<?php
// $Id: webserver_auth.module,v 1.16 2006/03/25 06:01:54 weitzman Exp $

function webserver_auth_init() {
  global $user, $domain, $account;

  if (!$domain) { $domain = variable_get("webserver_auth_domain", "");}

  // two ways to get $name
  $name = trim($_SERVER["REMOTE_USER"]);
  if (empty($name)) {
    $name = trim($_SERVER["REDIRECT_REMOTE_USER"]);
  }

  // pretties up the username for NTLM authentication (i.e. Windows)
  if (!empty($name)) {
    if (strpos($name, "\\")) {  	
      $name = substr($name, strrpos($name, "\\")+1);
    }
  }
  
  if (isset($user) && $user->id && $user->name === $name) {
    //do nothing because user is already logged into Drupal, and hasn't presented different credentials vis web server
    return;
  }
  if (empty($name)) {
    // do nothing. user isn't logged into web server
    return;
  }
  // user is logged into webserver.
  $account->name = $name;
  //modules get to change the user bits before saving. use a global $account to do so.
  // only loaded modules will see this hook
  module_invoke_all("webserver_auth");
  // if we are in bootstrap, load user.module ourselves
  if (!module_exists('user')) {
    drupal_load('module', 'user');
  }
  
  // try to log into Drupal. if unsuccessful, register the user
  $user = user_external_load($name);
  if ($user->uid) {
    // Found existing user; we're done
    return;
  }
  if (variable_get("user_register", 1) == 1) {
    $user_default = array("name" => $name, "pass" => "cyan", "mail" => "$name@$domain", "init" => db_escape_string($name), "status" => 1, "roles" => array(DRUPAL_AUTHENTICATED_RID), 'auth_webserver_auth' => $name);
    // TODO - the hook_user('register') will fire but only for loaded modules. could be a problem for sites using page cache and that hook+operation
    $user = user_save("", array_merge($user_default, (array)$account));
    watchdog("user", "new user: $user->name (webserver_auth)", l(t("edit user"), "admin/user/edit/$user->uid"));
  }
}

// using a global to change your bits. module_invoke_all miffs me.
function webserver_auth_webserver_auth() {
  global $account;

  if ($domain = variable_get("webserver_auth_domain", "")) {
    if ($account->name) {
      $account->mail = $account->name. "@$domain";
    }
  }
}

function webserver_auth_admin_settings() {
  $form["webserver_auth_domain"] = array(
    '#type' => 'textfield',
    '#title' => t("Email Domain"),
    '#default_value' => variable_get("webserver_auth_domain", ""),
    '#size' => 30,
    '#maxlength' => 55,
    '#description' => t("Append this domain name to each new user in order generate his email address."),
    );
  return system_settings_form($form);
}

function webserver_auth_help($section) {
  $output ="";

  return $output;
}

function webserver_auth_menu($may_cache) {
  $items[] = array(
    'path' => 'admin/settings/webserver_auth',
    'title' => t('Webserver auth'),
    'description' => 'Webserver auth settings',
    'callback' => 'drupal_get_form',
    'callback arguments' => array('webserver_auth_admin_settings'),
    'access' => user_access('administer site configuration'),
    'type'=> MENU_NORMAL_ITEM,
  );
  return $items;
}
