diff options
author | arf20 <aruizfernandez05@gmail.com> | 2024-03-18 17:55:48 +0100 |
---|---|---|
committer | arf20 <aruizfernandez05@gmail.com> | 2024-03-18 17:55:48 +0100 |
commit | 4c4b8df824dcd2fd3ac4b8d486181ec87a0f13cd (patch) | |
tree | 3748190bf03444a6fa39624fbe75df462f7fddcd /manageorders.php | |
parent | 6bf04fb78dddeef3d95a4dfd7de75546055e04b0 (diff) | |
download | arfnet2-cstims-4c4b8df824dcd2fd3ac4b8d486181ec87a0f13cd.tar.gz arfnet2-cstims-4c4b8df824dcd2fd3ac4b8d486181ec87a0f13cd.zip |
Add manageorders, fix services edit
Diffstat (limited to 'manageorders.php')
-rw-r--r-- | manageorders.php | 190 |
1 files changed, 190 insertions, 0 deletions
diff --git a/manageorders.php b/manageorders.php new file mode 100644 index 0000000..c91a5b7 --- /dev/null +++ b/manageorders.php @@ -0,0 +1,190 @@ +<?php + +session_start(); + +if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ + header("location: /login.php"); + exit; +} + +$username = $_SESSION["username"]; +$type = $_SESSION["type"]; + +if ($type != "admin") die("Permission denied."); + +require_once "config.php"; + +// Get clients +$sql = "SELECT id, username FROM users WHERE type = ?"; +$stmt = mysqli_prepare($link, $sql); +mysqli_stmt_bind_param($stmt, "s", $param_type); +$param_type = "client"; +mysqli_stmt_execute($stmt); +$result = mysqli_stmt_get_result($stmt); +$clients = $result->fetch_all(MYSQLI_ASSOC); + +// Get services +$sql = "SELECT id, name, type, billing, description FROM services"; +$stmt = mysqli_prepare($link, $sql); +mysqli_stmt_execute($stmt); +$result = mysqli_stmt_get_result($stmt); +$services = $result->fetch_all(MYSQLI_ASSOC); + +// Get orders +$sql = "SELECT id, service, name, client, date, billing, comments FROM orders"; +$stmt = mysqli_prepare($link, $sql); +mysqli_stmt_execute($stmt); +$result = mysqli_stmt_get_result($stmt); +$orders = $result->fetch_all(MYSQLI_ASSOC); + +// GET actions +// delete entry +if (isset($_GET["del"])) { + $sql = "DELETE FROM orders WHERE id = ?"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "s", $param_id); + $param_id = $_GET["del"]; + if (!mysqli_stmt_execute($stmt) || mysqli_stmt_affected_rows($stmt) != 1) { + echo "SQL error."; + } else header("location: ".$_SERVER['SCRIPT_NAME']); +} + +// POST actions +if ($_SERVER["REQUEST_METHOD"] == "POST") { + // add entry + if (isset($_POST["add"])) { + $sql = "INSERT INTO orders (service, name, client, billing, comments) VALUES (?, ?, ?, ?, ?)"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "sssss", $param_service, $param_name, $param_client, $param_billing, $param_comments); + $param_service = $_POST["service"]; + $param_name = $_POST["name"]; + $param_client = $_POST["client"]; + $param_billing = $_POST["billing"]; + $param_comments = $_POST["comments"]; + + if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) { + echo "SQL error."; + } else header("location: ".$_SERVER['SCRIPT_NAME']); + } + + // edit entry + if (isset($_POST["save"])) { + $sql = "UPDATE orders SET name = ?, billing = ?, comments = ? WHERE id = ?"; + $stmt = mysqli_prepare($link, $sql); + mysqli_stmt_bind_param($stmt, "ssss", $param_name, $param_billing, $param_comments, $param_id); + $param_name = $_POST["name"]; + $param_billing = $_POST["billing"]; + $param_comments = $_POST["comments"]; + $param_id = $_POST["id"]; + + if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) { + echo "SQL error."; + } else header("location: ".$_SERVER['SCRIPT_NAME']); + } +} + +function getorderbyid($id) { + global $orders; + foreach ($orders as $order) { + if ($order["id"] == $id) { + return $order; + } + } +} + +function getservicebyid($id) { + global $services; + foreach ($services as $service) { + if ($service["id"] == $id) { + return $service; + } + } +} + +function getclientbyid($id) { + global $clients; + foreach ($clients as $client) { + if ($client["id"] == $id) { + return $client; + } + } +} + +?> + +<!doctype html> +<html> + <head> + <meta charset="UTF-8"> + <link rel="stylesheet" type="text/css" href="/style.css"> + <title>ARFNET CSTIMS</title> + </head> + <body> + <header><a href="https://arf20.com/"> + <img src="arfnet_logo.png" width="64"><span class="title"><strong>ARFNET</strong></span> + </a></header> + <hr> + <main> + <div class="row"> + <div class="col8"> + <h2 class="center">ARFNET Client Service Ticket and Invoice Management System</h2> + <h3><?php echo strtoupper($type[0]).substr($type, 1); ?> panel</h3> + <h3>Orders</h3> + + <?php + if (isset($_GET["edit"])) { + $order = getorderbyid($_GET["edit"]); + echo "<div class=\"editform\"><h3>Edit order ".$order["id"]."</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n" + ."<label>Name</label><br><input type=\"text\" name=\"name\" value=\"".$order["name"]."\"><br>\n" + ."<label>Billing</label><br><input type=\"text\" name=\"billing\" value=\"".$order["billing"]."\"><br>\n" + ."<label>Comments</label><br><textarea name=\"comments\" rows=\"10\" cols=\"80\">".$order["comments"]."</textarea><br>\n" + ."<input type=\"hidden\" name=\"id\" value=\"".$order["id"]."\">" + ."<br><input type=\"submit\" name=\"save\" value=\"Save\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>" + ."</form></div>"; + } + + if (isset($_GET["add"])) { + $client_options = $service_options = ""; + foreach ($clients as $client) + $client_options .= "<option value=\"".$client["id"]."\">".$client["username"]."</option>"; + foreach ($services as $service) + $service_options .= "<option value=\"".$service["id"]."\">".$service["name"]."</option>"; + echo "<div class=\"editform\"><h3>Add order</h3><form action=\"".$_SERVER["SCRIPT_NAME"]."\" method=\"post\">\n" + ."<label>Service</label><br><select name=\"service\">".$service_options."</select><br>" + ."<label>Name</label><br><input type=\"text\" name=\"name\"><br>\n" + ."<label>Client</label><br><select name=\"client\">".$client_options."</select><br>\n" + ."<label>Billing</label><br><input type=\"text\" name=\"billing\"><br>\n" + ."<label>Comments</label><br><textarea name=\"comments\" rows=\"10\" cols=\"80\"></textarea><br>\n" + ."<br><input type=\"submit\" name=\"add\" value=\"Add\"><a href=\"".$_SERVER["SCRIPT_NAME"]."\">cancel</a>" + ."</form></div>"; + } + ?> + + <a href="?add">add</a> + <table> + <tr><th>id</th><th>service</th><th>instance</th><th>client</th><th>billing</th><th>date</th><th>comments</th><th>action</th></tr> + <?php + foreach ($orders as $order) { + echo "<tr><td>".$order["id"]."</td>" + ."<td>".getservicebyid($order["service"])["name"]."</td>" + ."<td>".$order["name"]."</td>" + ."<td>".getclientbyid($order["client"])["username"]."</td>" + ."<td>".$order["billing"]."</td>" + ."<td>".$order["date"]."</td>" + ."<td><pre>".$order["comments"]."</pre></td>" + ."<td><a href=\"?del=".$order["id"]."\">del</a> <a href=\"?edit=".$order["id"]."\">edit</a></td></tr>\n"; + } + ?> + </table> + + </div> + <div class="col2"> + <h3>Logged as <?php echo $username; ?></h3> + <h3><a href="/logout.php">Logout</h2> + <h3><a href="/admin.php">Back to admin panel</h2> + </div> + </div> + </main> + </body> +</html> + |