<?php
/***************************************************************************
- * Copyright (C) 2003-2007 Polytechnique.org *
+ * Copyright (C) 2003-2008 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
{
// {{{ function init
- public static function init() {
+ public static function init()
+ {
global $globals;
S::init();
$returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
else
$returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
- $url = "https://www.polytechnique.org/auth-groupex.php";
+ $url = "https://www.polytechnique.org/auth-groupex";
$url .= "?session=" . session_id();
$url .= "&challenge=" . S::v('challenge');
$url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
$url .= "&url=".urlencode($returl);
$_SESSION['loginX'] = $url;
}
+
+ if (S::logged() && $globals->asso()) {
+ $perms = S::v('perms');
+ $perms->rmFlag('groupadmin');
+ $perms->rmFlag('groupmember');
+ $perms->rmFlag('groupannu');
+ if (may_update()) {
+ $perms->addFlag('groupadmin');
+ $perms->addFlag('groupmember');
+ $perms->addFlag('groupannu');
+ }
+ if (is_member()) {
+ $perms->addFlag('groupmember');
+ if ($globals->asso('pub') != 'private') {
+ $perms->addFlag('groupannu');
+ }
+ }
+ if ($globals->asso('cat') == 'Promotions') {
+ $perms->addFlag('groupannu');
+ }
+ $_SESSION['perms'] = $perms;
+ }
}
// }}}
// }}}
// {{{ doAuthX
- public static function doAuthX() {
+ public static function doAuthX()
+ {
global $globals, $page;
if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
+ Get::kill('auth');
+ if (!$page) {
+ require_once 'xnet.inc.php';
+ new_skinned_page('platal/index.tpl');
+ }
$page->kill("Erreur d'authentification avec polytechnique.org !");
}
$res = XDB::query("
SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
- a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
+ u.hruid, a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
FROM auth_user_md5 AS u
INNER JOIN auth_user_quick AS q USING(user_id)
- INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
- INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
+ INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = 'a_vie')
+ INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags))
WHERE u.user_id = {?} AND u.perms IN('admin','user')
LIMIT 1", Get::i('uid'));
$_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
$_SESSION['auth'] = AUTH_MDP;
+ require_once 'xorg/session.inc.php';
+ $_SESSION['perms'] =& XorgSession::make_perms(S::v('perms'));
S::kill('challenge');
S::kill('loginX');
S::kill('may_update');
if (!S::has('suid')) {
$_SESSION['suid'] = $_SESSION;
}
- $_SESSION['perms'] = 'user';
+ require_once 'xorg/session.inc.php';
+ $_SESSION['perms'] =& XorgSession::make_perms('user');
}
// }}}
// {{{ killSuid
public static function killSuid()
- {
+ {
if (!S::has('suid')) {
return;
}
/** Get membership informations for the current asso
* @param force Force membership to be read from database
* @param lose Force membership to be false
- */
+ */
function is_member($force = false, $lose = false)
{
if (!isset($_SESSION['is_member'])) {