mtb_crm_asp/customerSave.php

<?php
require_once 'conn.php';
checkLogin();
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>管理区域</title>
    <link rel="stylesheet" href="system/css/common.css" type="text/css" />
    <script src="system/js/jquery-1.7.2.min.js"></script>
    <script src="js/js.js"></script>
</head>
<body class="clear">
<?php
// Get query parameters
$page = $_GET['Page'] ?? '';
$keys = urlencode($_GET['Keys'] ?? '');
$fliterBusiness = $_GET['fliterBusiness'] ?? '';
$fliterDeal = $_GET['Deal'] ?? '';

// Get form data
$id = $_POST['id'] ?? '';
$cs_code = textEncode($_POST['cs_code'] ?? '');
$cs_company = textEncode($_POST['cs_company'] ?? '');
$cs_name = textEncode($_POST['cs_name'] ?? '');
$cs_country = $_POST['cs_country'] ?? '';
$cs_from = $_POST['cs_from'] ?? '';
$cs_tel = textEncode($_POST['cs_tel'] ?? '');
$cs_wechat = textEncode($_POST['cs_wechat'] ?? '');
$cs_whatsapp = textEncode($_POST['cs_whatsapp'] ?? '');
$cs_email = textEncode($_POST['cs_email'] ?? '');
$cs_linkedin = textEncode($_POST['cs_linkedin'] ?? '');
$cs_facebook = textEncode($_POST['cs_facebook'] ?? '');
$cs_alibaba = textEncode($_POST['cs_alibaba'] ?? '');
$cs_alibaba = str_replace(':', ':', $cs_alibaba);
$cs_alibaba = str_replace('ID:', '', $cs_alibaba);
$cs_address = textEncode($_POST['cs_address'] ?? '');
$cs_type = textEncode($_POST['cs_type'] ?? '');
$cs_belongclient = $_POST['cs_belongclient'] ?? '';
$cs_addtime = $_POST['cs_addtime'] ?? '';
$cs_updatetime = date('Y-m-d H:i:s');
$cs_belong = $_SESSION['employee_id'];
$cs_state = 1;
$cs_deal = $_POST['cs_deal'] ?? '';
$cs_telformat = numFormat($_POST['cs_tel'] ?? '');
$cs_whatsappformat = numFormat($_POST['cs_whatsapp'] ?? '');
$allowedit = $_POST['Permissions'] ?? '0';

// Validate numeric values
$allowedit = is_numeric($allowedit) ? $allowedit : 0;
$cs_country = (is_numeric($cs_country) && $cs_country !== '') ? $cs_country : 0;
$cs_from = (is_numeric($cs_from) && $cs_from !== '') ? $cs_from : 0;
$cs_deal = (is_numeric($cs_deal) && $cs_deal !== '') ? $cs_deal : 1;
$cs_type = (is_numeric($cs_type) && $cs_type !== '') ? $cs_type : 5;
$cs_belongClient = (is_numeric($cs_belongclient) && $cs_belongclient !== '') ? $cs_belongclient : 0;

$cs_note = htmlEncode($_POST['cs_note'] ?? '');
$mytag = textEncode($_POST['mytag'] ?? '');
$mytag = str_replace(['&#60;&#47;span&#62;&#60;span&#62;', '&#60;&#47;span&#62;', '&#60;span&#62;'], [',', '', ''], $mytag);
$mytag = explode(',', $mytag);

// Auto-detect source from code
if (strpos($cs_code, ';1688') !== false) {
    $cs_from = 1; // 1688
}
if (strpos($cs_code, ';阿里') !== false) {
    $cs_from = 2; // International station
}

// Validation checks
if ($allowedit != 1) {
    // Alibaba validation
    if (($cs_from == 1 || $cs_from == 2) && empty($cs_alibaba)) {
        echo "<script>alert('阿里旺旺为必填项');history.back();</script>";
        exit;
    }

    // Website source validation
    if (strpos($cs_code, '官网') !== false) {
        $cs_from = 3;
    }

    if ($cs_from == 3 && empty($cs_tel) && empty($cs_whatsapp) && empty($cs_wechat)) {
        echo "<script>alert('电话和WhatsApp为必填项');history.back();</script>";
        exit;
    }

    // Market customer validation
    if ($cs_from == 8 && empty($cs_wechat)) {
        echo "<script>alert('微信为必填项');history.back();</script>";
        exit;
    }

    // Facebook validation
    if ($cs_from == 12 && empty($cs_facebook)) {
        echo "<script>alert('Facebook为必填项');history.back();</script>";
        exit;
    }
}

// Determine action type
$act = empty($id) || !is_numeric($id) ? 'addSave' : 'editSave';

if ($act === 'editSave') {
    // Verify customer ownership
    $stmt = $conn->prepare("SELECT cs_belong FROM customer WHERE id = ?");
    $stmt->bind_param("i", $id);
    $stmt->execute();
    $result = $stmt->get_result();
    
    if ($row = $result->fetch_assoc()) {
        if ($row['cs_belong'] != $cs_belong) {
            echo "<script>alert('抱歉，该客户属于另一业务,你没有权限修改');history.back();</script>";
            exit;
        }
    } else {
        echo "<script>alert('没有此客户!');history.back();</script>";
        exit;
    }
}

// Validate customer code
if (empty($cs_code)) {
    echo "<script>alert('客户编码不能为空');history.back();</script>";
    exit;
}

// Check for duplicate customer information
$checkStr = "SELECT c.*, cc.tel, cc.tel_format, cc.email, cc.whatsapp, cc.whatsapp_format, cc.wechat, cc.linkedin, cc.facebook, cc.alibaba 
             FROM customer c 
             LEFT JOIN customer_contact cc ON c.id = cc.customer_id
             WHERE c.cs_belong != " . $_SESSION['employee_id'] . " AND (c.id = 0 ";

$Dupli = "";

if (!empty($cs_tel)) {
    $checkStr .= " OR cc.tel_format LIKE '%" . substr($cs_telformat, 3, 9) . "%'" . 
                 " OR cc.wechat LIKE '%" . substr($cs_telformat, 3, 9) . "%'" . 
                 " OR cc.whatsapp_format LIKE '%" . $cs_telformat . "%'";
    $Dupli .= "电话:" . $cs_tel;
}

if (!empty($cs_email)) {
    $checkStr .= " OR cc.email = '" . $conn->real_escape_string($cs_email) . "'";
    $Dupli .= "邮箱:" . $cs_email;
}

if (!empty($cs_whatsapp)) {
    $checkStr .= " OR cc.whatsapp_format LIKE '%" . substr($cs_whatsappformat, 3, 9) . "%'" . 
                 " OR cc.tel_format LIKE '%" . substr($cs_whatsappformat, 3, 9) . "%'";
    $Dupli .= "WhatsApp:" . $cs_whatsapp;
}

if (!empty($cs_wechat)) {
    if (strlen($cs_wechat) < 10) {
        $checkStr .= " OR cc.wechat LIKE '%" . $conn->real_escape_string($cs_wechat) . "%'" . 
                    " OR cc.tel_format LIKE '%" . $conn->real_escape_string($cs_wechat) . "%'";
    } else {
        $checkStr .= " OR cc.wechat LIKE '%" . substr($cs_wechat, 2, 12) . "%'" . 
                    " OR cc.tel_format LIKE '%" . substr($cs_wechat, 2, 12) . "%'";
    }
    $Dupli .= "微信:" . $cs_wechat;
}

if (!empty($cs_linkedin)) {
    $checkStr .= " OR cc.linkedin LIKE '%" . $conn->real_escape_string($cs_linkedin) . "%'";
    $Dupli .= "Linked:" . $cs_linkedin;
}

if (!empty($cs_facebook)) {
    $checkStr .= " OR cc.facebook LIKE '%" . $conn->real_escape_string($cs_facebook) . "%'";
    $Dupli .= "Facebook:" . $cs_facebook;
}

if (!empty($cs_alibaba)) {
    if (strlen($cs_alibaba) < 10) {
        $checkStr .= " OR cc.alibaba LIKE '" . $conn->real_escape_string($cs_alibaba) . "'";
    } else {
        $checkStr .= " OR cc.alibaba LIKE '%" . substr($cs_alibaba, 3, 12) . "%'";
    }
    $Dupli .= "阿里旺旺:" . $cs_alibaba;
}

$checkStr .= " ) ORDER BY c.id ASC";

if ($allowedit != 1) {
    $result = $conn->query($checkStr);
    if ($result && $result->num_rows > 0) {
        $row = $result->fetch_assoc();
        
        // Get owner name
        $ownerResult = $conn->query("SELECT em_user FROM employee WHERE id = " . $row['cs_belong']);
        $ownerRow = $ownerResult->fetch_assoc();
        $owner = textUncode($ownerRow['em_user']);
        
        // Determine who entered first
        if (strtotime($cs_addtime) > strtotime($row['cs_addtime'])) {
            $tstr = "INSERT INTO logrecord (loginName, loginIp, loginTime, loginAct) VALUES ('" .
                   $_SESSION['employee_name'] . "', '" . getIp() . "', '" . date('Y-m-d H:i:s') . "', '" .
                   $_SESSION['employee_name'] . "编辑客户\"" . $cs_code . "\"，该客户与\"" . 
                   textUncode($row['cs_code']) . "\"高度类似，<br>重复项为:" . $Dupli . "<br>客户由:" .
                   $_SESSION['employee_name'] . $cs_addtime . "首次录入')";
        } else {
            $tstr = "INSERT INTO logrecord (loginName, loginIp, loginTime, loginAct) VALUES ('" .
                   $_SESSION['employee_name'] . "', '" . getIp() . "', '" . date('Y-m-d H:i:s') . "', '" .
                   $_SESSION['employee_name'] . "编辑客户\"" . $cs_code . "\"，该客户与\"" . 
                   textUncode($row['cs_code']) . "\"高度类似，<br>重复项为:" . $Dupli . "<br>客户由:" .
                   $owner . $row['cs_addtime'] . "首次录入')";
        }
        
        $conn->query($tstr);
        echo "<script>alert('录入信息\\n与" . $owner . "客户编号:" . textUncode($row['cs_code']) . 
             "\\n高度类似，未能保存，请联系管理员核实！');history.back();</script>";
        exit;
    }
}

// Save or update customer data
if ($act == "editSave" || $allowedit == 1) {
    $hrefstr = "/customers.php?Keys=" . $keys . "&fliterBusiness=" . $fliterBusiness . 
               "&fliterDeal=" . $fliterDeal . "&Page=" . $page;
    
    // 更新客户基本信息
    $updateSql = "UPDATE customer SET 
        cs_code='" . $conn->real_escape_string($cs_code) . "',
        cs_company='" . $conn->real_escape_string($cs_company) . "',
        cs_country=" . $cs_country . ",
        cs_from=" . $cs_from . ",
        cs_address='" . $conn->real_escape_string($cs_address) . "',
        cs_updatetime='" . $cs_updatetime . "',
        cs_belong=" . $cs_belong . ",
        cs_belongclient=" . $cs_belongClient . ",
        cs_state=" . $cs_state . ",
        cs_deal=" . $cs_deal . ",
        cs_note='" . $conn->real_escape_string($cs_note) . "'";

    // 处理cs_dealdate
    if ($cs_deal == 3) {
        $updateSql .= ", cs_dealdate = CASE WHEN cs_dealdate IS NULL THEN NOW() ELSE cs_dealdate END";
    }
    
    $updateSql .= " WHERE id=" . intval($id);

    $conn->query($updateSql);
    
    // 检查是否已有联系人记录
    $contact_sql = "SELECT id FROM customer_contact WHERE customer_id = " . intval($id);
    $contact_result = mysqli_query($conn, $contact_sql);
    
    if ($contact_row = mysqli_fetch_assoc($contact_result)) {
        // 更新联系人信息
        $contact_id = $contact_row['id'];
        $contact_sql = "UPDATE customer_contact SET 
            contact_name='" . $conn->real_escape_string($cs_name) . "',
            tel='" . $conn->real_escape_string($cs_tel) . "',
            tel_format='" . $conn->real_escape_string($cs_telformat) . "',
            tel_bu='" . $conn->real_escape_string($cs_tel) . "',
            email='" . $conn->real_escape_string($cs_email) . "',
            email_bu='" . $conn->real_escape_string($cs_email) . "',
            whatsapp='" . $conn->real_escape_string($cs_whatsapp) . "',
            whatsapp_format='" . $conn->real_escape_string($cs_whatsappformat) . "',
            whatsapp_bu='" . $conn->real_escape_string($cs_whatsapp) . "',
            wechat='" . $conn->real_escape_string($cs_wechat) . "',
            wechat_bu='" . $conn->real_escape_string($cs_wechat) . "',
            linkedin='" . $conn->real_escape_string($cs_linkedin) . "',
            linkedin_bu='" . $conn->real_escape_string($cs_linkedin) . "',
            facebook='" . $conn->real_escape_string($cs_facebook) . "',
            facebook_bu='" . $conn->real_escape_string($cs_facebook) . "',
            alibaba='" . $conn->real_escape_string($cs_alibaba) . "',
            alibaba_bu='" . $conn->real_escape_string($cs_alibaba) . "',
            updated_at='" . $cs_updatetime . "'
            WHERE id=" . $contact_id;
        $conn->query($contact_sql);
    } else {
        // 插入新的联系人记录
        $contact_sql = "INSERT INTO customer_contact (
            customer_id, contact_name, tel, tel_format, tel_bu, 
            email, email_bu, whatsapp, whatsapp_format, whatsapp_bu, 
            wechat, wechat_bu, linkedin, linkedin_bu, facebook, 
            facebook_bu, alibaba, alibaba_bu, created_at, updated_at
        ) VALUES (
            " . intval($id) . ",
            '" . $conn->real_escape_string($cs_name) . "',
            '" . $conn->real_escape_string($cs_tel) . "',
            '" . $conn->real_escape_string($cs_telformat) . "',
            '" . $conn->real_escape_string($cs_tel) . "',
            '" . $conn->real_escape_string($cs_email) . "',
            '" . $conn->real_escape_string($cs_email) . "',
            '" . $conn->real_escape_string($cs_whatsapp) . "',
            '" . $conn->real_escape_string($cs_whatsappformat) . "',
            '" . $conn->real_escape_string($cs_whatsapp) . "',
            '" . $conn->real_escape_string($cs_wechat) . "',
            '" . $conn->real_escape_string($cs_wechat) . "',
            '" . $conn->real_escape_string($cs_linkedin) . "',
            '" . $conn->real_escape_string($cs_linkedin) . "',
            '" . $conn->real_escape_string($cs_facebook) . "',
            '" . $conn->real_escape_string($cs_facebook) . "',
            '" . $conn->real_escape_string($cs_alibaba) . "',
            '" . $conn->real_escape_string($cs_alibaba) . "',
            NOW(), 
            NOW()
        )";
        $conn->query($contact_sql);
    }

    // Update tags
    $conn->query("DELETE FROM tagtable WHERE customerId = " . intval($id));
    foreach ($mytag as $tag) {
        if (!empty(trim($tag))) {
            $tagSql = "INSERT INTO tagtable (tagName, employeeId, customerId) VALUES ('" . 
                     $conn->real_escape_string($tag) . "', " . 
                     intval($_SESSION['employee_id']) . ", " . 
                     intval($id) . ")";
            $conn->query($tagSql);
        }
    }

    echo "<script>location.href='$hrefstr';</script>";
} else {
    // Insert new customer record
    $insertSql = "INSERT INTO customer (
        cs_code, cs_company, cs_country, cs_from, cs_address,
        cs_type, cs_addtime, cs_updatetime, cs_belong, cs_belongClient, 
        cs_state, cs_deal, cs_note, cs_chain, is_silent, cs_dealdate
    ) VALUES (
        '" . $conn->real_escape_string($cs_code) . "',
        '" . $conn->real_escape_string($cs_company) . "',
        " . $cs_country . ",
        " . $cs_from . ",
        '" . $conn->real_escape_string($cs_address) . "',
        " . $cs_type . ",
        NOW(),
        NOW(),
        " . $cs_belong . ",
        " . $cs_belongClient . ",
        " . $cs_state . ",
        " . $cs_deal . ",
        '" . $conn->real_escape_string($cs_note) . "',
        " . $cs_belong . ",
        0,
        " . ($cs_deal == 3 ? "NOW()" : "NULL") . "
    )";

    $conn->query($insertSql);
    $new_customer_id = $conn->insert_id;
    
    // Insert contact information
    if ($new_customer_id > 0) {
        $contactSql = "INSERT INTO customer_contact (
            customer_id, contact_name, tel, tel_format, tel_bu, 
            email, email_bu, whatsapp, whatsapp_format, whatsapp_bu, 
            wechat, wechat_bu, linkedin, linkedin_bu, facebook, 
            facebook_bu, alibaba, alibaba_bu, created_at, updated_at
        ) VALUES (
            " . $new_customer_id . ",
            '" . $conn->real_escape_string($cs_name) . "',
            '" . $conn->real_escape_string($cs_tel) . "',
            '" . $conn->real_escape_string($cs_telformat) . "',
            '" . $conn->real_escape_string($cs_tel) . "',
            '" . $conn->real_escape_string($cs_email) . "',
            '" . $conn->real_escape_string($cs_email) . "',
            '" . $conn->real_escape_string($cs_whatsapp) . "',
            '" . $conn->real_escape_string($cs_whatsappformat) . "',
            '" . $conn->real_escape_string($cs_whatsapp) . "',
            '" . $conn->real_escape_string($cs_wechat) . "',
            '" . $conn->real_escape_string($cs_wechat) . "',
            '" . $conn->real_escape_string($cs_linkedin) . "',
            '" . $conn->real_escape_string($cs_linkedin) . "',
            '" . $conn->real_escape_string($cs_facebook) . "',
            '" . $conn->real_escape_string($cs_facebook) . "',
            '" . $conn->real_escape_string($cs_alibaba) . "',
            '" . $conn->real_escape_string($cs_alibaba) . "',
            NOW(), 
            NOW()
        )";
        
        $conn->query($contactSql);
        
        // Save tags for new customer
        foreach ($mytag as $tag) {
            if (!empty(trim($tag))) {
                $tagSql = "INSERT INTO tagtable (tagName, employeeId, customerId) VALUES ('" . 
                         $conn->real_escape_string($tag) . "', " . 
                         intval($_SESSION['employee_id']) . ", " . 
                         intval($new_customer_id) . ")";
                $conn->query($tagSql);
            }
        }
    }

    echo "<script>location.href='customerAdd.php';</script>";
}
?>
</body>
</html>