<?php
//   This file is a part of CodingTeam. Take a look at <http://codingteam.org>.
//   Copyright © 2007-2014 Erwan Briand <erwan@codingteam.net>
//
//   This program is free software: you can redistribute it and/or modify it
//   under the terms of the GNU Affero General Public License as published by
//   the Free Software Foundation, version 3 only.
//
//   This program is distributed in the hope that it will be useful, but
//   WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
//   or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
//   License for more details.
//
//   You should have received a copy of the GNU Affero General Public License
//   along with this program. If not, see <http://www.gnu.org/licenses/>.

/**
 * @file
 * This file contains the BaseSession class
 *
 * Provide prototypes for init session, (auto) log-in, log-out and
 * status-testing.
 * This class have to be extended by another class and doesn't have to be
 * called.
 */


/**
 * BaseSession class
 */
abstract class BaseSession
{
    private $ip;
    protected $ct_db, $error;


    function __construct($ct_db, $error)
    {
        $this->ct_db = $ct_db;
        $this->error = $error;
    }


    /**
     * Init
     *
     * Create the session for this user.
     * @param $ip
     *   The IP address of this user.
     */
    protected function init($ip)
    {
        // Construct session
        session_start();
        $_SESSION['ip'] = $ip;

        if (empty($_SESSION['alea']))
            $_SESSION['alea'] = rand(42, 1337);

        if (empty($_SESSION['captcha']))
            $_SESSION['captcha'] = generateUniqueID(FALSE);

        // Fight session hijacking with a token
        if (isset($_SERVER['HTTP_USER_AGENT']))
            $user_agent = $_SERVER['HTTP_USER_AGENT'];
        else
            $user_agent = '';

        $token = md5($user_agent.$ip.$_SESSION['alea']);

        if (isset($_SESSION['token']))   
            if ($_SESSION['token'] != $token)
                $this->logout();
        else
            $_SESSION['token'] = $securetoken;

        // Set null values
        if (!isset($_SESSION['id']))
            $_SESSION['id'] = NULL;

        if (!isset($_SESSION['keyid']))
            $_SESSION['keyid'] = NULL;

        if (!isset($_SESSION['lang']))
            $_SESSION['lang'] = NULL;

        // Auto log in registered user if the cookie exist
        if(isset($_COOKIE['ctcookieautoc']) && !$this->isLogged())
            $this->autologin();
    }


    /**
     * Log out
     *
     * Log out a registered user and destroy his session.
     */
    protected function logout()
    {
        // Destroy current session and cookie if exist
        session_unset();
        session_destroy();
        if (isset($_COOKIE['ctcookieautoc']))
            $this->unsetcookie('ctcookieautoc');

        // Go at the home page
        Header('Location: '.CT_BASEURL);
        exit();
    }


    /**
     * Auto-login
     *
     * Log in a registered user with the cookie.
     */
    protected function autologin()
    {
        if (isset($_COOKIE['ctcookieautoc']))
        {
            // Get cookie data and parse them
            $cookie = explode('-', $_COOKIE['ctcookieautoc'], 2);
            $cookiea = $cookie[0];
            $cookieb = $cookie[1];

            // Check if cookie data are good
            if (!mb_ereg('^([0-9]*)$', $cookiea))
            {
                $this->unsetcookie('ctcookieautoc');
                exit('Error.');            
            }
            
            if (strlen($cookieb) != 42)
            {
                $this->unsetcookie('ctcookieautoc');
                exit('Error.');            
            }
            
            // Check if the user exist
            $user = getUser($cookieb, $this->ct_db, 'keyid');
            if ($user)
            {
                if ($user->getId() == $cookiea)
                {
                    if (in_array($user->getLevel(), array('banned', 'deleted')))
                    {
                        $this->unsetcookie('ctcookieautoc');

                        $er = i18n('Banned or deleted members cannot log in.');
                        $this->error->displayError($er, 0);
                    }
                    else
                    {
                        $_SESSION['id'] = $user->getId();
                        $_SESSION['keyid'] = $user->getKeyid();
                        $_SESSION['lang'] = $user->getLang();

                        // Fight session hijacking by regenerating the session
                        session_regenerate_id(TRUE);
                    }
                }
                else
                {
                    $this->unsetcookie('ctcookieautoc');
                    exit('Error.');
                }
            }
            else
            {
                $this->unsetcookie('ctcookieautoc');
                exit('Error.');
            }
        }
    }


    /**
     * Unset cookie
     *
     * Delete a cookie.
     * @param $cookie
     *   The cookie to be deleted.
     */
    protected function unsetcookie($cookie)
    {
        // Delete wrong cookie
        setcookie($cookie, '', 0, '/', '', 0);
    }


    /**
     * Is logged?
     *
     * Return TRUE if a user is currently logged.
     * @return
     *   A boolean.
     */
    public function isLogged()
    {
        //Check if the user is logged
        if(empty($_SESSION['id']) || empty($_SESSION['keyid']) ||
           empty($_SESSION['lang']))
            return FALSE;
        else
        {
            $user = getUser($_SESSION['keyid'], $this->ct_db, 'keyid');
            if ($user)
                if ($user->getId() == $_SESSION['id'] &&
                    $user->getLang() == $_SESSION['lang'])
                {
                    if (in_array($user->getLevel(), array('banned', 'deleted')))
                    {
                        $er = i18n('Banned or deleted members cannot log in.');
                        $this->error->displayError($er, 0);
                        $this->logout();
                    }
                    else
                        return TRUE;
                }
                else
                    return FALSE;
            else
                return FALSE;
        }
    }
}
?>