SWDW_Fruit_Store/indexes/process/ordernow.php

<?php
include "../ConnectDB.php";

// Start the session
session_start();

// Escape the username and user type for security
$username = mysqli_real_escape_string($conn, $_SESSION['username']);
$usertype = mysqli_real_escape_string($conn, $_SESSION['user_type']);

// Define table and column names based on the user type
if ($usertype == 'seller') {
    $a = "seller_availability";
    $m = "seller_price";
    $r = "seller_receipt";
    $c = "profit";
}
else {
    $a = "buyer_availability";
    $m = "buyer_price";
    $r = "buyer_receipt";
    $c = "money";
}

if (isset($_GET["name"], $_GET["amount"])) {
    $name = mysqli_real_escape_string($conn, $_GET["name"]);

    //check availability
    $check_sql = "SELECT $a FROM inventory WHERE name = '$name'";
    $res = mysqli_query($conn, $check_sql);
    $avail = mysqli_fetch_array($res);
    if ($avail[$a] == 0 && $avail[$a] !== null) {
        $errorMessage = urlencode("$name is currently unavailable");
        header("Location: ./interfaces/failed.php?why=$errorMessage");
        exit();
    }

    //get inventory
    $sql_check_inventory = "SELECT quantities FROM inventory WHERE name = '$name'";
    $res = mysqli_query($conn, $sql_check_inventory);
    $inventory = mysqli_fetch_array($res);

    //if sufficient inventery
    if ($inventory['quantities'] >= $_GET["amount"] || $usertype == "seller") {
        $sql_price = "SELECT $m FROM inventory WHERE name='$name'";
        $res = mysqli_query($conn, $sql_price);
        $price = mysqli_fetch_array($res);
        //unit total price
        $fruitprice = $price[$m] * $_GET["amount"];

        //get user balance
        $sql_checkmoney = "SELECT $c FROM $usertype WHERE name = '$username'";
        $res = mysqli_query($conn, $sql_checkmoney);
        $balance = mysqli_fetch_array($res);

        //if buyer have no balance
        if ($balance[$c] < $fruitprice && $usertype == "buyer") {
            $errorMessage = urlencode("Insufficient Balance");
            header("Location: ./interfaces/failed.php?why=$errorMessage");
            exit();
        }

        //check cashflow
        $sql_sell_out = "SELECT details FROM buyer_receipt WHERE name='sell_out'";
        $result = mysqli_query($conn, $sql_sell_out);
        $sell_out = mysqli_fetch_array($result);

        $sql_buy_in = "SELECT details FROM seller_receipt WHERE name='buy_in'";
        $result = mysqli_query($conn, $sql_buy_in);
        $buy_in = mysqli_fetch_array($result);
        $profit = $sell_out['details'] - $buy_in['details'];

        //if insufficient cashflow
        if($profit < $total && $usertype == "seller"){
            echo "<script type='text/javascript'>
                    window.location.href = './interfaces/failed.php?why=Insufficient Cashflow';
                </script>";
            exit();
        }

        //update user balance
        if ($usertype == 'buyer') {
            $sql_update_inventory = "UPDATE inventory SET quantities = quantities - {$_GET["amount"]} WHERE name='$name'";
        }
        else {
            $sql_update_inventory = "UPDATE inventory SET quantities = quantities + {$_GET["amount"]} WHERE name='$name'";
        }
        $res = mysqli_query($conn, $sql_update_inventory);

        // Create the details string for the receipt
        $details = "$name|{$_GET["amount"]}|$price[$m]|$fruitprice|";

        // Get the current date and time in Hong Kong
        $date = new DateTime('now', new DateTimeZone('Asia/Hong_Kong'));
        $formattedDate = $date->format('Y-m-d H:i:s');

        // Use the formatted date in your SQL query
        $sql_add_receipt = "INSERT INTO `$r` (`name`, `details`, `total`, `date`) VALUES ('$username', '$details', '$fruitprice', '$formattedDate')";

        $result = mysqli_query($conn, $sql_add_receipt);

        // Deduct the total amount from the user's money
        if ($usertype == "buyer") {
            $sql_money = "UPDATE buyer SET money = money - $fruitprice WHERE name='$username'";
            $sql_profit = "UPDATE buyer_receipt SET details = details + $fruitprice WHERE name='sell_out'";
        } else {
            $sql_money = "UPDATE seller SET profit = profit + $fruitprice WHERE name='$username'";
            $sql_profit = "UPDATE seller_receipt SET details = details + $fruitprice WHERE name='buy_in'";
        }
        $result = mysqli_query($conn, $sql_money);
        $result_profit = mysqli_query($conn, $sql_profit);

        if ($result && $result_profit) {
            echo "<script type='text/javascript'>
                    var details = '" . $details . "';
                    var total = '" . $fruitprice . "';
                    var date = '" . $formattedDate . "';
                    window.location.href = './interfaces/show_receipt.php?details=' + encodeURIComponent(details) + '&total=' + encodeURIComponent(total) + '&date=' + encodeURIComponent(date);
                </script>";
        }
        else {
            header('Location: ./interfaces/failed.php');
        }
    }
    else {
        $errorMessage = urlencode("Insufficient inventory for item '$name'");
        header("Location: ./interfaces/failed.php?why=$errorMessage");
        exit();
    }
}
?>