#!/usr/bin/perl
$| = 1;

open(STDERR, ">&STDOUT");

use warnings;

use CGI;

use Crypt::CBC;
use IPC::Open2;
use MIME::Base32 qw( RFC );
use Captcha::reCAPTCHA;

use Piny::Auth;

my $auth = Piny::Auth->new( );

my $cipher = Crypt::CBC->new( "-key" => $auth->key, "-cipher" => "Blowfish" );

$q = CGI->new;

print( "Content-type: text/plain\n\n" );

if( $q->param("n") && $q->param("a") && $q->param("p") ) {

  my $pass = $q->param("p");
  my $code;

  if ( $q->param("h") ) {
    $pass = $cipher->decrypt( MIME::Base32::decode( $pass ) );
    $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $pass } );
  } else {
    $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $pass } );
    $pass = MIME::Base32::encode( $cipher->encrypt( $pass ) );
  };

  if ( $q->param("h") ) {
    if ( $q->param("h") eq $code ) {
      unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) {
        print "could not execute newrepo";
        die;
      };
      # make things flushier
      select((select(IN), $| = 1)[0]);
      select((select(OUT), $| = 1)[0]);
      print( IN $pass . "\n" );
      close( IN );
      while( <OUT> ) {
        print;
      };
    } else { # Invalid hash
      print( "I'm sorry, the link you followed is invalid.\n" );
    };
  } else { # No hash, they need one sent to their address
    # CAPTCHA check
    if ( -f "/etc/recaptcha/private.key" ) {
      if ( $q->param('recaptcha_response_field') && $q->param('recaptcha_challenge_field') ) {
        open(RECAPTCHA, '/etc/recaptcha/private.key') || ( print "Can't read recaptcha key: [$!]\n" && exit 0 );
          my $recaptchakey = <RECAPTCHA>;
        close (RECAPTCHA);
        chomp($recaptchakey);
        my $c = Captcha::reCAPTCHA->new;
        my $result = $c->check_answer( $recaptchakey, $ENV{'REMOTE_ADDR'}, $q->param( 'recaptcha_challenge_field' ), $q->param( 'recaptcha_response_field' ) );
        if ( $result->{is_valid} ) {
          print "Good recaptcha submission.\n"
        } else {
          print "Bad recaptcha submission: $result->{error}\n";
          exit 0;
        };
      } else {
        print( "Missing recaptcha parameters." );
        exit 0;
      };
    };
    print( "Dispatching email to " . $q->param("a") . "...\n" );
    unless( open( MAIL, "|/usr/lib/sendmail -t" ) ) {
      print "could not execute sendmail";
      die;
    };
    print( MAIL "To: " . $q->param("a") . "\n" );
    print( MAIL "Subject: Verifying account " . $q->param("n") . "\n" );
    print( MAIL "Content-Type: text/plain; charset=us-ascii\n\n" );
    print( MAIL "http" );
    if( $ENV{"HTTPS"} eq "on" ) {
      print( MAIL "s" );
    };
    print( MAIL "://" . $ENV{"SERVER_NAME"} . $ENV{"SCRIPT_NAME"} . "?" );
    print( MAIL "h=" . CGI::escape( $code ) );
    print( MAIL "&n=" . CGI::escape( $q->param("n") ) );
    print( MAIL "&a=" . CGI::escape( $q->param("a") ) );
    print( MAIL "&p=" . CGI::escape( $pass ) );
    print( MAIL "\n");
    close( MAIL ); 
    print( "Done!" );
  };
} else {
  print( "Missing parameters." );
};