| Server IP : 108.163.255.210 / Your IP : 3.141.192.174 Web Server : Apache System : Linux blossom.urlnameserver.com 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64 User : ( 1172) PHP Version : 7.2.34 Disable Function : eval,escapeshellarg,proc_close,proc_get_status,proc_nice,proc_open,symlink,system,pcntl_exec,getrusage,chown,chgp,closelog,openlog,syslog,define_syslog_variables,php_ini_loaded_file,getservbyname,getservbyport,posix_getgid,posix_getgrgid,proc_terminate,pfsockopen,apache_child_terminate,posix_mkfifo,posix_setpgid,posix_setuid,hypot,pg_host,pos,posix_access,posix_getcwd,posix_getservbyname,myshellexec,getpid,posix_getsid,posix_isatty,posix_kill,posix_mknod,posix_setgid,posix_setsid,posix_setuid,posix_times,posix_uname,ps_fill,posix_getpwuid,global,ini_restore,zip_open,zip_read,rar_open,bzopen,bzread,bzwrite,apache_get_modules,apache_get_version,phpversionphpinfo,php_ini_scanned_files,get_current_user,disk_total_space,diskfreespace,leak,imap_list,hypo,filedump,safe_mode,getmygid,apache_getenv,apache_setenv,bzread,bzwrite,bzopen,phpini,higlight_file,dos_conv,get_cwd,er_log,cmd,e_name,vdir,get_dir,only_read,ftok,ftpexec,posix_getpwnam,mysql_list_dbs,disk_free_space,session_save_path,confirm_phpdoc_compiled,zip_entry_rea,php_u,psockopen,crack_opendict,crack_getlastmessage,crack_closedict,crack_check,fpassthru,posix_get_last_error,posix_getlogin,posix_getgroups,posix_strerror,posix_getrlimit,posix_getpgrp,posix_getgrnam,pos,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/unilinki/www/payroll/admin/ |
Upload File : |
<?php
session_start();
if($_SESSION['branch']!='')
{
$comp=$_SESSION['branch'];
}else{
$comp=$_POST['comp'];
}
require_once("../include/db.php");
$obj=new query_execution();
date_default_timezone_set('UTC');
$sysdate=date("Y/m/d h:i:s");
$stdate1=date("l, d F Y");
$stdate2=date("d/m/Y h:i:s");
$uid=md5(uniqid(rand()));
if(isset($_POST['admin_login']))
{
$res=$obj->execute("select * from admin where admin_name='$_POST[txt_username]' and admin_password='$_POST[txt_password]' limit 0,1");
if($obj->number_rows($res)>0)
{
$row=$obj->fetch($res);
$_SESSION['admin_id']=$row['admin_id'];
$_SESSION['admin_name']=$row['admin_name'];
$obj->redirect("home.php");
}
else
{
$obj->redirect("index.php?action=invalid");
}
}
else if(isset($_POST['btn_forget_password']))
{
if($_POST['action']="password")
{
$res_user=$obj->execute("select admin_password ,admin_email ,admin_name from admin where admin_name='$_POST[name]'");
$sub="Password";
}
$num_user=$obj->number_rows($res_user);
if($num_user>0)
{
$row_user=$obj->featch($res_user);
$password=$row_user[0];
$from="info@zuzuboutique.com";
$subject="Forgot ".$sub;
$message="Dear $row_user[admin_name] ,
<br><br>
Your $sub : $password";
send_mail($row_user['admin_email'],$from,$subject,$message);
$tag="Your $sub sent to your e-mail address.";
}
else
{
$tag="Invalid Details.";
}
$obj->redirect("forget-password.php?tag=$tag");
}
else if($_GET['action']=="add")
{
// Add Branches
if(isset($_POST['branch_submit']))
{
$sql_branch=mysql_query("select * from companies where name='".$_POST['name']."'") or die(mysql_error());
$tot_branch=mysql_num_rows($sql_branch);
if($tot_branch=='0'){
if($obj->execute("insert into companies(name,address,city,state,country,mno1,mno2,email,added_date,over_time,status)
values('".$_POST['name']."','".$_POST['add']."','".$_POST['city']."','".$_POST['state']."','".$_POST['country']."',
'".$_POST['mno1']."','".$_POST['mno2']."','".$_POST['email']."',NOW(),'".$_POST['over_time']."','".$_POST['status']."')"))
{
$obj->redirect("manage_branches.php?action=add");
}else{
$obj->redirect("manage_branches.php?action=notadd");
}
}else{
$obj->redirect("manage_branches.php?action=duplicate");
}
}
/////////////////////////////////////////////////////////////////////////
//Add Allowances
elseif(isset($_POST['allowances_submit']))
{
$sql_allowances=mysql_query("select * from allowance where name='".$_POST['name']."' && branch='$comp'") or die(mysql_error());
$tot_allowances=mysql_num_rows($sql_allowances);
if($tot_allowances=='0'){
if($obj->execute("insert into allowance(branch,name,type,value)
values('$comp','".$_POST['name']."','".$_POST['type']."','".$_POST['value']."')"))
{
$obj->redirect("manage_allowance.php?action=add");
}else{
$obj->redirect("manage_allowance.php?action=notadd");
}
}else{
$obj->redirect("manage_allowance.php?action=duplicate");
}
}
///////////////////////////////////////////////////////////////////////////////
//Add Deduction
elseif(isset($_POST['deductions_submit']))
{
$sql_deduction=mysql_query("select * from deduction where name='".$_POST['name']."' && branch='$comp'") or die(mysql_error());
$tot_deduction=mysql_num_rows($sql_deduction);
if($tot_deduction=='0'){
if($obj->execute("insert into deduction(branch,name,type,value)
values('$comp','".$_POST['name']."','".$_POST['type']."','".$_POST['value']."')"))
{
$obj->redirect("manage_deduction.php?action=add");
}else{
$obj->redirect("manage_deduction.php?action=notadd");
}
}else{
$obj->redirect("manage_deduction.php?action=duplicate");
}
}
///////////////////////////////////////////////////////////////////////////////
///Add Employee
elseif(isset($_POST['employee_submit'])){
$doj=explode(".",$_POST['d_o_j']);
$doj1=$doj[2].".".$doj[1].".".$doj[0] ;
$sql_employee=mysql_query("select * from employee where id='".$_POST['id']."'") or die(mysql_error());
$tot_employee=mysql_num_rows($sql_employee);
if($tot_employee=='0'){
foreach ($_POST['allowance'] as $selected) {
$f= mysql_query("insert into e_allowance (id,name)value('$id','$selected')");
}
foreach ($_POST['deduction'] as $selected1) {
$f= mysql_query("insert into e_deduction (id,name)value('$id','$selected1')");
}
if($obj->execute("insert into employee(name,company,designation,d_o_J,d_o_J1,qualification,b_salary,emailid,phone_number,allowance,deduction,id,password,fname,dob,pf,pca,esi,status,area,hra,da,conv,sallow,wash,bank,bank_no,ifsc,added_date,d_o_l,r_name,aadhar_card_num,pancard_num)
values('".$_POST['name']."','$comp','".$_POST['designation']."','".$_POST['d_o_j']."','".$doj1."','".$_POST['qual']."','".$_POST['basic']."',
'".$_POST['useremail']."','".$_POST['phone_number']."','','','".$_POST['id']."','".$_POST['password']."','".$_POST['fname']."','".$_POST['dob']."','".$_POST['pf']."',
'".$_POST['pca']."','".$_POST['esi']."','".$_POST['status']."','".$_POST['area']."','".$_POST['hra']."' ,'".$_POST['da']."','".$_POST['conv']."','".$_POST['sallow']."',
'".$_POST['wash']."','".$_POST['bank']."','".$_POST['acnt']."','".$_POST['ifsc']."',NOW(),'".$_POST['d_o_l']."','".$_POST['r_name']."','".$_POST['aadhar_card_num']."',
'".$_POST['pancard_num']."')")
)
{
$obj->redirect("manage_employee.php?action=add");
}else{
$obj->redirect("manage_employee.php?action=notadd");
}
}else{
$obj->redirect("manage_employee.php?action=duplicate");
}
}
///////////////////////////////////////////////////////////////////////////////
elseif(isset($_POST['role_resources_submit'])){
$sql_api=mysql_query("select * from role_resources where role_resources_name='".$_POST['role_resources_name']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
if($obj->execute("insert into role_resources(role_resources_name,role_resources_status) values('".$_POST['role_resources_name']."','".$_POST['status']."')"))
{
$obj->redirect("manage_role_resources.php?action=add");
}else{
$obj->redirect("manage_role_resources.php?action=notadd");
}
}else{
$obj->redirect("manage_role_resources.php?action=duplicate");
}
}elseif(isset($_POST['user_submit'])){
$sql_api=mysql_query("select * from admin where username='".$_POST['username']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
if($obj->execute("insert into admin(username,first_name,last_name,useremail,password,roleid,status,classid)
values
('".$_POST['username']."','".$_POST['first_name']."','".$_POST['last_name']."','".$_POST['useremail']."','".$_POST['password']."','".$_POST['rolename']."','".$_POST['status']."','".$_POST['class']."')"))
{
$obj->redirect("manage_user.php?action=add");
}else{
$obj->redirect("manage_user.php?action=notadd");
}
}else{
$obj->redirect("manage_user.php?action=duplicate");
}
}
elseif(isset($_POST['role_submit'])){
if($_POST['resources_access']=='All'){
$sql_role=mysql_query("select * from roles where role_name='".$_POST['role_name']."' and resources_access='".$_POST['resources_access']."'") or die(mysql_error());
$tot_role=mysql_num_rows($sql_role);
if($tot_role=='0'){
$obj->execute("insert into roles(role_name,role_resources_id,resources_access)
values
('".$_POST['role_name']."','','".$_POST['resources_access']."')");
}
}else{
$role_res=$_POST['role_res'];
for($i=0;$i<count($role_res);$i++){
$sql_role=mysql_query("select * from roles where role_name='".$_POST['role_name']."' and role_resources_id='".$role_res[$i]."'") or die(mysql_error());
$tot_role=mysql_num_rows($sql_role);
if($tot_role=='0'){
$obj->execute("insert into roles(role_name,role_resources_id,resources_access)
values
('".$_POST['role_name']."','".$role_res[$i]."','".$_POST['resources_access']."')");
}
}
}
if($tot_role=='0'){
$obj->redirect("manage_role.php?action=add");
}else{
$obj->redirect("manage_role.php?action=duplicate");
}
}
else if(isset($_REQUEST['aboutus_submit']))
{
$res2=$obj->execute("SELECT * FROM site_content where page_name ='manage_aboutus.php'");
$tot_rec=$obj->number_rows($res2);
if($tot_rec=='0'){
$obj->execute("insert into site_content(page_name,page_description,date_added,update_added)
values
('".$_REQUEST['page_name']."','".addslashes($_POST['pr_description'])."','".$sysdate."','".$sysdate."')");
$obj->redirect("manage_aboutus.php?action=add");
}
}
}
///Functions for UPDATE
else if($_GET['action']=="update")
{
//Update Branches
if(isset($_POST['branch_submit_update']))
{
$sql_cat=mysql_query("select * from companies where sno<>'".$_POST['sno']."' and name='".$_POST['name']."' ") or die(mysql_error());
$tot_cat=mysql_num_rows($sql_cat);
if($tot_cat=='0'){
$query="update companies set name='".$_POST['name']."',address='".$_POST['add']."',city='".$_POST['city']."',state='".$_POST['state']."',
country='".$_POST['country']."',mno1='".$_POST['mno1']."',mno2='".$_POST['mno2']."',email='".$_POST['email']."',
over_time='".$_POST['over_time']."',status='".$_POST['status']."' where sno='".$_POST['sno']."'";
if($obj->execute($query))
{
$obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_branches.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Update Allowances
else if(isset($_POST['allowances_submit_update']))
{
$sql_cat=mysql_query("select * from allowance where sno<>'".$_POST['sno']."' and name='".$_POST['name']."'") or die(mysql_error());
$tot_cat=mysql_num_rows($sql_cat);
if($tot_cat=='0'){
$query="update allowance set branch='$comp', name='".$_POST['name']."' ,type='".$_POST['type']."',
value='".$_POST['value']."' where sno='".$_POST['sno']."'";
if($obj->execute($query))
{
$obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_allowance.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Update Deduction
else if(isset($_POST['deductions_submit_update']))
{
$sql_cat=mysql_query("select * from deduction where sno<>'".$_POST['sno']."' and name='".$_POST['name']."'") or die(mysql_error());
$tot_cat=mysql_num_rows($sql_cat);
if($tot_cat=='0'){
$query="update deduction set branch='$comp',name='".$_POST['name']."' ,type='".$_POST['type']."',
value='".$_POST['value']."' where sno='".$_POST['sno']."'";
if($obj->execute($query))
{
$obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_deduction.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Update Employee
else if(isset($_POST['employee_submit_update']))
{
$doj=$_POST['d_o_j'];
$doj1=explode(".",$doj);
$doj1=$doj1[2].".".$doj1[1].".".$doj1[0] ;
$sql_cat=mysql_query("select * from employee where sno='".$_POST['sno']."'") or die(mysql_error());
$u=mysql_fetch_array($sql_cat);
$uuid=$u['id'];
$tot_cat=mysql_num_rows($sql_cat);
if($tot_cat=='1'){
$d_allow=mysql_query("delete from e_allowance where id='".$_POST['id']."'");
$d_deduction=mysql_query("delete from e_deduction where id='".$_POST['id']."'");
foreach ($_POST['allowancee'] as $selected) {
$f= mysql_query("insert into e_allowance (id,name)value('$id1','$selected')");
}
foreach ($_POST['deductionn'] as $selected1) {
$f= mysql_query("insert into e_deduction (id,name)value('$id1','$selected1')");
}
$query="update employee set
company='$comp',
password='".$_POST['password']."',
name='".$_POST['name']."',
fname='".$_POST['fname']."',
designation='".$_POST['designation']."',
d_o_J='".$doj."',
d_o_J1='".$doj1."',
qualification='".$_POST['qual']."',
b_salary='".$_POST['basic']."',
emailid='".$_POST['useremail']."',
phone_number='".$_POST['phone_number']."',
dob='".$_POST['dob']."',
status='".$_POST['status']."',
id='".$_POST['id']."',
hra='".$_POST['hra']."' ,
da='".$_POST['da']."',
conv='".$_POST['conv']."',
sallow='".$_POST['sallow']."',
wash='".$_POST['wash']."',
bank='".$_POST['bank']."',
bank_no='".$_POST['acnt']."',
ifsc='".$_POST['ifsc']."',
area='".$_POST['area']."',
pf='".$_POST['id']."',
pca='".$_POST['pca']."',
esi='".$_POST['esi']."',
r_name='".$_POST['r_name']."',
aadhar_card_num='".$_POST['aadhar_card_num']."',
pancard_num='".$_POST['pancard_num']."',
d_o_l='".$_POST['d_o_l']."' where sno='".$_POST['sno']."'";
if($obj->execute($query))
{
if($uuid!==$_POST['id'])
{
$msg="Your latest user id is:".$_POST['id'];
mail($_POST['useremail'], "Concord Logistics User id changed", $msg);
}
$obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=update&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid);
}else{
$obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=notupdate&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid);
}
}else{
$obj->redirect("manage_employee.php?page=".$_REQUEST['page']."&action=duplicate&search_branch=".$_POST['search_branch']."&search_name=".$_POST['search_name']."&uid=".$uid);
}
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
elseif(isset($_POST['role_resources_submit_update'])){
$sql_api=mysql_query("select * from role_resources where role_resources_id<>'".$_POST['rrid']."' and role_resources_name='".$_POST['role_resources_name']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
$query="update role_resources set role_resources_name='".$_POST['role_resources_name']."',role_resources_status ='".$_REQUEST['status']."' where role_resources_id='".$_POST['rrid']."'";
if($obj->execute($query))
{
$obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['role_submit_update'])){
if($_POST['resources_access']=='All'){
$sql_role=mysql_query("select * from roles where roleid<>'".$_POST['roleid']."' and role_name='".$_POST['role_name']."' and resources_access='".$_POST['resources_access']."'") or die(mysql_error());
$tot_role=mysql_num_rows($sql_role);
if($tot_role=='0'){
$obj->execute("update roles set role_name='".$_POST['role_name']."',role_resources_id='',resources_access='".$_POST['resources_access']."'
where roleid='".$_POST['roleid']."'");
}
}else{
$role_res=$_POST['role_res'];
for($i=0;$i<count($role_res);$i++){
$sql_role=mysql_query("select * from roles where role_name='".$_POST['role_name']."' and role_resources_id='".$role_res[$i]."'") or die(mysql_error());
$tot_role=mysql_num_rows($sql_role);
if($tot_role=='0'){
$obj->execute("update roles set role_name='".$_POST['role_name']."',role_resources_id='".$role_res[$i]."',
resources_access='".$_POST['resources_access']."' where roleid='".$_POST['roleid']."'");
}
}
}
if($tot_role=='0'){
$obj->redirect("manage_role.php?action=add");
}else{
$obj->redirect("manage_role.php?action=duplicate");
}
}
else if(isset($_POST['user_submit_update'])){
if($_POST['password']!=''){
$sql_api=mysql_query("select * from admin where admin_id<>'".$_POST['aid']."' and username='".$_POST['username']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
$query="update admin set username='".$_POST['username']."',first_name ='".$_REQUEST['first_name']."',last_name='".$_POST['last_name']."',
useremail='".$_POST['useremail']."',password='".$_POST['password']."',status='".$_POST['status']."'
where admin_id='".$_POST['aid']."'";
}else{
$obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=duplicate");
}
}else{
$sql_api=mysql_query("select * from admin where admin_id<>'".$_POST['aid']."' and username='".$_POST['username']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
$query="update admin set first_name ='".$_REQUEST['first_name']."',last_name='".$_POST['last_name']."',
password='".$_POST['password']."',useremail='".$_POST['useremail']."',status='".$_POST['status']."'
where admin_id='".$_POST['aid']."'";
}else{
$obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
if($obj->execute($query))
{
$obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_user.php?page=".$_REQUEST['page']."&action=notupdate");
}
}
else if(isset($_POST['btn_editusers']))
{
$res=$obj->execute("update admin set admin_name='$_POST[admin_name]',admin_email='$_POST[admin_email]',admin_password='$_POST[admin_password]' where admin_id='$_SESSION[admin_id]'");
if($res){
$obj->redirect("profile.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("profile.php?page=".$_REQUEST['page']."&action=notupdate");
}
}
else if(isset($_POST['aboutus_submit_update']))
{
$obj->execute ("UPDATE site_content SET page_description = '".trim(addslashes($_POST['pr_description']))."', update_added = '".$sysdate."' WHERE page_name = 'manage_aboutus.php'");
$obj->redirect("manage_aboutus.php?action=update");
}
}
elseif($_GET['action']=="mail")
{
$admin = $obj->featch($obj->execute("SELECT * FROM admin"));
$to = $admin['admin_email'];
$from = $_POST['email'];
$_POST['email'] = (empty($_POST['email']) ? '--' : $_POST['email']);
$_POST['firstname'] = (empty($_POST['firstname']) ? '--' : $_POST['firstname']);
$_POST['Order'] = (empty($_POST['Order']) ? '--' : $_POST['Order']);
$_POST['reason'] = (empty($_POST['reason']) ? '--' : $_POST['reason']);
$_POST['message'] = (empty($_POST['message']) ? '--' : $_POST['message']);
$message = <<<STR
E-mail: {$_POST['email']}."<br>"
First Name: {$_POST['firstname']}."<br>"
Order: {$_POST['Order']}."<br>"
Reason: {$_POST['reason']}."<br>"
Message:
{$_POST['message']}
STR;
$subject = 'Message from ' . $_POST['firstname'];
if(send_mail($to,$from,$subject,$message))
{
$_SESSION['message']="Mail Sent Successfully...";
$obj->redirect("index.php");
}
$_SESSION['message']="Mail not sent. Please try again...";
$obj->redirect("index.php");
}
?>