<?php
date_default_timezone_set('Europe/Amsterdam');

class User
{
	function __construct($dir)
	{
		$this->dir = $dir;
		$this->login = basename($dir);
	}

	function __get($col)
	{
		return $this->$col = $this->$col();  # run method and cache
	}

	function rawname()
	{
		return @file_get_contents("{$this->dir}/name.txt");
	}

	function name()
	{
		return htmlspecialchars(implode(' & ', explode("\n", $this->rawname)));
	}

	function admin()
	{
		return @file_exists("{$this->dir}/.admin");
	}

	function seen()
	{
		return @filemtime("{$this->dir}/last.log");
	}
}

function login_password_verify($input, $test)
{
	if (substr($test, 0, 1) != '$') {
		# plaintext match for uncrypted passwords
		return $input === $test;
	}
	return password_verify($input, $test);
}

function login_setcookie()
{
	global $User;
	return setcookie('login', $User['auth'], 0, '/');
}

function login($inuser, $inpass = NULL)
{
	if (empty($inuser)) return;
	if (!isset($inpass)) {
		@list ($inuser, $inauth) = explode(':', $inuser, 2);
	}

	# find password data by user name
	$userdir = 'profile/'.preg_replace('/[^a-z0-9]+/', '-', strtolower($inuser));
	$pwfile = "$userdir/.passwd";
	if (!file_exists($pwfile)) return;
	$usertest = trim(file_get_contents($pwfile));
	if (!$usertest) return;

	# verify password
	$authhash = md5($usertest);
	if (isset($inpass)) {
		if (!login_password_verify($inpass, $usertest)) return;
	}
	else {
		if ($inauth !== $authhash) return;
	}

	if (function_exists('apache_note')) apache_note('user', $inuser);

	if ($log = @fopen("$userdir/last.log", 'w')) {
		fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
	}

	return [
		'name'  => $inuser,
		'dir'   => $userdir,
		'admin' => file_exists("$userdir/.admin"),
		'pass'  => $usertest,
		'auth'  => "$inuser:$authhash",
	];
}

if (isset($_COOKIE['login'])) {
	global $User;
	$User = login($_COOKIE['login']);
}