Create New Item
Item Type
File
Folder
Item Name
Search file in folder and subfolders...
Are you sure want to rename?
squireless
/
admin
/
product
/
images
:
action.php
Advanced Search
Upload
New Item
Settings
Back
Back Up
Advanced Editor
Save
<?php session_start(); require_once("database.php"); //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['login'])){ //getting values from form $db = db::open(); $email=$db->real_escape_string($_POST['username']); $password=$db->real_escape_string($_POST['password']); //checking credentials in table $query="SELECT * from user_login where email='$email' && password='$password' && status='0' "; $rec=db::getRecord($query); //checking if credentials are correct if($rec!=NULL) { //assigning value $role= $rec['role']; //assigning value in session $_SESSION['useremail']=$email; $_SESSION['role']=$role; echo "<script>location='dashboard.php?status=1'</script>"; } else { echo "<script>location='index.php?status=1'</script>"; } } if(isset($_GET['logout'])){ // session_destroy(); // $value = $_GET['logout']; // echo $value; //remove value in session unset ($_SESSION["useremail"]); echo "<script>location='index.php'</script>"; } if(isset($_POST['add_new_user'])){ //getting values from form $db = db::open(); $email=$db->real_escape_string($_POST['email']); $role=$db->real_escape_string($_POST['role']); //checking if email exists $query="SELECT * from user_login where email='$email'"; $email_rec=db::getRecord($query); //it runs if email exists if($email_rec!=NULL) { // echo "<script>alert('User Already Exists! Try with different email...');</script>"; echo "<script>location='users/users.php?status=1'</script>"; } else { //assigning values $password = 123; $status = 0; //assigning value in session $created_by=$_SESSION['useremail']; //getting current date and time $date = time(); $current_date = date('Y-m-d H:i:s', $date); //insert data into table $query ="INSERT into user_login (email,role,password,status,created_on,created_by) VALUES ('$email','$role','$password','$status','$current_date','$created_by')"; $insert= db::query($query); // echo "<script>alert('User Created...');</script>"; echo "<script>location='users/users.php?status=2'</script>"; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['edit_user_access'])){ //getting values from form $db = db::open(); $id = $_POST['id']; //checking if status is checked or =1 if(isset($_POST['status'])){ $status = $_POST['status']; } else{ $status = 0; } //getting user email by session $email=$_SESSION['useremail']; //getting current date and time $date = time(); $current_date = date('Y-m-d H:i:s', $date); //update data into table $query = "UPDATE user_login SET status='$status',modified_on='$current_date',modified_by='$email' where id='$id'"; $update = db::query($query); //it runs if data is updated if($update!=NULL) { // echo "<script>alert('Access Updated...');</script>"; echo "<script>location='users/users.php?status=3'</script>"; } else { // echo "<script>alert('Access is not Updated...');</script>"; echo "<script>location='users/users.php?status=5'</script>"; } } if(isset($_POST['edit_user_profile'])){ //getting values from form $db = db::open(); $id = $_POST['id']; $user_name=$db->real_escape_string($_POST['user_name']); $email=$db->real_escape_string($_POST['email']); $f_name=$db->real_escape_string($_POST['f_name']); $l_name=$db->real_escape_string($_POST['l_name']); $phone=$db->real_escape_string($_POST['phone']); $country=$db->real_escape_string($_POST['country']); //getting current date and time $date = time(); $current_date = date('Y-m-d H:i:s', $date); $query="SELECT * from user_login where id='$id'"; $user_data=db::getRecord($query); $user_data_id = $user_data['id']; $query="SELECT * from user_login where id!='$user_data_id'"; $users=db::getRecords($query); $count=""; if($users!=NULL) { foreach($users as $user) { $user_email = $user['email']; if($user_email==$email) { $count=1; echo "<script>location='users/user_edit_profile.php?status=3'</script>"; } } } if($count!=1){ // checking if file is posted if($_FILES['file']['name'] != NULL){ //getting file details from form $file = rand(1000,100000)."-".$_FILES['file']['name']; $file_loc = $_FILES['file']['tmp_name']; $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $folder ="files/users/profiles/"; $new_size = $file_size/1024; $new_file_name = strtolower($file); $final_file=str_replace(' ','-',$new_file_name); //checking if user exists $query="SELECT * from user_login where id='$id'"; $user_data=db::getRecord($query); //it runs if user exists if($user_data!=NULL) { //this function move file to directory //then code works if file is moved if(move_uploaded_file($file_loc,$folder.$final_file)) { //getting file name to delete $del_image_query = "SELECT * from user_login where id='$id'"; $del_image_rec = db::getRecord($del_image_query); //delete old file from directory $data = $del_image_rec['image_name']; $dir = "files/users/profiles/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } //close directory closedir($dirHandle); //update data in table include file $query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',image_name='$final_file',image_type='$file_type',modified_on='$current_date',modified_by='$email' where id='$id'"; $update=db::query($query); //assigning value in session $_SESSION['useremail']=$email; } else { //update data in table exclude file $query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',modified_on='$current_date',modified_by='$email' where id='$id'"; $update=db::query($query); //assigning value in session $_SESSION['useremail']=$email; } } } else { //update data in table exclude file $query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',modified_on='$current_date',modified_by='$email' where id='$id'"; $update=db::query($query); //assigning value in session $_SESSION['useremail']=$email; } } //checking if table is updated if($update!=NULL) { // echo "<script>alert('Details Updated...');</script>"; echo "<script>location='users/user_edit_profile.php?status=1'</script>"; } else { // echo "<script>alert('Details are not Updated...');</script>"; echo "<script>location='users/user_edit_profile.php?status=2'</script>"; } } if(isset($_POST['edit_user_password'])){ //getting values from form $db = db::open(); $old_password=$db->real_escape_string($_POST['old_password']); $new_password=$db->real_escape_string($_POST['new_password']); $confirm_password=$db->real_escape_string($_POST['confirm_password']); //getting user email by session $email=$_SESSION['useremail']; //getting current date and time $date = time(); $current_date = date('Y-m-d H:i:s', $date); //checking if old password and email is correct $query = "SELECT * from user_login where email='$email' AND password ='$old_password' "; $old_password = db::getRecord($query); //it works if credentials are correct if($old_password != NULL){ //checking if new and confirm password are same if($new_password == $confirm_password){ //it works if passwords are matched //update data in table $query = "UPDATE user_login SET password='$new_password',modified_on='$current_date',modified_by='$email' where email='$email' "; $run = db::query($query); echo "<script>alert('Updated Password...');</script>"; echo "<script>location='users/user_change_password.php?status=1'</script>"; } else{ //it works when passwords are not matched echo "<script>alert('Password are not matched...');</script>"; echo "<script>location='users/user_change_password.php?status=2'</script>"; } } else { //it works when old password is not correct echo "<script>alert('Old Password is not correct...');</script>"; echo "<script>location='users/user_change_password.php?status=3'</script>"; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['add_new_product'])){ $db = db::open(); $title = $db->real_escape_string($_POST['name']); $benefit = $db->real_escape_string($_POST['benefit']); $description = $db->real_escape_string($_POST['description']); if (isset($_POST['status'])) { $featured = $_POST['status']; } else { $featured = 0; } if (!empty($_FILES['file1'])) { $file = rand(1000, 100000) . "-" . $_FILES['file1']['name']; $file_loc = $_FILES['file1']['tmp_name']; $file_size = $_FILES['file1']['size']; $file_type = $_FILES['file1']['type']; $folder = "product/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $query= "INSERT into product(name,description,featured,benefit,image_name,image_type) VALUES('$title','$description','$featured','$benefit','$final_file','$file_type')"; $insert= db::query($query); } } if (!empty($_FILES['file'])) { foreach ($_FILES['file']['name'] as $i => $name) { $file = rand(1000, 100000) . "-" . $_FILES['file']['name'][$i]; $file_loc = $_FILES['file']['tmp_name'][$i]; $file_size = $_FILES['file']['size'][$i]; $file_type = $_FILES['file']['type'][$i]; $folder = "product/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $query = "SELECT MAX(id) from product"; $rec = db::getRecord($query); $id = $rec['MAX(id)']; $query = "INSERT into product_image(product_id,image_name,image_type) VALUES ('$id','$final_file','$file_type')"; $insert = db::query($query); } } } if($insert!=null){ $query = "SELECT MAX(id) from product"; $rec = db::getRecord($query); $id = $rec['MAX(id)']; $details =""; $getprice=""; if (isset($_POST['details'])) { $details=$_POST['details']; $getprice=$_POST['sizeprice']; $titles=$_POST['title']; $getqunatity = $_POST['quantity']; } $size = sizeof($details); if($size) { foreach ($_FILES['files']['name'] as $i => $name) { $file = rand(1000, 100000) . "-" . $_FILES['files']['name'][$i]; $file_loc = $_FILES['files']['tmp_name'][$i]; $file_size = $_FILES['files']['size'][$i]; $file_type = $_FILES['files']['type'][$i]; $folder = "product/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $title=$titles[$i]; $detail=$details[$i]; $size_price=$getprice[$i]; $quntity=$getqunatity[$i]; // $query="INSERT into sizes (product_id,title,size,price,image_name,image_type)VALUES('$id','$title','$detail','$size_price','$final_file','$file_type')"; $query="INSERT into sizes (product_id,title,size,price,image_name,image_type,quantity)VALUES('$id','$title','$detail','$size_price','$final_file','$file_type','$quntity')"; $insert=db::query($query); } } } echo "<script>location='product/product.php?status=1'</script>"; } else{ echo "<script>location='product/product.php?status=2'</script>"; } } if(isset($_POST['edit_products'])){ $db = db::open(); $id = $db->real_escape_string($_POST['edit_id']); $title = $db->real_escape_string($_POST['name']); $benefit = $db->real_escape_string($_POST['benefit']); $description = $db->real_escape_string($_POST['description']); if (isset($_POST['status'])) { $featured = $_POST['status']; } else { $featured = 0; } //update data in table exclude file $query ="UPDATE product SET name='$title',description='$description',featured='$featured',benefit='$benefit' where id='$id'"; $update = db::query($query); if (!empty($_FILES['file1']['name'])) { $query = "SELECT * from product where id='$id'"; $product_image = db::getRecord($query); $data = $product_image['image_name']; $dir = "product/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } closedir($dirHandle); $file = rand(1000, 100000) . "-" . $_FILES['file1']['name']; $file_loc = $_FILES['file1']['tmp_name']; $file_size = $_FILES['file1']['size']; $file_type = $_FILES['file1']['type']; $folder = "product/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $query ="UPDATE product SET image_name='$final_file',image_type='$file_type' where id='$id'"; $update = db::query($query); } } if (!empty($_FILES['file']['name'][0])) { $query = "SELECT * from product_image where product_id='$id' "; $product_images = db::getRecords($query); // print_r($product_images); foreach($product_images as $product_image) { $data = $product_image['image_name']; $dir = "product/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } } $query = "DELETE from product_image where product_id='$id' "; $del = db::query($query); // print_r($query); $image_name = NULL; foreach ($_FILES['file']['name'] as $i => $name) { $file = rand(1000, 100000) . "-" . $_FILES['file']['name'][$i]; $file_loc = $_FILES['file']['tmp_name'][$i]; $file_size = $_FILES['file']['size'][$i]; $file_type = $_FILES['file']['type'][$i]; $folder = "product/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $image_name = $image_name . $final_file . ","; $query = "INSERT into product_image(product_id,image_name,image_type) VALUES ('$id','$final_file','$file_type')"; $insert = db::query($query); } } echo "<script>location='product/product.php?status=1'</script>"; } echo "<script>location='product/product.php?status=2'</script>"; } if(isset($_POST['delete_products'])){ //geeting value from form $id = $_POST['delete_id']; $query = "SELECT * from product_image where product_id='$id' "; $product_images = db::getRecords($query); // print_r($product_images); foreach($product_images as $product_image) { $data = $product_image['image_name']; $dir = "product/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } } $query = "DELETE from product_image where product_id='$id' "; $del = db::query($query); // print_r($query); closedir($dirHandle); $query = "SELECT * from product where id='$id'"; $product_image = db::getRecord($query); $data = $product_image['image_name']; $dir = "product/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } closedir($dirHandle); //deleteing row $query = "DELETE from product where id='$id'"; $del = db::query($query); //checking if row is deleted if($del!=null){ $query= "SELECT * from sizes where product_id='$id'"; $size_images= db::getRecords($query); if($size_images!=null){ foreach($size_images as $size_image) { $data = $size_image['image_name']; $dir = "product/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } } } $query = "DELETE from sizes where product_id='$id'"; $del = db::query($query); echo "<script>location='product/product.php?status=1'</script>"; } else{ echo "<script>location='product/product.php?status=2'</script>"; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_GET['delete_item'])){ $delete_id=$_GET['delete_item']; $query="DELETE from temp_cart where id='$delete_id'"; $del=db::query($query); echo "<script>location='../cart.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['order_paid'])){ $order_id = $_POST['paid_id']; $query = "UPDATE orders SET payment_status='paid' where order_id='$order_id' "; $run = db::query($query); echo "<script>location='orders/pending_order.php?status=1'</script>"; } if(isset($_POST['porder_delete'])){ $delete_id=$_POST['delete_id']; $query="DELETE from orders where order_id='$delete_id'"; $del=db::query($query); $query="DELETE from order_detail where order_id='$delete_id'"; $rec=db::query($query); echo "<script>location='orders/pending_order.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['order_complete'])){ $order_id = $_POST['comp_id']; $query = "UPDATE orders SET payment_status='complete' where order_id='$order_id' "; $run = db::query($query); //update Quantity of inventory $getProductList = "SELECT * from order_detail where order_id='$order_id' "; $productDetails= db::getRecords($getProductList); foreach($productDetails as $key => $product) { $product_id = $product['product_id']; $product_qty = $product['quantity']; $size = $product['size']; $getSizeDetail = "SELECT * from sizes where product_id='$product_id' AND size='$size' "; $runSizeDetail = db::getRecords($getSizeDetail); if(count($runSizeDetail) > 0) { $sizeId = $runSizeDetail[0]['id']; $totalQty = $runSizeDetail[0]['quantity'] - $product_qty; $updateSize = "UPDATE sizes SET quantity='$totalQty' where id='$sizeId'"; $update = db::query($updateSize); } } echo "<script>location='orders/active_order.php?status=1'</script>"; } if(isset($_POST['corder_delete'])){ $delete_id=$_POST['delete_id']; $query="DELETE from orders where order_id='$delete_id'"; $del=db::query($query); $query="DELETE from order_detail where order_id='$delete_id'"; $rec=db::query($query); echo "<script>location='orders/active_order.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['order_delete'])){ $delete_id=$_POST['delete_id']; $query="DELETE from orders where order_id='$delete_id'"; $del=db::query($query); $query="DELETE from order_detail where order_id='$delete_id'"; $rec=db::query($query); echo "<script>location='orders/complete_order.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['user_signup'])){ $db = db::open(); $name = $db->real_escape_string($_POST['name']); $b_name = $db->real_escape_string($_POST['b_name']); $email = $db->real_escape_string($_POST['email']); $phone = $db->real_escape_string($_POST['phone']); $zip = $db->real_escape_string($_POST['zip']); $address = $db->real_escape_string($_POST['address']); $message = $db->real_escape_string($_POST['message']); if ($_FILES['file']['name'] != NULL) { $file = rand(1000, 100000) . "-" . $_FILES['file']['name']; $file_loc = $_FILES['file']['tmp_name']; $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $folder = "files/users/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $query= "INSERT into web_user (name,b_name,phone,email,zip,address,message,status,image_name,image_type) VALUES('$name','$b_name','$phone','$email','$zip','$address','$message','0','$final_file','$file_type')"; $insert= db::query($query); if($insert!=null){ echo "<script>location='../index.php?status=1'</script>"; }else{ echo "<script>location='../index.php?status=2'</script>"; } } } echo "<script>location='../index.php?status=3'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['edit_customer_access'])){ $db = db::open(); $id = $_POST['id']; if (isset($_POST['status'])) { $status = $_POST['status']; } else { $status = 0; } $query = "UPDATE web_user SET status='$status' where id='$id'"; $update = db::query($query); if($update!=null){ echo "<script>location='users.php?status=1'</script>"; } else{ echo "<script>location='users.php?status=2'</script>"; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['target_amount'])){ $id = $_POST['id']; $amount = $_POST['amount']; $query = "UPDATE amount SET price='$amount' where id='$id'"; $update = db::query($query); if($update!=null){ echo "<script>location='amount.php?status=1'</script>"; }else{ echo "<script>location='amount.php?status=2'</script>"; } } if(isset($_POST['update_quantity'])) { $id = $_POST['id']; $quantity = $_POST['quantity']; $query = "UPDATE sizes SET quantity='$quantity' where id='$id'"; $update = db::query($query); if($update!=null){ echo "<script>location='product/inventory.php'</script>"; }else{ echo "<script>location='product/inventory.php'</script>"; } } if(isset($_POST['add_partner'])) { $db = db::open(); $name = $db->real_escape_string($_POST['name']); $b_name = $db->real_escape_string($_POST['b_name']); $email = $db->real_escape_string($_POST['email']); $phone = $db->real_escape_string($_POST['phone']); $zip = $db->real_escape_string($_POST['zip']); $address = $db->real_escape_string($_POST['address']); if ($_FILES['file']['name'] != NULL) { $file = rand(1000, 100000) . "-" . $_FILES['file']['name']; $file_loc = $_FILES['file']['tmp_name']; $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $folder = "files/users/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $new_file_name = str_replace("'", '', $new_file_name); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $query= "INSERT into web_user (name,b_name,phone,email,zip,address,message,status,image_name,image_type) VALUES('$name','$b_name','$phone','$email','$zip','$address','','0','$final_file','$file_type')"; $insert= db::query($query); if($insert!=null){ echo "<script>location='../admin/users.php'</script>"; }else{ echo "<script>location='../admin/users.php'</script>"; } } } echo "<script>location='../admin/users.php'</script>"; } if(isset($_GET['id'])) { $delete_id = $_GET['id']; $query="DELETE from web_user where id='$delete_id'"; $del=db::query($query); echo "<script>location='../admin/users.php'</script>"; } ?>