<?php

namespace App\Core;

use \Exception;
use \PDO;

/**
 * Represents the current user session
 */
class User 
{
    private const    SESSION_KEY = 'UserClass';
    private Session  $session;
    private Database $database;

    // always initialized
    public bool    $loggedIn;

    // initialized only if logged in 
    public string  $username;
    public string  $password;
    public int     $powerLevel;

    public function __construct(Session $session, Database $database)
    {
        $this->session  = $session;
        $this->database = $database;

        $user = $this->session->get(self::SESSION_KEY);

        // check if user session has been set
        if (!$user)
        {
            $this->loggedIn = FALSE;
            return;
        }

        // check if username and password match
        if (!$this->authenticate($user['username'], $user['password']))
        {
            $this->loggedIn = FALSE;
            $this->logout();
            $this->session->flash('Kontodetaljer er blitt endret, vennligst logg inn igjen', 'warning');
            return;
        }

        // all is good, we should be logged in now! (hopefully)
        $this->loggedIn   = TRUE;
        $this->username   = $user['username'];
        $this->password   = $user['password'];
        $this->powerLevel = $this->getPowerLevel();
    }

    /**
     * Get current user power level
     */
    private function getPowerLevel(): int
    {
        if (!$this->loggedIn)
        {
            throw new Exception("Can't get power level without being logged in!");
        }
        $sth = $this->database->conn->prepare(
            'SELECT Nivå FROM brukertabell WHERE Navn = ? AND Passord = ?'
        );
        $sth->execute([$this->username, $this->password]);
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        return $row['Nivå'];
    }

    /**
     * Set session if username and password match
     */
    public function login(string $username, string $password): bool
    {
        if ($this->authenticate($username, $password))
        {
            $this->session->set(self::SESSION_KEY, [
                'username' => $username,
                'password' => $password
            ]);
            return TRUE;
        }
        return FALSE;
    }

    /**
     * Check if username and password match database
     */
    private function authenticate(string $username, string $password): bool
    {
        $sth = $this->database->conn->prepare(
            'SELECT * FROM brukertabell WHERE Navn = ? AND Passord = ?'
        );
        $sth->execute([$username, $password]);
        if ($sth->rowCount())
        {
            return TRUE;
        }
        return FALSE;
    }

    public function logout(): void
    {
        $this->session->remove(self::SESSION_KEY);
    }
}