alert('User is not logged in. Please log in to make a booking.'); window.location.href = 'login.php';"; exit(); } $is_member = getUserMemberStatus($user_id); // Check if the form has been submitted if ($_SERVER['REQUEST_METHOD'] === 'POST') { // CSRF Token Validation if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) { auditLog($user_id, 'CSRF_VALIDATION_FAILED', 'bookings', null, ['endpoint' => 'process_camp_booking.php']); echo json_encode(['status' => 'error', 'message' => 'Security token validation failed. Please try again.']); exit(); } // Validate dates and integers $from_date = validateDate($_POST['from_date'] ?? ''); if ($from_date === false) { echo json_encode(['status' => 'error', 'message' => 'Invalid from date format.']); exit(); } $to_date = validateDate($_POST['to_date'] ?? ''); if ($to_date === false) { echo json_encode(['status' => 'error', 'message' => 'Invalid to date format.']); exit(); } $num_vehicles = validateInteger($_POST['vehicles'] ?? 1, 1, 10); if ($num_vehicles === false) { echo json_encode(['status' => 'error', 'message' => 'Invalid number of vehicles.']); exit(); } $num_adults = validateInteger($_POST['adults'] ?? 0, 0, 20); if ($num_adults === false) { echo json_encode(['status' => 'error', 'message' => 'Invalid number of adults.']); exit(); } $num_children = validateInteger($_POST['children'] ?? 0, 0, 20); if ($num_children === false) { echo json_encode(['status' => 'error', 'message' => 'Invalid number of children.']); exit(); } // Get values from the form $add_firewood = isset($_POST['AddExtra']) ? 1 : 0; // Checkbox for extras // $is_member = isset($_POST['is_member']) ? (int)$_POST['is_member'] : 0; // Hidden member status $type = "camping"; // Calculate the total number of nights $date1 = new DateTime($from_date); $date2 = new DateTime($to_date); $nights = $date2->diff($date1)->days; // Validate date range if ($nights <= 0) { echo ""; exit(); } // Determine rate per night $rate_per_night = 200; // Free for members, R200 for non-members // Calculate the total cost $vehicle_cost = $rate_per_night * $num_vehicles * $nights; $total_discount = $is_member ? $vehicle_cost : 0; $firewood_cost = $add_firewood ? 50 : 0; $total_amount = $vehicle_cost + $firewood_cost; $payment_amount = $total_amount - $total_discount; $status = "AWAITING PAYMENT"; $description = "BASE4 Camping"; $payment_id = uniqid(); $eft_id = strtoupper($trip_code." ".getLastName($user_id)); // Insert booking into the database $sql = "INSERT INTO bookings (booking_type, user_id, from_date, to_date, num_vehicles, num_adults, num_children, add_firewood, total_amount, discount_amount, status, payment_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; $stmt = $conn->prepare($sql); $stmt->bind_param('sissiiiiddss', $type, $user_id, $from_date, $to_date, $num_vehicles, $num_adults, $num_children, $add_firewood, $total_amount, $total_discount, $status, $payment_id); if ($stmt->execute()) { $booking_id = $conn->insert_id; if ($payment_amount < 1) { if (processZeroPayment($payment_id, $payment_amount, $description)) { echo ""; } else { $error_message = $stmt->error; echo "Error processing booking: $error_message"; } } else { addEFT($eft_id, $booking_id, $user_id, $status, $payment_amount, $description); header("Location: payment_confirmation.php?booking_id=".$booking_id); exit(); // Ensure no further code is executed after the redirect } } else { // Handle error if insert fails and echo the MySQL error $error_message = $stmt->error; echo "Error processing booking: $error_message"; } // if ($stmt->execute()) { // if ($payment_amount < 1) { // if (processZeroPayment($payment_id, $payment_amount, $description)) { // echo ""; // } else { // $error_message = $stmt->error; // echo "Error processing booking: $error_message"; // } // } else { // if (processPayment($payment_id, $payment_amount, $description)) { // echo ""; // } else { // $error_message = $stmt->error; // echo "Error processing booking: $error_message"; // } // } // } else { // // Handle error if insert fails and echo the MySQL error // $error_message = $stmt->error; // echo "Error processing booking: $error_message"; // } $stmt->close(); $conn->close(); } else { echo "Invalid request."; }