-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbook.php
More file actions
95 lines (82 loc) · 3.25 KB
/
Copy pathbook.php
File metadata and controls
95 lines (82 loc) · 3.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
session_start();
require_once 'includes/storage.php';
require_once 'includes/csrf.php';
require_once 'includes/rate_limit.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!check_rate_limit(60)) {
$_SESSION['booking_error'] = "Please wait 60 seconds before submitting another request.";
header("Location: index.php");
exit;
}
$token = $_POST['csrf_token'] ?? '';
if (!verify_csrf_token($token)) {
$_SESSION['booking_error'] = "Invalid session. Please refresh the page and try again.";
header("Location: index.php");
exit;
}
$full_name = trim($_POST['full_name'] ?? '');
$phone = trim($_POST['phone'] ?? '');
$email = trim($_POST['email'] ?? '');
$department = trim($_POST['department'] ?? '');
$patient_type = trim($_POST['patient_type'] ?? '');
$pref_date = trim($_POST['pref_date'] ?? '');
$pref_time = trim($_POST['pref_time'] ?? '');
$reason_type = trim($_POST['reason_type'] ?? '');
$reason_notes = trim($_POST['reason'] ?? '');
$final_reason = $reason_type;
if ($reason_type === 'Other' && !empty($reason_notes)) {
$final_reason = $reason_notes;
} elseif (!empty($reason_notes) && $reason_type !== 'Other') {
$final_reason .= ' - ' . $reason_notes;
}
if (empty($full_name) || empty($phone) || empty($department) || empty($patient_type) || empty($pref_date) || empty($pref_time) || empty($reason_type)) {
$_SESSION['booking_error'] = "Please fill in all required fields.";
header("Location: index.php");
exit;
}
// Conflict Prevention (30 minute buffer)
$existing = get_appointments($pref_date);
$requested_ts = strtotime("$pref_date $pref_time");
$conflict = false;
foreach ($existing as $ex) {
if ($ex['status'] === 'Cancelled') continue;
// Only check conflict within the same department
if ($ex['department'] !== $department) continue;
$ex_ts = strtotime($ex['appointment_date'] . ' ' . $ex['appointment_time']);
if (abs($ex_ts - $requested_ts) < 1800) {
$conflict = true;
break;
}
}
if ($conflict) {
$_SESSION['booking_error'] = "This time slot is unavailable for the selected department. Please select a time at least 30 minutes away from other bookings.";
header("Location: index.php");
exit;
}
$appointment = [
'patient_name' => $full_name,
'phone' => $phone,
'email' => $email ?: null,
'department' => $department,
'patient_type' => $patient_type,
'appointment_date' => $pref_date,
'appointment_time' => $pref_time,
'reason' => $final_reason ?: null,
];
$id = add_appointment($appointment);
if ($id) {
require_once 'includes/mailer.php';
send_patient_confirmation($appointment);
send_admin_alert($appointment);
$_SESSION['booking_success'] = "Your appointment is booked! We will contact you to confirm.";
} else {
$_SESSION['booking_error'] = "An error occurred while booking. Please try again later.";
}
header("Location: index.php");
exit;
} else {
header("Location: index.php");
exit;
}
?>