Viewing File: /home/quiczmwg/affordablerealtycorporation.com/admin/deposit-controller.php

<?php
include_once ("../_db.php");

if (isset($_GET['id']) && isset($_GET['status']) && $_GET['status'] == 'confirm') {
    // Validate and sanitize input
    $deposit_id = mysqli_real_escape_string($conn, $_GET['id']);

    // Check if the current status is 'pending' before updating to 'confirmed'
    $check_status_query = $conn->query("SELECT status FROM payments WHERE deposit_id='$deposit_id'");
    $status_row = $check_status_query->fetch_assoc();

    if ($status_row && $status_row['status'] == 'pending') {
        // Update payments status to 'confirmed'
        $update_query = $conn->query("UPDATE payments SET status='confirmed' WHERE deposit_id='$deposit_id'");
        
        if ($update_query) {
            $_SESSION['mgs'] = "Payment confirmed successfully!";
        } else {
            $_SESSION['mgs'] = "Error confirming payment: " . $conn->error;
        }
    } else {
        $_SESSION['mgs'] = "Payment is not in pending status or invalid deposit ID.";
    }

    header("Location: " . $_SERVER['HTTP_REFERER']);
} else {
    // Redirect to an error page or handle the case where parameters are not set appropriately
    header("Location: error.php");
    exit();
}
?>