false, 'error' => 'Unauthorized']); exit; } $action = $_POST['action'] ?? ''; if ($action === 'recharge') { $amount = (float)$_POST['amount']; $symbol = $_POST['symbol'] ?? 'USDT'; $method = $_POST['method'] ?? 'Crypto'; $tx_hash = $_POST['tx_hash'] ?? ''; if ($amount <= 0) { echo json_encode(['success' => false, 'error' => 'Invalid amount']); exit; } $stmt = $db->prepare("INSERT INTO finance_requests (user_id, type, amount, symbol, payment_method, tx_hash, status) VALUES (?, 'recharge', ?, ?, ?, ?, 'pending')"); $stmt->execute([$user_id, $amount, $symbol, $method, $tx_hash]); echo json_encode(['success' => true]); exit; } if ($action === 'withdraw') { $amount = (float)$_POST['amount']; $symbol = $_POST['symbol'] ?? 'USDT'; $address = $_POST['address'] ?? ''; $password = $_POST['password'] ?? ''; // Validate balance $stmt = $db->prepare("SELECT available FROM user_balances WHERE user_id = ? AND symbol = ?"); $stmt->execute([$user_id, $symbol]); $bal = $stmt->fetchColumn(); if ($bal < $amount) { echo json_encode(['success' => false, 'error' => 'Insufficient balance']); exit; } // In a real app, validate withdrawal password here. // For now we just proceed as requested. $db->beginTransaction(); try { // Deduct balance $db->prepare("UPDATE user_balances SET available = available - ? WHERE user_id = ? AND symbol = ?") ->execute([$amount, $user_id, $symbol]); // Record request $stmt = $db->prepare("INSERT INTO finance_requests (user_id, type, amount, symbol, payment_details, status) VALUES (?, 'withdrawal', ?, ?, ?, 'pending')"); $stmt->execute([$user_id, $amount, $symbol, $address]); // Add to transactions as pending $db->prepare("INSERT INTO transactions (user_id, type, amount, symbol, status) VALUES (?, 'withdrawal', ?, ?, 'pending')") ->execute([$user_id, $amount, $symbol]); $db->commit(); echo json_encode(['success' => true]); } catch (Exception $e) { $db->rollBack(); echo json_encode(['success' => false, 'error' => $e->getMessage()]); } exit; } echo json_encode(['success' => false, 'error' => 'Invalid action']);