<?php
include 'uuid.php';

if(!file_exists("meowboard.db")) {
	die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");
}
class Store extends SQLite3
{
  function __construct()
  {
      $this->open('meowboard.db');
  }
}

$db = new Store();
$sitenameStatement = $db->prepare("SELECT * FROM settings WHERE key = 'sitename'");
$result = $sitenameStatement->execute();
$sitename =  $result->fetchArray()[1];

function saltString($string) {
  global $db;

  $saltStatement = $db->prepare("SELECT * FROM settings WHERE key = 'salt'");
  $result = $saltStatement->execute();
  $salt = $result->fetchArray()[1];

  return hash("sha512", $string . $salt);
}

function verifyPassword($username, $password) {
  global $db;

  $password = hash("sha512", $password);

  $grabUser = $db->prepare("SELECT password, pepper FROM users WHERE username = ?");
  $grabUser->bindParam(1, $username, SQLITE3_TEXT);
  $result = $grabUser->execute();
  $resultArray = $result->fetchArray();

  $storedPassword = $resultArray[0];
  $pepper = $resultArray[1];

  $passwordFinal = hash("sha512", saltString($password) . $pepper);
  if ($passwordFinal != $storedPassword) {
    return 0;
  }

  return 1;
}

function issueSessionToken($username) {
  global $db;

  $token = bin2hex(random_bytes(256));
  $tokenStore = saltString($token); // We store this value and give the user the unhashed token.
  $expiry = time() + 2_419_200_000; // 28 days.
  $uuid = usernameToUuid($username);

  $insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, uuid, expiry) VALUES (?, ?, ?)");
  $insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
  $insertTokenStatement->bindParam(2, $uuid, SQLITE3_TEXT);
  $insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);
  $result = $insertTokenStatement->execute();

  return $token;
}

function addImage($location, $uploader, $tags) {
  global $db;

  $insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)");
  $insertStatement->bindParam(1, $location, SQLITE3_TEXT);
  $insertStatement->bindParam(2, $uploader, SQLITE3_TEXT);
  $insertStatement->bindParam(3, $tags, SQLITE3_TEXT);
  $result = $insertStatement->execute();
}

function flushSessionTokens() {
  global $db;
  $timestamp = time();

  $flushStatement = $db->prepare("DELETE FROM tokens WHERE expiry < ?");
  $flushStatement->bindParam(1, $timestamp, SQLITE3_INTEGER);
  $flushStatement->execute();
}

function purgeSessionTokens() {
  global $db;

  $db->execute("DELETE FROM tokens");
}

function deleteSessionToken($token) {
  global $db;
  $tokenStore = saltString($token);

  $deleteStatement = $db->prepare("DELETE FROM tokens WHERE hash = ?");
  $deleteStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
  $deleteStatement->execute();
}

function checkSessionToken($token) {
  global $db;
  flushSessionTokens();

  $tokenStore = saltString($token);

  $getTokenStatement = $db->prepare("SELECT hash FROM tokens WHERE hash = ?");
  $getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
  $result = $getTokenStatement->execute();
  $tokenInDB = $result->fetchArray()[0];

  if ($tokenInDB == $tokenStore) { return 1; }
  return 0;
}

function tokenToUuid($token) {
  global $db;

  $tokenStore = saltString($token);
  $getTokenStatement = $db->prepare("SELECT uuid FROM tokens WHERE hash = ?");
  $getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
  $result = $getTokenStatement->execute();
  $uuid = $result->fetchArray()[0];

  return $uuid;
}

function isAdmin($uuid) {
  global $db;

  $getTokenStatement = $db->prepare("SELECT admin FROM users WHERE uuid = ?");
  $getTokenStatement->bindParam(1, $uuid, SQLITE3_TEXT);
  $result = $getTokenStatement->execute();
  return $result->fetchArray()[0];
}

function loggedInCheck() {
  if(!isset($_COOKIE["meowboardSession"])){
    die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
  }

  if(isset($_COOKIE["meowboardSession"])){
    if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
      setcookie("meowboardSession", "", 1);
      die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
    }
  }
}

function getImageAmount() {
  global $db;

  $statement = $db->prepare("SELECT id FROM images ORDER BY id DESC LIMIT 1");
  $result = $statement->execute();
  return $result->fetchArray()[0];
}

function getAmountOfPages() {
  $maxId = getImageAmount();

  return ceil($maxId/10);
}

function getImages($page = 0) {
  global $db;
  $data = array();

  $maxId = getImageAmount();
  $upperBound = ((int)$maxId-((int)$page*10));
  $lowerBound = $upperBound-10;

  $t2 = $upperBound-0; // I genuinely have no idea why this works but don't touch it.

  $getStatement = $db->prepare("SELECT location, tags FROM images WHERE id > ? AND id <= ? ORDER BY id DESC LIMIT 10");
  $getStatement->bindParam(1, $lowerBound, SQLITE3_INTEGER);
  $getStatement->bindParam(2, $t2, SQLITE3_INTEGER);
  $result = $getStatement->execute();
  while ($res = $result->fetchArray(1))
  {
    array_push($data, $res);
  }

  return $data;
}	

function usernameToUuid($username) {
  global $db;

  $getStatement = $db->prepare("SELECT uuid FROM users WHERE username = ?");
  $getStatement->bindParam(1, $username, SQLITE3_TEXT);
  $result = $getStatement->execute();

  return $result->fetchArray()[0];
}
?>