'Unauthorized']); exit; } $action = $_GET['action'] ?? ''; $user_id = $_SESSION['user_id']; try { switch ($action) { case 'list': $stmt = $pdo->prepare("SELECT * FROM trips WHERE user_id = ? ORDER BY created_at DESC"); $stmt->execute([$user_id]); echo json_encode(['trips' => $stmt->fetchAll(PDO::FETCH_ASSOC)]); break; case 'get': $id = $_GET['id'] ?? ''; $stmt = $pdo->prepare("SELECT * FROM trips WHERE id = ? AND user_id = ?"); $stmt->execute([$id, $user_id]); $trip = $stmt->fetch(PDO::FETCH_ASSOC); if (!$trip) { http_response_code(404); echo json_encode(['error' => 'Trip not found']); } else { echo json_encode(['trip' => $trip]); } break; case 'create': $data = json_decode(file_get_contents('php://input'), true); $stmt = $pdo->prepare("INSERT INTO trips (user_id, title, start_date, end_date, preferences, itinerary) VALUES (?, ?, ?, ?, ?, ?)"); $stmt->execute([ $user_id, $data['title'], $data['start_date'], $data['end_date'], json_encode($data['preferences']), json_encode($data['itinerary']) ]); echo json_encode(['success' => true, 'trip_id' => $pdo->lastInsertId()]); break; case 'update': $id = $_GET['id'] ?? ''; $data = json_decode(file_get_contents('php://input'), true); $stmt = $pdo->prepare("UPDATE trips SET itinerary = ? WHERE id = ? AND user_id = ?"); $stmt->execute([json_encode($data['itinerary']), $id, $user_id]); echo json_encode(['success' => true]); break; case 'delete': $id = $_GET['id'] ?? ''; $stmt = $pdo->prepare("DELETE FROM trips WHERE id = ? AND user_id = ?"); $stmt->execute([$id, $user_id]); echo json_encode(['success' => true]); break; default: http_response_code(400); echo json_encode(['error' => 'Invalid action']); } } catch (Exception $e) { http_response_code(500); echo json_encode(['error' => $e->getMessage()]); }