X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fsecurity.inc.php;h=1d541670bc8a0994220440924e336641f92a2ab4;hb=821198c7f5394839f6421c54a32ae2a0dca19b3d;hp=9e9aa4526e7c6f5ce89da65ee6bbff987ebb3c3e;hpb=f9bebf66a51f0920e55eb6d2c60c88e2eafbc598;p=platal.git diff --git a/include/security.inc.php b/include/security.inc.php index 9e9aa45..1d54167 100644 --- a/include/security.inc.php +++ b/include/security.inc.php @@ -1,6 +1,6 @@ numRows()) { + $res = XDB::fetchOneCell('SELECT COUNT(*) + FROM email_watch + WHERE state != \'safe\' AND email = {?}', + $email); + if ($res) { send_warning_mail($message); return true; } @@ -78,7 +79,10 @@ function check_email($email, $message) function check_account() { - return S::v('watch_account'); + if (S::user()) { + return S::user()->watch; + } + return false; } function check_redirect($red = null) @@ -94,21 +98,21 @@ function check_redirect($red = null) } } -function send_warning_mail($title) +function send_warning_mail($title, $body = '') { global $globals; $mailer = new PlMailer(); $mailer->setFrom("webmaster@" . $globals->mail->domain); $mailer->addTo($globals->core->admin_email); $mailer->setSubject("[Plat/al Security Alert] $title"); - $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" + $mailer->setTxtBody($body . "Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" ."Identifiants de connexion :\n" . var_export($_SERVER, true)); $mailer->send(); } function kill_sessions() { - assert(S::has_perms()); + assert(S::admin()); shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); }