<?php
-require_once dirname(__FILE__) . '/../../inc/core/class.dc.auth.php';
-
class xorgAuth extends dcAuth {
- private $forceSU = false;
-
public $xorg_infos = array('forlife' => null,
'prenom' => null,
'nom' => null);
parent::__construct($core);
}
- private function buildFromSession() {
+ public function buildFromSession() {
global $core;
+ @header('Last-Modified:');
if (!isset($core) || !isset($core->session)) {
return;
}
$core->session->start();
- if (@$_SESSION['auth-xorg'] && is_null($this->xorg_infos['forlife'])) {
+ $user = @$_SESSION['auth-xorg'];
+ if ($user && is_null($this->xorg_infos['forlife'])) {
foreach ($this->xorg_infos as $key => $val) {
$this->xorg_infos[$key] = $_SESSION['auth-xorg-' . $key];
}
- $this->user_id = $_SESSION['auth-xorg'];
+ $this->user_id = $user;
+ parent::checkUser($this->user_id);
+ if (isset($core->blog)) {
+ $this->sudo(array($this, 'updateUserPerms'));
+ }
}
}
- public function checkUser($user_id, $pwd = null, $user_key = null) {
- return $this->callXorg() && $user_id == $this->user_id;
-// echo "checking auth for " . $user_id;
-// return parent::checkUser($user_id, $pwd, $user_key);
+ public function createUser() {
+ global $core;
+ if (!$core->userExists($_SESSION['auth-xorg'])) {
+ $cur = new cursor($this->con, 'dc_user');
+ $cur->user_id = $_SESSION['auth-xorg'];
+ $cur->user_pwd = md5(rand());
+ $cur->user_lang = 'fr';
+ $cur->user_name = $_SESSION['auth-xorg-nom'];
+ $cur->user_firstname = $_SESSION['auth-xorg-prenom'];
+ $cur->user_displayname = $cur->user_firstname . ' ' . $cur->user_name;
+ $cur->user_email = $_SESSION['auth-xorg'] . '@polytechnique.org';
+ $cur->user_options = $core->userDefaults();
+ $cur->user_options['post_xorg_perms'] = 'public';
+ $cur->user_default_blog = 'default'; // FIXME
+ $core->addUser($cur);
+ }
}
- public function check($permissions, $blog_id) {
- $this->buildFromSession();
- return true;
-// echo "Checking right to view $permissions on $blog_id";
-// return parent::check($permissions, $blog_id);
+ private function updateUserPerms() {
+ global $core;
+ $core->setUserBlogPermissions($_SESSION['auth-xorg'],
+ $core->blog->id,
+ array('usage' => true,
+ 'contentadmin' => true,
+ 'admin' => true));
}
+
+ /** Xorg SSO API */
+
public function callXorg($path = null) {
if (is_null($path)) {
$path = $_SERVER['REQUEST_URI'];
if (@$_SESSION['auth-xorg']) {
return true;
}
+ global $core;
+
+ if (!$this->sessionExists()) {
+ session_write_close();
+ header("Location: " . $core->blog->url . 'auth/Xorg?path=' . $path);
+ exit;
+ }
+
$_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1));
$url = "https://www.polytechnique.org/auth-groupex/utf8";
$url .= "?session=" . session_id();
$url .= "&challenge=" . $_SESSION["auth-x-challenge"];
$url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY);
- $url .= "&url=http://murphy.m4x.org/~x2003bruneau/dotclear/auth/XorgReturn" . urlencode("?path=" . $path);
+ $url .= "&url=" . urlencode($core->blog->url . "auth/XorgReturn?path=" . $path);
session_write_close();
header("Location: $url");
exit;
}
- private function acquireAdminRights() {
- $this->forceSU = true;
- }
-
- private function releaseAdminRights() {
- $this->forceSU = false;
- }
-
- private function createUser() {
- global $core;
- $this->acquireAdminRights();
- if (!$core->userExists($_SESSION['auth-xorg'])) {
- $cur = new cursor($this->con, 'dc_user');
- $cur->user_id = $_SESSION['auth-xorg'];
- $cur->user_pwd = md5(rand());
- $cur->user_lang = 'fr';
- $cur->user_name = $_SESSION['auth-xorg-nom'];
- $cur->user_firstname = $_SESSION['auth-xorg-prenom'];
- $cur->user_email = $_SESSION['auth-xorg'] . '@polytechnique.org';
- $core->addUser($cur);
- }
- $this->releaseAdminRights();
- }
-
public function returnXorg() {
if (!isset($_GET['auth'])) {
return false;
}
$params = '';
global $core;
+ $_COOKIE[DC_SESSION_NAME] = $_GET['PHPSESSID'];
+ unset($_GET['PHPSESSID']);
$core->session->start();
foreach($this->xorg_infos as $key => $val) {
if(!isset($_GET[$key])) {
$_SESSION['sess_user_id'] = $_SESSION['auth-xorg'] = $_GET['forlife'];
$_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
$_SESSION['sess_blog_id'] = 'default';
- $this->createUser();
+ $this->sudo(array($this, 'createUser'));
+ $path = $_GET['path'];
header("Location: http://murphy.m4x.org" . $_GET['path']);
exit;
}
global $core;
$core->session->start();
$core->session->destroy();
- header('Location: http://murphy.m4x.org/~x2003bruneau/dotclear/');
+ header('Location: ' . $core->blog->url);
exit;
}
+
+ /** Dotclear dcAuth API */
+
+ public function checkUser($user_id, $pwd = null, $user_key = null) {
+ return $this->callXorg();
+ }
+
+ public function check($permissions, $blog_id) {
+ $this->buildFromSession();
+ return parent::check($permissions, $blog_id);
+ }
+
+ public function checkPassword($pwd) {
+ $this->buildFromSession();
+ return !empty($this->user_id);
+ }
+
public function allowPassChange() {
return false;
}
public function userID() {
$this->buildFromSession();
- return $this->user_id;
+ return parent::userID();
}
public function getPermissions() {
- return array('default' => array('name' => 'My first blog',
- 'url' => 'http://murphy.m4x.org/~x2003bruneau/dotclear/',
- 'permissions' => array('usage' => true,
- 'contentadmin' => true,
- 'admin' => true)));
+ $this->buildFromSession();
+ return parent::getPermissions();
}
public function getInfo($n) {
- switch ($n) {
- case 'user_lang':
- return "fr";
- case 'user_default_blog':
- return 'default';
- case 'user_post_status':
- return 1;
- case 'user_tz':
- return 'UTC';
- }
- echo "$n ";
- return null;
+ $this->buildFromSession();
+ return parent::getInfo($n);
+ }
+
+ public function getOption($n) {
+ $this->buildFromSession();
+ return parent::getOption($n);
}
public function isSuperAdmin() {
- return $this->forceSU;
+ return parent::isSuperAdmin() || ($this->user_id == 'florent.bruneau.2003');
+ }
+
+ public function getOptions() {
+ $this->buildFromSession();
+ return parent::getOptions();
+ }
+
+ public function authForm() {
+ global $core;
+ $path = "http://murphy.m4x.org/~x2003bruneau/dotclear/";
+ return '<fieldset>'.
+ '<p><a href="' . $path . 'auth/Xorg?path=/~x2003bruneau/dotclear/admin/index.php">Via Polytechnique.org</a></p>' .
+ '<p><a href="' . $path . 'admin/auth.php">Via le formulaire</a></p>' .
+ '</fieldset>'.
+ '<p>'.__('You must accept cookies in order to use the private area.').'</p>';
}
}