2 /***************************************************************************
3 * Copyright (C) 2003-2011 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
22 class XnetSession
extends XorgSession
24 public function __construct()
26 parent
::__construct();
29 public function startAvailableAuth()
31 if (!S
::logged() && Get
::has('auth')) {
32 if (!$this->start(AUTH_MDP
)) {
37 if (!S
::logged() && Post
::has('auth_type') && Post
::v('auth_type') == 'xnet' && !Post
::has('wait')) {
38 $email = Post
::v('username');
39 $type = XDB
::fetchOneCell('SELECT type
43 if ((!is_null($type) && $type != 'xnet') ||
!User
::isForeignEmailAddress($email)) {
44 Platal
::page()->trigErrorRedirect('Ce formulaire d\'authentification est réservé aux extérieurs à la communauté polytechnicienne.', '');
47 $user = parent
::doAuth(AUTH_MDP
);
51 if (!parent
::checkAuth(AUTH_MDP
) ||
!parent
::startSessionAs($user, AUTH_MDP
)) {
58 if (!S
::logged() && $globals->xnet
->auth_baseurl
) {
59 // prevent connection to be linked to disconnection
60 if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false
)
61 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
63 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
64 $url = $globals->xnet
->auth_baseurl
;
65 $url .= "?session=" . session_id();
66 $url .= "&challenge=" . S
::v('challenge');
67 $url .= "&pass=" . md5(S
::v('challenge') . $globals->xnet
->secret
);
68 $url .= "&url=".urlencode($returl);
69 S
::set('loginX', $url);
72 if (S
::logged() && $globals->asso()) {
73 $perms = S
::v('perms');
74 $perms->rmFlag('groupadmin');
75 $perms->rmFlag('groupmember');
76 $perms->rmFlag('groupannu');
78 $perms->addFlag('groupadmin');
79 $perms->addFlag('groupmember');
80 $perms->addFlag('groupannu');
83 $perms->addFlag('groupmember');
84 if ($globals->asso('pub') != 'private') {
85 $perms->addFlag('groupannu');
87 } else if ($globals->asso('pub') == 'public') {
88 $perms->addFlag('groupannu');
90 if ($globals->asso('cat') == 'Promotions') {
91 $perms->addFlag('groupannu');
93 S
::set('perms', $perms);
98 protected function doAuth($level)
100 if (S
::identified()) { // ok, c'est bon, on n'a rien à faire
101 return User
::getSilentWithValues(null
, array('uid' => S
::i('uid')));
103 if (!Get
::has('auth')) {
107 if (md5('1' . S
::v('challenge') . $globals->xnet
->secret
. Get
::i('uid') . '1') != Get
::v('auth')) {
111 S
::set('auth', AUTH_MDP
);
112 return User
::getSilentWithValues(null
, array('uid' => Get
::i('uid')));
115 protected function startSessionAs($user, $level)
117 // The user must have 'groups' permission to access X.net
118 if (!$user->checkPerms('groups')) {
121 if ($level == AUTH_SUID
) {
122 S
::set('auth', AUTH_MDP
);
125 S
::set('uid', $user->uid
);
126 S
::set('hruid', $user->hruid
);
128 // XXX: Transition code, should not be in session anymore
129 S
::set('display_name', $user->display_name
);
130 S
::set('full_name', $user->full_name
);
131 S
::set('femme', $user->isFemale());
132 S
::set('email_format', $user->email_format
);
133 S
::set('token', $user->token
);
134 S
::set('perms', $user->perms
);
135 S
::set('is_admin', $user->is_admin
);
138 $this->makePerms($user->perms
, $user->is_admin
);
139 S
::kill('challenge');
141 S
::kill('may_update');
142 S
::kill('is_member');
144 Get
::kill('PHPSESSID');
147 foreach($_GET as $key => $val) {
148 $args[] = urlencode($key). '=' .urlencode($val);
153 public function doSelfSuid()
156 if (!$this->startSUID($user)) {
159 S
::set('perms', User
::makePerms(PERMS_USER
));
163 public function stopSUID()
165 $perms = S
::suid('perms');
166 if (!parent
::stopSUID()) {
169 S
::kill('may_update');
170 S
::kill('is_member');
171 S
::set('perms', $perms);
176 // {{{ function may_update
178 /** Return administration rights for the current asso
179 * @param force Force administration rights to be read from database
180 * @param lose Force administration rights to be false
182 function may_update($force = false
, $lose = false
)
184 if (!isset($_SESSION['may_update'])) {
185 $_SESSION['may_update'] = array();
187 $may_update =& $_SESSION['may_update'];
190 $asso_id = $globals->asso('id');
194 $may_update[$asso_id] = false
;
195 } elseif (S
::admin() ||
(S
::suid() && $force)) {
196 $may_update[$asso_id] = true
;
197 } elseif (!isset($may_update[$asso_id]) ||
$force) {
198 $res = XDB
::query("SELECT perms
200 WHERE uid={?} AND asso_id={?}",
201 S
::v('uid'), $asso_id);
202 $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
204 return $may_update[$asso_id];
208 // {{{ function is_member
210 /** Get membership informations for the current asso
211 * @param force Force membership to be read from database
212 * @param lose Force membership to be false
214 function is_member($force = false
, $lose = false
)
216 if (!isset($_SESSION['is_member'])) {
217 $_SESSION['is_member'] = array();
219 $is_member =& $_SESSION['is_member'];
222 $asso_id = $globals->asso('id');
226 $is_member[$asso_id] = false
;
227 } elseif (S
::suid() && $force) {
228 $is_member[$asso_id] = true
;
229 } elseif (!isset($is_member[$asso_id]) ||
$force) {
230 $res = XDB
::query("SELECT COUNT(*)
232 WHERE uid={?} AND asso_id={?}",
233 S
::v('uid'), $asso_id);
234 $is_member[$asso_id] = ($res->fetchOneCell() == 1);
236 return $is_member[$asso_id];
240 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: