<?php

//check if user is already logged in
//check if session_username doesnt already exist and that Log In form has been submitted
if (isset($_POST['login'])) {
    if (!empty($_POST['username']) && !empty($_POST['password'])) {
        #trim values
        $username = trim($_POST['username']);
        $password = trim($_POST['password']);
        $user = new Authentication();
        //authenticate user
        if ($user->authenticateUser($db, $username, $password)) {
            //check account_status
            if (!$user->accountStatus($db, $username)) {
                $message = "This Account was deactivated. Contact the System Administrator.";
                $smarty->assign('accountMsg', $message);
                $content = $smarty->fetch('./logon/tm0.logon.logon_err.tpl.html');
                include_once './config/disconnect.inc.php';
            } else {
                //Register login Username
                $_SESSION['loginUsername'] = $username;
                //Register remote IP-Address
                $_SESSION['loginIP'] = $_SERVER['REMOTE_ADDR'];
            }
        } else {
            $message = "This username / password combination is incorrect. \nEither check your Login Information and try again or contact the System Administrator.";
            $smarty->assign('authMsg', $message);
            $smarty->assign($_POST);
            $content = $smarty->fetch('./logon/tm0.logon.logon_err.tpl.html');
            include_once './config/disconnect.inc.php';
        }
    SmartyValidate::register_validator('password', 'oldpassword', 'notEmpty');
    SmartyValidate::register_validator('password1', 'newpassword:6:-1', 'isLength');
    SmartyValidate::register_validator('password2', 'newpassword:confpassword', 'isEqual');
    // display form
} else {
    // validate after a POST
    SmartyValidate::connect($smarty);
    if (SmartyValidate::is_valid($_POST)) {
        SmartyValidate::disconnect();
        // no errors, done with SmartyValidate
        #ccreate authenticatio object
        $userAuth = new Authentication();
        $oldPass = trim($_POST['oldpassword']);
        $newPass = trim($_POST['newpassword']);
        $cryptNewPass = crypt($newPass, 'yxpijaui93');
        if ($userAuth->authenticateUser($db, $_SESSION['loginUsername'], $oldPass)) {
            #perform password update
            $updatePass = "******";
            if ($userAuth->chgPassword($db, $_SESSION['loginUsername'], $newPass)) {
                #set session variable 'chg_pass'
                $_SESSION['chg_pass'] = '******';
                $msg = "Password has been changed. Please log out and re-log in to ensure that your new password works.";
                $smarty->assign('updateMsg', $msg);
                #$content = $smarty->fetch('./main/staff/chg_pass.tpl.html');
            } else {
                #update failed
                $msg = "Action Failed. Please try again later or contact the Administrator.";
                $smarty->assign('updateMsg', $msg);
                #$content = $smarty->fetch('./main/staff/chg_pass.tpl.html');
            }
            unset($_SESSION['prevPath']);