TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Use EFT ID as filename for POP uploads instead of random filename

Browse Source 
- Changed from random filename to eft_id.pdf format for proof of payment files
- Updated sendPOP() and auditLog() calls to use new filename variable
This commit is contained in:
twotalesanimation
2025-12-04 16:11:37 +02:00
parent 716de2f0e9
commit 5f1a6bc441
4 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/processors/submit_pop.php
View File

@@ -1,7 +1,10 @@
<?php
ob_start(); // Start output buffering to allow headers before output
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/session.php");
include_once($rootPath . '/src/config/connection.php');
require_once($rootPath . "/src/config/functions.php");
checkUserSession();
@@ -11,7 +14,8 @@ if (!$user_id) {
die("Not logged in.");
}
// Handle POST submission
// Handle POST submission BEFORE including header
$redirect_url = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
@@ -35,8 +39,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
$target_dir = $rootPath . "/src/processors/uploads/pop/";
$randomFilename = $validationResult['filename'];
$target_file = $target_dir . $randomFilename;
// Use EFT ID as filename instead of random filename
$filename = $eft_id . '.pdf';
$target_file = $target_dir . $filename;
// Make sure target directory exists and writable
if (!is_dir($target_dir)) {
@@ -91,15 +96,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$description = "Payment";
}
if (sendPOP($fullname, $randomFilename, $amount, $description)) {
if (sendPOP($fullname, $filename, $amount, $description)) {
$_SESSION['message'] = "Thank you! Your payment proof has been uploaded and notification sent.";
} else {
$_SESSION['message'] = "Payment uploaded, but notification email could not be sent.";
}
// Log the action
auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $randomFilename, 'payment_type' => $payment_type]);
auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $filename, 'payment_type' => $payment_type]);
$redirect_url = 'bookings';
ob_end_clean();
header("Location: bookings");
exit;
@@ -109,6 +116,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
// Now that POST is handled, include header for display
include_once($rootPath . '/header.php');
// Fetch bookings for dropdown
$stmt = $conn->prepare("