$val) { if(strlen($val)>$interval) { $splitString[$key] .=wordwrap($val, $interval, $breakChr, true); $splitString[$key] .=''; $splitString[$key] .='
'; $interval = $interval- 1; $inc +=5; } } echo ''.implode(' ', $splitString).''; } function login($username, $password) { // Using prepared Statements means that SQL injection is not possible. $sqks= "select * from doctors where username='".mysql_real_escape_string(strtolower($_POST['username']))."' and password='".mysql_real_escape_string(strtolower($_POST['password']))."'"; $result=mysql_query($sqks); if ($row = mysql_fetch_object($result)){ $rec_count=mysql_num_rows($result); // $password = hash('sha512', $password.$username); // hash the password with the unique salt. if($rec_count == 1) { // If the user exists $db_password = $row->password; $user_id = $row->id; $username = $row->username; $name = $row->name; // We check if the account is locked from too many login attempts if($db_password == $password) { // Check if the password in the database matches the password the user submitted. $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user. $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value $_SESSION['user_id'] = $user_id; $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value $_SESSION['username'] = $username; $_SESSION['name'] = $name; $_SESSION['login_string'] = hash('sha512', $password.$ip_address.$user_browser); // Login successful. return true; } else { // Password is not correct // We record this attempt in the database $now = time(); // $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')"); return false; } } else { // No user exists. return false; } } } if(isset($_POST['username'], $_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; // The hashed password. if(login($email, $password) == true) { // Login success //echo 'Success: You have been logged in!'; } else { $log_message="Login failed"; } } if(isset($_POST['logout'])) { // Unset all session values $_SESSION = array(); // get session parameters $params = session_get_cookie_params(); // Delete the actual cookie. setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); // Destroy session session_destroy(); header('Location: '.MY_ROOT.'/'); } if(isset($_POST['npassword'],$_POST['cnpassword'])){ if($_POST['npassword'] == $_POST['cnpassword']){ $updates = "update doctors set password = '".mysql_real_escape_string($_POST['npassword'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } } if(isset($_POST['name'])){ $updates = "update doctors set name = '".mysql_real_escape_string($_POST['name'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); $_SESSION['name'] = mysql_real_escape_string($_POST['name']); } if(isset($_POST['position'])){ $updates = "update doctors set position = '".mysql_real_escape_string($_POST['position'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } if(isset($_POST['profile'])){ $updates = "update doctors set txt = '".mysql_real_escape_string($_POST['profile'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } if(isset($_POST['contact'])){ $updates = "update doctors set contact = '".mysql_real_escape_string($_POST['contact'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } if(isset($_POST['schedule'])){ $updates = "update doctors set schedule = '".mysql_real_escape_string($_POST['schedule'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } if(isset($_POST['links'])){ $updates = "update doctors set links = '".mysql_real_escape_string($_POST['links'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } if(isset($_POST['facebook'])){ $updates = "update doctors set facebook = '".mysql_real_escape_string($_POST['facebook'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } if(isset($_POST['twitter'])){ $updates = "update doctors set twitter = '".mysql_real_escape_string($_POST['twitter'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } if(isset($_POST['linkedin'])){ $updates = "update doctors set linkedin = '".mysql_real_escape_string($_POST['linkedin'])."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); } /* if ( preg_match("/\.(jpg|png|gif)$/", $_FILES['image']['name']) ){ $image = $_FILES['image']['name']; $real_image = $_FILES['image']['name']; $random_digit=rand(000000000,999999999); $image = 'profile_['.$random_digit.']'. $real_image; move_uploaded_file ($_FILES['image']['tmp_name'], MY_ROOT."/files/doctors/".$image ); $updates = "update doctors set image = '".mysql_real_escape_string($image)."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); exit; }*/ if(isset($_FILES['image'])){ $errors= array(); $file_name = $_FILES['image']['name']; $file_size =$_FILES['image']['size']; $file_tmp =$_FILES['image']['tmp_name']; $file_type=$_FILES['image']['type']; $file_ext=strtolower(end(explode('.',$_FILES['image']['name']))); $expensions= array("jpeg","jpg","png"); if(in_array($file_ext,$expensions)=== false){ $errors[]="extension not allowed, please choose a JPEG or PNG file."; } if($file_size > 2097152){ $errors[]='File size must be excately 2 MB'; } if(empty($errors)==true){ move_uploaded_file($file_tmp, 'files/doctors/'.$file_name); $updates = "update doctors set image = '".mysql_real_escape_string($file_name)."', active=1 where id=".mysql_real_escape_string($_SESSION['user_id']); mysql_query($updates); }else{ } } function getTitleByTable($table){ $sqlCat = "SELECT * FROM ".$table; $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return $Cat->title; } } function getFAQtitle($id){ $sqlCat = "SELECT * FROM faq_categories where id=".mysql_real_escape_string($id); $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return $Cat->title; } } function getDoctors($id){ $sqlCat = "SELECT * FROM doctors where id=".mysql_real_escape_string($id); $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return $Cat->name; } } function getSpeciality($id){ $sqlCat = "SELECT * FROM specialty where id=".mysql_real_escape_string($id); $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return $Cat->title; } } function getFirstId($table){ $sqlCat = "SELECT * FROM ".$table." order by pos limit 1"; $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return $Cat->id; } } function getHospitalImage($id){ $sqlCat = "SELECT * FROM hospital where id=".mysql_real_escape_string($id); $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return $Cat->image; } } function getMaternityImage($id){ $sqlCat = "SELECT * FROM maternity where id=".mysql_real_escape_string($id); $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return $Cat->image; } } function getMetaTitle($id){ $sqlCat = "SELECT * FROM metadata where ref=".mysql_real_escape_string($id); $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return html2txt($Cat->title); } } function getMetaDescription($id){ $sqlCat = "SELECT * FROM metadata where ref=".mysql_real_escape_string($id); $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return html2txt($Cat->description); } } function getMetaKeywords($id){ $sqlCat = "SELECT * FROM metadata where ref=".mysql_real_escape_string($id); $rsCat = mysql_query($sqlCat); if ($Cat = mysql_fetch_object($rsCat)){ return html2txt($Cat->keywords); } } function html2txt ( $document ) { $search = array ("']*?>.*?'si", // strip out javascript "'<[\/\!]*?[^<>]*?>'si", // strip out html tags "'([\r\n])[\s]+'", // strip out white space "'@@'", "'&(quot|#34|#034|#x22);'i", // replace html entities "'&(amp|#38|#038|#x26);'i", // added hexadecimal values "'&(lt|#60|#060|#x3c);'i", "'&(gt|#62|#062|#x3e);'i", "'&(nbsp|#160|#xa0);'i", "'&(iexcl|#161);'i", "'&(cent|#162);'i", "'&(pound|#163);'i", "'&(copy|#169);'i", "'&(reg|#174);'i", "'&(deg|#176);'i", "'&(#39|#039|#x27);'", "'&(euro|#8364);'i", // europe "'&a(uml|UML);'", // german "'&o(uml|UML);'", "'&u(uml|UML);'", "'&A(uml|UML);'", "'&O(uml|UML);'", "'&U(uml|UML);'", "'ß'i", ); $replace = array ( "", "", " ", "\"", "&", "<", ">", " ", chr(161), chr(162), chr(163), chr(169), chr(174), chr(176), chr(39), chr(128), "ä", "ö", "ü", "Ã�", "Ã�", "Ã�", "Ã�", ); $text = preg_replace($search,$replace,$document); return trim ( $text ); } function getCurrentUrl() { $url = @( $_SERVER["HTTPS"] != 'on' ) ? 'http://'.$_SERVER["SERVER_NAME"] : 'https://'.$_SERVER["SERVER_NAME"]; $url .= ( $_SERVER["SERVER_PORT"] !== 80 ) ? ":".$_SERVER["SERVER_PORT"] : ""; $url .= $_SERVER["REQUEST_URI"]; return $url; } function manageTitle($text){ //$text = preg_replace("[a-z0-9]","",$text); return cleanurl($text); } function cleanurl($url) { $url = str_replace(array("ä", "Ä"), "a", $url); // Additional Swedish filter $url = str_replace(array("å", "Å"), "a", $url); // Additional Swedish filter $url = str_replace(array("ö", "Ö"), "o", $url); // Additional Swedish filter $url = preg_replace("/[^a-z0-9\s\-]/i", "", $url); // Remove special characters $url = preg_replace("/\s\s+/", " ", $url); // Replace multiple spaces with one space $url = trim($url); // Remove trailing spaces $url = preg_replace("/\s/", "-", $url); // Replace all spaces with hyphens $url = preg_replace("/\-\-+/", "-", $url); // Replace multiple hyphens with one hyphen $url = preg_replace("/^\-|\-$/", "", $url); // Remove leading and trailing hyphens $url = strtolower($url); return $url; } ?> title; ?> Trad Hospital <?=$ntitle?>