<?php

class jg {

	public $username;
	public $login 	= false;

	private $pepper;
	private $query 	= false;
	
	public function __construct($name = null){

		$this->username = $name;

		if ( isset($_SESSION["loggedin"]) )
			$this->login = $_SESSION["loggedin"];
		
		$this->_setPepper();

		$this->_setQuery();
	}

	# get's everything from the database
	private function _setQuery(){
		global $db;

		$sql = $db->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username);
		$db_db = $db->doQuery($sql);
		if ( is_bool($db_db) )
			$this->query = false;
		else
			$this->query = $db_db->fetch_array(MYSQLI_ASSOC);
	}

	private function _setPepper(){
		if ( PEPPER_IS_FILE )
			$this->pepper = file_get_contents(PEPPER);
		else
			$this->pepper = PEPPER;
	}

	public function getUser(){
		return $this->query['name'];
	}

	public function getUserId(){
		return $this->query['id'];
	}

	public function getPassword(){
		return $this->query['password'];
	}

	public function getEmail(){
		if ( $this->query['email'] == "null" )
			return "";
		else
			return $this->query['email'];	
	}

	public function getRegister(){
		return $this->query['register'];
	}

	# check if valid user
	public function isValidUser(){
		if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) )
			return false;

		return true;
	}

	# check if current user is authenticated
	public function isLoggedIn(){
		return $this->login;	
	}

	public function login($user, $password){
		if ( is_null($this->username) )
			$this->__construct($user);
		
		# get hashed password from the database
		$hashed_password = $this->getPassword();

		# do the password check with php function
		if ( ! password_verify($password . PEPPER, $hashed_password) )
			return false;

		# set login to true
		$this->login = true;

		$this->username=$user;

		# start a session if needed
		if ( session_status() != PHP_SESSION_ACTIVE ) {
			session_name(SESSION);
			session_start();
		}

		# set session variable to true
		$_SESSION["loggedin"] = true;

		# assign userid to the session variable
		$_SESSION["userid"] = $this->getUserId();
		$_SESSION["username"] = $this->username;

		return true;
	}

	public function logout(){

		# no session active, so return false
		if ( session_status() != PHP_SESSION_ACTIVE )	
			return false;

		# set login to false
		$this->login = false;

		# destroy session
		if( ! session_destroy() )
			return false;

		return true;
	}

	public function register($name, $password, $email){
		global $db;

		$hash	  = password_hash($password . PEPPER, PASSWORD_DEFAULT);

		$sql = $db->prepare("
			INSERT INTO " . DBPREFIX . "user (id, name, password, email, register) VALUES (NULL, %s, %s, %s, %d);", $name, $hash, $email, time() 
		);

		if ( ! $db->doQuery($sql) )
			return false;

		# the user is successfull registered, thus already logged in
		$this->username = $name;

		# redefine the class attributes
		$this->_setPepper();
		$this->_setQuery();

		$this->login($name, $password);

		return true;
	}

	public function __destruct(){
		return true;
	}
}