[platal.git] / htdocs / auth-groupex.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

$gpex_pass = $_GET["pass"];
$gpex_url = urldecode($_GET["url"]);
if (strpos($gpex_url, '?') === false) {
    $gpex_url .= "?PHPSESSID=" . $_GET["session"];
} else {
    $gpex_url .= "&PHPSESSID=" . $_GET["session"];
}
/* a-t-on besoin d'ajouter le http:// ? */
if (!preg_match("/^(http|https):\/\/.*/",$gpex_url))
    $gpex_url = "http://$gpex_url";
$gpex_challenge = $_GET["challenge"];

require_once("xorg.inc.php");
new_skinned_page('index.tpl',AUTH_COOKIE);

// mise � jour de l'heure et de la machine de dernier login sauf quand on est en suid
if (!isset($_SESSION['suid'])) {
    $logger = (isset($_SESSION['log']) && $_SESSION['log']->uid==$uid) ? $_SESSION['log'] : new DiogenesCoreLogger($uid);
    $logger->log("connexion_auth_ext",$_SERVER['PHP_SELF']);
}

/* cree le champs "auth" renvoye au Groupe X */
function gpex_make_auth($chlg, $privkey, $datafields) {
    global $globals;
    $fieldarr = explode(",",$datafields);
    $tohash   = "1$chlg$privkey";

    $res = $globals->xdb->query("SELECT matricule,matricule_ax,promo,promo_sortie,flags,deces,nom,prenom,nationalite,section,naissance FROM auth_user_md5 WHERE user_id = {?}", Session::getInt('uid'));
    $personnal_data = $res->fetchOneAssoc();
    
    while (list(,$val) = each($fieldarr)) {
        /* on verifie qu'on n'a pas demand� une
           variable inexistante ! */
        if (isset($_SESSION[$val])) {
            $tohash .= $_SESSION[$val];
        } else if (isset($personnal_data[$val])) {
            $tohash .= $personnal_data[$val];
        } else if ($val == 'username') {
            $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
            $min_username = $res->fetchOneCell();
            $tohash      .= $min_username;
	}
    }
    $tohash .= "1";
    return md5($tohash);
}

/* cree les parametres de l'URL de retour avec les champs demandes */
function gpex_make_params($chlg, $privkey, $datafields) {
    global $globals;
    $params   = "&auth=".gpex_make_auth($chlg, $privkey, $datafields);
    
    $res = $globals->xdb->query("SELECT matricule,matricule_ax,promo,promo_sortie,flags,deces,nom,prenom,nationalite,section,naissance FROM auth_user_md5 WHERE user_id = {?}", Session::getInt('uid'));
    $personnal_data = $res->fetchOneAssoc();
    
    $fieldarr = explode(",",$datafields);
    while (list(,$val) = each($fieldarr)) {
        if (isset($_SESSION[$val])) {
            $params .= "&$val=".$_SESSION[$val];
        } else if (isset($personnal_data[$val])) {
            $params .= "&$val=".$personnal_data[$val];
        } else if ($val == 'username') {
            $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
            $min_username = $res->fetchOneCell();
            $params      .= "&$val=".$min_username;
	}
    }
    return $params;
}

/* on parcourt les entrees de groupes_auth */
$res = $globals->xdb->iterRow('select privkey,name,datafields from groupesx_auth');

while (list($privkey,$name,$datafields) = $res->next()) {
    if (md5($gpex_challenge.$privkey) == $gpex_pass) {
        $returl = $gpex_url.gpex_make_params($gpex_challenge,$privkey,$datafields);
        redirect($returl);
    }
}

/* si on n'a pas trouv�, on renvoit sur x.org */
redirect('https://www.polytechnique.org/');

?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
50a40a33	3	* Copyright (C) 2003-2006 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	$gpex_pass = $_GET["pass"];
	23	$gpex_url = urldecode($_GET["url"]);
	24	if (strpos($gpex_url, '?') === false) {
	25	$gpex_url .= "?PHPSESSID=" . $_GET["session"];
	26	} else {
	27	$gpex_url .= "&PHPSESSID=" . $_GET["session"];
	28	}
	29	/* a-t-on besoin d'ajouter le http:// ? */
	30	if (!preg_match("/^(http\|https):\/\/.*/",$gpex_url))
	31	$gpex_url = "http://$gpex_url";
	32	$gpex_challenge = $_GET["challenge"];
	33
	34	require_once("xorg.inc.php");
	35	new_skinned_page('index.tpl',AUTH_COOKIE);
	36
	37	// mise � jour de l'heure et de la machine de dernier login sauf quand on est en suid
	38	if (!isset($_SESSION['suid'])) {
	39	$logger = (isset($_SESSION['log']) && $_SESSION['log']->uid==$uid) ? $_SESSION['log'] : new DiogenesCoreLogger($uid);
	40	$logger->log("connexion_auth_ext",$_SERVER['PHP_SELF']);
	41	}
	42
	43	/* cree le champs "auth" renvoye au Groupe X */
	44	function gpex_make_auth($chlg, $privkey, $datafields) {
	45	global $globals;
575dd9be	46	$fieldarr = explode(",",$datafields);
0337d704	47	$tohash = "1$chlg$privkey";
0337d704	48
9f3acd20	49	$res = $globals->xdb->query("SELECT matricule,matricule_ax,promo,promo_sortie,flags,deces,nom,prenom,nationalite,section,naissance FROM auth_user_md5 WHERE user_id = {?}", Session::getInt('uid'));
	50	$personnal_data = $res->fetchOneAssoc();
	51
0337d704	52	while (list(,$val) = each($fieldarr)) {
	53	/* on verifie qu'on n'a pas demand� une
	54	variable inexistante ! */
	55	if (isset($_SESSION[$val])) {
	56	$tohash .= $_SESSION[$val];
9f3acd20	57	} else if (isset($personnal_data[$val])) {
9f3acd20	58	$tohash .= $personnal_data[$val];
0337d704	59	} else if ($val == 'username') {
	60	$res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
	61	$min_username = $res->fetchOneCell();
	62	$tohash .= $min_username;
	63	}
	64	}
	65	$tohash .= "1";
	66	return md5($tohash);
	67	}
	68
	69	/* cree les parametres de l'URL de retour avec les champs demandes */
	70	function gpex_make_params($chlg, $privkey, $datafields) {
	71	global $globals;
	72	$params = "&auth=".gpex_make_auth($chlg, $privkey, $datafields);
9f3acd20	73
	74	$res = $globals->xdb->query("SELECT matricule,matricule_ax,promo,promo_sortie,flags,deces,nom,prenom,nationalite,section,naissance FROM auth_user_md5 WHERE user_id = {?}", Session::getInt('uid'));
	75	$personnal_data = $res->fetchOneAssoc();
	76
575dd9be	77	$fieldarr = explode(",",$datafields);
0337d704	78	while (list(,$val) = each($fieldarr)) {
	79	if (isset($_SESSION[$val])) {
	80	$params .= "&$val=".$_SESSION[$val];
9f3acd20	81	} else if (isset($personnal_data[$val])) {
9f3acd20	82	$params .= "&$val=".$personnal_data[$val];
0337d704	83	} else if ($val == 'username') {
	84	$res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
	85	$min_username = $res->fetchOneCell();
	86	$params .= "&$val=".$min_username;
	87	}
	88	}
	89	return $params;
	90	}
	91
	92	/* on parcourt les entrees de groupes_auth */
	93	$res = $globals->xdb->iterRow('select privkey,name,datafields from groupesx_auth');
	94
	95	while (list($privkey,$name,$datafields) = $res->next()) {
	96	if (md5($gpex_challenge.$privkey) == $gpex_pass) {
	97	$returl = $gpex_url.gpex_make_params($gpex_challenge,$privkey,$datafields);
fa36e526	98	redirect($returl);
0337d704	99	}
	100	}
	101
	102	/* si on n'a pas trouv�, on renvoit sur x.org */
fa36e526	103	redirect('https://www.polytechnique.org/');
0337d704	104
0337d704	105	?>