Initial commit

2025-06-06 17:14:52 +08:00
parent 0465a9baef
commit f0aabfb5ac
91 changed files with 4466 additions and 0 deletions
--- a/indexes/process/ordernow.php
+++ b/indexes/process/ordernow.php
@@ -0,0 +1,131 @@
+<?php
+include "../ConnectDB.php";
+
+// Start the session
+session_start();
+
+// Escape the username and user type for security
+$username = mysqli_real_escape_string($conn, $_SESSION['username']);
+$usertype = mysqli_real_escape_string($conn, $_SESSION['user_type']);
+
+// Define table and column names based on the user type
+if ($usertype == 'seller') {
+    $a = "seller_availability";
+    $m = "seller_price";
+    $r = "seller_receipt";
+    $c = "profit";
+}
+else {
+    $a = "buyer_availability";
+    $m = "buyer_price";
+    $r = "buyer_receipt";
+    $c = "money";
+}
+
+if (isset($_GET["name"], $_GET["amount"])) {
+    $name = mysqli_real_escape_string($conn, $_GET["name"]);
+
+    //check availability
+    $check_sql = "SELECT $a FROM inventory WHERE name = '$name'";
+    $res = mysqli_query($conn, $check_sql);
+    $avail = mysqli_fetch_array($res);
+    if ($avail[$a] == 0 && $avail[$a] !== null) {
+        $errorMessage = urlencode("$name is currently unavailable");
+        header("Location: ./interfaces/failed.php?why=$errorMessage");
+        exit();
+    }
+
+    //get inventory
+    $sql_check_inventory = "SELECT quantities FROM inventory WHERE name = '$name'";
+    $res = mysqli_query($conn, $sql_check_inventory);
+    $inventory = mysqli_fetch_array($res);
+
+    //if sufficient inventery
+    if ($inventory['quantities'] >= $_GET["amount"] || $usertype == "seller") {
+        $sql_price = "SELECT $m FROM inventory WHERE name='$name'";
+        $res = mysqli_query($conn, $sql_price);
+        $price = mysqli_fetch_array($res);
+        //unit total price
+        $fruitprice = $price[$m] * $_GET["amount"];
+
+        //get user balance
+        $sql_checkmoney = "SELECT $c FROM $usertype WHERE name = '$username'";
+        $res = mysqli_query($conn, $sql_checkmoney);
+        $balance = mysqli_fetch_array($res);
+
+        //if buyer have no balance
+        if ($balance[$c] < $fruitprice && $usertype == "buyer") {
+            $errorMessage = urlencode("Insufficient Balance");
+            header("Location: ./interfaces/failed.php?why=$errorMessage");
+            exit();
+        }
+
+        //check cashflow
+        $sql_sell_out = "SELECT details FROM buyer_receipt WHERE name='sell_out'";
+        $result = mysqli_query($conn, $sql_sell_out);
+        $sell_out = mysqli_fetch_array($result);
+
+        $sql_buy_in = "SELECT details FROM seller_receipt WHERE name='buy_in'";
+        $result = mysqli_query($conn, $sql_buy_in);
+        $buy_in = mysqli_fetch_array($result);
+        $profit = $sell_out['details'] - $buy_in['details'];
+
+        //if insufficient cashflow
+        if($profit < $total && $usertype == "seller"){
+            echo "<script type='text/javascript'>
+                    window.location.href = './interfaces/failed.php?why=Insufficient Cashflow';
+                </script>";
+            exit();
+        }
+
+        //update user balance
+        if ($usertype == 'buyer') {
+            $sql_update_inventory = "UPDATE inventory SET quantities = quantities - {$_GET["amount"]} WHERE name='$name'";
+        }
+        else {
+            $sql_update_inventory = "UPDATE inventory SET quantities = quantities + {$_GET["amount"]} WHERE name='$name'";
+        }
+        $res = mysqli_query($conn, $sql_update_inventory);
+
+        // Create the details string for the receipt
+        $details = "$name|{$_GET["amount"]}|$price[$m]|$fruitprice|";
+
+        // Get the current date and time in Hong Kong
+        $date = new DateTime('now', new DateTimeZone('Asia/Hong_Kong'));
+        $formattedDate = $date->format('Y-m-d H:i:s');
+
+        // Use the formatted date in your SQL query
+        $sql_add_receipt = "INSERT INTO `$r` (`name`, `details`, `total`, `date`) VALUES ('$username', '$details', '$fruitprice', '$formattedDate')";
+
+        $result = mysqli_query($conn, $sql_add_receipt);
+
+        // Deduct the total amount from the user's money
+        if ($usertype == "buyer") {
+            $sql_money = "UPDATE buyer SET money = money - $fruitprice WHERE name='$username'";
+            $sql_profit = "UPDATE buyer_receipt SET details = details + $fruitprice WHERE name='sell_out'";
+        } else {
+            $sql_money = "UPDATE seller SET profit = profit + $fruitprice WHERE name='$username'";
+            $sql_profit = "UPDATE seller_receipt SET details = details + $fruitprice WHERE name='buy_in'";
+        }
+        $result = mysqli_query($conn, $sql_money);
+        $result_profit = mysqli_query($conn, $sql_profit);
+
+        if ($result && $result_profit) {
+            echo "<script type='text/javascript'>
+                    var details = '" . $details . "';
+                    var total = '" . $fruitprice . "';
+                    var date = '" . $formattedDate . "';
+                    window.location.href = './interfaces/show_receipt.php?details=' + encodeURIComponent(details) + '&total=' + encodeURIComponent(total) + '&date=' + encodeURIComponent(date);
+                </script>";
+        }
+        else {
+            header('Location: ./interfaces/failed.php');
+        }
+    }
+    else {
+        $errorMessage = urlencode("Insufficient inventory for item '$name'");
+        header("Location: ./interfaces/failed.php?why=$errorMessage");
+        exit();
+    }
+}
+?>