| Server IP : 108.163.255.210 / Your IP : 3.138.134.247 Web Server : Apache System : Linux blossom.urlnameserver.com 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64 User : ( 1172) PHP Version : 7.2.34 Disable Function : eval,escapeshellarg,proc_close,proc_get_status,proc_nice,proc_open,symlink,system,pcntl_exec,getrusage,chown,chgp,closelog,openlog,syslog,define_syslog_variables,php_ini_loaded_file,getservbyname,getservbyport,posix_getgid,posix_getgrgid,proc_terminate,pfsockopen,apache_child_terminate,posix_mkfifo,posix_setpgid,posix_setuid,hypot,pg_host,pos,posix_access,posix_getcwd,posix_getservbyname,myshellexec,getpid,posix_getsid,posix_isatty,posix_kill,posix_mknod,posix_setgid,posix_setsid,posix_setuid,posix_times,posix_uname,ps_fill,posix_getpwuid,global,ini_restore,zip_open,zip_read,rar_open,bzopen,bzread,bzwrite,apache_get_modules,apache_get_version,phpversionphpinfo,php_ini_scanned_files,get_current_user,disk_total_space,diskfreespace,leak,imap_list,hypo,filedump,safe_mode,getmygid,apache_getenv,apache_setenv,bzread,bzwrite,bzopen,phpini,higlight_file,dos_conv,get_cwd,er_log,cmd,e_name,vdir,get_dir,only_read,ftok,ftpexec,posix_getpwnam,mysql_list_dbs,disk_free_space,session_save_path,confirm_phpdoc_compiled,zip_entry_rea,php_u,psockopen,crack_opendict,crack_getlastmessage,crack_closedict,crack_check,fpassthru,posix_get_last_error,posix_getlogin,posix_getgroups,posix_strerror,posix_getrlimit,posix_getpgrp,posix_getgrnam,pos,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/unilinki/www/payroll/admin/ |
Upload File : |
<?php
require_once("../include/db.php");
$obj=new query_execution();
date_default_timezone_set('UTC');
$sysdate=date("Y/m/d h:i:s");
$stdate1=date("l, d F Y");
$stdate2=date("d/m/Y h:i:s");
if(isset($_POST['admin_login']))
{
$res=$obj->execute("select * from admin where admin_name='$_POST[txt_username]' and admin_password='$_POST[txt_password]' limit 0,1");
if($obj->number_rows($res)>0)
{
$row=$obj->featch($res);
$_SESSION['admin_id']=$row['admin_id'];
$_SESSION['admin_name']=$row['admin_name'];
$obj->redirect("home.php");
}
else
{
$obj->redirect("index.php?action=invalid");
}
}
else if(isset($_POST['btn_forget_password']))
{
if($_POST['action']="password")
{
$res_user=$obj->execute("select admin_password ,admin_email ,admin_name from admin where admin_name='$_POST[name]'");
$sub="Password";
}
$num_user=$obj->number_rows($res_user);
if($num_user>0)
{
$row_user=$obj->featch($res_user);
$password=$row_user[0];
$from="info@zuzuboutique.com";
$subject="Forgot ".$sub;
$message="Dear $row_user[admin_name] ,
<br><br>
Your $sub : $password";
send_mail($row_user['admin_email'],$from,$subject,$message);
$tag="Your $sub sent to your e-mail address.";
}
else
{
$tag="Invalid Details.";
}
$obj->redirect("forget-password.php?tag=$tag");
}
else if($_GET['action']=="add")
{
// Add Brand
if(isset($_POST['brand_submit']))
{
$sql_cat=mysql_query("select * from brand where brand_name='".$_POST['brand_name']."'") or die(mysql_error());
$tot_cat=mysql_num_rows($sql_cat);
if($tot_cat=='0'){
if($obj->execute("insert into brand(brand_name,brand_description,status)
values('".$_POST['brand_name']."','".$_POST['brand_description']."','".$_POST['status']."')"))
{
$id=$obj->recentID();
$path="images/brand/".$id.$_FILES['brand_image']['name'];
if(uploader($_FILES['brand_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$obj->execute("update brand set brand_image='$path' where brandid='$id'");
}
$obj->redirect("manage_brand.php?action=add");
}else{
$obj->redirect("manage_brand.php?action=notadd");
}
}else{
$obj->redirect("manage_brand.php?action=duplicate");
}
}
elseif(isset($_POST['category_submit']))
{
$sql_cat=mysql_query("select * from category where brandid='".$_POST['brand_name']."' and cat_name='".$_POST['cat_name']."'")
or die(mysql_error());
$tot_cat=mysql_num_rows($sql_cat);
if($tot_cat=='0'){
if($obj->execute("insert into category(brandid,cat_name,cat_description,catstatus)
values('".$_POST['brand_name']."','".$_POST['cat_name']."','".$_POST['cat_description']."','".$_POST['status']."')"))
{
$id=$obj->recentID();
$path="images/category/".$id.$_FILES['cat_image']['name'];
if(uploader($_FILES['cat_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$obj->execute("update category set cat_image='$path' where catid='$id'");
}
$obj->redirect("manage_category.php?action=add");
}else{
$obj->redirect("manage_category.php?action=notadd");
}
}else{
$obj->redirect("manage_category.php?action=duplicate");
}
}
elseif(isset($_POST['subcategory_submit']))
{
$sql_subcat=mysql_query("select * from subcategory where catid='".$_POST['cat_name']."' and subcat_name='".$_POST['subcat_name']."'")
or die(mysql_error());
$tot_subcat=mysql_num_rows($sql_subcat);
if($tot_subcat=='0'){
if($obj->execute("insert into subcategory(subcat_name,subcat_description,catid,order_colm,subcatstatus)
values('".$_POST['subcat_name']."','".$_POST['subcat_description']."','".$_POST['cat_name']."','".$_REQUEST['order_colm']."','".$_REQUEST['status']."')"))
{
$id=$obj->recentID();
$path="images/subcategory/".$id.$_FILES['subcat_image']['name'];
if(uploader($_FILES['subcat_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$obj->execute("update subcategory set subcat_image='$path' where subcatid='$id'");
}
$obj->redirect("manage_subcategory.php?action=add");
}else{
$obj->redirect("manage_subcategory.php?action=notadd");
}
}else{
$obj->redirect("manage_subcategory.php?action=duplicate");
}
}
elseif(isset($_POST['menu_submit'])){
$sql_subcat1=mysql_query("select * from navigation where name='".$_POST['menu_title']."'")
or die(mysql_error());
$tot_subcat1=mysql_num_rows($sql_subcat1);
if($tot_subcat1=='0'){
if($obj->execute("insert into navigation(name,position,status)
values('".$_POST['menu_title']."','".$_POST['position']."','".$_POST['status']."')"))
{
$obj->redirect("manage_menu.php?action=add");
}else{
$obj->redirect("manage_menu.php?action=notadd");
}
}else{
$obj->redirect("manage_menu.php?action=duplicate");
}
}elseif(isset($_POST['submenu_submit'])){
$sql_subcat1=mysql_query("select * from sub_navigation where menuid='".$_POST['menu_name']."' and submenu_name='".$_POST['menu_title']."'")
or die(mysql_error());
$tot_subcat1=mysql_num_rows($sql_subcat1);
if($tot_subcat1=='0'){
if($obj->execute("insert into sub_navigation(menuid,submenu_name,url,submenustatus)
values('".$_POST['menu_name']."','".$_POST['menu_title']."','".$_POST['menu_url']."','".$_POST['status']."')"))
{
$obj->redirect("manage_submenu.php?action=add");
}else{
$obj->redirect("manage_submenu.php?action=notadd");
}
}else{
$obj->redirect("manage_submenu.php?action=duplicate");
}
}elseif(isset($_POST['slider_submit']))
{
$sql_subcat=mysql_query("select * from slider where slider_title='".$_POST['slider_title']."'") or die(mysql_error());
$tot_subcat=mysql_num_rows($sql_subcat);
if($tot_subcat=='0'){
if($obj->execute("insert into slider(slider_title,slider_caption,sort_order,display_page,status)
values('".$_POST['slider_title']."','".$_POST['slider_captions']."','".$_POST['sort_order']."','".$_REQUEST['page_display']."','".$_REQUEST['status']."')"))
{
$id=$obj->recentID();
$path="images/slider/".$id.$_FILES['slider_image']['name'];
if(uploader($_FILES['slider_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$obj->execute("update slider set slider_image='$path' where sliderid='$id'");
}
$obj->redirect("manage_slider.php?action=add");
}else{
$obj->redirect("manage_slider.php?action=notadd");
}
}else{
$obj->redirect("manage_slider.php?action=duplicate");
}
}elseif(isset($_POST['banner_submit']))
{
$sql_subcat=mysql_query("select * from banner where banner_title='".$_POST['banner_title']."'") or die(mysql_error());
$tot_subcat=mysql_num_rows($sql_subcat);
if($tot_subcat=='0'){
if($obj->execute("insert into banner(banner_title,banner_caption,banner_url,sort_order,display_page,status)
values('".$_POST['banner_title']."','".$_POST['banner_caption']."','".$_POST['banner_url']."','".$_POST['sort_order']."','".$_REQUEST['page_display']."','".$_REQUEST['status']."')"))
{
$id=$obj->recentID();
$path="images/banner/".$id.$_FILES['banner_image']['name'];
if(uploader($_FILES['banner_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$obj->execute("update banner set banner_image='$path' where bannerid='$id'");
}
$obj->redirect("manage_banners.php?action=add");
}else{
$obj->redirect("manage_banners.php?action=notadd");
}
}else{
$obj->redirect("manage_banners.php?action=duplicate");
}
}elseif(isset($_POST['api_submit'])){
$sql_api=mysql_query("select * from api_manage where api_title='".$_POST['api_title']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
if($obj->execute("insert into api_manage(api_title,api_description,api_code,status)
values('".$_POST['api_title']."','".$_POST['api_description']."','".$_POST['api_code']."','".$_POST['status']."')"))
{
$obj->redirect("manage_api.php?action=add");
}else{
$obj->redirect("manage_api.php?action=notadd");
}
}else{
$obj->redirect("manage_api.php?action=duplicate");
}
}elseif(isset($_POST['pm_submit'])){
$sql_api=mysql_query("select * from payment_method where paymethod_name='".$_POST['payment_method_name']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
if($obj->execute("insert into payment_method(paymethod_name,status) values('".$_POST['payment_method_name']."','".$_POST['status']."')"))
{
$obj->redirect("manage_payment_method.php?action=add");
}else{
$obj->redirect("manage_payment_method.php?action=notadd");
}
}else{
$obj->redirect("manage_payment_method.php?action=duplicate");
}
}
elseif(isset($_POST['role_resources_submit'])){
$sql_api=mysql_query("select * from role_resources where role_resources_name='".$_POST['role_resources_name']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
if($obj->execute("insert into role_resources(role_resources_name,role_resources_status) values('".$_POST['role_resources_name']."','".$_POST['status']."')"))
{
$obj->redirect("manage_role_resources.php?action=add");
}else{
$obj->redirect("manage_role_resources.php?action=notadd");
}
}else{
$obj->redirect("manage_role_resources.php?action=duplicate");
}
}elseif(isset($_POST['user_submit'])){
$sql_api=mysql_query("select * from admin where username='".$_POST['username']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
if($obj->execute("insert into admin(username,first_name,last_name,useremail,status) values('".$_POST['role_resources_name']."','".$_POST['status']."')"))
{
$obj->redirect("manage_role_resources.php?action=add");
}else{
$obj->redirect("manage_role_resources.php?action=notadd");
}
}else{
$obj->redirect("manage_role_resources.php?action=duplicate");
}
}
elseif(isset($_POST['role_submit'])){
$sql_api=mysql_query("select * from admin where username='".$_POST['username']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
if($obj->execute("insert into admin(username,first_name,last_name,useremail,status) values('".$_POST['role_resources_name']."','".$_POST['status']."')"))
{
$obj->redirect("manage_role_resources.php?action=add");
}else{
$obj->redirect("manage_role_resources.php?action=notadd");
}
}else{
$obj->redirect("manage_role_resources.php?action=duplicate");
}
}
elseif(isset($_POST['item_submit']))
{
if($obj->execute("insert into items(subproduct_id,product_id,design_id,progroup_id,procatgroup_id,chid,vsid,
item_code,product_design_name,item_title,model_no,htid,item_price1,outer_body_size,plate_size,lock_body_size,cylinder_size,fid,
mid,lever_pins,no_of_keys,tokid,body_metal_used,lock_body_metal_used,cylinder_metal_used,inner_parts_metal_used,
ptid,shackle_size,shackle_thickness,handle_height,handle_length,rod_thickness,door_thickness,door_width,utid,max_load,item_status,
unit_weight,stdpkg_qty,stdpkg_unit,stdpkg_weight,case_pkg_qty,case_pkg_unit,case_pkg_weight,faid,
faid1,homepage_display,item_description,item_specification,menu_name,outer_body_size1,plate_size1,lock_body_size1,cylinder_size1,
shackle_size1,shackle_thickness1,handle_height1,handle_length1,rod_thickness1,door_thickness1,door_width1,unit_weight1,stdpkg_unit1,
stdpkg_weight1,case_pkg_unit1,case_pkg_weight1,max_load_weight,aid,last_updated,case_size,case_size1,special)
values('$_POST[subproduct_id]','$_POST[product_id]','$_POST[design_id]','$_POST[progroup_id]','$_POST[procatgroup_id]','$_POST[category_heading]',
'$_POST[value_series]','$_POST[item_code]','$_POST[product_design_name]','".trim(addslashes($_POST[item_title]))."','$_POST[model_no]',
'$_POST[handle_type]','$_POST[item_price1]','$_POST[outer_body_size]','$_POST[plate_size]','$_POST[lock_body_size]','$_POST[cylinder_size]',
'$_POST[finish]','$_POST[mechanism_used]','$_POST[lever_pins]','$_POST[no_of_keys]','$_POST[type_of_key]','$_POST[body_metal_used]',
'$_POST[lock_body_metal_used]','$_POST[cylinder_metal_used]','$_POST[inner_parts_metal_used]','$_POST[plate_type]','$_POST[shackle_size]'
,'$_POST[shackle_thickness]','$_POST[handle_height]','$_POST[handle_length]','$_POST[rod_thickness]','$_POST[door_thickness]','$_POST[door_width]',
'$_POST[utilization]','$_POST[max_load]','$_POST[item_status]','$_POST[unit_weight]','$_POST[stdpkg_qty]','$_POST[stdpkg_unit]'
,'$_POST[stdpkg_weight]','$_POST[case_pkg_qty]','$_POST[case_pkg_unit]','$_POST[case_pkg_weight]','$_POST[facility_available]',
'$_POST[facility_available1]','$_POST[homepage_display]','$_POST[item_description]','$_POST[item_specification]','$_POST[menu_name]',
'$_POST[outer_body_size1]','$_POST[plate_size1]','$_POST[lock_body_size1]','$_POST[cylinder_size1]','$_POST[shackle_size1]',
'$_POST[shackle_thickness1]','$_POST[handle_height1]','$_POST[handle_length1]','$_POST[rod_thickness1]','$_POST[door_thickness1]',
'$_POST[door_width1]','$_POST[unit_weight1]','$_POST[stdpkg_unit1]','$_POST[stdpkg_weight1]','$_POST[case_pkg_unit1]','$_POST[case_pkg_weight1]',
'$_POST[max_load_weight]','$_POST[applications]','$stdate2','$_POST[case_size]','$_POST[case_size1]','$_POST[special]')"))
{
$id=$obj->recentID();
if($_FILES['product_specification_upload']['name']!=''){
$doc_upload="docupload/".$id.$_FILES['product_specification_upload']['name'];
$dirdocupload="docupload";
if (!file_exists("../".$dirdocupload))
{
mkdir("../".$dirdocupload,0777,true);
chmod("../".$dirdocupload , 0777);
}
if(uploader($_FILES['product_specification_upload']['tmp_name'],FOLDER_BACK.$doc_upload)===true)
{
$obj->execute("update items set product_specification_upload='$doc_upload' where item_id='$id'");
}
}
if($_FILES['item_image']['name']!=''){
$path="images/items/".$id.$_FILES['item_image']['name'];
$path1="images/technical_drawing/".$id.$_FILES['titem_image']['name'];
$dirthumbname="Thumb";
$dirthumbname1="Thumb";
if (!file_exists("../images/items-small/".$dirthumbname))
{
mkdir("../images/items-small/".$dirthumbname,0777,true);
chmod("../images/items-small/".$dirthumbname , 0777);
}
if(uploader($_FILES['titem_image']['tmp_name'],FOLDER_BACK.$path1)===true)
{
$obj->execute("update items set titem_image='$path1' where item_id='$id'");
}
if(uploader1($_FILES['item_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$obj->execute("update item_images set image='$file' where image_id='$id'");
$items="images/items/";
$items_small="images/items-small/";
$items_small_thumb="images/items-small/Thumb/";
$file=$id.$_FILES['item_image']['name'];
$filetype=$_FILES['item_image']['type'];
$items_path=$items.$file;
$items_small_path=$items_small.$file;
$items_small_Thumb_path=$items_small_thumb.$file;
copy(FOLDER_BACK.$items_path,FOLDER_BACK.$items_small_path);
copy(FOLDER_BACK.$items_path,FOLDER_BACK.$items_small_Thumb_path);
$work = new ImgResizer(FOLDER_BACK.$items_path);
$work ->resize(270,FOLDER_BACK.$items_small_path);
$work1 = new ImgResizer(FOLDER_BACK.$items_path);
$work1 ->resize(30,FOLDER_BACK.$items_small_Thumb_path);
$obj->execute("update items set item_image='$path',items_small_path='$items_small_path' where item_id='$id'");
}
$obj->execute("UPDATE item_images SET item_id = '$id' WHERE image_id IN ($_POST[image_ids])");
/*if(is_array($_POST['color']))
{
foreach($_POST['color'] as $key => $value)
{
if(!empty($value))
{
$obj->execute("insert into item_colors(color,item_id) values('$value','$id')");
}
}
}*/
$obj->redirect("add_edit_product.php?action=add");
}
$obj->redirect("add_edit_product.php?action=add");
}else{
$obj->redirect("add_edit_product.php?action=notadd");
}
}
elseif(isset($_GET['item_image']))
{
$dirthumbname="Thumb";
if (!file_exists("../images/items-small/".$dirthumbname))
{
mkdir("../images/items-small/".$dirthumbname,0777,true);
chmod("../images/items-small/".$dirthumbname , 0777);
}
$count=count($_FILES['item_image']);
$item_id=$_POST['item_id'];
$ids=0;
for($i=0;$i<$count;$i++)
{
if($_FILES['item_image']['name'][$i]!="")
{
$obj->execute("insert into item_images(image) values('1')");
$id=$obj->recentID();
$items="images/items/";
$items_small="images/items-small/";
$items_small_thumb="images/items-small/Thumb/";
$file=$id.$_FILES['item_image']['name'][$i];
$items_path=$items.$file;
$items_small_path=$items_small.$file;
$items_small_Thumb_path=$items_small_thumb.$file;
if(uploader($_FILES['item_image']['tmp_name'][$i],FOLDER_BACK.$items_path)===true)
{
$obj->execute("update item_images set image='$items_path',item_id='$item_id' where image_id='$id'");
copy(FOLDER_BACK.$items_path,FOLDER_BACK.$items_small_path);
copy(FOLDER_BACK.$items_path,FOLDER_BACK.$items_small_Thumb_path);
$work = new ImgResizer(FOLDER_BACK.$items_path);
$work ->resize1(270,FOLDER_BACK.$items_small_path);
$work1 = new ImgResizer(FOLDER_BACK.$items_path);
$work1 ->resize(30,FOLDER_BACK.$items_small_Thumb_path);
if($ids==0){$ids=$id;}else{$ids.=",".$id;}
}
}
}
if($ids!=0)
$obj->redirect("uploader.php?action=add&image_id=$ids&item_id=$item_id");
else
$obj->redirect("uploader.php?action=notadd");
}
}
else if($_GET['action']=="update")
{
if(isset($_POST['brand_submit_update']))
{
$sql_cat=mysql_query("select * from brand where brandid<>'".$_POST['brandid']."' and brand_name='".$_POST['brand_name']."'")
or die(mysql_error());
$tot_cat=mysql_num_rows($sql_cat);
if($tot_cat=='0'){
$val=trim($_FILES['brand_image']['name']);
if(empty($val))
{
$query="update brand set brand_name='".$_POST['brand_name']."' ,brand_description='".$_POST['brand_description']."',
status='".$_POST['status']."' where brandid='".$_POST['brandid']."'";
}
else
{
$path="images/brand/".$_POST['brandid'].$_FILES['brand_image']['name'];
$sql_sel="select brand_image from brand where brandid='".$_POST['brandid']."'";
$rs_select=mysql_query($sql_sel) or die(mysql_error());
$tot=mysql_num_rows($rs_select);
if($tot!='0'){
$brand_image=mysql_result($rs_select,0,"brand_image");
}
if($brand_image!=""){delete_file(FOLDER_BACK.$brand_image);}
if(uploader($_FILES['brand_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$query="update brand set brand_name='".$_POST['brand_name']."' ,brand_description='".$_POST['brand_description']."',
status='".$_POST['status']."',brand_image='".$path."' where brandid='".$_POST['brandid']."' ";
}
else
{
$obj->redirect("manage_brand.php?page=".$_REQUEST['page']."&action=notupdate");
}
}
if($obj->execute($query))
{
$obj->redirect("manage_brand.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_brand.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_brand.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
else if(isset($_POST['ctegory_submit_update']))
{
$sql_cat=mysql_query("select * from category where catid<>'".$_POST['catid']."' and brandid='".$_POST['brand_name']."' and cat_name='".$_POST['cat_name']."'")
or die(mysql_error());
$tot_cat=mysql_num_rows($sql_cat);
if($tot_cat=='0'){
$val=trim($_FILES['cat_image']['name']);
if(empty($val))
{
$query="update category set brandid='".$_POST['brand_name']."',cat_name='".$_POST['cat_name']."' ,cat_description='".$_POST['cat_description']."',
status='".$_POST['status']."' where catid='".$_POST['catid']."'";
}
else
{
$path="images/category/".$_POST['catid'].$_FILES['cat_image']['name'];
$sql_sel="select cat_image from category where catid='".$_POST['catid']."'";
$rs_select=mysql_query($sql_sel) or die(mysql_error());
$tot=mysql_num_rows($rs_select);
if($tot!='0'){
$cat_image=mysql_result($rs_select,0,"cat_image");
}
if($cat_image!=""){delete_file(FOLDER_BACK.$cat_image);}
if(uploader($_FILES['cat_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$query="update category set brandid='".$_POST['brand_name']."',cat_name='".$_POST['cat_name']."' ,cat_description='".$_POST['cat_description']."',
catstatus='".$_POST['status']."',cat_image='".$path."' where catid='".$_POST['catid']."' ";
}
else
{
$obj->redirect("manage_category.php?page=".$_REQUEST['page']."&action=notupdate");
}
}
if($obj->execute($query))
{
$obj->redirect("manage_category.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_category.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_category.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['subctegory_submit_update']))
{
$sql_subcat=mysql_query("select * from subcategory where subcatid<>'".$_POST['subcatid']."' and catid='".$_POST['cat_name']."' and
subcat_name='".$_POST['subcat_name']."'") or die(mysql_error());
$tot_subcat=mysql_num_rows($sql_subcat);
if($tot_subcat=='0'){
$val=trim($_FILES['subcat_image']['name']);
if(empty($val))
{
$query="update subcategory set catid='".$_POST['cat_name']."', subcat_name='".$_POST['subcat_name']."',
subcat_description='".$_POST['subcat_description']."',subcatstatus='".$_POST['status']."',order_colm='".$_REQUEST['order_colm']."' where subcatid='".$_POST['subcatid']."'";
}
else
{
$path="images/subcategory/".$_POST['subcatid'].$_FILES['subcat_image']['name'];
$sql_sel="select subcat_image from subcategory where subcatid='".$_POST['subcatid']."'";
$rs_select=mysql_query($sql_sel) or die(mysql_error());
$tot=mysql_num_rows($rs_select);
if($tot!='0'){
$subcat_image=mysql_result($rs_select,0,"subcat_image");
}
if($subcat_image!=""){delete_file(FOLDER_BACK.$subcat_image);}
if(uploader($_FILES['subcat_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$query="update subcategory set catid='".$_POST['cat_name']."', subcat_name='".$_POST['subcat_name']."',subcat_description='".$_POST['subcat_description']."',
subcatstatus='".$_POST['status']."',order_colm='".$_REQUEST['order_colm']."',subcat_image='".$path."' where subcatid='".$_POST['subcatid']."'";
}
else
{
$obj->redirect("manage_subcategory.php?page=".$_REQUEST['page']."&action=notupdate");
}
}
if($obj->execute($query))
{
$obj->redirect("manage_subcategory.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_subcategory.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_subcategory.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['menu_submit_update'])){
$sql_menu=mysql_query("select * from navigation where menuid<>'".$_POST['menuid']."' and name='".$_POST['menu_title']."'") or die(mysql_error());
$tot__menu=mysql_num_rows($sql_menu);
if($tot__menu=='0'){
$query="update navigation set name='".$_POST['menu_title']."',position ='".$_POST['position']."',status ='".$_REQUEST['status']."'
where menuid='".$_POST['menuid']."'";
if($obj->execute($query))
{
$obj->redirect("manage_menu.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_menu.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_menu.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['submenu_submit_update'])){
$sql_menu=mysql_query("select * from sub_navigation where submenuid<>'".$_POST['submenuid']."' and menuid='".$_POST['menu_name']."' and submenu_name='".$_POST['menu_title']."'") or die(mysql_error());
$tot__menu=mysql_num_rows($sql_menu);
if($tot__menu=='0'){
$query="update sub_navigation set menuid='".$_POST['menu_name']."',submenu_name ='".$_POST['menu_title']."',url='".$_REQUEST['menu_url']."',
submenustatus='".$_REQUEST['status']."' where submenuid='".$_POST['submenuid']."'";
if($obj->execute($query))
{
$obj->redirect("manage_submenu.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_submenu.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_submenu.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['slider_submit_update']))
{
$sql_slider=mysql_query("select * from slider where sliderid<>'".$_POST['sliderid']."' and slider_title='".$_POST['slider_title']."'") or die(mysql_error());
$tot_slider=mysql_num_rows($sql_slider);
if($tot_slider=='0'){
$val=trim($_FILES['slider_image']['name']);
if(empty($val))
{
$query="update slider set slider_title='".$_POST['slider_title']."', slider_caption='".$_POST['slider_captions']."',
sort_order='".$_POST['sort_order']."',display_page='".$_POST['page_display']."',status='".$_REQUEST['status']."' where sliderid='".$_POST['sliderid']."'";
}
else
{
$path="images/slider/".$_POST['sliderid'].$_FILES['slider_image']['name'];
$sql_sel="select slider_image from slider where sliderid='".$_POST['sliderid']."'";
$rs_select=mysql_query($sql_sel) or die(mysql_error());
$tot=mysql_num_rows($rs_select);
if($tot!='0'){
$slider_image=mysql_result($rs_select,0,"slider_image");
}
if($slider_image!=""){delete_file(FOLDER_BACK.$slider_image);}
if(uploader($_FILES['slider_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$query="update slider set slider_title='".$_POST['slider_title']."', slider_caption='".$_POST['slider_captions']."',sort_order='".$_POST['sort_order']."',
display_page='".$_POST['page_display']."',status='".$_REQUEST['status']."',slider_image='".$path."' where sliderid='".$_POST['sliderid']."'";
}
else
{
$obj->redirect("manage_slider.php?page=".$_REQUEST['page']."&action=notupdate");
}
}
if($obj->execute($query))
{
$obj->redirect("manage_slider.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_slider.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_slider.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['banner_submit_update']))
{
$sql_banner=mysql_query("select * from banner where bannerid<>'".$_POST['bannerid']."' and banner_title='".$_POST['banner_title']."'") or die(mysql_error());
$tot_banner=mysql_num_rows($sql_banner);
if($tot_banner=='0'){
$val=trim($_FILES['banner_image']['name']);
if(empty($val))
{
$query="update banner set banner_title='".$_POST['banner_title']."', banner_caption='".$_POST['banner_captions']."',banner_url='".$_POST['banner_url']."',
sort_order='".$_POST['sort_order']."',display_page='".$_POST['page_display']."',status='".$_REQUEST['status']."' where bannerid='".$_POST['bannerid']."'";
}
else
{
$path="images/banner/".$_POST['bannerid'].$_FILES['banner_image']['name'];
$sql_sel="select banner_image from banner where bannerid='".$_POST['bannerid']."'";
$rs_select=mysql_query($sql_sel) or die(mysql_error());
$tot=mysql_num_rows($rs_select);
if($tot!='0'){
$banner_image=mysql_result($rs_select,0,"banner_image");
}
if($banner_image!=""){delete_file(FOLDER_BACK.$banner_image);}
if(uploader($_FILES['banner_image']['tmp_name'],FOLDER_BACK.$path)===true)
{
$query="update banner set banner_title='".$_POST['banner_title']."', banner_caption='".$_POST['banner_captions']."',sort_order='".$_POST['sort_order']."',
display_page='".$_POST['page_display']."',status='".$_REQUEST['status']."',banner_image='".$path."' where bannerid='".$_POST['bannerid']."'";
}
else
{
$obj->redirect("manage_banners.php?page=".$_REQUEST['page']."&action=notupdate");
}
}
if($obj->execute($query))
{
$obj->redirect("manage_banners.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_banners.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_banners.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['api_submit_update'])){
$sql_api=mysql_query("select * from api_manage where api_id<>'".$_POST['api_id']."' and api_title='".$_POST['api_title']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
$query="update api_manage set api_title='".$_POST['api_title']."',api_description ='".$_POST['api_description']."',api_code ='".$_POST['api_code']."',
status ='".$_REQUEST['status']."' where api_id='".$_POST['api_id']."'";
if($obj->execute($query))
{
$obj->redirect("manage_api.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_api.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_api.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['pm_submit_update'])){
$sql_api=mysql_query("select * from payment_method where pmid<>'".$_POST['pmid']."' and paymethod_name='".$_POST['payment_method_name']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
$query="update payment_method set paymethod_name='".$_POST['payment_method_name']."',status ='".$_REQUEST['status']."' where pmid='".$_POST['pmid']."'";
if($obj->execute($query))
{
$obj->redirect("manage_payment_method.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_payment_method.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_payment_method.php?page=".$_REQUEST['page']."&action=duplicate");
}
}elseif(isset($_POST['role_resources_submit_update'])){
$sql_api=mysql_query("select * from role_resources where role_resources_id<>'".$_POST['rrid']."' and role_resources_name='".$_POST['role_resources_name']."'") or die(mysql_error());
$tot_api=mysql_num_rows($sql_api);
if($tot_api=='0'){
$query="update role_resources set role_resources_name='".$_POST['role_resources_name']."',role_resources_status ='".$_REQUEST['status']."' where role_resources_id='".$_POST['rrid']."'";
if($obj->execute($query))
{
$obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=notupdate");
}
}else{
$obj->redirect("manage_role_resources.php?page=".$_REQUEST['page']."&action=duplicate");
}
}
elseif(isset($_POST['item_submit_update']))
{
$val=trim($_FILES['item_image']['name']);
$val1=trim($_FILES['product_specification_upload']['name']);
$val2=trim($_FILES['titem_image']['name']);
if($val!=''){
$image=$obj->featch($obj->execute("select item_image from items where item_id='$_POST[item_id]'"));
$image=$image['item_image'];
$image1=explode("/",$image);
if($image!=""){
delete_file("../images/items-small/Thumb/$image1[2]");
delete_file("../images/items-small/$image1[2]");
delete_file(FOLDER_BACK.$image);
}
$path="images/items/".$_POST['item_id'].$_FILES['item_image']['name'];
$filepath=$_POST['item_id'].$_FILES['item_image']['name'];
$filetype1=$_FILES['item_image']['type'];
$dirthumbname="Thumb";
if (!file_exists("../images/items-small/".$dirthumbname))
{
mkdir("../images/items-small/".$dirthumbname,0777,true);
chmod("../images/items-small/".$dirthumbname , 0777);
}
if(uploader($_FILES['item_image']['tmp_name'],FOLDER_BACK.$path)===true){
$items="images/items/";
$items_small="images/items-small/";
$items_small_thumb="images/items-small/Thumb/";
$file=$_POST['item_id'].$_FILES['item_image']['name'];
$filetype=$_FILES['item_image']['type'];
$items_path=$items.$file;
$items_small_path=$items_small.$file;
$items_small_Thumb_path=$items_small_thumb.$file;
copy(FOLDER_BACK.$items_path,FOLDER_BACK.$items_small_path);
copy(FOLDER_BACK.$items_path,FOLDER_BACK.$items_small_Thumb_path);
$work = new ImgResizer(FOLDER_BACK.$items_path);
$work ->resize1(270,FOLDER_BACK.$items_small_path);
$work1 = new ImgResizer(FOLDER_BACK.$items_path);
$work1 ->resize(30,FOLDER_BACK.$items_small_Thumb_path);
$obj->execute("update items set item_image='$path',items_small_path='$items_small_path' where item_id='$_POST[item_id]'");
}
}
if($val1!=''){
$doc_upload="docupload/".$_POST['item_id'].$_FILES['product_specification_upload']['name'];
$dirdocupload="docupload";
if (!file_exists("../".$dirdocupload))
{
mkdir("../".$dirdocupload,0777,true);
chmod("../".$dirdocupload , 0777);
}
$psu=$obj->featch($obj->execute("select product_specification_upload from items where item_id='$_POST[item_id]'"));
$psu=$psu['product_specification_upload'];
$psu1=explode("/",$psu);
if($psu!=""){
delete_file(FOLDER_BACK.$psu);
}
if(uploader($_FILES['product_specification_upload']['tmp_name'],FOLDER_BACK.$doc_upload)===true)
{
$obj->execute("update items set product_specification_upload='$doc_upload' where item_id='$_POST[item_id]'");
}
}
if($val2!=''){
$path1="images/technical_drawing/".$_POST['item_id'].$_FILES['titem_image']['name'];
$tiimage=$obj->featch($obj->execute("select titem_image from items where item_id='$_POST[item_id]'"));
$tiimage_1=$tiimage['titem_image'];
$tiimage1=explode("/",$tiimage_1);
if($tiimage_1!=""){
delete_file(FOLDER_BACK.$tiimage_1);
}
if(uploader($_FILES['titem_image']['tmp_name'],FOLDER_BACK.$path1)===true){
$obj->execute("update items set titem_image='$path1' where item_id='$_POST[item_id]'");
}
}
$query="update items set
subproduct_id='$_POST[subproduct_id]',
product_id='$_POST[product_id]',
design_id=$_POST[design_id],
progroup_id='$_POST[progroup_id]',
procatgroup_id='$_POST[procatgroup_id]',
chid='$_POST[category_heading]',
vsid='$_POST[value_series]',
item_code='$_POST[item_code]',
product_design_name='$_POST[product_design_name]',
item_title='".trim(addslashes($_POST[item_title]))."',
model_no='$_POST[model_no]',
htid='$_POST[handle_type]',
item_price1='$_POST[item_price1]',
outer_body_size='$_POST[outer_body_size]',
plate_size='$_POST[plate_size]',
lock_body_size='$_POST[lock_body_size]',
cylinder_size='$_POST[cylinder_size]',
fid='$_POST[finish]',
mid='$_POST[mechanism_used]',
lever_pins='$_POST[lever_pins]',
no_of_keys='$_POST[no_of_keys]',
tokid='$_POST[type_of_key]',
body_metal_used='$_POST[body_metal_used]',
lock_body_metal_used='$_POST[lock_body_metal_used]',
cylinder_metal_used='$_POST[cylinder_metal_used]',
inner_parts_metal_used='$_POST[inner_parts_metal_used]',
ptid='$_POST[plate_type]',
shackle_size='$_POST[shackle_size]',
shackle_thickness='$_POST[shackle_thickness]',
handle_height='$_POST[handle_height]',
handle_length='$_POST[handle_length]',
rod_thickness='$_POST[rod_thickness]',
door_thickness='$_POST[door_thickness]',
door_width='$_POST[door_width]',
utid='$_POST[utilization]',
max_load='$_POST[max_load]',
item_status='$_POST[item_status]',
unit_weight='$_POST[unit_weight]',
stdpkg_qty='$_POST[stdpkg_qty]',
stdpkg_unit='$_POST[stdpkg_unit]',
stdpkg_weight='$_POST[stdpkg_weight]',
case_pkg_qty='$_POST[case_pkg_qty]',
case_pkg_unit='$_POST[case_pkg_unit]',
case_pkg_weight='$_POST[case_pkg_weight]',
faid='$_POST[facility_available]',
faid1='$_POST[facility_available1]',
homepage_display='$_POST[homepage_display]',
special='$_POST[special]',
item_description='$_POST[item_description]',
item_specification='$_POST[item_specification]',
menu_name='$_POST[menu_name]',
outer_body_size1='$_POST[outer_body_size1]',
plate_size1='$_POST[plate_size1]',
lock_body_size1='$_POST[lock_body_size1]',
cylinder_size1='$_POST[cylinder_size1]',
shackle_size1='$_POST[shackle_size1]',
shackle_thickness1='$_POST[shackle_thickness1]',
handle_height1='$_POST[handle_height1]',
handle_length1='$_POST[handle_length1]',
rod_thickness1='$_POST[rod_thickness1]',
door_thickness1='$_POST[door_thickness1]',
door_width1='$_POST[door_width1]',
unit_weight1='$_POST[unit_weight1]',
stdpkg_unit1='$_POST[stdpkg_unit1]',
stdpkg_weight1='$_POST[stdpkg_weight1]',
case_pkg_unit1='$_POST[case_pkg_unit1]',
case_pkg_weight1='$_POST[case_pkg_weight1]',
max_load_weight='$_POST[max_load_weight]',
aid='$_POST[applications]',
case_size='$_POST[case_size]',
case_size1='$_POST[case_size1]',
last_updated='$stdate2' where item_id='$_POST[item_id]'";
if($obj->execute($query)){
$obj->execute("UPDATE item_images SET item_id = '$_POST[item_id]' WHERE image_id IN ($_POST[image_ids])");
if($_REQUEST['show']=='cat'){
$obj->redirect("manage_products.php?action=update&show=cat&page=".$_REQUEST['page']."&cat=".$_REQUEST['cat']);
}elseif($_REQUEST['show']=='subcat'){
$obj->redirect("manage_products.php?action=update&show=subcat&page=".$_REQUEST['page']."&subcat=".$_REQUEST['subcat']);
}elseif($_REQUEST['show']=='code'){
$obj->redirect("manage_products.php?action=update&show=code&page=".$_REQUEST['page']."&itemcode=".$_REQUEST['itemcode']);
}elseif($_REQUEST['show']=='pac'){
$obj->redirect("manage_products.php?action=update&show=pac&page=".$_REQUEST['page']."&procatgr_id=".$_REQUEST['procatgr_id']);
}else{
$obj->redirect("manage_products.php?action=update&page=".$_REQUEST['page']);
}
//$obj->redirect("manage_products.php?action=update&page=".$_REQUEST['page']."&subcat=".$_REQUEST['subcat']."&cat=".$_REQUEST['cat'].
// "&procatgr_id=".$_REQUEST['procatgr_id']."&itemcode=".$_REQUEST['itemcode']);
}else{
if($_REQUEST['show']=='cat'){
$obj->redirect("manage_products.php?action=notupdate&show=cat&page=".$_REQUEST['page']."&cat=".$_REQUEST['cat']);
}elseif($_REQUEST['show']=='subcat'){
$obj->redirect("manage_products.php?action=notupdate&show=subcat&page=".$_REQUEST['page']."&subcat=".$_REQUEST['subcat']);
}elseif($_REQUEST['show']=='code'){
$obj->redirect("manage_products.php?action=notupdate&show=code&page=".$_REQUEST['page']."&itemcode=".$_REQUEST['itemcode']);
}elseif($_REQUEST['show']=='pac'){
$obj->redirect("manage_products.php?action=notupdate&show=pac&page=".$_REQUEST['page']."&procatgr_id=".$_REQUEST['procatgr_id']);
}else{
$obj->redirect("manage_products.php?action=notupdate&page=".$_REQUEST['page']);
}
//$obj->redirect("manage_products.php?action=notupdate&page=".$_REQUEST['page']."&subcat=".$_REQUEST['subcat']."&cat=".$_REQUEST['cat'].
// "&procatgr_id=".$_REQUEST['procatgr_id']."&itemcode=".$_REQUEST['itemcode']);
}
}
else if(isset($_POST['btn_editusers']))
{
$res=$obj->execute("update admin set admin_name='$_POST[admin_name]',admin_email='$_POST[admin_email]',admin_password='$_POST[admin_password]' where admin_id='$_SESSION[admin_id]'");
if($res){
$obj->redirect("profile.php?page=".$_REQUEST['page']."&action=update");
}else{
$obj->redirect("profile.php?page=".$_REQUEST['page']."&action=notupdate");
}
}
}
else if($_GET['action']=="delete")
{
if(isset($_GET['design_id']))
{
$image=$obj->featch($obj->execute("select design_image from designes where design_id='$_GET[design_id]'"));
$image=$image['design_image'];
if($obj->execute("delete from designes where design_id='$_GET[design_id]'"))
{
if($image!=""){delete_file(FOLDER_BACK.$image);}
$res=$obj->execute("select * from products where design_id='$_GET[design_id]'");
while($row=$obj->featch($res))
{
if($row['product_image']!=""){delete_file(FOLDER_BACK.$row['product_image']);}
$res_items=$obj->execute("select * from items where product_id='$row[product_id]'");
while($row_items=$obj->featch($res_items))
{
if($row_items['item_image']!=""){delete_file(FOLDER_BACK.$row_items['item_image']);}
}
$obj->execute("delete from items where product_id='$row[product_id]'");
}
$obj->execute("delete from products where design_id='$_GET[design_id]'");
$obj->redirect("manage_category.php?page=".$_REQUEST['page']."&action=delete");
}else{
$obj->redirect("manage_category.php?page=".$_REQUEST['page']."&action=notdelete");
}
}
elseif($_GET['tag']=="deletedesign")
{
if(is_array($_POST['design_id']))
{
foreach($_POST['design_id'] as $key=>$value)
{
$image=$obj->featch($obj->execute("select design_image from designes where design_id='$value'"));
$image=$image['design_image'];
if($obj->execute("delete from designes where design_id='$value'"))
{
if($image!=""){delete_file(FOLDER_BACK.$image);}
$res=$obj->execute("select * from products where design_id='$value'");
while($row=$obj->featch($res))
{
if($row['product_image']!=""){delete_file(FOLDER_BACK.$row['product_image']);}
$res_items=$obj->execute("select * from items where product_id='$row[product_id]'");
while($row_items=$obj->featch($res_items))
{
if($row_items['item_image']!=""){delete_file(FOLDER_BACK.$row_items['item_image']);}
}
$obj->execute("delete from items where product_id='$row[product_id]'");
}
$obj->execute("delete from products where design_id='$value'");
}
}
$obj->redirect("manage_category.php?page=".$_REQUEST['page']."&action=delete");
}
else
{
$obj->redirect("manage_category.php?page=".$_REQUEST['page']."&action=notdelete");
}
}
elseif(isset($_GET['product_id']))
{
$image=$obj->featch($obj->execute("select * from products where product_id='$_GET[product_id]'"));
$image=$image['product_image'];
if($obj->execute("delete from products where product_id='$_GET[product_id]'"))
{
if($image!=""){delete_file(FOLDER_BACK.$image);}
$res_items=$obj->execute("select * from items where product_id='$_GET[product_id]'");
while($row_items=$obj->featch($res_items))
{
if($row_items['item_image']!=""){delete_file(FOLDER_BACK.$row_items['item_image']);}
}
$obj->execute("delete from items where product_id='$row[product_id]'");
$obj->redirect("manage_subcategory.php?page=".$_REQUEST['page']."&action=delete");
}
else
{
$obj->redirect("manage_subcategory.php?page=".$_REQUEST['page']."&action=notdelete");
}
}
elseif($_GET['tag']=="deleteproducts")
{
if(is_array($_POST['product_id']))
{
foreach($_POST['product_id'] as $key=>$value)
{
$image=$obj->featch($obj->execute("select product_image from products where product_id='$value'"));
$image=$image['product_image'];
if($obj->execute("delete from products where product_id='$value'"))
{
if($image!=""){delete_file(FOLDER_BACK.$image);}
$res_items=$obj->execute("select * from items where product_id='$value'");
while($row_items=$obj->featch($res_items))
{
if($row_items['item_image']!=""){delete_file(FOLDER_BACK.$row_items['item_image']);}
}
$obj->execute("delete from items where product_id='$row[product_id]'");
}
}
$obj->redirect("manage_subcategory.php?page=".$_REQUEST['page']."&action=delete");
}
else
{
$obj->redirect("manage_subcategory.php?page=".$_REQUEST['page']."&action=notdelete");
}
}
elseif(isset($_GET['item_id']))
{
$image=$obj->featch($obj->execute("select * from items where item_id='$_GET[item_id]'"));
$image=$image['item_image'];
if($obj->execute("delete from items where item_id='$_GET[item_id]'"))
{ if($image!=""){delete_file(FOLDER_BACK.$image);}
$obj->redirect("manage_products.php?page=".$_REQUEST['page']."&action=delete");
}
else
{
$obj->redirect("manage_products.php?page=".$_REQUEST['page']."&action=notdelete");
}
}
elseif($_GET['tag']=="deleteitems")
{
if(is_array($_POST['item_id']))
{
foreach($_POST['item_id'] as $key=>$value)
{
$image=$obj->featch($obj->execute("select image from item_images where item_id='$value'"));
$image=$image['item_image'];
if($image!=""){delete_file(FOLDER_BACK.$image);}
$obj->execute("delete from items where item_id='$value'");
}
$obj->redirect("manage_products.php?page=".$_REQUEST['page']."&action=delete");
}
else
{
$obj->redirect("manage_products.php?page=".$_REQUEST['page']."&action=notdelete");
}
}
elseif(isset($_GET['mailing_list_id']))
{
if($obj->execute("delete from mailing_list where mailing_list_id='$_GET[mailing_list_id]'"))
{
$obj->redirect("mailing-list.php?action=delete");
}
else
{
$obj->redirect("mailing-list.php?action=notdelete");
}
}
elseif($_GET['tag']=="deletemailing_list")
{
if(is_array($_POST['mailing_list_id']))
{
foreach($_POST['mailing_list_id'] as $key=>$value)
{
$obj->execute("delete from mailing_list where mailing_list_id='$value'");
}
$obj->redirect("mailing-list.php?action=delete");
}
else
{
$obj->redirect("mailing-list.php?action=notdelete");
}
}
elseif(isset($_GET['user_id']))
{
if($obj->execute("delete from users where uid='$_GET[user_id]'"))
{
$obj->redirect("users.php?page=".$_REQUEST['page']."&action=delete");
}
else
{
$obj->redirect("users.php?page=".$_REQUEST['page']."&action=notdelete");
}
}
elseif($_GET['tag']=="deleteusers")
{
if(is_array($_POST['user_id']))
{
foreach($_POST['user_id'] as $key=>$value)
{
$obj->execute("delete from users where uid='$value'");
}
$obj->redirect("users.php?action=delete");
}
else
{
$obj->redirect("users.php?action=notdelete");
}
}
}else if($_GET['action']=="deleteimage"){
$image=$obj->featch($obj->execute("select * from items where item_id='$_GET[item_id]'"));
$image=$image['item_image'];
if($obj->execute("update items set item_image='' where item_id='$_GET[item_id]'"))
{ if($image!=""){delete_file(FOLDER_BACK.$image);}
$obj->redirect("manage_products.php?page=".$_REQUEST['page']."&action=deleteimage");
}
else
{
$obj->redirect("manage_products.php?page=".$_REQUEST['page']."&action=notdelete");
}
}
else if(isset($_POST['send_mailing_list']))
{
$exp=explode(",",$_POST['mailing_list_ids']);
foreach($exp as $key=>$value)
{
$row=$obj->featch($obj->execute("select mailing_list_email from mailing_list where mailing_list_id='$value' and mailing_list_status=1"));
$to=trim($row['mailing_list_email']);
$from="info@ZuzuBoutique.com";
$subject="Alert";
$message=$_POST['mailing_list_message'];
send_mail($to,$from,$subject,$message);
}
$obj->redirect("mailing-list.php?action=send");
}
elseif(isset($_POST['sub_banner']))
{
$upload=false;
$swf=explode(".",$_FILES['banner_one']['name']);
$swf=end($swf);
$image=explode("/",$_FILES['banner_one']['type']);
$image=$image[0];
if(strtolower($swf)=="swf")
{
$upload=true;
$type="swf";
}
else if(strtolower($image)=="image")
{
$upload=true;
$type="image";
}
if($upload===true)
{
if($obj->execute("UPDATE banners SET banner='".$_FILES['banner_one']['name']."',type='$type',banner_url='".$_POST['banner_url']."' WHERE banner_id='$_POST[banner_id]'"))
{
move_uploaded_file($_FILES['banner_one']['tmp_name'],"../uploades/".$_FILES['banner_one']['name']);
$_SESSION['meaasge']="Banner Upload Succeccfully...";
/* echo" <script>back()</script>"; */
$obj->redirect("banner.php");
}
$_SESSION['meaasge']="Banner Not Upload...";
$obj->redirect("banner.php");
/* echo" <script>back()</script>";*/
}
$_SESSION['meaasge']="Upload image or swf file only...";
/*$obj->redirect("banner.php");*/
echo" <script>back()</script>";
}
elseif(isset($_POST['sub_banner1']))
{
$upload=false;
$swf=explode(".",$_FILES['banner_one']['name']);
$swf=end($swf);
$image=explode("/",$_FILES['banner_one']['type']);
$image=$image[0];
if(strtolower($swf)=="swf")
{
$upload=true;
$type="swf";
}
else if(strtolower($image)=="image")
{
$upload=true;
$type="image";
}
if($upload===true)
{
if($obj->execute("UPDATE vertical_banners SET banner='".$_FILES['banner_one']['name']."',type='$type',banner_url='".$_POST['banner_url']."' WHERE banner_id='$_POST[banner_id]'"))
{
move_uploaded_file($_FILES['banner_one']['tmp_name'],"../vertical_uploades/".$_FILES['banner_one']['name']);
$_SESSION['meaasge']="Banner Upload Succeccfully...";
/* echo" <script>back()</script>"; */
$obj->redirect("vertical_banner.php");
}
$_SESSION['meaasge']="Banner Not Upload...";
$obj->redirect("vertical_banner.php");
/* echo" <script>back()</script>";*/
}
$_SESSION['meaasge']="Upload image or swf file only...";
/*$obj->redirect("banner.php");*/
echo" <script>back()</script>";
}elseif(isset($_POST['sub_banner2']))
{
$upload=false;
$swf=explode(".",$_FILES['banner_one']['name']);
$swf=end($swf);
$image=explode("/",$_FILES['banner_one']['type']);
$image=$image[0];
if(strtolower($swf)=="swf")
{
$upload=true;
$type="swf";
}
else if(strtolower($image)=="image")
{
$upload=true;
$type="image";
}
if($upload===true)
{
if($obj->execute("UPDATE home_banners SET banner='".$_FILES['banner_one']['name']."',type='$type',banner_url='".$_POST['banner_url']."' WHERE banner_id='$_POST[banner_id]'"))
{
move_uploaded_file($_FILES['banner_one']['tmp_name'],"../home_uploades/".$_FILES['banner_one']['name']);
$_SESSION['meaasge']="Banner Upload Succeccfully...";
/* echo" <script>back()</script>"; */
$obj->redirect("banner.php");
}
$_SESSION['meaasge']="Banner Not Upload...";
$obj->redirect("banner.php");
/* echo" <script>back()</script>";*/
}
$_SESSION['meaasge']="Upload image or swf file only...";
/*$obj->redirect("banner.php");*/
echo" <script>back()</script>";
}
?>