X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;ds=sidebyside;f=core%2Finclude%2Fmisc.inc.php;fp=include%2Fxorg.misc.inc.php;h=3cd88c876184cb5c2b346ec60cfaf12814f19bc5;hb=f70f2bcdc077c220e40ecebaf569e097f6028743;hp=dd3c70f15cb14f9d0e24ff0847dce0b27b5e5ea3;hpb=91ebb7ff6485f03fcccfdf2142e997e44ee399b2;p=platal.git diff --git a/include/xorg.misc.inc.php b/core/include/misc.inc.php similarity index 73% rename from include/xorg.misc.inc.php rename to core/include/misc.inc.php index dd3c70f..3cd88c8 100644 --- a/include/xorg.misc.inc.php +++ b/core/include/misc.inc.php @@ -254,123 +254,5 @@ function uint_to_ip($uint) return long2ip($uint); } - -/****************************************************************************** - * Security functions - *****************************************************************************/ - -function check_ip($level) -{ - if (empty($_SERVER['REMOTE_ADDR'])) { - return false; - } - if (empty($_SESSION['check_ip'])) { - $ips = array(); - if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { - $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); - } - $ips[] = $_SERVER['REMOTE_ADDR']; - foreach ($ips as &$ip) { - $ip = '(ip & mask) = (' . ip_to_uint($ip) . '& mask)'; - } - $res = XDB::query('SELECT state, description - FROM ip_watch - WHERE ' . implode(' OR ', $ips) . ' - ORDER BY state DESC'); - if ($res->numRows()) { - $state = $res->fetchOneAssoc(); - $_SESSION['check_ip'] = $state['state']; - $_SESSION['check_ip_desc'] = $state['description']; - } else { - $_SESSION['check_ip'] = 'safe'; - } - } - $test = array(); - switch ($level) { - case 'unsafe': $test[] = 'unsafe'; - case 'dangerous': $test[] = 'dangerous'; - case 'ban': $test[] = 'ban'; break; - default: return false; - } - return in_array($_SESSION['check_ip'], $test); -} - -function check_email($email, $message) -{ - $res = XDB::query("SELECT state, description - FROM emails_watch - WHERE state != 'safe' AND email = {?}", $email); - if ($res->numRows()) { - send_warning_mail($message); - return true; - } - return false; -} - -function check_account() -{ - return S::v('watch_account'); -} - -function check_redirect($red = null) -{ - require_once 'emails.inc.php'; - if (is_null($red)) { - $red = new Redirect(S::v('uid')); - } - if ($red->get_uid() == S::v('uid')) { - $_SESSION['no_redirect'] = !$red->other_active(''); - $_SESSION['mx_failures'] = $red->get_broken_mx(); - } -} - -function send_warning_mail($title) -{ - global $globals; - $mailer = new PlMailer(); - $mailer->setFrom("webmaster@" . $globals->mail->domain); - $mailer->addTo($globals->core->admin_email); - $mailer->setSubject("[Plat/al Security Alert] $title"); - $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" - ."Identifiants de connexion :\n" . var_export($_SERVER, true)); - $mailer->send(); -} - -function kill_sessions() -{ - assert(S::has_perms()); - shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); -} - - -/****************************************************************************** - * Dynamic configuration update/edition stuff - *****************************************************************************/ - -function update_NbIns() -{ - global $globals; - $res = XDB::query("SELECT COUNT(*) - FROM auth_user_md5 - WHERE perms IN ('admin','user') AND deces=0"); - $cnt = $res->fetchOneCell(); - $globals->changeDynamicConfig(array('NbIns' => $cnt)); -} - -function update_NbValid() -{ - global $globals; - $res = XDB::query("SELECT COUNT(*) - FROM requests"); - $globals->changeDynamicConfig(array('NbValid' => $res->fetchOneCell())); -} - -function update_NbNotifs() -{ - require_once 'notifs.inc.php'; - $n = select_notifs(false, S::i('uid'), S::v('watch_last'), false); - $_SESSION['notifs'] = $n->numRows(); -} - // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: ?>