<?php

include 'globals.php';

if (isset($_SESSION['cliente'])) {
    header('Location: dashboard.php');
    die();
} else {
    $conn = @mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die(mysqli_connect_error());
}

if (isset($_GET['tok']) && isset($_GET['user'])) {
    $query = 'SELECT * FROM `clienti` WHERE Username=\''.$_GET['user'].'\' AND Tok=\''.$_GET['tok'].'\'';
    $ris = @mysqli_query($conn, $query) or die('Errore');
    if (mysqli_num_rows($ris) != 1) {
        $msg = 'Validazione mail non valida';
    } else {
        $query = 'UPDATE `clienti` SET Tok=\'valido\' WHERE Username=\''.$_GET['user'].'\' AND Tok=\''.$_GET['tok'].'\'';
        $ris = @mysqli_query($conn, $query) or die('Errore');
        header('Location: login.php');
        die();
    }
}

if (isset($_POST['register'])) {
    $usr=$_POST['name'];
    $psw=$_POST['password'];
    $email=$_POST['email'];

    $query = "SELECT * FROM `clienti` WHERE Username='$usr' OR Email='$email'";
    $ris = @mysqli_query($conn, $query) or die('Errore');
    if (mysqli_num_rows($ris) > 0) {
        $msg = 'Utente già registrato';
    } else {
        $tok = bin2hex(random_bytes(15));
        $query = "INSERT INTO `clienti` (`Username`, `Password`, `Email`, `Tok`) VALUES ('$usr','$psw','$email','$tok')";
        $ris = @mysqli_query($conn, $query) or die('Errore');

        $message = "Benvenuto!\r\nPer registrarti, vai al link:\r\n\r\nhttp://"
            .'localhost:'.$_SERVER['SERVER_PORT'].'/register.php?tok='.htmlspecialchars($tok)
            .'&user='.htmlspecialchars($usr);
        mail($email, 'Registrati', $message);

        header('Location: login.php');
        die();
    }
} ?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="UTF-8">
	<meta name="description" content="Negozio virtuale">
	<meta name="keywords" content="php.server">
	<title>Negozio Virtuale</title>
</head>
<body>
  <h1>Registrati</h1>
  <a href="./login.php">Login</a>
  <?php if (isset($msg)) {
    echo "<p>$msg</p>";
} ?>
  <form action="register.php" method="post">
    <input type="text" name="name" placeholder="username"/><br/>
    <input type="password" name="password" placeholder="password"/><br/>
    <input type="email" name="email" placeholder="indirizzo email"/><br/>
    <input type="submit" class="submit" name="register" value="Registrati" />
  </form>
</body>
</html>