<?PHP
/**
 * This script lists all users and offers the option to add new ones.
 *
 * @author Joshua Ramon Enslin <joshua@jrenslin.de>
 */

/*
 * Require files and ensure environment.
 */

require_once __DIR__ . "/inc/functions.php";

ensureEnvironment();                                    // Ensure existence of system files.
$translations = loadLanguage($settings['defaultLang']); // Load translations.
ensureBackendEnv();                                     // Ensure session is started etc.
$pages = loadPages();                                   // Load overview of pages.

if (!$_SESSION['admin']) {
    echo printErrorPage($settings, $translations['accessDenied']); return;
}

/*
 * Load data.
 */

// Check for vars.
loadHttpToGlobals(["task", "username", "realName", "email", "password", "passwordVerify", "admin"]);

if (!isset($users)) {
    $users = json_decode(file_get_contents(__DIR__ . "/../data/users.json"), true);
}

/**
 * Adding new users.
 */
if (isset($task) and $task == "insert") {

    $redirectURL = "./users.php?" . write_common_vars(["username", "realName", "email", "admin"]) . "#addUser";

    if (!isset($admin)) $admin = false;

    // Ensure all required values are set.
    foreach (["username", "realName", "email", "password", "passwordVerify"] as $var) {
        if (isset($$var)) continue;

        $_SESSION["editHistory"] = ["changesAborted", $translations['requiredValueMissing']];
        header('Location: ' . $redirectURL);
        return;
    }

    // Check if the passwords match.
    if ($password != $passwordVerify) {
        $_SESSION["editHistory"] = ["changesAborted", $translations['passwordsDoNotMatch']];
        header('Location: ' . $redirectURL);
        return;
    }

    // Check if passwords is too short.
    if (strlen($password) < 8) {
        $_SESSION["editHistory"] = ["changesAborted", $translations['passwordTooShort']];
        header('Location: ' . $redirectURL);
        return;
    }

    // Options for hashing.
    $newUser = array(

        "username" => $username,
        "realName" => $realName,
        "email"    => $email,
        "password" => password_hash("$password", PASSWORD_BCRYPT, ['cost' => 12]),
        "admin"    => $admin,
        "created"  => date("Y-m-d H:i:s"),

    );

    $users[$username] = $newUser;

    // Store the users array.
    file_put_contents(__DIR__ . "/../data/users.json", json_encode($users), LOCK_EX);

    $_SESSION["editHistory"] = ["changesStored", $translations['userAdded'] . " $username"];
    header('Location: ./users.php#addUser');
    return;

}

/*
 * Output
 */

echo printBackendHead($settings, $translations['start'], $translations['start'], $settings['logo']);
echo printBackendHeader($translations['usersOverview'], $translations['helpUsers']);

echo '
<div id="mainWrapper">
';

echo printBackendNav($translations);

echo '
    <main>

    <p>
        <a href="#listUsers" class="buttonLike">' . $translations['listUsers'] . '</a>
        <a href="#addUser" class="buttonLike">' . $translations['addUser'] . '</a>
    </p>

    <section id="listUsers">

        <form action="" method="POST">
        <table class="obj_cha_maintable">

            <tr>
                <th><label for="username">' . $translations['username'] . '</label></th>
                <td><input type="text" id="username" name="username" placeholder="' . $translations['username']. '"';
if (isset($username)) echo " value='$username'";
echo ' required /></td>
                <td>' . generateHelpToolTip("helpUsername", $translations['username'], $translations['helpUsername']) . '</td>
            </tr>

            <tr>
                <th><label for="realName">' . $translations['realName'] . '</label></th>
                <td><input type="text" id="realName" name="realName" placeholder="' . $translations['realName']. '"';
if (isset($realName)) echo " value='$realName'";
echo ' required /></td>
                <td>' . generateHelpToolTip("helpRealName", $translations['realName'], $translations['helpRealName']) . '</td>
            </tr>

            <tr>
                <th><label for="userEmail">' . $translations['email'] . '</label></th>
                <td><input type="email" id="userEmail" name="email" placeholder="' . $translations['email']. '"';
if (isset($email)) echo " value='$email'";
echo ' required /></td>
                <td>' . generateHelpToolTip("helpEmail", $translations['email'], $translations['helpEmail']) . '</td>
            </tr>

            <tr>
                <th><label for="password">' . $translations['password'] . '</label></th>
                <td><input type="password" id="password" name="password" placeholder="' . $translations['password']. '" required /></td>
                <td>' . generateHelpToolTip("helpPassword", $translations['password'], $translations['helpPassword']) . '</td>
            </tr>

            <tr>
                <th><label for="passwordVerify">' . $translations['passwordVerify'] . '</label></th>
                <td><input type="password" id="passwordVerify" name="passwordVerify" placeholder="' . $translations['passwordVerify']. '" required /></td>
                <td></td>
            </tr>

            <tr>
                <th><label for="admin">' . $translations['admin'] . '</label></th>
                <td>
                    <label class="switch">
                        <input name="admin" id="admin" type="checkbox"'; if (isset($admin) and $admin) echo ' checked'; echo '>
                        <span class="slider round"></span>
                    </label>
                </td>
                <td>' . generateHelpToolTip("helpAdmin", $translations['admin'], $translations['helpAdmin']) . '</td>
            </tr>

            <tr>
                <th></th>
                <td><button type="submit">' . $translations['submit'] . '</button></td>
                <td>
                    ' . printHiddenInputs(['task' => 'insert'], 16) . '
                </td>
            </tr>

        </table>
        </form>

    </section>

    <section>

    <table class="overviewtable">
        <thead>
            <tr>
                <th>' . $translations['username'] . '</th>
                <th>' . $translations['realName'] . '</th>
                <th>' . $translations['email'] . '</th>
                <th>' . $translations['admin'] . '</th>
                <th>' . $translations['options'] . '</th>
            </tr>
        </thead>
        <tbody>
';

foreach ($users as $user) {

    echo '
            <tr>
                <td><a href="user.php?t=' . urlencode($user['username']) . '">' . $user['username'] . '</a></td>
                <td>' . $user['realName'] . '</td>
                <td>' . $user['email'] . '</td>
                <td>' . $user['admin'] . '</td>
                <td></td>
            </tr>
    ';

}

echo '
        </tbody>
    </table>

    </section>

    </main>
</div>';

echo printBackendEnd();

?>