Viewing File: /home/quiczmwg/public_html/withdraw_code.php

<?php
session_start();
include '_db.php';

if (!isset($_SESSION['withdraw_temp'])) {
    header("Location: withdraw.php");
    exit();
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $inputCode = trim($_POST['code']);
    $userid = $_SESSION['withdraw_temp']['userid'];

    $stmt = $conn->prepare("SELECT withdrawal_code FROM user_login WHERE userid = ?");
    $stmt->bind_param("s", $userid);
    $stmt->execute();
    $result = $stmt->get_result();
    $user = $result->fetch_assoc();

    if ($user && $inputCode === $user['withdrawal_code']) {
        // ✅ Code correct — proceed to actual withdrawal
        header("Location: withdrawal_process.php");
        exit();
    } else {
        $error = "Invalid code. Please try again.";
    }
}
?>

<!DOCTYPE html>
<html>
<head>
  <title>Enter Withdrawal Code</title>
  <style>
    body {
      font-family: Arial;
      padding: 2rem;
      text-align: center;
    }
    input {
      padding: 10px;
      font-size: 16px;
      width: 200px;
    }
    button {
      padding: 10px 20px;
      margin-top: 1rem;
      background: #28a745;
      border: none;
      color: white;
      font-weight: bold;
    }
    .error {
      color: red;
    }
  </style>
</head>
<body>
  <h2>Enter Withdrawal Code</h2>
  <?php if (isset($error)) echo "<p class='error'>$error</p>"; ?>
  <form method="post">
    <input type="text" name="code" placeholder="Enter code" required>
    <br>
    <button type="submit">Confirm</button>
  </form>
</body>
</html>