<?php defined('BLUDIT') or die('Bludit CMS.');

// ============================================================================
// Functions
// ============================================================================

function setPassword($username, $new_password, $confirm_password)
{
	global $dbUsers;
	global $Language;
	global $Syslog;

	// Password length
	if( strlen($new_password) < 6 )
	{
		Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
		return false;
	}

	if($new_password===$confirm_password)
	{
		if( $dbUsers->setPassword($username, $new_password) ) {
			Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
			// Add to syslog
			$Syslog->add(array(
				'dictionaryKey'=>'user-password-changed',
				'notes'=>$username
			));
			return true;
		}
		else {
			Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
			return false;
		}
	}
	else {
		Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
		return false;
	}
}

// ============================================================================
// Main before POST
// ============================================================================

// ============================================================================
// POST Method
// ============================================================================

if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
	// Prevent editors to administrate other users.
	if($Login->role()!=='admin')
	{
		$_POST['username'] = $Login->username();
		unset($_POST['role']);
	}

	if( setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password']) ) {
		Redirect::page('users');
	}
}

// ============================================================================
// Main after POST
// ============================================================================

if($Login->role()!=='admin') {
	$layout['parameters'] = $Login->username();
}

$_user = $dbUsers->getDb($layout['parameters']);

// If the user doesn't exist, redirect to the users list.
if($_user===false) {
	Redirect::page('users');
}

$_user['username'] = $layout['parameters'];

// Title of the page
$layout['title'] .= ' - '.$Language->g('Change password');