<?php
/**
 * @copyright 2024 Double Bastion LLC <www.doublebastion.com>
 *
 * @author Double Bastion LLC
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

$retrievedToken = $_GET['token'];

if (($retrievedToken != '') && (strlen($retrievedToken) == 55)) {

  define('ACCESSCONST', TRUE);

  require('db-connect.php');

    // Check if any user has a token identical with the one retrieved from the link that has been clicked
    $registered = '0';
    $query0 = $mysqli->prepare("SELECT id, username, emailaddress, registered, token, temporary FROM panelusers WHERE registered=? AND token=?");
    $query0->bind_param("ss", $registered, $retrievedToken);
    $query0->execute();
    $fetchedrow = $query0->get_result()->fetch_assoc();

    if (!$fetchedrow) {
        $query0->close();
        die("Error !");
    } else {
        $userID = $fetchedrow['id'];
        $userName = $fetchedrow['username'];
        $tempPassword = $fetchedrow['temporary'];
        $useremail = $fetchedrow['emailaddress'];
        $query0->close();

        $query1 = $mysqli->query("UPDATE panelusers SET registered = '1', token = '', temporary = '' WHERE id = '$userID'");
        header("Location: new-email-message.php");

        // Send the new email

        $domaininit = explode(".", $_SERVER['HTTP_HOST']);
        array_shift($domaininit);
        $domain = implode(".", $domaininit);
        $reqScheme = $_SERVER['REQUEST_SCHEME'];
        $reqHost = $_SERVER['HTTP_HOST'];

        // Mention the content-type, since it's an HTML email
        $headers = "MIME-Version: 1.0" . "\r\n";
        $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
        $headers .= "From: " . "no-reply@" . $domain . "\r\n";

        $subject = "RED SCARF Suite Panel account access";

        $message = "Hello, <br><br>
                    You can log in to your RED SCARF Suite Panel account using the following credentials:<br><br>
                    username:  <b>".$userName."</b><br>
                    password:  <b>".$tempPassword."</b><br><br>
                    We highly recommend to change the password provided in this email with a new strong password. After you access the
                    <a href='" . $reqScheme . "://" . $reqHost . "/panel-login.php'>log in page</a>, go to 'Settings' > 'Change password' and choose a new
                    password of at least 10 characters, containing at least one letter, one digit and one special character.<br><br>
                    Thank you,<br>
                    RED SCARF Suite Panel<br>
                    Host: '" . $reqHost . "'";

        mail($useremail, $subject, $message, $headers);
      }
}

?>