X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fxnet%2Fsession.inc.php;h=1441f19e71e98da519bbd1d55214cb0d90da70a0;hb=22801bd99c3622a107c7fa0b4338b1447b169973;hp=de75d234c9d350f846668d10aee4762d49579a8c;hpb=0afc7e1e5fe18d3455214dc5fc8ff20b628fdb25;p=platal.git

diff --git a/include/xnet/session.inc.php b/include/xnet/session.inc.php
index de75d23..1441f19 100644
--- a/include/xnet/session.inc.php
+++ b/include/xnet/session.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -23,7 +23,8 @@ class XnetSession
 {
     // {{{ function init
 
-    public static function init() {
+    public static function init()
+    {
         global $globals;
 
         S::init();
@@ -34,13 +35,35 @@ class XnetSession
                 $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i);
             else
                 $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
-            $url  = "https://www.polytechnique.org/auth-groupex.php";
+            $url  = "https://www.polytechnique.org/auth-groupex";
             $url .= "?session=" . session_id();
             $url .= "&challenge=" . S::v('challenge');
             $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret);
             $url .= "&url=".urlencode($returl);
             $_SESSION['loginX'] = $url;
         }
+
+        if (S::logged() && $globals->asso()) {
+            $perms = S::v('perms');
+            $perms->rmFlag('groupadmin');
+            $perms->rmFlag('groupmember');
+            $perms->rmFlag('groupannu');
+            if (may_update()) {
+                $perms->addFlag('groupadmin');
+                $perms->addFlag('groupmember');
+                $perms->addFlag('groupannu');
+            }
+            if (is_member()) {
+                $perms->addFlag('groupmember');
+                if ($globals->asso('pub') != 'private') {
+                    $perms->addFlag('groupannu');
+                }
+            }
+            if ($globals->asso('cat') == 'Promotions') {
+                $perms->addFlag('groupannu');
+            }
+            $_SESSION['perms'] = $perms;
+        }
     }
 
     // }}}
@@ -81,24 +104,32 @@ class XnetSession
     // }}}
     // {{{ doAuthX
 
-    public static function doAuthX() {
+    public static function doAuthX()
+    {
         global $globals, $page;
 
         if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) {
+            Get::kill('auth');
+            if (!$page) {
+                require_once 'xnet.inc.php';
+                new_skinned_page('platal/index.tpl');
+            }
             $page->kill("Erreur d'authentification avec polytechnique.org !");
         }
 
         $res  = XDB::query("
             SELECT  u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme,
-                    a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
+                    u.hruid, a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash
               FROM  auth_user_md5   AS u
         INNER JOIN  auth_user_quick AS q  USING(user_id)
-        INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type='a_vie')
-        INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
+        INNER JOIN  aliases         AS a  ON (u.user_id = a.id AND a.type = 'a_vie')
+        INNER JOIN  aliases         AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags))
              WHERE  u.user_id = {?} AND u.perms IN('admin','user')
              LIMIT  1", Get::i('uid'));
         $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc());
         $_SESSION['auth'] = AUTH_MDP;
+        require_once 'xorg/session.inc.php';
+        $_SESSION['perms'] =& XorgSession::make_perms(S::v('perms'));
         S::kill('challenge');
         S::kill('loginX');
         S::kill('may_update');
@@ -125,14 +156,15 @@ class XnetSession
         if (!S::has('suid')) {
             $_SESSION['suid'] = $_SESSION;
         }
-        $_SESSION['perms'] = 'user';
+        require_once 'xorg/session.inc.php';
+        $_SESSION['perms'] =& XorgSession::make_perms('user');
     }
 
     // }}}
     // {{{ killSuid
 
     public static function killSuid()
-    {   
+    {
         if (!S::has('suid')) {
             return;
         }
@@ -184,7 +216,7 @@ function may_update($force = false, $lose = false)
 /** Get membership informations for the current asso
  * @param force Force membership to be read from database
  * @param lose  Force membership to be false
- */ 
+ */
 function is_member($force = false, $lose = false)
 {
     if (!isset($_SESSION['is_member'])) {