|
Server IP : 217.21.85.138 / Your IP : 216.73.216.103 Web Server : LiteSpeed System : Linux in-mum-web906.main-hosting.eu 4.18.0-553.37.1.lve.el8.x86_64 #1 SMP Mon Feb 10 22:45:17 UTC 2025 x86_64 User : u915722082 ( 915722082) PHP Version : 7.4.33 Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail MySQL : OFF | cURL : ON | WGET : ON | Perl : OFF | Python : OFF Directory (0755) : /home/u915722082/public_html/vendor/../projects/admin/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
session_start();
header('Content-Type: application/json');
if (!isset($_SESSION['admin_id'])) {
echo json_encode(['success' => false, 'message' => 'Unauthorized access']);
exit;
}
require_once '../config/config.php';
require_once '../config/db.php';
$action = $_POST['action'] ?? '';
$current_user_id = $_SESSION['admin_id'];
// ==================== ADD TEMPLATE ====================
if ($action === 'add_template') {
$template_name = mysqli_real_escape_string($con, $_POST['template_name']);
$template_code = mysqli_real_escape_string($con, $_POST['template_code']);
$category = mysqli_real_escape_string($con, $_POST['category']);
$is_active = mysqli_real_escape_string($con, $_POST['is_active']);
$color_scheme = mysqli_real_escape_string($con, $_POST['color_scheme']);
$introduction = mysqli_real_escape_string($con, $_POST['introduction']);
$company_overview = mysqli_real_escape_string($con, $_POST['company_overview']);
$services_offered = mysqli_real_escape_string($con, $_POST['services_offered']);
$methodology = mysqli_real_escape_string($con, $_POST['methodology']);
$timeline_structure = mysqli_real_escape_string($con, $_POST['timeline_structure']);
$pricing_structure = mysqli_real_escape_string($con, $_POST['pricing_structure']);
$terms_conditions = mysqli_real_escape_string($con, $_POST['terms_conditions']);
$conclusion = mysqli_real_escape_string($con, $_POST['conclusion']);
$footer_text = mysqli_real_escape_string($con, $_POST['footer_text'] ?? '');
// Check if template code exists
$check_code = mysqli_query($con, "SELECT template_id FROM tbl_proposal_templates WHERE template_code = '$template_code'");
if (mysqli_num_rows($check_code) > 0) {
echo json_encode(['success' => false, 'message' => 'Template code already exists']);
exit;
}
$query = "INSERT INTO tbl_proposal_templates (
template_name, template_code, category, is_active, color_scheme,
introduction, company_overview, services_offered, methodology,
timeline_structure, pricing_structure, terms_conditions, conclusion,
footer_text, created_by
) VALUES (
'$template_name', '$template_code', '$category', '$is_active', '$color_scheme',
'$introduction', '$company_overview', '$services_offered', '$methodology',
'$timeline_structure', '$pricing_structure', '$terms_conditions', '$conclusion',
'$footer_text', $current_user_id
)";
if (mysqli_query($con, $query)) {
echo json_encode(['success' => true, 'message' => 'Template created successfully!']);
} else {
echo json_encode(['success' => false, 'message' => 'Database error: ' . mysqli_error($con)]);
}
}
// ==================== EDIT TEMPLATE ====================
elseif ($action === 'edit_template') {
$template_id = intval($_POST['template_id']);
$template_name = mysqli_real_escape_string($con, $_POST['template_name']);
$template_code = mysqli_real_escape_string($con, $_POST['template_code']);
$category = mysqli_real_escape_string($con, $_POST['category']);
$is_active = mysqli_real_escape_string($con, $_POST['is_active']);
$color_scheme = mysqli_real_escape_string($con, $_POST['color_scheme']);
$introduction = mysqli_real_escape_string($con, $_POST['introduction']);
$company_overview = mysqli_real_escape_string($con, $_POST['company_overview']);
$services_offered = mysqli_real_escape_string($con, $_POST['services_offered']);
$methodology = mysqli_real_escape_string($con, $_POST['methodology']);
$timeline_structure = mysqli_real_escape_string($con, $_POST['timeline_structure']);
$pricing_structure = mysqli_real_escape_string($con, $_POST['pricing_structure']);
$terms_conditions = mysqli_real_escape_string($con, $_POST['terms_conditions']);
$conclusion = mysqli_real_escape_string($con, $_POST['conclusion']);
$footer_text = mysqli_real_escape_string($con, $_POST['footer_text'] ?? '');
// Check if template code exists for other templates
$check_code = mysqli_query($con, "SELECT template_id FROM tbl_proposal_templates WHERE template_code = '$template_code' AND template_id != $template_id");
if (mysqli_num_rows($check_code) > 0) {
echo json_encode(['success' => false, 'message' => 'Template code already exists']);
exit;
}
$query = "UPDATE tbl_proposal_templates SET
template_name = '$template_name',
template_code = '$template_code',
category = '$category',
is_active = '$is_active',
color_scheme = '$color_scheme',
introduction = '$introduction',
company_overview = '$company_overview',
services_offered = '$services_offered',
methodology = '$methodology',
timeline_structure = '$timeline_structure',
pricing_structure = '$pricing_structure',
terms_conditions = '$terms_conditions',
conclusion = '$conclusion',
footer_text = '$footer_text'
WHERE template_id = $template_id";
if (mysqli_query($con, $query)) {
echo json_encode(['success' => true, 'message' => 'Template updated successfully!']);
} else {
echo json_encode(['success' => false, 'message' => 'Database error: ' . mysqli_error($con)]);
}
}
// ==================== DELETE TEMPLATE ====================
elseif ($action === 'delete_template') {
$template_id = intval($_POST['template_id']);
// Check if template is default
$check_default = mysqli_query($con, "SELECT is_default FROM tbl_proposal_templates WHERE template_id = $template_id");
$template_data = mysqli_fetch_assoc($check_default);
if ($template_data && $template_data['is_default'] === 'Yes') {
echo json_encode(['success' => false, 'message' => 'Cannot delete default template']);
exit;
}
// Check if template is used in any quotations
$check_usage = mysqli_query($con, "SELECT COUNT(*) as count FROM tbl_quotations WHERE template_id = $template_id");
$usage_data = mysqli_fetch_assoc($check_usage);
if ($usage_data['count'] > 0) {
echo json_encode(['success' => false, 'message' => 'Cannot delete template - it is used in ' . $usage_data['count'] . ' quotation(s)']);
exit;
}
$query = "DELETE FROM tbl_proposal_templates WHERE template_id = $template_id";
if (mysqli_query($con, $query)) {
echo json_encode(['success' => true, 'message' => 'Template deleted successfully!']);
} else {
echo json_encode(['success' => false, 'message' => 'Database error: ' . mysqli_error($con)]);
}
}
// ==================== DUPLICATE TEMPLATE ====================
elseif ($action === 'duplicate_template') {
$template_id = intval($_POST['template_id']);
// Get original template
$get_template = mysqli_query($con, "SELECT * FROM tbl_proposal_templates WHERE template_id = $template_id");
$template = mysqli_fetch_assoc($get_template);
if (!$template) {
echo json_encode(['success' => false, 'message' => 'Template not found']);
exit;
}
// Generate new template code
$new_code = $template['template_code'] . '-COPY';
$counter = 1;
while (mysqli_num_rows(mysqli_query($con, "SELECT template_id FROM tbl_proposal_templates WHERE template_code = '$new_code'")) > 0) {
$new_code = $template['template_code'] . '-COPY' . $counter;
$counter++;
}
$new_name = $template['template_name'] . ' (Copy)';
$query = "INSERT INTO tbl_proposal_templates (
template_name, template_code, category, is_active, color_scheme,
introduction, company_overview, services_offered, methodology,
timeline_structure, pricing_structure, terms_conditions, conclusion,
footer_text, is_default, created_by
) VALUES (
'$new_name', '$new_code', '{$template['category']}', '{$template['is_active']}', '{$template['color_scheme']}',
'{$template['introduction']}', '{$template['company_overview']}', '{$template['services_offered']}', '{$template['methodology']}',
'{$template['timeline_structure']}', '{$template['pricing_structure']}', '{$template['terms_conditions']}', '{$template['conclusion']}',
'{$template['footer_text']}', 'No', $current_user_id
)";
if (mysqli_query($con, $query)) {
echo json_encode(['success' => true, 'message' => 'Template duplicated successfully!']);
} else {
echo json_encode(['success' => false, 'message' => 'Database error: ' . mysqli_error($con)]);
}
}
// ==================== SET DEFAULT TEMPLATE ====================
elseif ($action === 'set_default_template') {
$template_id = intval($_POST['template_id']);
// First, remove default from all templates
mysqli_query($con, "UPDATE tbl_proposal_templates SET is_default = 'No'");
// Then set the selected template as default
$query = "UPDATE tbl_proposal_templates SET is_default = 'Yes' WHERE template_id = $template_id";
if (mysqli_query($con, $query)) {
echo json_encode(['success' => true, 'message' => 'Default template updated successfully!']);
} else {
echo json_encode(['success' => false, 'message' => 'Database error: ' . mysqli_error($con)]);
}
}
// ==================== GET DEFAULT TEMPLATE ====================
// Updated: Removed customer default_template_id references since that field was removed
elseif ($action === 'get_customer_template') {
// Simply get the system default template
$default_query = "SELECT * FROM tbl_proposal_templates WHERE is_default = 'Yes' LIMIT 1";
$default_result = mysqli_query($con, $default_query);
$default_template = mysqli_fetch_assoc($default_result);
if ($default_template) {
echo json_encode(['success' => true, 'template' => $default_template]);
} else {
// If no default template set, get the first active template
$fallback_query = "SELECT * FROM tbl_proposal_templates WHERE is_active = 'Yes' ORDER BY created_at DESC LIMIT 1";
$fallback_result = mysqli_query($con, $fallback_query);
$fallback_template = mysqli_fetch_assoc($fallback_result);
if ($fallback_template) {
echo json_encode(['success' => true, 'template' => $fallback_template]);
} else {
echo json_encode(['success' => false, 'message' => 'No template found']);
}
}
}
// ==================== ADD QUOTATION ====================
elseif ($action === 'add_quotation') {
$customer_id = intval($_POST['customer_id']);
$template_id = intval($_POST['template_id']);
$quotation_title = mysqli_real_escape_string($con, $_POST['quotation_title']);
$quotation_date = mysqli_real_escape_string($con, $_POST['quotation_date']);
$valid_until = mysqli_real_escape_string($con, $_POST['valid_until']);
$quotation_items = mysqli_real_escape_string($con, $_POST['quotation_items'] ?? '[]');
$total_amount = floatval($_POST['total_amount']);
$discount_percentage = floatval($_POST['discount_percentage'] ?? 0);
$discount_amount = floatval($_POST['discount_amount'] ?? 0);
$final_amount = floatval($_POST['final_amount']);
$internal_notes = mysqli_real_escape_string($con, $_POST['internal_notes'] ?? '');
$status = mysqli_real_escape_string($con, $_POST['status'] ?? 'Draft');
// Generate quotation code
$last_code_query = mysqli_query($con, "SELECT quotation_code FROM tbl_quotations ORDER BY quotation_id DESC LIMIT 1");
if (mysqli_num_rows($last_code_query) > 0) {
$last_row = mysqli_fetch_assoc($last_code_query);
$last_number = intval(str_replace('QUOT-', '', $last_row['quotation_code']));
$new_number = $last_number + 1;
} else {
$new_number = 1;
}
$quotation_code = 'QUOT-' . str_pad($new_number, 4, '0', STR_PAD_LEFT);
$query = "INSERT INTO tbl_quotations (
quotation_code, customer_id, template_id, quotation_title, quotation_date, valid_until,
quotation_items, total_amount, discount_percentage, discount_amount, final_amount,
internal_notes, status, created_by
) VALUES (
'$quotation_code', $customer_id, $template_id, '$quotation_title', '$quotation_date', '$valid_until',
'$quotation_items', $total_amount, $discount_percentage, $discount_amount, $final_amount,
'$internal_notes', '$status', $current_user_id
)";
if (mysqli_query($con, $query)) {
echo json_encode([
'success' => true,
'message' => 'Quotation created successfully!',
'quotation_code' => $quotation_code
]);
} else {
echo json_encode(['success' => false, 'message' => 'Database error: ' . mysqli_error($con)]);
}
}
// ==================== EDIT QUOTATION ====================
elseif ($action === 'edit_quotation') {
$quotation_id = intval($_POST['quotation_id']);
$customer_id = intval($_POST['customer_id']);
$template_id = intval($_POST['template_id']);
$quotation_title = mysqli_real_escape_string($con, $_POST['quotation_title']);
$quotation_date = mysqli_real_escape_string($con, $_POST['quotation_date']);
$valid_until = mysqli_real_escape_string($con, $_POST['valid_until']);
$quotation_items = mysqli_real_escape_string($con, $_POST['quotation_items'] ?? '[]');
$total_amount = floatval($_POST['total_amount']);
$discount_percentage = floatval($_POST['discount_percentage'] ?? 0);
$discount_amount = floatval($_POST['discount_amount'] ?? 0);
$final_amount = floatval($_POST['final_amount']);
$internal_notes = mysqli_real_escape_string($con, $_POST['internal_notes'] ?? '');
$status = mysqli_real_escape_string($con, $_POST['status'] ?? 'Draft');
$query = "UPDATE tbl_quotations SET
customer_id = $customer_id,
template_id = $template_id,
quotation_title = '$quotation_title',
quotation_date = '$quotation_date',
valid_until = '$valid_until',
quotation_items = '$quotation_items',
total_amount = $total_amount,
discount_percentage = $discount_percentage,
discount_amount = $discount_amount,
final_amount = $final_amount,
internal_notes = '$internal_notes',
status = '$status'
WHERE quotation_id = $quotation_id";
if (mysqli_query($con, $query)) {
echo json_encode(['success' => true, 'message' => 'Quotation updated successfully!']);
} else {
echo json_encode(['success' => false, 'message' => 'Database error: ' . mysqli_error($con)]);
}
}
// ==================== DELETE QUOTATION ====================
elseif ($action === 'delete_quotation') {
$quotation_id = intval($_POST['quotation_id']);
$query = "DELETE FROM tbl_quotations WHERE quotation_id = $quotation_id";
if (mysqli_query($con, $query)) {
echo json_encode(['success' => true, 'message' => 'Quotation deleted successfully!']);
} else {
echo json_encode(['success' => false, 'message' => 'Database error: ' . mysqli_error($con)]);
}
}
// ==================== GET QUOTATION (FOR EDITING) ====================
elseif ($action === 'get_quotation') {
$quotation_id = intval($_POST['quotation_id']);
$query = "SELECT * FROM tbl_quotations WHERE quotation_id = $quotation_id";
$result = mysqli_query($con, $query);
if ($result && mysqli_num_rows($result) > 0) {
$quotation = mysqli_fetch_assoc($result);
echo json_encode(['success' => true, 'quotation' => $quotation]);
} else {
echo json_encode(['success' => false, 'message' => 'Quotation not found']);
}
}
else {
echo json_encode(['success' => false, 'message' => 'Invalid action']);
}
mysqli_close($con);
?>