<?php
namespace App\Controllers;
use CodeIgniter\Cookie\Cookie;
use DateTime;

helper('cookie');
class Auth extends BaseController {
	
	public function login() {
		$data['userid'] = get_cookie('userid');
		$data['password'] = get_cookie('password');
		if ($this->request->getMethod() === 'POST') {
			$userid = $this->request->getVar('userid');
			$password = $this->request->getVar('password');
			$remember = $this->request->getVar('remember');
			
			$data['userid'] = $userid;
			$data['password'] = $password;
		
			$db = \Config\Database::connect();
			$sql = "SELECT u.USERID, u.USERNAME, u.USERINITIALS, u1.PASSWORD 
				FROM USERS u
				left join cmod.dbo.CM_USERS u1 on u.USERID=u1.USERID
				WHERE u.USERID='$userid'";
			$query = $db->query($sql);
			$result = $query->getResultArray();
			$row = $result[0];
			if(isset($row)) {
				$qpassword = $row['PASSWORD'];
				$userid = $row['USERID'];
				$username = $row['USERNAME'];
				$userinitials = $row['USERINITIALS'];
				// if pass empty then first login / reset password
				$data['password']=$password;
				$data['qpassword']=$qpassword;
				if( password_verify($password, $qpassword) || $qpassword == '' ) {
					if($qpassword == '') { session()->setFlashdata('alertmsg', 'Please change your <b>password</b> first...'); }
					if( isset($data['remember']) ) {
						$time = 30*24*60*60;// 30days
						set_cookie ("userid", $data['userid'], $time);  
						set_cookie ("password", $data['password'], $time);
						set_cookie ("remember", $data['remember'], $time);
						//echo "cookie set";
					} else {
						delete_cookie ("userid");
						delete_cookie ("password");
						delete_cookie ("remember");
					}
					$sessiondata = [
						'userid' => $userid,
						'userinitials' => $userinitials,
						'username' => $username,
					];
					session()->set( $sessiondata );
					return redirect()->to('/');
				} else {
					session()->setFlashdata('error', 'Password not valid');
					return view('auth_login',$data);
				}				
			}
		}
		return view('auth_login',$data);
	}
	
	public function logout() {
		session()->destroy();
        return redirect()->to('/auth/login');;
	}
	
	public function setPass($userid) {
		if ($this->request->getMethod() === 'POST') {
			$password1 = $this->request->getVar('password1');
			$password2 = $this->request->getVar('password2');
			$data['password1'] = $password1;
			$data['password2'] = $password2;
			if($password1 == $password2) {	
				$password = password_hash($password1,PASSWORD_DEFAULT);
				$db = \Config\Database::connect();
				$sql = "update cmod.dbo.CM_USERS set PASSWORD='$password' where USERID='$userid'";
				$db->query($sql);
				return redirect()->to("/auth/login");
			} else {
				return redirect()->to("/auth/setpass/$userid")->with('flash_error', 'password is not the same.');
			}
		}
		return view('auth_setpass');
	}
	
	public function loginTD() {
		$sessiondata = [
			'userid' => 'SYSTEM',
			'userinitials' => 'SYS',
			'fullname' => 'SYSTEM',
		];
		
		session()->set( $sessiondata );
		
		return redirect()->to('/');
	}
}