<?php
    $HTML->setHTMLTitle("Benutzer");
    $HTML->importSeitenInhalt("users.html");

    if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100)
    {
        $HTML->setHTMLTitle("Kein Zugriff");
        $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
        $HTML->build();
        echo $HTML->ausgabe();
        die();
    }

    if($_SERVER['REQUEST_METHOD'] == 'POST') {
        include 'app/FormValidator.php';
        if(isset($_POST['genpw'])) {
            $validator = new FormValidator(array(
                'userid' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/')
            ));

            if($validator->isValid($_POST)) {
                $NEWPW = substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil(10/strlen($x)) )),1,10); // Generate random password (10 characters)

                $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID'); 
                $statement->execute(['PasswordHash' => password_hash($NEWPW, PASSWORD_ARGON2ID), 'PrincipalID' => $_REQUEST['userid']]);
        
                $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($opensim->getUserName($_REQUEST['userid'])).' wurde geändert. Das neue Passwort ist <b>'.htmlspecialchars($NEWPW).'</b></div>');
            }
        }
        else if(isset($_POST['generateLink'])) {
            $validator = new FormValidator(array()); // Needed only for CSRF token validation

            if($validator->isValid($_POST)) {
                $inviteID = bin2hex(random_bytes(16));
                $link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID;
        
                $statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)');
                $statement->execute(['InviteCode' => $inviteID]);
                
                $HTML->ReplaceSeitenInhalt("%%link%%", $link);
            }
        }
    }

    include 'app/OpenSim.php';
    $opensim = new OpenSim();

    $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); 
    $statement->execute();

    $table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
    
    $statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC");
    $statement->execute(); 

    while($row = $statement->fetch()) 
    {
        $entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ÄNDERN</button></form></td></tr>';
        $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
    }

    $table = str_replace("%%ENTRY%%", "", $table);
    $HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table);
    $HTML->ReplaceSeitenInhalt("%%link%%", ' '); 
    $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' ');

    $HTML->build();
    echo $HTML->ausgabe();
?>