<?php
class Scores_Auth_Adapter_Ws implements Zend_Auth_Adapter_Interface
{
	/**
	 * Identifiant de l'utilisateur
	 * @var string
	 */
	protected $_username;

	/**
	 * Password
	 * @var string
	 */
	protected $_password;

	/**
	 * Timeout
	 * @var int
	 */
	protected $_timeout = 1800;

	/**
	 * Marqueur de vérification IP (en iponly)
	 * @var boolean
	 */
	protected $_checkIp = false;

	/**
	 * Marqueur de vérification de hach
	 * @var boolean
	 */
	protected $_checkHach = false;

	/**
	 * Liste des IPs des frontends (proxy)
	 * @var array
	 */
	protected $listProxyIp = array(
	    '62.210.222.34',
	);

	/**
	 * Authentification par WS
	 * @param string $username
	 * @param string $password
	 * @param string $mode
	 */
	public function __construct($username, $password, $mode = null)
	{
		$this->_username = $username;
		$this->_password = $password;

		if ($mode == 'hach') {
		    $this->_checkHach = true;
		}

        if ($mode == 'iponly'){
		    $ip = $_SERVER['REMOTE_ADDR'];
		    if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) {
		        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
		    }
			$this->_password = 'iponly:'.$ip;
			$this->_checkIp = true;
		}
	}

	/**
	 * (non-PHPdoc)
	 * @see Zend_Auth_Adapter_Interface::authenticate()
	 */
	public function authenticate()
	{
        $ip = $_SERVER['REMOTE_ADDR'];
		if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) {
		    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
		}

		$ws = new Scores_Ws_Client('gestion', '0.3');
		$ws->setHttpLogin($this->_username);
		$ws->setHttpPassword($this->_password);
		$adressIp = $_SERVER['REMOTE_ADDR'];
		$parameters = new stdClass();
		$parameters->login = $this->_username;
		$parameters->ipUtilisateur = $ip;
		$parameters->from = 'auth';
		$InfosLogin = $ws->getInfosLogin($parameters);

		// --- Renvoi
		if ( is_string($InfosLogin) || $InfosLogin->error->errnum != 0 ) {
		    $message = $InfosLogin;
		    return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $identity, array($message));
		}
		// --- Assignation identity
		elseif ( $InfosLogin !== false && !empty($InfosLogin->result->login)) {
		    $identity = new stdClass();
		    if ($this->_checkIp || $this->_checkHach) {
		        Zend_Registry::get('firebug')->info("IN");
		        $identity->password = $this->_password;
		    } else {
		        $identity->password = md5($InfosLogin->result->login.'|'.$this->_password);
		    }
		    Zend_Registry::get('firebug')->info($identity->password);
		    $identity->username 				= $InfosLogin->result->login;
		    $identity->email 					= $InfosLogin->result->email;
		    $identity->profil 					= $InfosLogin->result->profil;
		    $identity->pref 					= $InfosLogin->result->pref;
		    $identity->droits 					= $InfosLogin->result->droits;
		    $identity->droitsClients 			= $InfosLogin->result->droitsClients;
		    $identity->nom 						= $InfosLogin->result->nom;
		    $identity->prenom 					= $InfosLogin->result->prenom;
		    $identity->tel 						= $InfosLogin->result->tel;
		    $identity->fax 						= $InfosLogin->result->fax;
		    $identity->mobile 					= $InfosLogin->result->mobile;
		    $identity->id 						= $InfosLogin->result->id;
		    $identity->idClient 				= $InfosLogin->result->idClient;
		    $identity->reference 				= $InfosLogin->result->reference;
		    $identity->nbReponses 				= $InfosLogin->result->nbReponses;
		    $identity->typeScore 				= $InfosLogin->result->typeScore;
		    $identity->dateValidation 			= $InfosLogin->result->dateValidation;
		    $identity->nombreConnexions 		= $InfosLogin->result->nombreConnexions;
		    $identity->dateDerniereConnexion 	= $InfosLogin->result->dateDerniereConnexion;
		    $identity->dateDebutCompte 			= $InfosLogin->result->dateDebutCompte;
		    $identity->dateFinCompte 			= $InfosLogin->result->dateFinCompte;
		    $identity->acceptationCGU			= $InfosLogin->result->acceptationCGU;
		    $identity->ip 						= $ip;
		    $identity->version                  = $InfosLogin->result->version;
		    $identity->modeEdition 				= false;

		    $timeout = (!empty($InfosLogin->result->timeout)) ? $InfosLogin->result->timeout : $this->_timeout;
		    $identity->timeout = $timeout;
		    $identity->time = time() + $timeout;
		    $lang = in_array($InfosLogin->result->lang, array('fr','en')) ? $InfosLogin->result->lang : 'fr';
		    $identity->lang = $lang;
		    $identity->langtmp = $lang;

		    // --- Adresse Ip interdites
		    $ipInterdites = array(
		        '81.252.88.0-81.252.88.7',        // CTE D AGGLOMERATION DE SOPHIA
		        '195.200.187.163',                // PacWan
		        '213.11.81.41',                   // Verizon France SAS
		        '83.206.171.252',                 // FR-BASE-D-INFORMATIONS-LEGALES-BI
		        '81.255.32.139',
	            '212.155.191.100-212.155.191.199', // Satair A/S
	            '212.37.196.156',                  // GENERALE-MULTIMEDIA-SUD
	            '80.245.60.121',                   // Planete Marseille - Mailclub
	            '213.246.57.101',                  // IKOULA
	            '193.104.158.0-193.104.158.255',   // Altares.fr
	            '195.6.3.0-195.6.3.255',           // ORT
	            '217.144.112.0-217.144.116.63',    // Coface
		    );

            // --- Validation IP
            $overallIpValidate = false;
            foreach ( $ipInterdites as $filtre ) {
                if ( strpos($filtre, '*') ) {
                    $filtre = str_replace('*', '0', $filtre) . '-' . str_replace('*', '255', $filtre);
                }
                // Is it a range ?
                if ( strpos($filtre, '-') ) {
                    $validateIp = new Scores_Validate_IpInNetwork();
                    $validateIp->setNetworkNotation($filtre);
                    $overallIpValidate = $validateIp->isValid($ipToValidate);
                }
                // Ip only
                else {
                    if ( $filtre === $ipToValidate ) {
                        $overallIpValidate = true;
                    }
                }
                // Break foreach
                if ( $overallIpValidate === true ) {
                    break;
                }
            }

            // Exit with error
            if ( $overallIpValidate === false ) {
                return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity);
            }

	        // --- OK connecté
	        $this->_username = $identity->username;
	        $this->_password = $identity->password;
		    return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);

		} else {
		    return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity, array("Identification impossible"));
		}
	}
}