pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMXX - Improved whereclause

Browse Source
This commit is contained in:
“VeLiTi”
2025-02-20 13:35:59 +01:00
parent 3aaa6c6680
commit 4c6ed0d203
83 changed files with 897 additions and 1274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

247
orders.php
View File

@@ -1,172 +1,143 @@
<?php
defined('admin') or exit;
// Retrieve the GET request parameters (if specified)
$pagination_page = isset($_GET['pagination_page']) ? $_GET['pagination_page'] : 1;
$search = isset($_GET['search']) ? $_GET['search'] : '';
// Filters parameters
$status = isset($_GET['status']) ? $_GET['status'] : '';
$method = isset($_GET['method']) ? $_GET['method'] : '';
$account_id = isset($_GET['account_id']) ? $_GET['account_id'] : '';
// Order by column
$order = isset($_GET['order']) && $_GET['order'] == 'ASC' ? 'ASC' : 'DESC';
// Add/remove columns to the whitelist array
$order_by_whitelist = ['id','first_name','total_products','payment_amount','payment_method','payment_status','created','payer_email'];
$order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], $order_by_whitelist) ? $_GET['order_by'] : 'created';
// Number of results per pagination page
$results_per_page = 20;
// Declare query param variables
$param1 = ($pagination_page - 1) * $results_per_page;
$param2 = $results_per_page;
$param3 = '%' . $search . '%';
// SQL where clause
$where = '';
$where .= $search ? 'WHERE (t.first_name LIKE :search OR t.last_name LIKE :search OR t.id LIKE :search OR t.txn_id LIKE :search OR t.payer_email LIKE :search) ' : '';
// Add filters
// Payment status filter
if ($status == 1) $where .= $where ? 'AND payment_status = "Completed" ' : 'WHERE payment_status = "Completed" ';
if ($status == 2) $where .= $where ? 'AND payment_status = "Pending" ' : 'WHERE payment_status = "Pending" ';
if ($status == 3) $where .= $where ? 'AND payment_status = "Cancelled" ' : 'WHERE payment_status = "Cancelled" ';
if ($status == 4) $where .= $where ? 'AND payment_status = "Reversed" ' : 'WHERE payment_status = "Reversed" ';
if ($status == 5) $where .= $where ? 'AND payment_status = "Shipped" ' : 'WHERE payment_status = "Shipped" ';
// Payment method filter
if ($method == 1) $where .= $where ? 'AND payment_method = "website" ' : 'WHERE payment_status = "website" ';
if ($method == 2) $where .= $where ? 'AND payment_method = "paypal" ' : 'WHERE payment_status = "paypal" ';
if ($method == 3) $where .= $where ? 'AND payment_method = "stripe" ' : 'WHERE payment_status = "stripe" ';
// Account ID filter
if ($account_id) $where .= $where ? 'AND account_id = :account_id ' : 'WHERE account_id = :account_id ';
// Retrieve the total number of transactions
$stmt = $pdo->prepare('SELECT COUNT(DISTINCT t.id) AS total FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where);
if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR);
if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT);
$stmt->execute();
$orders_total = $stmt->fetchColumn();
// Retrieve transactions
$stmt = $pdo->prepare('SELECT t.*, COUNT(ti.id) AS total_products FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where . ' GROUP BY t.id, t.txn_id, t.payment_amount, t.payment_status, t.created, t.payer_email, t.first_name, t.last_name, t.address_street, t.address_city, t.address_state, t.address_zip, t.address_country, t.account_id, t.payment_method, t.discount_code, t.shipping_method, t.shipping_amount ORDER BY ' . $order_by . ' ' . $order . ' LIMIT :start_results,:num_results');
// Bind params
$stmt->bindParam('start_results', $param1, PDO::PARAM_INT);
$stmt->bindParam('num_results', $param2, PDO::PARAM_INT);
if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR);
if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT);
$stmt->execute();
// Retrieve query results
$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings.php';
//SET ORIGIN FOR NAVIGATION
$prev_page = $_SESSION['prev_origin'] ?? '';
$page = $_SESSION['origin'] = 'orders';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php');
exit;
}
//GET PARAMETERS
$pagination_page = isset($_GET['p']) ? $_GET['p'] : 1;
$search = isset($_GET['search']) ? '&search='.$_GET['search'] : '';
// Determine the URL
$url = 'index.php?page=orders&search=' . $search . '&status=' . $status . '&method=' . $method . '&account_id=' . $account_id;
$url = 'index.php?page=transactions'.$search;
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
//CALL TO API
$api_url = '/v2/transactions/'.$GET_VALUES;
$orders = ioServer($api_url,'');
//Decode Payload
if (!empty($orders)){$orders = json_decode($orders,true);}else{$orders = null;}
//Return QueryTotal from API
$api_url = '/v2/transactions/totals=';
$query_total = ioServer($api_url,'');
//Decode Payload
if (!empty($query_total)){$query_total = json_decode($query_total,true);}else{$query_total = null;}
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = 'Order created successfully!';
$success_msg = $message_orders_1 ?? 'Created';
}
if ($_GET['success_msg'] == 2) {
$success_msg = 'Order updated successfully!';
$success_msg = $message_orders_2 ?? 'Updated';
}
if ($_GET['success_msg'] == 3) {
$success_msg = 'Order deleted successfully!';
$success_msg = $message_orders_3 ?? 'Deleted' ;
}
}
?>
<?=template_admin_header('Orders', 'orders')?>
template_header('orders', 'orders','view');
$view = '
<div class="content-title">
<div class="title">
<i class="fa-solid fa-cart-shopping"></i>
<i class="fa-solid fa-truck-fast"></i>
<div class="txt">
<h2>Orders</h2>
<p>View, create, and search orders.</p>
<h2>'.($orders_h2 ?? 'orders').' ('.$query_total.')</h2>
<p>'.($orders_p ?? '').'</p>
</div>
</div>
</div>
</div>';
<?php if (isset($success_msg)): ?>
<div class="msg success">
<i class="fas fa-check-circle"></i>
<p><?=$success_msg?></p>
<i class="fas fa-times"></i>
</div>
<?php endif; ?>
if (isset($success_msg)){
$view .= ' <div class="msg success">
<i class="fas fa-check-circle"></i>
<p>'.$success_msg.'</p>
<i class="fas fa-times"></i>
</div>';
}
$view .= '
<div class="content-header responsive-flex-column pad-top-5">
<a href="index.php?page=order_manage" class="btn">Create Order</a>
<form action="" method="get">
<input type="hidden" name="page" value="orders">
<div class="filters">
<a href="#"><i class="fas fa-sliders-h"></i> Filters</a>
<div class="list">
<select name="status">
<option value="" disabled selected>Status</option>
<option value="1"<?=$status==1?' selected':''?>>Completed</option>
<option value="2"<?=$status==2?' selected':''?>>Pending</option>
<option value="3"<?=$status==3?' selected':''?>>Cancelled</option>
<option value="4"<?=$status==4?' selected':''?>>Reversed</option>
<option value="5"<?=$status==5?' selected':''?>>Shipped</option>
</select>
<select name="method">
<option value="" disabled selected>Method</option>
<option value="1"<?=$method==1?' selected':''?>>Website</option>
<option value="2"<?=$method==2?' selected':''?>>PayPal</option>
<option value="3"<?=$method==3?' selected':''?>>Stripe</option>
</select>
<button type="submit">Apply</button>
</div>
</div>
<div class="search">
<label for="search">
<input id="search" type="text" name="search" placeholder="Search order..." value="<?=htmlspecialchars($search, ENT_QUOTES)?>" class="responsive-width-100">
<i class="fas fa-search"></i>
</label>
</div>
</form>
<a href="index.php?page=orders_manage" class="btn">'.($button_create_orders ?? 'Create order').'</a>
</div>
<div class="content-block">
<div class="table">
<table>
<thead>
<tr>
<td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=id'?>">#<?php if ($order_by=='id'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=first_name'?>">Customer<?php if ($order_by=='first_name'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payer_email'?>">Email<?php if ($order_by=='payer_email'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=total_products'?>">Products<?php if ($order_by=='total_products'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_amount'?>">Total<?php if ($order_by=='payment_amount'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_method'?>">Method<?php if ($order_by=='payment_method'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_status'?>">Status<?php if ($order_by=='payment_status'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=created'?>">Date<?php if ($order_by=='created'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td>Actions</td>
<td>'.($orders_id ?? '#').'</td>
<td>'.($orders_customer ?? 'name').'</td>
<td>'.($orders_payment_amount ?? 'Total').'</td>
<td class="responsive-hidden">'.($orders_method ?? 'Method').'</td>
<td class="responsive-hidden">'.($orders_status ?? 'Status').'</td>
<td class="responsive-hidden">'.($orders_created ?? 'Created').'</td>
<td>'.$general_actions.'</td>
</tr>
</thead>
<tbody>
<?php if (empty($orders)): ?>
<tr>
<td colspan="9" style="text-align:center;">There are no orders</td>
</tr>
<?php else: ?>
<?php foreach ($orders as $i): ?>
<tr>
<td><?=$i['id']?></td>
<td><?=htmlspecialchars($i['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($i['last_name'], ENT_QUOTES)?></td>
<td class="responsive-hidden"><?=htmlspecialchars($i['payer_email'], ENT_QUOTES)?></td>
<td class="responsive-hidden"><?=$i['total_products']?></td>
<td><?=currency_code?><?=number_format($i['payment_amount'], 2)?></td>
<td class="responsive-hidden"><?=$i['payment_method']?></td>
<td class="responsive-hidden"><span class="status <?=strtolower($i['payment_status'])?>"><?=$i['payment_status']?></span></td>
<td class="responsive-hidden"><?=date('F j, Y', strtotime($i['created']))?></td>
<td><a href="index.php?page=order&id=<?=$i['id']?>" class="link1">View</a> <a href="index.php?page=order_manage&id=<?=$i['id']?>" class="link1">Edit</a></td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
<tbody>';
if (empty($orders)){
$view .= '<tr>
<td colspan="8" style="text-align:center;">'.($message_no_orders ?? 'There are no orders').'</td>
</tr>';
}
else {
foreach ($orders as $order){
$view .= '
<tr>
<td>'.$order['id'].'</td>
<td>'.$order['first_name'].' '.$order['last_name'].'</td>
<td>'.number_format($order['payment_amount'], 2).'</td>
<td class="responsive-hidden">'.$order['payment_method'].'</td>
<td class="responsive-hidden">'.$order['payment_status'].'</td>
<td class="responsive-hidden">'.getRelativeTime($order['created']).'</td>
<td><a href="index.php?page=order&id='.$order['id'].'" class="btn_link">'.$general_view.'</a></td>
</tr>';
}
}
$view .= '
</tbody>
</table>
</div>
</div>
';
<div class="pagination">
<?php if ($pagination_page > 1): ?>
<a href="<?=$url?>&pagination_page=<?=$pagination_page-1?>&order=<?=$order?>&order_by=<?=$order_by?>">Prev</a>
<?php endif; ?>
<span>Page <?=$pagination_page?> of <?=ceil($orders_total / $results_per_page) == 0 ? 1 : ceil($orders_total / $results_per_page)?></span>
<?php if ($pagination_page * $results_per_page < $orders_total): ?>
<a href="<?=$url?>&pagination_page=<?=$pagination_page+1?>&order=<?=$order?>&order_by=<?=$order_by?>">Next</a>
<?php endif; ?>
</div>
$view.='<div class="pagination">';
if ($pagination_page > 1) {
$page = $pagination_page-1;
$view .= '<a href="'.$url.'&p=1">'.$general_first.'</a>';
$view .= '<a href="'.$url.'&p='.$page.'">'.$general_prev.'</a>';
}
$totals = ceil($query_total / $page_rows_transactions) == 0 ? 1 : ceil($query_total / $page_rows_transactions);
$view .= '<span> '.$general_page.$pagination_page.$general_page_of.$totals.'</span>';
if ($pagination_page * $page_rows_transactions < $query_total){
$page = $pagination_page+1;
$view .= '<a href="'.$url.'&p='.$page.'">'.$general_next.'</a>';
$view .= '<a href="'.$url.'&p='.$totals.'">'.$general_last.'</a>';
<?=template_admin_footer()?>
}
$view .= '</div>';
//OUTPUT
echo $view;
template_footer();
?>