<?php
/**
 * Holds the advanced section controller.
 * @package Sakura
 */

namespace Sakura\Controllers\Settings;

use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
use Sakura\CurrentSession;
use Sakura\DB;
use Sakura\Session;

/**
 * Advanced settings.
 * @package Sakura
 * @author Julian van de Groep <me@flash.moe>
 */
class AdvancedController extends Controller
{
    /**
     * Renders the session management page.
     * @return string
     */
    public function sessions(): string
    {
        $id = $_POST['id'] ?? null;
        $all = isset($_POST['all']);

        if (session_check() && ($id || $all)) {
            // End all sessions
            if ($all) {
                CurrentSession::$user->purgeSessions();
                return $this->json([
                    'text' => 'Deleted all active session associated with your account!',
                    'go' => route('main.index'),
                ]);
            }

            $session = new Session($id);

            // Check if the session exists
            if ($session->id < 1 || $session->user !== CurrentSession::$user->id) {
                return $this->json(['error' => "This session doesn't exist!"]);
            }

            $session->delete();

            $result = ['error' => null];
            if ($session->id === CurrentSession::$session->id) {
                $result['go'] = route('main.index');
            }

            return $this->json($result);
        }

        $sessions = CurrentSession::$user->sessions();
        $active = CurrentSession::$session->id;

        return view('settings/advanced/sessions', compact('sessions', 'active'));
    }

    /**
     * Renders the deactivation page.
     * @return string
     */
    public function deactivate(): string
    {
        if (!CurrentSession::$user->perms->deactivateAccount) {
            throw new HttpMethodNotAllowedException;
        }

        $password = $_POST['password'] ?? null;

        if (session_check()) {
            if (!$password || strlen($password) < 1 || !CurrentSession::$user->verifyPassword($password)) {
                return $this->json(['error' => 'Incorrect password!']);
            }

            // Deactivate account
            DB::table('users')
                ->where('user_id', CurrentSession::$user->id)
                ->update(['user_activated' => 0]);

            // Destroy all active sessions
            CurrentSession::$user->purgeSessions();

            // should probably not use the error var for the farewell msg but w/e
            return $this->json(['error' => 'Farewell!', 'go' => route('main.index')]);
        }

        return view('settings/advanced/deactivate');
    }
}