2 /***************************************************************************
3 * Copyright (C) 2003-2006 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
22 require_once('platal/session.inc.php');
24 // {{{ class XorgSession
26 class XnetSession
extends DiogenesCoreSession
28 // {{{ function XnetSession()
30 function XnetSession()
32 $this->DiogenesCoreSession();
42 if (!Session
::has('session')) {
43 $_SESSION['session'] = new XnetSession
;
46 // prevent connexion to be linked to deconnexion
47 if (($i = strpos($_SERVER['REQUEST_URI'], 'deconnexion.php')) !== false
)
48 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
50 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
51 $url = "https://www.polytechnique.org/auth-groupex.php";
52 $url .= "?session=" . session_id();
53 $url .= "&challenge=" . $_SESSION['session']->challenge
;
54 $url .= "&pass=" . md5($_SESSION['session']->challenge
. $globals->xnet
->secret
);
55 $url .= "&url=".urlencode($returl);
56 $_SESSION['session']->loginX
= $url;
61 // {{{ function destroy()
70 // {{{ function doAuth()
72 /** Try to do an authentication.
74 * @param page the calling page (by reference)
76 function doAuth(&$page)
79 if (identified()) { // ok, c'est bon, on n'a rien à faire
83 if (Get
::has('auth')) {
84 return $this->doAuthX($page);
85 } elseif (Post
::has('challenge') && Post
::has('username') && Post
::has('response')) {
86 return $this->doAuthOther($page);
88 $this->doLogin($page);
95 function doAuthX(&$page) {
98 if (md5('1'.$this->challenge
.$globals->xnet
->secret
.Get
::getInt('uid').'1') != Get
::get('auth')) {
99 $page->kill("Erreur d'authentification avec polytechnique.org !");
102 $res = $globals->xdb
->query("
103 SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
104 a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
105 FROM auth_user_md5 AS u
106 INNER JOIN auth_user_quick AS q USING(user_id)
107 INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
108 INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
109 WHERE u.user_id = {?} AND u.perms IN('admin','user')
110 LIMIT 1", Get
::getInt('uid'));
111 $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
112 $_SESSION['auth'] = AUTH_MDP
;
113 unset($this->challenge
);
114 unset($this->loginX
);
118 foreach($_GET as $key=>$val) {
119 $args[] = urlencode($key).'='.urlencode($val);
121 redirect($_SERVER['PHP_SELF'] . '?' . join('&', $args));
127 function doAuthOther(&$page) {
128 if (Post
::has('challenge') && Post
::has('username') && Post
::has('response')) {
129 $username = Post
::get('username');
131 $this->doLogin($page);
137 function doLogin(&$page) {
138 // login for non-x has been disabled, so don't need this js anymore
139 //$page->addJsLink('javascript/do_challenge_response.js.php');
140 $page->assign("xorg_tpl", "xnet/login.tpl");
150 function may_update() {
152 if (!$globals->asso('id')) { return false
; }
153 if (has_perms()) { return true
; }
154 $res = $globals->xdb
->query(
157 WHERE uid={?} AND asso_id={?}", Session
::getInt('uid'), $globals->asso('id'));
158 return $res->fetchOneCell() == 'admin';
164 function is_member() {
166 $asso_id = $globals->asso('id');
167 if (!$asso_id) { return false
; }
169 if (!$is_member) $is_member = array();
170 if (!isset($is_member[$asso_id]))
172 $res = $globals->xdb
->query(
175 WHERE uid={?} AND asso_id={?}",
176 Session
::getInt('uid'), $asso_id);
177 $is_member[$asso_id] = $res->fetchOneCell() == 1;
179 return $is_member[$asso_id];
183 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker: