372 lines
12 KiB
PHP
372 lines
12 KiB
PHP
<?php
|
|
/**
|
|
* Copyright seit 2024 Webshop System
|
|
*
|
|
* Admin-Kunden-Controller für das Webshop-System
|
|
*
|
|
* @author Webshop System
|
|
* @license GPL v3
|
|
*/
|
|
|
|
namespace App\Admin\Controllers;
|
|
|
|
use Doctrine\DBAL\DriverManager;
|
|
use Doctrine\DBAL\Exception;
|
|
|
|
class AdminCustomerController
|
|
{
|
|
public function index()
|
|
{
|
|
// Session prüfen
|
|
session_start();
|
|
if (!isset($_SESSION['admin_user_id'])) {
|
|
header('Location: /admin/login');
|
|
exit;
|
|
}
|
|
|
|
// DB-Verbindung herstellen
|
|
$connectionParams = [
|
|
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
|
|
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
|
|
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
|
|
'host' => getenv('DB_HOST') ?: 'db',
|
|
'driver' => 'pdo_mysql',
|
|
'port' => getenv('DB_PORT') ?: 3306,
|
|
'charset' => 'utf8mb4',
|
|
];
|
|
|
|
try {
|
|
$conn = DriverManager::getConnection($connectionParams);
|
|
|
|
// Kunden laden (nur Nicht-Admins)
|
|
$stmt = $conn->prepare('
|
|
SELECT u.*,
|
|
COUNT(o.id) as order_count,
|
|
SUM(o.total) as total_spent
|
|
FROM ws_user u
|
|
LEFT JOIN ws_order o ON u.id = o.user_id
|
|
WHERE u.is_admin = 0
|
|
GROUP BY u.id
|
|
ORDER BY u.created_at DESC
|
|
');
|
|
$stmt->execute();
|
|
|
|
$customers = [];
|
|
while ($row = $stmt->fetchAssociative()) {
|
|
$customers[] = $row;
|
|
}
|
|
|
|
$this->render('admin/customers/index.html.twig', [
|
|
'title' => 'Webshop Admin - Kunden',
|
|
'user_name' => $_SESSION['admin_user_name'],
|
|
'customers' => $customers
|
|
]);
|
|
|
|
} catch (Exception $e) {
|
|
$this->render('admin/customers/index.html.twig', [
|
|
'title' => 'Webshop Admin - Kunden',
|
|
'user_name' => $_SESSION['admin_user_name'],
|
|
'customers' => [],
|
|
'error' => 'Datenbankfehler: ' . $e->getMessage()
|
|
]);
|
|
}
|
|
}
|
|
|
|
public function show($id)
|
|
{
|
|
// Session prüfen
|
|
session_start();
|
|
if (!isset($_SESSION['admin_user_id'])) {
|
|
header('Location: /admin/login');
|
|
exit;
|
|
}
|
|
|
|
// DB-Verbindung herstellen
|
|
$connectionParams = [
|
|
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
|
|
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
|
|
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
|
|
'host' => getenv('DB_HOST') ?: 'db',
|
|
'driver' => 'pdo_mysql',
|
|
'port' => getenv('DB_PORT') ?: 3306,
|
|
'charset' => 'utf8mb4',
|
|
];
|
|
|
|
try {
|
|
$conn = DriverManager::getConnection($connectionParams);
|
|
|
|
// Kunde laden
|
|
$stmt = $conn->prepare('SELECT * FROM ws_user WHERE id = ? AND is_admin = 0');
|
|
$stmt->execute([$id]);
|
|
$customer = $stmt->fetchAssociative();
|
|
|
|
if (!$customer) {
|
|
header('Location: /admin/customers?error=Kunde nicht gefunden');
|
|
exit;
|
|
}
|
|
|
|
// Bestellungen des Kunden laden
|
|
$stmt = $conn->prepare('
|
|
SELECT o.*,
|
|
COUNT(op.product_id) as item_count
|
|
FROM ws_order o
|
|
LEFT JOIN ws_order_product op ON o.id = op.order_id
|
|
WHERE o.user_id = ?
|
|
GROUP BY o.id
|
|
ORDER BY o.created_at DESC
|
|
');
|
|
$stmt->execute([$id]);
|
|
|
|
$orders = [];
|
|
while ($row = $stmt->fetchAssociative()) {
|
|
$orders[] = $row;
|
|
}
|
|
|
|
$this->render('admin/customers/show.html.twig', [
|
|
'title' => 'Webshop Admin - Kunde Details',
|
|
'user_name' => $_SESSION['admin_user_name'],
|
|
'customer' => $customer,
|
|
'orders' => $orders
|
|
]);
|
|
|
|
} catch (Exception $e) {
|
|
header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
|
|
exit;
|
|
}
|
|
}
|
|
|
|
public function create()
|
|
{
|
|
// Session prüfen
|
|
session_start();
|
|
if (!isset($_SESSION['admin_user_id'])) {
|
|
header('Location: /admin/login');
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$this->store();
|
|
return;
|
|
}
|
|
|
|
$this->render('admin/customers/create.html.twig', [
|
|
'title' => 'Webshop Admin - Neuer Kunde',
|
|
'user_name' => $_SESSION['admin_user_name']
|
|
]);
|
|
}
|
|
|
|
private function store()
|
|
{
|
|
$email = $_POST['email'] ?? '';
|
|
$firstname = $_POST['firstname'] ?? '';
|
|
$lastname = $_POST['lastname'] ?? '';
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
if (empty($email) || empty($firstname) || empty($lastname)) {
|
|
header('Location: /admin/customers/create?error=Fehlende Pflichtfelder');
|
|
exit;
|
|
}
|
|
|
|
// Passwort hashen falls angegeben
|
|
$hashedPassword = '';
|
|
if (!empty($password)) {
|
|
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
|
}
|
|
|
|
$connectionParams = [
|
|
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
|
|
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
|
|
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
|
|
'host' => getenv('DB_HOST') ?: 'db',
|
|
'driver' => 'pdo_mysql',
|
|
'port' => getenv('DB_PORT') ?: 3306,
|
|
'charset' => 'utf8mb4',
|
|
];
|
|
|
|
try {
|
|
$conn = DriverManager::getConnection($connectionParams);
|
|
|
|
// Prüfen ob E-Mail bereits existiert
|
|
$stmt = $conn->prepare('SELECT id FROM ws_user WHERE email = ?');
|
|
$stmt->execute([$email]);
|
|
if ($stmt->fetchAssociative()) {
|
|
header('Location: /admin/customers/create?error=E-Mail bereits vergeben');
|
|
exit;
|
|
}
|
|
|
|
$stmt = $conn->prepare('
|
|
INSERT INTO ws_user (email, firstname, lastname, password, is_admin)
|
|
VALUES (?, ?, ?, ?, 0)
|
|
');
|
|
$stmt->execute([$email, $firstname, $lastname, $hashedPassword]);
|
|
|
|
header('Location: /admin/customers?success=Kunde erfolgreich erstellt');
|
|
exit;
|
|
|
|
} catch (Exception $e) {
|
|
header('Location: /admin/customers/create?error=Datenbankfehler: ' . $e->getMessage());
|
|
exit;
|
|
}
|
|
}
|
|
|
|
public function edit($id)
|
|
{
|
|
// Session prüfen
|
|
session_start();
|
|
if (!isset($_SESSION['admin_user_id'])) {
|
|
header('Location: /admin/login');
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$this->update($id);
|
|
return;
|
|
}
|
|
|
|
$connectionParams = [
|
|
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
|
|
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
|
|
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
|
|
'host' => getenv('DB_HOST') ?: 'db',
|
|
'driver' => 'pdo_mysql',
|
|
'port' => getenv('DB_PORT') ?: 3306,
|
|
'charset' => 'utf8mb4',
|
|
];
|
|
|
|
try {
|
|
$conn = DriverManager::getConnection($connectionParams);
|
|
|
|
// Kunde laden
|
|
$stmt = $conn->prepare('SELECT * FROM ws_user WHERE id = ? AND is_admin = 0');
|
|
$stmt->execute([$id]);
|
|
$customer = $stmt->fetchAssociative();
|
|
|
|
if (!$customer) {
|
|
header('Location: /admin/customers?error=Kunde nicht gefunden');
|
|
exit;
|
|
}
|
|
|
|
$this->render('admin/customers/edit.html.twig', [
|
|
'title' => 'Webshop Admin - Kunde bearbeiten',
|
|
'user_name' => $_SESSION['admin_user_name'],
|
|
'customer' => $customer
|
|
]);
|
|
|
|
} catch (Exception $e) {
|
|
header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
|
|
exit;
|
|
}
|
|
}
|
|
|
|
private function update($id)
|
|
{
|
|
$email = $_POST['email'] ?? '';
|
|
$firstname = $_POST['firstname'] ?? '';
|
|
$lastname = $_POST['lastname'] ?? '';
|
|
$password = $_POST['password'] ?? '';
|
|
|
|
if (empty($email) || empty($firstname) || empty($lastname)) {
|
|
header('Location: /admin/customers/edit/' . $id . '?error=Fehlende Pflichtfelder');
|
|
exit;
|
|
}
|
|
|
|
$connectionParams = [
|
|
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
|
|
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
|
|
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
|
|
'host' => getenv('DB_HOST') ?: 'db',
|
|
'driver' => 'pdo_mysql',
|
|
'port' => getenv('DB_PORT') ?: 3306,
|
|
'charset' => 'utf8mb4',
|
|
];
|
|
|
|
try {
|
|
$conn = DriverManager::getConnection($connectionParams);
|
|
|
|
// Prüfen ob E-Mail bereits existiert (außer bei diesem Kunden)
|
|
$stmt = $conn->prepare('SELECT id FROM ws_user WHERE email = ? AND id != ?');
|
|
$stmt->execute([$email, $id]);
|
|
if ($stmt->fetchAssociative()) {
|
|
header('Location: /admin/customers/edit/' . $id . '?error=E-Mail bereits vergeben');
|
|
exit;
|
|
}
|
|
|
|
if (!empty($password)) {
|
|
// Passwort aktualisieren
|
|
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
|
$stmt = $conn->prepare('
|
|
UPDATE ws_user
|
|
SET email = ?, firstname = ?, lastname = ?, password = ?
|
|
WHERE id = ?
|
|
');
|
|
$stmt->execute([$email, $firstname, $lastname, $hashedPassword, $id]);
|
|
} else {
|
|
// Nur Daten aktualisieren
|
|
$stmt = $conn->prepare('
|
|
UPDATE ws_user
|
|
SET email = ?, firstname = ?, lastname = ?
|
|
WHERE id = ?
|
|
');
|
|
$stmt->execute([$email, $firstname, $lastname, $id]);
|
|
}
|
|
|
|
header('Location: /admin/customers?success=Kunde erfolgreich aktualisiert');
|
|
exit;
|
|
|
|
} catch (Exception $e) {
|
|
header('Location: /admin/customers/edit/' . $id . '?error=Datenbankfehler: ' . $e->getMessage());
|
|
exit;
|
|
}
|
|
}
|
|
|
|
public function delete($id)
|
|
{
|
|
// Session prüfen
|
|
session_start();
|
|
if (!isset($_SESSION['admin_user_id'])) {
|
|
header('Location: /admin/login');
|
|
exit;
|
|
}
|
|
|
|
$connectionParams = [
|
|
'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
|
|
'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
|
|
'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
|
|
'host' => getenv('DB_HOST') ?: 'db',
|
|
'driver' => 'pdo_mysql',
|
|
'port' => getenv('DB_PORT') ?: 3306,
|
|
'charset' => 'utf8mb4',
|
|
];
|
|
|
|
try {
|
|
$conn = DriverManager::getConnection($connectionParams);
|
|
|
|
// Prüfen ob Kunde Bestellungen hat
|
|
$stmt = $conn->prepare('SELECT COUNT(*) as count FROM ws_order WHERE user_id = ?');
|
|
$stmt->execute([$id]);
|
|
$orderCount = $stmt->fetchAssociative()['count'];
|
|
|
|
if ($orderCount > 0) {
|
|
header('Location: /admin/customers?error=Kunde kann nicht gelöscht werden, da Bestellungen vorhanden sind');
|
|
exit;
|
|
}
|
|
|
|
$stmt = $conn->prepare('DELETE FROM ws_user WHERE id = ? AND is_admin = 0');
|
|
$stmt->execute([$id]);
|
|
|
|
header('Location: /admin/customers?success=Kunde erfolgreich gelöscht');
|
|
exit;
|
|
|
|
} catch (Exception $e) {
|
|
header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
|
|
exit;
|
|
}
|
|
}
|
|
|
|
protected function render($template, $data = [])
|
|
{
|
|
// Einfache Template-Engine (später durch Twig ersetzen)
|
|
extract($data);
|
|
include __DIR__ . '/../../templates/' . $template;
|
|
}
|
|
}
|