[platal.git] / include / xorg / session.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2007 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class XorgSession
{
    // {{{ public static function init

    public static function init() {
        S::init();
    if (!S::has('uid')) {
        try_cookie();
        }
    }

    // }}}
    // {{{ public static function destroy()

    public static function destroy() {
        S::destroy();
        XorgSession::init();
    }

    // }}}
    // {{{ public static function doAuth()

    public static function doAuth($new_name = false)
    {
        global $globals;
        if (S::identified()) { // ok, c'est bon, on n'a rien � faire
            return true;
        }

        if (!Env::has('username') || !Env::has('response')
        ||  !S::has('challenge'))
        {
            return false;
        }

        // si on vient de recevoir une identification par passwordpromptscreen.tpl
        // ou passwordpromptscreenlogged.tpl
        if (S::has('suid')) {
            $suid = S::v('suid');
            $login = $uname = $suid['forlife'];
            $redirect = false;
        } else {
            $uname = Env::v('username');

            if (Env::v('domain') == "alias") {
                $res = XDB::query(
                    "SELECT redirect
                       FROM virtual
                 INNER JOIN virtual_redirect USING(vid)
                      WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
                $redirect = $res->fetchOneCell();
                if ($redirect) {
                    $login = substr($redirect, 0, strpos($redirect, '@'));
                } else {
                    $login = "";
                }
            } else {
                $login = $uname;
                $redirect = false;
            }
        }

        $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
        $res   = XDB::query(
                    "SELECT  u.user_id, u.password
                       FROM  auth_user_md5 AS u
                 INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND type!='homonyme' )
                      WHERE  a.$field = {?} AND u.perms IN('admin','user')", $login);

        $logger = S::v('log');
        if (list($uid, $password) = $res->fetchOneRow()) {
            require_once('secure_hash.inc.php');
            $expected_response = hash_encrypt("$uname:$password:".S::v('challenge'));
            // le password de la base est peut-�tre encore encod� en md5
            if (Env::v('response') != $expected_response) {
                $new_password = hash_xor(Env::v('xorpass'), $password);
                $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
                if (Env::v('response') == $expected_response) {
                      XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}",
                                   $new_password, $uid);
                }
            }
            if (Env::v('response') == $expected_response) {
                if (Env::has('domain')) {
                    if (($domain = Env::v('domain', 'login')) == 'alias') {
                        setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
                    } else {
                        setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
                    }
                    // pour que la modification soit effective dans le reste de la page
                    $_COOKIE['ORGdomain'] = $domain;
                }

                S::kill('challenge');
                if ($logger) {
                    $logger->log('auth_ok');
                }
                start_connexion($uid, true);
                if (Env::v('remember', 'false') == 'true') {
                    $cookie = hash_encrypt(S::v('password'));
                    setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
                    if ($logger) {
                        $logger->log("cookie_on");
                    }
                } else {
                    setcookie('ORGaccess', '', time() - 3600, '/', '', 0);

                    if ($logger) {
                        $logger->log("cookie_off");
                    }
                }
                return true;
            } elseif ($logger) {
                $logger->log('auth_fail','bad password');
            }
        } elseif ($logger) {
            $logger->log('auth_fail','bad login');
        }

        return false;
    }

    // }}}
    // {{{ public static function doAuthCookie()

    /** Try to do a cookie-based authentication.
     *
     * @param page the calling page (by reference)
     */
    public static function doAuthCookie()
    {
    if (S::logged()) {
        return true;
        }

    if (Env::has('username') and Env::has('response')) {
        return XorgSession::doAuth();
        }

    if ($r = try_cookie()) {
        return XorgSession::doAuth(($r > 0));
        }

        return false;
    }

    // }}}
}

// {{{ function try_cookie()

/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
 * @return  int     0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
 *                  -2 should not happen
 */
function try_cookie()
{
    if (Cookie::v('ORGaccess') == '' or !Cookie::has('ORGuid')) {
    return -1;
    }

    $res = @XDB::query(
            "SELECT user_id,password FROM auth_user_md5
              WHERE user_id = {?} AND perms IN('admin','user')",
            Cookie::i('ORGuid'));

    if ($res->numRows() != 0) {
    list($uid, $password) = $res->fetchOneRow();
    require_once('secure_hash.inc.php');
    $expected_value       = hash_encrypt($password);
    if ($expected_value == Cookie::v('ORGaccess')) {
        start_connexion($uid, false);
        return 0;
    } else {
            return 1;
        }
    }

    return -2;
}

// }}}
// {{{ function start_connexion()

/** place les variables de session d�pendants de auth_user_md5
 * et met � jour les dates de derni�re connexion si n�cessaire
 * @return void
 * @see controlpermanent.inc.php controlauthentication.inc.php
 */
function start_connexion ($uid, $identified)
{
    $res  = XDB::query("
    SELECT  u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
                UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
                q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
          FROM  auth_user_md5   AS u
    INNER JOIN  auth_user_quick AS q  USING(user_id)
    INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
    INNER JOIN  aliases     AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
     LEFT JOIN  logger.sessions AS s  ON (s.uid=u.user_id AND s.suid=0)
         WHERE  u.user_id = {?} AND u.perms IN('admin','user')
      ORDER BY  s.start DESC
         LIMIT  1", $uid);
    $sess = $res->fetchOneAssoc();
    $suid = S::v('suid');

    if ($suid) {
        $logger = new CoreLogger($uid, $suid);
        $logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
        $sess['suid'] = $suid;
        $sess['perms'] = $_SESSION['perms'];
    } else {
        $logger = S::v('log', new CoreLogger($uid));
        $logger->log("connexion", Env::v('n'));
        setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
    }

    $_SESSION         = array_merge($_SESSION, $sess);
    $_SESSION['log']  = $logger;
    $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
    set_skin();
}

// }}}

function set_skin()
{
    global $globals;
    if (S::logged() && !S::has('skin')) {
        $uid = S::v('uid');
    $res = XDB::query("SELECT  skin_tpl
                             FROM  auth_user_quick AS a
                       INNER JOIN  skins           AS s ON a.skin = s.id
                            WHERE  user_id = {?} AND skin_tpl != ''", $uid);
    if ($_SESSION['skin'] = $res->fetchOneCell()) {
            return;
        }
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
5ddeb07c	3	* Copyright (C) 2003-2007 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
4869f665	22	class XorgSession
0337d704	23	{
6995a9b9	24	// {{{ public static function init
4869f665	25
6995a9b9	26	public static function init() {
cab08090	27	S::init();
e74411f7	28	if (!S::has('uid')) {
e74411f7	29	try_cookie();
0337d704	30	}
0337d704	31	}
	32
	33	// }}}
6995a9b9	34	// {{{ public static function destroy()
cab08090	35
6995a9b9	36	public static function destroy() {
cab08090	37	S::destroy();
0337d704	38	XorgSession::init();
0337d704	39	}
cab08090	40
0337d704	41	// }}}
6995a9b9	42	// {{{ public static function doAuth()
0337d704	43
6995a9b9	44	public static function doAuth($new_name = false)
0337d704	45	{
e74411f7	46	global $globals;
	47	if (S::identified()) { // ok, c'est bon, on n'a rien � faire
	48	return true;
	49	}
0337d704	50
63528107	51	if (!Env::has('username') \|\| !Env::has('response')
	52	\|\| !S::has('challenge'))
	53	{
	54	return false;
	55	}
	56
	57	// si on vient de recevoir une identification par passwordpromptscreen.tpl
	58	// ou passwordpromptscreenlogged.tpl
e74411f7	59	if (S::has('suid')) {
	60	$suid = S::v('suid');
	61	$login = $uname = $suid['forlife'];
	62	$redirect = false;
	63	} else {
	64	$uname = Env::v('username');
	65
	66	if (Env::v('domain') == "alias") {
	67	$res = XDB::query(
	68	"SELECT redirect
	69	FROM virtual
	70	INNER JOIN virtual_redirect USING(vid)
	71	WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
	72	$redirect = $res->fetchOneCell();
	73	if ($redirect) {
	74	$login = substr($redirect, 0, strpos($redirect, '@'));
	75	} else {
	76	$login = "";
	77	}
0337d704	78	} else {
e74411f7	79	$login = $uname;
e74411f7	80	$redirect = false;
0337d704	81	}
63528107	82	}
cab08090	83
63528107	84	$field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
	85	$res = XDB::query(
	86	"SELECT u.user_id, u.password
	87	FROM auth_user_md5 AS u
	88	INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' )
	89	WHERE a.$field = {?} AND u.perms IN('admin','user')", $login);
	90
1a013db7	91	$logger = S::v('log');
63528107	92	if (list($uid, $password) = $res->fetchOneRow()) {
e74411f7	93	require_once('secure_hash.inc.php');
	94	$expected_response = hash_encrypt("$uname:$password:".S::v('challenge'));
	95	// le password de la base est peut-�tre encore encod� en md5
	96	if (Env::v('response') != $expected_response) {
	97	$new_password = hash_xor(Env::v('xorpass'), $password);
	98	$expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
	99	if (Env::v('response') == $expected_response) {
	100	XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}",
	101	$new_password, $uid);
	102	}
	103	}
	104	if (Env::v('response') == $expected_response) {
63528107	105	if (Env::has('domain')) {
5e2307dc	106	if (($domain = Env::v('domain', 'login')) == 'alias') {
63528107	107	setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
	108	} else {
	109	setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
0337d704	110	}
63528107	111	// pour que la modification soit effective dans le reste de la page
	112	$_COOKIE['ORGdomain'] = $domain;
	113	}
cab08090	114
63528107	115	S::kill('challenge');
	116	if ($logger) {
	117	$logger->log('auth_ok');
	118	}
e74411f7	119	start_connexion($uid, true);
5e2307dc	120	if (Env::v('remember', 'false') == 'true') {
63528107	121	$cookie = hash_encrypt(S::v('password'));
63528107	122	setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
cab08090	123	if ($logger) {
63528107	124	$logger->log("cookie_on");
0337d704	125	}
63528107	126	} else {
63528107	127	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
cab08090	128
63528107	129	if ($logger) {
63528107	130	$logger->log("cookie_off");
0337d704	131	}
0337d704	132	}
e74411f7	133	return true;
e74411f7	134	} elseif ($logger) {
63528107	135	$logger->log('auth_fail','bad password');
0337d704	136	}
63528107	137	} elseif ($logger) {
	138	$logger->log('auth_fail','bad login');
	139	}
b0b937fd	140
63528107	141	return false;
0337d704	142	}
	143
	144	// }}}
6995a9b9	145	// {{{ public static function doAuthCookie()
0337d704	146
	147	/** Try to do a cookie-based authentication.
	148	*
	149	* @param page the calling page (by reference)
	150	*/
6995a9b9	151	public static function doAuthCookie()
0337d704	152	{
e74411f7	153	if (S::logged()) {
e74411f7	154	return true;
0337d704	155	}
0337d704	156
e74411f7	157	if (Env::has('username') and Env::has('response')) {
e74411f7	158	return XorgSession::doAuth();
0337d704	159	}
0337d704	160
e74411f7	161	if ($r = try_cookie()) {
e74411f7	162	return XorgSession::doAuth(($r > 0));
0337d704	163	}
f6ce9a88	164
f6ce9a88	165	return false;
0337d704	166	}
	167
	168	// }}}
0337d704	169	}
0337d704	170
0337d704	171	// {{{ function try_cookie()
	172
	173	/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
	174	* @return int 0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
	175	* -2 should not happen
	176	*/
	177	function try_cookie()
	178	{
5e2307dc	179	if (Cookie::v('ORGaccess') == '' or !Cookie::has('ORGuid')) {
e74411f7	180	return -1;
0337d704	181	}
0337d704	182
08cce2ff	183	$res = @XDB::query(
aa5f19ae	184	"SELECT user_id,password FROM auth_user_md5
	185	WHERE user_id = {?} AND perms IN('admin','user')",
	186	Cookie::i('ORGuid'));
	187
0337d704	188	if ($res->numRows() != 0) {
e74411f7	189	list($uid, $password) = $res->fetchOneRow();
	190	require_once('secure_hash.inc.php');
	191	$expected_value = hash_encrypt($password);
	192	if ($expected_value == Cookie::v('ORGaccess')) {
	193	start_connexion($uid, false);
	194	return 0;
	195	} else {
0337d704	196	return 1;
	197	}
	198	}
	199
	200	return -2;
	201	}
	202
	203	// }}}
	204	// {{{ function start_connexion()
	205
	206	/** place les variables de session d�pendants de auth_user_md5
	207	* et met � jour les dates de derni�re connexion si n�cessaire
	208	* @return void
	209	* @see controlpermanent.inc.php controlauthentication.inc.php
	210	*/
	211	function start_connexion ($uid, $identified)
	212	{
08cce2ff	213	$res = XDB::query("
e74411f7	214	SELECT u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
0337d704	215	UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
	216	q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
	217	FROM auth_user_md5 AS u
	218	INNER JOIN auth_user_quick AS q USING(user_id)
e74411f7	219	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
e74411f7	220	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
0337d704	221	LEFT JOIN logger.sessions AS s ON (s.uid=u.user_id AND s.suid=0)
	222	WHERE u.user_id = {?} AND u.perms IN('admin','user')
	223	ORDER BY s.start DESC
	224	LIMIT 1", $uid);
	225	$sess = $res->fetchOneAssoc();
cab08090	226	$suid = S::v('suid');
cab08090	227
0337d704	228	if ($suid) {
e74411f7	229	$logger = new CoreLogger($uid, $suid);
e74411f7	230	$logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
0337d704	231	$sess['suid'] = $suid;
e74411f7	232	$sess['perms'] = $_SESSION['perms'];
0337d704	233	} else {
c4271d38	234	$logger = S::v('log', new CoreLogger($uid));
b7d19878	235	$logger->log("connexion", Env::v('n'));
0337d704	236	setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
	237	}
	238
aa5f19ae	239	$_SESSION = array_merge($_SESSION, $sess);
0337d704	240	$_SESSION['log'] = $logger;
	241	$_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
	242	set_skin();
	243	}
	244
	245	// }}}
0337d704	246
	247	function set_skin()
	248	{
	249	global $globals;
63528107	250	if (S::logged() && !S::has('skin')) {
cab08090	251	$uid = S::v('uid');
e74411f7	252	$res = XDB::query("SELECT skin_tpl
63528107	253	FROM auth_user_quick AS a
	254	INNER JOIN skins AS s ON a.skin = s.id
	255	WHERE user_id = {?} AND skin_tpl != ''", $uid);
e74411f7	256	if ($_SESSION['skin'] = $res->fetchOneCell()) {
0337d704	257	return;
	258	}
	259	}
0337d704	260	}
0337d704	261
0337d704	262	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
0337d704	263	?>