Сообщения diman.dimanchik | Рыболовный форум

diman.dimanchik

admin.php
<?php
include 'db.php';

if (!isset($_SESSION['admin'])) {
header("Location: login.php");
exit;
}

if (isset($_GET['delete'])) {
$id = intval($_GET['delete']);
mysqli_query($db, "DELETE FROM orders WHERE id='$id'");
}

$orders = mysqli_query($db, "SELECT orders.*, users.fio FROM orders JOIN users ON orders.user_id=users.id");
?>

<!DOCTYPE html>
<html>
<head>
<title>Панель администратора</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="nav">
<a href="index.php">Главная</a>
<a href="logout.php">Выход</a>
</div>

<h1>Панель администратора</h1>
<table class="table">
<thead>
<tr>
<th>ID</th>
<th>Клиент</th>
<th>Дата</th>
<th>Тип груза</th>
<th>Статус</th>
<th>Действия</th>
</tr>
</thead>
<tbody>
<?php while ($order = mysqli_fetch_assoc($orders)): ?>
<tr>
<td><?= $order['id'] ?></td>
<td><?= $order['fio'] ?></td>
<td><?= date('d.m.Y H:i', strtotime($order['date_time'])) ?></td>
<td><?= $order['type'] ?></td>
<td><?= $order['status'] ?></td>
<td>
<a href="?delete=<?= $order['id'] ?>" style="color: var(--danger);">Удалить</a>
</td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
</body>
</html>

db.php
<?php
$db = mysqli_connect('localhost', 'root', '', 'gruzovozoff');
if (!$db) {
die("Ошибка подключения: " . mysqli_connect_error());
}
mysqli_set_charset($db, 'utf8');
session_start();
?>

index.php
<?php include 'db.php'; ?>
<!DOCTYPE html>
<html>
<head>
<title>Грузовозофф</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="nav">
<a href="index.php">Главная</a>
<?php if(!isset($_SESSION['user_id'])): ?>
<a href="register.php">Регистрация</a>
<a href="login.php">Вход</a>
<?php else: ?>
<a href="orders.php">Мои заявки</a>
<a href="new_order.php">Новая заявка</a>
<a href="logout.php">Выход</a>
<?php endif; ?>
</div>

<h1>Добро пожаловать в Грузовозофф!</h1>
<p>Система заказа грузоперевозок</p>

</body>
</html>

login.php
<?php include 'db.php';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$login = mysqli_real_escape_string($db, $_POST['login']);
$pass = $_POST['pass'];

if ($login == 'admin' && $pass == 'gruzovik2024') {
    $_SESSION['admin'] = true;
    header("Location: admin.php");
    exit;
}

$user = mysqli_query($db, "SELECT * FROM users WHERE login='$login'");
if (mysqli_num_rows($user) == 1) {
    $user = mysqli_fetch_assoc($user);
    if (password_verify($pass, $user['pass'])) {
        $_SESSION['user_id'] = $user['id'];
        header("Location: orders.php");
        exit;
    }
}
$error = "Неверный логин или пароль!";

}
?>

<!DOCTYPE html>
<html>
<head>
<title>Вход</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="nav">
<a href="index.php">На главную</a>
</div>
<h1>Вход</h1>
<?php
if (isset($_GET['success'])) echo "<p class='success'>Регистрация успешна!</p>";
if (isset($error)) echo "<p class='error'>$error</p>";
?>
<form class="form" method="POST">
<input type="text" name="login" placeholder="Логин" required>
<input type="password" name="pass" placeholder="Пароль" required>
<button type="submit">Войти</button>
</form>
<p>Нет аккаунта? <a href="register.php">Зарегистрироваться</a></p>
</body>
</html>

logout.php
<?php
session_start();
session_unset();
session_destroy();
header("Location: login.php");
exit;
?>

new_order.php
<?php
include 'db.php';

if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$date_time = mysqli_real_escape_string($db, $_POST['date_time']);
$weight = mysqli_real_escape_string($db, $_POST['weight']);
$type = mysqli_real_escape_string($db, $_POST['type']);
$from_addr = mysqli_real_escape_string($db, $_POST['from_addr']);
$to_addr = mysqli_real_escape_string($db, $_POST['to_addr']);
$user_id = $_SESSION['user_id'];

$query = "INSERT INTO orders (user_id, date_time, weight, type, from_addr, to_addr, status)
VALUES ('$user_id', '$date_time', '$weight', '$type', '$from_addr', '$to_addr', 'Новая')";

if (mysqli_query($db, $query)) {
$success = "Заявка успешно отправлена!";
} else {
$error = "Ошибка: " . mysqli_error($db);
}
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Новая заявка</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="nav">
<a href="index.php">Главная</a>
<a href="orders.php">Мои заявки</a>
<a href="logout.php">Выход</a>
</div>

<h1>Новая заявка на перевозку</h1>
<?php
if (isset($error)) echo "<p class='error'>$error</p>";
if (isset($success)) echo "<p class='success'>$success</p>";
?>

<form class="form" method="POST">
<input type="datetime-local" name="date_time" required>
<input type="number" name="weight" placeholder="Вес груза (кг)" required>
<select name="type" required>
<option value="" disabled selected>Выберите тип груза</option>
<option value="Хрупкое">Хрупкое</option>
<option value="Скоропортящееся">Скоропортящееся</option>
<option value="Мебель">Мебель</option>
<option value="Животные">Животные</option>
</select>
<input type="text" name="from_addr" placeholder="Адрес отправления" required>
<input type="text" name="to_addr" placeholder="Адрес доставки" required>
<button type="submit">Отправить заявку</button>
</form>
</body>
</html>

orders.php
<?php
include 'db.php';

if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit;
}

$user_id = $_SESSION['user_id'];
$orders = mysqli_query($db, "SELECT * FROM orders WHERE user_id='$user_id' ORDER BY date_time DESC");
?>

<!DOCTYPE html>
<html>
<head>
<title>Мои заявки</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="nav">
<a href="index.php">Главная</a>
<a href="new_order.php">Новая заявка</a>
<a href="logout.php">Выход</a>
</div>

<h1>Мои заявки</h1>
<?php if (mysqli_num_rows($orders) == 0): ?>
<p>У вас пока нет заявок.</p>
<?php else: ?>
<table class="table">
<thead>
<tr>
<th>Дата</th>
<th>Вес (кг)</th>
<th>Тип груза</th>
<th>Откуда</th>
<th>Куда</th>
<th>Статус</th>
</tr>
</thead>
<tbody>
<?php while ($order = mysqli_fetch_assoc($orders)): ?>
<tr>
<td><?= date('d.m.Y H:i', strtotime($order['date_time'])) ?></td>
<td><?= $order['weight'] ?></td>
<td><?= $order['type'] ?></td>
<td><?= $order['from_addr'] ?></td>
<td><?= $order['to_addr'] ?></td>
<td><?= $order['status'] ?></td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
<?php endif; ?>
</body>
</html>

register.php
<?php include 'db.php';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$login = mysqli_real_escape_string($db, $_POST['login']);
$pass = password_hash($_POST['pass'], PASSWORD_DEFAULT);
$fio = mysqli_real_escape_string($db, $_POST['fio']);
$phone = mysqli_real_escape_string($db, $_POST['phone']);
$email = mysqli_real_escape_string($db, $_POST['email']);

$check = mysqli_query($db, "SELECT * FROM users WHERE login='$login'");
if (mysqli_num_rows($check) == 0) {
    mysqli_query($db, "INSERT INTO users (login, pass, fio, phone, email) 
                      VALUES ('$login', '$pass', '$fio', '$phone', '$email')");
    header("Location: login.php?success=1");
} else {
    $error = "Логин уже занят!";
}

}
?>

<!DOCTYPE html>
<html>
<head>
<title>Регистрация</title>
<link rel="stylesheet" href="/css/style.css">
</head>
<body>
<div class="nav">
<a href="index.php">На главную</a>
</div>

<h1>Регистрация</h1>
<?php if (isset($error)) echo "<p class='error'>$error</p>"; ?>

<form class="form" method="POST">
    <input type="text" name="login" placeholder="Логин" required minlength="6">
    <input type="password" name="pass" placeholder="Пароль" required minlength="6">
    <input type="text" name="fio" placeholder="ФИО" required>
    <input type="tel" name="phone" placeholder="Телефон (+7XXX...)" required>
    <input type="email" name="email" placeholder="Email" required>
    <button type="submit">Зарегистрироваться</button>
</form>
<p>Уже есть аккаунт? <a href="login.php">Войти</a></p>

</body>
</html>

SQL:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
login VARCHAR(50) UNIQUE NOT NULL,
pass VARCHAR(255) NOT NULL,
fio VARCHAR(100) NOT NULL,
phone VARCHAR(20) NOT NULL,
email VARCHAR(100) NOT NULL
);

CREATE TABLE orders (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
date_time DATETIME NOT NULL,
weight VARCHAR(20) NOT NULL,
type VARCHAR(50) NOT NULL,
from_addr TEXT NOT NULL,
to_addr TEXT NOT NULL,
status VARCHAR(20) DEFAULT 'Новая'
);

style.css
:root {
--primary: #4361ee;
--dark: #2b2d42;
--light: #f8f9fa;
--success: #4cc9f0;
}

body {
font-family: 'Segoe UI', sans-serif;
max-width: 800px;
margin: 0 auto;
padding: 20px;
background: var(--light);
color: #333;
line-height: 1.5;
}

.nav {
background: var(--dark);
padding: 15px;
margin-bottom: 30px;
border-radius: 8px;
}

.nav a {
color: white;
text-decoration: none;
margin-right: 15px;
font-weight: 500;
}

.nav a:hover {
color: var(--success);
}

.form input,
.form select,
.form button {
width: 100%;
padding: 12px;
margin: 10px 0;
border: 1px solid #ddd;
border-radius: 6px;
font-size: 16px;
}

.form button {
background: var(--primary);
color: white;
border: none;
cursor: pointer;
transition: background 0.3s;
}

.form button:hover {
background: #3a56d4;
}

.table {
width: 100%;
border-collapse: collapse;
margin: 25px 0;
}

.table th {
background: var(--dark);
color: white;
padding: 12px;
text-align: left;
}

.table td {
padding: 10px;
border-bottom: 1px solid #eee;
}

.error, .success {
padding: 10px;
border-radius: 6px;
margin: 15px 0;
}

.error {
color: #d90429;
background: #ffd6d6;
}

.success {
color: #2ec4b6;
background: #e8f9f7;
}