X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fxorgsession.php;h=ffffbf786b0968eebf4df49e0fcecb564df17918;hb=55546c0db778c2d8f9d7debd30117931dc39ff16;hp=14a7c817ca71f3e052dd30bac241844bfde472b6;hpb=1db75748d39cb4ee8314ff234a55bb732e871eeb;p=platal.git diff --git a/classes/xorgsession.php b/classes/xorgsession.php index 14a7c81..ffffbf7 100644 --- a/classes/xorgsession.php +++ b/classes/xorgsession.php @@ -24,14 +24,10 @@ class XorgSession extends PlSession public function __construct() { parent::__construct(); - S::bootstrap('perms_backup', new PlFlagSet()); } public function startAvailableAuth() { - if (!(S::v('perms') instanceof PlFlagSet)) { - S::set('perms', S::v('perms_backup')); - } if (!S::logged()) { $cookie = $this->tryCookie(); if ($cookie == 0) { @@ -83,14 +79,25 @@ class XorgSession extends PlSession if (list($uid, $password) = $res->fetchOneRow()) { require_once 'secure_hash.inc.php'; $expected_response = hash_encrypt("$uname:$password:" . S::v('challenge')); - if ($response != $expected_response) { + if ($response != $expected_response && Env::has('xorpass') + && !preg_match('/^0*$/', Env::v('xorpass'))) { $new_password = hash_xor(Env::v('xorpass'), $password); $expected_response = hash_encrypt("$uname:$new_password:" . S::v('challenge')); if ($response == $expected_response) { - XDB::execute('UPDATE auth_user_md5 - SET password = {?} - WHERE user_id = {?}', - $new_password, $uid); + XDB::execute('UPDATE auth_user_md5 + SET password = {?} + WHERE user_id = {?}', + $new_password, $uid); + + // Update the GoogleApps password as well, if required. + global $globals; + if ($globals->mailstorage->googleapps_domain) { + require_once 'googleapps.inc.php'; + $account = new GoogleAppsAccount($uid); + if ($account->active() && $account->sync_password) { + $account->set_password($new_password); + } + } } } if ($response != $expected_response) { @@ -184,6 +191,8 @@ class XorgSession extends PlSession S::set('auth', AUTH_COOKIE); } unset($_SESSION['log']); + + // Retrieves main user properties. $res = XDB::query('SELECT u.user_id AS uid, prenom, prenom_ini, nom, nom_ini, nom_usage, perms, promo, promo_sortie, matricule, password, FIND_IN_SET(\'femme\', u.flags) AS femme, a.alias AS forlife, a2.alias AS bestalias, @@ -198,6 +207,8 @@ class XorgSession extends PlSession $sess = $res->fetchOneAssoc(); $perms = $sess['perms']; unset($sess['perms']); + + // Retrieves account usage information (last login, last host). $res = XDB::query('SELECT UNIX_TIMESTAMP(s.start) AS lastlogin, s.host FROM logger.sessions AS s WHERE s.uid = {?} AND s.suid = 0 @@ -206,20 +217,23 @@ class XorgSession extends PlSession if ($res->numRows()) { $sess = array_merge($sess, $res->fetchOneAssoc()); } - $suid = S::v('suid'); - if ($suid) { + // Loads the data into the real session. + $_SESSION = array_merge($_SESSION, $sess); + + // Starts the session's logger, and sets up the permanent cookie. + if (S::has('suid')) { + $suid = S::v('suid'); $logger = S::logger($uid); - $logger->log("suid_start", S::v('forlife')." by {$suid['uid']}"); - $sess['suid'] = $suid; + $logger->log("suid_start", S::v('forlife') . " by " . $suid['uid']); } else { $logger = S::logger($uid); - //$logger->log("connexion", Env::v('n')); setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0); - if (Post::v('remember', 'false') == 'true') { + + if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') { $cookie = hash_encrypt($sess['password']); setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0); - if ($logger) { + if ($logger && S::i('auth_by_cookie') != $uid) { $logger->log("cookie_on"); } } else { @@ -230,12 +244,15 @@ class XorgSession extends PlSession } } - $_SESSION = array_merge($_SESSION, $sess); + // Finalizes the session setup. $this->makePerms($perms); $this->securityChecks(); $this->setSkin(); $this->updateNbNotifs(); check_redirect(); + + // We should not have to use this private data anymore + S::kill('auth_by_cookie'); return true; } @@ -261,12 +278,37 @@ class XorgSession extends PlSession } } + public function tokenAuth($login, $token) + { + // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require + // a valid nome and checks the permissions. When the PlUser object will be ready, we'll + // be able to return a simple 'PlUser' object here without trying to alterate the + // session. + $res = XDB::query('SELECT u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe + FROM aliases AS a + INNER JOIN auth_user_md5 AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user")) + INNER JOIN auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?}) + WHERE a.alias = {?} AND a.type != "homonyme"', $token, $login); + if ($res->numRows() == 1) { + $sess = $res->fetchOneAssoc(); + if (!S::has('uid')) { + $_SESSION = $sess; + $this->makePerms($sess['perms']); + return S::i('uid'); + } else if (S::i('uid') == $sess['uid']) { + return S::i('uid'); + } else { + Platal::page()->kill('Invalid state. To be fixed when hruid is ready'); + } + } + return null; + } + public function makePerms($perm) { $flags = new PlFlagSet(); if ($perm == 'disabled' || $perm == 'ext') { S::set('perms', $flags); - S::set('perms_backup', $flags); return; } $flags->addFlag(PERMS_USER); @@ -274,7 +316,6 @@ class XorgSession extends PlSession $flags->addFlag(PERMS_ADMIN); } S::set('perms', $flags); - S::set('perms_backup', $flags); } public function setSkin() @@ -290,6 +331,11 @@ class XorgSession extends PlSession } } + public function loggedLevel() + { + return AUTH_COOKIE; + } + public function sureLevel() { return AUTH_MDP;