<?php
/*
* signup.php
*
*
*
* @author   Quinn Comendant <quinn@strangecode.com>
* @version  1.0
* @since    08 Nov 2014 18:38:55
*/

/********************************************************************
* CONFIG
********************************************************************/

require_once dirname(__FILE__) . '/_config.inc.php';


/********************************************************************
* MAIN
********************************************************************/

// If boomerang is set remember which page we came from so we can go back there.
if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) {
    $app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'signup');
    $app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'previoussignup');
}

$app->sslOn();

switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
default:
    $frm = Account::merge(User::merge(array(
        'timer_token' => addSignature(time())
    )));
    break;

case 'POST':
    $fv = validateForm($fv);
    if ($fv->anyErrors()) {
        // Redisplay form data.
        $frm = Account::merge(User::merge(getFormData(), array(
            'timer_token' => addSignature(time())
        )));
    } else {
        //
        // No errors, let's do it…
        //

        // Create account.
        $account_id = Account::insert(Account::merge(getFormData(), array(
            'status' => 'pending',
            'available_credit' => '5.00',
            'recharge_amount' => '10.00',
        )));

        // Create primary user.
        $user_id = User::insert(User::merge(getFormData(), array(
            'account_id' => $account_id,
            'user_type' => 'primary',
            'status' => 'email pending',
        )));

        // Add user as access request object, under 'general'.
        $acl->addRequestObject('user_id:' . $user_id, 'general');

        // Create version of new records.
        $version = Version::getInstance($auth);
        $version->create('account_tbl', 'account_id', $account_id, getFormData('organization'));
        $version->create('user_tbl', 'user_id', $user_id, getFormData('username'));

        // Notify the user that she is awesome.
        $app->raiseMsg(sprintf(_("Your account has been created. Welcome! Have a look around, and if you have any questions you can always email us at <em>%s</em>."), $app->getParam('site_email')), MSG_SUCCESS, __FILE__, __LINE__);
        $app->logMsg(sprintf('New signup: %s (%s %s <%s>) with account_id %s user_id %s.', getFormData('organization'), getFormData('first_name'), getFormData('last_name'), getFormData('email'), $account_id, $user_id), LOG_INFO, __FILE__, __LINE__);

        // Send email confirmation.
        User::requestEmailConfirmation($user_id, null, 'signup_email_confirmation.eml');
        $app->raiseMsg(sprintf(_("A confirmation email has been sent to <em>%s</em>. Click on the confirmation link in the email to activate your account."), getFormData('email')), MSG_NOTICE, __FILE__, __LINE__);

        // Login the new user and send them to the dashboard.
        $auth->login(getFormData('username'), getFormData('userpass'));
        $app->dieURL('/');
    }
}

/********************************************************************
* OUTPUT
********************************************************************/

// Titles and navigation header.
$nav->add(_("Create a new account"));

include 'header.inc.html';
include 'signup.inc.html';
include 'footer.inc.html';


/********************************************************************
* FUNCTIONS
********************************************************************/

/*
*
*
* @access   public
* @param
* @return
* @author   Quinn Comendant <quinn@strangecode.com>
* @version  1.0
* @since    08 Nov 2014 20:18:53
*/
function validateForm($fv)
{
    global $auth;
    $app =& App::getInstance();

    $fv->notEmpty('organization', sprintf(_("%s cannot be blank."), _("Organization")));
    $fv->stringLength('organization', 0, 100, sprintf(_("%s must be %d-to-%d characters in length."), _("Organization"), 0, 100));

    $fv->notEmpty('first_name', sprintf(_("%s cannot be blank."), _("First name")));
    $fv->stringLength('first_name', 0, 50, sprintf(_("%s must be %d-to-%d characters in length."), _("First name"), 0, 50));

    $fv->notEmpty('last_name', sprintf(_("%s cannot be blank."), _("Last name")));
    $fv->stringLength('last_name', 0, 50, sprintf(_("%s must be %d-to-%d characters in length."), _("Last name"), 0, 50));

    $fv->notEmpty('email', sprintf(_("%s cannot be blank."), _("Email")));
    $fv->stringLength('email', 0, 255, sprintf(_("%s must be %d-to-%d characters in length."), _("Email address"), 0, 255));
    $fv->validateEmail('email');

    if (User::get(array('email' => getFormData('email')))) {
        $fv->addError('email', sprintf(_("A Pulso user already exists with the email address <em>%s</em>. If you want to create a new user, you’ll need to use a different address. Otherwise, you may <a href=\"%s\">log in to the other account here</a>, or <a href=\"%s\">reset the password</a> associated with this address."), getFormData('email'), $app->ohref('/login.php'), $app->ohref('/reset.php')), MSG_ERR, __FILE__, __LINE__);
        return $fv;
    }

    if ($fv->notEmpty('username', sprintf(_("%s cannot be blank."), _("Username")))) {
        // Alphanumeric only!
        $fv->stringLength('username', 2, 100, sprintf(_("%s must be %d-to-%d characters in length."), _("Username"), 2, 100));
        if ($fv->checkRegex('username', '/^[\w]{2,}$/i', true, _("Username must be 2 or more characters or numbers, without punctuation or spaces."))) {
            // Unique username!
            if ($auth->usernameExists(getFormData('username'))) {
                $fv->addError('username', sprintf(_("The %s <em>%s</em> is not available. Please choose another."), _("username"), getFormData('username')));
            }
        }
    }

    if ($fv->notEmpty('userpass', sprintf(_("%s cannot be blank."), _("Password")))) {
        if (getFormData('complexity') < 20) {
            $fv->addError('userpass', sprintf(_("Please choose a more complex password. Make it longer or add numbers and punctuation."), null), MSG_ERR, __FILE__, __LINE__);
        }
    }
    if (!verifySignature(getFormData('timer_token'))) {
        $app->logMsg(sprintf('Invalid timer_token: %s', getFormData('timer_token')), LOG_NOTICE, __FILE__, __LINE__);
        $fv->addError('timer_token', _("Invalid form token. Please try again."), MSG_ERR, __FILE__, __LINE__);
    }
    if (time() - removeSignature(getFormData('timer_token')) <= 3) {
        $app->logMsg(sprintf('Form submitted after %s seconds', time() - removeSignature(getFormData('timer_token'))), LOG_NOTICE, __FILE__, __LINE__);
        $fv->addError('timer_token', _("Form submitted too quickly. Are you a bot?"), MSG_ERR, __FILE__, __LINE__);
    }

    return $fv;
}

/*
* Reset form values to default, optionally merging posted form data.
*
* @access   public
* @param    bool $merge Merge existing values from $_REQUEST?
* @param    array $new  New values to merge with default values.
* @return   array       Initialized array of form values.
* @author   Quinn Comendant <quinn@strangecode.com>
* @version  1.0
* @since    08 Nov 2014 20:14:22
*/
function resetForm($merge=false, $new=array())
{
    $frm = array(
        'organization' => '',
        'first_name' => '',
        'last_name' => '',
        'email' => '',
        'username' => '',
        'userpass' => '',
    );

    return $merge ? array_merge($frm, getFormData(), $new) : array_merge($frm, $new);
}