[platal.git] / include / xnet / session.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2004 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

require_once('platal/session.inc.php');

// {{{ class XorgSession

class XnetSession extends DiogenesCoreSession
{
    // {{{ function XnetSession()

    function XnetSession()
    {
	$this->DiogenesCoreSession();
    }

    // }}}
    // {{{ function init
    
    function init() {
        global $globals;

        @session_start();
        if (!Session::has('session')) {
            $_SESSION['session'] = new XnetSession;
        }
        if (!logged()) {
            // prevent connexion to be linked to deconnexion
            if (($i = strpos($_SERVER['REQUEST_URI'], 'deconnexion.php')) !== false)
                $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
            else
                $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
            $url  = "https://www.polytechnique.org/auth-groupex.php";
            $url .= "?session=" . session_id();
            $url .= "&challenge=" . $_SESSION['session']->challenge;
            $url .= "&pass=" . md5($_SESSION['session']->challenge . $globals->xnet->secret);
            $url .= "&url=".urlencode($returl);
            $_SESSION['session']->loginX = $url;
        }
    }
    
    // }}}
    // {{{ function destroy()
    
    function destroy() {
        @session_destroy();
        unset($_SESSION);
        XnetSession::init();
    }
    
    // }}}
    // {{{ function doAuth()

    /** Try to do an authentication.
     *
     * @param page the calling page (by reference)
     */
    function doAuth(&$page)
    {
	global $globals;
	if (identified()) { // ok, c'est bon, on n'a rien � faire
	    return true;
	}

        if (Get::has('auth')) {
            return $this->doAuthX($page);
        } elseif (Post::has('challenge') && Post::has('username') && Post::has('response')) {
            return $this->doAuthOther($page);
        } else {
            $this->doLogin($page);
        }
    }

    // }}}
    // {{{ doAuthX

    function doAuthX(&$page) {
        global $globals;

        if (md5('1'.$this->challenge.$globals->xnet->secret.Get::getInt('uid').'1') != Get::get('auth')) {
            $page->kill("Erreur d'authentification avec polytechnique.org !");
        }

        $res  = $globals->xdb->query("
            SELECT  u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
                    a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
              FROM  auth_user_md5   AS u
        INNER JOIN  auth_user_quick AS q  USING(user_id)
        INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
        INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
             WHERE  u.user_id = {?} AND u.perms IN('admin','user')
             LIMIT  1", Get::getInt('uid'));
        $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
        $_SESSION['auth'] = AUTH_MDP;
        unset($this->challenge);
        unset($this->loginX);
        Get::kill('auth');
        Get::kill('uid');
        $args = array();
        foreach($_GET as $key=>$val) {
            $args[] = urlencode($key).'='.urlencode($val);
        }
        redirect($_SERVER['PHP_SELF'] . '?' . join('&', $args));
    }

    // }}}
    // {{{ doAuthOther

    function doAuthOther(&$page) {
        if (Post::has('challenge') && Post::has('username') && Post::has('response')) {
            $username = Post::get('username');
        }
        $this->doLogin($page);
    }

    // }}}
    // {{{ doLogin

    function doLogin(&$page) {
        $page->addJsLink('javascript/md5.js');
        $page->addJsLink('javascript/do_challenge_response.js');
        $page->assign("xorg_tpl", "xnet/login.tpl");
        $page->run();
    }

    // }}}
}

// }}}
// {{{ may_update

function may_update() {
    global $globals;
    if (!$globals->asso('id')) { return false; }
    if (has_perms()) { return true; }
    $res = $globals->xdb->query(
            "SELECT  perms
               FROM  groupex.membres
              WHERE  uid={?} AND asso_id={?}", Session::getInt('uid'), $globals->asso('id'));
    return $res->fetchOneCell() == 'admin';
}

// }}}
// {{{ is_member

function is_member() {
    global $globals;
    if (!$globals->asso('id')) { return false; }
    $res = $globals->xdb->query(
            "SELECT  COUNT(*)
               FROM  groupex.membres
              WHERE  uid={?} AND asso_id={?}", Session::getInt('uid'), $globals->asso('id'));
    return $res->fetchOneCell() == 1;
}

// }}}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
?>
Commit	Line	Data
0337d704	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2004 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	require_once('platal/session.inc.php');
	23
	24	// {{{ class XorgSession
	25
	26	class XnetSession extends DiogenesCoreSession
	27	{
	28	// {{{ function XnetSession()
	29
	30	function XnetSession()
	31	{
	32	$this->DiogenesCoreSession();
	33	}
	34
	35	// }}}
	36	// {{{ function init
	37
	38	function init() {
	39	global $globals;
	40
	41	@session_start();
	42	if (!Session::has('session')) {
	43	$_SESSION['session'] = new XnetSession;
	44	}
	45	if (!logged()) {
	46	// prevent connexion to be linked to deconnexion
	47	if (($i = strpos($_SERVER['REQUEST_URI'], 'deconnexion.php')) !== false)
	48	$returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
	49	else
	50	$returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
	51	$url = "https://www.polytechnique.org/auth-groupex.php";
	52	$url .= "?session=" . session_id();
	53	$url .= "&challenge=" . $_SESSION['session']->challenge;
	54	$url .= "&pass=" . md5($_SESSION['session']->challenge . $globals->xnet->secret);
	55	$url .= "&url=".urlencode($returl);
	56	$_SESSION['session']->loginX = $url;
	57	}
	58	}
	59
	60	// }}}
	61	// {{{ function destroy()
	62
	63	function destroy() {
	64	@session_destroy();
65	unset($_SESSION);
66	XnetSession::init();
67	}
68
69	// }}}
70	// {{{ function doAuth()
71
72	/** Try to do an authentication.
73	*
74	* @param page the calling page (by reference)
75	*/
76	function doAuth(&$page)
77	{
78	global $globals;
79	if (identified()) { // ok, c'est bon, on n'a rien � faire
80	return true;
81	}
82
83	if (Get::has('auth')) {
84	return $this->doAuthX($page);
85	} elseif (Post::has('challenge') && Post::has('username') && Post::has('response')) {
86	return $this->doAuthOther($page);
87	} else {
88	$this->doLogin($page);
89	}
90	}
91
92	// }}}
93	// {{{ doAuthX
94
95	function doAuthX(&$page) {
96	global $globals;
97
98	if (md5('1'.$this->challenge.$globals->xnet->secret.Get::getInt('uid').'1') != Get::get('auth')) {
99	$page->kill("Erreur d'authentification avec polytechnique.org !");
100	}
101
102	$res = $globals->xdb->query("
103	SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
104	a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
105	FROM auth_user_md5 AS u
106	INNER JOIN auth_user_quick AS q USING(user_id)
107	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
108	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
109	WHERE u.user_id = {?} AND u.perms IN('admin','user')
110	LIMIT 1", Get::getInt('uid'));
111	$_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
112	$_SESSION['auth'] = AUTH_MDP;
113	unset($this->challenge);
114	unset($this->loginX);
115	Get::kill('auth');
116	Get::kill('uid');
117	$args = array();
118	foreach($_GET as $key=>$val) {
119	$args[] = urlencode($key).'='.urlencode($val);
120	}
fa36e526	121	redirect($_SERVER['PHP_SELF'] . '?' . join('&', $args));
0337d704	122	}
	123
	124	// }}}
	125	// {{{ doAuthOther
	126
	127	function doAuthOther(&$page) {
	128	if (Post::has('challenge') && Post::has('username') && Post::has('response')) {
	129	$username = Post::get('username');
	130	}
	131	$this->doLogin($page);
	132	}
	133
	134	// }}}
	135	// {{{ doLogin
	136
	137	function doLogin(&$page) {
	138	$page->addJsLink('javascript/md5.js');
	139	$page->addJsLink('javascript/do_challenge_response.js');
	140	$page->assign("xorg_tpl", "xnet/login.tpl");
	141	$page->run();
	142	}
	143
	144	// }}}
	145	}
	146
	147	// }}}
	148	// {{{ may_update
	149
	150	function may_update() {
	151	global $globals;
	152	if (!$globals->asso('id')) { return false; }
	153	if (has_perms()) { return true; }
	154	$res = $globals->xdb->query(
	155	"SELECT perms
	156	FROM groupex.membres
	157	WHERE uid={?} AND asso_id={?}", Session::getInt('uid'), $globals->asso('id'));
	158	return $res->fetchOneCell() == 'admin';
	159	}
	160
	161	// }}}
	162	// {{{ is_member
	163
	164	function is_member() {
	165	global $globals;
	166	if (!$globals->asso('id')) { return false; }
	167	$res = $globals->xdb->query(
	168	"SELECT COUNT(*)
	169	FROM groupex.membres
	170	WHERE uid={?} AND asso_id={?}", Session::getInt('uid'), $globals->asso('id'));
	171	return $res->fetchOneCell() == 1;
	172	}
	173
	174	// }}}
	175	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
	176	?>