54 lines
1.7 KiB
PHP
54 lines
1.7 KiB
PHP
<?php
|
|
require_once 'includes/header.php';
|
|
require_once 'db/config.php';
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: login.php');
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_GET['id'])) {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
$client_contract_id = $_GET['id'];
|
|
|
|
// Ensure the user can only view their own signed contracts, or if they are a coach
|
|
$stmt = db()->prepare('SELECT cc.*, c.title, c.content FROM client_contracts cc JOIN contracts c ON cc.contract_id = c.id WHERE cc.id = ?');
|
|
$stmt->execute([$client_contract_id]);
|
|
$contract = $stmt->fetch();
|
|
|
|
if (!$contract) {
|
|
die('Contract not found.');
|
|
}
|
|
|
|
if ($_SESSION['user_type'] === 'client' && $contract['client_id'] !== $_SESSION['user_id']) {
|
|
die('Access denied.');
|
|
}
|
|
|
|
if ($_SESSION['user_type'] === 'coach') {
|
|
// A coach can see any contract, for now. In a real app, you would check if the client belongs to the coach.
|
|
}
|
|
|
|
?>
|
|
|
|
<div class="container mt-5">
|
|
<div class="card">
|
|
<div class="card-header">
|
|
<h3><?php echo htmlspecialchars($contract['title']); ?></h3>
|
|
<p class="text-muted">Signed on <?php echo date('F j, Y', strtotime($contract['signed_at'])); ?></p>
|
|
</div>
|
|
<div class="card-body">
|
|
<?php if (!empty($contract['docuseal_document_url'])): ?>
|
|
<iframe src="<?php echo htmlspecialchars($contract['docuseal_document_url']); ?>" width="100%" height="800px" frameborder="0"></iframe>
|
|
<?php else: ?>
|
|
<p>The contract has not been signed yet.</p>
|
|
<?php endif; ?>
|
|
</div>
|
|
</div>
|
|
<a href="javascript:history.back()" class="btn btn-secondary mt-3">Back</a>
|
|
</div>
|
|
|
|
<?php require_once 'includes/footer.php'; ?>
|