TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: TwoTalesDev:feature/ikhokha2
Branches Tags
TwoTalesDev:main TwoTalesDev:feature/ikhokha2 TwoTalesDev:feature/blog-2026 TwoTalesDev:feature/photo-gallery TwoTalesDev:feature/events TwoTalesDev:feature/campsite-updates TwoTalesDev:feature/trip-publisher TwoTalesDev:feature/site-cleanup TwoTalesDev:feature/site-restructure TwoTalesDev:feature/blog-posts TwoTalesDev:feature/pop_submit TwoTalesDev:feature/homepage_sponsor
...
compare: TwoTalesDev:d5feaacddf0446d41b2028b4d9f3e3ae16422856
Branches Tags
TwoTalesDev:main TwoTalesDev:feature/ikhokha2 TwoTalesDev:feature/blog-2026 TwoTalesDev:feature/photo-gallery TwoTalesDev:feature/events TwoTalesDev:feature/campsite-updates TwoTalesDev:feature/trip-publisher TwoTalesDev:feature/site-cleanup TwoTalesDev:feature/site-restructure TwoTalesDev:feature/blog-posts TwoTalesDev:feature/pop_submit TwoTalesDev:feature/homepage_sponsor

9 Commits
feature/ik ... d5feaacddf

Author SHA1 Message Date
twotalesanimation
d5feaacddf consolodated admin pages 2025-12-17 12:42:09 +02:00
twotalesanimation
927f9f3fe1 whatsapp button added 2025-12-16 23:00:30 +02:00
twotalesanimation
1b47cb0a69 Implementation of Notification System #2 2025-12-16 22:48:19 +02:00
twotalesanimation
7ebc2f64cf Implementation of Notification System 2025-12-16 22:40:24 +02:00
twotalesanimation
ebd7efe21c added auto course codes 2025-12-15 18:07:11 +02:00
twotalesanimation
6ff20c1ffc added admin course creation 2025-12-15 16:57:11 +02:00
twotalesanimation
35c177b11d htacces update 2025-12-15 15:52:25 +02:00
twotalesanimation
acd7f563b1 added transaction table, fixed signature auth. Monitor for bugs before rmoving bypass 2025-12-15 15:51:11 +02:00
twotalesanimation
5768d8a7af Merge branch 'ikhokha2' into main 2025-12-15 10:54:31 +02:00
34 changed files with 2186 additions and 1813 deletions
Expand all files Collapse all files

11
.htaccess
View File

@@ -86,6 +86,8 @@ RewriteRule ^failure$ src/pages/payment/failure.php [L]
RewriteRule ^cancel$ src/pages/payment/cancel.php [L]
# === ADMIN PAGES ===
RewriteRule ^admin_trips_events_courses$ src/admin/admin_trips_events_courses.php [L]
RewriteRule ^admin_bookings$ src/admin/admin_bookings.php [L]
RewriteRule ^admin_members$ src/admin/admin_members.php [L]
RewriteRule ^admin_payments$ src/admin/admin_payments.php [L]
RewriteRule ^admin_web_users$ src/admin/admin_web_users.php [L]
@@ -94,10 +96,13 @@ RewriteRule ^admin_course_bookings$ src/admin/admin_course_bookings.php [L]
RewriteRule ^admin_camp_bookings$ src/admin/admin_camp_bookings.php [L]
RewriteRule ^admin_trip_bookings$ src/admin/admin_trip_bookings.php [L]
RewriteRule ^admin_visitors$ src/admin/admin_visitors.php [L]
RewriteRule ^admin_efts$ src/admin/admin_efts.php [L]
RewriteRule ^admin_transactions$ src/admin/admin_transactions.php [L]
RewriteRule ^admin_trips$ src/admin/admin_trips.php [L]
RewriteRule ^manage_events$ src/admin/manage_events.php [L]
RewriteRule ^manage_trips$ src/admin/manage_trips.php [L]
RewriteRule ^admin_courses$ /src/admin/admin_courses.php [L,QSA]
RewriteRule ^manage_courses$ /src/admin/manage_courses.php [L,QSA]
# === API/AJAX ENDPOINTS ===
RewriteRule ^fetch_users$ src/api/fetch_users.php [L]
@@ -108,6 +113,8 @@ RewriteRule ^get_tab_total$ src/api/get_tab_total.php [L]
RewriteRule ^google_validate_login$ src/api/google_validate_login.php [L]
# === PROCESSORS ===
RewriteRule ^process_course$ /src/processors/process_course.php [L,QSA]
RewriteRule ^delete_course$ /src/processors/delete_course.php [L,QSA]
RewriteRule ^validate_login$ src/processors/validate_login.php [L]
RewriteRule ^register_user$ src/processors/register_user.php [L]
RewriteRule ^process_application$ src/processors/process_application.php [L]
@@ -142,7 +149,7 @@ RewriteRule ^link_membership_user$ src/processors/link_membership_user.php [L]
RewriteRule ^unlink_membership_user$ src/processors/unlink_membership_user.php [L]
# Blog routes
RewriteRule ^admin_blogs$ src/pages/blog/admin_blogs.php [L]
RewriteRule ^admin_blogs$ src/admin/admin_blogs.php [L]
RewriteRule ^user_blogs$ src/pages/blog/user_blogs.php [L]
RewriteRule ^blog_read$ src/pages/blog/blog_read.php [L]
RewriteRule ^blog_edit$ src/pages/blog/blog_edit.php [L]

215
.htaccess copy
View File

@@ -1,215 +0,0 @@
# URL Rewrite Rules - Maps old URLs to new directory structure during migration
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Don't rewrite existing files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# === STRIP .PHP EXTENSION ===
# Redirect /page.php to /page (301 permanent redirect)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)\.php$ /$1 [R=301,L]
# Internally rewrite /page to /page.php if page.php exists
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.+)$ $1.php [L]
# === AUTH PAGES ===
RewriteRule ^login$ src/pages/auth/login.php [L]
RewriteRule ^register$ src/pages/auth/register.php [L]
RewriteRule ^forgot_password$ src/pages/auth/forgot_password.php [L]
RewriteRule ^reset_password$ src/pages/auth/reset_password.php [L]
RewriteRule ^verify$ src/pages/auth/verify.php [L]
RewriteRule ^resend_verification$ src/pages/auth/resend_verification.php [L]
RewriteRule ^change_password$ src/pages/auth/change_password.php [L]
RewriteRule ^update_password$ src/pages/auth/update_password.php [L]
# === MEMBERSHIP PAGES ===
RewriteRule ^membership$ src/pages/memberships/membership.php [L]
RewriteRule ^membership_details$ src/pages/memberships/membership_details.php [L]
RewriteRule ^membership_application$ src/pages/memberships/membership_application.php [L]
RewriteRule ^membership_payment$ src/pages/memberships/membership_payment.php [L]
RewriteRule ^renew_membership$ src/pages/memberships/renew_membership.php [L]
RewriteRule ^member_info$ src/pages/memberships/member_info.php [L]
# === BOOKING PAGES ===
RewriteRule ^bookings$ src/pages/bookings/bookings.php [L]
RewriteRule ^campsites$ src/pages/bookings/campsites.php [L]
RewriteRule ^campsite_booking$ src/pages/bookings/campsite_booking.php [L]
RewriteRule ^add_campsite$ src/pages/add_campsite.php [L]
RewriteRule ^trips$ src/pages/bookings/trips.php [L]
RewriteRule ^trip-details$ src/pages/bookings/trip-details.php [L]
RewriteRule ^course_details$ src/pages/bookings/course_details.php [L]
RewriteRule ^driver_training$ src/pages/bookings/driver_training.php [L]
# === SHOP PAGES ===
RewriteRule ^view_cart$ src/pages/shop/view_cart.php [L]
RewriteRule ^add_to_cart$ src/pages/shop/add_to_cart.php [L]
RewriteRule ^bar_tabs$ src/pages/shop/bar_tabs.php [L]
RewriteRule ^payment_confirmation$ src/pages/shop/payment_confirmation.php [L]
RewriteRule ^confirm$ src/pages/shop/confirm.php [L]
RewriteRule ^confirm2$ src/pages/shop/confirm2.php [L]
# === GALLERY PAGES ===
RewriteRule ^gallery$ src/pages/gallery/gallery.php [L]
RewriteRule ^create_album$ src/pages/gallery/create_album.php [L]
RewriteRule ^edit_album$ src/pages/gallery/create_album.php [L]
RewriteRule ^view_album$ src/pages/gallery/view_album.php [L]
# === EVENTS & BLOG PAGES ===
RewriteRule ^events$ src/pages/events/events.php [L]
RewriteRule ^blog$ src/pages/blog/blog.php [L]
RewriteRule ^blog_details$ src/pages/blog/blog_details.php [L]
RewriteRule ^best_of_the_eastern_cape_2024$ src/pages/events/best_of_the_eastern_cape_2024.php [L]
RewriteRule ^2025_agm_minutes$ src/pages/events/2025_agm_minutes.php [L]
RewriteRule ^agm_content$ src/pages/events/agm_content.php [L]
RewriteRule ^instapage$ src/pages/events/instapage.php [L]
# === OTHER PAGES ===
RewriteRule ^about$ src/pages/other/about.php [L]
RewriteRule ^contact$ src/pages/other/contact.php [L]
RewriteRule ^privacy_policy$ src/pages/other/privacy_policy.php [L]
RewriteRule ^track-map$ src/pages/track-map.php [L]
RewriteRule ^404$ src/pages/other/404.php [L]
RewriteRule ^account_settings$ src/pages/other/account_settings.php [L]
RewriteRule ^rescue_recovery$ src/pages/other/rescue_recovery.php [L]
RewriteRule ^bush_mechanics$ src/pages/other/bush_mechanics.php [L]
RewriteRule ^indemnity$ src/pages/other/indemnity.php [L]
RewriteRule ^indemnity_waiver$ src/pages/other/indemnity_waiver.php [L]
RewriteRule ^basic_indemnity$ src/pages/other/basic_indemnity.php [L]
RewriteRule ^view_indemnity$ src/pages/other/view_indemnity.php [L]
# === ADMIN PAGES ===
RewriteRule ^admin_members$ src/admin/admin_members.php [L]
RewriteRule ^admin_payments$ src/admin/admin_payments.php [L]
RewriteRule ^admin_web_users$ src/admin/admin_web_users.php [L]
RewriteRule ^admin_events$ src/admin/admin_events.php [L]
RewriteRule ^admin_course_bookings$ src/admin/admin_course_bookings.php [L]
RewriteRule ^admin_camp_bookings$ src/admin/admin_camp_bookings.php [L]
RewriteRule ^admin_trip_bookings$ src/admin/admin_trip_bookings.php [L]
RewriteRule ^admin_visitors$ src/admin/admin_visitors.php [L]
RewriteRule ^admin_efts$ src/admin/admin_efts.php [L]
RewriteRule ^admin_trips$ src/admin/admin_trips.php [L]
RewriteRule ^manage_events$ src/admin/manage_events.php [L]
RewriteRule ^manage_trips$ src/admin/manage_trips.php [L]
# === API/AJAX ENDPOINTS ===
RewriteRule ^fetch_users$ src/api/fetch_users.php [L]
RewriteRule ^fetch_drinks$ src/api/fetch_drinks.php [L]
RewriteRule ^fetch_bar_tabs$ src/api/fetch_bar_tabs.php [L]
RewriteRule ^get_campsites$ src/api/get_campsites.php [L]
RewriteRule ^get_tab_total$ src/api/get_tab_total.php [L]
RewriteRule ^google_validate_login$ src/api/google_validate_login.php [L]
# === PROCESSORS ===
RewriteRule ^validate_login$ src/processors/validate_login.php [L]
RewriteRule ^register_user$ src/processors/register_user.php [L]
RewriteRule ^process_application$ src/processors/process_application.php [L]
RewriteRule ^process_booking$ src/processors/process_booking.php [L]
RewriteRule ^process_camp_booking$ src/processors/process_camp_booking.php [L]
RewriteRule ^process_course_booking$ src/processors/process_course_booking.php [L]
RewriteRule ^process_trip_booking$ src/processors/process_trip_booking.php [L]
RewriteRule ^process_membership_payment$ src/processors/process_membership_payment.php [L]
RewriteRule ^process_payments$ src/processors/process_payments.php [L]
RewriteRule ^process_eft$ src/processors/process_eft.php [L]
RewriteRule ^submit_order$ src/processors/submit_order.php [L]
RewriteRule ^submit_pop$ src/processors/submit_pop.php [L]
RewriteRule ^process_signature$ src/processors/process_signature.php [L]
RewriteRule ^create_bar_tab$ src/processors/create_bar_tab.php [L]
RewriteRule ^update_application$ src/processors/update_application.php [L]
RewriteRule ^update_user$ src/processors/update_user.php [L]
RewriteRule ^upload_profile_picture$ src/processors/upload_profile_picture.php [L]
RewriteRule ^send_reset_link$ src/processors/send_reset_link.php [L]
RewriteRule ^logout$ src/processors/logout.php [L]
RewriteRule ^process_trip$ src/processors/process_trip.php [L]
RewriteRule ^process_event$ src/processors/process_event.php [L]
RewriteRule ^toggle_trip_published$ src/processors/toggle_trip_published.php [L]
RewriteRule ^toggle_event_published$ src/processors/toggle_event_published.php [L]
RewriteRule ^delete_trip$ src/processors/delete_trip.php [L]
RewriteRule ^delete_event$ src/processors/delete_event.php [L]
RewriteRule ^save_album$ src/processors/save_album.php [L]
RewriteRule ^update_album$ src/processors/update_album.php [L]
RewriteRule ^delete_album$ src/processors/delete_album.php [L]
RewriteRule ^delete_photo$ src/processors/delete_photo.php [L]
RewriteRule ^get_album_photos$ src/processors/get_album_photos.php [L]
RewriteRule ^link_membership_user$ src/processors/link_membership_user.php [L]
RewriteRule ^unlink_membership_user$ src/processors/unlink_membership_user.php [L]
# Blog routes
RewriteRule ^admin_blogs$ src/pages/blog/admin_blogs.php [L]
RewriteRule ^user_blogs$ src/pages/blog/user_blogs.php [L]
RewriteRule ^blog_read$ src/pages/blog/blog_read.php [L]
RewriteRule ^blog_edit$ src/pages/blog/blog_edit.php [L]
RewriteRule ^blog_create$ src/processors/blog/blog_create.php [L]
RewriteRule ^blog_delete$ src/processors/blog/blog_delete.php [L]
RewriteRule ^publish_blog$ src/processors/blog/publish_blog.php [L]
RewriteRule ^blog_unpublish$ src/processors/blog/blog_unpublish.php [L]
RewriteRule ^submit_blog$ src/processors/blog/submit_blog.php [L]
RewriteRule ^upload_blog_image$ src/processors/blog/upload_blog_image.php [L]
RewriteRule ^autosave$ src/processors/blog/autosave.php [L]
</IfModule>
php_flag display_errors On
# php_value error_reporting -1
RedirectMatch 403 ^/\.well-known
Options -Indexes
<FilesMatch "\.(env|sql|bak|zip|tar|gz|ini)$">
Require all denied
</FilesMatch>
ErrorDocument 404 /404.php
<RequireAll>
Require all granted
Require not ip 4.222.252.98
Require not ip 4.222.252.97
</RequireAll>
<Files .env>
Order allow,deny
Deny from all
</Files>
# ALL CUSTOM ENTRIES SHOULD GO ABOVE THIS LINE
# BEGIN IWORX header
# This file was created by InterWorx-CP
# You may modify this file, but any changes made between
# BEGIN IWORX and END IWORX tags may be lost on future
# updates. Additionally, changes NOT made between these
# tags will not be recognized in the SiteWorx interface.
# END IWORX header
# BEGIN IWORX accesscontrol
# END IWORX accesscontrol
# BEGIN IWORX errordocs
# END IWORX errordocs
# BEGIN IWORX mimetypes
# END IWORX mimetypes
# BEGIN IWORX handlers
# END IWORX handlers
# BEGIN IWORX charset
# END IWORX charset
# BEGIN IWORX redirects
# END IWORX redirects
# BEGIN IWORX phpvars
# END IWORX phpvars
# BEGIN IWORX dirindex
# END IWORX dirindex
# BEGIN IWORX hotlink
# END IWORX hotlink
# BEGIN IWORX passwordprotection
# END IWORX passwordprotection

73
assets/css/notifications.css Normal file
View File

@@ -0,0 +1,73 @@
.notif-avatar-container {
position: relative;
display: inline-block;
}
.notif-badge {
position: absolute;
top: -6px;
right: -6px;
background: #e74c3c;
color: #fff;
border-radius: 50%;
min-width: 20px;
height: 20px;
padding: 0 6px;
font-size: 12px;
display: none;
line-height: 20px;
text-align: center;
box-sizing: border-box;
font-weight: 600;
}
.notif-panel {
position: absolute;
right: 10px;
top: 44px;
width: 320px;
background: #fff;
border: 1px solid #ddd;
box-shadow: 0 6px 20px rgba(0, 0, 0, 0.12);
z-index: 9999;
padding: 8px;
border-radius: 6px;
}
.notif-panel .notif-empty {
padding: 12px;
text-align: center;
color: #666;
}
.notif-item {
display: flex;
align-items: center;
padding: 8px;
border-bottom: 1px solid #f1f1f1;
}
.notif-item:last-child {
border-bottom: none;
}
.notif-item-avatar {
width: 36px;
height: 36px;
border-radius: 50%;
object-fit: cover;
margin-right: 8px;
}
.notif-item-body {
flex: 1;
}
.notif-item-title {
font-weight: 600;
font-size: 13px;
}
.notif-item-meta {
font-size: 11px;
color: #888;
}
.notif-close {
background: transparent;
border: 0;
color: #999;
font-weight: 700;
padding: 6px;
cursor: pointer;
}

103
assets/js/notifications_panel.js Normal file
View File

@@ -0,0 +1,103 @@
/* notifications.js - small admin notification panel
Requires jQuery. */
(function($){
function timeAgo(ts){
var seconds = Math.floor((Date.now() - (new Date(ts)).getTime())/1000);
if (seconds < 60) return seconds + 's ago';
var minutes = Math.floor(seconds/60);
if (minutes < 60) return minutes + 'm ago';
var hours = Math.floor(minutes/60);
if (hours < 24) return hours + 'h ago';
var days = Math.floor(hours/24);
return days + 'd ago';
}
function renderNotifications(list){
var $panel = $('#notif-panel');
$panel.empty();
if (!list || list.length === 0) {
$panel.append('<div class="notif-empty">No notifications</div>');
return;
}
list.forEach(function(n){
var actorAvatar = (n.data && n.data.actor_avatar) ? n.data.actor_avatar : 'assets/images/icons/user.png';
// Prefer the notification payload title (n.data.title). Do NOT fall back to the event string.
var title = (n.data && n.data.title) ? n.data.title : 'Notification';
var time = n.time_created || new Date().toISOString();
var read = (n.read_by && Array.isArray(n.read_by) && n.read_by.length>0);
var $item = $('<div class="notif-item" data-id="'+n.id+'">');
$item.append('<img class="notif-item-avatar" src="'+actorAvatar+'" alt="avatar">');
var $body = $('<div class="notif-item-body">');
$body.append('<div class="notif-item-title">'+escapeHtml(title)+'</div>');
$body.append('<div class="notif-item-meta">'+timeAgo(time)+'</div>');
$item.append($body);
$item.append('<button class="notif-close" title="Mark read">×</button>');
$panel.append($item);
});
}
function escapeHtml(str) {
if (!str) return '';
return String(str).replace(/[&<>"'`]/g, function(s){ return {'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":"&#39;",'`':'&#96;'}[s]; });
}
function fetchAndRender(adminId){
$.getJSON('/src/api/notifications.php', { action: 'fetch' }, function(resp){
if (resp && resp.success) {
renderNotifications(resp.notifications);
if (resp.unread_count && resp.unread_count > 0) {
$('#notif-badge').text(resp.unread_count).show();
} else {
$('#notif-badge').hide();
}
}
});
}
// Fetch only unread count (used on page load so badge shows without opening panel)
function fetchUnreadCount(){
$.getJSON('/src/api/notifications.php', { action: 'fetch' }, function(resp){
if (resp && resp.success) {
if (resp.unread_count && resp.unread_count > 0) {
$('#notif-badge').text(resp.unread_count).show();
} else {
$('#notif-badge').hide();
}
}
});
}
$(function(){
var $container = $('.notif-avatar-container');
if (!$container.length) return;
var adminId = $container.data('admin-id');
// ensure badge is populated on page load
fetchUnreadCount();
$container.on('click', function(e){
e.preventDefault();
$('#notif-panel').toggle();
if ($('#notif-panel').is(':visible')) fetchAndRender(adminId);
});
$(document).on('click', '.notif-close', function(e){
e.stopPropagation();
var $it = $(this).closest('.notif-item');
var id = $it.data('id');
if (!id) return;
$.post('/src/api/notifications.php', { action: 'mark_read', id: id }, function(resp){
if (resp && resp.success) {
$it.remove();
// refresh count
fetchAndRender(adminId);
}
}, 'json');
});
// click outside to close
$(document).on('click', function(e){
if (!$(e.target).closest('#notif-panel, .notif-avatar-container').length) {
$('#notif-panel').hide();
}
});
});
})(jQuery);

13
docs/migrations/006b_create_notifications_table.sql Normal file
View File

@@ -0,0 +1,13 @@
-- Migration: create notifications table (corrected: `read_by` nullable)
CREATE TABLE IF NOT EXISTS `notifications` (
`id` BIGINT PRIMARY KEY AUTO_INCREMENT,
`user_id` INT DEFAULT NULL,
`event` VARCHAR(100) NOT NULL,
`sub_feed` VARCHAR(100) DEFAULT NULL,
`data` TEXT DEFAULT NULL,
`target_url` VARCHAR(1024) DEFAULT NULL,
`read_by` TEXT DEFAULT NULL,
`time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
INDEX (`user_id`),
INDEX (`sub_feed`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

58
header.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* UNIFIED HEADER TEMPLATE
*
@@ -25,6 +26,7 @@ require_once($rootDir . "/src/config/env.php");
require_once($rootDir . "/src/config/session.php");
require_once($rootDir . "/src/config/connection.php");
require_once($rootDir . "/src/config/functions.php");
require_once($rootDir . "/src/helpers/notification_helper.php");
$is_logged_in = isset($_SESSION['user_id']);
if (isset($_SESSION['user_id'])) {
@@ -186,8 +188,7 @@ if ($headerStyle === 'light') {
background-color: #f8f8f8;
}
<?php if ($headerStyle === 'light'): ?>
.page-banner-area {
<?php if ($headerStyle === 'light'): ?>.page-banner-area {
position: relative;
background-size: cover;
background-position: center;
@@ -214,6 +215,7 @@ if ($headerStyle === 'light') {
position: relative;
z-index: 3;
}
<?php endif; ?>
</style>
@@ -283,13 +285,10 @@ if ($headerStyle === 'light') {
<ul>
<li><a href="admin_web_users">Website Users</a></li>
<li><a href="admin_members">4WDCSA Members</a></li>
<li><a href="admin_blogs">Manage Blogs</a></li>
<li><a href="admin_events">Manage Events</a></li>
<li><a href="admin_trips">Manage Trips</a></li>
<li><a href="admin_trip_bookings">Trip Bookings</a></li>
<li><a href="admin_course_bookings">Course Bookings</a></li>
<li><a href="admin_efts">EFT Payments</a></li>
<li><a href="process_payments">Process Payments</a></li>
<li><a href="admin_trips_events_courses">Trips, Events & Courses</a></li>
<li><a href="admin_bookings">Bookings</a></li>
<li><a href="admin_transactions">iKhokha Payment History</a></li>
<!-- <li><a href="process_payments">Process Payments</a></li> -->
<?php if ($role === 'superadmin') { ?>
<li><a href="admin_visitors">Visitor Log</a></li>
<?php } ?>
@@ -347,11 +346,19 @@ if ($headerStyle === 'light') {
<div class="profile-menu">
<div class="profile-info">
<span style="color: <?php echo $textColor; ?>;">Welcome, <?php echo $_SESSION['first_name']; ?></span>
<div class="notif-avatar-container" data-admin-id="<?php echo intval($_SESSION['user_id'] ?? 0); ?>">
<a href="account_settings">
<img src="<?php echo $_SESSION['profile_pic']; ?>?v=<?php echo time(); ?>" alt="Profile Picture" class="profile-pic">
</a>
<span id="notif-badge" class="notif-badge"></span>
</div>
<div id="notif-panel" class="notif-panel" style="display:none;"></div>
</div>
</div>
<?php if ($role === 'admin' || $role === 'superadmin') { ?>
<link rel="stylesheet" href="assets/css/notifications.css">
<script src="assets/js/notifications_panel.js" defer></script>
<?php } ?>
<?php else : ?>
<a href="login" class="theme-btn style-two bgc-secondary">
<span data-hover="Log In">Log In</span>
@@ -366,11 +373,44 @@ if ($headerStyle === 'light') {
<!--End Header Upper-->
</header>
<a href="https://wa.me/27790652795?text=Hi,%20I%20would%20like%20to%20know%20more%20about%20your%20club!"
class="whatsapp-float"
target="_blank"
aria-label="Chat on WhatsApp">
<i class="fab fa-whatsapp"></i>
</a>
<style>
.whatsapp-float {
position: fixed;
bottom: 20px;
right: 20px;
width: 60px;
height: 60px;
background-color: #25D366;
color: white;
border-radius: 50%;
text-align: center;
font-size: 30px;
line-height: 60px;
box-shadow: 2px 2px 10px rgba(0, 0, 0, 0.3);
z-index: 1000;
}
.whatsapp-float:hover {
background-color: #1ebe5d;
}
</style>
<script>
document.addEventListener('DOMContentLoaded', function() {
const profileInfo = document.querySelector('.profile-info');
if (profileInfo) {
profileInfo.addEventListener('click', function(event) {
// Ignore clicks on the notifications avatar so the notif panel
// can handle its own toggle without also toggling the profile dropdown.
if (event.target.closest && event.target.closest('.notif-avatar-container')) return;
const dropdownMenu = document.querySelector('.dropdown-menu2');
if (dropdownMenu) {
dropdownMenu.style.display = dropdownMenu.style.display === 'block' ? 'none' : 'block';

5
index.php
View File

@@ -90,7 +90,7 @@ if (!empty($bannerImages)) {
<div style="padding-top: 50px; padding-bottom: 50px;">
<img style="width: 250px; margin-bottom: 20px;" src="assets/images/logos/weblogo2.png" alt="Logo">
<h1 class="hero-title" data-aos="flip-up" data-aos-delay="50" data-aos-duration="1500" data-aos-offset="50">
Welcome to<br>the 4 Wheel Drive Club<br>of Southern Africa
Welcome to<br>the Four Wheel Drive Club<br>of Southern Africa
</h1>
<a href="membership.php" class="theme-btn style-two bgc-secondary" style="margin-top: 20px; background-color: #e90000; padding: 10px 20px; color: white; text-decoration: none; border-radius: 25px;">
<span data-hover="Become a Member">Become a Member</span>
@@ -180,8 +180,6 @@ if (countUpcomingTrips() > 0) { ?>
}
?>
<!-- About Us Area start -->
<section class="about-us-area py-100 rpb-90 rel z-1">
<div class="container">
@@ -305,7 +303,6 @@ if (countUpcomingTrips() > 0) { ?>
</section>
<!-- Features Area end -->
<!-- Hotel Area start -->
<section class="hotel-area bgc-black py-100 rel z-1">
<div class="container-fluid">

176
progress.log
View File

@@ -1,48 +1,128 @@
[2025-12-14 16:27:25] Testing Log Entry at 2025-12-14 16:27:25
[2025-12-14 16:28:03] Testing Log Entry at 2025-12-14 16:28:03
[2025-12-14 16:28:18] Testing Log Entry at 2025-12-14 16:28:18
[2025-12-14 18:30:36] --- iKhokha WEBHOOK DEBUG ---
[2025-12-14 18:30:36] PATH: /src/api/ikhokha_webhook.php
[2025-12-14 18:30:36] RAW BODY: {"paylinkID":"cwm225jy497j0qc","status":"SUCCESS","externalTransactionID":"693ee604c8e38","responseCode":"00","text":null}
[2025-12-14 18:30:36] IK-SIGN: 3a2b8c9da4f1aff63c011adec10552450c5b6605f587e82ab1272914715fd4cf
[2025-12-14 18:30:36] iKhokha webhook: signature mismatch
[2025-12-14 18:30:36] EXPECTED SIGN: f8356ee6b609e9bd44221fa71851b06171bbb7523c52dca4bde605e3bd93f654
[2025-12-14 18:30:37] --- iKhokha WEBHOOK DEBUG ---
[2025-12-14 18:30:37] PATH: /src/api/ikhokha_webhook.php
[2025-12-14 18:30:37] RAW BODY: {"paylinkID":"cwm225jy497j0qc","status":"SUCCESS","externalTransactionID":"693ee604c8e38","responseCode":"00","text":null}
[2025-12-14 18:30:37] IK-SIGN: 3a2b8c9da4f1aff63c011adec10552450c5b6605f587e82ab1272914715fd4cf
[2025-12-14 18:30:37] iKhokha webhook: signature mismatch
[2025-12-14 18:30:37] EXPECTED SIGN: f8356ee6b609e9bd44221fa71851b06171bbb7523c52dca4bde605e3bd93f654
[2025-12-14 18:36:19] --- iKhokha WEBHOOK DEBUG ---
[2025-12-14 18:36:19] PATH: /api/ikhokha_webhook.php
[2025-12-14 18:36:19] RAW BODY: {"paylinkID":"xx6225jyhx6x5n1","status":"SUCCESS","externalTransactionID":"693ee75cec963","responseCode":"00","text":null}
[2025-12-14 18:36:19] IK-SIGN: 8fb11ceb8ea6b2cd6fec1773719927889f02764b0f04ad3c8543edbc9f74cf43
[2025-12-14 18:36:19] iKhokha webhook: signature mismatch
[2025-12-14 18:36:19] EXPECTED SIGN: 7a594957e7dc8775a6f9e1f8e3a1292f4dcd10268facaec57735f937b1cd9949
[2025-12-14 18:36:19] --- iKhokha WEBHOOK DEBUG ---
[2025-12-14 18:36:19] PATH: /api/ikhokha_webhook.php
[2025-12-14 18:36:19] RAW BODY: {"paylinkID":"xx6225jyhx6x5n1","status":"SUCCESS","externalTransactionID":"693ee75cec963","responseCode":"00","text":null}
[2025-12-14 18:36:19] IK-SIGN: 8fb11ceb8ea6b2cd6fec1773719927889f02764b0f04ad3c8543edbc9f74cf43
[2025-12-14 18:36:19] iKhokha webhook: signature mismatch
[2025-12-14 18:36:19] EXPECTED SIGN: 7a594957e7dc8775a6f9e1f8e3a1292f4dcd10268facaec57735f937b1cd9949
[2025-12-14 18:55:49] --- iKhokha WEBHOOK DEBUG ---
[2025-12-14 18:55:49] RAW BODY: {"paylinkID":"433225jzs9rvk5n","status":"SUCCESS","externalTransactionID":"693eebf1a9f75","responseCode":"00","text":null}
[2025-12-14 18:55:49] IK-SIGN: 5cb01840f3516c964bdffc34cb1da41130bd668deffc2e4ea5a9f4cbb89b9807
[2025-12-14 18:55:49] SIGN BASE STRING: | CONTEXT: https://beta.4wdcsa.co.za/src/api/ikhokha_webhook.php{"paylinkID":"433225jzs9rvk5n","status":"SUCCESS","externalTransactionID":"693eebf1a9f75","responseCode":"00","text":null}
[2025-12-14 18:55:49] iKhokha webhook: signature mismatch
[2025-12-14 18:55:49] EXPECTED SIGN: 75c491d05ac5006b3ad4fcec20c870e860a66ea03ed5a3e8900d6e29cd601445
[2025-12-14 18:55:49] RECEIVED SIGN: 5cb01840f3516c964bdffc34cb1da41130bd668deffc2e4ea5a9f4cbb89b9807
[2025-12-14 18:55:49] --- iKhokha WEBHOOK DEBUG ---
[2025-12-14 18:55:49] RAW BODY: {"paylinkID":"433225jzs9rvk5n","status":"SUCCESS","externalTransactionID":"693eebf1a9f75","responseCode":"00","text":null}
[2025-12-14 18:55:49] IK-SIGN: 5cb01840f3516c964bdffc34cb1da41130bd668deffc2e4ea5a9f4cbb89b9807
[2025-12-14 18:55:49] SIGN BASE STRING: | CONTEXT: https://beta.4wdcsa.co.za/src/api/ikhokha_webhook.php{"paylinkID":"433225jzs9rvk5n","status":"SUCCESS","externalTransactionID":"693eebf1a9f75","responseCode":"00","text":null}
[2025-12-14 18:55:49] iKhokha webhook: signature mismatch
[2025-12-14 18:55:49] EXPECTED SIGN: 75c491d05ac5006b3ad4fcec20c870e860a66ea03ed5a3e8900d6e29cd601445
[2025-12-14 18:55:49] RECEIVED SIGN: 5cb01840f3516c964bdffc34cb1da41130bd668deffc2e4ea5a9f4cbb89b9807
[2025-12-14 20:15:55] --- iKhokha WEBHOOK DEBUG ---
[2025-12-14 20:15:55] RAW BODY: {"paylinkID":"ys5225k4z56x0mm","status":"SUCCESS","externalTransactionID":"693efeaca71a9","responseCode":"00","text":null}
[2025-12-14 20:15:55] IK-SIGN: bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557
[2025-12-14 20:15:55] ⚠️ IKHOKHA SIGNATURE CHECK BYPASSED
[2025-12-14 20:15:55] Parsed externalTransactionID: 693efeaca71a9
[2025-12-14 20:15:55] Parsed providerPaymentId: ys5225k4z56x0mm
[2025-12-14 20:15:55] Parsed providerStatus: SUCCESS
[2025-12-15 12:32:19] AJAX BLOCK ENTERED
[2025-12-15 12:32:19] startDate=2025-10-16
[2025-12-15 12:32:19] endDate=2025-12-15
[2025-12-15 12:32:19] APP ID present: YES
[2025-12-15 12:32:19] APP SECRET present: YES
[2025-12-15 12:32:19] PAYLOAD: https://api.ikhokha.com/public-api/v1/api/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:32:19] IK-SIGN: ced35ab201ad54e8f8b5935d2778c4ec7e75af0102d40d9c4515f8118ca8b5dd
[2025-12-15 12:32:19] CURL HTTP CODE: 422
[2025-12-15 12:32:19] CURL ERROR: none
[2025-12-15 12:32:19] RAW RESPONSE: {"error":"Invalid Signature"}
[2025-12-15 12:33:31] AJAX BLOCK ENTERED
[2025-12-15 12:33:31] startDate=2025-10-16
[2025-12-15 12:33:31] endDate=2025-12-15
[2025-12-15 12:33:31] APP ID present: YES
[2025-12-15 12:33:31] APP SECRET present: YES
[2025-12-15 12:33:31] IKHOKHA PAYLOAD (FULL URL): https://api.ikhokha.com/public-api/v1/api/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:33:31] IKHOKHA IK-SIGN: ced35ab201ad54e8f8b5935d2778c4ec7e75af0102d40d9c4515f8118ca8b5dd
[2025-12-15 12:33:31] CURL HTTP CODE: 422
[2025-12-15 12:33:31] CURL ERROR: none
[2025-12-15 12:33:31] RAW RESPONSE: {"error":"Invalid Signature"}
[2025-12-15 12:33:59] AJAX BLOCK ENTERED
[2025-12-15 12:33:59] startDate=2025-10-16
[2025-12-15 12:33:59] endDate=2025-12-15
[2025-12-15 12:33:59] APP ID present: YES
[2025-12-15 12:33:59] APP SECRET present: YES
[2025-12-15 12:33:59] IKHOKHA PAYLOAD (FULL URL): https://api.ikhokha.com/public-api/v1/api/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:33:59] IKHOKHA IK-SIGN: ced35ab201ad54e8f8b5935d2778c4ec7e75af0102d40d9c4515f8118ca8b5dd
[2025-12-15 12:34:00] CURL HTTP CODE: 422
[2025-12-15 12:34:00] CURL ERROR: none
[2025-12-15 12:34:00] RAW RESPONSE: {"error":"Invalid Signature"}
[2025-12-15 12:37:06] AJAX BLOCK ENTERED
[2025-12-15 12:37:06] startDate=2025-10-16
[2025-12-15 12:37:06] endDate=2025-12-15
[2025-12-15 12:37:06] APP ID present: YES
[2025-12-15 12:37:06] APP SECRET present: YES
[2025-12-15 12:37:06] IKHOKHA ENDPOINT (REQUEST): https://api.ikhokha.com/public-api/v1/api/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:37:06] IKHOKHA PAYLOAD (SIGNED): https://api.ikhokha.com/public-api/v1/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:37:06] IKHOKHA IK-SIGN: 418e48921e566e5804b58f65e1ca4a28dba4d69de3611d1cf7f90f865490f42d
[2025-12-15 12:37:06] CURL HTTP CODE: 422
[2025-12-15 12:37:06] CURL ERROR: none
[2025-12-15 12:37:06] RAW RESPONSE: {"error":"Invalid Signature"}
[2025-12-15 12:56:21] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:56:21] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:56:37] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:56:37] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:57:04] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:57:04] 13e6e02a7ccad937bc27b31038373d48d8ba2700a7ba8d9a7a2e4f9b07378692 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:57:30] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:57:30] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:57:32] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:57:32] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:57:34] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:57:34] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:58:00] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA Endpoint
[2025-12-15 12:58:00] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:58:00] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:58:04] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA Endpoint
[2025-12-15 12:58:04] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:58:04] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:58:17] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 12:58:17] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:58:17] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 12:58:48] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 12:58:48] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 12:58:48] 13e6e02a7ccad937bc27b31038373d48d8ba2700a7ba8d9a7a2e4f9b07378692 | CONTEXT: IKHOKHA Signature
[2025-12-15 13:00:13] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 13:00:13] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:00:13] 13e6e02a7ccad937bc27b31038373d48d8ba2700a7ba8d9a7a2e4f9b07378692 | CONTEXT: IKHOKHA Signature
[2025-12-15 13:00:29] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 13:00:29] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:00:29] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 13:03:10] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 13:03:10] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:03:10] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 13:03:19] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 13:03:19] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:03:19] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 13:05:51] bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557 | CONTEXT: IKHOKHA Signature from Webhook
[2025-12-15 13:05:51] "{\"paylinkID\":\"ys5225k4z56x0mm\",\"status\":\"SUCCESS\",\"externalTransactionID\":\"693efeaca71a9\",\"responseCode\":\"00\",\"text\":null}" | CONTEXT: IKHOKHA Stringified Body
[2025-12-15 13:06:29] bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557 | CONTEXT: IKHOKHA Signature from Webhook
[2025-12-15 13:06:29] "{\"paylinkID\":\"ys5225k4z56x0mm\",\"status\":\"SUCCESS\",\"externalTransactionID\":\"693efeaca71a9\",\"responseCode\":\"00\",\"text\":null}" | CONTEXT: IKHOKHA Stringified Body
[2025-12-15 13:06:29] /src/api/ikhokha_webhook.php\"{\\"paylinkID\\":\\"ys5225k4z56x0mm\\",\\"status\\":\\"SUCCESS\\",\\"externalTransactionID\\":\\"693efeaca71a9\\",\\"responseCode\\":\\"00\\",\\"text\\":null}\" | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:06:29] 43a6a56af31c276174953e115eb41402f12969fedab5b673dd34327cd7135a75 | CONTEXT: IKHOKHA Generated Signature
[2025-12-15 13:06:42] bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557 | CONTEXT: IKHOKHA Signature from Webhook
[2025-12-15 13:06:42] {"paylinkID":"ys5225k4z56x0mm","status":"SUCCESS","externalTransactionID":"693efeaca71a9","responseCode":"00","text":null} | CONTEXT: IKHOKHA Stringified Body
[2025-12-15 13:06:42] /src/api/ikhokha_webhook.php\"{\\"paylinkID\\":\\"ys5225k4z56x0mm\\",\\"status\\":\\"SUCCESS\\",\\"externalTransactionID\\":\\"693efeaca71a9\\",\\"responseCode\\":\\"00\\",\\"text\\":null}\" | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:06:42] 43a6a56af31c276174953e115eb41402f12969fedab5b673dd34327cd7135a75 | CONTEXT: IKHOKHA Generated Signature
[2025-12-15 13:07:09] bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557 | CONTEXT: IKHOKHA Signature from Webhook
[2025-12-15 13:07:09] {"paylinkID":"ys5225k4z56x0mm","status":"SUCCESS","externalTransactionID":"693efeaca71a9","responseCode":"00","text":null} | CONTEXT: IKHOKHA Stringified Body
[2025-12-15 13:07:09] /src/api/ikhokha_webhook.php\"{\\"paylinkID\\":\\"ys5225k4z56x0mm\\",\\"status\\":\\"SUCCESS\\",\\"externalTransactionID\\":\\"693efeaca71a9\\",\\"responseCode\\":\\"00\\",\\"text\\":null}\" | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:07:09] 43a6a56af31c276174953e115eb41402f12969fedab5b673dd34327cd7135a75 | CONTEXT: IKHOKHA Generated Signature
[2025-12-15 13:09:39] bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557 | CONTEXT: IKHOKHA Signature from Webhook
[2025-12-15 13:19:12] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 13:19:12] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:19:12] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 13:36:28] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 13:36:28] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:36:28] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 13:36:54] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 13:36:54] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 13:36:54] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 15:41:25] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 15:41:25] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 15:41:25] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 15:43:53] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 15:43:53] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 15:43:53] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 15:44:29] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 15:44:29] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 15:44:29] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 15:46:02] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 15:46:02] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 15:46:02] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 15:47:46] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 15:47:46] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 15:47:46] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 15:47:51] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 15:47:51] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 15:47:51] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-15 15:48:43] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-15 15:48:43] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-15 15:48:43] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-16 22:38:31] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-16 22:38:31] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-16 22:38:31] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature
[2025-12-17 12:35:13] IKFLESZTKFM4HWWS76131L8HK9BYF96P | CONTEXT: IKHOKHA App ID
[2025-12-17 12:35:13] /public-api/v1/api/payments/history | CONTEXT: IKHOKHA Payload to Sign
[2025-12-17 12:35:13] b3b592829090d2cfd0912ccbdec73db18742088d01a2d2bee9f0eacdf37a6b26 | CONTEXT: IKHOKHA Signature

56
src/admin/_admin_tx_debug.log Normal file
View File

@@ -0,0 +1,56 @@
[2025-12-15 12:28:42] FILE HIT
[2025-12-15 12:28:42] AJAX BLOCK ENTERED
[2025-12-15 12:28:42] startDate=2025-10-16
[2025-12-15 12:28:42] endDate=2025-12-15
[2025-12-15 12:28:42] APP ID present: YES
[2025-12-15 12:28:42] APP SECRET present: YES
[2025-12-15 12:28:42] PAYLOAD: /public-api/v1/api/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:28:42] IK-SIGN: 3d610c60c8306cd1d5c99b2639f0e810594f8ffb9306a98d703f691173dab47d
[2025-12-15 12:28:44] CURL HTTP CODE: 422
[2025-12-15 12:28:44] CURL ERROR: none
[2025-12-15 12:28:44] RAW RESPONSE: {"error":"Invalid Signature"}
[2025-12-15 12:28:51] FILE HIT
[2025-12-15 12:28:51] AJAX BLOCK ENTERED
[2025-12-15 12:28:51] startDate=2025-10-16
[2025-12-15 12:28:51] endDate=2025-12-15
[2025-12-15 12:28:51] APP ID present: YES
[2025-12-15 12:28:51] APP SECRET present: YES
[2025-12-15 12:28:51] PAYLOAD: /public-api/v1/api/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:28:51] IK-SIGN: 3d610c60c8306cd1d5c99b2639f0e810594f8ffb9306a98d703f691173dab47d
[2025-12-15 12:28:51] CURL HTTP CODE: 422
[2025-12-15 12:28:51] CURL ERROR: none
[2025-12-15 12:28:51] RAW RESPONSE: {"error":"Invalid Signature"}
[2025-12-15 12:30:54] FILE HIT
[2025-12-15 12:30:54] AJAX BLOCK ENTERED
[2025-12-15 12:30:54] startDate=2025-10-16
[2025-12-15 12:30:54] endDate=2025-12-15
[2025-12-15 12:30:54] APP ID present: YES
[2025-12-15 12:30:54] APP SECRET present: YES
[2025-12-15 12:30:54] PAYLOAD: https://api.ikhokha.com/public-api/v1/api/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:30:54] IK-SIGN: ced35ab201ad54e8f8b5935d2778c4ec7e75af0102d40d9c4515f8118ca8b5dd
[2025-12-15 12:30:55] CURL HTTP CODE: 422
[2025-12-15 12:30:55] CURL ERROR: none
[2025-12-15 12:30:55] RAW RESPONSE: {"error":"Invalid Signature"}
[2025-12-15 12:31:13] FILE HIT
[2025-12-15 12:31:13] AJAX BLOCK ENTERED
[2025-12-15 12:31:13] startDate=2025-10-16
[2025-12-15 12:31:13] endDate=2025-12-15
[2025-12-15 12:31:13] APP ID present: YES
[2025-12-15 12:31:13] APP SECRET present: YES
[2025-12-15 12:31:13] PAYLOAD: https://api.ikhokha.com/public-api/v1/api/payments/history?startDate=2025-10-16&endDate=2025-12-15
[2025-12-15 12:31:13] IK-SIGN: ced35ab201ad54e8f8b5935d2778c4ec7e75af0102d40d9c4515f8118ca8b5dd
[2025-12-15 12:31:13] CURL HTTP CODE: 422
[2025-12-15 12:31:13] CURL ERROR: none
[2025-12-15 12:31:13] RAW RESPONSE: {"error":"Invalid Signature"}
[2025-12-15 12:31:21] FILE HIT
[2025-12-15 12:31:47] FILE HIT
[2025-12-15 12:31:47] FILE HIT
[2025-12-15 12:31:58] FILE HIT
[2025-12-15 12:32:18] FILE HIT
[2025-12-15 12:32:19] FILE HIT
[2025-12-15 12:33:30] FILE HIT
[2025-12-15 12:33:31] FILE HIT
[2025-12-15 12:33:59] FILE HIT
[2025-12-15 12:33:59] FILE HIT
[2025-12-15 12:37:05] FILE HIT
[2025-12-15 12:37:06] FILE HIT

230
src/admin/admin_bookings.php Normal file
View File

@@ -0,0 +1,230 @@
<?php
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
checkAdmin();
// Ensure $conn is available; show a friendly message if DB is down
$conn = $conn ?? null;
if (!$conn) {
// Render a simple error notice inside the page layout and stop further DB queries
echo '<section class="tour-list-page py-10 rel z-1">\n <div class="container">\n <div class="alert alert-danger">Database connection unavailable. Please check your configuration and logs.</div>\n </div>\n</section>';
include_once($rootPath . '/components/insta_footer.php');
// Stop execution to prevent subsequent fatal errors from using $conn
exit;
}
?>
<style>
/* Shared table and tab styles */
.admin-tabs { text-align: center; display: flex; margin-bottom: 20px; margin-top: 20px; }
.admin-tab { padding: 10px 30px; margin-right: 20px; cursor: pointer; border: 2px solid; border-radius: 50px; background: none; font-size: 18px; color: #484848; }
.admin-tab.active { color: white; background: #63ab45; font-weight: bold; }
.tab-content { display: none; }
.tab-content.active { display: block; }
table { width: 100%; border-collapse: separate; border-spacing: 0; margin: 10px 0; }
thead th { cursor: pointer; text-align: left; padding: 10px; font-weight: bold; position: relative; }
thead th::after { content: '\25B2'; font-size: 0.8em; position: absolute; right: 10px; opacity: 0; transition: opacity 0.2s; }
thead th.asc::after { content: '\25B2'; opacity: 1; }
thead th.desc::after { content: '\25BC'; opacity: 1; }
tbody tr:nth-child(odd) { background-color: transparent; }
tbody tr:nth-child(even) { background-color: rgb(255, 255, 255); border-radius: 10px; }
tbody td { padding: 5px; }
tbody tr:nth-child(even) td:first-child { border-top-left-radius: 10px; border-bottom-left-radius: 10px; }
tbody tr:nth-child(even) td:last-child { border-top-right-radius: 10px; border-bottom-right-radius: 10px; }
.filter-input { width: 100%; padding: 5px; font-size: 16px; background-color: rgb(255, 255, 255); border-radius: 25px; }
.trip-booking { color: #484848; background: #f9f9f7; border: 1px solid #d8d8d8; border-radius: 10px; margin-top: 15px; margin-bottom: 15px; }
</style>
<script>
document.addEventListener("DOMContentLoaded", function() {
// Tab switching
const tabs = document.querySelectorAll('.admin-tab');
const contents = document.querySelectorAll('.tab-content');
tabs.forEach((tab, idx) => {
tab.addEventListener('click', function() {
tabs.forEach(t => t.classList.remove('active'));
contents.forEach(c => c.classList.remove('active'));
tab.classList.add('active');
contents[idx].classList.add('active');
});
});
// Table sorting/filtering (same as before)
document.querySelectorAll("table").forEach((table) => {
const headers = table.querySelectorAll("thead th");
const rows = Array.from(table.querySelectorAll("tbody tr"));
const filterInput = table.previousElementSibling;
headers.forEach((header, index) => {
header.addEventListener("click", () => {
const sortedRows = rows.sort((a, b) => {
const aText = a.cells[index].textContent.trim().toLowerCase();
const bText = b.cells[index].textContent.trim().toLowerCase();
if (aText < bText) return -1;
if (aText > bText) return 1;
return 0;
});
if (header.classList.contains("asc")) {
header.classList.remove("asc");
header.classList.add("desc");
sortedRows.reverse();
} else {
headers.forEach(h => h.classList.remove("asc", "desc"));
header.classList.add("asc");
}
const tbody = table.querySelector("tbody");
tbody.innerHTML = "";
sortedRows.forEach(row => tbody.appendChild(row));
});
});
if (rows.length === 0) {
filterInput.style.display = "none";
} else {
filterInput.addEventListener("input", function() {
const filterValue = filterInput.value.trim().toLowerCase();
rows.forEach(row => {
const rowText = row.textContent.trim().toLowerCase();
row.style.display = rowText.includes(filterValue) ? "" : "none";
});
});
}
});
});
</script>
<?php
$pageTitle = 'Manage Bookings';
$breadcrumbs = [['Home' => 'index']];
require_once($rootPath . '/components/banner.php');
?>
<section class="tour-list-page py-10 rel z-1">
<div class="container">
<div class="admin-tabs">
<button class="admin-tab active">Trip Bookings</button>
<button class="admin-tab">Course Bookings</button>
<button class="admin-tab">Camp Bookings</button>
</div>
<div class="tab-content active">
<?php // Trip Bookings Tab
$tripsSql = "SELECT trip_id, trip_name FROM trips";
$tripsResult = $conn->query($tripsSql);
if ($tripsResult && $tripsResult->num_rows > 0) {
while ($trip = $tripsResult->fetch_assoc()) {
$tripId = $trip['trip_id'];
$tripName = htmlspecialchars($trip['trip_name']);
echo "<div class='trip-booking' data-aos='fade-up' data-aos-duration='1500' data-aos-offset='50'>";
echo "<div style='padding:10px;'>";
echo "<h4>{$tripName}</h4>";
$bookingsSql = "SELECT b.user_id, b.num_vehicles, b.num_adults, b.num_children, b.num_pensioners, b.radio, b.status, u.first_name, u.last_name, u.profile_pic, (b.total_amount - b.discount_amount) AS paid FROM bookings b INNER JOIN users u ON b.user_id = u.user_id WHERE b.trip_id = ?";
$stmt = $conn->prepare($bookingsSql);
$stmt->bind_param('i', $tripId);
$stmt->execute();
$bookingsResult = $stmt->get_result();
if ($bookingsResult->num_rows > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter results...">';
echo '<table><thead><tr><th></th><th>Name</th><th>Vehicles</th><th>Adults</th><th>Children</th><th>Pensioners</th><th>Radio</th><th>Status</th><th>Amount</th></tr></thead><tbody>';
while ($booking = $bookingsResult->fetch_assoc()) {
$userName = htmlspecialchars($booking['first_name'] . ' ' . $booking['last_name']);
$numVehicles = htmlspecialchars($booking['num_vehicles']);
$numAdults = htmlspecialchars($booking['num_adults']);
$numPensioners = htmlspecialchars($booking['num_pensioners']);
$numChildren = htmlspecialchars($booking['num_children']);
$radio = $booking['radio'] == 1 ? "YES" : "NO";
$status = htmlspecialchars($booking['status']);
$paid = "R " . number_format($booking['paid'], 2);
echo "<tr><td><img src='".$booking['profile_pic']."' alt='Profile Picture' class='profile-pic'></td><td>{$userName}</td><td>{$numVehicles}</td><td>{$numAdults}</td><td>{$numChildren}</td><td>{$numPensioners}</td><td>{$radio}</td><td>{$status}</td><td>{$paid}</td></tr>";
}
echo '</tbody></table>';
} else {
echo '<p>No bookings found for this trip.</p>';
}
echo "</div></div>";
}
} else {
echo '<p>No trips found.</p>';
}
?>
</div>
<div class="tab-content">
<?php // Course Bookings Tab
$courseSql = "SELECT date, course_id, course_type FROM courses";
$courseResult = $conn->query($courseSql);
if ($courseResult && $courseResult->num_rows > 0) {
while ($course = $courseResult->fetch_assoc()) {
$course_id = $course['course_id'];
$date = $course['date'];
$type = htmlspecialchars($course['course_type']);
if ($type === "driver_training") {
$course_name = "Basic 4X4 Driver Training Course ".$date;
} elseif ($type === "bush_mechanics") {
$course_name = "Bush Mechanics Course ".$date;
} elseif ($type === "rescue_recovery") {
$course_name = "Rescue & Recovery Training Course ".$date;
} else {
$course_name = "General Course ".$date;
}
echo "<div class='trip-booking' data-aos='fade-up' data-aos-duration='1500' data-aos-offset='50'>";
echo "<div style='padding:10px;'>";
echo "<h4>{$course_name}</h4>";
$bookingsSql = "SELECT b.user_id, b.num_adults, b.total_amount, b.status, b.course_non_members, u.first_name, u.last_name, u.profile_pic FROM bookings b INNER JOIN users u ON b.user_id = u.user_id WHERE b.course_id = ?";
if ($stmt = $conn->prepare($bookingsSql)) {
$stmt->bind_param('i', $course_id);
$stmt->execute();
$bookingsResult = $stmt->get_result();
} else {
echo "Error in prepared statement: " . $conn->error;
}
if ($bookingsResult && $bookingsResult->num_rows > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter results...">';
echo '<table><thead><tr><th></th><th>Name</th><th>Members</th><th>Non-Members</th><th>Status</th><th>Amount</th></tr></thead><tbody>';
while ($booking = $bookingsResult->fetch_assoc()) {
$userName = htmlspecialchars($booking['first_name'] . ' ' . $booking['last_name']);
$members = htmlspecialchars($booking['num_adults']);
$non_members = htmlspecialchars($booking['course_non_members']);
$status = htmlspecialchars($booking['status']);
$paid = "R " . number_format($booking['total_amount'], 2);
echo "<tr><td><img src='".$booking['profile_pic']."' alt='Profile Picture' class='profile-pic'></td><td>{$userName}</td><td>{$members}</td><td>{$non_members}</td><td>{$status}</td><td>{$paid}</td></tr>";
}
echo '</tbody></table>';
} else {
echo '<p>No bookings found for this course.</p>';
}
echo "</div></div>";
}
} else {
echo '<p>No courses found.</p>';
}
?>
</div>
<div class="tab-content">
<?php // Camp Bookings Tab
echo "<div class='trip-booking' data-aos='fade-up' data-aos-duration='1500' data-aos-offset='50'>";
echo "<div style='padding:10px;'>";
echo "<h4>BASE4 Camping</h4>";
$bookingsSql = "SELECT b.user_id, b.from_date, b.to_date, b.num_vehicles, b.num_adults, b.num_children, b.add_firewood, b.status, u.first_name, u.last_name, (b.total_amount - b.discount_amount) AS paid FROM bookings b INNER JOIN users u ON b.user_id = u.user_id WHERE b.booking_type = 'camping'";
$stmt = $conn->prepare($bookingsSql);
$stmt->execute();
$bookingsResult = $stmt->get_result();
if ($bookingsResult && $bookingsResult->num_rows > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter results...">';
echo '<table><thead><tr><th>Name</th><th>From</th><th>To</th><th>Vehicles</th><th>Adults</th><th>Children</th><th>Add Firewood</th><th>Status</th><th>Amount</th></tr></thead><tbody>';
while ($booking = $bookingsResult->fetch_assoc()) {
$userName = htmlspecialchars($booking['first_name'] . ' ' . $booking['last_name']);
$numVehicles = htmlspecialchars($booking['num_vehicles']);
$from = htmlspecialchars($booking['from_date']);
$to = htmlspecialchars($booking['to_date']);
$numAdults = htmlspecialchars($booking['num_adults']);
$numChildren = htmlspecialchars($booking['num_children']);
$radio = $booking['add_firewood'] == 1 ? "YES" : "NO";
$status = htmlspecialchars($booking['status']);
$paid = "R " . number_format($booking['paid'], 2);
echo "<tr><td>{$userName}</td><td>{$from}</td><td>{$to}</td><td>{$numVehicles}</td><td>{$numAdults}</td><td>{$numChildren}</td><td>{$radio}</td><td>{$status}</td><td>{$paid}</td></tr>";
}
echo '</tbody></table>';
} else {
echo '<p>No bookings found for this trip.</p>';
}
echo "</div></div>";
?>
</div>
</div>
</section>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

227
src/admin/admin_camp_bookings.php
View File

@@ -1,227 +0,0 @@
<?php
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
checkAdmin();
?>
<style>
table {
width: 100%;
border-collapse: separate;
border-spacing: 0;
margin: 10px 0;
}
thead th {
cursor: pointer;
text-align: left;
padding: 10px;
font-weight: bold;
position: relative;
}
thead th::after {
content: '\25B2';
/* Up arrow */
font-size: 0.8em;
position: absolute;
right: 10px;
opacity: 0;
transition: opacity 0.2s;
}
thead th.asc::after {
content: '\25B2';
/* Up arrow */
opacity: 1;
}
thead th.desc::after {
content: '\25BC';
/* Down arrow */
opacity: 1;
}
tbody tr:nth-child(odd) {
background-color: transparent;
}
tbody tr:nth-child(even) {
background-color: rgb(255, 255, 255);
border-radius: 10px;
}
tbody td {
padding: 5px;
}
tbody tr:nth-child(even) td:first-child {
border-top-left-radius: 10px;
border-bottom-left-radius: 10px;
}
tbody tr:nth-child(even) td:last-child {
border-top-right-radius: 10px;
border-bottom-right-radius: 10px;
}
.filter-input {
width: 100%;
padding: 5px;
/* margin-bottom: 20px; */
font-size: 16px;
background-color: rgb(255, 255, 255);
border-radius: 25px;
}
.trip-booking {
color: #484848;
background: #f9f9f7;
border: 1px solid #d8d8d8;
border-radius: 10px;
margin-top: 15px;
margin-bottom: 15px;
}
</style>
<script>
document.addEventListener("DOMContentLoaded", function() {
const tables = document.querySelectorAll("table");
tables.forEach((table) => {
const headers = table.querySelectorAll("thead th");
const rows = Array.from(table.querySelectorAll("tbody tr"));
const filterInput = table.previousElementSibling;
headers.forEach((header, index) => {
header.addEventListener("click", () => {
const sortedRows = rows.sort((a, b) => {
const aText = a.cells[index].textContent.trim().toLowerCase();
const bText = b.cells[index].textContent.trim().toLowerCase();
if (aText < bText) return -1;
if (aText > bText) return 1;
return 0;
});
if (header.classList.contains("asc")) {
header.classList.remove("asc");
header.classList.add("desc");
sortedRows.reverse();
} else {
headers.forEach(h => h.classList.remove("asc", "desc"));
header.classList.add("asc");
}
const tbody = table.querySelector("tbody");
tbody.innerHTML = "";
sortedRows.forEach(row => tbody.appendChild(row));
});
});
if (rows.length === 0) {
filterInput.style.display = "none";
} else {
filterInput.addEventListener("input", function() {
const filterValue = filterInput.value.trim().toLowerCase();
rows.forEach(row => {
const rowText = row.textContent.trim().toLowerCase();
row.style.display = rowText.includes(filterValue) ? "" : "none";
});
});
}
});
});
</script>
<?php
$bannerFolder = 'assets/images/banners/';
$bannerImages = glob($bannerFolder . '*.{jpg,jpeg,png,webp}', GLOB_BRACE);
$randomBanner = 'assets/images/base4/camping.jpg'; // default fallback
if (!empty($bannerImages)) {
$randomBanner = $bannerImages[array_rand($bannerImages)];
}
?>
<section class="page-banner-area pt-50 pb-35 rel z-1 bgs-cover" style="background-image: url('<?php echo $randomBanner; ?>');">
<div class="banner-overlay"></div>
<div class="container">
<div class="banner-inner text-white mb-50">
<h2 class="page-title mb-10" data-aos="fade-left" data-aos-duration="1500" data-aos-offset="50">4WDCSA Camping Bookings</h2>
<nav aria-label="breadcrumb">
<ol class="breadcrumb justify-content-center mb-20" data-aos="fade-right" data-aos-delay="200" data-aos-duration="1500" data-aos-offset="50">
<li class="breadcrumb-item"><a href="index.php">Home</a></li>
<li class="breadcrumb-item active">Camping Bookings</li>
</ol>
</nav>
</div>
</div>
</section>
<section class="tour-list-page py-10 rel z-1">
<div class="container">
<?php
echo "<div class='trip-booking' data-aos='fade-up' data-aos-duration='1500' data-aos-offset='50'>";
echo "<div style='padding:10px;'>";
echo "<h4>BASE4 Camping</h4>";
// Fetch bookings for the current trip
$bookingsSql = "SELECT b.user_id, b.from_date, b.to_date, b.num_vehicles, b.num_adults, b.num_children, b.add_firewood, b.status,
u.first_name, u.last_name,
(b.total_amount - b.discount_amount) AS paid
FROM bookings b
INNER JOIN users u ON b.user_id = u.user_id
WHERE b.booking_type = 'camping'";
$stmt = $conn->prepare($bookingsSql);
$stmt->execute();
$bookingsResult = $stmt->get_result();
if ($bookingsResult->num_rows > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter results...">';
echo '<table>
<thead>
<tr>
<th>Name</th>
<th>From</th>
<th>To</th>
<th>Vehicles</th>
<th>Adults</th>
<th>Children</th>
<th>Add Firewood</th>
<th>Status</th>
<th>Amount</th>
</tr>
</thead>
<tbody>';
while ($booking = $bookingsResult->fetch_assoc()) {
$userName = htmlspecialchars($booking['first_name'] . ' ' . $booking['last_name']);
$numVehicles = htmlspecialchars($booking['num_vehicles']);
$from = htmlspecialchars($booking['from_date']);
$to = htmlspecialchars($booking['to_date']);
$numAdults = htmlspecialchars($booking['num_adults']);
$numChildren = htmlspecialchars($booking['num_children']);
$radio = $booking['add_firewood'] == 1 ? "YES" : "NO";
$status = htmlspecialchars($booking['status']);
$paid = "R " . number_format($booking['paid'], 2);
echo "<tr>
<td>{$userName}</td>
<td>{$from}</td>
<td>{$to}</td>
<td>{$numVehicles}</td>
<td>{$numAdults}</td>
<td>{$numChildren}</td>
<td>{$radio}</td>
<td>{$status}</td>
<td>{$paid}</td>
</tr>";
}
echo '</tbody></table>';
} else {
echo '<p>No bookings found for this trip.</p>';
}
echo "</div>";
echo "</div>";
?>
</div>
</section>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

247
src/admin/admin_course_bookings.php
View File

@@ -1,247 +0,0 @@
<?php
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
checkAdmin();
// Fetch all trips
$courseSql = "SELECT date, course_id, course_type FROM courses";
$courseResult = $conn->query($courseSql);
if (!$courseResult) {
echo "Error in SQL query: " . $conn->error;
}
?>
<style>
table {
width: 100%;
border-collapse: separate;
border-spacing: 0;
margin: 10px 0;
}
thead th {
cursor: pointer;
text-align: left;
padding: 10px;
font-weight: bold;
position: relative;
}
thead th::after {
content: '\25B2';
/* Up arrow */
font-size: 0.8em;
position: absolute;
right: 10px;
opacity: 0;
transition: opacity 0.2s;
}
thead th.asc::after {
content: '\25B2';
/* Up arrow */
opacity: 1;
}
thead th.desc::after {
content: '\25BC';
/* Down arrow */
opacity: 1;
}
tbody tr:nth-child(odd) {
background-color: transparent;
}
tbody tr:nth-child(even) {
background-color: rgb(255, 255, 255);
border-radius: 10px;
}
tbody td {
padding: 5px;
}
tbody tr:nth-child(even) td:first-child {
border-top-left-radius: 10px;
border-bottom-left-radius: 10px;
}
tbody tr:nth-child(even) td:last-child {
border-top-right-radius: 10px;
border-bottom-right-radius: 10px;
}
.filter-input {
width: 100%;
padding: 5px;
/* margin-bottom: 20px; */
font-size: 16px;
background-color: rgb(255, 255, 255);
border-radius: 25px;
}
.trip-booking {
color: #484848;
background: #f9f9f7;
border: 1px solid #d8d8d8;
border-radius: 10px;
margin-top: 15px;
margin-bottom: 15px;
}
</style>
<script>
document.addEventListener("DOMContentLoaded", function() {
const tables = document.querySelectorAll("table");
tables.forEach((table) => {
const headers = table.querySelectorAll("thead th");
const rows = Array.from(table.querySelectorAll("tbody tr"));
const filterInput = table.previousElementSibling;
headers.forEach((header, index) => {
header.addEventListener("click", () => {
const sortedRows = rows.sort((a, b) => {
const aText = a.cells[index].textContent.trim().toLowerCase();
const bText = b.cells[index].textContent.trim().toLowerCase();
if (aText < bText) return -1;
if (aText > bText) return 1;
return 0;
});
if (header.classList.contains("asc")) {
header.classList.remove("asc");
header.classList.add("desc");
sortedRows.reverse();
} else {
headers.forEach(h => h.classList.remove("asc", "desc"));
header.classList.add("asc");
}
const tbody = table.querySelector("tbody");
tbody.innerHTML = "";
sortedRows.forEach(row => tbody.appendChild(row));
});
});
if (rows.length === 0) {
filterInput.style.display = "none";
} else {
filterInput.addEventListener("input", function() {
const filterValue = filterInput.value.trim().toLowerCase();
rows.forEach(row => {
const rowText = row.textContent.trim().toLowerCase();
row.style.display = rowText.includes(filterValue) ? "" : "none";
});
});
}
});
});
</script>
<?php
$bannerFolder = 'assets/images/banners/';
$bannerImages = glob($bannerFolder . '*.{jpg,jpeg,png,webp}', GLOB_BRACE);
$randomBanner = 'assets/images/base4/camping.jpg'; // default fallback
if (!empty($bannerImages)) {
$randomBanner = $bannerImages[array_rand($bannerImages)];
}
?>
<section class="page-banner-area pt-50 pb-35 rel z-1 bgs-cover" style="background-image: url('<?php echo $randomBanner; ?>');">
<div class="banner-overlay"></div>
<div class="container">
<div class="banner-inner text-white mb-50">
<h2 class="page-title mb-10" data-aos="fade-left" data-aos-duration="1500" data-aos-offset="50">4WDCSA Course Bookings</h2>
<nav aria-label="breadcrumb">
<ol class="breadcrumb justify-content-center mb-20" data-aos="fade-right" data-aos-delay="200" data-aos-duration="1500" data-aos-offset="50">
<li class="breadcrumb-item"><a href="index.php">Home</a></li>
<li class="breadcrumb-item active">Course Bookings</li>
</ol>
</nav>
</div>
</div>
</section>
<section class="tour-list-page py-10 rel z-1">
<div class="container">
<?php
if ($courseResult->num_rows > 0) {
while ($course = $courseResult->fetch_assoc()) {
$course_id = $course['course_id'];
$date = $course['date'];
$type = htmlspecialchars($course['course_type']);
if ($type === "driver_training") {
$course_name = "Basic 4X4 Driver Training Course ".$date;
} elseif ($type === "bush_mechanics") {
$course_name = "Bush Mechanics Course ".$date;
} elseif ($type === "rescue_recovery") {
$course_name = "Rescue & Recovery Training Course ".$date;
} else {
$course_name = "General Course ".$date; // Default fallback description
}
echo "<div class='trip-booking' data-aos='fade-up' data-aos-duration='1500' data-aos-offset='50'>";
echo "<div style='padding:10px;'>";
echo "<h4>{$course_name}</h4>";
// Fetch bookings for the current trip
$bookingsSql = "SELECT b.user_id, b.num_adults, b.total_amount, b.status, b.course_non_members,
u.first_name, u.last_name, u.profile_pic
FROM bookings b
INNER JOIN users u ON b.user_id = u.user_id
WHERE b.course_id = ?";
if ($stmt = $conn->prepare($bookingsSql)) {
$stmt->bind_param('i', $course_id);
$stmt->execute();
$bookingsResult = $stmt->get_result();
} else {
echo "Error in prepared statement: " . $conn->error;
}
if ($bookingsResult->num_rows > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter results...">';
echo '<table>
<thead>
<tr>
<th></th>
<th>Name</th>
<th>Members</th>
<th>Non-Members</th>
<th>Status</th>
<th>Amount</th>
</tr>
</thead>
<tbody>';
while ($booking = $bookingsResult->fetch_assoc()) {
$userName = htmlspecialchars($booking['first_name'] . ' ' . $booking['last_name']);
$members = htmlspecialchars($booking['num_adults']);
$non_members = htmlspecialchars($booking['course_non_members']);
$status = htmlspecialchars($booking['status']);
$paid = "R " . number_format($booking['total_amount'], 2);
echo "<tr>
<td><img src=".$booking['profile_pic']." alt='Profile Picture' class='profile-pic'></td>
<td>{$userName}</td>
<td>{$members}</td>
<td>{$non_members}</td>
<td>{$status}</td>
<td>{$paid}</td>
</tr>";
}
echo '</tbody></table>';
} else {
echo '<p>No bookings found for this trip.</p>';
}
echo "</div>";
echo "</div>";
}
} else {
echo '<p>No courses found.</p>';
}
?>
</div>
</section>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

230
src/admin/admin_events.php
View File

@@ -1,230 +0,0 @@
<?php
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . "/header.php");
checkAdmin();
checkUserSession();
$pageTitle = 'Manage Events';
$breadcrumbs = [['Home' => 'index']];
require_once($rootPath . '/components/banner.php');
// Fetch all events
$events_query = "
SELECT
event_id, name, type, location, date, image, published
FROM events
ORDER BY date DESC
";
$result = $conn->query($events_query);
$events = [];
if ($result && $result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$events[] = $row;
}
}
?>
<style>
.image {
width: 300px;
/* Set your desired width */
height: 250px;
/* Set your desired height */
overflow: hidden;
/* Hide any overflow */
display: block;
/* Ensure proper block behavior */
border-radius: 8px;
}
.image img {
width: 100%;
/* Image scales to fill the container */
height: 100%;
/* Image scales to fill the container */
object-fit: cover;
/* Fills the container while maintaining aspect ratio */
object-position: center;
/* Aligns the center of the image with the center of the container */
display: block;
/* Prevents inline whitespace issues */
}
</style>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script>
document.addEventListener("DOMContentLoaded", function() {
const filterInput = document.querySelector('.filter-input');
const cards = document.querySelectorAll('.destination-item');
if (cards.length === 0 && filterInput) {
filterInput.style.display = "none";
} else if (filterInput) {
filterInput.addEventListener("input", function() {
const filterValue = filterInput.value.trim().toLowerCase();
cards.forEach(card => {
const cardText = card.textContent.trim().toLowerCase();
card.style.display = cardText.includes(filterValue) ? "" : "none";
});
});
}
});
</script>
<?php
$pageTitle = 'Manage Events';
$breadcrumbs = [['Home' => 'index']];
require_once($rootPath . '/components/banner.php');
?>
<!-- Events Management Area start -->
<section class="blog-list-page py-100 rel z-1">
<div class="container">
<div class="row">
<div class="col-lg-12">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 30px;">
<h2 style="margin: 0;">Manage Events</h2>
<a href="manage_events" class="theme-btn create-album-btn">
<i class="far fa-plus"></i> New Event
</a>
</div>
<?php if (isset($_SESSION['message'])): ?>
<div class="alert alert-warning message-box">
<?php echo $_SESSION['message']; ?>
<span class="close-btn" onclick="this.parentElement.style.display='none'">&times;</span>
</div>
<?php unset($_SESSION['message']);
endif;
if (count($events) > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter events...">';
echo '<div class="events-container" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">';
foreach ($events as $event) {
$eventImagePath = $event['image'] ? htmlspecialchars($event['image']) : 'assets/images/placeholder.jpg';
$publishStatusBadge = $event['published'] == 1 ? 'PUBLISHED' : 'DRAFT';
echo '
<div class="destination-item style-three bgc-lighter booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<div class="image" style="width:300px;height:250px;">
<img src="' . $eventImagePath . '" alt="' . htmlspecialchars($event['name']) . '">
</div>
<div class="content" style="width:100%;">
<div class="destination-header d-flex align-items-start gap-3">
<div>
<span class="badge bg-dark mb-1">' . strtoupper($publishStatusBadge) . '</span>
<h5 class="mb-0">' . htmlspecialchars($event['name']) . '</h5>
<small class="text-muted">📍 ' . htmlspecialchars($event['location']) . '</small>
</div>
</div>
<p style="margin: 10px 0;">
<strong>Type:</strong> ' . htmlspecialchars($event['type']) . '<br>
<strong>Date:</strong> ' . convertDate($event['date']) . '
</p>
<div class="destination-footer">
<div class="btn-group" style="display:flex; justify-content:flex-end; gap:10px;">
<a href="manage_events?event_id=' . $event['event_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit"><span class="material-icons">edit</span></a>
<button type="button" class="toggle-publish" data-event-id="' . $event['event_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="' . ($event['published'] == 1 ? 'Unpublish' : 'Publish') . '" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">' . ($event['published'] == 1 ? 'cloud_off' : 'cloud_upload') . '</span></button>
<button type="button" class="delete-event" data-event-id="' . $event['event_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Delete" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">delete</span></button>
</div>
</div>
</div>
</div>
';
}
echo '</div>';
} else {
echo '<div class="no-events">
<p>No events found. <a href="manage_events">Create one</a></p>
</div>';
}
?>
</div>
</div>
</div>
</section>
<!-- Events Management Area end -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script>
const tooltipTriggerList = document.querySelectorAll('[data-bs-toggle="tooltip"]');
tooltipTriggerList.forEach(el => new bootstrap.Tooltip(el));
// Handle publish/unpublish button clicks
document.querySelectorAll('.toggle-publish').forEach(btn => {
btn.addEventListener('click', function() {
const eventId = this.dataset.eventId;
const currentIcon = this.querySelector('.material-icons').textContent;
const isPublished = currentIcon === 'cloud_off';
const action = isPublished ? 'Unpublish' : 'Publish';
const formData = new FormData();
formData.append('event_id', eventId);
fetch('toggle_event_published', {
method: 'POST',
body: formData
})
.then(response => response.json())
.then(data => {
if (data.status === 'success') {
alert(action + ' successful!');
location.reload();
} else {
alert(action + ' failed: ' + data.message);
}
})
.catch(err => {
console.error('Error:', err);
alert(action + ' failed due to network error.');
});
});
});
// Handle delete button clicks
document.querySelectorAll('.delete-event').forEach(btn => {
btn.addEventListener('click', function() {
if (!confirm('Are you sure you want to delete this event? This action cannot be undone.')) {
return false;
}
const eventId = this.dataset.eventId;
const card = this.closest('.destination-item');
const formData = new FormData();
formData.append('event_id', eventId);
fetch('delete_event', {
method: 'POST',
body: formData
})
.then(response => response.json())
.then(data => {
if (data.status === 'success') {
card.style.animation = 'fadeOut 0.3s ease-out';
setTimeout(() => {
card.remove();
if (document.querySelectorAll('.destination-item').length === 0) {
location.reload();
}
}, 300);
} else {
alert('Error: ' + data.message);
}
})
.catch(err => {
console.error('Error:', err);
alert('Delete failed due to network error.');
});
});
});
</script>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

248
src/admin/admin_transactions.php Normal file
View File

@@ -0,0 +1,248 @@
<?php
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
checkAdmin();
?>
<style>
table {
width: 100%;
border-collapse: separate;
border-spacing: 0;
margin: 10px 0;
}
thead th {
cursor: pointer;
text-align: left;
padding: 10px;
font-weight: bold;
position: relative;
}
thead th::after {
content: '\25B2';
/* Up arrow */
font-size: 0.8em;
position: absolute;
right: 10px;
opacity: 0;
transition: opacity 0.2s;
}
thead th.asc::after {
content: '\25B2';
/* Up arrow */
opacity: 1;
}
thead th.desc::after {
content: '\25BC';
/* Down arrow */
opacity: 1;
}
tbody tr:nth-child(odd) {
background-color: transparent;
}
tbody tr:nth-child(even) {
background-color: rgb(255, 255, 255);
border-radius: 10px;
}
tbody td {
padding: 5px;
}
tbody tr:nth-child(even) td:first-child {
border-top-left-radius: 10px;
border-bottom-left-radius: 10px;
}
tbody tr:nth-child(even) td:last-child {
border-top-right-radius: 10px;
border-bottom-right-radius: 10px;
}
.filter-input {
width: 100%;
padding: 5px;
/* margin-bottom: 20px; */
font-size: 16px;
background-color: rgb(255, 255, 255);
border-radius: 25px;
}
.infobox {
color: #484848;
background: #f9f9f7;
border: 1px solid #d8d8d8;
border-radius: 10px;
margin-top: 15px;
margin-bottom: 15px;
}
</style>
<script>
document.addEventListener("DOMContentLoaded", function() {
const table = document.querySelector("table");
const headers = table.querySelectorAll("thead th");
const rows = Array.from(table.querySelectorAll("tbody tr"));
const filterInput = document.getElementById("filterInput");
headers.forEach((header, index) => {
header.addEventListener("click", () => {
const sortedRows = rows.sort((a, b) => {
const aText = a.cells[index].textContent.trim().toLowerCase();
const bText = b.cells[index].textContent.trim().toLowerCase();
if (aText < bText) return -1;
if (aText > bText) return 1;
return 0;
});
if (header.classList.contains("asc")) {
header.classList.remove("asc");
header.classList.add("desc");
sortedRows.reverse();
} else {
headers.forEach(h => h.classList.remove("asc", "desc"));
header.classList.add("asc");
}
const tbody = table.querySelector("tbody");
tbody.innerHTML = "";
sortedRows.forEach(row => tbody.appendChild(row));
});
});
filterInput.addEventListener("input", function() {
const filterValue = filterInput.value.trim().toLowerCase();
rows.forEach(row => {
const rowText = row.textContent.trim().toLowerCase();
row.style.display = rowText.includes(filterValue) ? "" : "none";
});
});
});
</script>
<!-- Page Banner Start -->
<?php
$bannerFolder = 'assets/images/banners/';
$bannerImages = glob($bannerFolder . '*.{jpg,jpeg,png,webp}', GLOB_BRACE);
$randomBanner = 'assets/images/base4/camping.jpg'; // default fallback
if (!empty($bannerImages)) {
$randomBanner = $bannerImages[array_rand($bannerImages)];
}
?>
<section class="page-banner-area pt-50 pb-35 rel z-1 bgs-cover" style="background-image: url('<?php echo $randomBanner; ?>');">
<div class="banner-overlay"></div>
<div class="container">
<div class="banner-inner text-white mb-50">
<h2 class="page-title mb-10" data-aos="fade-left" data-aos-duration="1500" data-aos-offset="50">iKhokha Payments</h2>
<nav aria-label="breadcrumb">
<ol class="breadcrumb justify-content-center mb-20" data-aos="fade-right" data-aos-delay="200" data-aos-duration="1500" data-aos-offset="50">
<li class="breadcrumb-item"><a href="index.php">Home</a></li>
<li class="breadcrumb-item active">iKhokha Payments</li>
</ol>
</nav>
</div>
</div>
</section>
<!-- Tour List Area start -->
<section class="tour-list-page py-10 rel z-1">
<div class="container">
<div class="row">
<div class="col-lg-12">
<div class='infobox' data-aos='fade-up' data-aos-duration='1500' data-aos-offset='50'>
<div style='padding:10px;'>
<?php
// Fetch transactions from iKhokha API instead of DB
$startDate = isset($_GET['start']) ? $_GET['start'] : date('Y-m-d', strtotime('-30 days'));
$endDate = isset($_GET['end']) ? $_GET['end'] : date('Y-m-d');
// getIkhokhaTransactionHistory should return JSON (string) or an array
$raw = getIkhokhaTransactionHistory($startDate, $endDate);
$transactions = [];
if (is_string($raw)) {
$transactions = json_decode($raw, true);
} elseif (is_array($raw)) {
$transactions = $raw;
}
if (!empty($transactions)) {
echo '<input id="filterInput" type="text" class="filter-input" placeholder="Filter results...">';
echo '<table>
<thead>
<tr>
<th>Date</th>
<th>ID</th>
<th>PaylinkID</th>
<th>Description</th>
<th>Amount</th>
<th>Status</th>
</tr>
</thead>
<tbody>';
$printed = false;
foreach ($transactions as $row) {
$createdAt = isset($row['createdAt']) ? htmlspecialchars($row['createdAt']) : '';
// prefer externalTransactionID when available, fallback to paylinkID
$txId = isset($row['externalTransactionID']) ? $row['externalTransactionID'] : (isset($row['paylinkID']) ? $row['paylinkID'] : '');
$ikhokhaTxId = isset($row['paylinkID']) ? $row['paylinkID'] : '';
$description = isset($row['description']) ? $row['description'] : '';
$amount = isset($row['amount']) ? $row['amount'] : '';
$status = isset($row['status']) ? $row['status'] : '';
// Skip unpaid transactions
if (strcasecmp($status, 'UNPAID') === 0) {
continue;
}
echo "<tr>
<td>" . htmlspecialchars($createdAt) . "</td>
<td>" . htmlspecialchars($txId) . "</td>
<td>" . htmlspecialchars($ikhokhaTxId) . "</td>
<td>" . htmlspecialchars($description) . "</td>
<td>R " . htmlspecialchars($amount/100) . ".00</td>
<td>" . htmlspecialchars($status) . "</td>
</tr>";
$printed = true;
}
if (!$printed) {
echo '<tr><td colspan="6">No records found</td></tr>';
}
} else {
echo '<input id="filterInput" type="text" class="filter-input" placeholder="Filter results...">';
echo '<table>
<thead>
<tr>
<th>Date</th>
<th>ID</th>
<th>Description</th>
<th>Amount</th>
<th>Status</th>
</tr>
</thead>
<tbody>';
echo '<tr><td colspan="5">No records found</td></tr>';
} ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</section>
<!-- Tour List Area end -->
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

240
src/admin/admin_trip_bookings.php
View File

@@ -1,240 +0,0 @@
<?php
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
checkAdmin();
// Fetch all trips
$tripsSql = "SELECT trip_id, trip_name FROM trips";
$tripsResult = $conn->query($tripsSql);
?>
<style>
table {
width: 100%;
border-collapse: separate;
border-spacing: 0;
margin: 10px 0;
}
thead th {
cursor: pointer;
text-align: left;
padding: 10px;
font-weight: bold;
position: relative;
}
thead th::after {
content: '\25B2';
/* Up arrow */
font-size: 0.8em;
position: absolute;
right: 10px;
opacity: 0;
transition: opacity 0.2s;
}
thead th.asc::after {
content: '\25B2';
/* Up arrow */
opacity: 1;
}
thead th.desc::after {
content: '\25BC';
/* Down arrow */
opacity: 1;
}
tbody tr:nth-child(odd) {
background-color: transparent;
}
tbody tr:nth-child(even) {
background-color: rgb(255, 255, 255);
border-radius: 10px;
}
tbody td {
padding: 5px;
}
tbody tr:nth-child(even) td:first-child {
border-top-left-radius: 10px;
border-bottom-left-radius: 10px;
}
tbody tr:nth-child(even) td:last-child {
border-top-right-radius: 10px;
border-bottom-right-radius: 10px;
}
.filter-input {
width: 100%;
padding: 5px;
/* margin-bottom: 20px; */
font-size: 16px;
background-color: rgb(255, 255, 255);
border-radius: 25px;
}
.trip-booking {
color: #484848;
background: #f9f9f7;
border: 1px solid #d8d8d8;
border-radius: 10px;
margin-top: 15px;
margin-bottom: 15px;
}
</style>
<script>
document.addEventListener("DOMContentLoaded", function() {
const tables = document.querySelectorAll("table");
tables.forEach((table) => {
const headers = table.querySelectorAll("thead th");
const rows = Array.from(table.querySelectorAll("tbody tr"));
const filterInput = table.previousElementSibling;
headers.forEach((header, index) => {
header.addEventListener("click", () => {
const sortedRows = rows.sort((a, b) => {
const aText = a.cells[index].textContent.trim().toLowerCase();
const bText = b.cells[index].textContent.trim().toLowerCase();
if (aText < bText) return -1;
if (aText > bText) return 1;
return 0;
});
if (header.classList.contains("asc")) {
header.classList.remove("asc");
header.classList.add("desc");
sortedRows.reverse();
} else {
headers.forEach(h => h.classList.remove("asc", "desc"));
header.classList.add("asc");
}
const tbody = table.querySelector("tbody");
tbody.innerHTML = "";
sortedRows.forEach(row => tbody.appendChild(row));
});
});
if (rows.length === 0) {
filterInput.style.display = "none";
} else {
filterInput.addEventListener("input", function() {
const filterValue = filterInput.value.trim().toLowerCase();
rows.forEach(row => {
const rowText = row.textContent.trim().toLowerCase();
row.style.display = rowText.includes(filterValue) ? "" : "none";
});
});
}
});
});
</script>
<?php
$bannerFolder = 'assets/images/banners/';
$bannerImages = glob($bannerFolder . '*.{jpg,jpeg,png,webp}', GLOB_BRACE);
$randomBanner = 'assets/images/base4/camping.jpg'; // default fallback
if (!empty($bannerImages)) {
$randomBanner = $bannerImages[array_rand($bannerImages)];
}
?>
<section class="page-banner-area pt-50 pb-35 rel z-1 bgs-cover" style="background-image: url('<?php echo $randomBanner; ?>');">
<div class="banner-overlay"></div>
<div class="container">
<div class="banner-inner text-white mb-50">
<h2 class="page-title mb-10" data-aos="fade-left" data-aos-duration="1500" data-aos-offset="50">4WDCSA Trip Bookings</h2>
<nav aria-label="breadcrumb">
<ol class="breadcrumb justify-content-center mb-20" data-aos="fade-right" data-aos-delay="200" data-aos-duration="1500" data-aos-offset="50">
<li class="breadcrumb-item"><a href="index.php">Home</a></li>
<li class="breadcrumb-item active">Trip Bookings</li>
</ol>
</nav>
</div>
</div>
</section>
<section class="tour-list-page py-10 rel z-1">
<div class="container">
<?php
if ($tripsResult->num_rows > 0) {
while ($trip = $tripsResult->fetch_assoc()) {
$tripId = $trip['trip_id'];
$tripName = htmlspecialchars($trip['trip_name']);
echo "<div class='trip-booking' data-aos='fade-up' data-aos-duration='1500' data-aos-offset='50'>";
echo "<div style='padding:10px;'>";
echo "<h4>{$tripName}</h4>";
// Fetch bookings for the current trip
$bookingsSql = "SELECT b.user_id, b.num_vehicles, b.num_adults, b.num_children, b.num_pensioners, b.radio, b.status,
u.first_name, u.last_name, u.profile_pic,
(b.total_amount - b.discount_amount) AS paid
FROM bookings b
INNER JOIN users u ON b.user_id = u.user_id
WHERE b.trip_id = ?";
$stmt = $conn->prepare($bookingsSql);
$stmt->bind_param('i', $tripId);
$stmt->execute();
$bookingsResult = $stmt->get_result();
if ($bookingsResult->num_rows > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter results...">';
echo '<table>
<thead>
<tr>
<th></th>
<th>Name</th>
<th>Vehicles</th>
<th>Adults</th>
<th>Children</th>
<th>Pensioners</th>
<th>Radio</th>
<th>Status</th>
<th>Amount</th>
</tr>
</thead>
<tbody>';
while ($booking = $bookingsResult->fetch_assoc()) {
$userName = htmlspecialchars($booking['first_name'] . ' ' . $booking['last_name']);
$numVehicles = htmlspecialchars($booking['num_vehicles']);
$numAdults = htmlspecialchars($booking['num_adults']);
$numPensioners = htmlspecialchars($booking['num_pensioners']);
$numChildren = htmlspecialchars($booking['num_children']);
$radio = $booking['radio'] == 1 ? "YES" : "NO";
$status = htmlspecialchars($booking['status']);
$paid = "R " . number_format($booking['paid'], 2);
echo "<tr>
<td><img src=".$booking['profile_pic']." alt='Profile Picture' class='profile-pic'></td>
<td>{$userName}</td>
<td>{$numVehicles}</td>
<td>{$numAdults}</td>
<td>{$numChildren}</td>
<td>{$numPensioners}</td>
<td>{$radio}</td>
<td>{$status}</td>
<td>{$paid}</td>
</tr>";
}
echo '</tbody></table>';
} else {
echo '<p>No bookings found for this trip.</p>';
}
echo "</div>";
echo "</div>";
}
} else {
echo '<p>No trips found.</p>';
}
?>
</div>
</section>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

244
src/admin/admin_trips.php
View File

@@ -1,244 +0,0 @@
<?php
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . "/header.php");
checkAdmin();
checkUserSession();
$pageTitle = 'Manage Trips';
$breadcrumbs = [['Home' => 'index']];
require_once($rootPath . '/components/banner.php');
// Fetch all trips with booking status
$trips_query = "
SELECT
trip_id, trip_name, location, start_date, end_date,
vehicle_capacity, places_booked, cost_members, cost_nonmembers,
cost_pensioner_member, cost_pensioner, published
FROM trips
ORDER BY start_date DESC
";
$result = $conn->query($trips_query);
$trips = [];
if ($result && $result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$trips[] = $row;
}
}
?>
<style>
.image {
width: 200px;
/* Set your desired width */
height: 200px;
/* Set your desired height */
overflow: hidden;
/* Hide any overflow */
display: block;
/* Ensure proper block behavior */
border-radius: 8px;
}
.image img {
width: 100%;
/* Image scales to fill the container */
height: 100%;
/* Image scales to fill the container */
object-fit: cover;
/* Fills the container while maintaining aspect ratio */
object-position: center;
/* Aligns the center of the image with the center of the container */
display: block;
/* Prevents inline whitespace issues */
}
</style>
<script>
document.addEventListener("DOMContentLoaded", function() {
const filterInput = document.querySelector('.filter-input');
const cards = document.querySelectorAll('.destination-item');
if (cards.length === 0 && filterInput) {
filterInput.style.display = "none";
} else if (filterInput) {
filterInput.addEventListener("input", function() {
const filterValue = filterInput.value.trim().toLowerCase();
cards.forEach(card => {
const cardText = card.textContent.trim().toLowerCase();
card.style.display = cardText.includes(filterValue) ? "" : "none";
});
});
}
});
</script>
<?php
$bannerFolder = 'assets/images/banners/';
$bannerImages = glob($bannerFolder . '*.{jpg,jpeg,png,webp}', GLOB_BRACE);
?>
<!-- Trips Management Area start -->
<section class="blog-list-page py-100 rel z-1">
<div class="container">
<div class="row">
<div class="col-lg-12">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 30px;">
<h2 style="margin: 0;">Manage Trips</h2>
<a href="manage_trips" class="theme-btn create-album-btn">
<i class="far fa-plus"></i> New Event
</a>
</div>
<?php if (isset($_SESSION['message'])): ?>
<div class="alert alert-warning message-box">
<?php echo $_SESSION['message']; ?>
<span class="close-btn" onclick="this.parentElement.style.display='none'">&times;</span>
</div>
<?php unset($_SESSION['message']);
endif;
if (count($trips) > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter trips...">';
echo '<div class="trips-container" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">';
foreach ($trips as $trip) {
$available = $trip['vehicle_capacity'] - $trip['places_booked'];
$publishStatus = $trip['published'] == 1 ? 'published' : 'draft';
$publishStatusBadge = $trip['published'] == 1 ? 'PUBLISHED' : 'DRAFT';
// Get trip image - look for assets/images/trips/$trip_id_{number}.jpg
$tripImagePath = '';
$tripImagesGlob = glob($rootPath . '/assets/images/trips/' . $trip['trip_id'] . '_*.jpg');
if (!empty($tripImagesGlob)) {
$tripImagePath = str_replace($rootPath, '', $tripImagesGlob[0]);
} else {
// Fallback to placeholder icon if no image found
$tripImagePath = 'assets/images/placeholder.jpg';
}
echo '
<div class="destination-item style-three bgc-lighter booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<div class="image" style="width:300px;height:250px;">
<img src="' . htmlspecialchars($tripImagePath) . '" alt="' . htmlspecialchars($trip['trip_name']) . '">
</div>
<div class="content" style="width:100%;">
<div class="destination-header d-flex align-items-start gap-3">
<div>
<span class="badge bg-dark mb-1">' . strtoupper($publishStatusBadge) . '</span>
<h5 class="mb-0">' . htmlspecialchars($trip['trip_name']) . '</h5>
<small class="text-muted">📍 ' . htmlspecialchars($trip['location']) . '</small>
</div>
</div>
<p style="margin: 10px 0;">
<strong>Dates:</strong> ' . date('M d', strtotime($trip['start_date'])) . ' - ' . date('M d, Y', strtotime($trip['end_date'])) . '<br>
<strong>Capacity:</strong> ' . $trip['places_booked'] . ' / ' . $trip['vehicle_capacity'] . '<br>
<strong>Costs:</strong> Members: R ' . number_format($trip['cost_members'], 2) . ' | Non-Members: R ' . number_format($trip['cost_nonmembers'], 2) . ' | Pensioner Members: R ' . number_format($trip['cost_pensioner_member'], 2) . ' | Pensioners: R ' . number_format($trip['cost_pensioner'], 2) . '
</p>
<div class="destination-footer">
<div class="btn-group" style="display:flex; justify-content:flex-end; gap:10px;">
<a href="manage_trips?trip_id=' . $trip['trip_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit"><span class="material-icons">edit</span></a>
<button type="button" class="toggle-publish" data-trip-id="' . $trip['trip_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="' . ($trip['published'] == 1 ? 'Unpublish' : 'Publish') . '" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">' . ($trip['published'] == 1 ? 'cloud_off' : 'cloud_upload') . '</span></button>
<button type="button" class="delete-trip" data-trip-id="' . $trip['trip_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Delete" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">delete</span></button>
</div>
</div>
</div>
</div>
';
}
echo '</div>';
} else {
echo '<div class="no-trips">
<p>No trips found. <a href="manage_trips">Create one</a></p>
</div>';
}
?>
</div>
</div>
</div>
</section>
<!-- Trips Management Area end -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script>
const tooltipTriggerList = document.querySelectorAll('[data-bs-toggle="tooltip"]');
tooltipTriggerList.forEach(el => new bootstrap.Tooltip(el));
// Handle publish/unpublish button clicks
document.querySelectorAll('.toggle-publish').forEach(btn => {
btn.addEventListener('click', function() {
const tripId = this.dataset.tripId;
const currentIcon = this.querySelector('.material-icons').textContent;
const isPublished = currentIcon === 'cloud_off';
const action = isPublished ? 'Unpublish' : 'Publish';
const formData = new FormData();
formData.append('trip_id', tripId);
fetch('toggle_trip_published', {
method: 'POST',
body: formData
})
.then(response => response.json())
.then(data => {
if (data.status === 'success') {
alert(action + ' successful!');
location.reload();
} else {
alert(action + ' failed: ' + data.message);
}
})
.catch(err => {
console.error('Error:', err);
alert(action + ' failed due to network error.');
});
});
});
// Handle delete button clicks
document.querySelectorAll('.delete-trip').forEach(btn => {
btn.addEventListener('click', function() {
if (!confirm('Are you sure you want to delete this trip? This action cannot be undone.')) {
return false;
}
const tripId = this.dataset.tripId;
const card = this.closest('.destination-item');
const formData = new FormData();
formData.append('trip_id', tripId);
fetch('delete_trip', {
method: 'POST',
body: formData
})
.then(response => response.json())
.then(data => {
if (data.status === 'success') {
alert('Trip deleted successfully!');
card.style.animation = 'fadeOut 0.3s ease-out';
setTimeout(() => {
card.remove();
if (document.querySelectorAll('.destination-item').length === 0) {
location.reload();
}
}, 300);
} else {
alert('Error: ' + data.message);
}
})
.catch(err => {
console.error('Error:', err);
alert('Delete failed due to network error.');
});
});
});
</script>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

441
src/admin/admin_trips_events_courses.php Normal file
View File

@@ -0,0 +1,441 @@
<?php
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
checkAdmin();
// Ensure $conn is available; show a friendly message if DB is down
$conn = $conn ?? null;
if (!$conn) {
// Render a simple error notice inside the page layout and stop further DB queries
echo '<section class="tour-list-page py-10 rel z-1">\n <div class="container">\n <div class="alert alert-danger">Database connection unavailable. Please check your configuration and logs.</div>\n </div>\n</section>';
include_once($rootPath . '/components/insta_footer.php');
// Stop execution to prevent subsequent fatal errors from using $conn
exit;
}
?>
<style>
/* Shared table and tab styles */
.admin-tabs { text-align: center; display: flex; margin-bottom: 20px; margin-top: 20px; }
.admin-tab { padding: 10px 30px; margin-right: 20px; cursor: pointer; border: 2px solid; border-radius: 50px; background: none; font-size: 18px; color: #484848; }
.admin-tab.active { color: white; background: #63ab45; font-weight: bold; }
.tab-content { display: none; }
.tab-content.active { display: block; }
table { width: 100%; border-collapse: separate; border-spacing: 0; margin: 10px 0; }
thead th { cursor: pointer; text-align: left; padding: 10px; font-weight: bold; position: relative; }
thead th::after { content: '\25B2'; font-size: 0.8em; position: absolute; right: 10px; opacity: 0; transition: opacity 0.2s; }
thead th.asc::after { content: '\25B2'; opacity: 1; }
thead th.desc::after { content: '\25BC'; opacity: 1; }
tbody tr:nth-child(odd) { background-color: transparent; }
tbody tr:nth-child(even) { background-color: rgb(255, 255, 255); border-radius: 10px; }
tbody td { padding: 5px; }
tbody tr:nth-child(even) td:first-child { border-top-left-radius: 10px; border-bottom-left-radius: 10px; }
tbody tr:nth-child(even) td:last-child { border-top-right-radius: 10px; border-bottom-right-radius: 10px; }
.filter-input { width: 100%; padding: 5px; font-size: 16px; background-color: rgb(255, 255, 255); border-radius: 25px; }
.trip-booking { color: #484848; background: #f9f9f7; border: 1px solid #d8d8d8; border-radius: 10px; margin-top: 15px; margin-bottom: 15px; }
</style>
<script>
document.addEventListener("DOMContentLoaded", function() {
// Tab switching
const tabs = document.querySelectorAll('.admin-tab');
const contents = document.querySelectorAll('.tab-content');
tabs.forEach((tab, idx) => {
tab.addEventListener('click', function() {
tabs.forEach(t => t.classList.remove('active'));
contents.forEach(c => c.classList.remove('active'));
tab.classList.add('active');
contents[idx].classList.add('active');
});
});
// Table sorting/filtering (same as before)
document.querySelectorAll("table").forEach((table) => {
const headers = table.querySelectorAll("thead th");
const rows = Array.from(table.querySelectorAll("tbody tr"));
const filterInput = table.previousElementSibling;
headers.forEach((header, index) => {
header.addEventListener("click", () => {
const sortedRows = rows.sort((a, b) => {
const aText = a.cells[index].textContent.trim().toLowerCase();
const bText = b.cells[index].textContent.trim().toLowerCase();
if (aText < bText) return -1;
if (aText > bText) return 1;
return 0;
});
if (header.classList.contains("asc")) {
header.classList.remove("asc");
header.classList.add("desc");
sortedRows.reverse();
} else {
headers.forEach(h => h.classList.remove("asc", "desc"));
header.classList.add("asc");
}
const tbody = table.querySelector("tbody");
tbody.innerHTML = "";
sortedRows.forEach(row => tbody.appendChild(row));
});
});
if (rows.length === 0) {
filterInput.style.display = "none";
} else {
filterInput.addEventListener("input", function() {
const filterValue = filterInput.value.trim().toLowerCase();
rows.forEach(row => {
const rowText = row.textContent.trim().toLowerCase();
row.style.display = rowText.includes(filterValue) ? "" : "none";
});
});
}
});
});
</script>
<?php
$pageTitle = 'Manage Trips, Courses & Events';
$breadcrumbs = [['Home' => 'index']];
require_once($rootPath . '/components/banner.php');
?>
<section class="tour-list-page py-10 rel z-1">
<div class="container">
<div class="admin-tabs">
<button class="admin-tab active">Manage Trips</button>
<button class="admin-tab">Manage Events</button>
<button class="admin-tab">Manage Courses</button>
<button class="admin-tab">Manage Blogs</button>
</div>
<div class="tab-content active">
<?php
// Trips management content (adapted from admin_trips.php)
// Fetch trips (already available if connection present)
$trips_query = "
SELECT
trip_id, trip_name, location, start_date, end_date,
vehicle_capacity, places_booked, cost_members, cost_nonmembers,
cost_pensioner_member, cost_pensioner, published
FROM trips
ORDER BY start_date DESC
";
$result = $conn->query($trips_query);
$trips = [];
if ($result && $result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$trips[] = $row;
}
}
?>
<div class="row">
<div class="col-lg-12">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 30px;">
<h2 style="margin: 0;">Manage Trips</h2>
<a href="manage_trips" class="theme-btn create-album-btn">
<i class="far fa-plus"></i> New Trip
</a>
</div>
<?php if (isset($_SESSION['message'])): ?>
<div class="alert alert-warning message-box">
<?php echo $_SESSION['message']; ?>
<span class="close-btn" onclick="this.parentElement.style.display='none'">&times;</span>
</div>
<?php unset($_SESSION['message']);
endif;
if (count($trips) > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter trips...">';
echo '<div class="trips-container" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">';
foreach ($trips as $trip) {
$available = $trip['vehicle_capacity'] - $trip['places_booked'];
$publishStatusBadge = $trip['published'] == 1 ? 'PUBLISHED' : 'DRAFT';
$tripImagePath = '';
$tripImagesGlob = glob($rootPath . '/assets/images/trips/' . $trip['trip_id'] . '_*.jpg');
if (!empty($tripImagesGlob)) {
$tripImagePath = str_replace($rootPath, '', $tripImagesGlob[0]);
} else {
$tripImagePath = 'assets/images/placeholder.jpg';
}
echo '
<div class="destination-item style-three bgc-lighter booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<div class="image" style="width:300px;height:250px;">
<img src="' . htmlspecialchars($tripImagePath) . '" alt="' . htmlspecialchars($trip['trip_name']) . '">
</div>
<div class="content" style="width:100%;">
<div class="destination-header d-flex align-items-start gap-3">
<div>
<span class="badge bg-dark mb-1">' . strtoupper($publishStatusBadge) . '</span>
<h5 class="mb-0">' . htmlspecialchars($trip['trip_name']) . '</h5>
<small class="text-muted">📍 ' . htmlspecialchars($trip['location']) . '</small>
</div>
</div>
<p style="margin: 10px 0;">
<strong>Dates:</strong> ' . date('M d', strtotime($trip['start_date'])) . ' - ' . date('M d, Y', strtotime($trip['end_date'])) . '<br>
<strong>Capacity:</strong> ' . $trip['places_booked'] . ' / ' . $trip['vehicle_capacity'] . '<br>
<strong>Costs:</strong> Members: R ' . number_format($trip['cost_members'], 2) . ' | Non-Members: R ' . number_format($trip['cost_nonmembers'], 2) . ' | Pensioner Members: R ' . number_format($trip['cost_pensioner_member'], 2) . ' | Pensioners: R ' . number_format($trip['cost_pensioner'], 2) . '
</p>
<div class="destination-footer">
<div class="btn-group" style="display:flex; justify-content:flex-end; gap:10px;">
<a href="manage_trips?trip_id=' . $trip['trip_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit"><span class="material-icons">edit</span></a>
<button type="button" class="toggle-publish" data-trip-id="' . $trip['trip_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="' . ($trip['published'] == 1 ? 'Unpublish' : 'Publish') . '" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">' . ($trip['published'] == 1 ? 'cloud_off' : 'cloud_upload') . '</span></button>
<button type="button" class="delete-trip" data-trip-id="' . $trip['trip_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Delete" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">delete</span></button>
</div>
</div>
</div>
</div>
';
}
echo '</div>';
} else {
echo "<div class=\"no-trips\"><p>No trips found. <a href=\"manage_trips\">Create one</a></p></div>";
}
?>
</div>
</div>
</div>
<div class="tab-content">
<?php
// Events management content (adapted from admin_events.php)
$events_query = "
SELECT
event_id, name, type, location, date, image, published
FROM events
ORDER BY date DESC
";
$result = $conn->query($events_query);
$events = [];
if ($result && $result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$events[] = $row;
}
}
?>
<div class="row">
<div class="col-lg-12">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 30px;">
<h2 style="margin: 0;">Manage Events</h2>
<a href="manage_events" class="theme-btn create-album-btn">
<i class="far fa-plus"></i> New Event
</a>
</div>
<?php if (count($events) > 0) {
echo '<input type="text" class="filter-input" placeholder="Filter events...">';
echo '<div class="events-container" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">';
foreach ($events as $event) {
$eventImagePath = $event['image'] ? htmlspecialchars($event['image']) : 'assets/images/placeholder.jpg';
$publishStatusBadge = $event['published'] == 1 ? 'PUBLISHED' : 'DRAFT';
echo '
<div class="destination-item style-three bgc-lighter booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<div class="image" style="width:300px;height:250px;">
<img src="' . $eventImagePath . '" alt="' . htmlspecialchars($event['name']) . '">
</div>
<div class="content" style="width:100%;">
<div class="destination-header d-flex align-items-start gap-3">
<div>
<span class="badge bg-dark mb-1">' . strtoupper($publishStatusBadge) . '</span>
<h5 class="mb-0">' . htmlspecialchars($event['name']) . '</h5>
<small class="text-muted">📍 ' . htmlspecialchars($event['location']) . '</small>
</div>
</div>
<p style="margin: 10px 0;">
<strong>Type:</strong> ' . htmlspecialchars($event['type']) . '<br>
<strong>Date:</strong> ' . convertDate($event['date']) . '
</p>
<div class="destination-footer">
<div class="btn-group" style="display:flex; justify-content:flex-end; gap:10px;">
<a href="manage_events?event_id=' . $event['event_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit"><span class="material-icons">edit</span></a>
<button type="button" class="toggle-publish" data-event-id="' . $event['event_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="' . ($event['published'] == 1 ? 'Unpublish' : 'Publish') . '" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">' . ($event['published'] == 1 ? 'cloud_off' : 'cloud_upload') . '</span></button>
<button type="button" class="delete-event" data-event-id="' . $event['event_id'] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Delete" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">delete</span></button>
</div>
</div>
</div>
</div>
';
}
echo '</div>';
} else {
echo '<div class="no-events"><p>No events found. <a href="manage_events">Create one</a></p></div>';
}
?>
</div>
</div>
</div>
<div class="tab-content">
<?php
// Courses management content (adapted from admin_courses.php)
$courses_query = "
SELECT
course_id, course_type, date, capacity, booked, cost_members, cost_nonmembers, instructor, instructor_email, code
FROM courses
ORDER BY date DESC
";
$result = $conn->query($courses_query);
$courses = [];
if ($result && $result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$courses[] = $row;
}
}
?>
<div class="row">
<div class="col-lg-12">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 30px;">
<h2 style="margin: 0;">Manage Courses</h2>
<a href="manage_courses" class="theme-btn create-album-btn">
<i class="far fa-plus"></i> New Course
</a>
</div>
<?php if (isset($_SESSION['message'])): ?>
<div class="alert alert-warning message-box">
<?php echo $_SESSION['message']; ?>
<span class="close-btn" onclick="this.parentElement.style.display='none'">&times;</span>
</div>
<?php unset($_SESSION['message']);
endif; ?>
<?php if (count($courses) > 0): ?>
<input type="text" class="filter-input" placeholder="Filter courses...">
<div class="courses-container" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<?php foreach ($courses as $course):
$available = intval($course['capacity']) - intval($course['booked']);
$type_label = strtoupper($course['course_type']);
if ($course['course_type'] == 'driver_training') {
$type_label = 'Driver Training';
} elseif ($course['course_type'] == 'bush_mechanics') {
$type_label = 'Bush Mechanics';
} elseif ($course['course_type'] == 'rescue_recovery') {
$type_label = 'Rescue & Recovery';
} elseif ($course['course_type'] == 'ladies_driver_training') {
$type_label = 'Ladies Driver Training';
}
?>
<div class="destination-item style-three bgc-lighter booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<div class="content" style="width:100%;">
<div class="destination-header d-flex align-items-start gap-3">
<div>
<h5 class="mb-0"><?php echo $type_label; ?></h5>
<small class="text-muted"><?php echo htmlspecialchars($course['course_type']); ?> — <?php echo date('M d, Y', strtotime($course['date'])); ?></small><br>
<small class="text-muted"><?php echo $course['code'] ? 'Code: ' . htmlspecialchars($course['code']) : ''; ?></small>
</div>
</div>
<p style="margin: 10px 0;">
<strong>Instructor:</strong> <?php echo htmlspecialchars($course['instructor']); ?> (<?php echo htmlspecialchars($course['instructor_email']); ?>)<br>
<strong>Capacity:</strong> <?php echo intval($course['booked']); ?> / <?php echo intval($course['capacity']); ?> &nbsp; <strong>Available:</strong> <?php echo $available; ?><br>
<strong>Costs:</strong> Members: R <?php echo number_format($course['cost_members'],2); ?> | Non-Members: R <?php echo number_format($course['cost_nonmembers'],2); ?>
</p>
<div class="destination-footer">
<div class="btn-group" style="display:flex; justify-content:flex-end; gap:10px;">
<a href="manage_courses?course_id=<?php echo $course['course_id']; ?>" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit"><span class="material-icons">edit</span></a>
<button type="button" class="delete-course" data-course-id="<?php echo $course['course_id']; ?>" data-bs-toggle="tooltip" data-bs-placement="top" title="Delete" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">delete</span></button>
</div>
</div>
</div>
</div>
<?php endforeach; ?>
</div>
<?php else: ?>
<div class="no-courses">
<p>No courses found. <a href="manage_courses">Create one</a></p>
</div>
<?php endif; ?>
</div>
</div>
</div>
<div class="tab-content">
<?php
// Blogs management content (adapted from src/admin/admin_blogs.php)
$posts = [];
if ($conn) {
$stmt = $conn->prepare("SELECT b.blog_id, b.title, b.description, b.status, b.date, b.image, CONCAT(u.first_name, ' ', u.last_name) AS author_name, u.email AS author_email, u.profile_pic FROM blogs b JOIN users u ON b.author = u.user_id WHERE b.status = 'published' ORDER BY b.date DESC");
if ($stmt) {
$stmt->execute();
$res = $stmt->get_result();
if ($res && $res->num_rows > 0) {
while ($r = $res->fetch_assoc()) $posts[] = $r;
}
}
}
?>
<div class="row">
<div class="col-lg-12">
<div style="display:flex; justify-content:space-between; align-items:center; margin-bottom:30px;">
<h2 style="margin:0;">Manage Blogs</h2>
<a href="blog_create" class="theme-btn create-album-btn"><i class="far fa-plus"></i> New Blog</a>
</div>
<?php if (count($posts) > 0): ?>
<input type="text" class="filter-input" placeholder="Filter blogs...">
<div class="blogs-container" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<?php foreach ($posts as $post):
$coverImage = $post['image'] ? $post['image'] : 'assets/images/placeholder.jpg';
?>
<div class="destination-item style-three bgc-lighter booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<div class="image" style="width:200px;height:200px;">
<img src="<?php echo htmlspecialchars($coverImage); ?>" alt="<?php echo htmlspecialchars($post['title']); ?>">
</div>
<div class="content" style="width:100%;">
<div class="destination-header d-flex align-items-start gap-3">
<img src="<?php echo htmlspecialchars($post['profile_pic'] ?? 'assets/images/placeholder.jpg'); ?>" alt="Author" class="rounded-circle border" width="80" height="80">
<div>
<span class="badge bg-dark mb-1"><?php echo $post['status'] == 1 || $post['status'] === 'published' ? 'PUBLISHED' : 'DRAFT'; ?></span>
<h5 class="mb-0"><?php echo htmlspecialchars($post['title']); ?></h5>
<small class="text-muted"><?php echo htmlspecialchars($post['author_name']); ?></small>
</div>
</div>
<p><?php echo htmlspecialchars($post['description']); ?></p>
<div class="destination-footer">
<div class="btn-group" style="display:flex; justify-content:flex-end; gap:10px;">
<a href="blog_edit.php?token=<?php echo encryptData($post['blog_id'], $salt); ?>" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit"><span class="material-icons">edit</span></a>
<a href="blog_read.php?token=<?php echo encryptData($post['blog_id'], $salt); ?>" data-bs-toggle="tooltip" data-bs-placement="top" title="Preview"><span class="material-icons">visibility</span></a>
<button type="button" class="publish-btn" data-blog-id="<?php echo $post['blog_id']; ?>" data-status="<?php echo htmlspecialchars($post['status']); ?>" data-bs-toggle="tooltip" data-bs-placement="top" title="Publish/Unpublish" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons"><?php echo ($post['status'] == 1 || $post['status'] === 'published') ? 'cloud_off' : 'cloud_upload'; ?></span></button>
<a href="blog_delete.php?token=<?php echo encryptData($post['blog_id'], $salt); ?>" data-bs-toggle="tooltip" data-bs-placement="top" title="Delete"><span class="material-icons">delete</span></a>
</div>
</div>
</div>
</div>
<?php endforeach; ?>
</div>
<?php else: ?>
<div class="no-blogs"><p>No blogs found. <a href="manage_blogs">Create one</a></p></div>
<?php endif; ?>
</div>
</div>
<script>
document.addEventListener("DOMContentLoaded", function() {
const filterInput = document.querySelector('.filter-input');
const cards = document.querySelectorAll('.destination-item');
if (cards.length === 0 && filterInput) filterInput.style.display = "none";
else if (filterInput) {
filterInput.addEventListener('input', function() {
const filterValue = filterInput.value.trim().toLowerCase();
cards.forEach(card => {
const cardText = card.textContent.trim().toLowerCase();
card.style.display = cardText.includes(filterValue) ? "" : "none";
});
});
}
// Tooltips
const tooltipTriggerList = document.querySelectorAll('[data-bs-toggle="tooltip"]');
tooltipTriggerList.forEach(el => new bootstrap.Tooltip(el));
// Publish/unpublish
document.querySelectorAll('.publish-btn').forEach(btn => {
btn.addEventListener('click', function() {
const blogId = this.dataset.blogId;
const status = this.dataset.status;
const endpoint = (status == 1 || status === 'published') ? 'blog_unpublish' : 'publish_blog';
const formData = new FormData(); formData.append('id', blogId);
fetch(endpoint, { method: 'POST', body: formData })
.then(r => r.json())
.then(data => { if (data.status === 'success') location.reload(); else alert('Action failed'); })
.catch(()=> alert('Network error'));
});
});
});
</script>
</div>
</div>
</div>
</section>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

221
src/admin/manage_courses.php Normal file
View File

@@ -0,0 +1,221 @@
<?php
$headerStyle = 'light';
$rootPath = dirname(dirname(__DIR__));
include_once($rootPath . '/header.php');
checkAdmin();
$course_id = $_GET['course_id'] ?? null;
$course = null;
// If editing an existing course, fetch its data
if ($course_id) {
$stmt = $conn->prepare("SELECT * FROM courses WHERE course_id = ?");
$stmt->bind_param("i", $course_id);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$course = $result->fetch_assoc();
}
$stmt->close();
}
?>
<?php
$pageTitle = $course ? 'Edit Course' : 'Create New Course';
$breadcrumbs = [['Home' => 'index'], ['Admin' => 'admin_courses'], [$pageTitle => '']];
require_once($rootPath . '/components/banner.php');
?>
<!-- Course Manager Area start -->
<section class="trip-manager-area py-100 rel z-1">
<div class="container">
<div class="row">
<div class="col-lg-12">
<div class="comment-form bgc-lighter z-1 rel mb-30 rmb-55">
<form id="courseForm" method="POST" action="process_course">
<input type="hidden" name="csrf_token" value="<?php echo generateCSRFToken(); ?>">
<?php if ($course): ?>
<input type="hidden" name="course_id" value="<?php echo $course['course_id']; ?>">
<?php endif; ?>
<div class="section-title py-20">
<h2><?php echo $course ? 'Edit Course: ' . htmlspecialchars($course['code'] ?: $course['course_type']) : 'Create New Course'; ?></h2>
<div id="responseMessage"></div>
</div>
<div class="row mt-35">
<div class="col-md-6">
<div class="form-group">
<label for="course_type">Course Type *</label>
<select id="course_type" name="course_type" class="form-control" required>
<?php
$types = ['driver_training' => 'Driver Training', 'bush_mechanics' => 'Bush Mechanics', 'rescue_recovery' => 'Rescue & Recovery', 'ladies_driver_training' => 'Ladies Driver Training'];
foreach ($types as $key => $label) {
$sel = ($course && $course['course_type'] === $key) ? 'selected' : '';
echo "<option value=\"$key\" $sel>$label</option>";
}
?>
</select>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label for="code">Course Code</label>
<input type="text" id="code" name="code" class="form-control" maxlength="12" value="<?php echo $course ? htmlspecialchars($course['code']) : ''; ?>" placeholder="Optional code e.g., CRSE001" data-manual="0">
<small class="form-text text-muted">Auto-generated from type + date (you can edit manually)</small>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label for="date">Date *</label>
<input type="date" id="date" name="date" class="form-control" value="<?php echo $course ? $course['date'] : ''; ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label for="capacity">Capacity *</label>
<input type="number" id="capacity" name="capacity" class="form-control" min="1" value="<?php echo $course ? intval($course['capacity']) : ''; ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label for="cost_members">Member Cost (R) *</label>
<input type="number" id="cost_members" name="cost_members" class="form-control" step="0.01" min="0" value="<?php echo $course ? $course['cost_members'] : ''; ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label for="cost_nonmembers">Non-Member Cost (R) *</label>
<input type="number" id="cost_nonmembers" name="cost_nonmembers" class="form-control" step="0.01" min="0" value="<?php echo $course ? $course['cost_nonmembers'] : ''; ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label for="instructor">Instructor *</label>
<input type="text" id="instructor" name="instructor" class="form-control" value="<?php echo $course ? htmlspecialchars($course['instructor']) : ''; ?>" required>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label for="instructor_email">Instructor Email</label>
<input type="email" id="instructor_email" name="instructor_email" class="form-control" value="<?php echo $course ? htmlspecialchars($course['instructor_email']) : ''; ?>">
</div>
</div>
<div class="col-md-12 mt-20">
<div class="form-group mb-0">
<button type="submit" class="theme-btn style-two" style="width:100%;">
<?php echo $course ? 'Update Course' : 'Create Course'; ?>
</button>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</section>
<!-- Course Manager Area end -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script>
$(document).ready(function() {
$('#courseForm').on('submit', function(event) {
event.preventDefault();
var formData = $(this).serialize();
$.ajax({
url: 'process_course',
type: 'POST',
data: formData,
dataType: 'json',
success: function(response) {
if (response.status === 'success') {
$('#responseMessage').html('<div class="alert alert-success">' + response.message + '</div>');
setTimeout(function() {
window.location.href = 'admin_courses';
}, 1200);
} else {
$('#responseMessage').html('<div class="alert alert-danger">' + response.message + '</div>');
}
},
error: function(xhr, status, error) {
console.error('AJAX Error:', error);
$('#responseMessage').html('<div class="alert alert-danger">Error creating/updating course: ' + error + '</div>');
}
});
});
});
</script>
<script>
// Auto-generate course code from type and date: ABBREVIATION_MMDD
(function(){
var typeMap = {
'driver_training': 'DRVTRN',
'bush_mechanics': 'BUSHMEC',
'rescue_recovery': 'RESREC',
'ladies_driver_training': 'LADYTRN'
};
var $type = document.getElementById('course_type');
var $date = document.getElementById('date');
var $code = document.getElementById('code');
function getMMDDFromISO(isoDate) {
if (!isoDate) return '';
// expecting YYYY-MM-DD
var parts = isoDate.split('-');
if (parts.length !== 3) return '';
return parts[1] + parts[2];
}
function generateCode() {
try {
var manual = $code.getAttribute('data-manual') === '1';
if (manual) return; // user has manually edited
var t = $type.value;
var d = $date.value;
if (!t || !d) return;
var abbr = typeMap[t] || t.toUpperCase().replace(/[^A-Z0-9]/g,'').substring(0,7);
var mmdd = getMMDDFromISO(d);
if (!mmdd) return;
var newCode = abbr + '_' + mmdd;
$code.value = newCode;
} catch (e) {
console.error('generateCode error', e);
}
}
// mark manual when user types
$code.addEventListener('input', function(){
var val = $code.value.trim();
if (val.length === 0) {
$code.setAttribute('data-manual','0');
} else {
// if value matches auto pattern for currently selected type+date, keep as auto; otherwise mark manual
var expected = '';
try { expected = (typeMap[$type.value] || $type.value.toUpperCase().replace(/[^A-Z0-9]/g,'').substring(0,7)) + '_' + ( ($date.value) ? $date.value.split('-')[1] + $date.value.split('-')[2] : '' ); } catch(e){ expected=''; }
if (val === expected) {
$code.setAttribute('data-manual','0');
} else {
$code.setAttribute('data-manual','1');
}
}
});
$type.addEventListener('change', generateCode);
$date.addEventListener('change', generateCode);
// generate on load if empty
if ($code.value.trim().length === 0) {
generateCode();
}
})();
</script>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

207
src/api/ikhokha_webhook.php
View File

@@ -4,83 +4,106 @@ $rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . "/src/helpers/notification_helper.php");
/**
* ==========================================================
* Read raw request and headers (DO NOT MODIFY RAW BODY)
* JS-equivalent escaping (matches iKhokha docs exactly)
* ==========================================================
*/
function jsStringEscape(string $str): string
{
$str = preg_replace('/([\\\\\"\'])/', '\\\\$1', $str);
$str = str_replace("\0", "\\0", $str);
return $str;
}
function createPayloadToSign(string $path, string $body): string
{
return jsStringEscape($path . $body);
}
/**
* ==========================================================
* Read raw request body (DO NOT MODIFY)
* ==========================================================
*/
$raw = file_get_contents('php://input');
if ($raw === false) {
if ($raw === false || $raw === '') {
http_response_code(400);
progress_log('iKhokha webhook: unable to read raw input');
progress_log('iKhokha webhook: empty body');
exit('No body');
}
/**
* ==========================================================
* Read headers
* ==========================================================
*/
$headers = function_exists('getallheaders') ? getallheaders() : [];
$headers = array_change_key_case($headers, CASE_LOWER);
$ikSign = $headers['ik-sign'] ?? null;
$ikAppId = $headers['ik-appid'] ?? null;
/**
* ==========================================================
* Basic header presence check
* ==========================================================
*/
if (empty($ikSign) || empty($ikAppId)) {
if (!$ikSign || !$ikAppId) {
http_response_code(400);
progress_log('iKhokha webhook: missing IK-SIGN or IK-APPID');
progress_log('iKhokha webhook: missing headers');
exit('Missing headers');
}
/**
* ==========================================================
* Signature verification
* HMAC_SHA256( path + raw_body, app_secret )
* Signature verification (JS-equivalent)
* ==========================================================
*/
$secret = $_ENV['IKHOKHA_APP_SECRET'] ?? null;
$callbackUrl = $_ENV['IKHOKHA_CALLBACK_URL'] ?? null;
$bypass = ($_ENV['IKHOKHA_BYPASS_SIGNATURE'] ?? 'false') === 'true';
if (empty($secret)) {
if (!$secret || !$callbackUrl) {
http_response_code(500);
progress_log('iKhokha webhook: app secret not configured');
exit('Server misconfigured');
}
// Debug logging (disable once stable)
progress_log('--- iKhokha WEBHOOK DEBUG ---');
progress_log('RAW BODY: ' . $raw);
progress_log('IK-SIGN: ' . $ikSign);
$callbackUrl = $_ENV['IKHOKHA_CALLBACK_URL'] ?? null;
$bypass = ($_ENV['IKHOKHA_BYPASS_SIGNATURE'] ?? 'false') === 'true';
if (!$bypass) {
if (empty($callbackUrl)) {
http_response_code(500);
progress_log('iKhokha webhook: callback URL not configured');
exit('Server misconfigured');
// Decode body so we can remove `text`
$bodyArray = json_decode($raw, true);
if (!is_array($bodyArray)) {
http_response_code(400);
exit('Invalid JSON');
}
$expected = hash_hmac(
'sha256',
$callbackUrl . $raw,
$_ENV['IKHOKHA_APP_SECRET']
);
// iKhokha JS deletes `text`
unset($bodyArray['text']);
// JS-style JSON (no escaped slashes)
$jsonBody = json_encode($bodyArray, JSON_UNESCAPED_SLASHES);
// Now sign the SAME payload JS signs
$payloadToSign = createPayloadToSign($callbackUrl, $jsonBody);
$expected = generateSignature($payloadToSign, $secret);
progress_log('JS PAYLOAD: ' . $payloadToSign);
progress_log('EXPECTED SIGN: ' . $expected);
progress_log('RECEIVED SIGN: ' . $ikSign);
if (!$bypass) {
if (!hash_equals($expected, $ikSign)) {
http_response_code(403);
progress_log('iKhokha webhook: signature mismatch');
progress_log('EXPECTED SIGN: ' . $expected);
progress_log('RECEIVED SIGN: ' . $ikSign);
// Audit signature mismatch
if (function_exists('auditLog')) {
auditLog(null, 'IKHOKHA_SIGNATURE_MISMATCH', 'webhook', null, ['expected' => $expected, 'received' => $ikSign]);
auditLog(null, 'IKHOKHA_SIGNATURE_MISMATCH', 'webhook', null, [
'expected' => $expected,
'received' => $ikSign
]);
}
exit('Invalid signature');
}
@@ -95,20 +118,13 @@ if (!$bypass) {
* ==========================================================
*/
$payload = json_decode($raw, true);
if (!is_array($payload)) {
http_response_code(400);
progress_log('iKhokha webhook: invalid JSON');
exit('Invalid JSON');
}
$data = $payload['data'] ?? $payload;
/**
* ==========================================================
* Extract data safely (iKhokha is inconsistent)
* Extract fields safely
* ==========================================================
*/
$data = $payload['data'] ?? $payload;
$externalTransactionID =
$data['externalTransactionID']
?? $data['externalTransactionId']
@@ -127,11 +143,11 @@ $providerStatus =
progress_log('Parsed externalTransactionID: ' . $externalTransactionID);
progress_log('Parsed providerPaymentId: ' . $providerPaymentId);
progress_log('Parsed providerStatus: ' . print_r($providerStatus, true));
progress_log('Parsed providerStatus: ' . $providerStatus);
/**
* ==========================================================
* Locate local payment
* Locate payment
* ==========================================================
*/
$localPaymentId = null;
@@ -146,16 +162,13 @@ if ($externalTransactionID) {
WHERE payment_id = ?
LIMIT 1"
);
if ($stmt) {
$stmt->bind_param('s', $externalTransactionID);
$stmt->execute();
$res = $stmt->get_result();
if ($row = $res->fetch_assoc()) {
extract($row);
$localPaymentId = $row['payment_id'];
$booking_id = $row['booking_id'];
$user_id = $row['user_id'];
$description = $row['description'];
}
$stmt->close();
}
@@ -168,16 +181,13 @@ if (!$localPaymentId && $providerPaymentId) {
WHERE provider_payment_id = ?
LIMIT 1"
);
if ($stmt) {
$stmt->bind_param('s', $providerPaymentId);
$stmt->execute();
$res = $stmt->get_result();
if ($row = $res->fetch_assoc()) {
extract($row);
$localPaymentId = $row['payment_id'];
$booking_id = $row['booking_id'];
$user_id = $row['user_id'];
$description = $row['description'];
}
$stmt->close();
}
@@ -185,11 +195,6 @@ if (!$localPaymentId && $providerPaymentId) {
if (!$localPaymentId) {
http_response_code(404);
progress_log('iKhokha webhook: payment not found');
progress_log(json_encode([$externalTransactionID, $providerPaymentId]));
if (function_exists('auditLog')) {
auditLog(null, 'IKHOKHA_PAYMENT_NOT_FOUND', 'payment', null, ['externalTransactionID' => $externalTransactionID, 'providerPaymentId' => $providerPaymentId]);
}
exit('Payment not found');
}
@@ -216,72 +221,66 @@ if ($update) {
);
$update->execute();
$update->close();
if (function_exists('auditLog')) {
auditLog($user_id, 'PAYMENT_PROVIDER_RESPONSE_SAVED', 'payment', null, ['payment_id' => $localPaymentId, 'provider_payment_id' => $providerPaymentId, 'provider_status' => $providerStatus]);
}
}
/**
* ==========================================================
* Normalize status and apply business logic
* Business logic
* ==========================================================
*/
$normalized = strtoupper(trim((string)$providerStatus));
if (in_array($normalized, ['PAID', 'SUCCESS', 'COMPLETED', 'SETTLED'], true)) {
// Mark payment as PAID
$setPaid = $conn->prepare(
$conn->prepare(
"UPDATE payments SET status = 'PAID' WHERE payment_id = ?"
);
if ($setPaid) {
$setPaid->bind_param('s', $localPaymentId);
$setPaid->execute();
$setPaid->close();
if (function_exists('auditLog')) {
auditLog($user_id, 'PAYMENT_MARKED_PAID', 'payment', null, ['payment_id' => $localPaymentId]);
}
}
)->bind_param('s', $localPaymentId)->execute();
// Booking or membership update
if (!empty($booking_id)) {
$upd = $conn->prepare(
if ($booking_id) {
$conn->prepare(
"UPDATE bookings SET status = 'PAID' WHERE booking_id = ?"
);
if ($upd) {
$upd->bind_param('i', $booking_id);
$upd->execute();
$upd->close();
sendAdminNotification('4WDCSA.co.za - New Booking - '.getFullName($user_id) , 'We have received a payment for a new booking for '.$description.' from '.getFullName($user_id));
if (function_exists('auditLog')) {
auditLog($user_id, 'BOOKING_PAYMENT_MARKED_PAID', 'bookings', $booking_id, ['payment_id' => $localPaymentId]);
}
}
)->bind_param('i', $booking_id)->execute();
} else {
$upd = $conn->prepare(
"UPDATE membership_fees
SET payment_status = 'PAID'
WHERE payment_id = ?"
);
if ($upd) {
$upd->bind_param('s', $localPaymentId);
$upd->execute();
$upd->close();
sendAdminNotification('4WDCSA.co.za - Membership Payment Received - '.getFullName($user_id) , 'A Membership Payment has been received from '.getFullName($user_id));
if (function_exists('auditLog')) {
auditLog($user_id, 'MEMBERSHIP_PAYMENT_MARKED_PAID', 'membership_fees', null, ['payment_id' => $localPaymentId]);
}
}
$conn->prepare(
"UPDATE membership_fees SET payment_status = 'PAID' WHERE payment_id = ?"
)->bind_param('s', $localPaymentId)->execute();
}
// Send confirmation email
if (!empty($user_id)) {
sendPaymentConfirmation(
getEmail($user_id),
getFullName($user_id),
$description
);
}
//generate $message for admin payment confirmation with payment details
$message = "Payment Confirmation\n\n";
$message .= "Payment ID: " . $localPaymentId . "\n";
$message .= "Amount: " . getPaymentAmount($localPaymentId) . "\n";
$message .= "Status: PAID\n";
$message .= "Description: " . $description . "\n";
$message .= "Thank you.\n";
$subject = "4WDCSA.co.za Payment Confirmation for Payment ID: " . $localPaymentId;
progress_log('Payment confirmation sent for payment ID: ' . $localPaymentId);
sendEmail(
$_ENV['FINANCE_EMAIL'],
$subject,
nl2br($message)
);
sendEmail(
'chrispintoza@gmail.com',
$subject,
nl2br($message)
);
sendAdminNotification($subject, nl2br($message));
$event = 'new_payment_received';
$sub_feed = 'payments';
$data = [
'actor_id' => $_SESSION['user_id'] ?? null,
'actor_avatar' => $_SESSION['profile_pic'] ?? null, // used by UI to show avatar
'title' => "New Payment Received for Payment ID: {$localPaymentId}"
];
addNotification(null, $event, $sub_feed, $data, null);
}
/**

41
src/api/notifications.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
header('Content-Type: application/json');
// Ensure environment is loaded before attempting DB connection
require_once __DIR__ . '/../config/env.php';
require_once __DIR__ . '/../config/connection.php';
// helper filename uses singular in this repo: notification_helper.php
require_once __DIR__ . '/../helpers/notification_helper.php';
session_start();
$admin_id = $_SESSION['user_id'] ?? null;
$action = $_REQUEST['action'] ?? '';
if ($action === 'fetch') {
$subs = getAdminSubscriptions($admin_id);
$notes = fetchNotifications($admin_id, $subs, 50);
echo json_encode(['success' => true, 'notifications' => $notes, 'unread_count' => getUnreadCount($admin_id, $subs)]);
exit;
}
if ($action === 'mark_read') {
if (!$admin_id) { echo json_encode(['success' => false, 'error' => 'unauthenticated']); exit; }
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
if (!$id) { echo json_encode(['success' => false, 'error' => 'missing_id']); exit; }
$ok = markNotificationRead($id, $admin_id);
echo json_encode(['success' => (bool)$ok]);
exit;
}
if ($action === 'add') {
// internal use: create a notification
$target = isset($_POST['user_id']) ? intval($_POST['user_id']) : null;
$event = $_POST['event'] ?? '';
$sub_feed = $_POST['sub_feed'] ?? null;
$data = isset($_POST['data']) ? json_decode($_POST['data'], true) : [];
$target_url = $_POST['target_url'] ?? null;
$id = addNotification($target, $event, $sub_feed, $data, $target_url);
echo json_encode(['success' => (bool)$id, 'id' => $id]);
exit;
}
echo json_encode(['success' => false, 'error' => 'invalid_action']);

11
src/config/connection.php
View File

@@ -3,11 +3,12 @@
// Disable mysqli exceptions so we can handle connection errors gracefully
mysqli_report(MYSQLI_REPORT_OFF);
$dbhost = $_ENV['DB_HOST'];
$dbuser = $_ENV['DB_USER'];
$dbpass = $_ENV['DB_PASS'];
$dbname = $_ENV['DB_NAME'];
$salt = $_ENV['SALT'];
// Read from environment or fallback to getenv; keep empty string if not set to avoid PHP warnings
$dbhost = $_ENV['DB_HOST'] ?? getenv('DB_HOST') ?? '';
$dbuser = $_ENV['DB_USER'] ?? getenv('DB_USER') ?? '';
$dbpass = $_ENV['DB_PASS'] ?? getenv('DB_PASS') ?? '';
$dbname = $_ENV['DB_NAME'] ?? getenv('DB_NAME') ?? '';
$salt = $_ENV['SALT'] ?? getenv('SALT') ?? '';
// echo "hello. ". $dbhost;

53
src/config/functions.php
View File

@@ -858,6 +858,45 @@ function createIkhokhaPayment($payment_id, $amount, $description, $publicRef)
return $resp;
}
function getIkhokhaTransactionHistory($startDate, $endDate,)
{
// Base requester URL: prefer explicit env var, otherwise build from request
$endpoint = "https://api.ikhokha.com/public-api/v1/api/payments/history?startDate=".$startDate."&endDate=".$endDate;
// $endpoint = "https://api.ikhokha.com/public-api/v1/api/payments/history?startDate=2024-02-01&endDate=2026-03-07";
$appID = $_ENV['IKHOKHA_APP_ID'];
progress_log($appID, "IKHOKHA App ID");
$appSecret = $_ENV['IKHOKHA_APP_SECRET'];
// $stringifiedBody = json_encode($requestBody);
$payloadToSign = createPayloadToSign($endpoint, null);
progress_log($payloadToSign, "IKHOKHA Payload to Sign");
$ikSign = generateSignature($payloadToSign, $appSecret);
progress_log($ikSign, "IKHOKHA Signature");
// Initialize cURL session
$ch = curl_init($endpoint);
// Set cURL options
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
// curl_setopt($ch, CURLOPT_POSTFIELDS, $stringifiedBody);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Content-Type: application/json",
"IK-APPID: $appID",
"IK-SIGN: $ikSign"
]);
// Execute cURL session
$response = curl_exec($ch);
curl_close($ch);
// Decode and output the response
$resp = json_decode($response, true);
return $response;
}
function escapeString($str) {
$escaped = preg_replace(['/[\\"\'\"]/u', '/\x00/'], ['\\\\$0', '\\0'], (string)$str);
$cleaned = str_replace('\/', '/', $escaped);
@@ -879,6 +918,20 @@ function generateSignature($payloadToSign, $secret) {
return hash_hmac('sha256', $payloadToSign, $secret);
}
function getPaymentAmount($localPaymentId) {
$conn = openDatabaseConnection();
$stmt = $conn->prepare("SELECT amount FROM payments WHERE payment_id = ? LIMIT 1");
$stmt->bind_param("s", $localPaymentId);
$stmt->execute();
$result = $stmt->get_result();
if ($row = $result->fetch_assoc()) {
return $row['amount'];
} else {
return false; // Payment not found
}
}
function processMembershipPayment($payment_id, $amount, $description)
{
$conn = openDatabaseConnection();

151
src/helpers/notification_helper.php Normal file
View File

@@ -0,0 +1,151 @@
<?php
// Notifications helper
require_once __DIR__ . '/../config/env.php';
require_once __DIR__ . '/../config/connection.php';
require_once __DIR__ . '/../../classes/DatabaseService.php';
function addNotification($target_user_id, $event, $sub_feed = null, $data = [], $target_url = null) {
global $db, $conn;
if (!isset($db) && isset($conn)) {
$db = new DatabaseService($conn);
}
$ds = $db;
if (!$ds) {
// Try to initialize DatabaseService if connection exists
if (isset($conn) && $conn) {
$ds = new DatabaseService($conn);
} else {
// No DB available
return false;
}
}
$data_json = $data ? json_encode($data) : null;
$read_by_json = json_encode([]);
$query = "INSERT INTO notifications (user_id, event, sub_feed, data, target_url, read_by) VALUES (?,?,?,?,?,?)";
return $ds->insert($query, [$target_user_id, $event, $sub_feed, $data_json, $target_url, $read_by_json], "isssss");
}
function fetchNotifications($admin_user_id = null, $subscriptions = [], $limit = 50) {
global $db, $conn;
if (!isset($db) && isset($conn)) {
$db = new DatabaseService($conn);
}
$ds = $db;
if (!$ds) {
if (isset($conn) && $conn) {
$ds = new DatabaseService($conn);
} else {
// No DB available — return empty list to avoid fatal error
return [];
}
}
$params = [];
$types = "";
$sql = "SELECT * FROM notifications";
$where = [];
// Admin-only: fetch notifications targeted to admins (user_id IS NULL) or global, or specifically to an admin
if ($admin_user_id) {
$where[] = "(user_id IS NULL OR user_id = ?)";
$params[] = $admin_user_id;
$types .= "i";
}
if (!empty($subscriptions)) {
// build IN (...) list safely by placeholders
$placeholders = implode(',', array_fill(0, count($subscriptions), '?'));
$where[] = "(sub_feed IN ($placeholders))";
foreach ($subscriptions as $s) { $params[] = $s; $types .= "s"; }
}
if (!empty($where)) {
$sql .= " WHERE " . implode(' AND ', $where);
}
$sql .= " ORDER BY time_created DESC LIMIT ?";
$params[] = $limit; $types .= "i";
$results = $ds->select($sql, $params, $types);
if ($results === false) {
// Query error - return empty list so UI doesn't break
return [];
}
// decode data JSON and include read_by as array
$filtered = [];
foreach ($results as $r) {
$r['data'] = $r['data'] ? json_decode($r['data'], true) : null;
$r['read_by'] = $r['read_by'] ? json_decode($r['read_by'], true) : [];
if (!is_array($r['read_by'])) $r['read_by'] = [];
// If admin_user_id is provided, skip notifications this admin already read
if ($admin_user_id && in_array((int)$admin_user_id, $r['read_by'])) {
continue;
}
$filtered[] = $r;
}
return $filtered;
}
function markNotificationRead($id, $admin_user_id) {
global $conn;
if (!$id || !$admin_user_id) return false;
if (!isset($conn) || !$conn) return false;
$stmt = $conn->prepare("SELECT read_by FROM notifications WHERE id = ? LIMIT 1");
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->bind_result($read_by_json);
$found = $stmt->fetch();
$stmt->close();
if (!$found) return false;
$read_by = $read_by_json ? json_decode($read_by_json, true) : [];
if (!is_array($read_by)) $read_by = [];
if (!in_array($admin_user_id, $read_by)) {
$read_by[] = (int)$admin_user_id;
$new_json = json_encode(array_values($read_by));
$u = $conn->prepare("UPDATE notifications SET read_by = ? WHERE id = ?");
$u->bind_param("si", $new_json, $id);
$res = $u->execute();
$u->close();
return $res;
}
return true;
}
function getUnreadCount($admin_user_id, $subscriptions = []) {
global $conn;
if (!isset($conn) || !$conn) return 0;
$sql = "SELECT id, read_by, sub_feed FROM notifications";
$where = [];
$params = [];
$types = "";
if ($admin_user_id) {
$where[] = "(user_id IS NULL OR user_id = ?)"; $params[] = $admin_user_id; $types .= "i";
}
if (!empty($subscriptions)) {
$placeholders = implode(',', array_fill(0, count($subscriptions), '?'));
$where[] = "(sub_feed IN ($placeholders))";
foreach ($subscriptions as $s) { $params[] = $s; $types .= "s"; }
}
if (!empty($where)) $sql .= " WHERE " . implode(' AND ', $where);
$sql .= " ORDER BY time_created DESC";
$stmt = $conn->prepare($sql);
if ($types) {
// bind params dynamically
$refs = [];
$refs[] = &$types;
foreach ($params as $k => $v) { $refs[] = &$params[$k]; }
call_user_func_array([$stmt, 'bind_param'], $refs);
}
$stmt->execute();
$res = $stmt->get_result();
$count = 0;
while ($row = $res->fetch_assoc()) {
$read_by = $row['read_by'] ? json_decode($row['read_by'], true) : [];
if (!is_array($read_by)) $read_by = [];
if (!in_array((int)$admin_user_id, $read_by)) $count++;
}
$stmt->close();
return $count;
}
function getAdminSubscriptions($admin_user_id) {
// Placeholder: by default return empty array (all sub_feeds). Implement subscription table later.
return [];
}

2
src/logs/db_errors.log
View File

File diff suppressed because one or more lines are too long

165
src/pages/blog/admin_blogs.php
View File

@@ -1,165 +0,0 @@
<?php
$rootPath = dirname(dirname(dirname(__DIR__)));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . "/header.php");
checkAdmin();
checkUserSession();
$pageTitle = 'Manage Blog Posts';
$breadcrumbs = [['Home' => 'index']];
require_once($rootPath . '/components/banner.php');
$result = $conn->prepare("
SELECT
b.blog_id,
b.title,
b.description,
b.status,
b.date,
b.image,
CONCAT(u.first_name, ' ', u.last_name) AS author_name,
u.email AS author_email,
u.profile_pic
FROM blogs b
JOIN users u ON b.author = u.user_id
WHERE b.status = 'published'
ORDER BY b.date DESC
");
$result->execute();
$posts = $result->get_result();
?>
<style>
.image {
width: 400px;
/* Set your desired width */
height: 350px;
/* Set your desired height */
overflow: hidden;
/* Hide any overflow */
display: block;
/* Ensure proper block behavior */
}
.image img {
width: 100%;
/* Image scales to fill the container */
height: 100%;
/* Image scales to fill the container */
object-fit: cover;
/* Fills the container while maintaining aspect ratio */
object-position: top;
/* Aligns the top of the image with the top of the container */
display: block;
/* Prevents inline whitespace issues */
}
</style>
<?php
$bannerFolder = 'assets/images/banners/';
$bannerImages = glob($bannerFolder . '*.{jpg,jpeg,png,webp}', GLOB_BRACE);
?>
<!-- Blog List Area start -->
<section class="blog-list-page py-100 rel z-1">
<div class="container">
<div class="row">
<div class="col-lg-12">
<h2>Manage Blog Posts</h2>
<?php if (isset($_SESSION['message'])): ?>
<div class="alert alert-warning message-box">
<?php echo $_SESSION['message']; ?>
<span class="close-btn" onclick="this.parentElement.style.display='none'">&times;</span>
</div>
<?php unset($_SESSION['message']); ?>
<?php endif; ?>
<a href="blog_create.php">+ New Post</a>
<?php while ($post = $posts->fetch_assoc()):
// Determine cover image - use provided image or fallback placeholder
$coverImage = $post["image"] ? $post["image"] : 'assets/images/placeholder.jpg';
// Output the HTML structure with dynamic data
echo '
<div class="destination-item style-three bgc-lighter booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
<div class="image" style="width:200px;height:200px;">
<img src="' . htmlspecialchars($coverImage) . '" alt="' . htmlspecialchars($post["title"]) . '">
</div>
<div class="content" style="width:100%;">
<div class="destination-header d-flex align-items-start gap-3">
<img src="' . $post["profile_pic"] . '" alt="Author" class="rounded-circle border" width="80" height="80">
<div>
<span class="badge bg-dark mb-1">' . strtoupper($post["status"]) . '</span>
<h5 class="mb-0">' . $post["title"] . '</h5>
<small class="text-muted">' . $post["author_name"] . '</small>
</div>
</div>
<p>' . $post["description"] . '</p>
<div class="destination-footer">
<div class="btn-group" style="display:flex; justify-content:flex-end; gap:10px;">
<a href="blog_edit.php?token=' . encryptData($post["blog_id"], $salt) . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Edit"><span class="material-icons">edit</span></a>
<a href="blog_read.php?token=' . encryptData($post["blog_id"], $salt) . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Preview"><span class="material-icons">visibility</span></a>
<button type="button" class="publish-btn" data-blog-id="' . $post["blog_id"] . '" data-status="' . $post["status"] . '" data-bs-toggle="tooltip" data-bs-placement="top" title="' . ($post["status"] == "published" ? "Unpublish" : "Publish") . '" style="background:none; border:none; cursor:pointer; color:inherit;"><span class="material-icons">' . ($post["status"] == "published" ? "cloud_off" : "cloud_upload") . '</span></button>
<a href="blog_delete.php?token=' . encryptData($post["blog_id"], $salt) . '" data-bs-toggle="tooltip" data-bs-placement="top" title="Delete"><span class="material-icons">delete</span></a>
</div>
</div>
</div>
</div>
';
endwhile; ?>
</div>
</div>
</div>
</section>
<!-- Blog List Area end -->
<script>
const tooltipTriggerList = document.querySelectorAll('[data-bs-toggle="tooltip"]');
tooltipTriggerList.forEach(el => new bootstrap.Tooltip(el));
// Handle publish/unpublish button clicks
document.querySelectorAll('.publish-btn').forEach(btn => {
btn.addEventListener('click', function() {
const blogId = this.dataset.blogId;
const status = this.dataset.status;
const action = status === 'published' ? 'unpublish' : 'publish';
const endpoint = status === 'published' ? 'blog_unpublish' : 'publish_blog';
const formData = new FormData();
formData.append('id', blogId);
fetch(endpoint, {
method: 'POST',
body: formData
})
.then(response => {
if (response.ok) {
alert(action.charAt(0).toUpperCase() + action.slice(1) + ' successful!');
location.reload();
} else {
alert(action + ' failed.');
console.error('Error:', response.statusText);
}
})
.catch(err => {
console.error('Error:', err);
alert(action + ' failed due to network error.');
});
});
});
</script>
<?php include_once($rootPath . '/components/insta_footer.php'); ?>

13
src/pages/memberships/renew_membership.php
View File

@@ -6,11 +6,14 @@ include_once($rootPath . '/header.php');
$is_logged_in = isset($_SESSION['user_id']);
if (isset($_SESSION['user_id'])) {
$user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
} else {
header('Location: login.php');
exit(); // Stop further script execution
}
$full_name = getFullName($user_id);
//if membership_fees payment_status is PENDING RENEWAL, redirect to membership_details.php
$stmt = $conn->prepare("SELECT payment_status FROM membership_fees WHERE user_id = ? LIMIT 1");
$stmt->bind_param("i", $user_id);
@@ -46,6 +49,16 @@ if ($stmt->execute()) {
auditLog($user_id, 'MEMBERSHIP_RENEWAL_INITIATED', 'membership_fees', null, ['payment_id' => $payment_id, 'amount' => $payment_amount]);
}
// Send Notification
$event = 'membership_renewal_initiated';
$sub_feed = 'membership_renewal';
$data = [
'actor_id' => $_SESSION['user_id'],
'actor_avatar' => $_SESSION['profile_pic'], // used by UI to show avatar
'title' => "Membership Renewal Initiated by {$full_name}"
];
addNotification(null, $event, $sub_feed, $data, null);
$checkP = $conn->prepare("SELECT COUNT(*) AS cnt FROM payments WHERE payment_id = ? LIMIT 1");
if ($checkP) {
$checkP->bind_param('s', $payment_id);

49
src/processors/delete_course.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
ob_start();
header('Content-Type: application/json');
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . '/src/config/functions.php');
require_once($rootPath . '/src/config/connection.php');
// Check admin status
session_start();
if (empty($_SESSION['user_id'])) {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
exit;
}
$user_role = getUserRole();
if (!in_array($user_role, ['admin', 'superadmin'])) {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
exit;
}
try {
$course_id = intval($_POST['course_id'] ?? 0);
if ($course_id <= 0) {
throw new Exception('Invalid course ID');
}
$stmt = $conn->prepare("DELETE FROM courses WHERE course_id = ?");
$stmt->bind_param("i", $course_id);
if (!$stmt->execute()) {
throw new Exception('Failed to delete course: ' . $stmt->error);
}
$stmt->close();
ob_end_clean();
echo json_encode(['status' => 'success', 'message' => 'Course deleted successfully']);
} catch (Exception $e) {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
}
?>

8
src/processors/process_application.php
View File

@@ -224,6 +224,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Audit: membership application submitted
if (function_exists('auditLog')) {
auditLog($user_id, 'MEMBERSHIP_APPLICATION_SUBMITTED', 'membership_application', null, ['payment_id' => $payment_id, 'amount' => $payment_amount ?? null]);
$event = 'new_application_submitted';
$sub_feed = 'membership_applications';
$data = [
'actor_id' => $_SESSION['user_id'],
'actor_avatar' => $_SESSION['profile_pic'], // used by UI to show avatar
'title' => "New Membership Application from {$first_name} {$last_name}"
];
addNotification(null, $event, $sub_feed, $data, null);
}
header("Location: indemnity");
// Success message

9
src/processors/process_booking.php
View File

@@ -3,6 +3,7 @@ $rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . "/src/helpers/notification_helper.php");
// Start session to retrieve the logged-in user's ID
session_start();
@@ -84,6 +85,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (function_exists('auditLog')) {
auditLog($user_id, 'BOOKING_CREATED', 'bookings', $booking_id, ['total_amount' => $total_amount, 'from' => $from_date, 'to' => $to_date]);
}
$event = 'new_booking_created';
$sub_feed = 'bookings';
$data = [
'actor_id' => $_SESSION['user_id'] ?? null,
'actor_avatar' => $_SESSION['profile_pic'] ?? null, // used by UI to show avatar
'title' => "New Booking Created with Booking ID: {$booking_id}"
];
addNotification(null, $event, $sub_feed, $data, null);
// Redirect to success page or display success message
echo "<script>alert('Booking successfully created!'); window.location.href = 'booking.php';</script>";
} else {

100
src/processors/process_course.php Normal file
View File

@@ -0,0 +1,100 @@
<?php
ob_start();
header('Content-Type: application/json');
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . '/src/config/functions.php');
require_once($rootPath . '/src/config/connection.php');
// Check admin status
session_start();
if (empty($_SESSION['user_id'])) {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
exit;
}
$user_role = getUserRole();
if (!in_array($user_role, ['admin', 'superadmin'])) {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Unauthorized access']);
exit;
}
try {
$course_id = $_POST['course_id'] ?? null;
$course_type = trim($_POST['course_type'] ?? '');
$code = trim($_POST['code'] ?? '');
$date = trim($_POST['date'] ?? '');
$capacity = intval($_POST['capacity'] ?? 0);
$cost_members = floatval($_POST['cost_members'] ?? 0);
$cost_nonmembers = floatval($_POST['cost_nonmembers'] ?? 0);
$instructor = trim($_POST['instructor'] ?? '');
$instructor_email = trim($_POST['instructor_email'] ?? '');
$allowed_types = ['driver_training','bush_mechanics','rescue_recovery','ladies_driver_training'];
if (!in_array($course_type, $allowed_types)) {
throw new Exception('Invalid course type');
}
if (empty($date) || !preg_match('/^\d{4}-\d{2}-\d{2}$/', $date)) {
throw new Exception('Invalid date format');
}
// If code not provided, generate from type + date using ABBR_MMDD format
if (empty($code)) {
$abbrMap = [
'driver_training' => 'DRVTRN',
'bush_mechanics' => 'BUSHMEC',
'rescue_recovery' => 'RESREC',
'ladies_driver_training' => 'LADYTRN'
];
$abbr = $abbrMap[$course_type] ?? strtoupper(preg_replace('/[^A-Z0-9]/', '', $course_type));
// ensure abbr fits (reserve 1 char for underscore and 4 for MMDD)
$abbr = substr($abbr, 0, 7);
$mmdd = date('md', strtotime($date));
$code = strtoupper(substr($abbr . '_' . $mmdd, 0, 12));
}
if ($capacity <= 0) {
throw new Exception('Capacity must be greater than 0');
}
if (empty($instructor)) {
throw new Exception('Instructor name is required');
}
if ($course_id) {
// Update
$stmt = $conn->prepare("UPDATE courses SET course_type = ?, code = ?, date = ?, capacity = ?, cost_members = ?, cost_nonmembers = ?, instructor = ?, instructor_email = ? WHERE course_id = ?");
$stmt->bind_param("sssiddssi", $course_type, $code, $date, $capacity, $cost_members, $cost_nonmembers, $instructor, $instructor_email, $course_id);
if (!$stmt->execute()) {
throw new Exception('Failed to update course: ' . $stmt->error);
}
$stmt->close();
} else {
// Insert - booked defaults to 0
$stmt = $conn->prepare("INSERT INTO courses (course_type, code, date, capacity, booked, cost_members, cost_nonmembers, instructor, instructor_email) VALUES (?, ?, ?, ?, 0, ?, ?, ?, ?)");
$stmt->bind_param("sssiddss", $course_type, $code, $date, $capacity, $cost_members, $cost_nonmembers, $instructor, $instructor_email);
if (!$stmt->execute()) {
throw new Exception('Failed to create course: ' . $stmt->error);
}
$course_id = $conn->insert_id;
$stmt->close();
}
ob_end_clean();
echo json_encode(['status' => 'success', 'message' => $course_id ? 'Course saved successfully' : 'Course created successfully', 'course_id' => $course_id]);
} catch (Exception $e) {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => $e->getMessage()]);
}
?>

10
src/processors/process_course_booking.php
View File

@@ -3,6 +3,7 @@ $rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . "/src/helpers/notification_helper.php");
session_start();
@@ -122,6 +123,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (function_exists('auditLog')) {
auditLog($user_id, 'COURSE_BOOKING_CREATED', 'bookings', $booking_id, ['course_id' => $course_id, 'payment_id' => $payment_id, 'amount' => $payment_amount]);
}
$event = 'new_course_booking_created';
$sub_feed = 'bookings';
$data = [
'actor_id' => $_SESSION['user_id'] ?? null,
'actor_avatar' => $_SESSION['profile_pic'] ?? null, // used by UI to show avatar
'title' => "New Course Booking Created : {$payment_id}"
];
addNotification(null, $event, $sub_feed, $data, null);
if ($payment_amount < 1) {
if (processZeroPayment($payment_id, $payment_amount, $description)) {
@@ -143,7 +152,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$resp = createIkhokhaPayment($payment_id, $payment_amount, $description, $publicRef);
// Send invoice and admin notification (keep for records)
// sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
sendAdminNotification('New Course Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description);
// Redirect user to payment link if available

12
src/processors/process_trip_booking.php
View File

@@ -3,6 +3,7 @@ $rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . "/src/helpers/notification_helper.php");
session_start();
// Get the trip_id from the request (ensure it's sanitized)
@@ -131,6 +132,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
auditLog($user_id, 'TRIP_BOOKING_CREATED', 'bookings', $booking_id, ['trip_id' => $trip_id, 'payment_id' => $payment_id, 'amount' => $payment_amount]);
}
// Create notification for new booking
$event = 'new_trip_booking_created';
$sub_feed = 'bookings';
$data = [
'actor_id' => $_SESSION['user_id'] ?? null,
'actor_avatar' => $_SESSION['profile_pic'] ?? null, // used by UI to show avatar
'title' => "New Trip Booking Created: {$payment_id}"
];
addNotification(null, $event, $sub_feed, $data, null);
if ($payment_amount < 1) {
if (processZeroPayment($payment_id, $payment_amount, $description)) {
echo "<script>alert('Booking successfully created!'); window.location.href = 'bookings.php';</script>";
@@ -151,7 +162,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$resp = createIkhokhaPayment($payment_id, $payment_amount, $description, $publicRef);
// Send invoice and admin notification
// sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
sendAdminNotification('New Trip Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description);
// Redirect to payment link if available

41
test.php
View File

@@ -1,41 +0,0 @@
<?php
require_once("./src/config/env.php");
/**
* EXACT escape function from iKhokha docs
*/
function escapeString($str) {
$escaped = preg_replace(
['/[\\"\'\"]/u', '/\x00/'],
['\\\\$0', '\\0'],
(string)$str
);
$cleaned = str_replace('\/', '/', $escaped);
return $cleaned;
}
$callbackUrl = $_ENV['IKHOKHA_CALLBACK_URL'] ?? null;
$path = '/src/api/ikhokha_webhook.php';
$secret = $_ENV['IKHOKHA_APP_SECRET'] ?? null;
// Simulated raw webhook body (EXACT, no whitespace changes)
$raw = '{"paylinkID":"ys5225k4z56x0mm","status":"SUCCESS","externalTransactionID":"693efeaca71a9","responseCode":"00","text":null}';
echo "<strong>IK-SIGN FROM WEBHOOK:</strong><br>";
echo "bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557<br><br>";
$payloadToSign = $path . $raw;
// Generate signature using hash_hmac directly on the constructed string
$expected = hash_hmac('sha256', $payloadToSign, $secret);
// --- Output debug info (UPDATED) ---
echo "<strong>DEBUG INFO</strong><br>";
echo "Callback URL: $callbackUrl<br><br>";
echo "<strong>Payload to Sign (Un-escaped):</strong><br>";
echo htmlspecialchars($payloadToSign) . "<br><br>";
echo "<strong>EXPECTED SIGNATURE:</strong><br>";
echo $expected . "<br>";

41
validate_login.php
View File

@@ -5,6 +5,8 @@ require_once($rootPath . "/src/config/session.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . '/google-client/vendor/autoload.php'); // Add this line for Google Client
require_once($rootPath . "/src/helpers/notification_helper.php");
// Check if connection is established
if (!$conn) {
@@ -37,6 +39,8 @@ if (isset($_GET['code'])) {
$last_name = $google_account_info->family_name;
$picture = $google_account_info->picture;
// Check if the user exists in the database
$query = "SELECT * FROM users WHERE email = ?";
$stmt = $conn->prepare($query);
@@ -53,12 +57,20 @@ if (isset($_GET['code'])) {
$stmt->bind_param("sssssi", $email, $first_name, $last_name, $picture, $password, $is_verified);
if ($stmt->execute()) {
// User successfully registered, set session and redirect
sendEmail('chrispintoza@gmail.com', '4WDCSA: New User Login', $name.' has just created an account using Google Login.');
$_SESSION['user_id'] = $conn->insert_id;
$_SESSION['first_name'] = $first_name;
$_SESSION['profile_pic'] = $picture;
processLegacyMembership($_SESSION['user_id']);
// echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
// Send Notification
$event = 'user_login';
$sub_feed = 'logins';
$data = [
'actor_id' => $conn->insert_id,
'actor_avatar' => $picture, // used by UI to show avatar
'title' => "User Login by {$first_name} {$last_name}"
];
addNotification(null, $event, $sub_feed, $data, null);
header("Location: index.php");
exit();
} else {
@@ -72,8 +84,17 @@ if (isset($_GET['code'])) {
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['profile_pic'] = $row['profile_pic'];
sendEmail('chrispintoza@gmail.com', '4WDCSA: New User Login', $name.' has just logged in using Google Login.');
// echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
// Send Notification
$event = 'user_login';
$sub_feed = 'logins';
$data = [
'actor_id' => $_SESSION['user_id'],
'actor_avatar' => $_SESSION['profile_pic'], // used by UI to show avatar
'title' => "User Login by {$first_name} {$last_name}"
];
addNotification(null, $event, $sub_feed, $data, null);
header("Location: index.php");
exit();
}
@@ -182,6 +203,16 @@ if (isset($_POST['email']) && isset($_POST['password'])) {
$_SESSION['login_time'] = time();
$_SESSION['session_timeout'] = 1800; // 30 minutes in seconds
// Send Notification
$event = 'user_login';
$sub_feed = 'logins';
$data = [
'actor_id' => $_SESSION['user_id'],
'actor_avatar' => $_SESSION['profile_pic'], // used by UI to show avatar
'title' => "User Login by {$first_name} {$last_name}"
];
addNotification(null, $event, $sub_feed, $data, null);
auditLog($row['user_id'], 'LOGIN_SUCCESS', 'users', $row['user_id']);
echo json_encode(['status' => 'success', 'message' => 'Successful Login']);
} else {