1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<!DOCTYPE html>
<?php require "../lib/db.php" ?>
<?php require "../lib/login.php" ?>
<?php if_logged_in(false, "/login.php", true) ?>
<?php do {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') break;
if (!$_POST['type']) break;
if (!$_POST['product_id']) break;
switch($_POST['type']) {
case "delete": {
$statement = $cursor->prepare("delete from orderproduct where product = ? and `order` = cart(?)");
$statement->bind_param("ii", $_POST['product_id'], $user_id);
$statement->execute();
$cart_count = get_cart_count();
break;
}
case "add": {
// ik wou deze functie eigenlijk in een stored procedure doen maar het
// schijnt dat de knappe koppen bij mysql het geen goed idee vonden om
// gewoon 'return' toe te staan binnen de body van een stored
// procedure???
$statement = $cursor->prepare("select add_to_cart(?, ?)");
$statement->bind_param("ii", $_POST['product_id'], $user_id);
$statement->execute();
$statement->get_result()/*->fetch_object()*/;
$cart_count = get_cart_count();
break;
}
case "update": {
$statement = $cursor->prepare("update orderproduct set count = ? where product = ? and `order` = cart(?)");
$statement->bind_param("iii", $_POST['count'], $_POST['product_id'], $user_id);
$statement->execute();
return; // update requests are only triggered from JS and don't do anything with the response
}
}
} while (false); ?>
<?php
function item_template($item) {
$image_path = $item->image ? "/img/product/$item->id-thumb.jpg" : "/img/placeholder.png";
$price = number_format($item->price, 2, ',', '.');
echo <<<"EOF"
<div class="product" product-id="$item->id">
<img src="$image_path" alt="productafbeelding">
<span class="name">$item->name</span>
<label for="$item->id-count">hoeveelheid:</label>
<input type="number" value="$item->count" min="1" max="20" id="$item->id-count" class="count buttonstyle filled" disabled>
<button type="submit" value="$item->id" name="product_id" class="button outlined">weghalen</button>
<span class="price">$price</span>
</div>
EOF;
}
?>
<html>
<head>
<?php include 'head.php' ?>
<title>mand</title>
<link rel="stylesheet" href="cart.css">
<script defer src="cart.js"></script>
</head>
<body>
<?php include 'navbar.php' ?>
<div class="main limwidth">
<?php do {
if (($user_privileges & PRIVILEGE_ADMIN) == 0) break;
echo <<<"EOF"
<div class="center">
<form action="/admin-order.php" method="get" class="d-ib">
<input type="submit" value="Bestellingen beheren" class="button filled">
</form>
</div>
EOF;
} while (false); ?>
<h2>dingen in de mand van <?php echo $username ?></h2>
<?php do {
global $username;
$statement = $cursor->prepare("select product.id, product.name, product.price, product.image, orderproduct.count from orderproduct join product on product.id = orderproduct.product where `order` = cart(?)");
$statement->bind_param("i", $user_id);
if (!$statement->execute()) break;
$res = $statement->get_result();
if (!mysqli_num_rows($res)) {
echo "mandje leeg";
break;
}
echo <<<"EOF"
<form id="products" class="products" method="post">
<input type="hidden" name="type" value="delete">
EOF;
while ($product = $res->fetch_object()) item_template($product);
$statement = $cursor->prepare("select cart_sum(cart(?)) as `sum`");
$statement->bind_param("i", $user_id);
if (!$statement->execute()) break;
$res = $statement->get_result();
$subtotal = number_format($res->fetch_object()->sum, 2, ',', '.');
echo <<<"EOF"
</form>
<div class="alignright">
<span class="sum">Subtotaal: <span class="subtotal price">$subtotal</span></span>
</div>
<form class="product-footer" method="post" action="/order-complete.php">
<input type="submit" value="Bestellen" class="buttonstyle filled">
</form>
EOF;
} while (false); ?>
</div>
<?php include 'footer.php' ?>
</body>
</html>
|