Implements a dirty version of tokenAuth in XorgSession (waiting for hruid).

Remove SQL query from wiki and RSS, so they can be moved to the core lib.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>

diff --git a/classes/xnetsession.php b/classes/xnetsession.php
index 73dd844..3f9dca1 100644 (file)
--- a/classes/xnetsession.php
+++ b/classes/xnetsession.php
@@ -130,6 +130,32 @@ class XnetSession extends PlSession
         return true;
     }
 
+    public function tokenAuth($login, $token)
+    {
+        // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require
+        // a valid nome and checks the permissions. When the PlUser object will be ready, we'll
+        // be able to return a simple 'PlUser' object here without trying to alterate the
+        // session.
+        $res = XDB::query('SELECT  u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe
+                             FROM  aliases         AS a
+                       INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
+                       INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
+                            WHERE  a.alias = {?} AND a.type != "homonyme"', $token, $login);
+        if ($res->numRows() == 1) {
+            $sess = $res->fetchOneAssoc();
+            if (!S::has('uid')) {
+                $_SESSION = $sess;
+                $this->makePerms($sess['perms']);
+                return S::i('uid');
+            } else if (S::i('uid') == $sess['uid']) {
+                return S::i('uid');
+            } else {
+                Platal::page()->kill('Invalid state. To be fixed when hruid is ready');
+            }
+        }
+        return null;
+    }
+
     public function doSelfSuid()
     {
         if (!$this->startSUID(S::i('uid'))) {

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index 1424389..48a2664 100644 (file)
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -267,6 +267,32 @@ class XorgSession extends PlSession
         }
     }
 
+    public function tokenAuth($login, $token)
+    {
+        // FIXME: we broke the session here because some RSS feeds (mainly wiki feeds) require
+        // a valid nome and checks the permissions. When the PlUser object will be ready, we'll
+        // be able to return a simple 'PlUser' object here without trying to alterate the
+        // session.
+        $res = XDB::query('SELECT  u.user_id AS uid, u.perms, u.nom, u.nom_usage, u.prenom, u.promo, FIND_IN_SET(\'femme\', u.flags) AS sexe
+                             FROM  aliases         AS a
+                       INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
+                       INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
+                            WHERE  a.alias = {?} AND a.type != "homonyme"', $token, $login);
+        if ($res->numRows() == 1) {
+            $sess = $res->fetchOneAssoc();
+            if (!S::has('uid')) {
+                $_SESSION = $sess;
+                $this->makePerms($sess['perms']);
+                return S::i('uid');
+            } else if (S::i('uid') == $sess['uid']) {
+                return S::i('uid');
+            } else {
+                Platal::page()->kill('Invalid state. To be fixed when hruid is ready');
+            }
+        }
+        return null;
+    }
+
     public function makePerms($perm)
     {
         $flags = new PlFlagSet();

diff --git a/core b/core
index 748b27d..8bdb07e 160000 (submodule)
--- a/core
+++ b/core
@@ -1 +1 @@
-Subproject commit 748b27d2298eb61c212765a9480b0db661577232
+Subproject commit 8bdb07ee8944d8ef3d37b733477834a64a897aa6

diff --git a/include/rss.inc.php b/include/rss.inc.php
index 3b07d78..9d38d31 100644 (file)
--- a/include/rss.inc.php
+++ b/include/rss.inc.php
@@ -19,29 +19,11 @@
  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  ***************************************************************************/
 
-function _rss_encode_date($d) {
-    if (preg_match('/^\d{14}$/', $d)) {
-        $t = mktime(substr($d,8,2), substr($d,10,2), substr($d,12,2), substr($d,4,2), substr($d,6,2), substr($d,0,4));
-    } else {
-        $t = strtotime($d);
-    }
-    return date('r', $t);
-}
-
 function init_rss($template, $alias, $hash, $require_uid = true)
 {
     $page =& Platal::page();
     $page->changeTpl($template, NO_SKIN);
-    $page->register_modifier('rss_date', '_rss_encode_date');
-
-    $res = XDB::query(
-        'SELECT  a.id
-           FROM  aliases         AS a
-     INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
-     INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
-          WHERE  a.alias = {?} AND a.type != "homonyme"', $hash, $alias);
-    $uid = $res->fetchOneCell();
-
+    $uid = Platal::session()->tokenAuth($alias, $hash);
     if (empty($uid)) {
         if ($require_uid) {
             exit;

diff --git a/include/wiki.inc.php b/include/wiki.inc.php
index bba6b11..0abf171 100644 (file)
--- a/include/wiki.inc.php
+++ b/include/wiki.inc.php
@@ -122,16 +122,10 @@ function wiki_apply_feed_perms($perm)
 
     require_once 'rss.inc.php';
     $uid = init_rss(null, Env::v('user'), Env::v('hash'));
-    $res = XDB::query('SELECT user_id AS uid, IF (nom_usage <> \'\', nom_usage, nom) AS nom, prenom, perms
-                         FROM auth_user_md5
-                        WHERE user_id = {?}', $uid);
-    if (!$res->numRows()) {
+    if (is_null($uid)) {
         exit;
     }
-    $table = $res->fetchOneAssoc();
-    $_SESSION = array_merge($_SESSION, $table, array('forlife' => Env::v('user')));
-    $_SESSION['perms'] =& XorgSession::make_perms($_SESSION['perms']);
-    if ($perm == 'logged' || $_SESSION['perms']->hasFlag('admin')) {
+    if ($perm == 'logged' || S::has_perms()) {
         return;
     }
     exit;