| Server IP : 72.60.21.38 / Your IP : 216.73.216.25 Web Server : LiteSpeed System : Linux uk-fast-web1372.main-hosting.eu 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64 User : u390967363 ( 390967363) PHP Version : 8.2.30 Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail MySQL : OFF | cURL : ON | WGET : ON | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /home/u390967363/domains/aibenproperties.com/public_html/app/ |
Upload File : |
<?php
session_start();
require_once 'includes/db.php';
require_once 'includes/functions.php';
header('Content-Type: application/json');
if (!isset($_SESSION['user_id'])) {
echo json_encode(['success' => false, 'message' => 'Unauthorized']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['success' => false, 'message' => 'Invalid request method']);
exit;
}
$data = json_decode(file_get_contents('php://input'), true);
if (!isset($data['doc_id']) || !isset($data['new_status'])) {
echo json_encode(['success' => false, 'message' => 'Missing parameters']);
exit;
}
$doc_id = $data['doc_id'];
$new_status = $data['new_status'];
$user_id = $_SESSION['user_id'];
$user_role = $_SESSION['user_role'];
// Validate Status
$allowed_statuses = ['draft', 'review', 'approved', 'issued', 'signed', 'rejected'];
if (!in_array($new_status, $allowed_statuses)) {
echo json_encode(['success' => false, 'message' => 'Invalid status']);
exit;
}
// Permission Check (simplified for now, can be expanded)
// Agents/Users can move to review, Admins/Managers can approve/issue
$can_approve = hasApprovalRights($user_role, 'documents');
if (($new_status == 'approved' || $new_status == 'issued') && !$can_approve) {
echo json_encode(['success' => false, 'message' => 'Permission denied']);
exit;
}
try {
// Start Transaction
$pdo->beginTransaction();
$step = "Update Document";
// Update Document
$stmt = $pdo->prepare("UPDATE documents SET status = ?, updated_at = NOW() WHERE id = ?");
$stmt->execute([$new_status, $doc_id]);
// Log if Approved/Rejected
if (in_array($new_status, ['approved', 'rejected'])) {
$step = "Insert Approval";
// Check if user has already approved/rejected to avoid duplicates? No, multiple approvals possible.
// Ensure we match schema: id, document_id, approver_id, status, comments, approval_date
$stmt = $pdo->prepare("INSERT INTO document_approvals (document_id, approver_id, status, approval_date) VALUES (?, ?, ?, NOW())");
$stmt->execute([$doc_id, $user_id, $new_status]);
}
$step = "Log Activity";
// Log Activity Manually to ensure schema match
$action = "Document Workflow";
$details = "Moved document #$doc_id to $new_status (Drag & Drop)";
$ip = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1';
// Check if audit_logs has 'action' or 'type' (just in case, though schema says 'action')
// We stick to 'action' as verified by debug_schema_check.php
$stmt = $pdo->prepare("INSERT INTO audit_logs (user_id, action, details, ip_address) VALUES (?, ?, ?, ?)");
$stmt->execute([$user_id, $action, $details, $ip]);
$pdo->commit();
echo json_encode(['success' => true]);
} catch (Exception $e) {
$pdo->rollBack();
echo json_encode(['success' => false, 'message' => "Failed at $step: " . $e->getMessage()]);
}