package common

import (
	"bytes"
	"crypto/rand"
	"crypto/sha256"
	"dbweb/core"
	"dbweb/lib/safe"

	"github.com/linlexing/dbx/data"
	"github.com/linlexing/mapfun"
)

//ChangePwd 业务
type ChangePwd struct{}

func init() {
	core.RegisterFun("ChangePwd", new(ChangePwd), "_layout/blank")
}

//Post 业务
func (c *ChangePwd) Post(p *core.ElementHandleArgs) {
	oldpwd := p.Req.PostFormValue("oldpwd")
	newpwd := p.Req.PostFormValue("newpwd")
	repwd := p.Req.PostFormValue("repwd")
	if newpwd != repwd {
		p.More["Error"] = "新密码与确认新密码不一致"
		p.HTML()
		return

	}

	t, err := data.OpenTable(p.DB.DriverName(), p.DB, "nuser")
	if err != nil {
		core.LOG.Panic(err)
	}

	userName := p.User.Name
	ur, err := t.Row(userName)
	if err != nil {
		p.More["Error"] = "发生错误:" + err.Error()
		p.HTML()
		return

	}
	chgur := mapfun.Clone(ur)
	if ur == nil {
		p.More["Error"] = "用户名错误"
		p.HTML()
		return
	}
	pwd1 := sha256.Sum256(append(safe.Bytea(ur["SALT"]), []byte(oldpwd)...))

	pwd, err := BuildUserPassword(oldpwd, safe.Bytea(ur["SALT"]))
	if err != nil {
		core.LOG.Panic(err)
	}
	if !bytes.Equal(pwd1[:], safe.Bytea(ur["PASSWORD"])) &&
		!bytes.Equal(pwd, safe.Bytea(ur["PASSWORD"])) {

		p.More["Error"] = "旧密码不正确"
		p.HTML()
		return
	}
	salt := make([]byte, 16)
	if _, err := rand.Read(salt); err != nil {
		core.LOG.Panic(err)
	}
	chgur["SALT"] = salt
	pwd, err = BuildUserPassword(newpwd, salt)
	if err != nil {
		core.LOG.Panic(err)
	}
	chgur["PASSWORD"] = pwd[:]
	if _, err := t.Update(ur, chgur); err != nil {
		core.LOG.Panic(err)
	}
	p.RenderMessage("成功完成密码的修改")
}