<?php

	// This module is currently !!!HIGHLY EXPERIMENTAL!!!
	// You should think twice before running this on a production server
	// as security mechanisms are not yet implemented and those that
	// are implemented probably don't work.

	// DAV mounts will probably fail if you don't use SSL, because some platforms refuse to send
	// basic auth over non-encrypted connections.
	// One could use digest auth - but then one has to calculate the A1 digest and store it for
	// all acounts. We aren't doing that. We have a stored password already. We don't need another
	// one. The login unfortunately is the channel nickname (webbie) as we have no way of passing 
	// the destination channel to DAV. You should be able to login with your account credentials 
	// and be directed to your default channel. 

	// This interface does not yet support Red stored files. Consider any content in your "store" 
	// directory to be throw-away until advised otherwise.


	use Sabre\DAV;

    require_once('vendor/autoload.php');


	// workaround for HTTP-auth in CGI mode
	if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
	 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
		if(strlen($userpass)) {
		 	list($name, $password) = explode(':', $userpass);
			$_SERVER['PHP_AUTH_USER'] = $name;
			$_SERVER['PHP_AUTH_PW'] = $password;
		}
	}

	if(x($_SERVER,'HTTP_AUTHORIZATION')) {
	 	$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
		if(strlen($userpass)) {
		 	list($name, $password) = explode(':', $userpass);
			$_SERVER['PHP_AUTH_USER'] = $name;
			$_SERVER['PHP_AUTH_PW'] = $password;
		}
	}


class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {

    protected function validateUserPass($username, $password) {
		require_once('include/auth.php');
		$record = account_verify_password($email,$pass);
		if($record && $record['account_default_channel']) {
			$r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1",
				intval($record['account_id']),
				intval($record['account_default_channel'])
			);
			if($r) {
				$this->currentUser = $r[0]['channel_address'];
				return true;
			}
		}
		$r = q("select channel_account_id from channel where channel_address = '%s' limit 1",
			dbesc($username)
		);
		if($r) {
			$x = q("select * from account where account_id = %d limit 1",
				intval($r[0]['channel_account_id'])
			);
			if($x) {
			    foreach($x as $record) {
			        if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
            		&& (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) {
			            logger('(DAV) RedBasicAuth: password verified for ' . $username);
            			return true;
        			}
    			}
			}
		}
	    logger('(DAV) RedBasicAuth: password failed for ' . $username);
    	return false;
	}
}


function cloud_init() {

	if(! get_config('system','enable_cloud'))
		killme();

	$rootDirectory = new DAV\FS\Directory('store');
	$server = new DAV\Server($rootDirectory);
	$lockBackend = new DAV\Locks\Backend\File('store/data/locks');
	$lockPlugin = new DAV\Locks\Plugin($lockBackend);

	$server->addPlugin($lockPlugin);

	$auth = new RedBasicAuth();

	$auth->Authenticate($server,'Red Matrix');


	// All we need to do now, is to fire up the server
	$server->exec();

	exit;

}