[platal.git] / include / xnet / session.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2008 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class XnetSession
{
    // {{{ function init

    public static function init()
    {
        global $globals;

        S::init();

        if (!S::logged()) {
            // prevent connexion to be linked to deconnexion
            if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
                $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
            else
                $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
            $url  = "https://www.polytechnique.org/auth-groupex";
            $url .= "?session=" . session_id();
            $url .= "&challenge=" . S::v('challenge');
            $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
            $url .= "&url=".urlencode($returl);
            $_SESSION['loginX'] = $url;
        }

        if (S::logged() && $globals->asso()) {
            $perms = S::v('perms');
            $perms->rmFlag('groupadmin');
            $perms->rmFlag('groupmember');
            $perms->rmFlag('groupannu');
            if (may_update()) {
                $perms->addFlag('groupadmin');
                $perms->addFlag('groupmember');
                $perms->addFlag('groupannu');
            }
            if (is_member()) {
                $perms->addFlag('groupmember');
                if ($globals->asso('pub') != 'private') {
                    $perms->addFlag('groupannu');
                }
            }
            if ($globals->asso('cat') == 'Promotions') {
                $perms->addFlag('groupannu');
            }
            $_SESSION['perms'] = $perms;
        }
    }

    // }}}
    // {{{ public static function destroy()

    public static function destroy() {
        S::destroy();
        XnetSession::init();
    }

    // }}}
    // {{{ public static function doAuth()

    /** Try to do an authentication.
     *
     * @param page the calling page (by reference)
     */
    public static function doAuth()
    {
    	if (S::identified()) { // ok, c'est bon, on n'a rien à faire
	        return true;
    	}

        if (Get::has('auth')) {
            return XnetSession::doAuthX();
        }

        return false;
    }

    // }}}
    // {{{ doAuthCookie

    public static function doAuthCookie() {
        return XnetSession::doAuth();
    }

    // }}}
    // {{{ doAuthX

    public static function doAuthX()
    {
        global $globals, $page;

        // Checks the SSO control token value.
        if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
            Get::kill('auth');
            if (!$page) {
                require_once 'xnet.inc.php';
                new_skinned_page('platal/index.tpl');
            }
            $page->kill("Erreur d'authentification avec polytechnique.org !");
        }

        // Fetches user's data.
        $res  = XDB::query("
            SELECT  u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
                    u.hruid, CONCAT(a.alias, '@{$globals->mail->domain}') AS forlife, CONCAT(a2.alias, '@{$globals->mail->domain}') AS bestalias,
                    q.core_mail_fmt AS mail_fmt, q.core_rss_hash
              FROM  auth_user_md5   AS u
        INNER JOIN  auth_user_quick AS q  USING(user_id)
        INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type = 'a_vie')
        INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags))
             WHERE  u.user_id = {?} AND u.perms IN('admin','user')
             LIMIT  1", Get::i('uid'));

        // Sets up the session, using fetched data and Xorg's permission system.
        $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
        $_SESSION['auth'] = AUTH_MDP;
        require_once 'xorg/session.inc.php';
        $_SESSION['perms'] =& XorgSession::make_perms(S::v('perms'));

        // Removes session values which are of no interest in Xnet context.
        S::kill('challenge');
        S::kill('loginX');
        S::kill('may_update');
        S::kill('is_member');

        // Builds the Xnet destination URL, and redirects the user.
        Get::kill('auth');
        Get::kill('uid');
        $path = Get::v('n');
        Get::kill('n');
        Get::kill('PHPSESSID');

        $args = array();
        foreach($_GET as $key => $val) {
            $args[] = urlencode($key).'='.urlencode($val);
        }

        http_redirect($globals->baseurl . '/' . $path, join('&', $args));
    }

    // }}}
    // {{{ doSelfSuid

    public static function doSelfSuid()
    {
        if (!S::has('suid')) {
            $_SESSION['suid'] = $_SESSION;
        }
        require_once 'xorg/session.inc.php';
        $_SESSION['perms'] =& XorgSession::make_perms('user');
    }

    // }}}
    // {{{ killSuid

    public static function killSuid()
    {
        if (!S::has('suid')) {
            return;
        }
        $suid = S::v('suid');
        S::kill('suid');
        S::kill('may_update');
        S::kill('is_member');
        $_SESSION['perms'] = $suid['perms'];
    }

    // }}}
}

// }}}
// {{{ function may_update

/** Return administration rights for the current asso
 * @param force Force administration rights to be read from database
 * @param lose  Force administration rights to be false
 */
function may_update($force = false, $lose = false)
{
    if (!isset($_SESSION['may_update'])) {
        $_SESSION['may_update'] = array();
    }
    $may_update =& $_SESSION['may_update'];

    global $globals;
    $asso_id = $globals->asso('id');
    if (!$asso_id) {
        return false;
    } elseif ($lose) {
        $may_update[$asso_id] = false;
    } elseif (S::has_perms() || (S::has('suid') && $force)) {
        $may_update[$asso_id] = true;
    } elseif (!isset($may_update[$asso_id]) || $force) {
        $res = XDB::query("SELECT  perms
                             FROM  groupex.membres
                            WHERE  uid={?} AND asso_id={?}",
                          S::v('uid'), $asso_id);
        $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
    }
    return $may_update[$asso_id];
}

// }}}
// {{{ function is_member

/** Get membership informations for the current asso
 * @param force Force membership to be read from database
 * @param lose  Force membership to be false
 */
function is_member($force = false, $lose = false)
{
    if (!isset($_SESSION['is_member'])) {
        $_SESSION['is_member'] = array();
    }
    $is_member =& $_SESSION['is_member'];

    global $globals;
    $asso_id = $globals->asso('id');
    if (!$asso_id) {
        return false;
    } elseif ($lose) {
        $is_member[$asso_id] = false;
    } elseif (S::has('suid') && $force) {
        $is_member[$asso_id] = true;
    } elseif (!isset($is_member[$asso_id]) || $force) {
        $res = XDB::query("SELECT  COUNT(*)
                             FROM  groupex.membres
                            WHERE  uid={?} AND asso_id={?}",
                S::v('uid'), $asso_id);
        $is_member[$asso_id] = ($res->fetchOneCell() == 1);
    }
    return $is_member[$asso_id];
}

// }}}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
179afa7f	3	* Copyright (C) 2003-2008 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
4869f665	22	class XnetSession
0337d704	23	{
0337d704	24	// {{{ function init
cab08090	25
eaf30d86	26	public static function init()
1490093c	27	{
0337d704	28	global $globals;
0337d704	29
cab08090	30	S::init();
cab08090	31
cab08090	32	if (!S::logged()) {
0337d704	33	// prevent connexion to be linked to deconnexion
71fe935c	34	if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
0337d704	35	$returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
	36	else
	37	$returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
1fd4da04	38	$url = "https://www.polytechnique.org/auth-groupex";
0337d704	39	$url .= "?session=" . session_id();
cab08090	40	$url .= "&challenge=" . S::v('challenge');
cab08090	41	$url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
0337d704	42	$url .= "&url=".urlencode($returl);
cab08090	43	$_SESSION['loginX'] = $url;
0337d704	44	}
bf517daf	45
	46	if (S::logged() && $globals->asso()) {
	47	$perms = S::v('perms');
	48	$perms->rmFlag('groupadmin');
	49	$perms->rmFlag('groupmember');
35fa92e8	50	$perms->rmFlag('groupannu');
bf517daf	51	if (may_update()) {
	52	$perms->addFlag('groupadmin');
	53	$perms->addFlag('groupmember');
35fa92e8	54	$perms->addFlag('groupannu');
bf517daf	55	}
	56	if (is_member()) {
	57	$perms->addFlag('groupmember');
2c86d368	58	if ($globals->asso('pub') != 'private') {
35fa92e8	59	$perms->addFlag('groupannu');
	60	}
	61	}
	62	if ($globals->asso('cat') == 'Promotions') {
	63	$perms->addFlag('groupannu');
bf517daf	64	}
	65	$_SESSION['perms'] = $perms;
	66	}
0337d704	67	}
cab08090	68
0337d704	69	// }}}
6995a9b9	70	// {{{ public static function destroy()
cab08090	71
6995a9b9	72	public static function destroy() {
cab08090	73	S::destroy();
0337d704	74	XnetSession::init();
0337d704	75	}
cab08090	76
0337d704	77	// }}}
6995a9b9	78	// {{{ public static function doAuth()
0337d704	79
	80	/** Try to do an authentication.
	81	*
	82	* @param page the calling page (by reference)
	83	*/
6995a9b9	84	public static function doAuth()
0337d704	85	{
a7de4ef7	86	if (S::identified()) { // ok, c'est bon, on n'a rien à faire
0deaff1d	87	return true;
0deaff1d	88	}
0337d704	89
0337d704	90	if (Get::has('auth')) {
b0b937fd	91	return XnetSession::doAuthX();
0337d704	92	}
63528107	93
63528107	94	return false;
0337d704	95	}
	96
	97	// }}}
c0d6753f	98	// {{{ doAuthCookie
c0d6753f	99
6995a9b9	100	public static function doAuthCookie() {
c0d6753f	101	return XnetSession::doAuth();
	102	}
	103
	104	// }}}
0337d704	105	// {{{ doAuthX
0337d704	106
eaf30d86	107	public static function doAuthX()
bf517daf	108	{
b0b937fd	109	global $globals, $page;
0337d704	110
2fdafb32	111	// Checks the SSO control token value.
5e2307dc	112	if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
9fcc6565	113	Get::kill('auth');
7e1efe61 FB	114	if (!$page) {
	115	require_once 'xnet.inc.php';
	116	new_skinned_page('platal/index.tpl');
	117	}
0337d704	118	$page->kill("Erreur d'authentification avec polytechnique.org !");
	119	}
	120
2fdafb32	121	// Fetches user's data.
08cce2ff	122	$res = XDB::query("
0337d704	123	SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
2fdafb32 VZ	124	u.hruid, CONCAT(a.alias, '@{$globals->mail->domain}') AS forlife, CONCAT(a2.alias, '@{$globals->mail->domain}') AS bestalias,
2fdafb32 VZ	125	q.core_mail_fmt AS mail_fmt, q.core_rss_hash
0337d704	126	FROM auth_user_md5 AS u
0337d704	127	INNER JOIN auth_user_quick AS q USING(user_id)
fd7d304d VZ	128	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = 'a_vie')
fd7d304d VZ	129	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags))
0337d704	130	WHERE u.user_id = {?} AND u.perms IN('admin','user')
5e2307dc	131	LIMIT 1", Get::i('uid'));
2fdafb32 VZ	132
2fdafb32 VZ	133	// Sets up the session, using fetched data and Xorg's permission system.
0337d704	134	$_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
0337d704	135	$_SESSION['auth'] = AUTH_MDP;
bf517daf	136	require_once 'xorg/session.inc.php';
bf517daf	137	$_SESSION['perms'] =& XorgSession::make_perms(S::v('perms'));
2fdafb32 VZ	138
2fdafb32 VZ	139	// Removes session values which are of no interest in Xnet context.
cab08090	140	S::kill('challenge');
cab08090	141	S::kill('loginX');
0afc7e1e	142	S::kill('may_update');
0afc7e1e	143	S::kill('is_member');
2fdafb32 VZ	144
2fdafb32 VZ	145	// Builds the Xnet destination URL, and redirects the user.
0337d704	146	Get::kill('auth');
0337d704	147	Get::kill('uid');
27472b85	148	$path = Get::v('n');
27472b85	149	Get::kill('n');
63528107	150	Get::kill('PHPSESSID');
b0b937fd	151
fd834b4b	152	$args = array();
b0b937fd	153	foreach($_GET as $key => $val) {
0337d704	154	$args[] = urlencode($key).'='.urlencode($val);
0337d704	155	}
63528107	156
fd834b4b	157	http_redirect($globals->baseurl . '/' . $path, join('&', $args));
0337d704	158	}
	159
	160	// }}}
0deaff1d	161	// {{{ doSelfSuid
b8e265bf	162
0deaff1d	163	public static function doSelfSuid()
	164	{
	165	if (!S::has('suid')) {
	166	$_SESSION['suid'] = $_SESSION;
	167	}
bf517daf	168	require_once 'xorg/session.inc.php';
bf517daf	169	$_SESSION['perms'] =& XorgSession::make_perms('user');
b8e265bf	170	}
b8e265bf	171
0deaff1d	172	// }}}
0deaff1d	173	// {{{ killSuid
b8e265bf	174
0deaff1d	175	public static function killSuid()
eaf30d86	176	{
0deaff1d	177	if (!S::has('suid')) {
	178	return;
	179	}
	180	$suid = S::v('suid');
	181	S::kill('suid');
	182	S::kill('may_update');
	183	S::kill('is_member');
	184	$_SESSION['perms'] = $suid['perms'];
b8e265bf	185	}
0deaff1d	186
0deaff1d	187	// }}}
b8e265bf	188	}
	189
	190	// }}}
0deaff1d	191	// {{{ function may_update
0337d704	192
0deaff1d	193	/** Return administration rights for the current asso
	194	* @param force Force administration rights to be read from database
	195	* @param lose Force administration rights to be false
	196	*/
b8e265bf	197	function may_update($force = false, $lose = false)
	198	{
	199	if (!isset($_SESSION['may_update'])) {
	200	$_SESSION['may_update'] = array();
	201	}
	202	$may_update =& $_SESSION['may_update'];
	203
0337d704	204	global $globals;
b8e265bf	205	$asso_id = $globals->asso('id');
0deaff1d	206	if (!$asso_id) {
	207	return false;
	208	} elseif ($lose) {
	209	$may_update[$asso_id] = false;
	210	} elseif (S::has_perms() \|\| (S::has('suid') && $force)) {
	211	$may_update[$asso_id] = true;
	212	} elseif (!isset($may_update[$asso_id]) \|\| $force) {
b8e265bf	213	$res = XDB::query("SELECT perms
	214	FROM groupex.membres
	215	WHERE uid={?} AND asso_id={?}",
a14159bf	216	S::v('uid'), $asso_id);
b8e265bf	217	$may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
b8e265bf	218	}
b8e265bf	219	return $may_update[$asso_id];
0337d704	220	}
	221
	222	// }}}
0deaff1d	223	// {{{ function is_member
0337d704	224
0deaff1d	225	/** Get membership informations for the current asso
	226	* @param force Force membership to be read from database
	227	* @param lose Force membership to be false
eaf30d86	228	*/
b8e265bf	229	function is_member($force = false, $lose = false)
c1863ee9	230	{
b8e265bf	231	if (!isset($_SESSION['is_member'])) {
	232	$_SESSION['is_member'] = array();
	233	}
	234	$is_member =& $_SESSION['is_member'];
	235
0337d704	236	global $globals;
258b9710	237	$asso_id = $globals->asso('id');
0deaff1d	238	if (!$asso_id) {
0deaff1d	239	return false;
b8e265bf	240	} elseif ($lose) {
b8e265bf	241	$is_member[$asso_id] = false;
0deaff1d	242	} elseif (S::has('suid') && $force) {
	243	$is_member[$asso_id] = true;
	244	} elseif (!isset($is_member[$asso_id]) \|\| $force) {
	245	$res = XDB::query("SELECT COUNT(*)
	246	FROM groupex.membres
	247	WHERE uid={?} AND asso_id={?}",
	248	S::v('uid'), $asso_id);
	249	$is_member[$asso_id] = ($res->fetchOneCell() == 1);
258b9710	250	}
258b9710	251	return $is_member[$asso_id];
0337d704	252	}
	253
	254	// }}}
a7de4ef7	255	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
0337d704	256	?>