// $Id: requestor.js,v 1.12 2006/06/12 05:25:42 dbritton Exp $

// global, once set, same for all calls
var uname = '';
var localResponder = "/modules/passport/responder.php";  // may be wrong.  gets set elsewhere near html for link

// allow for several different passport links on one page.
// each entry in the array corresponds to one click on a passport link.
var reqid = 0;
var reqs = [];

// optional sPass argument, to provide for user entering the password
function seedReq(sLogin,sUname,sUrl,sPass,bRememberme)
{
    var pars = 'op=seed&reqid='+ ++reqid;

    reqs[reqid] = { "login": sLogin, "url": sUrl, "uname": sUname, "pass": sPass,
                    "rememberme": (bRememberme == undefined || !bRememberme)? 'false' : 'true'};
    reqs[reqid].callerUrl = location.href;

    var myAjax = new Ajax.Request( sLogin,
                                   { method: 'get',
                                     parameters: pars,
                                     onComplete: seedRsp,
                                     onException: function() {
                                         // browser isn't allowing cross-domain scripting,
                                         // but the user can login, if necessary
                                         window.location.href = sUrl;
                                     }
                                    });
}

function seedRsp(oResponse)
{
    var xml   = oResponse.responseXML;
    var seeds = xml.getElementsByTagName("seed");
   
    var id       = seeds[0].getAttribute('id');
    var seed     = seeds[0].getAttribute('seed');
    var reqid    = seeds[0].getAttribute('reqid');
    
    reqs[reqid].id = id;     // remember for later

    if (reqs[reqid].pass != undefined) {
        var pass = encode(hex_md5(reqs[reqid].pass),seed);
        loginReq(reqid, id, pass);
    }
    else {
        passReq(reqid, seed);    // get pass w/o exposing it
    }
}

function encode(x,seed)
{
    return hex_md5(x+seed);
}

function passReq(reqid, seed)
{
    var pars = 'op=pass&reqid='+reqid+'&seed='+seed;
    var myAjax = new Ajax.Request( localResponder,
                                   { method: 'post',
                                     parameters: pars,
                                     onComplete: passRsp });
}

function passRsp(originalRequest)
{
    // ** important: response needs to include header "Content-Type: text/xml" **
    // ** important: response needs to include header "Content-Length: ..." **
    var xml  = originalRequest.responseXML;
    var passes  = xml.getElementsByTagName("pass");
    var pass   = passes[0].getAttribute('pass');
    var reqid  = passes[0].getAttribute('reqid');
    var id = reqs[reqid].id;
    
    loginReq(reqid, id, pass);
}

function loginReq(reqid, id, pass)
{
    var pars = 'uname=' + reqs[reqid].uname + '&pass=' + pass + '&id=' + id + '&reqid=' + reqid+'&op=login'
               + '&rememberme=' + reqs[reqid].rememberme;
    var myAjax = new Ajax.Request( reqs[reqid].login, { method: 'post', parameters: pars, onComplete: loginRsp });
}

function loginRsp(originalRequest)
{
    // ** important: response needs to include header "Content-Type: text/xml" **
    var xml  = originalRequest.responseXML;
    var logins = xml.getElementsByTagName("login");
    var reqid = logins[0].getAttribute('reqid');

//    if (confirm((document.all? logins[0].text : logins[0].textContent) + " -- continue?"))
    var text = document.all? logins[0].text : logins[0].textContent;
    if (text == "newly logged in" || text == "already logged in") {
        location.href = reqs[reqid].url;
    } else {
        alert(text);
        location.href = reqs[reqid].callerUrl;
    }
}