From: Florent Bruneau Date: Sun, 21 Dec 2008 17:37:02 +0000 (+0100) Subject: Merge commit 'origin/fusionax' into account X-Git-Tag: xorg/1.0.0~332^2~484 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=b57e77e04468990dd5c20d9ddd7826c917e3d4e3;p=platal.git Merge commit 'origin/fusionax' into account Conflicts: modules/platal.php modules/register.php Signed-off-by: Florent Bruneau --- b57e77e04468990dd5c20d9ddd7826c917e3d4e3 diff --cc classes/xorgsession.php index 59709d9,91cda51..6a92d90 --- a/classes/xorgsession.php +++ b/classes/xorgsession.php @@@ -176,27 -199,21 +176,27 @@@ class XorgSession extends PlSessio } if ($level == AUTH_SUID) { S::set('auth', AUTH_MDP); + unset($_SESSION['log']); } - unset($_SESSION['log']); // Retrieves main user properties. - $res = XDB::query("SELECT u.user_id AS uid, u.hruid, prenom, prenom_ini, nom, nom_ini, nom_usage, perms, promo, promo_sortie, - matricule, password, FIND_IN_SET('femme', u.flags) AS femme, - q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash, - FIND_IN_SET('watch', u.flags) AS watch_account, q.last_version, g.g_account_name IS NOT NULL AS googleapps, - UNIX_TIMESTAMP(s.start) AS lastlogin, s.host - FROM auth_user_md5 AS u - INNER JOIN auth_user_quick AS q USING(user_id) - LEFT JOIN gapps_accounts AS g ON (u.user_id = g.l_userid AND g.g_status = 'active') - LEFT JOIN logger.last_sessions AS ls ON (ls.uid = u.user_id) + /** TODO: Move needed informations to account tables */ + /** TODO: Currently suppressed data are matricule, promo */ + /** TODO: Data to move are: banana_last, watch_last, last_version */ + /** TODO: Switch to new permission system */ + $res = XDB::query("SELECT a.uid, a.hruid, a.display_name, a.full_name, a.password, + a.sex = 'female' AS femme, a.mail_format as mail_fmt, + a.token, FIND_IN_SET('watch', a.flags) AS watch_account, + UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, + q.last_version, g.g_account_name IS NOT NULL AS googleapps, + UNIX_TIMESTAMP(s.start) AS lastlogin, s.host, + IF(a.is_admin, 'admin', 'user') AS perms + FROM accounts AS a + INNER JOIN auth_user_quick AS q ON(a.uid = q.user_id) + LEFT JOIN gapps_accounts AS g ON(a.uid = g.l_userid AND g.g_status = 'active') + LEFT JOIN logger.last_sessions AS ls ON (ls.uid = a.uid) LEFT JOIN logger.sessions AS s ON(s.id = ls.id) - WHERE u.user_id = {?} AND u.perms IN('admin', 'user')", $uid); + WHERE a.uid = {?} AND a.state = 'active'", $uid); $sess = $res->fetchOneAssoc(); $perms = $sess['perms']; unset($sess['perms']); @@@ -215,9 -232,9 +215,9 @@@ setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0); if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') { - $cookie = hash_encrypt($sess['password']); + $cookie = sha1($sess['password']); setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0); - if ($logger && S::i('auth_by_cookie') != $uid) { + if (S::i('auth_by_cookie') != $uid) { $logger->log("cookie_on"); } } else { diff --cc modules/platal.php index a99ef87,cf73869..123a1c0 --- a/modules/platal.php +++ b/modules/platal.php @@@ -232,7 -233,8 +232,8 @@@ class PlatalModule extends PLModul S::logger()->log('passwd', ''); if (Cookie::v('ORGaccess')) { - setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0); + setcookie('ORGaccess', sha1($password), (time()+25920000), '/', '' ,0); + S::logger()->log('cookie_on', ''); } $page->changeTpl('platal/motdepasse.success.tpl'); diff --cc modules/register.php index ab88a94,9089244..0c3e0e3 --- a/modules/register.php +++ b/modules/register.php @@@ -444,7 -444,9 +444,8 @@@ class RegisterModule extends PLModul S::logger()->log('passwd', ''); if (Cookie::v('ORGaccess')) { - require_once('secure_hash.inc.php'); - setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0); + setcookie('ORGaccess', sha1($password), (time()+25920000), '/', '' ,0); + S::logger()->log('cookie_on', ''); } $page->assign('mdpok', true);