// js handling the login procedures

// constants
var NORMAL_STATE = 4;

// variables
var http = getHTTPObject(); // We create the HTTP Object
var hasSeed = false;
var loggedIn = false;
var seed_id = 0;
var seed = 0;
var fullname = '';
var messages = '';
// method that sets up a cross-browser XMLHttpRequest object


function validate(){
	
	if(document.auth.username.value == '' || document.auth.password.value == ''){
		document.getElementById('error').innerHTML = "<strong>Please make sure username and password are not empty!</strong>";
		
	}else{
		document.getElementById('error').innerHTML = "";
		getSeed();
	}
	
}

// getSeed method:  gets a seed from the server for this transaction
function getSeed() 
{		
		
		// only get a seed if we're not logged in and we don't already have one
	
			// open up the path
			http.open('GET', 'includes/login.php?m='+ new Date().getTime() + '&' + 'task=getseed', true);
			http.onreadystatechange = handleHttpGetSeed;
			http.send(null);

}

// handleHttpGetSeed method: called when the seed is returned from the server
function handleHttpGetSeed()
{
	
	// if there hasn't been any errors
	if (http.readyState == NORMAL_STATE) {
		// split by the divider |
		results = http.responseText.split('|');
	
		// id is the first element
		seed_id = results[0];
		
		// seed is the second element
		seed = results[1];
		
		// now we have the seed
		hasSeed = true;
		
		validateLogin(seed_id,seed);
	}
	else{
		document.getElementById('error').innerHTML = "loading...";
	}
}

// validateLogin method: validates a login request
function validateLogin(seed_id,seed)
{
	
	// ignore request if we are already logged in
	if (loggedIn)
		return;

	// get form form elements 'username' and 'password'
	username = document.getElementById('username').value;
	password = document.getElementById('password').value;

	// ignore if either is empty
	if (username != '' && password  != '') {
		// compute the hash of the hash of the password and the seed
		hash = hex_md5(hex_md5(password) + seed);

		// open the http connection
		http.open('GET','includes/login.php?m='+ new Date().getTime() + '&' + 'task=checklogin&username='+username+'&id='+seed_id+'&hash='+hash+'&seed='+seed, true);

		// where to go
		http.onreadystatechange = handleHttpValidateLogin;
		http.send(null);
	}
}

// handleHttpValidateLogin method: called when the validation results are returned from the server
function handleHttpValidateLogin()
{
	
	// did the connection work?
	if (http.readyState == NORMAL_STATE) {
		
		// split by the pipe
		results = http.responseText.split('|');
		
		if (results[0] == 'true')
		{
			hasSeed = false;
			loggedIn = true;
			fullname = results[1];
			messages = '';
			window.location ='index.php';
		}
		else
		{
			document.getElementById('error').innerHTML = results[1];
		}

	}else{
		document.getElementById('error').innerHTML = "loading...";
	}
}

// resetLogin method: if logged in, 'logs out' and allows a different user/pass to be entered
function resetLogin()
{
	loggedIn = false;
	hasSeed = false;
}