File "send_pop.php"

Full Path: /home/leadltht/fastlinkinternet.com/administrator/data-provider/admin/send_pop.php
File size: 5.53 KB
MIME-type: text/x-php
Charset: utf-8

<?php
session_start();  // Start the session

// Enable output buffering
ob_start();

// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Database connection
$conn = new mysqli("server329", "leadltht_prazey1982", "prazey1982123456", "leadltht_fastlinkinternet");

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Initialize response message
$response_message = '';

// Generate a form token to prevent CSRF
if (!isset($_SESSION['form_token'])) {
    $_SESSION['form_token'] = bin2hex(random_bytes(32));
}

// Handle Add Payment Proof
if (isset($_POST['submit'])) {
    // Check the form token
    if (!isset($_POST['token']) || $_POST['token'] !== $_SESSION['form_token']) {
        die("Token is not set. Please reload the page.");
    }

    $payment_date = $_POST['payment_date'];
    $receipt_number = $_POST['receipt_number'];
    $payment_method = $_POST['payment_method'];
    $client_name = isset($_SESSION['userdata']['firstname']) && isset($_SESSION['userdata']['lastname']) 
        ? htmlspecialchars($_SESSION['userdata']['firstname'] . ' ' . $_SESSION['userdata']['lastname']) 
        : '';
    $amount_paid = $_POST['amount_paid'];
    $note = isset($_POST['note']) ? $_POST['note'] : '';
    $collected_by = $client_name; // Set the collected_by field to the client's name

    $sql = "INSERT INTO pop (PaymentDate, ReceiptNumber, PaymentMethod, ClientName, AmountReceived, Note, created_at, collected_by) VALUES ('$payment_date', '$receipt_number', '$payment_method', '$client_name', '$amount_paid', '$note', NOW(), '$collected_by')";

    if ($conn->query($sql) === TRUE) {
        $response_message = "Payment proof has been saved. WARNING: DO NOT REFRESH THIS PAGE TO AVOID DUPLICATE ENTRIES!";
        echo "<script>alert('$response_message'); window.location.href = 'https://fastlinkinternet.com/administrator/data-provider/admin/?page=home';</script>";
    } else {
        $response_message = "Something went wrong. Please try again. Error: " . $conn->error;
        echo "<script>alert('$response_message');</script>";
    }
}

// Display the response message if present
if (isset($response_message) && $response_message !== '') {
    echo "<script>alert('$response_message');</script>";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <title>Send Proof of Payment</title>
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
</head>
<body>
<div class="container mt-5">
    <h2 class="mb-4">Already paid? Send your proof of payment to us:</h2>
    <div class="card mb-4">
        <div class="card-header">Proof of Payment</div>
        <div class="card-body">
            <form method="post" action="">
                <input type="hidden" name="token" value="<?php echo $_SESSION['form_token']; ?>">
                <div class="form-group">
                    <label for="client_name">Client Name<span>*</span> WARNING: If you don't see your name automatically written below, click first your STATEMENT OF ACCOUNT and go back to this page.</label>
                    <input type="text" class="form-control" name="client_name" required value="<?php echo isset($_SESSION['userdata']['firstname']) && isset($_SESSION['userdata']['lastname']) 
                        ? htmlspecialchars($_SESSION['userdata']['firstname'] . ' ' . $_SESSION['userdata']['lastname']) 
                        : ''; ?>" readonly>
                </div>
                <div class="form-group">
                    <label for="payment_date">Payment Date<span>*</span></label>
                    <input type="date" class="form-control" name="payment_date" required>
                </div>
                <div class="form-group">
                    <label for="receipt_number">Receipt Number<span>*</span></label>
                    <input type="text" class="form-control" name="receipt_number" required>
                </div>
                <div class="form-group">
                    <label for="payment_method">Payment Method<span>*</span></label>
                    <select class="form-control" name="payment_method" required>
                        <option value="">Select Payment Method</option>
                        <option value="BANK">BANK</option>
                        <option value="G-CASH">G-CASH</option>
                        <option value="OTHERS">OTHERS</option>
                    </select>
                </div>
                <div class="form-group">
                    <label for="amount_paid">Amount Paid<span>*</span></label>
                    <input type="number" class="form-control" name="amount_paid" required>
                </div>
                <div class="form-group">
                    <label for="note">Note</label>
                    <textarea name="note" id="note" class="form-control form-control-sm rounded-0"></textarea>
                </div>
                <input type="submit" name="submit" class="btn btn-primary" value="Save">
                <a href="index.php" class="btn btn-secondary">Cancel</a>
            </form>
        </div>
    </div>
</div>
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="https://stackpath.bootstrap.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
</body>
</html>
<?php
// End output buffering and flush output
ob_end_flush();
$conn->close();
?>