function display_msg($msg = '')
{
$output = array();
if (!empty($msg)) {
foreach ($msg as $key => $value) {
$output = "<div class=\"alert alert-{$key}\">";
$output .= "<a href=\"#\" class=\"close\" data-dismiss=\"alert\">×</a>";
$output .= remove_junk(first_character($value));
$output .= "</div>";
}
return $output;
} else {
return "";
}
}
}
?>
</select>
</td>
<td>
<?php
if ($product['hasMAC'] > 0) {
echo "<input type='text' class='form-control' name='mac' maxlength='17' value='{$mac}' >";
} else {
echo "<input type='text' class='form-control' name='mac' maxlength='17' value='{$mac}' readonly>";
}
?>
</td>
<td>
<textarea name="comment" rows="1" style="width: 100%"><?php
echo remove_junk($sale['comment']);
?>
</textarea>
</td>
<td>
<button type="submit" name="update_sale" class="btn btn-primary">Oppdater Retur</button>
</td>
</form>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<?php
include_once 'includes/load.php';
$req_fields = array('username', 'password');
validate_fields($req_fields);
$username = remove_junk($_POST['username']);
$password = remove_junk($_POST['password']);
if (empty($errors)) {
$user = authenticate_v2($username, $password);
if ($user) {
//create session with id
$session->login($user['id']);
//Update Sign in time
updateLastLogIn($user['id']);
// redirect user to group home page by user level
if ($user['user_level'] === '1') {
$session->msg("s", "Hello " . $user['username'] . ", Welcome to OSWA-INV.");
redirect('admin.php', false);
} elseif ($user['user_level'] === '2') {
$session->msg("s", "Hello " . $user['username'] . ", Welcome to OSWA-INV.");
redirect('special.php', false);
} else {
$session->msg("s", "Hello " . $user['username'] . ", Welcome to OSWA-INV.");
redirect('home.php', false);
}
} else {
$session->msg("d", "Sorry Username/Password incorrect.");
redirect('index.php', false);
}
} else {
$session->msg("d", $errors);
function find_product_by_title($product_name)
{
global $db;
$p_name = remove_junk($db->escape($product_name));
$sql = "SELECT name FROM products WHERE name like '%{$p_name}%' LIMIT 5";
$result = find_by_sql($sql);
return $result;
}
<?php
$page_title = 'Add User';
require_once 'includes/load.php';
// Checking userlevel
page_require_level(1);
$groups = find_all('user_groups');
if (isset($_POST['add_user'])) {
$req_fields = array('full-name', 'username', 'password', 'level');
validate_fields($req_fields);
if (empty($errors)) {
$name = remove_junk($db->escape($_POST['full-name']));
$username = remove_junk($db->escape($_POST['username']));
$password = remove_junk($db->escape($_POST['password']));
$user_level = (int) $db->escape($_POST['level']);
$password = sha1($password);
$query = "INSERT INTO users (";
$query .= "name,username,password,user_level,status";
$query .= ") VALUES (";
$query .= " '{$name}', '{$username}', '{$password}', '{$user_level}','1'";
$query .= ")";
if ($db->query($query)) {
//success
echo 'papp';
if (mysqli_connect_errno() == 1062) {
die('BANANA!');
}
$session->msg('s', "User account has been created! ");
// redirect('add_user.php', false);
} else {
//failed
<div class="panel-heading">
<strong>
<span class="glyphicon glyphicon-th"></span>
<span>Editing <?php
echo remove_junk(ucfirst($categorie['name']));
?>
</span>
</strong>
</div>
<div class="panel-body">
<form method="post" action="edit_categorie.php?id=<?php
echo (int) $categorie['id'];
?>
">
<div class="form-group">
<input type="text" class="form-control" name="categorie-name" value="<?php
echo remove_junk(ucfirst($categorie['name']));
?>
">
</div>
<button type="submit" name="edit_cat" class="btn btn-primary">Update categorie</button>
</form>
</div>
</div>
</div>
</div>
<?php
include_once 'layouts/footer.php';
<div class="header-date pull-left">
<strong><?php
echo date("F j, Y, g:i a");
?>
</strong>
</div>
<div class="pull-right clearfix">
<ul class="info-menu list-inline list-unstyled">
<li class="profile">
<a href="#" data-toggle="dropdown" class="toggle" aria-expanded="false">
<img src="uploads/users/<?php
echo $user['image'];
?>
" alt="user-image" class="img-circle img-inline">
<span><?php
echo remove_junk(ucfirst($user['name']));
?>
<i class="caret"></i></span>
</a>
<ul class="dropdown-menu">
<li>
<a href="profile.php?id=<?php
echo (int) $user['id'];
?>
">
<i class="glyphicon glyphicon-user"></i>
Profile
</a>
</li>
<li>
<a href="edit_account.php" title="edit account">
?>
<tr>
<td class="text-center"><?php
echo count_id();
?>
</td>
<td><?php
echo remove_junk($sale['name']);
?>
</td>
<td class="text-center"><?php
echo (int) $sale['qty'];
?>
</td>
<td class="text-center"><?php
echo remove_junk($sale['total_saleing_price']);
?>
,-</td>
<td class="text-center"><?php
echo $sale['date'];
?>
</td>
<td class="text-center"><?php
echo first_character($sale['username']);
?>
</td>
</tr>
<?php
}
?>
</tbody>
// Checking userlevel
page_require_level(1);
if (isset($_POST['add'])) {
$req_fields = array('group-name', 'group-level');
validate_fields($req_fields);
if (find_by_groupName($_POST['group-name']) === false) {
$session->msg('d', '<b>Sorry!</b> Entered Group Name already in database!');
redirect('add_group.php', false);
} elseif (find_by_groupLevel($_POST['group-level']) === false) {
$session->msg('d', '<b>Sorry!</b> Entered Group Level already in database!');
redirect('add_group.php', false);
}
if (empty($errors)) {
$name = remove_junk($db->escape($_POST['group-name']));
$level = remove_junk($db->escape($_POST['group-level']));
$status = remove_junk($db->escape($_POST['status']));
$query = "INSERT INTO user_groups (";
$query .= "group_name,group_level,group_status";
$query .= ") VALUES (";
$query .= " '{$name}', '{$level}','{$status}'";
$query .= ")";
if ($db->query($query)) {
//sucess
$session->msg('s', "Group has been created! ");
redirect('add_group.php', false);
} else {
//failed
$session->msg('d', ' Sorry failed to create Group!');
redirect('add_group.php', false);
}
} else {
</h6>
</td>
<td class="text-right"><?php
echo remove_junk($result['buy_price']);
?>
</td>
<td class="text-right"><?php
echo remove_junk($result['sale_price']);
?>
</td>
<td class="text-right"><?php
echo remove_junk($result['total_sales']);
?>
</td>
<td class="text-right"><?php
echo remove_junk($result['total_saleing_price']);
?>
</td>
</tr>
<?php
}
?>
</tbody>
<tfoot>
<tr class="text-right">
<td colspan="4"></td>
<td colspan="1">Grand Total</td>
<td> $
<?php
echo number_format(add($results)[0], 2);
?>
">
<?php
echo (int) $recent_sale['id'];
?>
</a>
</td>
<td><?php
echo remove_junk(ucfirst($recent_sale['name']));
?>
</td>
<td><?php
echo remove_junk(ucfirst($recent_sale['date']));
?>
</td>
<td>$<?php
echo remove_junk(ucfirst($recent_sale['price']));
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<?php
?>
<div class="login-page">
<div class="text-center">
<h3>Edit Group</h3>
</div>
<?php
echo display_msg($msg);
?>
<form method="post" action="edit_group.php?id=<?php
echo (int) $e_group['id'];
?>
" class="clearfix">
<div class="form-group">
<label for="name" class="control-label">Group Name</label>
<input type="name" class="form-control" name="group-name" value="<?php
echo remove_junk(ucwords($e_group['group_name']));
?>
">
</div>
<div class="form-group">
<label for="level" class="control-label">Group Level</label>
<input type="number" class="form-control" name="group-level" value="<?php
echo (int) $e_group['group_level'];
?>
">
</div>
<div class="form-group">
<label for="status">Status</label>
<select class="form-control" name="status">
<option <?php
if ($e_group['group_status'] === '1') {
<tbody>
<?php
foreach ($all_groups as $a_group) {
?>
<tr>
<td class="text-center"><?php
echo count_id();
?>
</td>
<td><?php
echo remove_junk(ucwords($a_group['group_name']));
?>
</td>
<td class="text-center">
<?php
echo remove_junk(ucwords($a_group['group_level']));
?>
</td>
<td class="text-center">
<?php
if ($a_group['group_status'] === '1') {
?>
<span class="label label-success"><?php
echo "Aktiv";
?>
</span>
<?php
} else {
?>
<span class="label label-danger"><?php
echo "Inaktiv";
<?php
$results = '';
require_once 'includes/load.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
if (isset($_POST['submit'])) {
$req_dates = array('start-date', 'end-date');
validate_fields($req_dates);
if (empty($errors)) {
$start_date = remove_junk(real_escape($_POST['start-date']));
$end_date = remove_junk(real_escape($_POST['end-date']));
$results = find_sale_by_dates($start_date, $end_date);
} else {
$session->msg("d", $errors);
redirect('sales_report.php', false);
}
}
include_once 'layouts/header.php';
?>
<div class="row">
<div class="col-md-6">
<?php
echo display_msg($msg);
?>
</div>
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
</div>
private function chunker(&$text, $style = "")
{
$errors = null;
$text = collapse_spaces($text);
$textarr = split_string($text);
$chunksarr = split_on_spaces($textarr, $this->spaces);
if ($style == "clean") {
$chunksarr = remove_junk($chunksarr);
}
$chunkhashes = null;
foreach ($chunksarr as $end => &$chunkarr) {
$chunkhashes[$end] = count_words($chunkarr);
}
if (!$chunkhashes) {
$errors[] = "Could not hash chunks. Huh.";
trigger_error("Could not hash chunks. Huh.");
return $errors;
}
// if cleaned style, remove all bad words and lc
$max = array_pop(array_keys($textarr)) + 1;
$maxlen = strlen("{$max}");
$pad = "%0{$maxlen}s";
foreach ($chunksarr as $end => $chunkarr) {
$endpad = $end + 1;
$endpad = sprintf($pad, $endpad);
$out = $this->write_txt($chunkarr, $endpad, $style);
$out2 = $this->write_csv($chunkhashes[$end], $endpad, $style);
if ($out || $out2) {
$errors = array_merge($out, $out2, $errors);
}
}
if ($errors) {
rrmdir($this->folder);
trigger_error("Something in the chunking process went wrong.");
}
return $errors;
}
<input type="text" class="form-control" name="buying-price" value="<?php
echo remove_junk($product['buy_price']);
?>
">
<span class="input-group-addon">Buying Price</span>
</div>
</div>
</div>
<div class="col-xs-4">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon">
<i class="glyphicon glyphicon-usd"></i>
</span>
<input type="text" class="form-control" name="saleing-price" value="<?php
echo remove_junk($product['sale_price']);
?>
">
<span class="input-group-addon">Saleing Price</span>
</div>
</div>
</div>
<div class="col-md-3">
<button type="submit" name="product" class="btn btn-primary">Eidt Product</button>
</div>
</form>
</div>
</div>
<?php
include_once 'layouts/footer.php';
page_require_level(2);
$all_categories = find_all('categories');
$all_photo = find_all('media');
if (isset($_POST['add_product'])) {
$req_fields = array('product-title', 'product-categorie', 'product-quantity', 'buying-price', 'saleing-price');
validate_fields($req_fields);
if (empty($errors)) {
$p_name = remove_junk($db->escape($_POST['product-title']));
$p_cat = remove_junk($db->escape($_POST['product-categorie']));
$p_qty = remove_junk($db->escape($_POST['product-quantity']));
$p_buy = remove_junk($db->escape($_POST['buying-price']));
$p_sale = remove_junk($db->escape($_POST['saleing-price']));
if (is_null($_POST['product-photo']) || $_POST['product-photo'] === "") {
$media_id = '0';
} else {
$media_id = remove_junk($db->escape($_POST['product-photo']));
}
$date = make_date();
$query = "INSERT INTO products (";
$query .= " name,quantity,buy_price,sale_price,categorie_id,media_id,date";
$query .= ") VALUES (";
$query .= " '{$p_name}', '{$p_qty}', '{$p_buy}', '{$p_sale}', '{$p_cat}', '{$media_id}', '{$date}'";
$query .= ")";
$query .= " ON DUPLICATE KEY UPDATE name='{$p_name}'";
if ($db->query($query)) {
$session->msg('s', "Product added ");
redirect('add_product.php', false);
} else {
$session->msg('d', ' Sorry failed to added!');
redirect('product.php', false);
}
<div class="text-center">
<h3>Update user account</h3>
</div>
<?php
echo display_msg($msg);
?>
<form method="post" action="edit_user.php?id=<?php
echo (int) $e_user['id'];
?>
" class="clearfix">
<div class="form-group">
<label for="name" class="control-label">Name</label>
<input type="name" class="form-control" name="name" value="<?php
echo remove_junk(ucwords($e_user['name']));
?>
">
</div>
<div class="form-group">
<label for="username" class="control-label">Username</label>
<input type="text" class="form-control" name="username" value="<?php
echo remove_junk(ucwords($e_user['username']));
?>
">
</div>
<div class="form-group clearfix">
<button type="submit" name="update" class="btn btn-info">Update</button>
</div>
</form>
</div>
<?php
include_once 'layouts/footer.php';
$html .= "<li class=\"list-group-item\">";
$html .= $product['name'];
$html .= "</li>";
}
} else {
$html .= '<li onClick=\\"fill(\'' . addslashes() . '\')\\" class=\\"list-group-item\\">';
$html .= 'Not found';
$html .= "</li>";
}
echo json_encode($html);
}
?>
<?php
// find all product
if (isset($_POST['p_name']) && strlen($_POST['p_name'])) {
$product_title = remove_junk($db->escape($_POST['p_name']));
if ($results = find_all_product_info_by_title($product_title)) {
foreach ($results as $result) {
$html .= "<tr>";
$html .= "<td id=\"s_name\">" . $result['name'] . "</td>";
$html .= "<input type=\"hidden\" name=\"s_id\" value=\"{$result['id']}\">";
$html .= "<td>";
$html .= "<input type=\"text\" class=\"form-control\" name=\"price\" value=\"{$result['sale_price']}\">";
$html .= "</td>";
$html .= "<td id=\"s_qty\">";
$html .= "<input type=\"text\" class=\"form-control\" name=\"quantity\" value=\"1\">";
$html .= "</td>";
$html .= "<td>";
$html .= "<input type=\"text\" class=\"form-control\" name=\"total\" value=\"{$result['sale_price']}\">";
$html .= "</td>";
$html .= "<td>";
$page_title = 'Change Password';
require_once 'includes/load.php';
// Checking userlevel
page_require_level(3);
$user = current_user();
if (isset($_POST['update'])) {
$req_fields = array('new-password', 'old-password', 'id');
validate_fields($req_fields);
if (empty($errors)) {
if (sha1($_POST['old-password']) !== current_user()['password']) {
$session->msg('d', "Your old password not match");
redirect('change_password.php', false);
}
$id = (int) $_POST['id'];
$new = remove_junk($db->escape(sha1($_POST['new-password'])));
$sql = "UPDATE users SET password ='******' WHERE id='{$db->escape($id)}'";
$result = $db->query($sql);
if ($result && $db->affected_rows() === 1) {
$session->logout();
$session->msg('s', "Login with your new password.");
redirect('index.php', false);
} else {
$session->msg('d', ' Sorry failed to updated!');
redirect('change_password.php', false);
}
} else {
$session->msg("d", $errors);
redirect('change_password.php', false);
}
}
?>
</td>
<td><?php
echo remove_junk($sale['name']);
?>
</td>
<td><?php
echo (int) $sale['qty'];
?>
</td>
<td><?php
echo remove_junk($sale['price']);
?>
</td>
<td><?php
echo remove_junk($sale['date']);
?>
</td>
<td>
<a href="edit_sale.php?id=<?php
echo (int) $sale['id'];
?>
" class="btn btn-warning btn-xs" title="Edit">
<span class="glyphicon glyphicon-edit"></span>
</a>
<a href="delete_categorie.php?id=<?php
echo (int) $sale['id'];
?>
" class="btn btn-danger btn-xs" title="Edit">
<span class="glyphicon glyphicon-trash"></span>
</a>
?>
</td>
<td><?php
echo remove_junk(first_character($recent_sale['name']));
?>
</td>
<td><?php
echo remove_junk(ucfirst($recent_sale['date']));
?>
</td>
<td><?php
echo remove_junk(first_character($recent_sale['price']));
?>
,-</td>
<td><?php
echo remove_junk(first_character($recent_sale['username']));
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
</div>
</div>
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
<th class="text-center" style="width: 50px;">#</th>
<th>Kategorier</th>
<th class="text-center" style="width: 100px;">Handlinger</th>
</tr>
</thead>
<tbody>
<?php
foreach ($all_categories as $cat) {
?>
<tr>
<td class="text-center"><?php
echo count_id();
?>
</td>
<td><?php
echo remove_junk(ucfirst($cat['name']));
?>
</td>
<td class="text-center">
<div class="btn-group">
<a href="edit_categorie.php?id=<?php
echo (int) $cat['id'];
?>
" class="btn btn-xs btn-warning" data-toggle="tooltip" title="Edit">
<span class="glyphicon glyphicon-edit"></span>
</a>
<a href="delete_categorie.php?id=<?php
echo (int) $cat['id'];
?>
" class="btn btn-xs btn-danger" data-toggle="tooltip" title="Remove">
<span class="glyphicon glyphicon-trash"></span>
require_once 'includes/load.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
$user = current_user();
if (isset($_POST['update'])) {
$req_fields = array('new-password', 'old-password');
validate_fields($req_fields);
if (sha1($_POST['old-password']) !== current_user()['password']) {
$errors = "Your old password not match";
$session->msg('d', $errors);
redirect('change_password.php', false);
}
if (empty($errors)) {
$id = (int) $_SESSION['user_id'];
$new = remove_junk(real_escape(sha1($_POST['new-password'])));
$sql = "UPDATE users SET password ='******' WHERE id='{$id}'";
$result = mysqli_query($con, $sql);
if ($result && mysqli_affected_rows($con) == 1) {
$session->msg('s', "Acount updated");
redirect('change_password.php', false);
} else {
$session->msg('d', ' Sorry failed to updated!');
redirect('change_password.php', false);
}
} else {
$session->msg("d", $errors);
redirect('change_password.php', false);
}
}
include_once 'layouts/header.php';
?>
<tr>
<td class="text-center"><?php
echo count_id();
?>
</td>
<td><?php
echo remove_junk($sale['name']);
?>
</td>
<td class="text-center"><?php
echo (int) $sale['qty'];
?>
</td>
<td class="text-center"><?php
echo remove_junk($sale['price']);
?>
,-</td>
<td class="text-center"><?php
echo $sale['date'];
?>
</td>
<?php
if (get_userlevel() == 1) {
echo "<td class='text-center'>{$sale['username']}</td> ";
}
?>
<td class="text-center"><?php
echo $sale['custnr'];
?>
</td>
?>
<tr>
<td class="text-center"><?php
echo count_id();
?>
</td>
<td><?php
echo remove_junk(ucwords($a_user['name']));
?>
</td>
<td><?php
echo remove_junk(ucwords($a_user['username']));
?>
</td>
<td class="text-center"><?php
echo remove_junk(ucwords($a_user['group_name']));
?>
</td>
<td class="text-center">
<?php
if ($a_user['status'] === '1') {
?>
<span class="label label-success"><?php
echo "Aktiv";
?>
</span>
<?php
} else {
?>
<span class="label label-danger"><?php
echo "Inaktiv";
while ($row = mysqli_fetch_array($result)) {
$html .= "<li class=\"list-group-item\">";
$html .= $row['name'];
$html .= "</li>";
}
} else {
$html .= '<li onClick=\\"fill(\'' . addslashes() . '\')\\" class=\\"list-group-item\\">';
$html .= 'Not found';
$html .= "</li>";
}
echo json_encode($html);
}
?>
<?php
if (isset($_POST['p_name']) && strlen($_POST['p_name'])) {
$product_title = remove_junk(real_escape($_POST['p_name']));
if ($results = find_product_views_by_name($product_title)) {
foreach ($results as $result) {
$html .= "<tr>";
$html .= "<td id=\"s_name\">" . $result['name'] . "</td>";
$html .= "<input type=\"hidden\" name=\"s_id\" value=\"{$result['id']}\">";
$html .= "<td>";
$html .= "<input type=\"text\" class=\"form-control\" name=\"price\" value=\"{$result['sale_price']}\">";
$html .= "</td>";
$html .= "<td id=\"s_qty\">";
$html .= "<input type=\"text\" class=\"form-control\" name=\"quantity\" value=\"1\">";
$html .= "</td>";
$html .= "<td>";
$html .= "<input type=\"text\" class=\"form-control\" name=\"total\" value=\"{$result['sale_price']}\">";
$html .= "</td>";
$html .= "<td>";
function find_by_cat_id($id)
{
global $con;
$cat_id = remove_junk((int) $id);
$sql = "SELECT * FROM categories WHERE id='{$id}'";
$row = mysqli_query($con, $sql);
check_query($row);
if ($result = mysqli_fetch_assoc($row)) {
return $result;
} else {
return null;
}
}
$page_title = 'Returrapport';
$results = '';
require_once 'includes/load.php';
// Checking userlevel
page_require_level(1);
if (isset($_POST['submit'])) {
$req_dates = array('start-date', 'end-date');
validate_fields($req_dates);
$returnCategories = find_all('returnCategory');
if (empty($errors)) {
$idArray = [];
$resultArray = [];
$end_date_storage = [];
$return_total = [];
$start_date = remove_junk($db->escape($_POST['start-date']));
$end_date = remove_junk($db->escape($_POST['end-date']));
//finner alle unike produktid-er der det har vært trades.
$p_id = get_unique_pid_trades($start_date, $end_date);
//Pusher de til array så de kan lett itereres.
foreach ($p_id as $id) {
array_push($idArray, $id);
array_push($return_total, get_trade_total($start_date, $end_date, $id['product_id']));
}
//skal her hente ut returinfo for produktene. har produkt-id, trenger kun hvor mange som har blitt returnert av hver FK_returncategoryID
//må mekke en funksjon som returnerer summen av antallet som har vært returnert. Array i en array? Sjekke for p_id og deretter RC_id per funksjon? Så springe en liten for-loop inne i foreach.
} else {
$session->msg("d", $errors);
redirect('sales_report.php', false);
}
} else {
$session->msg("d", "Velg datoer");
<?php
require_once 'includes/load.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
$all_categories = all_catgories();
if (isset($_POST['add_product'])) {
$req_fields = array('product-title', 'product-categorie', 'product-quantity', 'buying-price', 'saleing-price');
validate_fields($req_fields);
if (empty($errors)) {
$p_name = remove_junk(real_escape($_POST['product-title']));
$p_cat = remove_junk(real_escape($_POST['product-categorie']));
$p_qty = remove_junk(real_escape($_POST['product-quantity']));
$p_buy = remove_junk(real_escape($_POST['buying-price']));
$p_sale = remove_junk(real_escape($_POST['saleing-price']));
$query = "INSERT INTO products (";
$query .= " name,quantity,buy_price,sale_price,categorie_id";
$query .= ") VALUES (";
$query .= " '{$p_name}', '{$p_qty}', '{$p_buy}', '{$p_sale}', '{$p_cat}'";
$query .= ")";
$query .= " ON DUPLICATE KEY UPDATE name='{$p_name}'";
$result = mysqli_query($con, $query);
if ($result) {
$session->msg('s', "Product added ");
redirect('add_product.php', false);
} else {
$session->msg('d', ' Sorry failed to added!');
redirect('product.php', false);
}
} else {
