X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fauth%2Fauth.inc.php;h=62e94ef1c5ffb12eb2d43d05f77edbf46c4bf32a;hb=fb813fb52d5ab65ca9a5b92b5cb9089523380d79;hp=498bd3bd30634e265592a2bf6bc3e017b58e8ab8;hpb=374487239a72c7b2a083c5b9d8f2a53aec74ac80;p=platal.git

diff --git a/modules/auth/auth.inc.php b/modules/auth/auth.inc.php
index 498bd3b..62e94ef 100644
--- a/modules/auth/auth.inc.php
+++ b/modules/auth/auth.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2006 Polytechnique.org                              *
+ *  Copyright (C) 2003-2010 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -19,69 +19,79 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************/
 
-/* cree le champs "auth" renvoye au Groupe X */
-function gpex_make_auth($chlg, $privkey, $datafields) {
-    $fieldarr = explode(",",$datafields);
+function gpex_prepare_param($name, $val, &$to_hash,  $charset)
+{
+    $val = iconv('UTF-8', $charset, $val);
+    $to_hash .= $val;
+    return '&' . $name . '=' . urlencode($val);
+}
+
+function gpex_make($chlg, $privkey, $datafields, $charset)
+{
     $tohash   = "1$chlg$privkey";
+    $params   = "";
+    $fieldarr = explode(',', $datafields);
 
-    $res = XDB::query("SELECT matricule, matricule_ax, promo,
-                                        promo_sortie, flags, deces, nom,
-                                        prenom, nationalite, section,
-                                        naissance
-                                   FROM auth_user_md5 WHERE user_id = {?}",
-                                S::v('uid'));
-    $personnal_data = $res->fetchOneAssoc();
+    $user =& S::user();
+    if ($user->hasProfile()) {
+        // XXX: Transition table for auth.
+        $personnal_data = $user->profile()->data();
+        $personnal_data['matricule'] = $personnal_data['xorg_id'];
+        $personnal_data['matricule_ax'] = $personnal_data['ax_id'];
+        $personnal_data['promo_sortie'] = $personnal_data['promo'] + 3; // FIXME: Hum, not that good
+        $personnal_data['nationalite'] = $personnal_data['nationality1'];
+        $personnal_data['naissance'] = $personnal_data['birthdate'];
+        $personnal_data['deces'] = $personnal_data['deathdate'];
+        $personnal_data['flags'] = $user->profile()->isFemale() ? 'femme' : '';
+    } else {
+        $personnal_data = array();
+    }
 
     foreach ($fieldarr as $val) {
-        /* on verifie qu'on n'a pas demandÃ© une variable inexistante ! */
-        if (S::has($val)) {
-            $tohash .= S::v($val);
-            $params .= "&$val=".S::v($val);
+        // Determine the requested value, and add it to the answer.
+        if ($val == 'perms') {
+            $params .= gpex_prepare_param($val, S::admin() ? 'admin' : 'user', $tohash, $charset);
+        } else if ($val == 'forlife') {
+            $params .= gpex_prepare_param($val, S::v('hruid'), $tohash, $charset);
+        } else if (S::has($val)) {
+            $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
         } else if (isset($personnal_data[$val])) {
-            $tohash .= $personnal_data[$val];
-            $params .= "&$val=".$personnal_data[$val];
+            $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
         } else if ($val == 'username') {
-            $res = XDB::query("SELECT alias FROM aliases
-                                          WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
-                                        S::v('uid'));
+            $res = XDB::query("SELECT  alias
+                                 FROM  aliases
+                                WHERE  id = {?} AND FIND_IN_SET('bestalias', flags)",
+                              S::i('uid'));
             $min_username = $res->fetchOneCell();
-            $tohash      .= $min_username;
+            $params      .= gpex_prepare_param($val, $min_username, $tohash, $charset);
+        } else if ($val == 'grpauth') {
+            if (isset($_GET['group'])) {
+                $res = XDB::query("SELECT  perms
+                                     FROM  group_members
+                               INNER JOIN  groups ON(id = asso_id)
+                                    WHERE  uid = {?} AND diminutif = {?}",
+                                  S::v('uid'), $_GET['group']);
+                $perms = $res->fetchOneCell();
+            } else {
+                // if no group asked, return main rights
+                $perms = S::admin() ? 'admin' : 'membre';
+            }
+            $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
+        } else {
+            $params .= gpex_prepare_param($val, '', $tohash, $charset);
         }
     }
     $tohash .= "1";
-    return md5($tohash);
+    $auth = md5($tohash);
+    return array($auth, "&auth=" . $auth . $params);
 }
 
 /* cree les parametres de l'URL de retour avec les champs demandes */
-function gpex_make_params($chlg, $privkey, $datafields) {
-    $params   = "&auth=".gpex_make_auth($chlg, $privkey, $datafields);
-
-    $res = XDB::query("SELECT matricule, matricule_ax, promo,
-                              promo_sortie, flags, deces, nom,
-                              prenom, nationalite, section,
-                              naissance
-                         FROM auth_user_md5 WHERE user_id = {?}",
-                      S::v('uid'));
-    $personnal_data = $res->fetchOneAssoc();
-
-    $fieldarr = explode(",",$datafields);
-
-    foreach ($fieldarr as $val) {
-        if (S::has($val)) {
-            $tohash .= S::v($val);
-            $params .= "&$val=".S::v($val);
-        } else if (isset($personnal_data[$val])) {
-            $tohash .= $personnal_data[$val];
-            $params .= "&$val=".$personnal_data[$val];
-        } else if ($val == 'username') {
-            $res = XDB::query("SELECT alias FROM aliases 
-                                          WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
-                                        S::v('uid'));
-            $min_username = $res->fetchOneCell();
-            $params      .= "&$val=".$min_username;
-        }
-    }
-    return $params;
+function gpex_make_params($chlg, $privkey, $datafields, $charset)
+{
+    list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset);
+    return $param;
 }
 
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
 ?>