API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 22nd, 2017
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.38 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. class Admin {
  4. public $loaded = false;
  5.  
  6. public function __construct($email) {
  7. global $db;
  8.  
  9. $result = $db->query('SELECT * FROM admins WHERE admin_email = "'.$db->real_escape_string($email).'"');
  10.  
  11. if($result->num_rows == 0)
  12. return;
  13.  
  14. $this->loaded = true;
  15. $row = $result->fetch_assoc();
  16.  
  17. foreach($row as $key => $value) {
  18. $this->$key = $value;
  19. }
  20. }
  21.  
  22. public function updateProfile($name, $surname, $email, $password, $password_retype) {
  23.  
  24. global $db;
  25. global $admin;
  26. $errors = array();
  27.  
  28. // First name
  29. if(!empty($name)) {
  30. if(preg_match("/^[a-zA-Z0-9]+$/", $name) == 1)
  31. if(strlen($name) > 1 && (strlen($name)) < 20)
  32. $protect['name'] = htmlspecialchars($name);
  33. else
  34. array_push($errors, "First name must be higher than 1 and less than 20 characters.<br>");
  35. else
  36. array_push($errors, "First name may contains only a-zA-Z0-9 characters.<br>");
  37. } else {
  38. $protect['name'] = $admin->admin_name;
  39. }
  40.  
  41. // Last name
  42. if(!empty($surname)) {
  43. if(preg_match("/^[a-zA-Z0-9]+$/", $surname) == 1)
  44. if(strlen($surname) > 1 && (strlen($surname)) < 20)
  45. $protect['surname'] = htmlspecialchars($surname);
  46. else
  47. array_push($errors, "Last name must be higher than 1 and less than 20 characters.<br>");
  48. else
  49. array_push($errors, "Last name may contains only a-zA-Z0-9 characters.<br>");
  50. } else {
  51. $protect['surname'] = $admin->admin_surname;
  52. }
  53.  
  54. // Email
  55. if(!empty($email)) {
  56. if(filter_var($email, FILTER_VALIDATE_EMAIL))
  57. $protect['email'] = htmlspecialchars($email);
  58. else
  59. array_push($errors, "You entered incorect E-mail adress<br>");
  60. } else {
  61. $protect['email'] = $admin->admin_email;
  62. }
  63.  
  64. // Password
  65. if(!empty($password) && !empty($password_retype)) {
  66. if($password == $password_retype) {
  67. $protect['password'] = $db->real_escape_string($password);
  68. } else {
  69. array_push($errors, "Password did not match.<br>");
  70. }
  71. } else {
  72. $protect['password'] = $admin->admin_password;
  73. }
  74.  
  75. // Stop function if there are errors
  76. if(!empty($errors))
  77. return $errors;
  78.  
  79. // Update admin into DB
  80. if (!$db->query("
  81. UPDATE admins SET
  82. admin_name = '".$protect['name']."',
  83. admin_surname = '".$protect['surname']."',
  84. admin_email = '".$protect['email']."',
  85. admin_password = '".$protect['password']."'
  86. WHERE admin_id = '".$admin->admin_id."'
  87.  
  88. ")) {
  89.  
  90. array_push($errors, "Something went wrong, please contact support.<br>");
  91. return $errors;
  92.  
  93. } else {
  94. return "Profile updated.<br>";
  95. }
  96.  
  97. return "Profile updated.<br>";
  98.  
  99. }
  100.  
  101. public function addProduct($name, $size, $description, $url, $price) {
  102.  
  103. global $db;
  104. global $admin;
  105. $errors = array();
  106.  
  107. // First name
  108. if(!empty($name)) {
  109. if(preg_match("/^[a-zA-Z0-9 ]+$/", $name) == 1)
  110. if(strlen($name) > 1 && (strlen($name)) < 50)
  111. $protect['name'] = htmlspecialchars($name);
  112. else
  113. array_push($errors, "Product name must be higher than 1 and less than 50 characters.<br>");
  114. else
  115. array_push($errors, "Product name may contains only a-zA-Z0-9 characters.<br>");
  116. } else {
  117. array_push($errors, "Product name is empty.<br>");
  118. }
  119.  
  120. // Last name
  121. if(!empty($size)) {
  122.  
  123. if(strlen($size) > 1 && (strlen($size)) < 100)
  124. $protect['size'] = htmlspecialchars($size);
  125. else
  126. array_push($errors, "Product size must be higher than 1 and less than 100 characters.<br>");
  127.  
  128. } else {
  129. array_push($errors, "Size is empty.<br>");
  130. }
  131.  
  132. // Email
  133. if(!empty($description)) {
  134.  
  135. if(strlen($description) > 1 && (strlen($description)) < 300)
  136. $protect['description'] = htmlspecialchars($description);
  137. else
  138. array_push($errors, "Product description must be higher than 1 and less than 300 characters.<br>");
  139.  
  140. } else {
  141. array_push($errors, "You entered empty product description adress<br>");
  142. }
  143.  
  144. // Password
  145. if(!empty($url)) {
  146. $protect['url'] = $db->real_escape_string($url);
  147.  
  148. } else {
  149. array_push($errors, "Please enter the image of product.<br>");
  150. }
  151.  
  152. // price
  153. if(!empty($price)) {
  154. $protect['price'] = (int)$price;
  155.  
  156. } else {
  157. array_push($errors, "Please enter price of product.<br>");
  158. }
  159.  
  160. // Stop function if there are errors
  161. if(!empty($errors))
  162. return $errors;
  163.  
  164. // Update admin into DB
  165. if (!$db->query("
  166. INSERT INTO products (product_name, product_size, product_description, product_image, product_price) VALUES ('".$protect['name']."', '".$protect['size']."', '".$protect['description']."', '".$protect['url']."', '".$protect['price']."')")) {
  167.  
  168. if($db->errno == 1062) {
  169. return "Product already exist.<br>";
  170. }
  171.  
  172. } else {
  173. return "Product created.<br>";
  174. }
  175.  
  176. return "Product created.<br>";
  177.  
  178. }
  179.  
  180. public function addProfile($name, $surname, $email, $password, $password_retype, $power) {
  181.  
  182. global $db;
  183. global $admin;
  184. $errors = array();
  185.  
  186. // First name
  187. if(!empty($name)) {
  188. if(preg_match("/^[a-zA-Z0-9]+$/", $name) == 1)
  189. if(strlen($name) > 1 && (strlen($name)) < 20)
  190. $protect['name'] = htmlspecialchars($name);
  191. else
  192. array_push($errors, "First name must be higher than 1 and less than 20 characters.<br>");
  193. else
  194. array_push($errors, "First name may contains only a-zA-Z0-9 characters.<br>");
  195. } else {
  196. array_push($errors, "First name is empty.<br>");
  197. }
  198.  
  199. // Last name
  200. if(!empty($surname)) {
  201. if(preg_match("/^[a-zA-Z0-9]+$/", $surname) == 1)
  202. if(strlen($surname) > 1 && (strlen($surname)) < 20)
  203. $protect['surname'] = htmlspecialchars($surname);
  204. else
  205. array_push($errors, "Last name must be higher than 1 and less than 20 characters.<br>");
  206. else
  207. array_push($errors, "Last name may contains only a-zA-Z0-9 characters.<br>");
  208. } else {
  209. array_push($errors, "Last name is empty.<br>");
  210. }
  211.  
  212. // Email
  213. if(!empty($email)) {
  214. if(filter_var($email, FILTER_VALIDATE_EMAIL))
  215. $protect['email'] = htmlspecialchars($email);
  216. else
  217. array_push($errors, "You entered incorect E-mail adress<br>");
  218. } else {
  219. array_push($errors, "You entered empty E-mail adress<br>");
  220. }
  221.  
  222. // Password
  223. if(!empty($password) && !empty($password_retype)) {
  224. if($password == $password_retype) {
  225. $protect['password'] = $db->real_escape_string($password);
  226. } else {
  227. array_push($errors, "Password did not match.<br>");
  228. }
  229. } else {
  230. array_push($errors, "You entered empty password.<br>");
  231. }
  232.  
  233. // Power
  234. if($power !== 0 || $power !== 1) {
  235. $protect['power'] = (int)$power;
  236. } else {
  237. array_push($errors, "Something went wrong. Please contact support.<br>");
  238. }
  239.  
  240. // Stop function if there are errors
  241. if(!empty($errors))
  242. return $errors;
  243.  
  244. // Update admin into DB
  245. if (!$db->query("
  246. INSERT INTO admins (admin_name, admin_surname, admin_email, admin_password, admin_power) VALUES ('".$protect['name']."', '".$protect['surname']."', '".$protect['email']."', '".$protect['password']."', '".$protect['power']."')")) {
  247.  
  248. if($db->errno == 1062) {
  249. return "Profile already exist.<br>";
  250. }
  251.  
  252. } else {
  253. return "Profile created.<br>";
  254. }
  255.  
  256. return "Profile created.<br>";
  257.  
  258. }
  259.  
  260. public function changePrice($price, $id) {
  261.  
  262. global $db;
  263. global $admin;
  264.  
  265. // Update price into DB
  266. if (!$db->query("
  267. UPDATE products SET product_price = '".(int)$price."' WHERE product_id = '".(int)$id."'")) {
  268.  
  269. if($db->errno == 1062) {
  270. return "Something went wrong.<br>";
  271. }
  272.  
  273. } else {
  274. return "Price updated.<br>";
  275. }
  276.  
  277. return "Price updated.<br>";
  278.  
  279. }
  280.  
  281. public function deleteOrder($id) {
  282.  
  283. global $db;
  284. global $admin;
  285.  
  286. // Update price into DB
  287. if (!$db->query("
  288. DELETE FROM orders WHERE orderID = '".$id."'")) {
  289.  
  290. if($db->errno == 1062) {
  291. return "Something went wrong.<br>";
  292. }
  293.  
  294. } else {
  295. if (!$db->query("
  296. DELETE FROM details WHERE orderID = '".$id."'")) {
  297.  
  298. if($db->errno == 1062) {
  299. return "Something went wrong.<br>";
  300. }
  301.  
  302. } else {
  303. return "Order deleted.<br>";
  304. }
  305. }
  306.  
  307. return "Order deleted.<br>";
  308.  
  309. }
  310.  
  311. public function updateOrder($id, $status) {
  312.  
  313. global $db;
  314. global $admin;
  315.  
  316. // Update price into DB
  317. if (!$db->query("
  318. UPDATE orders set order_status = '".$status."' WHERE orderID = '".$id."'")) {
  319.  
  320. if($db->errno == 1062) {
  321. return "Something went wrong.<br>";
  322. }
  323.  
  324. } else {
  325. return "Order updated.<br>";
  326. }
  327.  
  328. return "Order updated.<br>";
  329.  
  330. }
  331.  
  332. public function getAccounts() {
  333.  
  334. global $db, $admin;
  335.  
  336. $qry = 'SELECT * FROM admins';
  337.  
  338. $rows = $db->query($qry);
  339.  
  340. $arr = [];
  341. while($row = $rows->fetch_assoc()) {
  342. $id = (int)$row['admin_id'];
  343. $arr[$id] = $row;
  344. }
  345.  
  346. return $arr;
  347. }
  348.  
  349. public function getProducts() {
  350.  
  351. global $db, $admin;
  352.  
  353. $qry = 'SELECT * FROM products';
  354.  
  355. $rows = $db->query($qry);
  356.  
  357. $arr = [];
  358. while($row = $rows->fetch_assoc()) {
  359. $id = (int)$row['product_id'];
  360. $arr[$id] = $row;
  361. }
  362. $arr['count'] = count($arr);
  363.  
  364. return $arr;
  365. }
  366.  
  367. public function getOrders() {
  368.  
  369. global $db, $admin;
  370.  
  371. $qry = 'SELECT * FROM orders INNER JOIN details ON orders.orderID = details.orderID WHERE order_status > 1 AND order_status < 10 ORDER BY order_id DESC LIMIT 100';
  372.  
  373. $rows = $db->query($qry);
  374.  
  375. $arr = [];
  376. while($row = $rows->fetch_assoc()) {
  377. $id = (int)$row['order_id'];
  378. $arr[$id] = $row;
  379. }
  380. $arr['count'] = count($arr);
  381.  
  382. return $arr;
  383. }
  384.  
  385. public function deleteAcc($id) {
  386. global $db;
  387.  
  388. $aid = (int)$id;
  389.  
  390. if (!$db->query("
  391. DELETE FROM admins WHERE admin_id = '".$db->real_escape_string($aid)."'")) {
  392.  
  393. } else {
  394. return "Profile deleted.";
  395. }
  396. }
  397.  
  398. public function deleteProduct($id) {
  399. global $db;
  400.  
  401. $aid = (int)$id;
  402.  
  403. if (!$db->query("
  404. DELETE FROM products WHERE product_id = '".$db->real_escape_string($aid)."'")) {
  405.  
  406. } else {
  407. return "Product deleted.";
  408. }
  409. }
  410. }
  411.  
  412. <?php
  413. header("Access-Control-Allow-Origin: http://www.hydrobox.co.za");
  414. header('Content-type: application/json');
  415.  
  416. if($_SERVER['REQUEST_METHOD'] !== 'POST')
  417. exit;
  418.  
  419. if(empty($_SERVER['HTTP_REFERER']) || !preg_match('#^http://www.hydrobox.co.za#', $_SERVER['HTTP_REFERER'])) {
  420. header('HTTP/1.0 403 Forbidden');
  421. exit;
  422. }
  423.  
  424. include dirname(__FILE__) . ('/include/includes.php');
  425.  
  426. if(isset($admin->loaded)) {
  427.  
  428. if($admin->loaded) {
  429. if(isset($_GET['update_profile'])) {
  430.  
  431. if(!$response = $admin->updateProfile($_GET['name'], $_GET['surname'], $_GET['email'], $_GET['password'], $_GET['password-retype']))
  432. $response = 'Something went wrong, please contact support.';
  433.  
  434. } else if(isset($_GET['add_product'])) {
  435.  
  436. if(!$response = $admin->addProduct($_GET['name'], $_GET['size'], $_GET['description'], $_GET['url'], $_GET['price']))
  437. $response = 'Something went wrong, please contact support.';
  438.  
  439. } else if(isset($_GET{'change_status'})) {
  440.  
  441. $status = (int)$_GET['status'];
  442. $id = (int)$_GET['id'];
  443.  
  444. if(isset($_GET['del'])) {
  445.  
  446. if(!$response = $admin->deleteOrder($id))
  447. $response = 'Something went wrong, please contact support.';
  448. } else {
  449. if(!$response = $admin->updateOrder($id, $status))
  450. $response = 'Something went wrong, please contact support.';
  451. }
  452.  
  453. } else if(isset($_GET['change_price'])) {
  454.  
  455. if(!$response = $admin->changePrice($_GET['price'], $_GET['id']))
  456. $response = 'Something went wrong, please contact support.';
  457.  
  458. } else if(isset($_GET['addAdmin'])) {
  459.  
  460. if($admin->admin_power > 0) {
  461.  
  462. if(!$response = $admin->addProfile($_GET['name'], $_GET['surname'], $_GET['email'], $_GET['password'], $_GET['password-retype'], $_GET['power']))
  463. $response = 'Something went wrong, please contact support.';
  464.  
  465. } else
  466. $response = 'You do not have privilegies to add/remove admin accounts.';
  467.  
  468. } else if(isset($_GET['deleteAcc'])) {
  469.  
  470. if($admin->admin_power > 0) {
  471.  
  472. if(!$response = $admin->deleteAcc($_GET['deleteAcc']))
  473. $response = 'Something went wrong, please contact support.';
  474.  
  475. } else
  476. $response = 'You do not have privilegies to add/remove admin accounts.';
  477.  
  478. } else if(isset($_GET['deleteProduct'])) {
  479. if(!$response = $admin->deleteProduct($_GET['deleteProduct']))
  480. $response = 'Something went wrong, please contact support.';
  481. }
  482. }
  483. }
  484.  
  485. if(isset($_GET['addToCart'])) {
  486.  
  487. $id = (int)$_GET['addToCart'];
  488.  
  489. $products = [];
  490.  
  491. if(isset($_COOKIE['products'])) {
  492. foreach (unserialize($_COOKIE['products']) as $product) {
  493. array_push($products, $product);
  494. }
  495. }
  496.  
  497. if(!in_array($id, $products)) {
  498. array_push($products, $id);
  499. }
  500.  
  501. setcookie("products", serialize($products), time()+3600000);
  502.  
  503. $response = count($products);
  504.  
  505. } else if(isset($_GET['remevoFromCart'])) {
  506. $id = (int)$_GET['remevoFromCart'];
  507.  
  508. $products = [];
  509.  
  510. if(isset($_COOKIE['products'])) {
  511. foreach (unserialize($_COOKIE['products']) as $product) {
  512. if($product != $id) {
  513. array_push($products, $product);
  514. }
  515. }
  516. }
  517.  
  518. setcookie("products", serialize($products), time()+3600000);
  519. $response = "true";
  520.  
  521. } else if(isset($_GET['proceed'])) {
  522.  
  523. $final_products = [];
  524. $items = json_decode(stripslashes($_GET['items']));
  525.  
  526. if(isset($_COOKIE['products'])) {
  527.  
  528. $products = [];
  529.  
  530. if(isset($_COOKIE['products'])) {
  531. foreach (unserialize($_COOKIE['products']) as $product) {
  532. array_push($products, (int)$product);
  533. }
  534. }
  535.  
  536. foreach ($items as $item) {
  537. if(in_array((int)$item->id, $products)) {
  538. if($item->quantity > 0 && $item->quantity < 10) {
  539. $final_products[$item->id] = (int)$item->quantity;
  540. } else {
  541. return false;
  542. }
  543. }
  544. }
  545.  
  546. if(count($final_products) > 0) {
  547. if(!$response = insertOrder($final_products)) {
  548. $response = "false";
  549. }
  550. }
  551. }
  552. } else if(isset($_GET['goback'])) {
  553. if(isset($_COOKIE['order'])) {
  554.  
  555. $id = (int)$_COOKIE['order'];
  556. $db->query("DELETE FROM orders WHERE orderID = '".$id."'");
  557.  
  558. }
  559. }
  560.  
  561. echo json_encode($response);
  562.  
  563. <?php
  564. function getProducts() {
  565. global $db;
  566.  
  567. $qry = 'SELECT * FROM products';
  568.  
  569. $rows = $db->query($qry);
  570.  
  571. $arr = [];
  572. while($row = $rows->fetch_assoc()) {
  573. $id = (int)$row['product_id'];
  574. $arr[$id] = $row;
  575. }
  576.  
  577. return $arr;
  578. }
  579.  
  580. function getOrderProducts() {
  581. global $db;
  582.  
  583. if(isset($_COOKIE['order'])) {
  584.  
  585. $id = (int)$_COOKIE['order'];
  586.  
  587. $qry = "SELECT * FROM orders WHERE orderID = '".$id."'";
  588.  
  589. if($row = $db->query($qry)) {
  590. $record = $row->fetch_row();
  591.  
  592. $decoded = json_decode($record[2]);
  593.  
  594. $items = [];
  595.  
  596.  
  597. foreach (json_decode($record[2]) as $key => $value) {
  598. array_push($items, (int)$key);
  599. }
  600.  
  601. $qry2 = 'SELECT *
  602. FROM `products`
  603. WHERE `product_id` IN (' . implode(',', array_map('intval', $items)) . ')';
  604.  
  605. $rows2 = $db->query($qry2);
  606.  
  607. $arr = [];
  608. $total_price = 0;
  609. while($row2 = $rows2->fetch_assoc()) {
  610. $id = (int)$row2['product_id'];
  611. $arr[$id] = $row2;
  612. $arr[$id]['quantity'] = $decoded->$id;
  613. $total_price = $total_price + $row2['product_price'] * $decoded->$id;
  614. }
  615. $arr['total'] = $total_price;
  616. $arr['date'] = $record[5];
  617.  
  618. return $arr;
  619.  
  620. } else {
  621. header("Location: /");
  622. }
  623. }
  624. }
  625.  
  626. function getCartProducts($products) {
  627. global $db;
  628. $protected_products = [];
  629.  
  630. foreach (unserialize($products) as $products) {
  631. array_push($protected_products, (int)$products);
  632. }
  633.  
  634. $qry = 'SELECT *
  635. FROM `products`
  636. WHERE `product_id` IN (' . implode(',', array_map('intval', $protected_products)) . ')';
  637.  
  638. $rows = $db->query($qry);
  639.  
  640. $arr = [];
  641. while($row = $rows->fetch_assoc()) {
  642. $id = (int)$row['product_id'];
  643. $arr[$id] = $row;
  644. }
  645.  
  646. return $arr;
  647. }
  648.  
  649. function getAdminProducts($products) {
  650. global $db;
  651.  
  652. $protected_products = [];
  653.  
  654. $newproducts = json_decode($products);
  655.  
  656. foreach ($newproducts as $key => $product) {
  657. array_push($protected_products, (int)$key);
  658. }
  659.  
  660. $qry = 'SELECT *
  661. FROM `products`
  662. WHERE `product_id` IN (' . implode(',', array_map('intval', $protected_products)) . ')';
  663.  
  664. $rows = $db->query($qry);
  665.  
  666. $arr = [];
  667. while($row = $rows->fetch_assoc()) {
  668. $id = (int)$row['product_id'];
  669. $arr[$id] = $row;
  670.  
  671. $arr[$id]['quantity'] = $newproducts->$id;
  672. }
  673.  
  674. return $arr;
  675. }
  676.  
  677. function insertOrder($products) {
  678.  
  679. // Order Status
  680. // 1 = Unpaid
  681. // 2 = Paid - waiting admin to approve
  682. // 3 = Canceled
  683. // 4 = In Delivery to user
  684. // 5 = Delivered to user
  685. // 6 = Admin Cancelled
  686.  
  687. global $db;
  688. $protected_products = [];
  689.  
  690. foreach ($products as $key => $product) {
  691. array_push($protected_products, (int)$key);
  692. }
  693.  
  694. $qry = 'SELECT *
  695. FROM `products`
  696. WHERE `product_id` IN (' . implode(',', array_map('intval', $protected_products)) . ')';
  697.  
  698. $rows = $db->query($qry);
  699.  
  700. $arr = [];
  701. while($row = $rows->fetch_assoc()) {
  702. $id = (int)$row['product_id'];
  703. $arr[$id] = $row;
  704. }
  705.  
  706. $product_ids = [];
  707.  
  708. foreach($arr as $id) {
  709. if (array_key_exists($id['product_id'], $products)) {
  710. $product_ids[$id['product_id']] = $products[$id['product_id']];
  711. }
  712. }
  713.  
  714. $ip = getUserIPAddress();
  715. $orderID = rand(10000000, 99999999);
  716.  
  717. $qry2 = "INSERT INTO orders (orderID, order_items, order_user_ip, order_status) VALUES ('".$orderID."', '".json_encode($product_ids)."', '".$ip."', '1')";
  718.  
  719. $db->query($qry2);
  720.  
  721. if(isset($_COOKIE['order'])) {
  722. $id = (int)$_COOKIE['order'];
  723. $db->query("DELETE FROM orders WHERE orderID = '".$id."'");
  724. }
  725.  
  726. setcookie("order", $orderID, time()+3600000);
  727. return true;
  728. }
  729.  
  730. function progress() {
  731.  
  732. global $db;
  733.  
  734. if(!isset($_COOKIE['order'])) {
  735. return "1";
  736. } else if(isset($_COOKIE['order'])) {
  737.  
  738. $id = (int)$_COOKIE['order'];
  739. $result = $db->query("SELECT COUNT(order_id) as count FROM orders WHERE orderID = '".$id."'");
  740. $row = $result->fetch_assoc();
  741.  
  742. if($row['count'] > 0) {
  743.  
  744. $result2 = $db->query("SELECT COUNT(orderID) as count FROM details WHERE orderID = '".$id."'");
  745. $row2 = $result2->fetch_assoc();
  746.  
  747. if($row2['count'] > 0) {
  748.  
  749. $result = $db->query("SELECT order_status FROM orders WHERE orderID = '".$id."'");
  750. $row = $result->fetch_assoc();
  751.  
  752. if($row['order_status'] == 1)
  753. return "3"; // redirect to payfast
  754. elseif($row['order_status'] == 2)
  755. return "4"; // completed
  756. elseif($row['order_status'] == 3)
  757. return "5"; // failed or canceled
  758.  
  759. } else {
  760. return "2";
  761. }
  762.  
  763. } else {
  764. return "1";
  765. }
  766. }
  767. }
  768.  
  769. function order_details($details) {
  770.  
  771. global $db;
  772.  
  773. if(isset($_COOKIE['order'])) {
  774. $ID = (int)$_COOKIE['order'];
  775. if($ID >= 10000000 && $ID <= 99999999) {
  776. $stmt = $db->prepare("REPLACE INTO `details` (`orderID`, `details`) VALUES (?, ?)");
  777. $details = json_encode($details);
  778. $stmt->bind_param('ss', $ID, $details);
  779. $stmt->execute();
  780. }
  781.  
  782. }
  783. }
  784.  
  785.  
  786. function cancel_order() {
  787.  
  788. global $db;
  789.  
  790. if(!isset($_COOKIE['order'])) {
  791. return "1";
  792. } else if(isset($_COOKIE['order'])) {
  793.  
  794. $id = (int)$_COOKIE['order'];
  795. $result = $db->query("SELECT order_status FROM orders WHERE orderID = '".$id."'");
  796. $row = $result->fetch_assoc();
  797.  
  798. if($row['order_status'] == 1) {
  799.  
  800. $result2 = $db->query("SELECT COUNT(orderID) as count FROM details WHERE orderID = '".$id."'");
  801. $row2 = $result2->fetch_assoc();
  802.  
  803. if($row2['count'] > 0) {
  804.  
  805. $stmt = $db->prepare("UPDATE `orders` SET order_status = 3 WHERE orderID = ?");
  806. $stmt->bind_param('i', $id);
  807. $stmt->execute();
  808.  
  809. }
  810.  
  811. }
  812. }
  813. }
  814.  
  815. // Admin Menu
  816.  
  817. $(".menu-items .item").each(function() {
  818. $(this).click(function() {
  819. $(this).addClass("active-menu");
  820. $(".active").each(function() {
  821. $(this).removeClass('active');
  822. });
  823. var name;
  824. $(".menu-items .item").each(function() {
  825. if($(this).hasClass('active-menu')) {
  826. $(this).find('.menu').addClass('active');
  827. name = $(this).attr('data-name');
  828. $('.'+name).show();
  829. } else {
  830. $(this).addClass('hide');
  831. $(".tabs .tabitem").each(function() {
  832. if($(this).hasClass(name)) {
  833. $(this).show();
  834. } else {
  835. $(this).hide();
  836. }
  837. });
  838. }
  839. });
  840. $('#back').show();
  841. $(this).css('width', 'calc(100% - 282.89px)');
  842. });
  843. });
  844.  
  845. $('#back').click(function() {
  846. $(this).hide();
  847. $(".menu-items .item").each(function() {
  848. $(this).removeClass('hide');
  849. $('.active-menu').css("width", "auto");
  850. });
  851. $(".active-menu").each(function() {
  852. current = $(this).attr('data-name');
  853. $(this).removeClass('active-menu');
  854. });
  855. });
  856.  
  857. // Admin Update Profile
  858.  
  859. $("#update_profile").submit(function(e) {
  860.  
  861. e.preventDefault();
  862.  
  863. var get = $("#update_profile").serialize();
  864. $.ajax({
  865. type: 'POST',
  866. url: '../ajax.php?update_profile&'+get,
  867. })
  868. .done(function(data){
  869. $("#responsego").show();
  870. var response = JSON.parse(data);
  871. $("#response").html(response);
  872.  
  873. setTimeout(function(){
  874. $("#responsego").fadeOut( "slow" );
  875. }, 5000);
  876. })
  877. });
  878.  
  879. // Adding new product
  880.  
  881. $("#add_product").submit(function(e) {
  882.  
  883. e.preventDefault();
  884.  
  885. var get = $("#add_product").serialize();
  886. $.ajax({
  887. type: 'POST',
  888. url: '../ajax.php?add_product&'+get,
  889. })
  890. .done(function(data){
  891. $("#responsego").show();
  892. var response = JSON.parse(data);
  893. $("#response").html(response);
  894.  
  895. setTimeout(function(){
  896. $("#responsego").fadeOut( "slow" );
  897. }, 5000);
  898. })
  899. });
  900.  
  901. $(".updateprice").submit(function(e) {
  902. e.preventDefault();
  903. });
  904.  
  905. $(".updateprice").each(function() {
  906.  
  907. $(this).change(function() {
  908. var get = $(this).serialize();
  909. $.ajax({
  910. type: 'POST',
  911. url: '../ajax.php?change_price&'+get,
  912. })
  913. .done(function(data){
  914. $("#responsego").show();
  915. var response = JSON.parse(data);
  916. $("#response").html(response);
  917.  
  918. setTimeout(function(){
  919. $("#responsego").fadeOut( "slow" );
  920. }, 5000);
  921. })
  922. });
  923.  
  924. });
  925.  
  926. $('select').on('change', function() {
  927. var get = this.value;
  928. $.ajax({
  929. type: 'POST',
  930. url: '../ajax.php?change_status&'+get,
  931. })
  932. .done(function(data){
  933. $("#responsego").show();
  934. var response = JSON.parse(data);
  935. $("#response").html(response);
  936.  
  937. setTimeout(function(){
  938. $("#responsego").fadeOut( "slow" );
  939. }, 5000);
  940. })
  941. });
  942.  
  943.  
  944.  
  945.  
  946.  
  947.  
  948. // Delete product
  949.  
  950. function deleteProduct(id) {
  951. $.ajax({
  952. type: 'POST',
  953. url: '../ajax.php?deleteProduct='+id,
  954. })
  955. .done(function(data){
  956. $("#responsego").show();
  957. var response = JSON.parse(data);
  958. $("#response").html(response);
  959.  
  960. if(response == "Product deleted.") {
  961. $('#delp'+id).fadeOut("slow");
  962. }
  963.  
  964. setTimeout(function(){
  965. $("#responsego").fadeOut("slow");
  966. }, 5000);
  967. })
  968. }
  969.  
  970. // Add Admin Account
  971.  
  972. $("#addAdmin").submit(function(e) {
  973.  
  974. e.preventDefault();
  975.  
  976. var get = $("#addAdmin").serialize();
  977. $.ajax({
  978. type: 'POST',
  979. url: '../ajax.php?addAdmin&'+get,
  980. })
  981. .done(function(data){
  982. $("#responsego").show();
  983. var response = JSON.parse(data);
  984. $("#response").html(response);
  985.  
  986. setTimeout(function(){
  987. $("#responsego").fadeOut( "slow" );
  988. }, 5000);
  989. })
  990. });
  991.  
  992. // Delete account
  993.  
  994. function deleteAcc(id) {
  995. $.ajax({
  996. type: 'POST',
  997. url: '../ajax.php?deleteAcc='+id,
  998. })
  999. .done(function(data){
  1000. $("#responsego").show();
  1001. var response = JSON.parse(data);
  1002. $("#response").html(response);
  1003.  
  1004. if(response == "Profile deleted.") {
  1005. $('#del'+id).fadeOut("slow");
  1006. }
  1007.  
  1008. setTimeout(function(){
  1009. $("#responsego").fadeOut("slow");
  1010. }, 5000);
  1011. })
  1012. }
  1013.  
  1014. // Add to cart item
  1015.  
  1016. function addToCart(value) {
  1017. $.ajax({
  1018. type: 'POST',
  1019. url: 'ajax.php?addToCart='+value,
  1020. })
  1021. .done(function(data){
  1022. $('#num').text(data);
  1023. $('.add'+value).text("ADDED");
  1024. })
  1025. }
  1026.  
  1027. function remevoFromCart(value) {
  1028. $.ajax({
  1029. type: 'POST',
  1030. url: 'ajax.php?remevoFromCart='+value,
  1031. })
  1032. .done(function(data){
  1033. $('#this'+value).remove();
  1034. })
  1035. }
  1036.  
  1037. function goback() {
  1038. $.ajax({
  1039. type: 'POST',
  1040. url: 'ajax.php?goback',
  1041. })
  1042. .done(function(data){
  1043. location.reload();
  1044. })
  1045. }
  1046.  
  1047. function proceed() {
  1048.  
  1049. var products = [];
  1050.  
  1051. $(".shop-item").each(function() {
  1052. var id = $(this).find('#quantity').attr("data-id");
  1053. var quantity = $(this).find('#quantity').val();
  1054.  
  1055. products.push({
  1056. id : id,
  1057. quantity : quantity
  1058. });
  1059.  
  1060. });
  1061.  
  1062. products = JSON.stringify(products);
  1063.  
  1064. $.ajax({
  1065. type: 'POST',
  1066. url: 'ajax.php?proceed&items='+products,
  1067. })
  1068. .done(function(data){
  1069. if(data) {
  1070. location.reload();
  1071. }
  1072. })
  1073. }
  1074.  
  1075. function submit_form()
  1076. {
  1077. $('#details').click();
  1078. }
  1079.  
  1080.  
  1081. $(document).ready(function() {
  1082.  
  1083. if($("#refresher").length != 0) {
  1084. var total = 0;
  1085. $(".shop-item").each(function() {
  1086. var quantity = $(this).find('#quantity').val();
  1087. var price = $(this).find('#price').text();
  1088.  
  1089. var item_total = quantity * price;
  1090. total = total + item_total;
  1091. });
  1092. $("#total").text(total);
  1093. $("#subtotal").text(total);
  1094. }
  1095.  
  1096. if($("#refresher").length != 0) {
  1097. setInterval(function(){
  1098. var total = 0;
  1099. $(".shop-item").each(function() {
  1100. var quantity = $(this).find('#quantity').val();
  1101.  
  1102. if(quantity < 1) {
  1103. var id = $(this).find('#quantity').attr("data-id");
  1104. remevoFromCart(id);
  1105. }
  1106.  
  1107. var price = $(this).find('#price').text();
  1108.  
  1109. var item_total = quantity * price;
  1110. total = total + item_total;
  1111. });
  1112. $("#total").text(total);
  1113. $("#subtotal").text(total);
  1114. }, 1000);
  1115. }
  1116. });
  1117.  
  1118.  
  1119. <?php
  1120. function sanitize($data)
  1121. {
  1122. global $db;
  1123. return $db->real_escape_string($data);
  1124. }
  1125.  
  1126. function getUserIPAddress()
  1127. {
  1128. if (!empty($_SERVER['HTTP_CLIENT_IP']))
  1129. return $_SERVER['HTTP_CLIENT_IP'];
  1130.  
  1131. if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
  1132. return $_SERVER['HTTP_X_FORWARDED_FOR'];
  1133.  
  1134. return $_SERVER['REMOTE_ADDR'];
  1135. }
  1136.  
  1137. function admin_exists($email)
  1138. {
  1139. global $db;
  1140. $email = sanitize($email);
  1141. $query = $db->query("SELECT COUNT(admin_id) FROM admins WHERE admin_email = '$email' LIMIT 1");
  1142. $count = $query->fetch_row();
  1143. return ((int)$count[0] === 1);
  1144. }
  1145.  
  1146. function login($username, $password)
  1147. {
  1148. global $db, $user;
  1149. $username = sanitize($username);
  1150. $password = sanitize($password);
  1151.  
  1152. $query = $db->query("SELECT * FROM admins WHERE admin_email = '$username' AND admin_password = '$password' LIMIT 1");
  1153. if($query->num_rows) {
  1154. $user = $query->fetch_assoc();
  1155. return true;
  1156. }
  1157. return false;
  1158. }
  1159.  
  1160. function admin_login($email, $password)
  1161. {
  1162. global $db;
  1163. global $config;
  1164.  
  1165. $errors = array();
  1166. $ip = getUserIPAddress();
  1167. $protect['password'] = sanitize($password);
  1168.  
  1169. if(empty($email) || empty($password)) {
  1170. array_push($errors, "You entered empty E-mail adress or password");
  1171. session_unset();
  1172. return $errors;
  1173. }
  1174.  
  1175. if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
  1176. $protect['email'] = htmlspecialchars($email);
  1177. } else {
  1178. array_push($errors, "You entered invalid E-mail adress");
  1179. session_unset();
  1180. return $errors;
  1181. }
  1182.  
  1183. if(!admin_exists($protect['email'])) {
  1184. array_push($errors, "You entered incorect E-mail adress or password");
  1185. session_unset();
  1186. return $errors;
  1187. }
  1188.  
  1189. if(!login($protect['email'], $protect['password'])) {
  1190. array_push($errors, "You entered incorect E-mail adress or password");
  1191. session_unset();
  1192. return $errors;
  1193. } else {
  1194. $_SESSION['email'] = $protect['email'];
  1195. $_SESSION['password'] = $protect['password'];
  1196.  
  1197. header('Location: '.$config['url']);
  1198. exit;
  1199. }
  1200. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!