admin/38682-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add a blank dashboard

Browse Source
This commit is contained in:
Flatlogic Bot 2026-02-23 13:33:11 +00:00
parent 4bbeb16cfc
commit 95541b059b
17 changed files with 1014 additions and 360 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
admin/ads.php
View File

@ -4,6 +4,8 @@ require_permission("ads_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$message = '';
// Ensure the table exists (idempotent)
$pdo->exec("CREATE TABLE IF NOT EXISTS ads_images (
id INT AUTO_INCREMENT PRIMARY KEY,
@ -16,23 +18,27 @@ $pdo->exec("CREATE TABLE IF NOT EXISTS ads_images (
)");
if (isset($_GET['delete'])) {
$id = $_GET['delete'];
// Get image path to delete file
$stmt = $pdo->prepare("SELECT image_path FROM ads_images WHERE id = ?");
$stmt->execute([$id]);
$ad = $stmt->fetch();
if ($ad) {
$fullPath = __DIR__ . '/../' . $ad['image_path'];
if (file_exists($fullPath) && is_file($fullPath)) {
unlink($fullPath);
if (!has_permission('ads_del')) {
$message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete advertisements.</div>';
} else {
$id = $_GET['delete'];
// Get image path to delete file
$stmt = $pdo->prepare("SELECT image_path FROM ads_images WHERE id = ?");
$stmt->execute([$id]);
$ad = $stmt->fetch();
if ($ad) {
$fullPath = __DIR__ . '/../' . $ad['image_path'];
if (file_exists($fullPath) && is_file($fullPath)) {
unlink($fullPath);
}
$pdo->prepare("DELETE FROM ads_images WHERE id = ?")->execute([$id]);
}
$pdo->prepare("DELETE FROM ads_images WHERE id = ?")->execute([$id]);
header("Location: ads.php");
exit;
}
header("Location: ads.php");
exit;
}
$query = "SELECT * FROM ads_images ORDER BY sort_order ASC, created_at DESC";
@ -47,11 +53,15 @@ include 'includes/header.php';
<h2 class="fw-bold mb-0">Advertisement Slider</h2>
<p class="text-muted mb-0">Manage pictures for the public ads display page.</p>
</div>
<?php if (has_permission('ads_add')): ?>
<a href="ad_edit.php" class="btn btn-primary">
<i class="bi bi-plus-lg"></i> Add Image
</a>
<?php endif; ?>
</div>
<?= $message ?>
<div class="alert alert-info border-0 shadow-sm d-flex align-items-center">
<i class="bi bi-info-circle-fill me-3 fs-4"></i>
<div>
@ -113,8 +123,13 @@ include 'includes/header.php';
<?php endif; ?>
</td>
<td class="text-end pe-4">
<?php if (has_permission('ads_add')): ?>
<a href="ad_edit.php?id=<?= $ad['id'] ?>" class="btn btn-sm btn-outline-primary me-1"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('ads_del')): ?>
<a href="?delete=<?= $ad['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this image?')"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>

35
admin/areas.php
View File

@ -4,17 +4,27 @@ require_permission("areas_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_area') {
$stmt = $pdo->prepare("INSERT INTO areas (outlet_id, name) VALUES (?, ?)");
$stmt->execute([$_POST['outlet_id'], $_POST['name']]);
header("Location: areas.php");
exit;
if (!has_permission('areas_add')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to add areas.</div>';
} else {
$stmt = $pdo->prepare("INSERT INTO areas (outlet_id, name) VALUES (?, ?)");
$stmt->execute([$_POST['outlet_id'], $_POST['name']]);
header("Location: areas.php");
exit;
}
}
if (isset($_GET['delete'])) {
$pdo->prepare("DELETE FROM areas WHERE id = ?")->execute([$_GET['delete']]);
header("Location: areas.php");
exit;
if (!has_permission('areas_del')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete areas.</div>';
} else {
$pdo->prepare("DELETE FROM areas WHERE id = ?")->execute([$_GET['delete']]);
header("Location: areas.php");
exit;
}
}
// Fetch areas with outlet names
@ -34,11 +44,15 @@ include 'includes/header.php';
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="fw-bold mb-0">Areas</h2>
<?php if (has_permission('areas_add')): ?>
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addAreaModal">
<i class="bi bi-plus-lg"></i> Add Area
</button>
<?php endif; ?>
</div>
<?= $message ?>
<div class="card border-0 shadow-sm">
<div class="card-body p-0">
<!-- Pagination Controls -->
@ -62,8 +76,13 @@ include 'includes/header.php';
<td class="fw-bold"><?= htmlspecialchars($area['name']) ?></td>
<td><span class="badge bg-info text-dark"><?= htmlspecialchars($area['outlet_name'] ?? 'N/A') ?></span></td>
<td>
<?php if (has_permission('areas_add')): ?>
<a href="area_edit.php?id=<?= $area['id'] ?>" class="btn btn-sm btn-outline-primary me-1" title="Edit"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('areas_del')): ?>
<a href="?delete=<?= $area['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this area?')" title="Delete"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
@ -83,6 +102,7 @@ include 'includes/header.php';
</div>
<!-- Add Area Modal -->
<?php if (has_permission('areas_add')): ?>
<div class="modal fade" id="addAreaModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
@ -115,5 +135,6 @@ include 'includes/header.php';
</div>
</div>
</div>
<?php endif; ?>
<?php include 'includes/footer.php'; ?>

24
admin/categories.php
View File

@ -4,11 +4,18 @@ require_permission("categories_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$message = '';
// Handle Delete
if (isset($_GET['delete'])) {
$id = $_GET['delete'];
$pdo->prepare("DELETE FROM categories WHERE id = ?")->execute([$id]);
header("Location: categories.php");
exit;
if (!has_permission('categories_del')) {
$message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete categories.</div>';
} else {
$id = $_GET['delete'];
$pdo->prepare("DELETE FROM categories WHERE id = ?")->execute([$id]);
header("Location: categories.php");
exit;
}
}
$query = "SELECT * FROM categories ORDER BY sort_order ASC, name ASC";
@ -20,11 +27,15 @@ include 'includes/header.php';
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="fw-bold mb-0">Categories</h2>
<?php if (has_permission('categories_add')): ?>
<a href="category_edit.php" class="btn btn-primary">
<i class="bi bi-plus-lg"></i> Add Category
</a>
<?php endif; ?>
</div>
<?= $message ?>
<div class="card border-0 shadow-sm">
<div class="card-body p-0">
<!-- Pagination Controls -->
@ -61,8 +72,13 @@ include 'includes/header.php';
<td><?= htmlspecialchars($cat['name']) ?></td>
<td><?= $cat['sort_order'] ?></td>
<td class="text-end pe-4">
<?php if (has_permission('categories_add')): ?>
<a href="category_edit.php?id=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-primary me-1"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('categories_del')): ?>
<a href="?delete=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure? This might break products linked to this category.')"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>

152
admin/company.php
View File

@ -9,78 +9,82 @@ $settings = get_company_settings();
// Handle Update
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$company_name = $_POST['company_name'] ?? '';
$address = $_POST['address'] ?? '';
$phone = $_POST['phone'] ?? '';
$email = $_POST['email'] ?? '';
$vat_rate = $_POST['vat_rate'] ?? 0;
$currency_symbol = $_POST['currency_symbol'] ?? '$';
$currency_decimals = $_POST['currency_decimals'] ?? 2;
$ctr_number = $_POST['ctr_number'] ?? '';
$vat_number = $_POST['vat_number'] ?? '';
if (!has_permission('settings_add')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to update settings.</div>';
} else {
$company_name = $_POST['company_name'] ?? '';
$address = $_POST['address'] ?? '';
$phone = $_POST['phone'] ?? '';
$email = $_POST['email'] ?? '';
$vat_rate = $_POST['vat_rate'] ?? 0;
$currency_symbol = $_POST['currency_symbol'] ?? '$';
$currency_decimals = $_POST['currency_decimals'] ?? 2;
$ctr_number = $_POST['ctr_number'] ?? '';
$vat_number = $_POST['vat_number'] ?? '';
// Handle File Uploads
$uploadDir = __DIR__ . '/../assets/images/company/';
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0755, true);
}
// Handle File Uploads
$uploadDir = __DIR__ . '/../assets/images/company/';
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0755, true);
}
$logo_url = $settings['logo_url'] ?? null;
$favicon_url = $settings['favicon_url'] ?? null;
$logo_url = $settings['logo_url'] ?? null;
$favicon_url = $settings['favicon_url'] ?? null;
// Logo Upload
if (isset($_FILES['logo']) && $_FILES['logo']['error'] === UPLOAD_ERR_OK) {
$fileInfo = pathinfo($_FILES['logo']['name']);
$fileExt = strtolower($fileInfo['extension']);
$allowedExts = ['jpg', 'jpeg', 'png', 'gif', 'webp', 'svg'];
// Logo Upload
if (isset($_FILES['logo']) && $_FILES['logo']['error'] === UPLOAD_ERR_OK) {
$fileInfo = pathinfo($_FILES['logo']['name']);
$fileExt = strtolower($fileInfo['extension']);
$allowedExts = ['jpg', 'jpeg', 'png', 'gif', 'webp', 'svg'];
if (in_array($fileExt, $allowedExts)) {
$fileName = 'logo_' . uniqid() . '.' . $fileExt;
$targetFile = $uploadDir . $fileName;
if (move_uploaded_file($_FILES['logo']['tmp_name'], $targetFile)) {
$logo_url = 'assets/images/company/' . $fileName;
if (in_array($fileExt, $allowedExts)) {
$fileName = 'logo_' . uniqid() . '.' . $fileExt;
$targetFile = $uploadDir . $fileName;
if (move_uploaded_file($_FILES['logo']['tmp_name'], $targetFile)) {
$logo_url = 'assets/images/company/' . $fileName;
}
}
}
}
// Favicon Upload
if (isset($_FILES['favicon']) && $_FILES['favicon']['error'] === UPLOAD_ERR_OK) {
$fileInfo = pathinfo($_FILES['favicon']['name']);
$fileExt = strtolower($fileInfo['extension']);
$allowedExts = ['ico', 'png', 'svg']; // Favicons are usually ico/png/svg
// Favicon Upload
if (isset($_FILES['favicon']) && $_FILES['favicon']['error'] === UPLOAD_ERR_OK) {
$fileInfo = pathinfo($_FILES['favicon']['name']);
$fileExt = strtolower($fileInfo['extension']);
$allowedExts = ['ico', 'png', 'svg']; // Favicons are usually ico/png/svg
if (in_array($fileExt, $allowedExts)) {
$fileName = 'favicon_' . uniqid() . '.' . $fileExt;
$targetFile = $uploadDir . $fileName;
if (move_uploaded_file($_FILES['favicon']['tmp_name'], $targetFile)) {
$favicon_url = 'assets/images/company/' . $fileName;
if (in_array($fileExt, $allowedExts)) {
$fileName = 'favicon_' . uniqid() . '.' . $fileExt;
$targetFile = $uploadDir . $fileName;
if (move_uploaded_file($_FILES['favicon']['tmp_name'], $targetFile)) {
$favicon_url = 'assets/images/company/' . $fileName;
}
}
}
}
try {
// Check if row exists
$exists = $pdo->query("SELECT COUNT(*) FROM company_settings")->fetchColumn();
if ($exists) {
$stmt = $pdo->prepare("UPDATE company_settings SET company_name=?, address=?, phone=?, email=?, vat_rate=?, currency_symbol=?, currency_decimals=?, ctr_number=?, vat_number=?, logo_url=?, favicon_url=?, updated_at=NOW()");
$stmt->execute([$company_name, $address, $phone, $email, $vat_rate, $currency_symbol, $currency_decimals, $ctr_number, $vat_number, $logo_url, $favicon_url]);
} else {
$stmt = $pdo->prepare("INSERT INTO company_settings (company_name, address, phone, email, vat_rate, currency_symbol, currency_decimals, ctr_number, vat_number, logo_url, favicon_url) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$company_name, $address, $phone, $email, $vat_rate, $currency_symbol, $currency_decimals, $ctr_number, $vat_number, $logo_url, $favicon_url]);
try {
// Check if row exists
$exists = $pdo->query("SELECT COUNT(*) FROM company_settings")->fetchColumn();
if ($exists) {
$stmt = $pdo->prepare("UPDATE company_settings SET company_name=?, address=?, phone=?, email=?, vat_rate=?, currency_symbol=?, currency_decimals=?, ctr_number=?, vat_number=?, logo_url=?, favicon_url=?, updated_at=NOW()");
$stmt->execute([$company_name, $address, $phone, $email, $vat_rate, $currency_symbol, $currency_decimals, $ctr_number, $vat_number, $logo_url, $favicon_url]);
} else {
$stmt = $pdo->prepare("INSERT INTO company_settings (company_name, address, phone, email, vat_rate, currency_symbol, currency_decimals, ctr_number, vat_number, logo_url, favicon_url) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$company_name, $address, $phone, $email, $vat_rate, $currency_symbol, $currency_decimals, $ctr_number, $vat_number, $logo_url, $favicon_url]);
}
$message = '<div class="alert alert-success">Company settings updated successfully!</div>';
// Refresh settings
$settings = get_company_settings(); // Re-fetch to get updated values
// Manually update immediate values for display if fetch is cached/laggy (though re-fetch is better)
$settings['ctr_number'] = $ctr_number;
$settings['vat_number'] = $vat_number;
$settings['logo_url'] = $logo_url;
$settings['favicon_url'] = $favicon_url;
} catch (Exception $e) {
$message = '<div class="alert alert-danger">Error updating settings: ' . htmlspecialchars($e->getMessage()) . '</div>';
}
$message = '<div class="alert alert-success">Company settings updated successfully!</div>';
// Refresh settings
$settings = get_company_settings(); // Re-fetch to get updated values
// Manually update immediate values for display if fetch is cached/laggy (though re-fetch is better)
$settings['ctr_number'] = $ctr_number;
$settings['vat_number'] = $vat_number;
$settings['logo_url'] = $logo_url;
$settings['favicon_url'] = $favicon_url;
} catch (Exception $e) {
$message = '<div class="alert alert-danger">Error updating settings: ' . htmlspecialchars($e->getMessage()) . '</div>';
}
}
@ -99,19 +103,19 @@ include 'includes/header.php';
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">Company Name</label>
<input type="text" name="company_name" class="form-control" value="<?= htmlspecialchars($settings['company_name'] ?? '') ?>" required>
<input type="text" name="company_name" class="form-control" value="<?= htmlspecialchars($settings['company_name'] ?? '') ?>" required <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Email</label>
<input type="email" name="email" class="form-control" value="<?= htmlspecialchars($settings['email'] ?? '') ?>">
<input type="email" name="email" class="form-control" value="<?= htmlspecialchars($settings['email'] ?? '') ?>" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Phone</label>
<input type="text" name="phone" class="form-control" value="<?= htmlspecialchars($settings['phone'] ?? '') ?>">
<input type="text" name="phone" class="form-control" value="<?= htmlspecialchars($settings['phone'] ?? '') ?>" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="col-md-12 mb-3">
<label class="form-label">Address</label>
<textarea name="address" class="form-control" rows="3"><?= htmlspecialchars($settings['address'] ?? '') ?></textarea>
<textarea name="address" class="form-control" rows="3" <?= !has_permission('settings_add') ? 'readonly' : '' ?>><?= htmlspecialchars($settings['address'] ?? '') ?></textarea>
</div>
</div>
@ -120,11 +124,11 @@ include 'includes/header.php';
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">CTR No (Company Tax Registration)</label>
<input type="text" name="ctr_number" class="form-control" value="<?= htmlspecialchars($settings['ctr_number'] ?? '') ?>" placeholder="e.g. 123456789">
<input type="text" name="ctr_number" class="form-control" value="<?= htmlspecialchars($settings['ctr_number'] ?? '') ?>" placeholder="e.g. 123456789" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">VAT No (Value Added Tax Number)</label>
<input type="text" name="vat_number" class="form-control" value="<?= htmlspecialchars($settings['vat_number'] ?? '') ?>" placeholder="e.g. VAT-987654321">
<input type="text" name="vat_number" class="form-control" value="<?= htmlspecialchars($settings['vat_number'] ?? '') ?>" placeholder="e.g. VAT-987654321" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
</div>
@ -135,17 +139,17 @@ include 'includes/header.php';
<div class="col-md-4 mb-3">
<label class="form-label">VAT Rate (%)</label>
<div class="input-group">
<input type="number" step="0.01" name="vat_rate" class="form-control" value="<?= htmlspecialchars($settings['vat_rate'] ?? 0) ?>">
<input type="number" step="0.01" name="vat_rate" class="form-control" value="<?= htmlspecialchars($settings['vat_rate'] ?? 0) ?>" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
<span class="input-group-text">%</span>
</div>
</div>
<div class="col-md-4 mb-3">
<label class="form-label">Currency Symbol</label>
<input type="text" name="currency_symbol" class="form-control" value="<?= htmlspecialchars($settings['currency_symbol'] ?? '$') ?>" placeholder="e.g. $, €, £">
<input type="text" name="currency_symbol" class="form-control" value="<?= htmlspecialchars($settings['currency_symbol'] ?? '$') ?>" placeholder="e.g. $, €, £" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="col-md-4 mb-3">
<label class="form-label">Decimal Places</label>
<input type="number" name="currency_decimals" class="form-control" value="<?= htmlspecialchars($settings['currency_decimals'] ?? 2) ?>" min="0" max="4">
<input type="number" name="currency_decimals" class="form-control" value="<?= htmlspecialchars($settings['currency_decimals'] ?? 2) ?>" min="0" max="4" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
</div>
@ -160,9 +164,13 @@ include 'includes/header.php';
<img src="<?= htmlspecialchars('../' . $settings['logo_url']) ?>" alt="Logo" style="height: 60px; max-width: 100px; object-fit: contain;">
</div>
<?php endif; ?>
<?php if (has_permission('settings_add')): ?>
<input type="file" name="logo" class="form-control" accept="image/*">
<?php endif; ?>
</div>
<?php if (has_permission('settings_add')): ?>
<div class="form-text">Recommended: PNG or SVG with transparent background.</div>
<?php endif; ?>
</div>
<div class="col-md-6 mb-3">
@ -173,17 +181,23 @@ include 'includes/header.php';
<img src="<?= htmlspecialchars('../' . $settings['favicon_url']) ?>" alt="Favicon" style="height: 32px; width: 32px; object-fit: contain;">
</div>
<?php endif; ?>
<?php if (has_permission('settings_add')): ?>
<input type="file" name="favicon" class="form-control" accept=".ico,.png,.svg">
<?php endif; ?>
</div>
<?php if (has_permission('settings_add')): ?>
<div class="form-text">Recommended: 32x32 ICO or PNG.</div>
<?php endif; ?>
</div>
</div>
<?php if (has_permission('settings_add')): ?>
<div class="mt-4">
<button type="submit" class="btn btn-primary">
<i class="bi bi-save"></i> Save Changes
</button>
</div>
<?php endif; ?>
</form>
</div>
</div>

45
admin/customers.php
View File

@ -8,25 +8,33 @@ $message = '';
// Handle Add Customer
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_customer') {
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$stmt = $pdo->prepare("INSERT INTO customers (name, email, phone, address) VALUES (?, ?, ?, ?)");
if ($stmt->execute([$name, $email, $phone, $address])) {
$message = '<div class="alert alert-success">Customer added successfully!</div>';
if (!has_permission('customers_add')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to add customers.</div>';
} else {
$message = '<div class="alert alert-danger">Error adding customer.</div>';
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$stmt = $pdo->prepare("INSERT INTO customers (name, email, phone, address) VALUES (?, ?, ?, ?)");
if ($stmt->execute([$name, $email, $phone, $address])) {
$message = '<div class="alert alert-success">Customer added successfully!</div>';
} else {
$message = '<div class="alert alert-danger">Error adding customer.</div>';
}
}
}
// Handle Delete
if (isset($_GET['delete'])) {
$id = $_GET['delete'];
$pdo->prepare("DELETE FROM customers WHERE id = ?")->execute([$id]);
header("Location: customers.php");
exit;
if (!has_permission('customers_del')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete customers.</div>';
} else {
$id = $_GET['delete'];
$pdo->prepare("DELETE FROM customers WHERE id = ?")->execute([$id]);
header("Location: customers.php");
exit;
}
}
// Fetch Customers
@ -39,9 +47,11 @@ include 'includes/header.php';
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="fw-bold mb-0">Customers</h2>
<?php if (has_permission('customers_add')): ?>
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addCustomerModal">
<i class="bi bi-plus-lg"></i> Add Customer
</button>
<?php endif; ?>
</div>
<?= $message ?>
@ -76,8 +86,13 @@ include 'includes/header.php';
</td>
<td>
<div class="btn-group">
<?php if (has_permission('customers_add')): ?>
<a href="customer_edit.php?id=<?= $customer['id'] ?>" class="btn btn-sm btn-outline-primary" title="Edit Customer"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('customers_del')): ?>
<a href="?delete=<?= $customer['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure?')" title="Delete"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</div>
</td>
</tr>
@ -98,6 +113,7 @@ include 'includes/header.php';
</div>
<!-- Add Customer Modal -->
<?php if (has_permission('customers_add')): ?>
<div class="modal fade" id="addCustomerModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
@ -133,5 +149,6 @@ include 'includes/header.php';
</div>
</div>
</div>
<?php endif; ?>
<?php include 'includes/footer.php'; ?>
<?php include 'includes/footer.php'; ?>

40
admin/expense_categories.php
View File

@ -4,19 +4,23 @@ require_permission("expense_categories_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$message = '';
if (isset($_GET['delete'])) {
$id = $_GET['delete'];
// Check if there are expenses linked to this category
$stmt = $pdo->prepare("SELECT COUNT(*) FROM expenses WHERE category_id = ?");
$stmt->execute([$id]);
if ($stmt->fetchColumn() > 0) {
$_SESSION['error'] = "Cannot delete category as it has linked expenses.";
if (!has_permission('expense_categories_del')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete expense categories.</div>';
} else {
$pdo->prepare("DELETE FROM expense_categories WHERE id = ?")->execute([$id]);
$_SESSION['success'] = "Category deleted successfully.";
$id = $_GET['delete'];
// Check if there are expenses linked to this category
$stmt = $pdo->prepare("SELECT COUNT(*) FROM expenses WHERE category_id = ?");
$stmt->execute([$id]);
if ($stmt->fetchColumn() > 0) {
$message = '<div class="alert alert-danger">Cannot delete category as it has linked expenses.</div>';
} else {
$pdo->prepare("DELETE FROM expense_categories WHERE id = ?")->execute([$id]);
$message = '<div class="alert alert-success">Category deleted successfully.</div>';
}
}
header("Location: expense_categories.php");
exit;
}
$query = "SELECT * FROM expense_categories ORDER BY name ASC";
@ -28,17 +32,14 @@ include 'includes/header.php';
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="fw-bold mb-0">Expense Categories</h2>
<?php if (has_permission('expense_categories_add')): ?>
<a href="expense_category_edit.php" class="btn btn-primary">
<i class="bi bi-plus-lg"></i> Add Category
</a>
<?php endif; ?>
</div>
<?php if (isset($_SESSION['error'])): ?>
<div class="alert alert-danger"><?= $_SESSION['error']; unset($_SESSION['error']); ?></div>
<?php endif; ?>
<?php if (isset($_SESSION['success'])): ?>
<div class="alert alert-success"><?= $_SESSION['success']; unset($_SESSION['success']); ?></div>
<?php endif; ?>
<?= $message ?>
<div class="card border-0 shadow-sm">
<div class="card-body p-0">
@ -62,8 +63,13 @@ include 'includes/header.php';
<td><?= htmlspecialchars($cat['name']) ?></td>
<td><?= htmlspecialchars($cat['description'] ?? '') ?></td>
<td class="text-end pe-4">
<?php if (has_permission('expense_categories_add')): ?>
<a href="expense_category_edit.php?id=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-primary me-1"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('expense_categories_del')): ?>
<a href="?delete=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure?')"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
@ -81,4 +87,4 @@ include 'includes/header.php';
</div>
</div>
<?php include 'includes/footer.php'; ?>
<?php include 'includes/footer.php'; ?>

8
admin/expenses.php
View File

@ -7,7 +7,7 @@ $pdo = db();
$message = '';
if (isset($_GET['delete'])) {
if (!has_permission('expenses_delete')) {
if (!has_permission('expenses_del')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete expenses.</div>';
} else {
$id = $_GET['delete'];
@ -131,10 +131,10 @@ include 'includes/header.php';
<td><?= htmlspecialchars($exp['description']) ?></td>
<td class="fw-bold"><?= format_currency($exp['amount']) ?></td>
<td class="text-end pe-4">
<?php if (has_permission('expenses_edit')): ?>
<?php if (has_permission('expenses_add')): ?>
<a href="expense_edit.php?id=<?= $exp['id'] ?>" class="btn btn-sm btn-outline-primary me-1"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('expenses_delete')): ?>
<?php if (has_permission('expenses_del')): ?>
<a href="?delete=<?= $exp['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure?')"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</td>
@ -154,4 +154,4 @@ include 'includes/header.php';
</div>
</div>
<?php include 'includes/footer.php'; ?>
<?php include 'includes/footer.php'; ?>

314
admin/index.php
View File

@ -5,169 +5,205 @@ require_once __DIR__ . '/../includes/functions.php';
$pdo = db();
require_permission('dashboard_view');
// Fetch Dashboard Stats
$today = date('Y-m-d');
// Check if user should see the detailed dashboard or the simplified one
// We'll use 'dashboard_add' as a proxy for 'detailed' access, or Super Admin (all)
$isDetailed = has_permission('dashboard_add') || has_permission('all');
// Total Revenue Today
$stmt = $pdo->prepare("SELECT SUM(total_amount) FROM orders WHERE DATE(created_at) = ? AND status != 'cancelled'");
$stmt->execute([$today]);
$revenueToday = $stmt->fetchColumn() ?: 0;
if ($isDetailed) {
// Fetch Dashboard Stats
$today = date('Y-m-d');
// Total Orders Today
$stmt = $pdo->prepare("SELECT COUNT(*) FROM orders WHERE DATE(created_at) = ?");
$stmt->execute([$today]);
$ordersToday = $stmt->fetchColumn();
// Total Revenue Today
$stmt = $pdo->prepare("SELECT SUM(total_amount) FROM orders WHERE DATE(created_at) = ? AND status != 'cancelled'");
$stmt->execute([$today]);
$revenueToday = $stmt->fetchColumn() ?: 0;
// Active Outlets
$outletsCount = $pdo->query("SELECT COUNT(*) FROM outlets")->fetchColumn();
// Total Orders Today
$stmt = $pdo->prepare("SELECT COUNT(*) FROM orders WHERE DATE(created_at) = ?");
$stmt->execute([$today]);
$ordersToday = $stmt->fetchColumn();
// Total Products
$productsCount = $pdo->query("SELECT COUNT(*) FROM products")->fetchColumn();
// Active Outlets
$outletsCount = $pdo->query("SELECT COUNT(*) FROM outlets")->fetchColumn();
// Recent Orders
$recentOrders = $pdo->query("SELECT o.*,
(SELECT GROUP_CONCAT(p.name SEPARATOR ', ') FROM order_items oi JOIN products p ON oi.product_id = p.id WHERE oi.order_id = o.id) as items
FROM orders o ORDER BY created_at DESC LIMIT 5")->fetchAll();
// Total Products
$productsCount = $pdo->query("SELECT COUNT(*) FROM products")->fetchColumn();
// Recent Orders
$recentOrders = $pdo->query("SELECT o.*,
(SELECT GROUP_CONCAT(p.name SEPARATOR ', ') FROM order_items oi JOIN products p ON oi.product_id = p.id WHERE oi.order_id = o.id) as items
FROM orders o ORDER BY created_at DESC LIMIT 5")->fetchAll();
}
include 'includes/header.php';
?>
<div class="d-flex justify-content-between align-items-center mb-4">
<div>
<h2 class="fw-bold mb-1">Dashboard</h2>
<p class="text-muted">Welcome back, <?= htmlspecialchars($userName) ?>!</p>
<?php if ($isDetailed): ?>
<div class="d-flex justify-content-between align-items-center mb-4">
<div>
<h2 class="fw-bold mb-1">Dashboard</h2>
<p class="text-muted">Welcome back, <?= htmlspecialchars($userName) ?>!</p>
</div>
<?php if (has_permission('orders_add')): ?>
<div>
<a href="../pos.php" class="btn btn-primary"><i class="bi bi-plus-lg me-1"></i> New Order</a>
</div>
<?php endif; ?>
</div>
<?php if (has_permission('orders_add')): ?>
<div>
<a href="../pos.php" class="btn btn-primary"><i class="bi bi-plus-lg me-1"></i> New Order</a>
</div>
<?php endif; ?>
</div>
<div class="row g-4 mb-4">
<!-- Revenue Card -->
<div class="col-md-3">
<div class="card stat-card h-100 p-3">
<div class="d-flex align-items-center">
<div class="icon-box bg-success bg-opacity-10 text-success me-3">
<i class="bi bi-currency-dollar"></i>
</div>
<div>
<h6 class="text-muted mb-0">Today's Revenue</h6>
<h3 class="fw-bold mb-0"><?= format_currency($revenueToday) ?></h3>
<div class="row g-4 mb-4">
<!-- Revenue Card -->
<div class="col-md-3">
<div class="card stat-card h-100 p-3">
<div class="d-flex align-items-center">
<div class="icon-box bg-success bg-opacity-10 text-success me-3">
<i class="bi bi-currency-dollar"></i>
</div>
<div>
<h6 class="text-muted mb-0">Today's Revenue</h6>
<h3 class="fw-bold mb-0"><?= format_currency($revenueToday) ?></h3>
</div>
</div>
</div>
</div>
</div>
<!-- Orders Card -->
<div class="col-md-3">
<div class="card stat-card h-100 p-3">
<div class="d-flex align-items-center">
<div class="icon-box bg-primary bg-opacity-10 text-primary me-3">
<i class="bi bi-receipt"></i>
<!-- Orders Card -->
<div class="col-md-3">
<div class="card stat-card h-100 p-3">
<div class="d-flex align-items-center">
<div class="icon-box bg-primary bg-opacity-10 text-primary me-3">
<i class="bi bi-receipt"></i>
</div>
<div>
<h6 class="text-muted mb-0">Orders Today</h6>
<h3 class="fw-bold mb-0"><?= $ordersToday ?></h3>
</div>
</div>
<div>
<h6 class="text-muted mb-0">Orders Today</h6>
<h3 class="fw-bold mb-0"><?= $ordersToday ?></h3>
</div>
</div>
<!-- Outlets Card -->
<div class="col-md-3">
<div class="card stat-card h-100 p-3">
<div class="d-flex align-items-center">
<div class="icon-box bg-warning bg-opacity-10 text-warning me-3">
<i class="bi bi-shop"></i>
</div>
<div>
<h6 class="text-muted mb-0">Active Outlets</h6>
<h3 class="fw-bold mb-0"><?= $outletsCount ?></h3>
</div>
</div>
</div>
</div>
<!-- Products Card -->
<div class="col-md-3">
<div class="card stat-card h-100 p-3">
<div class="d-flex align-items-center">
<div class="icon-box bg-info bg-opacity-10 text-info me-3">
<i class="bi bi-box-seam"></i>
</div>
<div>
<h6 class="text-muted mb-0">Total Products</h6>
<h3 class="fw-bold mb-0"><?= $productsCount ?></h3>
</div>
</div>
</div>
</div>
</div>
<!-- Outlets Card -->
<div class="col-md-3">
<div class="card stat-card h-100 p-3">
<div class="d-flex align-items-center">
<div class="icon-box bg-warning bg-opacity-10 text-warning me-3">
<i class="bi bi-shop"></i>
</div>
<div>
<h6 class="text-muted mb-0">Active Outlets</h6>
<h3 class="fw-bold mb-0"><?= $outletsCount ?></h3>
</div>
<!-- Recent Orders Table -->
<div class="card border-0 shadow-sm rounded-3">
<div class="card-header bg-white border-bottom py-3">
<h5 class="mb-0 fw-bold">Recent Orders</h5>
</div>
<div class="card-body p-0">
<div class="table-responsive">
<table class="table align-middle mb-0">
<thead class="bg-light">
<tr>
<th class="ps-4">ID</th>
<th>Type</th>
<th>Table/Customer</th>
<th>Total</th>
<th>Status</th>
<th>Date</th>
</tr>
</thead>
<tbody>
<?php foreach ($recentOrders as $order): ?>
<tr>
<td class="ps-4 fw-medium">#<?= $order['id'] ?></td>
<td>
<?php
$badge = match($order['order_type']) {
'dine-in' => 'bg-info',
'takeaway' => 'bg-success',
'delivery' => 'bg-warning',
'drive-thru' => 'bg-purple',
default => 'bg-secondary'
};
?>
<span class="badge <?= $badge ?> text-dark bg-opacity-25 border border-<?= str_replace('bg-', '', $badge) ?>"><?= ucfirst($order['order_type']) ?></span>
</td>
<td>
<?php if ($order['table_number']): ?>
Table <?= htmlspecialchars($order['table_number']) ?>
<?php else: ?>
<?= htmlspecialchars($order['customer_name'] ?? 'Guest') ?>
<?php endif; ?>
</td>
<td class="fw-bold"><?= format_currency($order['total_amount']) ?></td>
<td>
<span class="status-badge status-<?= $order['status'] ?> badge rounded-pill">
<?= ucfirst($order['status']) ?>
</span>
</td>
<td class="text-muted small"><?= date('M d, H:i', strtotime($order['created_at'])) ?></td>
</tr>
<?php endforeach; ?>
<?php if (empty($recentOrders)): ?>
<tr><td colspan="6" class="text-center py-4 text-muted">No recent orders found.</td></tr>
<?php endif; ?>
</tbody>
</table>
</div>
</div>
<?php if (has_permission('orders_view')): ?>
<div class="card-footer bg-white text-center py-3">
<a href="orders.php" class="text-decoration-none fw-medium">View All Orders</a>
</div>
<?php endif; ?>
</div>
<!-- Products Card -->
<div class="col-md-3">
<div class="card stat-card h-100 p-3">
<div class="d-flex align-items-center">
<div class="icon-box bg-info bg-opacity-10 text-info me-3">
<i class="bi bi-box-seam"></i>
<?php else: ?>
<!-- Simplified Dashboard -->
<div class="d-flex flex-column align-items-center justify-content-center py-5 mt-5">
<div class="mb-4">
<?php if ($logoUrl): ?>
<img src="../<?= htmlspecialchars($logoUrl) ?>" alt="<?= htmlspecialchars($companyName) ?>" style="max-height: 120px; max-width: 100%; filter: drop-shadow(0 10px 15px rgba(0,0,0,0.1));">
<?php else: ?>
<div class="bg-primary bg-opacity-10 text-primary p-4 rounded-circle mb-3 shadow-sm" style="width: 120px; height: 120px; display: flex; align-items: center; justify-content: center;">
<i class="bi bi-shop fs-1"></i>
</div>
<div>
<h6 class="text-muted mb-0">Total Products</h6>
<h3 class="fw-bold mb-0"><?= $productsCount ?></h3>
</div>
</div>
<?php endif; ?>
</div>
<h1 class="fw-bold text-center mb-2"><?= htmlspecialchars($companyName) ?></h1>
<p class="text-muted text-center fs-5 mb-4">Welcome to the Admin Panel, <?= htmlspecialchars($userName) ?>!</p>
<div class="d-flex gap-3 mt-4">
<?php if (has_permission('pos_view')): ?>
<a href="../pos.php" class="btn btn-primary btn-lg rounded-pill px-5 shadow-sm">
<i class="bi bi-display me-2"></i> POS Terminal
</a>
<?php endif; ?>
<?php if (has_permission('kitchen_view')): ?>
<a href="../kitchen.php" class="btn btn-outline-primary btn-lg rounded-pill px-5">
<i class="bi bi-fire me-2"></i> Kitchen View
</a>
<?php endif; ?>
</div>
</div>
</div>
<?php endif; ?>
<!-- Recent Orders Table -->
<div class="card border-0 shadow-sm rounded-3">
<div class="card-header bg-white border-bottom py-3">
<h5 class="mb-0 fw-bold">Recent Orders</h5>
</div>
<div class="card-body p-0">
<div class="table-responsive">
<table class="table align-middle mb-0">
<thead class="bg-light">
<tr>
<th class="ps-4">ID</th>
<th>Type</th>
<th>Table/Customer</th>
<th>Total</th>
<th>Status</th>
<th>Date</th>
</tr>
</thead>
<tbody>
<?php foreach ($recentOrders as $order): ?>
<tr>
<td class="ps-4 fw-medium">#<?= $order['id'] ?></td>
<td>
<?php
$badge = match($order['order_type']) {
'dine-in' => 'bg-info',
'takeaway' => 'bg-success',
'delivery' => 'bg-warning',
'drive-thru' => 'bg-purple',
default => 'bg-secondary'
};
?>
<span class="badge <?= $badge ?> text-dark bg-opacity-25 border border-<?= str_replace('bg-', '', $badge) ?>"><?= ucfirst($order['order_type']) ?></span>
</td>
<td>
<?php if ($order['table_number']): ?>
Table <?= htmlspecialchars($order['table_number']) ?>
<?php else: ?>
<?= htmlspecialchars($order['customer_name'] ?? 'Guest') ?>
<?php endif; ?>
</td>
<td class="fw-bold"><?= format_currency($order['total_amount']) ?></td>
<td>
<span class="status-badge status-<?= $order['status'] ?> badge rounded-pill">
<?= ucfirst($order['status']) ?>
</span>
</td>
<td class="text-muted small"><?= date('M d, H:i', strtotime($order['created_at'])) ?></td>
</tr>
<?php endforeach; ?>
<?php if (empty($recentOrders)): ?>
<tr><td colspan="6" class="text-center py-4 text-muted">No recent orders found.</td></tr>
<?php endif; ?>
</tbody>
</table>
</div>
</div>
<?php if (has_permission('orders_view')): ?>
<div class="card-footer bg-white text-center py-3">
<a href="orders.php" class="text-decoration-none fw-medium">View All Orders</a>
</div>
<?php endif; ?>
</div>
<?php include 'includes/footer.php'; ?>
<?php include 'includes/footer.php'; ?>

31
admin/integrations.php
View File

@ -9,6 +9,11 @@ $wablasTestResult = null;
$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!has_permission('settings_add')) {
header("Location: integrations.php?error=permission_denied");
exit;
}
$provider = $_POST['provider'] ?? '';
$action = $_POST['action'] ?? 'save';
@ -103,6 +108,10 @@ require_once __DIR__ . '/includes/header.php';
<h2 class="h3 mb-0 text-gray-800">Integrations</h2>
</div>
<?php if (isset($_GET['error']) && $_GET['error'] == 'permission_denied'): ?>
<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to perform this action.</div>
<?php endif; ?>
<?php if (isset($_GET['msg']) && $_GET['msg'] == 'saved'): ?>
<div class="alert alert-success alert-dismissible fade show" role="alert">
Settings saved successfully.
@ -129,20 +138,22 @@ require_once __DIR__ . '/includes/header.php';
<input type="hidden" name="provider" value="thawani">
<div class="mb-3">
<label class="form-label">Environment</label>
<select class="form-select" name="environment">
<select class="form-select" name="environment" <?= !has_permission('settings_add') ? 'disabled' : '' ?>>
<option value="sandbox" <?= $thawaniEnv == 'sandbox' ? 'selected' : '' ?>>Sandbox</option>
<option value="production" <?= $thawaniEnv == 'production' ? 'selected' : '' ?>>Production</option>
</select>
</div>
<div class="mb-3">
<label class="form-label">Public Key</label>
<input type="text" class="form-control" name="public_key" value="<?= htmlspecialchars($thawaniPub) ?>">
<input type="text" class="form-control" name="public_key" value="<?= htmlspecialchars($thawaniPub) ?>" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="mb-3">
<label class="form-label">Secret Key</label>
<input type="password" class="form-control" name="secret_key" value="<?= htmlspecialchars($thawaniSec) ?>">
<input type="password" class="form-control" name="secret_key" value="<?= htmlspecialchars($thawaniSec) ?>" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<?php if (has_permission('settings_add')): ?>
<button type="submit" name="action" value="save" class="btn btn-primary">Save Thawani Settings</button>
<?php endif; ?>
</form>
</div>
</div>
@ -154,7 +165,7 @@ require_once __DIR__ . '/includes/header.php';
<div class="card-header py-3 d-flex flex-row align-items-center justify-content-between">
<h6 class="m-0 fw-bold text-success">Wablas WhatsApp</h6>
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" name="is_enabled" id="is_enabled_switch" form="wablas_form" value="1" <?= $wablasEnabled === '1' ? 'checked' : '' ?>>
<input class="form-check-input" type="checkbox" name="is_enabled" id="is_enabled_switch" form="wablas_form" value="1" <?= $wablasEnabled === '1' ? 'checked' : '' ?> <?= !has_permission('settings_add') ? 'disabled' : '' ?>>
<label class="form-check-label" for="is_enabled_switch">Enabled</label>
</div>
</div>
@ -165,20 +176,20 @@ require_once __DIR__ . '/includes/header.php';
<!-- Also keep a hidden input to send '0' if checkbox is unchecked (handled in PHP POST block too) -->
<div class="mb-3">
<label class="form-label">Domain</label>
<input type="text" class="form-control" name="domain" placeholder="https://..." value="<?= htmlspecialchars($wablasDom) ?>">
<input type="text" class="form-control" name="domain" placeholder="https://..." value="<?= htmlspecialchars($wablasDom) ?>" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="mb-3">
<label class="form-label">Token</label>
<input type="password" class="form-control" name="token" value="<?= htmlspecialchars($wablasTok) ?>">
<input type="password" class="form-control" name="token" value="<?= htmlspecialchars($wablasTok) ?>" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="mb-3">
<label class="form-label">Secret Key</label>
<input type="password" class="form-control" name="secret_key" value="<?= htmlspecialchars($wablasSecKey) ?>">
<input type="password" class="form-control" name="secret_key" value="<?= htmlspecialchars($wablasSecKey) ?>" <?= !has_permission('settings_add') ? 'readonly' : '' ?>>
</div>
<div class="mb-3">
<label class="form-label">Order Notification Template</label>
<textarea class="form-control font-monospace" name="order_template" rows="8"><?= htmlspecialchars($wablasTemplate) ?></textarea>
<textarea class="form-control font-monospace" name="order_template" rows="8" <?= !has_permission('settings_add') ? 'readonly' : '' ?>><?= htmlspecialchars($wablasTemplate) ?></textarea>
<div class="form-text mt-2">
<strong>Available Variables:</strong><br>
<code>{customer_name}</code>, <code>{company_name}</code>, <code>{order_id}</code>,
@ -187,6 +198,7 @@ require_once __DIR__ . '/includes/header.php';
</div>
</div>
<?php if (has_permission('settings_add')): ?>
<div class="mb-3 border-top pt-3">
<label class="form-label text-muted small">Test Configuration</label>
<div class="input-group">
@ -199,6 +211,7 @@ require_once __DIR__ . '/includes/header.php';
<div class="d-flex justify-content-end">
<button type="submit" name="action" value="save" class="btn btn-success">Save Settings</button>
</div>
<?php endif; ?>
</form>
</div>
</div>
@ -206,4 +219,4 @@ require_once __DIR__ . '/includes/header.php';
</div>
</div>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
<?php require_once __DIR__ . '/includes/header.php'; ?>

33
admin/loyalty.php
View File

@ -4,16 +4,22 @@ require_permission("loyalty_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$message = '';
// Handle Settings Update
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_settings'])) {
$points_per_order = intval($_POST['points_per_order']);
$points_for_free_meal = intval($_POST['points_for_free_meal']);
$is_enabled = isset($_POST['is_enabled']) ? 1 : 0;
$stmt = $pdo->prepare("UPDATE loyalty_settings SET points_per_order = ?, points_for_free_meal = ?, is_enabled = ? WHERE id = 1");
$stmt->execute([$points_per_order, $points_for_free_meal, $is_enabled]);
$success_msg = "Loyalty settings updated successfully!";
if (!has_permission('loyalty_add')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to update loyalty settings.</div>';
} else {
$points_per_order = intval($_POST['points_per_order']);
$points_for_free_meal = intval($_POST['points_for_free_meal']);
$is_enabled = isset($_POST['is_enabled']) ? 1 : 0;
$stmt = $pdo->prepare("UPDATE loyalty_settings SET points_per_order = ?, points_for_free_meal = ?, is_enabled = ? WHERE id = 1");
$stmt->execute([$points_per_order, $points_for_free_meal, $is_enabled]);
$message = '<div class="alert alert-success">Loyalty settings updated successfully!</div>';
}
}
// Fetch Settings
@ -50,17 +56,14 @@ include 'includes/header.php';
<span class="badge bg-danger-subtle text-danger border border-danger-subtle px-3">Disabled</span>
<?php endif; ?>
</div>
<?php if (has_permission('loyalty_add')): ?>
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#settingsModal">
<i class="bi bi-gear-fill me-2"></i> Configure Settings
</button>
<?php endif; ?>
</div>
<?php if (isset($success_msg)): ?>
<div class="alert alert-success alert-dismissible fade show" role="alert">
<?= htmlspecialchars($success_msg) ?>
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
<?php endif; ?>
<?= $message ?>
<div class="row mb-4">
<div class="col-md-6 col-lg-4">
@ -167,6 +170,7 @@ include 'includes/header.php';
</div>
<!-- Settings Modal -->
<?php if (has_permission('loyalty_add')): ?>
<div class="modal fade" id="settingsModal" tabindex="-1">
<div class="modal-dialog">
<form method="POST" class="modal-content">
@ -203,5 +207,6 @@ include 'includes/header.php';
</form>
</div>
</div>
<?php endif; ?>
<?php include 'includes/footer.php'; ?>

166
admin/order_edit.php Normal file
View File

@ -0,0 +1,166 @@
<?php
declare(strict_types=1);
require_once __DIR__ . '/../db/config.php';
require_once __DIR__ . '/../includes/functions.php';
$pdo = db();
require_permission('orders_add');
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
if (!$id) {
header("Location: orders.php");
exit;
}
$message = '';
// Handle Form Submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$status = $_POST['status'];
$outlet_id = (int)$_POST['outlet_id'];
$customer_id = !empty($_POST['customer_id']) ? (int)$_POST['customer_id'] : null;
$order_type = $_POST['order_type'];
$table_number = $_POST['table_number'];
$notes = $_POST['notes'];
$stmt = $pdo->prepare("UPDATE orders SET
status = ?,
outlet_id = ?,
customer_id = ?,
order_type = ?,
table_number = ?,
notes = ?,
updated_at = CURRENT_TIMESTAMP
WHERE id = ?");
if ($stmt->execute([$status, $outlet_id, $customer_id, $order_type, $table_number, $notes, $id])) {
$message = '<div class="alert alert-success border-0 shadow-sm rounded-3"><i class="bi bi-check-circle-fill me-2"></i>Order updated successfully!</div>';
// Redirect back after short delay or via header
header("Refresh: 2; url=order_view.php?id=$id");
} else {
$message = '<div class="alert alert-danger border-0 shadow-sm rounded-3"><i class="bi bi-exclamation-triangle-fill me-2"></i>Error updating order.</div>';
}
}
// Fetch Order Details
$stmt = $pdo->prepare("SELECT * FROM orders WHERE id = ?");
$stmt->execute([$id]);
$order = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$order) {
die("Order not found.");
}
// Fetch Outlets
$outlets = $pdo->query("SELECT id, name FROM outlets ORDER BY name")->fetchAll(PDO::FETCH_ASSOC);
// Fetch Customers
$customers = $pdo->query("SELECT id, name FROM customers ORDER BY name")->fetchAll(PDO::FETCH_ASSOC);
include 'includes/header.php';
?>
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="fw-bold mb-0">Edit Order #<?= $order['id'] ?></h2>
<div class="d-flex gap-2">
<a href="order_view.php?id=<?= $id ?>" class="btn btn-outline-secondary">
<i class="bi bi-arrow-left"></i> Cancel
</a>
<a href="orders.php" class="btn btn-light border">
<i class="bi bi-list"></i> Back to List
</a>
</div>
</div>
<?= $message ?>
<div class="row">
<div class="col-md-8">
<div class="card border-0 shadow-sm">
<div class="card-body">
<form method="POST">
<div class="row g-3 mb-4">
<div class="col-md-6">
<label class="form-label small fw-bold text-muted text-uppercase">Order Status</label>
<select name="status" class="form-select form-select-lg" required>
<option value="pending" <?= $order['status'] === 'pending' ? 'selected' : '' ?>>Pending</option>
<option value="preparing" <?= $order['status'] === 'preparing' ? 'selected' : '' ?>>Preparing</option>
<option value="ready" <?= $order['status'] === 'ready' ? 'selected' : '' ?>>Ready</option>
<option value="completed" <?= $order['status'] === 'completed' ? 'selected' : '' ?>>Completed</option>
<option value="cancelled" <?= $order['status'] === 'cancelled' ? 'selected' : '' ?>>Cancelled</option>
</select>
</div>
<div class="col-md-6">
<label class="form-label small fw-bold text-muted text-uppercase">Outlet</label>
<select name="outlet_id" class="form-select form-select-lg" required>
<?php foreach ($outlets as $outlet): ?>
<option value="<?= $outlet['id'] ?>" <?= $order['outlet_id'] == $outlet['id'] ? 'selected' : '' ?>>
<?= htmlspecialchars($outlet['name']) ?>
</option>
<?php endforeach; ?>
</select>
</div>
</div>
<div class="row g-3 mb-4">
<div class="col-md-6">
<label class="form-label small fw-bold text-muted text-uppercase">Order Type</label>
<select name="order_type" class="form-select" required>
<option value="dine-in" <?= $order['order_type'] === 'dine-in' ? 'selected' : '' ?>>Dine-In</option>
<option value="takeaway" <?= $order['order_type'] === 'takeaway' ? 'selected' : '' ?>>Takeaway</option>
<option value="delivery" <?= $order['order_type'] === 'delivery' ? 'selected' : '' ?>>Delivery</option>
<option value="drive-thru" <?= $order['order_type'] === 'drive-thru' ? 'selected' : '' ?>>Drive-Thru</option>
</select>
</div>
<div class="col-md-6">
<label class="form-label small fw-bold text-muted text-uppercase">Table Number</label>
<input type="text" name="table_number" class="form-control" value="<?= htmlspecialchars((string)($order['table_number'] ?? '')) ?>" placeholder="e.g. 5">
</div>
</div>
<div class="mb-4">
<label class="form-label small fw-bold text-muted text-uppercase">Customer</label>
<select name="customer_id" class="form-select">
<option value="">Guest (None)</option>
<?php foreach ($customers as $customer): ?>
<option value="<?= $customer['id'] ?>" <?= $order['customer_id'] == $customer['id'] ? 'selected' : '' ?>>
<?= htmlspecialchars($customer['name']) ?>
</option>
<?php endforeach; ?>
</select>
</div>
<div class="mb-4">
<label class="form-label small fw-bold text-muted text-uppercase">Order Notes</label>
<textarea name="notes" class="form-control" rows="4" placeholder="Add any special instructions or notes..."><?= htmlspecialchars((string)($order['notes'] ?? '')) ?></textarea>
</div>
<div class="d-flex justify-content-end gap-2 border-top pt-4 mt-4">
<a href="order_view.php?id=<?= $id ?>" class="btn btn-light rounded-pill px-4">Discard Changes</a>
<button type="submit" class="btn btn-primary rounded-pill px-4">Update Order Details</button>
</div>
</form>
</div>
</div>
</div>
<div class="col-md-4">
<div class="card border-0 shadow-sm bg-light">
<div class="card-body">
<h6 class="fw-bold mb-3"><i class="bi bi-info-circle me-2"></i>Editing Order Information</h6>
<p class="small text-muted mb-3">Updating the status here will immediately reflect across all systems (Kitchen, POS, Admin).</p>
<div class="alert alert-warning border-0 small py-2 px-3">
<i class="bi bi-exclamation-triangle-fill me-1"></i> Changes to items should be handled via the POS system or directly in the database.
</div>
<div class="mt-4 pt-4 border-top">
<p class="small text-muted mb-1 text-uppercase fw-bold">Order Created</p>
<p class="mb-3"><?= date('M d, Y H:i:s', strtotime($order['created_at'])) ?></p>
<p class="small text-muted mb-1 text-uppercase fw-bold">Last Updated</p>
<p class="mb-0"><?= $order['updated_at'] ? date('M d, Y H:i:s', strtotime($order['updated_at'])) : 'Never' ?></p>
</div>
</div>
</div>
</div>
</div>
<?php include 'includes/footer.php'; ?>

225
admin/order_view.php Normal file
View File

@ -0,0 +1,225 @@
<?php
declare(strict_types=1);
require_once __DIR__ . '/../db/config.php';
require_once __DIR__ . '/../includes/functions.php';
$pdo = db();
require_permission('orders_view');
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
if (!$id) {
header("Location: orders.php");
exit;
}
// Fetch Order Details
$stmt = $pdo->prepare("SELECT o.*, ot.name as outlet_name, pt.name as payment_type_name,
c.name as customer_name, c.phone as customer_phone, c.email as customer_email,
u.username as created_by_username
FROM orders o
LEFT JOIN outlets ot ON o.outlet_id = ot.id
LEFT JOIN payment_types pt ON o.payment_type_id = pt.id
LEFT JOIN customers c ON o.customer_id = c.id
LEFT JOIN users u ON o.user_id = u.id
WHERE o.id = ?");
$stmt->execute([$id]);
$order = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$order) {
die("Order not found.");
}
// Fetch Order Items
$stmt = $pdo->prepare("SELECT oi.*, p.name as product_name, pv.name as variant_name
FROM order_items oi
JOIN products p ON oi.product_id = p.id
LEFT JOIN product_variants pv ON oi.variant_id = pv.id
WHERE oi.order_id = ?");
$stmt->execute([$id]);
$items = $stmt->fetchAll(PDO::FETCH_ASSOC);
include 'includes/header.php';
// Calculate subtotal from items to be sure
$subtotal = 0;
foreach ($items as $item) {
$subtotal += $item['unit_price'] * $item['quantity'];
}
?>
<div class="d-flex justify-content-between align-items-center mb-4">
<div>
<h2 class="fw-bold mb-0">Order #<?= $order['id'] ?></h2>
<p class="text-muted mb-0">Placed on <?= date('M d, Y H:i', strtotime($order['created_at'])) ?></p>
</div>
<div class="d-flex gap-2">
<a href="orders.php" class="btn btn-outline-secondary">
<i class="bi bi-arrow-left"></i> Back to List
</a>
<button onclick="window.print()" class="btn btn-light border">
<i class="bi bi-printer"></i> Print Receipt
</button>
<?php if (has_permission('orders_add')): ?>
<a href="order_edit.php?id=<?= $order['id'] ?>" class="btn btn-primary">
<i class="bi bi-pencil"></i> Edit Order
</a>
<?php endif; ?>
</div>
</div>
<div class="row">
<div class="col-md-8">
<!-- Order Items -->
<div class="card border-0 shadow-sm mb-4">
<div class="card-header bg-white py-3">
<h5 class="card-title mb-0 fw-bold">Order Items</h5>
</div>
<div class="card-body p-0">
<div class="table-responsive">
<table class="table align-middle mb-0">
<thead class="bg-light text-muted small text-uppercase">
<tr>
<th class="ps-4">Product</th>
<th class="text-center">Price</th>
<th class="text-center">Qty</th>
<th class="text-end pe-4">Total</th>
</tr>
</thead>
<tbody>
<?php foreach ($items as $item): ?>
<tr>
<td class="ps-4">
<div class="fw-bold text-dark"><?= htmlspecialchars($item['product_name']) ?></div>
<?php if ($item['variant_name']): ?>
<small class="text-muted">Variant: <?= htmlspecialchars($item['variant_name']) ?></small>
<?php endif; ?>
</td>
<td class="text-center"><?= format_currency($item['unit_price']) ?></td>
<td class="text-center"><?= $item['quantity'] ?></td>
<td class="text-end pe-4 fw-bold"><?= format_currency($item['unit_price'] * $item['quantity']) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
<tfoot class="bg-light">
<tr>
<td colspan="3" class="text-end py-3 ps-4">
<div class="text-muted mb-1">Subtotal</div>
<?php if ($order['discount'] > 0): ?>
<div class="text-muted mb-1">Discount</div>
<?php endif; ?>
<div class="text-muted mb-1">VAT / Tax</div>
<h5 class="fw-bold mb-0 text-dark">Total Amount</h5>
</td>
<td class="text-end py-3 pe-4">
<div class="mb-1"><?= format_currency($subtotal) ?></div>
<?php if ($order['discount'] > 0): ?>
<div class="mb-1 text-danger">-<?= format_currency($order['discount']) ?></div>
<?php endif; ?>
<div class="mb-1"><?= format_currency(0) ?></div>
<h5 class="fw-bold mb-0 text-primary"><?= format_currency($order['total_amount']) ?></h5>
</td>
</tr>
</tfoot>
</table>
</div>
</div>
</div>
<!-- Additional Info -->
<div class="card border-0 shadow-sm">
<div class="card-body">
<h5 class="fw-bold mb-3">Internal Notes</h5>
<p class="text-muted"><?= htmlspecialchars($order['notes'] ?? 'No notes provided for this order.') ?></p>
</div>
</div>
</div>
<div class="col-md-4">
<!-- Status & Payment -->
<div class="card border-0 shadow-sm mb-4">
<div class="card-body">
<h6 class="text-muted small text-uppercase fw-bold mb-3">Order Status</h6>
<div class="d-flex align-items-center mb-4">
<span class="badge rounded-pill fs-6 px-3 py-2 status-<?= $order['status'] ?>">
<?= ucfirst($order['status']) ?>
</span>
<span class="ms-3 text-muted small">Last updated: <?= date('M d, H:i', strtotime($order['updated_at'] ?? $order['created_at'])) ?></span>
</div>
<hr>
<h6 class="text-muted small text-uppercase fw-bold mb-3 mt-4">Payment Information</h6>
<div class="d-flex justify-content-between mb-2">
<span class="text-muted">Method:</span>
<span class="fw-bold text-dark"><?= htmlspecialchars($order['payment_type_name'] ?? 'Unpaid') ?></span>
</div>
<div class="d-flex justify-content-between">
<span class="text-muted">Status:</span>
<span class="badge bg-success bg-opacity-10 text-success border border-success">Paid</span>
</div>
</div>
</div>
<!-- Order Details -->
<div class="card border-0 shadow-sm mb-4">
<div class="card-body">
<h6 class="text-muted small text-uppercase fw-bold mb-3">Order Details</h6>
<div class="mb-3">
<label class="text-muted small d-block">Outlet</label>
<div class="fw-bold"><?= htmlspecialchars($order['outlet_name'] ?? 'N/A') ?></div>
</div>
<div class="mb-3">
<label class="text-muted small d-block">Order Type</label>
<div class="fw-bold"><?= ucfirst($order['order_type']) ?></div>
</div>
<?php if ($order['order_type'] === 'dine-in'): ?>
<div class="mb-3">
<label class="text-muted small d-block">Table Number</label>
<div class="fw-bold">Table <?= htmlspecialchars((string)$order['table_number']) ?></div>
</div>
<?php endif; ?>
<div class="mb-0">
<label class="text-muted small d-block">Processed By</label>
<div class="fw-bold"><?= htmlspecialchars($order['created_by_username'] ?? 'System') ?></div>
</div>
</div>
</div>
<!-- Customer Info -->
<div class="card border-0 shadow-sm">
<div class="card-body">
<h6 class="text-muted small text-uppercase fw-bold mb-3">Customer Information</h6>
<?php if ($order['customer_name']): ?>
<div class="d-flex align-items-center mb-3">
<div class="bg-primary bg-opacity-10 text-primary p-2 rounded-circle me-3">
<i class="bi bi-person fs-4"></i>
</div>
<div>
<div class="fw-bold"><?= htmlspecialchars($order['customer_name']) ?></div>
<small class="text-muted">Customer ID: #<?= $order['customer_id'] ?></small>
</div>
</div>
<?php if ($order['customer_phone']): ?>
<div class="mb-2">
<i class="bi bi-telephone text-muted me-2"></i>
<a href="tel:<?= $order['customer_phone'] ?>" class="text-decoration-none text-dark"><?= htmlspecialchars($order['customer_phone'] ?? '') ?></a>
</div>
<?php endif; ?>
<?php if ($order['customer_email']): ?>
<div class="mb-0">
<i class="bi bi-envelope text-muted me-2"></i>
<a href="mailto:<?= $order['customer_email'] ?>" class="text-decoration-none text-dark"><?= htmlspecialchars($order['customer_email'] ?? '') ?></a>
</div>
<?php endif; ?>
<?php else: ?>
<div class="text-center py-3">
<i class="bi bi-person-x fs-1 text-muted opacity-25"></i>
<p class="text-muted small mb-0 mt-2">No customer attached to this order (Guest)</p>
</div>
<?php endif; ?>
</div>
</div>
</div>
</div>
<?php include 'includes/footer.php'; ?>

114
admin/orders.php
View File

@ -33,6 +33,26 @@ if (isset($_POST['action']) && $_POST['action'] === 'stop_promotions') {
exit;
}
// Handle Delete Order
if (isset($_GET['delete'])) {
if (!has_permission('manage_orders')) {
header("Location: orders.php?error=permission_denied");
exit;
}
$id = (int)$_GET['delete'];
$pdo->beginTransaction();
try {
$pdo->prepare("DELETE FROM order_items WHERE order_id = ?")->execute([$id]);
$pdo->prepare("DELETE FROM orders WHERE id = ?")->execute([$id]);
$pdo->commit();
header("Location: orders.php?success=order_deleted");
} catch (Exception $e) {
$pdo->rollBack();
header("Location: orders.php?error=delete_failed");
}
exit;
}
// Fetch Outlets for Filter
$outlets = $pdo->query("SELECT id, name FROM outlets ORDER BY name")->fetchAll(PDO::FETCH_ASSOC);
@ -107,14 +127,24 @@ include 'includes/header.php';
</div>
</div>
<?php if (isset($_GET['error']) && $_GET['error'] === 'permission_denied'): ?>
<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to perform this action.</div>
<?php if (isset($_GET['error'])): ?>
<?php if ($_GET['error'] === 'permission_denied'): ?>
<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to perform this action.</div>
<?php elseif ($_GET['error'] === 'delete_failed'): ?>
<div class="alert alert-danger border-0 shadow-sm rounded-3">Error: Failed to delete order.</div>
<?php endif; ?>
<?php endif; ?>
<?php if (isset($_GET['success']) && $_GET['success'] === 'promotions_stopped'): ?>
<div class="alert alert-success border-0 shadow-sm rounded-3">
<i class="bi bi-check-circle-fill me-2"></i> All running promotions have been stopped successfully.
</div>
<?php if (isset($_GET['success'])): ?>
<?php if ($_GET['success'] === 'promotions_stopped'): ?>
<div class="alert alert-success border-0 shadow-sm rounded-3">
<i class="bi bi-check-circle-fill me-2"></i> All running promotions have been stopped successfully.
</div>
<?php elseif ($_GET['success'] === 'order_deleted'): ?>
<div class="alert alert-success border-0 shadow-sm rounded-3">
<i class="bi bi-check-circle-fill me-2"></i> Order has been deleted successfully.
</div>
<?php endif; ?>
<?php endif; ?>
<!-- Summary Stats -->
@ -231,7 +261,7 @@ include 'includes/header.php';
<th>Payment</th>
<th>Status</th>
<th>Time</th>
<th>Action</th>
<th class="text-end pe-4">Actions</th>
</tr>
</thead>
<tbody>
@ -299,34 +329,50 @@ include 'includes/header.php';
<div><?= date('M d', strtotime($order['created_at'])) ?></div>
<div><?= date('H:i', strtotime($order['created_at'])) ?></div>
</td>
<td>
<?php if (has_permission('orders_add')): ?>
<form method="POST" class="d-flex gap-2">
<input type="hidden" name="order_id" value="<?= $order['id'] ?>">
<input type="hidden" name="action" value="update_status">
<?php if ($order['status'] === 'pending'): ?>
<button type="submit" name="status" value="preparing" class="btn btn-sm btn-primary">
<i class="bi bi-play-fill"></i> Start
</button>
<button type="submit" name="status" value="cancelled" class="btn btn-sm btn-outline-danger">
<i class="bi bi-x"></i>
</button>
<?php elseif ($order['status'] === 'preparing'): ?>
<button type="submit" name="status" value="ready" class="btn btn-sm btn-warning text-dark">
<i class="bi bi-check-circle"></i> Ready
</button>
<?php elseif ($order['status'] === 'ready'): ?>
<button type="submit" name="status" value="completed" class="btn btn-sm btn-success">
<i class="bi bi-check-all"></i> Complete
</button>
<?php else: ?>
<span class="text-muted small">-</span>
<td class="text-end pe-4">
<div class="d-flex gap-2 justify-content-end align-items-center">
<!-- Status Workflow Buttons -->
<?php if (has_permission('orders_add')): ?>
<form method="POST" class="d-flex gap-1 me-2 border-end pe-2">
<input type="hidden" name="order_id" value="<?= $order['id'] ?>">
<input type="hidden" name="action" value="update_status">
<?php if ($order['status'] === 'pending'): ?>
<button type="submit" name="status" value="preparing" class="btn btn-sm btn-primary py-0 px-1" title="Start Preparing">
<i class="bi bi-play-fill"></i>
</button>
<button type="submit" name="status" value="cancelled" class="btn btn-sm btn-outline-danger py-0 px-1" title="Cancel Order">
<i class="bi bi-x"></i>
</button>
<?php elseif ($order['status'] === 'preparing'): ?>
<button type="submit" name="status" value="ready" class="btn btn-sm btn-warning text-dark py-0 px-1" title="Mark Ready">
<i class="bi bi-check-circle"></i>
</button>
<?php elseif ($order['status'] === 'ready'): ?>
<button type="submit" name="status" value="completed" class="btn btn-sm btn-success py-0 px-1" title="Complete Order">
<i class="bi bi-check-all"></i>
</button>
<?php endif; ?>
</form>
<?php endif; ?>
</form>
<?php else: ?>
<span class="text-muted small">View Only</span>
<?php endif; ?>
<!-- Standard Actions -->
<a href="order_view.php?id=<?= $order['id'] ?>" class="btn-icon-soft" title="View Order">
<i class="bi bi-eye-fill"></i>
</a>
<?php if (has_permission('orders_add')): ?>
<a href="order_edit.php?id=<?= $order['id'] ?>" class="btn-icon-soft edit" title="Edit Order">
<i class="bi bi-pencil-fill"></i>
</a>
<?php endif; ?>
<?php if (has_permission('manage_orders')): ?>
<a href="?delete=<?= $order['id'] ?>" class="btn-icon-soft delete" onclick="return confirm('Are you sure you want to delete this order? This action cannot be undone.')" title="Delete Order">
<i class="bi bi-trash-fill"></i>
</a>
<?php endif; ?>
</div>
</td>
</tr>
<?php endforeach; ?>

37
admin/outlets.php
View File

@ -4,17 +4,27 @@ require_permission("outlets_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
if (isset($_POST['action']) && $_POST['action'] === 'add_outlet') {
$stmt = $pdo->prepare("INSERT INTO outlets (name, address) VALUES (?, ?)");
$stmt->execute([$_POST['name'], $_POST['address']]);
header("Location: outlets.php");
exit;
$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_outlet') {
if (!has_permission('outlets_add')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to add outlets.</div>';
} else {
$stmt = $pdo->prepare("INSERT INTO outlets (name, address) VALUES (?, ?)");
$stmt->execute([$_POST['name'], $_POST['address']]);
header("Location: outlets.php");
exit;
}
}
if (isset($_GET['delete'])) {
$pdo->prepare("DELETE FROM outlets WHERE id = ?")->execute([$_GET['delete']]);
header("Location: outlets.php");
exit;
if (!has_permission('outlets_del')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete outlets.</div>';
} else {
$pdo->prepare("DELETE FROM outlets WHERE id = ?")->execute([$_GET['delete']]);
header("Location: outlets.php");
exit;
}
}
$query = "SELECT * FROM outlets ORDER BY id DESC";
@ -26,11 +36,15 @@ include 'includes/header.php';
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="fw-bold mb-0">Outlets</h2>
<?php if (has_permission('outlets_add')): ?>
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addOutletModal">
<i class="bi bi-plus-lg"></i> Add Outlet
</button>
<?php endif; ?>
</div>
<?= $message ?>
<div class="card border-0 shadow-sm">
<div class="card-body p-0">
<!-- Pagination Controls -->
@ -54,8 +68,13 @@ include 'includes/header.php';
<td class="fw-bold"><?= htmlspecialchars($outlet['name']) ?></td>
<td><small class="text-muted"><?= htmlspecialchars($outlet['address']) ?></small></td>
<td>
<?php if (has_permission('outlets_add')): ?>
<a href="outlet_edit.php?id=<?= $outlet['id'] ?>" class="btn btn-sm btn-outline-secondary me-1"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('outlets_del')): ?>
<a href="?delete=<?= $outlet['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this outlet?')"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
@ -70,6 +89,7 @@ include 'includes/header.php';
</div>
<!-- Add Outlet Modal -->
<?php if (has_permission('outlets_add')): ?>
<div class="modal fade" id="addOutletModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
@ -97,5 +117,6 @@ include 'includes/header.php';
</div>
</div>
</div>
<?php endif; ?>
<?php include 'includes/footer.php'; ?>

23
admin/payment_types.php
View File

@ -4,12 +4,18 @@ require_permission("payment_types_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$message = '';
// Handle Delete
if (isset($_GET['delete_id'])) {
$stmt = $pdo->prepare("DELETE FROM payment_types WHERE id = ?");
$stmt->execute([$_GET['delete_id']]);
header("Location: payment_types.php?msg=deleted");
exit;
if (!has_permission('payment_types_del')) {
$message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete payment types.</div>';
} else {
$stmt = $pdo->prepare("DELETE FROM payment_types WHERE id = ?");
$stmt->execute([$_GET['delete_id']]);
header("Location: payment_types.php?msg=deleted");
exit;
}
}
// Fetch Payment Types
@ -22,11 +28,15 @@ require_once __DIR__ . '/includes/header.php';
<div class="container-fluid">
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="h3 mb-0 text-gray-800">Payment Types</h2>
<?php if (has_permission('payment_types_add')): ?>
<a href="payment_type_edit.php" class="btn btn-primary">
<i class="bi bi-plus-lg me-2"></i>Add Payment Type
</a>
<?php endif; ?>
</div>
<?= $message ?>
<?php if (isset($_GET['msg']) && $_GET['msg'] == 'deleted'): ?>
<div class="alert alert-success alert-dismissible fade show" role="alert">
Payment Type deleted successfully.
@ -68,14 +78,19 @@ require_once __DIR__ . '/includes/header.php';
<?php endif; ?>
</td>
<td class="text-end">
<?php if (has_permission('payment_types_add')): ?>
<a href="payment_type_edit.php?id=<?= $pt['id'] ?>" class="btn btn-sm btn-outline-primary me-1">
<i class="bi bi-pencil"></i>
</a>
<?php endif; ?>
<?php if (has_permission('payment_types_del')): ?>
<a href="payment_types.php?delete_id=<?= $pt['id'] ?>"
class="btn btn-sm btn-outline-danger"
onclick="return confirm('Are you sure you want to delete this payment type?');">
<i class="bi bi-trash"></i>
</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>

47
admin/suppliers.php
View File

@ -8,27 +8,35 @@ $message = '';
// Handle Add Supplier
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_supplier') {
$name = $_POST['name'];
$contact_person = $_POST['contact_person'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$vat_no = $_POST['vat_no'];
$stmt = $pdo->prepare("INSERT INTO suppliers (name, contact_person, email, phone, address, vat_no) VALUES (?, ?, ?, ?, ?, ?)");
if ($stmt->execute([$name, $contact_person, $email, $phone, $address, $vat_no])) {
$message = '<div class="alert alert-success">Supplier added successfully!</div>';
if (!has_permission('suppliers_add')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to add suppliers.</div>';
} else {
$message = '<div class="alert alert-danger">Error adding supplier.</div>';
$name = $_POST['name'];
$contact_person = $_POST['contact_person'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$vat_no = $_POST['vat_no'];
$stmt = $pdo->prepare("INSERT INTO suppliers (name, contact_person, email, phone, address, vat_no) VALUES (?, ?, ?, ?, ?, ?)");
if ($stmt->execute([$name, $contact_person, $email, $phone, $address, $vat_no])) {
$message = '<div class="alert alert-success">Supplier added successfully!</div>';
} else {
$message = '<div class="alert alert-danger">Error adding supplier.</div>';
}
}
}
// Handle Delete
if (isset($_GET['delete'])) {
$id = $_GET['delete'];
$pdo->prepare("DELETE FROM suppliers WHERE id = ?")->execute([$id]);
header("Location: suppliers.php");
exit;
if (!has_permission('suppliers_del')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete suppliers.</div>';
} else {
$id = $_GET['delete'];
$pdo->prepare("DELETE FROM suppliers WHERE id = ?")->execute([$id]);
header("Location: suppliers.php");
exit;
}
}
// Fetch Suppliers
@ -41,9 +49,11 @@ include 'includes/header.php';
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="fw-bold mb-0">Suppliers</h2>
<?php if (has_permission('suppliers_add')): ?>
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addSupplierModal">
<i class="bi bi-plus-lg"></i> Add Supplier
</button>
<?php endif; ?>
</div>
<?= $message ?>
@ -77,8 +87,13 @@ include 'includes/header.php';
<td><span class="badge bg-light text-dark border"><?= htmlspecialchars($supplier['vat_no']) ?></span></td>
<td>
<div class="btn-group">
<?php if (has_permission('suppliers_add')): ?>
<a href="supplier_edit.php?id=<?= $supplier['id'] ?>" class="btn btn-sm btn-outline-primary" title="Edit Supplier"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('suppliers_del')): ?>
<a href="?delete=<?= $supplier['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure?')" title="Delete"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</div>
</td>
</tr>
@ -99,6 +114,7 @@ include 'includes/header.php';
</div>
<!-- Add Supplier Modal -->
<?php if (has_permission('suppliers_add')): ?>
<div class="modal fade" id="addSupplierModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
@ -144,5 +160,6 @@ include 'includes/header.php';
</div>
</div>
</div>
<?php endif; ?>
<?php include 'includes/footer.php'; ?>

35
admin/tables.php
View File

@ -4,17 +4,27 @@ require_permission("tables_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$message = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_table') {
$stmt = $pdo->prepare("INSERT INTO tables (area_id, name, capacity) VALUES (?, ?, ?)");
$stmt->execute([$_POST['area_id'], $_POST['name'], $_POST['capacity']]);
header("Location: tables.php");
exit;
if (!has_permission('tables_add')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to add tables.</div>';
} else {
$stmt = $pdo->prepare("INSERT INTO tables (area_id, name, capacity) VALUES (?, ?, ?)");
$stmt->execute([$_POST['area_id'], $_POST['name'], $_POST['capacity']]);
header("Location: tables.php");
exit;
}
}
if (isset($_GET['delete'])) {
$pdo->prepare("DELETE FROM tables WHERE id = ?")->execute([$_GET['delete']]);
header("Location: tables.php");
exit;
if (!has_permission('tables_del')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete tables.</div>';
} else {
$pdo->prepare("DELETE FROM tables WHERE id = ?")->execute([$_GET['delete']]);
header("Location: tables.php");
exit;
}
}
// Fetch tables with area and outlet names
@ -47,11 +57,15 @@ $baseUrl = $protocol . $host . ($dir === '/' ? '' : $dir) . '/qorder.php';
<div class="d-flex justify-content-between align-items-center mb-4">
<h2 class="fw-bold mb-0">Tables</h2>
<?php if (has_permission('tables_add')): ?>
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addTableModal">
<i class="bi bi-plus-lg"></i> Add Table
</button>
<?php endif; ?>
</div>
<?= $message ?>
<div class="card border-0 shadow-sm">
<div class="card-body p-0">
<!-- Pagination Controls -->
@ -87,8 +101,13 @@ $baseUrl = $protocol . $host . ($dir === '/' ? '' : $dir) . '/qorder.php';
title="View QR Code">
<i class="bi bi-qr-code me-1"></i> QR
</button>
<?php if (has_permission('tables_add')): ?>
<a href="table_edit.php?id=<?= $table['id'] ?>" class="btn btn-sm btn-outline-primary me-1" title="Edit"><i class="bi bi-pencil"></i></a>
<?php endif; ?>
<?php if (has_permission('tables_del')): ?>
<a href="?delete=<?= $table['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this table?')" title="Delete"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
@ -108,6 +127,7 @@ $baseUrl = $protocol . $host . ($dir === '/' ? '' : $dir) . '/qorder.php';
</div>
<!-- Add Table Modal -->
<?php if (has_permission('tables_add')): ?>
<div class="modal fade" id="addTableModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
@ -144,6 +164,7 @@ $baseUrl = $protocol . $host . ($dir === '/' ? '' : $dir) . '/qorder.php';
</div>
</div>
</div>
<?php endif; ?>
<!-- QR Code Modal -->
<div class="modal fade" id="qrModal" tabindex="-1">