false, 'message' => 'Missing school_id']); exit; } // --- Security: user must be active in this school --- $chk = $pdo->prepare(" SELECT 1 FROM user_schools us JOIN schools s ON s.id = us.school_id WHERE us.user_id = ? AND us.school_id = ? AND us.status = 'active' AND s.status = 'active' LIMIT 1 "); $chk->execute([$iduserlogin, $school_id]); if (!$chk->fetchColumn()) { http_response_code(403); echo json_encode(['success' => false, 'message' => 'Forbidden: user not allowed for this school']); exit; } // --- Defaults (same as your include) --- $defaults = [ 'portal_purchases_enabled' => 1, 'allowed_product_types' => 'subscription,carnet,drop_in', 'payment_methods' => 'manual', 'currency_code' => 'EUR', 'enable_notifications' => 1, 'allow_freeze_global' => 1, 'freeze_max_days_global' => 30, 'auto_propagate_on_purchase' => 1, 'allow_full_access_rebooking' => 1, // Add here any other defaults you want to guarantee ]; // --- Load settings row --- $stmt = $pdo->prepare(" SELECT * FROM school_settings WHERE school_id = ? LIMIT 1 "); $stmt->execute([$school_id]); $settings = $stmt->fetch(PDO::FETCH_ASSOC); if (!$settings) { // Create row with defaults (only school_id is required by your schema) $ins = $pdo->prepare("INSERT INTO school_settings (school_id) VALUES (?)"); $ins->execute([$school_id]); // Reload $stmt = $pdo->prepare("SELECT * FROM school_settings WHERE school_id = ? LIMIT 1"); $stmt->execute([$school_id]); $settings = $stmt->fetch(PDO::FETCH_ASSOC) ?: []; } // Merge defaults (fallback for NULL / missing fields) $schoolSettings = array_merge($defaults, $settings); // Ensure arrays $paymentMethods = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['payment_methods'] ?? ''))))); $productTypes = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['allowed_product_types'] ?? ''))))); $schoolSettings['payment_methods_array'] = $paymentMethods; $schoolSettings['allowed_product_types_array'] = $productTypes; // Optional: cast some known int flags to int (helps Flutter) foreach ( [ 'portal_purchases_enabled', 'enable_notifications', 'allow_freeze_global', 'freeze_max_days_global', 'auto_propagate_on_purchase', 'allow_full_access_rebooking' ] as $k ) { if (isset($schoolSettings[$k])) { $schoolSettings[$k] = is_numeric($schoolSettings[$k]) ? (int)$schoolSettings[$k] : $schoolSettings[$k]; } } echo json_encode([ 'success' => true, 'school_id' => $school_id, 'settings' => $schoolSettings ], JSON_UNESCAPED_UNICODE); } catch (Throwable $e) { http_response_code(500); echo json_encode([ 'success' => false, 'message' => 'Server error.', 'error' => $e->getMessage() ]); }