<?php

// Database connection details
$host = 'sasaprod.pattinson.org';  // Replace with your database host (usually 'localhost')
$username = 'ppruser';   // Replace with your database username
$password = 'iJ8kN*5[g6P3jaqN';       // Replace with your database password
$database = 'pprdevdb'; // Replace with your database name

function getUserIP() {
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        return $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        return $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        return $_SERVER['REMOTE_ADDR'];
    }
}

function connectDb() {

	// Create connection
	$conn = new mysqli( $GLOBALS['host'], $GLOBALS['username'], $GLOBALS['password'], $GLOBALS['database']);

	// Check connection
	if ($conn->connect_error) {
		die("Connection failed: " . $conn->connect_error);
	}

	return $conn;

}

function logJournal($conn, $id, $message) {

	$stmt = $conn->prepare("INSERT INTO journal (ppr_id, entry, user, ip) VALUES (?, ?, ?, ?)");
	$stmt->bind_param("isss", $id, $message, $_SERVER['PHP_AUTH_USER'], getUserIP());
	$stmt->execute();
	$stmt->close();

}

function require_db_auth() {

	if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
		send_auth_headers();
	}

	$user = $_SERVER['PHP_AUTH_USER'];
	$pass = $_SERVER['PHP_AUTH_PW'];

	$conn = connectDb();

	$stmt = $conn->prepare("SELECT password FROM users WHERE username = ?");
	$stmt->bind_param("s", $user);
	$stmt->execute();
	$stmt->store_result();
	$stmt->bind_result($stored_hash);
	$stmt->fetch();

	// Verify the password
	if ($stmt->num_rows == 0 || !password_verify($pass, $stored_hash)) {
		send_auth_headers();
	}

	// Close the connection
	$stmt->close();
	$conn->close();

}

function send_auth_headers() {
    header('WWW-Authenticate: Basic realm="Restricted Area"');
    header('HTTP/1.0 401 Unauthorized');
    die("Authentication required.");
}

function require_auth() {
	$AUTH_USER = 'admin';
	$AUTH_PASS = 'admin';
	header('Cache-Control: no-cache, must-revalidate, max-age=0');
	$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
	$is_not_authenticated = (
		!$has_supplied_credentials ||
		$_SERVER['PHP_AUTH_USER'] != $AUTH_USER ||
		$_SERVER['PHP_AUTH_PW']   != $AUTH_PASS
	);
	if ($is_not_authenticated) {
		header('HTTP/1.1 401 Authorization Required');
		header('WWW-Authenticate: Basic realm="PPR"');
        echo 'Text to send if user hits Cancel button';
		exit;
	}
}