<?php
/*
 *  brisk - auth.phh
 *
 *  Copyright (C) 2006-2008 Matteo Nastasi
 *                          mailto: nastasi@alternativeoutput.it 
 *                                  matteo.nastasi@milug.org
 *                          web: http://www.alternativeoutput.it
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABLILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details. You should have received a
 * copy of the GNU General Public License along with this program; if
 * not, write to the Free Software Foundation, Inc, 59 Temple Place -
 * Suite 330, Boston, MA 02111-1307, USA.
 *
 */

define(CHAL_SHM_DIMS_MIN, 16384);
define(CHAL_SHM_DIMS_MAX, 65536);
define(CHAL_SHM_DIMS_DLT, 16384);
define(CHAL_VALID_TIME,      15);
define(CHAL_GARBAGE_TIMEOUT,  5);

class Challenge {
  var $login;
  var $token;
  var $ip;
  var $tstamp;

  function Challenge($login, $token, $ip, $tstamp)
  {
    $this->login  = $login;
    $this->token  = $token;
    $this->ip     = $ip;
    $this->tstamp = $tstamp + CHAL_VALID_TIME;
  }
}

class Challenges {
  var $item;
  var $item_n;
  var $mod;
  var $shm_sz;

  var $garbage_timeout;


  function Challenges()
  {
    $this->item = array();
    $this->item_n = 0;
    $this->garbage_timeout = 0;
    $this->mod = FALSE;
  }

  function add($login, $token, $ip, $tstamp) 
  {
    $chal = null;

    log_auth("xxx", sprintf("Challenges::add [%s]\n", $login));
    // FIXME Checks here
    if ($login == '') {
      return ($G_false);
    }

      log_auth("xxx", "LOOPI item: ".$i." tstamp: ".$this->item[$i]->tstamp."  curtime: ".$curtime);

    if (($chal = new Challenge($login, $token, $ip, $tstamp)) == null) {
      return ($G_false);
    }

    $this->item[$this->item_n] = $chal;
    $this->item_n++;

    $this->mod = TRUE;

    return ($chal);
  }


  /* remove all istances related to $login */

  function rem($login)
  {
    $ismod  = FALSE;

    for ($i = 0 ; $i < $this->item_n ; $i++) {
      if ($this->item[$i]->login == $login) {
        $ismod = TRUE;
        for ($e = $i ; $e  < ($this->item_n - 1) ; $e++) {
          $this->item[$e] = $this->item[$e + 1];
        }
        
        $i--;
        $this->item_n--;
        unset($this->item[$this->item_n]);
        $this->mod = TRUE;
      }
    }

    return ($ismod);
  }

  function garbage_manager()
  {
    $curtime = time();

    // FIXME remove set to 0
    $this->garbage_timeout = 0;
    if ($this->garbage_timeout > $curtime)
      return (FALSE);

    $ismod = FALSE;
    
    for ($i = 0 ; $i < $this->item_n ; $i++) {
      log_auth("xxx", "LOOPI item: ".$i." tstamp: ".$this->item[$i]->tstamp."  curtime: ".$curtime);
      if ($this->item[$i]->tstamp < $curtime) {
        for ($e = $i ; $e  < ($this->item_n - 1) ; $e++) {
          $this->item[$e] = $this->item[$e + 1];
        }
        
        $i--;
        $this->item_n--;
        log_auth("xxx", "LOOPI unset: ".$this->item_n);
        unset($this->item[$this->item_n]);
        $ismod = TRUE;
        $this->mod = TRUE;
      }
    }
    
    log_auth("xxx", "LOOPI AFTER: ".count($this->item)." _n:" .$this->item_n );
    
    $this->garbage_timeout = $curtime + CHAL_GARBAGE_TIMEOUT;
    
    return ($ismod);
  }
  
  function ismod()
  {
    return ($this->mod);
  }

  // Static functions
  function &init_data()
  {
    $chal =& new Challenges();
    
    $chal->mod = TRUE;

    return $chal;
  }

  function &load_data() 
  {
    GLOBAL $G_false, $sess;
    $doexit = FALSE;
    do {
      if (($tok = @ftok(FTOK_PATH."/challenges", "B")) == -1) {
	log_main("ftok failed");
	$doexit = TRUE;
	break;
      }
    
      if (($shm_sz = sharedmem_sz($tok)) == -1) {
	log_main("shmop_open failed");
      }
	
      if ($shm_sz == -1)
	$shm_sz = CHAL_SHM_DIMS_MIN;

      if ($shm = shm_attach($tok, $shm_sz)) {
	$chals = @shm_get_var($shm, $tok);
	
	log_only("challenges ==  ".($chals == FALSE ?   "FALSE" : "TRUE")."  challenges ===  ".($chals === FALSE ? "FALSE" : "TRUE")."  challenges isset ".(isset($chals) ?   "TRUE" : "FALSE"));
	
	if ($chals == FALSE) {
	  log_only("INIT CHALLENGES DATA");
	  
	  $chals =& Challenges::init_data();
	  if (@shm_put_var($shm, $tok, $chals) == FALSE) {
	    log_only("PUT_VAR FALLITA ".strlen(serialize($chals)));
	    log_only(serialize($chals));
	  }
	}
	$chals->shm_sz = $shm_sz;
	
	shm_detach($shm);
      }

      $chals->garbage_manager();

      $ret = &$chals;
      return ($ret);
    } while (0);
    
    if ($doexit)
      exit();
    
    return ($G_false);
  }
  

  function save_data(&$chals) 
  {
    $shm =   FALSE;
    $oldmod = $chals->mod;

    if (($tok = @ftok(FTOK_PATH."/challenges", "B")) == -1) 
      return (FALSE);
    
    while ($chals->shm_sz < CHAL_SHM_DIMS_MAX) {
      if (($shm = shm_attach($tok, $chals->shm_sz)) == FALSE)
	break;
      
      if (isset($chals)) 
        log_only("challenges count ".count($chals->item)."  _n: ".$chals->item_n);

      $chals->mod = FALSE;
      if (shm_put_var($shm, $tok, $chals) != FALSE) {
	shm_detach($shm);
	return (TRUE);
      }
      $chals->mod = $oldmod;

      if (shm_remove($shm) === FALSE) {
	log_only("REMOVE FALLITA");
	break;
      }
      shm_detach($shm);
      $chals->shm_sz += CHAL_SHM_DIMS_DLT;
    } 

    if ($shm)
      shm_detach($shm);
    
    return (FALSE);
  }

  function lock_data()
  {
    if (($tok = @ftok(FTOK_PATH."/challenges", "B")) == -1) {
      echo "FTOK FAILED";
      exit;
    }
    // echo "FTOK ".$tok."<br>";
    if (($res = sem_get($tok)) == FALSE) {
      echo "SEM_GET FAILED";
      exit;
    }
    if (sem_acquire($res)) {   
      log_lock("LOCK challenges");
      return ($res);
    }
    else
      return (FALSE);
  }
  
  function unlock_data($res)
  {
    GLOBAL $sess; 
    
    log_lock("UNLOCK challenges");

    return (sem_release($res));
  }
} // End CLASS Challenges


class LoginDBItem {
  var $login;
  var $pass;

  function LoginDBItem($login, $pass)
  {
    $this->login = $login;
    $this->pass  = $pass;
  }
}

class LoginDB {
  var $item;
  var $item_n;

  
  function LoginDB()
  {
    GLOBAL $DOCUMENT_ROOT;
    log_main("LoginDB create:start");

    if (file_exists("$DOCUMENT_ROOT/Etc/brisk_auth.conf.pho")) {
      require("$DOCUMENT_ROOT/Etc/brisk_auth.conf.pho");
    }
    else {
      $this->item = array( new LoginDBItem("uno", md5("one")),
                           new LoginDBItem("due", md5("two")),
                           new LoginDBItem("a_b", md5("abb")),
                           new LoginDBItem("tre", md5("three")) );
    }
    $this->item_n = count($this->item);
    log_main("LoginDB create:end");
  }

  function login_exists($login)
  {
    log_main("login_verify");
    
    /* check the existence of the nick in the LoginDB */
    for ($i = 0 ; $i < $this->item_n ; $i++) {
      if (strcasecmp($this->item[$i]->login, $login) == 0) {
        log_main("login[".$i."]: ".$this->item[$i]->login);
        return (TRUE);
      }
    }
    return (FALSE);
  }

  function login_verify($login, $pass)
  {
    $ret = FALSE;

    log_main("login_verify");
        
    /* check the existence of the nick in the LoginDB */
    for ($i = 0 ; $i < $this->item_n ; $i++) {
      if (strcasecmp($this->item[$i]->login, $login) == 0) {
        log_main("login[".$i."]: ".$this->item[$i]->login);

        /* if it exists check for a valid challenge */
        if (($a_sem = Challenges::lock_data()) != FALSE) { 
          
          if (($chals = &Challenges::load_data()) != FALSE) {
            for ($e = 0 ; $e < $chals->item_n ; $e++) {
              
              log_main("challenge[".$i."]: ".$chals->item[$e]->login);
              if (strcmp($login, $chals->item[$e]->login) == 0) {
                log_main("login_verify [".$pass."] with [".md5($chals->item[$e]->token.$this->item[$i]->pass)."]");
                  
                if (strcmp($pass , md5($chals->item[$e]->token.$this->item[$i]->pass)) == 0) {
                  log_main("login_verify SUCCESS for ".$login);
   
                  $chals->rem($login);
                  $ret = TRUE;
                  break;
                }
              }
            } // end for ($e = 0 ...
          }

          if ($chals->ismod()) {
            Challenges::save_data(&$chals);
          }
          
          Challenges::unlock_data($a_sem);
        }
        break;
      } //  if (strcasecmp($this->item[$i]->login, ...
    }

    return ($ret);
  }
} // End class LoginDB


?>