<?

session_start();

$error = 0;

// check method
$method = $_SERVER["REQUEST_METHOD"];
if ( $method != "POST" ) 
    $error = 1;

function forward($str) {
    header('Location:'.$str);
    //print $str;
}

if ( !$error )  {
    // find matching button
    include "db.php";
    if ( isset($_POST['register_button']) && $_POST['register_button'] ) {
        include "utils.php";
        $pwd = generatePassword(10);
        $q = "insert into users (uname, pwd, email) values ('".$_POST['username']."', '".$pwd."', '".$_POST['email']."')";
        query($q);
        $msg = "";
        $msg .= "\n";
        $msg .= "Your username: ".$_POST['username']."\n";
        $msg .= "Your password: ".$pwd."\n";
        $msg .= "iGregator location: ...";
        sendEmail($_POST['username'], $_POST['email'], $msg);
        forward('index.php?msg=pwd_mailed');
    } elseif ( isset($_POST['login_button']) && $_POST['login_button'] ) {
        $ret = query("select * from users where uname='".$_POST['username']."' and pwd='".$_POST['password']."'");
        $num = mysql_num_rows($ret);
        if ( $num != 1 ) {
            forward('login.php?msg=lfail');
            return;
        }
        $_SESSION['logged_in'] = True;
        $_SESSION['userid'] = mysql_result($ret,0);
        forward('index.php?msg=lsuccess');
    } elseif ( isset($_POST['profile_button']) && $_POST['profile_button'] ) {
        // TODO: check email
        $curUser->setEmail($_POST['email']);
        if ( $_POST['pass1'] == $_POST['pass2'] )
            $curUser->setPassword($_POST['pass2']);
        $curUser->save();
        forward('index.php?msg=prof_success');
    } else {
        print "internal error";
    }
}

if ( $error ) {
    print "external error";
}

?>