<?php

/**
 * DomFramework
 * @package domframework
 * @author Dominique Fournier <dominique@fournier38.fr>
 * @license BSD
 */

namespace Domframework;

/**
 * The abstraction class of the users
 * Allow to manage the users in multiple storages (SQL, HTPasswd, passwd file).
 * CRUD the users and allow to modify the password
 */
class Users
{
    /**
     * Connect to the storage
     */
    public function connect()
    {
    }

    /**
     * Initialise the storage
     * Create the structure of data needed to the class
     */
    public function initStorage()
    {
    }

    /**
     * Create a new user
     * If the password is not provided, create a default passwd (can be disable
     * password)
     * @param string $email The email to create
     * @param string $firstname The firstname to create
     * @param string $lastname The lastname to create
     * @param string|null $password The password of the user
     */
    public function adduser($email, $firstname, $lastname, $password = null)
    {
    }

    /**
     * Delete a user
     * @param string $email The email to delete
     */
    public function deluser($email)
    {
    }

    /**
     * Update a user
     * @param string $oldemail The old email to update
     * @param string $newemail The new mail to store
     * @param string $firstname The new firstname to store
     * @param string $lastname The lastname to store
     */
    public function updateuser($oldemail, $newemail, $firstname, $lastname)
    {
    }

    /**
     * List the users
     */
    public function listusers()
    {
    }

    /**
     * Change password
     * @param string $email the user email to change the password
     * @param string $oldpassword The old password (to check if the user have the
     *    rights to change the password)
     * @param string $newpassword The new password to be recorded
     */
    public function changepassword($email, $oldpassword, $newpassword)
    {
    }

    /**
     * Overwrite password (without oldpassword check)
     * Must be reserved to the administrators. For the users, use changepassword
     * method
     * @param string $email the user email to change the password
     * @param string $newpassword The new password to be recorded
     */
    public function overwritepassword($email, $newpassword)
    {
    }

    /**
     * Check if the provided password is correctely associated to the email user
     * @param string $email The email to validate
     * @param string $password The password to validate
     */
    public function checkValidPassword($email, $password)
    {
    }

    /**
     * Check if the user provided is correct
     * @param string $email The email to validate
     */
    public function checkEmail($email)
    {
        if (! is_string($email)) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid email provided : not a string"
                ),
                500
            );
        }
        if (strlen($email) < 5) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid email provided : too short"
                ),
                500
            );
        }
        if (strpos($email, ":") !== false) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid email provided : colon forbidden"
                ),
                500
            );
        }
        return true;
    }

    /**
     * Check if the firstname provided is correct
     * @param string $firstname The firstname to check
     */
    public function checkFirstname($firstname)
    {
        if (! is_string($firstname)) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid firstname provided : not a string"
                ),
                500
            );
        }
        if (strlen($firstname) < 1) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid firstname provided : too short"
                ),
                500
            );
        }
        if (strpos($firstname, ":") !== false) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid firstname provided : colon forbidden"
                ),
                500
            );
        }
        return true;
    }

    /**
     * Check if the lastname provided is correct
     * @param string $lastname The lastname to check
     */
    public function checkLastname($lastname)
    {
        if (! is_string($lastname)) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid lastname provided : not a string"
                ),
                500
            );
        }
        if (strpos($lastname, ":") !== false) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid lastname provided : colon forbidden"
                ),
                500
            );
        }
        return true;
    }

    /**
     * Check if the password provided is correct
     * @param string $password The password to check
     */
    public function checkPassword($password)
    {
        if (! is_string($password)) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid password provided : not a string"
                ),
                500
            );
        }
        if (strlen($password) < 5) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid password provided : too short"
                ),
                500
            );
        }
        if (strlen($password) >= 128) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "Invalid password provided : too long"
                ),
                500
            );
        }
        return true;
    }

    /**
     * Crypt the password with the best algorithm available
     * @param string $password The password to crypt
     */
    public function cryptPasswd($password)
    {
        if (! function_exists("openssl_random_pseudo_bytes")) {
            throw new \Exception(
                dgettext(
                    "domframework",
                    "No PHP support for openssl_random_pseudo_bytes"
                ),
                500
            );
        }
        $cost = 11;
        $salt = substr(base64_encode(openssl_random_pseudo_bytes(17)), 0, 22);
        $salt = str_replace("+", ".", $salt);
        $param = '$' . implode('$', [
            "2y", //select the most secure version of blowfish (>=PHP 5.3.7)
            str_pad($cost, 2, "0", STR_PAD_LEFT), //add the cost in two digits
            $salt //add the salt
        ]);
        //now do the actual hashing
        return crypt($password, $param);
    }

    /**
     * Check if the password is enough complex
     * Return True if the password is enough complex
     * @param string $password The password to check
     */
    public function passwdComplexity($password)
    {
    }
}