File Manager V1.5
FILE_CONTENT: admin_bookings.php
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS");
header("Access-Control-Allow-Headers: Authorization, Content-Type, Accept, X-Requested-With, User-Agent, Origin");
header("Access-Control-Max-Age: 86400");
header("Content-Type: application/json; charset=UTF-8");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
require 'vendor/autoload.php';
require 'db.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Dotenv\Dotenv;
$dotenv = Dotenv::createImmutable(__DIR__);
$dotenv->load();
try {
$pdo = new PDO(
"mysql:host={$_ENV['DB_HOST']};dbname={$_ENV['DB_NAME']};charset=utf8mb4",
$_ENV['DB_USER'],
$_ENV['DB_PASSWORD']
);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database connection failed: ' . $e->getMessage()]);
exit;
}
// Используем универсальную функцию для получения токена
$jwt = getAuthToken();
if (!$jwt) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Authorization header missing']);
exit;
}
try {
$decoded = JWT::decode($jwt, new Key($_ENV['JWT_SECRET'], 'HS256'));
if ($decoded->user_type !== 4) {
http_response_code(403);
echo json_encode(['success' => false, 'message' => 'Admin access required']);
exit;
}
} catch (Exception $e) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Invalid token: ' . $e->getMessage()]);
exit;
}
$method = $_SERVER['REQUEST_METHOD'];
$input = file_get_contents('php://input');
$data = json_decode($input, true);
switch ($method) {
case 'GET':
try {
$page = $_GET['page'] ?? 1;
$limit = $_GET['limit'] ?? 10;
$offset = ($page - 1) * $limit;
$query = "
SELECT b.*, c.brand, c.model, c.price,
(SELECT image_path FROM car_images WHERE car_id = b.car_id LIMIT 1) as main_image,
COUNT(*) OVER() as total_count,
CASE
WHEN b.user_type = 0 THEN i.first_name
WHEN b.user_type = 1 THEN co.company_name
WHEN b.user_type = 2 THEN lm.company_name
END as user_name,
CASE
WHEN b.user_type = 0 THEN i.number
WHEN b.user_type = 1 THEN co.number
WHEN b.user_type = 2 THEN lm.number
END as user_phone
FROM bookings b
JOIN car_listings c ON b.car_id = c.id
LEFT JOIN individusers i ON b.user_type = 0 AND b.user_id = i.id
LEFT JOIN companyusers co ON b.user_type = 1 AND b.user_id = co.id
LEFT JOIN leasingmanagers lm ON b.user_type = 2 AND b.user_id = lm.id
ORDER BY b.booking_date DESC
LIMIT ? OFFSET ?
";
$stmt = $pdo->prepare($query);
$stmt->bindValue(1, (int)$limit, PDO::PARAM_INT);
$stmt->bindValue(2, (int)$offset, PDO::PARAM_INT);
$stmt->execute();
$bookings = $stmt->fetchAll(PDO::FETCH_ASSOC);
$totalCount = $bookings[0]['total_count'] ?? 0;
unset($bookings[0]['total_count']);
foreach ($bookings as &$booking) {
if ($booking['main_image']) {
$booking['main_image'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . '/uploads/' . $booking['main_image'];
}
}
echo json_encode([
'success' => true,
'data' => $bookings,
'total' => $totalCount,
'page' => $page,
'limit' => $limit
]);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
case 'PUT':
if (empty($data['id']) || !isset($data['status'])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Booking ID and status are required']);
exit;
}
try {
$validStatuses = ['pending', 'confirmed', 'canceled', 'completed'];
if (!in_array($data['status'], $validStatuses)) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Invalid status']);
exit;
}
$stmt = $pdo->prepare("UPDATE bookings SET status = ? WHERE id = ?");
$stmt->execute([$data['status'], $data['id']]);
echo json_encode([
'success' => true,
'message' => 'Booking status updated to ' . $data['status']
]);
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
case 'POST':
if (empty($data['id'])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Booking ID is required']);
exit;
}
try {
$pdo->beginTransaction();
$stmt = $pdo->prepare("UPDATE bookings SET status = 'completed', completed_at = NOW() WHERE id = ?");
$stmt->execute([$data['id']]);
$pdo->commit();
echo json_encode([
'success' => true,
'message' => 'Booking completed successfully'
]);
} catch (PDOException $e) {
$pdo->rollBack();
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
case 'DELETE':
if (empty($data['id'])) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Booking ID is required']);
exit;
}
try {
$pdo->beginTransaction();
$stmt = $pdo->prepare("DELETE FROM bookings WHERE id = ?");
$stmt->execute([$data['id']]);
$pdo->commit();
echo json_encode([
'success' => true,
'message' => 'Booking canceled successfully'
]);
} catch (PDOException $e) {
$pdo->rollBack();
http_response_code(500);
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
break;
default:
http_response_code(405);
echo json_encode(['success' => false, 'message' => 'Method not allowed']);
break;
}
?>[ KEMBALI ]