<?php
/* $Id$ */
(defined('MCMS') && (basename(__FILE__) != basename($_SERVER['PHP_SELF']))) or die('ACCESS DENIED');

use \MCMS\System;
use \MCMS\User\iUser;
use \MCMS\User\iGroup;
use \MCMS\Interfaces\iCronClient;
use \MCMS\Plugin\iPlugInAuth;

use \MCMS\_\Plugin\Auth\MCMS\MMPIAuthDefault\_\UserDefault;
use \MCMS\_\Plugin\Auth\MCMS\MMPIAuthDefault\_\GroupDefault;
use MCMS\User\AuthEvent;

/**
 * Default authentication plugin.
 *
 * This plugin stores the users and groups in the default database. All features are
 * supported.
 * Containts user management cronjob hooks.
 *
 * @author Stefan Daurer
 * @see iPlugInAuth
 */
class PlugInMMPIAuthDefault extends \MCMS\Plugin\PlugInAuthBase implements iPlugInAuth, iCronClient {
	private $cookyKey = 'MCSSUSAU';
	private $accTable = 'accounts';
	private $grpTable = 'groups';
	private $grpMemberTable = 'groupmembers';
	const DEF_USER_CLASS = '\\MCMS\\_\\Plugin\\Auth\\MCMS\\MMPIAuthDefault\\_\\UserDefault';
	const DEF_GROUP_CLASS = '\\MCMS\\_\\Plugin\\Auth\\MCMS\\MMPIAuthDefault\\_\\GroupDefault';

	public function genHashedPasswd($passwd, $seed) {
		$seed = (int) $seed;
		$seedhash = md5($seed);
		$rounds = 5 + ($seed % 45);
		
		$pwhash = md5($passwd);
		for($i = 0; $i < $rounds; $i++)
			$pwhash = sha1($pwhash . $passwd);
		
		return '$1#' . $seed . '$' . $pwhash;
	}

	public function createUser(iUser $user) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		$data = array();
		$data['login'] = $user->login;
		$data['email'] = $user->email;
		$data['masteradmin'] = $user->masteradmin;
		$data['state'] = 0;
		$data['authtoken'] = sha1(rand(1, 999999));
		$data['seed'] = rand(1, 999999);
		$data['password'] = $this->genHashedPasswd($user->password, $data['seed']);
		
		$db->table($this->accTable)->insert($data);
		$user->id = $db->getInsertId();
		return $user;
	}

	public function loginUser($login, $password, $lifetime = 0) {
		$system = System::getInstance();
		$db = $system->getDB();
		$result = $db->table($this->accTable)->select(array('login' => $login)); // TODO: multipage login
		if($result->getRowCount() == 0)
			return -1;
		$row = $result->fetchArray();
		
		if(		// for update reasons, the old sha1 only style is still avaible. this will be removed someday
strtolower($row['password']) == strtolower(sha1($password)) || strtolower($row['password']) == $this->genHashedPasswd($password, $row['seed'])) {
			$authString = $row['id'] . ':' . sha1($row['authtoken']);
			
			$session = $system->getSession();
			$session->put('', $this->cookyKey, $authString);
			setcookie($this->cookyKey, $authString, $lifetime, _BASEURL_);
			
			return $this->getUser((int) $row['id']);
		}
		return -2;
	}

	public function logoutUser() {
		$system = System::getInstance();
		$session = $system->getSession();
		$session->clear('', $this->cookyKey);
		setcookie($this->cookyKey, '', time() - 3600, _BASEURL_);
	}

	public function getUser($id = -1) {
		$system = System::getInstance();
		$db = $system->getDB();
		if($id === -1) {
			// current user
			$system = System::getInstance();
			$db = $system->getDB();
			$session = $system->getSession();
			$authString = $session->get('', $this->cookyKey, NULL);
			if(is_null($authString)) {
				if(!empty($_COOKIE[$this->cookyKey]))
					$authString = $_COOKIE[$this->cookyKey];
			}
			if(!is_null($authString)) {
				if(preg_match('#^([0-9]+):([A-Za-z0-9]+)$#', $authString, $match)) {
					$id = (int) $match[1];
					$token = $match[2];
					if($id > 0) {
						$result = $db->table($this->accTable)->select(array('id' => $id)); // TODO: multipage login
						if($result->getRowCount() > 0) {
							$usr = $result->fetchObject(self::DEF_USER_CLASS);
							if(sha1($usr->authtoken) == $token) {
								$this->_addUserData($usr);
								return $usr;
							}
						}
					}
				}
			}
		}
		else { // selected user
			$cond = array('id' => -1);
			if(is_int($id)) {
				$cond = array('id' => $id);
			}
			else {
				$cond = array('login' => $id);
			}
			$result = $db->table($this->accTable)->select($cond);
			if($result->getRowCount() == 0)
				return NULL;
			$usr = $result->fetchObject(self::DEF_USER_CLASS);
			$this->_addUserData($usr);
			return $usr;
		}
		return NULL;
	}

	private function _addUserData(iUser &$usr) {
		$system = System::getInstance();
		$db = $system->getDB();
	}

	public function getUserList(array $filer = array()) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		$result = $db->table($this->accTable)->select();
		$users = $result->fetchObjectList(self::DEF_USER_CLASS);
		$result->close();
		foreach($users as $user) {
			$this->_addUserData($user);
		}
		return $users;
	}

	public function removeUser(iUser $user) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		$id = $user->getId();
		
		$usr = $this->getUser($id);
		
		$db->isTransactionSupported() and $db->startTransaction();
		
		// delete system settings
		$db->table('groupmembers')->delete(array('account_id' => $id));
		$db->table('acl')->delete(array('account_id' => $id,'group_id' => 0));
		$db->table('accountsettings')->delete(array('id' => $id));
		$db->table('accounttextsettings')->delete(array('id' => $id));
		$db->table('accountbinsettings')->delete(array('id' => $id));
		
		// allow other modules to react on the user delete
		$this->fireUserServiceEvent(new AuthEvent(AuthEvent::EVENT_REMOVED_USR, $usr));
		
		// commit everything
		$db->isTransactionSupported() and $db->commit();
	}

	public function setUserPasswd($newPasswd, $id = -1) {
		$system = System::getInstance();
		$db = $system->getDB();
		$user = $this->getUser($id);
		
		if(!empty($user)) {
			$id = $user->getId();
			$passwd = $this->genHashedPasswd($newPasswd, $user->seed);
			$db->table($this->accTable)->update(array('password' => $passwd), array('id' => $id));
		}
	}

	public function setUserAttr($id, $attrname, $value) {
		throw new BadMethodCallException('unsupported operation', 901);
	}

	public function getUserAttr($id, $attrname) {
	}

	public function createGroup(iGroup $group) {
		if (!($group instanceof GroupDefault))
			throw new InvalidArgumentException('$group is not an instance of GroupDefault');
		
		$system = System::getInstance();
		$db = $system->getDB();
		$db->table($this->grpTable)->insert($data);
	}

	public function getGroup($id) {
		$system = System::getInstance();
		$db = $system->getDB();
		if($id <= -1)
			throw new Exception("invalid group id");
		else {
			$cond = array('id' => $id);
			$result = $db->table($this->grpTable)->select($cond);
			if($result->getRowCount() == 0)
				return NULL;
			$grp = $result->fetchObject(self::DEF_GROUP_CLASS);
			$this->_addGroupData($grp);
			return $grp;
		}
		return NULL;
	}

	private function _addGroupData(iGroup &$grp) {
		$system = System::getInstance();
		$db = $system->getDB();
	}

	public function getGroupList(array $filer = array()) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		$result = $db->table($this->grpTable)->select();
		$groups = $result->fetchObjectList(self::DEF_GROUP_CLASS);
		$result->close();
		foreach($groups as $group) {
			$this->_addGroupData($group);
		}
		return $groups;
	}

	public function updateGroup(iGroup $group) {
	}

	public function removeGroup(iGroup $group) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		$id = $group->getId();
		
		$db->isTransactionSupported() and $db->startTransaction();
		$db->table('groupmembers')->delete(array('group_id' => $id));
		$db->table('acl')->delete(array('account_id' => 0,'group_id' => $id));
		$db->table('groupsettings')->delete(array('id' => $id));
		$db->table('grouptextsettings')->delete(array('id' => $id));
		$db->table('groupbinsettings')->delete(array('id' => $id));
		$db->isTransactionSupported() and $db->commit();
		// TODO: add module/plugin hook
	}

	public function userGrantPriv(iUser $usr, $siteId, $instance, $key, $value = NULL) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		$db->table('acl')->insert(array(
				'site_id' => $siteId,'account_id' => $usr->getId(),'group_id' => 0,
				'instance' => $instance,'key' => $key,'value' => is_null(value) ? 0 : (int) $value));
	}

	/**
	 * checks if an user has a specific privilege
	 */
	public function userHasPriv(iUser $usr, $siteId = NULL, $instance = false, $key = false, $strict = false) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		if(is_null($usr) || $usr === false)
			return false;
		
		$id = $usr->getId();
		if($usr->masteradmin == true)
			return true;
		if (is_null($siteId))
			return false;
		
		$f_id = $db->escapeColumnName('id');
		$f_site_id = $db->escapeColumnName('site_id');
		$f_instance = $db->escapeColumnName('instance');
		$f_account_id = $db->escapeColumnName('account_id');
		$f_group_id = $db->escapeColumnName('group_id');
		$f_masteradmin = $db->escapeColumnName('masteradmin');
		$f_key = $db->escapeColumnName('key');
		
		if(!$strict) {
			
			// check if the number of master admin groups is bigger than none
			if($db->getObject("SELECT COUNT(groupmembers.{$f_account_id}) AS c
					FROM groups JOIN groupmembers ON groups.{$f_id} = groupmembers.{$f_group_id}
					WHERE groupmembers.{$f_account_id}={$id} AND groups.masteradmin=" . $db->escapeValue(true))->c > 0)
				return true;
				
				// get all groups which contains the user and have the privileges
			$condition = $f_site_id . '=' . $db->escapeValue($siteId) . ' AND ' . $f_instance . (empty($instance) ? ' IS NULL' : '=' . $db->escapeValue($instance)) . ' AND ' . $f_key . (empty($instance) ? ' IS NULL' : '=' . $db->escapeValue($key));
			
			$privs = $db->getObjectList("SELECT DISTINCT groupmembers.{$f_account_id}, groupmembers.{$f_group_id}, acl.{$f_site_id}, {$f_instance}, acl.{$f_key}, acl.value
					FROM acl JOIN groupmembers ON acl.{$f_group_id} = groupmembers.{$f_group_id}
					WHERE groupmembers.{$f_account_id}={$id} AND {$condition}
					UNION
					SELECT DISTINCT * FROM acl WHERE {$f_account_id}={$id} AND {$f_group_id}=0 AND {$condition}");
			
			foreach($privs as $p) {
				if($p->site_id == $siteId && $p->instance == $instance && $p->key == $key) // check to be sure
					return true;
			}
		}
		else {
			$privs = $db->getObjectList("SELECT DISTINCT * FROM acl WHERE {$f_account_id}={$id} AND {$f_group_id}=0");
			foreach($privs as $p) {
				if($p->site_id == $siteId && $p->instance == $instance && $p->key == $key) // check to be sure
					return true;
			}
		}
		return false; // nothing found, not privileged
	}

	public function userClearPriv(iUser $usr, $siteId = -1) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		if($siteId <= 0)
			$db->table('acl')->delete(array('account_id' => $usr->id,'group_id' => 0));
		else
			$db->table('acl')->delete(array(
					'account_id' => $usr->id,'group_id' => 0,'site_id' => $siteId));
	}

	public function groupGrantPriv(iGroup $grp, $siteId, $instance, $key, $value = NULL) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		$db->table('acl')->insert(array(
				'site_id' => $siteId,'account_id' => 0,'group_id' => $grp->getId(),
				'instance' => $instance,'key' => $key,'value' => is_null(value) ? 0 : (int) $value));
	}

	public function groupHasPriv(iGroup $grp, $siteId = NULL, $instance = false, $key = false, $strict = false) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		$id = (int) $grp->getId();
		
		$privs = $db->getObjectList("SELECT DISTINCT * FROM acl WHERE account_id=0 AND group_id ={$id}");
		foreach($privs as $p) {
			if($p->site_id == $siteId && $p->instance == $instance && $p->key == $key) // check to be sure
				return true;
		}
		
		return false; // nothing found, not privileged
	}

	public function groupClearPriv(iGroup $grp, $siteId = -1) {
		$system = System::getInstance();
		$db = $system->getDB();
		
		if($siteId >= 0)
			$db->table('acl')->delete(array('account_id' => 0,'group_id' => $grp->getId()));
		else
			$db->table('acl')->delete(array(
					'account_id' => 0,'group_id' => $grp->getId(),'site_id' => $siteId));
	}

	public function getUserEditOptions() {
		return self::FEATURE_CREATE_USER | self::FEATURE_UPDATE_USER | self::FEATURE_DELETE_USER;
	}

	public function getGroupEditOptions() {
		return self::FEATURE_CREATE_GROUP | self::FEATURE_UPDATE_GROUP | self::FEATURE_UPDATE_GROUPMEMBER | self::FEATURE_DELETE_GROUP;
	}

	public function getUserGroups($id) {
		$result = $db->getArrayP("SELEC group_id FROM groupmembers WHERE account_id=?", array($id));
		$id = array();
		foreach($result as $row)
			$id[] = $row['group_id'];
		return $id;
	}

	public function getGroupMembers($id) {
		$db = System::getInstance()->getDB();
		$result = $db->getArrayListP("SELECT account_id FROM groupmembers WHERE group_id=?", array(
				$id));
		$id = array();
		foreach($result as $row)
			$id[] = $row['account_id'];
		return $id;
	}

	public function executeCronRun(array $runParam) {
		echo "Running user management cron tasks\n";
		var_dump($runParam);
	}
}