[platal.git] / include / xorg / session.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class XorgSession
{
    // {{{ public static function init

    public static function init() {
        S::init();
	if (!S::has('uid')) {
	    try_cookie();
        }
    }

    // }}}
    // {{{ public static function destroy()

    public static function destroy() {
        S::destroy();
        XorgSession::init();
    }

    // }}}
    // {{{ public static function doAuth()

    public static function doAuth($new_name = false)
    {
    	global $globals;
    	if (S::identified()) { // ok, c'est bon, on n'a rien � faire
    	    return true;
    	}

        if (!Env::has('username') || !Env::has('response')
        ||  !S::has('challenge'))
        {
            return false;
        }

        // si on vient de recevoir une identification par passwordpromptscreen.tpl
        // ou passwordpromptscreenlogged.tpl
        $uname = Env::v('username');

        if (Env::v('domain') == "alias") {

            $res = XDB::query(
                "SELECT redirect
                   FROM virtual
             INNER JOIN virtual_redirect USING(vid)
                  WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
            $redirect = $res->fetchOneCell();
            if ($redirect) {
                $login = substr($redirect, 0, strpos($redirect, '@'));
            } else {
                $login = "";
            }
        } else {
            $login = $uname;
            $redirect = false;
        }

        $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
        $res   = XDB::query(
                    "SELECT  u.user_id, u.password
                       FROM  auth_user_md5 AS u
                 INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND type!='homonyme' )
                      WHERE  a.$field = {?} AND u.perms IN('admin','user')", $login);

        $logger = S::v('log');
        if (list($uid, $password) = $res->fetchOneRow()) {
                require_once('secure_hash.inc.php');
                    $expected_response = hash_encrypt("$uname:$password:".S::v('challenge'));
                    // le password de la base est peut-�tre encore encod� en md5
                    if (Env::v('response') != $expected_response) {
                      $new_password = hash_xor(Env::v('xorpass'), $password);
                      $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
                      if (Env::v('response') == $expected_response) {
                          XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}",
                                       $new_password, $uid);
                      }
                    }
                    if (Env::v('response') == $expected_response) {
                if (Env::has('domain')) {
                    if (($domain = Env::v('domain', 'login')) == 'alias') {
                        setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
                    } else {
                        setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
                    }
                    // pour que la modification soit effective dans le reste de la page
                    $_COOKIE['ORGdomain'] = $domain;
                }

                S::kill('challenge');
                if ($logger) {
                    $logger->log('auth_ok');
                }
                        start_connexion($uid, true);
                if (Env::v('remember', 'false') == 'true') {
                    $cookie = hash_encrypt(S::v('password'));
                    setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
                    if ($logger) {
                        $logger->log("cookie_on");
                    }
                } else {
                    setcookie('ORGaccess', '', time() - 3600, '/', '', 0);

                    if ($logger) {
                        $logger->log("cookie_off");
                    }
                }
                        return true;
                    } elseif ($logger) {
                $logger->log('auth_fail','bad password');
            }
        } elseif ($logger) {
            $logger->log('auth_fail','bad login');
        }

        return false;
    }

    // }}}
    // {{{ public static function doAuthCookie()

    /** Try to do a cookie-based authentication.
     *
     * @param page the calling page (by reference)
     */
    public static function doAuthCookie()
    {
	if (S::logged()) {
	    return true;
        }

	if (Env::has('username') and Env::has('response')) {
	    return XorgSession::doAuth();
        }

	if ($r = try_cookie()) {
	    return XorgSession::doAuth(($r > 0));
        }

        return false;
    }

    // }}}
}

// {{{ function try_cookie()

/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
 * @return  int     0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
 *                  -2 should not happen
 */
function try_cookie()
{
    if (Cookie::v('ORGaccess') == '' or !Cookie::has('ORGuid')) {
	return -1;
    }

    $res = @XDB::query(
            "SELECT user_id,password FROM auth_user_md5
              WHERE user_id = {?} AND perms IN('admin','user')",
            Cookie::i('ORGuid'));

    if ($res->numRows() != 0) {
	list($uid, $password) = $res->fetchOneRow();
	require_once('secure_hash.inc.php');
	$expected_value       = hash_encrypt($password);
	if ($expected_value == Cookie::v('ORGaccess')) {
	    start_connexion($uid, false);
	    return 0;
	} else {
            return 1;
        }
    }

    return -2;
}

// }}}
// {{{ function start_connexion()

/** place les variables de session d�pendants de auth_user_md5
 * et met � jour les dates de derni�re connexion si n�cessaire
 * @return void
 * @see controlpermanent.inc.php controlauthentication.inc.php
 */
function start_connexion ($uid, $identified)
{
    $res  = XDB::query("
	SELECT  u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
                UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
                q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
          FROM  auth_user_md5   AS u
    INNER JOIN  auth_user_quick AS q  USING(user_id)
    INNER JOIN	aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
    INNER JOIN  aliases		AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
     LEFT JOIN  logger.sessions AS s  ON (s.uid=u.user_id AND s.suid=0)
         WHERE  u.user_id = {?} AND u.perms IN('admin','user')
      ORDER BY  s.start DESC
         LIMIT  1", $uid);
    $sess = $res->fetchOneAssoc();
    $suid = S::v('suid');

    if ($suid) {
	$logger = new CoreLogger($uid, $suid);
	$logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
        $sess['suid'] = $suid;
    } else {
        $logger = S::v('log', new CoreLogger($uid));
        $logger->log("connexion", Env::v('n'));
        setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
    }

    $_SESSION         = array_merge($_SESSION, $sess);
    $_SESSION['log']  = $logger;
    $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
    set_skin();
}

// }}}

function set_skin()
{
    global $globals;
    if (S::logged() && !S::has('skin')) {
        $uid = S::v('uid');
	$res = XDB::query("SELECT  skin_tpl
                             FROM  auth_user_quick AS a
                       INNER JOIN  skins           AS s ON a.skin = s.id
                            WHERE  user_id = {?} AND skin_tpl != ''", $uid);
	if ($_SESSION['skin'] = $res->fetchOneCell()) {
            return;
        }
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
50a40a33	3	* Copyright (C) 2003-2006 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
4869f665	22	class XorgSession
0337d704	23	{
6995a9b9	24	// {{{ public static function init
4869f665	25
6995a9b9	26	public static function init() {
cab08090	27	S::init();
cab08090	28	if (!S::has('uid')) {
0337d704	29	try_cookie();
0337d704	30	}
0337d704	31	}
	32
	33	// }}}
6995a9b9	34	// {{{ public static function destroy()
cab08090	35
6995a9b9	36	public static function destroy() {
cab08090	37	S::destroy();
0337d704	38	XorgSession::init();
0337d704	39	}
cab08090	40
0337d704	41	// }}}
6995a9b9	42	// {{{ public static function doAuth()
0337d704	43
6995a9b9	44	public static function doAuth($new_name = false)
0337d704	45	{
46bde4d1	46	global $globals;
cab08090	47	if (S::identified()) { // ok, c'est bon, on n'a rien � faire
46bde4d1	48	return true;
46bde4d1	49	}
0337d704	50
63528107	51	if (!Env::has('username') \|\| !Env::has('response')
	52	\|\| !S::has('challenge'))
	53	{
	54	return false;
	55	}
	56
	57	// si on vient de recevoir une identification par passwordpromptscreen.tpl
	58	// ou passwordpromptscreenlogged.tpl
5e2307dc	59	$uname = Env::v('username');
63528107	60
5e2307dc	61	if (Env::v('domain') == "alias") {
63528107	62
	63	$res = XDB::query(
	64	"SELECT redirect
	65	FROM virtual
	66	INNER JOIN virtual_redirect USING(vid)
	67	WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
	68	$redirect = $res->fetchOneCell();
	69	if ($redirect) {
	70	$login = substr($redirect, 0, strpos($redirect, '@'));
0337d704	71	} else {
63528107	72	$login = "";
0337d704	73	}
63528107	74	} else {
63528107	75	$login = $uname;
aa5f19ae	76	$redirect = false;
63528107	77	}
cab08090	78
63528107	79	$field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
	80	$res = XDB::query(
	81	"SELECT u.user_id, u.password
	82	FROM auth_user_md5 AS u
	83	INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' )
	84	WHERE a.$field = {?} AND u.perms IN('admin','user')", $login);
	85
1a013db7	86	$logger = S::v('log');
63528107	87	if (list($uid, $password) = $res->fetchOneRow()) {
63528107	88	require_once('secure_hash.inc.php');
aa5f19ae	89	$expected_response = hash_encrypt("$uname:$password:".S::v('challenge'));
63528107	90	// le password de la base est peut-�tre encore encod� en md5
5e2307dc	91	if (Env::v('response') != $expected_response) {
5e2307dc	92	$new_password = hash_xor(Env::v('xorpass'), $password);
63528107	93	$expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
5e2307dc	94	if (Env::v('response') == $expected_response) {
aa5f19ae	95	XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}",
aa5f19ae	96	$new_password, $uid);
63528107	97	}
63528107	98	}
5e2307dc	99	if (Env::v('response') == $expected_response) {
63528107	100	if (Env::has('domain')) {
5e2307dc	101	if (($domain = Env::v('domain', 'login')) == 'alias') {
63528107	102	setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
	103	} else {
	104	setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
0337d704	105	}
63528107	106	// pour que la modification soit effective dans le reste de la page
	107	$_COOKIE['ORGdomain'] = $domain;
	108	}
cab08090	109
63528107	110	S::kill('challenge');
	111	if ($logger) {
	112	$logger->log('auth_ok');
	113	}
	114	start_connexion($uid, true);
5e2307dc	115	if (Env::v('remember', 'false') == 'true') {
63528107	116	$cookie = hash_encrypt(S::v('password'));
63528107	117	setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
cab08090	118	if ($logger) {
63528107	119	$logger->log("cookie_on");
0337d704	120	}
63528107	121	} else {
63528107	122	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
cab08090	123
63528107	124	if ($logger) {
63528107	125	$logger->log("cookie_off");
0337d704	126	}
0337d704	127	}
63528107	128	return true;
	129	} elseif ($logger) {
	130	$logger->log('auth_fail','bad password');
0337d704	131	}
63528107	132	} elseif ($logger) {
	133	$logger->log('auth_fail','bad login');
	134	}
b0b937fd	135
63528107	136	return false;
0337d704	137	}
	138
	139	// }}}
6995a9b9	140	// {{{ public static function doAuthCookie()
0337d704	141
	142	/** Try to do a cookie-based authentication.
	143	*
	144	* @param page the calling page (by reference)
	145	*/
6995a9b9	146	public static function doAuthCookie()
0337d704	147	{
cab08090	148	if (S::logged()) {
f6ce9a88	149	return true;
0337d704	150	}
	151
	152	if (Env::has('username') and Env::has('response')) {
b0b937fd	153	return XorgSession::doAuth();
0337d704	154	}
	155
	156	if ($r = try_cookie()) {
b0b937fd	157	return XorgSession::doAuth(($r > 0));
0337d704	158	}
f6ce9a88	159
f6ce9a88	160	return false;
0337d704	161	}
	162
	163	// }}}
0337d704	164	}
0337d704	165
0337d704	166	// {{{ function try_cookie()
	167
	168	/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
	169	* @return int 0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
	170	* -2 should not happen
	171	*/
	172	function try_cookie()
	173	{
5e2307dc	174	if (Cookie::v('ORGaccess') == '' or !Cookie::has('ORGuid')) {
0337d704	175	return -1;
	176	}
	177
08cce2ff	178	$res = @XDB::query(
aa5f19ae	179	"SELECT user_id,password FROM auth_user_md5
	180	WHERE user_id = {?} AND perms IN('admin','user')",
	181	Cookie::i('ORGuid'));
	182
0337d704	183	if ($res->numRows() != 0) {
0337d704	184	list($uid, $password) = $res->fetchOneRow();
46bde4d1	185	require_once('secure_hash.inc.php');
46bde4d1	186	$expected_value = hash_encrypt($password);
5e2307dc	187	if ($expected_value == Cookie::v('ORGaccess')) {
0337d704	188	start_connexion($uid, false);
	189	return 0;
	190	} else {
	191	return 1;
	192	}
	193	}
	194
	195	return -2;
	196	}
	197
	198	// }}}
	199	// {{{ function start_connexion()
	200
	201	/** place les variables de session d�pendants de auth_user_md5
	202	* et met � jour les dates de derni�re connexion si n�cessaire
	203	* @return void
	204	* @see controlpermanent.inc.php controlauthentication.inc.php
	205	*/
	206	function start_connexion ($uid, $identified)
	207	{
08cce2ff	208	$res = XDB::query("
0337d704	209	SELECT u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
	210	UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
	211	q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
	212	FROM auth_user_md5 AS u
	213	INNER JOIN auth_user_quick AS q USING(user_id)
	214	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
	215	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
	216	LEFT JOIN logger.sessions AS s ON (s.uid=u.user_id AND s.suid=0)
	217	WHERE u.user_id = {?} AND u.perms IN('admin','user')
	218	ORDER BY s.start DESC
	219	LIMIT 1", $uid);
	220	$sess = $res->fetchOneAssoc();
cab08090	221	$suid = S::v('suid');
cab08090	222
0337d704	223	if ($suid) {
c4271d38	224	$logger = new CoreLogger($uid, $suid);
cab08090	225	$logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
0337d704	226	$sess['suid'] = $suid;
0337d704	227	} else {
c4271d38	228	$logger = S::v('log', new CoreLogger($uid));
b7d19878	229	$logger->log("connexion", Env::v('n'));
0337d704	230	setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
	231	}
	232
aa5f19ae	233	$_SESSION = array_merge($_SESSION, $sess);
0337d704	234	$_SESSION['log'] = $logger;
	235	$_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
	236	set_skin();
	237	}
	238
	239	// }}}
0337d704	240
	241	function set_skin()
	242	{
	243	global $globals;
63528107	244	if (S::logged() && !S::has('skin')) {
cab08090	245	$uid = S::v('uid');
63528107	246	$res = XDB::query("SELECT skin_tpl
	247	FROM auth_user_quick AS a
	248	INNER JOIN skins AS s ON a.skin = s.id
	249	WHERE user_id = {?} AND skin_tpl != ''", $uid);
	250	if ($_SESSION['skin'] = $res->fetchOneCell()) {
0337d704	251	return;
	252	}
	253	}
0337d704	254	}
0337d704	255
0337d704	256	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
0337d704	257	?>