[platal.git] / modules / auth / auth.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2008 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function gpex_prepare_param($name, $val, &$to_hash,  $charset)
{
    $val = iconv('UTF-8', $charset, $val);
    $to_hash .= $val;
    return '&' . $name . '=' . urlencode($val);
}

function gpex_make($chlg, $privkey, $datafields, $charset)
{
    $tohash   = "1$chlg$privkey";
    $params   = "";
    $fieldarr = explode(',', $datafields);

    $res = XDB::query("SELECT  matricule, matricule_ax, promo,
                               promo_sortie, flags, deces, nom,
                               prenom, nationalite, section,
                               naissance
                         FROM  auth_user_md5 WHERE user_id = {?}",
                       S::v('uid'));
    $personnal_data = $res->fetchOneAssoc();

    foreach ($fieldarr as $val) {
        /* on verifie qu'on n'a pas demandÃ© une variable inexistante ! */
        if ($val == 'perms') {
            $params .= gpex_prepare_param($val, S::has_perms() ? 'admin' : 'user', $tohash, $charset);
        } else if (S::has($val)) {
            $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
        } else if (isset($personnal_data[$val])) {
            $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
        } else if ($val == 'username') {
            $res = XDB::query("SELECT  alias FROM aliases
                                WHERE  id = {?} AND FIND_IN_SET('bestalias', flags)",
                              S::v('uid'));
            $min_username = $res->fetchOneCell();
            $params      .= gpex_prepare_param($val, $min_username, $tohash, $charset);
        } else if ($val == 'grpauth') {
            if (isset($_GET['group'])) {
                $res = XDB::query("SELECT  perms
                                     FROM  groupex.membres
                               INNER JOIN  groupex.asso ON(id = asso_id)
                                    WHERE  uid = {?} AND diminutif = {?}",
                                  S::v('uid'), $_GET['group']);
                $perms = $res->fetchOneCell();
            } else {
                // if no group asked, return main rights
                $perms = Session::has_perms()?'admin':'membre';
            }
            $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
        }
    }
    $tohash .= "1";
    $auth = md5($tohash);
    return array($auth, "&auth=" . $auth . $params);
}

/* cree les parametres de l'URL de retour avec les champs demandes */
function gpex_make_params($chlg, $privkey, $datafields, $charset)
{
    list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset);
    return $param;
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
179afa7f	3	* Copyright (C) 2003-2008 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
670b0ac0	22	function gpex_prepare_param($name, $val, &$to_hash, $charset)
	23	{
	24	$val = iconv('UTF-8', $charset, $val);
	25	$to_hash .= $val;
15dec88f	26	return '&' . $name . '=' . urlencode($val);
670b0ac0	27	}
	28
	29	function gpex_make($chlg, $privkey, $datafields, $charset)
9881e0b2	30	{
0337d704	31	$tohash = "1$chlg$privkey";
9881e0b2	32	$params = "";
670b0ac0	33	$fieldarr = explode(',', $datafields);
0337d704	34
670b0ac0	35	$res = XDB::query("SELECT matricule, matricule_ax, promo,
	36	promo_sortie, flags, deces, nom,
	37	prenom, nationalite, section,
	38	naissance
	39	FROM auth_user_md5 WHERE user_id = {?}",
	40	S::v('uid'));
9f3acd20	41	$personnal_data = $res->fetchOneAssoc();
5d292fd8	42
5d292fd8	43	foreach ($fieldarr as $val) {
a7de4ef7	44	/* on verifie qu'on n'a pas demandÃ© une variable inexistante ! */
b3454c7f FB	45	if ($val == 'perms') {
	46	$params .= gpex_prepare_param($val, S::has_perms() ? 'admin' : 'user', $tohash, $charset);
	47	} else if (S::has($val)) {
670b0ac0	48	$params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
9f3acd20	49	} else if (isset($personnal_data[$val])) {
670b0ac0	50	$params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
0337d704	51	} else if ($val == 'username') {
670b0ac0	52	$res = XDB::query("SELECT alias FROM aliases
	53	WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
	54	S::v('uid'));
0337d704	55	$min_username = $res->fetchOneCell();
670b0ac0	56	$params .= gpex_prepare_param($val, $min_username, $tohash, $charset);
b49f3f40	57	} else if ($val == 'grpauth') {
670b0ac0	58	if (isset($_GET['group'])) {
	59	$res = XDB::query("SELECT perms
	60	FROM groupex.membres
eaf30d86	61	INNER JOIN groupex.asso ON(id = asso_id)
670b0ac0	62	WHERE uid = {?} AND diminutif = {?}",
	63	S::v('uid'), $_GET['group']);
	64	$perms = $res->fetchOneCell();
	65	} else {
	66	// if no group asked, return main rights
	67	$perms = Session::has_perms()?'admin':'membre';
	68	}
	69	$params .= gpex_prepare_param($val, $perms, $tohash, $charset);
5d292fd8	70	}
0337d704	71	}
0337d704	72	$tohash .= "1";
9881e0b2	73	$auth = md5($tohash);
670b0ac0	74	return array($auth, "&auth=" . $auth . $params);
0337d704	75	}
	76
	77	/* cree les parametres de l'URL de retour avec les champs demandes */
670b0ac0	78	function gpex_make_params($chlg, $privkey, $datafields, $charset)
	79	{
	80	list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset);
	81	return $param;
0337d704	82	}
0337d704	83
a7de4ef7	84	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
0337d704	85	?>