function current_user()
{
static $current_user;
global $con;
if (!$current_user) {
if (isset($_SESSION['user_id'])) {
$user_id = intval($_SESSION['user_id']);
$sql = "SELECT * FROM ";
$sql .= "users WHERE ";
$sql .= " id=" . real_escape($user_id);
$result = mysqli_query($con, $sql);
if (mysqli_num_rows($result)) {
$current_user = mysqli_fetch_assoc($result);
return $current_user;
}
}
}
return $current_user;
}
while ($row = mysqli_fetch_array($result)) {
$html .= "<li class=\"list-group-item\">";
$html .= $row['name'];
$html .= "</li>";
}
} else {
$html .= '<li onClick=\\"fill(\'' . addslashes() . '\')\\" class=\\"list-group-item\\">';
$html .= 'Not found';
$html .= "</li>";
}
echo json_encode($html);
}
?>
<?php
if (isset($_POST['p_name']) && strlen($_POST['p_name'])) {
$product_title = remove_junk(real_escape($_POST['p_name']));
if ($results = find_product_views_by_name($product_title)) {
foreach ($results as $result) {
$html .= "<tr>";
$html .= "<td id=\"s_name\">" . $result['name'] . "</td>";
$html .= "<input type=\"hidden\" name=\"s_id\" value=\"{$result['id']}\">";
$html .= "<td>";
$html .= "<input type=\"text\" class=\"form-control\" name=\"price\" value=\"{$result['sale_price']}\">";
$html .= "</td>";
$html .= "<td id=\"s_qty\">";
$html .= "<input type=\"text\" class=\"form-control\" name=\"quantity\" value=\"1\">";
$html .= "</td>";
$html .= "<td>";
$html .= "<input type=\"text\" class=\"form-control\" name=\"total\" value=\"{$result['sale_price']}\">";
$html .= "</td>";
$html .= "<td>";
}
$product = find_by_product_id((int) $_GET['id']);
$all_categories = all_catgories();
if (!$product) {
$session->msg("d", "Missing product id.");
redirect('product.php');
}
if (isset($_POST['product'])) {
$req_fields = array('product-title', 'product-categorie', 'product-quantity', 'buying-price', 'saleing-price');
validate_fields($req_fields);
if (empty($errors)) {
$p_name = remove_junk(real_escape($_POST['product-title']));
$p_cat = (int) $_POST['product-categorie'];
$p_qty = remove_junk(real_escape($_POST['product-quantity']));
$p_buy = remove_junk(real_escape($_POST['buying-price']));
$p_sale = remove_junk(real_escape($_POST['saleing-price']));
$query = "UPDATE products SET";
$query .= " name ='{$p_name}', quantity ='{$p_qty}',";
$query .= " buy_price ='{$p_buy}', sale_price ='{$p_sale}', categorie_id ='{$p_cat}'";
$query .= " WHERE id ='{$product['id']}'";
$result = mysqli_query($con, $query);
if ($result && mysqli_affected_rows($con) == 1) {
$session->msg('s', "Product updated ");
redirect('product.php', false);
} else {
$session->msg('d', ' Sorry failed to updated!');
redirect('edit_product.php?id=' . $product['id'], false);
}
} else {
$session->msg("d", $errors);
redirect('edit_product.php?id=' . $product['id'], false);
function delete_sale_by_id($id)
{
global $con;
$delete_id = real_escape($id);
$sql = "DELETE FROM sales";
$sql .= " WHERE id='{$id}'";
$sql .= " LIMIT 1";
$result = mysqli_query($con, $sql);
return mysqli_affected_rows($con) == 1 ? true : false;
}
<?php
require_once 'includes/load.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
if (isset($_POST['add_sale'])) {
$req_fields = array('s_id', 'quantity', 'price', 'total', 'date');
validate_fields($req_fields);
if (empty($errors)) {
$p_id = real_escape((int) $_POST['s_id']);
$s_qty = real_escape((int) $_POST['quantity']);
$s_total = real_escape($_POST['total']);
$date = real_escape($_POST['date']);
$s_date = date("Y-m-d", strtotime($date));
$sql = "INSERT INTO sales (";
$sql .= " product_id,qty,price,date";
$sql .= ") VALUES (";
$sql .= "'{$p_id}','{$s_qty}','{$s_total}','{$s_date}'";
$sql .= ")";
$result = mysqli_query($con, $sql);
if ($result) {
update_product_qty($s_qty, $p_id);
$session->msg('s', "Sale added. ");
redirect('add_sale.php', false);
} else {
$session->msg('d', ' Sorry failed to add!');
redirect('add_sale.php', false);
}
} else {
$session->msg("d", $errors);
require_once 'includes/load.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
$user = current_user();
if (isset($_POST['update'])) {
$req_fields = array('new-password', 'old-password');
validate_fields($req_fields);
if (sha1($_POST['old-password']) !== current_user()['password']) {
$errors = "Your old password not match";
$session->msg('d', $errors);
redirect('change_password.php', false);
}
if (empty($errors)) {
$id = (int) $_SESSION['user_id'];
$new = remove_junk(real_escape(sha1($_POST['new-password'])));
$sql = "UPDATE users SET password ='******' WHERE id='{$id}'";
$result = mysqli_query($con, $sql);
if ($result && mysqli_affected_rows($con) == 1) {
$session->msg('s', "Acount updated");
redirect('change_password.php', false);
} else {
$session->msg('d', ' Sorry failed to updated!');
redirect('change_password.php', false);
}
} else {
$session->msg("d", $errors);
redirect('change_password.php', false);
}
}
include_once 'layouts/header.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
//Display all catgories.
$categorie = find_by_cat_id((int) $_GET['id']);
if (!$categorie) {
$session->msg("d", "Missing categorie id.");
redirect('categorie.php');
}
?>
<?php
if (isset($_POST['edit_cat'])) {
$req_field = array('categorie-name');
validate_fields($req_field);
$cat_name = remove_junk(real_escape($_POST['categorie-name']));
if (empty($errors)) {
$sql = "UPDATE categories SET name='{$cat_name}'";
$sql .= " WHERE id='{$categorie['id']}'";
$result = mysqli_query($con, $sql);
if ($result && mysqli_affected_rows($con) == 1) {
$session->msg("s", "Successfully Added Categorie");
redirect('categorie.php', false);
} else {
$session->msg("d", "Sorry Failed to Update");
redirect('categorie.php', false);
}
} else {
$session->msg("d", $errors);
redirect('categorie.php', false);
}
require_once 'includes/load.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
$e_user = find_by_user_id((int) $_GET['id']);
if (!$e_user) {
$session->msg("d", "Missing user id.");
redirect('users.php');
}
if (isset($_POST['update'])) {
$req_fields = array('name', 'username');
validate_fields($req_fields);
if (empty($errors)) {
$id = (int) $e_user['id'];
$name = remove_junk(real_escape($_POST['name']));
$username = remove_junk(real_escape($_POST['username']));
$sql = "UPDATE users SET name ='{$name}', username ='******' WHERE id='{$id}'";
$result = mysqli_query($con, $sql);
if ($result && mysqli_affected_rows($con) == 1) {
$session->msg('s', "Acount updated ");
redirect('edit_user.php?id=' . (int) $e_user['id'], false);
} else {
$session->msg('d', ' Sorry failed to updated!');
redirect('edit_user.php?id=' . (int) $e_user['id'], false);
}
} else {
$session->msg("d", $errors);
redirect('edit_user.php?id=' . (int) $e_user['id'], false);
}
}
include_once 'layouts/header.php';
<?php
$results = '';
require_once 'includes/load.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
if (isset($_POST['submit'])) {
$req_dates = array('start-date', 'end-date');
validate_fields($req_dates);
if (empty($errors)) {
$start_date = remove_junk(real_escape($_POST['start-date']));
$end_date = remove_junk(real_escape($_POST['end-date']));
$results = find_sale_by_dates($start_date, $end_date);
} else {
$session->msg("d", $errors);
redirect('sales_report.php', false);
}
}
include_once 'layouts/header.php';
?>
<div class="row">
<div class="col-md-6">
<?php
echo display_msg($msg);
?>
</div>
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
</div>
<?php
require_once 'includes/load.php';
if (!$session->isUserLoggedIn(true)) {
redirect('index.php', false);
}
if (isset($_POST['add_user'])) {
$req_fields = array('full-name', 'username', 'password');
validate_fields($req_fields);
$name = remove_junk($_POST['full-name']);
$username = remove_junk($_POST['username']);
$password = remove_junk($_POST['password']);
if (empty($errors)) {
$name = real_escape($name);
$username = real_escape($username);
$password = real_escape($password);
$password = sha1($password);
$query = "INSERT INTO users (";
$query .= " name,username,password";
$query .= ") VALUES (";
$query .= " '{$name}', '{$username}', '{$password}'";
$query .= ")";
$result = mysqli_query($con, $query);
if ($result) {
//sucess
$session->msg('s', "User account has been creted! ");
redirect('index.php', false);
} else {
//failed
$session->msg('d', ' Sorry failed to create account!');
redirect('add_user.php', false);