38975-vm/api/trips.php

<?php
require_once __DIR__ . '/../includes/db.php';
require_once __DIR__ . '/../includes/auth.php';

header('Content-Type: application/json');

if (!isLoggedIn()) {
    http_response_code(401);
    echo json_encode(['error' => 'Unauthorized']);
    exit;
}

$action = $_GET['action'] ?? '';
$user_id = $_SESSION['user_id'];

try {
    switch ($action) {
        case 'list':
            $stmt = $pdo->prepare("SELECT * FROM trips WHERE user_id = ? ORDER BY created_at DESC");
            $stmt->execute([$user_id]);
            echo json_encode(['trips' => $stmt->fetchAll(PDO::FETCH_ASSOC)]);
            break;

        case 'get':
            $id = $_GET['id'] ?? '';
            $stmt = $pdo->prepare("SELECT * FROM trips WHERE id = ? AND user_id = ?");
            $stmt->execute([$id, $user_id]);
            $trip = $stmt->fetch(PDO::FETCH_ASSOC);
            if (!$trip) {
                http_response_code(404);
                echo json_encode(['error' => 'Trip not found']);
            } else {
                echo json_encode(['trip' => $trip]);
            }
            break;

        case 'create':
            $data = json_decode(file_get_contents('php://input'), true);
            $stmt = $pdo->prepare("INSERT INTO trips (user_id, title, start_date, end_date, preferences, itinerary) VALUES (?, ?, ?, ?, ?, ?)");
            $stmt->execute([
                $user_id, 
                $data['title'], 
                $data['start_date'], 
                $data['end_date'], 
                json_encode($data['preferences']), 
                json_encode($data['itinerary'])
            ]);
            echo json_encode(['success' => true, 'trip_id' => $pdo->lastInsertId()]);
            break;

        case 'update':
            $id = $_GET['id'] ?? '';
            $data = json_decode(file_get_contents('php://input'), true);
            $stmt = $pdo->prepare("UPDATE trips SET itinerary = ? WHERE id = ? AND user_id = ?");
            $stmt->execute([json_encode($data['itinerary']), $id, $user_id]);
            echo json_encode(['success' => true]);
            break;

        case 'delete':
            $id = $_GET['id'] ?? '';
            $stmt = $pdo->prepare("DELETE FROM trips WHERE id = ? AND user_id = ?");
            $stmt->execute([$id, $user_id]);
            echo json_encode(['success' => true]);
            break;

        default:
            http_response_code(400);
            echo json_encode(['error' => 'Invalid action']);
    }
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['error' => $e->getMessage()]);
}