<?php

/**
 * @file
 * File module installation and upgrade code.
 */

/**
 * Implements hook_schema().
 */
function password_policy_schema() {
  return array(
    'password_policy' => array(
      'description' => t("Stores password policies."),
      'fields' => array(
        'pid' => array(
          'description' => t("Primary Key: Unique password policy ID."),
          'type' => 'serial',
          'not null' => TRUE,
        ),
        'name' => array(
          'description' => t("The name of the policy."),
          'type' => 'varchar',
          'length' => 64,
          'not null' => TRUE,
          'default' => '',
        ),
        'description' => array(
          'description' => t("The description of the policy."),
          'type' => 'varchar',
          'length' => 255,
          'default' => '',
        ),
        'enabled' => array(
          'description' => t("Whether the policy is enabled."),
          'type' => 'int',
          'not null' => TRUE,
          'default' => 0,
          'size' => 'tiny',
        ),
        'policy' => array(
          'description' => t("The policy's serialized data."),
          'type' => 'varchar',
          'length' => 1024,
          'not null' => TRUE,
          'default' => '',
        ),
        'created' => array(
          'description' => t("Timestamp for when the policy was created."),
          'type' => 'int',
          'not null' => TRUE,
          'default' => 0,
        ),
        'expiration' => array(
          'description' => t("The passwords will expire after this number of days."),
          'type' => 'int',
        ),
        'warning' => array(
          'description' => t("Comma separated list of days when warning is sent out."),
          'type' => 'varchar',
          'length' => 64,
        ),
        'weight' => array(
          'description' => t("Weight of the policy, used to order active policies."),
          'type' => 'int',
          'size' => 'tiny',
          'not null' => TRUE,
          'default'  => 0,
        ),
      ),
      'primary key' => array('pid'),
      'unique keys' => array(
        'name' => array('name'),
      ),
    ),
    'password_policy_history' => array(
      'description' => t("Stores users' old password hashes."),
      'fields' => array(
        'pid' => array(
          'description' => t("Primary Key: Unique password policy users ID."),
          'type' => 'serial',
          'not null' => TRUE,
        ),
        'uid' => array(
          'description' => t("User's {users}.uid."),
          'type' => 'int',
          'not null' => TRUE,
        ),
        'pass' => array(
          'description' => t("User's password (hashed)."),
          'type' => 'varchar',
          'length' => 128,
          'not null' => TRUE,
        ),
        'created' => array(
          'description' => t("Timestamp for when the policy was created."),
          'type' => 'int',
          'not null' => TRUE,
        ),
      ),
      'primary key' => array('pid'),
      'indexes' => array('uid' => array('uid')),
    ),
    'password_policy_expiration' => array(
      'description' => t('Stores users password expiration data.'),
      'fields' => array(
        'pid' => array(
          'description' => t("Primary Key: Unique password policy expirations ID."),
          'type' => 'serial',
          'not null' => TRUE,
        ),
        'uid' => array(
          'description' => t("User's {users}.uid."),
          'type' => 'int',
          'not null' => TRUE,
          'default' => 0,
        ),
        'warning' => array(
          'description' => t("Timestamp for when the warning was shown."),
          'type' => 'int',
        ),
        'blocked' => array(
          'description' => t("Timestamp for when the user was blocked."),
          'type' => 'int',
        ),
        'unblocked' => array(
          'description' => t("Timestamp for when the user was unblocked."),
          'type' => 'int',
        ),
      ),
      'primary key' => array('pid'),
      'indexes' => array('uid' => array('uid')),
    ),
    'password_policy_force_change' => array(
      'description' => t('Forced password reset status.'),
      'fields' => array(
        'uid' => array('type' => 'int', 'not null' => TRUE),
        'force_change' => array('type' => 'int', 'default' => 0),
      ),
      'indexes' => array('uid' => array('uid')),
    ),
    'password_policy_role' => array(
      'description' => t("Links policies with roles."),
      'fields' => array(
        'rid' => array(
          'description' => t("Role ID."),
          'type' => 'int',
          'not null' => TRUE,
          'default' => 0,
        ),
        'pid' => array(
          'description' => t("Policy ID."),
          'type' => 'int',
          'not null' => TRUE,
          'default' => 0,
        ),
        'name' => array(
          'description' => t("The name of the policy."),
          'type' => 'varchar',
          'length' => 64,
          'not null' => TRUE,
          'default' => '',
        ),
      ),
      'primary key' => array('rid', 'pid'),
      'unique keys' => array(
        'name' => array('rid', 'name'),
      ),
    ),
  );

  return $schema;
}

/**
 * Implements hook_enable().
 */
function password_policy_enable() {
  drupal_set_message(t('Password policy module successfully installed. Please review the available <a href="@settings">configuration settings</a>.', array('@settings' => url('admin/settings/password_policy'))));
}

/**
 * Implements hook_install().
 */
function password_policy_install() {
  drupal_install_schema('password_policy');
  db_query('INSERT INTO {password_policy_force_change} (uid) SELECT DISTINCT uid FROM {users} WHERE uid > 0');
}

/**
 * Implements hook_uninstall().
 */
function password_policy_uninstall() {
  drupal_uninstall_schema('password_policy');
  variable_del('password_policy_admin');
  variable_del('password_policy_begin');
  variable_del('password_policy_block');
  variable_del('password_policy_show_restrictions');
  variable_del('password_policy_warning_subject');
  variable_del('password_policy_warning_body');
  variable_del('password_policy_new_login_change');
  variable_del('password_policy_change_url');
}

function password_policy_update_6000() {
  $ret = array();

  db_add_field($ret, 'password_policy', 'weight', array(
    'description' => t("Weight of the policy, used to order active policies."),
    'type' => 'int',
    'size' => 'tiny',
    'not null' => TRUE,
    'default'  => 0,
  ));

  db_create_table($ret, 'password_policy_role', array(
    'description' => t("Links policies with roles."),
    'fields' => array(
      'rid' => array(
        'description' => t("Role ID."),
        'type' => 'int',
        'not null' => TRUE,
        'default' => 0,
      ),
      'pid' => array(
        'description' => t("Policy ID."),
        'type' => 'int',
        'not null' => TRUE,
        'default' => 0,
      ),
    ),
    'primary key' => array('rid', 'pid'),
  ));

  // Ensure existing policies are active for all roles.
  $result = db_query("SELECT pid FROM {password_policy}");
  while ($row = db_fetch_object($result)) {
    $ret[] = update_sql("INSERT INTO {password_policy_role} (pid, rid) VALUES (" . $row->pid . ", " . DRUPAL_AUTHENTICATED_RID . ")");
    $ret[] = update_sql("INSERT INTO {password_policy_role} (pid, rid) VALUES (" . $row->pid . ", " . DRUPAL_ANONYMOUS_RID . ")");
  }

  return $ret;
}

function password_policy_update_6001() {
  $ret = array();

  db_create_table($ret, 'password_policy_force_change', array(
    'description' => t('Forced password reset status.'),
    'fields' => array(
      'uid' => array('type' => 'int', 'not null' => TRUE),
      'force_change' => array('type' => 'int', 'default' => 0),
    ),
    'indexes' => array('uid' => array('uid')),
  ));
  $ret[] = update_sql('INSERT INTO {password_policy_force_change} (uid) SELECT DISTINCT uid FROM {users} WHERE uid > 0');
  return $ret;
}

/**
 * Fix for http://drupal.org/node/583902.
 */
function password_policy_update_6002() {
  $ret = array();
  db_change_field($ret, 'password_policy', 'policy', 'policy', array(
    'description' => t('The serialized policy data'),
    'type' => 'varchar',
    'length' => 1024,
    'not null' => TRUE,
    'default' => '',
  ));
  return $ret;
}

/**
 * Make sure name on password_policy is unique for exportables (features)
 */
function password_policy_update_6003() {
  $ret = array();
  db_add_unique_key($ret, 'password_policy', 'name', array('name'));
  return $ret;
}

/**
 * Make sure name column on password_policy_role for exportables (features)
 */
function password_policy_update_6004() {
  $ret = array();
  db_add_field($ret, 'password_policy_role', 'name',
    array('type' => 'varchar', 'length' => 64, 'not null' => TRUE, 'default' => ''));
  return $ret;
}

/**
 * Make sure name column on password_policy_role is set with corrsponding name
 */
function password_policy_update_6005() {
  $ret = array();
// update name based on name from password_policy table where pid's match
// update password_policy_role pr, password_policy
// set pr.name = pp.name
// where pr.pid = pp.pid;
  $ret[] = update_sql("UPDATE {password_policy_role} pr SET name = (SELECT name FROM {password_policy} pp WHERE pr.pid = pp.pid)");
  return $ret;
}

/**
 * Add unique key on password_policy_role for exportables (rid,name)
 */
function password_policy_update_6006() {
  $ret = array();
// could drop past primary key, and add new primary key but this
// works for now leaving old primary in place
  db_add_unique_key($ret, 'password_policy_role', 'name', array('rid', 'name'));
  return $ret;
}

/**
 * Notify of change to username constraint behavior.
 */
function password_policy_update_6100() {
  return array(
    array(
      'success' => TRUE,
      'query' => t('The username constraint has changed to disallow passwords containing the username in addition to passwords matching the username.'),
    ),
  );
}

/**
 * Increase length of {password_policy_history}.pass to support phpass.
 */
function password_policy_update_6101() {
  $ret = array();
  db_change_field($ret, 'password_policy_history', 'pass', 'pass', array(
    'type' => 'varchar',
    'length' => 128,
    'not null' => TRUE,
  ));
  return $ret;
}

/**
 * Increase module weight to support phpass.
 */
function password_policy_update_6102() {
  $ret = array();
  $ret[] = update_sql("UPDATE {system} SET weight = 1 WHERE type = 'module' AND name = 'password_policy'");
  return $ret;
}

/**
 * Reset module weight to 0.
 *
 * A custom module weight is no longer needed to support phpass.
 */
function password_policy_update_6103() {
  $ret = array();
  $ret[] = update_sql("UPDATE {system} SET weight = 0 WHERE type = 'module' AND name = 'password_policy'");
  return $ret;
}