<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");


$page_title="Edit API Key";
$page_message="Edit API key. Update API key information and click the 'Submit' button.";
$page_message_class="alert alert-info";
$page_header_file_no_data="api_keys_view.php";


$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;


if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
    {
    extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
    }


if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
    {
    extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
    }


if (empty($api_key_id) || !filter_var($api_key_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_id=?", array($api_key_id), array("i")))) //invalid record
    {
    header("Location: $page_header_file_no_data");
    exit();
    }


if (!isset($submit_ok)) //extract fetched variables only if form wasn't submitted (otherwise data entered by user will be overwritten with data from database in case of form submission failure)
    {
    foreach ($rows_array as $row)
        {
        extract($row);
        }
    }


if (isset($submit_ok))
    {
    if (!empty($delete_record) && $delete_record==1)
        {
        $removed_records=deleteRow("DELETE FROM apl_api_keys WHERE api_key_id=?", array($api_key_id), array("i"));
        if ($removed_records>0)
            {
            $page_message="Deleted $removed_records API key(s) from the database.";
            createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
            header("Location: $page_header_file_no_data");
            exit();
            }
        else
            {
            $error_detected=1;
            $error_details.="Invalid record or database error.<br>";
            }
        }

    if (!empty($api_key_secret) && validateNumberOrRange($api_key_clients_add, 0, 1) && validateNumberOrRange($api_key_clients_edit, 0, 1) && validateNumberOrRange($api_key_licenses_add, 0, 1) && validateNumberOrRange($api_key_licenses_edit, 0, 1) && validateNumberOrRange($api_key_products_add, 0, 1) && validateNumberOrRange($api_key_products_edit, 0, 1) && validateNumberOrRange($api_key_installations_edit, 0, 1) && validateNumberOrRange($api_key_search, 0, 1) && validateNumberOrRange($api_key_status, 0, 2))
        {
        if (!empty($api_key_ip))
            {
            $api_key_ip_array=explode(",", $api_key_ip);
            foreach ($api_key_ip_array as $ip_address)
                {
                if (!filter_var($ip_address, FILTER_VALIDATE_IP))
                    {
                    $error_detected=1;
                    $error_details.="Invalid IP address.<br>";
                    break;
                    }
                }
            }

        if ($error_detected!=1)
            {
            $updated_records=updateRow("UPDATE apl_api_keys SET api_key_secret=?, api_key_ip=?, api_key_clients_add=?, api_key_clients_edit=?, api_key_licenses_add=?, api_key_licenses_edit=?, api_key_products_add=?, api_key_products_edit=?, api_key_installations_edit=?, api_key_search=?, api_key_status=? WHERE api_key_id=?", array($api_key_secret, $api_key_ip, $api_key_clients_add, $api_key_clients_edit, $api_key_licenses_add, $api_key_licenses_edit, $api_key_products_add, $api_key_products_edit, $api_key_installations_edit, $api_key_search, $api_key_status, $api_key_id), array("s", "s", "i", "i", "i", "i", "i", "i", "i", "i", "i", "i"));
            if ($updated_records<1)
                {
                $error_detected=1;
                $error_details.="Invalid record details or duplicated record (no new data).<br>";
                }
            else
                {
                $action_success=1;
                }
            }
        }
    else
        {
        $error_detected=1;
        $error_details.="Invalid API secret, permissions, or status.<br>";
        }

    if ($action_success==1) //everything OK
        {
        $page_message="API key $api_key_secret updated.";
        createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
        $page_message_class="alert alert-success";
        }
    else //display error message
        {
        $page_message="The database could not be updated because of this error: <br><br>$error_details";
        $page_message_class="alert alert-danger";
        }
    }


//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)

Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment

$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());

echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends