X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxorgsession.php;h=48a2664c7d5dce1bf8f95642da5e60770f6695f6;hb=841ff7e70524906bed05b93a4e745fb74545fb88;hp=1424389793f721d984fb174a0df043a15cf2d051;hpb=6672b29bdfad107ad3b621fce9f27bd6b8542a7f;p=platal.git

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index 1424389..48a2664 100644
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -267,6 +267,32 @@ class XorgSession extends PlSession
         }
     }
 
+    public function tokenAuth($login, $token)
+    {
+        // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require
+        // a valid nome and checks the permissions. When the PlUser object will be ready, we'll
+        // be able to return a simple 'PlUser' object here without trying to alterate the
+        // session.
+        $res = XDB::query('SELECT  u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe
+                             FROM  aliases         AS a
+                       INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
+                       INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
+                            WHERE  a.alias = {?} AND a.type != "homonyme"', $token, $login);
+        if ($res->numRows() == 1) {
+            $sess = $res->fetchOneAssoc();
+            if (!S::has('uid')) {
+                $_SESSION = $sess;
+                $this->makePerms($sess['perms']);
+                return S::i('uid');
+            } else if (S::i('uid') == $sess['uid']) {
+                return S::i('uid');
+            } else {
+                Platal::page()->kill('Invalid state. To be fixed when hruid is ready');
+            }
+        }
+        return null;
+    }
+
     public function makePerms($perm)
     {
         $flags = new PlFlagSet();