164 lines
5.9 KiB
PHP
164 lines
5.9 KiB
PHP
<?php
|
|
require_once 'session.php';
|
|
check_admin();
|
|
|
|
require_once 'db/config.php';
|
|
|
|
$id = $_GET['id'] ?? null;
|
|
if (!$id) {
|
|
header('Location: properties.php');
|
|
exit;
|
|
}
|
|
|
|
$name = $address = $rent_amount = '';
|
|
$errors = [];
|
|
|
|
try {
|
|
$db = db();
|
|
$stmt = $db->prepare("SELECT * FROM properties WHERE id = :id");
|
|
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
|
|
$stmt->execute();
|
|
$property = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$property) {
|
|
header('Location: properties.php');
|
|
exit;
|
|
}
|
|
|
|
$name = $property['name'];
|
|
$address = $property['address'];
|
|
$rent_amount = $property['rent_amount'];
|
|
|
|
} catch (PDOException $e) {
|
|
die("DB ERROR: " . $e->getMessage());
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$name = $_POST['name'] ?? '';
|
|
$address = $_POST['address'] ?? '';
|
|
$rent_amount = $_POST['rent_amount'] ?? '';
|
|
|
|
if (empty($name)) {
|
|
$errors[] = 'Name is required';
|
|
}
|
|
if (empty($address)) {
|
|
$errors[] = 'Address is required';
|
|
}
|
|
if (empty($rent_amount) || !is_numeric($rent_amount)) {
|
|
$errors[] = 'Valid rent amount is required';
|
|
}
|
|
|
|
if (empty($errors)) {
|
|
$db = db();
|
|
try {
|
|
$sql = "UPDATE properties SET name = :name, address = :address, rent_amount = :rent_amount WHERE id = :id";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
|
|
$stmt->bindParam(':address', $address, PDO::PARAM_STR);
|
|
$stmt->bindParam(':rent_amount', $rent_amount, PDO::PARAM_STR);
|
|
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
|
|
$stmt->execute();
|
|
|
|
// Handle file upload
|
|
if (isset($_FILES['file']) && $_FILES['file']['error'] == 0) {
|
|
$target_dir = "uploads/";
|
|
if (!is_dir($target_dir)) {
|
|
mkdir($target_dir, 0755, true);
|
|
}
|
|
|
|
$file_name = uniqid() . '-' . basename($_FILES["file"]["name"]);
|
|
$target_file = $target_dir . $file_name;
|
|
|
|
if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) {
|
|
// Insert file info into database
|
|
$file_sql = "INSERT INTO files (file_name, file_path, property_id) VALUES (:file_name, :file_path, :property_id)";
|
|
$file_stmt = $db->prepare($file_sql);
|
|
$file_stmt->bindParam(':file_name', $file_name, PDO::PARAM_STR);
|
|
$file_stmt->bindParam(':file_path', $target_file, PDO::PARAM_STR);
|
|
$file_stmt->bindParam(':property_id', $id, PDO::PARAM_INT);
|
|
$file_stmt->execute();
|
|
} else {
|
|
$errors[] = "Sorry, there was an error uploading your file.";
|
|
}
|
|
}
|
|
|
|
header('Location: edit_property.php?id=' . $id . '&message=Property updated successfully.');
|
|
exit;
|
|
} catch (Exception $e) {
|
|
$errors[] = "DB ERROR: " . $e->getMessage();
|
|
}
|
|
}
|
|
}
|
|
|
|
include 'templates/header.php';
|
|
?>
|
|
|
|
<div class="container mt-4">
|
|
<h1>Edit Property</h1>
|
|
|
|
<?php if (!empty($errors)):
|
|
<div class="alert alert-danger">
|
|
<?php foreach ($errors as $error):
|
|
<p><?php echo $error; ?></p>
|
|
<?php endforeach; ?>
|
|
</div>
|
|
<?php endif; ?>
|
|
|
|
<form action="edit_property.php?id=<?php echo $id; ?>" method="POST" enctype="multipart/form-data">
|
|
<div class="mb-3">
|
|
<label for="name" class="form-label">Property Name</label>
|
|
<input type="text" class="form-control" id="name" name="name" value="<?php echo htmlspecialchars($name); ?>" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="address" class="form-label">Address</label>
|
|
<textarea class="form-control" id="address" name="address" rows="3" required><?php echo htmlspecialchars($address); ?></textarea>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label for="rent_amount" class="form-label">Rent Amount ($)</label>
|
|
<input type="number" step="0.01" class="form-control" id="rent_amount" name="rent_amount" value="<?php echo htmlspecialchars($rent_amount); ?>" required>
|
|
</div>
|
|
|
|
<div class="mb-3">
|
|
<label for="file" class="form-label">Upload New File</label>
|
|
<input type="file" class="form-control" id="file" name="file">
|
|
</div>
|
|
|
|
<button type="submit" class="btn btn-primary">Save Changes</button>
|
|
<a href="properties.php" class="btn btn-secondary">Cancel</a>
|
|
</form>
|
|
|
|
<hr class="my-4">
|
|
|
|
<h2>Uploaded Files</h2>
|
|
<?php
|
|
try {
|
|
$file_stmt = $db->prepare("SELECT * FROM files WHERE property_id = :property_id");
|
|
$file_stmt->bindParam(':property_id', $id, PDO::PARAM_INT);
|
|
$file_stmt->execute();
|
|
$files = $file_stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
} catch (PDOException $e) {
|
|
$files = [];
|
|
echo "<p class="text-danger">Could not load files: " . $e->getMessage() . "</p>";
|
|
}
|
|
|
|
if (count($files) > 0) {
|
|
echo '<ul class="list-group">';
|
|
foreach ($files as $file) {
|
|
echo '<li class="list-group-item d-flex justify-content-between align-items-center">';
|
|
echo '<a href="' . htmlspecialchars($file['file_path']) . '" target="_blank">' . htmlspecialchars($file['file_name']) . '</a>';
|
|
echo '<form action="delete_file.php" method="POST" style="display:inline;" onsubmit="return confirm(\'Are you sure you want to delete this file?\');">';
|
|
echo '<input type="hidden" name="id" value="' . $file['id'] . '">';
|
|
echo '<input type="hidden" name="property_id" value="' . $id . '">';
|
|
echo '<button type="submit" class="btn btn-danger btn-sm">Delete</button>';
|
|
echo '</form>';
|
|
echo '</li>';
|
|
}
|
|
echo '</ul>';
|
|
} else {
|
|
echo '<p>No files uploaded for this property yet.</p>';
|
|
}
|
|
?>
|
|
</div>
|
|
|
|
<?php include 'templates/footer.php'; ?>
|