// security.js

var Security = {};

Security.verifyUser = function () {	

	Security.setUserCookie();
	var userId = Security.getUserId();
	
	if (userId) {
		Security.setValidUser(1);
	} else {
		Security.setValidUser(0);
	}
		
}

Security._validUser;

Security.setValidUser = function (validUser) {
	Security._validUser = validUser;	
}

Security.getValidUser = function () {
	return Security._validUser;
}

Security.setUserCookie = function () {
	var cookieName			= 'session';
	var cookieParameters	= cookieName + "=";
	var cookieAttributes	= document.cookie.split(';');
	var cookieCode			= 'SID';
	
	for(var i=0;i < cookieAttributes.length;i++) {
		var c = cookieAttributes[i];
		
		while (c.charAt(0)==' ') { 
			c = c.substring(1,c.length);
		}
		
		if (c.indexOf(cookieName) == 0) {
			var cookieString		= c.substring(cookieName.length,c.length);
			var cookieSession		= cookieString.split(cookieCode); 		
			
			Security.setUserId(cookieSession[0]);
			Security.setSessionId(cookieSession[1]);
		}
	}

}

Security.displayLoginMessage = function () {

	//Dialog Box Header
    var dialogHeader = 'Please Log In';
    
    //Error message
    var errorMessage = 'Want to make a comment? Please log in.<br/><br/>';
    errorMessage	+= '<form action="cgi-bin/login.cgi" method="post" name="loginForm" id="loginForm">';
    errorMessage	+= 'User Name<br/>';
    errorMessage	+= '<input type="text" name="user_name"/><br/>';
    errorMessage	+= 'Password<br/>';
    errorMessage	+= '<input type="password" name="password"/><br/>';
    errorMessage	+= '<input type="hidden" name="destination" value="referer"/> <br/>';
    errorMessage	+= '<input type="submit" name="submit" value="Submit"/><br/>';	
    errorMessage	+= '</form><br/>';		
    errorMessage	+= "Or if you're not a member ";
    errorMessage	+= '<a href="http://www.bluerivers.org/index.cgi?action=contact">use the comment form</a> to send us a message.';
    
    DialogBox.setHeader(dialogHeader);
    DialogBox.setMessage(errorMessage);
    DialogBox.show();
    return;

}		

Security._userId;

Security.setUserId = function (userId) {
	Security._userId = userId;
}

Security.getUserId = function () {
	return Security._userId;
}

Security._sessionId;

Security.setSessionId = function (sessionId) {
	Security._sessionId = sessionId;
}

Security.getSessionId = function () {
	return Security._sessionId;
}