One Hat Cyber Team

Edit File Name: ajax.php

<?php
require_once("../config.php");
require_once('../is-classes/SimpleImage.class.php');

if(isset($_SESSION['id']) AND isset($_SESSION['fullname'])){
	if($_SESSION['id'] != "" AND $_SESSION['fullname'] != ""){
		if(isset($_POST['action'])){
			if($_POST['action'] == "editaccount"){
				$req = $bdd->prepare("UPDATE users SET fullname='".sanitize_vars($_POST['fullname'])."',picture='".sanitize_vars($_POST['picture'])."',phone='".sanitize_vars($_POST['phone'])."' WHERE id='".$_SESSION['id']."'");
				$req->execute();
			}

if($_POST['action'] == "editpassword"){
				if($_POST['oldpassword'] == "" OR $_POST['newpassword1'] == "" OR $_POST['newpassword2'] == ""){
					echo '2';
				}
				else{
					$back = $bdd->query("SELECT id FROM users WHERE id='".$_SESSION['id']."' AND password='".$_POST['oldpassword']."'");
					if($back->rowCount() == 0){
						echo '3';
					}
					elseif($_POST['newpassword1'] != $_POST['newpassword2']){
						echo '4';
					}
					else{
						$req = $bdd->prepare("UPDATE users SET password='".sanitize_vars($_POST['newpassword1'])."' WHERE id='".$_SESSION['id']."'");
						$req->execute();
						echo '1';
					}
				}
			}
			
			if($_POST['action'] == "addmoderator"){
				if($_POST['id'] == "0"){
					$back = $bdd->query("SELECT id FROM users WHERE email='".$_POST['email']."'");
					if($back->rowCount() == 0){
						$req = $bdd->prepare("INSERT INTO users(id,email,password,fullname,picture,phone,type,roles,idplayer,dateadd,trash) VALUES ('0','".sanitize_vars($_POST['email'])."','".sanitize_vars($_POST['password'])."','".sanitize_vars($_POST['fullname'])."','avatar.png','".sanitize_vars($_POST['phone'])."','moderator','".sanitize_vars(substr($_POST['roles'],1))."','','".time()."','1')");
						$req->execute();
					}
					else{
						echo "Email exist déja !!";
					}
				}
				else{
					$req = $bdd->prepare("UPDATE users SET password='".sanitize_vars($_POST['password'])."',fullname='".sanitize_vars($_POST['fullname'])."',phone='".sanitize_vars($_POST['phone'])."',roles='".sanitize_vars(substr($_POST['roles'],1))."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletemoderator"){
				$req = $bdd->prepare("UPDATE users SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restoremoderator"){
				$req = $bdd->prepare("UPDATE users SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletemoderatorpermanently"){
				$req = $bdd->prepare("DELETE FROM users WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadmoderators"){
				$back = $bdd->query("SELECT id FROM users WHERE type='moderator' AND trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-moderator"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM users WHERE type='moderator' AND trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-moderator"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Nom et prénom </td>
						<td>Téléphone </td>
						<td>E-mail </td>
						<td>Droits </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM users WHERE type='moderator' AND trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (fullname LIKE '%".sanitize_vars($_POST['keyword'])."%' OR phone LIKE '%".sanitize_vars($_POST['keyword'])."%' OR email LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="moderator" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td><?php echo $row['fullname'];?></td>
						<td><?php echo $row['phone'];?></td>
						<td><?php echo $row['email'];?></td>
						<td><?php echo str_replace(",",", ",$row['roles']);?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-moderator lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-fullname="<?php echo $row['fullname'];?>"
								data-email="<?php echo $row['email'];?>"
								data-password="<?php echo $row['password'];?>"
								data-phone="<?php echo $row['phone'];?>"
								data-roles=",<?php echo $row['roles'];?>" data-title="moderator"></a>
								<?php
								if($row['email'] != "admin@gmail.com"){
								?>
								<a href="javascript:;" class="lx-delete lx-delete-moderator lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
								}
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-moderator" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-moderator" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> modérateur(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> modérateur(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addworker"){
				if($_POST['id'] == "0"){
					$back = $bdd->query("SELECT id FROM users WHERE email='".$_POST['email']."'");
					if($back->rowCount() == 0){
						$req = $bdd->prepare("INSERT INTO users(id,email,password,fullname,picture,phone,type,roles,idplayer,dateadd,trash) VALUES ('0','".sanitize_vars($_POST['email'])."','".sanitize_vars($_POST['password'])."','".sanitize_vars($_POST['fullname'])."','avatar.png','".sanitize_vars($_POST['phone'])."','worker','','','".time()."','1')");
						$req->execute();
					}
					else{
						echo "Email exist déja !!";
					}
				}
				else{
					$req = $bdd->prepare("UPDATE users SET password='".sanitize_vars($_POST['password'])."',fullname='".sanitize_vars($_POST['fullname'])."',phone='".sanitize_vars($_POST['phone'])."',roles='' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deleteworker"){
				$req = $bdd->prepare("UPDATE users SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restoreworker"){
				$req = $bdd->prepare("UPDATE users SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deleteworkerpermanently"){
				$req = $bdd->prepare("DELETE FROM users WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadworkers"){
				$back = $bdd->query("SELECT id FROM users WHERE type='worker' AND trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-worker"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM users WHERE type='worker' AND trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-worker"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Nom et prénom </td>
						<td>Téléphone </td>
						<td>E-mail </td>
						<td>Date inscription </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM users WHERE type='worker' AND trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (fullname LIKE '%".sanitize_vars($_POST['keyword'])."%' OR phone LIKE '%".sanitize_vars($_POST['keyword'])."%' OR email LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="worker" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td><?php echo $row['fullname'];?></td>
						<td><?php echo $row['phone'];?></td>
						<td><?php echo $row['email'];?></td>
						<td><?php echo ($row['dateadd'] != "")?gmdate("d/m/Y H:i",$row['dateadd']):"";?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-worker lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-fullname="<?php echo $row['fullname'];?>"
								data-email="<?php echo $row['email'];?>"
								data-password="<?php echo $row['password'];?>"
								data-phone="<?php echo $row['phone'];?>" data-title="worker"></a><a href="javascript:;" class="lx-delete lx-delete-worker lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-worker" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-worker" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> employé(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> employé(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addproduct"){
				$counter = "";
				if($_POST['counter'] != ""){
					$counter = strtotime(str_replace("/","-",$_POST['counter']));	
				}
				if(preg_match("#http#",$_POST['thumbnails'])){
					$thumbnails = explode(",",$_POST['thumbnails']);
					$_POST['thumbnails'] = "";
					for($i=0;$i<count($thumbnails);$i++){
						$alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
						$pass = array(); //remember to declare $pass as an array
						$alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
						for ($j = 0; $j < 8; $j++) {
							$n = rand(0, $alphaLength);
							$pass[] = $alphabet[$n];
						}
						$name = time().implode($pass).'.jpg';
						$name1 = "../is-uploads/".$name;
						file_put_contents($name1, fopen($thumbnails[$i], 'r'));
						$img = new SimpleImage();
						$img->load($name1)->fit_to_width(800)->save('../is-uploads/large_'.$name);
						$img->load($name1)->square_crop(400)->save('../is-uploads/cropped_'.$name);
						$img->load($name1)->fit_to_width(300)->save('../is-uploads/small_'.$name);				
						$img->load($name1)->square_crop(100)->save('../is-uploads/micro_'.$name);
						$_POST['thumbnails'] .= ",".$name;
						$req = $bdd->prepare("INSERT INTO medias VALUES('','".$name."')");
						$req->execute();
					}
					$_POST['thumbnails'] = substr($_POST['thumbnails'],1);
				}
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO products VALUES('0','".random()."','".sanitize_vars($_POST['title'])."','".sanitize_vars($_POST['slug'])."','".addslashes($_POST['description'])."','".sanitize_vars($_POST['keywords'])."','".sanitize_vars($_POST['thumbnails'])."','".$_POST['category']."','".sanitize_vars($_POST['oprice'])."','".sanitize_vars($_POST['price'])."','".$counter."','".sanitize_vars($_POST['qty'])."','".sanitize_vars($_POST['cities'])."','".time()."','".sanitize_vars($_POST['shippingfees'])."','".$_POST['showinhome']."','".sanitize_vars($_POST['pixel'])."','".sanitize_vars($_POST['pixelevent'])."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE products SET title='".sanitize_vars($_POST['title'])."',slug='".sanitize_vars($_POST['slug'])."',description='".addslashes($_POST['description'])."',keywords='".sanitize_vars($_POST['keywords'])."',pictures='".sanitize_vars($_POST['thumbnails'])."',category='".$_POST['category']."',oprice='".sanitize_vars($_POST['oprice'])."',price='".sanitize_vars($_POST['price'])."',counter='".$counter."',qty='".sanitize_vars($_POST['qty'])."',cities='".sanitize_vars($_POST['cities'])."',shippingfees='".sanitize_vars($_POST['shippingfees'])."',showinhome='".$_POST['showinhome']."',pixel='".sanitize_vars($_POST['pixel'])."',pixelevent='".sanitize_vars($_POST['pixelevent'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "fetchproduct"){
				$output = file_get_contents($_POST['url']);
				echo $output;
			}

if($_POST['action'] == "deleteproduct"){
				$req = $bdd->prepare("UPDATE products SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restoreproduct"){
				$req = $bdd->prepare("UPDATE products SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deleteproductpermanently"){
				$req = $bdd->prepare("DELETE FROM products WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "duplicateproduct"){
				$req = $bdd->prepare("INSERT INTO `products` (`ref`, `title`, `slug`, `description`, `keywords`, `pictures`, `category`, `oprice`, `price`, `counter`, `qty`, `dateadd`, `shippingfees`, `showinhome`, `pixel`, `pixelevent`, `trash`)
									SELECT `ref`, `title`, `slug`, `description`, `keywords`, `pictures`, `category`, `oprice`, `price`, `counter`, `qty`, '".time()."', `shippingfees`, `showinhome`, `pixel`, `pixelevent`, `trash` 
									FROM products 
									WHERE id='".$_POST['id']."'");
				$req->execute();
				$back = $bdd->query("SELECT id FROM products ORDER BY id DESC LIMIT 0,1");
				$row = $back->fetch();
				$req = $bdd->prepare("INSERT INTO `variants`(`product`, `title`, `variant`, `qty`, `price`, `trash`)
									SELECT ".$row['id'].", `title`, `variant`, `qty`, `price`, `trash` 
									FROM variants 
									WHERE product='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadproducts"){
				$back = $bdd->query("SELECT id FROM products WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-product"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM products WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-product"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Titre </td>
						<td>Catégorie </td>
						<td>Prix </td>
						<td>Qté</td>
						<td>Variant & offre</td>
						<td>Date ajout </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT *,(SELECT title FROM categories WHERE id=p.category) AS cat FROM products p WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (title LIKE '%".sanitize_vars($_POST['keyword'])."%' OR description LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['category'] != ""){
						$req .= " AND category='".$_POST['category']."'";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back3 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="product" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php echo $row['title'];?>
							<?php echo ($row['pixel']!="")?"FB Pixel: ".str_replace(",",", ",$row['pixel'])." ":"";?>
							Pixel Event: <?php echo $row['pixelevent'];?>
							<a href="<?php echo $websiteurl;?>/product/<?php echo $row['id']."-".$row['slug']?>" style="word-break:break-all;" target="_blank"><?php echo $websiteurl;?>/product/<?php echo $row['id']."-".$row['slug']?></a>
						</td>
						<td><?php echo $row['cat'];?></td>
						<td>
							<?php echo $row['price'].$parameters['currency'].(($row['shippingfees']!="0")?" + ".$row['shippingfees'].$parameters['currency']:"");?>
							<?php
							if($row['oprice'] != "0"){
								?>
							<?php echo "<del>".$row['oprice'].$parameters['currency']."</del> (-".round((($row['oprice']-$row['price'])*100)/$row['oprice'])."%)";?>
								<?php
							}
							?>
						</td>
						<?php
						$back1 = $bdd->query("SELECT id FROM commands WHERE (product='".$row['id']."' OR product LIKE '".$row['id'].",%' OR product LIKE '%,".$row['id'].",%' OR product LIKE '%,".$row['id']."') AND (phase='shipping' OR (phase='confirmation' AND state='Confirmé'))");
						?>
						<td><?php echo ($row['qty']-$back1->rowCount())."/".$row['qty'];?></td>
						<td>
							<?php
							$back1 = $bdd->query("SELECT title FROM variants WHERE product='".$row['id']."' AND qty>0 AND trash='1' GROUP BY title");
							while($row1 = $back1->fetch()){
								?>
							<?php echo $row1['title'];?>: 
								<?php
								$i = 1;
								$back2 = $bdd->query("SELECT variant FROM variants WHERE product='".$row['id']."' AND title='".$row1['title']."' AND qty>0 AND trash='1'");
								while($row2 = $back2->fetch()){
									echo (($i!=1)?", ":"").$row2['variant'];
									$i = 2;
								}
								?>
							
								<?php
							}
							?>
						</td>
						<td><?php echo date("d/m/Y",$row['dateadd']);?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-product lx-open-popup" 
								data-id="<?php echo $row['id'];?>" 
								data-titl="<?php echo $row['title'];?>" 
								data-slug="<?php echo $row['slug'];?>" 
								data-thumbnails="<?php echo $row['pictures'];?>"
								data-description="<?php echo str_replace("\"","'",$row['description']);?>"
								data-keywords="<?php echo $row['keywords'];?>" 
								data-category="<?php echo $row['category'];?>" 
								data-oprice="<?php echo $row['oprice'];?>" 
								data-price="<?php echo $row['price'];?>" 
								data-counter="<?php if($row['counter'] != ""){echo date('d/m/Y',$row['counter']);}?>" 
								data-qty="<?php echo $row['qty'];?>" 
								data-cities="<?php echo $row['cities'];?>" 
								data-shippingfees="<?php echo $row['shippingfees'];?>" 
								data-showinhome="<?php echo $row['showinhome'];?>" 
								data-pixel="<?php echo $row['pixel'];?>"
								data-pixelevent="<?php echo $row['pixelevent'];?>" data-title="product"></a>
								<a href="javascript:;" class="lx-open-popup lx-duplicate-product" data-id="<?php echo $row['id'];?>"></a>
								<a href="javascript:;" class="lx-open-popup lx-add-variant" data-title="variant" data-id="<?php echo $row['id'];?>"></a>
								<a href="javascript:;" class="lx-delete lx-delete-product lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-product" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-product" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back3->rowCount();?>" />
				<?php
				if($back3->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> produit(s) de <?php echo $back3->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back3->rowCount();?> produit(s) de <?php echo $back3->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addvariant"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO variants VALUES('0','".sanitize_vars($_POST['product'])."','".sanitize_vars($_POST['title'])."','".sanitize_vars($_POST['variant'])."','".sanitize_vars($_POST['qty'])."','".sanitize_vars($_POST['price'])."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE variants SET title='".sanitize_vars($_POST['title'])."',variant='".sanitize_vars($_POST['variant'])."',qty='".sanitize_vars($_POST['qty'])."',price='".sanitize_vars($_POST['price'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletevariant"){
				$req = $bdd->prepare("UPDATE variants SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadvariants"){
				?>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td>Titre </td>
						<td>Variant </td>
						<td>Qté </td>
						<td>Prix </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM variants WHERE trash='".$_POST['state']."' AND product='".$_POST['product']."' ORDER BY id DESC";
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><?php echo $row['title'];?></td>
						<td><?php echo $row['variant'];?></td>
						<td><?php echo $row['qty'];?></td>
						<td><?php echo $row['price'].$parameters['currency'];?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-variant" 
								data-id="<?php echo $row['id'];?>" 
								data-title="<?php echo $row['title'];?>" 
								data-variant="<?php echo $row['variant'];?>" 
								data-qty="<?php echo $row['qty'];?>"
								data-price="<?php echo $row['price'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-variant" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<?php
			}

if($_POST['action'] == "addlandingpage"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO landingpages(id,product,description,showviews,formbelow,listasproduct,showhf,bg,trash) VALUES ('0','".sanitize_vars($_POST['product'])."','".addslashes($_POST['description'])."','".sanitize_vars($_POST['showviews'])."','".sanitize_vars($_POST['formbelow'])."','".sanitize_vars($_POST['listasproduct'])."','".sanitize_vars($_POST['showhf'])."','".sanitize_vars($_POST['bg'])."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE landingpages SET product='".sanitize_vars($_POST['product'])."',description='".addslashes($_POST['description'])."',showviews='".sanitize_vars($_POST['showviews'])."',formbelow='".sanitize_vars($_POST['formbelow'])."',listasproduct='".sanitize_vars($_POST['listasproduct'])."',showhf='".sanitize_vars($_POST['showhf'])."',bg='".sanitize_vars($_POST['bg'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletelandingpage"){
				$req = $bdd->prepare("UPDATE landingpages SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorelandingpage"){
				$req = $bdd->prepare("UPDATE landingpages SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletelandingpagepermanently"){
				$req = $bdd->prepare("DELETE FROM landingpages WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadlandingpages"){
				$back = $bdd->query("SELECT id FROM landingpages WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-landingpage"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM landingpages WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-landingpage"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Produit </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT *,(SELECT CONCAT(title,'|',slug) FROM products WHERE id=lp.product) AS pr FROM landingpages lp WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (description LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						$pr = explode("|",$row['pr']);
						?>
					<tr>
						<td><label><input type="checkbox" name="landingpage" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php echo $pr[0];?>
							<a href="<?php echo $websiteurl;?>/landingpage/<?php echo $row['id']."-".$pr[1]?>" style="word-break:break-all;" target="_blank"><?php echo $websiteurl;?>/landingpage/<?php echo $row['id']."-".$pr[1]?></a>
						</td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-landingpage lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-product="<?php echo $row['product'];?>"
								data-description="<?php echo str_replace("\"","'",$row['description']);?>"
								data-showviews="<?php echo ($row['showviews']==1)?true:false;?>"
								data-formbelow="<?php echo ($row['formbelow']==1)?true:false;?>"
								data-listasproduct="<?php echo ($row['listasproduct']==1)?true:false;?>"
								data-showhf="<?php echo ($row['showhf']==1)?true:false;?>"
								data-bg="<?php echo $row['bg'];?>" data-title="landingpage"></a><a href="javascript:;" class="lx-delete lx-delete-landingpage lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-landingpage" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-landingpage" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> landing page(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> landing page(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addcategory"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO categories(id,parent,title,slug,description,thumbnail,pixel,trash) VALUES ('0','".sanitize_vars($_POST['parent'])."','".sanitize_vars($_POST['title'])."','".sanitize_vars($_POST['slug'])."','".sanitize_vars($_POST['description'])."','".sanitize_vars($_POST['thumbnail'])."','".sanitize_vars($_POST['pixel'])."','1')");
					$req->execute();
					$back = $bdd->query("SELECT id,parent FROM categories WHERE title='".sanitize_vars($_POST['title'])."' LIMIT 0,1");
					$row = $back->fetch();
					echo ($_POST['parent']=="0")?$row['id']:"0";
				}
				else{
					$req = $bdd->prepare("UPDATE categories SET parent='".sanitize_vars($_POST['parent'])."',title='".sanitize_vars($_POST['title'])."',slug='".sanitize_vars($_POST['slug'])."',description='".sanitize_vars($_POST['description'])."',thumbnail='".sanitize_vars($_POST['thumbnail'])."',pixel='".sanitize_vars($_POST['pixel'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletecategory"){
				$req = $bdd->prepare("UPDATE categories SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorecategory"){
				$req = $bdd->prepare("UPDATE categories SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletecategorypermanently"){
				$req = $bdd->prepare("DELETE FROM categories WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadcategories"){
				$back = $bdd->query("SELECT id FROM categories WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-category"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM categories WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-category"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Titre </td>
						<td>Catégorie mère </td>
						<td>Description </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT *,(SELECT title FROM categories WHERE id=c.parent) AS pr FROM categories c WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (title LIKE '%".sanitize_vars($_POST['keyword'])."%' OR description LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="category" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php echo (($row['parent']!="0")?"&mdash;&mdash; ":"").$row['title'];?>
							<?php echo ($row['pixel']!="")?"FB Pixel: ".str_replace(",",", ",$row['pixel']):"";?>
							<a href="<?php echo $websiteurl;?>/category/<?php echo $row['slug']?>" style="word-break:break-all;" target="_blank"><?php echo $websiteurl;?>/category/<?php echo $row['slug']?></a>
						</td>
						<td><?php echo $row['pr'];?></td>
						<td><?php echo $row['description'];?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-category lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-parent="<?php echo $row['parent'];?>"
								data-titl="<?php echo $row['title'];?>"
								data-slug="<?php echo $row['slug'];?>"
								data-description="<?php echo addslashes($row['description']);?>"
								data-thumbnail="<?php echo $row['thumbnail'];?>" 
								data-pixel="<?php echo $row['pixel'];?>" data-title="category"></a><a href="javascript:;" class="lx-delete lx-delete-category lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-category" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-category" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> catégorie(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> catégorie(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addreview"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO reviews VALUES('0','0','".sanitize_vars($_POST['product'])."','".sanitize_vars($_POST['fullname'])."','".sanitize_vars($_POST['phone'])."','".sanitize_vars($_POST['comment'])."','".sanitize_vars($_POST['thumbnails'])."','".sanitize_vars($_POST['shipping'])."','".sanitize_vars($_POST['service'])."','".sanitize_vars($_POST['quality'])."','off','".time()."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE reviews SET product='".sanitize_vars($_POST['product'])."',fullname='".sanitize_vars($_POST['fullname'])."',phone='".sanitize_vars($_POST['phone'])."',comment='".sanitize_vars($_POST['comment'])."',pictures='".sanitize_vars($_POST['thumbnails'])."',shipping='".sanitize_vars($_POST['shipping'])."',service='".sanitize_vars($_POST['service'])."',quality='".sanitize_vars($_POST['quality'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletereview"){
				$req = $bdd->prepare("UPDATE reviews SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorereview"){
				$req = $bdd->prepare("UPDATE reviews SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletereviewpermanently"){
				$req = $bdd->prepare("DELETE FROM reviews WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadreviews"){
				$back = $bdd->query("SELECT id FROM reviews WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-review"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM reviews WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-review"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Client </td>
						<td>Note </td>
						<td>Avis</td>
						<td>Date ajout </td>
						<td>Affiché </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM reviews p WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (fullname LIKE '%".sanitize_vars($_POST['keyword'])."%' OR phone LIKE '%".sanitize_vars($_POST['keyword'])."%' OR comment LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['product'] != ""){
						$req .= " AND product='".$_POST['product']."'";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="review" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php
							$back1 = $bdd->query("SELECT title FROM products WHERE id='".$row['product']."'");
							$row1 = $back1->fetch();
							?>
							<?php echo $row1['title'];?>
							<?php echo $row['fullname'];?>
							<?php echo $row['phone'];?>
						</td>
						<td style="white-space:nowrap;">
							Service livraison: 
							<?php
							for($i=0;$i<$row['shipping'];$i++){
								?>
							
								<?php
							}
							for($i=0;$i<(5-$row['shipping']);$i++){
								?>
							
								<?php
							}
							?>
							
							Service clientèle: 
							<?php
							for($i=0;$i<$row['service'];$i++){
								?>
							
								<?php
							}
							for($i=0;$i<(5-$row['service']);$i++){
								?>
							
								<?php
							}
							?>
							
							Qualité produit: 
							<?php
							for($i=0;$i<$row['quality'];$i++){
								?>
							
								<?php
							}
							for($i=0;$i<(5-$row['quality']);$i++){
								?>
							
								<?php
							}
							?>
							
						</td>
						<td>
							<?php echo $row['comment'];?>
							<ul class="lx-thumbnails">
								<?php
								$thumbnails = explode(",",$row['pictures']);
								for($i=0;$i<count($thumbnails);$i++){
									?>
								<li>
									<img src="../is-uploads/cropped_<?php echo $thumbnails[$i];?>" />
								</li>
									<?php
								}
								?>
							</ul>
						</td>
						<td><?php echo date("d/m/Y",$row['dateadd']);?></td>
						<td>
							<?php
							$class = '';
							if($row['validated'] == "on"){
								$class = ' lx-on-off-blue';
							}
							?>
							<div class="lx-on-off<?php echo $class?>" data-state="<?php echo $row['validated']?>" data-table="reviews" data-column="validated" data-id="<?php echo $row['id'];?>">
								<div class="lx-on-off-fill">
									check
									
								</div>
							</div>
						</td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-review lx-open-popup" 
								data-id="<?php echo $row['id'];?>" 
								data-product="<?php echo $row['product'];?>" 
								data-fullname="<?php echo $row['fullname'];?>" 
								data-phone="<?php echo $row['phone'];?>" 
								data-shipping="<?php echo $row['shipping'];?>" 
								data-service="<?php echo $row['service'];?>" 
								data-quality="<?php echo $row['quality'];?>" 
								data-comment="<?php echo addslashes($row['comment']);?>" 
								data-thumbnails="<?php echo $row['pictures'];?>" data-title="review"></a><a href="javascript:;" class="lx-delete lx-delete-review lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-review" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-review" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> produit(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> produit(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addupsell"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO upsells(id,product,category,upsell,price,trash) VALUES ('0','".sanitize_vars($_POST['product'])."','".sanitize_vars($_POST['category'])."','".sanitize_vars($_POST['upsell'])."','".sanitize_vars($_POST['price'])."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE upsells SET product='".sanitize_vars($_POST['product'])."',category='".sanitize_vars($_POST['category'])."',upsell='".sanitize_vars($_POST['upsell'])."',price='".sanitize_vars($_POST['price'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deleteupsell"){
				$req = $bdd->prepare("UPDATE upsells SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restoreupsell"){
				$req = $bdd->prepare("UPDATE upsells SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deleteupsellpermanently"){
				$req = $bdd->prepare("DELETE FROM upsells WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadupsells"){
				$back = $bdd->query("SELECT id FROM upsells WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-upsell"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM upsells WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-upsell"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Categorié </td>
						<td>Produit </td>
						<td>Upsell </td>
						<td>Prix </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM upsells WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (product IN(SELECT id FROM products WHERE title LIKE '%".sanitize_vars($_POST['keyword'])."%')
						OR upsell IN(SELECT id FROM products WHERE title LIKE '%".sanitize_vars($_POST['keyword'])."%')
						OR category IN(SELECT id FROM categories WHERE title LIKE '%".sanitize_vars($_POST['keyword'])."%'))";
					}
					if($_POST['product'] != ""){
						$req .= " AND (product='".sanitize_vars($_POST['product'])."' OR upsell='".sanitize_vars($_POST['product'])."')";
					}
					if($_POST['category'] != ""){
						$req .= " AND category='".sanitize_vars($_POST['category'])."'";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="upsell" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php
							$back1 = $bdd->query("SELECT title FROM categories WHERE id='".$row['category']."'");
							$row1 = $back1->fetch();
							?>
							<?php echo ($row1['title']!="")?$row1['title']:"&mdash;";?>
						</td>
						<td>
							<?php
							$back1 = $bdd->query("SELECT title FROM products WHERE id='".$row['product']."'");
							$row1 = $back1->fetch();
							?>
							<?php echo ($row1['title']!="")?$row1['title']:"&mdash;";?>
						</td>
						<td>
							<?php
							$back1 = $bdd->query("SELECT title FROM products WHERE id='".$row['upsell']."'");
							$row1 = $back1->fetch();
							?>
							<?php echo ($row1['title']!="")?$row1['title']:"&mdash;";?>
						</td>
						<td><?php echo $row['price'].$parameters['currency'];?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-upsell lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-product="<?php echo $row['product'];?>"
								data-category="<?php echo $row['category'];?>"
								data-upsell="<?php echo $row['upsell'];?>"
								data-price="<?php echo $row['price'];?>" data-title="upsell"></a><a href="javascript:;" class="lx-delete lx-delete-upsell lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-upsell" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-upsell" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> upsell(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> upsell(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addcoupon"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO coupons(id,category,product,code,type,value,maxlimit,dateexpiring,trash) VALUES ('0','".sanitize_vars($_POST['category'])."','".sanitize_vars($_POST['product'])."','".sanitize_vars($_POST['code'])."','".sanitize_vars($_POST['type'])."','".sanitize_vars($_POST['value'])."','".sanitize_vars($_POST['maxlimit'])."','".sanitize_vars(strtotime(str_replace("/","-",$_POST['dateexpiring'])))."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE coupons SET category='".sanitize_vars($_POST['category'])."',product='".sanitize_vars($_POST['product'])."',code='".sanitize_vars($_POST['code'])."',type='".sanitize_vars($_POST['type'])."',value='".sanitize_vars($_POST['value'])."',maxlimit='".sanitize_vars($_POST['maxlimit'])."',dateexpiring='".sanitize_vars(strtotime(str_replace("/","-",$_POST['dateexpiring'])))."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletecoupon"){
				$req = $bdd->prepare("UPDATE coupons SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorecoupon"){
				$req = $bdd->prepare("UPDATE coupons SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletecouponpermanently"){
				$req = $bdd->prepare("DELETE FROM coupons WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadcoupons"){
				$back = $bdd->query("SELECT id FROM coupons WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-coupon"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM coupons WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-coupon"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Catégorie </td>
						<td>Produit </td>
						<td>Code </td>
						<td>Réduction </td>
						<td>Maximum nombre d'utilisation </td>
						<td>Date d'expiration </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM coupons WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (code LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['category'] != ""){
						$req .= " AND category='".sanitize_vars($_POST['category'])."'";
					}
					if($_POST['product'] != ""){
						$req .= " AND product='".sanitize_vars($_POST['product'])."'";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="coupon" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php
							$back1 = $bdd->query("SELECT title FROM categories WHERE id='".$row['category']."'");
							$row1 = $back1->fetch();
							?>
							<?php echo ($row1['title']!="")?$row1['title']:"&mdash;";?>
						</td>
						<td>
							<?php
							$back1 = $bdd->query("SELECT title FROM products WHERE id='".$row['product']."'");
							$row1 = $back1->fetch();
							?>
							<?php echo ($row1['title']!="")?$row1['title']:"&mdash;";?>
						</td>
						<td><?php echo $row['code'];?></td>
						<td><?php echo $row['value'].$row['type'];?></td>
						<td><?php echo $row['maxlimit'];?></td>
						<td><?php echo ($row['dateexpiring']!="")?date("d/m/Y",$row['dateexpiring']):"&mdash;";?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-coupon lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-category="<?php echo $row['category'];?>"
								data-product="<?php echo $row['product'];?>"
								data-code="<?php echo $row['code'];?>"
								data-type="<?php echo $row['type'];?>"
								data-value="<?php echo $row['value'];?>"
								data-maxlimit="<?php echo $row['maxlimit'];?>"
								data-dateexpiring="<?php echo ($row['dateexpiring']!="")?date("d/m/Y",$row['dateexpiring']):"";?>" data-title="coupon"></a><a href="javascript:;" class="lx-delete lx-delete-coupon lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-coupon" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-coupon" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> coupon(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> coupon(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addpromotion"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO promotions(id,product,qty,price,active,trash) VALUES ('0','".sanitize_vars($_POST['product'])."','".sanitize_vars($_POST['qty'])."','".sanitize_vars($_POST['price'])."','off','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE promotions SET product='".sanitize_vars($_POST['product'])."',qty='".sanitize_vars($_POST['qty'])."',price='".sanitize_vars($_POST['price'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletepromotion"){
				$req = $bdd->prepare("UPDATE promotions SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorepromotion"){
				$req = $bdd->prepare("UPDATE promotions SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletepromotionpermanently"){
				$req = $bdd->prepare("DELETE FROM promotions WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadpromotions"){
				$back = $bdd->query("SELECT id FROM promotions WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-promotion"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM promotions WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-promotion"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Produits </td>
						<td>Quantité </td>
						<td>Prix </td>
						<td>Activé </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM promotions WHERE trash='".$_POST['state']."'";
					if($_POST['product'] != ""){
						$req .= " AND product='".sanitize_vars($_POST['product'])."'";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="promotion" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php
							$back1 = $bdd->query("SELECT title FROM products WHERE id='".$row['product']."'");
							$row1 = $back1->fetch();
							?>
							<?php echo ($row1['title']!="")?$row1['title']:"&mdash;";?>
						</td>
						<td><?php echo $row['qty'];?></td>
						<td><?php echo $row['price'].$parameters['currency'];?></td>
						<td>
							<?php
							$class = '';
							if($row['active'] == "on"){
								$class = ' lx-on-off-blue';
							}
							?>
							<div class="lx-on-off<?php echo $class?>" data-state="<?php echo $row['active']?>" data-table="promotions" data-column="active" data-id="<?php echo $row['id'];?>">
								<div class="lx-on-off-fill">
									check
									
								</div>
							</div>
						</td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-promotion lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-product="<?php echo $row['product'];?>"
								data-qty="<?php echo $row['qty'];?>"
								data-price="<?php echo $row['price'];?>" data-title="promotion"></a><a href="javascript:;" class="lx-delete lx-delete-promotion lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-promotion" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-promotion" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> promotion(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> promotion(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addcommand"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO commands(id,code,product,details,qty,worker,fullname,phone,email,address,city,ip,price,coupon,phase,state,datereported,note,dateadd,dateupdate,trash) VALUES ('0','".sanitize_vars($_POST['code'])."','".sanitize_vars(substr($_POST['product'],1))."','".sanitize_vars(substr($_POST['details'],1))."','".sanitize_vars(substr($_POST['qty'],1))."','".$worker."','".sanitize_vars($_POST['fullname'])."','".sanitize_vars($_POST['phone'])."','','".sanitize_vars($_POST['address'])."','".sanitize_vars($_POST['city'])."','".getRealIpAddr()."','".sanitize_vars($_POST['price'])."','','confirmation','Nouveau','','','".time()."','".time()."','1')");
					$req->execute();
					$back = $bdd->query("SELECT id FROM commands WHERE phone='".sanitize_vars($_POST['phone'])."' ORDER BY id DESC LIMIT 0,1");
					$command = $back->fetch();
					$req = $bdd->prepare("INSERT INTO commandshistory(id,command,state,dateadd) VALUES ('0','".$command['id']."','Nouveau','".time()."')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE commands SET code='".sanitize_vars($_POST['code'])."',product='".sanitize_vars(substr($_POST['product'],1))."',details='".sanitize_vars(substr($_POST['details'],1))."',qty='".sanitize_vars(substr($_POST['qty'],1))."',fullname='".sanitize_vars($_POST['fullname'])."',phone='".sanitize_vars($_POST['phone'])."',email='".sanitize_vars($_POST['email'])."',address='".sanitize_vars($_POST['address'])."',city='".sanitize_vars($_POST['city'])."',price='".sanitize_vars($_POST['price'])."',dateupdate='".time()."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "grabcommand"){
				$reported = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND state IN('Reporté') AND ((datereported < ".(time() + (60*60*24*3))." AND city<>'Casablanca') OR (datereported < ".(time() + (60*60*24))." AND city='Casablanca')) AND datereported<>'' AND trash='1' AND worker='".$_SESSION['id']."'");
				if($reported->rowCount() == 0){
					$encours = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND worker='".$_SESSION['id']."' AND state='Nouveau' AND trash='1'");
					if($encours->rowCount() == 0){
						$back = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND worker='0' AND state='Nouveau' AND trash='1'");
						if($back->rowCount() > 0){
							$row = $back->fetch();
							$req = $bdd->prepare("UPDATE commands SET worker='".$_SESSION['id']."' WHERE id='".$row['id']."'");
							$req->execute();
						}
						else{
							echo "Il y a pas de commandes pour le moment essayer plus tard";
						}
					}
					else{
						echo "Vous avez déja des commandes en cours à confirmés";
					}
				}
				else{
					echo "Vous avez déja des commandes reporté à confirmés";
				}
			}

if($_POST['action'] == "deletecommand"){			
				$req = $bdd->prepare("UPDATE commands SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorecommand"){
				$req = $bdd->prepare("UPDATE commands SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletecommandpermanently"){
				$req = $bdd->prepare("DELETE FROM commands WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "editstate"){
				$req = $bdd->prepare("UPDATE commands SET state='".sanitize_vars($_POST['state'])."',datereported='".sanitize_vars(strtotime(str_replace("/","-",$_POST['datereported'])))."',note='".sanitize_vars($_POST['note'])."',dateupdate='".time()."' WHERE id='".$_POST['id']."'");
				$req->execute();
				$req = $bdd->prepare("INSERT INTO commandshistory(id,command,state,dateadd) VALUES ('0','".$_POST['id']."','".sanitize_vars($_POST['state'])."','".time()."')");
				$req->execute();
			}
			
			if($_POST['action'] == "resendorder"){
				$back = $bdd->query("SELECT product,qty,fullname,phone,address,city,price FROM commands WHERE id='".$_POST['id']."'");
				$row = $back->fetch();
				$products = "";
				$back1 = $bdd->query("SELECT title FROM products WHERE id IN(".$row['product'].")");
				while($row1 = $back1->fetch()){
					$products .= " - ".$row1['title'];
				}			
				sendToStockOUT($parameters['stockout'],$products,$row['qty'],$parameters['sitename'],$row['fullname'],$row['phone'],$row['address'],$row['city'],$row['price']);
			}
			
			if($_POST['action'] == "loadcommands"){
				$back = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND trash='0'".$user);
				?>
				<a href="javascript:;" class="lx-trash lx-trash-command"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND trash='1'".$user);
				?>
				<a href="javascript:;" class="lx-trash lx-published-command"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Destinataire </td>
						<td>Code d'envoi </td>
						<td>Produits </td>
						<td>Prix </td>
						<td>Etat </td>
						<td>Employé et note </td>
						<td>Date </td>
						<td>Validé</td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM commands WHERE trash='".$_POST['state']."'".$user;
					if($_POST['keyword'] != ""){
						$req .= " AND (code LIKE '%".$_POST['keyword']."%' OR fullname LIKE '%".$_POST['keyword']."%' OR phone LIKE '%".$_POST['keyword']."%' OR address LIKE '%".$_POST['keyword']."%' OR city LIKE '%".$_POST['keyword']."%')";
					}
					else{
						$req .= " AND phase='confirmation'";
					}
					if($_POST['worker'] != ""){
						$req .= " AND worker='".$_POST['worker']."'";
					}
					if($_POST['city'] != ""){
						$req .= " AND city='".$_POST['city']."'";
					}
					if($_POST['product'] != ""){
						$req .= " AND (product='".$_POST['product']."' OR product LIKE '".$_POST['product'].",%' OR product LIKE '%,".$_POST['product'].",%' OR product LIKE '%,".$_POST['product']."')";
					}
					if($_POST['statee'] != ""){
						$req .= " AND state IN ('".str_replace(",","','",$_POST['statee'])."')";
					}
					if($_POST['datestart'] != "" AND $_POST['dateend'] != ""){
						$datestart = strtotime(str_replace("/","-",$_POST['datestart']));
						$dateend = strtotime(str_replace("/","-",$_POST['dateend'])) + (60*60*24) - 1;
						$req .= " AND (dateadd BETWEEN '".$datestart."' AND '".$dateend."')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back3 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						$back1 = $bdd->query("SELECT state,color FROM trackingstates WHERE state='".$row['state']."'");
						$state = $back1->fetch();
						$background = "";
						if($parameters['rowcolor'] == "1"){
							$background = "background:rgba(".hexdec(substr($state['color'],1,2)).",".hexdec(substr($state['color'],3,2)).",".hexdec(substr($state['color'],5,2)).",0.2)";
						}
						?>
					<tr style="<?php echo $background;?>">
						<td><label><input type="checkbox" name="command" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php echo $row['fullname'];?>
							<?php
							$back1 = $bdd->query("SELECT id FROM commands WHERE phone='".$row['phone']."'");
							?>							
							rowCount()>1)?" lx-phone-exists":"";?>"><a href="tel:<?php echo $row['phone'];?>" style="color:#242424;font-weight:500;"><?php echo $row['phone'];?></a>
							<?php echo $row['address'];?>
							<?php echo $row['city'];?>
							<?php
							$back1 = $bdd->query("SELECT id FROM commands WHERE ip='".$row['ip']."'");
							?>
							rowCount()>1)?" lx-ip-exists":" lx-ip-new";?>"><?php echo $row['ip'];?>
						</td>
						<td><?php echo $row['code'];?></td>
						<td>
							<?php
							if(preg_match("#^[0-9]+(,[0-9]+)*$#",$row['product'])){
								$i = 0;
								$qtys = explode(",",$row['qty']);
								$details = explode(",",$row['details']);
								$back1 = $bdd->query("SELECT id,title,slug FROM products WHERE id IN(".$row['product'].") ORDER BY FIELD(id,".$row['product'].")");
								while($row1 = $back1->fetch()){
									?>
							<a href="<?php echo $websiteurl;?>/product/<?php echo $row1['id']."-".$row1['slug']?>" style="word-break:break-all;" target="_blank"><?php echo $row1['title'].(($details[$i] != "")?" - ".$details[$i]:"")." x ".$qtys[$i];?></a>
									<?php
									$i++;
								}
							}
							?>
						</td>
						<td><?php echo $row['price'].$parameters['currency'];?></td>
						<?php
						$back1 = $bdd->query("SELECT color FROM trackingstates WHERE state='".$row['state']."'");
						$row1 = $back1->fetch();
						?>
						<td>
							" data-state="<?php echo $row['state'];?>" data-datereported="<?php echo ($row['datereported']!=""?gmdate('d/m/Y',$row['datereported']):'');?>" data-note="<?php echo $row['note'];?>" data-title="editstate" style="display:inline-block;padding:2px 5px;font-weight:500;background:<?php echo $row1['color'];?>;color:#FFFFFF;border-radius:4px;cursor:pointer;"><?php echo $row['state'];?>
							<?php
							if($row['datereported'] != ""){
								?>
							<?php echo gmdate("d/m/Y",$row['datereported']);?>
								<?php
							}
							?>
						</td>
						<td>
							<?php
							if($row['worker'] != "0"){
								$back1 = $bdd->query("SELECT fullname FROM users WHERE id='".$row['worker']."'");
								$row1 = $back1->fetch();
								?>
							<?php echo $row1['fullname'];?>
								<?php
							}
							?>							
							<?php echo ($row['coupon']!=""?"Coupon: ".$row['coupon']:"");?>
							<?php echo ($row['note']!=""?$row['note']:"&mdash;");?>
						</td>
						<td>
							Date ajout: <?php echo ($row['dateadd']!=""?gmdate("d/m/Y H:i",$row['dateadd']):"&mdash;");?>
							Date mise à jour: <?php echo ($row['dateupdate']!=""?gmdate("d/m/Y H:i",$row['dateupdate']):"&mdash;");?>
						</td>
						<td>
							<?php
							if($row['phase'] == "confirmation" AND $row['state'] == "Confirmé"){
							?>
							<div class="lx-on-off" data-state="off" data-table="commands" data-column="phase" data-id="<?php echo $row['id'];?>">
								<div class="lx-on-off-fill">
									check
									
								</div>
							</div>	
							<?php
							}
							?>
						</td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-command lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-product="<?php echo $row['product'];?>"
								data-details="<?php echo $row['details'];?>" 
								data-qty="<?php echo $row['qty'];?>" 
								data-fullname="<?php echo $row['fullname'];?>"
								data-phone="<?php echo $row['phone'];?>"
								data-address="<?php echo $row['address'];?>"
								data-city="<?php echo $row['city'];?>"
								data-price="<?php echo $row['price'];?>" data-title="command"></a><a href="javascript:;" class="lx-delete lx-print-ticket lx-open-popup" data-title="tickets" data-id="<?php echo $row['id'];?>"></a>
								<a href="javascript:;" class="lx-delete lx-resend-command" data-id="<?php echo $row['id'];?>"></a>
								 <a href="javascript:;" class="lx-show-history lx-open-popup" data-title="commandhistory" data-id="<?php echo $row['id'];?>"></a>
								<?php
								if($_SESSION['type'] == "moderator"){
								?>
								<a href="javascript:;" class="lx-delete lx-delete-command lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
								}
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-command" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-command" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back3->rowCount();?>" />
				<?php
				if($back3->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> commande(s) de <?php echo $back3->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back3->rowCount();?> commande(s) de <?php echo $back3->rowCount();?>
				<?php			
				}
			}
			
			if($_POST['action'] == "loadreported"){
				$back = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND state='Reporté' AND trash='0'".$user);
				?>
				<a href="javascript:;" class="lx-trash lx-trash-command"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND state='Reporté' AND trash='1'".$user);
				?>
				<a href="javascript:;" class="lx-trash lx-published-command"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Destinataire </td>
						<td>Code d'envoi </td>
						<td>Produits </td>
						<td>Prix </td>
						<td>Etat </td>
						<td>Employé et note </td>
						<td>Date </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM commands WHERE phase='confirmation' AND trash='".$_POST['state']."'".$user;
					if($_POST['keyword'] != ""){
						$req .= " AND (code LIKE '%".$_POST['keyword']."%' OR fullname LIKE '%".$_POST['keyword']."%' OR phone LIKE '%".$_POST['keyword']."%' OR address LIKE '%".$_POST['keyword']."%' OR city LIKE '%".$_POST['keyword']."%')";
					}
					if($_POST['worker'] != ""){
						$req .= " AND worker='".$_POST['worker']."'";
					}
					if($_POST['city'] != ""){
						$req .= " AND city='".$_POST['city']."'";
					}
					if($_POST['product'] != ""){
						$req .= " AND (product='".$_POST['product']."' OR product LIKE '".$_POST['product'].",%' OR product LIKE '%,".$_POST['product'].",%' OR product LIKE '%,".$_POST['product']."')";
					}
					if($_POST['statee'] != ""){
						$req .= " AND state IN ('".str_replace(",","','",$_POST['statee'])."')";
					}
					if($_POST['datestart'] != "" AND $_POST['dateend'] != ""){
						$datestart = strtotime(str_replace("/","-",$_POST['datestart']));
						$dateend = strtotime(str_replace("/","-",$_POST['dateend'])) + (60*60*24) - 1;
						$req .= " AND (dateadd BETWEEN '".$datestart."' AND '".$dateend."')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back3 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						$back1 = $bdd->query("SELECT state,color FROM trackingstates WHERE state='".$row['state']."'");
						$state = $back1->fetch();
						$background = "";
						if($parameters['rowcolor'] == "1"){
							$background = "background:rgba(".hexdec(substr($state['color'],1,2)).",".hexdec(substr($state['color'],3,2)).",".hexdec(substr($state['color'],5,2)).",0.2)";
						}
						?>
					<tr style="<?php echo $background;?>">
						<td><label><input type="checkbox" name="command" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php echo $row['fullname'];?>
							<?php
							$back1 = $bdd->query("SELECT id FROM commands WHERE phone='".$row['phone']."'");
							?>							
							rowCount()>1)?" lx-phone-exists":"";?>"><a href="tel:<?php echo $row['phone'];?>" style="color:#242424;font-weight:500;"><?php echo $row['phone'];?></a>
							<?php echo $row['address'];?>
							<?php echo $row['city'];?>
							<?php
							$back1 = $bdd->query("SELECT id FROM commands WHERE ip='".$row['ip']."'");
							?>
							rowCount()>1)?" lx-ip-exists":" lx-ip-new";?>"><?php echo $row['ip'];?>
						</td>
						<td><?php echo $row['code'];?></td>
						<td>
							<?php
							if(preg_match("#^[0-9]+(,[0-9]+)*$#",$row['product'])){
								$i = 0;
								$qtys = explode(",",$row['qty']);
								$details = explode(",",$row['details']);
								$back1 = $bdd->query("SELECT id,title,slug FROM products WHERE id IN(".$row['product'].") ORDER BY FIELD(id,".$row['product'].")");
								while($row1 = $back1->fetch()){
									?>
							<a href="<?php echo $websiteurl;?>/product/<?php echo $row1['id']."-".$row1['slug']?>" style="word-break:break-all;" target="_blank"><?php echo $row1['title'].(($details[$i] != "")?" - ".$details[$i]:"")." x ".$qtys[$i];?></a>
									<?php
									$i++;
								}
							}
							?>
						</td>
						<td><?php echo $row['price'].$parameters['currency'];?></td>
						<?php
						$back1 = $bdd->query("SELECT state,color FROM trackingstates WHERE state='".$row['state']."'");
						$row1 = $back1->fetch();
						?>
						<td>
							" data-state="<?php echo $row['state'];?>" data-datereported="<?php echo ($row['datereported']!=""?gmdate('d/m/Y',$row['datereported']):'');?>" data-note="<?php echo $row['note'];?>" data-title="editstate" style="display:inline-block;padding:2px 5px;font-weight:500;background:<?php echo $row1['color'];?>;color:#FFFFFF;border-radius:4px;cursor:pointer;"><?php echo $row['state'];?>
							<?php
							if($row['datereported'] != ""){
								?>
							<?php echo gmdate("d/m/Y",$row['datereported']);?>
								<?php
							}
							?>
						</td>
						<td>
							<?php
							if($row['worker'] != "0"){
								$back1 = $bdd->query("SELECT fullname FROM users WHERE id='".$row['worker']."'");
								$row1 = $back1->fetch();
								?>
							<?php echo $row1['fullname'];?>
								<?php
							}
							?>							
							<?php echo ($row['coupon']!=""?"Coupon: ".$row['coupon']:"");?>
							<?php echo ($row['note']!=""?$row['note']:"&mdash;");?>
						</td>
						<td>
							Date ajout: <?php echo ($row['dateadd']!=""?gmdate("d/m/Y H:i",$row['dateadd']):"&mdash;");?>
							Date mise à jour: <?php echo ($row['dateupdate']!=""?gmdate("d/m/Y H:i",$row['dateupdate']):"&mdash;");?>
						</td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-command lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-product="<?php echo $row['product'];?>"
								data-details="<?php echo $row['details'];?>" 
								data-qty="<?php echo $row['qty'];?>" 
								data-fullname="<?php echo $row['fullname'];?>"
								data-phone="<?php echo $row['phone'];?>"
								data-address="<?php echo $row['address'];?>"
								data-city="<?php echo $row['city'];?>"
								data-price="<?php echo $row['price'];?>" data-title="command"></a><a href="javascript:;" class="lx-delete lx-print-ticket lx-open-popup" data-title="tickets" data-id="<?php echo $row['id'];?>"></a>
								 <a href="javascript:;" class="lx-show-history lx-open-popup" data-title="commandhistory" data-id="<?php echo $row['id'];?>"></a>
								<?php
								if($_SESSION['type'] == "moderator"){
								?>
								<a href="javascript:;" class="lx-delete lx-delete-command lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
								}
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-command" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-command" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back3->rowCount();?>" />
				<?php
				if($back3->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> commande(s) de <?php echo $back3->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back3->rowCount();?> commande(s) de <?php echo $back3->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "loadshipped"){
				$back = $bdd->query("SELECT id FROM commands WHERE phase='shipping' AND trash='0'".$user);
				?>
				<a href="javascript:;" class="lx-trash lx-trash-command"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM commands WHERE phase='shipping' AND trash='1'".$user);
				?>
				<a href="javascript:;" class="lx-trash lx-published-command"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Destinataire </td>
						<td>Code d'envoi </td>
						<td>Produits </td>
						<td>Prix </td>
						<td>Etat </td>
						<td>Employé et note </td>
						<td>Date </td>
						<td>Validé</td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM commands WHERE phase='shipping' AND trash='".$_POST['state']."'".$user;
					if($_POST['keyword'] != ""){
						$req .= " AND (code LIKE '%".$_POST['keyword']."%' OR fullname LIKE '%".$_POST['keyword']."%' OR phone LIKE '%".$_POST['keyword']."%' OR address LIKE '%".$_POST['keyword']."%' OR city LIKE '%".$_POST['keyword']."%')";
					}
					if($_POST['worker'] != ""){
						$req .= " AND worker='".$_POST['worker']."'";
					}
					if($_POST['city'] != ""){
						$req .= " AND city='".$_POST['city']."'";
					}
					if($_POST['product'] != ""){
						$req .= " AND (product='".$_POST['product']."' OR product LIKE '".$_POST['product'].",%' OR product LIKE '%,".$_POST['product'].",%' OR product LIKE '%,".$_POST['product']."')";
					}
					if($_POST['statee'] != ""){
						$req .= " AND state IN ('".str_replace(",","','",$_POST['statee'])."')";
					}
					if($_POST['datestart'] != "" AND $_POST['dateend'] != ""){
						$datestart = strtotime(str_replace("/","-",$_POST['datestart']));
						$dateend = strtotime(str_replace("/","-",$_POST['dateend'])) + (60*60*24) - 1;
						$req .= " AND (dateadd BETWEEN '".$datestart."' AND '".$dateend."')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back3 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						$back1 = $bdd->query("SELECT * FROM trackingstates WHERE state='".$row['state']."'");
						$state = $back1->fetch();
						$background = "";
						if($parameters['rowcolor'] == "1"){
							$background = "background:rgba(".hexdec(substr($state['color'],1,2)).",".hexdec(substr($state['color'],3,2)).",".hexdec(substr($state['color'],5,2)).",0.2)";
						}
						?>
					<tr style="<?php echo $background;?>">
						<td><label><input type="checkbox" name="command" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php echo $row['fullname'];?>
							<?php
							$back1 = $bdd->query("SELECT id FROM commands WHERE phone='".$row['phone']."'");
							?>							
							rowCount()>1)?" lx-phone-exists":"";?>"><a href="tel:<?php echo $row['phone'];?>" style="color:#242424;font-weight:500;"><?php echo $row['phone'];?></a>
							<?php echo $row['address'];?>
							<?php echo $row['city'];?>
							<?php
							$back1 = $bdd->query("SELECT id FROM commands WHERE ip='".$row['ip']."'");
							?>
							rowCount()>1)?" lx-ip-exists":" lx-ip-new";?>"><?php echo $row['ip'];?>
						</td>
						<td><?php echo $row['code'];?></td>
						<td>
							<?php
							if(preg_match("#^[0-9]+(,[0-9]+)*$#",$row['product'])){
								$i = 0;
								$qtys = explode(",",$row['qty']);
								$details = explode(",",$row['details']);
								$back1 = $bdd->query("SELECT id,title,slug FROM products WHERE id IN(".$row['product'].") ORDER BY FIELD(id,".$row['product'].")");
								while($row1 = $back1->fetch()){
									?>
							<a href="<?php echo $websiteurl;?>/product/<?php echo $row1['id']."-".$row1['slug']?>" style="word-break:break-all;" target="_blank"><?php echo $row1['title'].(($details[$i] != "")?" - ".$details[$i]:"")." x ".$qtys[$i];?></a>
									<?php
									$i++;
								}
							}
							?>
						</td>
						<td><?php echo $row['price'].$parameters['currency'];?></td>
						<?php
						$back1 = $bdd->query("SELECT state,color FROM trackingstates WHERE state='".$row['state']."'");
						$row1 = $back1->fetch();
						?>
						<td>
							" data-id="<?php echo $row['id'];?>" data-state="<?php echo $row['state'];?>" data-datereported="<?php echo ($row['datereported']!=""?gmdate('d/m/Y',$row['datereported']):'');?>" data-note="<?php echo $row['note'];?>" data-title="editstate" style="display:inline-block;padding:2px 5px;font-weight:500;background:<?php echo $row1['color'];?>;color:#FFFFFF;border-radius:4px;cursor:pointer;"><?php echo $row['state'];?>
							<?php
							if($row['datereported'] != ""){
								?>
							<?php echo gmdate("d/m/Y",$row['datereported']);?>
								<?php
							}
							?>
						</td>
						<td>
							<?php
							if($row['worker'] != "0"){
								$back1 = $bdd->query("SELECT fullname FROM users WHERE id='".$row['worker']."'");
								$row1 = $back1->fetch();
								?>
							<?php echo $row1['fullname'];?>
								<?php
							}
							?>							
							<?php echo ($row['coupon']!=""?"Coupon: ".$row['coupon']:"");?>
							<?php echo ($row['note']!=""?$row['note']:"&mdash;");?>
						</td>
						<td>
							Date ajout: <?php echo ($row['dateadd']!=""?gmdate("d/m/Y H:i",$row['dateadd']):"&mdash;");?>
							Date mise à jour: <?php echo ($row['dateupdate']!=""?gmdate("d/m/Y H:i",$row['dateupdate']):"&mdash;");?>
						</td>
						<td>
							<?php
							if($row['phase'] == "shipping" AND $row['state'] == "En cours"){
							?>
							<div class="lx-on-off lx-on-off-blue" data-state="off" data-table="commands" data-column="phase" data-id="<?php echo $row['id'];?>">
								<div class="lx-on-off-fill">
									check
									
								</div>
							</div>	
							<?php
							}
							?>
						</td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-command<?php echo $row['state']!="Retourné"?" lx-open-popup":"";?>" 
								data-id="<?php echo $row['id'];?>"
								data-product="<?php echo $row['product'];?>"
								data-details="<?php echo $row['details'];?>" 
								data-qty="<?php echo $row['qty'];?>" 
								data-fullname="<?php echo $row['fullname'];?>"
								data-phone="<?php echo $row['phone'];?>"
								data-address="<?php echo $row['address'];?>"
								data-city="<?php echo $row['city'];?>"
								data-price="<?php echo $row['price'];?>" data-title="command"></a><a href="javascript:;" class="lx-delete lx-print-ticket lx-open-popup" data-title="tickets" data-id="<?php echo $row['id'];?>"></a>
								 <a href="javascript:;" class="lx-show-history lx-open-popup" data-title="commandhistory" data-id="<?php echo $row['id'];?>"></a>
								<?php
								if($_SESSION['type'] == "moderator"){
								?>
								<a href="javascript:;" class="lx-delete lx-delete-command lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
								}
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-command" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-command" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back3->rowCount();?>" />
				<?php
				if($back3->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> commande(s) de <?php echo $back3->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back3->rowCount();?> commande(s) de <?php echo $back3->rowCount();?>
				<?php			
				}
			}
			
			if($_POST['action'] == "showcommandhistory"){
				$back = $bdd->query("SELECT id,fullname,phone,address,city FROM commands WHERE id='".$_POST['id']."'");
				$row = $back->fetch();
				?>
				<div class="lx-command-history">
					<?php echo $row['fullname'];?> (<?php echo $row['phone'];?>)
					<?php echo $row['address'];?> <?php echo $row['city'];?>
					<ul>
					<?php
					$i = 1;
					$back = $bdd->query("SELECT * FROM commandshistory WHERE command='".$row['id']."' ORDER BY dateadd");
					while($row = $back->fetch()){
						?>					
						<li>
							<?php
							$back1 = $bdd->query("SELECT state,color FROM trackingstates WHERE state='".$row['state']."'");
							$state = $back1->fetch();
							?>
							
							<?php
							if($i%2==0){
							?>
							<del style="display:inline-block;padding:2px 5px;font-weight:500;background:<?php echo $state['color'];?>;color:#FFFFFF;border-radius:4px;cursor:pointer;"><?php echo $row['state'];?></del>
							<?php
							}
							?>
							
							<ins><?php echo gmdate("d/m/Y H:i",$row['dateadd']);?></ins>
							<?php
							$back1 = $bdd->query("SELECT state,color FROM trackingstates WHERE state='".$row['state']."'");
							$state = $back1->fetch();
							?>
							
							<?php
							if($i%2!=0){
							?>
							<del style="display:inline-block;padding:2px 5px;font-weight:500;background:<?php echo $state['color'];?>;color:#FFFFFF;border-radius:4px;cursor:pointer;"><?php echo $row['state'];?></del>
							<?php
							}
							?>
							
						</li>
						<?php
						$i++;
					}
					?>
					</ul>				
				</div>
				<?php
			}
			
			if($_POST['action'] == "addtrackingstate"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO trackingstates VALUES('0','".sanitize_vars($_POST['state'])."','".sanitize_vars(substr($_POST['phases'],1))."','".sanitize_vars($_POST['color'])."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE trackingstates SET state='".sanitize_vars($_POST['state'])."',color='".sanitize_vars($_POST['color'])."',phases='".sanitize_vars(substr($_POST['phases'],1))."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}
			
			if($_POST['action'] == "deletetrackingstate"){
				$req = $bdd->prepare("UPDATE trackingstates SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restoretrackingstate"){
				$req = $bdd->prepare("UPDATE trackingstates SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}

if($_POST['action'] == "deletetrackingstatepermanently"){
				$req = $bdd->prepare("DELETE FROM trackingstates WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadtrackingstates"){
				$back = $bdd->query("SELECT id FROM trackingstates WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-trackingstates"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM trackingstates WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-trackingstates"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Etat</td>
						<td>Etape</td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM trackingstates WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND state LIKE '%".$_POST['keyword']."%'";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="trackingstate" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>;color:#FFFFFF;border-radius:4px;"><?php echo $row['state'];?></td>
						<td><?php echo str_replace(",",", ",$row['phases']);?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-trackingstate lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-state="<?php echo $row['state'];?>"
								data-color="<?php echo $row['color'];?>"
								data-phases=",<?php echo $row['phases'];?>" data-title="trackingstate"></a><a href="javascript:;" class="lx-delete lx-delete-trackingstate lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-trackingstate" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-trackingstate" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> état(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> état(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addpage"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO pages(id,title,slug,description,keywords,trash) VALUES ('0','".sanitize_vars($_POST['title'])."','".sanitize_vars($_POST['slug'])."','".addslashes($_POST['description'])."','".sanitize_vars($_POST['keywords'])."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE pages SET title='".sanitize_vars($_POST['title'])."',slug='".sanitize_vars($_POST['slug'])."',description='".addslashes($_POST['description'])."',keywords='".sanitize_vars($_POST['keywords'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletepage"){
				$req = $bdd->prepare("UPDATE pages SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorepage"){
				$req = $bdd->prepare("UPDATE pages SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletepagepermanently"){
				$req = $bdd->prepare("DELETE FROM pages WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadpages"){
				$back = $bdd->query("SELECT id FROM pages WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-page"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM pages WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-page"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Titre </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM pages WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (title LIKE '%".sanitize_vars($_POST['keyword'])."%' OR description LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="page" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td>
							<?php echo $row['title'];?>
							<a href="<?php echo $websiteurl;?>/page/<?php echo $row['slug']?>" style="word-break:break-all;" target="_blank"><?php echo $websiteurl;?>/page/<?php echo $row['slug']?></a>
						</td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-page lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-titl="<?php echo $row['title'];?>"
								data-slug="<?php echo $row['slug'];?>"
								data-description="<?php echo str_replace("\"","'",$row['description']);?>"
								data-keywords="<?php echo addslashes($row['keywords']);?>" data-title="page"></a><a href="javascript:;" class="lx-delete lx-delete-page lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-page" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-page" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> page(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> page(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addexpense"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO expenses(id,cost,type,description,dateadd,trash) VALUES ('0','".sanitize_vars($_POST['cost'])."','".sanitize_vars($_POST['type'])."','".sanitize_vars($_POST['description'])."','".time()."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE expenses SET cost='".sanitize_vars($_POST['cost'])."',type='".sanitize_vars($_POST['type'])."',description='".sanitize_vars($_POST['description'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deleteexpense"){
				$req = $bdd->prepare("UPDATE expenses SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restoreexpense"){
				$req = $bdd->prepare("UPDATE expenses SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deleteexpensepermanently"){
				$req = $bdd->prepare("DELETE FROM expenses WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadexpenses"){
				$back = $bdd->query("SELECT id FROM expenses WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-expense"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM expenses WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-expense"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Description</td>
						<td>Type </td>
						<td>Montant </td>
						<td>Date ajout </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM expenses WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (description LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['type'] != ""){
						$req .= " AND type='".sanitize_vars($_POST['type'])."'";
					}
					if($_POST['datestart'] != "" AND $_POST['dateend'] != ""){
						$datestart = strtotime(str_replace("/","-",$_POST['datestart']));
						$dateend = strtotime(str_replace("/","-",$_POST['dateend'])) + (60*60*24) - 1;
						$req .= " AND (dateadd BETWEEN '".$datestart."' AND '".$dateend."')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="expense" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td><?php echo $row['description'];?></td>
						<td><?php echo $row['type'];?></td>
						<td><?php echo $row['cost'].$parameters['currency'];?></td>
						<td><?php echo date("d/m/Y",$row['dateadd']);?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-expense lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-cost="<?php echo $row['cost'];?>"
								data-type="<?php echo $row['type'];?>"
								data-description="<?php echo addslashes($row['description']);?>" data-title="expense"></a><a href="javascript:;" class="lx-delete lx-delete-expense lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-expense" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-expense" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> expense(s) et revenu(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> expense(s) et revenu(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addslide"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO slides(id,slide,link,trash) VALUES ('0','".sanitize_vars($_POST['thumbnail'])."','".sanitize_vars($_POST['link'])."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE slides SET slide='".sanitize_vars($_POST['thumbnail'])."',link='".sanitize_vars($_POST['link'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deleteslide"){
				$req = $bdd->prepare("UPDATE slides SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restoreslide"){
				$req = $bdd->prepare("UPDATE slides SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deleteslidepermanently"){
				$req = $bdd->prepare("DELETE FROM slides WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadslides"){
				$back = $bdd->query("SELECT id FROM slides WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-slide"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM slides WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-slide"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Lien </td>
						<td>Slide</td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM slides c WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (link LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="slide" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td><?php echo $row['link'];?></td>
						<td><img src="../is-uploads/micro_<?php echo $row['slide'];?>"/></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-slide lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-slide="<?php echo $row['slide'];?>"
								data-link="<?php echo $row['link'];?>" data-title="slide"></a><a href="javascript:;" class="lx-delete lx-delete-slide lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-slide" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-slide" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> slide(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> slide(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addhomesection"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO homesections(id,category,title,ord,trash) VALUES ('0','".sanitize_vars($_POST['category'])."','".sanitize_vars($_POST['title'])."','".sanitize_vars($_POST['ord'])."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE homesections SET category='".sanitize_vars($_POST['category'])."',title='".sanitize_vars($_POST['title'])."',ord='".sanitize_vars($_POST['ord'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletehomesection"){
				$req = $bdd->prepare("UPDATE homesections SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorehomesection"){
				$req = $bdd->prepare("UPDATE homesections SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletehomesectionpermanently"){
				$req = $bdd->prepare("DELETE FROM homesections WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadhomesections"){
				$back = $bdd->query("SELECT id FROM homesections WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-homesection"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM homesections WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-homesection"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>Section </td>
						<td>Ordre </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM homesections WHERE trash='".$_POST['state']."'";
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="homesection" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td><?php echo $row['title'];?></td>
						<td><?php echo $row['ord'];?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-homesection lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-category="<?php echo $row['category'];?>"
								data-titl="<?php echo $row['title'];?>"
								data-ord="<?php echo $row['ord'];?>" data-title="homesection"></a><a href="javascript:;" class="lx-delete lx-delete-homesection lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-homesection" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-homesection" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> section(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> section(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}
			
			if($_POST['action'] == "deletesearchterm"){
				$back = $bdd->query("SELECT keyword FROM searchterms WHERE id='".$_POST['id']."'");
				$row = $back->fetch();
				$req = $bdd->prepare("DELETE FROM searchterms WHERE keyword='".$row['keyword']."'");
				$req->execute();
			}			
			
			if($_POST['action'] == "loadsearchterms"){
				?>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td style="width:1%;">Nombre de recherche </td>
						<td>Mot clé </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT id,keyword,COUNT(keyword) AS nb FROM searchterms WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (keyword LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					$req .= " GROUP BY keyword";
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY nb";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="searchterm" value="" /><del class="checkmark"></del></label></td>
						<td><?php echo $row['nb'];?></td>
						<td><?php echo $row['keyword'];?></td>
						<td><a href="javascript:;" class="lx-delete lx-delete-searchterm lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a></td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> Mot clé(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> Mot clé(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addnewsletter"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO newsletter(id,email,dateadd,trash) VALUES ('0','".sanitize_vars($_POST['email'])."','".time()."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE newsletter SET email='".sanitize_vars($_POST['email'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "deletenewsletter"){
				$req = $bdd->prepare("UPDATE newsletter SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restorenewsletter"){
				$req = $bdd->prepare("UPDATE newsletter SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deletenewsletterpermanently"){
				$req = $bdd->prepare("DELETE FROM newsletter WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "loadnewsletter"){
				$back = $bdd->query("SELECT id FROM newsletter WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-newsletter"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM newsletter WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-newsletter"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>E-mail </td>
						<td>Date inscription </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM newsletter WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (email LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="newsletter" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td><?php echo $row['email'];?></td>
						<td><?php echo date("d/m/Y",$row['dateadd']);?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-newsletter lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-email="<?php echo $row['email'];?>" data-title="newsletter"></a>
								<a href="javascript:;" class="lx-delete lx-delete-newsletter lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-newsletter" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-newsletter" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> email(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> email(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "addemail"){
				if($_POST['id'] == "0"){
					$req = $bdd->prepare("INSERT INTO emails(id,title,content,dateadd,trash) VALUES ('0','".sanitize_vars($_POST['title'])."','".addslashes($_POST['description'])."','".time()."','1')");
					$req->execute();
				}
				else{
					$req = $bdd->prepare("UPDATE emails SET title='".sanitize_vars($_POST['title'])."',content='".addslashes($_POST['description'])."' WHERE id='".$_POST['id']."'");
					$req->execute();
				}
			}

if($_POST['action'] == "sendemail"){
				$back = $bdd->query("SELECT * FROM emails WHERE id='".$_POST['id']."' AND trash='1'");
				$email = $back->fetch();
				$domainparts = explode("/",$websiteurl);
				$domainparts = explode(".",$domainparts[2]);
				$domain = implode(".",$domainparts);
				if(count($domainparts) > 2){
					unset($domainparts[0]);
					$domain = implode(".",$domainparts);
				}
				$back = $bdd->query("SELECT * FROM newsletter WHERE trash='1'");
				while($row = $back->fetch()){
					sendEmails($row['email'],$parameters['email'],$parameters['sitename'],stripslashes($email['title']),htmlspecialchars_decode($email['content']),'no');
				}
			}

if($_POST['action'] == "deleteemail"){
				$req = $bdd->prepare("UPDATE emails SET trash='0' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "restoreemail"){
				$req = $bdd->prepare("UPDATE emails SET trash='1' WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "deleteemailpermanently"){
				$req = $bdd->prepare("DELETE FROM emails WHERE id='".$_POST['id']."'");
				$req->execute();
			}
			
			if($_POST['action'] == "testemail"){
				$domainparts = explode("/",$websiteurl);
				$domainparts = explode(".",$domainparts[2]);
				$domain = implode(".",$domainparts);
				if(count($domainparts) > 2){
					unset($domainparts[0]);
					$domain = implode(".",$domainparts);
				}
				sendEmails($_POST['email'],$parameters['email'],$parameters['sitename'],$_POST['subject'],htmlspecialchars_decode($_POST['description']),'no');
			}
			
			if($_POST['action'] == "loademails"){
				$back = $bdd->query("SELECT id FROM emails WHERE trash='0'");
				?>
				<a href="javascript:;" class="lx-trash lx-trash-email"> Corbeille (<?php echo $back->rowCount();?>)</a>
				<?php
				$back = $bdd->query("SELECT id FROM emails WHERE trash='1'");
				?>
				<a href="javascript:;" class="lx-trash lx-published-email"> Publiés (<?php echo $back->rowCount();?>)</a>
				<table cellpadding="0" cellspacing="0">
					<tr class="lx-first-tr">
						<td><label><input type="checkbox" name="selectall" value="selectall" /><del class="checkmark"></del></label></td>
						<td>E-mail </td>
						<td>Date création </td>
						<td>Action</td>
					</tr>
					<?php
					$req = "SELECT * FROM emails WHERE trash='".$_POST['state']."'";
					if($_POST['keyword'] != ""){
						$req .= " AND (title LIKE '%".sanitize_vars($_POST['keyword'])."%' OR content LIKE '%".sanitize_vars($_POST['keyword'])."%')";
					}
					if($_POST['sortby'] != ""){
						$req .= " ORDER BY ".$_POST['sortby'];
					}
					else{
						$req .= " ORDER BY id";
					}
					$req .= " ".$_POST['orderby'];
					$back2 = $bdd->query($req);
					$req .= " LIMIT ".$_POST['start'].",".$_POST['nbpage'];
					$back = $bdd->query($req);
					while($row = $back->fetch()){
						?>
					<tr>
						<td><label><input type="checkbox" name="email" value="<?php echo $row['id'];?>" /><del class="checkmark"></del></label></td>
						<td><?php echo $row['title'];?></td>
						<td><?php echo date("d/m/Y",$row['dateadd']);?></td>
						<td>
							<?php
							if($_POST['state'] == 1){
								?>
							<a href="javascript:;" class="lx-edit lx-edit-email lx-open-popup" 
								data-id="<?php echo $row['id'];?>"
								data-titl="<?php echo $row['title'];?>" 
								data-description="<?php echo str_replace("\"","'",$row['content']);?>"
								data-title="emailing"></a>
								<a href="javascript:;" class="lx-edit lx-send-emails" data-id="<?php echo $row['id'];?>"></a>
								<a href="javascript:;" class="lx-delete lx-delete-email lx-open-popup" data-title="deleterecord" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							else{
								?>
							<a href="javascript:;" class="lx-edit lx-restore-email" data-id="<?php echo $row['id'];?>"></a><a href="javascript:;" class="lx-delete lx-delete-permanently-email" data-id="<?php echo $row['id'];?>"></a>
								<?php
							}
							?>
						</td>
					</tr>
						<?php
					}
					?>
				</table>
				<input type="hidden" id="posts" value="<?php echo $back2->rowCount();?>" />
				<?php
				if($back2->rowCount() > ($_POST['start'] + $_POST['nbpage'])){
				?>
				<?php echo ($_POST['start'] + $_POST['nbpage']);?> email(s) de <?php echo $back2->rowCount();?>
				<?php
				}
				else{
				?>
				<?php echo $back2->rowCount();?> email(s) de <?php echo $back2->rowCount();?>
				<?php			
				}
			}

if($_POST['action'] == "saveplayer"){
				$req = $bdd->prepare("UPDATE users SET idplayer='".sanitize_vars($_POST['player'])."' WHERE id='".$_SESSION['id']."'");
				$req->execute();
			}

if($_POST['action'] == "editsetting"){
				$req = $bdd->prepare("UPDATE parameters SET title='".sanitize_vars($_POST['title'])."',description='".sanitize_vars($_POST['description'])."',sitename='".sanitize_vars($_POST['sitename'])."',logo='".sanitize_vars($_POST['logo'])."',phone1='".sanitize_vars($_POST['phone1'])."',phone2='".sanitize_vars($_POST['phone2'])."',whatsapp='".sanitize_vars($_POST['whatsapp'])."',address='".sanitize_vars($_POST['address'])."',facebook='".sanitize_vars($_POST['facebook'])."',instagram='".sanitize_vars($_POST['instagram'])."',youtube='".sanitize_vars($_POST['youtube'])."',pixel='".sanitize_vars($_POST['pixel'])."',analytic='".sanitize_vars($_POST['analytic'])."',onesignal='".sanitize_vars($_POST['onesignal'])."',stockout='".sanitize_vars($_POST['stockout'])."',currency='".sanitize_vars($_POST['currency'])."',email='".sanitize_vars($_POST['email'])."'");
				$req->execute();					
			}
			
			if($_POST['action'] == "editappearance"){
				$req = $bdd->prepare("UPDATE appearance SET nbposts='".sanitize_vars($_POST['nbposts'])."',topbanner='".sanitize_vars($_POST['topbanner'])."',topbannertxt='".sanitize_vars($_POST['topbannertxt'])."',slide='".sanitize_vars($_POST['slide'])."',newsletter='".sanitize_vars($_POST['newsletter'])."',whatsapp='".sanitize_vars($_POST['whatsapp'])."',addtocart='".sanitize_vars($_POST['addtocart'])."',simplecart='".sanitize_vars($_POST['simplecart'])."',fullname='".sanitize_vars($_POST['fullname'])."',phone='".sanitize_vars($_POST['phone'])."',email='".sanitize_vars($_POST['email'])."',address='".sanitize_vars($_POST['address'])."',city='".sanitize_vars($_POST['city'])."',parselects='".sanitize_vars($_POST['parselects'])."',cookies='".sanitize_vars($_POST['cookies'])."',cookiespage='".sanitize_vars($_POST['cookiespage'])."',coupon='".sanitize_vars($_POST['coupon'])."',upsell='".sanitize_vars($_POST['upsell'])."',nbupsell='".sanitize_vars($_POST['nbupsell'])."',showbuybtn='".sanitize_vars($_POST['showbuybtn'])."'");
				$req->execute();	
				$req = $bdd->prepare("UPDATE parameters SET dirlang='".sanitize_vars($_POST['dirlang'])."',activelang='".sanitize_vars($_POST['activelang'])."'");
				$req->execute();
			}
	
			if($_POST['action'] == "editcss"){
				$req = $bdd->prepare("UPDATE parameters SET css='".sanitize_vars($_POST['css'])."'");
				$req->execute();
			}
		
			if($_POST['action'] == "editip"){
				$req = $bdd->prepare("UPDATE parameters SET blockedip='".sanitize_vars($_POST['ips'])."'");
				$req->execute();
			}

if($_POST['action'] == "edittheme"){
				$req = $bdd->prepare("UPDATE parameters SET theme='".sanitize_vars($_POST['theme'])."'");
				$req->execute();
				$htaccess = file_get_contents("../is-themes/".$_POST['theme']."/htaccess.php");
				file_put_contents("../.htaccess",$htaccess);
				$oglang = file_get_contents("../is-themes/".$_POST['theme']."/oglang.json");
				$newlang = file_get_contents("../is-themes/".$_POST['theme']."/newlang.json");
				$req = $bdd->prepare("UPDATE parameters SET oglang='".addslashes($oglang)."',newlang='".addslashes($newlang)."'");
				$req->execute();				
			}

if($_POST['action'] == "savetranslation"){
				$newlang = '';
				$keys = explode(",",$_POST['keys']);
				$values = explode(",",$_POST['values']);
				for($i=1;$i<count($keys);$i++){
					$newlang .= ',"'.$keys[$i].'" : "'.$values[$i].'"';
				}
				$newlang = '{'.substr($newlang,1).'}';
				$req = $bdd->prepare("UPDATE parameters SET newlang='".addslashes($newlang)."'");
				$req->execute();
				file_put_contents("../is-themes/".$parameters['theme']."/newlang.json",$newlang);
			}
			
			if($_POST['action'] == "deletemedias"){
				$back = $bdd->query("SELECT * FROM medias WHERE id='".$_POST['id']."' LIMIT 0,1");
				$row = $back->fetch();
				unlink("../is-uploads/".$row['thumbnail']);
				unlink("../is-uploads/large_".$row['thumbnail']);
				unlink("../is-uploads/small_".$row['thumbnail']);
				unlink("../is-uploads/cropped_".$row['thumbnail']);
				unlink("../is-uploads/micro_".$row['thumbnail']);
				$req = $bdd->prepare("DELETE FROM medias WHERE id='".$_POST['id']."'");
				$req->execute();
			}

if($_POST['action'] == "changestate"){
				if($_POST['table'] == "commands" AND $_POST['column'] == "phase"){
					$back = $bdd->query("SELECT id,product,details,qty,state FROM commands WHERE id='".$_POST['id']."'");
					$command = $back->fetch();
					$products = explode(",",$command['product']);
					$detail = explode(",",$command['details']);
					$qtys = explode(",",$command['qty']);					
					if($_POST['state'] == "on"){
						for($i=0;$i<count($detail);$i++){
							$details = explode(" - ",$detail[$i]);
							for($j=0;$j<count($details);$j++){
								if($details[$j] != ""){
									$req = $bdd->prepare("UPDATE `variants` SET `qty`=(`qty`-".$qtys[$i].") WHERE variant='".$details[$j]."' AND product='".$products[$i]."'");
									$req->execute();
								}
							}
						}
						$req = $bdd->prepare("UPDATE `".$_POST['table']."` SET `".$_POST['column']."`='shipping',state='En cours' WHERE id='".$_POST['id']."' AND state='Confirmé'");
						$req->execute();	
					}
					else{
						for($i=0;$i<count($detail);$i++){
							$details = explode(" - ",$detail[$i]);
							for($j=0;$j<count($details);$j++){
								if($details[$j] != ""){
									$req = $bdd->prepare("UPDATE `variants` SET `qty`=(`qty`+".$qtys[$i].") WHERE variant='".$details[$j]."' AND product='".$products[$i]."'");
									$req->execute();
								}
							}
						}
						$req = $bdd->prepare("UPDATE `".$_POST['table']."` SET `".$_POST['column']."`='confirmation',state='Confirmé' WHERE id='".$_POST['id']."' AND state='En cours'");
						$req->execute();						
					}
					$req = $bdd->prepare("INSERT INTO commandshistory(id,command,state,dateadd) VALUES ('0','".$command['id']."','".$command['state']."','".time()."')");
					$req->execute();
				}
				if($_POST['table'] != "commands" AND $_POST['column'] != "phase"){
					$req = $bdd->prepare("UPDATE `".$_POST['table']."` SET `".$_POST['column']."`='".$_POST['state']."' WHERE id='".$_POST['id']."'");
					$req->execute();					
				}
			}
			
			if($_POST['action'] == "updatebulk"){
				if($_POST['state'] == "delete"){
					$req = $bdd->prepare("UPDATE `".$_POST['table']."` SET trash='0' WHERE `".$_POST['column']."` IN(".$_POST['ids'].")");
					$req->execute();
				}
				elseif($_POST['state'] == "deletepermenantly"){	
					$req = $bdd->prepare("DELETE FROM `".$_POST['table']."` WHERE `".$_POST['column']."` IN(".$_POST['ids'].")");
					$req->execute();
				}
				elseif($_POST['state'] == "restore"){	
					$req = $bdd->prepare("UPDATE `".$_POST['table']."` SET trash='1' WHERE `".$_POST['column']."` IN(".$_POST['ids'].")");
					$req->execute();
				}
				else{
					
				}
			}
			
			if($_POST['action'] == "allnotifs"){
				$enattente = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND state='Nouveau' AND trash='1'");
				$reported = $bdd->query("SELECT id FROM commands WHERE phase='confirmation' AND state='Reporté' AND ((datereported < ".(time() + (60*60*24*3))." AND city<>'Casablanca') OR (datereported < ".(time() + (60*60*24))." AND city='Casablanca')) AND datereported<>'' AND trash='1'".$user);
				$notifs = '{ notifs : [';
				$notifs .= '{ "enattente" : "'.$enattente->rowCount().'" , "reported" : "'.$reported->rowCount().'" , "commands" : "'.($enattente->rowCount()+$reported->rowCount()).'" }';
				$notifs .= '] }';
				echo $notifs;
			}
		}
	}
}

function random(){
	$alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
	$pass = array(); //remember to declare $pass as an array
	$alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
	for ($j = 0; $j < 5; $j++) {
		$n = rand(0, $alphaLength);
		$pass[] = $alphabet[$n];
	}
	return implode($pass);
}

function sendEmails($to,$from,$name,$subject,$message,$no){

$mail = $to; // Déclaration de l'adresse de destination.
	if (!preg_match("#^[a-z0-9._-]+@(hotmail|live|msn).[a-z]{2,4}$#", $mail)) // On filtre les serveurs qui présentent des bogues.
	{
		$passage_ligne = "\r\n";
	}
	else
	{
		$passage_ligne = "\n";
	}
	//=====Déclaration des messages au format texte et au format HTML.
	$message_header = ""; // "<a href='https://istock.ma/'><img src='https://istock.ma/images/logo.png' /></a> "

$message_footer = ""; /*"Veuillez ne pas répondre à cet email, car toute réponse envoyée à cette adresse ne sera pas traitée
	Merci et à très bientôt
	L'équipe iStock.ma
	<a href='https://istock.ma/' style='color:#d81143;text-decoration:none;'>iStock - 1er site de warehousing au Maroc</a>"*/

$message_txt = strip_tags($message_header.$message.$message_footer);
	$message_html = $message_header.$message.$message_footer;
	if($no == "no"){
		$message_txt = strip_tags($message);
		$message_html = $message;		
	}
	//==========
	 
	//===== Création de la boundary.
	$boundary = "-----=".md5(rand());
	$boundary_alt = "-----=".md5(rand());
	//==========
	 
	//===== Définition du sujet.
	$sujet = $subject;
	//=========
	 
	//===== Création du header de l'e-mail.
	$header = "From: ".$name." <".$from.">".$passage_ligne;
	$header.= "Reply-to: ".$name." <".$from.">".$passage_ligne;
	$header.= "MIME-Version: 1.0".$passage_ligne;
	$header.= "Content-Type: multipart/mixed;".$passage_ligne." boundary=\"$boundary\"".$passage_ligne;
	//==========
	 
	//===== Création du message.
	$message = $passage_ligne."--".$boundary.$passage_ligne;
	$message.= "Content-Type: multipart/alternative;".$passage_ligne." boundary=\"$boundary_alt\"".$passage_ligne;
	$message.= $passage_ligne."--".$boundary_alt.$passage_ligne;
	//===== Ajout du message au format texte.
	$message.= "Content-Type: text/plain; charset=\"UTF-8\"".$passage_ligne;
	$message.= "Content-Transfer-Encoding: 8bit".$passage_ligne;
	$message.= $passage_ligne.$message_txt.$passage_ligne;
	//==========
	 
	$message.= $passage_ligne."--".$boundary_alt.$passage_ligne;
	 
	//===== Ajout du message au format HTML.
	$message.= "Content-Type: text/html; charset=\"UTF-8\"".$passage_ligne;
	$message.= "Content-Transfer-Encoding: 8bit".$passage_ligne;
	$message.= $passage_ligne.$message_html.$passage_ligne;
	//==========
	 
	//===== On ferme la boundary alternative.
	$message.= $passage_ligne."--".$boundary_alt."--".$passage_ligne;
	//==========
	 
	$message.= $passage_ligne."--".$boundary.$passage_ligne;

//===== Envoi de l'e-mail.
	mail($mail,$sujet,$message,$header);
	 
	//==========

}

function sendToStockOUT($url,$product,$qty,$store,$fullname,$phone,$address,$city,$price){
	if(preg_match("#http#",$url)){
		$url = $url."/rc.php?product=".urlencode($product)."&qty=".$qty."&store=".urlencode($store)."&fullname=".urlencode($fullname)."&phone=".urlencode($phone)."&city=".urlencode($city)."&address=".urlencode($address)."&price=".$price;
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, $url);
		curl_setopt($ch, CURLOPT_HEADER, false);
		$result = curl_exec($ch);
		curl_close($ch);	
	}
}