creating dedicated order view page

admin/index.php

@@ -155,7 +155,7 @@ include __DIR__ . '/../includes/header.php';
                         <td data-label="Organisation"><?php echo escape($order['organization_label']); ?></td>
                         <td data-label="Erstellt"><?php echo escape(formatDate($order['created_at'])); ?></td>
                         <td data-label="Status"><span class="status <?php echo escape(getOrderStatusClass($order)); ?>"><?php echo escape(getOrderStatusLabel($order)); ?></span></td>
-                        <td data-label="Aktionen"><a href="orders.php?order_id=<?php echo urlencode($order['id']); ?>" class="btn btn-small">Details</a></td>
+                        <td data-label="Aktionen"><a href="order.php?id=<?php echo urlencode($order['id']); ?>" class="btn btn-small">Details</a></td>
                     </tr>
                 <?php endforeach; ?>
             </tbody>
@@ -200,7 +200,7 @@ include __DIR__ . '/../includes/header.php';
                             <?php endif; ?>
                         </td>
                         <td data-label="Erstellt"><?php echo escape(formatDate($row['created_at'])); ?></td>
-                        <td data-label="Aktionen"><a href="orders.php?details=<?php echo urlencode($row['order_id']); ?>" class="btn btn-small">Details</a></td>
+                        <td data-label="Aktionen"><a href="order.php?id=<?php echo urlencode($row['order_id']); ?>" class="btn btn-small">Details</a></td>
                     </tr>
                 <?php endforeach; ?>
             </tbody>

admin/order.php

@@ -0,0 +1,417 @@
+<?php
+require_once __DIR__ . "/../config.php";
+require_once __DIR__ . "/../includes/functions.php";
+
+if (empty($_SESSION['admin_logged_in'])) {
+    header("Location: login.php");
+    exit();
+}
+
+expirePendingOrders();
+
+$message = "";
+$messageType = "";
+
+if (
+    $_SERVER['REQUEST_METHOD'] === "POST" &&
+    isset($_POST['toggle_item_backorder'])
+) {
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
+        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
+        $messageType = "error";
+    } else {
+        $result = toggleOrderItemBackorder(
+            $_POST['order_id'] ?? "",
+            (int) ($_POST['item_index'] ?? -1),
+        );
+        $message = $result["success"]
+            ? "Nachbestellstatus wurde aktualisiert."
+            : $result["message"];
+        $messageType = $result["success"] ? "success" : "error";
+
+        if ($result["success"]) {
+            logAccess("Admin toggled order item backorder", [
+                "admin" => $_SESSION['admin_username'] ?? "unknown",
+                "order_id" => $_POST['order_id'] ?? "",
+                "item_index" => $_POST['item_index'] ?? -1,
+            ]);
+        }
+    }
+}
+
+if (
+    $_SERVER['REQUEST_METHOD'] === "POST" &&
+    isset($_POST['toggle_item_processed'])
+) {
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
+        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
+        $messageType = "error";
+    } else {
+        $result = toggleOrderItemProcessed(
+            $_POST['order_id'] ?? "",
+            (int) ($_POST['item_index'] ?? -1),
+        );
+        $message = $result["success"]
+            ? "Position wurde aktualisiert."
+            : $result["message"];
+        $messageType = $result["success"] ? "success" : "error";
+
+        if ($result["success"]) {
+            logAccess("Admin toggled order item", [
+                "admin" => $_SESSION['admin_username'] ?? "unknown",
+                "order_id" => $_POST['order_id'] ?? "",
+                "item_index" => $_POST['item_index'] ?? -1,
+            ]);
+        }
+    }
+}
+
+if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['cancel_order'])) {
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
+        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
+        $messageType = "error";
+    } else {
+        $adminUsername = $_SESSION['admin_username'] ?? "";
+        $result = cancelOrder(
+            $_POST['order_id'] ?? "",
+            $adminUsername,
+            $_POST['cancellation_reason'] ?? "",
+        );
+        $message = $result["success"]
+            ? "Bestellung wurde storniert."
+            : $result["message"];
+        $messageType = $result["success"] ? "success" : "error";
+
+        if ($result["success"]) {
+            logAccess("Admin cancelled order", [
+                "admin" => $adminUsername,
+                "order_id" => $_POST['order_id'] ?? "",
+            ]);
+        }
+    }
+}
+
+if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['uncancel_order'])) {
+    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
+        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
+        $messageType = "error";
+    } else {
+        $adminUsername = $_SESSION['admin_username'] ?? "";
+        $result = uncancelOrder($_POST['order_id'] ?? "");
+        $message = $result["success"]
+            ? "Stornierung wurde aufgehoben."
+            : $result["message"];
+        $messageType = $result["success"] ? "success" : "error";
+
+        if ($result["success"]) {
+            logAccess("Admin uncancelled order", [
+                "admin" => $adminUsername,
+                "order_id" => $_POST['order_id'] ?? "",
+            ]);
+        }
+    }
+}
+
+$orderId = trim((string) ($_GET['id'] ?? $_POST['order_id'] ?? ""));
+$order = $orderId !== "" ? getOrderById($orderId) : null;
+
+$pageTitle =
+    $order !== null
+        ? "Bestellung " . $order["id"]
+        : ($orderId !== ""
+            ? "Bestellung nicht gefunden"
+            : "Bestellung");
+
+$bodyClass = "admin-page";
+include __DIR__ . "/../includes/header.php";
+?>
+
+<div class="admin-header">
+    <h2><?php echo $order !== null
+        ? "Bestellung " . escape($order["id"])
+        : "Bestellung"; ?></h2>
+    <div class="admin-dashboard-actions">
+        <a href="index.php" class="btn btn-secondary">Zurück zum Dashboard</a>
+        <a href="orders.php" class="btn">Zurück zur Bestellliste</a>
+    </div>
+</div>
+
+<?php if ($message !== ""): ?>
+    <div class="alert alert-<?php echo escape($messageType); ?>">
+        <?php echo escape($message); ?>
+    </div>
+<?php endif; ?>
+
+<?php if ($order === null): ?>
+    <div class="alert alert-info">
+        <p><?php echo $orderId !== ""
+            ? "Die Bestellung wurde nicht gefunden."
+            : "Keine Bestellnummer angegeben."; ?></p>
+    </div>
+<?php else: ?>
+    <div class="panel">
+        <p><strong>Status:</strong> <span class="status <?php echo escape(
+            getOrderStatusClass($order),
+        ); ?>"><?php echo escape(
+    getOrderStatusLabel($order),
+); ?></span>
+        <?php if (orderHasBackorder($order)): ?>
+            <span class="status status-backorder">Nachbestellung</span>
+        <?php endif; ?>
+        </p>
+        <p><strong>Name:</strong> <?php echo escape(
+            $order["customer_name"],
+        ); ?></p>
+        <p><strong>E-Mail:</strong> <?php echo escape(
+            $order["customer_email"],
+        ); ?></p>
+        <p><strong>Organisation:</strong> <?php echo escape(
+            $order["organization_label"],
+        ); ?></p>
+        <p><strong>Erstellt:</strong> <?php echo escape(
+            formatDate($order["created_at"]),
+        ); ?></p>
+        <?php if ($order["confirmed_at"] !== ""): ?>
+            <p><strong>Bestätigt:</strong> <?php echo escape(
+                formatDate($order["confirmed_at"]),
+            ); ?></p>
+        <?php endif; ?>
+        <?php if ($order["confirmation_status"] === "pending"): ?>
+            <p><strong>Bestätigung offen bis:</strong> <?php echo escape(
+                formatDate($order["confirmation_expires_at"]),
+            ); ?></p>
+        <?php endif; ?>
+        <?php if ($order["admin_notified_at"] !== ""): ?>
+            <p><strong>Intern weitergeleitet:</strong> <?php echo escape(
+                formatDate($order["admin_notified_at"]),
+            ); ?></p>
+        <?php endif; ?>
+        <p><strong>Kommentar:</strong><br><?php echo $order[
+            "comment"
+        ] !== ""
+            ? nl2br(escape($order["comment"]))
+            : "Kein Kommentar"; ?></p>
+
+        <?php if ($order["status"] === "cancelled"): ?>
+            <div class="alert alert-warning">
+                <p><strong>Storniert am:</strong> <?php echo escape(
+                    formatDate($order["cancelled_at"]),
+                ); ?></p>
+                <p><strong>Storniert durch:</strong> <?php echo escape(
+                    $order["cancelled_by"],
+                ); ?></p>
+                <p><strong>Stornogrund:</strong><br><?php echo $order[
+                    "cancellation_reason"
+                ] !== ""
+                    ? nl2br(escape($order["cancellation_reason"]))
+                    : "Kein Grund angegeben"; ?></p>
+            </div>
+            <form
+                method="POST"
+                class="inline-form"
+                onsubmit="return confirm('Stornierung wirklich aufheben? Die Bestellung kann danach wieder bearbeitet werden.');"
+            >
+                <?php echo csrfField(); ?>
+                <input type="hidden" name="order_id" value="<?php echo escape(
+                    $order["id"],
+                ); ?>">
+                <button type="submit" name="uncancel_order" class="btn btn-small">
+                    Stornierung aufheben
+                </button>
+            </form>
+        <?php endif; ?>
+
+        <h4>Positionen</h4>
+        <div class="table-responsive">
+            <table class="responsive-table table-compact">
+                <thead>
+                    <tr>
+                        <th>Artikel</th>
+                        <th>Größe</th>
+                        <th>Lieferhinweis</th>
+                        <th>Bearbeitet</th>
+                        <th>Nachbestellung</th>
+                        <th>Aktion</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php foreach ($order["items"] as $index => $item): ?>
+                        <tr>
+                            <td data-label="Artikel"><?php echo escape(
+                                $item["product_name"],
+                            ); ?></td>
+                            <td data-label="Größe"><?php echo $item["size"] !==
+                            ""
+                                ? escape($item["size"])
+                                : "-"; ?></td>
+                            <td data-label="Lieferhinweis"><?php echo $item[
+                                "availability_label"
+                            ] !== ""
+                                ? escape($item["availability_label"])
+                                : "-"; ?></td>
+                            <td data-label="Bearbeitet">
+                                <span class="status <?php echo !empty(
+                                    $item["is_processed"]
+                                )
+                                    ? "status-processed"
+                                    : "status-open"; ?>">
+                                    <?php echo !empty($item["is_processed"])
+                                        ? "Ja"
+                                        : "Nein"; ?>
+                                </span>
+                            </td>
+                            <td data-label="Nachbestellung">
+                                <?php
+                                $backorderStatus = (string) ($item["backorder_status"] ?? "");
+                                if ($backorderStatus !== ""): ?>
+                                    <span class="status <?php echo escape(
+                                        getBackorderStatusClass($backorderStatus),
+                                    ); ?>"><?php echo escape(
+    getBackorderStatusLabel($backorderStatus),
+); ?></span>
+                                <?php else: ?>
+                                    -
+                                <?php endif; ?>
+                            </td>
+                            <td data-label="Aktionen">
+                                <?php if (
+                                    $order["status"] !== "cancelled" &&
+                                    $order["confirmation_status"] !==
+                                        "pending" &&
+                                    $order["confirmation_status"] !==
+                                        "expired"
+                                ): ?>
+                                    <form method="POST" class="inline-form">
+                                        <?php echo csrfField(); ?>
+                                        <input type="hidden" name="order_id" value="<?php echo escape(
+                                            $order["id"],
+                                        ); ?>">
+                                        <input type="hidden" name="item_index" value="<?php echo (int) $index; ?>">
+                                        <button type="submit" name="toggle_item_processed" class="btn btn-small">
+                                            <?php echo !empty(
+                                                $item["is_processed"]
+                                            )
+                                                ? "Als offen markieren"
+                                                : "Als bearbeitet markieren"; ?>
+                                        </button>
+                                    </form>
+                                    <?php
+                                    $canToggleBackorder =
+                                        $backorderStatus === "to_be_backordered" ||
+                                        ($backorderStatus === "" &&
+                                            empty($item["is_processed"]));
+                                    if ($canToggleBackorder): ?>
+                                    <form method="POST" class="inline-form">
+                                        <?php echo csrfField(); ?>
+                                        <input type="hidden" name="order_id" value="<?php echo escape(
+                                            $order["id"],
+                                        ); ?>">
+                                        <input type="hidden" name="item_index" value="<?php echo (int) $index; ?>">
+                                        <button type="submit" name="toggle_item_backorder" class="btn btn-small btn-secondary">
+                                            <?php echo $backorderStatus === "to_be_backordered"
+                                                ? "Nachbestellung aufheben"
+                                                : "Als Nachbestellung markieren"; ?>
+                                        </button>
+                                    </form>
+                                    <?php endif; ?>
+                                <?php else: ?>
+                                    -
+                                <?php endif; ?>
+                            </td>
+                        </tr>
+                    <?php endforeach; ?>
+                </tbody>
+            </table>
+        </div>
+
+        <?php if (
+            $order["status"] !== "cancelled" &&
+            $order["status"] !== "processed"
+        ): ?>
+            <button
+                type="button"
+                class="btn btn-secondary btn-small"
+                id="cancel-order-open"
+            >
+                Bestellung stornieren
+            </button>
+
+            <div
+                id="cancel-order-modal"
+                class="modal"
+                role="dialog"
+                aria-labelledby="cancel-order-title"
+                aria-hidden="true"
+            >
+                <div class="modal-content modal-content-compact">
+                    <button
+                        type="button"
+                        class="modal-close btn btn-secondary btn-small"
+                        id="cancel-order-close"
+                        aria-label="Schließen"
+                    >
+                        &times;
+                    </button>
+                    <h4 id="cancel-order-title">Bestellung stornieren</h4>
+                    <form method="POST" id="cancel-order-form">
+                        <?php echo csrfField(); ?>
+                        <input type="hidden" name="order_id" value="<?php echo escape(
+                            $order["id"],
+                        ); ?>">
+                        <div class="form-group">
+                            <label for="cancellation_reason">Stornogrund</label>
+                            <textarea
+                                id="cancellation_reason"
+                                name="cancellation_reason"
+                                rows="3"
+                                placeholder="Optionaler Grund"
+                            ></textarea>
+                        </div>
+                        <button type="submit" name="cancel_order" class="btn">
+                            Stornierung bestätigen
+                        </button>
+                    </form>
+                </div>
+            </div>
+            <script>
+            (function () {
+                const modal = document.getElementById("cancel-order-modal");
+                const openBtn = document.getElementById("cancel-order-open");
+                const closeBtn = document.getElementById("cancel-order-close");
+                if (!modal || !openBtn || !closeBtn) {
+                    return;
+                }
+
+                function openModal() {
+                    modal.classList.add("is-open");
+                    modal.setAttribute("aria-hidden", "false");
+                    const reason = document.getElementById("cancellation_reason");
+                    if (reason) {
+                        reason.focus();
+                    }
+                }
+
+                function closeModal() {
+                    modal.classList.remove("is-open");
+                    modal.setAttribute("aria-hidden", "true");
+                }
+
+                openBtn.addEventListener("click", openModal);
+                closeBtn.addEventListener("click", closeModal);
+                modal.addEventListener("click", function (event) {
+                    if (event.target === modal) {
+                        closeModal();
+                    }
+                });
+                document.addEventListener("keydown", function (event) {
+                    if (event.key === "Escape" && modal.classList.contains("is-open")) {
+                        closeModal();
+                    }
+                });
+            })();
+            </script>
+        <?php endif; ?>
+    </div>
+<?php endif; ?>
+
+<?php include __DIR__ . "/../includes/footer.php"; ?>

admin/orders.php

@@ -9,111 +9,15 @@ if (empty($_SESSION['admin_logged_in'])) {
 
 expirePendingOrders();
 
-$pageTitle = "Bestellungen";
-$message = "";
-$messageType = "";
-
-if (
-    $_SERVER['REQUEST_METHOD'] === "POST" &&
-    isset($_POST['toggle_item_backorder'])
-) {
-    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
-        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
-        $messageType = "error";
-    } else {
-        $result = toggleOrderItemBackorder(
-            $_POST['order_id'] ?? "",
-            (int) ($_POST['item_index'] ?? -1),
-        );
-        $message = $result["success"]
-            ? "Nachbestellstatus wurde aktualisiert."
-            : $result["message"];
-        $messageType = $result["success"] ? "success" : "error";
-
-        if ($result["success"]) {
-            logAccess("Admin toggled order item backorder", [
-                "admin" => $_SESSION['admin_username'] ?? "unknown",
-                "order_id" => $_POST['order_id'] ?? "",
-                "item_index" => $_POST['item_index'] ?? -1,
-            ]);
-        }
-    }
-}
-
-if (
-    $_SERVER['REQUEST_METHOD'] === "POST" &&
-    isset($_POST['toggle_item_processed'])
-) {
-    // Validate CSRF token
-    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
-        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
-        $messageType = "error";
-    } else {
-        $result = toggleOrderItemProcessed(
-            $_POST['order_id'] ?? "",
-            (int) ($_POST['item_index'] ?? -1),
-        );
-        $message = $result["success"]
-            ? "Position wurde aktualisiert."
-            : $result["message"];
-        $messageType = $result["success"] ? "success" : "error";
-
-        if ($result["success"]) {
-            logAccess("Admin toggled order item", [
-                "admin" => $_SESSION['admin_username'] ?? "unknown",
-                "order_id" => $_POST['order_id'] ?? "",
-                "item_index" => $_POST['item_index'] ?? -1,
-            ]);
-        }
-    }
-}
-
-if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['cancel_order'])) {
-    // Validate CSRF token
-    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
-        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
-        $messageType = "error";
-    } else {
-        $adminUsername = $_SESSION['admin_username'] ?? "";
-        $result = cancelOrder(
-            $_POST['order_id'] ?? "",
-            $adminUsername,
-            $_POST['cancellation_reason'] ?? "",
-        );
-        $message = $result["success"]
-            ? "Bestellung wurde storniert."
-            : $result["message"];
-        $messageType = $result["success"] ? "success" : "error";
-
-        if ($result["success"]) {
-            logAccess("Admin cancelled order", [
-                "admin" => $adminUsername,
-                "order_id" => $_POST['order_id'] ?? "",
-            ]);
-        }
-    }
+if (isset($_GET['details']) && trim((string) $_GET['details']) !== "") {
+    header(
+        "Location: order.php?id=" .
+            urlencode(trim((string) $_GET['details'])),
+    );
+    exit();
 }
 
-if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['uncancel_order'])) {
-    if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
-        $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
-        $messageType = "error";
-    } else {
-        $adminUsername = $_SESSION['admin_username'] ?? "";
-        $result = uncancelOrder($_POST['order_id'] ?? "");
-        $message = $result["success"]
-            ? "Stornierung wurde aufgehoben."
-            : $result["message"];
-        $messageType = $result["success"] ? "success" : "error";
-
-        if ($result["success"]) {
-            logAccess("Admin uncancelled order", [
-                "admin" => $adminUsername,
-                "order_id" => $_POST['order_id'] ?? "",
-            ]);
-        }
-    }
-}
+$pageTitle = "Bestellungen";
 
 $orders = getOrders();
 usort($orders, function ($left, $right) {
@@ -122,7 +26,6 @@ usort($orders, function ($left, $right) {
 
 $filter = trim((string) ($_GET['filter'] ?? "all"));
 $searchOrderId = trim((string) ($_GET['order_id'] ?? ""));
-$selectedOrderId = trim((string) ($_GET['details'] ?? $searchOrderId));
 
 if ($searchOrderId !== "") {
     $orders = array_values(
@@ -155,9 +58,6 @@ if ($filter !== "all") {
     );
 }
 
-$selectedOrder =
-    $selectedOrderId !== "" ? getOrderById($selectedOrderId) : null;
-
 $bodyClass = "admin-page";
 include __DIR__ . "/../includes/header.php";
 ?>
@@ -169,12 +69,6 @@ include __DIR__ . "/../includes/header.php";
     </div>
 </div>
 
-<?php if ($message !== ""): ?>
-    <div class="alert alert-<?php echo escape($messageType); ?>">
-        <?php echo escape($message); ?>
-    </div>
-<?php endif; ?>
-
 <div class="panel">
     <form method="GET" class="admin-filter-form">
         <div class="admin-filter-field admin-filter-field-wide">
@@ -258,7 +152,7 @@ include __DIR__ . "/../includes/header.php";
     getOrderStatusLabel($order),
 ); ?></span></td>
                         <td data-label="Aktionen">
-                            <a href="orders.php?details=<?php echo urlencode(
+                            <a href="order.php?id=<?php echo urlencode(
                                 $order["id"],
                             ); ?>" class="btn btn-small">Details</a>
                         </td>
@@ -269,274 +163,4 @@ include __DIR__ . "/../includes/header.php";
     </div>
 <?php endif; ?>
 
-<?php if ($selectedOrder !== null): ?>
-    <div class="panel">
-        <h3>Bestellung <?php echo escape($selectedOrder["id"]); ?></h3>
-        <p><strong>Status:</strong> <span class="status <?php echo escape(
-            getOrderStatusClass($selectedOrder),
-        ); ?>"><?php echo escape(
-    getOrderStatusLabel($selectedOrder),
-); ?></span>
-        <?php if (orderHasBackorder($selectedOrder)): ?>
-            <span class="status status-backorder">Nachbestellung</span>
-        <?php endif; ?>
-        </p>
-        <p><strong>Name:</strong> <?php echo escape(
-            $selectedOrder["customer_name"],
-        ); ?></p>
-        <p><strong>E-Mail:</strong> <?php echo escape(
-            $selectedOrder["customer_email"],
-        ); ?></p>
-        <p><strong>Organisation:</strong> <?php echo escape(
-            $selectedOrder["organization_label"],
-        ); ?></p>
-        <p><strong>Erstellt:</strong> <?php echo escape(
-            formatDate($selectedOrder["created_at"]),
-        ); ?></p>
-        <?php if ($selectedOrder["confirmed_at"] !== ""): ?>
-            <p><strong>Bestätigt:</strong> <?php echo escape(
-                formatDate($selectedOrder["confirmed_at"]),
-            ); ?></p>
-        <?php endif; ?>
-        <?php if ($selectedOrder["confirmation_status"] === "pending"): ?>
-            <p><strong>Bestätigung offen bis:</strong> <?php echo escape(
-                formatDate($selectedOrder["confirmation_expires_at"]),
-            ); ?></p>
-        <?php endif; ?>
-        <?php if ($selectedOrder["admin_notified_at"] !== ""): ?>
-            <p><strong>Intern weitergeleitet:</strong> <?php echo escape(
-                formatDate($selectedOrder["admin_notified_at"]),
-            ); ?></p>
-        <?php endif; ?>
-        <p><strong>Kommentar:</strong><br><?php echo $selectedOrder[
-            "comment"
-        ] !== ""
-            ? nl2br(escape($selectedOrder["comment"]))
-            : "Kein Kommentar"; ?></p>
-
-        <?php if ($selectedOrder["status"] === "cancelled"): ?>
-            <div class="alert alert-warning">
-                <p><strong>Storniert am:</strong> <?php echo escape(
-                    formatDate($selectedOrder["cancelled_at"]),
-                ); ?></p>
-                <p><strong>Storniert durch:</strong> <?php echo escape(
-                    $selectedOrder["cancelled_by"],
-                ); ?></p>
-                <p><strong>Stornogrund:</strong><br><?php echo $selectedOrder[
-                    "cancellation_reason"
-                ] !== ""
-                    ? nl2br(escape($selectedOrder["cancellation_reason"]))
-                    : "Kein Grund angegeben"; ?></p>
-            </div>
-            <form
-                method="POST"
-                class="inline-form"
-                onsubmit="return confirm('Stornierung wirklich aufheben? Die Bestellung kann danach wieder bearbeitet werden.');"
-            >
-                <?php echo csrfField(); ?>
-                <input type="hidden" name="order_id" value="<?php echo escape(
-                    $selectedOrder["id"],
-                ); ?>">
-                <button type="submit" name="uncancel_order" class="btn btn-small">
-                    Stornierung aufheben
-                </button>
-            </form>
-        <?php endif; ?>
-
-        <h4>Positionen</h4>
-        <div class="table-responsive">
-            <table class="responsive-table table-compact">
-                <thead>
-                    <tr>
-                        <th>Artikel</th>
-                        <th>Größe</th>
-                        <th>Lieferhinweis</th>
-                        <th>Bearbeitet</th>
-                        <th>Nachbestellung</th>
-                        <th>Aktion</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    <?php foreach (
-                        $selectedOrder["items"]
-                        as $index => $item
-                    ): ?>
-                        <tr>
-                            <td data-label="Artikel"><?php echo escape(
-                                $item["product_name"],
-                            ); ?></td>
-                            <td data-label="Größe"><?php echo $item["size"] !==
-                            ""
-                                ? escape($item["size"])
-                                : "-"; ?></td>
-                            <td data-label="Lieferhinweis"><?php echo $item[
-                                "availability_label"
-                            ] !== ""
-                                ? escape($item["availability_label"])
-                                : "-"; ?></td>
-                            <td data-label="Bearbeitet">
-                                <span class="status <?php echo !empty(
-                                    $item["is_processed"]
-                                )
-                                    ? "status-processed"
-                                    : "status-open"; ?>">
-                                    <?php echo !empty($item["is_processed"])
-                                        ? "Ja"
-                                        : "Nein"; ?>
-                                </span>
-                            </td>
-                            <td data-label="Nachbestellung">
-                                <?php
-                                $backorderStatus = (string) ($item["backorder_status"] ?? "");
-                                if ($backorderStatus !== ""): ?>
-                                    <span class="status <?php echo escape(
-                                        getBackorderStatusClass($backorderStatus),
-                                    ); ?>"><?php echo escape(
-    getBackorderStatusLabel($backorderStatus),
-); ?></span>
-                                <?php else: ?>
-                                    -
-                                <?php endif; ?>
-                            </td>
-                            <td data-label="Aktionen">
-                                <?php if (
-                                    $selectedOrder["status"] !== "cancelled" &&
-                                    $selectedOrder["confirmation_status"] !==
-                                        "pending" &&
-                                    $selectedOrder["confirmation_status"] !==
-                                        "expired"
-                                ): ?>
-                                    <form method="POST" class="inline-form">
-                                        <?php echo csrfField(); ?>
-                                        <input type="hidden" name="order_id" value="<?php echo escape(
-                                            $selectedOrder["id"],
-                                        ); ?>">
-                                        <input type="hidden" name="item_index" value="<?php echo (int) $index; ?>">
-                                        <button type="submit" name="toggle_item_processed" class="btn btn-small">
-                                            <?php echo !empty(
-                                                $item["is_processed"]
-                                            )
-                                                ? "Als offen markieren"
-                                                : "Als bearbeitet markieren"; ?>
-                                        </button>
-                                    </form>
-                                    <?php
-                                    $canToggleBackorder =
-                                        $backorderStatus === "to_be_backordered" ||
-                                        ($backorderStatus === "" &&
-                                            empty($item["is_processed"]));
-                                    if ($canToggleBackorder): ?>
-                                    <form method="POST" class="inline-form">
-                                        <?php echo csrfField(); ?>
-                                        <input type="hidden" name="order_id" value="<?php echo escape(
-                                            $selectedOrder["id"],
-                                        ); ?>">
-                                        <input type="hidden" name="item_index" value="<?php echo (int) $index; ?>">
-                                        <button type="submit" name="toggle_item_backorder" class="btn btn-small btn-secondary">
-                                            <?php echo $backorderStatus === "to_be_backordered"
-                                                ? "Nachbestellung aufheben"
-                                                : "Als Nachbestellung markieren"; ?>
-                                        </button>
-                                    </form>
-                                    <?php endif; ?>
-                                <?php else: ?>
-                                    -
-                                <?php endif; ?>
-                            </td>
-                        </tr>
-                    <?php endforeach; ?>
-                </tbody>
-            </table>
-        </div>
-
-        <?php if (
-            $selectedOrder["status"] !== "cancelled" &&
-            $selectedOrder["status"] !== "processed"
-        ): ?>
-            <button
-                type="button"
-                class="btn btn-secondary btn-small"
-                id="cancel-order-open"
-            >
-                Bestellung stornieren
-            </button>
-
-            <div
-                id="cancel-order-modal"
-                class="modal"
-                role="dialog"
-                aria-labelledby="cancel-order-title"
-                aria-hidden="true"
-            >
-                <div class="modal-content modal-content-compact">
-                    <button
-                        type="button"
-                        class="modal-close btn btn-secondary btn-small"
-                        id="cancel-order-close"
-                        aria-label="Schließen"
-                    >
-                        &times;
-                    </button>
-                    <h4 id="cancel-order-title">Bestellung stornieren</h4>
-                    <form method="POST" id="cancel-order-form">
-                        <?php echo csrfField(); ?>
-                        <input type="hidden" name="order_id" value="<?php echo escape(
-                            $selectedOrder["id"],
-                        ); ?>">
-                        <div class="form-group">
-                            <label for="cancellation_reason">Stornogrund</label>
-                            <textarea
-                                id="cancellation_reason"
-                                name="cancellation_reason"
-                                rows="3"
-                                placeholder="Optionaler Grund"
-                            ></textarea>
-                        </div>
-                        <button type="submit" name="cancel_order" class="btn">
-                            Stornierung bestätigen
-                        </button>
-                    </form>
-                </div>
-            </div>
-            <script>
-            (function () {
-                const modal = document.getElementById("cancel-order-modal");
-                const openBtn = document.getElementById("cancel-order-open");
-                const closeBtn = document.getElementById("cancel-order-close");
-                if (!modal || !openBtn || !closeBtn) {
-                    return;
-                }
-
-                function openModal() {
-                    modal.classList.add("is-open");
-                    modal.setAttribute("aria-hidden", "false");
-                    const reason = document.getElementById("cancellation_reason");
-                    if (reason) {
-                        reason.focus();
-                    }
-                }
-
-                function closeModal() {
-                    modal.classList.remove("is-open");
-                    modal.setAttribute("aria-hidden", "true");
-                }
-
-                openBtn.addEventListener("click", openModal);
-                closeBtn.addEventListener("click", closeModal);
-                modal.addEventListener("click", function (event) {
-                    if (event.target === modal) {
-                        closeModal();
-                    }
-                });
-                document.addEventListener("keydown", function (event) {
-                    if (event.key === "Escape" && modal.classList.contains("is-open")) {
-                        closeModal();
-                    }
-                });
-            })();
-            </script>
-        <?php endif; ?>
-    </div>
-<?php endif; ?>
-
 <?php include __DIR__ . "/../includes/footer.php"; ?>