Server IP : 108.163.255.210 / Your IP : 18.225.117.89 Web Server : Apache System : Linux blossom.urlnameserver.com 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64 User : ( 1172) PHP Version : 7.2.34 Disable Function : eval,escapeshellarg,proc_close,proc_get_status,proc_nice,proc_open,symlink,system,pcntl_exec,getrusage,chown,chgp,closelog,openlog,syslog,define_syslog_variables,php_ini_loaded_file,getservbyname,getservbyport,posix_getgid,posix_getgrgid,proc_terminate,pfsockopen,apache_child_terminate,posix_mkfifo,posix_setpgid,posix_setuid,hypot,pg_host,pos,posix_access,posix_getcwd,posix_getservbyname,myshellexec,getpid,posix_getsid,posix_isatty,posix_kill,posix_mknod,posix_setgid,posix_setsid,posix_setuid,posix_times,posix_uname,ps_fill,posix_getpwuid,global,ini_restore,zip_open,zip_read,rar_open,bzopen,bzread,bzwrite,apache_get_modules,apache_get_version,phpversionphpinfo,php_ini_scanned_files,get_current_user,disk_total_space,diskfreespace,leak,imap_list,hypo,filedump,safe_mode,getmygid,apache_getenv,apache_setenv,bzread,bzwrite,bzopen,phpini,higlight_file,dos_conv,get_cwd,er_log,cmd,e_name,vdir,get_dir,only_read,ftok,ftpexec,posix_getpwnam,mysql_list_dbs,disk_free_space,session_save_path,confirm_phpdoc_compiled,zip_entry_rea,php_u,psockopen,crack_opendict,crack_getlastmessage,crack_closedict,crack_check,fpassthru,posix_get_last_error,posix_getlogin,posix_getgroups,posix_strerror,posix_getrlimit,posix_getpgrp,posix_getgrnam,pos,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/unilinki/public_html/payroll/admin/ |
Upload File : |
<?php session_start(); if($_SESSION['branch']!='') { $comp=$_SESSION['branch']; }else{ $comp=$_POST['comp']; } require_once("../include/db.php"); $obj=new query_execution(); date_default_timezone_set('UTC'); $sysdate=date("Y/m/d h:i:s"); $stdate1=date("l, d F Y"); $stdate2=date("d/m/Y h:i:s"); $uid=md5(uniqid(rand())); if(isset($_POST['admin_login'])) { $res=$obj->execute("select * from admin where admin_name='$_POST[txt_username]' and admin_password='$_POST[txt_password]' limit 0,1"); if($obj->number_rows($res)>0) { $row=$obj->fetch($res); $_SESSION['admin_id']=$row['admin_id']; $_SESSION['admin_name']=$row['admin_name']; $obj->redirect("home.php"); } else { $obj->redirect("index.php?action=invalid"); } } else if(isset($_POST['btn_forget_password'])) { if($_POST['action']="password") { $res_user=$obj->execute("select admin_password ,admin_email ,admin_name from admin where admin_name='$_POST[name]'"); $sub="Password"; } $num_user=$obj->number_rows($res_user); if($num_user>0) { $row_user=$obj->featch($res_user); $password=$row_user[0]; $from="info@zuzuboutique.com"; $subject="Forgot ".$sub; $message="Dear $row_user[admin_name] , <br><br> Your $sub : $password"; send_mail($row_user['admin_email'],$from,$subject,$message); $tag="Your $sub sent to your e-mail address."; } else { $tag="Invalid Details."; } $obj->redirect("forget-password.php?tag=$tag"); } else if($_GET['action']=="add") { // Add Branches if(isset($_POST['branch_submit'])) { $sql_branch=mysql_query("select * from companies where name='".$_POST['name']."'") or die(mysql_error()); $tot_branch=mysql_num_rows($sql_branch); if($tot_branch=='0'){ if($obj->execute("insert into companies(name,address,city,state,country,mno1,mno2,email,added_date,over_time,status) values('".$_POST['name']."','".$_POST['add']."','".$_POST['city']."','".$_POST['state']."','".$_POST['country']."', '".$_POST['mno1']."','".$_POST['mno2']."','".$_POST['email']."',NOW(),'".$_POST['over_time']."','".$_POST['status']."')")) { $obj->redirect("manage_branches.php?action=add"); }else{ $obj->redirect("manage_branches.php?action=notadd"); } }else{ $obj->redirect("manage_branches.php?action=duplicate"); } } ///////////////////////////////////////////////////////////////////////// //Add Allowances elseif(isset($_POST['allowances_submit'])) { $sql_allowances=mysql_query("select * from allowance where name='".$_POST['name']."' && branch='$comp'") or die(mysql_error()); $tot_allowances=mysql_num_rows($sql_allowances); if($tot_allowances=='0'){ if($obj->execute("insert into allowance(branch,name,type,value) values('$comp','".$_POST['name']."','".$_POST['type']."','".$_POST['value']."')")) { $obj->redirect("manage_allowance.php?action=add"); }else{ $obj->redirect("manage_allowance.php?action=notadd"); } }else{ $obj->redirect("manage_allowance.php?action=duplicate"); } } /////////////////////////////////////////////////////////////////////////////// //Add Deduction elseif(isset($_POST['deductions_submit'])) { $sql_deduction=mysql_query("select * from deduction where name='".$_POST['name']."' && branch='$comp'") or die(mysql_error()); $tot_deduction=mysql_num_rows($sql_deduction); if($tot_deduction=='0'){ if($obj->execute("insert into deduction(branch,name,type,value) values('$comp','".$_POST['name']."','".$_POST['type']."','".$_POST['value']."')")) { $obj->redirect("manage_deduction.php?action=add"); }else{ $obj->redirect("manage_deduction.php?action=notadd"); } }else{ $obj->redirect("manage_deduction.php?action=duplicate"); } } /////////////////////////////////////////////////////////////////////////////// ///Add Employee elseif(isset($_POST['employee_submit'])){ $doj=explode(".",$_POST['d_o_j']); $doj1=$doj[2].".".$doj[1].".".$doj[0] ; $sql_employee=mysql_query("select * from employee where id='".$_POST['id']."'") or die(mysql_error()); $tot_employee=mysql_num_rows($sql_employee); if($tot_employee=='0'){ foreach ($_POST['allowance'] as $selected) { $f= mysql_query("insert into e_allowance (id,name)value('$id','$selected')"); } foreach ($_POST['deduction'] as $selected1) { $f= mysql_query("insert into e_deduction (id,name)value('$id','$selected1')"); } if($obj->execute("insert into employee(name,company,designation,d_o_J,d_o_J1,qualification,b_salary,emailid,phone_number,allowance,deduction,id,password,fname,dob,pf,pca,esi,status,area,hra,da,conv,sallow,wash,bank,bank_no,ifsc,added_date,d_o_l,r_name,aadhar_card_num,pancard_num) values('".$_POST['name']."','$comp','".$_POST['designation']."','".$_POST['d_o_j']."','".$doj1."','".$_POST['qual']."','".$_POST['basic']."', '".$_POST['useremail']."','".$_POST['phone_number']."','','','".$_POST['id']."','".$_POST['password']."','".$_POST['fname']."','".$_POST['dob']."','".$_POST['pf']."', '".$_POST['pca']."','".$_POST['esi']."','".$_POST['status']."','".$_POST['area']."','".$_POST['hra']."' ,'".$_POST['da']."','".$_POST['conv']."','".$_POST['sallow']."', '".$_POST['wash']."','".$_POST['bank']."','".$_POST['acnt']."','".$_POST['ifsc']."',NOW(),'".$_POST['d_o_l']."','".$_POST['r_name']."','".$_POST['aadhar_card_num']."', '".$_POST['pancard_num']."')") ) { $obj->redirect("manage_employee.php?action=add"); }else{ $obj->redirect("manage_employee.php?action=notadd"); } }else{ $obj->redirect("manage_employee.php?action=duplicate"); } } /////////////////////////////////////////////////////////////////////////////// elseif(isset($_POST['role_resources_submit'])){ $sql_api=mysql_query("select * from role_resources where role_resources_name='".$_POST['role_resources_name']."'") or die(mysql_error()); $tot_api=mysql_num_rows($sql_api); if($tot_api=='0'){ if($obj->execute("insert into role_resources(role_resources_name,role_resources_status) values('".$_POST['role_resources_name']."','".$_POST['status']."')")) { $obj->redirect("manage_role_resources.php?action=add"); }else{ $obj->redirect("manage_role_resources.php?action=notadd"); } }else{ $obj->redirect("manage_role_resources.php?action=duplicate"); } }elseif(isset($_POST['user_submit'])){ $sql_api=mysql_query("select * from admin where username='".$_POST['username']."'") or die(mysql_error()); $tot_api=mysql_num_rows($sql_api); if($tot_api=='0'){ if($obj->execute("insert into admin(username,first_name,last_name,useremail,password,roleid,status,classid) values ('".$_POST['username']."','".$_POST['first_name']."','".$_POST['last_name']."','".$_POST['useremail']."','".$_POST['password']."','".$_POST['rolename']."','".$_POST['status']."','".$_POST['class']."')")) { $obj->redirect("manage_user.php?action=add"); }else{ $obj->redirect("manage_user.php?action=notadd"); } }else{ $obj->redirect("manage_user.php?action=duplicate"); } } elseif(isset($_POST['role_submit'])){ if($_POST['resources_access']=='All'){ $sql_role=mysql_query("select * from roles where role_name='".$_POST['role_name']."' and resources_access='".$_POST['resources_access']."'") or die(mysql_error()); $tot_role=mysql_num_rows($sql_role); if($tot_role=='0'){ $obj->execute("insert into roles(role_name,role_resources_id,resources_access) values ('".$_POST['role_name']."','','".$_POST['resources_access']."')"); } }else{ $role_res=$_POST['role_res']; for($i=0;$i<count($role_res);$i++){ $sql_role=mysql_query("select * from roles where role_name='".$_POST['role_name']."' and role_resources_id='".$role_res[$i]."'") or die(mysql_error()); $tot_role=mysql_num_rows($sql_role); if($tot_role=='0'){ $obj->execute("insert into roles(role_name,role_resources_id,resources_access) values ('".$_POST['role_name']."','".$role_res[$i]."','".$_POST['resources_access']."')"); } } } if($tot_role=='0'){ $obj->redirect("manage_role.php?action=add"); }else{ $obj->redirect("manage_role.php?action=duplicate"); } } else if(isset($_REQUEST['aboutus_submit'])) { $res2=$obj->execute("SELECT * FROM site_content where page_name ='manage_aboutus.php'"); $tot_rec=$obj->number_rows($res2); if($tot_rec=='0'){ $obj->execute("insert into site_content(page_name,page_description,date_added,update_added) values ('".$_REQUEST['page_name']."','".addslashes($_POST['pr_description'])."','".$sysdate."','".$sysdate."')"); $obj->redirect("manage_aboutus.php?action=add"); } } } ///Functions for UPDATE else if($_GET['action']=="update") { //Update Branches if(isset($_POST['branch_submit_update'])) { $sql_cat=mysql_query("select * from companies where sno<>'".$_POST['sno']."' and name='".$_POST['name']."' ") or die(mysql_error()); $tot_cat=mysql_num_rows($sql_cat); if($tot_cat=='0'){ $query="update companies set name='".$_POST['name']."',address='".$_POST['add']."',city='".$_POST['city']."',state='".$_POST['state']."', country='".$_POST['country']."',mno1='".$_POST['mno1']."',mno2='".$_POST['mno2']."',email='".$_POST['email']."', over_time='".$_POST['over_time']."',status='".$_POST['status']."' where sno='".$_POST['sno']."'"; if($obj->execute($query)) { $obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=update"); }else{ $obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=notupdate"); } }else{ $obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=duplicate"); } } ///////////////////////////////////////////////////////////////////////////////////////////////////////////////// //Update Allowances else if(isset($_POST['allowances_submit_update'])) { $sql_cat=mysql_query("select * from allowance where sno<>'".$_POST['sno']."' and name='".$_POST['name']."'") or die(mysql_error()); $tot_cat=mysql_num_rows($sql_cat); if($tot_cat=='0'){ $query="update allowance set branch='$comp', name='".$_POST['name']."' ,type='".$_POST['type']."', value='".$_POST['value']."' where sno='".$_POST['sno']."'"; if($obj->execute($query)) { $obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=update"); }else{ $obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=notupdate"); } }else{ $obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=duplicate"); } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //Update Deduction else if(isset($_POST['deductions_submit_update'])) { $sql_cat=mysql_query("select * from deduction where sno<>'".$_POST['sno']."' and name='".$_POST['name']."'") or die(mysql_error()); $tot_cat=mysql_num_rows($sql_cat); if($tot_cat=='0'){ $query="update deduction set branch='$comp',name='".$_POST['name']."' ,type='".$_POST['type']."', value='".$_POST['value']."' where sno='".$_POST['sno']."'"; if($obj->execute($query)) { $obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=update"); }else{ $obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=notupdate"); } }else{ $obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=duplicate"); } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //Update Employee else if(isset($_POST['employee_submit_update'])) { $doj=$_POST['d_o_j']; $doj1=explode(".",$doj); $doj1=$doj1[2].".".$doj1[1].".".$doj1[0] ; $sql_cat=mysql_query("select * from employee where sno='".$_POST['sno']."'") or die(mysql_error()); $u=mysql_fetch_array($sql_cat); $uuid=$u['id']; $tot_cat=mysql_num_rows($sql_cat); if($tot_cat=='1'){ $d_allow=mysql_query("delete from e_allowance where id='".$_POST['id']."'"); $d_deduction=mysql_query("delete from e_deduction where id='".$_POST['id']."'"); foreach ($_POST['allowancee'] as $selected) { $f= mysql_query("insert into e_allowance (id,name)value('$id1','$selected')"); } foreach ($_POST['deductionn'] as $selected1) { $f= mysql_query("insert into e_deduction (id,name)value('$id1','$selected1')"); } $query="update employee set company='$comp', password='".$_POST['password']."', name='".$_POST['name']."', fname='".$_POST['fname']."', designation='".$_POST['designation']."', d_o_J='".$doj."', d_o_J1='".$doj1."', qualification='".$_POST['qual']."', b_salary='".$_POST['basic']."', emailid='".$_POST['useremail']."', phone_number='".$_POST['phone_number']."', dob='".$_POST['dob']."', status='".$_POST['status']."', id='".$_POST['id']."', hra='".$_POST['hra']."' , da='".$_POST['da']."', conv='".$_POST['conv']."', sallow='".$_POST['sallow']."', wash='".$_POST['wash']."', bank='".$_POST['bank']."', bank_no='".$_POST['acnt']."', ifsc='".$_POST['ifsc']."', area='".$_POST['area']."', pf='".$_POST['id']."', pca='".$_POST['pca']."', esi='".$_POST['esi']."', r_name='".$_POST['r_name']."', aadhar_card_num='".$_POST['aadhar_card_num']."', pancard_num='".$_POST['pancard_num']."', d_o_l='".$_POST['d_o_l']."' where sno='".$_POST['sno']."'"; if($obj->execute($query)) { if($uuid!==$_POST['id']) { $msg="Your latest user id is:".$_POST['id']; mail($_POST['useremail'], "Concord Logistics User id changed", $msg); } $obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=update&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid); }else{ $obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=notupdate&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid); } }else{ $obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=duplicate&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid); } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// elseif(isset($_POST['role_resources_submit_update'])){ $sql_api=mysql_query("select * from role_resources where role_resources_id<>'".$_POST['rrid']."' and role_resources_name='".$_POST['role_resources_name']."'") or die(mysql_error()); $tot_api=mysql_num_rows($sql_api); if($tot_api=='0'){ $query="update role_resources set role_resources_name='".$_POST['role_resources_name']."',role_resources_status ='".$_REQUEST['status']."' where role_resources_id='".$_POST['rrid']."'"; if($obj->execute($query)) { $obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=update"); }else{ $obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=notupdate"); } }else{ $obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=duplicate"); } } elseif(isset($_POST['role_submit_update'])){ if($_POST['resources_access']=='All'){ $sql_role=mysql_query("select * from roles where roleid<>'".$_POST['roleid']."' and role_name='".$_POST['role_name']."' and resources_access='".$_POST['resources_access']."'") or die(mysql_error()); $tot_role=mysql_num_rows($sql_role); if($tot_role=='0'){ $obj->execute("update roles set role_name='".$_POST['role_name']."',role_resources_id='',resources_access='".$_POST['resources_access']."' where roleid='".$_POST['roleid']."'"); } }else{ $role_res=$_POST['role_res']; for($i=0;$i<count($role_res);$i++){ $sql_role=mysql_query("select * from roles where role_name='".$_POST['role_name']."' and role_resources_id='".$role_res[$i]."'") or die(mysql_error()); $tot_role=mysql_num_rows($sql_role); if($tot_role=='0'){ $obj->execute("update roles set role_name='".$_POST['role_name']."',role_resources_id='".$role_res[$i]."', resources_access='".$_POST['resources_access']."' where roleid='".$_POST['roleid']."'"); } } } if($tot_role=='0'){ $obj->redirect("manage_role.php?action=add"); }else{ $obj->redirect("manage_role.php?action=duplicate"); } } else if(isset($_POST['user_submit_update'])){ if($_POST['password']!=''){ $sql_api=mysql_query("select * from admin where admin_id<>'".$_POST['aid']."' and username='".$_POST['username']."'") or die(mysql_error()); $tot_api=mysql_num_rows($sql_api); if($tot_api=='0'){ $query="update admin set username='".$_POST['username']."',first_name ='".$_REQUEST['first_name']."',last_name='".$_POST['last_name']."', useremail='".$_POST['useremail']."',password='".$_POST['password']."',status='".$_POST['status']."' where admin_id='".$_POST['aid']."'"; }else{ $obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=duplicate"); } }else{ $sql_api=mysql_query("select * from admin where admin_id<>'".$_POST['aid']."' and username='".$_POST['username']."'") or die(mysql_error()); $tot_api=mysql_num_rows($sql_api); if($tot_api=='0'){ $query="update admin set first_name ='".$_REQUEST['first_name']."',last_name='".$_POST['last_name']."', password='".$_POST['password']."',useremail='".$_POST['useremail']."',status='".$_POST['status']."' where admin_id='".$_POST['aid']."'"; }else{ $obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=duplicate"); } } if($obj->execute($query)) { $obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=update"); }else{ $obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=notupdate"); } } else if(isset($_POST['btn_editusers'])) { $res=$obj->execute("update admin set admin_name='$_POST[admin_name]',admin_email='$_POST[admin_email]',admin_password='$_POST[admin_password]' where admin_id='$_SESSION[admin_id]'"); if($res){ $obj->redirect("profile.php?page=".$_REQUEST['page']."&action=update"); }else{ $obj->redirect("profile.php?page=".$_REQUEST['page']."&action=notupdate"); } } else if(isset($_POST['aboutus_submit_update'])) { $obj->execute ("UPDATE site_content SET page_description = '".trim(addslashes($_POST['pr_description']))."', update_added = '".$sysdate."' WHERE page_name = 'manage_aboutus.php'"); $obj->redirect("manage_aboutus.php?action=update"); } } elseif($_GET['action']=="mail") { $admin = $obj->featch($obj->execute("SELECT * FROM admin")); $to = $admin['admin_email']; $from = $_POST['email']; $_POST['email'] = (empty($_POST['email']) ? '--' : $_POST['email']); $_POST['firstname'] = (empty($_POST['firstname']) ? '--' : $_POST['firstname']); $_POST['Order'] = (empty($_POST['Order']) ? '--' : $_POST['Order']); $_POST['reason'] = (empty($_POST['reason']) ? '--' : $_POST['reason']); $_POST['message'] = (empty($_POST['message']) ? '--' : $_POST['message']); $message = <<<STR E-mail: {$_POST['email']}."<br>" First Name: {$_POST['firstname']}."<br>" Order: {$_POST['Order']}."<br>" Reason: {$_POST['reason']}."<br>" Message: {$_POST['message']} STR; $subject = 'Message from ' . $_POST['firstname']; if(send_mail($to,$from,$subject,$message)) { $_SESSION['message']="Mail Sent Successfully..."; $obj->redirect("index.php"); } $_SESSION['message']="Mail not sent. Please try again..."; $obj->redirect("index.php"); } ?>