projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge commit 'origin/master' into hruid
[platal.git] / classes / xnetsession.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2008 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class XnetSession extends PlSession
23 {
24 public function __construct()
25 {
26 parent::__construct();
27 S::bootstrap('perms_backup', new PlFlagSet());
28 }
29
30 public function startAvailableAuth()
31 {
32 if (!(S::v('perms') instanceof PlFlagSet)) {
33 S::set('perms', S::v('perms_backup'));
34 }
35
36 if (!S::logged() && Get::has('auth')) {
37 if (!$this->start(AUTH_MDP)) {
38 return false;
39 }
40 }
41
42 global $globals;
43 if (!S::logged()) {
44 // prevent connection to be linked to disconnection
45 if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
46 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
47 else
48 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
49 $url = "https://www.polytechnique.org/auth-groupex";
50 $url .= "?session=" . session_id();
51 $url .= "&challenge=" . S::v('challenge');
52 $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
53 $url .= "&url=".urlencode($returl);
54 S::set('loginX', $url);
55 }
56
57 if (S::logged() && $globals->asso()) {
58 $perms = S::v('perms');
59 $perms->rmFlag('groupadmin');
60 $perms->rmFlag('groupmember');
61 $perms->rmFlag('groupannu');
62 if (may_update()) {
63 $perms->addFlag('groupadmin');
64 $perms->addFlag('groupmember');
65 $perms->addFlag('groupannu');
66 }
67 if (is_member()) {
68 $perms->addFlag('groupmember');
69 if ($globals->asso('pub') != 'private') {
70 $perms->addFlag('groupannu');
71 }
72 }
73 if ($globals->asso('cat') == 'Promotions') {
74 $perms->addFlag('groupannu');
75 }
76 S::set('perms', $perms);
77 S::set('perms_backup', $perms);
78 }
79 return true;
80 }
81
82 protected function doAuth($level)
83 {
84 if (S::identified()) { // ok, c'est bon, on n'a rien à faire
85 return S::i('uid');
86 }
87 if (!Get::has('auth')) {
88 return null;
89 }
90 global $globals;
91 if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
92 return null;
93 }
94 Get::kill('auth');
95 S::set('auth', AUTH_MDP);
96 return Get::i('uid');
97 }
98
99 protected function startSessionAs($user, $level)
100 {
101 global $globals;
102
103 if ($level == -1) {
104 S::set('auth', AUTH_MDP);
105 }
106 $res = XDB::query("SELECT u.user_id AS uid, u.hruid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
107 CONCAT(a.alias, '@{$globals->mail->domain}') AS forlife,
108 CONCAT(a2.alias, '@{$globals->mail->domain}') AS bestalias,
109 q.core_mail_fmt AS mail_fmt, q.core_rss_hash
110 FROM auth_user_md5 AS u
111 INNER JOIN auth_user_quick AS q USING(user_id)
112 INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = 'a_vie')
113 INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags))
114 WHERE u.user_id = {?} AND u.perms IN('admin', 'user')
115 LIMIT 1", $user);
116 $sess = $res->fetchOneAssoc();
117 $perms = $sess['perms'];
118 unset($sess['perms']);
119 $_SESSION = array_merge($_SESSION, $sess);
120 $this->makePerms($perms);
121 S::kill('challenge');
122 S::kill('loginX');
123 S::kill('may_update');
124 S::kill('is_member');
125 Get::kill('uid');
126 Get::kill('PHPSESSID');
127
128 $args = array();
129 foreach($_GET as $key => $val) {
130 $args[] = urlencode($key). '=' .urlencode($val);
131 }
132 return true;
133 }
134
135 public function doSelfSuid()
136 {
137 if (!$this->startSUID(S::i('uid'))) {
138 return false;
139 }
140 $this->makePerms('user');
141 return true;
142 }
143
144 public function stopSUID()
145 {
146 $suid = S::v('suid');
147 if (!parent::stopSUID()) {
148 return false;
149 }
150 S::kill('suid');
151 S::kill('may_update');
152 S::kill('is_member');
153 S::set('perms', $suid['perms']);
154 S::set('perms_backup', $suid['perms_backup']);
155 return true;
156 }
157
158 public function makePerms($perm)
159 {
160 $flags = new PlFlagSet();
161 if ($perm == 'disabled' || $perm == 'ext') {
162 S::set('perms', $flags);
163 S::set('perms_backup', $flags);
164 return;
165 }
166 $flags->addFlag(PERMS_USER);
167 if ($perm == 'admin') {
168 $flags->addFlag(PERMS_ADMIN);
169 }
170 S::set('perms', $flags);
171 S::set('perms_backup', $flags);
172 }
173
174 public function sureLevel()
175 {
176 return AUTH_MDP;
177 }
178 }
179
180 // {{{ function may_update
181
182 /** Return administration rights for the current asso
183 * @param force Force administration rights to be read from database
184 * @param lose Force administration rights to be false
185 */
186 function may_update($force = false, $lose = false)
187 {
188 if (!isset($_SESSION['may_update'])) {
189 $_SESSION['may_update'] = array();
190 }
191 $may_update =& $_SESSION['may_update'];
192
193 global $globals;
194 $asso_id = $globals->asso('id');
195 if (!$asso_id) {
196 return false;
197 } elseif ($lose) {
198 $may_update[$asso_id] = false;
199 } elseif (S::has_perms() || (S::has('suid') && $force)) {
200 $may_update[$asso_id] = true;
201 } elseif (!isset($may_update[$asso_id]) || $force) {
202 $res = XDB::query("SELECT perms
203 FROM groupex.membres
204 WHERE uid={?} AND asso_id={?}",
205 S::v('uid'), $asso_id);
206 $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
207 }
208 return $may_update[$asso_id];
209 }
210
211 // }}}
212 // {{{ function is_member
213
214 /** Get membership informations for the current asso
215 * @param force Force membership to be read from database
216 * @param lose Force membership to be false
217 */
218 function is_member($force = false, $lose = false)
219 {
220 if (!isset($_SESSION['is_member'])) {
221 $_SESSION['is_member'] = array();
222 }
223 $is_member =& $_SESSION['is_member'];
224
225 global $globals;
226 $asso_id = $globals->asso('id');
227 if (!$asso_id) {
228 return false;
229 } elseif ($lose) {
230 $is_member[$asso_id] = false;
231 } elseif (S::has('suid') && $force) {
232 $is_member[$asso_id] = true;
233 } elseif (!isset($is_member[$asso_id]) || $force) {
234 $res = XDB::query("SELECT COUNT(*)
235 FROM groupex.membres
236 WHERE uid={?} AND asso_id={?}",
237 S::v('uid'), $asso_id);
238 $is_member[$asso_id] = ($res->fetchOneCell() == 1);
239 }
240 return $is_member[$asso_id];
241 }
242
243 // }}}
244 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
245 ?>
plat/al