prepare("SELECT * FROM orders WHERE id = ?"); $stmt->execute([$order_id]); $order = $stmt->fetch(PDO::FETCH_ASSOC); if (!$order) { echo "

Order not found.

"; exit; } $stmt = $pdo->prepare("SELECT * FROM order_items WHERE order_id = ?"); $stmt->execute([$order_id]); $items = $stmt->fetchAll(PDO::FETCH_ASSOC); echo "Podrobnosti naročila #{$order_id}"; echo "

"; echo "

Naročilo #{$order_id}

"; echo "

Stranka: {$order['customer_name']}
Email: {$order['customer_email']}
Naslov: {$order['customer_address']}
Telefon: {$order['customer_phone']}

"; echo "

Status: {$order['status']}
Skupaj: {$order['total_amount']} €
Datum: {$order['created_at']}

"; echo "

Izdelki

"; echo ""; foreach ($items as $item) { echo ""; } echo "

Izdelek	Količina	Cena
{$item['product_name']}	{$item['quantity']}	{$item['total_price']} €

"; echo "

Nazaj na nadzorno ploščo

"; echo "

"; exit; } // Default: return all orders as JSON (API) $stmt = $pdo->query("SELECT * FROM orders"); $orders = $stmt->fetchAll(PDO::FETCH_ASSOC); foreach($orders as &$order) { $stmt = $pdo->prepare("SELECT * FROM order_items WHERE order_id = ?"); $stmt->execute([$order['id']]); $order['items'] = $stmt->fetchAll(PDO::FETCH_ASSOC); } header('Content-Type: application/json; charset=utf-8'); echo json_encode($orders); } // POST create new order if ($_SERVER['REQUEST_METHOD'] === 'POST') { $data = json_decode(file_get_contents("php://input")); // Start transaction $pdo->beginTransaction(); try { // Create order $stmt = $pdo->prepare("INSERT INTO orders (customer_name, customer_email, customer_address, total_amount, status) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([ $data->customer->name, $data->customer->email, $data->customer->address, $data->total, 'pending' ]); $order_id = $pdo->lastInsertId(); // Add order items foreach($data->items as $item) { $stmt = $pdo->prepare("INSERT INTO order_items (order_id, product_id, product_name, quantity, unit_price) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([ $order_id, $item->product_id, $item->product_name, $item->quantity, $item->unit_price ]); // Update product stock $stmt = $pdo->prepare("UPDATE products SET stock = stock - ? WHERE id = ?"); $stmt->execute([$item->quantity, $item->product_id]); } // Commit transaction $pdo->commit(); http_response_code(201); echo json_encode(array("success" => true, "order_id" => $order_id)); } catch(Exception $e) { // Rollback on error $pdo->rollBack(); http_response_code(500); echo json_encode(array("success" => false, "message" => $e->getMessage())); } } // UPDATE order status (Admin only) if ($_SERVER['REQUEST_METHOD'] === 'PUT') { require_once 'require_auth.php'; // This now includes admin role checking $data = json_decode(file_get_contents("php://input")); $id = $_GET['id'] ?? null; if($id) { $stmt = $pdo->prepare("UPDATE orders SET status = ? WHERE id = ?"); $stmt->execute([$data->status, $id]); echo json_encode(array("success" => true, "message" => "Order updated")); } else { http_response_code(400); echo json_encode(array("success" => false, "message" => "Order ID required")); } } ?>