include/xnet/session.inc.php

   1 <?php
   2 /***************************************************************************
   3  *  Copyright (C) 2003-2006 Polytechnique.org                              *
   4  *  http://opensource.polytechnique.org/                                   *
   5  *                                                                         *
   6  *  This program is free software; you can redistribute it and/or modify   *
   7  *  it under the terms of the GNU General Public License as published by   *
   8  *  the Free Software Foundation; either version 2 of the License, or      *
   9  *  (at your option) any later version.                                    *
  10  *                                                                         *
  11  *  This program is distributed in the hope that it will be useful,        *
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
  14  *  GNU General Public License for more details.                           *
  15  *                                                                         *
  16  *  You should have received a copy of the GNU General Public License      *
  17  *  along with this program; if not, write to the Free Software            *
  18  *  Foundation, Inc.,                                                      *
  19  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  20  ***************************************************************************/
  21
  22 require_once('platal/session.inc.php');
  23
  24 class XnetSession
  25 {
  26     // {{{ function init
  27
  28     function init() {
  29         global $globals;
  30
  31         S::init();
  32
  33         $_SESSION['session'] = new XnetSession;
  34
  35         if (!S::logged()) {
  36             // prevent connexion to be linked to deconnexion
  37             if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
  38                 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
  39             else
  40                 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
  41             $url  = "https://www.polytechnique.org/auth-groupex.php";
  42             $url .= "?session=" . session_id();
  43             $url .= "&challenge=" . S::v('challenge');
  44             $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
  45             $url .= "&url=".urlencode($returl);
  46             $_SESSION['loginX'] = $url;
  47         }
  48     }
  49
  50     // }}}
  51     // {{{ function destroy()
  52
  53     function destroy() {
  54         S::destroy();
  55         XnetSession::init();
  56     }
  57
  58     // }}}
  59     // {{{ function doAuth()
  60
  61     /** Try to do an authentication.
  62      *
  63      * @param page the calling page (by reference)
  64      */
  65     function doAuth()
  66     {
  67         if (S::identified()) { // ok, c'est bon, on n'a rien à faire
  68             return true;
  69         }
  70
  71         if (Get::has('auth')) {
  72             return XnetSession::doAuthX();
  73         }
  74
  75         return false;
  76     }
  77
  78     // }}}
  79     // {{{ doAuthX
  80
  81     function doAuthX() {
  82         global $globals, $page;
  83
  84         if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::getInt('uid').'1') != Get::get('auth')) {
  85             $page->kill("Erreur d'authentification avec polytechnique.org !");
  86         }
  87
  88         $res  = XDB::query("
  89             SELECT  u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
  90                     a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
  91               FROM  auth_user_md5   AS u
  92         INNER JOIN  auth_user_quick AS q  USING(user_id)
  93         INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
  94         INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
  95              WHERE  u.user_id = {?} AND u.perms IN('admin','user')
  96              LIMIT  1", Get::getInt('uid'));
  97         $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
  98         $_SESSION['auth'] = AUTH_MDP;
  99         S::kill('challenge');
 100         S::kill('loginX');
 101         Get::kill('auth');
 102         Get::kill('uid');
 103         $args = array();
 104         $path = Get::get('p');
 105         Get::kill('p');
 106         Get::kill('PHPSESSID');
 107
 108         foreach($_GET as $key => $val) {
 109             $args[] = urlencode($key).'='.urlencode($val);
 110         }
 111
 112         redirect($globals->baseurl . '/' . $path
 113                  . rtrim('?' . join('&', $args), '?'));
 114     }
 115
 116     // }}}
 117 }
 118
 119 // {{{ may_update
 120
 121 function may_update() {
 122     global $globals;
 123     if (!$globals->asso('id')) { return false; }
 124     if (S::has_perms()) { return true; }
 125     $res = XDB::query(
 126             "SELECT  perms
 127                FROM  groupex.membres
 128               WHERE  uid={?} AND asso_id={?}", S::v('uid'), $globals->asso('id'));
 129     return $res->fetchOneCell() == 'admin';
 130 }
 131
 132 // }}}
 133 // {{{ is_member
 134
 135 function is_member() {
 136     global $globals;
 137     $asso_id = $globals->asso('id');
 138     if (!$asso_id) { return false; }
 139     static $is_member;
 140     if (!$is_member) $is_member = array();
 141     if (!isset($is_member[$asso_id]))
 142     {
 143         $res = XDB::query(
 144             "SELECT  COUNT(*)
 145                FROM  groupex.membres
 146               WHERE  uid={?} AND asso_id={?}",
 147                 S::v('uid'), $asso_id);
 148         $is_member[$asso_id] = $res->fetchOneCell() == 1;
 149     }
 150     return $is_member[$asso_id];
 151 }
 152
 153 // }}}
 154 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
 155 ?>