#!/usr/bin/perl

use strict;
use warnings;

use Config::Simple;
use CGI::Simple;
use CGI::Session;
use DBI;

tie my %Config, "Config::Simple", '/etc/mat.conf';

my $q = new CGI::Simple;
my $id = $q->param('id');
my $action = $q->param('action');
my $storage = $q->param('storage');
my $session = CGI::Session->new(undef, undef, {Directory =>
    $Config{'session_directory'}});

sub misconfigured
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "This system is misconfigured.\n";
  exit 1;
}

sub invalid_input()
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "Invalid input.\n";
  exit 1;
}

sub unauthorized()
{
  print "Content-Type: text/plain; charset=utf-8\n\r\n\r";
  print "Not authorized!\n";
  exit 1;
}

sub send_cookie()
{
  print $session->header(-type => 'text/html', -charset => 'utf8');
}

sub cmd_view($)
{
  my ( $id ) = @_;

  my $db = DBI->connect($Config{'database'}, "", "",
      {HandleError => \&misconfigured, AutoCommit => 1});

  my $recipe_row = $db->selectrow_arrayref("SELECT name, storage, uri FROM ".
      "recipes AS r JOIN inventory AS i ON i.recipe_id=r.id WHERE i.id=".$id.
      ";");

  print $id, "<br />", $$recipe_row[0], "<br />", $$recipe_row[1], "<br />";
  if(substr($$recipe_row[2], 0, 4) eq "http") {
    print '<a href="'.$$recipe_row[2].'">'.$$recipe_row[2].'</a>', "<br />";
  } else {
    print $$recipe_row[2], "<br />";
  }
  if ($session->param('authenticated') eq "yes") {
    print "<font size=20>\n";
    for my $store ( split(" ", $Config{'relocate_stores'}) ) {
      print " <a href=".$Config{'label_id_prefix'}."$id/relocate/$store>".
          "$store</a> \n";
    }
    print "</font>";
  }
}

sub cmd_relocate($$)
{
  my ( $id, $storage ) = @_;

  my $db = DBI->connect($Config{'database'}, "", "",
      {HandleError => \&misconfigured, AutoCommit => 1});

  $db->do('UPDATE inventory SET storage="'.$storage.'" WHERE id='.$id);

  cmd_view($id);
}

### MAIN PROGRAM ##############################################################

misconfigured unless ($Config{'database'});
misconfigured unless $session;
invalid_input unless ($id and $action);

invalid_input unless (($id =~ m/^[0-9]+$/) and ($action =~ m/^view|relocate$/) and
    ($storage =~ /^[a-z0-9]*$/));
send_cookie;

for ($action) {
  if    (/^view$/) {
    cmd_view($id);
  }
  elsif (/^relocate$/) {
    if ($session->param('authenticated') eq "yes") {
      $session->expire("5y");
      cmd_relocate($id, $storage);
    } else {
      unauthorized();
    }
  }
  else {
    invalid_input;
  }
}