X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxnetsession.php;h=839abb21bf42cae21a5896e4f6b976d717f26a7d;hb=56081a9c7569245bf06ac582a7657d84c73dc839;hp=155b76527607e641aa4c60b80c78c3c55e9fe118;hpb=bb749d55509e1ea442cf67ad03975a2f4535aa90;p=platal.git

diff --git a/classes/xnetsession.php b/classes/xnetsession.php
index 155b765..839abb2 100644
--- a/classes/xnetsession.php
+++ b/classes/xnetsession.php
@@ -24,15 +24,10 @@ class XnetSession extends PlSession
     public function __construct()
     {
         parent::__construct();
-        S::bootstrap('perms_backup', new PlFlagSet());
     }
 
     public function startAvailableAuth()
     {
-        if (!(S::v('perms') instanceof PlFlagSet)) {
-            S::set('perms', S::v('perms_backup'));
-        }
-
         if (!S::logged() && Get::has('auth')) {
             if (!$this->start(AUTH_MDP)) {
                 return false;
@@ -74,7 +69,6 @@ class XnetSession extends PlSession
                 $perms->addFlag('groupannu');
             }
             S::set('perms', $perms);
-            S::set('perms_backup', $perms);
         }
         return true;
     }
@@ -117,7 +111,7 @@ class XnetSession extends PlSession
         $perms = $sess['perms'];
         unset($sess['perms']);
         $_SESSION = array_merge($_SESSION, $sess);
-        $this->makePerms($perms);
+        S::set('perms', User::makePerms($perms));
         S::kill('challenge');
         S::kill('loginX');
         S::kill('may_update');
@@ -132,12 +126,26 @@ class XnetSession extends PlSession
         return true;
     }
 
+    public function tokenAuth($login, $token)
+    {
+        $res = XDB::query('SELECT  u.hruid
+                             FROM  aliases         AS a
+                       INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
+                       INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
+                            WHERE  a.alias = {?} AND a.type != "homonyme"', $token, $login);
+        if ($res->numRows() == 1) {
+            $data = $res->fetchOneAssoc();
+            return new User($res->fetchOneCell());
+        }
+        return null;
+    }
+
     public function doSelfSuid()
     {
         if (!$this->startSUID(S::i('uid'))) {
             return false;
         }
-        $this->makePerms('user');
+        S::set('perms', User::makePerms('user'));
         return true;
     }
 
@@ -151,7 +159,6 @@ class XnetSession extends PlSession
         S::kill('may_update');
         S::kill('is_member');
         S::set('perms', $suid['perms']);
-        S::set('perms_backup', $suid['perms_backup']);
         return true;
     }
 
@@ -160,7 +167,6 @@ class XnetSession extends PlSession
         $flags = new PlFlagSet();
         if ($perm == 'disabled' || $perm == 'ext') {
             S::set('perms', $flags);
-            S::set('perms_backup', $flags);
             return;
         }
         $flags->addFlag(PERMS_USER);
@@ -168,7 +174,11 @@ class XnetSession extends PlSession
             $flags->addFlag(PERMS_ADMIN);
         }
         S::set('perms', $flags);
-        S::set('perms_backup', $flags);
+    }
+
+    public function loggedLevel()
+    {
+        return AUTH_COOKIE;
     }
 
     public function sureLevel()