70 lines
2.1 KiB
PHP
70 lines
2.1 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
session_start();
|
|
require_once __DIR__ . '/../db/config.php';
|
|
|
|
$order_id = $_GET['order_id'] ?? null;
|
|
$token = $_GET['token'] ?? null;
|
|
$user_id = $_SESSION['user_id'] ?? null;
|
|
|
|
if (!$order_id) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Order ID not specified']);
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
|
|
$query =
|
|
'SELECT ' .
|
|
'o.status, o.delivery_address, o.driver_lat, o.driver_lng, ' .
|
|
'r.name as restaurant_name, r.lat as restaurant_lat, r.lng as restaurant_lng ' .
|
|
'FROM orders o ' .
|
|
'JOIN restaurants r ON o.restaurant_id = r.id ' .
|
|
'WHERE o.id = ?';
|
|
|
|
$params = [$order_id];
|
|
|
|
if ($user_id) {
|
|
$query .= ' AND o.user_id = ?';
|
|
$params[] = $user_id;
|
|
} elseif ($token) {
|
|
$query .= ' AND o.guest_token = ?';
|
|
$params[] = $token;
|
|
} else {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Permission denied']);
|
|
exit;
|
|
}
|
|
|
|
$stmt = $pdo->prepare($query);
|
|
$stmt->execute($params);
|
|
$order = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($order) {
|
|
// For privacy, we won't return the user's exact address lat/lng.
|
|
// The frontend will have to geocode the delivery address.
|
|
// We will add a Google Maps API key for this in a later step.
|
|
echo json_encode([
|
|
'status' => ucwords($order['status']),
|
|
'delivery_address' => $order['delivery_address'],
|
|
'driver_location' => [
|
|
'lat' => $order['driver_lat'],
|
|
'lng' => $order['driver_lng']
|
|
],
|
|
'restaurant_location' => [
|
|
'name' => $order['restaurant_name'],
|
|
'lat' => $order['restaurant_lat'],
|
|
'lng' => $order['restaurant_lng']
|
|
]
|
|
]);
|
|
} else {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Order not found or permission denied']);
|
|
}
|
|
|
|
} catch (PDOException $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Database error: ' . $e->getMessage()]);
|
|
} |