Commit Graph

6 Commits

Author SHA1 Message Date
myron 10e1ffa27b Change deposit to $45, add balance-due-at-pickup calculations
- DEPOSIT_AMOUNT changed from $100 to $45
- Balance (package price minus $45) shown dynamically in booking form when package selected
- Customer confirmation email shows breakdown: deposit hold + balance at pickup
- Admin email table includes deposit hold and balance columns
- Admin booking flow step 5 shows deposit held + balance at pickup
- Reminder email deposit detail updated to reflect held deposit and balance
- Live status field shows $45 during card authorization flow

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 18:38:04 +00:00
myron cca3129f6e Add Square deposit payment integration
- Square Web Payments SDK card element in booking form
- Delayed-capture hold ($100) on booking submit — not charged until confirmed
- Live payment status field: Verifying card → Authorizing → Confirmed w/ hold ID
- Admin: Capture / Void / Refund actions for each booking
- square_payment_id returned in API response for frontend confirmation display

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 18:33:16 +00:00
myron 8f5362aa95 Fix admin login: replace PHP sessions with HMAC cookie auth
PHP sessions were unreliable on this host — the web process could write
session files but LiteSpeed served cached login-page responses on the
redirect, bypassing PHP entirely.

Replace sessions with a self-contained signed cookie:
- On login: generate random 32-byte token + expiry, sign with HMAC-SHA256
- On each request: verify signature and expiry — no filesystem reads needed
- Cookie: Secure, HttpOnly, SameSite=Lax, path=/admin/, 24h expiry
- admin/.htaccess: CacheEnable off + no-store headers to prevent LiteSpeed
  from caching admin responses

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 14:15:33 +00:00
myron b3b831e4a0 Add per-customer booking flow checklist + fix admin login
Admin portal overhaul:
- Fix require_once path (was admin/db.php, should be ../db.php) — this was
  the root cause of the login always redirecting back to the login page
- Fix session save path to /home/parkerslingshotrentals.com/sessions so the
  web user (parke1909) can actually read sessions back (the system default
  /var/lib/php/sessions was write-only for non-root)
- Fix AJAX unauthenticated response: return 401 JSON instead of login HTML
- Fresh bcrypt hash for admin password (Parker2026!)
- Add 3 new DB columns: insurance_verified, deposit_received, license_verified
- Replace flat bookings table with expandable per-customer flow panel:
  click any row to open a 3-column detail drawer showing:
  (1) full contact info + admin notes
  (2) 6-step booking flow checklist with inline toggle buttons for steps
      that admin marks (insurance, deposit, license)
  (3) send-reminder email builder — pick which pending items to include,
      send customer a personalized nudge with waiver link + instructions
- Progress dots in table row update live when admin toggles a step
- Stats row now includes waiver, insurance, deposit counts

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 14:01:42 +00:00
myron 85448d18c5 Add digital e-signature waiver + update How It Works to 5 steps
- waiver.php: full rental agreement with canvas e-signature pad, 6 required
  checkboxes, typed name field; stores sig image + IP + timestamp in DB;
  emails signed confirmation to customer and admin
- bookings table: add waiver_signed, waiver_signed_at, waiver_ip, waiver_name,
  waiver_sig columns
- contact.php: confirmation email now includes Sign Rental Agreement button/link
- admin/index.php: Waiver column shows Signed (date) or Pending + Send Link
- index.html: How It Works expanded to 5 steps (added Get Approved + Sign Waiver
  before Hit the Road); insurance updated to Proof of insurance required; FAQ
  and JSON-LD updated to match

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 13:49:31 +00:00
myron 2ecf8f04c4 Add availability calendar, admin portal, and booking backend
- db.php: shared config, PDO, SendGrid, package definitions
- availability.php: GET endpoint returning booked/blocked dates by month
- contact.php: booking handler with DB record, availability check, SendGrid emails
- admin/index.php: full admin portal (login, bookings table, status/notes AJAX, block dates)
- index.html: interactive availability calendar with click-to-select, wires to /contact.php
- .htaccess: block direct access to db.php

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 13:39:20 +00:00