$_SESSION['check'] = 'add';
header("Location:" . $AbsoluteURLAdmin . "index.php?p=" . $p);
exit;
}
if ($a == "delete") {
$SQL = "delete from category where CategoryId='" . $CategoryId . "'";
$rspropertydel = $objDB->sql_query($SQL);
$success = "Category Deleted SuccessFully";
$_SESSION['success'] = $success;
$_SESSION['check'] = 'add';
header("Location:" . $AbsoluteURLAdmin . "index.php?p=" . $p);
exit;
}
if ($a == "muldelete") {
$multipledel = loadvariable('multipledel', '');
$todo = loadvariable('todo', '');
if ($multipledel != '') {
if (count($multipledel) > 0) {
for ($i = 0; $i < count($multipledel); $i++) {
$del_id = $multipledel[$i];
//echo $del_id.'<br/>';
if ($todo == "delete") {
$SQL = "delete from category where CategoryId ='" . $del_id . "' ";
$rsExtPro = $objDB->sql_query($SQL);
} else {
$erro = "Something Wrong.";
}
}
}
$_SESSION['success'] = "<span>Selected Category Deleted.</span>";
$_SESSION['check'] = 'add';
<?php
error_reporting(0);
$p = loadvariable("p", "");
$username = loadvariable("name", "");
$email = loadvariable("email", "");
$mobile = loadvariable("phone", "");
$msg = loadvariable("message", "");
$sql = "insert into mn_contactus(mn_user_name,mn_user_email,mn_user_phone,mn_user_msg)values('" . $username . "','" . $email . "','" . $mobile . "','" . $msg . "')";
$objDB->sql_query($sql);
header("location:index.php?p=home");
error_reporting(0);
$p = loadvariable("p", "");
$username = loadvariable("username", "");
$firstname = loadvariable("firstname", "");
$lastname = loadvariable("lastname", "");
//$gender=loadvariable("gender","");
$gender = loadvariable("gender", "");
$email = loadvariable("email", "");
$password = loadvariable("password", "");
$country = loadvariable("country", "");
$state = loadvariable("state", "");
$city = loadvariable("city", "");
$pincode = loadvariable("pincode", "");
$address = loadvariable("address", "");
$Status = loadvariable("Status", "1");
$flag = 0;
// check for user name....
$sql = "select email from user ";
$rsemail = $objDB->select($sql);
//$result=mysql_query($sql);
for ($i = 0; $i < count($rsemail); $i++) {
$email1 = $rsemail[$i]['email'];
if ($email == $email1) {
$flag = 1;
}
}
if ($flag == 1) {
$_SESSION["uname"] = "Unavailable UserName";
header("location:index.php?p=registration");
exit;
<?php
$p = loadVariable("p", "");
$a = loadVariable("a", "");
$sz = loadVariable("Size", '');
$ProductId = loadVariable("ProductId", 0);
$maincategory = loadVariable('maincategory', '');
$brand = loadVariable('brand', '');
$product_type = loadVariable('product_type', '');
$price = loadVariable('price', '');
$productname = loadVariable('productname', '');
$file = loadvariable("file", "");
$description = loadVariable('description', '');
$priview = loadVariable('preview_audio', '');
$submit = loadvariable('submit', '');
$quantity = loadVariable('quantity', '');
if ($p == "product") {
if ($submit == 'Save') {
if ($a == "add") {
$product_str = "";
$audio_str = "";
$priview_str = "";
$product_image = upload("product_image", "images/Product_Image/", "jpg,png,bmp,gif");
$audio = upload("audio", "images/Product_audio", "mp3,amr,wav");
$priview = upload("priview", "images/Product_audio", "mp3,amr,wav");
$product_str = 'UNSET1.jpg';
if ($product_image[1] == "") {
$product_str = $product_image[0];
}
if ($audio[1] == "") {
$audio_str = $audio[0];
header("Location:" . $AbsoluteURL . "xstore-admin/index.php?p=admin_list");
exit;
}
}
}
if ($a == 'delete' && $AdminID != '0') {
$SQL = "delete from admin where AdminID=" . $AdminID;
$rsAdmin = $objDB->sql_query($SQL);
$success = "Admin Deleted SuccessFully";
$_SESSION['success'] = $success;
$_SESSION['check'] = 'add';
header("Location:" . $AbsoluteURL . "xstore-admin/index.php?p=admin_list");
exit;
}
if ($a == "muldelete") {
$multipledel = loadvariable('multipledel', '');
if ($multipledel != '') {
if (count($multipledel) > 0) {
for ($i = 0; $i < count($multipledel); $i++) {
$del_id = $multipledel[$i];
//echo $del_id.'<br/>';
$SQL = "DELETE from admin where AdminID='" . $del_id . "' ";
$rsMember = $objDB->sql_query($SQL);
}
}
$success = "Selected Admins Deleted";
$_SESSION['success'] = $success;
$_SESSION['check'] = 'add';
header("Location:" . $AbsoluteURL . "xstore-admin/index.php?p=admin_list");
exit;
} else {
<?php
error_reporting(0);
$p = loadvariable("p", "");
$oldpass = loadvariable("oldpass", "");
$newpass = loadvariable("newpass", "");
$rnewpass = loadvariable("rnewpass", "");
$flag = 0;
// check for user name....
$sql = "select password from user where email= '" . $_SESSION["email"] . "'";
$rspass = $objDB->select($sql);
//$result=mysql_query($sql);
for ($i = 0; $i < count($rspass); $i++) {
$oldpass1 = $rspass[$i]['password'];
if ($oldpass != $oldpass1) {
$flag = 1;
}
if ($newpass == $oldpass1) {
$flag = 2;
}
}
if ($flag == 1) {
$_SESSION["old"] = "Password change failed. Please provide your old password correctly.";
header("location:index.php?p=changepass");
exit;
}
if ($flag == 2) {
$_SESSION["new"] = "Password change failed. New Password same as the old password";
header("location:index.php?p=changepass");
exit;
} else {
<?php
$p = loadvariable('p', '');
$a = loadvariable('a', '');
$review_Id = loadvariable('review_Id', '');
$ProductId = loadvariable('ProductId', '');
$review_name = loadvariable('review_name', '');
$review_title = loadVariable('review_title', '');
$review_description = loadvariable('review_description', '');
$add_date = date('Y-m-d');
$status = loadvariable('status', '0');
if ($a == 'add') {
// add
$SQL = "insert product_review set ProductId ='" . inserttext($ProductId) . "',review_name ='" . inserttext($review_name) . "',review_title='" . inserttext($review_title) . "',review_description= '" . inserttext($review_description) . "',add_date='" . inserttext($add_date) . "',status= '" . inserttext($status) . "'";
$insert = $objDB->insert($SQL);
echo '1';
//header("Location:" . $AbsoluteURLAdmin . "index.php?p=manage_site_menu&a=edit&id=$lastid");
exit;
}
<?php
error_reporting(0);
$p = loadvariable("p", "");
$firstname = loadvariable("firstname", "");
$lastname = loadvariable("lastname", "");
//$gender=loadvariable("gender","");
$password = loadvariable("password", "");
$email = loadvariable("email", "");
$flag = 0;
// check for user name....
$sql = "select email from user";
$rsemail = $objDB->select($sql);
//$result=mysql_query($sql);
for ($i = 0; $i < count($rsemail); $i++) {
$email1 = $rsemail[$i]['email'];
if ($email == $email1) {
$flag = 1;
}
}
if ($flag == 1) {
$_SESSION["uname"] = "Unavailable UserName";
header("location:index.php?p=login");
exit;
} else {
$sql = "insert into user(firstname,lastname,email,password,Status) values ('" . $firstname . "','" . $lastname . "','" . $email . "','" . $password . "','1')";
$objDB->insert($sql);
$sql1 = "select * from user where email='" . $email . "'";
$rslogin = $objDB->select($sql1);
$result1 = mysql_query($sql1);
for ($i = 0; $i < count($rslogin); $i++) {
<?php
error_reporting(0);
$p = loadvariable("p", "");
$firstname = loadvariable("firstname", "");
$lastname = loadvariable("lastname", "");
$gender = loadvariable("gender", "");
$password = loadvariable("password", "");
$email = loadvariable("email", "");
$mobile = loadvariable("mobile", "");
$date = loadvariable("date", "");
$month = loadvariable("month", "");
$year = loadvariable("year", "");
$file = loadvariable("file", "");
$bdate = $year . "-" . $month . "-" . $date;
$filenameold = $_SESSION["image"];
$filename = $_FILES["file"]["name"];
if ($filename == "") {
$name1 = $filenameold;
} else {
$tempfile = $_FILES["file"]["tmp_name"];
$name1 = rand() . $filename;
$uploadpath = "uploaded/" . $name1;
move_uploaded_file($tempfile, $uploadpath);
unlink("uploaded/" . $filenameold);
}
$sql = "update user set firstname='" . $firstname . "',lastname='" . $lastname . "', gender='" . $gender . "',bdate='" . $bdate . "',mobile='" . $mobile . "',pics='{$name1}' where email= '" . $_SESSION["email"] . "'";
$objDB->sql_query($sql);
header("location:index.php?p=myaccount");
<?php
$p = loadvariable('p', '');
$a = loadvariable('a', '');
$content_id = loadVariable('id', '');
$content_title = loadVariable('content_title', '');
$content_type = loadVariable('content_type', '');
$content_excerpt = loadVariable('content_excerpt', '');
$seo_introductory_text = loadVariable('seo_introductory_text', '');
$seo_text = loadVariable('seo_text', '');
$content = loadVariable('content', '');
$content_orderr = loadVariable('content_orderr', '');
$content_uri = loadVariable('content_uri', '');
$status = loadVariable('status', '');
$submit = loadvariable('submit', '');
$s = loadvariable('s', '');
if ($p == 'site_content') {
if ($submit == 'Save') {
if ($a == 'add') {
// add
$SQL = "insert site_content set content_title ='" . inserttext($content_title) . "',content_type='" . inserttext($content_type) . "',content_excerpt= '" . inserttext($content_excerpt) . "',seo_introductory_text= '" . inserttext($seo_introductory_text) . "',seo_text= '" . inserttext($seo_text) . "',content= '" . $content . "',content_uri= '" . inserttext($content_uri) . "',status= '" . inserttext($status) . "'";
$insert = $objDB->insert($SQL);
$lastid = mysql_insert_id();
$success = "New Site Content SuccessFully";
$_SESSION['success'] = $success;
$_SESSION['check'] = 'add';
header("Location:" . $AbsoluteURLAdmin . "index.php?p=manage_site_content&a=edit&id={$lastid}");
exit;
}
}
}
<?php
//error_reporting(0);
$p = loadvariable("p", "");
$name = loadvariable("name", "");
$address = loadvariable("address", "");
$country = loadvariable("country", "");
$state = loadvariable("state", "");
$city = loadvariable("city", "");
$pincode = loadvariable("pincode", "");
$sql = "update user set firstname='" . $name . "',address='" . $address . "', country='" . $country . "',state='" . $state . "',city='" . $city . "',pincode='" . $pincode . "' where email= '" . $_SESSION["email"] . "'";
$objDB->sql_query($sql);
header("location:index.php?p=address");
<?php
error_reporting(0);
$p = loadvariable("p", "");
$user_id = loadvariable("user_id", "");
$display_name = loadvariable("display_name", "");
$password = loadvariable("password", "");
$gender = loadvariable("gender", "");
$paypal_details = loadvariable("paypal_details", "");
$phone = loadvariable("phone", "");
$address = loadvariable("address", "");
$city = loadvariable("city", "");
$province = loadvariable("province", "");
$country = loadvariable("country", "");
$school = loadvariable("school", "");
$program = loadvariable("program", "");
$pswdString = "";
if ($password != "") {
$password = md5($password);
$pswdString = ",mn_user_password='******'";
}
$sql = "update mn_user set mn_user_display_name='{$display_name}',mn_user_gender='{$gender}',mn_paypal_email='{$paypal_details}',mn_user_phone='{$phone}',mn_user_address='{$address}',mn_user_city='{$city}',mn_user_province='{$province}',mn_user_country='{$country}',mn_user_school='{$school}',mn_user_program='{$program}'{$pswdString} where mn_user_id = '" . $user_id . "'";
$update = $objDB->edit($sql);
header("Location:index.php?p=home");
