<?php
// inspired by https://www.mailgun.com/blog/email/double-opt-in-with-php-mailgun/

require(dirname(__FILE__) . '/../settings.php');

$successURL = '/confirmed.html';
$errorURL = '/error.html';
$err = 'Bestätigung fehlgeschlagen';


// Adds new subscriber to database. Returns an error message on failure, TRUE on success.
function AddSubscriberToDB($subscriberAddress, $subscriberName = NULL) {
  $pdo = getPDO();

  // check if record exists
  $check = NotYetSubscribed($subscriberAddress, $pdo);
  if ( gettype($check) == 'string' ) {
    return $check;
  }

  // create record 
  global $general;
  $query = $pdo->prepare($general['sql']['create_record']);
  if ( ( ! $query->execute([':e' => $subscriberAddress, ':n' => $subscriberName]) ) or ( $query->fetch() ) ) {
//    error_log("Datenbankfehler: Einfügen von Emailadresse {$subscriberAddress} ergab einen Fehler.");       
    return 'Fehler beim Eintragen in die Datenbank';
  }
  return TRUE;
}


// check if hash and email parameters are both set
if ( ! (isset($_GET['c']) and isset($_GET['e'])) ) {
  GracefulExit($errorURL, "{$err}: Fehlende Emailadresse oder Hash");
}

// check if hash is correct
$c = filter_var($_GET['c'], FILTER_SANITIZE_STRING);
$e = filter_var($_GET['e'], FILTER_SANITIZE_STRING);
if ( GetConfirmationHash($e) != $c ) {
  GracefulExit($errorURL, "{$err}: Fehlerhafter Hash");
}

// add email to database 
try {
  $result = AddSubscriberToDB($e);
  if ( gettype($result) == 'string' ) {
    GracefulExit($errorURL, "{$err}: {$result}");
  }
} catch(\PDOException $e) {
  GracefulExit($errorURL, "{$err}: {$e->getMessage()}");
}

// success
GracefulExit($successURL, 'Bestätigung erfolgt: Newsletter-Anmeldung bestätigt');
?>