#-------------------------------------------------------------------------------
# FUNCTION:  ProcessLogonRequest($query)
# DESCRIPTION: Client requests log in: create session and send encryption data
#-------------------------------------------------------------------------------
sub ProcessLoginRequest
{
  my ($query) = @_;
  my $status = 0;
#  $sessionname = 'CGISESSID';
#  my %cookies = CGI::Cookie->fetch;
#  my $sid = $cookies{$sessionname}->value; 
  my $sid = GetUserSessionCookie();
  warn("ProcessLoginRequest Query: '$query'");
  warn("ProcessLoginRequest SID from cookie: '$sid'");

  #Check if it got valid return from fetch cookie
  if ($sid ne 0){
    $status = 1;
  }
  #Or, check if valid return from cgi query
  elsif($query){
#    if (exists $query{$sessionname}){
     $sid = $query->param($sessionname);
   if ($sid){     
     warn("ProcessLogin Request SID from Query: '$sid'");
     $status = 1;
     }
   else{
     $sid = undef;
     $status = 2;
     }
  }
  else {
    #Set up for creating a new session
    $sid = undef;
    $status = 2;
  }
#  $sid = '7032f2c7f5a2c721a483dc75fc29595e';
  $session = new CGI::Session("driver:MySQL", $sid, {Handle=>$dbh});
  warn("session = '$session'");
  OpenSession($dbh,$sid);
  $session->param("#<expires>#",0);
  $session->param("isloggedin",0);
  $session->flush();
  $sid = $session->id();
  warn("ProcessLogin Request SID from from session create: '$sid'");
  my $sessiondata1 = $sid; #id created by CGI::Session;
  if ($status == 1) {
    warn("Process Login returning after confirmed already logged in: status: '$status' sessionname:  '$sessionname' SID:  '$sid'");
	
    my $username1 = $session->param("user_id");
	warn("username1 : '$username1'");
	#my ($digits) = $text =~ /(\d+)/;
	#my ($user_id) = $username1 =~ /(\d+)/;
	
	#my $text = $username1;
    #$text =~ m/(\d+)/;
    #my $num = $1;
	#warn("num: '$num'");
	
	
	
	#$username1 =~ m/(\d+)/;
	$LoggedOn_user_id = $username1;  
	warn("Already logged on LoggedOn_user_id : '$LoggedOn_user_id'");	
	#$LoggedOn_user_id = 428;
    $adminaccess = ($username1 eq "admin");
	warn("username1: '$username1'");
	warn("adminaccess: '$adminaccess'");
    $session->param("isloggedin",1);
	
	
    $session->param('timein', time());
    $session->flush();
    return (1, "Your previous session is still valid. You are now logged in.", $sid, 0);
  }

  warn("Process Login after verify not logged in and new session: status: '$status' sessionname:  '$sessionname' SID:  '$sid'");

  #Random hash for encoding password
  my $seed_number = CreateRandomSequence(10, 1);
  my $seed_string = CreateRandomSequence(10, 0);
  my $sessiondata2 = md5_hex($ipaddress . $seed_number . $seed_string);
  $session->param('sessiondata2',$sessiondata2);
  $session->expires('+7d');
#  Expires($session, Now() + 600);
  $session->flush();

  my $localtimenow = localtime(Now());
  warn("Process Login Request localtime(rightnow) = '$localtimenow'");

  return (2, $sessionname, $sessiondata1, $sessiondata2);
}

##</code><code>##

sub LoginUser
{
    my ($query) = @_;
    my ($day, $month, $year) = (localtime())[3,4,5];
    my $localtimenow = localtime(Now());
    $month = $month + 1;
    $year = $year + 1900;
    warn("Day: '$day' Month: '$month' Year: '$year'");
    my $currentdate = sprintf("%04d-%02d-%02d",$year,$month,$day);
#    warn("LoginUser-JustBefore Open Session  Current Time: '$localtimenow'");
    my $sid = $query->param('CGISESSID');
    if (!$sid){
        warn("Invalid SID at LoginUser ");
	    return 0;
	}
    warn("LoginUser-JustBefore Open Session  Current Time: '$localtimenow'");

    OpenSession($dbh,$sid);
    warn("LoginUser session: '$session' sid: '$sid'");
    my ($result, $login_timeout) = checkTimeinAttempts();
    warn("Returned result LoginUsercheckTimeinAttempts $result");
    if (($result == 0) || ($result == 4) || ($result == 5)) {
      if ($result == 5) {
        warn("Returned result 5: $result");
#        $session->delete();
#        $session->flush();
        return ($result, $login_timeout);
       }
      else{
        warn("Returned result other than 5: '$result'");
#        $session->delete();
#        $session->flush();
	    return $result;
	  }
	}
    my $username = $query->param("username");
    my $sessiondata2 = $query->param("sessiondata2");
    my $passhash = $query->param("passhash");
    $adminaccess = ($username eq "admin");
	
    warn("For AdminControl: $username");
    warn("For AdminControl: $adminaccess");
    my $SQL = qq|select user_id, password, forename, lastname, expire from $sql_user_table where username = '$username'|;


    warn("Ready to execute SQL: $SQL");
    warn("LoginUser-JustBefore Execute Query  Current Time: '$localtimenow'");
    my $sth = ExecuteQuery($SQL);
    my ($uid,$password,$forename,$lastname,$expiredate) = $sth->fetchrow_array();
    $sth->finish;
    warn ("LOGIN ATTEMPT USER INFORMATION Uid: $uid username: $username  password: $password ipaddress: $ipaddress");

	# if we get an invalid username disconnect,disconnect and return without access
	if (!$uid) {
         warn("Invalid Password manageusers Retrun 0");
#         $session->delete();
#         $session->flush();
		 return 0;
	}

	# if the users expire date is less then the current date, disconnect and
	# return without access
	#strip characters so numeric comparison caan be made
	$expiredate =~ s/-//g;
	$currentdate =~ s/-//g;
        warn(" Expire Date: '$expiredate'  Current Date: '$currentdate'  ");
	if($expiredate < $currentdate){
#       $session->delete();
#       $session->flush();
	   return 2;
	}
	else {
	  $sid = $session->id();
	  my $sessiondata2s = $session->param('sessiondata2');
#	  warn("sessiondata2 from session: '$sessiondata2s'");
      my $sessiondata2md5p = md5_hex($password . $sessiondata2s);
      my $passhash1 = md5_hex($password . $username);
       if (($passhash ne $passhash1) ||
           ($sessiondata2 ne $sessiondata2md5p)) {
		 warn ("SID: '$sid' username: '$username' password: '$password'");
         warn("Hash evaluation failed - $passhash = $passhash1 : $sessiondata2 = $sessiondata2md5p");
#         $session->delete();
#         $session->flush();
		 return 0;
       }
       warn("Hash evaluation succeded - $passhash = $passhash1 : $sessiondata2 = $sessiondata2md5p");
       my $timein = time();
       $session->param('user_id',$uid);
       $session->param('username',$username);
       $session->param('forename', $forename);
       $session->param('lastname', $lastname);
       $session->param('timein', $timein);
       $session->param('timeout', 0);
       $session->param('attempts',0);
       $session->param('isloggedin',1);
       $session->expires('+7d');
 	   $LoggedOn_user_id = $uid;  #$session->param("user_id");
	   
	   #$LoggedOn_user_id =  $username =~ /(\d+)/;
       warn("New User Login LoggedOn_user_id : '$LoggedOn_user_id'");		   
       #$LoggedOn_user_id = 428;
	   #Expires($session, Now() + (86400*7));
       AccessInOutLog($session); #Added 02/18/05
       my $isloggedin = $session->param('isloggedin');
       warn("Login User : SID '$sid'  Session Logged In  '$isloggedin'");
       $session->flush();

       #Set session cookie on client
       SetUserSessionCookie('CGISESSID', $sid);

       my $gmtimenow = gmtime(Now());
       my $localtimenow = localtime(Now());
       return 3;
	}
}