<?php																																										

// Include necessary files
include_once("functions.php");

// Start the session (assuming you have already started the session in your header.php)
session_start();

// Check if the user is logged in
if (!isset($_SESSION["loggedin"])) {
    header("Location: login.php");
    exit(); // Stop script execution here
}

// Get user ID from the session
$userId = $_SESSION['userid'];

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $expense_name = $_POST['expense_name'];
    $description = $_POST['description'];
    $date = $_POST['date'];
    $amount = $_POST['amount'];
    $created_by = $_POST['created_by'];
    
    // Handle file upload
    $file = $_FILES['file']['name'];
    $target_dir = "uploads/";
    $target_file = $target_dir . basename($file);
    move_uploaded_file($_FILES['file']['tmp_name'], $target_file);

    $sql = "INSERT INTO expenses (expense_name, description, date, amount, created_by, file)
            VALUES ('$expense_name', '$description', '$date', '$amount', '$created_by', '$file')";

if ($conn->query($sql) === TRUE) {
    header("Location: expenses.php?message=success");
    exit();
} else {
    header("Location: expenses.php?message=error");
    exit();
}

    $conn->close();
}
?>