<?php
/** User authentication against SESSION */
class authsession extends auth
{
  function __construct ()
  {
    if (!isset ($_SESSION))
      throw new Exception ("No session previously opened", 401);
  }

  /** No connection to session */
  public function connect ()
  {
    return TRUE;
  }

  /** Try to authenticate the email/password of the user */
  public function authentication ($email, $password)
  {
    if (!isset ($_SESSION["auth"]["email"]) ||
        !isset ($_SESSION["auth"]["password"]))
      throw new Exception ("No previous email in session", 401);
    if ($_SESSION["auth"]["email"] !== $email)
      throw new Exception ("Unable to authenticate user '$email'", 401);
    if ($_SESSION["auth"]["password"] !== $password)
      throw new Exception ("Bad password for '$email'", 401);
  }

  public function getdetails ()
  {
    return array ("lastname"=>$_SESSION["auth"]["lastname"],
                  "firstname"=>$_SESSION["auth"]["firstname"],
                  "email"=>$_SESSION["auth"]["email"]);
  }

  public function changepassword ($oldpassword, $newpassword)
  {
    throw new Exception (_("The password can't be change for SESSION users"),
                         405);
  }
}