<?php
// Creating account


// Includes
if ($IS_FRONTEND) {
	require_once("api/_auth.php");
	require_once("api/_utils.php");
	require_once("api/_errorslist.php");
	require_once("api/_types.php");
	require_once("api/user/index.php");
} else {
	require_once("../_auth.php");
	require_once("../_utils.php");
	require_once("../_errorslist.php");
	require_once("../_types.php");
	require_once("./index.php");
}


// Functions

/*
 * FUNCTION
 * Create new user account
 */
function User_Create (string $login, string $password, ?string $email = null, ?string $invite_id = null, ?string $avatar_path = null): ReturnT {
	global $db;

	$salt = Utils_GenerateRandomString(8);
	$pwd_hash = hash("sha256", $password . $salt, true);

	// TODO: process invite

	$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
	$role = "newbie"; // TODO: make decision from config or supply by argument
	$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);

	if ($s->execute() === false)
		return new ReturnT(err_code: E_DBE_INSERTFAIL, err_desc: "cant insert record to users DB");

	return new ReturnT(data: true);
}


// Methods

/*
 * METHOD
 * Create new user account
 */
function User_Create_Method (array $req): ReturnT {
	global $Config, $LOGGED_IN;

	$login = null;
	$password = null;
	$email = null;
	$invite_id = null;
	$avatar_path = null;

	// Input sanity checks

	// If registration is turned off
	if (!$Config["registration"]["active"])
		return new ReturnT(err_code: E_AUT_REGCLOSED);

	// If user is logged in, then we should not allow creation of account
	if ($LOGGED_IN)
		return new ReturnT(err_code: E_AUT_ALRLOGIN);

	// If we have some base data
	if (isset($req["login"]) && isset($req["password"])) {
		$login = $req["login"];
		$password = $req["password"];

		// If password is too weak
		if (strlen($password) < $Config["registration"]["min_passw_len"])
			return new ReturnT(err_code: E_AUT_PWD2WEAK, err_desc: "password must contain at least " . strval($Config["registration"]["min_passw_len"]) . " characters");

		// If we need email but it isnt supplied
		if ($Config["registration"]["need_email"] && !isset($req["email"])) {
			return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "email is necessary");
		} elseif (isset($req["email"])) {
			// Validation of email
			if (!filter_var($req["email"], FILTER_VALIDATE_EMAIL))
				return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "email is invalid");
			$email = $req["email"];
		}
		// If we need invite but it isnt supplied
		if ($Config["registration"]["need_invite"] && !isset($req["invite_id"])) {
			return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "registrations are invite-only, you need to specify invite ID");
		} elseif (isset($req["invite_id"])) {
			// TODO: check invite and reject if it invalid
			//$invite_id = $req["invite_id"];
			return new ReturnT(err_code: E_UNS_NOTIMPL, err_desc: "invitations are not implemented yet");
		}

		// Check login and password for pattern match
		$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
		if (preg_match($preg_str, $login) || preg_match($preg_str, $password))
			return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "only allowed symbols in login and password are: " . $Config["registration"]["allowed_syms"]);

		// Check if login already exists
		if (User_LoginExist($login))
			return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "login already exists");

		// TODO: check $avatar_path
	} else { // Not enough arguments
		return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "not enough or no arguments were supplied");
	}

	// Actions

	return User_Create($login, $password, $email, $invite_id, $avatar_path);
}


if (Utils_ThisFileIsRequested(__FILE__)) {
	require_once("../_json.php");

	// HACK: for debugging purposes. Will be removed later
	if ($Config["debug"])
		$_POST = $_REQUEST;

	// Create account
	$result = User_Create_Method($_POST);

	// Checking result
	if ($result->IsError())
		$result->ThrowJSONError();
	else
		JSON_ReturnData(["success" => $result->GetData()]);
}

?>