34 lines
1.1 KiB
PHP
34 lines
1.1 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'restaurant_owner') {
|
|
header('Location: login.php');
|
|
exit();
|
|
}
|
|
|
|
require_once 'db/config.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$order_id = filter_input(INPUT_POST, 'order_id', FILTER_VALIDATE_INT);
|
|
$status = filter_input(INPUT_POST, 'status', FILTER_SANITIZE_STRING);
|
|
$allowed_statuses = ['pending', 'confirmed', 'delivered', 'cancelled'];
|
|
|
|
if ($order_id && $status && in_array($status, $allowed_statuses)) {
|
|
$pdo = db();
|
|
// Verify the order belongs to the logged-in user's restaurant
|
|
$stmt = $pdo->prepare(
|
|
"SELECT o.id FROM orders o JOIN restaurants r ON o.restaurant_id = r.id WHERE o.id = ? AND r.user_id = ?"
|
|
);
|
|
$stmt->execute([$order_id, $_SESSION['user_id']]);
|
|
$order_exists = $stmt->fetch();
|
|
|
|
if ($order_exists) {
|
|
$stmt_update = $pdo->prepare("UPDATE orders SET status = ? WHERE id = ?");
|
|
$stmt_update->execute([$status, $order_id]);
|
|
}
|
|
}
|
|
}
|
|
|
|
header('Location: dashboard.php');
|
|
exit();
|