<?php
function ajax_auth_init(){

	wp_register_script('validate-script', get_template_directory_uri() . '/js/jquery.validate.js', array('jquery') );
    wp_enqueue_script('validate-script');

    wp_register_script('ajax-auth-script', get_template_directory_uri() . '/js/ajax-auth-script.js', array('jquery') );
    wp_enqueue_script('ajax-auth-script');

    wp_localize_script( 'ajax-auth-script', 'ajax_auth_object', array(
        'ajaxurl' => admin_url( 'admin-ajax.php' ),
        'redirecturl' => home_url(),
        'loadingmessage' => esc_html('Sending user info, please wait...','amaaaze')
    ));

    // Enable the user with no privileges to run ajax_login() in AJAX
    add_action( 'wp_ajax_nopriv_ajaxlogin', 'ajax_login' );
	// Enable the user with no privileges to run ajax_register() in AJAX
	add_action( 'wp_ajax_nopriv_ajaxregister', 'ajax_register' );
    // Enable the user with no privileges to run ajax_forgotPassword() in AJAX
    add_action( 'wp_ajax_nopriv_ajaxforgotpassword', 'ajax_forgotPassword' );
}

// Execute the action only if the user isn't logged in
if (!is_user_logged_in()) {
    add_action('init', 'ajax_auth_init');
}

function ajax_login(){

    // First check the nonce, if it fails the function will break
    check_ajax_referer( 'ajax-login-nonce', 'security' );

    // Nonce is checked, get the POST data and sign user on
  	// Call auth_user_login
	auth_user_login($_POST['username'], $_POST['password'], 'Login');

    die();
}

function ajax_register(){

    // First check the nonce, if it fails the function will break
    check_ajax_referer( 'ajax-register-nonce', 'security' );

    // Nonce is checked, get the POST data and sign user on
    $info = array();
  	$info['user_nicename'] = $info['nickname'] = $info['display_name'] = $info['first_name'] = $info['user_login'] = sanitize_user($_POST['username']) ;
    $info['user_pass'] = sanitize_text_field($_POST['password']);
	$info['user_email'] = sanitize_email( $_POST['email']);

	// Register the user
    $user_register = wp_insert_user( $info );
 	if ( is_wp_error($user_register) ){
		$error  = $user_register->get_error_codes()	;

		if(in_array('empty_user_login', $error))
			echo json_encode(array('loggedin'=>false, 'message'=>esc_html($user_register->get_error_message('empty_user_login'),'amaaaze')));
		elseif(in_array('existing_user_login',$error))
			echo json_encode(array('loggedin'=>false, 'message'=>esc_html('This username is already registered.','amaaaze')));
		elseif(in_array('existing_user_email',$error))
        echo json_encode(array('loggedin'=>false, 'message'=>esc_html('This email address is already registered.','amaaaze')));
    } else {
	  auth_user_login($info['nickname'], $info['user_pass'], 'Registration');
    }

    die();
}

function auth_user_login($user_login, $password, $login)
{
	$info = array();
    $info['user_login'] = $user_login;
    $info['user_password'] = $password;
    $info['remember'] = true;

	$user_signon = wp_signon( $info, false );
    if ( is_wp_error($user_signon) ){
		echo json_encode(array('loggedin'=>false, 'message'=>esc_html('Wrong username or password.','amaaaze')));
    } else {
		wp_set_current_user($user_signon->ID);
        echo json_encode(array('loggedin'=>true, 'message'=>esc_html($login.' successful, redirecting...','amaaaze')));
    }

	die();
}

function ajax_forgotPassword(){

	// First check the nonce, if it fails the function will break
    check_ajax_referer( 'ajax-forgot-nonce', 'security' );

	global $wpdb;

	$account = $_POST['user_login'];

	if( empty( $account ) ) {
		$error = esc_html__('Enter an username or e-mail address.','amaaaze');
	} else {
		if(is_email( $account )) {
			if( email_exists($account) )
				$get_by = 'email';
			else
				$error = esc_html__('There is no user registered with that email address.','amaaaze');
		}
		else if (validate_username( $account )) {
			if( username_exists($account) )
				$get_by = 'login';
			else
				$error = esc_html__('There is no user registered with that username.','amaaaze');
		}
		else
			$error = esc_html__('Invalid username or e-mail address.','amaaaze');
	}

	if(empty ($error)) {
		// lets generate our new password
		//$random_password = wp_generate_password( 12, false );
		$random_password = wp_generate_password();


		// Get user data by field and data, fields are id, slug, email and login
		$user = get_user_by( $get_by, $account );

		$update_user = wp_update_user( array ( 'ID' => $user->ID, 'user_pass' => $random_password ) );

		// if  update user return true then lets send user an email containing the new password
		if( $update_user ) {

			$from = esc_html__('WRITE SENDER EMAIL ADDRESS HERE','amaaaze'); // Set whatever you want like mail@yourdomain.com

			if(!(isset($from) && is_email($from))) {
				$sitename = strtolower( $_SERVER['SERVER_NAME'] );
				if ( substr( $sitename, 0, 4 ) == 'www.' ) {
					$sitename = substr( $sitename, 4 );
				}
				$from = 'admin@'.$sitename;
			}

			$to = $user->user_email;
			$subject = esc_html__('Your new password','amaaaze');
			$sender = esc_html__('From: ','amaaaze').esc_attr(get_option('name')).' <'.$from.'>' . "\r\n";

			$message = esc_html__('Your new password is: ','amaaaze').$random_password;

			$headers[] = 'MIME-Version: 1.0' . "\r\n";
			$headers[] = 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
			$headers[] = "X-Mailer: PHP \r\n";
			$headers[] = $sender;

			$mail = wp_mail( $to, $subject, $message, $headers );
			if( $mail )
				$success = esc_html__('Check your email address for you new password.','amaaaze');
			else
				$error = esc_html__('System is unable to send you mail containg your new password.','amaaaze');
		} else {
			$error = esc_html__('Oops! Something went wrong while updaing your account.','amaaaze');
		}
	}

	if( ! empty( $error ) )
		echo json_encode(array('loggedin'=>false, 'message'=>esc_html($error,'amaaaze')));

	if( ! empty( $success ) )
		echo json_encode(array('loggedin'=>false, 'message'=>esc_html($success,'amaaaze')));

	die();
}