<?php
// $Id$
/*
 * $Log$
 * Revision 1.1.2.7  2009/11/03 23:08:53  mfu
 * Fixed #588208 by ikogan : fixed the colon detection
 * Fixed #611020 by fasdalf@fasdalf.ru : group file not updated when adding user
 *
 * Revision 1.1.2.6  2009/10/19 21:50:42  mfu
 * Fixed #588208 by ikogan : username shall not contain colon
 *
 * Revision 1.1.2.5  2009/10/16 16:45:58  mfu
 * Fixed #588208 by ikogan : username with t are concidered invalid
 *
 * Revision 1.1.2.4  2009/06/27 12:41:12  mfu
 * Fixed #437852 by fasdalf@fasdalf.ru : name change is detected and handled properly
 *
 * Revision 1.1.2.3  2009/06/27 07:22:52  mfu
 * Fixed #503718 by m.fu : htpassword corruption when enabling/disabling user
 * Fixed #437904 by fasdalf@fasdalf.ru : group file not generated properly,
 *                                       now happen on after_update
 * Fixed #437844 by fasdalf@fasdalf.ru : error when deleting one user
 * Fixed #503726 by m.fu: group file no longer contain disabled users
 * Added #503720 by m.fu : option to overwrite htpasswd
 * Fixed #503724 by m.fu : validation of username, must be htpasswd compatible
 *
 * Revision 1.1.2.2  2009/03/26 22:15:29  mfu
 * Added #408798 by fasdalf@fasdalf.ru : request for windows support
 *   windows does not support crypt password hash
 *   added support for SHA-1 password hash which is supported by windows.
 * Fixed : group file not allways updated.
 *
 * Revision 1.1.2.1  2009/03/25 19:24:10  mfu
 * Fixed #409406 by fasdalf@fasdalf.ru : remove comma in htgroup file
 *
 * 
 */  
 

/* @file
 * Synchronize users password and htpasswd file
 * 
 * HTPasswd Sync module duplicates all users changes in the configured htpasswd
 * file. Password a hashed with the crypt function. The htgroup file contains 
 * roles as groups. 
 */     
 
 /**
  * return htpasswd file name
  *     
  * @return
  *   full filname of the htpasswd
  */
 function _htpasswdsync_passfilename() {
    return variable_get('htpasswdsync_htpasswd', "/etc/httpd/htpasswd");
 }
 
 /**
  * return htgroup file name
  *     
  * @return
  *   full filname of the htgroup file
  */
 function _htpasswdsync_grpfilename() {
    return variable_get('htpasswdsync_htgroup', "/etc/httpd/htgroup");
 }
 
 /**
  * return role to put in htgroup
  * 
  * return the roles selectionned in the admin page to put into
  * the htgroup file.
  *       
  * @return
  *   array of role id
  */
 function _htpasswdsync_roles() {
    return variable_get('htpasswdsync_roles', array());
 }


 /**
  * return array of available hashes
  * 
  * return an array of possible hashes
  *       
  * @return
  *   array
  */
 function _htpasswdsync_hashes() {
    return array ('crypt', 'SHA-1');
 }
  
 /**
  * return hash algorithm name
  * 
  * return the name of the hash algorithm to use for password
  * hashing  
  *       
  * @return
  *   string ('crypt', 'SHA-1')
  */
 function _htpasswdsync_hash() {
    return variable_get('htpasswdsync_hash', 0);
 }

 /**
  * return overwrite_htpasswd status
  * 
  * returns if the htpasswd file shall be overwritten by drupal of not
  * overwritting will erase all manual entered users.
  * manual make the htpasswd grow and contain renamed users. 
  * it will do the same for the htgroup     
  *       
  * @return
  *   array of role id
  */
 function _htpasswdsync_overwrite() {
    return variable_get('htpasswdsync_overwrite', true);
 }


 /**
  * crypt password
  * 
  * return the password hashed according to users preferences
  *       
  * @param $password
  *   the password, as a string,  to encrypt     
  * @return
  *   encrpyted password (actually hashed)
  */
 function _htpasswdsync_crypt($password) {
  $hashes = _htpasswdsync_hashes();
  switch ($hashes[_htpasswdsync_hash()]) {
    case 'crypt':
      return crypt($password, chr(rand(65, 122)) . chr(rand(65, 122)));
    break;
    case 'SHA-1':
      return '{SHA}' . base64_encode(sha1($password, TRUE));
    break;
  }
  return _htpasswdsync_hash();
}
 
/**
 * read an htfile
 *     
 * read an htfile, format is key: value, one key per row
 * 
 * @param &$arr
 *   array to read to
 * @param $file
 *   file to read
 * @return
 *   none 
 */

 function _htpasswdsync_read_htfile(&$arr, $file) {
   $f = fopen($file, "r");
   while ($l = fgets($f)) {
     list($u, $p) = split(":", rtrim($l), 2);
     if ($u != "") {
       $arr[$u] = $p;
     }
   }
   fclose($f);
 }
 
 /**
 * write an htfile
 *     
 * write an array to an htfile, format is key: value, one key per row
 * 
 * @param &$arr
 *   array to write
 * @param $file
 *   file to write to
 * @return
 *   none 
 */
 function _htpasswdsync_write_htfile(&$arr, $file) {
  $f = fopen($file, "w");
  foreach ($arr as $u => $p) {
    if ($u != "" && $p != "") {
      fputs($f, $u .":". $p ."\n");
    }
  }
  fclose($f);
 }
 
/* generate the htgroup content
 *
 * for each role configured (htpasswdsync_roles array), list users
 * and update the htgroup accordingly
 * 
 * @param
 * @return   
 */    
 function _htpasswdsync_updategroup() {
  firep("called _htpasswdsync_updategroup");
  $file = _htpasswdsync_grpfilename();
  $groups = array();

  // if we overwrite, then why botter reading the previous file
  if (! _htpasswdsync_overwrite()) {
    _htpasswdsync_read_htfile($groups, $file);
  }
  
  foreach (_htpasswdsync_roles() as $rid) {
    // get role name
    $res = db_fetch_object(db_query('SELECT name FROM {role} WHERE rid = %d', $rid));
    $name = $res->name;
    firep($rid, "rid");
    firep($res->name, "$res->name");
    
    //empty group
    $groups[$name] = "";
    
    // add members to the group
    $res = db_query('SELECT name FROM {users} u, {users_roles} ur WHERE ur.rid = %d AND ur.uid = u.uid AND status = 1', $rid);
    while ($r = db_fetch_object($res)) {
      $groups[$name] .= " ". $r->name;
      firep($r->name, "$r->name");
      firep($groups, "$groups");
    }

  }
  _htpasswdsync_write_htfile($groups, $file);
  firep("end _htpasswdsync_updategroup");
 }

/* generate the htpasswd content from the database
 *
 * update the htpasswd file from the table htpasswdsync_passwd
 * 
 * @param
 * @return   
 */    
 function _htpasswdsync_updatepasswd() {
  firep("called _htpasswdsync_updatepasswd");
  $file = _htpasswdsync_passfilename();
  $passwords = array();
  
  // if we overwrite, then why botter reading the previous file
  if (! _htpasswdsync_overwrite()) {
    _htpasswdsync_read_htfile($passwords, $file);
  }
  //get all users  
  $res = db_query('SELECT username, passwd FROM {htpasswdsync_passwd}, {users} WHERE name=username and status = 1');
  while ($r = db_fetch_object($res)) {
    if ($r->passwd == "****DELETED") {
      unset($passwords[$r->username]);
    }
    else {
      $passwords[$r->username] = $r->passwd; 
    }
  }
  _htpasswdsync_write_htfile($passwords, $file);
  firep("end _htpasswdsync_updatepasswd");
 }

 
/* update htpassword table with the new password of the user
 *
 * @param $edit
 *   fields that have been edited  
 * @param $account
 *   account of the user to update 
 * @return   
 */    
 function _htpasswdsync_update($edit, $account) {

  if (isset($edit["pass"]) && $edit["pass"] <> "") {
    // update with the $account information received
    // password crypted with the standard crypt (not MD5) function
    $user = $account->name;
    $pass = _htpasswdsync_crypt($edit['pass']);
    $passwds[$user] = $pass;
  
    //update table
    db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $user);
    db_query("INSERT INTO {htpasswdsync_passwd} (username, passwd) VALUES('%s', '%s')", $user, $pass);
    _htpasswdsync_commit_to_htpasswd();
  }
  if (isset($edit['name']) && $edit['name'] <> $account->name) {
    // we are changing username
    $r    = db_query("SELECT username,passwd from {htpasswdsync_passwd} WHERE username = '%s'", $account->name);
    $user = db_fetch_object($r);
    db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $user->username);
    db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $edit['name']);
    db_query("INSERT INTO {htpasswdsync_passwd} (username, passwd) VALUES('%s', '%s')", $edit['name'], $user->passwd);
    _htpasswdsync_commit_to_htpasswd();
  }
}

/* update htpassword file with the new password of the user
 *
 * @param $account
 *   account of the user to update 
 * @return   
 */    
function _htpasswdsync_commit_to_htpasswd() {
  // update passwd file with new status  
  _htpasswdsync_updatepasswd();
  _htpasswdsync_updategroup();
}

/* remove the one user for the htpassword file
 *
 * @param $username
 *   username of account to delete 
 * @return   
 */    
function _htpasswdsync_delete_user($username) {
  db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $username);
  db_query("INSERT INTO {htpasswdsync_passwd} (username, passwd) VALUES('%s', '%s')", $username, "****DELETED");
}

 
/* remove the user for the htpassword file
 *
 * @param $account
 *   array of account to delete 
 * @return   
 */    
function _htpasswdsync_delete($account) {
  if (isset($account['accounts'])) {
    foreach ($account['accounts'] as $a) {
      $r = db_query("SELECT name FROM {users} WHERE uid = %d", $a);
      $user = db_fetch_object($r);
      _htpasswdsync_delete_user($user->name);
    }
  }
  elseif (isset($account['_account'])) {
     _htpasswdsync_delete_user($user->name);
  }
  _htpasswdsync_commit_to_htpasswd();
}

 /**
* Validate user form input
*   here we refuse username with characters that are not supported
*   in htpasswd files
* @param $edit field submited
* @return none
*/
function _htpasswdsync_validate($edit, $account) {
  if (isset($edit['name'])) {
    if (ereg('[:[:space:]]', $edit['name'])) {
      form_set_error('htpasswdsync', 
          t('The username contains an illegal character, like &lt;space&gt;, :'));
    }
  }
} // htpasswdsync_validate

 /**
* Display help and module information
* @param path which path of the site we're displaying help
* @param arg array that holds the current path as would be returned from arg() function
* @return help text for the path
*/
function htpasswdsync_help($path, $arg) {
  $output = '';  //declare your output variable
  switch ($path) {
    case "admin/help#htpasswdsync":
      $output = '<p>'.  t("synchronize password with a htpasswd file") .'</p>';
      break;
  }
  return $output;
} // function htpasswdsync_help

/**
* Valid permissions for this module
* @return array An array of valid permissions for the htpasswdsync module
*/
function htpasswdsync_perm() {
  return array('administer htpasswdsync');
} // function htpasswdsync_perm()

/*
 * Implementation of hook_user()
 */  
function htpasswdsync_user($op, &$edit, &$account, $category = NULL) {
  switch ($op) {
    case "delete": 
      _htpasswdsync_delete($edit);
    break;
    case "insert": 
      _htpasswdsync_update($edit, $account);
    break;
    case "update": 
      _htpasswdsync_update($edit, $account);
    break;
    case "after_update": 
      _htpasswdsync_commit_to_htpasswd();
    break;
    case "validate": 
      _htpasswdsync_validate($edit, $account);
    break;
    case "load":
      _htpasswdsync_updategroup();
    break;
  }
} // function htpasswdsync_user()


function htpasswdsync_admin() {

  $form['htpasswdsync_htpasswd'] = array(
    '#type' => 'textfield',
    '#title' => t('htpasswd file'),
    '#default_value' => _htpasswdsync_passfilename(),
    '#size' => 100,
    '#maxlength' => 200,
    '#description' => t("Where is stored the !file file we want to synchronize with.",
          array('!file' => 'htpasswd')),
    '#required' => TRUE,
  );
  $form['htpasswdsync_htgroup'] = array(
    '#type' => 'textfield',
    '#title' => t('htgroup file'),
    '#default_value' => _htpasswdsync_grpfilename(),
    '#size' => 100,
    '#maxlength' => 200,
    '#description' => t("Where is stored the !file file we want to synchronize with.",
          array('!file' => 'htgroup')),
    '#required' => TRUE,
  );
  $form['htpasswdsync_hash'] = array(
    '#type' => 'radios',
    '#title' => t('password hashing algorythm'),
    '#description' => t("How shall the password be hashed (crypt for unix, SHA1 for all)"),
    '#options' => _htpasswdsync_hashes(),    
    '#default_value' => _htpasswdsync_hash(),
  );
   $form['htpasswdsync_roles'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Roles to be exported in htgroup'),
    '#default_value' => _htpasswdsync_roles(),
    '#options' => user_roles(TRUE),
  );
  $form['htpasswdsync_overwrite'] = array(
    '#type' => 'checkbox',
    '#title' => t('is htpasswd file only managed by this module'),
    '#default_value' => _htpasswdsync_overwrite(),
  );
 
  return system_settings_form($form);
}


/* Test if a file exist and is writable
 *
 * @param $filename
 *   name of the file
 * @return
 *   return false on success, otherwise an error message
 */
function _htpasswdsync_check_file($file) {
  $f = @fopen($file, "r");
  if (!$f) {
    return t("File '!file' does not exists, you should create it.",
      array('!file' => $file));
  }
  else {
    fclose($f);
    $f = @fopen($file, "a");
    if (!$f) {
      return t("cannot write to file '!file'.", array('!file' => $file));
    }
    else {
      fclose($f);
    }
  } 
  return FALSE;
}

function htpasswdsync_admin_validate($form, &$form_state) {

  $file = $form_state['values']['htpasswdsync_htpasswd'];
  if ($msg = _htpasswdsync_check_file($file)) {
    form_set_error('htpasswdsync_htpasswd', $msg);
  }

  $file = $form_state['values']['htpasswdsync_htgroup'];
  if ($msg = _htpasswdsync_check_file($file)) {
    form_set_error('htpasswdsync_htpasswd', $msg);
  }
}

function htpasswdsync_menu() {

  $items = array();

  $items['admin/user/htpasswdsync'] = array(
    'title' => 'HTPassword Sync',
    'description' => 'Preferences for the HTPasswd Sync module',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('htpasswdsync_admin'),
    'access arguments' => array('access administration pages'),
    'type' => MENU_NORMAL_ITEM,
   );

  return $items;
}

function htpasswdsync_requirements($phase) {

  $requirements = array();

  // if not runtime query, exit
  if ($phase != 'runtime') {
    return $requirements;
  }
  
  $htpasswd_status_msg = _htpasswdsync_check_file(_htpasswdsync_passfilename());
  $htpasswd_status_val = REQUIREMENT_ERROR;
  if (!$htpasswd_status_msg) {
    $htpasswd_status_msg = t('!file file is available', array('!file' => 'htpasswd'));
    $htpasswd_status_val = REQUIREMENT_OK;
  }

  $htgroup_status_msg = _htpasswdsync_check_file(_htpasswdsync_grpfilename());
  $htgroup_status_val = REQUIREMENT_ERROR;
  if (!$htgroup_status_msg) {
    $htgroup_status_msg = t('!file file is available', array('!file' => 'htgroup'));
    $htgroup_status_val = REQUIREMENT_OK;
  }
  
  $status = $htpasswd_status_val > $htgroup_status_val ?
    $htpasswd_status_val : $htgroup_status_val;

  $requirements['htpasswdsync_status'] = array(
    'title'       => t('HTPasswd Sync Status'),
    'value'       => $htpasswd_status_msg ."<br>". 
                     $htgroup_status_msg ."<br>".
                     t('last update !time ago.', array(
                        '!time' => format_interval(time()-variable_get('htpasswdsync_cron_time', 0)))),
    'severity'    => $status,
    );
  if ($status != REQUIREMENT_OK) {
    $requirements['htpasswdsync_status']['description'] =
      t('Cannot access files, please <a href="!url">check configuration</a>.',
         array('!url' => url('admin/user/htpasswdsync')));
  }

  return $requirements;
}

function htpasswdsync_cron() {
  $time = variable_get('htpasswdsync_cron_time', 0);
  $res = db_query('DELETE FROM {htpasswdsync_passwd} WHERE username NOT IN (SELECT name from {users})');
  _htpasswdsync_updatepasswd();
  _htpasswdsync_updategroup();
  variable_set('htpasswdsync_cron_time', time());
}