<?php

use PhangoApp\PhaView\View;
use PhangoApp\PDO\MySQL;
//use PhangoApp\PhaModels\Webmodel;

include('./modules/admin/libraries/login.php');

function controller($switch='') {
    
    session_start();
     
     switch($switch) {
         
         default:
     
             if(PhangoModule\Admin\login()) {
                 
             }
             else {
                 
                 header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', 'login'));
                 
             }
         
         break;
         
         case 'login':
         
            $conn=MySQL::get_pdo_connection();
            
            $sth=$conn->query('SELECT count(*) as num_items from useradmin');

            $count=$sth->fetch()[0];
            
            if($count==0) {
                
                header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', 'register'));
                
            }
        
            echo View::load_view(['login' => 1], 'login');
         
         break;
         
         case 'login_check':

            $conn=MySQL::get_pdo_connection();
            
            $data=['error' => 1];
            
            $username=$_POST['username'];
            
            $password=$_POST['password'];
                
            $sth=$conn->prepare('SELECT id, password from useradmin where username=?');
            
            $sth->execute([$username]);
            
            $rows=$sth->fetchAll();
            
            if(count($rows)>0) {
                
                $password_hash=$rows[0]['password'];
                
                if(password_verify($password, $password_hash)) {
                    
                    $data['error']=0;
                    
                    $_SESSION['phango_login']=1;
                    
                }
                
            }
        
            header('Content-Type: application/json; charset=utf-8');
            
            return json_encode($data);
         
         break;
         
         case 'register':
         
            $conn=MySQL::get_pdo_connection();
            
            $sth=$conn->query('SELECT count(*) as num_items from useradmin');

            $count=$sth->fetch()[0];
            
            if($count==0) {
                
                echo View::load_view(['login' => 0], 'login');
                
            }
         
         break;
         
         case 'signup_check':
         
            $data=['error' => 0];
            
            $arr_data=['username', 'email', 'password', 'repeat_password'];
            
            foreach($arr_data as $v) {
                
                settype($_POST[$v], 'string');
                
            }
            
            //$username=$_POST['username'];
            //^[A-Za-z0-9_-]+$
            
            $username=trim($_POST['username']);
            
            if(!preg_match('/^[A-Za-z0-9_-]+$/', $username)) {
                
                $data['error']=1;
                $data['username']=_("Error: empty value");
                
            }
            
            $email=filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
            
            if(!$email) {
                
                $data['error']=1;
                $data['email']=_("Error: email is not valid");
                
                
            }
            
            $password=trim($_POST['password']);
            $repeat_password=trim($_POST['repeat_password']);
        
            if($password=='') {
                
                $data['error']=1;
                $data['password']=_("Error: password empty");
                
            }
            else {
                
                if($password!=$repeat_password) {
                    
                    $data['error']=1;
                    $data['password']=_("Error: password not equal");
                    
                }
        
            }
            
            if($data['error']==0) {
                
                $password=password_hash($password, PASSWORD_DEFAULT);
            
                $conn=MySQL::get_pdo_connection();
                
                if(!$conn->prepare('INSERT into useradmin (`username`, `password`, `email`) VALUES (?, ?, ?)')->execute([$username, $password, $email])) {
                    
                    $data['error']=1;
                    $data['username']=_("Error: cannot insert the new user in database, check your database connection");
                    
                }
                
                //$sth->execute([$username, $password, $email]);
            
            }
        
            header('Content-Type: application/json; charset=utf-8');
            
            return json_encode($data);
         
         break;

    }

}