<?php
# Jisko: An open-source microblogging application
# Copyright (C) 2010 Rub√©n D√≠az <outime@gmail.com>
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

global $_USER;
global $db;
global $globals;
global $mailing;

if (!$_USER) header('Location: '.BASE);
define('TITLE', __('Settings'));

$userID = $_USER['user_id'];

switch (PARAMS) {
	case 'profile':
		if ($_POST) {
			extract($_POST);
			if($auth != md5($_USER['salt'])) die;
			$url = filter_var($url, FILTER_VALIDATE_URL);
			$show_followers = (bool) (isset($_POST['show_followers']));
			if(array_key_exists($language, $globals['languages'])) {
				global $gettext_tables;
				$_USER['language'] = $language;
				$db->updateLanguage($userID, $language);
				if (file_exists(PATH.'includes/languages/'.deflang($language).'/LC_MESSAGES/messages.mo')) {
					$gettext_tables = new gettext_reader(
						new CachedFileReader(PATH.'includes/languages/'.deflang($language).'/LC_MESSAGES/messages.mo')
						);
					$gettext_tables->load_tables();
				}
			}
			if($private_profile == 'on') $private_profile = 1; else $private_profile = 0;
			$db->updateProfile($userID, $realname, $url, $location, $bio, $show_followers, $language, $private_profile);
			if ($private_profile) {
				$db->updateProfileType($userID, 'private');
			} else {
				$db->updateProfileType($userID, 'public');
			}
			
			$_USER['realname'] = $realname;
			$_USER['url'] = $url;
			$_USER['location'] = $location;
			$_USER['bio'] = $bio;
			$_USER['show_followers'] = $show_followers;
			$_USER['private'] = $private_profile;
			
			if (!empty($_FILES['avatar']['tmp_name'])) {
				$upload = uploadAvatar($_FILES);
				switch ($upload) {
					case 'INVALID_EXTENSION':
						$error = __('Invalid extension!');
						break;
					case 'BIG_FILE':
						$error = __('File too big!');
						break;
				}
			}
			
			$ok = '';
		}
		
		if ($_GET['action'] == 'delete_avatar') {
			if ($_GET['auth'] != md5($_USER['salt'])) $error = __('You are not allowed to perform this operation');
			else {
				$db->updateAvatar($_USER['ID']);
				$_USER['avatar'] = '';
				$avatar = $_USER['avatar'];
				$username = $_USER['username'];
				$avatar_info = pathinfo(PATH."users_files/$username/img/avatar/$avatar");
				@unlink(PATH."users_files/$username/img/avatar/$avatar");
				@unlink(PATH."users_files/$username/img/avatar/".$avatar_info['filename'].'_side.'.$avatar_info['extension']);
				@unlink(PATH."users_files/$username/img/avatar/".$avatar_info['filename'].'_note.'.$avatar_info['extension']);
				@unlink(PATH."users_files/$username/img/avatar/".$avatar_info['filename'].'_follow.'.$avatar_info['extension']);
				@unlink(PATH."users_files/$username/img/avatar/".$avatar_info['filename'].'_top.'.$avatar_info['extension']);
			
				$ok = '';
			}
		}
		
		if (!isset($error)) {
			if (isset($ok)) echo showStatus(__('Settings updated!'), 'ok');
		}
		else echo showStatus($error, 'error');
		
		doProfileForm();
		break;
	case 'config':
		if ($_GET['uid'] && $_GET['key']) {
			$check = $db->checkEmailKey($_GET['key'], $_GET['uid']);
			if ($check) {
				$newEmail = $db->getEmailFromKey($_GET['key'], $_GET['uid']);
				$_USER['email'] = $newEmail;
				$db->updateMail($_USER['ID'], $newEmail);
				echo showStatus(__('Email changed!'), 'ok');
			}
		}
		if ($_POST) {
			extract($_POST);
			if (md5(md5($current_password).md5($_USER['salt'])) == $_USER['password']) {
				if (($email) and ($db->checkEmail($email, $_USER['ID']) and ($_USER['email'] != $email))) {
					echo showStatus(__('E-mail has already been taken'), 'error');
					return doConfigurationForm();
				}
				if (($jabber) and ($db->checkJabber($jabber, $_USER['ID']) and ($_USER['jabber'] != $jabber))) {
					echo showStatus(__('Jabber has already been taken'), 'error');
					return doConfigurationForm();
				}
				if (empty($email)) $email = $_USER['email'];
				else {
					$email = filter_var($email, FILTER_VALIDATE_EMAIL);
					if ($email != $_USER['email']) $emailChange = true;
				}
				
				if (!filter_var($jabber, FILTER_VALIDATE_EMAIL)) $db->updateJabber($_USER['ID'], '');
				else $db->updateJabber($_USER['ID'], $jabber);
				
				$_USER['jabber'] = $jabber;
				
				/*if($email) {
					$db->updateMail($_USER['ID'], $email);
				}*/
				if (!empty($new_password)) {
					if ($new_password != $new_password2) {
						echo showStatus(__("Passwords don't match"), 'warning');
						return doConfigurationForm();
					}
					else {
						$salt = substr(md5(mt_rand()), 0, 5);
						$new_password = md5(md5($new_password).md5($salt));
						$_USER['salt'] = $salt;
						$_USER['password'] = $new_password;
						$db->updatePassword($_USER['ID'], $new_password, $salt);
					}
				}
				if ($new_api == 'on') {
					$newapi = substr(md5($_USER['username'].rand()), 0, 16);
					$db->updateAPI($_USER['ID'], $newapi);
					$_USER['api'] = $newapi;
				}
				if ($notification_level) {
					$notification_level = (int) $notification_level;
					if ($notification_level > 3) $notification_level = 3;
					$_USER['notification_level'] = $notification_level;
					$db->updateLevel($_USER['ID'], $notification_level);
				}
				
				if ($shorter_service) {
					$short_array = unserialize($_USER['shorter_service']);
					$short_array['service'] = $shorter_service;
					
					if ($shorted_preview == true) $short_array['preview'] = true;
					else $short_array['preview'] = false;
					
					$_USER['shorter_service'] = serialize($short_array);
					$db->updateShorterService($_USER['ID'], $_USER['shorter_service']);
				}
				
				if (!$emailChange) $status = 'OK'; else $status = 'OK_EMAIL';
			} else {
				$status = 'INCORRECT_PASSWORD';
			}
			
			if ($status == 'INCORRECT_PASSWORD') echo showStatus(__('Incorrect password'), 'error');
			if ($status == 'OK') echo showStatus(__('Settings updated!'), 'ok');
			if ($status == 'OK_EMAIL') {
				echo showStatus(__('Settings updated!'), 'ok');
				if (defined('NO_CONFIRMATION_EMAIL')) {
					if (NO_CONFIRMATION_EMAIL == true) $noemail = true;
					else $noemail = false;
				}
				else $noemail = false;
				
				if (!$noemail) {
					echo showStatus(__('We have sent you a confirm message to the new mail!'), 'warning');
					$token = substr(md5(rand()), 0, 12);
					$db->newKey($_USER['ID'], 'email', $token, $email);
					$mailing->emailChange($email, $_USER['ID'], $email, $token);
				}
				else {
					$db->updateMail($_USER['ID'], $newEmail);
					echo showStatus(__('Email changed!'), 'ok');
				}
			}
		}
		doConfigurationForm();
		break;
	case 'customize':
		if ($_GET['action'] == 'delete') {
			if ($_GET['auth'] != md5($_USER['salt'])) $error = __('You are not allowed to perform this operation');
			else {
				$db->updateBackground($_USER['ID'], '');
				@unlink(PATH.'/users_files/'.$_USER['username'].'/img/background/bg.'.$_USER['background']);
				$_USER['background'] = '';
				$ok = __('Settings updated!');
			}
		}
		elseif ($_POST) {
			
			if (!empty($_FILES['background']['name'])) {
				$upload = uploadBackground();
				switch ($upload) {
					case 'INVALID_EXTENSION':
						$error = __('Invalid extension!');
						break;
					case 'BIG_FILE':
						$error = __('File too big!');
						break;
				}
			}
			
			if ($_POST['style']) {
				$style = 'normal';
				switch ($_POST['style']) {
					case 'normal':
						$style = 'normal';
						break;
					case 'repeat':
						$style = 'repeat';
						break;
					case 'centered':
						$style = 'centered';
						break;
					case 'fixed':
						$style = 'fixed';
						break;
				}
				
				$result = $db->updateBackgroundStyle($_USER['ID'], $style);
				$_USER['background_style'] = $style;
			}
			
			if ($_POST['theme']) {
				$db->updateTheme($_USER['ID'], $_POST['theme']);
			}
			
			$ok = __('Settings updated!');
		}
			
		if (isset($error)) echo showStatus($error, 'error');
		elseif (isset($ok)) echo showStatus($ok, 'ok');
		
		doCustomizeForm();
		break;
	case 'twitter':
		if ($_POST) { 
			if ($_POST['auth'] != md5($_USER['salt'])) $error = __('You are not allowed to perform this operation');
			else {
				if ($_USER['twitter_username'] != $_POST['twitter_username'] || ($_POST['twitter_password'] != '************')) {
					extract($_POST);
					if (!empty($twitter_username) and !empty($twitter_password)) {
						$auth = twitter::login($twitter_username, $twitter_password);
						if (!empty($auth)) {
							$db->updateTwitter($_USER['ID'], $twitter_username, $twitter_password);
							if (!$_USER['twitter_username'] && (!$_USER['twitter_password'])) {
								$_USER['show_twits'] = true;
								$_USER['post_tweets'] = true;
								$db->updateShowTwits($_USER['ID'], true);
								$db->updatePostTweets($_USER['ID'], true);
							}
							$_USER['twitter_username'] = $twitter_username;
							$_USER['twitter_password'] = $twitter_password;
							
							$ok = __('Twitter updated!');
						} else {
							$error = __('Incorrect login credentials');
						}
					} else {
						$error = __('Please fill all the inputs');
					}
				} else {
					$st = (bool) (isset($_POST['show_twits']));
					$_USER['show_twits'] = $st;
					$db->updateShowTwits($_USER['ID'], $st);

					$st = (bool) (isset($_POST['post_tweets']));
					$_USER['post_tweets'] = $st;
					$db->updatePostTweets($_USER['ID'], $st);
					
					$ok = __('Twitter updated!');
				}
			}
		} elseif ($_GET['action'] == 'delete') {
			if ($_GET['auth'] != md5($_USER['salt'])) $error = __('You are not allowed to perform this operation');
			else {
				$db->updateTwitter($_USER['ID'], '', '');
				$db->updateShowTwits($_USER['ID'], false);
				$db->updatePostTweets($_USER['ID'], false);
				$_USER['twitter_username'] = '';
				$_USER['twitter_password'] = '';
				$_USER['show_twits'] = false;
				$_USER['post_tweets'] = false;
				
				$ok = __('Disabled twitter integration with').' '.NAME.' '.__('with success.');
			}
		}
		
		if (isset($error)) echo showStatus($error, 'error');
		else {
			if (isset($ok)) echo showStatus($ok, 'ok');
		}
		
		doTwitterForm();
		break;
	case 'drop':
		if ($_POST) {
			$postPassword = md5(md5($_POST['password']).md5($_USER['salt']));
			if ($_USER['password'] == $postPassword) {
				echo showStatus(__('Confirmation sent by email!'), 'ok');
				$token = substr(md5(rand()), 0, 12);
				$db->newKey($_USER['ID'], 'drop', $token);
				$mailing->confirmDrop($_USER['email'], $_USER['username'], $_USER['ID'], $token);
			} else {
				echo showStatus(__('Incorrect password'), 'error');
			}
		}
		if ($_GET['uid'] && $_GET['key']) {
			if ($db->checkDropKey($_GET['key'], $_GET['uid'])) {
				if (defined('ADMIN_MAIL') && (defined('ALERT_ON_DELUSER'))) {
					if (ALERT_ON_DELUSER == true) $mailing->alertDelUser($_GET['uid']);
				}
				$db->deleteUser($_GET['uid']);
				setcookie(NAME, '', time()-3600);
				unset($_USER);
				$db->deleteKey($_GET['key'], $_GET['uid']);
				header('Location: '.BASE);
			} else {
				echo showStatus(__('Incorrect authorization code!'), 'error');
			}
		}
		doDropForm();
		break;
	case 'ignores':
		doIgnoresForm();
		break;
	default:
		if ($_USER) header('Location: '.BASE.'settings/profile');
		break;
}

?>