<?php
use App\Entity\User;

#################################################################################
##              -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =-                 ##
## --------------------------------------------------------------------------- ##
##  Project:       TravianZ                                                    ##
##  Version:       22.06.2015                    			       ##
##  Filename       Account.php                                                 ##
##  Developed by:  Mr.php , Advocaite , brainiacX , yi12345 , Shadow , ronix   ##
##  Fixed by:      Shadow - STARVATION , HERO FIXED COMPL.  		       ##
##  Fixed by:      InCube - double troops				       ##
##  License:       TravianZ Project                                            ##
##  Copyright:     TravianZ (c) 2010-2015. All rights reserved.                ##
##  URLs:          http://travian.shadowss.ro                		       ##
##  Source code:   https://github.com/Shadowss/TravianZ		               ##
##                                                                             ##
#################################################################################

global $autoprefix;

// go max 5 levels up - we don't have folders that go deeper than that
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
    $autoprefix = str_repeat('../', $i);
    if (file_exists($autoprefix.'autoloader.php')) {
        // we have our path, let's leave
        break;
    }
}

include_once($autoprefix."GameEngine/Session.php");

class Account {

	function __construct() {
		global $session;
		if(isset($_POST['ft'])) {
			switch($_POST['ft']) {
				case "a1":
				$this->Signup();
				break;
				case "a2":
				$this->Activate();
				break;
				case "a3":
				$this->Unreg();
				break;
				case "a4":
				$this->Login();
				break;
			}
		} if(isset($_GET['code'])) {
		$_POST['id'] = $_GET['code']; $this->Activate();
		}
		else {
			if($session->logged_in && in_array("logout.php",explode("/",$_SERVER['PHP_SELF']))) {
				$this->Logout();
			}
		}
	}

	private function Signup() {
		global $database, $form, $mailer, $generator, $session;

    // ==================== VERIFICARE WINNER ====================
    $winnerResult = $database->query("SELECT 1 FROM " . TB_PREFIX . "fdata WHERE f99 = '100' AND f99t = '40' LIMIT 1");
    if ($winnerResult && mysqli_num_rows($winnerResult) > 0) {
        $form->addError("winner", WINNER_ERROR);
    }

    // ==================== VALIDĂRI ====================

    // Username
    if (!isset($_POST['name']) || trim($_POST['name']) === '') {
        $form->addError("name", USRNM_EMPTY);
    } else {
        if (strlen($_POST['name']) < USRNM_MIN_LENGTH) {
            $form->addError("name", USRNM_SHORT);
        } elseif (!USRNM_SPECIAL && preg_match('/[^0-9A-Za-z]/', $_POST['name'])) {
            $form->addError("name", USRNM_CHAR);
        } elseif (USRNM_SPECIAL && preg_match("/[:,\\. \\n\\r\\t\\s\\<\\>]+/", $_POST['name'])) {
            $form->addError("name", USRNM_CHAR);
        } elseif (strtolower($_POST['name']) === 'natars') {
            $form->addError("name", USRNM_TAKEN);
        } elseif (User::exists($database, $_POST['name'])) {
            $form->addError("name", USRNM_TAKEN);
        }
    }

    // Password
    if (!isset($_POST['pw']) || trim($_POST['pw']) === '') {
        $form->addError("pw", PW_EMPTY);
    } else {
        if (strlen($_POST['pw']) < PW_MIN_LENGTH) {
            $form->addError("pw", PW_SHORT);
        } elseif ($_POST['pw'] === $_POST['name']) {
            $form->addError("pw", PW_INSECURE);
        }
    }

    // Email
    if (!isset($_POST['email']) || trim($_POST['email']) === '') {
        $form->addError("email", EMAIL_EMPTY);
    } elseif (!$this->validEmail($_POST['email'])) {
        $form->addError("email", EMAIL_INVALID);
    } elseif (User::exists($database, $_POST['email'])) {
        $form->addError("email", EMAIL_TAKEN);
    }

    // Tribe
    if (!isset($_POST['vid']) || !in_array((int)$_POST['vid'], [1, 2, 3], true)) {
        $form->addError("tribe", TRIBE_EMPTY);
    }

    // Agreement
    if (!isset($_POST['agb'])) {
        $form->addError("agree", AGREE_ERROR);
    }

    // ==================== VERIFICARE ERORI ====================
    if ($form->returnErrors() > 0) {
        $form->addError("invt", $_POST['invited'] ?? '');
        $_SESSION['errorarray'] = $form->getErrors();
        $_SESSION['valuearray'] = $_POST;
        header("Location: anmelden.php");
        exit;
    }

    // ==================== PROCESARE ÎNREGISTRARE ====================
    $hashedPassword = password_hash($_POST['pw'], PASSWORD_BCRYPT, ['cost' => 12]);

    if (AUTH_EMAIL) {
        $act  = $generator->generateRandStr(10);
        $act2 = $generator->generateRandStr(5);

        $uid = $database->activate(
            $_POST['name'],
            $hashedPassword,
            $_POST['email'],
            $_POST['vid'],
            $_POST['kid'],
            $act,
            $act2
        );

        if ($uid) {
            $mailer->sendActivate($_POST['email'], $_POST['name'], $_POST['pw'], $act);
            header("Location: activate.php?id=$uid&q=$act2");
            exit;
        }
    } else {
        // Ramura fără activare prin email (act era undefined în codul original)
        $act = '';

        $uid = $database->register(
            $_POST['name'],
            $hashedPassword,
            $_POST['email'],
            $_POST['vid'],
            $act
        );

        if ($uid) {
            setcookie("COOKUSR",   $_POST['name'],  time() + COOKIE_EXPIRE, COOKIE_PATH);
            setcookie("COOKEMAIL", $_POST['email'], time() + COOKIE_EXPIRE, COOKIE_PATH);

            $database->updateUserField(
                $uid,
                ["act", "invited"],
                ["", $_POST['invited'] ?? ''],
                1
            );

            $this->generateBase($_POST['kid'], $uid, $_POST['name']);

            header("Location: login.php");
            exit;
        }
    }
}

	private function Activate() {
		global $database;

    // ==================== VERIFICARE DATA DE START A SERVERULUI ====================
    if (START_DATE < date('d.m.Y') || (START_DATE === date('d.m.Y') && START_TIME <= date('H:i'))) {
        
        // Caută codul de activare în tabela activate
        $id   = $database->escape($_POST['id'] ?? '');
        $q    = "SELECT act, username, password, email, tribe, location 
                 FROM " . TB_PREFIX . "activate 
                 WHERE act = '" . $id . "'";
        
        $result   = $database->query($q);
        $dbarray  = mysqli_fetch_array($result);

        // Verificăm dacă am găsit exact codul trimis
        if ($dbarray && $dbarray['act'] === $_POST['id']) {
            
            $uid = $database->register(
                $dbarray['username'],
                $dbarray['password'],
                $dbarray['email'],
                $dbarray['tribe'],
                ""
            );

            if ($uid) {
                $database->unreg($dbarray['username']);
                $this->generateBase($dbarray['location'], $uid, $dbarray['username']);
                
                header("Location: activate.php?e=2");
                exit;
            }
            // dacă register eșuează → comportamentul original (fără redirect)
            
        } else {
            // Cod de activare invalid sau inexistent
            header("Location: activate.php?e=3");
            exit;
        }
        
    } else {
        // Serverul nu a început încă
        header("Location: activate.php");
        exit;
    }
}

	private function Unreg() {
		global $database;

    // ==================== VERIFICARE ID & PAROLĂ ====================
    $id = (int)($_POST['id'] ?? 0);

    $q = "SELECT password, username 
          FROM " . TB_PREFIX . "activate 
          WHERE id = " . $id;

    $result  = $database->query($q);
    $dbarray = mysqli_fetch_array($result);

    // Verificăm dacă înregistrarea există și parola este corectă
    // (protejează împotriva notice-urilor PHP dacă nu există rândul)
    if ($dbarray && password_verify($_POST['pw'] ?? '', $dbarray['password'])) {
        $database->unreg($dbarray['username']);

        header("Location: anmelden.php");
        exit;
    }

    // Parolă greșită sau ID inexistent → comportamentul original
    header("Location: activate.php?e=3");
    exit;
}

	private function Login() {
		global $database, $session, $form;

    // ==================== INITIALIZARE SIGURĂ ====================
    $username = $_POST['user'] ?? '';
    $password = $_POST['pw']   ?? '';

    // $userData este folosit înainte de a fi definit în codul original
    // Păstrăm comportamentul exact (null aici)
    $userData = null;

    // ==================== VALIDĂRI ====================

    // Username
    if (empty($username)) {
        $form->addError("user", $username);
    } elseif (!User::exists($database, $username)) {
        $form->addError("user", USR_NT_FOUND);
    }

    // Password
    if (empty($password)) {
        $form->addError("pw", LOGIN_PASS_EMPTY);
    } elseif (!$database->login($username, $password) && !$database->sitterLogin($username, $password)) {
        // try activation data if the user was not found
        // (păstrăm exact logica originală - $userData e încă null aici)
        if (!$userData) {
            $activateData = $database->getActivateField($username, 'act', 1);
            if (!empty($activateData)) {
                $form->addError("activate", $username);
            } else {
                $form->addError("pw", LOGIN_PW_ERROR);
            }
        } else {
            $form->addError("pw", LOGIN_PW_ERROR);
        }
    }

    // Obținem datele utilizatorului (după validări - exact ca în original)
    $userData = $database->getUserArray($username, 0);

    // Vacation mode by Shadow
    if (!empty($userData) && $userData['vac_mode'] == 1 && $userData['vac_time'] > time()) {
        $form->addError("vacation", LOGIN_VACATION);
    }

    // ==================== VERIFICARE ERORI ====================
    if ($form->returnErrors() > 0) {
        $_SESSION['errorarray'] = $form->getErrors();
        $_SESSION['valuearray'] = $_POST;
        header("Location: login.php");
        exit();
    }

    // ==================== LOGIN CU SUCCES ====================
    // Vacation mode by Shadow
    $database->removevacationmode($userData['id']);

    if ($database->login($username, $password)) {
        $database->UpdateOnline("login", $username, time(), $userData['id']);
    } elseif ($database->sitterLogin($username, $password)) {
        $database->UpdateOnline("sitter", $username, time(), $userData['id']);
    }

    setcookie("COOKUSR", $username, time() + COOKIE_EXPIRE, COOKIE_PATH);
    $session->login($username);
}

	private function Logout() {
		global $session, $database;
    unset($_SESSION['wid']);
    // actualizează statusul "activ" al utilizatorului
    $database->activeModify($database->escape($session->username), 1);
    // actualizează ultima activitate online
    $database->UpdateOnline("logout");
    $session->Logout();
}

	private function validEmail($email) {
    // Regex exact ca în varianta originală (nu am schimbat logica de validare)
    $regexp = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
    return (bool) preg_match($regexp, $email);
}

	function generateBase($kid, $uid, $username) {
		global $database;
    $message = new Message();
    // Logica exactă din original
    if ($kid == 0) {
        $kid = rand(1, 4);
    } else {
        $kid = $_POST['kid'];   // suprascrie parametrul cu valoarea din POST
    }
    $database->generateVillages(
        [
            [
                'wid'    => 0,
                'mode'   => 0,
                'type'   => 3,
                'kid'    => $kid,
                'capital'=> 1,
                'pop'    => 2,
                'name'   => null,
                'natar'  => 0
            ]
        ],
        $uid,
        $username
    );
    $message->sendWelcome($uid, $username);
}
};
$account = new Account;
?>