ok

Mini Shell

Direktori : /home2/selectio/www/thecomponents.in/admin/public/
Upload File :
Current File : /home2/selectio/www/thecomponents.in/admin/public/db-operation.php

<?php
session_start();
include('../includes/crud.php');
$db = new Database();
$db->connect();
$db->sql("SET NAMES 'utf8'");
$auth_username = $db->escapeString($_SESSION["user"]);

include_once('../includes/custom-functions.php');
$fn = new custom_functions;
include_once('../includes/functions.php');
$function = new functions;
$permissions = $fn->get_permissions($_SESSION['id']);
$config = $fn->get_configurations();
$time_slot_config = $fn->time_slot_config();
$time_zone = $fn->set_timezone($config);
if (!$time_zone) {
    $response['error'] = true;
    $response['message'] = "Time Zone is not set.";
    print_r(json_encode($response));
    return false;
    exit();
}
function checkadmin($auth_username)
{
    $db = new Database();
    $db->connect();
    $db->sql("SELECT `username` FROM `admin` WHERE `username`='$auth_username' LIMIT 1");
    $res = $db->getResult();
    if (!empty($res)) {
        return true;
    } else {
        return false;
    }
}

if (ALLOW_MODIFICATION == 0 && !defined(ALLOW_MODIFICATION)) {
    echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
    return false;
}

if (isset($_POST['change_category'])) {
    if ($permissions['subcategories']['read'] == 1) {
        if ($_POST['category_id'] == '') {
            $sql = "SELECT * FROM subcategory";
        } else {
            $category_id = $db->escapeString($fn->xss_clean($_POST['category_id']));
            $sql = "SELECT * FROM subcategory WHERE category_id=" . $category_id;
        }
    } else {
        echo "<option value=''>--Select Subcategory--</option>";
        return false;
    }

    $db->sql($sql);
    $res = $db->getResult();
    if (!empty($res)) {
        foreach ($res as $row) {
            echo "<option value=" . $row['id'] . ">" . $row['name'] . "</option>";
        }
    } else {
        echo "<option value=''>--No Sub Category is added--</option>";
    }
}

if (isset($_POST['category'])) {
    if ($permissions['subcategories']['read'] == 1) {
        if ($_POST['category_id'] == '') {
            $sql = "SELECT * FROM subcategory";
        } else {
            $category_id = $db->escapeString($fn->xss_clean($_POST['category_id']));
            $sql = "SELECT * FROM subcategory WHERE category_id=" . $category_id;
        }

        $db->sql($sql);
        $res = $db->getResult();
        if (!empty($res)) {
            echo "<option value=''>All</option>";
            foreach ($res as $row) {
                echo "<option value=" . $row['id'] . ">" . $row['name'] . "</option>";
            }
        } else {
            echo "<option value=''>--No Sub Category is added--</option>";
        }
    } else {
        echo "<option value=''>All</option>";
    }
}

if (isset($_POST['find_subcategory'])) {
    $category_id = $db->escapeString($fn->xss_clean($_POST['category_id']));
    $sql = "SELECT * FROM subcategory WHERE category_id=" . $category_id;
    $db->sql($sql);
    $res = $db->getResult();
    if (!empty($res)) {
        foreach ($res as $row) {
            echo "<option value=" . $row['id'] . ">" . $row['name'] . "</option>";
        }
    } else {
        echo "<option value=''>--No Sub Category is added--</option>";
    }
}

if (isset($_POST['delete_variant'])) {
    $id = $db->escapeString($fn->xss_clean($_POST['id']));

    $sql = "SELECT images FROM product_variant WHERE id =" . $id;
    $db->sql($sql);
    $res = $db->getResult();

    foreach ($res as $row)
        $other_images = $row['images']; /*get other images json array*/

    $variant_images = str_replace("'", '"', $other_images);
    $other_images = json_decode($variant_images); /*decode from json to array*/
    foreach ($other_images as $other_image) {
        unlink('../' . $other_image);
    }

    $sql = "DELETE FROM product_variant WHERE id=" . $id;
    $db->sql($sql);
}

if (isset($_POST['delete_variant_images']) && $_POST['delete_variant_images'] == 1) {
    $vid = $db->escapeString($fn->xss_clean($_POST['vid']));
    $i = $db->escapeString($fn->xss_clean($_POST['i']));

    $res = $fn->delete_variant_images($vid, $i);
    print_r($res);
}

if (isset($_POST['system_configurations'])) {
    if ($permissions['settings']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update settings</label>';
        return false;
    }
    $date = $db->escapeString(date('Y-m-d'));
    $currency = (empty($_POST['currency'])) ? '₹' : $db->escapeString($fn->xss_clean($_POST['currency']));
    $sql = "UPDATE `settings` SET `value`='" . $currency . "' WHERE `variable`='currency'";
    $db->sql($sql);
    $message = "<div class='alert alert-success'> Settings updated successfully!</div>";
    $_POST['system_timezone_gmt'] = (trim($_POST['system_timezone_gmt']) == '00:00') ? "+" . trim($db->escapeString($fn->xss_clean($_POST['system_timezone_gmt']))) : $db->escapeString($fn->xss_clean($_POST['system_timezone_gmt']));

    if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['current_version'])))) {
        $_POST['current_version'] = 0;
    }
    if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['minimum_version_required'])))) {
        $_POST['minimum_version_required'] = 0;
    }
    if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['delivery_charge'])))) {
        $_POST['delivery_charge'] = 0;
    }
    if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['min-refer-earn-order-amount'])))) {
        $_POST['min-refer-earn-order-amount'] = 0;
    }
    if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['min_amount'])))) {
        $_POST['min_amount'] = 0;
    }
    if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['max-refer-earn-amount'])))) {
        $_POST['max-refer-earn-amount'] = 0;
    }
    if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['minimum-withdrawal-amount'])))) {
        $_POST['minimum-withdrawal-amount'] = 0;
    }
    if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['refer-earn-bonus'])))) {
        $_POST['refer-earn-bonus'] = 0;
    }

    $_POST['store_address'] = (!empty($_POST['store_address'])) ? preg_replace("/[\r\n]{2,}/", "<br>", $_POST['store_address']) : "";

    $settings_value = json_encode($fn->xss_clean_array($_POST));

    $sql = "UPDATE settings SET value='" . $settings_value . "' WHERE variable='system_timezone'";
    $db->sql($sql);
    $res = $db->getResult();
    $sql_logo = "select value from `settings` where variable='Logo' OR variable='logo'";
    $db->sql($sql_logo);
    $res_logo = $db->getResult();
    $file_name = $_FILES['logo']['name'];

    if (!empty($_FILES["logo"]["tmp_name"]) && $_FILES["logo"]["size"] > 0) {
        $tmp = explode('.', $file_name);
        $ext = end($tmp);

        $result = $fn->validate_image($_FILES["logo"]);
        if ($result) {
            echo " <span class='label label-danger'>Logo Image type must jpg, jpeg, gif, or png!</span>";
            return false;
        } else {
            $old_image = '../dist/img/' . $res_logo[0]['value'];
            if (file_exists($old_image)) {
                unlink($old_image);
            }

            $target_path = '../dist/img/';
            $filename = "logo." . strtolower($ext);
            $full_path = $target_path . '' . $filename;
            if (!move_uploaded_file($_FILES["logo"]["tmp_name"], $full_path)) {
                $message = "Image could not be uploaded<br/>";
            } else {
                //Update Logo - id = 5
                $sql = "UPDATE `settings` SET `value`='" . $filename . "' WHERE `variable` = 'logo'";
                $db->sql($sql);
            }
        }
    }
    echo "<p class='alert alert-success'>Settings Saved!</p>";
}

if (isset($_POST['payment_method_settings'])) {
    if (ALLOW_MODIFICATION == 0 && !defined(ALLOW_MODIFICATION)) {
        echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
        return false;
    }
    if ($permissions['settings']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update settings</label>';
        return false;
    }
    $data = $fn->get_settings('payment_methods', true);
    if (empty($data)) {
        $json_data = json_encode($fn->xss_clean_array($_POST));
        $sql = "INSERT INTO `settings`(`variable`, `value`) VALUES ('payment_methods','$json_data')";
        $db->sql($sql);
        echo "<div class='alert alert-success'> Settings created successfully!</div>";
    } else {
        $json_data = json_encode($fn->xss_clean_array($_POST));
        $sql = "UPDATE `settings` SET `value`='$json_data' WHERE `variable`='payment_methods'";
        $db->sql($sql);
        echo "<div class='alert alert-success'> Settings updated successfully!</div>";
    }
}

if (isset($_POST['time_slot_config']) && $_POST['time_slot_config'] == 1) {
    if ($permissions['settings']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update settings</label>';
        return false;
    }
    $_POST['allowed_days'] = empty($_POST['allowed_days']) ? 1 : $db->escapeString($fn->xss_clean($_POST['allowed_days']));
    if (!$time_slot_config) {
        $settings_value = json_encode($fn->xss_clean_array($_POST));
        $sql = "INSERT INTO settings (`variable`,`value`) VALUES ('time_slot_config','" . $settings_value . "')";
    } else {
        $settings_value = json_encode($fn->xss_clean_array($_POST));
        $sql = "UPDATE settings SET value='" . $settings_value . "' WHERE variable='time_slot_config'";
    }
    if ($db->sql($sql)) {
        echo "<p class='alert alert-success'>Saved Successfully!</p>";
    } else {
        echo "<p class='alert alert-danger'>Something went wrong please try again!</p>";
    }
}
if (isset($_POST['add_category_settings']) && $_POST['add_category_settings'] == 1) {
    if ($permissions['settings']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update settings</label>';
        return false;
    }
    $sql = "select variable from settings where variable='categories_settings' ";
    $db->sql($sql);
    $res = $db->getResult();
    if (empty($res)) {
        $settings_value = json_encode($fn->xss_clean_array($_POST));
        $sql = "INSERT INTO settings (`variable`,`value`) VALUES ('categories_settings','" . $settings_value . "')";
    } else {
        $settings_value = json_encode($fn->xss_clean_array($_POST));
        $sql = "UPDATE settings SET value='" . $settings_value . "' WHERE variable='categories_settings'";
    }
    if ($db->sql($sql)) {
        echo "<p class='alert alert-success'>Saved Successfully!</p>";
    } else {
        echo "<p class='alert alert-danger'>Something went wrong please try again!</p>";
    }
}

if (isset($_POST['add_dr_gold']) && $_POST['add_dr_gold'] == 1) {
    if ($permissions['settings']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update settings</label>';
        return false;
    }
    $sql = "select * from settings where variable = 'doctor_brown'";
    $db->sql($sql);
    $res = $db->getResult();
    // print_r($res);
    if (empty($res)) {
        $settings_value = json_encode($fn->xss_clean_array($_POST));
        $sql = "INSERT INTO settings (`variable`,`value`) VALUES ('doctor_brown','$settings_value ')";
        if ($db->sql($sql)) {
            $response['error'] = false;
            $response['message'] = "Your system is registered and activated successfully!";
        } else {
            $response['error'] = true;
            $response['message'] = "Something went wrong please try again!";
        }
    } else {
        /* delete if token are different */
        $token = json_decode($res[0]['value'], true);
        $db_token = (isset($token['time_check']) && !empty($token['time_check'])) ? $token['time_check'] : "";

        $vali_token = $fn->xss_clean_array($_POST['time_check']);
        if ($db_token != $vali_token) {
            $sql = "DELETE FROM `settings` WHERE variable = 'doctor_brown'";
            if ($db->sql($sql)) {
                $settings_value = json_encode($fn->xss_clean_array($_POST));
                $sql = "INSERT INTO settings (`variable`,`value`) VALUES ('doctor_brown','$settings_value ')";

                if ($db->sql($sql)) {
                    $response['error'] = false;
                    $response['message'] = "Your system is registered and activated successfully!";
                } else {
                    $response['error'] = true;
                    $response['message'] = "Something went wrong please try again!";
                }
            } else {
                $response['error'] = true;
                $response['message'] = "Something went wrong please try again!";
            }
        } else {
            $response['error'] = false;
            $response['message'] = "Your system is already activated!";
        }
    }
    print_r(json_encode($response));
}

if (isset($_POST['front_end_settings']) && $_POST['front_end_settings'] == 1) {
    if ($permissions['settings']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update settings</label>';
        return false;
    }
    $res = $res_data = array();
    $loading_old = "";
    $web_logo_old = "";
    $favicon_old = "";
    $screenshots_old = "";
    $google_play_old = "";

    $sql = "select * from settings where variable = 'front_end_settings'";
    $db->sql($sql);
    $res = $db->getResult();
    $res_data = (!empty($res)) ? json_decode($res[0]['value'], true) : array();

    $loading_old = $res_data['loading'];
    $favicon_old = $res_data['favicon'];
    $web_logo_old = $res_data['web_logo'];
    $screenshots_old = $res_data['screenshots'];
    $google_play_old = $res_data['google_play'];

    if (isset($_FILES['favicon']) && !empty($_FILES['favicon']) && $_FILES['favicon']['error'] == 0 && $_FILES['favicon']['size'] > 0) {
        $favicon = $db->escapeString($fn->xss_clean($_FILES['favicon']['name']));
        $extension = pathinfo($_FILES["favicon"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["favicon"]);
        if ($result) {
            echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
            return false;
        }

        $target_path = '../dist/img/';
        if (!empty($favicon_old) && $favicon_old != '') {
            unlink($target_path . $favicon_old);
        }
        $filename = microtime(true) . '.' . strtolower($extension);
        $full_path = $target_path . "" . $filename;

        if (!move_uploaded_file($_FILES["favicon"]["tmp_name"], $full_path)) {
            echo "<p class='alert alert-danger'>Invalid directory to load favicon!</p>";
            return false;
        }
        $_POST['favicon'] = $filename;
    } else {
        $_POST['favicon'] = $favicon_old;
    }

    if (isset($_FILES['web_logo']) && !empty($_FILES['web_logo']) && $_FILES['web_logo']['error'] == 0 && $_FILES['web_logo']['size'] > 0) {
        $web_logo = $db->escapeString($fn->xss_clean($_FILES['web_logo']['name']));
        $extension = pathinfo($_FILES["web_logo"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["web_logo"]);
        if ($result) {
            echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
            return false;
        }

        $target_path = '../dist/img/';
        if (!empty($fweb_logo_old) && $web_logo_old != '') {
            unlink($target_path . $web_logo_old);
        }
        $filename = microtime(true) . '.' . strtolower($extension);
        $full_path = $target_path . "" . $filename;

        if (!move_uploaded_file($_FILES["web_logo"]["tmp_name"], $full_path)) {
            echo "<p class='alert alert-danger'>Invalid directory to load Web Logo!</p>";
            return false;
        }
        $_POST['web_logo'] = $filename;
    } else {
        $_POST['web_logo'] = $web_logo_old;
    }

    if (isset($_FILES['loading']) && !empty($_FILES['loading']) && $_FILES['loading']['error'] == 0 && $_FILES['loading']['size'] > 0) {
        $loading = $db->escapeString($fn->xss_clean($_FILES['loading']['name']));
        $extension = pathinfo($_FILES["loading"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["loading"]);
        if ($result) {
            echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
            return false;
        }

        $target_path = '../dist/img/';
        if (!empty($loading_old) && $loading_old != '') {
            unlink($target_path . $loading_old);
        }
        $filename = microtime(true) . '.' . strtolower($extension);
        $full_path = $target_path . "" . $filename;

        if (!move_uploaded_file($_FILES["loading"]["tmp_name"], $full_path)) {
            echo "<p class='alert alert-danger'>Invalid directory to load loading Image!</p>";
            return false;
        }
        $_POST['loading'] = $filename;
    } else {
        $_POST['loading'] = $loading_old;
    }


    if (isset($_FILES['screenshots']) && !empty($_FILES['screenshots']) && $_FILES['screenshots']['error'] == 0 && $_FILES['screenshots']['size'] > 0) {
        $screenshots = $db->escapeString($fn->xss_clean($_FILES['screenshots']['name']));
        $extension = pathinfo($_FILES["screenshots"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["screenshots"]);
        if ($result) {
            echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
            return false;
        }

        $target_path = '../dist/img/';
        if (!empty($screenshots_old) && $screenshots_old != '') {
            unlink($target_path . $screenshots_old);
        }
        $filename = microtime(true) . '.' . strtolower($extension);
        $full_path = $target_path . "" . $filename;

        if (!move_uploaded_file($_FILES["screenshots"]["tmp_name"], $full_path)) {
            echo "<p class='alert alert-danger'>Invalid directory to load App Screenshots!</p>";
            return false;
        }
        $_POST['screenshots'] = $filename;
    } else {
        $_POST['screenshots'] = $screenshots_old;
    }


    if (isset($_FILES['google_play']) && !empty($_FILES['google_play']) && $_FILES['google_play']['error'] == 0 && $_FILES['google_play']['size'] > 0) {
        $google_play = $db->escapeString($fn->xss_clean($_FILES['google_play']['name']));
        $extension = pathinfo($_FILES["google_play"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["google_play"]);
        if ($result) {
            echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
            return false;
        }

        $target_path = '../dist/img/';
        if (!empty($google_play_old) && $google_play_old != '') {
            unlink($target_path . $google_play_old);
        }
        $filename = microtime(true) . '.' . strtolower($extension);
        $full_path = $target_path . "" . $filename;

        if (!move_uploaded_file($_FILES["google_play"]["tmp_name"], $full_path)) {
            echo "<p class='alert alert-danger'>Invalid directory to load Google Play Image!</p>";
            return false;
        }
        $_POST['google_play'] = $filename;
    } else {
        $_POST['google_play'] = $google_play_old;
    }
    $_POST['show_color_picker_in_website'] = str_replace("'", "''", $_POST['show_color_picker_in_website']);
    if (empty($res)) {
        $settings_value = json_encode($fn->xss_clean_array($_POST));
        $sql = "INSERT INTO settings (`variable`,`value`) VALUES ('front_end_settings','$settings_value ')";
        if ($db->sql($sql)) {
            echo "<p class='alert alert-success'>Saved Successfully!</p>";
        } else {
            echo "<p class='alert alert-danger'>Something went wrong please try again!</p>";
        }
    } else {
        $settings_value = json_encode($fn->xss_clean_array($_POST));
        $sql = "UPDATE settings SET value='" . $settings_value . "' WHERE variable='front_end_settings'";
        if ($db->sql($sql)) {
            echo "<p class='alert alert-success'>Saved Successfully!</p>";
        } else {
            echo "<p class='alert alert-danger'>Something went wrong please try again!</p>";
        }
    }
}

if (isset($_POST['add_delivery_boy']) && $_POST['add_delivery_boy'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['delivery_boys']['create'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to create delivery boy</label>';
        return false;
    }
    $name = $db->escapeString($fn->xss_clean($_POST['name']));
    $mobile = $db->escapeString($fn->xss_clean($_POST['mobile']));
    $address = $db->escapeString($fn->xss_clean($_POST['address']));
    $bonus = $db->escapeString($fn->xss_clean($_POST['bonus']));
    $dob = $db->escapeString($fn->xss_clean($_POST['dob']));
    $bank_name = $db->escapeString($fn->xss_clean($_POST['bank_name']));
    $bonus_method = $db->escapeString($fn->xss_clean($_POST['bonus_method']));
    $other_payment_info = (isset($_POST['other_payment_info']) && !empty($_POST['other_payment_info'])) ? $db->escapeString($fn->xss_clean($_POST['other_payment_info'])) : '';
    $account_number = $db->escapeString($fn->xss_clean($_POST['account_number']));
    $account_name = $db->escapeString($fn->xss_clean($_POST['account_name']));
    $ifsc_code = $db->escapeString($fn->xss_clean($_POST['ifsc_code']));
    $password = $db->escapeString($fn->xss_clean($_POST['password']));
    $password = md5($password);
    $sql = 'SELECT id FROM delivery_boys WHERE mobile=' . $mobile;
    $db->sql($sql);
    $res = $db->getResult();
    $count = $db->numRows($res);
    if ($count > 0) {
        echo '<label class="alert alert-danger">Mobile Number Already Exists!</label>';
        return false;
    }
    $target_path = '../upload/delivery-boy/';
    if ($_FILES['driving_license']['error'] == 0 && $_FILES['driving_license']['size'] > 0) {
        if (!is_dir($target_path)) {
            mkdir($target_path, 0777, true);
        }
        $extension = pathinfo($_FILES["driving_license"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["driving_license"]);
        if ($result) {
            echo " <span class='label label-danger'>Driving License image type must jpg, jpeg, gif, or png!</span>";
            return false;
            exit();
        }

        $dr_filename = microtime(true) . '.' . strtolower($extension);
        $dr_full_path = $target_path . "" . $dr_filename;
        if (!move_uploaded_file($_FILES["driving_license"]["tmp_name"], $dr_full_path)) {
            echo "<p class='alert alert-danger'>Invalid directory to load image!</p>";
            return false;
        }
    }
    if ($_FILES['national_identity_card']['error'] == 0 && $_FILES['national_identity_card']['size'] > 0) {
        if (!is_dir($target_path)) {
            mkdir($target_path, 0777, true);
        }
        $extension = pathinfo($_FILES["national_identity_card"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["national_identity_card"]);
        if ($result) {
            echo " <span class='label label-danger'>National Identity Card image type must jpg, jpeg, gif, or png!</span>";
            return false;
            exit();
        }

        $nic_filename = microtime(true) . '.' . strtolower($extension);
        $nic_full_path = $target_path . "" . $nic_filename;
        if (!move_uploaded_file($_FILES["national_identity_card"]["tmp_name"], $nic_full_path)) {
            echo "<p class='alert alert-danger'>Invalid directory to load image!</p>";
            return false;
        }
    }
    $sql = "INSERT INTO delivery_boys (`name`,`mobile`,`password`,`address`,`bonus`, `driving_license`, `national_identity_card`, `dob`, `bank_account_number`, `bank_name`, `account_name`, `ifsc_code`,`other_payment_information`,`bonus_method`) VALUES ('$name', '$mobile', '$password', '$address','$bonus','$dr_filename', '$nic_filename', '$dob','$account_number','$bank_name','$account_name','$ifsc_code','$other_payment_info','$bonus_method')";
    if ($db->sql($sql)) {
        echo '<label class="alert alert-success">Delivery Boy Added Successfully!</label>';
    } else {
        echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
    }
}
if (isset($_POST['update_delivery_boy']) && $_POST['update_delivery_boy'] == 1) {

    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['delivery_boys']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update delivery boy</label>';
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_POST['delivery_boy_id']));
    if ($id == 104 && ALLOW_MODIFICATION == 0) {
        echo '<label class="alert alert-danger">Sorry you can not update this delivery boy.</label>';
        return false;
    }
    $name = $db->escapeString($fn->xss_clean($_POST['update_name']));
    $password = !empty($_POST['update_password']) ? $db->escapeString($fn->xss_clean($_POST['update_password'])) : '';
    $update_other_payment_info = !empty($_POST['update_other_payment_info']) ? $db->escapeString($fn->xss_clean($_POST['update_other_payment_info'])) : '';
    $address = $db->escapeString($fn->xss_clean($_POST['update_address']));
    $bonus = $db->escapeString($fn->xss_clean($_POST['update_bonus']));
    $status = $db->escapeString($fn->xss_clean($_POST['status']));
    $available = $db->escapeString($fn->xss_clean($_POST['available']));
    $update_dob = $db->escapeString($fn->xss_clean($_POST['update_dob']));
    $bonus_method = $db->escapeString($fn->xss_clean($_POST['bonus_method']));
    $update_bank_name = $db->escapeString($fn->xss_clean($_POST['update_bank_name']));
    $update_account_number = $db->escapeString($fn->xss_clean($_POST['update_account_number']));
    $update_account_name = $db->escapeString($fn->xss_clean($_POST['update_account_name']));
    $update_ifsc_code = $db->escapeString($fn->xss_clean($_POST['update_ifsc_code']));
    $password = !empty($password) ? md5($password) : '';
    $dr_image = $nic_image = "";
    if ($_FILES['update_driving_license']['size'] != 0 && $_FILES['update_driving_license']['error'] == 0 && !empty($_FILES['update_driving_license'])) {
        //image isn't empty and update the image
        $dr_image = $db->escapeString($fn->xss_clean($_POST['dr_image1']));
        $extension = pathinfo($_FILES["update_driving_license"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["update_driving_license"]);
        if ($result) {
            echo " <span class='label label-danger'>Driving License image type must jpg, jpeg, gif, or png!</span>";
            return false;
            exit();
        }
        $target_path = '../upload/delivery-boy/';
        $dr_filename = microtime(true) . '.' . strtolower($extension);
        $dr_full_path = $target_path . "" . $dr_filename;
        if (!move_uploaded_file($_FILES["update_driving_license"]["tmp_name"], $dr_full_path)) {
            echo '<p class="alert alert-danger">Can not upload image.</p>';
            return false;
            exit();
        }
        if (!empty($dr_image)) {
            unlink($target_path . $dr_image);
        }
        $sql = "UPDATE delivery_boys SET `driving_license`='" . $dr_filename . "' WHERE `id`=" . $id;
        $db->sql($sql);
    }
    if ($_FILES['update_national_identity_card']['size'] != 0 && $_FILES['update_national_identity_card']['error'] == 0 && !empty($_FILES['update_national_identity_card'])) {
        //image isn't empty and update the image
        $nic_image = $db->escapeString($fn->xss_clean($_POST['nic_image']));
        $extension = pathinfo($_FILES["update_national_identity_card"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["update_national_identity_card"]);
        if ($result) {
            echo " <span class='label label-danger'>National Identity Card image type must jpg, jpeg, gif, or png!</span>";
            return false;
            exit();
        }
        $target_path = '../upload/delivery-boy/';
        $nic_filename = microtime(true) . '.' . strtolower($extension);
        $nic_full_path = $target_path . "" . $nic_filename;
        if (!move_uploaded_file($_FILES["update_national_identity_card"]["tmp_name"], $nic_full_path)) {
            echo '<p class="alert alert-danger">Can not upload image.</p>';
            return false;
            exit();
        }
        if (!empty($nic_image)) {
            unlink($target_path . $nic_image);
        }
        $sql = "UPDATE delivery_boys SET `national_identity_card`='" . $nic_filename . "' WHERE `id`=" . $id;
        $db->sql($sql);
    }

    if (!empty($password)) {
        $sql = "Update delivery_boys set `name`='" . $name . "',password='" . $password . "',`address`='" . $address . "',`bonus`='" . $bonus . "',`bonus_method` = '" . $bonus_method . "',`status`='" . $status . "',`is_available`='" . $available . "',`dob`='$update_dob',`bank_account_number`='$update_account_number',`bank_name`='$update_bank_name',`account_name`='$update_account_name',`ifsc_code`='$update_ifsc_code',`other_payment_information`='$update_other_payment_info' where `id`=" . $id;
    } else {
        $sql = "Update delivery_boys set `name`='" . $name . "',`address`='" . $address . "',`bonus`='" . $bonus . "',`bonus_method` = '" . $bonus_method . "',`status`='" . $status . "',`is_available`='" . $available . "',`dob`='$update_dob',`bank_account_number`='$update_account_number',`bank_name`='$update_bank_name',`account_name`='$update_account_name',`ifsc_code`='$update_ifsc_code',`other_payment_information`='$update_other_payment_info'  where `id`=" . $id;
    }
    if ($db->sql($sql)) {
        echo "<label class='alert alert-success'>Information Updated Successfully.</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}

if (isset($_GET['delete_delivery_boy']) && $_GET['delete_delivery_boy'] == 1) {
    if ($permissions['delivery_boys']['delete'] == 0) {
        echo 2;
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_GET['id']));
    $target_path = '../upload/delivery-boy/';
    $driving_license = $db->escapeString($fn->xss_clean($_GET['driving_license']));
    $national_identity_card = $db->escapeString($fn->xss_clean($_GET['national_identity_card']));
    if ($id == 104) {
        echo 3;
        return false;
    }
    $sql = "DELETE FROM `delivery_boys` WHERE id=" . $id;
    if ($db->sql($sql)) {
        // delete fund_transfers
        $sql = "DELETE FROM `fund_transfers` WHERE delivery_boy_id=" . $id;
        $db->sql($sql);
        // delete withdrawal requests
        $sql = "DELETE FROM `withdrawal_requests` WHERE `type_id`=" . $id . " AND `type`='delivery_boy'";
        $db->sql($sql);
        if (!empty($driving_license)) {
            unlink($target_path . $driving_license);
        }
        if (!empty($national_identity_card)) {
            unlink($target_path . $national_identity_card);
        }
        echo 0;
    } else {
        echo 1;
    }
}

if (isset($_POST['update_web_category']) && $_POST['update_web_category'] == 1) {
    if (ALLOW_MODIFICATION == 0 && !defined(ALLOW_MODIFICATION)) {
        echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
        return false;
    }
    if ($permissions['categories']['update'] == 1) {
        $category_id = $db->escapeString($fn->xss_clean($_POST['web_category_id']));
        $c_image = $db->escapeString($fn->xss_clean($_FILES['c_image']['name']));
        $c_image_temp = $db->escapeString($fn->xss_clean($_FILES['c_image']['tmp_name']));
        $extension = pathinfo($_FILES["c_image"]["name"])['extension'];
        $result = $fn->validate_image($_FILES["c_image"]);
        if ($result) {
            echo '<p class="alert alert-danger">Image type must jpg, jpeg, gif, or png!</p>';
            return false;
            exit();
        }

        if ($c_image_temp != "") {

            $target_path = '../upload/web-category-image/';
            if (!is_dir($target_path)) {
                mkdir($target_path, 0777, true);
            }
            $nic_filename = microtime(true) . '.' . strtolower($extension);
            $nic_full_path = $target_path . "" . $nic_filename;

            $target_path_db = 'upload/web-category-image/';
            $nic_filename_db = microtime(true) . '.' . strtolower($extension);
            $nic_full_path_db = $target_path_db . "" . $nic_filename_db;
            if (!move_uploaded_file($_FILES["c_image"]["tmp_name"], $nic_full_path)) {
                echo '<p class="alert alert-danger">Can not upload image.</p>';
                return false;
                exit();
            }
            $c_update = "update category set  web_image= '$nic_full_path_db' where id='$category_id'";
        }

        $db->sql($c_update);
        $update_result = $db->getResult();
    }
}

if (isset($_POST['add_social_media']) && $_POST['add_social_media'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['settings']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to add social media</label>';
        return false;
    }
    $icon = $db->escapeString($fn->xss_clean($_POST['icon']));
    $link = $db->escapeString($fn->xss_clean($_POST['link']));

    $sql = "INSERT INTO social_media (`icon`,`link`) VALUES ('$icon', '$link')";
    if ($db->sql($sql)) {
        echo '<label class="alert alert-success">Social Media Added Successfully!</label>';
    } else {
        echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
    }
}
if (isset($_POST['update_social_media']) && $_POST['update_social_media'] == 1) {

    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['settings']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update social media</label>';
        return false;
    }

    $icon = $db->escapeString($fn->xss_clean($_POST['update_icon']));
    $link = $db->escapeString($fn->xss_clean($_POST['update_link']));
    $id = $db->escapeString($fn->xss_clean($_POST['social_media_id']));
    $sql = "Update social_media set `icon`='" . $icon . "', link='" . $link . "' where `id`=" . $id;

    $db->sql($sql);

    if ($db->sql($sql)) {
        echo "<label class='alert alert-success'>Information Updated Successfully.</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}
if (isset($_GET['delete_social_media']) && $_GET['delete_social_media'] == 1) {
    if ($permissions['settings']['update'] == 0) {
        echo 2;
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_GET['id']));


    $sql = "DELETE FROM `social_media` WHERE id=" . $id;
    if ($db->sql($sql)) {
        echo 0;
    } else {
        echo 1;
    }
}

if (isset($_POST['update_payment_request']) && $_POST['update_payment_request'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['payment']['update'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update payment request.</label>";
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_POST['payment_request_id']));
    $remarks = $db->escapeString($fn->xss_clean($_POST['update_remarks']));
    $status = $db->escapeString($fn->xss_clean($_POST['status']));
    $sql = "select status from payment_requests where id=" . $id;
    $db->sql($sql);
    $res = $db->getResult();
    if ($res[0]['status'] == 1) {
        echo "<label class='alert alert-danger'>Payment request already approved.</label>";
        return false;
    }
    if ($res[0]['status'] == 2) {
        echo "<label class='alert alert-danger'>Payment request already cancelled.</label>";
        return false;
    }
    if ($status == '2') {
        $sql = "SELECT user_id,amount_requested FROM payment_requests WHERE id=" . $id;
        $db->sql($sql);
        $res = $db->getResult();
        $user_id = $res[0]['user_id'];
        $amount = $res[0]['amount_requested'];

        $sql = "UPDATE users SET balance = balance + $amount WHERE id=" . $user_id;
        $db->sql($sql);
    }
    $sql = "Update payment_requests set `remarks`='" . $remarks . "',`status`='" . $status . "' where `id`=" . $id;
    if ($db->sql($sql)) {
        echo "<label class='alert alert-success'>Updated Successfully.</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}
if (isset($_POST['boy_id']) && isset($_POST['transfer_fund'])) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['payment']['update'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update delivery boy.</label>";
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_POST['boy_id']));
    $balance = $db->escapeString($fn->xss_clean($_POST['delivery_boy_balance']));
    if (!is_numeric($_POST['amount'])) {

        echo "<label class='alert alert-danger'>Amount must be number.</label>";
        return false;
    }
    $amount = $db->escapeString($fn->xss_clean($_POST['amount']));

    $message = (!empty($_POST['message'])) ? $db->escapeString($fn->xss_clean($_POST['message'])) : 'Fund Transferred By Admin';
    $bal = $balance - $amount;
    $sql = "Update delivery_boys set `balance`='" . $bal . "' where `id`=" . $id;
    $db->sql($sql);
    $sql = "INSERT INTO `fund_transfers` (`delivery_boy_id`,`amount`,`opening_balance`,`closing_balance`,`status`,`message`) VALUES ('" . $id . "','" . $amount . "','" . $balance . "','" . $bal . "','SUCCESS','" . $message . "')";
    $db->sql($sql);
    echo "<p class='alert alert-success'>Amount Transferred Successfully!</p>";
}
if (isset($_POST['add_promo_code']) && $_POST['add_promo_code'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['promo_codes']['create'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to create promo code</label>';
        return false;
    }
    $promo_code = $db->escapeString($fn->xss_clean($_POST['promo_code']));
    $message = $db->escapeString($fn->xss_clean($_POST['message']));
    $start_date = $db->escapeString($fn->xss_clean($_POST['start_date']));
    $end_date = $db->escapeString($fn->xss_clean($_POST['end_date']));
    $no_of_users = $db->escapeString($fn->xss_clean($_POST['no_of_users']));
    $minimum_order_amount = $db->escapeString($fn->xss_clean($_POST['minimum_order_amount']));
    $discount = $db->escapeString($fn->xss_clean($_POST['discount']));
    $discount_type = $db->escapeString($fn->xss_clean($_POST['discount_type']));
    $max_discount_amount = $db->escapeString($fn->xss_clean($_POST['max_discount_amount']));
    $repeat_usage = $db->escapeString($fn->xss_clean($_POST['repeat_usage']));
    $no_of_repeat_usage = !empty($_POST['repeat_usage']) ? $db->escapeString($fn->xss_clean($_POST['no_of_repeat_usage'])) : 0;
    $status = $db->escapeString($fn->xss_clean($_POST['status']));

    $sql = "INSERT INTO promo_codes (promo_code,message,start_date,end_date,no_of_users,minimum_order_amount,discount,discount_type,max_discount_amount,repeat_usage,no_of_repeat_usage,status)
                        VALUES('$promo_code', '$message', '$start_date', '$end_date','$no_of_users','$minimum_order_amount','$discount','$discount_type','$max_discount_amount','$repeat_usage','$no_of_repeat_usage','$status')";
    if ($db->sql($sql)) {
        echo '<label class="alert alert-success">Promo Code Added Successfully!</label>';
    } else {
        echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
    }
}
if (isset($_POST['update_promo_code']) && $_POST['update_promo_code'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['promo_codes']['update'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to update promo code</label>';
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_POST['promo_code_id']));
    $promo_code = $db->escapeString($fn->xss_clean($_POST['update_promo']));
    $message = $db->escapeString($fn->xss_clean($_POST['update_message']));
    $start_date = $db->escapeString($fn->xss_clean($_POST['update_start_date']));
    $end_date = $db->escapeString($fn->xss_clean($_POST['update_end_date']));
    $no_of_users = $db->escapeString($fn->xss_clean($_POST['update_no_of_users']));
    $minimum_order_amount = $db->escapeString($fn->xss_clean($_POST['update_minimum_order_amount']));
    $discount = $db->escapeString($fn->xss_clean($_POST['update_discount']));
    $discount_type = $db->escapeString($fn->xss_clean($_POST['update_discount_type']));
    $max_discount_amount = $db->escapeString($fn->xss_clean($_POST['update_max_discount_amount']));
    $repeat_usage = $db->escapeString($fn->xss_clean($_POST['update_repeat_usage']));
    $no_of_repeat_usage = $repeat_usage == 0 ? '0' : $db->escapeString($fn->xss_clean($_POST['update_no_of_repeat_usage']));
    $status = $db->escapeString($fn->xss_clean($_POST['status']));

    $sql = "Update promo_codes set `promo_code`='" . $promo_code . "',`message`='" . $message . "',`start_date`='" . $start_date . "',`end_date`='" . $end_date . "',`no_of_users`='" . $no_of_users . "',`minimum_order_amount`='" . $minimum_order_amount . "',`discount`='" . $discount . "',`discount_type`='" . $discount_type . "',`max_discount_amount`='" . $max_discount_amount . "',`repeat_usage`='" . $repeat_usage . "',`no_of_repeat_usage`='" . $no_of_repeat_usage . "',`status`='" . $status . "' where `id`=" . $id;

    if ($db->sql($sql)) {
        echo "<label class='alert alert-success'>Promo Code Updated Successfully.</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}
if (isset($_GET['delete_promo_code']) && $_GET['delete_promo_code'] == 1) {
    if ($permissions['promo_codes']['delete'] == 0) {
        echo 2;
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_GET['id']));
    $sql = "DELETE FROM `promo_codes` WHERE id=" . $id;
    if ($db->sql($sql)) {
        echo 0;
    } else {
        echo 1;
    }
}
if (isset($_POST['add_time_slot']) && $_POST['add_time_slot'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['settings']['update'] == 0) {

        echo '<label class="alert alert-danger">You have no permission to add time slot</label>';
        return false;
    }
    $title = $db->escapeString($fn->xss_clean($_POST['title']));
    $from_time = $db->escapeString($fn->xss_clean($_POST['from_time']));
    $to_time = $db->escapeString($fn->xss_clean($_POST['to_time']));
    $last_order_time = $db->escapeString($fn->xss_clean($_POST['last_order_time']));
    $status = $db->escapeString($fn->xss_clean($_POST['status']));
    $sql = "INSERT INTO time_slots (title,from_time,to_time,last_order_time,status)
                        VALUES('$title', '$from_time', '$to_time', '$last_order_time','$status')";
    if ($db->sql($sql)) {
        echo '<label class="alert alert-success">Time Slot Added Successfully!</label>';
    } else {
        echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
    }
}
if (isset($_POST['update_time_slot']) && $_POST['update_time_slot'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['settings']['update'] == 0) {

        echo '<label class="alert alert-danger">You have no permission to update time slot</label>';
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_POST['time_slot_id']));
    $title = $db->escapeString($fn->xss_clean($_POST['update_title']));
    $from_time = $db->escapeString($fn->xss_clean($_POST['update_from_time']));
    $to_time = $db->escapeString($fn->xss_clean($_POST['update_to_time']));
    $last_order_time = $db->escapeString($fn->xss_clean($_POST['update_last_order_time']));
    $status = $db->escapeString($fn->xss_clean($_POST['status']));
    $sql = "Update time_slots set `title`='" . $title . "',`from_time`='" . $from_time . "',`to_time`='" . $to_time . "',`last_order_time`='" . $last_order_time . "',`status`='" . $status . "' where `id`=" . $id;
    if ($db->sql($sql)) {
        echo "<label class='alert alert-success'>Time Slot Updated Successfully.</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}
if (isset($_GET['delete_time_slot']) && $_GET['delete_time_slot'] == 1) {
    if ($permissions['settings']['update'] == 0) {

        echo 2;
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_GET['id']));
    $sql = "DELETE FROM `time_slots` WHERE id=" . $id;
    if ($db->sql($sql)) {
        echo 0;
    } else {
        echo 1;
    }
}
if (isset($_POST['update_return_request']) && $_POST['update_return_request'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['return_requests']['update'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update return request.</label>";
        return false;
    }

    $id = $db->escapeString($fn->xss_clean($_POST['return_request_id']));
    $order_item_id = $db->escapeString($fn->xss_clean($_POST['order_item_id']));
    $order_id = $db->escapeString($fn->xss_clean($_POST['order_id']));
    $remarks = $db->escapeString($fn->xss_clean($_POST['update_remarks']));
    $return_status = $db->escapeString($fn->xss_clean($_POST['status']));

    $sql = "select status from return_requests where id=" . $id;
    $db->sql($sql);
    $res = $db->getResult();
    if ($res[0]['status'] == 1) {
        echo "<label class='alert alert-danger'>Return request already approved.</label>";
        return false;
    }
    if ($return_status == 1) {
        $sql = "SELECT user_id,status,sub_total FROM order_items WHERE id =" . $order_item_id;
        $db->sql($sql);
        $result = $db->getResult();
        $status = json_decode($result[0]['status']);
        $status[] = array('returned', date("d-m-Y h:i:sa"));
        $status = $db->escapeString(json_encode($status));
        $sql = "UPDATE order_items SET status = '" . $status . "', active_status = 'returned' WHERE id = " . $order_item_id;
        $db->sql($sql);

        /* check for other item status and summery of order */
        $sql = "SELECT id FROM order_items WHERE order_id=" . $order_id;
        $db->sql($sql);
        $total = $db->numRows();
        $sql = "SELECT id FROM `order_items` WHERE order_id=" . $order_id . " && (`active_status` LIKE '%cancelled%' OR `active_status` LIKE '%returned%' )";
        $db->sql($sql);
        $returned = $db->numRows();
        if ($returned == $total) {
            $sql = "SELECT status FROM orders WHERE id =" . $order_id;
            $db->sql($sql);
            $res = $db->getResult();
            $status_order = json_decode($res[0]['status']);
            $status_order[] = array('returned', date("d-m-Y h:i:sa"));
            $status_order = $db->escapeString(json_encode($status_order));
            $sql = "UPDATE orders SET status = '" . $status_order . "', active_status = 'returned' WHERE id = " . $order_id;
            $db->sql($sql);
            return false;
        }
        $sql = 'SELECT oi.`product_variant_id`,oi.`quantity`,oi.`discounted_price`,oi.`price`,pv.`product_id`,pv.`type`,pv.`stock`,pv.`stock_unit_id`,pv.`measurement`,pv.`measurement_unit_id` FROM `order_items` oi join `product_variant` pv on pv.id = oi.product_variant_id WHERE oi.`id`=' . $order_item_id;

        $db->sql($sql);
        $res_oi = $db->getResult();
        if ($res_oi[0]['type'] == 'packet') {
            $sql = "UPDATE product_variant SET stock = stock + " . $res_oi[0]['quantity'] . " WHERE id='" . $res_oi[0]['product_variant_id'] . "'";
            $db->sql($sql);

            $sql = "select stock from product_variant where id=" . $res_oi[0]['product_variant_id'];
            $db->sql($sql);
            $res_stock = $db->getResult();
            if ($res_stock[0]['stock'] > 0) {
                $sql = "UPDATE product_variant set serve_for='Available' WHERE id='" . $res_oi[0]['product_variant_id'] . "'";
                $db->sql($sql);
            }
        } else {
            /* When product type is loose */
            if ($res_oi[0]['measurement_unit_id'] != $res_oi[0]['stock_unit_id']) {
                $stock = $fn->convert_to_parent($res_oi[0]['measurement'], $res_oi[0]['measurement_unit_id']);
                $stock = $stock * $res_oi[0]['quantity'];
                $sql = "UPDATE product_variant SET stock = stock + " . $stock . " WHERE product_id='" . $res_oi[0]['product_id'] . "'";
                $db->sql($sql);
            } else {
                $stock = $res_oi[0]['measurement'] * $res_oi[0]['quantity'];
                $sql = "UPDATE product_variant SET stock = stock + " . $stock . " WHERE product_id='" . $res_oi[0]['product_id'] . "'";
                $db->sql($sql);
            }
            $sql = "select stock from product_variant where product_id=" . $res_oi[0]['product_id'];
            $db->sql($sql);
            $res_stck = $db->getResult();
            if ($res_stck[0]['stock'] > 0) {
                $sql = "UPDATE product_variant set serve_for='Available' WHERE product_id='" . $res_oi[0]['product_id'] . "'";
                $db->sql($sql);
            }
        }
        /* update user's wallet */
        $total = $res_oi[0]['discounted_price'] == 0 ? $res_oi[0]['price'] * $res_oi[0]['quantity'] : $res_oi[0]['discounted_price'] * $res_oi[0]['quantity'];
        $sql = "select user_id from return_requests where id=" . $id;
        $db->sql($sql);
        $res_user = $db->getResult();
        $user_id = $res_user[0]['user_id'];
        $sql = "update users set balance = balance + $total where id=" . $user_id;
        $db->sql($sql);
        /* add wallet transaction */
        $sql = "insert into wallet_transactions (`order_id`,`user_id`,`type`,`amount`,`message`,`status`)values(" . $order_id . "," . $user_id . ",'credit'," . $total . ",'Balance credited on return request approved.',1)";
        $db->sql($sql);
    }
    $sql_query = "Update return_requests set `remarks`='" . $remarks . "',`status`='" . $return_status . "' where `id`=" . $id;
    if ($db->sql($sql_query)) {
        echo "<label class='alert alert-success'>Return request updated successfully.</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}
if (isset($_GET['delete_return_request']) && $_GET['delete_return_request'] == 1) {
    if ($permissions['return_requests']['delete'] == 0) {
        echo 2;
        return false;
    }
    $id = $db->escapeString($_GET['id']);
    $sql = "DELETE FROM `return_requests` WHERE id=" . $id;
    if ($db->sql($sql)) {
        echo 0;
    } else {
        echo 1;
    }
}
if (isset($_POST['manage_customer_wallet']) && isset($_POST['user_id'])) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['customers']['read'] == 0) {
        echo '<label class="alert alert-danger">You have no permission to manage wallet balance</label>';
        return false;
    }

    $user_id = $db->escapeString($fn->xss_clean($_POST['user_id']));
    $amount = $db->escapeString($fn->xss_clean($_POST['amount']));
    $type = $db->escapeString($fn->xss_clean($_POST['type']));
    $message = !empty($_POST['message']) ? $db->escapeString($fn->xss_clean($_POST['message'])) : 'Transaction by admin';

    $balance = $fn->get_wallet_balance($user_id);
    if ($type == 'debit' && $balance <= 0) {
        echo "<label class='alert alert-danger'>Balance should be greater than 0.</label>";
        return false;
    }
    if ($type == 'debit' && $amount > $balance) {
        echo "<label class='alert alert-danger'>Amount should not be greater than balance.</label>";
        return false;
    }
    $new_balance = $type == 'credit' ? $balance + $amount : $balance - $amount;
    $fn->update_wallet_balance($new_balance, $user_id);
    if ($fn->add_wallet_transaction($order_id = "", $user_id, $type, $amount, $message)) {
        echo "<label class='alert alert-success'>Balance Updated Successfully.</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}
if (isset($_POST['add_system_user']) && $_POST['add_system_user'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    $id = $_SESSION['id'];
    $username = $db->escapeString($fn->xss_clean($_POST['username']));
    $email = $db->escapeString($fn->xss_clean($_POST['email']));
    if (empty($email)) {
        echo " <label class='alert alert-danger'>Email required!</label>";
        return false;
    }
    $valid_mail = "/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i";
    if (!preg_match($valid_mail, $email)) {
        echo " <label class='alert alert-danger'>Wrong email format!</label>";
        return false;
    }

    $password = $db->escapeString($fn->xss_clean($_POST['password']));
    $password = md5($password);
    $role = $db->escapeString($fn->xss_clean($_POST['role']));


    $sql = "SELECT id FROM admin WHERE username='" . $username . "'";
    $db->sql($sql);
    $res = $db->getResult();
    $count = $db->numRows($res);
    if ($count > 0) {
        echo '<label class="alert alert-danger">Username Already Exists!</label>';
        return false;
    }

    $sql = "SELECT id FROM admin WHERE email='" . $email . "'";
    $db->sql($sql);
    $res = $db->getResult();
    $count = $db->numRows($res);
    if ($count > 0) {
        echo '<label class="alert alert-danger">Email Already Exists!</label>';
        return false;
    }
    $permissions['orders'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-order'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-order'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-order'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-order'])));

    $permissions['categories'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-category'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-category'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-category'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-category'])));

    $permissions['subcategories'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-subcategory'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-subcategory'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-subcategory'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-subcategory'])));

    $permissions['products'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-product'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-product'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-product'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-product'])));

    $permissions['products_order'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-products-order'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-products-order'])));

    $permissions['home_sliders'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-home-slider'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-home-slider'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-home-slider'])));

    $permissions['new_offers'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-new-offer'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-new-offer'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-new-offer'])));

    $permissions['promo_codes'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-promo'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-promo'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-promo'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-promo'])));

    $permissions['featured'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-featured'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-featured'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-featured'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-featured'])));

    $permissions['customers'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-customers'])));

    $permissions['payment'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-payment'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-payment'])));

    $permissions['return_requests'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-return'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-return'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-return'])));

    $permissions['delivery_boys'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-delivery'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-delivery'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-delivery'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-delivery'])));

    $permissions['notifications'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-notification'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-notification'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-notification'])));

    $permissions['transactions'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-transaction'])));

    $permissions['settings'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-settings'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-settings'])));

    $permissions['locations'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-location'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-location'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-location'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-location'])));

    $permissions['reports'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-report'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-report'])));

    $permissions['faqs'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-faq'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-faq'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-faq'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-faq'])));

    $encoded_permissions = json_encode($permissions);
    $sql = "INSERT INTO admin (username,email,password,role,permissions,created_by)
                        VALUES('$username', '$email', '$password', '$role','$encoded_permissions','$id')";
    if ($db->sql($sql)) {
        echo '<label class="alert alert-success">' . $role . ' Added Successfully!</label>';
    } else {
        echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
    }
}
if (isset($_GET['delete_system_user']) && $_GET['delete_system_user'] == 1) {
    $id = $db->escapeString($_GET['id']);
    $sql = "DELETE FROM `admin` WHERE id=" . $id;
    if ($db->sql($sql)) {
        echo 0;
    } else {
        echo 1;
    }
}
if (isset($_POST['update_system_user']) && $_POST['update_system_user'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_POST['system_user_id']));
    $permissions['orders'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-order'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-order'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-order'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-order'])));

    $permissions['categories'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-category'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-category'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-category'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-category'])));

    $permissions['subcategories'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-subcategory'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-subcategory'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-subcategory'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-subcategory'])));

    $permissions['products'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-product'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-product'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-product'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-product'])));

    $permissions['products_order'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-products-order'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-products-order'])));

    $permissions['home_sliders'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-home-slider'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-home-slider'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-home-slider'])));

    $permissions['new_offers'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-new-offer'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-new-offer'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-new-offer'])));

    $permissions['promo_codes'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-promo'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-promo'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-promo'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-promo'])));

    $permissions['featured'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-featured'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-featured'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-featured'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-featured'])));

    $permissions['customers'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-customers'])));

    $permissions['payment'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-payment'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-payment'])));

    $permissions['return_requests'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-return'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-return'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-return'])));

    $permissions['delivery_boys'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-delivery'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-delivery'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-delivery'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-delivery'])));

    $permissions['notifications'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-notification'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-notification'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-notification'])));

    $permissions['transactions'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-transaction'])));

    $permissions['fund_transfer_delivery_boy'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-fund'])));

    $permissions['settings'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-settings'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-settings'])));

    $permissions['locations'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-location'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-location'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-location'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-location'])));

    $permissions['reports'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-report'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-report'])));

    $permissions['faqs'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-faq'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-faq'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-faq'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-faq'])));

    $permissions = json_encode($permissions);
    $sql = "UPDATE admin SET permissions='" . $permissions . "' WHERE id=" . $id;
    if ($db->sql($sql)) {
        echo '<label class="alert alert-success">Updated Successfully!</label>';
    } else {
        echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
    }
}

if (isset($_POST['update_withdrawal_request']) && $_POST['update_withdrawal_request'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['return_requests']['update'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update withdrawal request.</label>";
        return false;
    }

    $id = $db->escapeString($fn->xss_clean($_POST['withdrawal_request_id']));
    $type1 = $db->escapeString($fn->xss_clean($_POST['type']));
    $type = $type1 == 'Delivery Boy' ? 'delivery_boy' : 'user';
    $type_id = $db->escapeString($fn->xss_clean($_POST['type_id']));
    $amount = $db->escapeString($fn->xss_clean($_POST['amount']));
    $status = $db->escapeString($fn->xss_clean($_POST['status']));
    $sql = "select status from withdrawal_requests where id=" . $id;
    $db->sql($sql);
    $res = $db->getResult();
    if ($res[0]['status'] == 1) {
        echo "<label class='alert alert-danger'>Withdrawal request already approved.</label>";
        return false;
    }
    if ($res[0]['status'] == 2) {
        echo "<label class='alert alert-danger'>Withdrawal request already cancelled.</label>";
        return false;
    }
    if ($status == 1) {
        if ($type == 'user') {
            $balance = $fn->get_wallet_balance($type_id);
            $new_balance = $balance + $amount;
            $fn->update_wallet_balance($new_balance, $type_id);
            $fn->add_wallet_transaction($order_id = "", $type_id, 'credit', $amount, 'Balance credited on withdrawal request cancellation.');
        }
        if ($type == 'delivery_boy') {
            $balance = $fn->get_balance($type_id);
            $new_balance = $balance + $amount;
            $fn->update_delivery_boy_wallet_balance($new_balance, $type_id);
            $sql = "INSERT INTO `fund_transfers` (`delivery_boy_id`,`type`,`amount`,`opening_balance`,`closing_balance`,`status`,`message`) VALUES ('" . $type_id . "','credit','" . $amount . "','" . $balance . "','" . $new_balance . "','SUCCESS','Balance credited on withdrawal request cancellation.')";
            $db->sql($sql);
        }
    }
    $sql_query = "Update withdrawal_requests set `status`='" . $status . "' where `id`=" . $id;
    if ($db->sql($sql_query)) {
        echo "<label class='alert alert-success'>Withdrawal request updated successfully.</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}

if (isset($_GET['delete_withdrawal_request']) && $_GET['delete_withdrawal_request'] == 1) {
    if ($permissions['return_requests']['delete'] == 0) {
        echo 2;
        return false;
    }
    $id = $db->escapeString($_GET['id']);
    $sql = "DELETE FROM `withdrawal_requests` WHERE id=" . $id;
    if ($db->sql($sql)) {
        echo 0;
    } else {
        echo 1;
    }
}

// upload bulk product - upload products in bulk using  a CSV file
if (isset($_POST['bulk_upload']) && $_POST['bulk_upload'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'products')) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['products']['create'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
        return false;
    }
    $count = 0;
    $count1 = 0;
    $error = false;
    $filename = $_FILES["upload_file"]["tmp_name"];
    $result = $fn->validate_image($_FILES["upload_file"], false);
    if ($result) {
        $error = true;
    }

    $allowed_status = array("received", "processed", "shipped");
    if ($_FILES["upload_file"]["size"] > 0  && $error == false) {
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count != 0) {
                $till_status = strtolower($emapData[8]);
                $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // product name
                $emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // category id
                $emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // subcategory id
                $emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // indicator
                $emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // manufacturer
                $emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // made in
                $emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // return status
                $emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // cancel status
                $emapData[8] = trim($db->escapeString($fn->xss_clean($till_status))); // till status
                $emapData[9] = trim($db->escapeString($fn->xss_clean($emapData[9]))); // description

                if (empty($emapData[0])) {
                    echo '<p class="alert alert-danger">Product Name  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[1])) {
                    echo '<p class="alert alert-danger">Category ID  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[6]) && $emapData[6] != 1) {
                    echo '<p class="alert alert-danger">Is Returnable is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[7]) && $emapData[7] != 1) {
                    echo '<p class="alert alert-danger">Is cancel-able is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[7]) && $emapData[7] == 1 && (empty($emapData[8]) || !in_array($emapData[8], $allowed_status))) {
                    echo '<p class="alert alert-danger">Till status is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[7]) && !(empty($emapData[8]))) {
                    echo '<p class="alert alert-danger">Till status is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[9])) {
                    echo '<p class="alert alert-danger">Description  is empty at row - ' . $count . '</div>';
                    return false;
                }
            }
            $count++;
        }
        fclose($file);
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count1 != 0) {
                $till_status = strtolower($emapData[8]);
                $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // product name
                $emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // category id
                $emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // subcategory id
                $emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // indicator
                $emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // manufacturer
                $emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // made in
                $emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($fn->xss_clean($emapData[6]))) : 0; // return status
                $emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($fn->xss_clean($emapData[7]))) : 0; // cancel status
                $emapData[8] = trim($db->escapeString($fn->xss_clean($till_status))); // till status
                $emapData[9] = trim($db->escapeString($fn->xss_clean($emapData[9]))); // description
                $emapData[10] = trim($db->escapeString($fn->xss_clean($emapData[10]))); // image
                $slug = $function->slugify($emapData[0]);
                $sql = "INSERT INTO products (`name`,`slug`,`category_id`,`subcategory_id`,`indicator`,`manufacturer`,`made_in`,`return_status`,`cancelable_status`,`till_status`,`description`,`image`) VALUES ('" . $emapData[0] . "','" . $slug . "','" . $emapData[1] . "','" . $emapData[2] . "','" . $emapData[3] . "','" . $emapData[4] . "','" . $emapData[5] . "','" . $emapData[6] . "','" . $emapData[7] . "','" . $emapData[8] . "','" . $emapData[9] . "','" . $emapData[10] . "')";
                $db->sql($sql);
            }

            $count1++;
        }
        fclose($file);
        echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
    } else {
        echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
    }
}
// upload bulk product - upload products in bulk using  a CSV file
if (isset($_POST['bulk_update']) && $_POST['bulk_update'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'products')) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['products']['update'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update products.</label>";
        return false;
    }
    $count = 0;
    $count1 = 0;
    $filename = $_FILES["upload_file"]["tmp_name"];
    $error = false;
    $filename = $_FILES["upload_file"]["tmp_name"];
    $result = $fn->validate_image($_FILES["upload_file"], false);
    if ($result) {
        $error = true;
    }

    $allowed_status = array("received", "processed", "shipped");
    if ($_FILES["upload_file"]["size"] > 0  && $error == false) {
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count != 0) {
                $till_status = strtolower($emapData[9]);
                $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // product ID
                $emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // product name
                $emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // category id
                $emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // subcategory id
                $emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // indicator
                $emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // manufacturer
                $emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // made in
                $emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // return status
                $emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // cancel status
                $emapData[9] = trim($db->escapeString($fn->xss_clean($till_status))); // till status
                $emapData[10] = trim($db->escapeString($fn->xss_clean($emapData[10]))); // description
                $emapData[11] = $db->escapeString($fn->xss_clean($emapData[11])); // image
                if (empty($emapData[0])) {
                    echo '<p class="alert alert-danger">Product ID  is empty at row - ' . $count . '</div>';
                    return false;
                }
                $sql = "SELECT * FROM products WHERE id=" . $emapData[0];
                $db->sql($sql);
                $result = $db->getResult();
                if (empty($result)) {
                    echo '<p class="alert alert-danger">Product ID  is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[7]) && $emapData[7] != 1) {
                    echo '<p class="alert alert-danger">Is Returnable is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[8]) && $emapData[8] != 1) {
                    echo '<p class="alert alert-danger">Is cancel-able is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[8]) && $emapData[8] == 1 && (empty($emapData[9]) || !in_array($emapData[9], $allowed_status))) {
                    echo '<p class="alert alert-danger">Till status is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[8]) && !(empty($emapData[9]))) {
                    echo '<p class="alert alert-danger">Till status is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[8]) && (empty($emapData[9]))) {
                    echo '<p class="alert alert-danger">Till status is invalid or empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[11])) {
                    echo '<p class="alert alert-danger">Image  is empty at row - ' . $count . '</div>';
                    return false;
                }
            }
            $count++;
        }
        fclose($file);
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count1 != 0) {
                $emapData[0] = trim($db->escapeString($emapData[0])); // product ID
                $sql = "SELECT * FROM products WHERE id=" . $emapData[0];
                $db->sql($sql);
                $result = $db->getResult();
                $till_status = strtolower($emapData[9]);
                $emapData[1] = !empty($emapData[1]) ? trim($db->escapeString($fn->xss_clean($emapData[1]))) : $result[0]['name']; // product name
                $emapData[2] = !empty($emapData[2]) ? trim($db->escapeString($fn->xss_clean($emapData[2]))) : $result[0]['category_id']; // category id
                $emapData[3] = !empty($emapData[3]) ? trim($db->escapeString($fn->xss_clean($emapData[3]))) : $result[0]['subcategory_id']; // subcategory id
                $emapData[4] = !empty($emapData[4]) ? trim($db->escapeString($fn->xss_clean($emapData[4]))) : $result[0]['indicator']; // indicator
                $emapData[5] = !empty($emapData[5]) ? trim($db->escapeString($fn->xss_clean($emapData[5]))) : $result[0]['manufacturer']; // manufacturer
                $emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($fn->xss_clean($emapData[6]))) : $result[0]['made_in']; // made in
                $emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($fn->xss_clean($emapData[7]))) : $result[0]['return_status']; // return status
                $emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // cancel status
                $emapData[9] = !empty($emapData[8]) ? trim($db->escapeString($fn->xss_clean($till_status))) : ''; // till status
                $emapData[10] = !empty($emapData[10]) ? trim($db->escapeString($fn->xss_clean($emapData[10]))) : $result[0]['description']; // description
                $emapData[11] = !empty($emapData[11]) ? trim($db->escapeString($fn->xss_clean($emapData[11]))) : $result[0]['image']; // image

                $slug = !empty($emapData[1]) ? $function->slugify($emapData[1]) : $result[0]['slug'];
                $sql = "UPDATE products SET `name`='" . $emapData[1] . "',`slug`='" . $slug . "',`category_id`='" . $emapData[2] . "',`subcategory_id`='" . $emapData[3] . "',`indicator`='" . $emapData[4] . "',`manufacturer`='" . $emapData[5] . "',`made_in`='" . $emapData[6] . "',`return_status`='" . $emapData[7] . "',`cancelable_status`='" . $emapData[8] . "',`till_status`='" . $emapData[9] . "',`description`='" . $emapData[10] . "',`image`='" . $emapData[11] . "' WHERE id=" . $emapData[0];
                $db->sql($sql);
            }

            $count1++;
        }
        fclose($file);
        echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
    } else {
        echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
    }
}
// upload bulk product variants- upload product variants in bulk using  a CSV file
if (isset($_POST['bulk_upload']) && $_POST['bulk_upload'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'variants')) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['products']['create'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
        return false;
    }
    $count = 0;
    $count1 = 0;
    $filename = $_FILES["upload_file"]["tmp_name"];
    $error = false;
    $result = $fn->validate_image($_FILES["upload_file"], false);
    if ($result) {
        $error = true;
    }

    $file = fopen($filename, "r");
    $emptydata = false;
    $invalid_price = false;
    while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
        if ($count != 0) {
            $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // type
            $emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // measurement
            $emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // measurement unit id
            $emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // price
            $emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // discounted price
            $emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // serve for
            $emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // stock
            $emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // stock unit id
            $emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // product id

            if (empty($emapData[0]) || ($emapData[0] != 'packet' && $emapData[0] != 'loose')) {
                $emptydata = true;
                echo '<p class="alert alert-danger">Type  is empty or invalid at row - ' . $count . '</div>';
                return false;
            }
            if (empty($emapData[1])) {
                $emptydata = true;
                echo '<p class="alert alert-danger">Measurement  is empty or invalid at row - ' . $count . '</div>';
                return false;
            }
            $sql = "SELECT id FROM unit";
            $db->sql($sql);
            $ids = $db->getResult();
            $invalid_measurement_unit = 1;
            foreach ($ids as $id) {
                if ($emapData[2] == $id['id']) {
                    $invalid_measurement_unit = 0;
                }
            }
            if (empty($emapData[2]) || $invalid_measurement_unit == 1) {
                echo '<p class="alert alert-danger">Measurement Unit ID is empty or invalid at row - ' . $count . '</div>';
                return false;
            }
            if (empty($emapData[3]) || $emapData[3] <= $emapData[4]) {
                $emptydata = true;
                echo '<p class="alert alert-danger">Price is empty or invalid at row - ' . $count . '</div>';
                return false;
            }
            if (empty($emapData[5]) || ($emapData[5] != 'Available' && $emapData[5] != 'Sold Out')) {
                $emptydata = true;
                echo '<p class="alert alert-danger">Serve For  is empty or invalid at row - ' . $count . '</div>';
                return false;
            }
            $invalid_stock_unit = 0;
            foreach ($ids as $id) {
                if ($emapData[7] == $id['id']) {
                    $invalid_stock_unit = 0;
                }
            }
            if (empty($emapData[7]) || $invalid_stock_unit == 1) {
                echo '<p class="alert alert-danger">Stock Unit ID is empty or invalid at row - ' . $count . '</div>';
                return false;
            }
            if (empty($emapData[8])) {
                $emptydata = true;
                echo '<p class="alert alert-danger">Product ID is empty at row - ' . $count . '</div>';
                return false;
            }
            $sql = "SELECT id FROM products WHERE id=" . $emapData[8];
            $db->sql($sql);
            $result = $db->getResult();
            if (empty($result)) {
                echo '<p class="alert alert-danger">Product ID  is invalid at row - ' . $count . '</div>';
                return false;
            }
        }
        $count++;
    }
    fclose($file);
    $file = fopen($filename, "r");
    while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
        if ($count1 != 0) {
            $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // type
            $emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // measurement
            $emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // measurement unit id
            $emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // price
            $emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // discounted price
            $emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // serve for
            $emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // stock
            $emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // stock unit id
            $emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // product id
            $sql = "INSERT INTO product_variant (`product_id`,`type`,`measurement`,`measurement_unit_id`,`price`,`discounted_price`,`serve_for`,`stock`,`stock_unit_id`) VALUES ('" . $emapData[8] . "','" . $emapData[0] . "','" . $emapData[1] . "','" . $emapData[2] . "','" . $emapData[3] . "','" . $emapData[4] . "','" . $emapData[5] . "','" . $emapData[6] . "','" . $emapData[7] . "')";
            $db->sql($sql);
        }

        $count1++;
    }
    fclose($file);
    echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
    // } else {
    //     echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
    // }
}

if (isset($_POST['bulk_update']) && $_POST['bulk_update'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'variants')) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['products']['update'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update products.</label>";
        return false;
    }
    $count = 0;

    $count1 = 0;
    $filename = $_FILES["upload_file"]["tmp_name"];
    $error = false;
    $result = $fn->validate_image($_FILES["upload_file"], false);
    if ($result) {
        $error = true;
    }

    if ($_FILES["upload_file"]["size"] > 0  && $error == false) {
        $file = fopen($filename, "r");
        $emptydata = false;
        $invalid_price = false;
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count != 0) {
                $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // ID
                $emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // type
                $emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // measurement
                $emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // measurement unit id
                $emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // price
                $emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // discounted price
                $emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // serve for
                $emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // stock
                $emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // stock unit id
                $emapData[9] = trim($db->escapeString($fn->xss_clean($emapData[9]))); // product id

                if (empty($emapData[0])) {
                    echo '<p class="alert alert-danger">Variant ID  is empty at row - ' . $count . '</div>';
                    return false;
                }
                $sql = "SELECT * FROM product_variant WHERE id=" . $emapData[0];
                $db->sql($sql);
                $result = $db->getResult();
                if (empty($result)) {
                    echo '<p class="alert alert-danger">Variant ID  is invalid at row - ' . $count . '</div>';
                    return false;
                }


                if (!empty($emapData[1]) && $emapData[1] != 'packet' && $emapData[1] != 'loose') {
                    echo '<p class="alert alert-danger">Type  is invalid at row - ' . $count . '</div>';
                    return false;
                }

                $sql = "SELECT id FROM unit";
                $db->sql($sql);
                $ids = $db->getResult();
                if (!empty($emapData[3])) {
                    $invalid_measurement_unit = 1;
                    foreach ($ids as $id) {
                        if ($emapData[3] == $id['id']) {
                            $invalid_measurement_unit = 0;
                        }
                    }
                    if ($invalid_measurement_unit == 1) {
                        echo '<p class="alert alert-danger">Measurement Unit ID is invalid at row - ' . $count . '</div>';
                        return false;
                    }
                }

                if ($emapData[4] <= $emapData[5]) {
                    echo '<p class="alert alert-danger">Price is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[6]) && $emapData[6] != 'Available' && $emapData[6] != 'Sold Out') {
                    echo '<p class="alert alert-danger">Serve For  is invalid at row - ' . $count . '</div>';
                    return false;
                }

                if (!empty($emapData[8])) {
                    $invalid_stock_unit = 1;
                    foreach ($ids as $id) {
                        if ($emapData[8] == $id['id']) {
                            $invalid_stock_unit = 0;
                        }
                    }
                    if ($invalid_stock_unit == 1) {
                        echo '<p class="alert alert-danger">Stock Unit ID is invalid at row - ' . $count . '</div>';
                        return false;
                    }
                }
                if (!empty($emapData[9])) {
                    $sql = "SELECT id FROM products WHERE id=" . $emapData[9];
                    $db->sql($sql);
                    $result = $db->getResult();
                    if (empty($result)) {
                        echo '<p class="alert alert-danger">Product ID  is invalid at row - ' . $count . '</div>';
                        return false;
                    }
                }
            }
            $count++;
        }
        fclose($file);
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count1 != 0) {
                $emapData[0] = trim($db->escapeString($emapData[0])); // ID
                $sql = "SELECT * FROM product_variant WHERE id=" . $emapData[0];
                $db->sql($sql);
                $result = $db->getResult();
                $emapData[1] = !empty($emapData[1]) ? trim($db->escapeString($fn->xss_clean($emapData[1]))) : $result[0]['type']; // type
                $emapData[2] = !empty($emapData[2]) ? trim($db->escapeString($fn->xss_clean($emapData[2]))) : $result[0]['measurement']; // measurement
                $emapData[3] = !empty($emapData[3]) ? trim($db->escapeString($fn->xss_clean($emapData[3]))) : $result[0]['measurement_unit_id']; // measurement unit id
                $emapData[4] = !empty($emapData[4]) ? trim($db->escapeString($fn->xss_clean($emapData[4]))) : $result[0]['price']; // price
                $emapData[5] = $result[0]['discounted_price'] == 0 && !empty($emapData[5]) ? trim($db->escapeString($fn->xss_clean($emapData[5]))) : trim($db->escapeString($fn->xss_clean($emapData[5]))); // discounted price
                $emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($fn->xss_clean($emapData[6]))) : $result[0]['serve_for']; // serve for
                $emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($fn->xss_clean($emapData[7]))) : $result[0]['stock']; // stock
                $emapData[8] = !empty($emapData[8]) ? trim($db->escapeString($fn->xss_clean($emapData[8]))) : $result[0]['stock_unit_id']; // stock unit id
                $emapData[9] = !empty($emapData[9]) ? trim($db->escapeString($fn->xss_clean($emapData[9]))) : $result[0]['product_id']; // product id
                $sql = "UPDATE product_variant SET `product_id`='" . $emapData[9] . "',`type`='" . $emapData[1] . "',`measurement`='" . $emapData[2] . "',`measurement_unit_id`='" . $emapData[3] . "',`price`='" . $emapData[4] . "',`discounted_price`='" . $emapData[5] . "',`serve_for`='" . $emapData[6] . "',`stock`='" . $emapData[7] . "',`stock_unit_id`='" . $emapData[8] . "' WHERE id=" . $emapData[0];
                $db->sql($sql);
            }

            $count1++;
        }
        fclose($file);
        echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
    } else {
        echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
    }
}

if (isset($_GET['product_status']) && !empty($_GET['product_status']) && isset($_GET['type']) && !empty($_GET['type'])) {
    if (ALLOW_MODIFICATION == 0) {
        echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
        return false;
    }
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['products']['update'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update products.</label>";
        return false;
    }
    $type = $db->escapeString($fn->xss_clean($_GET['type']));
    $product_id = $db->escapeString($fn->xss_clean($_GET['id']));

    if ($type == 'deactive') {
        $sql = "UPDATE `products` SET `status`= 0 WHERE id = $product_id";
        if ($db->sql($sql)) {
            echo 1;
        } else {
            echo 0;
        }
    }
    if ($type == 'active') {
        $sql = "UPDATE `products` SET `status`= 1 WHERE id = $product_id";
        if ($db->sql($sql)) {
            echo 1;
        } else {
            echo 0;
        }
    }
}

if (isset($_POST['delete_media']) && !empty($_POST['id']) && $_POST['delete_media'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    $id     = $db->escapeString($fn->xss_clean($_POST['id']));
    $image  = $db->escapeString($fn->xss_clean($_POST['image']));
    if (!empty($image))
        unlink('../' . $image);

    $sql = "DELETE FROM `media` WHERE `id`='" . $id . "'";

    if ($db->sql($sql)) {
        echo 1;
        echo "<p class='alert alert-success'>Media Deleted successfully!</p><br>";
    } else {
        echo 0;
        echo "<p class='alert alert-success'>Media is not Deleted!</p><br>";
    }
}

if (isset($_POST['change_product'])) {
    if ($permissions['products']['read'] == 1) {
        if ($_POST['product_id'] == '') {
            $sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id";
        } else {
            $product_id = $db->escapeString($fn->xss_clean($_POST['product_id']));
            $sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id WHERE pv.product_id=" . $product_id;
        }
    } else {
        echo "<option value=''>--Select Product Variants--</option>";
        return false;
    }

    $db->sql($sql);
    $res = $db->getResult();
    if (!empty($res)) {
        foreach ($res as $row) {
            echo "<option value=" . $row['id'] . ">" . $row['measurement'] . " " . $row['short_code'] . "</option>";
        }
    } else {
        echo "<option value=''>--No Product Variants added--</option>";
    }
}

if (isset($_POST['change_price'])) {
    if ($permissions['products']['read'] == 1) {
        if ($_POST['product_variant_id'] == '') {
            $sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id";
        } else {
            $product_variant_id = $db->escapeString($fn->xss_clean($_POST['product_variant_id']));
            $sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id WHERE pv.id=" . $product_variant_id;
        }
    }

    $db->sql($sql);
    $res = $db->getResult();
    if (!empty($res)) {
        foreach ($res as $row) {
            echo $row['price'];
        }
    }
}

if (isset($_POST['change_discounted_price'])) {
    if ($permissions['products']['read'] == 1) {
        if ($_POST['product_variant_id'] == '') {
            $sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id";
        } else {
            $product_variant_id = $db->escapeString($fn->xss_clean($_POST['product_variant_id']));
            $sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id WHERE pv.id=" . $product_variant_id;
        }
    }

    $db->sql($sql);
    $res = $db->getResult();
    if (!empty($res)) {
        foreach ($res as $row) {
            echo $row['discounted_price'];
        }
    }
}

if (isset($_POST['get_units_of_products']) && $_POST['get_units_of_products'] != '') {
    $id = $db->escapeString($fn->xss_clean($_POST['unit_id']));
    $sql = "SELECT u.* FROM `unit` u  WHERE u.id=" . $id;
    $db->sql($sql);
    $res = $db->getResult();
    if ($res[0]['short_code'] == 'S' || $res[0]['short_code'] == 'M' || $res[0]['short_code'] == 'L' || $res[0]['short_code'] == 'XL') {
        echo 1;
    } else {
        echo 2;
    }
}


if (isset($_POST['bulk_uploads']) && $_POST['bulk_uploads'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'products')) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['products']['create'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
        return false;
    }
    $count = 0;
    $count1 = 0;
    $error = false;
    $filename = $_FILES["upload_file"]["tmp_name"];

    $result = $fn->validate_image($_FILES["upload_file"], false);
    if ($result) {
        $error = true;
    }
    $allowed_status = array("received", "processed", "shipped");
    if ($_FILES["upload_file"]["size"] > 0  && $error == false) {
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {

            if ($count != 0) {
                $emapData[0] = trim($db->escapeString($emapData[0])); // product name
                $emapData[1] = trim($db->escapeString($emapData[1])); // category id
                $emapData[2] = trim($db->escapeString($emapData[2])); // subcategory id
                $emapData[3] = trim($db->escapeString($emapData[3])); // indicator
                $emapData[4] = trim($db->escapeString($emapData[4])); // manufacturer
                $emapData[5] = trim($db->escapeString($emapData[5])); // made in
                $emapData[6] = trim($db->escapeString($emapData[6])); // return status
                $emapData[7] = trim($db->escapeString($emapData[7])); // cancel status
                $emapData[8] = trim($db->escapeString($emapData[8])); // till status
                $emapData[9] = trim($db->escapeString($emapData[9])); // description
                $emapData[10] = trim($db->escapeString($emapData[10])); // image
                $emapData[11] = trim($db->escapeString($emapData[11])); // tax id

                $emapData[12] = trim($db->escapeString($emapData[12])); // type
                $emapData[13] = trim($db->escapeString($emapData[13])); // Measurement
                $emapData[14] = trim($db->escapeString($emapData[14])); // Measurement Unit ID
                $emapData[15] = trim($db->escapeString($emapData[15])); // Price
                $emapData[16] = trim($db->escapeString($emapData[16])); // Discounted Price
                $emapData[17] = trim($db->escapeString($emapData[17])); // Serve For
                $emapData[18] = trim($db->escapeString($emapData[18])); // Stock
                $emapData[19] = trim($db->escapeString($emapData[19])); // Stock Unit ID

                if (empty($emapData[0])) {
                    echo '<p class="alert alert-danger">Product Name  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[1])) {
                    echo '<p class="alert alert-danger">Category ID  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[2])) {
                    echo '<p class="alert alert-danger">Subcategory ID  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }

                if (!empty($emapData[6]) && $emapData[6] != 1) {
                    echo '<p class="alert alert-danger">Is Returnable is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[7]) && $emapData[7] != 1) {
                    echo '<p class="alert alert-danger">Is cancel-able is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[7]) && $emapData[7] == 1 && (empty($emapData[8]) || !in_array($emapData[8], $allowed_status))) {
                    echo '<p class="alert alert-danger">Till status is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[7]) && !(empty($emapData[8]))) {
                    echo '<p class="alert alert-danger">Till status is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[9])) {
                    echo '<p class="alert alert-danger">Description  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[10])) {
                    echo '<p class="alert alert-danger">Image  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[12]) || ($emapData[12] != 'packet' && $emapData[12] != 'loose')) {
                    echo '<p class="alert alert-danger">Type  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[13]) || !is_numeric($emapData[13])) {
                    echo '<p class="alert alert-danger">Measurement  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                $sql = "SELECT id FROM unit";
                $db->sql($sql);
                $ids = $db->getResult();
                $invalid_measurement_unit = 1;
                foreach ($ids as $id) {
                    if ($emapData[14] == $id['id']) {
                        $invalid_measurement_unit = 0;
                    }
                }
                if (empty($emapData[14]) || $invalid_measurement_unit == 1) {
                    echo '<p class="alert alert-danger">Measurement Unit ID is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[15]) || $emapData[15] <= $emapData[16]) {
                    echo '<p class="alert alert-danger">Price is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[17]) || ($emapData[17] != 'Available' && $emapData[17] != 'Sold Out')) {
                    echo '<p class="alert alert-danger">Serve For  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                $invalid_stock_unit = 1;
                foreach ($ids as $id) {
                    if ($emapData[19] == $id['id']) {
                        $invalid_stock_unit = 0;
                    }
                }
                if (empty($emapData[19]) || $invalid_stock_unit == 1) {
                    echo '<p class="alert alert-danger">Stock Unit ID is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
            }
            $count++;
        }
        fclose($file);
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count1 != 0) {
                $emapData[0] = trim($db->escapeString($emapData[0])); // product name
                $emapData[1] = trim($db->escapeString($emapData[1])); // category id
                $emapData[2] = trim($db->escapeString($emapData[2])); // subcategory id
                $emapData[3] = trim($db->escapeString($emapData[3])); // indicator
                $emapData[4] = trim($db->escapeString($emapData[4])); // manufacturer
                $emapData[5] = trim($db->escapeString($emapData[5])); // made in
                $emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($emapData[6])) : 0; // return status
                $emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($emapData[7])) : 0; // cancel status
                $emapData[8] = trim($db->escapeString($emapData[8])); // till status
                $emapData[9] = trim($db->escapeString($emapData[9])); // description
                $emapData[10] = trim($db->escapeString($emapData[10])); // image
                $emapData[11] = trim($db->escapeString($emapData[11])); // tax id

                $emapData[12] = trim($db->escapeString($emapData[12])); // type
                $emapData[13] = trim($db->escapeString($emapData[13])); // Measurement
                $emapData[14] = trim($db->escapeString($emapData[14])); // Measurement Unit ID
                $emapData[15] = trim($db->escapeString($emapData[15])); // Price
                $emapData[16] = trim($db->escapeString($emapData[16])); // Discounted Price
                $emapData[17] = trim($db->escapeString($emapData[17])); // Serve For
                $emapData[18] = trim($db->escapeString($emapData[18])); // Stock
                $emapData[19] = trim($db->escapeString($emapData[19])); // Stock Unit ID
                $slug = $function->slugify($emapData[0]);
                $data = array(
                    'name' => $emapData[0],
                    'slug' => $slug,
                    'category_id' => $emapData[1],
                    'subcategory_id' => $emapData[2],
                    'indicator' => $emapData[3],
                    'manufacturer' => $emapData[4],
                    'made_in' => $emapData[5],
                    'return_status' => $emapData[6],
                    'cancelable_status' => $emapData[7],
                    'till_status' => $emapData[8],
                    'description' => $emapData[9],
                    'image' => $emapData[10],
                    'tax_id' => $emapData[11]
                );
                $total = (count($emapData) / 9);
                $db->insert('products', $data);
                $res = $db->getResult();

                if ($total > 3) {
                    $index = 11;
                    for ($i = 0; $i < ($total - 2); $i++) {
                        $data = array(
                            'product_id' => $res[0],
                            'type' => $emapData[++$index],
                            'measurement' => $emapData[++$index],
                            'measurement_unit_id' => $emapData[++$index],
                            'price' => $emapData[++$index],
                            'discounted_price' => $emapData[++$index],
                            'serve_for' => $emapData[++$index],
                            'stock' => $emapData[++$index],
                            'stock_unit_id' => $emapData[++$index]
                        );
                        $db->insert('product_variant', $data);
                        $res1 = $db->getResult();
                    }
                } else {
                    $data = array(
                        'product_id' => $res[0],
                        'type' => $emapData[12],
                        'measurement' => $emapData[13],
                        'measurement_unit_id' => $emapData[14],
                        'price' => $emapData[15],
                        'discounted_price' => $emapData[16],
                        'discounted_price' => $emapData[16],
                        'serve_for' => $emapData[17],
                        'stock' => $emapData[18],
                        'stock_unit_id' => $emapData[19]
                    );
                    $db->insert('product_variant', $data);
                    $res1 = $db->getResult();
                }
            }

            $count1++;
        }
        fclose($file);
        echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
    } else {
        echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
    }
}
if (isset($_POST['bulk_updates']) && $_POST['bulk_updates'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'products')) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['products']['create'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
        return false;
    }
    $count = 0;
    $count1 = 0;
    $error = false;
    $filename = $_FILES["upload_file"]["tmp_name"];

    $result = $fn->validate_image($_FILES["upload_file"], false);
    if ($result) {
        $error = true;
    }
    $allowed_status = array("received", "processed", "shipped");
    if ($_FILES["upload_file"]["size"] > 0  && $error == false) {
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {

            if ($count != 0) {
                $emapData[0] = trim($db->escapeString($emapData[0])); // product name
                $emapData[1] = trim($db->escapeString($emapData[1])); // category id
                $emapData[2] = trim($db->escapeString($emapData[2])); // subcategory id
                $emapData[3] = trim($db->escapeString($emapData[3])); // indicator
                $emapData[4] = trim($db->escapeString($emapData[4])); // manufacturer
                $emapData[5] = trim($db->escapeString($emapData[5])); // made in
                $emapData[6] = trim($db->escapeString($emapData[6])); // return status
                $emapData[7] = trim($db->escapeString($emapData[7])); // cancel status
                $emapData[8] = trim($db->escapeString($emapData[8])); // till status
                $emapData[9] = trim($db->escapeString($emapData[9])); // description
                $emapData[10] = trim($db->escapeString($emapData[10])); // image
                $emapData[11] = trim($db->escapeString($emapData[11])); // tax id

                $emapData[12] = trim($db->escapeString($emapData[12])); // type
                $emapData[13] = trim($db->escapeString($emapData[13])); // Measurement
                $emapData[14] = trim($db->escapeString($emapData[14])); // Measurement Unit ID
                $emapData[15] = trim($db->escapeString($emapData[15])); // Price
                $emapData[16] = trim($db->escapeString($emapData[16])); // Discounted Price
                $emapData[17] = trim($db->escapeString($emapData[17])); // Serve For
                $emapData[18] = trim($db->escapeString($emapData[18])); // Stock
                $emapData[19] = trim($db->escapeString($emapData[19])); // Stock Unit ID

                if (empty($emapData[0])) {
                    echo '<p class="alert alert-danger">Product Name  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[1])) {
                    echo '<p class="alert alert-danger">Category ID  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[2])) {
                    echo '<p class="alert alert-danger">Subcategory ID  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }

                if (!empty($emapData[6]) && $emapData[6] != 1) {
                    echo '<p class="alert alert-danger">Is Returnable is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[7]) && $emapData[7] != 1) {
                    echo '<p class="alert alert-danger">Is cancel-able is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[7]) && $emapData[7] == 1 && (empty($emapData[8]) || !in_array($emapData[8], $allowed_status))) {
                    echo '<p class="alert alert-danger">Till status is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[7]) && !(empty($emapData[8]))) {
                    echo '<p class="alert alert-danger">Till status is invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[9])) {
                    echo '<p class="alert alert-danger">Description  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[10])) {
                    echo '<p class="alert alert-danger">Image  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[12]) || ($emapData[12] != 'packet' && $emapData[12] != 'loose')) {
                    echo '<p class="alert alert-danger">Type  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[13]) || !is_numeric($emapData[13])) {
                    echo '<p class="alert alert-danger">Measurement  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                $sql = "SELECT id FROM unit";
                $db->sql($sql);
                $ids = $db->getResult();
                $invalid_measurement_unit = 1;
                foreach ($ids as $id) {
                    if ($emapData[14] == $id['id']) {
                        $invalid_measurement_unit = 0;
                    }
                }
                if (empty($emapData[14]) || $invalid_measurement_unit == 1) {
                    echo '<p class="alert alert-danger">Measurement Unit ID is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[15]) || $emapData[15] <= $emapData[16]) {
                    echo '<p class="alert alert-danger">Price is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[17]) || ($emapData[17] != 'Available' && $emapData[17] != 'Sold Out')) {
                    echo '<p class="alert alert-danger">Serve For  is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
                $invalid_stock_unit = 1;
                foreach ($ids as $id) {
                    if ($emapData[19] == $id['id']) {
                        $invalid_stock_unit = 0;
                    }
                }
                if (empty($emapData[19]) || $invalid_stock_unit == 1) {
                    echo '<p class="alert alert-danger">Stock Unit ID is empty or invalid at row - ' . $count . '</div>';
                    return false;
                }
            }
            $count++;
        }
        fclose($file);
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count1 != 0) {
                $emapData[0] = trim($db->escapeString($emapData[0])); // product name
                $emapData[1] = trim($db->escapeString($emapData[1])); // category id
                $emapData[2] = trim($db->escapeString($emapData[2])); // subcategory id
                $emapData[3] = trim($db->escapeString($emapData[3])); // indicator
                $emapData[4] = trim($db->escapeString($emapData[4])); // manufacturer
                $emapData[5] = trim($db->escapeString($emapData[5])); // made in
                $emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($emapData[6])) : 0; // return status
                $emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($emapData[7])) : 0; // cancel status
                $emapData[8] = trim($db->escapeString($emapData[8])); // till status
                $emapData[9] = trim($db->escapeString($emapData[9])); // description
                $emapData[10] = trim($db->escapeString($emapData[10])); // image
                $emapData[11] = trim($db->escapeString($emapData[11])); // tax id

                $emapData[12] = trim($db->escapeString($emapData[12])); // type
                $emapData[13] = trim($db->escapeString($emapData[13])); // Measurement
                $emapData[14] = trim($db->escapeString($emapData[14])); // Measurement Unit ID
                $emapData[15] = trim($db->escapeString($emapData[15])); // Price
                $emapData[16] = trim($db->escapeString($emapData[16])); // Discounted Price
                $emapData[17] = trim($db->escapeString($emapData[17])); // Serve For
                $emapData[18] = trim($db->escapeString($emapData[18])); // Stock
                $emapData[19] = trim($db->escapeString($emapData[19])); // Stock Unit ID
                $slug = $function->slugify($emapData[0]);
                $data = array(
                    'name' => $emapData[0],
                    'slug' => $slug,
                    'category_id' => $emapData[1],
                    'subcategory_id' => $emapData[2],
                    'indicator' => $emapData[3],
                    'manufacturer' => $emapData[4],
                    'made_in' => $emapData[5],
                    'return_status' => $emapData[6],
                    'cancelable_status' => $emapData[7],
                    'till_status' => $emapData[8],
                    'description' => $emapData[9],
                    'image' => $emapData[10],
                    'tax_id' => $emapData[11]
                );
                $db->insert('products', $data);
                $res = $db->getResult();
                $total = (count($emapData) / 8);
                if ($total > 3) {
                    $index = 11;
                    for ($i = 0; $i < ($total - 2); $i++) {
                        $data = array(
                            'product_id' => $res[0],
                            'type' => $emapData[++$index],
                            'measurement' => $emapData[++$index],
                            'measurement_unit_id' => $emapData[++$index],
                            'price' => $emapData[++$index],
                            'discounted_price' => $emapData[++$index],
                            'serve_for' => $emapData[++$index],
                            'stock' => $emapData[++$index],
                            'stock_unit_id' => $emapData[++$index]
                        );
                        $db->insert('product_variant', $data);
                        $res1 = $db->getResult();
                    }
                } else {
                    $data = array(
                        'product_id' => $res[0],
                        'type' => $emapData[12],
                        'measurement' => $emapData[13],
                        'measurement_unit_id' => $emapData[14],
                        'price' => $emapData[15],
                        'discounted_price' => $emapData[16],
                        'serve_for' => $emapData[17],
                        'stock' => $emapData[18],
                        'stock_unit_id' => $emapData[19]
                    );
                    $db->insert('product_variant', $data);
                    $res1 = $db->getResult();
                }
            }

            $count1++;
        }
        fclose($file);
        echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
    } else {
        echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
    }
}

if (isset($_GET['status']) && !empty($_GET['status']) && isset($_GET['type']) && !empty($_GET['type'])) {
    if (ALLOW_MODIFICATION == 0) {
        echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
        return false;
    }
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['customers']['read'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update users.</label>";
        return false;
    }
    $type = $db->escapeString($fn->xss_clean($_GET['type']));
    $user_id = $db->escapeString($fn->xss_clean($_GET['id']));

    if ($type == 'deactive') {
        $sql = "UPDATE `users` SET `status`= 0 WHERE id = $user_id";
        if ($db->sql($sql)) {
            echo 1;
        } else {
            echo 0;
        }
    }
    if ($type == 'active') {
        $sql = "UPDATE `users` SET `status`= 1 WHERE id = $user_id";
        if ($db->sql($sql)) {
            echo 1;
        } else {
            echo 0;
        }
    }
}

if (isset($_POST['update_bank_transfer']) && $_POST['update_bank_transfer'] == 1) {
    $message = isset($_POST['message']) && !empty($_POST['message']) ? $db->escapeString($fn->xss_clean($_POST['message'])) : "";
    $status = isset($_POST['status']) && !empty($_POST['status']) ? $db->escapeString($fn->xss_clean($_POST['status'])) : "";
    $order_id = $db->escapeString($fn->xss_clean($_POST['order_id']));

    $sql = "SELECT * FROM `order_bank_transfers` WHERE order_id=" . $order_id;
    $db->sql($sql);
    $res = $db->getResult();
    if ($res[0]['status'] == 0) {
        $atta_status = 'Pending';
    } elseif ($res[0]['status'] == 1) {
        $atta_status = 'Accepted';
    } elseif ($res[0]['status'] == 2) {
        $atta_status = 'Rejected';
    }

    if (!empty($_POST['status']) && $status == 0 && $status != '') {
        echo "<label class='alert alert-danger'>status already Accepted.</label>";
        return false;
    }

    if (($res[0]['status'] == 0 && $status == 0) || ($res[0]['status'] == 1 && $status == 1) || ($res[0]['status'] == 2 && $status == 2)) {
        echo  "<label class='alert alert-danger'>status already $atta_status. </label>";
        return false;
    }

    if ($res[0]['status'] < $status) {
        if (!empty($message)) {
            $sql_query = "update order_bank_transfers set `message`='" . $message . "',`status`='" . $status . "' where `order_id`=" . $order_id;
        } else {
            $sql_query = "update order_bank_transfers set `status`='" . $status . "' where `order_id`=" . $order_id;
        }

        if ($db->sql($sql_query)) {
            echo "<label class='alert alert-success'>Bank Transfer Details Updated successfully.</label>";
        } else {
            echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
        }
    } else {
        echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
    }
}

if (isset($_POST['get_category_id_by_product_id']) && $_POST['get_category_id_by_product_id'] == 1) {
    if ($_POST['category_id'] == '') {
        $sql = "SELECT id,name from `products` where `status` = 1 order by id desc";
    } else {
        $category_ids = $db->escapeString($fn->xss_clean($_POST['category_id']));
        $sql = "SELECT id,name from `products` where `status` = 1 AND category_id IN( $category_ids ) order by id desc";
    }
    $db->sql($sql);
    $res = $db->getResult();
    $selected = $_POST['selected'];
    $selected = explode(",", $selected);

    for ($i = 0; $i < count($selected); $i++) {
        $selected[$i] = trim($selected[$i]);
    }

    if (!empty($res)) {
        foreach ($res as $row) {
            if (in_array($row['id'], $selected)) {
                echo "<option value=" . $row['id'] . " selected >" . $row['name'] . "</option>";
            } else {
                echo "<option value=" . $row['id'] . " >" . $row['name'] . "</option>";
            }
        }
    }
}

if (isset($_POST['location_bulk_uploads']) && $_POST['location_bulk_uploads'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'cities')) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['locations']['create'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
        return false;
    }

    $count = 0;
    $count1 = 0;
    $error = false;
    $filename = $_FILES["upload_file"]["tmp_name"];

    if ($_FILES["upload_file"]["size"] > 0  && $error == false) {
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count != 0) {
                $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // city name

                if (empty($emapData[0])) {
                    echo '<p class="alert alert-danger">City Name  is empty at row - ' . $count . '</div>';
                    return false;
                }
            }
            $count++;
        }
        fclose($file);
        $file = fopen($filename, "r");

        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count1 != 0) {
                $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // city name

                $sql = "INSERT INTO city (`name`) VALUES ('" . $emapData[0] . "')";
                $db->sql($sql);
            }
            $count1++;
        }
        fclose($file);
        echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
    } else {
        echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
    }
}

if (isset($_POST['location_bulk_uploads']) && $_POST['location_bulk_uploads'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'areas')) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['locations']['create'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
        return false;
    }

    $count = 0;
    $count1 = 0;
    $error = false;
    $filename = $_FILES["upload_file"]["tmp_name"];

    if ($_FILES["upload_file"]["size"] > 0  && $error == false) {
        $file = fopen($filename, "r");
        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count != 0) {
                $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // area name
                $emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // city id
                $emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // minimum_free_delivery_order_amount
                $emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); //minimum_order_amount
                $emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); //delivery_charges

                if (empty($emapData[0])) {
                    echo '<p class="alert alert-danger">Area Name  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[1])) {
                    echo '<p class="alert alert-danger">City Id  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (!empty($emapData[1])) {
                    $city = $fn->get_data($columns = ['name'], "id=" . $emapData[1], 'city');
                    if (empty($city)) {
                        echo '<p class="alert alert-danger">City is not exist check the city_id at row - ' . $count . '</div>';
                        return false;
                    }
                }
                if (empty($emapData[2])) {
                    echo '<p class="alert alert-danger">Minimum Free Delivery Order Amount  is empty at row - ' . $count . '</div>';
                    return false;
                }
                if (empty($emapData[4])) {
                    echo '<p class="alert alert-danger">Delivery Charges  is empty at row - ' . $count . '</div>';
                    return false;
                }
            }
            $count++;
        }
        fclose($file);
        $file = fopen($filename, "r");

        while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
            if ($count1 != 0) {
                $emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // Area Name
                $emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // City Id
                $emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // minimum_free_delivery_order_amount
                $emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // minimum_order_amount
                $emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // delivery_charges

                $sql = "INSERT INTO area (`name`,`city_id`,`minimum_free_delivery_order_amount`,`minimum_order_amount`,`delivery_charges`) VALUES ('" . $emapData[0] . "','" . $emapData[1] . "','" . $emapData[2] . "','" . $emapData[3] . "','" . $emapData[4] . "')";
                $db->sql($sql);
            }
            $count1++;
        }
        fclose($file);
        echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
    } else {
        echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
    }
}

if (isset($_GET['offer_status']) && !empty($_GET['offer_status']) && isset($_GET['type']) && !empty($_GET['type'])) {
    if (ALLOW_MODIFICATION == 0) {
        echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
        return false;
    }
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['new_offers']['read'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update offers.</label>";
        return false;
    }
    $type = $db->escapeString($fn->xss_clean($_GET['type']));
    $id = $db->escapeString($fn->xss_clean($_GET['id']));

    if ($type == 'deactive') {
        $sql = "UPDATE `offers` SET `status`= 0 WHERE id = $id";
        if ($db->sql($sql)) {
            echo 1;
        } else {
            echo 0;
        }
    }
    if ($type == 'active') {
        $sql = "UPDATE `offers` SET `status`= 1 WHERE id = $id";
        if ($db->sql($sql)) {
            echo 1;
        } else {
            echo 0;
        }
    }
}

if (isset($_GET['slider_status']) && !empty($_GET['slider_status']) && isset($_GET['type']) && !empty($_GET['type'])) {
    if (ALLOW_MODIFICATION == 0) {
        echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
        return false;
    }
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['home_sliders']['read'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update Slider.</label>";
        return false;
    }
    $type = $db->escapeString($fn->xss_clean($_GET['type']));
    $id = $db->escapeString($fn->xss_clean($_GET['id']));

    if ($type == 'deactive') {
        $sql = "UPDATE `slider` SET `status`= 0 WHERE id = $id";
        if ($db->sql($sql)) {
            echo 1;
        } else {
            echo 0;
        }
    }
    if ($type == 'active') {
        $sql = "UPDATE `slider` SET `status`= 1 WHERE id = $id";
        if ($db->sql($sql)) {
            echo 1;
        } else {
            echo 0;
        }
    }
}

if (isset($_POST['boy_id']) && isset($_POST['cash_collection']) && !empty($_POST['cash_collection'])) {
    if (ALLOW_MODIFICATION == 0) {
        echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
        return false;
    }
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }
    if ($permissions['delivery_boys']['update'] == 0) {
        echo "<label class='alert alert-danger'>You have no permission to update delivery boy.</label>";
        return false;
    }
    $id = $db->escapeString($fn->xss_clean($_POST['boy_id']));
    $cash = $fn->get_data($columns = ['cash_received'], "id='" . $id . "'", 'delivery_boys');
    if (isset($cash[0]['cash_received'])) {
        $cash = $cash[0]['cash_received'];
        if (!is_numeric($_POST['amount'])) {
            echo "<label class='alert alert-danger'>Amount must be number.</label>";
            return false;
        }
        if ($_POST['amount'] > $cash) {
            echo "<label class='alert alert-danger'>Amount must be not be greater than cash.</label>";
            return false;
        }
        $amount = $db->escapeString($fn->xss_clean($_POST['amount']));
        $date = $db->escapeString($fn->xss_clean($_POST['date']));

        $message = (!empty($_POST['message'])) ? $db->escapeString($fn->xss_clean($_POST['message'])) : 'Delivery boy cash collection by admin';
        $cash = $cash - $amount;
        $sql = "Update delivery_boys set `cash_received`='" . $cash . "' where `id`=" . $id;
        $db->sql($sql);
        $fn->add_transaction("", $id, 'delivery_boy_cash_collection', $amount, $message, $date);
        echo "<p class='alert alert-success'>Cash collected Successfully!</p>";
    } else {
        echo "<label class='alert alert-danger'>Something went wrong!.</label>";
        return false;
    }
}

if (isset($_POST['add_ticket_types']) && $_POST['add_ticket_types'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }

    $type = $db->escapeString($fn->xss_clean($_POST['add_title']));

    $sql = "INSERT INTO ticket_type (`type`) VALUES ('$type')";
    if ($db->sql($sql)) {
        echo "<label class='alert alert-success'>Ticket Type Added Successfully!</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occrred! please try again.</label>";
    }
}

if (isset($_POST['edit_ticket_types']) && $_POST['edit_ticket_types'] == 1) {
    if (!checkadmin($auth_username)) {
        echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
        return false;
    }

    $type = $db->escapeString($fn->xss_clean($_POST['edit_title']));
    $id = $db->escapeString($fn->xss_clean($_POST['id']));

    $sql = "UPDATE ticket_type SET `type`= '$type' WHERE id= " . $id;
    if ($db->sql($sql)) {
        echo "<label class='alert alert-success'>Ticket Type Updated Successfully!</label>";
    } else {
        echo "<label class='alert alert-danger'>Some Error Occrred! please try again.</label>";
    }
}

// Delete tickrt types
if (isset($_GET['delete_ticket_types']) && $_GET['delete_ticket_types'] == 1) {
    if ($permissions['return_requests']['delete'] == 0) {
        echo 2;
        return false;
    }
    $id = $db->escapeString($_GET['id']);
    $sql = "DELETE FROM `ticket_type` WHERE id=" . $id;
    if ($db->sql($sql)) {
        echo 0;
    } else {
        echo 1;
    }
}

// Change status of ticket
if ((isset($_POST['change_ticket_status'])) && ($_POST['change_ticket_status'] == 1)) {

    $ticket_id = $db->escapeString($_POST['ticket_id']);
    $status = $db->escapeString($_POST['change_status']);

    $sql = "UPDATE `tickets` SET status = '" . $status . "' WHERE id = " . $ticket_id;
    $db->sql($sql);
}

// Load Ticket messages here 
if (isset($_POST['get_complaint_comments']) && ($_POST['get_complaint_comments'] == 1)) {
    $ticket_id = $db->escapeString($fn->xss_clean($_POST['ticket_id']));

    $where = "";
    if (isset($_POST['user_id']) && !empty($_POST['user_id'])) {
        $user_id = $db->escapeString($fn->xss_clean($_POST['user_id']));
        $where .= " AND user_id = $user_id";
    }
    if (isset($_POST['id']) && !empty($_POST['id'])) {
        $id = $db->escapeString($fn->xss_clean($_POST['id']));
        $where .= " AND tm.id = $id";
    }
    $offset = (isset($_POST['offset']) && !empty($fn->xss_clean($_POST['offset'])) && is_numeric($_POST['offset'])) ? $db->escapeString($fn->xss_clean($_POST['offset'])) : 0;
    $limit = (isset($_POST['limit']) && !empty($fn->xss_clean($_POST['limit'])) && is_numeric($_POST['limit'])) ? $db->escapeString($fn->xss_clean($_POST['limit'])) : 10;

    $sort = (isset($_POST['sort']) && !empty($fn->xss_clean($_POST['sort']))) ? $db->escapeString($fn->xss_clean($_POST['sort'])) : 'tm.id';
    $order = (isset($_POST['order']) && !empty($fn->xss_clean($_POST['order']))) ? $db->escapeString($fn->xss_clean($_POST['order'])) : 'DESC';

    if (isset($_POST['search'])) {
        $search = $db->escapeString($fn->xss_clean($_POST['search']));
        $where .= " AND (t.`title` like '%" . $search . "%' OR tm.`message` like '%" . $search . "%' )";
    }

    if (isset($_POST['ticket_id']) && !empty($_POST['ticket_id'])) {
        $sql = "SELECT count(tm.id) as total FROM `ticket_messages` tm left join tickets t on t.id=tm.ticket_id left join users u on u.id=t.user_id Where tm.ticket_id = $ticket_id" . $where;
        $db->sql($sql);
        $res = $db->getResult();
        $total = $res[0]['total'];

        $sql = "select tm.*,case when tm.type='admin' then a.username else u.name end as username from ticket_messages tm left join admin a on a.id = tm.user_id
        left join users u on u.id = tm.user_id Where tm.ticket_id = $ticket_id " . $where . " ORDER BY $sort $order LIMIT $offset,$limit";
        // echo $sql;
        $db->sql($sql);
        $res = $db->getResult();
        if (!empty($res)) {
            foreach ($res as $row) {
                $row['username'] = (!empty($row['username'])) ? $row['username'] : "";
                $tempRow['id'] = $row['id'];
                $tempRow['type'] = $row['type'];
                $tempRow['user_id'] = $row['user_id'];
                $tempRow['username'] = $row['username'];
                $tempRow['ticket_id'] = $row['ticket_id'];
                $tempRow['message'] = $row['message'];
                $tempRow['date_created'] = $row['date_created'];
                $tempRow['attachments'] = (!empty($row['attachments'])) ? $row['attachments'] : '';
                $rows[] = $tempRow;
            }
            $response['error'] = false;
            $response['message'] = 'Messages Retrived Successfully!';
            $response['total'] = $total;
            $response['data'] = $rows;
        } else {
            $response['error'] = true;
            $response['message'] = 'Data not Found!';
            $response['total'] = $total;
            $response['data'] = [];
        }
        print_r(json_encode($response));
    }
}

// send message
if (isset($_POST['send']) && ($_POST['send'] == 1)) {
    if (isset($_POST['message']) && $_POST['message'] != "") {
        $type = $_POST['type'];
        $user_id = $_POST['type_id'];
        $ticket_id = $_POST['ticket_id'];
        $message = $_POST['message'];
        $date_created = date('Y-m-d H:m:s');
    }

    $sql = "INSERT INTO ticket_messages (ticket_id,message,type,user_id,date_created) VALUES ($ticket_id, '$message','$type','$user_id','$date_created')";
    $result = $db->sql($sql);
    $row1 = $db->getResult();


    // get send message data
    $res = $fn->get_data('', '', 'ticket_messages', '', '', 'ORDER BY id DESC', 'LIMIT 0,1');
    $res[0]['last_updated'] = !empty($res[0]['last_updated']) ? $res[0]['last_updated'] : "";
    $res[0]['attachments'] = json_decode($res[0]['attachments'], 1);
    $res[0]['attachments'] = (empty($res[0]['attachments'])) ? array() : $res[0]['attachments'];
    for ($j = 0; $j < count($res[0]['attachments']); $j++) {
        $res[0]['attachments'][$j] = !empty(DOMAIN_URL . $res[0]['attachments'][$j]) ? DOMAIN_URL . $res[0]['attachments'][$j] : "";
    }
    $message_res = json_encode($res);

    // get ticket data
    $title = $fn->get_data('', 'id=' . $ticket_id, 'tickets');
    $t_id = $title[0]['id'];
    $ticket_title = $title[0]['title'];
    $u_id = $title[0]['user_id'];

    // send notification to user
    $fn->send_notification_to_user('Customer Support', $message, 'customer_notification', $u_id, $t_id, $message_res);

    echo json_encode($row1);
}

Zerion Mini Shell 1.0