Commit | Line | Data |
---|---|---|
b1b3c24c DB |
1 | <?php |
2 | ||
3 | $AuthFunction = 'XorgAuth'; | |
4 | $HandleActions['attr'] = 'XorgAuthHandleAttr'; | |
5 | $HandleActions['postattr'] = 'XorgAuthHandlePostAttr'; | |
6 | $HandleActions['connect'] = 'XorgAuthConnectPlatal'; | |
7 | ||
8 | if (isset($_POST['action']) && isset($_GET['action'])) { | |
9 | $action = $_REQUEST['action'] = $_GET['action'] = $_POST['action']; | |
10 | } | |
11 | ||
12 | Markup('grpattributes','inline','/\\(:groupattributes:\\)/e',"Keep(XorgAuthGroupAttributes())"); | |
13 | ||
14 | require_once("$FarmD/cookbook/autocreate.php"); | |
15 | AutoCreatePage('$Group.GroupAttributes', '(:groupattributes:)'); | |
16 | ||
17 | $HTMLHeaderFmt['xorg'] = '<script type="text/javascript" src="http://www.polytechnique.org/javascript/xorg.js"></script>'; | |
18 | $HTMLHeaderFmt['xorgcustomauth'] = '<script type="text/javascript"> | |
19 | function AddCustomAuth(f){ | |
20 | if (f.value == \'...\') | |
21 | { | |
22 | var newval =prompt(\'Sépare les différents autorisations par des espaces\\n\\tx,membre ou admin\\n\\tprenom.nom.promo d\\\'une personne\\n\\tle numéro d\\\'une promo\\nPar exemple pour autoriser les membres et Pascal Corpet :\\n\\tmembre pascal.corpet.2001\'); | |
23 | f.value = newval; | |
24 | if (f.value != newval && newval) | |
25 | { | |
26 | var op = document.createElement(\'option\'); | |
27 | op.appendChild(document.createTextNode(newval)); | |
28 | f.insertBefore(op,f.childNodes[f.childNodes.length-1]); | |
29 | f.value = newval; | |
30 | } | |
31 | } | |
32 | } | |
33 | </script>'; | |
34 | ||
35 | Markup('[[~|','<[[~','/\\[\\[~(.*?)\|(.*?)\\]\\]/e',"Keep('<a href=\"http://www.polytechnique.org/profile/$1\" class=\"popup2\">$2</a>')"); | |
36 | ||
37 | Markup('xorgpage','inline','/\\(:xorgpage\\s*(.*?):\\)/e', "Keep('<iframe style=\"width:100%;height:400px;border:none\" src=\"http://dev.m4x.org/~x2001corpet/$1\"></iframe>')"); | |
38 | Markup('xnetpage','inline','/\\(:xnetpage\\s*(.*?):\\)/e', "XnetPage('$1')"); | |
39 | function XnetPage($page) { | |
40 | global $XnetWikiGroup; | |
41 | if (!$XnetWikiGroup) return; | |
42 | return Keep('<iframe style="width:100%;height:400px;border:none" src="http://dev.polytechnique.net/~x2001corpet/'.($_SESSION['xorgauth']?'login/':'').$XnetWikiGroup.'/'.$page.'"></iframe>'); | |
43 | } | |
44 | ||
45 | // Récupère les droits au niveau du dossier (Group PmWiki) | |
46 | function XorgAuthGetGroupAuth($pagename,$since) { | |
47 | global $GroupPasswords; | |
48 | if (!isset($GroupPasswords)) { | |
49 | $GroupPasswords = array(); | |
50 | } | |
51 | $group = substr($pagename, 0, strpos($pagename, '.')); | |
52 | if (!isset($GroupPasswords[$group])) { | |
53 | $GroupPasswords[$group] = ReadPage($group.'.GroupAttributes', $since); | |
54 | } | |
55 | return $GroupPasswords[$group]; | |
56 | } | |
57 | ||
58 | // essaie de se connecter via xorg | |
59 | function XorgAuthConnectPlatal() { | |
60 | $privkey = '6e9c9fa9bac23541fe67697c4eff5be6'; | |
61 | global $XnetWikiGroup; | |
62 | $returl = 'http://'.$_SERVER['SERVER_NAME'].str_replace('action=connect', '', $_SERVER['REQUEST_URI']); | |
63 | if (isset($_REQUEST['oldaction'])) { | |
64 | $returl .= '&action='.$_REQUEST['oldaction']; | |
65 | } | |
66 | @session_destroy(); | |
67 | session_start(); | |
68 | $challenge = md5(rand()); | |
69 | $_SESSION['challenge'] = $challenge; | |
70 | $_SESSION['authsite'] = $XnetWikiGroup; | |
71 | $url = "https://www.polytechnique.org/auth-groupex.php"; | |
72 | $url .= "?session=".session_id(); | |
73 | $url .= "&challenge=".$challenge; | |
74 | $url .= "&pass=".md5($challenge.$privkey); | |
75 | $returl .= "&challenge=".$challenge; | |
76 | $url .= "&url=".urlencode($returl); | |
77 | if ($XnetWikiGroup) { | |
78 | $url .= "&group=".$XnetWikiGroup; | |
79 | } | |
80 | header('Location: '.$url); | |
81 | exit(); | |
82 | } | |
83 | ||
84 | ||
85 | // comes back from auth | |
86 | @session_start(); | |
87 | if (isset($_GET['auth']) && !$_SESSION['xorgauth'] && $_SESSION['challenge']) { | |
88 | $tohash = '1'.$_SESSION['challenge'].'6e9c9fa9bac23541fe67697c4eff5be6'; | |
89 | $fields = explode(',','forlife,nom,prenom,promo,grpauth'); | |
90 | foreach ($fields as $f) if (isset($_GET[$f])) { | |
91 | $tohash .= $_GET[$f]; | |
92 | } | |
93 | $tohash .= '1'; | |
94 | if ($_GET['auth'] == md5($tohash)) { | |
95 | $_SESSION['xorgauth'] = 1; | |
96 | foreach ($fields as $f) if (isset($_GET[$f])) { | |
97 | $_SESSION[$f] = $_GET[$f]; | |
98 | } | |
99 | } else { | |
100 | $_SESSION['xorgauth'] = 0; | |
101 | } | |
102 | } | |
103 | if (isset($_SESSION['forlife']) && $_SESSION['forlife']) { | |
104 | $AuthId = $_SESSION['forlife']; | |
105 | $Author = $_SESSION['forlife'].' | '.$_SESSION['prenom'].' '.$_SESSION['nom']; | |
106 | } | |
107 | $Conditions['connected'] = 'isset($_SESSION["xorgauth"])'; | |
108 | ||
109 | function XorgAuthTestPassword($password) { | |
110 | if (!$password) { | |
111 | return true; | |
112 | } | |
113 | $parts = explode(' ',$password); | |
114 | foreach ($parts as $pass) { | |
115 | if ($pass == 'all' || $pass == 'public') { | |
116 | return true; | |
117 | } | |
118 | if ($pass == 'x' && $_SESSION['xorgauth']) { | |
119 | return true; | |
120 | } | |
121 | if ($_SESSION['grpauth'] && $pass == $_SESSION['grpauth']) { | |
122 | return true; | |
123 | } | |
124 | if ($_SESSION['forlife'] && $pass == $_SESSION['forlife']) { | |
125 | return true; | |
126 | } | |
127 | if ($_SESSION['promo'] && $pass == $_SESSION['promo']) { | |
128 | return true; | |
129 | } | |
130 | } | |
131 | return false; | |
132 | } | |
133 | ||
134 | function XorgAuthIsSiteAdmin() { | |
135 | global $DefaultPasswords; | |
136 | return XorgAuthTestPassword($DefaultPasswords['admin']); | |
137 | } | |
138 | ||
139 | // fonction d'authentification : appellée avant tout accès à une page | |
140 | function XorgAuth($pagename, $level, $authprompt, $since) { | |
141 | global $XnetWikiGroup; | |
142 | if (isset($_SESSION['authsite']) && $XnetWikiGroup != $_SESSION['authsite']) { | |
143 | XorgAuthConnectPlatal(); | |
144 | return false; | |
145 | } | |
146 | $group = substr($pagename, 0, strpos($pagename, '.')); | |
147 | $page = ReadPage($pagename, $since); | |
148 | if (!$page) { return false; } | |
149 | if (XorgAuthIsSiteAdmin()) { return $page; } | |
150 | global $AuthCascade, $DefaultPasswords, $GroupPasswords; | |
151 | $password = ""; | |
152 | do | |
153 | { | |
154 | if (isset($page["passwd".$level])) { | |
155 | $password = $page["passwd".$level]; | |
156 | } | |
157 | if (!$password) { | |
158 | $gpAuth = XorgAuthGetGroupAuth($pagename,$since); | |
159 | if (isset($gpAuth["passwd".$level])) { | |
160 | $password = $gpAuth["passwd".$level]; | |
161 | } | |
162 | } | |
163 | if (!$password) { | |
164 | if (isset($DefaultPasswords[$level])) { | |
165 | $password = $DefaultPasswords[$level]; | |
166 | } | |
167 | } | |
168 | } while (!$password && isset($AuthCascade[$level]) && $level = $AuthCascade[$level]); | |
169 | if (XorgAuthTestPassword($password)) { | |
170 | return $page; | |
171 | } | |
172 | if (!$authprompt) { | |
173 | return false; | |
174 | } | |
175 | global $AuthPromptFmt, $PageStartFmt, $PageEndFmt; | |
176 | $postvars = ''; | |
177 | foreach($_POST as $k=>$v) { | |
178 | if ($k == 'authpw' || $k == 'authid') continue; | |
179 | $v = str_replace('$', '$', | |
180 | htmlspecialchars(stripmagic($v), ENT_COMPAT)); | |
181 | $postvars .= "<input type='hidden' name='$k' value=\"$v\" />\n"; | |
182 | } | |
183 | $FmtV['action'] = $_REQUEST['action']; | |
184 | SDV($AuthPromptFmt, array(&$PageStartFmt, "page:Site.AuthForm", &$PageEndFmt)); | |
185 | PrintFmt($pagename,$AuthPromptFmt); | |
186 | exit; | |
187 | } | |
188 | $XorgAuthLevels = array('read' => 'lecture','edit' => 'modification','attr' => 'administration'); | |
189 | ||
190 | function XorgAuthUsers() { | |
191 | global $XnetWikiGroup; | |
192 | if ($XnetWikiGroup) { | |
193 | return array('public' => 'tout le monde','x' => 'les X', 'membre' => 'membres du groupe', 'admin' => 'admins du groupe'); | |
194 | } else { | |
195 | return array('public' => 'tout le monde','x' => 'les X', 'admin' => 'admins X.org'); | |
196 | } | |
197 | } | |
198 | ||
199 | function XorgAuthPermissions($pagename) { | |
200 | global $XnetWikiGroup,$DefaultPasswords,$XorgAuthLevels; | |
201 | $XorgAuthUsers = XorgAuthUsers(); | |
202 | $group = substr($pagename, 0, strpos($pagename, '.')); | |
203 | if ($pagename != $group.'.GroupAttributes') | |
204 | $groupAttr = XorgAuthGetGroupAuth($pagename, 0); | |
205 | $page = ReadPage($pagename, 0); | |
206 | $attrshtml = ''; | |
207 | foreach ($XorgAuthLevels as $level => $action) { | |
208 | $html = $action.' : <select name="passwd'.$level.'" onchange="AddCustomAuth(this)">'; | |
209 | if (isset($groupAttr['passwd'.$level]) && $groupAttr['passwd'.$level]) { | |
210 | $text = 'comme le dossier ('.$XorgAuthUsers[$groupAttr['passwd'.$level]].')'; | |
211 | } else { | |
212 | $text = 'comme le site ('.$XorgAuthUsers[$DefaultPasswords[$level]].')'; | |
213 | } | |
214 | $htmloptions = '<option value="">'.$text.'</option>'; | |
215 | foreach ($XorgAuthUsers as $passwd => $user) { | |
216 | $htmloptions .= '<option value="'.$passwd.'">'.$user.'</option>'; | |
217 | } | |
218 | $htmloptionsselected = str_replace(' value="'.$page['passwd'.$level].'"', ' value="'.$page['passwd'.$level].'" selected="selected"', $htmloptions); | |
219 | $html .= $htmloptionsselected; | |
220 | if ($htmloptionsselected == $htmloptions) { | |
221 | $html .= '<option value="'.$page['passwd'.$level].'" selected="selected">'.$page['passwd'.$level].'</option>'; | |
222 | } | |
223 | $html .= '<option value="...">...</option>'; | |
224 | $html .= '</select> '; | |
225 | if ($attrshtml) { | |
226 | $attrshtml .= ' - '; | |
227 | } | |
228 | ||
229 | $attrshtml .= $html; | |
230 | } | |
231 | return '<form action="?action=postattr" method="post">'.$attrshtml.'<input type="submit" value="ok"/></form>'; | |
232 | } | |
233 | ||
234 | function XorgAuthHandleAttr($pagename, $auth = 'attr') { | |
235 | $page = RetrieveAuthPage($pagename, $auth, true); | |
236 | global $PageAttrFmt, $PageStartFmt, $PageEndFmt; | |
237 | SDV($PageAttrFmt,"<div class='wikiattr'> | |
238 | <h2 class='wikiaction'>$[{\$FullName} Attributes]</h2> | |
239 | <p>".XorgAuthPermissions($pagename)."</p></div>"); | |
240 | SDV($HandleAttrFmt,array(&$PageStartFmt,&$PageAttrFmt,&$PageEndFmt)); | |
241 | PrintFmt($pagename,$HandleAttrFmt); | |
242 | } | |
243 | ||
244 | function XorgAuthHandlePostAttr($pagename, $auth = 'attr') { | |
245 | global $XorgAuthLevels, $HandleActions; | |
246 | Lock(2); | |
247 | $page = RetrieveAuthPage($pagename, $auth, true); | |
248 | if (!$page) { Abort("?unable to read $pagename"); } | |
249 | foreach($XorgAuthLevels as $attr=>$p) { | |
250 | $v = stripmagic(@$_REQUEST['passwd'.$attr]); | |
251 | if ($v=='') unset($page['passwd'.$attr]); | |
252 | else if ($v != '...') $page['passwd'.$attr] = $v; | |
253 | } | |
254 | WritePage($pagename,$page); | |
255 | Lock(0); | |
256 | Redirect($pagename); | |
257 | } | |
258 | ||
259 | function XorgAuthGroupAttributes() { | |
260 | global $XnetWikiGroup,$DefaultPasswords,$XorgAuthLevels; | |
261 | $XorgAuthUsers = XorgAuthUsers(); | |
262 | global $pagename, $WikiDir; | |
263 | if (substr($pagename, strpos($pagename, '.') + 1) != 'GroupAttributes') { | |
264 | return ""; | |
265 | } | |
266 | if (!XorgAuth($pagename, 'attr', true,0)) { | |
267 | return ""; | |
268 | } | |
269 | if (isset($_REQUEST['page']) && isset($_REQUEST['user']) && isset($_REQUEST['attr'])) { | |
270 | Lock(2); | |
271 | $page = RetrieveAuthPage(stripmagic(@$_REQUEST['page']), 'attr', true); | |
272 | if ($page && isset($XorgAuthLevels[stripmagic(@$_REQUEST['attr'])]) && (isset($XorgAuthUsers[stripmagic(@$_REQUEST['user'])]) || !$_REQUEST['user'])) { | |
273 | $page['passwd'.stripmagic(@$_REQUEST['attr'])] = stripmagic(@$_REQUEST['user']); | |
274 | if ($_REQUEST['user'] == "") { | |
275 | unset($page['passwd'.stripmagic(@$_REQUEST['attr'])]); | |
276 | } | |
277 | WritePage(stripmagic(@$_REQUEST['page']),$page); | |
278 | } | |
279 | Lock(0); | |
280 | } | |
281 | $html = '<table>'; | |
282 | $html .= '<tr><td></td>'; | |
283 | foreach ($XorgAuthLevels as $level => $action) { | |
284 | $html .= '<th>'.$action.'</th>'; | |
285 | } | |
286 | $html .= '</tr>'; | |
287 | $group = substr($pagename, 0, strpos($pagename, '.')); | |
288 | $pages = $WikiDir->ls($group.'.*'); | |
289 | $groupAttr = XorgAuthGetGroupAuth($pagename, 0); | |
290 | foreach($pages as $p) if ($p != $pagename) { | |
291 | $html .= '<tr>'; | |
292 | $page = ReadPage($p, 0); | |
293 | $html .= '<th>'.substr($p,strpos($p,'.')+1).'</th>'; | |
294 | foreach ($XorgAuthLevels as $level => $action) { | |
295 | $html .= '<td><select name="passwd'.$level.'" onchange="AddCustomAuth(this);document.location=\'?page='.$p.'&attr='.$level.'&user=\'+this.value">'; | |
296 | if (isset($groupAttr['passwd'.$level]) && $groupAttr['passwd'.$level]) { | |
297 | $textedossier = $groupAttr['passwd'.$level]; | |
298 | if (isset($XorgAuthUsers[$textedossier])) { | |
299 | $textedossier = $XorgAuthUsers[$textedossier]; | |
300 | } | |
301 | $text = 'comme le dossier ('.$textedossier.')'; | |
302 | } else { | |
303 | $text = 'comme le site ('.$XorgAuthUsers[$DefaultPasswords[$level]].')'; | |
304 | } | |
305 | $htmloptions = '<option value="">'.$text.'</option>'; | |
306 | foreach ($XorgAuthUsers as $passwd => $user) { | |
307 | $htmloptions .= '<option value="'.$passwd.'">'.$user.'</option>'; | |
308 | } | |
309 | $htmloptionsselected = str_replace(' value="'.$page['passwd'.$level].'"', ' value="'.$page['passwd'.$level].'" selected="selected"', $htmloptions); | |
310 | $html .= $htmloptionsselected; | |
311 | if ($htmloptionsselected == $htmloptions) { | |
312 | $html .= '<option value="'.$page['passwd'.$level].'" selected="selected">'.$page['passwd'.$level].'</option>'; | |
313 | } | |
314 | $html .= '<option value="...">...</option></select></td>'; | |
315 | } | |
316 | $html .= '</tr>'; | |
317 | } | |
318 | $html .= '</table>'; | |
319 | return '<h2>Edition des droits du dossier</h2>'.XorgAuthPermissions($pagename).'<h2>Edition des droits des pages du dossier</h2>'.$html; | |
320 | } | |
321 | ?> |