(* COCANWIKI - a wiki written in Objective CAML.
 * Written by Richard W.M. Jones <rich@merjis.com>.
 * Copyright (C) 2004 Merjis Ltd.
 * $Id: invite_user_confirm.ml,v 1.7 2006/03/28 16:24:07 rich Exp $
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 *)

open Apache
open Registry
open Cgi
open Printf

open Cocanwiki
open Cocanwiki_ok
open Cocanwiki_strings
open Cocanwiki_template

let run r (q : cgi) dbh hostid { hostname = hostname } _ =
  let template = _get_template "invite_user_confirm.txt" in

  let username = q#param "username" in
  let invite = q#param "invite" in

  (* Verify the username, invite combination. *)
  let rows = PGSQL(dbh) "select email, id from users
                          where hostid = $hostid and
                                name = $username and invite = $invite" in

  let email, userid =
    match rows with
    | [ Some email, userid ] -> Some email, userid
    | [ None, userid ] -> None, userid
    | [] ->
	error ~title:"Already signed up"
          dbh hostid q "It looks like you have already used your invitation.";
	return ()
    | _ -> assert false in

  let password1 = q#param "password1" in
  let password2 = q#param "password2" in

  if password1 = "" || password2 = "" then (
    error ~back_button:true ~title:"Bad password"
      dbh hostid q "The password you gave is empty.";
    return ()
  );

  if password1 <> password2 then (
    error ~back_button:true ~title:"Passwords don't match"
      dbh hostid q "The two passwords you gave aren't identical.";
    return ()
  );

  let password = password1 in

  (* Change the password. *)
  PGSQL(dbh)
    "update users set password = $password, invite = null,
                      force_password_change = false
      where hostid = $hostid and id = $userid";

  (* Send email to this user. *)
  (match email with
       None -> ()
     | Some email ->
	 template#set "username" username;
	 template#set "hostname" hostname;

	 let body = template#to_string in

	 let subject = "Your new account details" in
	 Sendmail.send_mail ~to_addr:[email] ~subject body);

  PGOCaml.commit dbh;

  (* Redirect to the login page. *)
  let redirect =
    "http://" ^ hostname ^ "/_bin/login.cmo?" ^
    "username=" ^ Cgi_escape.escape_url username ^ "&" ^
    "password=" ^ Cgi_escape.escape_url password ^ "&" ^
    "permanent=1" in
  q#redirect redirect

let () =
  register_script run