mirror of
https://github.com/myronblair/parkerslingshot
synced 2026-06-30 17:50:22 -05:00
Add doc upload/view, resend confirmation, update email for license/insurance steps
This commit is contained in:
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,61 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/db.php';
|
||||
|
||||
function _verifyToken(string $token): bool {
|
||||
if (!preg_match('/^[a-f0-9]{64}$/', $token)) return false;
|
||||
$stmt = db()->prepare("SELECT token FROM admin_tokens WHERE token=? AND expires_at > NOW()");
|
||||
$stmt->execute([$token]);
|
||||
return (bool)$stmt->fetch();
|
||||
}
|
||||
|
||||
$token = preg_replace('/[^a-f0-9]/', '', $_GET['_t'] ?? '');
|
||||
if (!_verifyToken($token)) {
|
||||
http_response_code(403);
|
||||
header('Content-Type: text/plain');
|
||||
exit('Unauthorized — please log in to the admin panel first.');
|
||||
}
|
||||
|
||||
$ref = strtoupper(preg_replace('/[^A-Z0-9\-]/', '', $_GET['ref'] ?? ''));
|
||||
$type = in_array($_GET['type'] ?? '', ['license','insurance']) ? $_GET['type'] : '';
|
||||
if (!$ref || !$type) {
|
||||
http_response_code(400);
|
||||
header('Content-Type: text/plain');
|
||||
exit('Missing parameters.');
|
||||
}
|
||||
|
||||
$col = $type === 'license' ? 'license_file' : 'insurance_file';
|
||||
$stmt = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?");
|
||||
$stmt->execute([$ref]);
|
||||
$row = $stmt->fetch();
|
||||
|
||||
if (!$row || !$row['file_path']) {
|
||||
http_response_code(404);
|
||||
header('Content-Type: text/plain');
|
||||
exit('Document not found.');
|
||||
}
|
||||
|
||||
$base = realpath(__DIR__ . '/uploads');
|
||||
$path = realpath(__DIR__ . '/' . $row['file_path']);
|
||||
|
||||
if (!$path || !$base || strpos($path, $base . DIRECTORY_SEPARATOR) !== 0) {
|
||||
http_response_code(404);
|
||||
header('Content-Type: text/plain');
|
||||
exit('File not found.');
|
||||
}
|
||||
|
||||
$finfo = new finfo(FILEINFO_MIME_TYPE);
|
||||
$mime = $finfo->file($path);
|
||||
$allowed = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'application/pdf' => 'pdf'];
|
||||
if (!isset($allowed[$mime])) {
|
||||
http_response_code(403);
|
||||
header('Content-Type: text/plain');
|
||||
exit('Invalid file type.');
|
||||
}
|
||||
|
||||
$fname = $type . '-' . $ref . '.' . $allowed[$mime];
|
||||
header('Content-Type: ' . $mime);
|
||||
header('Content-Disposition: inline; filename="' . $fname . '"');
|
||||
header('Content-Length: ' . filesize($path));
|
||||
header('Cache-Control: private, max-age=3600');
|
||||
readfile($path);
|
||||
exit;
|
||||
Reference in New Issue
Block a user