| Server IP : 192.169.170.185 / Your IP : 216.73.216.97 Web Server : Apache System : Linux p3plmcpnl495852.prod.phx3.secureserver.net 4.18.0-553.52.1.lve.el8.x86_64 #1 SMP Wed May 21 15:31:29 UTC 2025 x86_64 User : akhilnew ( 1712764) PHP Version : 5.6.40 Disable Function : NONE MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/akhilnew/public_html/ |
Upload File : |
<?php
session_start();
if(file_exists('inc/config.php')): require_once('inc/config.php'); else: die('Required file doesn\'t exist.'); endif;
$files_inc = array('encryptions.class', 'functions.class', 'sendmail.class', 'MPDF53/mpdf');
foreach($files_inc as $file_inc):
if(file_exists(REQ.$file_inc.'.php')): require_once(REQ.$file_inc.'.php'); else: die('Required file doesn\'t exist.'); endif;
endforeach;
$stmt = $mysqli->prepare("SELECT websitename, websiteemail, fromname, fromemail, replyname, replyemail FROM settings ORDER BY settingsid DESC LIMIT 1") or die('An error occurred. Please try after some time.');
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($websitename, $websiteemail, $fromname, $fromemail, $replyname, $replyemail);
$stmt->fetch();
$stmt->close();
$cart_session = 'CART'.str_replace('.', '', $_SERVER['REMOTE_ADDR']);
$checkoutsession = 'COUT'.str_replace('.', '', $_SERVER['REMOTE_ADDR']);
if(isset($_SESSION[$cart_session])): unset($_SESSION[$cart_session]); endif;
if(isset($_SESSION[$checkoutsession])): unset($_SESSION[$checkoutsession]); endif;
$eMessage = <<<EOJ
<i class="material-icons red-text">error</i><br clear="all"><br clear="all"><h3 class="red-text">access denied</h3><br clear="all"><br clear="all"><p>Access to the requested page has been denied.</p><br clear="all"><a href="{$baseurl}" class="waves-effect btn-flat red-text">Go Back to Home</a>
EOJ;
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="robots" content="index, follow">
<title>Order Response : <?php echo $websitename;?></title>
<link rel="shortcut icon" href="<?php echo $imageurl;?>favicon.ico" />
<link href="https://fonts.googleapis.com/css?family=Roboto:400,500|Material+Icons" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0-rc.2/css/materialize.min.css">
<style type="text/css">
*{margin:0;box-sizing:border-box;outline:none}html,body{width:100%}
body{font-size:12px;font-family:'Roboto', sans-serif;overflow-y:scroll}
.card{margin:0;padding:40px 0;border-top:1px solid #eee;text-transform:uppercase}
.card i{font-size:60px}
.card h3{margin:0;font-size:14px;font-weight:500}
.card b,.card p{font-size:11px;font-weight:500}
.card button{height:37px;line-height:36px;font-size:12px;font-weight:500;font-family:'Roboto', sans-serif}
.card a{font-size:12px;font-weight:500}
@media(max-width:600px){
.card{padding:20px 0}
}
</style>
</head>
<body class="white black-text">
<div class="row" style="padding-top:20px">
<div class="col s12 m12 l4 center-align" style="float:none;margin:auto">
<a href="<?php echo $baseurl;?>"><img src="<?php echo $imageurl;?>logo_pdf.png" alt="<?php echo $websitename;?>" height="60" /></a><br clear="all"><br clear="all">
<div class="card center-align">
<?php
function productinfo($productid){
global $mysqli;
$stmt = $mysqli->prepare("SELECT title, image FROM products WHERE productid = ? LIMIT 1") or die('An error occurred. Please try after some time.');
$stmt->bind_param('i', $productid);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($title, $image);
$stmt->fetch();
$stmt->close();
return array($title, $image);
}
function productrows($ordernumber, $customerid){
global $mysqli, $imageurl, $uploadpath;$body = '';$totalamount = 0;
$stmt = $mysqli->prepare("SELECT orderid, shippingcharge FROM orders WHERE (ordernumber = ? AND customerid = ?)") or die('An error occurred. Please try after some time.');
$stmt->bind_param('si', $ordernumber, $customerid);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($orderid, $shippingcharge);
$stmt->fetch();
$stmt->close();
$stmt = $mysqli->prepare("SELECT productid, price, quantity FROM order_items WHERE (orderid = ? AND customerid = ?)") or die('An error occurred. Please try after some time.');
$stmt->bind_param('si', $orderid, $customerid);
$stmt->execute();
$stmt->store_result();
$stmt->num_rows();
$stmt->bind_result($productid, $price, $quantity);
while($stmt->fetch()):
$productinfo = productinfo($productid);
$subtotal = $price * $quantity;
$totalamount = $totalamount + $subtotal;
$image = ($productinfo[1] && file_exists($uploadpath.$productinfo[1])) ? $productinfo[1] : 'product-ico.png';
$body .= '<tr>';
$body .= '<td align="center" valign="top" style="border:1px solid #ddd;padding:5px">';
$body .= '<img src="'.$imageurl.$image.'" alt="'.$productinfo[0].'" style="float:left;width:100%;height:auto" />';
$body .= '</td>';
$body .= '<td align="left" valign="top" style="border:1px solid #ddd;padding:5px">'.$productinfo[0].'<br clear="all"><b>Quantity:</b> '.$quantity.', <b>Amount:</b> Rs. '.number_format($subtotal, 0).'</td>';
$body .= '</tr>';
endwhile;
$stmt->close();
$body .= '<tr><th align="right" valign="middle" colspan="2" style="border:1px solid #ddd;padding:7px 5px">Delivery Charge: Rs. '.number_format($shippingcharge, 0).'</th></tr>';
$body .= '<tr><th align="right" valign="middle" colspan="2" style="border:1px solid #ddd;padding:7px 5px">Total: Rs. '.number_format($totalamount + $shippingcharge, 0).'</th></tr>';
return $body;
}
function productrowsPDF($ordernumber, $customerid){
global $mysqli;$body = '';$totalamount = 0;$serial = 1;$counter = 0;
$stmt = $mysqli->prepare("SELECT orderid, shippingcharge FROM orders WHERE (ordernumber = ? AND customerid = ?)") or die('An error occurred. Please try after some time.');
$stmt->bind_param('si', $ordernumber, $customerid);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($orderid, $shippingcharge);
$stmt->fetch();
$stmt->close();
$stmt = $mysqli->prepare("SELECT productid, price, quantity FROM order_items WHERE (orderid = ? AND customerid = ?)") or die('An error occurred. Please try after some time.');
$stmt->bind_param('si', $orderid, $customerid);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->bind_result($productid, $price, $quantity);
while($stmt->fetch()):
$productinfo = productinfo($productid);
$subtotal = $price * $quantity;
$totalamount = $totalamount + $subtotal;
$height = (++$counter == count($count_rows)) ? 'height:400px;' : '';
$body .= '<tr>';
$body .= '<td style="'.$height.'border-left:1px solid #000;padding:5px" align="center" valign="top">'.$serial++.'.</td>';
$body .= '<td style="'.$height.'border-left:1px solid #000;padding:5px" colspan="2" valign="top">'.$productinfo[0].'</td>';
$body .= '<td style="'.$height.'border-left:1px solid #000;padding:5px" align="center" valign="top">'.$quantity.'</td>';
$body .= '<td style="'.$height.'border-left:1px solid #000;border-right:1px solid #000;padding:5px" align="center" valign="top">Rs. '.number_format($price, 0).'</td>';
$body .= '<td style="'.$height.'border-left:1px solid #000;border-right:1px solid #000;padding:5px" align="center" valign="top">Rs. '.number_format($subtotal, 0).'</td>';
$body .= '</tr>';
endwhile;
$body .= '<tr><th style="border:1px solid #000;padding:5px" colspan="5" align="right" valign="top">Delivery Charges</th><td style="border:1px solid #000;padding:5px" align="center" valign="top">Rs. '.number_format($shippingcharge, 0).'</td></tr>';
$body .= '<tr><th style="border:1px solid #000;padding:5px" colspan="5" align="right" valign="top">Total</th><td style="border:1px solid #000;padding:5px" align="center" valign="top">Rs. '.number_format($totalamount + $shippingcharge, 0).'</td></tr>';
$stmt->close();
return $body;
}
$ordernumber = filter_input(INPUT_GET, 'ordernumber', FILTER_SANITIZE_STRING);
$ordernumber = strip_tags($fn->remaspace($fn->escape($ordernumber)));
$ordernumber = preg_replace('/[^A-Z0-9]/', '', $ordernumber);
$secretkey = filter_input(INPUT_GET, 'secretkey', FILTER_SANITIZE_STRING);
$secretkey = strip_tags($fn->remaspace($fn->escape($secretkey)));
$secretkey = preg_replace('/[^A-Z0-9]/', '', $secretkey);
$status = pathinfo($_SERVER['REQUEST_URI'], PATHINFO_BASENAME);
if($ordernumber && $secretkey && $status):
$stmt = $mysqli->prepare("SELECT customerid, orderdate, shippingname, shippingemail, shippingphone, shippingaddress FROM orders WHERE (ordernumber = ? AND secretkey = ?) LIMIT 1") or die('An error occurred. Please try after some time.');
$stmt->bind_param('ss', $ordernumber, $secretkey);
$stmt->execute();
$stmt->store_result();
$count_rows = $stmt->num_rows();
$stmt->bind_result($customerid, $orderdate, $shippingname, $shippingemail, $shippingphone, $shippingaddress);
$stmt->fetch();
$stmt->close();
if($count_rows == 1):
$statuses = array('success' => 'placed', 'failed' => 'failed');
$status = (array_key_exists($status, $statuses)) ? $statuses[$status] : '';
$orderdate= date('d/m/Y', strtotime($orderdate));
$null = '';
$stmt = $mysqli->prepare("UPDATE orders SET orderstatus = ?, secretkey = ? WHERE (ordernumber = ? AND customerid = ? AND secretkey = ?)") or die('An error occurred. Please try after some time.');
$stmt->bind_param('sssis', $status, $null, $ordernumber, $customerid, $secretkey);
$stmt->execute();
$stmt->close();
$wmessage = <<<EOJ
<table border="0" cellpadding="0" cellspacing="0" style="float:left;width:600px;background-color:#fff;font-size:12px">
<tr><th align="left" valign="top" colspan="2" style="border-bottom:3px solid #d5d5d5;font-size:18px;text-transform:uppercase">{$websitename}</th></tr>
<tr><th align="left" valign="bottom" style="padding:10px 0 3px;border-bottom:1px solid #ccc;text-transform:uppercase">Order Successfull</th><th align="right" valign="bottom" style="padding:10px 0 3px;border-bottom:1px solid #ccc;text-transform:uppercase">Order No.: {$ordernumber}</th></tr>
<tr><td align="left" valign="top" colspan="2" style="padding:20px 0 25px">Dear {$websitename}<br clear="all">{$shippingname} ordered book on {$orderdate}. Their order is now confirmed. Their order no. is {$ordernumber}.</td></tr><tr bgcolor="#eee"><td align="left" valign="top" colspan="2" style="padding:10px"><div style="float:left;width:100%;margin-bottom:10px;padding-bottom:3px;border-bottom:1px solid #aaa;font-weight:bold">ORDER DETAILS</div><div style="float:left;width:100%"><b>Ship to:</b><br clear="all">{$shippingname}<br clear="all">{$shippingaddress}<br clear="all">Phone - {$shippingphone}</div></td></tr><tr bgcolor="#eee"><td align="left" valign="top" colspan="2" style="padding:0 10px 10px"><table border="0" cellpadding="0" cellspacing="0" style="float:left;width:100%;background-color:#fff;border:1px solid #ddd;border-collapse:collapse;margin-top:15px"><tr><th align="center" valign="middle" style="width:15%;border:1px solid #ddd;padding:5px"></th><th align="left" valign="middle" style="width:85%;border:1px solid #ddd;padding:5px">ITEM</th></tr>
EOJ;
$wmessage .= productrows($ordernumber, $customerid);
$wmessage .= <<<EOJ
</table></td></tr></table>
EOJ;
$cmessage = <<<EOJ
<table border="0" cellpadding="0" cellspacing="0" style="float:left;width:600px;background-color:#fff;font-size:12px">
<tr><th align="left" valign="top" colspan="2" style="border-bottom:3px solid #d5d5d5;font-size:18px;text-transform:uppercase">{$websitename}</th></tr>
<tr><th align="left" valign="bottom" style="padding:10px 0 3px;border-bottom:1px solid #ccc;text-transform:uppercase">Order Successfull</th><th align="right" valign="bottom" style="padding:10px 0 3px;border-bottom:1px solid #ccc;text-transform:uppercase">Order No.: {$ordernumber}</th></tr>
<tr><td align="left" valign="top" colspan="2" style="padding:20px 0 25px">Dear {$shippingname}<br clear="all"><br clear="all">Thank you for your order on {$orderdate}. Your order is now confirmed. Please note the order no. {$ordernumber} as a reference for your records.</td></tr><tr bgcolor="#eee"><td align="left" valign="top" colspan="2" style="padding:10px"><div style="float:left;width:100%;margin-bottom:10px;padding-bottom:3px;border-bottom:1px solid #aaa;font-weight:bold">ORDER DETAILS</div><div style="float:left;width:100%;clear:both"><b>Ship to:</b><br clear="all">{$shippingname}<br clear="all">{$shippingaddress}<br clear="all">Phone - {$shippingphone}</div></td></tr><tr bgcolor="#eee"><td align="left" valign="top" colspan="2" style="padding:0 10px 10px"><table border="0" cellpadding="0" cellspacing="0" style="float:left;width:100%;background-color:#fff;border:1px solid #ddd;border-collapse:collapse;margin-top:15px"><tr><th align="center" valign="middle" style="width:15%;border:1px solid #ddd;padding:5px"></th><th align="left" valign="middle" style="width:85%;border:1px solid #ddd;padding:5px">ITEM</th></tr>
EOJ;
$cmessage .= productrows($ordernumber, $customerid);
$cmessage .= <<<EOJ
</table></td></tr></table>
EOJ;
$html = '<html><body style="background-color:#fff;box-sizing:border-box"><div style="width:100%;height:100%;padding:20px 25px;border:2px solid #000"><div style="width:100%;text-align:center"><img src="'.$imageurl.'logo_pdf.png" alt="'.$websitename.'" height="72" /><br clear="all"><h2>'.$websitename.'</h2><h3>Payment Receipt</h3></div><table border="0" cellspacing="0" cellpadding="0" style="width:100%;margin-top:30px;border-collapse:collapse"><tr><td style="width:45%" colspan="2" rowspan="3" valign="top"><h3>Paid Online</h3><br clear="all">169, C-11, Sector-3, Rohini-110085, New Delhi, India</td><td style="width:20%;border:1px solid #000;padding:5px" valign="top"><b>Date:</b> '.$orderdate.'</td><td style="width:35%;border:1px solid #000;padding:5px" valign="top"><b>Order No.:</b> '.$ordernumber.'</td></tr><tr><td style="width:45%;height:50px;border:1px solid #000;border-bottom:none;padding:5px" valign="top" colspan="2"><b>Bill To:</b> '.$shippingname.'</td></tr></table><table border="0" cellpadding="0" cellspacing="0" style="width:100%;border-collapse:collapse"><tr><th style="width:8%;border:1px solid #000;padding:5px" align="center" valign="top">S. No.</th><th style="width:56%;border:1px solid #000;padding:5px" colspan="2" align="left" valign="top">Description</th><th style="width:10%;border:1px solid #000;padding:5px" align="center" valign="top">Quantity</th><th style="width:13%;border:1px solid #000;padding:5px" align="center" valign="top">Price</th><th style="width:13%;border:1px solid #000;padding:5px" align="center" valign="top">Sub Total</th></tr>';
$html .= productrowsPDF($ordernumber, $customerid);
$html .= '</table><table border="0" cellspacing="0" cellpadding="0" style="width:100%;margin-top:10px;border-collapse:collapse"><tr><td align="right" valign="top"><img src="'.$imageurl.'stamp.png" style="float:right;height:90px" /></td></tr></table></div></body></html>';
$foot = '<div style="float:left;width:100%;line-height:16px;color:#777;font-size:10px;text-align:center">'.$websitename.'<br clear="all">Email: '.$websiteemail.' Website: '.parse_url($baseurl, PHP_URL_HOST).'</div>';
if($status === 'placed'):
$mpdf = new mPDF('UTF-8', 'A4', '10', 'Georgia', 10, 10, 10, 10, 15, 15);
$mpdf->SetDisplayMode('fullpage');
$mpdf->WriteHTML($html);
$mpdf->SetHTMLFooter($foot);
$mpdf->Output($ordernumber.'.pdf');
$attachments = array($ordernumber.'.pdf');
$wsubject = 'Book Order, Transaction successful on '.$orderdate.': Order No. - '.$ordernumber;
$csubject = 'Order placed on '.$orderdate.': Order No. - '.$ordernumber;
$sm->SendMail('akinikbooks@gmail.com', '', '', $wsubject, $wmessage, $fromname, $fromemail, $shippingname, $shippingemail);
$sm->SendMail($shippingemail, '', '', $csubject, $cmessage, $fromname, $fromemail, $replyname, 'akinikbooks@gmail.com', array($ordernumber.'.pdf'));
if(file_exists($ordernumber.'.pdf')) : @unlink($ordernumber.'.pdf'); endif;
echo <<<EOJ
<i class="material-icons green-text">done</i><br clear="all"><br clear="all">
<h3 class="green-text">Your order has been {$status}</h3><br clear="all">
<b>Your order no.: {$ordernumber}</b><br clear="all"><br clear="all">
<p>We've sent you a confirmation email with your payment details and payment receipt to {$shippingemail}.</p><br clear="all">
<b>For any other query</b><br clear="all"><b>Call: +91-9711224068</b><br clear="all"><br clear="all">
<a href="{$baseurl}" class="waves-effect btn-flat green-text">Go Back to Home</a>
EOJ;
elseif($status === 'failed'):
echo <<<EOJ
<i class="material-icons red-text">error</i><br clear="all"><br clear="all">
<h3 class="red-text">Your order has been {$status}</h3><br clear="all">
<b>Your order no.: {$ordernumber}</b><br clear="all"><br clear="all">
<p>Please note the order no. for your reference.</p><br clear="all">
<b>For any other query</b><br clear="all"><b>Call: +91-9711224068</b><br clear="all"><br clear="all">
<a href="{$baseurl}" class="waves-effect btn-flat red-text">Go Back to Home</a>
EOJ;
else:
echo $eMessage;
endif;
else:
echo $eMessage;
endif;
else:
echo $eMessage;
endif;
?>
</div>
</div>
</div>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0-rc.2/js/materialize.min.js" defer></script>
</body>
</html>