Devil Killer Is Here MiNi Shell
MiNi SheLL

Current Path : /hermes/bosnacweb04/bosnacweb04ac/b1072/ipg.liuyuan7592410/wb_ecom/admin/
Linux boscustweb5004.eigbox.net 5.4.91 #1 SMP Wed Jan 20 18:10:28 EST 2021 x86_64
Current File : /hermes/bosnacweb04/bosnacweb04ac/b1072/ipg.liuyuan7592410/wb_ecom/admin/manage_product.php
<?PHP 
	require "top.inc.php";
	$allowedRole = SUPER_ADMIN|ADMIN|VENDOR_ADMIN|VENDOR_USER|RETAILER_ADMIN|RETAILER_USER;
	whoAllowed($allowedRole);
	$categories_id = "";
	$sub_categories_id = "";
	$product_name = "";
	$product_name_en = "";
	$product_code = "";
	$mrp = "";
	$price = "";
	$qty = "";
	$image = "";
	$short_desc = "";
	$description = "";
	$short_desc_en = "";
	$description_en = "";
	$meta_title = "";
	$meta_desc = "";
	$meta_keyword = "";
	$status = "";
	$best_seller = 
	$role_field = "";
	$role_field_id = 0;
	$slide_id = "";
	$slide_txt1 = "";
	$slide_txt2 = "";
	$slide_txt1_en = "";
	$slide_txt2_en = "";

	$msg = "";
	$image_required = "required";

	$condition = "";
	if(($_SESSION['ADMIN_ROLE']&(VENDOR_ADMIN|VENDOR_USER))!=0){
		$condition =  " and a.added_by=b.id and b.vendor_id=c.vendor_id and c.id='".$_SESSION['ADMIN_ID']."'";
		$role_field = "vendor";
		$role_field_id = $_SESSION['VENDOR_ID'];
	}elseif(($_SESSION['ADMIN_ROLE']&(RETAILER_ADMIN|RETAILER_USER))!=0){
		$condition =  " and a.added_by=b.id and b.retailer_id=c.retailer_id and c.id='".$_SESSION['ADMIN_ID']."'";
		$role_field = "r_vendor";
		$role_field_id = $_SESSION['RETAILER_ID'];
	}else{
		$condition =  " and a.added_by=b.id and a.added_by=c.id";
		$select_vendor_attr = "required";
	}

	if(isset($_GET["id"]) && ($_GET["id"]!="")){
		/*View or Edit Existed product*/
		$image_required = "";
		$id = get_safe_value($con,$_GET["id"]);
		$sql = "select d.*,e.id slide_id, e.txt1, e.txt1_en, e.txt2, e.txt2_en from (select a.* from t_product a,t_admin_users b,t_admin_users c where a.id=\"".$id."\"".$condition.") d left join t_front_pg_ads e on e.pid=d.id";
		$res = mysqli_query($con,$sql);
		$check = mysqli_num_rows($res);
		if($check>0){
			$row = mysqli_fetch_assoc($res);
			$categories_id = $row["categories_id"];
			$sub_categories_id = $row["sub_categories_id"];
			$product_code = $row["code"];
			$product_name = $row["name"];
			$product_name_en = $row["name_en"];
			$mrp = $row["mrp"];
			$price = $row["price"];
			$qty = $row["qty"];
			$image = $row["image"];
			$video = $row["video"];
			$old_image_file = PRODUCT_IMAGE_SERVER_PATH.$row['image'];
			$old_video_file = PRODUCT_VIDEO_SERVER_PATH.$row['video'];
			$short_desc = $row["short_desc"];
			$description = $row["description"];
			$short_desc_en = $row["short_desc_en"];
			$description_en = $row["description_en"];
			$meta_title = $row["meta_title"];
			$meta_desc = $row["meta_desc"];
			$meta_keyword = $row["meta_keyword"];
			$best_seller = $row["best_seller"];
			if($_SESSION['ADMIN_ROLE']==ADMIN){
				$select_vendor_attr = "disabled";
				$role_field = ($row['r_vendor']==0)?"vendor":"r_vendor";
				$role_field_id = ($row['r_vendor']==0)?$row['vendor']:$row['r_vendor'];
				$slide_id = $row['slide_id'];
				$slide_txt1 = $row['txt1'];
				$slide_txt2 = $row['txt2'];
				$slide_txt1_en = $row['txt1_en'];
				$slide_txt2_en = $row['txt2_en'];
			}
		}else{
			header("location:product.php");
			die();		
		}
	}

//	prx($_POST);
	if(isset($_POST["submit"])){
		/*edit a existed product or added a new product*/
		$categories_id = get_safe_value($con,$_POST["categories_id"]);
		$sub_categories_id = get_safe_value($con,$_POST["sub_categories_id"]);
		$product_code = get_safe_value($con,$_POST["product_code"]);
		$product_name = get_safe_value($con,$_POST["product_name"]);
		$product_name_en = get_safe_value($con,$_POST["product_name_en"]);
		$mrp = get_safe_value($con,$_POST["mrp"])*100;
		$price = get_safe_value($con,$_POST["price"])*100;
		$qty = get_safe_value($con,$_POST["qty"]);
		$short_desc = get_safe_value($con,$_POST["short_desc"]);
		$description = get_safe_value($con,$_POST["description"]);
		$short_desc_en = get_safe_value($con,$_POST["short_desc_en"]);
		$description_en = get_safe_value($con,$_POST["description_en"]);
		$meta_title = get_safe_value($con,$_POST["meta_title"]);
		$meta_desc = get_safe_value($con,$_POST["meta_desc"]);
		$meta_keyword = get_safe_value($con,$_POST["meta_keyword"]);
		$best_seller = get_safe_value($con,$_POST["best_seller"]);
		if($_SESSION['ADMIN_ROLE']==ADMIN){
			if(!isset($_GET["id"])||($_GET["id"]=="")){
				$vendor_id = get_safe_value($con,$_POST["vendor_id"]);
				if(substr($vendor_id,0,1)=="r"){
					$role_field = "r_vendor";
					$role_field_id = substr($vendor_id,2);
				}else{
					$role_field = "vendor";
					$role_field_id = $vendor_id;
				}
			}
			$slide_txt1 = isset($_POST['slide_txt1'])?get_safe_value($con,$_POST["slide_txt1"]):"";
			$slide_txt2 = isset($_POST['slide_txt2'])?get_safe_value($con,$_POST["slide_txt2"]):"";
			$slide_txt1_en = isset($_POST['slide_txt1_en'])?get_safe_value($con,$_POST["slide_txt1_en"]):"";
			$slide_txt2_en = isset($_POST['slide_txt2_en'])?get_safe_value($con,$_POST["slide_txt2_en"]):"";
		}

		$sql = "select * from t_product where code=\"".$product_code."\"";
		$res = mysqli_query($con,$sql);
		$check = mysqli_num_rows($res);
		if($check>0){
			if(isset($_GET["id"]) && $_GET["id"]!=""){
				$row = mysqli_fetch_assoc($res);
				if($id!=$row["id"]){
					$msg = "Product code already exist, please change another one";
				}
			}else{
				$msg = "Product code already exist, please change another one";
			}
		}

/*		if($_FILES["image"]["type"]=="" || (($_FILES["image"]["type"]!="image/png") && ($_FILES["image"]["type"]!="image/jpg") && ($_FILES["image"]["type"]!="image/jpeg"))){
			$msg = "Please select only .png, .jpg or .jpeg format image file to upload!";
		}*/
		if(isset($_GET['id']) && $_GET['id']!=""){
			/*edit existed product*/
			if($_FILES['image']['type']!=''){
				if($_FILES['image']['type']!='image/png' && $_FILES['image']['type']!='image/jpg' && $_FILES['image']['type']!='image/jpeg'){
					$msg="Please select only png, jpg and jpeg image formate";
				}
			}

		}else{
			/*add new product*/
			if(isset($_FILES['image']['type'])){
				if($_FILES['image']['type']!='image/png' && $_FILES['image']['type']!='image/jpg' && $_FILES['image']['type']!='image/jpeg'){
					$msg="Please select only png, jpg and jpeg image formate";
				}
			}else{
				$msg = "Please upload product image file.";
			}
		}
		
		if($_FILES['video']['type']!=''){
			if($_FILES['video']['type']!='video/mp4' && $_FILES['image']['type']!='video/webm' && $_FILES['image']['type']!='video/ogg'){
				$msg="Please select only mp4, webm or ogg video formate";
			}
		}

		if($msg==""){
			if(isset($_GET["id"]) && $_GET["id"]!=""){
			/*edit existed product*/
				$sql = "update t_product set categories_id='$categories_id',sub_categories_id='$sub_categories_id',code='$product_code',name='$product_name',name_en='$product_name_en',mrp='$mrp',price='$price',qty='$qty',short_desc='$short_desc',short_desc_en='$short_desc_en',description='$description',description_en='$description_en',meta_title='$meta_title',meta_desc='$meta_desc',meta_keyword='$meta_keyword',best_seller='$best_seller'";
				if($_FILES['image']['name']!=""){
					unlink($old_image_file);
					$image = rand(111111111,999999999)."_".$_FILES['image']['name'];
					move_uploaded_file($_FILES['image']['tmp_name'], PRODUCT_IMAGE_SERVER_PATH.$image);
					$sql .= ",image='$image' ";
				}
				if($_FILES['video']['name']!=""){
					unlink($old_video_file);
					$video = rand(111111111,999999999)."_".$_FILES['video']['name'];
					move_uploaded_file($_FILES['video']['tmp_name'], PRODUCT_VIDEO_SERVER_PATH.$video);
					$sql .= ",video='$video' ";
				}
				$sql .= " where id='$id'";
				mysqli_query($con,$sql);
				if(($_SESSION['ADMIN_ROLE']&ADMIN)!=0){
					$sql_ads = "select * from t_front_pg_ads where pid='$id'";
					$res = mysqli_query($con,$sql_ads);
					if(isset($_POST['slide'])){
						if(mysqli_num_rows($res)>0){
							if(($slide_txt1!="")||($slide_txt2!="")){
								$sql_ads = "update t_front_pg_ads set txt1='$slide_txt1',txt1_en='$slide_txt1_en',txt2='$slide_txt2',txt2_en='$slide_txt2_en' where pid='$id'";					
							}else{
								$sql_ads = "delete from t_front_pg_ads where pid='$id'";
							}
						}else{
							copy(PRODUCT_IMAGE_SERVER_PATH.$image,FRONT_SLIDER_IMG_SERVER_PATH.$image);
							if($video!=""){
								copy(PRODUCT_VIDEO_SERVER_PATH.$video,FRONT_SLIDER_VIDEO_SERVER_PATH.$video);
							}
							$sql_ads = "insert into t_front_pg_ads (image,video,pid,txt1,txt1_en,txt2,txt2_en,weight,status) values ('$image','$video','$id','$slide_txt1','$slide_txt1_en','$slide_txt2','$slide_txt2_en',50,1)";
						}
					}else{
						if(mysqli_num_rows($res)>0){
							$row = mysqli_fetch_assoc($res);
							if($row['image']!=""){
								unlink(FRONT_SLIDER_IMG_SERVER_PATH.$row['image']);
							}if($row['video']!=""){
								unlink(FRONT_SLIDER_VIDEO_SERVER_PATH.$row['video']);
							}
						}
						$sql_ads = "delete from t_front_pg_ads where pid='$id'";
					}
					mysqli_query($con,$sql_ads);
				}
			}else{
			/*add new product*/
				$image = rand(111111111,999999999)."_".$_FILES['image']['name'];
				move_uploaded_file($_FILES['image']['tmp_name'], PRODUCT_IMAGE_SERVER_PATH.$image);
				$video = "";
				if($_FILES['video']['name']!=""){
					$video = rand(111111111,999999999)."_".$_FILES['video']['name'];
					move_uploaded_file($_FILES['video']['tmp_name'], PRODUCT_VIDEO_SERVER_PATH.$video);
				}
				$sql = "insert into t_product(categories_id,sub_categories_id,code,name,name_en,mrp,price,qty,image,video,short_desc,short_desc_en,description,description_en,best_seller,meta_title,meta_desc,meta_keyword,added_by,$role_field,status) values('$categories_id','$sub_categories_id','$product_code','$product_name','$product_name_en','$mrp','$price','$qty','$image','$video','$short_desc','$short_desc_en','$description','$description_en','$best_seller','$meta_title','$meta_desc','$meta_keyword','".$_SESSION['ADMIN_ID']."','$role_field_id','1')";
				mysqli_query($con,$sql);
				$pid = mysqli_insert_id($con);		

				if((($_SESSION['ADMIN_ROLE']&ADMIN)!=0)&(isset($_POST['slide']))){
					copy(PRODUCT_IMAGE_SERVER_PATH.$image,FRONT_SLIDER_IMG_SERVER_PATH.$image);
					if($video!=""){
						copy(PRODUCT_VIDEO_SERVER_PATH.$video,FRONT_SLIDER_VIDEO_SERVER_PATH.$video);
					}
					$sql_ads = "insert into t_front_pg_ads (image,video,pid,txt1,txt1_en,txt2,txt2_en,weight,status) values ('$image','$video','$pid','$slide_txt1','$slide_txt1_en','$slide_txt2','$slide_txt2_en',50,1)";
					mysqli_query($con,$sql_ads);
				}
			}
			header("location:product.php");
			die();	
		}
	}

?>
<div class="content pb-0">
	<div class="animated fadeIn">
		<div class="row">
			<div class="col-lg-12">
				<div class="card">
					<div class="card-header"><strong>Product</strong><small> Form</small></div>
					<form method="POST" enctype="multipart/form-data">
						<div class="card-body card-block">
							<?PHP
								if($_SESSION['ADMIN_ROLE']==ADMIN){
							?>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Vendor</label>
								<select class="form-control" name="vendor_id" id="vendor_id" <?php echo $select_vendor_attr;?> >
									<option value="" >Select Vendor</option>
									<?PHP
									$res = mysqli_query($con,"select * from t_vendor where status=".ALL_ACTIVE);
									while($row = mysqli_fetch_assoc($res)){
										if(($role_field=="vendor")&&($row["id"]==$role_field_id)){
											echo "<option selected value=\"".$row["id"]."\" >vendor:".$row['id']."--".$row["name"]."(".$row['mobile'].":".$row['email'].")</option>\n";
										}else{
											echo "<option value=\"".$row["id"]."\" >vendor:".$row['id']."--".$row["name"]."(".$row['mobile'].":".$row['email'].")</option>\n";
										}
									}
									$res = mysqli_query($con,"select * from t_retailer where status=".ALL_ACTIVE);
									while($row = mysqli_fetch_assoc($res)){
										if(($role_field=="r_vendor")&&($row["id"]==$role_field_id)){
											echo "<option selected value=\"r_".$row["id"]."\" >retailer:".$row['id']."--".$row["name"]."(".$row['mobile'].":".$row['email'].")</option>\n";
										}else{
											echo "<option value=\"r_".$row["id"]."\" >retailer:".$row['id']."--".$row["name"]."(".$row['mobile'].":".$row['email'].")</option>\n";
										}
									}
									?>
								</select>
							</div>	
							<?PHP			
								}
							?>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Categories</label>
								<select class="form-control" name="categories_id" id="categories_id" onchange="get_sub_cat()" required>
									<option value="">Select Category</option>
									<?PHP
									$res = mysqli_query($con,"select id,categories,categories_en from t_categories order by categories asc");
									while($row = mysqli_fetch_assoc($res)){
										if($row["id"]==$categories_id){
											echo "<option selected value=".$row["id"].">".$row["categories"]." - ".$row["categories_en"]."</option>\n";
										}else{
											echo "<option value=".$row["id"].">".$row["categories"]." - ".$row["categories_en"]."</option>\n";
										}
									}
									?>
								</select>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Sub Categories</label>
								<select class="form-control" name="sub_categories_id" id="sub_categories_id" >
									<option value="">Select Sub Category</option>
									<?PHP
										if(isset($_GET["id"]) && ($_GET["id"]!="")){
											$sql = "select * from t_sub_categories where categories_id='$categories_id' and status='1'";
											$res = mysqli_query($con,$sql);
											if(mysqli_num_rows($res)>0){
												while($row=mysqli_fetch_assoc($res)){
													if($row['id'] == $sub_categories_id){
														echo "<option value=\"".$row['id']."\" selected>".$row['sub_categories']." - ".$row['sub_categories_en']."</option>";
													}else{
														echo "<option value=\"".$row['id']."\">".$row['sub_categories']." - ".$row['sub_categories_en']."</option>";
													}
												}
											}else{
												echo "<option value=\"\">No sub categories found</option>";
											}
										}
									?>
								</select>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Product Code</label>
								<input type="text" name="product_code" placeholder="Enter product code" class="form-control" required value='<?PHP echo $product_code;?>'>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Product Name</label>
								<input type="text" name="product_name" placeholder="Enter product name" class="form-control" required value='<?PHP echo $product_name;?>'>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Product Name (English)</label>
								<input type="text" name="product_name_en" placeholder="Enter product name" class="form-control" required value='<?PHP echo $product_name_en;?>'>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Best Seller</label>
								<select class="form-control" name="best_seller">
								<?PHP
									switch($best_seller){
										case "1":
											echo "<option value=''>Select</option><option value='1' selected>Yes</option><option value='0'>No</option>";
										break;
										case "0":
											echo "<option value=''>Select</option><option value='1'>Yes</option><option value='0' selected>No</option>";
										break;
										default:
											echo "<option value='' selected>Select</option><option value='1'>Yes</option><option value='0'>No</option>";
									} 
								?>
								</select>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">MRP</label>
								<input type="text" name="mrp" placeholder="Enter product mrp" class="form-control" required value='<?PHP echo ($mrp!="")?($mrp/100):"";?>'>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Price</label>
								<input type="text" name="price" placeholder="Enter product price" class="form-control" required value='<?PHP echo ($price!="")?$price/100:"";?>'>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Qty</label>
								<input type="text" name="qty" placeholder="Enter product qty" class="form-control" required value='<?PHP echo $qty;?>'>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Image</label>
								<input type="file" name="image" class="form-control" <?PHP echo $image_required;?>>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Video</label>
								<input type="file" name="video" class="form-control">
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Short Description</label>
								<textarea name="short_desc" placeholder="Enter product short description" class="form-control" required><?PHP echo $short_desc;?></textarea>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Short Description (English)</label>
								<textarea name="short_desc_en" placeholder="Enter product short description" class="form-control"><?PHP echo $short_desc_en;?></textarea>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Description</label>
								<textarea name="description" placeholder="Enter product description" id="description" class="form-control" required><?PHP echo $description;?></textarea>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Description (English)</label>
								<textarea name="description_en" placeholder="Enter product description" id="description_en" class="form-control"><?PHP echo $description_en;?></textarea>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Meta Title</label>
								<textarea name="meta_title" placeholder="Enter product meta title" class="form-control"><?PHP echo $meta_title;?></textarea>
							</div>
							<div class="form-group">
								<label for="categories" class=" form-control-label">Meta Description</label>
								<textarea name="meta_desc" placeholder="Enter product meta description" class="form-control"><?PHP echo $meta_desc;?></textarea>
							</div>
							<div class="form-group">
								<label for="meta_keyword" class=" form-control-label">Meta Key word</label>
								<textarea name="meta_keyword" placeholder="Enter product meta key word" class="form-control"><?PHP echo $meta_keyword;?></textarea>
							</div>
							<?PHP
								if(($_SESSION['ADMIN_ROLE']&(SUPER_ADMIN|ADMIN))!=0){
							?>
							<div class="form-group">
								<label for="meta_keyword" class=" form-control-label controller-wrap"><label><input class="controller" type="checkbox" name="slide" style="margin-right:10px;" <?PHP echo ($slide_id)?"checked":""?>/>Show Image in Front Page Slide</label></label>
								<div class="controlled">
									<label for="meta_keyword" class=" form-control-label">Front Page Slide Text1</label>
									<input type="text" name="slide_txt1" placeholder="Enter text1 in front page slide" class="form-control" value="<?PHP echo $slide_txt1;?>"/>
									<label for="meta_keyword" class=" form-control-label" style="margin-top: 15px">Front Page Slide Text1 (English)</label>
									<input type="text" name="slide_txt1_en" placeholder="Enter text1 in front page slide" class="form-control" value="<?PHP echo $slide_txt1_en;?>"/>
									<label for="meta_keyword" class=" form-control-label" style="margin-top: 15px">Front Page Slide Text2</label>
									<input type="text" name="slide_txt2" placeholder="Enter text2 in front page slide" class="form-control" value="<?PHP echo $slide_txt2;?>"/>
									<label for="meta_keyword" class=" form-control-label" style="margin-top: 15px">Front Page Slide Text2 (English)</label>
									<input type="text" name="slide_txt2_en" placeholder="Enter text2 in front page slide" class="form-control" value="<?PHP echo $slide_txt2_en;?>"/>
								</div>
							</div>
							<?PHP
								}
							?>
							<button id="payment-button" name="submit" type="submit" class="btn btn-lg btn-info btn-block">
							<span id="payment-button-amount" name="submit">Submit</span>
							</button>
							<div class="field-error"><?PHP echo $msg;?></div>
						</div>
					</form>
				</div>
			</div>
		</div>
	</div>
</div>

<script src="js/jquery-3.2.1.min.js"></script>
<script type="text/javascript">
$(function(){
	$(".controller[checked]").closest(".controller-wrap").next(".controlled").show();
	$(".controller").on("change",function(){
		if($(this).prop("checked")){
			$(this).closest(".controller-wrap").next(".controlled").show();
		}else{
			$(this).closest(".controller-wrap").next(".controlled").hide();
		}
	});
})

function get_sub_cat(){
	var categories_id = jQuery("#categories_id").val();
	jQuery.ajax({
		url: "get_sub_cat.php",
		method: "post",
		data: "categories_id="+categories_id,
		success: function(result){
			jQuery("#sub_categories_id").html(result);
		}
	});
}
</script>
<?PHP 
	require "footer.inc.php";
?>
Creat By MiNi SheLL
Email: devilkiller@gmail.com