From: Vincent Zanotti Date: Sun, 15 Jun 2008 18:52:12 +0000 (+0200) Subject: Finally makes xorg/xnet sessions compliant with the new forlife/hruid scheme. X-Git-Tag: xorg/0.10.0~86^2~84 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=2fdafb32e2bceee23bf305a63c18bd320622d166;p=platal.git Finally makes xorg/xnet sessions compliant with the new forlife/hruid scheme. Adds a session-based User object, generated at runtime from sessions variables, without any SQL requests. Signed-off-by: Vincent Zanotti --- diff --git a/classes/session.php b/classes/session.php index e78d597..0b3da32 100644 --- a/classes/session.php +++ b/classes/session.php @@ -88,6 +88,11 @@ class Session return Session::v('auth', AUTH_PUBLIC) >= AUTH_MDP; } + public static function rssActivated() + { + return Session::has('core_rss_hash') && Session::v('core_rss_hash'); + } + // Anti-XSRF protections. public static function has_xsrf_token() { @@ -104,9 +109,17 @@ class Session } } - public static function rssActivated() + // In-session User object. + private static $user = null; + public static function &user() { - return Session::has('core_rss_hash') && Session::v('core_rss_hash'); + if (!isset(self::$user)) { + self::$user = User::getWithValues( + Session::i('uid'), + $_SESSION, + array('User', '_silent_user_callback')); + } + return self::$user; } } diff --git a/include/xnet/session.inc.php b/include/xnet/session.inc.php index 1441f19..b374aa2 100644 --- a/include/xnet/session.inc.php +++ b/include/xnet/session.inc.php @@ -108,6 +108,7 @@ class XnetSession { global $globals, $page; + // Checks the SSO control token value. if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) { Get::kill('auth'); if (!$page) { @@ -117,23 +118,31 @@ class XnetSession $page->kill("Erreur d'authentification avec polytechnique.org !"); } + // Fetches user's data. $res = XDB::query(" SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme, - u.hruid, a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash + u.hruid, CONCAT(a.alias, '@{$globals->mail->domain}') AS forlife, CONCAT(a2.alias, '@{$globals->mail->domain}') AS bestalias, + q.core_mail_fmt AS mail_fmt, q.core_rss_hash FROM auth_user_md5 AS u INNER JOIN auth_user_quick AS q USING(user_id) INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = 'a_vie') INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags)) WHERE u.user_id = {?} AND u.perms IN('admin','user') LIMIT 1", Get::i('uid')); + + // Sets up the session, using fetched data and Xorg's permission system. $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc()); $_SESSION['auth'] = AUTH_MDP; require_once 'xorg/session.inc.php'; $_SESSION['perms'] =& XorgSession::make_perms(S::v('perms')); + + // Removes session values which are of no interest in Xnet context. S::kill('challenge'); S::kill('loginX'); S::kill('may_update'); S::kill('is_member'); + + // Builds the Xnet destination URL, and redirects the user. Get::kill('auth'); Get::kill('uid'); $path = Get::v('n'); diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php index 58850c9..ea6fa21 100644 --- a/include/xorg/session.inc.php +++ b/include/xorg/session.inc.php @@ -238,10 +238,13 @@ function try_cookie() */ function start_connexion ($uid, $identified) { + global $globals; + + // Fetches user's data. $res = XDB::query(" SELECT u.user_id AS uid, prenom, prenom_ini, nom, nom_ini, nom_usage, perms, promo, promo_sortie, matricule, password, FIND_IN_SET('femme', u.flags) AS femme, - u.hruid, a.alias AS forlife, a2.alias AS bestalias, + u.hruid, CONCAT(a.alias, '@{$globals->mail->domain}') AS forlife, CONCAT(a2.alias, '@{$globals->mail->domain}') AS bestalias, q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash, FIND_IN_SET('watch', u.flags) AS watch_account, q.last_version FROM auth_user_md5 AS u @@ -249,6 +252,8 @@ function start_connexion ($uid, $identified) INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = 'a_vie') INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias', a2.flags)) WHERE u.user_id = {?} AND u.perms IN('admin','user')", $uid); + + // Fetches last connection information. $sess = $res->fetchOneAssoc(); $res = XDB::query("SELECT UNIX_TIMESTAMP(s.start) AS lastlogin, s.host FROM logger.sessions AS s @@ -258,8 +263,9 @@ function start_connexion ($uid, $identified) if ($res->numRows()) { $sess = array_merge($sess, $res->fetchOneAssoc()); } - $suid = S::v('suid'); + // Sets up special environment for suid sessions, and sets up the logger. + $suid = S::v('suid'); if ($suid) { $logger = new CoreLogger($uid, $suid['uid']); $logger->log("suid_start", S::v('hruid') . " by {$suid['uid']}"); @@ -270,10 +276,13 @@ function start_connexion ($uid, $identified) setcookie('ORGuid', $uid, (time()+25920000), '/', '', 0); } + // Finally sets up the PHP session. $_SESSION = array_merge($_SESSION, $sess); $_SESSION['log'] = $logger; $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE); $_SESSION['perms'] =& XorgSession::make_perms($_SESSION['perms']); + + // Checks for watched users / ip addresses. $mail_subject = null; if (check_account()) { $mail_subject = "Connexion d'un utilisateur surveillé"; @@ -306,6 +315,8 @@ function start_connexion ($uid, $identified) if ($mail_subject) { send_warning_mail($mail_subject); } + + // Miscellaneous environment setup. set_skin(); update_NbNotifs(); check_redirect();