<?php

class MessageManager {
	private $conf;
	private $mysql;
	private $db_prefix;
	private $pw_hasher;
	private $template;
	private $base;
	private $users = array();
		
	// Low-Level SQL functions /////////////////////////////////////////////
	
	private function mysql() {
		if (!isset($this->mysql)) {
			$this->mysql_init();
		}
		return $this->mysql;
	}	
	private function mysql_init() {
		global $db_config;
		require($this->conf);
		$this->mysql = mysql_connect($db_config['host'],
		                              $db_config['user'],
		                              $db_config['password']);
		mysql_set_charset($db_config['charset'], $this->mysql);
		mysql_select_db($db_config['name'], $this->mysql);
		$this->db_prefix = $db_config['prefix'];
		unset($db_config);
	}
	private function mysql_table($table_name) {
		$mysql = $this->mysql();
		$prefix = $this->db_prefix;
		return $prefix.mysql_real_escape_string($table_name, $mysql);
	}
	private function mysql_escape($string) {
		$mysql = $this->mysql();
		return mysql_real_escape_string($string, $mysql);
	}
	private function mysql_query($query) {
		$mysql = $this->mysql();
		return mysql_query($query, $mysql);
	}
	public function mysql_error() {
		$mysql = $this->mysql();
		return mysql_error($mysql);
	}
	
	// High-Level SQL functions ////////////////////////////////////////////
	
	// The 'auth' table
	
	public function getUID($username) {
		$t = $this->mysql_table('auth');
		$v = $this->mysql_escape($username);
		$query =
			"SELECT *        \n".
			"FROM $t         \n".
			"WHERE name='$v' ;";
		$q = $this->mysql_query($query);
		$user = mysql_fetch_array($q);
		if (isset($user['uid'])) {
			return (int)$user['uid'];
		} else {
			return false;
		}
	}
	public function getUsername($uid) {
		if (!is_int($uid)) return false;
		$t = $this->mysql_table('auth');
		$query =
			"SELECT *      \n".
			"FROM $t       \n".
			"WHERE uid=$uid ;";
		$q = $this->mysql_query($query);
		$user = mysql_fetch_array($q);
		if (isset($user['name'])) {
			return $user['name'];
		} else {
			return false;
		}
	}
	public function setUsername($uid, $username) {
		if (!is_int($uid)) return false;
		if ($this->getUID($username) !== false) {
			return false;
		}
		$table = $this->mysql_table('auth');
		$name = $this->mysql_escape($username);
		$query =
			"UPDATE $table    \n".
			"SET name='$name' \n".
			"WHERE uid=$uid   ;";
		$q = $this->mysql_query($query);
		return ($q?true:false);
	}
	public function getPasswordHash($uid) {
		if (!is_int($uid)) return false;

		$table = $this->mysql_table('auth');
		$query =
			"SELECT *       \n".
			"FROM $table    \n".
			"WHERE uid=$uid ;";
		$q = $this->mysql_query($query);
		$user = mysql_fetch_array($q);
		if (isset($user['hash'])) {
			return $user['hash'];
		} else {
			return false;
		}
	}
	public function setPassword($uid, $password) {
		if (!is_int($uid)) return false;
		$table = $this->mysql_table('auth');
		
		$hasher = $this->hasher();
		@$hash = $hasher->HashPassword($password);
		$query =
			"UPDATE $table    \n".
			"SET hash='$hash' \n".
			"WHERE uid=$uid   ;";
		$q = $this->mysql_query($query);
		return ($q?true:false);
	}
	public function addUser($username, $password) {
		$user_exits = $this->getUID($username);
		if ($user_exists) {
			return false;
		}
		
		$table = $this->mysql_table('auth');
		$user = $this->mysql_escape($username);
		$hasher = $this->hasher();
		@$hash = $hasher->HashPassword($password);
		$status = 0;
		$query =
			"INSERT INTO $table (   name,   hash ,  status) \n".
			"VALUES             ('$user', '$hash', $status) ;";
		$this->mysql_query($query);
		$uid = $this->getUID($username);
		return $uid;
	}
	public function getStatus($uid) {
		if (!is_int($uid)) return false;
		$table = $this->mysql_table('auth');
		$query =
			"SELECT *       \n".
			"FROM $table    \n".
			"WHERE uid=$uid ;";
		$q = $this->mysql_query($query);
		$user = mysql_fetch_array($q);
		if (isset($user['status'])) {
			return (int)$user['status'];
		} else {
			return false;
		}
	}
	public function setStatus($uid, $status) {
		if (!is_int($uid)) return false;
		$table = $this->mysql_table('auth');
		$s = $this->mysql_escape($status);
		$query =
			"UPDATE $table * \n".
			"SET status=$s   \n".
			"WHERE uid=$uid  ;";
		$q = $this->mysql_query($query);
		return ($q?true:false);
	}
	public function countUsers() {
		$table = $this->mysql_table('auth');
		$query = "SELECT COUNT(*) FROM $table;";
		$q = $this->mysql_query($query);
		$row = mysql_fetch_array($q);
		$count = $row[0];
		return $count;
	}
	public function listGroups() {
		$table = $this->mysql_table('auth');
		$query =
			"SELECT uid     \n".
			"FROM $table    \n".
			"WHERE status=3 ;";
		$q = $this->mysql_query($query);
		$groups = array();
		while (($row = mysql_fetch_array($q)) !==false) {
			$groups[] = (int)$row[0];
		}
		return $groups;
	}
	public function listGroupNames() {
		$table = $this->mysql_table('auth');
		$query =
			"SELECT name    \n".
			"FROM $table    \n".
			"WHERE status=3 ;";
		$q = $this->mysql_query($query);
		$groups = array();
		while (($row = mysql_fetch_array($q)) !==false) {
			$groups[] = $row[0].'';
		}
		return $groups;
	}
	public function listUsers() {
		$table = $this->mysql_table('auth');
		$query =
			"SELECT uid       \n".
			"FROM $table      \n".
			"WHERE status < 3 ;";
		$q = $this->mysql_query($query);
		$users = array();
		while (($row = mysql_fetch_array($q)) !==false) {
			$users[] = (int)$row[0];
		}
		return $users;
	}
	
	// The 'users' table
	
	public function findUser($setting, $value) {
		$t = $this->mysql_table('users');
		$k = $this->mysql_escape($setting);
		$v = $this->mysql_escape($value);
		$query =
			"SELECT *                 \n".
			"FROM $t                  \n".
			"WHERE     k =      '$k'  \n".
			"AND UPPER(v)=UPPER('$v') ;";
		$q = $this->mysql_query($query);
		$user = mysql_fetch_array($q);
		if (isset($user['uid'])) {
			return $user['uid'];
		} else {
			return false;
		}
	}
	public function getUserConf($uid, $setting) {
		if (!is_int($uid)) return false;
		$t = $this->mysql_table('users');
		$k = $this->mysql_escape($setting);
		$query =
			"SELECT *     \n".
			"FROM $t      \n".
			"WHERE k='$k' \n".
			"AND uid=$uid ;";
		$q = $this->mysql_query($query);
		$row = mysql_fetch_array($q);
		if (isset($row['v'])) {
			return $row['v'];
		} else {
			return false;
		}
	}
	public function setUserConf($uid, $setting, $value) {
		if (!is_int($uid)) return false;
		$isset = ($this->getUserConf($uid, $setting) !== false);
		$t = $this->mysql_table('users');
		$k = $this->mysql_escape($setting);
		$v = $this->mysql_escape($value);
		if ($isset) {
			$query =
				"UPDATE $t      \n".
				"SET   v = '$v' \n".
				"WHERE k = '$k' \n".
				"AND uid = $uid ;";
		} else {
			$query =
				"INSERT INTO $t ( uid,   k ,   v ) \n".
				"VALUES         ($uid, '$k', '$v') ;";
		}
		$q = $this->mysql_query($query);
		return ($q?true:false);
	}
	public function getUsersInGroup($groupname) {
		$table = $this->mysql_table('users');
		$group = $this->mysql_escape($groupname);
		$query = 
			"SELECT uid              \n".
			"FROM $table             \n".
			"WHERE k='groups'        \n".
			"AND v LIKE '%,$group,%' ;";
		$q = $this->mysql_query($query);
		$users = array();
		while (($row = mysql_fetch_array($q)) !==false) {
			$users[] = $row[0];
		}
		return $users;
	}
	
	// The 'plugins' table
	
	public function getPluginConf($plugin, $key) {
		$t = $this->mysql_table('plugins');
		$p = $this->mysql_escape($plugin);
		$k = $this->mysql_escape($key);
		$query =
			"SELECT *        \n".
			"FROM $t         \n".
			"WHERE k='$k'    \n".
			"AND plugin='$p' ;";
		$q = $this->mysql_query($query);
		$row = mysql_fetch_array($q);
		if (isset($row['v'])) {
			return $row['v'];
		} else {
			return false;
		}
	}
	public function setPluginConf($plugin, $key, $value) {
		$isset = ($this->getPluginConf($plugin, $key) !== false);
		$t = $this->mysql_table('plugins');
		$p = $this->mysql_escape($plugin);
		$k = $this->mysql_escape($key);
		$v = $this->mysql_escape($value);
		if ($isset) {
			$query =
				"UPDATE $t         \n".
				"SET   v = '$v'    \n".
				"WHERE k = '$k'    \n".
				"AND plugin = '$p' ;";
		} else {
			$query =
				"INSERT INTO $t (plugin,   k ,   v ) \n".
				"VALUES         ('$p'  , '$k', '$v') ;";
		}
		$q = $this->mysql_query($query);
		return ($q?true:false);		
	}
	
	// The 'conf' table
	
	public function getSysConf($key) {
		$t = $this->mysql_table('conf');
		$k = $this->mysql_escape($key);
		$query =
			"SELECT *     \n".
			"FROM $t      \n".
			"WHERE k='$k' ;";
		$q = $this->mysql_query($query);
		$row = mysql_fetch_array($q);
		if (isset($row['v'])) {
			return $row['v'];
		} else {
			return false;
		}
	}
	public function setSysConf($key, $value) {
		$isset = (getSysConf($key) !== false);
		$t = $this->mysql_table('conf');
		$k = $this->mysql_escape($key);
		$v = $this->mysql_escape($value);
		if ($isset) {
			$query =
				"UPDATE $t      \n".
				"SET   v = '$v' \n".
				"WHERE k = '$k' ;";
		} else {
			$query =
				"INSERT INTO $t (  k ,   v ) \n".
				"VALUES         ('$k', '$v') ;";
		}
		$q = $this->mysql_query($query);
		return ($q?true:false);
	}
	
	// If the remaining code has to deal with SQL, you're doing it wrong. //
	
	public function baseUrl() {
		if (!isset($this->base)) {
			$this->base = $this->getSysConf('baseurl');
		}
		return $this->base;
	}
	public function hasher() {
		if (!isset($this->pw_hasher)) {
			require_once('PasswordHash.class.php');
			$this->pw_hasher = new PasswordHash(8, false);
		}
		return $this->pw_hasher;
	}
	
	public function template() {
		if (!isset($this->template)) {
			require_once(VIEWPATH.'/Template.class.php');
			$this->template = new Template($this->baseUrl(), $this);
		}
		return $this->template;
	}
	
	public function login($username, $password) {
		$uid = $this->getUID($username);
		if ($uid===false) {
			// user does not exist
			return 2;
		}
		$hash = $this->getPasswordHash($uid);
		$hasher = $this->hasher();
		if ($hasher->CheckPassword($password, $hash)) {
			// success
			$_SESSION['uid'] = $uid;
			return 0;
		} else {
			// wrong password
			return 1;
		}
	}
	public function isLoggedIn() {
		if ( isset($_SESSION['uid']) && ($_SESSION['uid']!='') ) {
			return $_SESSION['uid'];
		} else {
			return false;
		}
	}
	public function logout() {
		$_SESSION['uid'] = '';
	}
	
	public function shortUrl($longUrl) {
		$ch = curl_init('http://ur1.ca');
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($ch, CURLOPT_POST, true);
		curl_setopt($ch, CURLOPT_POSTFILEDS,
		            'longurl='.urlencode($longUrl));
		$html = curl_exec();
		preg_match('/Your ur1 is: <a href="([^"]*)">/',$html,$matches);
		$shortUrl = $matches[1];
		curl_close($ch);
		return $shortUrl;
	}
	
	public function __construct($conf_file) {
		$this->conf = $conf_file;
		if (!file_exists($this->conf)) {
			$this->base = $_SERVER['REQUEST_URI'];
			$t = $this->template();
			$t->header('Message Manager');
			$t->paragraph(
			    'Awe shiz, dude, conf.php doesn\'t exist, you '.
			    'need to go through the '.
			    '<a href="installer">installer</a>.');
			$t->footer();
			exit();
		}
		session_start();
	}
	
	public function getAuthObj($uid) {
		if (!isset($this->users[$uid])) {
			$is_group = ($this->getStatus($uid)===3);
			if ($is_group) {
				require_once('Group.class.php');
				$this->users[$uid] = new Group($uid);
			} else {
				require_once('User.class.php');
				$this->users[$uid] = new User($uid);
			}
		}
		return $this->users[$uid];
	}
	/**
	 * Strip out empty group names and duplicates, sort.
	 */
	private function sanitizeArray($in) {
		$out = array();
		foreach ($in as $item) {
			if (($item !== '')||(!in_array($item, $out))) {
				$out[] = $item;
			}
		}
		natsort($out);
		return $out;
	}
	/**
	 * Translate an array into a value suitable to be stored into a
	 * key-value store in the database.
	 */
	public function arrayToValue($list) {
		$out_list = $this->sanitizeArray($list);
		return ','.implode(',', $out_list).',';
	}
	/**
	 * Translate a value from arrayToValue() back into an array.
	 */
	public function valueToArray($value) {
		$raw_list = explode(',', $value);
		$out_list = $this->sanitizeArray($raw_list);
		return $out_list;
	}
}