You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.6 KiB
PHP
49 lines
1.6 KiB
PHP
<?php
|
|
require_once 'includes/db.php';
|
|
require_once 'includes/auth.php';
|
|
checkAuth();
|
|
|
|
header('Content-Type: application/json');
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (!$data || empty(trim($data['product_name']))) {
|
|
die(json_encode(['success' => false, 'error' => 'Nazwa produktu jest wymagana!']));
|
|
}
|
|
|
|
if (!isValidCsrfToken($data['csrf_token'] ?? null)) {
|
|
http_response_code(403);
|
|
die(json_encode(['success' => false, 'error' => 'Nieprawidłowy token bezpieczeństwa']));
|
|
}
|
|
|
|
try {
|
|
$pdo->beginTransaction();
|
|
|
|
$stmt = $pdo->prepare("INSERT INTO " . DB_PREFIX . "orders (product_name, quantity, purchase_place, price_per_unit, status) VALUES (?, ?, ?, ?, 'nowe')");
|
|
|
|
$price = (float)str_replace(',', '.', $data['price_per_unit'] ?? 0);
|
|
$qty = (int)($data['quantity'] ?? 1);
|
|
if ($qty < 1) {
|
|
die(json_encode(['success' => false, 'error' => 'Ilość musi być większa od zera.']));
|
|
}
|
|
|
|
$stmt->execute([
|
|
trim($data['product_name']),
|
|
$qty,
|
|
trim($data['purchase_place'] ?? ''),
|
|
$price
|
|
]);
|
|
|
|
$new_id = $pdo->lastInsertId();
|
|
|
|
$hist = $pdo->prepare("INSERT INTO " . DB_PREFIX . "order_history (order_id, user_id, action) VALUES (?, ?, ?)");
|
|
$hist->execute([$new_id, $_SESSION['user_id'], "Utworzono zamówienie (szybkie dodawanie na liście)."]);
|
|
|
|
$pdo->commit();
|
|
echo json_encode(['success' => true]);
|
|
} catch (PDOException $e) {
|
|
$pdo->rollBack();
|
|
error_log($e->getMessage());
|
|
echo json_encode(['success' => false, 'error' => 'Wystapil blad serwera']);
|
|
}
|
|
?>
|