43 lines
1.3 KiB
PHP
43 lines
1.3 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
// Ensure only admins can access this script
|
|
if (!isset($_SESSION['admin_logged_in']) || !$_SESSION['admin_logged_in']) {
|
|
$_SESSION['update_error'] = 'You must be logged in to update orders.';
|
|
header('Location: admin.php');
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['order_id'], $_POST['status'])) {
|
|
require_once 'db/config.php';
|
|
|
|
$order_id = $_POST['order_id'];
|
|
$status = $_POST['status'];
|
|
$allowed_statuses = ['Pending', 'Completed', 'Cancelled'];
|
|
|
|
if (!in_array($status, $allowed_statuses)) {
|
|
$_SESSION['update_error'] = 'Invalid status value.';
|
|
header('Location: admin.php');
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("UPDATE orders SET status = :status WHERE id = :order_id");
|
|
$stmt->execute(['status' => $status, 'order_id' => $order_id]);
|
|
|
|
if ($stmt->rowCount()) {
|
|
$_SESSION['update_success'] = "Order #{$order_id} has been updated to '{$status}'.";
|
|
} else {
|
|
$_SESSION['update_error'] = "Could not find Order #{$order_id} to update.";
|
|
}
|
|
} catch (PDOException $e) {
|
|
$_SESSION['update_error'] = 'Database error: ' . $e->getMessage();
|
|
}
|
|
} else {
|
|
$_SESSION['update_error'] = 'Invalid request.';
|
|
}
|
|
|
|
header('Location: admin.php');
|
|
exit;
|