Migrate to parkerslingshotrentals.com domain

- db.php: SITE_URL -> https://www.parkerslingshotrentals.com - db.php: add ADMIN_PHONE (817) 266-2022 - index.html, contact.php, admin/index.php: fix placeholder phone 555-0199 -> 266-2022 - admin/view-doc.php: new secure doc viewer (URL-token auth, bookings table) - upload-docs.php, view-doc.php: added from subdomain (already used db.php/bookings)
2026-06-30 17:50:31 -05:00 · 2026-06-08 17:23:40 +00:00
parent 5e639b439a
commit 072272104e
7 changed files with 302 additions and 5 deletions
@@ -153,7 +153,7 @@ if ($isAjax) {
    <p style='color:#374151;margin-bottom:20px'>To make sure pickup goes smoothly, here's what still needs to be taken care of:</p>
    <table style='width:100%;border-collapse:collapse'>{$rowsHtml}</table>
    <div style='margin-top:24px;padding:16px;background:#f9fafb;border-radius:8px'>
-      <p style='margin:0;font-size:13px;color:#6b7280'>Questions? Call or text <strong style='color:#111'>(817) 555-0199</strong> or reply to this email — we're happy to help.</p>
+      <p style='margin:0;font-size:13px;color:#6b7280'>Questions? Call or text <strong style='color:#111'>(817) 266-2022</strong> or reply to this email — we're happy to help.</p>
    </div>
    <p style='color:#374151;margin-top:24px'>Ride on,<br><strong>The Parker County Slingshot Team</strong></p>
  </div>
@@ -0,0 +1,46 @@
 <?php
 require_once dirname(__DIR__) . '/db.php';
 $token = preg_replace('/[^a-f0-9]/', '', $_GET['_t'] ?? '');
 $stmt  = db()->prepare("SELECT token FROM admin_tokens WHERE token=? AND expires_at > NOW()");
 $stmt->execute([$token]);
 if (!$stmt->fetch()) {
    http_response_code(403);
    header('Content-Type: text/plain');
    exit('Unauthorized — please log in to the admin panel first.');
 }
 $ref  = strtoupper(preg_replace('/[^A-Z0-9\-]/', '', $_GET['ref'] ?? ''));
 $type = in_array($_GET['type'] ?? '', ['license','insurance']) ? $_GET['type'] : '';
 if (!$ref || !$type) {
    http_response_code(400);
    header('Content-Type: text/plain');
    exit('Missing parameters.');
 }
 $col  = $type === 'license' ? 'license_file' : 'insurance_file';
 $row  = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?")->execute([$ref]) ? null : null;
 $stmt = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?");
 $stmt->execute([$ref]);
 $row  = $stmt->fetch();
 if (!$row || !$row['file_path']) {
    http_response_code(404);
    header('Content-Type: text/plain');
    exit('No document on file.');
 }
 // Path stored as uploads/{ref}/{filename}
 $path = __DIR__ . '/../' . ltrim($row['file_path'], '/');
 if (!file_exists($path)) {
    http_response_code(404);
    header('Content-Type: text/plain');
    exit('File not found.');
 }
 $mime = mime_content_type($path) ?: 'application/octet-stream';
 header('Content-Type: ' . $mime);
 header('Content-Disposition: inline; filename="' . basename($path) . '"');
 header('Content-Length: ' . filesize($path));
 header('Cache-Control: no-store, no-cache');
 readfile($path);
@@ -113,7 +113,7 @@ $confirmHtml = "<div style='max-width:600px;margin:0 auto;font-family:Arial,sans
      <p style='margin:0 0 14px;font-size:13px;color:#6b7280'>Once your booking is confirmed you'll sign our digital waiver online — no printer needed. Your link:</p>
      <a href='' . SITE_URL . '/waiver.php?ref={$ref}' style='display:inline-block;background:#f97316;color:#fff;text-decoration:none;padding:10px 24px;border-radius:6px;font-weight:700;font-size:14px'>Sign Rental Agreement &rarr;</a>
    </div>
-    <p style='color:#374151'>Questions? Call or text <strong>(817) 555-0199</strong> or reply to this email.</p>
+    <p style='color:#374151'>Questions? Call or text <strong>(817) 266-2022</strong> or reply to this email.</p>
    <p style='color:#374151'>Ride on,<br><strong>The Parker County Slingshot Team</strong></p>
  </div>
  <div style='background:#f3f4f6;padding:16px;text-align:center'>
@@ -1,5 +1,5 @@
 <?php
-define('SITE_URL',       'https://parkerslingshot.epictravelexpeditions.com');
+define('SITE_URL',       'https://www.parkerslingshotrentals.com');
 define('PARKER_DB_HOST', 'localhost');
 define('PARKER_DB_NAME', 'epic_parkersling');
@@ -7,10 +7,11 @@ define('PARKER_DB_USER', 'epic_parkersling');
 define('PARKER_DB_PASS', 'Joker1974!!!');
 define('ADMIN_USER', 'admin');
 define('ADMIN_PHONE',       '(817) 266-2022');
 define('ADMIN_PASS', '$2y$10$ynnk3RfarOD7VIJizC30kuXqu6tQ3gotNrlp5y33afh5fPOgnAMU6'); // Parker2026!
 define('ADMIN_SESSION_KEY', 'parker_admin_auth');
-define('CYBERMAIL_API_KEY', 'sk_live_d52bf062797105aeaafac9954c21ff988e9b41b77315807d');
+define('CYBERMAIL_API_KEY', 'sk_live_7f9b0f9a29f6de31a0d229d4af75d56b094ad724fc58a57d');
 define('MAIL_FROM',       'noreply@orbishosting.com');
 define('MAIL_FROM_NAME',  'Parker County Slingshot Rentals');
 define('ADMIN_EMAIL',     'info@parkerslingshotrentals.com');
@@ -768,7 +768,7 @@
          </div>
          <div class="contact-detail">
            <span>📞</span>
-            <a href="tel:+18175550199" style="color:inherit;text-decoration:none;">(817) 555-0199</a>
+            <a href="tel:+18172662022" style="color:inherit;text-decoration:none;">(817) 266-2022</a>
          </div>
          <div class="contact-detail">
            <span>✉️</span>
@@ -0,0 +1,189 @@
 <?php
 require_once __DIR__ . '/db.php';
 header('X-Frame-Options: SAMEORIGIN');
 header('X-Content-Type-Options: nosniff');
 $ref   = strtoupper(trim($_GET['ref'] ?? ''));
 $type  = in_array($_GET['type'] ?? '', ['license','insurance']) ? $_GET['type'] : '';
 $error = '';
 $done  = false;
 $booking = null;
 if ($ref && $type) {
    $stmt = db()->prepare("SELECT id, name, email, booking_ref, rental_date, status FROM bookings WHERE booking_ref=?");
    $stmt->execute([$ref]);
    $booking = $stmt->fetch();
    if (!$booking)                         $error = 'Booking not found. Please check your confirmation email.';
    elseif ($booking['status'] === 'cancelled') $error = 'This booking has been cancelled.';
 }
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && $booking && !$error) {
    $file = $_FILES['doc'] ?? null;
    if (!$file || $file['error'] !== UPLOAD_ERR_OK) {
        $error = 'Upload failed — please try again or check file size.';
    } else {
        $finfo   = new finfo(FILEINFO_MIME_TYPE);
        $mime    = $finfo->file($file['tmp_name']);
        $allowed = ['image/jpeg','image/png','application/pdf'];
        if (!in_array($mime, $allowed)) {
            $error = 'Only JPG, PNG, or PDF files are accepted.';
        } elseif ($file['size'] > 10 * 1024 * 1024) {
            $error = 'File must be under 10 MB.';
        } else {
            $ext  = ['image/jpeg'=>'jpg','image/png'=>'png','application/pdf'=>'pdf'][$mime];
            $dir  = __DIR__ . '/uploads/' . $ref;
            if (!is_dir($dir)) mkdir($dir, 0750, true);
            $fname = $type . '_' . date('YmdHis') . '.' . $ext;
            $dest  = $dir . '/' . $fname;
            if (move_uploaded_file($file['tmp_name'], $dest)) {
                $col = $type === 'license' ? 'license_file' : 'insurance_file';
                $rel = 'uploads/' . $ref . '/' . $fname;
                db()->prepare("UPDATE bookings SET {$col}=? WHERE booking_ref=?")->execute([$rel, $ref]);
                $typeLabel = $type === 'license' ? "Driver's License" : 'Proof of Insurance';
                $dateLabel = date('F j, Y', strtotime($booking['rental_date']));
                $adminHtml = "<div style='font-family:Arial,sans-serif;max-width:560px;margin:0 auto'>
  <div style='background:#f97316;padding:18px;text-align:center'>
    <h1 style='color:#fff;margin:0;font-size:18px'>{$typeLabel} Uploaded — {$booking['booking_ref']}</h1>
  </div>
  <div style='padding:24px;background:#fff;border:1px solid #e5e7eb'>
    <p><strong>" . htmlspecialchars($booking['name']) . "</strong> uploaded their <strong>{$typeLabel}</strong> for booking <strong>{$booking['booking_ref']}</strong> (rental: {$dateLabel}).</p>
    <p style='margin-top:12px;font-size:13px;color:#6b7280'>View it in the admin panel under their booking detail.</p>
    <div style='margin-top:16px'><a href='" . SITE_URL . "/admin/' style='display:inline-block;background:#f97316;color:#fff;text-decoration:none;padding:10px 22px;border-radius:6px;font-weight:700;font-size:13px'>Open Admin Panel &rarr;</a></div>
  </div>
 </div>";
                sendEmail(ADMIN_EMAIL, 'Parker Slingshot Admin', "{$typeLabel} Uploaded — {$booking['booking_ref']}: " . $booking['name'], $adminHtml);
                $done = true;
            } else {
                $error = 'Could not save file. Please try again.';
            }
        }
    }
 }
 $typeLabel = $type === 'license' ? "Driver's License" : ($type === 'insurance' ? 'Proof of Insurance' : '');
 $dateLabel = $booking ? date('F j, Y', strtotime($booking['rental_date'])) : '';
 ?><!DOCTYPE html>
 <html lang="en">
 <head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>Upload Document — Parker County Slingshot Rentals</title>
  <meta name="robots" content="noindex,nofollow" />
  <link rel="preconnect" href="https://fonts.googleapis.com" />
  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=Barlow+Condensed:wght@700;800&display=swap" rel="stylesheet" />
  <style>
    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
    :root { --orange: #f97316; --black: #0d0d0d; }
    body { font-family: 'Inter', sans-serif; background: #f3f4f6; color: #111; }
    header { background: var(--black); padding: 1.25rem 2rem; display: flex; align-items: center; justify-content: space-between; }
    header a { font-family: 'Barlow Condensed', sans-serif; font-size: 1.3rem; font-weight: 800; color: var(--orange); text-decoration: none; }
    header span { font-size: 0.85rem; color: rgba(255,255,255,0.4); }
    .wrap { max-width: 560px; margin: 2.5rem auto; padding: 0 1rem 4rem; }
    .card { background: #fff; border-radius: 12px; box-shadow: 0 2px 12px rgba(0,0,0,0.08); padding: 2rem 2.5rem; }
    @media (max-width: 560px) { .card { padding: 1.5rem; } }
    h1 { font-family: 'Barlow Condensed', sans-serif; font-size: 1.9rem; font-weight: 800; margin-bottom: 0.25rem; }
    .booking-badge { display: inline-block; background: #fff7ed; border: 1px solid #fed7aa; border-radius: 8px; padding: 0.6rem 1rem; margin: 1rem 0 1.5rem; }
    .booking-badge .ref { font-size: 1.1rem; font-weight: 700; color: var(--orange); }
    .booking-badge .meta { font-size: 0.82rem; color: #6b7280; margin-top: 2px; }
    .upload-area { border: 2px dashed #d1d5db; border-radius: 10px; padding: 2rem; text-align: center; cursor: pointer; transition: border-color .2s, background .2s; background: #fafafa; position: relative; margin: 1rem 0; }
    .upload-area:hover, .upload-area.drag { border-color: var(--orange); background: #fff7ed; }
    .upload-area input[type=file] { position: absolute; inset: 0; opacity: 0; cursor: pointer; width: 100%; height: 100%; }
    .upload-icon { font-size: 2.5rem; margin-bottom: 0.5rem; }
    .upload-area p { font-size: 0.9rem; color: #6b7280; margin: 0; }
    .upload-area .file-name { font-size: 0.88rem; color: var(--orange); font-weight: 600; margin-top: 0.5rem; display: none; }
    .btn { display: block; width: 100%; background: var(--orange); color: #fff; border: none; border-radius: 8px; padding: 0.9rem; font-size: 1rem; font-weight: 700; cursor: pointer; transition: background .2s; margin-top: 1rem; }
    .btn:hover { background: #ea580c; }
    .btn:disabled { background: #d1d5db; cursor: not-allowed; }
    .alert { padding: 0.85rem 1rem; border-radius: 8px; font-size: 0.9rem; margin-bottom: 1.25rem; }
    .alert-error { background: rgba(239,68,68,.08); border: 1px solid rgba(239,68,68,.25); color: #dc2626; }
    .success-icon { font-size: 3rem; text-align: center; margin-bottom: 1rem; }
    .success-box { text-align: center; padding: .5rem 0; }
    .success-box h1 { color: #16a34a; margin-bottom: 0.5rem; }
    .success-box p { color: #374151; font-size: 0.95rem; max-width: 400px; margin: 0 auto .75rem; }
    .hint { font-size: 0.8rem; color: #9ca3af; margin-top: 0.5rem; text-align: center; }
  </style>
 </head>
 <body>
 <header>
  <a href="/">Parker County Slingshot Rentals</a>
  <span>Document Upload</span>
 </header>
 <div class="wrap">
 <?php if (!$ref || !$type || (!$booking && !$error)): ?>
  <div class="card">
    <h1>Upload Document</h1>
    <p style="color:#6b7280;margin-top:.5rem">Invalid or missing upload link. Please use the link from your email or contact us.</p>
  </div>
 <?php elseif ($error && !$booking): ?>
  <div class="card">
    <div class="alert alert-error"><?= htmlspecialchars($error) ?></div>
    <p style="color:#6b7280;font-size:.9rem">Need help? Call or text <strong>(817) 266-2022</strong>.</p>
  </div>
 <?php elseif ($done): ?>
  <div class="card">
    <div class="success-icon">✅</div>
    <div class="success-box">
      <h1>Upload Received!</h1>
      <p>Thanks, <?= htmlspecialchars($booking['name']) ?>! Your <strong><?= htmlspecialchars($typeLabel) ?></strong> has been submitted for booking <strong><?= htmlspecialchars($booking['booking_ref']) ?></strong>.</p>
      <p style="color:#6b7280;font-size:.85rem">We'll review it and still do a quick visual check at pickup. See you on <?= htmlspecialchars($dateLabel) ?>!</p>
    </div>
  </div>
 <?php else: ?>
  <?php if ($error): ?><div class="alert alert-error"><?= htmlspecialchars($error) ?></div><?php endif; ?>
  <div class="card">
    <h1>Upload <?= htmlspecialchars($typeLabel) ?></h1>
    <div class="booking-badge">
      <div class="ref"><?= htmlspecialchars($booking['booking_ref']) ?></div>
      <div class="meta"><?= htmlspecialchars($booking['name']) ?> &mdash; <?= htmlspecialchars($dateLabel) ?></div>
    </div>
    <p style="color:#374151;font-size:.9rem;margin-bottom:.25rem">
      <?php if ($type === 'insurance'): ?>
        Please upload a photo or scan of your current auto insurance card. JPG, PNG, or PDF accepted (max 10 MB).
      <?php else: ?>
        Please upload a photo or scan of the front of your driver's license. JPG, PNG, or PDF accepted (max 10 MB).
      <?php endif; ?>
    </p>
    <p style="color:#9ca3af;font-size:.8rem;margin-bottom:1rem">We'll still do a visual check at pickup — this is just for our records.</p>
    <form method="post" enctype="multipart/form-data" id="uploadForm">
      <div class="upload-area" id="dropZone">
        <input type="file" name="doc" id="docInput" accept=".jpg,.jpeg,.png,.pdf" required />
        <div class="upload-icon">📎</div>
        <p>Tap or drag your file here</p>
        <p style="font-size:.78rem;margin-top:4px">JPG &bull; PNG &bull; PDF &bull; max 10 MB</p>
        <div class="file-name" id="fileName"></div>
      </div>
      <button type="submit" class="btn" id="submitBtn">Upload <?= htmlspecialchars($typeLabel) ?></button>
    </form>
    <p class="hint">Your document is stored securely and only visible to Parker County Slingshot Rentals staff.</p>
  </div>
 <?php endif; ?>
 </div>
 <script>
 (function(){
  const input  = document.getElementById('docInput');
  const label  = document.getElementById('fileName');
  const zone   = document.getElementById('dropZone');
  const btn    = document.getElementById('submitBtn');
  if (!input) return;
  input.addEventListener('change', function() {
    if (this.files[0]) {
      label.textContent = this.files[0].name;
      label.style.display = 'block';
    }
  });
  ['dragover','dragenter'].forEach(e => zone.addEventListener(e, ev => { ev.preventDefault(); zone.classList.add('drag'); }));
  ['dragleave','drop'].forEach(e => zone.addEventListener(e, ev => zone.classList.remove('drag')));
  document.getElementById('uploadForm')?.addEventListener('submit', function() {
    if (btn) { btn.disabled = true; btn.textContent = 'Uploading…'; }
  });
 })();
 </script>
 </body>
 </html>
@@ -0,0 +1,61 @@
 <?php
 require_once __DIR__ . '/db.php';
 function _verifyToken(string $token): bool {
    if (!preg_match('/^[a-f0-9]{64}$/', $token)) return false;
    $stmt = db()->prepare("SELECT token FROM admin_tokens WHERE token=? AND expires_at > NOW()");
    $stmt->execute([$token]);
    return (bool)$stmt->fetch();
 }
 $token = preg_replace('/[^a-f0-9]/', '', $_GET['_t'] ?? '');
 if (!_verifyToken($token)) {
    http_response_code(403);
    header('Content-Type: text/plain');
    exit('Unauthorized — please log in to the admin panel first.');
 }
 $ref  = strtoupper(preg_replace('/[^A-Z0-9\-]/', '', $_GET['ref'] ?? ''));
 $type = in_array($_GET['type'] ?? '', ['license','insurance']) ? $_GET['type'] : '';
 if (!$ref || !$type) {
    http_response_code(400);
    header('Content-Type: text/plain');
    exit('Missing parameters.');
 }
 $col  = $type === 'license' ? 'license_file' : 'insurance_file';
 $stmt = db()->prepare("SELECT {$col} AS file_path FROM bookings WHERE booking_ref=?");
 $stmt->execute([$ref]);
 $row  = $stmt->fetch();
 if (!$row || !$row['file_path']) {
    http_response_code(404);
    header('Content-Type: text/plain');
    exit('Document not found.');
 }
 $base = realpath(__DIR__ . '/uploads');
 $path = realpath(__DIR__ . '/' . $row['file_path']);
 if (!$path || !$base || strpos($path, $base . DIRECTORY_SEPARATOR) !== 0) {
    http_response_code(404);
    header('Content-Type: text/plain');
    exit('File not found.');
 }
 $finfo   = new finfo(FILEINFO_MIME_TYPE);
 $mime    = $finfo->file($path);
 $allowed = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'application/pdf' => 'pdf'];
 if (!isset($allowed[$mime])) {
    http_response_code(403);
    header('Content-Type: text/plain');
    exit('Invalid file type.');
 }
 $fname = $type . '-' . $ref . '.' . $allowed[$mime];
 header('Content-Type: ' . $mime);
 header('Content-Disposition: inline; filename="' . $fname . '"');
 header('Content-Length: ' . filesize($path));
 header('Cache-Control: private, max-age=3600');
 readfile($path);
 exit;