Products.php

1. <?php
2. require_once $_SERVER['DOCUMENT_ROOT'].'/tutorial/core/init.php';
3. if(!is_logged_in()){
4.   login_error_redirect();
5. }
6. include 'includes/head.php';
7. include 'includes/navigation.php';
8.  
9. if (isset($_GET['delete'])) {
10.   $delID = (int)$_GET['delete'];
11.   $delID = sanitize($delID);
12.   $delSql = "UPDATE products SET deleted = 1 WHERE id = '$delID'";
13.   $db->query($delSql);
14.   header('Location: products.php');
15. }
16.  
17. $dbpath = '';
18. if (isset($_GET['add']) || isset($_GET['edit'])) {
19.   $parentQ = $db->query("SELECT * FROM categories WHERE parent = 0 ORDER BY category");
20.   $title = ((isset($_POST['title']) && $_POST['title'] != '')?sanitize($_POST['title']):'');
21.   $parent = ((isset($_POST['parent']) && !empty($_POST['parent']))?sanitize($_POST['parent']):'');
22.   $category = ((isset($_POST['child']) && !empty($_POST['child']))?sanitize($_POST['child']):'');
23.   $price = ((isset($_POST['price']) && $_POST['price'] != '')?sanitize($_POST['price']):'');
24.   $price = preg_replace("/[^0-9]/", "", $price);
25.   $description = ((isset($_POST['description']))?sanitize($_POST['description']):'');
26.   $units = ((isset($_POST['units']) && $_POST['units'] != '')?sanitize($_POST['units']):'');
27.   $units = rtrim($units,',');
28.   $quantity = ((isset($_POST['quantity']) && $_POST['quantity'] != '')?sanitize($_POST['quantity']):'');
29.   $saved_image = '';
30.  
31.   if (isset($_GET['edit'])) {
32.     $edit_id = (int)$_GET['edit'];
33.     $edit_id = sanitize($edit_id);
34.     $productresults = $db->query("SELECT * FROM products WHERE id = '$edit_id'");
35.     $products = mysqli_fetch_assoc($productresults);
36.     if (isset($_GET['delete_image'])) {
37.       $imgi = (int)$_GET['imgi'] - 1;
38.       $images = explode(',',$products['image']);
39.       $image_url = $_SERVER['DOCUMENT_ROOT'].$images[$imgi];
40.       unlink($image_url);
41.       unset($images[$imgi]);
42.       $imageString = implode(',',$images);
43.       $db->query("UPDATE products SET image = '{$imageString}' WHERE id = '{$edit_id}'");
44.       header('Location: products.php?edit='.$edit_id);
45.     }
46.     $category = ((isset($_POST['child']) && $_POST['child'] != '')?sanitize($_POST['child']):$products['categories']);
47.     $title = ((isset($_POST['title']) && $_POST['title'] != '')?sanitize($_POST['title']):$products['title']);
48.     $parentResult = $db->query("SELECT * FROM categories WHERE id = '$category'");
49.     $pQ = mysqli_fetch_assoc($parentResult);
50.     $parent = ((isset($_POST['parent']) && $_POST['parent'] != '')?sanitize($_POST['parent']):$pQ['parent']);
51.     $price = ((isset($_POST['price']) && $_POST['price'] != '')?sanitize($_POST['price']):money($products['price']));
52.     $price = preg_replace("/[^0-9]/", "", $price);
53.     $description = ((isset($_POST['description']))?sanitize($_POST['description']):$products['description']);
54.     $units = ((isset($_POST['units']) && $_POST['units'] != '')?sanitize($_POST['units']):$products['units']);
55.     $units = rtrim($units,',');
56.     $quantity = ((isset($_POST['quantity']) && $_POST['quantity'] != '')?sanitize($_POST['quantity']):$products['quantity']);
57.     $saved_image = (($products['image'] != '')?$products['image']:'');
58.     $dbpath = $saved_image;
59.   }
60.  
61.   if (!empty($units)) {
62.     $unitstring = sanitize($units);
63.     $unitstring = rtrim($unitstring,',');
64.     $unitsArray = explode(',',$unitstring);
65.     $sArray = array();
66.     $qArray = array();
67.     $tArray = array();
68.     foreach ($unitsArray as $ss) {
69.       $s = explode(':',$ss);
70.       $sArray[] = $s[0];
71.       $qArray[] = $s[1];
72.       $tArray[] = $s[2];
73.     }
74.   }else{
75.     $unitsArray = array();
76.   }
77.  
78.   if ($_POST) {
79.     $errors = array();
80.     $required = array('title', 'parent', 'child', 'units', 'quantity');
81.     $allowed = array('png','jpg','jpeg','gif');
82.     $photoName = array();
83.     $uploadPath = array();
84.     $tmpLoc = array();
85.     foreach ($required as $field) {
86.       if ($_POST[$field] == '') {
87.         $errors[] = 'Form tidak boleh ada yang kosong!';
88.         break;
89.       }
90.     }
91.     var_dump($_FILES['photo']);
92.     $photoCount = count($_FILES['photo']['name']);
93.       if ($photoCount > 0) {
94.         for ($i=0; $i < $photoCount; $i++) { echo $i;
95.           $name = $_FILES['photo']['name'][$i];
96.           $nameArray = explode('.',$name);
97.           $fileName = $nameArray[0];
98.           $fileExt = $nameArray[1];
99.           $mime = explode('/',$_FILES['photo']['type'][$i]);
100.           $mimeType = $mime[0];
101.           $mimeExt = $mime[1];
102.           $tmpLoc[] = $_FILES['photo']['tmp_name'][$i];
103.           $fileUnit = $_FILES['photo']['size'][$i];
104.           $uploadName = md5(microtime().$i).'.'.$fileExt;
105.           $uploadPath[] = BASEURL.'images/products'.$uploadName;
106.           if ($i != 0) {
107.             $dbpath .= ',';
108.           }
109.           $dbpath .= '/tutorial/images/products'.$uploadName;
110.           if ($mimeType != 'image') {
111.             $errors[] = 'File harus berupa gambar';
112.           }
113.           if (!in_array($fileExt, $allowed)) {
114.             $errors[] = 'Gambar harus berekstensi png, jpg, jpeg atau gif';
115.           }
116.           if ($fileUnit > 15000000) {
117.             $errors[] = 'Ukuran file tidak boleh lebih dari 15MB.';
118.           }
119.           if ($fileExt != $mimeExt && ($mimeExt == 'jpeg' && $fileExt != 'jpg')) {
120.             $errors[] = 'Errors 404 ! Ulangi upload dengan benar';
121.       }
122.     }
123.   }
124.     if (!empty($errors)) {
125.       echo display_errors($errors);
126.     }else{
127.       if($photoCount > 0){
128.         //Upload file dan tambah ke dalam database
129.         for ($i=0; $i < $photoCount; $i++) {
130.           move_uploaded_file($tmpLoc[$i], $uploadPath[$i]);
131.         }
132.       }
133.       $insertSql = "INSERT INTO products (title, price, categories, units, image, description)
134.      VALUES ('$title', '$price', '$categories', '$units', '$quantity','$dbpath', '$description')";
135.       if (isset($_GET['edit'])) {
136.         $insertSql = "UPDATE products SET title = '$title', price = '$price',
137.        categories = '$categories', units = '$units', $quantity = 'quantity', image = '$dbpath', description = '$description'
138.        WHERE id = '$edit_id'";
139.       }
140.       $db->query($insertSql);
141.       header('Location: products.php');
142.     }
143.   }
144.   ?>
145.  
146.   <div class="container">
147.     <h2 class="text-center"><?=((isset($_GET['edit']))?'Edit ':'');?>Products</h2><hr>
148.     <form action="products.php?<?=((isset($_GET['edit']))?'edit='.$edit_id:'add=1');?>" method="post" enctype="multipart/form-data">
149.       <div class="form-group col-md-3">
150.         <label for="title">Title*:</label>
151.         <input type="text" name="title" class="form-control" id="title" value="<?=$title;?>">
152.       </div>
153.       <div class="form-group col-md-3">
154.         <label for="parent">Parent Category*:</label>
155.         <select class="form-control" id="parent" name="parent">
156.           <option value=""<?=(($parent == '')?' selected':'');?>></option>
157.           <?php foreach ($parentQ as $p) : ?>
158.             <option value="<?=$p['id'];?>"<?=(($parent == $p['id'])?' selected':'');?>><?=$p['category'];?></option>
159.           <?php endforeach; ?>
160.         </select>
161.       </div>
162.       <div class="form-group col-md-3">
163.         <label for="child">Child Category*:</label>
164.         <select class="form-control" id="child" name="child">
165.         </select>
166.       </div>
167.       <div class="form-group col-md-3">
168.         <label for="price">Price*:</label>
169.         <input type="text" id="price" name="price" class="form-control" value="<?=((isset($_GET['edit']))?money($price):'');?>">
170.       </div>
171.       <div class="form-group col-md-3">
172.         <label for="quantity">Quantity*:</label>
173.         <input type="text" id="quantity" name="quantity" class="form-control" value="<?=((isset($_GET['edit']))?($quantity):'');?>">
174.       </div>
175.       <div class="form-group col-md-3">
176.         <label for="quantity">Units*:</label>
177.       <select class="form-control" id="units" name="units"  value="<?=((isset($_GET['edit']))?($quantity):'');?>">
178.         <option>Kg</option>
179.         <option>Pcs</option>
180.         <option>Cyl</option>
181.         <option>Pkt</option>
182.       </select>
183.  
184.       </div>
185.       <div class="form-group col-md-6">
186.         <?php if($saved_image != '') : ?>
187.           <?php
188.             $imgi = 1;
189.             $images = explode(',',$saved_image);
190.           ?>
191.           <?php foreach($images as $image): ?>
192.           <div class="saved-image col-md-3">
193.             <img src="<?=$image;?>" alt="saved image"><br>
194.             <a href="products.php?delete_image=1&edit=<?=$edit_id;?>&imgi=<?=$imgi;?>" class="btn btn-xs btn-danger">Delete Image</a>
195.           </div>
196.           <?php
197.           $imgi++;
198.           endforeach; ?>
199.         <?php else: ?>
200.           <label for="photo">Products Photo*:</label>
201.           <input type="file" name="photo[]" id="photo" class="form-control" multiple>
202.         <?php endif; ?>
203.       </div>
204.       <div class="form-group col-md-6">
205.         <label for="description">Description*:</label>
206.         <textarea name="description" class="form-control" id="description" rows="6"><?=$description;?></textarea>
207.       </div>
208.       <div class="form-group pull-right" style="margin-right: 10px;">
209.         <a href="products.php" class="btn btn-default">Cancel</a>
210.         <input type="submit" class="btn btn-primary" value="<?=((isset($_GET['edit']))?'Edit':'');?>Add Product">
211.       </div><div class="clearfix"></div>
212.     </form>
213.   </div>
214.  
215.   <!-- Modal -->
216.     <?php
217. }else{
218.   $sql = "SELECT * FROM products WHERE deleted = 0";
219.   $presult = $db->query($sql);
220.   if (isset($_GET['featured'])) {
221.     $id = (int)$_GET['id'];
222.     $featured = (int)$_GET['featured'];
223.     $fsql = "UPDATE products SET featured = '$featured' WHERE id = '$id'";
224.     $db->query($fsql);
225.     header('Location: products.php');
226.   }
227.   ?>
228.   <div class="container">
229.     <h2 class="text-center">Products</h2>
230.     <a href="products.php?add=1" class="btn btn-primary pull-right" style="margin-top: -35px;">Add Product</a><div class="clearfix"></div>
231.     <hr>
232.     <table class="table table-bordered table-condensed table-striped">
233.       <thead>
234.         <th>Action</th><th>Produk</th><th>Harga</th><th>Kategori</th><th>Fitur</th><th>Terjual</th>
235.       </thead>
236.       <tbody>
237.         <?php foreach ($presult as $produk) :
238.           $childID = $produk['categories'];
239.           $catSql = "SELECT * FROM categories WHERE id = '$childID'";
240.           $result = $db->query($catSql);
241.           $child = mysqli_fetch_assoc($result);
242.           $parentID = $child['parent'];
243.           $pSql = "SELECT * FROM categories WHERE id = '$parentID'";
244.           $presult = $db->query($pSql);
245.           $parent = mysqli_fetch_assoc($presult);
246.           $category = $parent['category'].'->'.$child['category'];
247.           ?>
248.           <tr>
249.             <td>
250.               <a href="products.php?edit=<?=$produk['id'];?>" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span></a>
251.               <a href="products.php?delete=<?=$produk['id'];?>" class="btn btn-xs btn-default" onclick="return confirm('Yakin akan menghapus data ini ?');">
252.                 <span class="glyphicon glyphicon-remove"></span>
253.               </a>
254.             </td>
255.             <td><?=$produk['title'];?></td>
256.             <td><?=money($produk['price']);?></td>
257.             <td><?=$category;?></td>
258.             <td>
259.               <a href="products.php?featured=<?=(($produk['featured'] == 0)?'1':'0');?>&id=<?=$produk['id'];?>" class="btn btn-xs btn-default"
260.               title="<?=(($produk['featured'] == 0)?'Klik Untuk Menampilkan Produk':'Klik Untuk Tidak Menampilkan Produk Ini');?>">
261.                 <span class="glyphicon glyphicon-<?=(($produk['featured'] == 1)?'minus':'plus');?>"></span>
262.               </a>
263.               &nbsp; <?=(($produk['featured'] == 1)?'Ditampilkan':'Tidak Ditampilkan');?>
264.             </td>
265.             <td>0</td>
266.           </tr>
267.         <?php endforeach; ?>
268.       </tbody>
269.     </table>
270.   </div>
271.   <?php } include 'includes/footer.php'; ?>
272.   <script type="text/javascript">
273.     $('document').ready(function(){
274.       get_child_options('<?=$category;?>');
275.     });
276.   </script>