<?php

class Journal_Prive
{
    private $id = false;

    static public function userIsAllowed($journal)
    {
        if (!empty($_COOKIE['access']))
        {
            @list($user, $hash) = explode('$', $_COOKIE['access']);

            if ($hash == sha1(LENCRIER_SECRET_KEY . $journal . str_rot13($user)))
                return true;
        }

        $user = new User;
        if ($user->is_logged())
        {
            $ok = false;
            $res = DB::aQuery('SELECT 1 FROM acces_prives WHERE journal="'.DB::esc($journal).'" AND membre="'.(int)$user->get('id').'";');

            // Si l'utilisateur fait partie des accès privés, c'est bon
            if (!empty($res[0][0]))
            {
                $ok = true;
            }
            else
            {
                // Si l'utilisateur est l'auteur, c'est bon
                $res = DB::aQuery('SELECT 1 FROM journaux WHERE auteur="'.(int)$user->get('id').'" AND id="'.DB::esc($journal).'";');

                if (!empty($res[0][0]))
                {
                    $ok = true;
                }
            }

            // Si l'utilisateur a accès, on l'enregistre dans le cookie
            if ($ok)
            {
                $name = preg_replace('!@.*$!', '', $user->get('email'));
                return self::grantUserAccess($name, $journal);
            }
        }

        return false;
    }

    static protected function grantUserAccess($user, $journal)
    {
        setcookie('access', str_rot13($user).'$'.sha1(LENCRIER_SECRET_KEY . $journal . $user), 0, '/', '', false, true);
        return true;
    }

    static public function userLogin($journal, $login, $password)
    {
        $res = DB::aQuery('SELECT 1 FROM acces_prives WHERE
            journal="'.DB::esc($journal).'" AND login="'.DB::esc($login).'" AND password="'.DB::esc($password).'";');

        if (!empty($res[0][0]))
        {
            return self::grantUserAccess($login, $journal);
        }

        return false;
    }

    public function __construct($id)
    {
        $this->id = DB::esc($id);
    }

    public function getList()
    {
        return DB::aQuery('SELECT acces_prives.id, acces_prives.membre,
            IF(acces_prives.login IS NULL, SUBSTRING_INDEX(membres.email, "@", 1) , acces_prives.login) AS login,
            acces_prives.password
            FROM acces_prives LEFT JOIN membres ON (membres.id = acces_prives.membre)
            WHERE acces_prives.journal="'.$this->id.'" ORDER BY login ASC;');
    }

    public function addInternal($email)
    {
        if (is_numeric($email))
        {
            if (!user::getEmailFromId((int)$email))
                return false;
            else
                $id = (int)$email;
        }
        else
        {
            $id = user::getIdFromEmail($email);
        }

        if (!$id)
            return false;

        DB::uQuery('INSERT IGNORE INTO acces_prives (journal, membre) VALUES ("'.$this->id.'", "'.(int)$id.'");');

        return true;
    }

    public function addExternal($login, $password)
    {
        $res = DB::aQuery('SELECT 1 FROM acces_prives WHERE acces_prives.journal="'.$this->id.'" AND acces_prives.login="'.DB::esc($login).'";');

        if (!empty($res[0][0]))
            return false;

        DB::uQuery('INSERT IGNORE INTO acces_prives (journal, login, password) VALUES ("'.$this->id.'", "'.DB::esc($login).'",
            "'.DB::esc($password).'");');

        return true;
    }

    public function delete($id)
    {
        DB::uQuery('DELETE FROM acces_prives WHERE journal="'.$this->id.'" AND id="'.(int)$id.'";');
        return true;
    }
}

?>