X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fs.php;h=e14c440b2c35278484ce5e872893e8ef2eeb5ae8;hb=7c8d7022042ef34cbf8c16531a3b5eaecf46bfd2;hp=338a437ea5840e40500ba7c51ae9a14a5e10546e;hpb=756ff73fbb0cdd01cce2eda27ba18e1cc99bd735;p=platal.git diff --git a/classes/s.php b/classes/s.php index 338a437..e14c440 100644 --- a/classes/s.php +++ b/classes/s.php @@ -19,7 +19,124 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -class S extends Session { +class S +{ + /** Set a constructor because this is called prior to S::s(), so we can + * define S::s() for other usages. + */ + private function __construct() + { + assert(false); + } + + public static function has($key) + { + return isset($_SESSION[$key]); + } + + public static function kill($key) + { + unset($_SESSION[$key]); + } + + public static function v($key, $default = null) + { + return isset($_SESSION[$key]) ? $_SESSION[$key] : $default; + } + + public static function s($key, $default = '') + { + return (string)S::v($key, $default); + } + + public static function i($key, $default = 0) + { + $i = S::v($key, $default); + return is_numeric($i) ? intval($i) : $default; + } + + public static function l(array $keys) + { + return array_map(array('S', 'v'), $keys); + } + + public static function set($key, $value) + { + $_SESSION[$key] =& $value; + } + + public static function bootstrap($key, $value) + { + if (!S::has($key)) { + S::set($key, $value); + } + } + + public static function logger($uid = null) + { + $uid = S::i('uid', $uid); + if (!S::has('log') || !S::v('log')->isValid($uid)) { + if (S::has('suid')) { + $suid = S::v('suid'); + S::set('log', PlLogger::get(S::i('uid', $uid), $suid['uid'])); + } else if (S::has('uid') || $uid) { + S::set('log', PlLogger::get(S::i('uid', $uid))); + } else { + S::set('log', PlLogger::dummy($uid)); + } + } + return S::v('log'); + } + + /** User object storage and accessor. The user object (an instance of the + * local subclass of PlUser) is currently stored as a S class variable, and + * not as a session variable, so as to avoid bloating the global on-disk + * session. + * TODO: When all the codebase will use S::user() as the only source for + * user ids, fullname/displayname, and forlife/bestalias, S::$user should + * move into the php session (and data it helds should be removed from + * the php session). */ + private static $user = null; + public static function &user() + { + if (self::$user == null && class_exists('User')) { + self::$user = User::getSilentWithValues(S::i('uid'), $_SESSION); + } + return self::$user; + } + + public static function has_perms() + { + return Platal::session()->checkPerms(PERMS_ADMIN); + } + + public static function logged() + { + return S::i('auth', AUTH_PUBLIC) >= Platal::session()->loggedLevel(); + } + + public static function identified() + { + return S::i('auth', AUTH_PUBLIC) >= Platal::session()->sureLevel(); + } + + // Anti-XSRF protections. + public static function has_xsrf_token() + { + return S::has('xsrf_token') && S::v('xsrf_token') == Env::v('token'); + } + + public static function assert_xsrf_token() + { + if (!S::has_xsrf_token()) { + Platal::page()->kill('L\'opération n\'a pas pu aboutir, merci de réessayer.'); + } + } + + public static function rssActivated() + { + return S::has('core_rss_hash') && S::v('core_rss_hash'); + } } // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: