54 lines
1.6 KiB
PHP
54 lines
1.6 KiB
PHP
<?php
|
|
session_start();
|
|
require_once '../db/config.php';
|
|
|
|
if (!isset($_GET['order_id'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Order ID is required.']);
|
|
exit;
|
|
}
|
|
|
|
$order_id = $_GET['order_id'];
|
|
$user_id = $_SESSION['user_id'] ?? null;
|
|
|
|
// For guest users, we need a token
|
|
$token = $_GET['token'] ?? null;
|
|
|
|
$pdoconn = db();
|
|
|
|
// Verify the user or guest has permission to view this order
|
|
if ($user_id) {
|
|
$stmt = $pdoconn->prepare("SELECT id FROM orders WHERE id = :order_id AND user_id = :user_id");
|
|
$stmt->execute(['order_id' => $order_id, 'user_id' => $user_id]);
|
|
} else if ($token) {
|
|
$stmt = $pdoconn->prepare("SELECT id FROM orders WHERE id = :order_id AND token = :token");
|
|
$stmt->execute(['order_id' => $order_id, 'token' => $token]);
|
|
} else {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Authentication required.']);
|
|
exit;
|
|
}
|
|
|
|
if ($stmt->rowCount() == 0) {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Order not found or access denied.']);
|
|
exit;
|
|
}
|
|
|
|
// Fetch driver location
|
|
$stmt = $pdoconn->prepare("SELECT driver_lat, driver_lng FROM orders WHERE id = :order_id");
|
|
$stmt->execute(['order_id' => $order_id]);
|
|
$location = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$location || is_null($location['driver_lat']) || is_null($location['driver_lng'])) {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Driver location not available yet.']);
|
|
exit;
|
|
}
|
|
|
|
header('Content-Type: application/json');
|
|
echo json_encode([
|
|
'lat' => $location['driver_lat'],
|
|
'lng' => $location['driver_lng']
|
|
]);
|