pokeloken

Back Back Up Normal Editor

<?php session_start(); // Start the session // Enable output buffering ob_start(); // Enable error reporting for debugging error_reporting(E_ALL); ini_set('display_errors', 1); // Database connection $conn = new mysqli("server329", "leadltht_prazey1982", "prazey1982123456", "leadltht_fastlinkinternet"); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } // Initialize response message $response_message = ''; // Generate a form token to prevent CSRF if (!isset($_SESSION['form_token'])) { $_SESSION['form_token'] = bin2hex(random_bytes(32)); } // Handle Add Payment Proof if (isset($_POST['submit'])) { // Check the form token if (!isset($_POST['token']) || $_POST['token'] !== $_SESSION['form_token']) { die("Token is not set. Please reload the page."); } $payment_date = $_POST['payment_date']; $receipt_number = $_POST['receipt_number']; $payment_method = $_POST['payment_method']; $client_name = isset($_SESSION['userdata']['firstname']) && isset($_SESSION['userdata']['lastname']) ? htmlspecialchars($_SESSION['userdata']['firstname'] . ' ' . $_SESSION['userdata']['lastname']) : ''; $amount_paid = $_POST['amount_paid']; $note = isset($_POST['note']) ? $_POST['note'] : ''; $collected_by = $client_name; // Set the collected_by field to the client's name $sql = "INSERT INTO pop (PaymentDate, ReceiptNumber, PaymentMethod, ClientName, AmountReceived, Note, created_at, collected_by) VALUES ('$payment_date', '$receipt_number', '$payment_method', '$client_name', '$amount_paid', '$note', NOW(), '$collected_by')"; if ($conn->query($sql) === TRUE) { $response_message = "Payment proof has been saved. WARNING: DO NOT REFRESH THIS PAGE TO AVOID DUPLICATE ENTRIES!"; echo "<script>alert('$response_message'); window.location.href = 'https://fastlinkinternet.com/administrator/data-provider/admin/?page=home';</script>"; } else { $response_message = "Something went wrong. Please try again. Error: " . $conn->error; echo "<script>alert('$response_message');</script>"; } } // Display the response message if present if (isset($response_message) && $response_message !== '') { echo "<script>alert('$response_message');</script>"; } ?> <!DOCTYPE html> <html lang="en"> <head> <title>Send Proof of Payment</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"> </head> <body> <div class="container mt-5"> <h2 class="mb-4">Already paid? Send your proof of payment to us:</h2> <div class="card mb-4"> <div class="card-header">Proof of Payment</div> <div class="card-body"> <form method="post" action=""> <input type="hidden" name="token" value="<?php echo $_SESSION['form_token']; ?>"> <div class="form-group"> <label for="client_name">Client Name<span>*</span> WARNING: If you don't see your name automatically written below, click first your STATEMENT OF ACCOUNT and go back to this page.</label> <input type="text" class="form-control" name="client_name" required value="<?php echo isset($_SESSION['userdata']['firstname']) && isset($_SESSION['userdata']['lastname']) ? htmlspecialchars($_SESSION['userdata']['firstname'] . ' ' . $_SESSION['userdata']['lastname']) : ''; ?>" readonly> </div> <div class="form-group"> <label for="payment_date">Payment Date<span>*</span></label> <input type="date" class="form-control" name="payment_date" required> </div> <div class="form-group"> <label for="receipt_number">Receipt Number<span>*</span></label> <input type="text" class="form-control" name="receipt_number" required> </div> <div class="form-group"> <label for="payment_method">Payment Method<span>*</span></label> <select class="form-control" name="payment_method" required> <option value="">Select Payment Method</option> <option value="BANK">BANK</option> <option value="G-CASH">G-CASH</option> <option value="OTHERS">OTHERS</option> </select> </div> <div class="form-group"> <label for="amount_paid">Amount Paid<span>*</span></label> <input type="number" class="form-control" name="amount_paid" required> </div> <div class="form-group"> <label for="note">Note</label> <textarea name="note" id="note" class="form-control form-control-sm rounded-0"></textarea> </div> <input type="submit" name="submit" class="btn btn-primary" value="Save"> <a href="index.php" class="btn btn-secondary">Cancel</a> </form> </div> </div> </div> <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script> <script src="https://stackpath.bootstrap.com/bootstrap/4.3.1/js/bootstrap.min.js"></script> </body> </html> <?php // End output buffering and flush output ob_end_flush(); $conn->close(); ?>