<?php

/*
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

require_once __DIR__ . "/required.php";
require_once __DIR__ . "/lib/item.php";

switch ($VARS['action']) {
    case "addtocart":
        $item = $VARS['item'];
        $qty = $VARS['qty'];

        if (!$binstack->has('items', ['AND' => ['itemid' => $item, 'price[>]' => 0]])) {
            header('Location: ./?page=cart&msg=invaliditem');
            die("Invalid item");
        }
        $cart = [];

        if (!empty($_SESSION['cart'])) {
            $cart = $_SESSION['cart'];
        }

        if (empty($cart[$item])) {
            $cart[$item] = $qty;
        } else {
            $cart[$item] += $qty;
        }
        $_SESSION['cart'] = $cart;
        header('Location: ./?page=cart&msg=itemadded');
        die();
        break;
    case "updatecart":
        $item = $VARS['item'];
        $qty = $VARS['qty'];
        $cart = [];
        if (!empty($_SESSION['cart'])) {
            $cart = $_SESSION['cart'];
        }
        $cart[$item] = $qty;
        if ($qty <= 0) {
            unset($cart[$item]);
        }
        $_SESSION['cart'] = $cart;
        header('Location: ./?page=cart&msg=itemupdated');
        break;
    case "login":
        $email = $VARS['email'];
        $password = $VARS['password'];
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            header('Location: ./?page=login&msg=invalidemail');
            die("Invalid email address.");
        }
        if ($database->has('customers', ['email' => $email])) {
            $hash = $database->get('customers', 'password', ['email' => $email]);
            if (password_verify($password, $hash)) {
                $_SESSION['shop_account'] = $database->get('customers', ['customerid (id)', 'name', 'password (hashed_password)', 'email'], ['email' => $email]);
                header('Location: ./?page=account');
                die();
            } else {
                header('Location: ./?page=login&msg=badlogin');
                die("Bad login.");
            }
        } else {
            header('Location: ./?page=login&msg=badlogin');
            die("Bad login.");
        }
        break;
    case "logout":
        $_SESSION['shop_account'] = null;
        header('Location: ./');
        break;
    case "signup":
        $name = $VARS['name'];
        $email = $VARS['email'];
        $password = $VARS['password'];
        $phone = $VARS['phone'];

        if (empty($name) || empty($email) || empty($password)) {
            header('Location: ./?page=signup&msg=missingdata');
            die("Missing required data.");
        }
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            header('Location: ./?page=signup&msg=invalidemail');
            die("Invalid email address.");
        }

        if ($database->has('customers', ['OR' => ['name' => $name, 'email' => $email]])) {
            header('Location: ./?page=signup&msg=accountinuse');
            die("Name or email already in use.");
        }

        if (empty($phone)) {
            $phone = null;
        }

        $database->insert('customers', ['name' => $name, 'email' => $email, 'password' => password_hash($password, PASSWORD_BCRYPT), 'phone' => $phone]);

        $_SESSION['shop_account'] = $database->get('customers', ['name', 'password (hashed_password)', 'email'], ['email' => $email]);
        header('Location: ./?page=account');
        die();

        break;
}