<?php
include "vars.php";
global $jmurl;

$obj = new stdClass();
$obj->status = 404;
$req = $_SERVER["PATH_INFO"];
$method = $_SERVER['REQUEST_METHOD'];
if ($method == "GET") {
    switch ($req) {
        case "":
        case "/":
            $obj->status = 200;
            $obj->endpoints = endpoints();
            break;
        case "/all":
            $obj->status = 200;
            //Memes
            $q_memes = "SELECT * FROM images";
            $obj->memes = memesArray($q_memes);
            //Categories
            $q_cats = "SELECT * FROM cats";
            $obj->categories = categoryArray($q_cats);
            //Users
            $users = array();
            $q_users = "SELECT * FROM token";
            $res_users = mysqli_query($jmcon, $q_users);
            checksql($res_users);
            while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
                array_push($users, $row["name"]);
            }
            mysqli_free_result($res_users);
            $obj->users = $users;
            break;
        case "/baseurl":
        case "/base":
            $obj->status = 200;
            $obj->baseurl = $jmurl;
            break;
        case "/memes":
            $obj->status = 200;
            $query = "SELECT * FROM images";
            if (isset($_GET["category"])) {
                $query = addCondition('cat="' . $_GET["category"] . '"', $query);
            }
            if (isset($_GET["user"])) {
                $query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query);
            }
            if (isset($_GET["search"])) {
                $query = addCondition('path LIKE "%' . $_GET["search"] . '%"', $query);
            }
            $obj->memes = memesArray($query);
            break;
        case "/meme":
            if (isset($_GET["id"])) {
                $q = 'SELECT * FROM images WHERE id=' . $_GET["id"];
                $res = mysqli_query($jmcon, $q);
                checksql($res);
                $row = mysqli_fetch_array($res, MYSQLI_ASSOC);
                if ($row) {
                    $obj->status = 200;
                    $path = $row["path"];
                    $path = str_replace(" ", "%20", $path);
                    $obj->link = $jmurl . $path;
                    $obj->user = $row["user"];
                    $obj->category = $row["cat"];
                }
            }
            break;
        case "/random":
            $query = "SELECT * FROM images";
            if (isset($_GET["category"])) {
                $query = addCondition('cat="' . $_GET["category"] . '"', $query);
            }
            if (isset($_GET["user"])) {
                $query = addCondition('user LIKE "%' . $_GET["user"] . '%"', $query);
            }
            $memes = memesArray($query);
            $random = rand(0, count($memes) - 1);
            $meme = $memes[$random];
            if (isset($meme->path)) {
                $obj->status = 200;
                $obj->link = $jmurl . $meme->path;
                $obj->category = $meme->category;
                $obj->user = $meme->user;
            }
            break;
        case "/categories":
            $obj->status = 200;
            $obj->categories = categoryArray("SELECT * FROM cats");
            break;
        case "/category":
            if (isset($_GET["id"])) {
                $q = 'SELECT * FROM cats WHERE id="' . $_GET["id"] . '"';
                $res = mysqli_query($jmcon, $q);
                checksql($res);
                $row = mysqli_fetch_array($res, MYSQLI_ASSOC);
                if ($row) {
                    $obj->status = 200;
                    $obj->id = $row["id"];
                    $obj->name = $row["name"];
                }
            }
            break;
        case "/users":
            $users = array();
            $q_users = "SELECT * FROM token";
            $res_users = mysqli_query($jmcon, $q_users);
            checksql($res_users);
            while ($row = mysqli_fetch_array($res_users, MYSQLI_ASSOC)) {
                $user = new stdClass();
                $user->name = $row["name"];
                $user->tokenhash = md5($row["token"]);
                $user->dayuploads = $row["uploadsLast24H"];
                array_push($users, $user);
            }
            mysqli_free_result($res_users);
            $obj->users = $users;
            $obj->status = 200;
            break;
        case "/token/random":
            if (isset($_GET["user"])) {
                $obj->status = 200;
                $obj->token = genToken($_GET["user"]);
            } else {
                $obj->error = "Need to set a user with ?user";
            }
            break;
        default:
            $obj->endpoints = endpoints();
            break;
    }
} else if ($method == "POST") {
    switch ($req) {
        case "/upload":
            upload();
            break;
    }


}
header('Content-Type: application/json');
echo stripslashes(json_encode($obj, JSON_UNESCAPED_UNICODE));

function endpoints() {
    return array("/all", "/baseurl", "/memes", "/meme", "/random", "/categories", "/category", "/users");
}

function postendpoints() {
    return array("/admin", "/upload");
}

function checksql($res) {
    global $jmcon;
    global $obj;
    if (!$res) {
        $obj->status = 500;
        $obj->error = mysqli_error($jmcon);
    }
}

function memesArray($query) {
    global $jmcon;

    $memes = array();
    $res_memes = mysqli_query($jmcon, $query);
    checksql($res_memes);
    while ($row = mysqli_fetch_array( $res_memes, MYSQLI_ASSOC)) {
        $meme = new stdClass();
        $meme->id = $row["id"];
        $path = $row["path"];
        $path = str_replace(" ", "%20", $path);
        $meme->path = $path;
        $meme->category = $row["cat"];
        $meme->user = $row["user"];
        array_push($memes, $meme);
    }
    mysqli_free_result($res_memes);
    return $memes;
}

function categoryArray($query) {
    global $jmcon;

    $cats = array();
    $res_cats = mysqli_query($jmcon, $query);
    checksql($res_cats);
    while ($row = mysqli_fetch_array( $res_cats, MYSQLI_ASSOC)) {
        $cat = new stdClass();
        $cat->id = $row["id"];
        $cat->name = $row["name"];
        array_push($cats, $cat);
    }
    mysqli_free_result($res_cats);

    return $cats;
}

function addCondition($cond, $query) {
    if (strpos($query, "WHERE")) {
        $query = $query . " AND " . $cond;
    } else {
        $query = $query . " WHERE " . $cond;
    }
    return $query;
}

function genToken($discord) {
    $random = bin2hex(random_bytes(32));
    $prehash = $random . md5(time()) . $discord;
    return md5($prehash);
}

function upload() {
    global $jmcon;
    global $obj;
    global $jmimagepath;
    $token = $_POST["token"];
    $cat = $_POST["category"];
    $obj->token = $token;
    if (isset($token)) {
        if (isset($cat)) {
            $query = "SELECT * FROM token WHERE token='$token'";
            $res = mysqli_query($jmcon, $query);
            checksql($res);
            $row = mysqli_fetch_array($res, MYSQLI_ASSOC);
            if ($row) {
                $uploads = $row["uploadsLast24H"];
                $homedir = $row["userdir"];
                $user = $row["name"];
                $countfiles = count($_FILES['file']['name']);
                if ($countfiles == 0) {
                    $obj->status = 400;
                    $obj->error = "no files to upload send";
                }
                else if ($uploads + $countfiles <= 20) {
                    $uploads += $countfiles;
                    $sqlMaxUpl = "UPDATE token SET uploadsLast24H='$uploads' WHERE token='$token'";
                    mysqli_query($jmcon, $sqlMaxUpl);
                    if ($countfiles == 1) {
                        $filename = $_FILES['file']['name'];
                        if (isset($filename)) {
                            $obj->file = $filename;
                            move_uploaded_file($_FILES['file']['tmp_name'], $jmimagepath . $homedir . "/" . $filename);
                            $path = "images/" . $homedir . "/" . $filename;
                            $clientIP = $_SERVER['REMOTE_ADDR'];;
                            $sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
                            $res = mysqli_query($jmcon, $sqlType);
                            checksql($res);
                        }
                    } else {
                        for ($i = 0; $i < $countfiles; $i++) {
                            $filename = $_FILES['file']['name'][$i];
                            if (isset($filename)) {
                                $obj->file = $filename;
                                move_uploaded_file($_FILES['file']['tmp_name'][$i], $jmimagepath . $homedir . "/" . $filename);
                                $path = "images/" . $homedir . "/" . $filename;
                                $clientIP = $_SERVER['REMOTE_ADDR'];;
                                $sqlType = "INSERT INTO images (user, path, cat, ip) VALUES ('$user', '$path', '$cat', '$clientIP')";
                                $res = mysqli_query($jmcon, $sqlType);
                                checksql($res);
                            }
                        }
                    }
                    $obj->status = 201;
                } else {
                    $obj->status = 403;
                    $obj->error = "upload limit reached";
                }
            } else {
                $obj->status = 403;
                $obj->error = "token not existing";
            }
        } else {
            $obj->status = 400;
            $obj->error = "missing category";
        }
    } else {
        $obj->status = 401;
    }
}