mtb_crm_asp/customerSave.php

<?php
require_once 'conn.php';
checkLogin();
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>管理区域</title>
    <link rel="stylesheet" href="system/css/common.css" type="text/css" />
    <script src="system/js/jquery-1.7.2.min.js"></script>
    <script src="js/js.js"></script>
</head>
<body class="clear">
<?php
// Get query parameters
$page = $_GET['Page'] ?? '';
$keys = urlencode($_GET['Keys'] ?? '');
$fliterBusiness = $_GET['fliterBusiness'] ?? '';
$fliterDeal = $_GET['Deal'] ?? '';

// Get form data
$id = $_POST['id'] ?? '';
$cs_code = textEncode($_POST['cs_code'] ?? '');
$cs_company = textEncode($_POST['cs_company'] ?? '');
$cs_country = $_POST['cs_country'] ?? '';
$cs_from = $_POST['cs_from'] ?? '';
$cs_address = textEncode($_POST['cs_address'] ?? '');
$cs_type = textEncode($_POST['cs_type'] ?? '');
$cs_belongclient = $_POST['cs_belongclient'] ?? '';
$cs_addtime = $_POST['cs_addtime'] ?? '';
$cs_updatetime = date('Y-m-d H:i:s');
$cs_belong = $_SESSION['employee_id'];
$cs_state = 1;
$cs_deal = $_POST['cs_deal'] ?? '';
$allowedit = $_POST['Permissions'] ?? '0';

// Get contact information from the form
$contacts = $_POST['contact'] ?? [];

// Validate numeric values
$allowedit = is_numeric($allowedit) ? $allowedit : 0;
$cs_country = (is_numeric($cs_country) && $cs_country !== '') ? $cs_country : 0;
$cs_from = (is_numeric($cs_from) && $cs_from !== '') ? $cs_from : 0;
$cs_deal = (is_numeric($cs_deal) && $cs_deal !== '') ? $cs_deal : 1;
$cs_type = (is_numeric($cs_type) && $cs_type !== '') ? $cs_type : 5;
$cs_belongClient = (is_numeric($cs_belongclient) && $cs_belongclient !== '') ? $cs_belongclient : 0;

$cs_note = htmlEncode($_POST['cs_note'] ?? '');
$mytag = textEncode($_POST['mytag'] ?? '');
$mytag = str_replace(['&#60;&#47;span&#62;&#60;span&#62;', '&#60;&#47;span&#62;', '&#60;span&#62;'], [',', '', ''], $mytag);
$mytag = explode(',', $mytag);


// Auto-detect source from code
if (strpos($cs_code, ';1688') !== false) {
    $cs_from = 1; // 1688
}
if (strpos($cs_code, ';阿里') !== false) {
    $cs_from = 2; // International station
}




// Get the first contact for validation (if any)
$primary_contact = !empty($contacts) ? current($contacts) : [];

// Check contact-specific validation requirements based on source
if ($allowedit != 1) {
    // Get the first contact's information for validation
    $contact_name = textEncode($primary_contact['contact_name'] ?? '');
    $tel_1 = textEncode($primary_contact['tel_1'] ?? '');
    $wechat_1 = textEncode($primary_contact['wechat_1'] ?? '');
    $whatsapp_1 = textEncode($primary_contact['whatsapp_1'] ?? '');
    $email_1 = textEncode($primary_contact['email_1'] ?? '');
    $alibaba_1 = textEncode($primary_contact['alibaba_1'] ?? '');
    $facebook_1 = textEncode($primary_contact['facebook_1'] ?? '');
    
    // Alibaba validation
    if (($cs_from == 1 || $cs_from == 2) && empty($alibaba_1)) {
        echo "<script>alert('阿里旺旺为必填项');history.back();</script>";
        exit;
    }

    // Website source validation
    if (strpos($cs_code, '官网') !== false) {
        $cs_from = 3;
    }

    if ($cs_from == 3 && empty($tel_1) && empty($whatsapp_1) && empty($wechat_1)) {
        echo "<script>alert('电话和WhatsApp为必填项');history.back();</script>";
        exit;
    }

    // Market customer validation
    if ($cs_from == 8 && empty($wechat_1)) {
        echo "<script>alert('微信为必填项');history.back();</script>";
        exit;
    }

    // Facebook validation
    if ($cs_from == 12 && empty($facebook_1)) {
        echo "<script>alert('Facebook为必填项');history.back();</script>";
        exit;
    }
}

// Determine action type
$act = empty($id) || !is_numeric($id) ? 'addSave' : 'editSave';

if ($act === 'editSave') {
    // Verify customer ownership - 将bind_param改为SQL拼接
    $id = intval($id); // 确保ID是整数，防止SQL注入
    $sql = "SELECT cs_belong FROM customer WHERE id = " . $id;
    $result = $conn->query($sql);
    
    if ($row = $result->fetch_assoc()) {
        if ($row['cs_belong'] != $cs_belong) {
            echo "<script>alert('抱歉，该客户属于另一业务,你没有权限修改');history.back();</script>";
            exit;
        }
    } else {
        echo "<script>alert('没有此客户!');history.back();</script>";
        exit;
    }
}

// Validate customer code
if (empty($cs_code)) {
    echo "<script>alert('客户编码不能为空');history.back();</script>";
    exit;
}

// Check for duplicate customer information
$checkStr = "SELECT c.*, cc.* 
             FROM customer c 
             LEFT JOIN customer_contact cc ON c.id = cc.customer_id
             WHERE c.cs_belong != " . $_SESSION['employee_id'] . " AND (c.id = 0 ";

$Dupli = "";

// Check all contacts for duplicates
foreach ($contacts as $contact) {
    // Check all phone numbers
    for ($i = 1; $i <= 3; $i++) {
        $tel_field = 'tel_' . $i;
        if (!empty($contact[$tel_field])) {
            $tel_format = numFormat($contact[$tel_field]);
            $checkStr .= " OR cc.tel_1_format LIKE '%" . substr($tel_format, 3, 9) . "%'" .
                        " OR cc.tel_2_format LIKE '%" . substr($tel_format, 3, 9) . "%'" .
                        " OR cc.tel_3_format LIKE '%" . substr($tel_format, 3, 9) . "%'" .
                        " OR cc.wechat_1 LIKE '%" . substr($tel_format, 3, 9) . "%'" .
                        " OR cc.wechat_2 LIKE '%" . substr($tel_format, 3, 9) . "%'" .
                        " OR cc.wechat_3 LIKE '%" . substr($tel_format, 3, 9) . "%'";
            $Dupli .= "电话" . $i . ":" . $contact[$tel_field] . " ";
        }
    }

    // Check all email addresses
    for ($i = 1; $i <= 3; $i++) {
        $email_field = 'email_' . $i;
        if (!empty($contact[$email_field])) {
            $checkStr .= " OR cc.email_1 = '" . $conn->real_escape_string($contact[$email_field]) . "'" .
                        " OR cc.email_2 = '" . $conn->real_escape_string($contact[$email_field]) . "'" .
                        " OR cc.email_3 = '" . $conn->real_escape_string($contact[$email_field]) . "'";
            $Dupli .= "邮箱" . $i . ":" . $contact[$email_field] . " ";
        }
    }

    // Check all WhatsApp numbers
    for ($i = 1; $i <= 3; $i++) {
        $whatsapp_field = 'whatsapp_' . $i;
        if (!empty($contact[$whatsapp_field])) {
            $whatsapp_format = numFormat($contact[$whatsapp_field]);
            $checkStr .= " OR cc.whatsapp_1_format LIKE '%" . substr($whatsapp_format, 3, 9) . "%'" .
                        " OR cc.whatsapp_2_format LIKE '%" . substr($whatsapp_format, 3, 9) . "%'" .
                        " OR cc.whatsapp_3_format LIKE '%" . substr($whatsapp_format, 3, 9) . "%'" .
                        " OR cc.tel_1_format LIKE '%" . substr($whatsapp_format, 3, 9) . "%'" .
                        " OR cc.tel_2_format LIKE '%" . substr($whatsapp_format, 3, 9) . "%'" .
                        " OR cc.tel_3_format LIKE '%" . substr($whatsapp_format, 3, 9) . "%'";
            $Dupli .= "WhatsApp" . $i . ":" . $contact[$whatsapp_field] . " ";
        }
    }

    // Check all WeChat accounts
    for ($i = 1; $i <= 3; $i++) {
        $wechat_field = 'wechat_' . $i;
        if (!empty($contact[$wechat_field])) {
            if (strlen($contact[$wechat_field]) < 10) {
                $checkStr .= " OR cc.wechat_1 LIKE '%" . $conn->real_escape_string($contact[$wechat_field]) . "%'" .
                            " OR cc.wechat_2 LIKE '%" . $conn->real_escape_string($contact[$wechat_field]) . "%'" .
                            " OR cc.wechat_3 LIKE '%" . $conn->real_escape_string($contact[$wechat_field]) . "%'" .
                            " OR cc.tel_1_format LIKE '%" . $conn->real_escape_string($contact[$wechat_field]) . "%'" .
                            " OR cc.tel_2_format LIKE '%" . $conn->real_escape_string($contact[$wechat_field]) . "%'" .
                            " OR cc.tel_3_format LIKE '%" . $conn->real_escape_string($contact[$wechat_field]) . "%'";
            } else {
                $checkStr .= " OR cc.wechat_1 LIKE '%" . substr($contact[$wechat_field], 2, 12) . "%'" .
                            " OR cc.wechat_2 LIKE '%" . substr($contact[$wechat_field], 2, 12) . "%'" .
                            " OR cc.wechat_3 LIKE '%" . substr($contact[$wechat_field], 2, 12) . "%'" .
                            " OR cc.tel_1_format LIKE '%" . substr($contact[$wechat_field], 2, 12) . "%'" .
                            " OR cc.tel_2_format LIKE '%" . substr($contact[$wechat_field], 2, 12) . "%'" .
                            " OR cc.tel_3_format LIKE '%" . substr($contact[$wechat_field], 2, 12) . "%'";
            }
            $Dupli .= "微信" . $i . ":" . $contact[$wechat_field] . " ";
        }
    }

    // Check all LinkedIn accounts
    for ($i = 1; $i <= 3; $i++) {
        $linkedin_field = 'linkedin_' . $i;
        if (!empty($contact[$linkedin_field])) {
            $checkStr .= " OR cc.linkedin_1 LIKE '%" . $conn->real_escape_string($contact[$linkedin_field]) . "%'" .
                        " OR cc.linkedin_2 LIKE '%" . $conn->real_escape_string($contact[$linkedin_field]) . "%'" .
                        " OR cc.linkedin_3 LIKE '%" . $conn->real_escape_string($contact[$linkedin_field]) . "%'";
            $Dupli .= "LinkedIn" . $i . ":" . $contact[$linkedin_field] . " ";
        }
    }

    // Check all Facebook accounts
    for ($i = 1; $i <= 3; $i++) {
        $facebook_field = 'facebook_' . $i;
        if (!empty($contact[$facebook_field])) {
            $checkStr .= " OR cc.facebook_1 LIKE '%" . $conn->real_escape_string($contact[$facebook_field]) . "%'" .
                        " OR cc.facebook_2 LIKE '%" . $conn->real_escape_string($contact[$facebook_field]) . "%'" .
                        " OR cc.facebook_3 LIKE '%" . $conn->real_escape_string($contact[$facebook_field]) . "%'";
            $Dupli .= "Facebook" . $i . ":" . $contact[$facebook_field] . " ";
        }
    }

    // Check all Alibaba accounts
    for ($i = 1; $i <= 3; $i++) {
        $alibaba_field = 'alibaba_' . $i;
        if (!empty($contact[$alibaba_field])) {
            if (strlen($contact[$alibaba_field]) < 10) {
                $checkStr .= " OR cc.alibaba_1 LIKE '" . $conn->real_escape_string($contact[$alibaba_field]) . "'" .
                            " OR cc.alibaba_2 LIKE '" . $conn->real_escape_string($contact[$alibaba_field]) . "'" .
                            " OR cc.alibaba_3 LIKE '" . $conn->real_escape_string($contact[$alibaba_field]) . "'";
            } else {
                $checkStr .= " OR cc.alibaba_1 LIKE '%" . substr($contact[$alibaba_field], 3, 12) . "%'" .
                            " OR cc.alibaba_2 LIKE '%" . substr($contact[$alibaba_field], 3, 12) . "%'" .
                            " OR cc.alibaba_3 LIKE '%" . substr($contact[$alibaba_field], 3, 12) . "%'";
            }
            $Dupli .= "阿里旺旺" . $i . ":" . $contact[$alibaba_field] . " ";
        }
    }
}

$checkStr .= " ) ORDER BY c.id ASC";

if ($allowedit != 1) {
    $result = $conn->query($checkStr);
    if ($result && $result->num_rows > 0) {
        $row = $result->fetch_assoc();
        
        // Get owner name
        $ownerResult = $conn->query("SELECT em_user FROM employee WHERE id = " . $row['cs_belong']);
        $ownerRow = $ownerResult->fetch_assoc();
        $owner = textUncode($ownerRow['em_user']);
        
        // Determine who entered first
        if (strtotime($cs_addtime) > strtotime($row['cs_addtime'])) {
            $tstr = "INSERT INTO logrecord (loginName, loginIp, loginTime, loginAct) VALUES ('" .
                   $_SESSION['employee_name'] . "', '" . getIp() . "', '" . date('Y-m-d H:i:s') . "', '" .
                   $_SESSION['employee_name'] . "编辑客户\"" . $cs_code . "\"，该客户与\"" . 
                   textUncode($row['cs_code']) . "\"高度类似，<br>重复项为:" . $Dupli . "<br>客户由:" .
                   $_SESSION['employee_name'] . $cs_addtime . "首次录入')";
        } else {
            $tstr = "INSERT INTO logrecord (loginName, loginIp, loginTime, loginAct) VALUES ('" .
                   $_SESSION['employee_name'] . "', '" . getIp() . "', '" . date('Y-m-d H:i:s') . "', '" .
                   $_SESSION['employee_name'] . "编辑客户\"" . $cs_code . "\"，该客户与\"" . 
                   textUncode($row['cs_code']) . "\"高度类似，<br>重复项为:" . $Dupli . "<br>客户由:" .
                   $owner . $row['cs_addtime'] . "首次录入')";
        }
        
        $conn->query($tstr);
        echo "<script>alert('录入信息\\n与" . $owner . "客户编号:" . textUncode($row['cs_code']) . 
             "\\n高度类似，未能保存，请联系管理员核实！');history.back();</script>";
        exit;
    }
}

// Save or update customer data
if ($act == "editSave" || $allowedit == 1) {


    $hrefstr = "/customers.php?Keys=" . $keys . "&fliterBusiness=" . $fliterBusiness . 
               "&fliterDeal=" . $fliterDeal . "&Page=" . $page;
    
    // 更新客户基本信息
    $updateSql = "UPDATE customer SET 
        cs_code='" . $conn->real_escape_string($cs_code) . "',
        cs_company='" . $conn->real_escape_string($cs_company) . "',
        cs_country=" . $cs_country . ",
        cs_from=" . $cs_from . ",
        cs_address='" . $conn->real_escape_string($cs_address) . "',
        cs_updatetime='" . $cs_updatetime . "',
        cs_belong=" . $cs_belong . ",
        cs_belongclient=" . $cs_belongClient . ",
        cs_state=" . $cs_state . ",
        cs_deal=" . $cs_deal . ",
        cs_note='" . $conn->real_escape_string($cs_note) . "'";

    // 处理cs_dealdate
    if ($cs_deal == 3) {
        $updateSql .= ", cs_dealdate = CASE WHEN cs_dealdate IS NULL THEN NOW() ELSE cs_dealdate END";
    }
    
    $updateSql .= " WHERE id=" . intval($id);

    $conn->query($updateSql);
    
    // 处理联系人信息 - 首先删除已有的不在提交列表中的联系人
    $existingContactIds = [];
    foreach ($contacts as $contact) {
        if (!empty($contact['id'])) {
            $existingContactIds[] = (int)$contact['id'];
        }
    }
    
    if (!empty($existingContactIds)) {
        $idsToKeep = implode(',', $existingContactIds);
        $deleteContactsSql = "DELETE FROM customer_contact WHERE customer_id = " . intval($id) . 
                             " AND id NOT IN (" . $idsToKeep . ")";
    } else {
        $deleteContactsSql = "DELETE FROM customer_contact WHERE customer_id = " . intval($id);
    }
    
    $conn->query($deleteContactsSql);
    
    // 处理联系人信息 - 更新或添加联系人
    foreach ($contacts as $contact) {
        $contact_id = !empty($contact['id']) ? (int)$contact['id'] : 0;
        $contact_name = textEncode($contact['contact_name'] ?? '');
        
        // 准备SQL字段和值
        $fields = ['contact_name'];
        $values = ["'" . $conn->real_escape_string($contact_name) . "'"];
        $updates = ["contact_name = '" . $conn->real_escape_string($contact_name) . "'"];
        
        // 处理所有联系方式类型
        $methodTypes = ['tel', 'email', 'whatsapp', 'wechat', 'linkedin', 'facebook', 'alibaba'];
        foreach ($methodTypes as $type) {
            for ($i = 1; $i <= 3; $i++) {
                $field = $type . '_' . $i;
                $format_field = $field . '_format';
                $bu_field = $field . '_bu';
                
                $value = textEncode($contact[$field] ?? '');
                $format_value = ($type == 'tel' || $type == 'whatsapp') ? numFormat($value) : '';
                $bu_value = textEncode($contact[$bu_field] ?? $value);
                
                // 添加字段名
                $fields[] = $field;
                $fields[] = $bu_field;
                if ($type == 'tel' || $type == 'whatsapp') {
                    $fields[] = $format_field;
                }
                
                // 添加值
                $values[] = "'" . $conn->real_escape_string($value) . "'";
                $values[] = "'" . $conn->real_escape_string($bu_value) . "'";
                if ($type == 'tel' || $type == 'whatsapp') {
                    $values[] = "'" . $conn->real_escape_string($format_value) . "'";
                }
                
                // 添加更新语句
                $updates[] = $field . " = '" . $conn->real_escape_string($value) . "'";
                $updates[] = $bu_field . " = '" . $conn->real_escape_string($bu_value) . "'";
                if ($type == 'tel' || $type == 'whatsapp') {
                    $updates[] = $format_field . " = '" . $conn->real_escape_string($format_value) . "'";
                }
            }
        }
        
        if ($contact_id > 0) {
            // 更新已有联系人
            $updateContactSql = "UPDATE customer_contact SET " .
                implode(", ", $updates) . ", updated_at = NOW() " .
                "WHERE id = " . $contact_id . " AND customer_id = " . intval($id);
            
            $conn->query($updateContactSql);
        } else {
            // 添加新联系人
            $insertContactSql = "INSERT INTO customer_contact (" .
                implode(", ", $fields) . ", customer_id, created_at, updated_at) VALUES (" .
                implode(", ", $values) . ", " . intval($id) . ", NOW(), NOW())";
            
            $conn->query($insertContactSql);
        }
    }

    // Update tags
    $conn->query("DELETE FROM tagtable WHERE customerId = " . intval($id));
    foreach ($mytag as $tag) {
        if (!empty(trim($tag))) {
            $tagSql = "INSERT INTO tagtable (tagName, employeeId, customerId) VALUES ('" . 
                     $conn->real_escape_string($tag) . "', " . 
                     intval($_SESSION['employee_id']) . ", " . 
                     intval($id) . ")";
            $conn->query($tagSql);
        }
    }

    echo "<script>location.href='$hrefstr';</script>";
} else {
    // Insert new customer record
    $insertSql = "INSERT INTO customer (
        cs_code, cs_company, cs_country, cs_from, cs_address,
        cs_type, cs_addtime, cs_updatetime, cs_belong, cs_belongClient, 
        cs_state, cs_deal, cs_note, cs_chain, is_silent, cs_dealdate
    ) VALUES (
        '" . $conn->real_escape_string($cs_code) . "',
        '" . $conn->real_escape_string($cs_company) . "',
        " . $cs_country . ",
        " . $cs_from . ",
        '" . $conn->real_escape_string($cs_address) . "',
        " . $cs_type . ",
        NOW(),
        NOW(),
        " . $cs_belong . ",
        " . $cs_belongClient . ",
        " . $cs_state . ",
        " . $cs_deal . ",
        '" . $conn->real_escape_string($cs_note) . "',
        " . $cs_belong . ",
        0,
        " . ($cs_deal == 3 ? "NOW()" : "NULL") . "
    )";

    $conn->query($insertSql);
    $new_customer_id = $conn->insert_id;
    
    // Insert contact information for all contacts
    if ($new_customer_id > 0) {
        foreach ($contacts as $contact) {
            $contact_name = textEncode($contact['contact_name'] ?? '');
            
            // 准备SQL字段和值
            $fields = ['contact_name'];
            $values = ["'" . $conn->real_escape_string($contact_name) . "'"];
            
            // 处理所有联系方式类型
            $methodTypes = ['tel', 'email', 'whatsapp', 'wechat', 'linkedin', 'facebook', 'alibaba'];
            foreach ($methodTypes as $type) {
                for ($i = 1; $i <= 3; $i++) {
                    $field = $type . '_' . $i;
                    $format_field = $field . '_format';
                    $bu_field = $field . '_bu';
                    
                    $value = textEncode($contact[$field] ?? '');
                    $format_value = ($type == 'tel' || $type == 'whatsapp') ? numFormat($value) : '';
                    $bu_value = textEncode($contact[$bu_field] ?? $value);
                    
                    // 添加字段名
                    $fields[] = $field;
                    $fields[] = $bu_field;
                    if ($type == 'tel' || $type == 'whatsapp') {
                        $fields[] = $format_field;
                    }
                    
                    // 添加值
                    $values[] = "'" . $conn->real_escape_string($value) . "'";
                    $values[] = "'" . $conn->real_escape_string($bu_value) . "'";
                    if ($type == 'tel' || $type == 'whatsapp') {
                        $values[] = "'" . $conn->real_escape_string($format_value) . "'";
                    }
                }
            }
            
            // 添加新联系人
            $insertContactSql = "INSERT INTO customer_contact (" .
                implode(", ", $fields) . ", customer_id, created_at, updated_at) VALUES (" .
                implode(", ", $values) . ", " . $new_customer_id . ", NOW(), NOW())";
            
            $conn->query($insertContactSql);
        }
        
        // Save tags for new customer
        foreach ($mytag as $tag) {
            if (!empty(trim($tag))) {
                $tagSql = "INSERT INTO tagtable (tagName, employeeId, customerId) VALUES ('" . 
                         $conn->real_escape_string($tag) . "', " . 
                         intval($_SESSION['employee_id']) . ", " . 
                         intval($new_customer_id) . ")";
                $conn->query($tagSql);
            }
        }
    }

    echo "<script>location.href='customerAdd.php';</script>";
}
?>
</body>
</html>