#!/usr/bin/env bash
# onx-ftp-user-password — Pure-FTPd MySQL backend kullanici sifresini degistir
# Input:  {"username":"onx_xxx_ftp","password":"<new plain>"}
# Output: {"username":...,"updated":true}

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/_lib/common.sh"

require_root
require_cmd mysql
onx_json_input

USERNAME="$(onx_json_field username)"
PASSWORD="$(onx_json_field password)"

[[ -z "$USERNAME" ]] && onx_die 1 "username zorunlu"
[[ -z "$PASSWORD" ]] && onx_die 1 "password zorunlu"
[[ "$USERNAME" =~ ^onx_[a-z0-9]+_[a-z0-9_]+$ ]] || \
    onx_die 1 "Gecersiz username: '${USERNAME}'"

onx_log "ftp-user-password: user=${USERNAME}"

if command -v openssl &>/dev/null; then
    HASHED_PW="$(openssl passwd -1 "${PASSWORD}")"
elif command -v mkpasswd &>/dev/null; then
    HASHED_PW="$(mkpasswd -m sha-512 "${PASSWORD}")"
else
    onx_die 2 "openssl veya mkpasswd gerekli (sifre hash)"
fi

mysql_exec "${ONX_FTP_DB}" \
    "UPDATE ftp_users SET Password='${HASHED_PW}' WHERE User='${USERNAME}';" \
    || onx_die 3 "FTP sifre guncelleme basarisiz: ${USERNAME}"

# Satir etkilendi mi kontrol et
ROWS="$(mysql_exec "${ONX_FTP_DB}" \
    "SELECT ROW_COUNT();" 2>/dev/null | tail -1)"
[[ "$ROWS" == "0" ]] && onx_die 2 "FTP kullanici bulunamadi: ${USERNAME}"

json_ok "{\"username\":\"${USERNAME}\",\"updated\":true}"
