85 lines
3.1 KiB
PHP
85 lines
3.1 KiB
PHP
<?php
|
|
ob_start(); // Start output buffering
|
|
session_start();
|
|
|
|
// Set JSON response header BEFORE any other output
|
|
header('Content-Type: application/json');
|
|
|
|
$rootPath = dirname(dirname(__DIR__));
|
|
require_once($rootPath . "/src/config/env.php");
|
|
require_once($rootPath . "/src/config/session.php");
|
|
require_once($rootPath . "/src/config/connection.php");
|
|
require_once($rootPath . "/src/config/functions.php");
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
ob_end_clean();
|
|
die(json_encode(['status' => 'error', 'message' => 'User not logged in']));
|
|
}
|
|
|
|
if (isset($_POST['signature'])) {
|
|
// CSRF Token Validation
|
|
// if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
|
|
// auditLog($_SESSION['user_id'], 'CSRF_VALIDATION_FAILED', 'membership_application', null, ['endpoint' => 'process_signature.php']);
|
|
// die(json_encode(['status' => 'error', 'message' => 'Security token validation failed']));
|
|
// }
|
|
|
|
$user_id = $_SESSION['user_id']; // Get the user ID from the session
|
|
$signature = $_POST['signature']; // Base64 image data
|
|
|
|
// Decode the base64 image
|
|
$signature = str_replace('data:image/png;base64,', '', $signature);
|
|
$signature = str_replace(' ', '+', $signature);
|
|
$signatureData = base64_decode($signature);
|
|
|
|
// Create a file path for the signature image
|
|
$fileName = 'signature_' . $user_id . '.png';
|
|
$filePath = $rootPath . '/uploads/signatures/' . $fileName;
|
|
|
|
// Ensure the directory exists
|
|
if (!file_exists($rootPath . '/uploads/signatures')) {
|
|
mkdir($rootPath . '/uploads/signatures', 0777, true);
|
|
}
|
|
|
|
// Save the image file
|
|
if (file_put_contents($filePath, $signatureData)) {
|
|
// Update the database
|
|
|
|
if ($conn->connect_error) {
|
|
die(json_encode(['status' => 'error', 'message' => 'Database connection failed']));
|
|
}
|
|
|
|
// Store relative path for HTML display
|
|
$display_path = '/uploads/signatures/' . $fileName;
|
|
|
|
// Update the signature and indemnity acceptance in the membership application table
|
|
$stmt = $conn->prepare("UPDATE membership_application SET sig = ?, accept_indemnity = 1 WHERE user_id = ?");
|
|
$stmt->bind_param('si', $display_path, $user_id);
|
|
|
|
if ($stmt->execute()) {
|
|
// Check the payment status
|
|
$paymentStatus = checkMembershipPaymentStatus($user_id) ? 'PAID' : 'NOT_PAID';
|
|
|
|
// Respond with the appropriate redirect URL based on the payment status
|
|
ob_end_clean();
|
|
echo json_encode([
|
|
'status' => 'success',
|
|
'message' => 'Signature saved successfully!',
|
|
'paymentStatus' => $paymentStatus // Send payment status
|
|
]);
|
|
} else {
|
|
ob_end_clean();
|
|
echo json_encode(['status' => 'error', 'message' => 'Database update failed']);
|
|
}
|
|
|
|
$stmt->close();
|
|
$conn->close();
|
|
} else {
|
|
ob_end_clean();
|
|
echo json_encode(['status' => 'error', 'message' => 'Failed to save signature']);
|
|
}
|
|
} else {
|
|
ob_end_clean();
|
|
echo json_encode(['status' => 'error', 'message' => 'Signature not provided']);
|
|
}
|
|
|