<?php
/**
* Copyright (C) 2021 Double Bastion LLC
*
* This file is part of Roundpin, which is licensed under the
* GNU Affero General Public License Version 3.0. The license terms
* are detailed in the "LICENSE.txt" file located in the root directory.
*/
session_start();
// // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');
if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
define('ACCESSCONST', TRUE);
require('db-connect.php');
$username = $_POST['username'];
$specificGroups = $_POST["specifygroups"];
// Get the id, user role and groups to load of the current user, from the 'app_users' table
$queryid = $mysqli->prepare("SELECT id, userrole, username, load_groups FROM app_users WHERE BINARY username = ?");
$queryid->bind_param("s", $username);
$queryid->execute();
$queryres = $queryid->get_result()->fetch_assoc();
$userID = $queryres['id'];
$userRole = $queryres['userrole'];
$loadGroups = $queryres['load_groups'];
$loadGroupsArr = explode("|", $loadGroups);
array_shift($loadGroupsArr);
array_pop($loadGroupsArr);
// Get the contacts for the current user
$querycont = $mysqli->prepare("SELECT id, user_id, contact_name, contact_desc, contact_long_desc, address_street, address_zip, address_town, address_country, address_state,
extension_number, contact_mobile, contact_num1, contact_num2, contact_fax, contact_email, profile_picture_c, groups, date_added, date_modified
FROM contacts WHERE user_id = ?");
$querycont->bind_param("i", $userID);
$querycont->execute();
$queryres = $querycont->get_result();
$contactsarr = [];
while ($querycontres = $queryres->fetch_assoc()) {
if ($loadGroups == '' || $loadGroups == null || $specificGroups == 'all') {
$contactsarr[] = ['contact_name' => $querycontres['contact_name'], 'contact_desc' => $querycontres['contact_desc'], 'contact_long_desc' => $querycontres['contact_long_desc'],
'address_street' => $querycontres['address_street'], 'address_zip' => $querycontres['address_zip'], 'address_town' => $querycontres['address_town'],
'address_country' => $querycontres['address_country'], 'address_state' => $querycontres['address_state'],
'extension_number' => $querycontres['extension_number'], 'contact_mobile' => $querycontres['contact_mobile'],
'contact_num1' => $querycontres['contact_num1'], 'contact_num2' => $querycontres['contact_num2'], 'contact_fax' => $querycontres['contact_fax'],
'contact_email' => $querycontres['contact_email'], 'profile_picture_c' => $querycontres['profile_picture_c'], 'groups' => $querycontres['groups'],
'date_added' => $querycontres['date_added'], 'date_modified' => $querycontres['date_modified']];
} else {
$contactGroupsArr = explode("|", $querycontres['groups']);
array_shift($contactGroupsArr);
array_pop($contactGroupsArr);
$ck = 0;
foreach ($contactGroupsArr as $key => $arrval) {
if (in_array($arrval, $loadGroupsArr)) { $ck++; }
}
if ($ck > 0) {
$contactsarr[] = ['contact_name' => $querycontres['contact_name'], 'contact_desc' => $querycontres['contact_desc'],
'contact_long_desc' => $querycontres['contact_long_desc'], 'address_street' => $querycontres['address_street'],
'address_zip' => $querycontres['address_zip'], 'address_town' => $querycontres['address_town'],
'address_country' => $querycontres['address_country'], 'address_state' => $querycontres['address_state'],
'extension_number' => $querycontres['extension_number'], 'contact_mobile' => $querycontres['contact_mobile'],
'contact_num1' => $querycontres['contact_num1'], 'contact_num2' => $querycontres['contact_num2'], 'contact_fax' => $querycontres['contact_fax'],
'contact_email' => $querycontres['contact_email'], 'profile_picture_c' => $querycontres['profile_picture_c'], 'groups' => $querycontres['groups'],
'date_added' => $querycontres['date_added'], 'date_modified' => $querycontres['date_modified']];
}
}
}
// Get the list of groups
$querygr = $mysqli->prepare("SELECT id, userid, group_name FROM groups");
$querygr->execute();
$querygrres = $querygr->get_result();
$groupsList = [];
while ($querygroupres = $querygrres->fetch_assoc()) {
$groupsList[] = [$querygroupres['group_name'] => $querygroupres['userid']];
}
// Get the list of Roundpin users
$enabled = 1;
$queryusr = $mysqli->prepare("SELECT id, userrole, profile_name, sip_username, user_groups, enabled FROM app_users WHERE enabled = ?");
$queryusr->bind_param("i", $enabled);
$queryusr->execute();
$queryusrres = $queryusr->get_result();
$roundpinUsers = [];
while ($queryusers = $queryusrres->fetch_assoc()) {
$roundpinUsers[] = ['profile_name' => $queryusers['profile_name'], 'sip_username' => $queryusers['sip_username'], 'userrole' => $queryusers['userrole'],
'user_groups' => $queryusers['user_groups']];
}
// Get the list of users banned from video conferences
$bannedVconfUsers = [];
if ($userRole == 'admin' || $userRole == 'superadmin') {
$querybndusr = $mysqli->prepare("SELECT banned_profilename, banned_sipusername, conf_extension, conf_label, banned_until FROM banned_users");
$querybndusr->execute();
$querybndusrres = $querybndusr->get_result();
while ($querybndusers = $querybndusrres->fetch_assoc()) {
$bannedVconfUsers[] = ['banned_profilename' => $querybndusers['banned_profilename'], 'banned_sipusername' => $querybndusers['banned_sipusername'],
'conf_extension' => $querybndusers['conf_extension'], 'conf_label' => $querybndusers['conf_label'],
'banned_until' => $querybndusers['banned_until']];
}
}
$contactsfromdb = ['contactsinfo' => $contactsarr, 'groups' => $groupsList, 'users' => $roundpinUsers, 'bannedusers' => $bannedVconfUsers];
echo json_encode($contactsfromdb);
} else {
header("Location: ../login.php");
}
?>