File: /home/rtbrisc/public_html/admin/main/payment/pay/save.php
<?php
session_start();
header("Access-Control-Allow-Origin: *");
require('../../worker/workers/server/customer.php');
require('../../worker/workers/server/customercare.php');
require('../../worker/workers/server/issues.php');
require('../../worker/workers/server/utilities.php');
$payment = $_POST['txtPaymentMethodID'];
$auth = $_POST['txtAuthenticate'];
//echo $payment;
switch ($payment) {
case 2:
//echo $auth;
$paymentMethod = $_POST['txtPaymentMethod'];
$paymentMethodID = $_POST['txtPaymentMethodID'];
$transactionID = $_POST['txtTransactionID'];
$paymentID = $_POST['txtPaymentID'];
$ticketID = $_POST['txtTicketID'];
$customerID = $_POST['txtCustomerID'];
$email = $_POST['txtEmail'];
$amount = $_POST['txtAmount'];
$auth = $_POST['txtAuthenticate'];
if (empty($paymentMethod) || empty($paymentMethodID) || empty($transactionID) || empty($paymentID) || empty($customerID) || empty($email) || empty($amount
) || empty($auth) || empty($ticketID)) {
$_SESSION['msg'] = "All fields are required";
header("Location: ../");
}else{
$check_tech = mysqli_query($ccs, "SELECT * FROM tbltechnician WHERE TechnicianID = '$auth'");
$check_tech_row = mysqli_fetch_assoc($check_tech);
if ($check_tech_row) {
$check_assign = mysqli_query($iss, "SELECT * FROM tblhelpdeskrequest WHERE TicketID = '$ticketID'");
$check_assign_row = mysqli_fetch_assoc($check_assign);
if ($check_assign_row && $check_assign_row['TechnicianID'] == strtoupper($auth)) {
// Technician is the owner of the job. Authenticate and Make Payment
$sql = mysqli_query($cus, "INSERT INTO tblpaydata (CustomerID, PaymentID, Email, Amount, PaymentChannel, PaymentStatus) VALUES ('$customerID', '$transactionID', '$email', '$amount', '$paymentMethod', 'success')");
$sql2 = mysqli_query($iss, "UPDATE tblpaymentticket SET TransactionID = '$transactionID', PaymentStatus = 2, PaymentMethod = '$paymentMethodID' WHERE PaymentID = '$paymentID'");
if($sql && $sql2){
header("Location: success.php?cid=$customerID&pid=$paymentID");
}else{
$_SESSION['pay_err'] = "There was a problem saving payment data";
header("Location: ../pay.php?tid=$paymentID");
}
}else{
// Technician is not the owner of the job, Don't authenticate or make payment
$_SESSION['pay_err'] = "Invalid Authentication Code. Technician isn't authorized.";
header("Location: ../pay.php?tid=$paymentID");
}
}else{
// Technician doesn't exist in QIS records
$_SESSION['pay_err'] = "Invalid Authentication Code. Please Re-Initiate Payment.";
header("Location: ../pay.php?tid=$paymentID");
}
}
break;
case 3:
$paymentMethod = $_POST['txtPaymentMethod'];
$paymentMethodID = $_POST['txtPaymentMethodID'];
$transactionID = $_POST['txtTransactionID'];
$paymentID = $_POST['txtPaymentID'];
$ticketID = $_POST['txtTicketID'];
$customerID = $_POST['txtCustomerID'];
$email = $_POST['txtEmail'];
$amount = $_POST['txtAmount'];
$auth = $_POST['txtAuthenticate'];
//echo $paymentMethod;
if (empty($paymentMethod) || empty($paymentMethodID) || empty($transactionID) || empty($paymentID) || empty($customerID) || empty($email) || empty($amount
) || empty($auth) || empty($ticketID)) {
$_SESSION['msg'] = "All fields are required";
header("Location: ../");
}else{
$check_tech = mysqli_query($ccs, "SELECT * FROM tbltechnician WHERE TechnicianID = '$auth'");
$check_tech_row = mysqli_fetch_assoc($check_tech);
if ($check_tech_row) {
$check_assign = mysqli_query($iss, "SELECT * FROM tblhelpdeskrequest WHERE TicketID = '$ticketID' && TechnicianID = '$auth'");
$check_assign_row = mysqli_fetch_assoc($check_assign);
if ($check_assign_row) {
// Technician is the owner of the job. Authenticate and Make Payment
$sql = mysqli_query($cus, "INSERT INTO tblpaydata (CustomerID, PaymentID, Email, Amount, PaymentChannel, PaymentStatus) VALUES ('$customerID', '$transactionID', '$email', '$amount', '$paymentMethod', 'success')");
$sql2 = mysqli_query($iss, "UPDATE tblpaymentticket SET TransactionID = '$transactionID', PaymentStatus = 2, PaymentMethod = '$paymentMethodID' WHERE PaymentID = '$paymentID'");
if($sql && $sql2){
header("Location: success.php?cid=$customerID&pid=$paymentID");
}else{
$_SESSION['pay_err'] = "There was a problem saving payment data";
header("Location: ../pay.php?tid=$paymentID");
}
}else{
// Technician is not the owner of the job, Don't authenticate or make payment
$_SESSION['pay_err'] = "Invalid Authentication Code. Please Re-Initiate Payment.";
header("Location: ../pay.php?tid=$paymentID");
}
}else{
// Technician doesn't exist in QIS records
$_SESSION['pay_err'] = "Invalid Authentication Code. Please Re-Initiate Payment.";
header("Location: ../pay.php?tid=$paymentID");
}
}
break;
default:
# code...
break;
}
?>