<?php

require(dirname(__FILE__) . '/../functions.php');

$successURL = '/success.html';
$errorURL = '/error.html';
$err = "Abmeldung fehlgeschlagen";

// contents of notification email
$mailContents = [
  'subject' => 'Ein Newsletter-Abonnent weniger',
  'bodyText' => "Jemand hat sich vom Newsletter abgemeldet:\n\n%Placeholder%",
  'fromAddress' => '***REMOVED***',  //  'newsletter@tobias-radloff.de'
  'fromName' => 'Tobias Radloff'
];


function RemoveSubscriberFromDB($subscriberAddress) {
  $pdo = getPDO();

  // make sure record exists
  $check = NotYetSubscribed($subscriberAddress, $pdo);
  if ( gettype($check) == 'boolean' ) {
    return "Emailadresse {$subscriberAddress} ist unbekannt";
  } elseif ( gettype($check) == 'string' and $check != "Emailadresse {$subscriberAddress} ist bereits eingetragen") {
    return $check;
  }

  // delete record 
  global $general;
  $query = $pdo->prepare($general['sql']['delete_record']);
  if ( ! $query->execute([':e' => $subscriberAddress])) {
    return "Fehler beim Löschen des Datenbankeintrags für {$subscriberAddress}.";
  }
  return TRUE;
}


// check request method – unsubscribe forms use POST but links use GET 
$method = $_SERVER['REQUEST_METHOD'];

// check and sanitize email address
if ( $method == 'GET' ) {
  if ( ! isset($_GET['e']) ) {
    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse");
  } else {
    $e = filter_var($_GET['e'], FILTER_SANITIZE_STRING);
  }
} elseif ( $method == 'POST' ) {
  if ( ! isset($_POST['e']) ) {
    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse");
  } else {
    $e = filter_var($_POST['e'], FILTER_SANITIZE_STRING);
  }
} else {
  GracefulExit($errorURL, "{$err}: Fehlerhafter HTTP-Request");
}
  
// check, sanitize and validate hash (only required for GET requests)
if ($method == 'GET') {
  if ( ! isset($_GET['c']) ) {
    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse oder Hash");
  } else {
    $c = filter_var($_GET['c'], FILTER_SANITIZE_STRING);
    if ( ! GetConfirmationHash($e) === $c ) {
      GracefulExit($errorURL, "{$err}: Fehlerhafter Hash");
    }
  }
}

// remove email from database
try {
  $result = RemoveSubscriberFromDB($e);
  if (gettype($result) == 'string') {
    GracefulExit($errorURL, "{$err}: {$result}");
  } 
} catch(\PDOException $e) {
  GracefulExit($error, "{$err}: {$e->getMessage()}");
}

// success
$mailContents['bodyText'] = str_replace('%Placeholder%', $e, $mailContents['bodyText']);
SendEmail($general['notificationAddress'], $mailContents);
GracefulExit($successURL, 'Abmeldung erfolgt: Emailadresse ist aus dem Newsletter ausgetragen');
?>