htdocs/auth-groupex.php

   1 <?php
   2 /***************************************************************************
   3  *  Copyright (C) 2003-2006 Polytechnique.org                              *
   4  *  http://opensource.polytechnique.org/                                   *
   5  *                                                                         *
   6  *  This program is free software; you can redistribute it and/or modify   *
   7  *  it under the terms of the GNU General Public License as published by   *
   8  *  the Free Software Foundation; either version 2 of the License, or      *
   9  *  (at your option) any later version.                                    *
  10  *                                                                         *
  11  *  This program is distributed in the hope that it will be useful,        *
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
  14  *  GNU General Public License for more details.                           *
  15  *                                                                         *
  16  *  You should have received a copy of the GNU General Public License      *
  17  *  along with this program; if not, write to the Free Software            *
  18  *  Foundation, Inc.,                                                      *
  19  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  20  ***************************************************************************/
  21
  22 $gpex_pass = $_GET["pass"];
  23 $gpex_url = urldecode($_GET["url"]);
  24 if (strpos($gpex_url, '?') === false) {
  25     $gpex_url .= "?PHPSESSID=" . $_GET["session"];
  26 } else {
  27     $gpex_url .= "&PHPSESSID=" . $_GET["session"];
  28 }
  29 /* a-t-on besoin d'ajouter le http:// ? */
  30 if (!preg_match("/^(http|https):\/\/.*/",$gpex_url))
  31     $gpex_url = "http://$gpex_url";
  32 $gpex_challenge = $_GET["challenge"];
  33
  34 require_once("xorg.inc.php");
  35 new_skinned_page('index.tpl',AUTH_COOKIE);
  36
  37 // mise à jour de l'heure et de la machine de dernier login sauf quand on est en suid
  38 if (!isset($_SESSION['suid'])) {
  39     $logger = (isset($_SESSION['log']) && $_SESSION['log']->uid==$uid) ? $_SESSION['log'] : new DiogenesCoreLogger($uid);
  40     $logger->log("connexion_auth_ext",$_SERVER['PHP_SELF']);
  41 }
  42
  43 /* cree le champs "auth" renvoye au Groupe X */
  44 function gpex_make_auth($chlg, $privkey, $datafields) {
  45     global $globals;
  46     $fieldarr = explode(",",$datafields);
  47     $tohash   = "1$chlg$privkey";
  48
  49     $res = $globals->xdb->query("SELECT matricule,matricule_ax,promo,promo_sortie,flags,deces,nom,prenom,nationalite,section,naissance FROM auth_user_md5 WHERE user_id = {?}", Session::getInt('uid'));
  50     $personnal_data = $res->fetchOneAssoc();
  51
  52     while (list(,$val) = each($fieldarr)) {
  53         /* on verifie qu'on n'a pas demandé une
  54            variable inexistante ! */
  55         if (isset($_SESSION[$val])) {
  56             $tohash .= $_SESSION[$val];
  57         } else if (isset($personnal_data[$val])) {
  58             $tohash .= $personnal_data[$val];
  59         } else if ($val == 'username') {
  60             $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
  61             $min_username = $res->fetchOneCell();
  62             $tohash      .= $min_username;
  63         }
  64     }
  65     $tohash .= "1";
  66     return md5($tohash);
  67 }
  68
  69 /* cree les parametres de l'URL de retour avec les champs demandes */
  70 function gpex_make_params($chlg, $privkey, $datafields) {
  71     global $globals;
  72     $params   = "&auth=".gpex_make_auth($chlg, $privkey, $datafields);
  73
  74     $res = $globals->xdb->query("SELECT matricule,matricule_ax,promo,promo_sortie,flags,deces,nom,prenom,nationalite,section,naissance FROM auth_user_md5 WHERE user_id = {?}", Session::getInt('uid'));
  75     $personnal_data = $res->fetchOneAssoc();
  76
  77     $fieldarr = explode(",",$datafields);
  78     while (list(,$val) = each($fieldarr)) {
  79         if (isset($_SESSION[$val])) {
  80             $params .= "&$val=".$_SESSION[$val];
  81         } else if (isset($personnal_data[$val])) {
  82             $params .= "&$val=".$personnal_data[$val];
  83         } else if ($val == 'username') {
  84             $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND FIND_IN_SET('bestalias', flags)", Session::getInt('uid'));
  85             $min_username = $res->fetchOneCell();
  86             $params      .= "&$val=".$min_username;
  87         }
  88     }
  89     return $params;
  90 }
  91
  92 /* on parcourt les entrees de groupes_auth */
  93 $res = $globals->xdb->iterRow('select privkey,name,datafields from groupesx_auth');
  94
  95 while (list($privkey,$name,$datafields) = $res->next()) {
  96     if (md5($gpex_challenge.$privkey) == $gpex_pass) {
  97         $returl = $gpex_url.gpex_make_params($gpex_challenge,$privkey,$datafields);
  98         redirect($returl);
  99     }
 100 }
 101
 102 /* si on n'a pas trouvé, on renvoit sur x.org */
 103 redirect('https://www.polytechnique.org/');
 104
 105 ?>