<?php
/**
 * _config.inc.php lives in the document root of the site/application. It is the beginning of everything.
 *
 * @author  Quinn Comendant <quinn@strangecode.com>
 * @version 1.3
 * @since   03 Dec 2005 19:09:32
 */

// The constant __FILE__ must be an absolute directory path, starting with / on unix or C: on windows.
// To work around a PHP bug always include this config file with: require_once dirname(__FILE__) . '/_config.inc.php';
if (!preg_match('!^(/|[A-Z]:)!', __FILE__)) {
    trigger_error('_config.inc.php include must be specified with an absolute file path (eg: "require_once dirname(__FILE__) . \'/_config.inc.php\';"', E_USER_ERROR);
}

// First things first. Define the globally used directory paths.
// The parent directory of all application DocRoots.
define('COMMON_BASE', realpath(dirname(__FILE__) . '/../'));

// The DocRoot for this application. SITE_BASE is different from $_SERVER['DOCUMENT_ROOT'] because the
// latter does not change when using the apache Alias directive or URL Rewriting to define a site.
define('SITE_BASE', dirname(__FILE__));

// Set include path for all templates and libraries.
ini_set('include_path', join(PATH_SEPARATOR, array(
    COMMON_BASE . '/lib',
    COMMON_BASE . '/templates',
    get_include_path(),
)));

// Include core libraries.
require_once 'codebase/lib/Utilities.inc.php';
require_once 'codebase/lib/App.inc.php';
require_once 'codebase/lib/Version.inc.php';

// Composer autoloader
require_once 'vendor/autoload.php';

// Models.
require_once 'models/Account.inc.php';
require_once 'models/Participant.inc.php';
require_once 'models/Payment.inc.php';
require_once 'models/Question.inc.php';
require_once 'models/Report.inc.php';
require_once 'models/SMS.inc.php';
require_once 'models/Survey.inc.php';
require_once 'models/Trigger.inc.php';
require_once 'models/User.inc.php';

// API credentials.
require_once 'api_auth.inc.php';

// Primary application class.
$app =& App::getInstance('public');
$app->setParam(array(
    'site_name' => 'Pulso',
    'site_email' => 'hello@pulso.io',
    'redirect_home_url' => '/',
    'images_path' => '/images',

    'date_format' => 'Y-m-d',
    // 'date_format' => 'd M Y',
    'sql_date_format' => '%e %b %Y',
    'sql_time_format' => '%k:%i',
    'character_set' => 'utf-8',

    'enable_session' => true,
    'enable_db_session_handler' => false,
    'session_use_cookies' => true,
    'session_use_trans_sid' => false, // Disable this for high-security sites where session-ID theft is a risk.

    'ssl_domain' => 'www.example.com',
    'ssl_enabled' => getenv('SERVER_NAME') == 'pulso.io',

    'enable_db' => true,
    'db_always_debug' => false,
    'db_debug' => true,
    'db_die_on_failure' => true,
    'db_create_tables' => true, // Disable after site launch.

    'display_errors' => false,
    'error_reporting' => E_ALL,

    'log_directory' => COMMON_BASE . '/log',
    'log_filename' => 'site_log',
    'log_file_priority' => getenv('SERVER_NAME') == 'pulso.io' ? LOG_INFO : LOG_DEBUG,
    'log_email_priority' => getenv('SERVER_NAME') == 'pulso.io' ? LOG_ERR : false,
    'log_sms_priority' => getenv('SERVER_NAME') == 'pulso.io' ? LOG_CRIT : false,
    'log_screen_priority' => false,
    // Email address to receive log event emails. Use multiple addresses by separating them with commas.
    'log_to_email_address' => 'quinn@strangecode.com',
    // SMS Email address to receive log event SMS messages. Use multiple addresses by separating them with commas.
    'log_to_sms_address' => 'sms-quinn@strangecode.com',
));

if (defined('_CLI')) {
    // DB credentials for command line scripts stored in a file with read rights
    // given only to the user who will be executing the scripts: -rw-------
    // This file includes $app-> method calls so this must be included after App::getInstance().
    require_once 'db_auth.inc.php';
}

// Start application-based functionality: database, session, environment, ini setup, etc.
// Most configuration parameters must be set before starting the App.
$app->start();

// Global DB object. Automatically pre-configured by $app->start().
$db =& DB::getInstance();

// Global site-specific configuration.
$cfg = array();
$cfg['google_analytics_property_id'] = 'UA-1148302-5';
$cfg['sms_provider'] = 'nexmo'; // Or 'twilio'.

// Global Auth object.
require_once 'codebase/lib/Auth_SQL.inc.php';
$auth = new Auth_SQL('app');
$auth->setParam(array(
    'db_table'          => 'user_tbl',
    'db_primary_key'    => 'user_id',
    'login_url'         => '/login.php',
    'login_timeout' => 260000, // 72 hours
    'idle_timeout' => 86400, // 24 hours
    'blocking' => true,
    'abuse_detection' => true,
    'encryption_type' => Auth_SQL::ENCRYPT_PASSWORD_BCRYPT,
));

// Access control lists
require_once 'codebase/lib/ACL.inc.php';
$acl =& ACL::getInstance();
$acl->setParam(array('enable_cache' => (getenv('SERVER_NAME') == 'pulso.io' ? true : false)));

// Global cache object.
require_once 'codebase/lib/Cache.inc.php';
$cache =& Cache::getInstance('global');
$cache->setParam(array('enabled' => true));

// Nav class for titles, breadcrumbs, and page features.
// Global navigation titles, breadcrumbs, and page features.
require_once 'codebase/lib/Navigation.inc.php';
$nav = new Navigation(array(
    'chop_breadcrumbs' => 1
));

// The object that validates form input.
require_once 'PulsoValidator.inc.php';
$fv = new PulsoValidator(array(
    'error' => ' error ',
    'warning' => ' warning ',
    'notice' => ' info ',
    'success' => ' success ',
));

// Stripe API
if ('pulso.io' == getenv('HTTP_HOST')) {
     // LIVE API KEY!!!!!!!!
    Stripe::setApiKey(getenv('STRIPE_LIVE_SECRET_KEY'));
    $cfg['stripe_test_mode'] = false;
} else {
    // Test API key
    Stripe::setApiKey(getenv('STRIPE_TEST_SECRET_KEY'));
    $cfg['stripe_test_mode'] = true;
    $app->logMsg(sprintf('Stripe test mode is on', null), LOG_DEBUG, __FILE__, __LINE__);
}
if ('' == Stripe::$apiKey) {
    $app->logMsg(sprintf('Stripe API key is missing', null), LOG_ERR, __FILE__, __LINE__);
}


//
// Everything below here is only useful for logged-in users; end processing this file if not logged-in.
//
if (!$auth->isLoggedIn()) {
    return;
}


// Load preferences for the user.
// require_once 'codebase/lib/Prefs.inc.php';
// $prefs = new Prefs('permanent');
// $prefs->setParam(array(
//     'persistent' => $auth->isLoggedIn(),
//     'user_id' => $auth->get('user_id'),
// ));
// $prefs->setDefaults(array(
// ));
// $prefs->load();

// Global record-locking object.
require_once 'codebase/lib/Lock.inc.php';
$lock =& Lock::getInstance($auth);
$lock->setParam(array(
    'timeout' => 0,
    'auto_timeout' => 1800,
    'error_url' => '/lock.php',
));

// Setup CSS files to include. These will always be available.
// require_once 'codebase/lib/CSS.inc.php';
// $css = new CSS();
// $css->setParam(array('cache_css' => false)); // TODO: Enable caching after site launch.
// $css->setFile('codebase/css/codebase.inc.css');
// $css->setFile('codebase/css/utilities.inc.css');
// $css->setFile('codebase/css/admin2.inc.css');
// $css->setFile('admin/css/screen.inc.css');
// Set this to the SMS provider to use (affects the SMS::send() function). Possible values are: twilio, nexmo

switch ($cfg['sms_provider']) {
case 'nexmo':
    // Nexmos SMS API configuration and setup.
    // $nexmo_api_key and $nexmo_api_secret are defined in api_auth.inc.php
    require_once 'vendor/prawnsalad/nexmo/src/NexmoMessage.php';
    $nexmo_sms = new NexmoMessage($nexmo_api_key, $nexmo_api_secret);
    break;

case 'twilio':
    // Twilio SMS API configuration and setup.
    // Docs: https://www.twilio.com/docs/api/rest/message
    // $twilio_AccountSid and $twilio_AuthToken are defined in api_auth.inc.php
    // require_once 'vendor/twilio-php/Services/Twilio.php';
    // $twilio = new Services_Twilio($twilio_AccountSid, $twilio_AuthToken);
    break;
}

// Default filter to currently running survey so the admin system always displays its questions and participants.
if ('' == getFormData('filter_survey_id')) {
    if ($survey = Survey::getCurrent()) {
        $_GET['filter_survey_id'] = $survey['survey_id'];
    }
}

// Load user and account data.
$user = User::get(array('user_id' => $auth->get('user_id')));
$account = Account::get(array('account_id' => $auth->get('account_id')));

// Notify user of pending email confirmation.
$cfg['user_edit_url'] = $app->ohref('/users.php?op=edit');
$cfg['resend_confirm_url'] = $app->ohref('/confirm.php?op=resend');

// Give the user 15 minutes before pestering them about their unconfirmed email address.
if (strtotime($user['modified_datetime']) + 900 < time() && $user['status'] != 'email confirmed' && !getFormData('c')) {
    $app->raiseMsg(_("Your email address has not yet been confirmed. Please check your email for a confirmation link to activate your account.") . sprintf(_("<div><a href=\"%s\">Resend confirmation email</a> or <a href=\"%s\">change your email address</a>.</div>"), $cfg['resend_confirm_url'], $cfg['user_edit_url']), MSG_NOTICE, __FILE__, __LINE__);
}