diff --git a/admin/applications.php b/admin/applications.php index c19e5f9..d4aca57 100644 --- a/admin/applications.php +++ b/admin/applications.php @@ -9,7 +9,7 @@ require_once '../includes/header.php'; $pdo = db(); // Fetch all applications with user and event info -$stmt = $pdo->query('SELECT a.id, a.status, a.created_at, u.name AS user_name, u.email AS user_email, e.name AS event_name +$stmt = $pdo->query('SELECT a.id, a.status, a.created_at, u.email AS user_name, u.email AS user_email, e.title AS event_name FROM applications a JOIN users u ON a.user_id = u.id JOIN events e ON a.event_id = e.id @@ -18,7 +18,7 @@ $applications = $stmt->fetchAll(); ?> -
+

Manage Applications

@@ -37,10 +37,10 @@ $applications = $stmt->fetchAll(); - - + + @@ -48,34 +48,57 @@ $applications = $stmt->fetchAll(); 0): ?> - - + + @@ -89,6 +112,6 @@ $applications = $stmt->fetchAll(); - + diff --git a/admin/event_actions.php b/admin/event_actions.php index 9d630b5..fbff641 100644 --- a/admin/event_actions.php +++ b/admin/event_actions.php @@ -22,6 +22,39 @@ switch ($action) { } break; + case 'edit': + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $event_id = $_POST['event_id'] ?? null; + $name = $_POST['name'] ?? ''; + $description = $_POST['description'] ?? ''; + $date = $_POST['date'] ?? ''; + $location = $_POST['location'] ?? ''; + $capacity = $_POST['capacity'] ?? 0; + + if ($event_id) { + // Handle image upload + $image_url = $_POST['existing_image_url'] ?? null; + if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) { + $upload_dir = '../assets/images/events/'; + if (!is_dir($upload_dir)) { + mkdir($upload_dir, 0775, true); + } + $image_name = uniqid() . '-' . basename($_FILES['image']['name']); + $target_path = $upload_dir . $image_name; + if (move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { + $image_url = 'assets/images/events/' . $image_name; + } + } + + $stmt = $pdo->prepare('UPDATE events SET name = ?, description = ?, date = ?, location = ?, capacity = ?, image_url = ? WHERE id = ?'); + $stmt->execute([$name, $description, $date, $location, $capacity, $image_url, $event_id]); + } + + header('Location: events.php'); + exit; + } + break; + case 'toggle_open': $id = $_GET['id'] ?? null; if ($id) { diff --git a/admin/event_edit.php b/admin/event_edit.php new file mode 100644 index 0000000..e93a612 --- /dev/null +++ b/admin/event_edit.php @@ -0,0 +1,78 @@ +prepare('SELECT * FROM events WHERE id = ?'); +$stmt->execute([$event_id]); +$event = $stmt->fetch(); + +if (!$event) { + header('Location: events.php'); + exit(); +} + +require_once '../includes/header.php'; +?> + +
+
+

Edit Event

+ Back to Events +
+ +
+
+
+ + + +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + + + Event Image + +
+ + + +
+
+
+ + diff --git a/admin/events.php b/admin/events.php index f82da2e..0a7bf78 100644 --- a/admin/events.php +++ b/admin/events.php @@ -11,66 +11,72 @@ $events = $stmt->fetchAll(); require_once '../includes/header.php'; ?> -
-
-

Manage Events

+
+

Manage Events

-
-
-
Create New Event
-
-
- - -
-
- - -
-
- - -
-
- - -
- - -
-
- -

Existing Events

-
-
Event ApplicantSubmittedEvent StatusProof Actions

- + -
- - - -
-
- - - -
+ prepare('SELECT file_path, created_at FROM application_proofs WHERE application_id = ? ORDER BY created_at DESC'); + $proofs_stmt->execute([$app['id']]); + $proofs = $proofs_stmt->fetchAll(); + + if (count($proofs) > 0) { + echo '
    '; + foreach ($proofs as $proof) { + echo '
  • View Proof (' . htmlspecialchars($proof['created_at']) . ')
    • '; + } + echo '
'; + } else { + echo '-'; + } + ?> + 		+ +
+ + + +
+
+ + + +
+ + - +
- - - - - - - - - - - - - - - - - - - - -
TitleDateLocationOpen for ApplicationsActions
- - - - -
+
+
+
Create New Event
+
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+ +
-
+ +

Existing Events

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
TitleImageDateLocationCapacityOpen for ApplicationsActions
+ + Event Image + + + Edit + + + +
+
+ diff --git a/admin/index.php b/admin/index.php index a23fe36..3e8d0a1 100644 --- a/admin/index.php +++ b/admin/index.php @@ -1,45 +1,55 @@ query('SELECT COUNT(*) FROM users')->fetchColumn(); + $total_events = db()->query('SELECT COUNT(*) FROM events')->fetchColumn(); + $total_applications = db()->query('SELECT COUNT(*) FROM applications')->fetchColumn(); +} catch (PDOException $e) { + // Handle database errors gracefully + error_log('Dashboard Error: ' . $e->getMessage()); + $total_users = $total_events = $total_applications = 'N/A'; +} require_once '../includes/header.php'; ?> -
-
-

Admin Dashboard

-

Welcome, admin! From here you can manage events, applications, and users.

- -
-
-
-
-
Manage Events
-

Create, edit, and view all promotional events.

- Go to Events -
+
+

Admin Dashboard

+

Welcome, admin! From here you can manage events, applications, and users.

+ +
+
+
+
+
+
Total Users
+

-
-
-
-
Manage Applications
-

Review and approve/reject applications from promoters.

- Go to Applications -
+
+
+
+
+
+
Total Events
+

-
-
-
-
Manage Users
-

View and manage all registered users.

- Go to Users -
+
+
+
+
+
+
Total Applications
+

-
+ diff --git a/admin/user_actions.php b/admin/user_actions.php new file mode 100644 index 0000000..caeae71 --- /dev/null +++ b/admin/user_actions.php @@ -0,0 +1,67 @@ + 'danger', 'message' => 'Invalid input.']; + header('Location: user_edit.php?id=' . $user_id); + exit(); + } + + $stmt = $pdo->prepare('UPDATE users SET name = ?, email = ?, role = ? WHERE id = ?'); + $stmt->execute([$name, $email, $role, $user_id]); + + $_SESSION['flash_message'] = ['type' => 'success', 'message' => 'User updated successfully.']; + break; + + case 'delete': + // Prevent admin from deleting themselves + if ($user_id == $_SESSION['user']['id']) { + $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'You cannot delete your own account.']; + header('Location: users.php'); + exit(); + } + + $stmt = $pdo->prepare('DELETE FROM users WHERE id = ?'); + $stmt->execute([$user_id]); + + $_SESSION['flash_message'] = ['type' => 'success', 'message' => 'User deleted successfully.']; + break; + + default: + $_SESSION['flash_message'] = ['type' => 'warning', 'message' => 'Invalid action.']; + break; + } +} catch (PDOException $e) { + // error_log($e->getMessage()); + $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'A database error occurred.']; +} + +header('Location: users.php'); +exit(); diff --git a/admin/user_edit.php b/admin/user_edit.php new file mode 100644 index 0000000..2a1066a --- /dev/null +++ b/admin/user_edit.php @@ -0,0 +1,61 @@ +prepare('SELECT id, name, email, role FROM users WHERE id = ?'); +$stmt->execute([$user_id]); +$user = $stmt->fetch(); + +if (!$user) { + header('Location: users.php'); + exit(); +} +?> + +
+

Edit User:

+ +
+
+
+ + + +
+ + +
+ +
+ + +
+ +
+ + +
+ + + Cancel +
+
+
+
+ + diff --git a/admin/users.php b/admin/users.php new file mode 100644 index 0000000..ee9fc70 --- /dev/null +++ b/admin/users.php @@ -0,0 +1,73 @@ +query('SELECT id, email, role, created_at FROM users ORDER BY created_at DESC'); +$users = $stmt->fetchAll(); + +?> + +
+
+

Manage Users

+
+ + + + + + +
+
+
+ + + + + + + + + + + + 0): ?> + + + + + + + + + + + + + + + +
NameEmailRoleJoinedActions
+ Edit +
+ + + +
+
No users found.
+
+
+
+
+ + diff --git a/apply.php b/apply.php index cf9321a..06d2acc 100644 --- a/apply.php +++ b/apply.php @@ -2,7 +2,7 @@ require_once 'includes/session.php'; // 1. Check if user is logged in -if (!isset($_SESSION['user_id'])) { +if (!isset($_SESSION['user']['id'])) { header('Location: login.php'); exit(); } @@ -16,7 +16,7 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['event_id'])) { require_once 'db/config.php'; $event_id = $_POST['event_id']; -$user_id = $_SESSION['user_id']; +$user_id = $_SESSION['user']['id']; try { $pdo = db(); @@ -34,12 +34,12 @@ try { } // 4. Insert new application - $stmt = $pdo->prepare("INSERT INTO applications (event_id, user_id, status) VALUES (?, ?, 'pending')"); + $stmt = $pdo->prepare("INSERT INTO applications (event_id, user_id, status) VALUES (?, ?, 'awaiting_proof')"); $stmt->execute([$event_id, $user_id]); $_SESSION['flash_message'] = [ 'type' => 'success', - 'message' => 'Your application has been submitted successfully!' + 'message' => 'You have successfully applied! Please upload your proof in the dashboard.' ]; } catch (PDOException $e) { diff --git a/assets/css/custom.css b/assets/css/custom.css index 17a199f..2de4754 100644 --- a/assets/css/custom.css +++ b/assets/css/custom.css @@ -1,4 +1,3 @@ - /* --- Fonts --- */ @import url('https://fonts.googleapis.com/css2?family=Poppins:wght@700&family=Roboto:wght@400;500&display=swap'); @@ -128,3 +127,189 @@ h1, h2, h3, h4, h5, h6 { border-top: 1px solid #282828; margin-top: 50px; } + +/* --- Admin Dashboard --- */ +.admin-container { + display: flex; + min-height: 100vh; +} + +.sidebar { + width: 250px; + background-color: #1E1E1E; + color: #FFFFFF; + padding: 20px; + display: flex; + flex-direction: column; +} + +.sidebar .brand { + font-family: 'Poppins', sans-serif; + font-weight: 700; + font-size: 1.5rem; + color: #FFFFFF; + text-align: center; + margin-bottom: 30px; + text-decoration: none; +} + +.sidebar .nav-link { + color: #A0A0A0; + text-decoration: none; + padding: 15px 20px; + margin-bottom: 10px; + border-radius: 8px; + transition: all 0.3s ease; +} + +.sidebar .nav-link i { + margin-right: 15px; +} + +.sidebar .nav-link:hover, +.sidebar .nav-link.active { + background-color: #9E00FF; + color: #FFFFFF; +} + +.content-wrapper { + flex-grow: 1; + padding: 30px; + background-color: #121212; + color: #FFFFFF; +} + +.main-content { + background-color: #1E1E1E; + padding: 30px; + border-radius: 12px; + color: #FFFFFF; +} + +.summary-card { + background-color: #1E1E1E; + border-radius: 12px; + padding: 25px; + margin-bottom: 30px; + display: flex; + align-items: center; + border: 1px solid #282828; +} + +.summary-card .card-icon { + font-size: 2.5rem; + color: #9E00FF; + margin-right: 20px; +} + +.summary-card .card-title { + font-size: 1rem; + color: #A0A0A0; + margin-bottom: 5px; +} + +.summary-card .card-text { + font-size: 2rem; + font-weight: 700; + color: #FFFFFF; +} + +.admin-footer { + background-color: #FFFFFF; + color: #121212; + border-top: 1px solid #E0E0E0; +} + +/* --- Auth Cards --- */ +.auth-card { + background-color: #1E1E1E; + border: 1px solid #282828; + border-radius: 12px; + padding: 40px; + box-shadow: 0 10px 30px rgba(0, 0, 0, 0.5); +} + +.auth-card .card-title { + color: #FFFFFF; + font-size: 2rem; + margin-bottom: 20px; +} + +.form-label { + color: #A0A0A0; +} + +.form-control { + background-color: #282828; + border-color: #383838; + color: #FFFFFF; +} + + +.form-control:focus { + background-color: #282828; + border-color: #9E00FF; + color: #FFFFFF; + box-shadow: 0 0 0 0.25rem rgba(158, 0, 255, 0.25); +} + +/* --- Responsive Design --- */ +.sidebar-toggler { + position: fixed; + top: 15px; + left: 15px; + z-index: 1000; + background-color: rgba(30, 30, 30, 0.8); + border: 1px solid #383838; + color: #FFFFFF; + width: 50px; + height: 50px; + border-radius: 8px; + font-size: 1.5rem; +} + +@media (max-width: 991.98px) { + .sidebar { + position: fixed; + left: -250px; + top: 0; + height: 100%; + z-index: 999; + transition: left 0.3s ease-in-out; + } + + .admin-container.sidebar-show .sidebar { + left: 0; + } + + .content-wrapper { + padding-left: 15px; + padding-right: 15px; + } + + .hero h1 { + font-size: 2.5rem; + } + + .hero p { + font-size: 1rem; + } + + .summary-card { + flex-direction: column; + text-align: center; + } + + .summary-card .card-icon { + margin-right: 0; + margin-bottom: 15px; + } +} + +/* --- Responsive Tables --- */ +.table-responsive { + display: block; + width: 100%; + overflow-x: auto; + -webkit-overflow-scrolling: touch; +} diff --git a/assets/js/main.js b/assets/js/main.js index f36dd4a..78ebd39 100644 --- a/assets/js/main.js +++ b/assets/js/main.js @@ -1 +1,10 @@ -// PromoPass main javascript file \ No newline at end of file +document.addEventListener('DOMContentLoaded', function() { + const sidebarToggler = document.getElementById('sidebarToggler'); + const adminContainer = document.querySelector('.admin-container'); + + if (sidebarToggler && adminContainer) { + sidebarToggler.addEventListener('click', function() { + adminContainer.classList.toggle('sidebar-show'); + }); + } +}); diff --git a/assets/pasted-20251119-231546-cc8f8cb5.png b/assets/pasted-20251119-231546-cc8f8cb5.png new file mode 100644 index 0000000..38b3def Binary files /dev/null and b/assets/pasted-20251119-231546-cc8f8cb5.png differ diff --git a/dashboard.php b/dashboard.php index 72915f9..9b84566 100644 --- a/dashboard.php +++ b/dashboard.php @@ -10,10 +10,10 @@ if (is_admin()) { require_once 'includes/header.php'; ?> - +

User Dashboard

-

Welcome back, . Here you can view your applications and manage your profile.

+

Welcome back, . Here you can view your applications and manage your profile.

@@ -23,7 +23,7 @@ require_once 'includes/header.php'; require_once 'db/config.php'; $pdo = db(); $stmt = $pdo->prepare( - 'SELECT a.id, a.status, a.created_at, e.name AS event_name, e.event_date + 'SELECT a.id, a.status, a.created_at, e.title AS event_name, e.event_date FROM applications a JOIN events e ON a.event_id = e.id WHERE a.user_id = ? @@ -39,28 +39,56 @@ require_once 'includes/header.php'; Event - Event Date Applied On Status + Action / Proof - - + + + prepare('SELECT file_path FROM application_proofs WHERE application_id = ? ORDER BY uploaded_at DESC'); + $proofs_stmt->execute([$app['id']]); + $proofs = $proofs_stmt->fetchAll(); + + if (count($proofs) > 0) { + echo ''; + } + + if ($app['status'] == 'awaiting_proof' || $app['status'] == 'pending_approval') { ?> +
+ +
+ + +
+
+ + @@ -73,5 +101,6 @@ require_once 'includes/header.php';
+
diff --git a/db/migrations/004_add_capacity_and_image_to_events.sql b/db/migrations/004_add_capacity_and_image_to_events.sql new file mode 100644 index 0000000..6a0b78d --- /dev/null +++ b/db/migrations/004_add_capacity_and_image_to_events.sql @@ -0,0 +1,3 @@ +ALTER TABLE events +ADD COLUMN capacity INT(11) DEFAULT 0, +ADD COLUMN image_url VARCHAR(255) DEFAULT NULL; diff --git a/db/migrations/005_add_proof_to_applications.sql b/db/migrations/005_add_proof_to_applications.sql new file mode 100644 index 0000000..82eb1f1 --- /dev/null +++ b/db/migrations/005_add_proof_to_applications.sql @@ -0,0 +1,3 @@ +ALTER TABLE `applications` +ADD COLUMN `proof_screenshot_path` VARCHAR(255) NULL, +ADD COLUMN `proof_status` VARCHAR(50) NOT NULL DEFAULT 'pending_upload'; diff --git a/db/migrations/006_update_applications_status_enum.sql b/db/migrations/006_update_applications_status_enum.sql new file mode 100644 index 0000000..a48a107 --- /dev/null +++ b/db/migrations/006_update_applications_status_enum.sql @@ -0,0 +1,3 @@ +ALTER TABLE `applications` +CHANGE `status` `status` ENUM('awaiting_proof', 'pending_approval', 'approved', 'rejected') NOT NULL DEFAULT 'awaiting_proof', +DROP COLUMN `proof_status`; \ No newline at end of file diff --git a/db/migrations/010_fix_and_update_status_enum.sql b/db/migrations/010_fix_and_update_status_enum.sql new file mode 100644 index 0000000..357c04b --- /dev/null +++ b/db/migrations/010_fix_and_update_status_enum.sql @@ -0,0 +1,8 @@ +-- Step 1: Add 'awaiting_proof' to the ENUM to allow the update +ALTER TABLE `applications` MODIFY `status` ENUM('pending', 'awaiting_proof', 'pending_approval', 'approved', 'rejected') NOT NULL; + +-- Step 2: Update existing 'pending' values +UPDATE `applications` SET `status` = 'awaiting_proof' WHERE `status` = 'pending'; + +-- Step 3: Remove 'pending' from the ENUM +ALTER TABLE `applications` MODIFY `status` ENUM('awaiting_proof', 'pending_approval', 'approved', 'rejected') NOT NULL DEFAULT 'awaiting_proof'; diff --git a/db/migrations/011_create_application_proofs_table.sql b/db/migrations/011_create_application_proofs_table.sql new file mode 100644 index 0000000..fb11a27 --- /dev/null +++ b/db/migrations/011_create_application_proofs_table.sql @@ -0,0 +1,9 @@ +CREATE TABLE IF NOT EXISTS `application_proofs` ( + `id` INT AUTO_INCREMENT PRIMARY KEY, + `application_id` INT NOT NULL, + `file_path` VARCHAR(255) NOT NULL, + `uploaded_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (`application_id`) REFERENCES `applications`(`id`) ON DELETE CASCADE +); + +ALTER TABLE `applications` DROP COLUMN `proof_screenshot_path`; diff --git a/db/migrations/012_add_timestamp_to_proofs.sql b/db/migrations/012_add_timestamp_to_proofs.sql new file mode 100644 index 0000000..378f492 --- /dev/null +++ b/db/migrations/012_add_timestamp_to_proofs.sql @@ -0,0 +1 @@ +ALTER TABLE `application_proofs` ADD `created_at` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP; diff --git a/includes/footer.php b/includes/footer.php index 1f7442f..db94481 100644 --- a/includes/footer.php +++ b/includes/footer.php @@ -1,6 +1,9 @@ + + + @@ -8,6 +11,6 @@ - + \ No newline at end of file diff --git a/includes/header.php b/includes/header.php index 0bbea23..026603b 100644 --- a/includes/header.php +++ b/includes/header.php @@ -1,4 +1,4 @@ - +""" @@ -20,42 +20,36 @@ + + + - - \ No newline at end of file +
+
+ PromoPass + + + Dashboard + Events + Applications + Users + Logout + + Home + My Dashboard + Logout + + Home + Login + Sign Up + +
+
+ +"" \ No newline at end of file diff --git a/includes/session.php b/includes/session.php index 77b6b76..d92b8ed 100644 --- a/includes/session.php +++ b/includes/session.php @@ -4,11 +4,11 @@ session_start(); require_once __DIR__ . '/../db/config.php'; function is_logged_in() { - return isset($_SESSION['user_id']); + return isset($_SESSION['user']['id']); } function is_admin() { - return is_logged_in() && isset($_SESSION['user_role']) && $_SESSION['user_role'] === 'admin'; + return is_logged_in() && isset($_SESSION['user']['role']) && $_SESSION['user']['role'] === 'admin'; } function require_login() { diff --git a/index.php b/index.php index fa6723f..d2d0c3e 100644 --- a/index.php +++ b/index.php @@ -1,5 +1,7 @@ +
+
@@ -31,9 +33,9 @@ // If user is logged in, get their applications $user_applications = []; - if (isset($_SESSION['user_id'])) { + if (isset($_SESSION['user']['id'])) { $app_stmt = $pdo->prepare('SELECT event_id FROM applications WHERE user_id = ?'); - $app_stmt->execute([$_SESSION['user_id']]); + $app_stmt->execute([$_SESSION['user']['id']]); $user_applications = $app_stmt->fetchAll(PDO::FETCH_COLUMN); } @@ -46,7 +48,7 @@

- + @@ -55,7 +57,8 @@ - + Login to Apply
@@ -65,5 +68,6 @@
+
\ No newline at end of file diff --git a/login.php b/login.php index da853bf..baeaef1 100644 --- a/login.php +++ b/login.php @@ -19,8 +19,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($user && password_verify($password, $user['password'])) { - $_SESSION['user_id'] = $user['id']; - $_SESSION['user_role'] = $user['role']; + $_SESSION['user'] = [ + 'id' => $user['id'], + 'email' => $user['email'], + 'role' => $user['role'] + ]; if ($user['role'] === 'admin') { header('Location: admin/index.php'); @@ -40,7 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { require_once 'includes/header.php'; ?> - +
@@ -71,5 +74,6 @@ require_once 'includes/header.php';
+
diff --git a/signup.php b/signup.php index 21e99fd..9525ea0 100644 --- a/signup.php +++ b/signup.php @@ -43,7 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { require_once 'includes/header.php'; ?> - +
@@ -82,5 +82,6 @@ require_once 'includes/header.php';
+
diff --git a/temp_check_migrations.php b/temp_check_migrations.php new file mode 100644 index 0000000..141cb19 --- /dev/null +++ b/temp_check_migrations.php @@ -0,0 +1,5 @@ +query("SELECT * FROM migrations"); +print_r($stmt->fetchAll(PDO::FETCH_ASSOC)); diff --git a/upload_proof.php b/upload_proof.php new file mode 100644 index 0000000..a5cd45a --- /dev/null +++ b/upload_proof.php @@ -0,0 +1,70 @@ + 'danger', 'message' => 'Invalid request.']; + header('Location: dashboard.php'); + exit(); +} + +$application_id = $_POST['application_id']; +$user_id = $_SESSION['user']['id']; +$file = $_FILES['proof_screenshot']; + +require_once 'db/config.php'; +$pdo = db(); + +// Verify application belongs to the user +$stmt = $pdo->prepare("SELECT id FROM applications WHERE id = ? AND user_id = ? AND (status = 'awaiting_proof' OR status = 'pending_approval')"); +$stmt->execute([$application_id, $user_id]); +if (!$stmt->fetch()) { + $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Invalid application or you are not allowed to perform this action.']; + header('Location: dashboard.php'); + exit(); +} + +// File upload handling +if ($file['error'] !== UPLOAD_ERR_OK) { + $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Error uploading file.']; + header('Location: dashboard.php'); + exit(); +} + +$allowed_types = ['image/jpeg', 'image/png', 'image/gif']; +if (!in_array($file['type'], $allowed_types)) { + $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Invalid file type. Only JPG, PNG, and GIF are allowed.']; + header('Location: dashboard.php'); + exit(); +} + +if ($file['size'] > 5 * 1024 * 1024) { // 5 MB limit + $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'File is too large. Maximum size is 5MB.']; + header('Location: dashboard.php'); + exit(); +} + +$upload_dir = 'uploads/proofs/'; +$filename = uniqid() . '-' . basename($file['name']); +$destination = $upload_dir . $filename; + +if (move_uploaded_file($file['tmp_name'], $destination)) { + // Update database + $stmt = $pdo->prepare("INSERT INTO application_proofs (application_id, file_path) VALUES (?, ?)"); + $stmt->execute([$application_id, $destination]); + + $stmt = $pdo->prepare("UPDATE applications SET status = 'pending_approval' WHERE id = ?"); + $stmt->execute([$application_id]); + + $_SESSION['flash_message'] = ['type' => 'success', 'message' => 'Proof uploaded successfully. It is now pending review.']; +} else { + $_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Failed to move uploaded file.']; +} + +header('Location: dashboard.php'); +exit(); diff --git a/uploads/proofs/691e53747373e-09.26_THE CAVERNS_SQUARE.jpg b/uploads/proofs/691e53747373e-09.26_THE CAVERNS_SQUARE.jpg new file mode 100644 index 0000000..f0a03b2 Binary files /dev/null and b/uploads/proofs/691e53747373e-09.26_THE CAVERNS_SQUARE.jpg differ diff --git a/uploads/proofs/691e563fd698a-09.26_THE CAVERNS_SQUARE.jpg b/uploads/proofs/691e563fd698a-09.26_THE CAVERNS_SQUARE.jpg new file mode 100644 index 0000000..f0a03b2 Binary files /dev/null and b/uploads/proofs/691e563fd698a-09.26_THE CAVERNS_SQUARE.jpg differ diff --git a/uploads/proofs/691e56454ef7d-120-91e4a5dd-91.jpg b/uploads/proofs/691e56454ef7d-120-91e4a5dd-91.jpg new file mode 100644 index 0000000..94eb83e Binary files /dev/null and b/uploads/proofs/691e56454ef7d-120-91e4a5dd-91.jpg differ diff --git a/uploads/proofs/691e564a73b72-f231faba-0efa-4fc3-88c4-5de128820834.jpeg b/uploads/proofs/691e564a73b72-f231faba-0efa-4fc3-88c4-5de128820834.jpeg new file mode 100644 index 0000000..544d26d Binary files /dev/null and b/uploads/proofs/691e564a73b72-f231faba-0efa-4fc3-88c4-5de128820834.jpeg differ