jpsagrisolution.com - UnknownSec 403

UnknownSec Bypass 403

: /var/www/stbilling/cpanel/ [ drwxrwxr-x ]
name : manage_final_gstbill.php
 <?php

require_once "../config.php";

session_start();

$financialyearid= $_SESSION['financialyearid'];
$companyid= $_SESSION['companyid'];

$userid=$_SESSION['userid'];
$partyid= $_POST['partyid'];
$billno  = $_POST['tempbillno'];
$billdate  = $_POST['billdate'];
$stateid  = $_POST['stateid'];
$districtid  = $_POST['districtid'];
$hdid = $_POST['hdid'];
$btnopration = $_POST['btnopration'];
$creationdatetime = date("Y-m-d H:m:s");
$finyear="2022-23";
$message= "";
$cnt=0;
$sno=0;

$query = "select * from temptransactiondetailstb where mainvoucherno='".$billno."'
               and isdeleted='" .$notdeleted."' ";
$result = mysqli_query($conn, $query);
$cnt = intval(mysqli_num_rows($result));

if ($cnt>0) {
    if ($btnopration=="Save") {
    
    $voucherno=0;
    if($companyid==5)
    {
     $query=   "select ifnull(max(voucherno),0) as voucherno from transactiondetailstb
            where financialyearid='".$financialyearid."' and companyofficeid='".$companyid."'  and isdeleted='" .$notdeleted."'";
    }
    else {
      $query=   "select ifnull(max(voucherno),0) as voucherno from transactiondetailstb
             where financialyearid='".$financialyearid."' and companyofficeid!=5  and isdeleted='" .$notdeleted."'";
    }
    $result = mysqli_query($conn, $query);
    
    while($row = mysqli_fetch_array($result))
   {
      $voucherno = intval($row["voucherno"])+1;
   }
       
       if($voucherno>0)
       {
           $query=" insert into transactiondetailstb(transactiondate,voucherno,productid,qty,rate,discount,taxablevalue,cgstpercent,cgstamt,sgstpercent,sgstamt,igstpercent,
                  igstamt,amount,vouchertypeid,partymasterid,accountmasterid,accountamount,partyamount,transactionno,financialyearid,companyofficeid,createdbyid,mainvoucherno, creationdatetime,isdeleted,placeofsupply,districtofsupply)
                  select '".$billdate ."','".$voucherno ."',productid,qty,rate,discount,taxablevalue,cgstpercent,cgstamt,sgstpercent,sgstamt,igstpercent,
                  igstamt,amount,vouchertypeid,partymasterid,accountmasterid,accountamount,partyamount,rowno,financialyearid,'".$companyid."',createdbyid,mainvoucherno,creationdatetime,isdeleted,'".$stateid ."','".$districtid."'
                  from  temptransactiondetailstb where mainvoucherno='".$billno."'";

        $result = mysqli_query($conn, $query);

       }
       
        if ($result==true) {
            $query="delete from temptransactiondetailstb where mainvoucherno='".$billno."'";
            $result = mysqli_query($conn, $query);

            $message="1";
        }
	
        
    } elseif ($btnopration=="Update") {
    
    $_voucherno  = $_POST['voucherno'];
    
        $query = "select * from temptransactiondetailstb where  mainvoucherno='".$billno."'";
        $result = mysqli_query($conn, $query);
        while ($row = mysqli_fetch_assoc($result)) {
            if ($row["tranid"]!="") {
                if ($row["isdeleted"]=="1") {
                    $query="Delete from transactiondetailstb  where transactiondetailsid='".$row["tranid"]."'";
                    $result1 = mysqli_query($conn, $query);
                } else {
                    $query="Update transactiondetailstb set transactiondate='".$row["transactiondate"]."',productid='".$row["productid"]."', qty='".$row["qty"]."',rate='".$row["rate"]."',discount='".$row["discount"]."',taxablevalue='".$row["taxablevalue"]."',
                            cgstpercent='".$row["cgstpercent"]."',cgstamt='".$row["cgstamt"]."',sgstpercent='".$row["sgstpercent"]."',sgstamt='".$row["sgstamt"]."',igstpercent='".$row["igstpercent"]."',igstamt='".$row["igstamt"]."',
                             amount='".$row["amount"]."',partymasterid='".$partyid."',accountamount='".$row["accountamount"]."',partyamount='".$row["partyamount"]."',transactionno='".$row["rowno"]."',placeofsupply='".$stateid ."',districtofsupply='".$districtid ."'
                             where transactiondetailsid='".$row["tranid"]."'";
                    $result2 = mysqli_query($conn, $query);
                }
            }

            else {
            
            
                $query="  insert into transactiondetailstb(transactiondate,voucherno,productid,qty,rate,discount,taxablevalue,cgstpercent,cgstamt,sgstpercent,sgstamt,igstpercent,
                          igstamt,amount,vouchertypeid,partymasterid,accountmasterid,accountamount,partyamount,transactionno,financialyearid,companyofficeid,createdbyid,mainvoucherno,
                          creationdatetime,isdeleted,placeofsupply,districtofsupply)
                          values('".$billdate."','". $_voucherno."','".$row["productid"]."','".$row["qty"]."','".$row["rate"]."','".$row["discount"]."','".$row["taxablevalue"]."','".$row["cgstpercent"]."',
                          '".$row["cgstamt"]."','".$row["sgstpercent"]."','".$row["sgstamt"]."',
                           '".$row["igstpercent"]."','".$row["igstamt"]."','".$row["amount"]."','".$row["vouchertypeid"]."','".$partyid."','".$row["accountmasterid"]."','".$row["amount"]."','".$row["amount"]."',
                           '".$row["rowno"]."','".$row["financialyearid"]."','".$companyid."','".$row["createdbyid"]."','".$row["mainvoucherno"]."','".$row["creationdatetime"]."',
                          '".$row["isdeleted"]."','".$stateid ."','".$districtid."')";

                $result3 = mysqli_query($conn, $query);
            }
        }
		
		 $query="delete from temptransactiondetailstb where mainvoucherno='".$billno."'";
            $result = mysqli_query($conn, $query);
		
		
        $message= "2";
    } elseif ($btnopration=="Remove") {
    
    

        
    }
} else {
    $message="4";
}
echo json_encode($message);
?>