function display_msg($msg = '') { $output = array(); if (!empty($msg)) { foreach ($msg as $key => $value) { $output = "<div class=\"alert alert-{$key}\">"; $output .= "<a href=\"#\" class=\"close\" data-dismiss=\"alert\">×</a>"; $output .= remove_junk(first_character($value)); $output .= "</div>"; } return $output; } else { return ""; } }
} ?> </select> </td> <td> <?php if ($product['hasMAC'] > 0) { echo "<input type='text' class='form-control' name='mac' maxlength='17' value='{$mac}' >"; } else { echo "<input type='text' class='form-control' name='mac' maxlength='17' value='{$mac}' readonly>"; } ?> </td> <td> <textarea name="comment" rows="1" style="width: 100%"><?php echo remove_junk($sale['comment']); ?> </textarea> </td> <td> <button type="submit" name="update_sale" class="btn btn-primary">Oppdater Retur</button> </td> </form> </tr> </tbody> </table> </div> </div> </div>
<?php include_once 'includes/load.php'; $req_fields = array('username', 'password'); validate_fields($req_fields); $username = remove_junk($_POST['username']); $password = remove_junk($_POST['password']); if (empty($errors)) { $user = authenticate_v2($username, $password); if ($user) { //create session with id $session->login($user['id']); //Update Sign in time updateLastLogIn($user['id']); // redirect user to group home page by user level if ($user['user_level'] === '1') { $session->msg("s", "Hello " . $user['username'] . ", Welcome to OSWA-INV."); redirect('admin.php', false); } elseif ($user['user_level'] === '2') { $session->msg("s", "Hello " . $user['username'] . ", Welcome to OSWA-INV."); redirect('special.php', false); } else { $session->msg("s", "Hello " . $user['username'] . ", Welcome to OSWA-INV."); redirect('home.php', false); } } else { $session->msg("d", "Sorry Username/Password incorrect."); redirect('index.php', false); } } else { $session->msg("d", $errors);
function find_product_by_title($product_name) { global $db; $p_name = remove_junk($db->escape($product_name)); $sql = "SELECT name FROM products WHERE name like '%{$p_name}%' LIMIT 5"; $result = find_by_sql($sql); return $result; }
<?php $page_title = 'Add User'; require_once 'includes/load.php'; // Checking userlevel page_require_level(1); $groups = find_all('user_groups'); if (isset($_POST['add_user'])) { $req_fields = array('full-name', 'username', 'password', 'level'); validate_fields($req_fields); if (empty($errors)) { $name = remove_junk($db->escape($_POST['full-name'])); $username = remove_junk($db->escape($_POST['username'])); $password = remove_junk($db->escape($_POST['password'])); $user_level = (int) $db->escape($_POST['level']); $password = sha1($password); $query = "INSERT INTO users ("; $query .= "name,username,password,user_level,status"; $query .= ") VALUES ("; $query .= " '{$name}', '{$username}', '{$password}', '{$user_level}','1'"; $query .= ")"; if ($db->query($query)) { //success echo 'papp'; if (mysqli_connect_errno() == 1062) { die('BANANA!'); } $session->msg('s', "User account has been created! "); // redirect('add_user.php', false); } else { //failed
<div class="panel-heading"> <strong> <span class="glyphicon glyphicon-th"></span> <span>Editing <?php echo remove_junk(ucfirst($categorie['name'])); ?> </span> </strong> </div> <div class="panel-body"> <form method="post" action="edit_categorie.php?id=<?php echo (int) $categorie['id']; ?> "> <div class="form-group"> <input type="text" class="form-control" name="categorie-name" value="<?php echo remove_junk(ucfirst($categorie['name'])); ?> "> </div> <button type="submit" name="edit_cat" class="btn btn-primary">Update categorie</button> </form> </div> </div> </div> </div> <?php include_once 'layouts/footer.php';
<div class="header-date pull-left"> <strong><?php echo date("F j, Y, g:i a"); ?> </strong> </div> <div class="pull-right clearfix"> <ul class="info-menu list-inline list-unstyled"> <li class="profile"> <a href="#" data-toggle="dropdown" class="toggle" aria-expanded="false"> <img src="uploads/users/<?php echo $user['image']; ?> " alt="user-image" class="img-circle img-inline"> <span><?php echo remove_junk(ucfirst($user['name'])); ?> <i class="caret"></i></span> </a> <ul class="dropdown-menu"> <li> <a href="profile.php?id=<?php echo (int) $user['id']; ?> "> <i class="glyphicon glyphicon-user"></i> Profile </a> </li> <li> <a href="edit_account.php" title="edit account">
?> <tr> <td class="text-center"><?php echo count_id(); ?> </td> <td><?php echo remove_junk($sale['name']); ?> </td> <td class="text-center"><?php echo (int) $sale['qty']; ?> </td> <td class="text-center"><?php echo remove_junk($sale['total_saleing_price']); ?> ,-</td> <td class="text-center"><?php echo $sale['date']; ?> </td> <td class="text-center"><?php echo first_character($sale['username']); ?> </td> </tr> <?php } ?> </tbody>
// Checking userlevel page_require_level(1); if (isset($_POST['add'])) { $req_fields = array('group-name', 'group-level'); validate_fields($req_fields); if (find_by_groupName($_POST['group-name']) === false) { $session->msg('d', '<b>Sorry!</b> Entered Group Name already in database!'); redirect('add_group.php', false); } elseif (find_by_groupLevel($_POST['group-level']) === false) { $session->msg('d', '<b>Sorry!</b> Entered Group Level already in database!'); redirect('add_group.php', false); } if (empty($errors)) { $name = remove_junk($db->escape($_POST['group-name'])); $level = remove_junk($db->escape($_POST['group-level'])); $status = remove_junk($db->escape($_POST['status'])); $query = "INSERT INTO user_groups ("; $query .= "group_name,group_level,group_status"; $query .= ") VALUES ("; $query .= " '{$name}', '{$level}','{$status}'"; $query .= ")"; if ($db->query($query)) { //sucess $session->msg('s', "Group has been created! "); redirect('add_group.php', false); } else { //failed $session->msg('d', ' Sorry failed to create Group!'); redirect('add_group.php', false); } } else {
</h6> </td> <td class="text-right"><?php echo remove_junk($result['buy_price']); ?> </td> <td class="text-right"><?php echo remove_junk($result['sale_price']); ?> </td> <td class="text-right"><?php echo remove_junk($result['total_sales']); ?> </td> <td class="text-right"><?php echo remove_junk($result['total_saleing_price']); ?> </td> </tr> <?php } ?> </tbody> <tfoot> <tr class="text-right"> <td colspan="4"></td> <td colspan="1">Grand Total</td> <td> $ <?php echo number_format(add($results)[0], 2); ?>
"> <?php echo (int) $recent_sale['id']; ?> </a> </td> <td><?php echo remove_junk(ucfirst($recent_sale['name'])); ?> </td> <td><?php echo remove_junk(ucfirst($recent_sale['date'])); ?> </td> <td>$<?php echo remove_junk(ucfirst($recent_sale['price'])); ?> </td> </tr> <?php } ?> </tbody> </table> </div> </div> </div> </div> <?php
?> <div class="login-page"> <div class="text-center"> <h3>Edit Group</h3> </div> <?php echo display_msg($msg); ?> <form method="post" action="edit_group.php?id=<?php echo (int) $e_group['id']; ?> " class="clearfix"> <div class="form-group"> <label for="name" class="control-label">Group Name</label> <input type="name" class="form-control" name="group-name" value="<?php echo remove_junk(ucwords($e_group['group_name'])); ?> "> </div> <div class="form-group"> <label for="level" class="control-label">Group Level</label> <input type="number" class="form-control" name="group-level" value="<?php echo (int) $e_group['group_level']; ?> "> </div> <div class="form-group"> <label for="status">Status</label> <select class="form-control" name="status"> <option <?php if ($e_group['group_status'] === '1') {
<tbody> <?php foreach ($all_groups as $a_group) { ?> <tr> <td class="text-center"><?php echo count_id(); ?> </td> <td><?php echo remove_junk(ucwords($a_group['group_name'])); ?> </td> <td class="text-center"> <?php echo remove_junk(ucwords($a_group['group_level'])); ?> </td> <td class="text-center"> <?php if ($a_group['group_status'] === '1') { ?> <span class="label label-success"><?php echo "Aktiv"; ?> </span> <?php } else { ?> <span class="label label-danger"><?php echo "Inaktiv";
<?php $results = ''; require_once 'includes/load.php'; if (!$session->isUserLoggedIn(true)) { redirect('index.php', false); } if (isset($_POST['submit'])) { $req_dates = array('start-date', 'end-date'); validate_fields($req_dates); if (empty($errors)) { $start_date = remove_junk(real_escape($_POST['start-date'])); $end_date = remove_junk(real_escape($_POST['end-date'])); $results = find_sale_by_dates($start_date, $end_date); } else { $session->msg("d", $errors); redirect('sales_report.php', false); } } include_once 'layouts/header.php'; ?> <div class="row"> <div class="col-md-6"> <?php echo display_msg($msg); ?> </div> <div class="col-md-12"> <div class="panel panel-default"> <div class="panel-heading"> </div>
private function chunker(&$text, $style = "") { $errors = null; $text = collapse_spaces($text); $textarr = split_string($text); $chunksarr = split_on_spaces($textarr, $this->spaces); if ($style == "clean") { $chunksarr = remove_junk($chunksarr); } $chunkhashes = null; foreach ($chunksarr as $end => &$chunkarr) { $chunkhashes[$end] = count_words($chunkarr); } if (!$chunkhashes) { $errors[] = "Could not hash chunks. Huh."; trigger_error("Could not hash chunks. Huh."); return $errors; } // if cleaned style, remove all bad words and lc $max = array_pop(array_keys($textarr)) + 1; $maxlen = strlen("{$max}"); $pad = "%0{$maxlen}s"; foreach ($chunksarr as $end => $chunkarr) { $endpad = $end + 1; $endpad = sprintf($pad, $endpad); $out = $this->write_txt($chunkarr, $endpad, $style); $out2 = $this->write_csv($chunkhashes[$end], $endpad, $style); if ($out || $out2) { $errors = array_merge($out, $out2, $errors); } } if ($errors) { rrmdir($this->folder); trigger_error("Something in the chunking process went wrong."); } return $errors; }
<input type="text" class="form-control" name="buying-price" value="<?php echo remove_junk($product['buy_price']); ?> "> <span class="input-group-addon">Buying Price</span> </div> </div> </div> <div class="col-xs-4"> <div class="form-group"> <div class="input-group"> <span class="input-group-addon"> <i class="glyphicon glyphicon-usd"></i> </span> <input type="text" class="form-control" name="saleing-price" value="<?php echo remove_junk($product['sale_price']); ?> "> <span class="input-group-addon">Saleing Price</span> </div> </div> </div> <div class="col-md-3"> <button type="submit" name="product" class="btn btn-primary">Eidt Product</button> </div> </form> </div> </div> <?php include_once 'layouts/footer.php';
page_require_level(2); $all_categories = find_all('categories'); $all_photo = find_all('media'); if (isset($_POST['add_product'])) { $req_fields = array('product-title', 'product-categorie', 'product-quantity', 'buying-price', 'saleing-price'); validate_fields($req_fields); if (empty($errors)) { $p_name = remove_junk($db->escape($_POST['product-title'])); $p_cat = remove_junk($db->escape($_POST['product-categorie'])); $p_qty = remove_junk($db->escape($_POST['product-quantity'])); $p_buy = remove_junk($db->escape($_POST['buying-price'])); $p_sale = remove_junk($db->escape($_POST['saleing-price'])); if (is_null($_POST['product-photo']) || $_POST['product-photo'] === "") { $media_id = '0'; } else { $media_id = remove_junk($db->escape($_POST['product-photo'])); } $date = make_date(); $query = "INSERT INTO products ("; $query .= " name,quantity,buy_price,sale_price,categorie_id,media_id,date"; $query .= ") VALUES ("; $query .= " '{$p_name}', '{$p_qty}', '{$p_buy}', '{$p_sale}', '{$p_cat}', '{$media_id}', '{$date}'"; $query .= ")"; $query .= " ON DUPLICATE KEY UPDATE name='{$p_name}'"; if ($db->query($query)) { $session->msg('s', "Product added "); redirect('add_product.php', false); } else { $session->msg('d', ' Sorry failed to added!'); redirect('product.php', false); }
<div class="text-center"> <h3>Update user account</h3> </div> <?php echo display_msg($msg); ?> <form method="post" action="edit_user.php?id=<?php echo (int) $e_user['id']; ?> " class="clearfix"> <div class="form-group"> <label for="name" class="control-label">Name</label> <input type="name" class="form-control" name="name" value="<?php echo remove_junk(ucwords($e_user['name'])); ?> "> </div> <div class="form-group"> <label for="username" class="control-label">Username</label> <input type="text" class="form-control" name="username" value="<?php echo remove_junk(ucwords($e_user['username'])); ?> "> </div> <div class="form-group clearfix"> <button type="submit" name="update" class="btn btn-info">Update</button> </div> </form> </div> <?php include_once 'layouts/footer.php';
$html .= "<li class=\"list-group-item\">"; $html .= $product['name']; $html .= "</li>"; } } else { $html .= '<li onClick=\\"fill(\'' . addslashes() . '\')\\" class=\\"list-group-item\\">'; $html .= 'Not found'; $html .= "</li>"; } echo json_encode($html); } ?> <?php // find all product if (isset($_POST['p_name']) && strlen($_POST['p_name'])) { $product_title = remove_junk($db->escape($_POST['p_name'])); if ($results = find_all_product_info_by_title($product_title)) { foreach ($results as $result) { $html .= "<tr>"; $html .= "<td id=\"s_name\">" . $result['name'] . "</td>"; $html .= "<input type=\"hidden\" name=\"s_id\" value=\"{$result['id']}\">"; $html .= "<td>"; $html .= "<input type=\"text\" class=\"form-control\" name=\"price\" value=\"{$result['sale_price']}\">"; $html .= "</td>"; $html .= "<td id=\"s_qty\">"; $html .= "<input type=\"text\" class=\"form-control\" name=\"quantity\" value=\"1\">"; $html .= "</td>"; $html .= "<td>"; $html .= "<input type=\"text\" class=\"form-control\" name=\"total\" value=\"{$result['sale_price']}\">"; $html .= "</td>"; $html .= "<td>";
$page_title = 'Change Password'; require_once 'includes/load.php'; // Checking userlevel page_require_level(3); $user = current_user(); if (isset($_POST['update'])) { $req_fields = array('new-password', 'old-password', 'id'); validate_fields($req_fields); if (empty($errors)) { if (sha1($_POST['old-password']) !== current_user()['password']) { $session->msg('d', "Your old password not match"); redirect('change_password.php', false); } $id = (int) $_POST['id']; $new = remove_junk($db->escape(sha1($_POST['new-password']))); $sql = "UPDATE users SET password ='******' WHERE id='{$db->escape($id)}'"; $result = $db->query($sql); if ($result && $db->affected_rows() === 1) { $session->logout(); $session->msg('s', "Login with your new password."); redirect('index.php', false); } else { $session->msg('d', ' Sorry failed to updated!'); redirect('change_password.php', false); } } else { $session->msg("d", $errors); redirect('change_password.php', false); } }
?> </td> <td><?php echo remove_junk($sale['name']); ?> </td> <td><?php echo (int) $sale['qty']; ?> </td> <td><?php echo remove_junk($sale['price']); ?> </td> <td><?php echo remove_junk($sale['date']); ?> </td> <td> <a href="edit_sale.php?id=<?php echo (int) $sale['id']; ?> " class="btn btn-warning btn-xs" title="Edit"> <span class="glyphicon glyphicon-edit"></span> </a> <a href="delete_categorie.php?id=<?php echo (int) $sale['id']; ?> " class="btn btn-danger btn-xs" title="Edit"> <span class="glyphicon glyphicon-trash"></span> </a>
?> </td> <td><?php echo remove_junk(first_character($recent_sale['name'])); ?> </td> <td><?php echo remove_junk(ucfirst($recent_sale['date'])); ?> </td> <td><?php echo remove_junk(first_character($recent_sale['price'])); ?> ,-</td> <td><?php echo remove_junk(first_character($recent_sale['username'])); ?> </td> </tr> <?php } ?> </tbody> </table> </div> </div> </div> <div class="col-md-4"> <div class="panel panel-default"> <div class="panel-heading">
<th class="text-center" style="width: 50px;">#</th> <th>Kategorier</th> <th class="text-center" style="width: 100px;">Handlinger</th> </tr> </thead> <tbody> <?php foreach ($all_categories as $cat) { ?> <tr> <td class="text-center"><?php echo count_id(); ?> </td> <td><?php echo remove_junk(ucfirst($cat['name'])); ?> </td> <td class="text-center"> <div class="btn-group"> <a href="edit_categorie.php?id=<?php echo (int) $cat['id']; ?> " class="btn btn-xs btn-warning" data-toggle="tooltip" title="Edit"> <span class="glyphicon glyphicon-edit"></span> </a> <a href="delete_categorie.php?id=<?php echo (int) $cat['id']; ?> " class="btn btn-xs btn-danger" data-toggle="tooltip" title="Remove"> <span class="glyphicon glyphicon-trash"></span>
require_once 'includes/load.php'; if (!$session->isUserLoggedIn(true)) { redirect('index.php', false); } $user = current_user(); if (isset($_POST['update'])) { $req_fields = array('new-password', 'old-password'); validate_fields($req_fields); if (sha1($_POST['old-password']) !== current_user()['password']) { $errors = "Your old password not match"; $session->msg('d', $errors); redirect('change_password.php', false); } if (empty($errors)) { $id = (int) $_SESSION['user_id']; $new = remove_junk(real_escape(sha1($_POST['new-password']))); $sql = "UPDATE users SET password ='******' WHERE id='{$id}'"; $result = mysqli_query($con, $sql); if ($result && mysqli_affected_rows($con) == 1) { $session->msg('s', "Acount updated"); redirect('change_password.php', false); } else { $session->msg('d', ' Sorry failed to updated!'); redirect('change_password.php', false); } } else { $session->msg("d", $errors); redirect('change_password.php', false); } } include_once 'layouts/header.php';
?> <tr> <td class="text-center"><?php echo count_id(); ?> </td> <td><?php echo remove_junk($sale['name']); ?> </td> <td class="text-center"><?php echo (int) $sale['qty']; ?> </td> <td class="text-center"><?php echo remove_junk($sale['price']); ?> ,-</td> <td class="text-center"><?php echo $sale['date']; ?> </td> <?php if (get_userlevel() == 1) { echo "<td class='text-center'>{$sale['username']}</td> "; } ?> <td class="text-center"><?php echo $sale['custnr']; ?> </td>
?> <tr> <td class="text-center"><?php echo count_id(); ?> </td> <td><?php echo remove_junk(ucwords($a_user['name'])); ?> </td> <td><?php echo remove_junk(ucwords($a_user['username'])); ?> </td> <td class="text-center"><?php echo remove_junk(ucwords($a_user['group_name'])); ?> </td> <td class="text-center"> <?php if ($a_user['status'] === '1') { ?> <span class="label label-success"><?php echo "Aktiv"; ?> </span> <?php } else { ?> <span class="label label-danger"><?php echo "Inaktiv";
while ($row = mysqli_fetch_array($result)) { $html .= "<li class=\"list-group-item\">"; $html .= $row['name']; $html .= "</li>"; } } else { $html .= '<li onClick=\\"fill(\'' . addslashes() . '\')\\" class=\\"list-group-item\\">'; $html .= 'Not found'; $html .= "</li>"; } echo json_encode($html); } ?> <?php if (isset($_POST['p_name']) && strlen($_POST['p_name'])) { $product_title = remove_junk(real_escape($_POST['p_name'])); if ($results = find_product_views_by_name($product_title)) { foreach ($results as $result) { $html .= "<tr>"; $html .= "<td id=\"s_name\">" . $result['name'] . "</td>"; $html .= "<input type=\"hidden\" name=\"s_id\" value=\"{$result['id']}\">"; $html .= "<td>"; $html .= "<input type=\"text\" class=\"form-control\" name=\"price\" value=\"{$result['sale_price']}\">"; $html .= "</td>"; $html .= "<td id=\"s_qty\">"; $html .= "<input type=\"text\" class=\"form-control\" name=\"quantity\" value=\"1\">"; $html .= "</td>"; $html .= "<td>"; $html .= "<input type=\"text\" class=\"form-control\" name=\"total\" value=\"{$result['sale_price']}\">"; $html .= "</td>"; $html .= "<td>";
function find_by_cat_id($id) { global $con; $cat_id = remove_junk((int) $id); $sql = "SELECT * FROM categories WHERE id='{$id}'"; $row = mysqli_query($con, $sql); check_query($row); if ($result = mysqli_fetch_assoc($row)) { return $result; } else { return null; } }
$page_title = 'Returrapport'; $results = ''; require_once 'includes/load.php'; // Checking userlevel page_require_level(1); if (isset($_POST['submit'])) { $req_dates = array('start-date', 'end-date'); validate_fields($req_dates); $returnCategories = find_all('returnCategory'); if (empty($errors)) { $idArray = []; $resultArray = []; $end_date_storage = []; $return_total = []; $start_date = remove_junk($db->escape($_POST['start-date'])); $end_date = remove_junk($db->escape($_POST['end-date'])); //finner alle unike produktid-er der det har vært trades. $p_id = get_unique_pid_trades($start_date, $end_date); //Pusher de til array så de kan lett itereres. foreach ($p_id as $id) { array_push($idArray, $id); array_push($return_total, get_trade_total($start_date, $end_date, $id['product_id'])); } //skal her hente ut returinfo for produktene. har produkt-id, trenger kun hvor mange som har blitt returnert av hver FK_returncategoryID //må mekke en funksjon som returnerer summen av antallet som har vært returnert. Array i en array? Sjekke for p_id og deretter RC_id per funksjon? Så springe en liten for-loop inne i foreach. } else { $session->msg("d", $errors); redirect('sales_report.php', false); } } else { $session->msg("d", "Velg datoer");
<?php require_once 'includes/load.php'; if (!$session->isUserLoggedIn(true)) { redirect('index.php', false); } $all_categories = all_catgories(); if (isset($_POST['add_product'])) { $req_fields = array('product-title', 'product-categorie', 'product-quantity', 'buying-price', 'saleing-price'); validate_fields($req_fields); if (empty($errors)) { $p_name = remove_junk(real_escape($_POST['product-title'])); $p_cat = remove_junk(real_escape($_POST['product-categorie'])); $p_qty = remove_junk(real_escape($_POST['product-quantity'])); $p_buy = remove_junk(real_escape($_POST['buying-price'])); $p_sale = remove_junk(real_escape($_POST['saleing-price'])); $query = "INSERT INTO products ("; $query .= " name,quantity,buy_price,sale_price,categorie_id"; $query .= ") VALUES ("; $query .= " '{$p_name}', '{$p_qty}', '{$p_buy}', '{$p_sale}', '{$p_cat}'"; $query .= ")"; $query .= " ON DUPLICATE KEY UPDATE name='{$p_name}'"; $result = mysqli_query($con, $query); if ($result) { $session->msg('s', "Product added "); redirect('add_product.php', false); } else { $session->msg('d', ' Sorry failed to added!'); redirect('product.php', false); } } else {