#include <err.h>
#include <sqlite3.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "cforum.h"

#define MAXMSG 300

int
main(int argc, char *argv[])
{
	char *delete, *home, *k, msg[MAXMSG], *new, *ssecret, *v;
	int attid, postid, suser, userid;
	struct session *session;
	sqlite3_stmt *stmt;

	/*
	 * The database is opened or a server error is generated.
	 * In the rest of the program, the database is always
	 * assumed to be opened.
	 */
	if(sqlite3_open("db", &db) != SQLITE_OK){
		snprintf(msg, MAXMSG,
		    "The database could not be opened: %s\n",
		    sqlite3_errmsg(db));
		srverr(msg);
		sqlite3_close(db);
		return 1;
	}

	/*
	 * The site name is retrieved from the database. This early on,
	 * it is appropriate to die with a server error on failure.
	 */
	if(sqlite3_prepare(db,
	    "SELECT value FROM settings WHERE key = 'name'",
	    -1, &stmt, 0) != SQLITE_OK){
		snprintf(msg, MAXMSG,
		    "The site name could not be retrieved: %s\n",
		    sqlite3_errmsg(db));
		srverr(msg);
		sqlite3_close(db);
		return 1;
	}
	if(sqlite3_step(stmt) == SQLITE_ROW)
		site.name = strdup((char *)sqlite3_column_text(stmt, 0));
	else{
		snprintf(msg, MAXMSG, "The site name is not set.\n");
		srverr(msg);
		sqlite3_finalize(stmt);
		sqlite3_close(db);
		return 1;
	}
	sqlite3_finalize(stmt);

	/*
	 * The global struct query is set, or the program dies.
	 * From now on, query is assumed to be set.
	 */
	setquery();

	/* Check session. */
	curuser = NULL;
	ssecret = NULL;
	suser = -1;
	while(k = nextcookie(MAXCOOKIE+20)){
		v = split(k);
		if(!ssecret && strcmp(k, "session") == 0) ssecret = strdup(v);
		else if(suser == -1 && strcmp(k, "user") == 0) suser = atoi(v);
	}

	if(sqlite3_prepare(db,
	    "SELECT oid, * FROM sessions WHERE user = ? AND string = ?",
	    -1, &stmt, 0) != SQLITE_OK)
		goto skip;

	if(sqlite3_bind_int(stmt, 1, suser) != SQLITE_OK)
		goto skip;

	if(sqlite3_bind_text(stmt, 2, ssecret, -1, SQLITE_STATIC) != SQLITE_OK)
		goto skip;

	if(!(session = getsession(stmt)))
		goto skip;

	/* Session is valid. */
	cursession = session;
	curuser = getuser(selectbyint("users", "oid", suser));

skip:
	/* Handle empty request. */
	if(!*query.string){
		showfront();
		goto end;
	}

	/* Parse query string. */
	new = delete = NULL;
	attid = postid = userid = 0;
	while(k = nextparam(GET, NULL, 128)){
		v = split(k);
		if(!attid && strcmp(k, "att") == 0) attid = atoi(v);
		else if(!postid && strcmp(k, "post") == 0) postid = atoi(v);
		else if(!userid && strcmp(k, "user") == 0) userid = atoi(v);
		else if(!new && strcmp(k, "new") == 0) new = strdup(v);
		else if(!delete && strcmp(k,"delete") == 0) delete = strdup(v);
	}

	/* Handle request. */
	if(attid)
		showatt(attid);
	else if(postid)
		showpost(postid);
	else if(userid)
		showuser(userid);
	else if(new){
		if(strcmp(v, "att") == 0) newatt();
		else if(strcmp(v, "post") == 0) newpost();
		else if(strcmp(v, "user") == 0) newuser();
		else if(strcmp(v, "session") == 0) newsession();
		else showfront(); /* TODO */
	}
	else if(delete){
		if(strcmp(v, "session") == 0){
			if(cursession)
				deletesession(cursession);
			home = getenv("REQUEST_URI");
			home[strcspn(home, "?")] = 0;
			printf("Status: 303 See Other\n");
			printf("Location: %s\n\n", home);
		}
	}else
		showfront();

end:
	sqlite3_close(db);
	return 0;
}