ldy/SWDW_Fruit_Store
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
SWDW_Fruit_Store/indexes/process/order.php
ldy f0aabfb5ac Initial commit
2025-06-06 17:14:52 +08:00

172 lines
6.1 KiB
PHP
Raw Blame History

<?php
include "../ConnectDB.php";
// Start the session
session_start();
// Escape the username and user type for security
$username = mysqli_real_escape_string($conn, $_SESSION['username']);
$usertype = mysqli_real_escape_string($conn, $_SESSION['user_type']);
// Define table and column names based on the user type
if ($usertype == 'seller') {
$a = "seller_availability";
$m = "seller_price";
$r = "seller_receipt";
$sql_col = "DESCRIBE seller";
$c = "profit";
} else {
$a = "buyer_availability";
$m = "buyer_price";
$r = "buyer_receipt";
$sql_col = "DESCRIBE buyer";
$c = "money";
}
// Get column names from the buyer/seller table
$res = mysqli_query($conn, $sql_col);
// Extract column names into an array
$col_name = array();
while ($row = mysqli_fetch_array($res)) {
$col_name[] = $row['Field'];
}
// Retrieve the user's cart items
$sql_cart = "SELECT * FROM $usertype WHERE name='$username'";
$result = mysqli_query($conn, $sql_cart);
$col = mysqli_num_fields($result);
$goods = mysqli_fetch_array($result);
$details = "";
$total = 0;
for ($i = 3; $i < $col; $i++) {
if ($goods[$i] > 0) {
$sql_check_availability = "SELECT $a FROM inventory WHERE name='$col_name[$i]'";
$res = mysqli_query($conn, $sql_check_availability);
$avail = mysqli_fetch_array($res);
if ($avail[$a] != 1) {
// Handle unavailability case (e.g., display an error message)
echo "<script type='text/javascript'>
window.location.href = './interfaces/failed.php?why=Item \'$col_name[$i]\'. is currently unavailable';
</script>";
exit();
}
//get inventory
$sql_check_inventory = "SELECT quantities FROM inventory WHERE name='$col_name[$i]'";
$res = mysqli_query($conn, $sql_check_inventory);
$inventory = mysqli_fetch_array($res);
//if sufficient inventory
if ($inventory['quantities'] >= $goods[$i] || $usertype == "seller") {
$sql_price = "SELECT $m FROM inventory WHERE name='$col_name[$i]'";
$res = mysqli_query($conn, $sql_price);
$price = mysqli_fetch_array($res);
//unit price
$fruitprice = $price[$m] * $goods[$i];
//total price
$total += $fruitprice;
}
else {
echo "<script type='text/javascript'>
window.location.href = './interfaces/failed.php?why=Insufficient inventory for item \'$col_name[$i]\'.';
</script>";
exit();
}
}
}
//if buyer donot have enough balance
$sql_checkmoney = "SELECT $c FROM $usertype WHERE name='$username'";
$res = mysqli_query($conn, $sql_checkmoney);
$balance = mysqli_fetch_array($res);
if($balance[$c] < $total && $usertype == "buyer"){
echo "<script type='text/javascript'>
window.location.href = './interfaces/failed.php?why=Insufficient Balance';
</script>";
exit();
}
//check cashflow
$sql_sell_out = "SELECT details FROM buyer_receipt WHERE name='sell_out'";
$result = mysqli_query($conn, $sql_sell_out);
$sell_out = mysqli_fetch_array($result);
$sql_buy_in = "SELECT details FROM seller_receipt WHERE name='buy_in'";
$result = mysqli_query($conn, $sql_buy_in);
$buy_in = mysqli_fetch_array($result);
$profit = $sell_out['details'] - $buy_in['details'];
//if insufficient cashflow
if($profit < $total && $usertype == "seller"){
echo "<script type='text/javascript'>
window.location.href = './interfaces/failed.php?why=Insufficient Cashflow';
</script>";
exit();
}
else{
for ($i = 3; $i < $col; $i++) {
if ($goods[$i] > 0) {
//get price
$sql_price = "SELECT $m FROM inventory WHERE name='$col_name[$i]'";
$res = mysqli_query($conn, $sql_price);
$price = mysqli_fetch_array($res);
//unit total price
$fruitprice = $price[$m] * $goods[$i];
// Update the user's cart by setting the item quantity to 0
$sql_closecart = "UPDATE $usertype SET `$col_name[$i]` = 0 WHERE name='$username'";
$res = mysqli_query($conn, $sql_closecart);
// Update the inventory based on the user type
if ($usertype == 'buyer') {
$sql_update_inventory = "UPDATE inventory SET quantities = quantities - $goods[$i] WHERE name='$col_name[$i]'";
} else {
$sql_update_inventory = "UPDATE inventory SET quantities = quantities + $goods[$i] WHERE name='$col_name[$i]'";
}
$res = mysqli_query($conn, $sql_update_inventory);
// Create the details string for the receipt
$details .= "$col_name[$i]|$goods[$i]|$price[$m]|$fruitprice|";
}
}
}
// Get the current date and time in HK
$date = new DateTime('now');
$date->setTimezone(new DateTimeZone('Asia/Hong_Kong'));
$formattedDate = $date->format('Y-m-d H:i:s');
// Use the formatted date in your SQL query
$sql_add_receipt = "INSERT INTO `$r` (`name`, `details`, `total`, `date`) VALUES ('$username', '$details', '$total', '$formattedDate')";
$result = mysqli_query($conn, $sql_add_receipt);
// Deduct the total amount from the user's money
if($usertype == "buyer"){
$sql_money = "UPDATE buyer SET money = money - $total WHERE name='$username'";
$sql_profit = "UPDATE buyer_receipt SET details = details + $total WHERE name='sell_out'";
}
else{
$sql_money = "UPDATE seller SET profit = profit + $total WHERE name='$username'";
$sql_profit = "UPDATE seller_receipt SET details = details + $total WHERE name='buy_in'";
}
$result = mysqli_query($conn, $sql_money);
$result_profit = mysqli_query($conn, $sql_profit);
if ($result && $result_profit) {
echo "<script type='text/javascript'>
var details = '" . $details . "';
var total = '" . $total . "';
var date = '" . $formattedDate . "';
window.location.href = './interfaces/show_receipt.php?details=' + encodeURIComponent(details) + '&total=' + encodeURIComponent(total) + '&date=' + encodeURIComponent(date);
</script>";
}
else{
header('Location: ./interfaces/failed.php');
}
?>
Reference in New Issue View Git Blame Copy Permalink