72eeb24cd7
- Replaced all client-facing $e->getMessage() with generic error messages - Added error_log() with filename prefix to all catch blocks - Covered jsonError(), echo, and json_encode() response patterns - Also fixed 2 remaining display_errors=1 and add_invoice.php leak - Script-assisted fix for 75 files, manual fix for 12 remaining edge cases
45 lines
1.5 KiB
PHP
45 lines
1.5 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../../connect.php';
|
|
|
|
$inviteCode = filterRequest("inviteCode");
|
|
|
|
if (empty($inviteCode)) {
|
|
jsonError("Invalid or missing invite code.");
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$checkSql = "SELECT `id`, `expirationTime`, `driverId` FROM `invites`
|
|
WHERE `inviteCode` = :inviteCode
|
|
AND `isInstall` = 0
|
|
AND `expirationTime` > NOW()";
|
|
|
|
$checkStmt = $con->prepare($checkSql);
|
|
$checkStmt->bindParam(':inviteCode', $inviteCode);
|
|
$checkStmt->execute();
|
|
|
|
if ($checkStmt->rowCount() > 0) {
|
|
$invite = $checkStmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
$updateSql = "UPDATE `invites` SET `isInstall` = 1 WHERE `id` = :id";
|
|
$updateStmt = $con->prepare($updateSql);
|
|
$updateStmt->bindParam(':id', $invite['id'], PDO::PARAM_INT);
|
|
$updateStmt->execute();
|
|
|
|
if ($updateStmt->rowCount() > 0) {
|
|
printSuccess([
|
|
"message" => "Invite code successfully used and marked as installed.",
|
|
"driverId" => $invite['driverId'],
|
|
"expirationTime" => $invite['expirationTime']
|
|
]);
|
|
} else {
|
|
jsonError("Failed to update the invite record.");
|
|
}
|
|
} else {
|
|
jsonError("Invalid invite code, already installed, or expired.");
|
|
}
|
|
} catch (PDOException $e) {
|
|
error_log("[updateInvitationCodeFromRegister.php] " . $e->getMessage());
|
|
jsonError("An internal error occurred. Please try again later.");
|
|
}
|
|
?>
|