Server : LiteSpeed System : Linux us-phx-web1202.main-hosting.eu 4.18.0-553.84.1.lve.el8.x86_64 #1 SMP Tue Nov 25 18:33:03 UTC 2025 x86_64 User : u615232177 ( 615232177) PHP Version : 8.1.33 Disable Function : NONE Directory : /home/u615232177/public_html/admin5352/ |
<?php use PHPMailer\PHPMailer\PHPMailer;use PHPMailer\PHPMailer\Exception;use PHPMailer\PHPMailer\SMTP; session_start();
$page_name = basename($_SERVER['PHP_SELF']);
include("headerstrict.php"); ?>
<?php
if (isset($_GET['order_id'])){
$order_id = mysqli_real_escape_string($con,$_GET['order_id']);
$stmt = $con -> prepare('SELECT * FROM my_orders WHERE order_id=?');
$stmt -> bind_param('s',$order_id);
$stmt -> execute();
$stmt -> store_result();
$stmt -> bind_result($id,$user_id,$order_id,$total,$nice_date,$horrible_date,$status,$comments,$email_delivered,$delivery_zone_complete,$payment_method);
$numrows = $stmt -> num_rows();
if($numrows > 0){
while ($stmt -> fetch()) {
$divided = explode('-',$delivery_zone_complete,2);
$delivery_zone_id = $divided[0];
$delivery_zone_fee = $divided[1];
//get zone values
$stmt_zone = $con -> prepare('SELECT * FROM delivery_zones WHERE id = ?');
$stmt_zone -> bind_param('s',$delivery_zone_id);
$stmt_zone -> execute();
$stmt_zone -> store_result();
$stmt_zone -> bind_result($id,$fee,$zone,$locations,$display);
$numrows_zone = $stmt_zone -> num_rows();
if($numrows_zone > 0){
while ($stmt_zone -> fetch()) { }
}
else{$zone="Zone does not exist";$locations="Location does not exist.";}
if($status=="Pending"){$status_color="red";}
if($status=="Completed"){$status_color="forestgreen";}
}
}
else{echo "<meta http-equiv=\"refresh\" content=\"0; url=index.php\">";exit();}
}
else{echo "<meta http-equiv=\"refresh\" content=\"0; url=index.php\">";exit();}
//get the users details for the email sending and to display to the merchant
$stmt_users = $con -> prepare('SELECT * FROM users WHERE user_id=?');
$stmt_users -> bind_param('s',$user_id);
$stmt_users -> execute();
$stmt_users -> store_result();
$stmt_users -> bind_result($id,$user_id,$first_name,$last_name,$email,$password,$phone,$address,$date_signed_up);
$numrows_users = $stmt_users -> num_rows();
while ($stmt_users -> fetch()) {}
?>
<title><?php echo $company_name; ?>, Admin, Order no <?php echo $order_id; ?></title>
<?php
if (isset($_POST["add_additional_funds"])) {
$amount_requested = mysqli_real_escape_string($con,$_POST['amount_requested']);
$date_requested = date('Y-m-d H:i:s');
$date_accepted = "";
$payment_method_funds="";
mysqli_query($con,"INSERT INTO additional_funds VALUES(
'0',
'$order_id',
'$amount_requested',
'Pending',
'$date_requested',
'$date_accepted',
'$payment_method_funds'
)")or die(mysqli_error($con));
//send notification
$content ="Request for additional funds";
$sender ="System";
$receiver = "$user_id";
$seen ="No";
$date_notification = date("D,dS M, Y g:ia");
mysqli_query($con,"INSERT INTO notifications VALUES(
'0',
'$content',
'$sender',
'$receiver',
'$seen',
'$date_notification'
)")or die(mysqli_error($con));
//send email to client that additional funds have been requested
$msg = '';
$subject = "Additional funds has been requested for order $order_id";
$message="";
$button_link="$link/sign_in.php";
$button_text="Log in";
$email_topic="Additional Funds Requested";
include("email_header.php");
$message .= "
Dear $first_name,<br/><br/>
Thank you for your order.Your payment has been received. However in order to fulfill your order we need an additional amount of $currency$amount_requested. To pay for these additional funds kindly log in and go to the order details page. <br> <br/>If you have any questions please contact our dedicated support staff at $company_email<br/><br/>
The $company_name Team.<br/><br/>
$email_logo<br/><br/>
";
include("email_footer.php");
require 'PHPMailer/src/PHPMailer.php';
require 'PHPMailer/src/SMTP.php';
require 'PHPMailer/src/Exception.php';
$mail = new PHPMailer();
$mail->IsSMTP(); // telling the class to use SMTP
$mail->SMTPAuth = true; // enable SMTP authentication
$mail->Host = "smtp.titan.email"; // sets the SMTP server
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // Set encryption to STARTTLS
$mail->Port = 587; // Use port 587 for TLS
$mail->Username = "$no_reply_email"; // SMTP account username
$mail->Password = "$no_reply_password"; // SMTP account password
$mail->SetFrom("$no_reply_email", "$company_name");//Use a fixed address in your own domain as the from address
$mail->AddReplyTo("$company_email", "$company_name"); //Put the submitter's address in a reply-to header
$mail->Subject = "$subject";
$mail->MsgHTML("<html><body>$message<br></body></html>");
$mail->AddAddress("$email", "$email");//Send the message to yourself, or whoever should receive contact for submissions
//$mail->AddAttachment(""); // attachment
if(!$mail->Send()) {
//echo "Mailer Error: " . $mail->ErrorInfo;
$msg = "Email NOT sent.";
}
else {
$msg = "Email successfully sent.";
}
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Additonal funds of $currency$amount_requested requested.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=$page_name?order_id=$order_id&m=$message\">";
}
if (isset($_POST["mark_as_completed"])) {
$completed="Completed";
$stmt_com = $con -> prepare('UPDATE my_orders SET status = ? WHERE order_id = ?');
$stmt_com -> bind_param('ss', $completed,$order_id);
$stmt_com -> execute();
//send notification
$content ="Your order $order_id has been successfully paid for";
$sender ="System";
$receiver = "$user_id";
$seen ="No";
$date_notification = date("D,dS M, Y g:ia");
mysqli_query($con,"INSERT INTO notifications VALUES(
'0',
'$content',
'$sender',
'$receiver',
'$seen',
'$date_notification'
)")or die(mysqli_error($con));
//send email to client that the order was completed
$msg = '';
$subject = "$first_name Order $order_id was successfully completed";
$message="";
$button_link="$link/sign_in.php";
$button_text="Log in";
$email_topic="Order Verified!";
include("email_header.php");
$message .= "
Dear $first_name,<br/><br/>
Thank you for your order.Your payment has been received. Your goods will be delivered in the time and manner as discussed with our representative.<br/>If you have any questions please contact our dedicated support staff at $company_email<br/><br/>
The $company_name Team.<br/><br/>
$email_logo<br/><br/>
";
include("email_footer.php");
require 'PHPMailer/src/PHPMailer.php';
require 'PHPMailer/src/SMTP.php';
require 'PHPMailer/src/Exception.php';
$mail = new PHPMailer();
$mail->IsSMTP(); // telling the class to use SMTP
$mail->SMTPAuth = true; // enable SMTP authentication
$mail->Host = "smtp.titan.email"; // sets the SMTP server
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // Set encryption to STARTTLS
$mail->Port = 587; // Use port 587 for TLS
$mail->Username = "$no_reply_email"; // SMTP account username
$mail->Password = "$no_reply_password"; // SMTP account password
$mail->SetFrom("$no_reply_email", "$company_name");//Use a fixed address in your own domain as the from address
$mail->AddReplyTo("$company_email", "$company_name"); //Put the submitter's address in a reply-to header
$mail->Subject = "$subject";
$mail->MsgHTML("<html><body>$message<br></body></html>");
$mail->AddAddress("$email", "$email");//Send the message to yourself, or whoever should receive contact for submissions
//$mail->AddAttachment(""); // attachment
if(!$mail->Send()) {
//echo "Mailer Error: " . $mail->ErrorInfo;
$msg = "Email NOT sent.";
}
else {
$msg = "Email successfully sent.";
}
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Order was successfully marked as completed. $msg";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=$page_name?order_id=$order_id&m=$message\">";
}
if (isset($_POST["mark_as_pending"])) {
$pending="Pending";
$stmt = $con -> prepare('UPDATE my_orders SET status = ? WHERE order_id = ?');
$stmt -> bind_param('ss', $pending,$order_id);
$stmt -> execute();
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Order was successfully marked as pending.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=$page_name?order_id=$order_id&m=$message\">";
}
if (isset($_POST["delete"])) {
$stmt = $con -> prepare('DELETE FROM my_orders WHERE order_id = ?');
$stmt -> bind_param('s', $order_id);
$stmt -> execute();
$stmth = $con -> prepare('DELETE FROM cart_details WHERE order_id = ?');
$stmth -> bind_param('s', $order_id);
$stmth -> execute();
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Order successfully deleted.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=orders.php&m=$message\">";
exit();
}
if (isset($_POST["update_delivery_status"])) {
$delivery_status = mysqli_real_escape_string($con,$_POST['delivery_status']);
$stmt = $con -> prepare('UPDATE my_orders SET horrible_date = ? WHERE order_id = ?');
$stmt -> bind_param('ss', $delivery_status,$order_id);
$stmt -> execute();
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Order was successfully marked as $delivery_status.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=$page_name?order_id=$order_id&m=$message\">";
}
?>
<!-- ======= Breadcrumbs ======= -->
<section id="breadcrumbs" class="breadcrumbs">
<div class="container"> </div>
</section>
<!-- End Breadcrumbs -->
<!-- ======= Contact Section ======= -->
<section id="contact" class="contact inner-page">
<div class="container" data-aos="fade-up">
<div class="section-title">
<h2>Order NO:<?php echo $order_id; ?></h2>
<p></p>
</div>
<div class="row">
<div class="col-lg-8">
<h2>ORDER DETAILS</h2>
<?php
$stmt1 = $con -> prepare('SELECT * FROM cart_details WHERE order_id=?');
$stmt1 -> bind_param('s',$order_id);
$stmt1 -> execute();
$stmt1 -> store_result();
$stmt1 -> bind_result($id,$order_id,$product_id,$product_title,$product_price,$product_image,$qty);
$numrows1 = $stmt1 -> num_rows();
if($numrows1 > 0){
while ($stmt1 -> fetch()) {
echo"
<a href='../product_details.php?product=$product_id'>
<img src='assets/img/products/$product_image' alt='' style='width:100px;height:100px;border-radius:5px;'><br/>
<b>$product_title</b></a><br/>$currency";
echo number_format($product_price);
echo
"
<br/>Qty - $qty<hr/>";
$total = $qty * $product_price;
$total_array[] = $total;
}
echo"
Customer: <span class='' style='font-weight:900;'><a href='user_details.php?u=$user_id'>$first_name $last_name</a></span><br/>
Email: <span style='font-weight:900;'>$email</span><br/>
Phone: <span style='font-weight:900;'>$phone</span><br/>
Payment Method: <span style='font-weight:900;'>$payment_method</span><br/>
Payment: <span class='number_bo' style='color:$status_color;font-weight:900;'>$status</span><br/>
Comments: <span style='font-weight:900;'>$comments</span><br/>
Shipping Address: <span style='font-weight:900;'>$address</span><br/>
Date: <span style='font-weight:900;'>";echo "$nice_date"; echo"</span><hr/>
Delivery: Status <span style='font-weight:900;'>$horrible_date</span><br/>
";
$grand_total = array_sum($total_array);
$gt = $grand_total + $delivery_zone_fee;
echo"
Subtotal<span class='number_box'>$currency";echo number_format($grand_total);echo"</span><br/>
Shipping Fee<span class='number_box'>$currency";echo number_format($delivery_zone_fee);echo"</span><br>
Delivery Zone <span class=''>$zone <br> $locations</span><hr/>
Total <span class='number_box the_color'>$currency";echo number_format($gt);echo"
</span>";
}
else{echo "<meta http-equiv=\"refresh\" content=\"0; url=index5.php\">";exit();}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?><?php echo"?order_id=$order_id"; ?>" method="post" class="php-email-form1" enctype='multipart/form-data'>
<?php
if($status=="Pending"){
echo"
<div class='text-center'>
<button type='submit' name='mark_as_completed'>Mark as Completed</button>
<button type='submit' name='delete'>Delete</button>
</div>
";
}
if($status=="Completed"){
echo"
<div class='text-center'>
<button type='submit' name='mark_as_pending'>Mark as Pending</button>
<button type='submit' name='delete'>Delete</button>
</div>
";
}
?>
</form> <br><br>
<h2>UPDATE DELIVERY STATUS</h2>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?><?php echo"?order_id=$order_id"; ?>" method="post" class="php-email-form1" enctype='multipart/form-data'>
<div class="form-row">
<div class="form-group col-md-12">
<input type="text" name="delivery_status" class="form-control" placeholder="Delivery Status" required />
</div>
</div>
<div class="text-center">
<button type="submit" name='update_delivery_status'>Update</button>
</div>
</form> <br><br>
</div>
<div class="col-lg-8">
<h2>ADDITIONAL FUNDS</h2>
Request for additional funds for this order
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?><?php echo"?order_id=$order_id"; ?>" method="post" class="php-email-form1" enctype='multipart/form-data'>
<div class="form-row">
<div class="form-group col-md-12">
<input type="number" name="amount_requested" class="form-control" placeholder="Amount" required />
</div>
</div>
<div class="text-center">
<button type="submit" name='add_additional_funds'>Request</button>
</div>
</form>
<br><br>
<h2>FUNDS REQUESTED</h2>
<?php $add_status_color = "black";
$stmt_add = $con -> prepare('SELECT * FROM additional_funds WHERE order_id = ?');
$stmt_add -> bind_param('s',$order_id);
$stmt_add -> execute();
$stmt_add -> store_result();
$stmt_add -> bind_result($add_id,$order_id,$amount_requested,$add_status,$date_requested,$date_accepted,$add_payment_method);
$numrows_add = $stmt_add -> num_rows();
if($numrows_add > 0){
while ($stmt_add -> fetch()) {
if($add_status == "Completed"){
$add_status_color ="forestgreen";
}
if($add_status == "Pending"){
$add_status_color ="crimson";
}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?><?php echo"?order_id=$order_id"; ?>" method="post" class="php-email-form1" enctype='multipart/form-data'>
Amount Requested: <b><?php echo "$currency$amount_requested"; ?></b><br>
Status: <b style='color:<?php echo $add_status_color; ?>;'><?php echo $add_status; ?></b><br>
Date Requested: <b><?php echo $date_requested; ?></b><br>
Date Accepted: <b><?php echo $date_accepted; ?></b><br>
Payment Method: <b><?php echo $add_payment_method; ?></b>
<br>
<div class="text-center">
<button type="submit" name='approve_funds<?php echo $add_id ?>'>Approve</button>
<button type="submit" name='delete_funds<?php echo $add_id ?>'>Delete</button>
</div>
</form>
<?php
if (isset($_POST["approve_funds$add_id"])) {
require 'PHPMailer/src/PHPMailer.php';
require 'PHPMailer/src/SMTP.php';
require 'PHPMailer/src/Exception.php';
$mail = new PHPMailer();
$mail->IsSMTP(); // telling the class to use SMTP
$mail->SMTPAuth = true; // enable SMTP authentication
$mail->Host = "smtp.titan.email"; // sets the SMTP server
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS; // Set encryption to STARTTLS
$mail->Port = 587; // Use port 587 for TLS
$mail->Username = "$no_reply_email"; // SMTP account username
$mail->Password = "$no_reply_password"; // SMTP account password
$mail->SetFrom("$no_reply_email", "$company_name");//Use a fixed address in your own domain as the from address
$subject = "$first_name thank you for your additional payment for order $order_id";
$message="";
$button_link="$link/sign_in.php";
$button_text="Log in";
$email_topic="Your order has been successfully paid for.";
include("email_header.php");
$message .= "
Dear $first_name,<br/><br/>
Thank you for shopping up with us at $company_name.Your additonal payment has been received and your order is now being processed.<br/>If you have any questions please contact our dedicated support staff at $company_email<br/><br/>
The $company_name Team.<br/><br/>
Please find the details of your order below:<br/>";
$che = mysqli_query($con,"SELECT * FROM cart_details WHERE order_id='$order_id'");
if (mysqli_num_rows($che) > 0) {
while ($get = mysqli_fetch_array($che)) {
$product_id = $get["product_id"];
$product_title = $get["product_title"];
$product_image = $get["product_image"];
$product_price = $get["product_price"];
$qty = $get["qty"];
$message .="
<img src='$link/$admin_no/assets/img/products/$product_image' alt='$product_title' style='width:70px;height:70px;'>
<h5 style='font-weight:700;font-size:14px;line-height:1px;'>$product_title</h5>
<p style='font-size:10px;line-height:1px;'>$currency$product_price.00</p>
<p style='font-size:10px;line-height:1px;'>Quantity - $qty</p>
<div style='color:gainsboro;opacity:0.5;'><hr/></div>
";
}
}
$message.="$email_logo<br/><br/>
";
include("email_footer.php");
$mail->AddAddress("$email", "$email");//Send the message to yourself, or whoever should receive contact for submissions
$mail->AddReplyTo("$company_email","$company_name"); //Put the submitter's address in a reply-to header
$mail->Subject = "$subject";
$mail->MsgHTML("$message");
if(!$mail->Send()) {
//echo "Mailer Error: " . $mail->ErrorInfo;
$msg = 'Email not sent, please try again';
}
else {
//echo "Thanks for getting in touch, we will get back to ASAP";
$msg = "Hey $first_name thanks for getting in touch, we will get back to you ASAP.";
}
//send notification
$content ="Additional payment for order $order_id has been successfully paid for";
$sender ="System";
$receiver = "$user_id";
$seen ="No";
$date_notification = date("D,dS M, Y g:ia");
mysqli_query($con,"INSERT INTO notifications VALUES(
'0',
'$content',
'$sender',
'$receiver',
'$seen',
'$date_notification'
)")or die(mysqli_error($con));
$completed="Completed"; $date_accepted = date('Y-m-d H:i:s');
$stmt_com = $con -> prepare('UPDATE additional_funds SET status = ?,date_accepted = ? WHERE id = ?');
$stmt_com -> bind_param('sss', $completed,$date_accepted,$add_id);
$stmt_com -> execute();
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Request successfully approved.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=$page_name?order_id=$order_id&m=$message\">";
}
if (isset($_POST["delete_funds$add_id"])) {
$stmt = $con -> prepare('DELETE FROM additional_funds WHERE id = ?');
$stmt -> bind_param('i', $add_id);
$stmt -> execute();
//create a session to verify it's coming from here
$_SESSION["action"] = "true";
$message="Request successfully deleted.";
echo "<meta http-equiv=\"refresh\" content=\"0; url=success.php?u=$page_name?order_id=$order_id&m=$message\">";
}
}
}else{echo"No requests have been made.";}
?>
</div>
</div><!-- end row -->
</div>
</section><!-- End Contact Section -->
<?php include("footer.php"); ?>