<?php
/***************************************************************************
- * Copyright (C) 2003-2006 Polytechnique.org *
+ * Copyright (C) 2003-2008 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************/
-/* cree le champs "auth" renvoye au Groupe X */
-function gpex_make_auth($chlg, $privkey, $datafields) {
- global $globals;
- $fieldarr = explode(",",$datafields);
+function gpex_prepare_param($name, $val, &$to_hash, $charset)
+{
+ $val = iconv('UTF-8', $charset, $val);
+ $to_hash .= $val;
+ return '&' . $name . '=' . urlencode($val);
+}
+
+function gpex_make($chlg, $privkey, $datafields, $charset)
+{
$tohash = "1$chlg$privkey";
+ $params = "";
+ $fieldarr = explode(',', $datafields);
- $res = XDB::query("SELECT matricule, matricule_ax, promo,
- promo_sortie, flags, deces, nom,
- prenom, nationalite, section,
- naissance
- FROM auth_user_md5 WHERE user_id = {?}",
- Session::getInt('uid'));
+ $res = XDB::query("SELECT matricule, matricule_ax, promo,
+ promo_sortie, flags, deces, nom,
+ prenom, nationalite, section,
+ naissance
+ FROM auth_user_md5 WHERE user_id = {?}",
+ S::v('uid'));
$personnal_data = $res->fetchOneAssoc();
foreach ($fieldarr as $val) {
- /* on verifie qu'on n'a pas demandé une variable inexistante ! */
- if (Session::has($val)) {
- $tohash .= Session::get($val);
+ /* on verifie qu'on n'a pas demandÃ\83© une variable inexistante ! */
+ if (S::has($val)) {
+ $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
} else if (isset($personnal_data[$val])) {
- $tohash .= $personnal_data[$val];
+ $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
} else if ($val == 'username') {
- $res = XDB::query("SELECT alias FROM aliases
- WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
- Session::getInt('uid'));
+ $res = XDB::query("SELECT alias FROM aliases
+ WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
+ S::v('uid'));
$min_username = $res->fetchOneCell();
- $tohash .= $min_username;
+ $params .= gpex_prepare_param($val, $min_username, $tohash, $charset);
+ } else if ($val == 'grpauth') {
+ if (isset($_GET['group'])) {
+ $res = XDB::query("SELECT perms
+ FROM groupex.membres
+ INNER JOIN groupex.asso ON(id = asso_id)
+ WHERE uid = {?} AND diminutif = {?}",
+ S::v('uid'), $_GET['group']);
+ $perms = $res->fetchOneCell();
+ } else {
+ // if no group asked, return main rights
+ $perms = Session::has_perms()?'admin':'membre';
+ }
+ $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
}
}
$tohash .= "1";
- return md5($tohash);
+ $auth = md5($tohash);
+ return array($auth, "&auth=" . $auth . $params);
}
/* cree les parametres de l'URL de retour avec les champs demandes */
-function gpex_make_params($chlg, $privkey, $datafields) {
- global $globals;
- $params = "&auth=".gpex_make_auth($chlg, $privkey, $datafields);
-
- $res = XDB::query("SELECT matricule, matricule_ax, promo,
- promo_sortie, flags, deces, nom,
- prenom, nationalite, section,
- naissance
- FROM auth_user_md5 WHERE user_id = {?}",
- Session::getInt('uid'));
- $personnal_data = $res->fetchOneAssoc();
-
- $fieldarr = explode(",",$datafields);
-
- foreach ($fieldarr as $val) {
- if (Session::has($val)) {
- $tohash .= Session::get($val);
- } else if (isset($personnal_data[$val])) {
- $params .= "&$val=".$personnal_data[$val];
- } else if ($val == 'username') {
- $res = XDB::query("SELECT alias FROM aliases
- WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
- Session::getInt('uid'));
- $min_username = $res->fetchOneCell();
- $params .= "&$val=".$min_username;
- }
- }
- return $params;
+function gpex_make_params($chlg, $privkey, $datafields, $charset)
+{
+ list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset);
+ return $param;
}
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>