alert('User is not logged in. Please log in to make a booking.'); window.location.href = 'login.php';"; exit(); } $is_member = getUserMemberStatus($user_id); // Check if the form has been submitted if ($_SERVER['REQUEST_METHOD'] === 'POST') { // CSRF Token Validation if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) { auditLog($user_id, 'CSRF_VALIDATION_FAILED', 'bookings', null, ['endpoint' => 'process_trip_booking.php']); http_response_code(403); header('Content-Type: application/json'); echo json_encode(['error' => 'Security token validation failed.']); exit(); } // Input variables from the form (use default values if not provided) $num_vehicles = validateInteger($_POST['vehicles'] ?? 1, 1, 10); if ($num_vehicles === false) $num_vehicles = 1; $num_adults = validateInteger($_POST['adults'] ?? 1, 1, 20); if ($num_adults === false) $num_adults = 1; $num_children = validateInteger($_POST['children'] ?? 0, 0, 20); if ($num_children === false) $num_children = 0; $num_pensioners = validateInteger($_POST['pensioners'] ?? 0, 0, 20); if ($num_pensioners === false) $num_pensioners = 0; // Fetch trip costs from the database $query = "SELECT trip_name, cost_members, cost_nonmembers, cost_pensioner_member, cost_pensioner, booking_fee, start_date, end_date, trip_code FROM trips WHERE trip_id = ?"; $stmt = $conn->prepare($query); $stmt->bind_param('i', $trip_id); $stmt->execute(); $result = $stmt->get_result(); // Check if trip exists if ($result->num_rows === 0) { $response = ['error' => 'Trip not found.']; header('Content-Type: application/json'); echo json_encode($response); exit(); } // Fetch trip details $trip = $result->fetch_assoc(); $trip_code = $trip['trip_code']; $trip_name = $trip['trip_name']; $cost_members = intval($trip['cost_members']); $cost_nonmembers = intval($trip['cost_nonmembers']); $cost_pensioner_member = intval($trip['cost_pensioner_member']); $cost_pensioner = intval($trip['cost_pensioner']); $member_discount = $cost_nonmembers - $cost_members; $member_discount_pensioner = $cost_pensioner - $cost_pensioner_member; $booking_fee = $trip['booking_fee']; $radioCost = $radio ? 50 : 0; $start_date = $trip['start_date']; // Start date of the trip $end_date = $trip['end_date']; // End date of the trip // Assume the membership status is determined elsewhere $is_member = getUserMemberStatus($user_id); // Initialize total and discount amount $total = 0; $discountAmount = 0; // Calculate total based on membership if ($is_member) { $total = (($num_adults + $num_children) * $cost_nonmembers) + ($num_pensioners * $cost_pensioner) + $radioCost + ($num_vehicles * $booking_fee); $discountAmount = (($num_adults + $num_children) * $member_discount) + ($num_pensioners * $member_discount_pensioner ); $payment_amount = $total - $discountAmount; } else { $total = (($num_adults + $num_children) * $cost_nonmembers) + ($num_pensioners * $cost_pensioner) + $radioCost + ($num_vehicles * $booking_fee); $payment_amount = $total; } $status = "AWAITING PAYMENT"; $description = $trip_name; $type = 'trip'; $payment_id = uniqid(); // $eft_id = strtoupper(base_convert(time(), 10, 36)); // Convert timestamp to base36 $eft_id = strtoupper($trip_code." ".getInitialSurname($user_id)); // Insert booking into the database $sql = "INSERT INTO bookings (booking_type, user_id, from_date, to_date, num_vehicles, num_adults, num_children, total_amount, discount_amount, status, payment_id, trip_id, radio, eft_id, num_pensioners) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; $stmt = $conn->prepare($sql); if (!$stmt) { die("Preparation failed: " . $conn->error); } $stmt->bind_param('sissiiiddssiisi', $type, $user_id, $start_date, $end_date, $num_vehicles, $num_adults, $num_children, $total, $discountAmount, $status, $payment_id, $trip_id, $radio, $eft_id, $num_pensioners); if ($stmt->execute()) { // Get the generated booking_id $booking_id = $conn->insert_id; if ($payment_amount < 1) { if (processZeroPayment($payment_id, $payment_amount, $description)) { echo ""; } else { $error_message = $stmt->error; echo "Error processing booking: $error_message"; } } else { addEFT($eft_id, $booking_id, $user_id, $status, $payment_amount, $description); sendAdminNotification('New Trip Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description); header("Location: payment_confirmation.php?token=".encryptData($booking_id, $salt)); exit(); // Ensure no further code is executed after the redirect } } else { // Handle error if insert fails and echo the MySQL error $error_message = $stmt->error; echo "Error processing booking: $error_message"; } // if ($stmt->execute()) { // if ($payment_amount < 1) { // if (processZeroPayment($payment_id, $payment_amount, $description)) { // echo ""; // } else { // $error_message = $stmt->error; // echo "Error processing booking: $error_message"; // } // } else { // if (processPayment($payment_id, $payment_amount, $description)) { // echo ""; // } else { // $error_message = $stmt->error; // echo "Error processing booking: $error_message"; // } // } // } else { // // Handle error if insert fails and echo the MySQL error // $error_message = $stmt->error; // echo "Error processing booking: $error_message"; // } $stmt->close(); $conn->close(); } else { echo "Invalid request."; }