<?php
    require(__DIR__ . "/../../libs/page.php");

    $ref = 1732684297;
    
	function getOut($typer, $idr) {
		if ($typer == 'user' || $typer == 'comment') {
			header("Location: " . '/' . $typer . '.php?id=' . htmlspecialchars($idr));
        	die();
		}

	    header("Location: /");
        die();
	}

    function post_handler() {
        global $ref;
        global $username;
        global $db;
        if (!$username || !array_key_exists('post',$_POST)) return;
        
        $postie = $_POST['post'];
		$postType = (array_key_exists('type',$_POST)) ? $_POST['type'] : 'root'; 
		$postId = (array_key_exists('id',$_POST)) ? $_POST['id'] : 'root';

        if (strlen($postie) < 1 || strlen($postie) > 1024) {
        	getOut($postType,$postId);
		}
 		if (is_uploaded_file($_FILES['file']['tmp_name'])) { 
			$fid  = bin2hex(random_bytes(16));

			$type = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
	
			$type = strtolower($type);

			$mime = mime_content_type('test' . $type);

			$legal = ['png','gif','jpeg','jpg','mp4','webm','mp3','wav'];

			if (in_array($type, $legal)) {
				move_uploaded_file($_FILES['file']['tmp_name'], $_SERVER["DOCUMENT_ROOT"] . '/../docs/pic/' . $fid . '.' . $type);
				$postie .= "\nhttps://" . $_SERVER['HTTP_HOST']  . '/pic/' . $fid . '.' . $type;
			}
		}      

		$poid = bin2hex(random_bytes(16));
   
		$stmt = $db->prepare("SELECT * FROM comment WHERE username = ? ORDER BY date DESC");
		$stmt->execute([
			$username
		]);	
		$userposts = $stmt->fetchAll(PDO::FETCH_DEFAULT);

		if ($userposts[0]['date'] - (microtime(true) - $ref) > -3) {
			echo "You have been rate limited.";
			return;
		}

        $stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
        $stmt->execute([$username,$postType,$postId,microtime(true) - $ref,$postie,$poid]);

		$postieP = "https://nbg.dervland.net/comment.php?id=" . $poid;


		$user10 = ':system';
		if ($postType == 'user') {
	        $postie = "A user commented on your wall: " . $postieP;
			$stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
    	    $stmt->execute([$user10,'notification',$postId,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]);
		} else if ($postType == 'comment') {
			$stmt = $db->prepare("SELECT * FROM comment WHERE id = ? ORDER BY date DESC");
			$stmt->execute([
				$postId
			]);	
			$posts1 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
	
			$posts2 = $posts1[0]['username'];

	        $postie = "A user replied to your post: " . $postieP;
			$stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
    	    $stmt->execute([$user10,'notification',$posts2,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]);
		}

		getOut($postType,$postId);    
	}

	post_handler();
?>