<?
#
# vim:set ts=4:
# vim:set shiftwidth=4;
#

class User
{
	var $ref;
	var $session = false;
	var $auth_timeout = false;
	
	var $db;

	/**
	 * create a new User object
	 *
	 * creates a new user by looking into the <code>session</code> 
	 *
	 * @param	object	Database Object
	 * @param	object	Session Object
	 * @param	integer	Login timout in seconds
	 */
	function User(&$database, &$session, $auth_timeout) {
		assert($session);
		assert($database);
		assert($auth_timeout);
		$this->session = &$session;
		$this->auth_timeout = $auth_timeout;
		$this->db = &$database;

		$last_seen = $this->session->data['user']['last_seen'];
		$ref =  $this->session->data['user']['ref'];
		$authenticated = false;

		if ( $last_seen &&
		  ( $last_seen + $this->auth_timeout >= time()) &&
		  ( $time_seen <= time() ) &&
		    $this->session->data['user']['authenticated'] &&
			$this->check_ref_session($ref) )
			$authenticated = true;
		else {
			$ref = false;
			$authenticated = false;
			$last_seen = false;
		}

		$this->session->data['user']['authenticated'] = $authenticated;
		$this->session->data['user']['last_seen'] = $authenticated ? time() : false;
		$this->session->data['user']['ref'] = $ref;
	}

	/**
	* Check if given Ref is a valid user ref
	*
	* checks if the ref and current session are from the same user.
	*
	* @param	integer	user ref
	* @returns	boolean true if success
	*/
	function check_ref_session($ref) {
		assert($this->session);
		assert($this->session->ref);
		assert($this->db);
		assert($ref);

		$row=$this->db->query_row('SELECT ref FROM account WHERE session_ref=? AND ref=?', array($this->session->ref, $ref));

		if ( $row === false )
			return false;
		else
			return true;
	}

	/**
	* Do the login of a user
	*
	* Check if username and password are a valid pair, and update session_ref
	* in database, set timestamp.
	*
	* @param	string	supplied username from user 
	* @param	string	supplied password from user
	* @returns	boolean true if success
	*/
	function do_login($username, $password)
	{
		assert($this->session);
		assert($this->session->ref);
		assert($this->db);
#		assert($username);
#		assert($password);
		if ( ! $username )
			return false;
		if ( ! $password )
			return false;

		$row=$this->db->query_row('SELECT ref FROM account WHERE username=? AND password=?', array($username,$password));
		
		if ( $row === false )
			return false;

		$update = $this->db->update('account', $row['ref'], array(session_ref=>$this->session->ref));
		if ( ! $update ) 
			return false;
			
		$this->session->data['user']['authenticated'] = true;
		$this->session->data['user']['last_seen'] = time();
		$this->session->data['user']['ref'] = $row['ref'];
		$this->session->data['user']['username'] = $username;

		# FIXME: old session is destroyed 
		return true;
	}

	/**
	 * Logout the User
	 *
	 * logout the user, do not check if has logged in.
	 *
	 * @returns	boolean	true on success, false otherwhise
	 */
	function do_logout()
	{
		assert($this->session);
		assert($this->session->ref);
		$this->session->data['user']['authenticated'] = false;
		$this->session->data['user']['last_seen'] = false;
		$this->session->data['user']['ref'] = false;
		$this->session->data['user']['username'] = false;
		return true;
	}

	/**
	 * Check for login status
	 *
	 * Checks if user has logged in correctly.
	 *
	 * @returns	boolean	true on authenticated, false otherwhise
	 */
	function check_login()
	{
		assert($this->session);
		if (! $this->session->get_id())
			return false;
		assert($this->session->ref);
		return $this->session->data['user']['authenticated'];
	}
}

?>