[platal.git] / classes / session.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2008 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class Session
{
    public static function init()
    {
        @session_start();
        if (empty($_SESSION['challenge'])) {
            $_SESSION['challenge'] = sha1(uniqid(rand(), true));
        }
        if (empty($_SESSION['xsrf_token'])) {
            require_once 'xorg.misc.inc.php';
            $_SESSION['xsrf_token'] = rand_url_id();
        }
        if (!isset($_SESSION['perms']) || !($_SESSION['perms'] instanceof PlFlagSet)) {
            $_SESSION['perms'] = new PlFlagSet();
        }
    }

    public static function destroy()
    {
        @session_destroy();
        unset($_SESSION);
    }

    public static function has($key)
    {
        return isset($_SESSION[$key]);
    }

    public static function kill($key)
    {
        unset($_SESSION[$key]);
    }

    public static function v($key, $default = null)
    {
        return isset($_SESSION[$key]) ? $_SESSION[$key] : $default;
    }

    public static function s($key, $default = '')
    {
        return (string)Session::v($key, $default);
    }

    public static function i($key, $default = 0)
    {
        $i = Session::v($key, $default);
        return is_numeric($i) ? intval($i) : $default;
    }

    public static function l(array $keys)
    {
        return array_map(array('Session', 'v'), $keys);
    }

    public static function has_perms()
    {
        return Session::logged() && Session::v('perms')->hasFlag(PERMS_ADMIN);
    }

    public static function logged()
    {
        return Session::v('auth', AUTH_PUBLIC) >= AUTH_COOKIE;
    }

    public static function identified()
    {
        return Session::v('auth', AUTH_PUBLIC) >= AUTH_MDP;
    }

    // Anti-XSRF protections.
    public static function has_xsrf_token()
    {
        return Session::has('xsrf_token') && Session::v('xsrf_token') == Env::v('token');
    }

    public static function assert_xsrf_token()
    {
        if (!Session::has_xsrf_token()) {
            global $page;
            if ($page instanceof PlPage) {
                $page->kill("L'opération n'a pas pu aboutir, merci de réessayer.");
            }
        }
    }

    public static function rssActivated()
    {
        return Session::has('core_rss_hash') && Session::v('core_rss_hash');
    }
}

// {{{ function check_perms()

/** verifie si un utilisateur a les droits pour voir une page
 ** si ce n'est pas le cas, on affiche une erreur
 * @return void
 */
function check_perms()
{
    global $page;
    if (!S::has_perms()) {
        if ($_SESSION['log']) {
            $_SESSION['log']->log("noperms",$_SERVER['PHP_SELF']);
        }
	$page->kill("Tu n'as pas les permissions nécessaires pour accéder à cette page.");
    }
}

// }}}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
cab08090	1	<?php
cab08090	2	/***************************************************************************
179afa7f	3	* Copyright (C) 2003-2008 Polytechnique.org *
cab08090	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class Session
	23	{
6995a9b9	24	public static function init()
cab08090	25	{
	26	@session_start();
	27	if (empty($_SESSION['challenge'])) {
	28	$_SESSION['challenge'] = sha1(uniqid(rand(), true));
20934085	29	}
2fe96c54	30	if (empty($_SESSION['xsrf_token'])) {
060b07f8	31	require_once 'xorg.misc.inc.php';
2fe96c54 VZ	32	$_SESSION['xsrf_token'] = rand_url_id();
2fe96c54 VZ	33	}
113f6de8 FB	34	if (!isset($_SESSION['perms']) \|\| !($_SESSION['perms'] instanceof PlFlagSet)) {
113f6de8 FB	35	$_SESSION['perms'] = new PlFlagSet();
20934085	36	}
cab08090	37	}
cab08090	38
6995a9b9	39	public static function destroy()
cab08090	40	{
	41	@session_destroy();
	42	unset($_SESSION);
	43	}
	44
6995a9b9	45	public static function has($key)
cab08090	46	{
	47	return isset($_SESSION[$key]);
	48	}
	49
6995a9b9	50	public static function kill($key)
cab08090	51	{
	52	unset($_SESSION[$key]);
	53	}
	54
6995a9b9	55	public static function v($key, $default = null)
cab08090	56	{
	57	return isset($_SESSION[$key]) ? $_SESSION[$key] : $default;
	58	}
	59
eaf30d86	60	public static function s($key, $default = '')
7280eb45	61	{
7280eb45	62	return (string)Session::v($key, $default);
eaf30d86	63	}
7280eb45	64
6995a9b9	65	public static function i($key, $default = 0)
6b590724	66	{
	67	$i = Session::v($key, $default);
	68	return is_numeric($i) ? intval($i) : $default;
	69	}
cab08090	70
7280eb45	71	public static function l(array $keys)
	72	{
	73	return array_map(array('Session', 'v'), $keys);
	74	}
	75
6995a9b9	76	public static function has_perms()
cab08090	77	{
bf517daf	78	return Session::logged() && Session::v('perms')->hasFlag(PERMS_ADMIN);
cab08090	79	}
cab08090	80
6995a9b9	81	public static function logged()
cab08090	82	{
	83	return Session::v('auth', AUTH_PUBLIC) >= AUTH_COOKIE;
	84	}
	85
6995a9b9	86	public static function identified()
cab08090	87	{
	88	return Session::v('auth', AUTH_PUBLIC) >= AUTH_MDP;
	89	}
40d428d8 VZ	90
	91	// Anti-XSRF protections.
	92	public static function has_xsrf_token()
	93	{
	94	return Session::has('xsrf_token') && Session::v('xsrf_token') == Env::v('token');
	95	}
	96
	97	public static function assert_xsrf_token()
	98	{
	99	if (!Session::has_xsrf_token()) {
	100	global $page;
04334c61	101	if ($page instanceof PlPage) {
40d428d8 VZ	102	$page->kill("L'opération n'a pas pu aboutir, merci de réessayer.");
	103	}
	104	}
	105	}
0279e18d FB	106
	107	public static function rssActivated()
	108	{
	109	return Session::has('core_rss_hash') && Session::v('core_rss_hash');
	110	}
cab08090	111	}
cab08090	112
b76f0797	113	// {{{ function check_perms()
	114
	115	/** verifie si un utilisateur a les droits pour voir une page
	116	** si ce n'est pas le cas, on affiche une erreur
	117	* @return void
	118	*/
	119	function check_perms()
	120	{
	121	global $page;
	122	if (!S::has_perms()) {
	123	if ($_SESSION['log']) {
	124	$_SESSION['log']->log("noperms",$_SERVER['PHP_SELF']);
	125	}
a7de4ef7	126	$page->kill("Tu n'as pas les permissions nécessaires pour accéder à cette page.");
b76f0797	127	}
	128	}
	129
	130	// }}}
	131
a7de4ef7	132	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
cab08090	133	?>