<?php
/**
 *  Copyright (C) 2021  Double Bastion LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

session_start();

 // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

    define('ACCESSCONST', TRUE);

    require('db-connect.php');

    $username = $_POST['username'];
    $textConfExtension = $_POST['text_conf_extension'];
    $textConfTag = $_POST['text_conf_tag'];
    $limitToGroups = $_POST['limit_to_groups'];

    // Get the id and role of the current user from the 'app_users' table
    $querysel = $mysqli->prepare("SELECT id, userrole, username FROM app_users WHERE BINARY username = ?");
    $querysel->bind_param("s", $username);
    $querysel->execute();
    $confdatafromdb = $querysel->get_result()->fetch_assoc();
    $cruserid = $confdatafromdb['id'];
    $cruserrole = $confdatafromdb['userrole'];

    // Check if the current text conference extension has been already introduced in the 'conferences_text' table
    $queryselck = $mysqli->prepare("SELECT id, text_conf_extension FROM conferences_text WHERE text_conf_extension = ?");
    $queryselck->bind_param("s", $textConfExtension);
    $queryselck->execute();
    $confdatafromdbck = $queryselck->get_result()->fetch_assoc();

    $queryselckad = $mysqli->prepare("SELECT id, userid, text_conf_extension FROM conferences_text WHERE BINARY userid = ? AND text_conf_extension = ?");
    $queryselckad->bind_param("is", $cruserid, $textConfExtension);
    $queryselckad->execute();
    $confdatafromdbckad = $queryselckad->get_result()->fetch_assoc();

    if ($cruserrole == 'superadmin') {

        if ($confdatafromdbck) {

            $updatequerysp = $mysqli->prepare("UPDATE conferences_text SET text_conf_label = ?, limit_to_groups = ? WHERE text_conf_extension = ?");
            $updatequerysp->bind_param("sss", $textConfTag, $limitToGroups, $textConfExtension);
            if ($updatequerysp->execute()) { $messagetosend = 'The data has been successfully saved to the database !'; } else { $messagetosend = 'Error while updating the data !'; }

        } else {

            $insertquerysp = $mysqli->prepare("INSERT INTO conferences_text (userid, text_conf_extension, text_conf_label, limit_to_groups) VALUES(?, ?, ?, ?)");
            $insertquerysp->bind_param("isss", $cruserid, $textConfExtension, $textConfTag, $limitToGroups);
            if ($insertquerysp->execute()) { $messagetosend = 'The data has been successfully saved to the database !'; } else { $messagetosend = 'Error while inserting the data !'; }
        }

    } elseif ($cruserrole == 'admin') {

	      if ($confdatafromdbckad) {

		  $updatequery = $mysqli->prepare("UPDATE conferences_text SET text_conf_label = ?, limit_to_groups = ? WHERE userid = ? AND text_conf_extension = ?");
		  $updatequery->bind_param("ssis", $textConfTag, $limitToGroups, $cruserid, $textConfExtension);
		  if ($updatequery->execute()) { $messagetosend = 'The data has been successfully saved to the database !'; } else { $messagetosend = 'Error while updating the data !'; }

	      } elseif (!$confdatafromdbckad && !$confdatafromdbck) {

		  $insertquery = $mysqli->prepare("INSERT INTO conferences_text (userid, text_conf_extension, text_conf_label, limit_to_groups) VALUES(?, ?, ?, ?)");
		  $insertquery->bind_param("isss", $cruserid, $textConfExtension, $textConfTag, $limitToGroups);
		  if ($insertquery->execute()) { $messagetosend = 'The data has been successfully saved to the database !'; } else { $messagetosend = 'Error while inserting the data !'; }

	      } else { $messagetosend = "You are not allowed to change this conference data!"; }

    } elseif ($cruserrole == 'regular_user') { $messagetosend = 'Only Admins and Superadmins can configure conferences.'; }

    $response = array('result' => $messagetosend);
    echo json_encode($response);

} else {
    header("Location: ../login.php");
}

?>