#!/usr/bin/tclsh

#
#	This file is part of Helga.
#
#	Helga is free software: you can redistribute it and/or modify
#	it under the terms of the GNU General Public License as published by
#	the Free Software Foundation, either version 3 of the License, or
#	(at your option) any later version.
#
#	Helga is distributed in the hope that it will be useful,
#	but WITHOUT ANY WARRANTY; without even the implied warranty of
#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#	GNU General Public License for more details.
#
#	You should have received a copy of the GNU General Public License
#	along with Helga.  If not, see <http://www.gnu.org/licenses/>.
#

#
#	Helga Authentication Script
#
#	Runs the shell script helgaAuth.sh to get a password because Tcl
#	can't hide passwords

if { $argc < 1 } {
	puts "Usage: helgaAuth.tclsh <user name> \[<encrypted password>\]"
	exit 1
}

set user [lindex $argv 0]
set pass [lindex $argv 1]

package require mysqltcl
package require md5

set dirName [file dirname [file normalize $argv0]]
source "$dirName/sourceConf.tcl"

if { [catch "::mysql::connect -user helgaAdmin -password $::ADMINSQLPASS -db $::SQLDB" db] } {
	error "Error: $db"
}

set sql "SELECT a.`assetId` FROM `users` u, `assets` a WHERE a.`assetName` = '$user' AND a.`assetId` = u.`assetId` AND u.`password` "
if { $pass == "" } {
	append sql "IS NULL OR u.`password` = ''"
} else {
	append sql "= '$pass'"
}
set result ""
set result [::mysql::sel $db $sql -list]
if { $result == "" } {
	set sql "SELECT * FROM `users` u, `assets` a WHERE a.`assetName` = '$user' AND a.`assetId` = u.`assetId`"
	set result ""
	set result [::mysql::sel $db $sql -list]
	if { $result == "" } {
		puts [list nouser "" ""]
	} else {
		puts [list wrongpass "" ""]
	}
} else {

	if { [catch "::mysql::connect -user helgaAdmin -password $::ADMINSQLPASS -db $::SQLDB" db] } {
		error "Error: $db"
	}

	set sql "SELECT a.`assetId` FROM `assets` a, `users` u WHERE a.`assetName` = '$user' AND a.`assetId` = u.`assetId`"
	set result [::mysql::sel $db $sql -list]
	if { $result == "" } {
		error "Error: no user found with name $userName."
	} 
	set userId [lindex [lindex $result 0] 0]
	#
	#	We'll need the current time twice, so we'll get it and store it.
	#
	set currentTime [clock seconds]
	#
	#	Generate a unique session ID. This is done by running the current
	#	unix time through md5 encryption.
	#
	set sessionId [::md5::md5 -hex $currentTime]
	#
	#	Find an open port, in case it's a web user that will be needing to
	#	send commands to the Shell remotely.
	#
	set portNum 5000
	#
	#	Set a reasonable limit in case there's some other problem so this
	#	script doesn't go into an infinite loop.
	#
	set maxNum 7000
	proc blah {} {}
	while { [catch "socket -server blah $portNum" sock] } {
		incr portNum
		if { $portNum >= $maxNum } {
			error "Error: $sock" 
		}
	}
	close $sock
	#
	#	Add the row to the database.
	#
	set sql "INSERT INTO `sessions` ( `sessionId`, `userId`, `timestamp`, `portNumber` ) VALUES ( '$sessionId', $userId, $currentTime, $portNum );"
	::mysql::exec $db $sql

	set sql "SELECT p.`permLevel` FROM `assets` a, `permissions` p WHERE a.`assetName` = '$user' AND a.`assetId` = p.`userId` ORDER BY p.`permLevel` DESC LIMIT 1"
	set result [::mysql::sel $db $sql -list]
	if { $result == "" } {
		set highestPermLevel guest
	} else {
		set highestPermLevel [lindex [lindex $result 0] 0]
	}

	set permCap [string toupper $highestPermLevel 0 0]
	set permUpper [string toupper $highestPermLevel]
	set userVarName helga$permCap
	set user [set userVarName]
	set passVarName ${permUpper}SQLPASS
	if { [info vars $passVarName] != "" } {
		set pass [set $passVarName]
	} else {
		set pass ""
	}

	set out [list $sessionId $user $pass]
	puts $out
}