X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fsecurity.inc.php;h=e4357c53b94e0fb12de3d95c74b8bdc9de7507c6;hb=07e4a9a091ac34c84129c230cde455de34e1ae91;hp=9e9aa4526e7c6f5ce89da65ee6bbff987ebb3c3e;hpb=e85e121558a37e06cbf2099843588a6e5e5c267a;p=platal.git diff --git a/include/security.inc.php b/include/security.inc.php index 9e9aa45..e4357c5 100644 --- a/include/security.inc.php +++ b/include/security.inc.php @@ -1,6 +1,6 @@ numRows()) { + $res = XDB::fetchOneCell('SELECT COUNT(*) + FROM email_watch + WHERE state != \'safe\' AND email = {?}', + $email); + if ($res) { send_warning_mail($message); return true; } @@ -78,7 +79,10 @@ function check_email($email, $message) function check_account() { - return S::v('watch_account'); + if (S::user()) { + return S::user()->watch; + } + return false; } function check_redirect($red = null) @@ -94,21 +98,26 @@ function check_redirect($red = null) } } -function send_warning_mail($title) +function send_warning_mail($title, $body = '') { global $globals; $mailer = new PlMailer(); $mailer->setFrom("webmaster@" . $globals->mail->domain); $mailer->addTo($globals->core->admin_email); $mailer->setSubject("[Plat/al Security Alert] $title"); - $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" + // Note: we can't do $session = var_export($_SESSION, true) as var_export + // doesn't handle circular dependency correctly. + ob_start(); + var_dump($_SESSION); + $session = ob_get_clean(); + $mailer->setTxtBody($body . "Identifiants de session :\n" . $session . "\n\n" ."Identifiants de connexion :\n" . var_export($_SERVER, true)); $mailer->send(); } function kill_sessions() { - assert(S::has_perms()); + assert(S::admin()); shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); }