<?php
/*****************************************************************************
 * ResetPassword.php
 * Contains the controller for the reset password procedure.
 *
 * Kabuki CMS (C) 2013-2016, Aaron van Geffen
 *****************************************************************************/

class ResetPassword extends HTMLController
{
	public function __construct()
	{
		// Already logged in? Then you don't need this.
		if (Registry::get('user')->isLoggedIn())
			throw new UserFacingException('You are already logged in.');

		// Verifying an existing reset key?
		if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
		{
			$email = rawurldecode($_GET['email']);
			$id_user = Authentication::getUserid($email);
			if ($id_user === false)
				throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');

			$key = $_GET['key'];
			if (!Authentication::checkResetKey($id_user, $key))
				throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');

			parent::__construct('Reset password - ' . SITE_TITLE);
			$form = new PasswordResetForm($email, $key);
			$this->page->adopt($form);

			// Are they trying to set something already?
			if (isset($_POST['password1'], $_POST['password2']))
			{
				$missing = [];
		 		if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
		 			$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
				if ($_POST['password1'] != $_POST['password2'])
					$missing[] = 'The passwords you entered do not match.';

				// So, are we good to go?
				if (empty($missing))
				{
					Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
					$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
					header('Location: ' . BASEURL . '/login/');
					exit;
				}
				else
					$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
		 	}
		}
		else
		{
			parent::__construct('Reset password - ' . SITE_TITLE);
			$form = new ForgotPasswordForm();
			$this->page->adopt($form);

			// Have they submitted an email address yet?
			if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
			{
				$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
				if ($id_user === false)
				{
					$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
					return;
				}

				Authentication::setResetKey($id_user);
				Email::resetMail($id_user);

				// Show the success message
				$this->page->clear();
				$box = new DummyBox('An email has been sent');
				$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
				$this->page->adopt($box);
			}
		}
	}
}