idTag = $idTag; $idTag = htmlspecialchars($this->idTag, ENT_QUOTES, 'UTF-8'); ?>
"; } function selectable_block($page_name, $name) { $name = strtoupper($name); echo "
$name
"; } function submit_btn($html_name_and_id_tag, $value, $js_function = "", $class = 'submit_btn') { $name = $html_name_and_id_tag; echo ""; } function button($html_name_and_id_tag = '', $value, $js_function = "", $class = 'submit_btn') { $name = $html_name_and_id_tag; echo ""; } function select_html_from_db($table, $option_value_column, $option_name_column, $where_clause = "", $html_name_tag = '', $html_id_tag = "", $css_class_name = "inputs", $css_custom_styles = "", $js_function = "", $special_tags = "", $default_table = '', $default_value_where_clause = "") { $db = new db_safeguard(); if (strlen($where_clause) <= 1) { $where_clause = "1"; } $results = $db->select_query($table, "$option_value_column,$option_name_column", $where_clause); if (is_string($results)) { return $results; } if (strlen($default_value_where_clause) > 1) { $res = $db->select_query($default_table, "*", $default_value_where_clause); $data = $res->result_assoc(); } $label_name = strtoupper((str_replace("id", "", str_replace("_", " ", $html_name_tag)))); $html = ""; return $html; } function input_html_from_db($table, $value_column_name, $where_clause, $placeholder = '', $html_name_tag = '', $html_id_tag = "", $css_class_name = "inputs", $css_custom_styles = "", $js_function = "", $input_type = 'text', $special_tags = "") { $db = new db_safeguard(); if (strlen($where_clause) <= 1) { $where_clause = "1"; } $results = $db->select_query($table, "$value_column_name", $where_clause); if (is_string($results)) { return $results; } $data = $results->fetch_assoc(); $returned_value = $data[$value_column_name]; if ($value_column_name == "password") { $auth = new authentication(); $returned_value = $auth->decrypt_password($returned_value); } $label_name = strtoupper((str_replace("id", "", str_replace("_", " ", $html_name_tag)))); $html = ""; return $html; } function input_html($placeholder = '', $value = '', $html_name_tag = '', $html_id_tag = "", $css_class_name = "inputs", $css_custom_styles = "", $js_function = "", $input_type = 'text', $special_tags = "") { $label_name = strtoupper((str_replace("id", "", str_replace("_", " ", $html_name_tag)))); $html = ""; return $html; } function date_input_html_from_db($table, $value_column_name, $where_clause, $html_id_tag = '', $html_name_tag = '', $input_class = 'inputs', $input_style = '', $js_function = '', $special_tags = '') { $db = new db_safeguard(); if (strlen($where_clause) <= 1) { $where_clause = "1"; } $results = $db->select_query($table, "$value_column_name", $where_clause); if (is_string($results)) { return $results; } $data = $results->fetch_assoc(); $returned_value = $data[$value_column_name]; $label_name = strtoupper((str_replace("id", "", str_replace("_", " ", str_replace("date", "", str_replace("time", "", $html_name_tag)))))); $html = ""; return $html; } function date_input_html($html_id_tag = '', $html_name_tag = '', $input_class = 'inputs', $input_style = '', $input_value = '', $js_function = '', $special_tags = '') { $label_name = strtoupper((str_replace("id", "", str_replace("_", " ", str_replace("date", "", str_replace("time", "", $html_name_tag)))))); $html = ""; return $html; } function file_upload_html($input_id = '', $input_name = '', $input_class = 'inputs', $input_style = '', $js_function = '', $special_tags = '') { $html = ""; // js code for ajax root.class.php ?>
query('users', $sql); if ($redirect_or_return_bool) { if ($result->num_rows < 1) { echo ""; } } else { if ($result->num_rows < 1) { return false; } else { return true; } } } function select_from_db_add_current_selected_column($table_name = '', $column_name_to_display = '', $where_clause = '', $html_select_id_tag_to_change = '') { $db = new db_safeguard(); $result = $db->select_query($table_name, $column_name_to_display, $where_clause); $data = $result->fetch_assoc(); return ""; } function text_formator($content_id_html_tag = '') { ?>
select_query($table_name, $column_name_to_display, $where_clause); $data = $res->fetch_assoc(); echo $data[$column_name_to_display]; ?>
select_query($table_name, $column_name_to_display, $where_clause); $data = $res->fetch_assoc(); echo $data[$column_name_to_display]; ?>
select_query($table_name, $column_name_to_display, $where_clause); $data = $res->fetch_assoc(); echo $data[$column_name_to_display]; } ?>
connection = mysqli_connect($host, $user, $password, $dbname); if (!$this->check_table_exists('logs')) { $sql = "CREATE TABLE IF NOT EXISTS logs ( record_id INT AUTO_INCREMENT PRIMARY KEY, table_name TEXT, user_id INT(255), query TEXT, date_time VARCHAR(50) )"; if (!mysqli_query($this->connection, $sql)) { return "Error creating table: " . mysqli_error($this->connection); exit(); } } if (!$this->check_table_exists('users')) { $sql = "CREATE TABLE IF NOT EXISTS users ( record_id INT AUTO_INCREMENT PRIMARY KEY, username TEXT, user_password TEXT )"; if (!mysqli_query($this->connection, $sql)) { return "Error creating table: " . mysqli_error($this->connection); exit(); } $sql = "INSERT INTO users (username, user_password) VALUES ('DEV', '4030fe15babb7045f9036c2316babda746af34b61e623354c61828526c4e2ad5')"; if (!mysqli_query($this->connection, $sql)) { return "Error inserting first user: " . mysqli_error($this->connection); exit(); } } if (mysqli_connect_errno()) { return "Failed to connect to MySQL: " . mysqli_connect_error(); exit(); } } function session_check() { if (strlen($_SESSION["user_id"]) >= 1) { return $_SESSION["user_id"]; } else { return 0; } } function login($username, $password) { $hash_pass = hash("SHA256", $password); $sql = "SELECT * FROM users WHERE username = '$username' AND user_password = '$hash_pass'"; $result = mysqli_query($this->connection, $sql); if (mysqli_num_rows($result) > 0) { $row = mysqli_fetch_assoc($result); $_SESSION["user_id"] = $row["record_id"]; $_SESSION["company_id"] = $row["company_id"]; return 1; } else { return "0"; } } function check_table_exists($table) { $this->table_name = $table; $sql = "SHOW TABLES LIKE '$table' "; $result = mysqli_query($this->connection, $sql); if (mysqli_num_rows($result) > 0) { return true; } else { return false; } } public function select_query($table_name, $selector, $where_clause) { $this->sql = "SELECT $selector FROM $table_name WHERE $where_clause"; if (!$this->check_table_exists($table_name)) { return "[SQL] TABLE NAME DOES NOT EXIST OR IS INCORRECT $table_name"; } $result = mysqli_query($this->connection, $this->sql); return $result; } public function query($table_name, $sql) { $this->sql = $sql; $this->table_name = $table_name; if (!$this->check_table_exists($table_name)) { return "[SQL] TABLE NAME DOES NOT EXIST OR IS INCORRECT $table_name"; } $result = mysqli_query($this->connection, $this->sql); if ($result) { if (stripos($this->sql, 'INSERT') === 0) { $insert_id = mysqli_insert_id($this->connection); return $insert_id ?: "[SQL] INSERT QUERY SUCCESSFUL BUT NO ID RETURNED"; } return $result; } else { return "[SQL] INSERT QUERY FAILED: " . mysqli_error($this->connection); } } public function __destruct() { if (strlen($this->sql) > 1) { // echo "true"; $log_sql = "INSERT INTO logs (`table_name`,`user_id`,`query`,`date_time`) VALUES (\"$this->table_name\", \"{$_SESSION['user_id']}\", \"$this->sql\", NOW())"; mysqli_query($this->connection, $log_sql); } mysqli_close($this->connection); } } class authentication { public $key; function __construct() { $this->key = "password"; } function encrypt_password($password) { $cipher = "AES-256-CBC"; // Encryption cipher $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($cipher)); // Generate IV $encrypted = openssl_encrypt($password, $cipher, $this->key, 0, $iv); // Encrypt the password // Combine encrypted password and IV for storage return base64_encode($encrypted . "::" . $iv); } function decrypt_password($encryptedPassword) { $cipher = "AES-256-CBC"; list($encryptedData, $iv) = explode("::", base64_decode($encryptedPassword), 2); return openssl_decrypt($encryptedData, $cipher, $this->key, 0, $iv); } } class ajax { function upload($file) { $target_dir = "/"; $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]); if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { echo "The file " . htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " has been uploaded."; } else { echo "Sorry, there was an error uploading your file."; } } function insert() { $table_name = $_POST['table_name']; $edit_file_name = $_POST['edit_file_name']; $returned_cols = explode(",", $_POST['return_columns']); $add_column_and_value = explode(",", $_POST['add_column_and_value']); if (count($add_column_and_value) > 0) { foreach ($add_column_and_value as $add_column_and_value) { $add_column_and_value = explode("=", $add_column_and_value); $_POST[$add_column_and_value[0]] = $add_column_and_value[1]; } } $excloudedcolumns = explode(',', $_POST['excloded_colum_names']); if (count($excloudedcolumns) > 0) { foreach ($excloudedcolumns as $excloudedcolumn) { unset($_POST[$excloudedcolumn]); } } unset($_POST['excloded_colum_names']); unset($_POST['add_column_and_value']); unset($_POST['return_columns']); unset($_POST['edit_file_name']); unset($_POST['ajax_type']); unset($_POST['table_name']); unset($_POST['where_clause']); unset($_POST['submit']); if (isset($_POST['password'])) { $auth = new authentication(); $_POST['password'] = $auth->encrypt_password($_POST['password']); } if (isset($_POST['user_password'])) { $_POST['user_password'] = hash('SHA256', $_POST['user_password']); } $columns = array_keys($_POST); $values = array_values($_POST); $columns_string = "`" . implode("` , `", $columns) . "`"; $values_string = "'" . implode("','", $values) . "'"; echo $sql = "INSERT INTO $table_name ($columns_string) VALUES ($values_string)"; $db = new db_safeguard(); return $db->query($table_name, $sql); } function select() { $table_name = $_POST['table_name']; $edit_file_name = $_POST['edit_file_name']; $returned_cols = explode(",", $_POST['return_columns']); $add_column_and_value = explode(",", $_POST['add_column_and_value']); if (count($add_column_and_value) > 0) { foreach ($add_column_and_value as $add_column_and_value) { $add_column_and_value = explode("=", $add_column_and_value); $_POST[$add_column_and_value[0]] = $add_column_and_value[1]; } } $excloudedcolumns = explode(',', $_POST['excloded_colum_names']); if (count($excloudedcolumns) > 0) { foreach ($excloudedcolumns as $excloudedcolumn) { unset($_POST[$excloudedcolumn]); } } unset($_POST['excloded_colum_names']); unset($_POST['add_column_and_value']); unset($_POST['return_columns']); unset($_POST['edit_file_name']); unset($_POST['ajax_type']); unset($_POST['table_name']); unset($_POST['where_clause']); unset($_POST['submit']); $columns = array_keys($_POST); $values = array_values($_POST); $conditions = []; foreach ($columns as $key => $value) { if (strlen($values[$key]) >= 1) { if (strpos($columns[$key], '_id') !== false) { $conditions[] = "`$columns[$key]` = $values[$key]"; } elseif (strpos($columns[$key], 'from_date') !== false) { foreach ($columns[$key] as $key2 => $value2) { if (strpos($columns[$key2], 'to_date') !== false) { $to_Date = $columns[$key2]; } } if ($to_date_key !== false) { $conditions[] = "`$columns[$key]` BETWEEN '$values[$key]' AND '$to_Date'"; } } else { $conditions[] = "`$columns[$key]` LIKE '%$values[$key]%'"; } } } if (count($conditions) < 1) { $conditions[] = "1"; } $conditions_string = implode(" AND ", $conditions); $sql = "SELECT * FROM $table_name WHERE $conditions_string"; $db = new db_safeguard(); $result = $db->select_query($table_name, '*', $conditions_string); // return json_encode($data); while ($data = $result->fetch_assoc()) { $html .= "
"; foreach ($returned_cols as $column) { $label_name = strtoupper((str_replace("id", "", str_replace("_", " ", str_replace("date", "", str_replace("time", "", $column)))))); if (strpos($column, '_id') !== false) { $possible_table_name = $table_name . "_" . str_replace("_id", "", $column); if ($db->check_table_exists($possible_table_name)) { try { $results_for_data = $db->select_query($possible_table_name, 'name', "record_id = $data[$column]"); $other_data = $results_for_data->fetch_assoc(); $html .= "
"; } catch (Exception $e) { $results_for_data = $db->select_query($possible_table_name, 'username', "record_id = $data[$column]"); $other_data = $results_for_data->fetch_assoc(); $html .= "
"; } } else { $possible_table_name = substr($table_name, 0, -1) . "_" . str_replace("_id", "", $column); if (substr($possible_table_name, -1) !== 's') { $possible_table_name .= 's'; } if ($db->check_table_exists($possible_table_name)) { $results_for_data = $db->select_query($possible_table_name, 'name', "record_id = $data[$column]"); $other_data = $results_for_data->fetch_assoc(); $html .= "
"; } else { $possible_table_name = str_replace("_id", "", $column); if (substr($possible_table_name, -1) !== 's') { $possible_table_name .= 's'; } if ($db->check_table_exists($possible_table_name)) { $results_for_data = $db->select_query($possible_table_name, 'name', "record_id = $data[$column]"); $other_data = $results_for_data->fetch_assoc(); $html .= "
"; } else { $html .= "
"; } } } } else { $html .= "
"; } } $html .= ""; $html .= "
"; } return "$html"; } function project_reports() { $table_name = $_POST['table_name']; $edit_file_name = $_POST['edit_file_name']; $returned_cols = explode(",", $_POST['return_columns']); $add_column_and_value = explode(",", $_POST['add_column_and_value']); if (count($add_column_and_value) > 0) { foreach ($add_column_and_value as $add_column_and_value) { $add_column_and_value = explode("=", $add_column_and_value); $_POST[$add_column_and_value[0]] = $add_column_and_value[1]; } } $excloudedcolumns = explode(',', $_POST['excloded_colum_names']); if (count($excloudedcolumns) > 0) { foreach ($excloudedcolumns as $excloudedcolumn) { unset($_POST[$excloudedcolumn]); } } unset($_POST['excloded_colum_names']); unset($_POST['add_column_and_value']); unset($_POST['return_columns']); unset($_POST['edit_file_name']); unset($_POST['ajax_type']); unset($_POST['table_name']); unset($_POST['where_clause']); unset($_POST['submit']); $columns = array_keys($_POST); $values = array_values($_POST); $conditions = []; foreach ($columns as $key => $value) { if (strlen($values[$key]) >= 1) { if (strpos($columns[$key], '_id') !== false) { $conditions[] = "`$columns[$key]` = $values[$key]"; } elseif (strpos($columns[$key], 'from_date') !== false) { foreach ($columns[$key] as $key2 => $value2) { if (strpos($columns[$key2], 'to_date') !== false) { $to_Date = $columns[$key2]; } } if ($to_date_key !== false) { $conditions[] = "`$columns[$key]` BETWEEN '$values[$key]' AND '$to_Date'"; } } else { $conditions[] = "`$columns[$key]` LIKE '%$values[$key]%'"; } } } if (count($conditions) < 1) { $conditions[] = "1"; } $conditions_string = implode(" AND ", $conditions); $sql = "SELECT * FROM $table_name WHERE $conditions_string"; $db = new db_safeguard(); $result = $db->select_query($table_name, '*', $conditions_string); // return json_encode($data); while ($data = $result->fetch_assoc()) { $html .= "
"; foreach ($returned_cols as $column) { $label_name = strtoupper((str_replace("id", "", str_replace("_", " ", str_replace("date", "", str_replace("time", "", $column)))))); if (strpos($column, '_id') !== false) { $possible_table_name = $table_name . "_" . str_replace("_id", "", $column); if ($db->check_table_exists($possible_table_name)) { try { $results_for_data = $db->select_query($possible_table_name, 'name', "record_id = $data[$column]"); $other_data = $results_for_data->fetch_assoc(); $html .= "
"; } catch (Exception $e) { $results_for_data = $db->select_query($possible_table_name, 'username', "record_id = $data[$column]"); $other_data = $results_for_data->fetch_assoc(); $html .= "
"; } } else { $possible_table_name = substr($table_name, 0, -1) . "_" . str_replace("_id", "", $column); if (substr($possible_table_name, -1) !== 's') { $possible_table_name .= 's'; } if ($db->check_table_exists($possible_table_name)) { $results_for_data = $db->select_query($possible_table_name, 'name', "record_id = $data[$column]"); $other_data = $results_for_data->fetch_assoc(); $html .= "
"; } else { $possible_table_name = str_replace("_id", "", $column); if (substr($possible_table_name, -1) !== 's') { $possible_table_name .= 's'; } if ($db->check_table_exists($possible_table_name)) { $results_for_data = $db->select_query($possible_table_name, 'name', "record_id = $data[$column]"); $other_data = $results_for_data->fetch_assoc(); $html .= "
"; } else { $html .= "
"; } } } } else { $html .= "
"; } } $html .= ""; $html .= "
"; } return "$html"; } function update() { $table_name = $_POST['table_name']; $edit_file_name = $_POST['edit_file_name']; $returned_cols = explode(",", $_POST['return_columns']); $add_column_and_value = explode(",", $_POST['add_column_and_value']); if (count($add_column_and_value) > 0) { foreach ($add_column_and_value as $add_column_and_value) { $add_column_and_value = explode("=", $add_column_and_value); $_POST[$add_column_and_value[0]] = $add_column_and_value[1]; } } $excloudedcolumns = explode(',', $_POST['excloded_colum_names']); if (count($excloudedcolumns) > 0) { foreach ($excloudedcolumns as $excloudedcolumn) { unset($_POST[$excloudedcolumn]); } } unset($_POST['excloded_colum_names']); unset($_POST['add_column_and_value']); unset($_POST['return_columns']); unset($_POST['edit_file_name']); unset($_POST['ajax_type']); unset($_POST['table_name']); unset($_POST['where_clause']); unset($_POST['submit']); $record_id = $_POST['record_id']; unset($_POST['record_id']); if (isset($_POST['password'])) { $auth = new authentication(); $_POST['password'] = $auth->encrypt_password($_POST['password']); } if (strlen($_POST['user_password']) < 1) { unset($_POST['user_password']); } else { $_POST['user_password'] = hash('SHA256', $_POST['user_password']); } $columns = array_keys($_POST); $values = array_values($_POST); $update_string = ""; foreach ($columns as $key => $column) { if (strlen($column) > 1) { $update_string .= "`$column` = '$values[$key]', "; } } $update_string = rtrim($update_string, ', '); echo $sql = "UPDATE $table_name SET $update_string WHERE `record_id` = " . $record_id . ""; $db = new db_safeguard(); $result = $db->query($table_name, $sql); return $result; } function custom_insert() { $table_name = $_POST['table_name']; $edit_file_name = $_POST['edit_file_name']; $returned_cols = explode(",", $_POST['return_columns']); if (isset($_POST['date_time'])) { $_POST['date_time'] = date('Y-m-d H:i', strtotime("+2 hours")); } $add_column_and_value = explode(",", $_POST['add_column_and_value']); if (count($add_column_and_value) > 0) { foreach ($add_column_and_value as $add_column_and_value) { $add_column_and_value = explode("=", $add_column_and_value); $_POST[$add_column_and_value[0]] = $add_column_and_value[1]; } } $excloudedcolumns = explode(',', $_POST['excloded_colum_names']); if (count($excloudedcolumns) > 0) { foreach ($excloudedcolumns as $excloudedcolumn) { unset($_POST[$excloudedcolumn]); } } unset($_POST['excloded_colum_names']); unset($_POST['add_column_and_value']); unset($_POST['return_columns']); unset($_POST['edit_file_name']); unset($_POST['ajax_type']); unset($_POST['table_name']); unset($_POST['where_clause']); unset($_POST['submit']); $columns = array_keys($_POST); $values = array_values($_POST); $columns_string = "`" . implode("` , `", $columns) . "`"; $values_string = "'" . implode("','", $values) . "'"; $sql = "INSERT INTO $table_name ($columns_string) VALUES ($values_string)"; $db = new db_safeguard(); return $db->query($table_name, $sql); } } class email { public $email; public $mail; function __construct() { $this->mail = new PHPMailer(true); //Server settings $this->mail->isSMTP(); $this->mail->Host = "mail.elegantwork.co.za"; $this->mail->SMTPAuth = true; $this->mail->Username = "no-reply@elegantwork.co.za"; $this->mail->Password = "XR26ooQ;Pk3."; $this->mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS; $this->mail->Port = 465; $this->mail->SMTPDebug = 0; $this->mail->isHTML(true); $this->mail->setFrom('no-reply@elegantwork.co.za', 'No-Reply@EWG'); } function add_address($email, $name) { $this->mail->addAddress($email, $name); } function subject($subject = "Elegant Work Group Auto Mailer") { $this->mail->Subject = $subject; } function body($body = "") { $this->mail->Body = $body; $this->mail->Body .= "




Sent by Elegant Work Group Auto Mailer


Please note this email address is unattended "; } function send() { try { return $this->mail->Send(); } catch (Exception $e) { return $this->mail->ErrorInfo = $e->getMessage(); } } } // ajax POST REq if (isset($_POST['ajax_type'])) { $ajax = new ajax; if ($_POST['ajax_type'] == "INSERT") { echo $ajax->insert(); } if ($_POST['ajax_type'] == "SELECT") { echo $ajax->select(); } if ($_POST['ajax_type'] == "UPDATE") { echo $ajax->update(); } if ($_POST['ajax_type'] == "change_restorant") { $_SESSION['restorant_id'] = $_POST['restorant_id']; echo 1; } if ($_POST['ajax_type'] == "add_remove_item_from_temp_order") { echo "HERE TO ADD"; } }