<?php
	/**
	 * Copyright 2000, 2001, 2002 Philipp von Klitzing
	 * Copyright 2003, 2004, 2005, 2006, 2007, 2008, 2009 Wim van Ravesteijn
	 *
	 * This file is part of AEGEE-Europe Statutory Event Applications.
	 *
	 * AEGEE-Europe Statutory Event Applications is free software: you can
	 * redistribute it and/or modify it under the terms of the GNU General
	 * Public License as published by the Free Software Foundation, either
	 * version 3 of the License, or (at your option) any later version.
	 *
	 * AEGEE-Europe Statutory Event Applications is distributed in the hope
	 * that it will be useful, but WITHOUT ANY WARRANTY; without even the
	 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
	 * PURPOSE.  See the GNU General Public License for more details.
	 *
	 * You should have received a copy of the GNU General Public License
	 * along with AEGEE-Europe Statutory Event Applications.  If not, see
	 * <http://www.gnu.org/licenses/>.
	 */
	/*
	 * This class provides an interface to aegee.org accounts via LDAP.
	 */	
	class AegeeOrg_Account {
		private $ldap_conn;
		private $ldap_url;
		private $ldap_base;
		private $isbound;
		private $usercn;

		/*
		 * Constructor($ldap_url, $ldap_base)
		 * Creates a new class.
		 * @param: ldap_url: url of the LDAP server
		 * @param: ldap_base: base DN of the LDAP server
		 * @return: true on success connecting to the LDAP server, false otherwise
		 */
		public function __construct($ldap_url, $ldap_base) {
			$this->ldap_conn = false;
			$this->ldap_url = $ldap_url;
			$this->ldap_base = $ldap_base;
			$this->isbound = false;
			$this->usercn = NULL;

			if( !(strlen($ldap_url)>0) ) { debug("AegeeOrg_Account->AegeeOrg_Account: Illegal Ldap Url"); return false; }
			if( !(strlen($ldap_base)>0) ) { debug("AegeeOrg_Account->AegeeOrg_Account: Illegal Base Dn"); return false; }

			return $this->Conn();
		}

		/*
		 * __destruct()
		 * Closes the connections to the LDAP server
		 * @param: -
		 * @return: true on success, false otherwise
		 */
		public function __destruct() {
			if( $this->ldap_conn ) {
				if( @ldap_unbind($this->ldap_conn) ) {
					$this->ldap_conn = false;
					$this->isbound = false;
					$this->usercn = NULL;
					return true;
				}else {
					return false;
				}
			}else {
				// Not connected, nothing to be done
				return true;
			}
		}

		/*
		 * Conn()
		 * Connects to the LDAP server
		 * @param: -
		 * @return: true on success connecting to the LDAP server, false otherwise
		 */
		public function Conn() {
			if( !(strlen($this->ldap_url)>0) ) { debug('AegeeOrg_Account->Conn: Illegal Ldap Url'); return false; }
			
			if( !($this->ldap_conn = ldap_connect($this->ldap_url)) ) {
				debug("AegeeOrg_Account->Conn: Connecting to ".$this->ldap_url." failed.");
				return false;
			}else {
				ldap_set_option($this->ldap_conn, LDAP_OPT_TIMELIMIT, 30);
				return true;
			}
		}

		/*
		 * Auth($user, $pwd)
		 * Logs in to the LDAP server with the given account
		 * @param: user: username of the aegee.org account
		 * @param: pwd: password of the aegee.org account
		 * @return: true on successful login, false otherwise
		 */
		public function Auth($user, $pwd) {
			# Since it seems for some accounts the BaseDn is added, and for others not, we'll have to do 2 checks :-(
			$user_dn = "cn=$user";
			$user_dn2 = "cn=$user, " . $this->ldap_base;
			$user_pwd = $pwd;
		
			if( !($this->ldap_conn) ) {
				// Not connected
				debug("LDAP: not connected while trying Auth()");
				return false;
			}else {
				if( @ldap_bind($this->ldap_conn, $user_dn, $user_pwd) ) {
					$this->isbound = true;
					$this->usercn = $user;
					return true;
				}elseif( @ldap_bind($this->ldap_conn, $user_dn2, $user_pwd) ) {
					$this->isbound = true;
					$this->usercn = $user;
					return true;
				}else {
					#debug("LDAP: invalid login");
					return false;
				}
			}
			// we should not get here...
			debug("LDAP: impossible position in Auth() reached");
			return false;
		}

		/*
		 * BindAnon()
		 * Bind 'anonymous' to the LDAP server
		 * @param: -
		 * @return: true on successful login, false otherwise
		 */
		public function BindAnon() {
			$ldap_dn = "cn=ldap-auth";
			$ldap_pwd = "ldap-auth";
			
			if( !($this->ldap_conn) ) {
				// Not connected
				return false;
			}else {
				if( @ldap_bind($this->ldap_conn, $ldap_dn, $ldap_pwd) ) {
					$this->isbound = true;
					return true;
				}else {
					return false;
				}
			}
		}
		
		/*
		 * GetData($fields, $user="")
		 * Get the requested fields from LDAP from the requested user (optional)
		 * @param: fields: array of the requested fields (LDAP names)
		 * @param: user (optional): name of the user the info is requested on. If omited, use the name of the logged in user
		 * @return: array of the requested fields in LDAP format
		 */
		public function GetData($fields, $user="") {
			//if( !($this->isbound) ) $this->BindAnon();
			$attrs = $this->TransLDAPToNotes($fields);
			if( strlen($user)>0 ) $searchcn=$user;
			else $searchcn=$this->usercn;
			$filter="(&(cn=".$searchcn."))";
			if( !($sr=@ldap_search($this->ldap_conn, $searchcn, $filter, $attrs)) ) {
				// Failed ldap search
				debug("LDAP: failed search");
			}else {
				if( !($ret=@ldap_get_entries($this->ldap_conn, $sr)) ) {
					// Failed getting results
					@ldap_free_result($sr);
					debug("LDAP: failed getting results from ldap search");
				}else {
					// Got data from ldap
					@ldap_free_result($sr);
					return $this->TransNotesToLDAP($ret);
				}
			}
			return false;
		}

		/*
		 * GetGroups($user="")
		 * Get the group memberships from LDAP fom the requested user (optional)
		 * @param: user (optional): name of the user the info is requested on. If omited, use the name of the logged in user
		 * @return: array of the group memberships
		 */
		public function GetGroups($user="") {
			$attrs = array('cn');
			if( strlen($user)>0 ) $searchcn=$user;
			else $searchcn=$this->usercn;
			$filter="(&(member=".$searchcn."))";
			if( !($sr=@ldap_search($this->ldap_conn, $searchcn, $filter, $attrs)) ) {
				// Failed ldap search
				debug("LDAP: failed search");
			}else {
				if( !($ret=@ldap_get_entries($this->ldap_conn, $sr)) ) {
					// Failed getting results
					@ldap_free_result($sr);
					debug("LDAP: failed getting results from ldap search");
				}else {
					// Got data from ldap
					@ldap_free_result($sr);
					$groups = array();
					for( $i=0; $i<count($ret); $i++ ) {
						if( preg_match("/^board-([A-Z]{3})$/", $ret[$i]['cn'][0], $matches) ) {
							$groups[] = $matches[1];
						}
					}
					return $groups;
				}
			}
			return array();
		}

		public function is_bound() {
			return $this->isbound;
		}

		/*
		 * TransLDAPToNotes($fields)
		 * Translate LDAP field names to Notes-LDAP field names
		 * @param: fields: array of field names in standard LDAP names
		 * @return: array of field names in Notes-LDAP names
		 * !! This function is not the inverse of TransNotesToLDAP !!
		 */
		private function TransLDAPToNotes($fields) {
			$ret=$fields;
			if( in_array("mail", $fields) ) {
				// Mail needs special handling in Notes
				$ret[] = "mailaddress";
				$ret[] = "mailsystem";
			}
			if( in_array("street", $fields) AND !in_array("postalAddress", $fields) ) {
				// Street is stored under postalAddress
				$ret[] = "OfficeStreetAddress";
			}
			if( in_array("fax", $fields) AND !in_array("facsimileTelephoneNumber", $fields) ) {
				// Fax is stored under facsimileTelephoneNumber (alias in normal LDAP)
				$ret[] = "facsimileTelephoneNumber";
			}
			if( in_array("phone", $fields) AND !in_array("telephoneNumber", $fields) ) {
				// Phone is stored under telephoneNumber (alias in normal LDAP)
				$ret[] = "telephoneNumber";
			}
			return $ret;
		}

		/*
		 * TransNotesToLDAP($fields)
		 * Translate Notes-LDAP fields to LDAP fields
		 * @param: fields: array of fields in Notes-LDAP names
		 * @return: array of fields in standard LDAP names
		 * !! This function is not the inverse of TransLDAPToNotes !!
		 */
		private function TransNotesToLDAP($fields) {
			$ret=$fields;
			if( isset($ret[0]['mailsystem'][0]) ) {
				if( $ret[0]['mailsystem'][0]!=1 )
					$ret[0]['mail'][0] = $ret[0]['mailaddress'][0];
				$h = array_keys($ret[0],'mailaddress');
				unset($ret[0][ $h[0] ]);
				unset($ret[0]['mailaddress']);
				$h = array_keys($ret[0],'mailsystem');
				unset($ret[0][ $h[0] ]);
				unset($ret[0]['mailsystem']);
			}
			if( isset($ret[0]['officestreetaddress'][0]) ) {
				//$matches=preg_split('/\$/', $ret[0]['postaladdress'][0]);
				//$ret[0]['street'][0]=$matches[0];
				//$ret[0]['country'][0]=$matches[3];
				$ret[0]['street'][0]=$ret[0]['officestreetaddress'][0];
				$h = array_keys($ret[0],'officestreetaddress');
				unset($ret[0][ $h[0] ]);
				unset($ret[0]['officestreetaddress']);
			}
			if( isset($ret[0]['facsimiletelephonenumber'][0]) ) {
				$ret[0]['fax'][0]=$ret[0]['facsimiletelephonenumber'][0];
			}
			if( isset($ret[0]['telephonenumber'][0]) ) {
				$ret[0]['phone'][0]=$ret[0]['telephonenumber'][0];
			}
			return $ret;
		}
		
		# Fields that can be retreived from Notes LDAP (between brackets the Notes field name):
		# - BodyCode
		# - cn
		# - mail (depending on 'mailsystem' in 'mail' or 'mailaddress')
		# - street (officestreetaddress)
		# - c (country)
		# - givenName (FirstName)
		# - postalAddress
		# - postalCode (OfficeZip)
		# - Sex
		# - sn (LastName)
		# - BodyName (sometimes available)
		# - telephoneNumber (OfficePhoneNumber)
		# - mobile (CellPhoneNumber)
		#
		# Fields not available:
		# - country (can be taken from 'postalAddress')
		# - CountryCode
		# - homeCity (City)
		# - homeCountry (Country)
		# - homefax (HomeFAXPhoneNumber)
		# - homePhone (PhoneNumber)
		# - homePostalAddress
		# - homeState (State)
		# - homeStreetAddress
		# - homeZip
		# - o
		# - organization
		# - st (OfficeState)
		# - street (can be taken from 'postalAddress')
	}
?>