revealability

Back Back Up Normal Editor

<?php session_start(); require_once("database.php"); //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['login'])){ //getting values from form $db = db::open(); $email=$db->real_escape_string($_POST['username']); $password=$db->real_escape_string($_POST['password']); //checking credentials in table $query="SELECT * from user_login where email='$email' && password='$password' && status='0' "; $rec=db::getRecord($query); //checking if credentials are correct if($rec!=NULL) { //assigning value $role= $rec['role']; //assigning value in session $_SESSION['useremail']=$email; $_SESSION['role']=$role; echo "<script>location='dashboard.php?status=1'</script>"; } else { echo "<script>location='index.php?status=1'</script>"; } } if(isset($_GET['logout'])){ // session_destroy(); // $value = $_GET['logout']; // echo $value; //remove value in session unset ($_SESSION["useremail"]); echo "<script>location='index.php'</script>"; } if(isset($_POST['add_new_user'])){ //getting values from form $db = db::open(); $email=$db->real_escape_string($_POST['email']); $role=$db->real_escape_string($_POST['role']); //checking if email exists $query="SELECT * from user_login where email='$email'"; $email_rec=db::getRecord($query); //it runs if email exists if($email_rec!=NULL) { // echo "<script>alert('User Already Exists! Try with different email...');</script>"; echo "<script>location='users/users.php?status=1'</script>"; } else { //assigning values $password = 123; $status = 0; //assigning value in session $created_by=$_SESSION['useremail']; //getting current date and time $date = time(); $current_date = date('Y-m-d H:i:s', $date); //insert data into table $query ="INSERT into user_login (email,role,password,status,created_on,created_by) VALUES ('$email','$role','$password','$status','$current_date','$created_by')"; $insert= db::query($query); // echo "<script>alert('User Created...');</script>"; echo "<script>location='users/users.php?status=2'</script>"; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['edit_user_access'])){ //getting values from form $db = db::open(); $id = $_POST['id']; //checking if status is checked or =1 if(isset($_POST['status'])){ $status = $_POST['status']; } else{ $status = 0; } //getting user email by session $email=$_SESSION['useremail']; //getting current date and time $date = time(); $current_date = date('Y-m-d H:i:s', $date); //update data into table $query = "UPDATE user_login SET status='$status',modified_on='$current_date',modified_by='$email' where id='$id'"; $update = db::query($query); //it runs if data is updated if($update!=NULL) { // echo "<script>alert('Access Updated...');</script>"; echo "<script>location='users/users.php?status=3'</script>"; } else { // echo "<script>alert('Access is not Updated...');</script>"; echo "<script>location='users/users.php?status=5'</script>"; } } if(isset($_POST['edit_user_profile'])){ //getting values from form $db = db::open(); $id = $_POST['id']; $user_name=$db->real_escape_string($_POST['user_name']); $email=$db->real_escape_string($_POST['email']); $f_name=$db->real_escape_string($_POST['f_name']); $l_name=$db->real_escape_string($_POST['l_name']); $phone=$db->real_escape_string($_POST['phone']); $country=$db->real_escape_string($_POST['country']); //getting current date and time $date = time(); $current_date = date('Y-m-d H:i:s', $date); $query="SELECT * from user_login where id='$id'"; $user_data=db::getRecord($query); $user_data_id = $user_data['id']; $query="SELECT * from user_login where id!='$user_data_id'"; $users=db::getRecords($query); $count=""; if($users!=NULL) { foreach($users as $user) { $user_email = $user['email']; if($user_email==$email) { $count=1; echo "<script>location='users/user_edit_profile.php?status=3'</script>"; } } } if($count!=1){ // checking if file is posted if($_FILES['file']['name'] != NULL){ //getting file details from form $file = rand(1000,100000)."-".$_FILES['file']['name']; $file_loc = $_FILES['file']['tmp_name']; $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $folder ="files/users/profiles/"; $new_size = $file_size/1024; $new_file_name = strtolower($file); $final_file=str_replace(' ','-',$new_file_name); //checking if user exists $query="SELECT * from user_login where id='$id'"; $user_data=db::getRecord($query); //it runs if user exists if($user_data!=NULL) { //this function move file to directory //then code works if file is moved if(move_uploaded_file($file_loc,$folder.$final_file)) { //getting file name to delete $del_image_query = "SELECT * from user_login where id='$id'"; $del_image_rec = db::getRecord($del_image_query); //delete old file from directory $data = $del_image_rec['image_name']; $dir = "files/users/profiles/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } //close directory closedir($dirHandle); //update data in table include file $query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',image_name='$final_file',image_type='$file_type',modified_on='$current_date',modified_by='$email' where id='$id'"; $update=db::query($query); //assigning value in session $_SESSION['useremail']=$email; } else { //update data in table exclude file $query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',modified_on='$current_date',modified_by='$email' where id='$id'"; $update=db::query($query); //assigning value in session $_SESSION['useremail']=$email; } } } else { //update data in table exclude file $query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',modified_on='$current_date',modified_by='$email' where id='$id'"; $update=db::query($query); //assigning value in session $_SESSION['useremail']=$email; } } //checking if table is updated if($update!=NULL) { // echo "<script>alert('Details Updated...');</script>"; echo "<script>location='users/user_edit_profile.php?status=1'</script>"; } else { // echo "<script>alert('Details are not Updated...');</script>"; echo "<script>location='users/user_edit_profile.php?status=2'</script>"; } } if(isset($_POST['edit_user_password'])){ //getting values from form $db = db::open(); $old_password=$db->real_escape_string($_POST['old_password']); $new_password=$db->real_escape_string($_POST['new_password']); $confirm_password=$db->real_escape_string($_POST['confirm_password']); //getting user email by session $email=$_SESSION['useremail']; //getting current date and time $date = time(); $current_date = date('Y-m-d H:i:s', $date); //checking if old password and email is correct $query = "SELECT * from user_login where email='$email' AND password ='$old_password' "; $old_password = db::getRecord($query); //it works if credentials are correct if($old_password != NULL){ //checking if new and confirm password are same if($new_password == $confirm_password){ //it works if passwords are matched //update data in table $query = "UPDATE user_login SET password='$new_password',modified_on='$current_date',modified_by='$email' where email='$email' "; $run = db::query($query); echo "<script>alert('Updated Password...');</script>"; echo "<script>location='users/user_change_password.php?status=1'</script>"; } else{ //it works when passwords are not matched echo "<script>alert('Password are not matched...');</script>"; echo "<script>location='users/user_change_password.php?status=2'</script>"; } } else { //it works when old password is not correct echo "<script>alert('Old Password is not correct...');</script>"; echo "<script>location='users/user_change_password.php?status=3'</script>"; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['add_new_rental'])){ $db = db::open(); $title=$_POST['c_name']; $price=$_POST['price']; $description=$_POST['description']; $file = rand(1000,100000)."-".$_FILES['file']['name']; $file_loc = $_FILES['file']['tmp_name']; $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $folder ="rental/images/"; $new_size = $file_size/1024; $new_file_name = strtolower($file); $final_file=str_replace(' ','-',$new_file_name); if(move_uploaded_file($file_loc,$folder.$final_file)) { $query="INSERT into rental (c_name,price,description,image_name,image_type) VALUES ('$title','$price','$description','$final_file','$file_type')"; $insert=db::query($query); echo "<script>location='rental/rental.php?status=1'</script>"; } else { echo "<script>location='rental/rental.php?status=2'</script>"; } } if (isset($_POST['edit_rental'])) { $db = db::open(); $id = $_POST['id']; $name = $db->real_escape_string($_POST['name']); $price = $db->real_escape_string($_POST['price']); $description = $db->real_escape_string($_POST['description']); if ($_FILES['file']['name'] != NULL) { $file = rand(1000, 100000) . "-" . $_FILES['file']['name']; $file_loc = $_FILES['file']['tmp_name']; $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $folder = "rental/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); $query = "SELECT * from rental where id='$id'"; $rec = db::getRecord($query); $data = $rec['image_name']; $dir = "rental/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } closedir($dirHandle); if (move_uploaded_file($file_loc, $folder . $final_file)) { $query = "UPDATE rental SET c_name='$name',price='$price',description='$description',image_name='$final_file',image_type='$file_type' where id='$id'"; $run = db::query($query); echo "<script>location='rental/rental.php?status=1'</script>"; } } else { $query = "UPDATE rental SET c_name='$name',price='$price',description='$description' where id='$id'"; $run = db::query($query); echo "<script>location='rental/rental.php?status=2'</script>"; } } if (isset($_POST['delete_rental'])) { $delete_id = $_POST['delete_id']; $query = "SELECT * from rental where id='$delete_id'"; $rec = db::getRecord($query); $data = $rec['image_name']; $dir = "rental/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } closedir($dirHandle); $query = "DELETE from rental where id='$delete_id'"; $del = db::query($query); echo "<script>location='rental/rental.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['add_new_product'])){ $db = db::open(); $title = $db->real_escape_string($_POST['name']); $price = $db->real_escape_string($_POST['price']); $description = $db->real_escape_string($_POST['description']); $image_name = NULL; $query = "INSERT into product(name,price,description) VALUES('$title','$price','$description')"; $insert = db::query($query); if (!empty($_FILES['file'])) { foreach ($_FILES['file']['name'] as $i => $name) { $file = rand(1000, 100000) . "-" . $_FILES['file']['name'][$i]; $file_loc = $_FILES['file']['tmp_name'][$i]; $file_size = $_FILES['file']['size'][$i]; $file_type = $_FILES['file']['type'][$i]; $folder = "product/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $image_name = $image_name . $final_file . ","; $query = "SELECT MAX(id) from product"; $rec = db::getRecord($query); $id = $rec['MAX(id)']; $query = "INSERT into product_image(product_id,image_name,image_type) VALUES ('$id','$final_file','$file_type')"; $insert = db::query($query); } } } if($insert!=null){ echo "<script>location='product/product.php?status=1'</script>"; } else{ echo "<script>location='product/product.php?status=2'</script>"; } } if(isset($_POST['edit_products'])){ $db = db::open(); $id = $db->real_escape_string($_POST['edit_id']); $title = $db->real_escape_string($_POST['name']); $price = $db->real_escape_string($_POST['price']); $description = $db->real_escape_string($_POST['description']); //update data in table exclude file $query ="UPDATE product SET name='$title',description='$description',price='$price' where id='$id'"; $update = db::query($query); if (!empty($_FILES['file']['name'][0])) { $query = "SELECT * from product_image where product_id='$id' "; $product_images = db::getRecords($query); // print_r($product_images); foreach($product_images as $product_image) { $data = $product_image['image_name']; $dir = "product/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } } $query = "DELETE from product_image where product_id='$id' "; $del = db::query($query); // print_r($query); $image_name = NULL; foreach ($_FILES['file']['name'] as $i => $name) { $file = rand(1000, 100000) . "-" . $_FILES['file']['name'][$i]; $file_loc = $_FILES['file']['tmp_name'][$i]; $file_size = $_FILES['file']['size'][$i]; $file_type = $_FILES['file']['type'][$i]; $folder = "product/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $image_name = $image_name . $final_file . ","; $query = "INSERT into product_image(product_id,image_name,image_type) VALUES ('$id','$final_file','$file_type')"; $insert = db::query($query); } } echo "<script>location='product/product.php?status=1'</script>"; } echo "<script>location='product/product.php?status=2'</script>"; } if(isset($_POST['delete_products'])){ //geeting value from form $id = $_POST['delete_id']; $query = "SELECT * from product_image where product_id='$id' "; $product_images = db::getRecords($query); // print_r($product_images); foreach($product_images as $product_image) { $data = $product_image['image_name']; $dir = "product/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } } $query = "DELETE from product_image where product_id='$id' "; $del = db::query($query); // print_r($query); closedir($dirHandle); //deleteing row $query = "DELETE from product where id='$id'"; $del = db::query($query); //checking if row is deleted if($del!=null){ echo "<script>location='product/product.php?status=1'</script>"; } else{ echo "<script>location='product/product.php?status=2'</script>"; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_GET['delete_item'])){ $delete_id=$_GET['delete_item']; $query="DELETE from temp_cart where id='$delete_id'"; $del=db::query($query); echo "<script>location='../cart.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['order_paid'])){ $order_id = $_POST['paid_id']; $query = "SELECT * from orders where order_id='$order_id' "; $order = db::getRecord($query); $query = "UPDATE orders SET payment_status='paid' where order_id='$order_id' "; $run = db::query($query); echo "<script>location='orders/pending_order.php?status=1'</script>"; } if(isset($_POST['porder_delete'])){ $delete_id=$_POST['delete_id']; $query="DELETE from orders where order_id='$delete_id'"; $del=db::query($query); $query="DELETE from order_detail where order_id='$delete_id'"; $rec=db::query($query); echo "<script>location='orders/pending_order.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['order_complete'])){ $order_id = $_POST['comp_id']; // echo "$order_id"; $query = "SELECT * from orders where order_id='$order_id' "; $order = db::getRecord($query); $query = "UPDATE orders SET payment_status='complete' where order_id='$order_id' "; $run = db::query($query); echo "<script>location='orders/active_order.php?status=1'</script>"; } if(isset($_POST['corder_delete'])){ $delete_id=$_POST['delete_id']; $query="DELETE from orders where order_id='$delete_id'"; $del=db::query($query); $query="DELETE from order_detail where order_id='$delete_id'"; $rec=db::query($query); echo "<script>location='orders/active_order.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['order_delete'])){ $delete_id=$_POST['delete_id']; $query="DELETE from orders where order_id='$delete_id'"; $del=db::query($query); $query="DELETE from order_detail where order_id='$delete_id'"; $rec=db::query($query); echo "<script>location='orders/complete_order.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if (isset($_POST['add_new_blog'])){ $db = db::open(); $name = $db->real_escape_string($_POST['title']); $description = $db->real_escape_string($_POST['description']); $date = $db->real_escape_string($_POST['date']); $file = rand(1000, 100000) . "-" . $_FILES['file']['name']; $file_loc = $_FILES['file']['tmp_name']; $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $folder = "blog/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); if (move_uploaded_file($file_loc, $folder . $final_file)) { $query = "INSERT into blog(title,description,date,image_name,image_type) VALUES('$name','$description','$date','$final_file','$file_type')"; $insert = db::query($query); echo "<script>location='blog/blogs.php?status=1'</script>"; } echo "<script>location='blog/blogs.php?status=2'</script>"; } if (isset($_POST['edit_blog'])){ $id = $_POST['id']; $db = db::open(); $name = $db->real_escape_string($_POST['title']); $description = $db->real_escape_string($_POST['description']); $date = $db->real_escape_string($_POST['date']); if ($_FILES['file']['name'] != NULL) { $file = rand(1000, 100000) . "-" . $_FILES['file']['name']; $file_loc = $_FILES['file']['tmp_name']; $file_size = $_FILES['file']['size']; $file_type = $_FILES['file']['type']; $folder = "blog/images/"; $new_size = $file_size / 1024; $new_file_name = strtolower($file); $final_file = str_replace(' ', '-', $new_file_name); $query = "SELECT * from blog where id='$id'"; $rec = db::getRecord($query); $data = $rec['image_name']; $dir = "blog/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } closedir($dirHandle); if (move_uploaded_file($file_loc, $folder . $final_file)) { $query = "UPDATE blog SET title='$name',description='$description',date='$date',image_name='$final_file',image_type='$file_type' where id='$id'"; $run = db::query($query); echo "<script>location='blog/blogs.php?status=1'</script>"; } } else { $query = "UPDATE blog SET title='$name',date='$date',description='$description' where id='$id'"; $run = db::query($query); echo "<script>location='blog/blogs.php?status=2'</script>"; } } if (isset($_POST['delete_blog'])){ $delete_id = $_POST['delete_id']; $query = "SELECT * from blog where id='$delete_id'"; $rec = db::getRecord($query); $data = $rec['image_name']; $dir = "blog/images/"; $dirHandle = opendir($dir); while ($file = readdir($dirHandle)) { if ($file == $data) { unlink($dir . '/' . $file); } } closedir($dirHandle); $query = "DELETE from blog where id='$delete_id'"; $del = db::query($query); echo "<script>location='blog/blogs.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['booking_delete'])){ $delete_id=$_POST['delete_id']; $query="DELETE from booking where id='$delete_id'"; $del=db::query($query); echo "<script>location='booking.php?status=1'</script>"; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// if(isset($_POST['booking'])){ $db = db::open(); $name = $db->real_escape_string($_POST['fname']); $l_name = $db->real_escape_string($_POST['lname']); $f_name=$name." ".$l_name; $email = $db->real_escape_string($_POST['email']); $address = $db->real_escape_string($_POST['address']); $phone = $db->real_escape_string($_POST['phone']); $order_note = $db->real_escape_string($_POST['note']); $product_id = $db->real_escape_string($_POST['product_id']); $query="INSERT into booking (name,email,address,phone,note,product_id) VALUES ('$f_name','$email','$address','$phone','$order_note','$product_id')"; $insert=db::query($query); if($insert!=null){ echo "<script>location='../index.php?status=booked'</script>"; }else{ echo "<script>location='../index.php?status=error'</script>"; } } ?>