Show sourcecode
The following files exists in this folder. Click to view.
api.php
neworder.php
vieworders.php
neworder.php
163 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163
<?php
$basePath = '../';
$pageTitle = 'Ny Beställning';
$activePage = 'neworder';
include('../includes/header.php');
include('../dbconnection.php');
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
$message = null;
// Hantera formuläret
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['product'])) {
$userId = $_SESSION['user_id'];
$customInstructions = trim($_POST['custom_instructions'] ?? '');
$products = $_POST['product'];
$selectedItems = [];
$totalPrice = 0;
foreach ($products as $productId => $amount) {
$amount = (int)$amount;
if ($amount > 0) {
$stmt = $dbconn->prepare("SELECT product_id, price FROM products WHERE product_id = :id AND NOT is_disabled = 1");
$stmt->execute([':id' => (int)$productId]);
$product = $stmt->fetch(PDO::FETCH_ASSOC);
if ($product) {
$selectedItems[] = [
'product_id' => $product['product_id'],
'amount' => $amount,
'price' => $product['price']
];
$totalPrice += $product['price'] * $amount;
}
}
}
if (empty($selectedItems)) {
$message = "<div class='alert alert-warning'><span class='material-symbols-rounded' style='font-size:18px'>warning</span> Du måste välja minst en produkt.</div>";
} else {
try {
$dbconn->beginTransaction();
$stmt = $dbconn->prepare("INSERT INTO orders (user_id, total_price, status, custom_instructions) VALUES (:user_id, :total, 'pending', :instructions)");
$stmt->execute([
':user_id' => $userId,
':total' => $totalPrice,
':instructions' => $customInstructions ?: null
]);
$orderId = $dbconn->lastInsertId();
$stmt = $dbconn->prepare("INSERT INTO order_items (order_id, product_id, amount) VALUES (:order_id, :product_id, :amount)");
foreach ($selectedItems as $item) {
$stmt->execute([
':order_id' => $orderId,
':product_id' => $item['product_id'],
':amount' => $item['amount']
]);
}
$dbconn->commit();
// Skicka till view orders för att se aktiva beställningar
header('Location: ./vieworders.php');
} catch (PDOException $e) {
$dbconn->rollBack();
// SÄKERHET: Visa inte detaljerade databasfel (kan avslöja intern information)
error_log("neworder error: " . $e->getMessage());
$message = "<div class='alert alert-error'><span class='material-symbols-rounded' style='font-size:18px'>error</span> Kunde inte skapa beställning. Försök igen.</div>";
}
}
}
if ($message) {
echo $message;
}
?>
<div class="page-header">
<div class="page-header-text">
<h1>Ny Beställning</h1>
<p>Välj produkter och antal, fyll i eventuella instruktioner och lägg beställningen.</p>
</div>
</div>
<div class="card">
<h2><span class="material-symbols-rounded" style="font-size:20px; vertical-align:middle; margin-right:6px">restaurant_menu</span>Välj produkter</h2>
<form method="post" action="">
<?php
$sql = "SELECT * FROM products WHERE NOT is_disabled = 1 ORDER BY category ASC";
$stmt = $dbconn->prepare($sql);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
$categoryNames = [
'none' => 'Okategoriserad',
'beverage' => 'Dryck',
'food' => 'Mat',
'material' => 'Material',
];
if (!$rows) {
echo "<div class='alert alert-warning'><span class='material-symbols-rounded' style='font-size:18px'>info</span> Inga produkter hittades.</div>";
} else {
$currentCategory = null;
echo '<div class="product-container">';
foreach ($rows as $product) {
$product_id = (int)$product['product_id'];
$product_name = htmlentities($product['name']);
$product_price = htmlentities($product['price']);
$product_description = htmlentities($product['description']);
$product_img = htmlentities($product['image_url']);
$product_category = $product['category'];
if ($product_category !== $currentCategory) {
if ($currentCategory !== null) {
echo '</div></div>';
}
$currentCategory = $product_category;
$categoryLabel = htmlentities($categoryNames[$product_category] ?? ucfirst($product_category));
echo "<div class='category-container'>";
echo "<h2 class='category-title'>$categoryLabel</h2>";
echo "<div class='category-products'>";
}
echo "<div class='product-card'>";
echo "<img src='$product_img' alt='$product_name'>";
echo "<h3 class='product-title'>$product_name</h3>";
echo "<p class='product-description'>$product_description</p>";
echo "<p class='product-price'>$product_price kr</p>";
echo "<label for='product-$product_id'>Antal</label>";
echo "<select name='product[$product_id]' id='product-$product_id'>";
for ($i = 0; $i <= 10; $i++) {
echo "<option value='$i'>$i</option>";
}
echo '</select>';
echo '</div>';
}
if ($currentCategory !== null) {
echo '</div></div>';
}
echo "</div>";
}
?>
<div class="form-group" style="margin-top: 20px;">
<label for="custom_instructions">
<span class="material-symbols-rounded" style="font-size:18px; vertical-align:middle; margin-right:4px">edit_note</span>
Egna instruktioner
</label>
<textarea name="custom_instructions" id="custom_instructions" rows="3" placeholder="T.ex. allergier, extra önskemål, specialkost..."><?= htmlentities($_POST['custom_instructions'] ?? '') ?></textarea>
</div>
<div class="actions" style="margin-top: 12px;">
<button type="submit" class="btn btn-success">
<span class="material-symbols-rounded">shopping_cart_checkout</span>
Lägg beställning
</button>
</div>
</form>
</div>
<?php include('../includes/footer.php'); ?>