PHP sessions were unreliable on this host — the web process could write
session files but LiteSpeed served cached login-page responses on the
redirect, bypassing PHP entirely.
Replace sessions with a self-contained signed cookie:
- On login: generate random 32-byte token + expiry, sign with HMAC-SHA256
- On each request: verify signature and expiry — no filesystem reads needed
- Cookie: Secure, HttpOnly, SameSite=Lax, path=/admin/, 24h expiry
- admin/.htaccess: CacheEnable off + no-store headers to prevent LiteSpeed
from caching admin responses
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Admin portal overhaul:
- Fix require_once path (was admin/db.php, should be ../db.php) — this was
the root cause of the login always redirecting back to the login page
- Fix session save path to /home/parkerslingshotrentals.com/sessions so the
web user (parke1909) can actually read sessions back (the system default
/var/lib/php/sessions was write-only for non-root)
- Fix AJAX unauthenticated response: return 401 JSON instead of login HTML
- Fresh bcrypt hash for admin password (Parker2026!)
- Add 3 new DB columns: insurance_verified, deposit_received, license_verified
- Replace flat bookings table with expandable per-customer flow panel:
click any row to open a 3-column detail drawer showing:
(1) full contact info + admin notes
(2) 6-step booking flow checklist with inline toggle buttons for steps
that admin marks (insurance, deposit, license)
(3) send-reminder email builder — pick which pending items to include,
send customer a personalized nudge with waiver link + instructions
- Progress dots in table row update live when admin toggles a step
- Stats row now includes waiver, insurance, deposit counts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- waiver.php: full rental agreement with canvas e-signature pad, 6 required
checkboxes, typed name field; stores sig image + IP + timestamp in DB;
emails signed confirmation to customer and admin
- bookings table: add waiver_signed, waiver_signed_at, waiver_ip, waiver_name,
waiver_sig columns
- contact.php: confirmation email now includes Sign Rental Agreement button/link
- admin/index.php: Waiver column shows Signed (date) or Pending + Send Link
- index.html: How It Works expanded to 5 steps (added Get Approved + Sign Waiver
before Hit the Road); insurance updated to Proof of insurance required; FAQ
and JSON-LD updated to match
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Hamburger button appears on screens ≤768px. Tapping opens a full-screen
drawer with all nav links + Book Now CTA. Closes on link tap, Escape key,
or toggling the button. Body scroll locks while drawer is open.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>