fix: 增强表单提交的数据验证和冲突检查逻辑

- 添加客户类型验证，只允许'vip'或'new'
- 优化VIP客户信息处理逻辑，允许通过表单覆盖
- 为所有输入字段添加默认值和trim处理
- 添加会员类型和来源渠道的验证
- 简化时间冲突检查逻辑并添加调试日志
- 修复空值可能导致的问题

index.php

@@ -9,7 +9,12 @@ $success_message = '';
 // 处理表单提交
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     try {
-        $customer_type = $_POST['customer_type'];
+        // 验证并获取客户类型
+        $customer_type = isset($_POST['customer_type']) ? $_POST['customer_type'] : '';
+        if (!in_array($customer_type, ['vip', 'new'])) {
+            throw new Exception('无效的客户类型');
+        }
+        
         $vip_id = isset($_POST['vip_id']) ? (int)$_POST['vip_id'] : 0;
 
         // 如果选择VIP客户，从VIP表获取信息
@@ -29,25 +34,30 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $log_data = json_encode(['location' => 'index.php:28', 'message' => 'VIP customer data', 'data' => ['vip_id' => $vip_id, 'has_car_model' => isset($vip_customer['car_model']), 'has_car_number' => isset($vip_customer['car_number'])], 'timestamp' => time() * 1000, 'sessionId' => 'debug-session', 'runId' => 'run1', 'hypothesisId' => 'A']);
             file_put_contents('.cursor/debug.log', $log_data . "\n", FILE_APPEND);
             // #endregion
-            $car_model = isset($vip_customer['car_model']) && $vip_customer['car_model'] ? $vip_customer['car_model'] : ''; // 允许覆盖
-            $car_number = isset($vip_customer['car_number']) && $vip_customer['car_number'] ? $vip_customer['car_number'] : ''; // 允许覆盖
+            // VIP客户信息优先，但允许通过POST覆盖（如果用户想修改）
+            $car_model = isset($_POST['car_model']) && trim($_POST['car_model']) ? trim($_POST['car_model']) : (isset($vip_customer['car_model']) && $vip_customer['car_model'] ? $vip_customer['car_model'] : '');
+            $car_number = isset($_POST['car_number']) && trim($_POST['car_number']) ? trim($_POST['car_number']) : (isset($vip_customer['car_number']) && $vip_customer['car_number'] ? $vip_customer['car_number'] : '');
             $member_type = 'VIP会员';
         } else {
             // 新客户录入
-            $customer_name = trim($_POST['customer_name']);
-            $phone = trim($_POST['phone']);
+            $customer_name = trim($_POST['customer_name'] ?? '');
+            $phone = trim($_POST['phone'] ?? '');
+            $car_model = trim($_POST['car_model'] ?? '');
+            $car_number = trim($_POST['car_number'] ?? '');
         }
-
-        $car_model = trim($_POST['car_model']);
-        $car_number = trim($_POST['car_number']);
-        $package_id = (int)$_POST['package_id'];
+        $package_id = (int)($_POST['package_id'] ?? 0);
         $custom_services = trim($_POST['custom_services'] ?? '');
-        $appointment_date = $_POST['appointment_date'];
-        $appointment_time = $_POST['appointment_time'];
-        $duration = (int)$_POST['duration'];
+        $appointment_date = $_POST['appointment_date'] ?? '';
+        $appointment_time = $_POST['appointment_time'] ?? '';
+        $duration = (int)($_POST['duration'] ?? 60);
         $notes = trim($_POST['notes'] ?? '');
-        $member_type = $_POST['member_type'];
-        $source = $_POST['source'];
+        
+        // 验证member_type和source
+        $allowed_member_types = ['普通客户', 'VIP会员'];
+        $member_type = isset($_POST['member_type']) && in_array($_POST['member_type'], $allowed_member_types) ? $_POST['member_type'] : '普通客户';
+        
+        $allowed_sources = ['抖音', '微信', '快手', '朋友介绍', '其他'];
+        $source = isset($_POST['source']) && in_array($_POST['source'], $allowed_sources) ? $_POST['source'] : '其他';
 
         // 验证必填字段
         if (empty($customer_name) || empty($phone) || empty($car_model) || 
@@ -86,16 +96,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $end_time = date('Y-m-d H:i:s', strtotime($start_time . " +{$duration} minutes"));
         
         // 检查时间冲突
+        // 两个时间段重叠的条件：现有预约的开始时间 < 新预约的结束时间 AND 现有预约的结束时间 > 新预约的开始时间
+        // #region agent log
+        $log_data = json_encode(['location' => 'index.php:98', 'message' => 'Checking time conflict', 'data' => ['start_time' => $start_time, 'end_time' => $end_time, 'duration' => $duration], 'timestamp' => time() * 1000, 'sessionId' => 'debug-session', 'runId' => 'run1', 'hypothesisId' => 'F']);
+        file_put_contents('.cursor/debug.log', $log_data . "\n", FILE_APPEND);
+        // #endregion
         $stmt = $pdo->prepare("SELECT COUNT(*) FROM bookings 
                               WHERE status != '已取消' 
-                              AND (
-                                  (start_time <= ? AND end_time > ?) 
-                                  OR (start_time < ? AND end_time >= ?) 
-                                  OR (start_time >= ? AND end_time <= ?)
-                              )");
-        $stmt->execute([$start_time, $start_time, $end_time, $end_time, $start_time, $end_time]);
+                              AND start_time < ? 
+                              AND end_time > ?");
+        $stmt->execute([$end_time, $start_time]);
+        $conflict_count = $stmt->fetchColumn();
+        // #region agent log
+        $log_data = json_encode(['location' => 'index.php:107', 'message' => 'Time conflict check result', 'data' => ['conflict_count' => $conflict_count], 'timestamp' => time() * 1000, 'sessionId' => 'debug-session', 'runId' => 'run1', 'hypothesisId' => 'F']);
+        file_put_contents('.cursor/debug.log', $log_data . "\n", FILE_APPEND);
+        // #endregion
         
-        if ($stmt->fetchColumn() > 0) {
+        if ($conflict_count > 0) {
             throw new Exception('该时间段已被预约，请选择其他时间');
         }