File "Master.php"
Full Path: /home/leadltht/fastlinkinternet.com/administrator/data-provider/classes/Master.php
File size: 27.3 KB
MIME-type: text/x-php
Charset: utf-8
<?php
ini_set('display_errors', 1);
ini_set('log_errors', 1);
ini_set('error_log', dirname(__FILE__) . '/error_log.txt');
error_reporting(E_ALL);
require_once('/home/leadltht/fastlinkinternet.com/administrator/data-provider/config.php');
class Master extends DBConnection {
private $settings;
public function __construct(){
global $_settings;
$this->settings = $_settings;
parent::__construct();
}
public function __destruct(){
parent::__destruct();
}
function capture_err(){
if(!$this->conn->error)
return false;
else{
$resp['status'] = 'failed';
$resp['error'] = $this->conn->error;
return json_encode($resp);
exit;
}
}
function save_category(){
extract($_POST);
$data = "";
foreach($_POST as $k =>$v){
if(!in_array($k,array('id'))){
if(!empty($data)) $data .=",";
$data .= " `{$k}`='{$this->conn->real_escape_string($v)}' ";
}
}
$check = $this->conn->query("SELECT * FROM `category_list` where `name` = '{$name}' and delete_flag = 0 ".(!empty($id) ? " and id != {$id} " : "")." ")->num_rows;
if($this->capture_err()) return $this->capture_err();
if($check > 0){
$resp['status'] = 'failed';
$resp['msg'] = "Category already exists.";
} else {
if(empty($id)){
$sql = "INSERT INTO `category_list` set {$data} ";
} else {
$sql = "UPDATE `category_list` set {$data} where id = '{$id}' ";
}
$save = $this->conn->query($sql);
if($save){
$resp['status'] = 'success';
$resp['msg'] = empty($id) ? " New Category successfully saved." : " Category successfully updated.";
} else {
$resp['status'] = 'failed';
$resp['err'] = $this->conn->error."[{$sql}]";
}
}
if($resp['status'] == 'success')
$this->settings->set_flashdata('success',$resp['msg']);
return json_encode($resp);
}
function delete_category(){
extract($_POST);
$del = $this->conn->query("UPDATE `category_list` set delete_flag = 1 where id = '{$id}'");
if($del){
$resp['status'] = 'success';
$this->settings->set_flashdata('success'," Category successfully deleted.");
} else {
$resp['status'] = 'failed';
$resp['error'] = $this->conn->error;
}
return json_encode($resp);
}
public function save_member() {
global $conn;
extract($_POST);
// Check if installation_date is provided
if (empty($installation_date)) {
return json_encode([
'status' => 'failed',
'msg' => 'Installation date is required.'
]);
}
// Sanitize input data
$firstname = $conn->real_escape_string($firstname);
$middlename = isset($middlename) ? $conn->real_escape_string($middlename) : '';
$lastname = $conn->real_escape_string($lastname);
$contact = $conn->real_escape_string($contact);
$installation_fee = (int) $installation_fee;
$plan_name = $conn->real_escape_string($name_plan); // Map form name_plan to member_list plan_name
$plan_price = (int) $name_plan_price; // Map form name_plan_price to member_list plan_price
$server = $conn->real_escape_string($server_name); // Map form server_name to member_list server
$status = $conn->real_escape_string($status_name); // Map form status_name to member_list status
$cut_off_day = (int) $cut_off_day;
$pro_rated = isset($pro_rated) ? $conn->real_escape_string($pro_rated) : '';
$for_pd = $conn->real_escape_string($for_pd_name); // Map form for_pd_name to member_list for_pd
$installation_date = $conn->real_escape_string($installation_date); // Ensure installation_date is set
$inactive_date = isset($inactive_date) && !empty($inactive_date) ? "'{$conn->real_escape_string($inactive_date)}'" : "NULL"; // Ensure inactive_date is set
// Prepare the data for insertion/updation
$data = "";
$mapped_fields = [
'name_plan' => 'plan_name',
'name_plan_price' => 'plan_price',
'server_name' => 'server',
'status_name' => 'status',
'for_pd_name' => 'for_pd'
];
foreach ($_POST as $k => $v) {
if (array_key_exists($k, $mapped_fields)) {
$k = $mapped_fields[$k]; // Rename key to match member_list column
}
if (!in_array($k, array('id', 'inactive_date', 'installation_date'))) { // Exclude dates for now
if (!empty($data)) $data .= ",";
$data .= " `{$k}`='{$conn->real_escape_string($v)}' ";
}
}
// Include installation_date
if (!empty($data)) $data .= ",";
$data .= " `installation_date`='{$installation_date}' ";
// Include inactive_date, set to NULL if not provided
if (!empty($data)) $data .= ",";
$data .= " `inactive_date`={$inactive_date} ";
if (empty($id)) {
$sql = "INSERT INTO `member_list` SET {$data} ";
} else {
$sql = "UPDATE `member_list` SET {$data} WHERE id = '{$id}' ";
}
$save = $conn->query($sql);
if ($save) {
$eid = empty($id) ? $conn->insert_id : $id;
$resp['eid'] = $eid;
$resp['status'] = 'success';
$resp['msg'] = empty($id) ? " New Member successfully saved." : " Member successfully updated.";
} else {
$resp['status'] = 'failed';
$resp['msg'] = empty($id) ? " Member has failed to save." : " Member has failed to update.";
$resp['err'] = $conn->error . "[{$sql}]";
}
if ($resp['status'] == 'success') {
$this->settings->set_flashdata('success', $resp['msg']);
}
return json_encode($resp);
}
function delete_member(){
extract($_POST);
$response = array();
// Delete related collection records
$delete_collections = $this->conn->query("DELETE FROM collection_list WHERE member_id = {$id}");
if(!$delete_collections){
$response['status'] = 'failed';
$response['error'] = 'Error deleting collection records: ' . $this->conn->error;
return json_encode($response);
}
// Delete member record
$delete_member = $this->conn->query("DELETE FROM member_list WHERE id = {$id}");
if($delete_member){
$response['status'] = 'success';
} else {
$response['status'] = 'failed';
$response['error'] = 'Error deleting member: ' . $this->conn->error;
}
return json_encode($response);
}
public function save_collection() {
try {
if (empty($_POST['id'])) {
$prefix = date("Ym-");
$code = sprintf("%'.05d", 1);
while (true) {
$check = $this->conn->query("SELECT * FROM `collection_list` WHERE code = '{$prefix}{$code}' ")->num_rows;
if ($check > 0) {
$code = sprintf("%'.05d", ceil($code) + 1);
} else {
break;
}
}
$_POST['code'] = $prefix . $code;
}
extract($_POST);
$data = "";
$c_fields = ['code', 'member_id', 'total_amount', 'date_collected', 'collected_by', 'collection_method', 'receipt', 'note', 'discount_amount', 'discount_reason']; // Added 'discount_amount' and 'discount_reason'
foreach ($_POST as $k => $v) {
if (in_array($k, $c_fields)) {
if (!empty($data)) $data .= ",";
$data .= " `{$k}`='{$this->conn->real_escape_string($v)}' ";
}
}
// Get name_of_payment
$name_of_payment = "";
if (isset($category_id) && is_array($category_id)) {
$category_ids = implode(",", array_map('intval', $category_id));
$result = $this->conn->query("SELECT GROUP_CONCAT(`name` SEPARATOR ', ') as name_of_payment FROM `category_list` WHERE id IN ({$category_ids})");
if ($result->num_rows > 0) {
$name_of_payment = $result->fetch_assoc()['name_of_payment'];
}
}
// Include name_of_payment in the data
if (!empty($data)) $data .= ",";
$data .= " `name_of_payment`='{$this->conn->real_escape_string($name_of_payment)}' ";
if (empty($id)) {
$sql = "INSERT INTO `collection_list` SET {$data} ";
} else {
$sql = "UPDATE `collection_list` SET {$data} WHERE id = '{$id}' ";
}
$save = $this->conn->query($sql);
if ($save) {
$cid = empty($id) ? $this->conn->insert_id : $id;
$resp['cid'] = $cid;
$data = "";
if (isset($category_id) && is_array($category_id)) {
foreach ($category_id as $k => $v) {
if (!empty($data)) $data .= ",";
$data .= "('{$cid}','{$v}','{$fee[$k]}')";
}
}
if (!empty($data)) {
$this->conn->query("DELETE FROM `collection_items` WHERE collection_id = '{$cid}'");
$sql2 = "INSERT INTO `collection_items` (`collection_id`,`category_id`,`fee`) VALUES {$data}";
$save2 = $this->conn->query($sql2);
if ($save2) {
$resp['status'] = 'success';
$resp['msg'] = empty($id) ? "New Collection successfully saved." : "Collection successfully updated.";
} else {
$resp['status'] = 'failed';
$resp['msg'] = empty($id) ? "Collection has failed to save." : "Collection has failed to update.";
$resp['error'] = $this->conn->error;
}
} else {
$resp['status'] = 'success';
$resp['msg'] = empty($id) ? "New Collection successfully saved." : "Collection successfully updated.";
}
} else {
$resp['status'] = 'failed';
$resp['msg'] = empty($id) ? "Collection has failed to save." : "Collection has failed to update.";
$resp['err'] = $this->conn->error . "[{$sql}]";
}
if ($resp['status'] == 'success')
$this->settings->set_flashdata('success', $resp['msg']);
return json_encode($resp);
} catch (Exception $e) {
return json_encode(['status' => 'failed', 'msg' => 'An exception occurred', 'error' => $e->getMessage()]);
}
}
public function delete_collection() {
extract($_POST);
if (!isset($id)) {
echo json_encode(['status' => 'error', 'message' => 'ID not provided']);
return;
}
// Prepare the SQL query to delete the collection
$stmt = $this->conn->prepare("DELETE FROM collection_list WHERE id = ?");
if ($stmt === false) {
error_log('Error preparing statement: ' . $this->conn->error);
echo json_encode(['status' => 'error', 'message' => 'Error preparing statement']);
return;
}
$stmt->bind_param('i', $id);
// Execute the query
if ($stmt->execute()) {
echo json_encode(['status' => 'success']);
} else {
error_log('Error executing statement: ' . $stmt->error);
echo json_encode(['status' => 'error', 'message' => 'Failed to delete collection']);
}
}
function date_range_collection() {
extract($_POST);
// Fetch records from the database
$result = $this->conn->query("SELECT * FROM `collection_list` WHERE member_id = '{$id}' AND date_collected BETWEEN '{$datefrom}' AND '{$dateto}' ");
if ($result && $result->num_rows > 0) {
// Fetch all rows into an array
$records = $result->fetch_all(MYSQLI_ASSOC);
// Close the result set
$result->close();
// Prepare response
$resp['status'] = 'success';
$resp['data'] = $records;
} else {
$resp['status'] = 'failed';
$resp['error'] = $this->conn->error;
}
return json_encode($resp);
}
function save_internet_name_plan(){
extract($_POST);
$data = "name_plan='{$this->conn->real_escape_string($name_plan)}', name_plan_price='{$this->conn->real_escape_string($name_plan_price)}'";
if(empty($id)){
$sql = "INSERT INTO `internet_name_plan` SET {$data}";
} else {
$sql = "UPDATE `internet_name_plan` SET {$data} WHERE id='{$id}'";
}
$save = $this->conn->query($sql);
if($save){
$resp['status'] = 'success';
$resp['msg'] = empty($id) ? " New Internet Plan successfully saved." : " Internet Plan successfully updated.";
} else {
$resp['status'] = 'failed';
$resp['err'] = $this->conn->error."[{$sql}]";
}
if($resp['status'] == 'success')
$this->settings->set_flashdata('success',$resp['msg']);
return json_encode($resp);
}
function delete_internet_name_plan(){
extract($_POST);
$del = $this->conn->query("DELETE FROM `internet_name_plan` WHERE id = '{$id}'");
if($del){
$resp['status'] = 'success';
$this->settings->set_flashdata('success'," Internet Plan successfully deleted.");
}else{
$resp['status'] = 'failed';
$resp['error'] = $this->conn->error;
}
return json_encode($resp);
}
function save_server(){
extract($_POST);
$data = "server_name='{$this->conn->real_escape_string($server_name)}'";
if(empty($id)){
$sql = "INSERT INTO `server` SET {$data}";
} else {
$sql = "UPDATE `server` SET {$data} WHERE id='{$id}'";
}
$save = $this->conn->query($sql);
if($save){
$resp['status'] = 'success';
$resp['msg'] = empty($id) ? " New Server successfully saved." : " Server successfully updated.";
} else {
$resp['status'] = 'failed';
$resp['err'] = $this->conn->error."[{$sql}]";
}
if($resp['status'] == 'success')
$this->settings->set_flashdata('success',$resp['msg']);
return json_encode($resp);
}
function delete_server(){
extract($_POST);
$del = $this->conn->query("DELETE FROM `server` WHERE id = '{$id}'");
if($del){
$resp['status'] = 'success';
$this->settings->set_flashdata('success'," Server successfully deleted.");
}else{
$resp['status'] = 'failed';
$resp['error'] = $this->conn->error;
}
return json_encode($resp);
}
function save_status(){
extract($_POST);
$data = "status_name='{$this->conn->real_escape_string($status_name)}'";
if(empty($id)){
$sql = "INSERT INTO `status` SET {$data}";
} else {
$sql = "UPDATE `status` SET {$data} WHERE id='{$id}'";
}
$save = $this->conn->query($sql);
if($save){
$resp['status'] = 'success';
$resp['msg'] = empty($id) ? " New Status successfully saved." : " Status successfully updated.";
} else {
$resp['status'] = 'failed';
$resp['err'] = $this->conn->error."[{$sql}]";
}
if($resp['status'] == 'success')
$this->settings->set_flashdata('success',$resp['msg']);
return json_encode($resp);
}
function delete_status(){
extract($_POST);
$del = $this->conn->query("DELETE FROM `status` WHERE id = '{$id}'");
if($del){
$resp['status'] = 'success';
$this->settings->set_flashdata('success'," Status successfully deleted.");
}else{
$resp['status'] = 'failed';
$resp['error'] = $this->conn->error;
}
return json_encode($resp);
}
public function save_expense(){
extract($_POST);
// Initialize name and description fields
$expense_name = '';
$expense_description = '';
// Fetch the name and description from the expenses_category_list table based on the selected categories
if(!empty($category_id)){
$category_ids = implode(',', array_keys($category_id));
$category_qry = $this->conn->query("SELECT GROUP_CONCAT(name) as names, GROUP_CONCAT(description) as descriptions FROM `expenses_category_list` WHERE id IN ({$category_ids})");
if($category_qry && $category_qry->num_rows > 0){
$cat_row = $category_qry->fetch_assoc();
$expense_name = $cat_row['names'];
$expense_description = $cat_row['descriptions'];
}
}
// Prepare the data to be saved in the expense_list table
$data = " expense_date = '{$expense_date}' ";
$data .= ", total_amount = '{$total_amount}' ";
$data .= ", collected_by = '{$collected_by}' ";
$data .= ", name = '{$expense_name}' ";
$data .= ", item_name = '{$item_name}' ";
$data .= ", description = '{$expense_description}' ";
if(empty($id)){
$sql = "INSERT INTO expense_list set {$data}";
}else{
$sql = "UPDATE expense_list set {$data} where id = {$id}";
}
$save = $this->conn->query($sql);
if($save){
$eid = !empty($id) ? $id : $this->conn->insert_id;
if(!empty($id))
$this->conn->query("DELETE FROM `expense_items` where expense_id = '{$id}'");
foreach($category_id as $k => $v){
$data = " expense_id = '{$eid}' ";
$data .= ", category_id = '{$category_id[$k]}' ";
$data .= ", fee = '{$fee[$k]}' ";
$this->conn->query("INSERT INTO `expense_items` set {$data}");
}
return json_encode(array("status"=>"success"));
}else{
return json_encode(array("status"=>"failed","message"=>"An error occurred while saving the expense. Error: ".$this->conn->error));
}
}
public function delete_expense() {
extract($_POST);
// Log the incoming request
error_log("delete_expense called with id: " . $id);
if (empty($id)) {
return json_encode(['status' => 'failed', 'message' => 'Invalid expense ID']);
}
// Delete from expense_items table
$delete_items_sql = "DELETE FROM `expense_items` WHERE `expense_id` = ?";
$stmt = $this->conn->prepare($delete_items_sql);
if ($stmt === false) {
error_log("Failed to prepare delete_items_sql: " . $this->conn->error);
return json_encode(['status' => 'failed', 'message' => 'Failed to prepare statement for deleting expense items.']);
}
$stmt->bind_param('i', $id);
if (!$stmt->execute()) {
error_log("Failed to execute delete_items_sql: " . $stmt->error);
return json_encode(['status' => 'failed', 'message' => 'Failed to delete expense items.']);
}
$stmt->close();
// Delete from expense_list table
$delete_sql = "DELETE FROM `expense_list` WHERE `id` = ?";
$stmt = $this->conn->prepare($delete_sql);
if ($stmt === false) {
error_log("Failed to prepare delete_sql: " . $this->conn->error);
return json_encode(['status' => 'failed', 'message' => 'Failed to prepare statement for deleting expense.']);
}
$stmt->bind_param('i', $id);
if (!$stmt->execute()) {
error_log("Failed to execute delete_sql: " . $stmt->error);
return json_encode(['status' => 'failed', 'message' => 'Failed to delete expense.']);
}
$stmt->close();
return json_encode(['status' => 'success']);
}
function save_user() {
global $conn;
$response = ['status' => 0, 'error' => ''];
// Fetch form data
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];
$type = $_POST['type'];
$id = isset($_POST['id']) ? $_POST['id'] : '';
// Check if the username already exists
$sqlCheck = "SELECT COUNT(*) as count FROM users WHERE username = ? AND id != ?";
$stmtCheck = $conn->prepare($sqlCheck);
$stmtCheck->bind_param("si", $username, $id);
$stmtCheck->execute();
$resultCheck = $stmtCheck->get_result();
$rowCheck = $resultCheck->fetch_assoc();
if ($rowCheck['count'] > 0) {
$response['status'] = 0; // Username already exists
$response['error'] = 'Username already exists';
} else {
if (empty($id)) {
// Insert new user
$sqlInsert = "INSERT INTO users (firstname, lastname, username, password, type) VALUES (?, ?, ?, ?, ?)";
$stmtInsert = $conn->prepare($sqlInsert);
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmtInsert->bind_param("ssssi", $firstname, $lastname, $username, $hashedPassword, $type);
if ($stmtInsert->execute()) {
$response['status'] = 1; // User registered successfully
} else {
$response['status'] = 2;
$response['error'] = 'Insert Error: ' . $stmtInsert->error;
error_log("Insert Error: " . $stmtInsert->error);
}
} else {
// Update existing user
if (!empty($password)) {
$sqlUpdate = "UPDATE users SET firstname = ?, lastname = ?, username = ?, password = ?, type = ? WHERE id = ?";
$stmtUpdate = $conn->prepare($sqlUpdate);
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmtUpdate->bind_param("ssssii", $firstname, $lastname, $username, $hashedPassword, $type, $id);
} else {
$sqlUpdate = "UPDATE users SET firstname = ?, lastname = ?, username = ?, type = ? WHERE id = ?";
$stmtUpdate = $conn->prepare($sqlUpdate);
$stmtUpdate->bind_param("sssii", $firstname, $lastname, $username, $type, $id);
}
if ($stmtUpdate->execute()) {
$response['status'] = 1; // User updated successfully
} else {
$response['status'] = 2;
$response['error'] = 'Update Error: ' . $stmtUpdate->error;
error_log("Update Error: " . $stmtUpdate->error);
}
}
}
echo json_encode($response);
$stmtCheck->close();
if (isset($stmtInsert)) $stmtInsert->close();
if (isset($stmtUpdate)) $stmtUpdate->close();
$conn->close();
exit;
}
}
function save_client_complaint() {
extract($_POST);
$data = "";
foreach ($_POST as $k => $v) {
if (!empty($data)) $data .= ",";
$data .= " `{$k}`='{$this->conn->real_escape_string($v)}' ";
}
$sql = "INSERT INTO `client_complaint` SET {$data}";
$save = $this->conn->query($sql);
if ($save) {
$resp['status'] = 'success';
$resp['message'] = "Complaint successfully saved.";
} else {
$resp['status'] = 'failed';
$resp['message'] = $this->conn->error . "[{$sql}]";
}
return json_encode($resp);
}
function invalid_request() {
$resp['status'] = 'error';
$resp['message'] = 'Invalid request.';
return json_encode($resp);
}
function deleteUser($username) {
global $conn; // Assuming you are using a global connection object
// Check if the user is 'prazey-admin'
if ($username === 'prazey-admin') {
die('Deletion of prazey-admin is not allowed.');
}
// Proceed with deletion if it's not 'prazey-admin'
$sql = "DELETE FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->close();
}
function delete() {
global $conn;
global $_settings;
$response = ['status' => 0, 'error' => ''];
// Fetch user ID
$id = isset($_POST['id']) ? $_POST['id'] : '';
if (empty($id)) {
$response['status'] = 0;
$response['error'] = 'User ID is required';
} else {
// Check if the user is allowed to be deleted
if ($id == 1 || $id == $_settings->userdata('id')) {
$response['status'] = 2;
$response['error'] = 'This user cannot be deleted.';
} else {
// Delete user
$sqlDelete = "DELETE FROM users WHERE id = ?";
$stmtDelete = $conn->prepare($sqlDelete);
if ($stmtDelete === false) {
$response['status'] = 2;
$response['error'] = 'Prepare Error: ' . $conn->error;
echo json_encode($response);
exit;
}
$stmtDelete->bind_param("i", $id);
if ($stmtDelete->execute()) {
$response['status'] = 1; // User deleted successfully
} else {
$response['status'] = 2;
$response['error'] = 'Delete Error: ' . $stmtDelete->error;
}
$stmtDelete->close();
}
}
echo json_encode($response);
$conn->close();
exit;
}
// Ensure you handle the request correctly
$Master = new Master();
$action = !isset($_GET['f']) ? 'none' : strtolower($_GET['f']);
$sysset = new SystemSettings();
switch ($action) {
case 'save_category':
echo $Master->save_category();
break;
case 'delete_category':
echo $Master->delete_category();
break;
case 'save_member':
echo $Master->save_member();
break;
case 'delete_member':
echo $Master->delete_member();
break;
case 'save_collection':
echo $Master->save_collection();
break;
case 'delete_collection':
echo $Master->delete_collection();
break;
case 'date_range_collection':
echo $Master->date_range_collection();
break;
case 'save_internet_name_plan':
echo $Master->save_internet_name_plan();
break;
case 'delete_internet_name_plan':
echo $Master->delete_internet_name_plan();
break;
case 'save_server':
echo $Master->save_server();
break;
case 'delete_server':
echo $Master->delete_server();
break;
case 'save_status':
echo $Master->save_status();
break;
case 'delete_status':
echo $Master->delete_status();
break;
case 'save_user':
echo $Master->save_user();
break;
case 'save_expense':
echo $Master->save_expense();
break;
case 'delete_expense':
echo $Master->delete_expense();
break;
case 'save_client_complaint':
echo $Master->save_client_complaint();
break;
default:
// echo $sysset->index();
break;
}
?>