Viewing File: /home/quiczmwg/public_html/process_withdrawal.php

<?php
session_start();
include_once('_db.php');

if (!isset($_SESSION['userid'])) {
    echo json_encode(['status' => 'error', 'message' => 'Unauthorized']);
    exit;
}

$userid = $_SESSION['userid'];
$amount = floatval($_POST['amount']);
$method = $_POST['withdrawal_method'];
$wallet_address = $_POST['wallet_address'] ?? null;
$bank_name = $_POST['bank_name'] ?? null;
$account_number = $_POST['account_number'] ?? null;
$routing_number = $_POST['routing_number'] ?? null;
$request_time = date("Y-m-d H:i:s");

// Check balance
$stmt = $conn->prepare("SELECT account_balance FROM user_login WHERE userid = ?");
$stmt->bind_param("s", $userid);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$current_balance = floatval($row['account_balance']);
$stmt->close();

if ($amount <= 0 || $amount > $current_balance) {
    echo json_encode(['status' => 'error', 'message' => 'Invalid withdrawal amount']);
    exit;
}

// Deduct amount
$new_balance = $current_balance - $amount;
$update = $conn->prepare("UPDATE user_login SET account_balance = ? WHERE userid = ?");
$update->bind_param("ds", $new_balance, $userid);
$update->execute();
$update->close();

// Insert into withdrawal table
$insert = $conn->prepare("INSERT INTO withdrawals (userid, amount, method, wallet_address, bank_name, account_number, routing_number, status, request_time) VALUES (?, ?, ?, ?, ?, ?, ?, 'pending', ?)");
$insert->bind_param("sdssssss", $userid, $amount, $method, $wallet_address, $bank_name, $account_number, $routing_number, $request_time);
$insert->execute();
$insert->close();

echo json_encode(['status' => 'success']);
?>