} } else { unset($_SESSION['editData']); exitError("manage/cars.php?c={$id}"); } } else { $_SESSION['editErr'] = 'There was an error updating the customer details, please try again.'; exitError("manage/cars.php?c={$id}"); } } elseif ($type == 'sale') { $amt = cookInput($_POST['amt']); $sale_type = cookInput($_POST['sale_type']); $u_id = cookInput($_POST['u_id']); $date = cookInput($_POST['date']); $c_id = cookInput($_POST['c_id']); $stf_id = cookInput($_POST['stf_id']); $_SESSION['editData'] = ['amt' => "{$amt}", 'sale_type' => "{$sale_type}", 'u_id' => "{$u_id}", 'c_id' => "{$c_id}", 'stf_id' => "{$stf_id}"]; // Prepare SQL $edit_sale_sql = "UPDATE `sale` SET `amt`='{$amt}',`date`='{$date}',`type`='{$sale_type}',`u_id`='{$u_id}',`c_id`='{$c_id}',`stf_id`='{$stf_id}' WHERE s_id='{$id}';"; // Insert Data if (mysqli_query($con, $edit_sale_sql)) { unset($_SESSION['editData']); exitError("manage/sales.php?s={$id}"); } else { $_SESSION['editErr'] = 'There was an error updating the customer details, please try again.'; exitError("manage/sales.php?s={$id}"); } } else { exitError("index.php"); } } else {
<?php require_once "common.php"; session_start(); if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) { //Clean and set variables $username = cookInput($_POST['username']); $password = cookInput($_POST['password']); $login_sql = "SELECT pw_en, email, perm, u_id FROM usr WHERE email='{$username}';"; $login_run = mysqli_query($con, $login_sql); $login_res = mysqli_fetch_assoc($login_run); $pw_en = $login_res['pw_en']; if ($login_res['email'] == $username) { if (password_verify($password, $pw_en)) { $_SESSION['logged_in'] = $login_res['email']; $_SESSION['perm'] = $login_res['perm']; $_SESSION['id'] = $login_res['u_id']; header("Location: ../../manage/profile.php"); mysqli_close($con); exit; } else { $_SESSION['loginStatus'] = "<p>Username or password is incorrect</p>"; exitError("login.php"); } } else { $_SESSION['loginStatus'] = "<p>Username or password is incorrect</p>"; exitError("login.php"); } } else { exitError("index.php"); }
<?php require_once "common.php"; session_start(); if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) { $name = cookInput($_POST['name']); $email = cookInput($_POST['email']); $phone = cookInput($_POST['phn']); $type = cookInput($_POST['reason']); $content = cookInput($_POST['message']); $userID = cookInput($_POST['usr']); $carID = cookInput($_POST['car']); $to = "*****@*****.**"; $subject = 'Contact Form - ' . $name . '- ABC Car Fleets'; $message = 'Name:' . $name . '<br>Email:' . $email . '<br>Phone:' . $phone . '<br>User ID:' . $userID . '<br>Car:' . $carID . '<br>Type:' . $type . '<br>Message:' . $content; if (mail($to, $subject, $message)) { $_SESSION['sendErr'] = "<p class='formPas'>Sent successfully.</p>"; exitError("browse.php?r={$carID}"); } else { $_SESSION['sendErr'] = "<p class='formErr'>Sending failed. Please try again, or send an email to '*****@*****.**'.</p>"; exitError("browse.php?r={$carID}"); } } else { exitError("index.php"); }
<?php require_once "common.php"; session_start(); if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) { $name = cookInput($_POST['name']); $email = cookInput($_POST['email']); $phone = cookInput($_POST['phone']); $type = cookInput($_POST['type']); $content = cookInput($_POST['content']); $to = "*****@*****.**"; $subject = 'Contact Form - ' . $name . '- ABC Car Fleets'; $message = 'Name:' . $name . '<br>Email:' . $email . '<br>Phone:' . $phone . '<br>Type:' . $type . '<br>Message:' . $content; if (mail($to, $subject, $message)) { $_SESSION['formStatus'] = "<p class='formPas'>Sent successfully.</p>"; exitError("contact.php"); } else { $_SESSION['formErr'] = "<p class='formErr'>Sending failed. Please try again, or send an email to '*****@*****.**'.</p>"; exitError("contact.php"); } } else { exitError("index.php"); }
<?php require_once '../assets/inc/common.php'; $perm_lvl = 2; require_once '../assets/inc/session.php'; if (isset($_GET['s'])) { $idCheck = 0; $supID = cookInput($_GET['s']); } require_once '../assets/inc/page_details.php'; ?> <!doctype html> <html> <head> <title>Suppliers | ABC Car Fleets Ltd</title> <?php require_once '../assets/cmn/html-header-back.php'; ?> </head> <body> <?php require_once "../assets/cmn/head-nav-back.php"; ?> <div class='content'> <?php echo $_SESSION['pgMsg']; ?> <div class='section'> <div class='sub left column <?php if (isset($supID) && $idCheck == 1) { echo "desktop";
<?php require_once '../assets/inc/common.php'; $perm_lvl = 3; require_once '../assets/inc/session.php'; if (isset($_GET['s'])) { $idCheck = 0; $stfID = cookInput($_GET['s']); } require_once '../assets/inc/page_details.php'; ?> <!doctype html> <html> <head> <title>Staff | ABC Car Fleets Ltd</title> <?php require_once '../assets/cmn/html-header-back.php'; ?> </head> <body> <?php require_once "../assets/cmn/head-nav-back.php"; ?> <div class='content'> <?php echo $_SESSION['pgMsg']; ?> <div class='section'> <div class='sub left column <?php if (isset($stfID) && $idCheck == 1) { echo "desktop";
<?php require_once "common.php"; session_start(); if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) { $action = cookInput($_POST['action']); if (isset($action) && $action == 'delete') { $type = cookInput($_POST['type']); $id = cookInput($_POST['id']); $confirm = cookInput($_POST['confirm']); if ($type == 'supply' && $confirm == 'delete') { $d_sup_sql = "DELETE FROM usr WHERE perm='4' AND u_id='{$id}';"; if (mysqli_query($con, $d_sup_sql)) { $_SESSION['pgMsg'] = '<p id="sup-success" class="message hover pass">Supplier successfully deleted. | <a href="javascript:void(0);" onclick="hide(\'sup_success\')">X</a></p>'; exitError("manage/suppliers.php"); } else { $_SESSION['delErr'] = 'Failed to delete supplier, please try again.'; exitError("manage/suppliers.php?s={$id}"); } } elseif ($type == 'customer' && $confirm == 'delete') { $d_cus_sql = "DELETE FROM usr WHERE perm='1' AND u_id='{$id}';"; if (mysqli_query($con, $d_cust_sql)) { $_SESSION['pgMsg'] = '<p id="cus-success" class="message hover pass">Customer successfully deleted. | <a href="javascript:void(0);" onclick="hide(\'cus_success\')">X</a></p>'; exitError("manage/customer.php"); } else { $_SESSION['delErr'] = 'Failed to delete customer, please try again.'; exitError("manage/customer.php?c={$id}"); } } elseif ($type == 'staff' && $confirm == 'delete') { $d_stf_sql = "DELETE FROM usr WHERE perm='2' AND u_id='{$id}';"; if (mysqli_query($con, $d_stf_sql)) {
<?php require_once "common.php"; session_start(); if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) { //Clean and set variables $username = cookInput($_POST['username']); $password = cookInput($_POST['password']); $confirm = cookInput($_POST['confirm']); $first = cookInput($_POST['first']); $last = cookInput($_POST['last']); $phone = cookInput($_POST['phone']); $street = cookInput($_POST['street']); $state = cookInput($_POST['state']); $postcode = cookInput($_POST['postcode']); $_SESSION['regData'] = array("username" => $username, "password" => $password, "confirm" => $confirm, "first" => $first, "last" => $last, "phone" => $phone, "street" => $street, "state" => $state, "postcode" => $postcode); if ($password != $confirm) { $_SESSION['regErr'] .= "<p>Passwords do not match.</p>"; } if (!is_numeric($phone)) { $_SESSION['regErr'] .= "<p>Phone number must be numbers only.</p>"; } if (!is_numeric($postcode)) { $_SESSION['regErr'] .= "<p>Postcode must be numbers only.</p>"; } $userck_sql = "SELECT email FROM usr WHERE email='{$username}';"; $userck_run = mysqli_query($con, $userck_sql); $userck_res = mysqli_num_rows($userck_run); if ($userck_res == '0') { $pw_en = password_hash($password, PASSWORD_DEFAULT); $register_sql = "INSERT INTO usr (email, pw_en, fn, ln, phn, loc, ste, ptcd) VALUES ('{$username}','{$pw_en}','{$first}','{$last}','{$phone}','{$street}','{$state}','{$postcode}');";
<?php require_once "common.php"; session_start(); if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) { $query = cookInput($_POST['query']); $type = cookInput($_POST['type']); $trans = cookInput($_POST['trans']); $yr = cookInput($_POST['yr']); $priceMin = cookInput($_POST['price-min']); $priceMax = cookInput($_POST['price-max']); $_SESSION['searchData'] = ['query' => "{$query}", 'type' => "{$type}", 'trans' => "{$trans}", 'yr' => "{$yr}", 'priceMin' => "{$priceMin}", 'priceMax' => "{$priceMax}"]; // Create SQL base $query_sql = "SELECT c_id, yr, mdl, brd, mke, rego, cond, desr, date, tran, price FROM car WHERE 1=2 "; // Check what options are selected and change the query to suit if (!empty($query)) { $string = explode(" ", $query); foreach ($string as $s) { $query_sql .= " OR yr LIKE '%{$s}%' OR mdl LIKE '%{$s}%' OR brd LIKE '%{$s}%' OR mke LIKE '%{$s}%' OR mdl LIKE '%{$s}%' OR cond LIKE '%{$s}%' OR desr LIKE '%{$s}%' OR tran LIKE '%{$s}%'"; } if (!empty($type)) { $query_sql .= "AND cond='{$type}'"; } if (!empty($yr)) { $query_sql .= "AND yr='{$yr}'"; } if (!empty($trans)) { $query_sql .= "AND tran='{$trans}'"; } if (!empty($priceMin)) { $query_sql .= "AND price>='{$priceMin}'";
<?php require_once '../assets/inc/common.php'; $perm_lvl = 2; require_once '../assets/inc/session.php'; if (isset($_GET['c'])) { $idCheck = 0; $cusID = cookInput($_GET['c']); } require_once '../assets/inc/page_details.php'; ?> <!doctype html> <html> <head> <title>Customers | ABC Car Fleets Ltd</title> <?php require_once '../assets/cmn/html-header-back.php'; ?> </head> <body> <?php require_once "../assets/cmn/head-nav-back.php"; ?> <div class='content'> <?php echo $_SESSION['pgMsg']; ?> <div class='section'> <div class='sub left column <?php if (isset($cusID) && $idCheck == 1) { echo "desktop";
<?php require_once '../assets/inc/common.php'; $perm_lvl = 2; require_once '../assets/inc/session.php'; if (isset($_GET['c'])) { $idCheck = 0; $carID = cookInput($_GET['c']); } require_once '../assets/inc/page_details.php'; ?> <!doctype html> <html> <head> <title>Cars | ABC Car Fleets Ltd</title> <?php require_once '../assets/cmn/html-header-back.php'; ?> </head> <body> <?php require_once "../assets/cmn/head-nav-back.php"; ?> <div class='content'> <?php echo $_SESSION['pgMsg']; ?> <div class='section'> <div class='sub left column <?php if (isset($carID) && $idCheck == 1) { echo "desktop";
<?php $searchActive = 0; require_once 'assets/inc/common.php'; session_start(); if (isset($_GET['r'])) { $searchActive = 2; $resultID = cookInput($_GET['r']); } if (isset($_SESSION['search_string'])) { $searchActive = 1; $search = $_SESSION['search_string']; unset($_SESSION['search_string']); } if (isset($_GET['t'])) { $type_filter = cookInput($_GET['t']); } require_once 'assets/inc/search-results.php'; ?> <!doctype html> <html> <head> <title>Browse | ABC Car Fleets Ltd</title> <?php require_once 'assets/cmn/html-header.php'; ?> </head> <body> <?php require_once "assets/cmn/head-nav.php"; ?>
<?php require_once '../assets/inc/common.php'; $perm_lvl = 2; require_once '../assets/inc/session.php'; if (isset($_GET['s'])) { $idCheck = 0; $saleID = cookInput($_GET['s']); } require_once '../assets/inc/page_details.php'; ?> <!doctype html> <html> <head> <title>Sales | ABC Car Fleets Ltd</title> <?php require_once '../assets/cmn/html-header-back.php'; ?> </head> <body> <?php require_once "../assets/cmn/head-nav-back.php"; ?> <div class='content'> <?php echo $_SESSION['pgMsg']; ?> <div class='section'> <div class='sub left column <?php if (isset($saleID) && $idCheck == 1) { echo "desktop";