2 /***************************************************************************
3 * Copyright (C) 2003-2008 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
24 public static function init()
27 if (empty($_SESSION['challenge'])) {
28 $_SESSION['challenge'] = sha1(uniqid(rand(), true
));
30 if (empty($_SESSION['xsrf_token'])) {
31 require_once 'xorg.misc.inc.php';
32 $_SESSION['xsrf_token'] = rand_url_id();
34 if (!isset($_SESSION['perms']) ||
!($_SESSION['perms'] instanceof FlagSet
)) {
35 $_SESSION['perms'] = new FlagSet();
39 public static function destroy()
45 public static function has($key)
47 return isset($_SESSION[$key]);
50 public static function kill($key)
52 unset($_SESSION[$key]);
55 public static function v($key, $default = null
)
57 return isset($_SESSION[$key]) ?
$_SESSION[$key] : $default;
60 public static function s($key, $default = '')
62 return (string)Session
::v($key, $default);
65 public static function i($key, $default = 0)
67 $i = Session
::v($key, $default);
68 return is_numeric($i) ?
intval($i) : $default;
71 public static function l(array $keys)
73 return array_map(array('Session', 'v'), $keys);
76 public static function has_perms()
78 return Session
::logged() && Session
::v('perms')->hasFlag(PERMS_ADMIN
);
81 public static function logged()
83 return Session
::v('auth', AUTH_PUBLIC
) >= AUTH_COOKIE
;
86 public static function identified()
88 return Session
::v('auth', AUTH_PUBLIC
) >= AUTH_MDP
;
91 // Anti-XSRF protections.
92 public static function has_xsrf_token()
94 return Session
::has('xsrf_token') && Session
::v('xsrf_token') == Env
::v('token');
97 public static function assert_xsrf_token()
99 if (!Session
::has_xsrf_token()) {
101 if ($page instanceof PlatalPage
) {
102 $page->kill("L'opération n'a pas pu aboutir, merci de réessayer.");
108 // {{{ function check_perms()
110 /** verifie si un utilisateur a les droits pour voir une page
111 ** si ce n'est pas le cas, on affiche une erreur
114 function check_perms()
117 if (!S
::has_perms()) {
118 if ($_SESSION['log']) {
119 $_SESSION['log']->log("noperms",$_SERVER['PHP_SELF']);
121 $page->kill("Tu n'as pas les permissions nécessaires pour accéder à cette page.");
127 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: