================================================================================
+VERSION 0.10.1 XX XX XXXX
+
+From 0.10.0 branch:
+
+ * Auth:
+ - Fix use of deprecated PlLogger in password recovery -JAC
+
+ * Lists:
+ - #942: Fix missing MLs in ML listing -FRU
+ - #943: Fix adding member to a list -FRU
+
+ * Profile:
+ - Fix malformed query leading to error when adding an address -FRU
+
+================================================================================
VERSION 0.10.0 11 12 2008
New:
$this->uid, $this->session);
}
+ public function isValid($uid) {
+ return $uid == $this->uid;
+ }
/** Logs an action and its related data.
*
$this->perm_flags = self::makePerms($this->perms);
}
+ // Return the password of the user
+ public function password()
+ {
+ return XDB::fetchOneCell('SELECT u.password
+ FROM auth_user_md5 AS u
+ WHERE u.user_id = {?}', $this->id());
+ }
+
// Return permission flags for a given permission level.
public static function makePerms($perms)
{
private function tryCookie()
{
S::kill('auth_by_cookie');
- if (Cookie::v('ORGaccess') == '' || !Cookie::has('ORGuid')) {
+ if (Cookie::v('access') == '' || !Cookie::has('uid')) {
return -1;
}
$res = XDB::query('SELECT user_id, password
FROM auth_user_md5
WHERE user_id = {?} AND perms IN(\'admin\', \'user\')',
- Cookie::i('ORGuid'));
+ Cookie::i('uid'));
if ($res->numRows() != 0) {
list($uid, $password) = $res->fetchOneRow();
require_once 'secure_hash.inc.php';
$expected_value = hash_encrypt($password);
- if ($expected_value == Cookie::v('ORGaccess')) {
+ if ($expected_value == Cookie::v('access')) {
S::set('auth_by_cookie', $uid);
return 0;
} else {
}
}
if ($response != $expected_response) {
+ if (!S::logged()) {
+ Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
+ } else {
+ Platal::page()->trigError('Mot de passe invalide');
+ }
S::logger($uid)->log('auth_fail', 'bad password');
return null;
}
return $uid;
}
+ Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
return null;
}
if (!S::has('suid')) {
if (Post::has('domain')) {
if (($domain = Post::v('domain', 'login')) == 'alias') {
- setcookie('ORGdomain', "alias", (time() + 25920000), '/', '', 0);
+ Cookie::set('domain', 'alias', 300);
} else {
- setcookie('ORGdomain', '', (time() - 3600), '/', '', 0);
+ Cookie::kill('domain');
}
- // pour que la modification soit effective dans le reste de la page
- $_COOKIE['ORGdomain'] = $domain;
}
}
S::kill('challenge');
}
if ($level == AUTH_SUID) {
S::set('auth', AUTH_MDP);
- unset($_SESSION['log']);
}
// Retrieves main user properties.
} else {
$logger = S::logger($uid);
$logger->saveLastSession();
- setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0);
+ Cookie::set('uid', $uid, 300);
if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') {
- $cookie = hash_encrypt($sess['password']);
- setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0);
- if (S::i('auth_by_cookie') != $uid) {
- $logger->log("cookie_on");
- }
+ $this->setAccessCookie(false, S::i('auth_by_cookie') != $uid);
} else {
- setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
- $logger->log("cookie_off");
+ $this->killAccessCookie();
}
}
return null;
}
- public function makePerms($perm)
+ protected function makePerms($perm, $is_admin)
{
$flags = new PlFlagSet();
if ($perm == 'disabled' || $perm == 'ext') {
$n = select_notifs(false, S::i('uid'), S::v('watch_last'), false);
S::set('notifs', $n->numRows());
}
+
+ public function setAccessCookie($replace = false, $log = true) {
+ if (S::has('suid') || ($replace && !Cookie::blank('access'))) {
+ return;
+ }
+ require_once('secure_hash.inc.php');
+ Cookie::set('access', hash_encrypt(S::v('password')), 300, true);
+ if ($log) {
+ S::logger()->log('cookie_on');
+ }
+ }
+
+ public function killAccessCookie($log = true) {
+ Cookie::kill('access');
+ if ($log) {
+ S::logger()->log('cookie_off');
+ }
+ }
+
+ public function killLoginFormCookies() {
+ Cookie::kill('uid');
+ Cookie::kill('domain');
+ }
}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
-Subproject commit a12a0ce3c524c4edabcbb0e872fbc84fc3bad498
+Subproject commit 35fff9b04585817e74f4709f36b70d959ce3224c
function get_address_infos($txt)
{
global $globals;
+
$url = $globals->geoloc->webservice_url."address.php?precise=1&txt=" . urlencode($txt);
- if (!($f = @fopen($url, 'r'))) return false;
+ if ($globals->debug & DEBUG_BT) {
+ if (!isset(PlBacktrace::$bt['Geoloc'])) {
+ new PlBacktrace('Geoloc');
+ }
+ PlBacktrace::$bt['Geoloc']->start($url);
+ }
+ $f = @fopen($url, 'r');
+ if ($f === false) {
+ if ($globals->debug & DEBUG_BT) {
+ PlBacktrace::$bt['Geoloc']->stop(0, 'Can\'t fetch result');
+ }
+ return false;
+ }
$keys = explode('|',fgets($f));
$vals = explode('|',fgets($f));
+ if ($globals->debug & DEBUG_BT) {
+ $data = array();
+ for ($i = 0 ; $i < count($keys) ; ++$i) {
+ $data[] = array($keys[$i], $vals[$i]);
+ }
+ PlBacktrace::$bt['Geoloc']->stop(count($keys), null, $data);
+ }
$infos = empty_address();
foreach ($keys as $i=>$key) {
if($vals[$i]) {
{
require_once 'emails.inc.php';
if (is_null($red)) {
- $red = new Redirect(S::user());
+ $user = S::user();
+ $red = new Redirect($user);
}
if ($red->get_uid() == S::v('uid')) {
$_SESSION['no_redirect'] = !$red->other_active('');
foreach($members as $mem) {
list($m, $dom) = explode('@', $mem);
$info = list_fetch_name($mem);
- if (is_null($info['uid'])) {
+ if (!isset($info['uid']) || is_null($info['uid'])) {
$membres[0][] = array('l' => $mem, 'p' => (!$tri_promo ? 'inconnue' : null));
} else {
$uid = $info['uid'];
// }}}
// {{{ function list_sort_members
-function list_sort_members(&$members, $tri_promo = true)
+function list_sort_members($members, $tri_promo = true)
{
- return list_sort_owners(list_extract_members($members), $tri_promo);
+ $m = list_extract_members($members);
+ return list_sort_owners($m, $tri_promo);
}
// }}}
}
}
- $log =& S::v('log');
- S::logger()->log('passwd', '');
-
- if (Cookie::v('ORGaccess')) {
- setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
- S::logger()->log('cookie_on', '');
- }
+ S::logger()->log('passwd');
+ Platal::session()->setAccessCookie(true);
$page->changeTpl('platal/motdepasse.success.tpl');
$page->run();
}
if ($level == 'forget' || $level == 'forgetall') {
- setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGaccess');
- S::logger()->log("cookie_off");
+ Platal::session()->killAccessCookie();
}
if ($level == 'forgetuid' || $level == 'forgetall') {
- setcookie('ORGuid', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGuid');
- setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGdomain');
+ Platal::session()->killLoginFormCookies();
}
- $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
- S::logger()->log('deconnexion',$ref);
+ S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
Platal::session()->destroy();
if (Get::has('redirect')) {
}
}
- $log = S::v('log');
- S::logger()->log('passwd', '');
-
- if (Cookie::v('ORGaccess')) {
- require_once('secure_hash.inc.php');
- setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
- S::logger()->log('cookie_on', '');
- }
+ S::logger()->log('passwd');
+ Platal::session()->setAccessCookie(true);
$page->assign('mdpok', true);
}
function smarty_insert_getName()
{
- $uid = Cookie::v('ORGuid', -1);
+ $uid = Cookie::v('uid', -1);
if ($uid < 0) {
return "";
}
{
global $globals;
- $id = Cookie::i('ORGuid', -1);
+ $id = Cookie::i('uid', -1);
$id = S::v($_SESSION['uid'], $id);
if ($id<0) {
return "";
}
- if (Cookie::v('ORGdomain', 'login') != 'alias') {
+ if (Cookie::v('domain', 'login') != 'alias') {
$res = XDB::query("SELECT alias FROM aliases
WHERE id={?} AND (type IN ('a_vie','alias') AND FIND_IN_SET('bestalias', flags))", $id);
return $res->fetchOneCell();
</p>
{/if}
-{if $smarty.request.response}<!-- failed login code //-->
-{include core=triggers.tpl text="Erreur d'identification. Essaie à nouveau !" type="errors"}
-<br />
-{/if}
-
<form action="{$smarty.server.REQUEST_URI}" method="post" id="login" onsubmit="doChallengeResponse(); return false;" style="display: none">
<table class="bicol" cellpadding="4" summary="Formulaire de login">
<tr>
{* *}
{**************************************************************************}
+<h1>{icon name=error} Page sécurisée</h1>
-<div class="center">
- <table>
- <tr>
- <td>
- {icon name=error}
- </td>
- <td>
- <span class="smaller">
- <strong>
- Pour des raisons de <span class="erreur">sécurité</span>, il est obligatoire de taper ton mot de passe, même
- avec l'accès permanent, pour certaines opérations sensibles.
- </strong>
- </span>
- </td>
- <td>
- {icon name=error}
- </td>
- </tr>
- </table>
+<div>
+ La page que tu as demandée est classée comme sensible. Il est nécessaire de taper ton mot de passe
+ pour y accéder, même avec l'accès permanet activé.
</div>
<br />
<table class="tinybicol" cellpadding="4" summary="Formulaire de login">
<tr>
<td class="titre">
+ Nom d'utilisateur :
+ </td>
+ <td>{$smarty.session.hruid}</td>
+ <td class="right" rowspan="3" style="vertical-align: middle">
+ <input type="submit" name="submitbtn" value="Envoyer" />
+ </td>
+ </tr>
+ <tr>
+ <td class="titre">
Mot de passe :
</td>
<td>
<input type="password" name="password" size="10" maxlength="256" />
<a href="recovery">Perdu ?</a>
</td>
- <td class="right" rowspan="2" style="vertical-align: middle">
- <input type="submit" name="submitbtn" value="Envoyer" />
- </td>
</tr>
<tr>
<td {popup caption='Connexion permanente' width='300' text='Décoche cette case pour que le site oublie ce navigateur.<br />
</table>
</form>
<br />
-{if $smarty.request.response}<!-- failed login code -->
-{include core=triggers.tpl text="Erreur d'identification. Essaie à nouveau !" type="errors"}
-{/if}
<!-- Set up the form with the challenge value and an empty reply value -->
<form action="{$smarty.server.REQUEST_URI}" method="post" id="loginsub">