#!/usr/bin/perl

use strict;
use warnings;

use Config::Simple;
use CGI::Simple;
use CGI::Session;
use DBI;

tie my %Config, "Config::Simple", '/etc/mat.conf';

my $q = new CGI::Simple;
my $id = $q->param('id');
my $action = $q->param('action');
my $storage = $q->param('storage');
my $password = $q->param('password');
my $session = CGI::Session->new(undef, undef, {Directory =>
    $Config{'session_directory'}});

sub misconfigured
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "This system is misconfigured.\n";
  exit 1;
}

sub invalid_input()
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "Invalid input.\n";
  exit 1;
}

sub unauthorized()
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "Not authorized!\n";
  exit 1;
}

sub send_cookie()
{
  print $session->header(-type => 'text/html', -charset => 'utf8');
}

sub cmd_view($)
{
  my ( $id ) = @_;

  my $db = DBI->connect($Config{'database'}, "", "",
      {HandleError => \&misconfigured, AutoCommit => 1});

  my $portion = $db->selectrow_hashref("SELECT name, storage, uri, amount, ".
      "energy FROM recipes AS r JOIN inventory AS i ON i.recipe_id=r.id ".
      "WHERE i.id=".$id.";");

  print $id, "<br />", $portion->{name}, "<br />\n";
  print $portion->{storage}, "<br />\n";
  print $portion->{amount} ? $portion->{amount}." g<br />" : "", "<br />\n";
  print $portion->{energy} ? $portion->{energy}." kJ<br />" : "", "<br />\n";
  if(substr($portion->{uri}, 0, 4) eq "http") {
    print '<a href="'.$portion->{uri}.'">'.$portion->{uri}.'</a>', "<br />\n";
  } else {
    print $portion->{uri}, "<br />\n";
  }
  if ($session->param('authenticated') eq "yes") {
    print "<font size=20>\n";
    for my $store ( split(" ", $Config{'relocate_stores'}) ) {
      print " <a href=".$Config{'label_id_prefix'}."$id/relocate/$store>".
          "$store</a> \n";
    }
    print "</font>\n";
  }
}

sub cmd_relocate($$)
{
  my ( $id, $storage ) = @_;

  my $db = DBI->connect($Config{'database'}, "", "",
      {HandleError => \&misconfigured, AutoCommit => 1});

  $db->do('UPDATE inventory SET storage="'.$storage.'" WHERE id='.$id);

  cmd_view($id);
}

sub cmd_login($)
{
  my ( $password ) = @_;

  if ( $password and ($password eq $Config{'password'} )) {
    $session->param('authenticated', "yes");
    print "welcome.";
  } else {
    print "<form>\n";
    print "<input name=password>\n";
    print "<input type=submit>\n";
    print "</form>\n";
  }
}

### MAIN PROGRAM ##############################################################

misconfigured unless ($Config{'database'});
misconfigured unless $session;
invalid_input unless $action;

if ($action eq "view") {
  invalid_input unless ($id and $id =~ m/^[0-9]+$/);
} elsif ($action eq "relocate") {
  invalid_input unless (($id =~ m/^[0-9]+$/) and ($storage =~ /^[a-z0-9]*$/));
} elsif ($action eq "login") {
} else {
  invalid_input;
}

send_cookie;

for ($action) {
  if    (/^view$/) {
    cmd_view($id);
  } elsif (/^relocate$/) {
    if ($session->param('authenticated') eq "yes") {
      $session->expire("5y");
      cmd_relocate($id, $storage);
    } else {
      unauthorized();
    }
  } elsif (/^login$/) {
    cmd_login($password);
  } else {
    invalid_input;
  }
}