<?php
/**
 *  Copyright (C) 2021  Double Bastion LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

session_start();

 // header('Set-Cookie: PHPSESSID= ' . session_id() . '; SameSite=strict; Secure=true; HttpOnly=true;');

if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

    define('ACCESSCONST', TRUE);

    require('db-connect.php');

    $username = $_POST['username'];
    $contDataPosted = $_POST['contactsdata'];
    $contactsData = json_decode($contDataPosted, true);

    // Get the user id from the 'app_users' table
    $queryid = $mysqli->prepare("SELECT id, username FROM app_users WHERE BINARY username = ?");
    $queryid->bind_param("s", $username);
    $queryid->execute();
    $queryidres = $queryid->get_result()->fetch_assoc();
    $userID = $queryidres['id'];

    $restrictmsg = "";
    $insertcheck = 0;
    $duplicate = 0;

    for ($i = 0; $i < count($contactsData); $i++) {

         $contactName = $contactsData[$i][0];
         if (preg_match('/[^A-Za-z0-9\s\-\.\'\(\)]/', $contactName)) {
             $contactNamemsg = "The 'Display Name' field contains characters that are not allowed.";
         } else { $contactNamemsg = ""; }
         $restrictmsg .= $contactNamemsg . " ";

         $contactDesc = $contactsData[$i][1];
         if (preg_match('/[^A-Za-z0-9\s\-\_\.\,\'\"\(\)\!\?\@\%\&\*]/', $contactDesc)) {
             $contactDescmsg = "The 'Title / Description' field contains characters that are not allowed.";
         } else { $contactDescmsg = ""; }
         $restrictmsg .= $contactDescmsg . " ";

         $contactLongDesc = $contactsData[$i][2];
         if (preg_match('/[^A-Za-z0-9\s\-\_\.\,\'\"\(\)\!\?\@\%\&\*]/', $contactLongDesc)) {
             $contactLongDescmsg = "The 'Long Description' field contains characters that are not allowed.";
         } else { $contactLongDescmsg = ""; }
         $restrictmsg .= $contactLongDescmsg . " ";

         $addressStreet = $contactsData[$i][3];
         if (preg_match('/[^A-Za-z0-9\s\-\_\.\,\'\"\(\)\#\%\&]/', $addressStreet)) {
             $addressStreetmsg = "The 'Address - Street' field contains characters that are not allowed.";
         } else { $addressStreetmsg = ""; }
         $restrictmsg .= $addressStreetmsg . " ";

         $addressZip = $contactsData[$i][4];
         if (preg_match('/[^A-Za-z0-9\s\-\_\.\(\)\#\&]/', $addressZip)) {
             $addressZipmsg = "The 'Address - Zip' field contains characters that are not allowed.";
         } else { $addressZipmsg = ""; }
         $restrictmsg .= $addressZipmsg . " ";

         $addressTown = $contactsData[$i][5];
         if (preg_match('/[^A-Za-z0-9\s\-\_\.\,\(\)\&]/', $addressTown)) {
             $addressTownmsg = "The 'Address - Town' field contains characters that are not allowed.";
         } else { $addressTownmsg = ""; }
         $restrictmsg .= $addressTownmsg . " ";

         $addressCountry = $contactsData[$i][6];
         if (preg_match('/[^A-Za-z0-9\s\-\.\,\(\)\&]/', $addressCountry)) {
             $addressCountrymsg = "The 'Address - Country' field contains characters that are not allowed.";
         } else { $addressCountrymsg = ""; }
         $restrictmsg .= $addressCountrymsg . " ";

         $addressState = $contactsData[$i][7];
         if (preg_match('/[^A-Za-z0-9\s\-\.\,\(\)\&]/', $addressState)) {
             $addressStatemsg = "The 'Address - State/Province' field contains characters that are not allowed.";
         } else { $addressStatemsg = ""; }
         $restrictmsg .= $addressStatemsg . " ";

         $extensionNumber = $contactsData[$i][8];
         if (preg_match('/[^A-Za-z0-9\*\#]/', $extensionNumber)) {
             $extensionNumbermsg = "The 'Extension (Internal)' field contains characters that are not allowed.";
         } else { $extensionNumbermsg = ""; }
         $restrictmsg .= $extensionNumbermsg . " ";

         $contactMobile = $contactsData[$i][9];
         if (preg_match('/[^0-9\s\+\-\.\#]/', $contactMobile)) {
             $contactMobilemsg = "The 'Mobile Number' field contains characters that are not allowed.";
         } else { $contactMobilemsg = ""; }
         $restrictmsg .= $contactMobilemsg . " ";

         $contactNum1 = $contactsData[$i][10];
         if (preg_match('/[^0-9\s\+\-\.\#]/', $contactNum1)) {
             $contactNum1msg = "The 'Contact Number 1' field contains characters that are not allowed.";
         } else { $contactNum1msg = ""; }
         $restrictmsg .= $contactNum1msg . " ";

         $contactNum2 = $contactsData[$i][11];
         if (preg_match('/[^0-9\s\+\-\.\#]/', $contactNum2)) {
             $contactNum2msg = "The 'Contact Number 2' field contains characters that are not allowed.";
         } else { $contactNum2msg = ""; }
         $restrictmsg .= $contactNum2msg . " ";

         $contact_fax = $contactsData[$i][12];
         if (preg_match('/[^0-9\s\+\-\.\#]/', $contact_fax)) {
             $contact_faxmsg = "The 'Fax Number' field contains characters that are not allowed.";
         } else { $contact_faxmsg = ""; }
         $restrictmsg .= $contact_faxmsg . " ";

         $contact_email = $contactsData[$i][13];
         if (filter_var($contact_email, FILTER_VALIDATE_EMAIL) || $contact_email == '') {
             $contact_emailmsg = "";
         } else { $contact_emailmsg = "The email address in the 'Email' field is not valid."; }
         $restrictmsg .= $contact_emailmsg . " ";

         $profilePicture = $contactsData[$i][14];
         if (preg_match('/[^A-Za-z0-9\+\/\=\;\:\,]/', $profilePicture)) {
             $profilePicturemsg = "The 'Profile Picture' field contains characters that are not allowed.";
         } else { $profilePicturemsg = ""; }
         $restrictmsg .= $profilePicturemsg . " ";

         $groups = $contactsData[$i][15];
         if (preg_match('/[^A-Za-z0-9\s\-\|]/', $groups)) {
             $groupsmsg = "The 'Groups' field contains characters that are not allowed.";
         } else { $groupsmsg = ""; }
         $restrictmsg .= $groupsmsg . " ";

         $dateAdded = date("Y-m-d H:i:s");
         $dateModified = $dateAdded;

         if (ctype_space($restrictmsg)) {

             // Check if the contact is already in the 'contacts' table
             $queryck = $mysqli->prepare("SELECT id, user_id, contact_name FROM contacts WHERE user_id = ? AND contact_name = ?");
             $queryck->bind_param("is", $userID, $contactName);
             $queryck->execute();
             $fetchInfo = $queryck->get_result()->fetch_assoc();

             if (!$fetchInfo) {

                  $querync = $mysqli->prepare("INSERT INTO contacts (user_id, contact_name, contact_desc, contact_long_desc, address_street, address_zip, address_town, address_country, 
                                               address_state, extension_number, contact_mobile, contact_num1, contact_num2, contact_fax, contact_email, profile_picture_c, groups, 
                                               date_added, date_modified) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
                  $querync->bind_param("issssssssssssssssss", $userID, $contactName, $contactDesc, $contactLongDesc, $addressStreet, $addressZip, $addressTown, $addressCountry, 
                                        $addressState, $extensionNumber, $contactMobile, $contactNum1, $contactNum2, $contact_fax, $contact_email, $profilePicture, $groups, $dateAdded, 
                                        $dateModified);

	          if ($querync->execute()) { /* OK */ } else { $insertcheck++; }

             } else { $duplicate++; }

         } else { break; }

    }

    // Reindex the 'contacts' table
    $reindexset = $mysqli->prepare("SET @resetrec = 0");
    $reindexup = $mysqli->prepare("UPDATE contacts SET id = @resetrec := @resetrec + 1");
    $reindexalt = $mysqli->prepare("ALTER TABLE contacts auto_increment = 1");
    if ($reindexset->execute() && $reindexup->execute() && $reindexalt->execute()) { $reindexmsg = ""; } else { $reindexmsg = "The 'contacts' table couldn't be reindexed!"; }

    if (ctype_space($restrictmsg)) { $restrictmsgproc = ""; } else { $restrictmsgproc = $restrictmsg; }

    if ($insertcheck == 0) { $insertmsg = ""; } else { $insertmsg = "At least one error while trying to insert contacts into the database!"; }

    if ($duplicate == 0) { $duplicatemsg = ""; } else { $duplicatemsg = "Some of the contacts that you have tried to import were already in the database."; }

    $response = array('restrict' => $restrictmsgproc, 'reindex' => $reindexmsg, 'insert' => $insertmsg, 'duplicate' => $duplicatemsg);

    echo json_encode($response);

} else {
    header("Location: ../login.php");
}

?>