|
|
<?php |
|
|
require_once '../../db.php'; |
|
|
redirectIfNotLoggedIn(); |
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST') { |
|
|
$data = json_decode(file_get_contents('php://input'), true); |
|
|
$package_name = $data['package']; |
|
|
$amount = $data['amount']; |
|
|
$user_id = $_SESSION['user_id']; |
|
|
|
|
|
|
|
|
if ($_SESSION['balance'] < $amount) { |
|
|
echo json_encode(['success' => false, 'message' => 'Insufficient balance.']); |
|
|
exit; |
|
|
} |
|
|
|
|
|
|
|
|
$stmt = $pdo->prepare("SELECT * FROM packages WHERE name = ?"); |
|
|
$stmt->execute([$package_name]); |
|
|
$package = $stmt->fetch(PDO::FETCH_ASSOC); |
|
|
|
|
|
if (!$package) { |
|
|
echo json_encode(['success' => false, 'message' => 'Package not found.']); |
|
|
exit; |
|
|
} |
|
|
|
|
|
|
|
|
$pdo->beginTransaction(); |
|
|
|
|
|
try { |
|
|
|
|
|
$stmt = $pdo->prepare("UPDATE users SET balance = balance - ?, package = ? WHERE id = ?"); |
|
|
$stmt->execute([$amount, $package_name, $user_id]); |
|
|
|
|
|
|
|
|
$stmt = $pdo->prepare("INSERT INTO transactions (user_id, type, amount, description, status) VALUES (?, 'purchase', ?, ?, 'completed')"); |
|
|
$stmt->execute([$user_id, $amount, "Purchased {$package_name} package"]); |
|
|
|
|
|
|
|
|
$stmt = $pdo->prepare("INSERT INTO user_packages (user_id, package_id, investment_amount, expected_return) VALUES (?, ?, ?, ?)"); |
|
|
$stmt->execute([$user_id, $package['id'], $amount, $package['return_amount']]); |
|
|
|
|
|
|
|
|
$stmt = $pdo->prepare("UPDATE users SET package = ? WHERE id = ?"); |
|
|
$stmt->execute([$package_name, $user_id]); |
|
|
|
|
|
|
|
|
$pdo->commit(); |
|
|
|
|
|
|
|
|
$_SESSION['balance'] -= $amount; |
|
|
$_SESSION['package'] = $package_name; |
|
|
|
|
|
echo json_encode(['success' => true, 'message' => 'Package purchased successfully!']); |
|
|
} catch (Exception $e) { |
|
|
$pdo->rollBack(); |
|
|
echo json_encode(['success' => false, 'message' => 'Purchase failed: ' . $e->getMessage()]); |
|
|
} |
|
|
} |
|
|
?> |
