<?php
   /**
	* UAACS based authenticating class and scripts
	*
	* @package    CommonObjects\Uaacs_authentication
	* @author     Channa Dewamitta
	* @copyright  BizyCorp/Ekwa Internal development Team
	* @version    V2.1.0 
	*/
	if ( ! defined('BASEPATH')) exit('No direct script access allowed');
	
	/**
	 * Data encription decription algorithms
	 * 
	 */
	include_once('pc1.php');  //Encryption/Decryption Algorithm
	
   /**
    * A class to incorporate UAACS into any new application.
	*  	
	*   
	*   IMPORTANT :- For logging out, a post var named "UAACS_logout" should be used
	*                 with value "YES".
	*   
	*   USAGE :- 
	*   
	*           $uaacs = new Uaacs_authentication ;
	*           $uaacs->setLandingPage('http://bizydads.com/channa/portman/clientportfolio.php');
	*           $uaacs->setAccessKey('j2ghjlzivj8u');
	*           $uaacs->setSecurityKey('844c1cf009c169d456f5e22f4f3eb737') ;
	*           $uaacs->setAppId(58) ;
	*           $uaacs->setRoleId(456) ;
	*           //Following are optional
	*           $uaacs->setLogoutUrl('http://UAACS.kindersigns.org/API/logout.php');
	*           $uaacs->setLgnCheckUrl('http://UAACS.kindersigns.org/API/loginCheck.php');
	*           $uaacs->authenticate();
	*           $functions = $uaacs->getAllowedFunctions() ;  //An array
	*           $myRoles = $uaacs->getAllowedRoles();         //An array
	*           $roleId = $uaacs->getActiveRole();
	*           $data = $uaacs->getUserData();                //simpleXMLObject
	*           
	*           da: 28da7d
	*			dev sec key: 85d3c6ee8affbff
	*			ACK : yd064wqrbr9
	*			AS; : eec12d7215ad20eeb1cb4a7eabc9ba47
	*	
	*  @author        Channa Dewamitta <channa@ekwa.com>	
	*  @created       Sep 01, 2013
	*  @modified on   
	*  @modification 
	*  @version       V2.1.0
	*
	**/
class Uaacs_authentication {

	
	/**
	 * Property Landing Page URL
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $landPageUrl;
	
	/**
	 * Property Landing Page
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $landPage;
	
	/**
	 * Property Access Key
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $aKey;
	
	/**
	 * Property Security Key
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $sKey;
	
	/**
	 * Property Application ID
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $appId;
	
	/**
	 * Property Role ID
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $roleId;
	
	/**
	 * Property logout page URL
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $logoutUrl;
	
	/**
	 * Property Login Page URL
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $loginUrl;
	
	/**
	 * Property Login check Page URL
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $lgnCheckUrl;
	
	/**
	 * Property Allowed roles list
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $allowedRoles;
	
	/**
	 * Property Allowed function list
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $allowedFunctions;
	
	/**
	 * Property Active role
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $activeRole = FALSE;
	
	/**
	 * Property User data structure
	 *
	 * @access private protected
	 * @since 2.0
	 */
	protected $userData;

	/**
	 * Function __construct
	 *
	 * Class constructor
	 * @access public
	 * @since 2.0
	 */
	
  function __construct() {
  
    $this->logoutUrl  = 'http://UAACS.kindersigns.org/API/logout.php';
    $this->lgnCheckUrl = 'http://UAACS.kindersigns.org/API/loginCheck.php' ;
    $this->loginUrl  = 'http://UAACS.kindersigns.org/login.php';
    //include_once('pc1.php');
  }
  
  //Property Setters
  //Property Setters
  
  /**
   * Function setLandingPage
   *
   * Sets the landing page param
   * @param string $url URL of landing page
   * @return void
   * @access public
   * @since 2.0
   */  
  public function setLandingPage($url){
    $this->landPageUrl = $url;
    $this->landPage = file_get_contents("http://tinyurl.com/api-create.php?url={$this->landPageUrl}");//Shortened
  }
  
  /**
   * Function setAccessKey
   *
   * Sets the accesskey param
   * @param string $aKey access key of app
   * @return void
   * @access public
   * @since 2.0
   */  
  public function setAccessKey($aKey){
    $this->aKey = $aKey;
  }
  
  /**
   * Function setSecurityKey
   *
   * Sets the security key param
   * @param string $sKey security key of app
   * @return void
   * @access public
   * @since 2.0
   */  
  public function setSecurityKey($sKey){
    $this->sKey = $sKey;
  }
  
  /**
   * Function setAppId
   *
   * Sets the application ID param
   * @param string $appId application ID from UAACS
   * @return void
   * @access public
   * @since 2.0
   */  
  public function setAppId($appId){
    $this->appId = $appId;
  }
  
  /**
   * Function setRoleId
   *
   * Sets the role ID param
   * @param string $roleId role ID from UAACS
   * @return void
   * @access public
   * @since 2.0
   */  
  public function setRoleId($roleId){
    $this->roleId = $roleId;
  }
  
  /**
   * Function setLogoutUrl
   *
   * Sets the logout script URL param
   * @param string $logoutUrl url of logout script in UAACS
   * @return void
   * @access public
   * @since 2.0
   */  
  public function setLogoutUrl($logoutUrl){
    $this->logoutUrl = $logoutUrl;
  }
  
  /**
   * Function setLgnCheckUrl
   *
   * Sets the login check script URL param
   * @param string $lgnCheckUrl url of login checking script in UAACS
   * @return void
   * @access public
   * @since 2.0
   */  
  public function setLgnCheckUrl($lgnCheckUrl){
    $this->lgnCheckUrl = $lgnCheckUrl;
  }
  
  /**
   * Function setLoginUrl
   *
   * Sets the login script URL param
   * @param string $loginUrl url of login script in UAACS
   * @return void
   * @access public
   * @since 2.0
   */  
  public function setLoginUrl($loginUrl){
    $this->loginUrl = $loginUrl;
  }
    
  //Property Getters
  
  /**
   * Function getLandingPage
   *
   * Gets the landing page param
   * @return string URL of landing page
   * @access public
   * @since 2.0
   */  
  public function getLandingPage(){
    return $this->landPage ;
  }
  
  /**
   * Function getAccessKey
   *
   * Gets the accesskey param
   * @return string access key of app
   * @access public
   * @since 2.0
   */  
  public function getAccessKey(){
    return $this->aKey = $aKey;
  }
  
  /**
   * Function getSecurityKey
   *
   * Gets the security key param
   * @return string security key of app
   * @access public
   * @since 2.0
   */  
  public function getSecurityKey(){
    return $this->landPage ;
  }
   
  /**
   * Function getAppId
   *
   * Gets the application ID param
   * @return string application ID from UAACS
   * @access public
   * @since 2.0
   */  
  public function getAppId(){
    return $this->sKey ;
  }
  
  /**
   * Function getRoleId
   *
   * Get the role ID param
   * @@return string role ID from UAACS
   * @access public
   * @since 2.0
   */  
  public function getRoleId(){
    return $this->roleId ;
  }
  
  /**
   * Function getLogoutUrl
   *
   * Gets the logout script URL param
   * @return string url of logout script in UAACS
   * @access public
   * @since 2.0
   */  
  public function getLogoutUrl(){
    return $this->logoutUrl ;
  }
  
  /**
   * Function getLgnCheckUrl
   *
   * Gets the login check script URL param
   * @return string url of login checking script in UAACS
   * @access public
   * @since 2.0
   */  
  public function getLgnCheckUrl(){
    return $this->lgnCheckUrl ;
  }
  
  /**
   * Function getAllowedRoles
   *
   * Gets the allowed roles param
   * @return string list of allowed roles
   * @access public
   * @since 2.0
   */  
  public function getAllowedRoles(){
    return $this->allowedRoles ;
  }
  
  /**
   * Function getAllowedFunctions
   *
   * Gets the allowed functions param
   * @return string list of allowed functions
   * @access public
   * @since 2.0
   */  
  public function getAllowedFunctions(){
    return $this->allowedFunctions ;
  }
  
  /**
   * Function getActiveRole
   *
   * Gets the active role param
   * @return int the active role ID
   * @access public
   * @since 2.0
   */  
  public function getActiveRole(){
    return $this->activeRole ;
  }
  
  /**
   * Function getUserData
   *
   * Gets the user specific data param
   * @return array user specific data
   * @access public
   * @since 2.0
   */  
  public function getUserData(){
    return $this->userData ;
  }
  
  /**
   * Method to authenticate the user
   *
   * @access       public
   * @param none
   * @return void But may branch to login page or landing page based on logged
   * in status with appropriate access dara XML
   */
  
  public function authenticate(){
    log_message('info','POST VARS - '.serialize($_POST)) ;
    //Handle logouts first if requested for
    if (isset($_POST['UAACS_logout']) && $_POST['UAACS_logout']=='yes'){
     
      $ls = base64_encode("{$this->appId}|{$this->roleId}|{$this->landPageUrl}");
      //unset session vars
      if (isset($_SESSION['functions_'.$this->appId]))unset($_SESSION['functions_'.$this->appId]) ;
      if (isset($_SESSION['roles_'.$this->appId])) unset($_SESSION['roles_'.$this->appId]) ;       
      if (isset($_SESSION['roleId_'.$this->appId])) unset($_SESSION['roleId_'.$this->appId]);
      if (isset($_SESSION['user_id_'.$this->appId])) unset($_SESSION['user_id_'.$this->appId]);
      //Redirect to logout
      header("Location:{$this->logoutUrl}?ls=".$ls);
      exit();
    }
    
    //Handle login
    if(!(isset($_POST['lc'])) || $_POST['lc'] != 'yes') //If Login Status check is not being performed yet
    {
      
      $ddata = "$this->appId|$this->roleId|$this->aKey|$this->sKey|$this->landPage";//Data delimited by pipe character (application id, role id, others see above
      
      header("Location:{$this->lgnCheckUrl}?d=".base64_encode($ddata));//d = Data base64 encoded, request being made
      exit(); //This is very important
    }
    
    $pc1 = new PC1();
    //$pk = 'cF12#&*)1N!z';
    $pk = 'cF12$g8JK#&*)1N!z';
    $data = $pc1->decrypt($_POST['data'],$pk); // Decrypt Access data                                      
    $this->userData =  new SimpleXMLElement($data);
    
    if( (string)$this->userData->RESULT == 'NOTLOGGEDIN'){ 
      header("Location:{$this->loginUrl}?a={$this->appId}&r={$this->roleId}&showRL=yes&L=".urlencode($this->landPageUrl));
      exit(); //This is very important
    }
    //Get allowed functions
    $myFunctions = $this->userData->DATALIST->USER->ACL->FUNCTION;
    foreach ($myFunctions as $value){
      $this->allowedFunctions[(string) $value->FUNCTIONID]= true;
    }
    //Get Allowed Roles
    $myRoles = $this->userData->DATALIST->USER->ACL->ROLE;
    foreach ($myRoles as $value){
      $this->allowedRoles[(string)$value->ROLEID]['NAME'] = (string) $value->ROLENAME;
      $this->allowedRoles[(string)$value->ROLEID]['ACTIVEROLE']= isset($value->ACTIVEROLE)? true:false;
      if (isset($value->ACTIVEROLE)) $this->activeRole = (string)$value->ROLEID;
    }
  }
}
/* End of file Someclass.php */