(* COCANWIKI - a wiki written in Objective CAML.
 * Written by Richard W.M. Jones <rich@merjis.com>.
 * Copyright (C) 2004 Merjis Ltd.
 * $Id: signup.ml,v 1.11 2006/03/28 16:24:08 rich Exp $
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 *)

open Apache
open Registry
open Cgi
open Printf

open Cocanwiki
open Cocanwiki_ok
open Cocanwiki_strings

let run r (q : cgi) dbh hostid _ _ =
  (* Verify that we're allowed to create accounts anonymously
   * on this host.
   *)
  let create_account_anon = List.hd (
    PGSQL(dbh) "select create_account_anon from hosts
                 where id = $hostid"
  ) in

  if not create_account_anon then (
    error ~title:"Not allowed to create accounts"
      dbh hostid q ("To get an account on this service, please contact the " ^
		    "administrator.");
    return ()
  );

  let username = trim (q#param "username") in
  let password1 = trim (q#param "password1") in
  let password2 = trim (q#param "password2") in

  if username = "" || password1 = "" || password2 = "" then (
    error ~back_button:true ~title:"Bad username or password"
      dbh hostid q "The username or password you gave is empty.";
    return ()
  );

  if password1 <> password2 then (
    error ~back_button:true ~title:"Passwords don't match"
      dbh hostid q "The two passwords you gave aren't identical.";
    return ()
  );

  let password = password1 in

  if UTF8.length username > 32 || UTF8.length password > 128 then (
    error ~back_button:true ~title:"Username or password too long"
      dbh hostid q "Usernames should be less than 32 characters long.  For passwords we let you have a generous 128 characters.";
    return ()
  );

  let email = trim (q#param "email") in
  let email = if string_is_whitespace email then None else Some email in

  (* Not a duplicate? *)
  let rows = PGSQL(dbh)
    "select id from users where hostid = $hostid and name = $username" in

  (match rows with
   | [_] ->
       error ~back_button:true ~title:"Username already taken"
	 dbh hostid q
	 ("Someone, possibly you, has already taken that username. " ^
	    "If you think you have forgotten your password, try going back " ^
	    "and clicking on the 'Forgotten your password?' link.");
       return ()
   | [] -> ()
   | _ -> assert false
  );

  (* Create the user account. *)
  PGSQL(dbh) "insert into users (name, password, email, hostid)
              values ($username, $password, $?email, $hostid)";

  let userid = PGOCaml.serial4 dbh "users_id_seq" in

  (* Create a cookie. *)
  let cookie = random_sessionid () in
  PGSQL(dbh) "insert into usercookies (userid, cookie)
              values ($userid, $cookie)";

  PGOCaml.commit dbh;

  let buttons = [ ok_button "/" ] in
  let cookie = Cookie.cookie "auth" cookie ~path:"/" in

  ok ~title:"Account created"
    ~buttons
    ~cookie
    dbh hostid q
    ("An account was created for you, " ^ username ^ ". " ^
     "We hope you enjoy using this service.")

let () =
  register_script run