Update: Add publish/unpublish button to admin trips table and improve table styling

2025-12-04 18:35:36 +02:00
parent d81d74a7c7
commit fdeaf85bf0
12 changed files with 350 additions and 134 deletions
--- a/src/processors/delete_trip.php
+++ b/src/processors/delete_trip.php
@@ -9,7 +9,14 @@ require_once($rootPath . '/src/config/connection.php');

 // Check admin status
 session_start();
-if (empty($_SESSION['user_id']) || !in_array($_SESSION['role'] ?? '', ['admin', 'superadmin'])) {
+if (empty($_SESSION['user_id'])) {
+    ob_end_clean();
+    echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
+    exit;
+}
+
+$user_role = getUserRole();
+if (!in_array($user_role, ['admin', 'superadmin'])) {
    ob_end_clean();
    echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
    exit;
--- a/src/processors/process_trip.php
+++ b/src/processors/process_trip.php
@@ -9,11 +9,18 @@ require_once($rootPath . '/src/config/connection.php');

 // Check admin status
 session_start();
-// if (empty($_SESSION['user_id']) || !in_array($_SESSION['role'] ?? '', ['admin', 'superadmin'])) {
-//     ob_end_clean();
-//     echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
-//     exit;
-// }
+if (empty($_SESSION['user_id'])) {
+    ob_end_clean();
+    echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
+    exit;
+}
+
+$user_role = getUserRole();
+if (!in_array($user_role, ['admin', 'superadmin'])) {
+    ob_end_clean();
+    echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
+    exit;
+}

 // // Validate CSRF token
 // if (empty($_POST['csrf_token']) || $_POST['csrf_token'] !== ($_SESSION['csrf_token'] ?? '')) {
@@ -39,8 +46,8 @@ try {
    $booking_fee = floatval($_POST['booking_fee'] ?? 0);

    // Debug: Log received values
-    error_log("START_DATE: " . var_export($start_date, true), 3, $rootPath . "/logs/trip_debug.log");
-    error_log("END_DATE: " . var_export($end_date, true), 3, $rootPath . "/logs/trip_debug.log");
+    // error_log("START_DATE: " . var_export($start_date, true), 3, $rootPath . "/logs/trip_debug.log");
+    // error_log("END_DATE: " . var_export($end_date, true), 3, $rootPath . "/logs/trip_debug.log");

    // Validation
    if (empty($trip_name) || empty($location) || empty($start_date) || empty($end_date)) {
@@ -104,17 +111,18 @@ try {
            UPDATE trips SET
                trip_name = ?, location = ?, trip_code = ?, vehicle_capacity = ?,
                start_date = ?, end_date = ?, short_description = ?, long_description = ?,
-                cost_members = ?, cost_nonmembers = ?, cost_pensioner_member = ?,
-                cost_pensioner = ?, booking_fee = ?
+                cost_members = ?, cost_nonmembers = ?, cost_pensioner_member = ?, cost_pensioner = ?,
+                booking_fee = ?
            WHERE trip_id = ?
        ");

        $stmt->bind_param(
-            "sssissssddddi",
+            "sssissssdddddi",
            $trip_name, $location, $trip_code, $vehicle_capacity,
            $start_date, $end_date, $short_description, $long_description,
-            $cost_members, $cost_nonmembers, $cost_pensioner_member,
-            $cost_pensioner, $booking_fee, $trip_id
+            $cost_members, $cost_nonmembers, $cost_pensioner_member, $cost_pensioner,
+            $booking_fee,
+            $trip_id
        );

        if (!$stmt->execute()) {
--- a/src/processors/process_trip_booking.php
+++ b/src/processors/process_trip_booking.php
@@ -132,6 +132,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            }
        } else {
            addEFT($eft_id, $booking_id, $user_id, $status, $payment_amount, $description);
+            sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
            sendAdminNotification('New Trip Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description);
            header("Location: payment_confirmation?token=".encryptData($booking_id, $salt));
            exit(); // Ensure no further code is executed after the redirect
--- a/src/processors/submit_pop.php
+++ b/src/processors/submit_pop.php
@@ -39,8 +39,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    }
    
    $target_dir = $rootPath . "/uploads/pop/";
-    // Use EFT ID as filename instead of random filename
-    $filename = $eft_id . '.pdf';
+    // Use EFT ID as filename instead of random filename, replace spaces with underscores
+    $filename = str_replace(' ', '_', $eft_id) . '.pdf';
    $target_file = $target_dir . $filename;
    
    // Make sure target directory exists and writable
--- a/src/processors/toggle_trip_published.php
+++ b/src/processors/toggle_trip_published.php
@@ -9,7 +9,14 @@ require_once($rootPath . '/src/config/connection.php');

 // Check admin status
 session_start();
-if (empty($_SESSION['user_id']) || !in_array($_SESSION['role'] ?? '', ['admin', 'superadmin'])) {
+if (empty($_SESSION['user_id'])) {
+    ob_end_clean();
+    echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
+    exit;
+}
+
+$user_role = getUserRole();
+if (!in_array($user_role, ['admin', 'superadmin'])) {
    ob_end_clean();
    echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
    exit;