- // }}}
-}
-
-// {{{ function try_cookie()
-
-/** réalise la récupération de $_SESSION pour qqn avec cookie
- * @return int 0 if all OK, -1 if no cookie, 1 if cookie with bad hash,
- * -2 should not happen
- */
-function try_cookie()
-{
- if (Cookie::v('ORGaccess') == '' or !Cookie::has('ORGuid')) {
- return -1;
- }
-
- $res = @XDB::query(
- "SELECT user_id,password FROM auth_user_md5
- WHERE user_id = {?} AND perms IN('admin','user')",
- Cookie::i('ORGuid'));
-
- if ($res->numRows() != 0) {
- list($uid, $password) = $res->fetchOneRow();
- require_once('secure_hash.inc.php');
- $expected_value = hash_encrypt($password);
- if ($expected_value == Cookie::v('ORGaccess')) {
- if (!start_connexion($uid, false)) {
- return -3;
- }
- return 0;
- } else {
- return 1;
- }
- }
-
- return -2;
-}
-
-// }}}
-// {{{ function start_connexion()
-
-/** place les variables de session dépendants de auth_user_md5
- * et met à jour les dates de dernière connexion si nécessaire
- * @return void
- * @see controlpermanent.inc.php controlauthentication.inc.php
- */
-function start_connexion ($uid, $identified)
-{
- $res = XDB::query("
- SELECT u.user_id AS uid, prenom, prenom_ini, nom, nom_ini, nom_usage, perms, promo, promo_sortie,
- matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
- a.alias AS forlife, a2.alias AS bestalias,
- q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash,
- FIND_IN_SET('watch', u.flags) AS watch_account, q.last_version
- FROM auth_user_md5 AS u
- INNER JOIN auth_user_quick AS q USING(user_id)
- INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
- INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags))
- WHERE u.user_id = {?} AND u.perms IN('admin','user')", $uid);
- $sess = $res->fetchOneAssoc();
- $res = XDB::query("SELECT UNIX_TIMESTAMP(s.start) AS lastlogin, s.host
- FROM logger.sessions AS s
- WHERE s.uid = {?} AND s.suid = 0
- ORDER BY s.start DESC
- LIMIT 1", $uid);
- if ($res->numRows()) {
- $sess = array_merge($sess, $res->fetchOneAssoc());
- }
- $suid = S::v('suid');
-
- if ($suid) {
- $logger = new PlLogger($uid, $suid['uid']);
- $logger->log("suid_start", S::v('forlife')." by {$suid['uid']}");
- $sess['suid'] = $suid;
- } else {
- $logger = S::v('log', new PlLogger($uid));
- $logger->log("connexion", Env::v('n'));
- setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0);
- }
-
- $_SESSION = array_merge($_SESSION, $sess);
- $_SESSION['log'] = $logger;
- $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE);
- $_SESSION['perms'] =& XorgSession::make_perms($_SESSION['perms']);
- $mail_subject = null;
- if (check_account()) {
- $mail_subject = "Connexion d'un utilisateur surveillé";
- }
- if (check_ip('unsafe')) {
- if ($mail_subject) {
- $mail_subject .= ' - ';
- }
- $mail_subject .= "Une IP surveillee a tente de se connecter";
- if (check_ip('ban')) {
- send_warning_mail($mail_subject);
- $_SESSION = array();
- $_SESSION['perms'] = new PlFlagSet();
- global $page;
- $newpage = false;
- if (!$page) {
- $page =& Platal::page();
- $newpage = true;
- }
- $page->trigError("Une erreur est survenue lors de la procédure d'authentification. "
- ."Merci de contacter au plus vite "
- ."<a href='mailto:support@polytechnique.org'>support@polytechnique.org</a>");
- if ($newpage) {
- $page->run();
- }
- return false;