new file mode 100644

@@ -0,0 +1,79 @@

+<?php

+/**

+ *  Copyright (C) 2022, 2024  Double Bastion LLC

+ *

+ *  This file is part of Roundpin, which is licensed under the

+ *  GNU Affero General Public License Version 3.0. The license terms

+ *  are detailed in the "LICENSE.txt" file located in the root directory.

+ */

+

+session_start();

+

+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

+

+    define('ACCESSCONST', TRUE);

+

+    require('db-connect.php');

+

+    $username = $_POST['username'];

+    $contactName = $_POST['contact_name'];

+    $contactDesc = $_POST['contact_desc'];

+    $contactLongDesc = $_POST['contact_long_desc'];

+    $addressStreet = $_POST['address_street'];

+    $addressZip = $_POST['address_zip'];

+    $addressTown = $_POST['address_town'];

+    $addressCountry = $_POST['address_country'];

+    $addressState = $_POST['address_state'];

+    $extensionNumber = $_POST['extension_number'];

+    $contactMobile = $_POST['contact_mobile'];

+    $contactNum1 = $_POST['contact_num1'];

+    $contactNum2 = $_POST['contact_num2'];

+    $contact_fax = $_POST['contact_fax'];

+    $contact_email = $_POST['contact_email'];

+    $groups = $_POST['groups'];

+    $dateAdded = $_POST['date_added'];

+    $dateModified = $_POST['date_modified'];

+

+    // Get the id of the user for which we want to insert the contact data

+    $query1 = $mysqli->prepare("SELECT id, username FROM app_users WHERE BINARY username = ?");

+    $query1->bind_param("s", $username);

+    $query1->execute(); 

+    $queryres = $query1->get_result()->fetch_assoc();

+    $userID = $queryres['id'];

+

+    // Check if the contact is already in the 'contacts' table

+    $query2 = $mysqli->prepare("SELECT id, user_id, contact_name FROM contacts WHERE user_id = ? AND contact_name = ?");

+    $query2->bind_param("is", $userID, $contactName);

+    $query2->execute();

+    $fetchInfo = $query2->get_result()->fetch_assoc();

+

+    if (!$fetchInfo) {

+

+         $query3 = $mysqli->prepare("INSERT INTO contacts (user_id, contact_name, contact_desc, contact_long_desc, address_street, address_zip, address_town, address_country, 

+                                     address_state, extension_number, contact_mobile, contact_num1, contact_num2, contact_fax, contact_email, groups, date_added, date_modified) 

+                                     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");

+         $query3->bind_param("isssssssssssssssss", $userID, $contactName, $contactDesc, $contactLongDesc, $addressStreet, $addressZip, $addressTown, $addressCountry, $addressState, 

+                              $extensionNumber, $contactMobile, $contactNum1, $contactNum2, $contact_fax, $contact_email, $groups, $dateAdded, $dateModified);

+

+	 if ($query3->execute()) {

+	     $messagetosend1 = 'success';

+	 } else { $messagetosend1 = 'An error occurred while attempting to save the contact to the database!'; }

+

+	 // Reindex the 'contacts' table

+	 $reindexset = $mysqli->prepare("SET @resetrec = 0");

+	 $reindexup = $mysqli->prepare("UPDATE contacts SET id = @resetrec := @resetrec + 1");

+	 $reindexalt = $mysqli->prepare("ALTER TABLE contacts auto_increment = 1");

+	 if ($reindexset->execute() && $reindexup->execute() && $reindexalt->execute()) { $messagetosend2 = 'success'; } else { $messagetosend2 = 'failure'; }

+

+         if ($messagetosend1 == 'success' && $messagetosend2 == 'success') { $messagetosend = 'success'; } else { $messagetosend = 'Error while saving the data'; }

+

+    } else { $messagetosend = 'Error! A contact with the same name is already in the database!'; }

+

+    $response = array('result' => $messagetosend);

+    echo json_encode($response);

+

+} else {

+    header("Location: ../login.php");

+}

+

+?>