mirror of
https://github.com/myronblair/parkerslingshotrentals
synced 2026-06-30 17:50:31 -05:00
Migrate to parkerslingshotrentals.com domain
- db.php: SITE_URL -> https://www.parkerslingshotrentals.com - db.php: add ADMIN_PHONE (817) 266-2022 - index.html, contact.php, admin/index.php: fix placeholder phone 555-0199 -> 266-2022 - admin/view-doc.php: new secure doc viewer (URL-token auth, bookings table) - upload-docs.php, view-doc.php: added from subdomain (already used db.php/bookings)
This commit is contained in:
+1
-1
@@ -153,7 +153,7 @@ if ($isAjax) {
|
||||
<p style='color:#374151;margin-bottom:20px'>To make sure pickup goes smoothly, here's what still needs to be taken care of:</p>
|
||||
<table style='width:100%;border-collapse:collapse'>{$rowsHtml}</table>
|
||||
<div style='margin-top:24px;padding:16px;background:#f9fafb;border-radius:8px'>
|
||||
<p style='margin:0;font-size:13px;color:#6b7280'>Questions? Call or text <strong style='color:#111'>(817) 555-0199</strong> or reply to this email — we're happy to help.</p>
|
||||
<p style='margin:0;font-size:13px;color:#6b7280'>Questions? Call or text <strong style='color:#111'>(817) 266-2022</strong> or reply to this email — we're happy to help.</p>
|
||||
</div>
|
||||
<p style='color:#374151;margin-top:24px'>Ride on,<br><strong>The Parker County Slingshot Team</strong></p>
|
||||
</div>
|
||||
|
||||
@@ -0,0 +1,46 @@
|
||||
<?php
|
||||
require_once dirname(__DIR__) . '/db.php';
|
||||
|
||||
$token = preg_replace('/[^a-f0-9]/', '', $_GET['_t'] ?? '');
|
||||
$stmt = db()->prepare("SELECT token FROM admin_tokens WHERE token=? AND expires_at > NOW()");
|
||||
$stmt->execute([$token]);
|
||||
if (!$stmt->fetch()) {
|
||||
http_response_code(403);
|
||||
header('Content-Type: text/plain');
|
||||
exit('Unauthorized — please log in to the admin panel first.');
|
||||
}
|
||||
|
||||
$ref = strtoupper(preg_replace('/[^A-Z0-9\-]/', '', $_GET['ref'] ?? ''));
|
||||
$type = in_array($_GET['type'] ?? '', ['license','insurance']) ? $_GET['type'] : '';
|
||||
if (!$ref || !$type) {
|
||||
http_response_code(400);
|
||||
header('Content-Type: text/plain');
|
||||
exit('Missing parameters.');
|
||||
}
|
||||
|
||||
$col = $type === 'license' ? 'license_file' : 'insurance_file';
|
||||
$row = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?")->execute([$ref]) ? null : null;
|
||||
$stmt = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?");
|
||||
$stmt->execute([$ref]);
|
||||
$row = $stmt->fetch();
|
||||
|
||||
if (!$row || !$row['file_path']) {
|
||||
http_response_code(404);
|
||||
header('Content-Type: text/plain');
|
||||
exit('No document on file.');
|
||||
}
|
||||
|
||||
// Path stored as uploads/{ref}/{filename}
|
||||
$path = __DIR__ . '/../' . ltrim($row['file_path'], '/');
|
||||
if (!file_exists($path)) {
|
||||
http_response_code(404);
|
||||
header('Content-Type: text/plain');
|
||||
exit('File not found.');
|
||||
}
|
||||
|
||||
$mime = mime_content_type($path) ?: 'application/octet-stream';
|
||||
header('Content-Type: ' . $mime);
|
||||
header('Content-Disposition: inline; filename="' . basename($path) . '"');
|
||||
header('Content-Length: ' . filesize($path));
|
||||
header('Cache-Control: no-store, no-cache');
|
||||
readfile($path);
|
||||
Reference in New Issue
Block a user