<?php

/**
 * 提供首頁資料
 * @url /frame/api_getdata.php
 * 
 * @method POST
 * @return JSON
 * 
 * @request 
 * {
 *   "p":數據類別
 * }
 * 
 * @response
 * {
 *   "st":"ok",  (ok 成功 err 失敗)
 *   "err":"", (錯誤訊息)
 *   "errCode":"", (801=>資料格式錯誤,401=>sql錯誤,701=>api錯誤)
 * }
 * 
 */

$json = array("st" => "ok", "err" => "", "errCode" => "");

/**
 * 表單列表
 */
function get_forms()
{
    global $link;

    $i = 1;
    $data = [];
    $sql = "select id, title, path from form_list where status = 'Y' order by create_at desc limit 0, 6";
    $res = mysqli_query($link, $sql);
    while ($row = mysqli_fetch_assoc($res)) {
        $data[$i]["id"] = $row["id"];
        $data[$i]["title"] = $row["title"];
        $data[$i]["path"] = $row["path"];
        $i++;
    }
    mysqli_free_result($res);
    return $data;
}

/**
 * 公告欄列表
 */
function get_board()
{
    global $link;

    $i = 1;
    $data = [];
    $sql  = "select b.id, b.title, b.content, b.attach, a.name, b.create_at from board b, account a ";
    $sql .= "where b.creater = a.accountid and b.status = 'Y' ";
    $sql .= "order by b.create_at desc limit 0, 6";
    $res = mysqli_query($link, $sql);
    while ($row = mysqli_fetch_assoc($res)) {
        $data[$i]["id"] = $row["id"];
        $data[$i]["title"] = $row["title"];
        $data[$i]["board_content"] = nl2br($row["content"]);
        $data[$i]["attach"] = str_replace("board-attach/", "", $row["attach"]);
        $data[$i]["creater"] = $row["name"];
        $data[$i]["create_at"] = $row["create_at"];
        $i++;
    }
    mysqli_free_result($res);
    return $data;
}

/**
 * 系統通知列表
 */
function get_notice($token)
{
    global $link;
    if (!$token) throw new \Exception("token empty", 802);
    list($user_id) = explode(".", $token);
    $i = 1;
    $data = [];
    $sql  = "select id, kind, related_id, title from notice ";
    $sql .= "where (permission like '%" . $user_id . "%' or permission = 'ALL' or creater = '$user_id') ";
    $sql .= "and (haveread != '1' or haveread is null) ";
    $sql .= "order by id desc limit 0, 6";
    $res = mysqli_query($link, $sql);
    while ($row = mysqli_fetch_assoc($res)) {
        $data[$i]["id"] = $row["id"];
        $data[$i]["kind"] = $row["kind"];
        $data[$i]["related_id"] = $row["related_id"];
        $data[$i]["title"] = $row["title"];
        $i++;
    }
    mysqli_free_result($res);
    return $data;
}

/**
 * 待我簽核
 */
function get_pending($token)
{
    global $link;
    if (!$token) throw new \Exception("token empty", 802);
    list($user_id) = explode(".", $token);
    $i = 1;
    $data = [];
    $sql = "
        SELECT
             t.system_id,
            t.system_name,
            t.flow_id,
            t.flow_name,
            COUNT(*)
        FROM (
            SELECT s.form_key,
                m.system_id,
                y.system_name,
                m.flow_id,
                m.flow_name,
                m.path
            FROM subflow s,
                flow f,
                flow_main m,
                system_main y
            WHERE 1=1
            AND m.flow_id NOT IN ('wws04')
            AND EXISTS (
                SELECT form_key,
                    MAX(seq)
                FROM subflow
                GROUP BY form_key
                HAVING SUBSTRING(s.form_key, 1, 10) = form_key
                AND s.seq = max(seq)
                )
                AND SUBSTRING(s.form_key, 1, 10) = f.form_key
                AND f.flow_id = m.flow_id
                AND f.system_id = y.system_id
                AND s.current_assigner = '$user_id'
                AND f.flow_code != 'Z'
            ) t
        GROUP BY t.system_id,
            t.flow_id,
            t.system_name,
            t.flow_name
        LIMIT 0, 6    
    ";

    // $sql  = "select t.system_id, t.system_name, t.flow_id, t.flow_name, count(*) from (";
    // $sql .= "select s.form_key, m.system_id, y.system_name, m.flow_id, m.flow_name, m.path from subflow s, flow f, flow_main m, system_main y ";
    // $sql .= "where ";
    // $sql .= "EXISTS (
    //             select form_key, max(seq) from subflow
    //             group by form_key
    //             having SUBSTRING(s.form_key,1,10) = form_key and s.seq = max(seq)
    //         ) ";
    // $sql .= "and SUBSTRING(s.form_key,1,10) = f.form_key and f.flow_id = m.flow_id and f.system_id = y.system_id and s.current_assigner = '$user_id'";
    // $sql .= ") t group by t.system_id, t.flow_id, t.system_name, t.flow_name ";
    // $sql .= "limit 0, 6";

    $res = mysqli_query($link, $sql);
    while ($row = mysqli_fetch_row($res)) {
        $data[$i]["sid"] = $row[0];
        $data[$i]["sname"] = $row[1];
        $data[$i]["fid"] = $row[2];
        $data[$i]["fname"] = $row[3];
        $data[$i]["cnt"] = $row[4];
        /*
        $data[$i]["id"] = $row["form_key"];
        if ($row["flow_id"] == "prm01" || $row["flow_id"] == "prm02") {
            $sqlcmd = "select assign_opinion from assign where form_key = SUBSTRING('".$row["form_key"]."',1,10) and assigner = '$user_id'";
            $res_a = mysqli_query($link, $sqlcmd);
            if ($row_a = mysqli_fetch_row($res_a)) {
                $data[$i]["id"] = $row_a[0];
            }
        }
        $data[$i]["title"] = $row["flow_name"];
        $data[$i]["url"] = $row["path"];
        */
        $i++;
    }
    mysqli_free_result($res);

    return $data;
}

try {
    if (empty($_REQUEST)) throw new \Exception("post empty", 801);
    if (empty($_REQUEST["p"])) throw new \Exception("post p empty", 801);

    require_once "../database.php";

    switch ($_REQUEST["p"]) {
        case "forms":
            $json["content"] = get_forms();
            break;
        case "board":
            $json["content"] = get_board();
            break;
        case "notice":
            $json["content"] = get_notice($_REQUEST["token"]);
            break;
        case "pending":
            $json["content"] = get_pending($_REQUEST["token"]);
            break;
        default:
            echo "error";
    }
} catch (\Exception $ex) {
    $json["st"] = "err";
    $json["err"] = $ex->getMessage();
    $json["errCode"] = (!empty($ex->getCode())) ? $ex->getCode() : 701;
}

echo json_encode($json, JSON_UNESCAPED_UNICODE);