[platal.git] / htdocs / auth-groupex.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2004 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

$gpex_pass = $_GET["pass"];
$gpex_url = urldecode($_GET["url"]);
if (strpos($gpex_url, '?') === false) {
    $gpex_url .= "?PHPSESSID=" . $_GET["session"];
} else {
    $gpex_url .= "&PHPSESSID=" . $_GET["session"];
}
/* a-t-on besoin d'ajouter le http:// ? */
if (!preg_match("/^(http|https):\/\/.*/",$gpex_url))
    $gpex_url = "http://$gpex_url";
$gpex_challenge = $_GET["challenge"];

require_once("xorg.inc.php");
new_skinned_page('index.tpl',AUTH_COOKIE);

// mise � jour de l'heure et de la machine de dernier login sauf quand on est en suid
if (!isset($_SESSION['suid'])) {
    $logger = (isset($_SESSION['log']) && $_SESSION['log']->uid==$uid) ? $_SESSION['log'] : new DiogenesCoreLogger($uid);
    $logger->log("connexion_auth_ext",$_SERVER['PHP_SELF']);
}

/* cree le champs "auth" renvoye au Groupe X */
function gpex_make_auth($chlg, $privkey, $datafields) {
    global $globals;
    $fieldarr = explode(",",$datafields);
    $tohash   = "1$chlg$privkey";

    while (list(,$val) = each($fieldarr)) {
        /* on verifie qu'on n'a pas demand� une
           variable inexistante ! */
        if (isset($_SESSION[$val])) {
            $tohash .= $_SESSION[$val];
        } else if ($val == 'username') {
            $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
            $min_username = $res->fetchOneCell();
            $tohash      .= $min_username;
	}
    }
    $tohash .= "1";
    return md5($tohash);
}

/* cree les parametres de l'URL de retour avec les champs demandes */
function gpex_make_params($chlg, $privkey, $datafields) {
    global $globals;
    $params   = "&auth=".gpex_make_auth($chlg, $privkey, $datafields);
    $fieldarr = explode(",",$datafields);
    while (list(,$val) = each($fieldarr)) {
        if (isset($_SESSION[$val])) {
            $params .= "&$val=".$_SESSION[$val];
        } else if ($val == 'username') {
            $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
            $min_username = $res->fetchOneCell();
            $params      .= "&$val=".$min_username;
	}
    }
    return $params;
}

/* on parcourt les entrees de groupes_auth */
$res = $globals->xdb->iterRow('select privkey,name,datafields from groupesx_auth');

while (list($privkey,$name,$datafields) = $res->next()) {
    if (md5($gpex_challenge.$privkey) == $gpex_pass) {
        $returl = $gpex_url.gpex_make_params($gpex_challenge,$privkey,$datafields);
        redirect($returl);
    }
}

/* si on n'a pas trouv�, on renvoit sur x.org */
redirect('https://www.polytechnique.org/');

?>
Commit	Line	Data
0337d704	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2004 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	$gpex_pass = $_GET["pass"];
	23	$gpex_url = urldecode($_GET["url"]);
	24	if (strpos($gpex_url, '?') === false) {
	25	$gpex_url .= "?PHPSESSID=" . $_GET["session"];
	26	} else {
	27	$gpex_url .= "&PHPSESSID=" . $_GET["session"];
	28	}
	29	/* a-t-on besoin d'ajouter le http:// ? */
	30	if (!preg_match("/^(http\|https):\/\/.*/",$gpex_url))
	31	$gpex_url = "http://$gpex_url";
	32	$gpex_challenge = $_GET["challenge"];
	33
	34	require_once("xorg.inc.php");
	35	new_skinned_page('index.tpl',AUTH_COOKIE);
	36
	37	// mise � jour de l'heure et de la machine de dernier login sauf quand on est en suid
	38	if (!isset($_SESSION['suid'])) {
	39	$logger = (isset($_SESSION['log']) && $_SESSION['log']->uid==$uid) ? $_SESSION['log'] : new DiogenesCoreLogger($uid);
	40	$logger->log("connexion_auth_ext",$_SERVER['PHP_SELF']);
	41	}
	42
	43	/* cree le champs "auth" renvoye au Groupe X */
	44	function gpex_make_auth($chlg, $privkey, $datafields) {
	45	global $globals;
575dd9be	46	$fieldarr = explode(",",$datafields);
0337d704	47	$tohash = "1$chlg$privkey";
	48
	49	while (list(,$val) = each($fieldarr)) {
	50	/* on verifie qu'on n'a pas demand� une
	51	variable inexistante ! */
	52	if (isset($_SESSION[$val])) {
	53	$tohash .= $_SESSION[$val];
	54	} else if ($val == 'username') {
	55	$res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
	56	$min_username = $res->fetchOneCell();
	57	$tohash .= $min_username;
	58	}
	59	}
	60	$tohash .= "1";
	61	return md5($tohash);
	62	}
	63
	64	/* cree les parametres de l'URL de retour avec les champs demandes */
	65	function gpex_make_params($chlg, $privkey, $datafields) {
	66	global $globals;
	67	$params = "&auth=".gpex_make_auth($chlg, $privkey, $datafields);
575dd9be	68	$fieldarr = explode(",",$datafields);
0337d704	69	while (list(,$val) = each($fieldarr)) {
	70	if (isset($_SESSION[$val])) {
	71	$params .= "&$val=".$_SESSION[$val];
	72	} else if ($val == 'username') {
	73	$res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
	74	$min_username = $res->fetchOneCell();
	75	$params .= "&$val=".$min_username;
	76	}
	77	}
	78	return $params;
	79	}
	80
	81	/* on parcourt les entrees de groupes_auth */
	82	$res = $globals->xdb->iterRow('select privkey,name,datafields from groupesx_auth');
	83
	84	while (list($privkey,$name,$datafields) = $res->next()) {
	85	if (md5($gpex_challenge.$privkey) == $gpex_pass) {
	86	$returl = $gpex_url.gpex_make_params($gpex_challenge,$privkey,$datafields);
fa36e526	87	redirect($returl);
0337d704	88	}
	89	}
	90
	91	/* si on n'a pas trouv�, on renvoit sur x.org */
fa36e526	92	redirect('https://www.polytechnique.org/');
0337d704	93
0337d704	94	?>