package EnsEMBL::Web::Filter::PasswordValid;

### Checks if a password matches the encrypted value stored in the database

use strict;
use warnings;

use EnsEMBL::Web::Data::User;
use EnsEMBL::Web::Tools::Encryption;
use EnsEMBL::Web::RegObj;

use base qw(EnsEMBL::Web::Filter);


sub BUILD {
  my ($self, $ident, $args) = @_;
  ## Set the messages hash here
    'empty_password'    => 'You did not supply a password. Please try again.',
    'invalid_password'  => qq(Sorry, the email address or password was entered incorrectly and could not be validated. Please try again.<br /><br />If you are unsure of your password, click the 'Lost Password' link in the lefthand menu to reactivate your account.),

sub catch {
  my $self = shift;
  my $object = $self->object;
  if ($object->param('password')) {
    my $user = EnsEMBL::Web::Data::User->find(email => $object->param('email'));
    if ($user) { 
      my $input_password = $object->param('password');
      my $encrypted = EnsEMBL::Web::Tools::Encryption::encryptPassword($input_password, $user->salt);
      if ($user->password ne $encrypted) {
    else {
      ## N.B. for security reasons, we do not distinguish between 
      ## an invalid email address and an invalid password
  else {