38230-vm/api/save_settings.php

<?php
require_once __DIR__ . '/../db/config.php';

header('Content-Type: application/json');

$action = $_POST['action'] ?? '';

// Check if locked for all modifying actions except toggle_lock
if ($action !== 'toggle_lock' && $action !== '') {
    $stmt = db()->prepare("SELECT setting_value FROM settings WHERE setting_key = 'is_locked'");
    $stmt->execute();
    $isLocked = $stmt->fetchColumn();
    
    if ($isLocked === '1') {
        echo json_encode(['success' => false, 'error' => 'Settings are locked.']);
        exit;
    }
}

if ($action === 'upload_bg_image') {
    if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
        $uploadDir = __DIR__ . '/../assets/images/uploads/';
        if (!is_dir($uploadDir)) {
            mkdir($uploadDir, 0775, true);
        }
        $fileName = 'bg_' . time() . '_' . basename($_FILES['image']['name']);
        $targetPath = $uploadDir . $fileName;

        if (move_uploaded_file($_FILES['image']['tmp_name'], $targetPath)) {
            $webPath = 'assets/images/uploads/' . $fileName;
            
            $stmt = db()->prepare("UPDATE settings SET setting_value = ? WHERE setting_key = 'bg_image'");
            $stmt->execute([$webPath]);
            
            echo json_encode(['success' => true, 'path' => $webPath]);
        } else {
            echo json_encode(['success' => false, 'error' => 'Failed to move uploaded file.']);
        }
    } else {
        echo json_encode(['success' => false, 'error' => 'No file uploaded or upload error.']);
    }
} elseif ($action === 'update_bg_color') {
    $color = $_POST['color'] ?? '';
    if (preg_match('/^#[a-f0-9]{6}$/i', $color)) {
        $stmt = db()->prepare("UPDATE settings SET setting_value = ? WHERE setting_key = 'bg_color'");
        $stmt->execute([$color]);
        echo json_encode(['success' => true]);
    } else {
        echo json_encode(['success' => false, 'error' => 'Invalid color format.']);
    }
} elseif ($action === 'update_popup_color') {
    $color = $_POST['color'] ?? '';
    if (preg_match('/^#[a-f0-9]{6}$/i', $color)) {
        $stmt = db()->prepare("UPDATE settings SET setting_value = ? WHERE setting_key = 'popup_color'");
        $stmt->execute([$color]);
        echo json_encode(['success' => true]);
    } else {
        echo json_encode(['success' => false, 'error' => 'Invalid color format.']);
    }
} elseif ($action === 'update_setting') {
    $key = $_POST['key'] ?? '';
    $value = $_POST['value'] ?? '';
    $allowedKeys = [
        'p1_title_color', 'p1_title_size', 'p1_title_font', 'p1_title_text',
        'p2_text_color', 'p2_text_size', 'p2_text_font', 'p2_line1_text', 'p2_line2_text',
        'p2_hint_color', 'p2_hint_size', 'p2_hint_font', 'p2_hint_text',
        'image_radius'
    ];
    if (in_array($key, $allowedKeys)) {
        $stmt = db()->prepare("UPDATE settings SET setting_value = ? WHERE setting_key = ?");
        $stmt->execute([$value, $key]);
        echo json_encode(['success' => true]);
    } else {
        echo json_encode(['success' => false, 'error' => 'Invalid setting key.']);
    }
} elseif ($action === 'remove_bg_image') {
    $stmt = db()->prepare("UPDATE settings SET setting_value = '' WHERE setting_key = 'bg_image'");
    $stmt->execute();
    echo json_encode(['success' => true]);
} elseif ($action === 'toggle_lock') {
    $lockValue = $_POST['lock'] === 'true' ? '1' : '0';
    $stmt = db()->prepare("UPDATE settings SET setting_value = ? WHERE setting_key = 'is_locked'");
    $stmt->execute([$lockValue]);
    echo json_encode(['success' => true, 'locked' => $lockValue === '1']);
} elseif ($action === 'reset') {
    // Reset button positions and sizes is handled by reloading the page in the frontend.
    // We no longer reset colors or text content here.
    echo json_encode(['success' => true]);
} else {
    echo json_encode(['success' => false, 'error' => 'Invalid action.']);
}