new file mode 100644

@@ -0,0 +1,83 @@

+<?php

+/**

+ *  Copyright (C) 2021  Double Bastion LLC

+ *

+ *  This file is part of Roundpin, which is licensed under the

+ *  GNU Affero General Public License Version 3.0. The license terms

+ *  are detailed in the "LICENSE.txt" file located in the root directory.

+ */

+

+session_start();

+ // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

+

+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

+

+    define('ACCESSCONST', TRUE);

+

+    require('db-connect.php');

+

+    $username = $_POST['username'];

+    $startDate = $_POST['delstartdate'];

+    $endDate = $_POST['delenddate'];

+    $startDateFmt = new DateTime($startDate . " 00:00:00");

+    $endDateFmt = new DateTime($endDate . " 24:59:59");

+

+    // Get the id of the current user from the 'app_users' table

+    $queryid = $mysqli->prepare("SELECT id, username FROM app_users WHERE BINARY username = ?");

+    $queryid->bind_param("s", $username);

+    $queryid->execute();

+    $queryres = $queryid->get_result()->fetch_assoc();

+    $userID = $queryres['id'];

+

+    // Get the contacts for the current user

+    $querycont = $mysqli->prepare("SELECT id, user_id, contact_name, contact_desc, contact_long_desc, address_street, address_zip, address_town, address_country, address_state, 

+                                   extension_number, contact_mobile, contact_num1, contact_num2, contact_fax, contact_email, profile_picture_c, groups, date_added, date_modified 

+                                   FROM contacts WHERE user_id = ?");

+    $querycont->bind_param("i", $userID);

+    $querycont->execute();

+    $queryres = $querycont->get_result();

+

+    $msgdel = 0;

+    while ($querycontres = $queryres->fetch_assoc()) {

+

+           $dateAddedFmt = new DateTime($querycontres['date_added']);

+

+           if ($startDate == "" && $endDate != "") {

+

+               if ($dateAddedFmt <= $endDateFmt) {

+

+	           // Remove the contact from the 'contacts' table

+	           $querycont = $mysqli->prepare("DELETE FROM contacts WHERE id = ? AND user_id = ?");

+	           $querycont->bind_param("ii", $querycontres['id'], $userID);

+	           if ($querycont->execute()) { /* OK */ } else { $msgdel++; }

+               }

+

+           } elseif ($startDate != "" && $endDate != "") {

+

+               if ($startDateFmt <= $dateAddedFmt && $dateAddedFmt <= $endDateFmt) {

+

+	           // Remove the contact from the 'contacts' table

+	           $querycont = $mysqli->prepare("DELETE FROM contacts WHERE id = ? AND user_id = ?");

+	           $querycont->bind_param("ii", $querycontres['id'], $userID);

+	           if ($querycont->execute()) { /* OK */ } else { $msgdel++; }

+               }

+           }

+    }

+

+    if ($msgdel == 0) { $messagedel = "success"; } else { $messagedel = "failure"; }

+

+    // Reindex the 'contacts' table

+    $reindexset = $mysqli->prepare("SET @resetrec = 0");

+    $reindexup = $mysqli->prepare("UPDATE contacts SET id = @resetrec := @resetrec + 1");

+    $reindexalt = $mysqli->prepare("ALTER TABLE contacts auto_increment = 1");

+    if ($reindexset->execute() && $reindexup->execute() && $reindexalt->execute()) { $reindexmsg = "success"; } else { $reindexmsg = "failure"; }

+

+    $delresult = array('removeresult' => $messagedel, 'reindex' => $reindexmsg);

+

+    echo json_encode($delresult);

+

+} else {

+        header("Location: ../login.php");

+}

+

+?>