<?php
/**
 *  Copyright (C) 2021  Cover Tower LLC
 *
 *  This file is part of Roundpin, which is licensed under the
 *  GNU Affero General Public License Version 3.0. The license terms
 *  are detailed in the "LICENSE.txt" file located in the root directory.
 */

session_start();

if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {

 define('ACCESSCONST', TRUE);

 require('db-connect.php');

    $username = $_POST['username'];
    $currentEmail = $_POST['current_email'];
    $newEmail = $_POST['new_email'];

    // Get the email address of the current user from the 'app_users' table
    $queryemail = $mysqli->query("SELECT id, username, emailaddress, enabled FROM app_users WHERE username = '$username' AND enabled = 1");
    $emailfromdb = $queryemail->fetch_row();
    $fetchedemailfromdb = $emailfromdb[2];

    // Check if there is any other user with the same email address as the new email address
    $getemails = $mysqli->query("SELECT emailaddress FROM app_users");

    $duplicateemail = 0;

    while ($row = $getemails->fetch_row()) {

           if ($newEmail == $row[0]) {
               $duplicateemail = 1;
               break;
           }
    }


    if ($fetchedemailfromdb == $currentEmail) {

       if ($duplicateemail == 0) {

           /**
            *  Send the verification email
            */

           // Generate a random string to be used as the termination of the verification link
           function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
                    $pieces = [];
                    $max = mb_strlen($keyspace, '8bit') - 1;

                    for ($i = 0; $i < $length; ++$i) {
                         $pieces []= $keyspace[random_int(0, $max)];
                    }
                    return implode('', $pieces);
           }

           $token = random_str(55);

           // Enter the new token in the database
           $entertokenquery = $mysqli->query("UPDATE app_users SET token = '$token' WHERE username = '$username' AND registered = 1 AND enabled = 1");

           // Create the verification email
           $verificationLink = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . "/change-email-verification.php?token=" . $token . "&newemail=" . $newEmail;

           $domaininit = explode(".", $_SERVER['HTTP_HOST']);
           array_shift($domaininit);
           $domain = implode(".", $domaininit);

           $headers = "MIME-Version: 1.0" . "\r\n";
           $headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";

           $headers .= "From: " . "no-reply@" . $domain . "\r\n";

           $subject = "Roundpin email address verification";

           $message = "Hello, <br><br>
                       We have received your email address change request. To change your current Roundpin email address, please verify your address by clicking on
                       the link from below: <br><br>
                       <a href='".$verificationLink."'>".$verificationLink."</a><br><br>
                       Alternatively, you can copy the link and paste it in the address bar of your browser.<br><br>
                       After email address verification, your new email address will be assigned to your Roundpin account and saved to the database.<br><br>
                       Thank you,<br>
                       Roundpin<br>
                       Host: '" . $_SERVER['HTTP_HOST'] . "'";

           // Send the verification email
           mail($newEmail, $subject, $message, $headers);

           $emailchangemessage = "An email has been sent to your new email address. Please click on the link included in the received email to change your Roundpin user email address.";

       } else { $emailchangemessage = "The new email address is already used by another Roundpin user. Please, choose a different email address!"; }
        
    } else { $emailchangemessage = "The email address you have entered in the 'Current Email' field doesn't match your current email address!"; }

    echo json_encode($emailchangemessage);

} else {
        header("Location: roundpin-login.php");
}

?>