<?php

namespace Zotlabs\Module\Admin;

use Zotlabs\Model\Account;

class Account_edit {

	/**
	 * Process form submission from the admin/account_edit page.
	 */
	public function post(): void {

		$this->validate_form();

		if (isset($_POST['pass1'], $_POST['pass2'])) {
			$this->update_account_password();
		}

		if (isset($_POST['service_class'])) {
			$this->account->set_service_class(trim($_POST['service_class']));
		}

		$this->account->set_level(5);

		if (isset($_POST['account_language'])) {
			$this->account->set_language(trim($_POST['account_language']));
		}

		$this->account->save();

		info( t('Account settings updated.') . EOL);

		goaway(z_root() . '/admin/accounts');
	}


	/**
	 * Renders the Account_edit page.
	 *
	 * Expects a url of the form:
	 *
	 *		/admin/account_edit/{{$account_id}}
	 *
	 * Where {{$account_id}} is the numeric id of the account to edit.
	 *
	 * @return string
	 *		The rendered HTML for the page, or empty if an error
	 *		occured.
	 */
	public function get(): string {
		if (argc() < 3) {
			notice( t('No account specified.') . EOL);
			return '';
		}

		$account_id = argv(2);

		if (! is_numeric($account_id)) {
			notice( t('Invalid account specified.') . EOL);
			return '';
		}

		$account = Account::get_by_id($account_id);

		if(! $account) {
			notice ( t('Account not found.') . EOL);
			return '';
		}

		return replace_macros(get_markup_template('admin_account_edit.tpl'), [
			'$security' => get_form_security_token('admin_account_edit'),
			'$account' => $account,
			'$title' => t('Account Edit'),
			'$pass1' => [ 'pass1', t('New Password'), ' ','' ],
			'$pass2' => [ 'pass2', t('New Password again'), ' ','' ],
			'$account_language' => [ 'account_language' , t('Account language (for emails)'), $account->language(), '', language_list() ],
			'$service_class' => [ 'service_class', t('Service class'), $account->service_class(), '' ],
			'$submit' => t('Submit'),
			]
		);
	}

	/**
	 * Validate that the form submission is valid.
	 *
	 * Checks the CSRF token, and rejects the request with a 403 Forbidden
	 * status if it fails.
	 *
	 * Will set a notice and redirect to the main accounts page
	 * if validation fails.
	 */
	private function validate_form(): void {
		// Validate CSRF token
		//
		// We terminate with a 403 Forbidden status if the check fails.
		check_form_security_token_ForbiddenOnErr('admin_account_edit', 'security');

		if (! isset($_POST['aid'])) {
			notice( t('No account specified.') . EOL );
			goaway(z_root() . '/admin/accounts');
		}

		$this->account_id = $_POST['aid'];

		if (! is_numeric($this->account_id)) {
			notice( t('Invalid account specified.') . EOL );
			goaway(z_root() . '/admin/accounts');
		}

		$this->account = Account::get_by_id($this->account_id);
		if (! $this->account) {
			notice( t('Account does not exist.') . EOL );
			goaway(z_root() . '/admin/accounts');
		}
	}

	private function update_account_password(): void {
		$pass1 = trim($_POST['pass1']);
		$pass2 = trim($_POST['pass2']);

		if ($pass1 && $pass2 && ($pass1 === $pass2)) {
			$this->account->set_password($pass1);
			info( sprintf( t('Password changed for account %d.'), $this->account_id). EOL);
		}
	}
}