<?php

namespace Controllers;

class User
{
    public function activate()
    {
        if (! $this->hasToken()) {
            header('Location: /');
            return false;
        }
        if ($id = $this->getUserId()) {
            $sql = 'DELETE FROM active_tokens WHERE id=?';
            $query = db()->prepare($sql);
            $query->execute([$id]);
            $messages = ['Your account has been activated.'];
            return view('user.login', ['messages' => $messages]);
        }
        header('HTTP/1.0 403 Forbidden');
        die();
        return false;
    }

    public function showCreate()
    {
        return view('user.register');
    }

    public function showLogin()
    {
        return view('user.login');
    }

    public function showSettings()
    {
        return view('user.settings');
    }

    public function show($name, $page = '1')
    {
        $db = db();
        $offset = ($page >= 1) ? ($page - 1) : 0;
        $offset *= 10;
        $sql = 'SELECT * FROM posts WHERE author IN ( ' .
               'SELECT name FROM users WHERE name=? ) ' .
               'ORDER BY create_at DESC LIMIT ?,10';
        $query = $db->prepare($sql);
        $query->bindValue(1, $name);
        $query->bindValue(2, $offset, \PDO::PARAM_INT);
        $query->execute();
        $posts = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
        $offset += 10;
        $query->bindValue(2, $offset, \PDO::PARAM_INT);
        $query->execute();
        $next = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
        $sql = 'SELECT id, keyword, COUNT(id) AS num_of_posts FROM (' .
               'tags JOIN post_tag ON id=tag_id) GROUP BY id ORDER BY keyword';
        $query = $db->prepare($sql);
        $query->execute();
        $tags = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
        $is_last = count($next) == 0 ? true : false;
        return view('post.index', [
            'posts' => $posts,
            'tags' => $tags,
            'page' => $page,
            'is_last' => $is_last,
            'pager_uri' => preg_replace('/\/\d+$/', '', $_SERVER['REQUEST_URI'])
        ]);
    }

    public function create()
    {
        if (! $this->validator()) {
            header('Location: /user/register');
            return false;
        }
        $active_token = \Illuminate\Support\Str::random(40);
        $id = $this->setUser($active_token);
        send_mail([
            'email' => $_POST['email'],
            'title' => '[Blog App] Active Your Account!',
            'body' => 'Click <a href="http://localhost' . port() . '/user/activate?id=' . $id .
                      '&active_token=' . $active_token . '">here</a> to activate.'
        ]);
        $sql = 'SET global event_scheduler = 1;' .
               'DROP EVENT IF EXISTS clear_unactive_user_:id;' .
               'CREATE EVENT clear_unactive_user_:id ' .
               'ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR ' .
               'DO DELETE FROM users WHERE id=:id AND EXISTS (' .
               'SELECT * FROM active_tokens WHERE id=:id)';
        $query = db()->prepare($sql);
        $query->bindValue(':id', $id, \PDO::PARAM_INT);
        $query->execute();
        $message = 'Check your email inbox. We\'ve sent you an activation mail.';
        return view('redirect', ['message' => $message]);
    }

    public function update()
    {
        $validation = [];
        $usernameGiven = ($_POST['username'] != $_SESSION['username']);
        $passwordGiven = (! empty(trim($_POST['password'])));
        $emailGiven = ($_POST['email'] != $_SESSION['email']);
        if ($usernameGiven) {
            $validation['username'] = valid_username($_POST['username']);
        }
        if ($passwordGiven) {
            $validation['password'] = valid_password(
                $_POST['password'],
                $_POST['confirm-password']
            );
        }
        if ($emailGiven) {
            $validation['email'] = valid_email($_POST['email']);
        }
        if (count($validation) != 0 && ! $this->validator($validation)) {
            header('Location: /user/settings');
            return false;
        }
        return $this->updateUser($usernameGiven, $passwordGiven, $emailGiven);
    }

    public function delete()
    {
        $sql = 'DELETE FROM users WHERE id=?';
        $query = db()->prepare($sql);
        $query->execute([$_SESSION['id']]);
        return $this->logout();
    }

    public function verifyEmail()
    {
        $db = db();
        $sql = 'SELECT token FROM verify_tokens WHERE id=?';
        $query = $db->prepare($sql);
        $query->execute([$_GET['id']]);
        $verify_token = $query->fetchAll(\PDO::FETCH_COLUMN, 0);
        if (count($verify_token) != 0) {
            $verify_token = $verify_token[0];
            if ($verify_token == $_GET['verify_token']) {
                $sql = 'UPDATE users SET email=? WHERE id=?';
                $query = $db->prepare($sql);
                $query->execute([$_GET['email'], $_GET['id']]);
                $sql = 'DELETE FROM verify_tokens WHERE id=?';
                $query = $db->prepare($sql);
                $query->execute([$_GET['id']]);
                $_SESSION['messages'] = ['E-mail updated.'];
                $_SESSION['email'] = $_GET['email'];
                header('Location: /user/settings');
                return false;
            }
        }
        header('HTTP/1.0 403 Forbidden');
        die();
        return false;
    }

    public function login()
    {
        $sql = 'SELECT u.id, u.name, u.email, u.password ' .
               'FROM users AS u WHERE name=? AND NOT EXISTS (' .
               'SELECT * FROM active_tokens AS t WHERE u.id=t.id)';
        $query = db()->prepare($sql);
        $query->execute([$_POST['username']]);
        $user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
        if (count($user) != 0 &&
            password_verify($_POST['password'], trim($user[0]->password))
        ) {
            $_SESSION['is_auth'] = true;
            $_SESSION['id'] = $user[0]->id;
            $_SESSION['username'] = $user[0]->name;
            $_SESSION['email'] = $user[0]->email;
            header('Location: /');
            return false;
        }
        $_SESSION['errors'] = ['Incorrect username or password.'];
        $_SESSION['inputs'] = [
            'username' => $_POST['username']
        ];
        header('Location: /user/login');
        return false;
    }

    public function logout()
    {
        session_unset();
        session_destroy();
        header('Location: /');
        return false;
    }

    private function hasToken()
    {
        if (isset($_GET['id']) &&
            isset($_GET['active_token'])
        ) {
            return true;
        }
        return false;
    }

    private function getUserId()
    {
        $sql = 'SELECT u.id FROM (users AS u ' .
               'JOIN active_tokens AS t ON u.id=t.id) ' .
               'WHERE u.id=? AND t.token=?';
        $query = db()->prepare($sql);
        $query->execute([$_GET['id'], $_GET['active_token']]);
        $user = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
        if (count($user) != 0) {
            return $user[0]->id;
        }
        return null;
    }

    private function validator($validation = [])
    {
        if (count($validation) == 0) {
            $validation = [
                'username' => valid_username($_POST['username']),
                'email' => valid_email($_POST['email']),
                'password' => valid_password(
                    $_POST['password'],
                    $_POST['confirm-password']
                )
            ];
        }
        $errors = [];
        foreach ($validation as $input => $result) {
            if (! $result) {
                array_push($errors, "Invalid $input.");
            }
        }
        if (count($errors) != 0) {
            $_SESSION['errors'] = $errors;
            if (isset($_POST['username'])) {
                $_SESSION['inputs'] = [
                    'username' => $_POST['username'],
                    'email' => $_POST['email']
                ];
            }
            return false;
        }
        return true;
    }

    private function setUser($active_token)
    {
        $sql = 'INSERT INTO users VALUES (NULL, ?, ?, ?)';
        $db = db();
        $query = $db->prepare($sql);
        $query->execute([
            $_POST['username'],
            $_POST['email'],
            password_hash($_POST['password'], PASSWORD_DEFAULT)
        ]);
        $id = $db->lastInsertId();
        $sql = 'INSERT INTO active_tokens VALUES (:id, :token)';
        $query = $db->prepare($sql);
        $query->bindValue(':id', $id, \PDO::PARAM_INT);
        $query->bindValue(':token', $active_token);
        $query->execute();
        return $id;
    }

    private function updateUser($usernameGiven, $passwordGiven, $emailGiven)
    {
        $db = db();
        if ($usernameGiven) {
            $sql = 'UPDATE users SET name=? WHERE id=?';
            $query = $db->prepare($sql);
            $query->execute([$_POST['username'], $_POST['id']]);
            $_SESSION['messages'][] = 'Username updated.';
            $_SESSION['username'] = $_POST['username'];
        }
        if ($passwordGiven) {
            $sql = 'UPDATE users SET password=? WHERE id=?';
            $query = $db->prepare($sql);
            $query->execute([
                password_hash($_POST['password'], PASSWORD_DEFAULT),
                $_POST['id']
            ]);
            $_SESSION['messages'][] = 'Password updated.';
        }
        if ($emailGiven) {
            if (! $this->requested($_POST['id'])) {
                $verify_token = \Illuminate\Support\Str::random(40);
                $sql = 'INSERT INTO verify_tokens VALUES (:id, :token)';
                $query = $db->prepare($sql);
                $query->bindValue(':id', $_POST['id'], \PDO::PARAM_INT);
                $query->bindValue(':token', $verify_token);
                $query->execute();
                send_mail([
                    'email' => $_POST['email'],
                    'title' => '[Blog App] Verify Your E-mail!',
                    'body' => 'Click <a href="http://localhost' . port() . '/user/email/verify' .
                              '?id=' . $_SESSION['id'] .
                              '&email=' . $_POST['email'] .
                              '&verify_token=' . $verify_token . '">here</a> to verify.'
                ]);
                $sql = 'SET global event_scheduler = 1;' .
                       'DROP EVENT IF EXISTS clear_unverify_email_:id;' .
                       'CREATE EVENT clear_unverify_email_:id ' .
                       'ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 1 HOUR ' .
                       'DO DELETE FROM verify_tokens WHERE id=:id';
                $query = $db->prepare($sql);
                $query->bindValue(':id', $_POST['id'], \PDO::PARAM_INT);
                $query->execute();
            }
            $_SESSION['messages'][] = 'Check your email inbox. ' .
                                      'We\'ve sent you an verification mail ' .
                                      'for email updating request.';
        }
        header('Location: /user/settings');
        return false;
    }

    private function requested($id)
    {
        $sql = 'SELECT * FROM verify_tokens WHERE id=?';
        $query = db()->prepare($sql);
        $query->execute([$id]);
        $verify_token = $query->fetchAll(\PDO::FETCH_CLASS, 'Core\\Record');
        if (count($verify_token) != 0) {
            return true;
        }
        return false;
    }
}