 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/api/ |
<?php
session_start();
header('Content-Type: application/json');
require_once __DIR__ . '/../config/database.php';
require_once __DIR__ . '/../includes/event_permissions.php';
require_once __DIR__ . '/../includes/translations.php';
$user_id = $_SESSION['user_id'] ?? null;
if (!$user_id) {
http_response_code(401);
echo json_encode(['success' => false, 'error' => 'Authentication required']);
exit;
}
$input = json_decode(file_get_contents('php://input'), true);
if (!is_array($input)) {
$input = $_POST;
}
$ticket_code = trim($input['ticket_code'] ?? '');
$action = $input['action'] ?? 'check_in';
if ($ticket_code === '') {
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Ticket code is required']);
exit;
}
$pdo = getDBConnection();
ensureEventManagersTable($pdo);
$stmt = $pdo->prepare("
SELECT
et.*,
e.id as event_id,
e.title as event_title,
e.creator_id,
attendee.name as attendee_name,
manager.name as checked_in_by_name
FROM event_tickets et
JOIN events e ON et.event_id = e.id
JOIN users attendee ON et.user_id = attendee.id
LEFT JOIN users manager ON et.checked_in_by = manager.id
WHERE et.ticket_code = ?
");
$stmt->execute([$ticket_code]);
$ticket = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$ticket) {
http_response_code(404);
echo json_encode(['success' => false, 'error' => 'Ticket not found']);
exit;
}
if (!userCanManageEvent($pdo, $user_id, (int)$ticket['event_id'])) {
http_response_code(403);
echo json_encode(['success' => false, 'error' => 'You are not allowed to manage this ticket']);
exit;
}
$currentStatus = strtolower($ticket['status']);
try {
if ($action === 'check_in') {
if ($currentStatus === 'used') {
echo json_encode([
'success' => true,
'ticket' => [
'code' => $ticket['ticket_code'],
'status' => 'used',
'status_label' => t('event_checkin.status_used'),
'meta' => sprintf(
'Already checked in on %s by %s',
$ticket['checked_in_at'] ? date('M j, Y g:i A', strtotime($ticket['checked_in_at'])) : 'unknown time',
$ticket['checked_in_by_name'] ?: 'door staff'
)
]
]);
exit;
}
if ($currentStatus === 'cancelled') {
http_response_code(409);
echo json_encode(['success' => false, 'error' => 'Ticket has been cancelled']);
exit;
}
$stmt = $pdo->prepare("
UPDATE event_tickets
SET status = 'used',
checked_in_at = NOW(),
checked_in_by = ?
WHERE ticket_code = ?
");
$stmt->execute([$user_id, $ticket_code]);
$managerName = $_SESSION['user_name'] ?? null;
if (!$managerName) {
$nameStmt = $pdo->prepare("SELECT name FROM users WHERE id = ?");
$nameStmt->execute([$user_id]);
$managerName = $nameStmt->fetchColumn() ?: 'door staff';
$_SESSION['user_name'] = $managerName;
}
echo json_encode([
'success' => true,
'ticket' => [
'code' => $ticket['ticket_code'],
'status' => 'used',
'status_label' => t('event_checkin.status_used'),
'meta' => sprintf('Checked in %s by %s', date('M j, Y g:i A'), $managerName)
]
]);
exit;
}
if ($action === 'revert') {
if ($currentStatus !== 'used') {
http_response_code(409);
echo json_encode(['success' => false, 'error' => 'Only used tickets can be reverted']);
exit;
}
$stmt = $pdo->prepare("
UPDATE event_tickets
SET status = 'confirmed',
checked_in_at = NULL,
checked_in_by = NULL
WHERE ticket_code = ?
");
$stmt->execute([$ticket_code]);
echo json_encode([
'success' => true,
'ticket' => [
'code' => $ticket['ticket_code'],
'status' => 'confirmed',
'status_label' => t('event_checkin.status_confirmed'),
'meta' => 'Check-in removed. Ticket is active again.'
]
]);
exit;
}
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Unknown action']);
} catch (Exception $e) {
error_log('Ticket check-in error: ' . $e->getMessage());
http_response_code(500);
echo json_encode(['success' => false, 'error' => 'Unable to update ticket right now']);
}