package main
import "strings"
import "strconv"
import "net/http"
import "golang.org/x/crypto/bcrypt"
import "database/sql"
import _ "github.com/go-sql-driver/mysql"

type User struct
{
	ID int
	Name string
	Email string
	Group int
	Active bool
	Is_Mod bool
	Is_Super_Mod bool
	Is_Admin bool
	Is_Super_Admin bool
	Is_Banned bool
	Perms Perms
	Session string
	Loggedin bool
	Avatar string
	Message string
	URLPrefix string
	URLName string
	Tag string
}

type Email struct
{
	UserID int
	Email string
	Validated bool
	Primary bool
	Token string
}

func SetPassword(uid int, password string) (error) {
	salt, err := GenerateSafeString(saltLength)
	if err != nil {
		return err
	}
	
	password = password + salt
	hashed_password, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return err
	}
	
	_, err = set_password_stmt.Exec(string(hashed_password), salt, uid)
	if err != nil {
		return err
	}
	return nil
}

func SendValidationEmail(username string, email string, token string) bool {
	var schema string
	if enable_ssl {
		schema = "s"
	}
	
	subject := "Validate Your Email @ " + site_name
	msg := "Dear " + username + ", following your registration on our forums, we ask you to validate your email, so that we can confirm that this email actually belongs to you.\nClick on the following link to do so. http" + schema + "://" + site_url + "/user/edit/token/" + token + "\nIf you haven't created an account here, then please feel free to ignore this email.\nWe're sorry for the inconvenience this may have caused."
	
	return SendEmail(email, subject, msg)
}

func SessionCheck(w http.ResponseWriter, r *http.Request) (user User, noticeList map[int]string, success bool) {
	noticeList = make(map[int]string)
	
	// Are there any session cookies..?
	// Assign it to user.name to avoid having to create a temporary variable for the type conversion
	cookie, err := r.Cookie("uid")
	if err != nil {
		user.Perms = GuestPerms
		return user, noticeList, true
	}
	user.Name = cookie.Value
	user.ID, err = strconv.Atoi(user.Name)
	if err != nil {
		user.Perms = GuestPerms
		return user, noticeList, true
	}
	cookie, err = r.Cookie("session")
	if err != nil {
		user.Perms = GuestPerms
		return user, noticeList, true
	}
	user.Session = cookie.Value
	
	// Is this session valid..?
	err = get_session_stmt.QueryRow(user.ID,user.Session).Scan(&user.ID, &user.Name, &user.Group, &user.Is_Super_Admin, &user.Session, &user.Email, &user.Avatar, &user.Message, &user.URLPrefix, &user.URLName)
	if err == sql.ErrNoRows {
		user.ID = 0
		user.Session = ""
		user.Perms = GuestPerms
		return user, noticeList, true
	} else if err != nil {
		InternalError(err,w,r,user)
		return user, noticeList, false
	}
	
	user.Is_Admin = user.Is_Super_Admin || groups[user.Group].Is_Admin
	user.Is_Super_Mod = groups[user.Group].Is_Mod || user.Is_Admin
	user.Is_Mod = user.Is_Super_Mod
	user.Is_Banned = groups[user.Group].Is_Banned
	user.Loggedin = !user.Is_Banned || user.Is_Super_Mod
	if user.Is_Banned && user.Is_Super_Mod {
		user.Is_Banned = false
	}
	
	if user.Is_Super_Admin {
		user.Perms = AllPerms
	} else {
		user.Perms = groups[user.Group].Perms
	}
	
	if user.Is_Banned {
		noticeList[0] = "Your account has been suspended. Some of your permissions may have been revoked."
	}
	
	if user.Avatar != "" {
		if user.Avatar[0] == '.' {
			user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + user.Avatar
		}
	} else {
		user.Avatar = strings.Replace(noavatar,"{id}",strconv.Itoa(user.ID),1)
	}
	return user, noticeList, true
}

func SimpleSessionCheck(w http.ResponseWriter, r *http.Request) (user User, success bool) {
	// Are there any session cookies..?
	// Assign it to user.name to avoid having to create a temporary variable for the type conversion
	cookie, err := r.Cookie("uid")
	if err != nil {
		user.Perms = GuestPerms
		return user, true
	}
	user.Name = cookie.Value
	user.ID, err = strconv.Atoi(user.Name)
	if err != nil {
		user.Perms = GuestPerms
		return user, true
	}
	cookie, err = r.Cookie("session")
	if err != nil {
		user.Perms = GuestPerms
		return user, true
	}
	user.Session = cookie.Value
	
	// Is this session valid..?
	err = get_session_stmt.QueryRow(user.ID,user.Session).Scan(&user.ID, &user.Name, &user.Group, &user.Is_Super_Admin, &user.Session, &user.Email, &user.Avatar, &user.Message, &user.URLPrefix, &user.URLName)
	if err == sql.ErrNoRows {
		user.ID = 0
		user.Session = ""
		user.Perms = GuestPerms
		return user, true
	} else if err != nil {
		InternalError(err,w,r,user)
		return user, false
	}
	
	user.Is_Admin = user.Is_Super_Admin || groups[user.Group].Is_Admin
	user.Is_Super_Mod = groups[user.Group].Is_Mod || user.Is_Admin
	user.Is_Mod = user.Is_Super_Mod
	user.Is_Banned = groups[user.Group].Is_Banned
	user.Loggedin = !user.Is_Banned || user.Is_Super_Mod
	if user.Is_Banned && user.Is_Super_Mod {
		user.Is_Banned = false
	}
	
	if user.Is_Super_Admin {
		user.Perms = AllPerms
	} else {
		user.Perms = groups[user.Group].Perms
	}
	
	if user.Avatar != "" {
		if user.Avatar[0] == '.' {
			user.Avatar = "/uploads/avatar_" + strconv.Itoa(user.ID) + user.Avatar
		}
	} else {
		user.Avatar = strings.Replace(noavatar,"{id}",strconv.Itoa(user.ID),1)
	}
	return user, true
}