PNG  IHDR pHYs   OiCCPPhotoshop ICC profilexڝSgTS=BKKoR RB&*! J!QEEȠQ, !{kּ> H3Q5 B.@ $pd!s#~<<+"x M0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH  0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbϫp@t~,/;m%h^ uf@Wp~<5j>{-]cK'Xto(hw?G%fIq^D$.Tʳ?D*A, `6B$BB dr`)B(Ͱ*`/@4Qhp.U=pa( Aa!ڈbX#!H$ ɈQ"K5H1RT UH=r9\F;2G1Q= C7F dt1r=6Ыhڏ>C03l0.B8, c˱" VcϱwE 6wB aAHXLXNH $4 7 Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +ȅ3![ b@qS(RjJ4e2AURݨT5ZBRQ4u9̓IKhhitݕNWGw Ljg(gwLӋT071oUX**| J&*/Tު UUT^S}FU3S ԖUPSSg;goT?~YYLOCQ_ cx,!k u5&|v*=9C3J3WRf?qtN (~))4L1e\kXHQG6EYAJ'\'GgSSݧ M=:.kDwn^Loy}/TmG X $ <5qo</QC]@Caaᄑ.ȽJtq]zۯ6iܟ4)Y3sCQ? 0k߬~OCOg#/c/Wװwa>>r><72Y_7ȷOo_C#dz%gA[z|!?:eAAA!h쐭!ΑiP~aa~ 'W?pX15wCsDDDޛg1O9-J5*>.j<74?.fYXXIlK9.*6nl {/]py.,:@LN8A*%w% yg"/6шC\*NH*Mz쑼5y$3,幄'L Lݛ:v m2=:1qB!Mggfvˬen/kY- BTZ(*geWf͉9+̳ې7ᒶKW-X潬j9(xoʿܔĹdff-[n ڴ VE/(ۻCɾUUMfeI?m]Nmq#׹=TR+Gw- 6 U#pDy  :v{vg/jBFS[b[O>zG499?rCd&ˮ/~јѡ򗓿m|x31^VwwO| (hSЧc3- cHRMz%u0`:o_F@8N ' p @8N@8}' p '#@8N@8N pQ9p!i~}|6-ӪG` VP.@*j>[ K^<֐Z]@8N'KQ<Q(`s" 'hgpKB`R@Dqj '  'P$a ( `D$Na L?u80e J,K˷NI'0eݷ(NI'؀ 2ipIIKp`:O'`ʤxB8Ѥx Ѥx $ $P6 :vRNb 'p,>NB 'P]-->P T+*^h& p '‰a ‰ (ĵt#u33;Nt̵'ޯ; [3W ~]0KH1q@8]O2]3*̧7# *p>us p _6]/}-4|t'|Smx= DoʾM×M_8!)6lq':l7!|4} '\ne t!=hnLn (~Dn\+‰_4k)0e@OhZ`F `.m1} 'vp{F`ON7Srx 'D˸nV`><;yMx!IS钦OM)Ե٥x 'DSD6bS8!" ODz#R >S8!7ّxEh0m$MIPHi$IvS8IN$I p$O8I,sk&I)$IN$Hi$I^Ah.p$MIN$IR8I·N "IF9Ah0m$MIN$IR8IN$I 3jIU;kO$ɳN$+ q.x* tEXtComment

Viewing File: /home/aqjktxqw/topcelebconnect.com/admin/inc/process.php

<?php

require 'connection.php';

if(isset($_POST["login"])){
    //echo var_dump ($_POST);
    $email =$_POST["email"];
    $password =$_POST["password"];
    $encrpt_password = md5($password);
//chech if user exist
$sql_check = "SELECT * FROM user WHERE email='$email' AND password = '$encrpt_password'";
$query_check = mysqli_query($connection, $sql_check);
if($result=mysqli_fetch_assoc($query_check)){
    //log in to the dashboard  
    echo "Logged in successfully... redirecting...";
    $_SESSION["user"] = $result;
    ?>
<script>
swal({
    title: "Welcome!",
    text: "Login  successfull!!",
    icon: "success",
    button: "Ok",
    type: "success",
    timer: "6000",

}).then(function() {
    window.location = "index.php";
});
</script>
<?php
 
} else{
    // user not found
    die("<script>
    alert('Opps! you have enterd an incorrect login details, pls provide a correct detail')
    document .location.href= 'login.php';
     </script>");

}
}

if(isset($_POST["add-cat"])){
    //echo var_dump($_POST);
    $category = $_POST["name"];

    //insert to database 
    $sql ="INSERT INTO category (name) VALUES (' $category ')";
    $query =mysqli_query($connection, $sql);
    If($query){
        $success ="Category Added Successfuly";
    }else{
        $error ="Error Adding Category";
    }
}


// delete catergory
if(isset($_GET["delete_cat"])){
    $id =$_GET["delete_cat"];


    $sql ="DELETE FROM category WHERE id ='$id'";
    $query =mysqli_query($connection, $sql);
    If($query){
        $success ="Category Deleted  Successfuly";
    }else{
        $error ="Error Deleting Category";
    }
}
// edit category 

if(isset($_POST["Edit_cat"])){
    $cat =$_POST["cat"];
    $id =$_POST["id"];


    $sql ="UPDATE category set name= '$cat' WHERE id='$id'";
    $query =mysqli_query($connection, $sql);
    If($query){
        $success ="Category UPDATE  Successfuly";
    }else{
        $error ="Error UPDATING Category";
    }
}

//add booking type
if(isset($_POST["add_type"])){
    //echo var_dump($_POST);
    $name = $_POST["type"];
    $price = $_POST["price"];

    //insert to database 
    $sql ="INSERT INTO `type` (`name`, `price`) VALUES ('$name', '$price');";
    $query =mysqli_query($connection, $sql);
    If($query){
        $success ="Booking type Added Successfuly";
    }else{
        $error ="Error Adding Booking type";
    }
}

// delete Type of booking
if(isset($_GET["delete_type"])){
    $id =$_GET["delete_type"];


    $sql ="DELETE FROM type WHERE id ='$id'";
    $query =mysqli_query($connection, $sql);
    If($query){
        $success ="Boking Type Deleted  Successfuly";
    }else{
        $error ="Error Deleting Booking Type";
    }
}
// edit type 

if(isset($_POST["Edit_cat"])){
    $name =$_POST["type"];
    $price =$_POST["price"];
    $id =$_POST["id"];


    $sql ="UPDATE `type` SET `name` = '$name', `price` = '$price' WHERE `type`.`id` = $id;";
    $query =mysqli_query($connection, $sql);
    If($query){
        $success ="Booking type UPDATE  Successfuly";
    }else{
        $error ="Error UPDATING Booking Type";
    }
}
 // add walleat
if(isset($_POST["add_crypto"])){
   //echo var_dump($_POST);
    $crypto =$_POST["crypto"];
    $wallet =$_POST["wallet"];

    $sql = "INSERT INTO wallet (`name`, `address`) VALUES ('$crypto', '$wallet')";
    $query =mysqli_query($connection, $sql);
    
    if($query){
        echo "Done";
        $success="Wallet added successfuly";
    }else{
        echo "Not Done";
        $error="Error Adding Wallet";
    }
}
//Delete wallet 
if(isset($_GET["delete_wallet"])){
    $id =$_GET["delete_wallet"]; 

    $sql= "DELETE FROM wallet WHERE id=$id";
    $query = mysqli_query($connection, $sql);
    if($query){
       
        $success="Wallet Deleted successfuly";
    }else{
       $error="Error Deleting Wallet";
    }
}





//delete portfolio
if (isset($_GET["delete_celeb"]) && !empty($_GET["delete_celeb"])){
    $id= $_GET["delete_celeb"];

    $SQL= "SELECT * FROM celeb WHERE id = $id ";
    $query = mysqli_query($connection, $SQL);            
    $resul=mysqli_fetch_assoc($query);
    $image = $resul["image"];

    if(unlink("$image")){
        $sql= "DELETE FROM celeb WHERE id= '$id'";
        $query= mysqli_query($connection, $sql);
        if ($query){
            echo " <script>
            alert('Celebrity deleted Sucessfuly' );
       
            </script>";

       }else{
        echo"
        <script>
        alert('Unable to Delete Celebrity' );
   
        </script>";
       }
    }
}

//Activate folio
if (isset($_GET["approve"]) && !empty($_GET["approve"])){
    $id= $_GET["approve"];
    $sql= "UPDATE . portfolio SET status ='1' WHERE id= '$id'";
    $query= mysqli_query($connection, $sql);
    if ($query){
        echo " 
        <script>
        alert('Portfolio  Approved ' );
   
        </script>";
       }else{
        echo"
        <script>
        alert('system error' );
   
        </script>";
       }
}
//DEActivate folio
if (isset($_GET["deactivate"]) && !empty($_GET["deactivate"])){
    $id= $_GET["deactivate"];
    $sql= "UPDATE . portfolio SET status ='0' WHERE id= '$id'";
    $query= mysqli_query($connection, $sql);
    if ($query){
        echo " 
        <script>
        alert('Portfolio Deactivated  ' );
   
        </script>";
       }else{
        echo"
        <script>
        alert('Unable to Deactivated' );
   
        </script>";
       }
}


if (isset($_GET["delete_category"]) && !empty($_GET["delete_category"])){
    $id= $_GET["delete_category"];
    $sql= "DELETE FROM category WHERE id= '$id'";
    $query= mysqli_query($connection, $sql);
    if ($query){
        echo"
        <script>
        alert('Department Deleted  ' );
   
        </script>";
       }else{
           $error= "Unable to delete Category" ;
       }
}


//Edit portfolio category 
if(isset($_POST["edit_category"])){
    $name = $_POST["name"];
    //get ID to
    $edit_id =$_GET["edit_id"];
    //sqli
    $SQL = "UPDATE . category SET name ='$name' WHERE id= '$edit_id'";
    $query= mysqli_query($connection, $SQL);

    if($query){
        echo"
        <script>
        alert('portfolio category  Updated successfuly' );
 
   
        </script>";
    }else{
        echo"
        <script>
        alert('Unable to Update category ' );
   
        </script>";
    }
}
     


// add service 
if(isset($_POST["service"])){
    $title =$_POST["title"];
    $content =$_POST["content"];
    $sql ="INSERT INTO `service` ( `name`, `content`) VALUES ( '$title', '$content')" ;
    $query= mysqli_query($connection, $sql);
    if($query){
        echo"
        <script>
        alert('Serive Addedd' );

   
        </script>";
    }else{
        echo"
        <script>
        alert('Error Adding Service' );

   
        </script>";
    }
}

//edit service 
if(isset($_POST["edit_service"])){
    $name = $_POST["title"];
    $content = $_POST["content"];
    //get ID to
    $edit_id = $_POST["id"];
    //sqli

    $SQL = "UPDATE `service` SET `name` = '$name', `content` = '$content' WHERE `service`.`id` = ' $edit_id'";
    $query= mysqli_query($connection, $SQL);

    if($query){
        echo"
        <script>
        alert('Service Updated' );
 document .location.href= 'service.php';
   
        </script>";
    }else{
        echo"
        <script>
        alert('Unable to Updated Service' );
   
        </script>";
    }
}

// delete seervie
if (isset($_GET["delete_Serive"]) && !empty($_GET["delete_Serive"])){
    $id= $_GET["delete_Serive"];
    $sql= "DELETE FROM service WHERE id= '$id'";
    $query= mysqli_query($connection, $sql);
    if ($query){
        echo " <script>
        alert('Serive deleted' );
   
        </script>";

       }else{
        echo " <script>
        alert('Unable to Delete Serive ' );
   
        </script>";
       }
   }

   //Approve service
   if(isset($_GET["approve_service"])){
 $id = $_GET["approve_service"];
//  sql section
$sql = "UPDATE . service SET  status='1'  WHERE id= '$id'";
 $query= mysqli_query($connection,  $sql);
if ($query){
    echo " <script>
    alert('Serive Activated! now live' );

    </script>";

    }else{
        echo " <script>
        alert('Serive Not Activated!' );
    
        </script>";
    }
 }
//deactivate service
if(isset($_GET["deactivate_service"])){
    $id = $_GET["deactivate_service"];
   //  sql section
   $sql = "UPDATE `service` SET `status` = '0' WHERE `service`.`id` = '$id';";
    $query= mysqli_query($connection,  $sql);
   if ($query){
       echo " <script>
       alert('Servive Deactivated! no longer live' );
   
       </script>";
   
       }else{
           echo " <script>
           alert('Serive Not Deactivated! still live ' );
       
           </script>";
       }
    }



// add testimonial
if(isset($_POST["logo"])){
    // echo var_dump($_POST);
  
  //upload to forder
  $target_dir = "uploads/web/";
  $basename= basename($_FILES["image"]["name"]);
  $upload_file = $target_dir.$basename;
 
 
   $imageFileType = strtolower(pathinfo($upload_file,PATHINFO_EXTENSION));
   $uploadOk = "1";
    //Check if file already exists
   
   //check file size 
   if ($_FILES["image"]["size"] > 454675) {
     echo "
     <script>
     alert('Sorry, the image you selected is too large, kindly select another image or reduce to size of the image.');
    
     </script>";
      $uploadOk = "0";
   }
   //check file type
   if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
   && $imageFileType != "gif" ) {
     echo "
     <script>
     alert('Sorry, only JPG, JPEG, PNG & GIF files are allowed.');
    
     </script>";
    $uploadOk = "0";
   }
   //check final status
   if ( $uploadOk == "0") {
   
     //if everything is ok, try to upload file
    $uploadOk = "1";
   
   } else {
   //move to folder
   
   $move = move_uploaded_file($_FILES["image"]["tmp_name"], $upload_file);
  // check if moved 
   if(isset($move)){ 

    $url=$upload_file;
    $id =$_POST["user"];
    
    $sql= "UPDATE `web` SET `logo` = '$url' WHERE `web`.`user_id` = $id; ";
    $query= mysqli_query($connection, $sql);

 if($query){
  echo "<script>
  alert('Site Logo uploaded successfuly,');

  </script>";
} else {
  echo "<script>
  alert('sorry an error occuded');
  
  </script>";
 }
    }
 }
}

//favicon
if(isset($_POST["favicon"])){
    // echo var_dump($_POST);
  
  //upload to forder
  $target_dir = "uploads/web/";
  $basename= basename($_FILES["image"]["name"]);
  $upload_file = $target_dir.$basename;
 
 
   $imageFileType = strtolower(pathinfo($upload_file,PATHINFO_EXTENSION));
   $uploadOk = "1";
    //Check if file already exists
   
   //check file size 
   if ($_FILES["image"]["size"] > 454675) {
     echo "
     <script>
     alert('Sorry, the image you selected is too large, kindly select another image or reduce to size of the image.');
    
     </script>";
      $uploadOk = "0";
   }
   //check file type
   if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
   && $imageFileType != "gif" ) {
     echo "
     <script>
     alert('Sorry, only JPG, JPEG, PNG & GIF files are allowed.');
    
     </script>";
    $uploadOk = "0";
   }
   //check final status
   if ( $uploadOk == "0") {
   
     //if everything is ok, try to upload file
    $uploadOk = "1";
   
   } else {
   //move to folder
   
   $move = move_uploaded_file($_FILES["image"]["tmp_name"], $upload_file);
  // check if moved 
   if(isset($move)){ 

    $url=$upload_file;
    $id =$_POST["user"];
    
    $sql= "UPDATE `web` SET `favicon` = '$url' WHERE `web`.`user_id` = $id; ";
    $query= mysqli_query($connection, $sql);

 if($query){
  echo "<script>
  alert('Site Favicon uploaded successfuly,');

  </script>";
} else {
  echo "<script>
  alert('sorry an error occuded');
  
  </script>";
 }
    }
 }
}

//update hero backgroud
if(isset($_POST["hero"])){
    // echo var_dump($_POST);
  
  //upload to forder
  $target_dir = "uploads/web/";
  $basename= basename($_FILES["hero"]["name"]);
  $upload_file = $target_dir.$basename;
 
 
   $imageFileType = strtolower(pathinfo($upload_file,PATHINFO_EXTENSION));
   $uploadOk = "1";
    //Check if file already exists
   
   //check file size 
   if ($_FILES["image"]["size"] > 1054675) {
     echo "
     <script>
     alert('Sorry, the image you selected is too large, kindly select another image or reduce to size of the image.');
    
     </script>";
      $uploadOk = "0";
   }
   //check file type
   if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
   && $imageFileType != "gif" ) {
     echo "
     <script>
     alert('Sorry, only JPG, JPEG, PNG & GIF files are allowed.');
    
     </script>";
    $uploadOk = "0";
   }
   //check final status
   if ( $uploadOk == "0") {
   
     //if everything is ok, try to upload file
    $uploadOk = "1";
   
   } else {
   //move to folder
   
   $move = move_uploaded_file($_FILES["hero"]["tmp_name"], $upload_file);
  // check if moved 
   if(isset($move)){ 

    $url=$upload_file;
    $id =$_POST["user"];
    
    $sql= "UPDATE `web` SET `hero` = '$url' WHERE `web`.`user_id` = $id; ";
    $query= mysqli_query($connection, $sql);

 if($query){
  echo "<script>
  alert('Site Hero background uploaded successfuly,');

  </script>";
} else {
  echo "<script>
  alert('sorry an error occuded');
  
  </script>";
 }
    }
 }
}


//website information 
if(isset($_POST["site"])){ 

    
    $id =$_POST["user"];
    $name =$_POST["name"];
    $desc =$_POST["desc"];
    $email =$_POST["email"];
    $facebook =$_POST["facebook"];
    $twitter =$_POST["twitter"];
    $linkedin =$_POST["Link"];
    $insta =$_POST["insta"];
    $what =$_POST["what"];
    
    $sql= "UPDATE `web` SET `name` = '$name', `description` = ' $desc', `facebook` = '$facebook ', `instagram` = '$insta', `linked` = '$linkedin', `twitter` = '$twitter', `email` = ' $email', `whatsapp` = '$what';
    ";
    $query= mysqli_query($connection, $sql);

 if($query){
  echo "<script>
  alert('Site information updated successfuly,');

  </script>";
} else {
  echo "<script>
  alert('sorry an error occuded');
  
  </script>";
 }
    }


    if(isset($_POST["pass"])){
       // echo var_dump ($_POST);
        $pass =$_POST["password"];
        $encrpt_pass=md5($pass);
        $encrpt_newpassword =md5($_POST["newpassword"]);
        $encrpt_renewPassword =md5($_POST["renewpassword"]);
        
        $id =$_POST["id"];

        //chech if current password is correct 
$sql_check = "SELECT * FROM user WHERE id='$id' ";
$query_check = mysqli_query($connection, $sql_check);
$check=mysqli_fetch_assoc($query_check);
$prepass=$check["password"];
//chech if previous password is correct
if($prepass == $encrpt_pass ){
  
}else{
    die("<script>
    alert('Opps! you have enterd an incorrect password, pls provide a correct password')
    document .location.href= 'users-profile.php';
     </script>");
   
     
}
// check  password confimation
if ($encrpt_newpassword==$encrpt_renewPassword) {
    // Passwords match
    $sql= "UPDATE `user` SET `password` = '$encrpt_newpassword' WHERE id =$id; ";
    $query= mysqli_query($connection, $sql);

        if($query){
        echo "<script>
        alert('Password updated successfuly,');

        </script>";
        } else {
        echo "<script>
        alert('sorry an error occuded');
        
        </script>";
        }
} else {
    // Passwords do not match
    die("<script>
    alert('New Password mismatch')
    document .location.href= 'users-profile.php';
     </script>");
   
}
}

// activate site

if (isset($_GET["action"]) && !empty($_GET["action"])){
    $action= $_GET["action"];
    $sql= "UPDATE web set status= 1";
    $query= mysqli_query($connection, $sql);
    if ($query){
        echo " 
        <script>
        alert('Website Activated Successfully. your Frontend is now live' );
        </script>";
       }else{
        echo"
        <script>
        alert('Unable to Activate' );
        </script>";
       }
}
// revoke site

if (isset($_GET["revoke"]) && !empty($_GET["revoke"])){
    $action= $_GET["revoke"];
    $sql= "UPDATE web set status= 0";
    $query= mysqli_query($connection, $sql);
    if ($query){
        echo " 
        <script>
        alert('Website Revoked Successfully. your Frontend is now on maintainance mode' );
        </script>";
       }else{
        echo"
        <script>
        alert('Unable to revoke' );
        </script>";
       }
}
// ==================== PAYMENT METHOD PROCESSING ====================

// Update CashApp Details
if(isset($_POST["update_cashapp"])){
    $cashapp_tag = mysqli_real_escape_string($connection, $_POST["cashapp_tag"]);
    $user_id = $_SESSION["user"]["id"];
    
    // Handle QR code upload if provided
    $qr_code_path = "";
    if(isset($_FILES["cashapp_qr"]) && $_FILES["cashapp_qr"]["error"] == 0){
        $dir = "uploads/payment/";
        if (!is_dir($dir)) {
            mkdir($dir, 0755, true);
        }
        
        $filename = "cashapp_qr_" . $user_id . "_" . time() . "." . pathinfo($_FILES["cashapp_qr"]["name"], PATHINFO_EXTENSION);
        $file = $dir . $filename;
        
        if(move_uploaded_file($_FILES["cashapp_qr"]["tmp_name"], $file)){
            $qr_code_path = $file;
        }
    }
    
    // Update web table with CashApp details
    $sql = "UPDATE web SET cashapp_tag = '$cashapp_tag'";
    if(!empty($qr_code_path)){
        $sql .= ", cashapp_qr = '$qr_code_path'";
    }
    $sql .= " WHERE user_id = $user_id";
    
    $query = mysqli_query($connection, $sql);
    
    if($query){
        $success = "CashApp details updated successfully";
    } else {
        $error = "Error updating CashApp details";
    }
}

// Update Bank Transfer Details
if(isset($_POST["update_bank"])){
    $bank_name = mysqli_real_escape_string($connection, $_POST["bank_name"]);
    $account_name = mysqli_real_escape_string($connection, $_POST["account_name"]);
    $account_number = mysqli_real_escape_string($connection, $_POST["account_number"]);
    $routing_number = mysqli_real_escape_string($connection, $_POST["routing_number"]);
    $iban = mysqli_real_escape_string($connection, $_POST["iban"]);
    $swift_code = mysqli_real_escape_string($connection, $_POST["swift_code"]);
    $user_id = $_SESSION["user"]["id"];
    
    $sql = "UPDATE web SET 
            bank_name = '$bank_name',
            account_name = '$account_name',
            account_number = '$account_number',
            routing_number = '$routing_number',
            iban = '$iban',
            swift_code = '$swift_code'
            WHERE user_id = $user_id";
    
    $query = mysqli_query($connection, $sql);
    
    if($query){
        $success = "Bank transfer details updated successfully";
    } else {
        $error = "Error updating bank transfer details";
    }
}

// Update Apple Card Details
if(isset($_POST["update_apple"])){
    $apple_card_email = mysqli_real_escape_string($connection, $_POST["apple_card_email"]);
    $apple_card_phone = mysqli_real_escape_string($connection, $_POST["apple_card_phone"]);
    $apple_instructions = mysqli_real_escape_string($connection, $_POST["apple_instructions"]);
    $user_id = $_SESSION["user"]["id"];
    
    $sql = "UPDATE web SET 
            apple_card_email = '$apple_card_email',
            apple_card_phone = '$apple_card_phone',
            apple_instructions = '$apple_instructions'
            WHERE user_id = $user_id";
    
    $query = mysqli_query($connection, $sql);
    
    if($query){
        $success = "Apple Card details updated successfully";
    } else {
        $error = "Error updating Apple Card details";
    }
}

// Update E-Transfer Details
if(isset($_POST["update_etransfer"])){
    $etransfer_email = mysqli_real_escape_string($connection, $_POST["etransfer_email"]);
    $etransfer_phone = mysqli_real_escape_string($connection, $_POST["etransfer_phone"]);
    $etransfer_security = mysqli_real_escape_string($connection, $_POST["etransfer_security"]);
    $etransfer_answer = mysqli_real_escape_string($connection, $_POST["etransfer_answer"]);
    $user_id = $_SESSION["user"]["id"];
    
    $sql = "UPDATE web SET 
            etransfer_email = '$etransfer_email',
            etransfer_phone = '$etransfer_phone',
            etransfer_security = '$etransfer_security',
            etransfer_answer = '$etransfer_answer'
            WHERE user_id = $user_id";
    
    $query = mysqli_query($connection, $sql);
    
    if($query){
        $success = "E-Transfer details updated successfully";
    } else {
        $error = "Error updating E-Transfer details";
    }
}

// Update Check Mailing Details
if(isset($_POST["update_check"])){
    $check_payable = mysqli_real_escape_string($connection, $_POST["check_payable"]);
    $mailing_address = mysqli_real_escape_string($connection, $_POST["mailing_address"]);
    $check_instructions = mysqli_real_escape_string($connection, $_POST["check_instructions"]);
    $user_id = $_SESSION["user"]["id"];
    
    $sql = "UPDATE web SET 
            check_payable = '$check_payable',
            mailing_address = '$mailing_address',
            check_instructions = '$check_instructions'
            WHERE user_id = $user_id";
    
    $query = mysqli_query($connection, $sql);
    
    if($query){
        $success = "Check mailing details updated successfully";
    } else {
        $error = "Error updating check mailing details";
    }
}

// Process Payment with Selected Method (for frontend payments)
if(isset($_POST["process_payment"])){
    $payment_type = mysqli_real_escape_string($connection, $_POST["payment_type"]);
    $amount = mysqli_real_escape_string($connection, $_POST["amount"]);
    $reference = "PAY_" . rand(1000, 9999) . time();
    $user_id = isset($_SESSION["user"]["id"]) ? $_SESSION["user"]["id"] : 0;
    
    // Handle payment proof upload
    $proof_path = "";
    if(isset($_FILES["payment_proof"]) && $_FILES["payment_proof"]["error"] == 0){
        $dir = "uploads/payment_proofs/";
        if (!is_dir($dir)) {
            mkdir($dir, 0755, true);
        }
        
        $filename = $reference . "_proof." . pathinfo($_FILES["payment_proof"]["name"], PATHINFO_EXTENSION);
        $file = $dir . $filename;
        
        if(move_uploaded_file($_FILES["payment_proof"]["tmp_name"], $file)){
            $proof_path = $file;
        }
    }
    
    // Get additional payment details based on type
    $payment_details = "";
    switch($payment_type) {
        case 'cashapp':
            $payment_details = "CashApp Tag: " . mysqli_real_escape_string($connection, $_POST["cashapp_tag"]);
            break;
        case 'bank_transfer':
            $payment_details = "Bank: " . mysqli_real_escape_string($connection, $_POST["bank_name"]) . 
                             ", Account: " . mysqli_real_escape_string($connection, $_POST["account_number"]);
            break;
        case 'apple_card':
            $payment_details = "Apple Pay: " . mysqli_real_escape_string($connection, $_POST["apple_email"]);
            break;
        case 'etransfer':
            $payment_details = "E-Transfer to: " . mysqli_real_escape_string($connection, $_POST["etransfer_email"]);
            break;
        case 'check_mailing':
            $payment_details = "Check payable to: " . mysqli_real_escape_string($connection, $_POST["check_payable"]);
            break;
        case 'bitcoin':
            $payment_details = "Bitcoin Wallet: " . mysqli_real_escape_string($connection, $_POST["wallet_address"]);
            break;
    }
    
    // Insert into payment table
    $sql = "INSERT INTO payment (reference, payment_type, amount, proof, status, date_created, user_id, payment_details) 
            VALUES ('$reference', '$payment_type', '$amount', '$proof_path', 'pending', NOW(), '$user_id', '$payment_details')";
    
    $query = mysqli_query($connection, $sql);
    
    if($query){
        $success = "Payment processed successfully. Reference: " . $reference;
        
        // Send email notification
        require 'contact/mail.php';
        $SQL= "SELECT * FROM web ";
        $query_web = mysqli_query($connection, $SQL);      
        $info=mysqli_fetch_assoc($query_web);
        $site_mail = $info["email"];
        
        $emailTemplate = file_get_contents('admin/inc/contact/payment_temp.php');
        $logo= "../uploads/web/300456837_195914286197056_6259989243564983274_n.jpg";
        
        $emailTemplate = str_replace('[url]', $logo, $emailTemplate);
        $emailTemplate = str_replace('[Name]', $_SESSION["user"]["name"] ?? "Customer", $emailTemplate);
        $emailTemplate = str_replace('[ref]', $reference, $emailTemplate);
        $emailTemplate = str_replace('[Email]', $_SESSION["user"]["email"] ?? "N/A", $emailTemplate);
        $emailTemplate = str_replace('[Amount]', $amount, $emailTemplate);
        $emailTemplate = str_replace('[crypto]', $payment_type, $emailTemplate);
        
        $recipients = array($site_mail);
        if(isset($_SESSION["user"]["email"])) {
            $recipients[] = $_SESSION["user"]["email"];
        }
        
        foreach ($recipients as $recipient) {
            $mail->addAddress($recipient);
        }
        $mail->Subject = "Payment Confirmation - " . $reference;
        $mail->Body = $emailTemplate;
        $mail->send();
        
    } else {
        $error = "Error processing payment: " . mysqli_error($connection);
    }
}

// Update payment status (for admin)
if(isset($_GET["update_payment_status"])){
    $payment_id = $_GET["update_payment_status"];
    $new_status = $_GET["status"]; // 'approved', 'declined', 'pending'
    
    $sql = "UPDATE payment SET status = '$new_status' WHERE id = '$payment_id'";
    $query = mysqli_query($connection, $sql);
    
    if($query){
        $success = "Payment status updated successfully";
    } else {
        $error = "Error updating payment status";
    }
}

// Delete payment record (for admin)
if(isset($_GET["delete_payment"])){
    $payment_id = $_GET["delete_payment"];
    
    $sql = "DELETE FROM payment WHERE id = '$payment_id'";
    $query = mysqli_query($connection, $sql);
    
    if($query){
        $success = "Payment record deleted successfully";
    } else {
        $error = "Error deleting payment record";
    }
}
?>
Back to Directory=ceiIENDB`