<?php
session_start();
header('Content-Type: text/html; charset=utf-8');
header('X-Powered-By: PHP/8.0');
date_default_timezone_set('Asia/Shanghai');

// 数据库连接
$conn = new mysqli("127.0.0.1", "crm", "Qweasdzxc", "crm_new");
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
$conn->set_charset("utf8");

// Get website settings
$result = $conn->query("SELECT webname, keywords, description, indexwebname, copyright FROM inc LIMIT 1");
if ($result) {
    $row = $result->fetch_assoc();
    $webname = textUncode($row['webname']);
    $webkeywords = textUncode($row['keywords']);
    $webdescription = textUncode($row['description']);
    $indexwebname = textUncode($row['indexwebname']);
    $copyright = textUncode($row['copyright']);
    $result->close();
}

// Global variables
$useid = '';
$usename = '';
$usesex = '';
$usecompany = '';
$usetel = '';
$useemail = '';

// Session handling functions
function addSession($key, $value) {
    $_SESSION['hjunkel.com' . $key] = $value;
}

function loadSession($key) {
    return $_SESSION['hjunkel.com' . $key] ?? '';
}

// Check login function
function checkLogin($permission = '') {
    global $conn;
    
    $loginId = loadSession('loginid');
    $loginUser = loadSession('loginuser');
    $loginName = loadSession('loginname');
    $loginPower = loadSession('loginpower');
    
    if (empty($loginId) || empty($loginUser) || empty($loginName) || empty($loginPower)) {
        echo "<script>top.location.href='login.php'</script>";
        exit;
    }
    
    if (!is_numeric($loginId) || !is_numeric($loginPower)) {
        echo "<script>top.location.href='login.php'</script>";
        exit;
    }
    
    $loginId = $conn->real_escape_string($loginId);
    $loginUser = $conn->real_escape_string($loginUser);
    
    $result = $conn->query("SELECT loginstate, loginpower FROM login WHERE id=$loginId AND loginuser='$loginUser'");
    
    if ($result->num_rows === 0) {
        echo "<script>alert('登录超时,请重新登录');top.location.href='login.php'</script>";
        exit;
    }
    
    $row = $result->fetch_assoc();
    if ($row['loginstate'] == 0) {
        echo "<script>alert('您的帐号已被系统停用,请联系管理员');top.location.href='login.php'</script>";
        exit;
    }
    
    if ($row['loginpower'] != (int)$loginPower) {
        echo "<script>alert('您的权限已被更新,请重新登录');top.location.href='login.php'</script>";
        exit;
    }
    
    $result = $conn->query("SELECT powerstate, powercontent FROM power WHERE id=$loginPower");
    
    if ($result->num_rows === 0) {
        echo "<script>alert('您的帐号已被系统停用,请联系管理员');top.location.href='login.php'</script>";
        exit;
    }
    
    $row = $result->fetch_assoc();
    if ($row['powerstate'] == 0) {
        echo "<script>alert('您的帐号已被系统停用,请联系管理员');top.location.href='login.php'</script>";
        exit;
    }
    
    $powerContent = $row['powercontent'];
    
    if (!empty($permission) && strpos($powerContent, $permission) === false) {
        echo "<script>alert('Sorry,您没有操作该功能的权限');history.back();</script>";
        exit;
    }
}

function chkLogin($permission) {
    global $conn;
    $loginPower = loadSession('loginpower');
    
    $result = $conn->query("SELECT powercontent FROM power WHERE id=" . (int)$loginPower);
    if ($result->num_rows === 0) {
        return false;
    }
    
    $row = $result->fetch_assoc();
    if (!empty($permission) && strpos($row['powercontent'], $permission) === false) {
        return false;
    }
    
    return true;
}

function checkPost() {
    // 可以根据需要实现POST检查
    // if (!isset($_SERVER['HTTP_REFERER']) || parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) !== $_SERVER['SERVER_NAME']) {
    //     die("<script>alert('对不起,服务器拒绝您的请求');history.back()</script>");
    // }
}

function txt2HTML($text) {
    if (empty($text) || is_null($text)) {
        return '';
    }
    return htmlspecialcharsFix($text, ENT_QUOTES | ENT_HTML5, 'UTF-8');
}

function html2Txt($text) {
    if (empty($text) || is_null($text)) {
        return '';
    }
    return htmlspecialchars_decode($text, ENT_QUOTES);
}

function htmlEncode($text) {
    if (empty($text) || is_null($text)) {
        return '';
    }
    
    $chars = [
        '&' => '&#38;', "\t" => '&#9;', "\n" => '&#10;', "\r" => '&#13;',
        ' ' => '&#32;', '"' => '&#34;', '%' => '&#37;', "'" => '&#39;',
        '(' => '&#40;', ')' => '&#41;', '<' => '&#60;', '>' => '&#62;',
        '[' => '&#91;', ']' => '&#93;', '^' => '&#94;', '_' => '&#95;',
        '{' => '&#123;', '|' => '&#124;', '}' => '&#125;'
    ];
    
    return strtr($text, $chars);
}

//function htmlUncode($text) {
//    if (empty($text) || is_null($text)) {
//        return '';
//    }
//
//    $chars = array_flip([
//        '&' => '&#38;', "\t" => '&#9;', "\n" => '&#10;', "\r" => '&#13;',
//        ' ' => '&#32;', '"' => '&#34;', '%' => '&#37;', "'" => '&#39;',
//        '(' => '&#40;', ')' => '&#41;', '<' => '&#60;', '>' => '&#62;',
//        '[' => '&#91;', ']' => '&#93;', '^' => '&#94;', '_' => '&#95;',
//        '{' => '&#123;', '|' => '&#124;', '}' => '&#125;'
//    ]);
//
//    return strtr($text, $chars);
//}

function htmlUnCode($t0) {
    if (empty($t0) || is_array($t0)) {
        return "";
    }

    $replacements = [
        "&#9;" => chr(9), "&#11;" => chr(11), "&#10;" => chr(10),
        "&#13;" => chr(13), "&#32;" => chr(32), "&#34;" => chr(34),
        "&#37;" => chr(37), "&#39;" => chr(39), "&#40;" => chr(40),
        "&#41;" => chr(41), "&#60;" => chr(60), "&#62;" => chr(62),
        "&#91;" => chr(91), "&#93;" => chr(93), "&#94;" => chr(94),
        "&#95;" => chr(95), "&#123;" => chr(123), "&#124;" => chr(124),
        "&#125;" => chr(125), "&#38;" => chr(38)
    ];

    return strtr($t0, $replacements);
}

function textEncode($text) {
    if (empty($text) || is_null($text)) {
        return '';
    }
    
    $text = trim($text);
    // Remove control characters
    $text = preg_replace('/[\x00-\x1F\x7F]/', '', $text);
    return htmlEncode($text);
}

function textUncode($text) {
    if (empty($text) || is_null($text)) {
        return '';
    }
    return htmlUncode($text);
}

function htmlUncode1($text) {
    if (empty($text) || is_null($text)) {
        return '';
    }
    
    $replacements = [
        '&#9;' => "\t",
        '&#11;' => "\v",
        '&#13;&#10;' => '<br />',
        '&#10;' => '<br />',
        '&#13;' => '<br />',
        '&#32;' => '&nbsp;',
        '&#38;' => '&'
    ];
    
    return strtr($text, $replacements);
}

function strLeft($str, $length) {
    if (empty($str)) {
        return '';
    }
    
    $substr = mb_substr($str, 0, $length, 'UTF-8');
    return ($substr != $str) ? $substr . '..' : $substr;
}



function enMonth($m) {
    $months = [
        '1' => 'Jan', '2' => 'Feb', '3' => 'Mar',
        '4' => 'Apr', '5' => 'May', '6' => 'Jun',
        '7' => 'Jul', '8' => 'Aug', '9' => 'Sep',
        '10' => 'Oct', '11' => 'Nov', '12' => 'Dec'
    ];
    return $months[$m] ?? 'Dec';
}

function sitelinkReplace($content, $search, $replace, $limit = -1) {
    if (empty($content) || is_null($content)) {
        return '';
    }

    // 保存HTML标签内容
    $patterns = [
        '/<a[^<>]+>.+?<\/a>/is',  // 链接
        '/<img[^<>]+>/is',        // 图片
        '/<h[1-6]+\s*>.+?<\/h[1-6]+>/is'  // 标题
    ];
    
    $savedTags = [];
    $i = 0;
    
    foreach ($patterns as $pattern) {
        $content = preg_replace_callback($pattern, function($match) use (&$savedTags, &$i) {
            $savedTags[$i] = $match[0];
            $placeholder = "[{$i}]";
            $i++;
            return $placeholder;
        }, $content);
    }
    
    if ($i == 0) {
        // 如果没有需要保护的HTML标签,直接替换
        return str_replace($search, $replace, $content, $limit);
    }
    
    // 执行替换
    $content = str_replace($search, $replace, $content, $limit);
    
    // 还原保存的标签
    for ($j = 0; $j < $i; $j++) {
        $content = str_replace("[{$j}]", $savedTags[$j], $content);
    }
    
    return $content;
}

function getIp() {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? '';
    if (strlen($ip) > 15) {
        $ip = 'Unknown';
    }
    return htmlEncode($ip);
}

function formatTime($time, $format) {
    if (!strtotime($time)) {
        return '';
    }
    
    $replacements = [
        'yyyy' => 'Y',
        'yy' => 'y',
        'mm' => 'm',
        'dd' => 'd',
        'hh' => 'H',
        'ff' => 'i',
        'ss' => 's'
    ];
    
    $phpFormat = strtr($format, $replacements);
    return date($phpFormat, strtotime($time));
}

function removeHTML($text) {
    if (empty($text) || is_null($text)) {
        return '';
    }
    
    // Remove scripts and iframes
    $text = preg_replace(['/<script\b[^>]*>(.*?)<\/script>/is', '/<iframe\b[^>]*>(.*?)<\/iframe>/is'], '', $text);
    
    // Convert special characters
    $text = str_replace(['&lt;', '&gt;'], ['<', '>'], $text);
    
    // Remove all remaining HTML tags
    $text = strip_tags($text);
    
    // Remove special characters and whitespace
    $text = str_replace(['&nbsp;', "\r", "\n", "\t", "\x09", "\x0A", "\x0D", "\x16"], '', $text);
    
    return trim($text);
}

function isValidEmail($email) {
    if (empty($email)) {
        return false;
    }
    
    $parts = explode('@', $email);
    if (count($parts) !== 2) {
        return false;
    }
    
    list($local, $domain) = $parts;
    if (empty($local) || empty($domain)) {
        return false;
    }
    
    if (!preg_match('/^[a-zA-Z0-9._-]+$/', $local)) {
        return false;
    }
    
    if (strpos($domain, '.') === false) {
        return false;
    }
    
    $tld = substr($domain, strrpos($domain, '.') + 1);
    if (strlen($tld) < 2 || strlen($tld) > 3) {
        return false;
    }
    
    if (strpos($email, '..') !== false) {
        return false;
    }
    
    return true;
}
//处理特殊字符
function htmlspecialcharsFix($input_str)
{
    return htmlUnCode($input_str);
//    return $input_str;
}