72 lines
3.4 KiB
Python
72 lines
3.4 KiB
Python
import sys
|
|
|
|
with open('includes/actions.php', 'r', encoding='utf-8') as f:
|
|
content = f.read()
|
|
|
|
# First remove the previously injected block
|
|
if "} elseif ($_POST['action'] === 'import_patients') {" in content:
|
|
import re
|
|
# We will use string manipulation to remove the whole block.
|
|
# It starts with "} elseif ($_POST['action'] === 'import_patients') {"
|
|
# and ends right before "} elseif ($_POST['action'] === 'import_drugs_groups') {"
|
|
start_idx = content.find("} elseif ($_POST['action'] === 'import_patients') {")
|
|
end_idx = content.find("} elseif ($_POST['action'] === 'import_drugs_groups') {", start_idx + 1)
|
|
if start_idx != -1 and end_idx != -1:
|
|
content = content[:start_idx] + content[end_idx:]
|
|
|
|
inject_code = """ } elseif ($_POST['action'] === 'import_patients') {
|
|
if (isset($_FILES['file'])) {
|
|
try {
|
|
$rows = parse_import_file($_FILES['file']);
|
|
if ($rows) {
|
|
$db->beginTransaction();
|
|
$stmt = $db->prepare("INSERT INTO patients (name, dob, nationality, phone, city) VALUES (?, ?, ?, ?, ?)");
|
|
|
|
foreach ($rows as $row) {
|
|
$name = trim($row[0] ?? '');
|
|
if (empty($name)) continue;
|
|
|
|
$dob = trim($row[1] ?? '');
|
|
if (!empty($dob)) {
|
|
$parsed_date = strtotime(str_replace('/', '-', $dob));
|
|
if ($parsed_date) {
|
|
$dob = date('Y-m-d', $parsed_date);
|
|
} else {
|
|
$dob = null;
|
|
}
|
|
} else {
|
|
$dob = null;
|
|
}
|
|
|
|
$nationality = trim($row[2] ?? '');
|
|
$phone = trim($row[3] ?? '');
|
|
$city = trim($row[4] ?? '');
|
|
|
|
$stmt->execute([$name, $dob, $nationality, $phone, $city]);
|
|
}
|
|
|
|
$db->commit();
|
|
$_SESSION['flash_message'] = __('patients').' '.__('imported_successfully') ?? 'Import successful';
|
|
} else {
|
|
$_SESSION['flash_message'] = $_SESSION['import_error'] ?? 'Failed to parse file or empty.'; unset($_SESSION['import_error']);
|
|
}
|
|
} catch (Exception $e) {
|
|
if ($db->inTransaction()) {
|
|
$db->rollBack();
|
|
}
|
|
$_SESSION['flash_message'] = "Error importing data: " . $e->getMessage();
|
|
}
|
|
} else {
|
|
$_SESSION['flash_message'] = "No file selected.";
|
|
}
|
|
header('Location: ../patients.php');
|
|
exit;
|
|
"""
|
|
|
|
if "} elseif ($_POST['action'] === 'import_drugs_groups') {" in content:
|
|
content = content.replace("} elseif ($_POST['action'] === 'import_drugs_groups') {", inject_code + "} elseif ($_POST['action'] === 'import_drugs_groups') {")
|
|
with open('includes/actions.php', 'w', encoding='utf-8') as f:
|
|
f.write(content)
|
|
print("Injected successfully")
|
|
else:
|
|
print("Could not find the hook in actions.php") |