108 lines
4.2 KiB
PHP
108 lines
4.2 KiB
PHP
<?php
|
|
require_once 'header.php';
|
|
require_once 'db/config.php';
|
|
|
|
// Check if user is logged in and is an admin
|
|
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
|
|
header("Location: profile.php");
|
|
exit;
|
|
}
|
|
|
|
$pdo = db();
|
|
|
|
$product = [
|
|
'id' => null,
|
|
'name' => '',
|
|
'description' => '',
|
|
'price' => '',
|
|
'image' => ''
|
|
];
|
|
$errors = [];
|
|
$page_title = 'Add New Product';
|
|
|
|
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
|
|
$page_title = 'Edit Product';
|
|
$product_id = $_GET['id'];
|
|
$stmt = $pdo->prepare("SELECT * FROM products WHERE id = ?");
|
|
$stmt->execute([$product_id]);
|
|
$product = $stmt->fetch();
|
|
if (!$product) {
|
|
header("Location: admin_products.php");
|
|
exit;
|
|
}
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$product['name'] = $_POST['name'];
|
|
$product['description'] = $_POST['description'];
|
|
$product['price'] = $_POST['price'];
|
|
$product['image'] = $_POST['image'];
|
|
|
|
if (empty($product['name'])) {
|
|
$errors[] = 'Name is required';
|
|
}
|
|
if (empty($product['price']) || !is_numeric($product['price'])) {
|
|
$errors[] = 'Price must be a number';
|
|
}
|
|
|
|
if (empty($errors)) {
|
|
if ($product['id']) {
|
|
// Update
|
|
$stmt = $pdo->prepare("UPDATE products SET name = ?, description = ?, price = ?, image = ? WHERE id = ?");
|
|
$stmt->execute([$product['name'], $product['description'], $product['price'], $product['image'], $product['id']]);
|
|
} else {
|
|
// Insert
|
|
$stmt = $pdo->prepare("INSERT INTO products (name, description, price, image) VALUES (?, ?, ?, ?)");
|
|
$stmt->execute([$product['name'], $product['description'], $product['price'], $product['image']]);
|
|
}
|
|
header("Location: admin_products.php");
|
|
exit;
|
|
}
|
|
}
|
|
?>
|
|
|
|
<header class="hero text-center">
|
|
<div class="container">
|
|
<h1 class="display-4"><?php echo $page_title; ?></h1>
|
|
</div>
|
|
</header>
|
|
|
|
<main class="container my-5">
|
|
<div class="row justify-content-center">
|
|
<div class="col-lg-8">
|
|
<div class="card">
|
|
<div class="card-body p-5">
|
|
<?php if (!empty($errors)): ?>
|
|
<div class="alert alert-danger">
|
|
<?php foreach ($errors as $error): ?>
|
|
<p><?php echo $error; ?></p>
|
|
<?php endforeach; ?>
|
|
</div>
|
|
<?php endif; ?>
|
|
<form action="admin_product_edit.php<?php echo $product['id'] ? '?id=' . $product['id'] : ''; ?>" method="POST">
|
|
<div class="mb-3">
|
|
<label for="name" class="form-label">Name</label>
|
|
<input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($product['name']); ?>" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="description" class="form-label">Description</label>
|
|
<textarea class="form-control" id="description" name="description" rows="5"><?php echo htmlspecialchars($product['description']); ?></textarea>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="price" class="form-label">Price</label>
|
|
<input type="number" step="0.01" class="form-control" id="price" name="price" value="<?php echo htmlspecialchars($product['price']); ?>" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="image" class="form-label">Image URL</label>
|
|
<input type="text" class="form-control" id="image" name="image" value="<?php echo htmlspecialchars($product['image']); ?>">
|
|
</div>
|
|
<button type="submit" class="btn btn-primary">Save Product</button>
|
|
<a href="admin_products.php" class="btn btn-secondary">Cancel</a>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</main>
|
|
|
|
<?php require_once 'footer.php'; ?>
|