<?php

namespace LAM\INIT;

use htmlButton;
use htmlOutputText;
use htmlResponsiveInputField;
use htmlResponsiveRow;
use htmlStatusMessage;

/*

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2020  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/**
* Password change dialog for expired passwords.
*
* @author Roland Gruber
* @package main
*/

/** security functions */
include_once(__DIR__ . "/../lib/security.inc");
/** access to configuration settings */
include_once(__DIR__ . "/../lib/config.inc");
/** LDAP access */
include_once(__DIR__ . "/../lib/ldap.inc");
/** status messages */
include_once(__DIR__ . "/../lib/status.inc");

// start session
startSecureSession();
enforceUserIsLoggedIn();

if (!checkIfWriteAccessIsAllowed()) {
	die();
}

setlanguage();

if (!empty($_POST)) {
	validateSecurityToken();
}

$message = null;

// check if user already pressed button
if (isset($_POST['changePassword'])) {
	// check new password
	$password1 = $_POST['password1'];
	$password2 = $_POST['password2'];
	if ($password1 == '') {
		$message = new htmlStatusMessage('ERROR', _('No password was entered!'));
		printContent($message);
		exit();
	}
	// check if passwords match
	if ($password1 != $password2) {
		$message = new htmlStatusMessage('ERROR', _('Passwords are different!'));
		printContent($message);
		exit();
	}
	// check passsword strength
	$userDn = $_SESSION['ldap']->getUserName();
	$additionalAttrs = array();
	$rdnAttr = extractRDNAttribute($userDn);
	$userName = null;
	if ($rdnAttr === 'uid') {
		$userName = extractRDNValue($userDn);
	}
	$pwdPolicyResult = checkPasswordStrength($password1, $userName, $additionalAttrs);
	if ($pwdPolicyResult !== true) {
		$message = new htmlStatusMessage('ERROR', $pwdPolicyResult);
		printContent($message);
		exit();
	}
	// set new password
	$modifyResult = @ldap_exop_passwd($_SESSION['ldap']->server(), $userDn, $_SESSION['ldap']->getPassword(), $password1);
	if ($modifyResult === true) {
		$_SESSION['ldap']->encrypt_login($userDn, $password1);
		$message = new htmlStatusMessage('INFO', _('Password changed.'));
		printContent($message, false);
		exit();
	}
	else {
		$message = new htmlStatusMessage('ERROR', _('Unable to set password'), getExtendedLDAPErrorMessage($_SESSION['ldap']->server()));
		printContent($message);
		exit();
	}
}

printContent($message);

/**
 * Displays the content area
 *
 * @param htmlStatusMessage $message status message
 * @param bool $showPasswordInputs show password input fields
 */
function printContent($message = null, $showPasswordInputs = true) {
	include __DIR__ . '/../lib/adminHeader.inc';
	echo '<div class="user-bright smallPaddingContent">';
	echo "<form action=\"changePassword.php\" method=\"post\">\n";
	$container = new htmlResponsiveRow();
	if ($message !== null) {
		$container->addVerticalSpacer('1rem');
		$container->add($message, 12);
	}
	$container->addVerticalSpacer('2rem');
	if ($showPasswordInputs) {
		$container->add(new htmlOutputText(_("It seems your password expired. You can set a new one here.")), 12, 12, 12, 'text-center');
		$container->addVerticalSpacer('2rem');
		$pwdInput1 = new htmlResponsiveInputField(_('New password'), 'password1', '');
		$pwdInput1->setIsPassword(true, true, true);
		$container->add($pwdInput1, 12);
		$pwdInput2 = new htmlResponsiveInputField(_('Repeat password'), 'password2', '');
		$pwdInput2->setIsPassword(true);
		$pwdInput2->setSameValueFieldID('password1');
		$container->add($pwdInput2, 12);
		$container->addVerticalSpacer('1rem');
		$container->add(new htmlButton('changePassword', _("Submit")), 12, 12, 12, 'text-center');
		addSecurityTokenToMetaHTML($container);
	}

	$tabindex = 1;
	parseHtml(null, $container, array(), false, $tabindex, 'user');

	echo "</form><br>\n";
	echo "</div>\n";
	include __DIR__ . '/../lib/adminFooter.inc';
}