<?php

include_once __DIR__.'/../../core.php';

switch (post('op')) {
    case 'add':

    $nome = save($_POST['nome']);
    $idcategoria = save($_POST['idcategoria']);
    $data = saveDate($_POST['data']);

    $dir_ok = true;
    $nome_modulo = 'Gestione documentale';
    $nome_allegato = save($_POST['nome_allegato']);
    $filename = $_FILES['blob']['name'];
    $src = $_FILES['blob']['tmp_name'];
    $f = pathinfo($filename);

    //$q="SELECT idanagrafica FROM zz_utenti WHERE idutente=".$_SESSION['idutente'];
    //$rs=$dbo->fetchArray($q);
    //$idutente=$rs[0]['idanagrafica'];

    $dst_file = sanitizeFilename($f['filename'].'.'.$f['extension']);
    $dst_dir = $docroot.'/files/gestione_documentale/';
    $dst_dir = strtolower($dst_dir);

    //Rinomino il file se non esiste giĆ 
    $f = pathinfo($dst_file);
    $i = 1;

    while (file_exists($dst_dir.'/'.$dst_file)) {
        $dst_file = sanitizeFilename($f['filename'].'_'.$i.'.'.$f['extension']);
        ++$i;
    }

    //Se la destinazione non esiste la creo
    if (!is_dir($dst_dir)) {
        if (!mkdir($dst_dir)) {
            $dir_ok = false;
            array_push($_SESSION['errors'], 'Non hai i permessi per creare directory!');
            header('Location: '.$rootdir.'/controller.php?id_module='.Modules::get('Gestione documentale')['id']);
            exit;
        }
    }

    //Creazione file fisico
    if ($dir_ok) {
        if (move_uploaded_file($src, $dst_dir.'/'.$dst_file)) {
            $rs = $dbo->query("INSERT INTO `zz_documenti`( nome, idcategoria, data ) VALUES( '".$nome."','".$idcategoria."','".$data."' )");

            $id_record = $dbo->last_inserted_id();

            $rs = $dbo->query('INSERT INTO `zz_files`( nome, filename, id_module, id_record ) VALUES( "'.$nome_allegato.'", "'.$dst_file.'", "'.Modules::get('Gestione documentale')['id'].'", "'.$id_record.'" )');

            array_push($_SESSION['infos'], 'File caricato correttamente!');
        } else {
            array_push($_SESSION['errors'], 'Errore durante il caricamento del file!');
            header('Location: '.$rootdir.'/controller.php?id_module='.Modules::get('Gestione documentale')['id']);
            exit;
        }
    }
    break;

    case 'update':

        if ($permessi[$module_name] == 'rw') {
            //leggo tutti i valori passati dal POST e li salvo in un array
            $html_post = [];
            foreach ($_POST as $key => $value) {
                $html_post[$key] = save($value);
            }

            if (isset($_POST['id_record'])) {
                $query = 'UPDATE zz_documenti SET '.
                                    'idcategoria="'.$html_post['idcategoria'].'",'.
                                    'nome="'.$html_post['nome'].'",'.
                                    'data="'.saveDate($html_post['data']).'"'.
                                    "WHERE id = '$id_record' ".$additional_where['Gestione documenti'];

                $rs = $dbo->query($query);

                array_push($_SESSION['infos'], "Informazioni per la scheda ''".$html_post['id']."'' salvate correttamente!");
            }
        }

    break;

    case 'delete':
        if ($permessi[$module_name] == 'rw') {
            $rs = $dbo->fetchArray('SELECT id FROM zz_files WHERE externalid = "'.$id_record."\" AND module = '".$module_name."' ");
            $n = sizeof($rs);

            //Per tutte le sessioni di lavoro trovate
            for ($i = 0; $i < $n; ++$i) {
                //Elimino fisicamente il file...
                $rs2 = $dbo->fetchArray('SELECT filename FROM zz_files WHERE id = "'.$rs[$i]['id'].'" ');
                unlink($docroot.'/files/'.strtolower($module_name).'/'.$rs2[0]['filename']);
            }

            //...e da db
            $dbo->query('DELETE FROM zz_files WHERE externalid = "'.$id_record."\" AND module = '".$module_name."' ");
            $dbo->query('DELETE FROM zz_documenti WHERE id = "'.$id_record.'" ');

            array_push($_SESSION['infos'], 'Scheda e relativi files eliminati!');
        }

        break;
}