thomas
/
Newwebshop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
Newwebshop/app/Admin/controllers/AdminCustomerController.php

372 lines
12 KiB
PHP
Raw Permalink Blame History

<?php
/**
* Copyright seit 2024 Webshop System
*
* Admin-Kunden-Controller für das Webshop-System
*
* @author Webshop System
* @license GPL v3
*/
namespace App\Admin\Controllers;
use Doctrine\DBAL\DriverManager;
use Doctrine\DBAL\Exception;
class AdminCustomerController
{
public function index()
{
// Session prüfen
session_start();
if (!isset($_SESSION['admin_user_id'])) {
header('Location: /admin/login');
exit;
}
// DB-Verbindung herstellen
$connectionParams = [
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
'host' => getenv('DB_HOST') ?: 'db',
'driver' => 'pdo_mysql',
'port' => getenv('DB_PORT') ?: 3306,
'charset' => 'utf8mb4',
];
try {
$conn = DriverManager::getConnection($connectionParams);
// Kunden laden (nur Nicht-Admins)
$stmt = $conn->prepare('
SELECT u.*,
COUNT(o.id) as order_count,
SUM(o.total) as total_spent
FROM ws_user u
LEFT JOIN ws_order o ON u.id = o.user_id
WHERE u.is_admin = 0
GROUP BY u.id
ORDER BY u.created_at DESC
');
$stmt->execute();
$customers = [];
while ($row = $stmt->fetchAssociative()) {
$customers[] = $row;
}
$this->render('admin/customers/index.html.twig', [
'title' => 'Webshop Admin - Kunden',
'user_name' => $_SESSION['admin_user_name'],
'customers' => $customers
]);
} catch (Exception $e) {
$this->render('admin/customers/index.html.twig', [
'title' => 'Webshop Admin - Kunden',
'user_name' => $_SESSION['admin_user_name'],
'customers' => [],
'error' => 'Datenbankfehler: ' . $e->getMessage()
]);
}
}
public function show($id)
{
// Session prüfen
session_start();
if (!isset($_SESSION['admin_user_id'])) {
header('Location: /admin/login');
exit;
}
// DB-Verbindung herstellen
$connectionParams = [
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
'host' => getenv('DB_HOST') ?: 'db',
'driver' => 'pdo_mysql',
'port' => getenv('DB_PORT') ?: 3306,
'charset' => 'utf8mb4',
];
try {
$conn = DriverManager::getConnection($connectionParams);
// Kunde laden
$stmt = $conn->prepare('SELECT * FROM ws_user WHERE id = ? AND is_admin = 0');
$stmt->execute([$id]);
$customer = $stmt->fetchAssociative();
if (!$customer) {
header('Location: /admin/customers?error=Kunde nicht gefunden');
exit;
}
// Bestellungen des Kunden laden
$stmt = $conn->prepare('
SELECT o.*,
COUNT(op.product_id) as item_count
FROM ws_order o
LEFT JOIN ws_order_product op ON o.id = op.order_id
WHERE o.user_id = ?
GROUP BY o.id
ORDER BY o.created_at DESC
');
$stmt->execute([$id]);
$orders = [];
while ($row = $stmt->fetchAssociative()) {
$orders[] = $row;
}
$this->render('admin/customers/show.html.twig', [
'title' => 'Webshop Admin - Kunde Details',
'user_name' => $_SESSION['admin_user_name'],
'customer' => $customer,
'orders' => $orders
]);
} catch (Exception $e) {
header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
exit;
}
}
public function create()
{
// Session prüfen
session_start();
if (!isset($_SESSION['admin_user_id'])) {
header('Location: /admin/login');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$this->store();
return;
}
$this->render('admin/customers/create.html.twig', [
'title' => 'Webshop Admin - Neuer Kunde',
'user_name' => $_SESSION['admin_user_name']
]);
}
private function store()
{
$email = $_POST['email'] ?? '';
$firstname = $_POST['firstname'] ?? '';
$lastname = $_POST['lastname'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($email) || empty($firstname) || empty($lastname)) {
header('Location: /admin/customers/create?error=Fehlende Pflichtfelder');
exit;
}
// Passwort hashen falls angegeben
$hashedPassword = '';
if (!empty($password)) {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
}
$connectionParams = [
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
'host' => getenv('DB_HOST') ?: 'db',
'driver' => 'pdo_mysql',
'port' => getenv('DB_PORT') ?: 3306,
'charset' => 'utf8mb4',
];
try {
$conn = DriverManager::getConnection($connectionParams);
// Prüfen ob E-Mail bereits existiert
$stmt = $conn->prepare('SELECT id FROM ws_user WHERE email = ?');
$stmt->execute([$email]);
if ($stmt->fetchAssociative()) {
header('Location: /admin/customers/create?error=E-Mail bereits vergeben');
exit;
}
$stmt = $conn->prepare('
INSERT INTO ws_user (email, firstname, lastname, password, is_admin)
VALUES (?, ?, ?, ?, 0)
');
$stmt->execute([$email, $firstname, $lastname, $hashedPassword]);
header('Location: /admin/customers?success=Kunde erfolgreich erstellt');
exit;
} catch (Exception $e) {
header('Location: /admin/customers/create?error=Datenbankfehler: ' . $e->getMessage());
exit;
}
}
public function edit($id)
{
// Session prüfen
session_start();
if (!isset($_SESSION['admin_user_id'])) {
header('Location: /admin/login');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$this->update($id);
return;
}
$connectionParams = [
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
'host' => getenv('DB_HOST') ?: 'db',
'driver' => 'pdo_mysql',
'port' => getenv('DB_PORT') ?: 3306,
'charset' => 'utf8mb4',
];
try {
$conn = DriverManager::getConnection($connectionParams);
// Kunde laden
$stmt = $conn->prepare('SELECT * FROM ws_user WHERE id = ? AND is_admin = 0');
$stmt->execute([$id]);
$customer = $stmt->fetchAssociative();
if (!$customer) {
header('Location: /admin/customers?error=Kunde nicht gefunden');
exit;
}
$this->render('admin/customers/edit.html.twig', [
'title' => 'Webshop Admin - Kunde bearbeiten',
'user_name' => $_SESSION['admin_user_name'],
'customer' => $customer
]);
} catch (Exception $e) {
header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
exit;
}
}
private function update($id)
{
$email = $_POST['email'] ?? '';
$firstname = $_POST['firstname'] ?? '';
$lastname = $_POST['lastname'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($email) || empty($firstname) || empty($lastname)) {
header('Location: /admin/customers/edit/' . $id . '?error=Fehlende Pflichtfelder');
exit;
}
$connectionParams = [
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
'host' => getenv('DB_HOST') ?: 'db',
'driver' => 'pdo_mysql',
'port' => getenv('DB_PORT') ?: 3306,
'charset' => 'utf8mb4',
];
try {
$conn = DriverManager::getConnection($connectionParams);
// Prüfen ob E-Mail bereits existiert (außer bei diesem Kunden)
$stmt = $conn->prepare('SELECT id FROM ws_user WHERE email = ? AND id != ?');
$stmt->execute([$email, $id]);
if ($stmt->fetchAssociative()) {
header('Location: /admin/customers/edit/' . $id . '?error=E-Mail bereits vergeben');
exit;
}
if (!empty($password)) {
// Passwort aktualisieren
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmt = $conn->prepare('
UPDATE ws_user
SET email = ?, firstname = ?, lastname = ?, password = ?
WHERE id = ?
');
$stmt->execute([$email, $firstname, $lastname, $hashedPassword, $id]);
} else {
// Nur Daten aktualisieren
$stmt = $conn->prepare('
UPDATE ws_user
SET email = ?, firstname = ?, lastname = ?
WHERE id = ?
');
$stmt->execute([$email, $firstname, $lastname, $id]);
}
header('Location: /admin/customers?success=Kunde erfolgreich aktualisiert');
exit;
} catch (Exception $e) {
header('Location: /admin/customers/edit/' . $id . '?error=Datenbankfehler: ' . $e->getMessage());
exit;
}
}
public function delete($id)
{
// Session prüfen
session_start();
if (!isset($_SESSION['admin_user_id'])) {
header('Location: /admin/login');
exit;
}
$connectionParams = [
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
'host' => getenv('DB_HOST') ?: 'db',
'driver' => 'pdo_mysql',
'port' => getenv('DB_PORT') ?: 3306,
'charset' => 'utf8mb4',
];
try {
$conn = DriverManager::getConnection($connectionParams);
// Prüfen ob Kunde Bestellungen hat
$stmt = $conn->prepare('SELECT COUNT(*) as count FROM ws_order WHERE user_id = ?');
$stmt->execute([$id]);
$orderCount = $stmt->fetchAssociative()['count'];
if ($orderCount > 0) {
header('Location: /admin/customers?error=Kunde kann nicht gelöscht werden, da Bestellungen vorhanden sind');
exit;
}
$stmt = $conn->prepare('DELETE FROM ws_user WHERE id = ? AND is_admin = 0');
$stmt->execute([$id]);
header('Location: /admin/customers?success=Kunde erfolgreich gelöscht');
exit;
} catch (Exception $e) {
header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
exit;
}
}
protected function render($template, $data = [])
{
// Einfache Template-Engine (später durch Twig ersetzen)
extract($data);
include __DIR__ . '/../../templates/' . $template;
}
}
Reference in New Issue View Git Blame Copy Permalink