MOON
Server: Apache
System: Linux smtp.modiva.org 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
User: rtbrisc (1005)
PHP: 8.1.34
Disabled: NONE
Upload Files
File: /home/rtbrisc/public_html/admin/main/payment/pay/save.php
<?php
session_start();
header("Access-Control-Allow-Origin: *");
require('../../worker/workers/server/customer.php');
require('../../worker/workers/server/customercare.php');
require('../../worker/workers/server/issues.php');
require('../../worker/workers/server/utilities.php');

$payment = $_POST['txtPaymentMethodID'];

$auth = $_POST['txtAuthenticate'];



//echo $payment;
switch ($payment) {
	case 2:
		//echo $auth;		
		$paymentMethod = $_POST['txtPaymentMethod'];
		$paymentMethodID = $_POST['txtPaymentMethodID'];
		$transactionID = $_POST['txtTransactionID'];
		$paymentID = $_POST['txtPaymentID'];
		$ticketID = $_POST['txtTicketID'];
		$customerID = $_POST['txtCustomerID'];
		$email = $_POST['txtEmail'];
		$amount = $_POST['txtAmount'];
		$auth = $_POST['txtAuthenticate'];

		if (empty($paymentMethod) || empty($paymentMethodID) || empty($transactionID) || empty($paymentID) || empty($customerID) || empty($email) || empty($amount
		) || empty($auth) || empty($ticketID)) {
			$_SESSION['msg'] = "All fields are required";
			header("Location: ../");
		}else{
			$check_tech = mysqli_query($ccs, "SELECT * FROM tbltechnician WHERE TechnicianID = '$auth'");
			$check_tech_row = mysqli_fetch_assoc($check_tech);
			if ($check_tech_row) {
				$check_assign = mysqli_query($iss, "SELECT * FROM tblhelpdeskrequest WHERE TicketID = '$ticketID'");
				$check_assign_row = mysqli_fetch_assoc($check_assign);
				if ($check_assign_row && $check_assign_row['TechnicianID'] == strtoupper($auth)) {
					// Technician is the owner of the job. Authenticate and Make Payment
					$sql = mysqli_query($cus, "INSERT INTO tblpaydata (CustomerID, PaymentID, Email, Amount, PaymentChannel, PaymentStatus) VALUES ('$customerID', '$transactionID', '$email', '$amount', '$paymentMethod', 'success')");

					$sql2 = mysqli_query($iss, "UPDATE tblpaymentticket SET TransactionID = '$transactionID', PaymentStatus = 2, PaymentMethod = '$paymentMethodID' WHERE PaymentID = '$paymentID'");

					if($sql && $sql2){
						header("Location: success.php?cid=$customerID&pid=$paymentID");
					}else{
						$_SESSION['pay_err'] = "There was a problem saving payment data";
						header("Location: ../pay.php?tid=$paymentID");
					}
				}else{
					// Technician is not the owner of the job, Don't authenticate or make payment
					$_SESSION['pay_err'] = "Invalid Authentication Code. Technician isn't authorized.";
					header("Location: ../pay.php?tid=$paymentID");
				}
			}else{
				// Technician doesn't exist in QIS records
				$_SESSION['pay_err'] = "Invalid Authentication Code. Please Re-Initiate Payment.";
				header("Location: ../pay.php?tid=$paymentID");
			}
		}
		break;
	case 3:
		$paymentMethod = $_POST['txtPaymentMethod'];
		$paymentMethodID = $_POST['txtPaymentMethodID'];
		$transactionID = $_POST['txtTransactionID'];
		$paymentID = $_POST['txtPaymentID'];
		$ticketID = $_POST['txtTicketID'];
		$customerID = $_POST['txtCustomerID'];
		$email = $_POST['txtEmail'];
		$amount = $_POST['txtAmount'];
		$auth = $_POST['txtAuthenticate'];

		//echo $paymentMethod;


		if (empty($paymentMethod) || empty($paymentMethodID) || empty($transactionID) || empty($paymentID) || empty($customerID) || empty($email) || empty($amount
		) || empty($auth) || empty($ticketID)) {
			$_SESSION['msg'] = "All fields are required";
			header("Location: ../");
		}else{
			$check_tech = mysqli_query($ccs, "SELECT * FROM tbltechnician WHERE TechnicianID = '$auth'");
			$check_tech_row = mysqli_fetch_assoc($check_tech);
			if ($check_tech_row) {
				$check_assign = mysqli_query($iss, "SELECT * FROM tblhelpdeskrequest WHERE TicketID = '$ticketID' && TechnicianID = '$auth'");
				$check_assign_row = mysqli_fetch_assoc($check_assign);
				if ($check_assign_row) {
					// Technician is the owner of the job. Authenticate and Make Payment
					$sql = mysqli_query($cus, "INSERT INTO tblpaydata (CustomerID, PaymentID, Email, Amount, PaymentChannel, PaymentStatus) VALUES ('$customerID', '$transactionID', '$email', '$amount', '$paymentMethod', 'success')");

					$sql2 = mysqli_query($iss, "UPDATE tblpaymentticket SET TransactionID = '$transactionID', PaymentStatus = 2, PaymentMethod = '$paymentMethodID' WHERE PaymentID = '$paymentID'");

					if($sql && $sql2){
						header("Location: success.php?cid=$customerID&pid=$paymentID");
					}else{
						$_SESSION['pay_err'] = "There was a problem saving payment data";
						header("Location: ../pay.php?tid=$paymentID");
					}
					
				}else{
					// Technician is not the owner of the job, Don't authenticate or make payment
					$_SESSION['pay_err'] = "Invalid Authentication Code. Please Re-Initiate Payment.";
					header("Location: ../pay.php?tid=$paymentID");
				}
			}else{
				// Technician doesn't exist in QIS records
				$_SESSION['pay_err'] = "Invalid Authentication Code. Please Re-Initiate Payment.";
				header("Location: ../pay.php?tid=$paymentID");
			}
		}
		break;
	default:
		# code...
		break;
}
?>