0ebc2e669f2a09b241bb06f270b0df63ef99d6e1
2 /***************************************************************************
3 * Copyright (C) 2003-2010 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
22 class XnetSession
extends XorgSession
24 public function __construct()
26 parent
::__construct();
29 public function startAvailableAuth()
31 if (!S
::logged() && Get
::has('auth')) {
32 if (!$this->start(AUTH_MDP
)) {
38 if (!S
::logged() && $globals->xnet
->auth_baseurl
) {
39 // prevent connection to be linked to disconnection
40 if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false
)
41 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
43 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
44 $url = $globals->xnet
->auth_baseurl
;
45 $url .= "?session=" . session_id();
46 $url .= "&challenge=" . S
::v('challenge');
47 $url .= "&pass=" . md5(S
::v('challenge') . $globals->xnet
->secret
);
48 $url .= "&url=".urlencode($returl);
49 S
::set('loginX', $url);
52 if (S
::logged() && $globals->asso()) {
53 $perms = S
::v('perms');
54 $perms->rmFlag('groupadmin');
55 $perms->rmFlag('groupmember');
56 $perms->rmFlag('groupannu');
58 $perms->addFlag('groupadmin');
59 $perms->addFlag('groupmember');
60 $perms->addFlag('groupannu');
63 $perms->addFlag('groupmember');
64 if ($globals->asso('pub') != 'private') {
65 $perms->addFlag('groupannu');
67 } else if ($globals->asso('pub') == 'public') {
68 $perms->addFlag('groupannu');
70 if ($globals->asso('cat') == 'Promotions') {
71 $perms->addFlag('groupannu');
73 S
::set('perms', $perms);
78 protected function doAuth($level)
80 if (S
::identified()) { // ok, c'est bon, on n'a rien à faire
81 return User
::getSilentWithValues(null
, array('uid' => S
::i('uid')));
83 if (!Get
::has('auth')) {
87 if (md5('1' . S
::v('challenge') . $globals->xnet
->secret
. Get
::i('uid') . '1') != Get
::v('auth')) {
91 S
::set('auth', AUTH_MDP
);
92 return User
::getSilentWithValues(null
, array('uid' => Get
::i('uid')));
95 protected function startSessionAs($user, $level)
97 if ($level == AUTH_SUID
) {
98 S
::set('auth', AUTH_MDP
);
100 $res = XDB
::query("SELECT a.uid, a.hruid, a.display_name, a.full_name,
101 a.sex = 'female' AS femme,
102 a.email_format, a.token,
105 INNER JOIN account_types AS at ON (at.type = a.type)
106 WHERE a.uid = {?} AND a.state = 'active'
107 LIMIT 1", $user->id());
108 $sess = $res->fetchOneAssoc();
109 $_SESSION = array_merge($_SESSION, $sess);
110 $this->makePerms(S
::s('perms'), S
::b('is_admin'));
111 S
::kill('challenge');
113 S
::kill('may_update');
114 S
::kill('is_member');
116 Get
::kill('PHPSESSID');
119 foreach($_GET as $key => $val) {
120 $args[] = urlencode($key). '=' .urlencode($val);
125 public function doSelfSuid()
128 if (!$this->startSUID($user)) {
131 S
::set('perms', User
::makePerms('user'));
135 public function stopSUID()
137 $perms = S
::suid('perms');
138 if (!parent
::stopSUID()) {
141 S
::kill('may_update');
142 S
::kill('is_member');
143 S
::set('perms', $perms);
148 // {{{ function may_update
150 /** Return administration rights for the current asso
151 * @param force Force administration rights to be read from database
152 * @param lose Force administration rights to be false
154 function may_update($force = false
, $lose = false
)
156 if (!isset($_SESSION['may_update'])) {
157 $_SESSION['may_update'] = array();
159 $may_update =& $_SESSION['may_update'];
162 $asso_id = $globals->asso('id');
166 $may_update[$asso_id] = false
;
167 } elseif (S
::admin() ||
(S
::suid() && $force)) {
168 $may_update[$asso_id] = true
;
169 } elseif (!isset($may_update[$asso_id]) ||
$force) {
170 $res = XDB
::query("SELECT perms
172 WHERE uid={?} AND asso_id={?}",
173 S
::v('uid'), $asso_id);
174 $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
176 return $may_update[$asso_id];
180 // {{{ function is_member
182 /** Get membership informations for the current asso
183 * @param force Force membership to be read from database
184 * @param lose Force membership to be false
186 function is_member($force = false
, $lose = false
)
188 if (!isset($_SESSION['is_member'])) {
189 $_SESSION['is_member'] = array();
191 $is_member =& $_SESSION['is_member'];
194 $asso_id = $globals->asso('id');
198 $is_member[$asso_id] = false
;
199 } elseif (S
::suid() && $force) {
200 $is_member[$asso_id] = true
;
201 } elseif (!isset($is_member[$asso_id]) ||
$force) {
202 $res = XDB
::query("SELECT COUNT(*)
204 WHERE uid={?} AND asso_id={?}",
205 S
::v('uid'), $asso_id);
206 $is_member[$asso_id] = ($res->fetchOneCell() == 1);
208 return $is_member[$asso_id];
212 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: