payfrit-api/api/portal/updateSettings.php

<?php
/**
 * Update Business Settings
 *
 * POST: {
 *   TaxRatePercent: 8.25  (percentage, converted to decimal)
 *   -- OR --
 *   TaxRate: 0.0825       (decimal, stored directly)
 *   Name: "Business Name"
 *   Phone: "5551234567"
 *   Address: "123 Main St"
 *   City: "Portland"
 *   Zip: "97201"
 * }
 *
 * Requires: X-Business-ID header (set by auth middleware)
 */

require_once __DIR__ . '/../helpers.php';
runAuth();

global $businessId;

if ($businessId <= 0) {
    apiAbort(['OK' => false, 'ERROR' => 'no_business_selected']);
}

try {
    $data = readJsonBody();
    if (empty($data)) {
        apiAbort(['OK' => false, 'ERROR' => 'missing_body']);
    }

    $updates = [];
    $params = [];

    // Handle tax rate (accept either percent or decimal)
    if (isset($data['TaxRatePercent']) && is_numeric($data['TaxRatePercent'])) {
        $taxRate = $data['TaxRatePercent'] / 100;
        if ($taxRate < 0 || $taxRate > 0.5) {
            apiAbort(['OK' => false, 'ERROR' => 'invalid_tax_rate', 'MESSAGE' => 'Tax rate must be between 0% and 50%']);
        }
        $updates[] = 'TaxRate = ?';
        $params[] = $taxRate;
    } elseif (isset($data['TaxRate']) && is_numeric($data['TaxRate'])) {
        $taxRate = (float)$data['TaxRate'];
        if ($taxRate < 0 || $taxRate > 0.5) {
            apiAbort(['OK' => false, 'ERROR' => 'invalid_tax_rate', 'MESSAGE' => 'Tax rate must be between 0 and 0.5']);
        }
        $updates[] = 'TaxRate = ?';
        $params[] = $taxRate;
    }

    if (!empty($data['Name']) && trim($data['Name']) !== '') {
        $updates[] = 'Name = ?';
        $params[] = substr(trim($data['Name']), 0, 100);
    }

    if (array_key_exists('Phone', $data)) {
        $updates[] = 'Phone = ?';
        $params[] = substr(trim($data['Phone']), 0, 20);
    }

    // Address fields
    $addrFields = [];
    if (!empty($data['Address'])) $addrFields['Line1'] = substr(trim($data['Address']), 0, 100);
    if (array_key_exists('City', $data)) $addrFields['City'] = substr(trim($data['City']), 0, 50);
    if (array_key_exists('Zip', $data)) $addrFields['ZIPCode'] = substr(trim($data['Zip']), 0, 10);

    if (empty($updates) && empty($addrFields)) {
        apiAbort(['OK' => false, 'ERROR' => 'no_fields', 'MESSAGE' => 'No valid fields to update']);
    }

    // Update Businesses table
    if (!empty($updates)) {
        $params[] = $businessId;
        $sql = 'UPDATE Businesses SET ' . implode(', ', $updates) . ' WHERE ID = ?';
        queryTimed($sql, $params);
    }

    // Update address
    if (!empty($addrFields)) {
        $existingAddr = queryOne("
            SELECT ID FROM Addresses
            WHERE (BusinessID = ? OR ID = (SELECT AddressID FROM Businesses WHERE ID = ?))
              AND IsDeleted = 0
            LIMIT 1
        ", [$businessId, $businessId]);

        if ($existingAddr) {
            $addrUpdates = [];
            $addrParams = [];
            if (isset($addrFields['Line1'])) { $addrUpdates[] = 'Line1 = ?'; $addrParams[] = $addrFields['Line1']; }
            if (isset($addrFields['City'])) { $addrUpdates[] = 'City = ?'; $addrParams[] = $addrFields['City']; }
            if (isset($addrFields['ZIPCode'])) { $addrUpdates[] = 'ZIPCode = ?'; $addrParams[] = $addrFields['ZIPCode']; }
            if (!empty($addrUpdates)) {
                $addrParams[] = $existingAddr['ID'];
                queryTimed('UPDATE Addresses SET ' . implode(', ', $addrUpdates) . ' WHERE ID = ?', $addrParams);
            }
        }
    }

    // Return updated settings
    $biz = queryOne("
        SELECT ID, Name, TaxRate, Phone
        FROM Businesses
        WHERE ID = ?
        LIMIT 1
    ", [$businessId]);

    $addr = queryOne("
        SELECT a.Line1, a.City, a.ZIPCode, s.Abbreviation AS State
        FROM Addresses a
        LEFT JOIN tt_States s ON s.ID = a.StateID
        WHERE (a.BusinessID = ? OR a.ID = (SELECT AddressID FROM Businesses WHERE ID = ?))
          AND a.IsDeleted = 0
        LIMIT 1
    ", [$businessId, $businessId]);

    $taxRate = is_numeric($biz['TaxRate']) ? (float)$biz['TaxRate'] : 0;

    jsonResponse([
        'OK' => true,
        'MESSAGE' => 'Settings updated',
        'SETTINGS' => [
            'BusinessID'     => (int)$biz['ID'],
            'Name'           => $biz['Name'],
            'TaxRate'        => $taxRate,
            'TaxRatePercent' => $taxRate * 100,
            'Address'        => $addr['Line1'] ?? '',
            'City'           => $addr['City'] ?? '',
            'State'          => $addr['State'] ?? '',
            'Zip'            => $addr['ZIPCode'] ?? '',
            'Phone'          => $biz['Phone'] ?? '',
            'Email'          => '',
        ],
    ]);

} catch (Throwable $e) {
    apiAbort(['OK' => false, 'ERROR' => 'server_error', 'MESSAGE' => $e->getMessage()]);
}