<?php

include 'config.php';

if (isset($_POST["submitted"])) {
    $error_message = updateAccount();
} elseif (isset($_POST["submitted_password"])) {
    $error_message = updatePassword();
}

if (isset($_SESSION["user_id"])) {
    $result = $DB->query("SELECT * FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "';");
    $user_data = $result->fetch();
}

function updateAccount()
{
    global $DB, $URL_BASE, $MAIL_ADDRESS;

    if (!isset($_SESSION["user_id"]))
        return "Vous n'êtes pas connecté.";

    $ID = $_SESSION["user_id"];

    $surname = htmlspecialchars($_POST["surname"]);
    if (isset($surname) && $surname != "")
        $DB->prepare("UPDATE `users` SET `surname` = ? WHERE `id` = ?;")->execute([$surname, $ID]);

    $first_name = htmlspecialchars($_POST["firstname"]);
    if (isset($first_name) && $first_name != "")
        $DB->prepare("UPDATE `users` SET `first_name` = ? WHERE `id` = ?;")->execute([$first_name, $ID]);

    $birth_date = htmlspecialchars($_POST["birth_date"]);
    if (isset($birth_date) && $birth_date != "")
        $DB->prepare("UPDATE `users` SET `birth_date` = ? WHERE `id` = ?;")->execute([$birth_date, $ID]);

    if (isset($_POST["gender"])) {
        $gender = htmlspecialchars($_POST["gender"]);
        if (isset($gender) && ($gender == "M" || $gender == "F"))
            $DB->prepare("UPDATE `users` SET `gender` = ? WHERE `id` = ?;")->execute([$gender, $ID]);
    }

    $address = htmlspecialchars($_POST["address"]);
    if (isset($address) && $address != "")
        $DB->prepare("UPDATE `users` SET `address` = ? WHERE `id` = ?;")->execute([$address, $ID]);

    $postal_code = htmlspecialchars($_POST["postal_code"]);
    if (isset($postal_code) && $postal_code != "")
        $DB->prepare("UPDATE `users` SET `postal_code` = ? WHERE `id` = ?;")->execute([$postal_code, $ID]);

    $city = htmlspecialchars($_POST["city"]);
    if (isset($city) && $city != "")
        $DB->prepare("UPDATE `users` SET `city` = ? WHERE `id` = ?;")->execute([$city, $ID]);

    $country = htmlspecialchars($_POST["country"]);
    if (isset($country) && $country != "")
        $DB->prepare("UPDATE `users` SET `country` = ? WHERE `id` = ?;")->execute([$country, $ID]);

    $phone_number = htmlspecialchars($_POST["phone_number"]);
    if (isset($phone_number) && $phone_number != "")
        $DB->prepare("UPDATE `users` SET `phone_number` = ? WHERE `id` = ?;")->execute([$phone_number, $ID]);

    if (isset($_POST["school"])) {
        $school = htmlspecialchars($_POST["school"]);
        if (isset($school) && $school != "")
            $DB->prepare("UPDATE `users` SET `school` = ? WHERE `id` = ?;")->execute([$school, $ID]);
    }

    if (isset($_POST["class"])) {
        $class = htmlspecialchars($_POST["class"]);
        if (isset($class) && ($class == "terminale" || $class == "premiere" || $class == "seconde"))
            $DB->prepare("UPDATE `users` SET `class` = ? WHERE `id` = ?;")->execute([strtoupper($class), $ID]);
    }

	if (isset($_POST["responsible_name"])) {
		$responsible_name = htmlspecialchars($_POST["responsible_name"]);
		if (isset($responsible_name) && $responsible_name != "")
			$DB->prepare("UPDATE `users` SET `responsible_name` = ? WHERE `id` = ?;")->execute([$responsible_name, $ID]);
	}

	if (isset($_POST["responsible_phone"])) {
		$responsible_phone = htmlspecialchars($_POST["responsible_phone"]);
		if (isset($responsible_phone) && $responsible_phone != "")
			$DB->prepare("UPDATE `users` SET `responsible_phone` = ? WHERE `id` = ?;")->execute([$responsible_phone, $ID]);
	}

	if (isset($_POST["responsible_email"])) {
		$responsible_email = htmlspecialchars($_POST["responsible_email"]);
		if (isset($responsible_email) && $responsible_email != "")
			$DB->prepare("UPDATE `users` SET `responsible_email` = ? WHERE `id` = ?;")->execute([$responsible_email, $ID]);
	}

    if (isset($_POST["description"])) {
        $description = htmlspecialchars($_POST["description"]);
        if (isset($description) && $description != "")
            $DB->prepare("UPDATE `users` SET `description` = ? WHERE `id` = ?;")->execute([$description, $ID]);
    }

    $email = htmlspecialchars($_POST["email"]);
    if (isset($email) && $email != "" && filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $confirm_email_uid = uniqid();
        $DB->prepare("UPDATE `users` SET `email` = ?, `confirm_email` = ? WHERE `id` = ?;")->execute([$email, $confirm_email_uid, $ID]);

        $msg = "Vous venez de changer votre adresse mail. Veuillez désormais confirmer votre adresse mail en cliquant ici : $URL_BASE/confirmer_mail/$confirm_email_uid";
        mail($email, "Changement d'adresse mail - TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
    }

    return false;
}

function updatePassword()
{
    global $DB, $YEAR;

    $old = htmlspecialchars($_POST["old_password"]);
    $new = htmlspecialchars($_POST["new_password"]);
    $confirm = htmlspecialchars($_POST["confirm_password"]);

    $result = $DB->query("SELECT `pwd_hash` FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "' AND `year` = '$YEAR';");
    if (($data = $result->fetch()) === FALSE)
        return "Le compte n'existe pas.";

    if (!password_verify($old, $data["pwd_hash"]))
        return "L'ancien mot de passe est incorrect.";

    if (strlen($new) < 8)
        return "Le mot de passe doit comporter au moins 8 caractères.";

    if ($new != $confirm)
        return "Les deux mots de passe sont différents.";

    $hash = password_hash($new, PASSWORD_BCRYPT);

    $DB->prepare("UPDATE `users` SET `pwd_hash` = ? WHERE `id` = ?;")->execute([$hash, $_SESSION["user_id"]]);

    return false;
}

?>

<?php include "header.php" ?>

<?php if (!isset($_SESSION["user_id"])) {
    echo "<h2>Vous devez être connecté pour afficher cette page.</h2>";
    include "footer.php";
    return;
} ?>

<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>

<?php
if (isset($error_message) && $error_message === FALSE) {
    ?>
    <h2>Votre compte a bien été mis à jour !</h2>
    <?php
    if (isset($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
        echo "Votre adresse mail a bien été changée. Veuillez vérifier votre boîte mail pour valider votre nouvelle adresse";
    }
    ?>
<?php } ?>

<form method="POST">
    <input type="hidden" name="submitted" value="true"/>
    <table style="width: 100%">
        <tr>
            <td style="width: 30%"><label for="email">E-mail :</label></td>
            <td style="width: 70%"><?php echo $user_data["email"] ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="email" id="email" name="email"/></td>
        </tr>
        <tr>
            <td><label for="surname">Nom :</label></td>
            <td><?php echo $user_data["surname"] ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="text" id="surname" name="surname"/></td>
        </tr>
        <tr>
            <td><label for="firstname">Prénom :</label></td>
            <td><?php echo $user_data["first_name"] ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="text" id="firstname" name="firstname"/></td>
        </tr>
        <tr>
            <td><label for="birth_date">Date de naissance :</label></td>
            <td><?php echo echo_date($user_data["birth_date"]) ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="date" id="birth_date" name="birth_date"/></td>
        </tr>
        <tr>
            <td><label for="gender">Sexe :</label></td>
            <td><input type="radio" id="male" name="gender" value="M" <?php if ($user_data["gender"] == "M") echo "checked" ?> /><label for="male">Homme</label>
                <input type="radio" id="female" name="gender" value="F" <?php if ($user_data["gender"] == "F") echo "checked" ?> /><label for="female">Femme</label></td>
        </tr>
        <tr>
            <td><label for="address">Adresse :</label></td>
            <td><?php echo $user_data["address"] ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="text" id="address" name="address"/></td>
        </tr>
        <tr>
            <td><label for="postal_code">Code postal :</label></td>
            <td><?php echo $user_data["postal_code"] ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="number" id="postal_code" name="postal_code" min="1000" max="95999"/></td>
        </tr>
        <tr>
            <td><label for="city">Ville :</label></td>
            <td><?php echo $user_data["city"] ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="text" id="city" name="city"/></td>
        </tr>
        <tr>
            <td><label for="country">Pays :</label></td>
            <td><?php echo $user_data["country"] ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="text" id="country" name="country"/></td>
        </tr>
        <tr>
            <td><label for="phone_number">Numéro de téléphone :</label></td>
            <td><?php echo $user_data["phone_number"] ?></td>
        </tr>
        <tr>
            <td colspan="2"><input style="width: 100%" type="text" id="phone_number" name="phone_number"/></td>
        </tr>
        <?php if ($user_data["role"] == "PARTICIPANT") { ?>
            <tr>
                <td><label for="school">Établissement dans lequel l'élève étudie :</label></td>
                <td><?php echo $user_data["school"] ?></td>
            </tr>
            <tr>
                <td colspan="2"><input style="width: 100%" type="text" id="school" name="school"/></td>
            </tr>
            <tr>
                <td><label for="class">Classe :</label></td>
                <td><select style="width: 100%" id="class" name="class">
                        <option value="terminale" <?php if ($user_data["class"] == "terminale") echo "selected" ?>>Terminale</option>
                        <option value="premiere" <?php if ($user_data["class"] == "premiere") echo "selected" ?>>Première</option>
                        <option value="seconde" <?php if ($user_data["class"] == "seconde") echo "selected" ?>>Seconde ou inférieur</option>
                    </select></td>
            </tr>
            <tr>
                <td>
                    <label for="responsible_name">Nom du responsable légal :</label>
                </td>
                <td>
                    <?php echo $user_data["responsible_name"] ?>
                </td>
            </tr>
            <tr>
                <td colspan="2">
                    <input style="width: 100%;" type="text" id="responsible_name" name="responsible_name" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="responsible_phone">Téléphone du responsable légal :</label>
                </td>
                <td>
                    <?php echo $user_data["responsible_phone"] ?>
                </td>
            </tr>
            <tr>
                <td colspan="2">
                    <input style="width: 100%" type="text" id="responsible_phone" name="responsible_phone" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="responsible_email">Email du responsable légal :</label>
                </td>
                <td>
                    <?php echo $user_data["responsible_email"] ?>
                </td>
            </tr>
            <tr>
                <td colspan="2">
                    <input style="width: 100%" type="email" id="responsible_email" name="responsible_email" />
                </td>
            </tr>
        <?php } else { ?>
            <tr>
                <td><label for="description">Description :</label></td>
                <td><textarea style="width: 100%" id="description" name="description"><?php echo $user_data["description"] ?></textarea></td>
            </tr>
        <?php } ?>
        <tr>
            <td colspan="2"><input type="submit" style="width: 100%" value="Mettre à jour mes données"/></td>
        </tr>
    </table>
</form>

<div style="padding: 20px"></div>

<form method="POST">
    <input type="hidden" name="submitted_password" value="true"/>
    <table style="width: 100%">
        <tr>
            <td style="width: 30%"><label for="old_password">Ancien mot de passe :</label></td>
            <td style="width: 70%"><input style="width: 100%" type="password" id="old_password" name="old_password"/></td>
        </tr>
        <tr>
            <td><label for="new_password">Nouveau mot de passe :</label></td>
            <td><input style="width: 100%" type="password" id="new_password" name="new_password"/></td>
        </tr>
        <tr>
            <td><label for="confirm_password">Confirmer le mot de passe :</label></td>
            <td><input style="width: 100%" type="password" id="confirm_password" name="confirm_password"/></td>
        </tr>
        <tr>
            <td colspan="2"><input type="submit" style="width: 100%" value="Mettre à jour mon mot de passe"/></td>
        </tr>
    </table>
</form>

<?php include "footer.php" ?>