35 lines
1.1 KiB
PHP
35 lines
1.1 KiB
PHP
<?php
|
|
require_once __DIR__ . '/db/config.php';
|
|
|
|
// Auth and Role check
|
|
if (!isset($_SESSION['user_id']) || !in_array($_SESSION['role'], ['Admin', 'Finance'])) {
|
|
$_SESSION['error'] = "You do not have permission to update invoice status.";
|
|
header("Location: invoices.php");
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header("Location: invoices.php");
|
|
exit;
|
|
}
|
|
|
|
$invoice_id = $_POST['invoice_id'] ?? null;
|
|
$status = $_POST['status'] ?? null;
|
|
|
|
if ($invoice_id && $status) {
|
|
try {
|
|
$stmt = db()->prepare("UPDATE invoices SET status = ? WHERE id = ?");
|
|
$stmt->execute([$status, $invoice_id]);
|
|
|
|
// Log action
|
|
$log_stmt = db()->prepare("INSERT INTO audit_logs (user_id, action, entity_type, entity_id, details) VALUES (?, ?, ?, ?, ?)");
|
|
$log_stmt->execute([$_SESSION['user_id'], 'UPDATE_STATUS', 'INVOICE', $invoice_id, "New status: $status"]);
|
|
|
|
$_SESSION['success'] = "Invoice status updated to $status.";
|
|
} catch (Exception $e) {
|
|
$_SESSION['error'] = "Error updating status: " . $e->getMessage();
|
|
}
|
|
}
|
|
|
|
header("Location: invoices.php");
|
|
exit; |