<?php

class vfsuser {

	public $username;
	public $login 	= false;

	private $pepper;
	private $query 	= false;
	
	public function __construct($name){
		$this->username = $name;

		if ( isset($_SESSION["loggedin"]) )
			$this->login = $_SESSION["loggedin"];
		
		$this->_setPepper();

		$this->_setQuery();
	}

	# get's everything from the database
	private function _setQuery(){
		global $vfsdb;

		$sql = $vfsdv->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username);
		$db_db = $vfsdb->doQuery($sql);
		if ( is_bool($db_db) )
			$this->query = false;
		else
			$this->query = $db_db->fetch_array(MYSQLI_ASSOC);
	}

	private function _setPepper(){
		if ( PEPPER_IS_FILE )
			$this->pepper = file_get_contents(PEPPER);
		else
			$this->pepper = PEPPER;
	}

	public function getUser(){
		return $this->query['name'];
	}

	public function getUserId(){
		return $this->query['id'];
	}

	public function getPassword(){
		return $this->query['password'];
	}

	public function getInvites(){
		return $this->query['invites'];
	}

	public function getEmail(){
		return $this->query['email'];	
	}

	public function getKey(){
		return $this->query['invitekey'];
	}

	public function getStatus(){
		return $this->query['status'];
	}

	public function getRegister(){
		return $this->query['register'];
	}

	public function getInviter(){
		return $this->query['inviter'];
	}

	# check if valid user
	publlic function isValidUser(){
		if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) )
			return false

		return true;
	}

	# check if current user is authenticated
	public function isLoggedIn(){
		return $this->login;	
	}

	public function login($password){
		
		# get hashed password from the database
		$hashed_password = $this->getPassword();

		# do the password check with php function
		if ( ! password_verify($password . PEPPER, $hashed_password) )
			return false;

		# set login to true
		$this->login = true;

		# start a session if needed
		if ( session_status() != PHP_SESSION_ACTIVE )
			session_name(VFS_SESSION);
			session_start();
		}

		# set session variable to true
		$_SESSION["loggedin"] = true;

		# assign userid to the session variable
		$_SESSION["userid"] = $this->getUserId();

		return true;
	}

	public function logout(){

		# no session active, so return false
		if ( session_status() != PHP_SESSION_ACTIVE )	
			return false;

		# set login to false
		$this->login = false;

		# destroy session
		if( ! session_destroy() )
			return false;

		return true;
	}

	public function register($name, $password, $email){
		global $vfsdb;

		$sql	   = $vfsdb->prepare("SELECT 1 FROM " . DBPREFIX . "user WHERE name=%s;", $name);
		$double_db = $vfsdb->doQuery($sql);
		$double_ar = $double_db->fetch_array(MYSQLI_NUM);
		if ( $double_ar[0] == 1 )
			return false;

		$sql   = $vfsdb->prepare("SELECT id FROM " . DBPREFIX . "user WHERE email=%s;", $email);
		$id_db = $vfsdb->doQuery($sql);
		$id_ar = $id_db->fetch_array(MYSQLI_ASSOC);
		$id    = $id_ar['id'];

		$password = $password . PEPPER;
		$hash	  = password_hash($password, PASSWORD_DEFAULT);

		$sql = $vfsdb->prepare("
			UPDATE user SET 
				name=%s,
				password=%s,
				invites=%d',
				status=1,
				register=%d,
				color_folder='DEFAULT',
				color_file='DEFAULT'
			WHERE id=%d;

			INSERT INTO files (
				files_id,
				parent,
				owner,
				name,
				type,
				mime,
				size,
				visibility,
				hash )
			VALUES (
				NULL,
				0,
				%d,
				'/',
				'DIRECTORY',
				NULL,
				NULL,
				'PUBLIC',
				''
			);", $name, $hash, INVITES_DEFAULT, time(), $id, $id);

		if ( ! $vfsdb->execMultipleQueries($sql) )
			return false;

		# the user is successfull registered, thus already logged in
		$this->username = $name;

		# redefine the class attributes
		$this->_setPepper();
		$this->_setQuery();

		$this->login($password);

		return true;
	}

	public function __destruct(){
		return true;
	}
}