X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fsecurity.inc.php;h=1d541670bc8a0994220440924e336641f92a2ab4;hb=47712f77e9718652c516c85cde99a58d142f67c9;hp=9e9aa4526e7c6f5ce89da65ee6bbff987ebb3c3e;hpb=25fe4c85de79aa601948d788b5754b5b6070080d;p=platal.git diff --git a/include/security.inc.php b/include/security.inc.php index 9e9aa45..1d54167 100644 --- a/include/security.inc.php +++ b/include/security.inc.php @@ -1,6 +1,6 @@ numRows()) { + $res = XDB::fetchOneCell('SELECT COUNT(*) + FROM email_watch + WHERE state != \'safe\' AND email = {?}', + $email); + if ($res) { send_warning_mail($message); return true; } @@ -78,7 +79,10 @@ function check_email($email, $message) function check_account() { - return S::v('watch_account'); + if (S::user()) { + return S::user()->watch; + } + return false; } function check_redirect($red = null) @@ -94,21 +98,21 @@ function check_redirect($red = null) } } -function send_warning_mail($title) +function send_warning_mail($title, $body = '') { global $globals; $mailer = new PlMailer(); $mailer->setFrom("webmaster@" . $globals->mail->domain); $mailer->addTo($globals->core->admin_email); $mailer->setSubject("[Plat/al Security Alert] $title"); - $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" + $mailer->setTxtBody($body . "Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" ."Identifiants de connexion :\n" . var_export($_SERVER, true)); $mailer->send(); } function kill_sessions() { - assert(S::has_perms()); + assert(S::admin()); shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); }