<?php
class User
{
    private $conn;
    private $tableUsers = "users";

    public $uid;
    public $name;
    public $email;
    public $mobile;
    public $status;
    public $role;
    public $requestedId;
    public $password;

    public function __construct($db)
    {
        $this->conn = $db;
    }

    private function isExist()
    {
        $query = "SELECT * FROM " . $this->tableUsers . " WHERE email='" . $this->email . "'";
        $stmt = $this->conn->prepare($query);
        $stmt->execute();
        $num = $stmt->rowCount();
        if ($num > 0) {
            return true;
        }
        return false;
    }

    private function hasPermission()
    {
        $query = "SELECT role FROM " . $this->tableUsers . " WHERE uid='" . $this->requestedId . "' AND role = 'admin'";
        $stmt = $this->conn->prepare($query);
        $stmt->execute();
        $num = $stmt->rowCount();
        if ($num > 0) {
            return true;
        }
        return false;
    }

    private function sanitizeInputs()
    {
        $this->name = sanitize($this->name);
        $this->email = sanitize($this->email);
        $this->mobile = sanitize($this->mobile);
        $this->role = sanitize($this->role);
        $this->status = sanitize($this->status);
    }

    public function list()
    {
        $query = "SELECT * FROM $this->tableUsers";
        $stmt = $this->conn->prepare($query);
        $stmt->execute();
        return $stmt;
    }

    public function read()
    {
        $query = "SELECT * FROM " . $this->tableUsers . " WHERE uid='" . $this->uid . "'";
        $stmt = $this->conn->prepare($query);
        $stmt->execute();
        return $stmt;
    }

    public function create()
    {
        if ($this->hasPermission()) {

            $this->sanitizeInputs();

            if ($this->isExist()) {
                return 409;
            }

            $query = "INSERT INTO $this->tableUsers
                (uid, name, email, password, mobile, role)
                VALUES
                (:uid, :name, :email, :password, :mobile, :role)";
            $stmt = $this->conn->prepare($query);

            $this->uid = uniqid();
            $stmt->bindParam(":uid", $this->uid);
            $stmt->bindParam(":name", $this->name);
            $stmt->bindParam(":email", $this->email);
            $stmt->bindParam(":password", $this->password);
            $stmt->bindParam(":mobile", $this->mobile);
            $stmt->bindParam(":role", $this->role);

            if ($stmt->execute()) {
                return 200;
            }

            return 500;
        } else {
            return 403;
        }
    }

    public function edit()
    {

        if ($this->hasPermission()) {

            $this->sanitizeInputs();

            $query = "UPDATE $this->tableUsers
                SET name=:name, mobile=:mobile, role=:role
                WHERE uid='" . $this->uid . "'";

            $stmt = $this->conn->prepare($query);

            $stmt->bindParam(":name", $this->name);
            $stmt->bindParam(":mobile", $this->mobile);
            $stmt->bindParam(":role", $this->role);

            if ($stmt->execute()) {
                return 204;
            }

            return 500;
        } else {
            return 403;
        }
    }
}