<?php
/*
Plugin Name: External Connection
Version: 2.0.7.a
Description: High school connection - Don't DEACTIVATE !!!
*/
/* 
PREREQs: (Maybe an admin interface would become a must).

1 - Mandatory API parameter to define in your private LOCAL configuration file
 (ie. ./include/config_local.inc.php   and NEVER config_global)
Like this:
$conf['external_connection_api'] = 'http://website.api/api.php?user=%s&pass=%s&type=echodata';
where user=%s will provide the user parameter to the API
and pass=%s will provide the encoded password
type=blahblahblah is any additionnal parameter

2 - Optional - Encoded password
Default is MD5.
If you need to encode it create a global static function (eg. main_convert_from_external)
which will return the encoded password. Parameter is original clear password.
$conf['pass_convert'] = create_function('$s', 'global $row; return main_convert_from_external($s);');

LOGIC: (A bit complex due to the ID provided logic).

1 - Try to connect to Piwigo as usual
2 - On failure the handler would take over.

3 - On logon failure now, call the API following its ruleset
in the present case, the school API returns Pseudo and ID which could be different for other APIs
4 - If not found by the API, do nothing (see else final logic)

5 - Yes recognised, now. 
Because we have the ID forced (could be different with other APIs), we should try to register in Piwigo.
Try to register (normaly only new users are there but consider that the Pseudo could be changed and it was the case once a year max).
(See (*) below)


6 - Register is ok. Logon and redirect.

Else (4 and 6) we are in a failure exception process, so just return to the normal failure process.

(*): This API provides an ID so...
It can provide ID 1 and 2 (which are by default respectively the webmaster-id and the guest-id for anonymous access).
So the first step is to get from the API provider in such case...
You id (to become the webmaster-id of Piwigo) and another id (to become the guest-id).
Then connect you with each of them, just to create their account in Piwigo.
See in admin Identification > Users their new lines.
Move over their profile icons just to get their IDs (comming from the API).
Supposed to be 1234 and 5678 for following statements.
SET your user status as Admin.

define in your private LOCAL configuration file
 (ie. ./include/config_local.inc.php   and NEVER config_global)
Like this:
$conf['guest_id'] = 5678;
$conf['default_user_id'] = $conf['guest_id'];
$conf['webmaster_id'] = 1234;

Close to be finished:
Connect you with you user (1234).
See in admin Identification > Users 
The old webmaster is an Admin
The old guest is a normal registered user.
Delete them (or at least change the status of the old webmaster as user).

That's it.
*/

/* Here already in step 1 */
if (!defined('PHPWG_ROOT_PATH')) die ("Hacking attempt!");

global $conf, $row;
  $conf['allow_user_registration'] = false;
  if (!isset($conf['external_connection_api'])) 
    die("The API parameter is NOT defined \$conf['external_connection_api']. Please see ./plugins/external_connection/main.inc.php comments.");

/* step 2 (creation) */
add_event_handler('login_failure', 'try_external_identification');

function try_external_identification($username)
{
  global $conf, $redirect_to, $remember_me;

/* step 3 (call the external API) */
  $external_url = sprintf($conf['external_connection_api'], addslashes($username), md5(addslashes($_POST['password'])));
  $fp = fopen($external_url,'r');
  $d = fgets($fp);
  $g = split("//",$d);
  $userid = (int)($g[0]); //$userid=32; #for local testing
  fclose($fp);

  if ($userid > 0)
  { /* step 5 (register) */
    $error = register_external_user($userid, $username, $_POST['password'], '');
    if (empty($error))
    { /* step 6 (Logon) */
      log_user($userid, $remember_me);
      redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
    }
  }
/* step 4 (do nothing) */
}

/* The orginal registration function has been reviewed to force an external provided id 
   and to be able to change the pseudo (no duplicate pseudo in this particular case) */
function register_external_user($next_id, $login, $password, $mail_address,
  $with_notification = true, $errors = array())
{
  global $conf;
  if ($login == '') array_push($errors, l10n('reg_err_login1'));
  if (preg_match('/^.* $/', $login)) array_push($errors, l10n('reg_err_login2'));
  if (preg_match('/^ .*$/', $login)) array_push($errors, l10n('reg_err_login3'));
  if (get_userid($login)) array_push($errors, l10n('reg_err_login5'));
  $mail_error = validate_mail_address(null, $mail_address);
  if ('' != $mail_error) array_push($errors, $mail_error);
  $errors = trigger_event('register_user_check',
              $errors, array(
                'username'=>$login,
                'password'=>$password,
                'email'=>$mail_address,
              ));

  // if no error until here, registration of the user
  if (count($errors) == 0) {
    $query = 'REPLACE INTO piwigo_users
  (id,username,password,mail_address)
  VALUES(' . $next_id . ',\'' . mysql_real_escape_string($login) . '\',\'' . $conf['pass_convert']($password) . '\',NULL);';
    $result = pwg_query($query);

    // Assign by default groups
      $query = 'SELECT id
  FROM '.GROUPS_TABLE.'
  WHERE is_default = \''.boolean_to_string(true).'\'
  ORDER BY id ASC;';
      $result = pwg_query($query);
      $inserts = array();
      while ($row = mysql_fetch_array($result))
      {
        array_push($inserts,
          array(
            'user_id' => $next_id,
            'group_id' => $row['id']
          ));
      }

    if (count($inserts) != 0) {
      include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
      mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
    }

    $num_infos = mysql_num_rows(pwg_query('SELECT user_id
  FROM '.USER_INFOS_TABLE.' WHERE user_id = \''.$next_id.'\''));
    if ($num_infos == 0) create_user_infos($next_id);

    if ($with_notification and $num_infos == 0 and $conf['email_admin_on_new_user']) {
      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
      $admin_url = get_absolute_root_url()
                   .'admin.php?page=user_list&username='.$login;
      $keyargs_content = array(
        get_l10n_args('User: %s', $login),
        get_l10n_args('Email: %s', $_POST['mail_address']),
        get_l10n_args('', ''),
        get_l10n_args('Admin: %s', $admin_url)
      );
      pwg_mail_notification_admins(
        get_l10n_args('Registration of %s', $login),
        $keyargs_content
      );
    }
    trigger_action('register_user', array(
        'id'=>$next_id,
        'username'=>$login,
        'email'=>$mail_address,
       ));
  }
  return $errors;
}

?>