admin/34943-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34943-vm/place_order.php
Flatlogic Bot 0fcbb065ea 0001
2025-10-14 03:03:16 +00:00

118 lines
4.1 KiB
PHP
Raw Permalink Blame History

<?php
require_once __DIR__ . '/db/config.php';
require_once __DIR__ . '/mail/MailService.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: index.php');
exit;
}
// --- Validation ---
$customer_name = filter_input(INPUT_POST, 'customer_name', FILTER_SANITIZE_STRING);
$customer_email = filter_input(INPUT_POST, 'customer_email', FILTER_VALIDATE_EMAIL);
$customer_phone = filter_input(INPUT_POST, 'customer_phone', FILTER_SANITIZE_STRING);
$delivery_address = filter_input(INPUT_POST, 'delivery_address', FILTER_SANITIZE_STRING);
$cart_data_json = $_POST['cart_data'];
if (!$customer_name || !$customer_email || !$delivery_address || !$cart_data_json) {
$_SESSION['error_message'] = 'Please fill in all required fields.';
header('Location: checkout.php');
exit;
}
$cart = json_decode($cart_data_json, true);
if (!$cart || empty($cart['items']) || !$cart['restaurantId']) {
$_SESSION['error_message'] = 'Your cart is invalid. Please try again.';
header('Location: cart.php');
exit;
}
$pdo = db();
// --- Calculate Total and Verify Prices ---
$total_price = 0;
$item_ids = array_map(function($item) { return $item['id']; }, $cart['items']);
$placeholders = implode(',', array_fill(0, count($item_ids), '?'));
$stmt = $pdo->prepare("SELECT id, price FROM menu_items WHERE id IN ($placeholders)");
$stmt->execute($item_ids);
$db_items = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
foreach ($cart['items'] as &$item) {
if (!isset($db_items[$item['id']])) {
die("Invalid item in cart."); // Or handle more gracefully
}
$item['price'] = $db_items[$item['id']]; // Use price from DB for security
$total_price += $item['price'] * $item['quantity'];
}
unset($item);
// --- Database Transaction ---
try {
$pdo->beginTransaction();
$user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
// 1. Insert into orders table
$stmt = $pdo->prepare(
'INSERT INTO orders (user_id, restaurant_id, customer_name, customer_email, customer_phone, delivery_address, total_price) VALUES (?, ?, ?, ?, ?, ?, ?)'
);
$stmt->execute([
$user_id,
$cart['restaurantId'],
$customer_name,
$customer_email,
$customer_phone,
$delivery_address,
$total_price
]);
$order_id = $pdo->lastInsertId();
// 2. Insert into order_items table
$stmt = $pdo->prepare('INSERT INTO order_items (order_id, menu_item_id, quantity, price) VALUES (?, ?, ?, ?)');
foreach ($cart['items'] as $item) {
$stmt->execute([
$order_id,
$item['id'],
$item['quantity'],
$item['price']
]);
}
$pdo->commit();
$_SESSION['last_order_id'] = $order_id;
// --- Send Emails ---
// To Customer
$customer_subject = "Your MajuroEats Order #{$order_id} is Confirmed";
$customer_html = "<h1>Thank you for your order!</h1><p>Your order with ID <strong>#{$order_id}</strong> has been placed.</p><p>We will notify you once the restaurant confirms it.</p>";
MailService::sendMail($customer_email, $customer_subject, $customer_html, strip_tags($customer_html));
// To Restaurant
$stmt_restaurant = $pdo->prepare('SELECT u.email FROM users u JOIN restaurants r ON u.id = r.user_id WHERE r.id = ?');
$stmt_restaurant->execute([$cart['restaurantId']]);
$restaurant_email = $stmt_restaurant->fetchColumn();
if ($restaurant_email) {
$restaurant_subject = "New Order Received (#{$order_id})";
$restaurant_html = "<h1>You have a new order!</h1><p>Order ID: <strong>#{$order_id}</strong></p><p>Please log in to your dashboard to view the details and confirm the order.</p>";
MailService::sendMail($restaurant_email, $restaurant_subject, $restaurant_html, strip_tags($restaurant_html));
}
header('Location: order_confirmation.php');
exit;
} catch (Exception $e) {
if ($pdo->inTransaction()) {
$pdo->rollBack();
}
// In a real app, log this error
$_SESSION['error_message'] = 'There was a problem placing your order. Please try again.';
header('Location: checkout.php');
exit;
}
Reference in New Issue View Git Blame Copy Permalink