<?php
namespace App;
require_once($_SERVER['DOCUMENT_ROOT'] . '/rss/php/autoload.php');
require_once($_SERVER['DOCUMENT_ROOT'] . '/rss/php/conf.php');

use PDO;
use PDOException;
use Exception;

class Users extends Sys{
    public $id;
    public $fName;
    public $lName;
    public $email;
    public $cemail;
    public $psw;
    public $cpsw;
    private $loginState;

    public function __construct(){
        global $conn;
        $this->conn = $conn;
    }
    
    public function login(){
        if($this->isAuth()){
            return $this->createResponse('success', 'Logged in');
        }else{
            if($this->validateVar($this->email) && $this->validateVar($this->psw)){
                $stmt = $this->conn->prepare('SELECT id, psw FROM users WHERE email = :email');
                $stmt->bindValue(':email', $this->email);
                $stmt->execute();
                if($user = $stmt->fetch(PDO::FETCH_ASSOC)){
                    if(password_verify($this->psw, $user['psw'])){
                        $auth_hash = bin2hex(random_bytes(16));
                        $this->id = intval($user['id']);
                        setcookie("user_hash", $auth_hash, [
                            'expires' => time() + 2678400,
                            'path' => '/',
                            // 'secure' => true, // Enable on publish
                            'httponly' => true,
                            'samesite' => 'Strict',
                            'domain' => $_SERVER['HTTP_HOST']
                        ]);
    
                        setcookie("usid", $this->id, [
                            'expires' => time() + 2678400,
                            'path' => '/',
                            // 'secure' => true, // Enable on publish
                            'httponly' => false,
                            'samesite' => 'Strict',
                            'domain' => $_SERVER['HTTP_HOST']
                        ]);
    
                        $stmt = $this->conn->prepare('INSERT INTO user_sessions (user_hash, user_id, login_ip) VALUES (:user_hash, :user_id, :login_ip)');
                        $stmt->bindValue(':user_hash', $auth_hash);
                        $stmt->bindValue(':user_id', $user['id']);
                        $stmt->bindValue(':login_ip', $_SERVER['REMOTE_ADDR']);
                        $stmt->execute();
                        return $this->createResponse('success', 'Logged in');
                    }else{
                        return $this->createResponse('fail', 'Incorrect details');
                    }
                }else{
                    return $this->createResponse('fail', 'Incorrect details');
                }
            }else{
                return $this->createResponse('fail', 'Please fill out all the fields');
            }
        }
    }

    public function logout(){
        if(!$this->isAuth()){
            return true;
        }

        $stmt = $this->conn->prepare('DELETE FROM user_sessions WHERE user_hash = :user_hash AND user_id = :user_id AND login_ip = :login_ip');
        $stmt->bindValue(':user_hash', $_COOKIE['user_hash']);
        $stmt->bindValue(':user_id', intval($_COOKIE['usid']));
        $stmt->bindValue(':login_ip', $_SERVER['REMOTE_ADDR']);
        $stmt->execute();

        if(isset($_SERVER['HTTP_COOKIE'])) {
            $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
            foreach ($cookies as $cookie) {
                $parts = explode('=', $cookie);
                $name = trim($parts[0]);
                setcookie($name, '', time() - 1000);
                setcookie($name, '', time() - 1000, '/');
                setcookie($name, '', time() - 1000, '/', $_SERVER['HTTP_HOST']);
            }
            session_destroy();
        }
    }

    public function create_user(){
        // Validate inputs
        if(!$this->validateVar($this->fName)){
            return $this->createResponse('fail', 'Please enter your first name');
        }

        if(!$this->validateVar($this->lName)){
            return $this->createResponse('fail', 'Please enter your last name');
        }

        if(!$this->validateVar($this->email)){
            return $this->createResponse('fail', 'Please enter your email');
        }

        if($this->email != $this->cemail){
            return $this->createResponse('fail', 'The email adresses do not match');
        }

        if(!filter_var($this->email, FILTER_VALIDATE_EMAIL)){
            return $this->createResponse('fail', 'Please enter a valid email');
        }

        if($this->psw != $this->cpsw){
            return $this->createResponse('fail', 'Please enter a valid password');
        }

        if(strlen($this->psw) < 6){
            return $this->createResponse('fail', 'Your password needs to be at least 6 characters');
        }

        $stm = $this->conn->prepare('SELECT * FROM users WHERE email = :email');
        $stm->bindValue(':email', $this->email);
        $stm->execute();

        if($stm->rowCount()){
            return $this->createResponse('fail', 'Email already exists');
        }

        $password = password_hash(trim($this->psw), PASSWORD_BCRYPT, array('cost' => 12));

        $stmt = $this->conn->prepare('INSERT INTO users (fname, lname, email, psw) VALUES (:fname, :lname, :email, :psw)');
        $stmt->bindValue(':fname', trim($this->fName));
        $stmt->bindValue(':lname', trim($this->lName));
        $stmt->bindValue(':email', trim($this->email));
        $stmt->bindValue(':psw', $password);
        $stmt->execute();

        if($stmt->rowCount()){
            return $this->createResponse('success', 'Account has been created');
        }else{
            return $this->createResponse('fail', 'Something went wrong. Please try again or contact support');
        }
    }

    public function isAuth(){
        if(isset($_COOKIE['user_hash']) && !empty($_COOKIE['user_hash'])){
            $user_ip = $_SERVER['REMOTE_ADDR'];
            $user_hash = $_COOKIE['user_hash'];
            $user_id = intval($_COOKIE['usid']);
            $stmt = $this->conn->prepare('SELECT * FROM user_sessions WHERE user_hash = :user_hash AND user_id = :user_id AND login_ip = :user_ip');
            $stmt->bindValue(':user_hash', $user_hash);
            $stmt->bindValue(':user_id', $user_id);
            $stmt->bindValue(':user_ip', $user_ip);
            $stmt->execute();
            return $stmt->rowCount();
        }else{
            return false;
        }
    }

    public function getMyself(){
        if($this->isAuth()){
            $user_id = intval($_COOKIE['usid']);
            $stmt = $this->conn->prepare('SELECT * FROM users WHERE id = :id');
            $stmt->bindValue(':id', $user_id);
            $stmt->execute();
            $user = $stmt->fetch(PDO::FETCH_ASSOC);
            unset($user['psw']);
            return $user;
        }
    }
}