start(AUTH_MDP)) { return false; } } global $globals; if (!S::logged()) { // prevent connection to be linked to disconnection if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false) $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i); else $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}"; $url = "https://www.polytechnique.org/auth-groupex"; $url .= "?session=" . session_id(); $url .= "&challenge=" . S::v('challenge'); $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret); $url .= "&url=".urlencode($returl); S::set('loginX', $url); } if (S::logged() && $globals->asso()) { $perms = S::v('perms'); $perms->rmFlag('groupadmin'); $perms->rmFlag('groupmember'); $perms->rmFlag('groupannu'); if (may_update()) { $perms->addFlag('groupadmin'); $perms->addFlag('groupmember'); $perms->addFlag('groupannu'); } if (is_member()) { $perms->addFlag('groupmember'); if ($globals->asso('pub') != 'private') { $perms->addFlag('groupannu'); } } if ($globals->asso('cat') == 'Promotions') { $perms->addFlag('groupannu'); } S::set('perms', $perms); } return true; } protected function doAuth($level) { if (S::identified()) { // ok, c'est bon, on n'a rien à faire return S::i('uid'); } if (!Get::has('auth')) { return null; } global $globals; if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) { return null; } Get::kill('auth'); S::set('auth', AUTH_MDP); return Get::i('uid'); } protected function startSessionAs($user, $level) { if ($level == -1) { S::set('auth', AUTH_MDP); } $res = XDB::query("SELECT u.user_id AS uid, u.hruid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme, q.core_mail_fmt AS mail_fmt, q.core_rss_hash FROM auth_user_md5 AS u INNER JOIN auth_user_quick AS q USING(user_id) WHERE u.user_id = {?} AND u.perms IN('admin', 'user') LIMIT 1", $user); $sess = $res->fetchOneAssoc(); $perms = $sess['perms']; unset($sess['perms']); $_SESSION = array_merge($_SESSION, $sess); S::set('perms', User::makePerms($perms)); S::kill('challenge'); S::kill('loginX'); S::kill('may_update'); S::kill('is_member'); Get::kill('uid'); Get::kill('PHPSESSID'); $args = array(); foreach($_GET as $key => $val) { $args[] = urlencode($key). '=' .urlencode($val); } return true; } public function doSelfSuid() { if (!$this->startSUID(S::i('uid'))) { return false; } S::set('perms', User::makePerms('user')); return true; } public function stopSUID() { $suid = S::v('suid'); if (!parent::stopSUID()) { return false; } S::kill('suid'); S::kill('may_update'); S::kill('is_member'); S::set('perms', $suid['perms']); return true; } } // {{{ function may_update /** Return administration rights for the current asso * @param force Force administration rights to be read from database * @param lose Force administration rights to be false */ function may_update($force = false, $lose = false) { if (!isset($_SESSION['may_update'])) { $_SESSION['may_update'] = array(); } $may_update =& $_SESSION['may_update']; global $globals; $asso_id = $globals->asso('id'); if (!$asso_id) { return false; } elseif ($lose) { $may_update[$asso_id] = false; } elseif (S::admin() || (S::has('suid') && $force)) { $may_update[$asso_id] = true; } elseif (!isset($may_update[$asso_id]) || $force) { $res = XDB::query("SELECT perms FROM #groupex#.membres WHERE uid={?} AND asso_id={?}", S::v('uid'), $asso_id); $may_update[$asso_id] = ($res->fetchOneCell() == 'admin'); } return $may_update[$asso_id]; } // }}} // {{{ function is_member /** Get membership informations for the current asso * @param force Force membership to be read from database * @param lose Force membership to be false */ function is_member($force = false, $lose = false) { if (!isset($_SESSION['is_member'])) { $_SESSION['is_member'] = array(); } $is_member =& $_SESSION['is_member']; global $globals; $asso_id = $globals->asso('id'); if (!$asso_id) { return false; } elseif ($lose) { $is_member[$asso_id] = false; } elseif (S::has('suid') && $force) { $is_member[$asso_id] = true; } elseif (!isset($is_member[$asso_id]) || $force) { $res = XDB::query("SELECT COUNT(*) FROM #groupex#.membres WHERE uid={?} AND asso_id={?}", S::v('uid'), $asso_id); $is_member[$asso_id] = ($res->fetchOneCell() == 1); } return $is_member[$asso_id]; } // }}} // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: ?>