include/xorg/session.inc.php

   1 <?php
   2 /***************************************************************************
   3  *  Copyright (C) 2003-2007 Polytechnique.org                              *
   4  *  http://opensource.polytechnique.org/                                   *
   5  *                                                                         *
   6  *  This program is free software; you can redistribute it and/or modify   *
   7  *  it under the terms of the GNU General Public License as published by   *
   8  *  the Free Software Foundation; either version 2 of the License, or      *
   9  *  (at your option) any later version.                                    *
  10  *                                                                         *
  11  *  This program is distributed in the hope that it will be useful,        *
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
  14  *  GNU General Public License for more details.                           *
  15  *                                                                         *
  16  *  You should have received a copy of the GNU General Public License      *
  17  *  along with this program; if not, write to the Free Software            *
  18  *  Foundation, Inc.,                                                      *
  19  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  20  ***************************************************************************/
  21
  22 require_once 'xorg.misc.inc.php';
  23
  24 class XorgSession
  25 {
  26     // {{{ public static function init
  27
  28     public static function init()
  29     {
  30         S::init();
  31         if (!S::has('uid')) {
  32             try_cookie();
  33         }
  34         if (check_ip('dangerous') && S::has('uid')) {
  35             $_SESSION['log']->log("view_page", $_SERVER['REQUEST_URI']);
  36         }
  37     }
  38
  39     // }}}
  40     // {{{ public static function destroy()
  41
  42     public static function destroy()
  43     {
  44         S::destroy();
  45         XorgSession::init();
  46     }
  47
  48     // }}}
  49     // {{{ public static function doAuth()
  50
  51     public static function doAuth($new_name = false)
  52     {
  53         global $globals;
  54         if (S::identified()) { // ok, c'est bon, on n'a rien à faire
  55             return true;
  56         }
  57
  58         if (!Env::has('username') || !Env::has('response')
  59         ||  !S::has('challenge'))
  60         {
  61             return false;
  62         }
  63
  64         // si on vient de recevoir une identification par passwordpromptscreen.tpl
  65         // ou passwordpromptscreenlogged.tpl
  66         if (S::has('suid')) {
  67             $suid = S::v('suid');
  68             $login = $uname = $suid['forlife'];
  69             $redirect = false;
  70         } else {
  71             $uname = Env::v('username');
  72
  73             if (Env::v('domain') == "alias") {
  74                 $res = XDB::query(
  75                     "SELECT redirect
  76                        FROM virtual
  77                  INNER JOIN virtual_redirect USING(vid)
  78                       WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom);
  79                 $redirect = $res->fetchOneCell();
  80                 if ($redirect) {
  81                     $login = substr($redirect, 0, strpos($redirect, '@'));
  82                 } else {
  83                     $login = "";
  84                 }
  85             } else {
  86                 $login = $uname;
  87                 $redirect = false;
  88             }
  89         }
  90
  91         $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
  92         $res   = XDB::query(
  93                     "SELECT  u.user_id, u.password
  94                        FROM  auth_user_md5 AS u
  95                  INNER JOIN  aliases       AS a ON ( a.id=u.user_id AND type!='homonyme' )
  96                       WHERE  a.$field = {?} AND u.perms IN('admin','user')", $login);
  97
  98         $logger = S::v('log');
  99         if (list($uid, $password) = $res->fetchOneRow()) {
 100             require_once('secure_hash.inc.php');
 101             $expected_response = hash_encrypt("$uname:$password:".S::v('challenge'));
 102             // le password de la base est peut-être encore encodé en md5
 103             if (Env::v('response') != $expected_response) {
 104                 $new_password = hash_xor(Env::v('xorpass'), $password);
 105                 $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
 106                 if (Env::v('response') == $expected_response) {
 107                       XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}",
 108                                    $new_password, $uid);
 109                 }
 110             }
 111             if (Env::v('response') == $expected_response) {
 112                 if (Env::has('domain')) {
 113                     if (($domain = Env::v('domain', 'login')) == 'alias') {
 114                         setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
 115                     } else {
 116                         setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
 117                     }
 118                     // pour que la modification soit effective dans le reste de la page
 119                     $_COOKIE['ORGdomain'] = $domain;
 120                 }
 121
 122                 S::kill('challenge');
 123                 if ($logger) {
 124                     $logger->log('auth_ok');
 125                 }
 126                 if (!start_connexion($uid, true)) {
 127                     return false;
 128                 }
 129                 if (Env::v('remember', 'false') == 'true') {
 130                     $cookie = hash_encrypt(S::v('password'));
 131                     setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0);
 132                     if ($logger) {
 133                         $logger->log("cookie_on");
 134                     }
 135                 } else {
 136                     setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
 137
 138                     if ($logger) {
 139                         $logger->log("cookie_off");
 140                     }
 141                 }
 142                 return true;
 143             } elseif ($logger) {
 144                 $logger->log('auth_fail','bad password');
 145             }
 146         } elseif ($logger) {
 147             $logger->log('auth_fail','bad login');
 148         }
 149
 150         return false;
 151     }
 152
 153     // }}}
 154     // {{{ public static function doAuthCookie()
 155
 156     /** Try to do a cookie-based authentication.
 157      *
 158      * @param page the calling page (by reference)
 159      */
 160     public static function doAuthCookie()
 161     {
 162         if (S::logged()) {
 163             return true;
 164         }
 165
 166         if (Env::has('username') and Env::has('response')) {
 167             return XorgSession::doAuth();
 168         }
 169
 170         if ($r = try_cookie()) {
 171             return XorgSession::doAuth(($r > 0));
 172         }
 173
 174         return false;
 175     }
 176
 177     // }}}
 178 }
 179
 180 // {{{ function try_cookie()
 181
 182 /** réalise la récupération de $_SESSION pour qqn avec cookie
 183  * @return  int     0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
 184  *                  -2 should not happen
 185  */
 186 function try_cookie()
 187 {
 188     if (Cookie::v('ORGaccess') == '' or !Cookie::has('ORGuid')) {
 189         return -1;
 190     }
 191
 192     $res = @XDB::query(
 193             "SELECT user_id,password FROM auth_user_md5
 194               WHERE user_id = {?} AND perms IN('admin','user')",
 195             Cookie::i('ORGuid'));
 196
 197     if ($res->numRows() != 0) {
 198         list($uid, $password) = $res->fetchOneRow();
 199         require_once('secure_hash.inc.php');
 200         $expected_value       = hash_encrypt($password);
 201         if ($expected_value == Cookie::v('ORGaccess')) {
 202             if (!start_connexion($uid, false)) {
 203                 return -3;
 204             }
 205             return 0;
 206         } else {
 207             return 1;
 208         }
 209     }
 210
 211     return -2;
 212 }
 213
 214 // }}}
 215 // {{{ function start_connexion()
 216
 217 /** place les variables de session dépendants de auth_user_md5
 218  * et met à jour les dates de dernière connexion si nécessaire
 219  * @return void
 220  * @see controlpermanent.inc.php controlauthentication.inc.php
 221  */
 222 function start_connexion ($uid, $identified)
 223 {
 224     $res  = XDB::query("
 225     SELECT  u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
 226                 UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias,
 227                 q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash
 228           FROM  auth_user_md5   AS u
 229     INNER JOIN  auth_user_quick AS q  USING(user_id)
 230     INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
 231     INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
 232      LEFT JOIN  logger.sessions AS s  ON (s.uid=u.user_id AND s.suid=0)
 233          WHERE  u.user_id = {?} AND u.perms IN('admin','user')
 234       ORDER BY  s.start DESC
 235          LIMIT  1", $uid);
 236     $sess = $res->fetchOneAssoc();
 237     $suid = S::v('suid');
 238
 239     if ($suid) {
 240         $logger = new CoreLogger($uid, $suid);
 241         $logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
 242         $sess['suid'] = $suid;
 243         $sess['perms'] = $_SESSION['perms'];
 244     } else {
 245         $logger = S::v('log', new CoreLogger($uid));
 246         $logger->log("connexion", Env::v('n'));
 247         setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
 248     }
 249
 250     $_SESSION         = array_merge($_SESSION, $sess);
 251     $_SESSION['log']  = $logger;
 252     $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
 253     if (check_ip('unsafe')) {
 254         send_warning_mail("Une IP surveillee a tente de se connecter");
 255         if (check_ip('ban')) {
 256             $_SESSION = array();
 257             global $page;
 258             $page->trig("Une erreur est survenue lors de la procédure d'authentification. "
 259                        ."Merci de contacter au plus vite "
 260                        ."<a href='mailto:support@polytechnique.org'>support@polytechnique.org</a>");
 261             return false;
 262         }
 263     }
 264     set_skin();
 265     check_redirect();
 266     return true;
 267 }
 268
 269 // }}}
 270
 271 function set_skin()
 272 {
 273     global $globals;
 274     if (S::logged() && !S::has('skin')) {
 275         $uid = S::v('uid');
 276     $res = XDB::query("SELECT  skin_tpl
 277                              FROM  auth_user_quick AS a
 278                        INNER JOIN  skins           AS s ON a.skin = s.id
 279                             WHERE  user_id = {?} AND skin_tpl != ''", $uid);
 280     if ($_SESSION['skin'] = $res->fetchOneCell()) {
 281             return;
 282         }
 283     }
 284 }
 285
 286 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
 287 ?>