######################################################################
#
#  EPrints Set Password 
#
######################################################################
#
#  __COPYRIGHT__
#
# Copyright 2000-2008 University of Southampton. All Rights Reserved.
# 
#  __LICENSE__
#
######################################################################

use EPrints;
use strict;

my $session = new EPrints::Session;
exit( 0 ) unless( defined $session );

my( $page, $title ) = make_page( $session );

# $page->appendChild( $session->html_phrase( "general:frontpage_link" ) );

$session->build_page( $title, $page, "reset_password" );
$session->send_page();

$session->terminate();

sub make_page
{
	my( $session ) = @_;

	my $page = $session->make_element( "div", class => "ep_block");
	my $table = $session->make_element( "table" );
	my $tr = $session->make_element( "tr" );
	my $td = $session->make_element( "td" );
	$page->appendChild( $table );
	$table->appendChild( $tr );
	$tr->appendChild( $td );

	my $title = $session->html_phrase( "cgi/set_password:password_changeonlytitle" );

	my $reset_ok =  $session->config("allow_reset_password");
	if( !$reset_ok )
	{
		$td->appendChild( $session->html_phrase( "cgi/set_password:disabled" ) );
		$td->appendChild( $session->html_phrase( "general:frontpage_link" ) );
		return( $page, $title );
	}

	my $user_ds = $session->dataset( "user" );

	my $f_email = $user_ds->get_field( "email" )->clone();
	$f_email->set_property( "confid" , "setpass" );

	my $f_newpass = $user_ds->get_field( "newpassword" )->clone();
	$f_newpass->set_property( "confid" , "setpass" );

	if( ! $session->have_parameters() )
	{
		$td->appendChild( $session->html_phrase( "cgi/set_password:pchange" ) );

		my $fields = [ $f_email, $f_newpass ];

		$td->appendChild( $session->render_input_form(
			fields=>$fields,
			values=>{
				lang => $session->get_langid()
			},
			show_help=>1,
			default_action=>"submit",
			buttons=>{
				submit=>$session->phrase( "cgi/set_password:action_submit" )
			},
			dest=>"reset_password" ) );

		return( $page, $title );
	}

	# Process the form.
	my $email = $f_email->form_value( $session );
	my $lang = $session->get_langid();
	my $newpassword = $f_newpass->form_value( $session );

	my $user = EPrints::DataObj::User::user_with_email( $session, $email );

	if( ! EPrints::Utils::is_set( $email ) )
	{
		$page->appendChild( $session->html_phrase( 
			"cgi/set_password:no_email" ) );
		return( 
			$page, 
			$session->html_phrase( 
				"cgi/set_password:error_title" ) );
	}

	if( !defined $user )
	{
		$page->appendChild( $session->html_phrase( 
			"cgi/set_password:no_such_user",
			email=>$session->make_text( $email ) ) );
		return( 
			$page, 
			$session->html_phrase( 
				"cgi/set_password:error_title" ) );
	}

	if( !$user->allow( "set-password" ) )
	{
		$page->appendChild( $session->html_phrase( 
			"cgi/set_password:no_priv",
			email=>$session->make_text( $email ) ) );
		return( 
			$page, 
			$session->html_phrase( 
				"cgi/set_password:error_title" ) );
	}

	if( !defined $newpassword || $newpassword eq "" )
	{
		$page->appendChild( $session->html_phrase( 
			"cgi/set_password:no_password" ) );
		return( 
			$page, 
			$session->html_phrase( 
				"cgi/set_password:error_title" ) );
	}

	$user->set_value( "newpassword", $newpassword );
	my $pin = sprintf( "%04X%04X%04X%04X",int rand 0xffff,int rand 0xffff,int rand 0xffff,int rand 0xffff );
	$user->set_value( "newemail", undef );
	$user->set_value( "pin", $pin );
	$user->set_value( "pinsettime", time() );
	$user->commit();
	
	my $maxdelta = EPrints::Time::human_delay(
		$session->config( "pin_timeout" ) );
	
	my $rc = $user->mail( 
		"cgi/set_password:account",
		$session->html_phrase( 
			"mail_password_pin", 
			confirmurl => $session->render_link( $session->config( "perl_url" )."/confirm?userid=".$user->get_value( "userid" )."&pin=".$pin ),
			username => $user->render_value( "username" ),
			maxdelta => $session->make_text( $maxdelta ) ) );

	# did email send OK?
	if( !$rc )
	{
		$page->appendChild( $session->html_phrase( 
			"general:email_failed" ) );
		return( 
			$page, 
			$session->html_phrase( 
				"cgi/set_password:error_title" ) );
	}


	$page->appendChild( $session->html_phrase( 
		"cgi/set_password:mail_sent",
		email=>$session->make_text( $email ),
		maxdelta => $session->make_text( $maxdelta ) ) );
	return( $page, $title );
}

