<?php

/**
 * @copyright 2024 Double Bastion LLC <www.doublebastion.com>
 *
 * @author Double Bastion LLC
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

session_start();

define('ACCESSCONST', TRUE);

if (($_SESSION['loggedtorspanel'] == true) && ($_SESSION['userrole'] == 'superadmin')) {

   require('db-connect.php');

   // Insert new button data into the database
   if (isset($_POST['userrole']) && isset($_POST['username']) && isset($_POST['nameonbutton']) && isset($_POST['buttonurl'])) {

      $ordno = $_POST['ordno'];
      $dbid = $_POST['dbid'];
      $userrole = $_POST['userrole'];
      $username = $_POST['username'];
      $nameonbutton = $_POST['nameonbutton'];
      $buttonurl = $_POST['buttonurl'];
      $imgname = $_POST['imgname'];

      if (($userrole != '') && ($username != '') && ($nameonbutton != '') && ($buttonurl != '')) {

         if ($dbid == '') {

             try {
                 $query1 = $mysqli->prepare("INSERT INTO buttons (orderno, userrole, username, nameonbutton, buttonurl, imgname) VALUES (?, ?, ?, ?, ?, ?)");
                 $query1->bind_param("isssss", $ordno, $userrole, $username, $nameonbutton, $buttonurl, $imgname);
                 $query1->execute();
                 $query1->close();

                 $messageonsave = "The button has been added successfully !";

             } catch(mysqli_sql_exception $e) {

                 $messageonsave = "An error occurred when adding the button. Please check your input data !!!";
               }


         } else {

             try {
                if ($imgname != '') {
                    $query2 = $mysqli->prepare("UPDATE buttons SET orderno=?, nameonbutton=?, buttonurl=?, imgname=? WHERE id=?");
                    $query2->bind_param("isssi", $ordno, $nameonbutton, $buttonurl, $imgname, $dbid);
                    $query2->execute();
                    $query2->close();

                } else {
                    $query3 = $mysqli->prepare("UPDATE buttons SET orderno=?, nameonbutton=?, buttonurl=? WHERE id=?");
                    $query3->bind_param("issi", $ordno, $nameonbutton, $buttonurl, $dbid);
                    $query3->execute();
                    $query3->close();
                  }

                 $messageonsave = "The button has been updated successfully !";

             } catch(mysqli_sql_exception $e) {

                 $messageonsave = "An error occurred when updating button data. Please check your input data !";
               }

           }

      } else { $messageonsave = "Error. Please check your input data !"; }
   }

   $result = array(
        'messageonsave' => $messageonsave
   );

   echo json_encode($result);


} elseif (empty($_SESSION['loggedtorspanel'])) {

      header("Location: panel-login.php");

} elseif (($_SESSION['loggedtorspanel'] == true) && ($_SESSION['userrole'] != 'superadmin'))  {

      header("Location: index.php");
}

?>