<?php
/*=====================================================================*\
|| ###################################################################
|| # Bugdar
|| # Copyright 2002-2007 Blue Static
|| #
|| # This program is free software; you can redistribute it and/or modify
|| # it under the terms of the GNU General Public License as published by
|| # the Free Software Foundation; version 2 of the License.
|| #
|| # This program is distributed in the hope that it will be useful, but
|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|| # more details.
|| #
|| # You should have received a copy of the GNU General Public License along
|| # with this program; if not, write to the Free Software Foundation, Inc.,
|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|| ###################################################################
\*=====================================================================*/

$fetchtemplates = array(
	'login',
	'lostpassword',
	'passwordreset'
);

define('SVN', '$Id$');

$focus['user'] = 'focus';

require_once('./global.php');
require_once('./includes/api_user.php');
require_once('./includes/class_api_error.php');

APIError(array(new API_Error_Handler($message), 'user_cumulative'));

// ###################################################################

if ($bugsys->userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
{
	$message->error(_('You are already logged in.'));
}

// ###################################################################

if (empty($_REQUEST['do']))
{
	eval('$template->flush("' . $template->fetch('login') . '");');
}

// ###################################################################

if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
{
	$keeplogin = $bugsys->input_clean('rememberme', TYPE_BOOL);
	if ($_POST['cplogin'])
	{
		$keeplogin = 0;
	}
	
	if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
	{
		$url = $_SERVER['HTTP_REFERER'];
	}
	else
	{
		$url = 'index.php';
	}
	
	if ($auth->authenticateLogin($bugsys->in['email'], $bugsys->in['password'], $keeplogin))
	{
		if ($_POST['do'] == 'cplogin')
		{
			$hash = $funct->rand(90);
			$db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
			$db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
			$funct->cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
		}
		$message->redirect(_('Welcome back! You are now logged in.'), $url);
	}
	else
	{
		$message->error(_('Invalid email or password.'));
	}
}

// ###################################################################

if ($_REQUEST['do'] == 'logout')
{
	if ($bugsys->userinfo['userid'])
	{
		$db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
		$auth->clearCookies();
		$funct->cookie(COOKIE_PREFIX . 'adminsession');
		$message->redirect(_('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
	}
	else
	{
		$message->error(_('You need to be logged in to access this feature.'));
	}
}

// ###################################################################

if ($_POST['do'] == 'sendpw')
{	
	$user = new UserAPI($bugsys);
	$user->set('email', $bugsys->in['email'], true, false); // don't verify so we don't get errors about existing emails
	$user->set_condition(array('email'));
	$user->fetch();
	
	if ($message->hasErrors())
	{
		$show['lostpwerror'] = true;
		$_REQUEST['do'] = 'lostpw';
	}
	else
	{
		$activator = $funct->rand(25);
		$db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->objdata['userid'] . ")");
		
		eval('$email = "' . $template->fetch(FetchEmailPath('passwordreset.xml', $bugsys->datastore['language'][$user->objdata['languageid']]['langcode'])) . '";');
		$email = $bugsys->xml->parse($email);
		
		$mail->setSubject($email['email']['subject']['value']);
		$mail->setBodyText($email['email']['bodyText']['value']);
		
		$mail->send($user->objdata['email'], $user->objdata['displayname']);
		
		$message->message(sprintf(_('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata['email']));
	}
}

// ###################################################################

if ($_REQUEST['do'] == 'lostpw')
{
	eval('$template->flush("' . $template->fetch('lostpassword') . '");');
}

// ###################################################################

if ($_POST['do'] == 'resetpw')
{
	// remove old activators
	$db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
	
	// now look for ours
	$activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
	if (!$activation)
	{
		$message->error(L_INVALID_ID);
	}
	
	$user = new UserAPI($bugsys);
	$user->set('userid', $activation['userid']);
	$user->set_condition();
	
	if ($bugsys->in['fix_password'] != $bugsys->in['confirm_password'])
	{
		$message->addError(_('The passwords you entered do not patch.'));
	}
	if (empty($bugsys->in['fix_password']))
	{
		$message->addError(_('Your new password cannot be empty.'));
	}
	
	$user->set('password', $bugsys->in['fix_password']);
	
	if (!$message->hasErrors())
	{
		// remove old other activators for this user
		$db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
		
		$user->update();
		$message->redirect(_('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
	}
	else
	{
		$show['errors'] = true;
		$_REQUEST['do'] = 'recoverpw';
	}
}

// ###################################################################

if ($_REQUEST['do'] == 'recoverpw')
{
	// remove old activators
	$db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
	
	// now look for ours
	$activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
	if (!$activation)
	{
		$message->error(_('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
	}
	
	eval('$template->flush("' . $template->fetch('passwordreset') . '");');
}

// ###################################################################

if ($_REQUEST['do'] == 'cplogout')
{
	if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
	{
		$db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
		$funct->cookie(COOKIE_PREFIX . 'adminsession');
		$message->redirect(_('You have been logged out.'), 'admin/');
	}
	else
	{
		$message->error(_('You are not logged in.'));
	}
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>