V1rus Private
User / IP
:
216.73.217.108
Host / Server
:
190.92.174.125 / aerosofthealthcare.com
System
:
Linux s3739.bom1.stableserver.net 4.18.0-513.24.1.lve.2.el8.x86_64 #1 SMP Fri May 24 12:42:50 UTC 2024 x86_64
Cmd
|
Upload
|
Mass Deface
|
Create
|
Sym
:
/
home
/
aerosoft
/
public_html
/
InventorySystem
/
includes
/
Viewing: sql.php
<?php require_once('includes/load.php'); /*--------------------------------------------------------------*/ /* Function for find all database table rows by table name /*--------------------------------------------------------------*/ function find_all($table) { global $db; if(tableExists($table)) { return find_by_sql("SELECT * FROM ".$db->escape($table)); } } /*--------------------------------------------------------------*/ /* Function for Perform queries /*--------------------------------------------------------------*/ function find_by_sql($sql) { global $db; $result = $db->query($sql); $result_set = $db->while_loop($result); return $result_set; } /*--------------------------------------------------------------*/ /* Function for Find data from table by id /*--------------------------------------------------------------*/ function find_by_id($table,$id) { global $db; $id = (int)$id; if(tableExists($table)){ $sql = $db->query("SELECT * FROM {$db->escape($table)} WHERE id='{$db->escape($id)}' LIMIT 1"); if($result = $db->fetch_assoc($sql)) return $result; else return null; } } /*--------------------------------------------------------------*/ /* Function for Delete data from table by id /*--------------------------------------------------------------*/ function delete_by_id($table,$id) { global $db; if(tableExists($table)) { $sql = "DELETE FROM ".$db->escape($table); $sql .= " WHERE id=". $db->escape($id); $sql .= " LIMIT 1"; $db->query($sql); return ($db->affected_rows() === 1) ? true : false; } } /*--------------------------------------------------------------*/ /* Function for Count id By table name /*--------------------------------------------------------------*/ function count_by_id($table){ global $db; if(tableExists($table)) { $sql = "SELECT COUNT(id) AS total FROM ".$db->escape($table); $result = $db->query($sql); return($db->fetch_assoc($result)); } } /*--------------------------------------------------------------*/ /* Determine if database table exists /*--------------------------------------------------------------*/ function tableExists($table){ global $db; // Check if database connection is available if (!$db) { error_log("Database connection not available in tableExists function"); return false; } $table_exit = $db->query('SHOW TABLES FROM '.DB_NAME.' LIKE "'.$db->escape($table).'"'); if($table_exit) { if($db->num_rows($table_exit) > 0) return true; else return false; } return false; } /*--------------------------------------------------------------*/ /* Login with the data provided in $_POST, /* coming from the login form. /*--------------------------------------------------------------*/ function authenticate($username='', $password='') { global $db; $username = $db->escape($username); $password = $db->escape($password); $sql = sprintf("SELECT id,username,password,user_level FROM users WHERE username ='%s' LIMIT 1", $username); $result = $db->query($sql); if($db->num_rows($result)){ $user = $db->fetch_assoc($result); $password_request = sha1($password); if($password_request === $user['password'] ){ return $user['id']; } } return false; } /*--------------------------------------------------------------*/ /* Login with the data provided in $_POST, /* coming from the login_v2.php form. /* If you used this method then remove authenticate function. /*--------------------------------------------------------------*/ function authenticate_v2($username='', $password='') { global $db; $username = $db->escape($username); $password = $db->escape($password); $sql = sprintf("SELECT id,username,password,user_level FROM users WHERE username ='%s' LIMIT 1", $username); $result = $db->query($sql); if($db->num_rows($result)){ $user = $db->fetch_assoc($result); $password_request = sha1($password); if($password_request === $user['password'] ){ return $user; } } return false; } /*--------------------------------------------------------------*/ /* Find current log in user by session id /*--------------------------------------------------------------*/ function current_user(){ static $current_user; global $db; if(!$current_user){ if(isset($_SESSION['user_id'])): $user_id = intval($_SESSION['user_id']); $current_user = find_by_id('users',$user_id); endif; } return $current_user; } /*--------------------------------------------------------------*/ /* Find all user by /* Joining users table and user gropus table /*--------------------------------------------------------------*/ function find_all_user(){ global $db; $results = array(); $sql = "SELECT u.id,u.name,u.username,u.user_level,u.status,u.last_login,"; $sql .="g.group_name "; $sql .="FROM users u "; $sql .="LEFT JOIN user_groups g "; $sql .="ON g.group_level=u.user_level ORDER BY u.name ASC"; $result = find_by_sql($sql); return $result; } /*--------------------------------------------------------------*/ /* Function to update the last log in of a user /*--------------------------------------------------------------*/ function updateLastLogIn($user_id) { global $db; $date = make_date(); $sql = "UPDATE users SET last_login='{$date}' WHERE id ='{$user_id}' LIMIT 1"; $result = $db->query($sql); return ($result && $db->affected_rows() === 1 ? true : false); } /*--------------------------------------------------------------*/ /* Find all Group name /*--------------------------------------------------------------*/ function find_by_groupName($val) { global $db; $sql = "SELECT group_name FROM user_groups WHERE group_name = '{$db->escape($val)}' LIMIT 1 "; $result = $db->query($sql); return($db->num_rows($result) === 0 ? true : false); } /*--------------------------------------------------------------*/ /* Find group level /*--------------------------------------------------------------*/ function find_by_groupLevel($level) { global $db; $sql = "SELECT group_level FROM user_groups WHERE group_level = '{$db->escape($level)}' LIMIT 1 "; $result = $db->query($sql); return($db->num_rows($result) === 0 ? true : false); } /*--------------------------------------------------------------*/ /* Function for cheaking which user level has access to page /*--------------------------------------------------------------*/ function page_require_level($require_level){ global $session; $current_user = current_user(); $login_level = find_by_groupLevel($current_user['user_level']); //if user not login // if user not login if (!$session->isUserLoggedIn(true)): $session->msg('d', 'Please login...'); redirect('index.php', false); // if Group status Deactive elseif (is_array($login_level) && isset($login_level['group_status']) && $login_level['group_status'] === '0'): $session->msg('d', 'This level user has been banned!'); redirect('home.php', false); // check if login user level and required level elseif (isset($current_user['user_level']) && $current_user['user_level'] <= (int)$require_level): return true; else: $session->msg("d", "Sorry! you don’t have permission to view the page."); redirect('home.php', false); endif; } /*--------------------------------------------------------------*/ /* Function for Finding all product name /* JOIN with categorie and media database table /*--------------------------------------------------------------*/ function join_product_table(){ global $db; $sql = "SELECT p.id, p.name, p.quantity, p.buy_price, p.sale_price, p.pack_size, "; $sql .= "p.media_id, p.date, c.name AS categorie, m.file_name AS image "; $sql .= "FROM products p "; $sql .= "LEFT JOIN categories c ON c.id = p.categorie_id "; $sql .= "LEFT JOIN media m ON m.id = p.media_id "; $sql .= "ORDER BY p.id ASC"; return find_by_sql($sql); } /*--------------------------------------------------------------*/ /* Function for Finding all product name /* Request coming from ajax.php for auto suggest /*--------------------------------------------------------------*/ function find_product_by_title($product_name){ global $db; $p_name = remove_junk($db->escape($product_name)); $sql = "SELECT name FROM products WHERE name like '%$p_name%' LIMIT 5"; $result = find_by_sql($sql); return $result; } /*--------------------------------------------------------------*/ /* Function for Finding all product info by product title /* Request coming from ajax.php /*--------------------------------------------------------------*/ function find_all_product_info_by_title($title){ global $db; $sql = "SELECT * FROM products "; $sql .= " WHERE name ='{$title}'"; $sql .=" LIMIT 1"; return find_by_sql($sql); } /*--------------------------------------------------------------*/ /* Function for Update product quantity /*--------------------------------------------------------------*/ function update_product_qty($qty,$p_id){ global $db; $qty = (int) $qty; $id = (int)$p_id; $sql = "UPDATE products SET quantity=quantity -'{$qty}' WHERE id = '{$id}'"; $result = $db->query($sql); return($db->affected_rows() === 1 ? true : false); } /*--------------------------------------------------------------*/ /* Function for Display Recent product Added /*--------------------------------------------------------------*/ function find_recent_product_added($limit){ global $db; $sql = " SELECT p.id,p.name,p.sale_price,p.media_id,c.name AS categorie,"; $sql .= "m.file_name AS image FROM products p"; $sql .= " LEFT JOIN categories c ON c.id = p.categorie_id"; $sql .= " LEFT JOIN media m ON m.id = p.media_id"; $sql .= " ORDER BY p.id DESC LIMIT ".$db->escape((int)$limit); return find_by_sql($sql); } /*--------------------------------------------------------------*/ /* Function for Find Highest saleing Product /*--------------------------------------------------------------*/ function find_higest_saleing_product($limit){ global $db; $sql = "SELECT p.name, COUNT(s.product_id) AS totalSold, SUM(s.qty) AS totalQty"; $sql .= " FROM sales s"; $sql .= " LEFT JOIN products p ON p.id = s.product_id "; $sql .= " GROUP BY s.product_id"; $sql .= " ORDER BY SUM(s.qty) DESC LIMIT ".$db->escape((int)$limit); return $db->query($sql); } /*--------------------------------------------------------------*/ /* Function for find all sales /*--------------------------------------------------------------*/ function find_all_sale(){ global $db; $sql = "SELECT s.id,s.qty,s.price,s.date,p.name"; $sql .= " FROM sales s"; $sql .= " LEFT JOIN products p ON s.product_id = p.id"; $sql .= " ORDER BY s.date DESC"; return find_by_sql($sql); } /*--------------------------------------------------------------*/ /* Function for Display Recent sale /*--------------------------------------------------------------*/ function find_recent_sale_added($limit){ global $db; $sql = "SELECT s.id,s.qty,s.price,s.date,p.name"; $sql .= " FROM sales s"; $sql .= " LEFT JOIN products p ON s.product_id = p.id"; $sql .= " ORDER BY s.date DESC LIMIT ".$db->escape((int)$limit); return find_by_sql($sql); } /*--------------------------------------------------------------*/ /* Function for Generate sales report by two dates /*--------------------------------------------------------------*/ function find_sale_by_dates($start_date,$end_date){ global $db; $start_date = date("Y-m-d", strtotime($start_date)); $end_date = date("Y-m-d", strtotime($end_date)); $sql = "SELECT s.date, p.name,p.sale_price,p.buy_price,"; $sql .= "COUNT(s.product_id) AS total_records,"; $sql .= "SUM(s.qty) AS total_sales,"; $sql .= "SUM(p.sale_price * s.qty) AS total_saleing_price,"; $sql .= "SUM(p.buy_price * s.qty) AS total_buying_price "; $sql .= "FROM sales s "; $sql .= "LEFT JOIN products p ON s.product_id = p.id"; $sql .= " WHERE s.date BETWEEN '{$start_date}' AND '{$end_date}'"; $sql .= " GROUP BY DATE(s.date),p.name"; $sql .= " ORDER BY DATE(s.date) DESC"; return $db->query($sql); } /*--------------------------------------------------------------*/ /* Function for Generate Daily sales report /*--------------------------------------------------------------*/ function dailySales($year,$month){ global $db; $sql = "SELECT s.qty,"; $sql .= " DATE_FORMAT(s.date, '%Y-%m-%e') AS date,p.name,"; $sql .= "SUM(p.sale_price * s.qty) AS total_saleing_price"; $sql .= " FROM sales s"; $sql .= " LEFT JOIN products p ON s.product_id = p.id"; $sql .= " WHERE DATE_FORMAT(s.date, '%Y-%m' ) = '{$year}-{$month}'"; $sql .= " GROUP BY DATE_FORMAT( s.date, '%e' ),s.product_id"; return find_by_sql($sql); } /*--------------------------------------------------------------*/ /* Function for Generate Monthly sales report /*--------------------------------------------------------------*/ function monthlySales($year){ global $db; $sql = "SELECT s.qty,"; $sql .= " DATE_FORMAT(s.date, '%Y-%m-%e') AS date,p.name,"; $sql .= "SUM(p.sale_price * s.qty) AS total_saleing_price"; $sql .= " FROM sales s"; $sql .= " LEFT JOIN products p ON s.product_id = p.id"; $sql .= " WHERE DATE_FORMAT(s.date, '%Y' ) = '{$year}'"; $sql .= " GROUP BY DATE_FORMAT( s.date, '%c' ),s.product_id"; $sql .= " ORDER BY date_format(s.date, '%c' ) ASC"; return find_by_sql($sql); } ?>
Coded With 💗 by
HanzOFC
