43 lines
1.2 KiB
PHP
43 lines
1.2 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: login.php');
|
|
exit;
|
|
}
|
|
|
|
$user_id = $_SESSION['user_id'];
|
|
$round_id = $_POST['round_id'] ?? null;
|
|
$status = $_POST['status'] ?? null;
|
|
|
|
if (!$round_id || !in_array($status, ['Closed', 'Cancelled'])) {
|
|
header('Location: startups.php');
|
|
exit;
|
|
}
|
|
|
|
// Verify that the user owns the startup associated with this round
|
|
$stmt = db()->prepare("
|
|
SELECT fr.*, s.founder_id
|
|
FROM funding_rounds fr
|
|
JOIN startups s ON fr.startup_id = s.id
|
|
WHERE fr.id = ?
|
|
");
|
|
$stmt->execute([$round_id]);
|
|
$round = $stmt->fetch();
|
|
|
|
if (!$round || $round['founder_id'] != $user_id) {
|
|
die("Unauthorized action.");
|
|
}
|
|
|
|
// Update the round status
|
|
$stmt = db()->prepare("UPDATE funding_rounds SET status = ? WHERE id = ?");
|
|
$stmt->execute([$status, $round_id]);
|
|
|
|
// If closed/cancelled, we should also ensure the startup status is updated if needed,
|
|
// though the app uses funding_rounds status for 'Active' logic.
|
|
// In startups.php, it checks: LEFT JOIN funding_rounds fr ON s.id = fr.startup_id AND fr.status = 'Active'
|
|
|
|
header('Location: startups.php?success=status_updated');
|
|
exit;
|