# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Netscape Communications
# Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s): Terry Weissman <terry@mozilla.org>
#                 Dan Mosedale <dmose@mozilla.org>
#                 Joe Robins <jmrobins@tgix.com>
#                 Dave Miller <justdave@syndicomm.com>
#                 Christopher Aillon <christopher@aillon.com>
#                 Gervase Markham <gerv@gerv.net>
#                 Christian Reis <kiko@async.com.br>
#                 Bradley Baetz <bbaetz@acm.org>
#                 Erik Stambaugh <erik@dasbistro.com>

package Bugzilla::Auth::Verify::vBulletin;
use strict;
use base qw(Bugzilla::Auth::Verify);

use Bugzilla::Constants;
use Bugzilla::Token;
use Bugzilla::Util;
use Bugzilla::User;
use Digest::MD5 'md5_hex';

use constant user_can_create_account => 0;
use constant can_change_email => 1;

sub check_credentials {
    my ($self, $login_data) = @_;
    my $dbh = Bugzilla->dbh;

    my $username = $login_data->{username};

    $login_data->{bz_username} = $username;
    my $password = $login_data->{password};

    trick_taint($username);
    my ($db_userid, $db_pass, $db_email, $db_salt) = $dbh->selectrow_array(
        "SELECT userid, password, email, salt FROM am.vb_user WHERE email = ?",
        undef, $username);

    if ($db_userid == undef) 
	{
		#If we didn't get a valid auth, look in bz's profiles table.
		my ($bz_userid, $bz_login, $bz_extern_id) = $dbh->selectrow_array(
			"SELECT userid, login_name, extern_id FROM profiles WHERE login_name = ?",
			undef, $username);

		#Totally invalid.
		if ($bz_userid == undef)
		{
    		return { failure => AUTH_NO_SUCH_USER }
		}

		#Try a vBulletin authentication again.
		$db_email = $bz_login;
		($db_userid, $db_pass, $db_salt) = $dbh->selectrow_array(
			"SELECT userid, password, salt FROM am.vb_user WHERE userid = ?",
			undef, $bz_extern_id);

		if ($db_userid == undef)
		{
			return { failure => AUTH_NO_SUCH_USER }
		}
    }


    # Using the internal crypted password as the salt,
    # crypt the password the user entered.
    my $entered_password_crypted = md5_hex(md5_hex($password) . $db_salt);

    return { failure => AUTH_LOGINFAILED }
        if $entered_password_crypted ne $db_pass;

    $login_data->{'username'} = $db_email;
    $login_data->{'extern_id'} = $db_userid;

    return $login_data;
}

1;