#!/usr/bin/perl -wT

#----------------------------------------------------------------------
# e-smith manager functions: userpassword
# copyright (C) 1999, 2000, 2001 e-smith, inc.
# 		
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# 		
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 		
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
# 
# Technical support for this program is available from e-smith, inc.
# Please visit our web site www.e-smith.com for details.
#----------------------------------------------------------------------

use strict;
use esmith::FormMagick;
use esmith::util;
use esmith::ConfigDB;

our $configdb = esmith::ConfigDB->open();
my $fm = new esmith::FormMagick;
$fm->display();

sub change_password {
    my ($fm) = @_;

    my $q = $fm->{cgi};

    $q->param( -name => 'wherenext', -value => 'Done' );

    my $oldPass = $q->param('oldPass');
    my $pass = $q->param('pass');
    my $acctName = $q->param('account');
    
    unless (($oldPass) = ($oldPass =~ /^(\S+)$/ ))
    {
	$q->param(-name => 'status_message', -value => 'TAINTED_OLDPASS');
	return;
    }

    unless (($pass) = ($pass =~ /^([ -~]+)$/ ))
    {
	$q->param(-name => 'status_message', -value => 'TAINTED_PASS');
	return;
    }

    unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ ))
    {
	$q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT');
	return;
    }

    use esmith::AccountsDB;
    my $accountdb = esmith::AccountsDB->open();

    my $acct;
    unless ($acct = $accountdb->get($acctName))
    {
        $q->param(-name => 'status_message', -value => 'YOUR_ACCOUNT_INVALID');    
	return;
    }

    unless ($acct->prop('type') eq 'user')
    {
	$q->param(-name=>'status_message', -value=>"YOUR_ACCOUNT_INVALID");
	return;
    }

    unless (esmith::util::setUserPasswordRequirePrevious(
		$acctName, 
		$oldPass, 
		$pass))
    {
	$q->param(-name => 'status_message', 
		    -value => 'ERROR_PASSWORD_CHANGE');
	return;
    }
    $acct->set_prop("PasswordSet", "yes");
    undef $accountdb;

    system("/sbin/e-smith/signal-event", "password-modify", $acctName) == 0
	or die ("Error occurred while modifying password for $acctName.\n");
    $accountdb = esmith::AccountsDB->open();

    $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS');    
    return;
}

sub password_compare {
	my $fm = shift;
	my $pass2 = shift;

	my $pass1 = $fm->{cgi}->param('pass');
    	unless ($pass1 eq $pass2) {
    		$fm->{cgi}->param( -name => 'wherenext', -value => 'Password' );
       	 	return "PASSWORD_VERIFY_ERROR";
    	}
        return "OK";
}

=pod

=head2 check_password
 
Validates the password using the desired strength
 
=cut
 
sub check_password {
        my $fm = shift;
        my $pass1 = shift;
 
        my $check_type;
        my $rec = $configdb->get('passwordstrength');
        $check_type = ($rec ? ($rec->prop('Users') || 'none') : 'none');
 
        return $fm->validate_password($check_type,$pass1);
}

__DATA__
<form title="ACCOUNT_PASSWORD_CHANGE" header="/etc/e-smith/web/common/userpassword_head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
    <page name="Password"  post-event="change_password" pre-event="turn_off_buttons()" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
        <description>DESCRIPTION</description>

        <field type="text" id="account" validation="nonblank" value="">
            <label>YOUR_ACCOUNT</label>
        </field>
        <field type="password" id="oldPass" validation="nonblank" value="">
            <label>PASSWORD_OLD</label>
        </field>
        <field type="password" id="pass" validation="nonblank, check_password" value="">
            <label>PASSWORD_NEW</label>
        </field>
        <field type="password" id="passVerify" validation="password_compare" value="">
            <label>PASSWORD_VERIFY_NEW</label>
        </field>
        <subroutine src="print_button('PASSWORD_CHANGE')" />
    </page>
    <page name="Done" pre-event="print_status_message()">
    </page>
</form>