<?php if (!defined('skynet')) exit();
/* Skynet - Automated "Cloud" Security Scanner                                *#
#* Copyright (C) 2014-present  Jason Frisvold <friz@godshell.com>             *#
#*                                                                            *#
#* This program is free software; you can redistribute it and/or modify       *#
#* it under the terms of the GNU General Public License as published by       *#
#* the Free Software Foundation; either version 2 of the License, or          *#
#* (at your option) any later version.                                        *#
#*                                                                            *#
#* This program is distributed in the hope that it will be useful,            *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of             *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *#
#* GNU General Public License for more details.                               *#
#*                                                                            *#
#* You should have received a copy of the GNU General Public License          *#
#* along with this program; if not, write to the Free Software                *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */

// Use a unique session name (ignored if session.auto_start is set to true)
session_name('skynet');

// Start the php session
session_start();

function login($username, $password) {
   // Globalize the phptodo variables needed
   global $skynet_sessTime, $app;
          
   // Create user class
   $user_obj = new skynetUser($app->db, -1, $username, $password, true);

   if ($user_obj->logged_in()) {
      // Regenerate the session ID (security enhancement)
      session_regenerate_id();

      // Insert the user_id into the sessions database along with the
      // session ID and the current time
      $app->db->table('sessions')
         ->insert(array(
            'phpsessid' => session_id(),
            'user_id' => $user_obj->user_id(),
            'last' => time()
         ));

      // Clean up any old sessions that have timed out

      $app->db->table('sessions')
         ->where('last', '<', time() - $skynet_sessTime)
         ->delete();

      // Return 1 indicating a successful login
      return 1;
   } else {
      // Return 0 indicating a login failure
      return 0;
   }

   // This code should never be executed
   // Return 0 indicating a login failure
   return 0;
}

function authenticate() {
   // Globalize the phptodo variables needed
   global $skynet_sessTime, $app, $smarty_data;

   // Try and get the id, last time, and user if from the sessions database
   $results = $app->db->table('sessions')
      ->select('id', 'last', 'user_id')
      ->where('phpsessid', session_id())
      ->first();

   $id = $results['id'];
   $last = $results['last'];
   $user_id = $results['user_id'];

   // Check to see if an id was set, and if the time is good
   if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
      // Good session, update the timestamp
      $app->db->table('sessions')
         ->where('id', $id)
         ->update(array(
            'last', time()
         ));

      // Create the user object
      $user_obj = new skynetUser($app->db, $user_id);

      // Assign the username to the smarty template
      $smarty_data['username'] = $user_obj->username();
      $smarty_data['adminflag'] = $user_obj->adminflag();
      if (get_magic_quotes_gpc()) {
         $smarty_data['fullname'] =
            stripslashes(htmlentities($user_obj->fullname(), ENT_QUOTES));
      } else {
         $smarty_data['fullname'] =
            htmlentities($user_obj->fullname(), ENT_QUOTES);
      }

      return($user_obj);
   } else {
      // Return a 0 to indicate that authentication was not successful
      return 0;
   }

   // This code should never be executed
   return 0;
}

function feed_authenticate($user_id, $feed_id, $secret) {
   // Globalize the phptodo variables needed
   global $skynet_dbHost, $skynet_dbUser, $skynet_dbPass, $skynet_dbName,
          $skynet_sessTime, $app;

   // Create the skynetFeed object
   $feed = new skynetFeed($skynet_dbHost, $skynet_dbUser, $skynet_dbPass,
                           $skynet_dbName, $user_id, $feed_id);

   if ($feed->secret() == $secret) {
      // Create the user object
      $user_obj = new skynetUser($app->db, $user_id);

      return Array($feed, $user_obj);
   } else {
      // Return a 0 to indicate that authentication was not successful
      return 0;
   }

   // This code should never be executed
   return 0;
}

function logout() {
   global $app;

   // Try and get the id, last time, and user if from the sessions database
   $app->db->table('sessions')
      ->where('phpsessid', session_id())
      ->delete();

   return(1);
}

// This function redirects the user to the login page
function login_redirect() {
   foreach ($_REQUEST as $varname => $varvalue) {
      if (! isset($_COOKIE["$varname"])) {
         if (get_magic_quotes_gpc()) {
            $varvalue = stripslashes($varvalue);
         }

         if (isset($redirect)) {
            $redirect .= "&$varname=" . urlencode($varvalue);
         } else {
            $redirect = basename($_SERVER['PHP_SELF']) . "?$varname=" .
                        urlencode($varvalue);
         }
      }
   }

   global $skynet_serveruri;

   $_SESSION['redirect'] = $skynet_serveruri . dirname($_SERVER['PHP_SELF']) .
                           '/';

   if (isset($redirect)) {
       $_SESSION['redirect'] .= $redirect;
   }

   header('Location: ' . $skynet_serveruri .
          join_paths(dirname($_SERVER['PHP_SELF']), '/index.php'));
}

?>