<?php

# This form requires wfpl. See: http://sametwice.com/wfpl

# This form was initially auto-generated. If you would like to alter the
# parameters and generate a new one try this URL:
#
# http://metaform.localhost.jasonwoof.com/?file_name=admin_users&table_name=users&singular=account&plural=accounts&opt_email=No&opt_db=Yes&opt_listing=Yes&opt_display=No&opt_pass=No&opt_public_form=No&opt_public_display=No&fields=name%0D%0Ausername%0D%0Atextbox+password%0D%0Arole%0D%0Aint+last_active%0D%0Aint+last_login&edit=yes


# SETUP

# To save results to a database, you'll need to create the users table.
# The file admin_users.sql should help with this
#
# if you rename any of the database fields, you'll need to update this:
define('ADMIN_USERS_DB_FIELDS', 'role,name,username,last_login,last_active');


require_once(__DIR__.'/'.'inc/wfpl/format.php');

$GLOBALS['admin_users_field_to_caption'] = array(
    'name' => 'Name',
    'role' => 'Role',
    'username' => 'Username',
    'password' => 'Password',
    'last_login' => 'Last Login',
    'last_active' => 'Last Active'
);

function admin_users_get_fields() {
    $data = array();

    $data['role'] = format_options(_REQUEST_cut('role'), 'role');
    $data['name'] = format_oneline(trim(_REQUEST_cut('name')));
    $data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
    $data['pass1'] = format_oneline(trim(_REQUEST_cut('pass1')));
    $data['pass2'] = format_oneline(trim(_REQUEST_cut('pass2')));

    return $data;
}


function admin_users_main() {
    session_auth_must('admin_users');

    $id = _REQUEST_cut('edit_id');
    if ($id) {
        return admin_users_main_form($id);
    }

    $id = _REQUEST_cut('admin_users_delete_id');
    if ($id) {
        return admin_users_main_delete($id);
    }

    if (_REQUEST_cut('new')) {
        return admin_users_main_form();
    }

    if (_REQUEST_cut('list')) {
        return admin_users_main_listing();
    }

    if (_REQUEST_cut('download_csv')) {
        return admin_users_csv_download();
    }

    if (isset($_POST['name'])) {
        return admin_users_main_form();
    }

    # default action:
    return admin_users_main_listing();
}

function admin_users_main_delete($id) {
    db_delete('users', 'where id=%i', $id);
    message('Account deleted.');
    return './admin_users';
}

function admin_users_csv_download() {
    require_once(__DIR__.'/'.'inc/wfpl/csv.php');
    $rows = db_get_rows('users', 'id,'.ADMIN_USERS_DB_FIELDS, 'order by id');
    $fields = explode(',', 'id,'.ADMIN_USERS_DB_FIELDS);
    $header = array();
    foreach ($fields as $field) {
        if (isset($GLOBALS['admin_users_field_to_caption'][$field])) {
            $header[] = $GLOBALS['admin_users_field_to_caption'][$field];
        } else {
            $header[] = $field;
        }
    }
    array_unshift($rows, $header);
    array2d_to_csv_download($rows, 'admin_users.csv');
}

function admin_users_main_listing() {
    $data = array();
    $desc = '';
    $sort = _REQUEST_cut('sort');
    if ($sort && substr($sort, 0, 1) === '-') {
        $sort = substr($sort, 1);
        $desc = ' DESC ';
    } else {
        $data["sorting-by-$sort"] = '-';
    }
    $legal_sorts = explode(',', ADMIN_USERS_DB_FIELDS);
    if (!$sort || !in_array($sort, $legal_sorts)) {
        $sort = 'role, name';
    }

    $data['rows'] = db_get_assocs('users', 'id,role,name,username,last_login,last_active', "order by $sort $desc limit 1000");
    tem_set('listings', $data);
    render_timestamps();
}

function admin_users_suggested_password() {
    $character_set = "ABCDEFHJKLMNPQRTUWXY34789"; # removed all similar-looking characters
    $code = "          ";

    # PHP 4.2.0 and up seed the random number generator for you.
    # Lets hope that it seeds with something harder to guess than the clock.
    for($i = 0; $i < 10; ++$i) {
        $code{$i} = $character_set{mt_rand(0, 24)}; # inclusive
    }

    return $code;
}

function admin_users_main_form($id = false) {
    if ($id) {
        tem_set('id', $id);
    }

    pulldown('role', [
        ['admin', 'Site Administrator'],
        ['disabled', 'Account Disabled']
    ]);

    if (isset($_POST['name'])) {
        $data = admin_users_get_fields();

        if (strlen($data['username']) < 1) {
            message("Oop, Username is required");
            $data['username_bad'] = true;
        } elseif ($data['pass1'] !== $data['pass2']) {
            message("Oop, passwords didn't match. Please enter your desired password carefully (twice).");
            $data['password_bad'] = true;
        } else {
            # password hash is slow, so only do it if we're really doing a db write
            if (isset($data['pass1']) && strlen($data['pass1']) > 0) {
                # hash password for db storage
                if (!function_exists('password_hash')) {
                    require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
                }
                $data['password'] = password_hash($data['pass1'], PASSWORD_DEFAULT);
            }
            unset($data['pass1']);
            unset($data['pass2']);
            if ($id) {
                db_update_assoc('users', $data, 'where id=%i', $id);
                message('Account updated.');
            } else {
                db_insert_assoc('users', $data);
                message('Account saved.');
            }
            return './admin_users';
        }
        # else fall through to display the form again. Field values are in $data
    } elseif ($id) {
        # we've recieved an edit id, but no data. So we grab the values to be edited from the database
        $data = db_get_assoc('users', ADMIN_USERS_DB_FIELDS, 'where id=%i', $id);
    } else {
        # form not submitted, you can set default values like so:
        #$data = array('name' => 'Yes');
        $data = array();
    }

    tem_set('password_suggestions', [
        admin_users_suggested_password(),
        admin_users_suggested_password(),
        admin_users_suggested_password(),
        admin_users_suggested_password(),
        admin_users_suggested_password()
    ]);
    tem_set('form', $data);
}