<?php
/***************************************************************************
- * Copyright (C) 2003-2008 Polytechnique.org *
+ * Copyright (C) 2003-2009 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
private function tryCookie()
{
S::kill('auth_by_cookie');
- if (Cookie::v('ORGaccess') == '' || !Cookie::has('ORGuid')) {
+ if (Cookie::v('access') == '' || !Cookie::has('uid')) {
return -1;
}
$res = XDB::query('SELECT user_id, password
FROM auth_user_md5
WHERE user_id = {?} AND perms IN(\'admin\', \'user\')',
- Cookie::i('ORGuid'));
+ Cookie::i('uid'));
if ($res->numRows() != 0) {
list($uid, $password) = $res->fetchOneRow();
require_once 'secure_hash.inc.php';
$expected_value = hash_encrypt($password);
- if ($expected_value == Cookie::v('ORGaccess')) {
+ if ($expected_value == Cookie::v('access')) {
S::set('auth_by_cookie', $uid);
return 0;
} else {
}
}
if ($response != $expected_response) {
+ if (!S::logged()) {
+ Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
+ } else {
+ Platal::page()->trigError('Mot de passe invalide');
+ }
S::logger($uid)->log('auth_fail', 'bad password');
return null;
}
return $uid;
}
+ Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
return null;
}
if (!S::has('suid')) {
if (Post::has('domain')) {
if (($domain = Post::v('domain', 'login')) == 'alias') {
- setcookie('ORGdomain', "alias", (time() + 25920000), '/', '', 0);
+ Cookie::set('domain', 'alias', 300);
} else {
- setcookie('ORGdomain', '', (time() - 3600), '/', '', 0);
+ Cookie::kill('domain');
}
- // pour que la modification soit effective dans le reste de la page
- $_COOKIE['ORGdomain'] = $domain;
}
}
S::kill('challenge');
}
if ($level == AUTH_SUID) {
S::set('auth', AUTH_MDP);
- unset($_SESSION['log']);
}
// Retrieves main user properties.
FROM auth_user_md5 AS u
INNER JOIN auth_user_quick AS q USING(user_id)
LEFT JOIN gapps_accounts AS g ON (u.user_id = g.l_userid AND g.g_status = 'active')
- LEFT JOIN logger.last_sessions AS ls ON (ls.uid = u.user_id)
- LEFT JOIN logger.sessions AS s ON(s.id = ls.id)
+ LEFT JOIN #logger#.last_sessions AS ls ON (ls.uid = u.user_id)
+ LEFT JOIN #logger#.sessions AS s ON(s.id = ls.id)
WHERE u.user_id = {?} AND u.perms IN('admin', 'user')", $uid);
+ if ($res->numRows() != 1) {
+ return false;
+ }
+
$sess = $res->fetchOneAssoc();
$perms = $sess['perms'];
unset($sess['perms']);
} else {
$logger = S::logger($uid);
$logger->saveLastSession();
- setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0);
+ Cookie::set('uid', $uid, 300);
if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') {
- $cookie = hash_encrypt($sess['password']);
- setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0);
- if (S::i('auth_by_cookie') != $uid) {
- $logger->log("cookie_on");
- }
+ $this->setAccessCookie(false, S::i('auth_by_cookie') != $uid);
} else {
- setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
- $logger->log("cookie_off");
+ $this->killAccessCookie();
}
}
return true;
}
- /** Start a session without authentication data for the given user.
- * This is used to identify the user after his registration, to be
- * removed after rewriting registration procedure.
- * XXX: Temporary
- */
- public function startWeakSession($user)
- {
- if (!$this->startSessionAs($user, AUTH_MDP)) {
- $this->destroy();
- return false;
- }
- S::set('auth', AUTH_MDP);
- return true;
- }
-
private function securityChecks()
{
$mail_subject = array();
return null;
}
- public function makePerms($perm)
+ protected function makePerms($perm, $is_admin)
{
$flags = new PlFlagSet();
if ($perm == 'disabled' || $perm == 'ext') {
$n = select_notifs(false, S::i('uid'), S::v('watch_last'), false);
S::set('notifs', $n->numRows());
}
+
+ public function setAccessCookie($replace = false, $log = true) {
+ if (S::has('suid') || ($replace && !Cookie::blank('access'))) {
+ return;
+ }
+ require_once('secure_hash.inc.php');
+ Cookie::set('access', hash_encrypt(S::v('password')), 300, true);
+ if ($log) {
+ S::logger()->log('cookie_on');
+ }
+ }
+
+ public function killAccessCookie($log = true) {
+ Cookie::kill('access');
+ if ($log) {
+ S::logger()->log('cookie_off');
+ }
+ }
+
+ public function killLoginFormCookies() {
+ Cookie::kill('uid');
+ Cookie::kill('domain');
+ }
}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: