132 lines
5.1 KiB
PHP
132 lines
5.1 KiB
PHP
<?php
|
|
include "../ConnectDB.php";
|
|
|
|
// Start the session
|
|
session_start();
|
|
|
|
// Escape the username and user type for security
|
|
$username = mysqli_real_escape_string($conn, $_SESSION['username']);
|
|
$usertype = mysqli_real_escape_string($conn, $_SESSION['user_type']);
|
|
|
|
// Define table and column names based on the user type
|
|
if ($usertype == 'seller') {
|
|
$a = "seller_availability";
|
|
$m = "seller_price";
|
|
$r = "seller_receipt";
|
|
$c = "profit";
|
|
}
|
|
else {
|
|
$a = "buyer_availability";
|
|
$m = "buyer_price";
|
|
$r = "buyer_receipt";
|
|
$c = "money";
|
|
}
|
|
|
|
if (isset($_GET["name"], $_GET["amount"])) {
|
|
$name = mysqli_real_escape_string($conn, $_GET["name"]);
|
|
|
|
//check availability
|
|
$check_sql = "SELECT $a FROM inventory WHERE name = '$name'";
|
|
$res = mysqli_query($conn, $check_sql);
|
|
$avail = mysqli_fetch_array($res);
|
|
if ($avail[$a] == 0 && $avail[$a] !== null) {
|
|
$errorMessage = urlencode("$name is currently unavailable");
|
|
header("Location: ./interfaces/failed.php?why=$errorMessage");
|
|
exit();
|
|
}
|
|
|
|
//get inventory
|
|
$sql_check_inventory = "SELECT quantities FROM inventory WHERE name = '$name'";
|
|
$res = mysqli_query($conn, $sql_check_inventory);
|
|
$inventory = mysqli_fetch_array($res);
|
|
|
|
//if sufficient inventery
|
|
if ($inventory['quantities'] >= $_GET["amount"] || $usertype == "seller") {
|
|
$sql_price = "SELECT $m FROM inventory WHERE name='$name'";
|
|
$res = mysqli_query($conn, $sql_price);
|
|
$price = mysqli_fetch_array($res);
|
|
//unit total price
|
|
$fruitprice = $price[$m] * $_GET["amount"];
|
|
|
|
//get user balance
|
|
$sql_checkmoney = "SELECT $c FROM $usertype WHERE name = '$username'";
|
|
$res = mysqli_query($conn, $sql_checkmoney);
|
|
$balance = mysqli_fetch_array($res);
|
|
|
|
//if buyer have no balance
|
|
if ($balance[$c] < $fruitprice && $usertype == "buyer") {
|
|
$errorMessage = urlencode("Insufficient Balance");
|
|
header("Location: ./interfaces/failed.php?why=$errorMessage");
|
|
exit();
|
|
}
|
|
|
|
//check cashflow
|
|
$sql_sell_out = "SELECT details FROM buyer_receipt WHERE name='sell_out'";
|
|
$result = mysqli_query($conn, $sql_sell_out);
|
|
$sell_out = mysqli_fetch_array($result);
|
|
|
|
$sql_buy_in = "SELECT details FROM seller_receipt WHERE name='buy_in'";
|
|
$result = mysqli_query($conn, $sql_buy_in);
|
|
$buy_in = mysqli_fetch_array($result);
|
|
$profit = $sell_out['details'] - $buy_in['details'];
|
|
|
|
//if insufficient cashflow
|
|
if($profit < $total && $usertype == "seller"){
|
|
echo "<script type='text/javascript'>
|
|
window.location.href = './interfaces/failed.php?why=Insufficient Cashflow';
|
|
</script>";
|
|
exit();
|
|
}
|
|
|
|
//update user balance
|
|
if ($usertype == 'buyer') {
|
|
$sql_update_inventory = "UPDATE inventory SET quantities = quantities - {$_GET["amount"]} WHERE name='$name'";
|
|
}
|
|
else {
|
|
$sql_update_inventory = "UPDATE inventory SET quantities = quantities + {$_GET["amount"]} WHERE name='$name'";
|
|
}
|
|
$res = mysqli_query($conn, $sql_update_inventory);
|
|
|
|
// Create the details string for the receipt
|
|
$details = "$name|{$_GET["amount"]}|$price[$m]|$fruitprice|";
|
|
|
|
// Get the current date and time in Hong Kong
|
|
$date = new DateTime('now', new DateTimeZone('Asia/Hong_Kong'));
|
|
$formattedDate = $date->format('Y-m-d H:i:s');
|
|
|
|
// Use the formatted date in your SQL query
|
|
$sql_add_receipt = "INSERT INTO `$r` (`name`, `details`, `total`, `date`) VALUES ('$username', '$details', '$fruitprice', '$formattedDate')";
|
|
|
|
$result = mysqli_query($conn, $sql_add_receipt);
|
|
|
|
// Deduct the total amount from the user's money
|
|
if ($usertype == "buyer") {
|
|
$sql_money = "UPDATE buyer SET money = money - $fruitprice WHERE name='$username'";
|
|
$sql_profit = "UPDATE buyer_receipt SET details = details + $fruitprice WHERE name='sell_out'";
|
|
} else {
|
|
$sql_money = "UPDATE seller SET profit = profit + $fruitprice WHERE name='$username'";
|
|
$sql_profit = "UPDATE seller_receipt SET details = details + $fruitprice WHERE name='buy_in'";
|
|
}
|
|
$result = mysqli_query($conn, $sql_money);
|
|
$result_profit = mysqli_query($conn, $sql_profit);
|
|
|
|
if ($result && $result_profit) {
|
|
echo "<script type='text/javascript'>
|
|
var details = '" . $details . "';
|
|
var total = '" . $fruitprice . "';
|
|
var date = '" . $formattedDate . "';
|
|
window.location.href = './interfaces/show_receipt.php?details=' + encodeURIComponent(details) + '&total=' + encodeURIComponent(total) + '&date=' + encodeURIComponent(date);
|
|
</script>";
|
|
}
|
|
else {
|
|
header('Location: ./interfaces/failed.php');
|
|
}
|
|
}
|
|
else {
|
|
$errorMessage = urlencode("Insufficient inventory for item '$name'");
|
|
header("Location: ./interfaces/failed.php?why=$errorMessage");
|
|
exit();
|
|
}
|
|
}
|
|
?>
|