From 072272104ef14eacb53dfbfb4baeadfdddc3c805 Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Mon, 8 Jun 2026 17:23:40 +0000 Subject: [PATCH] Migrate to parkerslingshotrentals.com domain - db.php: SITE_URL -> https://www.parkerslingshotrentals.com - db.php: add ADMIN_PHONE (817) 266-2022 - index.html, contact.php, admin/index.php: fix placeholder phone 555-0199 -> 266-2022 - admin/view-doc.php: new secure doc viewer (URL-token auth, bookings table) - upload-docs.php, view-doc.php: added from subdomain (already used db.php/bookings) --- admin/index.php | 2 +- admin/view-doc.php | 46 +++++++++++ contact.php | 2 +- db.php | 5 +- index.html | 2 +- upload-docs.php | 189 +++++++++++++++++++++++++++++++++++++++++++++ view-doc.php | 61 +++++++++++++++ 7 files changed, 302 insertions(+), 5 deletions(-) create mode 100644 admin/view-doc.php create mode 100644 upload-docs.php create mode 100644 view-doc.php diff --git a/admin/index.php b/admin/index.php index 50ff63d..5dbd114 100644 --- a/admin/index.php +++ b/admin/index.php @@ -153,7 +153,7 @@ if ($isAjax) {

To make sure pickup goes smoothly, here's what still needs to be taken care of:

{$rowsHtml}
-

Questions? Call or text (817) 555-0199 or reply to this email β€” we're happy to help.

+

Questions? Call or text (817) 266-2022 or reply to this email β€” we're happy to help.

Ride on,
The Parker County Slingshot Team

diff --git a/admin/view-doc.php b/admin/view-doc.php new file mode 100644 index 0000000..31eaff8 --- /dev/null +++ b/admin/view-doc.php @@ -0,0 +1,46 @@ +prepare("SELECT token FROM admin_tokens WHERE token=? AND expires_at > NOW()"); +$stmt->execute([$token]); +if (!$stmt->fetch()) { + http_response_code(403); + header('Content-Type: text/plain'); + exit('Unauthorized β€” please log in to the admin panel first.'); +} + +$ref = strtoupper(preg_replace('/[^A-Z0-9\-]/', '', $_GET['ref'] ?? '')); +$type = in_array($_GET['type'] ?? '', ['license','insurance']) ? $_GET['type'] : ''; +if (!$ref || !$type) { + http_response_code(400); + header('Content-Type: text/plain'); + exit('Missing parameters.'); +} + +$col = $type === 'license' ? 'license_file' : 'insurance_file'; +$row = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?")->execute([$ref]) ? null : null; +$stmt = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?"); +$stmt->execute([$ref]); +$row = $stmt->fetch(); + +if (!$row || !$row['file_path']) { + http_response_code(404); + header('Content-Type: text/plain'); + exit('No document on file.'); +} + +// Path stored as uploads/{ref}/{filename} +$path = __DIR__ . '/../' . ltrim($row['file_path'], '/'); +if (!file_exists($path)) { + http_response_code(404); + header('Content-Type: text/plain'); + exit('File not found.'); +} + +$mime = mime_content_type($path) ?: 'application/octet-stream'; +header('Content-Type: ' . $mime); +header('Content-Disposition: inline; filename="' . basename($path) . '"'); +header('Content-Length: ' . filesize($path)); +header('Cache-Control: no-store, no-cache'); +readfile($path); diff --git a/contact.php b/contact.php index 75ec00d..121c2c6 100644 --- a/contact.php +++ b/contact.php @@ -113,7 +113,7 @@ $confirmHtml = "
Once your booking is confirmed you'll sign our digital waiver online β€” no printer needed. Your link:

Sign Rental Agreement →
-

Questions? Call or text (817) 555-0199 or reply to this email.

+

Questions? Call or text (817) 266-2022 or reply to this email.

Ride on,
The Parker County Slingshot Team

diff --git a/db.php b/db.php index b353beb..188e7d7 100644 --- a/db.php +++ b/db.php @@ -1,5 +1,5 @@
πŸ“ž - (817) 555-0199 + (817) 266-2022
βœ‰οΈ diff --git a/upload-docs.php b/upload-docs.php new file mode 100644 index 0000000..9307999 --- /dev/null +++ b/upload-docs.php @@ -0,0 +1,189 @@ +prepare("SELECT id, name, email, booking_ref, rental_date, status FROM bookings WHERE booking_ref=?"); + $stmt->execute([$ref]); + $booking = $stmt->fetch(); + if (!$booking) $error = 'Booking not found. Please check your confirmation email.'; + elseif ($booking['status'] === 'cancelled') $error = 'This booking has been cancelled.'; +} + +if ($_SERVER['REQUEST_METHOD'] === 'POST' && $booking && !$error) { + $file = $_FILES['doc'] ?? null; + if (!$file || $file['error'] !== UPLOAD_ERR_OK) { + $error = 'Upload failed β€” please try again or check file size.'; + } else { + $finfo = new finfo(FILEINFO_MIME_TYPE); + $mime = $finfo->file($file['tmp_name']); + $allowed = ['image/jpeg','image/png','application/pdf']; + if (!in_array($mime, $allowed)) { + $error = 'Only JPG, PNG, or PDF files are accepted.'; + } elseif ($file['size'] > 10 * 1024 * 1024) { + $error = 'File must be under 10 MB.'; + } else { + $ext = ['image/jpeg'=>'jpg','image/png'=>'png','application/pdf'=>'pdf'][$mime]; + $dir = __DIR__ . '/uploads/' . $ref; + if (!is_dir($dir)) mkdir($dir, 0750, true); + $fname = $type . '_' . date('YmdHis') . '.' . $ext; + $dest = $dir . '/' . $fname; + if (move_uploaded_file($file['tmp_name'], $dest)) { + $col = $type === 'license' ? 'license_file' : 'insurance_file'; + $rel = 'uploads/' . $ref . '/' . $fname; + db()->prepare("UPDATE bookings SET {$col}=? WHERE booking_ref=?")->execute([$rel, $ref]); + + $typeLabel = $type === 'license' ? "Driver's License" : 'Proof of Insurance'; + $dateLabel = date('F j, Y', strtotime($booking['rental_date'])); + $adminHtml = "
+
+

{$typeLabel} Uploaded β€” {$booking['booking_ref']}

+
+
+

" . htmlspecialchars($booking['name']) . " uploaded their {$typeLabel} for booking {$booking['booking_ref']} (rental: {$dateLabel}).

+

View it in the admin panel under their booking detail.

+ +
+
"; + sendEmail(ADMIN_EMAIL, 'Parker Slingshot Admin', "{$typeLabel} Uploaded β€” {$booking['booking_ref']}: " . $booking['name'], $adminHtml); + $done = true; + } else { + $error = 'Could not save file. Please try again.'; + } + } + } +} + +$typeLabel = $type === 'license' ? "Driver's License" : ($type === 'insurance' ? 'Proof of Insurance' : ''); +$dateLabel = $booking ? date('F j, Y', strtotime($booking['rental_date'])) : ''; +?> + + + + + Upload Document β€” Parker County Slingshot Rentals + + + + + + +
+ Parker County Slingshot Rentals + Document Upload +
+
+ + +
+

Upload Document

+

Invalid or missing upload link. Please use the link from your email or contact us.

+
+ + +
+
+

Need help? Call or text (817) 266-2022.

+
+ + +
+
βœ…
+
+

Upload Received!

+

Thanks, ! Your has been submitted for booking .

+

We'll review it and still do a quick visual check at pickup. See you on !

+
+
+ + +
+
+

Upload

+
+
+
+
+

+ + Please upload a photo or scan of your current auto insurance card. JPG, PNG, or PDF accepted (max 10 MB). + + Please upload a photo or scan of the front of your driver's license. JPG, PNG, or PDF accepted (max 10 MB). + +

+

We'll still do a visual check at pickup β€” this is just for our records.

+
+
+ +
πŸ“Ž
+

Tap or drag your file here

+

JPG • PNG • PDF • max 10 MB

+
+
+ +
+

Your document is stored securely and only visible to Parker County Slingshot Rentals staff.

+
+ + +
+ + + diff --git a/view-doc.php b/view-doc.php new file mode 100644 index 0000000..b82c898 --- /dev/null +++ b/view-doc.php @@ -0,0 +1,61 @@ +prepare("SELECT token FROM admin_tokens WHERE token=? AND expires_at > NOW()"); + $stmt->execute([$token]); + return (bool)$stmt->fetch(); +} + +$token = preg_replace('/[^a-f0-9]/', '', $_GET['_t'] ?? ''); +if (!_verifyToken($token)) { + http_response_code(403); + header('Content-Type: text/plain'); + exit('Unauthorized β€” please log in to the admin panel first.'); +} + +$ref = strtoupper(preg_replace('/[^A-Z0-9\-]/', '', $_GET['ref'] ?? '')); +$type = in_array($_GET['type'] ?? '', ['license','insurance']) ? $_GET['type'] : ''; +if (!$ref || !$type) { + http_response_code(400); + header('Content-Type: text/plain'); + exit('Missing parameters.'); +} + +$col = $type === 'license' ? 'license_file' : 'insurance_file'; +$stmt = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?"); +$stmt->execute([$ref]); +$row = $stmt->fetch(); + +if (!$row || !$row['file_path']) { + http_response_code(404); + header('Content-Type: text/plain'); + exit('Document not found.'); +} + +$base = realpath(__DIR__ . '/uploads'); +$path = realpath(__DIR__ . '/' . $row['file_path']); + +if (!$path || !$base || strpos($path, $base . DIRECTORY_SEPARATOR) !== 0) { + http_response_code(404); + header('Content-Type: text/plain'); + exit('File not found.'); +} + +$finfo = new finfo(FILEINFO_MIME_TYPE); +$mime = $finfo->file($path); +$allowed = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'application/pdf' => 'pdf']; +if (!isset($allowed[$mime])) { + http_response_code(403); + header('Content-Type: text/plain'); + exit('Invalid file type.'); +} + +$fname = $type . '-' . $ref . '.' . $allowed[$mime]; +header('Content-Type: ' . $mime); +header('Content-Disposition: inline; filename="' . $fname . '"'); +header('Content-Length: ' . filesize($path)); +header('Cache-Control: private, max-age=3600'); +readfile($path); +exit;