mirror of
https://github.com/myronblair/parkerslingshotrentals
synced 2026-06-30 09:40:14 -05:00
072272104e
- db.php: SITE_URL -> https://www.parkerslingshotrentals.com - db.php: add ADMIN_PHONE (817) 266-2022 - index.html, contact.php, admin/index.php: fix placeholder phone 555-0199 -> 266-2022 - admin/view-doc.php: new secure doc viewer (URL-token auth, bookings table) - upload-docs.php, view-doc.php: added from subdomain (already used db.php/bookings)
170 lines
9.8 KiB
PHP
170 lines
9.8 KiB
PHP
<?php
|
|
require_once __DIR__ . '/db.php';
|
|
|
|
header('Content-Type: application/json');
|
|
header('Access-Control-Allow-Origin: ' . SITE_URL . '');
|
|
header('Access-Control-Allow-Methods: POST, OPTIONS');
|
|
header('Access-Control-Allow-Headers: Content-Type');
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(204); exit; }
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode(['success'=>false,'error'=>'Method not allowed']); exit; }
|
|
|
|
$input = json_decode(file_get_contents('php://input'), true) ?: $_POST;
|
|
|
|
$name = trim(strip_tags($input['name'] ?? ''));
|
|
$email = trim(strip_tags($input['email'] ?? ''));
|
|
$phone = trim(strip_tags($input['phone'] ?? ''));
|
|
$package = trim(strip_tags($input['package'] ?? ''));
|
|
$date = trim(strip_tags($input['date'] ?? ''));
|
|
$message = trim(strip_tags($input['message'] ?? ''));
|
|
$squareToken = trim($input['square_token'] ?? '');
|
|
|
|
if (!$name || !$email || !$package || !$date) {
|
|
http_response_code(400);
|
|
echo json_encode(['success'=>false,'error'=>'Name, email, package, and date are required.']); exit;
|
|
}
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
http_response_code(400);
|
|
echo json_encode(['success'=>false,'error'=>'Invalid email address.']); exit;
|
|
}
|
|
if (!isset(PACKAGES[$package])) {
|
|
http_response_code(400);
|
|
echo json_encode(['success'=>false,'error'=>'Invalid package.']); exit;
|
|
}
|
|
if (!preg_match('/^\d{4}-\d{2}-\d{2}$/', $date) || strtotime($date) < strtotime('today')) {
|
|
http_response_code(400);
|
|
echo json_encode(['success'=>false,'error'=>'Invalid or past date.']); exit;
|
|
}
|
|
|
|
$pkg = PACKAGES[$package];
|
|
$rentalDate = $date;
|
|
$endDate = date('Y-m-d', strtotime($date . ' +' . $pkg['days'] . ' days'));
|
|
|
|
// Check availability
|
|
$conflict = db()->prepare(
|
|
"SELECT id FROM bookings
|
|
WHERE status IN ('pending','confirmed')
|
|
AND rental_date <= ? AND end_date >= ?"
|
|
);
|
|
$conflict->execute([$endDate, $rentalDate]);
|
|
if ($conflict->fetch()) {
|
|
echo json_encode(['success'=>false,'error'=>'Sorry, that date is already booked. Please choose another date.']); exit;
|
|
}
|
|
$blockedCheck = db()->prepare("SELECT id FROM blocked_dates WHERE block_date BETWEEN ? AND ?");
|
|
$blockedCheck->execute([$rentalDate, $endDate]);
|
|
if ($blockedCheck->fetch()) {
|
|
echo json_encode(['success'=>false,'error'=>'That date is unavailable. Please choose another date.']); exit;
|
|
}
|
|
|
|
// Create booking
|
|
$ref = generateRef();
|
|
$stmt = db()->prepare(
|
|
"INSERT INTO bookings (booking_ref, name, email, phone, package, rental_date, end_date, amount, notes)
|
|
VALUES (?,?,?,?,?,?,?,?,?)"
|
|
);
|
|
$stmt->execute([$ref, $name, $email, $phone, $package, $rentalDate, $endDate, $pkg['amount'], $message]);
|
|
|
|
$dateLabel = date('F j, Y', strtotime($rentalDate));
|
|
$pkgLabel = $pkg['label'];
|
|
$amountLabel = '$' . number_format($pkg['amount'], 2);
|
|
$depositLabel = '$' . number_format(DEPOSIT_AMOUNT, 2);
|
|
$balance = $pkg['amount'] - DEPOSIT_AMOUNT;
|
|
$balanceLabel = '$' . number_format($balance, 2);
|
|
|
|
// Admin email
|
|
$adminHtml = "<div style='max-width:600px;margin:0 auto;font-family:Arial,sans-serif'>
|
|
<div style='background:#f97316;padding:20px;text-align:center'>
|
|
<h1 style='color:#fff;margin:0;font-size:20px'>New Booking Request — {$ref}</h1>
|
|
</div>
|
|
<div style='padding:24px;background:#fff;border:1px solid #e5e7eb'>
|
|
<table style='width:100%;font-size:15px'>
|
|
<tr><td style='color:#6b7280;padding:8px 0;width:110px'>Ref</td><td style='padding:8px 0;font-weight:700'>{$ref}</td></tr>
|
|
<tr><td style='color:#6b7280;padding:8px 0'>Name</td><td style='padding:8px 0'>" . htmlspecialchars($name) . "</td></tr>
|
|
<tr><td style='color:#6b7280;padding:8px 0'>Email</td><td style='padding:8px 0'>" . htmlspecialchars($email) . "</td></tr>
|
|
<tr><td style='color:#6b7280;padding:8px 0'>Phone</td><td style='padding:8px 0'>" . htmlspecialchars($phone ?: '—') . "</td></tr>
|
|
<tr><td style='color:#6b7280;padding:8px 0'>Package</td><td style='padding:8px 0;font-weight:700;color:#f97316'>{$pkgLabel} — {$amountLabel}</td></tr>
|
|
<tr><td style='color:#6b7280;padding:8px 0'>Date</td><td style='padding:8px 0;font-weight:700'>{$dateLabel}</td></tr>
|
|
<tr><td style='color:#6b7280;padding:8px 0'>Deposit Hold</td><td style='padding:8px 0'>{$depositLabel} (card held — not charged yet)</td></tr>
|
|
<tr><td style='color:#6b7280;padding:8px 0'>Balance Due</td><td style='padding:8px 0;font-weight:700;color:#16a34a'>{$balanceLabel} at pickup</td></tr>
|
|
</table>
|
|
" . ($message ? "<div style='margin-top:12px;padding:12px;background:#fff7ed;border-left:4px solid #f97316'>" . nl2br(htmlspecialchars($message)) . "</div>" : "") . "
|
|
<p style='margin-top:16px;font-size:13px;color:#9ca3af'>Submitted " . date('F j, Y g:i A') . " CT</p>
|
|
</div>
|
|
</div>";
|
|
|
|
// Customer confirmation email
|
|
$confirmHtml = "<div style='max-width:600px;margin:0 auto;font-family:Arial,sans-serif'>
|
|
<div style='background:#0d0d0d;padding:24px;text-align:center'>
|
|
<h1 style='color:#f97316;margin:0;font-size:20px'>Parker County Slingshot Rentals</h1>
|
|
</div>
|
|
<div style='padding:32px;background:#fff'>
|
|
<h2 style='margin-top:0;color:#0d0d0d'>Booking Request Received!</h2>
|
|
<p style='color:#374151'>Hey " . htmlspecialchars($name) . ", your request is in. We'll confirm availability and reach out within a few hours.</p>
|
|
<div style='background:#fff7ed;border:1px solid #fed7aa;border-radius:10px;padding:20px;margin:20px 0'>
|
|
<p style='margin:0 0 6px;font-size:13px;color:#9ca3af;text-transform:uppercase;letter-spacing:1px'>Booking Reference</p>
|
|
<p style='margin:0 0 16px;font-size:22px;font-weight:700;color:#f97316'>{$ref}</p>
|
|
<p style='margin:4px 0;font-size:14px;color:#374151'><strong>Package:</strong> {$pkgLabel}</p>
|
|
<p style='margin:4px 0;font-size:14px;color:#374151'><strong>Requested Date:</strong> {$dateLabel}</p>
|
|
<p style='margin:4px 0;font-size:14px;color:#374151'><strong>Total:</strong> {$amountLabel}</p>
|
|
<p style='margin:4px 0;font-size:14px;color:#374151'><strong>Deposit (card hold today):</strong> {$depositLabel} <span style='font-size:12px;color:#9ca3af'>— not charged until confirmed</span></p>
|
|
<p style='margin:4px 0;font-size:14px;color:#374151'><strong>Balance due at pickup:</strong> <span style='font-weight:700;color:#16a34a'>{$balanceLabel}</span></p>
|
|
</div>
|
|
<div style='margin:20px 0;padding:16px;background:#fff7ed;border:1px solid #fed7aa;border-radius:10px;text-align:center'>
|
|
<p style='margin:0 0 10px;font-size:14px;font-weight:700;color:#111'>Next Step: Sign Your Rental Agreement</p>
|
|
<p style='margin:0 0 14px;font-size:13px;color:#6b7280'>Once your booking is confirmed you'll sign our digital waiver online — no printer needed. Your link:</p>
|
|
<a href='' . SITE_URL . '/waiver.php?ref={$ref}' style='display:inline-block;background:#f97316;color:#fff;text-decoration:none;padding:10px 24px;border-radius:6px;font-weight:700;font-size:14px'>Sign Rental Agreement →</a>
|
|
</div>
|
|
<p style='color:#374151'>Questions? Call or text <strong>(817) 266-2022</strong> or reply to this email.</p>
|
|
<p style='color:#374151'>Ride on,<br><strong>The Parker County Slingshot Team</strong></p>
|
|
</div>
|
|
<div style='background:#f3f4f6;padding:16px;text-align:center'>
|
|
<p style='margin:0;font-size:12px;color:#9ca3af'>© " . date('Y') . " Parker County Slingshot Rentals — Weatherford, TX</p>
|
|
</div>
|
|
</div>";
|
|
|
|
// Square deposit authorization (delayed capture — hold only, not charged yet)
|
|
$depositStatus = null;
|
|
if ($squareToken) {
|
|
$sqResp = squareApi('POST', '/payments', [
|
|
'source_id' => $squareToken,
|
|
'idempotency_key' => $ref . '-dep-' . time(),
|
|
'amount_money' => ['amount' => (int)(DEPOSIT_AMOUNT * 100), 'currency' => 'USD'],
|
|
'autocomplete' => false, // hold only — capture when confirmed
|
|
'location_id' => SQUARE_LOCATION_ID,
|
|
'note' => "Deposit hold — booking {$ref}",
|
|
'reference_id' => $ref,
|
|
'buyer_email_address' => $email,
|
|
]);
|
|
if (!empty($sqResp['payment']['id'])) {
|
|
$sqId = $sqResp['payment']['id'];
|
|
$sqSts = $sqResp['payment']['status']; // APPROVED
|
|
db()->prepare("UPDATE bookings SET square_payment_id=?, square_payment_status=? WHERE booking_ref=?")
|
|
->execute([$sqId, $sqSts, $ref]);
|
|
$depositStatus = $sqSts;
|
|
}
|
|
}
|
|
|
|
// Add Square authorization badge to customer email if hold was placed
|
|
if ($depositStatus) {
|
|
$confirmHtml = str_replace(
|
|
"<p style='margin:4px 0;font-size:14px;color:#374151'><strong>Deposit (card hold today):</strong> {$depositLabel}",
|
|
"<p style='margin:4px 0;font-size:14px;color:#374151'><strong>Deposit (card hold today):</strong> {$depositLabel} <span style='font-size:12px;color:#16a34a;font-weight:700'>✓ Authorized</span>",
|
|
$confirmHtml
|
|
);
|
|
}
|
|
|
|
// Add deposit note to admin email if applicable
|
|
if ($depositStatus) {
|
|
$adminHtml = str_replace(
|
|
"<p style='margin-top:16px;font-size:13px;color:#9ca3af'>",
|
|
"<p style='margin-top:8px;font-size:13px;color:#16a34a;font-weight:700'>✓ \$" . number_format(DEPOSIT_AMOUNT, 2) . " deposit hold authorized (Square — not yet captured)</p><p style='margin-top:8px;font-size:13px;color:#9ca3af'>",
|
|
$adminHtml
|
|
);
|
|
}
|
|
|
|
sendEmail(ADMIN_EMAIL, 'Parker Slingshot Admin', "New Booking {$ref}: {$name} — {$pkgLabel} on {$dateLabel}", $adminHtml);
|
|
sendEmail($email, $name, "Booking Request {$ref} — Parker County Slingshot Rentals", $confirmHtml);
|
|
|
|
$msg = "Booking request received! Your reference is {$ref}. We'll be in touch shortly.";
|
|
if ($depositStatus) $msg .= " A \$" . number_format(DEPOSIT_AMOUNT, 2) . " refundable deposit hold has been placed on your card.";
|
|
echo json_encode(['success'=>true,'ref'=>$ref,'deposit_held'=>(bool)$depositStatus,'square_payment_id'=>$sqId??null,'message'=>$msg]);
|