li-dance-backoffice/backend/api/registrations/set.php

<?php
    header("Access-Control-Allow-Origin: *");
    header("Content-Type: application/json; charset=UTF-8");
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
    header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");

    require_once('../../utils/config.php');
    require_once('../../utils/db.php');
    require_once('../../utils/tools.php');
    require_once('../../libs/fpdf/fpdf.php'); // DON'T TRY TO MOVE THIS INSIDE REGISTRATION.PHP, THIS FUCKS UP CORS
    require_once('../../libs/registration/registration.php');

    $method = $_SERVER['REQUEST_METHOD'];
    if ('OPTIONS' === $method) {
        header("HTTP/1.1 204 NO CONTENT");
        exit;
    }
    
    if ('POST' === $method) {
        parse_str(file_get_contents('php://input'), $_POST);
    }

    $authorization = $_SERVER["HTTP_AUTHORIZATION"];
    if(strcmp($authorization, PUBLIC_API_KEY) !== 0) {
      echo 'STOP TRYING TO STEAL MY DATA!';
      exit;
    }

    try {
          
    	$connection = connect();
  
      $rid = intval($_POST["rid"]);
      $firstname = escape($connection, $_POST["firstname"]);
      $lastname = escape($connection, $_POST["lastname"]);
      $birthday = escape($connection, $_POST["birthday"]);
      $gender = intval($_POST["gender"]);
      $street = escape($connection, $_POST["street"]);
      $house = intval($_POST["house"]);
      $zip = escape($connection, $_POST["zip"]);
      $city = escape($connection, $_POST["city"]);
      $phone = escape($connection, $_POST["phone"]);
      $email = escape($connection, $_POST["email"]);
  
      $accountholder = escape($connection, $_POST["accountHolder"]);
      $iban = escape($connection, $_POST["iban"]);
      $bic = escape($connection, $_POST["bic"]);
      $bank = escape($connection, $_POST["bank"]);
  
      $applicationconsent = $_POST["applicationConsent"] === "true";
      $datachangeconsent = $_POST["dataChangeConsent"] === "true";
      $privacypolicyconsent = $_POST["privacyPolicyConsent"] === "true";
      $directdebitconsent = $_POST["directDebitConsent"] === "true";
      $returndebitconsent = $_POST["returnDebitConsent"] === "true";
      $datastorageconsent = $_POST["dataStorageConsent"] === "true";
      $multimediaconsent = $_POST["multimediaConsent"] === "true";
      
      $registrationfrom = getRegistrationDate()->format('Y-m-d');
    
      $querystr = "SELECT * FROM li_registrations 
                    WHERE li_registrations.rid = ${rid}";
  
      $result = mysqli_query($connection, $querystr);
      if($result->num_rows !== 0) {
        $querystr = "UPDATE li_registrations SET firstname='${firstname}', lastname='${lastname}', birthday='${birthday}',
                                            gender=${gender}, street='${street}', house=${house},
                                            zip='${zip}', city='${city}', phone='${phone}', email='${email}',
                                            accountholder='${accountHolder}', iban='${iban}', bic='${bic}', bank='${bank}',
                                            applicationconsent=${applicationconsent}, datachangeconsent=${datachangeconsent}, privacypolicyconsent=${privacypolicyconsent}, 
                                            directdebitconsent=${directdebitconsent}, returndebitconsent=${returndebitconsent}, datastorageconsent=${datastorageconsent},
                                            multimediaconsent=${multimediaconsent}, 
                      WHERE rid=${rid}";
      } else {
        $querystr = "INSERT INTO li_registrations (firstname, lastname, birthday, gender, street, house, zip, city, phone, email,
                                                   accountholder, iban, bic, bank,
                                                   applicationconsent, datachangeconsent, privacypolicyconsent, directdebitconsent,
                                                   returndebitconsent, datastorageconsent, multimediaconsent, registrationfrom) 
  
                     VALUES('{$firstname}', '{$lastname}', '{$birthday}', {$gender}, '{$street}', {$house}, '{$zip}', '{$city}', '{$phone}', '{$email}',
                            '{$accountholder}', '{$iban}', '{$bic}', '{$bank}',
                            {$applicationconsent}, {$datachangeconsent}, {$privacypolicyconsent}, {$directdebitconsent}, 
                            {$returndebitconsent}, {$datastorageconsent}, {$multimediaconsent}, '{$registrationfrom}')";
      }             
    
      $result = mysqli_query($connection, $querystr);
    
      $currentDate = new DateTime();
      $formattedRegistrationFrom = new DateTime($registrationfrom);
      $formattedBirthday = new DateTime($birthday);

      $data = (object) [
                'firstname' => $firstname,
                'lastname' => $lastname,
                'birthdate' => $formattedBirthday->format('d.m.Y'),
                'gender' => gender($gender),
                'street' => $street,
                'house' => $house,
                'zip' => $zip,
                'city' => $city,
                'phone' => $phone,
                'email' => $email,
                'accountholder' => $accountholder, 
                'iban' => $iban, 
                'bic' => $bic,
                'bank' => $bank,
                'registrationFrom' => $formattedRegistrationFrom->format('d.m.Y'),
                'rate' => getRegistrationPrice($birthday) . ',00' . chr(128),
                'pdfname' => "{$currentDate->format('Y-m-d')}-lidance-registrierung.pdf",
                'pdfcontent' => ''
              ]; 
  
      
      $data->pdfcontent = getRegistrationPdf($data);
      
      sendRegistrationMail($data);
      sendConfirmationMail($data);
          
    } catch (Exception $e) {
      $result = $e;
    }
    
    echo json_encode('{ "result": "' . $result . '" }');
?>