='$video_title', `video_link`='$link' WHERE `video_id`=$id"; $path= "video.php?msg=Vedio successfully updated..."; }else{ $sql= "INSERT INTO `video` (`video_title`,`video_link`,`video_date`) VALUES ('$video_title','$link',NOW())"; $path= "video.php?msg=Vedio successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE) { $this->errorMsg= ''; $this->redirect($path); }else{ $this->getErrorMsg("Error: Record is not inserted, Please try again..."); return false; } } function patient() { /*print ""; print_r($_FILES); exit;*/ $deparment= $this->escapeStr($_POST['department_id']); $treat_for= $this->escapeStr($_POST['pat_treat_for']); $treat_by= $this->escapeStr($_POST['pat_treat_by']); $location= $this->escapeStr($_POST['pat_location']); $procedure= $this->escapeStr($_POST['pat_procedure']); $video= html_entity_decode($this->escapeStr($_POST['pat_video'])); $descr= $this->escapeStr($_POST['pat_descr']); if(!empty($_POST['pat_id'])){ $id= $_POST['pat_id']; $sql= "UPDATE `patient` SET `department_id`='$deparment', `pat_treat_for`='$treat_for', `pat_treat_by`='$treat_by', `pat_location`='$location', `pat_procedure`='$procedure', `pat_video`='$video', `pat_descr`='$descr', `pat_date`=NOW() WHERE `pat_id`=$id"; $path= "patient.php?msg=Record successfully updated..."; } else{ $sql= "INSERT INTO `patient` (`department_id`,`pat_treat_for`,`pat_treat_by`,`pat_location`,`pat_procedure`,`pat_video`,`pat_descr`,`pat_date`) VALUES ('$deparment','$treat_for','$treat_by','$location','$procedure','$video','$descr',NOW())"; $path= "patient.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Database error..."); return false; } } function consultant() { /*print ""; print_r($_FILES); exit;*/ $img= $_FILES['doc_image']['name']; $loc= $_FILES['doc_image']['tmp_name']; if(!empty($img)) { $img_a= explode('.',$img); $ext= end($img_a); $image= 'doct'.time().'.'.$ext; if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'JPG' || $ext == 'JPEG' || $ext == 'PNG') { if(!empty($_POST['doc_image'])) { if(is_file('upload/doctor/'.$_POST['doc_image'])) { unlink('upload/doctor/'.$_POST['doc_image']); } } move_uploaded_file($loc,'upload/doctor/'.$image); }else{ $this->errorMsg= 'Please Upload 2mb image only'; return false; } }else{ $image= $_POST['doc_image']; } $name= $this->escapeStr($_POST['doc_name']); $quali= $this->escapeStr($_POST['doc_quali']); $department= $this->escapeStr($_POST['department_id']); $designation= $this->escapeStr($_POST['doc_designation']); $phone= $this->escapeStr($_POST['doc_phone']); $email= $this->escapeStr($_POST['doc_email']); $descraption= $this->escapeStr($_POST['doc_descraption']); $date= $this->escapeStr($_POST['sub_date']); if(!empty($_POST['doc_id'])) { $id= $_POST['doc_id']; $sql= "UPDATE `consultant` SET `doc_name`='$name', `doc_quali`='$quali', `department_id`='$department', `doc_designation`='$designation', `doc_phone`='$phone',`doc_email`='$email',`doc_descraption`='$descraption', `doc_image`='$image', `sub_date`='$date' WHERE `doc_id`=$id"; $path= "consultant.php?msg=Record successfully updated..."; }else{ $sql= "INSERT INTO `consultant` (`doc_name`,`doc_quali`,`department_id`,`doc_designation`,`doc_phone`,`doc_email`,`doc_descraption`,`doc_image`,`sub_date`) VALUES ('$name','$quali','$department','$designation','$phone','$email','$descraption','$image','$date')"; $path= "consultant.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE) { $this->errorMsg= ''; $this->redirect($path); }else{ $this->getErrorMsg("Error: Database error..."); return false; } } function destination() { /*print ""; print_r($_FILES); exit;*/ $img= $_FILES['dest_img']['name']; $loc= $_FILES['dest_img']['tmp_name']; if(!empty($img)) { $img_a= explode('.',$img); $ext= end($img_a); $image= 'dest'.time().'.'.$ext; if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'JPG' || $ext == 'JPEG' || $ext == 'PNG'){ if(!empty($_POST['dest_img'])){ if(is_file('upload/dest/'.$_POST['dest_img'])){ unlink('upload/dest/'.$_POST['dest_img']); } } move_uploaded_file($loc,'upload/dest/'.$image); } else{ $this->errorMsg= 'Please Upload 2mb image only'; return false; } } else{ $image= $_POST['dest_img']; } $dest_title= $this->escapeStr($_POST['dest_title']); $dest_add= $this->escapeStr($_POST['dest_add']); if(!empty($_POST['dest_id'])){ $id= $_POST['dest_id']; $sql= "UPDATE `destination` SET `dest_title`='$dest_title', `dest_add`='$dest_add', `dest_img`='$image', `dest_date`=NOW() WHERE `dest_id`=$id"; $path= "destination.php?msg=Record successfully updated..."; } else{ $sql= "INSERT INTO `destination` (`dest_title`,`dest_add`,`dest_img`,`dest_date`) VALUES ('$dest_title','$dest_add','$image',NOW())"; $path= "destination.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Database error..."); return false; } } function sub_department() { /*print ""; print_r($_FILES); exit;*/ $img= $_FILES['dep_img']['name']; $loc= $_FILES['dep_img']['tmp_name']; if(!empty($img)) { $img_a= explode('.',$img); $ext= end($img_a); $image= 'dep'.time().'.'.$ext; if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'JPG' || $ext == 'JPEG' || $ext == 'PNG') { if(!empty($_POST['dep_img'])) { if(is_file('upload/sub_depart/'.$_POST['dep_img'])) { unlink('upload/sub_depart/'.$_POST['dep_img']); } } move_uploaded_file($loc,'upload/sub_depart/'.$image); }else{ $this->errorMsg= 'Please Upload 2mb image only'; return false; } }else{ $image= $_POST['dep_img']; } $department= $this->escapeStr($_POST['department_id']); $sub_department= $this->escapeStr($_POST['sub_dep_title']); $descraption= $this->escapeStr($_POST['sub_dep_des']); if(!empty($_POST['sub_dep_id'])) { $id= $_POST['sub_dep_id']; $sql= "UPDATE `sub_department` SET `department_id`='$department',`sub_dep_title`='$sub_department', `sub_dep_des`='$descraption', `dep_img`='$image' WHERE `sub_dep_id`=$id"; $path= "sub_department.php?msg=Record successfully updated..."; }else{ $sql= "INSERT INTO `sub_department` (`department_id`,`sub_dep_title`,`sub_dep_des`,`dep_img`,`sub_date`) VALUES ('$department','$sub_department','$descraption','$image',NOW())"; $path= "sub_department.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE) { $this->errorMsg= ''; $this->redirect($path); }else{ $this->getErrorMsg("Error: Database error..."); return false; } } function accreditation() { /*print ""; print_r($_FILES); exit;*/ $img= $_FILES['acc_img']['name']; $loc= $_FILES['acc_img']['tmp_name']; if(!empty($img)) { $img_a= explode('.',$img); $ext= end($img_a); $image= 'acc'.time().'.'.$ext; if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'JPG' || $ext == 'JPEG' || $ext == 'PNG'){ if(!empty($_POST['acc_img'])){ if(is_file('upload/accreditation/'.$_POST['acc_img'])){ unlink('upload/accreditation/'.$_POST['acc_img']); } } move_uploaded_file($loc,'upload/accreditation/'.$image); } else{ $this->errorMsg= 'Please Upload 2mb image only'; return false; } } else{ $image= $_POST['acc_img']; } $acc_title= $this->escapeStr($_POST['acc_title']); if(!empty($_POST['acc_id'])){ $id= $_POST['acc_id']; $sql= "UPDATE `accreditation` SET `acc_title`='$acc_title',`acc_img`='$image' ,`date`=NOW() WHERE `acc_id`=$id"; $path= "accreditation.php?msg=Record successfully updated..."; } else{ $sql= "INSERT INTO `accreditation` (`acc_title`,`acc_img`,`date`) VALUES ('$acc_title','$image',NOW())"; $path= "accreditation.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Database error..."); return false; } } function empanelments() { /*print ""; print_r($_FILES); exit;*/ $img= $_FILES['emp_img']['name']; $loc= $_FILES['emp_img']['tmp_name']; if(!empty($img)) { $img_a= explode('.',$img); $ext= end($img_a); $image= 'emp'.time().'.'.$ext; if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'JPG' || $ext == 'JPEG' || $ext == 'PNG'){ if(!empty($_POST['acc_img'])){ if(is_file('upload/empanelments/'.$_POST['emp_img'])){ unlink('upload/empanelments/'.$_POST['emp_img']); } } move_uploaded_file($loc,'upload/empanelments/'.$image); } else{ $this->errorMsg= 'Please Upload 2mb image only'; return false; } } else{ $image= $_POST['emp_img']; } $emp_title= $this->escapeStr($_POST['emp_company']); if(!empty($_POST['emp_id'])){ $id= $_POST['emp_id']; $sql= "UPDATE `empanelments` SET `emp_company`='$emp_title',`emp_img`='$image' ,`date`=NOW() WHERE `emp_id`=$id"; $path= "empanelments.php?msg=Record successfully updated..."; } else{ $sql= "INSERT INTO `empanelments` (`emp_company`,`emp_img`,`date`) VALUES ('$emp_title','$image',NOW())"; $path= "empanelments.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Database error..."); return false; } } function department() { /*print ""; print_r($_POST); exit;*/ $departm= $this->escapeStr($_POST['department_name']); $date= date('Y-m-d'); if(!empty($_POST['department_id'])) { $id= $_POST['department_id']; $sql= "UPDATE `department` SET `department_name`='$departm' WHERE `department_id`=$id"; $path= "department.php?msg=Record successfully updated..."; }else{ $sql= "INSERT INTO `department` (`department_name`, `sub_date`) VALUES ('$departm', '$date')"; $path= "department.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE) { $this->errorMsg= ''; $this->redirect($path); }else{ $this->getErrorMsg("Error: Database error..."); return false; } } function gallery() { /*print ""; print_r($_FILES); exit;*/ $img= $_FILES['gal_image']['name']; $loc= $_FILES['gal_image']['tmp_name']; if(!empty($img)) { $img_a= explode('.',$img); $ext= end($img_a); $image= 'gallery'.time().'.'.$ext; if($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'JPG' || $ext == 'JPEG' || $ext == 'PNG'){ if(!empty($_POST['gal_image'])){ if(is_file('upload/gallery/'.$_POST['gal_image'])){ unlink('upload/gallery/'.$_POST['gal_image']); } } move_uploaded_file($loc,'upload/gallery/'.$image); } else{ $this->errorMsg= 'Please Upload 2mb image only'; return false; } } else{ $image= $_POST['gal_image']; } $gal_type= $this->escapeStr($_POST['gal_type']); $gal_tittle= $this->escapeStr($_POST['gal_tittle']); if(!empty($_POST['gal_id'])){ $id= $_POST['gal_id']; $sql= "UPDATE `gallery` SET `gal_type`='$gal_type', `gal_tittle`='$gal_tittle',`gal_image`='$image' ,`gal_date`=NOW() WHERE `gal_id`=$id"; $path= "gallery.php?msg=Record successfully updated..."; } else{ $sql= "INSERT INTO `gallery` (`gal_type`,`gal_tittle`,`gal_image`,`gal_date`) VALUES ('$gal_type','$gal_tittle','$image',NOW())"; $path= "gallery.php?msg=Record successfully saved..."; } $rs= mysqli_query($this->mysqli,$sql); if($rs== TRUE){ $this->errorMsg= ''; $this->redirect($path); } else{ $this->getErrorMsg("Error: Database error..."); return false; } } } ?>