‰PNG  IHDRôxÔúsBIT|dˆ pHYsÄÄ•+tEXtSoftwarewww.inkscape.org›î<,àtEXtComment 'error', 'message' => 'Your session has expired. Please log in again.']); exit(); } // 2. CSRF Token Validation (Security against forged requests) if (!isset($_POST['csrf_token']) || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) { echo json_encode(['status' => 'error', 'message' => 'Security token invalid. Please refresh the page and try again.']); exit(); } // 3. Fetch User ID $user = GetMember1($_SESSION['Email']); if (!$user) { echo json_encode(['status' => 'error', 'message' => 'User account not found.']); exit(); } $userId = $user['ID']; // 4. Sanitize and Validate POST Data $amount = isset($_POST['amount']) ? floatval($_POST['amount']) : 0; $method = isset($_POST['method']) ? trim($_POST['method']) : ''; // e.g., 'BTC', 'ETH' $type = 'DEPOSIT'; $status = 'PENDING'; // All new deposits are pending until admin approves if ($amount < 10) { echo json_encode(['status' => 'error', 'message' => 'The minimum deposit amount is 10.']); exit(); } if (empty($method)) { echo json_encode(['status' => 'error', 'message' => 'Please select a valid crypto network.']); exit(); } try { // 5. Insert into the transactions table $stmt = $conn->prepare("INSERT INTO transactions (user_id, type, amount, method, status) VALUES (?, ?, ?, ?, ?)"); if ($stmt) { $stmt->bind_param("isdss", $userId, $type, $amount, $method, $status); if ($stmt->execute()) { echo json_encode([ 'status' => 'success', 'message' => 'Deposit request submitted successfully! It is now pending admin approval.' ]); } else { echo json_encode(['status' => 'error', 'message' => 'Failed to save deposit to the database.']); } $stmt->close(); } else { echo json_encode(['status' => 'error', 'message' => 'Database error preparing statement.']); } } catch (Exception $e) { echo json_encode(['status' => 'error', 'message' => 'System error: Could not process deposit.']); } ?>