<?php

class FlickrAuthenticator
{
  var $flickr;
  var $apikey;
  var $secret;
  var $auth;

  var $errorPage;

  function FlickrAuthenticator($apikey, $secret)
  {
    $this->apikey = $apikey;
    $this->secret = $secret;
    $this->flickr = new phpFlickr($apikey, $secret, false);
    $this->errorPage = 'http://' . $_SERVER['HTTP_HOST'] . '/error.php';
  }

  function authenticate($requiredPerms)
  {
    $doAuth = true;
    $token = $_SESSION['FlickrAuthenticationToken'];
    $this->setToken($token);
    if (!empty($token))
    {
      $auth = $this->flickr->auth_checkToken();
      if ($this->flickr->getErrorCode())
      {
        $this->setToken(NULL);
      }
      else
      {
        // We have a good token
        // Check we have the required privileges
        $perms = $auth['perms'];

        switch ($perms)
        {
          case "read":
            if ($requiredPerms == "read")
            {
              $doAuth = false;
            }
            break;

          case "write":
            if ($requiredPerms == "read" || $requiredPerms == "write")
            {
              $doAuth = false;
            }
            break;

          case "delete":
            if ($requiredPerms == "read" || $requiredPerms == "write" 
              || $requiredPerms == "delete")
            {
              $doAuth = false;
            }
            break;
        }

        if (!$doAuth)
        {
          // No further authentication necessary, so store away
          // the results from checkToken
          $this->auth = $auth;
          $_SESSION['FlickrAuthenticatedUser'] = $auth['user']['username'];
        }
      }
    }

    if ($doAuth)
    {
      // Need to authenticate - redirect to flickr
      $extra = $_SERVER['REQUEST_URI'];
      $apisig = md5($this->secret . "api_key" . $this->apikey . "extra" . $extra 
        . "perms" . $requiredPerms);
      $url = 'http://www.flickr.com/services/auth/?api_key=' . $this->apikey 
        . '&extra=' . $extra . '&perms=' . $requiredPerms . '&api_sig='. $apisig;
      header("Location: " . $url);
      exit(0);
    }
  }

  function updateCredentials($frob)
  {
    $this->setToken(NULL);
    $token = $this->flickr->auth_getToken($frob);
    if (!$this->flickr->getErrorCode())
    {
      $this->setToken($token);
      $auth = $this->flickr->auth_checkToken();
      if ($this->flickr->getErrorCode())
      {
        $this->setToken(NULL);
        $this->error("There was a problem checking the authentication token: " 
          . $this->flickr->getErrorCode() . " " . $this->flickr->getErrorMsg());
      }
    }
    else
    {
      $this->setToken(NULL);
      $this->error("There was a problem getting the authentication token: " 
        . $this->flickr->getErrorCode() . " " . $this->flickr->getErrorMsg());
    }
  }

  function setToken($token)
  {
    $_SESSION['FlickrAuthenticationToken'] = $token;
    unset($_SESSION['phpFlickr_auth_token']);
    $this->flickr->setToken($token);
  }

  function error($message)
  {
    $_SESSION['error'] = $message;
    header('Location: ' . $this->errorPage);	
    exit(0);
  }
}
?>