admin/34788-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34788-vm/admin.php
Flatlogic Bot 2928381868 Revert to version 27d5988
2025-10-08 11:45:34 +00:00

222 lines
11 KiB
PHP
Raw Permalink Blame History

<?php
session_start();
// Hardcoded admin credentials
define('ADMIN_USER', 'admin@example.com');
define('ADMIN_PASS', 'password');
$error = null;
$success = null;
// Handle login
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login'])) {
if ($_POST['email'] === ADMIN_USER && $_POST['password'] === ADMIN_PASS) {
$_SESSION['admin_logged_in'] = true;
header('Location: admin.php');
exit;
} else {
$error = 'Invalid credentials.';
}
}
// Handle price update
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_prices'])) {
if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
header('Location: admin.php');
exit;
}
require_once 'db/config.php';
$petrol_price = $_POST['petrol_price'] ?? 0;
$diesel_price = $_POST['diesel_price'] ?? 0;
try {
$pdo = db();
$stmt = $pdo->prepare("UPDATE prices SET price = :price WHERE fuel_type = :fuel_type");
$stmt->execute(['price' => $petrol_price, 'fuel_type' => 'petrol']);
$stmt->execute(['price' => $diesel_price, 'fuel_type' => 'diesel']);
$success = 'Prices updated successfully!';
} catch (PDOException $e) {
$error = 'Database error: ' . $e->getMessage();
}
}
// Fetch current prices and orders if admin is logged in
$prices = [];
$orders = [];
if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in']) {
require_once 'db/config.php';
try {
$pdo = db();
// Fetch prices
$stmt = $pdo->query("SELECT * FROM prices");
$all_prices = $stmt->fetchAll();
foreach ($all_prices as $p) {
$prices[$p['fuel_type']] = $p['price'];
}
// Fetch orders
$stmt = $pdo->query("SELECT * FROM orders ORDER BY order_date DESC");
$orders = $stmt->fetchAll();
} catch (PDOException $e) {
$error = 'Database error: ' . $e->getMessage();
}
}
// Check for status update messages
if (isset($_SESSION['update_success'])) {
$success = $_SESSION['update_success'];
unset($_SESSION['update_success']);
}
if (isset($_SESSION['update_error'])) {
$error = $_SESSION['update_error'];
unset($_SESSION['update_error']);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin - Petrol Price Management</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand" href="index.php">Petrol Price Co.</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav ms-auto">
<li class="nav-item"><a class="nav-link" href="index.php">Home</a></li>
<?php if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in']): ?>
<li class="nav-item"><a class="nav-link" href="logout.php">Logout</a></li>
<?php else: ?>
<li class="nav-item"><a class="nav-link" href="login.php">Customer Login</a></li>
<?php endif; ?>
</ul>
</div>
</div>
</nav>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-10 col-lg-8">
<?php if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']): ?>
<div class="card">
<div class="card-header text-white text-center" style="background-color: #0a2351;">
<h4>Admin Login</h4>
</div>
<div class="card-body">
<?php if ($error): ?>
<div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<form action="admin.php" method="POST">
<input type="hidden" name="login" value="1">
<div class="mb-3">
<label for="email" class="form-label">Email address</label>
<input type="email" class="form-control" id="email" name="email" required value="admin@example.com">
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" name="password" required value="password">
</div>
<div class="d-grid">
<button type="submit" class="btn btn-primary">Login</button>
</div>
</form>
</div>
</div>
<?php else: ?>
<div class="card mb-4">
<div class="card-header text-white text-center" style="background-color: #0a2351;">
<h4>Update Fuel Prices</h4>
</div>
<div class="card-body">
<?php if ($error && !isset($_SESSION['update_error']) && !isset($_SESSION['update_success'])): ?><div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div><?php endif; ?>
<?php if ($success && !isset($_SESSION['update_success']) && !isset($_SESSION['update_error'])): ?><div class="alert alert-success"><?php echo htmlspecialchars($success); ?></div><?php endif; ?>
<form action="admin.php" method="POST">
<input type="hidden" name="update_prices" value="1">
<div class="mb-3">
<label for="petrol_price" class="form-label">Petrol Price (per litre)</label>
<input type="number" step="0.01" class="form-control" id="petrol_price" name="petrol_price" required value="<?php echo htmlspecialchars($prices['petrol'] ?? '0.00'); ?>">
</div>
<div class="mb-3">
<label for="diesel_price" class="form-label">Diesel Price (per litre)</label>
<input type="number" step="0.01" class="form-control" id="diesel_price" name="diesel_price" required value="<?php echo htmlspecialchars($prices['diesel'] ?? '0.00'); ?>">
</div>
<div class="d-grid">
<button type="submit" class="btn btn-primary">Update Prices</button>
</div>
</form>
</div>
</div>
<div class="card">
<div class="card-header text-white text-center" style="background-color: #0a2351;">
<h4>Order Management</h4>
</div>
<div class="card-body">
<?php if (isset($_SESSION['update_error'])): ?><div class="alert alert-danger"><?php echo htmlspecialchars($_SESSION['update_error']); unset($_SESSION['update_error']); ?></div><?php endif; ?>
<?php if (isset($_SESSION['update_success'])): ?><div class="alert alert-success"><?php echo htmlspecialchars($_SESSION['update_success']); unset($_SESSION['update_success']); ?></div><?php endif; ?>
<div class="table-responsive">
<table class="table table-striped table-hover">
<thead>
<tr>
<th>Order ID</th>
<th>Customer</th>
<th>Fuel Type</th>
<th>Quantity (L)</th>
<th>Total Price</th>
<th>Order Date</th>
<th>Status</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<?php if (empty($orders)): ?>
<tr><td colspan="8" class="text-center">No orders found.</td></tr>
<?php else: ?>
<?php foreach ($orders as $order): ?>
<tr>
<td><?php echo htmlspecialchars($order['id']); ?></td>
<td><?php echo htmlspecialchars($order['user_id']); ?></td>
<td><?php echo htmlspecialchars(ucfirst($order['fuel_type'])); ?></td>
<td><?php echo htmlspecialchars($order['quantity']); ?></td>
<td>$<?php echo htmlspecialchars(number_format($order['total_price'], 2)); ?></td>
<td><?php echo htmlspecialchars(date("Y-m-d H:i", strtotime($order['order_date']))); ?></td>
<form action="update_order_status.php" method="POST" class="d-inline">
<td>
<input type="hidden" name="order_id" value="<?php echo $order['id']; ?>">
<select name="status" class="form-select form-select-sm">
<option value="Pending" <?php echo $order['status'] === 'Pending' ? 'selected' : ''; ?>>Pending</option>
<option value="Completed" <?php echo $order['status'] === 'Completed' ? 'selected' : ''; ?>>Completed</option>
<option value="Cancelled" <?php echo $order['status'] === 'Cancelled' ? 'selected' : ''; ?>>Cancelled</option>
</select>
</td>
<td>
<button type="submit" class="btn btn-sm btn-primary">Update</button>
</td>
</form>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
</div>
</div>
</div>
<?php endif; ?>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink