no warnings qw(redefine);
use strict;
use constant DEBUG => 0; # Change to 1 to log debugging info. PASSWORDS WILL BE LOGGED IN CLEARTEXT! YHBW.

sub ResetPassword {
    my $self = shift;

    unless ( $self->CurrentUserCanModify('Password') ) {
        return ( 0, $self->loc("Permission Denied") );
    }

    my ( $setstatus, $pass ) = $self->SetRandomPassword();

    $RT::Logger->debug("OLC: in ResetPassword: got $setstatus, $pass\n");

    unless ($setstatus) {
	return ( 0, $pass ); 
    }

    my $template = RT::Template->new( $self->CurrentUser );

    if ( $self->Privileged ) {
	$template->LoadGlobalTemplate('RT_PasswordChange_Privileged');
    }
    else {
	$template->LoadGlobalTemplate('RT_PasswordChange_NonPrivileged');
    }

    unless ( $template->Id ) {
	$template->LoadGlobalTemplate('RT_PasswordChange');
    }

    $RT::Logger->debug("OLC: in ResetPassword: template->id is \'" . $template->Id . "\'\n");
    $RT::Logger->debug("OLC: in ResetPassword: template->Name is \'" . $template->Name . "\'\n");

    unless ( $template->Id ) {
	$RT::Logger->crit( "$self tried to send "
			   . $self->Name
			   . " a password reminder "
			   . "but couldn't find a password change template" );
    }



    my ($result, $message) = $template->Parse(
					      CurrentUser => $RT::SystemUser,
					      TemplateObj => $template,
					      Argument    => $pass
					      );

    if ( !$result) {
	$RT::Logger->warning("User tried to reset password but template obj failed to load for " . $self->CurrentUser->Name);
	$RT::Logger->debug("OLC: template->parse returned \'$message\'\n");
	return ( 0, $self->loc("Sorry, something failed and I could not change your password"));
    }

    my $MIMEObj = $template->MIMEObj;

    $MIMEObj->head->set('To', $self->EmailAddress);
    $MIMEObj->head->set('From', $RT::CorrespondAddress);

    #$->SetHeader( 'To', $self->EmailAddress );

    my $ret;
    if ( $RT::MailCommand eq 'sendmailpipe' ) {
	eval {
	    open( MAIL, "|$RT::SendmailPath $RT::SendmailArguments" ) || die $!;
	    print MAIL $MIMEObj->as_string;
	    close(MAIL);
	};
	if ($@) {
	    $RT::Logger->crit("Could not send password reset. -" . $@ );
	} else {
	    $ret = 1;
	}
    }
    else {
	my @mailer_args = ($RT::MailCommand);

	local $ENV{MAILADDRESS};

	if ( $RT::MailCommand eq 'sendmail' ) {
	    push @mailer_args, split(/\s+/, $RT::SendmailArguments);
	}
	elsif ( $RT::MailCommand eq 'smtp' ) {
	    $ENV{MAILADDRESS} = $RT::SMTPFrom || $MIMEObj->head->get('From');
	    push @mailer_args, ( Server => $RT::SMTPServer );
	    push @mailer_args, ( Debug  => $RT::SMTPDebug );
	}
	else {
	    push @mailer_args, $RT::MailParams;
	}

	unless ( $MIMEObj->send(@mailer_args) ) {
	    $RT::Logger->crit("Could not send password reset." );
	    return (0);
	}

	$ret = 1;
    }

    if ($ret) {
	return ( 1, $self->loc('New password notification sent') );
    }
    else {
	return ( 0, $self->loc('Notification could not be sent') );
    }
    return ( 0, "$pass" );
}



# {{{ sub IsPassword

# modification by Ole Craig <olc@stillsecure.com> 
# based very loosely on methods found in
# http://www.justatheory.com/computers/programming/perl/rt/User_Local.pm.ldap

sub IsPassword {
    my $self = shift;
    my $value = shift;

    # RT does not allow null passwords 
#    return unless defined $value && $value ne '';

    if ( $self->PrincipalObj->Disabled ) {
        $RT::Logger->info("Disabled user " . $self->Name . " tried to log in" );
        return;
    }

    my $password = $self->__Value('Password');

#    return unless defined $password && $password ne '';
    #  if it's a historical password we say ok.

    my $emailadd = $self->EmailAddress or return;
    $RT::Logger->debug("OLC: in IsPassword: got \'$emailadd\' for principal address\n");
    $RT::Logger->debug("OLC: in IsPassword: stored DB value is \'$password\'\n");

    if ( ( ! defined $password ) || ( $password eq '' ) || $password eq '*NO-PASSWORD*') {
	my $statmsg;
	$RT::Logger->info("Blankpass user " . $self->Name . " tried to log in" );
	my ( $stat, $retmsg )= $self->ResetPassword;
	if ( $stat ) {
	    $statmsg = "Mailed temporary password to " . $self->EmailAddress;
	    $RT::Logger->debug("OLC: in IsPassword: setting password for " . $self->Name . " succeeded: \'$retmsg\'\n");
	} else {
	    $statmsg = "An error occurred while trying to email a new temporary password to " . $self->EmailAddress;
	    $RT::Logger->debug("OLC: in IsPassword: error setting random password for " . $self->Name . ": \'$retmsg\'\n");
	}
	$RT::Logger->info("$statmsg\n");
	return; 
    } else {

	return 1 if $self->_GeneratePassword($value) eq $password;
    }

    return;

}

# }}}

1;