<?php
session_start();

require('Account.php');

if ((isset($_POST['userid']) && $_POST['userid'] != '') && (isset($_POST['password']) && $_POST['userid'] != ''))
{
	// if the user has just tried to create an account
	$userid = $_POST['userid'];
	$password = $_POST['password'];
	$usrExist = false;
	$passExist = false;
	
	/* Read through accounts file and check if the username and password are already taken */
	$fp = fopen("Accounts.txt", 'rb');
	if (!$fp) {
        echo "<b>Could not open/read Accounts.txt<p>";
		/*session_unset($_SESSION['valid_user']);*/
        exit;
    }
	
	while (!feof($fp)) {
        $temp = fgets($fp, 999);
        if (!$temp)
            break;
		
        $account = new Account();
        $account->fillFromJSON($temp);
		if($userid == $account->username)
			$usrExist = true;
		if($password == password_verify($password, $account->passHash))
			$passExist = true;
    }
	fclose($fp);
	
	//if the username already exists
	if($usrExist == true){
		echo "Username is already taken, please try something else";
		//and the password already exists
		if($passExist == true)
			echo "Password is already taken, please try something else";
	}
	//if the password already exists
	else if($passExist == true){
		echo "Password is already taken, please try something else";
	}
	//the username and password dont exist yet
	else{
		
		//write the account information out to the file
		$fp = fopen("Accounts.txt", 'ab');
		if (!$fp) {
			echo "<b>Could not open/write to Accounts.txt<p>";
			exit;
		}
		
		$newAccount = new Account();
		
		$newAccount->username = $userid;
		//$newAccount->password = $password;
		
		$passHash = password_hash($password,PASSWORD_DEFAULT);
		$newAccount->passHash = $passHash;
		
		$newAccount->admin = false;
		
		$json = json_encode($newAccount);
		fwrite($fp, $json, strlen($json));
		fwrite($fp, "\n");
		
		fclose($fp);
		
		$_SESSION['valid_user'] = $userid;
		$_SESSION['meta_data'] = '';
	}
}

?>

<html>
<head>
	<meta charset= "utf-8">
	<meta name= "viewport" content= "width=device-width, initial-scale= 1.0">
	<link rel="stylesheet" href="session.css">
    <title>Create Account</title>
</head>

<body>
<div id="sessionContainer">

<center>
<h1>Home page</h1>
<?php 
  if (isset($_SESSION['valid_user']))
  {
    //echo 'You are logged in as: '.$_SESSION['valid_user'].' <br />';
    echo '<script>window.location.href = "../liveIndex.php"</script>';
  }
  else
  {
	if (isset($userid))
    {
		// if they've tried and failed to log in
		echo 'Could not log you in.<br />';
    }
    else 
    {
		// they have not tried to log in yet or have logged out
		echo 'You are not logged in.<br />';
    }

    // provide form to log in 
    echo '<form method="post" action="createAccount.php">';
    echo '<table>';
    echo '<tr><td>Userid:</td>';
    echo '<td><input type="text" name="userid"></td></tr>';
	echo '<tr><td>Password:</td>';
    echo '<td><input type="password" name="password"></td></tr>';
	echo '<tr><td colspan="2" align="center">';
    echo '<input type="submit" value="Create Account"></td></tr>';
	echo '</table></form>';
  }
?>

<br />
<a href="logout.php">Return</a>
</center>

</div>
</body>
</html>
