<?php
/**
 * Created by PhpStorm.
 * User: jedi
 * Date: 12/28/18
 * Time: 6:13 PM
 */

include "backend.php";

function hasval($var){
    return isset($var) && !empty($var);
}

$successmsg = "added one item";

switch($_GET["action"]) {
    case "add_featurerequest":
        if (hasval($_POST["title"]) && hasval($_POST["desc"])) {
            /* Prepared statement, stage 1: prepare */
            if (!($stmt = $mysqli->prepare("INSERT INTO feature_request(title, `desc`) VALUES (?, ?)"))) {
                $errormsg = "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
            }else
            if (!$stmt->bind_param("ss", $_POST["title"], $_POST["desc"])) {
                $errormsg = "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
            }else
            if (!$stmt->execute()) {
                $errormsg = "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
            }
        }else{
            $errormsg = "all values have to be set";
        }
        break;
    case "add_found":
        if (hasval($_POST["was"]) && hasval($_POST["wann"]) && hasval($_POST["wo"])) {
            /* Prepared statement, stage 1: prepare */
            if (!($stmt = $mysqli->prepare("INSERT INTO found_items(was, wann, wo) VALUES (?, ?, ?)"))) {
                $errormsg = "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
            }
            if (!$stmt->bind_param("sss", $_POST["was"], $_POST["wann"], $_POST["wo"])) {
                $errormsg = "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
            }
            if (!$stmt->execute()) {
                $errormsg = "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
            }
        }else{
            $errormsg = "all values have to be set";
        }

        break;
    case "add_lost":
        if (hasval($_POST["was"]) && hasval($_POST["wann"]) && hasval($_POST["wo"]) && hasval($_POST["contact"])) {
            /* Prepared statement, stage 1: prepare */
            if (!($stmt = $mysqli->prepare("INSERT INTO lost_items(was, wann, wo, contact) VALUES (?, ?, ?, ?)"))) {
                $errormsg = "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
            }
            if (!$stmt->bind_param("ssss", $_POST["was"], $_POST["wann"], $_POST["wo"], $_POST["contact"])) {
                $errormsg = "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
            }
            if (!$stmt->execute()) {
                $errormsg = "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
            }
        }else{
            $errormsg = "all values have to be set";
        }
        break;
    case "get_stats";
        echo json_encode(array("status"=>"ok","stats"=>get_stats()));
        break;
    case "delete_found_item":
        if(hasval($_POST["id"])) {
            /* Prepared statement, stage 1: prepare */
            if (!($stmt = $mysqli->prepare("UPDATE found_items SET del = 1 WHERE id = ?"))) {
                $errormsg = "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
            }
            if (!$stmt->bind_param("i", $_POST["id"])) {
                $errormsg = "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
            }
            if (!$stmt->execute()) {
                $errormsg = "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
            }
            $successmsg = "one item deleted";
        }else{
            $errormsg = "id not set";
        }
        break;
    case "delete_lost_item":
        if(hasval($_POST["id"])) {
            /* Prepared statement, stage 1: prepare */
            if (!($stmt = $mysqli->prepare("UPDATE lost_items SET del = 1 WHERE id = ?"))) {
                $errormsg = "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
            }
            if (!$stmt->bind_param("i", $_POST["id"])) {
                $errormsg = "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
            }
            if (!$stmt->execute()) {
                $errormsg = "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
            }
            $successmsg = "one item deleted";
        }else{
            $errormsg = "id not set";
        }
        break;
    case "add_found_item":
        if (hasval($_POST["was"])) {
            /* Prepared statement, stage 1: prepare */
            if (!($stmt = $mysqli->prepare("INSERT INTO found_items(was) VALUES (?)"))) {
                $errormsg = "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
            }
            if (!$stmt->bind_param("s", $_POST["was"])) {
                $errormsg = "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
            }
            if (!$stmt->execute()) {
                $errormsg = "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
            }
            $item_id = $mysqli->insert_id;

            if(isset($_FILES["image"])){
                if(!file_exists ( "upload/")){
                    mkdir("upload/");
                }

                $hash = md5($_FILES['image']['name'].time());
                if(move_uploaded_file($_FILES['image']['tmp_name'], "upload/".$hash)){
                    if (!($stmt = $mysqli->prepare("INSERT INTO files(hash, item_id) VALUES (?, ?)"))) {
                        $errormsg = "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
                    }
                    if (!$stmt->bind_param("si", $hash, $item_id)) {
                        $errormsg = "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
                    }
                    if (!$stmt->execute()) {
                        $errormsg = "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
                    }
                    $successmsg = "upload ok";
                }else{
                    $errormsg = "upload failed";
                }
            }else{
                $errormsg = "upload failed";
            }
        }else{
            $errormsg = "all values have to be set";
        }
        break;
    default:
        $errormsg = "action unknown";
        break;
}

if(empty($errormsg))
    echo json_encode(array("get"=>$_GET,"post"=>$_POST,"files"=>$_FILES,"status"=>"ok","message"=>$successmsg));
else
    echo json_encode(array("get"=>$_GET,"post"=>$_POST,"files"=>$_FILES,"status"=>"error","message"=>$errormsg));

?>