new file mode 100644

@@ -0,0 +1,46 @@

+<?php

+/**

+ *  Copyright (C) 2021  Double Bastion LLC

+ *

+ *  This file is part of Roundpin, which is licensed under the

+ *  GNU Affero General Public License Version 3.0. The license terms

+ *  are detailed in the "LICENSE.txt" file located in the root directory.

+ */

+

+session_start();

+

+ // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

+

+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

+

+ define('ACCESSCONST', TRUE);

+

+ require('db-connect.php');

+

+    $username = $_POST['username'];

+    $contactName = $_POST['contact_name'];

+    $profilePicture = $_POST['profile_picture_c'];

+

+    // Get the id of the user for which we want to insert the contact data

+    $query1 = $mysqli->prepare("SELECT id, username FROM app_users WHERE BINARY username = ?");

+    $query1->bind_param("s", $username);

+    $query1->execute();

+    $queryres = $query1->get_result()->fetch_assoc();

+    $userID = $queryres['id'];

+

+    $dateModified = date("Y-m-d H:i:s");

+

+    // Update the contact profile picture

+    $query2 = $mysqli->prepare("UPDATE contacts SET profile_picture_c = ?, date_modified = ? WHERE user_id = ? AND contact_name = ?");

+    $query2->bind_param("ssis", $profilePicture, $dateModified, $userID, $contactName);

+

+    if ($query2->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'failure'; }

+

+    $response = array('result' => $messagetosend);

+    echo json_encode($response);

+

+} else {

+    header("Location: ../login.php");

+}

+

+?>