Access Denied: You do not have permission to add customers.';
} else {
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$stmt = $pdo->prepare("INSERT INTO customers (name, email, phone, address) VALUES (?, ?, ?, ?)");
if ($stmt->execute([$name, $email, $phone, $address])) {
$message = 'Customer added successfully!
';
} else {
$message = 'Error adding customer.
';
}
}
} elseif ($_POST['action'] === 'edit_customer') {
if (!has_permission('customers_add')) { // Use customers_add for editing as well
$message = 'Access Denied: You do not have permission to edit customers.
';
} else {
$id = $_POST['id'];
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$stmt = $pdo->prepare("UPDATE customers SET name = ?, email = ?, phone = ?, address = ? WHERE id = ?");
if ($stmt->execute([$name, $email, $phone, $address, $id])) {
$message = 'Customer updated successfully!
';
} else {
$message = 'Error updating customer.
';
}
}
}
}
// Handle Delete
if (isset($_GET['delete'])) {
if (!has_permission('customers_del')) {
$message = 'Access Denied: You do not have permission to delete customers.
';
} else {
$id = $_GET['delete'];
$pdo->prepare("DELETE FROM customers WHERE id = ?")->execute([$id]);
header("Location: customers.php");
exit;
}
}
// Fetch Customers
$query = "SELECT * FROM customers ORDER BY id DESC";
$customers_pagination = paginate_query($pdo, $query);
$customers = $customers_pagination['data'];
include 'includes/header.php';
?>
Customers
| Name |
Email |
Phone |
Address |
Redemptions |
Actions |
|
|
|
... |
|
|
| No customers found. |