One Hat Cyber Team
Your IP :
216.73.216.186
Server IP :
147.79.69.192
Server :
Linux in-mum-web1837.main-hosting.eu 5.14.0-503.34.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Mar 27 06:00:50 EDT 2025 x86_64
Server Software :
LiteSpeed
PHP Version :
8.2.28
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
u322583024
/
domains
/
awaha.in
/
public_html
/
Edit File:
process_order.php
<?php session_name('vaishnavi_awaha'); session_start(); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); if (!isset($_SESSION['user_id'])) { header("Location: login.php?message=Please log in to place an order."); exit(); } require_once 'admin/connection.inc.php'; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $user_id = $_SESSION['user_id']; // Retrieve and sanitize form data $billing_name = htmlspecialchars($_POST['billing_name'] ?? ''); $billing_address = htmlspecialchars($_POST['billing_address'] ?? ''); $billing_city = htmlspecialchars($_POST['billing_city'] ?? ''); $billing_state = htmlspecialchars($_POST['billing_state'] ?? ''); $billing_zip = htmlspecialchars($_POST['billing_zip'] ?? ''); $billing_phone = htmlspecialchars($_POST['billing_phone'] ?? ''); $payment_method = htmlspecialchars($_POST['payment_method'] ?? ''); $total_amount = 0; $order_products = []; $cart_ids = []; $cart1_ids = []; // Fetch items from both `cart` and `cart1` $query = "(SELECT 'cart' AS source, c.id AS cart_id, c.product_id, c.quantity, p.product_price FROM cart c JOIN products p ON c.product_id = p.id WHERE c.user_id = ? AND c.deleted_at IS NULL) UNION ALL (SELECT 'cart1' AS source, c1.id AS cart_id, c1.product_id, c1.quantity, p.product_price FROM cart1 c1 JOIN products p ON c1.product_id = p.id WHERE c1.user_id = ? AND c1.deleted_at IS NULL)"; $stmt = $conn->prepare($query); $stmt->bind_param("ii", $user_id, $user_id); $stmt->execute(); $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) { $total_amount += $row['quantity'] * $row['product_price']; $order_products[] = [ 'product_id' => $row['product_id'], 'quantity' => $row['quantity'] ]; // Store cart IDs separately for updating deletion status if ($row['source'] === 'cart') { $cart_ids[] = $row['cart_id']; } else { $cart1_ids[] = $row['cart_id']; } } if (empty($order_products)) { header("Location: cart.php?message=Your cart is empty. Please add items before placing an order."); exit(); } // Generate unique order ID $order_id = 'AWAHAORD-' . strtoupper(uniqid()); $product_data = json_encode($order_products); $cart_ids_json = json_encode(array_merge($cart_ids, $cart1_ids)); // Insert order details into the `orders` table $query = "INSERT INTO orders (order_id, user_id, total_amount, billing_name, billing_address, billing_city, billing_state, billing_zip, billing_phone, payment_method, order_status, cart_ids, products) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'Pending', ?, ?)"; $stmt = $conn->prepare($query); $stmt->bind_param( "sissssssssss", $order_id, $user_id, $total_amount, // Ensure this is a float $billing_name, $billing_address, $billing_city, $billing_state, $billing_zip, $billing_phone, $payment_method, $cart_ids_json, // Ensure this is a valid JSON string $product_data ); if ($stmt->execute()) { $deleted_at = date("Y-m-d H:i:s"); // Mark items as deleted in `cart` if (!empty($cart_ids)) { $query = "UPDATE cart SET deleted_at = ? WHERE user_id = ? AND id IN (" . implode(',', $cart_ids) . ")"; $stmt = $conn->prepare($query); $stmt->bind_param("si", $deleted_at, $user_id); $stmt->execute(); } // Mark items as deleted in `cart1` if (!empty($cart1_ids)) { $query = "UPDATE cart1 SET deleted_at = ? WHERE user_id = ? AND id IN (" . implode(',', $cart1_ids) . ")"; $stmt = $conn->prepare($query); $stmt->bind_param("si", $deleted_at, $user_id); $stmt->execute(); } header("Location: order-success.php?order_id=" . $order_id); exit(); } else { error_log("Error placing order: " . $stmt->error); echo "Error placing the order. Please try again later."; } } else { header("Location: checkout.php"); exit(); } ?>
Simpan