var express = require('express');
var router = express.Router();

/* Login action */
router.post('/login', function(req, res) {
	var bcrypt = require('bcrypt-nodejs');
	
	var user = req.body.user,
		pass = req.body.pass;
	
	req.getConnection(function(err, connection) {
		if (err) throw err;
		
		var sql = " SELECT id, username, email, password, timezone, num_format " +
		" FROM todo_user " +
		" WHERE email = ? OR username = ? ";
		
		// Find the username / email
		connection.execute(sql, [user, user], function(err, rows, fields) {
			if (err) throw err;
			
			var user = rows[0];
			
			// Verify the password hash
			bcrypt.compare(pass, user.password, function(err, passRes) {
				if (err) throw err;
				
				// Password is good, set session data and redirect
				if (passRes === true)
				{
					req.session.uid = user.id;
					req.session.num_format = user.num_format;
					req.session.username = user.username;
					
					res.redirect(303, '/');
				}
			});
		});
	})
});

/* Logout action */
router.get('/logout', function(req, res) {
	// Destroy the session, and redirect to the index page
	req.session.destroy(function(err) {
		res.redirect(303, '/');
	});
});

/* GET users listing. */
router.get('/list', function(req, res) {
	res.send('respond with a resource');
});

router.get('/:id', function(req, res) {
	res.send('respond with a resource');
});

router.post('/', function(req, res) {
	res.send('respond with a resource');
});

router.put('/:id', function(req, res) {
	res.send('respond with a resource');
});

router.delete('/:id', function(req, res) {
	res.send('respond with a resource');
});

module.exports = router;