TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Use EFT ID as filename for POP uploads instead of random filename

Browse Source 
- Changed from random filename to eft_id.pdf format for proof of payment files
- Updated sendPOP() and auditLog() calls to use new filename variable
This commit is contained in:
twotalesanimation
2025-12-04 16:11:37 +02:00
parent 716de2f0e9
commit 5f1a6bc441
4 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/processors/process_signature.php
View File

@@ -1,4 +1,10 @@
<?php
ob_start(); // Start output buffering
session_start();
// Set JSON response header BEFORE any other output
header('Content-Type: application/json');
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/session.php");
@@ -6,6 +12,7 @@ require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
if (!isset($_SESSION['user_id'])) {
ob_end_clean();
die(json_encode(['status' => 'error', 'message' => 'User not logged in']));
}
@@ -53,21 +60,25 @@ if (isset($_POST['signature'])) {
$paymentStatus = checkMembershipPaymentStatus($user_id) ? 'PAID' : 'NOT_PAID';
// Respond with the appropriate redirect URL based on the payment status
ob_end_clean();
echo json_encode([
'status' => 'success',
'message' => 'Signature saved successfully!',
'paymentStatus' => $paymentStatus // Send payment status
]);
} else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Database update failed']);
}
$stmt->close();
$conn->close();
} else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Failed to save signature']);
}
} else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Signature not provided']);
}

21
src/processors/submit_pop.php
View File

@@ -1,7 +1,10 @@
<?php
ob_start(); // Start output buffering to allow headers before output
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/session.php");
include_once($rootPath . '/src/config/connection.php');
require_once($rootPath . "/src/config/functions.php");
checkUserSession();
@@ -11,7 +14,8 @@ if (!$user_id) {
die("Not logged in.");
}
// Handle POST submission
// Handle POST submission BEFORE including header
$redirect_url = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
@@ -35,8 +39,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
$target_dir = $rootPath . "/src/processors/uploads/pop/";
$randomFilename = $validationResult['filename'];
$target_file = $target_dir . $randomFilename;
// Use EFT ID as filename instead of random filename
$filename = $eft_id . '.pdf';
$target_file = $target_dir . $filename;
// Make sure target directory exists and writable
if (!is_dir($target_dir)) {
@@ -91,15 +96,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$description = "Payment";
}
if (sendPOP($fullname, $randomFilename, $amount, $description)) {
if (sendPOP($fullname, $filename, $amount, $description)) {
$_SESSION['message'] = "Thank you! Your payment proof has been uploaded and notification sent.";
} else {
$_SESSION['message'] = "Payment uploaded, but notification email could not be sent.";
}
// Log the action
auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $randomFilename, 'payment_type' => $payment_type]);
auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $filename, 'payment_type' => $payment_type]);
$redirect_url = 'bookings';
ob_end_clean();
header("Location: bookings");
exit;
@@ -109,6 +116,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
// Now that POST is handled, include header for display
include_once($rootPath . '/header.php');
// Fetch bookings for dropdown
$stmt = $conn->prepare("