mirror of
https://github.com/myronblair/parkerslingshot
synced 2026-06-30 17:50:22 -05:00
3e18d71378
Full booking system with Square card-on-file, 10-step booking flow, pre-departure checklist, and Mailjet email integration. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
40 lines
998 B
PHP
40 lines
998 B
PHP
<?php
|
|
/**
|
|
* Secure document viewer - admin only
|
|
* Serves uploaded license/insurance files securely
|
|
*/
|
|
require_once __DIR__ . '/../config.php';
|
|
requireAdmin();
|
|
|
|
$type = $_GET['type'] ?? '';
|
|
$file = basename($_GET['file'] ?? '');
|
|
$booking = (int)($_GET['booking'] ?? 0);
|
|
|
|
if (!$file || !$type || !$booking) {
|
|
die('Invalid request.');
|
|
}
|
|
|
|
// Verify booking exists
|
|
$b = db()->prepare("SELECT id FROM pcs_bookings WHERE id=?");
|
|
$b->execute([$booking]);
|
|
if (!$b->fetch()) die('Booking not found.');
|
|
|
|
if ($type === 'license') {
|
|
$path = LICENSE_DIR . $file;
|
|
} elseif ($type === 'insurance') {
|
|
$path = INSURANCE_DIR . $file;
|
|
} else {
|
|
die('Invalid document type.');
|
|
}
|
|
|
|
if (!file_exists($path)) die('File not found.');
|
|
|
|
// Serve the file
|
|
$mime = mime_content_type($path);
|
|
header('Content-Type: ' . $mime);
|
|
header('Content-Disposition: inline; filename="' . $file . '"');
|
|
header('Content-Length: ' . filesize($path));
|
|
header('Cache-Control: no-store, no-cache');
|
|
readfile($path);
|
|
exit;
|