beginTransaction(); try { // Get application and task details, and ensure the current user owns the task $stmt = $pdo->prepare( "SELECT a.id as application_id, a.task_id, t.user_id as task_owner_id FROM applications a JOIN tasks t ON a.task_id = t.id WHERE a.id = ? AND t.user_id = ?" ); $stmt->execute([$application_id, $user_id]); $application_info = $stmt->fetch(PDO::FETCH_ASSOC); if (!$application_info) { // If no result, either application doesn't exist or user doesn't own the task. throw new Exception("Authorization failed or application not found."); } $task_id = $application_info['task_id']; // 1. Update the accepted application's status to 'accepted' $stmt = $pdo->prepare("UPDATE applications SET status = 'accepted' WHERE id = ?"); $stmt->execute([$application_id]); // 2. Update the task's status to 'assigned' $stmt = $pdo->prepare("UPDATE tasks SET status = 'assigned' WHERE id = ?"); $stmt->execute([$task_id]); // 3. Reject all other pending applications for this task $stmt = $pdo->prepare("UPDATE applications SET status = 'rejected' WHERE task_id = ? AND id != ? AND status = 'pending'"); $stmt->execute([$task_id, $application_id]); // If all queries were successful, commit the transaction $pdo->commit(); header("Location: /task-details.php?id=" . $task_id . "&message=application_accepted"); exit; } catch (Exception $e) { // If any query fails, roll back the transaction $pdo->rollBack(); error_log($e->getMessage()); // Redirect with a generic error. Avoid exposing specific DB errors. header("Location: /task-details.php?id=" . ($task_id ?? 0) . "&message=acceptance_failed"); exit; }