X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fsecurity.inc.php;h=d978e5df2c9de97fbb1706f59cc71ea4b5a4607e;hb=a51d0d30df9f951fe83688d49a172edaba453d63;hp=e0b1d1485ccb4cca4ba9a6b23a8ff0ce3d759c72;hpb=a62886091365824f04a967638dee269196c3899d;p=platal.git diff --git a/include/security.inc.php b/include/security.inc.php index e0b1d14..d978e5d 100644 --- a/include/security.inc.php +++ b/include/security.inc.php @@ -1,6 +1,6 @@ $ip) { + $v = ip_to_uint($ip); + if (is_null($v)) { + unset($ips[$key]); + } else { + $ips[$key] = '(ip & mask) = (' . $v . '& mask)'; + } } $res = XDB::query('SELECT state, description FROM ip_watch @@ -61,10 +66,11 @@ function check_ip($level) function check_email($email, $message) { - $res = XDB::query("SELECT state, description - FROM emails_watch - WHERE state != 'safe' AND email = {?}", $email); - if ($res->numRows()) { + $res = XDB::fetchOneCell('SELECT COUNT(*) + FROM email_watch + WHERE state != \'safe\' AND email = {?}', + $email); + if ($res) { send_warning_mail($message); return true; } @@ -73,14 +79,18 @@ function check_email($email, $message) function check_account() { - return S::v('watch_account'); + if (S::user()) { + return S::user()->watch; + } + return false; } function check_redirect($red = null) { require_once 'emails.inc.php'; if (is_null($red)) { - $red = new Redirect(S::v('uid')); + $user = S::user(); + $red = new Redirect($user); } if ($red->get_uid() == S::v('uid')) { $_SESSION['no_redirect'] = !$red->other_active(''); @@ -102,7 +112,7 @@ function send_warning_mail($title) function kill_sessions() { - assert(S::has_perms()); + assert(S::admin()); shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); }