<?php

/**
 * @Page('title' = 'Users management', 'group' = 'prefs', 'roles' = {'manager', 'schooladm'})
 * @Mode('mode' = 'view', 'title' = 'View', 'roles' = {'manager', 'schooladm'}, 'exclude_from_nav' = true)
 * @MenuItem('title' = 'Users', 'group' = 'prefs', 'roles' = {'manager', 'schooladm'}, 'page' = '?pid=UsersManager')
 * */
class UsersManager extends BasePage {
    
    public function getUserData() {
        global $krihvel, $kdb, $user;
        if ( $user->hasRole("manager") ) {
            $q = "SELECT users.*, userinfo.*, schoolName FROM users LEFT JOIN userinfo ON users.id = userinfo.userid left join schools using(schoolID)";
        } else {
            $scID = $user->getSchoolID();
            if ( $scID != NULL) {
                $q = "SELECT users.*, userinfo.*, schoolName FROM users LEFT JOIN userinfo ON users.id = userinfo.userid left join schools using(schoolID)";
                $q .= " WHERE schoolID=".$scID;
            }
        }
        if ( isset($q)) {
            $ret = $kdb->query($q);
        }
        $userdata = array();
        if ( isset($ret)) {
            while ( $row = mysql_fetch_array($ret)) {
                $userdata []= $row;
            }
        }
        return $userdata;
    }
    
    public function getSchoolListing() {
        global $kdb;
        $q = "SELECT * FROM schools";
        if ( isset($q)) {
            $ret = $kdb->query($q);
        }
        $sl = array();
        if ( isset($ret)) {
            while ( $row = mysql_fetch_array($ret)) {
                $sl []= $row;
            }
        }
        return $sl;
    }

    /**
     * @Secured('roles' = {'schooladm', 'manager'})
     * */
    function actionUsersManagerHandler() {
        global $krihvel, $kdb;
        // auth[] is locked in UI so convert 1->0 && 0->
        // first handle delete requests
        // then update info
        // finally, reset passwords.
        if ( isset($_POST['delete']) && is_array($_POST['delete']) ) {
            $keys = array_keys($_POST['delete']);
            foreach( $keys as $todel) {
                $q = "DELETE FROM users where id=".$todel;
                $kdb->query($q);
            }
        }

        if ( isset($_POST['email']) && is_array($_POST['email']) ) {
            $keys = array_keys($_POST['email']);
            foreach ( $keys as $uid) {
                $email = $_POST['email'][$uid];
                if ( strlen($email) > 0) {
                    $q = "INSERT INTO userinfo (userid, email) VALUES (".$uid.", '".$email."') ON DUPLICATE KEY UPDATE email='".$email."'";
                    $kdb->query($q);
                }
            }
        }
        
        if ( isset($_POST['school']) && is_array($_POST['school']) ) {
            $keys = array_keys($_POST['school']);
            foreach ( $keys as $uid) {
                $school = $_POST['school'][$uid];
                if ( is_numeric($school)) {
                    $q = "UPDATE users SET schoolID='".$school."' WHERE id=".$uid;
                    $kdb->query($q);
                }
            }
        }

        if ( isset($_POST['uid']) && is_array($_POST['uid']) ) {
            $keys = array_keys($_POST['uid']);
            foreach ( $keys as $k ) {
                $roles = "000000";
                $authable = "1";
                if ( isset($_POST['auth'][$k])) {
                    $authable = "0";
                }
                $roles[0] = $authable;
                $roles[1] = isset($_POST['member'][$k]) ? $_POST['member'][$k] : "0";
                $roles[2] = isset($_POST['manager'][$k]) ? $_POST['manager'][$k] : "0";
                $roles[3] = isset($_POST['scadm'][$k]) ? $_POST['scadm'][$k] : "0";

                $q = "UPDATE users SET roles='".$roles."' WHERE id=".$k;
                $kdb->query($q);
            }
        }

        // TODO: reset passwords
        // note: also check if we didn't delete a user before^^

        if ( isset($_POST['approve']) && is_array($_POST['approve']) ) {
            $toappr = array_keys($_POST['approve']);
            $ss = implode(' OR id=', $toappr);
            $kdb->query("UPDATE users SET approved=True WHERE id=".$ss);
        }
        return array('pid' => 'UsersManager');
    }

    function actionGotoAddUser() {
        return array('pid' => 'UsersManager', 'mode' => 'new_user_form');
    }

    function actionGotoCSV() {
        return array('pid' => 'UsersManager', 'mode' => 'users_csv_upload_page');
    }

    function new_user_formContent() {
        global $krihvel, $user, $kdb;
        $res = <<<EOD
<form class="long_inputs" action="handler.php" method="post">
<h2>Add new user</h2>
<label for="userid">Userid:</label>
<input type="text" id="userid" name="userid" value="" />
<label for="fullname">Fullname:</label>
<input type="text" id="fullname" name="fullname" value="" />
<label for="email">Email:</label>
<input type="text" id="email" name="email" value="" />
<label for="genre">Genre:</label>
<select name="genre" id="genre">
  <option value="boy">boy</option>
  <option value="girl">girl</option>
</select>
<label for="homepage">Homepage:</label>
<input type="text" id="homepage" name="homepage" value="" />
<label for="schoolID">School:</label>
%s
<div>
<input type="hidden" name="pid" value="UsersManager" />
<input class="submit" type="submit" name="actionCreateUser" value="Create" />
<input class="submit" type="submit" name="cancel_user_button" value="Cancel" />
</div>
</form>
EOD;
        $schoolform = "";
        if ( !$user->hasRole('manager')) {
            $q = "SELECT * FROM schools WHERE schoolID=".$user->getSchoolID();
            $ret = $kdb->query($q);
            $mres = mysql_fetch_array($ret);
            $schoolform = $mres['schoolName'];
        } else {
            $q = "SELECT * FROM schools";
            $ret = $kdb->query($q);
            $schoolform = "<select id=\"schoolID\" name=\"schoolID\">";
            while ( $row = mysql_fetch_array($ret)) {
                $schoolform .= "<option value=\"".$row['schoolID']."\">".$row['schoolName']."</option>";
            }
            $schoolform .= "</select>";
        }
        $krihvel->out("popup", sprintf($res, $schoolform));
    }

    function users_csv_upload_pageContent() {
        global $krihvel;
        $krihvel->out("popup", "users_csv_upload_page");
    }

    function actionCreateUser() {
        global $kdb, $user, $krihvel;
        $scID = $user->getSchoolID();
        if ( $user->hasRole('manager')) {
            $scID = $_POST['schoolID'];
        } else {
            if ( $scID == NULL) {
                return "usersmgm";
            }
        }
        $uid = $_POST['userid'];
        $fullname = $_POST['fullname'];
        $email = $_POST['email'];
        $genre = $_POST['genre'];
        $hp = $_POST['homepage'];
        $pwd = "abrakadabra";
        $roles = "110000";
        $q = "INSERT INTO users (uname, pwd, roles, schoolID) values ('%s', '%s', '%s', %s)";
        $q = sprintf($q, $uid, $pwd, $roles, $scID);
        $kdb->query($q);
        $dbuid = mysql_insert_id();
        $q2 = "INSERT INTO userinfo (userid, fullname, email, sex, homepage) values (%s, '%s', '%s', '%s', '%s')";
        $q2 = sprintf($q2, $dbuid, $fullname, $email, $genre, $hp);
        $kdb->query($q2);
        return array('pid' => 'UsersManager');
    }
}
?>