Fix: Use EFT ID as filename for POP uploads instead of random filename

- Changed from random filename to eft_id.pdf format for proof of payment files
- Updated sendPOP() and auditLog() calls to use new filename variable

src/processors/process_signature.php

@@ -1,4 +1,10 @@
 <?php
+ob_start(); // Start output buffering
+session_start();
+
+// Set JSON response header BEFORE any other output
+header('Content-Type: application/json');
+
 $rootPath = dirname(dirname(__DIR__));
 require_once($rootPath . "/src/config/env.php");
 require_once($rootPath . "/src/config/session.php");
@@ -6,6 +12,7 @@ require_once($rootPath . "/src/config/connection.php");
 require_once($rootPath . "/src/config/functions.php");
 
 if (!isset($_SESSION['user_id'])) {
+    ob_end_clean();
     die(json_encode(['status' => 'error', 'message' => 'User not logged in']));
 }
 
@@ -53,21 +60,25 @@ if (isset($_POST['signature'])) {
             $paymentStatus = checkMembershipPaymentStatus($user_id) ? 'PAID' : 'NOT_PAID';
 
             // Respond with the appropriate redirect URL based on the payment status
+            ob_end_clean();
             echo json_encode([
                 'status' => 'success',
                 'message' => 'Signature saved successfully!',
                 'paymentStatus' => $paymentStatus // Send payment status
             ]);
         } else {
+            ob_end_clean();
             echo json_encode(['status' => 'error', 'message' => 'Database update failed']);
         }
 
         $stmt->close();
         $conn->close();
     } else {
+        ob_end_clean();
         echo json_encode(['status' => 'error', 'message' => 'Failed to save signature']);
     }
 } else {
+    ob_end_clean();
     echo json_encode(['status' => 'error', 'message' => 'Signature not provided']);
 }
 

src/processors/submit_pop.php

@@ -1,7 +1,10 @@
 <?php
+ob_start(); // Start output buffering to allow headers before output
 $headerStyle = 'light';
 $rootPath = dirname(dirname(__DIR__));
-include_once($rootPath . '/header.php');
+require_once($rootPath . "/src/config/env.php");
+require_once($rootPath . "/src/config/session.php");
+include_once($rootPath . '/src/config/connection.php');
 require_once($rootPath . "/src/config/functions.php");
 checkUserSession();
 
@@ -11,7 +14,8 @@ if (!$user_id) {
     die("Not logged in.");
 }
 
-// Handle POST submission
+// Handle POST submission BEFORE including header
+$redirect_url = null;
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     // CSRF Token Validation
     if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
@@ -35,8 +39,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     }
     
     $target_dir = $rootPath . "/src/processors/uploads/pop/";
-    $randomFilename = $validationResult['filename'];
-    $target_file = $target_dir . $randomFilename;
+    // Use EFT ID as filename instead of random filename
+    $filename = $eft_id . '.pdf';
+    $target_file = $target_dir . $filename;
     
     // Make sure target directory exists and writable
     if (!is_dir($target_dir)) {
@@ -91,15 +96,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $description = "Payment";
         }
 
-        if (sendPOP($fullname, $randomFilename, $amount, $description)) {
+        if (sendPOP($fullname, $filename, $amount, $description)) {
             $_SESSION['message'] = "Thank you! Your payment proof has been uploaded and notification sent.";
         } else {
             $_SESSION['message'] = "Payment uploaded, but notification email could not be sent.";
         }
         
         // Log the action
-        auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $randomFilename, 'payment_type' => $payment_type]);
+        auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $filename, 'payment_type' => $payment_type]);
 
+        $redirect_url = 'bookings';
+        ob_end_clean();
         header("Location: bookings");
         exit;
 
@@ -109,6 +116,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     }
 }
 
+// Now that POST is handled, include header for display
+include_once($rootPath . '/header.php');
 
 // Fetch bookings for dropdown
 $stmt = $conn->prepare("