<?php

namespace Zotlabs\Module\Settings;


class Oauth {


	function post() {
	
		if(x($_POST,'remove')){
			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
			
			$key = $_POST['remove'];
			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
				dbesc($key),
				local_channel());
			goaway(z_root()."/settings/oauth/");
			return;			
		}
	
		if((argc() > 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) {
			
			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
			
			$name   	= ((x($_POST,'name')) ? escape_tags($_POST['name']) : '');
			$key		= ((x($_POST,'key')) ? escape_tags($_POST['key']) : '');
			$secret		= ((x($_POST,'secret')) ? escape_tags($_POST['secret']) : '');
			$redirect	= ((x($_POST,'redirect')) ? escape_tags($_POST['redirect']) : '');
			$icon		= ((x($_POST,'icon')) ? escape_tags($_POST['icon']) : '');
			$oauth2		= ((x($_POST,'oauth2')) ? intval($_POST['oauth2']) : 0);
			$ok = true;
			if($name == '') {
				$ok = false;
				notice( t('Name is required') . EOL);
			}
			if($key == '' || $secret == '') {
				$ok = false;
				notice( t('Key and Secret are required') . EOL);
			}
		
			if($ok) {
				if ($_POST['submit']==t("Update")){
					$r = q("UPDATE clients SET
								client_id='%s',
								pw='%s',
								clname='%s',
								redirect_uri='%s',
								icon='%s',
								uid=%d
							WHERE client_id='%s'",
							dbesc($key),
							dbesc($secret),
							dbesc($name),
							dbesc($redirect),
							dbesc($icon),
							intval(local_channel()),
							dbesc($key));
				} else {
					$r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid)
						VALUES ('%s','%s','%s','%s','%s',%d)",
						dbesc($key),
						dbesc($secret),
						dbesc($name),
						dbesc($redirect),
						dbesc($icon),
						intval(local_channel())
					);
					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
						dbesc($key),
						intval(local_channel()),
						dbesc('all')
					);
				}
			}
			goaway(z_root()."/settings/oauth/");
			return;
		}
	}

	function get() {
			
		if((argc() > 2) && (argv(2) === 'add')) {
			$tpl = get_markup_template("settings_oauth_edit.tpl");
			$o .= replace_macros($tpl, array(
				'$form_security_token' => get_form_security_token("settings_oauth"),
				'$title'	=> t('Add application'),
				'$submit'	=> t('Submit'),
				'$cancel'	=> t('Cancel'),
				'$name'		=> array('name', t('Name'), '', t('Name of application')),
				'$key'		=> array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
				'$icon'		=> array('icon', t('Icon url'), '', t('Optional')),
			));
			return $o;
		}
			
		if((argc() > 3) && (argv(2) === 'edit')) {
			$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
					dbesc(argv(3)),
					local_channel());
			
			if (!count($r)){
				notice(t('Application not found.'));
				return;
			}
			$app = $r[0];
				
			$tpl = get_markup_template("settings_oauth_edit.tpl");
			$o .= replace_macros($tpl, array(
				'$form_security_token' => get_form_security_token("settings_oauth"),
				'$title'	=> t('Add application'),
				'$submit'	=> t('Update'),
				'$cancel'	=> t('Cancel'),
				'$name'		=> array('name', t('Name'), $app['clname'] , ''),
				'$key'		=> array('key', t('Consumer Key'), $app['client_id'], ''),
				'$secret'	=> array('secret', t('Consumer Secret'), $app['pw'], ''),
				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], ''),
				'$icon'		=> array('icon', t('Icon url'), $app['icon'], ''),
			));
			return $o;
		}
			
		if((argc() > 3) && (argv(2) === 'delete')) {
			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
			
			$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
					dbesc(argv(3)),
					local_channel());
			goaway(z_root()."/settings/oauth/");
			return;			
		}
			
			
		$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my 
				FROM clients
				LEFT JOIN tokens ON clients.client_id=tokens.client_id
				WHERE clients.uid IN (%d,0)",
				local_channel(),
				local_channel());
		
			
		$tpl = get_markup_template("settings_oauth.tpl");
		$o .= replace_macros($tpl, array(
			'$form_security_token' => get_form_security_token("settings_oauth"),
			'$baseurl'	=> z_root(),
			'$title'	=> t('Connected Apps'),
			'$add'		=> t('Add application'),
			'$edit'		=> t('Edit'),
			'$delete'		=> t('Delete'),
			'$consumerkey' => t('Client key starts with'),
			'$noname'	=> t('No name'),
			'$remove'	=> t('Remove authorization'),
			'$apps'		=> $r,
		));
		return $o;
			
	}

}