<?php
/** The abstraction class of the users
  * Allow to manage the users in multiple storages (SQL, HTPasswd, passwd file).
  * CRUD the users and allow to modify the password
  */
class users
{
  /** Connect to the storage
    */
  public function connect ()
  {
  }

  /** Initialise the storage
    * Create the structure of data needed to the class
    */
  public function initStorage ()
  {
  }

  /** Create a new user
    * If the password is not provided, create a default passwd (can be disable
    * password)
    * @param string $email The email to create
    * @param string $firstname The firstname to create
    * @param string $lastname The lastname to create
    * @param string|null $password The password of the user
    */
  public function adduser ($email, $firstname, $lastname, $password=null)
  {
  }

  /** Delete a user
    * @param string $email The email to delete
    */
  public function deluser ($email)
  {
  }

  /** Update a user
    * @param string $oldemail The old email to update
    * @param string $newemail The new mail to store
    * @param string $firstname The new firstname to store
    * @param string $lastname The lastname to store
    */
  public function updateuser ($oldemail, $newemail, $firstname, $lastname)
  {
  }

  /** List the users
    */
  public function listusers ()
  {
  }

  /** Change password
    * @param string $email the user email to change the password
    * @param string $oldpassword The old password (to check if the user have the
    *    rights to change the password)
    * @param string $newpassword The new password to be recorded
    */
  public function changepassword ($email, $oldpassword, $newpassword)
  {
  }

  /** Overwrite password (without oldpassword check)
    * Must be reserved to the administrators. For the users, use changepassword
    * method
    * @param string $email the user email to change the password
    * @param string $newpassword The new password to be recorded
    */
  public function overwritepassword ($email, $newpassword)
  {
  }

  /** Check if the provided password is correctely associated to the email user
    * @param string $email The email to validate
    * @param string $password The password to validate
    */
  public function checkValidPassword ($email, $password)
  {
  }

  /** Check if the user provided is correct
    * @param string $email The email to validate
    */
  public function checkEmail ($email)
  {
    if (! is_string ($email))
      throw new Exception (dgettext ("domframework",
                                    "Invalid email provided : not a string"),
                           500);
    if (strlen ($email) < 5)
      throw new Exception (dgettext ("domframework",
                                    "Invalid email provided : too short"),
                           500);
    if (strpos ($email, ":") !== false)
      throw new Exception (dgettext ("domframework",
                                "Invalid email provided : colon forbidden"),
                           500);
    return true;
  }

  /** Check if the firstname provided is correct
    * @param string $firstname The firstname to check
    */
  public function checkFirstname ($firstname)
  {
    if (! is_string ($firstname))
      throw new Exception (dgettext ("domframework",
                                   "Invalid firstname provided : not a string"),
                           500);
    if (strlen ($firstname) < 1)
      throw new Exception (dgettext ("domframework",
                                    "Invalid firstname provided : too short"),
                           500);
    if (strpos ($firstname, ":") !== false)
      throw new Exception (dgettext ("domframework",
                                "Invalid firstname provided : colon forbidden"),
                           500);
    return true;
  }

  /** Check if the lastname provided is correct
    * @param string $lastname The lastname to check
    */
  public function checkLastname ($lastname)
  {
    if (! is_string ($lastname))
      throw new Exception (dgettext ("domframework",
                                    "Invalid lastname provided : not a string"),
                           500);
    if (strpos ($lastname, ":") !== false)
      throw new Exception (dgettext ("domframework",
                                "Invalid lastname provided : colon forbidden"),
                           500);
    return true;
  }

  /** Check if the password provided is correct
    * @param string $password The password to check
    */
  public function checkPassword ($password)
  {
    if (! is_string ($password))
      throw new Exception (dgettext ("domframework",
                                    "Invalid password provided : not a string"),
                           500);
    if (strlen ($password) < 5)
      throw new Exception (dgettext ("domframework",
                                    "Invalid password provided : too short"),
                           500);
    if (strlen ($password) >= 128)
      throw new Exception (dgettext ("domframework",
                                    "Invalid password provided : too long"),
                           500);
    return true;
  }

  /** Crypt the password with the best algorithm available
    * @param string $password The password to crypt
    */
  public function cryptPasswd ($password)
  {
    if (! function_exists ("openssl_random_pseudo_bytes"))
      throw new Exception (dgettext ("domframework",
                           "No PHP support for openssl_random_pseudo_bytes"),
                           500);
    $cost = 11;
    $salt = substr (base64_encode (openssl_random_pseudo_bytes (17)), 0, 22);
    $salt = str_replace ("+", ".", $salt);
    $param = '$'.implode ('$', array(
             "2y", //select the most secure version of blowfish (>=PHP 5.3.7)
             str_pad ($cost, 2, "0", STR_PAD_LEFT), //add the cost in two digits
             $salt //add the salt
    ));
    //now do the actual hashing
    return crypt ($password, $param);
  }

  /** Check if the password is enough complex
    * Return True if the password is enough complex
    * @param string $password The password to check
    */
  public function passwdComplexity ($password)
  {
  }
}