| 1 | <?php |
| 2 | |
| 3 | $AuthFunction = 'XorgAuth'; |
| 4 | $HandleActions['attr'] = 'XorgAuthHandleAttr'; |
| 5 | $HandleActions['postattr'] = 'XorgAuthHandlePostAttr'; |
| 6 | $HandleActions['connect'] = 'XorgAuthConnectPlatal'; |
| 7 | |
| 8 | if (isset($_POST['action']) && isset($_GET['action'])) { |
| 9 | $action = $_REQUEST['action'] = $_GET['action'] = $_POST['action']; |
| 10 | } |
| 11 | |
| 12 | Markup('grpattributes','inline','/\\(:groupattributes:\\)/e',"Keep(XorgAuthGroupAttributes())"); |
| 13 | |
| 14 | require_once("$FarmD/cookbook/autocreate.php"); |
| 15 | AutoCreatePage('$Group.GroupAttributes', '(:groupattributes:)'); |
| 16 | |
| 17 | $HTMLHeaderFmt['xorg'] = '<script type="text/javascript" src="http://www.polytechnique.org/javascript/xorg.js"></script>'; |
| 18 | $HTMLHeaderFmt['xorgcustomauth'] = '<script type="text/javascript"> |
| 19 | function AddCustomAuth(f){ |
| 20 | if (f.value == \'...\') |
| 21 | { |
| 22 | var newval =prompt(\'Sépare les différents autorisations par des espaces\\n\\tx,membre ou admin\\n\\tprenom.nom.promo d\\\'une personne\\n\\tle numéro d\\\'une promo\\nPar exemple pour autoriser les membres et Pascal Corpet :\\n\\tmembre pascal.corpet.2001\'); |
| 23 | f.value = newval; |
| 24 | if (f.value != newval && newval) |
| 25 | { |
| 26 | var op = document.createElement(\'option\'); |
| 27 | op.appendChild(document.createTextNode(newval)); |
| 28 | f.insertBefore(op,f.childNodes[f.childNodes.length-1]); |
| 29 | f.value = newval; |
| 30 | } |
| 31 | } |
| 32 | } |
| 33 | </script>'; |
| 34 | |
| 35 | Markup('[[~|','<[[~','/\\[\\[~(.*?)\|(.*?)\\]\\]/e',"Keep('<a href=\"http://www.polytechnique.org/profile/$1\" class=\"popup2\">$2</a>')"); |
| 36 | |
| 37 | Markup('xorgpage','inline','/\\(:xorgpage\\s*(.*?):\\)/e', "Keep('<iframe style=\"width:100%;height:400px;border:none\" src=\"http://dev.m4x.org/~x2001corpet/$1\"></iframe>')"); |
| 38 | Markup('xnetpage','inline','/\\(:xnetpage\\s*(.*?):\\)/e', "XnetPage('$1')"); |
| 39 | function XnetPage($page) { |
| 40 | global $XnetWikiGroup; |
| 41 | if (!$XnetWikiGroup) return; |
| 42 | return Keep('<iframe style="width:100%;height:400px;border:none" src="http://www.polytechnique.net/'.($_SESSION['xorgauth']?'login/':'').$XnetWikiGroup.'/'.$page.'"></iframe>'); |
| 43 | } |
| 44 | |
| 45 | // Récupère les droits au niveau du dossier (Group PmWiki) |
| 46 | function XorgAuthGetGroupAuth($pagename,$since) { |
| 47 | global $GroupPasswords; |
| 48 | if (!isset($GroupPasswords)) { |
| 49 | $GroupPasswords = array(); |
| 50 | } |
| 51 | $group = substr($pagename, 0, strpos($pagename, '.')); |
| 52 | if (!isset($GroupPasswords[$group])) { |
| 53 | $GroupPasswords[$group] = ReadPage($group.'.GroupAttributes', $since); |
| 54 | } |
| 55 | return $GroupPasswords[$group]; |
| 56 | } |
| 57 | |
| 58 | // essaie de se connecter via xorg |
| 59 | function XorgAuthConnectPlatal() { |
| 60 | $privkey = '6e9c9fa9bac23541fe67697c4eff5be6'; |
| 61 | global $XnetWikiGroup; |
| 62 | $returl = 'http://'.$_SERVER['SERVER_NAME'].str_replace('action=connect', '', $_SERVER['REQUEST_URI']); |
| 63 | if (isset($_REQUEST['oldaction'])) { |
| 64 | $returl .= '&action='.$_REQUEST['oldaction']; |
| 65 | } |
| 66 | @session_destroy(); |
| 67 | session_start(); |
| 68 | $challenge = md5(rand()); |
| 69 | $_SESSION['challenge'] = $challenge; |
| 70 | $_SESSION['authsite'] = $XnetWikiGroup; |
| 71 | $url = "https://www.polytechnique.org/auth-groupex.php"; |
| 72 | $url .= "?session=".session_id(); |
| 73 | $url .= "&challenge=".$challenge; |
| 74 | $url .= "&pass=".md5($challenge.$privkey); |
| 75 | $returl .= "&challenge=".$challenge; |
| 76 | $url .= "&url=".urlencode($returl); |
| 77 | if ($XnetWikiGroup) { |
| 78 | $url .= "&group=".$XnetWikiGroup; |
| 79 | } |
| 80 | header('Location: '.$url); |
| 81 | exit(); |
| 82 | } |
| 83 | |
| 84 | |
| 85 | // comes back from auth |
| 86 | @session_start(); |
| 87 | if (isset($_GET['auth']) && !$_SESSION['xorgauth'] && $_SESSION['challenge']) { |
| 88 | $tohash = '1'.$_SESSION['challenge'].'6e9c9fa9bac23541fe67697c4eff5be6'; |
| 89 | $fields = explode(',','forlife,nom,prenom,promo,grpauth,perms'); |
| 90 | foreach ($fields as $f) if (isset($_GET[$f])) { |
| 91 | $tohash .= $_GET[$f]; |
| 92 | } |
| 93 | $tohash .= '1'; |
| 94 | if ($_GET['auth'] == md5($tohash)) { |
| 95 | $_SESSION['xorgauth'] = 1; |
| 96 | foreach ($fields as $f) if (isset($_GET[$f])) { |
| 97 | $_SESSION[$f] = $_GET[$f]; |
| 98 | } |
| 99 | } else { |
| 100 | $_SESSION['xorgauth'] = 0; |
| 101 | } |
| 102 | } |
| 103 | if (isset($_SESSION['forlife']) && $_SESSION['forlife']) { |
| 104 | $AuthId = $_SESSION['forlife']; |
| 105 | $Author = $_SESSION['forlife'].' | '.$_SESSION['prenom'].' '.$_SESSION['nom']; |
| 106 | } |
| 107 | $Conditions['connected'] = 'isset($_SESSION["xorgauth"])'; |
| 108 | |
| 109 | function XorgAuthTestPassword($password) { |
| 110 | if (!$password) { |
| 111 | return true; |
| 112 | } |
| 113 | if ($_SESSION['perms'] == 'admin') { |
| 114 | // administrateur du site d'authentification et donc super user ici aussi |
| 115 | return true; |
| 116 | } |
| 117 | $parts = explode(' ',$password); |
| 118 | foreach ($parts as $pass) { |
| 119 | if ($pass == 'all' || $pass == 'public') { |
| 120 | return true; |
| 121 | } |
| 122 | if ($pass == 'x' && $_SESSION['xorgauth']) { |
| 123 | return true; |
| 124 | } |
| 125 | if ($_SESSION['grpauth'] && $pass == $_SESSION['grpauth']) { |
| 126 | return true; |
| 127 | } |
| 128 | if ($_SESSION['forlife'] && $pass == $_SESSION['forlife']) { |
| 129 | return true; |
| 130 | } |
| 131 | if ($_SESSION['promo'] && $pass == $_SESSION['promo']) { |
| 132 | return true; |
| 133 | } |
| 134 | } |
| 135 | return false; |
| 136 | } |
| 137 | |
| 138 | // test if user has admin rights on this wiki field |
| 139 | function XorgAuthIsSiteAdmin() { |
| 140 | global $DefaultPasswords; |
| 141 | return XorgAuthTestPassword($DefaultPasswords['admin']); |
| 142 | } |
| 143 | |
| 144 | // fonction d'authentification : appellée avant tout accès à une page |
| 145 | function XorgAuth($pagename, $level, $authprompt, $since) { |
| 146 | global $XnetWikiGroup; |
| 147 | // user was authenticaed to another site, but the site has changed |
| 148 | if (isset($_SESSION['authsite']) && $XnetWikiGroup != $_SESSION['authsite']) { |
| 149 | XorgAuthConnectPlatal(); |
| 150 | return false; |
| 151 | } |
| 152 | $group = substr($pagename, 0, strpos($pagename, '.')); |
| 153 | $page = ReadPage($pagename, $since); |
| 154 | if (!$page) { return false; } |
| 155 | if (XorgAuthIsSiteAdmin()) { return $page; } |
| 156 | global $AuthCascade, $DefaultPasswords, $GroupPasswords; |
| 157 | $password = ""; |
| 158 | do |
| 159 | { |
| 160 | if (isset($page["passwd".$level])) { |
| 161 | $password = $page["passwd".$level]; |
| 162 | } |
| 163 | if (!$password) { |
| 164 | $gpAuth = XorgAuthGetGroupAuth($pagename,$since); |
| 165 | if (isset($gpAuth["passwd".$level])) { |
| 166 | $password = $gpAuth["passwd".$level]; |
| 167 | } |
| 168 | } |
| 169 | if (!$password) { |
| 170 | if (isset($DefaultPasswords[$level])) { |
| 171 | $password = $DefaultPasswords[$level]; |
| 172 | } |
| 173 | } |
| 174 | } while (!$password && isset($AuthCascade[$level]) && $level = $AuthCascade[$level]); |
| 175 | if (XorgAuthTestPassword($password)) { |
| 176 | return $page; |
| 177 | } |
| 178 | if (!$authprompt) { |
| 179 | return false; |
| 180 | } |
| 181 | global $AuthPromptFmt, $PageStartFmt, $PageEndFmt; |
| 182 | $postvars = ''; |
| 183 | foreach($_POST as $k=>$v) { |
| 184 | if ($k == 'authpw' || $k == 'authid') continue; |
| 185 | $v = str_replace('$', '$', |
| 186 | htmlspecialchars(stripmagic($v), ENT_COMPAT)); |
| 187 | $postvars .= "<input type='hidden' name='$k' value=\"$v\" />\n"; |
| 188 | } |
| 189 | $FmtV['action'] = $_REQUEST['action']; |
| 190 | SDV($AuthPromptFmt, array(&$PageStartFmt, "page:Site.AuthForm", &$PageEndFmt)); |
| 191 | PrintFmt($pagename,$AuthPromptFmt); |
| 192 | exit; |
| 193 | } |
| 194 | $XorgAuthLevels = array('read' => 'lecture','edit' => 'modification','attr' => 'administration'); |
| 195 | |
| 196 | function XorgAuthUsers() { |
| 197 | global $XnetWikiGroup; |
| 198 | if ($XnetWikiGroup) { |
| 199 | return array('public' => 'tout le monde','x' => 'les X', 'membre' => 'membres du groupe', 'admin' => 'admins du groupe'); |
| 200 | } else { |
| 201 | return array('public' => 'tout le monde','x' => 'les X', 'admin' => 'admins X.org'); |
| 202 | } |
| 203 | } |
| 204 | |
| 205 | function XorgAuthPermissions($pagename) { |
| 206 | global $XnetWikiGroup,$DefaultPasswords,$XorgAuthLevels; |
| 207 | $XorgAuthUsers = XorgAuthUsers(); |
| 208 | $group = substr($pagename, 0, strpos($pagename, '.')); |
| 209 | if ($pagename != $group.'.GroupAttributes') |
| 210 | $groupAttr = XorgAuthGetGroupAuth($pagename, 0); |
| 211 | $page = ReadPage($pagename, 0); |
| 212 | $attrshtml = ''; |
| 213 | foreach ($XorgAuthLevels as $level => $action) { |
| 214 | $html = $action.' : <select name="passwd'.$level.'" onchange="AddCustomAuth(this)">'; |
| 215 | if (isset($groupAttr['passwd'.$level]) && $groupAttr['passwd'.$level]) { |
| 216 | $text = 'comme le dossier ('.$XorgAuthUsers[$groupAttr['passwd'.$level]].')'; |
| 217 | } else { |
| 218 | $text = 'comme le site ('.$XorgAuthUsers[$DefaultPasswords[$level]].')'; |
| 219 | } |
| 220 | $htmloptions = '<option value="">'.$text.'</option>'; |
| 221 | foreach ($XorgAuthUsers as $passwd => $user) { |
| 222 | $htmloptions .= '<option value="'.$passwd.'">'.$user.'</option>'; |
| 223 | } |
| 224 | $htmloptionsselected = str_replace(' value="'.$page['passwd'.$level].'"', ' value="'.$page['passwd'.$level].'" selected="selected"', $htmloptions); |
| 225 | $html .= $htmloptionsselected; |
| 226 | if ($htmloptionsselected == $htmloptions) { |
| 227 | $html .= '<option value="'.$page['passwd'.$level].'" selected="selected">'.$page['passwd'.$level].'</option>'; |
| 228 | } |
| 229 | $html .= '<option value="...">...</option>'; |
| 230 | $html .= '</select> '; |
| 231 | if ($attrshtml) { |
| 232 | $attrshtml .= ' - '; |
| 233 | } |
| 234 | |
| 235 | $attrshtml .= $html; |
| 236 | } |
| 237 | return '<form action="?action=postattr" method="post">'.$attrshtml.'<input type="submit" value="ok"/></form>'; |
| 238 | } |
| 239 | |
| 240 | function XorgAuthHandleAttr($pagename, $auth = 'attr') { |
| 241 | $page = RetrieveAuthPage($pagename, $auth, true); |
| 242 | global $PageAttrFmt, $PageStartFmt, $PageEndFmt; |
| 243 | SDV($PageAttrFmt,"<div class='wikiattr'> |
| 244 | <h2 class='wikiaction'>$[{\$FullName} Attributes]</h2> |
| 245 | <p>".XorgAuthPermissions($pagename)."</p></div>"); |
| 246 | SDV($HandleAttrFmt,array(&$PageStartFmt,&$PageAttrFmt,&$PageEndFmt)); |
| 247 | PrintFmt($pagename,$HandleAttrFmt); |
| 248 | } |
| 249 | |
| 250 | function XorgAuthHandlePostAttr($pagename, $auth = 'attr') { |
| 251 | global $XorgAuthLevels, $HandleActions; |
| 252 | Lock(2); |
| 253 | $page = RetrieveAuthPage($pagename, $auth, true); |
| 254 | if (!$page) { Abort("?unable to read $pagename"); } |
| 255 | foreach($XorgAuthLevels as $attr=>$p) { |
| 256 | $v = stripmagic(@$_REQUEST['passwd'.$attr]); |
| 257 | if ($v=='') unset($page['passwd'.$attr]); |
| 258 | else if ($v != '...') $page['passwd'.$attr] = $v; |
| 259 | } |
| 260 | WritePage($pagename,$page); |
| 261 | Lock(0); |
| 262 | Redirect($pagename); |
| 263 | } |
| 264 | |
| 265 | function XorgAuthGroupAttributes() { |
| 266 | global $XnetWikiGroup,$DefaultPasswords,$XorgAuthLevels; |
| 267 | $XorgAuthUsers = XorgAuthUsers(); |
| 268 | global $pagename, $WikiDir; |
| 269 | if (substr($pagename, strpos($pagename, '.') + 1) != 'GroupAttributes') { |
| 270 | return ""; |
| 271 | } |
| 272 | if (!XorgAuth($pagename, 'attr', true,0)) { |
| 273 | return ""; |
| 274 | } |
| 275 | if (isset($_REQUEST['page']) && isset($_REQUEST['user']) && isset($_REQUEST['attr'])) { |
| 276 | Lock(2); |
| 277 | $page = RetrieveAuthPage(stripmagic(@$_REQUEST['page']), 'attr', true); |
| 278 | if ($page && isset($XorgAuthLevels[stripmagic(@$_REQUEST['attr'])]) && (isset($XorgAuthUsers[stripmagic(@$_REQUEST['user'])]) || !$_REQUEST['user'])) { |
| 279 | $page['passwd'.stripmagic(@$_REQUEST['attr'])] = stripmagic(@$_REQUEST['user']); |
| 280 | if ($_REQUEST['user'] == "") { |
| 281 | unset($page['passwd'.stripmagic(@$_REQUEST['attr'])]); |
| 282 | } |
| 283 | WritePage(stripmagic(@$_REQUEST['page']),$page); |
| 284 | } |
| 285 | Lock(0); |
| 286 | } |
| 287 | $html = '<table>'; |
| 288 | $html .= '<tr><td></td>'; |
| 289 | foreach ($XorgAuthLevels as $level => $action) { |
| 290 | $html .= '<th>'.$action.'</th>'; |
| 291 | } |
| 292 | $html .= '</tr>'; |
| 293 | $group = substr($pagename, 0, strpos($pagename, '.')); |
| 294 | $pages = $WikiDir->ls($group.'.*'); |
| 295 | $groupAttr = XorgAuthGetGroupAuth($pagename, 0); |
| 296 | foreach($pages as $p) if ($p != $pagename) { |
| 297 | $html .= '<tr>'; |
| 298 | $page = ReadPage($p, 0); |
| 299 | $html .= '<th>'.substr($p,strpos($p,'.')+1).'</th>'; |
| 300 | foreach ($XorgAuthLevels as $level => $action) { |
| 301 | $html .= '<td><select name="passwd'.$level.'" onchange="AddCustomAuth(this);document.location=\'?page='.$p.'&attr='.$level.'&user=\'+this.value">'; |
| 302 | if (isset($groupAttr['passwd'.$level]) && $groupAttr['passwd'.$level]) { |
| 303 | $textedossier = $groupAttr['passwd'.$level]; |
| 304 | if (isset($XorgAuthUsers[$textedossier])) { |
| 305 | $textedossier = $XorgAuthUsers[$textedossier]; |
| 306 | } |
| 307 | $text = 'comme le dossier ('.$textedossier.')'; |
| 308 | } else { |
| 309 | $text = 'comme le site ('.$XorgAuthUsers[$DefaultPasswords[$level]].')'; |
| 310 | } |
| 311 | $htmloptions = '<option value="">'.$text.'</option>'; |
| 312 | foreach ($XorgAuthUsers as $passwd => $user) { |
| 313 | $htmloptions .= '<option value="'.$passwd.'">'.$user.'</option>'; |
| 314 | } |
| 315 | $htmloptionsselected = str_replace(' value="'.$page['passwd'.$level].'"', ' value="'.$page['passwd'.$level].'" selected="selected"', $htmloptions); |
| 316 | $html .= $htmloptionsselected; |
| 317 | if ($htmloptionsselected == $htmloptions) { |
| 318 | $html .= '<option value="'.$page['passwd'.$level].'" selected="selected">'.$page['passwd'.$level].'</option>'; |
| 319 | } |
| 320 | $html .= '<option value="...">...</option></select></td>'; |
| 321 | } |
| 322 | $html .= '</tr>'; |
| 323 | } |
| 324 | $html .= '</table>'; |
| 325 | return '<h2>Edition des droits du dossier</h2>'.XorgAuthPermissions($pagename).'<h2>Edition des droits des pages du dossier</h2>'.$html; |
| 326 | } |
| 327 | ?> |