Uname : Linux V-ShopU01 4.18.0-348.20.1.el8_5.x86_64 #1 SMP Thu Mar 10 20:59:28 UTC 2022 x86_64
Server : Apache/2.4.37 (rocky) OpenSSL/1.1.1k
Whoami : apache
Safe Mode : OFF
DOCUMENT ROOT : /var/www/html/site_shopudietDisable Function :
Path : /var/www/html/site_shopudiet/admin/
Server IP : 65.20.74.164
Client IP : 3.15.11.226
| Current File : /var/www/html/site_shopudiet/admin/new_confirm_order.php |
<?php
include 'dbconnect.php';
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$city = $_POST['city'];
$postcode = $_POST['postcode'];
$items = implode(',', $_POST['items']);
$no_item=implode(',', $_POST['no_item']);
$no_item_array=implode(',', $_POST['no_item']);
$date=date('Y-m-d H:i:s');
$status='confirm';
$cart_id = mt_rand(100000, 999999);
$new = "SELECT * FROM customer WHERE phone='$phone'";
$new1 = mysqli_query($conn,$new);
if (mysqli_num_rows($new1)==0) {
$i = mysqli_query($conn,"INSERT INTO customer(`name`, `email`, `phone`, `address`, `pincode`,`city`,`status`) VALUES ('$name','$email','$phone','$address','$postcode','$city','1')");
$user_id = mysqli_insert_id($conn);
$user_name=$_POST['name'];
$user_email=$_POST['email'];
$user_phone=$_POST['phone'];
} else {
while($row = mysqli_fetch_array($new1)) {
$user_id = $row['id'];
$user_name=$row['name'];
$user_email=$row['email'];
$user_phone=$row['phone'];
}
}
$sam=explode(",",$items);
$num=explode(",",$no_item);
$count=count($sam);
$prdctrate=0;
$pkgrate=0;
$prdctgrand=$pkggrand=0;
$item_fin=array();
for($i=0;$i<count($sam);$i++){
$item1= $sam[$i];
if(is_numeric($item1))
{
$sql="select * from product where id ='".$item1."'";
$result_pin=mysqli_query($conn,$sql);
while($row=mysqli_fetch_array($result_pin)) {
$pr[]=$row['product_name'];
}
} else {
$pr[]=$item1;
}
$no_item = $num[$i];
$sql="select * from product where id ='".$item1."'";
$result_pin=mysqli_query($conn,$sql);
$row=mysqli_fetch_array($result_pin);
$item_fin=array();
if (mysqli_num_rows($result_pin)>0) {
$productpackage = 0;
$pid[]=$row['id'];
$prduct_id=$row['id'];
$prdctname=$row['product_name'];
$stock=$row['stock'];
if($row['mrp']) {
$price=$row['mrp'];
} else {
$price=$row['price'];
}
$quantity=$row['weight'];
$product_description=$row['description'];
$feature_image=$row['file1'];
$gst = $row['gst'];
$cgst = $row['cgst'];
$sgst = $row['sgst'];
$no=$_POST['qnty'];
$stock = $row['stock'];
$op = $stock-$no_item;
mysqli_query($conn," UPDATE product SET stock='$op' WHERE id='$item1' ");
if($op <= 0) {
$sts ='no';
mysqli_query($conn," UPDATE product SET status='$sts' WHERE id='$item1' ");
}
$total=$price*$no_item;
$date = date('Y-m-d H:i:s');
$flag='1';
$sql="insert into product_cart(prdctname,price,prduct_id,user_id,user_name,email,phone,product_description,quantity,no_of_item,feature_image,status,date,total,flag,stock,gst,cgst,sgst,cart_id,productpackage) values('$prdctname','$price','$prduct_id','$user_id','$user_name','$user_email','$user_phone','$product_description','$quantity','$no_item','$feature_image','$status','$date','$total','$flag','$stock','$gst','$cgst','$sgst','$cart_id','$productpackage')";
mysqli_query($conn,$sql);
$prdctrate=$num[$i]*$price;
$prdctgrand=$prdctgrand+$prdctrate;
} else if (mysqli_num_rows($result_pin)==0) {
$productpackage = 1;
$sql="select * from packages where product_name='".$item1."'";
$result_pin=mysqli_query($conn,$sql);
$row = $row=mysqli_fetch_array($result_pin);
$pid[] = $row['id'];
$prduct_id=$row['id'];
$prdctname=$row['product_name'];
$price=$row['price'];
$total=$price*$no_item;
$quantity=$row['weight'];
$product_description=$row['description'];
$feature_image=$row['image'];
$status='confirm';
$flag=1;
$gst_price = $row['gst_price'];
$date = date('Y-m-d H:i:s');
$sql="insert into product_cart(prdctname,price,prduct_id,user_id,user_name,email,phone,product_description,quantity,no_of_item,feature_image,status,date,gst_price,cart_id,flag,total,productpackage) values('$prdctname','$price','$prduct_id','$user_id','$user_name','$user_email','$user_phone','$product_description','$quantity','$no_item','$feature_image','$status','$date','$gst_price','$cart_id','$flag','$total','$productpackage')";
mysqli_query($conn,$sql);
$pkgrate=$num[$i]*$price;
$pkggrand=$pkggrand+$pkgrate;
}
}
$grand_total=$pkggrand+$prdctgrand+30;
$item_final = implode(',',$pr);
$item_id = implode(',',$pid);
mysqli_query($conn," INSERT INTO `confirm_order`(`username`, `email`, `phone`, `address`, `postcode`,`product`,`product_id`,`total`,`item_no`,`date`,`status`,`user_id`,`no_item`,`city`,`cartid_ref`) VALUES ('$name','$email','$phone','$address','$postcode','$item_final','$item_id','$grand_total','$count','$date','$status','$user_id','$no_item_array','$city','$cart_id') ");
$oid = mysqli_insert_id($conn);
$order_id = 'FC00'.$oid;
$fin = "select * from product_cart where cart_id='$cart_id'";
$res = mysqli_query($conn,$fin);
while($r = mysqli_fetch_array($res))
{
$pro_id = $r['prduct_id'];
$usr_id = $user_id;
$car_id = $cart_id;
$con_id = $oid;
$price = $r['price'];
$cgst = $r['cgst'];
$sgst = $r['sgst'];
$gst = $r['gst'];
$gst_price = $r['gst_price'];
$no_item = $r['no_of_item'];
$total = $r['total'];
$date = date('y-m-d');
if($r['productpackage'] == 1) {
$is_pkg = 1;
} else {
$is_pkg = 0;
}
mysqli_query($conn," INSERT INTO `purchased_products`(`product_id`, `user_id`, `cart_id`, `confirm_id`, `price`,`cgst`,`sgst`,`gst`,`gst_price`,`no_of_item`,`total`,`date`,`is_pkg`) VALUES ('$pro_id','$usr_id','$car_id','$con_id','$price','$cgst','$sgst','$gst','$gst_price','$no_item','$total','$date','$is_pkg')");
$i = $r['id'];
$fins = "UPDATE product_cart SET status='$status',order_id ='$order_id' WHERE id='$i' ";
$ress = mysqli_query($conn,$fins);
}
header('location:conform_product.php');
mysqli_close($conn);
?>