X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fxnet%2Fsession.inc.php;h=147fab842eff2e00686dbb7dfa9c7aab18527934;hb=fd834b4b349e02bdedb8ed8c7a1392dccb0d4da8;hp=eef22e22885e669cfcd0c75bd2225072e3d7847a;hpb=71fe935c7d548595482e912fff605cd7a0390708;p=platal.git diff --git a/include/xnet/session.inc.php b/include/xnet/session.inc.php index eef22e2..147fab8 100644 --- a/include/xnet/session.inc.php +++ b/include/xnet/session.inc.php @@ -19,30 +19,20 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once('platal/session.inc.php'); +require_once dirname(__FILE__).'/../../classes/Session.php'; -// {{{ class XorgSession - -class XnetSession extends DiogenesCoreSession +class XnetSession { - // {{{ function XnetSession() - - function XnetSession() - { - $this->DiogenesCoreSession(); - } - - // }}} // {{{ function init - + function init() { global $globals; - @session_start(); - if (!Session::has('session')) { - $_SESSION['session'] = new XnetSession; - } - if (!logged()) { + S::init(); + + $_SESSION['session'] = new XnetSession; + + if (!S::logged()) { // prevent connexion to be linked to deconnexion if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false) $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i); @@ -50,22 +40,21 @@ class XnetSession extends DiogenesCoreSession $returl = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}"; $url = "https://www.polytechnique.org/auth-groupex.php"; $url .= "?session=" . session_id(); - $url .= "&challenge=" . $_SESSION['session']->challenge; - $url .= "&pass=" . md5($_SESSION['session']->challenge . $globals->xnet->secret); + $url .= "&challenge=" . S::v('challenge'); + $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret); $url .= "&url=".urlencode($returl); - $_SESSION['session']->loginX = $url; + $_SESSION['loginX'] = $url; } } - + // }}} // {{{ function destroy() - + function destroy() { - @session_destroy(); - unset($_SESSION); + S::destroy(); XnetSession::init(); } - + // }}} // {{{ function doAuth() @@ -73,33 +62,30 @@ class XnetSession extends DiogenesCoreSession * * @param page the calling page (by reference) */ - function doAuth(&$page) + function doAuth() { - global $globals; - if (identified()) { // ok, c'est bon, on n'a rien à faire + if (S::identified()) { // ok, c'est bon, on n'a rien à faire return true; } if (Get::has('auth')) { - return $this->doAuthX($page); - } elseif (Post::has('challenge') && Post::has('username') && Post::has('response')) { - return $this->doAuthOther($page); - } else { - $this->doLogin($page); + return XnetSession::doAuthX(); } + + return false; } // }}} // {{{ doAuthX - function doAuthX(&$page) { - global $globals; + function doAuthX() { + global $globals, $page; - if (md5('1'.$this->challenge.$globals->xnet->secret.Get::getInt('uid').'1') != Get::get('auth')) { + if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) { $page->kill("Erreur d'authentification avec polytechnique.org !"); } - $res = $globals->xdb->query(" + $res = XDB::query(" SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme, a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash FROM auth_user_md5 AS u @@ -107,51 +93,38 @@ class XnetSession extends DiogenesCoreSession INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie') INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags)) WHERE u.user_id = {?} AND u.perms IN('admin','user') - LIMIT 1", Get::getInt('uid')); + LIMIT 1", Get::i('uid')); $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc()); $_SESSION['auth'] = AUTH_MDP; - unset($this->challenge); - unset($this->loginX); + S::kill('challenge'); + S::kill('loginX'); Get::kill('auth'); Get::kill('uid'); + $path = Get::v('p'); + Get::kill('p'); + Get::kill('PHPSESSID'); + $args = array(); - foreach($_GET as $key=>$val) { + foreach($_GET as $key => $val) { $args[] = urlencode($key).'='.urlencode($val); } - redirect($_SERVER['PHP_SELF'] . '?' . join('&', $args)); - } - - // }}} - // {{{ doAuthOther - - function doAuthOther(&$page) { - if (Post::has('challenge') && Post::has('username') && Post::has('response')) { - $username = Post::get('username'); - } - $this->doLogin($page); - } - // }}} - // {{{ doLogin - - function doLogin(&$page) { - redirect($_SESSION['session']->loginX); + http_redirect($globals->baseurl . '/' . $path, join('&', $args)); } // }}} } -// }}} // {{{ may_update function may_update() { global $globals; if (!$globals->asso('id')) { return false; } - if (has_perms()) { return true; } - $res = $globals->xdb->query( + if (S::has_perms()) { return true; } + $res = XDB::query( "SELECT perms FROM groupex.membres - WHERE uid={?} AND asso_id={?}", Session::getInt('uid'), $globals->asso('id')); + WHERE uid={?} AND asso_id={?}", S::v('uid'), $globals->asso('id')); return $res->fetchOneCell() == 'admin'; } @@ -164,13 +137,13 @@ function is_member() { if (!$asso_id) { return false; } static $is_member; if (!$is_member) $is_member = array(); - if (!isset($is_member[$asso_id])) + if (!isset($is_member[$asso_id])) { - $res = $globals->xdb->query( + $res = XDB::query( "SELECT COUNT(*) FROM groupex.membres WHERE uid={?} AND asso_id={?}", - Session::getInt('uid'), $asso_id); + S::v('uid'), $asso_id); $is_member[$asso_id] = $res->fetchOneCell() == 1; } return $is_member[$asso_id];