Viewing File: /home/webrbaew/candycleansestore.co/admin/includes/operations.php
<?php
date_default_timezone_set("America/New_York");
$server_name='localhost';
$username='webrbaew_bakr';
$password='Tzst@12?!^!!';
$database='webrbaew_candycleansestoremy';
$con = mysqli_connect($server_name,$username,$password,$database);
if(session_id() == '') {
session_start();
}
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if (isset($_POST['update_admin_picture'])){
//print_r($_POST); exit;
$admin_id = $_POST['admin_id'];
$filename = time().'_'.rand(1111,9999).'.jpg';
$target = 'uploads/admin/'.$filename;
move_uploaded_file($_FILES['admin_image']['tmp_name'], $target);
$upd = mysqli_query($con, "UPDATE admin SET admin_image='$filename' WHERE admin_id=$admin_id");
header("location:profile.php");
exit();
}
if(isset($_POST['change_setting'])){
$admin_id = $_POST['admin_id'];
$admin_name = $_POST['admin_name'];
$admin_email = $_POST['admin_email'];
$admin_password = $_POST['admin_password'];
mysqli_query($con,"UPDATE admin set admin_name='$admin_name', admin_email='$admin_email', admin_password='$admin_password' WHERE admin_id=$admin_id");
header("location:profile.php?success=1");
exit();
}
if(isset($_POST['add_product'])){
$product_title = $_POST['product_title'];
$product_price = $_POST['product_price'];
$status = $_POST['status'];
$product_description = mysqli_real_escape_string($con, $_POST['product_description']);
mysqli_query($con, "INSERT INTO product SET
product_title='$product_title',
product_price= $product_price,
status= $status,
product_description='$product_description'
");
$item_id=mysqli_insert_id($con);
if($_FILES['item_image_1']['name']!=''){
$image_1=$_FILES['item_image_1'];
$image_name_1 =$item_id.'-image_1-'.basename( $_FILES["item_image_1"]["name"]);
$target_file = "../images/product_images/" .$image_name_1;
if(!(move_uploaded_file($_FILES["item_image_1"]["tmp_name"], $target_file))){
}
}else{
$image_name_1='';
}
mysqli_query($con,"UPDATE `product` set product_image='$image_name_1' where product_id='$item_id'");
header("location:manage_products.php");
exit();
}
// update product
if(isset($_POST['update_product'])){
//print_r($_POST); exit();
$product_id = $_POST['product_id'];
//echo $product_id; exit();
$product_title = $_POST['product_title'];
$product_price = $_POST['product_price'];
$status = $_POST['status'];
$product_description = $_POST['product_description'];
$filename1 = $_FILES['product_image']['name'];
$post_image_temp1 = $_FILES['product_image']['tmp_name'];
move_uploaded_file($post_image_temp1, "../images/product_images/$filename1");
if (empty($filename1)) {
$query = "SELECT * FROM product WHERE product_id=$product_id";
$image_query = mysqli_query($con, $query);
while ($row = mysqli_fetch_array($image_query)) {
$filename1 = $row['product_image'];
}
}
$stmt = mysqli_prepare($con, "UPDATE product SET product_title=?, product_price=$product_price,product_description=?, product_image='$filename1', status= $status WHERE product_id=$product_id");
mysqli_stmt_bind_param($stmt,'ss',$product_title,$product_description);
mysqli_stmt_execute($stmt);
header("location:manage_products.php");
exit();
}
// delete product
if (isset($_POST['delete_product'])){
$product_id = $_POST['product_id'];
$product_image = $_POST['product_image'];
$pdf_name = $_POST['pdf_name'];
//echo $product_image; exit();
unlink('../images/product_images/'.$product_image);
unlink('../pdf_books/'.$pdf_name);
mysqli_query($con, "DELETE FROM product WHERE product_id=$product_id");
header("location:manage_products.php");
exit();
}
// update System Settings
if(isset($_POST['save_config'])){
//print_r($_POST); exit;
$system_name = $_POST['system_name'];
$system_email = $_POST['system_email'];
$system_phone = $_POST['system_phone'];
$system_address = $_POST['system_address'];
$system_facebook = $_POST['system_facebook'];
$system_instagram= $_POST['system_instagram'];
$system_youtube= $_POST['system_youtube'];
$system_twitter= $_POST['system_twitter'];
mysqli_query($con, "UPDATE system_configuration SET
system_name='$system_name',
system_email='$system_email',
system_phone='$system_phone',
system_address='$system_address',
system_facebook='$system_facebook',
system_instagram='$system_instagram',
system_youtube='$system_youtube',
system_twitter='$system_twitter'
");
header("location:system_settings.php");
exit();
}
// Change Logo
if (isset($_POST['update_system_image'])){
//print_r($_POST); exit;
$filename = time().'_'.rand(1111,9999).'.jpg';
$target = 'uploads/logo/'.$filename;
move_uploaded_file($_FILES['system_image']['tmp_name'], $target);
$upd = mysqli_query($con, "UPDATE system_configuration SET system_image='$filename'");
header("location:system_settings.php");
exit();
}
// update title
if(isset($_POST['update_title'])){
//print_r($_POST); exit;
$id = $_POST['id'];
$admin_title = $_POST['admin_title'];
mysqli_query($con, "UPDATE admin SET admin_title='$admin_title' WHERE admin_id=$id");
header("location:view_users.php");
exit();
}
// change banner
if(isset($_POST['change_banner'])){
//print_r($_POST); exit;
$chk = mysqli_query($con, "SELECT * FROM banner");
if(mysqli_num_rows($chk)==0){
if($_FILES['banner_first_image']['name']!=''){
$image_1=$_FILES['banner_first_image'];
$image_name_1 =$item_id.'-image_1-'.basename( $_FILES["banner_first_image"]["name"]);
$target_file = "../images/product_images/" .$image_name_1;
if(!(move_uploaded_file($_FILES["banner_first_image"]["tmp_name"], $target_file))){
}
}else{
$image_name_1='';
}
mysqli_query($con,"INSERT INTO `banner` set banner_first_image='$image_name_1'");
header("location:banner.php");
exit();
} else {
$image_query='';
if($_FILES['banner_first_image']['name']!=''){
$image_1=$_FILES['banner_first_image'];
$image_name_1 =$item_id.'-image_1-'.basename( $_FILES["banner_first_image"]["name"]);
$target_file = "../images/banner_images/" .$image_name_1;
move_uploaded_file($_FILES["banner_first_image"]["tmp_name"], $target_file);
$image_query.=" banner_first_image='".$image_name_1."',";
}else{
$image_name_1='';
}
if($image_name_1!=''){
$image_query=rtrim($image_query, ',');
mysqli_query($con,"UPDATE `banner` set ".$image_query."");
}
header("location:banner.php");
exit();
}
}
// Add testimonials
if(isset($_POST['add_testimonial'])){
$category_name = date("Y-m-d");
mysqli_query($con, "INSERT INTO category SET c_name='$category_name'");
$item_id=mysqli_insert_id($con);
if($_FILES['item_image_1']['name']!=''){
$image_1=$_FILES['item_image_1'];
$image_name_1 =$item_id.'-image_1-'.basename( $_FILES["item_image_1"]["name"]);
$target_file = "uploads/testimonials/" .$image_name_1;
if(!(move_uploaded_file($_FILES["item_image_1"]["tmp_name"], $target_file))){
}
}else{
$image_name_1='';
}
mysqli_query($con,"UPDATE `category` set picture='$image_name_1' where c_id='$item_id'");
header("location:testimonials.php");
exit();
}
// update testimonials
if(isset($_POST['edit_testimonial'])){
//print_r($_POST); exit;
$category_id = $_POST['category_id'];
$$category_name = date("Y-m-d");
mysqli_query($con, "UPDATE category SET c_name='$category_name' WHERE c_id=$category_id");
$image_query='';
if($_FILES['item_image_1']['name']!=''){
$image_1=$_FILES['item_image_1'];
$image_name_1 =$item_id.'-image_1-'.basename( $_FILES["item_image_1"]["name"]);
$target_file = "uploads/testimonials/" .$image_name_1;
move_uploaded_file($_FILES["item_image_1"]["tmp_name"], $target_file);
$image_query.=" picture='".$image_name_1."',";
}else{
$image_name_1='';
}
if($image_name_1!=''){
$image_query=rtrim($image_query, ',');
mysqli_query($con,"UPDATE `category` set ".$image_query." where c_id='$category_id'");
}
header("location:testimonials.php");
exit();
}
// delete testimonials
if (isset($_POST['delete_testimonial'])){
$c_id = $_POST['c_id'];
$picture_name = $_POST['picture_name'];
unlink('uploads/testimonials/'.$picture_name);
mysqli_query($con, "DELETE FROM category WHERE c_id=$c_id");
header("location:testimonials.php");
exit();
}
// update stripe keys
if(isset($_POST['save_stripe_config'])){
//print_r($_POST); exit();
//echo $product_id; exit();
$public_key = $_POST['public_key'];
$secret_key = $_POST['secret_key'];
$stmt = mysqli_prepare($con, "UPDATE system_configuration SET public_key=?, secret_key=?");
mysqli_stmt_bind_param($stmt,'ss',$public_key,$secret_key);
mysqli_stmt_execute($stmt);
header("location:system_settings.php");
exit();
}
if (isset($_GET['complete_order'])) {
$order_id = intval($_GET['complete_order']);
mysqli_query($con, "UPDATE orders SET order_complete = 1 WHERE id = $order_id");
$get_record = mysqli_query($con, "SELECT * FROM orders WHERE id=$order_id");
$get_row = mysqli_fetch_array($get_record);
$email = $get_row['customer_email'];
$name = $get_row['customer_name'];
$order_number = $get_row['order_id'];
$order_status = 'https://candycleansestore.co/tracking-order.php?id='.$order_number;
$to = $email;
$from = 'info@candycleansestore.co';
$subject = 'Your Candy Cleanse Order Has Shipped!';
$message = '
<html>
<body class="em_body" style="margin: 0px auto; padding: 0px;" bgcolor="#efefef">
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="em_full_wrap" bgcolor="#efefef">
<tbody>
<tr>
<td align="center" valign="top">
<table align="center" border="0" cellpadding="0" cellspacing="0" class="em_main_table" style="width: 650px; table-layout: fixed;" width="650" bgcolor="#ffffff">
<!-- Start Pre header section -->
<tbody style="background: url(images/bg.PNG) no-repeat;width:100px;background-position: center center;background-size: 600px;">
<tr>
<td align="center" style="background-color: #efefef; border-bottom: 3px solid white;">
<table bgcolor="#efefef" border="0" cellpadding="0" cellspacing="0" class="em_wrapper" width="100%">
<tbody>
<tr>
<td align="center" style="font-family: Helvetica, Arial, sans-serif; font-size: 10px; color: #8e8e8e; line-height: 20px; padding: 5px 0;">
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<!-- End Pre header section -->
<tr>
<td align="center" valign="top" style="padding: 20px 10px;">
<a data-link-name="Candy Cleanse" href="https://webriders.co/demos/candy-weightloss/" target="_blank" title="Candy Cleanse">
<img src="https://candycleansestore.co/images/logo.PNG" width="200" alt="Candy Cleanse" border="0" style="border-radius: 15px !important;float:center;max-width: 140px;height: auto; background: #ffffff; display: block; border: 0px;margin-bottom:10px" />
</a>
<b>ORDER #: '.$order_number.'</b>
<p style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; line-height: 10px; color: #1c1c1c; padding: 8px">
<b>FROM:</b>
Candy Cleanse
</p>
</td>
</tr>
<tr>
<td align="left" valign="top" style="font-family: Helvetica, Arial, sans-serif; font-size: 16px; line-height: 26px; color: #1c1c1c;">
<!-- Start EMail Body -->
<table>
<tbody>
<tr>
<td align="left" valign="top" style="font-family: Helvetica, Arial, sans-serif; font-size: 15px; line-height: 27px; color: #1c1c1c; padding: 20px 30px 8px 30px; font-weight: bold;">
Dear '.$name.',
</td>
</tr>
<tr>
<td align="left" class="Pad_LR20" valign="top" style="font-family: Helvetica, Arial, sans-serif; font-size: 15px; line-height: 26px; color: #1c1c1c; padding: 8px 40px 15px 30px;">
<p>
Thank you for your order. It’s on the way! We are excited to hear how Candy Cleanse is working for you!
</p>
<p>
Tag @CoachStormy on your stories on Instagram and use #CandyCleanse. She’d love to feature you!
</p>
<p>
Track Order here: '.$order_status.'
</p>
<p>
<b>Here’s to your health!</b>
</p>
<p>
<b>The Candy Cleanse Team</b>
</p>
</td>
</tr>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td align="center" style="background-color: #f7f7f7;">
<table bgcolor="#f7f7f7" border="0" cellpadding="0" cellspacing="0" class="em_wrapper" width="100%">
<tbody>
<tr>
<td align="center" style="padding: 10px;" valign="top" class="Pad_LR22">
<table align="center" border="0" cellpadding="0" width="600" cellspacing="0" style="width: 600px;" class="em_wrapper">
<tbody>
<tr>
<td align="center">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td
align="center"
valign="top"
style="font-family: Helvetica, Arial, sans-serif; font-size: 12px; line-height: 16px; color: black; padding: 8px 0px 0px 0px; text-align: left;"
>
<center><p>Copyright © - 2024 Stormy Wellington, Inc. All Rights Reserved.</p></center>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>';
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=UTF-8\r\n";
$headers .= 'From: ' . $from . "\r\n";
mail($to,$subject,$message,$headers);
header("location:../order_details.php?oid=$order_id");
exit();
}
?>
Back to Directory
File Manager