Migrate to parkerslingshotrentals.com domain

- db.php: SITE_URL -> https://www.parkerslingshotrentals.com
- db.php: add ADMIN_PHONE (817) 266-2022
- index.html, contact.php, admin/index.php: fix placeholder phone 555-0199 -> 266-2022
- admin/view-doc.php: new secure doc viewer (URL-token auth, bookings table)
- upload-docs.php, view-doc.php: added from subdomain (already used db.php/bookings)
This commit is contained in:
2026-06-08 17:23:40 +00:00
parent 5e639b439a
commit 072272104e
7 changed files with 302 additions and 5 deletions
+1 -1
View File
@@ -153,7 +153,7 @@ if ($isAjax) {
<p style='color:#374151;margin-bottom:20px'>To make sure pickup goes smoothly, here's what still needs to be taken care of:</p>
<table style='width:100%;border-collapse:collapse'>{$rowsHtml}</table>
<div style='margin-top:24px;padding:16px;background:#f9fafb;border-radius:8px'>
<p style='margin:0;font-size:13px;color:#6b7280'>Questions? Call or text <strong style='color:#111'>(817) 555-0199</strong> or reply to this email — we're happy to help.</p>
<p style='margin:0;font-size:13px;color:#6b7280'>Questions? Call or text <strong style='color:#111'>(817) 266-2022</strong> or reply to this email — we're happy to help.</p>
</div>
<p style='color:#374151;margin-top:24px'>Ride on,<br><strong>The Parker County Slingshot Team</strong></p>
</div>
+46
View File
@@ -0,0 +1,46 @@
<?php
require_once dirname(__DIR__) . '/db.php';
$token = preg_replace('/[^a-f0-9]/', '', $_GET['_t'] ?? '');
$stmt = db()->prepare("SELECT token FROM admin_tokens WHERE token=? AND expires_at > NOW()");
$stmt->execute([$token]);
if (!$stmt->fetch()) {
http_response_code(403);
header('Content-Type: text/plain');
exit('Unauthorized — please log in to the admin panel first.');
}
$ref = strtoupper(preg_replace('/[^A-Z0-9\-]/', '', $_GET['ref'] ?? ''));
$type = in_array($_GET['type'] ?? '', ['license','insurance']) ? $_GET['type'] : '';
if (!$ref || !$type) {
http_response_code(400);
header('Content-Type: text/plain');
exit('Missing parameters.');
}
$col = $type === 'license' ? 'license_file' : 'insurance_file';
$row = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?")->execute([$ref]) ? null : null;
$stmt = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?");
$stmt->execute([$ref]);
$row = $stmt->fetch();
if (!$row || !$row['file_path']) {
http_response_code(404);
header('Content-Type: text/plain');
exit('No document on file.');
}
// Path stored as uploads/{ref}/{filename}
$path = __DIR__ . '/../' . ltrim($row['file_path'], '/');
if (!file_exists($path)) {
http_response_code(404);
header('Content-Type: text/plain');
exit('File not found.');
}
$mime = mime_content_type($path) ?: 'application/octet-stream';
header('Content-Type: ' . $mime);
header('Content-Disposition: inline; filename="' . basename($path) . '"');
header('Content-Length: ' . filesize($path));
header('Cache-Control: no-store, no-cache');
readfile($path);