| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371 |
- <?php
- require_once __DIR__ . "/../config.php";
- require_once __DIR__ . "/../includes/functions.php";
- if (empty($_SESSION["admin_logged_in"])) {
- header("Location: login.php");
- exit();
- }
- expirePendingOrders();
- $pageTitle = "Bestellungen";
- $message = "";
- $messageType = "";
- if (
- $_SERVER["REQUEST_METHOD"] === "POST" &&
- isset($_POST["toggle_item_processed"])
- ) {
- // Validate CSRF token
- if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
- $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
- $messageType = "error";
- } else {
- $result = toggleOrderItemProcessed(
- $_POST["order_id"] ?? "",
- (int) ($_POST["item_index"] ?? -1),
- );
- $message = $result["success"]
- ? "Position wurde aktualisiert."
- : $result["message"];
- $messageType = $result["success"] ? "success" : "error";
- if ($result["success"]) {
- logAccess("Admin toggled order item", [
- "admin" => $_SESSION["admin_username"] ?? "unknown",
- "order_id" => $_POST["order_id"] ?? "",
- "item_index" => $_POST["item_index"] ?? -1,
- ]);
- }
- }
- }
- if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["cancel_order"])) {
- // Validate CSRF token
- if (!validateCsrfToken($_POST["csrf_token"] ?? "")) {
- $message = "Ungültiges Token. Bitte versuchen Sie es erneut.";
- $messageType = "error";
- } else {
- $adminUsername = $_SESSION["admin_username"] ?? "";
- $result = cancelOrder(
- $_POST["order_id"] ?? "",
- $adminUsername,
- $_POST["cancellation_reason"] ?? "",
- );
- $message = $result["success"]
- ? "Bestellung wurde storniert."
- : $result["message"];
- $messageType = $result["success"] ? "success" : "error";
- if ($result["success"]) {
- logAccess("Admin cancelled order", [
- "admin" => $adminUsername,
- "order_id" => $_POST["order_id"] ?? "",
- ]);
- }
- }
- }
- $orders = getOrders();
- usort($orders, function ($left, $right) {
- return strcmp($right["created_at"], $left["created_at"]);
- });
- $filter = trim((string) ($_GET["filter"] ?? "all"));
- $searchOrderId = trim((string) ($_GET["order_id"] ?? ""));
- $selectedOrderId = trim((string) ($_GET["details"] ?? $searchOrderId));
- if ($searchOrderId !== "") {
- $orders = array_values(
- array_filter($orders, function ($order) use ($searchOrderId) {
- return stripos($order["id"], $searchOrderId) !== false;
- }),
- );
- }
- if ($filter !== "all") {
- $orders = array_values(
- array_filter($orders, function ($order) use ($filter) {
- switch ($filter) {
- case "unconfirmed":
- return $order["confirmation_status"] === "pending";
- case "expired":
- return $order["confirmation_status"] === "expired";
- case "open":
- return $order["confirmation_status"] !== "pending" &&
- $order["status"] === "open";
- case "partial":
- return $order["status"] === "partial";
- case "processed":
- return $order["status"] === "processed";
- case "cancelled":
- return $order["status"] === "cancelled";
- }
- return true;
- }),
- );
- }
- $selectedOrder =
- $selectedOrderId !== "" ? getOrderById($selectedOrderId) : null;
- $bodyClass = "admin-page";
- include __DIR__ . "/../includes/header.php";
- ?>
- <div class="admin-header">
- <h2>Bestellungen</h2>
- <div>
- <a href="index.php" class="btn btn-secondary">Zurück zum Dashboard</a>
- </div>
- </div>
- <?php if ($message !== ""): ?>
- <div class="alert alert-<?php echo escape($messageType); ?>">
- <?php echo escape($message); ?>
- </div>
- <?php endif; ?>
- <div class="panel">
- <form method="GET" class="admin-filter-form">
- <div class="admin-filter-field admin-filter-field-wide">
- <label for="order_id">Bestellnummer suchen</label>
- <input type="text" id="order_id" name="order_id" value="<?php echo escape(
- $searchOrderId,
- ); ?>" placeholder="z. B. FWFS-2026-001">
- </div>
- <div>
- <label for="filter">Filter</label>
- <select id="filter" name="filter">
- <option value="all" <?php echo $filter === "all"
- ? "selected"
- : ""; ?>>Alle</option>
- <option value="unconfirmed" <?php echo $filter === "unconfirmed"
- ? "selected"
- : ""; ?>>Unbestätigt</option>
- <option value="expired" <?php echo $filter === "expired"
- ? "selected"
- : ""; ?>>Bestätigung abgelaufen</option>
- <option value="open" <?php echo $filter === "open"
- ? "selected"
- : ""; ?>>Offen</option>
- <option value="partial" <?php echo $filter === "partial"
- ? "selected"
- : ""; ?>>Teilweise bearbeitet</option>
- <option value="processed" <?php echo $filter === "processed"
- ? "selected"
- : ""; ?>>Bearbeitet</option>
- <option value="cancelled" <?php echo $filter === "cancelled"
- ? "selected"
- : ""; ?>>Storniert</option>
- </select>
- </div>
- <div class="admin-filter-actions">
- <button type="submit" class="btn">Filtern</button>
- <a href="orders.php" class="btn btn-secondary">Zurücksetzen</a>
- </div>
- </form>
- </div>
- <?php if (empty($orders)): ?>
- <div class="alert alert-info">
- <p>Keine Bestellungen gefunden.</p>
- </div>
- <?php else: ?>
- <div class="table-responsive">
- <table class="responsive-table">
- <thead>
- <tr>
- <th>Bestellnummer</th>
- <th>Name</th>
- <th>Organisation</th>
- <th>Artikel</th>
- <th>Erstellt</th>
- <th>Status</th>
- <th>Aktionen</th>
- </tr>
- </thead>
- <tbody>
- <?php foreach ($orders as $order): ?>
- <tr>
- <td data-label="Bestellnummer"><strong><?php echo escape(
- $order["id"],
- ); ?></strong></td>
- <td data-label="Name"><?php echo escape(
- $order["customer_name"],
- ); ?></td>
- <td data-label="Organisation"><?php echo escape(
- $order["organization_label"],
- ); ?></td>
- <td data-label="Artikel"><?php echo count(
- $order["items"],
- ); ?></td>
- <td data-label="Erstellt"><?php echo escape(
- formatDate($order["created_at"]),
- ); ?></td>
- <td data-label="Status"><span class="status <?php echo escape(
- getOrderStatusClass($order),
- ); ?>"><?php echo escape(
- getOrderStatusLabel($order),
- ); ?></span></td>
- <td data-label="Aktionen">
- <a href="orders.php?details=<?php echo urlencode(
- $order["id"],
- ); ?>" class="btn btn-small">Details</a>
- </td>
- </tr>
- <?php endforeach; ?>
- </tbody>
- </table>
- </div>
- <?php endif; ?>
- <?php if ($selectedOrder !== null): ?>
- <div class="panel">
- <h3>Bestellung <?php echo escape($selectedOrder["id"]); ?></h3>
- <p><strong>Status:</strong> <span class="status <?php echo escape(
- getOrderStatusClass($selectedOrder),
- ); ?>"><?php echo escape(
- getOrderStatusLabel($selectedOrder),
- ); ?></span></p>
- <p><strong>Name:</strong> <?php echo escape(
- $selectedOrder["customer_name"],
- ); ?></p>
- <p><strong>E-Mail:</strong> <?php echo escape(
- $selectedOrder["customer_email"],
- ); ?></p>
- <p><strong>Organisation:</strong> <?php echo escape(
- $selectedOrder["organization_label"],
- ); ?></p>
- <p><strong>Erstellt:</strong> <?php echo escape(
- formatDate($selectedOrder["created_at"]),
- ); ?></p>
- <?php if ($selectedOrder["confirmed_at"] !== ""): ?>
- <p><strong>Bestätigt:</strong> <?php echo escape(
- formatDate($selectedOrder["confirmed_at"]),
- ); ?></p>
- <?php endif; ?>
- <?php if ($selectedOrder["confirmation_status"] === "pending"): ?>
- <p><strong>Bestätigung offen bis:</strong> <?php echo escape(
- formatDate($selectedOrder["confirmation_expires_at"]),
- ); ?></p>
- <?php endif; ?>
- <?php if ($selectedOrder["admin_notified_at"] !== ""): ?>
- <p><strong>Intern weitergeleitet:</strong> <?php echo escape(
- formatDate($selectedOrder["admin_notified_at"]),
- ); ?></p>
- <?php endif; ?>
- <p><strong>Kommentar:</strong><br><?php echo $selectedOrder[
- "comment"
- ] !== ""
- ? nl2br(escape($selectedOrder["comment"]))
- : "Kein Kommentar"; ?></p>
- <?php if ($selectedOrder["status"] === "cancelled"): ?>
- <div class="alert alert-warning">
- <p><strong>Storniert am:</strong> <?php echo escape(
- formatDate($selectedOrder["cancelled_at"]),
- ); ?></p>
- <p><strong>Storniert durch:</strong> <?php echo escape(
- $selectedOrder["cancelled_by"],
- ); ?></p>
- <p><strong>Stornogrund:</strong><br><?php echo $selectedOrder[
- "cancellation_reason"
- ] !== ""
- ? nl2br(escape($selectedOrder["cancellation_reason"]))
- : "Kein Grund angegeben"; ?></p>
- </div>
- <?php endif; ?>
- <h4>Positionen</h4>
- <div class="table-responsive">
- <table class="responsive-table table-compact">
- <thead>
- <tr>
- <th>Artikel</th>
- <th>Größe</th>
- <th>Lieferhinweis</th>
- <th>Bearbeitet</th>
- <th>Aktion</th>
- </tr>
- </thead>
- <tbody>
- <?php foreach (
- $selectedOrder["items"]
- as $index => $item
- ): ?>
- <tr>
- <td data-label="Artikel"><?php echo escape(
- $item["product_name"],
- ); ?></td>
- <td data-label="Größe"><?php echo $item["size"] !==
- ""
- ? escape($item["size"])
- : "-"; ?></td>
- <td data-label="Lieferhinweis"><?php echo $item[
- "availability_label"
- ] !== ""
- ? escape($item["availability_label"])
- : "-"; ?></td>
- <td data-label="Bearbeitet">
- <span class="status <?php echo !empty(
- $item["is_processed"]
- )
- ? "status-processed"
- : "status-open"; ?>">
- <?php echo !empty($item["is_processed"])
- ? "Ja"
- : "Nein"; ?>
- </span>
- </td>
- <td data-label="Aktionen">
- <?php if (
- $selectedOrder["status"] !== "cancelled" &&
- $selectedOrder["confirmation_status"] !==
- "pending" &&
- $selectedOrder["confirmation_status"] !==
- "expired"
- ): ?>
- <form method="POST">
- <?php echo csrfField(); ?>
- <input type="hidden" name="order_id" value="<?php echo escape(
- $selectedOrder["id"],
- ); ?>">
- <input type="hidden" name="item_index" value="<?php echo (int) $index; ?>">
- <button type="submit" name="toggle_item_processed" class="btn btn-small">
- <?php echo !empty(
- $item["is_processed"]
- )
- ? "Als offen markieren"
- : "Als bearbeitet markieren"; ?>
- </button>
- </form>
- <?php else: ?>
- -
- <?php endif; ?>
- </td>
- </tr>
- <?php endforeach; ?>
- </tbody>
- </table>
- </div>
- <?php if ($selectedOrder["status"] !== "cancelled"): ?>
- <h4>Bestellung stornieren</h4>
- <form method="POST" onsubmit="return confirm('Bestellung wirklich stornieren?');">
- <?php echo csrfField(); ?>
- <input type="hidden" name="order_id" value="<?php echo escape(
- $selectedOrder["id"],
- ); ?>">
- <div class="form-group">
- <label for="cancellation_reason">Stornogrund</label>
- <textarea id="cancellation_reason" name="cancellation_reason" rows="3" placeholder="Optionaler Grund"></textarea>
- </div>
- <button type="submit" name="cancel_order" class="btn">Bestellung stornieren</button>
- </form>
- <?php endif; ?>
- </div>
- <?php endif; ?>
- <?php include __DIR__ . "/../includes/footer.php"; ?>
|
