I'm trying to create an advanced order search page for admin, I'm not familiar with MVC so I'm using basic php, the page is basically giving me the option to search for orders by Name, Email, Phone, Country, Order Status and soon will add City.
And I'll add more features such as changing the order status by a click of a button and adding comments to order history.
So far everything works just find and as I want it except for 2 challenges I need your help with:
1- Prevent accessing the page if not logged as admin.
If you can help me with a workaround to redirect the user to login page if he/she not logged in as admin
2- Get user token to be able to redirect to order details page when clicking on the order id.
I just need to get the value of current user_token (
Code: Select all
$this->session->data['user_token']
Code: Select all
$url = "http://mydomain.com/admin/index.php?route=sale/order/user_token=". $GLOBALS['user_token'] ."&info&order_id=";
Here is my code:
Code: Select all
<?php
require $_SERVER['DOCUMENT_ROOT']."/store2/admin/controller/sale/order_search.php";
$GLOBALS['totalrows'] = "";
function getConnection(){
$GLOBALS['varServerName'] = "localhost";
$GLOBALS['varUsername'] = "root";
$GLOBALS['varPassword'] = "";
$GLOBALS['varDatabase'] = "mystoredatabase";
}
?>
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset="UTF-8" />
<title>BLM | Order Search</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no, minimum-scale=1.0, maximum-scale=1.0" />
<script type="text/javascript" src="../../javascript/jquery/jquery-2.1.1.min.js"></script>
<script type="text/javascript" src="../../javascript/bootstrap/js/bootstrap.min.js"></script>
<link href="../../stylesheet/bootstrap.css" type="text/css" rel="stylesheet" />
<link href="../../javascript/font-awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet" />
<script src="../../javascript/jquery/datetimepicker/moment/moment.min.js" type="text/javascript"></script>
<script src="../../javascript/jquery/datetimepicker/moment/moment-with-locales.min.js" type="text/javascript"></script>
<script src="../../javascript/jquery/datetimepicker/bootstrap-datetimepicker.min.js" type="text/javascript"></script>
<link href="../../javascript/jquery/datetimepicker/bootstrap-datetimepicker.min.css" type="text/css" rel="stylesheet" media="screen" />
<link type="text/css" href="../../stylesheet/stylesheet.css" rel="stylesheet" media="screen" />
<script src="../../javascript/common.js" type="text/javascript"></script>
</head>
<body>
<div id="container">
<header id="header" class="navbar navbar-static-top">
<div class="container-fluid">
<div id="header-logo" class="navbar-header"><a href="myurl/admin" class="navbar-brand"><img src="../../image/logo.png" alt="{{ heading_title }}" /></a></div>
<a href="#" id="button-menu" class="hidden-md hidden-lg"><span class="fa fa-bars"></span></a>
</div>
</header>
<div id="content">
<div class="page-header">
<div class="container-fluid">
<div class="pull-left">
<h1>Order Search</h1>
</div>
</div></div>
<form method="POST">
<div class="container-fluid">
<div class="col-md-11 col-md-offset-1">
<div class="col-md-1">
<input class="form-control" name="txt_order_search" id="txt_order_search" placeholder="Order ID"/>
</div>
<div class="col-md-2">
<input class="form-control" name="txt_name_search" id="txt_name_search" placeholder="First Name" />
</div>
<div class="col-md-2">
<input class="form-control" name="txt_email_search" id="txt_email_search" placeholder="Email" />
</div>
<div class="col-md-2">
<input class="form-control" name="txt_phone_search" id="txt_phone_search" placeholder="Phone" />
</div>
<div class="col-md-2">
<select class='select2 form-control custom-select' style='width: 100%; height:36px;' name='ddl_country' id='ddl_country'>
<option value='-1' >--- Country ---</option>
<?php
getConnection();
$conn = new mysqli($GLOBALS['varServerName'], $GLOBALS['varUsername'], $GLOBALS['varPassword'], $GLOBALS['varDatabase']);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT oc_country.country_id, oc_country_description.name FROM oc_country INNER JOIN oc_country_description ON oc_country.country_id = oc_country_description.country_id WHERE (oc_country_description.language_id = 1) AND (oc_country.status = 1) ORDER BY oc_country_description.language_id";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$select_attribute = '';
if ( $row["country_id"] == $selected_value ) {
$select_attribute = ' selected';
}
echo "<option value='".$row["country_id"]. " '".$select_attribute.">" . $row["name"] . "</option>";
}
} else {
echo "<option> -- none -- </option>";
}
echo "Error in ".$query."<br>".$db->error;
$conn->close();
?>
</select>
</div>
<div class="col-md-2">
<select class='select2 form-control custom-select' style='width: 100%; height:36px;' name='ddl_order_status' id='ddl_order_status'>
<option value='-1' >--- Status ---</option>
<?php
getConnection();
$conn = new mysqli($GLOBALS['varServerName'], $GLOBALS['varUsername'], $GLOBALS['varPassword'], $GLOBALS['varDatabase']);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT order_status_id, name FROM oc_order_status WHERE (language_id = 1) ORDER BY name ASC";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$select_attribute = '';
if ( $row["order_status_id"] == $selected_value ) {
$select_attribute = ' selected';
}
echo "<option value='".$row["order_status_id"]. " '".$select_attribute.">" . $row["name"] . "</option>";
}
} else {
echo "<option> -- none -- </option>";
}
echo "Error in ".$query."<br>".$db->error;
$conn->close();
?>
</select>
</div>
<div class="col-md-1">
<button type="submit" id="btn_search" name="btn_search" title="Search" class="btn btn-info"><i class="fa fa-search"></i></button>
</div>
</div>
</div>
</div>
<div class="col-md-9 col-md-offset-1 col-sm-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-list"></i> Order List <?php echo $GLOBALS['totalrows'] ?></h3>
</div>
<div class="panel-body">
<table class="table table-bordered table-hover" id="tbl_main">
<thead>
<tr>
<th scope="col">Order ID</th>
<th scope="col">First Name</th>
<th scope="col">Last Name</th>
<th scope="col">Email</th>
<th scope="col">Telephone</th>
<th scope="col">Country</th>
<th scope="col">Order Status</th>
<th scope="col">Order Date</th>
<th scope="col">Payment Code</th>
</tr>
</thead>
<tbody>
<?php
function getColor($orderstatis) {
$classValue = "background-color:#";
switch ($orderstatis) {
case 1: // Pending
return $classValue = $classValue . "e9f77e";
break;
case 2: // Processing
return $classValue = $classValue . "58c5c7";
break;
case 3: // Shipped
return $classValue = $classValue . "9be8ba";
break;
case 5: // complete
return $classValue = $classValue . "42f57e";
break;
case 7: // Canceled
return $classValue = $classValue . "cacfcc";
break;
}
}
if (array_key_exists('btn_search', $_POST)) {
load_data();
}
function load_data() {
getConnection();
$conn = new mysqli($GLOBALS['varServerName'], $GLOBALS['varUsername'], $GLOBALS['varPassword'], $GLOBALS['varDatabase']);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//txt_order_search
//txt_pname_search txt_name_search txt_email_search txt_phone_search ddl_country
if ($_POST['txt_order_search']){
$qOrderID = " AND (oc_order.order_id = ". $_POST['txt_order_search'] .")";} else {$qOrderID = "";}
if ($_POST['txt_name_search']){
$qName = " AND CONCAT(oc_order.firstname, ' ', oc_order.lastname) LIKE '%" . $_POST['txt_name_search'] . "%'";} else {$qName = "";}
if ($_POST['txt_email_search']){
$qEmail = " AND (oc_order.email LIKE '%" . $_POST['txt_email_search'] . "%')";} else {$qEmail = "";}
if ($_POST['txt_phone_search']){
$qPhone = " AND (oc_order.telephone LIKE '%" . $_POST['txt_phone_search'] . "%')";} else {$qPhone = "";}
if ($_POST['ddl_country'] >= 1){
$qCountry = " AND (oc_country.country_id = " . $_POST['ddl_country'] . ")";} else {$qCountry = "";}
if ($_POST['ddl_order_status'] >= 1){
$qStatus = " AND (oc_order_status.order_status_id = " . $_POST['ddl_order_status'] . ")";} else {$qStatus = "";}
$qWhere = " WHERE (oc_order_status.language_id = 1) ". $qOrderID . $qName . $qEmail . $qPhone . $qCountry . $qStatus;
$sql = "SELECT oc_order.order_id, oc_country.name AS CountryName, oc_order.firstname AS order_FirstName, oc_order.lastname AS order_LastName, oc_order.email AS order_Email, oc_order.telephone, oc_order.payment_code, oc_order_status.name AS OrderStatus, oc_order.date_added, oc_order_status.language_id,oc_order_status.order_status_id, oc_country.country_id FROM oc_country INNER JOIN oc_order ON oc_country.country_id = oc_order.payment_country_id INNER JOIN oc_order_status ON oc_order.order_status_id = oc_order_status.order_status_id" . $qWhere;
//echo $sql;
$result = $conn->query($sql);
$GLOBALS['totalrows'] = "(".$result->num_rows.")";
$url = "http://192.168.208.144/store2/admin/index.php?route=sale/order/user_token=". $GLOBALS['user_token'] ."&info&order_id=";
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<tr><td scope='row'>" .
"<a target='_blank' style='display: block; text-align: center;' href='" . $url . $row["order_id"] . "'>" . $row["order_id"] ."</a></td>" .
"<td>" . $row["order_FirstName"] . "</td>" .
"<td>" . $row["order_LastName"] . "</td>" .
"<td>" . $row["order_Email"] . "</td>" .
"<td>" . $row["telephone"] . "</td>" .
"<td>" . $row["CountryName"] . "</td>" .
"<td style='". getColor($row["order_status_id"]) ."' >" . $row["OrderStatus"] . "</td>" .
"<td>" . $row["date_added"] . "</td>" .
"<td>" . $row["payment_code"] . "</td>" .
"</tr>";
}
} else {
echo "<tr><td colspan='9' scope='row'><strong><center>No Results.</center></strong></td></tr>";
}
$conn->close();
}
?>
</tbody>
</table>
</div>
</div>
</div>
</form>