<?php

class LdapServer {
    protected $conn=NULL,$login,$dn,$superadmin=false;
    private $domains=array();

    public function __construct($login) {
        global $conf;
        $this->login = $login;
        if (!$this->conn = ldap_connect(LDAP_URI)) {
            throw new Exception("Impossible de se connecter au serveur LDPA ".LDAP_URI);
        }
        if (!ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
            throw new Exception("Impossible de modifier la version du protocole LDAP à 3");
        }
        if (!ldap_bind($this->conn, LDAP_ADMIN_DN, LDAP_ADMIN_PASS)) {
            throw new Exception("Authentification LDAP échoué !");
        }
        if (in_array($this->login, $conf['admin']['logins'])) {
            $this->superadmin = true;
        }
        return $this;
    }

    public function login($password) {
        global $conf;
        $sr=ldap_search($this->conn, LDAP_BASE, "(&(uid=".$this->login.")(isAdmin=TRUE))");
        $info = ldap_get_entries($this->conn, $sr);
        if ($info['count']) {
            if (@ldap_bind($this->conn, $info[0]['dn'], $password)) {
                unset($password);
                $this->dn = $info[0]['dn'];
#                EvoLog::log("Login success for " . $this->login);
                return true;
            } else {
                $this->__destruct();
#                EvoLog::log("Password failed : " . $this->login);
                return false;
            }
        } else {
            $this->__destruct();
#            EvoLog::log("Login failed : " . $this->login);
            return false;
        }
    }

    public function getDomains() {
        global $conf;
        if (count($this->domains) == 0) {
            if ($this->superadmin) {
                $sr = ldap_search($this->conn, LDAP_BASE, LdapDomain::getClassFilter());
                $objects = ldap_get_entries($this->conn, $sr);
                foreach($objects as $object) {
                    if(!empty($object["cn"][0])) {
                        $domain = new LdapDomain($this, $object["cn"][0]);
                        array_push($this->domains, $domain);
                    }
                }
                sort($this->domains);
            } else {
                $auid = explode('@', $this->login);
                $domain = new LdapDomain($this, $auid[1]);
                array_push($this->domains, $domain);
            }
        }
        return $this->domains;
    }

    public function addDomain($name,$active=false) {
        global $conf;
        $info["cn"]=$name;
        $info["objectclass"] = LdapDomain::$objectClass;
        $info["isActive"] = ($active) ? 'TRUE' : 'FALSE';
        $info["gidNumber"]= getfreegid();

        if (!@ldap_add($this->conn, "cn=".$name.",".LDAP_BASE, $info)) {
            $error = ldap_error($this->conn);
            throw new Exception("Erreur dans l'ajout du domaine : $error");
        }
    }

    public function delDomain($name) {
        if ($sr = @ldap_search($this->conn, "cn=".$name.",".LDAP_BASE, "(ObjectClass=*)")) {
            $objects = ldap_get_entries($this->conn, $sr);
            // Delete aliases
            foreach($objects as $object) {
                if (!empty($object['objectclass']) && !in_array(LdapDomain::$objectClass[0], $object['objectclass']) && in_array(LdapAlias::$objectClass[0], $object['objectclass'])) {
                    $dn = "cn=".$object['cn'][0]. ",cn=".$name.",".LDAP_BASE;
                    if (!ldap_delete($this->conn, $dn)) {
                        $error = ldap_error($this->conn);
                        throw new Exception("Erreur dans la suppression de l'alias $dn : $error");
                    }
                }
            }
            // Delete accounts
            foreach($objects as $object) {
                if (!empty($object['objectclass']) && !in_array(LdapDomain::$objectClass[0], $object['objectclass']) && !in_array(LdapAlias::$objectClass[0], $object['objectclass'])) {
                    $dn = "uid=".$object['cn'][0]. ",cn=".$name.",".LDAP_BASE;
                    if (!ldap_delete($this->conn, $dn)) {
                        $error = ldap_error($this->conn);
                        throw new Exception("Erreur dans la suppression du compte $dn : $error");
                    }
                }
            }
            // Delete domain
            $dn = "cn=".$name.",".LDAP_BASE;
            if (!ldap_delete($this->conn, $dn)) {
                $error = ldap_error($this->conn);
                throw new Exception("Erreur dans la suppression du domaine $dn : $error");
            }
        } else {
            throw new Exception("Ce domaine n'existe pas !");
        }
    }

    public function isSuperAdmin() {
        return $this->superadmin;
    }
    
    public function getLogin() {
        return $this->login;
    }

    public function getDn() {
        return $this->dn;
    }

    public function __destruct() {
        ldap_unbind($this->conn);
    }
}