X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxnetsession.php;h=b7a8c1fcf734000cce971f39bb5338982499054d;hb=bfe9f4c752e8889ab5a269bddd27ea43b31d567e;hp=74648cfcfc5f31704e32277530b21a3ed00ce701;hpb=8d84c630f353ef0534e02325507ed35cc2f0d28f;p=platal.git diff --git a/classes/xnetsession.php b/classes/xnetsession.php index 74648cf..b7a8c1f 100644 --- a/classes/xnetsession.php +++ b/classes/xnetsession.php @@ -1,6 +1,6 @@ start(AUTH_MDP)) { + if (!$this->start(AUTH_PASSWD)) { return false; } } global $globals; - if (!S::logged()) { + if (!S::logged() && $globals->xnet->auth_baseurl) { // prevent connection to be linked to disconnection if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false) $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i); else $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}"; - $url = "https://www.polytechnique.org/auth-groupex"; + $url = $globals->xnet->auth_baseurl; $url .= "?session=" . session_id(); $url .= "&challenge=" . S::v('challenge'); $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret); @@ -64,6 +64,8 @@ class XnetSession extends XorgSession if ($globals->asso('pub') != 'private') { $perms->addFlag('groupannu'); } + } else if ($globals->asso('pub') == 'public') { + $perms->addFlag('groupannu'); } if ($globals->asso('cat') == 'Promotions') { $perms->addFlag('groupannu'); @@ -75,8 +77,8 @@ class XnetSession extends XorgSession protected function doAuth($level) { - if (S::identified()) { // ok, c'est bon, on n'a rien à faire - return S::i('uid'); + if (S::identified()) { // Nothing to do there + return User::getSilentWithValues(null, array('uid' => S::i('uid'))); } if (!Get::has('auth')) { return null; @@ -86,26 +88,35 @@ class XnetSession extends XorgSession return null; } Get::kill('auth'); - S::set('auth', AUTH_MDP); - return Get::i('uid'); + S::set('auth', AUTH_PASSWD); + return User::getSilentWithValues(null, array('uid' => Get::i('uid'))); } protected function startSessionAs($user, $level) { - if ($level == -1) { - S::set('auth', AUTH_MDP); + // The user must have 'groups' permission to access X.net + if (!$user->checkPerms('groups')) { + return false; + } + + if ($level == AUTH_SUID) { + S::set('auth', AUTH_PASSWD); } - $res = XDB::query("SELECT u.user_id AS uid, u.hruid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme, - q.core_mail_fmt AS mail_fmt, q.core_rss_hash - FROM auth_user_md5 AS u - INNER JOIN auth_user_quick AS q USING(user_id) - WHERE u.user_id = {?} AND u.perms IN('admin', 'user') - LIMIT 1", $user); - $sess = $res->fetchOneAssoc(); - $perms = $sess['perms']; - unset($sess['perms']); - $_SESSION = array_merge($_SESSION, $sess); - S::set('perms', User::makePerms($perms)); + + S::set('uid', $user->uid); + S::set('hruid', $user->hruid); + + // XXX: Transition code, should not be in session anymore + S::set('display_name', $user->display_name); + S::set('full_name', $user->full_name); + S::set('femme', $user->isFemale()); + S::set('email_format', $user->email_format); + S::set('token', $user->token); + S::set('perms', $user->perms); + S::set('is_admin', $user->is_admin); + + // Add the 'user' perms to the user. + $this->makePerms($user->perms . ',' . PERMS_USER, $user->is_admin); S::kill('challenge'); S::kill('loginX'); S::kill('may_update'); @@ -122,23 +133,23 @@ class XnetSession extends XorgSession public function doSelfSuid() { - if (!$this->startSUID(S::i('uid'))) { + $user =& S::user(); + if (!$this->startSUID($user)) { return false; } - S::set('perms', User::makePerms('user')); + S::set('perms', User::makePerms(PERMS_USER . ",groups")); return true; } public function stopSUID() { - $suid = S::v('suid'); + $perms = S::suid('perms'); if (!parent::stopSUID()) { return false; } - S::kill('suid'); S::kill('may_update'); S::kill('is_member'); - S::set('perms', $suid['perms']); + S::set('perms', $perms); return true; } } @@ -162,11 +173,11 @@ function may_update($force = false, $lose = false) return false; } elseif ($lose) { $may_update[$asso_id] = false; - } elseif (S::has_perms() || (S::has('suid') && $force)) { + } elseif (S::admin() || (S::suid() && $force)) { $may_update[$asso_id] = true; } elseif (!isset($may_update[$asso_id]) || $force) { $res = XDB::query("SELECT perms - FROM groupex.membres + FROM group_members WHERE uid={?} AND asso_id={?}", S::v('uid'), $asso_id); $may_update[$asso_id] = ($res->fetchOneCell() == 'admin'); @@ -194,11 +205,11 @@ function is_member($force = false, $lose = false) return false; } elseif ($lose) { $is_member[$asso_id] = false; - } elseif (S::has('suid') && $force) { + } elseif (S::suid() && $force) { $is_member[$asso_id] = true; } elseif (!isset($is_member[$asso_id]) || $force) { $res = XDB::query("SELECT COUNT(*) - FROM groupex.membres + FROM group_members WHERE uid={?} AND asso_id={?}", S::v('uid'), $asso_id); $is_member[$asso_id] = ($res->fetchOneCell() == 1);