2 /***************************************************************************
3 * Copyright (C) 2003-2006 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
26 public static function init() {
32 // prevent connexion to be linked to deconnexion
33 if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false
)
34 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
36 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
37 $url = "https://www.polytechnique.org/auth-groupex.php";
38 $url .= "?session=" . session_id();
39 $url .= "&challenge=" . S
::v('challenge');
40 $url .= "&pass=" . md5(S
::v('challenge') . $globals->xnet
->secret
);
41 $url .= "&url=".urlencode($returl);
42 $_SESSION['loginX'] = $url;
47 // {{{ public static function destroy()
49 public static function destroy() {
55 // {{{ public static function doAuth()
57 /** Try to do an authentication.
59 * @param page the calling page (by reference)
61 public static function doAuth()
63 if (S
::identified()) { // ok, c'est bon, on n'a rien à faire
67 if (Get
::has('auth')) {
68 return XnetSession
::doAuthX();
77 public static function doAuthCookie() {
78 return XnetSession
::doAuth();
84 public static function doAuthX() {
85 global $globals, $page;
87 if (md5('1'.S
::v('challenge').$globals->xnet
->secret
.Get
::i('uid').'1') != Get
::v('auth')) {
88 $page->kill("Erreur d'authentification avec polytechnique.org !");
92 SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
93 a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
94 FROM auth_user_md5 AS u
95 INNER JOIN auth_user_quick AS q USING(user_id)
96 INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
97 INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
98 WHERE u.user_id = {?} AND u.perms IN('admin','user')
99 LIMIT 1", Get
::i('uid'));
100 $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
101 $_SESSION['auth'] = AUTH_MDP
;
102 S
::kill('challenge');
108 Get
::kill('PHPSESSID');
111 foreach($_GET as $key => $val) {
112 $args[] = urlencode($key).'='.urlencode($val);
115 http_redirect($globals->baseurl
. '/' . $path, join('&', $args));
123 function may_update() {
125 if (!$globals->asso('id')) { return false
; }
126 if (S
::has_perms()) { return true
; }
130 WHERE uid={?} AND asso_id={?}", S
::v('uid'), $globals->asso('id'));
131 return $res->fetchOneCell() == 'admin';
137 function is_member() {
139 $asso_id = $globals->asso('id');
140 if (!$asso_id) { return false
; }
142 if (!$is_member) $is_member = array();
143 if (!isset($is_member[$asso_id]))
148 WHERE uid={?} AND asso_id={?}",
149 S
::v('uid'), $asso_id);
150 $is_member[$asso_id] = $res->fetchOneCell() == 1;
152 return $is_member[$asso_id];
156 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker: