'household_id must be numeric']); exit; } $sql .= ' AND vl.household_id = ?'; $params[] = (int)$_GET['household_id']; } if (isset($_GET['verification_status']) && $_GET['verification_status'] !== '') { $error = null; $status = normalizeVerificationStatus($_GET['verification_status'], $error, false); if ($status === null) { http_response_code(400); echo json_encode(['error' => $error]); exit; } $sql .= ' AND vl.verification_status = ?'; $params[] = $status; } if (isset($_GET['verifier_role']) && trim((string)$_GET['verifier_role']) !== '') { $sql .= ' AND vl.verifier_role = ?'; $params[] = trim((string)$_GET['verifier_role']); } if (isset($_GET['date_from']) && $_GET['date_from'] !== '') { $dateFrom = trim((string)$_GET['date_from']); $dateObj = DateTime::createFromFormat('Y-m-d', $dateFrom); if (!$dateObj || $dateObj->format('Y-m-d') !== $dateFrom) { http_response_code(400); echo json_encode(['error' => 'date_from must be in YYYY-MM-DD format']); exit; } $sql .= ' AND DATE(vl.verified_at) >= ?'; $params[] = $dateFrom; } if (isset($_GET['date_to']) && $_GET['date_to'] !== '') { $dateTo = trim((string)$_GET['date_to']); $dateObj = DateTime::createFromFormat('Y-m-d', $dateTo); if (!$dateObj || $dateObj->format('Y-m-d') !== $dateTo) { http_response_code(400); echo json_encode(['error' => 'date_to must be in YYYY-MM-DD format']); exit; } $sql .= ' AND DATE(vl.verified_at) <= ?'; $params[] = $dateTo; } $limit = 200; if (isset($_GET['limit']) && $_GET['limit'] !== '') { if (!is_numeric($_GET['limit'])) { http_response_code(400); echo json_encode(['error' => 'limit must be numeric']); exit; } $limit = max(1, min((int)$_GET['limit'], 1000)); } $sql .= ' ORDER BY vl.verified_at DESC, vl.created_at DESC LIMIT ' . $limit; $stmt = $db->prepare($sql); $stmt->execute($params); $logs = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode([ 'success' => true, 'count' => count($logs), 'verification_logs' => $logs ]); } catch (Exception $e) { http_response_code(500); echo json_encode(['error' => $e->getMessage()]); } } else { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); } ?>