[platal.git] / classes / xnetsession.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2011 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class XnetSession extends XorgSession
{
    public function __construct()
    {
        parent::__construct();
    }

    public function startAvailableAuth()
    {
        if (!S::logged() && Get::has('auth')) {
            if (!$this->start(AUTH_MDP)) {
                return false;
            }
        }

        if (!S::logged() && Post::has('auth_type') && Post::v('auth_type') == 'xnet' && !Post::has('wait')) {
            $email = Post::v('username');
            $type = XDB::fetchOneCell('SELECT  type
                                         FROM  accounts
                                        WHERE  email = {?}',
                                      $email);
            if ((!is_null($type) && $type != 'xnet') || !User::isForeignEmailAddress($email)) {
                Platal::page()->trigErrorRedirect('Ce formulaire d\'authentification est réservé aux extérieurs à la communauté polytechnicienne.', '');
            }

            $user = parent::doAuth(AUTH_MDP);
            if (is_null($user)) {
                return false;
            }
            if (!parent::checkAuth(AUTH_MDP) || !parent::startSessionAs($user, AUTH_MDP)) {
                $this->destroy();
                return false;
            }
        }

        global $globals;
        if (!S::logged() && $globals->xnet->auth_baseurl) {
            // prevent connection to be linked to disconnection
            if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
                $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
            else
                $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
            $url  = $globals->xnet->auth_baseurl;
            $url .= "?session=" . session_id();
            $url .= "&challenge=" . S::v('challenge');
            $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
            $url .= "&url=".urlencode($returl);
            S::set('loginX', $url);
        }

        if (S::logged() && $globals->asso()) {
            $perms = S::v('perms');
            $perms->rmFlag('groupadmin');
            $perms->rmFlag('groupmember');
            $perms->rmFlag('groupannu');
            if (may_update()) {
                $perms->addFlag('groupadmin');
                $perms->addFlag('groupmember');
                $perms->addFlag('groupannu');
            }
            if (is_member()) {
                $perms->addFlag('groupmember');
                if ($globals->asso('pub') != 'private') {
                    $perms->addFlag('groupannu');
                }
            } else if ($globals->asso('pub') == 'public') {
                $perms->addFlag('groupannu');
            }
            if ($globals->asso('cat') == 'Promotions') {
                $perms->addFlag('groupannu');
            }
            S::set('perms', $perms);
        }
        return true;
    }

    protected function doAuth($level)
    {
        if (S::identified()) { // ok, c'est bon, on n'a rien à faire
            return User::getSilentWithValues(null, array('uid' => S::i('uid')));
        }
        if (!Get::has('auth')) {
            return null;
        }
        global $globals;
        if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
            return null;
        }
        Get::kill('auth');
        S::set('auth', AUTH_MDP);
        return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
    }

    protected function startSessionAs($user, $level)
    {
        // The user must have 'groups' permission to access X.net
        if (!$user->checkPerms('groups')) {
            return false;
        }
        S::v('perms')->addFlag(PERMS_USER);
        if ($level == AUTH_SUID) {
            S::set('auth', AUTH_MDP);
        }

        S::set('uid', $user->uid);
        S::set('hruid', $user->hruid);

        // XXX: Transition code, should not be in session anymore
        S::set('display_name', $user->display_name);
        S::set('full_name', $user->full_name);
        S::set('femme', $user->isFemale());
        S::set('email_format', $user->email_format);
        S::set('token', $user->token);
        S::set('perms', $user->perms);
        S::set('is_admin', $user->is_admin);


        $this->makePerms($user->perms, $user->is_admin);
        S::kill('challenge');
        S::kill('loginX');
        S::kill('may_update');
        S::kill('is_member');
        Get::kill('uid');
        Get::kill('PHPSESSID');

        $args = array();
        foreach($_GET as $key => $val) {
            $args[] = urlencode($key). '=' .urlencode($val);
        }
        return true;
    }

    public function doSelfSuid()
    {
        $user =& S::user();
        if (!$this->startSUID($user)) {
            return false;
        }
        S::set('perms', User::makePerms(PERMS_USER));
        return true;
    }

    public function stopSUID()
    {
        $perms = S::suid('perms');
        if (!parent::stopSUID()) {
            return false;
        }
        S::kill('may_update');
        S::kill('is_member');
        S::set('perms', $perms);
        return true;
    }
}

// {{{ function may_update

/** Return administration rights for the current asso
 * @param force Force administration rights to be read from database
 * @param lose  Force administration rights to be false
 */
function may_update($force = false, $lose = false)
{
    if (!isset($_SESSION['may_update'])) {
        $_SESSION['may_update'] = array();
    }
    $may_update =& $_SESSION['may_update'];

    global $globals;
    $asso_id = $globals->asso('id');
    if (!$asso_id) {
        return false;
    } elseif ($lose) {
        $may_update[$asso_id] = false;
    } elseif (S::admin() || (S::suid() && $force)) {
        $may_update[$asso_id] = true;
    } elseif (!isset($may_update[$asso_id]) || $force) {
        $res = XDB::query("SELECT  perms
                             FROM  group_members
                            WHERE  uid={?} AND asso_id={?}",
                          S::v('uid'), $asso_id);
        $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
    }
    return $may_update[$asso_id];
}

// }}}
// {{{ function is_member

/** Get membership informations for the current asso
 * @param force Force membership to be read from database
 * @param lose  Force membership to be false
 */
function is_member($force = false, $lose = false)
{
    if (!isset($_SESSION['is_member'])) {
        $_SESSION['is_member'] = array();
    }
    $is_member =& $_SESSION['is_member'];

    global $globals;
    $asso_id = $globals->asso('id');
    if (!$asso_id) {
        return false;
    } elseif ($lose) {
        $is_member[$asso_id] = false;
    } elseif (S::suid() && $force) {
        $is_member[$asso_id] = true;
    } elseif (!isset($is_member[$asso_id]) || $force) {
        $res = XDB::query("SELECT  COUNT(*)
                             FROM  group_members
                            WHERE  uid={?} AND asso_id={?}",
                S::v('uid'), $asso_id);
        $is_member[$asso_id] = ($res->fetchOneCell() == 1);
    }
    return $is_member[$asso_id];
}

// }}}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
5e1513f6	3	* Copyright (C) 2003-2011 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
ef0c3d8b	22	class XnetSession extends XorgSession
0337d704	23	{
6b79b8ef FB	24	public function __construct()
6b79b8ef FB	25	{
ab694eb5	26	parent::__construct();
6b79b8ef FB	27	}
6b79b8ef FB	28
ab694eb5	29	public function startAvailableAuth()
1490093c	30	{
6b79b8ef	31	if (!S::logged() && Get::has('auth')) {
ab694eb5 FB	32	if (!$this->start(AUTH_MDP)) {
	33	return false;
	34	}
6b79b8ef FB	35	}
6b79b8ef FB	36
30439e34	37	if (!S::logged() && Post::has('auth_type') && Post::v('auth_type') == 'xnet' && !Post::has('wait')) {
8a0908db	38	$email = Post::v('username');
3c64137d SJ	39	$type = XDB::fetchOneCell('SELECT type
3c64137d SJ	40	FROM accounts
8a0908db SJ	41	WHERE email = {?}',
	42	$email);
	43	if ((!is_null($type) && $type != 'xnet') \|\| !User::isForeignEmailAddress($email)) {
3c64137d SJ	44	Platal::page()->trigErrorRedirect('Ce formulaire d\'authentification est réservé aux extérieurs à la communauté polytechnicienne.', '');
	45	}
	46
	47	$user = parent::doAuth(AUTH_MDP);
	48	if (is_null($user)) {
	49	return false;
	50	}
	51	if (!parent::checkAuth(AUTH_MDP) \|\| !parent::startSessionAs($user, AUTH_MDP)) {
	52	$this->destroy();
	53	return false;
	54	}
	55	}
	56
ab694eb5	57	global $globals;
7a05c64d	58	if (!S::logged() && $globals->xnet->auth_baseurl) {
ab694eb5	59	// prevent connection to be linked to disconnection
71fe935c	60	if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
0337d704	61	$returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
	62	else
	63	$returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
7a05c64d	64	$url = $globals->xnet->auth_baseurl;
0337d704	65	$url .= "?session=" . session_id();
cab08090	66	$url .= "&challenge=" . S::v('challenge');
cab08090	67	$url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
0337d704	68	$url .= "&url=".urlencode($returl);
ab694eb5	69	S::set('loginX', $url);
0337d704	70	}
bf517daf	71
	72	if (S::logged() && $globals->asso()) {
	73	$perms = S::v('perms');
	74	$perms->rmFlag('groupadmin');
	75	$perms->rmFlag('groupmember');
35fa92e8	76	$perms->rmFlag('groupannu');
bf517daf	77	if (may_update()) {
	78	$perms->addFlag('groupadmin');
	79	$perms->addFlag('groupmember');
35fa92e8	80	$perms->addFlag('groupannu');
bf517daf	81	}
	82	if (is_member()) {
	83	$perms->addFlag('groupmember');
2c86d368	84	if ($globals->asso('pub') != 'private') {
35fa92e8	85	$perms->addFlag('groupannu');
35fa92e8	86	}
e5539fd7 PC	87	} else if ($globals->asso('pub') == 'public') {
e5539fd7 PC	88	$perms->addFlag('groupannu');
35fa92e8	89	}
	90	if ($globals->asso('cat') == 'Promotions') {
	91	$perms->addFlag('groupannu');
bf517daf	92	}
ab694eb5	93	S::set('perms', $perms);
bf517daf	94	}
ab694eb5	95	return true;
0337d704	96	}
cab08090	97
ab694eb5	98	protected function doAuth($level)
0337d704	99	{
ab694eb5	100	if (S::identified()) { // ok, c'est bon, on n'a rien à faire
1bf36cd1	101	return User::getSilentWithValues(null, array('uid' => S::i('uid')));
0337d704	102	}
ab694eb5 FB	103	if (!Get::has('auth')) {
	104	return null;
	105	}
	106	global $globals;
	107	if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
	108	return null;
	109	}
	110	Get::kill('auth');
	111	S::set('auth', AUTH_MDP);
1bf36cd1	112	return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
c0d6753f	113	}
c0d6753f	114
ab694eb5	115	protected function startSessionAs($user, $level)
bf517daf	116	{
7fd6dbb3 FB	117	// The user must have 'groups' permission to access X.net
	118	if (!$user->checkPerms('groups')) {
	119	return false;
	120	}
8333d1f4	121	S::v('perms')->addFlag(PERMS_USER);
6d1e6661	122	if ($level == AUTH_SUID) {
ab694eb5	123	S::set('auth', AUTH_MDP);
0337d704	124	}
7fd6dbb3 FB	125
	126	S::set('uid', $user->uid);
	127	S::set('hruid', $user->hruid);
	128
	129	// XXX: Transition code, should not be in session anymore
	130	S::set('display_name', $user->display_name);
	131	S::set('full_name', $user->full_name);
	132	S::set('femme', $user->isFemale());
	133	S::set('email_format', $user->email_format);
	134	S::set('token', $user->token);
	135	S::set('perms', $user->perms);
	136	S::set('is_admin', $user->is_admin);
	137
	138
	139	$this->makePerms($user->perms, $user->is_admin);
cab08090	140	S::kill('challenge');
cab08090	141	S::kill('loginX');
0afc7e1e	142	S::kill('may_update');
0afc7e1e	143	S::kill('is_member');
0337d704	144	Get::kill('uid');
63528107	145	Get::kill('PHPSESSID');
b0b937fd	146
fd834b4b	147	$args = array();
b0b937fd	148	foreach($_GET as $key => $val) {
ab694eb5	149	$args[] = urlencode($key). '=' .urlencode($val);
0337d704	150	}
ab694eb5	151	return true;
0337d704	152	}
0337d704	153
ab694eb5	154	public function doSelfSuid()
0deaff1d	155	{
866bd535 FB	156	$user =& S::user();
866bd535 FB	157	if (!$this->startSUID($user)) {
ab694eb5	158	return false;
0deaff1d	159	}
7fd6dbb3	160	S::set('perms', User::makePerms(PERMS_USER));
ab694eb5	161	return true;
b8e265bf	162	}
b8e265bf	163
ab694eb5	164	public function stopSUID()
eaf30d86	165	{
0c02607e	166	$perms = S::suid('perms');
ab694eb5 FB	167	if (!parent::stopSUID()) {
	168	return false;
	169	}
0deaff1d	170	S::kill('may_update');
0deaff1d	171	S::kill('is_member');
0c02607e	172	S::set('perms', $perms);
ab694eb5	173	return true;
b8e265bf	174	}
b8e265bf	175	}
b8e265bf	176
0deaff1d	177	// {{{ function may_update
0337d704	178
0deaff1d	179	/** Return administration rights for the current asso
	180	* @param force Force administration rights to be read from database
	181	* @param lose Force administration rights to be false
	182	*/
b8e265bf	183	function may_update($force = false, $lose = false)
	184	{
	185	if (!isset($_SESSION['may_update'])) {
	186	$_SESSION['may_update'] = array();
	187	}
	188	$may_update =& $_SESSION['may_update'];
	189
0337d704	190	global $globals;
b8e265bf	191	$asso_id = $globals->asso('id');
0deaff1d	192	if (!$asso_id) {
	193	return false;
	194	} elseif ($lose) {
	195	$may_update[$asso_id] = false;
0c02607e	196	} elseif (S::admin() \|\| (S::suid() && $force)) {
0deaff1d	197	$may_update[$asso_id] = true;
0deaff1d	198	} elseif (!isset($may_update[$asso_id]) \|\| $force) {
b8e265bf	199	$res = XDB::query("SELECT perms
eb41eda9	200	FROM group_members
b8e265bf	201	WHERE uid={?} AND asso_id={?}",
a14159bf	202	S::v('uid'), $asso_id);
b8e265bf	203	$may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
b8e265bf	204	}
b8e265bf	205	return $may_update[$asso_id];
0337d704	206	}
	207
	208	// }}}
0deaff1d	209	// {{{ function is_member
0337d704	210
0deaff1d	211	/** Get membership informations for the current asso
	212	* @param force Force membership to be read from database
	213	* @param lose Force membership to be false
eaf30d86	214	*/
b8e265bf	215	function is_member($force = false, $lose = false)
c1863ee9	216	{
b8e265bf	217	if (!isset($_SESSION['is_member'])) {
	218	$_SESSION['is_member'] = array();
	219	}
	220	$is_member =& $_SESSION['is_member'];
	221
0337d704	222	global $globals;
258b9710	223	$asso_id = $globals->asso('id');
0deaff1d	224	if (!$asso_id) {
0deaff1d	225	return false;
b8e265bf	226	} elseif ($lose) {
b8e265bf	227	$is_member[$asso_id] = false;
0c02607e	228	} elseif (S::suid() && $force) {
0deaff1d	229	$is_member[$asso_id] = true;
	230	} elseif (!isset($is_member[$asso_id]) \|\| $force) {
	231	$res = XDB::query("SELECT COUNT(*)
eb41eda9	232	FROM group_members
0deaff1d	233	WHERE uid={?} AND asso_id={?}",
	234	S::v('uid'), $asso_id);
	235	$is_member[$asso_id] = ($res->fetchOneCell() == 1);
258b9710	236	}
258b9710	237	return $is_member[$asso_id];
0337d704	238	}
	239
	240	// }}}
a7de4ef7	241	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
0337d704	242	?>