Tul xxx Tul
User / IP
:
216.73.216.146
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
comidarapidafran2
/
admin
/
Viewing: create_delivery.php
<?php header('Content-Type: application/json; charset=utf-8'); include '../components/connect.php'; session_start(); $admin_id = $_SESSION['admin_id'] ?? null; if(!$admin_id){ http_response_code(401); echo json_encode(['success' => false, 'message' => 'No autorizado']); exit(); } // Helper: respuesta de error function respond_error($msg, $code = 400){ http_response_code($code); echo json_encode(['success' => false, 'message' => $msg]); exit(); } if($_SERVER['REQUEST_METHOD'] !== 'POST'){ respond_error('Método no permitido', 405); } $customer_name = trim($_POST['customer_name'] ?? ''); $phone = trim($_POST['phone'] ?? ''); $address = trim($_POST['address'] ?? ''); $payment_method = trim($_POST['payment_method'] ?? ''); $notes = trim($_POST['notes'] ?? ''); $order_items = $_POST['order_items'] ?? ''; $total_amount = (float)($_POST['total_amount'] ?? 0); $preparer_id_raw = $_POST['preparer_id'] ?? ''; $preparer_id = null; if($preparer_id_raw !== '' && ctype_digit((string)$preparer_id_raw)){ $preparer_id = (int)$preparer_id_raw; if($preparer_id <= 0){ $preparer_id = null; } } $preparer_ids_raw = $_POST['preparer_ids'] ?? ''; if(is_array($preparer_ids_raw)){ $preparer_ids_raw = implode(',', $preparer_ids_raw); } $preparer_ids = []; if(is_string($preparer_ids_raw) && $preparer_ids_raw !== ''){ foreach(explode(',', $preparer_ids_raw) as $pidStr){ $pid = (int)trim($pidStr); if($pid > 0){ $preparer_ids[$pid] = $pid; } } } if($preparer_id !== null && empty($preparer_ids)){ $preparer_ids[$preparer_id] = $preparer_id; } if($customer_name === '' || $phone === '' || $address === '' || $payment_method === ''){ respond_error('Datos incompletos'); } $valid_methods = ['efectivo','transferencia']; if(!in_array($payment_method, $valid_methods, true)){ respond_error('Método de pago no válido'); } $items = json_decode($order_items, true); if(!is_array($items) || count($items) === 0){ respond_error('El pedido no contiene productos'); } // Recalcular total de forma segura usando precios de BD try { if(!empty($preparer_ids)){ $placeholdersPrep = implode(',', array_fill(0, count($preparer_ids), '?')); $prepStmt = $conn->prepare("SELECT id FROM preparers WHERE id IN ($placeholdersPrep) AND status = 'activo'"); $prepStmt->execute(array_values($preparer_ids)); $validIds = []; foreach($prepStmt->fetchAll(PDO::FETCH_COLUMN, 0) as $vid){ $vid = (int)$vid; if($vid > 0){ $validIds[$vid] = $vid; } } $preparer_ids = $validIds; } $primary_preparer_id = null; if(!empty($preparer_ids)){ $values = array_values($preparer_ids); $primary_preparer_id = (int)$values[0]; } $preparer_id = $primary_preparer_id; $ids = array_values(array_unique(array_map(function($it){ return (int)($it['id'] ?? 0); }, $items))); if(empty($ids)) respond_error('Items inválidos'); $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $conn->prepare("SELECT id, name, price, sale_price FROM products WHERE id IN ($placeholders)"); $stmt->execute($ids); $dbProducts = $stmt->fetchAll(PDO::FETCH_ASSOC); $byId = []; foreach($dbProducts as $p){ $byId[(int)$p['id']] = $p; } $cleanItems = []; $serverTotal = 0.0; foreach($items as $item){ $pid = (int)($item['id'] ?? 0); $qty = (int)($item['cantidad'] ?? 0); if($pid <= 0 || $qty <= 0 || !isset($byId[$pid])) continue; $pname = $byId[$pid]['name']; $costPrice = (float)$byId[$pid]['price']; $salePrice = isset($byId[$pid]['sale_price']) && (float)$byId[$pid]['sale_price'] > 0 ? (float)$byId[$pid]['sale_price'] : $costPrice; $subtotal = $salePrice * $qty; $serverTotal += $subtotal; $cleanItems[] = [ 'id' => $pid, 'nombre' => $pname, 'precio' => $salePrice, 'coste' => $costPrice, 'cantidad' => $qty ]; } if(empty($cleanItems)) respond_error('Productos no válidos'); if(empty($preparer_ids)){ $placeholdersProd = implode(',', array_fill(0, count($ids), '?')); $prepByProductStmt = $conn->prepare( "SELECT product_id, preparer_id, is_primary FROM product_preparers WHERE product_id IN ($placeholdersProd) ORDER BY is_primary DESC, preparer_id ASC" ); $prepByProductStmt->execute($ids); $derived = []; $primaryByProduct = []; foreach($prepByProductStmt->fetchAll(PDO::FETCH_ASSOC) as $row){ $pId = (int)$row['product_id']; $prepId = (int)$row['preparer_id']; if($prepId <= 0){ continue; } $derived[$prepId] = $prepId; if((int)$row['is_primary'] === 1 && !isset($primaryByProduct[$pId])){ $primaryByProduct[$pId] = $prepId; } } $preparer_ids = $derived; if(!empty($preparer_ids)){ $primaryFromProducts = []; foreach($ids as $pid){ if(isset($primaryByProduct[(int)$pid])){ $primaryFromProducts[$primaryByProduct[(int)$pid]] = $primaryByProduct[(int)$pid]; } } if(!empty($primaryFromProducts)){ $values = array_values($primaryFromProducts); $preparer_id = (int)$values[0]; } } } // Insertar pedido $conn->beginTransaction(); $counterUpsert = $conn->prepare( "INSERT INTO `settings` (`setting_key`, `setting_value`) VALUES ('delivery_last_order_number', LAST_INSERT_ID(1))\n" . "ON DUPLICATE KEY UPDATE setting_value = LAST_INSERT_ID(CAST(setting_value AS UNSIGNED) + 1)" ); $counterUpsert->execute(); $nextOrderNumber = (int)$conn->lastInsertId(); $insert_order = $conn->prepare("INSERT INTO `delivery_orders` (order_number, customer_name, phone, address, payment_method, notes, order_items, total_amount, preparer_id) VALUES (?,?,?,?,?,?,?,?,?)"); $insert_order->execute([ $nextOrderNumber, $customer_name, $phone, $address, $payment_method, $notes, json_encode($cleanItems, JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES), $serverTotal, $preparer_id ]); $order_id = (int)$conn->lastInsertId(); // Insertar items detalle $ins_item = $conn->prepare("INSERT INTO `delivery_order_items` (order_id, product_id, product_name, quantity, price, cost_price, subtotal) VALUES (?,?,?,?,?,?,?)"); foreach($cleanItems as $ci){ $ins_item->execute([ $order_id, $ci['id'], $ci['nombre'], $ci['cantidad'], $ci['precio'], $ci['coste'], $ci['precio'] * $ci['cantidad'] ]); } if(!empty($preparer_ids)){ $insertPrep = $conn->prepare("INSERT INTO `delivery_order_preparers` (order_id, preparer_id) VALUES (?,?)"); foreach($preparer_ids as $pid){ $insertPrep->execute([$order_id, $pid]); } } $conn->commit(); echo json_encode(['success' => true, 'order_id' => $order_id, 'order_number' => $nextOrderNumber, 'total' => $serverTotal]); } catch (Throwable $e){ if($conn->inTransaction()) $conn->rollBack(); respond_error('Error al guardar el pedido'); }
Coded With 💗 by
0x6ick