Tuesday, August 30, 2022

functions data

 <?php

function string_sanitize($string){

global $db_conx;

return mysqli_real_escape_string($db_conx, str_replace("'","",stripslashes(htmlentities(strip_tags($string)))));

}

function string_sanitize2($string){

global $db_conx;

return mysqli_real_escape_string($db_conx, str_replace(`'`,``,stripslashes(htmlentities(strip_tags($string)))));

}

function encryptedPassword($password){

return openssl_encrypt($password, "AES-128-ECB", SECRETKEY);

}

function decryptedPassword($password){

return openssl_decrypt($password, "AES-128-ECB", SECRETKEY);

}

function get_login($username,$password)

{

global $db_conx;

$encrypted = encryptedPassword($password); 

//$sql = "select * from users where username = '".$username."' and password = '".$password."' and status = 1";

$sql = "select u.*, p.rname, cl.* 

from users u 

LEFT JOIN post_t p 

    ON u.post_id = p.rid

    LEFT JOIN clinic_master cl

    ON u.cid = cl.cid

where u.username = '".$username."' and u.password = '".$encrypted."' ";

//where u.username = '".$username."' and u.password = '".$encrypted."' and u.status = 1 and u.display = 1 and u.islogin = 0";

return $loginchk = mysqli_query($db_conx,$sql);

//return mysqli_num_rows($loginchk);

}

function generateRandomString($length = 15) {

    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

    $charactersLength = strlen($characters);

    $randomString = '';

    for ($i = 0; $i < $length; $i++) {

        $randomString .= $characters[rand(0, $charactersLength - 1)];

    }

    return $randomString;

}

function loggeduser(){

global $db_conx;


$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$ip = $_SERVER['REMOTE_ADDR']; 

$datetime = date('Y-m-d H:i:s');

//$browser = "test";

$logsession = $_SESSION['token'];

//echo $_SERVER['HTTP_USER_AGENT'];

$browser = $_SERVER['HTTP_USER_AGENT'];


$sql = "INSERT INTO `users_login_log` (`cid`, `userid`,`logindatetime`,`ipaddress`,`token`,`browsername`) VALUES ('".$cid."', '".$userid."','".$datetime."','".$ip."','".$logsession."','".$browser."' ) ";

$runquery = mysqli_query($db_conx,$sql);



}

function setIsLogin(){

global $db_conx;

$userid = $_SESSION['userid'];

$logsession = $_SESSION['token'];

$sql = "UPDATE `users` SET `islogin` = '1', `loginToken` = '".$logsession."' WHERE `userid` = '".(int)$userid."'";

$runquery = mysqli_query($db_conx,$sql);

}

function get_alias($name)

{

$alias = str_replace(array(':', '\\', '/','--', '-','_', '__', '*', ' ', '+', '!', '=', '(', ')',' &amp; ',' &amp;','&amp;', ' & ', '&', '%', '"', ';'), '-', $name);

return $alias;

}

function string_texteditor($text)

{

global $db_conx;

return mysqli_real_escape_string($db_conx, str_replace("'","",$text));

}


function check_alias($table_name, $value)

{

global $db_conx;

$select = mysqli_query($db_conx, "SELECT alias FROM ".$table_name." WHERE alias = '".$value."'");

if(mysqli_num_rows($select) == 0)

{

return $value;

}

else

{

$new_value = $value.'2';

return check_alias($table_name, $new_value);

}

}

function is_admin_auth(){

global $db_conx;

if(!isset($_SESSION['username']) && !isset($_SESSION['password'])) return false;

$sql = "SELECT id FROM admin WHERE emailid = '".$_SESSION['username']."' AND password = '".$_SESSION['password']."'";

$result = mysqli_query($db_conx, $sql);

if($row = mysqli_fetch_assoc($result)) return true;

else return false;

}

function is_login(){

global $db_conx;

$logsession = $_SESSION['token'];

if(!isset($_SESSION['username']) && !isset($_SESSION['password'])) return false;

$sql = "SELECT userid FROM users WHERE username = '".$_SESSION['username']."' AND password = '".$_SESSION['encryptedPassword']."' AND islogin = '1' AND loginToken = '".$logsession."' ";

$result = mysqli_query($db_conx, $sql);

//exit;

if($row = mysqli_fetch_assoc($result)) return true;

else return false;

}

function get_logged_user(){

global $db_conx;

if(!isset($_SESSION['userid']) && !isset($_SESSION['password'])) return false;

$sql = "SELECT u.*, cl.* FROM users u

LEFT JOIN clinic_master cl

    ON u.cid = cl.cid

WHERE u.userid = '".$_SESSION['userid']."' AND u.password = '".$_SESSION['encryptedPassword']."'";

$result = mysqli_query($db_conx, $sql);

return $row[] = mysqli_fetch_assoc($result);

}


/*function get_user($user_id){

global $db_conx;

if($user_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM user WHERE id = '".(int)$user_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}*/

function logOutuser(){

global $db_conx;


$userid = $_SESSION['userid'];

$datetime = date('Y-m-d H:i:s');

$logsession = $_SESSION['token'];


$sql = "UPDATE `users_login_log` SET logoutdatetime = '".$datetime."' WHERE `token` = '".$logsession."' AND `userid` = '".$userid."'";

$runquery = mysqli_query($db_conx,$sql);


//reset login

$sql1 = "UPDATE `users` SET `islogin` = '0', `loginToken` = NULL WHERE `userid` = '".(int)$userid."'";

$runquery = mysqli_query($db_conx,$sql1);

}

function get_all_user(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM user WHERE first_name != '' ");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function addRole($role,$status){

global $db_conx;

$userid = $_SESSION['userid'];

$sql = "INSERT INTO `post_t` (rname, status, enteredby, entereddatetime) VALUES ('$role', '$status', '$userid', CURRENT_TIMESTAMP)";

return $runquery = mysqli_query($db_conx, $sql);

}


function getallrolelist(){

global $db_conx;

$ret = array();

$sql =  "SELECT * FROM `post_t` ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getrolebyid($id){

global $db_conx;

$ret = array();

$id =  string_sanitize($id);

$sql =  "SELECT * FROM `post_t` WHERE rid = ''";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_specific_data($table, $where, $order='', $limit=''){

        global $db_conx;

        $sql = "SELECT * FROM ".$table." WHERE ".$where." ".$order." ".$limit; 

        $result = mysqli_query($db_conx, $sql);

        if(mysqli_num_rows($result) == 1){

            return $ret = mysqli_fetch_assoc($result);

        }else{

            return '';

        }

    }

function edit_role_by_id($id_edit,$fullname_edit,$status_edit){

global $db_conx;

$id_edit = string_sanitize($id_edit);

$fullname_edit = string_sanitize($fullname_edit);

$status_edit = string_sanitize($status_edit);

$userid = string_sanitize($_SESSION['userid']);

$datetime = date('Y-m-d H:i:s');

$sql = "UPDATE  `post_t` SET rname = '".$fullname_edit."', status = '".$status_edit."', updatedby = '".$userid."', updatedatetime = '".$datetime."' WHERE id = '".$id_edit."' ";

$runquery = mysqli_query($db_conx,$sql);

if($runquery === TRUE){

return 1;

}else{

return 0;

}

}

function getactiverolelist(){

global $db_conx;

$ret = array();

$sql =  "SELECT * FROM `post_t` WHERE status = '1'";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_all_users(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM users WHERE userid != '' AND display = '1' AND admin is NULL ORDER BY userid DESC");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}
















function get_ups_credentials(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM ups_shipping_credentials WHERE ups_accesskey != '' ");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_authorize_credentials(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM authorize_setting WHERE api_login_key != '' ");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function is_customer_auth(){

global $db_conx;

if(!isset($_SESSION['globacom_customer']) && !isset($_SESSION['globacom_customer_password'])) return false;

$sql = "SELECT customer_id FROM customer WHERE username = '".$_SESSION['globacom_customer']."' AND password = '".$_SESSION['globacom_customer_password']."'";

$result = mysqli_query($db_conx, $sql);

if($row = mysqli_fetch_assoc($result)) return true;

else return false;

}


function add_category($category_name, $file_name, $sort_no = "0", $description){

global $db_conx;

if($category_name != ""){

$category_name = string_sanitize($category_name);

$category_name = strtolower($category_name);

//$alias = str_replace(' ', '-', $category_name);

$table_name = 'category';

$alias = get_alias($category_name);

$alias_final = check_alias($table_name, $alias);

$sort_no = string_sanitize($sort_no);

$description = string_texteditor($description);

$status = "1";

$url = $_SERVER['REQUEST_URI'];

//$sub_category = string_sanitize($sub_category);

$sql = "INSERT INTO category(category_name, alias, sort_no, category_image, date_added, description, status) VALUES ('".$category_name."', '".$alias_final."', '".(int)$sort_no."', '".$file_name."', now(), '".$description."', '".$status."')";

$insertproduct = mysqli_query($db_conx, $sql);


if ($insertproduct === TRUE)

{

return mysqli_insert_id($db_conx);

}

else

{

return false;

}


}

}

function add_home_slide( $file_name){

global $db_conx;

//if($file_name != ""){

//$category_name = string_sanitize($category_name);

//$category_name = strtolower($category_name);

//$alias = str_replace(' ', '-', $category_name);

$table_name = 'home_slider';

//$alias = get_alias($category_name);

//$alias_final = check_alias($table_name, $alias);

//$sort_no = string_sanitize($sort_no);

//$description = string_texteditor($description);

//$status = "1";

$url = $_SERVER['REQUEST_URI'];

//$sub_category = string_sanitize($sub_category);

$slide_sql = "INSERT INTO home_slider(image) VALUES ('".$file_name."')";

$insertproduct = mysqli_query($db_conx, $slide_sql);


if ($insertproduct === TRUE)

{

return mysqli_insert_id($db_conx);

}

else

{

return false;

}


//}

}


function edit_category($category_name, $sort_no = "0", $category_id, $file_name, $description){

global $db_conx;

if($category_name != "" && $category_id != ""){

$category_name = string_sanitize($category_name);

$category_name = strtolower($category_name);

$alias = get_alias($category_name);

$table_name = 'category';

$alias_final = check_alias($table_name, $alias);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-',  $category_name);

$sort_no = string_sanitize($sort_no);

$description = string_texteditor($description);


//$sub_category = string_sanitize($sub_category);

$updatecategory = "UPDATE category SET category_name = '".$category_name."', alias = '".$alias_final."', sort_no = '".(int)$sort_no."', category_image = '".$file_name."', description = '".$description."'  WHERE category_id = '".(int)$category_id."'";

if(mysqli_query($db_conx, $updatecategory))

{

return true;

}

else

{

return false;

}

}

}


function edit_home_slider($file_name, $slide_id){

global $db_conx;

//if($slide_id == ""){

$slide_id = string_sanitize($slide_id);

$table_name = 'home_slider';

//$alias_final = check_alias($table_name, $alias);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-',  $category_name);

//$sort_no = string_sanitize($sort_no);

//$description = string_texteditor($description);


//$sub_category = string_sanitize($sub_category);

$updatehome_slider = "UPDATE home_slider SET image = '".$file_name."' WHERE slide_id = '".(int)$slide_id."'";

if(mysqli_query($db_conx, $updatehome_slider))

{

return true;

}

else

{

return false;

}

//}

}


function edit_advertise1($add_id, $file_name){

global $db_conx;

//if($slide_id == ""){

$add_id = string_sanitize($add_id);

$table_name = 'advertise1';

//$alias_final = check_alias($table_name, $alias);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-',  $category_name);

//$sort_no = string_sanitize($sort_no);

//$description = string_texteditor($description);


//$sub_category = string_sanitize($sub_category);

$updateadd1 = "UPDATE advertise1 SET image = '".$file_name."' WHERE add_id = '".(int)$add_id."'";

if(mysqli_query($db_conx, $updateadd1))

{

return true;

}

else

{

return false;

}

//}

}


function edit_advertise2($add2_id, $file_name){

global $db_conx;

//if($slide_id == ""){

$add2_id = string_sanitize($add2_id);

$table_name = 'advertise2';

//$alias_final = check_alias($table_name, $alias);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-',  $category_name);

//$sort_no = string_sanitize($sort_no);

//$description = string_texteditor($description);


//$sub_category = string_sanitize($sub_category);

$updateadd2 = "UPDATE advertise2 SET image1 = '".$file_name."' WHERE add2_id = '".(int)$add2_id."'";

if(mysqli_query($db_conx, $updateadd2))

{

return true;

}

else

{

return false;

}

//}

}


function add_subcategory($subcategory_name, $category_id, $sort_no = "0", $file_name, $description){

global $db_conx;

if($subcategory_name !== '' && $category_id !== ''){

$subcategory_name = string_sanitize($subcategory_name);

$subcategory_name = strtolower($subcategory_name);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-', $subcategory_name);

$alias = get_alias($subcategory_name);

$table_name = 'subcategory';

$alias_final = check_alias($table_name, $alias);

$sort_no = string_sanitize($sort_no);

$description = string_texteditor($description);

$status = "1";

$insertsubcategory =mysqli_query($db_conx, "INSERT INTO subcategory(subcategory_name, alias, category_id, sort_no, subcategory_image, date_added, description, status) VALUES ('".$subcategory_name."', '".$alias_final."', '".$category_id."', '".(int)$sort_no."', '".$file_name."', now(), '".$description."', '".$status."')");

if ($insertsubcategory === TRUE)

{

return mysqli_insert_id($db_conx);

}

else

{

return false;

}

}

}


function get_category($category_id){

global $db_conx;

if($category_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM category WHERE category_id = '".(int)$category_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_categoryName($catid){

global $db_conx;

if($catid != ""){

$select = mysqli_query($db_conx, "SELECT * FROM category WHERE category_id = '".(int)$catid."'");

return $row[] = mysqli_fetch_assoc($select);

}

}

function get_subcategoryName($subcatid){

global $db_conx;

if($subcatid != ""){

$select = mysqli_query($db_conx, "SELECT * FROM subcategory WHERE subcategory_id = '".(int)$subcatid."'");

return $row[] = mysqli_fetch_assoc($select);

}

}

function get_supersubcategoryName($supersubcatid){

global $db_conx;

if($supersubcatid != ""){

$select = mysqli_query($db_conx, "SELECT * FROM supersubcategory WHERE supersubcategory_id = '".(int)$supersubcatid."'");

return $row[] = mysqli_fetch_assoc($select);

}

}

/*

function get_all_category(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM category WHERE category_name != '' ORDER BY sort_no");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

*/

function get_all_home_slider(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM home_slider");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_all_add1(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM advertise1");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_all_add2(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM advertise2");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_all_category_status(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM category WHERE category_name != '' and status = '1' GROUP BY category_name");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_all_subcategory(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM subcategory WHERE subcategory_name != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_subcategory($catid){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM subcategory WHERE category_id = '".$catid."' GROUP BY subcategory_name");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_all_sub_category($category_name){

global $db_conx;

if($category_name != ""){

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM category WHERE category_name = '".$category_name."' GROUP BY sub_category");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

}


function edit_subcategory($subcategory_name, $sort_no = "0", $category_id, $subcategory_id, $file_name, $description)

{

global $db_conx;

if($subcategory_name != "" && $subcategory_id != "" && $category_id != ""){

$subcategory_name = string_sanitize($subcategory_name);

$subcategory_name = strtolower($subcategory_name);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-',  $subcategory_name);

$alias = get_alias($subcategory_name);

$table_name = 'subcategory';

$alias_final = check_alias($table_name, $alias);

$sort_no = string_sanitize($sort_no);

$subcategory_id = string_sanitize($subcategory_id);

$category_id = string_sanitize($category_id);

$description = string_texteditor($description);

//$sub_category = string_sanitize($sub_category);

$query_result = mysqli_query($db_conx, "UPDATE subcategory SET subcategory_name = '".$subcategory_name."', category_id = '".$category_id."', sort_no = '".(int)$sort_no."', subcategory_image = '".$file_name."', alias = '".$alias_final."',  description = '".$description."'  WHERE subcategory_id = '".(int)$subcategory_id."'");

if(!$query_result){

return false;

}else{

return true;

}

}

}


function edit_supersubcategory($supersubcategory_name, $subcategory_id, $sort_no = "0", $category_id, $supersubcatid, $file_name, $description)

{

global $db_conx;

if($supersubcategory_name != "" && $category_id != "" && $supersubcatid != ""){

$supersubcategory_name = string_sanitize($supersubcategory_name);

$supersubcategory_name = strtolower($supersubcategory_name);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-',  $supersubcategory_name);

$alias = get_alias($supersubcategory_name);

$table_name = 'supersubcategory';

$alias_final = check_alias($table_name, $alias);

$sort_no = string_sanitize($sort_no);

$subcategory_id = string_sanitize($subcategory_id);

$category_id = string_sanitize($category_id);

$supersubcatid = string_sanitize($supersubcatid);

$description = string_texteditor($description);

$query_result = mysqli_query($db_conx, "UPDATE supersubcategory SET supersubcategory_name = '".$supersubcategory_name."', alias = '".$alias_final."', category_id = '".$category_id."', subcategory_id = '".$subcategory_id."', sort_no = '".(int)$sort_no."', supersubcategory_image = '".$file_name."', description = '".$description."'  WHERE supersubcategory_id = '".(int)$supersubcatid."'");

if(!$query_result){

return false;

}else{

return true;

}

}

}


/*

function getsubcategory($q){

global $db_conx;

if($q != ""){

$sql = "SELECT * FROM subcategory WHERE category_id = '".(int)$q."'";

$select = mysqli_query($db_conx,$sql);

echo "<select name=\"subcatagory_name\">";

while($row = mysqli_fetch_assoc($select))

{

echo "<option value=".$row['subcategory_id'].">" . $row['subcategory_name'] . "</option>";

echo "</select>";

}

}

*/

function add_supersubcategory($supersubcategory_name, $subcategory_id, $category_id, $sort_no = "0", $file_name, $description){

global $db_conx;

if($supersubcategory_name != "" && $category_id != "" && $subcategory_id !=""){

$supersubcategory_name = string_sanitize($supersubcategory_name);

$supersubcategory_name = strtolower($supersubcategory_name);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-', $supersubcategory_name);

$alias = get_alias($supersubcategory_name);

$table_name = 'supersubcategory';

$alias_final = check_alias($table_name, $alias);

$subcategory_id = string_sanitize($subcategory_id);

$category_id = string_sanitize($category_id);

$sort_no = string_sanitize($sort_no);

$description = string_texteditor($description);

$status = '1';

$sql = "INSERT INTO supersubcategory(supersubcategory_name, alias, category_id, subcategory_id, sort_no, supersubcategory_image, date_added, description, status) VALUES ('".$supersubcategory_name."', '".$alias_final."', '".$category_id."', '".$subcategory_id."', '".(int)$sort_no."', '".$file_name."', now(), '".$description."', '".$status."')";

//echo '<script type="text/javascript">alert('.$sql.');</script>';

mysqli_query($db_conx, $sql);

return mysqli_insert_id($db_conx);

}

}


function get_all_supersubcategory(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM supersubcategory WHERE supersubcategory_name != '' GROUP BY supersubcategory_name");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function add_company($company_name, $sort_no = ""){

global $db_conx;

if($company_name != ""){

$company_name = string_sanitize($company_name);

$sort_no = string_sanitize($sort_no);

if($sort_no == ""){

$get_last_sort = mysqli_fetch_assoc(mysqli_query($db_conx, "SELECT * FROM company ORDER BY sort_no DESC LIMIT 1"));

$sort_no = $get_last_sort['sort_no'] + 1;

}

mysqli_query($db_conx, "INSERT INTO company(company_name, sort_no, date_added) VALUES ('".$company_name."', '".(int)$sort_no."', now())");

return mysqli_insert_id($db_conx);

}

}


function edit_company($company_name, $sort_no, $company_id){

global $db_conx;

if($company_name != "" && $company_id != ""){

$company_name = string_sanitize($company_name);

$sort_no = string_sanitize($sort_no);

mysqli_query($db_conx, "UPDATE company SET company_name = '".$company_name."', sort_no = '".(int)$sort_no."' WHERE company_id = '".(int)$company_id."'");

}

}

function get_company($company_id){

global $db_conx;

if($company_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM company WHERE company_id = '".(int)$company_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_company(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM company WHERE company_name != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function add_recharge_plan($plan_name, $plan_description, $plan_amount, $date_start){

global $db_conx;

if($plan_name != "" && $plan_description != "" && $plan_amount != ""){

$plan_name = string_sanitize($plan_name);

$plan_description = string_sanitize($plan_description);

$plan_amount = string_sanitize($plan_amount);

mysqli_query($db_conx, "INSERT INTO recharge_plans(plan_name, plan_description, plan_amount, date_start, date_added) VALUES ('".$plan_name."', '".$plan_description."', '".(int)$plan_amount."', '".$date_start."', now())");

return mysqli_insert_id($db_conx);

}

}


function edit_recharge_plan($plan_name, $plan_description, $plan_amount, $plan_id, $date_start){

global $db_conx;

if($plan_name != "" && $plan_description != "" && $plan_amount != "" && $plan_id != ""){

$plan_name = string_sanitize($plan_name);

$plan_description = string_sanitize($plan_description);

$plan_amount = string_sanitize($plan_amount);

mysqli_query($db_conx, "UPDATE recharge_plans SET plan_name = '".$plan_name."', date_start = '".$date_start."', plan_description = '".$plan_description."', plan_amount = '".(int)$plan_amount."' WHERE id = '".(int)$plan_id."'");

}

}

function get_recharge_plan($plan_id){

global $db_conx;

if($plan_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM recharge_plans WHERE id = '".(int)$plan_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_recharge_plan(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM recharge_plans WHERE plan_name != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function add_coupon($coupon_name, $coupon_code, $coupon_type, $coupon_value, $free_shipping, $date_start, $date_end){

global $db_conx;

if($coupon_name != "" && $coupon_code != ""){

$coupon_name = string_sanitize($coupon_name);

$coupon_code = string_sanitize($coupon_code);

$coupon_type = string_sanitize($coupon_type);

$coupon_value = string_sanitize($coupon_value);

$date_start = date_sanitize($date_start);

$date_end = date_sanitize($date_end);

mysqli_query($db_conx, "INSERT INTO coupon(coupon_name, coupon_code, coupon_value, coupon_type, free_shipping, date_start, date_end, date_added) VALUES ('".$coupon_name."', '".$coupon_code."', '".$coupon_value."', '".$coupon_type."', '".$free_shipping."', '".$date_start."', '".$date_end."', now())");

return mysqli_insert_id($db_conx);

}

}


function edit_coupon($coupon_name, $coupon_code, $coupon_type, $coupon_value, $free_shipping, $date_start, $date_end, $coupon_id){

global $db_conx;

if($coupon_name != "" && $coupon_code != "" && $coupon_id != ""){

$coupon_name = string_sanitize($coupon_name);

$coupon_code = string_sanitize($coupon_code);

$coupon_type = string_sanitize($coupon_type);

$coupon_value = string_sanitize($coupon_value);

$date_start = date_sanitize($date_start);

$date_end = date_sanitize($date_end);

mysqli_query($db_conx, "UPDATE coupon SET coupon_name = '".$coupon_name."', coupon_code = '".$coupon_code."', coupon_value = '".$coupon_value."', coupon_type = '".$coupon_type."', date_start = '".$date_start."', date_end = '".$date_end."', free_shipping = '".$free_shipping."' WHERE coupon_id = '".(int)$coupon_id."'");

}

}

function get_coupon($coupon_id){

global $db_conx;

if($coupon_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM coupon WHERE coupon_id = '".(int)$coupon_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_coupon(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM coupon WHERE coupon_name != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function add_currency($title, $currency_code, $symbol_left, $symbol_right){

global $db_conx;

if($title != "" && $currency_code != "" && $symbol_left != "" && $symbol_right != ""){

$title = string_sanitize($title);

$currency_code = string_sanitize($currency_code);

$symbol_left = string_sanitize($symbol_left);

$symbol_right = string_sanitize($symbol_right);

mysqli_query($db_conx, "INSERT INTO currency(title, currency_code, symbol_right, symbol_left, date_added) VALUES ('".$title."', '".$currency_code."', '".$symbol_right."', '".$symbol_left."', now())");

return mysqli_insert_id($db_conx);

}

}


function edit_currency($title, $currency_code, $symbol_left, $symbol_right, $currency_id){

global $db_conx;

if($title != "" && $currency_code != "" && $symbol_left != "" && $symbol_right != "" && $currency_id != ""){

$title = string_sanitize($title);

$currency_code = string_sanitize($currency_code);

$symbol_left = string_sanitize($symbol_left);

$symbol_right = string_sanitize($symbol_right);

mysqli_query($db_conx, "UPDATE currency SET title = '".$title."', currency_code = '".$currency_code."', symbol_right = '".$symbol_right."', symbol_left = '".$symbol_left."' WHERE currency_id = '".(int)$currency_id."'");

}

}

function get_currency($currency_id){

global $db_conx;

if($currency_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM currency WHERE currency_id = '".(int)$currency_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_currency(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM currency WHERE title != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}



function edit_customer($first_name, $last_name, $mobile_number, $email, $customer_id){

global $db_conx;

if($first_name != "" && $last_name != "" && $mobile_number != "" && $email != "" && $customer_id != ""){

$first_name = string_sanitize($first_name);

$last_name = string_sanitize($last_name);

$mobile_number = string_sanitize($mobile_number);

$email = string_sanitize($email);

mysqli_query($db_conx, "UPDATE customer SET first_name = '".$first_name."', last_name = '".$last_name."', mobile_number = '".$mobile_number."', email = '".$email."' WHERE customer_id = '".(int)$customer_id."'");

}

}

function get_customer($customer_id){

global $db_conx;

if($customer_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM customer WHERE customer_id = '".(int)$customer_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_logged_customer(){

global $db_conx;

if(!isset($_SESSION['globacom_customer']) && !isset($_SESSION['globacom_customer_password'])) return false;

$sql = "SELECT * FROM customer WHERE username = '".$_SESSION['globacom_customer']."' AND password = '".$_SESSION['globacom_customer_password']."'";

$result = mysqli_query($db_conx, $sql);

return $row[] = mysqli_fetch_assoc($result);

}


function get_all_customer(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM customer WHERE first_name != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function add_customer_address($customer_id, $address_1, $address_2, $city, $state, $country, $zip_code){

global $db_conx;

if($customer_id != "" && $address_1 != "" && $city != "" && $state != "" && $country != "" && $zip_code != ""){

$address_1 = string_sanitize($address_1);

$address_2 = string_sanitize($address_2);

$city = string_sanitize($city);

$state = string_sanitize($state);

$country = string_sanitize($country);

$zip_code = string_sanitize($zip_code);

mysqli_query($db_conx, "INSERT INTO customer_address(customer_id, address_1, address_2, city, state, country, zip_code) VALUES ('".(int)$customer_id."', '".$address_1."', '".$address_2."', '".$city."', '".$state."', '".$country."', '".(int)$zip_code."')");


}

}


function edit_customer_address($customer_id, $address_1, $address_2, $city, $state, $country, $zip_code){

global $db_conx;

if($customer_id != "" && $address_1 != "" && $city != "" && $state != "" && $country != "" && $zip_code != ""){

$address_1 = string_sanitize($address_1);

$address_2 = string_sanitize($address_2);

$city = string_sanitize($city);

$state = string_sanitize($state);

$country = string_sanitize($country);

$zip_code = string_sanitize($zip_code);

return $editaddress = mysqli_query($db_conx, "UPDATE customer_address SET address_1 = '".$address_1."', address_2 = '".$address_2."', city = '".$city."', state = '".$state."', country = '".$country."', zip_code = '".$zip_code."' WHERE customer_id = '".(int)$customer_id."'");

}

}

function cardsave($customer_id, $cardnumber, $cardtype, $expirydate, $cvv, $nameoncard){

global $db_conx;

if($customer_id != "" && $cardnumber != "" && $cardtype != "" && $expirydate != "" && $cvv != "" && $nameoncard != ""){

$cardnumber = string_sanitize($cardnumber);

$cardtype = string_sanitize($cardtype);

$expirydate = string_sanitize($expirydate);

$cvv = string_sanitize($cvv);

$nameoncard = string_sanitize($nameoncard);

$update = "UPDATE card_details SET card_type = '".$cardtype."', card_number = '".$cardnumber."', expiry_date = '".$expirydate."', cvv = '".$cvv."', name_on_card = '".$nameoncard."' WHERE customer_id = '".(int)$customer_id."'";

mysqli_query($db_conx, $update);


//mysqli_query($db_conx, "INSERT INTO card_details(customer_id, card_type, card_number, expiry_date, cvv, name_on_card) VALUES ('".(int)$customer_id."', '".$cardtype."', '".$cardnumber."', '".$expirydate."', '".$cvv."', '".$nameoncard."')");

}

}


function get_customer_address($customer_id){

global $db_conx;

if($customer_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM customer_address WHERE customer_id = '".(int)$customer_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}

function get_card_details($customer_id){

global $db_conx;

if($customer_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM card_details WHERE customer_id = '".(int)$customer_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function add_product($product_name, $product_description, $discription, $product_length, $product_max_weight, $product_price5,$product_price10, $product_price15, $product_price25, $product_price50, $product_price100, $product_price, $tax_id, $product_status, $category_id, $subcatagory_id, $supersubcatagory_id, $product_test, $product_width, $product_height, $bundle, $special_offer, $shipping_id = ""){

global $db_conx;

//echo "<script type=\"text/javascript\">alert('submit clicked');</script>";

if($product_name !== "" && $category_id !== "")

{

$product_name = string_sanitize($product_name);

$product_name = strtolower($product_name);

$product_test = string_sanitize($product_test);

$alias = get_alias($product_name);

$table_name = 'product';

$alias_final = check_alias($table_name, $alias);


$sql = "INSERT INTO product(product_name, product_description, discription,product_length, product_max_weight, product_price5, product_price25, product_price100, category_id, shipping_id, price, tax_id, status, date_added, sub_category_id, supersubcategory_id, alias, test, product_width, product_height, bundle, product_price10, product_price15, product_price50, special_offer) VALUES('".$product_name."', '".$product_description."', '".$discription."', '".$product_length."', '".$product_max_weight."', '".$product_price5."', '".$product_price25."', '".$product_price100."', '".$category_id."', '".$shipping_id."', '".$product_price."' , '".$tax_id."', '".(int)$product_status."', now(), '".$subcatagory_id."', '".$supersubcatagory_id."', '".$alias_final."', '".$product_test."', '".$product_width."', '".$product_height."', '".$bundle."', '".$product_price10."', '".$product_price15."', '".$product_price50."', '".$special_offer."')" ;


$insertproduct = mysqli_query($db_conx, $sql);

$inserted_product = mysqli_insert_id($db_conx);


$check_category_qty = mysqli_query($db_conx, "SELECT category_id FROM category WHERE category_id = '".(int)$category_id."' AND qty_type = ''");

if(mysqli_num_rows($check_category_qty) == 1){


$insert_qty_array = array();

if($product_price5 != 0){

array_push($insert_qty_array, 5);

}

if($product_price10 != 0){

array_push($insert_qty_array, 10);

}

if($product_price15 != 0){

array_push($insert_qty_array, 15);

}

if($product_price25 != 0){

array_push($insert_qty_array, 25);

}

if($product_price50 != 0){

array_push($insert_qty_array, 50);

}

if($product_price100 != 0){

array_push($insert_qty_array, 100);

}


$new_array_qty = implode(',',$insert_qty_array);


mysqli_query($db_conx, "UPDATE category SET qty_type = '".$new_array_qty."' WHERE category_id = '".(int)$category_id."'");

}

return $inserted_product;

}

else{

//echo "<script type=\"text/javascript\">alert('No data for submit');</script>";

return $error = 'No data for submit';

}

}


function edit_product($product_name, $product_description, $discription, $product_length, $product_max_weight, $product_price5, $product_price25, $product_price100, $price, $tax_id, $product_status, $product_id, $category_id, $subcatagory_id, $supersubcatagory_id, $product_test, $product_width, $product_height, $bundle, $product_price10, $product_price15, $product_price50, $special_offer){

global $db_conx;

if($product_name != "" && $price != "" && $product_id != ""){

$product_name = string_sanitize($product_name);

$product_name = strtolower($product_name);

//$product_test = string_sanitize($product_test);

//$alias = str_replace(array(':', '\\', '/','--','_', '__', '*', ' ', '+', '!', '=', '(', ')', '&', '%', '"'), '-', $product_name);

//$product_code = string_sanitize($product_code);

$alias = get_alias($product_name);

$table_name = 'product';

$alias_final = check_alias($table_name, $alias);

$price = string_sanitize($price);

$sql = "UPDATE product SET product_name = '".$product_name."', product_description = '".$product_description."', discription = '".$discription."', product_length = '".$product_length."',product_max_weight = '".$product_max_weight."', product_price5 = '".$product_price5."',product_price25 = '".$product_price25."', product_price100 = '".$product_price100."', category_id = '".(int)$category_id."', sub_category_id = '".(int)$subcatagory_id."', supersubcategory_id = '".(int)$supersubcatagory_id."', price = '".$price."', tax_id = '".(int)$tax_id."', status = '".(int)$product_status."', alias = '".$alias_final."', test = '".$product_test."', product_width = '".$product_width."', product_height = '".$product_height."', bundle = '".$bundle."', product_price10 = '".$product_price10."', product_price15 = '".$product_price15."', product_price50 = '".$product_price50."', special_offer = '".$special_offer."'  WHERE product_id = '".(int)$product_id."'";

return $update = mysqli_query($db_conx, $sql);

/*if ($update === TRUE)

{

//echo "<script type=\"text/javascript\">alert('Product Updated');</script>";

return TRUE;

}

else

{

echo "<script type=\"text/javascript\">alert('Error');</script>";

}*/

}

}

function get_product($product_id){

global $db_conx;

if($product_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM product WHERE product_id = '".(int)$product_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_product(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM product WHERE product_name != '' ORDER BY  product_id DESC");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_all_blogposts(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM blog ORDER BY id DESC");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_last_quantity(){

global $db_conx;

$ret = array();


$select = mysqli_query($db_conx,"SELECT * FROM product ORDER BY product_id DESC LIMIT 1 ");

$row = mysqli_fetch_assoc($select);

$ret = $row['quantity'];

return $ret;

}


function get_last_bundle(){

global $db_conx;

$ret = array();


$select = mysqli_query($db_conx,"SELECT * FROM product ORDER BY product_id DESC LIMIT 1 ");

$row = mysqli_fetch_assoc($select);

$ret = $row['bundle'];

return $ret;

}


function get_product_image_cover($product_id){

global $db_conx;

$select = mysqli_query($db_conx, "SELECT image_name FROM product_image WHERE product_id = '".(int)$product_id."' AND image_name != '' AND cover = '1' ORDER BY product_id ASC LIMIT 1");

if(mysqli_num_rows($select)==0){

$select2 = mysqli_query($db_conx, "SELECT image_name FROM product_image WHERE product_id = '".(int)$product_id."' AND image_name != '' ORDER BY product_id ASC LIMIT 1");

$row2 = mysqli_fetch_assoc($select2);

return $row2['image_name'];

}elseif(mysqli_num_rows($select)==1){

$row = mysqli_fetch_assoc($select);

return $row['image_name'];

}else{

return 0;

}

}


function get_all_product_image($product_id){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM product_image WHERE product_id = '".(int)$product_id."' AND image_name != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function add_product_discount($product_id, $quantity, $price, $date_start, $date_end){

global $db_conx;

if($product_id != "" && $quantity != "" && $price != "" && $date_start != "" && $date_end != ""){

$quantity = string_sanitize($quantity);

$price = string_sanitize($price);

$date_start = date_sanitize($tax_id);

$date_end = date_sanitize($date_available);

mysqli_query($db_conx, "INSERT INTO product_discount(product_id, quantity, price, date_start, date_end, date_added) VALUES ('".(int)$product_id."', '".$quantity."', '".$price."', '".$date_start."', '".$date_end."', now())");

}

}


function edit_product_discount($product_id, $quantity, $price, $date_start, $date_end, $discount_id){

global $db_conx;

if($product_id != "" && $quantity != "" && $price != "" && $date_start != "" && $date_end != "" && $discount_id != ""){

$quantity = string_sanitize($quantity);

$price = string_sanitize($price);

$date_start = date_sanitize($tax_id);

$date_end = date_sanitize($date_available);

mysqli_query($db_conx, "UPDATE product_discount SET product_id = '".(int)$product_id."', quantity = '".$quantity."', price = '".$price."', date_start = '".$date_start."', date_end = '".$date_end."' WHERE discount_id = '".(int)$discount_id."'");

}

}

function get_product_discount($discount_id){

global $db_conx;

if($discount_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM product_discount WHERE discount_id = '".(int)$discount_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_product_discount($product_id){

global $db_conx;

$ret = array();

if($product_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM product_discount WHERE product_id = '".(int)$product_id."'");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

}


function add_shipping($shipping_type, $shipping_rate){

global $db_conx;

if($shipping_type != "" && $shipping_rate != ""){

$shipping_type = string_sanitize($shipping_type);

$shipping_rate = string_sanitize($shipping_rate);

mysqli_query($db_conx, "INSERT INTO shipping(shipping_type, shipping_rate, date_added) VALUES ('".$shipping_type."', '".$shipping_rate."', now())");

}

}


function edit_shipping($shipping_type, $shipping_rate, $shipping_id){

global $db_conx;

if($shipping_type != "" && $shipping_rate != "" && $shipping_id != ""){

$shipping_type = string_sanitize($shipping_type);

$shipping_rate = string_sanitize($shipping_rate);

mysqli_query($db_conx, "UPDATE shipping SET shipping_type = '".$shipping_type."', shipping_rate = '".$shipping_rate."' WHERE shipping_id = '".(int)$shipping_id."'");

}

}

function get_shipping($shipping_id){

global $db_conx;

if($shipping_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM shipping WHERE shipping_id = '".(int)$shipping_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_shipping(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM shipping WHERE shipping_type != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function add_tax($tax_name, $tax_rate){

global $db_conx;

if($tax_name != "" && $tax_rate != ""){

$tax_name = string_sanitize($tax_name);

$tax_rate = string_sanitize($tax_rate);

mysqli_query($db_conx, "INSERT INTO tax(tax_name, tax_rate, date_added) VALUES ('".$tax_name."', '".$tax_rate."', now())");

return mysqli_insert_id($db_conx);

}

}


function edit_tax($tax_name, $tax_rate, $tax_id){

global $db_conx;

if($tax_name != "" && $tax_rate != "" && $tax_id != ""){

$tax_name = string_sanitize($tax_name);

$tax_rate = string_sanitize($tax_rate);

mysqli_query($db_conx, "UPDATE tax SET tax_name = '".$tax_name."', tax_rate = '".$tax_rate."' WHERE tax_id = '".(int)$tax_id."'");

}

}

function get_tax($tax_id){

global $db_conx;

if($tax_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM tax WHERE tax_id = '".(int)$tax_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_tax(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM tax WHERE tax_name != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function add_user($username, $password, $first_name, $last_name, $email, $user_group_id){

global $db_conx;

if($username != "" && $password != "" && $first_name != "" && $last_name != "" && $user_group_id != "" && $email != ""){

$username = string_sanitize($username);

$password = string_sanitize($password);

$first_name = string_sanitize($first_name);

$last_name = string_sanitize($last_name);

$email = string_sanitize($email);

mysqli_query($db_conx, "INSERT INTO user(username, password, first_name, last_name, user_group_id, email, date_added) VALUES ('".$username."', '".$password."', '".$first_name."', '".$last_name."', '".(int)$user_group_id."', '".$email."', now())");

}

}


function edit_user($first_name, $last_name, $email, $user_group_id, $user_id){

global $db_conx;

if($first_name != "" && $last_name != "" && $user_group_id != "" && $email != "" && $user_id != ""){

$first_name = string_sanitize($first_name);

$last_name = string_sanitize($last_name);

$email = string_sanitize($email);

mysqli_query($db_conx, "UPDATE user SET first_name = '".$first_name."', last_name = '".$last_name."', user_group_id = '".(int)$user_group_id."', email = '".$email."' WHERE id = '".(int)$user_id."'");

}

}

function edit_shipping_credentials($ups_accesskey, $ups_username, $ups_password, $ups_id){

global $db_conx;

if($ups_accesskey != "" && $ups_username != ""  && $ups_password != "" && $ups_id != ""){

$ups_accesskey = string_sanitize($ups_accesskey);

$ups_username = string_sanitize($ups_username);

$ups_password = string_sanitize($ups_password);

mysqli_query($db_conx, "UPDATE ups_shipping_credentials SET ups_accesskey = '".$ups_accesskey."', ups_username = '".$ups_username."', ups_password = '".$ups_password."' WHERE ups_id = '".(int)$ups_id."'");

}

}


function edit_authorize_credentials($auth_apikey, $auth_transactionkey, $auth_id){

global $db_conx;

if($auth_apikey != "" && $auth_transactionkey != ""  && $auth_id != ""){

$auth_apikey = string_sanitize($auth_apikey);

$auth_transactionkey = string_sanitize($auth_transactionkey);

$auth_id = string_sanitize($auth_id);

mysqli_query($db_conx, "UPDATE authorize_setting SET api_login_key = '".$auth_apikey."', transactionkey = '".$auth_transactionkey."' WHERE authorize_id = '".(int)$auth_id."'");

}

}


function add_user_group($group_name, $permission){

global $db_conx;

if($group_name != "" && $permission){

$group_name = string_sanitize($group_name);

$permission = string_sanitize($permission);

mysqli_query($db_conx, "INSERT INTO user_group(group_name, permission) VALUES ('".$group_name."', '".$permission."')");

}

}


function edit_user_group($group_name, $permission, $user_group_id){

global $db_conx;

if($group_name != "" && $permission != "" && $user_group_id != ""){

$group_name = string_sanitize($group_name);

$permission = string_sanitize($permission);

mysqli_query($db_conx, "UPDATE user_group SET group_name = '".$group_name."', permission = '".$permission."' WHERE user_group_id = '".(int)$user_group_id."'");

}

}


function get_user_group($user_group_id){

global $db_conx;

if($user_group_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM user_group WHERE user_group_id = '".(int)$user_group_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}

function get_all_user_group(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM user_group WHERE group_name != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_recharge_order($recharge_order_id){

global $db_conx;

if($recharge_order_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM recharge_order WHERE recharge_order_id = '".(int)$recharge_order_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_recharge_order(){

global $db_conx;


$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM recharge_order WHERE transaction_id != 0 AND amount != 0 AND gtpay_tranx_status != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_product_order($product_order_id){

global $db_conx;

if($product_order_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM product_order WHERE product_order_id = '".(int)$product_order_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}


function get_all_product_order(){

global $db_conx;

$ret = array();

//$select = mysqli_query($db_conx, "SELECT * FROM product_order WHERE transaction_id != '0' AND order_total != '0' AND gtpay_tranx_status != ''");

$select = mysqli_query($db_conx, "SELECT * FROM product_order WHERE order_total != '0'");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_product_order_detail($product_order_id){

global $db_conx;

if($product_order_id != ""){

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM product_order_detail WHERE product_order_id = '".(int)$product_order_id."'");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

}


function get_product_order_history($product_order_id){

global $db_conx;

if($product_order_id != ""){

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM product_order_history WHERE product_order_id = '".(int)$product_order_id."'");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

}


function add_order_status($order_status_id, $order_comment, $product_order_id){

global $db_conx;

if($order_status_id != "" && $product_order_id != ""){

$order_comment = string_sanitize($order_comment);

$order_status_date = date("Y-m-d h:i:s");

$order_status_mydate = get_mydate($order_status_date);

if($order_status_id == 3){

$get_product_id = mysqli_query($db_conx, "SELECT product_id, quantity FROM product_order_detail WHERE product_order_id = '".$product_order_id."' AND quantity != '0'");

while($row_product_id = mysqli_fetch_assoc($get_product_id))

{

$product_id = $row_product_id['product_id'];

$quantity = $row_product_id['quantity'];

mysqli_query($db_conx, "UPDATE product SET quantity = quantity - '".$quantity."' WHERE product_id = '".$product_id."'");

}

}

mysqli_query($db_conx, "UPDATE product_order SET order_status_id = '".(int)$order_status_id."' WHERE product_order_id = '".(int)$product_order_id."'");

mysqli_query($db_conx, "INSERT INTO product_order_history(product_order_id, comment, order_status_id, date_added) VALUES ('".(int)$product_order_id."', '".$order_comment."', '".(int)$order_status_id."', '".$order_status_date."')");

return $order_status_mydate;

}

}


function username_exists($username){

global $db_conx;


if($username != ""){

$sql = mysqli_query($db_conx, "SELECT customer_id FROM customer WHERE username = '".$username."'");

if(mysqli_num_rows($sql)>=1){

return true;

}else{

return false;

}

}

else

{

return true;

}

}

function email_exists($email){

global $db_conx;


if($email != ""){

$sql = mysqli_query($db_conx, "SELECT customer_id FROM customer WHERE email = '".$email."'");

if(mysqli_num_rows($sql)>=1){

return true;

}else{

return false;

}

}

else

{

return true;

}

}

function validateEmail($email){

if(!filter_var($email, FILTER_VALIDATE_EMAIL)){

return false;

}

else

{

return true;

}

}

/*function send_email($customer_id, $subject){

global $db_conx;

if($customer_id != ""){

$sql = mysqli_query($db_conx, "SELECT email, first_name FROM customer WHERE customer_id = '".(int)$customer_id."'");

$row = mysqli_fetch_assoc($sql);

$to = $row['email'];

$from = "info@globacom.com";

$subject = $subject;

$message = '<!DOCTYPE html>

<html>

<head><meta charset="UTF-8">

<title>Message</title>

</head>

<body style="margin:0px; font-family:Tahoma, Geneva, sans-serif;">

<div style="padding:10px; background:#333; font-size:24px; color:#CCC;">

<div style="padding:24px; font-size:17px;">

Hello '. $row['fist_name'] .',<br /><br />

</div>

</div>

</body>

</html>';

$headers = "From: Globacom\n";

$headers .= "MIME-Version: 1.0\n";

$headers .= "Content-type: text/html; charset=iso-8859-1\n";

mail($to, $subject, $message, $headers);

}

}*/

function add_product_review($product_id, $customer_id, $review, $rating){

global $db_conx;

if($product_id != "" && $customer_id != "" && $review != "" && $rating != ""){

$review = string_sanitize($review);

mysqli_query($db_conx, "INSERT INTO product_review(product_id, customer_id, review, rating, date_added) VALUES ('".(int)$product_id."', '".(int)$customer_id."', '".$review."', '".(int)$rating."', now())");

}

}

function edit_product_review($review, $rating, $review_id){

global $db_conx;

if($review != "" && $rating != "" && $review_id != ""){

$review = string_sanitize($review);

mysqli_query($db_conx, "UPDATE product_review SET review = '".$review."', rating = '".(int)$rating."' WHERE product_review_id = '".(int)$review_id."'");

}

}

function get_all_product_review($product_id){

global $db_conx;

$ret = array();

if($product_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM product_review WHERE product_id = '".(int)$product_id."' ORDER BY date_added DESC");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

}


function get_all_review(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM product_review");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function add_banned_ip($ip_address){

global $db_conx;

if($ip_address != ""){

$ip_address = string_sanitize($ip_address);

mysqli_query($db_conx, "INSERT INTO banned_ip(ip_address, date_added) VALUES ('".$ip_address."', now())");

}

}


function get_banned_ip(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM banned_ip");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function calculate_average_review($product_id){

global $db_conx;


if($product_id != ""){

$select_ratings = mysqli_query($db_conx, "SELECT SUM(rating) total_rating, COUNT(*) total_reviews FROM product_review WHERE product_id = '".(int)$product_id."'");

$get_ratings = mysqli_fetch_assoc($select_ratings);

$total_ratings = $get_ratings['total_rating'];

$total_reviews = $get_ratings['total_reviews'];

if($total_reviews != 0){

return $average = $total_ratings / $total_reviews;

}else{

return 0;

}

}

}


function track_product_view($product_id){

global $db_conx;


if($product_id != ""){

$robots = array(

'googlebot' => 'Googlebot',

'Googlebot-Image' => 'Googlebot Image',

'msnbot' => 'MSNBot',

'bingbot' => 'BingBot',

'slurp' => 'Inktomi Slurp',

'yahoo' => 'Yahoo',

'askjeeves' => 'AskJeeves',

'fastcrawler' => 'FastCrawler',

'infoseek' => 'InfoSeek Robot 1.0',

'lycos' => 'Lycos',

'facebookexternalhit' => 'facebook'

);


$ip_address = $_SERVER['REMOTE_ADDR'];

$agent = @$_SERVER['HTTP_USER_AGENT'];

$robot = '';

$referrer = @$_SERVER['HTTP_REFERER'];

$sql = mysqli_query($db_conx,"SELECT product_view_id FROM product_view WHERE ip_address = '".$ip_address."' AND date_added >= '".date('Y-m-d H:i:s', time()-24*60*60)."'");

if(mysqli_num_rows($sql)==1){

return false;

}

foreach($robots as $key => $val){

if (preg_match("|".preg_quote($key)."|i", $agent))

{

$robot = $val;

break;

}

}

mysqli_query($db_conx,"INSERT INTO product_view(

product_id,

ip_address,

agent,

robot,

referrer,

date_added

) VALUES (

'" .(int)$product_id. "',

'" .$ip_address. "',

'" .$agent. "',

'" .$robot. "',

'" .$referrer. "',

now()

)");

mysqli_query($db_conx, "UPDATE product SET viewed = viewed + 1 WHERE product_id = '" . (int)$product_id . "'");

}

}


function track_web_view(){

global $db_conx;


$robots = array(

'googlebot' => 'Googlebot',

'Googlebot-Image' => 'Googlebot Image',

'msnbot' => 'MSNBot',

'bingbot' => 'BingBot',

'slurp' => 'Inktomi Slurp',

'yahoo' => 'Yahoo',

'askjeeves' => 'AskJeeves',

'fastcrawler' => 'FastCrawler',

'infoseek' => 'InfoSeek Robot 1.0',

'lycos' => 'Lycos',

'facebookexternalhit' => 'facebook'

);


$ip_address = $_SERVER['REMOTE_ADDR'];

$agent = @$_SERVER['HTTP_USER_AGENT'];

$robot = '';

$referrer = @$_SERVER['HTTP_REFERER'];

$sql = mysqli_query($db_conx,"SELECT web_view_id FROM web_view WHERE ip_address = '".$ip_address."' AND date_added >= '".date('Y-m-d H:i:s', time()-24*60*60)."'");

if(mysqli_num_rows($sql)==1){

return false;

}

foreach ($robots as $key => $val){

if (preg_match("|".preg_quote($key)."|i", $agent)){

$robot = $val;

break;

}

}

mysqli_query($db_conx,"INSERT INTO web_view(

ip_address,

agent,

robot,

referrer,

date_added

) VALUES (

'" .$ip_address. "',

'" .$agent. "',

'" .$robot. "',

'" .$referrer. "',

now()

)");

}

function track_blog_view($blog_id){

global $db_conx;


if($blog_id != ""){

$robots = array(

'googlebot' => 'Googlebot',

'Googlebot-Image' => 'Googlebot Image',

'msnbot' => 'MSNBot',

'bingbot' => 'BingBot',

'slurp' => 'Inktomi Slurp',

'yahoo' => 'Yahoo',

'askjeeves' => 'AskJeeves',

'fastcrawler' => 'FastCrawler',

'infoseek' => 'InfoSeek Robot 1.0',

'lycos' => 'Lycos',

'facebookexternalhit' => 'facebook'

);


$ip_address = $_SERVER['REMOTE_ADDR'];

$agent = @$_SERVER['HTTP_USER_AGENT'];

$robot = '';

$referrer = @$_SERVER['HTTP_REFERER'];


$sql = mysqli_query($db_conx,"SELECT blog_id FROM blog_view WHERE ip_address = '".$ip_address."' AND date_added >= '".date('Y-m-d H:i:s', time()-24*60*60)."'");

if(mysqli_num_rows($sql)==1){

return false;

}

foreach($robots as $key => $val){

if (preg_match("|".preg_quote($key)."|i", $agent))

{

$robot = $val;

break;

}

}


$sqlblogview = "INSERT INTO blog_view(blog_id,ip_address,agent,robot,referrer,date_added) VALUES ('" .(int)$blog_id. "','" .$ip_address. "','" .$agent. "', '" .$robot. "', '" .$referrer. "', now()

)" ;

mysqli_query($db_conx,$sqlblogview);

mysqli_query($db_conx, "UPDATE blog SET viewed = viewed + 1 WHERE id = '" . (int)$blog_id . "'");

}

}

function get_total_visitors(){

global $db_conx;

$sql = mysqli_query($db_conx,"SELECT web_view_id FROM web_view WHERE ip_address != ''");

return mysqli_num_rows($sql);

}


function get_total_product_orders(){

global $db_conx;

$sql = mysqli_query($db_conx,"SELECT product_order_id FROM product_order WHERE transaction_id != '0' AND order_total != '0' AND customer_id != '0' AND gtpay_tranx_status != ''");

return mysqli_num_rows($sql);

}


function get_total_reviews(){

global $db_conx;

$sql = mysqli_query($db_conx,"SELECT product_review_id FROM product_review WHERE product_id != '0' AND customer_id != '0'");

return mysqli_num_rows($sql);

}


function get_total_customers(){

global $db_conx;

$sql = mysqli_query($db_conx,"SELECT customer_id FROM customer WHERE first_name != ''");

return mysqli_num_rows($sql);

}


function get_total_recharges(){

global $db_conx;

$sql = mysqli_query($db_conx,"SELECT recharge_order_id FROM recharge_order WHERE transaction_id != '0' AND amount != '0' AND customer_id != '0' AND gtpay_tranx_status != ''");

return mysqli_num_rows($sql);

}

function get_mydate($date_provided){

if($date_provided != ""){

return date('d M Y',strtotime($date_provided));

}

}

function removeqsvar($url, $varname){

list($urlpart, $qspart) = array_pad(explode('?', $url), 2, '');

parse_str($qspart, $qsvars);

unset($qsvars[$varname]);

$newqs = http_build_query($qsvars);

return $urlpart . '?' . $newqs;

}


function get_pagination($per_page_entry = 4, $total_entry){

$new_url =  $_SERVER["PHP_SELF"];

$page_url = removeqsvar($new_url,"page");

$total_pages = ceil($total_entry/$per_page_entry);

if(isset($_GET["page"])){

$previous_page = string_sanitize($_GET["page"]) - 1;

$current_page = string_sanitize($_GET["page"]);

$next_page = string_sanitize($_GET["page"]) + 1;

}

else

{

$previous_page = 0;

$current_page = 1;

$next_page = 2;

}

if($total_pages>1){

$ret = "<ul>";

if($previous_page != 0){

$ret .= "<li><a href='".$page_url."&page=".$previous_page."'>Previous Page</a></li>";

}

for($i=1;$i<=$total_pages;$i++){

if($current_page==$i)

{

$ret .= "<li class='active'><a>".$i."</a></li>";

}

else

{

$ret .= "<li><a href='".$page_url."&page=".$i."'>".$i."</a></li>";

}

}

if($next_page <= $total_pages){

$ret .= "<li><a href='".$page_url."&page=".$next_page."'>Next Page</a></li>";

}

return $ret .= "</ul>";

}

}

function insertdata($data = array(), $table_name){

global $db_conx;


if(!empty($data)){

$fieldList = array();

$valueList = array();


foreach($data as $field => $value){

$fieldList[] = $field;

$valueList[] = "'".string_sanitize($value)."'";

}


$fields = implode(', ', $fieldList);

$values = implode(', ', $valueList);


mysqli_query($db_conx, "INSERT INTO ".$table_name." (".$fields.") VALUES (".$values.")");

}

}


function updatedata($data = array(), $table_name, $where){

global $db_conx;


if(!empty($data) && !empty($where)){

$editlist = array();

$wherelist = array();


foreach($data as $field => $value){

$value = "'".string_sanitize($value)."'";

$editlist[] = $field.' = '.$value;

}


$editlist = implode(', ', $editlist);


foreach($where as $where_field => $where_value){

$where_value = "'".string_sanitize($where_value)."'";

$wherelist[] = $where_field.' = '.$where_value;

}


$wherelist = implode(' AND ', $wherelist);

mysqli_query($db_conx, "UPDATE ".$table_name." SET ".$editlist." WHERE ".$wherelist);

}

}


function selectdata($table_name, $where){

global $db_conx;

$ret = array();

if(!empty($table_name) && !empty($where)){

$wherelist = array();

foreach($where as $where_field => $where_value){

$where_value = "'".string_sanitize($where_value)."'";

$wherelist[] = $where_field.' = '.$where_value;

}


$wherelist = implode(' AND ', $wherelist);

$select = mysqli_query($db_conx, "SELECT * FROM ".$table_name." WHERE ".$wherelist);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

elseif(!empty($table_name) && empty($where)){

$select = mysqli_query($db_conx, "SELECT * FROM ".$table_name);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

}

function deletedata($table_name, $where){

global $db_conx;


if(!empty($table_name) && !empty($where)){

$wherelist = array();

foreach($where as $where_field => $where_value){

$where_value = "'".string_sanitize($where_value)."'";

$wherelist[] = $where_field.' = '.$where_value;

}


$wherelist = implode(' AND ', $wherelist);

mysqli_query($db_conx, "UPDATE ".$table_name." SET status = '1' WHERE ".$wherelist);

}

}

function link_breadcrumbs($separator = ' &raquo; ', $home = 'Home'){

$path = array_filter(explode('/', parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)));

$base = (@$_SERVER['HTTPS'] ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . '/';

$breadcrumbs = array("<a href=\"$base\">$home</a>");

$last = end((array_keys($path)));

foreach ($path AS $x => $crumb){

$title = ucwords(str_replace(array('.php', '_'), array('', ' '), $crumb));

if($x != $last){

$breadcrumbs[] = "<a href=\"$base$crumb\">$title</a>";

}

else{

$breadcrumbs[] = $title;

}

}

return implode($separator, $breadcrumbs);

}

function get_sha512_hash($string){

return hash("sha512",($string));

}

function gtpay_gateway_sha512_hash($transaction_id, $transaction_amount){

$hash_string = "D3D1D05AFE42AD50818167EAC73C109168A0F108F32645C8B59E897FA930DA44F9230910DAC9E20641823799A107A02068F7BC0F4CC41D2952E249552255710F";

$gtpay_tranx_noti_url = "http://jdlabs.in/online-recharge-orderconfirm.php";

return get_sha512_hash($transaction_id.$transaction_amount.$gtpay_tranx_noti_url.$hash_string);

}


function gtpay_gateway_sha512_hash2($transaction_id, $transaction_amount){

$hash_string = "D3D1D05AFE42AD50818167EAC73C109168A0F108F32645C8B59E897FA930DA44F9230910DAC9E20641823799A107A02068F7BC0F4CC41D2952E249552255710F";

$gtpay_tranx_noti_url = "http://jdlabs.in/product_orderconfirm.php";

return get_sha512_hash($transaction_id.$transaction_amount.$gtpay_tranx_noti_url.$hash_string);

}


//track_web_view();

function add_country_code($country, $country_code, $ip_address){

global $db_conx;

if($country != "" && $country_code != "" && $ip_address != ""){

$country = string_sanitize($country);

$country_code = string_sanitize($country_code);

$ip_address = string_sanitize($ip_address);

mysqli_query($db_conx, "INSERT INTO country_code(country, country_code, ip_address, date_added) VALUES ('".$country."', '".$country_code."', '".$ip_address."', now())");

}

}

function edit_country_code($country, $country_code, $ip_address, $country_code_id){

global $db_conx;

if($country != "" && $country_code != "" && $ip_address != "" && $country_code_id != ""){

$country = string_sanitize($country);

$country_code = string_sanitize($country_code);

$ip_address = string_sanitize($ip_address);

mysqli_query($db_conx, "UPDATE country_code SET country = '".$country."', country_code = '".$country_code."', ip_address = '".$ip_address."' WHERE id = '".(int)$country_code_id."'");

}

}

function get_all_country_code(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM country_code WHERE country != '' AND country_code != '' AND ip_address != ''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function get_product_image($catid){

global $db_conx;

if($catid != ""){

$select = mysqli_query($db_conx, "SELECT * FROM product_image WHERE product_id = '".(int)$catid."'");

return $row[] = mysqli_fetch_assoc($select);

}

}

function get_customer_details($customer_id)

{

global $db_conx;

if($customer_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM customer WHERE customer_id = '".(int)$customer_id."'");

return $row[] = mysqli_fetch_assoc($select);

}

}

function update_customer($customer_id,$firstname,$lastname,$contactnumber,$email,$password)

{

global $db_conx;

$firstname = string_sanitize($firstname);

$lastname = string_sanitize($lastname);

$contactnumber = string_sanitize($contactnumber);

$email = string_sanitize($email);

$password = string_sanitize($password);

if($customer_id != "" && $firstname != ""  && $lastname != ""  && $contactnumber != ""  && $email != ""  && $password != "" )

{

return $update = mysqli_query($db_conx, "UPDATE customer SET first_name = '".$firstname."', last_name = '".$lastname."', mobile_number = '".$contactnumber."', email = '".$email."', password = '".$password."' WHERE customer_id = '".(int)$customer_id."'");

/*if ($update === TRUE) return true;

else false;*/

}

}



//for gernrate token

function get_alphanumeric(){return substr(md5(mt_rand().time()),0,20);}

function run_code()

{

global $db_conx;

$temp_token = get_alphanumeric();

$sql51 = "select token from customer WHERE token = '".$temp_token."'";

$result51 = mysqli_query($db_conx,$sql51);

if(mysqli_num_rows($result51) >= 1)

{

run_code();

}

else

{

return $temp_token;

}

}


function get_product_qty_type($product_sql = '', $product_id = ''){

global $db_conx;


$qty_array = array();


if($product_sql !== ''){

$selected_product_result = mysqli_query($db_conx, $product_sql);

$new_result = mysqli_fetch_assoc($selected_product_result);

    $q1 = 0;

    $q2 = 0;

    $q3 = 0;


    if($new_result['product_price5'] != 0){

        $q1 = 5;

    }


    if($new_result['product_price10'] != 0 && $q1 == 0){

        $q1 = 10;

    }elseif($new_result['product_price10'] != 0 && $q1 != 0){

        $q2 = 10;

    }


    if($new_result['product_price15'] != 0 && $q1 == 0){

        $q1 = 15;

    }elseif($new_result['product_price10'] != 0 && $q1 != 0 && $q2 == 0){

        $q2 = 15;

    }elseif($new_result['product_price10'] != 0 && $q1 != 0 && $q2 != 0){

        $q3 = 15;

    }


    if($new_result['product_price25'] != 0 && $q1 == 0){

        $q1 = 25;

    }elseif($new_result['product_price25'] != 0 && $q1 != 0 && $q2 == 0){

        $q2 = 25;

    }elseif($new_result['product_price25'] != 0 && $q1 != 0 && $q2 != 0){

        $q3 = 25;

    }


    if($new_result['product_price50'] != 0 && $q1 == 0){

        $q1 = 50;

    }elseif($new_result['product_price50'] != 0 && $q1 != 0 && $q2 == 0){

        $q2 = 50;

    }elseif($new_result['product_price50'] != 0 && $q1 != 0 && $q2 != 0){

        $q3 = 50;

    }


    if($new_result['product_price100'] != 0 && $q1 == 0){

        $q1 = 100;

    }elseif($new_result['product_price100'] != 0 && $q1 != 0 && $q2 == 0){

        $q2 = 100;

    }elseif($new_result['product_price100'] != 0 && $q1 != 0 && $q2 != 0){

        $q3 = 100;

    }


    $qty_array[] = $q1;

    $qty_array[] = $q2;

    $qty_array[] = $q3;

}else{

$product_sql = "SELECT * FROM product WHERE product_id = '".(int)$product_id."'";

$selected_product_result = mysqli_query($db_conx, $product_sql);

$new_result = mysqli_fetch_assoc($selected_product_result);

    $q1 = 0;

    $q2 = 0;

    $q3 = 0;


    if($new_result['product_price5'] != 0){

        $q1 = 5;

    }


    if($new_result['product_price10'] != 0 && $q1 == 0){

        $q1 = 10;

    }elseif($new_result['product_price10'] != 0 && $q1 != 0){

        $q2 = 10;

    }


    if($new_result['product_price15'] != 0 && $q1 == 0){

        $q1 = 15;

    }elseif($new_result['product_price10'] != 0 && $q1 != 0 && $q2 == 0){

        $q2 = 15;

    }elseif($new_result['product_price10'] != 0 && $q1 != 0 && $q2 != 0){

        $q3 = 15;

    }


    if($new_result['product_price25'] != 0 && $q1 == 0){

        $q1 = 25;

    }elseif($new_result['product_price25'] != 0 && $q1 != 0 && $q2 == 0){

        $q2 = 25;

    }elseif($new_result['product_price25'] != 0 && $q1 != 0 && $q2 != 0){

        $q3 = 25;

    }


    if($new_result['product_price50'] != 0 && $q1 == 0){

        $q1 = 50;

    }elseif($new_result['product_price50'] != 0 && $q1 != 0 && $q2 == 0){

        $q2 = 50;

    }elseif($new_result['product_price50'] != 0 && $q1 != 0 && $q2 != 0){

        $q3 = 50;

    }


    if($new_result['product_price100'] != 0 && $q1 == 0){

        $q1 = 100;

    }elseif($new_result['product_price100'] != 0 && $q1 != 0 && $q2 == 0){

        $q2 = 100;

    }elseif($new_result['product_price100'] != 0 && $q1 != 0 && $q2 != 0){

        $q3 = 100;

    }


    $qty_array[] = $q1;

    $qty_array[] = $q2;

    $qty_array[] = $q3;

}

return $qty_array;

}


/************************************************************************************************************************************** new code **************************/


//new data added by chirag

function normal_sanitize($string){

global $db_conx;

return mysqli_real_escape_string($db_conx, str_replace("'","",stripslashes(htmlentities(strip_tags($string)))));

}

function addadmin($fullname,$emailid,$password,$role,$status)

{

global $db_conx;

if ($fullname != "" && $emailid != "" && $password != "" && $role != "" && $status != ""){

$sql = "INSERT INTO admin(fullname, emailid, password, post_id, status, dateadded) VALUES ('".$fullname."', '".$emailid."', '".$password."', '".(int)$role."', '".(int)$status."', now())";

mysqli_query($db_conx, $sql);

return mysqli_insert_id($db_conx);

}

}


function get_all_admin(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM admin WHERE fullname != '' ORDER BY id");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function count_admin(){

global $db_conx;

return $select = mysqli_query($db_conx, "SELECT * FROM admin WHERE fullname != '' ORDER BY id");


}

/*function updateadmin($adminid,$fullname,$emailid,$password,$role,$status)

{

global $db_conx;

if ($adminid !="" && $fullname != "" && $emailid != "" && $password != "" && $role != "" && $status != "")

{

$sql = "UPDATE admin SET fullname = '".$fullname."', emailid = '".$emailid."', password = '".$password."', role = '".(int)$role."', status = '".(int)$status."'  WHERE id = '".(int)$adminid."'";

$query_result = mysqli_query($db_conx, $sql);

if(!$query_result){

return false;

}else{

return true;

}

}

else { echo 'wrong';}

}*/

function get_all_category(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM category WHERE categoryname != '' AND status !=''");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function add_brand($category_id, $brandname, $status, $file_name){

global $db_conx;

if($category_id != "" && $brandname != "" && $status != "" && $file_name != "" ){

$category_id = string_sanitize($category_id);

$brandname = string_sanitize($brandname);

$status = string_sanitize($status);

$file_name = string_texteditor($file_name);

//$status = "1";

//$url = $_SERVER['REQUEST_URI'];

//$sub_category = string_sanitize($sub_category);

$sql = "INSERT INTO brand(categoryid, brandname, image, status, dateadded) VALUES ('".(int)$category_id."', '".$brandname."', '".$file_name."', '".(int)$status."', now())";

$insertbrand = mysqli_query($db_conx, $sql);


if ($insertbrand === TRUE)

{

return mysqli_insert_id($db_conx);

}

else

{

return false;

}


}

}

function edit_brand($brandid, $category_id, $brandname, $status, $file_name){

global $db_conx;

if($brandid != "" && $category_id != "" && $brandname != "" && $status != "" && $file_name != "" ){

$brandid = string_sanitize($brandid);

$category_id = string_sanitize($category_id);

$brandname = string_sanitize($brandname);

$status = string_sanitize($status);

$file_name = string_texteditor($file_name);

//$status = "1";

//$url = $_SERVER['REQUEST_URI'];

//$sub_category = string_sanitize($sub_category);

//$sql = "INSERT INTO brand(categoryid, brandname, image, status, dateadded) VALUES ('".(int)$category_id."', '".$brandname."', '".$file_name."', '".(int)$status."', now())";

$sql = "UPDATE brand SET categoryid = '".(int)$category_id."', brandname = '".$brandname."', image = '".$file_name."', status = '".(int)$status."'  WHERE id = '".(int)$brandid."'";

$updatebrand = mysqli_query($db_conx, $sql);


if ($updatebrand === TRUE)

{

//return mysqli_insert_id($db_conx);

return TRUE;

}

else

{

return false;

}


}

}

function get_all_brands(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM brand WHERE brandname != '' ORDER BY id DESC");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_category_name($category_id){

global $db_conx;

if($category_id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM category WHERE id = '".(int)$category_id."'");

return $row = mysqli_fetch_assoc($select);

}

}

function getallactivebrand()

{

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM brand WHERE brandname != '' AND status != '0' ORDER BY brandname");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function adduser($fullname,$lastname,$phone,$emailid,$password,$role,$status)

{

global $db_conx;

if ($fullname != "" && $lastname != "" && $phone != "" && $lastname != "" && $password != "" && $role != "" && $status != ""){

$sql = "INSERT INTO user(firstname, lastname, phone, emailid, password, post_id, status, dateadded) VALUES ('".$fullname."','".$lastname."','".$phone."', '".$emailid."', '".$password."', '".(int)$role."', '".(int)$status."', now())";

mysqli_query($db_conx, $sql);

return mysqli_insert_id($db_conx);

}

}

function get_all($table,$field,$filter){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM ".$table." WHERE id != '' ORDER BY ".$field."  ".$filter." ");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_brandname($brandid){

global $db_conx;

if($brandid != ""){

$select = mysqli_query($db_conx, "SELECT * FROM brand WHERE id = '".(int)$brandid."'");

return $row = mysqli_fetch_assoc($select);

}

}

function edituser($userid,$fullname,$lastname, $phone,$emailid,$role,$status)

{

global $db_conx;

if($userid != "" && $fullname != "" &&  $lastname != "" && $phone != "" && $emailid != "" && $status != "" && $role != "" ){

$userid = string_sanitize($userid);

$fullname = string_sanitize($fullname);

$lastname = string_sanitize($lastname);

$phone = string_sanitize($phone);

$emailid = string_sanitize($emailid);

$status = string_sanitize($status);

$role = string_sanitize($role);

$sql = "UPDATE user SET firstname = '".$fullname."', lastname= '".$lastname."', phone= '".$phone."', emailid = '".$emailid."', post_id = '".(int)$role."', status = '".(int)$status."'  WHERE id = '".(int)$userid."'";

$updateuser = mysqli_query($db_conx, $sql);


if ($updateuser === TRUE)

{

return TRUE;

}

else

{

return false;

}


}

}

function get_user($userid){

global $db_conx;

if($userid != ""){

$select = mysqli_query($db_conx, "SELECT * FROM user WHERE id = '".(int)$userid."'");

return $row = mysqli_fetch_assoc($select);

}

}

function get_all_reviews(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM review WHERE id != '' ORDER BY id DESC");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_reviews($limit){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM review WHERE id != '' ORDER BY id DESC LIMIT ".$limit."");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function updatestatus($check, $approve){

global $db_conx;

$updateadd2 = "UPDATE review SET status = '".$approve."' WHERE id = '".(int)$check."'";

if(mysqli_query($db_conx, $updateadd2))

{

return true;

}

else

{

return false;

}

}

function update_status($table, $check, $approve){

global $db_conx;

$updateadd2 = "UPDATE ".$table." SET status = '".$approve."' WHERE id = '".(int)$check."'";

if(mysqli_query($db_conx, $updateadd2))

{

return true;

}

else

{

return false;

}

}

function get_all_replies(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM reply WHERE id != '' ORDER BY id DESC");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_replies($limit){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM reply WHERE id != '' ORDER BY id DESC LIMIT ".$limit."");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function count_all_admins(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM admin WHERE id != '' ORDER BY id DESC");

return $select;

}

function count_all_brands(){

global $db_conx;

$select = mysqli_query($db_conx, "SELECT * FROM brand WHERE id != '' ORDER BY id DESC");

return $select;

}

function count_all_users(){

global $db_conx;

$select = mysqli_query($db_conx, "SELECT * FROM user WHERE id != '' ORDER BY id DESC");

return $select;

}

function count_all_reviews(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM review WHERE id != '' ORDER BY id DESC");

return $select;

}

function count_all_replies(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM reply WHERE id != '' ORDER BY id DESC");

return $select;

}

function count_all_adds(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM adds WHERE id != '' ORDER BY id DESC");

return $select;

}

function addadd($addcode,$status,$title)

{

global $db_conx;

if ($addcode != "" && $status != "" && $title != ""){

$sql = "INSERT INTO adds(addcode, title, status, dateadded) VALUES ('".$addcode."', '".$title."', '".(int)$status."', now())";

mysqli_query($db_conx, $sql);

return mysqli_insert_id($db_conx);

}

}

function editadd($addid,$addcode,$status,$title)

{

global $db_conx;

$updateadd2 = "UPDATE adds SET title = '".$title."', status = '".$status."', addcode = '".$addcode."'  WHERE id = '".(int)$addid."'";

if(mysqli_query($db_conx, $updateadd2))

{

return true;

}

else

{

return false;

}

}

function get_all_adds(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM adds WHERE id != '' ORDER BY id DESC");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function humanTiming($time)

{

    $time = time() - $time; // to get the time since that moment

    $time = ($time<1)? 1 : $time;

    $tokens = array (

        31536000 => 'year',

        2592000 => 'month',

        604800 => 'week',

        86400 => 'day',

        3600 => 'hour',

        60 => 'minute',

        1 => 'second'

    );

    foreach ($tokens as $unit => $text) {

        if ($time < $unit) continue;

        $numberOfUnits = floor($time / $unit);

        return $numberOfUnits.' '.$text.(($numberOfUnits>1)?'s':'');

    }

}

function get_review_row($id){

global $db_conx;

if ($id != ""){

$select = mysqli_query($db_conx, "SELECT * FROM review WHERE id = '".(int)$id."'");

return $row = mysqli_fetch_assoc($select);

}

}

function limit_description_sumeet($text, $words_limit)

{

  $newtext = $text;

  if(strlen($text)>$words_limit){

   $stringCut = substr($text,0,$words_limit);

   return $newtext = substr($stringCut,0,strrpos($stringCut,' ')).' ...';

  }else{

   return $newtext;

  }

}

/*

function get_onefield($field,$table){

global $db_conx;

if ($field != "" && $table != ""){

$select = "";

}

}*/

function get_checkemail($email)

{

global $db_conx;

$sql = "select emailid from user where emailid = '".$email."'";

$chkemail = mysqli_query($db_conx,$sql);

return mysqli_num_rows($chkemail);

}


function add_customer($fullname, $lastname, $phone, $emailid, $password, $role){

global $db_conx;

if( $fullname != "" && $lastname !="" && $phone != "" && $emailid != "" && $password != "" ){

$fullname = string_sanitize($fullname);

$lastname = string_sanitize($lastname);

$phone = string_sanitize($phone);

$emailid = string_sanitize($emailid);

$password = string_sanitize($password);

$role = string_sanitize($role);

$ip_address = $_SERVER['REMOTE_ADDR'];

$status = "1";

$sql = "INSERT INTO user( firstname, lastname, phone, emailid, password, post_id, status, ipaddress, dateadded) VALUES ('".$fullname."', '".$lastname."', '".$phone."','".$emailid."', '".$password."', '".(int)$role."', '".(int)$status."', '".$ip_address."', now() )";

mysqli_query($db_conx,$sql);

$newcustmerid = mysqli_insert_id($db_conx);


/*$to = $emailid;

//$from = "info@Reviewitindia.com";

$from = "chirag.jdsofttech@gmail.com";

$subject = "Welcome To Reviewitindia";


$message = '<!DOCTYPE html>

<html>

<head><meta charset="UTF-8">

<title>Reviewitindia</title>

</head>

<body style="margin:0px; font-family:Tahoma, Geneva, sans-serif;">

<div style="padding:10px; font-size:24px;">

<div style="padding:24px; font-size:17px;">

Hello '. $fullname .',<br /><br />

Email ID : '.$emailid.'<br />

Kindly find your password: '.$password.'<br /><br />

Thanks<br />

</div>

</div>

</body>

</html>';


$headers = "From: Reviewitindia\n";

$headers .= "MIME-Version: 1.0\n";

$headers .= "Content-type: text/html; charset=iso-8859-1\n";

//mail($to, $subject, $msg, $headers);

try {

          $mail = new PHPMailer(true);

          $mail->IsSMTP();  // Using SMTP.

          $mail->Host       = "mail.wordpressdevelopersinboston.com"; // SMTP server

          $mail->CharSet = 'utf-8';

          $mail->SMTPAuth   = false; // Enables SMTP authentication.

          $mail->IsSendmail();  // tell the class to use Sendmail


          $mail->AddAddress($to);

    

          $mail->From       = $from;

          $mail->FromName   = 'Reviewitindia';

          $mail->Subject = $subject;


          $mail->MsgHTML($message);

          $mail->IsHTML(true);

          $mail->Send();


      } 

      catch (phpmailerException $e) {

          $e->errorMessage();

      }

*/

      return $newcustmerid;

}

else

{

return false;

}

}

function get_active_brands(){

global $db_conx;

$ret = array();

$select = mysqli_query($db_conx, "SELECT * FROM brand WHERE status = 1 ORDER BY brandname");

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function date_sanitize($date){

global $db_conx;

return mysqli_real_escape_string($db_conx, str_replace("'","",$date));

}

function getAge($then) {

    $then = date('Ymd', strtotime($then));

    $diff = date('Ymd') - $then;

    return substr($diff, 0, -4);

}

function edit_customer_userside($id, $firstname, $lastname, $gender, $birthdate, $city, $state,$phone, $password, $file_name)

{

global $db_conx;

if( $id != "" && $firstname !="" && $lastname != "" && $gender != "" && $birthdate != "" && $city != ""&& $state != ""&& $phone != ""&& $password != ""&& $file_name != "" ){

$id = string_sanitize($id);

$firstname = string_sanitize($firstname);

$lastname = string_sanitize($lastname);

$gender = string_sanitize($gender);

$birthdate = string_sanitize($birthdate);

$city = string_sanitize($city);

$state = string_sanitize($state);

$phone = string_sanitize($phone);

$password = string_sanitize($password);

$file_name = string_sanitize($file_name);

$sql = "UPDATE user SET firstname = '".$firstname."', lastname= '".$lastname."', phone= '".$phone."', gender = '".$gender."', birthdate = '".$birthdate."', city = '".$city."', state = '".$state."', password = '".$password."', profileimage = '".$file_name."'  WHERE id = '".(int)$id."'";

$updateuser = mysqli_query($db_conx, $sql);


if ($updateuser === TRUE)

{

return TRUE;

}

else

{

return false;

}

}

}


/* ----------------------------------------------------------------- */

/* -------------------27-03-2019 */

function get_roll_by_id($rollid){

global $db_conx;

$sql = "SELECT * FROM post_t WHERE rid = '$rollid'";

$select = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($select);

}

function display_gender(){

echo '<select class="form-control m-b" name="gender" id="gender">

            <option value="male">Male</option>

            <option value="female">Female</option>

            <option value="other">Other</option>

        </select>';

}

function save_new_patient($fname, $mname, $lname, $mobile1, $mobile2, $phone, $birthdate, $age, $gender, $address, $city, $status, $enteredby,$weight){

global $db_conx;

$createddate = date("Y-m-d H:i:s");

$cid = $_SESSION['cid'];

$sql = "INSERT INTO patient (cid, fname, mname, lname, mobile1, mobile2, phone, birthdate, age, gender, address, city, createddate, createdby, status, weight) VALUES ('".$cid."', '".$fname."', '".$mname."', '".$lname."', '".$mobile1."', '".$mobile2."', '".$phone."', '".$birthdate."', '".$age."', '".$gender."', '".$address."','".$city."', '".$createddate."', '".$enteredby."', '".$status."', '".$weight."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE)

{

$patientid = mysqli_insert_id($db_conx);

$activity ="New patient inserted. patientid : $patientid, Name : $fname $mname $lname Mobile1:".$mobile1.", mobile2:".$mobile2.", phone:".$phone.", birthdate:".$birthdate.", age:".$age.", gender:".$gender.", address:".$address.", city:".$city.", createddate:".$createddate.", createdby:".$enteredby.", status:".$status.", weight:".$weight;

    $pagename ="patient_create.php";

    activitylog($activity,$pagename);

return TRUE;

}

else

{

return false;

}

}

function getallpatients(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql = "SELECT * FROM patient where status = '1' AND cid = '".$cid."' ORDER BY pid DESC";

$select = mysqli_query($db_conx, $sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_patient_by_id($id){

global $db_conx;

$sql =  "SELECT * FROM `patient` WHERE pid = '$id'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}

function ddmmyyyy($date){

return $newDate = date("d-m-Y", strtotime($date));

}

function yyyymmdd($date){

if(!empty($date)){

return $newDate = date("Y-m-d", strtotime($date));

}else{

return $date = NULL;

}

}

function dmyhis($date){

return $newDate = date("d-m-Y h:i:s a", strtotime($date));

}

function select_gender($gender){

$male = $female = $other = '';

if ($gender == 'male') {

$male = 'selected="selected"';

}elseif($gender == 'female'){

$female = 'selected="selected"';

}else{

$other = 'selected="selected"';

}

echo '<select class="form-control m-b" name="gender" id="gender">

            <option value="male" '.$male.'>Male</option>

            <option value="female" '.$female.'>Female</option>

            <option value="other" '.$other.'>Other</option>

        </select>';

}

function select_gender_readonly($gender){

    echo '<input type="text"  class="form-control" readonly="readonly" value="'.ucfirst($gender).'">';

}

function edit_patient($pid, $fname, $mname, $lname, $mobile1, $mobile2, $phone, $birthdate, $age, $gender, $address, $city, $status, $updatedby, $weight){

global $db_conx;

$cid = $_SESSION['cid'];

$userid = $_SESSION['userid'];

$updateddate = date("Y-m-d H:i:s");

$sql = "UPDATE patient SET fname = '".$fname."', mname= '".$mname."', lname= '".$lname."', mobile1= '".$mobile1."', mobile2= '".$mobile2."', phone= '".$phone."', gender = '".$gender."', birthdate = '".$birthdate."', age = '".$age."',city = '".$city."',  address = '".$address."', status = '".$status."', modifiedby = '".$updatedby."', modifieddate = '".$updateddate."', weight = '".$weight."' WHERE pid = '".(int)$pid."'";

$updateuser = mysqli_query($db_conx, $sql);


if ($updateuser === TRUE){

$activity ="Patient Edited. patientid : $pid, Name : $fname $mname $lname Mobile1:".$mobile1.", mobile2:".$mobile2.", phone:".$phone.", birthdate:".$birthdate.", age:".$age.", gender:".$gender.", address:".$address.", city:".$city.", updatedate:".$updateddate.", updatedby:".$userid.", status:".$status.", weight:".$weight;

    $pagename ="patient_edit.php";

    activitylog($activity,$pagename);

return TRUE;}

else{return false;}

}

function sqlformatDate($str){

$classes=explode("-",$str);

return $date = $classes[2]."-".$classes[1]."-".$classes[0];

}

function todaysserialnumber(){

global $db_conx;

$currentdate = date('Y-m-d');

$rowcount = 0;

$j = 1;

$cid = $_SESSION['cid'];

$sql = "SELECT id FROM case_t WHERE casedate = '$currentdate' AND status = '1' AND cid = '".$cid."' ";

if ($result=mysqli_query($db_conx,$sql))

  {

  $rowcount  = mysqli_num_rows($result);

  return $rowcount + $j;

  }

}

function approxcasenumber(){

global $db_conx;

$month = date('n');

    $year = date('y');

$rowcount = 0;

$j = 1;

$cid = $_SESSION['cid'];

$sql = "SELECT id FROM case_t WHERE year = '$year' AND month = '$month' AND status = '1' AND cid = '".$cid."' ";

if ($result=mysqli_query($db_conx,$sql))

  {

  $rowcount  = mysqli_num_rows($result);

  return $rowcount + $j;

  }

}

function chacknewoldcasestatus($pid,$dt){

date('d-m-Y',strtotime("-6 months"));


}

function caseinsert($pid,$userid,$singlecaseno,$month,$year,$casedate,$status,$casestatus,$fee,$drcr,$casenote,$weight,$ageinyears,$perfactage,$payment){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$cid = $_SESSION['cid'];

$sql = "INSERT INTO case_t (cid, singlecaseno, month, year, casedate, originalcasedate, userid, pid, status, casestatus, fee, drcr, notes, weight, ageinyears, perfactage, paymentmode) VALUES ('".$cid."', '".(int)$singlecaseno."', '".(int)$month."', '".(int)$year."', '".$casedate."', '".$originalcasedate."', '".(int)$userid."', '".(int)$pid."', '".(int)$status."', '".$casestatus."', '".(int)$fee."', '".$drcr."', '".$casenote."', '".$weight."', '".$ageinyears."', '".$perfactage."', '".$payment."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$pagename = "case_create.php";

$caseid = mysqli_insert_id($db_conx);

/*$symptom = getcasesymptomsidlist($caseid);

$symptomslist = print_r($symptom, TRUE);

$diagnosis = getcasediagnosisidlist($caseid);

$diagnosislist = print_r($diagnosis, TRUE);

$prescription = getcaseprescriptionlist($caseid);

$prescriptionlist = print_r($prescription, TRUE);

$report = getcasereportlist($caseid);

$reportlist = print_r($report, TRUE);*/

$details = "caseid: ".$caseid." paymentMode: ".$payment." fee:".$fee." New/old: ".$casestatus." drcr:".$drcr." notes:".$casenote." casecreateby:".$userid." casecreatedatetime:".$originalcasedate; 

$activity = "Case created : ".$details;

activitylog($activity,$pagename);

return TRUE;

}

else{return false;}

}

function dateserialnumber($casedt){

global $db_conx;

//$currentdate = date('Y-m-d');

$rowcount = 0;

$j = 1;

$cid = $_SESSION['cid'];

$sql = "SELECT id FROM case_t WHERE casedate = '$casedt' AND status = '1' AND cid = '".$cid."' ";

if ($result=mysqli_query($db_conx,$sql))

  {

  $rowcount  = mysqli_num_rows($result);

  return $rowcount + $j;

  }

}

function approxcasenumberbydate($casedt){

global $db_conx;

//$casedt = date_format($casedt, 'd-n-y');

//$newDate = date("y-n-d", strtotime($casedt));

$classes=explode("-",$casedt);

$month1 = $classes[1];

$year1 = $classes[0];

if (strlen($month1) == '2' ) {

$month = substr($month1,-1);

}

if (strlen($year1) == '4') {

$year = substr($year1,2);

}

$rowcount = 0;

$j = 1;

$cid = $_SESSION['cid'];

$sql = "SELECT id FROM case_t WHERE year = '$year' AND month = '$month' AND status = '1' AND cid = '".$cid."' ";

if ($result=mysqli_query($db_conx,$sql))

  {

  $rowcount  = mysqli_num_rows($result);

  return $rowcount + $j;

  }

}


function edit_fee_by_id($feeid_edit,$casetype,$editfee){

global $db_conx;

$userid = $_SESSION['userid'];

$updatedatetime = date("Y-m-d H:i:s");

$sql = "UPDATE casefee SET feename = '$casetype', fee ='$editfee', updatedby = '$userid', updateddatetime = '$updatedatetime'  WHERE fid = '$feeid_edit' ";

//exit();

$updateuser = mysqli_query($db_conx, $sql);

if ($updateuser === TRUE){

// log

$cid = $_SESSION['cid'];

$clinicname = $_SESSION['clinicname'];

$activity ="Fee Updated. Clinic ID : $cid, UserId : $userid Clinic Name : $clinicname, feeid = $feeid_edit  casetype : $casetype fee: $editfee. ";

$pagename ="fee.php";

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function edit_user_by_id($userid,$fname,$mname,$lname,$phone1,$phone2,$phone3,$role,$uname,$password){

global $db_conx;

$userid = $_SESSION['userid'];

$updatedatetime = date("Y-m-d H:i:s");

$sql = "UPDATE casefee SET feename = '$casetype', fee ='$editfee', status = '$status', updatedby = '$userid', updateddatetime = '$updatedatetime'  WHERE fid = '$feeid_edit' ";

//exit();

$updateuser = mysqli_query($db_conx, $sql);

if ($updateuser === TRUE){return 1;}

else{return false;}

}

function activitylog($activity,$pagename){

global $db_conx;

$userid = @$_SESSION['userid'];

$cid = @$_SESSION['cid'];

$activitytime = date("Y-m-d H:i:s");

$sql = "INSERT INTO user_activity_log (cid, userid, activitytime, activity, pagename) VALUES ('".$cid."','".(int)$userid."', '".$activitytime."', '".$activity."', '".$pagename."')";

$loguser = mysqli_query($db_conx, $sql);

//if($loguser === TRUE){echo "success";}else{echo "error";}

//write log to file

/*$txt = "Userid: ".$userid. " activitytime: ".$activitytime." activity: ".$activity." pagename: ".$pagename;

$myfile = file_put_contents('activitylog.txt', $txt.PHP_EOL , FILE_APPEND | LOCK_EX); */

}

function get_complainbyid($id){

global $db_conx;

$sql = "SELECT * FROM patient_symptoms WHERE cpid = '".(int)$id."'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}

function add_complain($add_complain,$description,$priority,$status){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "INSERT INTO patient_symptoms (cid, shortname, description, priority, status, createdby, createddate) VALUES ('".$cid."', '".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."', '".$originalcasedate."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

//$complainid = mysqli_insert_id($db_conx);

//$complaindetails = get_complainbyid($complainid);

$pagename = "patient_complain.php";

$details = "Patient complain/symptoms added for clinic id:".$cid.", Shortname: ".$add_complain.", Description: ".$description.", priority:".$priority.", userid: ".$userid.", datetime: ".$originalcasedate;

$activity = "Insert New patient complain. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}


function edit_complain($edit_complain_id,$add_complain,$description,$priority,$status){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "UPDATE patient_symptoms SET shortname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."'  WHERE cpid = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

//$complaindetails = get_complainbyid($edit_complain_id);

$pagename = "patient_complain.php";

$details = " Symptoms ID: $edit_complain_id , shortname: $add_complain , description: $description , priority: $priority";

$activity = "Updated patient complain for clinic id: $cid. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function getTableData($tablename,$fieldname,$condition){

global $db_conx;

$sql = "SELECT $fieldname FROM $tablename WHERE $condition";

$result = mysqli_query($db_conx, $sql);

$row = mysqli_fetch_assoc($result);

return $row["$fieldname"];

}

function get_departmentbyid($id){

global $db_conx;

$sql = "SELECT * FROM rights_t WHERE rid = '".(int)$id."'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}

function add_department($add_complain,$description,$priority,$status){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$sql = "INSERT INTO rights_t (departmentname, description, priority, status, createdby, createddate) VALUES ('".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."', '".$originalcasedate."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complainid = mysqli_insert_id($db_conx);

$complaindetails = get_departmentbyid($complainid);

$pagename = "rights.php";

$details = print_r($complaindetails, TRUE);

$activity = "Insert New department rights. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function showAll_department(){

global $db_conx;

$ret = array();

$sql =  "SELECT * FROM `rights_t` WHERE display = '1' order by rid desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function edit_rights($edit_complain_id,$add_complain,$description,$priority,$status){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$sql = "UPDATE rights_t SET departmentname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."'  WHERE rid = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complaindetails = get_departmentbyid($edit_complain_id);

$pagename = "rights.php";

$details = print_r($complaindetails, TRUE);

$activity = "Updated department rights. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function get_rolebyid($id){

global $db_conx;

$sql = "SELECT * FROM post_t WHERE rid = '".(int)$id."'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}

function add_role($add_complain,$description,$priority,$status){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$sql = "INSERT INTO post_t (rname, description, priority, status, createdby, createddate) VALUES ('".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."', '".$originalcasedate."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complainid = mysqli_insert_id($db_conx);

$complaindetails = get_rolebyid($complainid);

$pagename = "role.php";

$details = print_r($complaindetails, TRUE);

$activity = "Insert a new post or role. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function showAll_roles(){

global $db_conx;

$ret = array();

$sql =  "SELECT * FROM `post_t` WHERE display = '1' order by rid desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

/*function get_rolebyid($id){

global $db_conx;

$sql = "SELECT * FROM rights_t WHERE rid = '".(int)$id."'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}*/

function edit_role($edit_complain_id,$add_complain,$description,$priority,$status){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$sql = "UPDATE post_t SET rname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."'  WHERE rid = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complaindetails = get_rolebyid($edit_complain_id);

$pagename = "role.php";

$details = print_r($complaindetails, TRUE);

$activity = "Updated Role. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function getAll_department(){

global $db_conx;

$ret = array();

$sql =  "SELECT * FROM `rights_t` WHERE display = '1' AND status = '1' order by priority ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_users_active_departments($user){

global $db_conx;

$ret = array();

$sql =  "SELECT rid FROM `user_rights` WHERE userid = '".$user."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row['rid'];

}

return $ret;

}

function searchForId($search_value, $array, $id_path) { 

    // Iterating over main array 

    foreach ($array as $key1 => $val1) { 

        $temp_path = $id_path; 

        // Adding current key to search path 

        array_push($temp_path, $key1); 

        // Check if this value is an array 

        // with atleast one element 

        if(is_array($val1) and count($val1)) { 

            // Iterating over the nested array 

            foreach ($val1 as $key2 => $val2) { 

                if($val2 == $search_value) { 

                    // Adding current key to search path 

                    array_push($temp_path, $key2); 

                    return join(",", $temp_path); 

                } 

            } 

        } 

        elseif($val1 == $search_value) { 

            return join(",", $temp_path); 

        } 

    } 

    return null; 

}

function get_rollname_by_rid($rollid){

global $db_conx;

$sql = "SELECT rname FROM post_t WHERE rid = '$rollid'";

$select = mysqli_query($db_conx, $sql);

$row = mysqli_fetch_assoc($select);

return $row['rname'];

}

function uploadimage($imagename){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$sql = "UPDATE users SET userimage = '".$imagename."' WHERE userid = '".(int)$userid."'";

    $updatequery = mysqli_query($db_conx, $sql);

    $_SESSION['userimage'] = $imagename;

    $activity ="Update user Image : ".$imagename;

    $pagename ="profile.php";

    activitylog($activity,$pagename);

    //if($updatequery === true){echo '1'; }else{echo 'error';}


}

/*function getuserbyid($userid){

global $db_conx;

$sql = "SELECT * FROM users WHERE userid = '".$userid."' ";

$loginchk = mysqli_query($db_conx,$sql);

return $row[] = mysqli_fetch_assoc($loginchk);

}*/

function getuserbyid($customer_id){

global $db_conx;

$sql = "select * from users where userid = '".(int)$customer_id."'";

$select = mysqli_query($db_conx,$sql);

return $row[] = mysqli_fetch_assoc($select);

}

function getcasedetailsbycaseid($caseidid){

global $db_conx;

$cid = $_SESSION['cid'];

$sql = "SELECT * FROM case_t WHERE id = '".(int)$caseidid."' ";

$select = mysqli_query($db_conx,$sql);

return $row[] = mysqli_fetch_assoc($select);

}

function getallsymptoms(){

global $db_conx;

$cid = $_SESSION['cid'];

$ret = array();

$sql =  "SELECT * FROM `patient_symptoms` WHERE display = '1' AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

/*function removecasesymptoms($caseid){

global $db_conx;

$sql = "DELETE FROM case_symptoms WHERE caseid='".(int)$caseid."' ";

mysqli_query($db_conx, $sql);

}

function addsymptoms($caseid, $symptoms){

global $db_conx;

$userid = string_sanitize($_SESSION['userid']);

if(!empty($symptoms)){

removecasesymptoms($caseid);

$symptoms = explode (",", $symptoms); 

foreach ($symptoms as $symptom) {

$updatedatetime = date("Y-m-d H:i:s");

$sql = "INSERT INTO case_symptoms (caseid, cpid, userid , createdate) VALUES ('".$caseid."', '".$symptom."', '".$userid."','".$updatedatetime."')";

$insertpatient = mysqli_query($db_conx, $sql);

}

}

}

function getcasesymptoms($caseid){

global $db_conx;

$sql =  "SELECT * FROM `case_symptoms` WHERE caseid = '".$caseid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getcasesymptomsidlist($caseid){

global $db_conx;

$sql =  "SELECT cpid FROM `case_symptoms` WHERE caseid = '".$caseid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row['cpid']; 

}

return $ret;

}

function getcasediagnosisidlist($caseid){

global $db_conx;

$sql =  "SELECT dpid FROM `case_diagnosis` WHERE caseid = '".$caseid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row['dpid']; 

}

return $ret;

}

function getcaseprescriptionlist($caseid){

global $db_conx;

$sql =  "SELECT ppid FROM `case_prescription` WHERE caseid = '".$caseid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row['ppid']; 

}

return $ret;

}

function getcasereportlist($caseid){

global $db_conx;

$sql =  "SELECT rpid FROM `case_report` WHERE caseid = '".$caseid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row['rpid']; 

}

return $ret;

}*/

/*function countcasesymptoms($caseid){

global $db_conx;

$sql =  "SELECT COUNT(cpid) AS casesymptoms FROM `case_symptoms` WHERE caseid = '".$caseid."' ";

$result = mysqli_query($db_conx, $sql);

$row = mysqli_fetch_assoc($result);

return $row['casesymptoms'];

}*/

function getalldiagnosis(){

global $db_conx;

$cid = $_SESSION['cid'];

$ret = array();

$sql =  "SELECT * FROM `patient_diagnosis` WHERE display = '1' AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

/*function removecasediagnosis($caseid){

global $db_conx;

$sql = "DELETE FROM case_diagnosis WHERE caseid='".(int)$caseid."' ";

mysqli_query($db_conx, $sql);

}*/

/*function adddiagnosis($caseid, $symptoms){

global $db_conx;

$userid = string_sanitize($_SESSION['userid']);

if(!empty($symptoms)){

removecasediagnosis($caseid);

$symptoms = explode (",", $symptoms); 

foreach ($symptoms as $symptom) {

$updatedatetime = date("Y-m-d H:i:s");

$sql = "INSERT INTO case_diagnosis (caseid, dpid, userid , createdate) VALUES ('".$caseid."', '".$symptom."', '".$userid."','".$updatedatetime."')";

$insertpatient = mysqli_query($db_conx, $sql);

}

}

}

function getcasediagnosis($caseid){

global $db_conx;

$sql =  "SELECT * FROM `case_diagnosis` WHERE caseid = '".$caseid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function countcasediagnosis($caseid){

global $db_conx;

$sql =  "SELECT COUNT(dpid) AS casesymptoms FROM `case_diagnosis` WHERE caseid = '".$caseid."' ";

$result = mysqli_query($db_conx, $sql);

$row = mysqli_fetch_assoc($result);

return $row['casesymptoms'];

}*/

function getallprescription(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_prescription` WHERE display = '1' AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

/*function removecaseprescription($caseid){

global $db_conx;

$sql = "DELETE FROM case_prescription WHERE caseid='".(int)$caseid."' ";

mysqli_query($db_conx, $sql);

}

function addprescription($caseid, $symptoms){

global $db_conx;

$userid = string_sanitize($_SESSION['userid']);

if(!empty($symptoms)){

removecaseprescription($caseid);

$symptoms = explode (",", $symptoms); 

foreach ($symptoms as $symptom) {

$updatedatetime = date("Y-m-d H:i:s");

$sql = "INSERT INTO case_prescription (caseid, ppid, userid , createdate) VALUES ('".$caseid."', '".$symptom."', '".$userid."','".$updatedatetime."')";

$insertpatient = mysqli_query($db_conx, $sql);

}

}

}

function getcaseprescription($caseid){

global $db_conx;

$sql =  "SELECT * FROM `case_prescription` WHERE caseid = '".$caseid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function countcaseprescription($caseid){

global $db_conx;

$sql =  "SELECT COUNT(ppid) AS casesymptoms FROM `case_prescription` WHERE caseid = '".$caseid."' ";

$result = mysqli_query($db_conx, $sql);

$row = mysqli_fetch_assoc($result);

return $row['casesymptoms'];

}

function get_diagnosisbyid($id){

global $db_conx;

$sql = "SELECT * FROM patient_diagnosis WHERE dpid = '".(int)$id."'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}*/

function showAll_diagnosis(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_diagnosis` WHERE display = '1' AND cid = '".$cid."' order by dpid desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function edit_diagnosis($edit_complain_id,$add_complain,$description,$priority,$status){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$sql = "UPDATE patient_diagnosis SET shortname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."' WHERE dpid = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

//$complaindetails = get_diagnosisbyid($edit_complain_id);

$pagename = "patient_diagnosis.php";

$details = "Diagnosis id:".$edit_complain_id.", shortname:".$add_complain.", description:".$description. ", priority:".$priority.", status:".$status;

$activity = "Updated patient diagnosis. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function get_prescriptionbyid($id){

global $db_conx;

$sql = "SELECT * FROM patient_prescription WHERE ppid = '".(int)$id."'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}

function showAll_prescription(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_prescription` WHERE display = '1' AND cid = '".$cid."' order by ppid desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function edit_prescription($edit_complain_id,$add_complain,$description,$priority,$status,$power,$company){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "UPDATE patient_prescription SET shortname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."', power = '".$power."',company = '".$company."' WHERE ppid = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

//$complaindetails = get_prescriptionbyid($edit_complain_id);

$pagename = "patient_prescription.php";

$details = "ID : ".$edit_complain_id.", shortname: ".$add_complain.", description:".$description.", priority:".$priority.", status:".$status.", Power:".$power.", Company:".$company;

$activity = "Updated patient prescription. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function get_reportbyid($id){

global $db_conx;

$sql = "SELECT * FROM patient_report WHERE rpid = '".(int)$id."'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}

function showAll_report(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_report` WHERE display = '1' AND cid = '".$cid."' order by rpid desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function edit_report($edit_complain_id,$add_complain,$description,$priority,$status){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "UPDATE patient_report SET shortname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."' WHERE rpid = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

//$complaindetails = get_reportbyid($edit_complain_id);

$pagename = "patient_report.php";

$details = "Id:".$edit_complain_id.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status;

$activity = "Updated patient report. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function showAll_do(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_do` WHERE display = '1' AND cid = '".$cid."' order by did desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function edit_do($edit_complain_id,$add_complain,$description,$priority,$status){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "UPDATE patient_do SET shortname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."' WHERE did = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

//$complaindetails = get_reportbyid($edit_complain_id);

$pagename = "dos.php";

$details = "Id:".$edit_complain_id.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status;

$activity = "Updated patient to do list. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function add_diagnosis($add_complain,$description,$priority,$status){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "INSERT INTO patient_diagnosis (cid, shortname, description, priority, status, createdby, createddate) VALUES ('".$cid."', '".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."', '".$originalcasedate."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complainid = mysqli_insert_id($db_conx);

//$complaindetails = get_diagnosisbyid($complainid);

$pagename = "patient_diagnosis.php";

$details = "shortname :".$add_complain.", description:".$description.", priority:".$priority.", status:".$status ;

$activity = "Insert patient diagnosis. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function add_prescription($add_complain,$description,$priority,$status,$power,$company){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "INSERT INTO patient_prescription (cid, shortname, description, priority, status, createdby, createddate, power, company) VALUES ('".$cid."', '".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."', '".$originalcasedate."', '".$power."', '".$company."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complainid = mysqli_insert_id($db_conx);

//$complaindetails = get_prescriptionbyid($complainid);

$pagename = "patient_prescription.php";

$details = "id:".$complainid.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status." , power:" .$power.", company:".$company;

$activity = "Insert patient prescription. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function add_report($add_complain,$description,$priority,$status){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "INSERT INTO patient_report (cid, shortname, description, priority, status, createdby, createddate) VALUES ('".$cid."', '".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."', '".$originalcasedate."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complainid = mysqli_insert_id($db_conx);

//$complaindetails = get_reportbyid($complainid);

$pagename = "patient_report.php";

$details = "id:".$complainid.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status;

$activity = "Insert patient report. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function update_case($caseid,$casefee,$drcr,$casenote,$symptomsarray,$diagnosisarray,$reportarray,$caseprescriptionnotes,$weight,$paymentmode,$dos,$dont,$nextdays,$nextdate)

{

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];


if($caseid != "" && $casefee != ""  && $drcr != "")

{

$update = mysqli_query($db_conx, "UPDATE case_t SET fee = '".$casefee."', drcr = '".$drcr."', notes = '".$casenote."', caseprescriptionnotes = '".$caseprescriptionnotes."', modifiedby = '".$userid."', modifieddatetime = '".$updatedatetime."', symptoms = '".$symptomsarray."', diagnosis = '".$diagnosisarray."', report = '".$reportarray."', weight= '".$weight."', paymentmode = '".$paymentmode."', do = '".$dos."', dont = '".$dont."', daycome = '".$nextdays."', datecome = '".$nextdate."' WHERE id = '".(int)$caseid."'");

if ($update === TRUE){

$pagename = "case_view.php";

/*$symptom = getcasesymptomsidlist($caseid);

$symptomslist = print_r($symptom, TRUE);

$diagnosis = getcasediagnosisidlist($caseid);

$diagnosislist = print_r($diagnosis, TRUE);

$prescription = getcaseprescriptionlist($caseid);

$prescriptionlist = print_r($prescription, TRUE);

$report = getcasereportlist($caseid);

$reportlist = print_r($report, TRUE);*/

$details = "caseid: ".$caseid." fee:".$casefee." drcr:".$drcr." notes:".$casenote." modifiedby:".$userid." modifieddatetime:".$updatedatetime. " symptoms:".$symptomsarray." Diagnosis: ".$diagnosisarray." Reports : ".$reportarray. " caseprescriptionnotes = ".$caseprescriptionnotes.", paymentmode = ".$paymentmode." Do:".$dos." Dont:".$dont." Come after days:".$nextdays." NextDate:".$nextdate; 

$activity = "Save Updated case Details are : ".$details;

activitylog($activity,$pagename);

return true;

}

else false;

}

}

function add_do($add_complain,$description,$priority,$status){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "INSERT INTO patient_do (cid, shortname, description, priority, status, createdby) VALUES ('".$cid."', '".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complainid = mysqli_insert_id($db_conx);

//$complaindetails = get_reportbyid($complainid);

$pagename = "dos.php";

$details = "id:".$complainid.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status;

$activity = "Insert DO list. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function update_case_close($caseid,$casefee,$drcr,$casenote,$symptomsarray,$diagnosisarray,$reportarray,$caseprescriptionnotes, $weight, $paymentmode,$dos,$dont,$nextdays,$nextdate)

{

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];


if($caseid != "" && $casefee != ""  && $drcr != "")

{

$update = mysqli_query($db_conx, "UPDATE case_t SET fee = '".$casefee."', drcr = '".$drcr."', notes = '".$casenote."', caseprescriptionnotes = '".$caseprescriptionnotes."', modifiedby = '".$userid."', modifieddatetime = '".$updatedatetime."', caseclose = '1', symptoms = '".$symptomsarray."', diagnosis = '".$diagnosisarray."', report = '".$reportarray."', weight = '".$weight."', paymentmode = '".$paymentmode."', do = '".$dos."', dont = '".$dont."', daycome = '".$nextdays."', datecome = '".$nextdate."' WHERE id = '".(int)$caseid."'");

if ($update === TRUE){

$pagename = "case_view.php";

/*$symptom = getcasesymptomsidlist($caseid);

$symptomslist = print_r($symptom, TRUE);

$diagnosis = getcasediagnosisidlist($caseid);

$diagnosislist = print_r($diagnosis, TRUE);

$prescription = getcaseprescriptionlist($caseid);

$prescriptionlist = print_r($prescription, TRUE);

$report = getcasereportlist($caseid);

$reportlist = print_r($report, TRUE);*/

$details = "caseid: ".$caseid." fee:".$casefee." drcr:".$drcr." notes:".$casenote." modifiedby:".$userid." modifieddatetime:".$updatedatetime. " symptoms:".$symptomsarray." Diagnosis: ".$diagnosisarray." Reports : ".$reportarray. " caseprescriptionnotes = ".$caseprescriptionnotes.", paymentmode = ".$paymentmode." Do:".$dos." Dont:".$dont." Come after days:".$nextdays." NextDate:".$nextdate; 

$activity = "Closed and Updated case Details are : ".$details;

activitylog($activity,$pagename);

return true;

}

else false;

}

}

function getallreport(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_report` WHERE display = '1' AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getalldo(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_do` WHERE display = '1' AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

/*function removecasereport($caseid){

global $db_conx;

$sql = "DELETE FROM case_report WHERE caseid='".(int)$caseid."' ";

mysqli_query($db_conx, $sql);

}

function addreport($caseid, $symptoms){

global $db_conx;

$userid = string_sanitize($_SESSION['userid']);

if(!empty($symptoms)){

removecasereport($caseid);

$symptoms = explode (",", $symptoms); 

foreach ($symptoms as $symptom) {

$updatedatetime = date("Y-m-d H:i:s");

$sql = "INSERT INTO case_report (caseid, rpid, userid , createdate) VALUES ('".$caseid."', '".$symptom."', '".$userid."','".$updatedatetime."')";

$insertpatient = mysqli_query($db_conx, $sql);

}

}

}

function getcasereport($caseid){

global $db_conx;

$sql =  "SELECT * FROM `case_report` WHERE caseid = '".$caseid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function countcasereport($caseid){

global $db_conx;

$sql =  "SELECT COUNT(rpid) AS casesymptoms FROM `case_report` WHERE caseid = '".$caseid."' ";

$result = mysqli_query($db_conx, $sql);

$row = mysqli_fetch_assoc($result);

return $row['casesymptoms'];

}*/

function countpatientcasedetailsall($pid,$caseid){

global $db_conx;

$sql =  "SELECT COUNT(id) AS caseid FROM `case_t` WHERE pid = '".$pid."' AND id != '".$caseid."' AND status = 1 ";

$result = mysqli_query($db_conx, $sql);

$row = mysqli_fetch_assoc($result);

return $row['caseid'];

}

function getpatientcasedetailsall($pid,$caseid){

global $db_conx;

$sql="SELECT * FROM case_t WHERE pid = '".$pid."' AND id != '".$caseid."' AND status = 1 order by id DESC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getloginlogdata(){

global $db_conx; $cid = $_SESSION['cid'];

$sql="SELECT u.*, users.userid, users.username 

FROM users_login_log u 

INNER JOIN users ON u.userid = users.userid

WHERE u.cid = $cid

order by id DESC";


$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getactivitylogdata(){

global $db_conx; $cid = $_SESSION['cid'];

$sql="SELECT user_activity_log.*, users.userid, users.username 

FROM user_activity_log  

INNER JOIN users ON user_activity_log.userid = users.userid

WHERE user_activity_log.cid = $cid

order by id DESC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function showAll_medicinetimetable(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `medicine_time` WHERE display = '1' AND cid = '".$cid."' order by mid desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function get_timetablebyid($id){

global $db_conx;

$sql = "SELECT * FROM medicine_time WHERE mid = '".(int)$id."'";

$result = mysqli_query($db_conx, $sql);

return $row = mysqli_fetch_assoc($result);

}

function add_timetable($add_complain,$description,$priority,$status){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "INSERT INTO medicine_time (cid, shortname, description, priority, status, createdby, createddate) VALUES ('".$cid."', '".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."', '".$originalcasedate."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complainid = mysqli_insert_id($db_conx);

//$complaindetails = get_timetablebyid($complainid);

$pagename = "medicine_time.php";

$details = "ID:".$complainid.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status;

$activity = "Insert New medicine timetable. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function edit_timetable($edit_complain_id,$add_complain,$description,$priority,$status){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "UPDATE medicine_time SET shortname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."'  WHERE mid = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

//$complaindetails = get_timetablebyid($edit_complain_id);

$pagename = "medicine_time.php";

$details = "Id:".$edit_complain_id.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status;

$activity = "Updated timetable. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}


function database_backup(){

global $db_conx;

    $tables = array();

    $sql = "SHOW TABLES";

    $result = mysqli_query($db_conx, $sql);


    while ($row = mysqli_fetch_row($result)) {

        $tables[] = $row[0];

    }

    $sqlScript = "";

    foreach ($tables as $table) {

        // Prepare SQLscript for creating table structure

        $query = "SHOW CREATE TABLE $table";

        $result = mysqli_query($db_conx, $query);

        $row = mysqli_fetch_row($result);

        

        $sqlScript .= "\n\n" . $row[1] . ";\n\n";

        

        $query = "SELECT * FROM $table";

        $result = mysqli_query($db_conx, $query);

        

        $columnCount = mysqli_num_fields($result);

        

        // Prepare SQLscript for dumping data for each table

        for ($i = 0; $i < $columnCount; $i ++) {

            while ($row = mysqli_fetch_row($result)) {

                $sqlScript .= "INSERT INTO $table VALUES(";

                for ($j = 0; $j < $columnCount; $j ++) {

                    $row[$j] = $row[$j];

                    

                    if (isset($row[$j])) {

                        $sqlScript .= '"' . $row[$j] . '"';

                    } else {

                        $sqlScript .= '""';

                    }

                    if ($j < ($columnCount - 1)) {

                        $sqlScript .= ',';

                    }

                }

                $sqlScript .= ");\n";

            }

        }

        $sqlScript .= "\n"; 

    }


    if(!empty($sqlScript))

    {

        $datetime = date('d-m-Y').'-'.rand();

        $backup_file_name = 'G://Backup/logout-backup_clinic_' . $datetime . '.sql';

        //$backup_file_name = $storagepath . $datetime . '.sql';

        $fileHandler = fopen($backup_file_name, 'w+');

        $number_of_lines = fwrite($fileHandler, $sqlScript);

        fclose($fileHandler); 

    }

}

function gettimetablelist(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `medicine_time` WHERE display = '1' AND status = '1' AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getallitemsfront(){

global $db_conx;  $cid = $_SESSION['cid'];

$ret = array();

$sql =  "SELECT * FROM `medicine_time` WHERE display = '1' AND status = '1' AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

//$ret[] = $row;

echo '<option value="'.$row["mid"].'">'.$row["shortname"].'</option>';

}

//return $ret;

}

function getallprescriptionfront(){

global $db_conx;

$ret = array(); $cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_prescription` WHERE display = '1' AND status = '1'  AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

//$ret[] = $row;

$power = '';

        $company = '';

        if($row['power'] != ''){$power = ' - '.$row['power'];}

        if($row['company'] != ''){$company = ' - '.$row['company'];}

        $itemname = $row['shortname'].$power.$company;

echo '<option value="'.$row["ppid"].'">'.$itemname.'</option>';

}

}

function countcaseprescription($caseid){

global $db_conx;

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `case_prescription` WHERE caseid = '".$caseid."' AND display = '1' ";

$result = mysqli_query($db_conx, $sql);

return mysqli_num_rows($result);

//$row = mysqli_fetch_assoc($result);

//return $row['casesymptoms'];

}

function displaycaseprescription($caseid){

global $db_conx;

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `case_prescription` WHERE caseid = '".$caseid."' AND display = '1' ";

$select = mysqli_query($db_conx, $sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getprescriptionbyid($id){

global $db_conx;

$ret = array();

$sql =  "SELECT * FROM `patient_prescription` WHERE display = '1' AND ppid = '".$id."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}


function addClinicMaster($clinicname,$doctorName,$lname,$phone1,$phone2,$phone3,$emailid,$password1,$addStaff,$address,$degree)

{

global $db_conx;

$ip_address = $_SERVER['REMOTE_ADDR'];

$updatedatetime = date("Y-m-d H:i:s");

$todaysdate = date('Y-m-d');

$expiredate = date("Y-m-d", strtotime('+30 days'));

$planid = 1;

$encrypted = encryptedPassword($password1); 

$sql = "INSERT INTO clinic_master(clinicname, doctorname, doctorlastname, mobilenumber1, mobilenumber2, landline, emailid, password, staffqty, address, created_at, ipaddress, degree, planid, planstartdate, planenddate) VALUES ('".$clinicname."','".$doctorName."','".$lname."', '".$phone1."', '".$phone2."', '".$phone3."', '".$emailid."', '".$encrypted."', '".$addStaff."', '".$address."', '".$updatedatetime."', '".$ip_address."', '".$degree."', '".$planid."','".$todaysdate."', '".$expiredate."' )";

$query = mysqli_query($db_conx, $sql);

if($query == true){

//insert table data

$cid = mysqli_insert_id($db_conx);

    //create user for admin

    $post_id = 1; // set as admin role

    $adminUser = 1;

    $sqlUserInsert = "INSERT INTO `users` (cid, fname, lname, mobile1, mobile2, phone, post_id, username, password, createddate, adminUser) VALUES ('".$cid."', '".$doctorName."','".$lname."', '".$phone1."', '".$phone2."', '".$phone3."', '".$post_id."', '".$emailid."', '".$encrypted."', '".$updatedatetime."', '".$adminUser."')";

    $query = mysqli_query($db_conx, $sqlUserInsert);

    $userid = mysqli_insert_id($db_conx);

    //set all rights for admin

    for ($i=1; $i <= 5; $i++) { 

    $sql3 = "INSERT INTO `user_rights` (rid, userid, updatedby, updatedtime) VALUES ('".$i."', '".$userid."', '".$userid."', '".$updatedatetime."') ";

    $query = mysqli_query($db_conx, $sql3);

    }

    //end all rights for admin


    //create fee

    $sqlfee1 = "INSERT INTO casefee (cid, feename, fee, createdby, createddatetime) VALUES ('".$cid."','New','400','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlfee1);

    $sqlfee2 = "INSERT INTO casefee (cid, feename, fee, createdby, createddatetime) VALUES ('".$cid."','Old','200','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlfee2);

    //end fee


    //create  Patient Symptoms

    $sqlps1 = "INSERT INTO patient_symptoms (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Cephalalgia (Headache)', 'While this sounds serious, it’s actually just referring to a headache. This is a common condition that causes pain and discomfort in the head or neck, and most people have at least one a year.', '1', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlps1);

    $sqlps2 = "INSERT INTO patient_symptoms (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Fever', 'Common Symptoms.', '2', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlps2);

    $sqlps3 = "INSERT INTO patient_symptoms (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Cold', 'Common Symptoms.', '3', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlps3);

    $sqlps4 = "INSERT INTO patient_symptoms (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Cough', 'Common Symptoms.', '4'  '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlps4);

    $sqlps5 = "INSERT INTO patient_symptoms (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Itching', 'Common Symptoms.', '5', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlps5);

    $sqlps6 = "INSERT INTO patient_symptoms (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'BodyPain', 'Common Symptoms.', '6', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlps6);

    //end symptoms


    //create Diagnosis 

    $sqld1 = "INSERT INTO patient_diagnosis (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'HyperTension', 'While this sounds serious, it’s actually just referring to a headache. This is a common condition that causes pain and discomfort in the head or neck, and most people have at least one a year.', '1', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqld1);

    $sqld2 = "INSERT INTO patient_diagnosis (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Diabetes', 'Example common diagnosis', '2', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqld2);

    $sqld3 = "INSERT INTO patient_diagnosis (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Anemia', 'Example common diagnosis', '3', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqld3);

    $sqld4 = "INSERT INTO patient_diagnosis (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'UTI', 'Example common diagnosis', '4', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqld4);

    //end Diagnosis


    //create patient_prescription 

    $sqlpp1 = "INSERT INTO patient_prescription (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'PCM', 'Example common diagnosis', '1', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpp1);

    $sqlpp2 = "INSERT INTO patient_prescription (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Diclofenec', 'Example common diagnosis', '2', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpp2);

    $sqlpp3 = "INSERT INTO patient_prescription (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Amoxyclabe', 'Example common diagnosis', '3', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpp3);

    $sqlpp4 = "INSERT INTO patient_prescription (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Metrodinazole', 'Example common diagnosis', '4', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpp4);

    $sqlpp5 = "INSERT INTO patient_prescription (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'ORS', 'Example common diagnosis', '5', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpp5);

    //end Diagnosis


    //patient_report create

    $sqlpr1 = "INSERT INTO patient_report (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'CBC', 'Example common Report', '1', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpr1);

    $sqlpr2 = "INSERT INTO patient_report (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Urine', 'Example common Report', '2', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpr2);

    $sqlpr3 = "INSERT INTO patient_report (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'MP', 'Example common Report', '3', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpr3);

    $sqlpr4 = "INSERT INTO patient_report (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'Vidal', 'Example common Report', '4', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpr4);

    $sqlpr5 = "INSERT INTO patient_report (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."', 'HBA1C', 'Example common Report', '5', '".$userid."','".$updatedatetime."' )";

    $query = mysqli_query($db_conx, $sqlpr5);

    //end patient_report


    // medicine time table insert

    $sqlt1 = "INSERT INTO medicine_time (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."','0.5 morning','half in morning only','10','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlt1);

    $sqlt2 = "INSERT INTO medicine_time (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."','0.5 morning 0.5 noon','half in morning and noon time','9','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlt2);

    $sqlt3 = "INSERT INTO medicine_time (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."','0.5 morning    0.5 noon 0.5 night','half in morning and noon and night time','8','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlt3);

    $sqlt4 = "INSERT INTO medicine_time (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."','1 morning','One in morning only','7','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlt4);

    $sqlt5 = "INSERT INTO medicine_time (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."','1 morning','One in morning only','6','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlt5);

    $sqlt6 = "INSERT INTO medicine_time (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."','1 morning  1 noon','One in morning only','5','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlt6);

    $sqlt7 = "INSERT INTO medicine_time (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."','1 morning 1 noon 1 night','One in morning and noon and night time','4','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlt7);

    $sqlt8 = "INSERT INTO medicine_time (cid, shortname, description, priority, createdby, createddate) VALUES ('".$cid."','2 morning','Two in morning only','3','".$userid."','".$updatedatetime."')";

    $query = mysqli_query($db_conx, $sqlt8);

    //end medicine timtable

//end data


    // log

    // $activity ="New Clinic inserted. Clinic ID : $cid, UserId : $userid Clinic Name : $clinicname, Doctor = $doctorName $lname Emailid : $emailid Mobile: $phone1 staff:$addStaff address:$address degree:$degree. Set as admin and set all rights. ";

    // $pagename ="register.php";

    // activitylog($activity,$pagename);


    //send email to current user

    global $server_address;

    $email = $emailid;

    $subject = "Welcome to OPD management system";

    $html="";

    $html.="Hello ".$doctorName." ".$lname.",";

    $html.="<br>You are successfully registered your clinic ".$clinicname.".";

    $html.="<br>Your login username: ".$emailid;

    $html.="<br>Your login password: ".$password1;

    $html.="<br>You can login <a href='".$server_address."'> $server_address</a>";

    $html.="<br>You are set as ADMIN and all rights. Now you can add staff like doctor, nurse, receptionist, compunder and many more..";

    //send_email($email, $subject, $html);

return true;

} else{

return false;

}

}


function getAllUsersForClinic(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql = "SELECT * FROM users WHERE userid != '' AND display = '1' AND cid = '".$cid."' AND admin is NULL ORDER BY userid DESC";

$select = mysqli_query($db_conx, $sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getFeeList(){

global $db_conx; $cid = $_SESSION['cid'];

$ret = array();

$sql =  "SELECT * FROM `casefee` WHERE cid = '".$cid."' ";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function countUser(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql = "SELECT * FROM users WHERE userid != '' AND display = '1' AND cid = '".$cid."' AND admin is NULL ORDER BY userid DESC";

$select = mysqli_query($db_conx, $sql);

return mysqli_num_rows($select);

}

function showAll_complain(){

global $db_conx;

$cid = $_SESSION['cid'];

$ret = array();

$sql =  "SELECT * FROM `patient_symptoms` WHERE display = '1' AND cid = '".$cid."' order by cpid desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function passwordReset($emailid){

global $db_conx; global $server_address;

$extra = generateRandomString($length = 15);

$sql = "UPDATE users SET extra = '".$extra."' WHERE username = '".$emailid."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){ 

//set email send code

$table = 'users';

$where = " username = '".$emailid."'"; 

$userdata = get_specific_data($table, $where);

$emailid = $userdata['username'];

$fname = $userdata['fname'];

$lname = $userdata['lname'];

$extra = $userdata['extra'];

$cid = $userdata['cid'];

$_SESSION['cid'] = $cid;

$_SESSION['userid'] = $userdata['userid'];

$ip = $_SERVER['REMOTE_ADDR']; 

$table = 'clinic_master';

$where = " cid = '".$cid."'"; 

$clinicdata = get_specific_data($table, $where);

$clinicname = $clinicdata['clinicname'];

$clinicemail = $clinicdata['emailid'];

$html = '';

$subject = "Password Reset for user ".$fname." ".$lname." for ".$clinicname;

$link = $server_address."/resetPassword.php?resetpassword=".$extra;

$html.="Hello ".$fname." ".$lname.",<br>";

$html.="<p>Your password reset link is bellow.</p>";

$html.="<p><b><a href='".$link."'>Click Here</a></b> for reset password. It will open a new page and you can reset the password.</p>";

send_email($emailid, $subject, $html);

//echo $html;

//inform admin about this activity

$adminlog = "";

if($userdata['adminUser'] == '0'){

$subject_admin = $clinicname." : password reset for user:".$fname." ".$lname;

$html_admin = "<p>Hello Admin, Your user ".$fname." ".$lname." with username/emailid: ".$emailid." set password reset. you can also reset password with this <b><a href='".$link."'>LINK</a></b></p>. <br><p>Thank you</p>";

send_email($clinicemail, $subject_admin, $html_admin);

$adminlog = " THis USER is Not admin, Clinicname:$clinicname ";

}

// log

    $activity ="Password reset. emailid:$emailid  clinicemail:$clinicemail, FullName: $fname $lname  cid:$cid  Link:$link ".$adminlog." IP Address:".$ip;

    $pagename ="forget_password.php";

    activitylog($activity,$pagename);


}


}

function send_email($to, $subject, $html){

$header = "From:hello@chiragwebshotsing.com \r\n";

$header .= "Cc:hello@chiragwebshotsing.com \r\n";

$header .= "MIME-Version: 1.0\r\n";

$header .= "Content-type: text/html\r\n";


$retval = mail ($to,$subject,$html,$header);


if( $retval == true ) {

//echo "Message sent successfully...";

return true;

}else {

//echo "Message could not be sent...";

return false;

}

}

function showAll_dont(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_dont` WHERE display = '1' AND cid = '".$cid."' order by dnid desc";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function add_dont($add_complain,$description,$priority,$status){

global $db_conx;

$originalcasedate = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "INSERT INTO patient_dont (cid, shortname, description, priority, status, createdby) VALUES ('".$cid."', '".$add_complain."', '".$description."', '".(int)$priority."', '".(int)$status."', '".(int)$userid."')";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

$complainid = mysqli_insert_id($db_conx);

//$complaindetails = get_reportbyid($complainid);

$pagename = "donts.php";

$details = "id:".$complainid.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status;

$activity = "Insert DONT do list. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function edit_dont($edit_complain_id,$add_complain,$description,$priority,$status){

global $db_conx;

$updatedatetime = date("Y-m-d H:i:s");

$userid = $_SESSION['userid'];

$cid = $_SESSION['cid'];

$sql = "UPDATE patient_dont SET shortname = '".$add_complain."', description ='".$description."', priority = '".(int)$priority."', status = '".(int)$status."', updatedby = '".(int)$userid."', updateddate = '".$updatedatetime."' WHERE dnid = '".(int)$edit_complain_id."' ";

$insertpatient = mysqli_query($db_conx, $sql);

if ($insertpatient === TRUE){

//$complaindetails = get_reportbyid($edit_complain_id);

$pagename = "donts.php";

$details = "Id:".$edit_complain_id.", shortname:".$add_complain.", description:".$description.", priority:".$priority.", status:".$status;

$activity = "Updated patient dont do list. Details are : ".$details;

activitylog($activity,$pagename);

return 1;}

else{return false;}

}

function getalldont(){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `patient_dont` WHERE display = '1' AND cid = '".$cid."' order by priority ASC";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

function getSelectedDataList($tablename,$columnname,$search){

global $db_conx;

$ret = array();

$cid = $_SESSION['cid'];

$sql =  "SELECT * FROM `$tablename` WHERE $columnname IN ($search) AND cid = '".$cid."'";

$select = mysqli_query($db_conx,$sql);

while($row = mysqli_fetch_assoc($select)){

$ret[] = $row;

}

return $ret;

}

?>

No comments:

Post a Comment