Will have to think at a better security one day, since anybody can sniff the md5 of a password from the cookie....
not urgent since xml-rpc is only local ... but hey
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: admin.php,v 1.7 2004-10-24 13:49:02 x2000habouzit Exp $
+ $Id: admin.php,v 1.8 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
if(empty($_REQUEST['liste'])) header('Location: index.php');
new_skinned_page('listes/admin.tpl', AUTH_MDP, true);
include('xml-rpc-client.inc.php');
-$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}");
-list($pass) = mysql_fetch_row($res);
-mysql_free_result($res);
-
$err = Array();
-$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949");
+$client = new xmlrpc_client("http://{$_SESSION['uid']}:{$_SESSION['password']}@localhost:4949");
if(isset($_REQUEST['add_member'])) {
$arr = $client->mass_subscribe('polytechnique.org', $liste, Array($_REQUEST['add_member']));
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: check.php,v 1.2 2004-10-06 13:16:49 x2000habouzit Exp $
+ $Id: check.php,v 1.3 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
if(empty($_REQUEST['liste'])) header('Location: index.php');
new_admin_page('listes/check.tpl', true);
include('xml-rpc-client.inc.php');
-$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}");
-list($pass) = mysql_fetch_row($res);
-mysql_free_result($res);
-
-$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949");
+$client = new xmlrpc_client("http://{$_SESSION['uid']}:{$_SESSION['password']}@localhost:4949");
if(isset($_POST['correct'])) { $client->check_options('polytechnique.org', $liste, true); }
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: index.php,v 1.9 2004-10-18 07:06:49 x2000habouzit Exp $
+ $Id: index.php,v 1.10 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
require("auto.prepend.inc.php");
include('xml-rpc-client.inc.php');
include('newsletter.inc.php');
-$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}");
-list($pass) = mysql_fetch_row($res);
-mysql_free_result($res);
-
-$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949");
+$client = new xmlrpc_client("http://{$_SESSION['uid']}:{$_SESSION['password']}@localhost:4949");
if(isset($_GET['del'])) {
$client->unsubscribe('polytechnique.org',$_GET['del']);
header('Location: index.php');
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: members.php,v 1.6 2004-10-15 09:52:22 x2000habouzit Exp $
+ $Id: members.php,v 1.7 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
if(empty($_REQUEST['liste'])) header('Location: index.php');
new_skinned_page('listes/members.tpl', AUTH_COOKIE, true);
include('xml-rpc-client.inc.php');
-$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}");
-list($pass) = mysql_fetch_row($res);
-mysql_free_result($res);
-
-$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949");
+$client = new xmlrpc_client("http://{$_SESSION['uid']}:{$_SESSION['password']}@localhost:4949");
$members = $client->get_members('polytechnique.org', $liste);
$tri_promo = empty($_REQUEST['alpha']);
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: moderate.php,v 1.14 2004-10-28 14:26:33 x2000habouzit Exp $
+ $Id: moderate.php,v 1.15 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
if(empty($_REQUEST['liste'])) header('Location: index.php');
new_skinned_page('listes/moderate.tpl', AUTH_MDP, true);
include('xml-rpc-client.inc.php');
-$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}");
-list($pass) = mysql_fetch_row($res);
-mysql_free_result($res);
-$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949");
+$client = new xmlrpc_client("http://{$_SESSION['uid']}:{$_SESSION['password']}@localhost:4949");
if(isset($_REQUEST['sadd'])) {
$client->handle_request('polytechnique.org', $liste,$_REQUEST['sadd'],4,'');
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: options.php,v 1.4 2004-10-16 11:39:38 x2000habouzit Exp $
+ $Id: options.php,v 1.5 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
if(empty($_REQUEST['liste'])) header('Location: index.php');
new_skinned_page('listes/options.tpl', AUTH_MDP, true);
include('xml-rpc-client.inc.php');
-$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}");
-list($pass) = mysql_fetch_row($res);
-mysql_free_result($res);
-
-$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949");
+$client = new xmlrpc_client("http://{$_SESSION['uid']}:{$_SESSION['password']}@localhost:4949");
if(isset($_POST['submit'])) {
$values =array_map('stripslashes',$_POST);
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: soptions.php,v 1.3 2004-10-06 13:23:20 x2000habouzit Exp $
+ $Id: soptions.php,v 1.4 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
if(empty($_REQUEST['liste'])) header('Location: index.php');
new_admin_page('listes/soptions.tpl', true);
include('xml-rpc-client.inc.php');
-$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}");
-list($pass) = mysql_fetch_row($res);
-mysql_free_result($res);
-
-$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949");
+$client = new xmlrpc_client("http://{$_SESSION['uid']}:{$_SESSION['password']}@localhost:4949");
if(isset($_POST['submit'])) {
$values = array_map('stripslashes', $_POST);
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: trombi.php,v 1.8 2004-10-28 20:28:41 x2000habouzit Exp $
+ $Id: trombi.php,v 1.9 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
if(empty($_REQUEST['liste'])) header('Location: index.php');
include('xml-rpc-client.inc.php');
require("trombi.inc.php");
-$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}");
-list($pass) = mysql_fetch_row($res);
-mysql_free_result($res);
-
-$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949");
+$client = new xmlrpc_client("http://{$_SESSION['uid']}:{$_SESSION['password']}@localhost:4949");
function getList($offset,$limit) {
global $client, $globals;
* Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************
- $Id: xorg.session.inc.php,v 1.33 2004-10-11 20:42:37 x2000habouzit Exp $
+ $Id: xorg.session.inc.php,v 1.34 2004-10-30 15:45:40 x2000habouzit Exp $
***************************************************************************/
require("diogenes.core.session.inc.php");
global $globals;
$result=$globals->db->query("
SELECT prenom, nom, perms, promo, matricule, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host,
- a.alias, UNIX_TIMESTAMP(u.lastnewslogin), a2.alias
+ a.alias, UNIX_TIMESTAMP(u.lastnewslogin), a2.alias, password
FROM auth_user_md5 AS u
INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND (a2.type='a_vie' OR a2.type='alias' OR a2.type='epouse') AND a2.alias LIKE '%.%')
WHERE user_id=$uid
ORDER BY s.start DESC, a2.type != 'epouse', length(a2.alias)
LIMIT 1");
- list($prenom, $nom, $perms, $promo, $matricule, $lastlogin, $host, $forlife, $lastnewslogin, $bestalias) = mysql_fetch_row($result);
+ list($prenom, $nom, $perms, $promo, $matricule, $lastlogin, $host,
+ $forlife, $lastnewslogin, $bestalias, $password) = mysql_fetch_row($result);
mysql_free_result($result);
// on garde le logger si il existe (pour ne pas casser les sessions lors d'une
$_SESSION['forlife'] = $forlife;
$_SESSION['bestalias'] = $bestalias;
$_SESSION['matricule'] = $matricule;
+ $_SESSION['password'] = $password;
$res = $globals->db->query("SELECT flags FROM identification WHERE matricule = '$matricule' AND FIND_IN_SET(flags, 'femme')");
$_SESSION['femme'] = mysql_num_rows($res) > 0;
mysql_free_result($res);
projects / platal.git / commitdiff