<?php
////////////////////////////////////////////////////////////////////////////////////////
// Class     : access.php
// Purpose   : Controls access to pages and check if user is logged in or not
// Copyright : gamadesigns.co.uk
// Version   : 1.0 
//
// Version History
//  1.0 - 26/02/2008 - added functions logout(), sessioncheck(), checkAdmin(), checkStaff(), checkLogin()
//
///////////////////////////////////////////////////////////////////////////////////////
class access 
{
	var $userdata;		//  Array to contain user's data
	
	function access()
	{
		//start the session 
		session_start();	 
	}
	
	//=================================================================================
	// Log out, destroy session data and any cookies to log the user out
	//
	function logout()
	{
		//set cookies to 1 hour ago to trigger browser to auto delete
		setcookie("gdUser",$_SESSION['gduser'], time()-604800, '/');
		setcookie("gdPass",$_SESSION['gdpass'], time()-604800, '/');
		setcookie("gdGroup",$_SESSION['gdGroup'], time()-604800, '/');
		setcookie("gdTheme",$_SESSION['gdTheme'], time()-604800, '/');
		setcookie("gdNickname",$_SESSION['gdNickname'], time()-604800, '/');
		
		//unset the user data array and destroy the session
		unset($this->userdata);
		session_destroy();
		
		return true;
	}

	//=================================================================================
	// Session Check, checks if eu is logged in or not
	//
  	function sessioncheck()
	{
		//if session is not active, start it now
		if (!isset($_SESSION)) 
		{
 			session_start(); 
  
		  //checks if session is empty, if it is checks for auto login cookie
		  if ($_SESSION['gduser'] == NULL)
		  {
		  	if (isset($HTTP_COOKIE_VARS["gduser"]))
		  	{  
    			$_SESSION['gduser'] = $HTTP_COOKIE_VARS["gdUser"];
				$_SESSION['gdpass'] = $HTTP_COOKIE_VARS["gdPass"];
	 			$_SESSION['gdGroup'] = $HTTP_COOKIE_VARS["gdGroup"];
				$_SESSION['gdTheme'] = $HTTP_COOKIE_VARS["gdTheme"];
				$_SESSION['gdNickname'] = $HTTP_COOKIE_VARS["gdNickname"];
				
				return true;
		    }
			else
			{
				// session is empty and cookie does not exist so eu is not logged in
				return false;
			}
		  } 
		  else
		  {
		    // session user vaiable is present so continue 
			return true;
		  }   
		}
	}
	//=================================================================================
	// Admin Check, allows only admin users to view a page
	//
	function checkAdmin($group = '')
	{
		if ($group == 1) // group 1 is admin
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	
	//=================================================================================
	// Staff Check, allows only staff users to view a page
	//
	function checkStaff($group = '')
	{
		if ($group == 2) // group 1 is staff
		{
			return true;
		}
		else
		{
			return false;
		}
	}

	//=================================================================================
	// Log in, and either redirect to loginPassed or loginFailed depending on success
	//
	function checkLogin($user = '',$pass = '',$group = '',$loginPassed = '',$loginFailed = '')
	{
		// Include database and validation classes, and create objects
		require_once('dbconn.php');
		require_once('validator.php');
		$validate = new validator();
		$loginConnector = new dbconn();
		
		// If user session is present then check details are valid
		if (isset($_SESSION['gduser']) && isset($_SESSION['gdpass']))
		{
			// Validate session data
			//if (!$validate->validateTextOnly($_SESSION['gduser'])){return false;}
			//if (!$validate->validateTextOnly($_SESSION['gduser'])){return false;}
			
			$getUser = $loginConnector->query("SELECT * FROM gama_users WHERE user = '".$_SESSION['gduser']."' AND pass = '".$_SESSION['gdpass']."' AND group <= '".$group."'");

			if ($loginConnector->getNumRows($getUser) > 0)
			{
				// users account has been set to inactive, direct to relevant page
				if ($getUser[7]==0) 
				{ 
					header("Location: ../user/inactive.php") ;
					exit();
				}
				
				// if successful redirect has been POST direct to that page now
				if (isset($loginPassed))
				{ 
					header("Location: ".$loginPassed) ;
					exit();
				}	
				
				//user is logged in and active		
				return true;
				
			}
			else
			{
				// Session data does not match entry in the db, logout user now
				$this->logout();
				return false;
			}			
		}
		else
		{	
			// User has no session data, check for auto login cookies...
			if (isset($HTTP_COOKIE_VARS["gdUser"]))
  			{  
    			$_SESSION['gduser'] = $HTTP_COOKIE_VARS["gdUser"];
				$_SESSION['gdpass'] = $HTTP_COOKIE_VARS["gdPass"];
	 			$_SESSION['gdGroup'] = $HTTP_COOKIE_VARS["gdGroup"];
				$_SESSION['gdTheme'] = $HTTP_COOKIE_VARS["gdTheme"];
				$_SESSION['gdNickname'] = $HTTP_COOKIE_VARS["gdNickname"];
				
				//if successful redirect has been POST direct to that page now			
				if (isset($loginPassed))
				{ 
					header("Location: ".$loginPassed) ;
					exit();
				}		
						
				return true;
    		}
 			
			// User has no session data and there are no cookies, user is not logged in.
			  
			// Validate details user has input
			//if (!$validate->validateTextOnlyNoSpaces($user)){return false;}
			//if (!$validate->validateTextOnlyNoSpaces($pass)){return false;}
			
			// Look up user in db
			$getUser = $loginConnector->query("SELECT * FROM gama_users WHERE user = '$user' AND pass = SHA1('$pass') AND group <= $group");
			$this->userdata = $loginConnector->fetchArray($getUser);
			
			if ($loginConnector->getNumRows($getUser) > 0)
			{
				// users account has been set to inactive, direct to relevant page
				if ($getUser[7]==0) 
				{ 
					header("Location: ../user/inactive.php") ;
					exit();
				}
				
				// User is in db and is active, login is ok so store session details
				$_SESSION['gduser'] = $this->userdata[1];
				$_SESSION['gdpass'] = $this->userdata[2];
  				$_SESSION['gdGroup'] = $this->userdata[3];
				$_SESSION['gdTheme'] = $this->userdata[4];
				$_SESSION['gdNickname'] = $this->userdata[5];
	
				// create cookies to enable auto login if the session ends before user logs out
				setcookie("gdUser", $this->userdata[1], time()+60*60*24*7, '/');
				setcookie("gdPass", $this->userdata[2], time()+60*60*24*7, '/');
				setcookie("gdGroup", $this->userdata[3], time()+60*60*24*7, '/');
				setcookie("gdtheme", $this->userdata[4], time()+60*60*24*7, '/');
				setcookie("gdnickname", $this->userdata[5], time()+60*60*24*7, '/');	
				
				//if successful redirect has been POST direct to that page now							
				if (isset($loginPassed))
				{ 
					header("Location: ".$loginPassed) ;
					exit();
				}
				return true;

			}
			else
			{
				// Login has FAILED
				unset($this->userdata);
				if ($loginFailed !='') 
				{ 
					header("Location: ". $loginFailed);
					exit();
				}		
				return false;
			}
		}			
	}
}	
?>