query('SELECT id, name, surname, email, order_price, date_added, payment_status, used_ticket FROM orders')->fetchAll(\PDO::FETCH_ASSOC); return \Tpl::view('admin-panel/main-view', [ 'orders' => $ordersArr ]); } static public function order_data() { global $mdb; $clientId = $_GET['id']; $orderTickets = $mdb->query('SELECT * FROM order_tickets WHERE order_id =' . $clientId)->fetchAll(\PDO::FETCH_ASSOC); $orderInfo = $mdb->select('orders', '*', ['id' => $clientId]); \S::del_session('user_orders'); \S::set_session('user_orders', $orderTickets); return \Tpl::view('admin-panel/order-data', [ 'order_tickets' => $orderTickets, 'order_info' => $orderInfo, ]); } static public function login_check() { global $settings; $writingPassword = trim($_POST['admin_password']); if ($writingPassword == $settings['admin-password']) { \S::set_session('user', true); header('Location: /scanner/scanner_view/'); } else { header('Location: /apanel/login_view/'); } exit; } static public function unlogin() { \S::del_session("user"); header('Location: /apanel/login_view/'); exit; } //* Increment ticket static public function ticket_inc() { $basket = \S::get_session('user_orders'); $ticket_id = \S::get('ticket_id'); if (!empty($basket[$ticket_id])) { $basket[$ticket_id]['quantity']++; } else { $basket[$ticket_id]['quantity'] = 1; } $basket = \factory\Apanel::recalculate_ticket_protection( $basket ); $basket = \factory\Apanel::check_delivery( $basket ); \S::set_session( 'user_orders', $basket ); echo json_encode([ 'basket_form' => \Tpl::view('admin-panel/order-data-table', [ 'order_tickets' => $basket ]), 'order_summ' => \Tpl::view('admin-panel/order-summary', [ 'order_tickets' => $basket ]), ]); exit; } //* Decrement ticket static public function ticket_dec() { $basket = \S::get_session('user_orders'); $ticket_id = \S::get('ticket_id'); $basket[$ticket_id]['quantity']--; if ( $basket[$ticket_id]['quantity'] == 0 ) { unset($basket[$ticket_id]); } $basket = \factory\Apanel::recalculate_ticket_protection( $basket ); $basket = \factory\Apanel::check_delivery( $basket ); \S::set_session('user_orders', $basket); echo json_encode([ 'basket_form' => \Tpl::view('admin-panel/order-data-table', [ 'order_tickets' => $basket ]), 'order_summ' => \Tpl::view('admin-panel/order-summary', [ 'order_tickets' => $basket ]), ]); exit; } //* Remove ticket static public function ticket_rem() { $basket = \S::get_session('user_orders'); $ticket_id = \S::get('ticket_id'); unset($basket[$ticket_id]); $basket = \factory\Apanel::recalculate_ticket_protection( $basket ); $basket = \factory\Apanel::check_delivery( $basket ); \S::set_session('user_orders', $basket); echo json_encode([ 'basket_form' => \Tpl::view('admin-panel/order-data-table', [ 'order_tickets' => $basket ]), 'order_summ' => \Tpl::view('admin-panel/order-summary', [ 'order_tickets' => $basket ]), ]); exit; } //* Save new tickets list static public function ticket_save() { global $mdb; $order_id = \S::get('order_id'); $payment_status = \S::get( 'payment_status' ); $basket = \S::get_session('user_orders'); $order_price = 0; $mdb -> delete('order_tickets',['order_id' => $order_id]); foreach ($basket as $key => $value) { $order_price += $value['price'] * $value['quantity']; //* Zapisywanie do DB bilety $mdb->insert('order_tickets', [ 'order_id' => $order_id, 'product_id' => $value['product_id'], 'name' => $value['name'], 'quantity' => $value['quantity'], 'price' => trim($value['price']), 'date_visit' => $value['date_visit'], 'date_added' => $value['date_added'] ]); } $mdb->update('orders', ['order_price' => $order_price, 'payment_status' => $payment_status ], ['id' => $order_id]); exit; } static public function order_delete() { global $mdb; $order_id = \S::get('order_id'); $mdb->delete('order_tickets', ['order_id' => $order_id]); $mdb->delete('orders', ['id' => $order_id]); header( 'Location: /apanel/main_view/' ); exit; } static public function tickets() { global $settings; return \Tpl::view('admin-panel/tickets', [ 'tickets' => $settings['tickets'] ]); } static public function tickets_save() { global $mdb, $settings; if (empty($_POST['tickets']) || !is_array($_POST['tickets'])) { echo json_encode(['status' => 'error', 'message' => 'Brak danych']); exit; } $allowedTicketIds = array_keys($settings['tickets']); foreach ($_POST['tickets'] as $ticketId => $data) { $ticketId = trim((string) $ticketId); if (!in_array($ticketId, $allowedTicketIds, true)) { continue; } $price = trim($data['price'] ?? '') !== '' ? (float) $data['price'] : null; $priceWkd = trim($data['price_weekend'] ?? '') !== '' ? (float) $data['price_weekend'] : null; $day0 = trim($data['day0'] ?? '') !== '' ? (float) $data['day0'] : null; $day12 = trim($data['day1_2'] ?? '') !== '' ? (float) $data['day1_2'] : null; $day37 = trim($data['day3_7'] ?? '') !== '' ? (float) $data['day3_7'] : null; $stmt = $mdb->pdo->prepare('REPLACE INTO ticket_prices (ticket_id, price, price_weekend, dynamic_price_day0, dynamic_price_day1_2, dynamic_price_day3_7) VALUES (:tid, :price, :priceWkd, :day0, :day12, :day37)'); $stmt->execute([ ':tid' => $ticketId, ':price' => $price, ':priceWkd' => $priceWkd, ':day0' => $day0, ':day12' => $day12, ':day37' => $day37, ]); } echo json_encode(['status' => 'ok']); exit; } static public function use_ticket() { global $mdb; $order_id = \S::get('order_id'); $date = date('Y-m-d H:i:s'); $mdb->update('orders', ['used_ticket' => 1, 'used_ticket_date' => $date], ['id' => $order_id]); echo json_encode([ 'useStatus' => true ]); exit; } static public function settings() { $enable_sell = \factory\Apanel::getSetting('enable_sell', '1'); return \Tpl::view('admin-panel/settings', [ 'enable_sell' => $enable_sell ]); } static public function settings_save() { $enable_sell = isset($_POST['enable_sell']) ? '1' : '0'; \factory\Apanel::saveSetting('enable_sell', $enable_sell); echo json_encode(['status' => 'ok']); exit; } static public function calendar() { $token = bin2hex(random_bytes(32)); \S::set_session('admin_calendar_csrf', $token); return \Tpl::view('admin-panel/calendar', [ 'calendar_groups' => \factory\Tickets::getCalendarDefinitions(), 'csrf_token' => $token ]); } static public function calendar_dates() { header('Content-Type: application/json; charset=utf-8'); $groupKey = trim((string) \S::get('ticket_group')); $definitions = \factory\Tickets::getCalendarDefinitions(); if (!isset($definitions[$groupKey])) { echo json_encode(['status' => 'error', 'message' => 'Niepoprawny rodzaj biletu.']); exit; } $dates = \factory\Tickets::getEnabledDatesByGroup($groupKey); echo json_encode([ 'status' => 'ok', 'enabled_dates' => $dates ]); exit; } static public function calendar_save() { header('Content-Type: application/json; charset=utf-8'); $sessionToken = (string) \S::get_session('admin_calendar_csrf'); $requestToken = trim((string) \S::get('csrf_token')); if (empty($sessionToken) || empty($requestToken) || !hash_equals($sessionToken, $requestToken)) { echo json_encode(['status' => 'error', 'message' => 'Niepoprawny token CSRF.']); exit; } $groupKey = trim((string) \S::get('ticket_group')); $definitions = \factory\Tickets::getCalendarDefinitions(); if (!isset($definitions[$groupKey])) { echo json_encode(['status' => 'error', 'message' => 'Niepoprawny rodzaj biletu.']); exit; } $dates = $_POST['dates'] ?? []; if (!is_array($dates)) { $dates = []; } $saved = \factory\Tickets::saveEnabledDatesForGroup($groupKey, $dates); if (!$saved) { echo json_encode(['status' => 'error', 'message' => 'Nie udało się zapisać kalendarza.']); exit; } echo json_encode(['status' => 'ok']); exit; } }