include/xnet/session.inc.php

   1 <?php
   2 /***************************************************************************
   3  *  Copyright (C) 2003-2007 Polytechnique.org                              *
   4  *  http://opensource.polytechnique.org/                                   *
   5  *                                                                         *
   6  *  This program is free software; you can redistribute it and/or modify   *
   7  *  it under the terms of the GNU General Public License as published by   *
   8  *  the Free Software Foundation; either version 2 of the License, or      *
   9  *  (at your option) any later version.                                    *
  10  *                                                                         *
  11  *  This program is distributed in the hope that it will be useful,        *
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
  14  *  GNU General Public License for more details.                           *
  15  *                                                                         *
  16  *  You should have received a copy of the GNU General Public License      *
  17  *  along with this program; if not, write to the Free Software            *
  18  *  Foundation, Inc.,                                                      *
  19  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  20  ***************************************************************************/
  21
  22 class XnetSession
  23 {
  24     // {{{ function init
  25
  26     public static function init() {
  27         global $globals;
  28
  29         S::init();
  30
  31         if (!S::logged()) {
  32             // prevent connexion to be linked to deconnexion
  33             if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
  34                 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
  35             else
  36                 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
  37             $url  = "https://www.polytechnique.org/auth-groupex.php";
  38             $url .= "?session=" . session_id();
  39             $url .= "&challenge=" . S::v('challenge');
  40             $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
  41             $url .= "&url=".urlencode($returl);
  42             $_SESSION['loginX'] = $url;
  43         }
  44     }
  45
  46     // }}}
  47     // {{{ public static function destroy()
  48
  49     public static function destroy() {
  50         S::destroy();
  51         XnetSession::init();
  52     }
  53
  54     // }}}
  55     // {{{ public static function doAuth()
  56
  57     /** Try to do an authentication.
  58      *
  59      * @param page the calling page (by reference)
  60      */
  61     public static function doAuth()
  62     {
  63         if (S::identified()) { // ok, c'est bon, on n'a rien à faire
  64                 return true;
  65         }
  66
  67         if (Get::has('auth')) {
  68             return XnetSession::doAuthX();
  69         }
  70
  71         return false;
  72     }
  73
  74     // }}}
  75     // {{{ doAuthCookie
  76
  77     public static function doAuthCookie() {
  78         return XnetSession::doAuth();
  79     }
  80
  81     // }}}
  82     // {{{ doAuthX
  83
  84     public static function doAuthX() {
  85         global $globals, $page;
  86
  87         if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
  88             $page->kill("Erreur d'authentification avec polytechnique.org !");
  89         }
  90
  91         $res  = XDB::query("
  92             SELECT  u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
  93                     a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
  94               FROM  auth_user_md5   AS u
  95         INNER JOIN  auth_user_quick AS q  USING(user_id)
  96         INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
  97         INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
  98              WHERE  u.user_id = {?} AND u.perms IN('admin','user')
  99              LIMIT  1", Get::i('uid'));
 100         $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
 101         $_SESSION['auth'] = AUTH_MDP;
 102         S::kill('challenge');
 103         S::kill('loginX');
 104         Get::kill('auth');
 105         Get::kill('uid');
 106         $path = Get::v('n');
 107         Get::kill('n');
 108         Get::kill('PHPSESSID');
 109
 110         $args = array();
 111         foreach($_GET as $key => $val) {
 112             $args[] = urlencode($key).'='.urlencode($val);
 113         }
 114
 115         http_redirect($globals->baseurl . '/' . $path, join('&', $args));
 116     }
 117
 118     // }}}
 119     // {{{ doSelfSuid
 120
 121     public static function doSelfSuid()
 122     {
 123         if (!S::has('suid')) {
 124             $_SESSION['suid'] = $_SESSION;
 125         }
 126         $_SESSION['perms'] = 'user';
 127     }
 128
 129     // }}}
 130     // {{{ killSuid
 131
 132     public static function killSuid()
 133     {
 134         if (!S::has('suid')) {
 135             return;
 136         }
 137         $suid = S::v('suid');
 138         S::kill('suid');
 139         S::kill('may_update');
 140         S::kill('is_member');
 141         $_SESSION['perms'] = $suid['perms'];
 142     }
 143
 144     // }}}
 145 }
 146
 147 // }}}
 148 // {{{ function may_update
 149
 150 /** Return administration rights for the current asso
 151  * @param force Force administration rights to be read from database
 152  * @param lose  Force administration rights to be false
 153  */
 154 function may_update($force = false, $lose = false)
 155 {
 156     if (!isset($_SESSION['may_update'])) {
 157         $_SESSION['may_update'] = array();
 158     }
 159     $may_update =& $_SESSION['may_update'];
 160
 161     global $globals;
 162     $asso_id = $globals->asso('id');
 163     if (!$asso_id) {
 164         return false;
 165     } elseif ($lose) {
 166         $may_update[$asso_id] = false;
 167     } elseif (S::has_perms() || (S::has('suid') && $force)) {
 168         $may_update[$asso_id] = true;
 169     } elseif (!isset($may_update[$asso_id]) || $force) {
 170         $res = XDB::query("SELECT  perms
 171                              FROM  groupex.membres
 172                             WHERE  uid={?} AND asso_id={?}",
 173                           S::v('uid'), $globals->asso('id'));
 174         $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
 175     }
 176     return $may_update[$asso_id];
 177 }
 178
 179 // }}}
 180 // {{{ function is_member
 181
 182 /** Get membership informations for the current asso
 183  * @param force Force membership to be read from database
 184  * @param lose  Force membership to be false
 185  */
 186 function is_member($force = false, $lose = false)
 187 {
 188     if (!isset($_SESSION['is_member'])) {
 189         $_SESSION['is_member'] = array();
 190     }
 191     $is_member =& $_SESSION['is_member'];
 192
 193     global $globals;
 194     $asso_id = $globals->asso('id');
 195     if (!$asso_id) {
 196         return false;
 197     } elseif ($lose) {
 198         $is_member[$asso_id] = false;
 199     } elseif (S::has('suid') && $force) {
 200         $is_member[$asso_id] = true;
 201     } elseif (!isset($is_member[$asso_id]) || $force) {
 202         $res = XDB::query("SELECT  COUNT(*)
 203                              FROM  groupex.membres
 204                             WHERE  uid={?} AND asso_id={?}",
 205                 S::v('uid'), $asso_id);
 206         $is_member[$asso_id] = ($res->fetchOneCell() == 1);
 207     }
 208     return $is_member[$asso_id];
 209 }
 210
 211 // }}}
 212 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
 213 ?>