71 lines
2.4 KiB
PHP
71 lines
2.4 KiB
PHP
<?php
|
|
require_once 'includes/session.php';
|
|
require_login();
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: dashboard.php');
|
|
exit();
|
|
}
|
|
|
|
if (!isset($_POST['application_id']) || !isset($_FILES['proof_screenshot'])) {
|
|
$_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Invalid request.'];
|
|
header('Location: dashboard.php');
|
|
exit();
|
|
}
|
|
|
|
$application_id = $_POST['application_id'];
|
|
$user_id = $_SESSION['user']['id'];
|
|
$file = $_FILES['proof_screenshot'];
|
|
|
|
require_once 'db/config.php';
|
|
$pdo = db();
|
|
|
|
// Verify application belongs to the user
|
|
$stmt = $pdo->prepare("SELECT id FROM applications WHERE id = ? AND user_id = ? AND (status = 'awaiting_proof' OR status = 'pending_approval')");
|
|
$stmt->execute([$application_id, $user_id]);
|
|
if (!$stmt->fetch()) {
|
|
$_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Invalid application or you are not allowed to perform this action.'];
|
|
header('Location: dashboard.php');
|
|
exit();
|
|
}
|
|
|
|
// File upload handling
|
|
if ($file['error'] !== UPLOAD_ERR_OK) {
|
|
$_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Error uploading file.'];
|
|
header('Location: dashboard.php');
|
|
exit();
|
|
}
|
|
|
|
$allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
|
|
if (!in_array($file['type'], $allowed_types)) {
|
|
$_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Invalid file type. Only JPG, PNG, and GIF are allowed.'];
|
|
header('Location: dashboard.php');
|
|
exit();
|
|
}
|
|
|
|
if ($file['size'] > 5 * 1024 * 1024) { // 5 MB limit
|
|
$_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'File is too large. Maximum size is 5MB.'];
|
|
header('Location: dashboard.php');
|
|
exit();
|
|
}
|
|
|
|
$upload_dir = 'uploads/proofs/';
|
|
$filename = uniqid() . '-' . basename($file['name']);
|
|
$destination = $upload_dir . $filename;
|
|
|
|
if (move_uploaded_file($file['tmp_name'], $destination)) {
|
|
// Update database
|
|
$stmt = $pdo->prepare("INSERT INTO application_proofs (application_id, file_path) VALUES (?, ?)");
|
|
$stmt->execute([$application_id, $destination]);
|
|
|
|
$stmt = $pdo->prepare("UPDATE applications SET status = 'pending_approval' WHERE id = ?");
|
|
$stmt->execute([$application_id]);
|
|
|
|
$_SESSION['flash_message'] = ['type' => 'success', 'message' => 'Proof uploaded successfully. It is now pending review.'];
|
|
} else {
|
|
$_SESSION['flash_message'] = ['type' => 'danger', 'message' => 'Failed to move uploaded file.'];
|
|
}
|
|
|
|
header('Location: dashboard.php');
|
|
exit();
|