#include "user.h"
#include "xmlcgi.h"

XML * current_user;
XML * user = NULL;
XML * edited;
XML * cgi;
XML * environment;
XML * query;

See 
See 

int main (int argc, char * argv[])
{
   ATTR * attr;
   char * field;

   cgi = cgi_init ();
   environment = xml_loc (cgi, "cgicall.environment");
   query = xml_loc (cgi, "cgicall.query");

   current_user = user_authenticate (environment, "wftk workflow");
   edited = current_user;
   if (!current_user) {
      printf ("Content-type: text/html\n\n");
      printf ("<html><head><title>User authentication required</title></head>\n");
      printf ("<body><h2>User authentication required </h2><hr>\n");
      printf ("A valid user authentication response is required to access this area.\n");
      printf ("</body></html>\n");
      xml_free (cgi);
      exit(0);
   }

   if (strcmp ("", xml_attrval (query, "user"))) {
      user = user_get (xml_attrval (query, "user"));
      if (!user) {
         printf ("Content-type: text/html\n\n");
         printf ("<html><head><title>Unknown user '%s'</title></head>\n", xml_attrval (query, "user"));
         printf ("<body><h2>Unknown user '%s'</h2><hr>\n", xml_attrval (query, "user"));
         printf ("The system was unable to locate the username you entered.\n</body></html>\n");
         xml_free (cgi);
         xml_free (current_user);
         exit(0);
      }
      edited = user;
      if (!user_perm (current_user, "user", xml_attrval (query, "user"), "edit")) {
         printf ("Content-type: text/html\n\n");
         printf ("<html><head><title>Insufficient privilege</title></head>\n");
         printf ("<body><h2>Insufficient privilege</h2><hr>\n");
         printf ("You don't have permission to edit the personal information for user '%s'.\n", xml_attrval (query, "user"));
         printf ("</body></html>\n");
         xml_free (cgi);
         xml_free (current_user);
         exit(0);
      }
   }

   attr = query->attrs;
   while (attr) {
      if (strcmp (attr->name, "user") && strcmp (attr->name, "name")) {
         xml_set (edited, attr->name, attr->value);
      }
      attr = attr->next;
   }

   user_save (edited);

   printf ("Content-type: text/html\n\n");
   printf ("<html><head><title>Edit user information for '%s'</title></head>\n", xml_attrval (edited, "name"));
   printf ("<body><h2>User information for '%s'</h2><hr>\n", xml_attrval (edited, "name"));
   printf ("<form action=\"%s\" method=post>\n", xml_attrval (environment, "SCRIPT_NAME"));
   if (strcmp (xml_attrval (query, "user"), "")) {
      printf ("<input type=hidden name=user value=\"%s\">\n", xml_attrval (query, "user"));
   }
   printf ("<table>\n");
   attr = edited->attrs;
   while (attr) {
      if (!strcmp (attr->name, "user") || !strcmp (attr->name, "name")) {
      } else if (!strcmp (attr->name, "password")) {
         /*printf ("<tr><td>Password</td><td><input name=password></td></tr>\n");*/
      } else if (!strcmp (attr->name, "fullname")) {
         printf ("<tr><td>Full name</td><td><input name=fullname value=\"%s\"></td></tr>\n", attr->value);
      } else if (!strcmp (attr->name, "email")) {
         printf ("<tr><td>Email address</td><td><input name=email value=\"%s\"></td></tr>\n", attr->value);
      } else {
         printf ("<tr><td>%s</td><td><input name=\"%s\" value=\"%s\"></td></tr>\n", attr->name, attr->name, attr->value);
      }
      attr = attr->next;
   }
   printf ("<tr><td colspan=2><center><input type=submit value=\"Update user info\"></center></td></tr>\n");
   printf ("</table>\n");
   printf ("</form></body></html>\n");

   xml_free (cgi);
   if (user) xml_free (user);
   xml_free (current_user);
}