<?php

require_once('files/functions.php');

function GetAction($action) {
	if(isset($_POST['action']) && $_POST['action'] == $action) {
		return true;
	} else {
		return false;
	}
}

if(GetAction('select-service')) {
    $user->IsLogged();

    $service_id = $layer->safe('service-id');
    $service_type = $layer->GetData('services', 'ServiceType', 'ServiceID', $service_id);

    if($service_type == 'hashtag') {
        echo 'hashtag';
    } else if($service_type == 'comments') {
        echo 'comments';
    } else if($service_type == 'mentions') {
        echo 'mentions';
    }
}

if(GetAction('generate-new-api')) {
	$user->IsLogged();

	$api = md5($UserName.time().'$hash$');

	$stmt = $pdo->prepare('UPDATE users SET UserAPI = :UserAPI WHERE UserID = :UserID');
	$stmt->execute(array(':UserAPI' => $api, ':UserID' => $UserID));

	echo $api;
}

if(GetAction('get-user-balance')) {
	$user->IsLogged();

	echo $UserBalance;
}

if(GetAction('get-services')) {
	$user->IsLogged();

	$category_id = $layer->safe('category-id');

	$stmt = $pdo->prepare('SELECT * FROM services WHERE ServiceCategoryID = :ServiceCategoryID AND ServiceActive = "Yes"');
	$stmt->execute(array(':ServiceCategoryID' => $category_id));

	$html = '';

	foreach($stmt->fetchAll() as $row) {
		$html .= '<option value="'.$row['ServiceID'].'">'.$row['ServiceName'].'</option>';
	}

	echo $html;
}

if(GetAction('get-price')) {
	$user->IsLogged();

	$price = $orders->GetPrice($_POST['service-id'], $_POST['quantity']);
	echo $price;
}

if(GetAction('get-min-quantity')) {
	$user->IsLogged();

	$service_id = $layer->safe('service-id');
	$quantity = $layer->GetData('services', 'ServiceMinQuantity', 'ServiceID', $service_id);

	echo $quantity;
}

if(GetAction('get-max-quantity')) {
	$user->IsLogged();

	$service_id = $layer->safe('service-id');
	$quantity = $layer->GetData('services', 'ServiceMaxQuantity', 'ServiceID', $service_id);

	echo $quantity;
}

if(GetAction('get-description')) {
    $user->IsLogged();

    $service_id = $layer->safe('service-id');
    $description = $layer->GetData('services', 'ServiceDescription', 'ServiceID', $service_id);

    echo $description;
}

if(GetAction('get-link-quantity')) {
	$user->IsLogged();

	$service_id = $layer->safe('service-id');
	$link = $_POST['link'];

	if(!empty($link)) {
		$link = $layer->safe('link');
		$return = $orders->GetQuantityPerLink($service_id, $link);
		echo $return;
	} else {
		echo 0;
	}
}

if(GetAction('login')) {
	$username = $layer->safe('username');
	$password = $layer->safe('password');

	$stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserPassword = :UserPassword');
	$stmt->execute(array(':UserName' => $username, ':UserPassword' => md5($password)));

	if($stmt->rowCount() == 1) {
		$row = $stmt->fetch();
		if($settings['IPLock'] == 'Yes') {
			if($row['UserIPAddress'] != $ip) {
				echo 'Ваш IP-адрес регистрации не соответствует вашему текущему.';
				echo 'Если вы считаете, что это проблема, не стесняйтесь обращаться в нашу службу поддержки.';

				exit();
			}
		}

		$stmt = $pdo->prepare('SELECT * FROM users_banned WHERE UserBannedID = :UserBannedID');
		$stmt->execute(array(':UserBannedID' => $row['UserID']));
		if($stmt->rowCount() == 1) {
			$ban_row = $stmt->fetch();

			if(time() > $ban_row['UserBannedExpireDate'] && $ban_row['UserBannedExpireDate'] != 0) {
				$stmt = $pdo->prepare('DELETE FROM users_banned WHERE UserBannedID = :UserBannedID');
				$stmt->execute(array(':UserBannedID' => $row['UserID']));
			} else {
				if($ban_row['UserBannedExpireDate'] == 0)
					$time = 'Never';
				else
					$time = date('d.m.Y h:I:s', $ban_row['UserBannedExpireDate']);

				echo 'Вы заблокированы!<br>';
				echo 'Причина: '.$ban_row['UserBannedReason'].'<br>';
				echo 'Разблокировка: '.date('d.m.Y h:I:s', $ban_row['UserBannedDate']).'<br>';
				echo 'Осталось: '.$time.'<br>';

				exit();
			}
		}

		$stmt = $pdo->prepare('INSERT INTO logs (LogUserID, LogDate) VALUES (:LogUserID, :LogDate)');
		$stmt->execute(array(':LogUserID' => $row['UserID'], ':LogDate' => time()));

		$_SESSION['auth'] = $row['UserID'];
		$layer->redirect('index.php');
	} else {
		echo 'Неверная информация для входа.';
	}
}

if(GetAction('restore')) {
	$username = $layer->safe('username');
	if($username == 'demo') {
		echo 'Вам не разрешается сбрасывать пароль учетной записи, пока вы регистрируетесь в качестве демонстрационного пользователя.';
	} else {
		if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
			$email = $_POST['email'];

			$stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserEmail = :UserEmail');
			$stmt->execute(array(':UserName' => $username, ':UserEmail' => $email));

			if($stmt->rowCount() == 1) {
				$row = $stmt->fetch();

				$np = $layer->GenerateRandomString(6);
				$stmt = $pdo->prepare('UPDATE users SET UserPassword = :UserPassword WHERE UserID = :UserID');
				$stmt->execute(array(':UserPassword' => md5($np), ':UserID' => $row['UserID']));
				echo '<div class="text-success">Новый пароль выслан на ваш почтовый адрес</div>';

				$msg = "Аккаунт ID: ".$row['UserName']."\n";
				$msg .= "Пароль вашей учетной записи был сброшен ".$_SERVER["REMOTE_ADDR"]."\n";
				$msg .= "Ваш новый пароль учетной записи: $np \n";
				$msg .= "Если думаете, что это ошибка, обратитесь к администраторам веб-сайта.\n";
				$msg = wordwrap($msg,70);

				// send email
				@mail($email,"Восстановление пароля учетной записи",$msg);
			} else {
				echo 'Пользователь с этими учетными данными не существует.';
			}
		}
	}
}

if(GetAction('update-password')) {
	$user->IsLogged();

	if($UserName == 'demo') {
		echo 'Демо-счету не разрешено изменять пароль по умолчанию.';
	} else {
		$current_password = $layer->safe('current-password');
		$new_password = $layer->safe('new-password');
		$repeat_new_password = $layer->safe('repeat-new-password');

		$stmt = $pdo->prepare('SELECT * FROM users WHERE UserID = :UserID AND UserPassword = :UserPassword');
		$stmt->execute(array(':UserID' => $UserID, ':UserPassword' => md5($current_password)));

		if($stmt->rowCount() == 1) {
			if($new_password == $repeat_new_password) {
				if(strlen($new_password) >= 4 && strlen($new_password) <= 32) {
					if($current_password != $new_password) {
						$stmt = $pdo->prepare('UPDATE users SET UserPassword = :UserPassword WHERE UserID = :UserID');
						$stmt->execute(array(':UserPassword' => md5($new_password), ':UserID' => $UserID));
						echo '<div class="text-success">Пароль успешно изменен.</div>';
					} else {
						echo 'Ваш новый пароль похож на текущий. Пожалуйста, попробуйте другой.';
					}
				} else {
					echo 'Длина пароля должна быть от 4 до 32 символов.';
				}
			} else {
				echo 'Повторный пароль не соответствует вашему новому паролю.';
			}
		} else {
			echo 'Текущий пароль недействителен.';
		}
	}
}


if(GetAction('new-order')) {
	$user->IsLogged();

	if($UserName == 'demo') {
		echo 'Демонстрационная учетная запись не разрешается заказывать.';
	} else {

		$service_id = $layer->safe('service');
		$link = $layer->safe('link');
		$quantity = $layer->safe('quantity');

		if(isset($_POST['comments'])) {
			$additional = $_POST['comments'];
			$additional = str_replace("\n", ",", $additional);
		} else if(isset($_POST['hashtag'])) {
			$additional = $_POST['hashtag'];
		} else if(isset($_POST['mentions_username'])) {
			$additional = $_POST['mentions_username'];
		}

		$charge = $orders->GetPrice($service_id, $quantity);
		$max_quantity = $layer->GetData('services', 'ServiceMaxQuantity', 'ServiceID', $service_id);

		if(ctype_digit($service_id) && ctype_digit($quantity)) {
			$stmt = $pdo->prepare('SELECT * FROM services WHERE ServiceID = :ServiceID');
			$stmt->execute(array(':ServiceID' => $service_id));

			if($stmt->rowCount() == 1) {
				$row = $stmt->fetch();
				if($UserBalance >= $charge) {
					if($quantity >= $row['ServiceMinQuantity'] && $quantity <= $row['ServiceMaxQuantity']) {
						$stmt = $pdo->prepare('SELECT * FROM orders WHERE OrderLink = :OrderLink AND OrderServiceID = :OrderServiceID');
						$stmt->execute(array(':OrderLink' => $link, ':OrderServiceID' => $service_id));

						if($stmt->rowCount() > 0) {
							if($stmt->rowCount() == 1) {
								$query_row = $stmt->fetch();
								$qu_am = $query_row['OrderQuantity'];
							} else {
								$qu_am = 0;

								foreach($stmt->fetchAll() as $qu_row) {
									$qu_am += $qu_row['OrderQuantity'];
								}
							}
							$total = $qu_am + $quantity;
							$total_more = $max_quantity - $qu_am;
							if($total_more < 0) {
								$total_more = 0;
							}

							if($total > $max_quantity) {
								echo $total_more.' осталось для этой услуги';
								exit();
							}
						}
						$order_id = 0;
						$start_count = 0;

						if(!empty($row['ServiceAPI'])) {
							$URL = str_replace('[QUANTITY]', $quantity, $row['ServiceAPI']);
							$URL = str_replace('[LINK]', $link, $URL);

							if(isset($additional) && !empty($additional))
								$URL = str_replace('[ADDON]', $additional, $URL);
							$return = $layer->SendCurl($URL);
							$resp = json_decode($return);

							if(isset($resp) && property_exists($resp, 'order'))
								$order_id = $resp->order;
						}



						$NewBalance = $UserBalance - $charge;

						if($row['ServiceType'] != 'default') {
							 $stmt = $pdo->prepare('INSERT INTO orders (OrderServiceID, OrderUserID, OrderQuantity, OrderLink, OrderCharge, OrderAPIID, OrderAdditional, OrderDate)
						  VALUES (:OrderServiceID, :OrderUserID, :OrderQuantity, :OrderLink, :OrderCharge, :OrderAPIID, :OrderAdditional, :OrderDate)');

							$stmt->execute(array(':OrderServiceID' => $service_id, ':OrderUserID' => $UserID, ':OrderQuantity' => $quantity, ':OrderLink' => $link,
								':OrderCharge' => $charge, ':OrderAPIID' => $order_id, ':OrderAdditional' => $additional, ':OrderDate' => time()));
						} else {
							$stmt = $pdo->prepare('INSERT INTO orders (OrderServiceID, OrderUserID, OrderQuantity, OrderLink, OrderCharge, OrderAPIID, OrderDate)
						  VALUES (:OrderServiceID, :OrderUserID, :OrderQuantity, :OrderLink, :OrderCharge, :OrderAPIID, :OrderDate)');

							$stmt->execute(array(':OrderServiceID' => $service_id, ':OrderUserID' => $UserID, ':OrderQuantity' => $quantity, ':OrderLink' => $link,
								':OrderCharge' => $charge, ':OrderAPIID' => $order_id, ':OrderDate' => time()));
						}

						$stmt = $pdo->prepare('UPDATE users SET UserBalance = :UserBalance WHERE UserID = :UserID');
						$stmt->execute(array(':UserBalance' => $NewBalance, ':UserID' => $UserID));
						echo '
						<script type="text/javascript">
                            reloadService();
                            removeQuantity();
                        </script>
						<div class="text-success">Заказ успешно обработан</div>';
					} else {
						echo 'Сервис мин. кол-во '.$row['ServiceMinQuantity'].', максимальное кол-во '.$row['ServiceMaxQuantity'].'.';
					}
				} else {
					echo 'Недостаточно баланса на счете. <a href="deposit.php">Пополните баланс</a>.';
				}
			} else {
				echo 'Службы не существует.';
			}
		} else {
			echo 'Заполните все поля.';
		}
	}
}

if(GetAction('lock')) {
	if(isset($_SESSION['lock-screen'])) {
		$username = $_SESSION['lock-screen'];
		$password = $layer->safe('password');

		$stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName AND UserPassword = :UserPassword');
		$stmt->execute(array(':UserName' => $username, ':UserPassword' => md5($password)));

		if($stmt->rowCount() == 1) {
			$row = $stmt->fetch();

			$stmt = $pdo->prepare('SELECT * FROM users_banned WHERE UserBannedID = :UserBannedID');
			$stmt->execute(array(':UserBannedID' => $row['UserID']));
			if($stmt->rowCount() == 1) {
				$ban_row = $stmt->fetch();

				if(time() > $ban_row['UserBannedExpireDate'] && $ban_row['UserBannedExpireDate'] != 0) {
					$stmt = $pdo->prepare('DELETE FROM users_banned WHERE UserBannedID = :UserBannedID');
					$stmt->execute(array(':UserBannedID' => $row['UserID']));
				} else {
					if($ban_row['UserBannedExpireDate'] == 0)
						$time = 'Never';
					else
						$time = date('d.m.Y h:I:s', $ban_row['UserBannedExpireDate']);

					echo 'Вы заблокированы!<br>';
					echo 'Причина: '.$ban_row['UserBannedReason'].'<br>';
					echo 'До: '.date('d.m.Y h:I:s', $ban_row['UserBannedDate']).'<br>';
					echo 'Осталось: '.$time.'<br>';

					exit();
				}
			}
			unset($_SESSION['lock-screen']);

			$_SESSION['auth'] = $row['UserID'];
			$layer->redirect('index.php');
		} else {
			echo 'Неверный пароль.';
		}
	}
}


if(GetAction('register')) {
	if($settings['RestrictRegistrations'] == 'No') {
		if(isset($_SESSION['auth'])) {
			$layer->redirect('index.php');
		}

		$username = $layer->safe('username');
		$email = $layer->safe('email');
		$password = $layer->safe('password');
		$re_password = $layer->safe('re_password');

		if($password == $re_password) {
			if(!filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
				if(strlen($email) >= 4 && strlen($email) <= 48) {
					if(strlen($username) >= 4 && strlen($username) <= 32) {
						if(strlen($password) >= 4 && strlen($password) <= 32) {
							if($username != $password) {
								$stmt = $pdo->prepare('SELECT * FROM users WHERE UserName = :UserName OR UserEmail = :UserEmail');
								$stmt->execute(array(':UserName' => $username, ':UserEmail' => $email));

								if($stmt->rowCount() == 0) {
									if($settings['RequireUserFirstName'] == 'Yes') {
										$first_name = $layer->safe('first_name');
										if(strlen($first_name) < 2 && strlen($first_name) > 16) {
											echo 'Длина имени должна быть от 2 до 16 символов.';
											exit();
										}
									} else {
										$first_name = '';
									}

									if($settings['RequireUserLastName'] == 'Yes') {
										$last_name = $layer->safe('last_name');
										if(strlen($last_name) < 2 && strlen($last_name) > 16) {
											echo 'Длина фамилии должна быть от 2 до 16 символов.';
											exit();
										}
									} else {
										$last_name = '';
									}

									if($settings['RequireUserSkypeID'] == 'Yes') {
										$skype_id = $layer->safe('skype_id');
										if(strlen($skype_id) < 2 && strlen($skype_id) > 32) {
											echo 'Длина Skype должна быть от 2 до 32 символов.';
											exit();
										}
									} else {
										$skype_id = '';
									}

									if($settings['RequireUserInstagramID'] == 'Yes') {
										$instagram_id = $layer->safe('instagram_id');
										if(strlen($instagram_id) < 2 && strlen($instagram_id) > 32) {
											echo 'Длина Skype должна быть от 2 до 32 символов.';
											exit();
										}
									} else {
										$instagram_id = '';
									}

									$password = md5($password);

									$api = $layer->GenerateRandomString(15);
									$api = md5($api);

									$stmt = $pdo->prepare('INSERT INTO users (UserName, UserPassword, UserEmail, UserAPI, UserDate, UserIPAddress, UserFirstName, UserLastName, UserSkypeID, UserInstagramID)
									VALUES (:UserName, :UserPassword, :UserEmail, :UserAPI, :UserDate, :UserIPAddress, :UserFirstName, :UserLastName, :UserSkypeID, :UserInstagramID)');

									$stmt->execute(array(':UserName' => $username, ':UserPassword' => $password, ':UserEmail' => $email,
									':UserAPI' => $api, ':UserDate' => time(), ':UserIPAddress' => $ip, ':UserFirstName' => $first_name, ':UserLastName' => $last_name, ':UserSkypeID' => $skype_id, ':UserInstagramID' => $instagram_id));


									$_SESSION['auth'] = $pdo->lastInsertId();

									if(isset($_POST['referr']) && ctype_digit($_POST['referr'])) {
										$stmt = $pdo->prepare('SELECT UserID FROM users WHERE UserID = :UserID');
										$stmt->execute(array(':UserID' => $_POST['referr']));

										if($stmt->rowCount() == 1) {
											$row = $stmt->fetch();

											$stmt = $pdo->prepare('INSERT INTO referrs (ReferrUserID, ReferrReferralUserID, ReferrDate)
											VALUES (:ReferrUserID, :ReferrReferralUserID, :ReferrDate)');

											$stmt->execute(array(':ReferrUserID' => $row['UserID'], ':ReferrReferralUserID' => $_SESSION['auth'], ':ReferrDate' => time()));
										}
									}

									$layer->redirect('index.php');
								} else {
									echo 'Учетная запись с этим именем пользователя / адресом электронной почты уже зарегистрирована.';
								}
							} else {
								echo 'Пароль не может совпадать с именем пользователя.';
							}
						} else {
							echo 'Длина пароля должна быть между 32 символами.';
						}
					} else {
						echo 'Длина имени пользователя должна быть от 4 до 32 символов.';
					}
				} else {
					echo 'Длина электронной почты должна составлять от 4 до 48 символов.';
				}
			} else {
				echo 'Недействительный адрес электронной почты. Предоставьте рабочий.';
			}
		} else {
			echo 'Ваш повторно введенный пароль не соответствует первому.';
		}
	} else {
		echo 'Все регистрации отключены с панели.';
	}
}