#!/usr/bin/perl -T
# edit-member.pl - edit user's member information.
# Copyright Board of Trustees of the University of Illinois at UC, April 1995

# This is used via a URL like:
#  http://www.hypernews.org/HyperNews/edit-member.pl?user

# Add current directory to load path.
$0 = $ENV{SCRIPT_FILENAME} if $0 =~ m{^/dev};
$0 =~ m{^(.*)/[^/]+$ }x;   $hnbin = $1 || '.';
unshift(@INC, $hnbin, "$hnbin/.scripts"); 

require "Admin/hnrc";

&feval('&EditMember()');

sub EditMember {

    local $debug = 0;

    require "urc.pl";
    require "member-lib.pl";
    require "edit-lib.pl";
    require 'formlib.pl';

    my %form = &GetFormArgs();

    # Check for server or cookie authentication, or maybe login.
    &checkAuthenticated($form{UserID}, $form{Password}, 
			$form{remoteUser}, $form{adminPassword});

    my $isAdmin = $authenticated && &isAdmin($remoteUser);
 
#    &HNMsg("hndocs: $hndocs");
#    &HNMsg("SCRIPT_NAME: $ENV{SCRIPT_NAME}");
#    &HNMsg("hnprefix: $hnprefix");
#    &HNMsg("hnbinURL: $hnbinURL");

    my $whoami = &sustring($remoteUser);
    if ($whoami) { $whoami = "You are: $whoami <BR>"; }
    my $whoisthat;

    my $adminEmail = &addressOf(@hnAdmin[0]) || @hnAdmin[0];

    $qs = $ENV{QUERY_STRING};
    &HNMsg("Query string: '$qs'") if $debug;
    my %args = &parseQueryString();
    $userid = $args{userid} || $qs || $remoteUser;  # allow ?user
    &HNMsg("userid is '$userid', Remote User is '$remoteUser'") if $debug;
    my %member = &getMember($userid);
    &printAssoc("Member '$userid'", %member) if $debug;

    my $registering = $args{new};

    my $thisURL = $ENV{REQUEST_URI};
    $thisURL ||= ($qs ? "$editMemberURL?$qs" : $editMemberURL);
    $thisURL = &URLencode($thisURL);
    my $redirectURL = "$loginURL?userid=$userid&url=$thisURL";

    # We are not changing anything yet, but still must do access control.
    # (But this does not check the right thing yet.)
#    &access1($joinSF, 2, $userid, $remoteUser,
#	     "You, '$remoteUser', can not update membership info for
#              user '$userid'",
#	     $authenticated);

    # Special access check for inquiries.
    if (($authenticateInquiries || $hideUserIDs) && %member) {
	if ($userid && !$authenticated) {  #  && $manualSecurity
	    # Try logging in first.  This may not be workable.
	    # Maybe should require manualSecurity.
	    &printRedirect($redirectURL);
	}
	elsif ($userid && ($userid ne $remoteUser) && !$isAdmin) {
	    &HNUserError( qq{
 You, $remoteUser, are not permitted to inquire about
 other members - all member data is private.  If you want to edit your
 own member data, go to <A HREF="$editMemberURL?userid=$remoteUser">here</A>.
 });
        }
    }
 
    # my $URL = $ENV{'PATH_INFO'};

    if ($userid) {
	# &HNMsg("Getting New Member info for $userid");
	# &printAssoc('member', %member);

	$newUserID = $member{'UserID'};
	#&HNMsg("userid: $userid  newUserID: $newUserID");
	$emailAddress =  $member{'Email'};
	$userName = $member{'Name'};
	$userURL = $member{'UserURL'};
	$userPhone = $member{'Phone'} || $member{'UserPhone'};
	$userAddress = $member{'MailAddress'} || $member{'UserAddress'};
	$content = $member{'Content'};
	$format = $member{'Format'};

	my $memberOrAdmin = "a member";
	if (&isAdmin($userid)) {  # In what group?
	  $memberOrAdmin = "an administrator";
	}

	if ($hnGroup) {
	    $groupScope = " in group $hnGroup";
	}

	my $groupName = $hnGroup;
	$groupName =~ s,^/,,;

	if ($newUserID) {
	  if ($newUserID ne $remoteUser) {
	    if ($newUserID ne $userid) {
		$whoisthat =  "\"$userid\" has $UserIDorHandle \"$newUserID\".";
		$userid = $newUserID;
	    }
	    if ($hnGroup) {
		if (-e "$hnPeople$hnGroup/$userid") {
		    $whoisthat .= "  $userid is $memberOrAdmin of \"$groupName\".";
		}
		else { $whoisthat .= "  $userid is not a member of \"$groupName\"."; }
	    } else { $whoisthat ||= "  \"$userid\" is $memberOrAdmin."; }
	  }
	} else { $whoisthat .= "  \"$userid\" is not a member."; }

	$whoisthat = " <STRONG> \n $whoisthat </STRONG> <P>\n"
	    if $whoisthat;
    }

    
    if (!$authenticated) {  # $joinSF == 1  && !$authenticateInquiries
      # if ($joinSF == 2) { $orMember = "or Current Member"; }

      if (!$registering) {
	$passwordOption = qq{
 <HR>

 <STRONG>Current Password for $hnSystemName</STRONG>: <BR>
 <INPUT NAME="Password" TYPE="password" SIZE=8 MAXLENGTH=8>
};

	if (!$authenticateInquiries) {
	  $passwordOption .= "
 (required to Update anything if you are already a member)";
	}
      }

      $adminline = qq{
<P>
<HR> 
<P>
 (Ignore this unless you are an Administrator $orMember making updates for the User) <P>
<STRONG>Administrator $orMember</STRONG>: <BR>
<INPUT NAME="remoteUser" SIZE=35 MAXLENGTH=65> <P>

<STRONG>Admin $orMember Password</STRONG>: <BR>
<INPUT NAME="adminPassword" TYPE="password" SIZE=8 MAXLENGTH=8> 
};

      if ($resetPasswordSF && !$externalSecurity) {
	  $resetOption = qq{
<P>
 (If you have a password but cannot remember it, you can };
	if ($resetPasswordSF == 2) { 
	    $resetOption .= 'ask another member to '; }
	elsif ($resetPasswordSF == 3) { 
	    $resetOption .= qq{
ask an administrator 
 (<A HREF="mailto:$adminEmail">$adminEmail</A>) to 
};
	}

        my $yourUserID = ", '$userid', " if $userid;
        my $thisURL = $editMemberURL;
        $thisURL .= "?userid=$userid" if $userid;
 
	$resetOption .=  qq{
 <A HREF="$editResetURL?userid=$userid"> reset </A>
 it to a random password.  Be sure to mention your 
 $UserIDorHandle$yourUserID and this URL: $thisURL.) <P> 
};

      } # $resetPasswordSF

    } # !$authenticated

    else {
	# Pass these through to reauthenticate.
	$adminline = qq{
<INPUT NAME="remoteUser" TYPE="hidden" VALUE="$remoteUser">
<INPUT NAME="adminPassword" TYPE=hidden VALUE="$remotePassword">
};
}

#============================================

    &print_HTML_HEAD("$hnSystemName Membership Form");

    my $siteIntro;
    if (-e "$hndocs/.intro.html") {
	open PH, "$hndocs/.intro.html";
	my @lines = <PH>;
	close PH;
	$siteIntro = join ('', @lines);
    }

    my $sitePolicy;
    if (-e "$hndocs/.policy.html") {
	open PH, "$hndocs/.policy.html";
	my @lines = <PH>;
	close PH;
	$sitePolicy = join ('', @lines);
    }


   if ($showPriv) {
       # This should really be on a different page, 
       # but it is sometimes useful info.

        $privMsg = "Read about the access restrictions
that apply here at the bottom of this page.";
	$priv = qq{
<P>
<HR>

<H2>Access Restrictions at <A HREF="$topURL">$hnSystemName</A></H2>
<UL>
};

	@who = ('No one', 'Anyone', 'Only members', 'Only administrators');
	$priv .= qq{

<LI>$who[$joinSF] 
 may register new members.  Members may update their own info.<BR>

<LI>$who[$hnReadSF] 
 may read messages.<BR>

<LI>$who[$addResponseSF]
 may add messages.<BR>

<LI>$who[$notifySF] 
 may add subscriptions for notification.
 Once a member is subscribed, only that member may unsubscribe.<BR>

<LI>$who[$deleteSF] 
 may delete their own messages.<BR>

<LI>$who[$moveSF] 
 may move or copy their own messages.<BR>

<LI>$who[$resetPasswordSF] 
 may reset passwords of members.<BR>

<LI>$who[$addArticleSF] 
 may create new forums.
 The owner of a forum is the administrator for it.<BR>

</UL>
};
}

    if ($ENV{REMOTE_USER}) {
	# Server authenticated.
	$updateMemberURL = $SECUREDupdateMemberURL;
    }

    if (!$authenticateInquiries && !$hideUserIDs && !$registering && !$viewMembers) {
	# This stuff is probably not useful here anymore - see view-member.pl
	$inquireMsg = 'Or you can inquire about an existing member.';
        $inquireMsg2 = qq{
 <LI>
 To <B>inquire about</B> an existing member (perhaps yourself), enter
 the member\'s $UserIDorHandle below and then go to the bottom of the form and
 select Do It.  Everything else on the form will be ignored.<P>
};
    }


    if (!$authenticated && $joinSF && $joinSF < 3) {
	my $shouldOrMust = ($requirePasswords ? 'must' : 'should');
	my $passwordMsg;
	$passwordMsg = qq{You <em>$shouldOrMust</em> provide a new password
 since it protects you from unauthorized use of your $UserIDorHandle.}
	    if !$generatePasswords;
	my $nameMsg = qq{
You <em>should</em>
provide a Name since it is used to identify you in messages.  
} if $getPersonalData;
	
	if ($manualSecurity && ($UseCookies eq 'always')) {
	    $loginMsg = qq{
<LI>
If you are already a member, please <A HREF="$redirectURL">login</A> first.
<P>
};
	}

	$registerMsg = qq{
<LI>
To <B>register</B> as a new member, first make up a $UserIDorHandle and enter it 
immediately below.  Make it something that you can remember and easily type
- it may be a "nickname"$emailid.  
Then fill in the rest of the form.  
$nameMsg
$passwordMsg
};
	# some stuff used below
	$registerOrUpdate = "Register";
	$registerOrUpdate .= " or Update" if !$registering;
	$registerOrUpdate2 = "either register as a new member, or";
    }
    else {
	$registerOrUpdate = "Update Information";
    }

    if ($inquireMsg) {
	$submitControls = qq{
<INPUT TYPE="radio" NAME="Command" VALUE="Inquire" CHECKED>
Inquire about $UserIDorHandle
<INPUT TYPE="radio" NAME="Command" VALUE="Register">
Register
<INPUT TYPE="radio" NAME="Command" VALUE="Update">
Update

<INPUT TYPE="submit" NAME="Commandsubmit" VALUE="Do It"> <P>
};
	$registerMsg .= qq{
Finally, select Register and click on 'Do It'.
<P>
};
    }
    else {
	if (!$authenticated) {
	    $submitControls = qq{
		<INPUT TYPE="submit" NAME="Command" VALUE="$registerOrUpdate">
		};
	    $registerMsg .= qq{
Finally, click on the <I>$registerOrUpdate</I> button.
<P>
};
	}
	else {
	    $submitControls = qq{
		<INPUT TYPE="submit" NAME="Command" VALUE="Update">
		};
	    $registerMsg .= qq{
Finally, click on the Update button.
<P>
};
	}
    }


    if ($member{Status} eq 'invited') {
        $welcomeMsg = qq{
<FONT SIZE=+1><B>
Thank you for acting on our invitation to join us.  Please fill out
and submit this membership registration form to officially accept the 
invitation.
You can then participate in the forums.
</B>
</FONT>
<P>
<HR>
};
    }


    if ($hnReadSF == 1) {
	$secureMsg = qq{
As a member, only you
can use your $UserIDorHandle or Email Address;  the system will request your
password to prove it is you.   
};
    }

    if ($showPriv) {
	my $top_URL_msg = qq{, and it is located at 
<A HREF="$topURL">$topURL</A>} if 0;

#Each HyperNews site has its own set of members,
# so being a member here does not mean you are a member at other sites.

      $introMsg = qq{
With this form, you can $registerOrUpdate2 update your
current membership information.  
$inquireMsg  
$secureMsg

Membership applies to all forums at this site.
<P>

 Note that this site uses the <A
 HREF="http://www.hypernews.org/"><B>HyperNews</B></A> system (version
 $hnversion).  
 This site is called "<B>$hnSystemName</B>"$top_URL_msg.  
 The administrator is <a
 HREF="mailto:$adminEmail"><B>$adminEmail</B></A>.
 $privMsg 
 <P>
};

  }

    my $changeURL = ($authenticated ? $SECUREDchangeMemberURL : 
		     $changeMemberURL);

    print qq{
 <H2>$hnSystemName Membership</H2>

$siteIntro

$welcomeMsg

$introMsg

<FORM ACTION="$changeURL" METHOD="POST">

};

    my $subscribeOption;

    if ($hnEmail) {

	my $hideEmailOption;
	if (!$hideEmailAddresses) {
	    my $orMemberLists = qq{ or member lists} if $viewMembers;
	    $hideEmailChecked = 'CHECKED' if ($member{Hide} eq 'Email');
	    $hideEmailOption = qq{
<STRONG>Hide my Email Address</STRONG>: <BR>
<INPUT TYPE="checkbox" NAME="Hide" VALUE="Email" $hideEmailChecked> 
 Do not show my Email address in messages$orMemberLists. <BR>
<P>
};
	}

	my $andSubscription;
	my $alsoNotifications;

	if ($hnEmailNotify) {

	    $andSubscription = qq{and Subscription};
	    $alsoNotifications = qq{
  $hnSystemName will also send you new postings via email if you "subscribe"
  to forums.};

	    my %subOpt = ();
	    $subOpt{$member{Subscribe} || 
			($defaultSubscribeAll ? 'all' : 'some')} = 'CHECKED';

	    my $subscribeAllOpt;
	    if ($allMemberForums ne 'none') {
		$subscribeAllOpt = qq{
<INPUT TYPE="radio" NAME="Subscribe" VALUE="all" $subOpt{'all'}> 
 Also all forums that subscribe All-Members <BR>
};
	    }
	    elsif ($subOpt{all}) {
		# Switch to another default value since 'all' is not an option.
		$subOpt{some} = 'CHECKED';
	    }

	    $subscribeOption = qq{
<STRONG> Subscribe to</STRONG>: <BR>
<INPUT TYPE="radio" NAME="Subscribe" VALUE="some" $subOpt{'some'}> 
 Only what I specify in each forum.<BR>
$subscribeAllOpt
<INPUT TYPE="radio" NAME="Subscribe" VALUE="none" $subOpt{'none'}> 
 Nothing - Please <B>UNSUBSCRIBE</B> me from all forums at 
<A HREF="$topURL">$hnSystemName</A>). <BR>
<P>
};

	    $contentOption = 'Content:  <SELECT NAME="content">' .
		&buildOptions($content, 'Everything', 'Headers') .
		    "\n</SELECT> <BR>";

	    $formatOption = 'Format:  <SELECT NAME="format">' .
		&buildOptions($format, 'Plaintext', 'HTML') .
		    "\n</SELECT> <BR>";

# <STRONG> Options to specify what to mail to you (ignored for now): </STRONG>
# <BR>
#$contentOption
#$formatOption

	}

	my $emailPassword = qq{
When you submit this registration form, your password will be emailed
to you.} if ($generatePasswords && !$authenticated);

	$emailOptions = qq{
<HR>

<H3>Email $andSubscription Options</H3>

$emailPassword
$hnSystemName will send you email each time you update your
membership information. 
$alsoNotifications
A full internet Email address is required for this purpose.  <P>

<STRONG> Email Address: </STRONG> (example: jdoe\@my.home.net, case sensitive) <BR>
<INPUT NAME="Email" SIZE=60 MAXLENGTH=120 VALUE="$emailAddress"> 
<p>

$hideEmailOption
$subscribeOption
};
    }



    $emailid = " or email address" if $allowEmailUserID;

    if ($generatePasswords) { # && $hnEmail
	$newPasswordOption .= "
<HR>
<P>
<STRONG>New members will receive a random password
in an email message.</STRONG> <P>";
    }


    # Maybe:
    # Only show "register" stuff if not authenticated.
    # Only show "update" stuff if authenticated.


    if (!$authenticated) {
       $userIDpasswordNeeded = qq{
 But you will need to enter your $UserIDorHandle and current password
 at the end.  You should inquire about your membership first, however.
};
       # Or use SECUREDeditMemberURL?userid=$userid
   }


     $updateMsg = qq{
<LI>To <B>update</B> your membership information, you only need to enter
the fields that you are changing, and make sure the check boxes are
set properly. 
$userIDpasswordNeeded 
<P>
} if !$registering;

    my $registerOrUpdateMsg;
    if (!$authenticated) {
	$registerOrUpdateMsg .= $registerMsg;
    }
#    if ($authenticated || $isAdmin) {  # always show this
	$registerOrUpdateMsg .= $updateMsg;
#    }


    # Allow user to update password unless
    # generatePasswords and new user, or external security.
    # But we can't test for new user if manual security.
    if (!$externalSecurity && 
	(!$generatePasswords || $authenticated)) {
      my $specify_or_update = "specify or update";
      $specify_or_update = "specify" if $registering;
      $specify_or_update = "update" if $authenticated;

      $newPasswordOption = qq{

<HR>
To $specify_or_update your password, enter a new password here twice. 
<BR>
<STRONG>DO NOT USE YOUR INTERNET LOGIN PASSWORD.</STRONG><P>

<STRONG> New Password:</STRONG> <BR>
<INPUT NAME="Password1" TYPE="password" SIZE=8 MAXLENGTH=8> <P>
 
<STRONG> New Password again: </STRONG> <BR>
<INPUT NAME="Password2" TYPE="password" SIZE=8 MAXLENGTH=8> <P>
};
    }


    if (($UseCookies eq 'sometimes')) { # was: && $HNCookiePassword 
	# How long should a cookie be validated for.
	# Not fully implemented yet.
	$member{SessionLength} ||= 'none';
	my %selected;
	$selected{$member{SessionLength}} = 'CHECKED';
	my $default_session_length;
	if ($CookieLifespan == 0) {
	    $default_session_length = qq{Until I quit my browser.};
	} else {
	    $default_session_length = qq{For $CookieLifespan days.};
 	}

	$sessionOption = qq{
<STRONG>Remember me</STRONG>:  <BR>
 ($hnSystemName can use "cookies" to let your browser remember your login
using your $UserIDorHandle and Password for some period of time.  
You must also enable cookies in your browser.) <BR>

<INPUT TYPE="radio" NAME="SessionLength" VALUE="none" $selected{none}> 
Not at all. <BR>

<INPUT TYPE="radio" NAME="SessionLength" VALUE="default" $selected{default}> 
$default_session_length<BR>

<!--
<INPUT TYPE="radio" NAME="SessionLength" VALUE="forever" $selected{forever}> 
Forever. <BR>
-->
};
    }

    if ($getPersonalData) {

	# Get more member fields.
	my %memberFields = &parseURCFile("$hnPeople/.member-fields");
	my $moreFields = '';

	foreach $name (keys %memberFields) {
	    my ($maxlength, $xsize, $ysize, $description) = 
		split ('\|', $memberFields{$name});
	    if ($ysize < 2) {
		$moreFields .= qq{
<STRONG> $name</STRONG> ($description): <BR>
<INPUT NAME="$name"
  MAXLENGTH=$maxlength SIZE=$xsize VALUE="$member{$name}"> <P>
};
}
	    else {
		$moreFields .= qq{
<STRONG> $name</STRONG> ($description): <BR>
<TEXTAREA NAME="$name" COLS=$xsize ROWS=$ysize WRAP="HARD">
$member{$name}</TEXTAREA>
<P>
};
	    }
	}


	$personalURLOption = qq{
<STRONG> Personal Home Page URL </STRONG> (example: http://my.home.net/): <BR>
<INPUT NAME="UserURL" SIZE=70 MAXLENGTH=120 VALUE="$member{UserURL}">
<P>
};

	$personalOptions = qq{
<HR>

<H3>Personal Data</H3>

Please tell us about yourself.  <!-- This information will only be
available to other participants in this discussion.  --> Your
<em>Name</em> is used to identify you in your messages; otherwise your
Email address or $UserIDorHandle is used.  You can leave any of these fields
blank, if you would prefer.  <P>

<STRONG> Name </STRONG> (example: John Doe): <BR>
<INPUT NAME="Name" SIZE=40 MAXLENGTH=60 VALUE="$member{Name}"> 
<P>

$moreFields

$personalURLOption
};
    }

    print qq{
<HR>
<P>

<UL>
$loginMsg
$registerOrUpdateMsg
$inquireMsg2
</UL>

$whoami
$whoisthat

<STRONG> $UserIDorHandle</STRONG> (nickname$emailid, no spaces, case sensitive): <BR>
<INPUT NAME="UserID" SIZE=35 MAXLENGTH=65 VALUE="$userid"> <P>

$emailOptions
$personalOptions
$newPasswordOption
$sessionOption

$passwordOption
$resetOption

<HR>

<H2>Finally...</H2>

<font size=+1>
$submitControls
</font>

<font size=-1>
<INPUT TYPE="reset" VALUE="Reset this Form to Initial Values"> <P>
</font>

$adminline
</FORM>

$priv

$sitePolicy
};

    print qq{
<HR> 
<H3>[ <A HREF="$instructionsURL#Membership">Help for $hnSystemName</A> ]</H3>
} if $instructionsURL;

 &printEnd();
}