first commit

backend/ride/promo/add.php

@@ -0,0 +1,34 @@
+<?php
+require_once __DIR__ . '/../../connect.php';
+
+$promo_code  = filterRequest("promo_code");
+$amount      = filterRequest("amount");
+$description = filterRequest("description");
+$passengerID = filterRequest("passengerID");
+
+if (empty($promo_code)) {
+    jsonError("Promo code is required");
+    exit;
+}
+
+$sql = "INSERT INTO `promos`(
+            `promo_code`, `amount`, `description`, `passengerID`, 
+            `validity_start_date`, `validity_end_date`
+        ) 
+        VALUES (
+            :promo_code, :amount, :description, :passengerID,
+            NOW(), DATE_ADD(NOW(), INTERVAL 1 MONTH)
+        )";
+
+$stmt = $con->prepare($sql);
+$stmt->bindValue(':promo_code', $promo_code);
+$stmt->bindValue(':amount', $amount);
+$stmt->bindValue(':description', $description);
+$stmt->bindValue(':passengerID', $passengerID);
+
+if ($stmt->execute()) {
+    jsonSuccess(null, "Promo data saved successfully");
+} else {
+    jsonError("Failed to save promo data");
+}
+?>

backend/ride/promo/delete.php

@@ -0,0 +1,16 @@
+<?php
+require_once __DIR__ . '/../../connect.php';
+
+$id = filterRequest("id");
+
+$sql = "DELETE FROM `promos` WHERE `id` = :id";
+$stmt = $con->prepare($sql);
+$stmt->bindParam(':id', $id, PDO::PARAM_INT); // استخدام bindParam لحماية الاستعلام
+$stmt->execute();
+
+if ($stmt->rowCount() > 0) {
+    jsonSuccess(null, "Promo data deleted successfully");
+} else {
+    jsonError("Failed to delete promo data");
+}
+?>

backend/ride/promo/get.php

@@ -0,0 +1,30 @@
+<?php
+require_once __DIR__ . '/../../connect.php';
+
+$promo_code = filterRequest("promo_code");
+
+if (!empty($promo_code)) {
+    $sql = "SELECT `id`, `promo_code`, `amount`, `description`, `passengerID`, `validity_start_date`, `validity_end_date` 
+            FROM `promos` 
+            WHERE `promo_code` = :promo_code 
+            AND CURDATE() BETWEEN validity_start_date AND validity_end_date";
+    $stmt = $con->prepare($sql);
+    $stmt->bindParam(':promo_code', $promo_code, PDO::PARAM_STR);
+} else {
+    $sql = "SELECT `id`, `promo_code`, `amount`, `description`, `passengerID`, `validity_start_date`, `validity_end_date` FROM `promos` WHERE `passengerID` IN ('all', 'none', '') ORDER BY id DESC";
+    $stmt = $con->prepare($sql);
+}
+
+$stmt->execute();
+$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+if ($result || (empty($promo_code) && is_array($result))) {
+    jsonSuccess($result);
+} else {
+    if (!empty($promo_code)) {
+        jsonError("Promo code not found or expired");
+    } else {
+        jsonSuccess([], "No promos found");
+    }
+}
+?>

backend/ride/promo/getPromoBytody.php

@@ -0,0 +1,27 @@
+<?php
+require_once __DIR__ . '/../../connect.php';
+
+
+ $passengerID = filterRequest("passengerID"); 
+
+$sql = "SELECT
+   `id`, `promo_code`, `amount`, `description`, `passengerID`, `validity_start_date`,
+    DATEDIFF(promos.validity_end_date, CURDATE()) AS validity_end_date
+FROM
+    `promos`
+WHERE
+    (passengerID = '$passengerID' OR passengerID LIKE '%all%')
+    AND promos.validity_start_date <= CURDATE()
+    AND promos.validity_end_date >= CURDATE();";
+
+$stmt = $con->prepare($sql);
+$stmt->execute();
+$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+if ($result) {
+    jsonSuccess($result);
+} else {
+    // Print an empty list
+    jsonSuccess([]);
+}
+?>

backend/ride/promo/getPromoFirst.php

@@ -0,0 +1,31 @@
+<?php
+require_once __DIR__ . '/../../connect.php';
+
+// Get passengerID and encrypt it only if هو رقم مشفر (إذا لزم الأمر)
+// $passengerID = $encryptionHelper->encryptData(filterRequest("passengerID"));
+$passengerID = filterRequest("passengerID"); // استخدم هذا إذا ID رقم فقط
+
+$sql = "SELECT
+    `id`,
+    `promo_code`,
+    `amount`,
+    `description`,
+    `validity_start_date`,
+    `validity_end_date`
+FROM
+    `promos`
+WHERE
+    `passengerID` = ? AND CURDATE() BETWEEN validity_start_date AND validity_end_date";
+
+$stmt = $con->prepare($sql);
+$stmt->bindParam(1, $passengerID);
+$stmt->execute();
+
+$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+if ($result) {
+    jsonSuccess($result);
+} else {
+    jsonError("Failed to retrieve promo records");
+}
+?>

backend/ride/promo/update.php

@@ -0,0 +1,40 @@
+<?php
+require_once __DIR__ . '/../../connect.php';
+
+$id = filterRequest("id");
+if (empty($id)) {
+    jsonError("ID is required for update");
+    exit;
+}
+
+$allowedFields = [
+    "promo_code", "amount", "description", "passengerID", 
+    "validity_start_date", "validity_end_date"
+];
+
+$setParts = [];
+$params = [];
+
+foreach ($allowedFields as $field) {
+    if (isset($_POST[$field])) {
+        $value = filterRequest($field);
+        $setParts[] = "`$field` = :$field";
+        $params[":$field"] = $value;
+    }
+}
+
+if (empty($setParts)) {
+    jsonError("No valid fields to update.");
+    exit;
+}
+
+$sql = "UPDATE `promos` SET " . implode(", ", $setParts) . " WHERE `id` = :id";
+$params[":id"] = $id;
+
+$stmt = $con->prepare($sql);
+if ($stmt->execute($params)) {
+    jsonSuccess(null, "Promo updated successfully");
+} else {
+    jsonError("Failed to update promo");
+}
+?>