[platal.git] / classes / xnetsession.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2008 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class XnetSession extends PlSession
{
    public function __construct()
    {
        parent::__construct();
        S::bootstrap('perms_backup', new PlFlagSet());
    }

    public function startAvailableAuth()
    {
        if (!(S::v('perms') instanceof PlFlagSet)) {
            S::set('perms', S::v('perms_backup'));
        }

        if (!S::logged() && Get::has('auth')) {
            if (!$this->start(AUTH_MDP)) {
                return false;
            }
        }

        global $globals;
        if (!S::logged()) {
            // prevent connection to be linked to disconnection
            if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
                $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
            else
                $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
            $url  = "https://www.polytechnique.org/auth-groupex";
            $url .= "?session=" . session_id();
            $url .= "&challenge=" . S::v('challenge');
            $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
            $url .= "&url=".urlencode($returl);
            S::set('loginX', $url);
        }

        if (S::logged() && $globals->asso()) {
            $perms = S::v('perms');
            $perms->rmFlag('groupadmin');
            $perms->rmFlag('groupmember');
            $perms->rmFlag('groupannu');
            if (may_update()) {
                $perms->addFlag('groupadmin');
                $perms->addFlag('groupmember');
                $perms->addFlag('groupannu');
            }
            if (is_member()) {
                $perms->addFlag('groupmember');
                if ($globals->asso('pub') != 'private') {
                    $perms->addFlag('groupannu');
                }
            }
            if ($globals->asso('cat') == 'Promotions') {
                $perms->addFlag('groupannu');
            }
            S::set('perms', $perms);
            S::set('perms_backup', $perms);
        }
        return true;
    }

    protected function doAuth($level)
    {
        if (S::identified()) { // ok, c'est bon, on n'a rien à faire
            return S::i('uid');
        }
        if (!Get::has('auth')) {
            return null;
        }
        global $globals;
        if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
            return null;
        }
        Get::kill('auth');
        S::set('auth', AUTH_MDP);
        return Get::i('uid');
    }

    protected function startSessionAs($user, $level)
    {
        global $globals;

        if ($level == -1) {
            S::set('auth', AUTH_MDP);
        }
        $res  = XDB::query("SELECT  u.user_id AS uid, u.hruid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
                                    CONCAT(a.alias, '@{$globals->mail->domain}') AS forlife,
                                    CONCAT(a2.alias, '@{$globals->mail->domain}') AS bestalias,
                                    q.core_mail_fmt AS mail_fmt, q.core_rss_hash
                              FROM  auth_user_md5   AS u
                        INNER JOIN  auth_user_quick AS q  USING(user_id)
                        INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type = 'a_vie')
                        INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags))
                             WHERE  u.user_id = {?} AND u.perms IN('admin', 'user')
                             LIMIT  1", $user);
        $sess = $res->fetchOneAssoc();
        $perms = $sess['perms'];
        unset($sess['perms']);
        $_SESSION = array_merge($_SESSION, $sess);
        S::set('perms', User::makePerms($perms));
        S::kill('challenge');
        S::kill('loginX');
        S::kill('may_update');
        S::kill('is_member');
        Get::kill('uid');
        Get::kill('PHPSESSID');

        $args = array();
        foreach($_GET as $key => $val) {
            $args[] = urlencode($key). '=' .urlencode($val);
        }
        return true;
    }

    public function tokenAuth($login, $token)
    {
        $res = XDB::query('SELECT  u.hruid
                             FROM  aliases         AS a
                       INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
                       INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
                            WHERE  a.alias = {?} AND a.type != "homonyme"', $token, $login);
        if ($res->numRows() == 1) {
            $data = $res->fetchOneAssoc();
            return new User($res->fetchOneCell());
        }
        return null;
    }

    public function doSelfSuid()
    {
        if (!$this->startSUID(S::i('uid'))) {
            return false;
        }
        S::set('perms', User::makePerms('user'));
        return true;
    }

    public function stopSUID()
    {
        $suid = S::v('suid');
        if (!parent::stopSUID()) {
            return false;
        }
        S::kill('suid');
        S::kill('may_update');
        S::kill('is_member');
        S::set('perms', $suid['perms']);
        S::set('perms_backup', $suid['perms_backup']);
        return true;
    }

    public function sureLevel()
    {
        return AUTH_MDP;
    }
}

// {{{ function may_update

/** Return administration rights for the current asso
 * @param force Force administration rights to be read from database
 * @param lose  Force administration rights to be false
 */
function may_update($force = false, $lose = false)
{
    if (!isset($_SESSION['may_update'])) {
        $_SESSION['may_update'] = array();
    }
    $may_update =& $_SESSION['may_update'];

    global $globals;
    $asso_id = $globals->asso('id');
    if (!$asso_id) {
        return false;
    } elseif ($lose) {
        $may_update[$asso_id] = false;
    } elseif (S::has_perms() || (S::has('suid') && $force)) {
        $may_update[$asso_id] = true;
    } elseif (!isset($may_update[$asso_id]) || $force) {
        $res = XDB::query("SELECT  perms
                             FROM  groupex.membres
                            WHERE  uid={?} AND asso_id={?}",
                          S::v('uid'), $asso_id);
        $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
    }
    return $may_update[$asso_id];
}

// }}}
// {{{ function is_member

/** Get membership informations for the current asso
 * @param force Force membership to be read from database
 * @param lose  Force membership to be false
 */
function is_member($force = false, $lose = false)
{
    if (!isset($_SESSION['is_member'])) {
        $_SESSION['is_member'] = array();
    }
    $is_member =& $_SESSION['is_member'];

    global $globals;
    $asso_id = $globals->asso('id');
    if (!$asso_id) {
        return false;
    } elseif ($lose) {
        $is_member[$asso_id] = false;
    } elseif (S::has('suid') && $force) {
        $is_member[$asso_id] = true;
    } elseif (!isset($is_member[$asso_id]) || $force) {
        $res = XDB::query("SELECT  COUNT(*)
                             FROM  groupex.membres
                            WHERE  uid={?} AND asso_id={?}",
                S::v('uid'), $asso_id);
        $is_member[$asso_id] = ($res->fetchOneCell() == 1);
    }
    return $is_member[$asso_id];
}

// }}}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
179afa7f	3	* Copyright (C) 2003-2008 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
ab694eb5	22	class XnetSession extends PlSession
0337d704	23	{
6b79b8ef FB	24	public function __construct()
6b79b8ef FB	25	{
ab694eb5 FB	26	parent::__construct();
ab694eb5 FB	27	S::bootstrap('perms_backup', new PlFlagSet());
6b79b8ef FB	28	}
6b79b8ef FB	29
ab694eb5	30	public function startAvailableAuth()
1490093c	31	{
ab694eb5 FB	32	if (!(S::v('perms') instanceof PlFlagSet)) {
	33	S::set('perms', S::v('perms_backup'));
	34	}
cab08090	35
6b79b8ef	36	if (!S::logged() && Get::has('auth')) {
ab694eb5 FB	37	if (!$this->start(AUTH_MDP)) {
	38	return false;
	39	}
6b79b8ef FB	40	}
6b79b8ef FB	41
ab694eb5	42	global $globals;
cab08090	43	if (!S::logged()) {
ab694eb5	44	// prevent connection to be linked to disconnection
71fe935c	45	if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
0337d704	46	$returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
	47	else
	48	$returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
1fd4da04	49	$url = "https://www.polytechnique.org/auth-groupex";
0337d704	50	$url .= "?session=" . session_id();
cab08090	51	$url .= "&challenge=" . S::v('challenge');
cab08090	52	$url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
0337d704	53	$url .= "&url=".urlencode($returl);
ab694eb5	54	S::set('loginX', $url);
0337d704	55	}
bf517daf	56
	57	if (S::logged() && $globals->asso()) {
	58	$perms = S::v('perms');
	59	$perms->rmFlag('groupadmin');
	60	$perms->rmFlag('groupmember');
35fa92e8	61	$perms->rmFlag('groupannu');
bf517daf	62	if (may_update()) {
	63	$perms->addFlag('groupadmin');
	64	$perms->addFlag('groupmember');
35fa92e8	65	$perms->addFlag('groupannu');
bf517daf	66	}
	67	if (is_member()) {
	68	$perms->addFlag('groupmember');
2c86d368	69	if ($globals->asso('pub') != 'private') {
35fa92e8	70	$perms->addFlag('groupannu');
	71	}
	72	}
	73	if ($globals->asso('cat') == 'Promotions') {
	74	$perms->addFlag('groupannu');
bf517daf	75	}
ab694eb5 FB	76	S::set('perms', $perms);
ab694eb5 FB	77	S::set('perms_backup', $perms);
bf517daf	78	}
ab694eb5	79	return true;
0337d704	80	}
cab08090	81
ab694eb5	82	protected function doAuth($level)
0337d704	83	{
ab694eb5 FB	84	if (S::identified()) { // ok, c'est bon, on n'a rien à faire
ab694eb5 FB	85	return S::i('uid');
0337d704	86	}
ab694eb5 FB	87	if (!Get::has('auth')) {
	88	return null;
	89	}
	90	global $globals;
	91	if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
	92	return null;
	93	}
	94	Get::kill('auth');
	95	S::set('auth', AUTH_MDP);
	96	return Get::i('uid');
c0d6753f	97	}
c0d6753f	98
ab694eb5	99	protected function startSessionAs($user, $level)
bf517daf	100	{
08d7cc45	101	global $globals;
0337d704	102
ab694eb5 FB	103	if ($level == -1) {
ab694eb5 FB	104	S::set('auth', AUTH_MDP);
0337d704	105	}
70232020 VZ	106	$res = XDB::query("SELECT u.user_id AS uid, u.hruid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
	107	CONCAT(a.alias, '@{$globals->mail->domain}') AS forlife,
	108	CONCAT(a2.alias, '@{$globals->mail->domain}') AS bestalias,
	109	q.core_mail_fmt AS mail_fmt, q.core_rss_hash
ab694eb5 FB	110	FROM auth_user_md5 AS u
ab694eb5 FB	111	INNER JOIN auth_user_quick AS q USING(user_id)
70232020 VZ	112	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = 'a_vie')
	113	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags))
	114	WHERE u.user_id = {?} AND u.perms IN('admin', 'user')
	115	LIMIT 1", $user);
ab694eb5 FB	116	$sess = $res->fetchOneAssoc();
	117	$perms = $sess['perms'];
	118	unset($sess['perms']);
	119	$_SESSION = array_merge($_SESSION, $sess);
50d5ec0b	120	S::set('perms', User::makePerms($perms));
cab08090	121	S::kill('challenge');
cab08090	122	S::kill('loginX');
0afc7e1e	123	S::kill('may_update');
0afc7e1e	124	S::kill('is_member');
0337d704	125	Get::kill('uid');
63528107	126	Get::kill('PHPSESSID');
b0b937fd	127
fd834b4b	128	$args = array();
b0b937fd	129	foreach($_GET as $key => $val) {
ab694eb5	130	$args[] = urlencode($key). '=' .urlencode($val);
0337d704	131	}
ab694eb5	132	return true;
0337d704	133	}
0337d704	134
0d44ce42 FB	135	public function tokenAuth($login, $token)
0d44ce42 FB	136	{
50d5ec0b	137	$res = XDB::query('SELECT u.hruid
0d44ce42 FB	138	FROM aliases AS a
	139	INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
	140	INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
	141	WHERE a.alias = {?} AND a.type != "homonyme"', $token, $login);
	142	if ($res->numRows() == 1) {
50d5ec0b FB	143	$data = $res->fetchOneAssoc();
50d5ec0b FB	144	return new User($res->fetchOneCell());
0d44ce42 FB	145	}
	146	return null;
	147	}
	148
ab694eb5	149	public function doSelfSuid()
0deaff1d	150	{
ab694eb5 FB	151	if (!$this->startSUID(S::i('uid'))) {
ab694eb5 FB	152	return false;
0deaff1d	153	}
50d5ec0b	154	S::set('perms', User::makePerms('user'));
ab694eb5	155	return true;
b8e265bf	156	}
b8e265bf	157
ab694eb5	158	public function stopSUID()
eaf30d86	159	{
0deaff1d	160	$suid = S::v('suid');
ab694eb5 FB	161	if (!parent::stopSUID()) {
	162	return false;
	163	}
0deaff1d	164	S::kill('suid');
	165	S::kill('may_update');
	166	S::kill('is_member');
ab694eb5 FB	167	S::set('perms', $suid['perms']);
	168	S::set('perms_backup', $suid['perms_backup']);
	169	return true;
b8e265bf	170	}
0deaff1d	171
ab694eb5 FB	172	public function sureLevel()
	173	{
	174	return AUTH_MDP;
	175	}
b8e265bf	176	}
b8e265bf	177
0deaff1d	178	// {{{ function may_update
0337d704	179
0deaff1d	180	/** Return administration rights for the current asso
	181	* @param force Force administration rights to be read from database
	182	* @param lose Force administration rights to be false
	183	*/
b8e265bf	184	function may_update($force = false, $lose = false)
	185	{
	186	if (!isset($_SESSION['may_update'])) {
	187	$_SESSION['may_update'] = array();
	188	}
	189	$may_update =& $_SESSION['may_update'];
	190
0337d704	191	global $globals;
b8e265bf	192	$asso_id = $globals->asso('id');
0deaff1d	193	if (!$asso_id) {
	194	return false;
	195	} elseif ($lose) {
	196	$may_update[$asso_id] = false;
	197	} elseif (S::has_perms() \|\| (S::has('suid') && $force)) {
	198	$may_update[$asso_id] = true;
	199	} elseif (!isset($may_update[$asso_id]) \|\| $force) {
b8e265bf	200	$res = XDB::query("SELECT perms
	201	FROM groupex.membres
	202	WHERE uid={?} AND asso_id={?}",
a14159bf	203	S::v('uid'), $asso_id);
b8e265bf	204	$may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
b8e265bf	205	}
b8e265bf	206	return $may_update[$asso_id];
0337d704	207	}
	208
	209	// }}}
0deaff1d	210	// {{{ function is_member
0337d704	211
0deaff1d	212	/** Get membership informations for the current asso
	213	* @param force Force membership to be read from database
	214	* @param lose Force membership to be false
eaf30d86	215	*/
b8e265bf	216	function is_member($force = false, $lose = false)
c1863ee9	217	{
b8e265bf	218	if (!isset($_SESSION['is_member'])) {
	219	$_SESSION['is_member'] = array();
	220	}
	221	$is_member =& $_SESSION['is_member'];
	222
0337d704	223	global $globals;
258b9710	224	$asso_id = $globals->asso('id');
0deaff1d	225	if (!$asso_id) {
0deaff1d	226	return false;
b8e265bf	227	} elseif ($lose) {
b8e265bf	228	$is_member[$asso_id] = false;
0deaff1d	229	} elseif (S::has('suid') && $force) {
	230	$is_member[$asso_id] = true;
	231	} elseif (!isset($is_member[$asso_id]) \|\| $force) {
	232	$res = XDB::query("SELECT COUNT(*)
	233	FROM groupex.membres
	234	WHERE uid={?} AND asso_id={?}",
	235	S::v('uid'), $asso_id);
	236	$is_member[$asso_id] = ($res->fetchOneCell() == 1);
258b9710	237	}
258b9710	238	return $is_member[$asso_id];
0337d704	239	}
	240
	241	// }}}
a7de4ef7	242	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
0337d704	243	?>