<?php include "select_db.php"; $idDes = $_POST['id']; $name = $_POST['name']; $description = $_POST['description']; $latitude = $_POST['latitude']; $longitude = $_POST['longitude']; $telp = $_POST['telp']; $email = $_POST['email']; $link = $_POST['link']; if ($name == "") { header("location:addDestination.php?errorMsg=Name must be filled!"); } else { if (duplicateCheck($name, $idDes) == false) { header("location:addDestination.php?errorMsg=Please insert different name!"); } else { if ($description == "") { header("location:addDestination.php?errorMsg=Description must be filled!"); } else { if ($telp == "") { header("location:addDestination.php?errorMsg=Telp must be filled!"); } else { if (!ctype_digit($telp)) { header("location:addDestination.php?errorMsg=Telp must be number!"); } else { if ($latitude == "") { header("location:addDestination.php?errorMsg=Latitude must be filled!"); } else { if ($longitude == "") { header("location:addDestination.php?errorMsg=Longitude must be filled!");
<?php session_start(); include "select_db.php"; $idUser = $_SESSION['idUser']; $name = $_POST['name']; $tax = $_POST['tax']; if ($name == "") { header("location:addTax.php?errorMsg=Name must be filled!"); } else { if (duplicateCheck($name) == false) { header("location:addTax.php?errorMsg=Please insert different name!"); } else { if ($tax == "") { header("location:addTax.php?errorMsg=Tax must be filled!"); } else { if (!ctype_digit($tax)) { header("location:addTax.php?errorMsg=Tax must be number!"); } else { //insert to tax $count = mysql_query("SELECT ID_Tax as 'Flag' FROM tax ORDER BY ID_Tax DESC LIMIT 1") or die(mysql_error()); $temp; while ($row = mysql_fetch_array($count)) { $temp = $row[0]; } if (SUBSTR(strval($temp), 3, -5) == strval(date("y"))) { mysql_query("INSERT INTO tax VALUES (\n\t\t\tCONCAT('TAX', SUBSTRING(YEAR(CURRENT_TIMESTAMP),3,2), \n\t\t\tLPAD((SUBSTR((SELECT tx.ID_Tax FROM tax tx ORDER BY tx.ID_Tax DESC LIMIT 1),6) + 1 ), 5, 0)),\n\t\t\t'" . $name . "','" . $tax / 100 . "','Active')"); } else { mysql_query("INSERT INTO tax VALUES (\n\t\t\tCONCAT('TAX', SUBSTRING(YEAR(CURRENT_TIMESTAMP),3,2), '00001'),\n\t\t\t'" . $name . "','" . $tax / 100 . "','Active')"); } //get last id tax
session_start(); include "select_db.php"; $role = $_POST['role']; $username = $_POST['username']; $pass = $_POST['password']; $name = $_POST['name']; $dob = $_POST['date']; $email = $_POST['email']; if ($username == "") { header("location:addUser.php?errorMsg=Username must be filled!"); } else { if ($name == "") { header("location:addUser.php?errorMsg=Name must be filled!"); } else { if (duplicateCheck($username) == false) { header("location:addUser.php?errorMsg=Please insert different username!"); } else { if ($pass == "") { header("location:addUser.php?errorMsg=Password must be filled!"); } else { if ($email == "") { header("location:addUser.php?errorMsg=Email must be filled!"); } else { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { header("location:addUser.php?errorMsg=Invalid Email format!"); } else { $count = mysql_query("SELECT ID_User as 'Flag' FROM user ORDER BY ID_User DESC LIMIT 1") or die(mysql_error()); $temp; while ($row = mysql_fetch_array($count)) { $temp = $row[0];
<?php session_start(); include "select_db.php"; $idUser = $_SESSION['idUser']; $idTax = $_POST['id']; $name = $_POST['name']; $tax = $_POST['tax']; if ($name == "") { header("location:updateTax.php?errorMsg=Name must be filled!&idTax={$idTax}"); } else { if (duplicateCheck($name, $idTax) == false) { header("location:updateTax.php?errorMsg=Please insert different name!&idTax={$idTax}"); } else { if ($tax == "") { header("location:updateTax.php?errorMsg=Tax must be filled!&idTax={$idTax}"); } else { if (!ctype_digit($tax)) { header("location:updateTax.php?errorMsg=Tax must be number!&idTax={$idTax}"); } else { //update tax mysql_query("UPDATE tax SET Tax_Name='" . $name . "', Tax= '" . $tax / 100 . "' WHERE ID_Tax='" . $idTax . "'"); //save tax history $count = mysql_query("SELECT ID_Tax_History as 'Flag' FROM tax_history ORDER BY ID_Tax_History DESC LIMIT 1") or die(mysql_error()); $temp; while ($row = mysql_fetch_array($count)) { $temp = $row[0]; } if (SUBSTR(strval($temp), 3, -5) == strval(date("y"))) { mysql_query("INSERT INTO tax_history VALUES (\n\t\t\tCONCAT('TXH', SUBSTRING(YEAR(CURRENT_TIMESTAMP),3,2), \n\t\t\tLPAD((SUBSTR((SELECT th.ID_Tax_History FROM tax_history th ORDER BY th.ID_Tax_History DESC LIMIT 1),6) + 1 ), 5, 0)),\n\t\t\t'" . $idTax . "','" . $name . "','" . $tax / 100 . "','" . $idUser . "','Update',now())"); } else {
function addAccount() { global $dbc, $user, $accountTypes; $query = ''; $params = array(); $values = array(); $ret_type = 'i'; if (isset($_POST['query_vars'])) { $args = array('query_vars' => array('filter' => FILTER_VALIDATE_STRING, 'flags' => FILTER_REQUIRE_ARRAY)); $vars = filter_input_array(INPUT_POST, $args); $name = $vars['query_vars'][0]['account-name']; $type = $vars['query_vars'][0]['account-type']; if (duplicateCheck($name, $type)) { $response['success'] = false; $response['dbmatch'] = array('name' => $name, 'type' => $accountTypes[$type]); echo json_encode($response); die; } $count = 1; $query = "INSERT INTO accounts("; $params = ''; $ret_type = ''; $values = array(); foreach ($vars['query_vars'] as $var) { foreach ($var as $key => $val) { if ($count < count($vars['query_vars'])) { $query .= $key . ", "; $params .= '? ,'; } else { $query .= $key; $params .= '?'; } $ret_type .= $val['type']; if ($key == 'due_date') { $val['value'] = date('Y-m-d', strtotime($val['value'])); } array_push($values, $val['value']); ++$count; } } $types[] = $ret_type; $query .= ") VALUES ({$params});"; if ($stmt = $dbc->prepare($query)) { $params = array_merge($types, $values); $tmp = array(); foreach ($params as $key => $value) { $tmp[$key] =& $params[$key]; } call_user_func_array(array($stmt, 'bind_param'), $tmp); if (!$stmt->execute()) { $errors[] = 'Add Account failure: ' . $stmt->error; $response['success'] = false; $response['errors'] = $errors; } else { $response['success'] = true; } } else { var_dump($dbc); $errors[] = 'SQL Statment invalid: ' . $dbc->info; $response['success'] = false; $response['errors'] = $errors; } } else { $errors[] = 'Add Account failure: Missing Parameters'; $response['success'] = false; $response['errors'] = $errors; } echo json_encode($response); die; }
<?php session_start(); include "select_db.php"; $idUser = $_SESSION['idUser']; $idAdd = $_POST['id']; $name = $_POST['name']; $price = $_POST['price']; $description = $_POST['description']; $qty = $_POST['qty']; if ($name == "") { header("location:updateAdditional.php?errorMsg=Name must be filled!&idAdd={$idAdd}"); } else { if (duplicateCheck($name, $idAdd) == false) { header("location:updateAdditional.php?errorMsg=Please insert different name!&idAdd={$idAdd}"); } else { if ($price == "") { header("location:updateAdditional.php?errorMsg=Price must be filled!&idAdd={$idAdd}"); } else { if (!ctype_digit($price)) { header("location:updateAdditional.php?errorMsg=Price must be number!&idAdd={$idAdd}"); } else { if ($description == "") { header("location:updateAdditional.php?errorMsg=Description must be filled!&idAdd={$idAdd}"); } else { //update additional mysql_query("UPDATE additional SET Additional_Name='" . $name . "', Price= '" . $price . "' , Description= '" . $description . "', Quantity= '" . $qty . "' WHERE ID_Additional='" . $idAdd . "'"); //insert additional_history $count2 = mysql_query("SELECT ID_Additional_History as 'Flag' FROM additional_history ORDER BY ID_Additional_History DESC LIMIT 1") or die(mysql_error()); $temp2; while ($row = mysql_fetch_array($count2)) {
<?php session_start(); include "select_db.php"; $idTravel = $_POST['id']; $name = $_POST['name']; $address = $_POST['address']; $telp = $_POST['telp']; $email = $_POST['email']; $diskon = $_POST['diskon']; $link = $_POST['link']; if ($name == "") { header("location:updateTravel.php?errorMsg=Name must be filled!&idTravel={$idTravel}"); } else { if (duplicateCheck($name, $idTravel) == false) { header("location:updateTravel.php?errorMsg=Please insert different name!&idTravel={$idTravel}"); } else { if ($address == "") { header("location:updateTravel.php?errorMsg=Address must be filled!&idTravel={$idTravel}"); } else { if ($telp == "") { header("location:updateTravel.php?errorMsg=Telp must be filled!&idTravel={$idTravel}"); } else { if (!ctype_digit($telp)) { header("location:updateTravel.php?errorMsg=Telp must be number!&idTravel={$idTravel}"); } else { if ($email == "") { header("location:updateTravel.php?errorMsg=Email must be filled!&idTravel={$idTravel}"); } else { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { header("location:updateTravel.php?errorMsg=Invalid Email format!&idTravel={$idTravel}");
<?php session_start(); include "select_db.php"; $idUser = $_POST['id']; $username = $_POST['username']; $name = $_POST['name']; $dob = $_POST['date']; $email = $_POST['email']; if ($username == "") { header("location:updateUser.php?errorMsg=Username must be filled!&idUser={$idUser}"); } else { if ($name == "") { header("location:updateUser.php?errorMsg=Name must be filled!&idUser={$idUser}"); } else { if (duplicateCheck($username, $idUser) == false) { header("location:updateUser.php?errorMsg=Please insert different username!&idUser={$idUser}"); } else { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { header("location:updateUser.php?errorMsg=Email must be filled!&idUser={$idUser}"); } else { mysql_query("UPDATE user SET Username='******', Name= '" . $name . "', DOB='" . $dob . "', Email='" . $email . "' WHERE ID_User='******'"); header("location:users.php"); } } } } function duplicateCheck($username, $idUser) { $cekID = mysql_query("SELECT ID_User, Username FROM user WHERE ID_User = '******'"); while ($row = mysql_fetch_array($cekID)) {
session_start(); include "select_db.php"; include "picture_path.php"; $idUser = $_SESSION['idUser']; $idRoom = $_POST['id']; $name = $_POST['name']; $picture = $_POST['picture']; $price = $_POST['price']; $capacity = $_POST['capacity']; $description = $_POST['description']; $facility = $_POST['facility']; if ($name == "") { header("location:updateRoomType.php?errorMsg=Name must be filled!&idRoom={$idRoom}"); } else { if (duplicateCheck($name, $idRoom) == false) { header("location:updateRoomType.php?errorMsg=Please insert different name!&idRoom={$idRoom}"); } else { if ($price == "") { header("location:updateRoomType.php?errorMsg=Price must be filled!&idRoom={$idRoom}"); } else { if (!ctype_digit($price)) { header("location:updateRoomType.php?errorMsg=Price must be numbers!&idRoom={$idRoom}"); } else { if ($capacity == "") { header("location:updateRoomType.php?errorMsg=Capacity must be filled!&idRoom={$idRoom}"); } else { if (!ctype_digit($capacity)) { header("location:updateRoomType.php?errorMsg=Capacity must be numbers!&idRoom={$idRoom}"); } else { if ($description == "") {