use EPrints;

use strict;

my $session = EPrints::Session->new();

# security?
# my thoughts exactly...

my $content = "text/html";
my $family = $session->param( "_name_family" );
my $given = $session->param( "_name_given" );
my $id = $session->param( "userid" );
my $fieldname = $session->param( "fieldname" );
my $basename = $session->param( "basename" );
my $validate = $session->param( "validate" );

my $database = $session->get_database;
my $dataset = $session->get_repository->get_dataset( "user" );
my $name_field = $dataset->get_field( "name" );
my $id_field = $dataset->get_field( "userid" );
my $username_field = $dataset->get_field( "username" );

my @fields = ($username_field->get_sql_names, $name_field->get_sql_names, $id_field->get_sql_names, );

my $Q_table = $database->quote_identifier($dataset->get_sql_table_name);
my $Q_userid = $database->quote_identifier( "userid" );
my $Q_num_matches = $database->quote_identifier( "num_matches" );

my $sql = "SELECT " .
	join(",", map { $database->quote_identifier($_) } @fields) .
	" FROM $Q_table" .
	" WHERE " .
	" $Q_table.$Q_userid LIKE ". $database->quote_value(EPrints::Database::prep_like_value($id).'%') .
	" OR ".$database->quote_identifier("name_family")." LIKE ".$database->quote_value(EPrints::Database::prep_like_value($id).'%') .
	" OR ".$database->quote_identifier("name_given")." LIKE ".$database->quote_value(EPrints::Database::prep_like_value($id).'%') .
	" OR ".$database->quote_identifier("username")." LIKE ".$database->quote_value(EPrints::Database::prep_like_value($id).'%');
$sql .= " GROUP BY ".join(",",map { $database->quote_identifier($_) } @fields) .
	" ORDER BY " .
	$database->quote_identifier("name_family").",".
	$database->quote_identifier("name_given") .
	" LIMIT 40";

my @rows;

my $sth = $session->get_database->prepare( $sql );
$session->get_database->execute( $sth , $sql );
while( my( $username, $h,$g,$f,$l,$id ) = $sth->fetchrow_array )
{
	my $row = {};
	push @rows, $row;

	my $frag = $session->make_doc_fragment;

	my $desc = "$h $g $f $l"; 
	$desc .= " ($id)" if defined $id;
	$desc .= " ";
        my $onclick = "window.opener.document.getElementById('$fieldname').value = $id;";
        # if we need to validate, try to do that then; for some reason just submitting the form doesn't work?!?
        if( length($validate) > 0 && $validate eq 'true' ) {
                $onclick .= "window.opener.document.getElementsByName('_internal_". $basename ."_null')[0].click();";
                #$onclick .= "alert(window.opener.EPJS_button_pushed( '_internal_". $basename ."_null' )); if(window.opener.EPJS_button_pushed( '_internal_". $basename ."_null' )) { window.opener.document.getElementById('$fieldname').form.submit(); }";
        }
        $onclick .= "window.close();";
        $a = $session->make_element('a', onclick=>$onclick, href=>"#");
	$a->appendChild( $session->make_text( $desc ) );
	my $small = $session->make_element( "small" );
	$a->appendChild( $small );
	$frag->appendChild( $a );
	
	$small->appendChild( $session->make_text( "($username)" ) );

	$row->{xhtml} = $frag;
	$row->{values} = [];
}

my $ul = EPrints::Extras::render_lookup_list( $session, \@rows );

$session->send_http_header( content_type => "text/html; charset=UTF-8" );


my $url = $session->get_url(
		scheme => "http",
		host => 1,
		path => "cgi",
	);

# <?xml version="1.0" encoding="UTF-8" ?>
print <<END;
<html>
<!-- $sql -->
  <head>
    <title>User picker</title>
  </head>

  <body>
    <form method="get" action="$url/users/popup/user">
    <input type="hidden" name="fieldname" value="$fieldname" />
    <input type="hidden" name="validate" value="$validate" />
    <input type="hidden" name="basename" value="$basename" />
    <input type="text" name="userid" value="$id" /><input type="submit" value="Find" />
    </form>
END

print EPrints::XML::to_string( $ul, "utf-8", 1 );

print <<END;
    
  </body>
</html>
END

EPrints::XML::dispose( $ul );

$session->terminate;