/*
  Plugin Name: URL Validator
  Description: Validate your custom fields
  Version: 1.9.2
  Author: OSClass
  Short Name: urlvalid
*/

function get_banned_domains_from_db() {
    // Database connection details
    $db_host = 'localhost'; // Change if necessary
    $db_user = 'thefreea_osclass'; // Replace with your DB username
    $db_pass = 'Julio100!!'; // Replace with your DB password
    $db_name = 'thefreea_osclass'; // Replace with your DB name

    // Create a new MySQLi connection
    $conn = new mysqli($db_host, $db_user, $db_pass, $db_name);

    // Check for connection errors
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }

    // Query to retrieve banned domains from the database
    $sql = "SELECT domain FROM banned_domains";
    $result = $conn->query($sql);

    $banned_domains = [];
    if ($result->num_rows > 0) {
        while ($row = $result->fetch_assoc()) {
            $banned_domains[] = $row['domain'];
        }
    }

    // Close the database connection
    $conn->close();

    return $banned_domains;
}

function validate_url_fields($item) {
    // Get the custom URL fields
    $url_fields = [
        1 => Params::getParam('meta')[1],
        4 => Params::getParam('meta')[4],
        5 => Params::getParam('meta')[5]
    ];

    // Get the title field
    $title_field = Params::getParam('title')['en_US'];

    // Get the description field
    $description_field = Params::getParam('description')['en_US'];

    // Retrieve the banned domains from the database
    $banned_domains = get_banned_domains_from_db();

    // Refined subdomain pattern to detect real subdomains
    // This pattern checks that there are at least three parts to the domain (excluding www)
    $subdomain_pattern = '/^https?:\/\/(?!www\.)[a-z0-9-]+\.[a-z0-9-]+\.[a-z]{2,}(\/|$)/i';

    // Loop through each URL field and apply validation
    foreach ($url_fields as $key => $custom_field_value) {
        if (empty($custom_field_value)) {
            continue;
        }

        // Set different length limits for different fields
        $max_length = ($key == 5) ? 65 : 50;

        // Check if the URL length exceeds the set character limit
        if (strlen($custom_field_value) > $max_length) {
            osc_add_flash_error_message(__('The URL cannot be longer than ' . $max_length . ' characters.', 'osclass'));
            osc_redirect_to(osc_item_post_url());
            exit;
        }

        // Check if the URL contains a banned domain
        foreach ($banned_domains as $banned_domain) {
            if (strpos($custom_field_value, $banned_domain) !== false) {
                osc_add_flash_error_message(__('The domain ' . $banned_domain . ' is not allowed.', 'osclass'));
                osc_redirect_to(osc_item_post_url());
                exit;
            }
        }

        // Check if the URL has a real subdomain (ignoring www)
        if (preg_match($subdomain_pattern, $custom_field_value)) {
            osc_add_flash_error_message(__('Subdomains are not allowed in the URL.', 'osclass'));
            osc_redirect_to(osc_item_post_url());
            exit;
        }
    }

    // Validate the title field to prevent URLs
    if (!empty($title_field) && (strpos($title_field, 'http://') !== false || strpos($title_field, 'https://') !== false)) {
        osc_add_flash_error_message(__('URLs are not allowed in the title field.', 'osclass'));
        osc_redirect_to(osc_item_post_url());
        exit;
    }

    // Validate the description field to allow URLs but apply the same parameters as the meta fields
    if (!empty($description_field)) {
        // Extract URLs from the description using a regex pattern
        preg_match_all('/https?:\/\/[^\s]+/', $description_field, $matches);
        $urls_in_description = $matches[0];

        foreach ($urls_in_description as $description_url) {
            // Check the length of each URL
            if (strlen($description_url) > 65) {
                osc_add_flash_error_message(__('URLs in the description cannot be longer than 65 characters.', 'osclass'));
                osc_redirect_to(osc_item_post_url());
                exit;
            }

            // Check if the URL contains a banned domain
            foreach ($banned_domains as $banned_domain) {
                if (strpos($description_url, $banned_domain) !== false) {
                    osc_add_flash_error_message(__('The domain ' . $banned_domain . ' is not allowed in the description.', 'osclass'));
                    osc_redirect_to(osc_item_post_url());
                    exit;
                }
            }

            // Check if the URL has a real subdomain (ignoring www)
            if (preg_match($subdomain_pattern, $description_url)) {
                osc_add_flash_error_message(__('Subdomains are not allowed for ' . $description_url . ' in the description.', 'osclass'));
                osc_redirect_to(osc_item_post_url());
                exit;
            }
        }
    }
}

osc_add_hook('pre_item_add', 'validate_url_fields');
osc_add_hook('pre_item_edit', 'validate_url_fields');