session_start(); session_unset($_SESSION['ERROR']); session_unset($_SESSION['user']); session_unset($_SESSION['password']); session_unset($_SESSION['email']); require "../deny/connector.php"; require "../administrator/process/class/class.Customer.php"; require "../administrator/includes/injection.php"; $username = sqlInjection($_POST['username']); $email = sqlInjection($_POST['email']); $password = sqlInjection($_POST['password']); $fullname = sqlInjection($_POST['fullname']); $phone = sqlInjection($_POST['phone']); $address = sqlInjection($_POST['address']); $gender = sqlInjection($_POST['gender']); $errors = ""; $flag = 0; $cus = new Customer(); if ($username == "") { $errors .= " - Hãy nhập tên đăng nhập.<br>"; $flag++; } else { if (strlen($username) > 25 || strlen($username) < 5) { $errors .= " - Tên đăng nhập phải từ 5-25 ký tự.<br>"; $flag++; } else { if ($cus->checkUser($username) == "true") { $errors .= " - Tên đăng nhập đã tồn tại,hãy chọn tên đăng nhập khác.<br>"; $flag++; }
<?php session_start(); //require("../includes/checkPermission.php"); require "../../deny/connector.php"; require "class/class.News.php"; require "../includes/injection.php"; $newstitle = sqlInjection($_POST['NewsTitle']); $newssummary = sqlInjection($_POST['NewsSummary']); $newsimage = sqlInjection($_POST['NewsImage']); $newscontent = mysql_real_escape_string($_POST['textContent']); $newsdate = date("Y-m-d"); $continue = $_REQUEST['continue']; //echo $newstitle."<br>".$newssummary."<br>".$newsimage."<br>".$newscontent."<br>".$newsdate; $cate = new News(); $cate->insert($newstitle, $newssummary, $newsimage, $newscontent); if ($continue == "OK") { echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=addnews'>"; //header("location: ../admincp.php?opt=addnews"); //exit(); } else { echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listnews'>"; //header("location: ../admincp.php?opt=listnews"); //exit(); }
$tempquery = " where " . substr($condistion, 4); } $start = $p->findStart($limit); $querycount = "select cd_id from tblcd " . $tempquery; $count = mysql_num_rows(mysql_query($querycount)); $pages = $p->findPages($count, $limit); if (isset($_GET['nav']) and is_numeric($_GET['nav'])) { $paging = "LIMIT " . $start . "," . $limit . " "; } else { $paging = "LIMIT 0," . $limit . " "; } $orderby = "ORDER BY cd_id DESC"; $products = $prod->getListProduct($orderby, $condistion, $paging); //echo mysql_error(); //echo $condistion; $page_list = $p->pageList(sqlInjection($_GET['nav']), $pages); ?> <style type="text/css"> ul.paging li a { background-color: #F8F8F8; border: 1px solid #E6E6E6; border-radius: 2px 2px 2px 2px; color: #666666; padding: 2px 6px; outline: medium none; text-decoration: none; } ul.paging li a:active { color: #0000CC; } ul.paging li a:hover, ul.paging li a.paging-active {
require_once "../deny/connector.php"; require_once "includes/injection.php"; $conditions = ""; $count = 0; $limit = 20; $listorder = array(); $ord = new Order(); $pag = new Page(); if (isset($_GET["orderStatus"]) and $_GET["orderStatus"] != NULL) { $conditions .= " where tblorder.order_status =" . sqlInjection($_GET['orderStatus']) . " "; if (isset($_GET["searchStr"]) and $_GET["searchStr"] != NULL) { $conditions .= " and tblcustomer.cus_username like '%" . sqlInjection($_GET['searchStr']) . "%'"; } } else { if (isset($_GET["searchStr"]) and $_GET["searchStr"] != NULL) { $conditions .= " where tblcustomer.cus_username like '%" . sqlInjection($_GET['searchStr']) . "%'"; } } //echo $conditions; $start = $pag->findStart($limit); $querycount = "SELECT tblorder.order_id FROM tblcustomer INNER JOIN tblorder ON tblcustomer.cus_id = tblorder.cus_id " . $conditions; $count = mysql_num_rows(mysql_query($querycount)); $pages = $pag->findPages($count, $limit); if (isset($_GET['page']) or is_numeric($_GET['page'])) { $paging = " LIMIT " . $start . "," . $limit . " "; } else { $paging = " LIMIT 0," . $limit . " "; } $listorder = $ord->getListOrder($conditions, $paging); $page_list = $pag->pageList($_GET['page'], $pages); ?>
<?php require_once "../includes/checkPermission.php"; require_once "../../deny/connector.php"; require_once "class/class.Feedback.php"; require_once "../includes/injection.php"; $fb = new Feedback(); $fbid = sqlInjection($_GET['feedbackID']); $status = sqlInjection($_GET['sts']); $fb->changeStatus($fbid, $status); echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listfeedback'>"; //header("LOCATION : ../admincp.php?opt=listorder"); //exit();
<?php require_once "includes/checkPermission.php"; require_once "process/class/Paging.php"; require_once "process/class/class.News.php"; require_once "../deny/connector.php"; require_once "includes/injection.php"; $conditions = ""; $count = 0; $limit = 15; $pag = new Page(); $news = new News(); $dataNews = array(); if (isset($_GET["Ntitle"]) and $_GET["Ntitle"] != NULL) { $conditions = " where news_title like '%" . sqlInjection($_GET['Ntitle']) . "%'"; } $start = $pag->findStart($limit); $querycount = "select news_id from tblnews " . $conditions; $count = mysql_num_rows(mysql_query($querycount)); $pages = $pag->findPages($count, $limit); if (isset($_GET['page']) or is_numeric($_GET['page'])) { $paging = "LIMIT " . $start . "," . $limit . " "; } else { $paging = "LIMIT 0," . $limit . " "; } $dataNews = $news->getListNews($conditions, $paging); $page_list = $pag->pageList($_GET['page'], $pages); ?> <link rel="stylesheet" href="css/tabledataStyle2.css" type="text/css"></link> <link rel="stylesheet" href="css/paging.css" type="text/css"></link> <h2 id="siteTitle"><img src="images/news.png" border="0" width="64" height="64" align="middle"> Xem, Xóa Tin tức</h2>
<?php require "includes/checkPermission.php"; require "../deny/connector.php"; require "process/class/class.Category.php"; require "includes/injection.php"; $cate = new Category(); $categories = array(); $currentCate = array(); $selected = ""; $categories = $cate->getCategories(); $cateId = sqlInjection($_REQUEST['cateID']); $currentCate = $cate->getCategoryById($cateId); ?> <link rel="stylesheet" href="css/tabledataStyle.css" type="text/css"></link> <script language="javascript"> function check() { var errStr=""; errStr+= checkEmpty("cateName","<br>Tên loại sản phẩm không được để trống"); //errStr+= checkEmpty("CatLink","<br>Link cho loại sản phẩm không được để trống"); x3 = document.getElementById("errorArea"); if (errStr!=""){ x3.innerHTML = "<h4><font color=red face=Verdana>"+errStr+"</font></h4>"; return false; } } </script> </head>
<?php session_start(); require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Category.php"; require "../includes/injection.php"; $cateid = sqlInjection($_POST['cateID']); $catename = sqlInjection($_POST['cateName']); $cateparent = sqlInjection($_POST['cateParent']); //echo $cateid." \"".$catename."\" ".$cateparent; if ($catename == "") { $_SESSION['CATEEDIT'] = "<h4><font color=red face=Verdana>Tên loại sản phẩm không được để trống</font></h4>"; //echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=editcategory&cateID=".$cateid."'>"; header("location: ../admincp.php?opt=editcategory&cateID={$cateid}"); exit; } else { $cate = new Category(); $cate->update($cateid, $catename, $cateparent); } echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listcategory'>"; //header("location: ../admincp.php?opt=listcategory"); //exit();
<?php session_start(); require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Customer.php"; require "../includes/injection.php"; $_SESSION['CUSDELETE'] = ""; $cusid = sqlInjection($_GET['cID']); $str = "select cus_id from tblorder where cus_id={$cusid} "; $result = mysql_query($str); if (mysql_num_rows($result) > 0) { $_SESSION['CUSDELETE'] = "<font color=red face=Verdana>Không thể xóa Khách hàng vì đang có đơn đặt hàng liên quan<br>Hãy xóa đơn đặt hàng liên quan trước khi xóa Khách hàng</font>"; } else { $cus = new Customer(); $cus->delete($cusid); $_SESSION['CUSDELETE'] = ""; } //echo $cusid; echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listcustomer'>"; //header("location: ../admincp.php?opt=listcustomer"); //exit();
<?php require_once "administrator/process/class/class.Customer.php"; require_once "deny/connector.php"; ?> <div class="width"> <div class="box"> <?php $cus = new Customer(); $customer = array(); $cid = sqlInjection($_SESSION['user_id']); $customer = $cus->getCustomerbyId($cid); ?> <form class="form-validate" method="post" action="process/updateprofile.php" enctype="application/x-www-form-urlencoded"> <div class="componentheading">Cập nhật thông tin khách hàng</div> <div id="regmess"></div> <?php if ($_SESSION['ERROR'] != "") { echo "<font color='#FF0000'>" . $_SESSION['ERROR'] . "</font><br/>"; $_SESSION['ERROR'] = NULL; } ?> <table width="100%" cellspacing="0" cellpadding="0" border="0" class="contentpane"> <tbody><tr> <td width="30%" height="40"> <label for="fullname" id="namemsg" class=""> Họ tên: </label> </td> <td> <input type="text" maxlength="50" class="inputbox required" value="<?php
<?php session_start(); require_once "../deny/connector.php"; require_once "../administrator/process/class/class.Customer.php"; require_once "../administrator/includes/injection.php"; $infor = array(); $username = sqlInjection($_POST['username']); $password = sqlInjection($_POST['passwd']); //echo $password."<br>"; $mess = ""; $newpass = md5($password); $_SESSION['LOGINERROR'] = ""; //echo $newpass; if ($username == NULL) { $mess .= "<font color='red'>Hãy điền tên đăng nhập.</font><br>"; } else { if (strlen($username) > 25 || strlen($username) < 5) { $mess .= "<font color='red'>Tên đăng nhập có từ 5-25 ký tự.</font><br>"; } } if ($password == NULL) { $mess .= "<font color='red'>Hãy điền mật khẩu.</font><br>"; $error++; } else { if (strlen($password) > 25 || strlen($password) < 5) { $mess .= "<font color='red'>Mật khẩu có từ 5-25 ký tự.</font><br>"; } } if ($mess != "") { $_SESSION['LOGINERROR'] = $mess;
<?php require_once "administrator/process/class/Paging.php"; require_once "administrator/process/class/class.Order.php"; require_once "deny/connector.php"; require_once "administrator/includes/injection.php"; $conditions = ""; $count = 0; $limit = 15; $listorder = array(); $ord = new Order(); $pag = new Page(); $conditions = " WHERE tblorder.cus_id=" . sqlInjection($_SESSION['user_id']) . ""; if (isset($_GET["orderStatus"])) { $conditions .= " and tblorder.order_status =" . sqlInjection($_GET['orderStatus']) . " "; } $start = $pag->findStart($limit); $querycount = "SELECT tblorder.order_id FROM tblcustomer INNER JOIN tblorder ON tblcustomer.cus_id = tblorder.cus_id " . $conditions; $count = mysql_num_rows(mysql_query($querycount)); $pages = $pag->findPages($count, $limit); if (isset($_GET['nav']) or is_numeric($_GET['nav'])) { $paging = " LIMIT " . $start . "," . $limit . " "; } else { $paging = " LIMIT 0," . $limit . " "; } $listorder = $ord->getListOrder($conditions, $paging); $page_list = $pag->pageList($_GET['nav'], $pages); ?> <style> table tr{ border:dotted thin;
<?php require "includes/checkPermission.php"; include "process/class/Paging.php"; include "process/class/class.Customer.php"; require "../deny/connector.php"; require "includes/injection.php"; $conditions = ""; $count = 0; $limit = 20; $pag = new Page(); $cus = new Customer(); $dataCus = array(); if (isset($_GET['searchStr']) and $_GET['searchStr'] != NULL) { $conditions = " where cus_fullname like '%" . sqlInjection($_GET['searchStr']) . "%'"; } $start = $pag->findStart($limit); $querycount = "select cus_id from tblcustomer " . $conditions; $count = mysql_num_rows(mysql_query($querycount)); $pages = $pag->findPages($count, $limit); if (isset($_GET["page"]) and is_numeric($_GET["page"])) { $paging = "LIMIT " . $start . "," . $limit . " "; } else { $paging = "LIMIT 0," . $limit . " "; } $page_list = $pag->pageList($_GET['page'], $pages); $dataCus = $cus->getListCustomerSummary($conditions, $paging); ?> <link rel="stylesheet" href="css/tabledataStyle2.css" type="text/css"></link> <link rel="stylesheet" href="css/paging.css" type="text/css"></link> <h2 id="siteTitle"><img src="images/User.png" border="0" width="64" height="64" align="middle"> Xem, Xóa Thành Viên</h2> <div id="infoArea">
<?php session_start(); require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Category.php"; require "../includes/injection.php"; $_SESSION['CATEDELETE'] = ""; $cateid = sqlInjection($_GET['cateID']); $str = "select cate_id from tblcd where cate_id=" . $cateid . ""; $result = mysql_query($str); if (mysql_num_rows($result) > 0) { $_SESSION['CATEDELETE'] = "<h4><font color=red face=Verdana>Không thể xóa Category vì đã có sản phẩm liên quan<br>Hãy xóa sản phẩm liên quan trước khi xóa Category</font></h4>"; } else { $cateid = intval($cateid); $cate = new Category(); $cate->delete($cateid); $_SESSION['CATEDELETE'] = ""; } //echo $cateid."<br>".$str."<br>"; echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listcategory'>"; //header("location: ../admincp.php?opt=listcategory"); //exit();
<?php session_start(); require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Admin.php"; require "../includes/injection.php"; $aid = sqlInjection($_POST['adminID']); $continue = $_POST['continue']; $adm = new Admin(); if ($_SESSION['ADMIN'] != $aid) { $adm->delete($aid); } echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listadmin'>"; //header("location: ../admincp.php?opt=listadmin"); //exit();
<?php session_start(); require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Product.php"; require "../includes/injection.php"; $_SESSION['DELETEPRODUCT'] = ""; $productid = sqlInjection($_GET['pID']); $str = "select cd_id from tblorderdetail where cd_id={$productid} "; $result = mysql_query($str); if (mysql_num_rows($result) > 0) { $_SESSION['DELETEPRODUCT'] = "Không thể xóa sản phẩm này vì đang có đơn đặt hàng"; } else { $productid = intval($productid); $prod = new Product(); $prod->delete($productid); $_SESSION['DELETEPRODUCT'] = ""; } //echo $cateid."<br>".$str."<br>"; echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listproduct'>"; //header("location: ../admincp.php?opt=listproduct"); //exit();
} if ($_GET['page'] == "login") { if (isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == "true") { header("location: index.php?page=shoppingcart"); exit; } } if ($_GET['page'] == "profile" or $_GET['page'] == "history") { if (!isset($_SESSION['LOGIN']) or $_SESSION['LOGIN'] != "true") { header("location: index.php"); exit; } } if (isset($_POST['command']) and isset($_POST['pId']) && $_POST['command'] == "addtocart") { $cart = new Cart(); $pid = sqlInjection($_POST['pId']); $cart->addtocart($pid, 1); header("location: index.php?page=shoppingcart"); exit; } //$ch->cache(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <title>CDShop Online</title> <link rel="stylesheet" href="css/constant.css" type="text/css" /> <link rel="stylesheet" href="css/template.css" type="text/css" /> <link rel="stylesheet" href="css/style.css" type="text/css" />
<?php session_start(); require "../../deny/connector.php"; require "class/class.Admin.php"; require "../includes/injection.php"; $infor = array(); $_SESSION['ADMINERROR'] = ""; $username = sqlInjection($_REQUEST['txtAUsername']); $password = sqlInjection($_REQUEST['txtAPassword']); $hashpass = md5($_REQUEST['txtAPassword']); $mess = ""; $errors = 0; $_SESSION['auser'] = $username; if ($username == "") { $mess .= " - Hãy điền Username.<br>"; $errors++; } else { if (strlen($username) > 25 or strlen($username) < 5) { $mess .= " - Username phải có từ 5-25 ký tự.<br>"; $errors++; } } if ($password == "") { $mess .= " - Hãy điền Password."; $errors++; } else { if (strlen($password) > 25 or strlen($password) < 5) { $mess .= " - Password phải có từ 5-25 ký tự.<br>"; $errors++; }
<?php require "deny/connector.php"; require "administrator/process/class/class.News.php"; //require("administrator/includes/injection.php"); $nid = sqlInjection($_GET['nId']); $news = array(); $ns = new News(); $news = $ns->getNewsByID($nid); ?> <div class="box"> <div id="vmMainPage"> <div class="clear"> <h3 class="">TIN TỨC</h3> </div> <!-- BEGIN NEWS --> <div class="clear"> <?php if (count($news) > 0) { ?> <p><span style="color:#005;font-size:15px;font-weight:bold"><?php echo $news['title']; ?> </span><br /> <span>Ngày đăng : <?php echo $news['pubdate']; ?> </span> </p><br /> <div>
<?php require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Feedback.php"; require "../includes/injection.php"; $fbid = sqlInjection($_GET['feedbackID']); $fb = new Feedback(); $fb->delete($fbid); echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listfeedback'>"; //header("location: ../admincp.php?opt=listnews"); //exit();
require_once "includes/injection.php"; $conditions = ""; $count = 0; $limit = 20; $dataProduct = array(); $category = array(); $pag = new Page(); $cate = new Category(); $prod = new Product(); $dk1 = ""; $dk2 = ""; if (isset($_GET["CateID"]) && $_GET["CateID"] != "") { $dk1 = " cate_id=" . sqlInjection($_GET['CateID']) . ""; } if (isset($_GET["searchStr"]) && $_GET["searchStr"] != "") { $dk2 = " cd_lable like '%" . sqlInjection($_GET['searchStr']) . "%' "; } if ($dk1 != "") { $conditions = " where " . $dk1; if ($dk2 != "") { $conditions .= " and " . $dk2; } } else { if ($dk2 != "") { $conditions = " where " . $dk2; } } //echo $conditions; $start = $pag->findStart($limit); $querycount = "select cd_id from tblcd " . $conditions; $count = mysql_num_rows(mysql_query($querycount));
require_once "administrator/process/class/class.Product.php"; require_once "administrator/process/class/class.Disktype.php"; //require_once("administrator/includes/injection.php"); require_once "includes/trackXML.php"; $prod = new Product(); //$cate = new Category(); $dsk = new DiskType(); $trck = new TrackXML(); $disktype = array(); //$categories = array(); $product = array(); $tracklist = array(); //$categories = $cate->getCategories(); $disktype = $dsk->getAll(); if (isset($_GET['pid']) && is_numeric($_GET['pid'])) { $id = sqlInjection($_GET['pid']); $product = $prod->getProductById($id); $tracklist = $trck->xml2Array($product['tracklist']); } else { echo "<meta http-equiv='refresh' content='0;url=index.php'>"; } ?> <div class="width"> <div class="box"> <div id="vmMainPage"> <div class="clear indent"> <?php if (count($product) > 0) { ?> <table>
require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Product.php"; require "../includes/injection.php"; require "../../includes/trackXML.php"; $cate = sqlInjection($_POST['CateID']); $lable = sqlInjection($_POST['Lable']); $price = sqlInjection($_POST['Price']); $artist = sqlInjection($_POST['Artist']); $producer = sqlInjection($_POST['Producer']); $year = sqlInjection($_POST['pubYear']); $disktype = sqlInjection($_POST['DiskType']); $description = sqlInjection($_POST['Description']); $tracklist = ""; $image = sqlInjection($_POST['proImage']); $status = sqlInjection($_POST['ProStatus']); $continue = $_POST['continue']; $trck = new TrackXML(); $prod = new Product(); if (isset($_POST['trackname']) && isset($_POST['tracklength'])) { $tracklist = $trck->createXML($_POST['trackname'], $_POST['tracklength']); } //echo $lable."<br>".$cate."<br>".$price // ."<br>".$artist."<br>".$producer."<br>".$year."<br>".$disktype."<br>".$description // ."<br>".$tracklist."<br>".$image."<br>".$status; $prod->insert($lable, $cate, $price, $artist, $producer, $year, $disktype, $description, $tracklist, $image, $status); if ($continue == "OK") { echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=addproduct'>"; //header("location: ../admincp.php?opt=addproduct"); //exit(); }
<?php session_start(); require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Admin.php"; require "../includes/injection.php"; $fullname = sqlInjection($_POST['Afullname']); $email = sqlInjection($_POST['AEmail']); $phone = sqlInjection($_POST['APhone']); $adm = new Admin(); $adm->update($_SESSION['ADMIN'], $email, $fullname, $phone); echo "<meta http-equiv='refresh' content='0;url=../admincp.php'>"; //header("location: ../admincp.php"); //exit();
<?php require_once "includes/checkPermission.php"; require_once "../deny/connector.php"; require_once "process/class/class.News.php"; require_once "includes/injection.php"; $nid = sqlInjection($_GET['newsID']); $news = array(); $ns = new News(); $news = $ns->getNewsByID($nid); //print_r($news); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Chi tiết Tin tức</title> <link href="css/detail.css" rel="stylesheet" type="text/css"></link> </head> <body> <div id="wrapper"><br /><br /> <center><img src="../<?php echo $news['image']; ?> "></center><br /><br /> <h2 id="siteTitle" align="center">Chi tiết Tin Tức</h2> <div id="info"> <table border="1px" cellpadding="5px"> <tr> <td class="field">Tiêu đề :</td>
session_start(); require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Product.php"; require "../includes/injection.php"; require "../../includes/trackXML.php"; $cate = sqlInjection($_POST['CateID']); $lable = sqlInjection($_POST['Lable']); $price = sqlInjection($_POST['Price']); $artist = sqlInjection($_POST['Artist']); $producer = sqlInjection($_POST['Producer']); $year = sqlInjection($_POST['pubYear']); $disktype = sqlInjection($_POST['DiskType']); $description = sqlInjection($_POST['Description']); $tracklist = ""; $image = sqlInjection($_POST['proImage']); $status = sqlInjection($_POST['ProStatus']); $id = sqlInjection($_GET['pID']); $trck = new TrackXML(); $prod = new Product(); if (isset($_POST['trackname']) && isset($_POST['tracklength'])) { $tracklist = $trck->createXML($_POST['trackname'], $_POST['tracklength']); } /*echo $lable."<br>".$cate."<br>".$price ."<br>".$artist."<br>".$producer."<br>".$year."<br>".$disktype."<br>".$description ."<br>".$tracklist."<br>".$image."<br>".$status;*/ $prod->update($id, $lable, $cate, $price, $artist, $producer, $year, $disktype, $description, $tracklist, $image, $status); echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listproduct'>"; //header("location: ../admincp.php?opt=listproduct"); //exit();
<?php require_once "administrator/process/class/class.Feedback.php"; require_once "administrator/includes/injection.php"; require_once "deny/connector.php"; $title = sqlInjection($_POST['title']); $name = sqlInjection($_POST['fullname']); $email = sqlInjection($_POST['email']); $content = sqlInjection($_POST['content']); $error = ""; $_SESSION['FBERROR'] = ""; if (isset($_POST['submit'])) { if ($_POST['captcha'] == $_SESSION['CODE']) { $fb = new Feedback(); $fb->insert($title, $name, $email, $content); $_SESSION['FBERROR'] = 'Bạn đã gửi thành công.'; } else { $_SESSION['FBERROR'] = '- Sai mã xác nhận !'; } } ?> <script language="javascript"> var error=""; function changeImage(){ document.getElementById('imgcaptcha').src="captcha/captcha.php"; } function checkEmpty(elementId,errorMessage) { x1 = document.getElementById(elementId);
<?php session_start(); require_once "../deny/connector.php"; require_once "../administrator/process/class/class.Order.php"; require_once "../administrator/includes/injection.php"; if (!isset($_SESSION['user_id']) or $_SESSION['user_id'] == "") { header("location: ../index.php?page=login"); exit; } $order = new Order(); $userid = $_SESSION['user_id']; $orderid = sqlInjection($_GET['orderID']); $order->deleteOrder($orderid, $userid); echo "<meta http-equiv='refresh' content='0;url=../index.php?page=history'>"; //header('location : ../index.php?page=history'); //exit();
$conditions .= ""; } } else { $conditions .= ""; } if (isset($_GET["Sreceiver"]) and isset($_GET["Freceiver"])) { if ($_GET["Sreceiver"] != NULL and $_GET["Freceiver"] != NULL) { $conditions .= " AND tblorder.order_receiverdate BETWEEN '" . changueFormatDate($_GET["Sreceiver"]) . "' and '" . sqlInjection(changueFormatDate($_GET["Freceiver"])) . "' "; } else { $conditions .= ""; } } else { $conditions .= ""; } if (isset($_GET["status"]) and is_numeric($_GET["status"])) { $conditions .= " AND tblorder.order_status =" . sqlInjection($_GET["status"]) . ""; } if ($conditions != "") { $conditions = " WHERE " . substr($conditions, 4); } //echo $conditions; $start = $pag->findStart($limit); $querycount = "SELECT tblorder.order_id FROM tblcustomer INNER JOIN tblorder ON tblcustomer.cus_id = tblorder.cus_id " . $conditions; $count = mysql_num_rows(mysql_query($querycount)); $total = mysql_query("select sum(order_totalcost) as totalcost from tblorder " . $conditions); $pages = $pag->findPages($count, $limit); if (isset($_GET['page']) or is_numeric($_GET['page'])) { $paging = " LIMIT " . $start . "," . $limit . " "; } else { $paging = " LIMIT 0," . $limit . " "; }