From: x2000habouzit Date: Thu, 2 Sep 2004 19:39:19 +0000 (+0000) Subject: login system, su sytem, cookie system are now fixed X-Git-Tag: xorg/old~1608 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=69952fb3a4b0cc707e789a2c55a5a5995110549d;p=platal.git login system, su sytem, cookie system are now fixed --- diff --git a/htdocs/admin/utilisateurs.php b/htdocs/admin/utilisateurs.php index d29d8b1..9390243 100644 --- a/htdocs/admin/utilisateurs.php +++ b/htdocs/admin/utilisateurs.php @@ -18,7 +18,7 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: utilisateurs.php,v 1.15 2004-09-02 17:43:14 x2000habouzit Exp $ + $Id: utilisateurs.php,v 1.16 2004-09-02 19:39:20 x2000habouzit Exp $ ***************************************************************************/ require("auto.prepend.inc.php"); @@ -37,29 +37,12 @@ if(isset($_REQUEST['logs_button'])) { /* * SUID */ -if(isset($_REQUEST['suid_button']) and isset($_REQUEST['login']) - and !isset($_SESSION['suid']) // pas de su imbriqués - ) { - $res = @$globals->db->query( "SELECT user_id,prenom,nom,promo,perms FROM auth_user_md5 WHERE username='{$_REQUEST['login']}'"); - if(@mysql_num_rows($res) != 0) { - list($uid,$prenom,$nom,$promo,$perms)=mysql_fetch_row($res); - // on déplace le log de l'admin dans slog, et on crée un log de suid en log - // on loggue le démarrage de la session suid pour l'admin et l'utilisateur - $log_data = $_REQUEST['login']." by ".$_SESSION['username']; - $_SESSION['log']->log("suid_start",$log_data); - $_SESSION['slog'] = $_SESSION['log']; - $_SESSION['log'] = new DiogenesCoreLogger($uid,$_SESSION['uid']); - $_SESSION['log']->log("suid_start",$log_data); - // on modifie les variables de session suffisantes pour faire un su - // rem : la skin n'est pas modifiée - $_SESSION['suid'] = $_SESSION['uid']; - $_SESSION['username'] = $_REQUEST['login']; - $_SESSION['perms'] = $perms; - $_SESSION['uid'] = $uid; - $_SESSION['prenom'] = $prenom; - $_SESSION['nom'] = $nom; - $_SESSION['promo'] = $promo; - } +if(isset($_REQUEST['suid_button']) and isset($_REQUEST['login']) and !isset($_SESSION['suid'])) { + $log_data = $_REQUEST['login']." by ".$_SESSION['forlife']; + $_SESSION['log']->log("suid_start",$log_data); + $_SESSION['slog'] = $_SESSION['log']; + $_SESSION['suid'] = $_SESSION['uid']; + start_connexion($_SESSION['uid'],true); header("Location: ../"); } diff --git a/htdocs/css/default.css b/htdocs/css/default.css index aafd5da..ad21ded 100644 --- a/htdocs/css/default.css +++ b/htdocs/css/default.css @@ -386,7 +386,6 @@ div.item div.value { } background: #ffc0cb; width: 100%; font-weight: bold; - position: fixed; } #suid td { padding: 2px; } #suid a { color: red; } @@ -465,4 +464,4 @@ div.item div.value { } } /* vim: set et ts=4 sts=4 sw=4: */ -/* $Id: default.css,v 1.37 2004-08-31 22:21:05 x2000habouzit Exp $ */ +/* $Id: default.css,v 1.38 2004-09-02 19:39:20 x2000habouzit Exp $ */ diff --git a/htdocs/exit.php b/htdocs/exit.php index 7838d6d..7d33755 100644 --- a/htdocs/exit.php +++ b/htdocs/exit.php @@ -18,31 +18,20 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: exit.php,v 1.5 2004-09-02 18:37:14 x2000habouzit Exp $ + $Id: exit.php,v 1.6 2004-09-02 19:39:19 x2000habouzit Exp $ ***************************************************************************/ require("auto.prepend.inc.php"); new_skinned_page('index.tpl',AUTH_MDP); if (isset($_SESSION['suid'])) { - $res = @$globals->db->query( "SELECT prenom,nom,promo,perms FROM auth_user_md5 WHERE user_id='{$_SESSION['suid']}'"); - if(@mysql_num_rows($res) != 0) { - list($prenom,$nom,$promo,$perms)=mysql_fetch_row($res); - // on rétablit les loggers - // on loggue la fermeture de la session de su - $log_data = "{$_SESSION['prenom']} {$_SESSION['nom']} {$_SESSION['promo']} by $prenom $nom $promo"; - $_SESSION['log']->log("suid_stop",$log_data); - $_SESSION['log'] = $_SESSION['slog']; - unset($_SESSION['slog']); - $_SESSION['log']->log("suid_stop",$log_data); - // on remet en place les variables de sessions modifiées par le su - $_SESSION['uid'] = $_SESSION['suid']; - unset($_SESSION['suid']); - $_SESSION['prenom'] = $prenom; - $_SESSION['nom'] = $nom; - $_SESSION['promo'] = $promo; - $_SESSION['perms'] = $perms; - } + $suid = $_SESSION['suid']; + $log_data = "{$_SESSION['forlife']} by $suid}"; + $_SESSION['log']->log("suid_stop",$log_data); + $_SESSION['log'] = $_SESSION['slog']; + unset($_SESSION['suid']); + unset($_SESSION['slog']); + start_connexion($suid,true); } header("Location: login.php"); diff --git a/include/insert.password.inc.php b/include/insert.password.inc.php index 704fa4c..f7519e0 100644 --- a/include/insert.password.inc.php +++ b/include/insert.password.inc.php @@ -18,7 +18,7 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: insert.password.inc.php,v 1.3 2004-09-02 18:23:02 x2000habouzit Exp $ + $Id: insert.password.inc.php,v 1.4 2004-09-02 19:39:20 x2000habouzit Exp $ ***************************************************************************/ function smarty_insert_getName() { @@ -33,10 +33,11 @@ function smarty_insert_getName() { } function smarty_insert_getUsername() { + global $globals; if(isset($_COOKIE['ORGuid'])) $id = $_COOKIE['ORGuid']; if(isset($_SESSION['uid'])) $id = $_SESSION['uid']; if(empty($id)) return ""; - $res = $globals->db->query("SELECT alias FROM auth_user_md5 WHERE id='$id' AND type='a_vie'"); + $res = $globals->db->query("SELECT alias FROM aliases WHERE id='$id' AND type='a_vie'"); if(list($uname) = mysql_fetch_row($res)) { mysql_free_result($res); return $uname; diff --git a/include/xorg.session.inc.php b/include/xorg.session.inc.php index 6958732..2ef9874 100644 --- a/include/xorg.session.inc.php +++ b/include/xorg.session.inc.php @@ -18,7 +18,7 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: xorg.session.inc.php,v 1.22 2004-09-02 19:03:19 x2000habouzit Exp $ + $Id: xorg.session.inc.php,v 1.23 2004-09-02 19:39:20 x2000habouzit Exp $ ***************************************************************************/ require("diogenes.core.session.inc.php"); @@ -48,9 +48,10 @@ class XorgSession extends DiogenesCoreSession { { // si on vient de recevoir une identification par passwordpromptscreen.tpl // ou passwordpromptscreenlogged.tpl + $field = preg_match('/^\d*$/', $_REQUEST['username']) ? 'id' : 'alias'; $res = @$globals->db->query( "SELECT u.user_id,u.password FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON ( a.id=u.user_id AND a.alias='{$_REQUEST['username']}' )"); + INNER JOIN aliases AS a ON ( a.id=u.user_id AND a.$field='{$_REQUEST['username']}' )"); if(@mysql_num_rows($res) != 0) { list($uid,$password)=mysql_fetch_row($res); mysql_free_result($res); @@ -215,13 +216,15 @@ function try_cookie() { */ function start_connexion ($uid, $identified) { global $globals; - $result=$globals->db->query("SELECT prenom, nom, perms, promo, matricule, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host - FROM auth_user_md5 AS u - LEFT JOIN logger.sessions AS s ON(s.uid=u.user_id AND s.suid=0) - WHERE user_id=$uid - ORDER BY s.start DESC - LIMIT 1"); - list($prenom, $nom, $perms, $promo, $matricule, $lastlogin, $host) = mysql_fetch_row($result); + $result=$globals->db->query(" + SELECT prenom, nom, perms, promo, matricule, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, a.alias + FROM auth_user_md5 AS u + INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie') + LEFT JOIN logger.sessions AS s ON (s.uid=u.user_id AND s.suid=0) + WHERE user_id=$uid + ORDER BY s.start DESC + LIMIT 1"); + list($prenom, $nom, $perms, $promo, $matricule, $lastlogin, $host, $forlife) = mysql_fetch_row($result); mysql_free_result($result); // on garde le logger si il existe (pour ne pas casser les sessions lors d'une // authentification avec le cookie @@ -230,7 +233,7 @@ function start_connexion ($uid, $identified) { $logger = $_SESSION['log']; // on vide la session pour effacer les valeurs précédentes (notamment de skin) // qui peuvent être celles de quelqu'un d'autre ou celle par defaut - $_SESSION = array(); + $_SESSION = isset($_SESSION['suid']) ? Array('suid'=>$_SESSION['suid'], 'slog'=>$_SESSION['slog']) : array(); $_SESSION['lastlogin'] = $lastlogin; $_SESSION['host'] = $host; $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE); @@ -239,12 +242,13 @@ function start_connexion ($uid, $identified) { $_SESSION['nom'] = $nom; $_SESSION['perms'] = $perms; $_SESSION['promo'] = $promo; + $_SESSION['forlife'] = $forlife; $res = $globals->db->query("SELECT flags FROM identification WHERE matricule = '$matricule' AND FIND_IN_SET(flags, 'femme')"); $_SESSION['femme'] = mysql_num_rows($res) > 0; mysql_free_result($res); // on récupère le logger si il existe, sinon, on logge la connexion $_SESSION['log'] = (isset($logger) ? $logger : new DiogenesCoreLogger($uid)); - if(empty($logger)) + if(empty($logger) && empty($_SESSION['suid'])) $_SESSION['log']->log("connexion",$_SERVER['PHP_SELF']); // le login est stocké pour un an setcookie('ORGuid',$uid,(time()+25920000),'/','',0); diff --git a/templates/skin/default.tpl b/templates/skin/default.tpl index 6aa5fa0..7458b1f 100644 --- a/templates/skin/default.tpl +++ b/templates/skin/default.tpl @@ -17,7 +17,7 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: default.tpl,v 1.15 2004-09-02 18:46:49 x2000habouzit Exp $ + $Id: default.tpl,v 1.16 2004-09-02 19:39:21 x2000habouzit Exp $ ***************************************************************************} @@ -39,7 +39,7 @@ {dynamic} - {$smarty.session.suid} ({$smarty.session.user_id}) + {$smarty.session.suid} ({$smarty.session.forlife}) {/dynamic} [exit] diff --git a/templates/skin/noIE.tpl b/templates/skin/noIE.tpl index b811c9a..beed0f0 100644 --- a/templates/skin/noIE.tpl +++ b/templates/skin/noIE.tpl @@ -17,7 +17,7 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: noIE.tpl,v 1.3 2004-09-02 18:46:49 x2000habouzit Exp $ + $Id: noIE.tpl,v 1.4 2004-09-02 19:39:21 x2000habouzit Exp $ ***************************************************************************} @@ -45,7 +45,7 @@ {if $smarty.session.suid}
{dynamic} - {$smarty.session.suid} ({$smarty.session.user_id}) + {$smarty.session.suid} ({$smarty.session.forlife}) {/dynamic} [exit]
diff --git a/templates/skin/sharky.tpl b/templates/skin/sharky.tpl index 4fff93f..e5f331e 100644 --- a/templates/skin/sharky.tpl +++ b/templates/skin/sharky.tpl @@ -17,7 +17,7 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: sharky.tpl,v 1.5 2004-09-02 18:46:49 x2000habouzit Exp $ + $Id: sharky.tpl,v 1.6 2004-09-02 19:39:21 x2000habouzit Exp $ ***************************************************************************} @@ -40,7 +40,7 @@ {dynamic} - {$smarty.session.suid} ({$smarty.session.user_id}) + {$smarty.session.suid} ({$smarty.session.forlife}) {/dynamic} [exit]