Restore: Recover src/processors folder accidentally deleted during merge

2025-12-04 15:19:52 +02:00
parent be2b757f4e
commit ac460ef97f
24 changed files with 2161 additions and 0 deletions
--- a/src/processors/process_eft.php
+++ b/src/processors/process_eft.php
@@ -0,0 +1,99 @@
+<?php
+$rootPath = dirname(dirname(__DIR__));
+require_once($rootPath . "/src/config/env.php");
+require_once($rootPath . "/src/config/session.php");
+require_once($rootPath . "/src/config/connection.php");
+require_once($rootPath . "/src/config/functions.php");
+checkAdmin();
+
+// CSRF Token Validation for POST requests
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
+        auditLog($_SESSION['user_id'] ?? null, 'CSRF_VALIDATION_FAILED', 'efts', null, ['endpoint' => 'process_eft.php']);
+        http_response_code(403);
+        die('Security token validation failed.');
+    }
+}
+
+if (!isset($_GET['token']) || empty($_GET['token'])) {
+    die("Invalid request.");
+}
+
+$token = $_GET['token'];
+// echo $token;
+$eft_id = decryptData($token, $salt);
+$user = getUserIdFromEFT($eft_id);
+
+// echo $eft_id;
+// Start transaction for atomicity
+$conn->begin_transaction();
+
+try {
+    // Update the efts table to set status = 'PAID'
+    $updateEFT = "UPDATE efts SET status = 'PAID' WHERE eft_id = ?";
+    $stmt = $conn->prepare($updateEFT);
+    if (!$stmt) {
+        throw new Exception("Prepare failed: " . $conn->error);
+    }
+
+    $stmt->bind_param("s", $eft_id);
+    if (!$stmt->execute()) {
+        throw new Exception("EFT update failed: " . $stmt->error);
+    }
+    $stmt->close();
+
+    // Retrieve the booking_id from efts table
+    $getBooking = "SELECT booking_id FROM efts WHERE eft_id = ?";
+    $stmt = $conn->prepare($getBooking);
+    if (!$stmt) {
+        throw new Exception("Prepare failed: " . $conn->error);
+    }
+
+    $stmt->bind_param("s", $eft_id);
+    $stmt->execute();
+    $stmt->bind_result($booking_id);
+    $stmt->fetch();
+    $stmt->close();
+
+    if (!empty($booking_id)) {
+        // Update the bookings table if booking_id exists
+        $updateBooking = "UPDATE bookings SET status = 'PAID' WHERE booking_id = ?";
+        $stmt = $conn->prepare($updateBooking);
+        if (!$stmt) {
+            throw new Exception("Prepare failed: " . $conn->error);
+        }
+
+        $stmt->bind_param("i", $booking_id);
+        if (!$stmt->execute()) {
+            throw new Exception("Booking update failed: " . $stmt->error);
+        }
+    } else {
+        // If no booking_id is found, update membership_fees instead
+        $updateMembership = "UPDATE membership_fees SET payment_status = 'PAID' WHERE payment_id = ?";
+        $stmt = $conn->prepare($updateMembership);
+        if (!$stmt) {
+            throw new Exception("Prepare failed: " . $conn->error);
+        }
+
+        $stmt->bind_param("s", $eft_id);
+        if (!$stmt->execute()) {
+            throw new Exception("Membership fee update failed: " . $stmt->error);
+        }
+    }
+    $stmt->close();
+
+    // Commit transaction if everything was successful
+    $conn->commit();
+    sendPaymentConfirmation(getEmail($user), getFullName($user), getEftDescription($eft_id));
+    header("Location: admin_efts");
+    exit(); // Ensure no further code is executed after the redirect
+} catch (Exception $e) {
+    // Rollback transaction if an error occurs
+    $conn->rollback();
+    echo "Error: " . $e->getMessage();
+}
+
+
+// Close database connection
+$conn->close();
+