X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxorgsession.php;h=0563d92333759a8fedafa930afc673194d4be235;hb=57fc676c5dfbf964c21a6b1a1f6e5abcb08e0b42;hp=83bf850253419040e6af4a571169d8f849cbcf05;hpb=8ebd6f86c4bba79239a927a123f1c4a2b4d807bf;p=platal.git

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index 83bf850..0563d92 100644
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2010 Polytechnique.org                              *
+ *  Copyright (C) 2003-2013 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -77,36 +77,29 @@ class XorgSession extends PlSession
         return self::INVALID_USER;
     }
 
-    private function checkPassword($uname, $login, $response, $login_type)
+    const TEXT_INVALID_LOGIN = "Mot de passe ou nom d'utilisateur invalide";
+    const TEXT_INVALID_PASS = "Mot de passe invalide";
+
+    private function checkPassword($login, User $user, $response)
     {
-        if ($login_type == 'alias') {
-            $res = XDB::query('SELECT  a.uid, a.password
-                                 FROM  accounts AS a
-                           INNER JOIN  aliases  AS l ON (l.uid = a.uid AND l.type != \'homonyme\')
-                                WHERE  l.alias = {?} AND a.state = \'active\'',
-                              $login);
+        if ($user === null) {
+            Platal::page()->trigError(self::TEXT_INVALID_LOGIN);
+            return false;
         } else {
-            $res = XDB::query('SELECT  uid, password
-                                 FROM  accounts
-                                WHERE  ' . $login_type . ' = {?}',
-                              $login);
-        }
-        if (list($uid, $password) = $res->fetchOneRow()) {
-            $expected_response = sha1("$uname:$password:" . S::v('challenge'));
+            $password = $user->password();
+            $expected_response = sha1("$login:$password:" . S::v('challenge'));
             /* Deprecates len(password) > 10 conversion. */
             if ($response != $expected_response) {
                 if (!S::logged()) {
-                    Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
+                    Platal::page()->trigError(self::TEXT_INVALID_LOGIN);
                 } else {
-                    Platal::page()->trigError('Mot de passe invalide');
+                    Platal::page()->trigError(self::TEXT_INVALID_PASS);
                 }
                 S::logger($uid)->log('auth_fail', 'bad password');
-                return null;
+                return false;
             }
-            return $uid;
+            return true;
         }
-        Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
-        return null;
     }
 
 
@@ -138,61 +131,30 @@ class XorgSession extends PlSession
         /** We come from an authentication form.
          */
         if (S::suid()) {
-            $login = $uname = S::suid('uid');
-            $loginType = 'uid';
-            $redirect = false;
+            $login = S::suid('uid');
         } else {
-            $uname = Post::v('username');
-            if (Post::s('domain') == "alias") {
-                $res = XDB::query('SELECT  redirect
-                                     FROM  virtual
-                               INNER JOIN  virtual_redirect USING(vid)
-                                    WHERE  alias LIKE {?}',
-                                   $uname . '@' . $globals->mail->alias_dom);
-                $redirect = $res->fetchOneCell();
-                if ($redirect) {
-                    $login = substr($redirect, 0, strpos($redirect, '@'));
-                } else {
-                    $login = '';
-                }
-                $loginType = 'alias';
-            } else if (Post::s('domain') == "ax") {
-                $login = $uname;
-                $redirect = false;
-                $loginType = 'hruid';
-            } else {
-                $login = $uname;
-                $redirect = false;
-                $loginType = is_numeric($uname) ? 'uid' : 'alias';
-            }
+            $login = Post::v('username');
         }
 
-        $uid = $this->checkPassword($uname, $login, Post::v('response'), $loginType);
-        if (!is_null($uid) && S::suid()) {
-            if (S::suid('uid') == $uid) {
-                $uid = S::i('uid');
+        $user = User::getSilent($login);
+
+        if (is_null($user)) {
+            Platal::page()->trigError(self::TEXT_INVALID_LOGIN);
+            $success = false;
+        } else {
+            if (S::suid()) {
+                $success = (S::suid('uid') == $user->id());
             } else {
-                $uid = null;
+                $success = $this->checkPassword($login, $user, Post::v('response'));
             }
         }
-        if (!is_null($uid)) {
-            S::set('auth', AUTH_MDP);
-            if (!S::suid()) {
-                if (Post::has('domain')) {
-                    $domain = Post::v('domain', 'login');
-                    if ($domain == 'alias') {
-                        Cookie::set('domain', 'alias', 300);
-                    } else if ($domain == 'ax') {
-                        Cookie::set('domain', 'ax', 300);
-                    } else {
-                        Cookie::kill('domain');
-                    }
-                }
-            }
+
+        if ($success) {
+            S::set('auth', AUTH_PASSWD);
             S::kill('challenge');
-            S::logger($uid)->log('auth_ok');
+            S::logger($user->id())->log('auth_ok');
         }
-        return User::getSilentWithUID($uid);
+        return $user;
     }
 
     protected function startSessionAs($user, $level)
@@ -204,7 +166,7 @@ class XorgSession extends PlSession
             return true;
         }
         if ($level == AUTH_SUID) {
-            S::set('auth', AUTH_MDP);
+            S::set('auth', AUTH_PASSWD);
         }
 
         // Loads uid and hruid into the session for developement conveniance.
@@ -221,6 +183,13 @@ class XorgSession extends PlSession
                 $this->setAccessCookie(false, S::i('auth_by_cookie') != $user->id());
             } else {
                 $this->killAccessCookie();
+
+                // If login for an external website and not activating cookie,
+                // mark that we want to disconnect once external auth checks
+                // have been performed.
+                if (Post::b('external_auth')) {
+                    S::set('external_auth_exit', true);
+                }
             }
         }
 
@@ -229,7 +198,10 @@ class XorgSession extends PlSession
         $this->securityChecks();
         $this->setSkin();
         $this->updateNbNotifs();
-        check_redirect();
+        // Only check email redirection for 'internal' users.
+        if ($user->checkPerms(PERMS_USER)) {
+            check_redirect();
+        }
 
         // We should not have to use this private data anymore
         S::kill('auth_by_cookie');
@@ -341,7 +313,7 @@ class XorgSession extends PlSession
 
     public function sureLevel()
     {
-        return AUTH_MDP;
+        return AUTH_PASSWD;
     }