X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=include%2Fxorg%2Fsession.inc.php;h=8b041a185a6f66d2db2e28c61006e38d83a40c9a;hb=8d8f76072d8a363c3b24cfd0f2728bdc5754ec7f;hp=323514349286032adf3335f26d7a3c0e7d8b63c6;hpb=50a40a33a496131e817df875607ea5542d096a64;p=platal.git diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php index 3235143..8b041a1 100644 --- a/include/xorg/session.inc.php +++ b/include/xorg/session.inc.php @@ -19,132 +19,124 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once('platal/session.inc.php'); +require_once dirname(__FILE__).'/../../classes/Session.php'; // {{{ class XorgSession -class XorgSession extends DiogenesCoreSession +class XorgSession { - // {{{ function XorgSession() + // {{{ function init - function XorgSession() - { - $this->DiogenesCoreSession(); - if (!Session::has('uid')) { + function init() { + S::init(); + if (!S::has('uid')) { try_cookie(); } - set_skin(); + $_SESSION['session'] = new XorgSession; } // }}} - // {{{ function init - - function init() { - @session_start(); - if (!Session::has('session')) { - $_SESSION['session'] = new XorgSession; - } - } - - // }}} // {{{ function destroy() - + function destroy() { - @session_destroy(); - unset($_SESSION); + S::destroy(); XorgSession::init(); } - + // }}} // {{{ function doAuth() - /** Try to do an authentication. - * - * @param page the calling page (by reference) - */ - function doAuth(&$page,$new_name=false) + function doAuth($new_name = false) { - global $globals; - if (identified()) { // ok, c'est bon, on n'a rien à faire - return true; - } - - if (Session::has('session')) { - $session =& Session::getMixed('session'); + global $globals; + if (S::identified()) { // ok, c'est bon, on n'a rien à faire + return true; + } + + if (!Env::has('username') || !Env::has('response') + || !S::has('challenge')) + { + return false; } - if (Env::has('username') && Env::has('response') && isset($session->challenge)) - { - // si on vient de recevoir une identification par passwordpromptscreen.tpl - // ou passwordpromptscreenlogged.tpl - $uname = Env::get('username'); - - if (Env::get('domain') == "alias") { - - $res = $globals->xdb->query( - "SELECT redirect - FROM virtual - INNER JOIN virtual_redirect USING(vid) - WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom); - $redirect = $res->fetchOneCell(); - if ($redirect) { - $login = substr($redirect, 0, strpos($redirect, '@')); - } else { - $login = ""; - } + // si on vient de recevoir une identification par passwordpromptscreen.tpl + // ou passwordpromptscreenlogged.tpl + $uname = Env::v('username'); + + if (Env::v('domain') == "alias") { + + $res = XDB::query( + "SELECT redirect + FROM virtual + INNER JOIN virtual_redirect USING(vid) + WHERE alias LIKE {?}", $uname."@".$globals->mail->alias_dom); + $redirect = $res->fetchOneCell(); + if ($redirect) { + $login = substr($redirect, 0, strpos($redirect, '@')); } else { - $login = $uname; + $login = ""; } + } else { + $login = $uname; + } - $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias'; - $res = $globals->xdb->query( + $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias'; + $res = XDB::query( "SELECT u.user_id, u.password FROM auth_user_md5 AS u INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' ) WHERE a.$field = {?} AND u.perms IN('admin','user')", $login); - $logger =& Session::getMixed('log'); - - if (list($uid, $password) = $res->fetchOneRow()) { - $expected_response=md5("$uname:$password:{$session->challenge}"); - if (Env::get('response') == $expected_response) { - if (Env::has('domain')) { - if (($domain = Env::get('domain', 'login')) == 'alias') { - setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0); - } else { - setcookie('ORGdomain', '', (time()-3600), '/', '', 0); - } - // pour que la modification soit effective dans le reste de la page - $_COOKIE['ORGdomain'] = $domain; + $logger =& S::v('log'); + if (list($uid, $password) = $res->fetchOneRow()) { + require_once('secure_hash.inc.php'); + $expected_response=hash_encrypt("$uname:$password:".S::v('challenge')); + // le password de la base est peut-être encore encodé en md5 + if (Env::v('response') != $expected_response) { + $new_password = hash_xor(Env::v('xorpass'), $password); + $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge')); + if (Env::v('response') == $expected_response) { + XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid); + } } + if (Env::v('response') == $expected_response) { + if (Env::has('domain')) { + if (($domain = Env::v('domain', 'login')) == 'alias') { + setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0); + } else { + setcookie('ORGdomain', '', (time()-3600), '/', '', 0); + } + // pour que la modification soit effective dans le reste de la page + $_COOKIE['ORGdomain'] = $domain; + } - unset($session->challenge); - if ($logger) { - $logger->log('auth_ok'); + S::kill('challenge'); + if ($logger) { + $logger->log('auth_ok'); + } + start_connexion($uid, true); + if (Env::v('remember', 'false') == 'true') { + $cookie = hash_encrypt(S::v('password')); + setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0); + if ($logger) { + $logger->log("cookie_on"); } - start_connexion($uid, true); - if (Env::get('remember', 'false') == 'true') { - $cookie = md5(Session::get('password')); - setcookie('ORGaccess',$cookie,(time()+25920000),'/','',0); - if ($logger) { - $logger->log("cookie_on"); - } - } else { - setcookie('ORGaccess', '', time() - 3600, '/', '', 0); - - if ($logger) { - $logger->log("cookie_off"); - } + } else { + setcookie('ORGaccess', '', time() - 3600, '/', '', 0); + + if ($logger) { + $logger->log("cookie_off"); } - return true; - } elseif ($logger) { - $logger->log('auth_fail','bad password'); } - } elseif ($logger) { - $logger->log('auth_fail','bad login'); + return true; + } elseif ($logger) { + $logger->log('auth_fail','bad password'); } - } - $this->doLogin($page,$new_name); + } elseif ($logger) { + $logger->log('auth_fail','bad login'); + } + + return false; } // }}} @@ -154,70 +146,21 @@ class XorgSession extends DiogenesCoreSession * * @param page the calling page (by reference) */ - function doAuthCookie(&$page) + function doAuthCookie() { - if (logged()) { - return; + if (S::logged()) { + return true; } if (Env::has('username') and Env::has('response')) { - return $this->doAuth($page); + return XorgSession::doAuth(); } if ($r = try_cookie()) { - return $this->doAuth($page,($r>0)); + return XorgSession::doAuth(($r > 0)); } - } - - // }}} - // {{{ function doLogin() - - /** Display login screen. - */ - function doLogin(&$page, $new_name=false) - { - $page->addJsLink('javascript/md5.js'); - if (logged() and !$new_name) { - $page->changeTpl('password_prompt_logged.tpl'); - $page->addJsLink('javascript/do_challenge_response_logged.js'); - $page->assign("xorg_tpl", "password_prompt_logged.tpl"); - $page->run(); - } else { - $page->changeTpl('password_prompt.tpl'); - $page->addJsLink('javascript/do_challenge_response.js'); - $page->assign("xorg_tpl", "password_prompt.tpl"); - - global $globals; - if ($globals->mail->alias_dom) { - $page->assign("domains", Array( - $globals->mail->domain."/".$globals->mail->domain2, - $globals->mail->alias_dom."/".$globals->mail->alias_dom2)); - $page->assign("domains_value", Array("login", "alias")); - $page->assign("r_domain", Cookie::get('ORGdomain', 'login')); - } - $page->run(); - } - exit; - } - - // }}} - // {{{ function getUserId() - - function getUserId($auth,$username) - { - global $globals; - $res = $globals->xdb->query("SELECT id FROM aliases WHERE alias = {?}",$username); - return $res->fetchOneCell(); - } - // }}} - // {{{ function getUsername() - - function getUsername($auth,$uid) - { - global $globals; - $res = $globals->xdb->query("SELECT alias FROM aliases WHERE id = {?} AND type='a_vie'", $uid); - return $res->fetchOneCell(); + return false; } // }}} @@ -232,19 +175,19 @@ class XorgSession extends DiogenesCoreSession */ function try_cookie() { - global $globals; - if (Cookie::get('ORGaccess') == '' or !Cookie::has('ORGuid')) { + if (Cookie::v('ORGaccess') == '' or !Cookie::has('ORGuid')) { return -1; } - $res = @$globals->xdb->query( + $res = @XDB::query( "SELECT user_id,password FROM auth_user_md5 WHERE user_id = {?} AND perms IN('admin','user')", - Cookie::getInt('ORGuid') + Cookie::i('ORGuid') ); if ($res->numRows() != 0) { list($uid, $password) = $res->fetchOneRow(); - $expected_value = md5($password); - if ($expected_value == Cookie::get('ORGaccess')) { + require_once('secure_hash.inc.php'); + $expected_value = hash_encrypt($password); + if ($expected_value == Cookie::v('ORGaccess')) { start_connexion($uid, false); return 0; } else { @@ -265,8 +208,7 @@ function try_cookie() */ function start_connexion ($uid, $identified) { - global $globals; - $res = $globals->xdb->query(" + $res = XDB::query(" SELECT u.user_id AS uid, prenom, nom, perms, promo, matricule, password, FIND_IN_SET('femme', u.flags) AS femme, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash @@ -279,14 +221,14 @@ function start_connexion ($uid, $identified) ORDER BY s.start DESC LIMIT 1", $uid); $sess = $res->fetchOneAssoc(); - $suid = Session::getMixed('suid'); - + $suid = S::v('suid'); + if ($suid) { $logger = new DiogenesCoreLogger($uid, $suid); - $logger->log("suid_start", Session::get('forlife')." by {$suid['uid']}"); + $logger->log("suid_start", S::v('forlife')." by {$suid['uid']}"); $sess['suid'] = $suid; } else { - $logger = Session::getMixed('log', new DiogenesCoreLogger($uid)); + $logger = S::v('log', new DiogenesCoreLogger($uid)); $logger->log("connexion", $_SERVER['PHP_SELF']); setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0); } @@ -298,31 +240,21 @@ function start_connexion ($uid, $identified) } // }}} -// {{{ function set_skin() function set_skin() { global $globals; - if (logged() && $globals->skin->enable) { - $uid = Session::getInt('uid'); - $res = $globals->xdb->query("SELECT skin,skin_tpl - FROM auth_user_quick AS a - INNER JOIN skins AS s ON a.skin=s.id - WHERE user_id = {?} AND skin_tpl != ''", $uid); - if (list($_SESSION['skin_id'], $_SESSION['skin']) = $res->fetchOneRow()) { + if (S::logged() && !S::has('skin')) { + $uid = S::v('uid'); + $res = XDB::query("SELECT skin_tpl + FROM auth_user_quick AS a + INNER JOIN skins AS s ON a.skin = s.id + WHERE user_id = {?} AND skin_tpl != ''", $uid); + if ($_SESSION['skin'] = $res->fetchOneCell()) { return; } } - if ($globals->skin->enable) { - $_SESSION['skin'] = $globals->skin->def_tpl; - $_SESSION['skin_id'] = $globals->skin->def_id; - } else { - $_SESSION['skin'] = 'default.tpl'; - $_SESSION['skin_id'] = -1; - } } -// }}} - // vim:set et sw=4 sts=4 sws=4 foldmethod=marker: ?>