TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ebd7efe21c8dae9a243e85f0e03c76d1cef31ea4
4WDCSA.co.za/src/processors/process_booking.php
twotalesanimation 0e6ecd127f post auditlog implementation for bookings and payments
2025-12-15 10:52:09 +02:00

101 lines
3.9 KiB
PHP
Raw Blame History

<?php
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
// Start session to retrieve the logged-in user's ID
session_start();
// Get user ID from session (assuming user is logged in)
$user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
// Check if the form has been submitted
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
auditLog($user_id, 'CSRF_VALIDATION_FAILED', 'bookings', null, ['endpoint' => 'process_booking.php']);
echo json_encode(['status' => 'error', 'message' => 'Security token validation failed. Please try again.']);
exit();
}
// Validate dates and integers
$from_date = validateDate($_POST['from_date'] ?? '');
if ($from_date === false) {
echo json_encode(['status' => 'error', 'message' => 'Invalid from date format.']);
exit();
}
$to_date = validateDate($_POST['to_date'] ?? '');
if ($to_date === false) {
echo json_encode(['status' => 'error', 'message' => 'Invalid to date format.']);
exit();
}
$num_vehicles = validateInteger($_POST['vehicles'] ?? 0, 1, 10);
if ($num_vehicles === false) {
echo json_encode(['status' => 'error', 'message' => 'Invalid number of vehicles.']);
exit();
}
$num_adults = validateInteger($_POST['adults'] ?? 0, 0, 20);
if ($num_adults === false) {
echo json_encode(['status' => 'error', 'message' => 'Invalid number of adults.']);
exit();
}
$num_children = validateInteger($_POST['children'] ?? 0, 0, 20);
if ($num_children === false) {
echo json_encode(['status' => 'error', 'message' => 'Invalid number of children.']);
exit();
}
// Get values from the form
$add_firewood = isset($_POST['AddExtra']) ? 1 : 0; // Checkbox for extras
$is_member = isset($_POST['is_member']) ? (int)$_POST['is_member'] : 0; // Hidden member status
$type = "camping";
// Calculate the total number of nights
$date1 = new DateTime($from_date);
$date2 = new DateTime($to_date);
$nights = $date2->diff($date1)->days;
// Determine rate per night
$rate_per_night = ($is_member) ? 0 : 200; // Free for members, R200 for non-members
// Calculate the total cost
$vehicle_cost = $rate_per_night * $num_vehicles * $nights;
$firewood_cost = $add_firewood ? 50 : 0;
$total_amount = $vehicle_cost + $firewood_cost;
// Calculate discount if the user is a member
$discount_amount = ($is_member) ? $vehicle_cost : 0;
// Insert booking into the database
$sql = "INSERT INTO bookings (booking_type, user_id, from_date, to_date, num_vehicles, num_adults, num_children, add_firewood, total_amount, discount_amount)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param('sissiiiidd', $type, $user_id, $from_date, $to_date, $num_vehicles, $num_adults, $num_children, $add_firewood, $total_amount, $discount_amount);
if ($stmt->execute()) {
// Get booking id and audit
$booking_id = $conn->insert_id;
if (function_exists('auditLog')) {
auditLog($user_id, 'BOOKING_CREATED', 'bookings', $booking_id, ['total_amount' => $total_amount, 'from' => $from_date, 'to' => $to_date]);
}
// Redirect to success page or display success message
echo "<script>alert('Booking successfully created!'); window.location.href = 'booking.php';</script>";
} else {
// Handle error if insert fails
echo "<script>alert('Error processing booking. Please try again later.');</script>";
}
$stmt->close();
$conn->close();
} else {
echo "Invalid request.";
}
?>
Reference in New Issue View Git Blame Copy Permalink