From ab694eb5b8b8f0b3e528b7775abae6263cbb824b Mon Sep 17 00:00:00 2001 From: Florent Bruneau Date: Sun, 22 Jun 2008 12:40:45 +0200 Subject: [PATCH] Port X.net session to the new schema. Signed-off-by: Florent Bruneau --- include/xnet/session.inc.php | 168 ++++++++++++++++++++----------------------- include/xorg/session.inc.php | 4 +- modules/xnet.php | 4 +- modules/xnetgrp.php | 9 +-- 4 files changed, 89 insertions(+), 96 deletions(-) diff --git a/include/xnet/session.inc.php b/include/xnet/session.inc.php index e3e544e..73dd844 100644 --- a/include/xnet/session.inc.php +++ b/include/xnet/session.inc.php @@ -19,27 +19,29 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -class XnetSession +class XnetSession extends PlSession { public function __construct() { - self::init(); + parent::__construct(); + S::bootstrap('perms_backup', new PlFlagSet()); } - // {{{ function init - - public static function init() + public function startAvailableAuth() { - global $globals; - - S::init(); + if (!(S::v('perms') instanceof PlFlagSet)) { + S::set('perms', S::v('perms_backup')); + } if (!S::logged() && Get::has('auth')) { - XnetSession::doAuthX(); + if (!$this->start(AUTH_MDP)) { + return false; + } } + global $globals; if (!S::logged()) { - // prevent connexion to be linked to deconnexion + // prevent connection to be linked to disconnection if (($i = strpos($_SERVER['REQUEST_URI'], 'exit')) !== false) $returl = "http://{$_SERVER['SERVER_NAME']}".substr($_SERVER['REQUEST_URI'], 0, $i); else @@ -49,7 +51,7 @@ class XnetSession $url .= "&challenge=" . S::v('challenge'); $url .= "&pass=" . md5(S::v('challenge') . $globals->xnet->secret); $url .= "&url=".urlencode($returl); - $_SESSION['loginX'] = $url; + S::set('loginX', $url); } if (S::logged() && $globals->asso()) { @@ -71,120 +73,108 @@ class XnetSession if ($globals->asso('cat') == 'Promotions') { $perms->addFlag('groupannu'); } - $_SESSION['perms'] = $perms; + S::set('perms', $perms); + S::set('perms_backup', $perms); } + return true; } - // }}} - // {{{ public static function destroy() - - public static function destroy() { - S::destroy(); - XnetSession::init(); - } - - // }}} - // {{{ public static function doAuth() - - /** Try to do an authentication. - * - * @param page the calling page (by reference) - */ - public static function doAuth() + protected function doAuth($level) { - if (S::identified()) { // ok, c'est bon, on n'a rien à faire - return true; - } - - if (Get::has('auth')) { - return XnetSession::doAuthX(); + if (S::identified()) { // ok, c'est bon, on n'a rien à faire + return S::i('uid'); } - - return false; - } - - // }}} - // {{{ doAuthCookie - - public static function doAuthCookie() { - return XnetSession::doAuth(); + if (!Get::has('auth')) { + return null; + } + global $globals; + if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) { + return null; + } + Get::kill('auth'); + S::set('auth', AUTH_MDP); + return Get::i('uid'); } - // }}} - // {{{ doAuthX - - public static function doAuthX() + protected function startSessionAs($user, $level) { global $globals; - if (md5('1'.S::v('challenge').$globals->xnet->secret.Get::i('uid').'1') != Get::v('auth')) { - Get::kill('auth'); - $page =& Platal::page(); - $page->kill("Erreur d'authentification avec polytechnique.org !"); + if ($level == -1) { + S::set('auth', AUTH_MDP); } - - $res = XDB::query(" - SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET('femme', u.flags) AS femme, - a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash - FROM auth_user_md5 AS u - INNER JOIN auth_user_quick AS q USING(user_id) - INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie') - INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET('bestalias',a2.flags)) - WHERE u.user_id = {?} AND u.perms IN('admin','user') - LIMIT 1", Get::i('uid')); - $_SESSION = array_merge($_SESSION, $res->fetchOneAssoc()); - $_SESSION['auth'] = AUTH_MDP; - require_once 'xorg/session.inc.php'; - $_SESSION['perms'] =& XorgSession::make_perms(S::v('perms')); + $res = XDB::query('SELECT u.user_id AS uid, prenom, nom, perms, promo, password, FIND_IN_SET(\'femme\', u.flags) AS femme, + a.alias AS forlife, a2.alias AS bestalias, q.core_mail_fmt AS mail_fmt, q.core_rss_hash + FROM auth_user_md5 AS u + INNER JOIN auth_user_quick AS q USING(user_id) + INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\') + INNER JOIN aliases AS a2 ON (u.user_id = a2.id AND FIND_IN_SET(\'bestalias\', a2.flags)) + WHERE u.user_id = {?} AND u.perms IN(\'admin\', \'user\') + LIMIT 1', $user); + $sess = $res->fetchOneAssoc(); + $perms = $sess['perms']; + unset($sess['perms']); + $_SESSION = array_merge($_SESSION, $sess); + $this->makePerms($perms); S::kill('challenge'); S::kill('loginX'); S::kill('may_update'); S::kill('is_member'); - Get::kill('auth'); Get::kill('uid'); - $path = Get::v('n'); - Get::kill('n'); Get::kill('PHPSESSID'); $args = array(); foreach($_GET as $key => $val) { - $args[] = urlencode($key).'='.urlencode($val); + $args[] = urlencode($key). '=' .urlencode($val); } - - http_redirect($globals->baseurl . '/' . $path, join('&', $args)); + return true; } - // }}} - // {{{ doSelfSuid - - public static function doSelfSuid() + public function doSelfSuid() { - if (!S::has('suid')) { - $_SESSION['suid'] = $_SESSION; + if (!$this->startSUID(S::i('uid'))) { + return false; } - require_once 'xorg/session.inc.php'; - $_SESSION['perms'] =& XorgSession::make_perms('user'); + $this->makePerms('user'); + return true; } - // }}} - // {{{ killSuid - - public static function killSuid() + public function stopSUID() { - if (!S::has('suid')) { - return; - } $suid = S::v('suid'); + if (!parent::stopSUID()) { + return false; + } S::kill('suid'); S::kill('may_update'); S::kill('is_member'); - $_SESSION['perms'] = $suid['perms']; + S::set('perms', $suid['perms']); + S::set('perms_backup', $suid['perms_backup']); + return true; } - // }}} + public function makePerms($perm) + { + $flags = new PlFlagSet(); + if ($perm == 'disabled' || $perm == 'ext') { + S::set('perms', $flags); + S::set('perms_backup', $flags); + return; + } + $flags->addFlag(PERMS_USER); + if ($perm == 'admin') { + $flags->addFlag(PERMS_ADMIN); + } + S::set('perms', $flags); + S::set('perms_backup', $flags); + } + + public function sureLevel() + { + return AUTH_MDP; + } } -// }}} // {{{ function may_update /** Return administration rights for the current asso diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php index c41c5a3..b63420a 100644 --- a/include/xorg/session.inc.php +++ b/include/xorg/session.inc.php @@ -265,7 +265,9 @@ class XorgSession extends PlSession { $flags = new PlFlagSet(); if ($perm == 'disabled' || $perm == 'ext') { - return $flags; + S::set('perms', $flags); + S::set('perms_backup', $flags); + return; } $flags->addFlag(PERMS_USER); if ($perm == 'admin') { diff --git a/modules/xnet.php b/modules/xnet.php index b0d0151..d3c9c4e 100644 --- a/modules/xnet.php +++ b/modules/xnet.php @@ -65,8 +65,8 @@ class XnetModule extends PLModule function handler_exit(&$page) { - XnetSession::killSuid(); - XnetSession::destroy(); + Platal::session()->stopSUID(); + Platal::session()->destroy(); $page->changeTpl('xnet/deconnexion.tpl'); } diff --git a/modules/xnetgrp.php b/modules/xnetgrp.php index 88d0399..e4e882d 100644 --- a/modules/xnetgrp.php +++ b/modules/xnetgrp.php @@ -597,25 +597,26 @@ class XnetGrpModule extends PLModule if (Env::has('right') && (may_update() || S::has('suid'))) { switch (Env::v('right')) { case 'admin': - XnetSession::killSuid(); + Platal::session()->stopSUID(); break; case 'anim': - XnetSession::doSelfSuid(); + Platal::session()->doSelfSuid(); may_update(true); is_member(true); break; case 'member': - XnetSession::doSelfSuid(); + Platal::session()->doSelfSuid(); may_update(false, true); is_member(true); break; case 'logged': - XnetSession::doSelfSuid(); + Platal::session()->doSelfSuid(); may_update(false, true); is_member(false, true); break; } } +// var_dump($_SESSION); http_redirect($_SERVER['HTTP_REFERER']); } -- 2.1.4