local sql = require("lsqlite3")

local pages = require("pages")
local db = require("db")
local queries = require("queries")

local stmnt_author_create

local oldconfigure = configure
function configure(...)

	stmnt_author_create = assert(db.conn:prepare(queries.insert_author))
	return oldconfigure(...)
end

local function claim_post(req)
	--Actually claim a name
	http_request_populate_post(req)
	local name = assert(http_argument_get_string(req,"user"))
	local text
	--What in the world, Kore should be rejecting names that
	--are not lower case & no symbols, but some still get through somehow.
	if not name:match("^[a-z0-9]*$") then
		print("Bad username:",name)
		text = pages.claim{
			err = "Usernames must match ^[a-z0-9]{1,30}$"
		}
		http_response(req,200,text)
		return
	end
	local rngf = assert(io.open("/dev/urandom","rb"))
	local passlength = string.byte(rngf:read(1)) + 64
	local salt = rngf:read(64)
	local password = rngf:read(passlength)
	rngf:close()
	local hash = sha3(salt .. password)
	stmnt_author_create:bind_names{
		name = name,
	}
	stmnt_author_create:bind_blob(2,salt)
	stmnt_author_create:bind_blob(3,hash)
	local err = do_sql(stmnt_author_create)
	if err == sql.DONE then
		--We sucessfully made athe new author
		local id = stmnt_author_create:last_insert_rowid()
		stmnt_author_create:reset()
		--Give them a file back
		http_response_header(req,"Content-Type","application/octet-stream")
		http_response_header(req,"Content-Disposition","attachment; filename=\"" .. name .. "." .. domain .. ".passfile\"")
		local session = start_session(id)
		text = password
	elseif err == sql.CONSTRAINT then
		--If the creation failed, they probably just tried
		--to use a name that was already taken
		text = pages.claim {
			err = "Failed to claim. That name may already be taken."
		}
	elseif err == sql.ERROR or err == sql.MISUSE then
		--This is bad though
		text = pages.claim {
			err = "Failed to claim"
		}
	end
	stmnt_author_create:reset()
end
return claim_post