admin/36782-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handlowiec, poprawiony Dostawca

Browse Source
This commit is contained in:
Flatlogic Bot 2025-12-29 08:07:30 +00:00
parent fc35395c51
commit 9be2881d54
15 changed files with 1927 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
admin/clients.php
View File

@ -1,7 +1,7 @@
<?php
require_once __DIR__ . '/../includes/init.php';
require_once __DIR__ . '/../includes/auth.php';
require_role('admin');
require_role(['admin', 'handlowiec', 'supplier']);
$clients = [];
$error_message = '';
@ -9,7 +9,23 @@ $pdo = null;
try {
$pdo = db();
$stmt_clients = $pdo->query('SELECT * FROM clients ORDER BY name ASC');
$role = get_user_role();
if ($role === 'supplier') {
$supplier_id = $_SESSION['user_id'];
$stmt_clients = $pdo->prepare('
SELECT DISTINCT c.*
FROM clients c
JOIN orders o ON c.id = o.client_id
JOIN order_items oi ON o.id = oi.order_id
JOIN products p ON oi.product_id = p.id
WHERE p.supplier_id = :supplier_id
ORDER BY c.name ASC
');
$stmt_clients->execute(['supplier_id' => $supplier_id]);
} else {
$stmt_clients = $pdo->query('SELECT * FROM clients ORDER BY name ASC');
}
$clients = $stmt_clients->fetchAll();
} catch (PDOException $e) {
error_log('DB Error in admin/clients.php: ' . $e->getMessage());
@ -25,9 +41,11 @@ $page_title = 'Klienci';
<main class="container my-5">
<div class="d-flex justify-content-between align-items-center mb-4">
<h1 class="h2"><?php echo $page_title; ?></h1>
<?php if (get_user_role() !== 'supplier'): ?>
<a href="edit_client.php" class="btn btn-primary">
<i class="bi bi-plus-lg"></i> Dodaj klienta
</a>
<?php endif; ?>
</div>
<div class="card">
@ -82,9 +100,11 @@ $page_title = 'Klienci';
<a href="edit_client.php?id=<?php echo $client['id']; ?>" class="btn btn-sm btn-secondary">
<i class="bi bi-pencil-fill"></i> Edytuj
</a>
<?php if (get_user_role() !== 'supplier'): ?>
<a href="client_prices.php?client_id=<?php echo $client['id']; ?>" class="btn btn-sm btn-info">
<i class="bi bi-tag-fill"></i> Cennik
</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>

140
admin/edit_client.php
View File

@ -1,6 +1,6 @@
<?php
require_once __DIR__ . '/../includes/init.php';
require_role('admin');
require_role(['admin', 'handlowiec', 'supplier']);
$db = db();
@ -30,8 +30,46 @@ if ($clientId) {
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Handle payment cancellation
if (isset($_POST['cancel_payment'])) {
// Separate logic for payback and cancellation, which have their own submit buttons
if (isset($_POST['payback_submit']) && isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin') {
$payback_amount = (float)($_POST['payback_amount'] ?? 0);
$used_credit_for_validation = $client['credit_limit'] - $client['credit_balance'];
if ($payback_amount <= 0) {
$errorMessage = 'Kwota spłaty musi być większa od zera.';
} elseif ($payback_amount > $used_credit_for_validation) {
$errorMessage = "Kwota spłaty nie może być wyższa niż wykorzystany kredyt (" . number_format($used_credit_for_validation, 2, ',', ' ') . " PLN).";
} else {
try {
$new_credit_balance = $client['credit_balance'] + $payback_amount;
$stmt = $db->prepare("UPDATE clients SET credit_balance = :credit_balance WHERE id = :id");
$stmt->execute(['credit_balance' => $new_credit_balance, 'id' => $clientId]);
// Log the transaction
$logStmt = $db->prepare("INSERT INTO client_credit_log (client_id, amount, transaction_type, notes) VALUES (:client_id, :amount, :transaction_type, :notes)");
$logStmt->execute([
'client_id' => $clientId,
'amount' => $payback_amount,
'transaction_type' => 'payment',
'notes' => 'Credit payback'
]);
$successMessage = 'Spłata kredytu została pomyślnie przetworzona.';
// Re-fetch data to display updated values
$stmt = $db->prepare("SELECT * FROM clients WHERE id = :id");
$stmt->execute(['id' => $clientId]);
$client = $stmt->fetch(PDO::FETCH_ASSOC);
$available_credit = $client['credit_balance'];
$used_credit = $client['credit_limit'] - $client['credit_balance'];
} catch (PDOException $e) {
$errorMessage = 'Wystąpił błąd podczas przetwarzania spłaty kredytu.';
// error_log($e->getMessage()); // Uncomment for debugging
}
}
} elseif (isset($_POST['cancel_payment']) && isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin') {
$log_id = $_POST['log_id'] ?? null;
if ($log_id) {
$db->beginTransaction();
@ -71,73 +109,53 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// error_log($e->getMessage()); // For debugging
}
}
} elseif (isset($_POST['payback_submit'])) {
$payback_amount = (float)($_POST['payback_amount'] ?? 0);
$used_credit_for_validation = $client['credit_limit'] - $client['credit_balance'];
if ($payback_amount <= 0) {
$errorMessage = 'Kwota spłaty musi być większa od zera.';
} elseif ($payback_amount > $used_credit_for_validation) {
$errorMessage = "Kwota spłaty nie może być wyższa niż wykorzystany kredyt (" . number_format($used_credit_for_validation, 2, ',', ' ') . " PLN).";
} else {
try {
$new_credit_balance = $client['credit_balance'] + $payback_amount;
$stmt = $db->prepare("UPDATE clients SET credit_balance = :credit_balance WHERE id = :id");
$stmt->execute(['credit_balance' => $new_credit_balance, 'id' => $clientId]);
// Log the transaction
$logStmt = $db->prepare("INSERT INTO client_credit_log (client_id, amount, transaction_type, notes) VALUES (:client_id, :amount, :transaction_type, :notes)");
$logStmt->execute([
'client_id' => $clientId,
'amount' => $payback_amount,
'transaction_type' => 'payment',
'notes' => 'Credit payback'
]);
$successMessage = 'Spłata kredytu została pomyślnie przetworzona.';
// Re-fetch data to display updated values
$stmt = $db->prepare("SELECT * FROM clients WHERE id = :id");
$stmt->execute(['id' => $clientId]);
$client = $stmt->fetch(PDO::FETCH_ASSOC);
$available_credit = $client['credit_balance'];
$used_credit = $client['credit_limit'] - $client['credit_balance'];
} catch (PDOException $e) {
$errorMessage = 'Wystąpił błąd podczas przetwarzania spłaty kredytu.';
// error_log($e->getMessage()); // Uncomment for debugging
}
}
} else {
// Main form submission for creating/updating the client
$name = $_POST['name'] ?? '';
$tax_id = $_POST['tax_id'] ?? '';
$address = $_POST['address'] ?? '';
$city = $_POST['city'] ?? '';
$zip_code = $_POST['zip_code'] ?? '';
$credit_limit = $_POST['credit_limit'] ?? 0;
if (empty($name)) {
$errorMessage = 'Nazwa klienta jest wymagana.';
} else {
try {
if ($isNewClient) {
$stmt = $db->prepare("INSERT INTO clients (name, nip, street, city, postal_code, credit_limit) VALUES (:name, :tax_id, :address, :city, :zip_code, :credit_limit)");
$credit_limit = (isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin') ? ($_POST['credit_limit'] ?? 0) : 0;
$stmt = $db->prepare("INSERT INTO clients (name, nip, street, city, postal_code, credit_limit, credit_balance) VALUES (:name, :tax_id, :address, :city, :zip_code, :credit_limit, :credit_limit)");
$params = [
'name' => $name,
'tax_id' => $tax_id,
'address' => $address,
'city' => $city,
'zip_code' => $zip_code,
'credit_limit' => $credit_limit
];
} else {
$stmt = $db->prepare("UPDATE clients SET name = :name, nip = :tax_id, street = :address, city = :city, postal_code = :zip_code, credit_limit = :credit_limit WHERE id = :id");
}
$params = [
'name' => $name,
'tax_id' => $tax_id,
'address' => $address,
'city' => $city,
'zip_code' => $zip_code,
'credit_limit' => $credit_limit
];
if (!$isNewClient) {
$params['id'] = $clientId;
if (isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin') {
$credit_limit = $_POST['credit_limit'] ?? $client['credit_limit'];
$stmt = $db->prepare("UPDATE clients SET name = :name, nip = :tax_id, street = :address, city = :city, postal_code = :zip_code, credit_limit = :credit_limit WHERE id = :id");
$params = [
'name' => $name,
'tax_id' => $tax_id,
'address' => $address,
'city' => $city,
'zip_code' => $zip_code,
'credit_limit' => $credit_limit,
'id' => $clientId
];
} else {
$stmt = $db->prepare("UPDATE clients SET name = :name, nip = :tax_id, street = :address, city = :city, postal_code = :zip_code WHERE id = :id");
$params = [
'name' => $name,
'tax_id' => $tax_id,
'address' => $address,
'city' => $city,
'zip_code' => $zip_code,
'id' => $clientId
];
}
}
$stmt->execute($params);
@ -152,9 +170,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt = $db->prepare("SELECT * FROM clients WHERE id = :id");
$stmt->execute(['id' => $clientId]);
$client = $stmt->fetch(PDO::FETCH_ASSOC);
$available_credit = $client['credit_balance'];
$used_credit = $client['credit_limit'] - $client['credit_balance'];
} catch (PDOException $e) {
$errorMessage = 'Wystąpił błąd podczas zapisywania danych klienta.';
$errorMessage = 'Wystąpił błąd podczas zapisywania danych klienta: ';// . $e->getMessage();
// error_log($e->getMessage()); // Uncomment for debugging
}
}
@ -198,6 +218,7 @@ $page_title = $pageTitle;
<label for="city" class="form-label">Miasto</label>
<input type="text" class="form-control" id="city" name="city" value="<?php echo htmlspecialchars($client['city'] ?? ''); ?>">
</div>
<?php if (isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin'): ?>
<div class="mb-3">
<label for="credit_limit" class="form-label">Limit kredytu kupieckiego</label>
<input type="number" step="0.01" class="form-control" id="credit_limit" name="credit_limit" value="<?php echo htmlspecialchars($client['credit_limit'] ?? '0'); ?>">
@ -214,10 +235,11 @@ $page_title = $pageTitle;
</p>
</div>
<?php endif; ?>
<?php endif; ?>
<button type="submit" class="btn btn-primary">Zapisz</button>
<a href="clients.php" class="btn btn-secondary">Anuluj</a>
</form>
<?php if ($clientId): ?>
<?php if ($clientId && isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin'): ?>
<hr>
<h5 class="mt-4">Spłata kredytu</h5>
<form method="post" class="mt-3">

94
admin/edit_kb_document.php
View File

@ -3,6 +3,15 @@ require_once __DIR__ . '/../includes/init.php';
require_admin();
$id = $_GET['id'] ?? null;
$document = null;
if ($id) {
$stmt = db()->prepare("SELECT * FROM kb_documents WHERE id = ?");
$stmt->execute([$id]);
$document = $stmt->fetch();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$id = $_GET['id'] ?? null;
$title = $_POST['title'];
@ -12,12 +21,48 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$language = $_POST['language'];
$is_active = isset($_POST['is_active']);
$file_path = $document['file_path'] ?? null;
// Handle file removal
if ($id && isset($_POST['remove_file']) && $_POST['remove_file'] == '1') {
if ($file_path && file_exists(__DIR__ . '/../uploads/kb_documents/' . $file_path)) {
unlink(__DIR__ . '/../uploads/kb_documents/' . $file_path);
}
$file_path = null;
}
// Handle new file upload
if (isset($_FILES['pdf_file']) && $_FILES['pdf_file']['error'] === UPLOAD_ERR_OK) {
$upload_dir = __DIR__ . '/../uploads/kb_documents/';
if (!is_dir($upload_dir)) {
mkdir($upload_dir, 0775, true);
}
$file_info = pathinfo($_FILES['pdf_file']['name']);
$extension = strtolower($file_info['extension']);
if ($extension === 'pdf') {
// Delete old file if a new one is uploaded
if ($file_path && file_exists($upload_dir . $file_path)) {
unlink($upload_dir . $file_path);
}
$safe_filename = preg_replace('/[^A-Za-z0-9_.-]/', '_', $file_info['filename']);
$new_file_name = uniqid() . '_' . $safe_filename . '.' . $extension;
$target_path = $upload_dir . $new_file_name;
if (move_uploaded_file($_FILES['pdf_file']['tmp_name'], $target_path)) {
$file_path = $new_file_name;
}
}
}
if ($id) {
$stmt = db()->prepare("UPDATE kb_documents SET title = ?, content = ?, tags = ?, product_id = ?, language = ?, is_active = ? WHERE id = ?");
$stmt->execute([$title, $content, $tags, $product_id, $language, $is_active, $id]);
$stmt = db()->prepare("UPDATE kb_documents SET title = ?, content = ?, tags = ?, product_id = ?, language = ?, is_active = ?, file_path = ? WHERE id = ?");
$stmt->execute([$title, $content, $tags, $product_id, $language, $is_active, $file_path, $id]);
} else {
$stmt = db()->prepare("INSERT INTO kb_documents (title, content, tags, product_id, language, is_active) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->execute([$title, $content, $tags, $product_id, $language, $is_active]);
$stmt = db()->prepare("INSERT INTO kb_documents (title, content, tags, product_id, language, is_active, file_path) VALUES (?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$title, $content, $tags, $product_id, $language, $is_active, $file_path]);
}
header('Location: kb_documents.php');
@ -33,7 +78,7 @@ if ($id) {
$document = $stmt->fetch();
}
$page_title = $id ? 'Edit Document' : 'Add Document';
$page_title = $id ? 'Edytuj Dokument' : 'Dodaj Dokument';
require_once __DIR__ . '/../includes/html_head.php';
?>
<body>
@ -43,27 +88,27 @@ require_once __DIR__ . '/../includes/html_head.php';
<div class="card">
<div class="card-body">
<form action="edit_kb_document.php<?= $id ? '?id=' . $id : '' ?>" method="POST">
<form action="edit_kb_document.php<?= $id ? '?id=' . $id : '' ?>" method="POST" enctype="multipart/form-data">
<div class="mb-3">
<label for="title" class="form-label">Title</label>
<label for="title" class="form-label">Tytuł</label>
<input type="text" class="form-control" id="title" name="title" value="<?= htmlspecialchars($document['title'] ?? '') ?>" required>
</div>
<div class="mb-3">
<label for="content" class="form-label">Content</label>
<label for="content" class="form-label">Treść</label>
<textarea class="form-control" id="content" name="content" rows="10" required><?= htmlspecialchars($document['content'] ?? '') ?></textarea>
</div>
<div class="row">
<div class="col-md-6">
<div class="mb-3">
<label for="tags" class="form-label">Tags (comma-separated)</label>
<label for="tags" class="form-label">Tagi (oddzielone przecinkami)</label>
<input type="text" class="form-control" id="tags" name="tags" value="<?= htmlspecialchars($document['tags'] ?? '') ?>">
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="product_id" class="form-label">Product</label>
<label for="product_id" class="form-label">Produkt</label>
<select class="form-control" id="product_id" name="product_id">
<option value="">None</option>
<option value="">Brak</option>
<?php
$stmt = db()->query("SELECT id, name FROM products ORDER BY name");
while ($product = $stmt->fetch()) {
@ -78,23 +123,38 @@ require_once __DIR__ . '/../includes/html_head.php';
<div class="row">
<div class="col-md-6">
<div class="mb-3">
<label for="language" class="form-label">Language</label>
<label for="language" class="form-label">Język</label>
<select class="form-control" id="language" name="language">
<option value="en" <?= ($document['language'] ?? 'en') == 'en' ? 'selected' : '' ?>>English</option>
<option value="pl" <?= ($document['language'] ?? '') == 'pl' ? 'selected' : '' ?>>Polish</option>
<option value="en" <?= ($document['language'] ?? 'en') == 'en' ? 'selected' : '' ?>>Angielski</option>
<option value="pl" <?= ($document['language'] ?? '') == 'pl' ? 'selected' : '' ?>>Polski</option>
</select>
</div>
</div>
<div class="col-md-6">
<div class="mb-3">
<label for="pdf_file" class="form-label">Plik PDF</label>
<input type="file" class="form-control" id="pdf_file" name="pdf_file" accept=".pdf">
<?php if (!empty($document['file_path'])): ?>
<div class="mt-2">
Obecny plik: <a href="/uploads/kb_documents/<?= htmlspecialchars($document['file_path']) ?>" target="_blank"><?= htmlspecialchars($document['file_path']) ?></a>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="remove_file" id="remove_file" value="1">
<label class="form-check-label" for="remove_file">Usuń obecny plik</label>
</div>
</div>
<?php endif; ?>
</div>
</div>
<div class="col-md-6">
<div class="mb-3 form-check form-switch">
<input class="form-check-input" type="checkbox" id="is_active" name="is_active" value="1" <?= ($document['is_active'] ?? true) ? 'checked' : '' ?> >
<label class="form-check-label" for="is_active">Active</label>
<label class="form-check-label" for="is_active">Aktywny</label>
</div>
</div>
</div>
<button type="submit" class="btn btn-primary"><i class="fa-solid fa-save"></i> Save</button>
<a href="kb_documents.php" class="btn btn-secondary">Cancel</a>
<button type="submit" class="btn btn-primary"><i class="fa-solid fa-save"></i> Zapisz</button>
<a href="kb_documents.php" class="btn btn-secondary">Anuluj</a>
</form>
</div>
</div>

4
admin/edit_product.php
View File

@ -66,7 +66,7 @@ $product = [
$errors = [];
// Fetch suppliers
$stmt = $pdo->prepare("SELECT id, email FROM users WHERE role = 'supplier' AND is_active = 1 ORDER BY email");
$stmt = $pdo->prepare("SELECT u.id, COALESCE(c.name, u.email) as name FROM users u LEFT JOIN clients c ON u.client_id = c.id WHERE u.role = 'supplier' AND u.is_active = 1 ORDER BY name");
$stmt->execute();
$suppliers = $stmt->fetchAll(PDO::FETCH_ASSOC);
@ -369,7 +369,7 @@ $page_title = $product['id'] ? 'Edytuj produkt' : 'Dodaj produkt';
<option value="">-- Wybierz dostawcę --</option>
<?php foreach ($suppliers as $supplier): ?>
<option value="<?php echo htmlspecialchars($supplier['id']); ?>" <?php echo (isset($product['supplier_id']) && $product['supplier_id'] == $supplier['id']) ? 'selected' : ''; ?>>
<?php echo htmlspecialchars($supplier['email']); ?>
<?php echo htmlspecialchars($supplier['name']); ?>
</option>
<?php endforeach; ?>
</select>

22
admin/edit_user.php
View File

@ -35,7 +35,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$password = $_POST['password'] ?? '';
$role = $_POST['role'] ?? 'client';
$is_active = isset($_POST['is_active']) ? 1 : 0;
$client_id = ($role === 'client') ? ($_POST['client_id'] ?? null) : null;
$client_id = (in_array($role, ['client', 'supplier'])) ? ($_POST['client_id'] ?? null) : null;
if (empty($email)) {
$errors[] = 'Email jest wymagany.';
@ -60,8 +60,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
if ($role === 'client' && empty($client_id)) {
$errors[] = 'Firma klienta jest wymagana dla użytkownika typu klient.';
if (in_array($role, ['client', 'supplier']) && empty($client_id)) {
$errors[] = 'Firma klienta jest wymagana dla użytkownika typu Klient lub Dostawca.';
}
if (empty($errors)) {
@ -135,13 +135,12 @@ $page_title = $pageTitle;
<label for="role" class="form-label">Rola</label>
<select class="form-select" id="role" name="role" onchange="toggleClientDropdown()">
<option value="admin" <?php if($user['role'] === 'admin') echo 'selected'; ?>>Administrator</option>
<option value="handlowiec" <?php if($user['role'] === 'handlowiec') echo 'selected'; ?>>Handlowiec</option>
<option value="client" <?php if($user['role'] === 'client') echo 'selected'; ?>>Klient</option>
<option value="supplier" <?php if($user['role'] === 'supplier') echo 'selected'; ?>>Dostawca</option>
<option value="finance" <?php if($user['role'] === 'finance') echo 'selected'; ?>>Finanse</option>
<option value="support" <?php if($user['role'] === 'support') echo 'selected'; ?>>Wsparcie</choice>
</select>
</div>
<div id="client-dropdown" class="mb-3" style="display: <?php echo ($user['role'] === 'client') ? 'block' : 'none'; ?>;">
<div id="client-dropdown" class="mb-3" style="display: <?php echo (in_array($user['role'], ['client', 'supplier'])) ? 'block' : 'none'; ?>;">
<label for="client_id" class="form-label">Powiązana firma</label>
<select class="form-select" id="client_id" name="client_id">
<option value="">Wybierz firmę</option>
@ -158,6 +157,17 @@ $page_title = $pageTitle;
<button type="submit" class="btn btn-primary">Zapisz</button>
<a href="users.php" class="btn btn-secondary">Anuluj</a>
</form>
<script>
function toggleClientDropdown() {
var role = document.getElementById('role').value;
var clientDropdown = document.getElementById('client-dropdown');
if (role === 'client' || role === 'supplier') {
clientDropdown.style.display = 'block';
} else {
clientDropdown.style.display = 'none';
}
}
</script>
</div>
</div>
</main>

28
admin/kb_documents.php
View File

@ -14,7 +14,7 @@ $stmt = db()->prepare("SELECT * FROM kb_documents ORDER BY created_at DESC");
$stmt->execute();
$documents = $stmt->fetchAll();
$page_title = 'Knowledge Base';
$page_title = 'Baza Wiedzy';
?>
<?php require_once __DIR__ . '/../includes/html_head.php'; ?>
<body>
@ -23,9 +23,9 @@ $page_title = 'Knowledge Base';
<main class="container my-5">
<div class="d-flex justify-content-between align-items-center mb-4">
<h1 class="h2">Knowledge Base</h1>
<h1 class="h2">Baza Wiedzy</h1>
<a href="edit_kb_document.php" class="btn btn-primary">
<i class="bi bi-plus-lg"></i> Add New
<i class="bi bi-plus-lg"></i> Dodaj nowy
</a>
</div>
@ -34,17 +34,17 @@ $page_title = 'Knowledge Base';
<table class="table table-striped table-hover">
<thead class="table-light">
<tr>
<th>Title</th>
<th>Language</th>
<th>Active</th>
<th>Created At</th>
<th>Actions</th>
<th>Tytuł</th>
<th>Język</th>
<th>Aktywny</th>
<th>Utworzono</th>
<th>Akcje</th>
</tr>
</thead>
<tbody>
<?php if (empty($documents)): ?>
<tr>
<td colspan="5" class="text-center">No documents found.</td>
<td colspan="5" class="text-center">Nie znaleziono dokumentów.</td>
</tr>
<?php else: ?>
<?php foreach ($documents as $doc) : ?>
@ -53,19 +53,19 @@ $page_title = 'Knowledge Base';
<td><?= htmlspecialchars($doc['language']) ?></td>
<td>
<?php if ($doc['is_active']): ?>
<span class="badge bg-success">Yes</span>
<span class="badge bg-success">Tak</span>
<?php else: ?>
<span class="badge bg-danger">No</span>
<span class="badge bg-danger">Nie</span>
<?php endif; ?>
</td>
<td><?= htmlspecialchars($doc['created_at']) ?></td>
<td>
<a href="edit_kb_document.php?id=<?= $doc['id'] ?>" class="btn btn-sm btn-secondary">
<i class="bi bi-pencil-fill"></i> Edit
<i class="bi bi-pencil-fill"></i> Edytuj
</a>
<form action="kb_documents.php" method="POST" class="d-inline" onsubmit="return confirm('Are you sure you want to delete this document?');">
<form action="kb_documents.php" method="POST" class="d-inline" onsubmit="return confirm('Czy na pewno chcesz usunąć ten dokument?');">
<input type="hidden" name="delete_id" value="<?= $doc['id'] ?>">
<button type="submit" class="btn btn-sm btn-danger"><i class="bi bi-trash-fill"></i> Delete</button>
<button type="submit" class="btn btn-sm btn-danger"><i class="bi bi-trash-fill"></i> Usuń</button>
</form>
</td>
</tr>

52
admin/menu.php
View File

@ -7,30 +7,34 @@
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav">
<li class="nav-item">
<a class="nav-link" href="orders.php">Zamówienia</a>
</li>
<li class="nav-item">
<a class="nav-link" href="products.php">Produkty</a>
</li>
<li class="nav-item">
<a class="nav-link" href="clients.php">Klienci</a>
</li>
<li class="nav-item">
<a class="nav-link" href="users.php">Użytkownicy</a>
</li>
<li class="nav-item">
<a class="nav-link" href="client_prices.php">Ceny klientów</a>
</li>
<li class="nav-item">
<a class="nav-link" href="attribute_keys.php">Atrybuty</a>
</li>
<li class="nav-item">
<a class="nav-link" href="settings.php">Ustawienia</a>
</li>
<li class="nav-item">
<a class="nav-link" href="kb_documents.php">Baza wiedzy</a>
</li>
<?php if (isset($_SESSION['user_role'])): ?>
<li class="nav-item">
<a class="nav-link" href="orders.php">Zamówienia</a>
</li>
<li class="nav-item">
<a class="nav-link" href="clients.php">Klienci</a>
</li>
<?php if ($_SESSION['user_role'] === 'admin'): ?>
<li class="nav-item">
<a class="nav-link" href="products.php">Produkty</a>
</li>
<li class="nav-item">
<a class="nav-link" href="users.php">Użytkownicy</a>
</li>
<li class="nav-item">
<a class="nav-link" href="client_prices.php">Ceny klientów</a>
</li>
<li class="nav-item">
<a class="nav-link" href="attribute_keys.php">Atrybuty</a>
</li>
<li class="nav-item">
<a class="nav-link" href="settings.php">Ustawienia</a>
</li>
<li class="nav-item">
<a class="nav-link" href="kb_documents.php">Baza wiedzy</a>
</li>
<?php endif; ?>
<?php endif; ?>
</ul>
<ul class="navbar-nav ms-auto">
<li class="nav-item">

16
admin/order_details.php
View File

@ -1,6 +1,6 @@
<?php
require_once __DIR__ . '/../includes/init.php';
require_role('admin');
require_role(['admin', 'handlowiec', 'supplier']);
$pdo = db();
$order_id = $_GET['id'] ?? null;
@ -29,7 +29,7 @@ if (!$order_id) {
die('Nie podano ID zamówienia');
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['status'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['status']) && get_user_role() !== 'supplier') {
$new_status = $_POST['status'];
$stmt = $pdo->prepare("SELECT status FROM orders WHERE id = ?");
@ -183,6 +183,7 @@ $page_title = 'Szczegóły zamówienia #' . htmlspecialchars($order['id']);
<?php endif; ?>
</div>
</div>
<?php if (get_user_role() !== 'supplier') : ?>
<div class="card">
<div class="card-header">Status zamówienia</div>
<div class="card-body">
@ -204,6 +205,17 @@ $page_title = 'Szczegóły zamówienia #' . htmlspecialchars($order['id']);
</div>
</div>
</div>
<?php else: ?>
<div class="card">
<div class="card-header">Status zamówienia</div>
<div class="card-body">
<div class="mt-2">
<strong>Aktualny status:</strong>
<span class="badge bg-info fs-6"><?php echo htmlspecialchars(get_status_translation_local($order['status'], $i18n)); ?></span>
</div>
</div>
</div>
<?php endif; ?>
</div>
</div>
</main>

123
admin/orders.php
View File

@ -1,6 +1,6 @@
<?php
require_once __DIR__ . '/../includes/init.php';
require_role('admin');
require_role(['admin', 'handlowiec', 'supplier']);
function t_filter_status($status) {
if ($status === 'new_today') return 'Nowe (dziś)';
@ -8,7 +8,8 @@ function t_filter_status($status) {
return t_status($status);
}
$pdotry = null;
$pdo = db();
$role = get_user_role();
$error = null;
$orders = [];
$stats = [
@ -21,65 +22,105 @@ $stats = [
$filter_status = $_GET['status'] ?? null;
try {
$pdo = db();
// Fetch orders with customer information based on filter
$sql = "
SELECT
o.id,
c.name as client_company_name,
o.created_at,
o.status,
o.total_amount,
o.delivery_source
FROM orders o
LEFT JOIN clients c ON o.client_id = c.id
";
$params = [];
$where_clauses = [];
$today_start = date('Y-m-d 00:00:00');
$week_start = date('Y-m-d 00:00:00', strtotime('-7 days'));
if ($role === 'supplier') {
$supplier_id = $_SESSION['user_id'];
$sql = "
SELECT DISTINCT
o.id,
c.name as client_company_name,
o.created_at,
o.status,
o.total_amount,
o.delivery_source
FROM orders o
LEFT JOIN clients c ON o.client_id = c.id
JOIN order_items oi ON o.id = oi.order_id
JOIN products p ON oi.product_id = p.id
";
$where_clauses[] = "p.supplier_id = :supplier_id";
$params[':supplier_id'] = $supplier_id;
// Stats for supplier
$stats_base_sql = "SELECT COUNT(DISTINCT o.id) FROM orders o JOIN order_items oi ON o.id = oi.order_id JOIN products p ON oi.product_id = p.id WHERE p.supplier_id = ?";
$new_today_stmt = $pdo->prepare($stats_base_sql . " AND o.created_at >= ?");
$new_today_stmt->execute([$supplier_id, $today_start]);
$stats['new_today'] = $new_today_stmt->fetchColumn();
$new_week_stmt = $pdo->prepare($stats_base_sql . " AND o.created_at >= ?");
$new_week_stmt->execute([$supplier_id, $week_start]);
$stats['new_week'] = $new_week_stmt->fetchColumn();
$awaiting_payment_stmt = $pdo->prepare($stats_base_sql . " AND o.status = 'pending_payment'");
$awaiting_payment_stmt->execute([$supplier_id]);
$stats['awaiting_payment'] = $awaiting_payment_stmt->fetchColumn();
$in_progress_stmt = $pdo->prepare($stats_base_sql . " AND o.status = 'in_progress'");
$in_progress_stmt->execute([$supplier_id]);
$stats['in_progress'] = $in_progress_stmt->fetchColumn();
} else { // admin or handlowiec
$sql = "
SELECT
o.id,
c.name as client_company_name,
o.created_at,
o.status,
o.total_amount,
o.delivery_source
FROM orders o
LEFT JOIN clients c ON o.client_id = c.id
";
// Stats for admin/handlowiec
$new_today_stmt = $pdo->prepare("SELECT COUNT(*) FROM orders WHERE created_at >= ?");
$new_today_stmt->execute([$today_start]);
$stats['new_today'] = $new_today_stmt->fetchColumn();
$new_week_stmt = $pdo->prepare("SELECT COUNT(*) FROM orders WHERE created_at >= ?");
$new_week_stmt->execute([$week_start]);
$stats['new_week'] = $new_week_stmt->fetchColumn();
$awaiting_payment_stmt = $pdo->query("SELECT COUNT(*) FROM orders WHERE status = 'pending_payment'");
$stats['awaiting_payment'] = $awaiting_payment_stmt->fetchColumn();
$in_progress_stmt = $pdo->query("SELECT COUNT(*) FROM orders WHERE status = 'in_progress'");
$stats['in_progress'] = $in_progress_stmt->fetchColumn();
}
if ($filter_status) {
switch ($filter_status) {
case 'new_today':
$sql .= " WHERE o.created_at >= :today_start";
$params[':today_start'] = date('Y-m-d 00:00:00');
$where_clauses[] = "o.created_at >= :today_start";
$params[':today_start'] = $today_start;
break;
case 'new_week':
$sql .= " WHERE o.created_at >= :week_start";
$params[':week_start'] = date('Y-m-d 00:00:00', strtotime('-7 days'));
$where_clauses[] = "o.created_at >= :week_start";
$params[':week_start'] = $week_start;
break;
default:
$sql .= " WHERE o.status = :status";
$where_clauses[] = "o.status = :status";
$params[':status'] = $filter_status;
break;
}
}
if (!empty($where_clauses)) {
$sql .= " WHERE " . implode(" AND ", $where_clauses);
}
$sql .= " ORDER BY o.created_at DESC";
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Fetch stats
$today_start = date('Y-m-d 00:00:00');
$week_start = date('Y-m-d 00:00:00', strtotime('-7 days'));
$new_today_stmt = $pdo->prepare("SELECT COUNT(*) FROM orders WHERE created_at >= ?");
$new_today_stmt->execute([$today_start]);
$stats['new_today'] = $new_today_stmt->fetchColumn();
$new_week_stmt = $pdo->prepare("SELECT COUNT(*) FROM orders WHERE created_at >= ?");
$new_week_stmt->execute([$week_start]);
$stats['new_week'] = $new_week_stmt->fetchColumn();
$awaiting_payment_stmt = $pdo->query("SELECT COUNT(*) FROM orders WHERE status = 'pending_payment'");
$stats['awaiting_payment'] = $awaiting_payment_stmt->fetchColumn();
$in_progress_stmt = $pdo->query("SELECT COUNT(*) FROM orders WHERE status = 'in_progress'");
$stats['in_progress'] = $in_progress_stmt->fetchColumn();
} catch (PDOException $e) {
$error = "Błąd bazy danych: " . $e->getMessage();
}

1
db/migrations/033_add_handlowiec_role.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `users` MODIFY `role` ENUM('admin', 'finance', 'support', 'client', 'supplier', 'handlowiec') NOT NULL;

1
db/migrations/034_add_file_path_to_kb_documents.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `kb_documents` ADD `file_path` VARCHAR(255) NULL;

1577
debug_price.log
View File

File diff suppressed because it is too large Load Diff

8
includes/init.php
View File

@ -27,4 +27,10 @@ if (isset($_GET['lang'])) {
exit;
}
require_once __DIR__ . '/auth.php';
require_once __DIR__ . '/auth.php';
// Redirect handlowiec from client area to admin dashboard
if (is_logged_in() && get_user_role() === 'handlowiec' && strpos($_SERVER['PHP_SELF'], '/admin/') === false) {
header('Location: /admin/orders.php');
exit();
}

12
login.php
View File

@ -16,17 +16,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($role) {
switch ($role) {
case 'admin':
case 'finance':
case 'support':
case 'handlowiec':
case 'supplier':
header('Location: /admin/orders.php');
break;
case 'client':
header('Location: /index.php');
break;
case 'supplier':
// Redirect to a future supplier panel
header('Location: /index.php'); // Placeholder
break;
default:
header('Location: /index.php');
break;
@ -42,8 +38,8 @@ if (is_logged_in()) {
$role = get_user_role();
switch ($role) {
case 'admin':
case 'finance':
case 'support':
case 'handlowiec':
case 'supplier':
header('Location: /admin/orders.php');
break;
default:

1
order_process.php
View File

@ -139,6 +139,7 @@ try {
// --- Email Sending Logic ---
$site_name = get_site_url(); // Or your site name
$lang = get_lang();
if ($client_email) {
// 1. Client - Order Confirmation