[platal.git] / include / xnet / session.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

require_once dirname(__FILE__).'/../../classes/Session.php';

class XnetSession
{
    // {{{ function init

    function init() {
        global $globals;

        S::init();

        $_SESSION['session'] = new XnetSession;

        if (!S::logged()) {
            // prevent connexion to be linked to deconnexion
            if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
                $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
            else
                $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
            $url  = "https://www.polytechnique.org/auth-groupex.php";
            $url .= "?session=" . session_id();
            $url .= "&challenge=" . S::v('challenge');
            $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
            $url .= "&url=".urlencode($returl);
            $_SESSION['loginX'] = $url;
        }
    }

    // }}}
    // {{{ function destroy()

    function destroy() {
        S::destroy();
        XnetSession::init();
    }

    // }}}
    // {{{ function doAuth()

    /** Try to do an authentication.
     *
     * @param page the calling page (by reference)
     */
    function doAuth()
    {
	if (S::identified()) { // ok, c'est bon, on n'a rien � faire
	    return true;
	}

        if (Get::has('auth')) {
            return XnetSession::doAuthX();
        }

        return false;
    }

    // }}}
    // {{{ doAuthX

    function doAuthX() {
        global $globals, $page;

        if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
            $page->kill("Erreur d'authentification avec polytechnique.org !");
        }

        $res  = XDB::query("
            SELECT  u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
                    a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
              FROM  auth_user_md5   AS u
        INNER JOIN  auth_user_quick AS q  USING(user_id)
        INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
        INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
             WHERE  u.user_id = {?} AND u.perms IN('admin','user')
             LIMIT  1", Get::i('uid'));
        $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
        $_SESSION['auth'] = AUTH_MDP;
        S::kill('challenge');
        S::kill('loginX');
        Get::kill('auth');
        Get::kill('uid');
        $args = array();
        $path = Get::v('p');
        Get::kill('p');
        Get::kill('PHPSESSID');

        foreach($_GET as $key => $val) {
            $args[] = urlencode($key).'='.urlencode($val);
        }

        pl_redirect($path, join('&', $args));
    }

    // }}}
}

// {{{ may_update

function may_update() {
    global $globals;
    if (!$globals->asso('id')) { return false; }
    if (S::has_perms()) { return true; }
    $res = XDB::query(
            "SELECT  perms
               FROM  groupex.membres
              WHERE  uid={?} AND asso_id={?}", S::v('uid'), $globals->asso('id'));
    return $res->fetchOneCell() == 'admin';
}

// }}}
// {{{ is_member

function is_member() {
    global $globals;
    $asso_id = $globals->asso('id');
    if (!$asso_id) { return false; }
    static $is_member;
    if (!$is_member) $is_member = array();
    if (!isset($is_member[$asso_id]))
    {
        $res = XDB::query(
            "SELECT  COUNT(*)
               FROM  groupex.membres
              WHERE  uid={?} AND asso_id={?}",
                S::v('uid'), $asso_id);
        $is_member[$asso_id] = $res->fetchOneCell() == 1;
    }
    return $is_member[$asso_id];
}

// }}}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
50a40a33	3	* Copyright (C) 2003-2006 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
b76f0797	22	require_once dirname(__FILE__).'/../../classes/Session.php';
0337d704	23
4869f665	24	class XnetSession
0337d704	25	{
0337d704	26	// {{{ function init
cab08090	27
0337d704	28	function init() {
	29	global $globals;
	30
cab08090	31	S::init();
	32
	33	$_SESSION['session'] = new XnetSession;
	34
	35	if (!S::logged()) {
0337d704	36	// prevent connexion to be linked to deconnexion
71fe935c	37	if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
0337d704	38	$returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
	39	else
	40	$returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
	41	$url = "https://www.polytechnique.org/auth-groupex.php";
	42	$url .= "?session=" . session_id();
cab08090	43	$url .= "&challenge=" . S::v('challenge');
cab08090	44	$url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
0337d704	45	$url .= "&url=".urlencode($returl);
cab08090	46	$_SESSION['loginX'] = $url;
0337d704	47	}
0337d704	48	}
cab08090	49
0337d704	50	// }}}
0337d704	51	// {{{ function destroy()
cab08090	52
0337d704	53	function destroy() {
cab08090	54	S::destroy();
0337d704	55	XnetSession::init();
0337d704	56	}
cab08090	57
0337d704	58	// }}}
	59	// {{{ function doAuth()
	60
	61	/** Try to do an authentication.
	62	*
	63	* @param page the calling page (by reference)
	64	*/
b0b937fd	65	function doAuth()
0337d704	66	{
cab08090	67	if (S::identified()) { // ok, c'est bon, on n'a rien � faire
0337d704	68	return true;
	69	}
	70
	71	if (Get::has('auth')) {
b0b937fd	72	return XnetSession::doAuthX();
0337d704	73	}
63528107	74
63528107	75	return false;
0337d704	76	}
	77
	78	// }}}
	79	// {{{ doAuthX
	80
b0b937fd	81	function doAuthX() {
b0b937fd	82	global $globals, $page;
0337d704	83
5e2307dc	84	if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
0337d704	85	$page->kill("Erreur d'authentification avec polytechnique.org !");
	86	}
	87
08cce2ff	88	$res = XDB::query("
0337d704	89	SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
	90	a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
	91	FROM auth_user_md5 AS u
	92	INNER JOIN auth_user_quick AS q USING(user_id)
	93	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
	94	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
	95	WHERE u.user_id = {?} AND u.perms IN('admin','user')
5e2307dc	96	LIMIT 1", Get::i('uid'));
0337d704	97	$_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
0337d704	98	$_SESSION['auth'] = AUTH_MDP;
cab08090	99	S::kill('challenge');
cab08090	100	S::kill('loginX');
0337d704	101	Get::kill('auth');
	102	Get::kill('uid');
	103	$args = array();
5e2307dc	104	$path = Get::v('p');
b0b937fd	105	Get::kill('p');
63528107	106	Get::kill('PHPSESSID');
b0b937fd	107
b0b937fd	108	foreach($_GET as $key => $val) {
0337d704	109	$args[] = urlencode($key).'='.urlencode($val);
0337d704	110	}
63528107	111
8b00e0e0	112	pl_redirect($path, join('&', $args));
0337d704	113	}
	114
	115	// }}}
	116	}
	117
0337d704	118	// {{{ may_update
	119
	120	function may_update() {
	121	global $globals;
	122	if (!$globals->asso('id')) { return false; }
cab08090	123	if (S::has_perms()) { return true; }
08cce2ff	124	$res = XDB::query(
0337d704	125	"SELECT perms
0337d704	126	FROM groupex.membres
cab08090	127	WHERE uid={?} AND asso_id={?}", S::v('uid'), $globals->asso('id'));
0337d704	128	return $res->fetchOneCell() == 'admin';
	129	}
	130
	131	// }}}
	132	// {{{ is_member
	133
	134	function is_member() {
	135	global $globals;
258b9710	136	$asso_id = $globals->asso('id');
	137	if (!$asso_id) { return false; }
	138	static $is_member;
	139	if (!$is_member) $is_member = array();
cab08090	140	if (!isset($is_member[$asso_id]))
258b9710	141	{
08cce2ff	142	$res = XDB::query(
0337d704	143	"SELECT COUNT(*)
0337d704	144	FROM groupex.membres
258b9710	145	WHERE uid={?} AND asso_id={?}",
cab08090	146	S::v('uid'), $asso_id);
258b9710	147	$is_member[$asso_id] = $res->fetchOneCell() == 1;
	148	}
	149	return $is_member[$asso_id];
0337d704	150	}
	151
	152	// }}}
	153	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
	154	?>