admin/38348-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38348-vm/customer_form.php
Flatlogic Bot ac5d28462e Autosave: 20260211-014633
2026-02-11 01:46:33 +00:00

112 lines
5.1 KiB
PHP
Raw Blame History

<?php
// customer_form.php
require_once 'db/config.php';
// Auth check (Sales or Admin can manage customers)
if (!isset($_SESSION['user_id']) || !in_array($_SESSION['role'], ['Admin', 'Sales'])) {
$_SESSION['error'] = "You do not have permission to manage customers.";
header("Location: index.php");
exit;
}
$id = $_GET['id'] ?? null;
$customer = null;
if ($id) {
$stmt = db()->prepare("SELECT * FROM customers WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$id]);
$customer = $stmt->fetch();
}
$page_title = $id ? "Edit Customer" : "Add Customer";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!validate_csrf($_POST['csrf_token'] ?? '')) {
die("CSRF token validation failed");
}
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$category = $_POST['category'];
$status = $_POST['status'];
if ($id) {
$stmt = db()->prepare("UPDATE customers SET name = ?, email = ?, phone = ?, address = ?, category = ?, status = ? WHERE id = ?");
$stmt->execute([$name, $email, $phone, $address, $category, $status, $id]);
} else {
$stmt = db()->prepare("INSERT INTO customers (name, email, phone, address, category, status) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->execute([$name, $email, $phone, $address, $category, $status]);
$id = db()->lastInsertId();
}
// Log action
$log_stmt = db()->prepare("INSERT INTO audit_logs (user_id, action, entity_type, entity_id, details) VALUES (?, ?, ?, ?, ?)");
$log_stmt->execute([$_SESSION['user_id'], $id ? 'UPDATE' : 'CREATE', 'CUSTOMER', $id, "Name: $name"]);
$_SESSION['success'] = "Customer " . ($id ? "updated" : "created") . " successfully.";
header("Location: customers.php");
exit;
}
require_once 'includes/header.php';
?>
<div class="row justify-content-center">
<div class="col-lg-8">
<div class="d-flex justify-content-between align-items-center mb-4">
<h1 class="h3 fw-bold mb-0"><?= $page_title ?></h1>
<a href="customers.php" class="btn btn-outline-secondary">Cancel</a>
</div>
<div class="card p-4">
<form method="POST">
<input type="hidden" name="csrf_token" value="<?= csrf_token() ?>">
<div class="row g-3">
<div class="col-md-6">
<label class="form-label">Name</label>
<input type="text" name="name" class="form-control" value="<?= e($customer['name'] ?? '') ?>" required>
</div>
<div class="col-md-6">
<label class="form-label">Email</label>
<input type="email" name="email" class="form-control" value="<?= e($customer['email'] ?? '') ?>">
</div>
<div class="col-md-6">
<label class="form-label">Phone</label>
<input type="text" name="phone" class="form-control" value="<?= e($customer['phone'] ?? '') ?>">
</div>
<div class="col-md-6">
<label class="form-label">Category</label>
<select name="category" class="form-select">
<option value="School" <?= ($customer['category'] ?? '') == 'School' ? 'selected' : '' ?>>School</option>
<option value="University" <?= ($customer['category'] ?? '') == 'University' ? 'selected' : '' ?>>University</option>
<option value="Tutoring Center" <?= ($customer['category'] ?? '') == 'Tutoring Center' ? 'selected' : '' ?>>Tutoring Center</option>
<option value="Individual" <?= ($customer['category'] ?? '') == 'Individual' ? 'selected' : '' ?>>Individual</option>
</select>
</div>
<div class="col-md-12">
<label class="form-label">Address</label>
<textarea name="address" class="form-control" rows="3"><?= e($customer['address'] ?? '') ?></textarea>
</div>
<div class="col-md-6">
<label class="form-label">Status</label>
<select name="status" class="form-select">
<option value="Prospect" <?= ($customer['status'] ?? '') == 'Prospect' ? 'selected' : '' ?>>Prospect</option>
<option value="Active" <?= ($customer['status'] ?? '') == 'Active' ? 'selected' : '' ?>>Active</option>
<option value="Inactive" <?= ($customer['status'] ?? '') == 'Inactive' ? 'selected' : '' ?>>Inactive</option>
</select>
</div>
</div>
<div class="mt-4 pt-3 border-top">
<button type="submit" class="btn btn-primary px-4">Save Customer</button>
</div>
</form>
</div>
</div>
</div>
<?php require_once 'includes/footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink