72eeb24cd7
- Replaced all client-facing $e->getMessage() with generic error messages - Added error_log() with filename prefix to all catch blocks - Covered jsonError(), echo, and json_encode() response patterns - Also fixed 2 remaining display_errors=1 and add_invoice.php leak - Script-assisted fix for 75 files, manual fix for 12 remaining edge cases
46 lines
1.5 KiB
PHP
46 lines
1.5 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../../connect.php';
|
|
|
|
$inviteCode = filterRequest("inviteCode");
|
|
$passengerID = filterRequest("passengerID");
|
|
|
|
if (empty($inviteCode) || empty($passengerID)) {
|
|
jsonError("Invalid or missing invite code or passenger ID.");
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$checkSql = "SELECT `id`, `expirationTime` FROM `invitesToPassengers`
|
|
WHERE `inviteCode` = :inviteCode
|
|
AND `isInstall` = 0
|
|
AND `isGiftToken` = 0";
|
|
|
|
$checkStmt = $con->prepare($checkSql);
|
|
$checkStmt->bindParam(':inviteCode', $inviteCode);
|
|
$checkStmt->execute();
|
|
|
|
if ($checkStmt->rowCount() > 0) {
|
|
$invite = $checkStmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
$updateSql = "UPDATE `invitesToPassengers`
|
|
SET `isInstall` = 1, `passengerID` = :passengerID
|
|
WHERE `id` = :id";
|
|
|
|
$updateStmt = $con->prepare($updateSql);
|
|
$updateStmt->bindParam(':id', $invite['id'], PDO::PARAM_INT);
|
|
$updateStmt->bindParam(':passengerID', $passengerID);
|
|
$updateStmt->execute();
|
|
|
|
if ($updateStmt->rowCount() > 0) {
|
|
jsonSuccess(null, "Invite code successfully used and marked as installed.");
|
|
} else {
|
|
jsonError("Invite found but update failed.");
|
|
}
|
|
} else {
|
|
jsonError("Invalid invite code, already used, or marked as gift.");
|
|
}
|
|
} catch (PDOException $e) {
|
|
error_log("[updatePassengersInvitation.php] " . $e->getMessage());
|
|
jsonError("An internal error occurred. Please try again later.");
|
|
}
|
|
?>
|