}
} else {
unset($_SESSION['editData']);
exitError("manage/cars.php?c={$id}");
}
} else {
$_SESSION['editErr'] = 'There was an error updating the customer details, please try again.';
exitError("manage/cars.php?c={$id}");
}
} elseif ($type == 'sale') {
$amt = cookInput($_POST['amt']);
$sale_type = cookInput($_POST['sale_type']);
$u_id = cookInput($_POST['u_id']);
$date = cookInput($_POST['date']);
$c_id = cookInput($_POST['c_id']);
$stf_id = cookInput($_POST['stf_id']);
$_SESSION['editData'] = ['amt' => "{$amt}", 'sale_type' => "{$sale_type}", 'u_id' => "{$u_id}", 'c_id' => "{$c_id}", 'stf_id' => "{$stf_id}"];
// Prepare SQL
$edit_sale_sql = "UPDATE `sale` SET `amt`='{$amt}',`date`='{$date}',`type`='{$sale_type}',`u_id`='{$u_id}',`c_id`='{$c_id}',`stf_id`='{$stf_id}' WHERE s_id='{$id}';";
// Insert Data
if (mysqli_query($con, $edit_sale_sql)) {
unset($_SESSION['editData']);
exitError("manage/sales.php?s={$id}");
} else {
$_SESSION['editErr'] = 'There was an error updating the customer details, please try again.';
exitError("manage/sales.php?s={$id}");
}
} else {
exitError("index.php");
}
} else {
<?php
require_once "common.php";
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
//Clean and set variables
$username = cookInput($_POST['username']);
$password = cookInput($_POST['password']);
$login_sql = "SELECT pw_en, email, perm, u_id FROM usr WHERE email='{$username}';";
$login_run = mysqli_query($con, $login_sql);
$login_res = mysqli_fetch_assoc($login_run);
$pw_en = $login_res['pw_en'];
if ($login_res['email'] == $username) {
if (password_verify($password, $pw_en)) {
$_SESSION['logged_in'] = $login_res['email'];
$_SESSION['perm'] = $login_res['perm'];
$_SESSION['id'] = $login_res['u_id'];
header("Location: ../../manage/profile.php");
mysqli_close($con);
exit;
} else {
$_SESSION['loginStatus'] = "<p>Username or password is incorrect</p>";
exitError("login.php");
}
} else {
$_SESSION['loginStatus'] = "<p>Username or password is incorrect</p>";
exitError("login.php");
}
} else {
exitError("index.php");
}
<?php
require_once "common.php";
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
$name = cookInput($_POST['name']);
$email = cookInput($_POST['email']);
$phone = cookInput($_POST['phn']);
$type = cookInput($_POST['reason']);
$content = cookInput($_POST['message']);
$userID = cookInput($_POST['usr']);
$carID = cookInput($_POST['car']);
$to = "*****@*****.**";
$subject = 'Contact Form - ' . $name . '- ABC Car Fleets';
$message = 'Name:' . $name . '<br>Email:' . $email . '<br>Phone:' . $phone . '<br>User ID:' . $userID . '<br>Car:' . $carID . '<br>Type:' . $type . '<br>Message:' . $content;
if (mail($to, $subject, $message)) {
$_SESSION['sendErr'] = "<p class='formPas'>Sent successfully.</p>";
exitError("browse.php?r={$carID}");
} else {
$_SESSION['sendErr'] = "<p class='formErr'>Sending failed. Please try again, or send an email to '*****@*****.**'.</p>";
exitError("browse.php?r={$carID}");
}
} else {
exitError("index.php");
}
<?php
require_once "common.php";
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
$name = cookInput($_POST['name']);
$email = cookInput($_POST['email']);
$phone = cookInput($_POST['phone']);
$type = cookInput($_POST['type']);
$content = cookInput($_POST['content']);
$to = "*****@*****.**";
$subject = 'Contact Form - ' . $name . '- ABC Car Fleets';
$message = 'Name:' . $name . '<br>Email:' . $email . '<br>Phone:' . $phone . '<br>Type:' . $type . '<br>Message:' . $content;
if (mail($to, $subject, $message)) {
$_SESSION['formStatus'] = "<p class='formPas'>Sent successfully.</p>";
exitError("contact.php");
} else {
$_SESSION['formErr'] = "<p class='formErr'>Sending failed. Please try again, or send an email to '*****@*****.**'.</p>";
exitError("contact.php");
}
} else {
exitError("index.php");
}
<?php
require_once '../assets/inc/common.php';
$perm_lvl = 2;
require_once '../assets/inc/session.php';
if (isset($_GET['s'])) {
$idCheck = 0;
$supID = cookInput($_GET['s']);
}
require_once '../assets/inc/page_details.php';
?>
<!doctype html>
<html>
<head>
<title>Suppliers | ABC Car Fleets Ltd</title>
<?php
require_once '../assets/cmn/html-header-back.php';
?>
</head>
<body>
<?php
require_once "../assets/cmn/head-nav-back.php";
?>
<div class='content'>
<?php
echo $_SESSION['pgMsg'];
?>
<div class='section'>
<div class='sub left column <?php
if (isset($supID) && $idCheck == 1) {
echo "desktop";
<?php
require_once '../assets/inc/common.php';
$perm_lvl = 3;
require_once '../assets/inc/session.php';
if (isset($_GET['s'])) {
$idCheck = 0;
$stfID = cookInput($_GET['s']);
}
require_once '../assets/inc/page_details.php';
?>
<!doctype html>
<html>
<head>
<title>Staff | ABC Car Fleets Ltd</title>
<?php
require_once '../assets/cmn/html-header-back.php';
?>
</head>
<body>
<?php
require_once "../assets/cmn/head-nav-back.php";
?>
<div class='content'>
<?php
echo $_SESSION['pgMsg'];
?>
<div class='section'>
<div class='sub left column <?php
if (isset($stfID) && $idCheck == 1) {
echo "desktop";
<?php
require_once "common.php";
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
$action = cookInput($_POST['action']);
if (isset($action) && $action == 'delete') {
$type = cookInput($_POST['type']);
$id = cookInput($_POST['id']);
$confirm = cookInput($_POST['confirm']);
if ($type == 'supply' && $confirm == 'delete') {
$d_sup_sql = "DELETE FROM usr WHERE perm='4' AND u_id='{$id}';";
if (mysqli_query($con, $d_sup_sql)) {
$_SESSION['pgMsg'] = '<p id="sup-success" class="message hover pass">Supplier successfully deleted. | <a href="javascript:void(0);" onclick="hide(\'sup_success\')">X</a></p>';
exitError("manage/suppliers.php");
} else {
$_SESSION['delErr'] = 'Failed to delete supplier, please try again.';
exitError("manage/suppliers.php?s={$id}");
}
} elseif ($type == 'customer' && $confirm == 'delete') {
$d_cus_sql = "DELETE FROM usr WHERE perm='1' AND u_id='{$id}';";
if (mysqli_query($con, $d_cust_sql)) {
$_SESSION['pgMsg'] = '<p id="cus-success" class="message hover pass">Customer successfully deleted. | <a href="javascript:void(0);" onclick="hide(\'cus_success\')">X</a></p>';
exitError("manage/customer.php");
} else {
$_SESSION['delErr'] = 'Failed to delete customer, please try again.';
exitError("manage/customer.php?c={$id}");
}
} elseif ($type == 'staff' && $confirm == 'delete') {
$d_stf_sql = "DELETE FROM usr WHERE perm='2' AND u_id='{$id}';";
if (mysqli_query($con, $d_stf_sql)) {
<?php
require_once "common.php";
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
//Clean and set variables
$username = cookInput($_POST['username']);
$password = cookInput($_POST['password']);
$confirm = cookInput($_POST['confirm']);
$first = cookInput($_POST['first']);
$last = cookInput($_POST['last']);
$phone = cookInput($_POST['phone']);
$street = cookInput($_POST['street']);
$state = cookInput($_POST['state']);
$postcode = cookInput($_POST['postcode']);
$_SESSION['regData'] = array("username" => $username, "password" => $password, "confirm" => $confirm, "first" => $first, "last" => $last, "phone" => $phone, "street" => $street, "state" => $state, "postcode" => $postcode);
if ($password != $confirm) {
$_SESSION['regErr'] .= "<p>Passwords do not match.</p>";
}
if (!is_numeric($phone)) {
$_SESSION['regErr'] .= "<p>Phone number must be numbers only.</p>";
}
if (!is_numeric($postcode)) {
$_SESSION['regErr'] .= "<p>Postcode must be numbers only.</p>";
}
$userck_sql = "SELECT email FROM usr WHERE email='{$username}';";
$userck_run = mysqli_query($con, $userck_sql);
$userck_res = mysqli_num_rows($userck_run);
if ($userck_res == '0') {
$pw_en = password_hash($password, PASSWORD_DEFAULT);
$register_sql = "INSERT INTO usr (email, pw_en, fn, ln, phn, loc, ste, ptcd) VALUES ('{$username}','{$pw_en}','{$first}','{$last}','{$phone}','{$street}','{$state}','{$postcode}');";
<?php
require_once "common.php";
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
$query = cookInput($_POST['query']);
$type = cookInput($_POST['type']);
$trans = cookInput($_POST['trans']);
$yr = cookInput($_POST['yr']);
$priceMin = cookInput($_POST['price-min']);
$priceMax = cookInput($_POST['price-max']);
$_SESSION['searchData'] = ['query' => "{$query}", 'type' => "{$type}", 'trans' => "{$trans}", 'yr' => "{$yr}", 'priceMin' => "{$priceMin}", 'priceMax' => "{$priceMax}"];
// Create SQL base
$query_sql = "SELECT c_id, yr, mdl, brd, mke, rego, cond, desr, date, tran, price FROM car WHERE 1=2 ";
// Check what options are selected and change the query to suit
if (!empty($query)) {
$string = explode(" ", $query);
foreach ($string as $s) {
$query_sql .= " OR yr LIKE '%{$s}%' OR mdl LIKE '%{$s}%' OR brd LIKE '%{$s}%' OR mke LIKE '%{$s}%' OR mdl LIKE '%{$s}%' OR cond LIKE '%{$s}%' OR desr LIKE '%{$s}%' OR tran LIKE '%{$s}%'";
}
if (!empty($type)) {
$query_sql .= "AND cond='{$type}'";
}
if (!empty($yr)) {
$query_sql .= "AND yr='{$yr}'";
}
if (!empty($trans)) {
$query_sql .= "AND tran='{$trans}'";
}
if (!empty($priceMin)) {
$query_sql .= "AND price>='{$priceMin}'";
<?php
require_once '../assets/inc/common.php';
$perm_lvl = 2;
require_once '../assets/inc/session.php';
if (isset($_GET['c'])) {
$idCheck = 0;
$cusID = cookInput($_GET['c']);
}
require_once '../assets/inc/page_details.php';
?>
<!doctype html>
<html>
<head>
<title>Customers | ABC Car Fleets Ltd</title>
<?php
require_once '../assets/cmn/html-header-back.php';
?>
</head>
<body>
<?php
require_once "../assets/cmn/head-nav-back.php";
?>
<div class='content'>
<?php
echo $_SESSION['pgMsg'];
?>
<div class='section'>
<div class='sub left column <?php
if (isset($cusID) && $idCheck == 1) {
echo "desktop";
<?php
require_once '../assets/inc/common.php';
$perm_lvl = 2;
require_once '../assets/inc/session.php';
if (isset($_GET['c'])) {
$idCheck = 0;
$carID = cookInput($_GET['c']);
}
require_once '../assets/inc/page_details.php';
?>
<!doctype html>
<html>
<head>
<title>Cars | ABC Car Fleets Ltd</title>
<?php
require_once '../assets/cmn/html-header-back.php';
?>
</head>
<body>
<?php
require_once "../assets/cmn/head-nav-back.php";
?>
<div class='content'>
<?php
echo $_SESSION['pgMsg'];
?>
<div class='section'>
<div class='sub left column <?php
if (isset($carID) && $idCheck == 1) {
echo "desktop";
<?php
$searchActive = 0;
require_once 'assets/inc/common.php';
session_start();
if (isset($_GET['r'])) {
$searchActive = 2;
$resultID = cookInput($_GET['r']);
}
if (isset($_SESSION['search_string'])) {
$searchActive = 1;
$search = $_SESSION['search_string'];
unset($_SESSION['search_string']);
}
if (isset($_GET['t'])) {
$type_filter = cookInput($_GET['t']);
}
require_once 'assets/inc/search-results.php';
?>
<!doctype html>
<html>
<head>
<title>Browse | ABC Car Fleets Ltd</title>
<?php
require_once 'assets/cmn/html-header.php';
?>
</head>
<body>
<?php
require_once "assets/cmn/head-nav.php";
?>
<?php
require_once '../assets/inc/common.php';
$perm_lvl = 2;
require_once '../assets/inc/session.php';
if (isset($_GET['s'])) {
$idCheck = 0;
$saleID = cookInput($_GET['s']);
}
require_once '../assets/inc/page_details.php';
?>
<!doctype html>
<html>
<head>
<title>Sales | ABC Car Fleets Ltd</title>
<?php
require_once '../assets/cmn/html-header-back.php';
?>
</head>
<body>
<?php
require_once "../assets/cmn/head-nav-back.php";
?>
<div class='content'>
<?php
echo $_SESSION['pgMsg'];
?>
<div class='section'>
<div class='sub left column <?php
if (isset($saleID) && $idCheck == 1) {
echo "desktop";
