[diogenes.git] / include / diogenes.session.inc.php

<?php
/*
 * Copyright (C) 2003-2004 Polytechnique.org
 * http://opensource.polytechnique.org/
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */


require_once 'diogenes/diogenes.core.session.inc.php';
require_once 'diogenes/diogenes.core.logger.inc.php';

/** This class describes a Diogenes session.
 */
class DiogenesSession extends DiogenesCoreSession {
  /** full name */
  var $fullname;
  /** is this a native Diogenes account? */
  var $auth = "native";


  /** The constructor.
   */
  function DiogenesSession() {
    $this->DiogenesCoreSession();
    $this->username = "anonymous";
    $this->perms->addFlag('public');
  }


  /** Try to do a Diogenes authentication.
   *
   * @param page the calling page (by reference)
   */
  function doAuth(&$page) {
    global $globals;

    if ($this->perms->hasflag("auth"))
      return;

    /* do we have authentication tokens for auth ? */
    if (isset($_REQUEST['login']) && isset($_REQUEST['response'])) {
      // remember login for a year
      setcookie('DiogenesLogin',$_REQUEST['login'],(time()+25920000));

      // check response
      $res = $globals->db->query( "SELECT user_id,password FROM {$globals->tauth['native']} WHERE username='{$_REQUEST['login']}'");

      if (!list($uid,$password) = mysql_fetch_row($res)) {
        $page->info(__("Authentication error!"));
        $this->doLogin($page);
      }

      if ($_REQUEST['response'] != md5("{$_REQUEST['login']}:$password:{$this->challenge}"))
      {
        // log the login failure
        $logger = new DiogenesCoreLogger($uid);
        $logger->log("auth_fail",$_REQUEST['login']);
        $page->info(__("Authentication error!"));
        $this->doLogin($page);
      }

      // retrieve user info
      $res = $globals->db->query("select user_id,username,firstname,lastname,perms from {$globals->tauth['native']} where username='{$_REQUEST['login']}'");
      list($this->uid,$this->username,$firstname,$lastname,$perms) = mysql_fetch_row($res);
      $this->fullname = $firstname . ($lastname ? " $lastname" : "");

      // create logger
      $logstr = $this->username . (empty($page->alias) ? "" : "@{$page->alias}");
      $_SESSION['log'] = new DiogenesCoreLogger($this->uid);
      $_SESSION['log']->log("auth_ok",$logstr);

      // set user permissions
      $this->perms->addFlag('auth');
      if ($perms == "admin") {
        $this->perms->addflag('root');
      }

    } else {
      $this->doLogin($page);
    }
  }


  /** Try to login for WebDAV (plain-text password).
   *
   *  Return true for success, false for failure.
   */
  function doAuthWebDAV($user,$pass)
  {
    global $globals;

    if ($this->perms->hasflag("auth"))
      return true;

    // check credentials
    $pass = md5($pass);
    $res = $globals->db->query("select user_id,username,perms from {$globals->tauth['native']} where username='$user' and password='$pass'");
    if (!list($uid,$user,$perms) = mysql_fetch_row($res))
      return false;      

    // retrieve user info
    $this->uid = $uid;
    $this->username = $user;

    // create logger
    $_SESSION['log'] = new DiogenesWebDAVLogger($this->uid,$this->auth,$this->username);

    // set user permissions
    $this->perms->addFlag('auth');
    if ($perms == "admin") {
      $this->perms->addflag('root');
    }

    return true;
  }


  /** Display login screen.
   */
  function doLogin(&$page) {
    $page->assign('greeting',__("Diogenes login"));
    $page->assign('msg_connexion', __("Connexion"));
    $page->assign('msg_password',__("password"));
    $page->assign('msg_submit',__("Submit"));
    $page->assign('msg_username', __("username"));

    if (isset($_COOKIE['DiogenesLogin']))
      $page->assign('username', $_COOKIE['DiogenesLogin']);
    $page->assign('post',htmlentities($page->script_uri()));
    $page->assign('challenge',$this->challenge);
    $page->assign('md5',$page->url("md5.js"));
    $page->display('login.tpl');
    exit;
  }


  /** Read a user's permissions for a given barrel.
   *
   * @param alias the name of the barrel
   */
  function setBarrelPerms($alias) {
    global $globals;

    // if the user is logged in, refresh his/her permissions
    if ($this->perms->hasflag('auth')) {
      if ($this->perms->hasflag('root')) {
        $this->perms->addflag('user');
        $this->perms->addflag('admin');
      } else {
        $this->perms->rmflag('user');
        $this->perms->rmflag('admin');
      }

      // read site specific permissions
      $res = $globals->db->query("select perms from diogenes_perm where alias='{$alias}'".
                         " and auth='{$this->auth}' and uid='{$this->uid}'");
      if (mysql_num_rows($res)>0) {
        $this->perms->addflag('user');
        list($tmp) = mysql_fetch_row($res);
        $this->perms->addflag($tmp);
      }
      mysql_free_result($res);
    }
  }

}

?>
Commit	Line	Data
	1	<?php
	2	/*
	3	* Copyright (C) 2003-2004 Polytechnique.org
	4	* http://opensource.polytechnique.org/
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* along with this program; if not, write to the Free Software
	18	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	19	*/
	20
	21
	22	require_once 'diogenes/diogenes.core.session.inc.php';
	23	require_once 'diogenes/diogenes.core.logger.inc.php';
	24
	25	/** This class describes a Diogenes session.
	26	*/
	27	class DiogenesSession extends DiogenesCoreSession {
	28	/** full name */
	29	var $fullname;
	30	/** is this a native Diogenes account? */
	31	var $auth = "native";
	32
	33
	34	/** The constructor.
	35	*/
	36	function DiogenesSession() {
	37	$this->DiogenesCoreSession();
	38	$this->username = "anonymous";
	39	$this->perms->addFlag('public');
	40	}
	41
	42
	43	/** Try to do a Diogenes authentication.
	44	*
	45	* @param page the calling page (by reference)
	46	*/
	47	function doAuth(&$page) {
	48	global $globals;
	49
	50	if ($this->perms->hasflag("auth"))
	51	return;
	52
	53	/* do we have authentication tokens for auth ? */
	54	if (isset($_REQUEST['login']) && isset($_REQUEST['response'])) {
	55	// remember login for a year
	56	setcookie('DiogenesLogin',$_REQUEST['login'],(time()+25920000));
	57
	58	// check response
	59	$res = $globals->db->query( "SELECT user_id,password FROM {$globals->tauth['native']} WHERE username='{$_REQUEST['login']}'");
	60
	61	if (!list($uid,$password) = mysql_fetch_row($res)) {
	62	$page->info(__("Authentication error!"));
	63	$this->doLogin($page);
	64	}
	65
	66	if ($_REQUEST['response'] != md5("{$_REQUEST['login']}:$password:{$this->challenge}"))
	67	{
	68	// log the login failure
	69	$logger = new DiogenesCoreLogger($uid);
	70	$logger->log("auth_fail",$_REQUEST['login']);
	71	$page->info(__("Authentication error!"));
	72	$this->doLogin($page);
	73	}
	74
	75	// retrieve user info
	76	$res = $globals->db->query("select user_id,username,firstname,lastname,perms from {$globals->tauth['native']} where username='{$_REQUEST['login']}'");
	77	list($this->uid,$this->username,$firstname,$lastname,$perms) = mysql_fetch_row($res);
	78	$this->fullname = $firstname . ($lastname ? " $lastname" : "");
	79
	80	// create logger
	81	$logstr = $this->username . (empty($page->alias) ? "" : "@{$page->alias}");
	82	$_SESSION['log'] = new DiogenesCoreLogger($this->uid);
	83	$_SESSION['log']->log("auth_ok",$logstr);
	84
	85	// set user permissions
	86	$this->perms->addFlag('auth');
	87	if ($perms == "admin") {
	88	$this->perms->addflag('root');
	89	}
	90
	91	} else {
	92	$this->doLogin($page);
	93	}
	94	}
	95
	96
	97	/** Try to login for WebDAV (plain-text password).
	98	*
	99	* Return true for success, false for failure.
	100	*/
	101	function doAuthWebDAV($user,$pass)
	102	{
	103	global $globals;
	104
	105	if ($this->perms->hasflag("auth"))
	106	return true;
	107
	108	// check credentials
	109	$pass = md5($pass);
	110	$res = $globals->db->query("select user_id,username,perms from {$globals->tauth['native']} where username='$user' and password='$pass'");
	111	if (!list($uid,$user,$perms) = mysql_fetch_row($res))
	112	return false;
	113
	114	// retrieve user info
	115	$this->uid = $uid;
	116	$this->username = $user;
	117
	118	// create logger
	119	$_SESSION['log'] = new DiogenesWebDAVLogger($this->uid,$this->auth,$this->username);
	120
	121	// set user permissions
	122	$this->perms->addFlag('auth');
	123	if ($perms == "admin") {
	124	$this->perms->addflag('root');
	125	}
	126
	127	return true;
	128	}
	129
	130
	131	/** Display login screen.
	132	*/
	133	function doLogin(&$page) {
	134	$page->assign('greeting',__("Diogenes login"));
	135	$page->assign('msg_connexion', __("Connexion"));
	136	$page->assign('msg_password',__("password"));
	137	$page->assign('msg_submit',__("Submit"));
	138	$page->assign('msg_username', __("username"));
	139
	140	if (isset($_COOKIE['DiogenesLogin']))
	141	$page->assign('username', $_COOKIE['DiogenesLogin']);
	142	$page->assign('post',htmlentities($page->script_uri()));
	143	$page->assign('challenge',$this->challenge);
	144	$page->assign('md5',$page->url("md5.js"));
	145	$page->display('login.tpl');
	146	exit;
	147	}
	148
	149
	150	/** Read a user's permissions for a given barrel.
	151	*
	152	* @param alias the name of the barrel
	153	*/
	154	function setBarrelPerms($alias) {
	155	global $globals;
	156
	157	// if the user is logged in, refresh his/her permissions
	158	if ($this->perms->hasflag('auth')) {
	159	if ($this->perms->hasflag('root')) {
	160	$this->perms->addflag('user');
	161	$this->perms->addflag('admin');
	162	} else {
	163	$this->perms->rmflag('user');
	164	$this->perms->rmflag('admin');
	165	}
	166
	167	// read site specific permissions
	168	$res = $globals->db->query("select perms from diogenes_perm where alias='{$alias}'".
	169	" and auth='{$this->auth}' and uid='{$this->uid}'");
	170	if (mysql_num_rows($res)>0) {
	171	$this->perms->addflag('user');
	172	list($tmp) = mysql_fetch_row($res);
	173	$this->perms->addflag($tmp);
	174	}
	175	mysql_free_result($res);
	176	}
	177	}
	178
	179	}
	180
	181	?>