/home3/bmscom/apps.theaffluentman.com/admin/update-status.php
<?php
require_once '../config/config.php';
require_once '../config/database.php';
// Check if logged in
if (!isset($_SESSION['admin_logged_in']) || $_SESSION['admin_logged_in'] !== true) {
header('Location: login.php');
exit;
}
// Check role permissions: Only admin and tailor can update status
$user_role = $_SESSION['user_role'] ?? 'worker';
if ($user_role === 'worker') {
$_SESSION['message'] = "Permission Denied: Workers cannot update order status.";
$_SESSION['msg_type'] = "error";
header("Location: dashboard.php");
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
$status = isset($_POST['status']) ? $conn->real_escape_string($_POST['status']) : '';
if ($id > 0 && $status) {
$stmt = $conn->prepare("UPDATE orders SET status = ? WHERE id = ?");
$stmt->bind_param("si", $status, $id);
if ($stmt->execute()) {
$_SESSION['message'] = "Order status updated successfully.";
$_SESSION['msg_type'] = "success";
} else {
$_SESSION['message'] = "Error updating status: " . $conn->error;
$_SESSION['msg_type'] = "error";
}
$stmt->close();
}
// Redirect back to the order view or dashboard
header("Location: view-order.php?id=$id");
exit;
} else {
header("Location: dashboard.php");
exit;
}
?>