<?php
	/**
	 * Copyright 2005 Wim van Ravesteijn
	 *
	 * This file is part of AEGEE-Europe Photo Page.
	 *
	 * AEGEE-Europe Photo Page is free software: you can redistribute it
	 * and/or modify it under the terms of the GNU General Public License as
	 * published by the Free Software Foundation, either version 3 of the
	 * License, or (at your option) any later version.
	 *
	 * AEGEE-Europe Photo Page is distributed in the hope that it will be
	 * useful, but WITHOUT ANY WARRANTY; without even the implied warranty
	 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	 * GNU General Public License for more details.
	 *
	 * You should have received a copy of the GNU General Public License
	 * along with AEGEE-Europe Photo Page.  If not, see
	 * <http://www.gnu.org/licenses/>.
	 */
	function check_login($user, $pwd) {
		# Return true on a good login, false on a wrong login
		$login="";
		
		$LdapUri="ldap://www.karl.aegee.org";
		$BaseDn="o=AEGEE, c=FR";

		$ldap_dn = "cn=ldap-auth";
		$ldap_pwd = "ldap-auth";
		
		# Since it seems for some accounts the BaseDn is added, and for others not, we'll have to do 2 checks :-(
		$user_dn = "cn=$user";
		$user_dn2 = "cn=$user, $BaseDn";
		$user_pwd = $pwd;
		
		$attr = "userPassword";
		
		if( !($ds=@ldap_connect($LdapUri)) ) {
			// Connecting failed
			debug("LDAP: failed connecting to server");
			dolog("login", "Connecting to LDAP server failed", "error");
			if( mysql_num_rows( $res=doquery("SELECT `uid`, `name`, `access` FROM `user` WHERE `name`='".addslashes($user)."' AND `password`='".addslashes(md5($pwd))."'") )==1 ) {
				$row=mysql_fetch_array($res);
				if( $row['access']!="none" ) {
					$login="mysql";
					$_SESSION['sess_uid']=$row['uid'];
					$_SESSION['sess_name']=$row['name'];
					$_SESSION['sess_access']=$row['access'];
					dolog("login", "'".$row['name']."' logged in via MySQL", "warning");
					return true;
				}else {
					dolog("login", "Access denied for '".$user."'", "warning");
					return false;
				}
			}else {
				// Sorry, person does not seem to be known in MySQL yet
				return false;
			}
		}else {
			// Connecting success
			ldap_set_option($ds, LDAP_OPT_TIMELIMIT, 10);
			$query="SELECT `uid`, `name`, `access`
				FROM `user`
				WHERE `name`='".addslashes($user)."' AND `password`='".addslashes(md5($pwd))."'";
			if( @ldap_bind($ds, $user_dn, $user_pwd) ) {
				$login="ldap";
				debug("LDAP: bind with '$user_dn'");
			}elseif( @ldap_bind($ds, $user_dn2, $user_pwd) ) {
				$login="ldap";
				$user_dn=$user_dn2;
				debug("LDAP: bind with '$user_dn2' (2)");
			}elseif( @mysql_num_rows( $res=doquery($query) )==1 ) {
				$row=mysql_fetch_array($res);
				if( $row['access']!="none" ) {
					$login="mysql";
					$_SESSION['sess_uid']=$row['uid'];
					$_SESSION['sess_name']=$row['name'];
					$_SESSION['sess_access']=$row['access'];
					dolog("login", "'".$row['name']."' logged in via MySQL", "warning");
					return true;
				}else {
					dolog("login", "Access denied for '".$user."'", "warning");
					return false;
				}
			}else {
				debug("LDAP: no valid login found");
				dolog("login", "Failed login for '".$user."'", "warning");
				return false;
			}
			if( $login=="ldap" ) {
				$attrs = array("cn", "bodycode", "mail", "mailaddress", "mailsystem");
				$filter="(&(cn=$user))";
				if( !($sr=@ldap_search($ds, $user, $filter, $attrs)) ) {
					// Failed ldap search
					debug("LDAP: failed search");
				}else {
					if( !($info=ldap_get_entries($ds, $sr)) ) {
						// Failed getting results
						debug("LDAP: failed getting results from ldap search");
					}else {
						// Got data from ldap
						if( $info[0]['mailsystem'][0]==1 )
							$ldapmail = $info[0]['mail'][0];
						else
							$ldapmail = $info[0]['mailaddress'][0];
						$query="SELECT `uid`, `bodycode`, `name`, `password`, `email`, `access`
										FROM `user` WHERE `name`='".addslashes($info[0]['cn'][0])."'";
						if( @mysql_num_rows( $res=doquery($query) )==1 ) {
							// User already in MySQL
							$row=mysql_fetch_array($res);
							if( $row['access']!="none" ) {
								// Only create session if user has access
								dolog("login", "'".$row['name']."' logged in", "info");
								$_SESSION['sess_uid']=$row['uid'];
								$_SESSION['sess_name']=$row['name'];
								$_SESSION['sess_access']=$row['access'];
							}else {
								// Access denied for this user
								dolog("login", "Access denied for '".$row['user']."'", "warning");
								return false;
							}
							$query="UPDATE `user` SET ";
							if( $row['bodycode']!=$info[0]['bodycode'][0] ) $query.="`bodycode`='".addslashes($info[0]['bodycode'][0])."', ";
							if( $row['password']!=md5($pwd) ) $query.="`password`='".addslashes(md5($pwd))."', ";
							if( $row['email']!=$ldapmail ) $query.="`email`='".addslashes($ldapmail)."', ";
							if( strlen($query)>20 ) {
								// The MySQL data has to be updated
								$query=substr($query, 0, -2)." WHERE `uid`=".addslashes($row['uid']);
								if( doquery($query) ) {
									// Ok
									dolog("login", "Updated user data in MySQL for '".$user."'", "info");
								}else {
									// Error
									dolog("login", "Failed updating user data in MySQL for '".$user."'", "error");
								}
							}
						}else {
							// User not known yet in MySQL
							$query="INSERT INTO `user` (`bodycode`, `name`, `password`, `email`, `access`)
											VALUES ('".addslashes($info[0]['bodycode'][0])."', '".addslashes($info[0]['cn'][0])."',
												'".addslashes(md5($pwd))."', '".addslashes($ldapmail)."', 'user')";
							if( doquery($query) ) {
								// Ok
								dolog("login", "Added '".$info[0]['cn'][0]."' to MySQL", "info");
							}else {
								dolog("login", "Failed adding '".$info[0]['cn'][0]."' to MySQL", "error");
							}
						}
					}
				}
				ldap_close($ds);
				return true;
			}
			ldap_close($ds);
		}
		return false;
	}
?>