Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Admin {
- public $loaded = false;
- public function __construct($email) {
- global $db;
- $result = $db->query('SELECT * FROM admins WHERE admin_email = "'.$db->real_escape_string($email).'"');
- if($result->num_rows == 0)
- return;
- $this->loaded = true;
- $row = $result->fetch_assoc();
- foreach($row as $key => $value) {
- $this->$key = $value;
- }
- }
- public function updateProfile($name, $surname, $email, $password, $password_retype) {
- global $db;
- global $admin;
- $errors = array();
- // First name
- if(!empty($name)) {
- if(preg_match("/^[a-zA-Z0-9]+$/", $name) == 1)
- if(strlen($name) > 1 && (strlen($name)) < 20)
- $protect['name'] = htmlspecialchars($name);
- else
- array_push($errors, "First name must be higher than 1 and less than 20 characters.<br>");
- else
- array_push($errors, "First name may contains only a-zA-Z0-9 characters.<br>");
- } else {
- $protect['name'] = $admin->admin_name;
- }
- // Last name
- if(!empty($surname)) {
- if(preg_match("/^[a-zA-Z0-9]+$/", $surname) == 1)
- if(strlen($surname) > 1 && (strlen($surname)) < 20)
- $protect['surname'] = htmlspecialchars($surname);
- else
- array_push($errors, "Last name must be higher than 1 and less than 20 characters.<br>");
- else
- array_push($errors, "Last name may contains only a-zA-Z0-9 characters.<br>");
- } else {
- $protect['surname'] = $admin->admin_surname;
- }
- // Email
- if(!empty($email)) {
- if(filter_var($email, FILTER_VALIDATE_EMAIL))
- $protect['email'] = htmlspecialchars($email);
- else
- array_push($errors, "You entered incorect E-mail adress<br>");
- } else {
- $protect['email'] = $admin->admin_email;
- }
- // Password
- if(!empty($password) && !empty($password_retype)) {
- if($password == $password_retype) {
- $protect['password'] = $db->real_escape_string($password);
- } else {
- array_push($errors, "Password did not match.<br>");
- }
- } else {
- $protect['password'] = $admin->admin_password;
- }
- // Stop function if there are errors
- if(!empty($errors))
- return $errors;
- // Update admin into DB
- if (!$db->query("
- UPDATE admins SET
- admin_name = '".$protect['name']."',
- admin_surname = '".$protect['surname']."',
- admin_email = '".$protect['email']."',
- admin_password = '".$protect['password']."'
- WHERE admin_id = '".$admin->admin_id."'
- ")) {
- array_push($errors, "Something went wrong, please contact support.<br>");
- return $errors;
- } else {
- return "Profile updated.<br>";
- }
- return "Profile updated.<br>";
- }
- public function addProduct($name, $size, $description, $url, $price) {
- global $db;
- global $admin;
- $errors = array();
- // First name
- if(!empty($name)) {
- if(preg_match("/^[a-zA-Z0-9 ]+$/", $name) == 1)
- if(strlen($name) > 1 && (strlen($name)) < 50)
- $protect['name'] = htmlspecialchars($name);
- else
- array_push($errors, "Product name must be higher than 1 and less than 50 characters.<br>");
- else
- array_push($errors, "Product name may contains only a-zA-Z0-9 characters.<br>");
- } else {
- array_push($errors, "Product name is empty.<br>");
- }
- // Last name
- if(!empty($size)) {
- if(strlen($size) > 1 && (strlen($size)) < 100)
- $protect['size'] = htmlspecialchars($size);
- else
- array_push($errors, "Product size must be higher than 1 and less than 100 characters.<br>");
- } else {
- array_push($errors, "Size is empty.<br>");
- }
- // Email
- if(!empty($description)) {
- if(strlen($description) > 1 && (strlen($description)) < 300)
- $protect['description'] = htmlspecialchars($description);
- else
- array_push($errors, "Product description must be higher than 1 and less than 300 characters.<br>");
- } else {
- array_push($errors, "You entered empty product description adress<br>");
- }
- // Password
- if(!empty($url)) {
- $protect['url'] = $db->real_escape_string($url);
- } else {
- array_push($errors, "Please enter the image of product.<br>");
- }
- // price
- if(!empty($price)) {
- $protect['price'] = (int)$price;
- } else {
- array_push($errors, "Please enter price of product.<br>");
- }
- // Stop function if there are errors
- if(!empty($errors))
- return $errors;
- // Update admin into DB
- if (!$db->query("
- INSERT INTO products (product_name, product_size, product_description, product_image, product_price) VALUES ('".$protect['name']."', '".$protect['size']."', '".$protect['description']."', '".$protect['url']."', '".$protect['price']."')")) {
- if($db->errno == 1062) {
- return "Product already exist.<br>";
- }
- } else {
- return "Product created.<br>";
- }
- return "Product created.<br>";
- }
- public function addProfile($name, $surname, $email, $password, $password_retype, $power) {
- global $db;
- global $admin;
- $errors = array();
- // First name
- if(!empty($name)) {
- if(preg_match("/^[a-zA-Z0-9]+$/", $name) == 1)
- if(strlen($name) > 1 && (strlen($name)) < 20)
- $protect['name'] = htmlspecialchars($name);
- else
- array_push($errors, "First name must be higher than 1 and less than 20 characters.<br>");
- else
- array_push($errors, "First name may contains only a-zA-Z0-9 characters.<br>");
- } else {
- array_push($errors, "First name is empty.<br>");
- }
- // Last name
- if(!empty($surname)) {
- if(preg_match("/^[a-zA-Z0-9]+$/", $surname) == 1)
- if(strlen($surname) > 1 && (strlen($surname)) < 20)
- $protect['surname'] = htmlspecialchars($surname);
- else
- array_push($errors, "Last name must be higher than 1 and less than 20 characters.<br>");
- else
- array_push($errors, "Last name may contains only a-zA-Z0-9 characters.<br>");
- } else {
- array_push($errors, "Last name is empty.<br>");
- }
- // Email
- if(!empty($email)) {
- if(filter_var($email, FILTER_VALIDATE_EMAIL))
- $protect['email'] = htmlspecialchars($email);
- else
- array_push($errors, "You entered incorect E-mail adress<br>");
- } else {
- array_push($errors, "You entered empty E-mail adress<br>");
- }
- // Password
- if(!empty($password) && !empty($password_retype)) {
- if($password == $password_retype) {
- $protect['password'] = $db->real_escape_string($password);
- } else {
- array_push($errors, "Password did not match.<br>");
- }
- } else {
- array_push($errors, "You entered empty password.<br>");
- }
- // Power
- if($power !== 0 || $power !== 1) {
- $protect['power'] = (int)$power;
- } else {
- array_push($errors, "Something went wrong. Please contact support.<br>");
- }
- // Stop function if there are errors
- if(!empty($errors))
- return $errors;
- // Update admin into DB
- if (!$db->query("
- INSERT INTO admins (admin_name, admin_surname, admin_email, admin_password, admin_power) VALUES ('".$protect['name']."', '".$protect['surname']."', '".$protect['email']."', '".$protect['password']."', '".$protect['power']."')")) {
- if($db->errno == 1062) {
- return "Profile already exist.<br>";
- }
- } else {
- return "Profile created.<br>";
- }
- return "Profile created.<br>";
- }
- public function changePrice($price, $id) {
- global $db;
- global $admin;
- // Update price into DB
- if (!$db->query("
- UPDATE products SET product_price = '".(int)$price."' WHERE product_id = '".(int)$id."'")) {
- if($db->errno == 1062) {
- return "Something went wrong.<br>";
- }
- } else {
- return "Price updated.<br>";
- }
- return "Price updated.<br>";
- }
- public function deleteOrder($id) {
- global $db;
- global $admin;
- // Update price into DB
- if (!$db->query("
- DELETE FROM orders WHERE orderID = '".$id."'")) {
- if($db->errno == 1062) {
- return "Something went wrong.<br>";
- }
- } else {
- if (!$db->query("
- DELETE FROM details WHERE orderID = '".$id."'")) {
- if($db->errno == 1062) {
- return "Something went wrong.<br>";
- }
- } else {
- return "Order deleted.<br>";
- }
- }
- return "Order deleted.<br>";
- }
- public function updateOrder($id, $status) {
- global $db;
- global $admin;
- // Update price into DB
- if (!$db->query("
- UPDATE orders set order_status = '".$status."' WHERE orderID = '".$id."'")) {
- if($db->errno == 1062) {
- return "Something went wrong.<br>";
- }
- } else {
- return "Order updated.<br>";
- }
- return "Order updated.<br>";
- }
- public function getAccounts() {
- global $db, $admin;
- $qry = 'SELECT * FROM admins';
- $rows = $db->query($qry);
- $arr = [];
- while($row = $rows->fetch_assoc()) {
- $id = (int)$row['admin_id'];
- $arr[$id] = $row;
- }
- return $arr;
- }
- public function getProducts() {
- global $db, $admin;
- $qry = 'SELECT * FROM products';
- $rows = $db->query($qry);
- $arr = [];
- while($row = $rows->fetch_assoc()) {
- $id = (int)$row['product_id'];
- $arr[$id] = $row;
- }
- $arr['count'] = count($arr);
- return $arr;
- }
- public function getOrders() {
- global $db, $admin;
- $qry = 'SELECT * FROM orders INNER JOIN details ON orders.orderID = details.orderID WHERE order_status > 1 AND order_status < 10 ORDER BY order_id DESC LIMIT 100';
- $rows = $db->query($qry);
- $arr = [];
- while($row = $rows->fetch_assoc()) {
- $id = (int)$row['order_id'];
- $arr[$id] = $row;
- }
- $arr['count'] = count($arr);
- return $arr;
- }
- public function deleteAcc($id) {
- global $db;
- $aid = (int)$id;
- if (!$db->query("
- DELETE FROM admins WHERE admin_id = '".$db->real_escape_string($aid)."'")) {
- } else {
- return "Profile deleted.";
- }
- }
- public function deleteProduct($id) {
- global $db;
- $aid = (int)$id;
- if (!$db->query("
- DELETE FROM products WHERE product_id = '".$db->real_escape_string($aid)."'")) {
- } else {
- return "Product deleted.";
- }
- }
- }
- <?php
- header("Access-Control-Allow-Origin: http://www.hydrobox.co.za");
- header('Content-type: application/json');
- if($_SERVER['REQUEST_METHOD'] !== 'POST')
- exit;
- if(empty($_SERVER['HTTP_REFERER']) || !preg_match('#^http://www.hydrobox.co.za#', $_SERVER['HTTP_REFERER'])) {
- header('HTTP/1.0 403 Forbidden');
- exit;
- }
- include dirname(__FILE__) . ('/include/includes.php');
- if(isset($admin->loaded)) {
- if($admin->loaded) {
- if(isset($_GET['update_profile'])) {
- if(!$response = $admin->updateProfile($_GET['name'], $_GET['surname'], $_GET['email'], $_GET['password'], $_GET['password-retype']))
- $response = 'Something went wrong, please contact support.';
- } else if(isset($_GET['add_product'])) {
- if(!$response = $admin->addProduct($_GET['name'], $_GET['size'], $_GET['description'], $_GET['url'], $_GET['price']))
- $response = 'Something went wrong, please contact support.';
- } else if(isset($_GET{'change_status'})) {
- $status = (int)$_GET['status'];
- $id = (int)$_GET['id'];
- if(isset($_GET['del'])) {
- if(!$response = $admin->deleteOrder($id))
- $response = 'Something went wrong, please contact support.';
- } else {
- if(!$response = $admin->updateOrder($id, $status))
- $response = 'Something went wrong, please contact support.';
- }
- } else if(isset($_GET['change_price'])) {
- if(!$response = $admin->changePrice($_GET['price'], $_GET['id']))
- $response = 'Something went wrong, please contact support.';
- } else if(isset($_GET['addAdmin'])) {
- if($admin->admin_power > 0) {
- if(!$response = $admin->addProfile($_GET['name'], $_GET['surname'], $_GET['email'], $_GET['password'], $_GET['password-retype'], $_GET['power']))
- $response = 'Something went wrong, please contact support.';
- } else
- $response = 'You do not have privilegies to add/remove admin accounts.';
- } else if(isset($_GET['deleteAcc'])) {
- if($admin->admin_power > 0) {
- if(!$response = $admin->deleteAcc($_GET['deleteAcc']))
- $response = 'Something went wrong, please contact support.';
- } else
- $response = 'You do not have privilegies to add/remove admin accounts.';
- } else if(isset($_GET['deleteProduct'])) {
- if(!$response = $admin->deleteProduct($_GET['deleteProduct']))
- $response = 'Something went wrong, please contact support.';
- }
- }
- }
- if(isset($_GET['addToCart'])) {
- $id = (int)$_GET['addToCart'];
- $products = [];
- if(isset($_COOKIE['products'])) {
- foreach (unserialize($_COOKIE['products']) as $product) {
- array_push($products, $product);
- }
- }
- if(!in_array($id, $products)) {
- array_push($products, $id);
- }
- setcookie("products", serialize($products), time()+3600000);
- $response = count($products);
- } else if(isset($_GET['remevoFromCart'])) {
- $id = (int)$_GET['remevoFromCart'];
- $products = [];
- if(isset($_COOKIE['products'])) {
- foreach (unserialize($_COOKIE['products']) as $product) {
- if($product != $id) {
- array_push($products, $product);
- }
- }
- }
- setcookie("products", serialize($products), time()+3600000);
- $response = "true";
- } else if(isset($_GET['proceed'])) {
- $final_products = [];
- $items = json_decode(stripslashes($_GET['items']));
- if(isset($_COOKIE['products'])) {
- $products = [];
- if(isset($_COOKIE['products'])) {
- foreach (unserialize($_COOKIE['products']) as $product) {
- array_push($products, (int)$product);
- }
- }
- foreach ($items as $item) {
- if(in_array((int)$item->id, $products)) {
- if($item->quantity > 0 && $item->quantity < 10) {
- $final_products[$item->id] = (int)$item->quantity;
- } else {
- return false;
- }
- }
- }
- if(count($final_products) > 0) {
- if(!$response = insertOrder($final_products)) {
- $response = "false";
- }
- }
- }
- } else if(isset($_GET['goback'])) {
- if(isset($_COOKIE['order'])) {
- $id = (int)$_COOKIE['order'];
- $db->query("DELETE FROM orders WHERE orderID = '".$id."'");
- }
- }
- echo json_encode($response);
- <?php
- function getProducts() {
- global $db;
- $qry = 'SELECT * FROM products';
- $rows = $db->query($qry);
- $arr = [];
- while($row = $rows->fetch_assoc()) {
- $id = (int)$row['product_id'];
- $arr[$id] = $row;
- }
- return $arr;
- }
- function getOrderProducts() {
- global $db;
- if(isset($_COOKIE['order'])) {
- $id = (int)$_COOKIE['order'];
- $qry = "SELECT * FROM orders WHERE orderID = '".$id."'";
- if($row = $db->query($qry)) {
- $record = $row->fetch_row();
- $decoded = json_decode($record[2]);
- $items = [];
- foreach (json_decode($record[2]) as $key => $value) {
- array_push($items, (int)$key);
- }
- $qry2 = 'SELECT *
- FROM `products`
- WHERE `product_id` IN (' . implode(',', array_map('intval', $items)) . ')';
- $rows2 = $db->query($qry2);
- $arr = [];
- $total_price = 0;
- while($row2 = $rows2->fetch_assoc()) {
- $id = (int)$row2['product_id'];
- $arr[$id] = $row2;
- $arr[$id]['quantity'] = $decoded->$id;
- $total_price = $total_price + $row2['product_price'] * $decoded->$id;
- }
- $arr['total'] = $total_price;
- $arr['date'] = $record[5];
- return $arr;
- } else {
- header("Location: /");
- }
- }
- }
- function getCartProducts($products) {
- global $db;
- $protected_products = [];
- foreach (unserialize($products) as $products) {
- array_push($protected_products, (int)$products);
- }
- $qry = 'SELECT *
- FROM `products`
- WHERE `product_id` IN (' . implode(',', array_map('intval', $protected_products)) . ')';
- $rows = $db->query($qry);
- $arr = [];
- while($row = $rows->fetch_assoc()) {
- $id = (int)$row['product_id'];
- $arr[$id] = $row;
- }
- return $arr;
- }
- function getAdminProducts($products) {
- global $db;
- $protected_products = [];
- $newproducts = json_decode($products);
- foreach ($newproducts as $key => $product) {
- array_push($protected_products, (int)$key);
- }
- $qry = 'SELECT *
- FROM `products`
- WHERE `product_id` IN (' . implode(',', array_map('intval', $protected_products)) . ')';
- $rows = $db->query($qry);
- $arr = [];
- while($row = $rows->fetch_assoc()) {
- $id = (int)$row['product_id'];
- $arr[$id] = $row;
- $arr[$id]['quantity'] = $newproducts->$id;
- }
- return $arr;
- }
- function insertOrder($products) {
- // Order Status
- // 1 = Unpaid
- // 2 = Paid - waiting admin to approve
- // 3 = Canceled
- // 4 = In Delivery to user
- // 5 = Delivered to user
- // 6 = Admin Cancelled
- global $db;
- $protected_products = [];
- foreach ($products as $key => $product) {
- array_push($protected_products, (int)$key);
- }
- $qry = 'SELECT *
- FROM `products`
- WHERE `product_id` IN (' . implode(',', array_map('intval', $protected_products)) . ')';
- $rows = $db->query($qry);
- $arr = [];
- while($row = $rows->fetch_assoc()) {
- $id = (int)$row['product_id'];
- $arr[$id] = $row;
- }
- $product_ids = [];
- foreach($arr as $id) {
- if (array_key_exists($id['product_id'], $products)) {
- $product_ids[$id['product_id']] = $products[$id['product_id']];
- }
- }
- $ip = getUserIPAddress();
- $orderID = rand(10000000, 99999999);
- $qry2 = "INSERT INTO orders (orderID, order_items, order_user_ip, order_status) VALUES ('".$orderID."', '".json_encode($product_ids)."', '".$ip."', '1')";
- $db->query($qry2);
- if(isset($_COOKIE['order'])) {
- $id = (int)$_COOKIE['order'];
- $db->query("DELETE FROM orders WHERE orderID = '".$id."'");
- }
- setcookie("order", $orderID, time()+3600000);
- return true;
- }
- function progress() {
- global $db;
- if(!isset($_COOKIE['order'])) {
- return "1";
- } else if(isset($_COOKIE['order'])) {
- $id = (int)$_COOKIE['order'];
- $result = $db->query("SELECT COUNT(order_id) as count FROM orders WHERE orderID = '".$id."'");
- $row = $result->fetch_assoc();
- if($row['count'] > 0) {
- $result2 = $db->query("SELECT COUNT(orderID) as count FROM details WHERE orderID = '".$id."'");
- $row2 = $result2->fetch_assoc();
- if($row2['count'] > 0) {
- $result = $db->query("SELECT order_status FROM orders WHERE orderID = '".$id."'");
- $row = $result->fetch_assoc();
- if($row['order_status'] == 1)
- return "3"; // redirect to payfast
- elseif($row['order_status'] == 2)
- return "4"; // completed
- elseif($row['order_status'] == 3)
- return "5"; // failed or canceled
- } else {
- return "2";
- }
- } else {
- return "1";
- }
- }
- }
- function order_details($details) {
- global $db;
- if(isset($_COOKIE['order'])) {
- $ID = (int)$_COOKIE['order'];
- if($ID >= 10000000 && $ID <= 99999999) {
- $stmt = $db->prepare("REPLACE INTO `details` (`orderID`, `details`) VALUES (?, ?)");
- $details = json_encode($details);
- $stmt->bind_param('ss', $ID, $details);
- $stmt->execute();
- }
- }
- }
- function cancel_order() {
- global $db;
- if(!isset($_COOKIE['order'])) {
- return "1";
- } else if(isset($_COOKIE['order'])) {
- $id = (int)$_COOKIE['order'];
- $result = $db->query("SELECT order_status FROM orders WHERE orderID = '".$id."'");
- $row = $result->fetch_assoc();
- if($row['order_status'] == 1) {
- $result2 = $db->query("SELECT COUNT(orderID) as count FROM details WHERE orderID = '".$id."'");
- $row2 = $result2->fetch_assoc();
- if($row2['count'] > 0) {
- $stmt = $db->prepare("UPDATE `orders` SET order_status = 3 WHERE orderID = ?");
- $stmt->bind_param('i', $id);
- $stmt->execute();
- }
- }
- }
- }
- // Admin Menu
- $(".menu-items .item").each(function() {
- $(this).click(function() {
- $(this).addClass("active-menu");
- $(".active").each(function() {
- $(this).removeClass('active');
- });
- var name;
- $(".menu-items .item").each(function() {
- if($(this).hasClass('active-menu')) {
- $(this).find('.menu').addClass('active');
- name = $(this).attr('data-name');
- $('.'+name).show();
- } else {
- $(this).addClass('hide');
- $(".tabs .tabitem").each(function() {
- if($(this).hasClass(name)) {
- $(this).show();
- } else {
- $(this).hide();
- }
- });
- }
- });
- $('#back').show();
- $(this).css('width', 'calc(100% - 282.89px)');
- });
- });
- $('#back').click(function() {
- $(this).hide();
- $(".menu-items .item").each(function() {
- $(this).removeClass('hide');
- $('.active-menu').css("width", "auto");
- });
- $(".active-menu").each(function() {
- current = $(this).attr('data-name');
- $(this).removeClass('active-menu');
- });
- });
- // Admin Update Profile
- $("#update_profile").submit(function(e) {
- e.preventDefault();
- var get = $("#update_profile").serialize();
- $.ajax({
- type: 'POST',
- url: '../ajax.php?update_profile&'+get,
- })
- .done(function(data){
- $("#responsego").show();
- var response = JSON.parse(data);
- $("#response").html(response);
- setTimeout(function(){
- $("#responsego").fadeOut( "slow" );
- }, 5000);
- })
- });
- // Adding new product
- $("#add_product").submit(function(e) {
- e.preventDefault();
- var get = $("#add_product").serialize();
- $.ajax({
- type: 'POST',
- url: '../ajax.php?add_product&'+get,
- })
- .done(function(data){
- $("#responsego").show();
- var response = JSON.parse(data);
- $("#response").html(response);
- setTimeout(function(){
- $("#responsego").fadeOut( "slow" );
- }, 5000);
- })
- });
- $(".updateprice").submit(function(e) {
- e.preventDefault();
- });
- $(".updateprice").each(function() {
- $(this).change(function() {
- var get = $(this).serialize();
- $.ajax({
- type: 'POST',
- url: '../ajax.php?change_price&'+get,
- })
- .done(function(data){
- $("#responsego").show();
- var response = JSON.parse(data);
- $("#response").html(response);
- setTimeout(function(){
- $("#responsego").fadeOut( "slow" );
- }, 5000);
- })
- });
- });
- $('select').on('change', function() {
- var get = this.value;
- $.ajax({
- type: 'POST',
- url: '../ajax.php?change_status&'+get,
- })
- .done(function(data){
- $("#responsego").show();
- var response = JSON.parse(data);
- $("#response").html(response);
- setTimeout(function(){
- $("#responsego").fadeOut( "slow" );
- }, 5000);
- })
- });
- // Delete product
- function deleteProduct(id) {
- $.ajax({
- type: 'POST',
- url: '../ajax.php?deleteProduct='+id,
- })
- .done(function(data){
- $("#responsego").show();
- var response = JSON.parse(data);
- $("#response").html(response);
- if(response == "Product deleted.") {
- $('#delp'+id).fadeOut("slow");
- }
- setTimeout(function(){
- $("#responsego").fadeOut("slow");
- }, 5000);
- })
- }
- // Add Admin Account
- $("#addAdmin").submit(function(e) {
- e.preventDefault();
- var get = $("#addAdmin").serialize();
- $.ajax({
- type: 'POST',
- url: '../ajax.php?addAdmin&'+get,
- })
- .done(function(data){
- $("#responsego").show();
- var response = JSON.parse(data);
- $("#response").html(response);
- setTimeout(function(){
- $("#responsego").fadeOut( "slow" );
- }, 5000);
- })
- });
- // Delete account
- function deleteAcc(id) {
- $.ajax({
- type: 'POST',
- url: '../ajax.php?deleteAcc='+id,
- })
- .done(function(data){
- $("#responsego").show();
- var response = JSON.parse(data);
- $("#response").html(response);
- if(response == "Profile deleted.") {
- $('#del'+id).fadeOut("slow");
- }
- setTimeout(function(){
- $("#responsego").fadeOut("slow");
- }, 5000);
- })
- }
- // Add to cart item
- function addToCart(value) {
- $.ajax({
- type: 'POST',
- url: 'ajax.php?addToCart='+value,
- })
- .done(function(data){
- $('#num').text(data);
- $('.add'+value).text("ADDED");
- })
- }
- function remevoFromCart(value) {
- $.ajax({
- type: 'POST',
- url: 'ajax.php?remevoFromCart='+value,
- })
- .done(function(data){
- $('#this'+value).remove();
- })
- }
- function goback() {
- $.ajax({
- type: 'POST',
- url: 'ajax.php?goback',
- })
- .done(function(data){
- location.reload();
- })
- }
- function proceed() {
- var products = [];
- $(".shop-item").each(function() {
- var id = $(this).find('#quantity').attr("data-id");
- var quantity = $(this).find('#quantity').val();
- products.push({
- id : id,
- quantity : quantity
- });
- });
- products = JSON.stringify(products);
- $.ajax({
- type: 'POST',
- url: 'ajax.php?proceed&items='+products,
- })
- .done(function(data){
- if(data) {
- location.reload();
- }
- })
- }
- function submit_form()
- {
- $('#details').click();
- }
- $(document).ready(function() {
- if($("#refresher").length != 0) {
- var total = 0;
- $(".shop-item").each(function() {
- var quantity = $(this).find('#quantity').val();
- var price = $(this).find('#price').text();
- var item_total = quantity * price;
- total = total + item_total;
- });
- $("#total").text(total);
- $("#subtotal").text(total);
- }
- if($("#refresher").length != 0) {
- setInterval(function(){
- var total = 0;
- $(".shop-item").each(function() {
- var quantity = $(this).find('#quantity').val();
- if(quantity < 1) {
- var id = $(this).find('#quantity').attr("data-id");
- remevoFromCart(id);
- }
- var price = $(this).find('#price').text();
- var item_total = quantity * price;
- total = total + item_total;
- });
- $("#total").text(total);
- $("#subtotal").text(total);
- }, 1000);
- }
- });
- <?php
- function sanitize($data)
- {
- global $db;
- return $db->real_escape_string($data);
- }
- function getUserIPAddress()
- {
- if (!empty($_SERVER['HTTP_CLIENT_IP']))
- return $_SERVER['HTTP_CLIENT_IP'];
- if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
- return $_SERVER['HTTP_X_FORWARDED_FOR'];
- return $_SERVER['REMOTE_ADDR'];
- }
- function admin_exists($email)
- {
- global $db;
- $email = sanitize($email);
- $query = $db->query("SELECT COUNT(admin_id) FROM admins WHERE admin_email = '$email' LIMIT 1");
- $count = $query->fetch_row();
- return ((int)$count[0] === 1);
- }
- function login($username, $password)
- {
- global $db, $user;
- $username = sanitize($username);
- $password = sanitize($password);
- $query = $db->query("SELECT * FROM admins WHERE admin_email = '$username' AND admin_password = '$password' LIMIT 1");
- if($query->num_rows) {
- $user = $query->fetch_assoc();
- return true;
- }
- return false;
- }
- function admin_login($email, $password)
- {
- global $db;
- global $config;
- $errors = array();
- $ip = getUserIPAddress();
- $protect['password'] = sanitize($password);
- if(empty($email) || empty($password)) {
- array_push($errors, "You entered empty E-mail adress or password");
- session_unset();
- return $errors;
- }
- if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
- $protect['email'] = htmlspecialchars($email);
- } else {
- array_push($errors, "You entered invalid E-mail adress");
- session_unset();
- return $errors;
- }
- if(!admin_exists($protect['email'])) {
- array_push($errors, "You entered incorect E-mail adress or password");
- session_unset();
- return $errors;
- }
- if(!login($protect['email'], $protect['password'])) {
- array_push($errors, "You entered incorect E-mail adress or password");
- session_unset();
- return $errors;
- } else {
- $_SESSION['email'] = $protect['email'];
- $_SESSION['password'] = $protect['password'];
- header('Location: '.$config['url']);
- exit;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement