CasperSecurity

Current Path : /var/www/acasv2.uiet.co.in/v.2.0/api/request/sales/direct_sale/
Upload File :
Current File : /var/www/acasv2.uiet.co.in/v.2.0/api/request/sales/direct_sale/direct_sales_insert_api.php

<?php
session_start();
include '../../../../web/connection/connectionv2.php';
include '../../../../../connection/con.php';
include '../../../../web/connection/encryption.php';


 $userId   = $_SESSION['USER_ID'];

 $other = $_REQUEST['other'];

$db_handle = new DBController();
$ku= $db_handle-> runQuery("SELECT * FROM user WHERE user_id = '$userId' ");
foreach($ku as $vu){
   $employee_idu = $vu['employee_id'];
}

$db_handle = new DBController();
$kc= $db_handle-> runQuery("SELECT * FROM counter_sale WHERE employee_id = '$employee_idu' ");
foreach($kc as $vc){
   $employeecs_id = $vc['employee_id'];

     $counter_nos = $vc['counter_no'];
      $from_time = $vc['from_time'];
     $to_time = $vc['to_time'];
}


$customer_mobileno = $_POST['customer_id'];

$db_handle = new DBController();
$custdetails = $db_handle-> runQuery("SELECT * FROM student WHERE  registration_no = '$customer_mobileno' ");
foreach($custdetails as $vc)  {
     $customer_idd = $vc['student_registrations_id'];
}
if(!empty($customer_idd)){
    $customer_id = $customer_idd;
}else{
    $customer_id =  0;
}

  $paymenttype = $_POST['pmode'];

if($paymenttype == 'Cash Payment'){
    $sale_type = 'Cash';
    $payment_status = 'paid';

}elseif($paymenttype == 'Online Payment'){

    $sale_type = 'Online';
    $payment_status = 'paid';
}else{

}
  $sales_invoice_date = date("Y-m-d");

 $payable_amt = $_POST['payable_amt'];
 $net_amount = $_POST['net_amount'];

$db_handle = new DBController();
$custorders = $db_handle->runQuery("SELECT * FROM sales ORDER BY sales_id DESC LIMIT 1");

 $salenums = $db_handle->numRows("SELECT * FROM sales ORDER BY sales_id DESC LIMIT 1");

$zero = 0;
$qut = 'SINV';
$year = date("Y");

if($salenums == 0){
    $salid="1";
    $sale_invoice_no= $qut.'-'.$year.'-'.$zero.''.$zero.''.$zero.''.$salid;
}else {

    foreach ($custorders as $custorder) {
        $sales_id = $custorder['sales_id'] + 1;


        if (($sales_id >= '10') && ($sales_id < '100')) {

            $sale_invoice_no = $qut . '-' . $year . '-' . $zero . '' . $zero . '' . $sales_id;
        } elseif (($sales_id >= '100') && ($sales_id < '1000')) {
            $sale_invoice_no = $qut . '-' . $year . '-' . $zero . '' . $sales_id;
        } elseif ($sales_id >= '1000') {
            $sale_invoice_no = $qut . '-' . $year . '-' . $sales_id;
        } else {
            $sale_invoice_no = $qut . '-' . $year . '-' . $zero . '' . $zero . '' . $zero . '' . $sales_id;
        }
    }
}

date_default_timezone_set("Asia/Kolkata");
$date = date("Y-m-d H:i:s");
$active = 'yes';

$status   = '1';

$db_handle = new DBController();
$custdetailsnum = $db_handle-> numRows("SELECT * FROM student WHERE registration_no = '$customer_mobileno' ");

if($other == 'yes'){
    $db_handle = new DBController();
    $newInsert = $db_handle->tableinsert("INSERT INTO sales(sale_type,saleInvoice_no,sale_invioce_date,student_id,other,employee_id,counter_no,from_time,to_time,net_amount,payable_amount,sales_status,payment_status,payment_mode,created_on,created_by,is_active)
      VALUES ('0','$sale_invoice_no','$sales_invoice_date','$customer_id','$other',$employeecs_id','$counter_nos','$from_time','$to_time','$net_amount','$payable_amt','paid','paid','paid','$date','$userId','$active')");
}else{
    $db_handle = new DBController();
    $newInsert = $db_handle->tableinsert("INSERT INTO sales(sale_type,saleInvoice_no,sale_invioce_date,student_id,other,employee_id,counter_no,from_time,to_time,net_amount,payable_amount,sales_status,payment_status,payment_mode,created_on,created_by,is_active)
      VALUES ('0','$sale_invoice_no','$sales_invoice_date','$customer_id','','$employeecs_id','$counter_nos','$from_time','$to_time','$net_amount','$payable_amt','paid','paid','paid','$date','$userId','$active')");
}
    $cashpayment = $_POST['cashpayment'];

    if ($cashpayment) {
        $type = 'cash';
        $db_handle = new DBController();
        $newwalletinsert = $db_handle->tableinsert("INSERT INTO salepaymentdetails(saleid,customerid,type,amount,created_at,created_by)
                VALUES ('$newInsert','$customer_id','$type','$cashpayment','$date','$userId')");
    }


    $onlinepayment = $_POST['onlinepayment'];

    if ($onlinepayment) {
        $type = 'online';

        $db_handle = new DBController();
        $newwalletinsert = $db_handle->tableinsert("INSERT INTO salepaymentdetails(saleid,customerid,type,amount,created_at,created_by)
                VALUES ('$newInsert','$customer_id','$type','$onlinepayment','$date','$userId')");

    }
    foreach ($_SESSION['cart_items'] as $k => $v) {
        $product = $v['itm'];


        $db_handle = new DBController();
        $products = $db_handle->runQuery("SELECT * FROM fooditem WHERE food_item_name ='$product'");
        foreach ($products as $productt) {
            $product_id = $productt['item_id'];

        }

        $sales_quantity = $v['qt'];
          $amountz = $v['amt'];
          $food_item_id = $v['food_item_id'];
          $canteen = $v['canteen'];

        $db_handle = new DBController();
        $newInsert2 = $db_handle->tableinsert("INSERT INTO sales_item(sales_id,food_item_id,canteen_id,canteen_menu_item_id,sale_quantity,sale_mrp,sale_net_amount)
      VALUES ('$newInsert','$food_item_id','$canteen','0','$sales_quantity','$amountz','0')");

    }

     $saleinvoicenoenct = amebi_crypt($sale_invoice_no,e);
    $returnamtvale = amebi_crypt($returnamtval,e);
$canteen_id = amebi_crypt($canteen,e);
    if ($newInsert2 == TRUE) {

        $_SESSION['ERROR_MSG'] = "Success";
        $_SESSION['MSG_ALRT'] = "TRUE";
        unset($_SESSION["cart_items"]);
        header('location:../../../../web/home/modules/university/Canteen/direct_sales/sales_print_first.php?salesinvoiceno=' . $saleinvoicenoenct . '&returnamtval=' . $returnamtvale. '&canteen=' . $canteen_id);

    } else {
        $_SESSION['ERROR_MSG'] = "Unsuccess";
        $_SESSION['MSG_ALRT'] = "FALSE";
        unset($_SESSION["cart_items"]);

        header('location:../../../../web/home/modules/university/Canteen/direct_sales/sales_print_first.php?salesinvoiceno=' . $saleinvoicenoenct . '&returnamtval=' . $returnamtvale);
    }
//}

?>
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY