143 lines
3.5 KiB
PHP
143 lines
3.5 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
error_reporting(E_ALL);
|
|
|
|
if (!isset($baseDir)) $baseDir = $_SERVER['DOCUMENT_ROOT'];
|
|
|
|
require_once $baseDir . '/../scripts/session_functions.php';
|
|
|
|
ini_wkvs_session();
|
|
|
|
check_user_permission('trainer');
|
|
|
|
verify_csrf();
|
|
|
|
function generateInvoiceNumber() : int {
|
|
return random_int(10000000, 99999999);
|
|
}
|
|
|
|
$orderType = 'Startgebühr';
|
|
|
|
function createInvoice(mysqli $conn, $tableOrders, $orderType , $preis, $userId, $jsonIds, $order_status): int
|
|
{
|
|
$maxRetries = 5;
|
|
|
|
for ($i = 0; $i < $maxRetries; $i++) {
|
|
|
|
$invoiceNumber = generateInvoiceNumber();
|
|
|
|
|
|
$stmt = $conn->prepare(
|
|
"INSERT INTO `$tableOrders` (order_id, order_type, preis, user_id, item_ids, order_status)
|
|
VALUES (?, ?, ?, ?, ?, ?)"
|
|
);
|
|
|
|
$stmt->bind_param(
|
|
"isdisi",
|
|
$invoiceNumber, $orderType, $preis, $userId, $jsonIds, $order_status
|
|
);
|
|
|
|
if ($stmt->execute()) {
|
|
return $invoiceNumber; // SUCCESS
|
|
}
|
|
|
|
// Duplicate key error → retry
|
|
if ($conn->errno !== 1062) {
|
|
throw new RuntimeException(
|
|
"Database error ({$conn->errno}): {$conn->error}"
|
|
);
|
|
}
|
|
}
|
|
|
|
throw new RuntimeException('Failed to generate unique invoice number');
|
|
}
|
|
|
|
$userId = $_SESSION['user_id_trainer'];
|
|
|
|
$type = 'tr';
|
|
|
|
$data = include $baseDir . '/../scripts/db/db-verbindung-script.php';
|
|
|
|
if ($data['success'] === false){
|
|
echo json_encode(['success' => false, 'message' => $data['message']]);
|
|
exit;
|
|
}
|
|
|
|
require $baseDir . '/../scripts/db/db-tables.php';
|
|
|
|
$sql = "SELECT bi.id AS basket_id, bi.item_id, p.programm AS programm_name, p.preis, bi.id
|
|
FROM $tableBasketItems bi
|
|
LEFT JOIN $tableTurnerinnen t ON bi.item_id = t.id
|
|
LEFT JOIN $tableProgramme p ON p.programm = t.programm
|
|
WHERE bi.user_id = ?";
|
|
|
|
$stmt = $mysqli->prepare($sql);
|
|
$stmt->bind_param("i", $userId);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
$rows = $result->fetch_all(MYSQLI_ASSOC);
|
|
|
|
if (!$rows || count($rows) < 1) {
|
|
http_response_code(422);
|
|
exit;
|
|
}
|
|
|
|
$preis = 0;
|
|
|
|
foreach ($rows as $r) {
|
|
$preis += floatval($r['preis']);
|
|
$ids[] = strval($r['item_id']);
|
|
}
|
|
|
|
if ($preis < 0) {
|
|
echo json_encode(['success' => false, 'message' => 'Negative price']);
|
|
exit;
|
|
}
|
|
|
|
$jsonIds = json_encode($ids);
|
|
|
|
if (json_last_error() !== JSON_ERROR_NONE) {
|
|
echo json_encode(['success' => false, 'message' => 'Invalid JSON']);
|
|
exit;
|
|
}
|
|
|
|
// --- Check for existing open order ---
|
|
$sql = "SELECT order_id FROM `$tableOrders` WHERE user_id = ? AND order_status = 0 LIMIT 1";
|
|
$stmt = $mysqli->prepare($sql);
|
|
$stmt->bind_param("i", $userId);
|
|
$stmt->execute();
|
|
$stmt->bind_result($order_id);
|
|
|
|
if ($stmt->fetch()) {
|
|
// --- UPDATE existing order ---
|
|
$stmt->close();
|
|
|
|
$sql = "
|
|
UPDATE `$tableOrders`
|
|
SET preis = ?, item_ids = ?
|
|
WHERE order_id = ?
|
|
";
|
|
|
|
$stmt = $mysqli->prepare($sql);
|
|
$stmt->bind_param("dsi", $preis, $jsonIds, $order_id);
|
|
$stmt->execute();
|
|
|
|
$_SESSION['order_id'] = $order_id;
|
|
$_SESSION['order_preis'] = $preis;
|
|
} else {
|
|
// --- INSERT new order ---
|
|
$stmt->close();
|
|
|
|
$order_status = 0;
|
|
|
|
$new_id = createInvoice($mysqli, $tableOrders, $orderType, $preis, $userId, $jsonIds, $order_status);
|
|
$_SESSION['order_id'] = $new_id;
|
|
$_SESSION['order_preis'] = $preis;
|
|
}
|
|
|
|
echo json_encode(['success' => true]);
|
|
exit;
|
|
?>
|