-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathship.php
145 lines (120 loc) · 3.98 KB
/
ship.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?php
/**
* Created by PhpStorm.
* User: Charles
* Date: 11/22/13
* Time: 1:59 PM
*/
$shipActive = 'class="active"';
include_once 'header.php';
$error = "";
if (isset($_POST['order']))
{
$toyArray = array();
$quantityArray = array();
$orderID = sanitizeString($_POST['order']);
$query = "SELECT c.toyGameID, c.quantity, i.stockCount, i.name FROM contains c INNER JOIN inventory i ON c.toyGameID = i.toyGameID WHERE orderID = $orderID";
$result = queryMysql($query);
while ($row = mysql_fetch_row($result))
{
$toy = $row[0];
$quantity = $row[1];
$stockCount = $row[2];
$toyName = $row[3];
if ($quantity > $stockCount)
{
$error = "Not enough of $toyName($toy) in stock";
break;
}
else
{
$toyArray[] = $toy;
$quantityArray[] = $quantity;
}
}
if ($error == "")
{
$date = getdate();
$d = $date[0];
$query = "UPDATE orders SET shipDate = $d WHERE orderID = $orderID";
queryMysql($query);
for ($j = 0; $j < count($toyArray); $j++)
{
$toy = $toyArray[$j];
$quantity = $quantityArray[$j];
$query = "UPDATE inventory SET stockCount = stockCount - $quantity WHERE toyGameID = $toy";
queryMysql($query);
}
}
}
if ($userType == 1 || $userType == 2)
{
echo <<<EOD
<h1>Ship Pending Orders</h1>
<h5>$error
<div class="panel panel-default">
<!-- Default panel contents -->
<div class="panel-heading">Pending orders</div>
<!-- Table -->
<table class="table">
<tr>
<td>Order ID</td>
<td>Order date</td>
<td>Shipping Address</td>
<td>Name</td>
<td>Toys</td>
<td>Subtotal</td>
<td>Ship?</td>
</tr>
EOD;
$query = "SELECT * FROM orders WHERE shipDate = 0";
$result = queryMysql($query);
while ($row = mysql_fetch_row($result))
{
$orderDate = date('c', $row[1]);
$shippingAddress = $row[3] . ", " . $row[4] . ", " . $row[5] . " " . $row[6];
echo <<<EOD
<tr>
<td>$row[0]</td>
<td>$orderDate</td>
<td>$shippingAddress</td>
EOD;
$query = "SELECT fName, lName, mInitial FROM users WHERE user IN (SELECT user FROM place WHERE orderID = $row[0])";
$result2 = queryMysql($query);
$row2 = mysql_fetch_row($result2);
$name = $row2[0] . " " . $row2[2] . " " . $row2[1];
echo <<<EOD
<td>$name</td>
EOD;
$query = "SELECT c.toyGameID, c.quantity, i.name FROM contains c INNER JOIN inventory i ON c.toyGameID = i.toyGameID WHERE orderID = $row[0]";
$result2 = queryMysql($query);
$toys = "";
while($row2 = mysql_fetch_row($result2)) {
if ($toys == "")
$toys = $row2[1] . " of " . $row2[2] . "(" . $row2[0] . ")";
else
$toys = $toys . ", " . $row2[1] . " of " . $row2[2] . "(" . $row2[0] . ")";
}
echo "<td>$toys</td>";
$query = "SELECT i.unitCost, c.quantity, i.percentOff FROM inventory i INNER JOIN contains c ON i.toyGameID = c.toyGameID WHERE c.orderID = $row[0]";
$result2 = queryMysql($query);
$subtotal = 0.00;
while ($row2 = mysql_fetch_row($result2))
{
$subtotal = number_format($subtotal + ($row2[0] * $row2[2] * $row2[1]), 2);
}
echo "<td>$$subtotal</td>";
echo <<<EOD
<td>
<form role="form" method='post' action='ship.php'>
<input type="hidden" name="order" value="$row[0]">
<button type="submit" class="btn btn-warning">Ship it</button>
</form>
</td>
EOD;
}
echo "</table></div></div></h5>";
}
else
echo "Access denied";
include_once 'footer.php';