<?php
//   This file is a part of CodingTeam. Take a look at <http://codingteam.org>.
//   Copyright © 2007-2014 Erwan Briand <erwan@codingteam.net>
//
//   This program is free software: you can redistribute it and/or modify it
//   under the terms of the GNU Affero General Public License as published by
//   the Free Software Foundation, version 3 only.
//
//   This program is distributed in the hope that it will be useful, but
//   WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
//   or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
//   License for more details.
//
//   You should have received a copy of the GNU Affero General Public License
//   along with this program. If not, see <http://www.gnu.org/licenses/>.

/**
 * @file
 * This file contains the Session class for the XMPP authentification method.
 */


// Require the BaseSession abstract class.
require(CT_BASEDIR.'/inc/classes/session.php');

// Include XMPPHP
require(CT_BASEDIR.'/inc/libs/xmpphp/XMPP.php');


/**
 * Session class
 */
class Session extends BaseSession
{
    private $ip;
    protected $ct_db, $error, $cfg;


    function __construct($ct_db, $error)
    {
        $this->ct_db = $ct_db;
        $this->error = $error;
        $this->cfg = getClass('config', $this->ct_db);
    }


    /**
     * Init
     *
     * Create the session for this user.
     * @param $ip
     *   The IP address of this user.
     */
    public function init($ip)
    {
        parent::init($ip);
    }


    /**
     * Log out
     *
     * Log out a registered user and destroy his session.
     */
    public function logout()
    {
        parent::logout();
    }


    /**
     * Auto-login
     *
     * Log in a registered user with the cookie.
     */
    public function autologin()
    {
        parent::autologin();
    }


    /**
     * Unset cookie
     *
     * Delete a cookie.
     * @param $cookie
     *   The cookie to be deleted.
     */
    public function unsetcookie($cookie)
    {
        parent::unsetcookie($cookie);
    }


    /**
     * Log in using SQL authentification (default)
     *
     * Log in a registered user with nickname and password.
     * This function have to be implemented in each classes that extends
     * BaseSession. The goal of this method is to check that the user exists
     * and is the current visitor whathever the method we choose.
     * @param $jabberid
     *   The Jabber ID.
     * @param $autoconnect
     *   TRUE if you want a cookie to be written.
     * @param $referer
     *   The page where the user came from.
     */
    public function login($jabberid, $_autoconnect=0, $_referer=NULL)
    {
        $user = getUser($jabberid, $this->ct_db, 'jid');
        if ($user)
        {
            if (in_array($user->getLevel(), array('banned', 'deleted')))
                $this->error->displayError(i18n('Banned or deleted members cannot log in.'), 0);
            else
            {
                $auth_jab = new XMPPHP_XMPP($this->cfg->get('jabber', 'server'), 5222, $this->cfg->get('jabber', 'username'), $this->cfg->get('jabber', 'password'), 'AUTHBOT'.md5($jabberid));
                $auth_jab->connect();

                while(!$auth_jab->isDisconnected())
                {
                    $payloads = $auth_jab->processUntil(array('session_start', 'message'));

                    foreach($payloads as $event)
                    {
                        $pl = $event[1];

                        switch($event[0])
                        {
                            case 'message':
                                if ($pl['type'] == 'error')
                                {
                                    $auth_jab->disconnect();

                                    $error = i18n('Authentification rejected.');
                                    $http = '401 Unauthorized';
                                    $this->error->displayError($error, 0, $http);
                                }
                                else
                                {
                                    $auth_jab->disconnect();

                                    // Retrieve XMPP stanza
                                    $confirm = $pl['xml']->subs[1]->name;
                                    $ns_c = $pl['xml']->subs[1]->ns;
                                    $ns_s = 'http://jabber.org/protocol/http-auth';

                                    // Test if the XMPP client has accepted
                                    if ($confirm == $confirm && $ns_c == $ns_s)
                                    {
                                        $_SESSION['id'] = $user->getId();
                                        $_SESSION['keyid'] = $user->getKeyid();
                                        $_SESSION['lang'] = $user->getLang();

                                        // Fight session hijacking by regenerating the session
                                        session_regenerate_id(TRUE);

                                        if (!$_autoconnect)
                                            if (!isset($_COOKIE['ctcookieautoc']))
                                            {
                                                $data = $user->getId().'-'.$user->getKeyid();
                                                $time = time() + 365 * 24 * 60 * 60;
                                                setcookie('ctcookieautoc', $data, $time, '/');   
                                            }

                                        // Relocate the user
                                        if (!is_null($_referer))
                                        {
                                            Header('Location: '.$_referer);
                                            exit();
                                        }
                                    }
                                    else
                                    {
                                        $auth_jab->disconnect();

                                        $error = i18n('Authentification rejected.');
                                        $http = '401 Unauthorized';
                                        $this->error->displayError($error, 0, $http);
                                    }
                                }
                            break;

                            case 'session_start':
                                $auth_jab->presence();

                                // Send the request to the user (XEP-0070)
                                $text = "Someone (maybe you) requested the file ".$_referer.
                                ". If you wish to confirm the request, please ".
                                "reply to this message by typing 'OK'.  If not, please ".
                                "reply with 'No'.";

                                $pl = "<confirm xmlns='http://jabber.org/protocol/http-auth' ".
                                      "id='CodingTeam-Authentification' method='POST'".
                                      " url='".$_referer."'/>";

                                $auth_jab->message($jabberid, $text, 'normal', NULL, $pl);
                            break;

                        }
                    }
                }
            }
        }
        else
            $this->error->displayError(i18n('Authentification error! Please verify your Jabber ID (case-sensitive).'), 0);
    }


    /**
     * Is logged?
     *
     * Return TRUE if a user is currently logged.
     * @return
     *   A boolean.
     */
    public function isLogged()
    {
        return parent::isLogged();
    }
}
?>