<?php

Router::register('users/new'  , 'Users', 'new_user');
Router::register('users/index', 'Users', 'index_file');
Router::register('users'      , 'Users', 'index_dir');
Router::register('users/*'    , 'Users', 'individual');

class Users extends Controller {
	public static $illegal_names = array('', 'new', 'index');
	
	/**
	 * Handle GETing the new user form.
	 * 
	 * I would have named this `new', but that's a keyword.
	 */
	public function new_user($routed, $vars) {
		// since there will never be a remainder to `users/new', we can
		// use that parameter to pass in some data.
		$this->showView('users/new', $vars);
	}
	
	public function index($routed, $remainder) {
		return $this->index_dir($routed, $remainder);
	}
	
	/**
	 * Handle POSTing a new user, or GETing the index.
	 */
	public function index_dir($routed, $remainder) {
		$method = $_SERVER['REQUEST_METHOD'];
		switch ($method) {
		case 'POST':
			// We're POSTing a new user.
			$this->create_user();
			break;
		case 'HEAD': // fall-through to GET
		case 'GET':
			// We're GETing the index.
			$this->show_index($routed, $remainder);
			break;
		}
	}
	
	/**
	 * Handle PUTing an updated user index, or GETing the index.
	 */
	public function index_file($routed, $remainder) {
		$method = $_SERVER['REQUEST_METHOD'];
		switch ($method) {
		case 'PUT': $_POST = $_PUT;
		case 'POST':
			// We're PUTing an updated user index.
			$this->update_users();
			break;
		}
		$this->show_index($routed, $remainder);
	}


	public function individual($routed, $remainder) {
		$username = implode('/', $remainder);
		
		global $mm;
		$uid = $mm->getUID($username);
		if ($mm->getStatus($uid)===3) $uid = false; // ignore groups.
		
		if ($uid===false) {
			$this->http404($routed, $remainder);
		} else {
			$user = $mm->getAuthObj($uid);
			if (!$user->canRead()) {
				$this->http401($routed, $remainder);
				exit();
			}
			
			$vars = array();
			$method = $_SERVER['REQUEST_METHOD'];
			switch ($method) {
			case 'PUT': $_POST = $_PUT;
			case 'POST':
				// We're PUTing updated user info.
				if ($user->canEdit()) {
					$vars = $this->update_user($user);
				}
			break;
			}
			$vars['user'] = $user;
			$vars['groups'] = $mm->listGroupNames();
			$this->showView('users/individual', $vars);
		}
	}
	
	public function http404($routed, $remainder) {
		$username = implode('/', $remainder);
		$this->showView('users/404',
		                array('username'=>$username));
	}

	public function http401($routed, $remainder) {
		global $mm;
		$this->showView('users/401', array('uid'=>$mm->isLoggedIn()));
	}

	/**
	 * This will parse POST data to create a new user.
	 * If successfull it will show a message saying so.
	 * If not successfull, it will re-show the new-user form with errors
	 * explained.
	 */
	private function create_user() {
		$vars = array();
		@$vars['username' ] = $_POST['auth_name'];			
		@$vars['password1'] = $_POST['auth_password'       ];
		@$vars['password2'] = $_POST['auth_password_verify'];
		
		global $mm;
		$vars['errors'] = array();
		if ($mm->getUID($vars['username'])!==false)
			$vars['errors'][] = 'user exists';
		if (in_array($vars['username'], $this->illegal_names))
			$vars['errors'] = 'illegal name';
		$matches = ($vars['password1'] == $vars['password2']);
		if (!$matches)
			$vars['errors'] = 'pw mixmatch';
		if ($matches && $password2 == '')
			$vars['errors'] = 'no pw';

		if (count($vars['errors']) > 0) {
			$this->new_user($routed, $vars);
		} else {
			$username = $vars['username'];
			$passowrd = $vars['password1'];
			$uid = $mm->addUser($username, $password);
			if ($uid===false) {
				$this->showView('users/500');
			} else {
				$mm->login($username, $password);
				$this->showView('users/created',
				                array('username'=>$username));
			}
		}
	}	

	/**
	 * This will parse POST (really, PUT) data to update a single user
	 */
	private function update_user($user) {
		$vars = array();
		
		$username = $user->getName();
		// Change the username /////////////////////////////////////////
		if (isset($_POST['auth_name'])) {
			$new_name = $_POST['auth_name'];
			if ($new_name != $username) {
				if (!in_array($new_name, $this->illegal_names)) {
					$changed_name = $user->setName($new_name);
					$username = $user->getName();
					$vars['changed name'] = $changed_name;
				}
			}
		}
		
		// Change the password /////////////////////////////////////////
		@$password1 = $_POST['auth_password'          ];
		@$password2 = $_POST['auth_password'.'_verify'];
		
		// Check the verify box, not main box, so that we don't get
		// tripped by browsers annoyingly autocompleting the password.
		$is_set = ($password2 != '');
		
		if ($is_set) {
			$matches = ( $password1 == $password2 );
			if ($matches) {
				$user->setPassword($password1);
				$vars['pw updated'] = true;
			} else {
				$vars['pw mixmatch'] = true;
			}
		}
		
		// Change information //////////////////////////////////////////
		$this->confText($user, 'firstname');
		$this->confText($user, 'lastname');
		$this->confText($user, 'hsclass');
		
		// Change contact info /////////////////////////////////////////
		global $CONTACT_METHODS;
		foreach ($CONTACT_METHODS as $method) {
			$this->confText($user, $method->addr_slug);
		}
		$this->confArray($user, 'use');
		
		// Change groups ///////////////////////////////////////////////
		$this->confArray($user, 'groups');

		return $vars;
	}

	private function confArray($user, $key) {
		if (isset($_POST[$key]) && is_array($_POST[$key])) {
			$user->setConfArray($key, $_POST[$key]);
		}
	}

	private function confText($user, $name) {
		if (isset($_POST["user_$name"])) {
			$user->setConf($name, $_POST["user_$name"]);
		}
	}


	/**
	 * This will parse POST (really, PUT) data to update multiple users.
	 */
	private function update_users() {
		// TODO
	}
	
	/**
	 * This will show the user index.
	 */
	private function show_index($routed, $remainder) {
		global $mm;
		
		$logged_in_user = $mm->getAuthObj($mm->isLoggedIn());
		if (!$logged_in_user->isUser()) {
			$this->http401($routed, $remainder);
			exit();
		}
		
		$vars = array();
		$vars['attribs'] = $this->getIndexAttribs();
		$vars['users'] = array();
		$uids = $mm->listUsers();
		foreach ($uids as $uid) {
			$user = $mm->getAuthObj($uid);
			$vars['users'][$uid] = array();
			foreach ($vars['attribs'] as $attrib) {
				$key = $attrib['key'];
				$props = $this->getConf($user, $key);
				$vars['users'][$uid][$key] = $props;
			}
		}
		$this->showView('users/index', $vars);
	}
	
	private function getConf($user, $key) {
		global $mm;
		$logged_in_user = $mm->getAuthObj($mm->isLoggedIn());
		$uid = $user->getUID();
		$post_key = $key."[$uid]";
		@$value = $_POST[$post_key];
		$editable = $user->canEdit();
		
		switch ($key) {
		case 'auth_name':
			$value = $user->getName();
			break;
		case 'auth_user':
			$editable = $editable && $logged_in_user->isAdmin();
			$value = $user->isUser();
			break;
		case 'auth_admin':
			$editable = $editable && $logged_in_user->isAdmin();
			$value = $user->isAdmin();
			break;
		default: 
			$value = $user->getConf($key);
			break;
		}
		
		return array('value'=>$value,
		             'post_key'=>$post_key,
		             'editable'=>$editable);
	}

	function attrib($key, $name) {
		return array('key'=>$key, 'name'=>$name);
	}
	private function getIndexAttribs() {
		$attribs = array($this->attrib('auth_user', 'Active'),
		                 $this->attrib('lastname','Last'),
		                 $this->attrib('firstname','First'),
		                 $this->attrib('hsclass','Class of'),
		                 $this->attrib('phone','Phone number'),
		                 $this->attrib('email','Email'),
		                 $this->attrib('auth_name', 'Username'),
		                 );
		return $attrib;
	}
}