[platal.git] / modules / auth / auth.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2013 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function gpex_prepare_param($name, $val, &$to_hash,  $charset)
{
    $val = iconv('UTF-8', $charset, $val);
    $to_hash .= $val;
    return '&' . $name . '=' . urlencode($val);
}

function gpex_make($chlg, $privkey, $datafields, $charset)
{
    $tohash   = "1$chlg$privkey";
    $params   = "";
    $fieldarr = explode(',', $datafields);

    $user =& S::user();
    if ($user->hasProfile()) {
        /* Transition table for authentification. */
        $personnal_data = $user->profile()->data();
        $personnal_data['full_promo'] = $personnal_data['promo'];
        $personnal_data['promo'] = $personnal_data['entry_year'];
        $personnal_data['matricule'] = $personnal_data['xorg_id'];
        $personnal_data['matricule_ax'] = $personnal_data['ax_id'];
        $personnal_data['promo_sortie'] = $personnal_data['grad_year'];
        $personnal_data['nationalite'] = $personnal_data['nationality1'];
        $personnal_data['naissance'] = $personnal_data['birthdate'];
        $personnal_data['deces'] = $personnal_data['deathdate'];
        $personnal_data['nom'] = $personnal_data['lastname'];
        $personnal_data['prenom'] = $personnal_data['firstname'];
        $personnal_data['flags'] = $user->profile()->isFemale() ? 'femme' : '';
    } else {
        // Missing fields: promo, entry_year, grad_year, ax_id, xorg_id, forlife
        $personnal_data = array(
            'lastname' => $user->lastname,
            'firstname' => $user->firstname,
            'sex' => $user->gender
        );
    }

    foreach ($fieldarr as $val) {
        // Determine the requested value, and add it to the answer.
        if ($val == 'perms') {
            $params .= gpex_prepare_param($val, S::admin() ? 'admin' : 'user', $tohash, $charset);
        } else if ($val == 'forlife') {
            $params .= gpex_prepare_param($val, S::v('hruid'), $tohash, $charset);
        } else if (S::has($val)) {
            $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
        } else if (isset($personnal_data[$val])) {
            $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
        } else if ($val == 'username') {
            $min_username = XDB::fetchOneCell('SELECT  email
                                                 FROM  email_source_account
                                                WHERE  uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
                                              S::i('uid'));
            $params .= gpex_prepare_param($val, (is_null($min_username) ? '' : $min_username), $tohash, $charset);
        } else if ($val == 'grpauth') {
            if (isset($_GET['group'])) {
                $res = XDB::query("SELECT  perms
                                     FROM  group_members
                               INNER JOIN  groups ON(id = asso_id)
                                    WHERE  uid = {?} AND diminutif = {?}",
                                  S::v('uid'), $_GET['group']);
                $perms = $res->fetchOneCell();
            } else {
                // if no group asked, return main rights
                $perms = S::admin() ? 'admin' : 'membre';
            }
            $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
        } else {
            $params .= gpex_prepare_param($val, '', $tohash, $charset);
        }
    }
    $tohash .= "1";
    $auth = md5($tohash);
    return array($auth, "&auth=" . $auth . $params);
}

/* cree les parametres de l'URL de retour avec les champs demandes */
function gpex_make_params($chlg, $privkey, $datafields, $charset)
{
    list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset);
    return $param;
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
ba6ae046	3	* Copyright (C) 2003-2013 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
670b0ac0	22	function gpex_prepare_param($name, $val, &$to_hash, $charset)
	23	{
	24	$val = iconv('UTF-8', $charset, $val);
	25	$to_hash .= $val;
15dec88f	26	return '&' . $name . '=' . urlencode($val);
670b0ac0	27	}
	28
	29	function gpex_make($chlg, $privkey, $datafields, $charset)
9881e0b2	30	{
0337d704	31	$tohash = "1$chlg$privkey";
9881e0b2	32	$params = "";
670b0ac0	33	$fieldarr = explode(',', $datafields);
0337d704	34
94b72319 FB	35	$user =& S::user();
94b72319 FB	36	if ($user->hasProfile()) {
7a12b2ca	37	/* Transition table for authentification. */
94b72319	38	$personnal_data = $user->profile()->data();
0aa0d3a8 PC	39	$personnal_data['full_promo'] = $personnal_data['promo'];
0aa0d3a8 PC	40	$personnal_data['promo'] = $personnal_data['entry_year'];
94b72319 FB	41	$personnal_data['matricule'] = $personnal_data['xorg_id'];
94b72319 FB	42	$personnal_data['matricule_ax'] = $personnal_data['ax_id'];
0aa0d3a8	43	$personnal_data['promo_sortie'] = $personnal_data['grad_year'];
94b72319 FB	44	$personnal_data['nationalite'] = $personnal_data['nationality1'];
	45	$personnal_data['naissance'] = $personnal_data['birthdate'];
	46	$personnal_data['deces'] = $personnal_data['deathdate'];
c8fe767d PC	47	$personnal_data['nom'] = $personnal_data['lastname'];
c8fe767d PC	48	$personnal_data['prenom'] = $personnal_data['firstname'];
94b72319 FB	49	$personnal_data['flags'] = $user->profile()->isFemale() ? 'femme' : '';
94b72319 FB	50	} else {
03d7c5da SJ	51	// Missing fields: promo, entry_year, grad_year, ax_id, xorg_id, forlife
	52	$personnal_data = array(
	53	'lastname' => $user->lastname,
	54	'firstname' => $user->firstname,
	55	'sex' => $user->gender
	56	);
94b72319	57	}
5d292fd8	58
5d292fd8	59	foreach ($fieldarr as $val) {
6e181f3e	60	// Determine the requested value, and add it to the answer.
b3454c7f	61	if ($val == 'perms') {
dd70cd28	62	$params .= gpex_prepare_param($val, S::admin() ? 'admin' : 'user', $tohash, $charset);
6e181f3e VZ	63	} else if ($val == 'forlife') {
6e181f3e VZ	64	$params .= gpex_prepare_param($val, S::v('hruid'), $tohash, $charset);
b3454c7f	65	} else if (S::has($val)) {
670b0ac0	66	$params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
9f3acd20	67	} else if (isset($personnal_data[$val])) {
670b0ac0	68	$params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
0337d704	69	} else if ($val == 'username') {
83a423c2 FB	70	$min_username = XDB::fetchOneCell('SELECT email
83a423c2 FB	71	FROM email_source_account
5cfb3dd1	72	WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
83a423c2	73	S::i('uid'));
efeff715	74	$params .= gpex_prepare_param($val, (is_null($min_username) ? '' : $min_username), $tohash, $charset);
b49f3f40	75	} else if ($val == 'grpauth') {
670b0ac0	76	if (isset($_GET['group'])) {
670b0ac0	77	$res = XDB::query("SELECT perms
eb41eda9 FB	78	FROM group_members
eb41eda9 FB	79	INNER JOIN groups ON(id = asso_id)
670b0ac0	80	WHERE uid = {?} AND diminutif = {?}",
	81	S::v('uid'), $_GET['group']);
	82	$perms = $res->fetchOneCell();
	83	} else {
	84	// if no group asked, return main rights
dd70cd28	85	$perms = S::admin() ? 'admin' : 'membre';
670b0ac0	86	}
670b0ac0	87	$params .= gpex_prepare_param($val, $perms, $tohash, $charset);
94b72319 FB	88	} else {
94b72319 FB	89	$params .= gpex_prepare_param($val, '', $tohash, $charset);
5d292fd8	90	}
0337d704	91	}
0337d704	92	$tohash .= "1";
9881e0b2	93	$auth = md5($tohash);
670b0ac0	94	return array($auth, "&auth=" . $auth . $params);
0337d704	95	}
	96
	97	/* cree les parametres de l'URL de retour avec les champs demandes */
670b0ac0	98	function gpex_make_params($chlg, $privkey, $datafields, $charset)
	99	{
	100	list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset);
	101	return $param;
0337d704	102	}
0337d704	103
a7de4ef7	104	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
0337d704	105	?>