#!/usr/local/bin/webwork-perl

## $Id$

## change-passwd.pl
## password update script for the WeBWorK project

require 5.001;
use strict;
use lib '.'; use webworkInit; # WeBWorKInitLine

use Global;
use Auth;
use GDBM_File;
use CGI qw(:standard);

my $scriptDirectory   = $Global::scriptDirectory;
require "${scriptDirectory}$Global::HTMLglue_pl"; 

my $User    = param('user')    || &error_form('No user', 'No user name specified.'); 
my $Key     = param('key')     || &error_form('No key', 'No session key specified.'); 
my $Course  = param('course')  || &error_form('No course', 'No course specified.');
my $Course_display = $Course;
$Course_display =~ s/_/ /g;

my $Passwd  = param('passwd');
my $Oldpasswd = param('oldpasswd');
my $Check   = param('check');

# remove any leading/trailing spaces in input
#$Passwd    =~ s|^\s*(.*?)\s*$|$1|;
#$Oldpasswd =~ s|^\s*(.*?)\s*$|$1|;
#$Check     =~ s|^\s*(.*?)\s*$|$1|;

&Global::getCourseEnvironment($Course);

my $Passwd_file = &getCoursePasswordFile($Course);
&Global::error("", "Can't read $Passwd_file") unless (-r $Passwd_file);

my $Key_file    = &getCourseKeyFile($Course);
&Global::error("", "Can't read $Key_file") unless (-r $Key_file);


## make sure user's already been authenticated
&verify_key($User, $Key, $Key_file, $Course);

## exit if user is a practice user
## exit if practice user
if ($User =~ /^$Global::practiceUser/) {
    wwerror('Operation not allowed', "practice users are not allowed to change passwords.\nPlease go back and select: Begin Problem Set.");
}


## if all the data's been entered, check it
if ($Oldpasswd && $Passwd && $Check) {

    ## make sure they know their password (and didn't just hit "back" in a browser)
    unless (&verify_password($User, $Oldpasswd, $Passwd_file)) {
	&error_form("Invalid Password", "Old password isn't correct.");
    }

    ## make sure they know what they entered
    if ($Passwd ne $Check) {
	&error_form("Password Mismatch", "Your passwords don't match.");
    }

    ## all's well - set a new password
    &new_password($User, $Passwd, $Passwd_file);
    &success_form;
}

## otherwise print the password change form (again, if necessary)
else {
    &change_pw_form;
    exit;
}


sub change_pw_form {
    my $course = shift;

    print &htmlTOP('Change Password Page', $Global::background_plain_url),
	  hr,
	  h1('Change Password Page'),
	  start_form('POST', url),
	  "Please choose a new password for your ", b($Course_display),
	  " account, ", b($User), ".",
	  p,
	  i("For your own safety, ", b("DO NOT"), " pick the same password
	  used for other (e.g. e-mail) accounts!"),
	   
	  p,
	  password_field('oldpasswd', '', 18), " Old password", br,
	  password_field('passwd', '', 18), " New password", br,
	  password_field('check', '', 18), " New password (again)", br,
	  p,
	  submit('Set your new password'),
	  hidden('user'),
  	  hidden('key'),
  	  hidden('course'),
	  end_form, end_html;
}


sub success_form {
    print &htmlTOP('Password Changed', $Global::background_okay_url),
	  hr,
	  h1('Password Changed'),
	  "Your new password for ", b($Course_display), " is in effect.",
	  p,
	  start_form('POST', "${Global::cgiWebworkURL}login.pl"),
	  p,"\n",
	  hidden('course'), "\n", hidden('user'), "\n", hidden('key'),
	  submit('Continue'),
	  end_form, end_html;
}

sub error_form {
    my ($title, $msg) = @_;
    
    print &htmlTOP($title, $Global::background_warn_url),
	  hr,
	  h1($title),
	  $msg,
	  p,
	  "Hit the <B>Back</B> button and try again.",
	  end_form, end_html;
	  exit;
}