Главная Обзор Помощь
Вход
Medowar
/
psa-orderform
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Ветка: main
Ветки Метки
psa-orderform
/
checkout.php

checkout.php 6.1 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176 
  1. <?php
    2. 

  2. require_once __DIR__ . "/config.php";
    3. 

  3. require_once __DIR__ . "/includes/functions.php";
    4. 

  4. 

  5. $pageTitle = "Bestellung abschließen";
    6. 

  6. $cartItems = getCartItemsDetailed();
    7. 

  7. $organizations = getOrganizations(true);
    8. 

  8. $errors = [];
    9. 

  9. 

  10. if (empty($cartItems)) {
    11. 

  11.     header("Location: cart.php");
    12. 

  12.     exit();
    13. 

  13. }
    14. 

  14. 

  15. if ($_SERVER['REQUEST_METHOD'] === "POST" && isset($_POST['create_order'])) {
    16. 

  16.     // Validate CSRF token
    17. 

  17.     if (!validateCsrfToken($_POST['csrf_token'] ?? "")) {
    18. 

  18.         $errors[] = "Ungültiges Token. Bitte versuchen Sie es erneut.";
    19. 

  19.     } else {
    20. 

  20.         $validator = new Validator($_POST);
    21. 

  21. 

  22.         $validator
    23. 

  23.             ->required("customer_name", "Name")
    24. 

  24.             ->minLength("customer_name", 2, "Name")
    25. 

  25.             ->maxLength("customer_name", 100, "Name")
    26. 

  26.             ->required("customer_email", "E-Mail-Adresse")
    27. 

  27.             ->email("customer_email", "E-Mail-Adresse")
    28. 

  28.             ->maxLength("customer_email", 255, "E-Mail-Adresse")
    29. 

  29.             ->required("organization_id", "Organisation")
    30. 

  30.             ->maxLength("comment", 1000, "Kommentar");
    31. 

  31. 

  32.         // Validate organization exists
    33. 

  33.         $organizationId = $_POST['organization_id'] ?? "";
    34. 

  34.         $organizations = getOrganizations(true);
    35. 

  35.         $validOrgIds = array_column($organizations, "id");
    36. 

  36. 

  37.         if (!in_array($organizationId, $validOrgIds, true)) {
    38. 

  38.             $validator->addError("Die gewählte Organisation ist ungültig.");
    39. 

  39.         }
    40. 

  40. 

  41.         if (!$validator->isValid()) {
    42. 

  42.             $errors = array_merge($errors, $validator->getErrors());
    43. 

  43.         } elseif (!checkoutRateLimitWouldAllow()) {
    44. 

  44.             $errors[] =
    45. 

  45.                 "Zu viele Bestellversuche von dieser Verbindung. Bitte versuchen Sie es später erneut.";
    46. 

  46.         } else {
    47. 

  47.             $customerName = trim($_POST['customer_name']);
    48. 

  48.             $customerEmail = trim(strtolower($_POST['customer_email']));
    49. 

  49.             $comment = trim($_POST['comment'] ?? "");
    50. 

  50. 

  51.             $result = createOrder(
    52. 

  52.                 $customerName,
    53. 

  53.                 $customerEmail,
    54. 

  54.                 $organizationId,
    55. 

  55.                 $comment,
    56. 

  56.                 buildOrderItemsFromCart(),
    57. 

  57.             );
    58. 

  58. 

  59.             if (!$result["success"]) {
    60. 

  60.                 $errors[] = $result["message"];
    61. 

  61.             } else {
    62. 

  62.                 checkoutRateLimitTryConsume();
    63. 

  63.                 clearCart();
    64. 

  64.                 logAccess("Order created", [
    65. 

  65.                     "order_id" => $result["order"]["id"],
    66. 

  66.                     "customer" => $customerEmail,
    67. 

  67.                 ]);
    68. 

  68.                 header(
    69. 

  69.                     "Location: order-success.php?id=" .
    70. 

  70.                         urlencode($result["order"]["id"]),
    71. 

  71.                 );
    72. 

  72.                 exit();
    73. 

  73.             }
    74. 

  74.         }
    75. 

  75.     }
    76. 

  76. }
    77. 

  77. 

  78. include __DIR__ . "/includes/header.php";
    79. 

  79. ?>
    80. 

  80. 

  81. <h2>Bestellung abschließen</h2>
    82. 

  82. 

  83. <?php if (!empty($errors)): ?>
    84. 

  84.     <div class="alert alert-error">
    85. 

  85.         <ul class="list-indent">
    86. 

  86.             <?php foreach ($errors as $error): ?>
    87. 

  87.                 <li><?php echo escape($error); ?></li>
    88. 

  88.             <?php endforeach; ?>
    89. 

  89.         </ul>
    90. 

  90.     </div>
    91. 

  91. <?php endif; ?>
    92. 

  92. 

  93. <div class="checkout-grid">
    94. 

  94.     <div>
    95. 

  95.         <h3>Ihre Auswahl</h3>
    96. 

  96. 

  97.         <?php foreach ($cartItems as $cartItem): ?>
    98. 

  98.             <div class="panel panel-compact">
    99. 

  99.                 <strong><?php echo escape(
    100. 

  100.                     $cartItem["product"]["name"],
    101. 

  101.                 ); ?></strong><br>
    102. 

  102.                 <?php if ($cartItem["size"] !== ""): ?>
    103. 

  103.                     Größe: <?php echo escape($cartItem["size"]); ?><br>
    104. 

  104.                 <?php endif; ?>
    105. 

  105.                 <?php if ($cartItem["availability_label"] !== ""): ?>
    106. 

  106.                     Lieferhinweis: <?php echo escape(
    107. 

  107.                         $cartItem["availability_label"],
    108. 

  108.                     ); ?>
    109. 

  109.                 <?php endif; ?>
    110. 

  110.             </div>
    111. 

  111.         <?php endforeach; ?>
    112. 

  112.     </div>
    113. 

  113. 

  114.     <div>
    115. 

  115.         <h3>Bestelldaten</h3>
    116. 

  116.         <form method="POST">
    117. 

  117.             <div class="form-group">
    118. 

  118.                 <label for="customer_name">Name *</label>
    119. 

  119.                 <input type="text" id="customer_name" name="customer_name" required value="<?php echo isset(
    120. 

  120.                     $_POST['customer_name'],
    121. 

  121.                 )
    122. 

  122.                     ? escape($_POST['customer_name'])
    123. 

  123.                     : ""; ?>">
    124. 

  124.             </div>
    125. 

  125. 

  126.             <div class="form-group">
    127. 

  127.                 <label for="customer_email">E-Mail-Adresse *</label>
    128. 

  128.                 <input type="email" id="customer_email" name="customer_email" required value="<?php echo isset(
    129. 

  129.                     $_POST['customer_email'],
    130. 

  130.                 )
    131. 

  131.                     ? escape($_POST['customer_email'])
    132. 

  132.                     : ""; ?>">
    133. 

  133.             </div>
    134. 

  134. 

  135.             <div class="form-group">
    136. 

  136.                 <label for="organization_id">Organisation *</label>
    137. 

  137.                 <select id="organization_id" name="organization_id" required>
    138. 

  138.                     <option value="">Bitte wählen</option>
    139. 

  139.                     <?php foreach ($organizations as $organization): ?>
    140. 

  140.                         <option value="<?php echo escape(
    141. 

  141.                             $organization["id"],
    142. 

  142.                         ); ?>" <?php echo isset($_POST['organization_id']) &&
    143. 

  143. $_POST['organization_id'] === $organization["id"]
    144. 

  144.     ? "selected"
    145. 

  145.     : ""; ?>>
    146. 

  146.                             <?php echo escape($organization["label"]); ?>
    147. 

  147.                         </option>
    148. 

  148.                     <?php endforeach; ?>
    149. 

  149.                 </select>
    150. 

  150.             </div>
    151. 

  151. 

  152.             <div class="form-group">
    153. 

  153.                 <label for="comment">Kommentar</label>
    154. 

  154.                 <textarea id="comment" name="comment" rows="5"><?php echo isset(
    155. 

  155.                     $_POST['comment'],
    156. 

  156.                 )
    157. 

  157.                     ? escape($_POST['comment'])
    158. 

  158.                     : ""; ?></textarea>
    159. 

  159.             </div>
    160. 

  160. 

  161.             <div class="alert alert-info">
    162. 

  162.                 Nach dem Absenden wird die Bestellung direkt an die Gerätewarte weitergeleitet.
    163. 

  163.             </div>
    164. 

  164. 

  165.             <?php echo csrfField(); ?>
    166. 

  166. 

  167.             <button type="submit" name="create_order" class="btn btn-block">Bestellung absenden</button>
    168. 

  168.         </form>
    169. 

  169. 

  170.         <div class="mt-2">
    171. 

  171.             <a href="cart.php" class="btn btn-secondary">Zurück zum Warenkorb</a>
    172. 

  172.         </div>
    173. 

  173.     </div>
    174. 

  174. </div>
    175. 

  175. 

  176. <?php include __DIR__ . "/includes/footer.php"; ?>
    177.