Email PPR

cancelppr.php

@@ -0,0 +1,170 @@
+<?php
+include("functions.php");
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Row Details</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            margin: 0;
+            padding: 0;
+            background-color: #f4f4f4;
+        }
+
+        .container {
+            width: 80%;
+            margin: 20px auto;
+            background-color: #fff;
+            padding: 20px;
+            box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
+        }
+
+        h2 {
+            color: #333;
+            text-align: center;
+            margin-bottom: 20px;
+        }
+
+        .details {
+            padding: 15px;
+            border: 1px solid #ddd;
+            border-radius: 5px;
+            background-color: #f9f9f9;
+        }
+
+        .details p {
+            margin: 10px 0;
+            font-size: 16px;
+        }
+
+        .details p strong {
+            color: #333;
+        }
+
+        .back-link {
+            display: inline-block;
+            margin-top: 20px;
+            text-decoration: none;
+            color: #fff;
+            background-color: #007BFF;
+            padding: 10px 15px;
+            border-radius: 5px;
+        }
+
+        .back-link:hover {
+            background-color: #0056b3;
+        }
+        
+        button {
+            padding: 10px 20px;
+            font-size: 1rem;
+            background-color: #007bff;
+            color: white;
+            border: none;
+            border-radius: 5px;
+            cursor: pointer;
+            transition: 0.3s;
+        }
+
+        button:hover {
+            background-color: #0056b3;
+        }
+    </style>
+</head>
+<body>
+
+<?php
+
+if (isset($_GET['token'])) {
+    $result = validateSecureToken($_GET['token']);
+
+    if ($result) {
+        // Token is valid, allow changes to database entry
+        $email = $result['email'];
+        $entryId = $result['entryId'];
+        echo "Token valid, email is " . $email . " entryId is " . $entryId;
+    } else {
+        die("Invalid or expired token.");
+    }
+}
+
+switch($_GET['op']) {
+    case "cancel":
+        opCancel();
+        break;
+    case "view":
+        opView($entryId);
+        break;
+    default:
+
+}
+
+function opView($entryId) {
+
+    $conn = connectDb();
+    $sql = "SELECT * FROM submitted WHERE id = " . $entryId;
+    $result = $conn->query($sql);
+    
+    if ($result->num_rows > 0) {
+        // Output data of the row
+        $row = $result->fetch_assoc();
+        echo '<div class="container">';
+        echo '<div class="details"><p><strong>Aircraft Reg: </strong>' . $row['ac_reg'] . "</p>";
+        echo "<p><strong>Aircraft Type:</strong> " . $row['ac_type'] . "</p>";
+        echo "<p><strong>Callsign:</strong> " . $row['ac_call'] . "</p>";
+        echo "<p><strong>Captain's Name:</strong> " . $row['captain'] . "</p>";
+        echo "<p><strong>Arriving From:</strong> " . $row['in_from'] . "</p>";
+        echo "<p><strong>POB IN:</strong> " . $row['pob_in'] . "</p>";
+        echo "<p><strong>ETA:</strong> " . $row['eta'] . "</p>";
+    
+        echo "<p><strong>Fuel Required:</strong> " . $row['fuel'] . "</p>";
+    
+        echo "<p><strong>POB OUT:</strong> " . $row['pob_out'] . "</p>";
+        echo "<p><strong>Outbound To:</strong> " . $row['out_to'] . "</p>";
+        echo "<p><strong>ETD:</strong> " . $row['etd'] . "</p>";
+    
+        echo "<p><strong>Email Address:</strong> " . $row['email'] . "</p>";
+        echo "<p><strong>Phone:</strong> " . $row['phone'] . "</p>";
+    
+        echo "<p><strong>Notes:</strong> " . $row['notes'] . "</p></div>";
+    
+    } else {
+        echo "No details found for the given ID.";
+    }
+    
+    $conn->close();
+
+    echo '<button onclick="confirmWithSweetAlert(\'cancelppr.php?op=cancel&token=' . urlencode($_GET['token']) . '\')">Cancel PPR</button>';
+
+}
+
+?>
+
+<!-- Include SweetAlert -->
+<script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script>
+
+
+
+<script>
+function confirmWithSweetAlert(url) {
+    Swal.fire({
+        title: "Cancel PPR?",
+        text: "We hope to see you soon!",
+        icon: "warning",
+        showCancelButton: true,
+        confirmButtonColor: "#3085d6",
+        cancelButtonColor: "#d33",
+        confirmButtonText: "Cancel PPR"
+    }).then((result) => {
+        if (result.isConfirmed) {
+            window.location.href = url;
+        }
+    });
+}
+</script>
+

functions.php

@@ -90,4 +90,38 @@ function require_auth() {
         echo 'Text to send if user hits Cancel button';
 		exit;
 	}
-}
+}
+
+function generateSecureToken($email, $entryId) {
+    $secretKey = "your-very-secret-key"; // Use an environment variable for this
+    $timestamp = time();
+    $data = "$email|$entryId|$timestamp";
+    $hash = hash_hmac('sha256', $data, $secretKey);
+    return base64_encode("$data|$hash");
+}
+
+
+function validateSecureToken($token) {
+    $secretKey = "your-very-secret-key";
+    $decoded = base64_decode($token);
+    
+    if (!$decoded) return false;
+    
+    list($email, $entryId, $timestamp, $hash) = explode('|', $decoded);
+    
+    // Check expiration (e.g., valid for 1 hour)
+    if (time() - $timestamp > 3600) {
+        return false;
+    }
+
+    // Verify hash
+    $data = "$email|$entryId|$timestamp";
+    $validHash = hash_hmac('sha256', $data, $secretKey);
+
+    if (!hash_equals($validHash, $hash)) {
+        return false;
+    }
+
+    return ['email' => $email, 'entryId' => $entryId];
+}
+

newppr.php

@@ -1,4 +1,10 @@
 <?php
+
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\Exception;
+
+require '../vendor/autoload.php';
+
 include("functions.php");
 require_db_auth();
 
@@ -21,8 +27,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         echo $sql;
         
         if ($conn->query($sql) === TRUE) {
-            echo "<p>Data successfully inserted into database.</p>";
-            echo '<script>window.close();</script>';
+            $lastId = $conn->insert_id;
+            echo "<p>Data successfully inserted into database with id = " . $lastId . "</p>";
+            if (!empty($_POST['email'])) {
+                echo "Email is set to " . $_POST['email'];
+                generatePprEmail($lastId);
+            } else {
+                echo "Username is not set.";
+            }
+            
+            //echo '<script>window.close();</script>';
         } else {
             echo "<p>Error inserting data: " . $conn->error . "</p>";
         }
@@ -32,5 +46,39 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     echo "<h2>No POST data received.</h2>";
 }
 
+function generatePprEmail($entryId) {
+	$token = generateSecureToken($_POST['email'], $entryId);
+    $secureLink = "https://ppr.swansea-airport.wales/dev/cancelppr.php?op=view&token=" . urlencode($token);
+    echo $secureLink;
+
+    $mail = new PHPMailer(true);
+
+    try {
+        $mail->isSMTP();
+        $mail->Host = 'send.one.com'; // Your SMTP server
+        $mail->SMTPAuth = true;
+        $mail->Username = 'noreply@swansea-airport.wales';
+        $mail->Password = 'SASAGoForward2155';
+        $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
+        $mail->Port = 465;
+
+        $mail->setFrom('noreply@swansea-airport.wales', 'Swansea Airport');
+        $mail->addAddress($_POST['email']);
+
+        $mail->isHTML(true);
+        $mail->Subject = "Edit Your Entry";
+        $mail->Body = "
+            <p>Click the button below to edit your entry securely:</p>
+            <a href='$secureLink' style='display: inline-block; padding: 10px 20px; color: white; background-color: #007bff; text-decoration: none; border-radius: 5px;'>Edit Entry</a>
+        ";
+
+        $mail->send();
+        echo "Email sent successfully!";
+    } catch (Exception $e) {
+        echo "Email sending failed: {$mail->ErrorInfo}";
+    }
+
+}
+
 ?>