<?php
include "select_db.php";
$idDes = $_POST['id'];
$name = $_POST['name'];
$description = $_POST['description'];
$latitude = $_POST['latitude'];
$longitude = $_POST['longitude'];
$telp = $_POST['telp'];
$email = $_POST['email'];
$link = $_POST['link'];
if ($name == "") {
header("location:addDestination.php?errorMsg=Name must be filled!");
} else {
if (duplicateCheck($name, $idDes) == false) {
header("location:addDestination.php?errorMsg=Please insert different name!");
} else {
if ($description == "") {
header("location:addDestination.php?errorMsg=Description must be filled!");
} else {
if ($telp == "") {
header("location:addDestination.php?errorMsg=Telp must be filled!");
} else {
if (!ctype_digit($telp)) {
header("location:addDestination.php?errorMsg=Telp must be number!");
} else {
if ($latitude == "") {
header("location:addDestination.php?errorMsg=Latitude must be filled!");
} else {
if ($longitude == "") {
header("location:addDestination.php?errorMsg=Longitude must be filled!");
<?php
session_start();
include "select_db.php";
$idUser = $_SESSION['idUser'];
$name = $_POST['name'];
$tax = $_POST['tax'];
if ($name == "") {
header("location:addTax.php?errorMsg=Name must be filled!");
} else {
if (duplicateCheck($name) == false) {
header("location:addTax.php?errorMsg=Please insert different name!");
} else {
if ($tax == "") {
header("location:addTax.php?errorMsg=Tax must be filled!");
} else {
if (!ctype_digit($tax)) {
header("location:addTax.php?errorMsg=Tax must be number!");
} else {
//insert to tax
$count = mysql_query("SELECT ID_Tax as 'Flag' FROM tax ORDER BY ID_Tax DESC LIMIT 1") or die(mysql_error());
$temp;
while ($row = mysql_fetch_array($count)) {
$temp = $row[0];
}
if (SUBSTR(strval($temp), 3, -5) == strval(date("y"))) {
mysql_query("INSERT INTO tax VALUES (\n\t\t\tCONCAT('TAX', SUBSTRING(YEAR(CURRENT_TIMESTAMP),3,2), \n\t\t\tLPAD((SUBSTR((SELECT tx.ID_Tax FROM tax tx ORDER BY tx.ID_Tax DESC LIMIT 1),6) + 1 ), 5, 0)),\n\t\t\t'" . $name . "','" . $tax / 100 . "','Active')");
} else {
mysql_query("INSERT INTO tax VALUES (\n\t\t\tCONCAT('TAX', SUBSTRING(YEAR(CURRENT_TIMESTAMP),3,2), '00001'),\n\t\t\t'" . $name . "','" . $tax / 100 . "','Active')");
}
//get last id tax
session_start();
include "select_db.php";
$role = $_POST['role'];
$username = $_POST['username'];
$pass = $_POST['password'];
$name = $_POST['name'];
$dob = $_POST['date'];
$email = $_POST['email'];
if ($username == "") {
header("location:addUser.php?errorMsg=Username must be filled!");
} else {
if ($name == "") {
header("location:addUser.php?errorMsg=Name must be filled!");
} else {
if (duplicateCheck($username) == false) {
header("location:addUser.php?errorMsg=Please insert different username!");
} else {
if ($pass == "") {
header("location:addUser.php?errorMsg=Password must be filled!");
} else {
if ($email == "") {
header("location:addUser.php?errorMsg=Email must be filled!");
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("location:addUser.php?errorMsg=Invalid Email format!");
} else {
$count = mysql_query("SELECT ID_User as 'Flag' FROM user ORDER BY ID_User DESC LIMIT 1") or die(mysql_error());
$temp;
while ($row = mysql_fetch_array($count)) {
$temp = $row[0];
<?php
session_start();
include "select_db.php";
$idUser = $_SESSION['idUser'];
$idTax = $_POST['id'];
$name = $_POST['name'];
$tax = $_POST['tax'];
if ($name == "") {
header("location:updateTax.php?errorMsg=Name must be filled!&idTax={$idTax}");
} else {
if (duplicateCheck($name, $idTax) == false) {
header("location:updateTax.php?errorMsg=Please insert different name!&idTax={$idTax}");
} else {
if ($tax == "") {
header("location:updateTax.php?errorMsg=Tax must be filled!&idTax={$idTax}");
} else {
if (!ctype_digit($tax)) {
header("location:updateTax.php?errorMsg=Tax must be number!&idTax={$idTax}");
} else {
//update tax
mysql_query("UPDATE tax SET Tax_Name='" . $name . "', Tax= '" . $tax / 100 . "' WHERE ID_Tax='" . $idTax . "'");
//save tax history
$count = mysql_query("SELECT ID_Tax_History as 'Flag' FROM tax_history ORDER BY ID_Tax_History DESC LIMIT 1") or die(mysql_error());
$temp;
while ($row = mysql_fetch_array($count)) {
$temp = $row[0];
}
if (SUBSTR(strval($temp), 3, -5) == strval(date("y"))) {
mysql_query("INSERT INTO tax_history VALUES (\n\t\t\tCONCAT('TXH', SUBSTRING(YEAR(CURRENT_TIMESTAMP),3,2), \n\t\t\tLPAD((SUBSTR((SELECT th.ID_Tax_History FROM tax_history th ORDER BY th.ID_Tax_History DESC LIMIT 1),6) + 1 ), 5, 0)),\n\t\t\t'" . $idTax . "','" . $name . "','" . $tax / 100 . "','" . $idUser . "','Update',now())");
} else {
function addAccount()
{
global $dbc, $user, $accountTypes;
$query = '';
$params = array();
$values = array();
$ret_type = 'i';
if (isset($_POST['query_vars'])) {
$args = array('query_vars' => array('filter' => FILTER_VALIDATE_STRING, 'flags' => FILTER_REQUIRE_ARRAY));
$vars = filter_input_array(INPUT_POST, $args);
$name = $vars['query_vars'][0]['account-name'];
$type = $vars['query_vars'][0]['account-type'];
if (duplicateCheck($name, $type)) {
$response['success'] = false;
$response['dbmatch'] = array('name' => $name, 'type' => $accountTypes[$type]);
echo json_encode($response);
die;
}
$count = 1;
$query = "INSERT INTO accounts(";
$params = '';
$ret_type = '';
$values = array();
foreach ($vars['query_vars'] as $var) {
foreach ($var as $key => $val) {
if ($count < count($vars['query_vars'])) {
$query .= $key . ", ";
$params .= '? ,';
} else {
$query .= $key;
$params .= '?';
}
$ret_type .= $val['type'];
if ($key == 'due_date') {
$val['value'] = date('Y-m-d', strtotime($val['value']));
}
array_push($values, $val['value']);
++$count;
}
}
$types[] = $ret_type;
$query .= ") VALUES ({$params});";
if ($stmt = $dbc->prepare($query)) {
$params = array_merge($types, $values);
$tmp = array();
foreach ($params as $key => $value) {
$tmp[$key] =& $params[$key];
}
call_user_func_array(array($stmt, 'bind_param'), $tmp);
if (!$stmt->execute()) {
$errors[] = 'Add Account failure: ' . $stmt->error;
$response['success'] = false;
$response['errors'] = $errors;
} else {
$response['success'] = true;
}
} else {
var_dump($dbc);
$errors[] = 'SQL Statment invalid: ' . $dbc->info;
$response['success'] = false;
$response['errors'] = $errors;
}
} else {
$errors[] = 'Add Account failure: Missing Parameters';
$response['success'] = false;
$response['errors'] = $errors;
}
echo json_encode($response);
die;
}
<?php
session_start();
include "select_db.php";
$idUser = $_SESSION['idUser'];
$idAdd = $_POST['id'];
$name = $_POST['name'];
$price = $_POST['price'];
$description = $_POST['description'];
$qty = $_POST['qty'];
if ($name == "") {
header("location:updateAdditional.php?errorMsg=Name must be filled!&idAdd={$idAdd}");
} else {
if (duplicateCheck($name, $idAdd) == false) {
header("location:updateAdditional.php?errorMsg=Please insert different name!&idAdd={$idAdd}");
} else {
if ($price == "") {
header("location:updateAdditional.php?errorMsg=Price must be filled!&idAdd={$idAdd}");
} else {
if (!ctype_digit($price)) {
header("location:updateAdditional.php?errorMsg=Price must be number!&idAdd={$idAdd}");
} else {
if ($description == "") {
header("location:updateAdditional.php?errorMsg=Description must be filled!&idAdd={$idAdd}");
} else {
//update additional
mysql_query("UPDATE additional SET Additional_Name='" . $name . "', Price= '" . $price . "' , Description= '" . $description . "', Quantity= '" . $qty . "' WHERE ID_Additional='" . $idAdd . "'");
//insert additional_history
$count2 = mysql_query("SELECT ID_Additional_History as 'Flag' FROM additional_history ORDER BY ID_Additional_History DESC LIMIT 1") or die(mysql_error());
$temp2;
while ($row = mysql_fetch_array($count2)) {
<?php
session_start();
include "select_db.php";
$idTravel = $_POST['id'];
$name = $_POST['name'];
$address = $_POST['address'];
$telp = $_POST['telp'];
$email = $_POST['email'];
$diskon = $_POST['diskon'];
$link = $_POST['link'];
if ($name == "") {
header("location:updateTravel.php?errorMsg=Name must be filled!&idTravel={$idTravel}");
} else {
if (duplicateCheck($name, $idTravel) == false) {
header("location:updateTravel.php?errorMsg=Please insert different name!&idTravel={$idTravel}");
} else {
if ($address == "") {
header("location:updateTravel.php?errorMsg=Address must be filled!&idTravel={$idTravel}");
} else {
if ($telp == "") {
header("location:updateTravel.php?errorMsg=Telp must be filled!&idTravel={$idTravel}");
} else {
if (!ctype_digit($telp)) {
header("location:updateTravel.php?errorMsg=Telp must be number!&idTravel={$idTravel}");
} else {
if ($email == "") {
header("location:updateTravel.php?errorMsg=Email must be filled!&idTravel={$idTravel}");
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("location:updateTravel.php?errorMsg=Invalid Email format!&idTravel={$idTravel}");
<?php
session_start();
include "select_db.php";
$idUser = $_POST['id'];
$username = $_POST['username'];
$name = $_POST['name'];
$dob = $_POST['date'];
$email = $_POST['email'];
if ($username == "") {
header("location:updateUser.php?errorMsg=Username must be filled!&idUser={$idUser}");
} else {
if ($name == "") {
header("location:updateUser.php?errorMsg=Name must be filled!&idUser={$idUser}");
} else {
if (duplicateCheck($username, $idUser) == false) {
header("location:updateUser.php?errorMsg=Please insert different username!&idUser={$idUser}");
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("location:updateUser.php?errorMsg=Email must be filled!&idUser={$idUser}");
} else {
mysql_query("UPDATE user SET Username='******', Name= '" . $name . "', DOB='" . $dob . "', Email='" . $email . "' WHERE ID_User='******'");
header("location:users.php");
}
}
}
}
function duplicateCheck($username, $idUser)
{
$cekID = mysql_query("SELECT ID_User, Username FROM user WHERE ID_User = '******'");
while ($row = mysql_fetch_array($cekID)) {
session_start();
include "select_db.php";
include "picture_path.php";
$idUser = $_SESSION['idUser'];
$idRoom = $_POST['id'];
$name = $_POST['name'];
$picture = $_POST['picture'];
$price = $_POST['price'];
$capacity = $_POST['capacity'];
$description = $_POST['description'];
$facility = $_POST['facility'];
if ($name == "") {
header("location:updateRoomType.php?errorMsg=Name must be filled!&idRoom={$idRoom}");
} else {
if (duplicateCheck($name, $idRoom) == false) {
header("location:updateRoomType.php?errorMsg=Please insert different name!&idRoom={$idRoom}");
} else {
if ($price == "") {
header("location:updateRoomType.php?errorMsg=Price must be filled!&idRoom={$idRoom}");
} else {
if (!ctype_digit($price)) {
header("location:updateRoomType.php?errorMsg=Price must be numbers!&idRoom={$idRoom}");
} else {
if ($capacity == "") {
header("location:updateRoomType.php?errorMsg=Capacity must be filled!&idRoom={$idRoom}");
} else {
if (!ctype_digit($capacity)) {
header("location:updateRoomType.php?errorMsg=Capacity must be numbers!&idRoom={$idRoom}");
} else {
if ($description == "") {
