false, 'message' => '无效的兑换ID']); exit; } // 验证权限 $employee_id = $_SESSION['employee_id']; $isAdmin = checkIfAdmin(); // 获取返点兑换详情 $sql = "SELECT rri.id, rri.order_id, rri.order_item_id, rri.product_id, rri.quantity, rri.rebate_amount, rri.rebate_rule_id, p.ProductName AS product_name, o.order_code, oi.unit, (SELECT rr.rebate_amount FROM rebate_rules rr WHERE rr.id = rri.rebate_rule_id) AS rule_amount FROM rebate_redemption_items rri JOIN products p ON rri.product_id = p.id JOIN orders o ON rri.order_id = o.id JOIN order_items oi ON rri.order_item_id = oi.id JOIN rebate_redemptions rr ON rri.redemption_id = rr.id JOIN customer c ON rr.customer_id = c.id WHERE rri.redemption_id = ?"; // 非管理员只能查看自己客户的数据 if (!$isAdmin) { $sql .= " AND c.cs_belong = $employee_id"; } $sql .= " ORDER BY o.order_code, p.ProductName"; // 使用预处理语句防止SQL注入 $stmt = $conn->prepare($sql); $stmt->bind_param("i", $redemptionId); $stmt->execute(); $result = $stmt->get_result(); if (!$result) { echo json_encode(['success' => false, 'message' => '查询失败: ' . $conn->error]); exit; } // 获取所有返点项目 $items = []; while ($row = $result->fetch_assoc()) { // 使用规则表中的单位返点金额，而不是存储的总返点金额 $unitRebate = isset($row['rule_amount']) ? $row['rule_amount'] : $row['rebate_amount']; // 计算每项的总返点金额 $totalRebate = $row['quantity'] * $unitRebate; $items[] = [ 'id' => $row['id'], 'order_id' => $row['order_id'], 'order_code' => $row['order_code'], 'product_id' => $row['product_id'], 'product_name' => htmlspecialcharsFix($row['product_name']), 'quantity' => $row['quantity'], 'unit' => $row['unit'], 'rebate_amount' => number_format($unitRebate, 2), 'total_rebate' => number_format($totalRebate, 2) ]; } // 返回JSON数据 echo json_encode([ 'success' => true, 'redemption_id' => $redemptionId, 'items' => $items, 'count' => count($items) ]); ?>