From 9029ce2d12a70353c319ab384b930ebe5d4dfcf8 Mon Sep 17 00:00:00 2001
From: Myron Blair <myronblair@outlook.com>
Date: Fri, 22 May 2026 22:15:41 +0000
Subject: [PATCH] Fix: blocked dates enforce on date input; fix CORS + no-cache
 on availability endpoint

---
 availability.php | 11 ++++++-----
 index.html       | 29 +++++++++++++++++++----------
 2 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/availability.php b/availability.php
index c8f6515..351a623 100644
--- a/availability.php
+++ b/availability.php
@@ -2,7 +2,8 @@
 require_once __DIR__ . '/db.php';
 
 header('Content-Type: application/json');
-header('Access-Control-Allow-Origin: https://parkerslingshotrentals.com');
+header('Access-Control-Allow-Origin: ' . SITE_URL);
+header('Cache-Control: no-store, no-cache, must-revalidate');
 
 $month = (int)($_GET['month'] ?? date('n'));
 $year  = (int)($_GET['year']  ?? date('Y'));
@@ -12,7 +13,7 @@ $year  = max(date('Y'), min(date('Y') + 2, $year));
 $start = sprintf('%04d-%02d-01', $year, $month);
 $end   = date('Y-m-t', strtotime($start));
 
-// Booked dates from confirmed/pending bookings
+// Bookings that overlap this month — including those that start last month and end this month
 $booked = db()->prepare(
     "SELECT rental_date, end_date FROM bookings
      WHERE status IN ('pending','confirmed')
@@ -30,7 +31,7 @@ foreach ($booked->fetchAll() as $row) {
     }
 }
 
-// Admin-blocked dates
+// Admin-blocked dates for this month
 $blocked = db()->prepare(
     "SELECT block_date FROM blocked_dates WHERE block_date BETWEEN ? AND ?"
 );
@@ -40,7 +41,7 @@ foreach ($blocked->fetchAll() as $row) {
 }
 
 echo json_encode([
-    'month'       => $month,
-    'year'        => $year,
+    'month'        => $month,
+    'year'         => $year,
     'booked_dates' => array_values(array_unique($bookedDays)),
 ]);
diff --git a/index.html b/index.html
index e92eb19..d3490c6 100644
--- a/index.html
+++ b/index.html
@@ -810,6 +810,7 @@
               <option value="weekend">Weekend — $299</option>
             </select>
             <input type="date" name="date" required />
+            <div id="date-unavail-msg" style="display:none;color:#f87171;font-size:.82rem;margin-top:.25rem">That date is already booked or unavailable. Please choose another.</div>
             <textarea name="message" placeholder="Anything else we should know? (optional)"></textarea>
 
             <!-- Square deposit card -->
@@ -972,18 +973,26 @@
     // Initial load
     loadCalendar(calMonth, calYear);
 
-    // Keep calendar in sync when user types a date manually
+    // Keep calendar in sync when user types a date manually; validate against bookedSet
     if (dateInput) {
-      dateInput.addEventListener('change', () => {
-        if (dateInput.value) {
-          const [y, m] = dateInput.value.split('-').map(Number);
-          if (m !== calMonth || y !== calYear) {
-            calMonth = m; calYear = y;
-            loadCalendar(calMonth, calYear);
-          }
-          selectedDate = dateInput.value;
-          renderCalendar(calMonth, calYear);
+      dateInput.addEventListener('change', async () => {
+        const val = dateInput.value;
+        if (!val) return;
+        const [y, m] = val.split('-').map(Number);
+        if (m !== calMonth || y !== calYear) {
+          calMonth = m; calYear = y;
+          await loadCalendar(calMonth, calYear);
         }
+        const unavailMsg = document.getElementById('date-unavail-msg');
+        if (bookedSet.has(val)) {
+          dateInput.value = '';
+          selectedDate = null;
+          if (unavailMsg) { unavailMsg.style.display = 'block'; setTimeout(() => unavailMsg.style.display = 'none', 5000); }
+        } else {
+          selectedDate = val;
+          if (unavailMsg) unavailMsg.style.display = 'none';
+        }
+        renderCalendar(calMonth, calYear);
       });
     }