mirror of
https://github.com/myronblair/parkerslingshot
synced 2026-06-30 17:50:22 -05:00
Initial commit — Parker County Slingshot Rentals booking site
Full booking system with Square card-on-file, 10-step booking flow, pre-departure checklist, and Mailjet email integration. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
/**
|
||||
* Secure document viewer - admin only
|
||||
* Serves uploaded license/insurance files securely
|
||||
*/
|
||||
require_once __DIR__ . '/../config.php';
|
||||
requireAdmin();
|
||||
|
||||
$type = $_GET['type'] ?? '';
|
||||
$file = basename($_GET['file'] ?? '');
|
||||
$booking = (int)($_GET['booking'] ?? 0);
|
||||
|
||||
if (!$file || !$type || !$booking) {
|
||||
die('Invalid request.');
|
||||
}
|
||||
|
||||
// Verify booking exists
|
||||
$b = db()->prepare("SELECT id FROM pcs_bookings WHERE id=?");
|
||||
$b->execute([$booking]);
|
||||
if (!$b->fetch()) die('Booking not found.');
|
||||
|
||||
if ($type === 'license') {
|
||||
$path = LICENSE_DIR . $file;
|
||||
} elseif ($type === 'insurance') {
|
||||
$path = INSURANCE_DIR . $file;
|
||||
} else {
|
||||
die('Invalid document type.');
|
||||
}
|
||||
|
||||
if (!file_exists($path)) die('File not found.');
|
||||
|
||||
// Serve the file
|
||||
$mime = mime_content_type($path);
|
||||
header('Content-Type: ' . $mime);
|
||||
header('Content-Disposition: inline; filename="' . $file . '"');
|
||||
header('Content-Length: ' . filesize($path));
|
||||
header('Cache-Control: no-store, no-cache');
|
||||
readfile($path);
|
||||
exit;
|
||||
Reference in New Issue
Block a user