[platal.git] / include / xorg / session.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

require_once 'platal/session.inc.php';

// {{{ class XorgSession

class XorgSession
{
    // {{{ function init

    function init() {
        S::init();
	if (!S::has('uid')) {
	    try_cookie();
        }
	set_skin();
        $_SESSION['session'] = new XorgSession;
    }

    // }}}
    // {{{ function destroy()

    function destroy() {
        S::destroy();
        XorgSession::init();
    }

    // }}}
    // {{{ function doAuth()

    /** Try to do an authentication.
     *
     * @param page the calling page (by reference)
     */
    function doAuth(&$page,$new_name=false)
    {
    	global $globals;
    	if (S::identified()) { // ok, c'est bon, on n'a rien � faire
    	    return true;
    	}

        if (Env::has('username') && Env::has('response') && S::has('challenge'))
    	{
    	    // si on vient de recevoir une identification par passwordpromptscreen.tpl
    	    // ou passwordpromptscreenlogged.tpl
            $uname = Env::get('username');

            if (Env::get('domain') == "alias") {

                $res = XDB::query(
                    "SELECT redirect
                       FROM virtual
                 INNER JOIN virtual_redirect USING(vid)
                      WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
                $redirect = $res->fetchOneCell();
                if ($redirect) {
                    $login = substr($redirect, 0, strpos($redirect, '@'));
                } else {
                    $login = "";
                }
            } else {
                $login = $uname;
            }

    	    $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
    	    $res   = XDB::query(
                        "SELECT  u.user_id, u.password
                           FROM  auth_user_md5 AS u
                     INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND type!='homonyme' )
                          WHERE  a.$field = {?} AND u.perms IN('admin','user')", $login);

            $logger =& S::v('log');
    	    if (list($uid, $password) = $res->fetchOneRow()) {
        	    require_once('secure_hash.inc.php');
        		$expected_response=hash_encrypt("$uname:$password:".S::v('challenge'));
        		// le password de la base est peut-�tre encore encod� en md5
        		if (Env::get('response') != $expected_response) {
        		  $new_password = hash_xor(Env::get('xorpass'), $password);
        		  $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
        		  if (Env::get('response') == $expected_response) {
        		      XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
        		  }
        		}
        		if (Env::get('response') == $expected_response) {
                    if (Env::has('domain')) {
                        if (($domain = Env::get('domain', 'login')) == 'alias') {
                            setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
                        } else {
                            setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
                        }
                        // pour que la modification soit effective dans le reste de la page
                        $_COOKIE['ORGdomain'] = $domain;
                    }

                    S::kill('challenge');
                    if ($logger) {
                        $logger->log('auth_ok');
                    }
        		    start_connexion($uid, true);
                    if (Env::get('remember', 'false') == 'true') {
                        $cookie = hash_encrypt(S::v('password'));
                        setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
                        if ($logger) {
                            $logger->log("cookie_on");
                        }
                    } else {
                        setcookie('ORGaccess', '', time() - 3600, '/', '', 0);

                        if ($logger) {
                            $logger->log("cookie_off");
                        }
                    }
        		    return true;
        		} elseif ($logger) {
                    $logger->log('auth_fail','bad password');
                }
            } elseif ($logger) {
                    $logger->log('auth_fail','bad login');
            }
    	}
        XorgSession::doLogin($page,$new_name);
    }

    // }}}
    // {{{ function doAuthCookie()

    /** Try to do a cookie-based authentication.
     *
     * @param page the calling page (by reference)
     */
    function doAuthCookie(&$page)
    {
	if (S::logged()) {
	    return;
        }

	if (Env::has('username') and Env::has('response')) {
	    return XorgSession::doAuth($page);
        }

	if ($r = try_cookie()) {
	    return XorgSession::doAuth($page,($r>0));
        }
    }

    // }}}
    // {{{ function doLogin()

    /** Display login screen.
     */
    function doLogin(&$page, $new_name=false)
    {
        if (S::logged() and !$new_name) {
            $page->changeTpl('password_prompt_logged.tpl');
            $page->addJsLink('javascript/do_challenge_response_logged.js');
            $page->assign("xorg_tpl", "password_prompt_logged.tpl");
            $page->run();
        } else {
            $page->changeTpl('password_prompt.tpl');
            $page->addJsLink('javascript/do_challenge_response.js');
            $page->assign("xorg_tpl", "password_prompt.tpl");

            global $globals;
            if ($globals->mail->alias_dom) {
                $page->assign("domains", Array(
                    $globals->mail->domain."/".$globals->mail->domain2,
                    $globals->mail->alias_dom."/".$globals->mail->alias_dom2));
                $page->assign("domains_value", Array("login", "alias"));
                $page->assign("r_domain", Cookie::get('ORGdomain', 'login'));
            }
	    $page->run();
    	}
    	exit;
    }

    // }}}
}

// }}}
// {{{ function try_cookie()

/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
 * @return  int     0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
 *                  -2 should not happen
 */
function try_cookie()
{
    if (Cookie::get('ORGaccess') == '' or !Cookie::has('ORGuid')) {
	return -1;
    }

    $res = @XDB::query(
            "SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')",
            Cookie::getInt('ORGuid')
    );
    if ($res->numRows() != 0) {
	list($uid, $password) = $res->fetchOneRow();
	require_once('secure_hash.inc.php');
	$expected_value       = hash_encrypt($password);
	if ($expected_value == Cookie::get('ORGaccess')) {
	    start_connexion($uid, false);
	    return 0;
	} else {
            return 1;
        }
    }

    return -2;
}

// }}}
// {{{ function start_connexion()

/** place les variables de session d�pendants de auth_user_md5
 * et met � jour les dates de derni�re connexion si n�cessaire
 * @return void
 * @see controlpermanent.inc.php controlauthentication.inc.php
 */
function start_connexion ($uid, $identified)
{
    $res  = XDB::query("
	SELECT  u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
                UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
                q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
          FROM  auth_user_md5   AS u
    INNER JOIN  auth_user_quick AS q  USING(user_id)
    INNER JOIN	aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
    INNER JOIN  aliases		AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
     LEFT JOIN  logger.sessions AS s  ON (s.uid=u.user_id AND s.suid=0)
         WHERE  u.user_id = {?} AND u.perms IN('admin','user')
      ORDER BY  s.start DESC
         LIMIT  1", $uid);
    $sess = $res->fetchOneAssoc();
    $suid = S::v('suid');

    if ($suid) {
	$logger = new DiogenesCoreLogger($uid, $suid);
	$logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
        $sess['suid'] = $suid;
    } else {
        $logger = S::v('log', new DiogenesCoreLogger($uid));
        $logger->log("connexion", $_SERVER['PHP_SELF']);
        setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
    }

    $_SESSION         = $sess;
    $_SESSION['log']  = $logger;
    $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
    set_skin();
}

// }}}
// {{{ function set_skin()

function set_skin()
{
    global $globals;
    if (S::logged() && $globals->skin->enable) {
        $uid = S::v('uid');
	$res = XDB::query("SELECT  skin,skin_tpl
	                               FROM  auth_user_quick AS a
				 INNER JOIN  skins           AS s ON a.skin=s.id
			              WHERE  user_id = {?} AND skin_tpl != ''", $uid);
	if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) {
            return;
        }
    }
    if ($globals->skin->enable) {
        $_SESSION['skin'] = $globals->skin->def_tpl;
        $_SESSION['skin_id'] = $globals->skin->def_id;
    } else {
        $_SESSION['skin'] = 'default.tpl';
        $_SESSION['skin_id'] = -1;
    }
}

// }}}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
50a40a33	3	* Copyright (C) 2003-2006 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
4869f665	22	require_once 'platal/session.inc.php';
0337d704	23
	24	// {{{ class XorgSession
	25
4869f665	26	class XorgSession
0337d704	27	{
cab08090	28	// {{{ function init
4869f665	29
cab08090	30	function init() {
	31	S::init();
	32	if (!S::has('uid')) {
0337d704	33	try_cookie();
	34	}
	35	set_skin();
cab08090	36	$_SESSION['session'] = new XorgSession;
0337d704	37	}
	38
	39	// }}}
0337d704	40	// {{{ function destroy()
cab08090	41
0337d704	42	function destroy() {
cab08090	43	S::destroy();
0337d704	44	XorgSession::init();
0337d704	45	}
cab08090	46
0337d704	47	// }}}
	48	// {{{ function doAuth()
	49
	50	/** Try to do an authentication.
	51	*
	52	* @param page the calling page (by reference)
	53	*/
	54	function doAuth(&$page,$new_name=false)
	55	{
46bde4d1	56	global $globals;
cab08090	57	if (S::identified()) { // ok, c'est bon, on n'a rien � faire
46bde4d1	58	return true;
46bde4d1	59	}
0337d704	60
cab08090	61	if (Env::has('username') && Env::has('response') && S::has('challenge'))
46bde4d1	62	{
	63	// si on vient de recevoir une identification par passwordpromptscreen.tpl
	64	// ou passwordpromptscreenlogged.tpl
0337d704	65	$uname = Env::get('username');
cab08090	66
0337d704	67	if (Env::get('domain') == "alias") {
cab08090	68
08cce2ff	69	$res = XDB::query(
0337d704	70	"SELECT redirect
	71	FROM virtual
	72	INNER JOIN virtual_redirect USING(vid)
	73	WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
	74	$redirect = $res->fetchOneCell();
	75	if ($redirect) {
	76	$login = substr($redirect, 0, strpos($redirect, '@'));
	77	} else {
	78	$login = "";
	79	}
	80	} else {
	81	$login = $uname;
	82	}
cab08090	83
46bde4d1	84	$field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
08cce2ff	85	$res = XDB::query(
46bde4d1	86	"SELECT u.user_id, u.password
	87	FROM auth_user_md5 AS u
	88	INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' )
	89	WHERE a.$field = {?} AND u.perms IN('admin','user')", $login);
cab08090	90
cab08090	91	$logger =& S::v('log');
46bde4d1	92	if (list($uid, $password) = $res->fetchOneRow()) {
46bde4d1	93	require_once('secure_hash.inc.php');
cab08090	94	$expected_response=hash_encrypt("$uname:$password:".S::v('challenge'));
46bde4d1	95	// le password de la base est peut-�tre encore encod� en md5
	96	if (Env::get('response') != $expected_response) {
	97	$new_password = hash_xor(Env::get('xorpass'), $password);
cab08090	98	$expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
46bde4d1	99	if (Env::get('response') == $expected_response) {
08cce2ff	100	XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
46bde4d1	101	}
	102	}
	103	if (Env::get('response') == $expected_response) {
0337d704	104	if (Env::has('domain')) {
	105	if (($domain = Env::get('domain', 'login')) == 'alias') {
	106	setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
	107	} else {
	108	setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
	109	}
	110	// pour que la modification soit effective dans le reste de la page
	111	$_COOKIE['ORGdomain'] = $domain;
	112	}
cab08090	113
	114	S::kill('challenge');
	115	if ($logger) {
	116	$logger->log('auth_ok');
0337d704	117	}
46bde4d1	118	start_connexion($uid, true);
0337d704	119	if (Env::get('remember', 'false') == 'true') {
cab08090	120	$cookie = hash_encrypt(S::v('password'));
0337d704	121	setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
	122	if ($logger) {
	123	$logger->log("cookie_on");
	124	}
	125	} else {
	126	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
cab08090	127
0337d704	128	if ($logger) {
	129	$logger->log("cookie_off");
	130	}
	131	}
46bde4d1	132	return true;
46bde4d1	133	} elseif ($logger) {
0337d704	134	$logger->log('auth_fail','bad password');
0337d704	135	}
46bde4d1	136	} elseif ($logger) {
46bde4d1	137	$logger->log('auth_fail','bad login');
0337d704	138	}
46bde4d1	139	}
cab08090	140	XorgSession::doLogin($page,$new_name);
0337d704	141	}
	142
	143	// }}}
	144	// {{{ function doAuthCookie()
	145
	146	/** Try to do a cookie-based authentication.
	147	*
	148	* @param page the calling page (by reference)
	149	*/
	150	function doAuthCookie(&$page)
	151	{
cab08090	152	if (S::logged()) {
0337d704	153	return;
	154	}
	155
	156	if (Env::has('username') and Env::has('response')) {
cab08090	157	return XorgSession::doAuth($page);
0337d704	158	}
	159
	160	if ($r = try_cookie()) {
cab08090	161	return XorgSession::doAuth($page,($r>0));
0337d704	162	}
	163	}
	164
	165	// }}}
	166	// {{{ function doLogin()
	167
	168	/** Display login screen.
	169	*/
	170	function doLogin(&$page, $new_name=false)
	171	{
cab08090	172	if (S::logged() and !$new_name) {
cdfe0063	173	$page->changeTpl('password_prompt_logged.tpl');
e613b04c	174	$page->addJsLink('javascript/do_challenge_response_logged.js');
cdfe0063	175	$page->assign("xorg_tpl", "password_prompt_logged.tpl");
	176	$page->run();
	177	} else {
	178	$page->changeTpl('password_prompt.tpl');
e613b04c	179	$page->addJsLink('javascript/do_challenge_response.js');
cdfe0063	180	$page->assign("xorg_tpl", "password_prompt.tpl");
cab08090	181
0337d704	182	global $globals;
	183	if ($globals->mail->alias_dom) {
	184	$page->assign("domains", Array(
	185	$globals->mail->domain."/".$globals->mail->domain2,
	186	$globals->mail->alias_dom."/".$globals->mail->alias_dom2));
	187	$page->assign("domains_value", Array("login", "alias"));
	188	$page->assign("r_domain", Cookie::get('ORGdomain', 'login'));
	189	}
	190	$page->run();
cdfe0063	191	}
cdfe0063	192	exit;
0337d704	193	}
	194
	195	// }}}
0337d704	196	}
	197
	198	// }}}
	199	// {{{ function try_cookie()
	200
	201	/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
	202	* @return int 0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
	203	* -2 should not happen
	204	*/
	205	function try_cookie()
	206	{
0337d704	207	if (Cookie::get('ORGaccess') == '' or !Cookie::has('ORGuid')) {
	208	return -1;
	209	}
	210
08cce2ff	211	$res = @XDB::query(
0337d704	212	"SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')",
	213	Cookie::getInt('ORGuid')
	214	);
	215	if ($res->numRows() != 0) {
	216	list($uid, $password) = $res->fetchOneRow();
46bde4d1	217	require_once('secure_hash.inc.php');
46bde4d1	218	$expected_value = hash_encrypt($password);
0337d704	219	if ($expected_value == Cookie::get('ORGaccess')) {
	220	start_connexion($uid, false);
	221	return 0;
	222	} else {
	223	return 1;
	224	}
	225	}
	226
	227	return -2;
	228	}
	229
	230	// }}}
	231	// {{{ function start_connexion()
	232
	233	/** place les variables de session d�pendants de auth_user_md5
	234	* et met � jour les dates de derni�re connexion si n�cessaire
	235	* @return void
	236	* @see controlpermanent.inc.php controlauthentication.inc.php
	237	*/
	238	function start_connexion ($uid, $identified)
	239	{
08cce2ff	240	$res = XDB::query("
0337d704	241	SELECT u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
	242	UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
	243	q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
	244	FROM auth_user_md5 AS u
	245	INNER JOIN auth_user_quick AS q USING(user_id)
	246	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
	247	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
	248	LEFT JOIN logger.sessions AS s ON (s.uid=u.user_id AND s.suid=0)
	249	WHERE u.user_id = {?} AND u.perms IN('admin','user')
	250	ORDER BY s.start DESC
	251	LIMIT 1", $uid);
	252	$sess = $res->fetchOneAssoc();
cab08090	253	$suid = S::v('suid');
cab08090	254
0337d704	255	if ($suid) {
0337d704	256	$logger = new DiogenesCoreLogger($uid, $suid);
cab08090	257	$logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
0337d704	258	$sess['suid'] = $suid;
0337d704	259	} else {
cab08090	260	$logger = S::v('log', new DiogenesCoreLogger($uid));
0337d704	261	$logger->log("connexion", $_SERVER['PHP_SELF']);
	262	setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
	263	}
	264
	265	$_SESSION = $sess;
	266	$_SESSION['log'] = $logger;
	267	$_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
	268	set_skin();
	269	}
	270
	271	// }}}
	272	// {{{ function set_skin()
	273
	274	function set_skin()
	275	{
	276	global $globals;
cab08090	277	if (S::logged() && $globals->skin->enable) {
cab08090	278	$uid = S::v('uid');
08cce2ff	279	$res = XDB::query("SELECT skin,skin_tpl
0337d704	280	FROM auth_user_quick AS a
	281	INNER JOIN skins AS s ON a.skin=s.id
	282	WHERE user_id = {?} AND skin_tpl != ''", $uid);
	283	if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) {
	284	return;
	285	}
	286	}
	287	if ($globals->skin->enable) {
	288	$_SESSION['skin'] = $globals->skin->def_tpl;
	289	$_SESSION['skin_id'] = $globals->skin->def_id;
	290	} else {
	291	$_SESSION['skin'] = 'default.tpl';
	292	$_SESSION['skin_id'] = -1;
	293	}
	294	}
	295
	296	// }}}
	297
	298	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
	299	?>