<?php

namespace Zotlabs\Module\Settings;

use App;
use Zotlabs\Access\Permissions;
use Zotlabs\Access\PermissionLimits;
use Zotlabs\Lib\AccessList;
use Zotlabs\Lib\Libsync;

require_once('include/security.php');

class Tokens {

	function post() {

		$channel = App::get_channel();

		check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
		$token_errs = 0;
		if(array_key_exists('token',$_POST)) {
			$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
			if (! $atoken_id) {
				$atoken_guid = new_uuid();
			}
			$name = trim(escape_tags($_POST['name']));
			$token = trim($_POST['token']);
			if((! $name) || (! $token))
					$token_errs ++;
			if(trim($_POST['expires']))
				$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
			else
				$expires = NULL_DATE;
			$max_atokens = service_class_fetch(local_channel(),'access_tokens');
			if($max_atokens) {
				$r = q("select count(atoken_id) as total where atoken_uid = %d",
					intval(local_channel())
				);
				if($r && intval($r[0]['total']) >= $max_tokens) {
					notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL);
					return;
				}
			}
		}
		if($token_errs) {
			notice( t('Name and Password are required.') . EOL);
			return;
		}

		$old_atok = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
			intval($channel['channel_id']),
			dbesc($name)
		);
		if ($old_atok) {
			$old_atok = array_shift($old_atok);
			$old_xchan = atoken_xchan($old_atok);
		}
		
		if($atoken_id) {
			$r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s' 
				where atoken_id = %d and atoken_uid = %d",
				dbesc($name),
				dbesc($token),
				dbesc($expires),
				intval($atoken_id),
				intval($channel['channel_id'])
			);
		}
		else {
			$r = q("insert into atoken ( atoken_guid, atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
				values ( '%s', %d, %d, '%s', '%s', '%s' ) ",
				dbesc($atoken_guid),
				intval($channel['channel_account_id']),
				intval($channel['channel_id']),
				dbesc($name),
				dbesc($token),
				dbesc($expires)
			);
		}
		$atok = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
			intval($channel['channel_id']),
			dbesc($name)
		);
		if ($atok) {
			$xchan = atoken_xchan($atok[0]);
			atoken_create_xchan($xchan);
			$atoken_xchan = $xchan['xchan_hash'];
			if ($old_atok && $old_xchan) {
				$r = q("update xchan set xchan_name = '%s' where xchan_hash = '%s'",
					dbesc($xchan['xchan_name']),
					dbesc($old_xchan['xchan_hash'])
				);
			}			
		}

		$all_perms = Permissions::Perms();

		$p = EMPTY_STR;

		if($all_perms) {
			foreach($all_perms as $perm => $desc) {
				if(array_key_exists('perms_' . $perm, $_POST)) {
					if($p)
						$p .= ',';
					$p .= $perm;
				}
			}
			set_abconfig(local_channel(),$atoken_xchan,'system','my_perms',$p);
			if ($old_atok) {


			}
		}
		
		if (! $atoken_id) {
		
			// If this is a new token, create a new abook record

			$closeness = get_pconfig($uid,'system','new_abook_closeness',80);
			$profile_assign = get_pconfig($uid,'system','profile_assign','');

			$r = abook_store_lowlevel(
				[
					'abook_account'   => $channel['channel_account_id'],
					'abook_channel'   => $channel['channel_id'],
					'abook_closeness' => intval($closeness),
					'abook_xchan'     => $atoken_xchan,
					'abook_profile'   => $profile_assign,
					'abook_feed'      => 0,
					'abook_created'   => datetime_convert(),
					'abook_updated'   => datetime_convert(),
					'abook_instance'  => z_root()
				]
			);

			if (! $r) {
				logger('abook creation failed');
			}

			/** If there is a default group for this channel, add this connection to it */

			if ($channel['channel_default_group']) {
				$g = AccessList::rec_byhash($uid,$channel['channel_default_group']);
				if ($g) {
					AccessList::member_add($uid,'',$atoken_xchan,$g['id']);
				}
			}

			$r = q("SELECT abook.*, xchan.*
				FROM abook left join xchan on abook_xchan = xchan_hash
				WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
				intval($channel['channel_id']),
				dbesc($atoken_xchan)
			);

			if (! $r) {
				logger('abook or xchan record not saved correctly');
				return;
			}

			$clone = array_shift($r);
	
			unset($clone['abook_id']);
			unset($clone['abook_account']);
			unset($clone['abook_channel']);
				
			$abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
			if ($abconfig) {
				$clone['abconfig'] = $abconfig;
			}
			
			Libsync::build_sync_packet($channel['channel_id'],
				[ 'abook' => [ $clone ], 'atoken' => $atok ],
				true);
		}

		info( t('Token saved.') . EOL);
		return;
	}
	

	function get() {

		$channel = App::get_channel();

		$atoken = null;
		$atoken_xchan = '';

		if(argc() > 2) {
			$id = argv(2);			

			$atoken = q("select * from atoken where atoken_id = %d and atoken_uid = %d",
				intval($id),
				intval(local_channel())
			);

			if($atoken) {
				$atoken = $atoken[0];
				$atoken_xchan = substr($channel['channel_hash'],0,16) . '.' . $atoken['atoken_guid'];
			}

			if($atoken && argc() > 3 && argv(3) === 'drop') {
				$atoken['deleted'] = true;
				
				$r = q("SELECT abook.*, xchan.*
					FROM abook left join xchan on abook_xchan = xchan_hash
					WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
					intval($channel['channel_id']),
					dbesc($atoken_xchan)
				);
				if (! $r) {
					return;
				}

				$clone = array_shift($r);
	
				unset($clone['abook_id']);
				unset($clone['abook_account']);
				unset($clone['abook_channel']);

				$clone['entry_deleted'] = true;
				
				$abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
				if ($abconfig) {
					$clone['abconfig'] = $abconfig;
				}

				atoken_delete($id);
				Libsync::build_sync_packet($channel['channel_id'],
					[ 'abook' => [ $clone ], 'atoken' => [ $atoken ] ],
					true);

				$atoken = null;
				$atoken_xchan = '';
			}
		}

		$t = q("select * from atoken where atoken_uid = %d",
			intval(local_channel())
		);			

		$desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access private content.');

		$desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:');


		$global_perms = Permissions::Perms();
		$existing = get_all_perms(local_channel(),(($atoken_xchan) ? $atoken_xchan : EMPTY_STR));

		$theirs = get_abconfig(local_channel(),$atoken_xchan,'system','their_perms',EMPTY_STR);

		$their_perms = Permissions::FilledPerms(explode(',',$theirs));
		foreach($global_perms as $k => $v) {
			if(! array_key_exists($k,$their_perms))
				$their_perms[$k] = 1;
		}

		$my_perms = explode(',',get_abconfig(local_channel(),$atoken_xchan,'system','my_perms',EMPTY_STR));

		foreach($global_perms as $k => $v) {
			$thisperm = ((in_array($k,$my_perms)) ? 1 : 0);
				
			$checkinherited = PermissionLimits::Get(local_channel(),$k);
	
			// For auto permissions (when $self is true) we don't want to look at existing
			// permissions because they are enabled for the channel owner
			if((! $self) && ($existing[$k]))
				$thisperm = "1";

			$perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
		}


		$tpl = get_markup_template("settings_tokens.tpl");
		$o .= replace_macros($tpl, array(
			'$form_security_token' => get_form_security_token("settings_tokens"),
			'$title'	=> t('Guest Access Tokens'),
			'$desc'     => $desc,
			'$desc2' => $desc2,
			'$tokens' => $t,
			'$atoken' => $atoken,
			'$atoken_xchan' => $atoken_chan,
			'$url1' => z_root() . '/channel/' . $channel['channel_address'],
			'$url2' => z_root() . '/photos/' . $channel['channel_address'],
			'$name' => array('name', t('Login Name') . ' <span class="required">*</span>', (($atoken) ? $atoken['atoken_name'] : ''),''),
			'$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : new_token()), ''),
			'$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] > NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''),
			'$them' => t('Their Settings'),
			'$me' => t('My Settings'),
			'$perms' => $perms,
			'$inherited' => t('inherited'),
			'$notself' => 1,
			'$self' => 0,
			'$permlbl' => t('Individual Permissions'),
			'$permnote'       => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'),
			'$submit' 	=> t('Submit')
		));
		return $o;
	}
	
}