You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
2.3 KiB
PHP
70 lines
2.3 KiB
PHP
<?php
|
|
require_once 'includes/db.php';
|
|
require_once 'includes/auth.php';
|
|
checkAuth();
|
|
|
|
header('Content-Type: application/json');
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (!$data || !isset($data['id'], $data['field'], $data['value'])) {
|
|
die(json_encode(['success' => false, 'error' => 'Brak danych']));
|
|
}
|
|
|
|
if (!isValidCsrfToken($data['csrf_token'] ?? null)) {
|
|
http_response_code(403);
|
|
die(json_encode(['success' => false, 'error' => 'Nieprawidłowy token bezpieczeństwa']));
|
|
}
|
|
|
|
$id = (int)$data['id'];
|
|
$field = $data['field'];
|
|
$value = trim($data['value']);
|
|
|
|
// TUTAJ JEST MAGIA: dodano 'company' na końcu listy
|
|
$allowed_fields = ['product_name', 'quantity', 'purchase_place', 'price_per_unit', 'delivery_date', 'status', 'recipient', 'delivery_address', 'notes', 'company'];
|
|
|
|
if (!in_array($field, $allowed_fields)) {
|
|
die(json_encode(['success' => false, 'error' => 'Niedozwolona kolumna']));
|
|
}
|
|
|
|
$field_labels = [
|
|
'product_name' => 'Produkt',
|
|
'quantity' => 'Ilość',
|
|
'purchase_place' => 'Miejsce zakupu',
|
|
'price_per_unit' => 'Cena za sztukę',
|
|
'delivery_date' => 'Data dostawy',
|
|
'status' => 'Status',
|
|
'recipient' => 'Odbiorca',
|
|
'delivery_address' => 'Adres dostawy',
|
|
'notes' => 'Notatki',
|
|
'company' => 'Firma kupująca'
|
|
];
|
|
|
|
try {
|
|
$stmt = $pdo->prepare("SELECT $field FROM " . DB_PREFIX . "orders WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
$old_val = $stmt->fetchColumn();
|
|
|
|
if ((string)$old_val !== (string)$value) {
|
|
if ($field === 'price_per_unit') {
|
|
$value = (float)str_replace(',', '.', $value);
|
|
}
|
|
|
|
$update = $pdo->prepare("UPDATE " . DB_PREFIX . "orders SET $field = ? WHERE id = ?");
|
|
$update->execute([$value, $id]);
|
|
|
|
$label = $field_labels[$field] ?? $field;
|
|
$old_display = $old_val ?: '(brak)';
|
|
$new_display = $value ?: '(brak)';
|
|
$hist_msg = "Szybka edycja: $label zmieniono z [$old_display] ➔ [$new_display]";
|
|
|
|
$hist = $pdo->prepare("INSERT INTO " . DB_PREFIX . "order_history (order_id, user_id, action) VALUES (?, ?, ?)");
|
|
$hist->execute([$id, $_SESSION['user_id'], $hist_msg]);
|
|
}
|
|
|
|
echo json_encode(['success' => true]);
|
|
} catch (PDOException $e) {
|
|
error_log($e->getMessage());
|
|
echo json_encode(['success' => false, 'error' => 'Wystapil blad serwera']);
|
|
}
|
|
?>
|