<?php

class Oekaki extends Extension
{
    public function onPageRequest(PageRequestEvent $event)
    {
        global $user, $page;

        if ($event->page_matches("oekaki")) {
            if ($user->can(Permissions::CREATE_IMAGE)) {
                if ($event->get_arg(0) == "create") {
                    $this->theme->display_page();
                    $this->theme->display_block();
                }
                if ($event->get_arg(0) == "claim") {
                    // FIXME: move .chi to data/oekaki/$ha/$hash mirroring images and thumbs
                    // FIXME: .chi viewer?
                    // FIXME: clean out old unclaimed images?
                    $pattern = data_path('oekaki_unclaimed/' . $_SERVER['REMOTE_ADDR'] . ".*.png");
                    foreach (glob($pattern) as $tmpname) {
                        assert(file_exists($tmpname));

                        $pathinfo = pathinfo($tmpname);
                        if (!array_key_exists('extension', $pathinfo)) {
                            throw new UploadException("File has no extension");
                        }
                        log_info("oekaki", "Processing file [{$pathinfo['filename']}]");
                        $metadata = [];
                        $metadata['filename'] = 'oekaki.png';
                        $metadata['extension'] = $pathinfo['extension'];
                        $metadata['tags'] = Tag::explode('oekaki tagme');
                        $metadata['source'] = null;
                        $duev = new DataUploadEvent($tmpname, $metadata);
                        send_event($duev);
                        if ($duev->image_id == -1) {
                            throw new UploadException("File type not recognised");
                        } else {
                            unlink($tmpname);
                            $page->set_mode(PageMode::REDIRECT);
                            $page->set_redirect(make_link("post/view/".$duev->image_id));
                        }
                    }
                }
            }
            if ($event->get_arg(0) == "upload") {
                // FIXME: this allows anyone to upload anything to /data ...
                // hardcoding the ext to .png should stop the obvious exploit,
                // but more checking may be wise
                if (isset($_FILES["picture"])) {
                    header('Content-type: text/plain');

                    $file = $_FILES['picture']['name'];
                    //$ext = (strpos($file, '.') === FALSE) ? '' : substr($file, strrpos($file, '.'));
                    $uploadname = $_SERVER['REMOTE_ADDR'] . "." . time();
                    $uploadfile = data_path('oekaki_unclaimed/'.$uploadname);

                    log_info("oekaki", "Uploading file [$uploadname]");

                    $success = true;
                    if (isset($_FILES["chibifile"])) {
                        $success = $success && move_uploaded_file($_FILES['chibifile']['tmp_name'], $uploadfile . ".chi");
                    }

                    // hardcode the ext, so nobody can upload "foo.php"
                    $success = $success && move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile . ".png"); # $ext);
                    if ($success) {
                        echo "CHIBIOK\n";
                    } else {
                        echo "CHIBIERROR\n";
                    }
                } else {
                    echo "CHIBIERROR No Data\n";
                }
            }
        }
    }

    // FIXME: "edit this image" button on existing images?
    public function onPostListBuilding(PostListBuildingEvent $event)
    {
        global $user;
        if ($user->can(Permissions::CREATE_IMAGE)) {
            $this->theme->display_block();
        }
    }
}