X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fsecurity.inc.php;h=ae9d0086e5f5735c57e51e0807a1cf15ff3df530;hb=e9e97a07a899d7583b0391a16d86fa427104ebcf;hp=e0b1d1485ccb4cca4ba9a6b23a8ff0ce3d759c72;hpb=316b40d60daacd3aa3b480ccba0db6a3d97c093b;p=platal.git

diff --git a/include/security.inc.php b/include/security.inc.php
index e0b1d14..ae9d008 100644
--- a/include/security.inc.php
+++ b/include/security.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2008 Polytechnique.org                              *
+ *  Copyright (C) 2003-2013 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -34,8 +34,13 @@ function check_ip($level)
             $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
         }
         $ips[] = $_SERVER['REMOTE_ADDR'];
-        foreach ($ips as &$ip) {
-            $ip = '(ip & mask) = (' . ip_to_uint($ip) . '& mask)';
+        foreach ($ips as $key=>$ip) {
+            $v = ip_to_uint($ip);
+            if (is_null($v)) {
+                unset($ips[$key]);
+            } else {
+                $ips[$key] = '(ip & mask) = (' . $v . '& mask)';
+            }
         }
         $res = XDB::query('SELECT  state, description
                              FROM  ip_watch
@@ -61,10 +66,11 @@ function check_ip($level)
 
 function check_email($email, $message)
 {
-    $res = XDB::query("SELECT state, description
-        FROM emails_watch
-        WHERE state != 'safe' AND email = {?}", $email);
-    if ($res->numRows()) {
+    $res = XDB::fetchOneCell('SELECT  COUNT(*)
+                                FROM  email_watch
+                               WHERE  state != \'safe\' AND email = {?}',
+                             $email);
+    if ($res) {
         send_warning_mail($message);
         return true;
     }
@@ -73,14 +79,18 @@ function check_email($email, $message)
 
 function check_account()
 {
-    return S::v('watch_account');
+    if (S::user()) {
+        return S::user()->watch;
+    }
+    return false;
 }
 
 function check_redirect($red = null)
 {
     require_once 'emails.inc.php';
     if (is_null($red)) {
-        $red = new Redirect(S::v('uid'));
+        $user = S::user();
+        $red = new Redirect($user);
     }
     if ($red->get_uid() == S::v('uid')) {
         $_SESSION['no_redirect'] = !$red->other_active('');
@@ -88,21 +98,21 @@ function check_redirect($red = null)
     }
 }
 
-function send_warning_mail($title)
+function send_warning_mail($title, $body = '')
 {
     global $globals;
     $mailer = new PlMailer();
     $mailer->setFrom("webmaster@" . $globals->mail->domain);
     $mailer->addTo($globals->core->admin_email);
     $mailer->setSubject("[Plat/al Security Alert] $title");
-    $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n"
+    $mailer->setTxtBody($body . "Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n"
         ."Identifiants de connexion :\n" . var_export($_SERVER, true));
     $mailer->send();
 }
 
 function kill_sessions()
 {
-    assert(S::has_perms());
+    assert(S::admin());
     shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh');
 }