'Order ID is required.']); exit; } $order_id = $_GET['order_id']; $user_id = $_SESSION['user_id'] ?? null; // For guest users, we need a token $token = $_GET['token'] ?? null; $pdoconn = db(); // Verify the user or guest has permission to view this order if ($user_id) { $stmt = $pdoconn->prepare("SELECT id FROM orders WHERE id = :order_id AND user_id = :user_id"); $stmt->execute(['order_id' => $order_id, 'user_id' => $user_id]); } else if ($token) { $stmt = $pdoconn->prepare("SELECT id FROM orders WHERE id = :order_id AND token = :token"); $stmt->execute(['order_id' => $order_id, 'token' => $token]); } else { http_response_code(403); echo json_encode(['error' => 'Authentication required.']); exit; } if ($stmt->rowCount() == 0) { http_response_code(404); echo json_encode(['error' => 'Order not found or access denied.']); exit; } // Fetch driver location $stmt = $pdoconn->prepare("SELECT driver_lat, driver_lng FROM orders WHERE id = :order_id"); $stmt->execute(['order_id' => $order_id]); $location = $stmt->fetch(PDO::FETCH_ASSOC); if (!$location || is_null($location['driver_lat']) || is_null($location['driver_lng'])) { http_response_code(404); echo json_encode(['error' => 'Driver location not available yet.']); exit; } header('Content-Type: application/json'); echo json_encode([ 'lat' => $location['driver_lat'], 'lng' => $location['driver_lng'] ]);