From 4c4b8df824dcd2fd3ac4b8d486181ec87a0f13cd Mon Sep 17 00:00:00 2001
From: arf20 <aruizfernandez05@gmail.com>
Date: Mon, 18 Mar 2024 17:55:48 +0100
Subject: Add manageorders, fix services edit

---
 admin.php          |  16 ++++-
 dbinit.sql         |  11 ++++
 manageorders.php   | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 manageservices.php |  22 ++++++-
 manageusers.php    |   1 -
 5 files changed, 235 insertions(+), 5 deletions(-)
 create mode 100644 manageorders.php

diff --git a/admin.php b/admin.php
index 24bd448..37a69f6 100644
--- a/admin.php
+++ b/admin.php
@@ -26,6 +26,13 @@ mysqli_stmt_execute($stmt);
 $result = mysqli_stmt_get_result($stmt);
 $services = $result->fetch_all(MYSQLI_ASSOC);
 
+// Get services
+$sql = "SELECT id, service, name, client FROM orders";
+$stmt = mysqli_prepare($link, $sql);
+mysqli_stmt_execute($stmt);
+$result = mysqli_stmt_get_result($stmt);
+$orders = $result->fetch_all(MYSQLI_ASSOC);
+
 ?>
 
 <!doctype html>
@@ -70,7 +77,14 @@ $services = $result->fetch_all(MYSQLI_ASSOC);
                         </div>
                         <div class="col2">
                             <h3>Orders</h3>
-                            <!-- TODO PHP list of services -->
+                            <table>
+                                <tr><th>service</th><th>instance</th><th>client</th></tr>
+                                <?php
+                                foreach ($orders as $order) {
+                                    echo "<tr><td>".$order['service']."</td><td>".$order['name']."</td><td>".$order['client']."</tr>\n";
+                                }
+                                ?>
+                            </table>
                         </div>
                         <div class="col2">
                             <h3>Tickets</h3>
diff --git a/dbinit.sql b/dbinit.sql
index 7fdc06e..7f7dec9 100644
--- a/dbinit.sql
+++ b/dbinit.sql
@@ -20,3 +20,14 @@ CREATE TABLE `arfnet2`.`services` (
     `description` TEXT NOT NULL ,
     PRIMARY KEY (`id`)
 );
+
+CREATE TABLE `arfnet2`.`orders` (
+    `id` INT NOT NULL AUTO_INCREMENT ,
+    `service` INT NOT NULL ,
+    `name` VARCHAR(255) NOT NULL ,
+    `client` INT NOT NULL ,
+    `billing` VARCHAR(255) NOT NULL ,
+    `date` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+    `comments` TEXT NOT NULL ,
+    PRIMARY KEY (`id`)
+);
diff --git a/manageorders.php b/manageorders.php
new file mode 100644
index 0000000..c91a5b7
--- /dev/null
+++ b/manageorders.php
@@ -0,0 +1,190 @@
+<?php
+
+session_start();
+
+if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
+    header("location: /login.php");
+    exit;
+}
+
+$username = $_SESSION["username"];
+$type = $_SESSION["type"];
+
+if ($type != "admin") die("Permission denied.");
+
+require_once "config.php";
+
+// Get clients
+$sql = "SELECT id, username FROM users WHERE type = ?";
+$stmt = mysqli_prepare($link, $sql);
+mysqli_stmt_bind_param($stmt, "s", $param_type);
+$param_type = "client";
+mysqli_stmt_execute($stmt);
+$result = mysqli_stmt_get_result($stmt);
+$clients = $result->fetch_all(MYSQLI_ASSOC);
+
+// Get services
+$sql = "SELECT id, name, type, billing, description FROM services";
+$stmt = mysqli_prepare($link, $sql);
+mysqli_stmt_execute($stmt);
+$result = mysqli_stmt_get_result($stmt);
+$services = $result->fetch_all(MYSQLI_ASSOC);
+
+// Get orders
+$sql = "SELECT id, service, name, client, date, billing, comments FROM orders";
+$stmt = mysqli_prepare($link, $sql);
+mysqli_stmt_execute($stmt);
+$result = mysqli_stmt_get_result($stmt);
+$orders = $result->fetch_all(MYSQLI_ASSOC);
+
+// GET actions
+//   delete entry
+if (isset($_GET["del"])) {
+    $sql = "DELETE FROM orders WHERE id = ?";
+    $stmt = mysqli_prepare($link, $sql);
+    mysqli_stmt_bind_param($stmt, "s", $param_id);
+    $param_id = $_GET["del"];
+    if (!mysqli_stmt_execute($stmt) || mysqli_stmt_affected_rows($stmt) != 1) {
+        echo "SQL error.";
+    } else header("location: ".$_SERVER['SCRIPT_NAME']);
+}
+
+// POST actions
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    // add entry
+    if (isset($_POST["add"])) {
+        $sql = "INSERT INTO orders (service, name, client, billing, comments) VALUES (?, ?, ?, ?, ?)";
+        $stmt = mysqli_prepare($link, $sql);
+        mysqli_stmt_bind_param($stmt, "sssss", $param_service, $param_name, $param_client, $param_billing, $param_comments);
+        $param_service = $_POST["service"];
+        $param_name = $_POST["name"];
+        $param_client = $_POST["client"];
+        $param_billing = $_POST["billing"];
+        $param_comments = $_POST["comments"];
+
+        if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
+            echo "SQL error.";
+        } else header("location: ".$_SERVER['SCRIPT_NAME']);
+    }
+
+    // edit entry
+    if (isset($_POST["save"])) {
+        $sql = "UPDATE orders SET name = ?, billing = ?, comments = ? WHERE id = ?";
+        $stmt = mysqli_prepare($link, $sql);
+        mysqli_stmt_bind_param($stmt, "ssss", $param_name, $param_billing, $param_comments, $param_id);
+        $param_name = $_POST["name"];
+        $param_billing = $_POST["billing"];
+        $param_comments = $_POST["comments"];
+        $param_id = $_POST["id"];
+
+        if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
+            echo "SQL error.";
+        } else header("location: ".$_SERVER['SCRIPT_NAME']);
+    }
+}
+
+function getorderbyid($id) {
+    global $orders;
+    foreach ($orders as $order) {
+        if ($order["id"] == $id) {
+            return $order;
+        }
+    }
+}
+
+function getservicebyid($id) {
+    global $services;
+    foreach ($services as $service) {
+        if ($service["id"] == $id) {
+            return $service;
+        }
+    }
+}
+
+function getclientbyid($id) {
+    global $clients;
+    foreach ($clients as $client) {
+        if ($client["id"] == $id) {
+            return $client;
+        }
+    }
+}
+
+?>
+
+<!doctype html>
+<html>
+    <head>
+        <meta charset="UTF-8">
+        <link rel="stylesheet" type="text/css" href="/style.css">
+        <title>ARFNET CSTIMS</title>
+    </head>
+    <body>
+        <header><a href="https://arf20.com/">
+            <img src="arfnet_logo.png" width="64"><span class="title"><strong>ARFNET</strong></span>
+        </a></header>
+        <hr>
+        <main>
+            <div class="row">
+                <div class="col8">
+                    <h2 class="center">ARFNET Client Service Ticket and Invoice Management System</h2>
+                    <h3><?php echo strtoupper($type[0]).substr($type, 1); ?> panel</h3>
+                    <h3>Orders</h3>
+
+                    <?php
+                    if (isset($_GET["edit"])) {
+                        $order = getorderbyid($_GET["edit"]);
+                        echo "<div class=\"editform\"><h3>Edit order ".$order["id"]."</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
+                            ."<label>Name</label><br><input type=\"text\" name=\"name\" value=\"".$order["name"]."\"><br>\n"
+                            ."<label>Billing</label><br><input type=\"text\" name=\"billing\" value=\"".$order["billing"]."\"><br>\n"
+                            ."<label>Comments</label><br><textarea name=\"comments\" rows=\"10\" cols=\"80\">".$order["comments"]."</textarea><br>\n"
+                            ."<input type=\"hidden\" name=\"id\" value=\"".$order["id"]."\">"
+                            ."<br><input type=\"submit\" name=\"save\" value=\"Save\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>"
+                            ."</form></div>";
+                    }
+
+                    if (isset($_GET["add"])) {
+                        $client_options = $service_options = "";
+                        foreach ($clients as $client)
+                            $client_options .= "<option value=\"".$client["id"]."\">".$client["username"]."</option>";
+                        foreach ($services as $service)
+                            $service_options .= "<option value=\"".$service["id"]."\">".$service["name"]."</option>";
+                        echo "<div class=\"editform\"><h3>Add order</h3><form action=\"".$_SERVER["SCRIPT_NAME"]."\" method=\"post\">\n"
+                            ."<label>Service</label><br><select name=\"service\">".$service_options."</select><br>"
+                            ."<label>Name</label><br><input type=\"text\" name=\"name\"><br>\n"
+                            ."<label>Client</label><br><select name=\"client\">".$client_options."</select><br>\n"
+                            ."<label>Billing</label><br><input type=\"text\" name=\"billing\"><br>\n"
+                            ."<label>Comments</label><br><textarea name=\"comments\" rows=\"10\" cols=\"80\"></textarea><br>\n"
+                            ."<br><input type=\"submit\" name=\"add\" value=\"Add\"><a href=\"".$_SERVER["SCRIPT_NAME"]."\">cancel</a>"
+                            ."</form></div>";
+                    }
+                    ?>
+
+                    <a href="?add">add</a>
+                    <table>
+                        <tr><th>id</th><th>service</th><th>instance</th><th>client</th><th>billing</th><th>date</th><th>comments</th><th>action</th></tr>
+                        <?php
+                        foreach ($orders as $order) {
+                            echo "<tr><td>".$order["id"]."</td>"
+                            ."<td>".getservicebyid($order["service"])["name"]."</td>"
+                            ."<td>".$order["name"]."</td>"
+                            ."<td>".getclientbyid($order["client"])["username"]."</td>"
+                            ."<td>".$order["billing"]."</td>"
+                            ."<td>".$order["date"]."</td>"
+                            ."<td><pre>".$order["comments"]."</pre></td>"
+                            ."<td><a href=\"?del=".$order["id"]."\">del</a> <a href=\"?edit=".$order["id"]."\">edit</a></td></tr>\n";
+                        }
+                        ?>
+                    </table>
+                        
+                </div>
+                <div class="col2">
+                    <h3>Logged as <?php echo $username; ?></h3>
+                    <h3><a href="/logout.php">Logout</h2>
+                    <h3><a href="/admin.php">Back to admin panel</h2>
+                </div>
+            </div>
+        </main>
+    </body>
+</html>
+
diff --git a/manageservices.php b/manageservices.php
index c8a17ed..f9531f1 100644
--- a/manageservices.php
+++ b/manageservices.php
@@ -49,6 +49,22 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             echo "SQL error.";
         } else header("location: ".$_SERVER['SCRIPT_NAME']);
     }
+
+    // edit entry
+    if (isset($_POST["save"])) {
+        $sql = "UPDATE services SET name = ?, type = ?, billing = ?, description = ? WHERE id = ?";
+        $stmt = mysqli_prepare($link, $sql);
+        mysqli_stmt_bind_param($stmt, "sssss", $param_name, $param_type, $param_billing, $param_description, $param_id);
+        $param_name = $_POST["name"];
+        $param_type = $_POST["type"];
+        $param_billing = $_POST["billing"];
+        $param_description = $_POST["description"];
+        $param_id = $_POST["id"];
+
+        if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
+            echo "SQL error.";
+        } else header("location: ".$_SERVER['SCRIPT_NAME']);
+    }
 }
 
 function getservicebyid($id) {
@@ -86,9 +102,10 @@ function getservicebyid($id) {
                         $service = getservicebyid($_GET["edit"]);
                         echo "<div class=\"editform\"><h3>Edit service ".$service["id"]."</h3><form action=\"".$_SERVER['SCRIPT_NAME']."\" method=\"post\">\n"
                             ."<label>Name</label><br><input type=\"text\" name=\"name\" value=\"".$service["name"]."\"><br>\n"
-                            ."<label>Type</label><br><select name=\"type\"><option value=\"free\" ".($service["type"] == "free" ? "selected" : "").">free</option><option value=\"standard\" ".($user["type"] == "standard" ? "selected" : "").">standard</option><option value=\"premium\" ".($user["type"] == "premium" ? "selected" : "").">premium</option></select><br>\n"
+                            ."<label>Type</label><br><select name=\"type\"><option value=\"free\" ".($service["type"] == "free" ? "selected" : "").">free</option><option value=\"standard\" ".($service["type"] == "standard" ? "selected" : "").">standard</option><option value=\"premium\" ".($service["type"] == "premium" ? "selected" : "").">premium</option></select><br>\n"
                             ."<label>Billing</label><br><input type=\"text\" name=\"billing\" value=\"".$service["billing"]."\"><br>\n"
-                            ."<label>Description</label><br><textarea name=\"description\" rows=\"10\" cols=\"80\" value=\"".$service["description"]."\"><br>\n"
+                            ."<label>Description</label><br><textarea name=\"description\" rows=\"10\" cols=\"80\">".$service["description"]."</textarea><br>\n"
+                            ."<input type=\"hidden\" name=\"id\" value=\"".$service["id"]."\">"
                             ."<br><input type=\"submit\" name=\"save\" value=\"Save\"><a href=\"".$_SERVER['SCRIPT_NAME']."\">cancel</a>"
                             ."</form></div>";
                     }
@@ -118,7 +135,6 @@ function getservicebyid($id) {
                         }
                         ?>
                     </table>
-                        
                 </div>
                 <div class="col2">
                     <h3>Logged as <?php echo $username; ?></h3>
diff --git a/manageusers.php b/manageusers.php
index 15bb6d2..f49c63e 100644
--- a/manageusers.php
+++ b/manageusers.php
@@ -65,7 +65,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         $param_id = $_POST["id"];
 
         if (!mysqli_stmt_execute($stmt) || (mysqli_stmt_affected_rows($stmt) != 1)) {
-            echo "email: ".$_POST["email"];
             echo "SQL error: ".mysqli_stmt_error($stmt);
         } else header("location: ".$_SERVER['SCRIPT_NAME']);
     }
-- 
cgit v1.2.3