49 lines
1.4 KiB
PHP
49 lines
1.4 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
// Protect the page: check if user is logged in and is a restaurant owner
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: login.php');
|
|
exit();
|
|
}
|
|
|
|
require_once 'db/config.php';
|
|
|
|
// Basic validation
|
|
if (empty($_POST['item_name']) || !isset($_POST['item_price']) || empty($_POST['restaurant_id'])) {
|
|
die('Please fill all required fields.');
|
|
}
|
|
|
|
$item_name = $_POST['item_name'];
|
|
$item_description = $_POST['item_description'] ?? '';
|
|
$item_price = filter_var($_POST['item_price'], FILTER_VALIDATE_FLOAT);
|
|
$restaurant_id = $_POST['restaurant_id'];
|
|
|
|
if ($item_price === false || $item_price < 0) {
|
|
die('Invalid price format.');
|
|
}
|
|
|
|
$pdo = db();
|
|
|
|
// Verify that the current user owns the restaurant they are trying to add to
|
|
$stmt = $pdo->prepare("SELECT id FROM restaurants WHERE id = ? AND user_id = ?");
|
|
$stmt->execute([$restaurant_id, $_SESSION['user_id']]);
|
|
if (!$stmt->fetch()) {
|
|
die('You do not have permission to add items to this restaurant.');
|
|
}
|
|
|
|
try {
|
|
$stmt_insert = $pdo->prepare(
|
|
"INSERT INTO menu_items (restaurant_id, name, description, price) VALUES (?, ?, ?, ?)"
|
|
);
|
|
$stmt_insert->execute([$restaurant_id, $item_name, $item_description, $item_price]);
|
|
|
|
// Redirect back to the dashboard
|
|
header("Location: dashboard.php?item_added=success");
|
|
exit();
|
|
|
|
} catch (PDOException $e) {
|
|
// In a real app, you would log this error
|
|
die("Error adding menu item: " . $e->getMessage());
|
|
}
|