X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxnetsession.php;h=cb125d5fafcebd4e43a11f7c802e6a32b563795d;hb=d2100923749766ffcf61745b0145cf82a3886716;hp=068e6b28c3094205f69995790341a1ea584705ed;hpb=ea74d2785d9c1ff5571ebf2f73c89cbf19c8dd07;p=platal.git diff --git a/classes/xnetsession.php b/classes/xnetsession.php index 068e6b2..cb125d5 100644 --- a/classes/xnetsession.php +++ b/classes/xnetsession.php @@ -1,6 +1,6 @@ S::i('uid'))); } if (!Get::has('auth')) { return null; @@ -87,25 +87,25 @@ class XnetSession extends XorgSession } Get::kill('auth'); S::set('auth', AUTH_MDP); - return Get::i('uid'); + return User::getSilentWithValues(null, array('user_id' => Get::i('uid'))); } protected function startSessionAs($user, $level) { - if ($level == -1) { + if ($level == AUTH_SUID) { S::set('auth', AUTH_MDP); } - $res = XDB::query("SELECT u.user_id AS uid, u.hruid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme, - q.core_mail_fmt AS mail_fmt, q.core_rss_hash - FROM auth_user_md5 AS u - INNER JOIN auth_user_quick AS q USING(user_id) - WHERE u.user_id = {?} AND u.perms IN('admin', 'user') - LIMIT 1", $user); + $res = XDB::query("SELECT a.uid, a.hruid, a.display_name, a.full_name, + a.sex = 'female' AS femme, + a.email_format, a.token, + at.perms, a.is_admin + FROM accounts AS a + INNER JOIN account_types AS at ON (at.type = a.type) + WHERE a.uid = {?} AND a.state = 'active' + LIMIT 1", $user->id()); $sess = $res->fetchOneAssoc(); - $perms = $sess['perms']; - unset($sess['perms']); $_SESSION = array_merge($_SESSION, $sess); - S::set('perms', User::makePerms($perms)); + $this->makePerms(S::s('perms'), S::b('is_admin')); S::kill('challenge'); S::kill('loginX'); S::kill('may_update'); @@ -122,7 +122,8 @@ class XnetSession extends XorgSession public function doSelfSuid() { - if (!$this->startSUID(S::i('uid'))) { + $user =& S::user(); + if (!$this->startSUID($user)) { return false; } S::set('perms', User::makePerms('user')); @@ -131,14 +132,13 @@ class XnetSession extends XorgSession public function stopSUID() { - $suid = S::v('suid'); + $perms = S::suid('perms'); if (!parent::stopSUID()) { return false; } - S::kill('suid'); S::kill('may_update'); S::kill('is_member'); - S::set('perms', $suid['perms']); + S::set('perms', $perms); return true; } } @@ -162,7 +162,7 @@ function may_update($force = false, $lose = false) return false; } elseif ($lose) { $may_update[$asso_id] = false; - } elseif (S::has_perms() || (S::has('suid') && $force)) { + } elseif (S::admin() || (S::suid() && $force)) { $may_update[$asso_id] = true; } elseif (!isset($may_update[$asso_id]) || $force) { $res = XDB::query("SELECT perms @@ -194,7 +194,7 @@ function is_member($force = false, $lose = false) return false; } elseif ($lose) { $is_member[$asso_id] = false; - } elseif (S::has('suid') && $force) { + } elseif (S::suid() && $force) { $is_member[$asso_id] = true; } elseif (!isset($is_member[$asso_id]) || $force) { $res = XDB::query("SELECT COUNT(*)