diff --git a/admin_purchases.php b/admin_purchases.php
index 6f27c0c..5f1c8c0 100644
--- a/admin_purchases.php
+++ b/admin_purchases.php
@@ -2,6 +2,9 @@
session_start();
require_once __DIR__ . '/db/config.php';
+use App\Repositories\PurchaseRepository;
+use App\Repositories\CarRepository;
+
if (!isset($_SESSION['user_id']) || ($_SESSION['role'] ?? '') !== 'admin') {
header('Location: login.php');
exit;
@@ -9,32 +12,40 @@ if (!isset($_SESSION['user_id']) || ($_SESSION['role'] ?? '') !== 'admin') {
$pdo = db();
$message = '';
+$purchaseRepo = new PurchaseRepository();
+$carRepo = new CarRepository();
if (isset($_POST['action']) && isset($_POST['purchase_id'])) {
$purchase_id = $_POST['purchase_id'];
$action = $_POST['action'];
- $status = ($action === 'approve') ? 'approved' : 'rejected';
try {
$pdo->beginTransaction();
- // Update purchase status
- $stmt = $pdo->prepare("UPDATE purchases SET status = ? WHERE id = ?");
- $stmt->execute([$status, $purchase_id]);
-
- if ($status === 'approved') {
- // Get car ID
+ if ($action === 'approve') {
+ // Admin verifies -> move to held_in_escrow
+ $stmt = $pdo->prepare("UPDATE purchases SET status = 'paid', escrow_status = 'held_in_escrow' WHERE id = ?");
+ $stmt->execute([$purchase_id]);
+
+ // Get car ID and mark as sold
$stmt = $pdo->prepare("SELECT car_id FROM purchases WHERE id = ?");
$stmt->execute([$purchase_id]);
$car_id = $stmt->fetchColumn();
+ $carRepo->markAsSold($car_id);
- // Mark car as sold
- $stmt = $pdo->prepare("UPDATE cars SET status = 'sold' WHERE id = ?");
- $stmt->execute([$car_id]);
+ $message = "Transaction verified. Funds are now held in Escrow.";
+ } elseif ($action === 'release') {
+ // Admin releases payment to seller
+ $stmt = $pdo->prepare("UPDATE purchases SET status = 'completed', escrow_status = 'released' WHERE id = ?");
+ $stmt->execute([$purchase_id]);
+ $message = "Payment released to seller. Transaction completed.";
+ } elseif ($action === 'reject') {
+ $stmt = $pdo->prepare("UPDATE purchases SET status = 'failed', escrow_status = 'cancelled' WHERE id = ?");
+ $stmt->execute([$purchase_id]);
+ $message = "Transaction rejected and cancelled.";
}
$pdo->commit();
- $message = "Purchase request " . ($status === 'approved' ? 'approved' : 'rejected') . " successfully.";
} catch (Exception $e) {
$pdo->rollBack();
$message = "Error: " . $e->getMessage();
@@ -43,7 +54,7 @@ if (isset($_POST['action']) && isset($_POST['purchase_id'])) {
// Fetch all purchases with car and user info
$stmt = $pdo->query("
- SELECT p.*, c.brand, c.model, c.price, c.year, u.name as buyer_user_name, ci.image_path
+ SELECT p.*, c.brand, c.model, c.year, u.name as buyer_user_name, ci.image_path
FROM purchases p
JOIN cars c ON p.car_id = c.id
JOIN users u ON p.user_id = u.id
@@ -57,7 +68,7 @@ $purchases = $stmt->fetchAll();
- Purchase Requests | Admin
+ Enterprise Transactions | Admin
@@ -65,11 +76,11 @@ $purchases = $stmt->fetchAll();
@@ -164,4 +179,4 @@ $purchases = $stmt->fetchAll();
-