#!/usr/bin/perl
$| = 1;

open(STDERR, ">&STDOUT");

use warnings;

use CGI;

use Crypt::CBC;
use IPC::Open2;
use MIME::Base32;

use Piny::Auth;

my $auth = Piny::Auth->new( );

my $cipher = Crypt::CBC->new( "-key" => $auth->key, "-cipher" => "Blowfish" );

$q = CGI->new;

print( "Content-type: text/plain\n\n" );

if( scalar( $q->param("n") ) && scalar( $q->param("a") ) && scalar( $q->param("p") ) ) {

  my $pass = scalar( $q->param("p") );
  my $code;

  if ( scalar( $q->param("h") ) ) {
    $pass = $cipher->decrypt( MIME::Base32::decode( $pass ) );
    $code = $auth->hash( { "n" => scalar( $q->param( "n" ) ), "a" => scalar( $q->param( "a" ) ), "p" => $pass } );
  } else {
    $code = $auth->hash( { "n" => scalar( $q->param( "n" ) ), "a" => scalar( $q->param( "a" ) ), "p" => $pass } );
    $pass = MIME::Base32::encode( $cipher->encrypt( $pass ) );
  };

  if ( scalar( $q->param("h") ) ) {
    if ( scalar( $q->param("h") ) eq $code ) {
      unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", scalar( $q->param("a") ), scalar( $q->param("n") ) ) ) {
        print "could not execute newrepo";
        die;
      };
      # make things flushier
      select((select(IN), $| = 1)[0]);
      select((select(OUT), $| = 1)[0]);
      print( IN $pass . "\n" );
      close( IN );
      while( <OUT> ) {
        print;
      };
    } else { # Invalid hash
      print( "I'm sorry, the link you followed is invalid.\n" );
    };
  } else { # No hash, they need one sent to their address
    if ( -f "/etc/piny/captcha" ) {
      if ( scalar( $q->param('c') ) ) {
        open(CAPTCHA, '/etc/piny/captcha') || ( print "Can't read captcha file: [$!]\n" && exit 0 );
          my $captcha = <CAPTCHA>;
        close (CAPTCHA);
        chomp( $captcha );
        if ( $captcha eq scalar( $q->param('c') ) ) {
          print "Good captcha submission.\n"
        } else {
          print "Bad captcha submission.\n";
          exit 0;
        };
      } else {
        print( "Missing or incorrect \"c\" captcha parameter." );
        exit 0;
      };
    };
    print( "Dispatching email to " . scalar( $q->param("a") ) . "...\n" );
    unless( open( MAIL, "|/usr/lib/sendmail -t" ) ) {
      print "could not execute sendmail";
      die;
    };
    print( MAIL "To: " . scalar( $q->param("a") ) . "\n" );
    print( MAIL "Subject: Verifying account " . scalar( $q->param("n") ) . "\n" );
    print( MAIL "Content-Type: text/plain; charset=us-ascii\n\n" );
    print( MAIL "http" );
    if( $ENV{"HTTPS"} eq "on" ) {
      print( MAIL "s" );
    };
    print( MAIL "://" . $ENV{"SERVER_NAME"} . $ENV{"SCRIPT_NAME"} . "?" );
    print( MAIL "h=" . CGI::escape( $code ) );
    print( MAIL "&n=" . CGI::escape( scalar( $q->param("n") ) ) );
    print( MAIL "&a=" . CGI::escape( scalar( $q->param("a") ) ) );
    print( MAIL "&p=" . CGI::escape( $pass ) );
    print( MAIL "\n");
    close( MAIL ); 
    print( "Done!" );
  };
} else {
  print( "Missing parameters." );
};