projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
{site}.inc.php is the base for all jobs.
[platal.git] / classes / session.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2008 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class Session
23 {
24 public static function init()
25 {
26 @session_start();
27 if (empty($_SESSION['challenge'])) {
28 $_SESSION['challenge'] = sha1(uniqid(rand(), true));
29 }
30 if (empty($_SESSION['xsrf_token'])) {
31 require_once 'xorg.misc.inc.php';
32 $_SESSION['xsrf_token'] = rand_url_id();
33 }
34 if (!isset($_SESSION['perms']) || !($_SESSION['perms'] instanceof PlFlagSet)) {
35 $_SESSION['perms'] = new PlFlagSet();
36 }
37 }
38
39 public static function destroy()
40 {
41 @session_destroy();
42 unset($_SESSION);
43 }
44
45 public static function has($key)
46 {
47 return isset($_SESSION[$key]);
48 }
49
50 public static function kill($key)
51 {
52 unset($_SESSION[$key]);
53 }
54
55 public static function v($key, $default = null)
56 {
57 return isset($_SESSION[$key]) ? $_SESSION[$key] : $default;
58 }
59
60 public static function s($key, $default = '')
61 {
62 return (string)Session::v($key, $default);
63 }
64
65 public static function i($key, $default = 0)
66 {
67 $i = Session::v($key, $default);
68 return is_numeric($i) ? intval($i) : $default;
69 }
70
71 public static function l(array $keys)
72 {
73 return array_map(array('Session', 'v'), $keys);
74 }
75
76 public static function has_perms()
77 {
78 return Session::logged() && Session::v('perms')->hasFlag(PERMS_ADMIN);
79 }
80
81 public static function logged()
82 {
83 return Session::v('auth', AUTH_PUBLIC) >= AUTH_COOKIE;
84 }
85
86 public static function identified()
87 {
88 return Session::v('auth', AUTH_PUBLIC) >= AUTH_MDP;
89 }
90
91 // Anti-XSRF protections.
92 public static function has_xsrf_token()
93 {
94 return Session::has('xsrf_token') && Session::v('xsrf_token') == Env::v('token');
95 }
96
97 public static function assert_xsrf_token()
98 {
99 if (!Session::has_xsrf_token()) {
100 global $page;
101 if ($page instanceof PlPage) {
102 $page->kill("L'opération n'a pas pu aboutir, merci de réessayer.");
103 }
104 }
105 }
106
107 public static function rssActivated()
108 {
109 return Session::has('core_rss_hash') && Session::v('core_rss_hash');
110 }
111 }
112
113 // {{{ function check_perms()
114
115 /** verifie si un utilisateur a les droits pour voir une page
116 ** si ce n'est pas le cas, on affiche une erreur
117 * @return void
118 */
119 function check_perms()
120 {
121 global $page;
122 if (!S::has_perms()) {
123 if ($_SESSION['log']) {
124 $_SESSION['log']->log("noperms",$_SERVER['PHP_SELF']);
125 }
126 $page->kill("Tu n'as pas les permissions nécessaires pour accéder à cette page.");
127 }
128 }
129
130 // }}}
131
132 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
133 ?>
plat/al