[platal.git] / include / xorg / session.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

require_once('platal/session.inc.php');

// {{{ class XorgSession

class XorgSession extends DiogenesCoreSession
{
    // {{{ function XorgSession()

    function XorgSession()
    {
	$this->DiogenesCoreSession();
	if (!Session::has('uid')) {
	    try_cookie();
        }
	set_skin();
    }

    // }}}
    // {{{ function init
    
    function init() {
        @session_start();
        if (!Session::has('session')) {
            $_SESSION['session'] = new XorgSession;
        }
    }
    
    // }}}
    // {{{ function destroy()
    
    function destroy() {
        @session_destroy();
        unset($_SESSION);
        XorgSession::init();
    }
    
    // }}}
    // {{{ function doAuth()

    /** Try to do an authentication.
     *
     * @param page the calling page (by reference)
     */
    function doAuth(&$page,$new_name=false)
    {
    	global $globals;
    	if (identified()) { // ok, c'est bon, on n'a rien � faire
    	    return true;
    	}

        if (Session::has('session')) {
            $session =& Session::getMixed('session');
        }
        if (Env::has('username') && Env::has('response') && isset($session->challenge))
    	{
    	    // si on vient de recevoir une identification par passwordpromptscreen.tpl
    	    // ou passwordpromptscreenlogged.tpl
            $uname = Env::get('username');
            
            if (Env::get('domain') == "alias") {
            
                $res = $globals->xdb->query(
                    "SELECT redirect
                       FROM virtual
                 INNER JOIN virtual_redirect USING(vid)
                      WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
                $redirect = $res->fetchOneCell();
                if ($redirect) {
                    $login = substr($redirect, 0, strpos($redirect, '@'));
                } else {
                    $login = "";
                }
            } else {
                $login = $uname;
            }
    
    	    $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
    	    $res   = $globals->xdb->query(
                        "SELECT  u.user_id, u.password
                           FROM  auth_user_md5 AS u
                     INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND type!='homonyme' )
                          WHERE  a.$field = {?} AND u.perms IN('admin','user')", $login);
    
            $logger =& Session::getMixed('log');
    	    if (list($uid, $password) = $res->fetchOneRow()) {
        	    require_once('secure_hash.inc.php');
        		$expected_response=hash_encrypt("$uname:$password:{$session->challenge}");
        		// le password de la base est peut-�tre encore encod� en md5
        		if (Env::get('response') != $expected_response) {
        		  $new_password = hash_xor(Env::get('xorpass'), $password);
        		  $expected_response = hash_encrypt("$uname:$new_password:{$session->challenge}");
        		  if (Env::get('response') == $expected_response) {
        		      $globals->xdb->execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
        		  }
        		}
        		if (Env::get('response') == $expected_response) {
                    if (Env::has('domain')) {
                        if (($domain = Env::get('domain', 'login')) == 'alias') {
                            setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
                        } else {
                            setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
                        }
                        // pour que la modification soit effective dans le reste de la page
                        $_COOKIE['ORGdomain'] = $domain;
                    }
    
        		    unset($session->challenge);
        		    if ($logger) {
            			$logger->log('auth_ok');
                    }
        		    start_connexion($uid, true);
                    if (Env::get('remember', 'false') == 'true') {
                        $cookie = hash_encrypt(Session::get('password'));
                        setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
                        if ($logger) {
                            $logger->log("cookie_on");
                        }
                    } else {
                        setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
                        
                        if ($logger) {
                            $logger->log("cookie_off");
                        }
                    }
        		    return true;
        		} elseif ($logger) {
                    $logger->log('auth_fail','bad password');
                }
            } elseif ($logger) {
                    $logger->log('auth_fail','bad login');
            }
    	}
        $this->doLogin($page,$new_name);
    }

    // }}}
    // {{{ function doAuthCookie()

    /** Try to do a cookie-based authentication.
     *
     * @param page the calling page (by reference)
     */
    function doAuthCookie(&$page)
    {
	if (logged()) {
	    return;
        }

	if (Env::has('username') and Env::has('response')) {
	    return $this->doAuth($page);
        }

	if ($r = try_cookie()) {
	    return $this->doAuth($page,($r>0));
        }
    }

    // }}}
    // {{{ function doLogin()

    /** Display login screen.
     */
    function doLogin(&$page, $new_name=false)
    {
        if (logged() and !$new_name) {
            $page->changeTpl('password_prompt_logged.tpl');
            $page->addJsLink('javascript/do_challenge_response_logged.js.php');
            $page->assign("xorg_tpl", "password_prompt_logged.tpl");
            $page->run();
        } else {
            $page->changeTpl('password_prompt.tpl');
            $page->addJsLink('javascript/do_challenge_response.js.php');
            $page->assign("xorg_tpl", "password_prompt.tpl");
            
            global $globals;
            if ($globals->mail->alias_dom) {
                $page->assign("domains", Array(
                    $globals->mail->domain."/".$globals->mail->domain2,
                    $globals->mail->alias_dom."/".$globals->mail->alias_dom2));
                $page->assign("domains_value", Array("login", "alias"));
                $page->assign("r_domain", Cookie::get('ORGdomain', 'login'));
            }
	    $page->run();
    	}
    	exit;
    }

    // }}}
    // {{{ function getUserId()
    
    function getUserId($auth,$username)
    {
	global $globals;
	$res = $globals->xdb->query("SELECT id FROM aliases WHERE alias = {?}",$username);
        return $res->fetchOneCell();
    }

    // }}}
    // {{{ function getUsername()

    function getUsername($auth,$uid)
    {
	global $globals;
        $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND type='a_vie'", $uid);
        return $res->fetchOneCell();
    }

    // }}}
}

// }}}
// {{{ function try_cookie()

/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
 * @return  int     0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
 *                  -2 should not happen
 */
function try_cookie()
{
    global $globals;
    if (Cookie::get('ORGaccess') == '' or !Cookie::has('ORGuid')) {
	return -1;
    }

    $res = @$globals->xdb->query(
            "SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')",
            Cookie::getInt('ORGuid')
    );
    if ($res->numRows() != 0) {
	list($uid, $password) = $res->fetchOneRow();
	require_once('secure_hash.inc.php');
	$expected_value       = hash_encrypt($password);
	if ($expected_value == Cookie::get('ORGaccess')) {
	    start_connexion($uid, false);
	    return 0;
	} else {
            return 1;
        }
    }

    return -2;
}

// }}}
// {{{ function start_connexion()

/** place les variables de session d�pendants de auth_user_md5
 * et met � jour les dates de derni�re connexion si n�cessaire
 * @return void
 * @see controlpermanent.inc.php controlauthentication.inc.php
 */
function start_connexion ($uid, $identified)
{
    global $globals;
    $res  = $globals->xdb->query("
	SELECT  u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
                UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
                q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
          FROM  auth_user_md5   AS u
    INNER JOIN  auth_user_quick AS q  USING(user_id)
    INNER JOIN	aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
    INNER JOIN  aliases		AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
     LEFT JOIN  logger.sessions AS s  ON (s.uid=u.user_id AND s.suid=0)
         WHERE  u.user_id = {?} AND u.perms IN('admin','user')
      ORDER BY  s.start DESC
         LIMIT  1", $uid);
    $sess = $res->fetchOneAssoc();
    $suid = Session::getMixed('suid');
    
    if ($suid) {
	$logger = new DiogenesCoreLogger($uid, $suid);
	$logger->log("suid_start", Session::get('forlife')." by {$suid['uid']}");
        $sess['suid'] = $suid;
    } else {
        $logger = Session::getMixed('log', new DiogenesCoreLogger($uid));
        $logger->log("connexion", $_SERVER['PHP_SELF']);
        setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
    }

    $_SESSION         = $sess;
    $_SESSION['log']  = $logger;
    $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
    set_skin();
}

// }}}
// {{{ function set_skin()

function set_skin()
{
    global $globals;
    if (logged() && $globals->skin->enable) {
        $uid = Session::getInt('uid');
	$res = $globals->xdb->query("SELECT  skin,skin_tpl
	                               FROM  auth_user_quick AS a
				 INNER JOIN  skins           AS s ON a.skin=s.id
			              WHERE  user_id = {?} AND skin_tpl != ''", $uid);
	if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) {
            return;
        }
    }
    if ($globals->skin->enable) {
        $_SESSION['skin'] = $globals->skin->def_tpl;
        $_SESSION['skin_id'] = $globals->skin->def_id;
    } else {
        $_SESSION['skin'] = 'default.tpl';
        $_SESSION['skin_id'] = -1;
    }
}

// }}}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
50a40a33	3	* Copyright (C) 2003-2006 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	require_once('platal/session.inc.php');
	23
	24	// {{{ class XorgSession
	25
	26	class XorgSession extends DiogenesCoreSession
	27	{
	28	// {{{ function XorgSession()
	29
	30	function XorgSession()
	31	{
	32	$this->DiogenesCoreSession();
	33	if (!Session::has('uid')) {
	34	try_cookie();
	35	}
	36	set_skin();
	37	}
	38
	39	// }}}
	40	// {{{ function init
	41
	42	function init() {
	43	@session_start();
	44	if (!Session::has('session')) {
	45	$_SESSION['session'] = new XorgSession;
	46	}
	47	}
	48
	49	// }}}
	50	// {{{ function destroy()
	51
	52	function destroy() {
	53	@session_destroy();
	54	unset($_SESSION);
	55	XorgSession::init();
	56	}
	57
	58	// }}}
	59	// {{{ function doAuth()
	60
	61	/** Try to do an authentication.
	62	*
	63	* @param page the calling page (by reference)
	64	*/
	65	function doAuth(&$page,$new_name=false)
	66	{
46bde4d1	67	global $globals;
	68	if (identified()) { // ok, c'est bon, on n'a rien � faire
	69	return true;
	70	}
0337d704	71
	72	if (Session::has('session')) {
	73	$session =& Session::getMixed('session');
	74	}
0337d704	75	if (Env::has('username') && Env::has('response') && isset($session->challenge))
46bde4d1	76	{
	77	// si on vient de recevoir une identification par passwordpromptscreen.tpl
	78	// ou passwordpromptscreenlogged.tpl
0337d704	79	$uname = Env::get('username');
	80
	81	if (Env::get('domain') == "alias") {
	82
	83	$res = $globals->xdb->query(
	84	"SELECT redirect
	85	FROM virtual
	86	INNER JOIN virtual_redirect USING(vid)
	87	WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
	88	$redirect = $res->fetchOneCell();
	89	if ($redirect) {
	90	$login = substr($redirect, 0, strpos($redirect, '@'));
	91	} else {
	92	$login = "";
	93	}
	94	} else {
	95	$login = $uname;
	96	}
46bde4d1	97
	98	$field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
	99	$res = $globals->xdb->query(
	100	"SELECT u.user_id, u.password
	101	FROM auth_user_md5 AS u
	102	INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' )
	103	WHERE a.$field = {?} AND u.perms IN('admin','user')", $login);
	104
0337d704	105	$logger =& Session::getMixed('log');
46bde4d1	106	if (list($uid, $password) = $res->fetchOneRow()) {
	107	require_once('secure_hash.inc.php');
	108	$expected_response=hash_encrypt("$uname:$password:{$session->challenge}");
	109	// le password de la base est peut-�tre encore encod� en md5
	110	if (Env::get('response') != $expected_response) {
	111	$new_password = hash_xor(Env::get('xorpass'), $password);
	112	$expected_response = hash_encrypt("$uname:$new_password:{$session->challenge}");
	113	if (Env::get('response') == $expected_response) {
	114	$globals->xdb->execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
	115	}
	116	}
	117	if (Env::get('response') == $expected_response) {
0337d704	118	if (Env::has('domain')) {
	119	if (($domain = Env::get('domain', 'login')) == 'alias') {
	120	setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
	121	} else {
	122	setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
	123	}
	124	// pour que la modification soit effective dans le reste de la page
	125	$_COOKIE['ORGdomain'] = $domain;
	126	}
46bde4d1	127
	128	unset($session->challenge);
	129	if ($logger) {
	130	$logger->log('auth_ok');
0337d704	131	}
46bde4d1	132	start_connexion($uid, true);
0337d704	133	if (Env::get('remember', 'false') == 'true') {
46bde4d1	134	$cookie = hash_encrypt(Session::get('password'));
0337d704	135	setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
	136	if ($logger) {
	137	$logger->log("cookie_on");
	138	}
	139	} else {
	140	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
	141
	142	if ($logger) {
	143	$logger->log("cookie_off");
	144	}
	145	}
46bde4d1	146	return true;
46bde4d1	147	} elseif ($logger) {
0337d704	148	$logger->log('auth_fail','bad password');
0337d704	149	}
46bde4d1	150	} elseif ($logger) {
46bde4d1	151	$logger->log('auth_fail','bad login');
0337d704	152	}
46bde4d1	153	}
0337d704	154	$this->doLogin($page,$new_name);
	155	}
	156
	157	// }}}
	158	// {{{ function doAuthCookie()
	159
	160	/** Try to do a cookie-based authentication.
	161	*
	162	* @param page the calling page (by reference)
	163	*/
	164	function doAuthCookie(&$page)
	165	{
	166	if (logged()) {
	167	return;
	168	}
	169
	170	if (Env::has('username') and Env::has('response')) {
	171	return $this->doAuth($page);
	172	}
	173
	174	if ($r = try_cookie()) {
	175	return $this->doAuth($page,($r>0));
	176	}
	177	}
	178
	179	// }}}
	180	// {{{ function doLogin()
	181
	182	/** Display login screen.
	183	*/
	184	function doLogin(&$page, $new_name=false)
	185	{
cdfe0063	186	if (logged() and !$new_name) {
	187	$page->changeTpl('password_prompt_logged.tpl');
	188	$page->addJsLink('javascript/do_challenge_response_logged.js.php');
	189	$page->assign("xorg_tpl", "password_prompt_logged.tpl");
	190	$page->run();
	191	} else {
	192	$page->changeTpl('password_prompt.tpl');
	193	$page->addJsLink('javascript/do_challenge_response.js.php');
	194	$page->assign("xorg_tpl", "password_prompt.tpl");
0337d704	195
	196	global $globals;
	197	if ($globals->mail->alias_dom) {
	198	$page->assign("domains", Array(
	199	$globals->mail->domain."/".$globals->mail->domain2,
	200	$globals->mail->alias_dom."/".$globals->mail->alias_dom2));
	201	$page->assign("domains_value", Array("login", "alias"));
	202	$page->assign("r_domain", Cookie::get('ORGdomain', 'login'));
	203	}
	204	$page->run();
cdfe0063	205	}
cdfe0063	206	exit;
0337d704	207	}
	208
	209	// }}}
	210	// {{{ function getUserId()
	211
	212	function getUserId($auth,$username)
	213	{
	214	global $globals;
	215	$res = $globals->xdb->query("SELECT id FROM aliases WHERE alias = {?}",$username);
	216	return $res->fetchOneCell();
	217	}
	218
	219	// }}}
	220	// {{{ function getUsername()
	221
	222	function getUsername($auth,$uid)
	223	{
	224	global $globals;
	225	$res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND type='a_vie'", $uid);
	226	return $res->fetchOneCell();
	227	}
	228
	229	// }}}
	230	}
	231
	232	// }}}
	233	// {{{ function try_cookie()
	234
	235	/** r�alise la r�cup�ration de $_SESSION pour qqn avec cookie
	236	* @return int 0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
	237	* -2 should not happen
	238	*/
	239	function try_cookie()
	240	{
	241	global $globals;
	242	if (Cookie::get('ORGaccess') == '' or !Cookie::has('ORGuid')) {
	243	return -1;
	244	}
	245
	246	$res = @$globals->xdb->query(
	247	"SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')",
	248	Cookie::getInt('ORGuid')
	249	);
	250	if ($res->numRows() != 0) {
	251	list($uid, $password) = $res->fetchOneRow();
46bde4d1	252	require_once('secure_hash.inc.php');
46bde4d1	253	$expected_value = hash_encrypt($password);
0337d704	254	if ($expected_value == Cookie::get('ORGaccess')) {
	255	start_connexion($uid, false);
	256	return 0;
	257	} else {
	258	return 1;
	259	}
	260	}
	261
	262	return -2;
	263	}
	264
	265	// }}}
	266	// {{{ function start_connexion()
	267
	268	/** place les variables de session d�pendants de auth_user_md5
	269	* et met � jour les dates de derni�re connexion si n�cessaire
	270	* @return void
	271	* @see controlpermanent.inc.php controlauthentication.inc.php
	272	*/
	273	function start_connexion ($uid, $identified)
	274	{
	275	global $globals;
	276	$res = $globals->xdb->query("
	277	SELECT u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
	278	UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
	279	q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
	280	FROM auth_user_md5 AS u
	281	INNER JOIN auth_user_quick AS q USING(user_id)
	282	INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
	283	INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
	284	LEFT JOIN logger.sessions AS s ON (s.uid=u.user_id AND s.suid=0)
	285	WHERE u.user_id = {?} AND u.perms IN('admin','user')
	286	ORDER BY s.start DESC
	287	LIMIT 1", $uid);
	288	$sess = $res->fetchOneAssoc();
	289	$suid = Session::getMixed('suid');
	290
	291	if ($suid) {
	292	$logger = new DiogenesCoreLogger($uid, $suid);
	293	$logger->log("suid_start", Session::get('forlife')." by {$suid['uid']}");
	294	$sess['suid'] = $suid;
	295	} else {
	296	$logger = Session::getMixed('log', new DiogenesCoreLogger($uid));
	297	$logger->log("connexion", $_SERVER['PHP_SELF']);
	298	setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
	299	}
	300
	301	$_SESSION = $sess;
	302	$_SESSION['log'] = $logger;
	303	$_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
	304	set_skin();
	305	}
	306
	307	// }}}
	308	// {{{ function set_skin()
	309
	310	function set_skin()
	311	{
	312	global $globals;
	313	if (logged() && $globals->skin->enable) {
	314	$uid = Session::getInt('uid');
	315	$res = $globals->xdb->query("SELECT skin,skin_tpl
	316	FROM auth_user_quick AS a
	317	INNER JOIN skins AS s ON a.skin=s.id
318	WHERE user_id = {?} AND skin_tpl != ''", $uid);
319	if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) {
320	return;
321	}
322	}
323	if ($globals->skin->enable) {
324	$_SESSION['skin'] = $globals->skin->def_tpl;
325	$_SESSION['skin_id'] = $globals->skin->def_id;
326	} else {
327	$_SESSION['skin'] = 'default.tpl';
328	$_SESSION['skin_id'] = -1;
329	}
330	}
331
332	// }}}
333
334	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
335	?>