X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fsecurity.inc.php;h=1d541670bc8a0994220440924e336641f92a2ab4;hb=47712f77e9718652c516c85cde99a58d142f67c9;hp=64e3714a2415f28d24650151b346ecc544dacfbb;hpb=065cd7ed086ef7806f294f92e675f16232704d6a;p=platal.git diff --git a/include/security.inc.php b/include/security.inc.php index 64e3714..1d54167 100644 --- a/include/security.inc.php +++ b/include/security.inc.php @@ -1,6 +1,6 @@ numRows()) { + $res = XDB::fetchOneCell('SELECT COUNT(*) + FROM email_watch + WHERE state != \'safe\' AND email = {?}', + $email); + if ($res) { send_warning_mail($message); return true; } @@ -78,14 +79,18 @@ function check_email($email, $message) function check_account() { - return S::v('watch_account'); + if (S::user()) { + return S::user()->watch; + } + return false; } function check_redirect($red = null) { require_once 'emails.inc.php'; if (is_null($red)) { - $red = new Redirect(S::user()); + $user = S::user(); + $red = new Redirect($user); } if ($red->get_uid() == S::v('uid')) { $_SESSION['no_redirect'] = !$red->other_active(''); @@ -93,21 +98,21 @@ function check_redirect($red = null) } } -function send_warning_mail($title) +function send_warning_mail($title, $body = '') { global $globals; $mailer = new PlMailer(); $mailer->setFrom("webmaster@" . $globals->mail->domain); $mailer->addTo($globals->core->admin_email); $mailer->setSubject("[Plat/al Security Alert] $title"); - $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" + $mailer->setTxtBody($body . "Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" ."Identifiants de connexion :\n" . var_export($_SERVER, true)); $mailer->send(); } function kill_sessions() { - assert(S::has_perms()); + assert(S::admin()); shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); }