TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Use EFT ID as filename for POP uploads instead of random filename

Browse Source 
- Changed from random filename to eft_id.pdf format for proof of payment files
- Updated sendPOP() and auditLog() calls to use new filename variable
This commit is contained in:
twotalesanimation
2025-12-04 16:11:37 +02:00
parent 716de2f0e9
commit 5f1a6bc441
4 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/images/pp/2f40af86bfbe04a5c83bbb6cdf1c1e6b.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 291 KiB

BIN
assets/images/pp/8bc567fbcdffcf5823845740a54d5e6d.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 170 KiB

11
src/processors/process_signature.php
View File

@@ -1,4 +1,10 @@
<?php <?php
ob_start(); // Start output buffering
session_start();
// Set JSON response header BEFORE any other output
header('Content-Type: application/json');
$rootPath = dirname(dirname(__DIR__)); $rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php"); require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/session.php"); require_once($rootPath . "/src/config/session.php");
@@ -6,6 +12,7 @@ require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php"); require_once($rootPath . "/src/config/functions.php");
if (!isset($_SESSION['user_id'])) { if (!isset($_SESSION['user_id'])) {
ob_end_clean();
die(json_encode(['status' => 'error', 'message' => 'User not logged in'])); die(json_encode(['status' => 'error', 'message' => 'User not logged in']));
} }
@@ -53,21 +60,25 @@ if (isset($_POST['signature'])) {
$paymentStatus = checkMembershipPaymentStatus($user_id) ? 'PAID' : 'NOT_PAID'; $paymentStatus = checkMembershipPaymentStatus($user_id) ? 'PAID' : 'NOT_PAID';
// Respond with the appropriate redirect URL based on the payment status // Respond with the appropriate redirect URL based on the payment status
ob_end_clean();
echo json_encode([ echo json_encode([
'status' => 'success', 'status' => 'success',
'message' => 'Signature saved successfully!', 'message' => 'Signature saved successfully!',
'paymentStatus' => $paymentStatus // Send payment status 'paymentStatus' => $paymentStatus // Send payment status
]); ]);
} else { } else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Database update failed']); echo json_encode(['status' => 'error', 'message' => 'Database update failed']);
} }
$stmt->close(); $stmt->close();
$conn->close(); $conn->close();
} else { } else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Failed to save signature']); echo json_encode(['status' => 'error', 'message' => 'Failed to save signature']);
} }
} else { } else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Signature not provided']); echo json_encode(['status' => 'error', 'message' => 'Signature not provided']);
} }

21
src/processors/submit_pop.php
View File

@@ -1,7 +1,10 @@
<?php <?php
ob_start(); // Start output buffering to allow headers before output
$headerStyle = 'light'; $headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__)); $rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php'); require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/session.php");
include_once($rootPath . '/src/config/connection.php');
require_once($rootPath . "/src/config/functions.php"); require_once($rootPath . "/src/config/functions.php");
checkUserSession(); checkUserSession();
@@ -11,7 +14,8 @@ if (!$user_id) {
die("Not logged in."); die("Not logged in.");
} }
// Handle POST submission // Handle POST submission BEFORE including header
$redirect_url = null;
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// CSRF Token Validation // CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) { if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
@@ -35,8 +39,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
$target_dir = $rootPath . "/src/processors/uploads/pop/"; $target_dir = $rootPath . "/src/processors/uploads/pop/";
$randomFilename = $validationResult['filename']; // Use EFT ID as filename instead of random filename
$target_file = $target_dir . $randomFilename; $filename = $eft_id . '.pdf';
$target_file = $target_dir . $filename;
// Make sure target directory exists and writable // Make sure target directory exists and writable
if (!is_dir($target_dir)) { if (!is_dir($target_dir)) {
@@ -91,15 +96,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$description = "Payment"; $description = "Payment";
} }
if (sendPOP($fullname, $randomFilename, $amount, $description)) { if (sendPOP($fullname, $filename, $amount, $description)) {
$_SESSION['message'] = "Thank you! Your payment proof has been uploaded and notification sent."; $_SESSION['message'] = "Thank you! Your payment proof has been uploaded and notification sent.";
} else { } else {
$_SESSION['message'] = "Payment uploaded, but notification email could not be sent."; $_SESSION['message'] = "Payment uploaded, but notification email could not be sent.";
} }
// Log the action // Log the action
auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $randomFilename, 'payment_type' => $payment_type]); auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $filename, 'payment_type' => $payment_type]);
$redirect_url = 'bookings';
ob_end_clean();
header("Location: bookings"); header("Location: bookings");
exit; exit;
@@ -109,6 +116,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
} }
// Now that POST is handled, include header for display
include_once($rootPath . '/header.php');
// Fetch bookings for dropdown // Fetch bookings for dropdown
$stmt = $conn->prepare(" $stmt = $conn->prepare("