projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rework XOrgDB -> XDB (shorter, easier to use).
[platal.git] / include / xnet / session.inc.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2006 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 require_once('platal/session.inc.php');
23
24 // {{{ class XorgSession
25
26 class XnetSession
27 {
28 var $challenge;
29
30 // {{{ function XnetSession()
31
32 function XnetSession()
33 {
34 $this->challenge = md5(uniqid(rand(), 1));
35 }
36
37 // }}}
38 // {{{ function init
39
40 function init() {
41 global $globals;
42
43 @session_start();
44 if (!Session::has('session')) {
45 $_SESSION['session'] = new XnetSession;
46 }
47 if (!logged()) {
48 // prevent connexion to be linked to deconnexion
49 if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
50 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
51 else
52 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
53 $url = "https://www.polytechnique.org/auth-groupex.php";
54 $url .= "?session=" . session_id();
55 $url .= "&challenge=" . $_SESSION['session']->challenge;
56 $url .= "&pass=" . md5($_SESSION['session']->challenge . $globals->xnet->secret);
57 $url .= "&url=".urlencode($returl);
58 $_SESSION['session']->loginX = $url;
59 }
60 }
61
62 // }}}
63 // {{{ function destroy()
64
65 function destroy() {
66 @session_destroy();
67 unset($_SESSION);
68 XnetSession::init();
69 }
70
71 // }}}
72 // {{{ function doAuth()
73
74 /** Try to do an authentication.
75 *
76 * @param page the calling page (by reference)
77 */
78 function doAuth(&$page)
79 {
80 global $globals;
81 if (identified()) { // ok, c'est bon, on n'a rien à faire
82 return true;
83 }
84
85 if (Get::has('auth')) {
86 return $this->doAuthX($page);
87 } elseif (Post::has('challenge') && Post::has('username') && Post::has('response')) {
88 return $this->doAuthOther($page);
89 } else {
90 $this->doLogin($page);
91 }
92 }
93
94 // }}}
95 // {{{ doAuthX
96
97 function doAuthX(&$page) {
98 global $globals;
99
100 if (md5('1'.$this->challenge.$globals->xnet->secret.Get::getInt('uid').'1') != Get::get('auth')) {
101 $page->kill("Erreur d'authentification avec polytechnique.org !");
102 }
103
104 $res = XDB::query("
105 SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
106 a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
107 FROM auth_user_md5 AS u
108 INNER JOIN auth_user_quick AS q USING(user_id)
109 INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
110 INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
111 WHERE u.user_id = {?} AND u.perms IN('admin','user')
112 LIMIT 1", Get::getInt('uid'));
113 $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
114 $_SESSION['auth'] = AUTH_MDP;
115 unset($this->challenge);
116 unset($this->loginX);
117 Get::kill('auth');
118 Get::kill('uid');
119 $args = array();
120 foreach($_GET as $key=>$val) {
121 $args[] = urlencode($key).'='.urlencode($val);
122 }
123 redirect($_SERVER['PHP_SELF'] . '?' . join('&', $args));
124 }
125
126 // }}}
127 // {{{ doAuthOther
128
129 function doAuthOther(&$page) {
130 if (Post::has('challenge') && Post::has('username') && Post::has('response')) {
131 $username = Post::get('username');
132 }
133 $this->doLogin($page);
134 }
135
136 // }}}
137 // {{{ doLogin
138
139 function doLogin(&$page) {
140 redirect($_SESSION['session']->loginX);
141 }
142
143 // }}}
144 }
145
146 // }}}
147 // {{{ may_update
148
149 function may_update() {
150 global $globals;
151 if (!$globals->asso('id')) { return false; }
152 if (has_perms()) { return true; }
153 $res = XDB::query(
154 "SELECT perms
155 FROM groupex.membres
156 WHERE uid={?} AND asso_id={?}", Session::getInt('uid'), $globals->asso('id'));
157 return $res->fetchOneCell() == 'admin';
158 }
159
160 // }}}
161 // {{{ is_member
162
163 function is_member() {
164 global $globals;
165 $asso_id = $globals->asso('id');
166 if (!$asso_id) { return false; }
167 static $is_member;
168 if (!$is_member) $is_member = array();
169 if (!isset($is_member[$asso_id]))
170 {
171 $res = XDB::query(
172 "SELECT COUNT(*)
173 FROM groupex.membres
174 WHERE uid={?} AND asso_id={?}",
175 Session::getInt('uid'), $asso_id);
176 $is_member[$asso_id] = $res->fetchOneCell() == 1;
177 }
178 return $is_member[$asso_id];
179 }
180
181 // }}}
182 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
183 ?>
plat/al