remove the ugly $_SESSION['session'] hack where we can use
[platal.git] / include / xnet / session.inc.php
CommitLineData
0337d704 1<?php
2/***************************************************************************
50a40a33 3 * Copyright (C) 2003-2006 Polytechnique.org *
0337d704 4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
b76f0797 22require_once dirname(__FILE__).'/../../classes/Session.php';
0337d704 23
4869f665 24class XnetSession
0337d704 25{
0337d704 26 // {{{ function init
cab08090 27
0337d704 28 function init() {
29 global $globals;
30
cab08090 31 S::init();
32
cab08090 33 if (!S::logged()) {
0337d704 34 // prevent connexion to be linked to deconnexion
71fe935c 35 if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
0337d704 36 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
37 else
38 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
39 $url = "https://www.polytechnique.org/auth-groupex.php";
40 $url .= "?session=" . session_id();
cab08090 41 $url .= "&challenge=" . S::v('challenge');
42 $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
0337d704 43 $url .= "&url=".urlencode($returl);
cab08090 44 $_SESSION['loginX'] = $url;
0337d704 45 }
46 }
cab08090 47
0337d704 48 // }}}
49 // {{{ function destroy()
cab08090 50
0337d704 51 function destroy() {
cab08090 52 S::destroy();
0337d704 53 XnetSession::init();
54 }
cab08090 55
0337d704 56 // }}}
57 // {{{ function doAuth()
58
59 /** Try to do an authentication.
60 *
61 * @param page the calling page (by reference)
62 */
b0b937fd 63 function doAuth()
0337d704 64 {
cab08090 65 if (S::identified()) { // ok, c'est bon, on n'a rien à faire
0337d704 66 return true;
67 }
68
69 if (Get::has('auth')) {
b0b937fd 70 return XnetSession::doAuthX();
0337d704 71 }
63528107 72
73 return false;
0337d704 74 }
75
76 // }}}
77 // {{{ doAuthX
78
b0b937fd 79 function doAuthX() {
80 global $globals, $page;
0337d704 81
5e2307dc 82 if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
0337d704 83 $page->kill("Erreur d'authentification avec polytechnique.org !");
84 }
85
08cce2ff 86 $res = XDB::query("
0337d704 87 SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
88 a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
89 FROM auth_user_md5 AS u
90 INNER JOIN auth_user_quick AS q USING(user_id)
91 INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
92 INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
93 WHERE u.user_id = {?} AND u.perms IN('admin','user')
5e2307dc 94 LIMIT 1", Get::i('uid'));
0337d704 95 $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
96 $_SESSION['auth'] = AUTH_MDP;
cab08090 97 S::kill('challenge');
98 S::kill('loginX');
0337d704 99 Get::kill('auth');
100 Get::kill('uid');
27472b85 101 $path = Get::v('n');
102 Get::kill('n');
63528107 103 Get::kill('PHPSESSID');
b0b937fd 104
fd834b4b 105 $args = array();
b0b937fd 106 foreach($_GET as $key => $val) {
0337d704 107 $args[] = urlencode($key).'='.urlencode($val);
108 }
63528107 109
fd834b4b 110 http_redirect($globals->baseurl . '/' . $path, join('&', $args));
0337d704 111 }
112
113 // }}}
114}
115
0337d704 116// {{{ may_update
117
118function may_update() {
119 global $globals;
120 if (!$globals->asso('id')) { return false; }
cab08090 121 if (S::has_perms()) { return true; }
08cce2ff 122 $res = XDB::query(
0337d704 123 "SELECT perms
124 FROM groupex.membres
cab08090 125 WHERE uid={?} AND asso_id={?}", S::v('uid'), $globals->asso('id'));
0337d704 126 return $res->fetchOneCell() == 'admin';
127}
128
129// }}}
130// {{{ is_member
131
132function is_member() {
133 global $globals;
258b9710 134 $asso_id = $globals->asso('id');
135 if (!$asso_id) { return false; }
136 static $is_member;
137 if (!$is_member) $is_member = array();
cab08090 138 if (!isset($is_member[$asso_id]))
258b9710 139 {
08cce2ff 140 $res = XDB::query(
0337d704 141 "SELECT COUNT(*)
142 FROM groupex.membres
258b9710 143 WHERE uid={?} AND asso_id={?}",
cab08090 144 S::v('uid'), $asso_id);
258b9710 145 $is_member[$asso_id] = $res->fetchOneCell() == 1;
146 }
147 return $is_member[$asso_id];
0337d704 148}
149
150// }}}
151// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
152?>