<?page
title=><?_ml .title _ml?>
body<=
<?_code
{
    use LJ::SecretQuestions;
    use strict;
    
    use vars qw(%POST $headextra);
    $headextra = LJ::need_res('stc/restore.css');

    my $body = '';

    return 'This page has been disabled.' if $LJ::DISABLED{'secret_question'};

    if ($LJ::SERVER_DOWN) {
        return LJ::server_down_html();
    }

    if ($LJ::USE_SSL && ! $LJ::IS_SSL && $FORM{'ssl'} ne "no") {
        return BML::redirect("$LJ::SSLROOT/set_secret.bml");
    }

    my $custom_id = -1; # constant for custom question in dropdown menu

    my $remote = LJ::get_remote();

    return "<?needlogin?>"
        unless $remote;


    return "<?p $ML{'.error.identity'} p?>" if $remote->is_identity;

    # Warn them if logged in and not validated
    if ($remote->{'status'} ne 'A') {
        return "<?p " . BML::ml('.error.notvalidated', { 'aopts' => "href='$LJ::SITEROOT/register.bml'" } ) . " p?>";
    }

    # load user props
    LJ::load_user_props(
        $remote, { use_master => 1 }, # we will change them on this page
        qw/secret_question_text/
    ); # may not retrieve answer

    my $system_question = LJ::SecretQuestions->get_system_questions();

    foreach my $id (keys %$system_question) {
        $system_question->{$id} = $ML{ $system_question->{$id}->{'ml_key'} };
    }

    my $password_err;
    my $qid_err;
    my $qtext_err;
    my $answer_err;

    my $qid;
    my $qtext;
    my $answer;

    # send letter to old email address
    my $_send_security_notification = sub {
        my $u       = shift;
        my $ml_key  = shift;

        my $is_identity_no_email = $u->is_identity && !$u->email_raw;
        my $email = $is_identity_no_email ? "none" : $u->email_raw;

        # Convert $timechange from GMT to local for user
        my $timechange_stamp = scalar time;
        my $offset = 0;
        LJ::get_timezone($u, \$offset);
        my $timechange = LJ::mysql_time($timechange_stamp + 60*60*$offset, 0);
        my ($date, $time) = split(/ /, $timechange);

        LJ::send_mail({
            'to'      => $email,
            'from'    => $LJ::ADMIN_EMAIL,
            'charset' => 'utf-8',
            'subject' => $ML{$ml_key . '.subject'},
            'body'    => BML::ml($ml_key . '.body',
                              { username            => $u->{user},
                                ip                  => BML::get_remote_ip(),
                                email               => $email,
                                date                => $date,
                                time                => $time,
                                sitename            => $LJ::SITENAME,
                                sitelink            => $LJ::SITEROOT
                              }),
        });
    };

    if (LJ::did_post() and $POST{'submit'}) {
        
        return $body if $remote->{'status'} ne 'A'; # already made warning string

        $password_err = "<?warningbar $ML{'.autherror'} warningbar?>"
            if $remote->password ne $POST{'password'};

        $qid = LJ::trim($POST{'question'});
        $qtext = LJ::trim($POST{'custom'});
        $answer = LJ::trim($POST{'set_answer'});

        $qid_err = "<?warningbar $ML{'.incorrect_qid'} warningbar?>"
            unless $qid eq $custom_id or defined $system_question->{$qid};

        $qid_err = "<?warningbar $ML{'.may_not_remove'} warningbar?>"
            if $qid eq '';

        $qtext_err = "<?warningbar $ML{'.too_long_question'} warningbar?>"
            if $qid eq $custom_id and length($qtext) > 250;

        $qtext_err = "<?warningbar $ML{'.empty_question'} warningbar?>"
            if $qid eq $custom_id and $qtext eq '';

        $answer_err = "<?warningbar $ML{'.too_long_answer'} warningbar?>"
            if length($answer) > 250;

        $answer_err = "<?warningbar $ML{'.empty_answer'} warningbar?>"
            if $answer eq '';

        unless ($password_err or $qid_err or $qtext_err or $answer_err) {
                # write effective value, since 0 isn't stored

            $qtext = $system_question->{$qid} if $qid ne $custom_id;

            $remote->set_prop('secret_question_text', $qtext);
            $remote->set_prop('secret_answer', $answer);
            $remote->set_prop('secret_question_created', time());
            $remote->set_prop('secret_question_timer', '');
            $remote->set_prop('secret_question_fails', ''); # 0
            
            $_send_security_notification->($remote, '.set_secret');

            return "<p><a href='$LJ::SITEROOT'>$ML{'.start'}</a><br><a href='$LJ::SITEROOT/manage/'>$ML{'.manage'}</a></p><p>$ML{'.ok'}</p>";
        }
    }

    if (LJ::did_post() and $POST{'delete'}) {
        
        return $body if $remote->{'status'} ne 'A'; # already made warning string

        $password_err = "<?warningbar $ML{'.autherror'} warningbar?>"
            if $remote->password ne $POST{'password'};

        unless ($password_err) {
            $remote->clear_prop('secret_question_text');
            $remote->clear_prop('secret_answer');
            $remote->clear_prop('secret_question_created');
            $remote->clear_prop('secret_question_timer');
            $remote->clear_prop('secret_question_fails');

            $_send_security_notification->($remote, '.delete_secret');

            return "<p><a href='$LJ::SITEROOT'>$ML{'.start'}</a><br><a href='$LJ::SITEROOT/manage/'>$ML{'.manage'}</a></p><p>$ML{'.ok_delete'}</p>";
        }
    }

    $body .= '<div style=\'overflow:hidden;zoom:1;\'><div style=\'width:57%;float:left;\'>';
    $body .= "<p>" . BML::ml('.describe', { 'aopts' => "href='$LJ::SITEROOT/support/faqbrowse.bml?faqid=287'", 'faqid' => 287} ) ."</p>";
    $body .= '</div><div style=\'width:40%;float:right;\'><div class=\'form-basic\'><div class=\'tl\'><div class=\'tr\'><div class=\'br\'><div class=\'bl\'>';

    $body .= '<form method="post">';

    $body .= '<p><label for="password">' . $ML{'.password'} . '</label>';
    $body .= "<span class='helper'>$ML{'.password.descr'}</span>";
    $body .= LJ::html_text( {
                 name => 'password',
                 type => 'password',
                 id => 'password',
                 size => 30,
                 maxlength => 30,
                 value => '', 
                 class => 'txt', }
             );
    $body .= '</p>';
    $body .= "$password_err" if $password_err;

    $body .= qq( <script>
                    function update_question () {
                        if (\$("question").value != $custom_id) {
                            \$("custom").style.display = "none";
                        } else {
                            \$("custom").style.display = "";
                        }
                    };

                 </script>
               );

    my @values;

    foreach my $id (sort { $a <=> $b } keys %$system_question) {
        push @values, { text => $system_question->{$id}, value => $id };
    }

    if (not defined $qid and defined $remote->{'secret_question_text'}) {
        foreach my $id (keys %$system_question) {
            next unless $system_question->{$id} eq $remote->{'secret_question_text'};
            $qid = $id;
            last;
        }

        $qid = $custom_id unless defined $qid; # if condition above - to defined question text
    }

    $body .= '<p style="margin-top: 10px;"><label for="question">' . $ML{'.question'} . '</label>';
    $body .= LJ::html_select({ name => 'question',
                               id => 'question',
                               selected => $qid,
                               onchange => 'update_question();' },
                             { text => $ML{'.choose'},
                               value => '',},
                             { text => $ML{'.custom_select'},
                               value => $custom_id,}, 
                             @values
                            );
    $body .= '</p>';
    $body .= "$qid_err" if $qid_err;

    my $display = '';
    $display = ' style="display: none;"' unless $qid eq $custom_id;
    $body .= '<p id="custom"' . $display . '><label for="custom1">' . $ML{'.custom_field'} . '</label>';
    $body .= LJ::html_textarea( {
                 name => 'custom',
                 id => 'custom1',
                 size => 200,
                 value => $qtext || $remote->{'secret_question_text'}, }
             );
    $body .= '</p>';
    $body .= "$qtext_err" if $qtext_err;

    $body .= '<p style="margin-top: 10px"><label for="set_answer">' . $ML{'.answer'} . '</label>';
    $body .= LJ::html_text( {
                 name => 'set_answer',
                 id => 'set_answer',
                 size => 200,
                 value => $answer, 
                 class => 'txt', }
             );
    $body .= '</p>';
    $body .= "$answer_err" if $answer_err;
        
    $body .= "<p class=\"error\" style=\"margin-top: 10px;\">$ML{'.have'}</p>" if defined $remote->{'secret_question_text'} and $remote->{'secret_question_text'} ne '';

    $body .= LJ::html_submit( 'submit', $ML{'.submit'}, { class => "create-button" }) . '&nbsp;';
    $body .= LJ::html_submit( 'delete', $ML{'.delete'}, { class => "create-button" });

    $body .= '</div></div></div></div></div></form></div></div>';    
    

    return $body;
}
_code?>
<=body
page?>