e-commerce-system/process_order.php at main · danial-blackhat/e-commerce-system · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
$host = 'localhost';
$user = 'root';
$password = '';
$dbname = 'shop';

$conn = new mysqli($host, $user, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

session_start();
$session_id = session_id();

$name = $_POST['name'] ?? '';
$phone = $_POST['phone'] ?? '';
$delivery_method = $_POST['delivery_method'] ?? '';
$address = $_POST['address'] ?? '';
$total_price = $_POST['total_price'] ?? '';
$payment_method = $_POST['payment_method'] ?? '';
$bank = $_POST['bank'] ?? '';

// Handle file upload for QR payment
$receipt_path = '';
if ($payment_method === 'qr' && isset($_FILES['receipt']) && $_FILES['receipt']['error'] === UPLOAD_ERR_OK) {
    $target_dir = "uploads/";
    if (!is_dir($target_dir)) {
        mkdir($target_dir, 0777, true);
    }
    $file_name = uniqid() . "_" . basename($_FILES["receipt"]["name"]);
    $target_file = $target_dir . $file_name;
    if (move_uploaded_file($_FILES["receipt"]["tmp_name"], $target_file)) {
        $receipt_path = $target_file;
    }
}

// Fetch cart items
$stmt = $conn->prepare("SELECT product_id, quantity FROM cart WHERE session_id = ?");
$stmt->bind_param('s', $session_id);
$stmt->execute();
$cart_items = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
$stmt->close();

// Insert order (removed transaction_ref)
$stmt = $conn->prepare("INSERT INTO orders (session_id, name, phone, delivery_method, address, total_price, payment_method, bank, receipt_path, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
$stmt->bind_param(
    'sssssssss',
    $session_id,
    $name,
    $phone,
    $delivery_method,
    $address,
    $total_price,
    $payment_method,
    $bank,
    $receipt_path
);
$stmt->execute();
$order_id = $stmt->insert_id;
$stmt->close();

// Insert order items
foreach ($cart_items as $item) {
    $stmt = $conn->prepare("INSERT INTO order_items (order_id, product_id, quantity) VALUES (?, ?, ?)");
    $stmt->bind_param('iii', $order_id, $item['product_id'], $item['quantity']);
    $stmt->execute();
    $stmt->close();
}

// Clear cart
$stmt = $conn->prepare("DELETE FROM cart WHERE session_id = ?");
$stmt->bind_param('s', $session_id);
$stmt->execute();
$stmt->close();

$conn->close();

echo "Order placed successfully!";