'Unauthorized']); exit; } if (!isset($_GET['id']) || !is_numeric($_GET['id'])) { echo json_encode(['error' => 'Invalid ID']); exit; } $id = (int)$_GET['id']; $is_admin = ($_SESSION['role'] ?? 'branch') === 'admin'; $branch_id = $_SESSION['branch_id'] ?? null; try { // Base query $sql = "SELECT po.*, b.branch_name, u.full_name as created_by_name FROM pre_orders po LEFT JOIN branches b ON po.branch_id = b.branch_id LEFT JOIN users u ON po.created_by = u.user_id WHERE po.id = ?"; $params = [$id]; // Restrict branch user if (!$is_admin && $branch_id) { $sql .= " AND po.branch_id = ?"; $params[] = $branch_id; } $stmt = $pdo->prepare($sql); $stmt->execute($params); $order = $stmt->fetch(PDO::FETCH_ASSOC); if ($order) { // Format dates for frontend $order['order_date_formatted'] = date('d M Y', strtotime($order['order_date'])); $order['expected_date_formatted'] = date('d M Y', strtotime($order['expected_date'])); $order['expected_time_formatted'] = date('h:i A', strtotime($order['expected_time'])); $order['created_at_formatted'] = date('d M Y, h:i A', strtotime($order['created_at'])); $order['updated_at_formatted'] = ($order['updated_at'] && $order['updated_at'] !== $order['created_at']) ? date('d M Y, h:i A', strtotime($order['updated_at'])) : null; echo json_encode($order); } else { echo json_encode(['error' => 'Order not found or access denied']); } } catch (Exception $e) { error_log("get_preorder_details error: " . $e->getMessage()); echo json_encode(['error' => 'Database error']); } ?>