X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fauth%2Fauth.inc.php;h=bc4289fda133a23c61ab0b28ef5d7abe0a077bd4;hb=48dba8feba7c3653a925aab5273fc30a6c257240;hp=64aa66e798d782161db03bdc0c4969d089ab7251;hpb=352fb10191f46abd6b0d309615c2fd23375ba646;p=platal.git

diff --git a/modules/auth/auth.inc.php b/modules/auth/auth.inc.php
index 64aa66e..bc4289f 100644
--- a/modules/auth/auth.inc.php
+++ b/modules/auth/auth.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2006 Polytechnique.org                              *
+ *  Copyright (C) 2003-2014 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -19,67 +19,87 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************/
 
-/* cree le champs "auth" renvoye au Groupe X */
-function gpex_make_auth($chlg, $privkey, $datafields) {
-    global $globals;
-    $fieldarr = explode(",",$datafields);
+function gpex_prepare_param($name, $val, &$to_hash,  $charset)
+{
+    $val = iconv('UTF-8', $charset, $val);
+    $to_hash .= $val;
+    return '&' . $name . '=' . urlencode($val);
+}
+
+function gpex_make($chlg, $privkey, $datafields, $charset)
+{
     $tohash   = "1$chlg$privkey";
+    $params   = "";
+    $fieldarr = explode(',', $datafields);
 
-    $res = $globals->xdb->query("SELECT matricule, matricule_ax, promo,
-                                        promo_sortie, flags, deces, nom,
-                                        prenom, nationalite, section,
-                                        naissance
-                                   FROM auth_user_md5 WHERE user_id = {?}",
-                                Session::getInt('uid'));
-    $personnal_data = $res->fetchOneAssoc();
+    $user =& S::user();
+    if ($user->hasProfile()) {
+        /* Transition table for authentification. */
+        $personnal_data = $user->profile()->data();
+        $personnal_data['full_promo'] = $personnal_data['promo'];
+        $personnal_data['promo'] = $personnal_data['entry_year'];
+        $personnal_data['matricule'] = $personnal_data['xorg_id'];
+        $personnal_data['matricule_ax'] = $personnal_data['ax_id'];
+        $personnal_data['promo_sortie'] = $personnal_data['grad_year'];
+        $personnal_data['nationalite'] = $personnal_data['nationality1'];
+        $personnal_data['naissance'] = $personnal_data['birthdate'];
+        $personnal_data['deces'] = $personnal_data['deathdate'];
+        $personnal_data['nom'] = $personnal_data['lastname'];
+        $personnal_data['prenom'] = $personnal_data['firstname'];
+        $personnal_data['flags'] = $user->profile()->isFemale() ? 'femme' : '';
+    } else {
+        // Missing fields: promo, entry_year, grad_year, ax_id, xorg_id, forlife
+        $personnal_data = array(
+            'lastname' => $user->lastname,
+            'firstname' => $user->firstname,
+            'sex' => $user->gender
+        );
+    }
 
     foreach ($fieldarr as $val) {
-        /* on verifie qu'on n'a pas demandÃ© une variable inexistante ! */
-        if (Session::has($val)) {
-            $tohash .= Session::get($val);
+        // Determine the requested value, and add it to the answer.
+        if ($val == 'perms') {
+            $params .= gpex_prepare_param($val, S::admin() ? 'admin' : 'user', $tohash, $charset);
+        } else if ($val == 'forlife') {
+            $params .= gpex_prepare_param($val, S::v('hruid'), $tohash, $charset);
+        } else if (S::has($val)) {
+            $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
         } else if (isset($personnal_data[$val])) {
-            $tohash .= $personnal_data[$val];
+            $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
         } else if ($val == 'username') {
-            $res = $globals->xdb->query("SELECT alias FROM aliases
-                                          WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
-                                        Session::getInt('uid'));
-            $min_username = $res->fetchOneCell();
-            $tohash      .= $min_username;
+            $min_username = XDB::fetchOneCell('SELECT  email
+                                                 FROM  email_source_account
+                                                WHERE  uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
+                                              S::i('uid'));
+            $params .= gpex_prepare_param($val, (is_null($min_username) ? '' : $min_username), $tohash, $charset);
+        } else if ($val == 'grpauth') {
+            if (isset($_GET['group'])) {
+                $res = XDB::query("SELECT  perms
+                                     FROM  group_members
+                               INNER JOIN  groups ON(id = asso_id)
+                                    WHERE  uid = {?} AND diminutif = {?}",
+                                  S::v('uid'), $_GET['group']);
+                $perms = $res->fetchOneCell();
+            } else {
+                // if no group asked, return main rights
+                $perms = S::admin() ? 'admin' : 'membre';
+            }
+            $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
+        } else {
+            $params .= gpex_prepare_param($val, '', $tohash, $charset);
         }
     }
     $tohash .= "1";
-    return md5($tohash);
+    $auth = md5($tohash);
+    return array($auth, "&auth=" . $auth . $params);
 }
 
 /* cree les parametres de l'URL de retour avec les champs demandes */
-function gpex_make_params($chlg, $privkey, $datafields) {
-    global $globals;
-    $params   = "&auth=".gpex_make_auth($chlg, $privkey, $datafields);
-
-    $res = $globals->xdb->query("SELECT matricule, matricule_ax, promo,
-                                        promo_sortie, flags, deces, nom,
-                                        prenom, nationalite, section,
-                                        naissance
-                                   FROM auth_user_md5 WHERE user_id = {?}",
-                                Session::getInt('uid'));
-    $personnal_data = $res->fetchOneAssoc();
-
-    $fieldarr = explode(",",$datafields);
-
-    foreach ($fieldarr as $val) {
-        if (Session::has($val)) {
-            $tohash .= Session::get($val);
-        } else if (isset($personnal_data[$val])) {
-            $params .= "&$val=".$personnal_data[$val];
-        } else if ($val == 'username') {
-            $res = $globals->xdb->query("SELECT alias FROM aliases 
-                                          WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
-                                        Session::getInt('uid'));
-            $min_username = $res->fetchOneCell();
-            $params      .= "&$val=".$min_username;
-        }
-    }
-    return $params;
+function gpex_make_params($chlg, $privkey, $datafields, $charset)
+{
+    list ($auth, $param) = gpex_make($chlg, $privkey, $datafields, $charset);
+    return $param;
 }
 
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8:
 ?>