From: Florent Bruneau Date: Sun, 22 Jun 2008 09:11:45 +0000 (+0200) Subject: Fix SUID X-Git-Tag: core/1.0.0~81 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=732e5855cffcd5e2eaaf5bd66760c4432d437244;p=platal.git Fix SUID Signed-off-by: Florent Bruneau --- diff --git a/classes/plpage.php b/classes/plpage.php index ac34aba..cc4eccd 100644 --- a/classes/plpage.php +++ b/classes/plpage.php @@ -87,7 +87,7 @@ abstract class PlPage extends Smarty { global $globals, $TIME_BEGIN; - session_write_close(); + Platal::session()->close(); $this->register_prefilter('trimwhitespace'); $this->register_prefilter('form_force_encodings'); diff --git a/classes/plsession.php b/classes/plsession.php index 73426fd..b1ddcd8 100644 --- a/classes/plsession.php +++ b/classes/plsession.php @@ -166,18 +166,18 @@ abstract class PlSession */ public function startSUID($user) { - if (isset($_SESSION['suid'])) { + if (S::has('suid')) { return false; } - $newsession = array(); - $backup =& $_SESSION; - $_SESSION =& $newsession; + $backup = $_SESSION; + $_SESSION = array(); $this->fillSession(); S::set('suid', $backup); if (!$this->startSessionAs($user, -1)) { $this->stopSUID(); return false; } + S::set('user', $user); return true; } @@ -185,10 +185,10 @@ abstract class PlSession */ public function stopSUID() { - if (!isset($_SESSION['suid'])) { + if (!S::has('suid')) { return false; } - $_SESSION =& $_SESSION['suid']; + $_SESSION = $_SESSION['suid']; return true; } diff --git a/classes/s.php b/classes/s.php index 626dfef..7ba3b24 100644 --- a/classes/s.php +++ b/classes/s.php @@ -78,7 +78,7 @@ class S if (S::has('suid')) { $suid = S::v('suid'); S::set('log', new PlLogger(S::v('uid'), $suid['uid'])); - } else if (S::has('suid')) { + } else if (S::has('uid') || $uid) { S::set('log', new PlLogger(S::v('uid', $uid))); } } diff --git a/include/emails.inc.php b/include/emails.inc.php index f9c131a..616fe0f 100644 --- a/include/emails.inc.php +++ b/include/emails.inc.php @@ -186,7 +186,7 @@ class EmailRedirection extends Email SET panne_level = IF(flags = 'panne', panne_level - 1, panne_level), flags = 'active' WHERE uid={?} AND email={?}", $this->uid, $this->email); - $_SESSION['log']->log("email_on", $this->email.($this->uid!=S::v('uid') ? "(admin on {$this->uid})" : "")); + S::logger()->log("email_on", $this->email.($this->uid!=S::v('uid') ? "(admin on {$this->uid})" : "")); $this->active = true; $this->broken = false; } @@ -199,7 +199,7 @@ class EmailRedirection extends Email if ($this->active) { XDB::execute("UPDATE emails SET flags ='' WHERE uid={?} AND email={?}", $this->uid, $this->email); - $_SESSION['log']->log("email_off",$this->email.($this->uid != S::v('uid') ? "(admin on {$this->uid})" : "") ); + S::logger()->log("email_off",$this->email.($this->uid != S::v('uid') ? "(admin on {$this->uid})" : "") ); $this->active = false; } } @@ -411,7 +411,7 @@ class Redirect return ERROR_INACTIVE_REDIRECTION; } XDB::execute('DELETE FROM emails WHERE uid={?} AND email={?}', $this->uid, $email); - $_SESSION['log']->log('email_del',$email.($this->uid!=S::v('uid') ? " (admin on {$this->uid})" : "")); + S::logger()->log('email_del',$email.($this->uid!=S::v('uid') ? " (admin on {$this->uid})" : "")); foreach ($this->emails as $i => $mail) { if ($email == $mail->email) { unset($this->emails[$i]); @@ -434,7 +434,7 @@ class Redirect } XDB::execute('REPLACE INTO emails (uid,email,flags) VALUES({?},{?},"active")', $this->uid, $email); if ($logger = S::v('log', null)) { // may be absent --> step4.php - $logger->log('email_add',$email.($this->uid!=S::v('uid') ? " (admin on {$this->uid})" : "")); + S::logger()->log('email_add',$email.($this->uid!=S::v('uid') ? " (admin on {$this->uid})" : "")); } foreach ($this->emails as $mail) { if ($mail->email == $email_stripped) { diff --git a/include/platal.inc.php b/include/platal.inc.php index e30429d..8402229 100644 --- a/include/platal.inc.php +++ b/include/platal.inc.php @@ -33,10 +33,6 @@ define('NO_AUTH', 0); define('DO_AUTH', 1); define('NO_HTTPS', 2); -define('DEBUG_BT', 1); -define('DEBUG_VALID', 2); -define('DEBUG_SMARTY', 4); - function pl_autoload($cls) { $cls = strtolower($cls); @@ -103,12 +99,11 @@ function pl_clear_errors() function pl_dump_env() { echo "
";
-    echo "\nSESSION: "; var_dump($_SESSION);
+    echo "\nSESSION: " . session_id(); var_dump($_SESSION);
     echo "\nPOST:    "; var_dump($_POST);
     echo "\nGET:     "; var_dump($_GET);
     echo "\nCOOKIE:  "; var_dump($_COOKIE);
     echo "
"; - pl_print_errors(); } function pl_print_errors() @@ -155,10 +150,8 @@ function pl_self($n = null) { function http_redirect($fullurl) { - if (count($_SESSION)) { - session_write_close(); - } - header('Location: '.$fullurl); + Platal::session()->close(); + header('Location: '. $fullurl); exit; } diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php index 22dd632..c41c5a3 100644 --- a/include/xorg/session.inc.php +++ b/include/xorg/session.inc.php @@ -50,6 +50,7 @@ class XorgSession extends PlSession */ private function tryCookie() { + Platal::page()->trigError("Trying cookie"); S::kill('auth_by_cookie'); if (Cookie::v('ORGaccess') == '' || !Cookie::has('ORGuid')) { return -1; @@ -94,11 +95,7 @@ class XorgSession extends PlSession } } if ($response != $expected_response) { - echo $response . '
'; - echo $expected_response . '
'; - echo $uname . '
' . $password . '
'; -// $logger = S::logger($uid); -// $logger->log('auth_fail', 'bad password'); + S::logger($uid)->log('auth_fail', 'bad password'); return null; } return $uid; @@ -159,7 +156,6 @@ class XorgSession extends PlSession } } - $logger = S::logger(); $uid = $this->checkPassword($uname, $login, Post::v('response'), (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias'); if (!is_null($uid)) { S::set('auth', AUTH_MDP); @@ -173,9 +169,7 @@ class XorgSession extends PlSession $_COOKIE['ORGdomain'] = $domain; } S::kill('challenge'); - if ($logger) { - $logger->log('auth_ok'); - } + S::logger($uid)->log('auth_ok'); } return $uid; } @@ -267,7 +261,7 @@ class XorgSession extends PlSession } } - private function makePerms($perm) + public function makePerms($perm) { $flags = new PlFlagSet(); if ($perm == 'disabled' || $perm == 'ext') { diff --git a/modules/admin.php b/modules/admin.php index 50a0c94..e9159d9 100644 --- a/modules/admin.php +++ b/modules/admin.php @@ -380,12 +380,17 @@ class AdminModule extends PLModule } if(Env::has('suid_button') && $login) { - $_SESSION['log']->log("suid_start", "login by ".S::v('forlife')); - $_SESSION['suid'] = $_SESSION; - $r = XDB::query("SELECT id FROM aliases WHERE alias={?}", $login); + S::logger()->log("suid_start", "login by ".S::v('forlife')); + $r = XDB::query("SELECT id + FROM aliases + WHERE alias={?}", $login); if($uid = $r->fetchOneCell()) { - start_connexion($uid, true); - pl_redirect(""); + if (!Platal::session()->startSUID($uid)) { + $page->trigError('Impossible d\'effectuer un SUID sur ' . $uid); + } else { + $page->kill("coucou"); + pl_redirect(""); + } } } diff --git a/modules/auth.php b/modules/auth.php index aad50a8..885d5a9 100644 --- a/modules/auth.php +++ b/modules/auth.php @@ -155,7 +155,7 @@ class AuthModule extends PLModule $logger = (isset($_SESSION['log']) && $_SESSION['log']->uid == $uid) ? $_SESSION['log'] : new PlLogger($uid); global $platal; - $logger->log('connexion_auth_ext', $platal->path); + S::logger()->log('connexion_auth_ext', $platal->path); } /* on parcourt les entrees de groupes_auth */ diff --git a/modules/carnet.php b/modules/carnet.php index febcf3b..78b0b69 100644 --- a/modules/carnet.php +++ b/modules/carnet.php @@ -281,7 +281,7 @@ class CarnetModule extends PLModule require_once dirname(__FILE__).'/carnet/contacts.pdf.inc.php'; require_once 'user.func.inc.php'; - session_write_close(); + Platal::session()->close(); $sql = "SELECT a.alias FROM aliases AS a diff --git a/modules/core.php b/modules/core.php index a490d17..dad9b02 100644 --- a/modules/core.php +++ b/modules/core.php @@ -114,10 +114,10 @@ class CoreModule extends PLModule } if (isset($_SESSION['log'])) { - $_SESSION['log']->log("suid_start", "login by ".S::v('forlife')); + S::logger()->log("suid_start", "login by ".S::v('forlife')); } - $_SESSION['suid'] = $_SESSION; - $_SESSION['perms'] =& XorgSession::make_perms($level); + Platal::session()->startSUID(S::i('uid')); + Platal::session()->makePerms($level); pl_redirect('/'); } diff --git a/modules/platal.php b/modules/platal.php index 1e01daa..e4e7aa0 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -152,14 +152,14 @@ class PlatalModule extends PLModule XDB::execute('UPDATE auth_user_quick SET redirecturl = {?} WHERE user_id = {?}', $url, S::v('uid')); - $log->log('carva_add', 'http://'.Env::v('url')); + S::logger()->log('carva_add', 'http://'.Env::v('url')); $page->trigSuccess("Redirection activée vers $url"); } elseif (Env::v('submit') == "Supprimer") { XDB::execute("UPDATE auth_user_quick SET redirecturl = '' WHERE user_id = {?}", S::v('uid')); - $log->log("carva_del", $url); + S::logger()->log("carva_del", $url); Post::kill('url'); $page->trigSuccess('Redirection supprimée'); } @@ -209,7 +209,7 @@ class PlatalModule extends PLModule } $log =& S::v('log'); - $log->log('passwd', ''); + S::logger()->log('passwd', ''); if (Cookie::v('ORGaccess')) { setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0); @@ -243,12 +243,12 @@ class PlatalModule extends PLModule XDB::execute('UPDATE auth_user_md5 SET smtppass = {?} WHERE user_id = {?}', $pass, $uid); $page->trigSuccess('Mot de passe enregistré'); - $log->log("passwd_ssl"); + S::logger()->log("passwd_ssl"); } elseif (Env::v('op') == "Supprimer") { XDB::execute('UPDATE auth_user_md5 SET smtppass = "" WHERE user_id = {?}', $uid); $page->trigSuccess('Compte SMTP et NNTP supprimé'); - $log->log("passwd_del"); + S::logger()->log("passwd_del"); } $res = XDB::query("SELECT IF(smtppass != '', 'actif', '') @@ -335,7 +335,7 @@ Adresse de secours : " . Post::v('email') : "")); // on cree un objet logger et on log l'evenement $logger = $_SESSION['log'] = new PlLogger($uid); - $logger->log('recovery', $mails); + S::logger()->log('recovery', $mails); } else { $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.
'. 'Si tu as un homonyme, utilise prenom.nom.promo comme login'); @@ -374,7 +374,7 @@ Adresse de secours : " . Post::v('email') : "")); } $logger = new PlLogger($uid); - $logger->log("passwd",""); + S::logger()->log("passwd",""); $page->changeTpl('platal/tmpPWD.success.tpl'); } else { $page->changeTpl('platal/motdepasse.tpl'); @@ -414,7 +414,7 @@ Adresse de secours : " . Post::v('email') : "")); $a4l = S::v('forlife'); $suid = S::v('suid'); $log = S::v('log'); - $log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']); + S::logger()->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']); Platal::session()->stopSUID(); pl_redirect('admin/user/' . $a4l); } @@ -423,7 +423,7 @@ Adresse de secours : " . Post::v('email') : "")); setcookie('ORGaccess', '', time() - 3600, '/', '', 0); Cookie::kill('ORGaccess'); if (isset($_SESSION['log'])) - $_SESSION['log']->log("cookie_off"); + S::logger()->log("cookie_off"); } if ($level == 'forgetuid' || $level == 'forgetall') { @@ -435,7 +435,7 @@ Adresse de secours : " . Post::v('email') : "")); if (isset($_SESSION['log'])) { $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; - $_SESSION['log']->log('deconnexion',$ref); + S::logger()->log('deconnexion',$ref); } Platal::session()->destroy(); diff --git a/modules/profile.php b/modules/profile.php index 6b30017..b503016 100644 --- a/modules/profile.php +++ b/modules/profile.php @@ -217,7 +217,7 @@ class ProfileModule extends PLModule } if (S::logged()) { - $_SESSION['log']->log('view_profile', $login); + S::logger()->log('view_profile', $login); } $title = $user['prenom'] . ' ' . ( empty($user['nom_usage']) ? $user['nom'] : $user['nom_usage'] ); diff --git a/modules/profile/page.inc.php b/modules/profile/page.inc.php index 19ff56a..2e785c9 100644 --- a/modules/profile/page.inc.php +++ b/modules/profile/page.inc.php @@ -260,7 +260,7 @@ abstract class ProfilePage implements PlWizardPage } global $platal; $log =& $_SESSION['log']; - $log->log('profil', $platal->pl_self(1)); + S::logger()->log('profil', $platal->pl_self(1)); } protected function checkChanges() diff --git a/modules/register.php b/modules/register.php index 7d8aa46..a0d27dc 100644 --- a/modules/register.php +++ b/modules/register.php @@ -301,7 +301,7 @@ class RegisterModule extends PLModule // on cree un objet logger et on log l'inscription $logger = new PlLogger($uid); - $logger->log('inscription', $email); + S::logger()->log('inscription', $email); XDB::execute('UPDATE register_pending SET hash="INSCRIT" WHERE uid={?}', $uid); @@ -416,7 +416,7 @@ class RegisterModule extends PLModule } $log = S::v('log'); - $log->log('passwd', ''); + S::logger()->log('passwd', ''); if (Cookie::v('ORGaccess')) { require_once('secure_hash.inc.php'); diff --git a/modules/search.php b/modules/search.php index 1a98912..56af880 100644 --- a/modules/search.php +++ b/modules/search.php @@ -90,7 +90,7 @@ class SearchModule extends PLModule if (Env::has('quick') || $action == 'geoloc') { $quick = trim(Env::v('quick')); if (S::logged() && !Env::has('page')) { - $_SESSION['log']->log('search', 'quick=' . $quick); + S::logger()->log('search', 'quick=' . $quick); } $list = 'profile|prf|fiche|fic|referent|ref|mentor'; if (S::has_perms()) { @@ -185,7 +185,7 @@ class SearchModule extends PLModule 'city' => array('table' => 'geoloc_city', 'text' => 'name', 'exact' => false) ); if (!Env::has('page')) { - $_SESSION['log']->log('search', 'adv=' . var_export($_GET, true)); + S::logger()->log('search', 'adv=' . var_export($_GET, true)); } foreach ($textFields as $field=>&$query) { if (!Env::v($field) && Env::v($field . 'Txt')) {