/*
 * changepassword
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2016 Rubicon Communications, LLC (Netgate)
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgment:
 *    "This product includes software developed by the pfSense Project
 *    for use in the pfSense® software distribution. (http://www.pfsense.org/).
 *
 * 4. The names "pfSense" and "pfSense Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    coreteam@pfsense.org.
 *
 * 5. Products derived from this software may not be called "pfSense"
 *    nor may "pfSense" appear in their names without prior written
 *    permission of the Electric Sheep Fencing, LLC.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *
 * "This product includes software developed by the pfSense Project
 * for use in the pfSense software distribution (http://www.pfsense.org/).
 *
 * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */

require_once("config.inc");
require("auth.inc");
require_once("functions.inc");

global $g, $config, $argv, $userindex;
$userindex = index_users();

$args = array_slice($argv, 3);

$password = "";
$confpassword = "";
$username = "";

$fp = fopen('php://stdin', 'r');

// If the first parameter is empty, ask for username
if (empty($args[0])) {
	echo gettext("Enter username: ");
	$username = fgets($fp);
} else {
	$username = $args[0];
}
$username = trim($username);

// If the user does not exist, bail
$user =& getUserEntry($username);
if ($user == NULL) {
	printf(gettext("User '%s' does not exist.\n"), $username);
	exit(-1);
} else {
	printf(gettext("Changing password for '%s'.\n"), $username);
}

// If the user does exist, prompt for password
while (empty($password)) {
	echo gettext("New Password") . ": ";
	exec('/bin/stty -echo');
	$password = trim(fgets($fp));
	exec('/bin/stty echo');
	echo "\n";
}

// Confirm password
while (empty($confpassword)) {
	echo gettext("Confirm New Password") . ": ";
	exec('/bin/stty -echo');
	$confpassword = trim(fgets($fp));
	exec('/bin/stty echo');
	echo "\n";
}

// Check if user is disabled
if (is_account_disabled($username)) {
	echo gettext("Account is disabled, would you like to re-enable? [y|n]") . ": ";
	if (strcasecmp(chop(fgets($fp)), "y") == 0) {
		unset($user['disabled']);
	}
}
// Check if user is expired
if (is_account_expired($username)) {
	echo gettext("Account is expired, would you like to clear the expiration date? [y|n]") . ": ";
	if (strcasecmp(chop(fgets($fp)), "y") == 0) {
		unset($user['expires']);
	}
}

fclose($fp);

// Compare password and confirm
if ($password == $confpassword) {
	//Reset password
	local_user_set_password($user, $password);
	local_user_set($user);
	write_config(sprintf(gettext("password changed for user '%s' from console."), $username));
	exit(0);
} else {
	echo gettext("New and Confirm passwords did not match.") . "\n";
	exit(-1);
}