X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxorgsession.php;h=e46be2ca432fe309cdc491daf9b476bdd7676c59;hb=6ff4f8c0ff2e02e07b1f45793a5db3b306d50813;hp=c9ac0b7e49a81f5909b08b2ab6b5894537f3cd90;hpb=edc5509597a4a1710d603831517958b526fd4751;p=platal.git

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index c9ac0b7..e46be2c 100644
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2008 Polytechnique.org                              *
+ *  Copyright (C) 2003-2009 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -47,19 +47,19 @@ class XorgSession extends PlSession
     private function tryCookie()
     {
         S::kill('auth_by_cookie');
-        if (Cookie::v('ORGaccess') == '' || !Cookie::has('ORGuid')) {
+        if (Cookie::v('access') == '' || !Cookie::has('uid')) {
             return -1;
         }
 
         $res = XDB::query('SELECT  user_id, password
                              FROM  auth_user_md5
                             WHERE  user_id = {?} AND perms IN(\'admin\', \'user\')',
-                         Cookie::i('ORGuid'));
+                         Cookie::i('uid'));
         if ($res->numRows() != 0) {
             list($uid, $password) = $res->fetchOneRow();
             require_once 'secure_hash.inc.php';
             $expected_value = hash_encrypt($password);
-            if ($expected_value == Cookie::v('ORGaccess')) {
+            if ($expected_value == Cookie::v('access')) {
                 S::set('auth_by_cookie', $uid);
                 return 0;
             } else {
@@ -102,11 +102,17 @@ class XorgSession extends PlSession
                 }
             }
             if ($response != $expected_response) {
+                if (!S::logged()) {
+                    Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
+                } else {
+                    Platal::page()->trigError('Mot de passe invalide');
+                }
                 S::logger($uid)->log('auth_fail', 'bad password');
                 return null;
             }
             return $uid;
         }
+        Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
         return null;
     }
 
@@ -176,12 +182,10 @@ class XorgSession extends PlSession
             if (!S::has('suid')) {
                 if (Post::has('domain')) {
                     if (($domain = Post::v('domain', 'login')) == 'alias') {
-                        setcookie('ORGdomain', "alias", (time() + 25920000), '/', '', 0);
+                        Cookie::set('domain', 'alias', 300);
                     } else {
-                        setcookie('ORGdomain', '', (time() - 3600), '/', '', 0);
+                        Cookie::kill('domain');
                     }
-                    // pour que la modification soit effective dans le reste de la page
-                    $_COOKIE['ORGdomain'] = $domain;
                 }
             }
             S::kill('challenge');
@@ -199,7 +203,6 @@ class XorgSession extends PlSession
         }
         if ($level == AUTH_SUID) {
             S::set('auth', AUTH_MDP);
-            unset($_SESSION['log']);
         }
 
         // Retrieves main user properties.
@@ -211,9 +214,13 @@ class XorgSession extends PlSession
                               FROM  auth_user_md5   AS u
                         INNER JOIN  auth_user_quick AS q  USING(user_id)
                          LEFT JOIN  gapps_accounts  AS g  ON (u.user_id = g.l_userid AND g.g_status = 'active')
-                         LEFT JOIN  logger.last_sessions AS ls ON (ls.uid = u.user_id)
-                         LEFT JOIN  logger.sessions AS s  ON(s.id = ls.id)
+                         LEFT JOIN  #logger#.last_sessions AS ls ON (ls.uid = u.user_id)
+                         LEFT JOIN  #logger#.sessions AS s  ON(s.id = ls.id)
                              WHERE  u.user_id = {?} AND u.perms IN('admin', 'user')", $uid);
+        if ($res->numRows() != 1) {
+            return false;
+        }
+
         $sess = $res->fetchOneAssoc();
         $perms = $sess['perms'];
         unset($sess['perms']);
@@ -229,17 +236,12 @@ class XorgSession extends PlSession
         } else {
             $logger = S::logger($uid);
             $logger->saveLastSession();
-            setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0);
+            Cookie::set('uid', $uid, 300);
 
             if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') {
-                $cookie = hash_encrypt($sess['password']);
-                setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0);
-                if (S::i('auth_by_cookie') != $uid) {
-                    $logger->log("cookie_on");
-                }
+                $this->setAccessCookie(false, S::i('auth_by_cookie') != $uid);
             } else {
-                setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
-                $logger->log("cookie_off");
+                $this->killAccessCookie();
             }
         }
 
@@ -255,21 +257,6 @@ class XorgSession extends PlSession
         return true;
     }
 
-    /** Start a session without authentication data for the given user.
-     * This is used to identify the user after his registration, to be
-     * removed after rewriting registration procedure.
-     * XXX: Temporary
-     */
-    public function startWeakSession($user)
-    {
-        if (!$this->startSessionAs($user, AUTH_MDP)) {
-            $this->destroy();
-            return false;
-        }
-        S::set('auth', AUTH_MDP);
-        return true;
-    }
-
     private function securityChecks()
     {
         $mail_subject = array();
@@ -306,7 +293,7 @@ class XorgSession extends PlSession
         return null;
     }
 
-    public function makePerms($perm)
+    protected function makePerms($perm, $is_admin)
     {
         $flags = new PlFlagSet();
         if ($perm == 'disabled' || $perm == 'ext') {
@@ -349,6 +336,29 @@ class XorgSession extends PlSession
         $n = select_notifs(false, S::i('uid'), S::v('watch_last'), false);
         S::set('notifs', $n->numRows());
     }
+
+    public function setAccessCookie($replace = false, $log = true) {
+        if (S::has('suid') || ($replace && !Cookie::blank('access'))) {
+            return;
+        }
+        require_once('secure_hash.inc.php');
+        Cookie::set('access', hash_encrypt(S::v('password')), 300, true);
+        if ($log) {
+            S::logger()->log('cookie_on');
+        }
+    }
+
+    public function killAccessCookie($log = true) {
+        Cookie::kill('access');
+        if ($log) {
+            S::logger()->log('cookie_off');
+        }
+    }
+
+    public function killLoginFormCookies() {
+        Cookie::kill('uid');
+        Cookie::kill('domain');
+    }
 }
 
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: