<?php

require(__DIR__ . "/../../libs/page.php");

$ref = 1732684297;

function getOut($typer, $idr)
{
    if ($typer == 'user' || $typer == 'comment') {
        header("Location: " . '/' . $typer . '.php?id=' . htmlspecialchars($idr));
        die();
    }

    header("Location: /");
    die();
}

function post_handler()
{
    global $ref;
    global $username;
    global $db;
    if (!$username || !array_key_exists('post', $_POST)) {
        return;
    }

    $postie = $_POST['post'];
    $postType = (array_key_exists('type', $_POST)) ? $_POST['type'] : 'root';
    $postId = (array_key_exists('id', $_POST)) ? $_POST['id'] : 'root';

    if (strlen($postie) < 1 || strlen($postie) > 1024) {
        getOut($postType, $postId);
    }
    if (is_uploaded_file($_FILES['file']['tmp_name'])) {
        $fid  = bin2hex(random_bytes(16));

        $type = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);

        $type = strtolower($type);

        $mime = mime_content_type('test' . $type);

        $legal = ['png','gif','jpeg','jpg','mp4','webm','mp3','wav'];

        if (in_array($type, $legal)) {
            move_uploaded_file($_FILES['file']['tmp_name'], $_SERVER["DOCUMENT_ROOT"] . '/../docs/pic/' . $fid . '.' . $type);
            $postie .= "\nhttps://" . $_SERVER['HTTP_HOST']  . '/pic/' . $fid . '.' . $type;
        }
    }

    $poid = bin2hex(random_bytes(16));

    $stmt = $db->prepare("SELECT * FROM comment WHERE username = ? ORDER BY date DESC");
    $stmt->execute([
        $username
    ]);
    $userposts = $stmt->fetchAll(PDO::FETCH_DEFAULT);

    if ($userposts[0]['date'] - (microtime(true) - $ref) > -3) {
        echo "You have been rate limited.";
        return;
    }

    $stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
    $stmt->execute([$username,$postType,$postId,microtime(true) - $ref,$postie,$poid]);

    $postieP = "https://nbg.dervland.net/comment.php?id=" . $poid;


    $user10 = ':system';
    if ($postType == 'user') {
        $postie = "A user commented on your wall: " . $postieP;
        $stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
        $stmt->execute([$user10,'notification',$postId,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]);
    } elseif ($postType == 'comment') {
        $stmt = $db->prepare("SELECT * FROM comment WHERE id = ? ORDER BY date DESC");
        $stmt->execute([
            $postId
        ]);
        $posts1 = $stmt->fetchAll(PDO::FETCH_DEFAULT);

        $posts2 = $posts1[0]['username'];

        $postie = "A user replied to your post: " . $postieP;
        $stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
        $stmt->execute([$user10,'notification',$posts2,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]);
    }

    getOut($postType, $postId);
}

post_handler();