From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Sun, 21 Dec 2008 18:15:12 +0000 (+0100)
Subject: Merge commit 'origin/fusionax' into account
X-Git-Tag: xorg/1.0.0~332^2~482
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=7162a93f4a23efadcc2fcfa9b081a2879f4194bc;p=platal.git

Merge commit 'origin/fusionax' into account

Conflicts:

	classes/xorgsession.php
	core
	modules/platal.php
	modules/register.php

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

7162a93f4a23efadcc2fcfa9b081a2879f4194bc
diff --cc classes/xorgsession.php
index 6a92d90,9683f31..e453eca
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@@ -51,14 -51,15 +51,14 @@@ class XorgSession extends PlSessio
              return -1;
          }
  
 -        $res = XDB::query('SELECT  user_id, password
 -                             FROM  auth_user_md5
 -                            WHERE  user_id = {?} AND perms IN(\'admin\', \'user\')',
 -                         Cookie::i('uid'));
 +        $res = XDB::query('SELECT  uid, password
 +                             FROM  accounts
 +                            WHERE  uid = {?} AND state = \'active\'',
 +                         Cookie::i('ORGuid'));
          if ($res->numRows() != 0) {
              list($uid, $password) = $res->fetchOneRow();
 -            require_once 'secure_hash.inc.php';
 -            $expected_value = hash_encrypt($password);
 +            $expected_value = sha1($password);
-             if ($expected_value == Cookie::v('ORGaccess')) {
+             if ($expected_value == Cookie::v('access')) {
                  S::set('auth_by_cookie', $uid);
                  return 0;
              } else {
@@@ -212,11 -227,10 +210,10 @@@
          } else {
              $logger = S::logger($uid);
              $logger->saveLastSession();
-             setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0);
+             Cookie::set('uid', $uid, 300);
  
              if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') {
-                 $cookie = sha1($sess['password']);
-                 setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0);
 -                Cookie::set('access', hash_encrypt($sess['password']), 300);
++                Cookie::set('access', sha1($sess['password']), 300);
                  if (S::i('auth_by_cookie') != $uid) {
                      $logger->log("cookie_on");
                  }
diff --cc modules/register.php
index 0c3e0e3,a491174..6653c0a
--- a/modules/register.php
+++ b/modules/register.php
@@@ -443,8 -443,9 +443,8 @@@ class RegisterModule extends PLModul
              $log = S::v('log');
              S::logger()->log('passwd', '');
  
-             if (Cookie::v('ORGaccess')) {
-                 setcookie('ORGaccess', sha1($password), (time()+25920000), '/', '' ,0);
+             if (Cookie::v('access')) {
 -                require_once('secure_hash.inc.php');
 -                Cookie::set('access', hash_encrypt($password), 300);
++                Cookie::set('access', sha1($password), 300);
                  S::logger()->log('cookie_on', '');
              }