/**

 * Authentication and authorization

 *

 * @category   Logic

 * @package    CentOS-News

 * @author     Alain Reguera Delgado <alain.reguera@gmail.com>

 * @copyright  2009 - CentOS Artwork SIG.

 * @license    GPL

 */

//--------------Authentication stuff--------------

    session_start();

//--------------/* Verify Admin access rights  */

    function check_adminaccess()

    {

        /* Verify session */

        if (!isset($_SESSION['employeetype']))

        {

            header('Location: '. BASEURL .'admin/login.php');

        }

    }

    /* Check User Access */

    function check_useraccess()

    {

        $timeout = 60 * 30; // In seconds, i.e. 30 minutes.

        $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);

        $redirect_to = BASEURL . 'admin/login.php?loggedout=true';

        /* Destroy session if ... */

        if (isset($_SESSION['last_active']) && $_SESSION['last_active'] < (time()-$timeout)

           || (isset($_SESSION['fingerprint']) && $_SESSION['fingerprint']!=$fingerprint)

           || isset($_GET['action']) && $_GET['action'] == 'logout') 

        {

            setcookie(session_name(), '', time()-3600, '/');

            session_destroy();

            header("Location: $redirect_to");

        }

        /* Regenerate session */

        session_regenerate_id(); 

        /* Increase session lifetime */

        $_SESSION['last_active'] = time();

        /* Rebuild session fingerprint */

        $_SESSION['fingerprint'] = $fingerprint;

    }

    /* Verify username and password */

    function login()

    {

        require_once(ABSPATH . 'admin/includes/classes/ldap.php');

        $ldap = new LDAP;

        /* Inicialize variables */

        $login = array();

        $login['username'] = '';

        $login['password'] = '';

        /* Validate username input */ 

        if (isset($_POST['username']))

        {

            $mail_pattern = '/^([a-z0-9+_]|\-|\.)+@(([a-z0-9_]|\-)+\.)+[a-z]{2,6}$/';

            if (preg_match( $mail_pattern,$_POST['username']))

            {

                $login['username'] = $_POST['username'];

            }

        }

        /* Validate password input */

        if (isset($_POST['password']))

        {

            $login['password'] = $ldap->prepare_userpassword($_POST['password']);

        }

        /* Query LDAP directory looking for username AND password */

        $search = $ldap->get_entries('(&(uid=' . $login['username']  . ')(&(userpassword=' . $login['password'] . ')))');

        /* Build user's session if match */

        if ($search['count'] == 1)

        {

            /* Set session information */

            $_SESSION['uid']            = $search[0]['uid'][0];

            $_SESSION['cn']             = $search[0]['cn'][0];

            $_SESSION['employeetype']   = $search[0]['employeetype'][0];

            /* Set session lasttime access */

            $_SESSION['last_active'] = time();

            /* Set session fingerprint */

            $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);

            $_SESSION['fingerprint'] = $fingerprint;

            /* Redirect to frontpage */

            header("Location: " . BASEURL);

            return 0;

        }

        else if ($search['count'] > 1)

        {

            // Login Failed: There are duplicates in the ldap directory database

            return 002;

        }

        else

        {

            // Login Failed: There is no coincidece in the search

            return '001';

        }

    }

    // User links

    function get_auth_userlinks()

    {

        $html = '
' . "\n";

        if (isset($_SESSION['cn'])) 

        {

            $html .= '
' . $_SESSION['cn'] . ' (' . ucfirst(translate("logout")) . ')
' . "\n";

            $html .= '
' .  ucfirst(translate("admin")) . '
' . "\n";

        }

        else

        {

            $html .= '
' . ucfirst(translate("login")) . '
' . "\n";

        }

        $html .= '' . "\n";

        return $html;

    }

?>