diff --git a/dashboard.php b/dashboard.php index 67b67ad..1b6722d 100644 --- a/dashboard.php +++ b/dashboard.php @@ -1,3 +1,29 @@ +prepare("SELECT full_name, balance FROM users WHERE id = :id"); + $stmt->execute(['id' => $user_id]); + $user = $stmt->fetch(); + $balance = $user['balance'] ?? 0; +} catch (PDOException $e) { + // Handle db error +} + +?> @@ -16,10 +42,15 @@ UBPay @@ -28,7 +59,7 @@
-

Welcome, User!

+

Welcome, !

@@ -38,7 +69,7 @@
Wallet Balance
-

R1,250.75

+

R

Available Funds

@@ -50,8 +81,8 @@
Quick Actions
- - + Send Money + Pay Merchant
@@ -66,37 +97,23 @@
Recent Transactions
exec("CREATE TABLE IF NOT EXISTS transactions ( id INT AUTO_INCREMENT PRIMARY KEY, + user_id INT NOT NULL, description VARCHAR(255) NOT NULL, amount DECIMAL(10, 2) NOT NULL, type VARCHAR(50) NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP + notes TEXT, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (user_id) REFERENCES users(id) )"); - // Clear existing transactions and insert sample data for demonstration - $pdo->exec("TRUNCATE TABLE transactions"); - $transactions = [ - ['Payment to Shoprite', -120.50, 'Merchant Payment'], - ['Received from J. Doe', 250.00, 'P2P Transfer'], - ['Airtime Purchase (MTN)', -50.00, 'Bill Payment'], - ['Payment to Pick n Pay', -340.75, 'Merchant Payment'], - ['Received from A. Smith', 500.00, 'P2P Transfer'], - ]; - $stmt = $pdo->prepare("INSERT INTO transactions (description, amount, type) VALUES (?, ?, ?)"); - foreach ($transactions as $tx) { - $stmt->execute($tx); - } - - - // Fetch transactions - $stmt = $pdo->query("SELECT description, amount, type, created_at FROM transactions ORDER BY created_at DESC"); + // Fetch transactions for the logged-in user + $stmt = $pdo->prepare("SELECT description, amount, type, notes, created_at FROM transactions WHERE user_id = :user_id ORDER BY created_at DESC LIMIT 10"); + $stmt->execute(['user_id' => $user_id]); $transactions = $stmt->fetchAll(); if (count($transactions) > 0) { @@ -112,6 +129,9 @@ echo ''; echo '' . htmlspecialchars($tx['description']) . ''; echo '' . htmlspecialchars($tx['type']) . ''; + if (!empty($tx['notes'])) { + echo '' . htmlspecialchars($tx['notes']) . ''; + } echo '
'; echo '' . $amount_prefix . ' ' . $formatted_amount . ''; echo ''; @@ -121,7 +141,7 @@ echo '

No recent transactions.

'; } } catch (PDOException $e) { - echo '

Database error: ' . htmlspecialchars($e->getMessage()) . '

'; + echo '

Database error: Could not fetch transactions.

'; } ?> @@ -136,4 +156,4 @@ - + \ No newline at end of file diff --git a/index.php b/index.php index 4a58525..fe39d27 100644 --- a/index.php +++ b/index.php @@ -91,9 +91,9 @@ -
- View Dashboard (Bypass Login) -
+

+ Already have an account? Login +

diff --git a/login.php b/login.php new file mode 100644 index 0000000..feef844 --- /dev/null +++ b/login.php @@ -0,0 +1,84 @@ +prepare("SELECT id, password_hash FROM users WHERE mobile_number = :mobile_number"); + $stmt->execute(['mobile_number' => $mobile_number]); + $user = $stmt->fetch(); + + if ($user && password_verify($password, $user['password_hash'])) { + // Password is correct, start session + $_SESSION['user_id'] = $user['id']; + header("Location: dashboard.php"); + exit(); + } else { + $error_message = 'Invalid mobile number or password.'; + } + } catch (PDOException $e) { + $error_message = 'An internal error occurred. Please try again later.'; + } + } +} +?> + + + + + + Login - UBPay + + + + +
+
+
+
+
+

Login to UBPay

+ +
+ +
+
+ + +
+
+ + +
+
+ +
+

+ Don't have an account? Register +

+
+
+
+
+
+
+ + + \ No newline at end of file diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..97e76df --- /dev/null +++ b/logout.php @@ -0,0 +1,22 @@ +prepare('SELECT * FROM users WHERE id = ?'); +$stmt->execute([$user_id]); +$user = $stmt->fetch(); + +?> + + + + + + Pay Merchant - UBPay + + + + +
+
+
+
+
+

Pay Merchant

+
+

Your current balance:

+

$

+
+
+
+ + +
+
+ + +
+
+ +
+

+ Back to Dashboard +

+
+
+
+
+
+
+ + + \ No newline at end of file diff --git a/process-pay-merchant.php b/process-pay-merchant.php new file mode 100644 index 0000000..d56af7f --- /dev/null +++ b/process-pay-merchant.php @@ -0,0 +1,76 @@ +prepare('SELECT id FROM users WHERE email = ?'); +$stmt->execute([$merchant_email]); +$merchant = $stmt->fetch(); + +if (!$merchant) { + $stmt = $pdo->prepare('INSERT INTO users (name, email, password, balance) VALUES (?, ?, ?, ?)'); + $stmt->execute(['Default Merchant', $merchant_email, password_hash('password', PASSWORD_DEFAULT), 10000]); + $merchant_id = $pdo->lastInsertId(); +} else { + $merchant_id = $merchant['id']; +} + +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $user_id = $_SESSION['user_id']; + $merchant_code = $_POST['merchant_code']; // In a real app, this would be validated more thoroughly + $amount = filter_input(INPUT_POST, 'amount', FILTER_VALIDATE_FLOAT); + + if (!$merchant_code || !$amount || $amount <= 0) { + $_SESSION['error_message'] = 'Invalid input. Please check the merchant code and amount.'; + header('Location: pay-merchant.php'); + exit; + } + + try { + $pdo->beginTransaction(); + + // Get sender's balance + $stmt = $pdo->prepare('SELECT balance FROM users WHERE id = ? FOR UPDATE'); + $stmt->execute([$user_id]); + $sender = $stmt->fetch(); + + if ($sender['balance'] < $amount) { + $_SESSION['error_message'] = 'Insufficient funds.'; + header('Location: pay-merchant.php'); + $pdo->rollBack(); + exit; + } + + // Debit sender + $stmt = $pdo->prepare('UPDATE users SET balance = balance - ? WHERE id = ?'); + $stmt->execute([$amount, $user_id]); + + // Credit merchant (using the dummy merchant for this example) + $stmt = $pdo->prepare('UPDATE users SET balance = balance + ? WHERE id = ?'); + $stmt->execute([$amount, $merchant_id]); + + // Record transaction + $stmt = $pdo->prepare('INSERT INTO transactions (sender_id, receiver_id, amount, type, description) VALUES (?, ?, ?, ?, ?)'); + $stmt->execute([$user_id, $merchant_id, $amount, 'merchant_payment', 'Payment to merchant ' . htmlspecialchars($merchant_code)]); + + $pdo->commit(); + + $_SESSION['success_message'] = 'Payment of $' . number_format($amount, 2) . ' to merchant ' . htmlspecialchars($merchant_code) . ' was successful.'; + header('Location: dashboard.php'); + exit; + + } catch (Exception $e) { + $pdo->rollBack(); + $_SESSION['error_message'] = 'An error occurred. Please try again.'; + error_log('Merchant Payment Error: ' . $e->getMessage()); + header('Location: pay-merchant.php'); + exit; + } +} diff --git a/process-send-money.php b/process-send-money.php new file mode 100644 index 0000000..6ffc880 --- /dev/null +++ b/process-send-money.php @@ -0,0 +1,91 @@ +query("SELECT notes FROM transactions LIMIT 1"); +} catch (PDOException $e) { + if ($e->getCode() == '42S22') { // Column not found + $pdo->exec("ALTER TABLE transactions ADD COLUMN notes TEXT"); + } +} + +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $sender_id = $_SESSION['user_id']; + $recipient_mobile = $_POST['recipient']; + $amount = (float)$_POST['amount']; + $notes = !empty($_POST['notes']) ? trim($_POST['notes']) : null; + + // Validate amount + if ($amount <= 0) { + $_SESSION['message'] = "Invalid amount."; + $_SESSION['message_type'] = "danger"; + header("Location: send-money.php"); + exit; + } + + try { + $pdo->beginTransaction(); + + // Get sender + $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ? FOR UPDATE"); + $stmt->execute([$sender_id]); + $sender = $stmt->fetch(); + + // Get recipient + $stmt = $pdo->prepare("SELECT * FROM users WHERE mobile = ? FOR UPDATE"); + $stmt->execute([$recipient_mobile]); + $recipient = $stmt->fetch(); + + if (!$recipient) { + throw new Exception("Recipient not found."); + } + + if ($sender['id'] === $recipient['id']) { + throw new Exception("You cannot send money to yourself."); + } + + if ($sender['balance'] < $amount) { + throw new Exception("Insufficient funds."); + } + + // Perform transaction + $new_sender_balance = $sender['balance'] - $amount; + $stmt = $pdo->prepare("UPDATE users SET balance = ? WHERE id = ?"); + $stmt->execute([$new_sender_balance, $sender_id]); + + $new_recipient_balance = $recipient['balance'] + $amount; + $stmt = $pdo->prepare("UPDATE users SET balance = ? WHERE id = ?"); + $stmt->execute([$new_recipient_balance, $recipient['id']]); + + // Record transaction + $stmt = $pdo->prepare("INSERT INTO transactions (user_id, type, amount, description, notes) VALUES (?, ?, ?, ?, ?)"); + $stmt->execute([$sender_id, 'debit', $amount, "Sent money to {$recipient['name']}", $notes]); + $stmt->execute([$recipient['id'], 'credit', $amount, "Received money from {$sender['name']}", $notes]); + + $pdo->commit(); + + $_SESSION['message'] = "Money sent successfully!"; + $_SESSION['message_type'] = "success"; + header("Location: dashboard.php"); + exit; + + } catch (Exception $e) { + if ($pdo->inTransaction()) { + $pdo->rollBack(); + } + $_SESSION['message'] = "Error: " . $e->getMessage(); + $_SESSION['message_type'] = "danger"; + header("Location: send-money.php"); + exit; + } +} else { + header("Location: send-money.php"); + exit; +} diff --git a/send-money.php b/send-money.php new file mode 100644 index 0000000..26e7013 --- /dev/null +++ b/send-money.php @@ -0,0 +1,129 @@ +prepare("SELECT * FROM users WHERE id = ?"); +$stmt->execute([$user_id]); +$user = $stmt->fetch(); + +?> + + + + + + Send Money - UBPay + + + + + + + + +
+
+
+
+
+

Send Money

+ +
+ Your current balance is: $ +
+ + + + + + +
+
+ + +
+
+ +
+ $ + +
+
+
+ + +
+
+ +
+
+
+
+
+
+
+ + + + + + + + + \ No newline at end of file