Viewing File: /home/quiczmwg/solixproperties.org/process_investment.php

<?php
// Start the session
session_start();

// Include database connection and other necessary files
include_once('_db.php');

// Check if the user is logged in
if (!isset($_SESSION['userid'])) {
    header("Location: login.php");
    exit();
}

// Check if form data is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Retrieve and sanitize form data
    $userid = $_SESSION['userid'];
    $planTitle = mysqli_real_escape_string($conn, $_POST['plan_title']);
    $investmentAmount = mysqli_real_escape_string($conn, $_POST['amount']);
    $totalProfit = mysqli_real_escape_string($conn, $_POST['total_profit']);
    $walletType = mysqli_real_escape_string($conn, $_POST['wallet_type']);

    // Handle uploaded file
    $targetDir = "uploads/";
    $targetFile = $targetDir . basename($_FILES["proof_of_payment"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($targetFile, PATHINFO_EXTENSION));

    // Check if file is a valid image
    $check = getimagesize($_FILES["proof_of_payment"]["tmp_name"]);
    if ($check !== false) {
        $uploadOk = 1;
    } else {
        $uploadOk = 0;
    }

    // Check file size
    if ($_FILES["proof_of_payment"]["size"] > 500000) {
        $uploadOk = 0;
    }

    // Allow only certain file formats
    if (!in_array($imageFileType, ["jpg", "jpeg", "png", "gif"])) {
        $uploadOk = 0;
    }

    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        header("Location: success_page.php?status=error&message=File%20upload%20failed.");
        exit();
    } else {
        if (!move_uploaded_file($_FILES["proof_of_payment"]["tmp_name"], $targetFile)) {
            header("Location: success_page.php?status=error&message=File%20upload%20failed.");
            exit();
        }
    }

    // Fetch current account balance
    $balanceSql = "SELECT account_balance FROM user_login WHERE userid = '$userid'";
    $balanceResult = $conn->query($balanceSql);
    if ($balanceResult->num_rows > 0) {
        $row = $balanceResult->fetch_assoc();
        $currentBalance = $row["account_balance"];
        $newBalance = $currentBalance - $investmentAmount;

        // Update user's account balance
        $updateBalanceSql = "UPDATE user_login SET account_balance = '$newBalance' WHERE userid = '$userid'";
        if ($conn->query($updateBalanceSql) !== TRUE) {
            header("Location: success_page.php?status=error&message=Failed%20to%20update%20account%20balance.");
            exit();
        }
    } else {
        header("Location: success_page.php?status=error&message=User%20not%20found.");
        exit();
    }

    // Insert payment details into the database
    $insertSql = "INSERT INTO investments (userid, plan_title, amount, profit, wallet_type, proof_of_payment) 
                  VALUES ('$userid', '$planTitle', '$investmentAmount', '$totalProfit', '$walletType', '$targetFile')";
    if ($conn->query($insertSql) !== TRUE) {
        header("Location: success_page.php?status=error&message=Failed%20to%20insert%20investment%20details.");
        exit();
    }

    // Calculate the scheduled time for profit addition (current time + 24 hours)
    $scheduledTime = time() + (24 * 60 * 60);

    // Insert a record into the profit_additions table
    $profitSql = "INSERT INTO profit_additions (userid, profit, scheduled_time) VALUES ('$userid', '$totalProfit', '$scheduledTime')";
    if ($conn->query($profitSql) !== TRUE) {
        echo "Error inserting profit addition record: " . $conn->error; // Debugging statement
        header("Location: success_page.php?status=error&message=Failed%20to%20insert%20profit%20addition%20record.");
        exit();
    }

    // Redirect to confirmation page with success status
    header("Location: success_page.php?status=success");
    exit();
} else {
    header("Location: index.php");
    exit();
}
?>