$_SESSION['check'] = 'add'; header("Location:" . $AbsoluteURLAdmin . "index.php?p=" . $p); exit; } if ($a == "delete") { $SQL = "delete from category where CategoryId='" . $CategoryId . "'"; $rspropertydel = $objDB->sql_query($SQL); $success = "Category Deleted SuccessFully"; $_SESSION['success'] = $success; $_SESSION['check'] = 'add'; header("Location:" . $AbsoluteURLAdmin . "index.php?p=" . $p); exit; } if ($a == "muldelete") { $multipledel = loadvariable('multipledel', ''); $todo = loadvariable('todo', ''); if ($multipledel != '') { if (count($multipledel) > 0) { for ($i = 0; $i < count($multipledel); $i++) { $del_id = $multipledel[$i]; //echo $del_id.'<br/>'; if ($todo == "delete") { $SQL = "delete from category where CategoryId ='" . $del_id . "' "; $rsExtPro = $objDB->sql_query($SQL); } else { $erro = "Something Wrong."; } } } $_SESSION['success'] = "<span>Selected Category Deleted.</span>"; $_SESSION['check'] = 'add';
<?php error_reporting(0); $p = loadvariable("p", ""); $username = loadvariable("name", ""); $email = loadvariable("email", ""); $mobile = loadvariable("phone", ""); $msg = loadvariable("message", ""); $sql = "insert into mn_contactus(mn_user_name,mn_user_email,mn_user_phone,mn_user_msg)values('" . $username . "','" . $email . "','" . $mobile . "','" . $msg . "')"; $objDB->sql_query($sql); header("location:index.php?p=home");
error_reporting(0); $p = loadvariable("p", ""); $username = loadvariable("username", ""); $firstname = loadvariable("firstname", ""); $lastname = loadvariable("lastname", ""); //$gender=loadvariable("gender",""); $gender = loadvariable("gender", ""); $email = loadvariable("email", ""); $password = loadvariable("password", ""); $country = loadvariable("country", ""); $state = loadvariable("state", ""); $city = loadvariable("city", ""); $pincode = loadvariable("pincode", ""); $address = loadvariable("address", ""); $Status = loadvariable("Status", "1"); $flag = 0; // check for user name.... $sql = "select email from user "; $rsemail = $objDB->select($sql); //$result=mysql_query($sql); for ($i = 0; $i < count($rsemail); $i++) { $email1 = $rsemail[$i]['email']; if ($email == $email1) { $flag = 1; } } if ($flag == 1) { $_SESSION["uname"] = "Unavailable UserName"; header("location:index.php?p=registration"); exit;
<?php $p = loadVariable("p", ""); $a = loadVariable("a", ""); $sz = loadVariable("Size", ''); $ProductId = loadVariable("ProductId", 0); $maincategory = loadVariable('maincategory', ''); $brand = loadVariable('brand', ''); $product_type = loadVariable('product_type', ''); $price = loadVariable('price', ''); $productname = loadVariable('productname', ''); $file = loadvariable("file", ""); $description = loadVariable('description', ''); $priview = loadVariable('preview_audio', ''); $submit = loadvariable('submit', ''); $quantity = loadVariable('quantity', ''); if ($p == "product") { if ($submit == 'Save') { if ($a == "add") { $product_str = ""; $audio_str = ""; $priview_str = ""; $product_image = upload("product_image", "images/Product_Image/", "jpg,png,bmp,gif"); $audio = upload("audio", "images/Product_audio", "mp3,amr,wav"); $priview = upload("priview", "images/Product_audio", "mp3,amr,wav"); $product_str = 'UNSET1.jpg'; if ($product_image[1] == "") { $product_str = $product_image[0]; } if ($audio[1] == "") { $audio_str = $audio[0];
header("Location:" . $AbsoluteURL . "xstore-admin/index.php?p=admin_list"); exit; } } } if ($a == 'delete' && $AdminID != '0') { $SQL = "delete from admin where AdminID=" . $AdminID; $rsAdmin = $objDB->sql_query($SQL); $success = "Admin Deleted SuccessFully"; $_SESSION['success'] = $success; $_SESSION['check'] = 'add'; header("Location:" . $AbsoluteURL . "xstore-admin/index.php?p=admin_list"); exit; } if ($a == "muldelete") { $multipledel = loadvariable('multipledel', ''); if ($multipledel != '') { if (count($multipledel) > 0) { for ($i = 0; $i < count($multipledel); $i++) { $del_id = $multipledel[$i]; //echo $del_id.'<br/>'; $SQL = "DELETE from admin where AdminID='" . $del_id . "' "; $rsMember = $objDB->sql_query($SQL); } } $success = "Selected Admins Deleted"; $_SESSION['success'] = $success; $_SESSION['check'] = 'add'; header("Location:" . $AbsoluteURL . "xstore-admin/index.php?p=admin_list"); exit; } else {
<?php error_reporting(0); $p = loadvariable("p", ""); $oldpass = loadvariable("oldpass", ""); $newpass = loadvariable("newpass", ""); $rnewpass = loadvariable("rnewpass", ""); $flag = 0; // check for user name.... $sql = "select password from user where email= '" . $_SESSION["email"] . "'"; $rspass = $objDB->select($sql); //$result=mysql_query($sql); for ($i = 0; $i < count($rspass); $i++) { $oldpass1 = $rspass[$i]['password']; if ($oldpass != $oldpass1) { $flag = 1; } if ($newpass == $oldpass1) { $flag = 2; } } if ($flag == 1) { $_SESSION["old"] = "Password change failed. Please provide your old password correctly."; header("location:index.php?p=changepass"); exit; } if ($flag == 2) { $_SESSION["new"] = "Password change failed. New Password same as the old password"; header("location:index.php?p=changepass"); exit; } else {
<?php $p = loadvariable('p', ''); $a = loadvariable('a', ''); $review_Id = loadvariable('review_Id', ''); $ProductId = loadvariable('ProductId', ''); $review_name = loadvariable('review_name', ''); $review_title = loadVariable('review_title', ''); $review_description = loadvariable('review_description', ''); $add_date = date('Y-m-d'); $status = loadvariable('status', '0'); if ($a == 'add') { // add $SQL = "insert product_review set ProductId ='" . inserttext($ProductId) . "',review_name ='" . inserttext($review_name) . "',review_title='" . inserttext($review_title) . "',review_description= '" . inserttext($review_description) . "',add_date='" . inserttext($add_date) . "',status= '" . inserttext($status) . "'"; $insert = $objDB->insert($SQL); echo '1'; //header("Location:" . $AbsoluteURLAdmin . "index.php?p=manage_site_menu&a=edit&id=$lastid"); exit; }
<?php error_reporting(0); $p = loadvariable("p", ""); $firstname = loadvariable("firstname", ""); $lastname = loadvariable("lastname", ""); //$gender=loadvariable("gender",""); $password = loadvariable("password", ""); $email = loadvariable("email", ""); $flag = 0; // check for user name.... $sql = "select email from user"; $rsemail = $objDB->select($sql); //$result=mysql_query($sql); for ($i = 0; $i < count($rsemail); $i++) { $email1 = $rsemail[$i]['email']; if ($email == $email1) { $flag = 1; } } if ($flag == 1) { $_SESSION["uname"] = "Unavailable UserName"; header("location:index.php?p=login"); exit; } else { $sql = "insert into user(firstname,lastname,email,password,Status) values ('" . $firstname . "','" . $lastname . "','" . $email . "','" . $password . "','1')"; $objDB->insert($sql); $sql1 = "select * from user where email='" . $email . "'"; $rslogin = $objDB->select($sql1); $result1 = mysql_query($sql1); for ($i = 0; $i < count($rslogin); $i++) {
<?php error_reporting(0); $p = loadvariable("p", ""); $firstname = loadvariable("firstname", ""); $lastname = loadvariable("lastname", ""); $gender = loadvariable("gender", ""); $password = loadvariable("password", ""); $email = loadvariable("email", ""); $mobile = loadvariable("mobile", ""); $date = loadvariable("date", ""); $month = loadvariable("month", ""); $year = loadvariable("year", ""); $file = loadvariable("file", ""); $bdate = $year . "-" . $month . "-" . $date; $filenameold = $_SESSION["image"]; $filename = $_FILES["file"]["name"]; if ($filename == "") { $name1 = $filenameold; } else { $tempfile = $_FILES["file"]["tmp_name"]; $name1 = rand() . $filename; $uploadpath = "uploaded/" . $name1; move_uploaded_file($tempfile, $uploadpath); unlink("uploaded/" . $filenameold); } $sql = "update user set firstname='" . $firstname . "',lastname='" . $lastname . "', gender='" . $gender . "',bdate='" . $bdate . "',mobile='" . $mobile . "',pics='{$name1}' where email= '" . $_SESSION["email"] . "'"; $objDB->sql_query($sql); header("location:index.php?p=myaccount");
<?php $p = loadvariable('p', ''); $a = loadvariable('a', ''); $content_id = loadVariable('id', ''); $content_title = loadVariable('content_title', ''); $content_type = loadVariable('content_type', ''); $content_excerpt = loadVariable('content_excerpt', ''); $seo_introductory_text = loadVariable('seo_introductory_text', ''); $seo_text = loadVariable('seo_text', ''); $content = loadVariable('content', ''); $content_orderr = loadVariable('content_orderr', ''); $content_uri = loadVariable('content_uri', ''); $status = loadVariable('status', ''); $submit = loadvariable('submit', ''); $s = loadvariable('s', ''); if ($p == 'site_content') { if ($submit == 'Save') { if ($a == 'add') { // add $SQL = "insert site_content set content_title ='" . inserttext($content_title) . "',content_type='" . inserttext($content_type) . "',content_excerpt= '" . inserttext($content_excerpt) . "',seo_introductory_text= '" . inserttext($seo_introductory_text) . "',seo_text= '" . inserttext($seo_text) . "',content= '" . $content . "',content_uri= '" . inserttext($content_uri) . "',status= '" . inserttext($status) . "'"; $insert = $objDB->insert($SQL); $lastid = mysql_insert_id(); $success = "New Site Content SuccessFully"; $_SESSION['success'] = $success; $_SESSION['check'] = 'add'; header("Location:" . $AbsoluteURLAdmin . "index.php?p=manage_site_content&a=edit&id={$lastid}"); exit; } } }
<?php //error_reporting(0); $p = loadvariable("p", ""); $name = loadvariable("name", ""); $address = loadvariable("address", ""); $country = loadvariable("country", ""); $state = loadvariable("state", ""); $city = loadvariable("city", ""); $pincode = loadvariable("pincode", ""); $sql = "update user set firstname='" . $name . "',address='" . $address . "', country='" . $country . "',state='" . $state . "',city='" . $city . "',pincode='" . $pincode . "' where email= '" . $_SESSION["email"] . "'"; $objDB->sql_query($sql); header("location:index.php?p=address");
<?php error_reporting(0); $p = loadvariable("p", ""); $user_id = loadvariable("user_id", ""); $display_name = loadvariable("display_name", ""); $password = loadvariable("password", ""); $gender = loadvariable("gender", ""); $paypal_details = loadvariable("paypal_details", ""); $phone = loadvariable("phone", ""); $address = loadvariable("address", ""); $city = loadvariable("city", ""); $province = loadvariable("province", ""); $country = loadvariable("country", ""); $school = loadvariable("school", ""); $program = loadvariable("program", ""); $pswdString = ""; if ($password != "") { $password = md5($password); $pswdString = ",mn_user_password='******'"; } $sql = "update mn_user set mn_user_display_name='{$display_name}',mn_user_gender='{$gender}',mn_paypal_email='{$paypal_details}',mn_user_phone='{$phone}',mn_user_address='{$address}',mn_user_city='{$city}',mn_user_province='{$province}',mn_user_country='{$country}',mn_user_school='{$school}',mn_user_program='{$program}'{$pswdString} where mn_user_id = '" . $user_id . "'"; $update = $objDB->edit($sql); header("Location:index.php?p=home");