admin/34968-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34968-vm/driver/update_order_status.php
Flatlogic Bot 83696c725a V23
2025-10-16 20:04:54 +00:00

83 lines
2.9 KiB
PHP
Raw Blame History

<?php
session_start();
require_once __DIR__ . '/../db/config.php';
// Ensure driver is logged in
if (!isset($_SESSION['driver_id'])) {
header('Location: login.php');
exit;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$order_id = $_POST['order_id'];
$status = $_POST['status'];
$driver_id = $_SESSION['driver_id'];
$allowed_statuses = ['out for delivery', 'picked up', 'delivered'];
if (empty($order_id) || empty($status) || !in_array($status, $allowed_statuses)) {
header('Location: index.php?error=Invalid input.');
exit;
}
try {
$pdo = db();
// Security Check: Verify the order is assigned to this driver
$check_stmt = $pdo->prepare(
'SELECT o.id FROM orders o ' .
'JOIN driver_assignments da ON o.id = da.order_id ' .
'WHERE o.id = ? AND da.driver_id = ?'
);
$check_stmt->execute([$order_id, $driver_id]);
$assignment = $check_stmt->fetch();
if (!$assignment) {
header('Location: index.php?error=You are not authorized to update this order.');
exit;
}
// Update the order status
$update_stmt = $pdo->prepare('UPDATE orders SET status = ? WHERE id = ?');
if ($update_stmt->execute([$status, $order_id])) {
// Notify customer by email
require_once __DIR__ . '/../mail/MailService.php';
$user_stmt = $pdo->prepare('SELECT u.email, u.name FROM users u JOIN orders o ON u.id = o.user_id WHERE o.id = ?');
$user_stmt->execute([$order_id]);
$customer = $user_stmt->fetch();
if ($customer) {
$subject = '';
$body = '';
if ($status === 'picked up') {
$subject = 'Your order is on its way!';
$body = 'Hi ' . $customer['name'] . ',<br><br>Good news! Your order #' . $order_id . ' has been picked up by your driver and is on its way to you.<br><br>Thanks for using Majuro Eats!';
} elseif ($status === 'delivered') {
$subject = 'Your order has been delivered!';
$body = 'Hi ' . $customer['name'] . ',<br><br>Your order #' . $order_id . ' has been delivered. We hope you enjoy your meal!<br><br>Thanks for using Majuro Eats!';
}
if ($subject && $body) {
MailService::sendMail($customer['email'], $subject, $body, $body);
}
}
header('Location: index.php?success=Order status updated successfully.');
exit;
}
} else {
header('Location: index.php?error=Failed to update order status.');
exit;
}
} catch (PDOException $e) {
header('Location: index.php?error=A database error occurred.');
exit;
}
} else {
header('Location: index.php');
exit;
}
?>
Reference in New Issue View Git Blame Copy Permalink