<?php
/** DomFramework
    @package domframework
    @author Dominique Fournier <dominique@fournier38.fr> */

/** Takes the email and the password of the user */
class authparams
{
  public $email = null;
  public $password = null;

  /** Parse the different authentication processes to found the email/password
      of the user. 
      If non is found, return "anonymous", "anonymous" */
  public function __construct ($authprocesses=array("session","post"))
  {
    if (php_sapi_name () === "cli")
    {
      $this->email = "cli";
      $this->password = "";
    }
    else
    {
      foreach ($authprocesses as $authprocess)
      {
        try
        {
          $res = $this->$authprocess();
          $this->email = $res["email"];
          $this->password = $res["password"];
          break;
        }
        catch (Exception $e)
        {
          $this->email = "anonymous";
          $this->password = "anonymous";
        }
      }
    }
  }

  /** Get information from $POST variables */
  public function post()
  {
    if (!isset ($_POST["email"]) || !isset ($_POST["password"]))
      throw new Exception ("No POST provided", 401);
    return array ("email"=>trim ($_POST["email"]),
                  "password"=>$_POST["password"]);
  }

  /** Get information from previous recorded session */
  public function session()
  {
    if (!isset ($_SESSION))
      throw new Exception ("No session previously opened", 401);
    if (!isset ($_SESSION["domframework"]["auth"]["email"]) ||
        !isset ($_SESSION["domframework"]["auth"]["password"]))
      throw new Exception ("No previous email in session", 401);
    return array ("email"=>$_SESSION["domframework"]["auth"]["email"],
                  "password"=>$_SESSION["domframework"]["auth"]["password"]);
  }

  /** Get information from a HTTP authentication */
  public function http()
  {
    $realm = dgettext("domframework", 
                      "Restricted access");
    if (!isset($_SERVER['PHP_AUTH_USER']))
    {
      throw new Exception ("No user defined in HTTP header", 401);
      //header("WWW-Authenticate: Basic realm=\"$realm\"");
      //header("HTTP/1.0 401 Unauthorized");
      //die ($realm);
    }
    else
    {
      if (! array_key_exists ("PHP_AUTH_PW", $_SERVER))
        $_SERVER["PHP_AUTH_PW"] = null;
      return array ("email"=>trim ($_SERVER["PHP_AUTH_USER"]),
                    "password"=>$_SERVER["PHP_AUTH_PW"]);
    }
  }

  /** Get the information from a shibboleth provider */
  public function shibboleth ()
  {
    if (! isset ($_SERVER["Shib-Session-ID"]))
      throw new Exception ("No Shibboleth information available", 401);
    return array ("email"=>$_SERVER["mail"],
                  "password"=>"NONE IN SHIBBOLETH");
  }
}