(* COCANWIKI - a wiki written in Objective CAML.
 * Written by Richard W.M. Jones <rich@merjis.com>.
 * Copyright (C) 2004 Merjis Ltd.
 * $Id: invite_user_confirm.ml,v 1.3 2005/03/31 14:24:04 rich Exp $
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 *)

open Apache
open Registry
open Cgi
open Printf

open Cocanwiki
open Cocanwiki_ok
open Cocanwiki_strings
open Cocanwiki_template

let run r (q : cgi) (dbh : Dbi.connection) hostid { hostname = hostname } _ =
  let template = _get_template "invite_user_confirm.txt" in

  let username = q#param "username" in
  let invite = q#param "invite" in

  (* Verify the username, invite combination. *)
  let sth = dbh#prepare_cached "select email, id from users
                                 where hostid = ? and
                                       name = ? and invite = ?" in
  sth#execute [`Int hostid; `String username; `String invite];

  let email, userid =
    try
      match sth#fetch1 () with
	  [ `String email; `Int userid ] -> Some email, userid
	| [ `Null; `Int userid ] -> None, userid
	| _ -> assert false
    with Not_found ->
      error ~title:"Already signed up"
        q "It looks like you have already used your invitation.";
      return () in

  let password1 = q#param "password1" in
  let password2 = q#param "password2" in

  if password1 = "" || password2 = "" then (
    error ~back_button:true ~title:"Bad password"
      q "The password you gave is empty.";
    return ()
  );

  if password1 <> password2 then (
    error ~back_button:true ~title:"Passwords don't match"
      q "The two passwords you gave aren't identical.";
    return ()
  );

  let password = password1 in

  (* Change the password. *)
  let sth =
    dbh#prepare_cached
      "update users set password = ?, invite = null,
                        force_password_change = false
        where hostid = ? and id = ?" in
  sth#execute [`String password; `Int hostid; `Int userid];

  (* Send email to this user. *)
  (match email with
       None -> ()
     | Some email ->
	 template#set "username" username;
	 template#set "hostname" hostname;

	 let body = template#to_string in

	 let subject = "Your new account details" in
	 Sendmail.send_mail ~to_addr:[email] ~subject body);

  dbh#commit ();

  (* Redirect to the login page. *)
  let redirect =
    "http://" ^ hostname ^ "/_bin/login.cmo?" ^
    "username=" ^ Cgi_escape.escape_url username ^ "&" ^
    "password=" ^ Cgi_escape.escape_url password ^ "&" ^
    "permanent=1" in
  q#redirect redirect

let () =
  register_script run