<?php
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;

require "mailer/Exception.php";
require "mailer/PHPMailer.php";
require "mailer/SMTP.php";


header("Content-type:application/json;charset=utf-8");


$config = parse_ini_file("config.default.ini", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
if (file_exists("config.ini")) {
    $config_custom = parse_ini_file("config.ini", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
    $config = array_merge($config, $config_custom);
}

// TODO: CSRF token check!
// TODO: GET should never modify state!!!

if (isset($_GET["action"]) && $_GET["action"] == "install") {
    if (file_exists($config["database"]["filename"])) {
        unlink($config["database"]["filename"]);
    }

    $db = new SQLite3($config["database"]["filename"]);

    $db->exec("CREATE TABLE users(uuid text primary key not null, email text not null, password text not null);");
    // TODO: Do email verification stuff: `current_email` and `email_is_verified` and stuff
    $db->exec("CREATE TABLE trackings(user_uuid text not null, person_name text not null, is_deceased int not null)");

    $db->close();
}
if (!file_exists($config["database"]["filename"])) {
    exit();
}

session_start();
if (isset($_GET["postisget"])) {
    $_POST = $_GET;
}

if (isset($_POST["action"])) {
    switch ($_POST["action"]) {
        case "add-user":
            if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
                exit("missing inputs");
            }

            if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
                exit("invalid email");
            }

            if ($_POST["password"] !== $_POST["password_confirm"]) {
                exit("differing passwords");
            }

            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
            if ($db->get_user_by_email($_POST["email"]) !== null) {
                exit("email already in use");
            }
            $db->close();

            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
            $uuid = bin2hex(random_bytes(16));
            $db->add_user($uuid, $_POST["email"], $_POST["password"]);
            $db->close();
            break;
        case "update-user-email":
            if (!isset($_POST["email"])) {
                exit("missing inputs");
            }

            if (!isset($_SESSION["uuid"])) {
                exit("not logged in");
            }

            if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
                exit("invalid email");
            }

            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
            if ($db->get_user_by_email($_POST["email"]) !== null) {
                exit("email already in use");
            }
            $db->close();

            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
            $db->set_user_email($_SESSION["uuid"], $_POST["email"]);
            $db->close();
            break;
        case "update-user-password":
            if (!isset($_POST["password"], $_POST["password_confirm"])) {
                exit("missing inputs");
            }

            if (!isset($_SESSION["uuid"])) {
                exit("not logged in");
            }

            if ($_POST["password"] !== $_POST["password_confirm"]) {
                exit("differing passwords");
            }

            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
            $db->set_user_password($_SESSION["uuid"], $_POST["password"]);
            $db->close();
            break;
        case "delete-user":
            if (!isset($_SESSION["uuid"])) {
                exit("not logged in");
            }

            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
            $db->delete_user($_SESSION["uuid"]);
            $db->close();

            session_destroy();
            break;
        case "add-tracking":
            break;
        case "delete-tracking":
            break;
        case "send-test-email":
            // TODO: Send this to logged-in user

            $mail = new PHPMailer();
            $mail->IsSMTP();
            $mail->CharSet = "UTF-8";

            $mail->SMTPDebug = SMTP::DEBUG_OFF;
            $mail->Host = $config["mail"]["host"];
            $mail->SMTPAuth = true;
            $mail->Port = $config["mail"]["port"];
            $mail->Username = $config["mail"]["username"];
            $mail->Password = $config["mail"]["password"];
            $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
            try {
                $mail->setFrom($config["mail"]["username"], $config["mail"]["from_name"]);
                $mail->addAddress($config["mail"]["to_address_test"]);
            } catch (Exception $exception) {
                exit("false");
            }

            $mail->Subject = "Test mail";
            $mail->Body = "This is a test mail from death-notifier!";

            try {
                $mail->send();
            } catch (Exception $exception) {
                exit("false");
            }

            exit("true");
    }
} else if (isset($_GET["action"])) {
    switch ($_GET["action"]) {
        case "login":
            if (!isset($_GET["email"], $_GET["password"])) {
                exit();
            }

            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
            $user = $db->get_user_by_email($_GET["email"]);
            $db->close();

            if ($user === null || !password_verify($_GET["password"], $user["password"])) {
                exit("false");
            }

            $_SESSION["uuid"] = $user["uuid"];
            exit("true");
        case "logout":
            session_destroy();
            break;
        case "get-trackings":
            // Returns list of people of this user
            break;
    }
}