Show sourcecode

The following files exists in this folder. Click to view.

public_html/crumbs/order/

api.php
neworder.php
vieworders.php

`api.php`

44 lines ASCII Unix (LF)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44


<?php
session_start();
header('Content-Type: application/json');

$loggedIn = isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == 1;

if (!$loggedIn) {
  http_response_code(403);
  echo json_encode(['error' => 'Unauthorized']);
  exit;
}

include('../dbconnection.php');
if (!$dbconn) {
  http_response_code(500);
  echo json_encode(['error' => 'Database connection failed']);
  exit;
}

$userId = (int)$_SESSION['user_id'];

$stmt = $dbconn->prepare(
  "SELECT order_id, order_time, total_price, status, custom_instructions
     FROM orders
     WHERE user_id = :user_id
     ORDER BY order_id DESC"
);
$stmt->execute([':user_id' => $userId]);
$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);

foreach ($orders as &$order) {
  $itemStmt = $dbconn->prepare(
    "SELECT oi.amount, p.name, p.price
         FROM order_items oi
         JOIN products p ON oi.product_id = p.product_id
         WHERE oi.order_id = :order_id"
  );
  $itemStmt->execute([':order_id' => $order['order_id']]);
  $order['items'] = $itemStmt->fetchAll(PDO::FETCH_ASSOC);
}
unset($order);

echo json_encode($orders);