<?

php
session_start();
date_default_timezone_set("Asia/Kolkata");
$response = '';
include "../../config/database.php";
include "../../config/config.php";

function convertAbsUrl($path) {
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
$url = 'https://' . $_SERVER["HTTP_HOST"] . dirname($_SERVER['PHP_SELF']);
} else {
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
}
return $url[-1] == '/' ? $url . $path : $url . '/' . $path;
}

if (isset($_POST["action"]) && $_POST["action"] == 'delete') {

$aid = $_POST["aid"];
$delete_qry = mysqli_query($conn, "UPDATE dadarmath_walkin_abhishek
INNER JOIN dadarmath_walkin_abhishek_dates ON dadarmath_walkin_abhishek.id
= dadarmath_walkin_abhishek_dates.abhishek_id
SET dadarmath_walkin_abhishek.status = 0,
dadarmath_walkin_abhishek_dates.status = 0
WHERE dadarmath_walkin_abhishek.id=$aid");

$response = $delete_qry ? ['status' => 'success', 'message' => 'Successfully

deleted']
: ['status' => 'error', 'message' => 'Internal Server
Error'];
} else {
require_once '../../lib/SecurityService.php';
$antiCSRF = new \Phppot\SecurityService\SecurityService();
$csrfResponse = $antiCSRF->validate();

$mobile = $email = $fullname = $gotra = $abhishek_dates = '';

$dates = [];
$amount = $paymentType = $abhishekType = '';
$abhishekTypeId = $paymentTypeId = null;
$abhishek_price = 0;
$chequeno = $chequedate = $bankname = '';

if (isset($_POST["data"][0]["mobile"])) {
$mobile = filterInput($_POST["data"][0]["mobile"]);
}
if (isset($_POST["data"][0]["email"])) {
$email = filterInput($_POST["data"][0]["email"]);
}
if (isset($_POST["data"][0]["fullname"])) {
$fullname = filterInput($_POST["data"][0]["fullname"]);
}
if (isset($_POST["data"][0]["gotra"])) {
$gotra = filterInput($_POST["data"][0]["gotra"]);
}
if (isset($_POST["data"][0]["paymentType"])) {
$paymentType = filterInput($_POST["data"][0]["paymentType"]);
$payment_query = mysqli_query($conn, "SELECT * FROM
`dadarmath_payment_type`");
while ($row = mysqli_fetch_assoc($payment_query)) {
if (strtolower($row['payment_type']) == strtolower($paymentType)) {
 $paymentTypeId = $row['id'];
}
}
if ($paymentType == 'Cheque') {
if (isset($_POST["data"][0]["chequeno"])) $chequeno =
filterInput($_POST["data"][0]["chequeno"]);
if (isset($_POST["data"][0]["chequedate"])) $chequedate =
filterInput($_POST["data"][0]["chequedate"]);
if (isset($_POST["data"][0]["bankname"])) $bankname =
filterInput($_POST["data"][0]["bankname"]);
}
}
if (isset($_POST["data"][0]["abhishekType"])) {
$abhishekType = filterInput($_POST["data"][0]["abhishekType"]);
$type_query = mysqli_query($conn, "SELECT * FROM
`dadarmath_abhishek_type`");
while ($row = mysqli_fetch_assoc($type_query)) {
if (strtolower($row['abhishek_type']) == strtolower($abhishekType)) {
$abhishekTypeId = $row['id'];
}
}

if (isset($_POST["date"])) {
$abhishek_dates = filterInput($_POST["date"]);
$abhishek_dates = str_replace(' ', '', $abhishek_dates);
$dates = !empty($abhishek_dates) ? explode(',', $abhishek_dates) : [];

$cutoffDate = new DateTime("2024-12-31");

foreach ($dates as $date) {
$dateObject = DateTime::createFromFormat('d/m/Y', $date);
if ($dateObject && $dateObject <= $cutoffDate) {
$abhishek_price = 50;
} else {
$abhishek_price = 60;
}
}
}

if ($abhishekType == 'Daily') {
$amount = count($dates) * $abhishek_price;
} elseif ($abhishekType == 'Monthly') {
$total_days = 0;
foreach ($dates as $date) {
$mmyyyy = preg_split("#/#", $date);
$total_days += cal_days_in_month(CAL_GREGORIAN, $mmyyyy[0],
$mmyyyy[1]);
}
$amount = $abhishek_price * $total_days;
} else {
$year = $dates[0];
$date = new DateTime("{$year}-01-01");
$num_thursdays = 0;
while ($date->format('Y') == $year) {
if ($date->format('N') == 4) {
$num_thursdays++;
}
$date->modify('+1 day');
}
$amount = $abhishek_price * $num_thursdays;
 }
}

if (!empty($csrfResponse)) {
if (empty($fullname)) $response = ['status' => 'error', 'message' =>
'Please enter a full name'];
elseif (empty($gotra)) $response = ['status' => 'error', 'message' =>
'Please select gotra'];
elseif (count($dates) == 0) $response = ['status' => 'error', 'message' =>
'Please enter a date'];
elseif (empty($amount)) $response = ['status' => 'error', 'message' =>
'Please enter an amount'];
elseif (!empty($email) && !preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-
9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $email)) $response = ['status' => 'error',
'message' => 'Please Enter a Valid Email Address'];
elseif (empty($abhishekType)) $response = ['status' => 'error', 'message'
=> 'Invalid abhishek type'];
elseif (empty($paymentType)) $response = ['status' => 'error', 'message' =>
'Invalid payment type'];
elseif ($paymentType == 'Cheque' && (empty($chequeno) || empty($chequedate)
|| empty($bankname))) {
$response = empty($chequeno) ? ['status' => 'error', 'message' =>
'Please enter a cheque number']
: (empty($chequedate) ? ['status' => 'error', 'message' =>
'Please select cheque date']
: ['status' => 'error', 'message' => 'Please enter a cheque
bank name']);
} else {
if (!empty($chequedate)) {
$chequedate = date("Y-m-d", strtotime(str_replace('/', '-',
$chequedate)));
}
if ($_POST['action'] == 'add') {
// Code for adding the record here (same as your provided code)
$create_date = date("Y-m-d");
$create_time = date("h:i:s A");

$currentYear = date("y");
$prefix = 'WAD' . $currentYear . '-';
if ($abhishekType == 'Monthly') {
$prefix = 'WAM' . $currentYear . '-';
} else if ($abhishekType == 'Yearly') {
$prefix = 'WAY' . $currentYear . '-';
}

$orderId = $prefix . "000001";

$checkQuery = mysqli_query($conn, "SELECT * FROM `dadarmath_walkin_abhishek`
ORDER BY `id` DESC LIMIT 1");
if (mysqli_num_rows($checkQuery) > 0) {
$row = mysqli_fetch_assoc($checkQuery);
$orderId = $row['order_id'];
$orderId = incrementOrderId($prefix, $orderId);
$orderId = checkDuplicateOrder($conn, $orderId, $prefix);
}

$query = "INSERT into `dadarmath_walkin_abhishek`

(`order_id`, `full_name`, `gotra_id`, `mobile`, `email`, `abhishek_type_id`,
`payment_type_id`, `amount`, `dates`, `per_amount`, `cheque_number`, `cheque_date`,
`cheque_bank_name`, `created_date`, `created_time`)
 VALUES (
'$orderId',
'$fullname',
'$gotra',
'$mobile',
'$email',
'$abhishekTypeId',
'$paymentTypeId',
'$amount',
'$abhishek_dates',
'$abhishek_price',
'$chequeno',
'$chequedate',
'$bankname',
'$create_date',
'$create_time')";
if (mysqli_query($conn, $query)) {
$last_id = $conn->insert_id;
include 'sms.php';
$receipt = convertAbsUrl('crud/receipt.php?Receipt=' . $last_id .
'&ReceiptType=WalkinAbhishek');
$receipt = str_replace('/crud/crud', '/crud', $receipt);

// send sms
if (getEnvVar('APP_ENV') == 'production') {
sendSMS($mobile, "Successfully Abhishek booked, Your payment receipt:
$receipt -SHRI AKKALKOT SWAMI SAMARTH MAHARAJAS MATHS");
}

// send email
if (getEnvVar('APP_ENV') == 'production') {
require_once '../../lib/MailService.php';
$mailService = new \Phppot\MailService\MailService ();
$mailService->mailId = $email;
$mailService->subject = 'Dadarmath Abhishek book';
$mailService->body = 'Successfully Abhishek booked, Your payment receipt:
' . $receipt;
$mailService->sendMail();
}

$response = ['status' => 'success', 'message' => 'Sucessfully Added', 'id' =>
$last_id];
} else {
$response = ['status' => 'error', 'message' => 'Internal Server Error'];
}
} elseif ($_POST['action'] == 'edit') {
// Code for updating the record here (same as your provided code)
$abhiskekId = $_POST["data"][0]["abhiskekId"];
$updated_date = date("Y-m-d");
$updated_time = date("h:i:s A");

$query = "UPDATE `dadarmath_walkin_abhishek`

SET
`full_name`='$fullname',
`mobile`='$mobile',
`email`='$email',
`mobile`='$mobile',
`gotra_id`='$gotra',
`amount`='$amount',
 `dates`='$abhishek_dates',
`per_amount`='$abhishek_price',
`abhishek_type_id` = '$abhishekTypeId',
`payment_type_id` = '$paymentTypeId',
`cheque_number`='$chequeno',
`cheque_date`='$chequedate',
`cheque_bank_name`='$bankname',
`updated_date`='$updated_date',
`updated_time`='$updated_time' WHERE `id`='$abhiskekId'";
if (mysqli_query($conn, $query)) {
$response = ['status' => 'success', 'message' => 'Sucessfully Updated'];
} else {
$response = ['status' => 'error', 'message' => 'Internal Server Error'];
}
} else {
$response = ['status' => 'error', 'message' => 'Internal Server Error'];
}
}
}
} else {
$response = ['status' => 'error', 'message' => 'CSRF required'];
}
}
echo json_encode($response);

function filterInput($data) {
return htmlspecialchars(stripslashes(trim($data)));
}

function incrementOrderId($prefix, $orderId)

{
$orderIdNumber = substr($orderId, strlen($prefix) + 1);
$newOrderIdNumber = $orderIdNumber + 1;
$paddedNewOrderIdNumber = str_pad($newOrderIdNumber, 6, '0', STR_PAD_LEFT);
$orderId = $prefix . $paddedNewOrderIdNumber;
return $orderId;
}

function checkDuplicateOrder($conn, $orderId, $prefix)

{
$temp = false;
$orderId = $orderId;
$checkQuery = mysqli_query($conn, "SELECT * FROM `dadarmath_walkin_abhishek` WHERE
`order_id` = '$orderId'");
while (mysqli_num_rows($checkQuery) > 0) {
$orderId = incrementOrderId($prefix, $orderId);
}
return $orderId;
}

function getEnvVar($key)
{
$envFile = file('../../.env');
foreach ($envFile as $line) {
$line = trim($line);

if (empty($line) || strpos($line, '#') === 0) {

continue;
}
 $parts = explode('=', $line, 2);
$envKey = trim($parts[0]);
$envValue = trim($parts[1]);
if ($envKey === $key) {
return $envValue;
}
}

return null; // Variable not found

}