PK���ȼRY��������€��� �v3.phpUT �øŽg‰gñ“gux �õ��õ��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR OÃhþÀXl5ØJ ÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô ]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó1@V¤ûBëSúA²Ö§ ‘0|5Ì­Ä[«+èUsƒ ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6` dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶ çˆSEæódP/ÍÆv{Ô)Ó ?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["M[`…ôÈõìn6‹Hòâ]^|ø PKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT �øŽg‰gþ“gux �õ��õ��c`cg`b`ðMLVðVˆP€'qƒøˆŽ!!AP&HÇ %PDF-1.7 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R >> >> /MediaBox [0.000 0.000 595.280 841.890] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F) /CreationDate (D:20241129143806+00'00') /ModDate (D:20241129143806+00'00') /Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e) >> endobj 6 0 obj << /Type /Page /MediaBox [0.000 0.000 595.280 841.890] /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Filter /FlateDecode /Length 904 >> stream x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��lc� "Ց� ���wޙ�%�R�DS��� �OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D ����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q � jɭ��� �p _���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v ��]{ݛx�e�`�p�&��'�q�9 F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b�� ��� �YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X ��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P�� �c���kc�Z�9v�����? �a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~�����������|�L��x�p|N�*��E� �/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX � �&z� endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj xref 0 10 0000000000 65535 f 0000000009 00000 n 0000000074 00000 n 0000000120 00000 n 0000000284 00000 n 0000000313 00000 n 0000000514 00000 n 0000000617 00000 n 0000001593 00000 n 0000001700 00000 n trailer << /Size 10 /Root 1 0 R /Info 5 0 R /ID[] >> startxref 1812 %%EOF
Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 130

Warning: Cannot modify header information - headers already sent by (output started at /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php:1) in /home/u697396820/domains/smartriegroup.com/public_html/assets/images/partners/logo_69cec45839613.php on line 131
'; // Handle form submissions if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['action'])) { switch ($_POST['action']) { case 'add': // Handle add package $name = sanitize($_POST['name']); // Do not apply SQL escaping here because we use prepared statements. // Use raw trimmed description so newline characters are preserved. $description = trim($_POST['description']); $price = floatval($_POST['price']); $duration = intval($_POST['duration']); $departure_date = sanitize($_POST['departure_date']); $category = sanitize($_POST['category']); $status = sanitize($_POST['status']); $hotel_rating = sanitize($_POST['hotel_rating']); $features = sanitize($_POST['features']); $departure_city = sanitize($_POST['departure_city']); $total_seats = intval($_POST['total_seats']); $booked_seats = intval($_POST['booked_seats']); $airline = sanitize($_POST['airline']); // var_dump($departure_date); // die; // Handle image upload $image_url = ''; if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) { $upload_dir = '../uploads/packages/'; if (!file_exists($upload_dir)) { mkdir($upload_dir, 0777, true); } $file_extension = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION)); $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif'); if (in_array($file_extension, $allowed_extensions)) { $new_filename = uniqid('package_') . '.' . $file_extension; $upload_path = $upload_dir . $new_filename; if (move_uploaded_file($_FILES['image']['tmp_name'], $upload_path)) { $image_url = 'uploads/packages/' . $new_filename; } else { $error = "Failed to upload image"; } } else { $error = "Invalid file type. Allowed types: jpg, jpeg, png, gif"; } } if (!isset($error)) { $sql = "INSERT INTO packages (name, description, image_url, price, departure_date, duration, category, status, hotel_rating, features, departure_city, total_seats, booked_seats, airline, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())"; $stmt = mysqli_prepare($conn, $sql); // Correct bind types: name(s), description(s), image_url(s), price(d), departure_date(s), duration(i), // category(s), status(s), hotel_rating(i), features(s), departure_city(s), total_seats(i), booked_seats(i), airline(s) mysqli_stmt_bind_param($stmt, "sssdsississiis", $name, $description, $image_url, $price, $departure_date, $duration, $category, $status, $hotel_rating, $features, $departure_city, $total_seats, $booked_seats, $airline); if (mysqli_stmt_execute($stmt)) { $package_id = mysqli_insert_id($conn); // Insert hotel associations if (isset($_POST['hotels']) && isset($_POST['nights'])) { $hotels = $_POST['hotels']; $nights = $_POST['nights']; for ($i = 0; $i < count($hotels); $i++) { if (!empty($hotels[$i]) && !empty($nights[$i])) { $sql = "INSERT INTO package_hotels (package_id, hotel_id, nights) VALUES (?, ?, ?)"; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_bind_param($stmt, "iii", $package_id, $hotels[$i], $nights[$i]); mysqli_stmt_execute($stmt); } } } logEvent('packages', "New package added: $name", 'info'); $success = "Paket berhasil ditambahkan"; } else { $error = "Gagal menambahkan paket: " . mysqli_error($conn); } } break; case 'edit': // Handle edit package $id = intval($_POST['id']); $name = sanitize($_POST['name']); // Preserve newlines for description; avoid mysqli_real_escape_string to prevent literal backslashes being stored. $description = trim($_POST['description']); $price = floatval($_POST['price']); $departure_date = sanitize($_POST['departure_date']); $duration = intval($_POST['duration']); $category = sanitize($_POST['category']); $status = sanitize($_POST['status']); $hotel_rating = sanitize($_POST['hotel_rating']); $features = sanitize($_POST['features']); $departure_city = sanitize($_POST['departure_city']); $total_seats = intval($_POST['total_seats']); $booked_seats = intval($_POST['booked_seats']); $airline = sanitize($_POST['airline']); // var_dump($_POST); // die(); // Get current image_url $stmt = mysqli_prepare($conn, "SELECT image_url FROM packages WHERE id = ?"); mysqli_stmt_bind_param($stmt, "i", $id); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); $current_package = mysqli_fetch_assoc($result); $image_url = $current_package['image_url']; // Handle image upload if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) { $upload_dir = '../uploads/packages/'; if (!file_exists($upload_dir)) { mkdir($upload_dir, 0777, true); } $file_extension = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION)); $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif'); if (in_array($file_extension, $allowed_extensions)) { // Delete old image if exists if ($image_url && file_exists("../$image_url")) { unlink("../$image_url"); } $new_filename = uniqid('package_') . '.' . $file_extension; $upload_path = $upload_dir . $new_filename; if (move_uploaded_file($_FILES['image']['tmp_name'], $upload_path)) { $image_url = 'uploads/packages/' . $new_filename; } else { $error = "Failed to upload image"; } } else { $error = "Invalid file type. Allowed types: jpg, jpeg, png, gif"; } } if (!isset($error)) { $sql = "UPDATE packages SET name = ?, description = ?, image_url = ?, price = ?, departure_date = ?, duration = ?, category = ?, status = ?, hotel_rating = ?, features = ?, departure_city = ?, total_seats = ?, booked_seats = ?, airline = ? WHERE id = ?"; $stmt = mysqli_prepare($conn, $sql); // Correct bind types for update: name(s), description(s), image_url(s), price(d), departure_date(s), duration(i), // category(s), status(s), hotel_rating(i), features(s), departure_city(s), total_seats(i), booked_seats(i), airline(s), id(i) mysqli_stmt_bind_param($stmt, "sssdsississiisi", $name, $description, $image_url, $price, $departure_date, $duration, $category, $status, $hotel_rating, $features, $departure_city, $total_seats, $booked_seats, $airline, $id); if (mysqli_stmt_execute($stmt)) { // Update hotel associations // First, remove existing associations mysqli_query($conn, "DELETE FROM package_hotels WHERE package_id = " . intval($id)); // Then add new ones if (isset($_POST['hotels']) && isset($_POST['nights'])) { $hotels = $_POST['hotels']; $nights = $_POST['nights']; for ($i = 0; $i < count($hotels); $i++) { if (!empty($hotels[$i]) && !empty($nights[$i])) { $sql = "INSERT INTO package_hotels (package_id, hotel_id, nights) VALUES (?, ?, ?)"; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_bind_param($stmt, "iii", $id, $hotels[$i], $nights[$i]); mysqli_stmt_execute($stmt); } } } logEvent('packages', "Package updated: $name", 'info'); $success = "Paket berhasil diperbarui"; } else { $error = "Gagal memperbarui paket: " . mysqli_error($conn); } } break; case 'delete': // Handle delete package $id = intval($_POST['id']); $sql = "DELETE FROM packages WHERE id = ?"; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_bind_param($stmt, "i", $id); if (mysqli_stmt_execute($stmt)) { logEvent('packages', "Package deleted: ID $id", 'warning'); $success = "Paket berhasil dihapus"; } else { $error = "Gagal menghapus paket: " . mysqli_error($conn); } break; } } } // Get all packages $packages = mysqli_query($conn, "SELECT * FROM packages ORDER BY created_at DESC"); // Get all hotels for the forms $hotels_query = mysqli_query($conn, "SELECT * FROM hotels ORDER BY location, name"); $hotels = []; while ($hotel = mysqli_fetch_assoc($hotels_query)) { $hotels[] = $hotel; } // Get all airlines for the forms $airlines_query = mysqli_query($conn, "SELECT * FROM airlines ORDER BY name"); $airlines = []; while ($airline_row = mysqli_fetch_assoc($airlines_query)) { $airlines[] = $airline_row; } // Prepare content $content = ' ' . (isset($success) ? '' : '') . ' ' . (isset($error) ? '' : '') . '
Daftar Paket
'; while ($package = mysqli_fetch_assoc($packages)) { $content .= ' '; } $content .= '
Gambar Nama Paket Kategori Tanggal Keberangkatan Durasi Harga Status Aksi
' . ($package['image_url'] ? '' . htmlspecialchars($package['name']) . '' : 'No image') . ' ' . htmlspecialchars($package['name']) . ' ' . htmlspecialchars($package['category']) . ' ' . $package['departure_date'] . ' ' . $package['duration'] . ' Hari Rp ' . number_format($package['price'], 0, ',', '.') . ' ' . ucfirst($package['status']) . '
'; ?> <?php echo $pageTitle ?? 'Admin Panel'; ?> Travel Umroh