<?php

namespace Controllers;

class Password
{
    public function getReset()
    {
        return view('password.reset');
    }

    public function getCreate()
    {
        if ($this->hasToken() && $this->tokenValid()) {
            return view('password.create');
        }
        header('HTTP/1.0 403 Forbidden');
        die();
        return false;
    }

    public function reset()
    {
        if ($id = $this->getUserId()) {
            $db = db();
            $forget_token = \Illuminate\Support\Str::random(40);
            $sql = 'INSERT INTO forget_tokens VALUES (:id, :token)';
            $query = $db->prepare($sql);
            $query->bindValue(':id', $id, \PDO::PARAM_INT);
            $query->bindValue(':token', $forget_token);
            $query->execute();
            send_mail([
                'email' => $_POST['email'],
                'title' => '[Blog App] A Password Reset Requested!',
                'body' => 'Click <a href="http://localhost' . port() . '/user/password/create?id=' . $id .
                          '&forget_token=' . $forget_token . '">here</a> to confirm that ' .
                          'you really want to reset your password.'
            ]);
            $sql = 'SET global event_scheduler = 1;' .
                   'DROP EVENT IF EXISTS clear_forget_token_:id;' .
                   'CREATE EVENT clear_forget_token_:id ' .
                   'ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR ' .
                   'DO DELETE FROM forget_tokens WHERE id=:id';
            $query = $db->prepare($sql);
            $query->bindValue(':id', $id, \PDO::PARAM_INT);
            $query->execute();
            $message = 'Check your email inbox. We have sent you a confirmation mail.';
            return view('redirect', ['message' => $message]);
        }
        $_SESSION['errors'] = ['This E-mail is not registered or is already requested.'];
        header('Location: /user/password/reset');
        return false;
    }

    public function create()
    {
        if (! valid_password($_POST['password'], $_POST['confirm-password'])) {
            $_SESSION['errors'] = ['Invalid password.'];
            header("Location: /user/password/create?id={$_POST['id']}&forget_token={$_POST['forget_token']}");
            return false;
        }
        $sql = 'UPDATE users SET password=? WHERE id=?';
        $db = db();
        $query = $db->prepare($sql);
        $query->execute([
            password_hash($_POST['password'], PASSWORD_DEFAULT),
            $_POST['id']
        ]);
        $sql = 'DELETE FROM forget_tokens WHERE id=?';
        $db = db();
        $query = $db->prepare($sql);
        $query->execute([$_POST['id']]);
        header('Location: /user/login');
        return false;
    }

    private function hasToken()
    {
        return (isset($_GET['id']) &&
                isset($_GET['forget_token']));
    }

    private function tokenValid()
    {
        $sql = 'SELECT * FROM (users AS u JOIN ' .
               'forget_tokens AS t ON u.id=t.id) WHERE u.id=? AND token=?';
        $query = db()->prepare($sql);
        $query->execute([$_GET['id'], $_GET['forget_token']]);
        $user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
        return (count($user) != 0);
    }

    private function getUserId()
    {
        $sql = 'SELECT u.id FROM users AS u WHERE email=? AND NOT EXISTS (' .
               'SELECT * FROM forget_tokens AS t WHERE u.id=t.id)';
        $query = db()->prepare($sql);
        $query->execute([$_POST['email']]);
        $user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
        if (count($user) != 0) {
            return $user[0]->id;
        }
        return null;
    }
}