<?php
/**
 * A filter for checking user permissions
 *
 * @author		Roland Haeder <webmaster@ship-simu.org>
 * @version		0.0.0
 * @copyright	Copyright (c) 2007, 2008 Roland Haeder, this is free software
 * @license		GNU GPL 3.0 or any newer version
 * @link		http://www.ship-simu.org
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
class UserAuthFilter extends BaseFilter implements Filterable {
	// Exception constants
	const EXCEPTION_AUTH_DATA_INVALID = 0x1b0;

	/**
	 * The login method we shall choose
	 */
	private $authMethod = "";

	/**
	 * Protected constructor
	 *
	 * @return	void
	 */
	protected function __construct () {
		// Call parent constructor
		parent::__construct(__CLASS__);

		// Set part description
		$this->setObjectDescription("A user authorization filter");

		// Create unique ID number
		$this->generateUniqueId();
	}

	/**
	 * Creates an instance of this filter class
	 *
	 * @return	$filterInstance		An instance of this filter class
	 */
	public final static function createUserAuthFilter () {
		// Get a new instance
		$filterInstance = new UserAuthFilter();

		// Set default auth method
		$filterInstance->setDefaultAuthMethod();

		// Return the instance
		return $filterInstance;
	}

	/**
	 * Setter for default login method from config
	 *
	 * @return	void
	 */
	protected function setDefaultAuthMethod () {
		$this->authMethod = $this->getConfigInstance()->readConfig('auth_method_class');
	}

	/**
	 * Executes the filter with given request and response objects
	 *
	 * @param	$requestInstance	An instance of a class with an Requestable interface
	 * @param	$responseInstance	An instance of a class with an Responseable interface
	 * @return	void
	 * @throws	UserAuthorizationException	If the auth login was not found or if it was invalid
	 * @throws	UserPasswordMismatchException	If the supplied password hash does not match
	 * @throws	ClassNotFoundException	If the user (guest/member) class was not found
	 */
	public function execute (Requestable $requestInstance, Responseable $responseInstance) {
		// Then get an auth instance for checking and updating the auth cookies
		$authInstance = ObjectFactory::createObjectByName($this->authMethod, array($responseInstance));

		// Set request instance
		$authInstance->setRequestInstance($requestInstance);

		// Now, get the auth data for comparison
		$authLogin = $authInstance->getUserAuth();
		$authHash  = $authInstance->getPasswordAuth();

		// If one is empty stop here
		if ((empty($authLogin)) || (empty($authHash))) {
			// Destroy the auth data
			$authInstance->destroyAuthData();

			// Mark the request as invalid
			$requestInstance->requestIsValid(false);

			// Add fatal message
			$responseInstance->addFatalMessage('auth_data_incomplete');

			// Stop here
			throw new UserAuthorizationException($this, self::EXCEPTION_AUTH_DATA_INVALID);
		} // END - if

		// Regular user account
		$className = $this->getConfigInstance()->readConfig('user_class');
		$methodName = 'createMemberByUserName';

		// Now, try to get a user or guest instance
		if ($authLogin == $this->getConfigInstance()->readConfig('guest_login_user')) {
			// Set class
			$className = $this->getConfigInstance()->readConfig('guest_class');
			$methodName = 'createGuestByUserName';
		} // END - if

		// Does the guest class exist?
		if (!class_exists($className)) {
			// Then abort here
			throw new ClassNotFoundException (array($this, $className), self::EXCEPTION_CLASS_NOT_FOUND);
		} // END - if

		// Now try the dynamic login
		$userInstance = call_user_func_array(array($className, $methodName), array($authLogin));

		// Is the password correct?
		if ($userInstance->getPasswordHash() !== $authHash) {
			// Mismatching password
			throw new UserPasswordMismatchException(array($this, $userInstance), BaseUser::EXCEPTION_USER_PASS_MISMATCH);
		} // END - if

		// Remember auth and user instances in registry
		Registry::getRegistry()->addInstance('auth', $authInstance);
		Registry::getRegistry()->addInstance('user', $userInstance);
	}
}

// [EOF]
?>