include/xorg/session.inc.php

   1 <?php
   2 /***************************************************************************
   3  *  Copyright (C) 2003-2006 Polytechnique.org                              *
   4  *  http://opensource.polytechnique.org/                                   *
   5  *                                                                         *
   6  *  This program is free software; you can redistribute it and/or modify   *
   7  *  it under the terms of the GNU General Public License as published by   *
   8  *  the Free Software Foundation; either version 2 of the License, or      *
   9  *  (at your option) any later version.                                    *
  10  *                                                                         *
  11  *  This program is distributed in the hope that it will be useful,        *
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
  14  *  GNU General Public License for more details.                           *
  15  *                                                                         *
  16  *  You should have received a copy of the GNU General Public License      *
  17  *  along with this program; if not, write to the Free Software            *
  18  *  Foundation, Inc.,                                                      *
  19  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  20  ***************************************************************************/
  21
  22 require_once 'platal/session.inc.php';
  23
  24 // {{{ class XorgSession
  25
  26 class XorgSession
  27 {
  28     // {{{ function init
  29
  30     function init() {
  31         S::init();
  32         if (!S::has('uid')) {
  33             try_cookie();
  34         }
  35         set_skin();
  36         $_SESSION['session'] = new XorgSession;
  37     }
  38
  39     // }}}
  40     // {{{ function destroy()
  41
  42     function destroy() {
  43         S::destroy();
  44         XorgSession::init();
  45     }
  46
  47     // }}}
  48     // {{{ function doAuth()
  49
  50     /** Try to do an authentication.
  51      *
  52      * @param page the calling page (by reference)
  53      */
  54     function doAuth($new_name = false)
  55     {
  56         global $globals;
  57         if (S::identified()) { // ok, c'est bon, on n'a rien à faire
  58             return true;
  59         }
  60
  61         if (Env::has('username') && Env::has('response') && S::has('challenge'))
  62         {
  63             // si on vient de recevoir une identification par passwordpromptscreen.tpl
  64             // ou passwordpromptscreenlogged.tpl
  65             $uname = Env::get('username');
  66
  67             if (Env::get('domain') == "alias") {
  68
  69                 $res = XDB::query(
  70                     "SELECT redirect
  71                        FROM virtual
  72                  INNER JOIN virtual_redirect USING(vid)
  73                       WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
  74                 $redirect = $res->fetchOneCell();
  75                 if ($redirect) {
  76                     $login = substr($redirect, 0, strpos($redirect, '@'));
  77                 } else {
  78                     $login = "";
  79                 }
  80             } else {
  81                 $login = $uname;
  82             }
  83
  84             $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
  85             $res   = XDB::query(
  86                         "SELECT  u.user_id, u.password
  87                            FROM  auth_user_md5 AS u
  88                      INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND type!='homonyme' )
  89                           WHERE  a.$field = {?} AND u.perms IN('admin','user')", $login);
  90
  91             $logger =& S::v('log');
  92             if (list($uid, $password) = $res->fetchOneRow()) {
  93                     require_once('secure_hash.inc.php');
  94                         $expected_response=hash_encrypt("$uname:$password:".S::v('challenge'));
  95                         // le password de la base est peut-être encore encodé en md5
  96                         if (Env::get('response') != $expected_response) {
  97                           $new_password = hash_xor(Env::get('xorpass'), $password);
  98                           $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
  99                           if (Env::get('response') == $expected_response) {
 100                               XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
 101                           }
 102                         }
 103                         if (Env::get('response') == $expected_response) {
 104                     if (Env::has('domain')) {
 105                         if (($domain = Env::get('domain', 'login')) == 'alias') {
 106                             setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
 107                         } else {
 108                             setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
 109                         }
 110                         // pour que la modification soit effective dans le reste de la page
 111                         $_COOKIE['ORGdomain'] = $domain;
 112                     }
 113
 114                     S::kill('challenge');
 115                     if ($logger) {
 116                         $logger->log('auth_ok');
 117                     }
 118                             start_connexion($uid, true);
 119                     if (Env::get('remember', 'false') == 'true') {
 120                         $cookie = hash_encrypt(S::v('password'));
 121                         setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
 122                         if ($logger) {
 123                             $logger->log("cookie_on");
 124                         }
 125                     } else {
 126                         setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
 127
 128                         if ($logger) {
 129                             $logger->log("cookie_off");
 130                         }
 131                     }
 132                             return true;
 133                         } elseif ($logger) {
 134                     $logger->log('auth_fail','bad password');
 135                 }
 136             } elseif ($logger) {
 137                     $logger->log('auth_fail','bad login');
 138             }
 139         }
 140
 141         global $page;
 142         $page->doLogin($new_name);
 143     }
 144
 145     // }}}
 146     // {{{ function doAuthCookie()
 147
 148     /** Try to do a cookie-based authentication.
 149      *
 150      * @param page the calling page (by reference)
 151      */
 152     function doAuthCookie(&$page)
 153     {
 154         if (S::logged()) {
 155             return;
 156         }
 157
 158         if (Env::has('username') and Env::has('response')) {
 159             return XorgSession::doAuth();
 160         }
 161
 162         if ($r = try_cookie()) {
 163             return XorgSession::doAuth(($r > 0));
 164         }
 165     }
 166
 167     // }}}
 168 }
 169
 170 // }}}
 171 // {{{ function try_cookie()
 172
 173 /** réalise la récupération de $_SESSION pour qqn avec cookie
 174  * @return  int     0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
 175  *                  -2 should not happen
 176  */
 177 function try_cookie()
 178 {
 179     if (Cookie::get('ORGaccess') == '' or !Cookie::has('ORGuid')) {
 180         return -1;
 181     }
 182
 183     $res = @XDB::query(
 184             "SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')",
 185             Cookie::getInt('ORGuid')
 186     );
 187     if ($res->numRows() != 0) {
 188         list($uid, $password) = $res->fetchOneRow();
 189         require_once('secure_hash.inc.php');
 190         $expected_value       = hash_encrypt($password);
 191         if ($expected_value == Cookie::get('ORGaccess')) {
 192             start_connexion($uid, false);
 193             return 0;
 194         } else {
 195             return 1;
 196         }
 197     }
 198
 199     return -2;
 200 }
 201
 202 // }}}
 203 // {{{ function start_connexion()
 204
 205 /** place les variables de session dépendants de auth_user_md5
 206  * et met à jour les dates de dernière connexion si nécessaire
 207  * @return void
 208  * @see controlpermanent.inc.php controlauthentication.inc.php
 209  */
 210 function start_connexion ($uid, $identified)
 211 {
 212     $res  = XDB::query("
 213         SELECT  u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
 214                 UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
 215                 q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
 216           FROM  auth_user_md5   AS u
 217     INNER JOIN  auth_user_quick AS q  USING(user_id)
 218     INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
 219     INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
 220      LEFT JOIN  logger.sessions AS s  ON (s.uid=u.user_id AND s.suid=0)
 221          WHERE  u.user_id = {?} AND u.perms IN('admin','user')
 222       ORDER BY  s.start DESC
 223          LIMIT  1", $uid);
 224     $sess = $res->fetchOneAssoc();
 225     $suid = S::v('suid');
 226
 227     if ($suid) {
 228         $logger = new DiogenesCoreLogger($uid, $suid);
 229         $logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
 230         $sess['suid'] = $suid;
 231     } else {
 232         $logger = S::v('log', new DiogenesCoreLogger($uid));
 233         $logger->log("connexion", $_SERVER['PHP_SELF']);
 234         setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
 235     }
 236
 237     $_SESSION         = $sess;
 238     $_SESSION['log']  = $logger;
 239     $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
 240     set_skin();
 241 }
 242
 243 // }}}
 244 // {{{ function set_skin()
 245
 246 function set_skin()
 247 {
 248     global $globals;
 249     if (S::logged() && $globals->skin->enable) {
 250         $uid = S::v('uid');
 251         $res = XDB::query("SELECT  skin,skin_tpl
 252                                        FROM  auth_user_quick AS a
 253                                  INNER JOIN  skins           AS s ON a.skin=s.id
 254                                       WHERE  user_id = {?} AND skin_tpl != ''", $uid);
 255         if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) {
 256             return;
 257         }
 258     }
 259     if ($globals->skin->enable) {
 260         $_SESSION['skin'] = $globals->skin->def_tpl;
 261         $_SESSION['skin_id'] = $globals->skin->def_id;
 262     } else {
 263         $_SESSION['skin'] = 'default.tpl';
 264         $_SESSION['skin_id'] = -1;
 265     }
 266 }
 267
 268 // }}}
 269
 270 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
 271 ?>