File "action.php"
Full Path: /home/sasslijg/public_html/admin/action.php
File size: 25.7 KB
MIME-type: text/x-php
Charset: utf-8
<?php
session_start();
require_once("database.php");
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['login'])){
//getting values from form
$db = db::open();
$email=$db->real_escape_string($_POST['username']);
$password=$db->real_escape_string($_POST['password']);
//checking credentials in table
$query="SELECT * from user_login where email='$email' && password='$password' && status='0' ";
$rec=db::getRecord($query);
//checking if credentials are correct
if($rec!=NULL)
{
//assigning value
$role= $rec['role'];
//assigning value in session
$_SESSION['useremail']=$email;
$_SESSION['role']=$role;
echo "<script>location='dashboard.php?status=1'</script>";
}
else
{
echo "<script>location='index.php?status=1'</script>";
}
}
if(isset($_GET['logout'])){
// session_destroy();
// $value = $_GET['logout'];
// echo $value;
//remove value in session
unset ($_SESSION["useremail"]);
echo "<script>location='index.php'</script>";
}
if(isset($_POST['add_new_user'])){
//getting values from form
$db = db::open();
$email=$db->real_escape_string($_POST['email']);
$role=$db->real_escape_string($_POST['role']);
//checking if email exists
$query="SELECT * from user_login where email='$email'";
$email_rec=db::getRecord($query);
//it runs if email exists
if($email_rec!=NULL)
{
// echo "<script>alert('User Already Exists! Try with different email...');</script>";
echo "<script>location='users/users.php?status=1'</script>";
}
else
{
//assigning values
$password = 123;
$status = 0;
//assigning value in session
$created_by=$_SESSION['useremail'];
//getting current date and time
$date = time();
$current_date = date('Y-m-d H:i:s', $date);
//insert data into table
$query ="INSERT into user_login (email,role,password,status,created_on,created_by) VALUES ('$email','$role','$password','$status','$current_date','$created_by')";
$insert= db::query($query);
// echo "<script>alert('User Created...');</script>";
echo "<script>location='users/users.php?status=2'</script>";
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['edit_user_access'])){
//getting values from form
$db = db::open();
$id = $_POST['id'];
//checking if status is checked or =1
if(isset($_POST['status'])){
$status = $_POST['status'];
} else{
$status = 0;
}
//getting user email by session
$email=$_SESSION['useremail'];
//getting current date and time
$date = time();
$current_date = date('Y-m-d H:i:s', $date);
//update data into table
$query = "UPDATE user_login SET status='$status',modified_on='$current_date',modified_by='$email' where id='$id'";
$update = db::query($query);
//it runs if data is updated
if($update!=NULL)
{
// echo "<script>alert('Access Updated...');</script>";
echo "<script>location='users/users.php?status=3'</script>";
}
else
{
// echo "<script>alert('Access is not Updated...');</script>";
echo "<script>location='users/users.php?status=5'</script>";
}
}
if(isset($_POST['edit_user_profile'])){
//getting values from form
$db = db::open();
$id = $_POST['id'];
$user_name=$db->real_escape_string($_POST['user_name']);
$email=$db->real_escape_string($_POST['email']);
$f_name=$db->real_escape_string($_POST['f_name']);
$l_name=$db->real_escape_string($_POST['l_name']);
$phone=$db->real_escape_string($_POST['phone']);
$country=$db->real_escape_string($_POST['country']);
//getting current date and time
$date = time();
$current_date = date('Y-m-d H:i:s', $date);
$query="SELECT * from user_login where id='$id'";
$user_data=db::getRecord($query);
$user_data_id = $user_data['id'];
$query="SELECT * from user_login where id!='$user_data_id'";
$users=db::getRecords($query);
$count="";
if($users!=NULL)
{
foreach($users as $user)
{
$user_email = $user['email'];
if($user_email==$email)
{
$count=1;
echo "<script>location='users/user_edit_profile.php?status=3'</script>";
}
}
}
if($count!=1){
// checking if file is posted
if($_FILES['file']['name'] != NULL){
//getting file details from form
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder ="files/users/profiles/";
$new_size = $file_size/1024;
$new_file_name = strtolower($file);
$final_file=str_replace(' ','-',$new_file_name);
//checking if user exists
$query="SELECT * from user_login where id='$id'";
$user_data=db::getRecord($query);
//it runs if user exists
if($user_data!=NULL)
{
//this function move file to directory
//then code works if file is moved
if(move_uploaded_file($file_loc,$folder.$final_file))
{
//getting file name to delete
$del_image_query = "SELECT * from user_login where id='$id'";
$del_image_rec = db::getRecord($del_image_query);
//delete old file from directory
$data = $del_image_rec['image_name'];
$dir = "files/users/profiles/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
//close directory
closedir($dirHandle);
//update data in table include file
$query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',image_name='$final_file',image_type='$file_type',modified_on='$current_date',modified_by='$email' where id='$id'";
$update=db::query($query);
//assigning value in session
$_SESSION['useremail']=$email;
}
else
{
//update data in table exclude file
$query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',modified_on='$current_date',modified_by='$email' where id='$id'";
$update=db::query($query);
//assigning value in session
$_SESSION['useremail']=$email;
}
}
}
else
{
//update data in table exclude file
$query="UPDATE user_login SET user_name='$user_name',email='$email',f_name='$f_name',l_name='$l_name',phone='$phone',country='$country',modified_on='$current_date',modified_by='$email' where id='$id'";
$update=db::query($query);
//assigning value in session
$_SESSION['useremail']=$email;
}
}
//checking if table is updated
if($update!=NULL)
{
// echo "<script>alert('Details Updated...');</script>";
echo "<script>location='users/user_edit_profile.php?status=1'</script>";
}
else
{
// echo "<script>alert('Details are not Updated...');</script>";
echo "<script>location='users/user_edit_profile.php?status=2'</script>";
}
}
if(isset($_POST['edit_user_password'])){
//getting values from form
$db = db::open();
$old_password=$db->real_escape_string($_POST['old_password']);
$new_password=$db->real_escape_string($_POST['new_password']);
$confirm_password=$db->real_escape_string($_POST['confirm_password']);
//getting user email by session
$email=$_SESSION['useremail'];
//getting current date and time
$date = time();
$current_date = date('Y-m-d H:i:s', $date);
//checking if old password and email is correct
$query = "SELECT * from user_login where email='$email' AND password ='$old_password' ";
$old_password = db::getRecord($query);
//it works if credentials are correct
if($old_password != NULL){
//checking if new and confirm password are same
if($new_password == $confirm_password){
//it works if passwords are matched
//update data in table
$query = "UPDATE user_login SET password='$new_password',modified_on='$current_date',modified_by='$email' where email='$email' ";
$run = db::query($query);
echo "<script>alert('Updated Password...');</script>";
echo "<script>location='users/user_change_password.php?status=1'</script>";
}
else{
//it works when passwords are not matched
echo "<script>alert('Password are not matched...');</script>";
echo "<script>location='users/user_change_password.php?status=2'</script>";
}
}
else
{
//it works when old password is not correct
echo "<script>alert('Old Password is not correct...');</script>";
echo "<script>location='users/user_change_password.php?status=3'</script>";
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['add_new_rental'])){
$db = db::open();
$title=$_POST['c_name'];
$price=$_POST['price'];
$description=$_POST['description'];
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder ="rental/images/";
$new_size = $file_size/1024;
$new_file_name = strtolower($file);
$final_file=str_replace(' ','-',$new_file_name);
if(move_uploaded_file($file_loc,$folder.$final_file))
{
$query="INSERT into rental (c_name,price,description,image_name,image_type) VALUES ('$title','$price','$description','$final_file','$file_type')";
$insert=db::query($query);
echo "<script>location='rental/rental.php?status=1'</script>";
}
else
{
echo "<script>location='rental/rental.php?status=2'</script>";
}
}
if (isset($_POST['edit_rental'])) {
$db = db::open();
$id = $_POST['id'];
$name = $db->real_escape_string($_POST['name']);
$price = $db->real_escape_string($_POST['price']);
$description = $db->real_escape_string($_POST['description']);
if ($_FILES['file']['name'] != NULL) {
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder = "rental/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
$query = "SELECT * from rental where id='$id'";
$rec = db::getRecord($query);
$data = $rec['image_name'];
$dir = "rental/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
closedir($dirHandle);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$query = "UPDATE rental SET c_name='$name',price='$price',description='$description',image_name='$final_file',image_type='$file_type' where id='$id'";
$run = db::query($query);
echo "<script>location='rental/rental.php?status=1'</script>";
}
}
else
{
$query = "UPDATE rental SET c_name='$name',price='$price',description='$description' where id='$id'";
$run = db::query($query);
echo "<script>location='rental/rental.php?status=2'</script>";
}
}
if (isset($_POST['delete_rental'])) {
$delete_id = $_POST['delete_id'];
$query = "SELECT * from rental where id='$delete_id'";
$rec = db::getRecord($query);
$data = $rec['image_name'];
$dir = "rental/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
closedir($dirHandle);
$query = "DELETE from rental where id='$delete_id'";
$del = db::query($query);
echo "<script>location='rental/rental.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['add_new_product'])){
$db = db::open();
$title = $db->real_escape_string($_POST['name']);
$price = $db->real_escape_string($_POST['price']);
$description = $db->real_escape_string($_POST['description']);
$image_name = NULL;
$query = "INSERT into product(name,price,description) VALUES('$title','$price','$description')";
$insert = db::query($query);
if (!empty($_FILES['file'])) {
foreach ($_FILES['file']['name'] as $i => $name) {
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'][$i];
$file_loc = $_FILES['file']['tmp_name'][$i];
$file_size = $_FILES['file']['size'][$i];
$file_type = $_FILES['file']['type'][$i];
$folder = "product/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$image_name = $image_name . $final_file . ",";
$query = "SELECT MAX(id) from product";
$rec = db::getRecord($query);
$id = $rec['MAX(id)'];
$query = "INSERT into product_image(product_id,image_name,image_type) VALUES ('$id','$final_file','$file_type')";
$insert = db::query($query);
}
}
}
if($insert!=null){
echo "<script>location='product/product.php?status=1'</script>";
}
else{
echo "<script>location='product/product.php?status=2'</script>";
}
}
if(isset($_POST['edit_products'])){
$db = db::open();
$id = $db->real_escape_string($_POST['edit_id']);
$title = $db->real_escape_string($_POST['name']);
$price = $db->real_escape_string($_POST['price']);
$description = $db->real_escape_string($_POST['description']);
//update data in table exclude file
$query ="UPDATE product SET name='$title',description='$description',price='$price' where id='$id'";
$update = db::query($query);
if (!empty($_FILES['file']['name'][0])) {
$query = "SELECT * from product_image where product_id='$id' ";
$product_images = db::getRecords($query);
// print_r($product_images);
foreach($product_images as $product_image) {
$data = $product_image['image_name'];
$dir = "product/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
}
$query = "DELETE from product_image where product_id='$id' ";
$del = db::query($query);
// print_r($query);
$image_name = NULL;
foreach ($_FILES['file']['name'] as $i => $name) {
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'][$i];
$file_loc = $_FILES['file']['tmp_name'][$i];
$file_size = $_FILES['file']['size'][$i];
$file_type = $_FILES['file']['type'][$i];
$folder = "product/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$image_name = $image_name . $final_file . ",";
$query = "INSERT into product_image(product_id,image_name,image_type) VALUES ('$id','$final_file','$file_type')";
$insert = db::query($query);
}
}
echo "<script>location='product/product.php?status=1'</script>";
}
echo "<script>location='product/product.php?status=2'</script>";
}
if(isset($_POST['delete_products'])){
//geeting value from form
$id = $_POST['delete_id'];
$query = "SELECT * from product_image where product_id='$id' ";
$product_images = db::getRecords($query);
// print_r($product_images);
foreach($product_images as $product_image) {
$data = $product_image['image_name'];
$dir = "product/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
}
$query = "DELETE from product_image where product_id='$id' ";
$del = db::query($query);
// print_r($query);
closedir($dirHandle);
//deleteing row
$query = "DELETE from product where id='$id'";
$del = db::query($query);
//checking if row is deleted
if($del!=null){
echo "<script>location='product/product.php?status=1'</script>";
}
else{
echo "<script>location='product/product.php?status=2'</script>";
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_GET['delete_item'])){
$delete_id=$_GET['delete_item'];
$query="DELETE from temp_cart where id='$delete_id'";
$del=db::query($query);
echo "<script>location='../cart.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['order_paid'])){
$order_id = $_POST['paid_id'];
$query = "SELECT * from orders where order_id='$order_id' ";
$order = db::getRecord($query);
$query = "UPDATE orders SET payment_status='paid' where order_id='$order_id' ";
$run = db::query($query);
echo "<script>location='orders/pending_order.php?status=1'</script>";
}
if(isset($_POST['porder_delete'])){
$delete_id=$_POST['delete_id'];
$query="DELETE from orders where order_id='$delete_id'";
$del=db::query($query);
$query="DELETE from order_detail where order_id='$delete_id'";
$rec=db::query($query);
echo "<script>location='orders/pending_order.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['order_complete'])){
$order_id = $_POST['comp_id'];
// echo "$order_id";
$query = "SELECT * from orders where order_id='$order_id' ";
$order = db::getRecord($query);
$query = "UPDATE orders SET payment_status='complete' where order_id='$order_id' ";
$run = db::query($query);
echo "<script>location='orders/active_order.php?status=1'</script>";
}
if(isset($_POST['corder_delete'])){
$delete_id=$_POST['delete_id'];
$query="DELETE from orders where order_id='$delete_id'";
$del=db::query($query);
$query="DELETE from order_detail where order_id='$delete_id'";
$rec=db::query($query);
echo "<script>location='orders/active_order.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['order_delete'])){
$delete_id=$_POST['delete_id'];
$query="DELETE from orders where order_id='$delete_id'";
$del=db::query($query);
$query="DELETE from order_detail where order_id='$delete_id'";
$rec=db::query($query);
echo "<script>location='orders/complete_order.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if (isset($_POST['add_new_blog'])){
$db = db::open();
$name = $db->real_escape_string($_POST['title']);
$description = $db->real_escape_string($_POST['description']);
$date = $db->real_escape_string($_POST['date']);
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder = "blog/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$query = "INSERT into blog(title,description,date,image_name,image_type) VALUES('$name','$description','$date','$final_file','$file_type')";
$insert = db::query($query);
echo "<script>location='blog/blogs.php?status=1'</script>";
}
echo "<script>location='blog/blogs.php?status=2'</script>";
}
if (isset($_POST['edit_blog'])){
$id = $_POST['id'];
$db = db::open();
$name = $db->real_escape_string($_POST['title']);
$description = $db->real_escape_string($_POST['description']);
$date = $db->real_escape_string($_POST['date']);
if ($_FILES['file']['name'] != NULL) {
$file = rand(1000, 100000) . "-" . $_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder = "blog/images/";
$new_size = $file_size / 1024;
$new_file_name = strtolower($file);
$final_file = str_replace(' ', '-', $new_file_name);
$query = "SELECT * from blog where id='$id'";
$rec = db::getRecord($query);
$data = $rec['image_name'];
$dir = "blog/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
closedir($dirHandle);
if (move_uploaded_file($file_loc, $folder . $final_file)) {
$query = "UPDATE blog SET title='$name',description='$description',date='$date',image_name='$final_file',image_type='$file_type' where id='$id'";
$run = db::query($query);
echo "<script>location='blog/blogs.php?status=1'</script>";
}
}
else
{
$query = "UPDATE blog SET title='$name',date='$date',description='$description' where id='$id'";
$run = db::query($query);
echo "<script>location='blog/blogs.php?status=2'</script>";
}
}
if (isset($_POST['delete_blog'])){
$delete_id = $_POST['delete_id'];
$query = "SELECT * from blog where id='$delete_id'";
$rec = db::getRecord($query);
$data = $rec['image_name'];
$dir = "blog/images/";
$dirHandle = opendir($dir);
while ($file = readdir($dirHandle)) {
if ($file == $data) {
unlink($dir . '/' . $file);
}
}
closedir($dirHandle);
$query = "DELETE from blog where id='$delete_id'";
$del = db::query($query);
echo "<script>location='blog/blogs.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['booking_delete'])){
$delete_id=$_POST['delete_id'];
$query="DELETE from booking where id='$delete_id'";
$del=db::query($query);
echo "<script>location='booking.php?status=1'</script>";
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if(isset($_POST['booking'])){
$db = db::open();
$name = $db->real_escape_string($_POST['fname']);
$l_name = $db->real_escape_string($_POST['lname']);
$f_name=$name." ".$l_name;
$email = $db->real_escape_string($_POST['email']);
$address = $db->real_escape_string($_POST['address']);
$phone = $db->real_escape_string($_POST['phone']);
$order_note = $db->real_escape_string($_POST['note']);
$product_id = $db->real_escape_string($_POST['product_id']);
$query="INSERT into booking (name,email,address,phone,note,product_id) VALUES ('$f_name','$email','$address','$phone','$order_note','$product_id')";
$insert=db::query($query);
if($insert!=null){
echo "<script>location='../index.php?status=booked'</script>";
}else{
echo "<script>location='../index.php?status=error'</script>";
}
}
?>