Restore: Recover src/processors folder accidentally deleted during merge
This commit is contained in:
twotalesanimation
172
src/processors/process_trip_booking.php
Normal file
172
src/processors/process_trip_booking.php
Normal file
@@ -0,0 +1,172 @@
|
||||
<?php
|
||||
$rootPath = dirname(dirname(__DIR__));
|
||||
require_once($rootPath . "/src/config/env.php");
|
||||
require_once($rootPath . "/src/config/connection.php");
|
||||
require_once($rootPath . "/src/config/functions.php");
|
||||
session_start();
|
||||
|
||||
// Get the trip_id from the request (ensure it's sanitized)
|
||||
$trip_id = isset($_POST['trip_id']) ? intval($_POST['trip_id']) : 0;
|
||||
|
||||
checkAndRedirectBooking($trip_id);
|
||||
|
||||
// Check available spaces
|
||||
$available_spaces = getAvailableSpaces($trip_id); // Assuming you're using MySQLi and the function is updated for it
|
||||
|
||||
if ($available_spaces < 1) {
|
||||
// Redirect back to trips.php with an error message
|
||||
header("Location: trips?error=fully_booked");
|
||||
exit();
|
||||
}
|
||||
|
||||
// Get user ID from session (assuming user is logged in)
|
||||
$user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
|
||||
|
||||
// Validate user session
|
||||
if (!$user_id) {
|
||||
echo "<script>alert('User is not logged in. Please log in to make a booking.'); window.location.href = 'login.php';</script>";
|
||||
exit();
|
||||
}
|
||||
$is_member = getUserMemberStatus($user_id);
|
||||
|
||||
// Check if the form has been submitted
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
// CSRF Token Validation
|
||||
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
|
||||
auditLog($user_id, 'CSRF_VALIDATION_FAILED', 'bookings', null, ['endpoint' => 'process_trip_booking.php']);
|
||||
http_response_code(403);
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(['error' => 'Security token validation failed.']);
|
||||
exit();
|
||||
}
|
||||
|
||||
// Input variables from the form (use default values if not provided)
|
||||
$num_vehicles = validateInteger($_POST['vehicles'] ?? 1, 1, 10);
|
||||
if ($num_vehicles === false) $num_vehicles = 1;
|
||||
|
||||
$num_adults = validateInteger($_POST['adults'] ?? 1, 1, 20);
|
||||
if ($num_adults === false) $num_adults = 1;
|
||||
|
||||
$num_children = validateInteger($_POST['children'] ?? 0, 0, 20);
|
||||
if ($num_children === false) $num_children = 0;
|
||||
|
||||
$num_pensioners = validateInteger($_POST['pensioners'] ?? 0, 0, 20);
|
||||
if ($num_pensioners === false) $num_pensioners = 0;
|
||||
// Fetch trip costs from the database
|
||||
$query = "SELECT trip_name, cost_members, cost_nonmembers, cost_pensioner_member, cost_pensioner, booking_fee, start_date, end_date, trip_code FROM trips WHERE trip_id = ?";
|
||||
$stmt = $conn->prepare($query);
|
||||
$stmt->bind_param('i', $trip_id);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
// Check if trip exists
|
||||
if ($result->num_rows === 0) {
|
||||
$response = ['error' => 'Trip not found.'];
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode($response);
|
||||
exit();
|
||||
}
|
||||
|
||||
// Fetch trip details
|
||||
$trip = $result->fetch_assoc();
|
||||
$trip_code = $trip['trip_code'];
|
||||
$trip_name = $trip['trip_name'];
|
||||
$cost_members = intval($trip['cost_members']);
|
||||
$cost_nonmembers = intval($trip['cost_nonmembers']);
|
||||
$cost_pensioner_member = intval($trip['cost_pensioner_member']);
|
||||
$cost_pensioner = intval($trip['cost_pensioner']);
|
||||
$member_discount = $cost_nonmembers - $cost_members;
|
||||
$member_discount_pensioner = $cost_pensioner - $cost_pensioner_member;
|
||||
$booking_fee = $trip['booking_fee'];
|
||||
$radioCost = $radio ? 50 : 0;
|
||||
$start_date = $trip['start_date']; // Start date of the trip
|
||||
$end_date = $trip['end_date']; // End date of the trip
|
||||
|
||||
|
||||
// Assume the membership status is determined elsewhere
|
||||
$is_member = getUserMemberStatus($user_id);
|
||||
|
||||
// Initialize total and discount amount
|
||||
$total = 0;
|
||||
$discountAmount = 0;
|
||||
|
||||
// Calculate total based on membership
|
||||
if ($is_member) {
|
||||
$total = (($num_adults + $num_children) * $cost_nonmembers) + ($num_pensioners * $cost_pensioner) + $radioCost + ($num_vehicles * $booking_fee);
|
||||
$discountAmount = (($num_adults + $num_children) * $member_discount) + ($num_pensioners * $member_discount_pensioner );
|
||||
$payment_amount = $total - $discountAmount;
|
||||
} else {
|
||||
$total = (($num_adults + $num_children) * $cost_nonmembers) + ($num_pensioners * $cost_pensioner) + $radioCost + ($num_vehicles * $booking_fee);
|
||||
$payment_amount = $total;
|
||||
}
|
||||
|
||||
$status = "AWAITING PAYMENT";
|
||||
$description = $trip_name;
|
||||
$type = 'trip';
|
||||
$payment_id = uniqid();
|
||||
// $eft_id = strtoupper(base_convert(time(), 10, 36)); // Convert timestamp to base36
|
||||
$eft_id = strtoupper($trip_code." ".getInitialSurname($user_id));
|
||||
|
||||
|
||||
// Insert booking into the database
|
||||
$sql = "INSERT INTO bookings (booking_type, user_id, from_date, to_date, num_vehicles, num_adults, num_children, total_amount, discount_amount, status, payment_id, trip_id, radio, eft_id, num_pensioners)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
|
||||
$stmt = $conn->prepare($sql);
|
||||
|
||||
if (!$stmt) {
|
||||
die("Preparation failed: " . $conn->error);
|
||||
}
|
||||
|
||||
$stmt->bind_param('sissiiiddssiisi', $type, $user_id, $start_date, $end_date, $num_vehicles, $num_adults, $num_children, $total, $discountAmount, $status, $payment_id, $trip_id, $radio, $eft_id, $num_pensioners);
|
||||
|
||||
if ($stmt->execute()) {
|
||||
// Get the generated booking_id
|
||||
$booking_id = $conn->insert_id;
|
||||
|
||||
if ($payment_amount < 1) {
|
||||
if (processZeroPayment($payment_id, $payment_amount, $description)) {
|
||||
echo "<script>alert('Booking successfully created!'); window.location.href = 'bookings.php';</script>";
|
||||
} else {
|
||||
$error_message = $stmt->error;
|
||||
echo "Error processing booking: $error_message";
|
||||
}
|
||||
} else {
|
||||
addEFT($eft_id, $booking_id, $user_id, $status, $payment_amount, $description);
|
||||
sendAdminNotification('New Trip Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description);
|
||||
header("Location: payment_confirmation?token=".encryptData($booking_id, $salt));
|
||||
exit(); // Ensure no further code is executed after the redirect
|
||||
}
|
||||
} else {
|
||||
// Handle error if insert fails and echo the MySQL error
|
||||
$error_message = $stmt->error;
|
||||
echo "Error processing booking: $error_message";
|
||||
}
|
||||
|
||||
// if ($stmt->execute()) {
|
||||
// if ($payment_amount < 1) {
|
||||
// if (processZeroPayment($payment_id, $payment_amount, $description)) {
|
||||
// echo "<script>alert('Booking successfully created!'); window.location.href = 'bookings.php';</script>";
|
||||
// } else {
|
||||
// $error_message = $stmt->error;
|
||||
// echo "Error processing booking: $error_message";
|
||||
// }
|
||||
// } else {
|
||||
// if (processPayment($payment_id, $payment_amount, $description)) {
|
||||
// echo "<script>alert('Booking successfully created!'); window.location.href = 'bookings.php';</script>";
|
||||
// } else {
|
||||
// $error_message = $stmt->error;
|
||||
// echo "Error processing booking: $error_message";
|
||||
// }
|
||||
// }
|
||||
// } else {
|
||||
// // Handle error if insert fails and echo the MySQL error
|
||||
// $error_message = $stmt->error;
|
||||
// echo "Error processing booking: $error_message";
|
||||
// }
|
||||
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
} else {
|
||||
echo "Invalid request.";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user