<?php
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
error_reporting(E_ALL);
class Data{
	function __construct(){
                $this->link_database();
                $this->em_check_database();
                $this->read_variables();
                date_default_timezone_set('Europe/Berlin');
        }
	
	function read_variables() {
	//reads all GET and POST variables into the object, addslashing both
		if (count($_POST)) {
			foreach ($_POST as $key => $val){
				$key=addslashes("r_".$key);
				if (is_array($val)) {
					for ($z=0;$z<count($val);$z++) {
						$val[$z]=addslashes($val[$z]);
					}
				}
				else {
					$val=addslashes($val);
				}
				$this->$key=$val;
			}
		}
		if (count($_GET)) {
			foreach ($_GET as $key => $val){
				$key=addslashes("r_".$key);
				if (is_array($val)) {
					for ($z=0;$z<count($val);$z++) {
						$val[$z]=addslashes($val[$z]);
					}
				}
				else {
					$val=addslashes($val);
				}

				$this->$key=$val;
			}
		}
	}//end of function read variables


	function link_database() {
		$this->databaselink = new mysqli(DB_HOST,DB_USER,DB_PW,DB_DATABASE);
		$this->databaselink->set_charset('utf8');
		if ($this->databaselink->connect_errno) {
			return "Datenbank nicht erreichbar: (" . $this->databaselink->connect_errno . ") " . $this->databaselink->connect_error;
		}
		else{
			$this->databasename=DB_DATABASE;
			$this->databaselink->query("SET SQL_MODE = '';");
			return True;
		}
	}
	
function em_check_database() {
	/*
	params:
		None
	returns:
		None
	This function compares the database structure to a predefined structure which is saved in db_array_config.php
	and adds missing structures. Makes installation+updates easy
	*/
	$aTable=array();
      	//Alle Tabellen in Array lesen, inklusive aller Eigenschaften
	$result=$this->databaselink->query("show tables from ".DB_DATABASE);
	while($row = $result->fetch_array(MYSQLI_BOTH)){ 
		$aTable[]=$row[0];
	}
	$aData=array();
	$database_structure_path = __DIR__."/config/db_array.inc.php";
	include($database_structure_path);
	foreach($aData as $table=>$fields){
		if(!in_array($table,$aTable)) {
			//Add table to database
			$mCounter=0;
			$sCommand="CREATE TABLE IF NOT EXISTS `".$table."` (";
			foreach($fields as $fieldname=>$properties){
				$extra = "";
				if($mCounter==0) {
					$key="KEY `".$fieldname."` (`".$fieldname."`)";
				}
				if($properties["size"]!="") { 
					$size="(".$properties["size"].")";
				}
				else {
					$size="";
				}
				if((isset($properties["unique"])) and ($properties['unique']==true)) { 
					$unique="UNIQUE KEY `".$fieldname."_2` (`".$fieldname."`),";}
				else {
					$unique="";
				}
				if((isset($properties["extra"])) and ($properties != "")){
					$extra = $properties['extra'];
				}
				$sCommand .= "`".$fieldname."` ".$properties["type"].$size." ".$properties["standard"]." ".$extra.",";
				$mCounter++;
			
			}
			$sCommand.=$unique.$key.") ENGINE=InnoDB ;";
			$this->last_query[]=$sCommand;
			$updateresult=$this->databaselink->query($sCommand);
		}
		else {
			//Felder checken und Tabelle updaten
			$resultField=$this->databaselink->query("show fields from ".DB_DATABASE.".".$table);
			while($aRowF = $resultField->fetch_array(MYSQLI_BOTH)){ 
				$aTableFields[]=$aRowF[0];
			}
			foreach($fields as $fieldname=>$properties) {
				if(!in_array($fieldname,$aTableFields)) {
					if((isset($properties["size"]) and ($properties['size']!=""))) { 
						$size="(".$properties["size"].")";
					}
					else {
						$size="";
					}
					$sCommand="ALTER TABLE `".$table."` ADD `".$fieldname."` ".$properties["type"].$size." ".$properties["standard"];
					$this->last_query[]=$sCommand;
					$updateresult=$this->databaselink->query($sCommand);
				}
			}
		}
		unset($aTableFields);
		unset($aFields);
		unset($properties);
	}
	unset($aData);
    }
	
	function store_data($sTable,$aFields,$sKey_ID,$mID) {
     	//updates or inserts data
      	//returns ID or -1 if fails
		$i=0; $returnID = 0;

		if(($mID>0) or ($mID!="") or ($mID != null)) {
		      //search for it
		 $aCheckFields=array($sKey_ID=>$mID);
		 $aRow=$this->select_row($sTable,$aCheckFields);
		 $returnID=$aRow[$sKey_ID];
	      }
	      if(($returnID>0) or ($returnID!="")) {
		 $sQuery="update ".$sTable." set ";
		 foreach($aFields as $key=>$value) {
		    $sQuery.=$key."='".$value."'";
		    $i++;
		    if($i<count($aFields)) {
		       $sQuery.=",";
		    }
		 }
		 $sQuery.=" where ".$sKey_ID."='".$mID."'";
		 $mDataset_ID=$returnID;
	      }
	      else {
		 $sKeys = "";  $sValues = "";
		 $sQuery="insert into ".$sTable." (";
		 foreach($aFields as $sKey=>$value) {
		    $sKeys.=$sKey;
		    $sValues.="'".$value."'";
		    $i++;
		    if($i<count($aFields)) {
		       $sKeys.=",";
		       $sValues.=",";
		    }
		 }
		 $sQuery.=$sKeys.") values (".$sValues.")";
	      }
	      $this->last_query[]=$sQuery;
	      if ($pResult = $this->databaselink->query($sQuery)) {
		 if(($returnID>0) or ($returnID!="")) {
		    return $returnID;
		 }
		 else {
		    return $this->databaselink->insert_id;
		 }
	      }
	      else {
		 return -1;
	      }
	}

	function save_user($aUser){
                /*
                args:
                        Array $aUser
                                Array of user information which will be saved.
                                e.g.    array(
                                                'forename' => String $forname,
                                                'surname' => String $surname,
                                                'email' => String $email,
                                                'UID' => String $UID,
                                                'language' => String $language,
                                                'admin' => Bool $admin,
                                                'password' => String md5(str_rev($password)), #deprecated, do not use!
                                                'password_hash' => password_hash(String $password, PASSWORD_DEFAULT)
                                        );

                returns:
                        None
                Function will save user Information given in $aUser. If user exists it will
                overwrite existing data but not delete not-specified data
                */

                $aFields = $aUser;
                if ((isset($this->r_user_ID))and ($this->r_user_ID != "")){
                        $this->ID=$this->store_data(TABLE_USER, $aFields, 'user_ID' , $this->r_user_ID);
                }
                else{
                        $this->ID=$this->store_data(TABLE_USER, $aFields, NULL , NULL);
                }
	}
	
	function get_view($Datei) {
	         ob_start();  //startet Buffer
		 include($Datei);  
		 $output=ob_get_contents();  //Buffer wird geschrieben
		 ob_end_clean();  //Buffer wird gelöscht
		 return $output;
	}
}

//end of class

session_start();


include ("config/config.inc.php");


$oObject = new Data;

$oObject->output = "";
switch ($oObject->r_ac){
	case 'user_save':
		$aUser = array();
		if(isset($oObject->r_user_ID)){
			$aUser['user_ID'] = $oObject->r_user_ID;
		}
		if(isset($oObject->r_name)){
			$aUser['name'] = $oObject->r_name;
		}
		if(isset($oObject->r_email)){
			$aUser['email'] = $oObject->r_email;
		}
		if(isset($oObject->r_email)){
			$aUser['signalmessenger'] = $oObject->r_signalmessenger;
		}
		if(isset($oObject->r_email)){
			$aUser['sms'] = $oObject->r_sms;
		}
		if(isset($oObject->r_email)){
			$aUser['telegram'] = $oObject->r_telegram;
		}
		if(isset($oObject->r_email)){
			$aUser['threema'] = $oObject->r_threema;
		}
		$oObject->save_user($aUser);
		$oObject->output .= "Erfolgreich gespeichert";
		break;
	default:
		$oObject->output = $oObject->get_view("views/user_form.php");
		break;
}
function output($oObject){
		echo $oObject->get_view("views/head.php");
		echo $oObject->get_view("views/body.php");
}
output($oObject);


?>