admin/34968-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V5

Browse Source
This commit is contained in:
Flatlogic Bot 2025-10-15 00:36:03 +00:00
parent eb2cf1a3fb
commit a6434721b7
21 changed files with 666 additions and 214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
admin/footer.php Normal file
View File

@ -0,0 +1,3 @@
</div>
</body>
</html>

29
admin/header.php Normal file
View File

@ -0,0 +1,29 @@
<?php
session_start();
if (!isset($_SESSION['admin_logged_in']) || $_SESSION['admin_logged_in'] !== true) {
header('Location: login.php');
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin Panel</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-light bg-light">
<div class="container-fluid">
<a class="navbar-brand" href="index.php">Admin Panel</a>
<div class="collapse navbar-collapse">
<ul class="navbar-nav ms-auto">
<li class="nav-item">
<a class="nav-link" href="logout.php">Logout</a>
</li>
</ul>
</div>
</div>
</nav>
<div class="container mt-4">

45
admin/index.php Normal file
View File

@ -0,0 +1,45 @@
<?php
require_once 'header.php';
require_once '../db/config.php';
$db = db();
$stmt = $db->query("SELECT o.id, o.user_id, o.total_price, o.status, o.created_at, u.name AS user_name FROM orders o JOIN users u ON o.user_id = u.id ORDER BY o.created_at DESC");
$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>
<h2>Order Management</h2>
<table class="table table-striped">
<thead>
<tr>
<th>Order ID</th>
<th>Customer</th>
<th>Total Price</th>
<th>Status</th>
<th>Order Date</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php if (empty($orders)): ?>
<tr>
<td colspan="6" class="text-center">No orders found.</td>
</tr>
<?php else: ?>
<?php foreach ($orders as $order): ?>
<tr>
<td><?php echo htmlspecialchars($order['id']); ?></td>
<td><?php echo htmlspecialchars($order['user_name']); ?></td>
<td>$<?php echo htmlspecialchars(number_format($order['total_price'], 2)); ?></td>
<td><?php echo htmlspecialchars($order['status']); ?></td>
<td><?php echo htmlspecialchars($order['created_at']); ?></td>
<td>
<a href="order_details.php?id=<?php echo $order['id']; ?>" class="btn btn-primary btn-sm">View Details</a>
</td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
<?php require_once 'footer.php'; ?>

47
admin/login.php Normal file
View File

@ -0,0 +1,47 @@
<?php
session_start();
if (isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true) {
header('Location: index.php');
exit;
}
$error = $_SESSION['login_error'] ?? '';
unset($_SESSION['login_error']);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin Login</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
Admin Login
</div>
<div class="card-body">
<?php if ($error): ?>
<div class="alert alert-danger"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<form action="login_process.php" method="POST">
<div class="mb-3">
<label for="username" class="form-label">Username</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<button type="submit" class="btn btn-primary">Login</button>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

20
admin/login_process.php Normal file
View File

@ -0,0 +1,20 @@
<?php
session_start();
require_once '../db/config.php';
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
// For now, we are using hardcoded credentials.
// TODO: Replace with a secure way to store and check admin credentials.
if ($username === 'admin' && $password === 'password') {
$_SESSION['admin_logged_in'] = true;
$_SESSION['admin_username'] = $username;
header('Location: index.php');
exit;
} else {
$_SESSION['login_error'] = 'Invalid username or password.';
header('Location: login.php');
exit;
}
?>

6
admin/logout.php Normal file
View File

@ -0,0 +1,6 @@
<?php
session_start();
session_unset();
session_destroy();
header('Location: login.php');
exit;

101
admin/order_details.php Normal file
View File

@ -0,0 +1,101 @@
<?php
require_once 'header.php';
require_once '../db/config.php';
if (!isset($_GET['id'])) {
echo "<div class='alert alert-danger'>No order ID specified.</div>";
require_once 'footer.php';
exit;
}
$order_id = $_GET['id'];
$db = db();
// Handle status update
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['status'])) {
$status = $_POST['status'];
$update_stmt = $db->prepare("UPDATE orders SET status = :status WHERE id = :order_id");
$update_stmt->bindParam(':status', $status);
$update_stmt->bindParam(':order_id', $order_id);
$update_stmt->execute();
}
// Fetch order details
$order_stmt = $db->prepare("SELECT o.*, u.name AS user_name, u.email AS user_email FROM orders o JOIN users u ON o.user_id = u.id WHERE o.id = :order_id");
$order_stmt->bindParam(':order_id', $order_id);
$order_stmt->execute();
$order = $order_stmt->fetch(PDO::FETCH_ASSOC);
if (!$order) {
echo "<div class='alert alert-danger'>Order not found.</div>";
require_once 'footer.php';
exit;
}
// Fetch order items
$items_stmt = $db->prepare("SELECT oi.*, p.name AS product_name FROM order_items oi JOIN products p ON oi.product_id = p.id WHERE oi.order_id = :order_id");
$items_stmt->bindParam(':order_id', $order_id);
$items_stmt->execute();
$items = $items_stmt->fetchAll(PDO::FETCH_ASSOC);
?>
<h2>Order Details #<?php echo htmlspecialchars($order['id']); ?></h2>
<div class="card mb-4">
<div class="card-header">Customer & Order Info</div>
<div class="card-body">
<p><strong>Customer:</strong> <?php echo htmlspecialchars($order['user_name']); ?></p>
<p><strong>Email:</strong> <?php echo htmlspecialchars($order['user_email']); ?></p>
<p><strong>Address:</strong> <?php echo htmlspecialchars($order['delivery_address']); ?></p>
<p><strong>Total Price:</strong> $<?php echo htmlspecialchars(number_format($order['total_price'], 2)); ?></p>
<p><strong>Order Date:</strong> <?php echo htmlspecialchars($order['created_at']); ?></p>
<p><strong>Status:</strong> <?php echo htmlspecialchars($order['status']); ?></p>
</div>
</div>
<div class="card mb-4">
<div class="card-header">Order Items</div>
<div class="card-body">
<table class="table">
<thead>
<tr>
<th>Product</th>
<th>Quantity</th>
<th>Price</th>
</tr>
</thead>
<tbody>
<?php foreach ($items as $item): ?>
<tr>
<td><?php echo htmlspecialchars($item['product_name']); ?></td>
<td><?php echo htmlspecialchars($item['quantity']); ?></td>
<td>$<?php echo htmlspecialchars(number_format($item['price'], 2)); ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<div class="card">
<div class="card-header">Update Status</div>
<div class="card-body">
<form action="order_details.php?id=<?php echo $order['id']; ?>" method="POST">
<div class="input-group">
<select name="status" class="form-select">
<option value="Pending" <?php echo $order['status'] === 'Pending' ? 'selected' : ''; ?>>Pending</option>
<option value="Confirmed" <?php echo $order['status'] === 'Confirmed' ? 'selected' : ''; ?>>Confirmed</option>
<option value="In Progress" <?php echo $order['status'] === 'In Progress' ? 'selected' : ''; ?>>In Progress</option>
<option value="Out for Delivery" <?php echo $order['status'] === 'Out for Delivery' ? 'selected' : ''; ?>>Out for Delivery</option>
<option value="Completed" <?php echo $order['status'] === 'Completed' ? 'selected' : ''; ?>>Completed</option>
<option value="Cancelled" <?php echo $order['status'] === 'Cancelled' ? 'selected' : ''; ?>>Cancelled</option>
</select>
<button type="submit" class="btn btn-primary">Update</button>
</div>
</form>
</div>
</div>
<a href="index.php" class="btn btn-secondary mt-3">Back to Orders</a>
<?php require_once 'footer.php'; ?>

129
cart.php
View File

@ -1,80 +1,67 @@
<?php
session_start();
require_once 'db/config.php';
include 'header.php';
$cart_items = [];
$total_price = 0;
$user_id = $_SESSION['user_id'] ?? null;
$session_id = session_id();
$pdoconnection = db();
if (!empty($_SESSION['cart'])) {
$menu_item_ids = array_keys($_SESSION['cart']);
$placeholders = implode(',', array_fill(0, count($menu_item_ids), '?'));
$stmt = db()->prepare("SELECT * FROM menu_items WHERE id IN ($placeholders)");
$stmt->execute($menu_item_ids);
$db_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($db_items as $item) {
$quantity = $_SESSION['cart'][$item['id']];
$item_total = $item['price'] * $quantity;
$total_price += $item_total;
$cart_items[] = [
'id' => $item['id'],
'name' => $item['name'],
'price' => $item['price'],
'quantity' => $quantity,
'total' => $item_total
];
}
// Fetch cart items
if ($user_id) {
$stmt = $pdoconnection->prepare("SELECT c.id, mi.name, mi.price, c.quantity, r.name as restaurant_name FROM cart c JOIN menu_items mi ON c.menu_item_id = mi.id JOIN restaurants r ON mi.restaurant_id = r.id WHERE c.user_id = :user_id");
$stmt->bindParam(':user_id', $user_id);
} else {
$stmt = $pdoconnection->prepare("SELECT c.id, mi.name, mi.price, c.quantity, r.name as restaurant_name FROM cart c JOIN menu_items mi ON c.menu_item_id = mi.id JOIN restaurants r ON mi.restaurant_id = r.id WHERE c.session_id = :session_id");
$stmt->bindParam(':session_id', $session_id);
}
$stmt->execute();
$cartItems = $stmt->fetchAll(PDO::FETCH_ASSOC);
$totalPrice = 0;
include 'header.php';
?>
<main>
<div class="container">
<h1>Your Cart</h1>
<?php if (empty($cart_items)): ?>
<p>Your cart is empty.</p>
<?php else: ?>
<table class="cart-table">
<thead>
<tr>
<th>Item</th>
<th>Price</th>
<th>Quantity</th>
<th>Total</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<?php foreach ($cart_items as $item): ?>
<tr>
<td><?= htmlspecialchars($item['name']) ?></td>
<td>$<?= htmlspecialchars(number_format($item['price'], 2)) ?></td>
<td>
<form action="cart_actions.php" method="POST" class="update-form">
<input type="hidden" name="action" value="update">
<input type="hidden" name="menu_item_id" value="<?= $item['id'] ?>">
<input type="number" name="quantity" value="<?= $item['quantity'] ?>" min="1" class="quantity-input">
<button type="submit" class="update-btn">Update</button>
</form>
</td>
<td>$<?= htmlspecialchars(number_format($item['total'], 2)) ?></td>
<td>
<a href="cart_actions.php?action=remove&menu_item_id=<?= $item['id'] ?>" class="remove-link">Remove</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<div class="cart-total">
<h3>Total: $<?= htmlspecialchars(number_format($total_price, 2)) ?></h3>
</div>
<div class="cart-actions">
<a href="cart_actions.php?action=clear" class="clear-cart-btn">Clear Cart</a>
<a href="checkout.php" class="checkout-btn">Proceed to Checkout</a>
</div>
<?php endif; ?>
</div>
</main>
<div class="container mt-5">
<h2 class="text-center mb-4">Your Shopping Cart</h2>
<?php include 'footer.php'; ?>
<?php if (count($cartItems) > 0): ?>
<table class="table">
<thead>
<tr>
<th scope="col">Item</th>
<th scope="col">Price</th>
<th scope="col">Quantity</th>
<th scope="col">Total</th>
</tr>
</thead>
<tbody>
<?php foreach ($cartItems as $item): ?>
<?php
$itemTotal = $item['price'] * $item['quantity'];
$totalPrice += $itemTotal;
?>
<tr>
<td><?php echo htmlspecialchars($item['name']); ?></td>
<td>$<?php echo number_format($item['price'], 2); ?></td>
<td><?php echo $item['quantity']; ?></td>
<td>$<?php echo number_format($itemTotal, 2); ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<div class="text-end">
<h4>Subtotal: $<?php echo number_format($totalPrice, 2); ?></h4>
<a href="checkout.php" class="btn btn-primary mt-3">Proceed to Checkout</a>
</div>
<?php else: ?>
<div class="text-center">
<p>Your cart is empty.</p>
<a href="index.php" class="btn btn-primary">Continue Shopping</a>
</div>
<?php endif; ?>
</div>
<?php require_once 'footer.php'; ?>

28
cart_actions.php
View File

@ -2,14 +2,8 @@
session_start();
require_once 'db/config.php';
// Check if user is logged in, if not, redirect to login page
if (!isset($_SESSION['user_id'])) {
// For now, we'll use a hardcoded user_id for simplicity.
// In a real application, you would redirect to a login page.
$_SESSION['user_id'] = 1; // Hardcoded user_id for demonstration
}
$user_id = $_SESSION['user_id'];
$user_id = $_SESSION['user_id'] ?? null;
$session_id = session_id();
$action = $_POST['action'] ?? '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
@ -22,8 +16,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pdo = db();
// Check if the item is already in the cart
$stmt = $pdo->prepare("SELECT * FROM cart WHERE user_id = ? AND menu_item_id = ?");
$stmt->execute([$user_id, $menu_item_id]);
if ($user_id) {
$stmt = $pdo->prepare("SELECT * FROM cart WHERE user_id = ? AND menu_item_id = ?");
$stmt->execute([$user_id, $menu_item_id]);
} else {
$stmt = $pdo->prepare("SELECT * FROM cart WHERE session_id = ? AND menu_item_id = ?");
$stmt->execute([$session_id, $menu_item_id]);
}
$existing_item = $stmt->fetch();
if ($existing_item) {
@ -33,8 +32,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$update_stmt->execute([$new_quantity, $existing_item['id']]);
} else {
// If item does not exist, insert it
$insert_stmt = $pdo->prepare("INSERT INTO cart (user_id, menu_item_id, quantity) VALUES (?, ?, ?)");
$insert_stmt->execute([$user_id, $menu_item_id, $quantity]);
if ($user_id) {
$insert_stmt = $pdo->prepare("INSERT INTO cart (user_id, menu_item_id, quantity) VALUES (?, ?, ?)");
$insert_stmt->execute([$user_id, $menu_item_id, $quantity]);
} else {
$insert_stmt = $pdo->prepare("INSERT INTO cart (session_id, menu_item_id, quantity) VALUES (?, ?, ?)");
$insert_stmt->execute([$session_id, $menu_item_id, $quantity]);
}
}
echo json_encode(['success' => true, 'message' => 'Item added to cart.']);

141
checkout.php
View File

@ -2,99 +2,76 @@
session_start();
require_once 'db/config.php';
// If user is not logged in, redirect to login page
// Redirect to login if user is not logged in
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
header("Location: login.php");
exit();
}
// If cart is empty, redirect to cart page
if (empty($_SESSION['cart'])) {
header('Location: cart.php');
exit;
$userId = $_SESSION['user_id'];
$pdoconnection = db();
// Fetch cart items
$stmt = $pdoconnection->prepare("SELECT c.id, mi.name, mi.price, c.quantity, r.name as restaurant_name, r.id as restaurant_id FROM cart c JOIN menu_items mi ON c.menu_item_id = mi.id JOIN restaurants r ON mi.restaurant_id = r.id WHERE c.user_id = :user_id");
$stmt->bindParam(':user_id', $userId);
$stmt->execute();
$cartItems = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (empty($cartItems)) {
header("Location: cart.php");
exit();
}
$cart_items = [];
$total_price = 0;
$restaurant_id = $_SESSION['cart_restaurant'];
$menu_item_ids = array_keys($_SESSION['cart']);
$placeholders = implode(',', array_fill(0, count($menu_item_ids), '?'));
$stmt = db()->prepare("SELECT * FROM menu_items WHERE id IN ($placeholders)");
$stmt->execute($menu_item_ids);
$db_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($db_items as $item) {
$quantity = $_SESSION['cart'][$item['id']];
$item_total = $item['price'] * $quantity;
$total_price += $item_total;
$cart_items[] = [
'id' => $item['id'],
'name' => $item['name'],
'price' => $item['price'],
'quantity' => $quantity,
'total' => $item_total
];
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$user_id = $_SESSION['user_id'];
// Insert into orders table
$stmt = db()->prepare("INSERT INTO orders (user_id, restaurant_id, total_price, status) VALUES (?, ?, ?, ?)");
$stmt->execute([$user_id, $restaurant_id, $total_price, 'pending']);
$order_id = db()->lastInsertId();
// Insert into order_items table
$stmt = db()->prepare("INSERT INTO order_items (order_id, menu_item_id, quantity, price) VALUES (?, ?, ?, ?)");
foreach ($cart_items as $item) {
$stmt->execute([$order_id, $item['id'], $item['quantity'], $item['price']]);
}
// Clear the cart
$_SESSION['cart'] = [];
$_SESSION['cart_restaurant'] = null;
// Redirect to a confirmation page
header('Location: order_confirmation.php?id=' . $order_id);
exit;
$totalPrice = 0;
$restaurantId = $cartItems[0]['restaurant_id'];
$restaurantName = $cartItems[0]['restaurant_name'];
foreach ($cartItems as $item) {
$totalPrice += $item['price'] * $item['quantity'];
}
include 'header.php';
?>
<main>
<div class="container">
<h1>Checkout</h1>
<div class="checkout-summary">
<h2>Order Summary</h2>
<table class="cart-table">
<thead>
<tr>
<th>Item</th>
<th>Quantity</th>
<th>Total</th>
</tr>
</thead>
<tbody>
<?php foreach ($cart_items as $item): ?>
<tr>
<td><?= htmlspecialchars($item['name']) ?></td>
<td><?= $item['quantity'] ?></td>
<td>$<?= htmlspecialchars(number_format($item['total'], 2)) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<div class="cart-total">
<h3>Total: $<?= htmlspecialchars(number_format($total_price, 2)) ?></h3>
</div>
<form action="checkout.php" method="POST" class="checkout-form">
<button type="submit" class="checkout-btn">Place Order</button>
<div class="container mt-5">
<h2 class="text-center mb-4">Checkout</h2>
<div class="row">
<div class="col-md-8">
<h4>Delivery Information</h4>
<form action="order_process.php" method="POST">
<div class="mb-3">
<label for="name" class="form-label">Full Name</label>
<input type="text" class="form-control" id="name" name="name" required>
</div>
<div class="mb-3">
<label for="address" class="form-label">Address</label>
<input type="text" class="form-control" id="address" name="address" required>
</div>
<div class="mb-3">
<label for="phone" class="form-label">Phone Number</label>
<input type="text" class="form-control" id="phone" name="phone" required>
</div>
<input type="hidden" name="restaurant_id" value="<?php echo $restaurantId; ?>">
<input type="hidden" name="total_price" value="<?php echo $totalPrice; ?>">
<button type="submit" class="btn btn-primary">Place Order</button>
</form>
</div>
<div class="col-md-4">
<h4>Order Summary</h4>
<h5><?php echo htmlspecialchars($restaurantName); ?></h5>
<ul class="list-group mb-3">
<?php foreach ($cartItems as $item): ?>
<li class="list-group-item d-flex justify-content-between align-items-center">
<?php echo htmlspecialchars($item['name']); ?> (x<?php echo $item['quantity']; ?>)
<span>$<?php echo number_format($item['price'] * $item['quantity'], 2); ?></span>
</li>
<?php endforeach; ?>
<li class="list-group-item d-flex justify-content-between align-items-center fw-bold">
Total
<span>$<?php echo number_format($totalPrice, 2); ?></span>
</li>
</ul>
</div>
</div>
</main>
</div>
<?php include 'footer.php'; ?>
<?php include 'footer.php'; ?>

2
footer.php
View File

@ -1,6 +1,6 @@
<footer>
<div class="container">
<p>&copy; <?php echo date("Y"); ?> Majuro Eats. All Rights Reserved.</p>
<p>&copy; <?php echo date("Y"); ?> Majuro Eats. All Rights Reserved. | <a href="/admin/login.php">Admin Login</a></p>
</div>
</footer>
</body>

20
header.php
View File

@ -21,7 +21,24 @@ session_start();
</div>
<div class="user-actions">
<?php
$cart_item_count = isset($_SESSION['cart']) ? count($_SESSION['cart']) : 0;
require_once 'db/config.php';
$cart_item_count = 0;
$db = db();
if (isset($_SESSION['user_id'])) {
$stmt = $db->prepare('SELECT SUM(quantity) as item_count FROM cart WHERE user_id = ?');
$stmt->execute([$_SESSION['user_id']]);
$result = $stmt->fetch();
if ($result && $result['item_count'] > 0) {
$cart_item_count = $result['item_count'];
}
} else {
$stmt = $db->prepare('SELECT SUM(quantity) as item_count FROM cart WHERE session_id = ?');
$stmt->execute([session_id()]);
$result = $stmt->fetch();
if ($result && $result['item_count'] > 0) {
$cart_item_count = $result['item_count'];
}
}
?>
<a href="cart.php" class="cart-icon">
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="9" cy="21" r="1"></circle><circle cx="20" cy="21" r="1"></circle><path d="M1 1h4l2.68 13.39a2 2 0 0 0 2 1.61h9.72a2 2 0 0 0 2-1.61L23 6H6"></path></svg>
@ -29,6 +46,7 @@ session_start();
</a>
<?php if (isset($_SESSION['user_id'])): ?>
<span>Welcome, <?php echo htmlspecialchars($_SESSION['user_name']); ?></span>
<a href="profile.php">My Profile</a>
<a href="logout.php">Logout</a>
<?php else: ?>
<a href="login.php">Login</a>

10
login_process.php
View File

@ -23,7 +23,15 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$user_id = $user['id'];
$session_id = session_id();
// Merge guest cart with user cart
$merge_sql = "UPDATE cart SET user_id = ?, session_id = NULL WHERE session_id = ?";
$merge_stmt = $pdo->prepare($merge_sql);
$merge_stmt->execute([$user_id, $session_id]);
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user['name'];
header("Location: index.php");
exit;

10
menu.php
View File

@ -11,8 +11,14 @@ if (!$restaurant_id) {
$pdo = db();
// Fetch restaurant details
$restaurant_stmt = $pdo->prepare("SELECT * FROM restaurants WHERE id = ?");
// Fetch restaurant details along with average rating
$restaurant_stmt = $pdo->prepare("
SELECT r.*, AVG(rt.rating) as rating, COUNT(rt.id) as rating_count
FROM restaurants r
LEFT JOIN ratings rt ON r.id = rt.restaurant_id
WHERE r.id = ?
GROUP BY r.id
");
$restaurant_stmt->execute([$restaurant_id]);
$restaurant = $restaurant_stmt->fetch(PDO::FETCH_ASSOC);

12
migrations/20251015_create_ratings_table.sql Normal file
View File

@ -0,0 +1,12 @@
CREATE TABLE IF NOT EXISTS `ratings` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`order_id` INT NOT NULL,
`restaurant_id` INT NOT NULL,
`user_id` INT NOT NULL,
`rating` INT NOT NULL,
`comment` TEXT,
`created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (`order_id`) REFERENCES `orders`(`id`),
FOREIGN KEY (`restaurant_id`) REFERENCES `restaurants`(`id`),
FOREIGN KEY (`user_id`) REFERENCES `users`(`id`)
);

7
migrations/20251015_create_users_table.sql Normal file
View File

@ -0,0 +1,7 @@
CREATE TABLE IF NOT EXISTS `users` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`name` VARCHAR(255) NOT NULL,
`email` VARCHAR(255) NOT NULL UNIQUE,
`password` VARCHAR(255) NOT NULL,
`created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

2
migrations/20251015_update_cart_table.sql Normal file
View File

@ -0,0 +1,2 @@
ALTER TABLE `cart` ADD `session_id` VARCHAR(255) NULL AFTER `user_id`;
ALTER TABLE `cart` MODIFY `user_id` INT NULL;

33
order_confirmation.php
View File

@ -1,25 +1,32 @@
<?php
session_start();
require_once 'db/config.php';
include 'header.php';
if (!isset($_SESSION['order_id'])) {
header('Location: index.php');
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit();
}
$order_id = $_SESSION['order_id'];
unset($_SESSION['order_id']);
if (!isset($_GET['id'])) {
header("Location: index.php");
exit();
}
$orderId = $_GET['id'];
include 'header.php';
?>
<main class="container">
<div class="order-confirmation">
<h1>Thank You for Your Order!</h1>
<p>Your order has been placed successfully.</p>
<p>Your Order ID is: <strong><?php echo htmlspecialchars($order_id); ?></strong></p>
<a href="index.php" class="btn btn-primary">Continue Shopping</a>
<div class="container mt-5">
<div class="row">
<div class="col-md-8 offset-md-2 text-center">
<h2 class="mb-4">Thank You for Your Order!</h2>
<p>Your order has been placed successfully.</p>
<p>Your Order ID is: <strong><?php echo $orderId; ?></strong></p>
<p>We have received your order and will begin processing it shortly.</p>
<a href="index.php" class="btn btn-primary">Continue Shopping</a>
</div>
</div>
</main>
</div>
<?php include 'footer.php'; ?>
<?php include 'footer.php'; ?>

56
order_process.php Normal file
View File

@ -0,0 +1,56 @@
<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$userId = $_SESSION['user_id'];
$pdoconnection = db();
// Create a new order
$stmt = $pdoconnection->prepare("INSERT INTO orders (user_id, restaurant_id, total_price, status) VALUES (:user_id, :restaurant_id, :total_price, 'pending')");
$stmt->bindParam(':user_id', $userId);
$stmt->bindParam(':restaurant_id', $_POST['restaurant_id']);
$stmt->bindParam(':total_price', $_POST['total_price']);
$stmt->execute();
$orderId = $pdoconnection->lastInsertId();
// Get cart items
$stmt = $pdoconnection->prepare("SELECT * FROM cart WHERE user_id = :user_id");
$stmt->bindParam(':user_id', $userId);
$stmt->execute();
$cartItems = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Move cart items to order_items
$stmt = $pdoconnection->prepare("INSERT INTO order_items (order_id, menu_item_id, quantity, price) VALUES (:order_id, :menu_item_id, :quantity, :price)");
foreach ($cartItems as $item) {
// Get menu item price
$priceStmt = $pdoconnection->prepare("SELECT price FROM menu_items WHERE id = :menu_item_id");
$priceStmt->bindParam(':menu_item_id', $item['menu_item_id']);
$priceStmt->execute();
$menuItem = $priceStmt->fetch(PDO::FETCH_ASSOC);
$stmt->bindParam(':order_id', $orderId);
$stmt->bindParam(':menu_item_id', $item['menu_item_id']);
$stmt->bindParam(':quantity', $item['quantity']);
$stmt->bindParam(':price', $menuItem['price']);
$stmt->execute();
}
// Clear the cart
$stmt = $pdoconnection->prepare("DELETE FROM cart WHERE user_id = :user_id");
$stmt->bindParam(':user_id', $userId);
$stmt->execute();
// Redirect to order confirmation
header("Location: order_confirmation.php?id=" . $orderId);
exit();
} else {
header("Location: checkout.php");
exit();
}
?>

106
profile.php Normal file
View File

@ -0,0 +1,106 @@
<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit();
}
$user_id = $_SESSION['user_id'];
// Fetch user's orders and restaurant info
$stmt = $db()->prepare("
SELECT o.*, r.id AS restaurant_id, r.name AS restaurant_name
FROM orders o
JOIN order_items oi ON o.id = oi.order_id
JOIN menu_items mi ON oi.menu_item_id = mi.id
JOIN restaurants r ON mi.restaurant_id = r.id
WHERE o.user_id = ?
GROUP BY o.id
ORDER BY o.order_date DESC
");
$stmt->execute([$user_id]);
$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);
include 'header.php';
?>
<div class="container mt-5">
<h2>My Profile</h2>
<h4>My Orders</h4>
<?php
if (isset($_SESSION['rating_success'])) {
echo '<div class="alert alert-success">' . $_SESSION['rating_success'] . '</div>';
unset($_SESSION['rating_success']);
}
if (isset($_SESSION['rating_error'])) {
echo '<div class="alert alert-danger">' . $_SESSION['rating_error'] . '</div>';
unset($_SESSION['rating_error']);
}
?>
<?php if (count($orders) > 0): ?>
<table class="table table-bordered">
<thead>
<tr>
<th>Order ID</th>
<th>Order Date</th>
<th>Restaurant</th>
<th>Total Amount</th>
<th>Status</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<?php foreach ($orders as $order): ?>
<tr>
<td><?php echo htmlspecialchars($order['id']); ?></td>
<td><?php echo htmlspecialchars($order['order_date']); ?></td>
<td><?php echo htmlspecialchars($order['restaurant_name']); ?></td>
<td>$<?php echo htmlspecialchars(number_format($order['total_amount'], 2)); ?></td>
<td><?php echo htmlspecialchars($order['status']); ?></td>
<td>
<a href="order_details.php?order_id=<?php echo $order['id']; ?>" class="btn btn-primary">View Details</a>
<?php if ($order['status'] == 'Completed'): ?>
<button type="button" class="btn btn-success" data-bs-toggle="modal" data-bs-target="#rateModal-<?php echo $order['id']; ?>">
Rate Restaurant
</button>
<?php endif; ?>
</td>
</tr>
<!-- Rating Modal -->
<div class="modal fade" id="rateModal-<?php echo $order['id']; ?>" tabindex="-1" aria-labelledby="rateModalLabel-<?php echo $order['id']; ?>" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="rateModalLabel-<?php echo $order['id']; ?>">Rate <?php echo htmlspecialchars($order['restaurant_name']); ?></h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<form action="rate.php" method="POST">
<input type="hidden" name="order_id" value="<?php echo $order['id']; ?>">
<input type="hidden" name="restaurant_id" value="<?php echo $order['restaurant_id']; ?>">
<div class="mb-3">
<label for="rating-<?php echo $order['id']; ?>" class="form-label">Rating (1-5)</label>
<input type="number" class="form-control" id="rating-<?php echo $order['id']; ?>" name="rating" min="1" max="5" required>
</div>
<div class="mb-3">
<label for="comment-<?php echo $order['id']; ?>" class="form-label">Comment</label>
<textarea class="form-control" id="comment-<?php echo $order['id']; ?>" name="comment" rows="3"></textarea>
</div>
<button type="submit" class="btn btn-primary">Submit Rating</button>
</form>
</div>
</div>
</div>
</div>
<?php endforeach; ?>
</tbody>
</table>
<?php else: ?>
<p>You have no past orders.</p>
<?php endif; ?>
</div>
<?php include 'footer.php'; ?>

73
rate.php
View File

@ -1,37 +1,48 @@
<?php
session_start();
require_once 'db/config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$restaurant_id = $_POST['restaurant_id'] ?? null;
$new_rating = $_POST['rating'] ?? null;
if ($restaurant_id && $new_rating) {
try {
$pdo = db();
// Get current rating and count
$stmt = $pdo->prepare("SELECT rating, rating_count FROM restaurants WHERE id = ?");
$stmt->execute([$restaurant_id]);
$restaurant = $stmt->fetch(PDO::FETCH_ASSOC);
if ($restaurant) {
$current_total_rating = $restaurant['rating'] * $restaurant['rating_count'];
$new_total_rating = $current_total_rating + $new_rating;
$new_rating_count = $restaurant['rating_count'] + 1;
$new_average_rating = $new_total_rating / $new_rating_count;
// Update restaurant with new rating
$update_stmt = $pdo->prepare("UPDATE restaurants SET rating = ?, rating_count = ? WHERE id = ?");
$update_stmt->execute([$new_average_rating, $new_rating_count, $restaurant_id]);
}
} catch (PDOException $e) {
// Log error, but don't show to user
error_log("Rating update failed: " . $e->getMessage());
}
}
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit();
}
// Redirect back to the menu page
header('Location: menu.php?id=' . $restaurant_id);
exit;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$user_id = $_SESSION['user_id'];
$order_id = $_POST['order_id'];
$restaurant_id = $_POST['restaurant_id'];
$rating = $_POST['rating'];
$comment = $_POST['comment'];
// Validation
if (empty($order_id) || empty($restaurant_id) || empty($rating) || $rating < 1 || $rating > 5) {
// Handle error - redirect back to profile with an error message
$_SESSION['rating_error'] = "Invalid data provided.";
header("Location: profile.php");
exit();
}
// Check if the user has already rated this order
$stmt = $db()->prepare("SELECT id FROM ratings WHERE user_id = ? AND order_id = ?");
$stmt->execute([$user_id, $order_id]);
if ($stmt->fetch()) {
$_SESSION['rating_error'] = "You have already rated this order.";
header("Location: profile.php");
exit();
}
// Insert the rating
$stmt = $db()->prepare("INSERT INTO ratings (user_id, order_id, restaurant_id, rating, comment) VALUES (?, ?, ?, ?, ?)");
if ($stmt->execute([$user_id, $order_id, $restaurant_id, $rating, $comment])) {
$_SESSION['rating_success'] = "Thank you for your feedback!";
} else {
$_SESSION['rating_error'] = "Something went wrong. Please try again.";
}
header("Location: profile.php");
exit();
} else {
header("Location: profile.php");
exit();
}
?>