admin/36675-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36675-vm/create_order.php
Flatlogic Bot 496d2ec7e5 1.0
2025-12-05 06:45:47 +00:00

120 lines
4.8 KiB
PHP
Raw Blame History

<?php
session_start();
require_once __DIR__ . '/db/config.php';
require_once __DIR__ . '/partials/header.php';
// Check if user is logged in and is a Sales Rep
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'Sales Rep') {
header('Location: login.php');
exit();
}
$errors = [];
$success_message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// CSRF protection
if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) {
die('CSRF token validation failed.');
}
$order_text = trim($_POST['order_text'] ?? '');
$sales_rep_id = $_SESSION['user_id'];
$order_date = date('Y-m-d'); // Auto-set and locked
if (empty($order_text)) {
$errors[] = 'Order Text cannot be empty.';
}
if (empty($errors)) {
try {
$pdo = db();
$pdo->beginTransaction();
// Generate order number (simple placeholder for now, will enhance later)
// For now, let's just use a timestamp based simple one, we will improve later.
$order_number = 'FMO' . date('YmdHis');
$stmt = $pdo->prepare('INSERT INTO orders (order_number, order_date, order_text, status, sales_rep_id) VALUES (?, ?, ?, ?, ?)');
$stmt->execute([$order_number, $order_date, $order_text, 'Pending', $sales_rep_id]);
$pdo->commit();
$success_message = 'Order ' . $order_number . ' created successfully!';
// Clear the form
$order_text = '';
// Send email notification to Dispatch
require_once __DIR__ . '/mail/MailService.php';
$dispatch_email = 'info@focuzinternational.com'; // TODO: Make this configurable by Admin
$subject = 'New Order: ' . $order_number . ' (' . 'Pending' . ')';
$html_body = '<p>A new order has been created:</p>'
. '<p><strong>Order Number:</strong> ' . htmlspecialchars($order_number) . '</p>'
. '<p><strong>Order Date:</strong> ' . htmlspecialchars($order_date) . '</p>'
. '<p><strong>Order Text:</strong> ' . nl2br(htmlspecialchars($order_text)) . '</p>'
. '<p><strong>Status:</strong> Pending</p>';
$text_body = "A new order has been created:\n\n"
. "Order Number: {$order_number}\n"
. "Order Date: {$order_date}\n"
. "Order Text: {$order_text}\n"
. "Status: Pending";
$mail_result = MailService::sendMail($dispatch_email, $subject, $html_body, $text_body);
if (!empty($mail_result['error'])) {
// Log the email error, but don't fail the order creation
error_log('Email sending failed: ' . $mail_result['error']);
}
} catch (PDOException $e) {
$pdo->rollBack();
$errors[] = 'Database error: ' . $e->getMessage();
}
}
}
// Generate new CSRF token for the form
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
?>
<div class="container mt-5">
<h2>Create New Order</h2>
<?php if (!empty($errors)): ?>
<div class="alert alert-danger" role="alert">
<?php foreach ($errors as $error): ?>
<p><?php echo htmlspecialchars($error); ?></p>
<?php endforeach; ?>
</div>
<?php endif; ?>
<?php if (!empty($success_message)): ?>
<div class="alert alert-success" role="alert">
<?php echo htmlspecialchars($success_message); ?>
</div>
<?php endif; ?>
<form method="POST" action="create_order.php">
<input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($_SESSION['csrf_token']); ?>">
<div class="mb-3">
<label for="order_date" class="form-label">Order Date</label>
<input type="text" class="form-control" id="order_date" value="<?php echo date('Y-m-d'); ?>" readonly>
</div>
<div class="mb-3">
<label for="order_number" class="form-label">Order Number (Generated Automatically)</label>
<input type="text" class="form-control" id="order_number" value="Will be generated on save" readonly>
</div>
<div class="mb-3">
<label for="order_text" class="form-label">Order Text</label>
<textarea class="form-control" id="order_text" name="order_text" rows="5" required><?php echo htmlspecialchars($order_text); ?></textarea>
</div>
<div class="mb-3">
<label for="status" class="form-label">Status</label>
<input type="text" class="form-control" id="status" value="Pending" readonly>
</div>
<button type="submit" class="btn btn-primary">Create Order</button>
</form>
</div>
<?php require_once __DIR__ . '/partials/footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink