Build a shopping cart with php part-3

ADMINISTRATOR PAGES

After completing shopping cart part1 and part2, In this tutorial we’ll learn shopping cart administration, The administration side of the shopping cart is very simple. The primary function for the admin is to view and confirm completed orders. When an order has been confirmed, the administrator has successfully sent out the product.

The first step is to provide an administrator login. Create a new file called adminlogin.phpand add the following code:

<?php

session_start();

require("config.php");

if(isset($_SESSION['SESS_ADMINLOGGEDIN']) == TRUE) {

header("Location: " . $config_basedir);

}

if($_POST['submit'])

{

$loginsql = "SELECT * FROM admin WHERE username = '" . $_POST['userBox'] . "' AND password = '" . sha1($_POST['passBox']). "'";

$loginres = mysql_query($loginsql) or die(mysql_error());

$numrows = mysql_num_rows($loginres);

if($numrows == 1)

{

$loginrow = mysql_fetch_assoc($loginres);

session_register("SESS_ADMINLOGGEDIN");

$_SESSION['SESS_ADMINLOGGEDIN'] = 1;

header("Location: " . $config_basedir . "adminorders.php");

}

else

{

header("Location: " . $config_basedir . "adminlogin.php?error=1");

}

}

else

{

require("header.php");

echo "<h1>Admin Login</h1>";

if(@$_GET['error'] == 1) {

echo "<strong>Incorrect username/password!</strong>";

}

?>

<p>

<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="POST">

<table>

<tr>

<td>Username</td>

<td><input type="textbox" name="userBox">

</tr>

<tr>

<td>Password</td>

<td><input type="password" name="passBox">

</tr>

<tr>

<td></td>

<td><input type="submit" name="submit" value="Log in">

</tr>

</table>

</form>

<?php

}

require("footer.php");

?>

Much of this code should look familiar to you. When the admin has successfully logged in, the SESS_ADMINLOGGEDIN variable is created.

Logging Out the Administrator

To log out the administrator, create a file called adminlogout.phpand add the following code:

<?php

session_start();

require("config.php");

session_unregister("SESS_ADMINLOGGEDIN");

header("Location: " . $config_basedir);

?>

As with the normal user logout, you unregister the variable—as opposed to destroying the entire session. This prevents against the administrator being logged out completely when logged in as both an admin and a user.

Managing Completed Orders

The main administrator page shows the list of completed orders. The purpose of this page is to enable an admin to see which orders need products mailed. The admin can then create the package and confirm the order after it has been mailed.

This page is fairly straightforward; it simply outputs data from some tables. The script has two primary states: either displaying orders or confirming them. The default page displays the orders. If you pass the page func=conf GET variable and the order number, the order will be confirmed.

Create a new file called adminorders.php and write following code:

<?php

session_start();

require("config.php");

require("functions.php");

if(isset($_SESSION['SESS_ADMINLOGGEDIN']) == FALSE) {

header("Location: " . $config_basedir);

}

if(isset($_GET['func']) == TRUE) {

if($_GET['func'] != "conf") {

header("Location: " . $config_basedir);

}

$validid = pf_validate_number($_GET['id'],"redirect", $config_basedir);

$funcsql = "UPDATE orders SET status = 10 WHERE id = " . $_GET['id'];

mysql_query($funcsql);

header("Location: " . $config_basedir . "adminorders.php");

}

else {

require("header.php");

echo "<h1>Outstanding orders</h1>";

$orderssql = "SELECT * FROM orders WHERE status = 2";

$ordersres = mysql_query($orderssql);

$numrows = mysql_num_rows($ordersres);

if($numrows == 0)

{

echo "<strong>No orders</strong>";

}

else

{

echo "<table cellspacing=10>";

while($row = mysql_fetch_assoc($ordersres))

{

echo "<tr>";

echo "<td>[<a href='adminorderdetails.php?id=" . $row['id']. "'>View</a>]</td>";

echo "<td>". date("D jS F Y g.iA", strtotime($row['date'])). "</td>";

echo "<td>";

if($row['registered'] == 1)

{

echo "Registered Customer";

}

else

{

echo "Non-Registered Customer";

}

echo "</td>";

echo "<td>&pound;" . sprintf('%.2f',

$row['total']) . "</td>";

echo "<td>";

if($row['payment_type'] == 1)

{

echo "PayPal";

}

else

{

echo "Cheque";

}

echo "</td>";

echo "<td><a href='adminorders.php?func=conf&id=" . $row['id']. "'>Confirm Payment</a></td>";

echo "</tr>";

}

echo "</table>";

}

}

require("footer.php");

?>

 

Now below we explainthe code:

<?php

session_start();

require("config.php");

require("functions.php");

if(isset($_SESSION['SESS_ADMINLOGGEDIN']) == FALSE) {

header("Location: " . $config_basedir);

}

After the usual introductory code, make a check to see if the func GET variable exists:

}

if(isset($_GET['func']) == TRUE) {

if($_GET['func'] != "conf") {

header("Location: " . $config_basedir);

}

$validid = pf_validate_number($_GET['id'],"redirect", $config_basedir);

$funcsql = "UPDATE orders SET status = 10 WHERE id = " . $_GET['id'];

mysql_query($funcsql);

header("Location: " . $config_basedir . "adminorders.php");

}

If the func GET variable exists, the page redirects when the variable is set to anything other than conf; this prevents against a SQL injection attack. Next, the id GET variable is validated. The order is finally confirmed by updating the orderstable and setting the status field to 10.

The page then redirects to the orders summary.

If no func GET variable exists, set the page to display completed orders:

else {

require("header.php");

echo "<h1>Outstanding orders</h1>";

$orderssql = "SELECT * FROM orders WHERE status = 2";

$ordersres = mysql_query($orderssql);

$numrows = mysql_num_rows($ordersres);

if($numrows == 0)

{

echo "<strong>No orders</strong>";

}

else

{

echo "<table cellspacing=10>";

while($row = mysql_fetch_assoc($ordersres))

{

echo "<tr>";

echo "<td>[<a href='adminorderdetails.php?id=" . $row['id']. "'>View</a>]</td>";

echo "<td>". date("D jS F Y g.iA", strtotime($row['date'])). "</td>";

echo "<td>";

if($row['registered'] == 1)

{

echo "Registered Customer";

}

else

{

echo "Non-Registered Customer";

}

echo "</td>";

echo "<td>&pound;" . sprintf('%.2f',

$row['total']) . "</td>";

echo "<td>";

if($row['payment_type'] == 1)

{

echo "PayPal";

}

else

{

echo "Cheque";

}

echo "</td>";

echo "<td><a href='adminorders.php?func=conf&id=" . $row['id']. "'>Confirm Payment</a></td>";

echo "</tr>";

}

echo "</table>";

}

}

require("footer.php");

?>

If all went well, the completed orders summary should look similar to the page shown Figure 6-9.

Managing Completed Orders

FIGURE 6-9 The outstanding orders page provides a simple means of viewing orders that need products sent out.

Viewing a Specific Order

For the administrator to get the postal address for a particular order, she needs to view the specific details for the order. This next page lists the order information (order number, address, products purchased, payment method, and so on).

Create a new file called adminorderdetails.phpand add the following code:

<?php

session_start();

require("config.php");

require("functions.php");

if(isset($_SESSION['SESS_ADMINLOGGEDIN']) == FALSE) {

header("Location: " . $basedir);

}

$validid = pf_validate_number($_GET['id'],"redirect", $config_basedir . "adminorders.php");

require("header.php");

echo "<h1>Order Details</h1>";

echo "<a href='adminorders.php'><— go back to the main orders screen</a>";

$ordsql = "SELECT * from orders WHERE id = " . $validid;

$ordres = mysql_query($ordsql);

$ordrow = mysql_fetch_assoc($ordres);

echo "<table cellpadding=10>";

echo "<tr><td><strong>Order Number</strong></td><td>" . $ordrow['id'] . "</td>";

echo "<tr><td><strong>Date of order</strong></td><td>" . date('D jS F Y g.iA',strtotime($ordrow['date'])) . "</td>";

echo "<tr><td><strong>Payment Type</strong></td><td>";

if($ordrow['payment_type'] == 1)

{

echo "PayPal";

}

else

{

echo "Cheque";

}

echo "</td>";

echo "</table>";

if($ordrow['delivery_add_id'] == 0)

{

$addsql = "SELECT * FROM customers WHERE id = " . $ordrow['customer_id'];

$addres = mysql_query($addsql);

}

else

{

$addsql = "SELECT * FROM delivery_addresses WHERE id = " . $ordrow['delivery_add_id'];

$addres = mysql_query($addsql);

}

$addrow = mysql_fetch_assoc($addres);

echo "<table cellpadding=10>";

echo "<tr>";

echo "<td><strong>Address</strong></td>";

echo "<td>" . $addrow['forename'] . " ". $addrow['surname'] . "<br>";

echo $addrow['add1'] . "<br>";

echo $addrow['add2'] . "<br>";

echo $addrow['add3'] . "<br>";

echo $addrow['postcode'] . "<br>";

echo "<br>";

if($ordrow['delivery_add_id'] == 0)

{

echo "<i>Address from member account</i>";

}

else

{

echo "<i>Different delivery address</i>";

}

echo "</td></tr>";

echo "<tr><td><strong>Phone</strong></td><td>". $addrow['phone'] . "</td></tr>";

echo "<tr><td><strong>Email</strong></td><td><a href='mailto:" . $addrow['email'] . "'>". $addrow['email'] . "</a></td></tr>";

echo "</table>";

$itemssql = "SELECT products.*, orderitems.*,orderitems.id AS itemid FROM products, orderitems WHERE orderitems.product_id = products.id AND order_id = " . $validid;

$itemsres = mysql_query($itemssql);

$itemnumrows = mysql_num_rows($itemsres);

echo "<h1>Products Purchased</h1>";

echo "<table cellpadding=10>";

echo "<th></th>";

echo "<th>Product</th>";

echo "<th>Quantity</th>";

echo "<th>Price</th>";

echo "<th>Total</th>";

while($itemsrow = mysql_fetch_assoc($itemsres))

{

$quantitytotal = $itemsrow['price']* $itemsrow['quantity'];

echo "<tr>";

if(empty($itemsrow['image'])) {

echo "<td><img src='./productimages/dummy.jpg' width='50' alt='". $itemsrow['name'] . "'></td>";

}

else {

echo "<td><img src='./productimages/". $itemsrow['image'] . "' width='50' alt='". $itemsrow['name'] . "'></td>";

}

echo "<td>" . $itemsrow['name'] . "</td>";

echo "<td>" . $itemsrow['quantity'] . " x </td>";

echo "<td><strong>&pound;" . sprintf('%.2f',$itemsrow['price']) . "</strong></td>";

echo "<td><strong>&pound;" . sprintf('%.2f',$quantitytotal) . "</strong></td>";

echo "</tr>";

@$total = $total + $quantitytotal;

}

echo "<tr>";

echo "<td></td>";

echo "<td></td>";

echo "<td></td>";

echo "<td>TOTAL</td>";

echo "<td><strong>&pound;" . sprintf('%.2f', $total). "</strong></td>";

echo "</tr>";

echo "</table>";

require("footer.php");

?>

This code should look familiar you to you; it simply displays details from the orders, orderitems, and delivery_addressestables.

The completed page should look like the one shown in Figure 6-10.

Viewing a Specific Order using php

Hi, My name is Masud Alam, love to work with Open Source Technologies, living in Dhaka, Bangladesh. I graduated in 2009 with a bachelor’s degree in Engineering from State University Of Bangladesh, I’m also a Certified Engineer on ZEND PHP 5.3, I served my first five years a number of leadership positions at Winux Soft Ltd, SSL Wireless Ltd, CIDA and MAX Group where I worked on ERP software and web development., but now i’m a co-founder and Chief Executive Officer and Managing Director of TechBeeo Software Consultancy Services Ltd. I’m also a Course Instructor of ZCPE PHP 7 Certification and professional web development course at w3programmers Training Institute – a leading Training Institute in the country.
24 comments on “Build a shopping cart with php part-3
  1. Hi

    This looks exactly what I am after but following the tutorial I am missing register.php and its not on any of the 3 pages. ?

    Most pages will not open due to some error (I think its down to some php error )

    I click on either of the categories and it just takes me to a blank white page. When I look at the source code there is nothing there and the page is just blank.

    This is not the only page the links dont work with. The same happens when I click on View basket the same happens.

    Also is there any chance we can download the tutorial ?

    Are the above issues down to php versions ?

    Thanks

    Martyn

  2. HI i cannot t find the file called register.php from the one you have uploaded as source code of this program can please send it to me

  3. Masud Alam,
    I have suggestion for you.
    please provide project source code and running demo with every tutorial.

    It’s helpfull and more effective for new comer learner

  4. Can i use this code for my website .. very hard for me to understand.. pending at my registered new address customers still error but not all have problem.

    Thank you

  5. Thanks so much for the tutorial…it is really helpful..if am to upload my products direct from the admin..how am I going to do it? and also adding more to the category lists..
    .can u please sir explain the script to me sir

  6. It is in reality a great and useful piece of information. I am satisfied that you shared this useful info with us.

    Please stay us informed like this. Thanks for sharing.

Leave a Reply

Your email address will not be published. Required fields are marked *