Fix: Use EFT ID as filename for POP uploads instead of random filename

- Changed from random filename to eft_id.pdf format for proof of payment files
- Updated sendPOP() and auditLog() calls to use new filename variable

src/pages/other/account_settings.php

@@ -168,24 +168,22 @@ $user = $result->fetch_assoc();
                 data: formData,
                 contentType: false,
                 processData: false,
+                dataType: 'json',
                 success: function(response) {
-                    // Parse response if needed
-                    if (typeof response === "string") {
-                        response = JSON.parse(response);
-                    }
-
                     if (response.status === 'success') {
-                        // Update the profile picture source with cache-busting query string
-                        // Reload the current page
-                        window.location.reload();
-
                         $('#responseMessage').html('<div class="alert alert-success">' + response.message + '</div>');
+                        // Reload the current page after a short delay
+                        setTimeout(function() {
+                            window.location.reload();
+                        }, 1500);
                     } else {
                         $('#responseMessage').html('<div class="alert alert-danger">' + response.message + '</div>');
                     }
                 },
-                error: function() {
+                error: function(xhr, status, error) {
-                    $('#responseMessage').html('<div class="alert alert-danger">Error uploading profile picture.</div>');
+                    console.log('AJAX Error:', status, error);
+                    console.log('Response Text:', xhr.responseText);
+                    $('#responseMessage').html('<div class="alert alert-danger">Error uploading profile picture: ' + error + '</div>');
                 }
             });
         });

src/processors/process_signature.php

@@ -1,4 +1,10 @@
 <?php
+ob_start(); // Start output buffering
+session_start();
+
+// Set JSON response header BEFORE any other output
+header('Content-Type: application/json');
+
 $rootPath = dirname(dirname(__DIR__));
 require_once($rootPath . "/src/config/env.php");
 require_once($rootPath . "/src/config/session.php");
@@ -6,6 +12,7 @@ require_once($rootPath . "/src/config/connection.php");
 require_once($rootPath . "/src/config/functions.php");
 
 if (!isset($_SESSION['user_id'])) {
+    ob_end_clean();
     die(json_encode(['status' => 'error', 'message' => 'User not logged in']));
 }
 
@@ -53,21 +60,25 @@ if (isset($_POST['signature'])) {
             $paymentStatus = checkMembershipPaymentStatus($user_id) ? 'PAID' : 'NOT_PAID';
 
             // Respond with the appropriate redirect URL based on the payment status
+            ob_end_clean();
             echo json_encode([
                 'status' => 'success',
                 'message' => 'Signature saved successfully!',
                 'paymentStatus' => $paymentStatus // Send payment status
             ]);
         } else {
+            ob_end_clean();
             echo json_encode(['status' => 'error', 'message' => 'Database update failed']);
         }
 
         $stmt->close();
         $conn->close();
     } else {
+        ob_end_clean();
         echo json_encode(['status' => 'error', 'message' => 'Failed to save signature']);
     }
 } else {
+    ob_end_clean();
     echo json_encode(['status' => 'error', 'message' => 'Signature not provided']);
 }
 

src/processors/submit_pop.php

@@ -1,7 +1,10 @@
 <?php
+ob_start(); // Start output buffering to allow headers before output
 $headerStyle = 'light';
 $rootPath = dirname(dirname(__DIR__));
-include_once($rootPath . '/header.php');
+require_once($rootPath . "/src/config/env.php");
+require_once($rootPath . "/src/config/session.php");
+include_once($rootPath . '/src/config/connection.php');
 require_once($rootPath . "/src/config/functions.php");
 checkUserSession();
 
@@ -11,7 +14,8 @@ if (!$user_id) {
     die("Not logged in.");
 }
 
-// Handle POST submission
+// Handle POST submission BEFORE including header
+$redirect_url = null;
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     // CSRF Token Validation
     if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
@@ -35,8 +39,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     }
     
     $target_dir = $rootPath . "/src/processors/uploads/pop/";
-    $randomFilename = $validationResult['filename'];
+    // Use EFT ID as filename instead of random filename
-    $target_file = $target_dir . $randomFilename;
+    $filename = $eft_id . '.pdf';
+    $target_file = $target_dir . $filename;
     
     // Make sure target directory exists and writable
     if (!is_dir($target_dir)) {
@@ -91,15 +96,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $description = "Payment";
         }
 
-        if (sendPOP($fullname, $randomFilename, $amount, $description)) {
+        if (sendPOP($fullname, $filename, $amount, $description)) {
             $_SESSION['message'] = "Thank you! Your payment proof has been uploaded and notification sent.";
         } else {
             $_SESSION['message'] = "Payment uploaded, but notification email could not be sent.";
         }
         
         // Log the action
-        auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $randomFilename, 'payment_type' => $payment_type]);
+        auditLog($user_id, 'POP_UPLOAD', 'efts', $eft_id, ['filename' => $filename, 'payment_type' => $payment_type]);
 
+        $redirect_url = 'bookings';
+        ob_end_clean();
         header("Location: bookings");
         exit;
 
@@ -109,6 +116,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     }
 }
 
+// Now that POST is handled, include header for display
+include_once($rootPath . '/header.php');
 
 // Fetch bookings for dropdown
 $stmt = $conn->prepare("

src/processors/upload_profile_picture.php

@@ -1,9 +1,20 @@
 <?php
+ob_start(); // Start output buffering
 session_start();
+
+// Set JSON response header BEFORE any other output
+header('Content-Type: application/json');
+
 $rootPath = dirname(dirname(__DIR__));
+require_once($rootPath . "/src/config/env.php");
+require_once($rootPath . "/src/config/session.php");
 include_once($rootPath . '/src/config/connection.php');
 require_once($rootPath . "/src/config/functions.php");
-require_once($rootPath . "/src/config/env.php");
+
+// Check database connection
+if (!isset($conn) || $conn === null) {
+    die(json_encode(['status' => 'error', 'message' => 'Database connection failed']));
+}
 
 $response = array('status' => 'error', 'message' => 'Something went wrong');
 
@@ -69,16 +80,18 @@ if (isset($_FILES['profile_picture']) && $_FILES['profile_picture']['error'] !=
             // Log the action
             auditLog($user_id, 'PROFILE_PIC_UPLOAD', 'users', $user_id, ['filename' => $randomFilename]);
         } else {
-            $response['message'] = 'Failed to update profile picture in the database';
+            $response['message'] = 'Failed to update profile picture in the database: ' . $stmt->error;
         }
         $stmt->close();
     } else {
-        $response['message'] = 'Failed to move uploaded file.';
+        $response['message'] = 'Failed to move uploaded file. Error code: ' . $_FILES['profile_picture']['error'];
     }
 } else {
     $response['message'] = 'No file uploaded or file error.';
 }
 
+// Clean output buffer and send only JSON
+ob_end_clean();
 echo json_encode($response);
 ?>