<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2010 David Grant <dave@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?

function account_valid_user($user)
{
	/* Find any character that doesn't match the valid username characters
	 * (^ inverts the matching remember */
	$x = preg_match('[^a-zA-Z0-9@.-_]',$user);

	/* If x==1, a match was found, and the input is bad */
	return ($x == 1) ? false : true;
}

function account_valid_password($pass)
{
	/* Same as user, but allow more characters */
	$x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+|;:,<.>/?]',$pass);

	/* If x==1, a match was found, and the input is bad */
	if($x == 1) return false;

	if(strlen($pass) < 6) return false;

	return true;
}

/* A more strict version of isEmailAddress() */
function account_valid_email($str)
{
	$x = preg_match('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
	return ($x == 1) ? true : false;
}

/* Duplicate of common.inc.php:generatePassword, which will be deleted 
 * eventually when ALL users are handled through this file */
function account_generate_password($pwlen=8)
{
        //these are good characters that are not easily confused with other characters :)
        $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
        $len=strlen($available) - 1;

        $key="";
        for($x=0;$x<$pwlen;$x++)
                $key.=$available{rand(0,$len)};
        return $key;
}

function account_set_password($accounts_id, $password = NULL)
{
	$save_old = false;
	if($password == NULL) {
		$q = mysql_query("SELECT passwordset FROM accounts WHERE id='$accounts_id'");
		$a = mysql_fetch_assoc($q);
		/* Generate a new password */
		$password = account_generate_password(12);
		/* save the old password only if it's not an auto-generated one */
		if($a['passwordset'] != '0000-00-00') $save_old = true;
		/* Expire the password */
		$save_set = "'0000-00-00'";
	} else {
		/* Set the password, no expiry, save the old */
		$save_old = true;
		$save_set = 'NOW()';
	}

	$p = mysql_escape_string($password);
	$set = ($save_old == true) ? 'oldpassword=password, ' : '';
	$set .= "password='$p', passwordset=$save_set ";

	$query = "UPDATE accounts SET $set WHERE id='$accounts_id'";
	mysql_query($query);
	echo mysql_error();

	return $password;
}

function account_load($id)
{
	$id = intval($id);
	$q = mysql_query("SELECT * FROM accounts WHERE id='$id'");
	if(mysql_num_rows($q) == 0) {
		echo "No such account $id";
		exit;
	}
	if(mysql_num_rows($q) > 1) {
		echo "More than one account returned for $id";
		exit;
	}

	$a = mysql_fetch_assoc($q);
	return $a;
}


function account_create($username)
{
	global $config;

	/* Sanity check username */
	if(!user_valid_user($username)) {
		return -1;
	}

	/* Make sure the user doesn't exist */
	$us = mysql_real_escape_string($username);
	$q = mysql_query("SELECT * FROM accounts WHERE username='$us'");
	if(mysql_num_rows($q)) {
		return -2;
	}

	/* Create the account */
	mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`) 
			VALUES ('$us', NOW(),'no','no')");
	echo mysql_error();

	$accounts_id = mysql_insert_id();

	account_set_password($accounts_id, NULL);

	$a = account_load($accounts_id);
	return $a;
}


/*
	if(user_valid_email($username)) {
		    mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
		}
*/
?>