#!/usr/bin/perl

use strict;
use warnings;

use OpenDict::Users;
use CGI::Session;
use CGI qw/:standard/;

my $root = $ENV{DOCUMENT_ROOT};

my $session = new CGI::Session("driver:DB_File;serializer:storable",
                               undef, undef, { name => 'DICABERTO'} );

if ($session->param("username")) {
    my $username = $session->param("username");
    my $oldpassword = param("oldpass");
    my $newpassword = param("newpass");

    if (OpenDict::Users::validate(db => "$root/TMP/users.db",
                                  username => $username,
                                  password => $oldpassword)) {
        if (OpenDict::Users::passwd(db => "$root/TMP/users.db",
                                    username => $username,
                                    password => $newpassword)) {
            print header(-type=>'application/json');
            print '{"ok":"senha alterada."}';
        } else {
            print header(-type=>'application/json');
            print '{"error":"problema ao alterar a base de dados."}';
        }
    } else {
        print header(-type=>'application/json');
        print '{"error":"senha actual inválida."}';
    }
} else {
    print header(-type=>'application/json');
    print '{"error":"utilizador não registado."}';
}