<?php
/**
 * Crowd auth plug-in for phpBB3
 *
 * This is for authentication via crowd service
 *
 * @package 	login
 * @author		Fernando Marcelo Morgenstern <fernando@consultorpc.com> 
 * @copyright	Copyright (c) 2009, ConsultorPC
 * @license		http://www.gnu.org/licenses/lgpl-3.0-standalone.html
 * @link		http://forums.consultorpc.com/viewforum.php?f=10
 * @version		0.1b
 * @filesource
 */

/**
 * @ignore
 */
if (! defined('IN_PHPBB')) {
	exit();
}


/**
 * Login function
 */
function login_crowd(&$username, &$password)
{
	global $db, $config, $appUrl, $appName, $appPassword;
	
	// Check if basic settings are defined
	if (! empty($config['crowd_app_name']) && ! empty($config['crowd_app_url']) && ! empty($username)) {
		// Try to connect on Crowd server
		try {
			$soapClient = new SoapClient($config['crowd_app_url']);
		} catch (SoapFault $fault) {
			throw new Exception('Unable to connect to Crowd.  Verify the app_url property is defined and Crowd is running.');
		}
		
		// Authenticate application
		$param = array(
			'in0' => array(
				'credential' => array(
					'credential' => $config['crowd_app_password']
				), 
				'name' => $config['crowd_app_name']
			)
		);
		try {
			$resp = $soapClient->authenticateApplication($param);
		} catch (SoapFault $fault) {
			throw new Exception('SOAP Fault: faultcode: ' . $fault->faultcode . ', faultstring: ' . $fault->faultstring);
		}
		
		// Get token
		$token = $resp->out->token;
		

		// Authenticate user
		$param = array(
			'in0' => array(
				'name' => $config['crowd_app_name'], 
				'token' => $token
			), 
			'in1' => array(
				'application' => $config['crowd_app_name'], 
				'credential' => array(
					'credential' => $password
				), 
				'name' => $username, 
				'validationFactors' => array(
					array(
						'name' => 'User-Agent', 
						'value' => $_SERVER['HTTP_USER_AGENT']
					), 
					array(
						'name' => 'remote_address', 
						'value' => $_SERVER['REMOTE_ADDR']
					)
				)
			)
		);
		try {
			$resp = $soapClient->authenticatePrincipal($param);
		} catch (SoapFault $fault) {
			// Check if username/password is incorrect and return the correct phpbb error
			if (isset($fault->detail->InvalidAuthenticationException)) {
				// Give status about wrong password...
				return array(
					'status' => LOGIN_ERROR_PASSWORD, 
					'error_msg' => 'LOGIN_ERROR_PASSWORD', 
					'user_row' => $row
				);
			} else {
				throw new Exception('SOAP Fault: faultcode: ' . $fault->faultcode . ', faultstring: ' . $fault->faultstring);
			}
		}
		
		// Check if username already exists on database
		$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
			FROM ' . USERS_TABLE . "
			WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
		$result = $db->sql_query($sql);
		$row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);
		
		if ($row) {
			// User inactive...
			if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
				return array(
					'status' => LOGIN_ERROR_ACTIVE, 
					'error_msg' => 'ACTIVE_ERROR', 
					'user_row' => $row
				);
			}
			
			// Successful login... set user_login_attempts to zero...
			return array(
				'status' => LOGIN_SUCCESS, 
				'error_msg' => false, 
				'user_row' => $row
			);
		} else {
			// retrieve default group id
			$sql = 'SELECT group_id
				FROM ' . GROUPS_TABLE . "
				WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'
					AND group_type = " . GROUP_SPECIAL;
			$result = $db->sql_query($sql);
			$row = $db->sql_fetchrow($result);
			$db->sql_freeresult($result);
			
			if (! $row) {
				trigger_error('NO_GROUP');
			}
			

			// Try to find users's details
			$param = array(
				'in0' => array(
					'name' => $config['crowd_app_name'], 
					'token' => $token
				), 
				'in1' => $username
			);
			try {
				$resp = $soapClient->findPrincipalByName($param);
			} catch (SoapFault $fault) {
				throw new Exception('SOAP Fault: faultcode: ' . $fault->faultcode . ', faultstring: ' . $fault->faultstring);
			}
			
			// generate user account data
			$user_row = array(
				'username' => $username, 
				'user_password' => phpbb_hash($password), 
				'user_email' => $resp->out->attributes->SOAPAttribute[3]->values->string, 
				'group_id' => (int) $row['group_id'], 
				'user_type' => USER_NORMAL, 
				'user_ip' => $user->ip
			);
			
			// this is the user's first login so create an empty profile
			return array(
				'status' => LOGIN_SUCCESS_CREATE_PROFILE, 
				'error_msg' => false, 
				'user_row' => $user_row
			);
		}
	} else {
		// Give status about wrong password...
		return array(
			'status' => LOGIN_ERROR_USERNAME, 
			'error_msg' => 'LOGIN_ERROR_USERNAME', 
			'user_row' => $row
		);
	}
}

/**
 * This function is used to output any required fields in the authentication
 * admin panel. It also defines any required configuration table fields.
 */
function acp_crowd(&$new)
{
	global $user;
	
	$tpl = '

	<dl>
		<dt><label for="crowd_app_url">App URL:</label><br /><span></span></dt>
		<dd><input type="text" id="crowd_app_url" size="40" name="config[crowd_app_url]" value="' . $new['crowd_app_url'] . '" /></dd>
	</dl>
	<dl>
		<dt><label for="crowd_app_name">App Name:</label><br /><span></span></dt>
		<dd><input type="text" id="crowd_app_name" size="40" name="config[crowd_app_name]" value="' . $new['crowd_app_name'] . '" /></dd>
	</dl>
	<dl>
		<dt><label for="crowd_app_password">App Password:</label><br /><span></span></dt>
		<dd><input type="password" id="crowd_app_password" size="40" name="config[crowd_app_password]" value="' . $new['crowd_app_password'] . '" /></dd>
	</dl>
	
	';
	
	// These are fields required in the config table
	return array(
		'tpl' => $tpl, 
		'config' => array(
			'crowd_app_url', 
			'crowd_app_name', 
			'crowd_app_password'
		)
	);
}

?>