package Mapps::Auth;
use Digest::SHA1;
use DBI;
use warnings;
use strict;

sub new {
    my $self = {}; 
    bless $self;
    return $self;  
}

sub auth {
    my ($uname, $passwd, $dbsecret, $salt); 
    $uname = shift;
    $passwd = shift;

    my $dbh = DBI->connect('dbi:mysql:mapps', 'mapps', 'somepasswd');
    # get secret from db
    my $statement="SELECT
    auname,
    passwd,
    salt
    FROM
    admin_users,
    secrets
    WHERE
    users.auid=secrets.auid
    AND
    auname='$uname';";

    my $sth = $dbh->prepare($statement) or die "Couldn't prepare statement: $dbh->errstr";
    $sth->execute or die "Couldn't execute statement: $dbh->errstr";

    while (my $ref = $sth->fetchrow_hashref){
        $dbsecret = $ref->{'passwd'};
        $salt = $ref->{'salt'};
    }

    # encrypts password using
    # SHA-1 algorithm
    my $sha1 = Digest::SHA1->new;

    # reset algorithm
    $sha1->hexdigest;

    # encrypt
    my $secret = Digest::SHA1::sha1_hex($passwd . $salt);    

    # does generated secret match database secret?
    if ($secret eq $dbsecret){
        my $auth = 1;
        return $auth;

    # no match
    }else{
        my $auth = 0;
        return $auth;
    }
}
1;

##</code><code>##

use Mapps::Auth;

$auth = new Mapps::Auth->auth($uname, $passwd);

if ($auth == 1){
    my $s = Mapps::Session->new();
    my $id = Apache::Session::Generate::MD5::generate();
    $s->new_session($id);
    my $sid = $s->sid();

    # show session from Jeremy's test script
    printf("SID %s\n", $s->sid());
    printf("UID %s\n", $s->uid());

    $s->param('foo','123 456');
    $s->param(bar =>' baz');
    $s->update_session($s->sid());

    undef($s);

    my $x = Mapps::Session->new();
    $x->load_session($sid);

    my @keys = $x->param();

    foreach my $key (@keys) {
        printf("%s => %s\n", $key, $x->param($key));
    }
# else no auth
}else{
    print h2('No authentication');
}