API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 26th, 2016
136
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 48.77 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once('./files/functions.php');
  3.  
  4. /* RESET ACCOUNT PASSWORD */
  5.  
  6. if(isset($_POST['action']) && $_POST['action'] == 'reset') {
  7. if(isset($_POST['username']) && isset($_POST['email'])
  8. && is_string($_POST['username']) && is_string($_POST['email'])
  9. && !empty($_POST['username']) && !empty($_POST['email'])) {
  10.  
  11. if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
  12. $username = stripslashes(strip_tags($_POST['username']));
  13. $email = $_POST['email'];
  14.  
  15. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName OR UserEmail = :UserEmail');
  16. $stmt->execute(array(':UserName' => $username, ':UserEmail' => $email));
  17.  
  18. if($stmt->rowCount() > 0) {
  19. $new_password = substr(md5(rand(1,100000)), 0, 8);
  20.  
  21. $stmt = $pdo->prepare('UPDATE users SET UserPassword = :UserPassword WHERE UserName = :UserName');
  22. $stmt->execute(array(':UserPassword' => md5($new_password), ':UserName' => $username));
  23.  
  24. $subject = 'Password recovery';
  25. $txt = 'Your account password has been reset.';
  26. $txt .= 'Your new account password is: '.$new_password.'';
  27. $headers = "From: ".$RecoveryEmail."" . "\r\n" .
  28. "CC: ".$RecoveryEmail."";
  29.  
  30. mail($email,$subject,$txt,$headers);
  31. } else {
  32. echo('User with these credentials does not exists.');
  33. }
  34. } else {
  35. echo('The entered E-mail is invalid.');
  36. }
  37. } else {
  38. echo('Fill all fields correctly.');
  39. }
  40. }
  41.  
  42. /* SAVE MERCHANT */
  43.  
  44. if(isset($_POST['action']) && $_POST['action'] == 'save-merchant') {
  45. $UserLevel = $user->GetData('UserLevel');
  46.  
  47. if($UserLevel == 'admin') {
  48. if(isset($_POST['website-name']) && isset($_POST['recovery-email']) &&
  49. is_string($_POST['website-name']) && is_string($_POST['recovery-email']) &&
  50. !empty($_POST['website-name']) && !empty($_POST['recovery-email'])) {
  51. if(!filter_var($_POST['recovery-email'], FILTER_VALIDATE_EMAIL) === false) {
  52. $WebsiteName = $_POST['website-name'];
  53. $RecoveryEmail = $_POST['recovery-email'];
  54.  
  55. $PaypalEmail = $_POST['paypal-email'];
  56.  
  57. $SkrillEmail = $_POST['skrill-email'];
  58. $SkrillSecret = $_POST['skrill-secret'];
  59.  
  60. $stmt = $pdo->prepare('SELECT * FROM merchant');
  61. $stmt->execute();
  62. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  63.  
  64. if(empty($row['MerchantWebsiteName'])) {
  65. $stmt = $pdo->prepare('INSERT INTO merchant (MerchantWebsiteName, MerchantRecoveryEmail, MerchantPaypalEmail, MerchantSkrillEmail, MerchantSkrillSecret)
  66. VALUES (:MerchantWebsiteName, :MerchantRecoveryEmail, :MerchantPaypalEmail, :MerchantSkrillEmail, :MerchantSkrillSecret)');
  67.  
  68. $stmt->execute(array(':MerchantWebsiteName' => $WebsiteName, ':MerchantRecoveryEmail' => $RecoveryEmail, ':MerchantPaypalEmail' => $PaypalEmail,
  69. ':MerchantSkrillEmail' => $SkrillEmail, ':MerchantSkrillSecret' => $SkrillSecret));
  70. } else {
  71. $CurrentName = $row['MerchantWebsiteName'];
  72.  
  73. $stmt = $pdo->prepare('UPDATE merchant SET MerchantWebsiteName = :MerchantWebsiteName, MerchantRecoveryEmail = :MerchantRecoveryEmail,
  74. MerchantPaypalEmail = :MerchantPaypalEmail, MerchantSkrillEmail = :MerchantSkrillEmail, MerchantSkrillSecret = :MerchantSkrillSecret WHERE MerchantWebsiteName = :MerchantWebsiteNameConfirm');
  75.  
  76. $stmt->execute(array(':MerchantWebsiteName' => $WebsiteName, ':MerchantRecoveryEmail' => $RecoveryEmail, ':MerchantPaypalEmail' => $PaypalEmail,
  77. ':MerchantSkrillEmail' => $SkrillEmail, ':MerchantSkrillSecret' => $SkrillSecret, ':MerchantWebsiteNameConfirm' => $CurrentName));
  78. }
  79. } else {
  80. echo('The provided recovery E-mail address is invalid.');
  81. }
  82. } else {
  83. echo('Fill all fields correctly.');
  84. }
  85. } else {
  86. echo('You don\'t have permissions to browse this page.');
  87. }
  88. }
  89.  
  90. /* CREATE USER FROM ADMINISTRATION PANEL */
  91.  
  92. if(isset($_POST['action']) && $_POST['action'] == 'create-user') {
  93. $UserLevel = $user->GetData('UserLevel');
  94.  
  95. if($UserLevel == 'admin') {
  96. if(isset($_POST['user-first-name']) && isset($_POST['user-last-name']) && isset($_POST['user-email']) && isset($_POST['user-name']) && isset($_POST['user-password']) && isset($_POST['user-level']) && isset($_POST['user-funds']) &&
  97. is_string($_POST['user-first-name']) && is_string($_POST['user-last-name']) && is_string($_POST['user-email']) && is_string($_POST['user-name']) && is_string($_POST['user-password']) && is_string($_POST['user-level']) && is_numeric($_POST['user-funds']) &&
  98. !empty($_POST['user-first-name']) && !empty($_POST['user-last-name']) && !empty($_POST['user-email']) && !empty($_POST['user-name']) && !empty($_POST['user-password']) && !empty($_POST['user-level'])) {
  99. if(strlen($_POST['user-password']) < 32 && strlen($_POST['user-password']) > 3) {
  100. if(strlen($_POST['user-name']) < 16 && strlen($_POST['user-name']) > 3) {
  101. if(!filter_var($_POST['user-email'], FILTER_VALIDATE_EMAIL) === false) {
  102. $first_name = stripslashes(strip_tags($_POST['user-first-name']));
  103. $last_name = stripslashes(strip_tags($_POST['user-last-name']));
  104. $email = $_POST['user-email'];
  105. $user_name = stripslashes(strip_tags($_POST['user-name']));
  106. $password = md5($_POST['user-password']);
  107. $level = stripslashes(strip_tags($_POST['user-level']));
  108. $funds = stripslashes(strip_tags($_POST['user-funds']));
  109.  
  110. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName OR UserEmail = :UserEmail');
  111. $stmt->execute(array(':UserName' => $user_name, ':UserEmail' => $email));
  112.  
  113. if($stmt->rowCount() == 0) {
  114. $stmt = $pdo->prepare('INSERT INTO users (UserName, UserEmail, UserPassword, UserLevel, UserFirstName, UserLastName, UserRegistrationDate, UserRegistrationAddress, UserFunds)
  115. VALUES (:UserName, :UserEmail, :UserPassword, :UserLevel, :UserFirstName, :UserLastName, :UserRegistrationDate, :UserRegistrationAddress, :UserFunds)');
  116.  
  117. $stmt->execute(array(':UserName' => $user_name, ':UserEmail' => $email, ':UserPassword' => $password, ':UserLevel' => $level, ':UserFirstName' => $first_name, ':UserLastName' => $last_name, ':UserRegistrationDate' => time(), ':UserRegistrationAddress' => '127.0.0.1', ':UserFunds' => $funds));
  118. } else {
  119. echo('User with these credentials already exists.');
  120. return false;
  121. }
  122. } else {
  123. echo('The provided e-mail address is invalid.');
  124. }
  125. } else {
  126. echo('User name length have to be 4-16 characters.');
  127. }
  128. } else {
  129. echo('Password length have to be 4-32 characters.');
  130. }
  131. } else {
  132. echo('Fill all fields correctly.');
  133. }
  134. } else {
  135. echo('You don\'t have permissions to browse this page.');
  136. }
  137. }
  138.  
  139. /* ADD NEW */
  140.  
  141. if(isset($_POST['action']) && $_POST['action'] == 'add-new') {
  142. $UserLevel = $user->GetData('UserLevel');
  143.  
  144. if($UserLevel == 'admin') {
  145. if(isset($_POST['new-title']) && isset($_POST['new-content']) &&
  146. is_string($_POST['new-title']) && is_string($_POST['new-content']) &&
  147. !empty($_POST['new-title']) && !empty($_POST['new-content'])) {
  148. $new_title = stripslashes(strip_tags($_POST['new-title']));
  149. $new_content = stripslashes(strip_tags($_POST['new-content']));
  150. $new_user = $user->GetData('UserID');
  151. $new_date = time();
  152.  
  153. $stmt = $pdo->prepare('INSERT INTO news (NewsTitle, NewsContent, NewsDate, NewsUserID) VALUES (:NewsTitle, :NewsContent, :NewsDate, :NewsUserID)');
  154. $stmt->execute(array(':NewsTitle' => $new_title, ':NewsContent' => $new_content, ':NewsDate' => $new_date, ':NewsUserID' => $new_user));
  155. } else {
  156. echo('Fill all fields correctly.');
  157. }
  158. } else {
  159. echo('You don\'t have permissions to browse this page.');
  160. }
  161. }
  162.  
  163. /* EDIT NEW */
  164.  
  165. if(isset($_POST['action']) && $_POST['action'] == 'edit-new') {
  166. $UserLevel = $user->GetData('UserLevel');
  167.  
  168. if($UserLevel == 'admin') {
  169. if(isset($_POST['new-id']) && isset($_POST['new-title']) && isset($_POST['new-content']) &&
  170. is_string($_POST['new-title']) && is_string($_POST['new-content']) &&
  171. !empty($_POST['new-title']) && !empty($_POST['new-content'])) {
  172. $new_title = stripslashes(strip_tags($_POST['new-title']));
  173. $new_content = stripslashes(strip_tags($_POST['new-content']));
  174. $new_id = $_POST['new-id'];
  175.  
  176. $stmt = $pdo->prepare('SELECT * FROM news WHERE NewsID = :NewsID');
  177. $stmt->bindParam(':NewsID', $new_id);
  178. $stmt->execute();
  179.  
  180. if($stmt->rowCount() == 1) {
  181. $stmt = $pdo->prepare('UPDATE news SET NewsTitle = :NewsTitle, NewsContent = :NewsContent WHERE NewsID = :NewsID');
  182.  
  183. $stmt->execute(array(':NewsTitle' => $new_title, ':NewsContent' => $new_content, ':NewsID' => $new_id));
  184. } else {
  185. echo('New does not exists.');
  186. }
  187. } else {
  188. echo('Fill all fields correctly.');
  189. }
  190. } else {
  191. echo('You don\'t have permissions to browse this page.');
  192. }
  193. }
  194.  
  195. /* DELETE NEW */
  196.  
  197. if(isset($_POST['action']) && $_POST['action'] == 'delete-new') {
  198. $UserLevel = $user->GetData('UserLevel');
  199.  
  200. if($UserLevel == 'admin') {
  201. if(isset($_POST['new-id']) && !empty($_POST['new-id']) && ctype_digit($_POST['new-id'])) {
  202. $NewsID = $_POST['new-id'];
  203.  
  204. $stmt = $pdo->prepare('SELECT * FROM news WHERE NewsID = :NewsID');
  205. $stmt->bindParam(':NewsID', $NewsID);
  206. $stmt->execute();
  207.  
  208. if($stmt->rowCount() == 1) {
  209. $stmt = $pdo->prepare('DELETE FROM news WHERE NewsID = :NewsID');
  210. $stmt->bindParam(':NewsID', $NewsID);
  211. $stmt->execute();
  212. } else {
  213. echo 'New does not exists.';
  214. }
  215. }
  216. } else {
  217. echo('You don\'t have permissions to browse this page.');
  218. }
  219. }
  220.  
  221. /* DELETE LOGS */
  222.  
  223. if(isset($_POST['action']) && $_POST['action'] == 'delete-logs') {
  224. $UserLevel = $user->GetData('UserLevel');
  225.  
  226. if($UserLevel == 'admin') {
  227. $stmt = $pdo->prepare('DELETE FROM logs');
  228. $stmt->execute();
  229. } else {
  230. echo('You don\'t have permissions to browse this page.');
  231. }
  232. }
  233.  
  234. /* EDIT USER */
  235.  
  236. if(isset($_POST['action']) && $_POST['action'] == 'edit-user') {
  237. $UserLevel = $user->GetData('UserLevel');
  238.  
  239. if($UserLevel == 'admin') {
  240. if(isset($_POST['user-id']) && isset($_POST['user-first-name']) && isset($_POST['user-last-name']) && isset($_POST['user-email']) && isset($_POST['user-name']) && isset($_POST['user-level']) && isset($_POST['user-funds']) &&
  241. is_string($_POST['user-first-name']) && is_string($_POST['user-last-name']) && is_string($_POST['user-email']) && is_string($_POST['user-name']) && is_string($_POST['user-level']) && preg_match('/^[0-9.]+$/', $_POST['user-funds']) &&
  242. !empty($_POST['user-id']) && !empty($_POST['user-first-name']) && !empty($_POST['user-last-name']) && !empty($_POST['user-email']) && !empty($_POST['user-name']) && !empty($_POST['user-level'])) {
  243. if(strlen($_POST['user-name']) < 16 && strlen($_POST['user-name']) > 3) {
  244. if(!filter_var($_POST['user-email'], FILTER_VALIDATE_EMAIL) === false) {
  245. $first_name = stripslashes(strip_tags($_POST['user-first-name']));
  246. $last_name = stripslashes(strip_tags($_POST['user-last-name']));
  247. $email = $_POST['user-email'];
  248. $user_name = stripslashes(strip_tags($_POST['user-name']));
  249. $level = stripslashes(strip_tags($_POST['user-level']));
  250. $funds = stripslashes(strip_tags($_POST['user-funds']));
  251. $user_id = $_POST['user-id'];
  252.  
  253. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName OR UserEmail = :UserEmail');
  254. $stmt->execute(array(':UserName' => $user_name, ':UserEmail' => $email));
  255.  
  256.  
  257. $query = $pdo->prepare('SELECT * FROM users WHERE UserID = :UserID');
  258. $query->bindParam(':UserID', $user_id);
  259. $query->execute();
  260.  
  261. if($query->rowCount() == 0) {
  262. echo 'User account does not exists.';
  263. return false;
  264. }
  265. if($stmt->rowCount() <= 1) {
  266. $stmt = $pdo->prepare('UPDATE users SET UserFirstName = :UserFirstName, UserLastName = :UserLastName, UserEmail = :UserEmail, UserName = :UserName, UserLevel = :UserLevel, UserFunds = :UserFunds WHERE UserID = :UserID');
  267.  
  268. $stmt->execute(array(':UserFirstName' => $first_name, ':UserLastName' => $last_name, ':UserEmail' => $email,
  269. ':UserName' => $user_name, ':UserLevel' => $level, ':UserFunds' => $funds, ':UserID' => $user_id));
  270. } else {
  271. echo('User with these credentials already exists.');
  272. return false;
  273. }
  274. } else {
  275. echo('The provided e-mail address is invalid.');
  276. }
  277. } else {
  278. echo('User name length have to be 4-16 characters.');
  279. }
  280. } else {
  281. echo('Fill all fields correctly.');
  282. }
  283. } else {
  284. echo('You don\'t have permissions to browse this page.');
  285. }
  286. }
  287.  
  288. /* CREATE CATEGORY */
  289.  
  290. if(isset($_POST['action']) && $_POST['action'] == 'create-category') {
  291. $UserLevel = $user->GetData('UserLevel');
  292.  
  293. if($UserLevel == 'admin') {
  294. if(isset($_POST['category-name']) && isset($_POST['category-description']) &&
  295. is_string($_POST['category-name']) && is_string($_POST['category-description']) &&
  296. !empty($_POST['category-name']) && !empty($_POST['category-description'])) {
  297. $category_name = stripslashes(strip_tags($_POST['category-name']));
  298. $category_description = stripslashes(strip_tags($_POST['category-description']));
  299. $time = time();
  300.  
  301. $stmt = $pdo->prepare('SELECT * FROM categories WHERE CategoryName = :CategoryName');
  302. $stmt->bindParam(':CategoryName', $category_name);
  303. $stmt->execute();
  304.  
  305. if($stmt->rowCount() == 0) {
  306. $stmt = $pdo->prepare('INSERT INTO categories (CategoryName, CategoryDescription, CategoryCreatedDate) VALUES (:CategoryName, :CategoryDescription, :CategoryCreatedDate)');
  307. $stmt->execute(array(':CategoryName' => $category_name, ':CategoryDescription' => $category_description, ':CategoryCreatedDate' => $time));
  308. } else {
  309. echo('Category already exists.');
  310. }
  311. } else {
  312. echo('Fill all fields correctly.');
  313. }
  314. } else {
  315. echo('You don\'t have permissions to browse this page.');
  316. }
  317. }
  318.  
  319. /* OPEN TICKET */
  320.  
  321. if(isset($_POST['action']) && $_POST['action'] == 'open-ticket') {
  322. if(isset($_POST['ticket-title']) && isset($_POST['ticket-message']) &&
  323. is_string($_POST['ticket-title']) && is_string($_POST['ticket-message']) &&
  324. !empty($_POST['ticket-title']) && !empty($_POST['ticket-message'])) {
  325. $ticket_title = stripslashes(strip_tags($_POST['ticket-title']));
  326. $ticket_message = stripslashes(strip_tags($_POST['ticket-message']));
  327. $time = time();
  328. $user_id = $user->GetData('UserID');
  329.  
  330. $stmt = $pdo->prepare('INSERT INTO support (SupportUserID, SupportTitle, SupportMessage, SupportDate) VALUES (:SupportUserID, :SupportTitle, :SupportMessage, :SupportDate)');
  331. $stmt->execute(array(':SupportUserID' => $user_id, ':SupportTitle' => $ticket_title, ':SupportMessage' => $ticket_message, ':SupportDate' => $time));
  332. } else {
  333. echo('Fill all fields correctly.');
  334. }
  335. }
  336.  
  337. /* TICKET REPLY */
  338.  
  339. if(isset($_POST['action']) && $_POST['action'] == 'reply-ticket') {
  340. $UserLevel = $user->GetData('UserLevel');
  341.  
  342. if($UserLevel == 'admin') {
  343. if(isset($_POST['ticket-id']) && isset($_POST['ticket-reply']) &&
  344. ctype_digit($_POST['ticket-id']) && is_string($_POST['ticket-reply']) &&
  345. !empty($_POST['ticket-id']) && !empty($_POST['ticket-reply'])) {
  346. $ticket_id = $_POST['ticket-id'];
  347. $ticket_reply = stripslashes(strip_tags($_POST['ticket-reply']));
  348.  
  349. $stmt = $pdo->prepare('UPDATE support SET SupportReply = :SupportReply WHERE SupportID = :SupportID');
  350. $stmt->execute(array(':SupportReply' => $ticket_reply, ':SupportID' => $ticket_id));
  351. } else {
  352. echo('Fill all fields correctly.');
  353. }
  354. } else {
  355. echo('You don\'t have permissions to browse this page.');
  356. }
  357. }
  358.  
  359. /* TICKET DELETE */
  360.  
  361. if(isset($_POST['action']) && $_POST['action'] == 'delete-ticket') {
  362. $UserLevel = $user->GetData('UserLevel');
  363.  
  364. if($UserLevel == 'admin') {
  365. if(isset($_POST['ticket-id']) && ctype_digit($_POST['ticket-id']) && !empty($_POST['ticket-id'])) {
  366. $ticket_id = $_POST['ticket-id'];
  367.  
  368. $stmt = $pdo->prepare('DELETE FROM support WHERE SupportID = :SupportID');
  369. $stmt->bindParam(':SupportID', $ticket_id);
  370. $stmt->execute();
  371. } else {
  372. echo('Fill all fields correctly.');
  373. }
  374. } else {
  375. echo('You don\'t have permissions to browse this page.');
  376. }
  377. }
  378.  
  379. /* CREATE SERVICE */
  380.  
  381. if(isset($_POST['action']) && $_POST['action'] == 'create-service') {
  382. $UserLevel = $user->GetData('UserLevel');
  383.  
  384. if($UserLevel == 'admin') {
  385. if(isset($_POST['service-name']) && isset($_POST['service-description']) && isset($_POST['service-quantity']) && isset($_POST['service-price']) && isset($_POST['service-category']) && isset($_POST['service-api']) && isset($_POST['service-reseller-price']) && isset($_POST['service-max-quantity']) &&
  386. is_string($_POST['service-name']) && is_string($_POST['service-description']) && is_string($_POST['service-quantity']) && is_string($_POST['service-price']) && is_string($_POST['service-category']) && is_string($_POST['service-max-quantity']) &&
  387. !empty($_POST['service-name']) && !empty($_POST['service-description']) && !empty($_POST['service-quantity']) && ctype_digit($_POST['service-quantity']) && !empty($_POST['service-price']) && !empty($_POST['service-category']) && !empty($_POST['service-max-quantity'])) {
  388. $service_name = stripslashes(strip_tags($_POST['service-name']));
  389. $service_description = stripslashes(strip_tags($_POST['service-description']));
  390. $service_quantity = stripslashes(strip_tags($_POST['service-quantity']));
  391. $service_max_quantity = stripslashes(strip_tags($_POST['service-max-quantity']));
  392. $service_price = stripslashes(strip_tags($_POST['service-price']));
  393. $service_category = stripslashes(strip_tags($_POST['service-category']));
  394. $service_api = htmlspecialchars($_POST['service-api']);
  395. $service_reseller = $_POST['service-reseller-price'];
  396. $time = time();
  397.  
  398. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductName = :ProductName');
  399. $stmt->bindParam(':ProductName', $service_name);
  400. $stmt->execute();
  401.  
  402. if($stmt->rowCount() == 0) {
  403. $stmt = $pdo->prepare('SELECT * FROM categories WHERE CategoryID = :CategoryID');
  404. $stmt->bindParam(':CategoryID', $service_category);
  405. $stmt->execute();
  406.  
  407. if($stmt->rowCount() > 0 ) {
  408. if($service_max_quantity > $service_quantity) {
  409. $stmt = $pdo->prepare('INSERT INTO products (ProductCategoryID, ProductName, ProductDescription, ProductMinimumQuantity, ProductMaxQuantity, ProductPrice, ProductAPI, ProductCreatedDate)
  410. VALUES (:ProductCategoryID, :ProductName, :ProductDescription, :ProductMinimumQuantity, :ProductMaxQuantity, :ProductPrice, :ProductAPI, :ProductCreatedDate)');
  411.  
  412. $stmt->execute(array(':ProductCategoryID' => $service_category, ':ProductName' => $service_name, ':ProductDescription' => $service_description,
  413. ':ProductMinimumQuantity' => $service_quantity, ':ProductMaxQuantity' => $service_max_quantity, ':ProductPrice' => $service_price,
  414. ':ProductAPI' => $service_api, ':ProductCreatedDate' => $time));
  415. } else {
  416. echo 'Service max quantity have to be bigger than the minimum quantity.';
  417. }
  418. } else {
  419. echo 'Category does not exists.';
  420. }
  421. } else {
  422. echo('Service already exists.');
  423. }
  424. } else {
  425. echo('Fill all fields correctly.');
  426. }
  427. } else {
  428. echo('You don\'t have permissions to browse this page.');
  429. }
  430. }
  431.  
  432. /* EDIT SERVICE */
  433.  
  434. if(isset($_POST['action']) && $_POST['action'] == 'edit-service') {
  435. $UserLevel = $user->GetData('UserLevel');
  436.  
  437. if($UserLevel == 'admin') {
  438. if(isset($_POST['service-id']) && isset($_POST['service-name']) && isset($_POST['service-description']) && isset($_POST['service-quantity']) && isset($_POST['service-price']) && isset($_POST['service-category']) && isset($_POST['service-api']) && isset($_POST['service-reseller-price']) && isset($_POST['service-max-quantity']) &&
  439. is_string($_POST['service-name']) && is_string($_POST['service-description']) && is_string($_POST['service-quantity']) && is_string($_POST['service-price']) && is_string($_POST['service-category']) && is_string($_POST['service-max-quantity']) &&
  440. !empty($_POST['service-name']) && !empty($_POST['service-description']) && !empty($_POST['service-quantity']) && ctype_digit($_POST['service-quantity']) && !empty($_POST['service-price']) && !empty($_POST['service-category']) && !empty($_POST['service-max-quantity'])) {
  441. $service_name = stripslashes(strip_tags($_POST['service-name']));
  442. $service_description = stripslashes(strip_tags($_POST['service-description']));
  443. $service_quantity = stripslashes(strip_tags($_POST['service-quantity']));
  444. $service_max_quantity = stripslashes(strip_tags($_POST['service-max-quantity']));
  445. $service_price = stripslashes(strip_tags($_POST['service-price']));
  446. $service_category = stripslashes(strip_tags($_POST['service-category']));
  447. $service_api = $_POST['service-api'];
  448. $service_reseller = $_POST['service-reseller-price'];
  449. $time = time();
  450.  
  451. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductID = :ProductID');
  452. $stmt->bindParam(':ProductID', $_POST['service-id']);
  453. $stmt->execute();
  454.  
  455. if($stmt->rowCount() == 1) {
  456. $ServiceRow = $stmt->fetch(PDO::FETCH_ASSOC);
  457.  
  458. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductName = :ProductName');
  459. $stmt->bindParam(':ProductName', $service_name);
  460. $stmt->execute();
  461.  
  462. if(strtolower($ServiceRow['ProductName']) == strtolower($service_name) || $stmt->rowCount() == 0) {
  463. $stmt = $pdo->prepare('SELECT * FROM categories WHERE CategoryID = :CategoryID');
  464. $stmt->bindParam(':CategoryID', $service_category);
  465. $stmt->execute();
  466.  
  467. if($stmt->rowCount() == 1) {
  468. $stmt = $pdo->prepare('UPDATE products SET ProductCategoryID = :ProductCategoryID, ProductName = :ProductName, ProductDescription = :ProductDescription, ProductMinimumQuantity = :ProductMinimumQuantity, ProductPrice = :ProductPrice, ProductAPI = :ProductAPI, ProductResellerPrice = :ProductResellerPrice, ProductMaxQuantity = :ProductMaxQuantity WHERE ProductID = :ProductID');
  469. $stmt->execute(array(':ProductCategoryID' => $service_category, ':ProductName' => $service_name, ':ProductDescription' => $service_description,
  470. ':ProductMinimumQuantity' => $service_quantity, ':ProductPrice' => $service_price, ':ProductID' => $_POST['service-id'],
  471. ':ProductAPI' => $service_api, ':ProductResellerPrice' => $service_reseller, ':ProductMaxQuantity' => $service_max_quantity));
  472. } else {
  473. echo 'Category does not exists.';
  474. }
  475. } else {
  476. echo 'Service with this name already exists.';
  477. }
  478. } else {
  479. echo('Service does not exists.');
  480. }
  481. } else {
  482. echo('Fill all fields correctly.');
  483. }
  484. } else {
  485. echo('You don\'t have permissions to browse this page.');
  486. }
  487. }
  488.  
  489. /* DELETE SERVICE */
  490.  
  491. if(isset($_POST['action']) && $_POST['action'] == 'delete-service') {
  492. $UserLevel = $user->GetData('UserLevel');
  493.  
  494. if($UserLevel == 'admin') {
  495. if(isset($_POST['service-id']) && !empty($_POST['service-id']) && ctype_digit($_POST['service-id'])) {
  496. $ServiceID = $_POST['service-id'];
  497.  
  498. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductID = :ProductID');
  499. $stmt->bindParam(':ProductID', $ServiceID);
  500. $stmt->execute();
  501.  
  502. if($stmt->rowCount() == 1) {
  503. $stmt = $pdo->prepare('DELETE FROM products WHERE ProductID = :ProductID');
  504. $stmt->bindParam(':ProductID', $ServiceID);
  505. $stmt->execute();
  506. } else {
  507. echo 'Service does not exists.';
  508. return false;
  509. }
  510. }
  511. } else {
  512. echo('You don\'t have permissions to browse this page.');
  513. }
  514. }
  515.  
  516. if(isset($_POST['action']) && $_POST['action'] == 'get-max-quantity') {
  517. if(isset($_POST['service']) && is_numeric($_POST['service'])) {
  518. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductID = :ProductID');
  519. $stmt->execute(array(':ProductID' => $_POST['service']));
  520.  
  521. if($stmt->rowCount() == 1) {
  522. $row = $stmt->fetch();
  523.  
  524. echo $row['ProductMaxQuantity'];
  525. }
  526. }
  527. }
  528.  
  529. /* EDIT CATEGORY */
  530.  
  531. if(isset($_POST['action']) && $_POST['action'] == 'edit-category') {
  532. $UserLevel = $user->GetData('UserLevel');
  533.  
  534. if($UserLevel == 'admin') {
  535. if(isset($_POST['category-id']) && isset($_POST['category-name']) && isset($_POST['category-description']) &&
  536. is_string($_POST['category-name']) && is_string($_POST['category-description']) &&
  537. !empty($_POST['category-name']) && !empty($_POST['category-description'])) {
  538. $category_id = stripslashes(strip_tags($_POST['category-id']));
  539. $category_name = stripslashes(strip_tags($_POST['category-name']));
  540. $category_description = stripslashes(strip_tags($_POST['category-description']));
  541. $time = time();
  542.  
  543. $stmt = $pdo->prepare('SELECT * FROM categories WHERE CategoryID = :CategoryID');
  544. $stmt->bindParam(':CategoryID', $_POST['category-id']);
  545. $stmt->execute();
  546.  
  547. if($stmt->rowCount() == 1) {
  548. $CategoryRow = $stmt->fetch(PDO::FETCH_ASSOC);
  549.  
  550. $stmt = $pdo->prepare('SELECT * FROM categories WHERE CategoryName = :CategoryName');
  551. $stmt->bindParam(':CategoryName', $category_name);
  552. $stmt->execute();
  553.  
  554. if(strtolower($CategoryRow['CategoryName']) == strtolower($category_name) || $stmt->rowCount() == 0) {
  555. $stmt = $pdo->prepare('UPDATE categories SET CategoryName = :CategoryName, CategoryDescription = :CategoryDescription WHERE CategoryID = :CategoryID');
  556. $stmt->execute(array(':CategoryID' => $category_id, ':CategoryName' => $category_name, ':CategoryDescription' => $category_description));
  557. } else {
  558. echo('Category name already exists.');
  559. }
  560. } else {
  561. echo('Category already exists.');
  562. }
  563. } else {
  564. echo('Fill all fields correctly.');
  565. }
  566. } else {
  567. echo('You don\'t have permissions to browse this page.');
  568. }
  569. }
  570.  
  571. /* DELETE CATEGORY */
  572.  
  573. if(isset($_POST['action']) && $_POST['action'] == 'delete-category') {
  574. $UserLevel = $user->GetData('UserLevel');
  575.  
  576. if($UserLevel == 'admin') {
  577. if(isset($_POST['category-id']) && !empty($_POST['category-id']) && ctype_digit($_POST['category-id'])) {
  578. $CategoryID = $_POST['category-id'];
  579.  
  580. $stmt = $pdo->prepare('SELECT * FROM categories WHERE CategoryID = :CategoryID');
  581. $stmt->bindParam(':CategoryID', $CategoryID);
  582. $stmt->execute();
  583.  
  584. if($stmt->rowCount() == 1) {
  585. $stmt = $pdo->prepare('DELETE FROM categories WHERE CategoryID = :CategoryID');
  586. $stmt->bindParam(':CategoryID', $CategoryID);
  587. $stmt->execute();
  588.  
  589. $stmt = $pdo->prepare('DELETE FROM products WHERE ProductCategoryID = :ProductCategoryID');
  590. $stmt->bindParam(':ProductCategoryID', $CategoryID);
  591. $stmt->execute();
  592. } else {
  593. echo 'Category does not exists.';
  594. }
  595. }
  596. } else {
  597. echo('You don\'t have permissions to browse this page.');
  598. }
  599. }
  600.  
  601. /* UPDATE ORDER STATUS */
  602.  
  603.  
  604. if(isset($_POST['action']) && $_POST['action'] == 'update-order-status') {
  605. $UserLevel = $user->GetData('UserLevel');
  606.  
  607. if($UserLevel == 'admin') {
  608. if(isset($_POST['order-status']) && !empty($_POST['order-status']) && is_string($_POST['order-status']) &&
  609. isset($_POST['order-id']) && !empty($_POST['order-id']) && ctype_digit($_POST['order-id'])) {
  610. $OrderID = $_POST['order-id'];
  611.  
  612. $stmt = $pdo->prepare('SELECT * FROM orders WHERE OrderID = :OrderID');
  613. $stmt->bindParam(':OrderID', $OrderID);
  614. $stmt->execute();
  615.  
  616. if($stmt->rowCount() == 1) {
  617. $row = $stmt->fetch();
  618.  
  619. $OrderStatus = $_POST['order-status'];
  620. if($OrderStatus == 'Delete Order') {
  621. $stmt = $pdo->prepare('DELETE FROM orders WHERE OrderID = :OrderID');
  622. $stmt->bindParam(':OrderID', $OrderID);
  623. $stmt->execute();
  624. }
  625. if($OrderStatus == 'Refunded') {
  626. $UserID = $user->GetData('UserID');
  627. $UserFunds = $user->GetData('UserFunds');
  628. $stmt = $pdo->prepare('UPDATE users SET UserFunds = :UserFunds WHERE UserID = :UserID');
  629. $stmt->execute(array(':UserFunds' => $row['OrderAmount'] + $UserFunds, ':UserID' => $UserID));
  630. }
  631. $stmt = $pdo->prepare('UPDATE orders SET OrderStatus = :OrderStatus WHERE OrderID = :OrderID');
  632. $stmt->execute(array(':OrderStatus' => $OrderStatus, ':OrderID' => $OrderID));
  633. } else {
  634. echo 'Order does not exists.';
  635. }
  636. }
  637. } else {
  638. echo('You don\'t have permissions to browse this page.');
  639. }
  640. }
  641.  
  642. /* ADD INDIVUDUAL PRICE */
  643.  
  644. if(isset($_POST['action']) && $_POST['action'] == 'add-individual-price') {
  645. $UserLevel = $user->GetData('UserLevel');
  646.  
  647. if($UserLevel == 'admin') {
  648. if(isset($_POST['ip-username']) && isset($_POST['ip-service']) && isset($_POST['ip-price']) &&
  649. is_string($_POST['ip-username']) && ctype_digit($_POST['ip-service']) && is_numeric($_POST['ip-price']) &&
  650. !empty($_POST['ip-username']) && !empty($_POST['ip-service'])) {
  651. $username = $_POST['ip-username'];
  652. $service = $_POST['ip-service'];
  653. $price = $_POST['ip-price'];
  654.  
  655. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName');
  656. $stmt->bindParam(':UserName', $username);
  657. $stmt->execute();
  658.  
  659. if($stmt->rowCount() > 0) {
  660. $UserRow = $stmt->fetch(PDO::FETCH_ASSOC);
  661. $UserID = $UserRow['UserID'];
  662.  
  663. $stmt = $pdo->prepare('SELECT * FROM individualprices WHERE IPUserID = :IPUserID AND IPProductID = :IPProductID');
  664. $stmt->execute(array(':IPUserID' => $UserID, ':IPProductID' => $service));
  665.  
  666. if($stmt->rowCount() == 0) {
  667. $stmt = $pdo->prepare('INSERT INTO individualprices (IPUserID, IPProductID, IPPrice) VALUES (:IPUserID, :IPProductID, :IPPrice)');
  668. $stmt->execute(array(':IPUserID' => $UserID, ':IPProductID' => $service, ':IPPrice' => $price));
  669. } else {
  670. echo 'Individual price for this user with this service already exists.';
  671. }
  672. } else {
  673. echo 'User name does not exists.';
  674. }
  675. } else {
  676. echo('Fill all fields correctly.');
  677. }
  678. } else {
  679. echo('You don\'t have permissions to browse this page.');
  680. }
  681. }
  682.  
  683. /* EDIT INDIVUDUAL PRICE */
  684.  
  685. if(isset($_POST['action']) && $_POST['action'] == 'edit-individual-price') {
  686. $UserLevel = $user->GetData('UserLevel');
  687.  
  688. if($UserLevel == 'admin') {
  689. if(isset($_POST['ip-username']) && isset($_POST['ip-service']) && isset($_POST['ip-price']) && isset($_POST['ip-id']) &&
  690. is_string($_POST['ip-username']) && ctype_digit($_POST['ip-service']) && is_numeric($_POST['ip-price']) &&
  691. !empty($_POST['ip-username']) && !empty($_POST['ip-service'])) {
  692. $id = $_POST['ip-id'];
  693. $username = $_POST['ip-username'];
  694. $service = $_POST['ip-service'];
  695. $price = $_POST['ip-price'];
  696.  
  697. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName');
  698. $stmt->bindParam(':UserName', $username);
  699. $stmt->execute();
  700.  
  701. if($stmt->rowCount() > 0) {
  702. $UserRow = $stmt->fetch(PDO::FETCH_ASSOC);
  703. $UserID = $UserRow['UserID'];
  704.  
  705. $stmt = $pdo->prepare('SELECT * FROM individualprices WHERE IPUserID = :IPUserID AND IPProductID = :IPProductID');
  706. $stmt->execute(array(':IPUserID' => $UserID, ':IPProductID' => $service));
  707.  
  708. $cs = $pdo->prepare('SELECT * FROM individualprices WHERE IPID = :IPID');
  709. $cs->bindParam(':IPID', $id);
  710. $cs->execute();
  711. $csr = $cs->fetch(PDO::FETCH_ASSOC);
  712.  
  713. if($stmt->rowCount() == 0 || $service == $csr['IPProductID']) {
  714. $stmt = $pdo->prepare('UPDATE individualprices SET IPUserID = :IPUserID, IPProductID = :IPProductID, IPPrice = :IPPrice WHERE IPID = :IPID');
  715. $stmt->execute(array(':IPUserID' => $UserID, ':IPProductID' => $service, ':IPPrice' => $price, ':IPID' => $id));
  716. } else {
  717. echo 'Individual price for this user with this service already exists.';
  718. }
  719. } else {
  720. echo 'User name does not exists.';
  721. }
  722. } else {
  723. echo('Fill all fields correctly.');
  724. }
  725. } else {
  726. echo('You don\'t have permissions to browse this page.');
  727. }
  728. }
  729.  
  730. /* INDIVIDUAL PRICE DELETE */
  731.  
  732. if(isset($_POST['action']) && $_POST['action'] == 'delete-ip') {
  733. $UserLevel = $user->GetData('UserLevel');
  734.  
  735. if($UserLevel == 'admin') {
  736. if(isset($_POST['ip-id']) && !empty($_POST['ip-id']) && ctype_digit($_POST['ip-id'])) {
  737. $IPID = $_POST['ip-id'];
  738.  
  739. $stmt = $pdo->prepare('SELECT * FROM individualprices WHERE IPID = :IPID');
  740. $stmt->bindParam(':IPID', $IPID);
  741. $stmt->execute();
  742.  
  743. if($stmt->rowCount() == 1) {
  744. $stmt = $pdo->prepare('DELETE FROM individualprices WHERE IPID = :IPID');
  745. $stmt->bindParam(':IPID', $IPID);
  746. $stmt->execute();
  747. } else {
  748. echo 'Individual prices does not exists.';
  749. return false;
  750. }
  751. }
  752. } else {
  753. echo('You don\'t have permissions to browse this page.');
  754. }
  755. }
  756.  
  757. /* BAN & UNBAN USER */
  758.  
  759. if(isset($_POST['action']) && $_POST['action'] == 'ban-user') {
  760. $UserLevel = $user->GetData('UserLevel');
  761.  
  762. if($UserLevel == 'admin') {
  763. if(isset($_POST['user-id']) && !empty($_POST['user-id']) && ctype_digit($_POST['user-id'])) {
  764. $UserID = $_POST['user-id'];
  765.  
  766. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserID = :UserID');
  767. $stmt->bindParam(':UserID', $UserID);
  768. $stmt->execute();
  769.  
  770. if($stmt->rowCount() == 1) {
  771. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  772. $UserLevel = $row['UserLevel'];
  773.  
  774. if($UserLevel == 'banned') {
  775. echo 'User account is already terminated.';
  776. return false;
  777. } else {
  778. $stmt = $pdo->prepare('UPDATE users SET UserLevel = :UserLevel WHERE UserID = :UserID');
  779. $stmt->execute(array(':UserLevel' => 'banned', ':UserID' => $UserID));
  780. }
  781. } else {
  782. echo 'User account does not exists.';
  783. return false;
  784. }
  785. }
  786. } else {
  787. echo('You don\'t have permissions to browse this page.');
  788. }
  789. }
  790.  
  791. if(isset($_POST['action']) && $_POST['action'] == 'unban-user') {
  792. $UserLevel = $user->GetData('UserLevel');
  793.  
  794. if($UserLevel == 'admin') {
  795. if(isset($_POST['user-id']) && !empty($_POST['user-id']) && ctype_digit($_POST['user-id'])) {
  796. $UserID = $_POST['user-id'];
  797.  
  798. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserID = :UserID');
  799. $stmt->bindParam(':UserID', $UserID);
  800. $stmt->execute();
  801.  
  802. if($stmt->rowCount() == 1) {
  803. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  804. $UserLevel = $row['UserLevel'];
  805.  
  806. if($UserLevel != 'banned') {
  807. echo 'User account is not terminated.';
  808. return false;
  809. } else {
  810. $stmt = $pdo->prepare('UPDATE users SET UserLevel = :UserLevel WHERE UserID = :UserID');
  811. $stmt->execute(array(':UserLevel' => 'default', ':UserID' => $UserID));
  812. }
  813. } else {
  814. echo 'User account does not exists.';
  815. return false;
  816. }
  817. }
  818. } else {
  819. echo('You don\'t have permissions to browse this page.');
  820. }
  821. }
  822.  
  823. /* DELETE USER */
  824.  
  825. if(isset($_POST['action']) && $_POST['action'] == 'delete-user') {
  826. $UserLevel = $user->GetData('UserLevel');
  827.  
  828. if($UserLevel == 'admin') {
  829. if(isset($_POST['user-id']) && !empty($_POST['user-id']) && ctype_digit($_POST['user-id'])) {
  830. $UserID = $_POST['user-id'];
  831.  
  832. $stmt = $pdo->prepare('SELECT * FROM users WHERE UserID = :UserID');
  833. $stmt->bindParam(':UserID', $UserID);
  834. $stmt->execute();
  835.  
  836. if($stmt->rowCount() == 1) {
  837. $stmt = $pdo->prepare('DELETE FROM users WHERE UserID = :UserID');
  838. $stmt->bindParam(':UserID', $UserID);
  839. $stmt->execute();
  840. } else {
  841. echo 'User account does not exists.';
  842. return false;
  843. }
  844. }
  845. } else {
  846. echo('You don\'t have permissions to browse this page.');
  847. }
  848. }
  849.  
  850. /* UPDATE PROFILE INFORMATION */
  851.  
  852. if(isset($_POST['action']) && $_POST['action'] == 'profile-update') {
  853. if(isset($_POST['first-name']) && isset($_POST['last-name']) && isset($_POST['email']) && isset($_POST['password'])
  854. && is_string($_POST['first-name']) && is_string($_POST['last-name']) && is_string($_POST['email']) && is_string($_POST['password'])
  855. && !empty($_POST['first-name']) && !empty($_POST['last-name']) && !empty($_POST['email']) && !empty($_POST['password'])) {
  856.  
  857. if(md5($_POST['password']) == $user->GetData('UserPassword')) {
  858. if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
  859. $first_name = stripslashes(strip_tags($_POST['first-name']));
  860. $last_name = stripslashes(strip_tags($_POST['last-name']));
  861. $email = $_POST['email'];
  862. $UserID = $user->GetData('UserID');
  863.  
  864. $stmt = $pdo->prepare('UPDATE users SET UserFirstName = :UserFirstName, UserLastName = :UserLastName, UserEmail = :UserEmail WHERE UserID = :UserID');
  865. $stmt->execute(array(':UserFirstName' =>$first_name, ':UserLastName' => $last_name, ':UserEmail' => $email, ':UserID' => $UserID));
  866. } else {
  867. echo('The provided E-mail is invalid.');
  868. }
  869. } else {
  870. echo('The entered password does not equals to your account password.');
  871. }
  872. } else {
  873. echo('Fill all fields correctly.');
  874. }
  875. }
  876.  
  877. /* UPDATE ACCOUNT PASSWORD */
  878.  
  879. if(isset($_POST['action']) && $_POST['action'] == 'password-update') {
  880. if(isset($_POST['current-password']) && isset($_POST['new-password'])
  881. && is_string($_POST['current-password']) && is_string($_POST['new-password'])
  882. && !empty($_POST['current-password']) && !empty($_POST['new-password'])) {
  883.  
  884. if(md5($_POST['current-password']) == $user->GetData('UserPassword')) {
  885. if(strlen($_POST['new-password']) > 3 && strlen($_POST['new-password']) < 32) {
  886. $UserID = $user->GetData('UserID');
  887.  
  888. $stmt = $pdo->prepare('UPDATE users SET UserPassword = :UserPassword WHERE UserID = :UserID');
  889. $stmt->execute(array(':UserPassword' => md5($_POST['new-password']), ':UserID' => $UserID));
  890. } else {
  891. echo('Password length have to be 4-32 characters.');
  892. }
  893. } else {
  894. echo('The entered password does not match to your account password.');
  895. }
  896. } else {
  897. echo('Fill all fields correctly.');
  898. }
  899. }
  900.  
  901. /* GET AVAILABLE SERVICES */
  902.  
  903. if(isset($_POST['action']) && $_POST['action'] == 'get-products') {
  904. $category = stripslashes(strip_tags($_POST['option']));
  905.  
  906. $stmt = $pdo->prepare('SELECT * FROM categories WHERE CategoryID = :CategoryID');
  907. $stmt->bindParam(':CategoryID', $category);
  908. $stmt->execute();
  909.  
  910. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  911. $CategoryID = $row['CategoryID'];
  912.  
  913. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductCategoryID = :ProductCategoryID');
  914. $stmt->bindParam(':ProductCategoryID', $CategoryID);
  915. $stmt->execute();
  916.  
  917. $html = '';
  918.  
  919. foreach($stmt->fetchAll() as $rows) {
  920. $html .= '<option value="'.$rows['ProductID'].'">'.$rows['ProductName'].'</option>';
  921. }
  922.  
  923. echo $html;
  924. }
  925.  
  926. /* CREATE SERVICE ORDER */
  927.  
  928. if(isset($_POST['action']) && $_POST['action'] == 'create-order') {
  929. if(isset($_POST['service']) && isset($_POST['quantity']) && isset($_POST['link']) &&
  930. !empty($_POST['service']) && !empty($_POST['quantity']) && !empty($_POST['link']) &&
  931. ctype_digit($_POST['service']) && ctype_digit($_POST['quantity']) && is_string($_POST['link'])) {
  932. $service = strip_tags(stripslashes($_POST['service']));
  933. $quantity = strip_tags(stripslashes($_POST['quantity']));
  934. $link = $_POST['link'];
  935. $time = time();
  936. $UserID = $user->GetData('UserID');
  937.  
  938. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductID = :ProductID');
  939. $stmt->bindParam(':ProductID', $service);
  940. $stmt->execute();
  941.  
  942. if($stmt->rowCount() > 0) {
  943. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  944. $product_quantity = $row['ProductMinimumQuantity'];
  945. $account_balance = $user->GetData('UserFunds');
  946. if($quantity >= $product_quantity) {
  947. $newprice = $product->DeclarePrice($row['IPPrice'], $row['ProductMinimumQuantity'], $quantity);
  948. $price = round($newprice, 2);
  949. if($account_balance >= $price) {
  950. $api = $row['ProductAPI'];
  951.  
  952. if(!empty($api)) {
  953. $api = str_replace('&amp;','&',$api);
  954. $api_link = str_replace('[LINK]', rawurlencode($link), $api);
  955. $api_final = str_replace('[QUANTITY]', $quantity, $api_link);
  956.  
  957. $curl = curl_init();
  958. curl_setopt_array($curl, array(
  959. CURLOPT_RETURNTRANSFER => 1,
  960. CURLOPT_URL => $api_final,
  961. CURLOPT_USERAGENT => 'Enigma SMM API Caller'
  962. ));
  963.  
  964. $resp = curl_exec($curl);
  965. curl_close($curl);
  966.  
  967. $response = json_decode($resp,true);
  968. $orderid = $response['id'];
  969.  
  970. $stmt = $pdo->prepare('INSERT INTO orders (OrderUserID, OrderProductID, OrderDate, OrderLink, OrderQuantity, OrderAmount, OrderStatus, OrderAPIID) VALUES (:OrderUserID, :OrderProductID, :OrderDate, :OrderLink, :OrderQuantity, :OrderAmount, :OrderStatus, :OrderAPIID)');
  971. $stmt->execute(array(':OrderUserID' => $UserID, ':OrderProductID' => $service, ':OrderDate' => $time, ':OrderLink' => $link, ':OrderQuantity' => $quantity, ':OrderAmount' => $price, ':OrderStatus' => 'In Process', ':OrderAPIID' => $orderid));
  972. } else {
  973. $stmt = $pdo->prepare('INSERT INTO orders (OrderUserID, OrderProductID, OrderDate, OrderLink, OrderQuantity, OrderAmount) VALUES (:OrderUserID, :OrderProductID, :OrderDate, :OrderLink, :OrderQuantity, :OrderAmount)');
  974. $stmt->execute(array(':OrderUserID' => $UserID, ':OrderProductID' => $service, ':OrderDate' => $time, ':OrderLink' => $link, ':OrderQuantity' => $quantity, ':OrderAmount' => $price));
  975. }
  976. // Take balance from user's account
  977.  
  978. $UserFunds = $account_balance - $price;
  979.  
  980. $stmt = $pdo->prepare('UPDATE users SET UserFunds = :UserFunds WHERE UserID = :UserID');
  981. $stmt->execute(array(':UserFunds' => $UserFunds, ':UserID' => $UserID));
  982. } else {
  983. echo 'Not enough funds in the account.You can deposit funds to your account from <a href="./deposit.php">here</a>.';
  984. }
  985. } else {
  986. echo 'Minimum product quantity for purchase is '.$product_quantity.'.';
  987. }
  988. } else {
  989. echo 'Invalid Product ID.';
  990. }
  991. } else {
  992. echo 'Fill all fields correctly.';
  993. }
  994. }
  995.  
  996. /* ADD NAVIGATION LINK */
  997.  
  998. if(isset($_POST['action']) && $_POST['action'] == 'add-navigation') {
  999. $UserLevel = $user->GetData('UserLevel');
  1000.  
  1001. if($UserLevel == 'admin') {
  1002. if(isset($_POST['nav-text']) && isset($_POST['nav-url']) && isset($_POST['nav-icon']) &&
  1003. is_string($_POST['nav-text']) && is_string($_POST['nav-url']) && is_string($_POST['nav-icon']) &&
  1004. !empty($_POST['nav-text']) && !empty($_POST['nav-url']) && !empty($_POST['nav-icon'])) {
  1005. $NavText = stripslashes(strip_tags($_POST['nav-text']));
  1006. $NavURL = stripslashes(strip_tags($_POST['nav-url']));
  1007. $NavIcon = stripslashes(strip_tags($_POST['nav-icon']));
  1008.  
  1009. $stmt = $pdo->prepare('INSERT INTO navigation (NavigationText, NavigationURL, NavigationIcon)
  1010. VALUES (:NavigationText, :NavigationURL, :NavigationIcon)');
  1011. $stmt->execute(array(':NavigationText' => $NavText, ':NavigationURL' => $NavURL, ':NavigationIcon' => $NavIcon));
  1012. } else {
  1013. echo('Fill all fields correctly.');
  1014. }
  1015. } else {
  1016. echo('You don\'t have permissions to browse this page.');
  1017. }
  1018. }
  1019.  
  1020. /* EDIT NAVIGATION LINK */
  1021.  
  1022. if(isset($_POST['action']) && $_POST['action'] == 'edit-navigation') {
  1023. $UserLevel = $user->GetData('UserLevel');
  1024.  
  1025. if($UserLevel == 'admin') {
  1026. if(isset($_POST['nav-text']) && isset($_POST['nav-url']) && isset($_POST['nav-icon']) && isset($_POST['nav-id']) &&
  1027. is_string($_POST['nav-text']) && is_string($_POST['nav-url']) && is_string($_POST['nav-icon']) && is_numeric($_POST['nav-id']) &&
  1028. !empty($_POST['nav-text']) && !empty($_POST['nav-url']) && !empty($_POST['nav-icon'])) {
  1029. $NavID = stripslashes(strip_tags($_POST['nav-id']));
  1030. $NavText = stripslashes(strip_tags($_POST['nav-text']));
  1031. $NavURL = stripslashes(strip_tags($_POST['nav-url']));
  1032. $NavIcon = stripslashes(strip_tags($_POST['nav-icon']));
  1033.  
  1034. $stmt = $pdo->prepare('UPDATE navigation SET NavigationText = :NavigationText, NavigationURL = :NavigationURL, NavigationIcon = :NavigationIcon WHERE NavigationID = :NavigationID');
  1035. $stmt->execute(array(':NavigationText' => $NavText, ':NavigationURL' => $NavURL, ':NavigationIcon' => $NavIcon, ':NavigationID' => $NavID));
  1036. } else {
  1037. echo('Fill all fields correctly.');
  1038. }
  1039. } else {
  1040. echo('You don\'t have permissions to browse this page.');
  1041. }
  1042. }
  1043.  
  1044. /* DELETE NAVIGATION LINK */
  1045.  
  1046. if(isset($_POST['action']) && $_POST['action'] == 'delete-navigation') {
  1047. $UserLevel = $user->GetData('UserLevel');
  1048.  
  1049. if($UserLevel == 'admin') {
  1050. if(isset($_POST['nav-id']) && is_numeric($_POST['nav-id'])) {
  1051. $NavID = stripslashes(strip_tags($_POST['nav-id']));
  1052.  
  1053. $stmt = $pdo->prepare('SELECT * FROM navigation WHERE NavigationID = :NavigationID');
  1054. $stmt->execute(array(':NavigationID' => $NavID));
  1055.  
  1056. if($stmt->rowCount() > 0) {
  1057. $stmt = $pdo->prepare('DELETE FROM navigation WHERE NavigationID = :NavigationID');
  1058. $stmt->execute(array(':NavigationID' => $NavID));
  1059. } else {
  1060. echo('Navigation link does not exists.');
  1061. }
  1062. } else {
  1063. echo('Error.');
  1064. }
  1065. } else {
  1066. echo('You don\'t have permissions to browse this page.');
  1067. }
  1068. }
  1069.  
  1070. /* GET ORDER AMOUNT */
  1071.  
  1072. if(isset($_POST['action']) && $_POST['action'] == 'get-amount') {
  1073. if(isset($_POST['service']) && isset($_POST['quantity']) &&
  1074. !empty($_POST['service']) && !empty($_POST['quantity'])&&
  1075. ctype_digit($_POST['service']) && ctype_digit($_POST['quantity'])) {
  1076. $service = strip_tags(stripslashes($_POST['service']));
  1077. $quantity = strip_tags(stripslashes($_POST['quantity']));
  1078. $UserGroup = $user->GetData('UserLevel');
  1079. $UserID = $user->GetData('UserID');
  1080.  
  1081. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductID = :ProductID');
  1082. $stmt->bindParam(':ProductID', $service);
  1083. $stmt->execute();
  1084.  
  1085. if($stmt->rowCount() > 0) {
  1086. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  1087. $product_quantity = $row['ProductMinimumQuantity'];
  1088.  
  1089. if($quantity >= $product_quantity) {
  1090. $stmt = $pdo->prepare('SELECT * FROM individualprices WHERE IPUserID = :IPUserID AND IPProductID = :IPProductID');
  1091. $stmt->execute(array(':IPUserID' => $UserID, ':IPProductID' => $service));
  1092.  
  1093. if($stmt->rowCount() == 1) {
  1094. $IPPrice = $stmt->fetch(PDO::FETCH_ASSOC);
  1095. $price = $product->DeclarePrice($IPPrice['IPPrice'], $product_quantity, $quantity);
  1096. } else {
  1097. if($UserGroup == 'reseller') {
  1098. if(!empty($row['ProductResellerPrice']))
  1099. $price = $product->DeclarePrice($row['ProductResellerPrice'], $product_quantity, $quantity);
  1100. else
  1101. $price = $product->DeclarePrice($row['ProductPrice'], $product_quantity, $quantity);
  1102. } else {
  1103. $price = $product->DeclarePrice($row['ProductPrice'], $product_quantity, $quantity);
  1104. }
  1105. }
  1106. echo round($price, 2);
  1107. } else {
  1108. echo 'Invalid quantity.';
  1109. }
  1110. } else {
  1111. echo 'Invalid Product ID.';
  1112. }
  1113. } else {
  1114. echo 'Fill all fields correctly.';
  1115. }
  1116. }
  1117.  
  1118. /* GET PRODUCT DETAILS (SUCH AS QUANTITY, PRICE) */
  1119.  
  1120. if(isset($_POST['action']) && $_POST['action'] == 'product-details') {
  1121. if(isset($_POST['details']) && isset($_POST['product-id']) && !empty($_POST['details']) && !empty($_POST['product-id']) && is_string($_POST['details']) && ctype_digit($_POST['product-id'])) {
  1122. $Details = strip_tags(stripslashes($_POST['details']));
  1123. $ProductID = strip_tags(stripslashes($_POST['product-id']));
  1124.  
  1125. $stmt = $pdo->prepare('SELECT * FROM products WHERE ProductID = :ProductID');
  1126. $stmt->bindParam(':ProductID', $ProductID);
  1127. $stmt->execute();
  1128.  
  1129. if($stmt->rowCount() > 0) {
  1130. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  1131. echo $row[$Details];
  1132. } else {
  1133. echo 'Error.';
  1134. }
  1135. }
  1136. }
  1137.  
  1138. /* UPDATE ACCOUNT AVATAR */
  1139.  
  1140. if(is_array($_FILES) && isset($_FILES['avatar'])) {
  1141. if(is_uploaded_file($_FILES['avatar']['tmp_name'])) {
  1142. if(($_FILES['avatar']['type'] == 'image/gif') || ($_FILES['avatar']['type'] == 'image/jpeg') || ($_FILES['avatar']['type'] == 'image/png')) {
  1143. $image_info = getimagesize($_FILES["avatar"]["tmp_name"]);
  1144. $image_width = $image_info[0];
  1145. $image_height = $image_info[1];
  1146. if($image_width > 512 && $image_height > 512) {
  1147. echo 'Maximum image size: width: 512px & height: 512px.';
  1148. } else {
  1149. $image = addslashes(file_get_contents($_FILES['avatar']['tmp_name']));
  1150. $UserID = $user->GetData('UserID');
  1151.  
  1152. $stmt = $pdo->prepare('UPDATE users SET UserImage = :UserImage WHERE UserID = :UserID');
  1153. $stmt->execute(array(':UserImage' => $image, ':UserID' => $UserID));
  1154. }
  1155. } else {
  1156. echo 'Image format not supported, or image is corrupt.';
  1157. }
  1158. } else {
  1159. echo 'An error occurred.';
  1160. }
  1161. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!