false, 'message' => 'Требуется авторизация']); exit(); } $user_id = $_SESSION['user_id'] ?? 0; if ($user_id == 0) { echo json_encode(['success' => false, 'message' => 'Пользователь не найден']); exit(); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $db = Database::getInstance()->getConnection(); try { $db->beginTransaction(); $customer_name = $_POST['full_name'] ?? ''; $customer_email = $_POST['email'] ?? ''; $customer_phone = $_POST['phone'] ?? ''; $delivery_address = $_POST['address'] ?? ''; $region = $_POST['region'] ?? ''; $postal_code = $_POST['postal_code'] ?? ''; $payment_method = $_POST['payment'] ?? 'card'; $delivery_method = $_POST['delivery'] ?? 'courier'; $promo_code = $_POST['promo_code'] ?? ''; $notes = $_POST['notes'] ?? ''; $discount_amount = floatval($_POST['discount'] ?? 0); $delivery_cost = floatval($_POST['delivery_price'] ?? 2000); $order_number = 'ORD-' . date('Ymd-His') . '-' . rand(1000, 9999); $cartStmt = $db->prepare(" SELECT c.product_id, c.quantity, p.name, p.price, p.stock_quantity FROM cart c JOIN products p ON c.product_id = p.product_id WHERE c.user_id = ? "); $cartStmt->execute([$user_id]); $cart_items = $cartStmt->fetchAll(); if (empty($cart_items)) { throw new Exception('Корзина пуста'); } $total_amount = 0; foreach ($cart_items as $item) { $total_amount += $item['price'] * $item['quantity']; } $final_amount = $total_amount - $discount_amount + $delivery_cost; $orderStmt = $db->prepare(" INSERT INTO orders ( user_id, order_number, subtotal, discount_amount, delivery_price, final_amount, status, payment_method, delivery_method, delivery_address, delivery_region, postal_code, promo_code, customer_name, customer_email, customer_phone, notes ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING order_id "); $orderStmt->execute([ $user_id, $order_number, $total_amount, $discount_amount, $delivery_cost, $final_amount, 'pending', $payment_method, $delivery_method, $delivery_address, $region, $postal_code, $promo_code, $customer_name, $customer_email, $customer_phone, $notes ]); $order_id = $orderStmt->fetchColumn(); foreach ($cart_items as $item) { $itemStmt = $db->prepare(" INSERT INTO order_items ( order_id, product_id, product_name, quantity, product_price, total_price ) VALUES (?, ?, ?, ?, ?, ?) "); $item_total = $item['price'] * $item['quantity']; $itemStmt->execute([ $order_id, $item['product_id'], $item['name'], $item['quantity'], $item['price'], $item_total ]); $updateStmt = $db->prepare(" UPDATE products SET stock_quantity = stock_quantity - ?, updated_at = CURRENT_TIMESTAMP WHERE product_id = ? "); $updateStmt->execute([$item['quantity'], $item['product_id']]); } $clearCartStmt = $db->prepare("DELETE FROM cart WHERE user_id = ?"); $clearCartStmt->execute([$user_id]); unset($_SESSION['cart']); $db->commit(); echo json_encode([ 'success' => true, 'order_id' => $order_id, 'order_number' => $order_number, 'message' => 'Заказ успешно оформлен' ]); exit(); } catch (Exception $e) { $db->rollBack(); echo json_encode([ 'success' => false, 'message' => $e->getMessage() ]); exit(); } } else { echo json_encode(['success' => false, 'message' => 'Неверный метод запроса']); exit(); } ?>