myOrders.php

<?php include('includes/_.php'); check_auth();    /*     * Only the customers can view their offers.     */    if( $_SESSION['access_level'] != 1)        die("<h1>Unauthorized! Only Customers Allowed</h1>"); $_SESSION['view'] = 'Open Orders'; $uid = isset( $_REQUEST['id'] ) ? $_REQUEST['id'] : $_SESSION['user_id'];//A user can only view his offers Not anyone else's if( $_SESSION['access_level'] == 1 && $_SESSION['user_id'] != $uid )     die("Unauthorized!");  get_header(); $custID = $uid;?> <?php /* * Function to display my Orders in a table format returned by the last query. */ function displayResults($db) {            $counter=0;            while($rows = $db->result->fetch_assoc())            {                $counter+=1;                echo"                        <tr align = 'center' id = '$counter' onmouseover = 'changeRowColor(this,true);'                         onmouseout = 'changeRowColor(this,false);' onClick='pageRedirect($counter);'>                            <td>$rows[id]</td>                            <td>$rows[date]</td>                            <td>$rows[type]</td>                            <td>$rows[first_name]</td>                            <td>&nbsp $rows[last_name] &nbsp</td>                            <td>$rows[email]</td>                            </tr>";            } } /* * Function to display headers of the table with information pertaining to a customer's orders */ function myOrders($status,$custID) {  echo                "                <script type='text/javascript'>                            function changeRowColor (Row,State)                            {                                if(State)                                    {                                        Row.style.backgroundColor = '#E0E0E0';                                        Row.style.color = 'Black';                                    }                                else                                    {                                        Row.style.backgroundColor = '#f6f6f6';                                        Row.style.color = 'Black';                                    }                            }                                     function pageRedirect(indexOfRow)                            {                                var order = document.getElementById('ordersTable').rows[indexOfRow].cells[0].innerHTML;                                document.location.href = 'myOrders.php?orderID='+order;                                //  alert(indexOfRow+\"order = \"+order);                            }                                                   </script>                        </head>                        <body>                        <h3>Click to View Order</h3>                        <div id='profileBox'></div>                        <form action='$PHP_SELF' method='POST'>                            <table  align='center' id='ordersTable' class='profile_sect'>                                <tr align = 'center'>                                    <th> &nbsp &nbsp Order ID &nbsp &nbsp </th>                                    <th> &nbsp &nbsp Order Date &nbsp &nbsp </th>                                    <th> &nbsp &nbsp Order Type &nbsp &nbsp </th>                                    <th> &nbsp &nbsp Employee First Name &nbsp &nbsp </th>                                    <th> &nbsp &nbsp Employee Last Name &nbsp &nbsp </th>                                    <th> &nbsp &nbsp Employee e-Mail ID &nbsp &nbsp </th>                                </tr>"; global $db;$db->runQuery("select CL.id, CL.date, L.type,E.first_name,E.last_name,E.email    from customer_leads CL, leads L, employees E where CL.customer_id = $custID and        CL.employee_id = E.id and L.id = CL.id and status='$status' order by CL.date DESC;");if($db->result->num_rows > 0)    displayResults($db);else    echo"<script>location.href='myOrders.php?noOrders=1'</script>"; }if(isset($_GET['status']) && (!isset($_GET['noOrders'])))  {    $status = $_GET['status'];       switch($status)    {        case 'Open':  echo "<h1>Open Orders</h1>";myOrders('Open',$custID);            break;        case 'Closed': echo"<h1>Past Orders</h1>";myOrders('Closed',$custID);            break;    }  }if(isset($_GET['orderID']) && (!isset($_GET['noOrders'])))    {        $orderID = $_GET['orderID'];                               $db->runQuery("select CL.id, CL.date,L.description, L.status, L.type, E.first_name as 'employee_first_name',                        E.last_name as 'employee_last_name',E.email as 'employee_email' from customer_leads CL, leads L, employees E                        where CL.id = $orderID and                        CL.employee_id = E.id and L.id = CL.id;");                $rows = $db->result->fetch_object();                $pdata = json_encode($rows);    }if (isset($_GET['noOrders']))    {         echo "<h2>You donot have any orders yet.</h2>";         }?>  <div id="profileBox"></div><script type="text/javascript">showMsg('<?php get_msg(); ?>');var pdata = <?php echo $pdata; ?>;var html = '';var formhtml = '';$('#profile-h1').prepend('Order ID: ',pdata['id']);var str= ['<h3>Order Information</h3><table class="profile_sect">'];var st2= ['<h3>Edit Order Information</h3><form><table class="profile_sect">'];function nonEditable(keye){    str.push('<tr><td class="field">',keye.capitalize(),'</td><td>',pdata[keye],'</td></tr>');    st2.push('<tr><td class="field">',keye.capitalize(),'</td><td><input type=text disabled="disabled" name=',keye,' value="',pdata[keye],'"/></td></tr>');}function nonEditableID(keye){  str.push('<tr><td class="field">',keye.replace('_',' ').capitalize(),'</td> <td>',pdata[keye],'</td></tr>');  st2.push('<tr><td class="field">',keye.replace('_',' ').capitalize(),'</td><td><input type=text disabled = "disabled" name=',keye,' value="',pdata[keye],'"/></td></tr>');}function editable(keye){        str.push('<tr><td class="field">',keye.capitalize(),'</td> <td>',pdata[keye],'</td></tr>');        st2.push('<tr><td class="field">',keye.capitalize(),'</td><td><input type=text name=',keye,' value="',pdata[keye],'"/></td></tr>');}function forOrderID(keye){   str.push('<tr><td class="field">',keye.capitalize(),'</td> <td>',pdata[keye],'</td></tr>');  st2.push('<tr><td class="field">',keye.capitalize(),'</td><td><input type=text READONLY name=',keye,' value="',pdata[keye],'"/></td></tr>');}for (var key in pdata){  switch(key)      {          case 'id': forOrderID('id');               break;          case 'employee_first_name': nonEditableID('employee_first_name');               break;          case 'employee_last_name': nonEditableID('employee_last_name');               break;          case 'employee_email': nonEditableID('employee_email');               break;          case 'date': nonEditable('date');              break;          case 'type': nonEditable('type');              break;          case 'status': nonEditable('status');              break;          case 'description': editable('description');              break;      }}str.push('</table>');st2.push('</table>');html += str.join('');formhtml += st2.join('');st2 = [];formhtml += st2.join('');$('#profileBox').append( html );$('#edit-profile-link').click( function(){  if( $(this).html() == 'Edit' ){    $(this).html('Cancel');    $('#profileBox').html(formhtml);    $('#cancel-edit').click( function(){$('#edit-profile-link').click();} );  }  else{    $('#profileBox').html( html );    $(this).html('Edit');  }  return false;});</script>  <?php echo "</table></form></body></html>";get_footer(); ?>