<?php
use function Hestiacp\quoteshellarg\quoteshellarg;

ob_start();
$TAB = "DB";

// Main include
include $_SERVER["DOCUMENT_ROOT"] . "/inc/main.php";

// Check POST request
if (!empty($_POST["ok"])) {
	// Check token
	verify_csrf($_POST);

	// Check empty fields
	if (empty($_POST["v_database"])) {
		$errors[] = _("Database");
	}
	if (empty($_POST["v_dbuser"])) {
		$errors[] = _("Username");
	}
	if (empty($_POST["v_password"])) {
		$errors[] = _("Password");
	}
	if (empty($_POST["v_type"])) {
		$errors[] = _("Type");
	}
	if (empty($_POST["v_host"])) {
		$errors[] = _("Host");
	}
	if (empty($_POST["v_charset"])) {
		$errors[] = _("Charset");
	}
	if (!empty($errors[0])) {
		foreach ($errors as $i => $error) {
			if ($i == 0) {
				$error_msg = $error;
			} else {
				$error_msg = $error_msg . ", " . $error;
			}
		}
		$_SESSION["error_msg"] = sprintf(_('Field "%s" can not be blank.'), $error_msg);
	}

	// Validate email
	if (!empty($_POST["v_db_email"]) && empty($_SESSION["error_msg"])) {
		if (!filter_var($_POST["v_db_email"], FILTER_VALIDATE_EMAIL)) {
			$_SESSION["error_msg"] = _("Please enter a valid email address.");
		}
	}

	// Check password length
	if (empty($_SESSION["error_msg"])) {
		if (!validate_password($_POST["v_password"])) {
			$_SESSION["error_msg"] = _("Password does not match the minimum requirements.");
		}
	}

	// Protect input
	$v_database = quoteshellarg($_POST["v_database"]);
	$v_dbuser = quoteshellarg($_POST["v_dbuser"]);
	$v_type = $_POST["v_type"];
	$v_charset = $_POST["v_charset"];
	$v_host = $_POST["v_host"];
	$v_db_email = $_POST["v_db_email"];

	// Add database
	if (empty($_SESSION["error_msg"])) {
		$v_type = quoteshellarg($_POST["v_type"]);
		$v_charset = quoteshellarg($_POST["v_charset"]);
		$v_host = quoteshellarg($_POST["v_host"]);
		$v_password = tempnam("/tmp", "vst");
		$fp = fopen($v_password, "w");
		fwrite($fp, $_POST["v_password"] . "\n");
		fclose($fp);
		exec(
			HESTIA_CMD .
				"v-add-database " .
				$user .
				" " .
				$v_database .
				" " .
				$v_dbuser .
				" " .
				$v_password .
				" " .
				$v_type .
				" " .
				$v_host .
				" " .
				$v_charset,
			$output,
			$return_var,
		);
		check_return_code($return_var, $output);
		unset($output);
		unlink($v_password);
		$v_password = quoteshellarg($_POST["v_password"]);
		$v_type = $_POST["v_type"];
		$v_host = $_POST["v_host"];
		$v_charset = $_POST["v_charset"];
	}

	// Get database manager url
	if (empty($_SESSION["error_msg"])) {
		[$http_host, $port] = explode(":", $_SERVER["HTTP_HOST"] . ":");
		if ($_POST["v_host"] != "localhost") {
			$http_host = $_POST["v_host"];
		}
		if ($_POST["v_type"] == "mysql") {
			$db_admin = "phpMyAdmin";
		}
		if ($_POST["v_type"] == "mysql") {
			$db_admin_link = "https://" . $http_host . "/phpmyadmin/";
		}
		if ($_POST["v_type"] == "mysql" && !empty($_SESSION["DB_PMA_ALIAS"])) {
			$db_admin_link = "https://" . $http_host . "/" . $_SESSION["DB_PMA_ALIAS"];
		}
		if ($_POST["v_type"] == "pgsql") {
			$db_admin = "phpPgAdmin";
		}
		if ($_POST["v_type"] == "pgsql") {
			$db_admin_link = "https://" . $http_host . "/phppgadmin/";
		}
		if ($_POST["v_type"] == "pgsql" && !empty($_SESSION["DB_PGA_ALIAS"])) {
			$db_admin_link = "https://" . $http_host . "/" . $_SESSION["DB_PGA_ALIAS"];
		}
	}

	// Email login credentials
	if (!empty($v_db_email) && empty($_SESSION["error_msg"])) {
		$to = $v_db_email;
		$template = get_email_template("database_credentials", $_SESSION["language"]);
		if (!empty($template)) {
			preg_match("/<subject>(.*?)<\/subject>/si", $template, $matches);
			$subject = $matches[1];
			$subject = str_replace(
				["{{hostname}}", "{{appname}}", "{{dabase}}", "{{dbuser}}"],
				[
					get_hostname(),
					$_SESSION["APP_NAME"],
					$user_plain . "_" . $_POST["v_database"],
					$user_plain . "_" . $_POST["v_dbuser"],
				],
				$subject,
			);
			$template = str_replace($matches[0], "", $template);
		} else {
			$template = _(
				"Database has been created.\n" .
					"\n" .
					"Database: {{database}}\n" .
					"Username: {{username}}\n" .
					"Password: {{password}}\n" .
					"SQL Manager: {{dbadmin}}\n" .
					"\n" .
					"Best regards,\n" .
					"\n" .
					"--\n" .
					"{{appname}}",
			);
		}
		if (empty($subject)) {
			$subject = str_replace(
				["{{subject}}", "{{hostname}}", "{{appname}}"],
				[
					sprintf(
						_("Database Credentials: %s"),
						$user_plain . "_" . $_POST["v_database"],
					),
					get_hostname(),
					$_SESSION["APP_NAME"],
				],
				$_SESSION["SUBJECT_EMAIL"],
			);
		}

		$hostname = get_hostname();
		$from = !empty($_SESSION["FROM_EMAIL"]) ? $_SESSION["FROM_EMAIL"] : "noreply@" . $hostname;
		$from_name = !empty($_SESSION["FROM_NAME"])
			? $_SESSION["FROM_NAME"]
			: $_SESSION["APP_NAME"];

		$mailtext = translate_email($template, [
			"database" => htmlentities($user_plain . "_" . $_POST["v_database"]),
			"username" => htmlentities($user_plain . "_" . $_POST["v_dbuser"]),
			"password" => htmlentities($_POST["v_password"]),
			"dbadmin" => $db_admin_link,
			"appname" => $_SESSION["APP_NAME"],
		]);

		send_email($to, $subject, $mailtext, $from, $from_name);
	}

	// Flush field values on success
	if (empty($_SESSION["error_msg"])) {
		$_SESSION["ok_msg"] = htmlify_trans(
			sprintf(
				_("Database {%s} has been created successfully. / {Open %s}"),
				htmlentities($user_plain) . "_" . htmlentities($_POST["v_database"]),
				htmlentities($user_plain) . "_" . htmlentities($_POST["v_database"]),
			),
			"</a>",
			'<a href="/edit/db/?database=' .
				htmlentities($user_plain) .
				"_" .
				htmlentities($_POST["v_database"]) .
				'">',
			'<a href="' . $db_admin_link . '" target="_blank">',
		);
		unset($v_database);
		unset($v_dbuser);
		unset($v_password);
		unset($v_type);
		unset($v_charset);
	}
}

// Get user email
$v_db_email = "";
if (empty($v_database)) {
	$v_database = "";
}
if (empty($v_dbuser)) {
	$v_dbuser = "";
}

// List avaiable database types
$db_types = explode(",", $_SESSION["DB_SYSTEM"]);

// List available database servers
exec(HESTIA_CMD . "v-list-database-hosts json", $output, $return_var);
$db_hosts_tmp1 = json_decode(implode("", $output), true);
$db_hosts_tmp2 = array_map(function ($host) {
	return $host["HOST"];
}, $db_hosts_tmp1);
$db_hosts = array_values(array_unique($db_hosts_tmp2));
unset($output);
unset($db_hosts_tmp1);
unset($db_hosts_tmp2);

$accept = $_GET["accept"] ?? "";

render_page($user, $TAB, "add_db");

// Flush session messages
unset($_SESSION["error_msg"]);
unset($_SESSION["ok_msg"]);