<?php

// This is supposed to redirect to https if reached with http.  Based on
// some web searching.  Might break on some servers, but works on Sandbox.
// Good thing to do when sending a password, though it's now quite common
// that the server or browser configuration will already have forced https.
// https://stackoverflow.com/questions/5106313/redirecting-from-http-to-https-with-php
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === "off") {
    $location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    header('HTTP/1.1 301 Moved Permanently');
    header('Location: ' . $location);
    exit;
}

define('LETTERS', "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
define('DIGITS', "0123456789");

/*
 * Function to store a new password $pwd for $user in the database opened
 * under $dbm.  Checks that the password meets some complexity rules, and
 * makes sure $chk as the same value as $pwd.  It then saves it under
 * standard encryption.  If anything goes wrong, returns an error message.  
 * Otherwise, returns the empty string.
 */
function store_pwd($user, $pwd, $chk, $dbm)
{
    // Check that the two match.
    if($pwd != $chk) return "Passwords do not match.";
    
    // Vet password.
    if(strlen($pwd) < 6) return "Password must be at least 6 characters.";

    // Count the letters.
    $counts = count_chars($pwd);
    $nalpha = array_sum(array_slice($counts, ord('A'), 26)) +
	      array_sum(array_slice($counts, ord('a'), 26));
    $ndigit = array_sum(array_slice($counts, ord('0'), 10));
    if($nalpha == 0 || $ndigit == 0 || $nalpha + $ndigit == strlen($pwd))
	return "Password must contain a digit, a letter, and something else.";

    // Attempt to store.
    if(dba_replace($user, password_hash($pwd, PASSWORD_DEFAULT), $dbm))
	return "";

    return "Database update failed.";
}

/* Start the session.  This changes the cookie name to avoid collisions, though
 * this is probably not a big problem.  This has to be done before generating
 * any other output.  It also insists that the cookie can only be sent over a
 * secure session.  A secure site will have usually have this configured as
 * the default, but Sandbox isn't all that locked down. 
 */
session_start(['name' => 'SECRETKEEPER', 'cookie_secure' => 'on']);

/*
 * Figure out the state of the session.  This will be set by the previous
 * run of the script, unless the user has just contacted, in which case
 * either the cookie will be expired, so not sent to the server, or the
 * session will have expired so the server no longer retains it.  In either
 * of those cases, you get state 'out';
 */
$state = 'out';
if(isset($_SESSION['state'])) $state = $_SESSION['state'];

// Current error message, if we find one.
$error = '';

// Extra status message, if any.
$message = '';

/*
 * Open the database on the server.  First, I'm going to decide if read
 * perm is okay, or if I might need to write so I will have the right mode.
 * Important to limit damage from bugs, and because the system will
 * generally allow only one writer to proceed at a time, but multiple
 * readers.  Basically, we ask for write permission of we have form post
 * data and see any of buttons which update things.
 */ 
$perm = 'r';
if(isset($_POST) && (isset($_POST['CREATE']) || isset($_POST['UPDATE']) ||
		     isset($_POST['CHANGE'])))
$perm = 'w';

$dbm = @dba_open('/var/wwwwrite/bennet/secrets', $perm, "db4");
if($dbm === false) {
    $error = 'Unable to open database.';
    $state = 'error';  // This will be changed to 'out' before generating HTML.
}

// Here we implement the state transition based on the current state and the
// values in the post data.  If there is no post data, the state does not
// change.
if(isset($_POST)) {
    if($state == 'out') {
	if(isset($_POST['SIGNUP'])) {
	    // Signup button.  Just changes state to show correct page.
	    $state = 'signup';
	} else if(isset($_POST['LOGIN'])) {
	    // Trying to log in.  If login fails, state does not change.
	    if(!$_POST['user'] || !$_POST['pass']) {
		// But didn't fill out everything, or left blanks.
		$error = 'Login incorrect';
	    } else {
		// Filled out, see if we like the creds.  The
		// fetch returns false if the account doesn't
		// exist, then if it does, we check the password.
		$encpass = dba_fetch($_POST['user'], $dbm);
		if($encpass && password_verify($_POST['pass'], $encpass)) {
		    // User sent correct password.  Change to a logged in
		    // state, and add the user name to the session.
		    $state = 'show';
		    $_SESSION['user'] = $_POST['user'];
		} else {
		    // Either the account does not exist, or
		    // the creds were wrong.
		    $error = 'Login incorrect';
		}
	    }
	}
	// At this point, state will have changed to signup (if that
	// button was pressed) or show on a successful login.  Otw,
	// it remains out.
    }
    else if($state == 'signup') {
	// In state signup.  See what was sent.
	if(isset($_POST['CANCEL'])) {
	    // Canceled signup.
	    $state = 'out';
	} else if(isset($_POST['CREATE'])) {
	    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['secret']) {
		$error = 'Please fill out all fields.';
	    } else if(strspn($_POST['user'], LETTERS.DIGITS) !=
		strlen($_POST['user'])) {
		$error = 'Account name must be alphanumeric';
	    } else if(dba_exists($_POST['user'], $dbm)) {
		// Account already in the database.
		$error = 'Account '.$_POST['user'].' exists.';
	    } else {
		// Check the password and update the database.  
		$msg = store_pwd($_POST['user'], $_POST['pass'],
				 $_POST['pass2'], $dbm);
		if($msg == '' && !dba_replace($_POST['user'].'_secret',
					      $_POST['secret'], $dbm)) {
		    $msg = 'Database update failed.';
		}

		// See if it all worked.
		if($msg == '') {
		    // Account was created.  Go to the show page.
		    $state = 'show';
		    $_SESSION['user'] = $_POST['user'];
		} else {
		    // Failed.
		    $error = $msg;
		}
	    }
	}
    }
    else if($state == 'show') {
	if(isset($_POST['UPDATE'])) {
	    // Change the secret.
	    if(!dba_replace($_SESSION['user'].'_secret',
			    $_POST['secret'], $dbm)) {
		$error = 'Database update failed';
	    } else {
		$message = "Updated";
	    }
	}
	else if(isset($_POST['NEWPASS'])) {
	    $state = 'newpass';
	}
	else if(isset($_POST['LOGOUT'])) {
	    $state = 'out';
	}
    }
    else if($state == 'newpass') {
	// Performing password change.
	if(isset($_POST['CANCEL'])) {
	    // Password change cancelled.
	    $state = 'show';
	} else if(isset($_POST['CHANGE'])) {
	    // Check the match.
	    if($_POST['pass'] != $_POST['pass2']) {
		$error = "Passwords don't match.";
	    } else {
		// Store the new password
		$msg = store_pwd($_SESSION['user'], $_POST['pass'],
				 $_POST['pass2'], $dbm);
		if($msg == '') {
		    $state = 'show';
		    $message = 'Password changed';
		} else {
		    $error = $msg;
		}
	    }
	}
    }
}

if($state == 'error') $state = 'out';

// Make sure session state agrees with any changes made above.
$_SESSION['state'] = $state;

/*
 * Functions for generating HTML content.
 */
// Create an HTML form submit button
function button($name, $label)
{
    echo "<button type='submit' name='$name'>$label</button>";
}

// Put several buttons in a div by passing an array of $name/$label
// values.
function buttons($buttons)
{
    echo '<div class="ctr">';
    for($i = 0; $i < count($buttons); $i += 2)
	button($buttons[$i], $buttons[$i+1]);
    echo '</div>';
}

// Create a labeled entry.  $type can be 'password' instead of 'entry'.
function entry($name, $label, $type='entry')
{
    echo "<div class='labent'><div><label for='$name'>$label:</label></div>",
    "<div><input type='$type' id='$name' name='$name'></div></div>\n";
}

// Generate the login page.
function login_page()
{
    echo '<form method="post">',"\n";
    entry('user', 'User name');
    entry('pass', 'Password', 'password');
    buttons(array('LOGIN', 'Log in', 'SIGNUP', 'Create Account'));
    echo '</form>';
}

// Generate the secret page.
function secret_page($dbm)
{
    echo "<p>Secret for ",$_SESSION['user'],"</p>";
    echo '<form method="post">',"\n";
    $secret = htmlspecialchars(dba_fetch($_SESSION['user'].'_secret', $dbm));
    echo "<textarea name='secret'>$secret</textarea>";
    buttons(array('UPDATE', 'Update Secret', 'NEWPASS', 'Change Password',
		  'LOGOUT', 'Log out'));
    echo '</form>';
}

// Generate the password change page.
function change_pass_page()
{
    echo "<p>Change password for ",$_SESSION['user'],"</p>";
    echo '<form method="post">',"\n";
    entry('pass', 'Password', 'password');
    entry('pass2', 'Retype Password', 'password');
    buttons(array('CHANGE', 'Change Password', 'CANCEL', 'Cancel'));
    echo '</form>';
}

// Generate the signup page
function signup_page()
{
    echo "<p>Create a Secret Keeper Account</p>";
    echo '<form method="post">',"\n";
    entry('user', 'User name');
    entry('pass', 'Password', 'password');
    entry('pass2', 'Retype Password', 'password');
    echo "<p>Enter your secret below</p>\n";
    echo "<textarea name='secret'></textarea>";
    buttons(array('CREATE', 'Create Account', 'CANCEL', 'Cancel'));
    echo '</form>';
}

?>
<!DOCTYPE html>
<html>
    <head>
	<meta charset="utf-8">
	<title>My Secret Keeper</title>
	<link rel="stylesheet" href="../lit/genstyle.css" type="text/css">
	<style>
	 p, form, .ctr { text-align: center; }
	 p.msg { height: 3em; }
	 div { box-sizing: border-box; }
	 span.err { color: red; height}
	 span.msg { color: green; height}
	 button { margin-left: 1em; margin-right: 1em;
	     padding-left: 0.5em; padding-right: 0.5em }
	 form { width: 90%; margin: auto; margin-top: 3em;
	     border: 1pt solid blue; padding: 2em; }
	 div.labent { padding-bottom: 1em; }
	 div.labent div { width: 50%; display: inline-block }
	 div.labent div:first-child {
	     text-align: right; padding-right: 0.5em;
	 }
	 div.labent div:last-child {
	     text-align: left;
	 }
	 input["text"] { width: 15em; }
	 textarea { width: 95%; height: 5em; margin-bottom: 1em; }
	</style>
    </head>
    <body>
	<h1>Secret Keeper</h1>
	<p class="msg">
	    <?php
	    //print_r($_POST); echo "<br>$perm $message $error<br>";
	    //print_r($_SESSION);
	    if($error) { echo "<span class='err'>$error</span>"; }
	    if($message) { echo "<span class='msg'>$message</span>"; }
	    ?>
	</p>
	<?php
	// Main contents generated according to state.
	if($state == 'out') login_page();
	else if($state == 'show') secret_page($dbm);
	else if($state == 'newpass') change_pass_page();
	else if($state == 'signup') signup_page();
	else {// Paranoia
	    echo "<p><span class='err'>Internal Error</span></p>\n";
	    $_SESSION['state'] = 'out';
	    $_SESSION['user'] = '';
	}
	?>
    </body>
</html>