<?php
if (!$user->isAuth()) {
redirect('/');
exit;
}
if(isset($_POST['submit'])){
$amount = abs($_POST['amount']);
$method = htmlspecialchars(trim($_POST['method']));
$array = ['qiwi','card','yandex','payeer','mobile','advcash'];
if(!in_array($method,$array)){
Notif :: error('Не выбран способ оплаты','/payments');
exit;
}
if($amount < 1 or $amount > 10000){
Notif :: error('Сумма оплаты не может быть меньше 1 руб. и больше 10000 руб.','/payments');
exit;
}
$sql = $db->prepare('INSERT INTO `payments` (`method`,`money`,`user`) VALUES (?,?,?)');
$sql -> execute([$method,$amount,$user->get()->user_id]);
$id = $db->lastInsertId();
redirect('/payments?id='.$id);
exit;
}
$payments = false;
if(isset($_GET['id'])){
$payments = $db->prepare('SELECT * FROM `payments` WHERE `id` = ?');
$payments -> execute([intval($_GET['id'])]);
$payments = $payments -> fetch(PDO :: FETCH_OBJ);
}
echo $template->render('user.payments', ['payments' => $payments]);