<?php
    /*****************************************************************************
    IP Reg, a PHP/MySQL IPAM tool
    Copyright (C) 2007-2009 Wietse Warendorff

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

    For more information, visit http://sourceforge.net/projects/ipreg,
    or contact me at wietsew@users.sourceforge.net
    *****************************************************************************/

    class User {
        function check_strlen($string) {
            // check length
            if(strlen($string)<1) {
                return FALSE;
            } else {
                return TRUE;
            }
        }

        function user_login($user_name, $user_pass) {
            global $dblink;
            // check user_name length
            if($this->check_strlen($user_name)==FALSE) {
                return FALSE;
            }

            // check user_pass length
            if($this->check_strlen($user_pass)==FALSE) {
                return FALSE;
            }

            // get user data
                // initiate class
                $db = new Db($dblink);

                // build query
                $query = "SELECT
                    user.user_id,
                    user.user_pass,
                    user.user_displayname,
                    user.user_language,
                    user.user_imagesize,
                    user.user_imagecount,
                    user.user_mac,
                    user.user_dateformat,
                    user.user_dns1suffix,
                    user.user_dns2suffix,
                    user.user_menu_assets,
                    user.user_menu_assetclasses,
                    user.user_menu_assetclassgroups,
                    user.user_menu_locations,
                    user.user_menu_nodes,
                    user.user_menu_subnets,
                    user.user_menu_users,
                    user.user_menu_vlans,
                    user.user_menu_zones,
                    user.user_tooltips
                FROM
                    user
                WHERE
                    user.user_name='" . $user_name . "'";

                // run query
                $users = $db->db_select($query);

                // count results
                $user_counter = count($users);

                // any users?
                if ($user_counter>0) {
                    // compare passwords
                    if(!strcmp(md5($user_pass), rtrim($users[0]['user_pass']))) {
                        // all ok: user is logged in

                        // md5 match but outdated. rewrite with new algo
                        $newhash = password_hash($user_pass, PASSWORD_BCRYPT);
                        $query = "UPDATE user SET user_pass='" . $newhash. "' WHERE user_id=" . $users[0]['user_id'];
                        $db->db_update($query);

                    } else {
                        if (! password_verify($user_pass, $users[0]['user_pass'])) {
                            return FALSE;
                        }
                    }
                } else {
                    return FALSE;
                }

            // register session data
                $_SESSION['suser_id'] = $users[0]['user_id'];
                $_SESSION['suser_displayname'] = $users[0]['user_displayname'];
                $_SESSION['suser_language'] = $users[0]['user_language'];
                $_SESSION['suser_imagesize'] = $users[0]['user_imagesize'];
                $_SESSION['suser_imagecount'] = $users[0]['user_imagecount'];
                $_SESSION['suser_mac'] = $users[0]['user_mac'];
                $_SESSION['suser_dateformat'] = $users[0]['user_dateformat'];
                $_SESSION['suser_dns1suffix'] = $users[0]['user_dns1suffix'];
                $_SESSION['suser_dns2suffix'] = $users[0]['user_dns2suffix'];
                $_SESSION['suser_menu_assets'] = $users[0]['user_menu_assets'];
                $_SESSION['suser_menu_assetclasses'] = $users[0]['user_menu_assetclasses'];
                $_SESSION['suser_menu_assetclassgroups'] = $users[0]['user_menu_assetclassgroups'];
                $_SESSION['suser_menu_locations'] = $users[0]['user_menu_locations'];
                $_SESSION['suser_menu_nodes'] = $users[0]['user_menu_nodes'];
                $_SESSION['suser_menu_subnets'] = $users[0]['user_menu_subnets'];
                $_SESSION['suser_menu_users'] = $users[0]['user_menu_users'];
                $_SESSION['suser_menu_vlans'] = $users[0]['user_menu_vlans'];
                $_SESSION['suser_menu_zones'] = $users[0]['user_menu_zones'];
                $_SESSION['suser_tooltips'] = $users[0]['user_tooltips'];

            // no errors found, return
            return TRUE;
        }

        function user_logout() {
            // clear and destroy session
            $_SESSION = array();
        }
    }
?>