#!/usr/bin/perl -w
use strict;
use Apache::Request;
use Okcomputer::User;
use HTML::Template;
use Digest::MD5 qw(md5_hex);
use Okcomputer::DB;

my $r = Apache::Request->new(Apache->request);
my $user = Okcomputer::User->new($r->connection->user);
my $uid = $user->uid;
my $email = $user->email;
my $form_template = 'change-password.html';
my $fail_template = 'change-password-failed.html';
my $after_template = 'change-password-changed.html';
my $form_title = "change password for $email";
my $fail_title = "failed to change password for $email";
my $after_title = "password changed for $email";

unless ($r->param('submit')) {
    # output form
    my $template = HTML::Template->new(filename => $form_template);
    $r->content_type('text/html');
    $r->send_http_header;
    $template->param(title => $form_title,
		     name => $user->name);
    print $template->output;
}
else {
    # submitted
    my ($oldpasswd, $newpasswd, $newpasswd2) =
	map {$r->param($_)} qw(oldpasswd newpasswd newpasswd2);
    my %bad;
    if (!($oldpasswd and $newpasswd and $newpasswd2)) {
	$bad{bad_empty_fields} = 1;
    }
    elsif ($newpasswd ne $newpasswd2) {
	$bad{bad_confirm_match} = 1;
    }
    # FIXME check if the new password sucks
    else {
	# get the passwd from the db
	my $dbh = Okcomputer::DB->new();
	my $sql = "select password from users where uid = $uid";
	my $sth = $dbh->prepare($sql);
	$sth->execute();
	my ($dbpasswd) = $sth->fetchrow_array();
	$oldpasswd = md5_hex($oldpasswd);
	if ($oldpasswd ne $dbpasswd) {
	    $bad{bad_old_passwd} = 1;
	}
	else {
	    # change the passwd, finally
	    my $newdbpasswd = $dbh->quote(md5_hex($newpasswd));
	    $sql = "update users set password = $newdbpasswd where uid = $uid";
	    $dbh->do($sql); # FIXME check if it worked
	}
    }
    if (%bad) {
	# give them the bad news
	my $template = HTML::Template->new(filename => $fail_template);
	$r->content_type('text/html');
	$r->send_http_header;
	$template->param(title => $fail_title,
			 name  => $user->name,
			 %bad);
	print $template->output;
    }
    else {
	# tell them the password has changed
	# FIXME? they'll have to log in again
	my $template = HTML::Template->new(filename => $after_template);
	$r->content_type('text/html');
	$r->send_http_header;
	$template->param(title => $after_title,
			 name  => $user->name);
	print $template->output;
    }
}