<?php /* Copyright (c) 2024 Freya Murphy */
class _comments_controller extends Controller {

	private $comments_model;

	function __construct() {
		$this->comments_model = $this->load_model('_comments');
	}

	public function comments(string $page, string $ref): void {
		$data = $this->comments_model->get_comments($page);
		$this->view('comments', array(
			'comments' => $data,
			'ref' => $ref,
			'page' => $page
		));
	}

	public function post(): void {
		$author = ''; $content = ''; $ref = '';
		if (
			!array_key_exists('author', $_GET) ||
			!array_key_exists('content', $_GET) ||
			!array_key_exists('ref', $_GET) ||
			!array_key_exists('page', $_GET)
		) {
			$this->error(400); return;
		}

		$author = trim($_GET['author']);
		$content = trim($_GET['content']);
		$page = $_GET['page'];
		$ref = $_GET['ref'];
		$url = NULL;

		$author_len = strlen($author);
		$content_len = strlen($content);

		if ($author_len < 1 || $content_len < 1) {
			$this->error(400);
			return;
		}

		if ($author_len > 30 || $content_len > 500) {
			$this->error(413);
			return;
		}

		if (base64_encode(base64_decode($ref)) !== $ref) {
			// invalid base64
			$this->error(400);
			return;
		}

		try {
			$ref = base64_decode($ref);
			$url = parse_url($ref);
			if (!$url && array_key_exists('host', $url)) {
				// dont allow redirects off this site
				$this->error(400);
				return;
			}
		} catch (Exception $e) {
			$this->error(400);
			return;
		}

		$vulgar = 'false';
		if (
			$this->comments_model->is_vulgar($author) ||
			$this->comments_model->is_vulgar($content)
		) {
			$vulgar = 'true';
		}

		$result = $this->comments_model
			->post_comment($author, $content, $page, $vulgar);

		if ($result) {
			header('Location: ' . $this->get_url($ref) . '#comments');
		} else {
			$this->error(500);
		}
	}
}