ok
Mini Shell
<?php
session_start();
include('../includes/crud.php');
$db = new Database();
$db->connect();
$db->sql("SET NAMES 'utf8'");
$auth_username = $db->escapeString($_SESSION["user"]);
include_once('../includes/custom-functions.php');
$fn = new custom_functions;
include_once('../includes/functions.php');
$function = new functions;
$permissions = $fn->get_permissions($_SESSION['id']);
$config = $fn->get_configurations();
$time_slot_config = $fn->time_slot_config();
$time_zone = $fn->set_timezone($config);
if (!$time_zone) {
$response['error'] = true;
$response['message'] = "Time Zone is not set.";
print_r(json_encode($response));
return false;
exit();
}
function checkadmin($auth_username)
{
$db = new Database();
$db->connect();
$db->sql("SELECT `username` FROM `admin` WHERE `username`='$auth_username' LIMIT 1");
$res = $db->getResult();
if (!empty($res)) {
return true;
} else {
return false;
}
}
if (ALLOW_MODIFICATION == 0 && !defined(ALLOW_MODIFICATION)) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
if (isset($_POST['change_category'])) {
if ($permissions['subcategories']['read'] == 1) {
if ($_POST['category_id'] == '') {
$sql = "SELECT * FROM subcategory";
} else {
$category_id = $db->escapeString($fn->xss_clean($_POST['category_id']));
$sql = "SELECT * FROM subcategory WHERE category_id=" . $category_id;
}
} else {
echo "<option value=''>--Select Subcategory--</option>";
return false;
}
$db->sql($sql);
$res = $db->getResult();
if (!empty($res)) {
foreach ($res as $row) {
echo "<option value=" . $row['id'] . ">" . $row['name'] . "</option>";
}
} else {
echo "<option value=''>--No Sub Category is added--</option>";
}
}
if (isset($_POST['category'])) {
if ($permissions['subcategories']['read'] == 1) {
if ($_POST['category_id'] == '') {
$sql = "SELECT * FROM subcategory";
} else {
$category_id = $db->escapeString($fn->xss_clean($_POST['category_id']));
$sql = "SELECT * FROM subcategory WHERE category_id=" . $category_id;
}
$db->sql($sql);
$res = $db->getResult();
if (!empty($res)) {
echo "<option value=''>All</option>";
foreach ($res as $row) {
echo "<option value=" . $row['id'] . ">" . $row['name'] . "</option>";
}
} else {
echo "<option value=''>--No Sub Category is added--</option>";
}
} else {
echo "<option value=''>All</option>";
}
}
if (isset($_POST['find_subcategory'])) {
$category_id = $db->escapeString($fn->xss_clean($_POST['category_id']));
$sql = "SELECT * FROM subcategory WHERE category_id=" . $category_id;
$db->sql($sql);
$res = $db->getResult();
if (!empty($res)) {
foreach ($res as $row) {
echo "<option value=" . $row['id'] . ">" . $row['name'] . "</option>";
}
} else {
echo "<option value=''>--No Sub Category is added--</option>";
}
}
if (isset($_POST['delete_variant'])) {
$id = $db->escapeString($fn->xss_clean($_POST['id']));
$sql = "SELECT images FROM product_variant WHERE id =" . $id;
$db->sql($sql);
$res = $db->getResult();
foreach ($res as $row)
$other_images = $row['images']; /*get other images json array*/
$variant_images = str_replace("'", '"', $other_images);
$other_images = json_decode($variant_images); /*decode from json to array*/
foreach ($other_images as $other_image) {
unlink('../' . $other_image);
}
$sql = "DELETE FROM product_variant WHERE id=" . $id;
$db->sql($sql);
}
if (isset($_POST['delete_variant_images']) && $_POST['delete_variant_images'] == 1) {
$vid = $db->escapeString($fn->xss_clean($_POST['vid']));
$i = $db->escapeString($fn->xss_clean($_POST['i']));
$res = $fn->delete_variant_images($vid, $i);
print_r($res);
}
if (isset($_POST['system_configurations'])) {
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update settings</label>';
return false;
}
$date = $db->escapeString(date('Y-m-d'));
$currency = (empty($_POST['currency'])) ? '₹' : $db->escapeString($fn->xss_clean($_POST['currency']));
$sql = "UPDATE `settings` SET `value`='" . $currency . "' WHERE `variable`='currency'";
$db->sql($sql);
$message = "<div class='alert alert-success'> Settings updated successfully!</div>";
$_POST['system_timezone_gmt'] = (trim($_POST['system_timezone_gmt']) == '00:00') ? "+" . trim($db->escapeString($fn->xss_clean($_POST['system_timezone_gmt']))) : $db->escapeString($fn->xss_clean($_POST['system_timezone_gmt']));
if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['current_version'])))) {
$_POST['current_version'] = 0;
}
if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['minimum_version_required'])))) {
$_POST['minimum_version_required'] = 0;
}
if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['delivery_charge'])))) {
$_POST['delivery_charge'] = 0;
}
if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['min-refer-earn-order-amount'])))) {
$_POST['min-refer-earn-order-amount'] = 0;
}
if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['min_amount'])))) {
$_POST['min_amount'] = 0;
}
if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['max-refer-earn-amount'])))) {
$_POST['max-refer-earn-amount'] = 0;
}
if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['minimum-withdrawal-amount'])))) {
$_POST['minimum-withdrawal-amount'] = 0;
}
if (preg_match("/[a-z]/i", $db->escapeString($fn->xss_clean($_POST['refer-earn-bonus'])))) {
$_POST['refer-earn-bonus'] = 0;
}
$_POST['store_address'] = (!empty($_POST['store_address'])) ? preg_replace("/[\r\n]{2,}/", "<br>", $_POST['store_address']) : "";
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "UPDATE settings SET value='" . $settings_value . "' WHERE variable='system_timezone'";
$db->sql($sql);
$res = $db->getResult();
$sql_logo = "select value from `settings` where variable='Logo' OR variable='logo'";
$db->sql($sql_logo);
$res_logo = $db->getResult();
$file_name = $_FILES['logo']['name'];
if (!empty($_FILES["logo"]["tmp_name"]) && $_FILES["logo"]["size"] > 0) {
$tmp = explode('.', $file_name);
$ext = end($tmp);
$result = $fn->validate_image($_FILES["logo"]);
if ($result) {
echo " <span class='label label-danger'>Logo Image type must jpg, jpeg, gif, or png!</span>";
return false;
} else {
$old_image = '../dist/img/' . $res_logo[0]['value'];
if (file_exists($old_image)) {
unlink($old_image);
}
$target_path = '../dist/img/';
$filename = "logo." . strtolower($ext);
$full_path = $target_path . '' . $filename;
if (!move_uploaded_file($_FILES["logo"]["tmp_name"], $full_path)) {
$message = "Image could not be uploaded<br/>";
} else {
//Update Logo - id = 5
$sql = "UPDATE `settings` SET `value`='" . $filename . "' WHERE `variable` = 'logo'";
$db->sql($sql);
}
}
}
echo "<p class='alert alert-success'>Settings Saved!</p>";
}
if (isset($_POST['payment_method_settings'])) {
if (ALLOW_MODIFICATION == 0 && !defined(ALLOW_MODIFICATION)) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update settings</label>';
return false;
}
$data = $fn->get_settings('payment_methods', true);
if (empty($data)) {
$json_data = json_encode($fn->xss_clean_array($_POST));
$sql = "INSERT INTO `settings`(`variable`, `value`) VALUES ('payment_methods','$json_data')";
$db->sql($sql);
echo "<div class='alert alert-success'> Settings created successfully!</div>";
} else {
$json_data = json_encode($fn->xss_clean_array($_POST));
$sql = "UPDATE `settings` SET `value`='$json_data' WHERE `variable`='payment_methods'";
$db->sql($sql);
echo "<div class='alert alert-success'> Settings updated successfully!</div>";
}
}
if (isset($_POST['time_slot_config']) && $_POST['time_slot_config'] == 1) {
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update settings</label>';
return false;
}
$_POST['allowed_days'] = empty($_POST['allowed_days']) ? 1 : $db->escapeString($fn->xss_clean($_POST['allowed_days']));
if (!$time_slot_config) {
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "INSERT INTO settings (`variable`,`value`) VALUES ('time_slot_config','" . $settings_value . "')";
} else {
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "UPDATE settings SET value='" . $settings_value . "' WHERE variable='time_slot_config'";
}
if ($db->sql($sql)) {
echo "<p class='alert alert-success'>Saved Successfully!</p>";
} else {
echo "<p class='alert alert-danger'>Something went wrong please try again!</p>";
}
}
if (isset($_POST['add_category_settings']) && $_POST['add_category_settings'] == 1) {
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update settings</label>';
return false;
}
$sql = "select variable from settings where variable='categories_settings' ";
$db->sql($sql);
$res = $db->getResult();
if (empty($res)) {
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "INSERT INTO settings (`variable`,`value`) VALUES ('categories_settings','" . $settings_value . "')";
} else {
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "UPDATE settings SET value='" . $settings_value . "' WHERE variable='categories_settings'";
}
if ($db->sql($sql)) {
echo "<p class='alert alert-success'>Saved Successfully!</p>";
} else {
echo "<p class='alert alert-danger'>Something went wrong please try again!</p>";
}
}
if (isset($_POST['add_dr_gold']) && $_POST['add_dr_gold'] == 1) {
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update settings</label>';
return false;
}
$sql = "select * from settings where variable = 'doctor_brown'";
$db->sql($sql);
$res = $db->getResult();
// print_r($res);
if (empty($res)) {
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "INSERT INTO settings (`variable`,`value`) VALUES ('doctor_brown','$settings_value ')";
if ($db->sql($sql)) {
$response['error'] = false;
$response['message'] = "Your system is registered and activated successfully!";
} else {
$response['error'] = true;
$response['message'] = "Something went wrong please try again!";
}
} else {
/* delete if token are different */
$token = json_decode($res[0]['value'], true);
$db_token = (isset($token['time_check']) && !empty($token['time_check'])) ? $token['time_check'] : "";
$vali_token = $fn->xss_clean_array($_POST['time_check']);
if ($db_token != $vali_token) {
$sql = "DELETE FROM `settings` WHERE variable = 'doctor_brown'";
if ($db->sql($sql)) {
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "INSERT INTO settings (`variable`,`value`) VALUES ('doctor_brown','$settings_value ')";
if ($db->sql($sql)) {
$response['error'] = false;
$response['message'] = "Your system is registered and activated successfully!";
} else {
$response['error'] = true;
$response['message'] = "Something went wrong please try again!";
}
} else {
$response['error'] = true;
$response['message'] = "Something went wrong please try again!";
}
} else {
$response['error'] = false;
$response['message'] = "Your system is already activated!";
}
}
print_r(json_encode($response));
}
if (isset($_POST['front_end_settings']) && $_POST['front_end_settings'] == 1) {
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update settings</label>';
return false;
}
$res = $res_data = array();
$loading_old = "";
$web_logo_old = "";
$favicon_old = "";
$screenshots_old = "";
$google_play_old = "";
$sql = "select * from settings where variable = 'front_end_settings'";
$db->sql($sql);
$res = $db->getResult();
$res_data = (!empty($res)) ? json_decode($res[0]['value'], true) : array();
$loading_old = $res_data['loading'];
$favicon_old = $res_data['favicon'];
$web_logo_old = $res_data['web_logo'];
$screenshots_old = $res_data['screenshots'];
$google_play_old = $res_data['google_play'];
if (isset($_FILES['favicon']) && !empty($_FILES['favicon']) && $_FILES['favicon']['error'] == 0 && $_FILES['favicon']['size'] > 0) {
$favicon = $db->escapeString($fn->xss_clean($_FILES['favicon']['name']));
$extension = pathinfo($_FILES["favicon"]["name"])['extension'];
$result = $fn->validate_image($_FILES["favicon"]);
if ($result) {
echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
return false;
}
$target_path = '../dist/img/';
if (!empty($favicon_old) && $favicon_old != '') {
unlink($target_path . $favicon_old);
}
$filename = microtime(true) . '.' . strtolower($extension);
$full_path = $target_path . "" . $filename;
if (!move_uploaded_file($_FILES["favicon"]["tmp_name"], $full_path)) {
echo "<p class='alert alert-danger'>Invalid directory to load favicon!</p>";
return false;
}
$_POST['favicon'] = $filename;
} else {
$_POST['favicon'] = $favicon_old;
}
if (isset($_FILES['web_logo']) && !empty($_FILES['web_logo']) && $_FILES['web_logo']['error'] == 0 && $_FILES['web_logo']['size'] > 0) {
$web_logo = $db->escapeString($fn->xss_clean($_FILES['web_logo']['name']));
$extension = pathinfo($_FILES["web_logo"]["name"])['extension'];
$result = $fn->validate_image($_FILES["web_logo"]);
if ($result) {
echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
return false;
}
$target_path = '../dist/img/';
if (!empty($fweb_logo_old) && $web_logo_old != '') {
unlink($target_path . $web_logo_old);
}
$filename = microtime(true) . '.' . strtolower($extension);
$full_path = $target_path . "" . $filename;
if (!move_uploaded_file($_FILES["web_logo"]["tmp_name"], $full_path)) {
echo "<p class='alert alert-danger'>Invalid directory to load Web Logo!</p>";
return false;
}
$_POST['web_logo'] = $filename;
} else {
$_POST['web_logo'] = $web_logo_old;
}
if (isset($_FILES['loading']) && !empty($_FILES['loading']) && $_FILES['loading']['error'] == 0 && $_FILES['loading']['size'] > 0) {
$loading = $db->escapeString($fn->xss_clean($_FILES['loading']['name']));
$extension = pathinfo($_FILES["loading"]["name"])['extension'];
$result = $fn->validate_image($_FILES["loading"]);
if ($result) {
echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
return false;
}
$target_path = '../dist/img/';
if (!empty($loading_old) && $loading_old != '') {
unlink($target_path . $loading_old);
}
$filename = microtime(true) . '.' . strtolower($extension);
$full_path = $target_path . "" . $filename;
if (!move_uploaded_file($_FILES["loading"]["tmp_name"], $full_path)) {
echo "<p class='alert alert-danger'>Invalid directory to load loading Image!</p>";
return false;
}
$_POST['loading'] = $filename;
} else {
$_POST['loading'] = $loading_old;
}
if (isset($_FILES['screenshots']) && !empty($_FILES['screenshots']) && $_FILES['screenshots']['error'] == 0 && $_FILES['screenshots']['size'] > 0) {
$screenshots = $db->escapeString($fn->xss_clean($_FILES['screenshots']['name']));
$extension = pathinfo($_FILES["screenshots"]["name"])['extension'];
$result = $fn->validate_image($_FILES["screenshots"]);
if ($result) {
echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
return false;
}
$target_path = '../dist/img/';
if (!empty($screenshots_old) && $screenshots_old != '') {
unlink($target_path . $screenshots_old);
}
$filename = microtime(true) . '.' . strtolower($extension);
$full_path = $target_path . "" . $filename;
if (!move_uploaded_file($_FILES["screenshots"]["tmp_name"], $full_path)) {
echo "<p class='alert alert-danger'>Invalid directory to load App Screenshots!</p>";
return false;
}
$_POST['screenshots'] = $filename;
} else {
$_POST['screenshots'] = $screenshots_old;
}
if (isset($_FILES['google_play']) && !empty($_FILES['google_play']) && $_FILES['google_play']['error'] == 0 && $_FILES['google_play']['size'] > 0) {
$google_play = $db->escapeString($fn->xss_clean($_FILES['google_play']['name']));
$extension = pathinfo($_FILES["google_play"]["name"])['extension'];
$result = $fn->validate_image($_FILES["google_play"]);
if ($result) {
echo "<p class='alert alert-danger'>Image type must jpg, jpeg, gif, or png!</p>";
return false;
}
$target_path = '../dist/img/';
if (!empty($google_play_old) && $google_play_old != '') {
unlink($target_path . $google_play_old);
}
$filename = microtime(true) . '.' . strtolower($extension);
$full_path = $target_path . "" . $filename;
if (!move_uploaded_file($_FILES["google_play"]["tmp_name"], $full_path)) {
echo "<p class='alert alert-danger'>Invalid directory to load Google Play Image!</p>";
return false;
}
$_POST['google_play'] = $filename;
} else {
$_POST['google_play'] = $google_play_old;
}
$_POST['show_color_picker_in_website'] = str_replace("'", "''", $_POST['show_color_picker_in_website']);
if (empty($res)) {
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "INSERT INTO settings (`variable`,`value`) VALUES ('front_end_settings','$settings_value ')";
if ($db->sql($sql)) {
echo "<p class='alert alert-success'>Saved Successfully!</p>";
} else {
echo "<p class='alert alert-danger'>Something went wrong please try again!</p>";
}
} else {
$settings_value = json_encode($fn->xss_clean_array($_POST));
$sql = "UPDATE settings SET value='" . $settings_value . "' WHERE variable='front_end_settings'";
if ($db->sql($sql)) {
echo "<p class='alert alert-success'>Saved Successfully!</p>";
} else {
echo "<p class='alert alert-danger'>Something went wrong please try again!</p>";
}
}
}
if (isset($_POST['add_delivery_boy']) && $_POST['add_delivery_boy'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['delivery_boys']['create'] == 0) {
echo '<label class="alert alert-danger">You have no permission to create delivery boy</label>';
return false;
}
$name = $db->escapeString($fn->xss_clean($_POST['name']));
$mobile = $db->escapeString($fn->xss_clean($_POST['mobile']));
$address = $db->escapeString($fn->xss_clean($_POST['address']));
$bonus = $db->escapeString($fn->xss_clean($_POST['bonus']));
$dob = $db->escapeString($fn->xss_clean($_POST['dob']));
$bank_name = $db->escapeString($fn->xss_clean($_POST['bank_name']));
$bonus_method = $db->escapeString($fn->xss_clean($_POST['bonus_method']));
$other_payment_info = (isset($_POST['other_payment_info']) && !empty($_POST['other_payment_info'])) ? $db->escapeString($fn->xss_clean($_POST['other_payment_info'])) : '';
$account_number = $db->escapeString($fn->xss_clean($_POST['account_number']));
$account_name = $db->escapeString($fn->xss_clean($_POST['account_name']));
$ifsc_code = $db->escapeString($fn->xss_clean($_POST['ifsc_code']));
$password = $db->escapeString($fn->xss_clean($_POST['password']));
$password = md5($password);
$sql = 'SELECT id FROM delivery_boys WHERE mobile=' . $mobile;
$db->sql($sql);
$res = $db->getResult();
$count = $db->numRows($res);
if ($count > 0) {
echo '<label class="alert alert-danger">Mobile Number Already Exists!</label>';
return false;
}
$target_path = '../upload/delivery-boy/';
if ($_FILES['driving_license']['error'] == 0 && $_FILES['driving_license']['size'] > 0) {
if (!is_dir($target_path)) {
mkdir($target_path, 0777, true);
}
$extension = pathinfo($_FILES["driving_license"]["name"])['extension'];
$result = $fn->validate_image($_FILES["driving_license"]);
if ($result) {
echo " <span class='label label-danger'>Driving License image type must jpg, jpeg, gif, or png!</span>";
return false;
exit();
}
$dr_filename = microtime(true) . '.' . strtolower($extension);
$dr_full_path = $target_path . "" . $dr_filename;
if (!move_uploaded_file($_FILES["driving_license"]["tmp_name"], $dr_full_path)) {
echo "<p class='alert alert-danger'>Invalid directory to load image!</p>";
return false;
}
}
if ($_FILES['national_identity_card']['error'] == 0 && $_FILES['national_identity_card']['size'] > 0) {
if (!is_dir($target_path)) {
mkdir($target_path, 0777, true);
}
$extension = pathinfo($_FILES["national_identity_card"]["name"])['extension'];
$result = $fn->validate_image($_FILES["national_identity_card"]);
if ($result) {
echo " <span class='label label-danger'>National Identity Card image type must jpg, jpeg, gif, or png!</span>";
return false;
exit();
}
$nic_filename = microtime(true) . '.' . strtolower($extension);
$nic_full_path = $target_path . "" . $nic_filename;
if (!move_uploaded_file($_FILES["national_identity_card"]["tmp_name"], $nic_full_path)) {
echo "<p class='alert alert-danger'>Invalid directory to load image!</p>";
return false;
}
}
$sql = "INSERT INTO delivery_boys (`name`,`mobile`,`password`,`address`,`bonus`, `driving_license`, `national_identity_card`, `dob`, `bank_account_number`, `bank_name`, `account_name`, `ifsc_code`,`other_payment_information`,`bonus_method`) VALUES ('$name', '$mobile', '$password', '$address','$bonus','$dr_filename', '$nic_filename', '$dob','$account_number','$bank_name','$account_name','$ifsc_code','$other_payment_info','$bonus_method')";
if ($db->sql($sql)) {
echo '<label class="alert alert-success">Delivery Boy Added Successfully!</label>';
} else {
echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
}
}
if (isset($_POST['update_delivery_boy']) && $_POST['update_delivery_boy'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['delivery_boys']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update delivery boy</label>';
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['delivery_boy_id']));
if ($id == 104 && ALLOW_MODIFICATION == 0) {
echo '<label class="alert alert-danger">Sorry you can not update this delivery boy.</label>';
return false;
}
$name = $db->escapeString($fn->xss_clean($_POST['update_name']));
$password = !empty($_POST['update_password']) ? $db->escapeString($fn->xss_clean($_POST['update_password'])) : '';
$update_other_payment_info = !empty($_POST['update_other_payment_info']) ? $db->escapeString($fn->xss_clean($_POST['update_other_payment_info'])) : '';
$address = $db->escapeString($fn->xss_clean($_POST['update_address']));
$bonus = $db->escapeString($fn->xss_clean($_POST['update_bonus']));
$status = $db->escapeString($fn->xss_clean($_POST['status']));
$available = $db->escapeString($fn->xss_clean($_POST['available']));
$update_dob = $db->escapeString($fn->xss_clean($_POST['update_dob']));
$bonus_method = $db->escapeString($fn->xss_clean($_POST['bonus_method']));
$update_bank_name = $db->escapeString($fn->xss_clean($_POST['update_bank_name']));
$update_account_number = $db->escapeString($fn->xss_clean($_POST['update_account_number']));
$update_account_name = $db->escapeString($fn->xss_clean($_POST['update_account_name']));
$update_ifsc_code = $db->escapeString($fn->xss_clean($_POST['update_ifsc_code']));
$password = !empty($password) ? md5($password) : '';
$dr_image = $nic_image = "";
if ($_FILES['update_driving_license']['size'] != 0 && $_FILES['update_driving_license']['error'] == 0 && !empty($_FILES['update_driving_license'])) {
//image isn't empty and update the image
$dr_image = $db->escapeString($fn->xss_clean($_POST['dr_image1']));
$extension = pathinfo($_FILES["update_driving_license"]["name"])['extension'];
$result = $fn->validate_image($_FILES["update_driving_license"]);
if ($result) {
echo " <span class='label label-danger'>Driving License image type must jpg, jpeg, gif, or png!</span>";
return false;
exit();
}
$target_path = '../upload/delivery-boy/';
$dr_filename = microtime(true) . '.' . strtolower($extension);
$dr_full_path = $target_path . "" . $dr_filename;
if (!move_uploaded_file($_FILES["update_driving_license"]["tmp_name"], $dr_full_path)) {
echo '<p class="alert alert-danger">Can not upload image.</p>';
return false;
exit();
}
if (!empty($dr_image)) {
unlink($target_path . $dr_image);
}
$sql = "UPDATE delivery_boys SET `driving_license`='" . $dr_filename . "' WHERE `id`=" . $id;
$db->sql($sql);
}
if ($_FILES['update_national_identity_card']['size'] != 0 && $_FILES['update_national_identity_card']['error'] == 0 && !empty($_FILES['update_national_identity_card'])) {
//image isn't empty and update the image
$nic_image = $db->escapeString($fn->xss_clean($_POST['nic_image']));
$extension = pathinfo($_FILES["update_national_identity_card"]["name"])['extension'];
$result = $fn->validate_image($_FILES["update_national_identity_card"]);
if ($result) {
echo " <span class='label label-danger'>National Identity Card image type must jpg, jpeg, gif, or png!</span>";
return false;
exit();
}
$target_path = '../upload/delivery-boy/';
$nic_filename = microtime(true) . '.' . strtolower($extension);
$nic_full_path = $target_path . "" . $nic_filename;
if (!move_uploaded_file($_FILES["update_national_identity_card"]["tmp_name"], $nic_full_path)) {
echo '<p class="alert alert-danger">Can not upload image.</p>';
return false;
exit();
}
if (!empty($nic_image)) {
unlink($target_path . $nic_image);
}
$sql = "UPDATE delivery_boys SET `national_identity_card`='" . $nic_filename . "' WHERE `id`=" . $id;
$db->sql($sql);
}
if (!empty($password)) {
$sql = "Update delivery_boys set `name`='" . $name . "',password='" . $password . "',`address`='" . $address . "',`bonus`='" . $bonus . "',`bonus_method` = '" . $bonus_method . "',`status`='" . $status . "',`is_available`='" . $available . "',`dob`='$update_dob',`bank_account_number`='$update_account_number',`bank_name`='$update_bank_name',`account_name`='$update_account_name',`ifsc_code`='$update_ifsc_code',`other_payment_information`='$update_other_payment_info' where `id`=" . $id;
} else {
$sql = "Update delivery_boys set `name`='" . $name . "',`address`='" . $address . "',`bonus`='" . $bonus . "',`bonus_method` = '" . $bonus_method . "',`status`='" . $status . "',`is_available`='" . $available . "',`dob`='$update_dob',`bank_account_number`='$update_account_number',`bank_name`='$update_bank_name',`account_name`='$update_account_name',`ifsc_code`='$update_ifsc_code',`other_payment_information`='$update_other_payment_info' where `id`=" . $id;
}
if ($db->sql($sql)) {
echo "<label class='alert alert-success'>Information Updated Successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_GET['delete_delivery_boy']) && $_GET['delete_delivery_boy'] == 1) {
if ($permissions['delivery_boys']['delete'] == 0) {
echo 2;
return false;
}
$id = $db->escapeString($fn->xss_clean($_GET['id']));
$target_path = '../upload/delivery-boy/';
$driving_license = $db->escapeString($fn->xss_clean($_GET['driving_license']));
$national_identity_card = $db->escapeString($fn->xss_clean($_GET['national_identity_card']));
if ($id == 104) {
echo 3;
return false;
}
$sql = "DELETE FROM `delivery_boys` WHERE id=" . $id;
if ($db->sql($sql)) {
// delete fund_transfers
$sql = "DELETE FROM `fund_transfers` WHERE delivery_boy_id=" . $id;
$db->sql($sql);
// delete withdrawal requests
$sql = "DELETE FROM `withdrawal_requests` WHERE `type_id`=" . $id . " AND `type`='delivery_boy'";
$db->sql($sql);
if (!empty($driving_license)) {
unlink($target_path . $driving_license);
}
if (!empty($national_identity_card)) {
unlink($target_path . $national_identity_card);
}
echo 0;
} else {
echo 1;
}
}
if (isset($_POST['update_web_category']) && $_POST['update_web_category'] == 1) {
if (ALLOW_MODIFICATION == 0 && !defined(ALLOW_MODIFICATION)) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
if ($permissions['categories']['update'] == 1) {
$category_id = $db->escapeString($fn->xss_clean($_POST['web_category_id']));
$c_image = $db->escapeString($fn->xss_clean($_FILES['c_image']['name']));
$c_image_temp = $db->escapeString($fn->xss_clean($_FILES['c_image']['tmp_name']));
$extension = pathinfo($_FILES["c_image"]["name"])['extension'];
$result = $fn->validate_image($_FILES["c_image"]);
if ($result) {
echo '<p class="alert alert-danger">Image type must jpg, jpeg, gif, or png!</p>';
return false;
exit();
}
if ($c_image_temp != "") {
$target_path = '../upload/web-category-image/';
if (!is_dir($target_path)) {
mkdir($target_path, 0777, true);
}
$nic_filename = microtime(true) . '.' . strtolower($extension);
$nic_full_path = $target_path . "" . $nic_filename;
$target_path_db = 'upload/web-category-image/';
$nic_filename_db = microtime(true) . '.' . strtolower($extension);
$nic_full_path_db = $target_path_db . "" . $nic_filename_db;
if (!move_uploaded_file($_FILES["c_image"]["tmp_name"], $nic_full_path)) {
echo '<p class="alert alert-danger">Can not upload image.</p>';
return false;
exit();
}
$c_update = "update category set web_image= '$nic_full_path_db' where id='$category_id'";
}
$db->sql($c_update);
$update_result = $db->getResult();
}
}
if (isset($_POST['add_social_media']) && $_POST['add_social_media'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to add social media</label>';
return false;
}
$icon = $db->escapeString($fn->xss_clean($_POST['icon']));
$link = $db->escapeString($fn->xss_clean($_POST['link']));
$sql = "INSERT INTO social_media (`icon`,`link`) VALUES ('$icon', '$link')";
if ($db->sql($sql)) {
echo '<label class="alert alert-success">Social Media Added Successfully!</label>';
} else {
echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
}
}
if (isset($_POST['update_social_media']) && $_POST['update_social_media'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update social media</label>';
return false;
}
$icon = $db->escapeString($fn->xss_clean($_POST['update_icon']));
$link = $db->escapeString($fn->xss_clean($_POST['update_link']));
$id = $db->escapeString($fn->xss_clean($_POST['social_media_id']));
$sql = "Update social_media set `icon`='" . $icon . "', link='" . $link . "' where `id`=" . $id;
$db->sql($sql);
if ($db->sql($sql)) {
echo "<label class='alert alert-success'>Information Updated Successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_GET['delete_social_media']) && $_GET['delete_social_media'] == 1) {
if ($permissions['settings']['update'] == 0) {
echo 2;
return false;
}
$id = $db->escapeString($fn->xss_clean($_GET['id']));
$sql = "DELETE FROM `social_media` WHERE id=" . $id;
if ($db->sql($sql)) {
echo 0;
} else {
echo 1;
}
}
if (isset($_POST['update_payment_request']) && $_POST['update_payment_request'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['payment']['update'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update payment request.</label>";
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['payment_request_id']));
$remarks = $db->escapeString($fn->xss_clean($_POST['update_remarks']));
$status = $db->escapeString($fn->xss_clean($_POST['status']));
$sql = "select status from payment_requests where id=" . $id;
$db->sql($sql);
$res = $db->getResult();
if ($res[0]['status'] == 1) {
echo "<label class='alert alert-danger'>Payment request already approved.</label>";
return false;
}
if ($res[0]['status'] == 2) {
echo "<label class='alert alert-danger'>Payment request already cancelled.</label>";
return false;
}
if ($status == '2') {
$sql = "SELECT user_id,amount_requested FROM payment_requests WHERE id=" . $id;
$db->sql($sql);
$res = $db->getResult();
$user_id = $res[0]['user_id'];
$amount = $res[0]['amount_requested'];
$sql = "UPDATE users SET balance = balance + $amount WHERE id=" . $user_id;
$db->sql($sql);
}
$sql = "Update payment_requests set `remarks`='" . $remarks . "',`status`='" . $status . "' where `id`=" . $id;
if ($db->sql($sql)) {
echo "<label class='alert alert-success'>Updated Successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_POST['boy_id']) && isset($_POST['transfer_fund'])) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['payment']['update'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update delivery boy.</label>";
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['boy_id']));
$balance = $db->escapeString($fn->xss_clean($_POST['delivery_boy_balance']));
if (!is_numeric($_POST['amount'])) {
echo "<label class='alert alert-danger'>Amount must be number.</label>";
return false;
}
$amount = $db->escapeString($fn->xss_clean($_POST['amount']));
$message = (!empty($_POST['message'])) ? $db->escapeString($fn->xss_clean($_POST['message'])) : 'Fund Transferred By Admin';
$bal = $balance - $amount;
$sql = "Update delivery_boys set `balance`='" . $bal . "' where `id`=" . $id;
$db->sql($sql);
$sql = "INSERT INTO `fund_transfers` (`delivery_boy_id`,`amount`,`opening_balance`,`closing_balance`,`status`,`message`) VALUES ('" . $id . "','" . $amount . "','" . $balance . "','" . $bal . "','SUCCESS','" . $message . "')";
$db->sql($sql);
echo "<p class='alert alert-success'>Amount Transferred Successfully!</p>";
}
if (isset($_POST['add_promo_code']) && $_POST['add_promo_code'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['promo_codes']['create'] == 0) {
echo '<label class="alert alert-danger">You have no permission to create promo code</label>';
return false;
}
$promo_code = $db->escapeString($fn->xss_clean($_POST['promo_code']));
$message = $db->escapeString($fn->xss_clean($_POST['message']));
$start_date = $db->escapeString($fn->xss_clean($_POST['start_date']));
$end_date = $db->escapeString($fn->xss_clean($_POST['end_date']));
$no_of_users = $db->escapeString($fn->xss_clean($_POST['no_of_users']));
$minimum_order_amount = $db->escapeString($fn->xss_clean($_POST['minimum_order_amount']));
$discount = $db->escapeString($fn->xss_clean($_POST['discount']));
$discount_type = $db->escapeString($fn->xss_clean($_POST['discount_type']));
$max_discount_amount = $db->escapeString($fn->xss_clean($_POST['max_discount_amount']));
$repeat_usage = $db->escapeString($fn->xss_clean($_POST['repeat_usage']));
$no_of_repeat_usage = !empty($_POST['repeat_usage']) ? $db->escapeString($fn->xss_clean($_POST['no_of_repeat_usage'])) : 0;
$status = $db->escapeString($fn->xss_clean($_POST['status']));
$sql = "INSERT INTO promo_codes (promo_code,message,start_date,end_date,no_of_users,minimum_order_amount,discount,discount_type,max_discount_amount,repeat_usage,no_of_repeat_usage,status)
VALUES('$promo_code', '$message', '$start_date', '$end_date','$no_of_users','$minimum_order_amount','$discount','$discount_type','$max_discount_amount','$repeat_usage','$no_of_repeat_usage','$status')";
if ($db->sql($sql)) {
echo '<label class="alert alert-success">Promo Code Added Successfully!</label>';
} else {
echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
}
}
if (isset($_POST['update_promo_code']) && $_POST['update_promo_code'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['promo_codes']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update promo code</label>';
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['promo_code_id']));
$promo_code = $db->escapeString($fn->xss_clean($_POST['update_promo']));
$message = $db->escapeString($fn->xss_clean($_POST['update_message']));
$start_date = $db->escapeString($fn->xss_clean($_POST['update_start_date']));
$end_date = $db->escapeString($fn->xss_clean($_POST['update_end_date']));
$no_of_users = $db->escapeString($fn->xss_clean($_POST['update_no_of_users']));
$minimum_order_amount = $db->escapeString($fn->xss_clean($_POST['update_minimum_order_amount']));
$discount = $db->escapeString($fn->xss_clean($_POST['update_discount']));
$discount_type = $db->escapeString($fn->xss_clean($_POST['update_discount_type']));
$max_discount_amount = $db->escapeString($fn->xss_clean($_POST['update_max_discount_amount']));
$repeat_usage = $db->escapeString($fn->xss_clean($_POST['update_repeat_usage']));
$no_of_repeat_usage = $repeat_usage == 0 ? '0' : $db->escapeString($fn->xss_clean($_POST['update_no_of_repeat_usage']));
$status = $db->escapeString($fn->xss_clean($_POST['status']));
$sql = "Update promo_codes set `promo_code`='" . $promo_code . "',`message`='" . $message . "',`start_date`='" . $start_date . "',`end_date`='" . $end_date . "',`no_of_users`='" . $no_of_users . "',`minimum_order_amount`='" . $minimum_order_amount . "',`discount`='" . $discount . "',`discount_type`='" . $discount_type . "',`max_discount_amount`='" . $max_discount_amount . "',`repeat_usage`='" . $repeat_usage . "',`no_of_repeat_usage`='" . $no_of_repeat_usage . "',`status`='" . $status . "' where `id`=" . $id;
if ($db->sql($sql)) {
echo "<label class='alert alert-success'>Promo Code Updated Successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_GET['delete_promo_code']) && $_GET['delete_promo_code'] == 1) {
if ($permissions['promo_codes']['delete'] == 0) {
echo 2;
return false;
}
$id = $db->escapeString($fn->xss_clean($_GET['id']));
$sql = "DELETE FROM `promo_codes` WHERE id=" . $id;
if ($db->sql($sql)) {
echo 0;
} else {
echo 1;
}
}
if (isset($_POST['add_time_slot']) && $_POST['add_time_slot'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to add time slot</label>';
return false;
}
$title = $db->escapeString($fn->xss_clean($_POST['title']));
$from_time = $db->escapeString($fn->xss_clean($_POST['from_time']));
$to_time = $db->escapeString($fn->xss_clean($_POST['to_time']));
$last_order_time = $db->escapeString($fn->xss_clean($_POST['last_order_time']));
$status = $db->escapeString($fn->xss_clean($_POST['status']));
$sql = "INSERT INTO time_slots (title,from_time,to_time,last_order_time,status)
VALUES('$title', '$from_time', '$to_time', '$last_order_time','$status')";
if ($db->sql($sql)) {
echo '<label class="alert alert-success">Time Slot Added Successfully!</label>';
} else {
echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
}
}
if (isset($_POST['update_time_slot']) && $_POST['update_time_slot'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['settings']['update'] == 0) {
echo '<label class="alert alert-danger">You have no permission to update time slot</label>';
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['time_slot_id']));
$title = $db->escapeString($fn->xss_clean($_POST['update_title']));
$from_time = $db->escapeString($fn->xss_clean($_POST['update_from_time']));
$to_time = $db->escapeString($fn->xss_clean($_POST['update_to_time']));
$last_order_time = $db->escapeString($fn->xss_clean($_POST['update_last_order_time']));
$status = $db->escapeString($fn->xss_clean($_POST['status']));
$sql = "Update time_slots set `title`='" . $title . "',`from_time`='" . $from_time . "',`to_time`='" . $to_time . "',`last_order_time`='" . $last_order_time . "',`status`='" . $status . "' where `id`=" . $id;
if ($db->sql($sql)) {
echo "<label class='alert alert-success'>Time Slot Updated Successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_GET['delete_time_slot']) && $_GET['delete_time_slot'] == 1) {
if ($permissions['settings']['update'] == 0) {
echo 2;
return false;
}
$id = $db->escapeString($fn->xss_clean($_GET['id']));
$sql = "DELETE FROM `time_slots` WHERE id=" . $id;
if ($db->sql($sql)) {
echo 0;
} else {
echo 1;
}
}
if (isset($_POST['update_return_request']) && $_POST['update_return_request'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['return_requests']['update'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update return request.</label>";
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['return_request_id']));
$order_item_id = $db->escapeString($fn->xss_clean($_POST['order_item_id']));
$order_id = $db->escapeString($fn->xss_clean($_POST['order_id']));
$remarks = $db->escapeString($fn->xss_clean($_POST['update_remarks']));
$return_status = $db->escapeString($fn->xss_clean($_POST['status']));
$sql = "select status from return_requests where id=" . $id;
$db->sql($sql);
$res = $db->getResult();
if ($res[0]['status'] == 1) {
echo "<label class='alert alert-danger'>Return request already approved.</label>";
return false;
}
if ($return_status == 1) {
$sql = "SELECT user_id,status,sub_total FROM order_items WHERE id =" . $order_item_id;
$db->sql($sql);
$result = $db->getResult();
$status = json_decode($result[0]['status']);
$status[] = array('returned', date("d-m-Y h:i:sa"));
$status = $db->escapeString(json_encode($status));
$sql = "UPDATE order_items SET status = '" . $status . "', active_status = 'returned' WHERE id = " . $order_item_id;
$db->sql($sql);
/* check for other item status and summery of order */
$sql = "SELECT id FROM order_items WHERE order_id=" . $order_id;
$db->sql($sql);
$total = $db->numRows();
$sql = "SELECT id FROM `order_items` WHERE order_id=" . $order_id . " && (`active_status` LIKE '%cancelled%' OR `active_status` LIKE '%returned%' )";
$db->sql($sql);
$returned = $db->numRows();
if ($returned == $total) {
$sql = "SELECT status FROM orders WHERE id =" . $order_id;
$db->sql($sql);
$res = $db->getResult();
$status_order = json_decode($res[0]['status']);
$status_order[] = array('returned', date("d-m-Y h:i:sa"));
$status_order = $db->escapeString(json_encode($status_order));
$sql = "UPDATE orders SET status = '" . $status_order . "', active_status = 'returned' WHERE id = " . $order_id;
$db->sql($sql);
return false;
}
$sql = 'SELECT oi.`product_variant_id`,oi.`quantity`,oi.`discounted_price`,oi.`price`,pv.`product_id`,pv.`type`,pv.`stock`,pv.`stock_unit_id`,pv.`measurement`,pv.`measurement_unit_id` FROM `order_items` oi join `product_variant` pv on pv.id = oi.product_variant_id WHERE oi.`id`=' . $order_item_id;
$db->sql($sql);
$res_oi = $db->getResult();
if ($res_oi[0]['type'] == 'packet') {
$sql = "UPDATE product_variant SET stock = stock + " . $res_oi[0]['quantity'] . " WHERE id='" . $res_oi[0]['product_variant_id'] . "'";
$db->sql($sql);
$sql = "select stock from product_variant where id=" . $res_oi[0]['product_variant_id'];
$db->sql($sql);
$res_stock = $db->getResult();
if ($res_stock[0]['stock'] > 0) {
$sql = "UPDATE product_variant set serve_for='Available' WHERE id='" . $res_oi[0]['product_variant_id'] . "'";
$db->sql($sql);
}
} else {
/* When product type is loose */
if ($res_oi[0]['measurement_unit_id'] != $res_oi[0]['stock_unit_id']) {
$stock = $fn->convert_to_parent($res_oi[0]['measurement'], $res_oi[0]['measurement_unit_id']);
$stock = $stock * $res_oi[0]['quantity'];
$sql = "UPDATE product_variant SET stock = stock + " . $stock . " WHERE product_id='" . $res_oi[0]['product_id'] . "'";
$db->sql($sql);
} else {
$stock = $res_oi[0]['measurement'] * $res_oi[0]['quantity'];
$sql = "UPDATE product_variant SET stock = stock + " . $stock . " WHERE product_id='" . $res_oi[0]['product_id'] . "'";
$db->sql($sql);
}
$sql = "select stock from product_variant where product_id=" . $res_oi[0]['product_id'];
$db->sql($sql);
$res_stck = $db->getResult();
if ($res_stck[0]['stock'] > 0) {
$sql = "UPDATE product_variant set serve_for='Available' WHERE product_id='" . $res_oi[0]['product_id'] . "'";
$db->sql($sql);
}
}
/* update user's wallet */
$total = $res_oi[0]['discounted_price'] == 0 ? $res_oi[0]['price'] * $res_oi[0]['quantity'] : $res_oi[0]['discounted_price'] * $res_oi[0]['quantity'];
$sql = "select user_id from return_requests where id=" . $id;
$db->sql($sql);
$res_user = $db->getResult();
$user_id = $res_user[0]['user_id'];
$sql = "update users set balance = balance + $total where id=" . $user_id;
$db->sql($sql);
/* add wallet transaction */
$sql = "insert into wallet_transactions (`order_id`,`user_id`,`type`,`amount`,`message`,`status`)values(" . $order_id . "," . $user_id . ",'credit'," . $total . ",'Balance credited on return request approved.',1)";
$db->sql($sql);
}
$sql_query = "Update return_requests set `remarks`='" . $remarks . "',`status`='" . $return_status . "' where `id`=" . $id;
if ($db->sql($sql_query)) {
echo "<label class='alert alert-success'>Return request updated successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_GET['delete_return_request']) && $_GET['delete_return_request'] == 1) {
if ($permissions['return_requests']['delete'] == 0) {
echo 2;
return false;
}
$id = $db->escapeString($_GET['id']);
$sql = "DELETE FROM `return_requests` WHERE id=" . $id;
if ($db->sql($sql)) {
echo 0;
} else {
echo 1;
}
}
if (isset($_POST['manage_customer_wallet']) && isset($_POST['user_id'])) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['customers']['read'] == 0) {
echo '<label class="alert alert-danger">You have no permission to manage wallet balance</label>';
return false;
}
$user_id = $db->escapeString($fn->xss_clean($_POST['user_id']));
$amount = $db->escapeString($fn->xss_clean($_POST['amount']));
$type = $db->escapeString($fn->xss_clean($_POST['type']));
$message = !empty($_POST['message']) ? $db->escapeString($fn->xss_clean($_POST['message'])) : 'Transaction by admin';
$balance = $fn->get_wallet_balance($user_id);
if ($type == 'debit' && $balance <= 0) {
echo "<label class='alert alert-danger'>Balance should be greater than 0.</label>";
return false;
}
if ($type == 'debit' && $amount > $balance) {
echo "<label class='alert alert-danger'>Amount should not be greater than balance.</label>";
return false;
}
$new_balance = $type == 'credit' ? $balance + $amount : $balance - $amount;
$fn->update_wallet_balance($new_balance, $user_id);
if ($fn->add_wallet_transaction($order_id = "", $user_id, $type, $amount, $message)) {
echo "<label class='alert alert-success'>Balance Updated Successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_POST['add_system_user']) && $_POST['add_system_user'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
$id = $_SESSION['id'];
$username = $db->escapeString($fn->xss_clean($_POST['username']));
$email = $db->escapeString($fn->xss_clean($_POST['email']));
if (empty($email)) {
echo " <label class='alert alert-danger'>Email required!</label>";
return false;
}
$valid_mail = "/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i";
if (!preg_match($valid_mail, $email)) {
echo " <label class='alert alert-danger'>Wrong email format!</label>";
return false;
}
$password = $db->escapeString($fn->xss_clean($_POST['password']));
$password = md5($password);
$role = $db->escapeString($fn->xss_clean($_POST['role']));
$sql = "SELECT id FROM admin WHERE username='" . $username . "'";
$db->sql($sql);
$res = $db->getResult();
$count = $db->numRows($res);
if ($count > 0) {
echo '<label class="alert alert-danger">Username Already Exists!</label>';
return false;
}
$sql = "SELECT id FROM admin WHERE email='" . $email . "'";
$db->sql($sql);
$res = $db->getResult();
$count = $db->numRows($res);
if ($count > 0) {
echo '<label class="alert alert-danger">Email Already Exists!</label>';
return false;
}
$permissions['orders'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-order'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-order'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-order'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-order'])));
$permissions['categories'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-category'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-category'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-category'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-category'])));
$permissions['subcategories'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-subcategory'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-subcategory'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-subcategory'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-subcategory'])));
$permissions['products'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-product'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-product'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-product'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-product'])));
$permissions['products_order'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-products-order'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-products-order'])));
$permissions['home_sliders'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-home-slider'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-home-slider'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-home-slider'])));
$permissions['new_offers'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-new-offer'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-new-offer'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-new-offer'])));
$permissions['promo_codes'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-promo'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-promo'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-promo'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-promo'])));
$permissions['featured'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-featured'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-featured'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-featured'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-featured'])));
$permissions['customers'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-customers'])));
$permissions['payment'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-payment'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-payment'])));
$permissions['return_requests'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-return'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-return'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-return'])));
$permissions['delivery_boys'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-delivery'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-delivery'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-delivery'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-delivery'])));
$permissions['notifications'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-notification'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-notification'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-notification'])));
$permissions['transactions'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-transaction'])));
$permissions['settings'] = array("read" => $db->escapeString($fn->xss_clean($_POST['is-read-settings'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-settings'])));
$permissions['locations'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-location'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-location'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-location'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-location'])));
$permissions['reports'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-report'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-report'])));
$permissions['faqs'] = array("create" => $db->escapeString($fn->xss_clean($_POST['is-create-faq'])), "read" => $db->escapeString($fn->xss_clean($_POST['is-read-faq'])), "update" => $db->escapeString($fn->xss_clean($_POST['is-update-faq'])), "delete" => $db->escapeString($fn->xss_clean($_POST['is-delete-faq'])));
$encoded_permissions = json_encode($permissions);
$sql = "INSERT INTO admin (username,email,password,role,permissions,created_by)
VALUES('$username', '$email', '$password', '$role','$encoded_permissions','$id')";
if ($db->sql($sql)) {
echo '<label class="alert alert-success">' . $role . ' Added Successfully!</label>';
} else {
echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
}
}
if (isset($_GET['delete_system_user']) && $_GET['delete_system_user'] == 1) {
$id = $db->escapeString($_GET['id']);
$sql = "DELETE FROM `admin` WHERE id=" . $id;
if ($db->sql($sql)) {
echo 0;
} else {
echo 1;
}
}
if (isset($_POST['update_system_user']) && $_POST['update_system_user'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['system_user_id']));
$permissions['orders'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-order'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-order'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-order'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-order'])));
$permissions['categories'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-category'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-category'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-category'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-category'])));
$permissions['subcategories'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-subcategory'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-subcategory'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-subcategory'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-subcategory'])));
$permissions['products'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-product'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-product'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-product'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-product'])));
$permissions['products_order'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-products-order'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-products-order'])));
$permissions['home_sliders'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-home-slider'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-home-slider'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-home-slider'])));
$permissions['new_offers'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-new-offer'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-new-offer'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-new-offer'])));
$permissions['promo_codes'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-promo'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-promo'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-promo'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-promo'])));
$permissions['featured'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-featured'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-featured'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-featured'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-featured'])));
$permissions['customers'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-customers'])));
$permissions['payment'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-payment'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-payment'])));
$permissions['return_requests'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-return'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-return'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-return'])));
$permissions['delivery_boys'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-delivery'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-delivery'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-delivery'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-delivery'])));
$permissions['notifications'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-notification'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-notification'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-notification'])));
$permissions['transactions'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-transaction'])));
$permissions['fund_transfer_delivery_boy'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-fund'])));
$permissions['settings'] = array("read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-settings'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-settings'])));
$permissions['locations'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-location'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-location'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-location'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-location'])));
$permissions['reports'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-report'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-report'])));
$permissions['faqs'] = array("create" => $db->escapeString($fn->xss_clean($_POST['permission-is-create-faq'])), "read" => $db->escapeString($fn->xss_clean($_POST['permission-is-read-faq'])), "update" => $db->escapeString($fn->xss_clean($_POST['permission-is-update-faq'])), "delete" => $db->escapeString($fn->xss_clean($_POST['permission-is-delete-faq'])));
$permissions = json_encode($permissions);
$sql = "UPDATE admin SET permissions='" . $permissions . "' WHERE id=" . $id;
if ($db->sql($sql)) {
echo '<label class="alert alert-success">Updated Successfully!</label>';
} else {
echo '<label class="alert alert-danger">Some Error Occrred! please try again.</label>';
}
}
if (isset($_POST['update_withdrawal_request']) && $_POST['update_withdrawal_request'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['return_requests']['update'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update withdrawal request.</label>";
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['withdrawal_request_id']));
$type1 = $db->escapeString($fn->xss_clean($_POST['type']));
$type = $type1 == 'Delivery Boy' ? 'delivery_boy' : 'user';
$type_id = $db->escapeString($fn->xss_clean($_POST['type_id']));
$amount = $db->escapeString($fn->xss_clean($_POST['amount']));
$status = $db->escapeString($fn->xss_clean($_POST['status']));
$sql = "select status from withdrawal_requests where id=" . $id;
$db->sql($sql);
$res = $db->getResult();
if ($res[0]['status'] == 1) {
echo "<label class='alert alert-danger'>Withdrawal request already approved.</label>";
return false;
}
if ($res[0]['status'] == 2) {
echo "<label class='alert alert-danger'>Withdrawal request already cancelled.</label>";
return false;
}
if ($status == 1) {
if ($type == 'user') {
$balance = $fn->get_wallet_balance($type_id);
$new_balance = $balance + $amount;
$fn->update_wallet_balance($new_balance, $type_id);
$fn->add_wallet_transaction($order_id = "", $type_id, 'credit', $amount, 'Balance credited on withdrawal request cancellation.');
}
if ($type == 'delivery_boy') {
$balance = $fn->get_balance($type_id);
$new_balance = $balance + $amount;
$fn->update_delivery_boy_wallet_balance($new_balance, $type_id);
$sql = "INSERT INTO `fund_transfers` (`delivery_boy_id`,`type`,`amount`,`opening_balance`,`closing_balance`,`status`,`message`) VALUES ('" . $type_id . "','credit','" . $amount . "','" . $balance . "','" . $new_balance . "','SUCCESS','Balance credited on withdrawal request cancellation.')";
$db->sql($sql);
}
}
$sql_query = "Update withdrawal_requests set `status`='" . $status . "' where `id`=" . $id;
if ($db->sql($sql_query)) {
echo "<label class='alert alert-success'>Withdrawal request updated successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_GET['delete_withdrawal_request']) && $_GET['delete_withdrawal_request'] == 1) {
if ($permissions['return_requests']['delete'] == 0) {
echo 2;
return false;
}
$id = $db->escapeString($_GET['id']);
$sql = "DELETE FROM `withdrawal_requests` WHERE id=" . $id;
if ($db->sql($sql)) {
echo 0;
} else {
echo 1;
}
}
// upload bulk product - upload products in bulk using a CSV file
if (isset($_POST['bulk_upload']) && $_POST['bulk_upload'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'products')) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['products']['create'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
return false;
}
$count = 0;
$count1 = 0;
$error = false;
$filename = $_FILES["upload_file"]["tmp_name"];
$result = $fn->validate_image($_FILES["upload_file"], false);
if ($result) {
$error = true;
}
$allowed_status = array("received", "processed", "shipped");
if ($_FILES["upload_file"]["size"] > 0 && $error == false) {
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count != 0) {
$till_status = strtolower($emapData[8]);
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // product name
$emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // category id
$emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // subcategory id
$emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // indicator
$emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // manufacturer
$emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // made in
$emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // return status
$emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // cancel status
$emapData[8] = trim($db->escapeString($fn->xss_clean($till_status))); // till status
$emapData[9] = trim($db->escapeString($fn->xss_clean($emapData[9]))); // description
if (empty($emapData[0])) {
echo '<p class="alert alert-danger">Product Name is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[1])) {
echo '<p class="alert alert-danger">Category ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[6]) && $emapData[6] != 1) {
echo '<p class="alert alert-danger">Is Returnable is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[7]) && $emapData[7] != 1) {
echo '<p class="alert alert-danger">Is cancel-able is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[7]) && $emapData[7] == 1 && (empty($emapData[8]) || !in_array($emapData[8], $allowed_status))) {
echo '<p class="alert alert-danger">Till status is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[7]) && !(empty($emapData[8]))) {
echo '<p class="alert alert-danger">Till status is invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[9])) {
echo '<p class="alert alert-danger">Description is empty at row - ' . $count . '</div>';
return false;
}
}
$count++;
}
fclose($file);
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count1 != 0) {
$till_status = strtolower($emapData[8]);
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // product name
$emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // category id
$emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // subcategory id
$emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // indicator
$emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // manufacturer
$emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // made in
$emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($fn->xss_clean($emapData[6]))) : 0; // return status
$emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($fn->xss_clean($emapData[7]))) : 0; // cancel status
$emapData[8] = trim($db->escapeString($fn->xss_clean($till_status))); // till status
$emapData[9] = trim($db->escapeString($fn->xss_clean($emapData[9]))); // description
$emapData[10] = trim($db->escapeString($fn->xss_clean($emapData[10]))); // image
$slug = $function->slugify($emapData[0]);
$sql = "INSERT INTO products (`name`,`slug`,`category_id`,`subcategory_id`,`indicator`,`manufacturer`,`made_in`,`return_status`,`cancelable_status`,`till_status`,`description`,`image`) VALUES ('" . $emapData[0] . "','" . $slug . "','" . $emapData[1] . "','" . $emapData[2] . "','" . $emapData[3] . "','" . $emapData[4] . "','" . $emapData[5] . "','" . $emapData[6] . "','" . $emapData[7] . "','" . $emapData[8] . "','" . $emapData[9] . "','" . $emapData[10] . "')";
$db->sql($sql);
}
$count1++;
}
fclose($file);
echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
} else {
echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
}
}
// upload bulk product - upload products in bulk using a CSV file
if (isset($_POST['bulk_update']) && $_POST['bulk_update'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'products')) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['products']['update'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update products.</label>";
return false;
}
$count = 0;
$count1 = 0;
$filename = $_FILES["upload_file"]["tmp_name"];
$error = false;
$filename = $_FILES["upload_file"]["tmp_name"];
$result = $fn->validate_image($_FILES["upload_file"], false);
if ($result) {
$error = true;
}
$allowed_status = array("received", "processed", "shipped");
if ($_FILES["upload_file"]["size"] > 0 && $error == false) {
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count != 0) {
$till_status = strtolower($emapData[9]);
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // product ID
$emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // product name
$emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // category id
$emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // subcategory id
$emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // indicator
$emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // manufacturer
$emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // made in
$emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // return status
$emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // cancel status
$emapData[9] = trim($db->escapeString($fn->xss_clean($till_status))); // till status
$emapData[10] = trim($db->escapeString($fn->xss_clean($emapData[10]))); // description
$emapData[11] = $db->escapeString($fn->xss_clean($emapData[11])); // image
if (empty($emapData[0])) {
echo '<p class="alert alert-danger">Product ID is empty at row - ' . $count . '</div>';
return false;
}
$sql = "SELECT * FROM products WHERE id=" . $emapData[0];
$db->sql($sql);
$result = $db->getResult();
if (empty($result)) {
echo '<p class="alert alert-danger">Product ID is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[7]) && $emapData[7] != 1) {
echo '<p class="alert alert-danger">Is Returnable is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[8]) && $emapData[8] != 1) {
echo '<p class="alert alert-danger">Is cancel-able is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[8]) && $emapData[8] == 1 && (empty($emapData[9]) || !in_array($emapData[9], $allowed_status))) {
echo '<p class="alert alert-danger">Till status is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[8]) && !(empty($emapData[9]))) {
echo '<p class="alert alert-danger">Till status is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[8]) && (empty($emapData[9]))) {
echo '<p class="alert alert-danger">Till status is invalid or empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[11])) {
echo '<p class="alert alert-danger">Image is empty at row - ' . $count . '</div>';
return false;
}
}
$count++;
}
fclose($file);
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count1 != 0) {
$emapData[0] = trim($db->escapeString($emapData[0])); // product ID
$sql = "SELECT * FROM products WHERE id=" . $emapData[0];
$db->sql($sql);
$result = $db->getResult();
$till_status = strtolower($emapData[9]);
$emapData[1] = !empty($emapData[1]) ? trim($db->escapeString($fn->xss_clean($emapData[1]))) : $result[0]['name']; // product name
$emapData[2] = !empty($emapData[2]) ? trim($db->escapeString($fn->xss_clean($emapData[2]))) : $result[0]['category_id']; // category id
$emapData[3] = !empty($emapData[3]) ? trim($db->escapeString($fn->xss_clean($emapData[3]))) : $result[0]['subcategory_id']; // subcategory id
$emapData[4] = !empty($emapData[4]) ? trim($db->escapeString($fn->xss_clean($emapData[4]))) : $result[0]['indicator']; // indicator
$emapData[5] = !empty($emapData[5]) ? trim($db->escapeString($fn->xss_clean($emapData[5]))) : $result[0]['manufacturer']; // manufacturer
$emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($fn->xss_clean($emapData[6]))) : $result[0]['made_in']; // made in
$emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($fn->xss_clean($emapData[7]))) : $result[0]['return_status']; // return status
$emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // cancel status
$emapData[9] = !empty($emapData[8]) ? trim($db->escapeString($fn->xss_clean($till_status))) : ''; // till status
$emapData[10] = !empty($emapData[10]) ? trim($db->escapeString($fn->xss_clean($emapData[10]))) : $result[0]['description']; // description
$emapData[11] = !empty($emapData[11]) ? trim($db->escapeString($fn->xss_clean($emapData[11]))) : $result[0]['image']; // image
$slug = !empty($emapData[1]) ? $function->slugify($emapData[1]) : $result[0]['slug'];
$sql = "UPDATE products SET `name`='" . $emapData[1] . "',`slug`='" . $slug . "',`category_id`='" . $emapData[2] . "',`subcategory_id`='" . $emapData[3] . "',`indicator`='" . $emapData[4] . "',`manufacturer`='" . $emapData[5] . "',`made_in`='" . $emapData[6] . "',`return_status`='" . $emapData[7] . "',`cancelable_status`='" . $emapData[8] . "',`till_status`='" . $emapData[9] . "',`description`='" . $emapData[10] . "',`image`='" . $emapData[11] . "' WHERE id=" . $emapData[0];
$db->sql($sql);
}
$count1++;
}
fclose($file);
echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
} else {
echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
}
}
// upload bulk product variants- upload product variants in bulk using a CSV file
if (isset($_POST['bulk_upload']) && $_POST['bulk_upload'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'variants')) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['products']['create'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
return false;
}
$count = 0;
$count1 = 0;
$filename = $_FILES["upload_file"]["tmp_name"];
$error = false;
$result = $fn->validate_image($_FILES["upload_file"], false);
if ($result) {
$error = true;
}
$file = fopen($filename, "r");
$emptydata = false;
$invalid_price = false;
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count != 0) {
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // type
$emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // measurement
$emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // measurement unit id
$emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // price
$emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // discounted price
$emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // serve for
$emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // stock
$emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // stock unit id
$emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // product id
if (empty($emapData[0]) || ($emapData[0] != 'packet' && $emapData[0] != 'loose')) {
$emptydata = true;
echo '<p class="alert alert-danger">Type is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[1])) {
$emptydata = true;
echo '<p class="alert alert-danger">Measurement is empty or invalid at row - ' . $count . '</div>';
return false;
}
$sql = "SELECT id FROM unit";
$db->sql($sql);
$ids = $db->getResult();
$invalid_measurement_unit = 1;
foreach ($ids as $id) {
if ($emapData[2] == $id['id']) {
$invalid_measurement_unit = 0;
}
}
if (empty($emapData[2]) || $invalid_measurement_unit == 1) {
echo '<p class="alert alert-danger">Measurement Unit ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[3]) || $emapData[3] <= $emapData[4]) {
$emptydata = true;
echo '<p class="alert alert-danger">Price is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[5]) || ($emapData[5] != 'Available' && $emapData[5] != 'Sold Out')) {
$emptydata = true;
echo '<p class="alert alert-danger">Serve For is empty or invalid at row - ' . $count . '</div>';
return false;
}
$invalid_stock_unit = 0;
foreach ($ids as $id) {
if ($emapData[7] == $id['id']) {
$invalid_stock_unit = 0;
}
}
if (empty($emapData[7]) || $invalid_stock_unit == 1) {
echo '<p class="alert alert-danger">Stock Unit ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[8])) {
$emptydata = true;
echo '<p class="alert alert-danger">Product ID is empty at row - ' . $count . '</div>';
return false;
}
$sql = "SELECT id FROM products WHERE id=" . $emapData[8];
$db->sql($sql);
$result = $db->getResult();
if (empty($result)) {
echo '<p class="alert alert-danger">Product ID is invalid at row - ' . $count . '</div>';
return false;
}
}
$count++;
}
fclose($file);
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count1 != 0) {
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // type
$emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // measurement
$emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // measurement unit id
$emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // price
$emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // discounted price
$emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // serve for
$emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // stock
$emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // stock unit id
$emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // product id
$sql = "INSERT INTO product_variant (`product_id`,`type`,`measurement`,`measurement_unit_id`,`price`,`discounted_price`,`serve_for`,`stock`,`stock_unit_id`) VALUES ('" . $emapData[8] . "','" . $emapData[0] . "','" . $emapData[1] . "','" . $emapData[2] . "','" . $emapData[3] . "','" . $emapData[4] . "','" . $emapData[5] . "','" . $emapData[6] . "','" . $emapData[7] . "')";
$db->sql($sql);
}
$count1++;
}
fclose($file);
echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
// } else {
// echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
// }
}
if (isset($_POST['bulk_update']) && $_POST['bulk_update'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'variants')) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['products']['update'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update products.</label>";
return false;
}
$count = 0;
$count1 = 0;
$filename = $_FILES["upload_file"]["tmp_name"];
$error = false;
$result = $fn->validate_image($_FILES["upload_file"], false);
if ($result) {
$error = true;
}
if ($_FILES["upload_file"]["size"] > 0 && $error == false) {
$file = fopen($filename, "r");
$emptydata = false;
$invalid_price = false;
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count != 0) {
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // ID
$emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // type
$emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // measurement
$emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // measurement unit id
$emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // price
$emapData[5] = trim($db->escapeString($fn->xss_clean($emapData[5]))); // discounted price
$emapData[6] = trim($db->escapeString($fn->xss_clean($emapData[6]))); // serve for
$emapData[7] = trim($db->escapeString($fn->xss_clean($emapData[7]))); // stock
$emapData[8] = trim($db->escapeString($fn->xss_clean($emapData[8]))); // stock unit id
$emapData[9] = trim($db->escapeString($fn->xss_clean($emapData[9]))); // product id
if (empty($emapData[0])) {
echo '<p class="alert alert-danger">Variant ID is empty at row - ' . $count . '</div>';
return false;
}
$sql = "SELECT * FROM product_variant WHERE id=" . $emapData[0];
$db->sql($sql);
$result = $db->getResult();
if (empty($result)) {
echo '<p class="alert alert-danger">Variant ID is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[1]) && $emapData[1] != 'packet' && $emapData[1] != 'loose') {
echo '<p class="alert alert-danger">Type is invalid at row - ' . $count . '</div>';
return false;
}
$sql = "SELECT id FROM unit";
$db->sql($sql);
$ids = $db->getResult();
if (!empty($emapData[3])) {
$invalid_measurement_unit = 1;
foreach ($ids as $id) {
if ($emapData[3] == $id['id']) {
$invalid_measurement_unit = 0;
}
}
if ($invalid_measurement_unit == 1) {
echo '<p class="alert alert-danger">Measurement Unit ID is invalid at row - ' . $count . '</div>';
return false;
}
}
if ($emapData[4] <= $emapData[5]) {
echo '<p class="alert alert-danger">Price is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[6]) && $emapData[6] != 'Available' && $emapData[6] != 'Sold Out') {
echo '<p class="alert alert-danger">Serve For is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[8])) {
$invalid_stock_unit = 1;
foreach ($ids as $id) {
if ($emapData[8] == $id['id']) {
$invalid_stock_unit = 0;
}
}
if ($invalid_stock_unit == 1) {
echo '<p class="alert alert-danger">Stock Unit ID is invalid at row - ' . $count . '</div>';
return false;
}
}
if (!empty($emapData[9])) {
$sql = "SELECT id FROM products WHERE id=" . $emapData[9];
$db->sql($sql);
$result = $db->getResult();
if (empty($result)) {
echo '<p class="alert alert-danger">Product ID is invalid at row - ' . $count . '</div>';
return false;
}
}
}
$count++;
}
fclose($file);
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count1 != 0) {
$emapData[0] = trim($db->escapeString($emapData[0])); // ID
$sql = "SELECT * FROM product_variant WHERE id=" . $emapData[0];
$db->sql($sql);
$result = $db->getResult();
$emapData[1] = !empty($emapData[1]) ? trim($db->escapeString($fn->xss_clean($emapData[1]))) : $result[0]['type']; // type
$emapData[2] = !empty($emapData[2]) ? trim($db->escapeString($fn->xss_clean($emapData[2]))) : $result[0]['measurement']; // measurement
$emapData[3] = !empty($emapData[3]) ? trim($db->escapeString($fn->xss_clean($emapData[3]))) : $result[0]['measurement_unit_id']; // measurement unit id
$emapData[4] = !empty($emapData[4]) ? trim($db->escapeString($fn->xss_clean($emapData[4]))) : $result[0]['price']; // price
$emapData[5] = $result[0]['discounted_price'] == 0 && !empty($emapData[5]) ? trim($db->escapeString($fn->xss_clean($emapData[5]))) : trim($db->escapeString($fn->xss_clean($emapData[5]))); // discounted price
$emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($fn->xss_clean($emapData[6]))) : $result[0]['serve_for']; // serve for
$emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($fn->xss_clean($emapData[7]))) : $result[0]['stock']; // stock
$emapData[8] = !empty($emapData[8]) ? trim($db->escapeString($fn->xss_clean($emapData[8]))) : $result[0]['stock_unit_id']; // stock unit id
$emapData[9] = !empty($emapData[9]) ? trim($db->escapeString($fn->xss_clean($emapData[9]))) : $result[0]['product_id']; // product id
$sql = "UPDATE product_variant SET `product_id`='" . $emapData[9] . "',`type`='" . $emapData[1] . "',`measurement`='" . $emapData[2] . "',`measurement_unit_id`='" . $emapData[3] . "',`price`='" . $emapData[4] . "',`discounted_price`='" . $emapData[5] . "',`serve_for`='" . $emapData[6] . "',`stock`='" . $emapData[7] . "',`stock_unit_id`='" . $emapData[8] . "' WHERE id=" . $emapData[0];
$db->sql($sql);
}
$count1++;
}
fclose($file);
echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
} else {
echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
}
}
if (isset($_GET['product_status']) && !empty($_GET['product_status']) && isset($_GET['type']) && !empty($_GET['type'])) {
if (ALLOW_MODIFICATION == 0) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['products']['update'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update products.</label>";
return false;
}
$type = $db->escapeString($fn->xss_clean($_GET['type']));
$product_id = $db->escapeString($fn->xss_clean($_GET['id']));
if ($type == 'deactive') {
$sql = "UPDATE `products` SET `status`= 0 WHERE id = $product_id";
if ($db->sql($sql)) {
echo 1;
} else {
echo 0;
}
}
if ($type == 'active') {
$sql = "UPDATE `products` SET `status`= 1 WHERE id = $product_id";
if ($db->sql($sql)) {
echo 1;
} else {
echo 0;
}
}
}
if (isset($_POST['delete_media']) && !empty($_POST['id']) && $_POST['delete_media'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['id']));
$image = $db->escapeString($fn->xss_clean($_POST['image']));
if (!empty($image))
unlink('../' . $image);
$sql = "DELETE FROM `media` WHERE `id`='" . $id . "'";
if ($db->sql($sql)) {
echo 1;
echo "<p class='alert alert-success'>Media Deleted successfully!</p><br>";
} else {
echo 0;
echo "<p class='alert alert-success'>Media is not Deleted!</p><br>";
}
}
if (isset($_POST['change_product'])) {
if ($permissions['products']['read'] == 1) {
if ($_POST['product_id'] == '') {
$sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id";
} else {
$product_id = $db->escapeString($fn->xss_clean($_POST['product_id']));
$sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id WHERE pv.product_id=" . $product_id;
}
} else {
echo "<option value=''>--Select Product Variants--</option>";
return false;
}
$db->sql($sql);
$res = $db->getResult();
if (!empty($res)) {
foreach ($res as $row) {
echo "<option value=" . $row['id'] . ">" . $row['measurement'] . " " . $row['short_code'] . "</option>";
}
} else {
echo "<option value=''>--No Product Variants added--</option>";
}
}
if (isset($_POST['change_price'])) {
if ($permissions['products']['read'] == 1) {
if ($_POST['product_variant_id'] == '') {
$sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id";
} else {
$product_variant_id = $db->escapeString($fn->xss_clean($_POST['product_variant_id']));
$sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id WHERE pv.id=" . $product_variant_id;
}
}
$db->sql($sql);
$res = $db->getResult();
if (!empty($res)) {
foreach ($res as $row) {
echo $row['price'];
}
}
}
if (isset($_POST['change_discounted_price'])) {
if ($permissions['products']['read'] == 1) {
if ($_POST['product_variant_id'] == '') {
$sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id";
} else {
$product_variant_id = $db->escapeString($fn->xss_clean($_POST['product_variant_id']));
$sql = "SELECT pv.*,u.short_code FROM product_variant pv LEFT JOIN `unit` u ON u.id = pv.measurement_unit_id WHERE pv.id=" . $product_variant_id;
}
}
$db->sql($sql);
$res = $db->getResult();
if (!empty($res)) {
foreach ($res as $row) {
echo $row['discounted_price'];
}
}
}
if (isset($_POST['get_units_of_products']) && $_POST['get_units_of_products'] != '') {
$id = $db->escapeString($fn->xss_clean($_POST['unit_id']));
$sql = "SELECT u.* FROM `unit` u WHERE u.id=" . $id;
$db->sql($sql);
$res = $db->getResult();
if ($res[0]['short_code'] == 'S' || $res[0]['short_code'] == 'M' || $res[0]['short_code'] == 'L' || $res[0]['short_code'] == 'XL') {
echo 1;
} else {
echo 2;
}
}
if (isset($_POST['bulk_uploads']) && $_POST['bulk_uploads'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'products')) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['products']['create'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
return false;
}
$count = 0;
$count1 = 0;
$error = false;
$filename = $_FILES["upload_file"]["tmp_name"];
$result = $fn->validate_image($_FILES["upload_file"], false);
if ($result) {
$error = true;
}
$allowed_status = array("received", "processed", "shipped");
if ($_FILES["upload_file"]["size"] > 0 && $error == false) {
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count != 0) {
$emapData[0] = trim($db->escapeString($emapData[0])); // product name
$emapData[1] = trim($db->escapeString($emapData[1])); // category id
$emapData[2] = trim($db->escapeString($emapData[2])); // subcategory id
$emapData[3] = trim($db->escapeString($emapData[3])); // indicator
$emapData[4] = trim($db->escapeString($emapData[4])); // manufacturer
$emapData[5] = trim($db->escapeString($emapData[5])); // made in
$emapData[6] = trim($db->escapeString($emapData[6])); // return status
$emapData[7] = trim($db->escapeString($emapData[7])); // cancel status
$emapData[8] = trim($db->escapeString($emapData[8])); // till status
$emapData[9] = trim($db->escapeString($emapData[9])); // description
$emapData[10] = trim($db->escapeString($emapData[10])); // image
$emapData[11] = trim($db->escapeString($emapData[11])); // tax id
$emapData[12] = trim($db->escapeString($emapData[12])); // type
$emapData[13] = trim($db->escapeString($emapData[13])); // Measurement
$emapData[14] = trim($db->escapeString($emapData[14])); // Measurement Unit ID
$emapData[15] = trim($db->escapeString($emapData[15])); // Price
$emapData[16] = trim($db->escapeString($emapData[16])); // Discounted Price
$emapData[17] = trim($db->escapeString($emapData[17])); // Serve For
$emapData[18] = trim($db->escapeString($emapData[18])); // Stock
$emapData[19] = trim($db->escapeString($emapData[19])); // Stock Unit ID
if (empty($emapData[0])) {
echo '<p class="alert alert-danger">Product Name is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[1])) {
echo '<p class="alert alert-danger">Category ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[2])) {
echo '<p class="alert alert-danger">Subcategory ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[6]) && $emapData[6] != 1) {
echo '<p class="alert alert-danger">Is Returnable is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[7]) && $emapData[7] != 1) {
echo '<p class="alert alert-danger">Is cancel-able is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[7]) && $emapData[7] == 1 && (empty($emapData[8]) || !in_array($emapData[8], $allowed_status))) {
echo '<p class="alert alert-danger">Till status is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[7]) && !(empty($emapData[8]))) {
echo '<p class="alert alert-danger">Till status is invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[9])) {
echo '<p class="alert alert-danger">Description is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[10])) {
echo '<p class="alert alert-danger">Image is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[12]) || ($emapData[12] != 'packet' && $emapData[12] != 'loose')) {
echo '<p class="alert alert-danger">Type is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[13]) || !is_numeric($emapData[13])) {
echo '<p class="alert alert-danger">Measurement is empty or invalid at row - ' . $count . '</div>';
return false;
}
$sql = "SELECT id FROM unit";
$db->sql($sql);
$ids = $db->getResult();
$invalid_measurement_unit = 1;
foreach ($ids as $id) {
if ($emapData[14] == $id['id']) {
$invalid_measurement_unit = 0;
}
}
if (empty($emapData[14]) || $invalid_measurement_unit == 1) {
echo '<p class="alert alert-danger">Measurement Unit ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[15]) || $emapData[15] <= $emapData[16]) {
echo '<p class="alert alert-danger">Price is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[17]) || ($emapData[17] != 'Available' && $emapData[17] != 'Sold Out')) {
echo '<p class="alert alert-danger">Serve For is empty or invalid at row - ' . $count . '</div>';
return false;
}
$invalid_stock_unit = 1;
foreach ($ids as $id) {
if ($emapData[19] == $id['id']) {
$invalid_stock_unit = 0;
}
}
if (empty($emapData[19]) || $invalid_stock_unit == 1) {
echo '<p class="alert alert-danger">Stock Unit ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
}
$count++;
}
fclose($file);
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count1 != 0) {
$emapData[0] = trim($db->escapeString($emapData[0])); // product name
$emapData[1] = trim($db->escapeString($emapData[1])); // category id
$emapData[2] = trim($db->escapeString($emapData[2])); // subcategory id
$emapData[3] = trim($db->escapeString($emapData[3])); // indicator
$emapData[4] = trim($db->escapeString($emapData[4])); // manufacturer
$emapData[5] = trim($db->escapeString($emapData[5])); // made in
$emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($emapData[6])) : 0; // return status
$emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($emapData[7])) : 0; // cancel status
$emapData[8] = trim($db->escapeString($emapData[8])); // till status
$emapData[9] = trim($db->escapeString($emapData[9])); // description
$emapData[10] = trim($db->escapeString($emapData[10])); // image
$emapData[11] = trim($db->escapeString($emapData[11])); // tax id
$emapData[12] = trim($db->escapeString($emapData[12])); // type
$emapData[13] = trim($db->escapeString($emapData[13])); // Measurement
$emapData[14] = trim($db->escapeString($emapData[14])); // Measurement Unit ID
$emapData[15] = trim($db->escapeString($emapData[15])); // Price
$emapData[16] = trim($db->escapeString($emapData[16])); // Discounted Price
$emapData[17] = trim($db->escapeString($emapData[17])); // Serve For
$emapData[18] = trim($db->escapeString($emapData[18])); // Stock
$emapData[19] = trim($db->escapeString($emapData[19])); // Stock Unit ID
$slug = $function->slugify($emapData[0]);
$data = array(
'name' => $emapData[0],
'slug' => $slug,
'category_id' => $emapData[1],
'subcategory_id' => $emapData[2],
'indicator' => $emapData[3],
'manufacturer' => $emapData[4],
'made_in' => $emapData[5],
'return_status' => $emapData[6],
'cancelable_status' => $emapData[7],
'till_status' => $emapData[8],
'description' => $emapData[9],
'image' => $emapData[10],
'tax_id' => $emapData[11]
);
$total = (count($emapData) / 9);
$db->insert('products', $data);
$res = $db->getResult();
if ($total > 3) {
$index = 11;
for ($i = 0; $i < ($total - 2); $i++) {
$data = array(
'product_id' => $res[0],
'type' => $emapData[++$index],
'measurement' => $emapData[++$index],
'measurement_unit_id' => $emapData[++$index],
'price' => $emapData[++$index],
'discounted_price' => $emapData[++$index],
'serve_for' => $emapData[++$index],
'stock' => $emapData[++$index],
'stock_unit_id' => $emapData[++$index]
);
$db->insert('product_variant', $data);
$res1 = $db->getResult();
}
} else {
$data = array(
'product_id' => $res[0],
'type' => $emapData[12],
'measurement' => $emapData[13],
'measurement_unit_id' => $emapData[14],
'price' => $emapData[15],
'discounted_price' => $emapData[16],
'discounted_price' => $emapData[16],
'serve_for' => $emapData[17],
'stock' => $emapData[18],
'stock_unit_id' => $emapData[19]
);
$db->insert('product_variant', $data);
$res1 = $db->getResult();
}
}
$count1++;
}
fclose($file);
echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
} else {
echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
}
}
if (isset($_POST['bulk_updates']) && $_POST['bulk_updates'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'products')) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['products']['create'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
return false;
}
$count = 0;
$count1 = 0;
$error = false;
$filename = $_FILES["upload_file"]["tmp_name"];
$result = $fn->validate_image($_FILES["upload_file"], false);
if ($result) {
$error = true;
}
$allowed_status = array("received", "processed", "shipped");
if ($_FILES["upload_file"]["size"] > 0 && $error == false) {
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count != 0) {
$emapData[0] = trim($db->escapeString($emapData[0])); // product name
$emapData[1] = trim($db->escapeString($emapData[1])); // category id
$emapData[2] = trim($db->escapeString($emapData[2])); // subcategory id
$emapData[3] = trim($db->escapeString($emapData[3])); // indicator
$emapData[4] = trim($db->escapeString($emapData[4])); // manufacturer
$emapData[5] = trim($db->escapeString($emapData[5])); // made in
$emapData[6] = trim($db->escapeString($emapData[6])); // return status
$emapData[7] = trim($db->escapeString($emapData[7])); // cancel status
$emapData[8] = trim($db->escapeString($emapData[8])); // till status
$emapData[9] = trim($db->escapeString($emapData[9])); // description
$emapData[10] = trim($db->escapeString($emapData[10])); // image
$emapData[11] = trim($db->escapeString($emapData[11])); // tax id
$emapData[12] = trim($db->escapeString($emapData[12])); // type
$emapData[13] = trim($db->escapeString($emapData[13])); // Measurement
$emapData[14] = trim($db->escapeString($emapData[14])); // Measurement Unit ID
$emapData[15] = trim($db->escapeString($emapData[15])); // Price
$emapData[16] = trim($db->escapeString($emapData[16])); // Discounted Price
$emapData[17] = trim($db->escapeString($emapData[17])); // Serve For
$emapData[18] = trim($db->escapeString($emapData[18])); // Stock
$emapData[19] = trim($db->escapeString($emapData[19])); // Stock Unit ID
if (empty($emapData[0])) {
echo '<p class="alert alert-danger">Product Name is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[1])) {
echo '<p class="alert alert-danger">Category ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[2])) {
echo '<p class="alert alert-danger">Subcategory ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[6]) && $emapData[6] != 1) {
echo '<p class="alert alert-danger">Is Returnable is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[7]) && $emapData[7] != 1) {
echo '<p class="alert alert-danger">Is cancel-able is invalid at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[7]) && $emapData[7] == 1 && (empty($emapData[8]) || !in_array($emapData[8], $allowed_status))) {
echo '<p class="alert alert-danger">Till status is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[7]) && !(empty($emapData[8]))) {
echo '<p class="alert alert-danger">Till status is invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[9])) {
echo '<p class="alert alert-danger">Description is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[10])) {
echo '<p class="alert alert-danger">Image is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[12]) || ($emapData[12] != 'packet' && $emapData[12] != 'loose')) {
echo '<p class="alert alert-danger">Type is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[13]) || !is_numeric($emapData[13])) {
echo '<p class="alert alert-danger">Measurement is empty or invalid at row - ' . $count . '</div>';
return false;
}
$sql = "SELECT id FROM unit";
$db->sql($sql);
$ids = $db->getResult();
$invalid_measurement_unit = 1;
foreach ($ids as $id) {
if ($emapData[14] == $id['id']) {
$invalid_measurement_unit = 0;
}
}
if (empty($emapData[14]) || $invalid_measurement_unit == 1) {
echo '<p class="alert alert-danger">Measurement Unit ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[15]) || $emapData[15] <= $emapData[16]) {
echo '<p class="alert alert-danger">Price is empty or invalid at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[17]) || ($emapData[17] != 'Available' && $emapData[17] != 'Sold Out')) {
echo '<p class="alert alert-danger">Serve For is empty or invalid at row - ' . $count . '</div>';
return false;
}
$invalid_stock_unit = 1;
foreach ($ids as $id) {
if ($emapData[19] == $id['id']) {
$invalid_stock_unit = 0;
}
}
if (empty($emapData[19]) || $invalid_stock_unit == 1) {
echo '<p class="alert alert-danger">Stock Unit ID is empty or invalid at row - ' . $count . '</div>';
return false;
}
}
$count++;
}
fclose($file);
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count1 != 0) {
$emapData[0] = trim($db->escapeString($emapData[0])); // product name
$emapData[1] = trim($db->escapeString($emapData[1])); // category id
$emapData[2] = trim($db->escapeString($emapData[2])); // subcategory id
$emapData[3] = trim($db->escapeString($emapData[3])); // indicator
$emapData[4] = trim($db->escapeString($emapData[4])); // manufacturer
$emapData[5] = trim($db->escapeString($emapData[5])); // made in
$emapData[6] = !empty($emapData[6]) ? trim($db->escapeString($emapData[6])) : 0; // return status
$emapData[7] = !empty($emapData[7]) ? trim($db->escapeString($emapData[7])) : 0; // cancel status
$emapData[8] = trim($db->escapeString($emapData[8])); // till status
$emapData[9] = trim($db->escapeString($emapData[9])); // description
$emapData[10] = trim($db->escapeString($emapData[10])); // image
$emapData[11] = trim($db->escapeString($emapData[11])); // tax id
$emapData[12] = trim($db->escapeString($emapData[12])); // type
$emapData[13] = trim($db->escapeString($emapData[13])); // Measurement
$emapData[14] = trim($db->escapeString($emapData[14])); // Measurement Unit ID
$emapData[15] = trim($db->escapeString($emapData[15])); // Price
$emapData[16] = trim($db->escapeString($emapData[16])); // Discounted Price
$emapData[17] = trim($db->escapeString($emapData[17])); // Serve For
$emapData[18] = trim($db->escapeString($emapData[18])); // Stock
$emapData[19] = trim($db->escapeString($emapData[19])); // Stock Unit ID
$slug = $function->slugify($emapData[0]);
$data = array(
'name' => $emapData[0],
'slug' => $slug,
'category_id' => $emapData[1],
'subcategory_id' => $emapData[2],
'indicator' => $emapData[3],
'manufacturer' => $emapData[4],
'made_in' => $emapData[5],
'return_status' => $emapData[6],
'cancelable_status' => $emapData[7],
'till_status' => $emapData[8],
'description' => $emapData[9],
'image' => $emapData[10],
'tax_id' => $emapData[11]
);
$db->insert('products', $data);
$res = $db->getResult();
$total = (count($emapData) / 8);
if ($total > 3) {
$index = 11;
for ($i = 0; $i < ($total - 2); $i++) {
$data = array(
'product_id' => $res[0],
'type' => $emapData[++$index],
'measurement' => $emapData[++$index],
'measurement_unit_id' => $emapData[++$index],
'price' => $emapData[++$index],
'discounted_price' => $emapData[++$index],
'serve_for' => $emapData[++$index],
'stock' => $emapData[++$index],
'stock_unit_id' => $emapData[++$index]
);
$db->insert('product_variant', $data);
$res1 = $db->getResult();
}
} else {
$data = array(
'product_id' => $res[0],
'type' => $emapData[12],
'measurement' => $emapData[13],
'measurement_unit_id' => $emapData[14],
'price' => $emapData[15],
'discounted_price' => $emapData[16],
'serve_for' => $emapData[17],
'stock' => $emapData[18],
'stock_unit_id' => $emapData[19]
);
$db->insert('product_variant', $data);
$res1 = $db->getResult();
}
}
$count1++;
}
fclose($file);
echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
} else {
echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
}
}
if (isset($_GET['status']) && !empty($_GET['status']) && isset($_GET['type']) && !empty($_GET['type'])) {
if (ALLOW_MODIFICATION == 0) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['customers']['read'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update users.</label>";
return false;
}
$type = $db->escapeString($fn->xss_clean($_GET['type']));
$user_id = $db->escapeString($fn->xss_clean($_GET['id']));
if ($type == 'deactive') {
$sql = "UPDATE `users` SET `status`= 0 WHERE id = $user_id";
if ($db->sql($sql)) {
echo 1;
} else {
echo 0;
}
}
if ($type == 'active') {
$sql = "UPDATE `users` SET `status`= 1 WHERE id = $user_id";
if ($db->sql($sql)) {
echo 1;
} else {
echo 0;
}
}
}
if (isset($_POST['update_bank_transfer']) && $_POST['update_bank_transfer'] == 1) {
$message = isset($_POST['message']) && !empty($_POST['message']) ? $db->escapeString($fn->xss_clean($_POST['message'])) : "";
$status = isset($_POST['status']) && !empty($_POST['status']) ? $db->escapeString($fn->xss_clean($_POST['status'])) : "";
$order_id = $db->escapeString($fn->xss_clean($_POST['order_id']));
$sql = "SELECT * FROM `order_bank_transfers` WHERE order_id=" . $order_id;
$db->sql($sql);
$res = $db->getResult();
if ($res[0]['status'] == 0) {
$atta_status = 'Pending';
} elseif ($res[0]['status'] == 1) {
$atta_status = 'Accepted';
} elseif ($res[0]['status'] == 2) {
$atta_status = 'Rejected';
}
if (!empty($_POST['status']) && $status == 0 && $status != '') {
echo "<label class='alert alert-danger'>status already Accepted.</label>";
return false;
}
if (($res[0]['status'] == 0 && $status == 0) || ($res[0]['status'] == 1 && $status == 1) || ($res[0]['status'] == 2 && $status == 2)) {
echo "<label class='alert alert-danger'>status already $atta_status. </label>";
return false;
}
if ($res[0]['status'] < $status) {
if (!empty($message)) {
$sql_query = "update order_bank_transfers set `message`='" . $message . "',`status`='" . $status . "' where `order_id`=" . $order_id;
} else {
$sql_query = "update order_bank_transfers set `status`='" . $status . "' where `order_id`=" . $order_id;
}
if ($db->sql($sql_query)) {
echo "<label class='alert alert-success'>Bank Transfer Details Updated successfully.</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
} else {
echo "<label class='alert alert-danger'>Some Error Occurred! Please Try Again.</label>";
}
}
if (isset($_POST['get_category_id_by_product_id']) && $_POST['get_category_id_by_product_id'] == 1) {
if ($_POST['category_id'] == '') {
$sql = "SELECT id,name from `products` where `status` = 1 order by id desc";
} else {
$category_ids = $db->escapeString($fn->xss_clean($_POST['category_id']));
$sql = "SELECT id,name from `products` where `status` = 1 AND category_id IN( $category_ids ) order by id desc";
}
$db->sql($sql);
$res = $db->getResult();
$selected = $_POST['selected'];
$selected = explode(",", $selected);
for ($i = 0; $i < count($selected); $i++) {
$selected[$i] = trim($selected[$i]);
}
if (!empty($res)) {
foreach ($res as $row) {
if (in_array($row['id'], $selected)) {
echo "<option value=" . $row['id'] . " selected >" . $row['name'] . "</option>";
} else {
echo "<option value=" . $row['id'] . " >" . $row['name'] . "</option>";
}
}
}
}
if (isset($_POST['location_bulk_uploads']) && $_POST['location_bulk_uploads'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'cities')) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['locations']['create'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
return false;
}
$count = 0;
$count1 = 0;
$error = false;
$filename = $_FILES["upload_file"]["tmp_name"];
if ($_FILES["upload_file"]["size"] > 0 && $error == false) {
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count != 0) {
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // city name
if (empty($emapData[0])) {
echo '<p class="alert alert-danger">City Name is empty at row - ' . $count . '</div>';
return false;
}
}
$count++;
}
fclose($file);
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count1 != 0) {
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // city name
$sql = "INSERT INTO city (`name`) VALUES ('" . $emapData[0] . "')";
$db->sql($sql);
}
$count1++;
}
fclose($file);
echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
} else {
echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
}
}
if (isset($_POST['location_bulk_uploads']) && $_POST['location_bulk_uploads'] == 1 && (isset($_POST['type']) && $_POST['type'] == 'areas')) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['locations']['create'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to upload products.</label>";
return false;
}
$count = 0;
$count1 = 0;
$error = false;
$filename = $_FILES["upload_file"]["tmp_name"];
if ($_FILES["upload_file"]["size"] > 0 && $error == false) {
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count != 0) {
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // area name
$emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // city id
$emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // minimum_free_delivery_order_amount
$emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); //minimum_order_amount
$emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); //delivery_charges
if (empty($emapData[0])) {
echo '<p class="alert alert-danger">Area Name is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[1])) {
echo '<p class="alert alert-danger">City Id is empty at row - ' . $count . '</div>';
return false;
}
if (!empty($emapData[1])) {
$city = $fn->get_data($columns = ['name'], "id=" . $emapData[1], 'city');
if (empty($city)) {
echo '<p class="alert alert-danger">City is not exist check the city_id at row - ' . $count . '</div>';
return false;
}
}
if (empty($emapData[2])) {
echo '<p class="alert alert-danger">Minimum Free Delivery Order Amount is empty at row - ' . $count . '</div>';
return false;
}
if (empty($emapData[4])) {
echo '<p class="alert alert-danger">Delivery Charges is empty at row - ' . $count . '</div>';
return false;
}
}
$count++;
}
fclose($file);
$file = fopen($filename, "r");
while (($emapData = fgetcsv($file, 10000, ",")) !== FALSE) {
if ($count1 != 0) {
$emapData[0] = trim($db->escapeString($fn->xss_clean($emapData[0]))); // Area Name
$emapData[1] = trim($db->escapeString($fn->xss_clean($emapData[1]))); // City Id
$emapData[2] = trim($db->escapeString($fn->xss_clean($emapData[2]))); // minimum_free_delivery_order_amount
$emapData[3] = trim($db->escapeString($fn->xss_clean($emapData[3]))); // minimum_order_amount
$emapData[4] = trim($db->escapeString($fn->xss_clean($emapData[4]))); // delivery_charges
$sql = "INSERT INTO area (`name`,`city_id`,`minimum_free_delivery_order_amount`,`minimum_order_amount`,`delivery_charges`) VALUES ('" . $emapData[0] . "','" . $emapData[1] . "','" . $emapData[2] . "','" . $emapData[3] . "','" . $emapData[4] . "')";
$db->sql($sql);
}
$count1++;
}
fclose($file);
echo "<p class='alert alert-success'>CSV file is successfully imported!</p><br>";
} else {
echo "<p class='alert alert-danger'>Invalid file format! Please upload data in CSV file!</p><br>";
}
}
if (isset($_GET['offer_status']) && !empty($_GET['offer_status']) && isset($_GET['type']) && !empty($_GET['type'])) {
if (ALLOW_MODIFICATION == 0) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['new_offers']['read'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update offers.</label>";
return false;
}
$type = $db->escapeString($fn->xss_clean($_GET['type']));
$id = $db->escapeString($fn->xss_clean($_GET['id']));
if ($type == 'deactive') {
$sql = "UPDATE `offers` SET `status`= 0 WHERE id = $id";
if ($db->sql($sql)) {
echo 1;
} else {
echo 0;
}
}
if ($type == 'active') {
$sql = "UPDATE `offers` SET `status`= 1 WHERE id = $id";
if ($db->sql($sql)) {
echo 1;
} else {
echo 0;
}
}
}
if (isset($_GET['slider_status']) && !empty($_GET['slider_status']) && isset($_GET['type']) && !empty($_GET['type'])) {
if (ALLOW_MODIFICATION == 0) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['home_sliders']['read'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update Slider.</label>";
return false;
}
$type = $db->escapeString($fn->xss_clean($_GET['type']));
$id = $db->escapeString($fn->xss_clean($_GET['id']));
if ($type == 'deactive') {
$sql = "UPDATE `slider` SET `status`= 0 WHERE id = $id";
if ($db->sql($sql)) {
echo 1;
} else {
echo 0;
}
}
if ($type == 'active') {
$sql = "UPDATE `slider` SET `status`= 1 WHERE id = $id";
if ($db->sql($sql)) {
echo 1;
} else {
echo 0;
}
}
}
if (isset($_POST['boy_id']) && isset($_POST['cash_collection']) && !empty($_POST['cash_collection'])) {
if (ALLOW_MODIFICATION == 0) {
echo '<label class="alert alert-danger">This operation is not allowed in demo panel!.</label>';
return false;
}
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
if ($permissions['delivery_boys']['update'] == 0) {
echo "<label class='alert alert-danger'>You have no permission to update delivery boy.</label>";
return false;
}
$id = $db->escapeString($fn->xss_clean($_POST['boy_id']));
$cash = $fn->get_data($columns = ['cash_received'], "id='" . $id . "'", 'delivery_boys');
if (isset($cash[0]['cash_received'])) {
$cash = $cash[0]['cash_received'];
if (!is_numeric($_POST['amount'])) {
echo "<label class='alert alert-danger'>Amount must be number.</label>";
return false;
}
if ($_POST['amount'] > $cash) {
echo "<label class='alert alert-danger'>Amount must be not be greater than cash.</label>";
return false;
}
$amount = $db->escapeString($fn->xss_clean($_POST['amount']));
$date = $db->escapeString($fn->xss_clean($_POST['date']));
$message = (!empty($_POST['message'])) ? $db->escapeString($fn->xss_clean($_POST['message'])) : 'Delivery boy cash collection by admin';
$cash = $cash - $amount;
$sql = "Update delivery_boys set `cash_received`='" . $cash . "' where `id`=" . $id;
$db->sql($sql);
$fn->add_transaction("", $id, 'delivery_boy_cash_collection', $amount, $message, $date);
echo "<p class='alert alert-success'>Cash collected Successfully!</p>";
} else {
echo "<label class='alert alert-danger'>Something went wrong!.</label>";
return false;
}
}
if (isset($_POST['add_ticket_types']) && $_POST['add_ticket_types'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
$type = $db->escapeString($fn->xss_clean($_POST['add_title']));
$sql = "INSERT INTO ticket_type (`type`) VALUES ('$type')";
if ($db->sql($sql)) {
echo "<label class='alert alert-success'>Ticket Type Added Successfully!</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occrred! please try again.</label>";
}
}
if (isset($_POST['edit_ticket_types']) && $_POST['edit_ticket_types'] == 1) {
if (!checkadmin($auth_username)) {
echo "<label class='alert alert-danger'>Access denied - You are not authorized to access this page.</label>";
return false;
}
$type = $db->escapeString($fn->xss_clean($_POST['edit_title']));
$id = $db->escapeString($fn->xss_clean($_POST['id']));
$sql = "UPDATE ticket_type SET `type`= '$type' WHERE id= " . $id;
if ($db->sql($sql)) {
echo "<label class='alert alert-success'>Ticket Type Updated Successfully!</label>";
} else {
echo "<label class='alert alert-danger'>Some Error Occrred! please try again.</label>";
}
}
// Delete tickrt types
if (isset($_GET['delete_ticket_types']) && $_GET['delete_ticket_types'] == 1) {
if ($permissions['return_requests']['delete'] == 0) {
echo 2;
return false;
}
$id = $db->escapeString($_GET['id']);
$sql = "DELETE FROM `ticket_type` WHERE id=" . $id;
if ($db->sql($sql)) {
echo 0;
} else {
echo 1;
}
}
// Change status of ticket
if ((isset($_POST['change_ticket_status'])) && ($_POST['change_ticket_status'] == 1)) {
$ticket_id = $db->escapeString($_POST['ticket_id']);
$status = $db->escapeString($_POST['change_status']);
$sql = "UPDATE `tickets` SET status = '" . $status . "' WHERE id = " . $ticket_id;
$db->sql($sql);
}
// Load Ticket messages here
if (isset($_POST['get_complaint_comments']) && ($_POST['get_complaint_comments'] == 1)) {
$ticket_id = $db->escapeString($fn->xss_clean($_POST['ticket_id']));
$where = "";
if (isset($_POST['user_id']) && !empty($_POST['user_id'])) {
$user_id = $db->escapeString($fn->xss_clean($_POST['user_id']));
$where .= " AND user_id = $user_id";
}
if (isset($_POST['id']) && !empty($_POST['id'])) {
$id = $db->escapeString($fn->xss_clean($_POST['id']));
$where .= " AND tm.id = $id";
}
$offset = (isset($_POST['offset']) && !empty($fn->xss_clean($_POST['offset'])) && is_numeric($_POST['offset'])) ? $db->escapeString($fn->xss_clean($_POST['offset'])) : 0;
$limit = (isset($_POST['limit']) && !empty($fn->xss_clean($_POST['limit'])) && is_numeric($_POST['limit'])) ? $db->escapeString($fn->xss_clean($_POST['limit'])) : 10;
$sort = (isset($_POST['sort']) && !empty($fn->xss_clean($_POST['sort']))) ? $db->escapeString($fn->xss_clean($_POST['sort'])) : 'tm.id';
$order = (isset($_POST['order']) && !empty($fn->xss_clean($_POST['order']))) ? $db->escapeString($fn->xss_clean($_POST['order'])) : 'DESC';
if (isset($_POST['search'])) {
$search = $db->escapeString($fn->xss_clean($_POST['search']));
$where .= " AND (t.`title` like '%" . $search . "%' OR tm.`message` like '%" . $search . "%' )";
}
if (isset($_POST['ticket_id']) && !empty($_POST['ticket_id'])) {
$sql = "SELECT count(tm.id) as total FROM `ticket_messages` tm left join tickets t on t.id=tm.ticket_id left join users u on u.id=t.user_id Where tm.ticket_id = $ticket_id" . $where;
$db->sql($sql);
$res = $db->getResult();
$total = $res[0]['total'];
$sql = "select tm.*,case when tm.type='admin' then a.username else u.name end as username from ticket_messages tm left join admin a on a.id = tm.user_id
left join users u on u.id = tm.user_id Where tm.ticket_id = $ticket_id " . $where . " ORDER BY $sort $order LIMIT $offset,$limit";
// echo $sql;
$db->sql($sql);
$res = $db->getResult();
if (!empty($res)) {
foreach ($res as $row) {
$row['username'] = (!empty($row['username'])) ? $row['username'] : "";
$tempRow['id'] = $row['id'];
$tempRow['type'] = $row['type'];
$tempRow['user_id'] = $row['user_id'];
$tempRow['username'] = $row['username'];
$tempRow['ticket_id'] = $row['ticket_id'];
$tempRow['message'] = $row['message'];
$tempRow['date_created'] = $row['date_created'];
$tempRow['attachments'] = (!empty($row['attachments'])) ? $row['attachments'] : '';
$rows[] = $tempRow;
}
$response['error'] = false;
$response['message'] = 'Messages Retrived Successfully!';
$response['total'] = $total;
$response['data'] = $rows;
} else {
$response['error'] = true;
$response['message'] = 'Data not Found!';
$response['total'] = $total;
$response['data'] = [];
}
print_r(json_encode($response));
}
}
// send message
if (isset($_POST['send']) && ($_POST['send'] == 1)) {
if (isset($_POST['message']) && $_POST['message'] != "") {
$type = $_POST['type'];
$user_id = $_POST['type_id'];
$ticket_id = $_POST['ticket_id'];
$message = $_POST['message'];
$date_created = date('Y-m-d H:m:s');
}
$sql = "INSERT INTO ticket_messages (ticket_id,message,type,user_id,date_created) VALUES ($ticket_id, '$message','$type','$user_id','$date_created')";
$result = $db->sql($sql);
$row1 = $db->getResult();
// get send message data
$res = $fn->get_data('', '', 'ticket_messages', '', '', 'ORDER BY id DESC', 'LIMIT 0,1');
$res[0]['last_updated'] = !empty($res[0]['last_updated']) ? $res[0]['last_updated'] : "";
$res[0]['attachments'] = json_decode($res[0]['attachments'], 1);
$res[0]['attachments'] = (empty($res[0]['attachments'])) ? array() : $res[0]['attachments'];
for ($j = 0; $j < count($res[0]['attachments']); $j++) {
$res[0]['attachments'][$j] = !empty(DOMAIN_URL . $res[0]['attachments'][$j]) ? DOMAIN_URL . $res[0]['attachments'][$j] : "";
}
$message_res = json_encode($res);
// get ticket data
$title = $fn->get_data('', 'id=' . $ticket_id, 'tickets');
$t_id = $title[0]['id'];
$ticket_title = $title[0]['title'];
$u_id = $title[0]['user_id'];
// send notification to user
$fn->send_notification_to_user('Customer Support', $message, 'customer_notification', $u_id, $t_id, $message_res);
echo json_encode($row1);
}
Zerion Mini Shell 1.0