X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fauth%2Fauth.inc.php;h=aae05535176c1ca5bc8726a643527c06f914088e;hb=22f99f968b9233dd0ebb4b608b590371600ce5c5;hp=804c5270794a12dcb89baf3917b9e86a45f64c50;hpb=b49f3f403fa8bb518c709c4091946c5d7f2aad6b;p=platal.git

diff --git a/modules/auth/auth.inc.php b/modules/auth/auth.inc.php
index 804c527..aae0553 100644
--- a/modules/auth/auth.inc.php
+++ b/modules/auth/auth.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2009 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -19,64 +19,68 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************/
 
-function gpex_make($chlg, $privkey, $datafields)
+function gpex_prepare_param($name, $val, &$to_hash,  $charset)
+{
+    $val = iconv('UTF-8', $charset, $val);
+    $to_hash .= $val;
+    return '&' . $name . '=' . urlencode($val);
+}
+
+function gpex_make($chlg, $privkey, $datafields, $charset)
 {
     $tohash   = "1$chlg$privkey";
     $params   = "";
-    $fieldarr = explode(",",$datafields);
+    $fieldarr = explode(',', $datafields);
 
-    $res = XDB::query("SELECT matricule, matricule_ax, promo,
-                                        promo_sortie, flags, deces, nom,
-                                        prenom, nationalite, section,
-                                        naissance
-                                   FROM auth_user_md5 WHERE user_id = {?}",
-                                S::v('uid'));
+    $res = XDB::query("SELECT  matricule, matricule_ax, promo,
+                               promo_sortie, flags, deces, nom,
+                               prenom, nationalite, section,
+                               naissance
+                         FROM  auth_user_md5 WHERE user_id = {?}",
+                       S::v('uid'));
     $personnal_data = $res->fetchOneAssoc();
 
     foreach ($fieldarr as $val) {
-        /* on verifie qu'on n'a pas demandé une variable inexistante ! */
-        if (S::has($val)) {
-            $tohash .= S::v($val);
-            $params .= "&$val=".S::v($val);
+        // Determine the requested value, and add it to the answer.
+        if ($val == 'perms') {
+            $params .= gpex_prepare_param($val, S::has_perms() ? 'admin' : 'user', $tohash, $charset);
+        } else if ($val == 'forlife') {
+            $params .= gpex_prepare_param($val, S::v('hruid'), $tohash, $charset);
+        } else if (S::has($val)) {
+            $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
         } else if (isset($personnal_data[$val])) {
-            $tohash .= $personnal_data[$val];
-            $params .= "&$val=".$personnal_data[$val];
+            $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
         } else if ($val == 'username') {
-            $res = XDB::query("SELECT alias FROM aliases
-                                          WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
-                                        S::v('uid'));
+            $res = XDB::query("SELECT  alias FROM aliases
+                                WHERE  id = {?} AND FIND_IN_SET('bestalias', flags)",
+                              S::v('uid'));
             $min_username = $res->fetchOneCell();
-            $tohash      .= $min_username;
-            $params      .= "&$val=".$min_username;
+            $params      .= gpex_prepare_param($val, $min_username, $tohash, $charset);
         } else if ($val == 'grpauth') {
-        	if (isset($_GET['group'])) {
-	        	$res = XDB::query("SELECT perms FROM groupex.membres
-					INNER JOIN groupex.asso ON(id = asso_id) 
-					WHERE uid = {?} AND diminutif = {?}", S::v('uid'), $_GET['group']);
-				$perms = $res->fetchOneCell();
-			} else {
-				// if no group asked, return main rights
-				$perms = Session::has_perms()?'admin':'membre';
-			}
-			$tohash .= $perms;
-			$params .= "&$val=".$perms;
+            if (isset($_GET['group'])) {
+                $res = XDB::query("SELECT  perms
+                                     FROM  groupex.membres
+                               INNER JOIN  groupex.asso ON(id = asso_id)
+                                    WHERE  uid = {?} AND diminutif = {?}",
+                                  S::v('uid'), $_GET['group']);
+                $perms = $res->fetchOneCell();
+            } else {
+                // if no group asked, return main rights
+                $perms = S::has_perms() ? 'admin' : 'membre';
+            }
+            $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
         }
     }
     $tohash .= "1";
     $auth = md5($tohash);
-    return array($auth, "&auth=".$auth.$params);
-}
-
-/* cree le champs "auth" renvoye au Groupe X */
-function gpex_make_auth($chlg, $privkey, $datafields) {
-	list ($auth, $param) = gpex_make($chlg, $privkey, $datafields);
-	return $auth;
+    return array($auth, "&auth=" . $auth . $params);
 }
 
 /* cree les parametres de l'URL de retour avec les champs demandes */
-function gpex_make_params($chlg, $privkey, $datafields) {
-	list ($auth, $param) = gpex_make($chlg, $privkey, $datafields);
-	return $param;
+function gpex_make_params($chlg, $privkey, $datafields, $charset)
+{
+    list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset);
+    return $param;
 }
 
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: