<?php
/**
 *  Copyright (C) 2022, 2024  Double Bastion LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

session_start();

if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

    define('ACCESSCONST', TRUE);

    require('db-connect.php');

    $username = $_POST['username'];
    $bannedProfileName = $_POST['bannedprofilename'];
    $bannedSipUserName = $_POST['bannedsipusername'];
    $confExtension = $_POST['confextension'];
    $conflabel = $_POST['conflabel'];
    $bannedDays = $_POST['banneddays'];

    $bannedUntil = date('Y-m-d', strtotime("+". $bannedDays ." days"));

    // Get the role of the current user from the 'app_users' table
    $querysel = $mysqli->prepare("SELECT userrole, username FROM app_users WHERE BINARY username = ?");
    $querysel->bind_param("s", $username);
    $querysel->execute();
    $confdatafromdb = $querysel->get_result()->fetch_assoc();
    $cruserrole = $confdatafromdb['userrole'];

    // Check if the banned user has been already introduced in the 'banned_users' table
    $queryselck = $mysqli->prepare("SELECT banned_sipusername, conf_extension FROM banned_users WHERE banned_sipusername = ? AND conf_extension = ?");
    $queryselck->bind_param("ss", $bannedSipUserName, $confExtension);
    $queryselck->execute();
    $userdatafromdbck = $queryselck->get_result()->fetch_assoc();

    if ($cruserrole == 'superadmin' || $cruserrole == 'admin') {

        if ($bannedDays != 0) {

            if ($userdatafromdbck) {

                $updatequerysp = $mysqli->prepare("UPDATE banned_users SET ban_creator = ?, banned_profilename = ?, conf_label = ?, banned_until = ? WHERE banned_sipusername = ? AND 
                                               conf_extension = ?");
                $updatequerysp->bind_param("ssssss", $username, $bannedProfileName, $conflabel, $bannedUntil, $bannedSipUserName, $confExtension);
                if ($updatequerysp->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'Error while updating the data !'; }

            } else {

                $insertquerysp = $mysqli->prepare("INSERT INTO banned_users (ban_creator, banned_profilename, banned_sipusername, conf_extension, conf_label, banned_until) 
                                               VALUES(?, ?, ?, ?, ?, ?)");
                $insertquerysp->bind_param("ssssss", $username, $bannedProfileName, $bannedSipUserName, $confExtension, $conflabel, $bannedUntil);
                if ($insertquerysp->execute()) { $messagetosend = 'success'; } else { $messagetosend = 'Error while inserting the data !'; }
            }

        } else { $messagetosend = 'success'; }

    } else { $messagetosend = 'Only Admins and Superadmins can ban other participants to video conferences and establish a ban duration.'; }

    $response = array('result' => $messagetosend);

    echo json_encode($response);

} else {
    header("Location: ../login.php");
}

?>