<?php
require_once('connection/SQL.php');
require_once('config.php');
require_once('include/view.php');
require_once('include/security.php');

if (isset($_POST['username']) && trim($_POST['username']) != "" && isset($_POST['password']) && isset($_POST['name']) && isset($_POST['email'])) {
    // create new account
    if (!validate_csrf()) {
        http_response_code(403);
        header('axios-location: account.php?new');
        exit;
    }
    $username = $_POST['username'];
    $exist = cavern_query_result("SELECT * FROM `user` WHERE `username`='%s' OR `email`='%s'", array($username, $_POST["email"]))['num_rows'];
    if ($exist == 0) {
        if (preg_match('/^[a-z][a-z0-9\_\-]*$/', $username) && strlen($username) <= 20 && strlen($_POST['name']) <= 40 && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
            $SQL->query("INSERT INTO `user` (`username`, `pwd`, `name`, `email`) VALUES ('%s', '%s', '%s', '%s')", array($username, cavern_password_hash($_POST['password'], $username), htmlspecialchars($_POST['name']), $_POST['email']));
            header('axios-location: index.php?ok=reg');
        } else {
            http_response_code(400);
            header('axios-location: index.php?err=miss');
        }
        exit;
    } else {
        http_response_code(409); // 409 Conflict
        header('axios-location: account.php?new&err=used');
        exit;
    }
} else if (isset($_SESSION['cavern_username']) && isset($_POST['username']) && isset($_POST['old']) && (isset($_POST['name']) || isset($_POST['new']))) {
    // modify account data
    if (!validate_csrf()) {
        http_response_code(403);
        header('axios-location: account.php');
        exit;
    }
    $username = $_POST['username'];
    if ($username != $_SESSION['cavern_username']) {
        // not the same person
        http_response_code(403);
        header('axios-location: account.php?err=edit');
        exit;
    } else {
        // confirm old password and mofify account data
        $original = cavern_query_result("SELECT * FROM `user` WHERE `username`='%s'", array($username));
        if (!hash_equals(cavern_password_hash($_POST['old'], $username), $original['row']['pwd']) || $original['num_rows'] == 0) {
            http_response_code(403);
            header('axios-location: account.php?err=old');
            exit;
        } else {
            if (trim($_POST['new']) != '') {
                $password = cavern_password_hash($_POST['new'], $username);
                $SQL->query("UPDATE `user` SET `pwd`='%s' WHERE `username`='%s'", array($password, $username));
            }
            if (trim($_POST['name']) != '' && strlen($_POST['name']) <= 40) {
                $SQL->query("UPDATE `user` SET `name`='%s' WHERE `username`='%s'", array(htmlspecialchars($_POST['name']), $username));
            } else {
                http_response_code(400);
                header('axios-location: account.php?err=miss');
                exit;
            }
            if (trim($_POST['email']) != '' && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
                $emailExist = cavern_query_result("SELECT * FROM `user` WHERE NOT `username`='%s' AND `email`='%s'", array($username, $_POST["email"]));
                if ($emailExist['num_rows'] == 0) {
                    $SQL->query("UPDATE `user` SET `email`='%s' WHERE `username`='%s'", array($_POST['email'], $username));
                } else {
                    http_response_code(400);
                    header('axios-location: account.php?err=used');
                    exit;
                }
            } else {
                http_response_code(400);
                header('axios-location: account.php?err=miss');
                exit;
            }
            header('axios-location: account.php?ok=edit');
            exit;
        }
    }
} else if (!isset($_SESSION['cavern_username']) && !isset($_GET['new'])) {
    // if mode isn't definded, redirect to register page
    header('Location: account.php?new');
    exit;
} else if (isset($_SESSION['cavern_username']) && isset($_GET['new'])) {
    // if someone is logged in, then redirect to account setting page
    header('Location: account.php');
    exit;
}

// create new account
if (isset($_GET['new'])) {
    $view = new View('theme/default.html', 'theme/nav/default.html', 'theme/sidebar.php', $blog['name'], "註冊");
    if (!$blog['register']) {
        $view->show_message('inverted negative', "抱歉，目前暫停註冊");
        $view->render();
        exit;
    }

    if (isset($_GET['err'])) {
        if ($_GET['err'] == "miss") {
            $view->show_message('inverted negative', "請正確填寫所有欄位");
        } else if ($_GET['err'] == "used") {
            $view->show_message('inverted negative', "此使用者名稱或是信箱已被使用"); 
        }
    }

    $view->add_script("./include/js/security.js");
    $view->add_script("./include/js/account.js");
?>
<form action="account.php" method="POST" name="newacc" autocomplete="off">
    <div class="ts form">
        <div class="ts big dividing header">註冊</div>
        <div class="required field">
            <label>帳號</label>
            <input required="required" name="username" maxlength="20" pattern="^[a-z][a-z0-9_-]*$" type="text">
            <small>上限20字元 (小寫英文、數字、底線以及連字號)。首字元必須為英文。</small>
            <small>你未來將無法更改這項設定。</small>
        </div>
        <div class="required field">
            <label>暱稱</label>
            <input required="required" name="name" maxlength="40" type="text">
            <small>上限40字元。</small>
        </div>
        <div class="required field">
            <label>密碼</label>
            <input required="required" name="password" type="password">
        </div>
        <div class="required field">
            <label>重複密碼</label>
            <input required="required" name="repeat" type="password">
        </div>
        <div class="required field">
            <label>信箱</label>
            <input required="required" name="email" type="email">
            <small>用於辨識頭貼。（Powered by <a href="https://en.gravatar.com/" target="_blank">Gravatar</a>）</small>
        </div>
        <input class="ts right floated primary button" value="送出" type="submit">
    </div>
</form>
<?php
    $view->render();
} else {
// edit account data
    $username = $_SESSION['cavern_username'];
    $result = cavern_query_result("SELECT * FROM `user` WHERE `username`='%s'", array($username));
    $name = $result['row']['name'];
    $email = $result['row']['email'];

    $view = new View('theme/default.html', 'theme/nav/util.php', 'theme/sidebar.php', $blog['name'], "帳號");
    $view->add_script_source("ts('.ts.dropdown').dropdown();");
    $view->add_script("./include/js/security.js");
    $view->add_script("./include/js/account.js");

    if (isset($_GET['err'])) {
        switch ($_GET['err']) {
            case 'edit':
                $view->show_message('inverted negative', "修改失敗");
                break;
            case 'old':
                $view->show_message('inverted negative', "舊密碼錯誤");
                break;
            case "miss":
                $view->show_message('inverted negative', "請正確填寫所有欄位");
                break;
            case "used":
                $view->show_message('inverted negative', "此信箱已被其他帳號使用");
                break;
        }
    }
    if (isset($_GET['ok'])) {
        if ($_GET['ok'] == "edit") {
            $view->show_message('inverted positive', "修改成功!");
        }
    }
?>
<form action="account.php" method="POST" name="editacc">
    <div class="ts form">
        <div class="ts big dividing header">編輯帳號</div>
        <div class="fields">
            <div class="six wide field">
                <label>頭貼</label>
                <div class="ts center aligned flatted borderless segment">
                    <img src="https://www.gravatar.com/avatar/<?= md5(strtolower($email)) ?>?d=https%3A%2F%2Ftocas-ui.com%2Fassets%2Fimg%2F5e5e3a6.png&s=500" class="ts rounded image" id="avatar">
                </div>
                <div data-tooltip="請透過電子信箱更換頭貼" data-tooltip-position="bottom right" class="ts top right attached label avatar tooltip">?</div>
            </div>
            <div class="ten wide field">
                <div class="disabled field">
                    <label>帳號</label>
                    <input type="text" name="username" value="<?= $username ?>">
                </div>
                <div class="required field">
                    <label>暱稱</label>
                    <input type="text" required="required" name="name" maxlength="40" value="<?= $name ?>">
                    <small>上限40字元。</small>
                </div>
            </div>
        </div>
        <div class="required field">
            <label>信箱</label>
            <input type="email" required="required" name="email" value="<?= $email ?>">
            <small>透過電子信箱，在 <a href="https://en.gravatar.com/" target="_blank">Gravatar</a> 更改你的頭貼。</small>
        </div>
        <div class="required field">
            <label>舊密碼</label>
            <input type="password" required="required" name="old">
        </div>
        <div class="field">
            <label>新密碼</label>
            <input type="password" name="new">
            <small>留空則不修改。</small>
        </div>
        <div class="field">
            <label>重複密碼</label>
            <input name="repeat" type="password">
            <small>重複新密碼。</small>
        </div>
        <input type="submit" class="ts right floated primary button" value="送出">
    </div>
</form>
<?php $view->render();
}
?>