[platal.git] / classes / session.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2008 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class Session
{
    public static function init()
    {
        @session_start();
        if (empty($_SESSION['challenge'])) {
            $_SESSION['challenge'] = sha1(uniqid(rand(), true));
        }
        if (empty($_SESSION['xsrf_token'])) {
            $_SESSION['xsrf_token'] = rand_url_id();
        }
        if (!isset($_SESSION['perms']) || !($_SESSION['perms'] instanceof FlagSet)) {
            $_SESSION['perms'] = new FlagSet();
        }
    }

    public static function destroy()
    {
        @session_destroy();
        unset($_SESSION);
    }

    public static function has($key)
    {
        return isset($_SESSION[$key]);
    }

    public static function kill($key)
    {
        unset($_SESSION[$key]);
    }

    public static function v($key, $default = null)
    {
        return isset($_SESSION[$key]) ? $_SESSION[$key] : $default;
    }

    public static function s($key, $default = '')
    {
        return (string)Session::v($key, $default);
    }

    public static function i($key, $default = 0)
    {
        $i = Session::v($key, $default);
        return is_numeric($i) ? intval($i) : $default;
    }

    public static function l(array $keys)
    {
        return array_map(array('Session', 'v'), $keys);
    }

    public static function has_perms()
    {
        return Session::logged() && Session::v('perms')->hasFlag(PERMS_ADMIN);
    }

    public static function has_xsrf_token()
    {
        return Session::has('xsrf_token') && Session::v('xsrf_token') == Env::v('token');
    }

    public static function logged()
    {
        return Session::v('auth', AUTH_PUBLIC) >= AUTH_COOKIE;
    }

    public static function identified()
    {
        return Session::v('auth', AUTH_PUBLIC) >= AUTH_MDP;
    }
}

// {{{ function check_perms()

/** verifie si un utilisateur a les droits pour voir une page
 ** si ce n'est pas le cas, on affiche une erreur
 * @return void
 */
function check_perms()
{
    global $page;
    if (!S::has_perms()) {
        if ($_SESSION['log']) {
            $_SESSION['log']->log("noperms",$_SERVER['PHP_SELF']);
        }
	$page->kill("Tu n'as pas les permissions nécessaires pour accéder à cette page.");
    }
}

// }}}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2008 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class Session
	23	{
	24	public static function init()
	25	{
	26	@session_start();
	27	if (empty($_SESSION['challenge'])) {
	28	$_SESSION['challenge'] = sha1(uniqid(rand(), true));
	29	}
	30	if (empty($_SESSION['xsrf_token'])) {
	31	$_SESSION['xsrf_token'] = rand_url_id();
	32	}
	33	if (!isset($_SESSION['perms']) \|\| !($_SESSION['perms'] instanceof FlagSet)) {
	34	$_SESSION['perms'] = new FlagSet();
	35	}
	36	}
	37
	38	public static function destroy()
	39	{
	40	@session_destroy();
	41	unset($_SESSION);
	42	}
	43
	44	public static function has($key)
	45	{
	46	return isset($_SESSION[$key]);
	47	}
	48
	49	public static function kill($key)
	50	{
	51	unset($_SESSION[$key]);
	52	}
	53
	54	public static function v($key, $default = null)
	55	{
	56	return isset($_SESSION[$key]) ? $_SESSION[$key] : $default;
	57	}
	58
	59	public static function s($key, $default = '')
	60	{
	61	return (string)Session::v($key, $default);
	62	}
	63
	64	public static function i($key, $default = 0)
	65	{
	66	$i = Session::v($key, $default);
	67	return is_numeric($i) ? intval($i) : $default;
	68	}
	69
	70	public static function l(array $keys)
	71	{
	72	return array_map(array('Session', 'v'), $keys);
	73	}
	74
	75	public static function has_perms()
	76	{
	77	return Session::logged() && Session::v('perms')->hasFlag(PERMS_ADMIN);
	78	}
	79
	80	public static function has_xsrf_token()
	81	{
	82	return Session::has('xsrf_token') && Session::v('xsrf_token') == Env::v('token');
	83	}
	84
	85	public static function logged()
	86	{
	87	return Session::v('auth', AUTH_PUBLIC) >= AUTH_COOKIE;
	88	}
	89
	90	public static function identified()
	91	{
	92	return Session::v('auth', AUTH_PUBLIC) >= AUTH_MDP;
	93	}
	94	}
	95
	96	// {{{ function check_perms()
	97
	98	/** verifie si un utilisateur a les droits pour voir une page
	99	** si ce n'est pas le cas, on affiche une erreur
	100	* @return void
	101	*/
	102	function check_perms()
	103	{
	104	global $page;
	105	if (!S::has_perms()) {
	106	if ($_SESSION['log']) {
	107	$_SESSION['log']->log("noperms",$_SERVER['PHP_SELF']);
	108	}
	109	$page->kill("Tu n'as pas les permissions nécessaires pour accéder à cette page.");
	110	}
	111	}
	112
	113	// }}}
	114
	115	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
	116	?>