Главная Обзор Помощь
Регистрация Вход
benjamin.harris
/
soil-report-ai
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: c1030aa24c
Ветки Метки
soil-report-ai
/
controllers
/
newClientSubmit.php

newClientSubmit.php 4.7 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * controllers/newClientSubmit.php
    4. 

  4.  *
    5. 

  5.  * Handle new client creation from modal form.
    6. 

  6.  */
    7. 

  7. 

  8. // Start session if not already started
    9. 

  9. if (session_status() === PHP_SESSION_NONE) {
    10. 

  10.     session_start();
    11. 

  11. }
    12. 

  12. 

  13. // Include dependencies
    14. 

  14. require_once __DIR__ . '/../config/database.php';
    15. 

  15. require_once __DIR__ . '/../lib/auth.php';
    16. 

  16. require_once __DIR__ . '/../lib/validation.php';
    17. 

  17. require_once __DIR__ . '/../lib/csrf.php';
    18. 

  18. 

  19. // Check authentication
    20. 

  20. if (!isLoggedIn()) {
    21. 

  21.     http_response_code(403);
    22. 

  22.     die(json_encode(['success' => false, 'message' => 'Authentication required']));
    23. 

  23. }
    24. 

  24. 

  25. // Check CSRF token
    26. 

  26. if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
    27. 

  27.     http_response_code(403);
    28. 

  28.     die(json_encode(['success' => false, 'message' => 'CSRF token validation failed']));
    29. 

  29. }
    30. 

  30. 

  31. // Only process POST requests
    32. 

  32. if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['NCsubmit'])) {
    33. 

  33.     http_response_code(405);
    34. 

  34.     die(json_encode(['success' => false, 'message' => 'Method not allowed']));
    35. 

  35. }
    36. 

  36. 

  37. header('Content-Type: application/json');
    38. 

  38. 

  39. try {
    40. 

  40.     // Validate and sanitize input data
    41. 

  41.     $input = validateNewClientData($_POST);
    42. 

  42. 

  43.     // Check if client with this email already exists for this user
    44. 

  44.     if (clientEmailExists($input['email'], $_SESSION['user_id'])) {
    45. 

  45.         throw new ValidationException('A client with this email address already exists');
    46. 

  46.     }
    47. 

  47. 

  48.     // Insert new client
    49. 

  49.     $clientId = insertNewClient($input);
    50. 

  50. 

  51.     // Return success response with client data for dropdown update
    52. 

  52.     echo json_encode([
    53. 

  53.         'success' => true,
    54. 

  54.         'message' => 'Client added successfully',
    55. 

  55.         'client' => [
    56. 

  56.             'id' => $clientId,
    57. 

  57.             'name' => $input['name'],
    58. 

  58.             'company' => $input['company'],
    59. 

  59.             'email' => $input['email'],
    60. 

  60.             'address' => $input['address'] . ', ' . $input['state']
    61. 

  61.         ]
    62. 

  62.     ]);
    63. 

  63. 

  64. } catch (ValidationException $e) {
    65. 

  65.     http_response_code(400);
    66. 

  66.     echo json_encode(['success' => false, 'message' => $e->getMessage()]);
    67. 

  67. } catch (PDOException $e) {
    68. 

  68.     error_log("Database error in new client creation: " . $e->getMessage());
    69. 

  69.     http_response_code(500);
    70. 

  70.     echo json_encode(['success' => false, 'message' => 'Database error occurred. Please try again later.']);
    71. 

  71. } catch (Exception $e) {
    72. 

  72.     error_log("Unexpected error in new client creation: " . $e->getMessage());
    73. 

  73.     http_response_code(500);
    74. 

  74.     echo json_encode(['success' => false, 'message' => 'An unexpected error occurred. Please try again later.']);
    75. 

  75. }
    76. 

  76. 

  77. /**
    78. 

  78.  * Validate and sanitize new client form data
    79. 

  79.  */
    80. 

  80. function validateNewClientData(array $post): array
    81. 

  81. {
    82. 

  82.     $validated = [];
    83. 

  83. 

  84.     // Required fields
    85. 

  85.     $validated['name'] = sanitizeString($post['Nname'] ?? '', 100);
    86. 

  86.     if (empty($validated['name'])) {
    87. 

  87.         throw new ValidationException('Client name is required');
    88. 

  88.     }
    89. 

  89. 

  90.     $validated['email'] = filter_var($post['Nemail'] ?? '', FILTER_VALIDATE_EMAIL);
    91. 

  91.     if (!$validated['email']) {
    92. 

  92.         throw new ValidationException('Valid email address is required');
    93. 

  93.     }
    94. 

  94. 

  95.     $validated['address'] = sanitizeString($post['Naddress'] ?? '', 255);
    96. 

  96.     if (empty($validated['address'])) {
    97. 

  97.         throw new ValidationException('Address is required');
    98. 

  98.     }
    99. 

  99. 

  100.     $validated['state'] = sanitizeString($post['Nstate'] ?? '', 255);
    101. 

  101.     if (empty($validated['state'])) {
    102. 

  102.         throw new ValidationException('Town/State/Postcode is required');
    103. 

  103.     }
    104. 

  104. 

  105.     // Optional fields
    106. 

  106.     $validated['company'] = sanitizeString($post['Ncompany'] ?? '', 100);
    107. 

  107.     $validated['mobile'] = sanitizeString($post['Nmobile'] ?? '', 20);
    108. 

  108. 

  109.     return $validated;
    110. 

  110. }
    111. 

  111. 

  112. /**
    113. 

  113.  * Check if client email already exists for this user
    114. 

  114.  */
    115. 

  115. function clientEmailExists(string $email, int $userId): bool
    116. 

  116. {
    117. 

  117.     global $pdo;
    118. 

  118. 

  119.     $stmt = $pdo->prepare("SELECT id FROM client_records WHERE email = ? AND modx_user_id = ?");
    120. 

  120.     $stmt->execute([$email, $userId]);
    121. 

  121. 

  122.     return $stmt->fetch() !== false;
    123. 

  123. }
    124. 

  124. 

  125. /**
    126. 

  126.  * Insert new client into database
    127. 

  127.  */
    128. 

  128. function insertNewClient(array $data): int
    129. 

  129. {
    130. 

  130.     global $pdo;
    131. 

  131. 

  132.     $sql = "INSERT INTO client_records (
    133. 

  133.         modx_user_id,
    134. 

  134.         modx_user_attributes,
    135. 

  135.         client,
    136. 

  136.         company,
    137. 

  137.         email,
    138. 

  138.         address,
    139. 

  139.         mobile,
    140. 

  140.         created_at
    141. 

  141.     ) VALUES (
    142. 

  142.         :modx_user_id,
    143. 

  143.         :modx_user_attributes,
    144. 

  144.         :client,
    145. 

  145.         :company,
    146. 

  146.         :email,
    147. 

  147.         :address,
    148. 

  148.         :mobile,
    149. 

  149.         NOW()
    150. 

  150.     )";
    151. 

  151. 

  152.     $stmt = $pdo->prepare($sql);
    153. 

  153.     $stmt->execute([
    154. 

  154.         'modx_user_id' => $_SESSION['user_id'],
    155. 

  155.         'modx_user_attributes' => $_SESSION['user_id'],
    156. 

  156.         'client' => $data['name'],
    157. 

  157.         'company' => $data['company'],
    158. 

  158.         'email' => $data['email'],
    159. 

  159.         'address' => $data['address'] . ', ' . $data['state'],
    160. 

  160.         'mobile' => $data['mobile']
    161. 

  161.     ]);
    162. 

  162. 

  163.     return $pdo->lastInsertId();
    164. 

  164. }
    165. 

  165. ?>
    166.