<?php
function register($db){

	$name = $_POST["username"];
        $cleartext_password = $_POST["pswd"];
        $second_password = $_POST["2ndpswd"];
        $email = $_POST["email"];

        /* checking for empty password etc. */

        if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
		return REGISTER_PASSWORD;
	}   

	if(!preg_match("/[^.+@.+]/", $email)){
		return REGISTER_EMAIL;
	}   

        $safe_name =  SQLite3::escapeString("$name");
        $safe_email =  SQLite3::escapeString("$email");

        /*Checks the validation of the registration attempt*/

        $test_status_db = $db->query("SELECT status FROM user WHERE email='" . $safe_email . "';");
        $test_status_ar = $test_status_db->fetchArray(SQLITE3_NUM);
        $test_status_int = $test_status_ar[0];

        $test_key_db = $db->query("SELECT key FROM user WHERE email='" . $safe_email . "';");
        $test_key_ar = $test_key_db->fetchArray(SQLITE3_NUM);
        $test_key = $test_key_ar[0];

        if (empty($test_status_ar) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){
		return REGISTER_PROHOBITED;
	}

        $id_db = $db->query("SELECT id FROM user WHERE email='" . $safe_email . "';");
        $id_ar = $id_db->fetchArray(SQLITE3_NUM);
        $id = $id_ar[0];

        /*Generates the encrypted password and the database transactions*/

	$pepper = file_get_contents("../database/pepper.txt");
	$password = $cleartext_password . $pepper;

	$hash_password = password_hash($password, PASSWORD_DEFAULT);

        if($db->exec("
		BEGIN TRANSACTION;
                UPDATE user SET name='" . $safe_name . "', password='" . $hash_password . "', invites=5, status=1, register=(SELECT datetime()) WHERE id=" . $id . ";
                INSERT INTO files (id, parent, owner, name, folder, mime, size, share, size, hash) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', 0, '');
                COMMIT;")
	){

		$userid = user($db, $safe_name);

        	$_SESSION["login"] = true;
                $_SESSION["username"] = $name;
		$_SESSION["userid"] = $userid;

		return REGISTER_SUCCESSFULL;

	} else {
		return REGISTER_DATABASE;
	}

}