<?php

require_once "participoLib/participo.php";

function processPostData($db, $post, $redirectLocation = ".")
{
    sleep(1);
    if ($post["action"] ?? false) {
        // if there is a redirectlocation, set it
        if ($post["redirectLocation"]) {
            $redirectLocation = $post["redirectLocation"];
        }

        // change a users password
        if ($post["action"] == "changePassword") {
            $success = changePassword(
                $db,
                $post["changerId"],
                $post["changeeId"],
                $post["changerPassword"],
                $post["newPassword"],
                $post["newPasswordAgain"],
            );
            // append success to the redirectlocation
            if ($success) {
                $redirectLocation .= "?changePasswordSuccess=true";
            } else {
                $redirectLocation .= "?changePasswordSuccess=false";
            }
        } // end changePassword

        // redirect to the redirectlocation
        header("Location: {$redirectLocation}");
    } // end processing action
    return;
}

function sendEmail($toEmail, $emailText, $emailSubject)
{
    try {
        $date = new DateTime();
        mail($toEmail, $emailSubject, $emailText);
    } catch (Exception $e) {
        echo "Message: " . $e->getMessage();
    }
}

//! Checks if multiple keys exist in an array
//!
//! @param array $array array to check for key
//! @param array|string $keys keys to check for
//!
//! @return bool true, if *all* keys are set in the array
function array_keys_exist(array $array, $keys)
{
    if (!is_array($keys)) {
        $keys = func_get_args();
        array_shift($keys);
    }
    $count = 0;
    foreach ($keys as $key) {
        if (isset($array[$key]) || array_key_exists($key, $array)) {
            $count++;
        }
    }

    return count($keys) === $count;
}

/// updates users password without checking any rights
/// params:
/// - $db : pdoDbConnection to use
/// - $userId : id of the user with the password to change
/// - $password : the password to set
function updateUserPassword($db, $userId, $password)
{
    // we don't save the actual password but it's hash
    if ($password != "") {
        $password = password_hash($password, PASSWORD_DEFAULT);
    } else {
        $password = null;
    }

    $query =
        "UPDATE `cwsvjudo_main`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;";
    $params = [
        ":val" => ["value" => $password, "data_type" => PDO::PARAM_STR],
        ":id" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
    ];
    dbConnector::query($query, $params);

    return;
}

/// Change a users password (apiFunction)
/// params:
/// - $db: dbConnection to use
/// - $changerId: userId who changes the password
/// - $changeeId: userId whose password should be changed
/// - $ownPassword: password of the user who changes the password
/// - $newPassword: the new password
/// - $newPasswordAgain: controllInput of the new password
function changePassword(
    $db,
    $changerId,
    $changeeId,
    $changerPassword,
    $newPassword,
    $newPasswordAgain,
) {
    // we need a dbConnection
    if (!$db) {
        //		echo("No DB!");
        return false;
    }

    $changerInfo = getUserData($db, $changerId);

    // check the password of the changer
    if (!password_verify($changerPassword, $changerInfo["pwHash"])) {
        //		echo("Wrong changerPasswod");
        return false;
    }

    // check if the changer is allowed to change the changees password
    if ($changerId != $changeeId) {
        $changersKidsIds = getUsersKidsIds($db, $changerId);

        //		if( !in_array($changeeId, $changersKidsIds) ){
        if (!isUserInKidIds($changeeId, $changersKidsIds)) {
            // echo("not your child: ".$changeeId." not in ");
            // var_dump($changersKidsIds);
            return false;
        }
    }

    // check if the two inputs are the same
    if ($newPassword != $newPasswordAgain) {
        //		echo("new pw missmatch");
        return false;
    }

    updateUserPassword($db, $changeeId, $newPassword);

    return true;
}

function getUsersKidsIds($db, $userId)
{
    $query = <<<SQL
    SELECT `kidId`
    FROM `vormundschaft`
    WHERE userId = :userId;
    SQL;
    $params = [
        ":userId" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
    ];
    $result = dbConnector::query($db, $query, $params);
    return $result;
}

function isUserInKidIds($uId, $idList)
{
    foreach ($idList as $id) {
        if ($id["kidId"] == $uId) {
            return true;
        }
    }
    return false;
}