<?php

function processPostData($db, $post, $redirectLocation = "."){
	sleep(1);
	if($post['action']){
		// if there is a redirectlocation, set it
		if($post['redirectLocation']){
			$redirectLocation = $post['redirectLocation'];
		}
		
		// change a users password
		if($post['action']=="changePassword"){
			$success = changePassword(
				$db,
				$post['changerId'],
				$post['changeeId'],
				$post['changerPassword'],
				$post['newPassword'],
				$post['newPasswordAgain']
			);
			// append success to the redirectlocation
			if($success){
				$redirectLocation .= "?changePasswordSuccess=true";
			}
			else{
				$redirectLocation .= "?changePasswordSuccess=false";
			}
		}// end changePassword
		
		// redirect to the redirectlocation
		header("Location: ".$redirectLocation);
	}// end processing action
return;
}

function sendEmail($toEmail, $emailText, $emailSubject){
	try{
		$date=new DateTime();
		mail(
			$toEmail,
			$emailSubject,
			$emailText
		);
	}
	catch(Exception $e) {
	  echo 'Message: ' .$e->getMessage();
	}
}

function attendancesAssocArray2text($attendancesAssocArray){
	$ret = "";
	foreach($attendancesAssocArray as $date => $attendees){
		$ret .= $date."\n";
		foreach($attendees as $a){
			$ret .= "\n";
			$ret .= "Name: ".$a['name'].", ".$a['vorname']."\n";
			$ret .= "PLZ: ".$a['corona_PLZ']."\n";
			$ret .= "Tel.: ".$a['corona_telephon']."\n";
			$ret .= "eMail: ".$a['corona_eMail']."\n";
		}
		$ret .= "\n";
	}
return $ret;
}

function attendancesAssocArray2mdList($attendancesAssocArray, $date=null){
	if($date == null)
		$date=new DateTime();
	$ret = "# Anwesenheitsliste zur Corona-Kontaktverfolgung der Abteilung Judo des CWSV vom ".$date->format("Y-m-d")."\n\n";
	foreach($attendancesAssocArray as $d => $attendees){
		$ret .= "## ".$d."\n";
		$i=0;
		foreach($attendees as $a){
			$i += 1;
			$ret .= "\n";
			$ret .= $i." ".$a['name'].", ".$a['vorname']."\n";
			$ret .= "    - PLZ: ".$a['corona_PLZ']."\n";
			$ret .= "    - Tel.: ".$a['corona_telephon']."\n";
			$ret .= "    - eMail: ".$a['corona_eMail']."\n";
		}
		$ret .= "\n";
	}
return $ret;
}

//! Checks if multiple keys exist in an array
//!
//! @param array $array array to check for key
//! @param array|string $keys keys to check for
//!
//! @return bool true, if *all* keys are set in the array
function array_keys_exist( array $array, $keys ) {
	if ( ! is_array( $keys ) ) {
		$keys = func_get_args();
		array_shift( $keys );
	}
	$count = 0;
	foreach ( $keys as $key ) {
		if ( isset( $array[$key] ) || array_key_exists( $key, $array ) ) {
			$count++;
		}
	}

	return count( $keys ) === $count;
}

/// updates users password without checking any rights
/// params:
/// - $db : pdoDbConnection to use
/// - $userId : id of the user with the password to change
/// - $password : the password to set
function updateUserPassword($db, $userId, $password){
	// we don't save the actual password but it's hash
	if($password != ""){
		$password = password_hash( $password, PASSWORD_DEFAULT);
	}
	else{
		$password = NULL;
	}
	
	$query = "UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;";
	$params = array(
		':val' => array('value'=>$password, 'data_type'=>PDO::PARAM_STR), 
		':id'  => array('value'=>$userId,   'data_type'=>PDO::PARAM_INT) 
	);
	dbQuery($db, $query, $params);
	
	return;
}

/// Change a users password (apiFunction)
/// params:
/// - $db: dbConnection to use
/// - $changerId: userId who changes the password
/// - $changeeId: userId whose password should be changed
/// - $ownPassword: password of the user who changes the password
/// - $newPasword: the new password
/// - $newPasswordAgain: controllInput of the new password
function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain){
	// we need a dbConnection
	if( !$db ){
//		echo("No DB!");
		return false;
	}
	
	$changerInfo = getUserData($db, $changerId);
	
	// check the password of the changer
	if( !password_verify( $changerPassword, $changerInfo['pwHash']) ){
//		echo("Wrong changerPasswod");
		return false;
	}
	
	// check if the changer is allowed to change the changees password
	if ( $changerId != $changeeId ){
		$changersKidsIds = getUsersKidsIds($db, $changerId);
		
//		if( !in_array($changeeId, $changersKidsIds) ){
		if( !isUserInKidIds($changeeId, $changersKidsIds) ){
//			echo("not your child: ".$changeeId." not in "); var_dump($changersKidsIds);
			return false;
		}
	}
	
	// check if the two inputs are the same
	if( $newPassword != $newPasswordAgain ){
//		echo("new pw missmatch");
		return false;
	}
	
	updateUserPassword($db, $changeeId, $newPassword);
	
	return true;
}

?>