<?php
/*  Authors         :   Carlos C. Corrada-Bravo
                        David J. Ortiz-Rivera

    Organization    :   Centro de Desarrollo y Consultoria Computacional
    Project         :   OPASO Material Registry   
    File            :   session.php
    Description     :   Handle google login for OPASO */

	/* verify token */
	if(isset($_GET["code"])){
    	/* initialize client */
		require_once "vendor/autoload.php";
		$config = "config/o_auth.json";
    	$client = new Google_Client();
    	$client->setAuthConfig($config);
		
		/* fetch token */
		$token = $client->fetchAccessTokenWithAuthCode($_GET["code"]);

		/* handle expired token */
		if(isset($token["error"])){	
			header("Location: /?error=token_expired");
			die();
		}

		/* verify login */
		else{
			/* extract user email */
			require "config/database.php";
			$client->setAccessToken($token["access_token"]);
			$google_oauth = new Google_Service_Oauth2($client);
			$account_info = $google_oauth->userinfo->get();
			$email = $account_info->email;

			/* fetch user data */
			$sign_in = $db->prepare("SELECT person_id,person_name FROM Person WHERE email=?");
			$sign_in->bind_param("s",$email);
			$sign_in->execute();
			$sign_in->bind_result($person_id,$person_name);
			$sign_in->store_result();

			/* registered email */
			if($sign_in->fetch()){
				$authorized = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");

				$authorized->bind_param("i",$person_id);
				$authorized->execute();
				$authorized->bind_result($lab_id,$lab_room,$access_level);
				$authorized->store_result();
				/* start user session */
				start_session();

				$_SESSION["authorized"] = array();
				$access_level = "technician";
				$pi_flag = false;
				$admin_flag = false;

				/* fetch entries */
				while($authorized->fetch()){
					if($access_level == "investigator"){
						$pi_flag = true;
					}

					elseif($access_level == "admin"){
						$admin_flag = true;
					}

			    	$_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);
				}

				/* set user data */
				$_SESSION["person_id"] = $person_id;
				$_SESSION["person_name"] = explode(" ",$person_name)[0];

				/* set highest access level */
				if($pi_flag){
					$access_level = "investigator";
				}

				elseif($admin_flag){
					$access_level = "admin";
				}

				$_SESSION["access_level"] = $access_level;
    			$_SESSION["created"] = time();
				$_SESSION["last_activity"] = time();

				/* save lab data */
				while($authorized->fetch()){
			    	$_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);
				}

				/* set user data */
				$_SESSION["person_id"] = $person_id;
				$_SESSION["person_name"] = explode(" ",$person_name)[0];
    			$_SESSION["created"] = time();
				$_SESSION["last_activity"] = time();
				
				$sign_in->close();
				$authorized->close();
				header("Location: menu");
				exit();
			}

			/* unregistered email */ 
			else{
				header("Location: /?error=login_failed");
				die();
			}
				
			$sign_in->close();
		}
	}

	/* redirect to index */
	else{
		header("Location: /");
		die();
	}

	/* start session */
	function start_session(){
		/* start user session */
		if(!isset($_SESSION)){
			session_start();
	    }
	}
?>