(* Easy Web Pages (EWP) scripts.
 * Written by Richard W.M. Jones <rich@merjis.com>.
 * Copyright (C) 2004 Merjis Ltd.
 * $Id: login.ml,v 1.1 2004/09/07 16:19:43 rich Exp $
 *)

open Apache
open Registry
open Cgi
open Printf

open Cocanwiki
open Cocanwiki_ok

let expires = "Wed, 18-May-2033 04:33:20 GMT"

let run r (q : cgi) (dbh : Dbi.connection) (hostid, _, _) _ =
  let username = q#param "username" in
  let password = q#param "password" in
  let permanent = try "1" = q#param "permanent" with Not_found -> false in
  let redirect = try q#param "redirect" with Not_found -> "/" in

  let sth = dbh#prepare_cached "select id from users
                                 where name = ? and password = ?
                                   and hostid = ?" in
  sth#execute [`String username; `String password; `Int hostid];

  try
    let userid = sth#fetch1int () in

    (* Create a cookie. *)
    let cookie = random_sessionid () in
    let sth = dbh#prepare_cached "insert into usercookies (userid, cookie)
                                  values (?, ?)" in
    sth#execute [`Int userid; `String cookie];

    dbh#commit ();

    let cookie =
      if permanent then
	Cookie.cookie ~name:"auth" ~value:cookie ~path:"/" ~expires ()
      else
	Cookie.cookie ~name:"auth" ~value:cookie ~path:"/" () in

    ok ~title:"Logged in" ~buttons:[ok_button redirect] ~cookie
      q ("Welcome back " ^ username ^ ".")
  with
      Not_found ->
	error
	  ~title:"Bad name or password"
	  ~back_button:true
	  q "The name or password was wrong."

let () =
  register_script run