[platal.git] / include / xorg / session.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

require_once('platal/session.inc.php');

// {{{ class XorgSession

class XorgSession extends DiogenesCoreSession
{
    // {{{ function XorgSession()

    function XorgSession()
    {
	$this->DiogenesCoreSession();
	if (!Session::has('uid')) {
	    try_cookie();
        }
	set_skin();
    }

    // }}}
    // {{{ function init
    
    function init() {
        @session_start();
        if (!Session::has('session')) {
            $_SESSION['session'] = new XorgSession;
        }
    }
    
    // }}}
    // {{{ function destroy()
    
    function destroy() {
        @session_destroy();
        unset($_SESSION);
        XorgSession::init();
    }
    
    // }}}
    // {{{ function doAuth()

    /** Try to do an authentication.
     *
     * @param page the calling page (by reference)
     */
    function doAuth(&$page,$new_name=false)
    {
    	global $globals;
    	if (identified()) { // ok, c'est bon, on n'a rien � faire
    	    return true;
    	}

        if (Session::has('session')) {
            $session =& Session::getMixed('session');
        }

        if (Env::has('username') && Env::has('response') && isset($session->challenge))
    	{
    	    // si on vient de recevoir une identification par passwordpromptscreen.tpl
    	    // ou passwordpromptscreenlogged.tpl
            $uname = Env::get('username');
            
            if (Env::get('domain') == "alias") {
            
                $res = $globals->xdb->query(
                    "SELECT redirect
                       FROM virtual
                 INNER JOIN virtual_redirect USING(vid)
                      WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
                $redirect = $res->fetchOneCell();
                if ($redirect) {
                    $login = substr($redirect, 0, strpos($redirect, '@'));
                } else {
                    $login = "";
                }
            } else {
                $login = $uname;
            }
    
    	    $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
    	    $res   = $globals->xdb->query(
                        "SELECT  u.user_id, u.password
                           FROM  auth_user_md5 AS u
                     INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND type!='homonyme' )
                          WHERE  a.$field = {?} AND u.perms IN('admin','user')", $login);
    
            $logger =& Session::getMixed('log');
    	    if (list($uid, $password) = $res->fetchOneRow()) {
        	    require_once('secure_hash.inc.php');
        		$expected_response=hash_encrypt("$uname:$password:{$session->challenge}");
        		// le password de la base est peut-�tre encore encod� en md5
        		if (Env::get('response') != $expected_response) {
        		  $new_password = hash_xor(Env::get('xorpass'), $password);
        		  $expected_response = hash_encrypt("$uname:$new_password:{$session->challenge}");
        		  if (Env::get('response') == $expected_response) {
        		      $globals->xdb->execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
        		  }
        		}
        		if (Env::get('response') == $expected_response) {
                    if (Env::has('domain')) {
                        if (($domain = Env::get('domain', 'login')) == 'alias') {
                            setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
                        } else {
                            setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
                        }
                        // pour que la modification soit effective dans le reste de la page
                        $_COOKIE['ORGdomain'] = $domain;
                    }
    
        		    unset($session->challenge);
        		    if ($logger) {
            			$logger->log('auth_ok');
                    }
        		    start_connexion($uid, true);
                    if (Env::get('remember', 'false') == 'true') {
                        $cookie = hash_encrypt(Session::get('password'));
                        setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
                        if ($logger) {
                            $logger->log("cookie_on");
                        }
                    } else {
                        setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
                        
                        if ($logger) {
                            $logger->log("cookie_off");
                        }
                    }
        		    return true;
        		} elseif ($logger) {
                    $logger->log('auth_fail','bad password');
                }
            } elseif ($logger) {
                    $logger->log('auth_fail','bad login');
            }
    	}
        $this->doLogin($page,$new_name);
    }

    // }}}
    // {{{ function doAuthCookie()

    /** Try to do a cookie-based authentication.
     *
     * @param page the calling page (by reference)
     */
    function doAuthCookie(&$page)
    {
	if (logged()) {
	    return;
        }

	if (Env::has('username') and Env::has('response')) {
	    return $this->doAuth($page);
        }

	if ($r = try_cookie()) {
	    return $this->doAuth($page,($r>0));
        }
    }

    // }}}
    // {{{ function doLogin()

    /** Display login screen.
     */
    function doLogin(&$page, $new_name=false)
    {
        $page->addJsLink('javascript/secure_hash.js');
	if (logged() and !$new_name) {
	    $page->changeTpl('password_prompt_logged.tpl');
            $page->addJsLink('javascript/do_challenge_response_logged.js');
	    $page->assign("xorg_tpl", "password_prompt_logged.tpl");
	    $page->run();
	} else {
	    $page->changeTpl('password_prompt.tpl');
            $page->addJsLink('javascript/do_challenge_response.js');
	    $page->assign("xorg_tpl", "password_prompt.tpl");
            
            global $globals;
            if ($globals->mail->alias_dom) {
                $page->assign("domains", Array(
                    $globals->mail->domain."/".$globals->mail->domain2,
                    $globals->mail->alias_dom."/".$globals->mail->alias_dom2));
                $page->assign("domains_value", Array("login", "alias"));
                $page->assign("r_domain", Cookie::get('ORGdomain', 'login'));
            }
	    $page->run();
	}
	exit;
    }

    // }}}
    // {{{ function getUserId()
    
    function getUserId($auth,$username)
    {
	global $globals;
	$res = $globals->xdb->query("SELECT id FROM aliases WHERE alias = {?}",$username);
        return $res->fetchOneCell();
    }

    // }}}
    // {{{ function getUsername()

    function getUsername($auth,$uid)
    {
	global $globals;
        $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND type='a_vie'", $uid);
        return $res->fetchOneCell();
    }

    // }}}
}

// }}}
// {{{ function try_cookie()

/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
 * @return  int     0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
 *                  -2 should not happen
 */
function try_cookie()
{
    global $globals;
    if (Cookie::get('ORGaccess') == '' or !Cookie::has('ORGuid')) {
	return -1;
    }

    $res = @$globals->xdb->query(
            "SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')",
            Cookie::getInt('ORGuid')
    );
    if ($res->numRows() != 0) {
	list($uid, $password) = $res->fetchOneRow();
	require_once('secure_hash.inc.php');
	$expected_value       = hash_encrypt($password);
	if ($expected_value == Cookie::get('ORGaccess')) {
	    start_connexion($uid, false);
	    return 0;
	} else {
            return 1;
        }
    }

    return -2;
}

// }}}
// {{{ function start_connexion()

/** place les variables de session d�pendants de auth_user_md5
 * et met � jour les dates de derni�re connexion si n�cessaire
 * @return void
 * @see controlpermanent.inc.php controlauthentication.inc.php
 */
function start_connexion ($uid, $identified)
{
    global $globals;
    $res  = $globals->xdb->query("
	SELECT  u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
                UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
                q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
          FROM  auth_user_md5   AS u
    INNER JOIN  auth_user_quick AS q  USING(user_id)
    INNER JOIN	aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
    INNER JOIN  aliases		AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
     LEFT JOIN  logger.sessions AS s  ON (s.uid=u.user_id AND s.suid=0)
         WHERE  u.user_id = {?} AND u.perms IN('admin','user')
      ORDER BY  s.start DESC
         LIMIT  1", $uid);
    $sess = $res->fetchOneAssoc();
    $suid = Session::getMixed('suid');
    
    if ($suid) {
	$logger = new DiogenesCoreLogger($uid, $suid);
	$logger->log("suid_start", Session::get('forlife')." by {$suid['uid']}");
        $sess['suid'] = $suid;
    } else {
        $logger = Session::getMixed('log', new DiogenesCoreLogger($uid));
        $logger->log("connexion", $_SERVER['PHP_SELF']);
        setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
    }

    $_SESSION         = $sess;
    $_SESSION['log']  = $logger;
    $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
    set_skin();
}

// }}}
// {{{ function set_skin()

function set_skin()
{
    global $globals;
    if (logged() && $globals->skin->enable) {
        $uid = Session::getInt('uid');
	$res = $globals->xdb->query("SELECT  skin,skin_tpl
	                               FROM  auth_user_quick AS a
				 INNER JOIN  skins           AS s ON a.skin=s.id
			              WHERE  user_id = {?} AND skin_tpl != ''", $uid);
	if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) {
            return;
        }
    }
    if ($globals->skin->enable) {
        $_SESSION['skin'] = $globals->skin->def_tpl;
        $_SESSION['skin_id'] = $globals->skin->def_id;
    } else {
        $_SESSION['skin'] = 'default.tpl';
        $_SESSION['skin_id'] = -1;
    }
}

// }}}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
50a40a33	3	* Copyright (C) 2003-2006 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	require_once('platal/session.inc.php');
	23
	24	// {{{ class XorgSession
	25
	26	class XorgSession extends DiogenesCoreSession
	27	{
	28	// {{{ function XorgSession()
	29
	30	function XorgSession()
	31	{
	32	$this->DiogenesCoreSession();
	33	if (!Session::has('uid')) {
	34	try_cookie();
	35	}
	36	set_skin();
	37	}
	38
	39	// }}}
	40	// {{{ function init
	41
	42	function init() {
	43	@session_start();
	44	if (!Session::has('session')) {
	45	$_SESSION['session'] = new XorgSession;
	46	}
	47	}
	48
	49	// }}}
	50	// {{{ function destroy()
	51
	52	function destroy() {
	53	@session_destroy();
	54	unset($_SESSION);
	55	XorgSession::init();
	56	}
	57
	58	// }}}
	59	// {{{ function doAuth()
	60
	61	/** Try to do an authentication.
	62	*
	63	* @param page the calling page (by reference)
	64	*/
	65	function doAuth(&$page,$new_name=false)
	66	{
46bde4d1	67	global $globals;
	68	if (identified()) { // ok, c'est bon, on n'a rien � faire
	69	return true;
	70	}
0337d704	71
	72	if (Session::has('session')) {
	73	$session =& Session::getMixed('session');
	74	}
	75
	76	if (Env::has('username') && Env::has('response') && isset($session->challenge))
46bde4d1	77	{
	78	// si on vient de recevoir une identification par passwordpromptscreen.tpl
	79	// ou passwordpromptscreenlogged.tpl
0337d704	80	$uname = Env::get('username');
	81
	82	if (Env::get('domain') == "alias") {
	83
	84	$res = $globals->xdb->query(
	85	"SELECT redirect
	86	FROM virtual
	87	INNER JOIN virtual_redirect USING(vid)
	88	WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
	89	$redirect = $res->fetchOneCell();
	90	if ($redirect) {
	91	$login = substr($redirect, 0, strpos($redirect, '@'));
	92	} else {
	93	$login = "";
	94	}
	95	} else {
	96	$login = $uname;
	97	}
46bde4d1	98
	99	$field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
	100	$res = $globals->xdb->query(
	101	"SELECT u.user_id, u.password
	102	FROM auth_user_md5 AS u
	103	INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' )
	104	WHERE a.$field = {?} AND u.perms IN('admin','user')", $login);
	105
0337d704	106	$logger =& Session::getMixed('log');
46bde4d1	107	if (list($uid, $password) = $res->fetchOneRow()) {
	108	require_once('secure_hash.inc.php');
	109	$expected_response=hash_encrypt("$uname:$password:{$session->challenge}");
	110	// le password de la base est peut-�tre encore encod� en md5
	111	if (Env::get('response') != $expected_response) {
	112	$new_password = hash_xor(Env::get('xorpass'), $password);
	113	$expected_response = hash_encrypt("$uname:$new_password:{$session->challenge}");
	114	if (Env::get('response') == $expected_response) {
	115	$globals->xdb->execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
	116	}
	117	}
	118	if (Env::get('response') == $expected_response) {
0337d704	119	if (Env::has('domain')) {
	120	if (($domain = Env::get('domain', 'login')) == 'alias') {
	121	setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
	122	} else {
	123	setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
	124	}
	125	// pour que la modification soit effective dans le reste de la page
	126	$_COOKIE['ORGdomain'] = $domain;
	127	}
46bde4d1	128
	129	unset($session->challenge);
	130	if ($logger) {
	131	$logger->log('auth_ok');
0337d704	132	}
46bde4d1	133	start_connexion($uid, true);
0337d704	134	if (Env::get('remember', 'false') == 'true') {
46bde4d1	135	$cookie = hash_encrypt(Session::get('password'));
0337d704	136	setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
	137	if ($logger) {
	138	$logger->log("cookie_on");
	139	}
	140	} else {
	141	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
	142
	143	if ($logger) {
	144	$logger->log("cookie_off");
	145	}
	146	}
46bde4d1	147	return true;
46bde4d1	148	} elseif ($logger) {
0337d704	149	$logger->log('auth_fail','bad password');
0337d704	150	}
46bde4d1	151	} elseif ($logger) {
46bde4d1	152	$logger->log('auth_fail','bad login');
0337d704	153	}
46bde4d1	154	}
0337d704	155	$this->doLogin($page,$new_name);
	156	}
	157
	158	// }}}
	159	// {{{ function doAuthCookie()
	160
	161	/** Try to do a cookie-based authentication.
	162	*
	163	* @param page the calling page (by reference)
	164	*/
	165	function doAuthCookie(&$page)
	166	{
	167	if (logged()) {
	168	return;
	169	}
	170
	171	if (Env::has('username') and Env::has('response')) {
	172	return $this->doAuth($page);
	173	}
	174
	175	if ($r = try_cookie()) {
	176	return $this->doAuth($page,($r>0));
	177	}
	178	}
	179
	180	// }}}
	181	// {{{ function doLogin()
	182
	183	/** Display login screen.
	184	*/
	185	function doLogin(&$page, $new_name=false)
	186	{
46bde4d1	187	$page->addJsLink('javascript/secure_hash.js');
0337d704	188	if (logged() and !$new_name) {
	189	$page->changeTpl('password_prompt_logged.tpl');
	190	$page->addJsLink('javascript/do_challenge_response_logged.js');
	191	$page->assign("xorg_tpl", "password_prompt_logged.tpl");
	192	$page->run();
	193	} else {
	194	$page->changeTpl('password_prompt.tpl');
	195	$page->addJsLink('javascript/do_challenge_response.js');
	196	$page->assign("xorg_tpl", "password_prompt.tpl");
	197
	198	global $globals;
	199	if ($globals->mail->alias_dom) {
	200	$page->assign("domains", Array(
	201	$globals->mail->domain."/".$globals->mail->domain2,
	202	$globals->mail->alias_dom."/".$globals->mail->alias_dom2));
	203	$page->assign("domains_value", Array("login", "alias"));
	204	$page->assign("r_domain", Cookie::get('ORGdomain', 'login'));
	205	}
	206	$page->run();
	207	}
	208	exit;
	209	}
	210
	211	// }}}
	212	// {{{ function getUserId()
	213
	214	function getUserId($auth,$username)
	215	{
	216	global $globals;
	217	$res = $globals->xdb->query("SELECT id FROM aliases WHERE alias = {?}",$username);
	218	return $res->fetchOneCell();
	219	}
	220
	221	// }}}
	222	// {{{ function getUsername()
	223
	224	function getUsername($auth,$uid)
	225	{
	226	global $globals;
	227	$res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND type='a_vie'", $uid);
	228	return $res->fetchOneCell();
	229	}
	230
	231	// }}}
	232	}
	233
	234	// }}}
	235	// {{{ function try_cookie()
	236
	237	/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
	238	* @return int 0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
	239	* -2 should not happen
	240	*/
	241	function try_cookie()
	242	{
	243	global $globals;
	244	if (Cookie::get('ORGaccess') == '' or !Cookie::has('ORGuid')) {
	245	return -1;
	246	}
	247
	248	$res = @$globals->xdb->query(
	249	"SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')",
	250	Cookie::getInt('ORGuid')
	251	);
252	if ($res->numRows() != 0) {
253	list($uid, $password) = $res->fetchOneRow();
46bde4d1	254	require_once('secure_hash.inc.php');
46bde4d1	255	$expected_value = hash_encrypt($password);
0337d704	256	if ($expected_value == Cookie::get('ORGaccess')) {
	257	start_connexion($uid, false);
	258	return 0;
	259	} else {
	260	return 1;
	261	}
	262	}
	263
	264	return -2;
	265	}
	266
	267	// }}}
	268	// {{{ function start_connexion()
	269
	270	/** place les variables de session d�pendants de auth_user_md5
	271	* et met � jour les dates de derni�re connexion si n�cessaire
	272	* @return void
	273	* @see controlpermanent.inc.php controlauthentication.inc.php
	274	*/
	275	function start_connexion ($uid, $identified)
	276	{
	277	global $globals;
	278	$res = $globals->xdb->query("
	279	SELECT u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
	280	UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
	281	q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
	282	FROM auth_user_md5 AS u
	283	INNER JOIN auth_user_quick AS q USING(user_id)
	284	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
	285	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
	286	LEFT JOIN logger.sessions AS s ON (s.uid=u.user_id AND s.suid=0)
	287	WHERE u.user_id = {?} AND u.perms IN('admin','user')
	288	ORDER BY s.start DESC
	289	LIMIT 1", $uid);
	290	$sess = $res->fetchOneAssoc();
	291	$suid = Session::getMixed('suid');
	292
	293	if ($suid) {
	294	$logger = new DiogenesCoreLogger($uid, $suid);
	295	$logger->log("suid_start", Session::get('forlife')." by {$suid['uid']}");
	296	$sess['suid'] = $suid;
	297	} else {
	298	$logger = Session::getMixed('log', new DiogenesCoreLogger($uid));
	299	$logger->log("connexion", $_SERVER['PHP_SELF']);
	300	setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
	301	}
	302
	303	$_SESSION = $sess;
	304	$_SESSION['log'] = $logger;
	305	$_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
	306	set_skin();
	307	}
	308
	309	// }}}
	310	// {{{ function set_skin()
	311
	312	function set_skin()
	313	{
	314	global $globals;
	315	if (logged() && $globals->skin->enable) {
	316	$uid = Session::getInt('uid');
	317	$res = $globals->xdb->query("SELECT skin,skin_tpl
	318	FROM auth_user_quick AS a
	319	INNER JOIN skins AS s ON a.skin=s.id
320	WHERE user_id = {?} AND skin_tpl != ''", $uid);
321	if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) {
322	return;
323	}
324	}
325	if ($globals->skin->enable) {
326	$_SESSION['skin'] = $globals->skin->def_tpl;
327	$_SESSION['skin_id'] = $globals->skin->def_id;
328	} else {
329	$_SESSION['skin'] = 'default.tpl';
330	$_SESSION['skin_id'] = -1;
331	}
332	}
333
334	// }}}
335
336	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
337	?>