/*
 * This file is a part of Winix
 * and is not publicly distributed
 * 
 * Copyright (c) 2008-2011, Tomasz Sowa
 * All rights reserved.
 * 
 */
 
#include "login.h"
#include "utf8.h"



namespace Fun
{

Login::Login()
{
	fun.url = L"login";
}


void Login::ClearTmpStruct()
{
	system->crypt.ClearString(pass_decrypted);
	system->crypt.ClearString(pass_hashed);
	system->crypt.ClearString(up.pass);
	system->crypt.ClearString(up.pass_encrypted);
	system->crypt.ClearString(up2.pass);
	system->crypt.ClearString(up2.pass_encrypted);
}



bool Login::CheckPasswords(const std::wstring & password)
{
	if( !up.pass_encrypted.empty() )
	{
		if( system->crypt.RSA(false, config->pass_rsa_private_key, up.pass_encrypted, pass_decrypted) )
		{
			Ezc::UTF8ToWide(pass_decrypted, up.pass);
		}
		else
		{
			log << log1 << "Login: I cannot decrypt a stored password, login failure" << logend;
			return false;
		}
	}

	pass_hashed   = password;
	up2.pass_type = up.pass_type;
	up2.pass      = password;

	if( up.pass_hash_salted )
		salt = config->pass_hash_salt;
	else
		salt.clear();

	if( !system->crypt.PassHash(salt, up2) )
	{
		log << log1 << "Login: I cannot hash a password, login failure" << logend;
		return false;
	}

return up.pass == up2.pass;
}



/*
	this method is checking whether there is a person with that login and password
	in the database

	return true if it has found one and sets it user_id
*/
bool Login::CheckUserPass(const std::wstring & login, const std::wstring & password, long & user_id)
{
bool result;

	if( db->GetUserPass(login, user_id, up) )
	{
		result = CheckPasswords(password);
	}
	else
	{
		log << log1 << "Login: there is no a user: " << login << " in the database (or an error)" << logend;
		result = false;
	}

	ClearTmpStruct();

return result;
}



void Login::MakePost()
{
	if( cur->session->id == 0 )
	{
		log << log1 << "Login: can't login in a temporary session (skipped)" << logend;
		return;
	}

	const std::wstring & login = cur->request->PostVar(L"login");
	const std::wstring & pass  = cur->request->PostVar(L"password");
	const std::wstring & remem = cur->request->PostVar(L"rememberme");
	long user_id;

	if( CheckUserPass(login, pass, user_id) )
	{
		system->users.LoginUser(user_id, !remem.empty());
	}
	else
	{
		// !! moze zglosic komunikat o nie poprawnym logowaniu
	}

	system->RedirectToLastItem();
}






} // namespace