false, 'message' => 'Not authenticated']); exit; } // Include database configuration require_once '../../db.php'; // Get user data from session $user_id = $_SESSION['user_id'] ?? null; $current_balance = $_SESSION['balance']; if (!$user_id) { echo json_encode(['success' => false, 'message' => 'User not identified']); exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $product_id = filter_input(INPUT_POST, 'product_id', FILTER_SANITIZE_NUMBER_INT); try { // Start transaction $pdo->beginTransaction(); // Get product details $stmt = $pdo->prepare("SELECT * FROM products WHERE id = ? AND is_active = TRUE"); $stmt->execute([$product_id]); $product = $stmt->fetch(PDO::FETCH_ASSOC); if (!$product) { throw new Exception("Product not available."); } // Check if user has sufficient balance if ($current_balance < $product['price']) { throw new Exception("Insufficient balance to purchase this product. You need KES " . number_format($product['price'] - $current_balance, 2) . " more."); } // Deduct product price from user's balance $new_balance = $current_balance - $product['price']; $stmt = $pdo->prepare("UPDATE users SET balance = ? WHERE id = ?"); $stmt->execute([$new_balance, $user_id]); // Record the transaction $stmt = $pdo->prepare("INSERT INTO transactions (user_id, type, amount, description, balance_after) VALUES (?, 'product_purchase', ?, ?, ?)"); $stmt->execute([ $user_id, $product['price'], "Purchased: " . $product['name'], $new_balance ]); // Add to user's products $stmt = $pdo->prepare("INSERT INTO user_products (user_id, product_id, purchase_price, cashback_received) VALUES (?, ?, ?, ?)"); $stmt->execute([$user_id, $product_id, $product['price'], $product['cashback_amount']]); // If there's cashback, process it if ($product['cashback_amount'] > 0) { $cashback_balance = $new_balance + $product['cashback_amount']; $stmt = $pdo->prepare("UPDATE users SET balance = ?, rewards = rewards + ? WHERE id = ?"); $stmt->execute([$cashback_balance, $product['cashback_amount'], $user_id]); // Record cashback transaction $stmt = $pdo->prepare("INSERT INTO transactions (user_id, type, amount, description, balance_after) VALUES (?, 'cashback', ?, ?, ?)"); $stmt->execute([ $user_id, $product['cashback_amount'], "Cashback for: " . $product['name'], $cashback_balance ]); $new_balance = $cashback_balance; } // Update user package if this is a package product if (stripos($product['name'], 'package') !== false || stripos($product['name'], 'bundle') !== false) { $stmt = $pdo->prepare("UPDATE users SET package = ? WHERE id = ?"); $stmt->execute([$product['name'], $user_id]); // Update session data $_SESSION['package'] = $product['name']; } // Update session balance $_SESSION['balance'] = $new_balance; // Commit transaction $pdo->commit(); // Return success response echo json_encode([ 'success' => true, 'message' => 'Product purchased successfully!', 'new_balance' => $new_balance, 'product_name' => $product['name'], 'redirect_url' => 'package-' . strtolower(str_replace(' ', '-', $product['name'])) . '.php' ]); } catch (Exception $e) { $pdo->rollBack(); echo json_encode(['success' => false, 'message' => $e->getMessage()]); } exit; } ?>