X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxorgsession.php;h=025af61ca1e035d122d9807ff24137e841a3829f;hb=343e22c25d384cb09e5cdc77bb861fcf6c60a653;hp=7c764334dee8c809b766e8ae361ba60225873a8e;hpb=2925df1bd6cb08c1f29822019fcb82e59f63f8a3;p=platal.git

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index 7c76433..025af61 100644
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -24,19 +24,15 @@ class XorgSession extends PlSession
     public function __construct()
     {
         parent::__construct();
-        S::bootstrap('perms_backup', new PlFlagSet());
     }
 
     public function startAvailableAuth()
     {
-        if (!(S::v('perms') instanceof PlFlagSet)) {
-            S::set('perms', S::v('perms_backup'));
-        }
         if (!S::logged()) {
             $cookie = $this->tryCookie();
             if ($cookie == 0) {
                 return $this->start(AUTH_COOKIE);
-            } else if ($cookie == 1 || $cooke == -2) {
+            } else if ($cookie == 1 || $cookie == -2) {
                 return false;
             }
         }
@@ -184,6 +180,8 @@ class XorgSession extends PlSession
             S::set('auth', AUTH_COOKIE);
         }
         unset($_SESSION['log']);
+
+        // Retrieves main user properties.
         $res  = XDB::query('SELECT  u.user_id AS uid, prenom, prenom_ini, nom, nom_ini, nom_usage, perms, promo, promo_sortie,
                                     matricule, password, FIND_IN_SET(\'femme\', u.flags) AS femme,
                                     a.alias AS forlife, a2.alias AS bestalias,
@@ -198,6 +196,8 @@ class XorgSession extends PlSession
         $sess = $res->fetchOneAssoc();
         $perms = $sess['perms'];
         unset($sess['perms']);
+
+        // Retrieves account usage information (last login, last host).
         $res = XDB::query('SELECT  UNIX_TIMESTAMP(s.start) AS lastlogin, s.host
                              FROM  logger.sessions AS s
                             WHERE  s.uid = {?} AND s.suid = 0
@@ -206,20 +206,23 @@ class XorgSession extends PlSession
         if ($res->numRows()) {
             $sess = array_merge($sess, $res->fetchOneAssoc());
         }
-        $suid = S::v('suid');
 
-        if ($suid) {
-            $logger = S::logger();
-            $logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
-            $sess['suid'] = $suid;
+        // Loads the data into the real session.
+        $_SESSION = array_merge($_SESSION, $sess);
+
+        // Starts the session's logger, and sets up the permanent cookie.
+        if (S::has('suid')) {
+            $suid = S::v('suid');
+            $logger = S::logger($uid);
+            $logger->log("suid_start", S::v('forlife') . " by " . $suid['uid']);
         } else {
-            $logger = S::logger();
-            //$logger->log("connexion", Env::v('n'));
+            $logger = S::logger($uid);
             setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0);
-            if (Post::v('remember', 'false') == 'true') {
+
+            if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') {
                 $cookie = hash_encrypt($sess['password']);
                 setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0);
-                if ($logger) {
+                if ($logger && S::i('auth_by_cookie') != $uid) {
                     $logger->log("cookie_on");
                 }
             } else {
@@ -230,12 +233,15 @@ class XorgSession extends PlSession
             }
         }
 
-        $_SESSION = array_merge($_SESSION, $sess);
+        // Finalizes the session setup.
         $this->makePerms($perms);
         $this->securityChecks();
         $this->setSkin();
         $this->updateNbNotifs();
         check_redirect();
+
+        // We should not have to use this private data anymore
+        S::kill('auth_by_cookie');
         return true;
     }
 
@@ -261,12 +267,37 @@ class XorgSession extends PlSession
         }
     }
 
+    public function tokenAuth($login, $token)
+    {
+        // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require
+        // a valid nome and checks the permissions. When the PlUser object will be ready, we'll
+        // be able to return a simple 'PlUser' object here without trying to alterate the
+        // session.
+        $res = XDB::query('SELECT  u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe
+                             FROM  aliases         AS a
+                       INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
+                       INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
+                            WHERE  a.alias = {?} AND a.type != "homonyme"', $token, $login);
+        if ($res->numRows() == 1) {
+            $sess = $res->fetchOneAssoc();
+            if (!S::has('uid')) {
+                $_SESSION = $sess;
+                $this->makePerms($sess['perms']);
+                return S::i('uid');
+            } else if (S::i('uid') == $sess['uid']) {
+                return S::i('uid');
+            } else {
+                Platal::page()->kill('Invalid state. To be fixed when hruid is ready');
+            }
+        }
+        return null;
+    }
+
     public function makePerms($perm)
     {
         $flags = new PlFlagSet();
         if ($perm == 'disabled' || $perm == 'ext') {
             S::set('perms', $flags);
-            S::set('perms_backup', $flags);
             return;
         }
         $flags->addFlag(PERMS_USER);
@@ -274,7 +305,6 @@ class XorgSession extends PlSession
             $flags->addFlag(PERMS_ADMIN);
         }
         S::set('perms', $flags);
-        S::set('perms_backup', $flags);
     }
 
     public function setSkin()
@@ -290,6 +320,11 @@ class XorgSession extends PlSession
         }
     }
 
+    public function loggedLevel()
+    {
+        return AUTH_COOKIE;
+    }
+
     public function sureLevel()
     {
         return AUTH_MDP;