<?php
define("SVRJS_MOD_DIRECTORY", null);
define("SVRJS_MOD_DIRECTORY_MODERATION", null);
include '../config.php';
$appModerationRoot = dirname($_SERVER['SCRIPT_NAME']);
if ($appModerationRoot[strlen($appModerationRoot) - 1] != "/") $appModerationRoot = $appModerationRoot . '/';
$appRoot = dirname($_SERVER['SCRIPT_NAME'], 2);
if ($appRoot[strlen($appRoot) - 1] != "/") $appRoot = $appRoot . '/';
define('APP_ROOT', $appRoot);
define('APP_FSROOT', dirname(__FILE__, 2));
define('APP_MODERATION_FILENAME', basename($_SERVER['SCRIPT_NAME']));
define('APP_MODERATION_ROOT', $appModerationRoot);
include '../vendor/autoload.php';
include '../includes/init.php';
include '../includes/moderation_init.php';

$errorMessage = null;
$categoryAdded = false;
$categoryRenamed = false;
$categoryRemoved = false;

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  if (!isset($_POST['_csrf']) || $_POST['_csrf'] != $_SESSION['moderation_csrf']) {
    $errorMessage = "Potential CSRF attack detected.";
  } elseif (!isset($_POST['action'])) {
    $errorMessage = "No action specified.";
  } elseif ($_POST['action'] == "add") {
    if (!isset($_POST['categoryname']) || !$_POST['categoryname']) {
      $errorMessage = "You need to specify the category name.";
    } else {
      $slug = null;
      $slugError = false;
      $tempSlug = null;
      $tempSlugCount = 1;
      while (is_null($slug)) {
        if (!$tempSlug) {
          $tempSlug = strtolower($_POST['categoryname']);
          $tempSlug = preg_replace('/[^a-zA-Z0-9]+/', '-', $tempSlug);
          $tempSlug = preg_replace('/^-+/', '', $tempSlug);
          $tempSlug = preg_replace('/-+$/', '', $tempSlug);
        }

        $statement = $connection->prepare("SELECT slug FROM categories WHERE slug = ?");
        if (!$statement) {
          $slugError = true;
          $errorMessage = "An unexpected error occurred while adding the category.";
          break;
        } else {
          $tempSlug2 = $tempSlug . ($tempSlugCount > 1 ? '-' . strval($tempSlugCount) : '');
          $statement->bind_param('s', $tempSlug2);
          $statement->execute();
          $slugExistsResult = $statement->get_result();
          if (!$slugExistsResult) {
            $slugError = true;
            $errorMessage = "An unexpected error occurred while adding the category.";
            $statement->close();
            break;
          } else {
            $slugExists = boolval($slugExistsResult->fetch_assoc());
            $statement->close();
            if (!$slugExists) {
              $slug = $tempSlug2;
            } else {
              $tempSlugCount++;
            }
          }
        }
      }
      if (!$slugError) {
        $statement = $connection->prepare('INSERT INTO categories (name, slug) VALUES (?, ?);');
        if (!$statement) {
          $errorMessage = "An unexpected error occurred while adding the category.";
        } else {
          $statement->bind_param('ss', $_POST['categoryname'], $slug);
          if (!$statement->execute()) {
            $errorMessage = "An unexpected error occurred while adding the category.";
          } else {
            $categoryAdded = true;
          }
          $statement->close();
        }
      }
    }
  } elseif ($_POST['action'] == "rename") {
    if (!isset($_POST['category'], $_POST['categoryname']) || !$_POST['category'] || !$_POST['categoryname']) {
      $errorMessage = "You need to specify the category you want to rename and the new category name.";
    } elseif (!filter_var($_POST['category'], FILTER_VALIDATE_INT)) {
      $errorMessage = "Invalid category.";
    } else {
      $categoryID = intval($_POST['category']);
      $statement = $connection->prepare("SELECT id FROM categories WHERE id = ?");
      if (!$statement) {
        $errorMessage = "An unexpected error occurred while renaming the category.";
      } else {
        $statement->bind_param('i', $categoryID);
        $statement->execute();
        $result = $statement->get_result();
        if (!$result) {
          $errorMessage = "An unexpected error occurred while renaming the category.";
          $statement->close();
        } else {
          $isCategoryPresent = boolval($result->fetch_assoc());
          $statement->close();
          if (!$isCategoryPresent) {
            $errorMessage = "The selected category doesn't exist.";
          } else {
            $statement = $connection->prepare('UPDATE categories SET name = ? WHERE id = ?;');
            if (!$statement) {
              $errorMessage = "An unexpected error occurred while renaming the category.";
            } else {
              $statement->bind_param('si', $_POST['categoryname'], $categoryID);
              if (!$statement->execute()) {
                $errorMessage = "An unexpected error occurred while renaming the category.";
              } else {
                $categoryRenamed = true;
              }
              $statement->close();
            }
          }
        }
      }
    }
  } elseif ($_POST['action'] == "remove") {
    if (!isset($_POST['category']) || !$_POST['category']) {
      $errorMessage = "You need to specify the category you want to remove.";
    } elseif (!filter_var($_POST['category'], FILTER_VALIDATE_INT)) {
      $errorMessage = "Invalid category.";
    } else {
      $categoryID = intval($_POST['category']);
      $statement = $connection->prepare("SELECT id FROM categories WHERE id = ?");
      if (!$statement) {
        $errorMessage = "An unexpected error occurred while removing the category.";
      } else {
        $statement->bind_param('i', $categoryID);
        $statement->execute();
        $result = $statement->get_result();
        if (!$result) {
          $errorMessage = "An unexpected error occurred while removing the category.";
          $statement->close();
        } else {
          $isCategoryPresent = boolval($result->fetch_assoc());
          $statement->close();
          if (!$isCategoryPresent) {
            $errorMessage = "The selected category doesn't exist.";
          } else {
            $statement = $connection->prepare('DELETE FROM categories WHERE id = ?;');
            if (!$statement) {
              $errorMessage = "An unexpected error occurred while removing the category.";
            } else {
              $statement->bind_param('i', $categoryID);
              if (!$statement->execute()) {
                $errorMessage = "An unexpected error occurred while removing the category.";
              } else {
                $categoryRemoved = true;
              }
              $statement->close();
            }
          }
        }
      }
    }
  } else {
    $errorMessage = "Unknown action specified.";
  }
}

$pageTitle = "Categories";
include '../includes/moderation_header.php';
?>
<h1>Categories</h1>
<?php if ($errorMessage) echo '<p class="form-error">' . htmlspecialchars($errorMessage) . '</p>'; ?>
<?php
if ($categoryAdded) {
  echo '<p>Category has been added.</p>';
} elseif ($categoryRenamed) {
  echo '<p>Category has been renamed.</p>';
} elseif ($categoryRemoved) {
  echo '<p>Category has been removed.</p>';
}
?>
<h2>Add category</h2>
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
  <div class="form-block">
    <label for="categoryname1">Category name:</label>
    <input type="text" name="categoryname" id="categoryname1" required>
  </div>
  <div class="form-block">
    <input type="submit" value="Add category">
  </div>
  <input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
  <input type="hidden" name="action" value="add">
</form>
<h2>Rename category</h2>
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
  <div class="form-block">
    <label for="category1">Category:</label>
    <select id="category1" name="category" required>
      <?php
      $result = $connection->query('SELECT id, name FROM categories');
      if ($result) {
        while ($row = $result->fetch_assoc()) {
          echo '<option value="' . htmlspecialchars(strval($row['id'])) . '">' . htmlspecialchars($row['name']) . '</option>';
        }
      }
      ?>
    </select>
  </div>
  <div class="form-block">
    <label for="categoryname2">Category name:</label>
    <input type="text" name="categoryname" id="categoryname2" required>
  </div>
  <div class="form-block">
    <input type="submit" value="Rename category">
  </div>
  <input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
  <input type="hidden" name="action" value="rename">
</form>
<h2>Remove category</h2>
<p>This will cause mods in the category you want to remove to be of invalid category.</p>
<form action="<?php echo htmlspecialchars(APP_MODERATION_ROOT . 'categories.php'); ?>" method="post" class="form">
  <div class="form-block">
    <label for="category2">Category:</label>
    <select id="category2" name="category" required>
      <?php
      $result = $connection->query('SELECT id, name FROM categories');
      if ($result) {
        while ($row = $result->fetch_assoc()) {
          echo '<option value="' . htmlspecialchars(strval($row['id'])) . '">' . htmlspecialchars($row['name']) . '</option>';
        }
      }
      ?>
    </select>
  </div>
  <div class="form-block">
    <input type="submit" value="Remove category">
  </div>
  <input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($_SESSION['moderation_csrf']); ?>">
  <input type="hidden" name="action" value="remove">
</form>
<h2>List of categories</h2>
<?php
$result = $connection->query("SELECT
  categories.id AS id,
  categories.name AS name,
  categories.slug AS slug,
  (
    SELECT COUNT(mods.id)
    FROM mods
    JOIN users ON users.id = mods.user
    WHERE mods.category = categories.id
      AND mods.is_removed = 0
      AND users.is_suspended = 0
      AND users.is_verified = 1 
      AND users.is_deleted = 0
    LIMIT 1
  ) AS count
FROM categories;");
if (!$result) {
  echo "<p>An unexpected error occurred while fetching categories.</p>";
} else {
  $categoriesPresent = false;
  while ($category = $result->fetch_assoc()) {
    $categoriesPresent = true;
    echo '<div class="category">
              <h3>' . htmlspecialchars($category['name']) . '</h3>
              <p>Mods: ' . htmlspecialchars(number_format($category['count'], 0)) . '</p>
            </div>';
  }
  if (!$categoriesPresent) {
    echo '<p>No categories.</p>';
  }
}
?>
<?php
include '../includes/moderation_footer.php';
include '../includes/moderation_final.php';
include '../includes/final.php';
?>