session_start();
session_unset($_SESSION['ERROR']);
session_unset($_SESSION['user']);
session_unset($_SESSION['password']);
session_unset($_SESSION['email']);
require "../deny/connector.php";
require "../administrator/process/class/class.Customer.php";
require "../administrator/includes/injection.php";
$username = sqlInjection($_POST['username']);
$email = sqlInjection($_POST['email']);
$password = sqlInjection($_POST['password']);
$fullname = sqlInjection($_POST['fullname']);
$phone = sqlInjection($_POST['phone']);
$address = sqlInjection($_POST['address']);
$gender = sqlInjection($_POST['gender']);
$errors = "";
$flag = 0;
$cus = new Customer();
if ($username == "") {
$errors .= " - Hãy nhập tên đăng nhập.<br>";
$flag++;
} else {
if (strlen($username) > 25 || strlen($username) < 5) {
$errors .= " - Tên đăng nhập phải từ 5-25 ký tự.<br>";
$flag++;
} else {
if ($cus->checkUser($username) == "true") {
$errors .= " - Tên đăng nhập đã tồn tại,hãy chọn tên đăng nhập khác.<br>";
$flag++;
}
<?php
session_start();
//require("../includes/checkPermission.php");
require "../../deny/connector.php";
require "class/class.News.php";
require "../includes/injection.php";
$newstitle = sqlInjection($_POST['NewsTitle']);
$newssummary = sqlInjection($_POST['NewsSummary']);
$newsimage = sqlInjection($_POST['NewsImage']);
$newscontent = mysql_real_escape_string($_POST['textContent']);
$newsdate = date("Y-m-d");
$continue = $_REQUEST['continue'];
//echo $newstitle."<br>".$newssummary."<br>".$newsimage."<br>".$newscontent."<br>".$newsdate;
$cate = new News();
$cate->insert($newstitle, $newssummary, $newsimage, $newscontent);
if ($continue == "OK") {
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=addnews'>";
//header("location: ../admincp.php?opt=addnews");
//exit();
} else {
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listnews'>";
//header("location: ../admincp.php?opt=listnews");
//exit();
}
$tempquery = " where " . substr($condistion, 4);
}
$start = $p->findStart($limit);
$querycount = "select cd_id from tblcd " . $tempquery;
$count = mysql_num_rows(mysql_query($querycount));
$pages = $p->findPages($count, $limit);
if (isset($_GET['nav']) and is_numeric($_GET['nav'])) {
$paging = "LIMIT " . $start . "," . $limit . " ";
} else {
$paging = "LIMIT 0," . $limit . " ";
}
$orderby = "ORDER BY cd_id DESC";
$products = $prod->getListProduct($orderby, $condistion, $paging);
//echo mysql_error();
//echo $condistion;
$page_list = $p->pageList(sqlInjection($_GET['nav']), $pages);
?>
<style type="text/css">
ul.paging li a {
background-color: #F8F8F8;
border: 1px solid #E6E6E6;
border-radius: 2px 2px 2px 2px;
color: #666666;
padding: 2px 6px;
outline: medium none;
text-decoration: none;
}
ul.paging li a:active {
color: #0000CC;
}
ul.paging li a:hover, ul.paging li a.paging-active {
require_once "../deny/connector.php";
require_once "includes/injection.php";
$conditions = "";
$count = 0;
$limit = 20;
$listorder = array();
$ord = new Order();
$pag = new Page();
if (isset($_GET["orderStatus"]) and $_GET["orderStatus"] != NULL) {
$conditions .= " where tblorder.order_status =" . sqlInjection($_GET['orderStatus']) . " ";
if (isset($_GET["searchStr"]) and $_GET["searchStr"] != NULL) {
$conditions .= " and tblcustomer.cus_username like '%" . sqlInjection($_GET['searchStr']) . "%'";
}
} else {
if (isset($_GET["searchStr"]) and $_GET["searchStr"] != NULL) {
$conditions .= " where tblcustomer.cus_username like '%" . sqlInjection($_GET['searchStr']) . "%'";
}
}
//echo $conditions;
$start = $pag->findStart($limit);
$querycount = "SELECT tblorder.order_id FROM tblcustomer INNER JOIN tblorder ON tblcustomer.cus_id = tblorder.cus_id " . $conditions;
$count = mysql_num_rows(mysql_query($querycount));
$pages = $pag->findPages($count, $limit);
if (isset($_GET['page']) or is_numeric($_GET['page'])) {
$paging = " LIMIT " . $start . "," . $limit . " ";
} else {
$paging = " LIMIT 0," . $limit . " ";
}
$listorder = $ord->getListOrder($conditions, $paging);
$page_list = $pag->pageList($_GET['page'], $pages);
?>
<?php
require_once "../includes/checkPermission.php";
require_once "../../deny/connector.php";
require_once "class/class.Feedback.php";
require_once "../includes/injection.php";
$fb = new Feedback();
$fbid = sqlInjection($_GET['feedbackID']);
$status = sqlInjection($_GET['sts']);
$fb->changeStatus($fbid, $status);
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listfeedback'>";
//header("LOCATION : ../admincp.php?opt=listorder");
//exit();
<?php
require_once "includes/checkPermission.php";
require_once "process/class/Paging.php";
require_once "process/class/class.News.php";
require_once "../deny/connector.php";
require_once "includes/injection.php";
$conditions = "";
$count = 0;
$limit = 15;
$pag = new Page();
$news = new News();
$dataNews = array();
if (isset($_GET["Ntitle"]) and $_GET["Ntitle"] != NULL) {
$conditions = " where news_title like '%" . sqlInjection($_GET['Ntitle']) . "%'";
}
$start = $pag->findStart($limit);
$querycount = "select news_id from tblnews " . $conditions;
$count = mysql_num_rows(mysql_query($querycount));
$pages = $pag->findPages($count, $limit);
if (isset($_GET['page']) or is_numeric($_GET['page'])) {
$paging = "LIMIT " . $start . "," . $limit . " ";
} else {
$paging = "LIMIT 0," . $limit . " ";
}
$dataNews = $news->getListNews($conditions, $paging);
$page_list = $pag->pageList($_GET['page'], $pages);
?>
<link rel="stylesheet" href="css/tabledataStyle2.css" type="text/css"></link>
<link rel="stylesheet" href="css/paging.css" type="text/css"></link>
<h2 id="siteTitle"><img src="images/news.png" border="0" width="64" height="64" align="middle"> Xem, Xóa Tin tức</h2>
<?php
require "includes/checkPermission.php";
require "../deny/connector.php";
require "process/class/class.Category.php";
require "includes/injection.php";
$cate = new Category();
$categories = array();
$currentCate = array();
$selected = "";
$categories = $cate->getCategories();
$cateId = sqlInjection($_REQUEST['cateID']);
$currentCate = $cate->getCategoryById($cateId);
?>
<link rel="stylesheet" href="css/tabledataStyle.css" type="text/css"></link>
<script language="javascript">
function check()
{
var errStr="";
errStr+= checkEmpty("cateName","<br>Tên loại sản phẩm không được để trống");
//errStr+= checkEmpty("CatLink","<br>Link cho loại sản phẩm không được để trống");
x3 = document.getElementById("errorArea");
if (errStr!=""){
x3.innerHTML = "<h4><font color=red face=Verdana>"+errStr+"</font></h4>";
return false;
}
}
</script>
</head>
<?php
session_start();
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Category.php";
require "../includes/injection.php";
$cateid = sqlInjection($_POST['cateID']);
$catename = sqlInjection($_POST['cateName']);
$cateparent = sqlInjection($_POST['cateParent']);
//echo $cateid." \"".$catename."\" ".$cateparent;
if ($catename == "") {
$_SESSION['CATEEDIT'] = "<h4><font color=red face=Verdana>Tên loại sản phẩm không được để trống</font></h4>";
//echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=editcategory&cateID=".$cateid."'>";
header("location: ../admincp.php?opt=editcategory&cateID={$cateid}");
exit;
} else {
$cate = new Category();
$cate->update($cateid, $catename, $cateparent);
}
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listcategory'>";
//header("location: ../admincp.php?opt=listcategory");
//exit();
<?php
session_start();
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Customer.php";
require "../includes/injection.php";
$_SESSION['CUSDELETE'] = "";
$cusid = sqlInjection($_GET['cID']);
$str = "select cus_id from tblorder where cus_id={$cusid} ";
$result = mysql_query($str);
if (mysql_num_rows($result) > 0) {
$_SESSION['CUSDELETE'] = "<font color=red face=Verdana>Không thể xóa Khách hàng vì đang có đơn đặt hàng liên quan<br>Hãy xóa đơn đặt hàng liên quan trước khi xóa Khách hàng</font>";
} else {
$cus = new Customer();
$cus->delete($cusid);
$_SESSION['CUSDELETE'] = "";
}
//echo $cusid;
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listcustomer'>";
//header("location: ../admincp.php?opt=listcustomer");
//exit();
<?php
require_once "administrator/process/class/class.Customer.php";
require_once "deny/connector.php";
?>
<div class="width">
<div class="box">
<?php
$cus = new Customer();
$customer = array();
$cid = sqlInjection($_SESSION['user_id']);
$customer = $cus->getCustomerbyId($cid);
?>
<form class="form-validate" method="post" action="process/updateprofile.php" enctype="application/x-www-form-urlencoded">
<div class="componentheading">Cập nhật thông tin khách hàng</div>
<div id="regmess"></div>
<?php
if ($_SESSION['ERROR'] != "") {
echo "<font color='#FF0000'>" . $_SESSION['ERROR'] . "</font><br/>";
$_SESSION['ERROR'] = NULL;
}
?>
<table width="100%" cellspacing="0" cellpadding="0" border="0" class="contentpane">
<tbody><tr>
<td width="30%" height="40">
<label for="fullname" id="namemsg" class="">
Họ tên:
</label>
</td>
<td>
<input type="text" maxlength="50" class="inputbox required" value="<?php
<?php
session_start();
require_once "../deny/connector.php";
require_once "../administrator/process/class/class.Customer.php";
require_once "../administrator/includes/injection.php";
$infor = array();
$username = sqlInjection($_POST['username']);
$password = sqlInjection($_POST['passwd']);
//echo $password."<br>";
$mess = "";
$newpass = md5($password);
$_SESSION['LOGINERROR'] = "";
//echo $newpass;
if ($username == NULL) {
$mess .= "<font color='red'>Hãy điền tên đăng nhập.</font><br>";
} else {
if (strlen($username) > 25 || strlen($username) < 5) {
$mess .= "<font color='red'>Tên đăng nhập có từ 5-25 ký tự.</font><br>";
}
}
if ($password == NULL) {
$mess .= "<font color='red'>Hãy điền mật khẩu.</font><br>";
$error++;
} else {
if (strlen($password) > 25 || strlen($password) < 5) {
$mess .= "<font color='red'>Mật khẩu có từ 5-25 ký tự.</font><br>";
}
}
if ($mess != "") {
$_SESSION['LOGINERROR'] = $mess;
<?php
require_once "administrator/process/class/Paging.php";
require_once "administrator/process/class/class.Order.php";
require_once "deny/connector.php";
require_once "administrator/includes/injection.php";
$conditions = "";
$count = 0;
$limit = 15;
$listorder = array();
$ord = new Order();
$pag = new Page();
$conditions = " WHERE tblorder.cus_id=" . sqlInjection($_SESSION['user_id']) . "";
if (isset($_GET["orderStatus"])) {
$conditions .= " and tblorder.order_status =" . sqlInjection($_GET['orderStatus']) . " ";
}
$start = $pag->findStart($limit);
$querycount = "SELECT tblorder.order_id FROM tblcustomer INNER JOIN tblorder ON tblcustomer.cus_id = tblorder.cus_id " . $conditions;
$count = mysql_num_rows(mysql_query($querycount));
$pages = $pag->findPages($count, $limit);
if (isset($_GET['nav']) or is_numeric($_GET['nav'])) {
$paging = " LIMIT " . $start . "," . $limit . " ";
} else {
$paging = " LIMIT 0," . $limit . " ";
}
$listorder = $ord->getListOrder($conditions, $paging);
$page_list = $pag->pageList($_GET['nav'], $pages);
?>
<style>
table tr{
border:dotted thin;
<?php
require "includes/checkPermission.php";
include "process/class/Paging.php";
include "process/class/class.Customer.php";
require "../deny/connector.php";
require "includes/injection.php";
$conditions = "";
$count = 0;
$limit = 20;
$pag = new Page();
$cus = new Customer();
$dataCus = array();
if (isset($_GET['searchStr']) and $_GET['searchStr'] != NULL) {
$conditions = " where cus_fullname like '%" . sqlInjection($_GET['searchStr']) . "%'";
}
$start = $pag->findStart($limit);
$querycount = "select cus_id from tblcustomer " . $conditions;
$count = mysql_num_rows(mysql_query($querycount));
$pages = $pag->findPages($count, $limit);
if (isset($_GET["page"]) and is_numeric($_GET["page"])) {
$paging = "LIMIT " . $start . "," . $limit . " ";
} else {
$paging = "LIMIT 0," . $limit . " ";
}
$page_list = $pag->pageList($_GET['page'], $pages);
$dataCus = $cus->getListCustomerSummary($conditions, $paging);
?>
<link rel="stylesheet" href="css/tabledataStyle2.css" type="text/css"></link>
<link rel="stylesheet" href="css/paging.css" type="text/css"></link>
<h2 id="siteTitle"><img src="images/User.png" border="0" width="64" height="64" align="middle"> Xem, Xóa Thành Viên</h2>
<div id="infoArea">
<?php
session_start();
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Category.php";
require "../includes/injection.php";
$_SESSION['CATEDELETE'] = "";
$cateid = sqlInjection($_GET['cateID']);
$str = "select cate_id from tblcd where cate_id=" . $cateid . "";
$result = mysql_query($str);
if (mysql_num_rows($result) > 0) {
$_SESSION['CATEDELETE'] = "<h4><font color=red face=Verdana>Không thể xóa Category vì đã có sản phẩm liên quan<br>Hãy xóa sản phẩm liên quan trước khi xóa Category</font></h4>";
} else {
$cateid = intval($cateid);
$cate = new Category();
$cate->delete($cateid);
$_SESSION['CATEDELETE'] = "";
}
//echo $cateid."<br>".$str."<br>";
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listcategory'>";
//header("location: ../admincp.php?opt=listcategory");
//exit();
<?php
session_start();
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Admin.php";
require "../includes/injection.php";
$aid = sqlInjection($_POST['adminID']);
$continue = $_POST['continue'];
$adm = new Admin();
if ($_SESSION['ADMIN'] != $aid) {
$adm->delete($aid);
}
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listadmin'>";
//header("location: ../admincp.php?opt=listadmin");
//exit();
<?php
session_start();
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Product.php";
require "../includes/injection.php";
$_SESSION['DELETEPRODUCT'] = "";
$productid = sqlInjection($_GET['pID']);
$str = "select cd_id from tblorderdetail where cd_id={$productid} ";
$result = mysql_query($str);
if (mysql_num_rows($result) > 0) {
$_SESSION['DELETEPRODUCT'] = "Không thể xóa sản phẩm này vì đang có đơn đặt hàng";
} else {
$productid = intval($productid);
$prod = new Product();
$prod->delete($productid);
$_SESSION['DELETEPRODUCT'] = "";
}
//echo $cateid."<br>".$str."<br>";
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listproduct'>";
//header("location: ../admincp.php?opt=listproduct");
//exit();
}
if ($_GET['page'] == "login") {
if (isset($_SESSION['LOGIN']) && $_SESSION['LOGIN'] == "true") {
header("location: index.php?page=shoppingcart");
exit;
}
}
if ($_GET['page'] == "profile" or $_GET['page'] == "history") {
if (!isset($_SESSION['LOGIN']) or $_SESSION['LOGIN'] != "true") {
header("location: index.php");
exit;
}
}
if (isset($_POST['command']) and isset($_POST['pId']) && $_POST['command'] == "addtocart") {
$cart = new Cart();
$pid = sqlInjection($_POST['pId']);
$cart->addtocart($pid, 1);
header("location: index.php?page=shoppingcart");
exit;
}
//$ch->cache();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<title>CDShop Online</title>
<link rel="stylesheet" href="css/constant.css" type="text/css" />
<link rel="stylesheet" href="css/template.css" type="text/css" />
<link rel="stylesheet" href="css/style.css" type="text/css" />
<?php
session_start();
require "../../deny/connector.php";
require "class/class.Admin.php";
require "../includes/injection.php";
$infor = array();
$_SESSION['ADMINERROR'] = "";
$username = sqlInjection($_REQUEST['txtAUsername']);
$password = sqlInjection($_REQUEST['txtAPassword']);
$hashpass = md5($_REQUEST['txtAPassword']);
$mess = "";
$errors = 0;
$_SESSION['auser'] = $username;
if ($username == "") {
$mess .= " - Hãy điền Username.<br>";
$errors++;
} else {
if (strlen($username) > 25 or strlen($username) < 5) {
$mess .= " - Username phải có từ 5-25 ký tự.<br>";
$errors++;
}
}
if ($password == "") {
$mess .= " - Hãy điền Password.";
$errors++;
} else {
if (strlen($password) > 25 or strlen($password) < 5) {
$mess .= " - Password phải có từ 5-25 ký tự.<br>";
$errors++;
}
<?php
require "deny/connector.php";
require "administrator/process/class/class.News.php";
//require("administrator/includes/injection.php");
$nid = sqlInjection($_GET['nId']);
$news = array();
$ns = new News();
$news = $ns->getNewsByID($nid);
?>
<div class="box">
<div id="vmMainPage">
<div class="clear">
<h3 class="">TIN TỨC</h3>
</div>
<!-- BEGIN NEWS -->
<div class="clear">
<?php
if (count($news) > 0) {
?>
<p><span style="color:#005;font-size:15px;font-weight:bold"><?php
echo $news['title'];
?>
</span><br />
<span>Ngày đăng : <?php
echo $news['pubdate'];
?>
</span>
</p><br />
<div>
<?php
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Feedback.php";
require "../includes/injection.php";
$fbid = sqlInjection($_GET['feedbackID']);
$fb = new Feedback();
$fb->delete($fbid);
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listfeedback'>";
//header("location: ../admincp.php?opt=listnews");
//exit();
require_once "includes/injection.php";
$conditions = "";
$count = 0;
$limit = 20;
$dataProduct = array();
$category = array();
$pag = new Page();
$cate = new Category();
$prod = new Product();
$dk1 = "";
$dk2 = "";
if (isset($_GET["CateID"]) && $_GET["CateID"] != "") {
$dk1 = " cate_id=" . sqlInjection($_GET['CateID']) . "";
}
if (isset($_GET["searchStr"]) && $_GET["searchStr"] != "") {
$dk2 = " cd_lable like '%" . sqlInjection($_GET['searchStr']) . "%' ";
}
if ($dk1 != "") {
$conditions = " where " . $dk1;
if ($dk2 != "") {
$conditions .= " and " . $dk2;
}
} else {
if ($dk2 != "") {
$conditions = " where " . $dk2;
}
}
//echo $conditions;
$start = $pag->findStart($limit);
$querycount = "select cd_id from tblcd " . $conditions;
$count = mysql_num_rows(mysql_query($querycount));
require_once "administrator/process/class/class.Product.php";
require_once "administrator/process/class/class.Disktype.php";
//require_once("administrator/includes/injection.php");
require_once "includes/trackXML.php";
$prod = new Product();
//$cate = new Category();
$dsk = new DiskType();
$trck = new TrackXML();
$disktype = array();
//$categories = array();
$product = array();
$tracklist = array();
//$categories = $cate->getCategories();
$disktype = $dsk->getAll();
if (isset($_GET['pid']) && is_numeric($_GET['pid'])) {
$id = sqlInjection($_GET['pid']);
$product = $prod->getProductById($id);
$tracklist = $trck->xml2Array($product['tracklist']);
} else {
echo "<meta http-equiv='refresh' content='0;url=index.php'>";
}
?>
<div class="width">
<div class="box">
<div id="vmMainPage">
<div class="clear indent">
<?php
if (count($product) > 0) {
?>
<table>
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Product.php";
require "../includes/injection.php";
require "../../includes/trackXML.php";
$cate = sqlInjection($_POST['CateID']);
$lable = sqlInjection($_POST['Lable']);
$price = sqlInjection($_POST['Price']);
$artist = sqlInjection($_POST['Artist']);
$producer = sqlInjection($_POST['Producer']);
$year = sqlInjection($_POST['pubYear']);
$disktype = sqlInjection($_POST['DiskType']);
$description = sqlInjection($_POST['Description']);
$tracklist = "";
$image = sqlInjection($_POST['proImage']);
$status = sqlInjection($_POST['ProStatus']);
$continue = $_POST['continue'];
$trck = new TrackXML();
$prod = new Product();
if (isset($_POST['trackname']) && isset($_POST['tracklength'])) {
$tracklist = $trck->createXML($_POST['trackname'], $_POST['tracklength']);
}
//echo $lable."<br>".$cate."<br>".$price
// ."<br>".$artist."<br>".$producer."<br>".$year."<br>".$disktype."<br>".$description
// ."<br>".$tracklist."<br>".$image."<br>".$status;
$prod->insert($lable, $cate, $price, $artist, $producer, $year, $disktype, $description, $tracklist, $image, $status);
if ($continue == "OK") {
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=addproduct'>";
//header("location: ../admincp.php?opt=addproduct");
//exit();
}
<?php
session_start();
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Admin.php";
require "../includes/injection.php";
$fullname = sqlInjection($_POST['Afullname']);
$email = sqlInjection($_POST['AEmail']);
$phone = sqlInjection($_POST['APhone']);
$adm = new Admin();
$adm->update($_SESSION['ADMIN'], $email, $fullname, $phone);
echo "<meta http-equiv='refresh' content='0;url=../admincp.php'>";
//header("location: ../admincp.php");
//exit();
<?php require_once "includes/checkPermission.php"; require_once "../deny/connector.php"; require_once "process/class/class.News.php"; require_once "includes/injection.php"; $nid = sqlInjection($_GET['newsID']); $news = array(); $ns = new News(); $news = $ns->getNewsByID($nid); //print_r($news); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Chi tiết Tin tức</title> <link href="css/detail.css" rel="stylesheet" type="text/css"></link> </head> <body> <div id="wrapper"><br /><br /> <center><img src="../<?php echo $news['image']; ?> "></center><br /><br /> <h2 id="siteTitle" align="center">Chi tiết Tin Tức</h2> <div id="info"> <table border="1px" cellpadding="5px"> <tr> <td class="field">Tiêu đề :</td>
session_start();
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Product.php";
require "../includes/injection.php";
require "../../includes/trackXML.php";
$cate = sqlInjection($_POST['CateID']);
$lable = sqlInjection($_POST['Lable']);
$price = sqlInjection($_POST['Price']);
$artist = sqlInjection($_POST['Artist']);
$producer = sqlInjection($_POST['Producer']);
$year = sqlInjection($_POST['pubYear']);
$disktype = sqlInjection($_POST['DiskType']);
$description = sqlInjection($_POST['Description']);
$tracklist = "";
$image = sqlInjection($_POST['proImage']);
$status = sqlInjection($_POST['ProStatus']);
$id = sqlInjection($_GET['pID']);
$trck = new TrackXML();
$prod = new Product();
if (isset($_POST['trackname']) && isset($_POST['tracklength'])) {
$tracklist = $trck->createXML($_POST['trackname'], $_POST['tracklength']);
}
/*echo $lable."<br>".$cate."<br>".$price
."<br>".$artist."<br>".$producer."<br>".$year."<br>".$disktype."<br>".$description
."<br>".$tracklist."<br>".$image."<br>".$status;*/
$prod->update($id, $lable, $cate, $price, $artist, $producer, $year, $disktype, $description, $tracklist, $image, $status);
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listproduct'>";
//header("location: ../admincp.php?opt=listproduct");
//exit();
<?php
require_once "administrator/process/class/class.Feedback.php";
require_once "administrator/includes/injection.php";
require_once "deny/connector.php";
$title = sqlInjection($_POST['title']);
$name = sqlInjection($_POST['fullname']);
$email = sqlInjection($_POST['email']);
$content = sqlInjection($_POST['content']);
$error = "";
$_SESSION['FBERROR'] = "";
if (isset($_POST['submit'])) {
if ($_POST['captcha'] == $_SESSION['CODE']) {
$fb = new Feedback();
$fb->insert($title, $name, $email, $content);
$_SESSION['FBERROR'] = 'Bạn đã gửi thành công.';
} else {
$_SESSION['FBERROR'] = '- Sai mã xác nhận !';
}
}
?>
<script language="javascript">
var error="";
function changeImage(){
document.getElementById('imgcaptcha').src="captcha/captcha.php";
}
function checkEmpty(elementId,errorMessage)
{
x1 = document.getElementById(elementId);
<?php
session_start();
require_once "../deny/connector.php";
require_once "../administrator/process/class/class.Order.php";
require_once "../administrator/includes/injection.php";
if (!isset($_SESSION['user_id']) or $_SESSION['user_id'] == "") {
header("location: ../index.php?page=login");
exit;
}
$order = new Order();
$userid = $_SESSION['user_id'];
$orderid = sqlInjection($_GET['orderID']);
$order->deleteOrder($orderid, $userid);
echo "<meta http-equiv='refresh' content='0;url=../index.php?page=history'>";
//header('location : ../index.php?page=history');
//exit();
$conditions .= "";
}
} else {
$conditions .= "";
}
if (isset($_GET["Sreceiver"]) and isset($_GET["Freceiver"])) {
if ($_GET["Sreceiver"] != NULL and $_GET["Freceiver"] != NULL) {
$conditions .= " AND tblorder.order_receiverdate BETWEEN '" . changueFormatDate($_GET["Sreceiver"]) . "' and '" . sqlInjection(changueFormatDate($_GET["Freceiver"])) . "' ";
} else {
$conditions .= "";
}
} else {
$conditions .= "";
}
if (isset($_GET["status"]) and is_numeric($_GET["status"])) {
$conditions .= " AND tblorder.order_status =" . sqlInjection($_GET["status"]) . "";
}
if ($conditions != "") {
$conditions = " WHERE " . substr($conditions, 4);
}
//echo $conditions;
$start = $pag->findStart($limit);
$querycount = "SELECT tblorder.order_id FROM tblcustomer INNER JOIN tblorder ON tblcustomer.cus_id = tblorder.cus_id " . $conditions;
$count = mysql_num_rows(mysql_query($querycount));
$total = mysql_query("select sum(order_totalcost) as totalcost from tblorder " . $conditions);
$pages = $pag->findPages($count, $limit);
if (isset($_GET['page']) or is_numeric($_GET['page'])) {
$paging = " LIMIT " . $start . "," . $limit . " ";
} else {
$paging = " LIMIT 0," . $limit . " ";
}
