<?php
/***************************************************************************
- * Copyright (C) 2003-2006 Polytechnique.org *
+ * Copyright (C) 2003-2008 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************/
-require_once('platal/session.inc.php');
-
-// {{{ class XorgSession
-
-class XnetSession
+class XnetSession extends PlSession
{
- var $challenge;
-
- // {{{ function XnetSession()
-
- function XnetSession()
+ public function __construct()
{
- $this->challenge = md5(uniqid(rand(), 1));
+ parent::__construct();
+ S::bootstrap('perms_backup', new PlFlagSet());
}
- // }}}
- // {{{ function init
-
- function init() {
- global $globals;
+ public function startAvailableAuth()
+ {
+ if (!(S::v('perms') instanceof PlFlagSet)) {
+ S::set('perms', S::v('perms_backup'));
+ }
- @session_start();
- if (!Session::has('session')) {
- $_SESSION['session'] = new XnetSession;
+ if (!S::logged() && Get::has('auth')) {
+ if (!$this->start(AUTH_MDP)) {
+ return false;
+ }
}
- if (!logged()) {
- // prevent connexion to be linked to deconnexion
+
+ global $globals;
+ if (!S::logged()) {
+ // prevent connection to be linked to disconnection
if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false)
$returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
else
$returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
- $url = "https://www.polytechnique.org/auth-groupex.php";
+ $url = "https://www.polytechnique.org/auth-groupex";
$url .= "?session=" . session_id();
- $url .= "&challenge=" . $_SESSION['session']->challenge;
- $url .= "&pass=" . md5($_SESSION['session']->challenge . $globals->xnet->secret);
+ $url .= "&challenge=" . S::v('challenge');
+ $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
$url .= "&url=".urlencode($returl);
- $_SESSION['session']->loginX = $url;
+ S::set('loginX', $url);
}
+
+ if (S::logged() && $globals->asso()) {
+ $perms = S::v('perms');
+ $perms->rmFlag('groupadmin');
+ $perms->rmFlag('groupmember');
+ $perms->rmFlag('groupannu');
+ if (may_update()) {
+ $perms->addFlag('groupadmin');
+ $perms->addFlag('groupmember');
+ $perms->addFlag('groupannu');
+ }
+ if (is_member()) {
+ $perms->addFlag('groupmember');
+ if ($globals->asso('pub') != 'private') {
+ $perms->addFlag('groupannu');
+ }
+ }
+ if ($globals->asso('cat') == 'Promotions') {
+ $perms->addFlag('groupannu');
+ }
+ S::set('perms', $perms);
+ S::set('perms_backup', $perms);
+ }
+ return true;
}
-
- // }}}
- // {{{ function destroy()
-
- function destroy() {
- @session_destroy();
- unset($_SESSION);
- XnetSession::init();
- }
-
- // }}}
- // {{{ function doAuth()
-
- /** Try to do an authentication.
- *
- * @param page the calling page (by reference)
- */
- function doAuth(&$page)
+
+ protected function doAuth($level)
{
- global $globals;
- if (identified()) { // ok, c'est bon, on n'a rien à faire
- return true;
- }
-
- if (Get::has('auth')) {
- return $this->doAuthX($page);
- } elseif (Post::has('challenge') && Post::has('username') && Post::has('response')) {
- return $this->doAuthOther($page);
- } else {
- $this->doLogin($page);
+ if (S::identified()) { // ok, c'est bon, on n'a rien à faire
+ return S::i('uid');
+ }
+ if (!Get::has('auth')) {
+ return null;
+ }
+ global $globals;
+ if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
+ return null;
}
+ Get::kill('auth');
+ S::set('auth', AUTH_MDP);
+ return Get::i('uid');
}
- // }}}
- // {{{ doAuthX
-
- function doAuthX(&$page) {
+ protected function startSessionAs($user, $level)
+ {
global $globals;
- if (md5('1'.$this->challenge.$globals->xnet->secret.Get::getInt('uid').'1') != Get::get('auth')) {
- $page->kill("Erreur d'authentification avec polytechnique.org !");
+ if ($level == -1) {
+ S::set('auth', AUTH_MDP);
}
-
- $res = $globals->xdb->query("
- SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
- a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
- FROM auth_user_md5 AS u
- INNER JOIN auth_user_quick AS q USING(user_id)
- INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
- INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
- WHERE u.user_id = {?} AND u.perms IN('admin','user')
- LIMIT 1", Get::getInt('uid'));
- $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
- $_SESSION['auth'] = AUTH_MDP;
- unset($this->challenge);
- unset($this->loginX);
- Get::kill('auth');
+ $res = XDB::query('SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET(\'femme\', u.flags) AS femme,
+ a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
+ FROM auth_user_md5 AS u
+ INNER JOIN auth_user_quick AS q USING(user_id)
+ INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\')
+ INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET(\'bestalias\', a2.flags))
+ WHERE u.user_id = {?} AND u.perms IN(\'admin\', \'user\')
+ LIMIT 1', $user);
+ $sess = $res->fetchOneAssoc();
+ $perms = $sess['perms'];
+ unset($sess['perms']);
+ $_SESSION = array_merge($_SESSION, $sess);
+ $this->makePerms($perms);
+ S::kill('challenge');
+ S::kill('loginX');
+ S::kill('may_update');
+ S::kill('is_member');
Get::kill('uid');
+ Get::kill('PHPSESSID');
+
$args = array();
- foreach($_GET as $key=>$val) {
- $args[] = urlencode($key).'='.urlencode($val);
+ foreach($_GET as $key => $val) {
+ $args[] = urlencode($key). '=' .urlencode($val);
}
- redirect($_SERVER['PHP_SELF'] . '?' . join('&', $args));
+ return true;
}
- // }}}
- // {{{ doAuthOther
-
- function doAuthOther(&$page) {
- if (Post::has('challenge') && Post::has('username') && Post::has('response')) {
- $username = Post::get('username');
+ public function doSelfSuid()
+ {
+ if (!$this->startSUID(S::i('uid'))) {
+ return false;
}
- $this->doLogin($page);
+ $this->makePerms('user');
+ return true;
}
- // }}}
- // {{{ doLogin
+ public function stopSUID()
+ {
+ $suid = S::v('suid');
+ if (!parent::stopSUID()) {
+ return false;
+ }
+ S::kill('suid');
+ S::kill('may_update');
+ S::kill('is_member');
+ S::set('perms', $suid['perms']);
+ S::set('perms_backup', $suid['perms_backup']);
+ return true;
+ }
- function doLogin(&$page) {
- redirect($_SESSION['session']->loginX);
+ public function makePerms($perm)
+ {
+ $flags = new PlFlagSet();
+ if ($perm == 'disabled' || $perm == 'ext') {
+ S::set('perms', $flags);
+ S::set('perms_backup', $flags);
+ return;
+ }
+ $flags->addFlag(PERMS_USER);
+ if ($perm == 'admin') {
+ $flags->addFlag(PERMS_ADMIN);
+ }
+ S::set('perms', $flags);
+ S::set('perms_backup', $flags);
}
- // }}}
+ public function sureLevel()
+ {
+ return AUTH_MDP;
+ }
}
-// }}}
-// {{{ may_update
+// {{{ function may_update
+
+/** Return administration rights for the current asso
+ * @param force Force administration rights to be read from database
+ * @param lose Force administration rights to be false
+ */
+function may_update($force = false, $lose = false)
+{
+ if (!isset($_SESSION['may_update'])) {
+ $_SESSION['may_update'] = array();
+ }
+ $may_update =& $_SESSION['may_update'];
-function may_update() {
global $globals;
- if (!$globals->asso('id')) { return false; }
- if (has_perms()) { return true; }
- $res = $globals->xdb->query(
- "SELECT perms
- FROM groupex.membres
- WHERE uid={?} AND asso_id={?}", Session::getInt('uid'), $globals->asso('id'));
- return $res->fetchOneCell() == 'admin';
+ $asso_id = $globals->asso('id');
+ if (!$asso_id) {
+ return false;
+ } elseif ($lose) {
+ $may_update[$asso_id] = false;
+ } elseif (S::has_perms() || (S::has('suid') && $force)) {
+ $may_update[$asso_id] = true;
+ } elseif (!isset($may_update[$asso_id]) || $force) {
+ $res = XDB::query("SELECT perms
+ FROM groupex.membres
+ WHERE uid={?} AND asso_id={?}",
+ S::v('uid'), $asso_id);
+ $may_update[$asso_id] = ($res->fetchOneCell() == 'admin');
+ }
+ return $may_update[$asso_id];
}
// }}}
-// {{{ is_member
+// {{{ function is_member
+
+/** Get membership informations for the current asso
+ * @param force Force membership to be read from database
+ * @param lose Force membership to be false
+ */
+function is_member($force = false, $lose = false)
+{
+ if (!isset($_SESSION['is_member'])) {
+ $_SESSION['is_member'] = array();
+ }
+ $is_member =& $_SESSION['is_member'];
-function is_member() {
global $globals;
$asso_id = $globals->asso('id');
- if (!$asso_id) { return false; }
- static $is_member;
- if (!$is_member) $is_member = array();
- if (!isset($is_member[$asso_id]))
- {
- $res = $globals->xdb->query(
- "SELECT COUNT(*)
- FROM groupex.membres
- WHERE uid={?} AND asso_id={?}",
- Session::getInt('uid'), $asso_id);
- $is_member[$asso_id] = $res->fetchOneCell() == 1;
+ if (!$asso_id) {
+ return false;
+ } elseif ($lose) {
+ $is_member[$asso_id] = false;
+ } elseif (S::has('suid') && $force) {
+ $is_member[$asso_id] = true;
+ } elseif (!isset($is_member[$asso_id]) || $force) {
+ $res = XDB::query("SELECT COUNT(*)
+ FROM groupex.membres
+ WHERE uid={?} AND asso_id={?}",
+ S::v('uid'), $asso_id);
+ $is_member[$asso_id] = ($res->fetchOneCell() == 1);
}
return $is_member[$asso_id];
}
// }}}
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
projects / platal.git / blobdiff