File manager - Edit - /home/autoph/public_html/connectv1/app/finance_pdc/pdc_crud.php
Back
<?php include_once("../../cfg/db.php"); include_once("../../api/controllers/utility.php"); $utility = new Utility(); $type = $db->escape($_POST['type']); if($type == 1){ // // add details (resources/views/common/scripts/finance_pdc/pdc_information.js) -> [button-add-pdc-details (on click)] $json_arr = array(); $new_plate_cs_number_1 = ""; $new_plate_cs_number_2 = ""; $current_user = $_SESSION['user']['id']; $new_client_fullname = $db->escape($_POST['new_client_fullname']); $new_client_mobile = $db->escape($_POST['new_client_mobile']); $new_client_other_contact = $db->escape($_POST['new_client_other_contact']); $new_client_email = $db->escape($_POST['new_client_email']); $new_plate_cs_number = $db->escape($_POST['new_plate_cs_number']); if(strpos($new_plate_cs_number, '/') > 0){ $multi_data = array(); $multi_data = explode("/", $new_plate_cs_number); $new_plate_cs_number_1 = alphaNumericOnly($multi_data[0]); $new_plate_cs_number_2 = alphaNumericOnly($multi_data[1]); } else { $new_plate_cs_number_1 = alphaNumericOnly($new_plate_cs_number); } $new_company = ""; $new_dealer = $db->escape($_POST['new_dealer']); $new_brand = $db->escape($_POST['new_brand']); $new_model = $db->escape($_POST['new_model']); $new_variant = $db->escape($_POST['new_variant']); $new_check_number = $db->escape($_POST['new_check_number']); $new_check_amount = $db->escape($_POST['new_check_amount']); $new_check_date = $utility->fix_date($db->escape($_POST['new_check_date']), false, $utility); $new_policy_number = alphaNumericOnly($db->escape($_POST['new_policy_number'])); $new_insurance_company = $db->escape($_POST['new_insurance_company']); $new_bank = $db->escape($_POST['new_bank']); $new_branch = $db->escape($_POST['new_branch']); // echo $new_policy_number; return; // CHECK AND VALIDATE DEALER, GET IT'S COMPANY $check_dealer = $db->select("SELECT COUNT(1) FROM source_company_dealer WHERE dealer_id = '$new_dealer' AND status = 1 AND type = 1"); if($check_dealer != 1){ $json_arr['status'] = 2; // error in dealer validation echo json_encode($json_arr); exit; } else { $new_company = $db->select("SELECT company_id FROM source_company_dealer WHERE dealer_id = '$new_dealer'"); } // CHECK IF MOBILE IS VALID $multi_mobile = array(); if(strpos($new_client_mobile, '/') > 0){ $multi_mobile = explode("/", $new_client_mobile); $mobile1 = isMobileValid(trim($multi_mobile[0])); $mobile2 = isMobileValid(trim($multi_mobile[1])); if($mobile1 == 0 && $mobile2 == 0){ $json_arr['status'] = 4; // invalid mobile echo json_encode($json_arr); return; } else { $new_client_mobile = $multi_mobile[0] . " / " . $multi_mobile[1]; } } else { $mobile1 = isMobileValid($new_client_mobile); if($mobile1 == 0){ $json_arr['status'] = 4; // invalid mobile echo json_encode($json_arr); return; } } //CHECK EMAIL IF VALID $check_email = $utility->isValidEmail($new_client_email); if(!$check_email){ $json_arr['status'] = 5; // invalid email echo json_encode($json_arr); exit; } // CHECK FOR DUPLICATE RECORD $check_duplicate = $db->select("SELECT COUNT(1) FROM finance_pdc WHERE 1 AND `plate_cs_number1` = '$new_plate_cs_number_1' AND `plate_cs_number2` = '$new_plate_cs_number_2' AND `check_date` = '$new_check_date' AND `pdc_check_number` = '$new_check_number' AND `status` = 1"); if($check_duplicate > 0){ $get_duplicate_id = " id "; $get_duplicate_plate_cs_number1 = " plate_cs_number1 "; $query = "SELECT %s FROM finance_pdc WHERE 1 AND `plate_cs_number1` = '$new_plate_cs_number_1' AND `plate_cs_number2` = '$new_plate_cs_number_2' AND `check_date` = '$new_check_date' AND `pdc_check_number` = '$new_check_number' AND `status` = 1"; $duplicate_id = $db->select(sprintf($query, $get_duplicate_id)); $duplicate_plate_cs_number = $db->select(sprintf($query, $get_duplicate_plate_cs_number1)); $json_arr['status'] = 3; // duplicate $json_arr['duplicate_id'] = $duplicate_id; $json_arr['duplicate_plate_cs_number'] = $duplicate_plate_cs_number; echo json_encode($json_arr); exit; } $current_user = $_SESSION['user']['id']; $current_date = $db->select("SELECT NOW()"); $new_client_other_contact != "" ? $new_client_mobile = $new_client_mobile . " / " . $new_client_other_contact : $new_client_mobile = $new_client_mobile; $insert_query = "INSERT INTO `finance_pdc` ( `plate_cs_number1`, `plate_cs_number2`, `brand_id`, `model_id`, `variant_id`, `client_name`, `client_mobile`, `client_email`, `company_id`, `dealer_id`, `insurance_company_id`, `policy_number`, `bank_id`, `branch`, `check_date`, `pdc_check_number`, `check_amount`, `added_by`, `date_added`, `modified_by`, `date_modified`, `status` ) VALUES ( '$new_plate_cs_number_1', '$new_plate_cs_number_2', '$new_brand', '$new_model', '$new_variant', '$new_client_fullname', '$new_client_mobile', '$new_client_email', '$new_company', '$new_dealer', '$new_insurance_company', '$new_policy_number', '$new_bank', '$new_branch', '$new_check_date', '$new_check_number', '$new_check_amount', '$current_user', '$current_date', 0, '', 1 )"; // echo $insert_query; exit; $insert_query_execute = $db->sql_query_num_inserted($insert_query); if($insert_query_execute > 0){ $json_arr['status'] = 0; // success } else { $json_arr['status'] = 1; // not added, failed } echo json_encode($json_arr); } else if($type == 2){ // read details (resources/views/common/scripts/finance_pdc/pdc_information.js) -> [editInformation()] $json_arr = array(); $record_id = $db->escape($_POST['edit_id']); $query = "SELECT fp.id, fp.plate_cs_number1, fp.plate_cs_number2, fp.brand_id, fp.model_id, fp.variant_id, fp.client_name, fp.client_mobile, fp.client_email, fp.company_id, fp.dealer_id, fp.insurance_company_id, fp.policy_number, fp.check_date, fp.pdc_check_number, fp.bank_id, fp.branch, fp.check_amount, fscm.name AS model_name, fscmv.name AS variant_name FROM finance_pdc fp INNER JOIN finance_source_car_model fscm ON fscm.id = fp.model_id INNER JOIN finance_source_car_model_variant fscmv ON fscmv.id = fp.variant_id WHERE fp.id = '$record_id' AND fp.status = 1"; // echo $query; return; $pdc_query_list = $db->sql_query($query); foreach($pdc_query_list AS $row){ $json_arr['record_id'] = $row['id']; $json_arr['plate_cs_number'] = $row['plate_cs_number2'] == "" ? $row['plate_cs_number1'] : $row['plate_cs_number1'] . "/" . $row['plate_cs_number2']; $json_arr['brand_id'] = $row['brand_id']; $json_arr['model_id'] = $row['model_id']; $json_arr['model_name'] = $row['model_name']; $json_arr['variant_id'] = $row['variant_id']; $json_arr['variant_name'] = $row['variant_name']; $json_arr['client_name'] = $row['client_name']; $json_arr['client_mobile'] = $row['client_mobile']; $json_arr['client_email'] = $row['client_email']; $json_arr['company_id'] = $row['company_id']; $json_arr['dealer_id'] = $row['dealer_id']; $json_arr['insurance_company_id'] = $row['insurance_company_id']; $json_arr['policy_number'] = $row['policy_number']; $json_arr['check_date'] = formatDate($row['check_date']); $json_arr['bank_id'] = $row['bank_id']; $json_arr['branch'] = $row['branch']; $json_arr['check_amount'] = $row['check_amount']; $json_arr['check_number'] = $row['pdc_check_number']; } if(strpos($json_arr['client_mobile'], '/') > 0){ $multi_mobile = array(); $multi_mobile = explode("/", $json_arr['client_mobile']); $json_arr['client_mobile'] = formatMobile($multi_mobile[0]); $json_arr['client_other_contact'] = $multi_mobile[1]; } else { $json_arr['client_mobile'] = formatMobile($row['client_mobile']); $json_arr['client_other_contact'] = ""; } echo json_encode($json_arr); } else if($type == 3){ // update details (resources/views/common/scripts/finance_pdc/pdc_information.js) -> [ajax button-edit-pdc-details] $arr_updating_data = array(); $edit_id = $db->escape($_POST['edit_id']); $update_client_name = $arr_updating_data[0] = $db->escape($_POST['update_client_fullname']); $update_client_mobile = $arr_updating_data[1] = $db->escape($_POST['update_client_mobile']); $update_client_other_contact = $db->escape($_POST['update_client_other_contact']); $update_client_email = $arr_updating_data[2] = $db->escape($_POST['update_client_email']); $update_plate_cs_number = $db->escape($_POST['update_plate_cs_number']); $update_dealer = $db->escape($_POST['update_dealer']); $update_brand = $db->escape($_POST['update_brand']); $update_model = $db->escape($_POST['update_model']); $update_variant = $db->escape($_POST['update_variant']); $update_check_number = $arr_updating_data[9] = alphaNumericOnly($db->escape($_POST['update_check_number'])); $update_check_amount = $arr_updating_data[10] = $db->escape($_POST['update_check_amount']); $update_check_date = $arr_updating_data[11] = $utility->fix_date($db->escape($_POST['update_check_date']), false, $utility); $update_policy_number = $arr_updating_data[12] = alphaNumericOnly($db->escape($_POST['update_policy_number'])); $update_insurance_company = $db->escape($_POST['update_insurance_company']); $update_bank = $db->escape($_POST['update_bank']); $update_branch = $arr_updating_data[15] = $db->escape($_POST['update_branch']); $current_user = $_SESSION['user']['id']; $current_date = $db->select("SELECT NOW()"); $arr_updating_data[5] = $db->select("SELECT name FROM source_dealer WHERE id = " . $update_dealer); $arr_updating_data[6] = $db->select("SELECT name FROM finance_source_brand WHERE id = " . $update_brand); $arr_updating_data[7] = $db->select("SELECT name FROM finance_source_car_model WHERE id = " . $update_model); $arr_updating_data[8] = $db->select("SELECT name FROM finance_source_car_model_variant WHERE id = " . $update_variant); $arr_updating_data[13] = $db->select("SELECT name FROM finance_ins_provider WHERE id = " . $update_insurance_company); $arr_updating_data[14] = $db->select("SELECT name FROM bank_db WHERE id = " . $update_bank); //plate cs $update_plate_cs_number1 = ""; $update_plate_cs_number2 = ""; if(strpos($update_plate_cs_number, '/') > 0){ $multi_data = array(); $multi_data = explode("/", $update_plate_cs_number); $update_plate_cs_number1 = $arr_updating_data[3] = alphaNumericOnly($multi_data[0]); $update_plate_cs_number2 = $arr_updating_data[4] = alphaNumericOnly($multi_data[1]); } else { $update_plate_cs_number1 = $arr_updating_data[3] = alphaNumericOnly($update_plate_cs_number); $update_plate_cs_number2 = $arr_updating_data[4] = ""; } // get company $update_company = ""; $get_company_count = $db->select("SELECT COUNT(1) FROM source_company_dealer WHERE `dealer_id` = '$update_dealer' AND type = 1 AND status = 1"); if($get_company_count == 1){ $update_company = $db->select("SELECT company_id FROM source_company_dealer WHERE `dealer_id` = '$update_dealer' AND type = 1 AND status = 1"); } else { $json_arr['status'] = 2; // dealer error, no designated company echo json_encode($json_arr); return; } // CHECK IF DUPLICATE // get original data $original_plate_cs_number1 = ""; $original_plate_cs_number2 = ""; $original_check_date = ""; $original_check_number = ""; $check_data_arr = array(); $original_query = "SELECT * FROM finance_pdc WHERE `id` = '$edit_id' AND `status` = 1"; $original_data_list = $db->sql_query($original_query); foreach($original_data_list AS $data){ // mga field na basehan kung nabago ba ang isang buong record $original_plate_cs_number1 = $data['plate_cs_number1']; $original_plate_cs_number2 = $data['plate_cs_number2']; $original_check_date = $data['check_date']; $original_check_number = $data['pdc_check_number']; $data['flag'] == 0 ? $flag = 1 : $flag = 0; // fields to check if data are change in a record $check_data_arr[0] = $data['client_name']; $check_data_arr[1] = $data['client_mobile']; $check_data_arr[2] = $data['client_email']; $check_data_arr[3] = $data['plate_cs_number1']; $check_data_arr[4] = $data['plate_cs_number2']; $check_data_arr[5] = $db->select("SELECT name FROM source_dealer WHERE id = " . $data['dealer_id']); $check_data_arr[6] = $db->select("SELECT name FROM finance_source_brand WHERE id = " . $data['brand_id']); $check_data_arr[7] = $db->select("SELECT name FROM finance_source_car_model WHERE id = " . $data['model_id']); $check_data_arr[8] = $db->select("SELECT name FROM finance_source_car_model_variant WHERE id = " . $data['variant_id']); $check_data_arr[9] = $data['pdc_check_number']; $check_data_arr[10] = $data['check_amount']; $check_data_arr[11] = $data['check_date']; $check_data_arr[12] = $data['policy_number']; $check_data_arr[13] = $db->select("SELECT name FROM finance_ins_provider WHERE id = " . $data['insurance_company_id']); $check_data_arr[14] = $db->select("SELECT name FROM bank_db WHERE id = " . $data['bank_id']); $check_data_arr[15] = $data['branch']; } if( $original_plate_cs_number1 == $update_plate_cs_number1 && $original_plate_cs_number2 == $update_plate_cs_number2 && $original_check_date == $update_check_date && $original_check_number == $update_check_number ){ $update_client_other_contact != "" ? $update_client_mobile = $update_client_mobile . " / " . $update_client_other_contact : $update_client_mobile = $update_client_mobile; $arr_updating_data[1] = $update_client_mobile; $update_query = "UPDATE `finance_pdc` SET `client_name` = '$update_client_name', `client_mobile` = '$update_client_mobile', `client_email` = '$update_client_email', `plate_cs_number1` = '$update_plate_cs_number1', `plate_cs_number2` = '$update_plate_cs_number2', `company_id` = '$update_company', `dealer_id` = '$update_dealer', `brand_id` = '$update_brand', `model_id` = '$update_model', `variant_id` = '$update_variant', `pdc_check_number` = '$update_check_number', `check_amount` = '$update_check_amount', `check_date` = '$update_check_date', `policy_number` = '$update_policy_number', `insurance_company_id` = '$update_insurance_company', `bank_id` = '$update_bank', `branch` = '$update_branch', `flag` = '$flag' WHERE `id` = '$edit_id' "; // echo $update_query; return; $update_query_execute = $db->sql_query_num_inserted($update_query); if($update_query_execute > 0){ // print_r($arr_updating_data); exit; $descript = checkForUpdatedData($arr_updating_data, $check_data_arr, $original_check_number, $original_check_date, $db); if($descript != ""){ activityLog($descript, $original_plate_cs_number1, $edit_id, $db); } $json_arr['record_id'] = $edit_id; $json_arr['plate_cs_number1'] = $update_plate_cs_number1; $json_arr['status'] = 0; // success } else { $json_arr['status'] = 1; // update failed } echo json_encode($json_arr); return; } else { // update conflict $check_for_duplicate = "SELECT COUNT(1) FROM finance_pdc WHERE `plate_cs_number1` = '$update_plate_cs_number1' AND `plate_cs_number2` = '$update_plate_cs_number2' AND `check_date` = '$update_check_date' AND `pdc_check_number` = '$update_check_number' AND `status` = 1 "; // echo $check_for_duplicate; return 0; $duplicate_count = $db->select($check_for_duplicate); if($duplicate_count > 0){ $json_arr['status'] = 3; // duplicate found echo json_encode($json_arr); return; } else { $update_client_other_contact != "" ? $update_client_mobile = $update_client_mobile . " / " . $update_client_other_contact : $update_client_mobile = $update_client_mobile; $update_query = "UPDATE `finance_pdc` SET `client_name` = '$update_client_name', `client_mobile` = '$update_client_mobile', `client_email` = '$update_client_email', `plate_cs_number1` = '$update_plate_cs_number1', `plate_cs_number2` = '$update_plate_cs_number2', `company_id` = '$update_company', `dealer_id` = '$update_dealer', `brand_id` = '$update_brand', `model_id` = '$update_model', `variant_id` = '$update_variant', `pdc_check_number` = '$update_check_number', `check_amount` = '$update_check_amount', `check_date` = '$update_check_date', `policy_number` = '$update_policy_number', `insurance_company_id` = '$update_insurance_company', `bank_id` = '$update_bank', `branch` = '$update_branch', `flag` = '$flag' WHERE `id` = '$edit_id' "; $update_query_execute = $db->sql_query_num_inserted($update_query); if($update_query_execute > 0){ $descript = checkForUpdatedData($arr_updating_data, $check_data_arr, $original_check_number, $original_check_date, $db); if($descript != ""){ activityLog($descript, $original_plate_cs_number1, $edit_id, $db); } $json_arr['record_id'] = $edit_id; $json_arr['plate_cs_number1'] = $update_plate_cs_number1; $json_arr['status'] = 0; // success } else { $json_arr['status'] = 1; // update failed } echo json_encode($json_arr); return; } } echo json_encode($json_arr); } else if($type == 4){ // delete pdc record (resources/views/common/script/finance_pdc/pdc_information.js => swalDeletePDCRecord function) $record_id = $db->escape($_POST['record_id']); $get_plate_cs_number = $db->select("SELECT plate_cs_number1 FROM finance_pdc WHERE id = '$record_id'"); $get_check_number = $db->select("SELECT pdc_check_number FROM finance_pdc WHERE id = '$record_id'"); $get_check_date = $db->select("SELECT check_date FROM finance_pdc WHERE id = '$record_id'"); $current_user = $_SESSION['user']['id']; $json_arr = array(); $delete_query = "UPDATE `finance_pdc` SET `status` = 0 WHERE `id` = '$record_id'"; $delete_query_execute = $db->sql_query_num_inserted($delete_query); // echo $delete_query_execute; return; if($delete_query_execute > 0){ $json_arr['status'] = 0; // success $record_count = $db->select("SELECT COUNT(1) FROM finance_pdc WHERE plate_cs_number1 = '$get_plate_cs_number' AND status = 1"); if($record_count > 0){ $json_arr['record_plate_cs'] = $get_plate_cs_number; } $json_arr['record_count'] = $record_count; $description = "Delete record: [" . $get_check_number . "," . $get_check_date . "]:"; $log_activity = "INSERT INTO `all_activity_log_fni_n_pdc`(`plate_cs_number1`, `description`, `type`, `done_by`) VALUES ('$get_plate_cs_number', '$description', 1, '$current_user')"; $log_execute = $db->sql_query($log_activity); } else { $json_arr['status'] = 1; // deletion failed } echo json_encode($json_arr); } // FUNCTIONS function alphaNumericOnly($s){ $str = preg_replace("/[^a-zA-Z0-9]+/", "", $s); return $str; } function formatDate($data){ // 2022-12-31 $date = array(); $date = explode("-", $data); return $date[1] . "/" . $date[2] . "/" . $date[0]; } function formatMobile($data){ // +639464023941 return substr($data, 3, 12); } function isMobileValid($data){ if(substr($data, 0, 4 ) === "+639"){ if(strlen($data) == 13){ return 1; // valid } else { return 0; // invalid } } else { return 0; // invalid } } function checkForUpdatedData($arr_data, $check_data_arr, $check_number, $check_date, $db){ $description = ""; $desc_arr = array('Client Name', 'Client Mobile', 'Client Email', 'Plate CS 1', 'Plate CS 2', 'Dealer', 'Brand', 'Model', 'Variant', 'Check Number', 'Check Amount', 'Check Date', 'Policy Number', 'Ins. Com', 'Bank', 'Branch'); for($i=0; $i<count($arr_data); $i++){ $arr = $arr_data[$i]; $check_data = $check_data_arr[$i]; if($arr != $check_data){ $description = $description . "[" . $desc_arr[$i] . ": \"" . $check_data_arr[$i] . "\" to \"" . $arr_data[$i] . "\"]: "; } } if($description != ""){ $description = "Update record: " . $check_number . "," . $check_date . ": " . $description; } return $description; } function activityLog($descript, $plate_cs_number, $edit_id, $db){ $current_user = $_SESSION['user']['id']; $current_date = $db->select("SELECT NOW()"); $log_query = "INSERT INTO all_activity_log_fni_n_pdc(`plate_cs_number1`, `description`, `type`, `done_by`) VALUES('$plate_cs_number', '$descript', 2, '$current_user')"; $db->sql_query($log_query); $modifier_query = "UPDATE `finance_pdc` SET `modified_by` = '$current_user', `date_modified` = '$current_date' WHERE id = '$edit_id'"; $db->sql_query($modifier_query); } ?>
| ver. 1.4 |
.
| PHP 7.3.33 | Generation time: 0 |
proxy
|
phpinfo
|
Settings