File "action.php"
Full Path: /home/magicrsz/public_html/assets/admin/action.php
File size: 27.57 KB
MIME-type: text/x-php
Charset: utf-8
<?php
session_start();
require_once("database.php");
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['login'])){
//getting values from form
$db = db::open();
$email=$db->real_escape_string($_POST['username']);
$password=$db->real_escape_string($_POST['password']);
//checking credentials in table
$query="SELECT * from user_login where email='$email' && password='$password' && status='0' ";
$rec=db::getRecord($query);
//checking if credentials are correct
if($rec!=NULL)
{
//assigning value
$role= $rec['role'];
//assigning value in session
$_SESSION['useremail']=$email;
$_SESSION['role']=$role;
echo "<script>location='dashboard.php?status=1'</script>";
}
else
{
echo "<script>location='index.php?status=1'</script>";
}
}
if(isset($_GET['logout'])){
// session_destroy();
// $value = $_GET['logout'];
// echo $value;
//remove value in session
unset ($_SESSION["useremail"]);
echo "<script>location='index.php'</script>";
}
if(isset($_POST['add_new_user'])){
//getting values from form
$db = db::open();
$email=$db->real_escape_string($_POST['email']);
$role=$db->real_escape_string($_POST['role']);
//checking if email exists
$query="SELECT * from user_login where email='$email'";
$email_rec=db::getRecord($query);
//it runs if email exists
if($email_rec!=NULL)
{
// echo "<script>alert('User Already Exists! Try with different email...');</script>";
echo "<script>location='users/users.php?status=1'</script>";
}
else
{
//assigning values
$password = 123;
$status = 0;
//assigning value in session
$created_by=$_SESSION['useremail'];
//getting current date and time
$date = time();
$current_date = date('Y-m-d H:i:s', $date);
//insert data into table
$query ="INSERT into user_login (email,role,password,status,created_on,created_by) VALUES ('$email','$role','$password','$status','$current_date','$created_by')";
$insert= db::query($query);
// echo "<script>alert('User Created...');</script>";
echo "<script>location='users/users.php?status=2'</script>";
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['edit_user_access'])){
//getting values from form
$db = db::open();
$id = $_POST['id'];
//checking if status is checked or =1
if(isset($_POST['status'])){
$status = $_POST['status'];
} else{
$status = 0;
}
//getting user email by session
$email=$_SESSION['useremail'];
//getting current date and time
$date = time();
$current_date = date('Y-m-d H:i:s', $date);
//update data into table
$query = "UPDATE user_login SET status='$status',modified_on='$current_date',modified_by='$email' where id='$id'";
$update = db::query($query);
//it runs if data is updated
if($update!=NULL)
{
// echo "<script>alert('Access Updated...');</script>";
echo "<script>location='users/users.php?status=3'</script>";
}
else
{
// echo "<script>alert('Access is not Updated...');</script>";
echo "<script>location='users/users.php?status=5'</script>";
}
}
if(isset($_POST['edit_user_profile'])){
//getting values from form
$db = db::open();
$id = $_POST['id'];
$user_name=$db->real_escape_string($_POST['user_name']);
$email=$db->real_escape_string($_POST['email']);
$f_name=$db->real_escape_string($_POST['f_name']);
$l_name=$db->real_escape_string($_POST['l_name']);
$phone=$db->real_escape_string($_POST['phone']);
$country=$db->real_escape_string($_POST['country']);
//getting current date and time
$date = time();
$current_date = date('Y-m-d H:i:s', $date);
$query="SELECT * from user_login where id='$id'";
$user_data=db::getRecord($query);
$user_data_id = $user_data['id'];
$query="SELECT * from user_login where id!='$user_data_id'";
$users=db::getRecords($query);
$count="";
if($users!=NULL)
{
foreach($users as $user)
{
$user_email = $user['email'];
if($user_email==$email)
{
$count=1;
echo "<script>location='users/user_edit_profile.php?status=3'</script>";
}
}
}
if($count!=1){
// checking if file is posted
if($_FILES['file']['name'] != NULL){
//getting file details from form
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder ="files/users/profiles/";
$new_size = $file_size/1024;
$new_file_name = strtolower($file);
$final_file=str_replace(' ','-',$new_file_name);
//checking if user exists
$query="SELECT * from user_login where id='$id'";
$user_data=db::getRecord($query);
//it runs if user exists
if($user_data!=NULL)
{
//this function move file to directory
//then code works if file is moved
if(move_uploaded_file($file_loc,$folder.$final_file))
{
//getting file name to delete
$del_image_query = "SELECT * from user_login where id='$id'";
$del_image_rec = db::getRecord($del_image_query);
//delete old file from directory
$data = $del_image_rec['image_name'];
$dir = "files/users/profiles/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
//close directory
closedir($dirHandle);
//update data in table include file
$query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',image_name='$final_file',image_type='$file_type',modified_on='$current_date',modified_by='$email' where id='$id'";
$update=db::query($query);
//assigning value in session
$_SESSION['useremail']=$email;
}
else
{
//update data in table exclude file
$query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',modified_on='$current_date',modified_by='$email' where id='$id'";
$update=db::query($query);
//assigning value in session
$_SESSION['useremail']=$email;
}
}
}
else
{
//update data in table exclude file
$query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',modified_on='$current_date',modified_by='$email' where id='$id'";
$update=db::query($query);
//assigning value in session
$_SESSION['useremail']=$email;
}
}
//checking if table is updated
if($update!=NULL)
{
// echo "<script>alert('Details Updated...');</script>";
echo "<script>location='users/user_edit_profile.php?status=1'</script>";
}
else
{
// echo "<script>alert('Details are not Updated...');</script>";
echo "<script>location='users/user_edit_profile.php?status=2'</script>";
}
}
if(isset($_POST['edit_user_password'])){
//getting values from form
$db = db::open();
$old_password=$db->real_escape_string($_POST['old_password']);
$new_password=$db->real_escape_string($_POST['new_password']);
$confirm_password=$db->real_escape_string($_POST['confirm_password']);
//getting user email by session
$email=$_SESSION['useremail'];
//getting current date and time
$date = time();
$current_date = date('Y-m-d H:i:s', $date);
//checking if old password and email is correct
$query = "SELECT * from user_login where email='$email' AND password ='$old_password' ";
$old_password = db::getRecord($query);
//it works if credentials are correct
if($old_password != NULL){
//checking if new and confirm password are same
if($new_password == $confirm_password){
//it works if passwords are matched
//update data in table
$query = "UPDATE user_login SET password='$new_password',modified_on='$current_date',modified_by='$email' where email='$email' ";
$run = db::query($query);
echo "<script>alert('Updated Password...');</script>";
echo "<script>location='users/user_change_password.php?status=1'</script>";
}
else{
//it works when passwords are not matched
echo "<script>alert('Password are not matched...');</script>";
echo "<script>location='users/user_change_password.php?status=2'</script>";
}
}
else
{
//it works when old password is not correct
echo "<script>alert('Old Password is not correct...');</script>";
echo "<script>location='users/user_change_password.php?status=3'</script>";
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['add_new_product'])){
$db = db::open();
$title = $db->real_escape_string($_POST['name']);
$benefit = $db->real_escape_string($_POST['benefit']);
$description = $db->real_escape_string($_POST['description']);
if (isset($_POST['status'])) {
$featured = $_POST['status'];
} else {
$featured = 0;
}
if (!empty($_FILES['file1'])) {
$file = rand(1000, 100000) . "-" . $_FILES['file1']['name'];
$file_loc = $_FILES['file1']['tmp_name'];
$file_size = $_FILES['file1']['size'];
$file_type = $_FILES['file1']['type'];
$folder = "product/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$query= "INSERT into product(name,description,featured,benefit,image_name,image_type) VALUES('$title','$description','$featured','$benefit','$final_file','$file_type')";
$insert= db::query($query);
}
}
if (!empty($_FILES['file'])) {
foreach ($_FILES['file']['name'] as $i => $name) {
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'][$i];
$file_loc = $_FILES['file']['tmp_name'][$i];
$file_size = $_FILES['file']['size'][$i];
$file_type = $_FILES['file']['type'][$i];
$folder = "product/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$query = "SELECT MAX(id) from product";
$rec = db::getRecord($query);
$id = $rec['MAX(id)'];
$query = "INSERT into product_image(product_id,image_name,image_type) VALUES ('$id','$final_file','$file_type')";
$insert = db::query($query);
}
}
}
if($insert!=null){
$query = "SELECT MAX(id) from product";
$rec = db::getRecord($query);
$id = $rec['MAX(id)'];
$details ="";
$getprice="";
if (isset($_POST['details'])) {
$details=$_POST['details'];
$getprice=$_POST['sizeprice'];
$titles=$_POST['title'];
$getqunatity = $_POST['quantity'];
}
$size = sizeof($details);
if($size)
{
foreach ($_FILES['files']['name'] as $i => $name) {
$file = rand(1000, 100000) . "-" . $_FILES['files']['name'][$i];
$file_loc = $_FILES['files']['tmp_name'][$i];
$file_size = $_FILES['files']['size'][$i];
$file_type = $_FILES['files']['type'][$i];
$folder = "product/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$title=$titles[$i];
$detail=$details[$i];
$size_price=$getprice[$i];
$quntity=$getqunatity[$i];
// $query="INSERT into sizes (product_id,title,size,price,image_name,image_type)VALUES('$id','$title','$detail','$size_price','$final_file','$file_type')";
$query="INSERT into sizes (product_id,title,size,price,image_name,image_type,quantity)VALUES('$id','$title','$detail','$size_price','$final_file','$file_type','$quntity')";
$insert=db::query($query);
}
}
}
echo "<script>location='product/product.php?status=1'</script>";
}
else{
echo "<script>location='product/product.php?status=2'</script>";
}
}
if(isset($_POST['edit_products'])){
$db = db::open();
$id = $db->real_escape_string($_POST['edit_id']);
$title = $db->real_escape_string($_POST['name']);
$benefit = $db->real_escape_string($_POST['benefit']);
$description = $db->real_escape_string($_POST['description']);
if (isset($_POST['status'])) {
$featured = $_POST['status'];
} else {
$featured = 0;
}
//update data in table exclude file
$query ="UPDATE product SET name='$title',description='$description',featured='$featured',benefit='$benefit' where id='$id'";
$update = db::query($query);
if (!empty($_FILES['file1']['name'])) {
$query = "SELECT * from product where id='$id'";
$product_image = db::getRecord($query);
$data = $product_image['image_name'];
$dir = "product/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
closedir($dirHandle);
$file = rand(1000, 100000) . "-" . $_FILES['file1']['name'];
$file_loc = $_FILES['file1']['tmp_name'];
$file_size = $_FILES['file1']['size'];
$file_type = $_FILES['file1']['type'];
$folder = "product/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$query ="UPDATE product SET image_name='$final_file',image_type='$file_type' where id='$id'";
$update = db::query($query);
}
}
if (!empty($_FILES['file']['name'][0])) {
$query = "SELECT * from product_image where product_id='$id' ";
$product_images = db::getRecords($query);
// print_r($product_images);
foreach($product_images as $product_image) {
$data = $product_image['image_name'];
$dir = "product/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
}
$query = "DELETE from product_image where product_id='$id' ";
$del = db::query($query);
// print_r($query);
$image_name = NULL;
foreach ($_FILES['file']['name'] as $i => $name) {
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'][$i];
$file_loc = $_FILES['file']['tmp_name'][$i];
$file_size = $_FILES['file']['size'][$i];
$file_type = $_FILES['file']['type'][$i];
$folder = "product/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$image_name = $image_name . $final_file . ",";
$query = "INSERT into product_image(product_id,image_name,image_type) VALUES ('$id','$final_file','$file_type')";
$insert = db::query($query);
}
}
echo "<script>location='product/product.php?status=1'</script>";
}
echo "<script>location='product/product.php?status=2'</script>";
}
if(isset($_POST['delete_products'])){
//geeting value from form
$id = $_POST['delete_id'];
$query = "SELECT * from product_image where product_id='$id' ";
$product_images = db::getRecords($query);
// print_r($product_images);
foreach($product_images as $product_image) {
$data = $product_image['image_name'];
$dir = "product/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
}
$query = "DELETE from product_image where product_id='$id' ";
$del = db::query($query);
// print_r($query);
closedir($dirHandle);
$query = "SELECT * from product where id='$id'";
$product_image = db::getRecord($query);
$data = $product_image['image_name'];
$dir = "product/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
closedir($dirHandle);
//deleteing row
$query = "DELETE from product where id='$id'";
$del = db::query($query);
//checking if row is deleted
if($del!=null){
$query= "SELECT * from sizes where product_id='$id'";
$size_images= db::getRecords($query);
if($size_images!=null){
foreach($size_images as $size_image) {
$data = $size_image['image_name'];
$dir = "product/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
}
}
$query = "DELETE from sizes where product_id='$id'";
$del = db::query($query);
echo "<script>location='product/product.php?status=1'</script>";
}
else{
echo "<script>location='product/product.php?status=2'</script>";
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_GET['delete_item'])){
$delete_id=$_GET['delete_item'];
$query="DELETE from temp_cart where id='$delete_id'";
$del=db::query($query);
echo "<script>location='../cart.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['order_paid'])){
$order_id = $_POST['paid_id'];
$query = "UPDATE orders SET payment_status='paid' where order_id='$order_id' ";
$run = db::query($query);
echo "<script>location='orders/pending_order.php?status=1'</script>";
}
if(isset($_POST['porder_delete'])){
$delete_id=$_POST['delete_id'];
$query="DELETE from orders where order_id='$delete_id'";
$del=db::query($query);
$query="DELETE from order_detail where order_id='$delete_id'";
$rec=db::query($query);
echo "<script>location='orders/pending_order.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['order_complete'])){
$order_id = $_POST['comp_id'];
$query = "UPDATE orders SET payment_status='complete' where order_id='$order_id' ";
$run = db::query($query);
//update Quantity of inventory
$getProductList = "SELECT * from order_detail where order_id='$order_id' ";
$productDetails= db::getRecords($getProductList);
foreach($productDetails as $key => $product) {
$product_id = $product['product_id'];
$product_qty = $product['quantity'];
$size = $product['size'];
$getSizeDetail = "SELECT * from sizes where product_id='$product_id' AND size='$size' ";
$runSizeDetail = db::getRecords($getSizeDetail);
if(count($runSizeDetail) > 0) {
$sizeId = $runSizeDetail[0]['id'];
$totalQty = $runSizeDetail[0]['quantity'] - $product_qty;
$updateSize = "UPDATE sizes SET quantity='$totalQty' where id='$sizeId'";
$update = db::query($updateSize);
}
}
echo "<script>location='orders/active_order.php?status=1'</script>";
}
if(isset($_POST['corder_delete'])){
$delete_id=$_POST['delete_id'];
$query="DELETE from orders where order_id='$delete_id'";
$del=db::query($query);
$query="DELETE from order_detail where order_id='$delete_id'";
$rec=db::query($query);
echo "<script>location='orders/active_order.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['order_delete'])){
$delete_id=$_POST['delete_id'];
$query="DELETE from orders where order_id='$delete_id'";
$del=db::query($query);
$query="DELETE from order_detail where order_id='$delete_id'";
$rec=db::query($query);
echo "<script>location='orders/complete_order.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['user_signup'])){
$db = db::open();
$name = $db->real_escape_string($_POST['name']);
$b_name = $db->real_escape_string($_POST['b_name']);
$email = $db->real_escape_string($_POST['email']);
$phone = $db->real_escape_string($_POST['phone']);
$zip = $db->real_escape_string($_POST['zip']);
$address = $db->real_escape_string($_POST['address']);
$message = $db->real_escape_string($_POST['message']);
if ($_FILES['file']['name'] != NULL) {
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder = "files/users/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$query= "INSERT into web_user (name,b_name,phone,email,zip,address,message,status,image_name,image_type) VALUES('$name','$b_name','$phone','$email','$zip','$address','$message','0','$final_file','$file_type')";
$insert= db::query($query);
if($insert!=null){
echo "<script>location='../index.php?status=1'</script>";
}else{
echo "<script>location='../index.php?status=2'</script>";
}
}
}
echo "<script>location='../index.php?status=3'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['edit_customer_access'])){
$db = db::open();
$id = $_POST['id'];
if (isset($_POST['status'])) {
$status = $_POST['status'];
} else {
$status = 0;
}
$query = "UPDATE web_user SET status='$status' where id='$id'";
$update = db::query($query);
if($update!=null){
echo "<script>location='users.php?status=1'</script>";
}
else{
echo "<script>location='users.php?status=2'</script>";
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['target_amount'])){
$id = $_POST['id'];
$amount = $_POST['amount'];
$query = "UPDATE amount SET price='$amount' where id='$id'";
$update = db::query($query);
if($update!=null){
echo "<script>location='amount.php?status=1'</script>";
}else{
echo "<script>location='amount.php?status=2'</script>";
}
}
if(isset($_POST['update_quantity'])) {
$id = $_POST['id'];
$quantity = $_POST['quantity'];
$query = "UPDATE sizes SET quantity='$quantity' where id='$id'";
$update = db::query($query);
if($update!=null){
echo "<script>location='product/inventory.php'</script>";
}else{
echo "<script>location='product/inventory.php'</script>";
}
}
if(isset($_POST['add_partner'])) {
$db = db::open();
$name = $db->real_escape_string($_POST['name']);
$b_name = $db->real_escape_string($_POST['b_name']);
$email = $db->real_escape_string($_POST['email']);
$phone = $db->real_escape_string($_POST['phone']);
$zip = $db->real_escape_string($_POST['zip']);
$address = $db->real_escape_string($_POST['address']);
if ($_FILES['file']['name'] != NULL) {
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder = "files/users/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$new_file_name = str_replace("'", '', $new_file_name);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$query= "INSERT into web_user (name,b_name,phone,email,zip,address,message,status,image_name,image_type) VALUES('$name','$b_name','$phone','$email','$zip','$address','','0','$final_file','$file_type')";
$insert= db::query($query);
if($insert!=null){
echo "<script>location='../admin/users.php'</script>";
}else{
echo "<script>location='../admin/users.php'</script>";
}
}
}
echo "<script>location='../admin/users.php'</script>";
}
if(isset($_GET['id'])) {
$delete_id = $_GET['id'];
$query="DELETE from web_user where id='$delete_id'";
$del=db::query($query);
echo "<script>location='../admin/users.php'</script>";
}
?>