<?php

function auth_actions($posts,$gets){   
    // logout
    if($posts["auth_action"]=="logout"){
	unsetauth();
    }
    // login locale
    elseif($posts["auth_action"]=="local_login" AND isset($posts["username"])){
	local_login($posts["username"],$posts["password"]);
    }
    // richiesta auth openid (fase 1)
    elseif($posts["auth_action"] == "openid_login"){
	$authresult = req_openid_auth($posts['openid_identifier']);
    }
    
    // fai auth openid (fase 2)
    elseif(isset($gets['openid_mode'])) {
	do_openid_auth($gets['openid_mode']);
    }
}


// stocca sessione
function storeauth($iddata){
    global $aravNamespace;
    $aravNamespace = new Zend_Session_Namespace('arav');
    $aravNamespace->iddata = $iddata;
    $aravNamespace->stabledata = array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["stablestoredfields"]));
    $aravNamespace->volatiledata = array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["volatilestoredfields"]));
}

function unsetauth(){
    global $aravNamespace;
    // $aravNamespace->stabledata = NULL;
    Zend_Session::destroy(true);
}


// determina se e' autenticato
function isauth(){
    global $aravNamespace;
    $aravNamespace = new Zend_Session_Namespace('arav');
    
    if($aravNamespace->stabledata == array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["stablestoredfields"]))){
	$retaggio = array("esito" => TRUE);
	foreach ($aravNamespace as $index => $value) {
	    $retaggio[$index] = $value;
	}
    }
    else{
	$retaggio = array("esito" => FALSE);
    }
    return $retaggio;
}


// #### OPENID #######

// auth openid, fase 1
function req_openid_auth($openid_identifier){
    Zend_Loader::loadClass('Zend_OpenId_Consumer');
    Zend_Loader::loadClass('Zend_OpenId_Extension_Sreg');
    
    $status = "";
    $sreg = new Zend_OpenId_Extension_Sreg(array('nickname'=>true,
					         'email'=>false,
					         'fullname'=>false), null, 1.1);
    $consumer = new Zend_OpenId_Consumer();
    if (!$consumer->login($openid_identifier, NULL, NULL, $sreg)) {
	$status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
    }
    return $status;
}

// fai auth openid (fase 2)
function do_openid_auth($openid_mode){
    if ($openid_mode == "id_res") {
	Zend_Loader::loadClass('Zend_OpenId_Consumer');
	Zend_Loader::loadClass('Zend_OpenId_Extension_Sreg');
	
	$sreg = new Zend_OpenId_Extension_Sreg(array(
						     'nickname'=>true,
						     'email'=>false,
						     'fullname'=>false), null, 1.1);
	
	$consumer = new Zend_OpenId_Consumer();
	if ($consumer->verify($_GET, $id,$sreg)) {
	    $status = array("esito" => "AUTH_OK", "userid" => htmlspecialchars($id));
	} else {
	    $status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
	}
    } else if ($openid_mode == "cancel") {
	$status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
    }
    
    $data = $sreg->getProperties();
    
    if ($status["esito"] == "AUTH_OK"){
	$usergroup = get_openid_usergroup($id);
	$authdata["ACL"] = get_acl($usergroup);
	$authdata["IDENTITY"] = $id;
	$authdata["NICK"] = htmlspecialchars($data["nickname"]);
	storeauth($authdata);
    }
    else{
	unsetauth();
    }
}

// #####  mappatura gruppi #####

// user -> usergroup su tabella openid
function get_openid_usergroup($openid){
    Zend_Loader::loadClass('Zend_Db_Adapter_Pdo_Sqlite');
    $dbAdapter = new Zend_Db_Adapter_Pdo_Sqlite(array('dbname' => $GLOBALS["conf"]["user_db"],'sqlite3' => true ));
    $query = "SELECT usergroup FROM openid WHERE openid = '$openid'";
    $result = $dbAdapter->fetchCol($query);
    return $result[0];
}

// #### LOGIN LOCALE ########

// effettua il login locale
function local_login($username, $password){
    $username = preg_replace("/[^a-zA-Z0-9\-\_]/", "", $username);
    $authresult = do_local_auth($username,hash("sha256",$password));
    
    if ($authresult["esito"] == "AUTH_OK"){
	$usergroup = get_local_usergroup($authresult["userid"]);
	$authdata["ACL"] = get_acl($usergroup);
	
	$authdata["IDENTITY"] = $authresult["userid"];
	$authdata["NICK"] = htmlspecialchars($authresult["userid"]);
	
	storeauth($authdata);
    }
    else{
	unsetauth();
    }
}

// autentica sul db locale
function do_local_auth($username, $password){
    try {
	// Create (connect to) SQLite database in file
	$file_db = new PDO("sqlite:".$GLOBALS["conf"]["user_db"]);
	report(1,"connected to auth db");
	// Set errormode to exceptions
	$file_db->setAttribute(PDO::ATTR_ERRMODE, 
			       PDO::ERRMODE_EXCEPTION);
	$query_userexist = "SELECT username FROM users WHERE username = '$username'";
	report(1,"query $query_userexist");
	$ueresult = $file_db->query($query_userexist);
	$uerow = $ueresult->fetch(PDO::FETCH_ASSOC);	
	
	if($uerow["username"] == $username){
	    report(1,"username exists");
	    // controlla passwd e piglia su dati
	    $query_checkpwd = "SELECT users.username,groups.dir FROM users,groups WHERE users.username = '$username' AND users.password = '$password' AND users.usergroup = groups.usergroup";
	    report(1,"query: $query_checkpwd");
	    $cpresult = $file_db->query($query_checkpwd);
	    $cprow = $cpresult->fetch(PDO::FETCH_ASSOC);
	    if($cprow["username"] == $username){
		$esito = "AUTH_OK";
	    }
	    else {
		$esito = "PASS_IV";
	    }
	} else {
	    $esito = "USER_NE";
	}
	report(1,"esito $esito");
    }
    catch(PDOException $e){
        report(3,$e->getMessage());
    }    
    
    return array("esito" => $esito, "userid" => $cprow["username"], "dir" => $cprow["dir"]);
}


function prompt_auth(){
	header('WWW-Authenticate: Basic realm="Arkiwi"');
	header('HTTP/1.0 401 Unauthorized');
}

function is_inside_dir($object,$dir){
    if( strpos(realpath($object), realpath($dir)) === 0) return true;
    return false;
}
?>